feat(kuma-cp): update default policies to use new rules api instead of deprecated from #13203
Conversation
…f deprecated from Signed-off-by: Marcin Skalski <[email protected]>
| "mesh-timeout-all": defaultMeshTimeoutResource, | ||
| "mesh-circuit-breaker-all": defaultMeshCircuitBreakerResource, | ||
| "mesh-retry-all": defaultMeshRetryResource, | ||
| "mesh-gateways-timeout-all-outbounds": defaultOutboundMeshGatewaysTimeoutResource, |
There was a problem hiding this comment.
Looking at this code, I am afraid that this is not enough as we will have duplicate timeouts, if old defaults are present.
Also, simply removing old defaults feels shady, what if someone updated defaults but left the default name?
There was a problem hiding this comment.
I think we create these resources only during mesh creation. They shouldn't be created when upgrading to the new version.
There was a problem hiding this comment.
One more issue. What about zones running older versions? These policies won't work on zones
There was a problem hiding this comment.
@lukidzi can we protect ourselves from this? some flag on kds or something like this?
There was a problem hiding this comment.
It might be possible using a KDS flag, but we would need to translate it to a compatible format at the KDS sync level. That’s a bit tricky, and the global control plane would still display the new version. Since policies are created on the global control plane and it doesn't have awareness of the zone version, it's not possible to determine how to generate the default policy correctly.
There was a problem hiding this comment.
so should we then wait until we remove support for from entirely?
Reviewer Checklist🔍 Each of these sections need to be checked by the reviewer of the PR 🔍:
|
Signed-off-by: Marcin Skalski <[email protected]>
Motivation
We should update our default policies to use new api