Add status field to TransportServer resource

deployments/common/crds-v1beta1/k8s.nginx.org_transportservers.yaml

@@ -6,6 +6,17 @@ metadata:
   creationTimestamp: null
   name: transportservers.k8s.nginx.org
 spec:
+  additionalPrinterColumns:
+    - JSONPath: .status.state
+      description: Current state of the VirtualServer. If the resource has a valid status, it means it has been validated and accepted by the Ingress Controller.
+      name: State
+      type: string
+    - JSONPath: .status.reason
+      name: Reason
+      type: string
+    - JSONPath: .metadata.creationTimestamp
+      name: Age
+      type: date
   group: k8s.nginx.org
   names:
     kind: TransportServer
@@ -16,6 +27,8 @@ spec:
     singular: transportserver
   preserveUnknownFields: false
   scope: Namespaced
+  subresources:
+    status: {}
   validation:
     openAPIV3Schema:
       description: TransportServer defines the TransportServer resource.
@@ -107,6 +120,16 @@ spec:
                     type: integer
                   service:
                     type: string
+        status:
+          description: TransportServerStatus defines the status for the TransportServer resource.
+          type: object
+          properties:
+            message:
+              type: string
+            reason:
+              type: string
+            state:
+              type: string
   version: v1alpha1
   versions:
     - name: v1alpha1

deployments/common/crds/k8s.nginx.org_transportservers.yaml

@@ -16,7 +16,18 @@ spec:
     singular: transportserver
   scope: Namespaced
   versions:
-    - name: v1alpha1
+    - additionalPrinterColumns:
+        - description: Current state of the VirtualServer. If the resource has a valid status, it means it has been validated and accepted by the Ingress Controller.
+          jsonPath: .status.state
+          name: State
+          type: string
+        - jsonPath: .status.reason
+          name: Reason
+          type: string
+        - jsonPath: .metadata.creationTimestamp
+          name: Age
+          type: date
+      name: v1alpha1
       schema:
         openAPIV3Schema:
           description: TransportServer defines the TransportServer resource.
@@ -108,8 +119,20 @@ spec:
                         type: integer
                       service:
                         type: string
+            status:
+              description: TransportServerStatus defines the status for the TransportServer resource.
+              type: object
+              properties:
+                message:
+                  type: string
+                reason:
+                  type: string
+                state:
+                  type: string
       served: true
       storage: true
+      subresources:
+        status: {}
 status:
   acceptedNames:
     kind: ""

deployments/helm-chart/crds/k8s.nginx.org_transportservers.yaml

@@ -16,7 +16,18 @@ spec:
     singular: transportserver
   scope: Namespaced
   versions:
-    - name: v1alpha1
+    - additionalPrinterColumns:
+        - description: Current state of the VirtualServer. If the resource has a valid status, it means it has been validated and accepted by the Ingress Controller.
+          jsonPath: .status.state
+          name: State
+          type: string
+        - jsonPath: .status.reason
+          name: Reason
+          type: string
+        - jsonPath: .metadata.creationTimestamp
+          name: Age
+          type: date
+      name: v1alpha1
       schema:
         openAPIV3Schema:
           description: TransportServer defines the TransportServer resource.
@@ -108,8 +119,20 @@ spec:
                         type: integer
                       service:
                         type: string
+            status:
+              description: TransportServerStatus defines the status for the TransportServer resource.
+              type: object
+              properties:
+                message:
+                  type: string
+                reason:
+                  type: string
+                state:
+                  type: string
       served: true
       storage: true
+      subresources:
+        status: {}
 status:
   acceptedNames:
     kind: ""

docs-web/configuration/global-configuration/reporting-resources-status.md

@@ -115,7 +115,7 @@ Notes: The Ingress controller does not clear the status of VirtualServer and Vir
 ## Policy Resources
 
 A Policy resource includes the status field with information about the state of the resource.
-You can see the status in the ouput of the `kubectl get policy` command as shown below:
+You can see the status in the output of the `kubectl get policy` command as shown below:
 ```
 $ kubectl get policy
   NAME              STATE   AGE
@@ -151,3 +151,45 @@ The following fields are reported in Policy status:
      - Additional information about the state.
      - ``string``
 ```
+
+
+## TransportServer Resources
+
+A TransportServer resource includes the status field with information about the state of the resource.
+You can see the status in the output of the `kubectl get transportserver` command as shown below:
+```
+$ kubectl get transportserver
+  NAME      STATE   REASON           AGE
+  dns-tcp   Valid   AddedOrUpdated   47m
+```
+In order to see additional addresses or extra information about the `Status` of the resource, use the following command:
+```
+$ kubectl describe transportserver <NAME>
+. . .
+Status:
+  Message:  Configuration for default/dns-tcp was added or updated
+  Reason:   AddedOrUpdated
+  State:    Valid
+```
+
+### Status Specification
+The following fields are reported in TransportServer status:
+
+```eval_rst
+.. list-table::
+   :header-rows: 1
+
+   * - Field
+     - Description
+     - Type
+   * - ``State``
+     - Current state of the resource. Can be ``Valid`` or ``Invalid``. For more information, refer to the ``message`` field.
+     - ``string``
+   * - ``Reason``
+     - The reason of the last update.
+     - ``string``
+   * - ``Message``
+     - Additional information about the state.
+     - ``string``
+```
+

internal/configs/configurator.go

@@ -1182,16 +1182,6 @@ func (cnf *Configurator) GetVirtualServerCounts() (vsCount int, vsrCount int) {
 	return vsCount, vsrCount
 }
 
-func (cnf *Configurator) CheckIfListenerExists(transportServerListener *conf_v1alpha1.TransportServerListener) bool {
-	listener, exists := cnf.globalCfgParams.Listeners[transportServerListener.Name]
-
-	if !exists {
-		return false
-	}
-
-	return transportServerListener.Protocol == listener.Protocol
-}
-
 // AddOrUpdateSpiffeCerts writes Spiffe certs and keys to disk and reloads NGINX
 func (cnf *Configurator) AddOrUpdateSpiffeCerts(svidResponse *workload.X509SVIDs) error {
 	svid := svidResponse.Default()

internal/configs/configurator_test.go

@@ -234,58 +234,6 @@ func TestGetFileNameForVirtualServerFromKey(t *testing.T) {
 	}
 }
 
-func TestCheckIfListenerExists(t *testing.T) {
-	tests := []struct {
-		listener conf_v1alpha1.TransportServerListener
-		expected bool
-		msg      string
-	}{
-		{
-			listener: conf_v1alpha1.TransportServerListener{
-				Name:     "tcp-listener",
-				Protocol: "TCP",
-			},
-			expected: true,
-			msg:      "name and protocol match",
-		},
-		{
-			listener: conf_v1alpha1.TransportServerListener{
-				Name:     "some-listener",
-				Protocol: "TCP",
-			},
-			expected: false,
-			msg:      "only protocol matches",
-		},
-		{
-			listener: conf_v1alpha1.TransportServerListener{
-				Name:     "tcp-listener",
-				Protocol: "UDP",
-			},
-			expected: false,
-			msg:      "only name matches",
-		},
-	}
-
-	cnf, err := createTestConfigurator()
-	if err != nil {
-		t.Errorf("Failed to create a test configurator: %v", err)
-	}
-
-	cnf.globalCfgParams.Listeners = map[string]Listener{
-		"tcp-listener": {
-			Port:     53,
-			Protocol: "TCP",
-		},
-	}
-
-	for _, test := range tests {
-		result := cnf.CheckIfListenerExists(&test.listener)
-		if result != test.expected {
-			t.Errorf("CheckIfListenerExists() returned %v but expected %v for the case of %q", result, test.expected, test.msg)
-		}
-	}
-}
-
 func TestGetFileNameForTransportServer(t *testing.T) {
 	transportServer := &conf_v1alpha1.TransportServer{
 		ObjectMeta: meta_v1.ObjectMeta{

internal/k8s/controller.go

@@ -297,6 +297,7 @@ func NewLoadBalancerController(input NewLoadBalancerControllerInput) *LoadBalanc
 		ingressLister:            &lbc.ingressLister,
 		virtualServerLister:      lbc.virtualServerLister,
 		virtualServerRouteLister: lbc.virtualServerRouteLister,
+		transportServerLister:    lbc.transportServerLister,
 		policyLister:             lbc.policyLister,
 		keyFunc:                  keyFunc,
 		confClient:               input.ConfClient,
@@ -865,11 +866,9 @@ func (lbc *LoadBalancerController) syncTransportServer(task task) {
 
 	if !tsExists {
 		glog.V(2).Infof("Deleting TransportServer: %v\n", key)
-
 		changes, problems = lbc.configuration.DeleteTransportServer(key)
 	} else {
 		glog.V(2).Infof("Adding or Updating TransportServer: %v\n", key)
-
 		ts := obj.(*conf_v1alpha1.TransportServer)
 		changes, problems = lbc.configuration.AddOrUpdateTransportServer(ts)
 	}
@@ -977,14 +976,17 @@ func (lbc *LoadBalancerController) processProblems(problems []ConfigurationProbl
 				if err != nil {
 					glog.Errorf("Error when updating the status for VirtualServer %v/%v: %v", obj.Namespace, obj.Name, err)
 				}
+			case *conf_v1alpha1.TransportServer:
+				err := lbc.statusUpdater.UpdateTransportServerStatus(obj, state, p.Reason, p.Message)
+				if err != nil {
+					glog.Errorf("Error when updating the status for TransportServer %v/%v: %v", obj.Namespace, obj.Name, err)
+				}
 			case *conf_v1.VirtualServerRoute:
 				var emptyVSes []*conf_v1.VirtualServer
 				err := lbc.statusUpdater.UpdateVirtualServerRouteStatusWithReferencedBy(obj, state, p.Reason, p.Message, emptyVSes)
 				if err != nil {
 					glog.Errorf("Error when updating the status for VirtualServerRoute %v/%v: %v", obj.Namespace, obj.Name, err)
 				}
-			case *conf_v1alpha1.TransportServer:
-				// do nothing until the TransportServer supports status
 			}
 		}
 	}
@@ -1018,7 +1020,7 @@ func (lbc *LoadBalancerController) processChanges(changes []ResourceChange) {
 				tsEx := lbc.createTransportServerEx(impl.TransportServer, impl.ListenerPort)
 
 				addOrUpdateErr := lbc.configurator.AddOrUpdateTransportServer(tsEx)
-				lbc.updateTransportServerEvents(impl, addOrUpdateErr)
+				lbc.updateTransportServerStatusAndEvents(impl, addOrUpdateErr)
 			}
 		} else if c.Op == Delete {
 			switch impl := c.Resource.(type) {
@@ -1346,7 +1348,7 @@ func (lbc *LoadBalancerController) updateResourcesStatusAndEvents(resources []Re
 				lbc.updateRegularIngressStatusAndEvents(impl, warnings, operationErr)
 			}
 		case *TransportServerConfiguration:
-			lbc.updateTransportServerEvents(impl, operationErr)
+			lbc.updateTransportServerStatusAndEvents(impl, operationErr)
 		}
 	}
 }
@@ -1453,25 +1455,35 @@ func (lbc *LoadBalancerController) updateRegularIngressStatusAndEvents(ingConfig
 	}
 }
 
-func (lbc *LoadBalancerController) updateTransportServerEvents(tsConfig *TransportServerConfiguration, operationErr error) {
+func (lbc *LoadBalancerController) updateTransportServerStatusAndEvents(tsConfig *TransportServerConfiguration, operationErr error) {
 	eventTitle := "AddedOrUpdated"
 	eventType := api_v1.EventTypeNormal
 	eventWarningMessage := ""
+	state := conf_v1.StateValid
 
 	if len(tsConfig.Warnings) > 0 {
 		eventType = api_v1.EventTypeWarning
 		eventTitle = "AddedOrUpdatedWithWarning"
 		eventWarningMessage = fmt.Sprintf("with warning(s): %s", formatWarningMessages(tsConfig.Warnings))
+		state = conf_v1.StateWarning
 	}
 
 	if operationErr != nil {
 		eventType = api_v1.EventTypeWarning
 		eventTitle = "AddedOrUpdatedWithError"
 		eventWarningMessage = fmt.Sprintf("%s; but was not applied: %v", eventWarningMessage, operationErr)
+		state = conf_v1.StateInvalid
 	}
 
 	msg := fmt.Sprintf("Configuration for %v was added or updated %s", getResourceKey(&tsConfig.TransportServer.ObjectMeta), eventWarningMessage)
 	lbc.recorder.Eventf(tsConfig.TransportServer, eventType, eventTitle, msg)
+
+	if lbc.reportCustomResourceStatusEnabled() {
+		err := lbc.statusUpdater.UpdateTransportServerStatus(tsConfig.TransportServer, state, eventTitle, msg)
+		if err != nil {
+			glog.Errorf("Error when updating the status for TransportServer %v/%v: %v", tsConfig.TransportServer.Namespace, tsConfig.TransportServer.Name, err)
+		}
+	}
 }
 
 func (lbc *LoadBalancerController) updateVirtualServerStatusAndEvents(vsConfig *VirtualServerConfiguration, warnings configs.Warnings, operationErr error) {
@@ -1958,6 +1970,43 @@ func (lbc *LoadBalancerController) updatePoliciesStatus() error {
 	return nil
 }
 
+func (lbc *LoadBalancerController) updateTransportServersStatusFromEvents() error {
+	var allErrs []error
+	for _, obj := range lbc.transportServerLister.List() {
+		ts := obj.(*conf_v1alpha1.TransportServer)
+
+		events, err := lbc.client.CoreV1().Events(ts.Namespace).List(context.TODO(),
+			meta_v1.ListOptions{FieldSelector: fmt.Sprintf("involvedObject.name=%v,involvedObject.uid=%v", ts.Name, ts.UID)})
+		if err != nil {
+			allErrs = append(allErrs, fmt.Errorf("error trying to get events for TransportServer %v/%v: %v", ts.Namespace, ts.Name, err))
+			break
+		}
+
+		if len(events.Items) == 0 {
+			continue
+		}
+
+		var timestamp time.Time
+		var latestEvent api_v1.Event
+		for _, event := range events.Items {
+			if event.CreationTimestamp.After(timestamp) {
+				latestEvent = event
+			}
+		}
+
+		err = lbc.statusUpdater.UpdateTransportServerStatus(ts, getStatusFromEventTitle(latestEvent.Reason), latestEvent.Reason, latestEvent.Message)
+		if err != nil {
+			allErrs = append(allErrs, err)
+		}
+	}
+
+	if len(allErrs) > 0 {
+		return fmt.Errorf("not all TransportServers statuses were updated: %v", allErrs)
+	}
+
+	return nil
+}
+
 func getIPAddressesFromEndpoints(endpoints []podEndpoint) []string {
 	var endps []string
 	for _, ep := range endpoints {