Skip to content

Commit

Permalink
Add support for syncing Ingress hostname to the Consul Catalog (#2098)
Browse files Browse the repository at this point in the history 
* Add support for syncing Ingress hostname to the Consul Catalog
* fix changelog-checker syntax error
  • Loading branch information
@thisisnotashwin @absolutelightning
thisisnotashwin authored and absolutelightning committed Aug 4, 2023
1 parent 5cba532 commit 5a64c2c
Show file tree
Hide file tree
Showing 8 changed files with 795 additions and 218 deletions.
3 changes: 3 additions & 0 deletions .changelog/2098.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:feature
sync-catalog: add ability to sync hostname from a Kubernetes Ingress resource to the Consul Catalog during service registration.
```
55 changes: 31 additions & 24 deletions charts/consul/templates/sync-catalog-clusterrole.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,31 +11,38 @@ metadata:
release: {{ .Release.Name }}
component: sync-catalog
rules:
- apiGroups: [""]
resources:
- services
- endpoints
verbs:
- get
- list
- watch
- apiGroups: [ "" ]
resources:
- services
- endpoints
verbs:
- get
- list
- watch
{{- if .Values.syncCatalog.toK8S }}
- update
- patch
- delete
- create
- update
- patch
- delete
- create
{{- end }}
- apiGroups: [""]
resources:
- nodes
verbs:
- get
- apiGroups: [ "" ]
resources:
- nodes
verbs:
- get
{{- if .Values.global.enablePodSecurityPolicies }}
- apiGroups: ["policy"]
resources: ["podsecuritypolicies"]
verbs:
- use
resourceNames:
- {{ template "consul.fullname" . }}-sync-catalog
{{- end }}
- apiGroups: [ "policy" ]
resources: [ "podsecuritypolicies" ]
verbs:
- use
resourceNames:
- {{ template "consul.fullname" . }}-sync-catalog
{{- end }}
- apiGroups: [ "networking.k8s.io" ]
resources:
- ingresses
verbs:
- get
- list
- watch
{{- end }}
264 changes: 135 additions & 129 deletions charts/consul/templates/sync-catalog-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,136 +75,142 @@ spec:
{{- end }}
{{- end }}
containers:
- name: sync-catalog
image: "{{ default .Values.global.imageK8S .Values.syncCatalog.image }}"
env:
{{- include "consul.consulK8sConsulServerEnvVars" . | nindent 12 }}
{{- if .Values.global.acls.manageSystemACLs }}
- name: CONSUL_LOGIN_AUTH_METHOD
{{- if and .Values.global.federation.enabled .Values.global.federation.primaryDatacenter .Values.global.enableConsulNamespaces }}
value: {{ template "consul.fullname" . }}-k8s-component-auth-method-{{ .Values.global.datacenter }}
{{- else }}
value: {{ template "consul.fullname" . }}-k8s-component-auth-method
{{- end }}
- name: CONSUL_LOGIN_DATACENTER
{{- if and .Values.global.federation.enabled .Values.global.federation.primaryDatacenter .Values.global.enableConsulNamespaces }}
value: {{ .Values.global.federation.primaryDatacenter }}
{{- else }}
value: {{ .Values.global.datacenter }}
{{- end }}
- name: CONSUL_LOGIN_META
value: "component=sync-catalog,pod=$(NAMESPACE)/$(POD_NAME)"
{{- end }}
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- if (and .Values.syncCatalog.aclSyncToken.secretName .Values.syncCatalog.aclSyncToken.secretKey) }}
- name: CONSUL_ACL_TOKEN
valueFrom:
secretKeyRef:
name: {{ .Values.syncCatalog.aclSyncToken.secretName }}
key: {{ .Values.syncCatalog.aclSyncToken.secretKey }}
{{- end }}
volumeMounts:
{{- if .Values.global.tls.enabled }}
{{- if not (or (and .Values.externalServers.enabled .Values.externalServers.useSystemRoots) .Values.global.secretsBackend.vault.enabled) }}
- name: consul-ca-cert
mountPath: /consul/tls/ca
readOnly: true
{{- end }}
{{- end }}
command:
- "/bin/sh"
- "-ec"
- |
consul-k8s-control-plane sync-catalog \
-log-level={{ default .Values.global.logLevel .Values.syncCatalog.logLevel }} \
-log-json={{ .Values.global.logJSON }} \
-k8s-default-sync={{ .Values.syncCatalog.default }} \
{{- if (not .Values.syncCatalog.toConsul) }}
-to-consul=false \
{{- end }}
{{- if (not .Values.syncCatalog.toK8S) }}
-to-k8s=false \
{{- end }}
-consul-domain={{ .Values.global.domain }} \
{{- if .Values.syncCatalog.k8sPrefix }}
-k8s-service-prefix="{{ .Values.syncCatalog.k8sPrefix}}" \
{{- end }}
{{- if .Values.syncCatalog.k8sSourceNamespace }}
-k8s-source-namespace="{{ .Values.syncCatalog.k8sSourceNamespace}}" \
{{- end }}
{{- range $value := .Values.syncCatalog.k8sAllowNamespaces }}
-allow-k8s-namespace="{{ $value }}" \
{{- end }}
{{- range $value := .Values.syncCatalog.k8sDenyNamespaces }}
-deny-k8s-namespace="{{ $value }}" \
{{- end }}
-k8s-write-namespace=${NAMESPACE} \
{{- if (not .Values.syncCatalog.syncClusterIPServices) }}
-sync-clusterip-services=false \
{{- end }}
{{- if .Values.syncCatalog.nodePortSyncType }}
-node-port-sync-type={{ .Values.syncCatalog.nodePortSyncType }} \
{{- end }}
{{- if .Values.syncCatalog.consulWriteInterval }}
-consul-write-interval={{ .Values.syncCatalog.consulWriteInterval }} \
{{- end }}
{{- if .Values.syncCatalog.k8sTag }}
-consul-k8s-tag={{ .Values.syncCatalog.k8sTag }} \
{{- end }}
{{- if .Values.syncCatalog.consulNodeName }}
-consul-node-name={{ .Values.syncCatalog.consulNodeName }} \
{{- end }}
{{- if .Values.global.adminPartitions.enabled }}
-partition={{ .Values.global.adminPartitions.name }} \
{{- end }}
{{- if .Values.syncCatalog.consulPrefix}}
-consul-service-prefix="{{ .Values.syncCatalog.consulPrefix}}" \
{{- end}}
{{- if .Values.syncCatalog.addK8SNamespaceSuffix}}
-add-k8s-namespace-suffix \
{{- end}}
{{- if .Values.global.enableConsulNamespaces }}
-enable-namespaces=true \
{{- if .Values.syncCatalog.consulNamespaces.consulDestinationNamespace }}
-consul-destination-namespace={{ .Values.syncCatalog.consulNamespaces.consulDestinationNamespace }} \
{{- end }}
{{- if .Values.syncCatalog.consulNamespaces.mirroringK8S }}
-enable-k8s-namespace-mirroring=true \
{{- if .Values.syncCatalog.consulNamespaces.mirroringK8SPrefix }}
-k8s-namespace-mirroring-prefix={{ .Values.syncCatalog.consulNamespaces.mirroringK8SPrefix }} \
{{- end }}
{{- end }}
{{- if .Values.global.acls.manageSystemACLs }}
-consul-cross-namespace-acl-policy=cross-namespace-policy \
{{- end }}
{{- end }}
livenessProbe:
httpGet:
path: /health/ready
port: 8080
scheme: HTTP
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /health/ready
port: 8080
scheme: HTTP
failureThreshold: 5
initialDelaySeconds: 10
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
{{- with .Values.syncCatalog.resources }}
resources:
{{- toYaml . | nindent 12 }}
- name: sync-catalog
image: "{{ default .Values.global.imageK8S .Values.syncCatalog.image }}"
env:
{{- include "consul.consulK8sConsulServerEnvVars" . | nindent 8 }}
{{- if .Values.global.acls.manageSystemACLs }}
- name: CONSUL_LOGIN_AUTH_METHOD
{{- if and .Values.global.federation.enabled .Values.global.federation.primaryDatacenter .Values.global.enableConsulNamespaces }}
value: {{ template "consul.fullname" . }}-k8s-component-auth-method-{{ .Values.global.datacenter }}
{{- else }}
value: {{ template "consul.fullname" . }}-k8s-component-auth-method
{{- end }}
- name: CONSUL_LOGIN_DATACENTER
{{- if and .Values.global.federation.enabled .Values.global.federation.primaryDatacenter .Values.global.enableConsulNamespaces }}
value: {{ .Values.global.federation.primaryDatacenter }}
{{- else }}
value: {{ .Values.global.datacenter }}
{{- end }}
- name: CONSUL_LOGIN_META
value: "component=sync-catalog,pod=$(NAMESPACE)/$(POD_NAME)"
{{- end }}
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- if (and .Values.syncCatalog.aclSyncToken.secretName .Values.syncCatalog.aclSyncToken.secretKey) }}
- name: CONSUL_ACL_TOKEN
valueFrom:
secretKeyRef:
name: {{ .Values.syncCatalog.aclSyncToken.secretName }}
key: {{ .Values.syncCatalog.aclSyncToken.secretKey }}
{{- end }}
volumeMounts:
{{- if .Values.global.tls.enabled }}
{{- if not (or (and .Values.externalServers.enabled .Values.externalServers.useSystemRoots) .Values.global.secretsBackend.vault.enabled) }}
- name: consul-ca-cert
mountPath: /consul/tls/ca
readOnly: true
{{- end }}
{{- end }}
command:
- "/bin/sh"
- "-ec"
- |
consul-k8s-control-plane sync-catalog \
-log-level={{ default .Values.global.logLevel .Values.syncCatalog.logLevel }} \
-log-json={{ .Values.global.logJSON }} \
-k8s-default-sync={{ .Values.syncCatalog.default }} \
{{- if (not .Values.syncCatalog.toConsul) }}
-to-consul=false \
{{- end }}
{{- if (not .Values.syncCatalog.toK8S) }}
-to-k8s=false \
{{- end }}
-consul-domain={{ .Values.global.domain }} \
{{- if .Values.syncCatalog.k8sPrefix }}
-k8s-service-prefix="{{ .Values.syncCatalog.k8sPrefix}}" \
{{- end }}
{{- if .Values.syncCatalog.k8sSourceNamespace }}
-k8s-source-namespace="{{ .Values.syncCatalog.k8sSourceNamespace}}" \
{{- end }}
{{- range $value := .Values.syncCatalog.k8sAllowNamespaces }}
-allow-k8s-namespace="{{ $value }}" \
{{- end }}
{{- range $value := .Values.syncCatalog.k8sDenyNamespaces }}
-deny-k8s-namespace="{{ $value }}" \
{{- end }}
-k8s-write-namespace=${NAMESPACE} \
{{- if (not .Values.syncCatalog.syncClusterIPServices) }}
-sync-clusterip-services=false \
{{- end }}
{{- if .Values.syncCatalog.nodePortSyncType }}
-node-port-sync-type={{ .Values.syncCatalog.nodePortSyncType }} \
{{- end }}
{{- if .Values.syncCatalog.consulWriteInterval }}
-consul-write-interval={{ .Values.syncCatalog.consulWriteInterval }} \
{{- end }}
{{- if .Values.syncCatalog.k8sTag }}
-consul-k8s-tag={{ .Values.syncCatalog.k8sTag }} \
{{- end }}
{{- if .Values.syncCatalog.consulNodeName }}
-consul-node-name={{ .Values.syncCatalog.consulNodeName }} \
{{- end }}
{{- if .Values.global.adminPartitions.enabled }}
-partition={{ .Values.global.adminPartitions.name }} \
{{- end }}
{{- if .Values.syncCatalog.consulPrefix}}
-consul-service-prefix="{{ .Values.syncCatalog.consulPrefix}}" \
{{- end}}
{{- if .Values.syncCatalog.addK8SNamespaceSuffix}}
-add-k8s-namespace-suffix \
{{- end}}
{{- if .Values.global.enableConsulNamespaces }}
-enable-namespaces=true \
{{- if .Values.syncCatalog.consulNamespaces.consulDestinationNamespace }}
-consul-destination-namespace={{ .Values.syncCatalog.consulNamespaces.consulDestinationNamespace }} \
{{- end }}
{{- if .Values.syncCatalog.consulNamespaces.mirroringK8S }}
-enable-k8s-namespace-mirroring=true \
{{- if .Values.syncCatalog.consulNamespaces.mirroringK8SPrefix }}
-k8s-namespace-mirroring-prefix={{ .Values.syncCatalog.consulNamespaces.mirroringK8SPrefix }} \
{{- end }}
{{- end }}
{{- if .Values.global.acls.manageSystemACLs }}
-consul-cross-namespace-acl-policy=cross-namespace-policy \
{{- end }}
{{- end }}
{{- if .Values.syncCatalog.ingress.enabled }}
-enable-ingress=true \
{{- if .Values.syncCatalog.ingress.loadBalancerIPs }}
-loadBalancer-ips=true \
{{- end }}
{{- end }}
livenessProbe:
httpGet:
path: /health/ready
port: 8080
scheme: HTTP
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /health/ready
port: 8080
scheme: HTTP
failureThreshold: 5
initialDelaySeconds: 10
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
{{- with .Values.syncCatalog.resources }}
resources:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- if .Values.syncCatalog.priorityClassName }}
priorityClassName: {{ .Values.syncCatalog.priorityClassName | quote }}
{{- end }}
Expand Down
48 changes: 48 additions & 0 deletions charts/consul/test/unit/sync-catalog-deployment.bats
View file
Original file line number Diff line number Diff line change
Expand Up @@ -365,6 +365,54 @@ load _helpers
[ "${actual}" = "true" ]
}

#--------------------------------------------------------------------
# sync ingress

@test "syncCatalog/Deployment: enable ingress sync flag not passed when disabled" {
cd `chart_dir`
local actual=$(helm template \
-s templates/sync-catalog-deployment.yaml \
--set 'syncCatalog.ingress.enabled=false' \
--set 'syncCatalog.enabled=true' \
. | tee /dev/stderr |
yq '.spec.template.spec.containers[0].command | any(contains("-enable-ingress=true"))' | tee /dev/stderr)
[ "${actual}" = "false" ]
}
@test "syncCatalog/Deployment: enable ingress sync flag passed when enabled" {
cd `chart_dir`
local actual=$(helm template \
-s templates/sync-catalog-deployment.yaml \
--set 'syncCatalog.enabled=true' \
--set 'syncCatalog.ingress.enabled=true' \
. | tee /dev/stderr |
yq '.spec.template.spec.containers[0].command | any(contains("-enable-ingress=true"))' | tee /dev/stderr)
[ "${actual}" = "true" ]
}

@test "syncCatalog/Deployment: enable loadbalancer IP sync flag not passed when syncIngress disabled" {
cd `chart_dir`
local actual=$(helm template \
-s templates/sync-catalog-deployment.yaml \
--set 'syncCatalog.enabled=true' \
--set 'syncCatalog.ingress.enabled=false' \
--set 'syncCatalog.ingress.loadBalancerIPs=true' \
. | tee /dev/stderr |
yq '.spec.template.spec.containers[0].command | any(contains("-loadBalancer-ips=true"))' | tee /dev/stderr)
[ "${actual}" = "false" ]
}

@test "syncCatalog/Deployment: enable loadbalancer IP sync flag passed when enabled with ingress sync" {
cd `chart_dir`
local actual=$(helm template \
-s templates/sync-catalog-deployment.yaml \
--set 'syncCatalog.enabled=true' \
--set 'syncCatalog.ingress.enabled=true' \
--set 'syncCatalog.ingress.loadBalancerIPs=true' \
. | tee /dev/stderr |
yq '.spec.template.spec.containers[0].command | any(contains("-loadBalancer-ips=true"))' | tee /dev/stderr)
[ "${actual}" = "true" ]
}

#--------------------------------------------------------------------
# affinity

Expand Down
Loading

0 comments on commit 5a64c2c

Please sign in to comment.