From 328a2dff1865af5e39ed044acf105ef63a1fa433 Mon Sep 17 00:00:00 2001 From: David Kwon Date: Wed, 13 Sep 2023 15:43:42 -0400 Subject: [PATCH] Add attributes to set gateway container log level in Che CR (#1748) feat: set traefik and kube-rbac-proxy log level in CR Signed-off-by: dkwon17 Co-authored-by: Anatolii Bazko --- api/v2/checluster_types.go | 24 ++++++ api/v2/zz_generated.deepcopy.go | 45 ++++++++++++ .../che-operator.clusterserviceversion.yaml | 4 +- .../org.eclipse.che_checlusters.yaml | 33 +++++++++ .../bases/org.eclipse.che_checlusters.yaml | 33 +++++++++ deploy/deployment/kubernetes/combined.yaml | 33 +++++++++ ....eclipse.che.CustomResourceDefinition.yaml | 33 +++++++++ deploy/deployment/openshift/combined.yaml | 33 +++++++++ ....eclipse.che.CustomResourceDefinition.yaml | 33 +++++++++ ....eclipse.che.CustomResourceDefinition.yaml | 33 +++++++++ pkg/common/constants/constants.go | 10 ++- pkg/deploy/gateway/gateway.go | 6 +- pkg/deploy/gateway/gateway_test.go | 73 +++++++++++++++++++ pkg/deploy/gateway/kube_rbac_proxy.go | 9 +++ 14 files changed, 395 insertions(+), 7 deletions(-) diff --git a/api/v2/checluster_types.go b/api/v2/checluster_types.go index b7fabc245..b65700fa3 100644 --- a/api/v2/checluster_types.go +++ b/api/v2/checluster_types.go @@ -535,6 +535,12 @@ type Gateway struct { // +optional // +kubebuilder:default:={app: che, component: che-gateway-config} ConfigLabels map[string]string `json:"configLabels,omitempty"` + // Configuration for Traefik within the Che gateway pod. + // +optional + Traefik *Traefik `json:"traefik,omitempty"` + // Configuration for kube-rbac-proxy within the Che gateway pod. + // +optional + KubeRbacProxy *KubeRbacProxy `json:"kubeRbacProxy,omitempty"` } // Proxy server configuration. @@ -736,6 +742,24 @@ type ContainerBuildConfiguration struct { OpenShiftSecurityContextConstraint string `json:"openShiftSecurityContextConstraint,omitempty"` } +// Configuration for Traefik within the Che gateway pod. +type Traefik struct { + // The log level for the Traefik container within the gateway pod: `DEBUG`, `INFO`, `WARN`, `ERROR`, `FATAL`, or `PANIC`. The default value is `INFO` + // +optional + // +kubebuilder:default:="INFO" + // +kubebuilder:validation:Enum=DEBUG;INFO;WARN;ERROR;FATAL;PANIC + LogLevel string `json:"logLevel,omitempty"` +} + +// Configuration for kube-rbac-proxy within the Che gateway pod. +type KubeRbacProxy struct { + // The glog log level for the kube-rbac-proxy container within the gateway pod. Larger values represent a higher verbosity. The default value is `0`. + // +optional + // +kubebuilder:default:=0 + // +kubebuilder:validation:Minimum:=0 + LogLevel *int32 `json:"logLevel,omitempty"` +} + // GatewayPhase describes the different phases of the Che gateway lifecycle. type GatewayPhase string diff --git a/api/v2/zz_generated.deepcopy.go b/api/v2/zz_generated.deepcopy.go index 602d543e2..a680e837b 100644 --- a/api/v2/zz_generated.deepcopy.go +++ b/api/v2/zz_generated.deepcopy.go @@ -670,6 +670,16 @@ func (in *Gateway) DeepCopyInto(out *Gateway) { (*out)[key] = val } } + if in.Traefik != nil { + in, out := &in.Traefik, &out.Traefik + *out = new(Traefik) + **out = **in + } + if in.KubeRbacProxy != nil { + in, out := &in.KubeRbacProxy, &out.KubeRbacProxy + *out = new(KubeRbacProxy) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Gateway. @@ -748,6 +758,26 @@ func (in *ImagePuller) DeepCopy() *ImagePuller { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KubeRbacProxy) DeepCopyInto(out *KubeRbacProxy) { + *out = *in + if in.LogLevel != nil { + in, out := &in.LogLevel, &out.LogLevel + *out = new(int32) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeRbacProxy. +func (in *KubeRbacProxy) DeepCopy() *KubeRbacProxy { + if in == nil { + return nil + } + out := new(KubeRbacProxy) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PVC) DeepCopyInto(out *PVC) { *out = *in @@ -923,6 +953,21 @@ func (in *ServerMetrics) DeepCopy() *ServerMetrics { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Traefik) DeepCopyInto(out *Traefik) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Traefik. +func (in *Traefik) DeepCopy() *Traefik { + if in == nil { + return nil + } + out := new(Traefik) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TrustedCerts) DeepCopyInto(out *TrustedCerts) { *out = *in diff --git a/bundle/next/eclipse-che/manifests/che-operator.clusterserviceversion.yaml b/bundle/next/eclipse-che/manifests/che-operator.clusterserviceversion.yaml index 491967ad7..1300870f7 100644 --- a/bundle/next/eclipse-che/manifests/che-operator.clusterserviceversion.yaml +++ b/bundle/next/eclipse-che/manifests/che-operator.clusterserviceversion.yaml @@ -77,7 +77,7 @@ metadata: operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 repository: https://github.com/eclipse-che/che-operator support: Eclipse Foundation - name: eclipse-che.v7.73.0-808.next + name: eclipse-che.v7.74.0-809.next namespace: placeholder spec: apiservicedefinitions: {} @@ -1234,7 +1234,7 @@ spec: minKubeVersion: 1.19.0 provider: name: Eclipse Foundation - version: 7.73.0-808.next + version: 7.74.0-809.next webhookdefinitions: - admissionReviewVersions: - v1 diff --git a/bundle/next/eclipse-che/manifests/org.eclipse.che_checlusters.yaml b/bundle/next/eclipse-che/manifests/org.eclipse.che_checlusters.yaml index 3de02f1ff..c396b2c1f 100644 --- a/bundle/next/eclipse-che/manifests/org.eclipse.che_checlusters.yaml +++ b/bundle/next/eclipse-che/manifests/org.eclipse.che_checlusters.yaml @@ -8164,6 +8164,39 @@ spec: type: integer type: object type: object + kubeRbacProxy: + description: Configuration for kube-rbac-proxy within + the Che gateway pod. + properties: + logLevel: + default: 0 + description: The glog log level for the kube-rbac-proxy + container within the gateway pod. Larger values + represent a higher verbosity. The default value + is `0`. + format: int32 + minimum: 0 + type: integer + type: object + traefik: + description: Configuration for Traefik within the Che + gateway pod. + properties: + logLevel: + default: INFO + description: 'The log level for the Traefik container + within the gateway pod: `DEBUG`, `INFO`, `WARN`, + `ERROR`, `FATAL`, or `PANIC`. The default value + is `INFO`' + enum: + - DEBUG + - INFO + - WARN + - ERROR + - FATAL + - PANIC + type: string + type: object type: object identityProviderURL: description: Public URL of the Identity Provider server. diff --git a/config/crd/bases/org.eclipse.che_checlusters.yaml b/config/crd/bases/org.eclipse.che_checlusters.yaml index de8bcde8e..b3534c792 100644 --- a/config/crd/bases/org.eclipse.che_checlusters.yaml +++ b/config/crd/bases/org.eclipse.che_checlusters.yaml @@ -7947,6 +7947,39 @@ spec: type: integer type: object type: object + kubeRbacProxy: + description: Configuration for kube-rbac-proxy within + the Che gateway pod. + properties: + logLevel: + default: 0 + description: The glog log level for the kube-rbac-proxy + container within the gateway pod. Larger values + represent a higher verbosity. The default value + is `0`. + format: int32 + minimum: 0 + type: integer + type: object + traefik: + description: Configuration for Traefik within the Che + gateway pod. + properties: + logLevel: + default: INFO + description: 'The log level for the Traefik container + within the gateway pod: `DEBUG`, `INFO`, `WARN`, + `ERROR`, `FATAL`, or `PANIC`. The default value + is `INFO`' + enum: + - DEBUG + - INFO + - WARN + - ERROR + - FATAL + - PANIC + type: string + type: object type: object identityProviderURL: description: Public URL of the Identity Provider server. diff --git a/deploy/deployment/kubernetes/combined.yaml b/deploy/deployment/kubernetes/combined.yaml index 2b1cba23b..4359d1a51 100644 --- a/deploy/deployment/kubernetes/combined.yaml +++ b/deploy/deployment/kubernetes/combined.yaml @@ -7966,6 +7966,39 @@ spec: type: integer type: object type: object + kubeRbacProxy: + description: Configuration for kube-rbac-proxy within + the Che gateway pod. + properties: + logLevel: + default: 0 + description: The glog log level for the kube-rbac-proxy + container within the gateway pod. Larger values + represent a higher verbosity. The default value + is `0`. + format: int32 + minimum: 0 + type: integer + type: object + traefik: + description: Configuration for Traefik within the Che + gateway pod. + properties: + logLevel: + default: INFO + description: 'The log level for the Traefik container + within the gateway pod: `DEBUG`, `INFO`, `WARN`, + `ERROR`, `FATAL`, or `PANIC`. The default value + is `INFO`' + enum: + - DEBUG + - INFO + - WARN + - ERROR + - FATAL + - PANIC + type: string + type: object type: object identityProviderURL: description: Public URL of the Identity Provider server. diff --git a/deploy/deployment/kubernetes/objects/checlusters.org.eclipse.che.CustomResourceDefinition.yaml b/deploy/deployment/kubernetes/objects/checlusters.org.eclipse.che.CustomResourceDefinition.yaml index b9d368dbe..4e7787b38 100644 --- a/deploy/deployment/kubernetes/objects/checlusters.org.eclipse.che.CustomResourceDefinition.yaml +++ b/deploy/deployment/kubernetes/objects/checlusters.org.eclipse.che.CustomResourceDefinition.yaml @@ -7961,6 +7961,39 @@ spec: type: integer type: object type: object + kubeRbacProxy: + description: Configuration for kube-rbac-proxy within + the Che gateway pod. + properties: + logLevel: + default: 0 + description: The glog log level for the kube-rbac-proxy + container within the gateway pod. Larger values + represent a higher verbosity. The default value + is `0`. + format: int32 + minimum: 0 + type: integer + type: object + traefik: + description: Configuration for Traefik within the Che + gateway pod. + properties: + logLevel: + default: INFO + description: 'The log level for the Traefik container + within the gateway pod: `DEBUG`, `INFO`, `WARN`, + `ERROR`, `FATAL`, or `PANIC`. The default value + is `INFO`' + enum: + - DEBUG + - INFO + - WARN + - ERROR + - FATAL + - PANIC + type: string + type: object type: object identityProviderURL: description: Public URL of the Identity Provider server. diff --git a/deploy/deployment/openshift/combined.yaml b/deploy/deployment/openshift/combined.yaml index 32657b6c2..cdcd6e3ee 100644 --- a/deploy/deployment/openshift/combined.yaml +++ b/deploy/deployment/openshift/combined.yaml @@ -7966,6 +7966,39 @@ spec: type: integer type: object type: object + kubeRbacProxy: + description: Configuration for kube-rbac-proxy within + the Che gateway pod. + properties: + logLevel: + default: 0 + description: The glog log level for the kube-rbac-proxy + container within the gateway pod. Larger values + represent a higher verbosity. The default value + is `0`. + format: int32 + minimum: 0 + type: integer + type: object + traefik: + description: Configuration for Traefik within the Che + gateway pod. + properties: + logLevel: + default: INFO + description: 'The log level for the Traefik container + within the gateway pod: `DEBUG`, `INFO`, `WARN`, + `ERROR`, `FATAL`, or `PANIC`. The default value + is `INFO`' + enum: + - DEBUG + - INFO + - WARN + - ERROR + - FATAL + - PANIC + type: string + type: object type: object identityProviderURL: description: Public URL of the Identity Provider server. diff --git a/deploy/deployment/openshift/objects/checlusters.org.eclipse.che.CustomResourceDefinition.yaml b/deploy/deployment/openshift/objects/checlusters.org.eclipse.che.CustomResourceDefinition.yaml index 001b92704..5d8ee06d5 100644 --- a/deploy/deployment/openshift/objects/checlusters.org.eclipse.che.CustomResourceDefinition.yaml +++ b/deploy/deployment/openshift/objects/checlusters.org.eclipse.che.CustomResourceDefinition.yaml @@ -7961,6 +7961,39 @@ spec: type: integer type: object type: object + kubeRbacProxy: + description: Configuration for kube-rbac-proxy within + the Che gateway pod. + properties: + logLevel: + default: 0 + description: The glog log level for the kube-rbac-proxy + container within the gateway pod. Larger values + represent a higher verbosity. The default value + is `0`. + format: int32 + minimum: 0 + type: integer + type: object + traefik: + description: Configuration for Traefik within the Che + gateway pod. + properties: + logLevel: + default: INFO + description: 'The log level for the Traefik container + within the gateway pod: `DEBUG`, `INFO`, `WARN`, + `ERROR`, `FATAL`, or `PANIC`. The default value + is `INFO`' + enum: + - DEBUG + - INFO + - WARN + - ERROR + - FATAL + - PANIC + type: string + type: object type: object identityProviderURL: description: Public URL of the Identity Provider server. diff --git a/helmcharts/next/crds/checlusters.org.eclipse.che.CustomResourceDefinition.yaml b/helmcharts/next/crds/checlusters.org.eclipse.che.CustomResourceDefinition.yaml index b9d368dbe..4e7787b38 100644 --- a/helmcharts/next/crds/checlusters.org.eclipse.che.CustomResourceDefinition.yaml +++ b/helmcharts/next/crds/checlusters.org.eclipse.che.CustomResourceDefinition.yaml @@ -7961,6 +7961,39 @@ spec: type: integer type: object type: object + kubeRbacProxy: + description: Configuration for kube-rbac-proxy within + the Che gateway pod. + properties: + logLevel: + default: 0 + description: The glog log level for the kube-rbac-proxy + container within the gateway pod. Larger values + represent a higher verbosity. The default value + is `0`. + format: int32 + minimum: 0 + type: integer + type: object + traefik: + description: Configuration for Traefik within the Che + gateway pod. + properties: + logLevel: + default: INFO + description: 'The log level for the Traefik container + within the gateway pod: `DEBUG`, `INFO`, `WARN`, + `ERROR`, `FATAL`, or `PANIC`. The default value + is `INFO`' + enum: + - DEBUG + - INFO + - WARN + - ERROR + - FATAL + - PANIC + type: string + type: object type: object identityProviderURL: description: Public URL of the Identity Provider server. diff --git a/pkg/common/constants/constants.go b/pkg/common/constants/constants.go index 382f4c35d..a7b1430ae 100644 --- a/pkg/common/constants/constants.go +++ b/pkg/common/constants/constants.go @@ -20,10 +20,12 @@ const ( DefaultDashboardCpuRequest = "100m" // Gateway - DefaultGatewayMemoryLimit = "256Mi" - DefaultGatewayMemoryRequest = "64Mi" - DefaultGatewayCpuLimit = "500m" - DefaultGatewayCpuRequest = "50m" + DefaultGatewayMemoryLimit = "256Mi" + DefaultGatewayMemoryRequest = "64Mi" + DefaultGatewayCpuLimit = "500m" + DefaultGatewayCpuRequest = "50m" + DefaultTraefikLogLevel = "INFO" + DefaultKubeRbacProxyLogLevel = int32(0) // PluginRegistry DefaultPluginRegistryMemoryLimit = "256Mi" diff --git a/pkg/deploy/gateway/gateway.go b/pkg/deploy/gateway/gateway.go index 0d4ab853b..511c09eda 100644 --- a/pkg/deploy/gateway/gateway.go +++ b/pkg/deploy/gateway/gateway.go @@ -383,6 +383,10 @@ func getGatewayHeaderRewritePluginConfigSpec(instance *chev2.CheCluster) (*corev func getGatewayTraefikConfigSpec(instance *chev2.CheCluster) corev1.ConfigMap { traefikPort := 8081 + logLevel := constants.DefaultTraefikLogLevel + if instance.Spec.Networking.Auth.Gateway.Traefik != nil { + logLevel = utils.GetValue(instance.Spec.Networking.Auth.Gateway.Traefik.LogLevel, logLevel) + } data := fmt.Sprintf(` entrypoints: http: @@ -401,7 +405,7 @@ providers: directory: "/dynamic-config" watch: true log: - level: "INFO"`, traefikPort) + level: "%s"`, traefikPort, logLevel) if instance.IsAccessTokenConfigured() { data += ` diff --git a/pkg/deploy/gateway/gateway_test.go b/pkg/deploy/gateway/gateway_test.go index 7ee143a76..73af482d7 100644 --- a/pkg/deploy/gateway/gateway_test.go +++ b/pkg/deploy/gateway/gateway_test.go @@ -361,3 +361,76 @@ func TestCustomizeGatewayDeploymentSingleImage(t *testing.T) { assert.Equal(t, constants.GatewayAuthorizationContainerName, containers[3].Name) assert.Equal(t, defaults.GetGatewayAuthorizationSidecarImage(checluster), containers[3].Image) } + +func TestTraefikLogLevel(t *testing.T) { + checluster := &chev2.CheCluster{ + Spec: chev2.CheClusterSpec{ + Networking: chev2.CheClusterSpecNetworking{ + Auth: chev2.Auth{ + Gateway: chev2.Gateway{ + Traefik: &chev2.Traefik{ + LogLevel: "DEBUG", + }, + }, + }, + }, + }, + } + configmap := getGatewayTraefikConfigSpec(checluster) + config := configmap.Data["traefik.yml"] + if !strings.Contains(config, "level: \"DEBUG\"") { + t.Error("log.level within traefik config should be \"DEBUG\"", config) + } +} + +func TestTraefikLogLevelDefault(t *testing.T) { + configmap := getGatewayTraefikConfigSpec(&chev2.CheCluster{ + Spec: chev2.CheClusterSpec{}, + }) + config := configmap.Data["traefik.yml"] + if !strings.Contains(config, "level: \"INFO\"") { + t.Error("log.level within traefik config should be \"INFO\"", config) + } +} + +func TestKubeRbacProxyLogLevel(t *testing.T) { + logLevel := int32(10) + checluster := &chev2.CheCluster{ + ObjectMeta: metav1.ObjectMeta{ + Name: "eclipse-che", + Namespace: "eclipse-che", + }, + Spec: chev2.CheClusterSpec{ + Networking: chev2.CheClusterSpecNetworking{ + Auth: chev2.Auth{ + Gateway: chev2.Gateway{ + KubeRbacProxy: &chev2.KubeRbacProxy{ + LogLevel: &logLevel, + }, + }, + }, + }, + }, + } + ctx := test.GetDeployContext(checluster, []runtime.Object{}) + + deployment, err := getGatewayDeploymentSpec(ctx) + assert.NoError(t, err) + + containers := deployment.Spec.Template.Spec.Containers + assert.Equal(t, constants.GatewayAuthorizationContainerName, containers[3].Name) + assert.Equal(t, "--v=10", containers[3].Args[4]) +} + +func TestKubeRbacProxyLogLevelDefault(t *testing.T) { + ctx := test.GetDeployContext(&chev2.CheCluster{ + Spec: chev2.CheClusterSpec{}, + }, []runtime.Object{}) + + deployment, err := getGatewayDeploymentSpec(ctx) + assert.NoError(t, err) + + containers := deployment.Spec.Template.Spec.Containers + assert.Equal(t, constants.GatewayAuthorizationContainerName, containers[3].Name) + assert.Equal(t, "--v=0", containers[3].Args[4]) +} diff --git a/pkg/deploy/gateway/kube_rbac_proxy.go b/pkg/deploy/gateway/kube_rbac_proxy.go index 6fe165777..fe5350409 100644 --- a/pkg/deploy/gateway/kube_rbac_proxy.go +++ b/pkg/deploy/gateway/kube_rbac_proxy.go @@ -13,7 +13,10 @@ package gateway import ( + "strconv" + chev2 "github.com/eclipse-che/che-operator/api/v2" + "github.com/eclipse-che/che-operator/pkg/common/constants" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/deploy" corev1 "k8s.io/api/core/v1" @@ -48,6 +51,11 @@ authorization: } func getKubeRbacProxyContainerSpec(instance *chev2.CheCluster) corev1.Container { + logLevel := constants.DefaultKubeRbacProxyLogLevel + if instance.Spec.Networking.Auth.Gateway.KubeRbacProxy != nil && instance.Spec.Networking.Auth.Gateway.KubeRbacProxy.LogLevel != nil { + logLevel = *instance.Spec.Networking.Auth.Gateway.KubeRbacProxy.LogLevel + } + return corev1.Container{ Name: "kube-rbac-proxy", Image: defaults.GetGatewayAuthorizationSidecarImage(instance), @@ -57,6 +65,7 @@ func getKubeRbacProxyContainerSpec(instance *chev2.CheCluster) corev1.Container "--upstream=http://127.0.0.1:8090/ping", "--logtostderr=true", "--config-file=/etc/kube-rbac-proxy/authorization-config.yaml", + "--v=" + strconv.FormatInt(int64(logLevel), 10), }, VolumeMounts: []corev1.VolumeMount{ {