Move router service to its own deployment

.github/workflows/e2e.yaml

@@ -14,15 +14,8 @@ jobs:
           - ubuntu-24.04-arm
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: jumpstarter-dev/jumpstarter-e2e@main
+      - uses: jumpstarter-dev/jumpstarter-e2e@router
         with:
           controller-ref: ${{ github.ref }}
           # use the matching branch on the jumpstarter repo
           jumpstarter-ref: ${{ github.event.pull_request.base.ref }}
-  e2e-tests-28d6b1cc3b49ab9ae176918ab9709a2e2522c97e:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: jumpstarter-dev/jumpstarter-e2e@11a5ce6734be9f089ec3ea6ebf55284616f67fe8
-        with:
-          controller-ref: ${{ github.ref }}
-          jumpstarter-ref: 28d6b1cc3b49ab9ae176918ab9709a2e2522c97e

Dockerfile

@@ -11,7 +11,7 @@ COPY go.sum go.sum
 RUN go mod download
 
 # Copy the go source
-COPY cmd/main.go cmd/main.go
+COPY cmd/ cmd/
 COPY api/ api/
 COPY internal/ internal/
 
@@ -21,10 +21,12 @@ COPY internal/ internal/
 # the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore,
 # by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
 RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager cmd/main.go
+RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o router  cmd/router/main.go
 
 FROM registry.access.redhat.com/ubi9/ubi-micro:9.5
 WORKDIR /
 COPY --from=builder /opt/app-root/src/manager .
+COPY --from=builder /opt/app-root/src/router  .
 USER 65532:65532
 
 ENTRYPOINT ["/manager"]

Makefile

@@ -87,11 +87,16 @@ lint-fix: golangci-lint ## Run golangci-lint linter and perform fixes
 .PHONY: build
 build: manifests generate fmt vet ## Build manager binary.
 	go build -o bin/manager cmd/main.go
+	go build -o bin/router  cmd/router/main.go
 
 .PHONY: run
 run: manifests generate fmt vet ## Run a controller from your host.
 	go run ./cmd/main.go
 
+.PHONY: run-router
+run-router: manifests generate fmt vet ## Run a router from your host.
+	go run ./cmd/router/main.go
+
 # If you wish to build the manager image targeting other platforms you can use the --platform flag.
 # (i.e. docker build --platform linux/arm64). However, you must enable docker buildKit for it.
 # More info: https://docs.docker.com/develop/develop-images/build_enhancements/

cmd/main.go

@@ -151,7 +151,7 @@ func main() {
 		os.Exit(1)
 	}
 
-	authenticator, prefix, option, provisioning, err := config.LoadConfiguration(
+	authenticator, prefix, router, option, provisioning, err := config.LoadConfiguration(
 		context.Background(),
 		mgr.GetAPIReader(),
 		mgr.GetScheme(),
@@ -211,21 +211,13 @@ func main() {
 			ResourceKey:  "jumpstarter-kind",
 			NameKey:      "jumpstarter-name",
 		}),
+		Router:       router,
 		ServerOption: option,
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create service", "service", "Controller")
 		os.Exit(1)
 	}
 
-	if err = (&service.RouterService{
-		Client:       mgr.GetClient(),
-		Scheme:       mgr.GetScheme(),
-		ServerOption: option,
-	}).SetupWithManager(mgr); err != nil {
-		setupLog.Error(err, "unable to create service", "service", "Router")
-		os.Exit(1)
-	}
-
 	if err = (&service.OIDCService{
 		Signer: oidcSigner,
 		Cert:   oidcCert,

cmd/router/main.go

@@ -0,0 +1,75 @@
+/*
+Copyright 2024.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"flag"
+	"os"
+	"os/signal"
+	"syscall"
+
+	ctrl "sigs.k8s.io/controller-runtime"
+	kclient "sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/log/zap"
+
+	"github.com/go-logr/logr"
+	"github.com/jumpstarter-dev/jumpstarter-controller/internal/config"
+	"github.com/jumpstarter-dev/jumpstarter-controller/internal/service"
+)
+
+func main() {
+	opts := zap.Options{}
+	opts.BindFlags(flag.CommandLine)
+
+	flag.Parse()
+
+	ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
+	logger := ctrl.Log.WithName("router")
+	ctx := logr.NewContext(context.Background(), logger)
+
+	cfg := ctrl.GetConfigOrDie()
+	client, err := kclient.New(cfg, kclient.Options{})
+	if err != nil {
+		logger.Error(err, "failed to create k8s client")
+		os.Exit(1)
+	}
+
+	serverOption, err := config.LoadRouterConfiguration(ctx, client, kclient.ObjectKey{
+		Namespace: os.Getenv("NAMESPACE"),
+		Name:      "jumpstarter-controller",
+	})
+	if err != nil {
+		logger.Error(err, "failed to load router configuration")
+		os.Exit(1)
+	}
+
+	svc := service.RouterService{
+		ServerOption: serverOption,
+	}
+
+	err = svc.Start(ctx)
+	if err != nil {
+		logger.Error(err, "failed to start router service")
+		os.Exit(1)
+	}
+
+	sigs := make(chan os.Signal, 1)
+	signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM)
+	sig := <-sigs
+	logger.Info("received signal, exiting", "signal", sig)
+}

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/_helpers.yaml

@@ -0,0 +1,56 @@
+{{- define "grpc.hostname" -}}
+  {{- if $.Values.grpc.hostname -}}
+    {{ $.Values.grpc.hostname }}
+  {{- else -}}
+    grpc.{{ $.Values.global.baseDomain | required "a global.baseDomain or a grpc.hostname must be provided" }}
+  {{- end -}}
+{{- end -}}
+
+{{- define "grpc.endpoint" -}}
+  {{- if $.Values.grpc.endpoint -}}
+    {{ $.Values.grpc.endpoint }}
+  {{- else -}}
+    {{ include "grpc.hostname" $ }}:{{ $.Values.grpc.tls.port }}
+  {{- end -}}
+{{- end -}}
+
+{{- define "grpc.service.type" -}}
+  {{- if $.Values.grpc.service -}}
+    {{ $.Values.grpc.service.type | default "ClusterIP" }}
+  {{- else -}}
+    ClusterIP
+  {{- end -}}
+{{- end -}}
+
+{{- define "router.hostname" -}}
+  {{- $g := index . 0 -}}
+  {{- $k := index . 1 -}}
+  {{- $v := index . 2 -}}
+  {{- if $v.hostname -}}
+    {{ $v.hostname }}
+  {{- else -}}
+    router-{{ $k }}.{{ $g.Values.global.baseDomain | required "a global.baseDomain or a grpc.router.<name>.hostname must be provided" }}
+  {{- end -}}
+{{- end -}}
+
+{{- define "router.endpoint" -}}
+  {{- $g := index . 0 -}}
+  {{- $k := index . 1 -}}
+  {{- $v := index . 2 -}}
+  {{- if $v.endpoint -}}
+    {{ $v.endpoint }}
+  {{- else -}}
+    {{ include "router.hostname" . }}:{{ $g.Values.grpc.tls.port }}
+  {{- end -}}
+{{- end -}}
+
+{{- define "router.service.type" -}}
+  {{- $g := index . 0 -}}
+  {{- $k := index . 1 -}}
+  {{- $v := index . 2 -}}
+  {{- if $v.service -}}
+    {{ $v.service.type | default "ClusterIP" }}
+  {{- else -}}
+    ClusterIP
+  {{- end -}}
+{{- end -}}

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/cms/controller-cm.yaml

@@ -15,5 +15,14 @@ data:
   {{ if .Values.authenticationConfig }}
   authentication: {{- .Values.authenticationConfig | toYaml | indent 1 }}
   {{ end }}
+  router: |
+  {{ range $k, $v := .Values.grpc.routers }}
+    {{ $k }}:
+      endpoint: {{ include "router.endpoint" (list $ $k $v) | quote }}
+      {{ if $v.labels }}
+      labels:
+        {{ $v.labels | toYaml | indent 1 }}
+      {{ end }}
+  {{ end }}
   config: |
 {{ .Values.config | toYaml | indent 4 }}

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-deployment.yaml

@@ -10,7 +10,6 @@ metadata:
     deployment.timestamp: {{ .Values.global.timestamp | quote }}
     {{ end }}
   annotations:
-    configmap-sha256: {{ include (print $.Template.BasePath "/cms/controller-cm.yaml") . | sha256sum }}
     argocd.argoproj.io/sync-wave: "1"
 spec:
   selector:
@@ -20,6 +19,7 @@ spec:
   template:
     metadata:
       annotations:
+        configmap-sha256: {{ include (print $.Template.BasePath "/cms/controller-cm.yaml") . | sha256sum }}
         kubectl.kubernetes.io/default-container: manager
       labels:
         control-plane: controller-manager
@@ -58,21 +58,7 @@ spec:
           - -metrics-bind-address=:8080
         env:
         - name: GRPC_ENDPOINT
-          {{ if .Values.grpc.endpoint }}
-          value : {{ .Values.grpc.endpoint }}
-          {{ else if .Values.hostname }}
-          value: {{ .Values.hostname }}:{{ .Values.grpc.tls.port }}
-          {{ else }}
-          value: grpc.{{ .Values.global.baseDomain }}:{{ .Values.grpc.tls.port }}
-          {{ end }}
-        - name: GRPC_ROUTER_ENDPOINT
-          {{ if .Values.grpc.routerEndpoint }}
-          value: {{ .Values.grpc.routerEndpoint }}
-          {{ else if .Values.routerHostname }}
-          value: {{ .Values.routerHostname }}:{{ .Values.grpc.tls.port }}
-          {{ else }}
-          value: router.{{ .Values.global.baseDomain }}:{{ .Values.grpc.tls.port }}
-          {{ end }}
+          value : {{ include "grpc.endpoint" . | quote }}
         - name: CONTROLLER_KEY
           valueFrom:
             secretKeyRef:

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-ingress.yaml

@@ -1,4 +1,5 @@
-{{ if eq .Values.grpc.mode "ingress" }}
+{{ if .Values.grpc.ingress }}
+{{ if .Values.grpc.ingress.enabled }}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
@@ -17,11 +18,7 @@ spec:
   ingressClassName: {{ .Values.grpc.ingress.class }}
   {{ end }}
   rules:
-  {{ if .Values.grpc.hostname }}
-  - host: {{ .Values.grpc.hostname }}
-  {{ else }}
-  - host: grpc.{{ .Values.global.baseDomain | required "a global.baseDomain or a grpc.hostname must be provided"}}
-  {{ end }}
+  - host: {{ include "grpc.hostname" . }}
     http:
       paths:
       - path: /
@@ -33,12 +30,9 @@ spec:
               number: 8082
   tls:
   - hosts:
-      {{ if .Values.grpc.hostname }}
-      - {{ .Values.grpc.hostname }}
-      {{ else }}
-      - grpc.{{ .Values.global.baseDomain | required "a global.baseDomain or a grpc.hostname must be provided"}}
-      {{ end }}
+      - {{ include "grpc.hostname" . }}
     {{ if .Values.grpc.tls.controllerCertSecret }}
     secretName: {{ .Values.grpc.tls.controllerCertSecret }}
     {{ end }}
 {{ end }}
+{{ end }}

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-route.yaml

@@ -1,4 +1,5 @@
-{{ if eq .Values.grpc.mode "route" }}
+{{ if .Values.grpc.route }}
+{{ if .Values.grpc.route.enabled }}
 apiVersion: route.openshift.io/v1
 kind: Route
 metadata:
@@ -11,11 +12,7 @@ metadata:
   name: jumpstarter-controller-route
   namespace: {{ default .Release.Namespace .Values.namespace }}
 spec:
-  {{ if .Values.grpc.hostname }}
-  host: {{ .Values.grpc.hostname }}
-  {{ else }}
-  host: grpc.{{ .Values.global.baseDomain | required "a global.baseDomain or a grpc.hostname must be provided"}}
-  {{ end }}
+  host: {{ include "grpc.hostname" . }}
   port:
     targetPort: 8082
   tls:
@@ -32,3 +29,4 @@ spec:
     weight: 100
   wildcardPolicy: None
 {{ end }}
+{{ end }}

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-service.yaml

@@ -7,18 +7,18 @@ metadata:
   name: jumpstarter-grpc
   namespace: {{ default .Release.Namespace .Values.namespace }}
 spec:
-  {{ if .Values.grpc.nodeport.enabled }}
-  type: NodePort
-  {{ end }}
+  type: {{ include "grpc.service.type" . }}
 
   ports:
   - name: grpc
     port: 8082
     protocol: TCP
     targetPort: 8082
     appProtocol: h2c # HTTP/2 over cleartext for gRPC (fixes edge termination in ingress/router)
-    {{ if .Values.grpc.nodeport.enabled }}
-    nodePort: {{ .Values.grpc.nodeport.port }}
+    {{ if .Values.grpc.service }}
+    {{ if .Values.grpc.service.nodePort }}
+    nodePort: {{ .Values.grpc.service.nodePort }}
+    {{ end }}
     {{ end }}
   selector:
     control-plane: controller-manager

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/rbac/leader_election_role.yaml

@@ -5,7 +5,7 @@ metadata:
   labels:
     app.kubernetes.io/name: jumpstarter-router
   name: leader-election-role
-  namespace: {{ .Values.namespace }}
+  namespace: {{ default .Release.Namespace .Values.namespace }}
 rules:
 - apiGroups:
   - ""

deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/rbac/leader_election_role_binding.yaml

@@ -3,7 +3,7 @@ kind: RoleBinding
 metadata:
   labels:
     app.kubernetes.io/name: jumpstarter-router
-  namespace: {{ .Values.namespace }}
+  namespace: {{ default .Release.Namespace .Values.namespace }}
   name: leader-election-rolebinding
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -12,4 +12,4 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: controller-manager
-  namespace: {{ .Values.namespace }}
+  namespace: {{ default .Release.Namespace .Values.namespace }}