Commit Graph

188 Commits

Author SHA1 Message Date
Andrew Keesler
6b90dc8bb7
Auto-rotate serving certificate
The rotation is forced by a new controller that deletes the serving cert
secret, as other controllers will see this deletion and ensure that a new
serving cert is created.

Note that the integration tests now have an addition worst case runtime of
60 seconds. This is because of the way that the aggregated API server code
reloads certificates. We will fix this in a future story. Then, the
integration tests should hopefully get much faster.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-20 10:03:36 -04:00
Matt Moyer
1b9a70d089
Switch back to an exec-based approach to grab the controller-manager CA. (#65)
This switches us back to an approach where we use the Pod "exec" API to grab the keys we need, rather than forcing our code to run on the control plane node. It will help us fail gracefully (or dynamically switch to alternate implementations) when the cluster is not self-hosted.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
Co-authored-by: Ryan Richard <richardry@vmware.com>
2020-08-19 13:21:07 -05:00
Ryan Richard
003aef75d2 For liveness and readiness, succeed quickly and fail slowly
- No reason to wait a long time before the first check, since our
  app should start quickly
2020-08-18 09:18:51 -07:00
Ryan Richard
ecde8fa8af Implement basic liveness and readiness probes
- Call the auto-generated /healthz endpoint of our aggregated API server
- Use http for liveness even though tcp seems like it might be
  more appropriate, because tcp probes cause TLS handshake errors
  to appear in our logs every few seconds
- Use conservative timeouts and retries on the liveness probe to avoid
  having our container get restarted when it is temporarily slow due
  to running in an environment under resource pressure
- Use less conservative timeouts and retries for the readiness probe
  to remove an unhealthy pod from the service less conservatively than
  restarting the container
- Tuning the settings for retries and timeouts seem to be a mysterious
  art, so these are just a first draft
2020-08-17 16:44:42 -07:00
Ryan Richard
29654c39a5 Update a CRD validation
- Allow both http and https because a user using `kubectl proxy` would
  want to use http, since the proxy upgrades requests from http to https
2020-08-17 16:29:21 -07:00
Matt Moyer
769ef71db7
Merge pull request #58 from ankeesler/api-review-updates
Update API for pre-release
2020-08-17 15:52:52 -05:00
Matt Moyer
787cf47c39 Standardize whitespace/newlines for consistency.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-14 14:42:49 -05:00
Andrew Keesler
df1a1cf1bd
LoginRequest -> CredentialRequest
- We want to follow the <noun>Request convention.
- The actual operation does not login a user, but it does retrieve a
  credential with which they can login.

- This commit includes changes to all LoginRequest-related symbols and
  constants to try to update their names to follow the new
  CredentialRequest type.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-14 11:26:09 -04:00
Ryan Richard
b6c468117e Set the type on the image pull Secret
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-13 13:34:23 -07:00
Matt Moyer
1b23e31464
Merge pull request #55 from mattmoyer/switch-to-debian-base
Switch to debian base images.
2020-08-13 13:56:11 -05:00
Matt Moyer
c02b6fee8f Switch to Debian base images.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-13 13:35:42 -05:00
Ryan Richard
87eddf8bbd Add image pull secret as a data value for our ytt templates
Signed-off-by: Aram Price <pricear@vmware.com>
2020-08-12 17:02:43 -07:00
Ryan Richard
4cb0fd3949 Use a DaemonSet instead of a Deployment to deploy our app
- For high availability reasons, we would like our app to scale linearly
  with the size of the control plane. Using a DaemonSet allows us to run
  one pod on each node-role.kubernetes.io/master node.
- The hope is that the Service that we create should load balance
  between these pods appropriately.
2020-08-11 17:55:34 -07:00
Ryan Richard
86c3f89b2e First draft of moving API server TLS cert generation to controllers
- Refactors the existing cert generation code into controllers
  which read and write a Secret containing the certs
- Does not add any new functionality yet, e.g. no new handling
  for cert expiration, and no leader election to allow for
  multiple servers running simultaneously
- This commit also doesn't add new tests for the cert generation
  code, but it should be more unit testable now as controllers
2020-08-09 10:04:05 -07:00
Ryan Richard
08961919b5 Fix a garbage collection bug
- Previously the golang code would create a Service and an APIService.
  The APIService would be given an owner reference which pointed to
  the namespace in which the app was installed.
- This prevented the app from being uninstalled. The namespace would
  refuse to delete, so `kapp delete` or `kubectl delete` would fail.
- The new approach is to statically define the Service and an APIService
  in the deployment.yaml, except for the caBundle of the APIService.
  Then the golang code will perform an update to add the caBundle at
  runtime.
- When the user uses `kapp deploy` or `kubectl apply` either tool will
  notice that the caBundle is not declared in the yaml and will
  therefore avoid editing that field.
- When the user uses `kapp delete` or `kubectl delete` either tool will
  destroy the objects because they are statically declared with names
  in the yaml, just like all of the other objects. There are no
  ownerReferences used, so nothing should prevent the namespace from
  being deleted.
- This approach also allows us to have less golang code to maintain.
- In the future, if our golang controllers want to dynamically add
  an Ingress or other objects, they can still do that. An Ingress
  would point to our statically defined Service as its backend.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-04 16:46:27 -07:00
Andrew Keesler
92939cf118 Indent pod template annotations correctly in deployment.yaml
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-08-04 14:52:08 -07:00
Ryan Richard
ca80d87dcf
Use rest.Config for discovery URL instead of env var
- Why? Because the discovery URL is already there in the kubeconfig; let's
  not make our lives more complicated by passing it in via an env var.
- Also allow for ytt callers to not specify data.values.discovery_url - there
  are going to be a non-trivial number of installers of placeholder-name
  that want to use the server URL found in the cluster-info ConfigMap.

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-03 14:36:08 -04:00
Andrew Keesler
597408a977
Allow override of discovery URL via ConfigMap
Signed-off-by: Andrew Keesler <akeesler@vmware.com>

- Seems like the next step is to allow override of the CA bundle; I didn't
  do that here for simplicity of the commit, but seems like it is the right
  thing to do in the future.
2020-08-03 10:17:11 -04:00
Ryan Richard
cf56c67329 Move LoginDiscoveryConfig to the crds.placeholder.suzerain-io.github.io group
- Also includes bumping the api and client-go dependencies to the newer
  version which also moved LoginDiscoveryConfig to the
  crds.placeholder.suzerain-io.github.io group in the generated code
2020-07-31 17:22:12 -07:00
Ryan Richard
2aa80e3576 More WIP for the publisher controller 2020-07-31 14:35:20 -07:00
Andrew Keesler
52546fad90 WIP: start on publisher controller integration 2020-07-31 12:08:07 -04:00
Ryan Richard
a8f3c62d37 Remove identity provider list from LoginDiscoveryConfig CRD
Because we're not going to need it for the current story

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-07-29 13:17:55 -07:00
Andrew Keesler
7ba43e0c3f More validations on the LoginDiscoveryConfig CRD
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-07-29 13:14:50 -07:00
Ryan Richard
b70f3aefe5 First draft of LoginDiscoveryConfig CRD 2020-07-28 16:55:50 -07:00
Ryan Richard
9e44bc28d9 Change the name of the placeholder-name CLI to placeholder-name-server
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-28 15:15:59 -05:00
Matt Moyer
63a5381968 Work around k8s 1.16 limitations of priorityClassName.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-27 12:33:33 -07:00
Matt Moyer
066bc84e2a Add "--cluster-signing-*-file" flags pointing at a host volume mount.
This is a somewhat more basic way to get access to the certificate and private key we need to issue short lived certificates.

The host path, tolerations, and node selector here should work on any kubeadm-derived cluster including TKG-S and Kind.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-27 12:31:30 -07:00
Mo Khan
5fdc20886d
Initial aggregated API server (#15)
Add initial aggregated API server (squashed from a bunch of commits).

Signed-off-by: Andrew Keesler <akeesler@vmware.com>
Signed-off-by: Aram Price <pricear@vmware.com>
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-07-23 10:05:21 -05:00
Monis Khan
549da37805
Encode git version info into binary and user agent
Signed-off-by: Monis Khan <mok@vmware.com>
2020-07-20 00:32:11 -04:00
Ryan Richard
260a271859 Add RBAC for autoregistration
- Also fix mistakes in the deployment.yaml
- Also hardcode the ownerRef kind and version because otherwise we get an error

Signed-off-by: Monis Khan <mok@vmware.com>
2020-07-17 14:42:02 -07:00
Matt Moyer
092cc26789 Refactor app.go and wire in autoregistration.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-17 12:10:33 -05:00
Andrew Keesler
9edae03812
deployment.yaml: update config file format
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-07-14 12:38:43 -04:00
Ryan Richard
3fd7e7835a Allow optionally using a tag instead of a digest in deployment.yaml 2020-07-09 10:16:46 -07:00
Matt Moyer
a9cf376000 Fix string templating in YAML config.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-09 11:58:28 -05:00
Matt Moyer
fe81958d2c Add an example config to ./deploy resources.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-07-09 11:42:31 -05:00
Monis Khan
e9145bbe2e
Set imagePullPolicy to prevent defaulting
Signed-off-by: Monis Khan <mok@vmware.com>
2020-07-09 00:39:56 -04:00
Ryan Richard
f0d7077efc Update deploy README.md 2020-07-07 18:50:35 -07:00
Ryan Richard
4e17853ecf Example deployment
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-07-07 13:17:34 -07:00