add config for gateway deployment

wso2 · Aug 5, 2024 · 4e33710 · 4e33710
1 parent b89f8b8
commit 4e33710
Show file tree

Hide file tree

Showing 18 changed files with 156 additions and 200 deletions.
diff --git a/adapter/config/default_config.go b/adapter/config/default_config.go
@@ -31,7 +31,6 @@ var defaultConfig = &Config{
 		Operator: operator{
 			Namespaces: nil,
 		},
-		Namespace:   "apk",
 		Environment: "Default",
 		Metrics: Metrics{
 			Enabled: false,
@@ -49,7 +48,6 @@ var defaultConfig = &Config{
 		},
 	},
 	Envoy: envoy{
-		Namespace:         "apk",
 		ListenerCodecType: "AUTO",
 		// todo(amali) move connect timeout to crd
 		ClusterTimeoutInSeconds:          20,
@@ -275,4 +273,36 @@ var defaultConfig = &Config{
 			"endpoint":               "/api/v2/spans",
 		},
 	},
+	Deployment: deployment{
+		//todo(amali) add validation
+		Gateway: gateway{
+			Namespace:                "apk",
+			AdapterHostName:          "",
+			AdapterHost:              "",
+			CommonControllerHostName: "",
+			CommonControllerHost:     "",
+			EnforcerPrivateKeyPath:   "/home/wso2/security/keystore/enforcer.key",
+			EnforcerPublicCertPath:   "/home/wso2/security/keystore/enforcer.crt",
+			EnforcerServerName:       "",
+			AdapterTrustedCAPath:     "/home/wso2/security/truststore",
+			AdapterXDSPort:           "18000",
+			CommonControllerXDSPort:  "18002",
+			CommonControllerRestPort: "18003",
+			EnforcerLabel:            "wso2-apk-default",
+			EnforcerRegion:           "UNKNOWN",
+			EnforcerXDSMaxMsgSize:    "4194304",
+			EnforcerXDSMaxRetries:    "3",
+			JavaOpts:                 "-Dhttpclient.hostnameVerifier=AllowAll -Xms512m -Xmx512m -XX:MaxRAMFraction=2",
+			Volumes: volumes{
+				RatelimiterTruststoreSecretVolume: "",
+				EnforcerKeystoreSecretVolume:      "",
+				RouterKeystoreSecretVolume:        "",
+				AdapterTruststoreSecretVolume:     "",
+				EnforcerJwtSecretVolume:           "",
+				EnforcerTrustedCerts:              "",
+				EnforcerApikeyCert:                "",
+				IDPCertificateSecretVolume:        "",
+			},
+		},
+	},
 }
diff --git a/adapter/config/types.go b/adapter/config/types.go
@@ -79,6 +79,7 @@ type Config struct {
 	PartitionServer  partitionServer  `toml:"partitionServer"`
 	Analytics        analytics        `toml:"analytics"`
 	Tracing          tracing
+	Deployment       deployment
 }
 
 // Adapter related Configurations
@@ -93,8 +94,6 @@ type adapter struct {
 	Operator operator
 	// Environment of the Adapter
 	Environment string
-	// Namespace of the Adapter
-	Namespace string
 	// Metric represents configurations to expose/export go metrics
 	Metrics Metrics
 	// ControlPlane represents the connection configuration of ControlPlane
@@ -103,8 +102,6 @@ type adapter struct {
 
 // Envoy Listener Component related configurations.
 type envoy struct {
-	// Namespace of the envoyproxy gateway
-	Namespace string
 	// ListenerCodecType Default to AUTO where both http1 and http2 connections are handled
 	// It can be specifically set to either HTTP1 or HTTP2
 	ListenerCodecType string
@@ -318,6 +315,42 @@ type tracing struct {
 	ConfigProperties map[string]string
 }
 
+type deployment struct {
+	Gateway gateway
+}
+
+type gateway struct {
+	Namespace                string
+	AdapterHostName          string
+	AdapterHost              string
+	CommonControllerHostName string
+	CommonControllerHost     string
+	EnforcerPrivateKeyPath   string
+	EnforcerPublicCertPath   string
+	EnforcerServerName       string
+	AdapterTrustedCAPath     string
+	AdapterXDSPort           string
+	CommonControllerXDSPort  string
+	CommonControllerRestPort string
+	EnforcerLabel            string
+	EnforcerRegion           string
+	EnforcerXDSMaxMsgSize    string
+	EnforcerXDSMaxRetries    string
+	JavaOpts                 string
+	Volumes                  volumes
+}
+
+type volumes struct {
+	RatelimiterTruststoreSecretVolume string
+	EnforcerKeystoreSecretVolume      string
+	RouterKeystoreSecretVolume        string
+	AdapterTruststoreSecretVolume     string
+	EnforcerJwtSecretVolume           string
+	EnforcerTrustedCerts              string
+	EnforcerApikeyCert                string
+	IDPCertificateSecretVolume        string
+}
+
 // Metrics defines the configuration for metrics collection.
 type Metrics struct {
 	Enabled bool

diff --git a/adapter/internal/adapter/adapter.go b/adapter/internal/adapter/adapter.go
@@ -140,67 +140,67 @@ func runManagementServer(conf *config.Config, server xdsv3.Server, enforcerServe
 
 func SetupRunners(conf *config.Config) {
 	ctx := ctrl.SetupSignalHandler()
-	// start the operator
-	pResources := new(message.ProviderResources)
-	// Start the Provider Service
-	// It fetches the resources from the configured provider type
+
+	// Step 1: Start the Kubernetes Provider Service
+	// It fetches the resources from the kubernetes
 	// and publishes it
 	// It also subscribes to status resources and once it receives
 	// a status resource back, it writes it out.
+	// Final processed crs will be stored in following pResources.
+	pResources := new(message.ProviderResources)
 	providerRunner := providerrunner.New(&providerrunner.Config{
 		ProviderResources: pResources,
 	})
 	if err := providerRunner.Start(ctx); err != nil {
-		logger.LoggerAPKOperator.Error("Error while starting provider service", err)
+		logger.LoggerAPKOperator.Error("Error while starting provider service ", err)
 	}
 
-	xdsIR := new(message.XdsIR)
-	infraIR := new(message.InfraIR)
-	// Start the GatewayAPI Translator Runner
+	// Step 2: Start the GatewayAPI Translator Runner
 	// It subscribes to the provider resources, translates it to xDS IR
 	// and infra IR resources and publishes them.
+	// Final processed structs will be in pResources, xdsIR, and infraIR
+	xdsIR := new(message.XdsIR)
+	infraIR := new(message.InfraIR)
 	gwRunner := runner.New(&runner.Config{
 		ProviderResources: pResources,
 		XdsIR:             xdsIR,
 		InfraIR:           infraIR,
 	})
 	if err := gwRunner.Start(ctx); err != nil {
-		logger.LoggerAPKOperator.Error("Error while starting translation service", err)
+		logger.LoggerAPKOperator.Error("Error while starting translation service ", err)
 	}
 
-	xds := new(message.Xds)
-	// Start the Xds Translator Service
+	// Step 3: Start the Xds Translator Service
 	// It subscribes to the xdsIR, translates it into xds Resources and publishes it.
+	// Final xds configs are in xds.
+	xds := new(message.Xds)
 	xdsTranslatorRunner := xdstranslatorrunner.New(&xdstranslatorrunner.Config{
-		// Server:            *cfg,
-		XdsIR: xdsIR,
-		Xds:   xds,
-		// ExtensionManager:  extMgr,
+		XdsIR:             xdsIR,
+		Xds:               xds,
 		ProviderResources: pResources,
 	})
 	if err := xdsTranslatorRunner.Start(ctx); err != nil {
-		logger.LoggerAPKOperator.Error("Error while starting xds translator service", err)
+		logger.LoggerAPKOperator.Error("Error while starting xds translator service ", err)
 	}
 
-	// Start the Infra Manager Runner
+	// Step 4: Start the Infra Manager Runner
 	// It subscribes to the infraIR, translates it into Envoy Proxy infrastructure
 	// resources such as K8s deployment and services.
 	infraRunner := infrarunner.New(&infrarunner.Config{
 		InfraIR: infraIR,
 	})
 	if err := infraRunner.Start(ctx); err != nil {
-		logger.LoggerAPKOperator.Error("Error while starting infrastructure service", err)
+		logger.LoggerAPKOperator.Error("Error while starting infrastructure service ", err)
 	}
 
-	// Start the xDS Server
+	// Step 5: Start the xDS Server
 	// It subscribes to the xds Resources and configures the remote Envoy Proxy
 	// via the xDS Protocol.
 	xdsServerRunner := xdsserverrunner.New(&xdsserverrunner.Config{
-		// Server: *cfg,
 		Xds: xds,
 	})
 	if err := xdsServerRunner.Start(ctx); err != nil {
-		logger.LoggerAPKOperator.Error("Error while starting xds service", err)
+		logger.LoggerAPKOperator.Error("Error while starting xds service ", err)
 	}
 }
 

diff --git a/adapter/internal/operator/gateway-api/bootstrap/bootstrap.go b/adapter/internal/operator/gateway-api/bootstrap/bootstrap.go
@@ -26,9 +26,11 @@ import (
 	// Register embed
 	_ "embed"
 	"fmt"
+	"strconv"
 	"strings"
 	"text/template"
 
+	"github.com/wso2/apk/adapter/config"
 	egv1a1 "github.com/wso2/apk/adapter/internal/operator/gateway-api/v1alpha1"
 	"github.com/wso2/apk/adapter/pkg/utils/regex"
 	"k8s.io/apimachinery/pkg/util/sets"
@@ -37,19 +39,13 @@ import (
 const (
 	// envoyCfgFileName is the name of the Envoy configuration file.
 	envoyCfgFileName = "bootstrap.yaml"
-	// envoyGatewayXdsServerHost is the DNS name of the Xds Server within Envoy Gateway.
-	// It defaults to the Envoy Gateway Kubernetes service.
-	envoyGatewayXdsServerHost = "envoy-gateway"
 	// EnvoyAdminAddress is the listening address of the envoy admin interface.
 	EnvoyAdminAddress = "0.0.0.0"
 	// EnvoyAdminPort is the port used to expose admin interface.
 	EnvoyAdminPort = 19000
 	// envoyAdminAccessLogPath is the path used to expose admin access log.
 	envoyAdminAccessLogPath = "/dev/null"
 
-	// DefaultXdsServerPort is the default listening port of the xds-server.
-	DefaultXdsServerPort = 18000
-
 	envoyReadinessAddress = "0.0.0.0"
 	EnvoyReadinessPort    = 19001
 	EnvoyReadinessPath    = "/ready"
@@ -193,12 +189,13 @@ func GetRenderedBootstrapConfig(proxyMetrics *egv1a1.ProxyMetrics) (string, erro
 			}
 		}
 	}
-
+	conf := config.ReadConfigs()
+	xdsport, _ := strconv.Atoi(conf.Deployment.Gateway.AdapterXDSPort)
 	cfg := &bootstrapConfig{
 		parameters: bootstrapParameters{
 			XdsServer: xdsServerParameters{
-				Address: envoyGatewayXdsServerHost,
-				Port:    DefaultXdsServerPort,
+				Address: conf.Deployment.Gateway.AdapterHost,
+				Port:    int32(xdsport),
 			},
 			AdminServer: adminServerParameters{
 				Address:       EnvoyAdminAddress,

diff --git a/adapter/internal/operator/gateway-api/crypto/certgen.go b/adapter/internal/operator/gateway-api/crypto/certgen.go
@@ -109,7 +109,7 @@ type certificateRequest struct {
 // and Envoy returning them as a *Certificates struct or error if encountered.
 func GenerateCerts() (*Certificates, error) {
 	conf := config.ReadConfigs()
-	gatewayNs := conf.Envoy.Namespace
+	gatewayNs := conf.Deployment.Gateway.Namespace
 	certCfg := new(Configuration)
 
 	certCfg.getProvider()

diff --git a/adapter/internal/operator/gateway-api/infrastructure/kubernetes/infra.go b/adapter/internal/operator/gateway-api/infrastructure/kubernetes/infra.go
@@ -58,7 +58,7 @@ type Infra struct {
 func NewInfra(cli client.Client) *Infra {
 	conf := config.ReadConfigs()
 	return &Infra{
-		Namespace: conf.Envoy.Namespace,
+		Namespace: conf.Deployment.Gateway.Namespace,
 		Client:    New(cli),
 	}
 }
@@ -67,33 +67,10 @@ func NewInfra(cli client.Client) *Infra {
 // provided ResourceRender, if it doesn't exist and updates it if it does.
 func (i *Infra) createOrUpdate(ctx context.Context, r ResourceRender) error {
 
-	// certs, err := crypto.GenerateCerts()
-	// if err != nil {
-	// 	return fmt.Errorf("failed to generate certificates: %w", err)
-	// }
-	// secrets, err := gatewayapi.CreateOrUpdateSecrets(ctx, i.Client.Client, gatewayapi.CertsToSecret(i.Namespace, certs), true)
-
-	// if err != nil {
-	// 	if errors.Is(err, gatewayapi.ErrSecretExists) {
-	// 		loggers.LoggerAPKOperator.Info(err.Error())
-	// 	} else {
-	// 		return fmt.Errorf("failed to create or update secrets: %w", err)
-	// 	}
-	// } else {
-	// 	for i := range secrets {
-	// 		s := secrets[i]
-	// 		loggers.LoggerAPKOperator.Info("created secret", "namespace", s.Namespace, "name", s.Name)
-	// 	}
-	// }
-
 	if err := i.createOrUpdateServiceAccount(ctx, r); err != nil {
 		return fmt.Errorf("failed to create or update serviceaccount %s/%s: %w", i.Namespace, r.Name(), err)
 	}
 
-	// if err := i.createOrUpdateConfigMap(ctx, r); err != nil {
-	// 	return fmt.Errorf("failed to create or update configmap %s/%s: %w", i.Namespace, r.Name(), err)
-	// }
-
 	if err := i.createOrUpdateDeployment(ctx, r); err != nil {
 		return fmt.Errorf("failed to create or update deployment %s/%s: %w", i.Namespace, r.Name(), err)
 	}