add ingress controller to gloo (#212)

* wip: ingress microservice for gloo Signed-off-by: Scott Weiss <sdw35@cornell.edu> * add secret to resource group Signed-off-by: Scott Weiss <sdw35@cornell.edu> * regenerate code Signed-off-by: Scott Weiss <sdw35@cornell.edu> * make target for ingress Signed-off-by: Scott Weiss <sdw35@cornell.edu> * add ingress to kube yaml Signed-off-by: Scott Weiss <sdw35@cornell.edu> * regenerate with solo-kit 0.2.10 Signed-off-by: Scott Weiss <sdw35@cornell.edu> * regenerate kube.yaml code Signed-off-by: Scott Weiss <sdw35@cornell.edu> * fix test Signed-off-by: Scott Weiss <sdw35@cornell.edu> * regenerate/gofmt Signed-off-by: Scott Weiss <sdw35@cornell.edu> * update kube yaml Signed-off-by: Scott Weiss <sdw35@cornell.edu> * regenerate Signed-off-by: Scott Weiss <sdw35@cornell.edu> * switch from bytes to proto.Any Signed-off-by: Scott Weiss <sdw35@cornell.edu> * wip: adding support for status syncer Signed-off-by: Scott Weiss <sdw35@cornell.edu> * regenerate protos Signed-off-by: Scott Weiss <sdw35@cornell.edu> * dep ensure, regenerate Signed-off-by: Scott Weiss <sdw35@cornell.edu> * remove unused writeErrs from gateway Signed-off-by: Scott Weiss <sdw35@cornell.edu> * implement status syncer Signed-off-by: Scott Weiss <sdw35@cornell.edu> * add manifest to make target, regenerate Signed-off-by: Scott Weiss <sdw35@cornell.edu> * remove unused file Signed-off-by: Scott Weiss <sdw35@cornell.edu> * dep ensure Signed-off-by: Scott Weiss <sdw35@cornell.edu> * undo dependency Signed-off-by: Scott Weiss <sdw35@cornell.edu> * regenerate with new solo kit, resource order changed Signed-off-by: Scott Weiss <sdw35@cornell.edu> * wip: use explicit solo-kit resource groups Signed-off-by: Scott Weiss <sdw35@cornell.edu> * migrate to new solo kit Signed-off-by: Scott Weiss <sdw35@cornell.edu> * update setup to use status syncer Signed-off-by: Scott Weiss <sdw35@cornell.edu> * regenerate with latest solo kit Signed-off-by: Scott Weiss <sdw35@cornell.edu> * fix compile errors Signed-off-by: Scott Weiss <sdw35@cornell.edu> * remove status from protos, dont skip hashing service status Signed-off-by: Scott Weiss <sdw35@cornell.edu> * regenerate Signed-off-by: Scott Weiss <sdw35@cornell.edu> * wip: test for status syncer Signed-off-by: Scott Weiss <sdw35@cornell.edu> * fix test Signed-off-by: Scott Weiss <sdw35@cornell.edu> * add test helpers for deploying gloo with helm Signed-off-by: Scott Weiss <sdw35@cornell.edu> * fix build images Signed-off-by: Scott Weiss <sdw35@cornell.edu> * fix helm install Signed-off-by: Scott Weiss <sdw35@cornell.edu> * wip: e2e ingress test Signed-off-by: Scott Weiss <sdw35@cornell.edu> * working setup for test, currently getting RBAC error Signed-off-by: Scott Weiss <sdw35@cornell.edu> * add ingress deployment manifest to helm chart Signed-off-by: Scott Weiss <sdw35@cornell.edu> * get all pods deploying successfully Signed-off-by: Scott Weiss <sdw35@cornell.edu> * gofmt Signed-off-by: Scott Weiss <sdw35@cornell.edu> * fix helm chart + rbac Signed-off-by: Scott Weiss <sdw35@cornell.edu> * fix rbac, get test configured properly Signed-off-by: Scott Weiss <sdw35@cornell.edu> * fix port, annotations on ingress Signed-off-by: Scott Weiss <sdw35@cornell.edu> * always pull images for test Signed-off-by: Scott Weiss <sdw35@cornell.edu> * remove unused file Signed-off-by: Scott Weiss <sdw35@cornell.edu> * make it work Signed-off-by: Scott Weiss <sdw35@cornell.edu> * gofmt test dir Signed-off-by: Scott Weiss <sdw35@cornell.edu> * gpc auth fix Signed-off-by: Scott Weiss <sdw35@cornell.edu> * replace import with updated go-utils Signed-off-by: Scott Weiss <sdw35@cornell.edu> * add gcp auth import Signed-off-by: Scott Weiss <sdw35@cornell.edu> * regenerate test code with new solo kit Signed-off-by: Scott Weiss <sdw35@cornell.edu> * fix test Signed-off-by: Scott Weiss <sdw35@cornell.edu> * gcp auth import everywhere Signed-off-by: Scott Weiss <sdw35@cornell.edu> * make sure to build and push containers in kube e2e test Signed-off-by: Scott Weiss <sdw35@cornell.edu> * update new KubeCache type Signed-off-by: Scott Weiss <sdw35@cornell.edu> * fix kubecache confusion Signed-off-by: Scott Weiss <sdw35@cornell.edu> * add docker credentials to build Signed-off-by: Scott Weiss <sdw35@cornell.edu> * don't fail on teardown step Signed-off-by: Scott Weiss <sdw35@cornell.edu> * dont fail test if testrunner fails to start; timeout will catch it Signed-off-by: Scott Weiss <sdw35@cornell.edu> * skip test without env var Signed-off-by: Scott Weiss <sdw35@cornell.edu> * remove resource_groups magic comment Signed-off-by: Scott Weiss <sdw35@cornell.edu> * un-nest lambda Signed-off-by: Scott Weiss <sdw35@cornell.edu> * make transition function a util package Signed-off-by: Scott Weiss <sdw35@cornell.edu> * fix service client test package Signed-off-by: Scott Weiss <sdw35@cornell.edu> * rename file Signed-off-by: Scott Weiss <sdw35@cornell.edu> * remove ununsed protoi magic comment Signed-off-by: Scott Weiss <sdw35@cornell.edu> * reduce timeout Signed-off-by: Scott Weiss <sdw35@cornell.edu> * whoops Signed-off-by: Scott Weiss <sdw35@cornell.edu> * fix rebase error Signed-off-by: Scott Weiss <sdw35@cornell.edu> * fix comments Signed-off-by: Scott Weiss <sdw35@cornell.edu> * enable overriding VERSION in makefile Signed-off-by: Scott Weiss <sdw35@cornell.edu> * regenerate code Signed-off-by: Scott Weiss <sdw35@cornell.edu> * use return instead of skip so test does not fail Signed-off-by: Scott Weiss <sdw35@cornell.edu> * increase cloudbuild timeout Signed-off-by: Scott Weiss <sdw35@cornell.edu>
solo-io · Jan 13, 2019 · 7249187 · 7249187
1 parent e4d477e
commit 7249187
Show file tree

Hide file tree

Showing 75 changed files with 6,809 additions and 487 deletions.
diff --git a/Makefile b/Makefile
@@ -12,7 +12,7 @@ ifeq ($(TAGGED_VERSION),)
 	TAGGED_VERSION := vdev	
 	RELEASE := "false"
 endif
-VERSION := $(shell echo $(TAGGED_VERSION) | cut -c 2-)
+VERSION ?= $(shell echo $(TAGGED_VERSION) | cut -c 2-)
 
 LDFLAGS := "-X github.com/solo-io/gloo/pkg/version.Version=$(VERSION)"
 
@@ -41,7 +41,7 @@ clean:
 .PHONY: generated-code
 generated-code: $(OUTPUT_DIR)/.generated-code
 
-SUBDIRS:=projects
+SUBDIRS:=projects test
 $(OUTPUT_DIR)/.generated-code:
 	go generate ./...
 	gofmt -w $(SUBDIRS)
@@ -118,6 +118,26 @@ $(OUTPUT_DIR)/Dockerfile.gateway: $(GATEWAY_DIR)/cmd/Dockerfile
 gateway-docker: $(OUTPUT_DIR)/gateway-linux-amd64 $(OUTPUT_DIR)/Dockerfile.gateway
 	docker build -t soloio/gateway:$(VERSION)  $(OUTPUT_DIR) -f $(OUTPUT_DIR)/Dockerfile.gateway
 
+#----------------------------------------------------------------------------------
+# Ingress
+#----------------------------------------------------------------------------------
+
+INGRESS_DIR=projects/ingress
+INGRESS_SOURCES=$(shell find $(INGRESS_DIR) -name "*.go" | grep -v test | grep -v generated.go)
+
+$(OUTPUT_DIR)/ingress-linux-amd64: $(INGRESS_SOURCES)
+	CGO_ENABLED=0 GOARCH=amd64 GOOS=linux go build -ldflags=$(LDFLAGS) -o $@ $(INGRESS_DIR)/cmd/main.go
+
+
+.PHONY: ingress
+ingress: $(OUTPUT_DIR)/ingress-linux-amd64
+
+$(OUTPUT_DIR)/Dockerfile.ingress: $(INGRESS_DIR)/cmd/Dockerfile
+	cp $< $@
+
+ingress-docker: $(OUTPUT_DIR)/ingress-linux-amd64 $(OUTPUT_DIR)/Dockerfile.ingress
+	docker build -t soloio/ingress:$(VERSION)  $(OUTPUT_DIR) -f $(OUTPUT_DIR)/Dockerfile.ingress
+
 #----------------------------------------------------------------------------------
 # Discovery
 #----------------------------------------------------------------------------------
@@ -190,7 +210,7 @@ build: gloo glooctl gateway discovery envoyinit
 # Deployment Manifests / Helm
 #----------------------------------------------------------------------------------
 
-.PHONY: manifest bump-helm-version
+.PHONY: manifest
 manifest: install/kube.yaml bump-helm-version
 
 bump-helm-version:
@@ -208,6 +228,7 @@ GH_REPO:=gloo
 
 RELEASE_BINARIES := \
 	$(OUTPUT_DIR)/gateway-linux-amd64 \
+	$(OUTPUT_DIR)/ingress-linux-amd64 \
 	$(OUTPUT_DIR)/gloo-linux-amd64 \
 	$(OUTPUT_DIR)/discovery-linux-amd64 \
 	$(OUTPUT_DIR)/envoyinit-linux-amd64 \
@@ -236,10 +257,11 @@ endif
 #---------
 
 .PHONY: docker docker-push
-docker: discovery-docker gateway-docker gloo-docker gloo-envoy-wrapper-docker
+docker: discovery-docker gateway-docker gloo-docker gloo-envoy-wrapper-docker ingress-docker
 docker-push: docker
 ifeq ($(RELEASE),"true")
 	docker push soloio/gateway:$(VERSION) && \
+	docker push soloio/ingress:$(VERSION) && \
 	docker push soloio/discovery:$(VERSION) && \
 	docker push soloio/gloo:$(VERSION) && \
 	docker push soloio/gloo-envoy-wrapper:$(VERSION)

diff --git a/ci/dockerhub_credentials.enc b/ci/dockerhub_credentials.enc
diff --git a/cloudbuild.yaml b/cloudbuild.yaml
@@ -29,6 +29,23 @@ steps:
   waitFor: ['dep']
   id: 'setup-aws-creds'
 
+- name: 'gcr.io/$PROJECT_ID/e2e-ginkgo'
+  entrypoint: mkdir
+  args: ['/workspace/.docker']
+  id: 'create-docker-creds-dir'
+
+- name: gcr.io/cloud-builders/gcloud
+  args:
+  - kms
+  - decrypt
+  - --ciphertext-file=./gopath/src/github.com/solo-io/gloo/ci/dockerhub_credentials.enc
+  - --plaintext-file=/workspace/.docker/config.json
+  - --location=global
+  - --keyring=build
+  - --key=build-key
+  waitFor: ['dep', 'create-docker-creds-dir']
+  id: 'setup-docker-creds'
+
 # e2e-ginkgo is produced from https://github.com/solo-io/cloud-builders/e2e-ginkgo
 # sets up redis, consul, kubectl, go with required environment variables
 # need to use the provided entrypoint
@@ -51,9 +68,10 @@ steps:
   - 'CLOUDSDK_COMPUTE_ZONE=us-central1-a'
   - 'CLOUDSDK_CONTAINER_CLUSTER=test-cluster'
   - 'RUN_KUBE_TESTS=1'
+  - 'DOCKER_CONFIG=/workspace/.docker/'
   dir: './gopath/src/github.com/solo-io/gloo'
   args: ['-r', '-failFast']
-  waitFor: ['get-envoy', 'setup-aws-creds']
+  waitFor: ['get-envoy', 'setup-aws-creds', 'setup-docker-creds']
 
 - name: 'gcr.io/cloud-builders/docker'
   entrypoint: 'bash'
@@ -75,4 +93,4 @@ secrets:
     DOCKER_HUB_PASSWORD: CiQABlzmSW0u+qhXDvTCxLnbi09Zm88eCU0wSdvFn1W+6WOpTgQSTgCCPGSGTAlMndrEkYOynPhDzTXrW1q1eAsQYjKOWOwZKodcQZ2WIzdvpOOjv+WrGTssWWg1uPFV4CnajT7DzeNAb7USkla1epatm6OnuQ==
     FIREBASE_TOKEN: CiQABlzmSc0BWpPfrGRtDscrxOfp9ZBkZO9fkO79tjEmA14c8ZESVwCCPGSG8uZtLSmFucmEEJGJ0080ON7Zw5TjLe2YdwuxnSOA5YzZryVwLFAMzRmfb6OBxyThTZKvGZzgfXyv6CeLwYX0exk20u7k2bnrWbFHO0Aa4TiQqw==
 
-timeout: 1800s
+timeout: 6600s
diff --git a/install/helm/gloo/templates/1-namespace-clusterrole.yaml b/install/helm/gloo/templates/1-namespace-clusterrole.yaml
@@ -1,16 +1,30 @@
 {{- if .Values.rbac.create }}
 
-kind: ClusterRoleBinding
+kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: gloo-role-binding
-subjects:
-- kind: ServiceAccount
-  name: default
-  namespace: {{ .Release.Namespace }}
-roleRef:
-  kind: ClusterRole
-  name: gloo-role
-  apiGroup: rbac.authorization.k8s.io
+    name: gloo-role
+rules:
+- apiGroups: [""]
+  resources: ["pods", "services", "secrets", "endpoints", "configmaps"]
+  verbs: ["*"]
+- apiGroups: [""]
+  resources: ["namespaces"]
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["apiextensions.k8s.io"]
+  resources: ["customresourcedefinitions"]
+  verbs: ["get", "create"]
+- apiGroups: ["gloo.solo.io"]
+  resources: ["settings", "upstreams", "proxies","virtualservices"]
+  verbs: ["*"]
+- apiGroups: ["sqoop.solo.io"]
+  resources: ["schemas"]
+  verbs: ["*"]
+- apiGroups: ["gateway.solo.io"]
+  resources: ["virtualservices", "gateways"]
+  verbs: ["*"]
+- apiGroups: ["extensions", ""]
+  resources: ["ingresses"]
+  verbs: ["*"]
 
 {{- end -}}
diff --git a/install/helm/gloo/templates/10-ingress-deployment.yaml b/install/helm/gloo/templates/10-ingress-deployment.yaml
@@ -0,0 +1,23 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  labels:
+    app: gloo
+    gloo: ingress
+  name: ingress
+  namespace: {{ .Release.Namespace }}
+spec:
+  replicas: {{ .Values.deployment.ingress.replicas }}
+  selector:
+    matchLabels:
+      gloo: ingress
+  template:
+    metadata:
+      labels:
+        gloo: ingress
+    spec:
+      containers:
+      - image: {{ .Values.deployment.ingress.image }}
+        imagePullPolicy: {{ .Values.deployment.imagePullPolicy }}
+        name: ingress
+        args: ["--namespace", "{{.Release.Namespace}}" ]
diff --git a/install/helm/gloo/templates/11-ingress-proxy-deployment.yaml b/install/helm/gloo/templates/11-ingress-proxy-deployment.yaml
@@ -0,0 +1,43 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  labels:
+    app: gloo
+    gloo: ingress-proxy
+  name: ingress-proxy
+  namespace: {{ .Release.Namespace }}
+spec:
+  replicas: {{ .Values.deployment.ingressProxy.replicas }}
+  selector:
+    matchLabels:
+      gloo: ingress-proxy
+  template:
+    metadata:
+      labels:
+        gloo: ingress-proxy
+    spec:
+      containers:
+      - args: ["--disable-hot-restart"]
+        env:
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        image: {{ .Values.deployment.ingressProxy.image }}
+        imagePullPolicy: {{ .Values.deployment.imagePullPolicy }}
+        name: ingress-proxy
+        ports:
+        - containerPort: {{ .Values.deployment.ingressProxy.httpPort }}
+          name: http
+          protocol: TCP
+        volumeMounts:
+        - mountPath: /etc/envoy
+          name: envoy-config
+      volumes:
+      - configMap:
+          name: ingress-envoy-config
+        name: envoy-config
diff --git a/install/helm/gloo/templates/12-ingress-proxy-configmap.yaml b/install/helm/gloo/templates/12-ingress-proxy-configmap.yaml
@@ -0,0 +1,46 @@
+# configmap
+apiVersion: v1
+data:
+  envoy.yaml: |
+    node:
+      cluster: ingress
+      id: "{{ "{{" }}.PodName{{ "}}" }}.{{ "{{" }}.PodNamespace{{ "}}" }}"
+      metadata:
+        # this line must match !
+        role: "{{ .Release.Namespace }}~ingress-proxy"
+    static_resources:
+      clusters:
+      - name: xds_cluster
+        connect_timeout: 5.000s
+        load_assignment:
+          cluster_name: xds_cluster
+          endpoints:
+          - lb_endpoints:
+            - endpoint:
+                address:
+                  socket_address:
+                    address: gloo
+                    port_value: {{ .Values.deployment.gloo.xdsPort }}
+        http2_protocol_options: {}
+        type: STRICT_DNS
+    dynamic_resources:
+      ads_config:
+        api_type: GRPC
+        grpc_services:
+        - envoy_grpc: {cluster_name: xds_cluster}
+      cds_config:
+        ads: {}
+      lds_config:
+        ads: {}
+    admin:
+      access_log_path: /dev/null
+      address:
+        socket_address:
+          address: 127.0.0.1
+          port_value: 19000
+kind: ConfigMap
+metadata:
+  labels:
+    app: gloo
+  name: ingress-envoy-config
+  namespace: {{ .Release.Namespace }}
diff --git a/install/helm/gloo/templates/13-ingress-proxy-service.yaml b/install/helm/gloo/templates/13-ingress-proxy-service.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: gloo
+    gloo: ingress-proxy
+  name: ingress-proxy
+  namespace: {{ .Release.Namespace }}
+spec:
+  ports:
+  - port: {{ .Values.deployment.ingressProxy.httpPort }}
+    protocol: TCP
+    name: http
+  selector:
+    gloo: ingress-proxy
+  type: LoadBalancer
diff --git a/install/helm/gloo/templates/2-namespace-clusterrolebinding.yaml b/install/helm/gloo/templates/2-namespace-clusterrolebinding.yaml
@@ -1,27 +1,16 @@
 {{- if .Values.rbac.create }}
 
-kind: ClusterRole
+kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-    name: gloo-role
-rules:
-- apiGroups: [""]
-  resources: ["pods", "services", "secrets", "endpoints", "configmaps"]
-  verbs: ["*"]
-- apiGroups: [""]
-  resources: ["namespaces"]
-  verbs: ["get", "list", "watch"]
-- apiGroups: ["apiextensions.k8s.io"]
-  resources: ["customresourcedefinitions"]
-  verbs: ["get", "create"]
-- apiGroups: ["gloo.solo.io"]
-  resources: ["settings", "upstreams", "proxies","virtualservices"]
-  verbs: ["*"]
-- apiGroups: ["sqoop.solo.io"]
-  resources: ["schemas"]
-  verbs: ["*"]
-- apiGroups: ["gateway.solo.io"]
-  resources: ["virtualservices", "gateways"]
-  verbs: ["*"]
+  name: gloo-role-binding
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: gloo-role
+  apiGroup: rbac.authorization.k8s.io
 
 {{- end -}}
diff --git a/install/helm/gloo/values.yaml b/install/helm/gloo/values.yaml
@@ -19,3 +19,10 @@ deployment:
     image: soloio/gloo-envoy-wrapper:0.5.0
     httpPort: 8080
     replicas: 1
+  ingress:
+    image: soloio/ingress:0.5.0
+    replicas: 1
+  ingressProxy:
+    image: soloio/gloo-envoy-wrapper:0.5.0
+    httpPort: 80
+    replicas: 1