testing, gh actions, code improve

DoodleScheduling · Feb 22, 2022 · 1042d1a · 1042d1a
1 parent a5e968b
commit 1042d1a
Show file tree

Hide file tree

Showing 27 changed files with 403 additions and 148 deletions.
diff --git a/.github/workflows/chart.yaml b/.github/workflows/chart.yaml
@@ -26,17 +26,17 @@ jobs:
       - name: Run chart-testing (list-changed)
         id: list-changed
         run: |
-          changed=$(ct list-changed)
+          changed=$(ct list-changed --chart-dirs chart)
           if [[ -n "$changed" ]]; then
             echo "::set-output name=changed::true"
           fi
 
       - name: Run chart-testing (lint)
-        run: ct lint
+        run: ct lint --chart-dirs chart
 
       - name: Create kind cluster
         uses: helm/[email protected]
         if: steps.list-changed.outputs.changed == 'true'
 
       - name: Run chart-testing (install)
-        run: ct install
+        run: ct install --chart-dirs chart
diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
@@ -4,26 +4,40 @@ on:
   pull_request:
   push:
     branches:
-      - main
-      - DK-2819
+      - master
 
 jobs:
   kind:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v2
-      - name: Setup Go
-        uses: actions/setup-go@v2
+      - name: Setup QEMU
+        uses: docker/setup-qemu-action@v1
         with:
-          go-version: 1.16.x
+          platforms: all
+      - name: Setup Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v1
       - name: Restore Go cache
         uses: actions/cache@v1
         with:
-          path: /home/runner/work/_temp/_github_home/go/pkg/mod
+          path: ~/go/pkg/mod
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
           restore-keys: |
             ${{ runner.os }}-go-
+      - name: Cache Docker layers
+        uses: actions/cache@v2
+        id: cache
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-ghcache-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-ghcache-
+      - name: Setup Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.16.x
       - name: Setup Kubernetes
         uses: engineerd/[email protected]
         with:
@@ -46,8 +60,15 @@ jobs:
             echo 'run make test and commit changes'
             exit 1
           fi
-      - name: Build container image1
-        run: make docker-build IMG=test/k8stcpmap-controller:latest BUILD_PLATFORMS=linux/amd64 BUILD_ARGS=--load
+      - name: Build container image
+        run: |
+          make docker-build IMG=test/k8stcpmap-controller:latest BUILD_PLATFORMS=linux/amd64 \
+            BUILD_ARGS="--cache-from=type=local,src=/tmp/.buildx-cache \
+            --cache-to=type=local,dest=/tmp/.buildx-cache-new,mode=max"
+      - name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
       - name: Load test image
         run: kind load docker-image test/k8stcpmap-controller:latest
       - name: Deploy controller
@@ -62,7 +83,8 @@ jobs:
           helm upgrade --wait -i ingress-nginx ingress-nginx/ingress-nginx \
           --version $NGINX_INGRESS_VER \
           --namespace ingress-nginx \
-          --set controller.extraArgs.tcp-services-configmap="\$(POD_NAMESPACE)/tcp-services-configmap"
+          --set controller.extraArgs.tcp-services-configmap="\$(POD_NAMESPACE)/tcp-services-configmap" \
+          --set controller.service.type=ClusterIP
       - name: Setup podinfo
         env:
           PODINFO_VER: ${{ '6.0.3' }}
@@ -71,11 +93,19 @@ jobs:
           helm repo add podinfo https://stefanprodan.github.io/podinfo
           helm upgrade --install --wait backend podinfo/podinfo \
           --version $PODINFO_VER \
-          --namespace podinfo
+          --namespace podinfo \
+          --set replicaCount=2
       - name: Run tcpmap tests
         run: |
           kubectl -n podinfo apply -f ./config/testdata
           kubectl -n podinfo wait tcpingressmappings/backend-podinfo --for=condition=Ready --timeout=1m
+          electedPort=$(kubectl -n podinfo get tcpingressmappings/backend-podinfo -o jsonpath='{.status.electedPort}')
+          echo "bound port $electedPort"
+          kubectl -n ingress-nginx port-forward svc/ingress-nginx-controller 8080:$electedPort &>/dev/null &
+
+          #We need to wait a bit til nginx reloaded the map
+          sleep 10
+          curl --haproxy-protocol -v --fail http://localhost:8080
       - name: Logs
         run: |
           kubectl -n k8stcpmap-system logs deploy/k8stcpmap-controller

diff --git a/.github/workflows/release-chart.yaml b/.github/workflows/release-chart.yaml
@@ -19,7 +19,7 @@ jobs:
           git config user.name "$GITHUB_ACTOR"
           git config user.email "[email protected]"
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@v1.2.1
+        uses: helm/chart-releaser-action@v1.3.0
         with:
           charts_dir: ./chart
         env:

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -10,6 +10,11 @@ on:
         default: 'rc'
         required: true
 
+permissions:
+  contents: write # needed to write releases
+  id-token: write # needed for keyless signing
+  packages: write # needed for ghcr access
+
 env:
   CONTROLLER: ${{ github.event.repository.name }}
 
@@ -44,6 +49,14 @@ jobs:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Generate images meta
+        id: meta
+        uses: docker/metadata-action@v3
+        with:
+          images: |
+            ghcr.io/doodlescheduling/${{ env.CONTROLLER }}
+          tags: |
+            type=raw,value=${{ steps.prep.outputs.VERSION }}
       - name: Publish multi-arch container image
         uses: docker/build-push-action@v2
         with:
@@ -52,15 +65,8 @@ jobs:
           context: .
           file: ./Dockerfile
           platforms: linux/amd64,linux/arm/v7,linux/arm64
-          tags: |
-            ghcr.io/doodlescheduling/${{ env.CONTROLLER }}:${{ steps.prep.outputs.VERSION }}
-          labels: |
-            org.opencontainers.image.title=${{ github.event.repository.name }}
-            org.opencontainers.image.description=${{ github.event.repository.description }}
-            org.opencontainers.image.url=${{ github.event.repository.html_url }}
-            org.opencontainers.image.revision=${{ github.sha }}
-            org.opencontainers.image.version=${{ steps.prep.outputs.VERSION }}
-            org.opencontainers.image.created=${{ steps.prep.outputs.BUILD_DATE }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
       - name: Check images
         run: |
           docker buildx imagetools inspect ghcr.io/doodlescheduling/${{ env.CONTROLLER }}:${{ steps.prep.outputs.VERSION }}
@@ -71,13 +77,13 @@ jobs:
           mkdir -p config/release
           kustomize build ./config/crd > ./config/release/${{ env.CONTROLLER }}.crds.yaml
           kustomize build ./config/manager > ./config/release/${{ env.CONTROLLER }}.deployment.yaml
-      - name: Create release
+          echo '[CHANGELOG](https://github.com/DoodleScheduling/${{ env.CONTROLLER }}/blob/master/CHANGELOG.md)' > ./config/release/notes.md
+      - uses: anchore/sbom-action/download-syft@v0
+      - name: Create release and SBOM
         if: startsWith(github.ref, 'refs/tags/v')
-        uses: ncipollo/release-action@v1
+        uses: goreleaser/goreleaser-action@v2
         with:
-          prerelease: true
-          artifacts: "config/release/*.yaml"
-          artifactContentType: "text/plain"
-          body: |
-            [CHANGELOG](https://github.com/DoodleScheduling/${{ env.CONTROLLER }}/blob/main/CHANGELOG.md)
-          token: ${{ secrets.GITHUB_TOKEN }}
+          version: latest
+          args: release --release-notes=config/release/notes.md --rm-dist --skip-validate
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -0,0 +1,39 @@
+project_name: k8stcpmap-controller
+
+builds:
+  - skip: true
+
+release:
+  prerelease: "true"
+  extra_files:
+    - glob: config/release/*.yaml
+
+checksum:
+  extra_files:
+    - glob: config/release/*.yaml
+
+source:
+  enabled: true
+  name_template: "{{ .ProjectName }}_{{ .Version }}_source_code"
+
+sboms:
+  - id: source
+    artifacts: source
+    documents:
+      - "{{ .ProjectName }}_{{ .Version }}_sbom.spdx.json"
+
+# signs the checksum file
+# all files (including the sboms) are included in the checksum
+# https://goreleaser.com/customization/sign
+#signs:
+#  - cmd: cosign
+#   env:
+#      - COSIGN_EXPERIMENTAL=1
+#    certificate: "${artifact}.pem"
+#    args:
+#      - sign-blob
+#      - "--output-certificate=${certificate}"
+#      - "--output-signature=${signature}"
+#      - "${artifact}"
+#    artifacts: checksum
+#    output: true
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,12 +2,6 @@
 
 ## 0.1.0
 
-**Release date:** xxxx-xx-xx
+**Release date:** 2022-02-18
 
-description
-
-Improvements:
-* xxx
-
-Fixes:
-* xxx
+Initial oss release
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -1,9 +1,18 @@
 ## Release process
 
-1. Create pr to master with these changes:
+### Controller release
+1. Merge all pr's to master which need to be part of the new release
+2. Create pr to master with these changes:
+  1. Bump kustomization
+  2. Create CHANGELOG.md entry with release and date
+3. Merge pr
+4. Push a tag following semantic versioning prefixed by 'v'. Do not create a github release, this is done automatically.
+5. Create new branch and add the following changes:
   1. Bump chart version
   2. Bump charts app version
-  3. Bump kustomizaion 
-2. Merge pr
-3. Push a tag following semantic versioning prefixed by 'v'.
-Do not create a github release, this is done automatically.
+6. Create pr to master and merge
+
+### Helm chart change only
+1. Create branch with changes
+2. Bump chart version
+3. Create pr to master and merge
diff --git a/Makefile b/Makefile
@@ -36,12 +36,13 @@ uninstall: manifests
 
 # Deploy controller in the configured Kubernetes cluster in ~/.kube/config
 deploy: manifests
-	cd config/manager && kustomize edit set image controller=${IMG}
+	cd config/manager && kustomize edit set image ghcr.io/doodlescheduling/k8stcpmap-controller=${IMG}
 	kustomize build config/default | kubectl apply -f -
 
 # Generate manifests e.g. CRD, RBAC etc.
 manifests: controller-gen
 	$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
+	cp config/crd/bases/* chart/k8stcpmap-controller/crds/
 
 # Run go fmt against code
 fmt:
@@ -56,8 +57,12 @@ generate: controller-gen
 	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
 
 # Build the docker image
-docker-build: test
-	docker build . -t ${IMG}
+docker-build:
+	docker buildx build \
+	--platform=$(BUILD_PLATFORMS) \
+	-t ${IMG} \
+	--load \
+	${BUILD_ARGS} .
 
 # Push the docker image
 docker-push:

diff --git a/README.md b/README.md
@@ -3,12 +3,32 @@
 [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/4787/badge)](https://bestpractices.coreinfrastructure.org/projects/4787)
 [![e2e](https://github.com/DoodleScheduling/k8stcpmap-controller/workflows/e2e/badge.svg)](https://github.com/DoodleScheduling/k8stcpmap-controller/actions)
 [![report](https://goreportcard.com/badge/github.com/DoodleScheduling/k8stcpmap-controller)](https://goreportcard.com/report/github.com/DoodleScheduling/k8stcpmap-controller)
-[![license](https://img.shields.io/github/license/DoodleScheduling/k8stcpmap-controller.svg)](https://github.com/DoodleScheduling/k8stcpmap-controller/blob/main/LICENSE)
+[![license](https://img.shields.io/github/license/DoodleScheduling/k8stcpmap-controller.svg)](https://github.com/DoodleScheduling/k8stcpmap-controller/blob/master/LICENSE)
 [![release](https://img.shields.io/github/release/DoodleScheduling/k8stcpmap-controller/all.svg)](https://github.com/DoodleScheduling/k8stcpmap-controller/releases)
 
-The k8stcpmap-controller can automatically bind kubernetes services to the nginx ingress tcp proxy.
-Using a CRD called TCPIngressMapping you can define which service and what port should be proxied through the nginx ingress controller.
-The controller automatically elects a free port which will be exposed on nginx.
+The k8stcpmap-controller can automatically bind kubernetes services to the nginx ingress controller tcp proxy.
+Using a resource named TCPIngressMapping you can define which service and what port should be proxied through the nginx ingress controller.
+The controller automatically elects a free port which will be exposed on nginx as well as the nginx front service.
+
+## Requirements
+
+You need an nginx ingress controller which loads a configmap with port mappings `--tcp-services-configmap`.
+See https://kubernetes.github.io/ingress-nginx/user-guide/exposing-tcp-udp-services.
+You can deploy an empty configmap.
+
+Example installation of an ingress controller supporting tcp port mapping:
+```
+kubectl -n ingress-nginx create cm tcp-services-configmap
+helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
+helm upgrade --wait -i ingress-nginx ingress-nginx/ingress-nginx \
+  --namespace ingress-nginx \
+  --set controller.extraArgs.tcp-services-configmap="\$(POD_NAMESPACE)/tcp-services-configmap"
+```
+
+## Use cases
+If you have tcp services in your cluster which you need to expose via a single entrypoint.
+There is no requirement to port-forward through the api server this way.
+
 
 ## Example TCPIngressMapping
 
@@ -27,7 +47,7 @@ status:
 ```
 
 Its also possible to define for which nginx proxy you want to deploy the proxied port.
-This is useful if you don't want to set a default nginx ingress and have multiple nginx ingresses.
+This is useful if you don't want to set a default nginx ingress (See env variables) and have multiple nginx ingresses.
 
 ```yaml
 apiVersion: networking.infra.doodle.com/v1beta1
@@ -47,9 +67,6 @@ spec:
     namespace: ingress-nginx
 ```
 
-![graph](https://github.com/DoodleScheduling/k8stcpmap-controller/blob/master/docs/graph.jpg?raw=true)
-
-
 ## Helm chart
 
 Please see [chart/k8stcpmap-controller](https://github.com/DoodleScheduling/k8stcpmap-controller) for the helm chart docs.

diff --git a/api/v1beta1/tcpingressmapping_types.go b/api/v1beta1/tcpingressmapping_types.go
@@ -70,6 +70,9 @@ type TCPIngressMappingStatus struct {
 	// +optional
 	Conditions []metav1.Condition `json:"conditions,omitempty"`
 
+	// ObservedGeneration is the last generation reconciled by the controller
+	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
+
 	// +optional
 	ElectedPort int32 `json:"electedPort,omitempty"`
 }

diff --git a/chart/k8stcpmap-controller/Chart.yaml b/chart/k8stcpmap-controller/Chart.yaml
@@ -1,11 +1,14 @@
 apiVersion: v2
-appVersion: 0.0.0
-description: Automated tcp mapping for the nginx ingress controller
+appVersion: v0.1.0
+description: Automated tcp port mapping for the nginx ingress controller
 home: https://github.com/DoodleScheduling/k8stcpmap-controller
+maintainers:
+- name: devops
+  email: [email protected]
 keywords:
 - kubernetes-controller
 - nginx-ingress
 name: k8stcpmap-controller
 sources:
 - https://github.com/DoodleScheduling/k8stcpmap-controller
-version: 0.0.0
+version: 0.1.0