From 247522b98dbc910224c3cd84f72f97247f81b715 Mon Sep 17 00:00:00 2001 From: Gordon Sim Date: Wed, 24 Feb 2021 19:10:57 +0000 Subject: [PATCH] Fix handling of enable-console option --- client/router_create.go | 144 +++++++++++++------------ client/router_create_test.go | 10 +- client/serviceinterface_create_test.go | 4 +- client/serviceinterface_update_test.go | 2 +- client/site_config_create.go | 4 +- cmd/skupper/skupper.go | 2 +- 6 files changed, 88 insertions(+), 78 deletions(-) diff --git a/client/router_create.go b/client/router_create.go index 24f946820..dfa47a418 100644 --- a/client/router_create.go +++ b/client/router_create.go @@ -77,16 +77,18 @@ func (cli *VanClient) GetVanControllerSpec(options types.SiteConfigSpec, van *ty volumes := []corev1.Volume{} mounts := make([][]corev1.VolumeMount, 1) - if options.AuthMode == string(types.ConsoleAuthModeOpenshift) { - csp := strconv.Itoa(int(types.ConsoleOpenShiftServicePort)) - sidecars = append(sidecars, OauthProxyContainer("skupper-proxy-controller", csp)) - envVars = append(envVars, corev1.EnvVar{Name: "METRICS_PORT", Value: csp}) - envVars = append(envVars, corev1.EnvVar{Name: "METRICS_HOST", Value: "localhost"}) - mounts = append(mounts, []corev1.VolumeMount{}) - kube.AppendSecretVolume(&volumes, &mounts[oauthProxy], "skupper-controller-certs", "/etc/tls/proxy-certs/") - } else if options.AuthMode == string(types.ConsoleAuthModeInternal) { - envVars = append(envVars, corev1.EnvVar{Name: "METRICS_USERS", Value: "/etc/console-users"}) - kube.AppendSecretVolume(&volumes, &mounts[serviceController], "skupper-console-users", "/etc/console-users/") + if options.EnableConsole { + if options.AuthMode == string(types.ConsoleAuthModeOpenshift) { + csp := strconv.Itoa(int(types.ConsoleOpenShiftServicePort)) + sidecars = append(sidecars, OauthProxyContainer("skupper-proxy-controller", csp)) + envVars = append(envVars, corev1.EnvVar{Name: "METRICS_PORT", Value: csp}) + envVars = append(envVars, corev1.EnvVar{Name: "METRICS_HOST", Value: "localhost"}) + mounts = append(mounts, []corev1.VolumeMount{}) + kube.AppendSecretVolume(&volumes, &mounts[oauthProxy], "skupper-controller-certs", "/etc/tls/proxy-certs/") + } else if options.AuthMode == string(types.ConsoleAuthModeInternal) { + envVars = append(envVars, corev1.EnvVar{Name: "METRICS_USERS", Value: "/etc/console-users"}) + kube.AppendSecretVolume(&volumes, &mounts[serviceController], "skupper-console-users", "/etc/console-users/") + } } //mount secret needed for communication with router kube.AppendSecretVolume(&volumes, &mounts[serviceController], "skupper", "/etc/messaging/") @@ -147,79 +149,81 @@ func (cli *VanClient) GetVanControllerSpec(options types.SiteConfigSpec, van *ty }) van.Controller.RoleBindings = roleBindings - svctype := corev1.ServiceTypeClusterIP - metricsPort := []corev1.ServicePort{ - { - Name: "metrics", - Protocol: "TCP", - Port: types.ConsoleDefaultServicePort, - TargetPort: intstr.FromInt(int(types.ConsoleDefaultServiceTargetPort)), - }, - } - termination := routev1.TLSTerminationEdge - annotations := map[string]string{} + if options.EnableConsole { + svctype := corev1.ServiceTypeClusterIP + metricsPort := []corev1.ServicePort{ + { + Name: "metrics", + Protocol: "TCP", + Port: types.ConsoleDefaultServicePort, + TargetPort: intstr.FromInt(int(types.ConsoleDefaultServiceTargetPort)), + }, + } + termination := routev1.TLSTerminationEdge + annotations := map[string]string{} - svcs := []*corev1.Service{} - if options.IsIngressRoute() { - if options.AuthMode == string(types.ConsoleAuthModeOpenshift) { - termination = routev1.TLSTerminationReencrypt - metricsPort = []corev1.ServicePort{ - { - Name: "metrics", - Protocol: "TCP", - Port: types.ConsoleOpenShiftOauthServicePort, - TargetPort: intstr.FromInt(int(types.ConsoleOpenShiftOauthServiceTargetPort)), - }, + svcs := []*corev1.Service{} + if options.IsIngressRoute() { + if options.AuthMode == string(types.ConsoleAuthModeOpenshift) { + termination = routev1.TLSTerminationReencrypt + metricsPort = []corev1.ServicePort{ + { + Name: "metrics", + Protocol: "TCP", + Port: types.ConsoleOpenShiftOauthServicePort, + TargetPort: intstr.FromInt(int(types.ConsoleOpenShiftOauthServiceTargetPort)), + }, + } + annotations = map[string]string{"service.alpha.openshift.io/serving-cert-secret-name": "skupper-controller-certs"} } - annotations = map[string]string{"service.alpha.openshift.io/serving-cert-secret-name": "skupper-controller-certs"} + } else if options.IsIngressLoadBalancer() { + svctype = corev1.ServiceTypeLoadBalancer } - } else if options.IsIngressLoadBalancer() { - svctype = corev1.ServiceTypeLoadBalancer - } - svcs = append(svcs, &corev1.Service{ - TypeMeta: metav1.TypeMeta{ - APIVersion: "v1", - Kind: "Service", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: "skupper-controller", - Annotations: annotations, - }, - Spec: corev1.ServiceSpec{ - Selector: van.Controller.Labels, - Ports: metricsPort, - Type: svctype, - }, - }) - van.Controller.Services = svcs - - routes := []*routev1.Route{} - if options.IsIngressRoute() { - routes = append(routes, &routev1.Route{ + svcs = append(svcs, &corev1.Service{ TypeMeta: metav1.TypeMeta{ APIVersion: "v1", - Kind: "Route", + Kind: "Service", }, ObjectMeta: metav1.ObjectMeta{ - Name: "skupper-controller", + Name: "skupper-controller", + Annotations: annotations, }, - Spec: routev1.RouteSpec{ - Path: "", - Port: &routev1.RoutePort{ - TargetPort: intstr.FromString("metrics"), + Spec: corev1.ServiceSpec{ + Selector: van.Controller.Labels, + Ports: metricsPort, + Type: svctype, + }, + }) + van.Controller.Services = svcs + + routes := []*routev1.Route{} + if options.IsIngressRoute() { + routes = append(routes, &routev1.Route{ + TypeMeta: metav1.TypeMeta{ + APIVersion: "v1", + Kind: "Route", }, - To: routev1.RouteTargetReference{ - Kind: "Service", + ObjectMeta: metav1.ObjectMeta{ Name: "skupper-controller", }, - TLS: &routev1.TLSConfig{ - Termination: termination, - InsecureEdgeTerminationPolicy: routev1.InsecureEdgeTerminationPolicyRedirect, + Spec: routev1.RouteSpec{ + Path: "", + Port: &routev1.RoutePort{ + TargetPort: intstr.FromString("metrics"), + }, + To: routev1.RouteTargetReference{ + Kind: "Service", + Name: "skupper-controller", + }, + TLS: &routev1.TLSConfig{ + Termination: termination, + InsecureEdgeTerminationPolicy: routev1.InsecureEdgeTerminationPolicyRedirect, + }, }, - }, - }) + }) + } + van.Controller.Routes = routes } - van.Controller.Routes = routes } func (cli *VanClient) GetRouterSpecFromOpts(options types.SiteConfigSpec, siteId string) *types.RouterSpec { diff --git a/client/router_create_test.go b/client/router_create_test.go index c8578a7bb..39221e6b0 100644 --- a/client/router_create_test.go +++ b/client/router_create_test.go @@ -27,6 +27,7 @@ func TestRouterCreateDefaults(t *testing.T) { isEdge bool enableController bool enableRouterConsole bool + enableConsole bool authMode string user string password string @@ -48,6 +49,7 @@ func TestRouterCreateDefaults(t *testing.T) { isEdge: false, enableController: true, enableRouterConsole: false, + enableConsole: false, authMode: "", user: "", password: "", @@ -61,7 +63,7 @@ func TestRouterCreateDefaults(t *testing.T) { "skupper-amqps", "skupper", "skupper-internal"}, - svcsExpected: []string{"skupper-messaging", "skupper-internal", "skupper-controller"}, + svcsExpected: []string{"skupper-messaging", "skupper-internal"}, svcAccountsExpected: []string{"skupper", "skupper-proxy-controller"}, opts: []cmp.Option{ trans, @@ -78,6 +80,7 @@ func TestRouterCreateDefaults(t *testing.T) { isEdge: false, enableController: true, enableRouterConsole: true, + enableConsole: true, authMode: "unsecured", user: "", password: "", @@ -108,6 +111,7 @@ func TestRouterCreateDefaults(t *testing.T) { isEdge: false, enableController: true, enableRouterConsole: true, + enableConsole: true, authMode: "internal", user: "", password: "", @@ -139,6 +143,7 @@ func TestRouterCreateDefaults(t *testing.T) { isEdge: false, enableController: true, enableRouterConsole: true, + enableConsole: true, authMode: "openshift", user: "", password: "", @@ -171,6 +176,7 @@ func TestRouterCreateDefaults(t *testing.T) { isEdge: true, enableController: true, enableRouterConsole: true, + enableConsole: true, authMode: "unsecured", user: "Barney", password: "Rubble", @@ -295,7 +301,7 @@ func TestRouterCreateDefaults(t *testing.T) { EnableServiceSync: true, EnableRouterConsole: c.enableRouterConsole, AuthMode: c.authMode, - EnableConsole: false, + EnableConsole: c.enableConsole, User: c.user, Password: c.password, Ingress: getIngress(), diff --git a/client/serviceinterface_create_test.go b/client/serviceinterface_create_test.go index 561dfb079..6ce6715c9 100644 --- a/client/serviceinterface_create_test.go +++ b/client/serviceinterface_create_test.go @@ -122,8 +122,8 @@ func TestServiceInterfaceCreate(t *testing.T) { // show up, but I am giving it a large timeout here. The result // checker will cut out as soon as it sees a result list of the // right size. - svcsExpected: []string{"skupper-messaging", "skupper-internal", "skupper-controller"}, - realSvcsExpected: []string{"skupper-messaging", "skupper-internal", "skupper-controller", "vsic-5-addr"}, + svcsExpected: []string{"skupper-messaging", "skupper-internal"}, + realSvcsExpected: []string{"skupper-messaging", "skupper-internal", "vsic-5-addr"}, timeout: 60.0, }, } diff --git a/client/serviceinterface_update_test.go b/client/serviceinterface_update_test.go index ed9d01ae7..5c324d93f 100644 --- a/client/serviceinterface_update_test.go +++ b/client/serviceinterface_update_test.go @@ -231,7 +231,7 @@ func TestVanServiceInteraceUpdate(t *testing.T) { defer cancel() svcsFound := []string{} - svcsExpected := []string{"skupper-messaging", "skupper-internal", "skupper-controller", "nginx", "tcp-go-echo", "tcp-go-echo-ss"} + svcsExpected := []string{"skupper-messaging", "skupper-internal", "nginx", "tcp-go-echo", "tcp-go-echo-ss"} informers := informers.NewSharedInformerFactoryWithOptions(cli.KubeClient, 0, informers.WithNamespace(namespace)) svcInformer := informers.Core().V1().Services().Informer() diff --git a/client/site_config_create.go b/client/site_config_create.go index 21d8ee236..1f9f73069 100644 --- a/client/site_config_create.go +++ b/client/site_config_create.go @@ -45,8 +45,8 @@ func (cli *VanClient) SiteConfigCreate(ctx context.Context, spec types.SiteConfi if !spec.EnableServiceSync { siteConfig.Data["service-sync"] = "false" } - if spec.EnableConsole { - siteConfig.Data["console"] = "true" + if !spec.EnableConsole { + siteConfig.Data["console"] = "false" } if spec.EnableRouterConsole { siteConfig.Data["router-console"] = "true" diff --git a/cmd/skupper/skupper.go b/cmd/skupper/skupper.go index cb1e2ac55..99072c600 100644 --- a/cmd/skupper/skupper.go +++ b/cmd/skupper/skupper.go @@ -279,7 +279,7 @@ installation that can then be connected to other skupper installations`, cmd.Flags().BoolVarP(&routerCreateOpts.EnableRouterConsole, "enable-router-console", "", false, "Enable router console") cmd.Flags().StringVarP(&routerLogging, "router-logging", "", "", "Logging settings for router (e.g. trace,debug,info,notice,warning,error)") cmd.Flags().StringVarP(&routerCreateOpts.RouterDebugMode, "router-debug-mode", "", "", "Enable debug mode for router ('valgrind' or 'gdb' are valid values)") - cmd.Flags().BoolVarP(&routerCreateOpts.EnableConsole, "enable-console", "", false, "Enable skupper console") + cmd.Flags().BoolVarP(&routerCreateOpts.EnableConsole, "enable-console", "", true, "Enable skupper console") cmd.Flags().StringVarP(&routerCreateOpts.AuthMode, "console-auth", "", "", "Authentication mode for console(s). One of: 'openshift', 'internal', 'unsecured'") cmd.Flags().StringVarP(&routerCreateOpts.User, "console-user", "", "", "Skupper console user. Valid only when --console-auth=internal") cmd.Flags().StringVarP(&routerCreateOpts.Password, "console-password", "", "", "Skupper console user. Valid only when --console-auth=internal")