Merge pull request #8134 from zalando-incubator/add-canary-controller

MustafaSaber · web-flow · commit 10293ba9bcdc · 2024-09-23T13:56:53.000+02:00
canary-controller: add manifests
diff --git a/cluster/config-defaults.yaml b/cluster/config-defaults.yaml
@@ -89,7 +89,7 @@ skipper_ingress_health_check_options: "period=10s,min-requests=10,min-drop-proba
 # Enables deployment of canary version
 skipper_ingress_canary_enabled: "true"
 skipper_ingress_test_single_pod: "false"
-
+skipper_canary_controller_enabled: "false"
 # When set to true (and dedicated node pool for skipper is also true) the
 # daemonset overhead will be subtracted from the cpu settings such
 # that skipper will perfectly fit on the node.
diff --git a/cluster/manifests/skipper-canary-controller/01-canary-service-account.yaml b/cluster/manifests/skipper-canary-controller/01-canary-service-account.yaml
@@ -0,0 +1,53 @@
+# {{ if eq .Cluster.ConfigItems.skipper_canary_controller_enabled "true" }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: skipper-canary-controller
+  namespace: kube-system
+  labels:
+    application: skipper-ingress
+    component: canary
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: skipper-canary-controller
+  labels:
+    application: skipper-ingress
+    component: canary
+rules:
+  - apiGroups:
+      - "apps"
+    resources:
+      - deployments
+    verbs:
+      - get
+      - list
+      - watch
+      - update
+  - apiGroups:
+      - "apps"
+    resources:
+      - controllerrevisions
+    verbs:
+      - get
+      - list
+      - delete
+      - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: skipper-canary-controller
+  labels:
+    application: skipper-ingress
+    component: canary
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: skipper-canary-controller
+subjects:
+  - kind: ServiceAccount
+    name: skipper-canary-controller
+    namespace: kube-system
+# {{ end }}
diff --git a/cluster/manifests/skipper-canary-controller/canary-cronjob.yaml b/cluster/manifests/skipper-canary-controller/canary-cronjob.yaml
@@ -0,0 +1,49 @@
+# {{ if eq .Cluster.ConfigItems.skipper_canary_controller_enabled "true" }}
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: skipper-canary-conrtroller
+  namespace: kube-system
+  labels:
+    application: skipper-ingress
+    component: canary
+spec:
+  # schedule: "0 9-19 * * *" # every hour from 9 to 17 -> migrate to this when we are sure everything is ok
+  schedule: "*/30 * * * *"
+  jobTemplate:
+    spec:
+      template:
+        metadata:
+          labels:
+            application: skipper-ingress
+            component: canary
+        spec:
+          serviceAccountName: skipper-canary-controller
+          # Make sure the job run only once
+          restartPolicy: Never
+          concurrencyPolicy: Forbid
+          backoffLimit: 0
+          containers:
+          - name: skipper-canary-controller
+            terminationMessagePolicy: FallbackToLogsOnError
+            image: container-registry.zalando.net/gwproxy/skipper-canary-controller:main-20
+            env:
+            - name: _PLATFORM_OBSERVABILITY_ACCESS_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: skipper-ingress
+                  key: lightstep-token
+            - name: LIGHTSTEP_DEBUG
+              value: "true"
+            args:
+              - "--dry-mode=true"
+              - "--prometheus-url=http://prometheus.kube-system.svc.cluster.local"
+              - "--log-level=debug"
+              - "--run-once=true"
+              - "--use-mem-query"
+              - "--use-status-query"
+            resources:
+              limits:
+                memory: "128Mi"
+                cpu: "500m"
+# {{ end }}
