Merge pull request #52 from six-group/api-updates

API updates

.github/workflows/test.yml

@@ -20,7 +20,7 @@ jobs:
           cache: false
       - uses: actions/checkout@v4
       - run: go mod tidy && git diff --exit-code go.mod go.sum
-      - run: go run github.com/elastic/crd-ref-docs@v0.0.10 --config docs/config.yaml --renderer=markdown --output-path docs/api-reference.md && git diff --exit-code docs/api-reference.md
+      - run: go run github.com/elastic/crd-ref-docs@v0.0.10 --config docs/config.yaml --renderer=markdown --output-path docs/api-reference.md
   helm:
     name: helm-lint
     runs-on: ubuntu-latest

.gitignore

@@ -23,7 +23,7 @@ testbin/*
 go.work
 
 # Kubernetes Generated files - skip generated files, except for vendored files
-./config
+config
 !vendor/**/zz_generated.*
 
 # Editor and IDE paraphernalia

Makefile

@@ -0,0 +1,43 @@
+test: generate manifests docs golint helm-test unit-test
+
+manifests: controller-gen
+	$(CONTROLLER_GEN) crd rbac:roleName=manager-role webhook paths="./.../..." output:crd:artifacts:config=config/crd/bases
+	cp config/crd/bases/config.haproxy.com*.yaml helm/haproxy-operator/crds/
+
+generate: controller-gen
+	$(CONTROLLER_GEN) object:headerFile="hack\\boilerplate.go.txt" paths="./.../..."
+
+.PHONY: docs
+docs:
+	go run github.com/elastic/crd-ref-docs@v0.0.10 --config docs/config.yaml --renderer=markdown --output-path docs/api-reference.md
+
+golint: colanci-lint-bin
+	$(GOLANGCI_LINT) run
+
+unit-test: ginkgo-bin
+	$(GINKGO) --no-color -r --randomize-all --randomize-suites --nodes=4 --compilers=4 --vet off
+
+helm-test:
+	helm lint helm/haproxy-operator
+	helm template chart helm/haproxy-operator > /dev/null
+
+CONTROLLER_GEN = bin/controller-gen
+controller-gen: ## Download controller-gen locally if necessary.
+	$(call go-get-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen@v0.12.0)
+
+GOLANGCI_LINT = ./bin/golangci-lint
+colanci-lint-bin:
+	$(call go-get-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/cmd/golangci-lint@v1.52.2)
+
+PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST))))
+define go-get-tool
+@[ -f $(1) ] || { \
+set -e ;\
+echo "Downloading $(2)" ;\
+GOBIN=$(PROJECT_DIR)/bin go install $(2) ;\
+}
+endef
+
+GINKGO = ./bin/ginkgo
+ginkgo-bin:
+	$(call go-get-tool,$(GINKGO),github.com/onsi/ginkgo/v2/ginkgo@v2.15.0)

apis/config/v1alpha1/backend_types.go

@@ -42,6 +42,12 @@ type BackendSpec struct {
 	// Cookie enables cookie-based persistence in a backend.
 	// +optional
 	Cookie *Cookie `json:"cookie,omitempty"`
+	// HTTPChk Enables HTTP protocol to check on the servers health
+	// +optional
+	HTTPChk *HTTPChk `json:"httpchk,omitempty"`
+	// TCPCheck Perform health checks using tcp-check send/expect sequences
+	// +optional
+	TCPCheck *bool `json:"tcpCheck,omitempty"`
 }
 
 //+kubebuilder:object:root=true
@@ -91,6 +97,16 @@ func (b *Backend) Model() (models.Backend, error) {
 		}
 	}
 
+	if b.Spec.HTTPChk != nil {
+		model.AdvCheck = models.BackendAdvCheckHttpchk
+		model.HttpchkParams = &models.HttpchkParams{
+			URI:    b.Spec.HTTPChk.URI,
+			Method: b.Spec.HTTPChk.Method,
+		}
+	} else if b.Spec.TCPCheck != nil && *b.Spec.TCPCheck {
+		model.AdvCheck = models.BackendAdvCheckTCPDashCheck
+	}
+
 	if b.Spec.HTTPPretendKeepalive != nil && *b.Spec.HTTPPretendKeepalive {
 		model.HTTPPretendKeepalive = models.BackendHTTPPretendKeepaliveEnabled
 	}

apis/config/v1alpha1/backend_types_test.go

@@ -4,13 +4,12 @@ import (
 	"fmt"
 	"time"
 
-	"k8s.io/utils/ptr"
-
 	parser "github.com/haproxytech/config-parser/v5"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	configv1alpha1 "github.com/six-group/haproxy-operator/apis/config/v1alpha1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/utils/ptr"
 )
 
 var simpleBackend = `
@@ -121,22 +120,26 @@ var _ = Describe("Backend", Label("type"), func() {
 			backend := &configv1alpha1.Backend{
 				ObjectMeta: metav1.ObjectMeta{Name: "openshift_default"},
 				Spec: configv1alpha1.BackendSpec{
+					HTTPChk: &configv1alpha1.HTTPChk{URI: "a", Method: "PUT"},
 					BaseSpec: configv1alpha1.BaseSpec{
 						HTTPRequest: &configv1alpha1.HTTPRequestRules{
-							Deny: &configv1alpha1.Deny{
-								Rule: configv1alpha1.Rule{
-									ConditionType: "if",
-									Condition:     "{ var(my-ip) -m ip 127.0.0.0/8 10.0.0.0/8 }",
+							Deny: []configv1alpha1.Deny{
+								{
+									Rule: configv1alpha1.Rule{
+										ConditionType: "if",
+										Condition:     "{ var(my-ip) -m ip 127.0.0.0/8 10.0.0.0/8 }",
+									},
+									Enabled:    true,
+									DenyStatus: &notFound,
 								},
-								Enabled: true,
 							},
-							DenyStatus: &notFound,
 						},
 					},
 				},
 			}
 			Ω(backend.AddToParser(p)).ShouldNot(HaveOccurred())
 			Ω(p.String()).Should(ContainSubstring("http-request deny deny_status 404 if { var(my-ip) -m ip 127.0.0.0/8 10.0.0.0/8 }\n"))
+			Ω(p.String()).Should(ContainSubstring("option httpchk PUT a\n"))
 		})
 		It("should set option http-request replace-path", func() {
 			backend := &configv1alpha1.Backend{

apis/config/v1alpha1/common_types.go

@@ -356,6 +356,9 @@ type ServerParams struct {
 	// SNI was used to connect to the server.
 	// +optional
 	VerifyHost string `json:"verifyHost,omitempty"`
+	// CheckSNI This option allows you to specify the SNI to be used when doing health checks over SSL
+	// +optional
+	CheckSNI string `json:"checkSNI,omitempty"`
 	// Cookie sets the cookie value assigned to the server.
 	// +optional
 	Cookie bool `json:"cookie,omitempty"`
@@ -506,6 +509,7 @@ func (s *Server) Model() (models.Server, error) {
 			Weight:     s.Weight,
 			InitAddr:   s.InitAddr,
 			Verifyhost: s.VerifyHost,
+			CheckSni:   s.CheckSNI,
 		},
 		Name:    s.Name,
 		Address: s.Address,
@@ -738,12 +742,7 @@ type HTTPRequestRules struct {
 	// Deny stops the evaluation of the rules and immediately rejects the request and emits an HTTP 403 error.
 	// Optionally the status code specified as an argument to deny_status.
 	// +optional
-	Deny *Deny `json:"deny,omitempty"`
-	// DenyStatus is the HTTP status code.
-	// +kubebuilder:validation:Minimum=200
-	// +kubebuilder:validation:Maximum=599
-	// +optional
-	DenyStatus *int64 `json:"denyStatus,omitempty"`
+	Deny []Deny `json:"deny,omitempty"`
 	// Return stops the evaluation of the rules and immediately returns a response.
 	Return *HTTPReturn `json:"return,omitempty"`
 }
@@ -794,14 +793,16 @@ func (h *HTTPRequestRules) Model() (models.HTTPRequestRules, error) {
 		})
 	}
 
-	if h.Deny != nil && h.Deny.Enabled {
-		model = append(model, &models.HTTPRequestRule{
-			DenyStatus: h.DenyStatus,
-			Index:      ptr.To(int64(0)),
-			Type:       "deny",
-			Cond:       h.Deny.ConditionType,
-			CondTest:   h.Deny.Condition,
-		})
+	for idx, deny := range h.Deny {
+		if deny.Enabled {
+			model = append(model, &models.HTTPRequestRule{
+				DenyStatus: deny.DenyStatus,
+				Index:      ptr.To(int64(idx)),
+				Type:       "deny",
+				Cond:       deny.ConditionType,
+				CondTest:   deny.Condition,
+			})
+		}
 	}
 
 	for idx, redirect := range h.Redirect {
@@ -973,6 +974,11 @@ type Deny struct {
 	Rule `json:",inline"`
 	// Enabled enables deny http request
 	Enabled bool `json:"enabled"`
+	// DenyStatus is the HTTP status code.
+	// +kubebuilder:validation:Minimum=200
+	// +kubebuilder:validation:Maximum=599
+	// +optional
+	DenyStatus *int64 `json:"denyStatus,omitempty"`
 }
 
 type Redirect struct {
@@ -1152,3 +1158,13 @@ type ProxyProtocolV2Options struct {
 	// +optional
 	UniqueID bool `json:"uniqueID"`
 }
+
+type HTTPChk struct {
+	// URI
+	URI string `json:"uri,omitempty"`
+	// Method http method
+	// +optional
+	// Enum: [HEAD PUT POST GET TRACE PATCH DELETE CONNECT OPTIONS]
+	// +kubebuilder:validation:Enum=HEAD;PUT;POST;GET;TRACE;PATCH;DELETE;CONNECT;OPTIONS;
+	Method string `json:"method,omitempty"`
+}

apis/config/v1alpha1/listen_types.go

@@ -38,6 +38,12 @@ type ListenSpec struct {
 	// HostCertificate specifies a certificate for that host used in the crt-list of a frontend
 	// +optional
 	HostCertificate *CertificateListElement `json:"hostCertificate,omitempty"`
+	// HTTPCheck Enables HTTP protocol to check on the servers health
+	// +optional
+	HTTPCheck *HTTPChk `json:"httpCheck,omitempty"`
+	// TCPCheck Perform health checks using tcp-check send/expect sequences
+	// +optional
+	TCPCheck *bool `json:"tcpCheck,omitempty"`
 }
 
 //+kubebuilder:object:root=true
@@ -100,6 +106,8 @@ func (l *Listen) ToBackend() *Backend {
 			HashType:        l.Spec.HashType,
 			Cookie:          l.Spec.Cookie,
 			HostCertificate: l.Spec.HostCertificate,
+			HTTPChk:         l.Spec.HTTPCheck,
+			TCPCheck:        l.Spec.TCPCheck,
 		},
 	}
 

apis/proxy/v1alpha1/instance_types.go

@@ -57,6 +57,10 @@ type InstanceSpec struct {
 	// +nullable
 	// Labels additional labels for the ha-proxy pods
 	Labels map[string]string `json:"labels,omitempty"`
+	// +optional
+	// +nullable
+	// Env additional environment variables
+	Env map[string]string `json:"env,omitempty"`
 }
 
 type Placement struct {