Rework ControllerManagerConfiguration server settings

https was never working, ref gardener#4605 The config structure is similar to admission-controller now and fits to the manager.Options structure as well. Co-Authored-By: Rafael Franzke <rafael.franzke@sap.com>
timebertt · Jul 14, 2022 · bda575f · bda575f
1 parent 093e305
commit bda575f
Show file tree

Hide file tree

Showing 15 changed files with 83 additions and 286 deletions.
diff --git a/...r/controlplane/charts/runtime/templates/controller-manager/configmap-componentconfig.yaml b/...r/controlplane/charts/runtime/templates/controller-manager/configmap-componentconfig.yaml
@@ -151,16 +151,13 @@ data:
       {{- end }}
     logLevel: {{ required ".Values.global.controller.config.logLevel is required" .Values.global.controller.config.logLevel }}
     server:
-      http:
-        bindAddress: {{ required ".Values.global.controller.config.server.http.bindAddress is required" .Values.global.controller.config.server.http.bindAddress }}
-        port: {{ required ".Values.global.controller.config.server.http.port is required" .Values.global.controller.config.server.http.port }}
-      {{- if .Values.global.controller.config.server.https }}
-      https:
-        bindAddress: {{ required ".Values.global.controller.config.server.https.bindAddress is required" .Values.global.controller.config.server.https.bindAddress }}
-        port: {{ required ".Values.global.controller.config.server.https.port is required" .Values.global.controller.config.server.https.port }}
-        tls:
-          serverCertPath: /etc/gardener-controller-manager/srv/gardener-controller-manager.crt
-          serverKeyPath: /etc/gardener-controller-manager/srv/gardener-controller-manager.key
+      healthProbes:
+        bindAddress: {{ required ".Values.global.controller.config.server.healthProbes.bindAddress is required" .Values.global.controller.config.server.healthProbes.bindAddress }}
+        port: {{ required ".Values.global.controller.config.server.healthProbes.port is required" .Values.global.controller.config.server.healthProbes.port }}
+      {{- if .Values.global.controller.config.server.metrics }}
+      metrics:
+        bindAddress: {{ required ".Values.global.controller.config.server.metrics.bindAddress is required" .Values.global.controller.config.server.metrics.bindAddress }}
+        port: {{ required ".Values.global.controller.config.server.metrics.port is required" .Values.global.controller.config.server.metrics.port }}
       {{- end }}
     {{- if .Values.global.controller.config.debugging }}
     debugging:

diff --git a/charts/gardener/controlplane/charts/runtime/templates/controller-manager/deployment.yaml b/charts/gardener/controlplane/charts/runtime/templates/controller-manager/deployment.yaml
@@ -20,9 +20,6 @@ spec:
     metadata:
       annotations:
         checksum/configmap-gardener-controller-manager-config: {{ include (print $.Template.BasePath "/controller-manager/configmap-componentconfig.yaml") . | sha256sum }}
-        {{- if .Values.global.controller.config.server.https }}
-        checksum/secret-gardener-controller-manager-cert: {{ include (print $.Template.BasePath "/controller-manager/secret-cert.yaml") . | sha256sum }}
-        {{- end }}
         checksum/secret-gardener-controller-manager-kubeconfig: {{ include (print $.Template.BasePath "/controller-manager/secret-kubeconfig.yaml") . | sha256sum }}
         checksum/secret-default-domain: {{ include "gardener.secret-default-domain" . | sha256sum }}
         checksum/secret-internal-domain: {{ include "gardener.secret-internal-domain" . | sha256sum }}
@@ -101,18 +98,20 @@ spec:
         livenessProbe:
           httpGet:
             path: /healthz
-            port: {{ required ".Values.global.controller.config.server.http.port is required" .Values.global.controller.config.server.http.port }}
+            port: {{ required ".Values.global.controller.config.server.healthProbes.port is required" .Values.global.controller.config.server.healthProbes.port }}
             scheme: HTTP
           initialDelaySeconds: 30
           timeoutSeconds: 5
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: {{ required ".Values.global.controller.config.server.healthProbes.port is required" .Values.global.controller.config.server.healthProbes.port }}
+            scheme: HTTP
+          initialDelaySeconds: 10
+          timeoutSeconds: 5
         terminationMessagePath: /dev/termination-log
         terminationMessagePolicy: File
         volumeMounts:
-        {{- if .Values.global.controller.config.server.https }}
-        - name: gardener-controller-manager-cert
-          mountPath: /etc/gardener-controller-manager/srv
-          readOnly: true
-        {{- end }}
         {{- if .Values.global.controller.kubeconfig }}
         - name: gardener-controller-manager-kubeconfig
           mountPath: /etc/gardener-controller-manager/kubeconfig
@@ -129,11 +128,6 @@ spec:
 {{ toYaml .Values.global.controller.additionalVolumeMounts | indent 8 }}
 {{- end }}
       volumes:
-      {{- if .Values.global.controller.config.server.https }}
-      - name: gardener-controller-manager-cert
-        secret:
-          secretName: gardener-controller-manager-cert
-      {{- end }}
       {{- if .Values.global.controller.kubeconfig }}
       - name: gardener-controller-manager-kubeconfig
         secret:

diff --git a/charts/gardener/controlplane/charts/runtime/templates/controller-manager/secret-cert.yaml b/charts/gardener/controlplane/charts/runtime/templates/controller-manager/secret-cert.yaml
diff --git a/charts/gardener/controlplane/charts/runtime/templates/controller-manager/service.yaml b/charts/gardener/controlplane/charts/runtime/templates/controller-manager/service.yaml
@@ -16,12 +16,8 @@ spec:
     role: controller-manager
     release: {{ .Release.Name }}
   ports:
-  - name: http
+  - name: metrics
     protocol: TCP
-    port: 80
-    targetPort: {{ required ".Values.global.controller.config.server.http.port is required" .Values.global.controller.config.server.http.port }}
-  - name: https
-    protocol: TCP
-    port: 443
-    targetPort: {{ required ".Values.global.controller.config.server.https.port is required" .Values.global.controller.config.server.https.port }}
+    port: {{ required ".Values.global.controller.config.server.metrics.port is required" .Values.global.controller.config.server.metrics.port }}
+    targetPort: {{ required ".Values.global.controller.config.server.metrics.port is required" .Values.global.controller.config.server.metrics.port }}
 {{- end }}
diff --git a/charts/gardener/controlplane/values.yaml b/charts/gardener/controlplane/values.yaml
@@ -423,21 +423,12 @@ global:
     #   resourceNamespace: garden
       logLevel: info
       server:
-        http:
+        healthProbes:
           bindAddress: 0.0.0.0
           port: 2718
-        https:
+        metrics:
           bindAddress: 0.0.0.0
           port: 2719
-          tls:
-            crt: |
-              -----BEGIN CERTIFICATE-----
-              ...
-              -----END CERTIFICATE-----
-            key: |
-              -----BEGIN RSA PRIVATE KEY-----
-              ...
-              -----END RSA PRIVATE KEY-----
       debugging:
         enableProfiling: false
         enableContentionProfiling: false

diff --git a/example/20-componentconfig-gardener-controller-manager.yaml b/example/20-componentconfig-gardener-controller-manager.yaml
@@ -75,9 +75,12 @@ leaderElection:
 logLevel: info
 logFormat: text
 server:
-  http:
+  healthProbes:
     bindAddress: 0.0.0.0
     port: 2718
+  metrics:
+    bindAddress: 0.0.0.0
+    port: 2719
 debugging:
   enableProfiling: false
   enableContentionProfiling: false
diff --git a/pkg/admissioncontroller/apis/config/types.go b/pkg/admissioncontroller/apis/config/types.go
@@ -39,7 +39,8 @@ type AdmissionControllerConfiguration struct {
 
 // ServerConfiguration contains details for the HTTP(S) servers.
 type ServerConfiguration struct {
-	// HTTPS is the configuration for the HTTPS server.
+	// HTTPS is the configuration for the HTTPS webhook server.
+	// TODO: rename this to Webhooks
 	HTTPS HTTPSServer
 	// HealthProbes is the configuration for serving the healthz and readyz endpoints.
 	HealthProbes *Server

diff --git a/pkg/admissioncontroller/apis/config/v1alpha1/types.go b/pkg/admissioncontroller/apis/config/v1alpha1/types.go
@@ -40,7 +40,8 @@ type AdmissionControllerConfiguration struct {
 
 // ServerConfiguration contains details for the HTTP(S) servers.
 type ServerConfiguration struct {
-	// HTTPS is the configuration for the HTTPS server.
+	// HTTPS is the configuration for the HTTPS webhook server.
+	// TODO: rename this to Webhooks
 	HTTPS HTTPSServer `json:"https"`
 	// HealthProbes is the configuration for serving the healthz and readyz endpoints.
 	// +optional

diff --git a/pkg/controllermanager/apis/config/types.go b/pkg/controllermanager/apis/config/types.go
@@ -310,10 +310,10 @@ type ManagedSeedSetControllerConfiguration struct {
 
 // ServerConfiguration contains details for the HTTP(S) servers.
 type ServerConfiguration struct {
-	// HTTP is the configuration for the HTTP server.
-	HTTP Server
-	// HTTPS is the configuration for the HTTPS server.
-	HTTPS HTTPSServer
+	// HealthProbes is the configuration for serving the healthz and readyz endpoints.
+	HealthProbes *Server
+	// Metrics is the configuration for serving the metrics endpoint.
+	Metrics *Server
 }
 
 // Server contains information for HTTP(S) server configuration.
@@ -323,27 +323,3 @@ type Server struct {
 	// Port is the port on which to serve requests.
 	Port int
 }
-
-// HTTPSServer is the configuration for the HTTPSServer server.
-type HTTPSServer struct {
-	// Server is the configuration for the bind address and the port.
-	Server
-	// TLSServer contains information about the TLS configuration for a HTTPS server.
-	TLS TLSServer
-}
-
-// TLSServer contains information about the TLS configuration for a HTTPS server.
-type TLSServer struct {
-	// ServerCertPath is the path to the server certificate file.
-	ServerCertPath string
-	// ServerKeyPath is the path to the private key file.
-	ServerKeyPath string
-}
-
-const (
-	// ControllerManagerDefaultLockObjectNamespace is the default lock namespace for leader election.
-	ControllerManagerDefaultLockObjectNamespace = "garden"
-
-	// ControllerManagerDefaultLockObjectName is the default lock name for leader election.
-	ControllerManagerDefaultLockObjectName = "gardener-controller-manager-leader-election"
-)
diff --git a/pkg/controllermanager/apis/config/v1alpha1/defaults.go b/pkg/controllermanager/apis/config/v1alpha1/defaults.go
@@ -28,19 +28,6 @@ func addDefaultingFuncs(scheme *runtime.Scheme) error {
 
 // SetDefaults_ControllerManagerConfiguration sets defaults for the configuration of the Gardener controller manager.
 func SetDefaults_ControllerManagerConfiguration(obj *ControllerManagerConfiguration) {
-	if len(obj.Server.HTTP.BindAddress) == 0 {
-		obj.Server.HTTP.BindAddress = "0.0.0.0"
-	}
-	if obj.Server.HTTP.Port == 0 {
-		obj.Server.HTTP.Port = 2718
-	}
-	if len(obj.Server.HTTPS.BindAddress) == 0 {
-		obj.Server.HTTPS.BindAddress = "0.0.0.0"
-	}
-	if obj.Server.HTTPS.Port == 0 {
-		obj.Server.HTTPS.Port = 2719
-	}
-
 	if obj.Controllers.Bastion == nil {
 		obj.Controllers.Bastion = &BastionControllerConfiguration{}
 	}
@@ -235,6 +222,20 @@ func SetDefaults_ControllerManagerConfiguration(obj *ControllerManagerConfigurat
 	if obj.LeaderElection == nil {
 		obj.LeaderElection = &componentbaseconfigv1alpha1.LeaderElectionConfiguration{}
 	}
+
+	if obj.Server.HealthProbes == nil {
+		obj.Server.HealthProbes = &Server{}
+	}
+	if obj.Server.HealthProbes.Port == 0 {
+		obj.Server.HealthProbes.Port = 2718
+	}
+
+	if obj.Server.Metrics == nil {
+		obj.Server.Metrics = &Server{}
+	}
+	if obj.Server.Metrics.Port == 0 {
+		obj.Server.Metrics.Port = 2719
+	}
 }
 
 // SetDefaults_ClientConnectionConfiguration sets defaults for the garden client connection.

diff --git a/pkg/controllermanager/apis/config/v1alpha1/defaults_test.go b/pkg/controllermanager/apis/config/v1alpha1/defaults_test.go
@@ -39,11 +39,6 @@ var _ = Describe("Defaults", func() {
 		It("should correctly default the controller manager configuration", func() {
 			SetObjectDefaults_ControllerManagerConfiguration(obj)
 
-			Expect(obj.Server.HTTP.BindAddress).To(Equal("0.0.0.0"))
-			Expect(obj.Server.HTTP.Port).To(Equal(2718))
-			Expect(obj.Server.HTTPS.BindAddress).To(Equal("0.0.0.0"))
-			Expect(obj.Server.HTTPS.Port).To(Equal(2719))
-
 			Expect(obj.Controllers.Bastion).NotTo(BeNil())
 			Expect(obj.Controllers.Bastion.ConcurrentSyncs).NotTo(BeNil())
 			Expect(obj.Controllers.Bastion.ConcurrentSyncs).To(PointTo(Equal(5)))
@@ -121,6 +116,11 @@ var _ = Describe("Defaults", func() {
 
 			Expect(obj.LogLevel).To(Equal(logger.InfoLevel))
 			Expect(obj.LogFormat).To(Equal(logger.FormatJSON))
+
+			Expect(obj.Server.HealthProbes.BindAddress).To(BeEmpty())
+			Expect(obj.Server.HealthProbes.Port).To(Equal(2718))
+			Expect(obj.Server.Metrics.BindAddress).To(BeEmpty())
+			Expect(obj.Server.Metrics.Port).To(Equal(2719))
 		})
 
 		It("should correctly default the project quota configuration", func() {

diff --git a/pkg/controllermanager/apis/config/v1alpha1/types.go b/pkg/controllermanager/apis/config/v1alpha1/types.go
@@ -367,10 +367,12 @@ type ManagedSeedSetControllerConfiguration struct {
 
 // ServerConfiguration contains details for the HTTP(S) servers.
 type ServerConfiguration struct {
-	// HTTP is the configuration for the HTTP server.
-	HTTP Server `json:"http"`
-	// HTTPS is the configuration for the HTTPS server.
-	HTTPS HTTPSServer `json:"https"`
+	// HealthProbes is the configuration for serving the healthz and readyz endpoints.
+	// +optional
+	HealthProbes *Server `json:"healthProbes,omitempty"`
+	// Metrics is the configuration for serving the metrics endpoint.
+	// +optional
+	Metrics *Server `json:"metrics,omitempty"`
 }
 
 // Server contains information for HTTP(S) server configuration.
@@ -381,22 +383,6 @@ type Server struct {
 	Port int `json:"port"`
 }
 
-// HTTPSServer is the configuration for the HTTPSServer server.
-type HTTPSServer struct {
-	// Server is the configuration for the bind address and the port.
-	Server `json:",inline"`
-	// TLSServer contains information about the TLS configuration for a HTTPS server.
-	TLS TLSServer `json:"tls"`
-}
-
-// TLSServer contains information about the TLS configuration for a HTTPS server.
-type TLSServer struct {
-	// ServerCertPath is the path to the server certificate file.
-	ServerCertPath string `json:"serverCertPath"`
-	// ServerKeyPath is the path to the private key file.
-	ServerKeyPath string `json:"serverKeyPath"`
-}
-
 const (
 	// ControllerManagerDefaultLockObjectNamespace is the default lock namespace for leader election.
 	ControllerManagerDefaultLockObjectNamespace = "garden"