Lightweight service mesh for Kubernetes East-West and North-South traffic management, uses ebpf for layer4 and pipy proxy for layer7 traffic management, support multi cluster network.
Home Page: https://flomesh.io
License: Apache License 2.0
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Please describe the Improvement and/or Feature Request
Scope (please mark with X where applicable)
Possible use cases
Please describe the Improvement and/or Feature Request
FSM CLI should support listing current connectors, like:
fsm connector listScope (please mark with X where applicable)
Possible use cases
Bug description:
Affected area (please mark with X where applicable):
Expected behavior:
Steps to reproduce the bug (as precisely as possible):
How was fsm installed?:
Anything else we need to know?:
Bug report archive:
Environment:
fsm version):kubectl version):https://gateway-api.sigs.k8s.io/geps/gep-1911/
Please describe the Improvement and/or Feature Request
Scope (please mark with X where applicable)
Possible use cases
Please describe the Improvement and/or Feature Request
Scope (please mark with X where applicable)
Possible use cases
Now in charts, we enable some permissions at cluster level, like rbac.authorization.k8s.io which is unnecessary when namespacedIngress or Gateway feature disabled.
- apiGroups: [ "rbac.authorization.k8s.io" ]
resources: [ "roles", "rolebindings", "clusterroles", "clusterrolebindings" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
We should target to minimize the permissions and modularized. Only set necessary permission based on the features enabled.
Moreover, clarify the permission usage in charts comment in details would be better, like some permissions for builtin resources:
- apiGroups: ["apps"]
resources: ["daemonsets", "deployments", "replicasets", "statefulsets"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
If we only enable flb, it seems that fsm doesn't need privileges for ds or sts?
Scope (please mark with X where applicable)
Please describe the Improvement and/or Feature Request
Scope (please mark with X where applicable)
Possible use cases
Please describe the Improvement and/or Feature Request
Scope (please mark with X where applicable)
Possible use cases
When using karmda there are multi ingress support with its own mcs api; but when using ingress-pipy, cannot access using the same usage; I was wondering if there any plan to enhance this feature
Please describe the Improvement and/or Feature Request
Scope (please mark with X where applicable)
Possible use cases
Please describe the Improvement and/or Feature Request
Scope (please mark with X where applicable)
Possible use cases
Please describe the Improvement and/or Feature Request
Scope (please mark with X where applicable)
Possible use cases
Please describe the Improvement and/or Feature Request
Scope (please mark with X where applicable)
Possible use cases
Please describe the Improvement and/or Feature Request
Scope (please mark with X where applicable)
Possible use cases
Please describe the Improvement and/or Feature Request
Scope (please mark with X where applicable)
Possible use cases
Please describe the Improvement and/or Feature Request
Scope (please mark with X where applicable)
Possible use cases
Please describe the Improvement and/or Feature Request
Scope (please mark with X where applicable)
Possible use cases
Bug description:
Affected area (please mark with X where applicable):
Expected behavior:
Steps to reproduce the bug (as precisely as possible):
Load balancing algorithm annotation not working when setting is pipy.ingress.kubernetes.io/lb-type: 'hashing'
How was fsm installed?:
Testing on feature/cli-commands branch.
Anything else we need to know?:
Bug report archive:
Environment:
fsm version):kubectl version):Please describe the Improvement and/or Feature Request
Scope (please mark with X where applicable)
Possible use cases
Should adopt the changes from GatewayAPI 1.1.0 and deprecate GatewayTLSPolicy:
Gateways can now configure client cert verification for each Gateway Listener by introducing a new field frontendValidation field within tls. This field supports configuring a list of CA Certificates that can be used as a trust anchor to validate the certificates presented by the client.
Options within TLS are a list of key/value pairs to enable extended TLSconfiguration for each implementation. For example, configuring the mTLS enablement, minimum TLS version or supported cipher suites.
The experimental BackendTLSPolicy is a good implementation for reference, it'd be better to investigate and refactor the UpstreamTLSPolicy.
Please describe the Improvement and/or Feature Request
Scope (please mark with X where applicable)
Possible use cases
Gateway has a new Infrastructure field that allows you to specify Labels or Annotations that you'd like to be propagated to each resource generated for a Gateway. For example, these labels and annotations may be copied to Services and Deployments provisioned for in-cluster Gateways, or to other implementation-specific resources, such as Cloud Load Balancers. For more information, refer to GEP-1762
Please describe the Improvement and/or Feature Request
Scope (please mark with X where applicable)
Possible use cases
Please describe the Improvement and/or Feature Request
Scope (please mark with X where applicable)
Possible use cases
Please describe the Improvement and/or Feature Request
Scope (please mark with X where applicable)
Possible use cases
Please describe the Improvement and/or Feature Request
Scope (please mark with X where applicable)
Possible use cases
https://gateway-api.sigs.k8s.io/geps/gep-1324/
Please describe the Improvement and/or Feature Request
Scope (please mark with X where applicable)
Possible use cases
Please describe the Improvement and/or Feature Request
Scope (please mark with X where applicable)
Possible use cases
Bug description:
Affected area (please mark with X where applicable):
Expected behavior:
Steps to reproduce the bug (as precisely as possible):
How was fsm installed?:
Anything else we need to know?:
Bug report archive:
Environment:
fsm version):kubectl version):Please describe the Improvement and/or Feature Request
Scope (please mark with X where applicable)
Possible use cases
x-flb-xForwardedFor=true/false
x-flb-limit-size=1000
x-flb-limit-syncRate=10
Please describe the Improvement and/or Feature Request
Scope (please mark with X where applicable)
Possible use cases
https://gateway-api.sigs.k8s.io/geps/gep-1742/
Please describe the Improvement and/or Feature Request
Scope (please mark with X where applicable)
Possible use cases
Please describe the Improvement and/or Feature Request
Scope (please mark with X where applicable)
Possible use cases
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.