diff --git a/Dockerfile.e2e b/Dockerfile.e2e index b7a4e4db..b5a645d6 100644 --- a/Dockerfile.e2e +++ b/Dockerfile.e2e @@ -1,11 +1,11 @@ -FROM mcr.microsoft.com/oss/go/microsoft/golang:1.20 as builder +FROM mcr.microsoft.com/oss/go/microsoft/golang:1.22 as builder WORKDIR /go/src/e2e ADD . . WORKDIR ./testing/e2e RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -v -a -ldflags '-extldflags "-static"' -o e2e -FROM scratch +FROM gcr.io/distroless/static:nonroot WORKDIR / COPY --from=builder /go/src/e2e/testing/e2e . ENTRYPOINT ["/e2e"] \ No newline at end of file diff --git a/devenv/Dockerfile b/devenv/Dockerfile index 829c4cb9..9f0ec8b9 100644 --- a/devenv/Dockerfile +++ b/devenv/Dockerfile @@ -1,6 +1,6 @@ # convenience dockerfile for unit tests # run make unit from root -FROM mcr.microsoft.com/oss/go/microsoft/golang:1.20 +FROM mcr.microsoft.com/oss/go/microsoft/golang:1.22 RUN mkdir -p /usr/local/kubebuilder/bin RUN wget -q https://github.com/etcd-io/etcd/releases/download/v3.5.0/etcd-v3.5.0-linux-amd64.tar.gz &&\ tar xzf etcd-v3.5.0-linux-amd64.tar.gz &&\ diff --git a/go.mod b/go.mod index ba03c05a..d582a655 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/Azure/aks-app-routing-operator -go 1.20 +go 1.22 require ( github.com/Azure/go-autorest/autorest v0.11.29 diff --git a/pkg/manifests/fixtures/nginx/full-with-replicas.json b/pkg/manifests/fixtures/nginx/full-with-replicas.json index e15421ad..0862d3dd 100644 --- a/pkg/manifests/fixtures/nginx/full-with-replicas.json +++ b/pkg/manifests/fixtures/nginx/full-with-replicas.json @@ -390,8 +390,6 @@ "app.kubernetes.io/name": "nginx" }, "annotations": { - "prometheus.io/port": "10254", - "prometheus.io/scrape": "true", "service.beta.kubernetes.io/azure-load-balancer-internal": "true" } }, @@ -406,7 +404,37 @@ "name": "https", "port": 443, "targetPort": "https" - }, + } + ], + "selector": { + "app": "nginx" + }, + "type": "LoadBalancer", + "externalTrafficPolicy": "Local" + }, + "status": { + "loadBalancer": {} + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "nginx-metrics", + "namespace": "test-namespace", + "creationTimestamp": null, + "labels": { + "app.kubernetes.io/component": "ingress-controller", + "app.kubernetes.io/managed-by": "aks-app-routing-operator", + "app.kubernetes.io/name": "nginx" + }, + "annotations": { + "prometheus.io/port": "10254", + "prometheus.io/scrape": "true" + } + }, + "spec": { + "ports": [ { "name": "prometheus", "port": 10254, @@ -416,8 +444,7 @@ "selector": { "app": "nginx" }, - "type": "LoadBalancer", - "externalTrafficPolicy": "Local" + "type": "ClusterIP" }, "status": { "loadBalancer": {} diff --git a/pkg/manifests/fixtures/nginx/full-with-target-cpu.json b/pkg/manifests/fixtures/nginx/full-with-target-cpu.json index 9c3afdc3..2e0a6f06 100644 --- a/pkg/manifests/fixtures/nginx/full-with-target-cpu.json +++ b/pkg/manifests/fixtures/nginx/full-with-target-cpu.json @@ -390,8 +390,6 @@ "app.kubernetes.io/name": "nginx" }, "annotations": { - "prometheus.io/port": "10254", - "prometheus.io/scrape": "true", "service.beta.kubernetes.io/azure-load-balancer-internal": "true" } }, @@ -406,7 +404,37 @@ "name": "https", "port": 443, "targetPort": "https" - }, + } + ], + "selector": { + "app": "nginx" + }, + "type": "LoadBalancer", + "externalTrafficPolicy": "Local" + }, + "status": { + "loadBalancer": {} + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "nginx-metrics", + "namespace": "test-namespace", + "creationTimestamp": null, + "labels": { + "app.kubernetes.io/component": "ingress-controller", + "app.kubernetes.io/managed-by": "aks-app-routing-operator", + "app.kubernetes.io/name": "nginx" + }, + "annotations": { + "prometheus.io/port": "10254", + "prometheus.io/scrape": "true" + } + }, + "spec": { + "ports": [ { "name": "prometheus", "port": 10254, @@ -416,8 +444,7 @@ "selector": { "app": "nginx" }, - "type": "LoadBalancer", - "externalTrafficPolicy": "Local" + "type": "ClusterIP" }, "status": { "loadBalancer": {} diff --git a/pkg/manifests/fixtures/nginx/full.json b/pkg/manifests/fixtures/nginx/full.json index f0848cf3..45f1d3a4 100644 --- a/pkg/manifests/fixtures/nginx/full.json +++ b/pkg/manifests/fixtures/nginx/full.json @@ -390,8 +390,6 @@ "app.kubernetes.io/name": "nginx" }, "annotations": { - "prometheus.io/port": "10254", - "prometheus.io/scrape": "true", "service.beta.kubernetes.io/azure-load-balancer-internal": "true" } }, @@ -406,7 +404,37 @@ "name": "https", "port": 443, "targetPort": "https" - }, + } + ], + "selector": { + "app": "nginx" + }, + "type": "LoadBalancer", + "externalTrafficPolicy": "Local" + }, + "status": { + "loadBalancer": {} + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "nginx-metrics", + "namespace": "test-namespace", + "creationTimestamp": null, + "labels": { + "app.kubernetes.io/component": "ingress-controller", + "app.kubernetes.io/managed-by": "aks-app-routing-operator", + "app.kubernetes.io/name": "nginx" + }, + "annotations": { + "prometheus.io/port": "10254", + "prometheus.io/scrape": "true" + } + }, + "spec": { + "ports": [ { "name": "prometheus", "port": 10254, @@ -416,8 +444,7 @@ "selector": { "app": "nginx" }, - "type": "LoadBalancer", - "externalTrafficPolicy": "Local" + "type": "ClusterIP" }, "status": { "loadBalancer": {} diff --git a/pkg/manifests/fixtures/nginx/internal-with-ssl-cert.json b/pkg/manifests/fixtures/nginx/internal-with-ssl-cert.json index f81c1103..ff170c08 100644 --- a/pkg/manifests/fixtures/nginx/internal-with-ssl-cert.json +++ b/pkg/manifests/fixtures/nginx/internal-with-ssl-cert.json @@ -388,10 +388,6 @@ "app.kubernetes.io/component": "ingress-controller", "app.kubernetes.io/managed-by": "aks-app-routing-operator", "app.kubernetes.io/name": "nginx" - }, - "annotations": { - "prometheus.io/port": "10254", - "prometheus.io/scrape": "true" } }, "spec": { @@ -405,7 +401,37 @@ "name": "https", "port": 443, "targetPort": "https" - }, + } + ], + "selector": { + "app": "nginx" + }, + "type": "LoadBalancer", + "externalTrafficPolicy": "Local" + }, + "status": { + "loadBalancer": {} + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "nginx-metrics", + "namespace": "test-namespace", + "creationTimestamp": null, + "labels": { + "app.kubernetes.io/component": "ingress-controller", + "app.kubernetes.io/managed-by": "aks-app-routing-operator", + "app.kubernetes.io/name": "nginx" + }, + "annotations": { + "prometheus.io/port": "10254", + "prometheus.io/scrape": "true" + } + }, + "spec": { + "ports": [ { "name": "prometheus", "port": 10254, @@ -415,8 +441,7 @@ "selector": { "app": "nginx" }, - "type": "LoadBalancer", - "externalTrafficPolicy": "Local" + "type": "ClusterIP" }, "status": { "loadBalancer": {} diff --git a/pkg/manifests/fixtures/nginx/internal.json b/pkg/manifests/fixtures/nginx/internal.json index 1e917344..2654a2f1 100644 --- a/pkg/manifests/fixtures/nginx/internal.json +++ b/pkg/manifests/fixtures/nginx/internal.json @@ -388,10 +388,6 @@ "app.kubernetes.io/component": "ingress-controller", "app.kubernetes.io/managed-by": "aks-app-routing-operator", "app.kubernetes.io/name": "nginx" - }, - "annotations": { - "prometheus.io/port": "10254", - "prometheus.io/scrape": "true" } }, "spec": { @@ -405,7 +401,37 @@ "name": "https", "port": 443, "targetPort": "https" - }, + } + ], + "selector": { + "app": "nginx" + }, + "type": "LoadBalancer", + "externalTrafficPolicy": "Local" + }, + "status": { + "loadBalancer": {} + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "nginx-metrics", + "namespace": "test-namespace", + "creationTimestamp": null, + "labels": { + "app.kubernetes.io/component": "ingress-controller", + "app.kubernetes.io/managed-by": "aks-app-routing-operator", + "app.kubernetes.io/name": "nginx" + }, + "annotations": { + "prometheus.io/port": "10254", + "prometheus.io/scrape": "true" + } + }, + "spec": { + "ports": [ { "name": "prometheus", "port": 10254, @@ -415,8 +441,7 @@ "selector": { "app": "nginx" }, - "type": "LoadBalancer", - "externalTrafficPolicy": "Local" + "type": "ClusterIP" }, "status": { "loadBalancer": {} diff --git a/pkg/manifests/fixtures/nginx/kube-system.json b/pkg/manifests/fixtures/nginx/kube-system.json index 60e392cd..c8aad0c4 100644 --- a/pkg/manifests/fixtures/nginx/kube-system.json +++ b/pkg/manifests/fixtures/nginx/kube-system.json @@ -377,8 +377,6 @@ "app.kubernetes.io/name": "nginx" }, "annotations": { - "prometheus.io/port": "10254", - "prometheus.io/scrape": "true", "service.beta.kubernetes.io/azure-load-balancer-internal": "true" } }, @@ -393,7 +391,37 @@ "name": "https", "port": 443, "targetPort": "https" - }, + } + ], + "selector": { + "app": "nginx" + }, + "type": "LoadBalancer", + "externalTrafficPolicy": "Local" + }, + "status": { + "loadBalancer": {} + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "nginx-metrics", + "namespace": "kube-system", + "creationTimestamp": null, + "labels": { + "app.kubernetes.io/component": "ingress-controller", + "app.kubernetes.io/managed-by": "aks-app-routing-operator", + "app.kubernetes.io/name": "nginx" + }, + "annotations": { + "prometheus.io/port": "10254", + "prometheus.io/scrape": "true" + } + }, + "spec": { + "ports": [ { "name": "prometheus", "port": 10254, @@ -403,8 +431,7 @@ "selector": { "app": "nginx" }, - "type": "LoadBalancer", - "externalTrafficPolicy": "Local" + "type": "ClusterIP" }, "status": { "loadBalancer": {} diff --git a/pkg/manifests/fixtures/nginx/no-ownership.json b/pkg/manifests/fixtures/nginx/no-ownership.json index f0848cf3..45f1d3a4 100644 --- a/pkg/manifests/fixtures/nginx/no-ownership.json +++ b/pkg/manifests/fixtures/nginx/no-ownership.json @@ -390,8 +390,6 @@ "app.kubernetes.io/name": "nginx" }, "annotations": { - "prometheus.io/port": "10254", - "prometheus.io/scrape": "true", "service.beta.kubernetes.io/azure-load-balancer-internal": "true" } }, @@ -406,7 +404,37 @@ "name": "https", "port": 443, "targetPort": "https" - }, + } + ], + "selector": { + "app": "nginx" + }, + "type": "LoadBalancer", + "externalTrafficPolicy": "Local" + }, + "status": { + "loadBalancer": {} + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "nginx-metrics", + "namespace": "test-namespace", + "creationTimestamp": null, + "labels": { + "app.kubernetes.io/component": "ingress-controller", + "app.kubernetes.io/managed-by": "aks-app-routing-operator", + "app.kubernetes.io/name": "nginx" + }, + "annotations": { + "prometheus.io/port": "10254", + "prometheus.io/scrape": "true" + } + }, + "spec": { + "ports": [ { "name": "prometheus", "port": 10254, @@ -416,8 +444,7 @@ "selector": { "app": "nginx" }, - "type": "LoadBalancer", - "externalTrafficPolicy": "Local" + "type": "ClusterIP" }, "status": { "loadBalancer": {} diff --git a/pkg/manifests/fixtures/nginx/optional-features-disabled.json b/pkg/manifests/fixtures/nginx/optional-features-disabled.json index aadafb61..91623ff8 100644 --- a/pkg/manifests/fixtures/nginx/optional-features-disabled.json +++ b/pkg/manifests/fixtures/nginx/optional-features-disabled.json @@ -387,8 +387,6 @@ "app.kubernetes.io/name": "nginx" }, "annotations": { - "prometheus.io/port": "10254", - "prometheus.io/scrape": "true", "service.beta.kubernetes.io/azure-load-balancer-internal": "true" } }, @@ -403,7 +401,37 @@ "name": "https", "port": 443, "targetPort": "https" - }, + } + ], + "selector": { + "app": "nginx" + }, + "type": "LoadBalancer", + "externalTrafficPolicy": "Local" + }, + "status": { + "loadBalancer": {} + } + }, + { + "kind": "Service", + "apiVersion": "v1", + "metadata": { + "name": "nginx-metrics", + "namespace": "test-namespace", + "creationTimestamp": null, + "labels": { + "app.kubernetes.io/component": "ingress-controller", + "app.kubernetes.io/managed-by": "aks-app-routing-operator", + "app.kubernetes.io/name": "nginx" + }, + "annotations": { + "prometheus.io/port": "10254", + "prometheus.io/scrape": "true" + } + }, + "spec": { + "ports": [ { "name": "prometheus", "port": 10254, @@ -413,8 +441,7 @@ "selector": { "app": "nginx" }, - "type": "LoadBalancer", - "externalTrafficPolicy": "Local" + "type": "ClusterIP" }, "status": { "loadBalancer": {} diff --git a/pkg/manifests/nginx.go b/pkg/manifests/nginx.go index 107a0910..f744900b 100644 --- a/pkg/manifests/nginx.go +++ b/pkg/manifests/nginx.go @@ -139,6 +139,7 @@ func GetNginxResources(conf *config.Config, ingressConfig *NginxIngressConfig) * ClusterRoleBinding: newNginxIngressControllerClusterRoleBinding(conf, ingressConfig), RoleBinding: newNginxIngressControllerRoleBinding(conf, ingressConfig), Service: newNginxIngressControllerService(conf, ingressConfig), + PromService: newNginxIngressControllerPromService(conf, ingressConfig), Deployment: newNginxIngressControllerDeployment(conf, ingressConfig), ConfigMap: newNginxIngressControllerConfigmap(conf, ingressConfig), HorizontalPodAutoscaler: newNginxIngressControllerHPA(conf, ingressConfig), @@ -368,10 +369,6 @@ func newNginxIngressControllerRoleBinding(conf *config.Config, ingressConfig *Ng func newNginxIngressControllerService(conf *config.Config, ingressConfig *NginxIngressConfig) *corev1.Service { annotations := make(map[string]string) - for k, v := range promAnnotations { - annotations[k] = v - } - if ingressConfig != nil && ingressConfig.ServiceConfig != nil { for k, v := range ingressConfig.ServiceConfig.Annotations { annotations[k] = v @@ -404,6 +401,32 @@ func newNginxIngressControllerService(conf *config.Config, ingressConfig *NginxI Port: 443, TargetPort: intstr.FromString("https"), }, + }, + }, + } +} + +func newNginxIngressControllerPromService(conf *config.Config, ingressConfig *NginxIngressConfig) *corev1.Service { + annotations := make(map[string]string) + for k, v := range promAnnotations { + annotations[k] = v + } + + return &corev1.Service{ + TypeMeta: metav1.TypeMeta{ + Kind: "Service", + APIVersion: "v1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: ingressConfig.ResourceName + "-metrics", + Namespace: conf.NS, + Labels: AddComponentLabel(GetTopLevelLabels(), "ingress-controller"), + Annotations: annotations, + }, + Spec: corev1.ServiceSpec{ + Type: corev1.ServiceTypeClusterIP, + Selector: ingressConfig.PodLabels(), + Ports: []corev1.ServicePort{ promServicePort, }, }, diff --git a/pkg/manifests/types.go b/pkg/manifests/types.go index 39cf7669..86ec763b 100644 --- a/pkg/manifests/types.go +++ b/pkg/manifests/types.go @@ -29,6 +29,7 @@ type NginxResources struct { ClusterRoleBinding *rbacv1.ClusterRoleBinding RoleBinding *rbacv1.RoleBinding Service *corev1.Service + PromService *corev1.Service Deployment *appsv1.Deployment ConfigMap *corev1.ConfigMap HorizontalPodAutoscaler *autov1.HorizontalPodAutoscaler @@ -44,6 +45,7 @@ func (n *NginxResources) Objects() []client.Object { n.ClusterRoleBinding, n.RoleBinding, n.Service, + n.PromService, n.Deployment, n.ConfigMap, n.HorizontalPodAutoscaler, diff --git a/testing/e2e/go.mod b/testing/e2e/go.mod index a486e55f..35889304 100644 --- a/testing/e2e/go.mod +++ b/testing/e2e/go.mod @@ -1,6 +1,6 @@ module github.com/Azure/aks-app-routing-operator/testing/e2e -go 1.20 +go 1.22 require ( github.com/Azure/aks-app-routing-operator v0.0.3