Support SecurityProfile API and sandbox traffic-extension ext proc#398
Open
delavet wants to merge 4 commits into
Open
Support SecurityProfile API and sandbox traffic-extension ext proc#398delavet wants to merge 4 commits into
delavet wants to merge 4 commits into
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
Welcome @delavet! It looks like this is your first PR to openkruise/agents 🎉 |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## master #398 +/- ##
==========================================
+ Coverage 76.51% 77.03% +0.52%
==========================================
Files 146 168 +22
Lines 10684 11711 +1027
==========================================
+ Hits 8175 9022 +847
- Misses 2168 2310 +142
- Partials 341 379 +38
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Contributor
There was a problem hiding this comment.
Pull request overview
This PR introduces a new SecurityProfile CRD and a new traffix-extension component (Envoy ext-proc gRPC server) to enforce L7 egress policies for sandbox pods, including request blocking and credential/token header injection driven by CRD rules.
Changes:
- Added
SecurityProfile(agents.kruise.io/v1alpha1) API types + generated CRD/clientset/informers/listers. - Implemented
traffix-extensionservice: controller-runtime manager + in-memory profile store + Envoy ext-proc handlers + pluggable actions (Block, TokenTransformation). - Added supporting utilities (matchers, label decoding, token cache, credential provider client), build targets, Dockerfile, and component documentation.
Reviewed changes
Copilot reviewed 36 out of 48 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| pkg/traffix-extension/util/tls/tls.go | Self-signed TLS certificate helper for optional secure gRPC serving. |
| pkg/traffix-extension/util/podlabels/podlabels.go | Base64 decoding + parsing of sandbox.labels from Envoy filter_state. |
| pkg/traffix-extension/util/podlabels/podlabels_test.go | Unit tests for sandbox label decoding/parsing. |
| pkg/traffix-extension/util/matcher/matcher.go | Request matching engine (domain/path/method) for SecurityProfile rules. |
| pkg/traffix-extension/util/matcher/matcher_test.go | Unit tests for request matching + header parsing. |
| pkg/traffix-extension/util/logging/logging.go | Shared logr verbosity constants. |
| pkg/traffix-extension/server/runserver.go | gRPC server runner wiring ext-proc server + optional TLS. |
| pkg/traffix-extension/runnable/leader_election.go | Runnable wrappers to integrate with controller-runtime leader election expectations. |
| pkg/traffix-extension/runnable/grpc.go | Generic controller-runtime Runnable wrapper for gRPC servers. |
| pkg/traffix-extension/plugins/tokeninjection/template.go | Header value rendering using Go text/template. |
| pkg/traffix-extension/plugins/tokeninjection/provider.go | Validation for supported TokenProviderRef (group/kind/name). |
| pkg/traffix-extension/plugins/tokeninjection/plugin.go | TokenTransformation plugin implementation (fetch token + mutate header). |
| pkg/traffix-extension/plugins/tokeninjection/helpers_test.go | Unit tests for when-condition, template rendering, provider ref validation. |
| pkg/traffix-extension/plugins/tokeninjection/condition.go | when condition evaluation + placeholder→regex conversion. |
| pkg/traffix-extension/plugins/plugin.go | Plugin contract + Result/RequestContext definitions for extensibility. |
| pkg/traffix-extension/plugins/block/block.go | Block plugin (terminal ImmediateResponse). |
| pkg/traffix-extension/plugins/block/block_test.go | Unit tests for Block plugin behavior/response encoding. |
| pkg/traffix-extension/handlers/server.go | Envoy ext-proc streaming server loop + request dispatch. |
| pkg/traffix-extension/handlers/request.go | Core orchestration: extract filter_state, find matching profiles, walk rules, invoke plugins. |
| pkg/traffix-extension/handlers/request_test.go | Integration-style tests covering handler orchestration + block precedence behavior. |
| pkg/traffix-extension/framework/tokencache/cache.go | LRU+TTL token cache (hashicorp/golang-lru/v2). |
| pkg/traffix-extension/framework/tokencache/cache_test.go | Unit tests for cache behavior (TTL, eviction, concurrency). |
| pkg/traffix-extension/framework/credential/client.go | Credential provider HTTP client (mTLS preferred) + optional cache integration. |
| pkg/traffix-extension/framework/credential/client_test.go | Unit tests for TLS client construction + CA loading. |
| pkg/traffix-extension/framework/controller/securityprofile_reconciler.go | Reconciler syncing SecurityProfiles into in-memory store. |
| pkg/traffix-extension/framework/configstore/store.go | Thread-safe in-memory SecurityProfile store + label-based matching. |
| pkg/traffix-extension/framework/configstore/store_test.go | Unit tests for store CRUD + label matching + deterministic ordering. |
| Makefile | Added build/docker-build targets for traffix-extension. |
| go.sum | Added module sums for golang-lru/v2. |
| go.mod | Added dependency github.com/hashicorp/golang-lru/v2. |
| docs/components/traffix-extension.md | New component documentation (architecture, config, CRD sample). |
| dockerfiles/traffix-extension.Dockerfile | New Docker build for traffix-extension image. |
| config/crd/bases/agents.kruise.io_securityprofiles.yaml | Generated CRD manifest for SecurityProfile. |
| cmd/traffix-extension/main.go | New binary entrypoint wiring manager, reconciler, plugins, servers. |
| cmd/traffix-extension/health.go | gRPC health service for readiness/liveness. |
| client/listers/api/v1alpha1/securityprofile.go | Generated lister for SecurityProfile. |
| client/listers/api/v1alpha1/expansion_generated.go | Generated lister expansion interfaces for SecurityProfile. |
| client/informers/externalversions/generic.go | Added generic informer mapping for SecurityProfile. |
| client/informers/externalversions/api/v1alpha1/securityprofile.go | Generated informer for SecurityProfile. |
| client/informers/externalversions/api/v1alpha1/interface.go | Added SecurityProfiles() accessor to informer interface. |
| client/clientset/versioned/typed/api/v1alpha1/securityprofile.go | Generated typed client for SecurityProfile. |
| client/clientset/versioned/typed/api/v1alpha1/generated_expansion.go | Generated typed client expansion for SecurityProfile. |
| client/clientset/versioned/typed/api/v1alpha1/fake/fake_securityprofile.go | Generated fake typed client for SecurityProfile. |
| client/clientset/versioned/typed/api/v1alpha1/fake/fake_api_client.go | Registered fake client method for SecurityProfiles(). |
| client/clientset/versioned/typed/api/v1alpha1/api_client.go | Registered real client method for SecurityProfiles(). |
| api/v1alpha1/zz_generated.deepcopy.go | Added deep-copies for new SecurityProfile-related API types. |
| api/v1alpha1/securityprofile_types.go | New SecurityProfile API type definitions + kubebuilder validations. |
| AGENTS.md | Updated project/component documentation to include traffix-extension + SecurityProfile. |
Files not reviewed (11)
- api/v1alpha1/zz_generated.deepcopy.go: Language not supported
- client/clientset/versioned/typed/api/v1alpha1/api_client.go: Language not supported
- client/clientset/versioned/typed/api/v1alpha1/fake/fake_api_client.go: Language not supported
- client/clientset/versioned/typed/api/v1alpha1/fake/fake_securityprofile.go: Language not supported
- client/clientset/versioned/typed/api/v1alpha1/generated_expansion.go: Language not supported
- client/clientset/versioned/typed/api/v1alpha1/securityprofile.go: Language not supported
- client/informers/externalversions/api/v1alpha1/interface.go: Language not supported
- client/informers/externalversions/api/v1alpha1/securityprofile.go: Language not supported
- client/informers/externalversions/generic.go: Language not supported
- client/listers/api/v1alpha1/expansion_generated.go: Language not supported
- client/listers/api/v1alpha1/securityprofile.go: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+81
to
+85
| flags := make(map[string]any) | ||
| flag.VisitAll(func(f *flag.Flag) { | ||
| flags[f.Name] = f.Value | ||
| }) | ||
|
|
Comment on lines
+8
to
+17
| COPY ../go.mod go.mod | ||
| COPY ../go.sum go.sum | ||
| # cache deps before building and copying source so that we don't need to re-download as much | ||
| # and so that source changes don't invalidate our downloaded layer | ||
| RUN go mod download | ||
|
|
||
| # Copy the go source | ||
| COPY ../cmd/traffix-extension cmd/traffix-extension | ||
| COPY ../api api/ | ||
| COPY ../pkg pkg/ |
Comment on lines
+167
to
+168
| // In production, configure proper CA verification. | ||
| InsecureSkipVerify: true, //nolint:gosec |
Comment on lines
+110
to
+126
| c.mu.RLock() | ||
| key := cacheKey{credentialProviderName: credentialProviderName, resourceID: resourceID} | ||
| entry, ok := c.lru.Get(key) | ||
| c.mu.RUnlock() | ||
|
|
||
| if !ok || entry.isExpired() { | ||
| // Expired or missing — remove from LRU if present. | ||
| c.mu.Lock() | ||
| c.lru.Remove(key) | ||
| c.mu.Unlock() | ||
| return "", false | ||
| } | ||
|
|
||
| // Access moves the entry to the front (LRU semantics). | ||
| c.mu.Lock() | ||
| c.lru.Get(key) | ||
| c.mu.Unlock() |
Comment on lines
+84
to
+95
| // matchDomain checks if the host matches any of the domain patterns. | ||
| // Supports wildcard "*" to match any domain. | ||
| func matchDomain(host string, domains []string) bool { | ||
| for _, domain := range domains { | ||
| if domain == "*" { | ||
| return true | ||
| } | ||
| if strings.EqualFold(host, domain) { | ||
| return true | ||
| } | ||
| } | ||
| return false |
Comment on lines
+65
to
+74
| var escaped string | ||
| if strings.HasPrefix(part, "^") { | ||
| escaped = "^" + regexp.QuoteMeta(strings.TrimPrefix(part, "^")) | ||
| } else if strings.HasSuffix(part, "$") { | ||
| escaped = regexp.QuoteMeta(strings.TrimSuffix(part, "$")) + "$" | ||
| } else if strings.HasPrefix(part, "^") && strings.HasSuffix(part, "$") { | ||
| trimmed := strings.TrimPrefix(part, "^") | ||
| trimmed = strings.TrimSuffix(trimmed, "$") | ||
| escaped = "^" + regexp.QuoteMeta(trimmed) + "$" | ||
| } else { |
| SecurityProfile defines the L7 security/compliance profile for Sandbox | ||
| AI Agent egress HTTP/HTTPS traffic. | ||
|
|
||
| See docs/design/sandboxSecurityProfile.md for the full semantic model. |
Comment on lines
+162
to
+174
| The handler walks the rule chain in order across all profiles matching the | ||
| Pod's labels. For each rule whose `match` clause matches the request: | ||
|
|
||
| 1. If the rule has a `block` action — return an Envoy `ImmediateResponse` | ||
| with the configured status code and body. **Terminal**; no further | ||
| rules are evaluated. Does not require a sandbox token. | ||
| 2. Otherwise, if the rule has a `tokenTransformation` action and no Block | ||
| has fired yet, the rule is recorded and scanning continues so a later | ||
| `block` rule can still win. | ||
|
|
||
| After the scan: if a Block fired, the request is rejected. If only a | ||
| `tokenTransformation` rule matched, token injection runs against that | ||
| rule. Otherwise the request passes through unmodified. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Ⅰ. Describe what this PR does
New CRD: SecurityProfile (agents.kruise.io/v1alpha1)
Add a new component traffix-extension — an Envoy ext-proc (external processing) gRPC server that block requestts / injects security tokens into outbound HTTP traffic from sandbox pods, driven by the new SecurityProfile CRD.
Ⅱ. Does this pull request fix one issue?
Ⅲ. Describe how to verify it
Ⅳ. Special notes for reviews
No changes to existing components. All additions live under the new cmd/traffix-extension/ and pkg/traffix-extension/ trees plus the new CRD types; the client/ deltas are generated from make generate