feat(parser) add flag to log diff on failure

cli/ingress-controller/flag_test.go

@@ -22,6 +22,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/kong/kubernetes-ingress-controller/pkg/util"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -440,3 +441,33 @@ func TestEnvironmentCertificates(t *testing.T) {
 	assert.Equal(expected.AdmissionWebhookKey, conf.AdmissionWebhookKey)
 	assert.Equal(expected.KongAdminCACert, conf.KongAdminCACert)
 }
+
+func TestDumpConfig(t *testing.T) {
+	oldArgs := os.Args
+	defer func() { os.Args = oldArgs }()
+
+	tests := []struct {
+		value        string
+		expectedMode util.ConfigDumpMode
+		errors       bool
+	}{
+		{"", util.ConfigDumpModeOff, false},
+		{"enabled", util.ConfigDumpModeEnabled, false},
+		{"sensitive", util.ConfigDumpModeSensitive, false},
+		{"garbagedjgnkdgd", util.ConfigDumpModeOff, true},
+	}
+
+	for _, test := range tests {
+		resetForTesting(func() { t.Fatal("bad parse") })
+		assert := assert.New(t)
+		os.Setenv("CONTROLLER_DUMP_CONFIG", test.value)
+		conf, err := parseFlags()
+		if test.errors {
+			assert.NotNil(err, "error not emitted when expected parsing dump config")
+		} else {
+			assert.Nil(err, "unexpected error parsing dump config")
+		}
+		assert.Equal(test.expectedMode, conf.DumpConfig)
+		os.Unsetenv("CONTROLLER_DUMP_CONFIG")
+	}
+}

cli/ingress-controller/flags.go

@@ -18,6 +18,7 @@ package main
 
 import (
 	"flag"
+	"fmt"
 	"os"
 	"strings"
 	"time"
@@ -28,6 +29,7 @@ import (
 	apiv1 "k8s.io/api/core/v1"
 
 	"github.com/kong/kubernetes-ingress-controller/pkg/annotations"
+	"github.com/kong/kubernetes-ingress-controller/pkg/util"
 )
 
 const (
@@ -80,6 +82,9 @@ type cliConfig struct {
 	LogLevel  string
 	LogFormat string
 
+	// Diagnostics
+	DumpConfig util.ConfigDumpMode
+
 	// k8s connection details
 	APIServerHost      string
 	KubeConfigFilePath string
@@ -199,6 +204,11 @@ trace, debug, info, warn, error, fatal and panic.`)
 		`Format of logs of the controller. Allowed values are 
 text and json.`)
 
+	// Diagnostics
+	flags.String("dump-config", "",
+		`Dump generated configuration to a temporary directory when set to "enabled".
+When set to "sensitive", dumps will include certificate+key pairs and credentials.`)
+
 	// k8s connection details
 	flags.String("apiserver-host", "",
 		`The address of the Kubernetes Apiserver to connect to in the format of 
@@ -311,6 +321,12 @@ func parseFlags() (cliConfig, error) {
 	config.LogLevel = viper.GetString("log-level")
 	config.LogFormat = viper.GetString("log-format")
 
+	// Diagnostics
+	var err error
+	if config.DumpConfig, err = util.ParseConfigDumpMode(viper.GetString("dump-config")); err != nil {
+		return cliConfig{}, fmt.Errorf("could not parse --dump-config: %w", err)
+	}
+
 	// k8s connection details
 	config.APIServerHost = viper.GetString("apiserver-host")
 	config.KubeConfigFilePath = viper.GetString("kubeconfig")

cli/ingress-controller/main.go

@@ -104,6 +104,8 @@ func controllerConfigFromCLIConfig(cliConfig cliConfig) controller.Configuration
 		UpdateStatus:           cliConfig.UpdateStatus,
 		UpdateStatusOnShutdown: cliConfig.UpdateStatusOnShutdown,
 		ElectionID:             cliConfig.ElectionID,
+
+		DumpConfig: cliConfig.DumpConfig,
 	}
 }
 
@@ -340,6 +342,14 @@ func main() {
 		)
 	}
 
+	if cliConfig.DumpConfig != util.ConfigDumpModeOff {
+		controllerConfig.DumpDir, err = ioutil.TempDir("", "controller")
+		if err != nil {
+			log.Fatalf("failed to create a dump directory: %v", err)
+		}
+		log.Infof("config dumps will be created in: %v", controllerConfig.DumpDir)
+	}
+
 	var synced []cache.InformerSynced
 	updateChannel := channels.NewRingChannel(1024)
 	reh := controller.ResourceEventHandler{
@@ -454,6 +464,7 @@ func main() {
 
 	store := store.New(cacheStores, cliConfig.IngressClass, cliConfig.ProcessClasslessIngressV1Beta1,
 		cliConfig.ProcessClasslessIngressV1, cliConfig.ProcessClasslessKongConsumer, log.WithField("component", "store"))
+
 	kong, err := controller.NewKongController(ctx, &controllerConfig, updateChannel,
 		store)
 	if err != nil {

internal/ingress/controller/controller.go

@@ -74,6 +74,11 @@ type Configuration struct {
 	EnableKnativeIngressSupport bool
 
 	Logger logrus.FieldLogger
+
+	// DumpConfig writes generated config to a temp directory for manual inspection and debugging.
+	DumpConfig util.ConfigDumpMode
+	// DumpDir specifies the target directory for dumps enabled by `DumpConfig`.
+	DumpDir string
 }
 
 // sync collects all the pieces required to assemble the configuration file and

internal/ingress/controller/kong.go

@@ -18,8 +18,12 @@ package controller
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
+	"io/ioutil"
+	"path/filepath"
 
+	"github.com/kong/deck/file"
 	"github.com/kong/kubernetes-ingress-controller/pkg/deckgen"
 	"github.com/kong/kubernetes-ingress-controller/pkg/kongstate"
 	"github.com/kong/kubernetes-ingress-controller/pkg/sendconfig"
@@ -53,10 +57,33 @@ func (n *KongController) OnUpdate(ctx context.Context, state *kongstate.KongStat
 		n.runningConfigHash,
 	)
 
+	if n.cfg.DumpConfig != util.ConfigDumpModeOff {
+		if n.cfg.DumpConfig == util.ConfigDumpModeEnabled {
+			targetContent = deckgen.ToDeckContent(ctx, n.Logger, state.SanitizedCopy(), &n.PluginSchemaStore,
+				n.getIngressControllerTags())
+		}
+		dumpErr := dumpConfig(err != nil, n.cfg.DumpDir, targetContent)
+		if dumpErr != nil {
+			n.Logger.WithError(err).Warn("failed to dump configuration")
+		}
+	}
+
 	n.runningConfigHash = newSHA
 	return err
 }
 
+func dumpConfig(failed bool, dumpDir string, targetContent *file.Content) error {
+	target, err := json.Marshal(targetContent)
+	if err != nil {
+		return err
+	}
+	filename := "last_good.json"
+	if failed {
+		filename = "last_bad.json"
+	}
+	return ioutil.WriteFile(filepath.Join(dumpDir, filename), target, 0600)
+}
+
 func (n *KongController) fetchCustomEntities() ([]byte, error) {
 	ns, name, err := util.ParseNameNS(n.cfg.KongCustomEntitiesSecret)
 	if err != nil {

pkg/util/types.go

@@ -16,6 +16,10 @@ limitations under the License.
 
 package util
 
+import (
+	"fmt"
+)
+
 // Endpoint describes a kubernetes endpoint, same as a target in Kong.
 type Endpoint struct {
 	// Address IP address of the endpoint
@@ -29,3 +33,24 @@ type RawSSLCert struct {
 	Cert []byte
 	Key  []byte
 }
+
+type ConfigDumpMode int
+
+const (
+	ConfigDumpModeOff       ConfigDumpMode = iota
+	ConfigDumpModeEnabled   ConfigDumpMode = iota
+	ConfigDumpModeSensitive ConfigDumpMode = iota
+)
+
+func ParseConfigDumpMode(in string) (ConfigDumpMode, error) {
+	switch in {
+	case "enabled":
+		return ConfigDumpModeEnabled, nil
+	case "sensitive":
+		return ConfigDumpModeSensitive, nil
+	case "":
+		return ConfigDumpModeOff, nil
+	default:
+		return ConfigDumpModeOff, fmt.Errorf("unrecognized config dump mode: %s", in)
+	}
+}