site\_guides\cert-manager.md

Fixes projectcontour#228 site: fix secret name in cert-manager documentation Signed-off-by: vukg <vuk.gojnic@gmail.com>
vukg · Mar 2, 2020 · 9fb2723 · 9fb2723
1 parent 091fdbc
commit 9fb2723
Show file tree

Hide file tree

Showing 15 changed files with 416 additions and 30 deletions.
diff --git a/cmd/contour/contour.go b/cmd/contour/contour.go
@@ -94,6 +94,9 @@ func main() {
 		// on top of any values sourced from -c's config file.
 		_, err := app.Parse(args)
 		check(err)
+		if serveCtx.Debug {
+			log.SetLevel(logrus.DebugLevel)
+		}
 		log.Infof("args: %v", args)
 		check(doServe(log, serveCtx))
 	default:

diff --git a/cmd/contour/serve.go b/cmd/contour/serve.go
@@ -29,6 +29,8 @@ import (
 
 	ingressroutev1 "github.com/projectcontour/contour/apis/contour/v1beta1"
 
+	serviceapis "sigs.k8s.io/service-apis/api/v1alpha1"
+
 	"k8s.io/client-go/dynamic"
 
 	"github.com/projectcontour/contour/internal/contour"
@@ -120,6 +122,9 @@ func registerServe(app *kingpin.Application) (*kingpin.CmdClause, *serveContext)
 	serve.Flag("disable-leader-election", "Disable leader election mechanism.").BoolVar(&ctx.DisableLeaderElection)
 
 	serve.Flag("use-extensions-v1beta1-ingress", "Subscribe to the deprecated extensions/v1beta1.Ingress type.").BoolVar(&ctx.UseExtensionsV1beta1Ingress)
+
+	serve.Flag("debug", "Enable debug logging.").Short('d').BoolVar(&ctx.Debug)
+	serve.Flag("experimental-service-apis", "Subscribe to the new service-apis types.").BoolVar(&ctx.UseExperimentalServiceAPITypes)
 	return serve, ctx
 }
 
@@ -163,6 +168,12 @@ func doServe(log logrus.FieldLogger, ctx *serveContext) error {
 	registry.MustRegister(prometheus.NewProcessCollector(prometheus.ProcessCollectorOpts{}))
 	registry.MustRegister(prometheus.NewGoCollector())
 
+	// Before we can build the event handler, we need to initialize the converter we'll
+	// use to convert from Unstructured. Thanks to kubebuilder types from service-apis, this now can
+	// return an error.
+	converter, err := k8s.NewUnstructuredConverter()
+	check(err)
+
 	// step 3. build our mammoth Kubernetes event handler.
 	eventHandler := &contour.EventHandler{
 		CacheHandler: &contour.CacheHandler{
@@ -208,7 +219,7 @@ func doServe(log logrus.FieldLogger, ctx *serveContext) error {
 	// wrap eventRecorder in a converter for objects from the dynamic client.
 	dynamicHandler := &k8s.DynamicClientHandler{
 		Next:      eventRecorder,
-		Converter: k8s.NewUnstructuredConverter(),
+		Converter: converter,
 		Logger:    log.WithField("context", "dynamicHandler"),
 	}
 
@@ -223,6 +234,14 @@ func doServe(log logrus.FieldLogger, ctx *serveContext) error {
 
 	informerSyncList.Add(coreInformers.Core().V1().Services().Informer()).AddEventHandler(eventRecorder)
 
+	if ctx.UseExperimentalServiceAPITypes {
+		log.Info("Enabling Experimental Service APIs types")
+		informerSyncList.Add(dynamicInformers.ForResource(serviceapis.GroupVersion.WithResource("gatewayclasses")).Informer()).AddEventHandler(dynamicHandler)
+		informerSyncList.Add(dynamicInformers.ForResource(serviceapis.GroupVersion.WithResource("gateways")).Informer()).AddEventHandler(dynamicHandler)
+		informerSyncList.Add(dynamicInformers.ForResource(serviceapis.GroupVersion.WithResource("httproutes")).Informer()).AddEventHandler(dynamicHandler)
+		informerSyncList.Add(dynamicInformers.ForResource(serviceapis.GroupVersion.WithResource("tcproutes")).Informer()).AddEventHandler(dynamicHandler)
+	}
+
 	// After K8s 1.13 the API server will automatically translate extensions/v1beta1.Ingress objects
 	// to networking/v1beta1.Ingress objects so we should only listen for one type or the other.
 	// The default behavior is to listen for networking/v1beta1.Ingress objects and let the API server

diff --git a/cmd/contour/servecontext.go b/cmd/contour/servecontext.go
@@ -32,6 +32,9 @@ import (
 )
 
 type serveContext struct {
+	// Enable debug logging
+	Debug bool
+
 	// contour's kubernetes client parameters
 	InCluster  bool   `yaml:"incluster,omitempty"`
 	Kubeconfig string `yaml:"kubeconfig,omitempty"`
@@ -108,6 +111,13 @@ type serveContext struct {
 	// If the value is true, Contour will register for extensions/v1beta1.Ingress type and do
 	// the rewrite itself.
 	UseExtensionsV1beta1Ingress bool `yaml:"-"`
+
+	// Should Contour register to watch the new service-apis types?
+	// By default this value is false, meaning Contour will not do anything with any of the new
+	// types.
+	// If the value is true, Contour will register for all the service-apis types
+	// (GatewayClass, Gateway, HTTPRoute, TCPRoute, and any more as they are added)
+	UseExperimentalServiceAPITypes bool `yaml:"-"`
 }
 
 // newServeContext returns a serveContext initialized to defaults.
@@ -163,7 +173,8 @@ func newServeContext() *serveContext {
 			Namespace:     "projectcontour",
 			Name:          "leader-elect",
 		},
-		UseExtensionsV1beta1Ingress: false,
+		UseExtensionsV1beta1Ingress:    false,
+		UseExperimentalServiceAPITypes: false,
 	}
 }
 

diff --git a/examples/contour/01-crds.yaml b/examples/contour/01-crds.yaml
@@ -2,6 +2,8 @@
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.2.4
   creationTimestamp: null
   name: ingressroutes.contour.heptio.com
 spec:
@@ -352,6 +354,8 @@ status:
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.2.4
   creationTimestamp: null
   name: tlscertificatedelegations.contour.heptio.com
 spec:
@@ -426,6 +430,8 @@ status:
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.2.4
   creationTimestamp: null
   name: httpproxies.projectcontour.io
 spec:
@@ -1108,6 +1114,8 @@ status:
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.2.4
   creationTimestamp: null
   name: tlscertificatedelegations.projectcontour.io
 spec:

diff --git a/examples/contour/02-rbac.yaml b/examples/contour/02-rbac.yaml
@@ -76,6 +76,15 @@ rules:
   - put
   - post
   - patch
+- apiGroups: ["networking.x.k8s.io"]
+  resources: ["gatewayclasses", "gateways", "httproutes", "tcproutes"]
+  verbs:
+  - get
+  - list
+  - watch
+  - put
+  - post
+  - patch
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: Role

diff --git a/examples/render/contour.yaml b/examples/render/contour.yaml
@@ -76,6 +76,8 @@ data:
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.2.4
   creationTimestamp: null
   name: ingressroutes.contour.heptio.com
 spec:
@@ -426,6 +428,8 @@ status:
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.2.4
   creationTimestamp: null
   name: tlscertificatedelegations.contour.heptio.com
 spec:
@@ -500,6 +504,8 @@ status:
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.2.4
   creationTimestamp: null
   name: httpproxies.projectcontour.io
 spec:
@@ -1182,6 +1188,8 @@ status:
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.2.4
   creationTimestamp: null
   name: tlscertificatedelegations.projectcontour.io
 spec:
@@ -1407,6 +1415,15 @@ rules:
   - put
   - post
   - patch
+- apiGroups: ["networking.x.k8s.io"]
+  resources: ["gatewayclasses", "gateways", "httproutes", "tcproutes"]
+  verbs:
+  - get
+  - list
+  - watch
+  - put
+  - post
+  - patch
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: Role

diff --git a/go.mod b/go.mod
@@ -8,12 +8,11 @@ require (
 	github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4 // indirect
 	github.com/client9/misspell v0.3.4
 	github.com/envoyproxy/go-control-plane v0.9.2
-	github.com/evanphx/json-patch v4.2.0+incompatible
+	github.com/evanphx/json-patch v4.5.0+incompatible
 	github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef // indirect
 	github.com/golang/protobuf v1.3.2
 	github.com/google/go-cmp v0.4.0
 	github.com/google/uuid v1.1.1
-	github.com/googleapis/gnostic v0.2.0 // indirect
 	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0
 	github.com/imdario/mergo v0.3.7 // indirect
 	github.com/konsorten/go-windows-terminal-sequences v1.0.2 // indirect
@@ -24,12 +23,13 @@ require (
 	golang.org/x/tools v0.0.0-20190929041059-e7abfedfabcf // indirect
 	google.golang.org/grpc v1.25.1
 	gopkg.in/alecthomas/kingpin.v2 v2.2.6
-	gopkg.in/yaml.v2 v2.2.4
+	gopkg.in/yaml.v2 v2.2.5
 	k8s.io/api v0.17.0
 	k8s.io/apimachinery v0.17.0
 	k8s.io/client-go v0.17.0
 	k8s.io/code-generator v0.0.0-20190912054826-cd179ad6a269
 	k8s.io/gengo v0.0.0-20191120174120-e74f70b9b27e // indirect
 	k8s.io/klog v1.0.0
-	sigs.k8s.io/controller-tools v0.2.2-0.20191004105652-6eef39898e44
+	sigs.k8s.io/controller-tools v0.2.4
+	sigs.k8s.io/service-apis v0.0.0-20200213014236-51691dd89266
 )