Merge pull request #908 from kdorosh/add_gloo_upstreamRef

Gloo Upstream Ref for Upstream Config

Author: stefanprodan

artifacts/flagger/crd.yaml

@@ -129,6 +129,21 @@ spec:
                         - Ingress
                     name:
                       type: string
+                upstreamRef:
+                  description: Gloo Upstream selector
+                  type: object
+                  required: [ "apiVersion", "kind", "name" ]
+                  properties:
+                    apiVersion:
+                      type: string
+                    kind:
+                      type: string
+                      enum:
+                        - Upstream
+                    name:
+                      type: string
+                    namespace:
+                      type: string
                 service:
                   description: Kubernetes Service spec
                   type: object

charts/flagger/crds/crd.yaml

@@ -129,6 +129,21 @@ spec:
                         - Ingress
                     name:
                       type: string
+                upstreamRef:
+                  description: Gloo Upstream selector
+                  type: object
+                  required: [ "apiVersion", "kind", "name" ]
+                  properties:
+                    apiVersion:
+                      type: string
+                    kind:
+                      type: string
+                      enum:
+                        - Upstream
+                    name:
+                      type: string
+                    namespace:
+                      type: string
                 service:
                   description: Kubernetes Service spec
                   type: object

docs/gitbook/tutorials/gloo-progressive-delivery.md

@@ -10,8 +10,8 @@ and Flagger to automate canary releases and A/B testing.
 Flagger requires a Kubernetes cluster **v1.16** or newer and Gloo Edge ingress **1.6.0** or newer.
 
 This guide was written for Flagger version **1.6.0** or higher. Prior versions of Flagger
-used Gloo upstream groups to handle canaries, but newer versions of Flagger use Gloo
-route tables to handle canaries as well as A/B testing.
+used Gloo `UpstreamGroup`s to handle canaries, but newer versions of Flagger use Gloo
+`RouteTable`s to handle canaries as well as A/B testing.
 
 Install Gloo with Helm v3:
 
@@ -36,7 +36,7 @@ helm upgrade -i flagger flagger/flagger \
 ## Bootstrap
 
 Flagger takes a Kubernetes deployment and optionally a horizontal pod autoscaler (HPA),
-then creates a series of objects (Kubernetes deployments, ClusterIP services and Gloo route tables groups).
+then creates a series of objects (Kubernetes deployments, ClusterIP services, Gloo route tables and upstreams).
 These objects expose the application outside the cluster and drive the canary analysis and promotion.
 
 Create a test namespace:
@@ -94,6 +94,14 @@ metadata:
   name: podinfo
   namespace: test
 spec:
+  # upstreamRef (optional)
+  # defines an upstream to copy the spec from when flagger generates new upstreams.
+  # necessary to copy over TLS config, circuit breakers, etc. (anything nonstandard)
+#  upstreamRef:
+#    apiVersion: gloo.solo.io/v1
+#    kind: Upstream
+#    name: podinfo-upstream
+#    namespace: gloo-system
   provider: gloo
   # deployment reference
   targetRef:

kustomize/base/flagger/crd.yaml

@@ -129,6 +129,21 @@ spec:
                         - Ingress
                     name:
                       type: string
+                upstreamRef:
+                  description: Gloo Upstream selector
+                  type: object
+                  required: [ "apiVersion", "kind", "name" ]
+                  properties:
+                    apiVersion:
+                      type: string
+                    kind:
+                      type: string
+                      enum:
+                        - Upstream
+                    name:
+                      type: string
+                    namespace:
+                      type: string
                 service:
                   description: Kubernetes Service spec
                   type: object

pkg/apis/flagger/v1beta1/canary.go

@@ -77,6 +77,11 @@ type CanarySpec struct {
 	// +optional
 	IngressRef *CrossNamespaceObjectReference `json:"ingressRef,omitempty"`
 
+	// Reference to Gloo Upstream resource. Upstream config is copied from
+	// the referenced upstream to the upstreams generated by flagger.
+	// +optional
+	UpstreamRef *CrossNamespaceObjectReference `json:"upstreamRef,omitempty"`
+
 	// Service defines how ClusterIP services, service mesh or ingress routing objects are generated
 	Service CanaryService `json:"service"`
 

pkg/apis/flagger/v1beta1/zz_generated.deepcopy.go

@@ -1,6 +1,7 @@
 package v1
 
 import (
+	v1 "github.com/fluxcd/flagger/pkg/apis/gloo/gateway/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -16,7 +17,14 @@ type Upstream struct {
 }
 
 type UpstreamSpec struct {
-	Kube KubeUpstream `json:"kube,omitempty"`
+	Kube                        *KubeUpstream         `json:"kube,omitempty"`
+	SslConfig                   *UpstreamSslConfig    `json:"sslConfig,omitempty"`
+	CircuitBreakers             *CircuitBreakerConfig `json:"circuitBreakers,omitempty"`
+	ConnectionConfig            *ConnectionConfig     `json:"connectionConfig,omitempty"`
+	UseHttp2                    bool                  `json:"useHttp2,omitempty"`
+	InitialStreamWindowSize     uint32                `json:"initialStreamWindowSize,omitempty"`
+	InitialConnectionWindowSize uint32                `json:"initialConnectionWindowSize,omitempty"`
+	HttpProxyHostname           string                `json:"httpProxyHostName,omitempty"`
 }
 
 type KubeUpstream struct {
@@ -26,6 +34,85 @@ type KubeUpstream struct {
 	Selector         map[string]string `json:"selector,omitempty"`
 }
 
+type UpstreamSslConfig struct {
+	Sni                  string         `json:"sni,omitempty"`
+	VerifySubjectAltName []string       `json:"verifySubjectAltName,omitempty"`
+	Parameters           *SslParameters `json:"parameters,omitempty"`
+	AlpnProtocols        []string       `json:"alpnProtocols,omitempty"`
+
+	/** SSLSecrets -- only one of these should be set */
+	*UpstreamSslConfig_Sds      `json:"sds,omitempty"`
+	SecretRef                   *v1.ResourceRef `json:"secretRef,omitempty"`
+	*UpstreamSslConfig_SslFiles `json:"sslFiles,omitempty"`
+}
+
+// SSLFiles reference paths to certificates which can be read by the proxy off of its local filesystem
+type UpstreamSslConfig_SslFiles struct {
+	TlsCert string `json:"tlsCert,omitempty"`
+	TlsKey  string `json:"tlsKey,omitempty"`
+	RootCa  string `json:"rootCa,omitempty"`
+}
+
+// Use secret discovery service.
+type UpstreamSslConfig_Sds struct {
+	TargetUri              string `json:"targetUri,omitempty"`
+	CertificatesSecretName string `json:"certificatesSecretName,omitempty"`
+	ValidationContextName  string `json:"validationContextName,omitempty"`
+
+	/** SDSBuilder -- onle one of the following can be set */
+	CallCredentials *CallCredentials `json:"callCredentials,omitempty"`
+	ClusterName     string           `json:"clusterName,omitempty"`
+}
+
+type CallCredentials struct {
+	FileCredentialSource *CallCredentials_FileCredentialSource `json:"fileCredentialSource,omitempty"`
+}
+
+type CallCredentials_FileCredentialSource struct {
+	TokenFileName string `json:"tokenFileName,omitempty"`
+	Header        string `json:"header,omitempty"`
+}
+
+type SslParameters struct {
+	MinimumProtocolVersion int32    `json:"minimumProtocolVersion,omitempty"`
+	MaximumProtocolVersion int32    `json:"maximumProtocolVersion,omitempty"`
+	CipherSuites           []string `json:"cipherSuites,omitempty"`
+	EcdhCurves             []string `json:"ecdhCurves,omitempty"`
+}
+
+type CircuitBreakerConfig struct {
+	MaxConnections     uint32 `json:"maxConnections,omitempty"`
+	MaxPendingRequests uint32 `json:"maxPendingRequests,omitempty"`
+	MaxRequests        uint32 `json:"maxRequests,omitempty"`
+	MaxRetries         uint32 `json:"maxRetries,omitempty"`
+}
+
+type ConnectionConfig struct {
+	MaxRequestsPerConnection      uint32                                `json:"maxRequestsPerConnection,omitempty"`
+	ConnectTimeout                *Duration                             `json:"connectTimeout,omitempty"`
+	TcpKeepalive                  *ConnectionConfig_TcpKeepAlive        `json:"tcpKeepalive,omitempty"`
+	PerConnectionBufferLimitBytes uint32                                `json:"perConnectionBufferLimitBytes,omitempty"`
+	CommonHttpProtocolOptions     *ConnectionConfig_HttpProtocolOptions `json:"commonHttpProtocolOptions,omitempty"`
+}
+
+type ConnectionConfig_TcpKeepAlive struct {
+	KeepaliveProbes   uint32    `json:"keepaliveProbes,omitempty"`
+	KeepaliveTime     *Duration `json:"keepaliveTime,omitempty"`
+	KeepaliveInterval *Duration `json:"keepaliveInterval,omitempty"`
+}
+
+type ConnectionConfig_HttpProtocolOptions struct {
+	IdleTimeout                  *Duration `json:"idleTimeout,omitempty"`
+	MaxHeadersCount              uint32    `json:"maxHeadersCount,omitempty"`
+	MaxStreamDuration            *Duration `json:"maxStreamDuration,omitempty"`
+	HeadersWithUnderscoresAction uint32    `json:"headersWithUnderscoresAction,omitempty"`
+}
+
+type Duration struct {
+	Seconds int64 `json:"seconds,omitempty"`
+	Nanos   int32 `json:"nanos,omitempty"`
+}
+
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // UpstreamList is a list of Upstream resources