Merge pull request #905 from SteveHNH/envoy_to_caddy

Switch out the envoy reverse proxy for caddy

Author: psav

controllers/cloud.redhat.com/clowderconfig/config.go

@@ -8,12 +8,12 @@ import (
 
 type ClowderConfig struct {
 	Images struct {
-		MBOP           string `json:"mbop"`
-		Caddy          string `json:"caddy"`
-		CaddyGateway   string `json:"caddyGateway"`
-		Keycloak       string `json:"Keycloak"`
-		Mocktitlements string `json:"mocktitlements"`
-		Envoy          string `json:"envoy"`
+		MBOP              string `json:"mbop"`
+		Caddy             string `json:"caddy"`
+		CaddyGateway      string `json:"caddyGateway"`
+		Keycloak          string `json:"Keycloak"`
+		Mocktitlements    string `json:"mocktitlements"`
+		CaddyReverseProxy string `json:"caddyReverseProxy"`
 	} `json:"images"`
 	DebugOptions struct {
 		Logging struct {

controllers/cloud.redhat.com/providers/utils/utils.go

@@ -26,6 +26,7 @@ var DefaultImageCaddyGateway = DefaultImageCaddySideCar
 var DefaultImageMBOP = "quay.io/cloudservices/mbop:959d00d"
 var DefaultImageMocktitlements = "quay.io/cloudservices/mocktitlements:81fd80e"
 var DefaultKeyCloakVersion = "23.0.1"
+var DefaultImageCaddyProxy = "quay.io/cloudservices/caddy-ubi:latest"
 var DefaultImageKeyCloak = fmt.Sprintf("quay.io/keycloak/keycloak:%s", DefaultKeyCloakVersion)
 
 // MakeLocalDB populates the given deployment object with the local DB struct.

controllers/cloud.redhat.com/providers/web/caddy_reverse_proxy.go

@@ -0,0 +1,99 @@
+package web
+
+import (
+	"encoding/json"
+	"fmt"
+
+	crd "github.com/RedHatInsights/clowder/apis/cloud.redhat.com/v1alpha1"
+
+	caddy "github.com/caddyserver/caddy/v2"
+	caddyconfig "github.com/caddyserver/caddy/v2/caddyconfig"
+	caddyhttp "github.com/caddyserver/caddy/v2/modules/caddyhttp"
+	"github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy"
+	caddytls "github.com/caddyserver/caddy/v2/modules/caddytls"
+)
+
+func generateServers(pub bool, priv bool, pubPort uint32, privPort uint32, appPubPort int32, appPrivPort int32) (map[string]*caddyhttp.Server, error) {
+	servers := make(map[string]*caddyhttp.Server)
+
+	tlsConnPolicy := []*caddytls.ConnectionPolicy{{
+		CertSelection: &caddytls.CustomCertSelectionPolicy{
+			AnyTag: []string{"cert0"},
+		},
+	}}
+
+	if pub {
+		pubServer := generateServer(pubPort, appPubPort, tlsConnPolicy)
+		servers["pubServer"] = pubServer
+	}
+
+	if priv {
+		privServer := generateServer(privPort, appPrivPort, tlsConnPolicy)
+		servers["privServer"] = privServer
+	}
+
+	return servers, nil
+}
+
+func generateServer(port uint32, appPort int32, tlsConnPolicy []*caddytls.ConnectionPolicy) *caddyhttp.Server {
+
+	var warnings []caddyconfig.Warning
+
+	reverseProxy := reverseproxy.Handler{
+		Upstreams: []*reverseproxy.Upstream{{
+			Dial: fmt.Sprintf("localhost:%d", appPort),
+		}},
+	}
+
+	server := &caddyhttp.Server{
+		Listen: []string{fmt.Sprintf(":%d", port)},
+		Routes: caddyhttp.RouteList{{
+			HandlersRaw: []json.RawMessage{
+				caddyconfig.JSONModuleObject(reverseProxy, "handler", "reverse_proxy", &warnings),
+			},
+		}},
+		TLSConnPolicies: tlsConnPolicy,
+	}
+
+	return server
+}
+
+func generateCaddyConfig(pub bool, priv bool, pubPort uint32, privPort uint32, env *crd.ClowdEnvironment) (string, error) {
+	var warnings []caddyconfig.Warning
+
+	var servers map[string]*caddyhttp.Server
+	var err error
+
+	appPubPort := env.Spec.Providers.Web.Port
+	appPrivPort := env.Spec.Providers.Web.PrivatePort
+
+	servers, err = generateServers(pub, priv, pubPort, privPort, appPubPort, appPrivPort)
+	if err != nil {
+		fmt.Print("error generating caddy server config. Server generation failed")
+	}
+
+	appConfig := caddyhttp.App{
+		Servers: servers,
+	}
+
+	fl := caddytls.FileLoader{{
+		Certificate: "/certs/tls.crt",
+		Key:         "/certs/tls.key",
+		Tags:        []string{"cert0"},
+	}}
+
+	tlsConfig := caddytls.TLS{
+		CertificatesRaw: caddy.ModuleMap{"load_files": caddyconfig.JSON(fl, &warnings)},
+	}
+
+	v := caddy.Config{
+		StorageRaw: []byte{},
+		AppsRaw: map[string]json.RawMessage{
+			"http": caddyconfig.JSON(appConfig, &warnings),
+			"tls":  caddyconfig.JSON(tlsConfig, &warnings),
+		},
+	}
+
+	pretty, _ := json.MarshalIndent(v, "", "  ")
+	return string(pretty), nil
+}

controllers/cloud.redhat.com/providers/web/default.go

@@ -20,7 +20,7 @@ type webProvider struct {
 func NewWebProvider(p *providers.Provider) (providers.ClowderProvider, error) {
 	p.Cache.AddPossibleGVKFromIdent(
 		CoreService,
-		CoreEnvoyConfigMap,
+		CoreCaddyConfigMap,
 	)
 	return &webProvider{Provider: *p}, nil
 }