Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kuadrantctl v0.1.0 release #35

Merged
merged 7 commits into from
Jan 21, 2022
Merged

Kuadrantctl v0.1.0 release #35

merged 7 commits into from
Jan 21, 2022

Conversation

eguzki
Copy link
Collaborator

@eguzki eguzki commented Jan 21, 2022

This PR includes:

  • Upgrade kuadrant controller to v0.2.1
  • Fix authorino service registered in istio
  • Bump kuadrantctl version to v0.1.0

@eguzki eguzki requested a review from a team January 21, 2022 11:08
@codecov-commenter
Copy link

codecov-commenter commented Jan 21, 2022
edited
Loading

Codecov Report

❗ No coverage uploaded for pull request base (main@21fb6c7). Click here to learn what that means.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##             main      #35   +/-   ##
=======================================
  Coverage        ?   31.80%           
=======================================
  Files           ?       15           
  Lines           ?      808           
  Branches        ?        0           
=======================================
  Hits            ?      257           
  Misses          ?      510           
  Partials        ?       41

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 21fb6c7...84c1e8b. Read the comment docs.

guicassolato
guicassolato reviewed Jan 21, 2022
View reviewed changes
examples/apiproduct/dogs-cats/dogs.yaml Outdated
spec:
containers:
- name: dogs
image: quay.io/3scale/authorino:echo-api
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd recommend instead using:

Suggested change
image: quay.io/3scale/authorino:echo-api
image: quay.io/3scale/authorino-examples:talker-api

guicassolato
guicassolato reviewed Jan 21, 2022
View reviewed changes
examples/apiproduct/dogs-cats/secret.yaml Outdated
annotations:
secret.kuadrant.io/user-id: user-01
labels:
secret.kuadrant.io/managed-by: authorino
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Authorino may cache this API key secret when it reconciles the AuthConfig because Kuadrant controller will set label selectors that match the ones here. This part is OK.

However, this is NOT enough for Authorino to watch changes related to this API key secret, independently from the reconciliation of the AuthConfig (e.g. key rotation, label update on the secret, deletion of the secret). To put such events within the scope of the Authorino secret reconciler, matching SecretLabelSelectors must as well be specified in the spec of the Authorino CR that is created by kuadrantctl.

If not specified, Authorino will default to watching only secret-related events of resources that include labels matching authorino.kuadrant.io/managed-by=authorino.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for the tip. I will update to use the default value then.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added changes to 4707414

guicassolato
guicassolato reviewed Jan 21, 2022
View reviewed changes
pkg/authorino/authorino.go
@@ -29,6 +29,7 @@ func Authorino(ns string) *authorinov1beta1.Authorino {
Enabled: &tlsEnabledTmp,
},
},
SecretLabelSelectors: "authorino.kuadrant.io/managed-by=authorino",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just for the record, now that SecretLabelSelectors is being set here, it can be anything that makes sense for Kuadrant, such as the previously intended secret.kuadrant.io/managed-by=authorino.

Whatever goes in this field defines what Secret resources Authorino will watch events about.

What goes in authconfigs.spec.identity.apiKey.labelSelectors (which is copied from apiproducts.spec.securityScheme.apiKeyAuth.credential_source.labelSelectors) defines what Secret resources will be cached as valid API keys to authenticate to the hosts of the AuthConfig, when the AuthConfig resource is reconciled.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just wanted to do it explicit for completeness

Thanks!

@eguzki eguzki merged commit 98434dc into main Jan 21, 2022
@eguzki eguzki deleted the kuadrant-v0.2.1 branch January 21, 2022 14:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@guicassolato guicassolato guicassolato approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@eguzki @codecov-commenter @guicassolato