Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(agent): add nginx proxy for agent communication #957

Merged
merged 6 commits into from
Oct 4, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,10 @@ STORAGE_NAMESPACE ?= $(DEFAULT_NAMESPACE)
STORAGE_NAME ?= cryostat-storage
STORAGE_VERSION ?= latest
export STORAGE_IMG ?= $(STORAGE_NAMESPACE)/$(STORAGE_NAME):$(STORAGE_VERSION)
AGENT_PROXY_NAMESPACE ?= registry.access.redhat.com/ubi8
AGENT_PROXY_NAME ?= nginx-124
AGENT_PROXY_VERSION ?= latest
export AGENT_PROXY_IMG = $(AGENT_PROXY_NAMESPACE)/$(AGENT_PROXY_NAME):$(AGENT_PROXY_VERSION)

CERT_MANAGER_VERSION ?= 1.11.5
CERT_MANAGER_MANIFEST ?= \
Expand Down
25 changes: 17 additions & 8 deletions api/v1beta1/cryostat_conversion_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -80,17 +80,32 @@ func tableEntriesTo() []TableEntry {
return append(tableEntries(),
Entry("WS connections", (*test.TestResources).NewCryostatWithWsConnectionsSpecV1Beta1,
(*test.TestResources).NewCryostat),
Entry("command config", (*test.TestResources).NewCryostatWithCommandConfigV1Beta1,
Entry("command ingress", (*test.TestResources).NewCryostatWithCommandConfigV1Beta1,
(*test.TestResources).NewCryostatWithIngress),
Entry("grafana ingress", (*test.TestResources).NewCryostatWithGrafanaConfigV1Beta1,
(*test.TestResources).NewCryostatWithIngress),
Entry("minimal mode", (*test.TestResources).NewCryostatWithMinimalModeV1Beta1,
(*test.TestResources).NewCryostat),
Entry("core JMX port", (*test.TestResources).NewCryostatWithCoreSvcJMXPortV1Beta1,
(*test.TestResources).NewCryostatWithCoreSvc),
Entry("resources", (*test.TestResources).NewCryostatWithResourcesV1Beta1,
(*test.TestResources).NewCryostatWithResourcesToV1Beta2),
Entry("low resource limit", (*test.TestResources).NewCryostatWithLowResourceLimitV1Beta1,
(*test.TestResources).NewCryostatWithLowResourceLimitToV1Beta2),
Entry("security", (*test.TestResources).NewCryostatWithSecurityOptionsV1Beta1,
(*test.TestResources).NewCryostatWithSecurityOptionsToV1Beta2),
)
}

func tableEntriesFrom() []TableEntry {
return tableEntries()
return append(tableEntries(),
Entry("resources", (*test.TestResources).NewCryostatWithResourcesV1Beta1,
(*test.TestResources).NewCryostatWithResources),
Entry("low resource limit", (*test.TestResources).NewCryostatWithLowResourceLimitV1Beta1,
(*test.TestResources).NewCryostatWithLowResourceLimit),
Entry("security", (*test.TestResources).NewCryostatWithSecurityOptionsV1Beta1,
(*test.TestResources).NewCryostatWithSecurityOptions),
)
}

func tableEntries() []TableEntry {
Expand Down Expand Up @@ -133,10 +148,6 @@ func tableEntries() []TableEntry {
(*test.TestResources).NewCryostatCertManagerDisabled),
Entry("cert-manager undefined", (*test.TestResources).NewCryostatCertManagerUndefinedV1Beta1,
(*test.TestResources).NewCryostatCertManagerUndefined),
Entry("resources", (*test.TestResources).NewCryostatWithResourcesV1Beta1,
(*test.TestResources).NewCryostatWithResources),
Entry("low resource limit", (*test.TestResources).NewCryostatWithLowResourceLimitV1Beta1,
(*test.TestResources).NewCryostatWithLowResourceLimit),
Entry("built-in discovery disabled", (*test.TestResources).NewCryostatWithBuiltInDiscoveryDisabledV1Beta1,
(*test.TestResources).NewCryostatWithBuiltInDiscoveryDisabled),
Entry("discovery port custom config", (*test.TestResources).NewCryostatWithDiscoveryPortConfigV1Beta1,
Expand All @@ -145,8 +156,6 @@ func tableEntries() []TableEntry {
(*test.TestResources).NewCryostatWithBuiltInPortConfigDisabled),
Entry("JMX cache options", (*test.TestResources).NewCryostatWithJmxCacheOptionsSpecV1Beta1,
(*test.TestResources).NewCryostatWithJmxCacheOptionsSpec),
Entry("security", (*test.TestResources).NewCryostatWithSecurityOptionsV1Beta1,
(*test.TestResources).NewCryostatWithSecurityOptions),
Entry("reports security", (*test.TestResources).NewCryostatWithReportSecurityOptionsV1Beta1,
(*test.TestResources).NewCryostatWithReportSecurityOptions),
Entry("database secret", (*test.TestResources).NewCryostatWithDatabaseSecretProvidedV1Beta1,
Expand Down
21 changes: 21 additions & 0 deletions api/v1beta2/cryostat_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,10 @@ type ResourceConfigList struct {
// +optional
// +operator-sdk:csv:customresourcedefinitions:type=spec,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:resourceRequirements"}
ObjectStorageResources corev1.ResourceRequirements `json:"objectStorageResources,omitempty"`
// Resource requirements for the agent proxy container.
// +optional
// +operator-sdk:csv:customresourcedefinitions:type=spec,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:resourceRequirements"}
AgentProxyResources corev1.ResourceRequirements `json:"agentProxyResources,omitempty"`
}

// CryostatStatus defines the observed state of Cryostat.
Expand Down Expand Up @@ -306,6 +310,16 @@ type ReportsServiceConfig struct {
ServiceConfig `json:",inline"`
}

// AgentServiceConfig provides customization for the service handling
// traffic from Cryostat agents to the Cryostat application.
type AgentServiceConfig struct {
// HTTP port number for the Cryostat agent API service.
// Defaults to 8282.
// +optional
HTTPPort *int32 `json:"httpPort,omitempty"`
ServiceConfig `json:",inline"`
}

// ServiceConfigList holds the service configuration for each
// service created by the operator.
type ServiceConfigList struct {
Expand All @@ -315,6 +329,9 @@ type ServiceConfigList struct {
// Specification for the service responsible for the cryostat-reports sidecars.
// +optional
ReportsConfig *ReportsServiceConfig `json:"reportsConfig,omitempty"`
// Specification for the service responsible for agents to communicate with Cryostat.
// +optional
AgentConfig *AgentServiceConfig `json:"agentConfig,omitempty"`
}

// NetworkConfiguration provides customization for how to expose a Cryostat
Expand Down Expand Up @@ -567,6 +584,10 @@ type SecurityOptions struct {
// +optional
// +operator-sdk:csv:customresourcedefinitions:type=spec
DatabaseSecurityContext *corev1.SecurityContext `json:"databaseSecurityContext,omitempty"`
// Security Context to apply to the agent proxy container.
// +optional
// +operator-sdk:csv:customresourcedefinitions:type=spec
AgentProxySecurityContext *corev1.SecurityContext `json:"agentProxySecurityContext,omitempty"`
}

// ReportsSecurityOptions contains Security Context customizations for the
Expand Down
32 changes: 32 additions & 0 deletions api/v1beta2/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

14 changes: 13 additions & 1 deletion bundle/manifests/cryostat-operator.clusterserviceversion.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ metadata:
capabilities: Seamless Upgrades
categories: Monitoring, Developer Tools
containerImage: quay.io/cryostat/cryostat-operator:4.0.0-dev
createdAt: "2024-09-11T17:33:08Z"
createdAt: "2024-10-04T18:55:09Z"
description: JVM monitoring and profiling tool
operatorframework.io/initialization-resource: |-
{
Expand Down Expand Up @@ -230,6 +230,11 @@ spec:
- description: Resource requirements for the Cryostat deployment.
displayName: Resources
path: resources
- description: Resource requirements for the agent proxy container.
displayName: Agent Proxy Resources
path: resources.agentProxyResources
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:resourceRequirements
- description: Resource requirements for the auth proxy.
displayName: Auth Proxy Resources
path: resources.authProxyResources
Expand Down Expand Up @@ -294,6 +299,9 @@ spec:
path: securityOptions
x-descriptors:
- urn:alm:descriptor:com.tectonic.ui:advanced
- description: Security Context to apply to the agent proxy container.
displayName: Agent Proxy Security Context
path: securityOptions.agentProxySecurityContext
- description: Security Context to apply to the auth proxy container.
displayName: Auth Proxy Security Context
path: securityOptions.authProxySecurityContext
Expand Down Expand Up @@ -1010,6 +1018,8 @@ spec:
value: quay.io/cryostat/cryostat-storage:latest
- name: RELATED_IMAGE_DATABASE
value: quay.io/cryostat/cryostat-db:latest
- name: RELATED_IMAGE_AGENT_PROXY
value: registry.access.redhat.com/ubi8/nginx-124:latest
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
Expand Down Expand Up @@ -1179,6 +1189,8 @@ spec:
name: storage
- image: quay.io/cryostat/cryostat-db:latest
name: database
- image: registry.access.redhat.com/ubi8/nginx-124:latest
name: agent-proxy
version: 4.0.0-dev
webhookdefinitions:
- admissionReviewVersions:
Expand Down
Loading
Loading