Adds actuator Service for each integration route (#28)

* Adds actuator Service for each integration route

Author: figliold

minimal-app/pom.xml

@@ -11,7 +11,7 @@
 
     <groupId>com.octo.keip</groupId>
     <artifactId>minimal-app</artifactId>
-    <version>0.0.3</version>
+    <version>0.0.4</version>
 
     <properties>
         <docker.registry>ghcr.io/octoconsulting</docker.registry>
@@ -59,6 +59,10 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-actuator</artifactId>
         </dependency>
+        <dependency>
+            <groupId>io.micrometer</groupId>
+            <artifactId>micrometer-registry-prometheus</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.springframework.cloud</groupId>
             <artifactId>spring-cloud-starter-kubernetes-client-config</artifactId>

operator/Makefile

@@ -1,4 +1,4 @@
-VERSION ?= 0.5.0
+VERSION ?= 0.6.0
 GIT_TAG := operator_v$(VERSION)
 KEIP_INTEGRATION_IMAGE ?= ghcr.io/octoconsulting/keip/minimal-app:latest
 

operator/controller/integrationroute-controller.yaml

@@ -22,6 +22,14 @@ spec:
           conditions:
             - type: Ready
               status: "True"
+    - apiVersion: v1
+      resource: services
+      updateStrategy:
+        method: RollingRecreate
+        statusChecks:
+          conditions:
+            - type: Ready
+              status: "True"
   hooks:
     sync:
       webhook:
@@ -50,7 +58,7 @@ spec:
     spec:
       containers:
         - name: webhook
-          image: ghcr.io/octoconsulting/keip/route-webhook:0.9.0
+          image: ghcr.io/octoconsulting/keip/route-webhook:0.10.0
           ports:
             - containerPort: 7080
               name: webhook-http

operator/webhook/Makefile

@@ -1,4 +1,4 @@
-VERSION ?= 0.9.0
+VERSION ?= 0.10.0
 HOST_PORT ?= 7080
 GIT_TAG := webhook_v$(VERSION)
 

operator/webhook/introute/sync.py

@@ -13,6 +13,29 @@
 
 KEYSTORE_PATH = "/etc/keystore"
 
+HTTPS_PORT = 8443
+
+HTTP_PORT = 8080
+
+ACTUATOR_CONFIG_BLOCK = {
+  "management": {
+    "endpoint": {
+      "health": {
+        "enabled": True
+      },
+      "prometheus": {
+        "enabled": True
+      }
+    },
+    "endpoints": {
+      "web": {
+        "exposure": {
+          "include": "health,prometheus"
+        }
+      }
+    }
+  }
+}
 
 class VolumeConfig:
     """
@@ -29,6 +52,7 @@ class VolumeConfig:
         - replicas
         - persistentVolumeClaims
         - tls
+        - services
     """
 
     _route_vol_name = "integration-route-config"
@@ -195,10 +219,9 @@ def _get_server_ssl_config(parent) -> Optional[Mapping]:
             "key-store": str(PurePosixPath(KEYSTORE_PATH, keystore["key"])),
             "key-store-type": keystore["type"].upper(),
         },
-        "port": 8443,
+        "port": HTTPS_PORT,
     }
 
-
 def _service_name_env_var(parent) -> Mapping[str, str]:
     return {"name": "SERVICE_NAME", "value": parent["metadata"]["name"]}
 
@@ -218,6 +241,8 @@ def _spring_app_config_env_var(parent) -> Optional[Mapping]:
         app_config["spring"]["config.import"] = "kubernetes:"
         app_config["spring"]["cloud"] = cloud_config
 
+    app_config.update(ACTUATOR_CONFIG_BLOCK)
+
     return {
         "name": "SPRING_APPLICATION_JSON",
         "value": json.dumps(app_config),
@@ -279,10 +304,10 @@ def _create_pod_template(parent, labels, integration_image) -> Mapping[str,  Any
 
     vol_config = VolumeConfig(parent["spec"])
 
-    has_tls = "tls" in parent["spec"] and "keystore" in parent["spec"]["tls"]
+    has_tls = _has_tls(parent)
 
-    scheme = "HTTPS" if has_tls else "HTTP"
-    management_port = 8443 if has_tls else 8080
+    scheme = _get_scheme(has_tls).upper()
+    management_port = _get_management_port(has_tls)
 
     pod_template = {
         "metadata": {"labels": labels},
@@ -388,9 +413,51 @@ def _new_deployment(parent):
 
     return deployment
 
+def _new_actuator_service(parent):
+    parent_metadata = parent["metadata"]
+
+    has_tls = _has_tls(parent)
+    scheme = _get_scheme(has_tls)
+    management_port = _get_management_port(has_tls)
+
+    service = {
+        "apiVersion": "v1",
+        "kind": "Service",
+        "metadata": {
+            "labels": {
+                "integration-route": parent_metadata["name"],
+                "prometheus-metrics-enabled": "true"
+            },
+            "name": f'{parent_metadata["name"]}-actuator'
+        },
+        "spec": {
+            "ports": [
+                {
+                    "name": scheme,
+                    "port": management_port,
+                    "protocol": "TCP",
+                    "targetPort": management_port
+                }
+            ],
+            "selector": {
+                "app.kubernetes.io/instance": f'integrationroute-{parent_metadata["name"]}'
+            }
+        }
+    }
+
+    return service
+
+def _has_tls(parent) -> bool:
+    return "tls" in parent["spec"] and "keystore" in parent["spec"]["tls"]
+
+def _get_scheme(has_tls) -> str:
+    return "https" if has_tls else "http"
+
+def _get_management_port(has_tls) -> int:
+    return HTTPS_PORT if has_tls else HTTP_PORT
 
 def _gen_children(parent) -> List[Mapping]:
-    return [_new_deployment(parent)]
+    return [_new_deployment(parent), _new_actuator_service(parent)]
 
 
 def sync(parent) -> Mapping:

operator/webhook/test/json/full-response.json

@@ -106,7 +106,7 @@
                 "env": [
                   {
                     "name": "SPRING_APPLICATION_JSON",
-                    "value": "{\"spring\": {\"application\": {\"name\": \"testroute\"}, \"config.import\": \"kubernetes:\", \"cloud\": {\"kubernetes\": {\"config\": {\"fail-fast\": true, \"namespace\": \"testspace\", \"sources\": [{\"name\": \"testroute-props\"}, {\"labels\": {\"group\": \"ir-common\"}}]}, \"secrets\": {\"paths\": \"/etc/secrets\"}}}}, \"server\": {\"ssl\": {\"key-alias\": \"certificate\", \"key-store\": \"/etc/keystore/test-keystore.jks\", \"key-store-type\": \"JKS\"}, \"port\": 8443}}"
+                    "value": "{\"spring\": {\"application\": {\"name\": \"testroute\"}, \"config.import\": \"kubernetes:\", \"cloud\": {\"kubernetes\": {\"config\": {\"fail-fast\": true, \"namespace\": \"testspace\", \"sources\": [{\"name\": \"testroute-props\"}, {\"labels\": {\"group\": \"ir-common\"}}]}, \"secrets\": {\"paths\": \"/etc/secrets\"}}}}, \"server\": {\"ssl\": {\"key-alias\": \"certificate\", \"key-store\": \"/etc/keystore/test-keystore.jks\", \"key-store-type\": \"JKS\"}, \"port\": 8443}, \"management\": {\"endpoint\": {\"health\": {\"enabled\": true}, \"prometheus\": {\"enabled\": true}}, \"endpoints\": {\"web\": {\"exposure\": {\"include\": \"health,prometheus\"}}}}}"
                   },
                   {
                     "name": "JDK_JAVA_OPTIONS",
@@ -216,6 +216,30 @@
           }
         }
       }
+    },
+    {
+      "apiVersion": "v1",
+      "kind": "Service",
+      "metadata": {
+        "labels": {
+          "integration-route": "testroute",
+          "prometheus-metrics-enabled": "true"
+        },
+        "name": "testroute-actuator"
+      },
+      "spec": {
+        "ports": [
+          {
+            "name": "https",
+            "port": 8443,
+            "protocol": "TCP",
+            "targetPort": 8443
+          }
+        ],
+        "selector": {
+          "app.kubernetes.io/instance": "integrationroute-testroute"
+        }
+      }
     }
   ]
 }

operator/webhook/test/test_sync.py

@@ -69,25 +69,44 @@ def test_spring_app_config_json_missing_props_and_secret_sources(full_route):
     del full_route["spec"]["secretSources"]
 
     spring_conf = _spring_app_config_env_var(full_route)
-    json_props = json.loads(spring_conf["value"])
+    actual_json = spring_conf["value"]
 
     assert spring_conf["name"] == "SPRING_APPLICATION_JSON"
 
-    expected_json = {
-        "spring": {"application": {"name": "testroute"}},
+    expected_json = json.dumps({
+        "spring": {
+            "application": {
+                "name": "testroute"
+            }
+        },
         "server": {
             "ssl": {
                 "key-alias": "certificate",
-                "key-store": str(
-                    PurePosixPath("/", "etc", "keystore", "test-keystore.jks")
-                ),
-                "key-store-type": "JKS",
+                "key-store": "/etc/keystore/test-keystore.jks",
+                "key-store-type": "JKS"
             },
-            "port": 8443,
+            "port": 8443
         },
-    }
-
-    assert json_props == expected_json
+        "management": {
+            "endpoint": {
+                "health": {
+                    "enabled": True
+                },
+                "prometheus": {
+                    "enabled": True
+                }
+            },
+            "endpoints": {
+                "web": {
+                    "exposure": {
+                        "include": "health,prometheus"
+                    }
+                }
+            }
+        }
+    })
+
+    assert actual_json == expected_json
 
 
 def test_pod_template_no_annotations(full_route):