add route/ingress URL to .status

[reginapizza]

What type of PR is this?
/kind enhancement

What does this PR do / why we need it:
This would add a new field, .host, to .status of ArgoCD. When route or ingress is enabled (priority given to route) then the route will be displayed in the new URL field.

When no URL exists from a route or ingress, the field will not be displayed.

When on a non-OpenShift cluster (meaning the Route API is not available), if the user chooses to enable Route, they will only get a log saying that Routes are not available in non-OpenShift environments and to please use Ingresses instead. The state of the application controller and of the URL will not be affected.

When the route or ingress is configured, but the corresponding controller has not yet set it up properly (i.e. is not in Ready state or does not propagate its URL), this is indicated in the Operand as well in the value of .status.url as Pending instead of the URL. Also, if .status.url is Pending, this affects the overall status for the Operand by making it Pending instead of Available.

Have you updated the necessary documentation?

• Documentation update is required by this PR.
• Documentation has been updated.

Which issue(s) this PR fixes:
Fixes #246

How to test changes / Special notes to the reviewer:

Special Notes to the reviewer:

Whatever your cluster is, make sure that Ingress Controller is installed, enabled and running before moving forward. Instructions for ingress-controller for the following types of cluster are:

1. kind : https://abhishekveeramalla-av.medium.com/run-argo-cd-using-operator-on-kind-e59f48687d38
2. minikube: run command minikube addons enable ingress
3. k3d: Traefik Ingress Controller is installed/enabled by default
4. OpenShift: after enabling ingress in Argo CD spec, update the following on the ingress spec:
   • remove Nginx annotations
   • update hostame to example-argocd.yourcluster.example.com where example-argocd is the argocd host

Ingress Testing:

1. Get cluster and log in (I used a K3D cluster for this).

2. In your cloned repo on this branch, go to Makefile and change the version # (just to something else) and change image base tag to IMAGE_TAG_BASE ?= quay.io/{your quay or docker username}/argocd-operator. Then run make docker-build, make docker-pushand login to a cluster and then run make deploy

3. Add the Argo CD instance:

cat <<EOF | kubectl apply -f -                                                                    
apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: argocd
spec: {}
EOF   

4. Create an Ingress:

cat <<EOF | oc apply -f -                                                                    
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: argocd-server
spec:
  rules:
  - host: argocd
    http:
      paths:
      - backend:
          service:
            name: argocd-server
            port:
              number: 8080
        path: /
        pathType: ImplementationSpecific
EOF

If you do oc get ingress argocd-server you should see:

NAME            CLASS    HOSTS    ADDRESS      PORTS   AGE
argocd-server   <none>   argocd   172.22.0.3   80      9m56s

4. Edit the ArgoCD instance so that ingress and route (or at least just route if you're on an OpenShift cluster) is enabled with oc edit argocd argocd. spec.server should look something like:

  server:
    autoscale:
      enabled: false
    grpc:
      ingress:
        enabled: false
    ingress:
      enabled: true
    route:
      enabled: false
    service:
      type: ""
  tls:
    ca: {}

Save your changes.

6. Wait a second for it to update, and then check back on your CR oc get argocd argocd -o yaml. You should see that the URL has been added to the .status field.

status:
  applicationController: Running
  dex: Running
  host: 172.22.0.3
  phase: Available
  redis: Running
  repo: Running
  server: Running
  ssoConfig: Unknown

Route Testing:

1. Get cluster and log in (I used an OpenShift cluster for this since routes are specific to OpenShift, if the Route API is not available this functionality will not work).

2. In your cloned repo on this branch, go to Makefile and change the version # (just to something else) and change image base tag to IMAGE_TAG_BASE ?= quay.io/{your quay or docker username}/argocd-operator. Then run make docker-build, make docker-pushand login to a cluster and then run make deploy

3. Add the Argo CD instance:

cat <<EOF | kubectl apply -f -                                                                    
apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: argocd
spec: {}
EOF   

4. Edit the ArgoCD instance so that ingress and route (or at least just route if you're on an OpenShift cluster) is enabled with oc edit argocd argocd. spec.server should look something like:

  server:
    autoscale:
      enabled: false
    grpc:
      ingress:
        enabled: false
    ingress:
      enabled: false
    route:
      enabled: true
    service:
      type: ""
  tls:
    ca: {}

Save your changes.
5. Wait a second for it to update, and then check back on your CR oc get argocd argocd -o yaml. You should see that the URL has been added to the .status field.

status:
  applicationController: Running
  dex: Running
  host: argocd-server-default.apps.app-svc-4.8-120914.devcluster.openshift.com
  phase: Available
  redis: Running
  repo: Running
  server: Running
  ssoConfig: Unknown

Note: If route and ingress are both enabled, the route (if available) will have preference over ingress.

[iam-veeramalla]

@reginapizza please run make bundle and resubmit the file 0.2.0/argoproj.io_argocds.yaml, my bad that I asked you to uncommit that file.

[jaideepr97]

would it be a good idea to mention that the created route/ingress URL can be retrieved from the ArgoCD instance's .status.URL field in https://argocd-operator.readthedocs.io/en/latest/usage/ingress/ and https://argocd-operator.readthedocs.io/en/latest/usage/routes/?

@reginapizza

[jaideepr97]

On further thought, a couple of cases occurred to me that I'm wondering how/if we should handle:

1. If someone tries to set .spec.server.route: enabled in a k8s cluster, this might throw an error. Maybe we should add a check for the route API here and fail silently instead?

2. Do we want to allow users to be able to set both route and ingress to enabled? If Both route and ingress are enabled on Openshift, is there a possibility we could end up with 2 routes for the same server? (One created by the operator, the other created by the openshift router automatically from the ingress) In that case should we just allow the route created by the router?
   Let me know what you think @reginapizza @iam-veeramalla

[reginapizza]

@jaideepr97 I've updated my PR to address your first concern, but I'm still not sure about the second. @iam-veeramalla do you think that it's a concern?

[jaideepr97]

LGTM
Thanks @reginapizza !!

[wtam2018]

We should get the host from route.Status.Ingress which is a list of RouteIngresses. I think we should show all the ingresses.

Also, each ingress has a status. If any of the ingresses is in failed status, should cr.Status.Phase be set to failed?

[wtam2018]

Ingress and route can be enabled at the same time. However, the status does not show ingress if route is enabled. WDYT @jaideepr97 @iam-veeramalla @reginapizza Should status be honest about showing ingress as well? We can probably just document as such.

[jaideepr97]

Per my understanding, on openshift environments routes are given more importance than ingresses (since a route is created automatically for each ingress) so I would say it makes sense to just show the route and document that the ingress is not shown in this case

On a related note, if both route and ingress are enabled we might end up with 2 routes for the same server deployment
Is this a case we want to handle?

[wtam2018]

@jaideepr97 It is also my understanding. https://docs.openshift.com/container-platform/4.6/networking/routes/route-configuration.html#nw-ingress-creating-a-route-via-an-ingress_route-configuration You can annotate an Ingress and OpenShift can create a Route automatically,
The question came up for the case where both ingress and route are legitimately enabled by the user in the Argo CD CR. We are only showing the status of Route. The ingress does not have the annotation.
I think we just need to document that only the route status is displaced when both ingress and route are enabled.

[jannfis]

LGTM

[wtam2018]

@reginapizza @jannfis I can''t figure out why is the DeepEqual() is needed.

[reginapizza]

would if !reflect.ValueOf(ingress.Status.LoadBalancer).IsZero() && len(ingress.Status.LoadBalancer.Ingress) > 0 { be better?

[wtam2018]

Yes, IsZero a bit cleaner and faster then DeepCopy and && len(ingress.Status.LoadBalancer.Ingress) > 0 can be eliminated. Leaving it as-is is fine.

[jaideepr97]

I think we should keep the len(ingress.Status.LoadBalancer.Ingress) > 0 as a sanity check, to make sure code only executes if we have at least 1 proper ingress hostname/ip to work with

[wtam2018]

@reginapizza please update how to test o include testing the ingress only case.

[reginapizza]

@wtam2018 I've updated the instructions on how to test ingresses with it!

[iam-veeramalla]

Known Issue:
@ishitasequeira and I have noticed that this feature does not work as expected when Argo CD server is exposed using an Ingress resource(instead of route) on an OpenShift cluster. Please refer to the issue or JIRA for more details.