Skip to content

Commit

Permalink
Merge pull request #3651 from telepresenceio/jrozek/argo-rollouts
Browse files Browse the repository at this point in the history 
Support Argo Rollout workloads
  • Loading branch information
@thallgren
thallgren authored Aug 6, 2024
2 parents 6803672 + f06ce66 commit ed78fd2
Show file tree
Hide file tree
Showing 56 changed files with 1,301 additions and 631 deletions.
7 changes: 5 additions & 2 deletions .github/CONTRIBUTING.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ If you run these tests on a Mac, localhost won't work. Please use the docker hub
export DTEST_REGISTRY=host.docker.internal:5000
```

You must also set this in your docker engine settings:
You must also set this in your docker engine settings:

```json
{
Expand Down Expand Up @@ -142,7 +142,7 @@ shortens the time for the test with about 20 seconds.
(`~/Library/Application Support/telepresence/config.yml` on macOS)
file you set `images.registry` to match the `TELEPRESENCE_REGISTRY`
environment variable. See
https://www.getambassador.io/docs/telepresence/latest/reference/config/
https://www.getambassador.io/docs/telepresence/latest/reference/config/
for more information.

- `TELEPRESENCE_VERSION` is is the "vSEMVER" string used by the
Expand All @@ -161,6 +161,9 @@ shortens the time for the test with about 20 seconds.
- You will need to have [mockgen](https://github.com/golang/mock) installed
to generate new or updated testing mocks for interfaces.

- You will need to have [argo-rollouts](https://github.com/argoproj/argo-rollouts) (including kubectl-argo-rollouts) installed
if you interact with functionality that relies on it.

## Blocking Ambassador telemetry
Telemetry to Ambassador Labs can be disabled by having your os resolve the `metriton.datawire.io` to `127.0.0.1`.

Expand Down
24 changes: 24 additions & 0 deletions .github/actions/install-dependencies/action.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,22 @@ runs:
if [[ ${RUNNER_ARCH} == "ARM64" ]]; then
sudo apt-get install -y gcc-aarch64-linux-gnu binutils-aarch64-linux-gnu
curl -L https://github.com/argoproj/argo-rollouts/releases/download/v1.7.1/kubectl-argo-rollouts-linux-arm64 -o kubectl-argo-rollouts
echo "ec6835b12d22d84ee511b3531448c57b3dea371dca694865f53d8d7d46b6a7ed kubectl-argo-rollouts" | sha256sum --quiet -c -
ret=$?
else
curl -L https://github.com/argoproj/argo-rollouts/releases/download/v1.7.1/kubectl-argo-rollouts-linux-amd64 -o kubectl-argo-rollouts
echo "b42859a4ead2b02dc1a53a101490f60adc9915b602e033ddc49e78e74a20895b kubectl-argo-rollouts" | sha256sum --quiet -c -
ret=$?
fi
if [ $ret -ne 0 ]; then
echo "Checksum failed"
exit 1
fi
sudo mv kubectl-argo-rollouts /usr/local/bin/kubectl-argo-rollouts
sudo chmod +x /usr/local/bin/kubectl-argo-rollouts
- if: runner.os == 'macOS'
name: install macOS dependencies
shell: bash
Expand All @@ -42,6 +57,8 @@ runs:
brew install gromgit/fuse/sshfs-mac
brew link --overwrite sshfs-mac
brew install argoproj/tap/kubectl-argo-rollouts
if [[ ${RUNNER_ARCH} == "ARM64" ]]; then
brew install jq
fi
Expand Down Expand Up @@ -85,3 +102,10 @@ runs:
Start-Process msiexec -Wait -verb runAs -Args "/i build-output\\sshfs-win.msi /passive /qn /L*V sshfs-win-install.log"
[Environment]::SetEnvironmentVariable("Path", "C:\\;C:\\Program Files\\SSHFS-Win\\bin;$ENV:Path", "Machine")
- if: runner.os == 'Windows'
name: Install Argo Rollouts Kubectl Plugin
shell: powershell
run: |
New-Item -Path "$HOME\kubectl-plugins" -ItemType Directory -Force
Invoke-WebRequest -Uri "https://github.com/argoproj/argo-rollouts/releases/download/v1.7.1/kubectl-argo-rollouts-windows-amd64" -OutFile "$HOME\kubectl-plugins\kubectl-argo-rollouts.exe"
[Environment]::SetEnvironmentVariable("Path", $ENV:Path + ";$HOME\kubectl-plugins", "Machine")
7 changes: 6 additions & 1 deletion .github/workflows/dev.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,11 @@ jobs:
uses: actions/download-artifact@v3
with:
name: image
- name: Install Argo Rollouts
shell: bash
run: |
kubectl create namespace argo-rollouts
kubectl apply -n argo-rollouts -f https://github.com/argoproj/argo-rollouts/releases/latest/download/install.yaml
- name: Upload docker image to cluster
shell: bash
run: |
Expand All @@ -118,7 +123,7 @@ jobs:
command: |
set -ex
if [[ ${RUNNER_OS} == "Windows" ]]; then
export PATH="$PATH:/C/Program Files/SSHFS-Win/bin"
export PATH="$PATH:/C/Program Files/SSHFS-Win/bin:$HOME/kubectl-plugins"
fi
make check-integration
- uses: ./.github/actions/upload-logs
Expand Down
16 changes: 13 additions & 3 deletions CHANGELOG.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,12 +30,22 @@ docDescription: >-
environments, access to instantaneous feedback loops, and highly
customizable development environments.
items:
- version: 2.20.0
date: (TBD)
notes:
- type: feature
title: Add support for Argo Rollout workloads.
body: >-
Telepresence now has an opt-in support for Argo Rollout workloads.
The behavior is controlled by `workloads.argoRollouts.enabled` Helm chart value.
It is recommended to set the following annotation <code>telepresence.getambassador.io/inject-traffic-agent: enabled</code>
to avoid creation of unwanted revisions.
- version: 2.19.1
date: (TBD)
notes:
- title: Add brew support for the OSS version of Telepresence.
body: >-
The Open-Source Software version of Telepresence can now be installed using the brew formula
The Open-Source Software version of Telepresence can now be installed using the brew formula
via <code>brew install datawire/blackbird/telepresence-oss</code>.
docs: https://github.com/telepresenceio/telepresence/issues/3609
- type: feature
Expand Down Expand Up @@ -98,8 +108,8 @@ items:
- type: feature
title: Add scheduler name to PODs templates.
body: >-
A new Helm chart value <code>schedulerName</code> has been added. With this feature, we are
able to define some particular schedulers from Kubernetes to apply some different strategies to allocate telepresence resources,
A new Helm chart value <code>schedulerName</code> has been added. With this feature, we are
able to define some particular schedulers from Kubernetes to apply some different strategies to allocate telepresence resources,
including the Traffic Manager and hooks pods.
- type: bugfix
title: Improve traffic-manager performance in very large clusters.
Expand Down
15 changes: 8 additions & 7 deletions DEPENDENCIES.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,13 @@ following Free and Open Source software:
github.com/containerd/platforms v0.2.1 Apache License 2.0
github.com/coreos/go-iptables v0.7.0 Apache License 2.0
github.com/cyphar/filepath-securejoin v0.2.5 3-clause BSD license
github.com/datawire/argo-rollouts-go-client v0.0.0-20240718122954-a05067ae59b1 Apache License 2.0
github.com/datawire/dlib v1.3.1 Apache License 2.0
github.com/datawire/dtest v0.0.0-20210928162311-722b199c4c2f Apache License 2.0
github.com/datawire/envconfig v0.0.0-20221012222025-09524dc7d59b Apache License 2.0
github.com/datawire/go-ftpserver v0.1.3 Apache License 2.0
github.com/datawire/go-fuseftp/rpc v0.4.4 Apache License 2.0
github.com/datawire/k8sapi v0.1.4 Apache License 2.0
github.com/datawire/k8sapi v0.1.5 Apache License 2.0
github.com/datawire/metriton-go-client v0.1.1 Apache License 2.0
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc ISC license
github.com/distribution/reference v0.6.0 Apache License 2.0
Expand Down Expand Up @@ -159,8 +160,8 @@ following Free and Open Source software:
golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 MIT license
golang.zx2c4.com/wireguard v0.0.0-20231211153847-12269c276173 MIT license
golang.zx2c4.com/wireguard/windows v0.5.3 MIT license
google.golang.org/genproto/googleapis/api v0.0.0-20240709173604-40e1e62336c5 Apache License 2.0
google.golang.org/genproto/googleapis/rpc v0.0.0-20240709173604-40e1e62336c5 Apache License 2.0
google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d Apache License 2.0
google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d Apache License 2.0
google.golang.org/grpc v1.65.0 Apache License 2.0
google.golang.org/protobuf v1.34.2 3-clause BSD license
gopkg.in/evanphx/json-patch.v4 v4.12.0 3-clause BSD license
Expand All @@ -169,17 +170,17 @@ following Free and Open Source software:
gopkg.in/yaml.v3 v3.0.1 Apache License 2.0, MIT license
gvisor.dev/gvisor v0.0.0-20240710011037-3ab46047a811 Apache License 2.0, MIT license
helm.sh/helm/v3 v3.15.2 Apache License 2.0
k8s.io/api v0.30.2 Apache License 2.0
k8s.io/api v0.30.3 Apache License 2.0
k8s.io/apiextensions-apiserver v0.30.2 Apache License 2.0
k8s.io/apimachinery v0.30.2 3-clause BSD license, Apache License 2.0
k8s.io/apimachinery v0.30.3 3-clause BSD license, Apache License 2.0
k8s.io/apiserver v0.30.2 Apache License 2.0
k8s.io/cli-runtime v0.30.2 Apache License 2.0
k8s.io/client-go v0.30.2 3-clause BSD license, Apache License 2.0
k8s.io/client-go v0.30.3 3-clause BSD license, Apache License 2.0
k8s.io/component-base v0.30.2 Apache License 2.0
k8s.io/klog/v2 v2.130.1 Apache License 2.0
k8s.io/kube-openapi v0.0.0-20240709000822-3c01b740850f 3-clause BSD license, Apache License 2.0
k8s.io/kubectl v0.30.2 Apache License 2.0
k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 3-clause BSD license, Apache License 2.0
k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 3-clause BSD license, Apache License 2.0
oras.land/oras-go v1.2.5 Apache License 2.0
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd 3-clause BSD license, Apache License 2.0
sigs.k8s.io/kustomize/api v0.17.2 Apache License 2.0
Expand Down
1 change: 1 addition & 0 deletions charts/telepresence/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,7 @@ The following tables lists the configurable parameters of the Telepresence chart
| client.routing.allowConflictingSubnets | Allow the specified subnets to be routed even if they conflict with other routes on the local machine. | `[]` |
| client.dns.excludeSuffixes | Suffixes for which the client DNS resolver will always fail (or fallback in case of the overriding resolver) | `[".com", ".io", ".net", ".org", ".ru"]` |
| client.dns.includeSuffixes | Suffixes for which the client DNS resolver will always attempt to do a lookup. Includes have higher priority than excludes. | `[]` |
| workloads.argoRollouts.enabled | Enable/Disable the argo-rollouts integration. | `false` |

### RBAC

Expand Down
5 changes: 5 additions & 0 deletions charts/telepresence/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,11 @@ RBAC rules required to create an intercept in a namespace; excludes any rules th
- apiGroups: ["apps"]
resources: ["deployments", "replicasets", "statefulsets"]
verbs: ["get", "watch", "list"]
{{- if .Values.workloads.argoRollouts.enabled }}
- apiGroups: ["argoproj.io"]
resources: ["rollouts"]
verbs: ["get", "watch", "list"]
{{- end }}
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["telepresence-agents"]
Expand Down
4 changes: 4 additions & 0 deletions charts/telepresence/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,10 @@ spec:
value: {{ .grpc.maxReceiveSize }}
{{- end }}
{{- end }}
{{- if .workloads.argoRollouts }}
- name: ARGO_ROLLOUTS_ENABLED
value: {{ .workloads.argoRollouts.enabled | quote }}
{{- end }}
{{- if .agentInjector.enabled }}
{{- /*
Traffic agent injector configuration
Expand Down
13 changes: 13 additions & 0 deletions charts/telepresence/templates/trafficManagerRbac/cluster-scope.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,19 @@ rules:
{{- if .Values.agentInjector.enabled }}
- patch
{{- end }}
{{- if .Values.workloads.argoRollouts.enabled }}
- apiGroups:
- "argoproj.io"
resources:
- rollouts
verbs:
- get
- list
- watch
{{- if .Values.agentInjector.enabled }}
- patch
{{- end }}
{{- end }}
- apiGroups:
- "events.k8s.io"
resources:
Expand Down
14 changes: 14 additions & 0 deletions charts/telepresence/templates/trafficManagerRbac/namespace-scope.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ require less permissions in clientRbac.yaml
{{- end }}

{{- $interceptEnabled := .Values.agentInjector.enabled }}
{{- $argoRolloutsEnabled := .Values.workloads.argoRollouts.enabled }}

{{- range .Values.managerRbac.namespaces }}
---
Expand Down Expand Up @@ -80,6 +81,19 @@ rules:
{{- if $interceptEnabled }}
- patch
{{- end }}
{{- if $argoRolloutsEnabled }}
- apiGroups:
- "argoproj.io"
resources:
- rollouts
verbs:
- get
- list
- watch
{{- if $interceptEnabled }}
- patch
{{- end }}
{{- end }}
- apiGroups:
- "events.k8s.io"
resources:
Expand Down
5 changes: 5 additions & 0 deletions charts/telepresence/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -346,3 +346,8 @@ client:

# Tell client's DNS resolver to always send names with these suffixes to the cluster side resolver
includeSuffixes: []

# Controls which workload kinds are recognized by Telepresence
workloads:
argoRollouts:
enabled: false
4 changes: 2 additions & 2 deletions cmd/traffic/cmd/manager/cluster/podwatcher.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ func newPodWatcher(ctx context.Context, nss []string) *podWatcher {

w.timer = time.AfterFunc(time.Duration(math.MaxInt64), sendIfChanged)
for _, ns := range nss {
inf := informer.GetFactory(ctx, ns).Core().V1().Pods().Informer()
inf := informer.GetK8sFactory(ctx, ns).Core().V1().Pods().Informer()
_, err := inf.AddEventHandler(cache.ResourceEventHandlerFuncs{
AddFunc: func(obj any) {
if pod, ok := obj.(*corev1.Pod); ok {
Expand Down Expand Up @@ -121,7 +121,7 @@ func (w *podWatcher) viable(ctx context.Context) bool {
var pods []*corev1.Pod
var err error
for _, ns := range w.namespaces {
lister := informer.GetFactory(ctx, ns).Core().V1().Pods().Lister()
lister := informer.GetK8sFactory(ctx, ns).Core().V1().Pods().Lister()
if ns != "" {
pods, err = lister.Pods(ns).List(labels.Everything())
} else {
Expand Down
9 changes: 7 additions & 2 deletions cmd/traffic/cmd/manager/manager.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ import (
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"

argorollouts "github.com/datawire/argo-rollouts-go-client/pkg/client/clientset/versioned"
"github.com/datawire/dlib/dhttp"
"github.com/datawire/dlib/dlog"
"github.com/datawire/k8sapi/pkg/k8sapi"
Expand Down Expand Up @@ -92,7 +93,11 @@ func MainWithEnv(ctx context.Context) (err error) {
if err != nil {
return fmt.Errorf("unable to create the Kubernetes Interface from InClusterConfig: %w", err)
}
ctx = k8sapi.WithK8sInterface(ctx, ki)
ari, err := argorollouts.NewForConfig(cfg)
if err != nil {
return fmt.Errorf("unable to create the Argo Rollouts Interface from InClusterConfig: %w", err)
}
ctx = k8sapi.WithJoinedClientSetInterface(ctx, ki, ari)

// Ensure that the manager has access to shard informer factories for all relevant namespaces.
//
Expand Down Expand Up @@ -125,7 +130,7 @@ func MainWithEnv(ctx context.Context) (err error) {
ctx = mutator.WithMap(ctx, mutator.Load(ctx))

if mgrFactory {
f := informer.GetFactory(ctx, env.ManagerNamespace)
f := informer.GetK8sFactory(ctx, env.ManagerNamespace)
f.Start(ctx.Done())
f.WaitForCacheSync(ctx.Done())
}
Expand Down
9 changes: 9 additions & 0 deletions cmd/traffic/cmd/manager/managerutil/argorollouts.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
package managerutil

import (
"context"
)

func ArgoRolloutsEnabled(ctx context.Context) bool {
return GetEnv(ctx).ArgoRolloutsEnabled
}
10 changes: 10 additions & 0 deletions cmd/traffic/cmd/manager/managerutil/envconfig.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,8 @@ type Env struct {
ClientDnsExcludeSuffixes []string `env:"CLIENT_DNS_EXCLUDE_SUFFIXES, parser=split-trim"`
ClientDnsIncludeSuffixes []string `env:"CLIENT_DNS_INCLUDE_SUFFIXES, parser=split-trim, default="`
ClientConnectionTTL time.Duration `env:"CLIENT_CONNECTION_TTL, parser=time.ParseDuration"`

ArgoRolloutsEnabled bool `env:"ARGO_ROLLOUTS_ENABLED, parser=bool, default=false"`
}

func (e *Env) GeneratorConfig(qualifiedAgentImage string) (agentmap.GeneratorConfig, error) {
Expand Down Expand Up @@ -228,6 +230,14 @@ func fieldTypeHandlers() map[reflect.Type]envconfig.FieldTypeHandler {
},
Setter: func(dst reflect.Value, src interface{}) { dst.Set(reflect.ValueOf(src.(*core.SecurityContext))) },
}
fhs[reflect.TypeOf(true)] = envconfig.FieldTypeHandler{
Parsers: map[string]func(string) (any, error){
"bool": func(str string) (any, error) {
return strconv.ParseBool(str)
},
},
Setter: func(dst reflect.Value, src interface{}) { dst.SetBool(src.(bool)) },
}
return fhs
}

Expand Down
4 changes: 3 additions & 1 deletion cmd/traffic/cmd/manager/managerutil/envconfig_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,10 +65,12 @@ func TestEnvconfig(t *testing.T) {
},
"simple": {
Input: map[string]string{
"AGENT_REGISTRY": "docker.io/datawire",
"AGENT_REGISTRY": "docker.io/datawire",
"ARGO_ROLLOUTS_ENABLED": "true",
},
Output: func(e *managerutil.Env) {
e.AgentRegistry = "docker.io/datawire"
e.ArgoRolloutsEnabled = true
},
},
"complex": {
Expand Down
Loading

0 comments on commit ed78fd2

Please sign in to comment.