From 0a47b016704066e2497c97852e1eb9ebb20f39ef Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Wilson=20J=C3=BAnior?= <wilsonpjunior@gmail.com>
Date: Tue, 31 Jan 2023 13:16:35 -0300
Subject: [PATCH] Add flag to allocate ports for proxy protocol

---
 api/v1alpha1/rpaasinstance_types.go           |  3 ++
 .../extensions.tsuru.io_rpaasflavors.yaml     |  4 ++
 .../extensions.tsuru.io_rpaasinstances.yaml   |  4 ++
 controllers/controller.go                     |  1 -
 controllers/controller_test.go                | 42 +++++++++++++++++++
 controllers/rpaasinstance_controller.go       | 14 +++++++
 .../pkg/rpaas/nginx/configuration_render.go   |  4 +-
 internal/pkg/rpaas/nginx/manager.go           |  5 ++-
 8 files changed, 73 insertions(+), 4 deletions(-)

diff --git a/api/v1alpha1/rpaasinstance_types.go b/api/v1alpha1/rpaasinstance_types.go
index e075c4e1e..a382fa1e4 100644
--- a/api/v1alpha1/rpaasinstance_types.go
+++ b/api/v1alpha1/rpaasinstance_types.go
@@ -128,6 +128,9 @@ type RpaasInstanceSpec struct {
 	//
 	// +optional
 	EnablePodDisruptionBudget *bool `json:"enablePodDisruptionBudget,omitempty"`
+
+	// ProxyProtocol defines whether allocate additional ports to expose via proxy protocol
+	ProxyProtocol bool `json:"proxyProtocol,omitempty"`
 }
 
 type DynamicCertificates struct {
diff --git a/config/crd/bases/extensions.tsuru.io_rpaasflavors.yaml b/config/crd/bases/extensions.tsuru.io_rpaasflavors.yaml
index 040136296..e763868d0 100644
--- a/config/crd/bases/extensions.tsuru.io_rpaasflavors.yaml
+++ b/config/crd/bases/extensions.tsuru.io_rpaasflavors.yaml
@@ -6061,6 +6061,10 @@ spec:
                           type: object
                         type: array
                     type: object
+                  proxyProtocol:
+                    description: ProxyProtocol defines whether allocate additional
+                      ports to expose via proxy protocol
+                    type: boolean
                   replicas:
                     description: Number of desired pods. This is a pointer to distinguish
                       between explicit zero and not specified. Defaults to 1.
diff --git a/config/crd/bases/extensions.tsuru.io_rpaasinstances.yaml b/config/crd/bases/extensions.tsuru.io_rpaasinstances.yaml
index e17ef8132..b12330129 100644
--- a/config/crd/bases/extensions.tsuru.io_rpaasinstances.yaml
+++ b/config/crd/bases/extensions.tsuru.io_rpaasinstances.yaml
@@ -5820,6 +5820,10 @@ spec:
                       type: object
                     type: array
                 type: object
+              proxyProtocol:
+                description: ProxyProtocol defines whether allocate additional ports
+                  to expose via proxy protocol
+                type: boolean
               replicas:
                 description: Number of desired pods. This is a pointer to distinguish
                   between explicit zero and not specified. Defaults to 1.
diff --git a/controllers/controller.go b/controllers/controller.go
index c17b0a2ce..bf46c252e 100644
--- a/controllers/controller.go
+++ b/controllers/controller.go
@@ -49,7 +49,6 @@ const (
 	defaultConfigHistoryLimit     = 10
 	defaultCacheSnapshotCronImage = "bitnami/kubectl:latest"
 	defaultCacheSnapshotSchedule  = "* * * * *"
-	defaultPortAllocationResource = "default"
 	volumeTeamLabel               = "tsuru.io/volume-team"
 
 	cacheSnapshotCronJobSuffix = "-snapshot-cron-job"
diff --git a/controllers/controller_test.go b/controllers/controller_test.go
index 43f6c375f..5dc5a9cef 100644
--- a/controllers/controller_test.go
+++ b/controllers/controller_test.go
@@ -1882,6 +1882,48 @@ func TestReconcile(t *testing.T) {
 
 }
 
+func TestReconcileWithProxyProtocol(t *testing.T) {
+	rpaas := &v1alpha1.RpaasInstance{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "my-instance",
+			Namespace: "default",
+		},
+		Spec: v1alpha1.RpaasInstanceSpec{
+			PlanName: "my-plan",
+		},
+	}
+	plan := &v1alpha1.RpaasPlan{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "my-plan",
+			Namespace: "default",
+		},
+		Spec: v1alpha1.RpaasPlanSpec{
+			Image: "tsuru:mynginx:test",
+		},
+	}
+
+	defaultFlavor := newRpaasFlavor()
+	defaultFlavor.Name = "default"
+	defaultFlavor.Spec.Default = true
+	defaultFlavor.Spec.InstanceTemplate = &v1alpha1.RpaasInstanceSpec{
+		ProxyProtocol: true,
+	}
+	reconciler := newRpaasInstanceReconciler(rpaas, plan, defaultFlavor)
+	result, err := reconciler.Reconcile(context.Background(), reconcile.Request{NamespacedName: types.NamespacedName{Namespace: "default", Name: "my-instance"}})
+	require.NoError(t, err)
+
+	assert.Equal(t, result, reconcile.Result{})
+
+	nginx := &nginxv1alpha1.Nginx{}
+	err = reconciler.Client.Get(context.TODO(), types.NamespacedName{Name: rpaas.Name, Namespace: rpaas.Namespace}, nginx)
+	require.NoError(t, err)
+	assert.Equal(t, nginx.Spec.PodTemplate.Ports, []corev1.ContainerPort{
+		{Name: "nginx-metrics", ContainerPort: 8800, Protocol: "TCP"},
+		{Name: "proxy-protocol-http", ContainerPort: 9080, Protocol: "TCP"},
+		{Name: "proxy-protocol-https", ContainerPort: 9443, Protocol: "TCP"},
+	})
+}
+
 func TestReconcilePoolNamespaced(t *testing.T) {
 	rpaas := &v1alpha1.RpaasInstance{
 		ObjectMeta: metav1.ObjectMeta{
diff --git a/controllers/rpaasinstance_controller.go b/controllers/rpaasinstance_controller.go
index 3d251589a..85ddad086 100644
--- a/controllers/rpaasinstance_controller.go
+++ b/controllers/rpaasinstance_controller.go
@@ -113,6 +113,20 @@ func (r *RpaasInstanceReconciler) Reconcile(ctx context.Context, req ctrl.Reques
 		},
 	}
 
+	if instanceMergedWithFlavors.Spec.ProxyProtocol {
+		instanceMergedWithFlavors.Spec.PodTemplate.Ports = append(instanceMergedWithFlavors.Spec.PodTemplate.Ports, corev1.ContainerPort{
+			Name:          nginx.PortNameProxyProtocolHTTP,
+			ContainerPort: nginx.DefaultProxyProtocolHTTPPort,
+			Protocol:      corev1.ProtocolTCP,
+		})
+
+		instanceMergedWithFlavors.Spec.PodTemplate.Ports = append(instanceMergedWithFlavors.Spec.PodTemplate.Ports, corev1.ContainerPort{
+			Name:          nginx.PortNameProxyProtocolHTTPS,
+			ContainerPort: nginx.DefaultProxyProtocolHTTPSPort,
+			Protocol:      corev1.ProtocolTCP,
+		})
+	}
+
 	rendered, err := r.renderTemplate(ctx, instanceMergedWithFlavors, plan)
 	if err != nil {
 		return reconcile.Result{}, err
diff --git a/internal/pkg/rpaas/nginx/configuration_render.go b/internal/pkg/rpaas/nginx/configuration_render.go
index e2a6af302..f4c671b7b 100644
--- a/internal/pkg/rpaas/nginx/configuration_render.go
+++ b/internal/pkg/rpaas/nginx/configuration_render.go
@@ -157,7 +157,7 @@ func proxyProtocolHTTPPort(instance *v1alpha1.RpaasInstance) int32 {
 		}
 	}
 
-	return 9080
+	return DefaultProxyProtocolHTTPPort
 }
 
 func proxyProtocolHTTPSPort(instance *v1alpha1.RpaasInstance) int32 {
@@ -168,7 +168,7 @@ func proxyProtocolHTTPSPort(instance *v1alpha1.RpaasInstance) int32 {
 		}
 	}
 
-	return 9443
+	return DefaultProxyProtocolHTTPSPort
 }
 
 func managePort(instance *v1alpha1.RpaasInstance) int32 {
diff --git a/internal/pkg/rpaas/nginx/manager.go b/internal/pkg/rpaas/nginx/manager.go
index b0b9ba760..47f5e14c9 100644
--- a/internal/pkg/rpaas/nginx/manager.go
+++ b/internal/pkg/rpaas/nginx/manager.go
@@ -22,7 +22,10 @@ const (
 	PortNameMetrics            = "nginx-metrics"
 	PortNameManagement         = PortNameMetrics
 
-	DefaultManagePort         = 8800
+	DefaultManagePort             = 8800
+	DefaultProxyProtocolHTTPPort  = 9080
+	DefaultProxyProtocolHTTPSPort = 9443
+
 	defaultPurgeTimeout       = time.Duration(1 * time.Second)
 	defaultPurgeLocation      = "/purge"
 	defaultPurgeLocationMatch = "^/purge/(.+)"