Introduce prober deployment

troydai · troydai · commit 1eeccbbac667 · 2023-04-11T22:02:34.000-10:00
diff --git a/charts/grpcbeacon-prober/Chart.yaml b/charts/grpcbeacon-prober/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.1.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
diff --git a/charts/grpcbeacon-prober/templates/config-map.yaml b/charts/grpcbeacon-prober/templates/config-map.yaml
@@ -0,0 +1,104 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: prober-config
+  namespace: {{ .Release.Name }}
+  labels:
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+  beacon_addr: "localhost:7000"
+  prober_interval: "10s"
+  envoy-config: |
+    node:
+      id: default
+      cluster: kind-cluster
+
+    static_resources:
+      listeners:
+      - name: listener_0
+        address:
+          socket_address:
+            address: 0.0.0.0
+            port_value: 7000
+        filter_chains:
+        - filters:
+          - name: envoy.filters.network.http_connection_manager
+            typed_config:
+              "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+              stat_prefix: ingress_http
+              access_log:
+              - name: envoy.access_loggers.stdout
+                typed_config:
+                  "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog
+              http_filters:
+              - name: envoy.filters.http.router
+                typed_config:
+                  "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+              route_config:
+                name: beacon-service
+                virtual_hosts:
+                - name: beacon-service
+                  domains: ["*"]
+                  routes:
+                  - match:
+                      prefix: "/grpcbeacon.Beacon"
+                      grpc: {}
+                    route:
+                      cluster: beacon-service
+      clusters:
+      - name: beacon-service
+        type: STRICT_DNS
+        dns_lookup_family: V4_ONLY
+        http2_protocol_options: {}
+        load_assignment:
+          cluster_name: beacon-service
+          endpoints:
+          - lb_endpoints:
+            - endpoint:
+                address:
+                  socket_address:
+                    address: {{ .Values.beaconAddr }}
+                    port_value: {{ .Values.beaconPort }}
+        transport_socket:
+          name: envoy.transport_sockets.tls
+          typed_config:
+            "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
+            common_tls_context:
+              tls_certificate_sds_secret_configs:
+                - name: "spiffe://spire-in-a-box.troydai.cc/wl/ns/{{.Release.Name}}/prober"
+                  sds_config:
+                    api_config_source:
+                      api_type: GRPC
+                      transport_api_version: V3
+                      grpc_services:
+                        envoy_grpc:
+                          cluster_name: spire_agent
+              combined_validation_context:
+                default_validation_context:
+                  match_subject_alt_names:
+                    exact: "spiffe://spire-in-a-box.troydai.cc/wl/beacon"
+                validation_context_sds_secret_config:
+                  name: "spiffe://spire-in-a-box.troydai.cc"
+                  sds_config:
+                    api_config_source:
+                      api_type: GRPC
+                      transport_api_version: V3
+                      grpc_services:
+                        envoy_grpc:
+                          cluster_name: spire_agent
+              tls_params:
+                ecdh_curves:
+                  - X25519:P-256:P-521:P-384
+      - name: spire_agent
+        connect_timeout: 0.25s
+        http2_protocol_options: {}
+        load_assignment:
+          cluster_name: spire_agent
+          endpoints:
+            - lb_endpoints:
+                - endpoint:
+                    address:
+                      pipe:
+                        path: /opt/spire/sockets/spire-agent.sock
diff --git a/charts/grpcbeacon-prober/templates/deployment.yaml b/charts/grpcbeacon-prober/templates/deployment.yaml
@@ -0,0 +1,59 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: prober-deployment
+  namespace: {{ .Release.Name }}
+  labels:
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: prober
+  template:
+    metadata:
+      labels:
+        app: prober
+    spec:
+      serviceAccountName: prober-sa
+      containers:
+      - name: envoy
+        image: envoyproxy/envoy:v1.25.1
+        volumeMounts:
+        - name: envoy-config
+          mountPath: /etc/envoy
+          readOnly: true
+        - name: spiffe-workload-api
+          mountPath: /opt/spire/sockets
+          readOnly: true
+      - name: prober
+        image: troydai/grpcprober:{{ .Values.proberVersion }}
+        volumeMounts:
+        - name: spiffe-workload-api
+          mountPath: /opt/spire/sockets
+          readOnly: true
+        env:
+        - name: SERVER_ADDRESS
+          valueFrom:
+            configMapKeyRef:
+              name: prober-config
+              key: beacon_addr
+        - name: CLIENT_INTERVAL
+          valueFrom:
+            configMapKeyRef:
+              name: prober-config
+              key: prober_interval
+
+      volumes:
+        - name: envoy-config
+          configMap:
+            name: prober-config
+            items:
+            - key: envoy-config
+              path: envoy.yaml
+        - name: spiffe-workload-api
+          csi:
+            driver: "csi.spiffe.io"
+            readOnly: true
diff --git a/charts/grpcbeacon-prober/templates/namespace.yaml b/charts/grpcbeacon-prober/templates/namespace.yaml
@@ -0,0 +1,10 @@
+# create a k8s namespace
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ .Release.Name }}
+  labels:
+    app: {{ .Release.Name }}
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
diff --git a/charts/grpcbeacon-prober/templates/serviceaccount.yaml b/charts/grpcbeacon-prober/templates/serviceaccount.yaml
@@ -1,5 +1,9 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ .Release.Name }}-sa
-  namespace: {{ .Release.Namespace }}
+  name: prober-sa
+  namespace: {{ .Release.Name }}
+  labels:
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
diff --git a/charts/grpcbeacon-prober/values.yaml b/charts/grpcbeacon-prober/values.yaml
@@ -1,3 +1,8 @@
 # Default values for grpcbeacon-prober.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
+
+replicaCount: 1
+proberVersion: v0.8.4
+beaconAddr: beacon-service.workload-ns.svc.cluster.local
+beaconPort: 9090
