NE-199 Phase 1: Add initial Canary Controller and Canary Resources

HACKING.md

@@ -57,6 +57,9 @@ To run the operator binary in the cluster from your local machine (as opposed to
 $ make run-local
 ```
 
+Set `ENABLE_CANARY=true` in your environment (or inline with the `run-local` command) to enable the ingress canary.
+
+
 Note, to rescale the operator on the cluster after local testing is complete, scale the CVO back up with:
 
 ```

assets/canary/daemonset.yaml

@@ -0,0 +1,23 @@
+# Hello Openshift Ingress Canary daemonset
+# Specific values are set at runtime
+kind: DaemonSet
+apiVersion: apps/v1
+# name and namespace are set at runtime.
+spec:
+  progressDeadlineSeconds: 600
+  template:
+    spec:
+      containers:
+        - name: hello-openshift-canary
+          # Image is set at runtime
+          imagePullPolicy: IfNotPresent
+          terminationMessagePolicy: FallbackToLogsOnError
+          ports:
+          - containerPort: 8080
+            protocol: TCP
+          - containerPort: 8888
+            protocol: TCP
+          resources:
+            requests:
+              cpu: 10m
+              memory: 20Mi

assets/canary/namespace.yaml

@@ -0,0 +1,4 @@
+kind: Namespace
+apiVersion: v1
+metadata:
+  name: openshift-ingress-canary

assets/canary/route.yaml

@@ -0,0 +1,16 @@
+# Hello Openshift Ingress Canary route
+# Specific values are applied at runtime
+kind: Route
+apiVersion: route.openshift.io/v1
+# name and namespace are set at runtime.
+metadata:
+  annotations:
+    haproxy.router.openshift.io/balance: "roundrobin"
+spec:
+  port:
+    targetPort: 8080-tcp
+  to:
+    kind: Service
+    # Service name set at run time
+    weight: 100
+  wildcardPolicy: None

assets/canary/service.yaml

@@ -0,0 +1,16 @@
+# Hello Openshift Ingress Canary service
+# Specific values are applied at runtime
+kind: Service
+apiVersion: v1
+# name and namespace are set at runtime.
+spec:
+  type: ClusterIP
+  ports:
+  - name: 8080-tcp
+    port: 8080
+    protocol: TCP
+    targetPort: 8080
+  - name: 8888-tcp
+    port: 8888
+    protocol: TCP
+    targetPort: 8888

cmd/ingress-operator/start.go

@@ -37,6 +37,9 @@ type StartOptions struct {
 	// IngressControllerImage is the pullspec of the ingress controller image to
 	// be managed.
 	IngressControllerImage string
+	// CanaryImage is the pullspec of the canary tester server image to
+	// be managed.
+	CanaryImage string
 	// ReleaseVersion is the cluster version which the operator will converge to.
 	ReleaseVersion string
 }
@@ -58,6 +61,7 @@ func NewStartCommand() *cobra.Command {
 
 	cmd.Flags().StringVarP(&options.OperatorNamespace, "namespace", "n", manifests.DefaultOperatorNamespace, "namespace the operator is deployed to (required)")
 	cmd.Flags().StringVarP(&options.IngressControllerImage, "image", "i", "", "image of the ingress controller the operator will manage (required)")
+	cmd.Flags().StringVarP(&options.CanaryImage, "canary-image", "c", "", "image of the canary container that the operator will manage (optional)")
 	cmd.Flags().StringVarP(&options.ReleaseVersion, "release-version", "", statuscontroller.UnknownVersionValue, "the release version the operator should converge to (required)")
 	cmd.Flags().StringVarP(&options.MetricsListenAddr, "metrics-listen-addr", "", ":60000", "metrics endpoint listen address (required)")
 	cmd.Flags().StringVarP(&options.ShutdownFile, "shutdown-file", "s", defaultTrustedCABundle, "if provided, shut down the operator when this file changes")
@@ -90,6 +94,7 @@ func start(opts *StartOptions) error {
 		OperatorReleaseVersion: opts.ReleaseVersion,
 		Namespace:              opts.OperatorNamespace,
 		IngressControllerImage: opts.IngressControllerImage,
+		CanaryImage:            opts.CanaryImage,
 	}
 
 	// Set up the channels for the watcher and operator.

hack/run-local.sh

@@ -14,5 +14,10 @@ echo "Image: ${IMAGE}"
 echo "Release version: ${RELEASE_VERSION}"
 echo "Namespace: ${NAMESPACE}"
 
-${DELVE:-} ./ingress-operator start --image "${IMAGE}" --release-version "${RELEASE_VERSION}" \
+if [[ ! -z ${ENABLE_CANARY:-} ]]; then
+    CANARY_IMAGE=$(oc get -n openshift-ingress-operator deployments/ingress-operator -o json | jq -r '.spec.template.spec.containers[0].env[] | select(.name=="CANARY_IMAGE").value')
+    echo "Canary Image: ${CANARY_IMAGE}"
+fi
+
+${DELVE:-} ./ingress-operator start --image "${IMAGE}" --canary-image=${CANARY_IMAGE:-} --release-version "${RELEASE_VERSION}" \
 --namespace "${NAMESPACE}" --shutdown-file "${SHUTDOWN_FILE}" "$@"

hack/uninstall.sh

@@ -22,6 +22,7 @@ else
 fi
 
 oc delete namespaces/openshift-ingress
+oc delete namespaces/openshift-ingress-canary
 
 if [ "$WHAT" == "all" ]; then
   oc delete clusterroles/openshift-ingress-operator

manifests/00-cluster-role.yaml

@@ -26,6 +26,7 @@ rules:
   - apps
   resources:
   - deployments
+  - daemonsets
   verbs:
   - "*"
 
@@ -136,13 +137,13 @@ rules:
   - create
 
 # Mirrored from assets/router/cluster-role.yaml
+# and expanded for the canary-controller.
 - apiGroups:
   - route.openshift.io
   resources:
   - routes
   verbs:
-  - list
-  - watch
+  - '*'
 
 # Mirrored from assets/router/cluster-role.yaml
 - apiGroups:

manifests/02-deployment.yaml

@@ -47,6 +47,8 @@ spec:
           - "$(WATCH_NAMESPACE)"
           - --image
           - "$(IMAGE)"
+          - --canary-image
+          - "$(CANARY_IMAGE)"
           - --release-version
           - "$(RELEASE_VERSION)"
           env:
@@ -58,6 +60,8 @@ spec:
                   fieldPath: metadata.namespace
             - name: IMAGE
               value: openshift/origin-haproxy-router:v4.0
+            - name: CANARY_IMAGE
+              value: openshift/hello-openshift:latest
           resources:
             requests:
               cpu: 10m