Skip to content

Commit

Permalink
parameterize gatewaylbprobe port
Browse files Browse the repository at this point in the history
  • Loading branch information
jwtty committed Nov 15, 2023
1 parent bdc4738 commit f5a7369
Show file tree
Hide file tree
Showing 28 changed files with 163 additions and 127 deletions.
2 changes: 1 addition & 1 deletion .pipeline/e2e.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ jobs:
- bash: |
set -euo pipefail
mv $(pwd)/azure.json $(pwd)/config/azureconfig/azure.json
export EXCEPTION_CIDRS=${POD_CIDR}","${SERVICE_CIDR}
echo EXCEPTION_CIDRS=${POD_CIDR}","${SERVICE_CIDR} > $(pwd)/config/environment_variables/environment.env
IMAGE_REGISTRY=$(registry.url) make install
kubectl wait --for=condition=ready pod -A -l app=kube-egress-gateway --timeout=300s
kubectl get all -n kube-egress-gateway-system
Expand Down
7 changes: 6 additions & 1 deletion cmd/kube-egress-gateway-controller/cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@ import (
"os"
"strconv"

"github.com/Azure/kube-egress-gateway/pkg/consts"

"github.com/spf13/cobra"
"github.com/spf13/viper"
"k8s.io/apimachinery/pkg/runtime"
Expand Down Expand Up @@ -56,6 +58,7 @@ var (
cloudConfig config.CloudConfig
scheme = runtime.NewScheme()
metricsPort int
gatewayLBProbePort int
enableLeaderElection bool
leaderElectionNamespace string
probePort int
Expand All @@ -80,10 +83,11 @@ func init() {

rootCmd.Flags().IntVar(&metricsPort, "metrics-bind-port", 8080, "The port the metric endpoint binds to.")
rootCmd.Flags().IntVar(&probePort, "health-probe-bind-port", 8081, "The port the probe endpoint binds to.")
rootCmd.Flags().IntVar(&gatewayLBProbePort, "gateway-lb-probe-port", 8082, "The port the gateway lb health probe endpoint binds to.")
rootCmd.Flags().BoolVar(&enableLeaderElection, "leader-elect", false,
"Enable leader election for controller manager. "+
"Enabling this will ensure there is only one active controller manager.")
rootCmd.Flags().StringVar(&leaderElectionNamespace, "leader-election-namespace", "kube-system", "the namespace to create leader election objects")
rootCmd.Flags().StringVar(&leaderElectionNamespace, "leader-election-namespace", os.Getenv(consts.PodNamespaceEnvKey), "the namespace to create leader election objects")

zapOpts.BindFlags(goflag.CommandLine)
rootCmd.Flags().AddGoFlagSet(goflag.CommandLine)
Expand Down Expand Up @@ -206,6 +210,7 @@ func startControllers(cmd *cobra.Command, args []string) {
Client: mgr.GetClient(),
AzureManager: az,
Recorder: mgr.GetEventRecorderFor("gatewayLBConfiguration-controller"),
LBProbePort: gatewayLBProbePort,
}).SetupWithManager(mgr); err != nil {
setupLog.Error(err, "unable to create controller", "controller", "GatewayLBConfiguration")
os.Exit(1)
Expand Down
34 changes: 19 additions & 15 deletions cmd/kube-egress-gateway-daemon/cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -56,13 +56,14 @@ func Execute() {
}

var (
cloudConfigFile string
cloudConfig config.CloudConfig
scheme = runtime.NewScheme()
setupLog = ctrl.Log.WithName("setup")
metricsPort int
probePort int
zapOpts = zap.Options{
cloudConfigFile string
cloudConfig config.CloudConfig
scheme = runtime.NewScheme()
setupLog = ctrl.Log.WithName("setup")
metricsPort int
probePort int
gatewayLBProbePort int
zapOpts = zap.Options{
Development: true,
}
)
Expand All @@ -84,6 +85,7 @@ func init() {

rootCmd.Flags().IntVar(&metricsPort, "metrics-bind-port", 8080, "The port the metric endpoint binds to.")
rootCmd.Flags().IntVar(&probePort, "health-probe-bind-port", 8081, "The port the probe endpoint binds to.")
rootCmd.Flags().IntVar(&gatewayLBProbePort, "gateway-lb-probe-port", 8082, "The port the gateway lb probe endpoint binds to.")

zapOpts.BindFlags(goflag.CommandLine)
rootCmd.Flags().AddGoFlagSet(goflag.CommandLine)
Expand Down Expand Up @@ -177,11 +179,18 @@ func startControllers(cmd *cobra.Command, args []string) {
os.Exit(1)
}

lbProbeServer := healthprobe.NewLBProbeServer(gatewayLBProbePort)
if err := mgr.Add(manager.RunnableFunc(lbProbeServer.Start)); err != nil {
setupLog.Error(err, "unbaled to set up gateway health probe server")
os.Exit(1)
}

netnsCleanupEvents := make(chan event.GenericEvent)
if err = (&controllers.StaticGatewayConfigurationReconciler{
Client: mgr.GetClient(),
AzureManager: az,
TickerEvents: netnsCleanupEvents,
Client: mgr.GetClient(),
AzureManager: az,
TickerEvents: netnsCleanupEvents,
LBProbeServer: lbProbeServer,
}).SetupWithManager(mgr); err != nil {
setupLog.Error(err, "unable to create controller", "controller", "StaticGatewayConfiguration")
os.Exit(1)
Expand All @@ -197,11 +206,6 @@ func startControllers(cmd *cobra.Command, args []string) {
}
//+kubebuilder:scaffold:builder

if err := mgr.Add(manager.RunnableFunc(healthprobe.Start)); err != nil {
setupLog.Error(err, "unbaled to set up gateway health probe server")
os.Exit(1)
}

if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {
setupLog.Error(err, "unable to set up health check")
os.Exit(1)
Expand Down
2 changes: 1 addition & 1 deletion config/cnimanager/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
bases:
resources:
- ./daemon
- ./rbac
6 changes: 3 additions & 3 deletions config/crd/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,10 @@ resources:
- bases/egressgateway.kubernetes.azure.com_gatewaystatuses.yaml
#+kubebuilder:scaffold:crdkustomizeresource

patchesStrategicMerge:
patches:
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
# patches here are for enabling the conversion webhook for each CRD
- patches/webhook_in_staticgatewayconfigurations.yaml
- path: patches/webhook_in_staticgatewayconfigurations.yaml
#- patches/webhook_in_podwireguardendpoints.yaml
#- patches/webhook_in_gatewaylbconfigurations.yaml
#- patches/webhook_in_gatewayvmconfigurations.yaml
Expand All @@ -21,7 +21,7 @@ patchesStrategicMerge:

# [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix.
# patches here are for enabling the CA injection for each CRD
- patches/cainjection_in_staticgatewayconfigurations.yaml
#- patches/cainjection_in_staticgatewayconfigurations.yaml
#- patches/cainjection_in_podwireguardendpoints.yaml
#- patches/cainjection_in_gatewaylbconfigurations.yaml
#- patches/cainjection_in_gatewayvmconfigurations.yaml
Expand Down
2 changes: 1 addition & 1 deletion config/daemon/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
bases:
resources:
- ./rbac
- ./manager
2 changes: 0 additions & 2 deletions config/daemon/manager/cloud_config_patch.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,6 @@ spec:
spec:
containers:
- name: daemon
args:
- "--cloud-config=/etc/config/azure.json"
volumeMounts:
- name: daemon-config-volume
mountPath: /etc/config
Expand Down
4 changes: 2 additions & 2 deletions config/daemon/manager/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
resources:
- manager.yaml

patchesStrategicMerge:
- cloud_config_patch.yaml
patches:
- path: cloud_config_patch.yaml
3 changes: 3 additions & 0 deletions config/daemon/manager/manager.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,9 @@ spec:
containers:
- command:
- /kube-egress-gateway-daemon
args:
- --gateway-lb-probe-port=8082
- --cloud-config=/etc/config/azure.json
image: daemon:latest
name: daemon
securityContext:
Expand Down
3 changes: 1 addition & 2 deletions config/environment_variables/environment.env
Original file line number Diff line number Diff line change
@@ -1,2 +1 @@
# We do not specify actual values. Kustomize will capture the current environment variables into the ConfigMap.
EXCEPTION_CIDRS
EXCEPTION_CIDRS=
8 changes: 4 additions & 4 deletions config/manager/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@

bases:
resources:
- ./rbac
- ./manager
# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
Expand All @@ -10,11 +10,11 @@ bases:
# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
#- ./prometheus

patchesStrategicMerge:
patches:
# Protect the /metrics endpoint by putting it behind auth.
# If you want your controller-manager to expose the /metrics
# endpoint w/o any authn/z, please comment the following line.
- manager_auth_proxy_patch.yaml
- path: manager_auth_proxy_patch.yaml

# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
# crd/kustomization.yaml
Expand All @@ -26,7 +26,7 @@ patchesStrategicMerge:
# - webhookcainjection_patch.yaml

# the following config is for teaching kustomize how to do var substitution
vars:
# vars:
# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
# - name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
# objref:
Expand Down
4 changes: 2 additions & 2 deletions config/manager/manager/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ resources:
generatorOptions:
disableNameSuffixHash: true

patchesStrategicMerge:
patches:
# Mount the controller config file for loading manager configurations
# through a ComponentConfig type
- manager_config_patch.yaml
- path: manager_config_patch.yaml
8 changes: 8 additions & 0 deletions config/manager/manager/manager.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -31,13 +31,21 @@ spec:
- /kube-egress-gateway-controller
args:
- --leader-elect
- --leader-election-namespace=$(MY_POD_NAMESPACE)
- --cloud-config=/etc/config/azure.json
- --gateway-lb-probe-port=8082
image: controller:latest
name: manager
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
env:
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
livenessProbe:
httpGet:
path: /healthz
Expand Down
2 changes: 0 additions & 2 deletions config/manager/manager/manager_config_patch.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,6 @@ spec:
spec:
containers:
- name: manager
args:
- "--cloud-config=/etc/config/azure.json"
volumeMounts:
- name: manager-config-volume
mountPath: /etc/config
Expand Down
15 changes: 8 additions & 7 deletions controllers/daemon/staticgatewayconfiguration_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -47,11 +47,12 @@ var _ reconcile.Reconciler = &StaticGatewayConfigurationReconciler{}
type StaticGatewayConfigurationReconciler struct {
client.Client
*azmanager.AzureManager
TickerEvents chan event.GenericEvent
Netlink netlinkwrapper.Interface
NetNS netnswrapper.Interface
IPTables iptableswrapper.Interface
WgCtrl wgctrlwrapper.Interface
TickerEvents chan event.GenericEvent
LBProbeServer *healthprobe.LBProbeServer
Netlink netlinkwrapper.Interface
NetNS netnswrapper.Interface
IPTables iptableswrapper.Interface
WgCtrl wgctrlwrapper.Interface
}

//+kubebuilder:rbac:groups=egressgateway.kubernetes.azure.com,resources=staticgatewayconfigurations,verbs=get;list;watch
Expand Down Expand Up @@ -194,7 +195,7 @@ func (r *StaticGatewayConfigurationReconciler) reconcile(
return err
}

if err := healthprobe.AddGateway(string(gwConfig.GetUID())); err != nil {
if err := r.LBProbeServer.AddGateway(string(gwConfig.GetUID())); err != nil {
return err
}

Expand Down Expand Up @@ -279,7 +280,7 @@ func (r *StaticGatewayConfigurationReconciler) ensureDeleted(ctx context.Context
}

gwUID := getGatewayUIDFromNamespaceName(netns)
if err := healthprobe.RemoveGateway(gwUID); err != nil {
if err := r.LBProbeServer.RemoveGateway(gwUID); err != nil {
return err
}
return nil
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ import (
"github.com/Azure/kube-egress-gateway/pkg/azmanager"
"github.com/Azure/kube-egress-gateway/pkg/config"
"github.com/Azure/kube-egress-gateway/pkg/consts"
"github.com/Azure/kube-egress-gateway/pkg/healthprobe"
"github.com/Azure/kube-egress-gateway/pkg/imds"
"github.com/Azure/kube-egress-gateway/pkg/iptableswrapper/mockiptableswrapper"
"github.com/Azure/kube-egress-gateway/pkg/netlinkwrapper/mocknetlinkwrapper"
Expand Down Expand Up @@ -82,7 +83,7 @@ var _ = Describe("Daemon StaticGatewayConfiguration controller unit tests", func
mctrl := gomock.NewController(GinkgoT())
az := getMockAzureManager(mctrl)
cl := fake.NewClientBuilder().WithScheme(scheme.Scheme).WithRuntimeObjects(objects...).Build()
r = &StaticGatewayConfigurationReconciler{Client: cl, AzureManager: az}
r = &StaticGatewayConfigurationReconciler{Client: cl, AzureManager: az, LBProbeServer: healthprobe.NewLBProbeServer(1000)}
r.Netlink = mocknetlinkwrapper.NewMockInterface(mctrl)
r.NetNS = mocknetnswrapper.NewMockInterface(mctrl)
r.IPTables = mockiptableswrapper.NewMockInterface(mctrl)
Expand Down
8 changes: 5 additions & 3 deletions controllers/manager/gatewaylbconfiguration_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,8 @@ import (
type GatewayLBConfigurationReconciler struct {
client.Client
*azmanager.AzureManager
Recorder record.EventRecorder
Recorder record.EventRecorder
LBProbePort int
}

type lbPropertyNames struct {
Expand Down Expand Up @@ -350,7 +351,7 @@ func (r *GatewayLBConfigurationReconciler) reconcileLBRule(

probeID := r.GetLBProbeID(names.probeName)
expectedLBRule := getExpectedLBRule(&names.lbRuleName, frontendID, backendID, probeID)
expectedProbe := getExpectedLBProbe(&names.probeName, lbConfig)
expectedProbe := getExpectedLBProbe(&names.probeName, r.LBProbePort, lbConfig)

lbRules := lb.Properties.LoadBalancingRules
if needLB {
Expand Down Expand Up @@ -537,6 +538,7 @@ func getExpectedLBRule(lbRuleName, frontendID, backendID, probeID *string) *netw

func getExpectedLBProbe(
probeName *string,
lbProbePort int,
lbConfig *egressgatewayv1alpha1.GatewayLBConfiguration,
) *network.Probe {
gatewayUID := ""
Expand All @@ -550,7 +552,7 @@ func getExpectedLBProbe(
probeProp := &network.ProbePropertiesFormat{
RequestPath: to.Ptr(consts.GatewayHealthProbeEndpoint + gatewayUID),
Protocol: to.Ptr(network.ProbeProtocolHTTP),
Port: to.Ptr(consts.WireguardDaemonServicePort),
Port: to.Ptr(int32(lbProbePort)),
}
return &network.Probe{
Name: probeName,
Expand Down
Loading

0 comments on commit f5a7369

Please sign in to comment.