Add flag to allocate ports for proxy protocol

tsuru · Jan 31, 2023 · 0a47b01 · 0a47b01
1 parent 911c778
commit 0a47b01
Show file tree

Hide file tree

Showing 8 changed files with 73 additions and 4 deletions.
diff --git a/api/v1alpha1/rpaasinstance_types.go b/api/v1alpha1/rpaasinstance_types.go
@@ -128,6 +128,9 @@ type RpaasInstanceSpec struct {
 	//
 	// +optional
 	EnablePodDisruptionBudget *bool `json:"enablePodDisruptionBudget,omitempty"`
+
+	// ProxyProtocol defines whether allocate additional ports to expose via proxy protocol
+	ProxyProtocol bool `json:"proxyProtocol,omitempty"`
 }
 
 type DynamicCertificates struct {

diff --git a/config/crd/bases/extensions.tsuru.io_rpaasflavors.yaml b/config/crd/bases/extensions.tsuru.io_rpaasflavors.yaml
@@ -6061,6 +6061,10 @@ spec:
                           type: object
                         type: array
                     type: object
+                  proxyProtocol:
+                    description: ProxyProtocol defines whether allocate additional
+                      ports to expose via proxy protocol
+                    type: boolean
                   replicas:
                     description: Number of desired pods. This is a pointer to distinguish
                       between explicit zero and not specified. Defaults to 1.

diff --git a/config/crd/bases/extensions.tsuru.io_rpaasinstances.yaml b/config/crd/bases/extensions.tsuru.io_rpaasinstances.yaml
@@ -5820,6 +5820,10 @@ spec:
                       type: object
                     type: array
                 type: object
+              proxyProtocol:
+                description: ProxyProtocol defines whether allocate additional ports
+                  to expose via proxy protocol
+                type: boolean
               replicas:
                 description: Number of desired pods. This is a pointer to distinguish
                   between explicit zero and not specified. Defaults to 1.

diff --git a/controllers/controller.go b/controllers/controller.go
@@ -49,7 +49,6 @@ const (
 	defaultConfigHistoryLimit     = 10
 	defaultCacheSnapshotCronImage = "bitnami/kubectl:latest"
 	defaultCacheSnapshotSchedule  = "* * * * *"
-	defaultPortAllocationResource = "default"
 	volumeTeamLabel               = "tsuru.io/volume-team"
 
 	cacheSnapshotCronJobSuffix = "-snapshot-cron-job"

diff --git a/controllers/controller_test.go b/controllers/controller_test.go
@@ -1882,6 +1882,48 @@ func TestReconcile(t *testing.T) {
 
 }
 
+func TestReconcileWithProxyProtocol(t *testing.T) {
+	rpaas := &v1alpha1.RpaasInstance{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "my-instance",
+			Namespace: "default",
+		},
+		Spec: v1alpha1.RpaasInstanceSpec{
+			PlanName: "my-plan",
+		},
+	}
+	plan := &v1alpha1.RpaasPlan{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "my-plan",
+			Namespace: "default",
+		},
+		Spec: v1alpha1.RpaasPlanSpec{
+			Image: "tsuru:mynginx:test",
+		},
+	}
+
+	defaultFlavor := newRpaasFlavor()
+	defaultFlavor.Name = "default"
+	defaultFlavor.Spec.Default = true
+	defaultFlavor.Spec.InstanceTemplate = &v1alpha1.RpaasInstanceSpec{
+		ProxyProtocol: true,
+	}
+	reconciler := newRpaasInstanceReconciler(rpaas, plan, defaultFlavor)
+	result, err := reconciler.Reconcile(context.Background(), reconcile.Request{NamespacedName: types.NamespacedName{Namespace: "default", Name: "my-instance"}})
+	require.NoError(t, err)
+
+	assert.Equal(t, result, reconcile.Result{})
+
+	nginx := &nginxv1alpha1.Nginx{}
+	err = reconciler.Client.Get(context.TODO(), types.NamespacedName{Name: rpaas.Name, Namespace: rpaas.Namespace}, nginx)
+	require.NoError(t, err)
+	assert.Equal(t, nginx.Spec.PodTemplate.Ports, []corev1.ContainerPort{
+		{Name: "nginx-metrics", ContainerPort: 8800, Protocol: "TCP"},
+		{Name: "proxy-protocol-http", ContainerPort: 9080, Protocol: "TCP"},
+		{Name: "proxy-protocol-https", ContainerPort: 9443, Protocol: "TCP"},
+	})
+}
+
 func TestReconcilePoolNamespaced(t *testing.T) {
 	rpaas := &v1alpha1.RpaasInstance{
 		ObjectMeta: metav1.ObjectMeta{

diff --git a/controllers/rpaasinstance_controller.go b/controllers/rpaasinstance_controller.go
@@ -113,6 +113,20 @@ func (r *RpaasInstanceReconciler) Reconcile(ctx context.Context, req ctrl.Reques
 		},
 	}
 
+	if instanceMergedWithFlavors.Spec.ProxyProtocol {
+		instanceMergedWithFlavors.Spec.PodTemplate.Ports = append(instanceMergedWithFlavors.Spec.PodTemplate.Ports, corev1.ContainerPort{
+			Name:          nginx.PortNameProxyProtocolHTTP,
+			ContainerPort: nginx.DefaultProxyProtocolHTTPPort,
+			Protocol:      corev1.ProtocolTCP,
+		})
+
+		instanceMergedWithFlavors.Spec.PodTemplate.Ports = append(instanceMergedWithFlavors.Spec.PodTemplate.Ports, corev1.ContainerPort{
+			Name:          nginx.PortNameProxyProtocolHTTPS,
+			ContainerPort: nginx.DefaultProxyProtocolHTTPSPort,
+			Protocol:      corev1.ProtocolTCP,
+		})
+	}
+
 	rendered, err := r.renderTemplate(ctx, instanceMergedWithFlavors, plan)
 	if err != nil {
 		return reconcile.Result{}, err

diff --git a/internal/pkg/rpaas/nginx/configuration_render.go b/internal/pkg/rpaas/nginx/configuration_render.go
@@ -157,7 +157,7 @@ func proxyProtocolHTTPPort(instance *v1alpha1.RpaasInstance) int32 {
 		}
 	}
 
-	return 9080
+	return DefaultProxyProtocolHTTPPort
 }
 
 func proxyProtocolHTTPSPort(instance *v1alpha1.RpaasInstance) int32 {
@@ -168,7 +168,7 @@ func proxyProtocolHTTPSPort(instance *v1alpha1.RpaasInstance) int32 {
 		}
 	}
 
-	return 9443
+	return DefaultProxyProtocolHTTPSPort
 }
 
 func managePort(instance *v1alpha1.RpaasInstance) int32 {

diff --git a/internal/pkg/rpaas/nginx/manager.go b/internal/pkg/rpaas/nginx/manager.go
@@ -22,7 +22,10 @@ const (
 	PortNameMetrics            = "nginx-metrics"
 	PortNameManagement         = PortNameMetrics
 
-	DefaultManagePort         = 8800
+	DefaultManagePort             = 8800
+	DefaultProxyProtocolHTTPPort  = 9080
+	DefaultProxyProtocolHTTPSPort = 9443
+
 	defaultPurgeTimeout       = time.Duration(1 * time.Second)
 	defaultPurgeLocation      = "/purge"
 	defaultPurgeLocationMatch = "^/purge/(.+)"