Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support WAN Address Annotations #3420

Merged
merged 7 commits into from
Jan 3, 2024
Merged

Support WAN Address Annotations #3420

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
fa23cee
Add wanAddress configuration to the configmap
t-eckert Dec 20, 2023
ef14297
Set the annotations on the mesh gateway CRD
t-eckert Dec 21, 2023
5ef1cde
Patch through the annotations from the Mesh Gateway
t-eckert Dec 21, 2023
36e3dc8
Fix Job -> ConfigMap
t-eckert Jan 2, 2024
97715ac
Use JSON to compare annotations
t-eckert Jan 2, 2024
6f67b43
Add annotations to deployment test
t-eckert Jan 3, 2024
1ff149a
Fix checking annotations in helm tests
t-eckert Jan 3, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions charts/consul/templates/gateway-resources-configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
{{- if .Values.connectInject.enabled }}

# Validation
# For meshGateway.wanAddress, static must be set if source is "Static"
{{if (and (eq .Values.meshGateway.wanAddress.source "Static") (eq .Values.meshGateway.wanAddress.static ""))}}{{fail ".meshGateway.wanAddress.static must be set to a value if .meshGateway.wanAddress.source is Static"}}{{ end }}
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added validation here that will block the invalid config of a "Static" address with no address set.


# Configuration of Gateway Resources Job which creates managed Gateway configuration.
apiVersion: v1
kind: ConfigMap
Expand Down Expand Up @@ -102,6 +107,19 @@ data:
metadata:
name: mesh-gateway
namespace: {{ .Release.Namespace }}
annotations:
# TODO are these annotations even necessary?
"consul.hashicorp.com/gateway-wan-address-source": {{ .Values.meshGateway.wanAddress.source | quote }}
"consul.hashicorp.com/gateway-wan-address-static": {{ .Values.meshGateway.wanAddress.static | quote }}
{{- if eq .Values.meshGateway.wanAddress.source "Service" }}
{{- if eq .Values.meshGateway.service.type "NodePort" }}
"consul.hashicorp.com/gateway-wan-port": {{ .Values.meshGateway.service.nodePort | quote }}
{{- else }}
"consul.hashicorp.com/gateway-wan-port": {{ .Values.meshGateway.service.port | quote }}
{{- end }}
{{- else }}
"consul.hashicorp.com/gateway-wan-port": {{ .Values.meshGateway.wanAddress.port | quote }}
{{- end }}
spec:
gatewayClassName: consul-mesh-gateway
{{- end }}
Expand Down
85 changes: 80 additions & 5 deletions charts/consul/test/unit/gateway-resources-configmap.bats
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,18 +2,20 @@

load _helpers

target=templates/gateway-resources-configmap.yaml
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀


@test "gateway-resources/ConfigMap: disabled with connectInject.enabled=false" {
cd `chart_dir`
assert_empty helm template \
-s templates/gateway-resources-configmap.yaml \
-s $target \
--set 'connectInject.enabled=false' \
.
}

@test "gateway-resources/ConfigMap: enabled with connectInject.enabled=true" {
cd `chart_dir`
local actual=$(helm template \
-s templates/gateway-resources-configmap.yaml \
-s $target \
--set 'connectInject.enabled=true' \
. | tee /dev/stderr |
yq 'length > 0' | tee /dev/stderr)
Expand All @@ -23,7 +25,7 @@ load _helpers
@test "gateway-resources/ConfigMap: contains resources configuration as JSON" {
cd `chart_dir`
local resources=$(helm template \
-s templates/gateway-resources-configmap.yaml \
-s $target \
--set 'connectInject.enabled=true' \
--set 'connectInject.apiGateway.managedGatewayClass.resources.requests.memory=200Mi' \
--set 'connectInject.apiGateway.managedGatewayClass.resources.requests.cpu=200m' \
Expand All @@ -48,7 +50,7 @@ load _helpers
@test "gateway-resources/ConfigMap: does not contain config.yaml resources without .global.experiments equal to resource-apis" {
cd `chart_dir`
local resources=$(helm template \
-s templates/gateway-resources-configmap.yaml \
-s $target \
--set 'connectInject.enabled=true' \
--set 'ui.enabled=false' \
. | tee /dev/stderr |
Expand All @@ -60,7 +62,7 @@ load _helpers
@test "gateway-resources/ConfigMap: contains config.yaml resources with .global.experiments equal to resource-apis" {
cd `chart_dir`
local resources=$(helm template \
-s templates/gateway-resources-configmap.yaml \
-s $target \
--set 'connectInject.enabled=true' \
--set 'meshGateway.enabled=true' \
--set 'global.experiments[0]=resource-apis' \
Expand All @@ -70,3 +72,76 @@ load _helpers

[ "$resources" != null ]
}


#--------------------------------------------------------------------
# Mesh Gateway WAN Address configuration

@test "gateway-resources/ConfigMap: Mesh Gateway WAN Address default annotations" {
cd `chart_dir`
local annotations=$(helm template \
-s $target \
--set 'connectInject.enabled=true' \
--set 'meshGateway.enabled=true' \
--set 'global.experiments[0]=resource-apis' \
--set 'ui.enabled=false' \
. | tee /dev/stderr |
yq -r '.data["config.yaml"]' | yq -r '.meshGateways[0].metadata.annotations' | tee /dev/stderr)

local actual=$(echo "$annotations" | jq -r '.["consul.hashicorp.com/gateway-wan-address-source"]')
[ "${actual}" = 'Service' ]

local actual=$(echo "$annotations" | jq -r '.["consul.hashicorp.com/gateway-wan-port"]')
[ "${actual}" = '443' ]

local actual=$(echo "$annotations" | jq -r '.["consul.hashicorp.com/gateway-wan-address-static"]')
[ "${actual}" = '' ]
}

@test "gateway-resources/ConfigMap: Mesh Gateway WAN Address NodePort annotations" {
cd `chart_dir`
local annotations=$(helm template \
-s $target \
--set 'connectInject.enabled=true' \
--set 'meshGateway.enabled=true' \
--set 'global.experiments[0]=resource-apis' \
--set 'ui.enabled=false' \
--set 'meshGateway.wanAddress.source=Service' \
--set 'meshGateway.service.type=NodePort' \
--set 'meshGateway.service.nodePort=30000' \
. | tee /dev/stderr |
yq -r '.data["config.yaml"]' | yq -r '.meshGateways[0].metadata.annotations' | tee /dev/stderr)

local actual=$(echo "$annotations" | jq -r '.["consul.hashicorp.com/gateway-wan-address-source"]')
[ "${actual}" = 'Service' ]

local actual=$(echo "$annotations" | jq -r '.["consul.hashicorp.com/gateway-wan-port"]')
[ "${actual}" = '30000' ]

local actual=$(echo "$annotations" | jq -r '.["consul.hashicorp.com/gateway-wan-address-static"]')
[ "${actual}" = '' ]
}

@test "gateway-resources/ConfigMap: Mesh Gateway WAN Address static configuration" {
cd `chart_dir`
local annotations=$(helm template \
-s $target \
--set 'connectInject.enabled=true' \
--set 'meshGateway.enabled=true' \
--set 'global.experiments[0]=resource-apis' \
--set 'ui.enabled=false' \
--set 'meshGateway.wanAddress.source=Static' \
--set 'meshGateway.wanAddress.static=127.0.0.1' \
. | tee /dev/stderr |
yq -r '.data["config.yaml"]' | yq -r '.meshGateways[0].metadata.annotations' | tee /dev/stderr)

local actual=$(echo "$annotations" | jq -r '.["consul.hashicorp.com/gateway-wan-address-source"]')
[ "${actual}" = 'Static' ]

local actual=$(echo "$annotations" | jq -r '.["consul.hashicorp.com/gateway-wan-port"]')
[ "${actual}" = '443' ]

local actual=$(echo "$annotations" | jq -r '.["consul.hashicorp.com/gateway-wan-address-static"]')
[ "${actual}" = '127.0.0.1' ]
}

2 changes: 1 addition & 1 deletion charts/consul/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2763,7 +2763,7 @@ meshGateway:
# are routable from other datacenters.
#
# - `Static` - Use the address hardcoded in `meshGateway.wanAddress.static`.
source: "Service"
source: Service

# Port that gets registered for WAN traffic.
# If source is set to "Service" then this setting will have no effect.
Expand Down
7 changes: 7 additions & 0 deletions control-plane/gateways/deployment.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,13 @@ func (b *meshGatewayBuilder) deploymentSpec() (*appsv1.DeploymentSpec, error) {
constants.AnnotationMeshInject: "false",
// This functionality only applies when proxy sidecars are used
constants.AnnotationTransparentProxyOverwriteProbes: "false",
// This annotation determines which source to use to set the
// WAN address and WAN port for the Mesh Gateway service registration.
constants.AnnotationGatewayWANSource: b.gateway.Annotations[constants.AnnotationGatewayWANSource],
// This annotation determines the WAN port for the Mesh Gateway service registration.
constants.AnnotationGatewayWANPort: b.gateway.Annotations[constants.AnnotationGatewayWANPort],
// This annotation determines the address for the gateway when the source annotation is "Static".
constants.AnnotationGatewayWANAddress: b.gateway.Annotations[constants.AnnotationGatewayWANAddress],
},
},
Spec: corev1.PodSpec{
Expand Down
20 changes: 20 additions & 0 deletions control-plane/gateways/deployment_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,13 @@ func Test_meshGatewayBuilder_Deployment(t *testing.T) {
name: "happy path",
fields: fields{
gateway: &meshv2beta1.MeshGateway{
ObjectMeta: metav1.ObjectMeta{
Annotations: map[string]string{
constants.AnnotationGatewayWANSource: "Service",
constants.AnnotationGatewayWANPort: "443",
constants.AnnotationGatewayWANAddress: "",
},
},
Spec: pbmesh.MeshGateway{
GatewayClassName: "test-gateway-class",
},
Expand Down Expand Up @@ -133,6 +140,9 @@ func Test_meshGatewayBuilder_Deployment(t *testing.T) {
constants.AnnotationGatewayKind: meshGatewayAnnotationKind,
constants.AnnotationMeshInject: "false",
constants.AnnotationTransparentProxyOverwriteProbes: "false",
constants.AnnotationGatewayWANSource: "Service",
constants.AnnotationGatewayWANPort: "443",
constants.AnnotationGatewayWANAddress: "",
},
},
Spec: corev1.PodSpec{
Expand Down Expand Up @@ -389,6 +399,13 @@ func Test_meshGatewayBuilder_Deployment(t *testing.T) {
name: "nil gatewayclassconfig - (notfound)",
fields: fields{
gateway: &meshv2beta1.MeshGateway{
ObjectMeta: metav1.ObjectMeta{
Annotations: map[string]string{
constants.AnnotationGatewayWANSource: "Service",
constants.AnnotationGatewayWANPort: "443",
constants.AnnotationGatewayWANAddress: "",
},
},
Spec: pbmesh.MeshGateway{
GatewayClassName: "test-gateway-class",
},
Expand All @@ -413,6 +430,9 @@ func Test_meshGatewayBuilder_Deployment(t *testing.T) {
constants.AnnotationGatewayKind: meshGatewayAnnotationKind,
constants.AnnotationMeshInject: "false",
constants.AnnotationTransparentProxyOverwriteProbes: "false",
constants.AnnotationGatewayWANSource: "Service",
constants.AnnotationGatewayWANPort: "443",
constants.AnnotationGatewayWANAddress: "",
},
},
Spec: corev1.PodSpec{
Expand Down