Skip to content

Commit

Permalink
Allow overriding Ambient parameters in IstioCNI
Browse files Browse the repository at this point in the history 
Even though we can install Ambient using the Sail Operator,
we're unable to override some of the Ambient parameters in
the IstioCNI chart because the CNIAmbientConfig is missing
from the CNIConfig struct. This PR fixes it.

Related to: istio-ecosystem#500
Signed-off-by: Sridhar Gaddam <[email protected]>
  • Loading branch information
@sridhargaddam
sridhargaddam committed Jan 20, 2025
1 parent e27e1be commit ee7eb36
Show file tree
Hide file tree
Showing 6 changed files with 63 additions and 2 deletions.
3 changes: 2 additions & 1 deletion api/v1alpha1/values_types.gen.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 5 additions & 0 deletions api/v1alpha1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

19 changes: 19 additions & 0 deletions bundle/manifests/sailoperator.io_istiocnis.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1024,6 +1024,25 @@ spec:
x-kubernetes-list-type: atomic
type: object
type: object
ambient:
description: Configuration for Istio Ambient.
properties:
configDir:
description: The directory path containing the configuration
files for Ambient. Defaults to /etc/ambient-config.
type: string
dnsCapture:
description: If enabled, and ambient is enabled, DNS redirection
will be enabled.
type: boolean
enabled:
description: Controls whether ambient redirection is enabled
type: boolean
ipv6:
description: 'UNSTABLE: If enabled, and ambient is enabled,
enables ipv6 support'
type: boolean
type: object
chained:
description: |-
Configure the plugin as a chained CNI plugin. When true, the configuration is added to the CNI chain; when false,
Expand Down
19 changes: 19 additions & 0 deletions chart/crds/sailoperator.io_istiocnis.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1024,6 +1024,25 @@ spec:
x-kubernetes-list-type: atomic
type: object
type: object
ambient:
description: Configuration for Istio Ambient.
properties:
configDir:
description: The directory path containing the configuration
files for Ambient. Defaults to /etc/ambient-config.
type: string
dnsCapture:
description: If enabled, and ambient is enabled, DNS redirection
will be enabled.
type: boolean
enabled:
description: Controls whether ambient redirection is enabled
type: boolean
ipv6:
description: 'UNSTABLE: If enabled, and ambient is enabled,
enables ipv6 support'
type: boolean
type: object
chained:
description: |-
Configure the plugin as a chained CNI plugin. When true, the configuration is added to the CNI chain; when false,
Expand Down
18 changes: 18 additions & 0 deletions docs/api-reference/sailoperator.io.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,23 @@ _Appears in:_
| `validationCABundle` _string_ | validation webhook CA bundle | | |


#### CNIAmbientConfig







_Appears in:_
- [CNIConfig](#cniconfig)

| Field | Description | Default | Validation |
| --- | --- | --- | --- |
| `enabled` _boolean_ | Controls whether ambient redirection is enabled | | |
| `configDir` _string_ | The directory path containing the configuration files for Ambient. Defaults to /etc/ambient-config. | | |
| `dnsCapture` _boolean_ | If enabled, and ambient is enabled, DNS redirection will be enabled. | | |
| `ipv6` _boolean_ | UNSTABLE: If enabled, and ambient is enabled, enables ipv6 support | | |


#### CNIConfig
Expand Down Expand Up @@ -116,6 +133,7 @@ _Appears in:_
| `resources` _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#resourcerequirements-v1-core)_ | The k8s resource requests and limits for the istio-cni Pods. | | |
| `privileged` _boolean_ | No longer used for CNI. See: https://github.com/istio/istio/issues/49004 Deprecated: Marked as deprecated in pkg/apis/values_types.proto. | | |
| `seccompProfile` _[SeccompProfile](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#seccompprofile-v1-core)_ | The Container seccompProfile See: https://kubernetes.io/docs/tutorials/security/seccomp/ | | |
| `ambient` _[CNIAmbientConfig](#cniambientconfig)_ | Configuration for Istio Ambient. | | |
| `provider` _string_ | Specifies the CNI provider. Can be either "default" or "multus". When set to "multus", an additional NetworkAttachmentDefinition resource is deployed to the cluster to allow the istio-cni plugin to be invoked in a cluster using the Multus CNI plugin. | | |
| `rollingMaxUnavailable` _[IntOrString](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#intorstring-intstr-util)_ | The number of pods that can be unavailable during a rolling update of the CNI DaemonSet (see `updateStrategy.rollingUpdate.maxUnavailable` here: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/daemon-set-v1/#DaemonSetSpec). May be specified as a number of pods or as a percent of the total number of pods at the start of the update. | | XIntOrString: \{\} |

Expand Down
1 change: 0 additions & 1 deletion hack/api_transformer/transform.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,6 @@ inputFiles:
- SidecarInjectorConfig.ObjectSelector # appears to be unused
- CNIConfig.Enabled # CNI is enabled by the mere presence of the IstioCNI resource
- CNIConfig.LogLevel # deprecated and replaced with CNIConfig.logging.level
- CNIConfig.Ambient # we don't support Ambient yet
- CNIUsageConfig.Chained # deprecated and unused in upstream
- BaseConfig.EnableCRDTemplates # not used, because the operator doesn't deploy CRDs
- BaseConfig.EnableIstioConfigCRDs # present in values.yaml, but not used in any chart
Expand Down

0 comments on commit ee7eb36

Please sign in to comment.