Gcs sidecar framework #2422
Merged
Gcs sidecar framework #2422
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kiashok
force-pushed
the
gcs-sidecar-framework
branch
3 times, most recently
from
973753d to
588627a
Compare
kiashok
commented
Apr 28, 2025
MahatiC
reviewed
Apr 29, 2025
rawahars
reviewed
Apr 30, 2025
kiashok
force-pushed
the
gcs-sidecar-framework
branch
6 times, most recently
from
a1d186f to
a800f04
Compare
helsaawy
reviewed
May 15, 2025
helsaawy
reviewed
May 15, 2025
helsaawy
reviewed
May 15, 2025
helsaawy
reviewed
May 15, 2025
kiashok
force-pushed
the
gcs-sidecar-framework
branch
from
a800f04 to
a2da501
Compare
MahatiC
reviewed
Jun 4, 2025
MahatiC
approved these changes
Jun 4, 2025
kiashok
force-pushed
the
gcs-sidecar-framework
branch
from
a2da501 to
3b7df1c
Compare
Addressed them in the latest push. Thanks for reviewing! :) |
KenGordon
reviewed
Jun 10, 2025
internal/gcs-sidecar/bridge.go
Outdated
| } | ||
| sidecarErrChan <- recverr | ||
| }() | ||
| // Send response to hcsshim |
There was a problem hiding this comment.
I know that this is work in progress and Mahati is addressing it somewhat, but not all messages to the inbox GCS will directly result in a message to the host.
There was a problem hiding this comment.
Could you elaborate on what you mean by "all messages to inbox GCs will not directly result in a message to the host" ?
Send response to hcsshim is a goroutine which waits on a channel. Please refer to handlers.go.
- Used when there is a premature response like policy enforcement not allowing a request or ResourceTypeWCOWBlockCims for example. OR,
- We got a response from inbox GCS and need to forward response to hcsshim:
This go routine does not mean every request coming to the gcs-sidecar needs to have a response. Not sure what the concern is or if I am missing smth.
cc @MahatiC what is it you are addressing?
kiashok
force-pushed
the
gcs-sidecar-framework
branch
from
3b7df1c to
3f07f1e
Compare
kiashok
force-pushed
the
gcs-sidecar-framework
branch
from
3f07f1e to
36c0d2b
Compare
- Move common bridge protocol definitions to subpackage under internal/gcs - Move helper functions to internal/bridgeutils pkg so that they can be used by gcs-sidecar as well Signed-off-by: Kirtana Ashok <[email protected]>
kiashok
force-pushed
the
gcs-sidecar-framework
branch
from
36c0d2b to
e64ed40
Compare
anmaxvl
reviewed
Jul 10, 2025
This commit makes the high level changes needed for gcs-sidecar - Starts sidecar as service - Dereferences the various valid rpc requests - Adds code to invoke refs formatter Note: This commit does not add invokers to the code for new ResourceTypes like SecurityPolicy, CWCOWBlockCIMs, Container scratch formatting etc. This will come in along with functional tests in later PRs. There are some TODO comments in the code which will be addressed in upcoming PRs as well. To make this initialization of the gcs-sidecar flow complete, certain high level code for the policy enforcement have been brought into this commit from Mahati's changes. Example: internal/gcs-sidecar/policy.go, internal/gcs-sidecar/host.go and helper functions in internal/gcs-sidecar/host.go. Hence adding her as co-author in this commit. The rest of the policy framework code will be brought in by Mahati as follow up PRs. Co-authored-by: <[email protected]> Signed-off-by: Kirtana Ashok <[email protected]>
kiashok
force-pushed
the
gcs-sidecar-framework
branch
from
e64ed40 to
c3dcf03
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit makes the high level changes needed for gcs-sidecar
Note: This commit does not add invokers to the code for new
ResourceTypes like SecurityPolicy, CWCOWBlockCIMs,
Container scratch formatting etc. This will come in along
with functional tests in later PRs.
There are some TODO comments in the code which will be
addressed in upcoming PRs as well.
To make this initialization of the gcs-sidecar flow complete,
certain high level code for the policy enforcement have been
brought into this commit from @MahatiC 's changes.
Example: internal/gcs-sidecar/policy.go, internal/gcs-sidecar/host.go
and helper functions in internal/gcs-sidecar/host.go.
Hence adding her as co-author in this commit.
The rest of the policy framework code will be brought in by @MahatiC
as follow up PRs.
Commit 1: Rearranges some bridge code to make them reusable for gcs-sidecar framework as well
Commit 2: This is a cherry pick of Amit's PR here : #2421 . Will rebase this PR once his PR is merged.
Commit 3: This is the main commit that brings in changes for gcs-sidecar + minimal changes from policy framework in order to make the initialization flow complete. Rest of the policy enforcement changes will be brought in by @MahatiC