Support deployment of EnvoyFilter for outbound traffic (#226)

* Add --patch-context options for `wasme deploy istio` command * Add auto-generated codes * Add changelog * Add a test * Update tools/wasme/cli/operator/api/wasme/v1/filter_deployment.proto Co-authored-by: Shane O'Donnell <[email protected]> * Update tools/wasme/cli/pkg/cmd/deploy/options.go Co-authored-by: Shane O'Donnell <[email protected]> * Make a single source of truth of option values * Codegen again
solo-io · Jan 5, 2021 · 21da9e6 · 21da9e6
1 parent 0a8a317
commit 21da9e6
Show file tree

Hide file tree

Showing 16 changed files with 1,998 additions and 1,906 deletions.
diff --git a/tools/wasme/changelog/v0.0.33/patch-context.yaml b/tools/wasme/changelog/v0.0.33/patch-context.yaml
@@ -0,0 +1,5 @@
+changelog:
+  - type: NEW_FEATURE
+    description: >
+      Add a feature to configure EnvoyFilter.PatchContext at the time of deployment.
+    issueLink: https://github.com/solo-io/wasm/issues/115
diff --git a/tools/wasme/cli/docs/content/reference/cli/wasme_deploy_istio.md b/tools/wasme/cli/docs/content/reference/cli/wasme_deploy_istio.md
@@ -19,7 +19,7 @@ Note: currently only Istio 1.5.x - 1.8.x are supported.
 
 
 ```
-wasme deploy istio <image> --id=<unique name> [--config=<inline string>] [--root-id=<root id>] [--namespaces <comma separated namespaces>] [--name deployment-name] [flags]
+wasme deploy istio <image> --id=<unique name> [--config=<inline string>] [--root-id=<root id>] [--namespaces <comma separated namespaces>] [--name deployment-name] [--patch-context={any|inbound|outbound|gateway}] [flags]
 ```
 
 ### Options
@@ -37,6 +37,7 @@ wasme deploy istio <image> --id=<unique name> [--config=<inline string>] [--root
       --istio-namespace string           the namespace where the Istio control plane is installed (default "istio-system")
   -l, --labels stringToString            labels of the deployment or daemonset into which to inject the filter. if not set, will apply to all workloads in the target namespace (default [])
   -n, --namespace string                 namespace of the workload(s) to inject the filter. (default "default")
+      --patch-context string             patch context of the filter. possible values are any, inbound, outbound, gateway (default "inbound")
   -t, --workload-type string             type of workload into which the filter should be injected. possible values are daemonset, deployment, statefulset (default "deployment")
 ```
 

diff --git a/tools/wasme/cli/docs/content/reference/cli/wasme_undeploy_istio.md b/tools/wasme/cli/docs/content/reference/cli/wasme_undeploy_istio.md
@@ -29,6 +29,7 @@ wasme undeploy istio --id=<unique name> --namespace=<deployment namespace> [--na
       --istio-namespace string   the namespace where the Istio control plane is installed (default "istio-system")
   -l, --labels stringToString    labels of the deployment or daemonset into which to inject the filter. if not set, will apply to all workloads in the target namespace (default [])
   -n, --namespace string         namespace of the workload(s) to inject the filter. (default "default")
+      --patch-context string     patch context of the filter. possible values are any, inbound, outbound, gateway (default "inbound")
       --root-id string           optional root ID used to bind the filter at the Envoy level. this value is normally read from the filter image directly.
   -t, --workload-type string     type of workload into which the filter should be injected. possible values are daemonset, deployment, statefulset (default "deployment")
 ```

diff --git a/tools/wasme/cli/docs/content/reference/operator/filter_deployment.md b/tools/wasme/cli/docs/content/reference/operator/filter_deployment.md
@@ -127,6 +127,10 @@ the first time it must pull the image and inspect it
 second time it will cache it locally
 if the user provides |
 | imagePullOptions | [ImagePullOptions](#wasme.io.ImagePullOptions) |  | custom options if pulling from private / custom repositories |
+| patchContext | [string](#string) |  | a class of configurations based on the traffic flow direction
+and workload type.
+defaults to `inbound`.
+See https://istio.io/latest/docs/reference/config/networking/envoy-filter/#EnvoyFilter-PatchContext for more details. |
 
 
 

diff --git a/tools/wasme/cli/operator/api/wasme/v1/filter_deployment.proto b/tools/wasme/cli/operator/api/wasme/v1/filter_deployment.proto
@@ -48,6 +48,12 @@ message FilterSpec {
 
     // custom options if pulling from private / custom repositories
     ImagePullOptions imagePullOptions = 5;
+
+    // a class of configurations based on the traffic flow direction
+    // and workload type.
+    // defaults to `inbound`.
+    // See https://istio.io/latest/docs/reference/config/networking/envoy-filter/#EnvoyFilter-PatchContext for more details.
+    string patchContext = 6;
 }
 
 
@@ -119,4 +125,4 @@ message WorkloadStatus {
 
     // a human-readable string explaining the error, if any
     string reason = 2;
-}
+}
diff --git a/tools/wasme/cli/pkg/cmd/deploy/deploy.go b/tools/wasme/cli/pkg/cmd/deploy/deploy.go
@@ -119,7 +119,7 @@ Use --labels to use a match Gateway CRs by label.
 }
 
 func deployIstioCmd(ctx *context.Context, opts *options) *cobra.Command {
-	use := "istio <image> --id=<unique name> [--config=<inline string>] [--root-id=<root id>] [--namespaces <comma separated namespaces>] [--name deployment-name]"
+	use := "istio <image> --id=<unique name> [--config=<inline string>] [--root-id=<root id>] [--namespaces <comma separated namespaces>] [--name deployment-name] [--patch-context={any|inbound|outbound|gateway}]"
 	short := "Deploy an Envoy WASM Filter to Istio Sidecar Proxies (Envoy)."
 	long := `Deploy an Envoy WASM Filter to Istio Sidecar Proxies (Envoy).
 
@@ -141,6 +141,7 @@ Note: currently only Istio 1.5.x - 1.8.x are supported.
 	)
 
 	cmd.PreRunE = func(cmd *cobra.Command, args []string) error {
+		opts.filter.PatchContext = opts.istioOpts.patchContext
 		cacheDeployer := cachedeployment.NewDeployer(
 			helpers.MustKubeClient(),
 			opts.cacheOpts.namespace,

diff --git a/tools/wasme/cli/pkg/cmd/deploy/options.go b/tools/wasme/cli/pkg/cmd/deploy/options.go
@@ -83,6 +83,7 @@ func (opts *glooOpts) addToFlags(flags *pflag.FlagSet) {
 
 type istioOpts struct {
 	workload           istio.Workload
+	patchContext       string
 	istioNamespace     string
 	cacheTimeout       time.Duration
 	ignoreVersionCheck bool
@@ -94,7 +95,8 @@ func (opts *istioOpts) addToFlags(flags *pflag.FlagSet) {
 	flags.StringToStringVarP(&opts.workload.Labels, "labels", "l", nil, "labels of the deployment or daemonset into which to inject the filter. if not set, will apply to all workloads in the target namespace")
 	flags.StringVarP(&opts.workload.Namespace, "namespace", "n", "default", "namespace of the workload(s) to inject the filter.")
 	flags.StringVarP(&opts.workload.Kind, "workload-type", "t", istio.WorkloadTypeDeployment, "type of workload into which the filter should be injected. possible values are "+strings.Join(SupportedWorkloadTypes, ", "))
-	flags.StringVarP(&opts.istioNamespace, "istio-namespace", "", "istio-system", "the namespace where the Istio control plane is installed")
+	flags.StringVar(&opts.patchContext, "patch-context", istio.PatchContextInbound, "patch context of the filter. possible values are "+strings.Join(istio.SupportedPatchContexts, ", "))
+	flags.StringVar(&opts.istioNamespace, "istio-namespace", "istio-system", "the namespace where the Istio control plane is installed")
 	flags.DurationVar(&opts.cacheTimeout, "cache-timeout", time.Minute, "the length of time to wait for the server-side filter cache to pull the filter image before giving up with an error. set to 0 to skip the check entirely (note, this may produce a known race condition).")
 	flags.BoolVar(&opts.ignoreVersionCheck, "ignore-version-check", false, "set to disable abi version compatability check.")
 }