Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Configure Authorino using command-line flags #103

Merged
merged 4 commits into from
Dec 15, 2022
Merged

Configure Authorino using command-line flags #103

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
8fbb05b
refactor: env var constants moved to the controllers package
guicassolato Dec 13, 2022
52d4215
Use authorino command-line flags instead of deprecated environment va…
guicassolato Dec 14, 2022
bafd92b
Extend Authorino API with option to configure the healthz/rediness pr…
guicassolato Dec 14, 2022
49210a1
Backward compatibility for old Authorino versions configurable using …
guicassolato Dec 14, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,7 @@ Each [`Authorino`](https://github.com/Kuadrant/authorino-operator/tree/main/conf
| listener | [Listener](#listener) | Specification of the authorization service (gRPC interface). | Required |
| oidcServer | [OIDCServer](#oidcserver) | Specification of the OIDC service. | Required |
| metrics | [Metrics](#metrics) | Configuration of the metrics server (port, level). | Optional |
| healthz | [Healthz](#healthz) | Configuration of the health/readiness probe (port). | Optional |
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what is the intention behind exposing the health check port to the user?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's related to this issue: Kuadrant/authorino#355

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, I still do not get it after reading that. I will try to be more clear. Why expose the port to the user? what is the value added? The operator can enable healthcheck in authorino and use the default port for it. Maybe the healthcheck port is wanted to be monitored externally?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is for the principle more than anything else. This is a configuration option in the operand. As we don't want users touching the deployment directly, we expose it in the API – in this case, with some type-checking added.

The same is done for other configuration options that arguably might be otherwise more rigid, e.g. the metrics endpoint port number (spec.metrics.port).

If this should be configurable in the operand in the first place, maybe it's a question we should ask in https://github.com/kuadrant/authorino.

| volumes | [VolumesSpec](#volumesspec) | Additional volumes to be mounted in the Authorino pods. | Optional |

#### Listener
Expand Down Expand Up @@ -177,6 +178,14 @@ Configuration of the metrics server.
| port | Integer | Port number of the metrics server. | Default: `8080` |
| deep | Boolean | Enable/disable metrics at the level of each evaluator config (if requested in the [`AuthConfig`](https://github.com/Kuadrant/authorino/blob/main/docs/user-guides/metrics.md)) exported by the metrics server. | Default: `false` |

#### Healthz

Configuration of the health/readiness probe (port).

| Field | Type | Description | Required/Default |
|-------|:-------:|-------------|------------------|
| port | Integer | Port number of the health/readiness probe. | Default: `8081` |


#### VolumesSpec

Expand Down
68 changes: 7 additions & 61 deletions api/v1beta1/authorino_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,67 +28,7 @@ type ConditionType string

const (
// ConditionReady specifies that the resource is ready
ConditionReady ConditionType = "Ready"
AuthorinoContainerName string = "authorino"

// Authorino EnvVars
EnvWatchNamespace string = "WATCH_NAMESPACE"
EnvAuthConfigLabelSelector string = "AUTH_CONFIG_LABEL_SELECTOR"
EnvSecretLabelSelector string = "SECRET_LABEL_SELECTOR"
EnvEvaluatorCacheSize string = "EVALUATOR_CACHE_SIZE"
EnvDeepMetricsEnabled string = "DEEP_METRICS_ENABLED"
EnvLogLevel string = "LOG_LEVEL"
EnvLogMode string = "LOG_MODE"
EnvExtAuthGRPCPort string = "EXT_AUTH_GRPC_PORT"
EnvExtAuthHTTPPort string = "EXT_AUTH_HTTP_PORT"
EnvTlsCert string = "TLS_CERT"
EnvTlsCertKey string = "TLS_CERT_KEY"
EnvTimeout string = "TIMEOUT"
EnvOIDCHTTPPort string = "OIDC_HTTP_PORT"
EnvOidcTlsCertPath string = "OIDC_TLS_CERT"
EnvOidcTlsCertKeyPath string = "OIDC_TLS_CERT_KEY"
EnvMaxHttpRequestBodySize string = "MAX_HTTP_REQUEST_BODY_SIZE"
FlagLeaderElectionEnabled string = "enable-leader-election"
FlagMetricsAddr string = "metrics-addr"

// Authorino TLS file paths
DefaultTlsCertPath string = "/etc/ssl/certs/tls.crt"
DefaultTlsCertKeyPath string = "/etc/ssl/private/tls.key"
DefaultOidcTlsCertPath string = "/etc/ssl/certs/oidc.crt"
DefaultOidcTlsCertKeyPath string = "/etc/ssl/private/oidc.key"

// Authorino service ports
DefaultAuthGRPCServicePort int32 = 50051
DefaultAuthHTTPServicePort int32 = 5001
DefaultOIDCServicePort int32 = 8083
DefaultMetricsServicePort int32 = 8080

DefaultAuthorinoImage string = "quay.io/kuadrant/authorino:latest"

// Status reasons
AuthorinoProvisioningReason = "Provisioning"
AuthorinoProvisionedReason = "Provisioned"
AuthorinoUpdatedReason = "Updated"
AuthorinoUnableToCreateServices = "UnableToCreateServices"
AuthorinoUnableToCreateDeployment = "UnableToCreateDeployment"
AuthorinoUnableToCreateLeaderElectionRole = "UnableToCreateLeaderElectionRole"
AuthorinoUnableToCreatePermission = "UnableToCreatePermission"
AuthorinoUnableToCreateServiceAccount = "UnableToCreateServiceAccount"
AuthorinoUnableToCreateBindingForClusterRole = "UnableToBindingForClusterRole"
AuthorinoUnableToCreateLeaderElectionRoleBinding = "UnableToCreateLeaderElectionRoleBinding"
AuthorinoClusterRoleNotFound = "ClusterRoleNotFound"
AuthorinoUnableToGetClusterRole = "UnableToGetClusterRole"
AuthorinoUnableToGetServices = "UnableToGetServices"
AuthorinoUnableToGetBindingForClusterRole = "UnableToGetBindingForClusterRole"
AuthorinoUnableToGetServiceAccount = "UnableToGetServiceAccount"
AuthorinoUnableToGetLeaderElectionRole = "UnableToGetLeaderElectionRole"
AuthorinoUnableToGetLeaderElectionRoleBinding = "UnableToGetLeaderElectionRoleBinding"
AuthorinoUnableToGetDeployment = "UnableToGetDeployment"
AuthorinoUnableToGetTlsSecret = "UnableToGetTlsSecret"
AuthorinoTlsSecretNotFound = "TlsSecretNotFound"
AuthorinoTlsSecretNotProvided = "TlsSecretNotProvided"
AuthorinoUnableToUpdateDeployment = "UnableToUpdateDeployment"
AuthorinoDeploymentNotReady = "DeploymentNotReady"
ConditionReady ConditionType = "Ready"
)

type Condition struct {
Expand Down Expand Up @@ -133,6 +73,7 @@ type AuthorinoSpec struct {
SecretLabelSelectors string `json:"secretLabelSelectors,omitempty"`
EvaluatorCacheSize *int `json:"evaluatorCacheSize,omitempty"`
Metrics Metrics `json:"metrics,omitempty"`
Healthz Healthz `json:"healthz,omitempty"`
}

type Listener struct {
Expand Down Expand Up @@ -164,6 +105,11 @@ type Metrics struct {
DeepMetricsEnabled *bool `json:"deep,omitempty"`
}

type Healthz struct {
// Port number of the health/readiness probe endpoints.
Port *int32 `json:"port,omitempty"`
}

type Tls struct {
Enabled *bool `json:"enabled,omitempty"`
CertSecret *k8score.LocalObjectReference `json:"certSecretRef,omitempty"`
Expand Down
21 changes: 21 additions & 0 deletions api/v1beta1/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 7 additions & 0 deletions bundle/manifests/operator.authorino.kuadrant.io_authorinos.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,13 @@ spec:
type: boolean
evaluatorCacheSize:
type: integer
healthz:
properties:
port:
description: Port number of the health/readiness probe endpoints.
format: int32
type: integer
type: object
image:
type: string
imagePullPolicy:
Expand Down
7 changes: 7 additions & 0 deletions config/crd/bases/operator.authorino.kuadrant.io_authorinos.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,13 @@ spec:
type: boolean
evaluatorCacheSize:
type: integer
healthz:
properties:
port:
description: Port number of the health/readiness probe endpoints.
format: int32
type: integer
type: object
image:
type: string
imagePullPolicy:
Expand Down
7 changes: 7 additions & 0 deletions config/deploy/manifests.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1947,6 +1947,13 @@ spec:
type: boolean
evaluatorCacheSize:
type: integer
healthz:
properties:
port:
description: Port number of the health/readiness probe endpoints.
format: int32
type: integer
type: object
image:
type: string
imagePullPolicy:
Expand Down
7 changes: 7 additions & 0 deletions config/install/manifests.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,13 @@ spec:
type: boolean
evaluatorCacheSize:
type: integer
healthz:
properties:
port:
description: Port number of the health/readiness probe endpoints.
format: int32
type: integer
type: object
image:
type: string
imagePullPolicy:
Expand Down
Loading