openshift-service-mesh · jewertow · Jan 25, 2025 · Jan 25, 2025 · Jan 26, 2025 · Jan 26, 2025
diff --git a/Makefile b/Makefile
@@ -54,7 +54,7 @@ e2e: kind-clusters ## Runs end-to-end tests against KinD clusters
 	$(foreach suite, $(TEST_SUITES), \
 		PATH=$(LOCALBIN):$$PATH \
 		TAG=$$local_tag \
-		go test -tags=integ -run TestTraffic $(PROJECT_DIR)/test/e2e/scenarios/$(suite) \
+		go test -tags=integ -timeout 30m -run TestTraffic $(PROJECT_DIR)/test/e2e/scenarios/$(suite) \
 			--istio.test.hub=docker.io/istio\
 			--istio.test.tag=$(ISTIO_VERSION)\
 			--istio.test.kube.config=$(PROJECT_DIR)/test/east.kubeconfig,$(PROJECT_DIR)/test/west.kubeconfig,$(PROJECT_DIR)/test/central.kubeconfig\

diff --git a/api/v1alpha1/federatedservice_types.go b/api/v1alpha1/federatedservice_types.go
@@ -18,16 +18,23 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
-// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
-
 // FederatedServiceSpec defines the desired state of FederatedService.
 type FederatedServiceSpec struct {
-	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
-	// Important: Run "make" to regenerate code after modifying this file
+	// Host is a FQDN of the federated service.
+	Host string `json:"host,omitempty"`
+
+	// Ports of the federated service.
+	Ports []Port `json:"ports,omitempty"`
+
+	// Labels associated with endpoints of the federated service.
+	Labels map[string]string `json:"labels,omitempty"`
+}
 
-	// Foo is an example field of FederatedService. Edit federatedservice_types.go to remove/update
-	Foo string `json:"foo,omitempty"`
+type Port struct {
+	Name       string `json:"name,omitempty"`
+	Number     int32  `json:"number,omitempty"`
+	Protocol   string `json:"protocol,omitempty"`
+	TargetPort int32  `json:"targetPort,omitempty"`
 }
 
 // FederatedServiceStatus defines the observed state of FederatedService.

diff --git a/api/v1alpha1/meshfederation_types.go b/api/v1alpha1/meshfederation_types.go
@@ -48,20 +48,9 @@ type MeshFederationList struct {
 
 // MeshFederationSpec defines the desired state of MeshFederation.
 type MeshFederationSpec struct {
-	// Network name used by Istio for load balancing
-	// +kubebuilder:validation:Required
-	Network string `json:"network"`
-
-	// +kubebuilder:default:=cluster.local
-	TrustDomain string `json:"trustDomain"`
-
-	// Namespace used to create mesh-wide resources
-	// +kubebuilder:default:=istio-system
-	ControlPlaneNamespace string `json:"controlPlaneNamespace"`
-
 	// TODO: CRD proposal states "If no ingress is specified, it means the controller supports only single network topology". However, some config, such as gateway/port config, seems to be required.
 	// Config specifying ingress type and ingress gateway config
-	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:Optional
 	IngressConfig IngressConfig `json:"ingress"`
 
 	// Selects the K8s Services to export to all remote meshes.

diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/chart/crds/federation.openshift-service-mesh.io_federatedservices.yaml b/chart/crds/federation.openshift-service-mesh.io_federatedservices.yaml
@@ -39,10 +39,30 @@ spec:
           spec:
             description: FederatedServiceSpec defines the desired state of FederatedService.
             properties:
-              foo:
-                description: Foo is an example field of FederatedService. Edit federatedservice_types.go
-                  to remove/update
+              host:
+                description: Host is a FQDN of the federated service.
                 type: string
+              labels:
+                additionalProperties:
+                  type: string
+                description: Labels associated with endpoints of the federated service.
+                type: object
+              ports:
+                description: Ports of the federated service.
+                items:
+                  properties:
+                    name:
+                      type: string
+                    number:
+                      format: int32
+                      type: integer
+                    protocol:
+                      type: string
+                    targetPort:
+                      format: int32
+                      type: integer
+                  type: object
+                type: array
             type: object
           status:
             description: FederatedServiceStatus defines the observed state of FederatedService.

diff --git a/chart/crds/federation.openshift-service-mesh.io_meshfederations.yaml b/chart/crds/federation.openshift-service-mesh.io_meshfederations.yaml
@@ -39,10 +39,6 @@ spec:
           spec:
             description: MeshFederationSpec defines the desired state of MeshFederation.
             properties:
-              controlPlaneNamespace:
-                default: istio-system
-                description: Namespace used to create mesh-wide resources
-                type: string
               export:
                 description: |-
                   Selects the K8s Services to export to all remote meshes.
@@ -154,17 +150,6 @@ spec:
                 - gateway
                 - type
                 type: object
-              network:
-                description: Network name used by Istio for load balancing
-                type: string
-              trustDomain:
-                default: cluster.local
-                type: string
-            required:
-            - controlPlaneNamespace
-            - ingress
-            - network
-            - trustDomain
             type: object
           status:
             description: MeshFederationStatus defines the observed state of MeshFederation.

diff --git a/chart/templates/clusterrole.yaml b/chart/templates/clusterrole.yaml
@@ -8,26 +8,27 @@ rules:
   verbs: ["get", "watch", "list"]
 - apiGroups: ["networking.istio.io"]
   resources: ["gateways", "serviceentries", "workloadentries"]
-  verbs: ["get", "list", "create", "update", "patch", "delete"]
+  verbs: ["get", "list", "create", "update", "patch", "delete", "watch"]
 - apiGroups: ["security.istio.io"]
   resources: ["peerauthentications"]
-  verbs: ["get", "list", "create", "update", "patch", "delete"]
+  verbs: ["get", "list", "create", "update", "patch", "delete", "watch"]
 {{- if (include "remotes.hasOpenshiftRouterPeer" .) }}
 - apiGroups: ["networking.istio.io"]
   resources: ["destinationrules"]
   verbs: ["get", "list", "create", "update", "patch", "delete"]
 {{- end }}
-{{- if eq .Values.federation.meshPeers.local.ingressType "openshift-router" }}
 - apiGroups: ["networking.istio.io"]
   resources: ["envoyfilters"]
-  verbs: ["get", "list", "create", "update", "patch", "delete"]
+  verbs: ["get", "list", "create", "update", "patch", "delete", "watch"]
 - apiGroups: ["route.openshift.io"]
   resources: ["routes", "routes/custom-host"]
-  verbs: ["get", "list", "create", "update", "patch", "delete"]
-{{- end }}
+  verbs: ["get", "list", "create", "update", "patch", "delete", "watch"]
 - apiGroups: ["federation.openshift-service-mesh.io"]
   resources: ["meshfederations", "federatedservices"]
   verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
 - apiGroups: ["federation.openshift-service-mesh.io"]
   resources: ["meshfederations/status", "federatedservices/status"]
-  verbs: ["get"]
+  verbs: ["get", "update", "patch"]
+- apiGroups: ["federation.openshift-service-mesh.io"]
+  resources: ["meshfederations/finalizers"]
+  verbs: ["get", "update", "patch"]