From f6e2e1eb5cafe65abc061bc416c06a5fccbd339e Mon Sep 17 00:00:00 2001 From: Tomash Sidei <43379202+tomashibm@users.noreply.github.com> Date: Thu, 25 Mar 2021 14:09:55 +0200 Subject: [PATCH] Make management port available outside of the pod (#25) * Change the control port address to 0.0.0.0:6081 (was 127.0.0.1:6081). Set the version in the build to have the version of the operator injected into the binary. Upgrade controller-runtime. Signed-off-by: Tomash Sidei --- .github/workflows/containers.yml | 2 ++ docs/varnish-cluster.md | 24 +++++++++++++++++++ go.mod | 3 +-- go.sum | 10 ++------ ...rnishcluster_grafana_dashboard_template.go | 2 +- .../varnishcluster_grafana_dashboard_test.go | 3 ++- .../varnishcluster_statefulset_test.go | 4 ++-- .../controller/varnishcluster_varnish_args.go | 2 +- .../varnishcluster_varnish_args_test.go | 12 +++++----- 9 files changed, 41 insertions(+), 21 deletions(-) diff --git a/.github/workflows/containers.yml b/.github/workflows/containers.yml index d95cf0e1..d3212433 100644 --- a/.github/workflows/containers.yml +++ b/.github/workflows/containers.yml @@ -27,6 +27,8 @@ jobs: with: tags: ibmcom/varnish-operator:${{ steps.get_version.outputs.VERSION }} file: ./Dockerfile + build-args: | + VERSION=${{ steps.get_version.outputs.VERSION }} push: ${{ github.event_name == 'release' && github.event.action == 'created' }} #push only on release varnishd: runs-on: ubuntu-latest diff --git a/docs/varnish-cluster.md b/docs/varnish-cluster.md index 9582b057..92c8e848 100644 --- a/docs/varnish-cluster.md +++ b/docs/varnish-cluster.md @@ -92,6 +92,30 @@ For more automated solution use `kubectl rollout restart statefulset ` Simply calling `kubectl delete` on the `VarnishCluster` will recursively delete all dependent resources, so that is the only action you need to take. This includes a user-generated ConfigMap, as the VarnishCluster will take ownership of that ConfigMap after creation. Deleting any of the dependent resources will trigger the operator to recreate that resource, in the same way that deleting the Pod of a Deployment will trigger the recreation of that Pod. +### Accessing the management interface + +In case you have the need to control varnish through the management interface, it is available at port `6082`. + +From your application you can connect to the Varnish pod using its DNS name: `.-headless-service..svc.cluster.local:6082`. +For example, if your `VarnishCluster` is named `example`, you can connect to the first pod with the following command: + +```bash +$ varnishadm -T example-varnish-0.example-headless-service.default.svc.cluster.local:6082 -S /etc/varnish-secret/secret +200 +----------------------------- +Varnish Cache CLI 1.0 +----------------------------- +Linux,5.8.0-45-generic,x86_64,-jnone,-sdefault,-sdefault,-hcritbit +varnish-6.1.1 revision efc2f6c1536cf2272e471f5cff5f145239b19460 + +Type 'help' for command list. +Type 'quit' to close CLI session. + +varnish> +``` + +You will need to specify the authentication secret file. It can be found in the `-varnish-secret` secret by default which can be mounted into your pod. + ### Topology-aware load balancing The Varnish controller is capable of discovering the cluster's geographical topology by reading its node labels, specifically `topology.kubernetes.io/zone` (or `failure-domain.beta.kubernetes.io/zone` which deprecated but still may be in use). Knowing cluster topology empowers the operator to control how traffic to the application backends is distributed. Currently the topology information is used to change an application backend's priority by changing its weight, so **local** backends (located in the same zone as Varnish pod) can be preferred over **remote** backends (located in other zones related to Varnish pod location). Such a configuration may not only reduce cross-zone traffic and therefore its cost, but potentially can reduce Varnish to backend latency. However, this functionality have some limitations. At this moment, only the Random Director can accept weight as backend parameter. diff --git a/go.mod b/go.mod index 7e18a312..83e1cb3a 100644 --- a/go.mod +++ b/go.mod @@ -18,8 +18,7 @@ require ( github.com/prometheus/common v0.17.0 go.uber.org/zap v1.16.0 k8s.io/api v0.20.4 - k8s.io/apiextensions-apiserver v0.20.4 // indirect k8s.io/apimachinery v0.20.4 k8s.io/client-go v0.20.4 - sigs.k8s.io/controller-runtime v0.8.2 + sigs.k8s.io/controller-runtime v0.8.3 ) diff --git a/go.sum b/go.sum index 6d1cf834..013fd699 100644 --- a/go.sum +++ b/go.sum @@ -834,25 +834,19 @@ k8s.io/api v0.20.4 h1:xZjKidCirayzX6tHONRQyTNDVIR55TYVqgATqo6ZULY= k8s.io/api v0.20.4/go.mod h1:++lNL1AJMkDymriNniQsWRkMDzRaX2Y/POTUi8yvqYQ= k8s.io/apiextensions-apiserver v0.20.1 h1:ZrXQeslal+6zKM/HjDXLzThlz/vPSxrfK3OqL8txgVQ= k8s.io/apiextensions-apiserver v0.20.1/go.mod h1:ntnrZV+6a3dB504qwC5PN/Yg9PBiDNt1EVqbW2kORVk= -k8s.io/apiextensions-apiserver v0.20.4 h1:VO/Y5PwBdznMIctX/vvgSNhxffikEmcLC/V1bpbhHhU= -k8s.io/apiextensions-apiserver v0.20.4/go.mod h1:Hzebis/9c6Io5yzHp24Vg4XOkTp1ViMwKP/6gmpsfA4= k8s.io/apimachinery v0.20.1/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= k8s.io/apimachinery v0.20.2/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= k8s.io/apimachinery v0.20.4 h1:vhxQ0PPUUU2Ns1b9r4/UFp13UPs8cw2iOoTjnY9faa0= k8s.io/apimachinery v0.20.4/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU= -k8s.io/apiserver v0.20.4/go.mod h1:Mc80thBKOyy7tbvFtB4kJv1kbdD0eIH8k8vianJcbFM= k8s.io/client-go v0.20.1/go.mod h1:/zcHdt1TeWSd5HoUe6elJmHSQ6uLLgp4bIJHVEuy+/Y= k8s.io/client-go v0.20.2/go.mod h1:kH5brqWqp7HDxUFKoEgiI4v8G1xzbe9giaCenUWJzgE= k8s.io/client-go v0.20.4 h1:85crgh1IotNkLpKYKZHVNI1JT86nr/iDCvq2iWKsql4= k8s.io/client-go v0.20.4/go.mod h1:LiMv25ND1gLUdBeYxBIwKpkSC5IsozMMmOOeSJboP+k= k8s.io/code-generator v0.20.1/go.mod h1:UsqdF+VX4PU2g46NC2JRs4gc+IfrctnwHb76RNbWHJg= -k8s.io/code-generator v0.20.4/go.mod h1:UsqdF+VX4PU2g46NC2JRs4gc+IfrctnwHb76RNbWHJg= k8s.io/component-base v0.20.1/go.mod h1:guxkoJnNoh8LNrbtiQOlyp2Y2XFCZQmrcg2n/DeYNLk= k8s.io/component-base v0.20.2 h1:LMmu5I0pLtwjpp5009KLuMGFqSc2S2isGw8t1hpYKLE= k8s.io/component-base v0.20.2/go.mod h1:pzFtCiwe/ASD0iV7ySMu8SYVJjCapNM9bjvk7ptpKh0= -k8s.io/component-base v0.20.4 h1:gdvPs4G11e99meQnW4zN+oYOjH8qkLz1sURrAzvKWqc= -k8s.io/component-base v0.20.4/go.mod h1:t4p9EdiagbVCJKrQ1RsA5/V4rFQNDfRlevJajlGwgjI= k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20201113003025-83324d819ded/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= @@ -868,8 +862,8 @@ rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= -sigs.k8s.io/controller-runtime v0.8.2 h1:SBWmI0b3uzMIUD/BIXWNegrCeZmPJ503pOtwxY0LPHM= -sigs.k8s.io/controller-runtime v0.8.2/go.mod h1:U/l+DUopBc1ecfRZ5aviA9JDmGFQKvLf5YkZNx2e0sU= +sigs.k8s.io/controller-runtime v0.8.3 h1:GMHvzjTmaWHQB8HadW+dIvBoJuLvZObYJ5YoZruPRao= +sigs.k8s.io/controller-runtime v0.8.3/go.mod h1:U/l+DUopBc1ecfRZ5aviA9JDmGFQKvLf5YkZNx2e0sU= sigs.k8s.io/structured-merge-diff/v4 v4.0.2 h1:YHQV7Dajm86OuqnIR6zAelnDWBRjo+YhYV9PmGrh1s8= sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs= diff --git a/pkg/varnishcluster/controller/varnishcluster_grafana_dashboard_template.go b/pkg/varnishcluster/controller/varnishcluster_grafana_dashboard_template.go index 9bdda491..2cc5f40d 100644 --- a/pkg/varnishcluster/controller/varnishcluster_grafana_dashboard_template.go +++ b/pkg/varnishcluster/controller/varnishcluster_grafana_dashboard_template.go @@ -1856,7 +1856,7 @@ var grafanaDashboardTemplate = ` "timeFrom": null, "timeRegions": [], "timeShift": null, - "title": "Requests sent to sleep sleep per seconds", + "title": "Requests sent to sleep per seconds", "tooltip": { "shared": true, "sort": 0, diff --git a/pkg/varnishcluster/controller/varnishcluster_grafana_dashboard_test.go b/pkg/varnishcluster/controller/varnishcluster_grafana_dashboard_test.go index a29518c9..b29c6b4e 100644 --- a/pkg/varnishcluster/controller/varnishcluster_grafana_dashboard_test.go +++ b/pkg/varnishcluster/controller/varnishcluster_grafana_dashboard_test.go @@ -3,10 +3,11 @@ package controller import ( "context" "fmt" + "time" + vcapi "github.com/ibm/varnish-operator/api/v1alpha1" "github.com/ibm/varnish-operator/pkg/names" "k8s.io/apimachinery/pkg/util/json" - "time" "k8s.io/apimachinery/pkg/api/errors" diff --git a/pkg/varnishcluster/controller/varnishcluster_statefulset_test.go b/pkg/varnishcluster/controller/varnishcluster_statefulset_test.go index fe48002d..47c4e1e0 100644 --- a/pkg/varnishcluster/controller/varnishcluster_statefulset_test.go +++ b/pkg/varnishcluster/controller/varnishcluster_statefulset_test.go @@ -101,7 +101,7 @@ var _ = Describe("statefulset", func() { Expect(varnishContainer.Args).To(Equal([]string{ "-F", "-S", "/etc/varnish-secret/secret", - "-T", "127.0.0.1:6082", + "-T", "0.0.0.0:6082", "-a", "0.0.0.0:6081", "-b", "127.0.0.1:0", })) @@ -161,7 +161,7 @@ var _ = Describe("statefulset", func() { "-S", "/etc/varnish-secret/secret", "-T", - "127.0.0.1:6082", + "0.0.0.0:6082", "-a", "0.0.0.0:6081", "-b", diff --git a/pkg/varnishcluster/controller/varnishcluster_varnish_args.go b/pkg/varnishcluster/controller/varnishcluster_varnish_args.go index c33ed74d..dc262a93 100644 --- a/pkg/varnishcluster/controller/varnishcluster_varnish_args.go +++ b/pkg/varnishcluster/controller/varnishcluster_varnish_args.go @@ -23,7 +23,7 @@ func getSanitizedVarnishArgs(spec *vcapi.VarnishClusterSpec) []string { {"-a", fmt.Sprintf("0.0.0.0:%d", vcapi.VarnishPort)}, {"-S", "/etc/varnish-secret/secret"}, {"-b", "127.0.0.1:0"}, //start a varnishd without predefined backend. It has to be overridden by settings from ConfigMap - {"-T", fmt.Sprintf("127.0.0.1:%d", vcapi.VarnishAdminPort)}, + {"-T", fmt.Sprintf("0.0.0.0:%d", vcapi.VarnishAdminPort)}, } rawArgs := spec.Varnish.Args diff --git a/pkg/varnishcluster/controller/varnishcluster_varnish_args_test.go b/pkg/varnishcluster/controller/varnishcluster_varnish_args_test.go index dc0cf85b..cdef6d1d 100644 --- a/pkg/varnishcluster/controller/varnishcluster_varnish_args_test.go +++ b/pkg/varnishcluster/controller/varnishcluster_varnish_args_test.go @@ -33,7 +33,7 @@ func TestGetSanitizedVarnishArgs(t *testing.T) { expectedResult: []string{ "-F", "-S", "/etc/varnish-secret/secret", - "-T", fmt.Sprintf("127.0.0.1:%d", v1alpha1.VarnishAdminPort), + "-T", fmt.Sprintf("0.0.0.0:%d", v1alpha1.VarnishAdminPort), "-a", fmt.Sprintf("0.0.0.0:%d", v1alpha1.VarnishPort), "-b", "127.0.0.1:0", }, @@ -49,7 +49,7 @@ func TestGetSanitizedVarnishArgs(t *testing.T) { expectedResult: []string{ "-F", "-S", "/etc/varnish-secret/secret", - "-T", fmt.Sprintf("127.0.0.1:%d", v1alpha1.VarnishAdminPort), + "-T", fmt.Sprintf("0.0.0.0:%d", v1alpha1.VarnishAdminPort), "-a", fmt.Sprintf("0.0.0.0:%d", v1alpha1.VarnishPort), "-b", "127.0.0.1:0", }, @@ -65,7 +65,7 @@ func TestGetSanitizedVarnishArgs(t *testing.T) { expectedResult: []string{ "-F", "-S", "/etc/varnish-secret/secret", - "-T", fmt.Sprintf("127.0.0.1:%d", v1alpha1.VarnishAdminPort), + "-T", fmt.Sprintf("0.0.0.0:%d", v1alpha1.VarnishAdminPort), "-a", fmt.Sprintf("0.0.0.0:%d", v1alpha1.VarnishPort), "-b", "127.0.0.1:0", }, @@ -81,7 +81,7 @@ func TestGetSanitizedVarnishArgs(t *testing.T) { expectedResult: []string{ "-F", "-S", "/etc/varnish-secret/secret", - "-T", fmt.Sprintf("127.0.0.1:%d", v1alpha1.VarnishAdminPort), + "-T", fmt.Sprintf("0.0.0.0:%d", v1alpha1.VarnishAdminPort), "-a", fmt.Sprintf("0.0.0.0:%d", v1alpha1.VarnishPort), "-b", "127.0.0.1:0", }, @@ -97,7 +97,7 @@ func TestGetSanitizedVarnishArgs(t *testing.T) { expectedResult: []string{ "-F", "-S", "/etc/varnish-secret/secret", - "-T", fmt.Sprintf("127.0.0.1:%d", v1alpha1.VarnishAdminPort), + "-T", fmt.Sprintf("0.0.0.0:%d", v1alpha1.VarnishAdminPort), "-a", fmt.Sprintf("0.0.0.0:%d", v1alpha1.VarnishPort), "-b", "127.0.0.1:0", "-p", "default_grace=3600", @@ -115,7 +115,7 @@ func TestGetSanitizedVarnishArgs(t *testing.T) { expectedResult: []string{ "-F", "-S", "/etc/varnish-secret/secret", - "-T", fmt.Sprintf("127.0.0.1:%d", v1alpha1.VarnishAdminPort), + "-T", fmt.Sprintf("0.0.0.0:%d", v1alpha1.VarnishAdminPort), "-a", fmt.Sprintf("0.0.0.0:%d", v1alpha1.VarnishPort), "-b", "127.0.0.1:0", "-p", "default_grace=3600",