feat: add cli commands to enable/disable ingress, gateway, egress-gat…

…eway, flb and service-lb (#39) * feat: enable fsm-ingress by cli cmd Signed-off-by: Lin Yang <[email protected]> * feat: add --dry-run flag for install command Signed-off-by: Lin Yang <[email protected]> feat: add --dry-run flag for install command Signed-off-by: Lin Yang <[email protected]> * feat: add commands for enable/disable ingress Signed-off-by: Lin Yang <[email protected]> * fix: command description Signed-off-by: Lin Yang <[email protected]> * fix: golang lint Signed-off-by: Lin Yang <[email protected]> * feat: support enable/disable gateway & NamespacedIngress Signed-off-by: Lin Yang <[email protected]> * feat: cleanup resources upon uninstallation Signed-off-by: Lin Yang <[email protected]> * feat: support enable/disable egress-gateway Signed-off-by: Lin Yang <[email protected]> * #32 rollback change for balance algorithm shortening (#33) * feat: support enable/disable service-lb Signed-off-by: Lin Yang <[email protected]> * fix: comments Signed-off-by: Lin Yang <[email protected]> * feat: waiting for fsm-controller pods to be ready Signed-off-by: Lin Yang <[email protected]> * fix: a typo Signed-off-by: Lin Yang <[email protected]> * feat: waiting for fsm-controller to ready Signed-off-by: Lin Yang <[email protected]> * fix: golang lint Signed-off-by: Lin Yang <[email protected]> * feat: wait for deployment rolled out Signed-off-by: Lin Yang <[email protected]> * ci: watch branch release/v* to trigger GitHub actions (#38) Signed-off-by: Lin Yang <[email protected]> * fix: make codegen Signed-off-by: Lin Yang <[email protected]> * fix: remove cluster argument Signed-off-by: Lin Yang <[email protected]> --------- Signed-off-by: Lin Yang <[email protected]> Co-authored-by: Addo.Zhang <[email protected]>
flomesh-io · Sep 8, 2023 · 877f9ab · 877f9ab
1 parent f01b1ad
commit 877f9ab
Show file tree

Hide file tree

Showing 46 changed files with 2,926 additions and 91 deletions.
diff --git a/charts/fsm/templates/cleanup-hook.yaml b/charts/fsm/templates/cleanup-hook.yaml
@@ -12,6 +12,18 @@ rules:
   - apiGroups: ["config.flomesh.io"]
     resources: ["meshconfigs"]
     verbs: ["delete"]
+  - apiGroups: [ "" ]
+    resources: [ "services", "configmaps" ]
+    verbs: [ "delete" ]
+  - apiGroups: [ "app" ]
+    resources: [ "deployments" ]
+    verbs: [ "delete" ]
+  - apiGroups: [ "networking.k8s.io" ]
+    resources: [ "ingressclasses" ]
+    verbs: [ "delete" ]
+  - apiGroups: [ "app" ]
+    resources: [ "daemonsets" ]
+    verbs: [ "get", "list", "create", "update", "patch", "delete" ]
   - apiGroups: [ "" ]
     resources: [ "secrets"]
     verbs: ["get", "list", "create", "update", "patch", "delete"]
@@ -22,7 +34,10 @@ rules:
     resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"]
     verbs: ["get", "list", "create", "update", "patch", "delete"]
   - apiGroups: [ "gateway.networking.k8s.io" ]
-    resources: [ "gatewayclasses" ]
+    resources: [ "gatewayclasses", "gateways" ]
+    verbs: [ "get", "list", "create", "update", "patch", "delete" ]
+  - apiGroups: [ "flomesh.io" ]
+    resources: [ "namespacedingresses" ]
     verbs: [ "get", "list", "create", "update", "patch", "delete" ]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -92,7 +107,16 @@ spec:
              kubectl delete --ignore-not-found meshrootcertificate -n '{{ include "fsm.namespace" . }}' fsm-mesh-root-certificate;
              kubectl delete mutatingwebhookconfiguration -l app.kubernetes.io/name=flomesh.io,app.kubernetes.io/instance={{ .Values.fsm.meshName }},app.kubernetes.io/version={{ .Chart.AppVersion }},app=fsm-injector --ignore-not-found;
              kubectl delete validatingwebhookconfiguration -l app.kubernetes.io/name=flomesh.io,app.kubernetes.io/instance={{ .Values.fsm.meshName }},app.kubernetes.io/version={{ .Chart.AppVersion }},app=fsm-controller --ignore-not-found;
-             kubectl delete gatewayclasses.gateway.networking.k8s.io -l app.kubernetes.io/name=flomesh.io,app.kubernetes.io/instance={{ .Values.fsm.meshName }},app.kubernetes.io/version={{ .Chart.AppVersion }},app=fsm-controller --ignore-not-found;
+             kubectl delete gatewayclasses.gateway.networking.k8s.io -l app.kubernetes.io/name=flomesh.io,app.kubernetes.io/instance={{ .Values.fsm.meshName }},app.kubernetes.io/version={{ .Chart.AppVersion }},app=fsm-gateway --ignore-not-found;
+             kubectl delete gateways.gateway.networking.k8s.io -l app.kubernetes.io/name=flomesh.io,app.kubernetes.io/instance={{ .Values.fsm.meshName }},app.kubernetes.io/version={{ .Chart.AppVersion }},app=fsm-gateway --ignore-not-found;
+             kubectl delete namespacedingresses.flomesh.io -l app.kubernetes.io/name=flomesh.io,app.kubernetes.io/instance={{ .Values.fsm.meshName }},app.kubernetes.io/version={{ .Chart.AppVersion }},app=fsm-ingress --ignore-not-found;
+             kubectl delete daemonsets -l app.kubernetes.io/name=flomesh.io,app.kubernetes.io/instance={{ .Values.fsm.meshName }},app.kubernetes.io/version={{ .Chart.AppVersion }},app=fsm-servicelb --ignore-not-found;
+             kubectl delete ingressclasses pipy --ignore-not-found;
+             kubectl delete deploy fsm-ingress -n '{{ include "fsm.namespace" . }}' --ignore-not-found;
+             kubectl delete svc fsm-ingress -n '{{ include "fsm.namespace" . }}' --ignore-not-found;
+             kubectl delete deploy fsm-egress-gateway -n '{{ include "fsm.namespace" . }}' --ignore-not-found;
+             kubectl delete svc fsm-egress-gateway -n '{{ include "fsm.namespace" . }}' --ignore-not-found;
+             kubectl delete cm fsm-egress-gateway-pjs -n '{{ include "fsm.namespace" . }}' --ignore-not-found;
 {{- if .Values.fsm.imagePullSecrets }}
       imagePullSecrets:
 {{ toYaml .Values.fsm.imagePullSecrets | indent 8 }}

diff --git a/charts/fsm/templates/egress-gateway-configmap.yaml b/charts/fsm/templates/egress-gateway-configmap.yaml
@@ -5,7 +5,9 @@ metadata:
   name: fsm-egress-gateway-pjs
   namespace: {{ include "fsm.namespace" . }}
   labels:
-    {{- include "fsm.egress-gateway.labels" . | nindent 4 }}
+    {{- include "fsm.labels" . | nindent 4 }}
+    app: fsm-egress-gateway
+    meshName: {{ .Values.fsm.meshName }}
 data:
   egress-gateway.js: |
 {{- if eq .Values.fsm.egressGateway.mode "sock5" }}

diff --git a/charts/fsm/templates/egress-gateway-deployment.yaml b/charts/fsm/templates/egress-gateway-deployment.yaml
@@ -5,20 +5,21 @@ metadata:
   name: {{ .Values.fsm.egressGateway.name }}
   namespace: {{ include "fsm.namespace" . }}
   labels:
-    {{- include "fsm.egress-gateway.labels" . | nindent 4 }}
-    {{- include "fsm.egress-gateway.selectorLabels" . | nindent 4 }}
+    {{- include "fsm.labels" . | nindent 4 }}
+    app: fsm-egress-gateway
+    meshName: {{ .Values.fsm.meshName }}
 spec:
   replicas: {{ .Values.fsm.egressGateway.replicaCount }}
   selector:
     matchLabels:
-      {{- include "fsm.egress-gateway.selectorLabels" . | nindent 6 }}
+      app: fsm-egress-gateway
   strategy:
     type: RollingUpdate
   template:
     metadata:
       labels:
-        {{- include "fsm.egress-gateway.labels" . | nindent 8 }}
-        {{- include "fsm.egress-gateway.selectorLabels" . | nindent 8 }}
+        {{- include "fsm.labels" . | nindent 8 }}
+        app: fsm-egress-gateway
         {{- with .Values.fsm.egressGateway.podLabels }}
         {{- toYaml . | nindent 8 }}
         {{- end }}
@@ -32,12 +33,12 @@ spec:
     spec:
       containers:
       - name: pipy
-        image: {{ include "fsm.pipy-repo.image" . }}
+        image: {{ .Values.fsm.repoServer.image }}
         imagePullPolicy: {{ .Values.fsm.image.pullPolicy }}
         resources:
           {{- toYaml .Values.fsm.egressGateway.resources | nindent 10 }}
         volumeMounts:
-          - name: {{ .Values.fsm.configmaps.egress.name }}
+          - name:  fsm-egress-gateway-pjs
             mountPath: "/repo/egress-gateway.js"
             subPath: egress-gateway.js
             readOnly: true
@@ -53,13 +54,22 @@ spec:
           - "--log-level={{ .Values.fsm.egressGateway.logLevel }}"
           - "--admin-port={{ .Values.fsm.egressGateway.adminPort }}"
         env:
-          {{- include "fsm.common-env" . | nindent 10 }}
+          - name: FSM_NAMESPACE
+            value: {{ include "fsm.namespace" . }}
+          - name: FSM_POD_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.name
+          - name: FSM_POD_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
       volumes:
-        - name: {{ .Values.fsm.configmaps.egress.name }}
+        - name:  fsm-egress-gateway-pjs
           configMap:
-            name: {{ .Values.fsm.configmaps.egress.name }}
-      serviceAccountName: {{ include "fsm.serviceAccountName" . }}
-      {{- with .Values.fsm.image.pullSecrets }}
+            name:  fsm-egress-gateway-pjs
+      serviceAccountName: {{ .Release.Name }}
+      {{- with .Values.fsm.imagePullSecrets }}
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}

diff --git a/charts/fsm/templates/egress-gateway-service.yaml b/charts/fsm/templates/egress-gateway-service.yaml
@@ -5,9 +5,11 @@ metadata:
   name: fsm-egress-gateway
   namespace: {{ include "fsm.namespace" . }}
   labels:
-    {{- include "fsm.egress-gateway.labels" . | nindent 4 }}
+    {{- include "fsm.labels" . | nindent 4 }}
+    app: fsm-egress-gateway
+    meshName: {{ .Values.fsm.meshName }}
   annotations:
-    {{- include "fsm.egress-gateway.annotations" . | nindent 4 }}
+    flomesh.io/egress-gateway-mode: {{ .Values.fsm.egressGateway.mode }}
 spec:
   ports:
     - port: {{ .Values.fsm.egressGateway.port }}
@@ -16,5 +18,5 @@ spec:
       protocol: TCP
       appProtocol: tcp
   selector:
-    {{- include "fsm.egress-gateway.selectorLabels" . | nindent 4 }}
+    app: fsm-egress-gateway
 {{- end }}
diff --git a/charts/fsm/templates/fsm-ingress-class.yaml b/charts/fsm/templates/fsm-ingress-class.yaml
@@ -5,6 +5,7 @@ metadata:
   name: pipy
   labels:
     {{- include "fsm.labels" . | nindent 4 }}
+    app: fsm-ingress
   annotations:
     meta.flomesh.io/namespace: {{ include "fsm.namespace" . }}
     meta.flomesh.io/ingress-pipy-svc: "fsm-ingress"

diff --git a/charts/fsm/templates/fsm-ingress-deployment.yaml b/charts/fsm/templates/fsm-ingress-deployment.yaml
@@ -9,6 +9,7 @@ metadata:
     {{- include "fsm.labels" . | nindent 4 }}
     app: fsm-ingress
     meshName: {{ .Values.fsm.meshName }}
+    ingress.flomesh.io/namespaced: "false"
 spec:
   replicas: {{ .Values.fsm.fsmIngress.replicaCount }}
   selector:

diff --git a/charts/fsm/templates/fsm-ingress-service.yaml b/charts/fsm/templates/fsm-ingress-service.yaml
@@ -8,6 +8,7 @@ metadata:
   labels:
     {{- include "fsm.labels" . | nindent 4 }}
     app: fsm-ingress
+    meshName: {{ .Values.fsm.meshName }}
     ingress.flomesh.io/namespaced: "false"
   {{- with .Values.fsm.fsmIngress.service.annotations }}
   annotations:

diff --git a/charts/fsm/templates/preset-mesh-config.yaml b/charts/fsm/templates/preset-mesh-config.yaml
@@ -120,9 +120,21 @@ data:
         "strictMode": {{ .Values.fsm.flb.strictMode }},
         "secretName": "{{ .Values.fsm.flb.secretName }}"
       },
+      "egressGateway": {
+        "enabled": {{ .Values.fsm.egressGateway.enabled }},
+        "logLevel": "{{ .Values.fsm.egressGateway.logLevel }}",
+        "mode": "{{ .Values.fsm.egressGateway.mode }}",
+        "port": {{ .Values.fsm.egressGateway.port }},
+        "adminPort": {{ .Values.fsm.egressGateway.adminPort }},
+        "replicas": {{ .Values.fsm.egressGateway.replicaCount }}
+      },
       "image": {
         "registry": "{{ .Values.fsm.image.registry }}",
         "tag": "{{ .Values.fsm.image.tag }}",
         "pullPolicy": "{{ .Values.fsm.image.pullPolicy }}"
+      },
+      "misc": {
+        "curlImage": "{{ .Values.fsm.curlImage }}",
+        "repoServerImage": "{{ .Values.fsm.repoServer.image }}"
       }
     }
diff --git a/cmd/cli/cluster.go b/cmd/cli/cluster.go
@@ -0,0 +1 @@
+package main
diff --git a/cmd/cli/egressgateway.go b/cmd/cli/egressgateway.go
@@ -0,0 +1,36 @@
+package main
+
+import (
+	"io"
+
+	"helm.sh/helm/v3/pkg/action"
+
+	"github.com/spf13/cobra"
+)
+
+const egressGatewayDescription = `
+This command consists of multiple subcommands related to managing egress gateway
+associated with fsm installations.
+`
+
+var (
+	egressGatewayManifestFiles = []string{
+		"templates/egress-gateway-configmap.yaml",
+		"templates/egress-gateway-deployment.yaml",
+		"templates/egress-gateway-service.yaml",
+	}
+)
+
+func newEgressGatewayCmd(config *action.Configuration, out io.Writer) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:     "egressgateway",
+		Short:   "manage fsm egress-gateway",
+		Aliases: []string{"egw"},
+		Long:    egressGatewayDescription,
+		Args:    cobra.NoArgs,
+	}
+	cmd.AddCommand(newEgressGatewayEnable(config, out))
+	cmd.AddCommand(newEgressGatewayDisable(out))
+
+	return cmd
+}
diff --git a/cmd/cli/egressgateway_disable.go b/cmd/cli/egressgateway_disable.go
@@ -0,0 +1,108 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"io"
+
+	"github.com/spf13/cobra"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
+
+	configClientset "github.com/flomesh-io/fsm/pkg/gen/client/config/clientset/versioned"
+)
+
+const egressGatewayDisableDescription = `
+This command will disable FSM egress-gateway, make sure --mesh-name and --fsm-namespace matches 
+the release name and namespace of installed FSM, otherwise it doesn't work.
+`
+
+type egressGatewayDisableCmd struct {
+	out          io.Writer
+	kubeClient   kubernetes.Interface
+	configClient configClientset.Interface
+	meshName     string
+}
+
+func newEgressGatewayDisable(out io.Writer) *cobra.Command {
+	disableCmd := &egressGatewayDisableCmd{
+		out: out,
+	}
+
+	cmd := &cobra.Command{
+		Use:   "disable",
+		Short: "disable fsm egress-gateway",
+		Long:  egressGatewayDisableDescription,
+		Args:  cobra.ExactArgs(0),
+		RunE: func(_ *cobra.Command, args []string) error {
+			config, err := settings.RESTClientGetter().ToRESTConfig()
+			if err != nil {
+				return fmt.Errorf("error fetching kubeconfig: %w", err)
+			}
+
+			kubeClient, err := kubernetes.NewForConfig(config)
+			if err != nil {
+				return fmt.Errorf("could not access Kubernetes cluster, check kubeconfig: %w", err)
+			}
+			disableCmd.kubeClient = kubeClient
+
+			configClient, err := configClientset.NewForConfig(config)
+			if err != nil {
+				return fmt.Errorf("could not access Kubernetes cluster, check kubeconfig: %w", err)
+			}
+			disableCmd.configClient = configClient
+
+			return disableCmd.run()
+		},
+	}
+
+	f := cmd.Flags()
+	f.StringVar(&disableCmd.meshName, "mesh-name", defaultMeshName, "name for the control plane instance")
+	//utilruntime.Must(cmd.MarkFlagRequired("mesh-name"))
+
+	return cmd
+}
+
+func (cmd *egressGatewayDisableCmd) run() error {
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	fsmNamespace := settings.Namespace()
+
+	debug("Getting mesh config ...")
+	// get mesh config
+	mc, err := cmd.configClient.ConfigV1alpha3().MeshConfigs(fsmNamespace).Get(ctx, defaultFsmMeshConfigName, metav1.GetOptions{})
+	if err != nil {
+		return err
+	}
+
+	if !mc.Spec.EgressGateway.Enabled {
+		fmt.Fprintf(cmd.out, "egress-gateway is disabled already, no action needed\n")
+		return nil
+	}
+
+	debug("Deleting FSM egress-gateway resources ...")
+	err = deleteEgressGatewayResources(ctx, cmd.kubeClient, fsmNamespace, cmd.meshName)
+	if err != nil {
+		return err
+	}
+
+	err = updatePresetMeshConfigMap(ctx, cmd.kubeClient, fsmNamespace, map[string]interface{}{
+		"egressGateway.enabled": false,
+	})
+	if err != nil {
+		return err
+	}
+
+	debug("Updating mesh config ...")
+	// update mesh config, fsm-mesh-config
+	mc.Spec.EgressGateway.Enabled = false
+	_, err = cmd.configClient.ConfigV1alpha3().MeshConfigs(fsmNamespace).Update(ctx, mc, metav1.UpdateOptions{})
+	if err != nil {
+		return err
+	}
+
+	fmt.Fprintf(cmd.out, "egress-gateway is disabled successfully\n")
+
+	return nil
+}