Virtual service management via UI (WIP) + Multiple Access logs (#189)

Virtual service management via UI (WIP) + Multiple Access logs

---------

Signed-off-by: Aleksandr Aleksandrov <aaleksandrov.cy@gmail.com>
Co-authored-by: AndreyKS <andruxa325@gmail.com>

Author: aa1ex

Dockerfile

@@ -15,7 +15,8 @@ RUN go mod download
 COPY cmd/main.go cmd/main.go
 COPY api/ api/
 COPY internal/ internal/
-COPY docs/cacheRestAPI docs/cacheRestAPI
+COPY pkg/ pkg/
+COPY docs/api/cacheRestAPI docs/api/cacheRestAPI
 
 # Build
 # the GOARCH has not a default value to allow the binary be built according to the host where the command

Makefile

@@ -10,6 +10,8 @@ UI_IMG ?= $(UI_IMG_WITHOUT_TAG):$(TAG)
 
 DEPLOY_TIMEOUT ?= 5m
 
+PROM_OPERATOR_VERSION ?= v0.77.1
+
 # REGISTRY is the image registry to use for build and push image targets.
 REGISTRY ?= docker.io/kaasops
 
@@ -251,6 +253,7 @@ endef
 ## HELM
 
 URL=https://kaasops.github.io/envoy-xds-controller/helm
+AUTH_ENABLED=false
 
 .PHONY: helm-lint
 helm-lint:
@@ -269,12 +272,30 @@ helm-index:
 .PHONY: helm-deploy-local
 helm-deploy-local: manifests set-local## Install Envoy xDS Controller into the local Kubernetes cluster specified in ~/.kube/config.
 	@$(LOG_TARGET)
-	helm install exc --set 'watchNamespaces={default}' --set image.repository=$(IMG_WITHOUT_TAG) --set image.tag=$(TAG) --set ui.enabled=true --set cacheAPI.enabled=true --set ui.image.repository=$(UI_IMG_WITHOUT_TAG) --set ui.image.tag=$(TAG) --namespace envoy-xds-controller --create-namespace ./helm/charts/envoy-xds-controller --debug --timeout='$(DEPLOY_TIMEOUT)' --wait
+	helm install exc --set metrics.address=:8443 \
+		--set metrics.secure=false \
+		--set development=true \
+		--set auth.enabled=$(AUTH_ENABLED) \
+ 		--set 'watchNamespaces={default}' \
+ 		--set image.repository=$(IMG_WITHOUT_TAG) \
+ 		--set image.tag=$(TAG) \
+ 		--set ui.enabled=true \
+ 		--set cacheAPI.enabled=true \
+ 		--set ui.image.repository=$(UI_IMG_WITHOUT_TAG) \
+ 		--set ui.image.tag=$(TAG) \
+ 		--set resourceAPI.enabled=true \
+ 		--namespace envoy-xds-controller \
+ 		--create-namespace ./helm/charts/envoy-xds-controller \
+ 		--debug --timeout='$(DEPLOY_TIMEOUT)' --wait
 
 .PHONY: set-local
 set-local:
 	$(eval REGISTRY := $(LOCAL_REGISTRY))
 
+.PHONY: set-auth-env
+set-auth-env:
+	$(eval AUTH_ENABLED := true)
+
 .PHONY: debug-local
 debug-local: set-local
 	@echo $(REGISTRY)
@@ -289,4 +310,71 @@ kr:
 
 .PHONY: kd
 kd:
-	kind delete cluster
+	kind delete cluster
+
+.PHONY: dev-apply-resources
+dev-apply-resources:
+	kubectl -n envoy-xds-controller apply -f dev/testdata
+
+.PHONY: dev-delete-resources
+dev-delete-resources:
+	kubectl -n envoy-xds-controller delete -f dev/testdata
+
+.PHONY: helm-deploy-backend-local
+helm-deploy-backend-local: manifests set-local## Install Envoy xDS Controller into the local Kubernetes cluster specified in ~/.kube/config.
+	@$(LOG_TARGET)
+	helm install exc --set metrics.address=:8443 \
+ 		--set 'watchNamespaces={default}' \
+ 		--set image.repository=$(IMG_WITHOUT_TAG) \
+ 		--set image.tag=$(TAG) \
+ 		--set cacheAPI.enabled=true \
+ 		--set resourceAPI.enabled=true \
+ 		--namespace envoy-xds-controller \
+ 		--create-namespace ./helm/charts/envoy-xds-controller \
+ 		--debug --timeout='$(DEPLOY_TIMEOUT)' --wait
+
+.PHONY: dev-backend
+dev-backend: set-local docker-build docker-push install-prometheus helm-deploy-backend-local
+
+.PHONY: deploy-e2e
+deploy-e2e: manifests
+	helm install exc-e2e --set metrics.address=:8443 \
+ 		--set 'watchNamespaces={default}' \
+ 		--set image.repository=$(IMG_WITHOUT_TAG) \
+ 		--set image.tag=$(TAG) \
+ 		--set cacheAPI.enabled=true \
+ 		--set resourceAPI.enabled=true \
+ 		--namespace envoy-xds-controller \
+ 		--create-namespace ./helm/charts/envoy-xds-controller \
+ 		--debug --timeout='$(DEPLOY_TIMEOUT)' --wait
+
+.PHONY: undeploy-e2e
+undeploy-e2e:
+	helm uninstall -n envoy-xds-controller exc-e2e
+
+.PHONY: install-prometheus
+install-prometheus:
+	kubectl create -f https://github.com/prometheus-operator/prometheus-operator/releases/download/$(PROM_OPERATOR_VERSION)/bundle.yaml
+
+.PHONY: uninstall-prometheus
+uninstall-prometheus:
+	kubectl delete -f https://github.com/prometheus-operator/prometheus-operator/releases/download/$(PROM_OPERATOR_VERSION)/bundle.yaml
+
+.PHONY: bufgen
+bufgen:
+	buf generate
+
+.PHONY: dev-auth
+dev-auth:
+	bash scripts/dev-auth.sh
+
+.PHONY: dev-local-with-auth
+dev-local-with-auth: dev-auth set-auth-env install-prometheus dev-local
+
+.PHONY: helm-template
+helm-template:
+	helm template exc -n envoy-xds-controller ./helm/charts/envoy-xds-controller/
+
+.PHONY: dev-envoy
+dev-envoy:
+	kubectl apply -f dev/envoy

README.md

@@ -1,8 +1,18 @@
 # envoy-xds-controller
-// TODO(user): Add simple overview of use/purpose
+
+A Kubernetes-native control plane for Envoy proxies that provides dynamic configuration management through the xDS API.
 
 ## Description
-// TODO(user): An in-depth paragraph about your project and overview of use
+
+Envoy xDS Controller is a Kubernetes controller that manages Envoy proxy configurations through the xDS API. It allows defining Envoy configurations as Kubernetes Custom Resources (CRs) and automatically transforms them into Envoy configurations, which are delivered to proxies via the xDS protocol in real-time.
+
+Key features:
+- Full support for Envoy xDS v3 API (LDS, RDS, CDS, EDS)
+- Kubernetes-native integration with controller-runtime
+- Dynamic configuration updates without proxy restarts
+- Authentication and authorization with OIDC and RBAC
+- Templating system for configuration reuse
+- Web UI for configuration management
 
 ## Getting Started
 
@@ -90,7 +100,27 @@ kubectl apply -f https://raw.githubusercontent.com/<org>/envoy-xds-controller/<t
 ```
 
 ## Contributing
-// TODO(user): Add detailed information on how you would like others to contribute to this project
+
+We welcome contributions to the Envoy xDS Controller project! Here's how you can contribute:
+
+1. **Code Contributions**:
+   - Fork the repository
+   - Create a feature branch (`git checkout -b feature/amazing-feature`)
+   - Commit your changes (`git commit -m 'Add some amazing feature'`)
+   - Push to the branch (`git push origin feature/amazing-feature`)
+   - Open a Pull Request
+
+2. **Bug Reports and Feature Requests**:
+   - Use the GitHub issue tracker to report bugs or request features
+
+3. **Development Environment**:
+   - See the [development documentation](docs/development.md) for setting up your development environment
+   - Check [contributing guidelines](docs/contributing/development.md) for webhook setup
+
+4. **Testing**:
+   - Add tests for new features
+   - Run existing tests with `make test`
+   - Run end-to-end tests with `make test-e2e`
 
 **NOTE:** Run `make help` for more information on all potential `make` targets
 
@@ -111,4 +141,3 @@ distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
-

api/v1alpha1/accesslogconfig_methods.go

@@ -121,3 +121,15 @@ func (a *AccessLogConfig) IsEqual(other *AccessLogConfig) bool {
 
 	return true
 }
+
+func (a *AccessLogConfig) GetAccessGroup() string {
+	accessGroup := a.GetLabels()[LabelAccessGroup]
+	if accessGroup == "" {
+		return GeneralAccessGroup
+	}
+	return accessGroup
+}
+
+func (a *AccessLogConfig) GetDescription() string {
+	return a.Annotations[annotationDescription]
+}

api/v1alpha1/cluster_methods.go

@@ -60,3 +60,7 @@ func (c *Cluster) IsEqual(other *Cluster) bool {
 	}
 	return true
 }
+
+func (c *Cluster) GetDescription() string {
+	return c.Annotations[annotationDescription]
+}

api/v1alpha1/httpfilter_methods.go

@@ -6,6 +6,7 @@ import (
 
 	hcmv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3"
 	"github.com/kaasops/envoy-xds-controller/internal/protoutil"
+	"sigs.k8s.io/yaml"
 )
 
 func (h *HttpFilter) UnmarshalV3() ([]*hcmv3.HttpFilter, error) {
@@ -74,3 +75,34 @@ func (h *HttpFilter) IsEqual(other *HttpFilter) bool {
 	}
 	return true
 }
+
+func (h *HttpFilter) GetAccessGroup() string {
+	accessGroup := h.GetLabels()[LabelAccessGroup]
+	if accessGroup == "" {
+		return GeneralAccessGroup
+	}
+	return accessGroup
+}
+
+func (h *HttpFilter) GetDescription() string {
+	return h.Annotations[annotationDescription]
+}
+
+func (h *HttpFilter) Raw() []byte {
+	if h == nil || len(h.Spec) == 0 {
+		return nil
+	}
+	items := make([]any, 0, len(h.Spec))
+	for _, spec := range h.Spec {
+		var httpFilterMap map[string]interface{}
+		if err := yaml.Unmarshal(spec.Raw, &httpFilterMap); err != nil {
+			return nil
+		}
+		items = append(items, httpFilterMap)
+	}
+	data, err := json.Marshal(items)
+	if err != nil {
+		return nil
+	}
+	return data
+}

api/v1alpha1/listener_methods.go

@@ -42,3 +42,15 @@ func (l *Listener) IsEqual(other *Listener) bool {
 	}
 	return bytes.Equal(l.Spec.Raw, other.Spec.Raw)
 }
+
+func (l *Listener) GetAccessGroup() string {
+	accessGroup := l.GetLabels()[LabelAccessGroup]
+	if accessGroup == "" {
+		return GeneralAccessGroup
+	}
+	return accessGroup
+}
+
+func (l *Listener) GetDescription() string {
+	return l.Annotations[annotationDescription]
+}

api/v1alpha1/policy_methods.go

@@ -54,3 +54,15 @@ func (p *Policy) IsEqual(other *Policy) bool {
 	}
 	return bytes.Equal(p.Spec.Raw, other.Spec.Raw)
 }
+
+func (p *Policy) GetAccessGroup() string {
+	accessGroup := p.GetLabels()[LabelAccessGroup]
+	if accessGroup == "" {
+		return GeneralAccessGroup
+	}
+	return accessGroup
+}
+
+func (p *Policy) GetDescription() string {
+	return p.Annotations[annotationDescription]
+}

api/v1alpha1/route_methods.go

@@ -3,8 +3,11 @@ package v1alpha1
 import (
 	"bytes"
 
+	"encoding/json"
+
 	routev3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
 	"github.com/kaasops/envoy-xds-controller/internal/protoutil"
+	"sigs.k8s.io/yaml"
 )
 
 func (r *Route) UnmarshalV3() ([]*routev3.Route, error) {
@@ -57,3 +60,34 @@ func (r *Route) IsEqual(other *Route) bool {
 	}
 	return true
 }
+
+func (r *Route) GetAccessGroup() string {
+	accessGroup := r.GetLabels()[LabelAccessGroup]
+	if accessGroup == "" {
+		return GeneralAccessGroup
+	}
+	return accessGroup
+}
+
+func (r *Route) GetDescription() string {
+	return r.Annotations[annotationDescription]
+}
+
+func (r *Route) Raw() []byte {
+	if r == nil || len(r.Spec) == 0 {
+		return nil
+	}
+	items := make([]any, 0, len(r.Spec))
+	for _, spec := range r.Spec {
+		var routeMap map[string]interface{}
+		if err := yaml.Unmarshal(spec.Raw, &routeMap); err != nil {
+			return nil
+		}
+		items = append(items, routeMap)
+	}
+	data, err := json.Marshal(items)
+	if err != nil {
+		return nil
+	}
+	return data
+}

api/v1alpha1/shared_types.go

@@ -1,6 +1,8 @@
 package v1alpha1
 
-const AnnotationSecretDomains = "envoy.kaasops.io/domains"
+const AnnotationSecretDomains = "envoy.kaasops.io/domains" // TODO: make private, access via getter
+const annotationDescription = "envoy.kaasops.io/description"
+const GeneralAccessGroup = "general"
 
 type Message string