Skip to content

Commit 7816472

Browse files
authored
feat: install default allow-all traffic permission when kuma >= 2.6.0 (#957)
1 parent b970924 commit 7816472

File tree

2 files changed

+34
-2
lines changed

2 files changed

+34
-2
lines changed

CHANGELOG.md

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,13 @@
11
# Changelog
22

3-
## Unreleased
3+
## v0.45.0
44

55
- `Kuma` addon now properly uses the Helm chart version passed in its builder's
66
`WithVersion` method.
77
[#949](https://github.com/Kong/kubernetes-testing-framework/pull/949)
8+
- When `Kuma` addon is used with version greater or equal to `2.6.0` and mTLS enabled,
9+
a default allow-all `TrafficPermission` gets installed to preserve previous behavior.
10+
[#950](https://github.com/Kong/kubernetes-testing-framework/pull/950)
811

912
## v0.44.0
1013

pkg/clusters/addons/kuma/addon.go

Lines changed: 30 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -234,20 +234,49 @@ spec:
234234
name: ca-1
235235
type: builtin
236236
enabledBackend: ca-1`
237+
238+
allowAllTrafficPermission = `apiVersion: kuma.io/v1alpha1
239+
kind: MeshTrafficPermission
240+
metadata:
241+
name: allow-all
242+
namespace: kuma-system
243+
labels:
244+
kuma.io/mesh: default
245+
spec:
246+
targetRef:
247+
kind: Mesh
248+
from:
249+
- targetRef:
250+
kind: Mesh
251+
default:
252+
action: Allow`
253+
)
254+
255+
var (
256+
// From Kuma 2.6.0, the default mesh traffic permission is no longer created by default
257+
// and must be created manually if mTLS is enabled.
258+
// https://github.com/kumahq/kuma/blob/2.6.0/UPGRADE.md#default-trafficroute-and-trafficpermission-resources-are-not-created-when-creating-a-new-mesh
259+
installDefaultMeshTrafficPermissionCutoffVersion = semver.MustParse("2.6.0")
237260
)
238261

239262
// enableMTLS attempts to apply a Mesh resource with a basic retry mechanism to deal with delays in the Kuma webhook
240263
// startup
241264
func (a *Addon) enableMTLS(ctx context.Context, cluster clusters.Cluster) (err error) {
242265
ticker := time.NewTicker(5 * time.Second) //nolint:gomnd
266+
defer ticker.Stop()
243267
timeoutTimer := time.NewTimer(time.Minute)
244268

245269
for {
246270
select {
247271
case <-ctx.Done():
248272
return fmt.Errorf("context completed while retrying to apply Mesh")
249273
case <-ticker.C:
250-
err = clusters.ApplyManifestByYAML(ctx, cluster, mtlsEnabledDefaultMesh)
274+
yamlToApply := mtlsEnabledDefaultMesh
275+
if v, ok := a.Version(); ok && v.GTE(installDefaultMeshTrafficPermissionCutoffVersion) {
276+
a.logger.Infof("Kuma version is %s or later, creating default mesh traffic permission", installDefaultMeshTrafficPermissionCutoffVersion)
277+
yamlToApply = strings.Join([]string{mtlsEnabledDefaultMesh, allowAllTrafficPermission}, "\n---\n")
278+
}
279+
err = clusters.ApplyManifestByYAML(ctx, cluster, yamlToApply)
251280
if err == nil {
252281
return nil
253282
}

0 commit comments

Comments
 (0)