Merge pull request #103 from Kuadrant/cmd-line-flags

Configure Authorino using command-line flags

Author: guicassolato

README.md

@@ -128,6 +128,7 @@ Each [`Authorino`](https://github.com/Kuadrant/authorino-operator/tree/main/conf
 | listener                 | [Listener](#listener)       | Specification of the authorization service (gRPC interface). | Required |
 | oidcServer               | [OIDCServer](#oidcserver)   | Specification of the OIDC service. | Required |
 | metrics                  | [Metrics](#metrics)         | Configuration of the metrics server (port, level). | Optional |
+| healthz                  | [Healthz](#healthz)         | Configuration of the health/readiness probe (port). | Optional |
 | volumes                  | [VolumesSpec](#volumesspec) | Additional volumes to be mounted in the Authorino pods. | Optional |
 
 #### Listener
@@ -177,6 +178,14 @@ Configuration of the metrics server.
 | port  | Integer | Port number of the metrics server. | Default: `8080` |
 | deep  | Boolean | Enable/disable metrics at the level of each evaluator config (if requested in the [`AuthConfig`](https://github.com/Kuadrant/authorino/blob/main/docs/user-guides/metrics.md)) exported by the metrics server. | Default: `false` |
 
+#### Healthz
+
+Configuration of the health/readiness probe (port).
+
+| Field | Type    | Description | Required/Default |
+|-------|:-------:|-------------|------------------|
+| port  | Integer | Port number of the health/readiness probe. | Default: `8081` |
+
 
 #### VolumesSpec
 

api/v1beta1/authorino_types.go

@@ -28,67 +28,7 @@ type ConditionType string
 
 const (
 	// ConditionReady specifies that the resource is ready
-	ConditionReady         ConditionType = "Ready"
-	AuthorinoContainerName string        = "authorino"
-
-	// Authorino EnvVars
-	EnvWatchNamespace          string = "WATCH_NAMESPACE"
-	EnvAuthConfigLabelSelector string = "AUTH_CONFIG_LABEL_SELECTOR"
-	EnvSecretLabelSelector     string = "SECRET_LABEL_SELECTOR"
-	EnvEvaluatorCacheSize      string = "EVALUATOR_CACHE_SIZE"
-	EnvDeepMetricsEnabled      string = "DEEP_METRICS_ENABLED"
-	EnvLogLevel                string = "LOG_LEVEL"
-	EnvLogMode                 string = "LOG_MODE"
-	EnvExtAuthGRPCPort         string = "EXT_AUTH_GRPC_PORT"
-	EnvExtAuthHTTPPort         string = "EXT_AUTH_HTTP_PORT"
-	EnvTlsCert                 string = "TLS_CERT"
-	EnvTlsCertKey              string = "TLS_CERT_KEY"
-	EnvTimeout                 string = "TIMEOUT"
-	EnvOIDCHTTPPort            string = "OIDC_HTTP_PORT"
-	EnvOidcTlsCertPath         string = "OIDC_TLS_CERT"
-	EnvOidcTlsCertKeyPath      string = "OIDC_TLS_CERT_KEY"
-	EnvMaxHttpRequestBodySize  string = "MAX_HTTP_REQUEST_BODY_SIZE"
-	FlagLeaderElectionEnabled  string = "enable-leader-election"
-	FlagMetricsAddr            string = "metrics-addr"
-
-	// Authorino TLS file paths
-	DefaultTlsCertPath        string = "/etc/ssl/certs/tls.crt"
-	DefaultTlsCertKeyPath     string = "/etc/ssl/private/tls.key"
-	DefaultOidcTlsCertPath    string = "/etc/ssl/certs/oidc.crt"
-	DefaultOidcTlsCertKeyPath string = "/etc/ssl/private/oidc.key"
-
-	// Authorino service ports
-	DefaultAuthGRPCServicePort int32 = 50051
-	DefaultAuthHTTPServicePort int32 = 5001
-	DefaultOIDCServicePort     int32 = 8083
-	DefaultMetricsServicePort  int32 = 8080
-
-	DefaultAuthorinoImage string = "quay.io/kuadrant/authorino:latest"
-
-	// Status reasons
-	AuthorinoProvisioningReason                      = "Provisioning"
-	AuthorinoProvisionedReason                       = "Provisioned"
-	AuthorinoUpdatedReason                           = "Updated"
-	AuthorinoUnableToCreateServices                  = "UnableToCreateServices"
-	AuthorinoUnableToCreateDeployment                = "UnableToCreateDeployment"
-	AuthorinoUnableToCreateLeaderElectionRole        = "UnableToCreateLeaderElectionRole"
-	AuthorinoUnableToCreatePermission                = "UnableToCreatePermission"
-	AuthorinoUnableToCreateServiceAccount            = "UnableToCreateServiceAccount"
-	AuthorinoUnableToCreateBindingForClusterRole     = "UnableToBindingForClusterRole"
-	AuthorinoUnableToCreateLeaderElectionRoleBinding = "UnableToCreateLeaderElectionRoleBinding"
-	AuthorinoClusterRoleNotFound                     = "ClusterRoleNotFound"
-	AuthorinoUnableToGetClusterRole                  = "UnableToGetClusterRole"
-	AuthorinoUnableToGetServices                     = "UnableToGetServices"
-	AuthorinoUnableToGetBindingForClusterRole        = "UnableToGetBindingForClusterRole"
-	AuthorinoUnableToGetServiceAccount               = "UnableToGetServiceAccount"
-	AuthorinoUnableToGetLeaderElectionRole           = "UnableToGetLeaderElectionRole"
-	AuthorinoUnableToGetLeaderElectionRoleBinding    = "UnableToGetLeaderElectionRoleBinding"
-	AuthorinoUnableToGetDeployment                   = "UnableToGetDeployment"
-	AuthorinoUnableToGetTlsSecret                    = "UnableToGetTlsSecret"
-	AuthorinoTlsSecretNotFound                       = "TlsSecretNotFound"
-	AuthorinoTlsSecretNotProvided                    = "TlsSecretNotProvided"
-	AuthorinoUnableToUpdateDeployment                = "UnableToUpdateDeployment"
-	AuthorinoDeploymentNotReady                      = "DeploymentNotReady"
+	ConditionReady ConditionType = "Ready"
 )
 
 type Condition struct {
@@ -133,6 +73,7 @@ type AuthorinoSpec struct {
 	SecretLabelSelectors     string      `json:"secretLabelSelectors,omitempty"`
 	EvaluatorCacheSize       *int        `json:"evaluatorCacheSize,omitempty"`
 	Metrics                  Metrics     `json:"metrics,omitempty"`
+	Healthz                  Healthz     `json:"healthz,omitempty"`
 }
 
 type Listener struct {
@@ -164,6 +105,11 @@ type Metrics struct {
 	DeepMetricsEnabled *bool  `json:"deep,omitempty"`
 }
 
+type Healthz struct {
+	// Port number of the health/readiness probe endpoints.
+	Port *int32 `json:"port,omitempty"`
+}
+
 type Tls struct {
 	Enabled    *bool                         `json:"enabled,omitempty"`
 	CertSecret *k8score.LocalObjectReference `json:"certSecretRef,omitempty"`

api/v1beta1/zz_generated.deepcopy.go

@@ -40,6 +40,13 @@ spec:
                 type: boolean
               evaluatorCacheSize:
                 type: integer
+              healthz:
+                properties:
+                  port:
+                    description: Port number of the health/readiness probe endpoints.
+                    format: int32
+                    type: integer
+                type: object
               image:
                 type: string
               imagePullPolicy:

bundle/manifests/operator.authorino.kuadrant.io_authorinos.yaml

@@ -42,6 +42,13 @@ spec:
                 type: boolean
               evaluatorCacheSize:
                 type: integer
+              healthz:
+                properties:
+                  port:
+                    description: Port number of the health/readiness probe endpoints.
+                    format: int32
+                    type: integer
+                type: object
               image:
                 type: string
               imagePullPolicy:

config/crd/bases/operator.authorino.kuadrant.io_authorinos.yaml

@@ -1947,6 +1947,13 @@ spec:
                 type: boolean
               evaluatorCacheSize:
                 type: integer
+              healthz:
+                properties:
+                  port:
+                    description: Port number of the health/readiness probe endpoints.
+                    format: int32
+                    type: integer
+                type: object
               image:
                 type: string
               imagePullPolicy:

config/deploy/manifests.yaml

@@ -40,6 +40,13 @@ spec:
                 type: boolean
               evaluatorCacheSize:
                 type: integer
+              healthz:
+                properties:
+                  port:
+                    description: Port number of the health/readiness probe endpoints.
+                    format: int32
+                    type: integer
+                type: object
               image:
                 type: string
               imagePullPolicy: