Integrate istio ingress (#1672)

* istio integration Signed-off-by: Andre Baptista Aguas <[email protected]> * Add new resourceRef style examples to deploy-full-local-setup Signed-off-by: Yury Tsarev <[email protected]> --------- Signed-off-by: Andre Baptista Aguas <[email protected]> Signed-off-by: Yury Tsarev <[email protected]> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Yury Tsarev <[email protected]>
k8gb-io · Sep 15, 2024 · 136f0d7 · 136f0d7
1 parent fe6d323
commit 136f0d7
Show file tree

Hide file tree

Showing 92 changed files with 2,105 additions and 715 deletions.
diff --git a/.github/workflows/terratest-istiov1beta1.yaml b/.github/workflows/terratest-istiov1beta1.yaml
@@ -0,0 +1,80 @@
+name: Terratest for istio's v1beta1 API version
+
+on:
+  pull_request:
+    types:
+      - labeled
+
+permissions:
+  contents: read
+
+jobs:
+  terratest-istio:
+    runs-on: ubuntu-22.04
+    if: ${{ github.event.label.name == 'istio' }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08
+        with:
+          fetch-depth: 0
+
+      - name: Set networking.istio.io/v1beta1 API version
+        run: |
+         find . -name "*.yaml" -exec sed -i 's/networking\.istio\.io\/v1/networking.istio.io\/v1beta1/g' {} +
+
+      - name: Setup Golang
+        uses: actions/setup-go@bfd2fb341f32be7281829126376a12a780ca79fc
+        with:
+          go-version: 1.22.3
+
+      - name: Build artifacts
+        uses: goreleaser/goreleaser-action@d33b6f6aeabd7fed8bb3fbf32c4d890d29f48545
+        with:
+          version: v1.9.2
+          args: release --rm-dist --skip-publish --skip-validate --snapshot --skip-sbom --skip-sign
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create edgeDNS k3s Cluster
+        uses: AbsaOSS/k3d-action@4e8b3239042be1dc0aed6c5eb80c13b18200fc79
+        with:
+          cluster-name: "edgedns"
+          args: -c k3d/edge-dns.yaml
+
+      - name: Create 1st k3s Cluster
+        uses: AbsaOSS/k3d-action@4e8b3239042be1dc0aed6c5eb80c13b18200fc79
+        with:
+          cluster-name: "test-gslb1"
+          args: -c k3d/test-gslb1.yaml
+
+      - name: Create 2nd k3s Cluster
+        uses: AbsaOSS/k3d-action@4e8b3239042be1dc0aed6c5eb80c13b18200fc79
+        with:
+          cluster-name: "test-gslb2"
+          args: -c k3d/test-gslb2.yaml
+
+      - name: K8GB deployment
+        run: |
+          make deploy-test-version list-running-pods
+          echo "Cluster 1 (eu):"
+          kubectl get no -owide --context=k3d-test-gslb1
+          echo "Cluster 2 (us):"
+          kubectl get no -owide --context=k3d-test-gslb2
+
+      - name: Run Terratest
+        run: |
+          mkdir -p ${{ github.workspace }}/tmp/terratest
+          set -o pipefail
+          echo "::group::Terratest logs"
+          make terratest | tee ${{ github.workspace }}/tmp/terratest/all.log
+          echo "::endgroup::"
+
+      - name: Print debug info
+        if: always()
+        uses: ./.github/actions/print-debug
+
+      - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029
+        if: always()
+        with:
+          name: terratest-logs
+          path: ${{ github.workspace }}/tmp/terratest
diff --git a/.github/workflows/terratest.yaml b/.github/workflows/terratest.yaml
@@ -44,11 +44,13 @@ jobs:
     needs: skip-check
     if: ${{ needs.skip-check.outputs.should_skip != 'true' }} && !contains( github.event.pull_request.labels.*.name, 'renovate')
     steps:
-      - uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc
+      - name: Checkout
+        uses: actions/checkout@6d193bf28034eafb982f37bd894289fe649468fc
         with:
           fetch-depth: 0
 
-      - uses: actions/setup-go@bfd2fb341f32be7281829126376a12a780ca79fc
+      - name: Setup golang
+        uses: actions/setup-go@bfd2fb341f32be7281829126376a12a780ca79fc
         with:
           go-version: 1.22.3
 

diff --git a/.golangci.yaml b/.golangci.yaml
@@ -30,17 +30,17 @@ linters:
     - dupl
     - gochecknoinits
 
- # don't enable:
- #  - golint        # deprecated
- #  - whitespace
- #  - funlen
- #  - exhaustive
- #  - gomnd
- #  - gofmt
- #  - deadcode      # deprecated since v1.49.0
- #  - structcheck   # deprecated since v1.49.0
- #  - varcheck      # deprecated since v1.49.0
- #  - rowserrcheck  # rowserrcheck is disabled because of generics. You can track the evolution of the generics support by following the https://github.com/golangci/golangci-lint/issues/2649
+  # don't enable:
+  #  - golint        # deprecated
+  #  - whitespace
+  #  - funlen
+  #  - exhaustive
+  #  - gomnd
+  #  - gofmt
+  #  - deadcode      # deprecated since v1.49.0
+  #  - structcheck   # deprecated since v1.49.0
+  #  - varcheck      # deprecated since v1.49.0
+  #  - rowserrcheck  # rowserrcheck is disabled because of generics. You can track the evolution of the generics support by following the https://github.com/golangci/golangci-lint/issues/2649
 
 run:
   deadline: 3m
@@ -55,6 +55,7 @@ linters-settings:
       main:
         allow:
           - $gostd
+          - istio.io/client-go
           - k8s.io/apimachinery
           - k8s.io/client-go
           - k8s.io/api

diff --git a/Makefile b/Makefile
@@ -84,6 +84,7 @@ STABLE_VERSION := "stable"
 BUNDLE_IMG ?= controller-bundle:$(VERSION)
 
 NGINX_INGRESS_VALUES_PATH ?= deploy/ingress/nginx-ingress-values.yaml
+ISTIO_INGRESS_VALUES_PATH ?= deploy/ingress/istio-ingress-values.yaml
 
 # options for 'bundle-build'
 ifneq ($(origin CHANNELS), undefined)
@@ -188,6 +189,20 @@ deploy-local-cluster:
 	helm -n k8gb upgrade -i nginx-ingress nginx-stable/ingress-nginx \
 		--version 4.0.15 -f $(NGINX_INGRESS_VALUES_PATH)
 
+	@echo -e "\n$(YELLOW)Install Istio CRDs $(NC)"
+	kubectl create namespace istio-system
+	helm repo add --force-update istio https://istio-release.storage.googleapis.com/charts
+	helm repo update
+	helm upgrade -i istio-base istio/base -n istio-system
+
+	@echo -e "\n$(YELLOW)Install Istiod $(NC)"
+	helm upgrade -i istiod istio/istiod -n istio-system --wait
+
+	@echo -e "\n$(YELLOW)Install Istio Ingress Gateway $(NC)"
+	kubectl create namespace istio-ingress
+	helm upgrade -i istio-ingressgateway istio/gateway -n istio-ingress \
+		-f $(ISTIO_INGRESS_VALUES_PATH)
+
 	@if [ "$(DEPLOY_APPS)" = true ]; then $(MAKE) deploy-test-apps ; fi
 
 	@echo -e "\n$(YELLOW)Wait until Ingress controller is ready $(NC)"
@@ -198,9 +213,15 @@ deploy-local-cluster:
 .PHONY: deploy-test-apps
 deploy-test-apps: ## Deploy Podinfo (example app) and Apply Gslb Custom Resources
 	@echo -e "\n$(YELLOW)Deploy GSLB cr $(NC)"
-	kubectl apply -f deploy/crds/test-namespace.yaml
-	$(call apply-cr,deploy/crds/k8gb.absa.oss_v1beta1_gslb_cr.yaml)
-	$(call apply-cr,deploy/crds/k8gb.absa.oss_v1beta1_gslb_cr_failover.yaml)
+	kubectl apply -f deploy/crds/test-namespace-ingress.yaml
+	$(call apply-cr,deploy/crds/k8gb.absa.oss_v1beta1_gslb_cr_roundrobin_ingress_ref.yaml)
+	$(call apply-cr,deploy/crds/k8gb.absa.oss_v1beta1_gslb_cr_failover_ingress_ref.yaml)
+
+	kubectl apply -f deploy/crds/test-namespace-istio.yaml
+	$(call apply-cr,deploy/crds/k8gb.absa.oss_v1beta1_gslb_cr_roundrobin_istio.yaml)
+	$(call apply-cr,deploy/crds/k8gb.absa.oss_v1beta1_gslb_cr_failover_istio.yaml)
+	$(call apply-cr,deploy/crds/k8gb.absa.oss_v1beta1_gslb_cr_notfound_istio.yaml)
+	$(call apply-cr,deploy/crds/k8gb.absa.oss_v1beta1_gslb_cr_unhealthy_istio.yaml)
 
 	@echo -e "\n$(YELLOW)Deploy podinfo $(NC)"
 	kubectl apply -f deploy/test-apps
@@ -210,6 +231,11 @@ deploy-test-apps: ## Deploy Podinfo (example app) and Apply Gslb Custom Resource
 		--set image.repository="$(PODINFO_IMAGE_REPO)" \
 		podinfo/podinfo \
 		--version 5.1.1
+	helm upgrade --install frontend --namespace test-gslb-istio -f deploy/test-apps/podinfo/podinfo-values.yaml \
+		--set ui.message="`$(call get-cluster-geo-tag)`" \
+		--set image.repository="$(PODINFO_IMAGE_REPO)" \
+		podinfo/podinfo \
+		--version 5.1.1
 
 .PHONY: deploy-kuar-app
 deploy-kuar-app:
@@ -342,11 +368,11 @@ docker-push: test
 
 .PHONY: init-failover
 init-failover:
-	$(call init-test-strategy, "deploy/crds/k8gb.absa.oss_v1beta1_gslb_cr_failover.yaml")
+	$(call init-test-strategy, "deploy/crds/k8gb.absa.oss_v1beta1_gslb_cr_failover_ingress_ref.yaml")
 
 .PHONY: init-round-robin
 init-round-robin:
-	$(call init-test-strategy, "deploy/crds/k8gb.absa.oss_v1beta1_gslb_cr.yaml")
+	$(call init-test-strategy, "deploy/crds/k8gb.absa.oss_v1beta1_gslb_cr_roundrobin_ingress_ref.yaml")
 
 # creates infoblox secret in current cluster
 .PHONY: infoblox-secret
@@ -554,9 +580,9 @@ endef
 
 define debug
 	$(call manifest)
-	kubectl apply -f deploy/crds/test-namespace.yaml
+	kubectl apply -f deploy/crds/test-namespace-ingress.yaml
 	kubectl apply -f ./chart/k8gb/templates/k8gb.absa.oss_gslbs.yaml
-	kubectl apply -f ./deploy/crds/k8gb.absa.oss_v1beta1_gslb_cr.yaml
+	kubectl apply -f ./deploy/crds/k8gb.absa.oss_v1beta1_gslb_cr_roundrobin_ingress.yaml
 	dlv $1
 endef
 

diff --git a/README.md b/README.md
@@ -31,9 +31,10 @@ metadata:
   namespace: test-gslb
 spec:
   resourceRef:
-    ingress:
-      matchLabels: # ingresses.networking.k8s.io resource selector
-        app: test-gslb-failover
+    apiVersion: networking.k8s.io/v1
+    kind: Ingress
+    matchLabels: # ingresses.networking.k8s.io resource selector
+      app: test-gslb-failover
   strategy:
     type: failover # Global load balancing strategy
     primaryGeoTag: eu-west-1 # Primary cluster geo tag

diff --git a/api/v1beta1/gslb_types.go b/api/v1beta1/gslb_types.go
@@ -43,8 +43,12 @@ type Strategy struct {
 // ResourceRef selects a resource defining the GSLB's load balancer and server
 // +k8s:openapi-gen=true
 type ResourceRef struct {
-	// Ingress selects a kubernetes.networking.k8s.io/v1.Ingress resource
-	Ingress metav1.LabelSelector `json:"ingress,omitempty"`
+	// APIVersion of the referenced resource
+	APIVersion string `json:"apiVersion"`
+	// Kind of the referenced resource
+	Kind string `json:"kind"`
+	// LabelSelector of the referenced resource
+	metav1.LabelSelector `json:",inline"`
 }
 
 // GslbSpec defines the desired state of Gslb

diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
diff --git a/chart/k8gb/crd/k8gb.absa.oss_gslbs.yaml b/chart/k8gb/crd/k8gb.absa.oss_gslbs.yaml
@@ -316,52 +316,58 @@ spec:
               resourceRef:
                 description: ResourceRef spec
                 properties:
-                  ingress:
-                    description: Ingress selects a kubernetes.networking.k8s.io/v1.Ingress
-                      resource
-                    properties:
-                      matchExpressions:
-                        description: matchExpressions is a list of label selector
-                          requirements. The requirements are ANDed.
-                        items:
+                  apiVersion:
+                    description: APIVersion of the referenced resource
+                    type: string
+                  kind:
+                    description: Kind of the referenced resource
+                    type: string
+                  matchExpressions:
+                    description: matchExpressions is a list of label selector requirements.
+                      The requirements are ANDed.
+                    items:
+                      description: |-
+                        A label selector requirement is a selector that contains values, a key, and an operator that
+                        relates the key and values.
+                      properties:
+                        key:
+                          description: key is the label key that the selector applies
+                            to.
+                          type: string
+                        operator:
                           description: |-
-                            A label selector requirement is a selector that contains values, a key, and an operator that
-                            relates the key and values.
-                          properties:
-                            key:
-                              description: key is the label key that the selector
-                                applies to.
-                              type: string
-                            operator:
-                              description: |-
-                                operator represents a key's relationship to a set of values.
-                                Valid operators are In, NotIn, Exists and DoesNotExist.
-                              type: string
-                            values:
-                              description: |-
-                                values is an array of string values. If the operator is In or NotIn,
-                                the values array must be non-empty. If the operator is Exists or DoesNotExist,
-                                the values array must be empty. This array is replaced during a strategic
-                                merge patch.
-                              items:
-                                type: string
-                              type: array
-                          required:
-                          - key
-                          - operator
-                          type: object
-                        type: array
-                      matchLabels:
-                        additionalProperties:
+                            operator represents a key's relationship to a set of values.
+                            Valid operators are In, NotIn, Exists and DoesNotExist.
                           type: string
-                        description: |-
-                          matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
-                          map is equivalent to an element of matchExpressions, whose key field is "key", the
-                          operator is "In", and the values array contains only "value". The requirements are ANDed.
-                        type: object
+                        values:
+                          description: |-
+                            values is an array of string values. If the operator is In or NotIn,
+                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                            the values array must be empty. This array is replaced during a strategic
+                            merge patch.
+                          items:
+                            type: string
+                          type: array
+                          x-kubernetes-list-type: atomic
+                      required:
+                      - key
+                      - operator
+                      type: object
+                    type: array
+                    x-kubernetes-list-type: atomic
+                  matchLabels:
+                    additionalProperties:
+                      type: string
+                    description: |-
+                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                      operator is "In", and the values array contains only "value". The requirements are ANDed.
                     type: object
-                    x-kubernetes-map-type: atomic
+                required:
+                - apiVersion
+                - kind
                 type: object
+                x-kubernetes-map-type: atomic
               strategy:
                 description: Gslb Strategy spec
                 properties:

diff --git a/chart/k8gb/templates/role.yaml b/chart/k8gb/templates/role.yaml
@@ -56,4 +56,15 @@ rules:
   verbs:
   - update
 {{- end }}
+{{- if .Values.istio.enabled }}
+- apiGroups:
+  - networking.istio.io
+  resources:
+  - virtualservices
+  - gateways
+  verbs:
+  - 'get'
+  - 'list'
+  - 'watch'
+{{- end }}
 {{- end }}