MLE-11468: Implementation and unit test for Ingress (#36)

* Implementation and unit test for Ingress

Author: barkhachoithani

api/v1alpha1/common_types.go

@@ -100,6 +100,7 @@ type HAProxy struct {
 	Resources    corev1.ResourceList `json:"resources,omitempty"`
 	Affinity     *corev1.Affinity    `json:"affinity,omitempty"`
 	NodeSelector map[string]string   `json:"nodeSelector,omitempty"`
+	Ingress      Ingress             `json:"ingress,omitempty"`
 }
 
 type AppServers struct {
@@ -148,3 +149,14 @@ type TlsForHAProxy struct {
 	SecretName   string `json:"secretName,omitempty"`
 	CertFileName string `json:"certFileName,omitempty"`
 }
+
+type Ingress struct {
+	// +kubebuilder:default:=false
+	Enabled          bool                       `json:"enabled,omitempty"`
+	IngressClassName string                     `json:"ingressClassName,omitempty"`
+	Labels           map[string]string          `json:"labels,omitempty"`
+	Annotations      map[string]string          `json:"annotations,omitempty"`
+	Host             string                     `json:"host,omitempty"`
+	TLS              *networkingv1.IngressTLS   `json:"tls,omitempty"`
+	AdditionalHosts  []networkingv1.IngressRule `json:"additionalHosts,omitempty"`
+}

api/v1alpha1/zz_generated.deepcopy.go

@@ -63,7 +63,7 @@ spec:
           }}
         securityContext: {{- toYaml .Values.controllerManager.manager.containerSecurityContext
           | nindent 10 }}
-      securityContext:
-        runAsNonRoot: true
+      securityContext: {{- toYaml .Values.controllerManager.podSecurityContext | nindent
+        8 }}
       serviceAccountName: {{ include "marklogic-operator.fullname" . }}-controller-manager
       terminationGracePeriodSeconds: 10

charts/marklogic-operator/templates/deployment.yaml

@@ -87,6 +87,18 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding

charts/marklogic-operator/templates/manager-rbac.yaml

@@ -40,6 +40,8 @@ controllerManager:
       requests:
         cpu: 10m
         memory: 64Mi
+  podSecurityContext:
+    runAsNonRoot: true
   replicas: 1
   serviceAccount:
     annotations: {}

charts/marklogic-operator/templates/marklogiccluster-crd.yaml

@@ -86,3 +86,15 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch

charts/marklogic-operator/values.yaml

@@ -23,14 +23,14 @@ spec:
   ## Uncomment the following lines to enable HAProxy configuration
   haproxy: 
     enabled: false
-  #   pathBasedRouting: true
-  #   frontendPort: 8080
-  #   tcpPorts:
-  #     enabled: true
-  #     ports:
-  #       - name: odbc
-  #         type: TCP
-  #         port: 5432
+    # pathBasedRouting: true
+    # frontendPort: 8080
+    # tcpPorts:
+    #   enabled: true
+    #   ports:
+    #     - name: odbc
+    #       type: TCP
+    #       port: 5432
     # appServers:
     #   - name: "app-service"
     #     port: 8000
@@ -41,16 +41,55 @@ spec:
     #   - name: "manage"
     #     port: 8002
     #     path: "/manage"
-  #   stats:
-  #     enabled: true
-  #     port: 1024
+    # stats:
+    #   enabled: true
+    #   port: 1024
   # resources:
   #   requests:
   #     memory: "4Gi"
   #     cpu: "1"
   #   limits:
   #     memory: "4Gi"
   #     cpu: "1"
+    ## Configure Ingress
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
+    # ingress: 
+    #   enabled: true
+    #   ingressClassName: "alb"
+
+    #   ## Ingress labels
+    #   ## ref: https://kubernetes.io/docs/concepts/overvsiew/working-with-objects/labels/
+    #   labels:
+    #     app.kubernetes.io/name: marklogiccluster
+    #     app.kubernetes.io/instance: marklogiccluster-sample
+    
+    #   ## Ingress annotations
+    #   ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+    #   annotations: 
+    #     alb.ingress.kubernetes.io/healthcheck-port: '80'
+    #     alb.ingress.kubernetes.io/healthcheck-path: /adminUI
+    #     alb.ingress.kubernetes.io/success-codes: '200-401'
+    #     alb.ingress.kubernetes.io/load-balancer-name: mlingress
+    #     alb.ingress.kubernetes.io/scheme: internet-facing
+    #     alb.ingress.kubernetes.io/listen-ports: '[{"HTTP":80}]'
+    #     alb.ingress.kubernetes.io/target-group-attributes: load_balancing.algorithm.type=least_outstanding_requests
+    #     # alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-west-2:XXXXXXXXXXX:certificate/XxXXXXXX-xxxx-XXXX-XXXX-XXXXXXXxxxxXXX
+    #     alb.ingress.kubernetes.io/target-type: ip
+    #     alb.ingress.kubernetes.io/group.name: mlingress-group
+    #     alb.ingress.kubernetes.io/load-balancer-attributes: idle_timeout.timeout_seconds=600,routing.http.xff_header_processing.mode=append
+
+      ## Ingress hosts
+      ## add default hosts and additional hosts
+      ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
+      # host: ""
+      # additionalHosts: []
+    
+      ## Ingress TLS
+      ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
+      # tls: {}
+          # - secretName: your-certificate-name
+          #   hosts:
+          #     - marklogic.example.com
 
   # logCollection:
   #   enabled: true
@@ -115,4 +154,4 @@ spec:
     isBootstrap: true
   # - replicas: 1
   #   name: enode
-  #   isBootstrap: false
+  #   isBootstrap: false

config/crd/bases/database.marklogic.com_marklogicclusters.yaml

@@ -87,6 +87,11 @@ var _ = Describe("MarklogicCluster Controller", func() {
 							{Name: "AppServices", Type: "http", Port: 8000, TargetPort: 8000, Path: "/console"},
 							{Name: "Admin", Type: "http", Port: 8001, TargetPort: 8001, Path: "/adminUI"},
 							{Name: "Manage", Type: "http", Port: 8002, TargetPort: 8002, Path: "/manage"},
+						},
+						Ingress: databasev1alpha1.Ingress{
+							Enabled:          true,
+							IngressClassName: "alb",
+							Host:             "marklogic-cluster-test.cluster.local",
 						}},
 					NetworkPolicy: databasev1alpha1.NetworkPolicy{
 						Enabled:     true,
@@ -143,6 +148,10 @@ var _ = Describe("MarklogicCluster Controller", func() {
 			Expect(clusterCR.Spec.HAProxy.AppServers[0].Name).Should(Equal("AppServices"))
 			Expect(clusterCR.Spec.HAProxy.AppServers[0].Type).Should(Equal("http"))
 			Expect(clusterCR.Spec.HAProxy.AppServers[0].Port).Should(Equal(int32(8000)))
+			// Validating if Ingress is created successfully
+			Expect(clusterCR.Spec.HAProxy.Ingress.Enabled).Should(Equal(true))
+			Expect(clusterCR.Spec.HAProxy.Ingress.IngressClassName).Should(Equal("alb"))
+			Expect(clusterCR.Spec.HAProxy.Ingress.Host).Should(Equal("marklogic-cluster-test.cluster.local"))
 			// Validating if NetworkPolicy is created successfully
 			Expect(clusterCR.Spec.NetworkPolicy.PolicyTypes).Should(Equal(policy))
 			Expect(clusterCR.Spec.NetworkPolicy.PodSelector).Should(Equal(metav1.LabelSelector{MatchLabels: map[string]string{"app.kubernetes.io/name": "marklogic", "app.kubernetes.io/instance": "dnode"}}))