Merge pull request #15 from buttahtoast/dev/improvements

feat: rewrite to single reconciler
buttahtoast · Dec 5, 2023 · 5f04267 · 5f04267
2 parents 100086e + d060e48
commit 5f04267
Show file tree

Hide file tree

Showing 20 changed files with 491 additions and 532 deletions.
diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml
@@ -14,13 +14,14 @@ jobs:
   integration-test:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Check secret
         id: checksecret
-        uses: oliverbaehler/github-actions/exists@8dfd42735c85f6c58d5d4d6f3232cd0e39d1fe73 # v0.1.0
+        uses: peak-scale/github-actions/exists@38322faabccd75abfa581c435e367d446b6d2c3b # v0.1.0
         with:
           value: ${{ secrets.CODECOV_TOKEN }}
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
         with:
           go-version: '1.19'
       - name: Run integration tests

diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
@@ -37,7 +37,7 @@ jobs:
         uses: sigstore/cosign-installer@11086d25041f77fe8fe7b9ea4e48e3b9192b8f19 # v3.1.2
       - name: Publish with KO
         id: publish
-        uses: oliverbaehler/github-actions/ko-publish-image@dev # v0.1.0
+        uses: peak-scale/github-actions/make-ko-publish@38322faabccd75abfa581c435e367d446b6d2c3b # v0.1.0
         with:
           makefile-target: ko-publish-all
           registry: ghcr.io

diff --git a/.github/workflows/helm-publish.yml b/.github/workflows/helm-publish.yml
@@ -24,7 +24,7 @@ jobs:
           echo "version=$(echo $VERSION)" >> $GITHUB_OUTPUT
       - name: Helm | Publish
         id: helm_publish
-        uses: oliverbaehler/github-actions/helm-oci-chart@dev
+        uses: peak-scale/github-actions/helm-oci-chart@38322faabccd75abfa581c435e367d446b6d2c3b # v0.1.0
         with:
           registry: ghcr.io
           repository: ${{ github.repository_owner }}/charts

diff --git a/cmd/main.go b/cmd/main.go
@@ -1,7 +1,6 @@
 package main
 
 import (
-	"context"
 	"fmt"
 	"log"
 	"os"
@@ -10,11 +9,14 @@ import (
 	"github.com/go-logr/logr"
 	"github.com/go-logr/stdr"
 	"github.com/spf13/cobra"
+	_ "go.uber.org/automaxprocs"
+	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd"
+	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/controller-runtime/pkg/client/config"
+	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	crlog "sigs.k8s.io/controller-runtime/pkg/log"
-	"sigs.k8s.io/controller-runtime/pkg/manager"
+	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
 )
 
 type rootCmdFlags struct {
@@ -24,16 +26,23 @@ type rootCmdFlags struct {
 	ingressClass string
 	// for identifying objects on parent cluster
 	identifier string
-	// Kubeconfig for parent cluster
-	kubeconfig string
 	// Binary log level
 	logLevel int
 	// Ingress class on loadbalancer cluster
-	targetIngressClass string
-	targetNamespace    string
-	targetKubeconfig   string
+	targetIngressClass     string
+	targetNamespace        string
+	targetKubeconfig       string
+	targetIssuerNamespaced bool
+	targetIssuerName       string
+	metricsAddr            string
+	enableLeaderElection   bool
+	tlsRepsect             bool
 }
 
+var (
+	setupLog = ctrl.Log.WithName("setup")
+)
+
 func main() {
 	var rootLogger = stdr.NewWithOptions(log.New(os.Stderr, "", log.LstdFlags), stdr.Options{LogCaller: stdr.All})
 
@@ -55,8 +64,6 @@ func main() {
 			logger := options.logger
 			logger.Info("logging verbosity", "level", options.logLevel)
 
-			cfg := config.GetConfigOrDie()
-
 			// Load the kubeconfig from the provided file path
 			target, err := clientcmd.BuildConfigFromFlags("", options.targetKubeconfig)
 			if err != nil {
@@ -73,28 +80,56 @@ func main() {
 				os.Exit(1)
 			}
 
-			mgr, err := manager.New(cfg, manager.Options{})
+			manager, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
+				Metrics: metricsserver.Options{
+					BindAddress: options.metricsAddr,
+				},
+				LeaderElection:         options.enableLeaderElection,
+				LeaderElectionID:       "2c123jea.buttah.cloud",
+				HealthProbeBindAddress: ":10080",
+				NewClient: func(config *rest.Config, options client.Options) (client.Client, error) {
+					options.Cache.Unstructured = true
+					return client.New(config, options)
+				},
+			})
 			if err != nil {
-				logger.Error(err, "unable to set up manager")
+				logger.Error(err, "unable to start manager")
 				os.Exit(1)
 			}
 
-			logger.Info("propagation controller start serving")
-			err = controller.RegisterPropagationController(logger, mgr,
-				targetClient,
-				controller.PropagationControllerOptions{
+			_ = manager.AddReadyzCheck("ping", healthz.Ping)
+			_ = manager.AddHealthzCheck("ping", healthz.Ping)
+
+			ctx := ctrl.SetupSignalHandler()
+
+			if err = (&controller.PropagationController{
+				Client:       manager.GetClient(),
+				TargetClient: targetClient,
+				Log:          ctrl.Log.WithName("controllers").WithName("Ingress"),
+				Recorder:     manager.GetEventRecorderFor("ingress-controller"),
+				Options: controller.PropagationControllerOptions{
 					Identifier:             options.identifier,
 					IngressClassName:       options.ingressClass,
 					TargetIngressClassName: options.targetIngressClass,
 					ControllerClassName:    options.controllerClass,
 					TargetNamespace:        options.targetNamespace,
-				})
-			if err != nil {
-				return err
+					TargetIssuerNamespaced: options.targetIssuerNamespaced,
+					TargetIssuerName:       options.targetIssuerName,
+					TLSrespect:             options.tlsRepsect,
+				},
+			}).SetupWithManager(ctx, manager); err != nil {
+				setupLog.Error(err, "unable to create controller", "controller", "Ingress")
+				os.Exit(1)
+			}
+
+			setupLog.Info("propagation manager start serving")
+
+			if err = manager.Start(ctx); err != nil {
+				setupLog.Error(err, "problem running manager")
+				os.Exit(1)
 			}
 
-			// controller-runtime manager would graceful shutdown with signal by itself, no need to provide context
-			return mgr.Start(context.Background())
+			return nil
 		},
 	}
 
@@ -105,7 +140,13 @@ func main() {
 	rootCommand.PersistentFlags().StringVar(&options.identifier, "identifier", options.identifier, "propagator identifier, if multiple propagators sync to the same target namespace, this should be different for each")
 	rootCommand.PersistentFlags().StringVar(&options.targetNamespace, "target-namespace", options.targetNamespace, "namespace on target cluster, where manifests are synced to")
 	rootCommand.PersistentFlags().StringVar(&options.targetKubeconfig, "target-kubeconfig", options.targetKubeconfig, "namespace on target cluster, where manifests are synced to")
-
+	rootCommand.PersistentFlags().StringVar(&options.targetIssuerName, "target-issuer-name", options.targetIssuerName, "name of issuer added as cert-manager annotation on target cluster")
+	rootCommand.PersistentFlags().BoolVar(&options.targetIssuerNamespaced, "target-issuer-namespaced", false, "name of issuer added as cert-manager annotation on target cluster")
+	rootCommand.PersistentFlags().StringVar(&options.metricsAddr, "metrics-addr", ":8080", "The address the metric endpoint binds to.")
+	rootCommand.PersistentFlags().BoolVar(&options.enableLeaderElection, "enable-leader-election", false,
+		"Enable leader election for controller manager. "+
+			"Enabling this will ensure there is only one active controller manager.")
+	rootCommand.PersistentFlags().BoolVar(&options.tlsRepsect, "tls-respect", false, "Respect TLS Spec on ingress objects, if an issuer is defined the TLS spec is added anyway")
 	err := rootCommand.Execute()
 	if err != nil {
 		panic(err)

diff --git a/go.mod b/go.mod
@@ -7,6 +7,7 @@ require (
 	github.com/go-logr/stdr v1.2.2
 	github.com/pkg/errors v0.9.1
 	github.com/spf13/cobra v1.7.0
+	go.uber.org/automaxprocs v1.5.3
 	k8s.io/api v0.28.3
 	k8s.io/apimachinery v0.28.3
 	k8s.io/client-go v0.28.3

diff --git a/go.sum b/go.sum
@@ -108,6 +108,8 @@ github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcU
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+go.uber.org/automaxprocs v1.5.3 h1:kWazyxZUrS3Gs4qUpbwo5kEIMGe/DAvi5Z4tl2NW4j8=
+go.uber.org/automaxprocs v1.5.3/go.mod h1:eRbA25aqJrxAbsLO0xy5jVwPt7FQnRgjW+efnwa1WM0=
 go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/zap v1.25.0 h1:4Hvk6GtkucQ790dqmj7l1eEnRdKm3k3ZUrUMS2d5+5c=

diff --git a/helm/templates/clusterrole.yaml b/helm/templates/clusterrole.yaml
@@ -5,27 +5,36 @@ metadata:
   labels:
     {{- include "helm.labels" . | nindent 4 }}
 rules:
-  - apiGroups:
-      - ""
-    resources:
-      - services
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - networking.k8s.io
-    resources:
-      - ingresses
-      - ingressclasses
-    verbs:
-      - get
-      - list
-      - watch
-      - update
-  - apiGroups:
-      - networking.k8s.io
-    resources:
-      - ingresses/status
-    verbs:
-      - update
+- apiGroups:
+    - ""
+  resources:
+    - services
+  verbs:
+    - get
+    - list
+    - watch
+- apiGroups:
+    - networking.k8s.io
+  resources:
+    - ingresses
+    - ingressclasses
+  verbs:
+    - get
+    - list
+    - watch
+    - update
+- apiGroups:
+    - ""
+  resources:
+    - events
+  verbs:
+    - list
+    - update
+    - create
+    - patch
+- apiGroups:
+    - networking.k8s.io
+  resources:
+    - ingresses/status
+  verbs:
+    - update
diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml
@@ -36,6 +36,7 @@ spec:
           image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           args:
+            - --enable-leader-election
             - --identifier={{ include "controller.identifier" $ }}
             - --ingress-class={{ .Values.ingressClass.name }}
             - --controller-class={{ include "controller.value" $ }}
@@ -46,12 +47,25 @@ spec:
               {{- with .namespace }}
             - --target-namespace={{ . }}
               {{- end }}
+              {{- with .issuer }}
+                {{- if .name }}
+            - --target-issuer-name={{ .name }}
+                {{- end }}
+              {{- end }}
             {{- end }}
             - --target-kubeconfig=/target-kubeconfig.yaml
           volumeMounts:
           - name: kubeconfig-volume
             mountPath: /target-kubeconfig.yaml
             subPath: {{ .Values.target.kubeconfig.secret.key }}
+          ports:
+          - name: metrics
+            containerPort: 8080
+            protocol: TCP
+          livenessProbe:
+            {{- toYaml .Values.livenessProbe | nindent 12}}
+          readinessProbe:
+            {{- toYaml .Values.readinessProbe | nindent 12}}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
       {{- with .Values.nodeSelector }}

diff --git a/helm/values.yaml b/helm/values.yaml
@@ -19,6 +19,12 @@ target:
   ingressClass: "propagated"
   # -- Namespaced on target
   namespace: "ingress-central"
+  # Target Issuer
+  issuer:
+    # -- Issuer name on target cluster
+    name: ""
+    # -- Whether the issuer is namespaced on target cluster
+    namespaced: false
   # -- Target Kubeconfig Secret
   kubeconfig:
     secret:
@@ -60,6 +66,19 @@ securityContext: {}
   # runAsNonRoot: true
   # runAsUser: 1000
 
+# -- Configure the liveness probe using Deployment probe spec
+livenessProbe:
+  httpGet:
+    path: /healthz
+    port: 10080
+
+# -- Configure the readiness probe using Deployment probe spec
+readinessProbe:
+  httpGet:
+    path: /readyz
+    port: 10080
+
+
 service:
   type: ClusterIP
   port: 80