Support openshift routes (#1206)

* split service port from config calculation into its own function Signed-off-by: Benedikt Bongartz <[email protected]> * register openshift route v1 as valid ingress enum Signed-off-by: Benedikt Bongartz <[email protected]> * add routes to reconcile loop - determine platform - grant otel controller permission to route api Signed-off-by: Benedikt Bongartz <[email protected]> * add openshift api to go mod Signed-off-by: Benedikt Bongartz <[email protected]> * add naming method for openshift routes Signed-off-by: Benedikt Bongartz <[email protected]> * add route reconcile routine Signed-off-by: Benedikt Bongartz <[email protected]> * add route reconciler if platform changes to openshift Signed-off-by: Benedikt Bongartz <[email protected]> * move route cr definition into testdata package Signed-off-by: Benedikt Bongartz <[email protected]> * controllers: verify that route is created Signed-off-by: Benedikt Bongartz <[email protected]> * crd: move route tls termination settings into extra section Signed-off-by: Benedikt Bongartz <[email protected]> * fix: share platform state across copied config objects Signed-off-by: Benedikt Bongartz <[email protected]> * controller: split opentelemetry collector callback Signed-off-by: Benedikt Bongartz <[email protected]> * tests: add route e2e tests Signed-off-by: Benedikt Bongartz <[email protected]> * fix govet linting ``` main.go:238:16: shadow: declaration of "err" shadows declaration at line 230 (govet) configBytes, err := yaml.Marshal(configs) ^ ``` Signed-off-by: Benedikt Bongartz <[email protected]> * add ingress workaround description Signed-off-by: Benedikt Bongartz <[email protected]> * regenerate Signed-off-by: Benedikt Bongartz <[email protected]> Signed-off-by: Benedikt Bongartz <[email protected]>
open-telemetry · Dec 12, 2022 · 0cf9da2 · 0cf9da2
1 parent c7c4b5f
commit 0cf9da2
Show file tree

Hide file tree

Showing 29 changed files with 974 additions and 68 deletions.
diff --git a/Makefile b/Makefile
@@ -171,7 +171,7 @@ e2e-log-operator:
 	kubectl get deploy -A
 
 .PHONY: prepare-e2e
-prepare-e2e: kuttl set-test-image-vars set-image-controller container container-target-allocator start-kind install-metrics-server load-image-all
+prepare-e2e: kuttl set-test-image-vars set-image-controller container container-target-allocator start-kind install-metrics-server install-openshift-routes load-image-all
 	mkdir -p tests/_build/crds tests/_build/manifests
 	$(KUSTOMIZE) build config/default -o tests/_build/manifests/01-opentelemetry-operator.yaml
 	$(KUSTOMIZE) build config/crd -o tests/_build/crds/
@@ -208,6 +208,10 @@ start-kind:
 install-metrics-server:
 	./hack/install-metrics-server.sh
 
+.PHONY: install-openshift-routes
+install-openshift-routes:
+	./hack/install-openshift-routes.sh
+
 .PHONY: load-image-all
 load-image-all: load-image-operator load-image-target-allocator
 

diff --git a/apis/v1alpha1/ingress_type.go b/apis/v1alpha1/ingress_type.go
@@ -16,11 +16,33 @@ package v1alpha1
 
 type (
 	// IngressType represents how a collector should be exposed (ingress vs route).
-	// +kubebuilder:validation:Enum=ingress
+	// +kubebuilder:validation:Enum=ingress;route
 	IngressType string
 )
 
 const (
 	// IngressTypeNginx specifies that an ingress entry should be created.
 	IngressTypeNginx IngressType = "ingress"
+	// IngressTypeOpenshiftRoute specifies that an route entry should be created.
+	IngressTypeRoute IngressType = "route"
+)
+
+type (
+	// TLSRouteTerminationType is used to indicate which tls settings should be used.
+	// +kubebuilder:validation:Enum=insecure;edge;passthrough;reencrypt
+	TLSRouteTerminationType string
+)
+
+const (
+	// TLSRouteTerminationTypeInsecure indicates that insecure connections are allowed.
+	TLSRouteTerminationTypeInsecure TLSRouteTerminationType = "insecure"
+	// TLSRouteTerminationTypeEdge indicates that encryption should be terminated
+	// at the edge router.
+	TLSRouteTerminationTypeEdge TLSRouteTerminationType = "edge"
+	// TLSTerminationPassthrough indicates that the destination service is
+	// responsible for decrypting traffic.
+	TLSRouteTerminationTypePassthrough TLSRouteTerminationType = "passthrough"
+	// TLSTerminationReencrypt indicates that traffic will be decrypted on the edge
+	// and re-encrypt using a new certificate.
+	TLSRouteTerminationTypeReencrypt TLSRouteTerminationType = "reencrypt"
 )
diff --git a/apis/v1alpha1/opentelemetrycollector_types.go b/apis/v1alpha1/opentelemetrycollector_types.go
@@ -24,6 +24,13 @@ import (
 // Ingress is used to specify how OpenTelemetry Collector is exposed. This
 // functionality is only available if one of the valid modes is set.
 // Valid modes are: deployment, daemonset and statefulset.
+// NOTE: If this feature is activated, all specified receivers are exposed.
+// Currently this has a few limitations. Depending on the ingress controller
+// there are problems with TLS and gRPC.
+// SEE: https://github.com/open-telemetry/opentelemetry-operator/issues/1306.
+// NOTE: As a workaround, port name and appProtocol could be specified directly
+// in the CR.
+// SEE: OpenTelemetryCollector.spec.ports[index].
 type Ingress struct {
 	// Type default value is: ""
 	// Supported types are: ingress
@@ -47,6 +54,17 @@ type Ingress struct {
 	// serving this Ingress resource.
 	// +optional
 	IngressClassName *string `json:"ingressClassName,omitempty"`
+
+	// Route is an OpenShift specific section that is only considered when
+	// type "route" is used.
+	// +optional
+	Route OpenShiftRoute `json:"route,omitempty"`
+}
+
+// OpenShiftRoute defines openshift route specific settings.
+type OpenShiftRoute struct {
+	// Termination indicates termination type. By default "edge" is used.
+	Termination TLSRouteTerminationType `json:"termination,omitempty"`
 }
 
 // OpenTelemetryCollectorSpec defines the desired state of OpenTelemetryCollector.

diff --git a/apis/v1alpha1/opentelemetrycollector_webhook.go b/apis/v1alpha1/opentelemetrycollector_webhook.go
@@ -77,6 +77,9 @@ func (r *OpenTelemetryCollector) Default() {
 			r.Spec.Autoscaler.TargetCPUUtilization = &defaultCPUTarget
 		}
 	}
+	if r.Spec.Ingress.Type == IngressTypeRoute && r.Spec.Ingress.Route.Termination == "" {
+		r.Spec.Ingress.Route.Termination = TLSRouteTerminationTypeEdge
+	}
 }
 
 // +kubebuilder:webhook:verbs=create;update,path=/validate-opentelemetry-io-v1alpha1-opentelemetrycollector,mutating=false,failurePolicy=fail,groups=opentelemetry.io,resources=opentelemetrycollectors,versions=v1alpha1,name=vopentelemetrycollectorcreateupdate.kb.io,sideEffects=none,admissionReviewVersions=v1

diff --git a/apis/v1alpha1/opentelemetrycollector_webhook_test.go b/apis/v1alpha1/opentelemetrycollector_webhook_test.go
@@ -96,6 +96,35 @@ func TestOTELColDefaultingWebhook(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "Missing route termination",
+			otelcol: OpenTelemetryCollector{
+				Spec: OpenTelemetryCollectorSpec{
+					Mode: ModeDeployment,
+					Ingress: Ingress{
+						Type: IngressTypeRoute,
+					},
+				},
+			},
+			expected: OpenTelemetryCollector{
+				ObjectMeta: metav1.ObjectMeta{
+					Labels: map[string]string{
+						"app.kubernetes.io/managed-by": "opentelemetry-operator",
+					},
+				},
+				Spec: OpenTelemetryCollectorSpec{
+					Mode: ModeDeployment,
+					Ingress: Ingress{
+						Type: IngressTypeRoute,
+						Route: OpenShiftRoute{
+							Termination: TLSRouteTerminationTypeEdge,
+						},
+					},
+					Replicas:        &one,
+					UpgradeStrategy: UpgradeStrategyAutomatic,
+				},
+			},
+		},
 	}
 
 	for _, test := range tests {

diff --git a/apis/v1alpha1/zz_generated.deepcopy.go b/apis/v1alpha1/zz_generated.deepcopy.go
diff --git a/bundle/manifests/opentelemetry-operator.clusterserviceversion.yaml b/bundle/manifests/opentelemetry-operator.clusterserviceversion.yaml
@@ -257,6 +257,18 @@ spec:
           - get
           - patch
           - update
+        - apiGroups:
+          - route.openshift.io
+          resources:
+          - routes
+          verbs:
+          - create
+          - delete
+          - get
+          - list
+          - patch
+          - update
+          - watch
         - apiGroups:
           - authentication.k8s.io
           resources:

diff --git a/bundle/manifests/opentelemetry.io_opentelemetrycollectors.yaml b/bundle/manifests/opentelemetry.io_opentelemetrycollectors.yaml
@@ -1206,6 +1206,20 @@ spec:
                       resource. Ingress controller implementations use this field
                       to know whether they should be serving this Ingress resource.
                     type: string
+                  route:
+                    description: Route is an OpenShift specific section that is only
+                      considered when type "route" is used.
+                    properties:
+                      termination:
+                        description: Termination indicates termination type. By default
+                          "edge" is used.
+                        enum:
+                        - insecure
+                        - edge
+                        - passthrough
+                        - reencrypt
+                        type: string
+                    type: object
                   tls:
                     description: TLS configuration.
                     items:
@@ -1236,6 +1250,7 @@ spec:
                     description: 'Type default value is: "" Supported types are: ingress'
                     enum:
                     - ingress
+                    - route
                     type: string
                 type: object
               maxReplicas:

diff --git a/cmd/otel-allocator/main.go b/cmd/otel-allocator/main.go
@@ -235,12 +235,14 @@ func (s *server) ScrapeConfigsHandler(w http.ResponseWriter, r *http.Request) {
 	}
 	// if the hashes are different, we need to recompute the scrape config
 	if hash != s.compareHash {
-		configBytes, err := yaml.Marshal(configs)
+		var configBytes []byte
+		configBytes, err = yaml.Marshal(configs)
 		if err != nil {
 			s.errorHandler(w, err)
 			return
 		}
-		jsonConfig, err := yaml2.YAMLToJSON(configBytes)
+		var jsonConfig []byte
+		jsonConfig, err = yaml2.YAMLToJSON(configBytes)
 		if err != nil {
 			s.errorHandler(w, err)
 			return

diff --git a/config/crd/bases/opentelemetry.io_opentelemetrycollectors.yaml b/config/crd/bases/opentelemetry.io_opentelemetrycollectors.yaml
@@ -1204,6 +1204,20 @@ spec:
                       resource. Ingress controller implementations use this field
                       to know whether they should be serving this Ingress resource.
                     type: string
+                  route:
+                    description: Route is an OpenShift specific section that is only
+                      considered when type "route" is used.
+                    properties:
+                      termination:
+                        description: Termination indicates termination type. By default
+                          "edge" is used.
+                        enum:
+                        - insecure
+                        - edge
+                        - passthrough
+                        - reencrypt
+                        type: string
+                    type: object
                   tls:
                     description: TLS configuration.
                     items:
@@ -1234,6 +1248,7 @@ spec:
                     description: 'Type default value is: "" Supported types are: ingress'
                     enum:
                     - ingress
+                    - route
                     type: string
                 type: object
               maxReplicas:

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -168,3 +168,15 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - route.openshift.io
+  resources:
+  - routes
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch