diff --git a/api/v1alpha1/dnspolicy_types.go b/api/v1alpha1/dnspolicy_types.go index 20f5116cb..2ca52fd3f 100644 --- a/api/v1alpha1/dnspolicy_types.go +++ b/api/v1alpha1/dnspolicy_types.go @@ -23,7 +23,6 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapiv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" @@ -280,9 +279,9 @@ func (p *DNSPolicy) WithTargetGateway(gwName string) *DNSPolicy { func (p *DNSPolicy) WithHealthCheckFor(endpoint string, port int, protocol string, failureThreshold int) *DNSPolicy { return p.WithHealthCheck(dnsv1alpha1.HealthCheckSpec{ - Endpoint: endpoint, + Path: endpoint, Port: &port, - Protocol: ptr.To(dnsv1alpha1.HealthProtocol(protocol)), + Protocol: dnsv1alpha1.Protocol(protocol), FailureThreshold: &failureThreshold, }) } diff --git a/bundle/manifests/kuadrant.io_dnspolicies.yaml b/bundle/manifests/kuadrant.io_dnspolicies.yaml index 852e586a9..3f5eb465f 100644 --- a/bundle/manifests/kuadrant.io_dnspolicies.yaml +++ b/bundle/manifests/kuadrant.io_dnspolicies.yaml @@ -81,12 +81,21 @@ spec: By default this health check will be applied to each unique DNS A Record for the listeners assigned to the target gateway properties: - endpoint: + additionalHeadersRef: description: |- - Endpoint is the path to append to the host to reach the expected health check. - Must start with "?" or "/", contain only valid URL characters and end with alphanumeric char or "/". For example "/" or "/healthz" are common - pattern: ^(?:\?|\/)[\w\-.~:\/?#\[\]@!$&'()*+,;=]+(?:[a-zA-Z0-9]|\/){1}$ - type: string + AdditionalHeadersRef refers to a secret that contains extra headers to send in the probe request, this is primarily useful if an authentication + token is required by the endpoint. + properties: + name: + type: string + required: + - name + type: object + allowInsecureCertificate: + description: |- + AllowInsecureCertificate will instruct the health check probe to not fail on a self-signed or otherwise invalid SSL certificate + this is primarily used in development or testing environments + type: boolean failureThreshold: description: FailureThreshold is a limit of consecutive failures that must occur for a host to be considered unhealthy @@ -94,6 +103,16 @@ spec: x-kubernetes-validations: - message: Failure threshold must be greater than 0 rule: self > 0 + interval: + description: Interval defines how frequently this probe should + execute + type: string + path: + description: |- + Path is the path to append to the host to reach the expected health check. + Must start with "?" or "/", contain only valid URL characters and end with alphanumeric char or "/". For example "/" or "/healthz" are common + pattern: ^(?:\?|\/)[\w\-.~:\/?#\[\]@!$&'()*+,;=]+(?:[a-zA-Z0-9]|\/){1}$ + type: string port: description: Port to connect to the host on. Must be either 80, 443 or 1024-49151 diff --git a/charts/kuadrant-operator/templates/manifests.yaml b/charts/kuadrant-operator/templates/manifests.yaml index 4de7b775e..5e012d2a2 100644 --- a/charts/kuadrant-operator/templates/manifests.yaml +++ b/charts/kuadrant-operator/templates/manifests.yaml @@ -13281,12 +13281,21 @@ spec: By default this health check will be applied to each unique DNS A Record for the listeners assigned to the target gateway properties: - endpoint: + additionalHeadersRef: description: |- - Endpoint is the path to append to the host to reach the expected health check. - Must start with "?" or "/", contain only valid URL characters and end with alphanumeric char or "/". For example "/" or "/healthz" are common - pattern: ^(?:\?|\/)[\w\-.~:\/?#\[\]@!$&'()*+,;=]+(?:[a-zA-Z0-9]|\/){1}$ - type: string + AdditionalHeadersRef refers to a secret that contains extra headers to send in the probe request, this is primarily useful if an authentication + token is required by the endpoint. + properties: + name: + type: string + required: + - name + type: object + allowInsecureCertificate: + description: |- + AllowInsecureCertificate will instruct the health check probe to not fail on a self-signed or otherwise invalid SSL certificate + this is primarily used in development or testing environments + type: boolean failureThreshold: description: FailureThreshold is a limit of consecutive failures that must occur for a host to be considered unhealthy @@ -13294,6 +13303,16 @@ spec: x-kubernetes-validations: - message: Failure threshold must be greater than 0 rule: self > 0 + interval: + description: Interval defines how frequently this probe should + execute + type: string + path: + description: |- + Path is the path to append to the host to reach the expected health check. + Must start with "?" or "/", contain only valid URL characters and end with alphanumeric char or "/". For example "/" or "/healthz" are common + pattern: ^(?:\?|\/)[\w\-.~:\/?#\[\]@!$&'()*+,;=]+(?:[a-zA-Z0-9]|\/){1}$ + type: string port: description: Port to connect to the host on. Must be either 80, 443 or 1024-49151 diff --git a/config/crd/bases/kuadrant.io_dnspolicies.yaml b/config/crd/bases/kuadrant.io_dnspolicies.yaml index 2ae5aca3e..b5f32f64a 100644 --- a/config/crd/bases/kuadrant.io_dnspolicies.yaml +++ b/config/crd/bases/kuadrant.io_dnspolicies.yaml @@ -80,12 +80,21 @@ spec: By default this health check will be applied to each unique DNS A Record for the listeners assigned to the target gateway properties: - endpoint: + additionalHeadersRef: description: |- - Endpoint is the path to append to the host to reach the expected health check. - Must start with "?" or "/", contain only valid URL characters and end with alphanumeric char or "/". For example "/" or "/healthz" are common - pattern: ^(?:\?|\/)[\w\-.~:\/?#\[\]@!$&'()*+,;=]+(?:[a-zA-Z0-9]|\/){1}$ - type: string + AdditionalHeadersRef refers to a secret that contains extra headers to send in the probe request, this is primarily useful if an authentication + token is required by the endpoint. + properties: + name: + type: string + required: + - name + type: object + allowInsecureCertificate: + description: |- + AllowInsecureCertificate will instruct the health check probe to not fail on a self-signed or otherwise invalid SSL certificate + this is primarily used in development or testing environments + type: boolean failureThreshold: description: FailureThreshold is a limit of consecutive failures that must occur for a host to be considered unhealthy @@ -93,6 +102,16 @@ spec: x-kubernetes-validations: - message: Failure threshold must be greater than 0 rule: self > 0 + interval: + description: Interval defines how frequently this probe should + execute + type: string + path: + description: |- + Path is the path to append to the host to reach the expected health check. + Must start with "?" or "/", contain only valid URL characters and end with alphanumeric char or "/". For example "/" or "/healthz" are common + pattern: ^(?:\?|\/)[\w\-.~:\/?#\[\]@!$&'()*+,;=]+(?:[a-zA-Z0-9]|\/){1}$ + type: string port: description: Port to connect to the host on. Must be either 80, 443 or 1024-49151 diff --git a/controllers/dnspolicy_dnsrecords.go b/controllers/dnspolicy_dnsrecords.go index 0c4d28a99..6d38fedfe 100644 --- a/controllers/dnspolicy_dnsrecords.go +++ b/controllers/dnspolicy_dnsrecords.go @@ -137,10 +137,11 @@ func (r *DNSPolicyReconciler) desiredDNSRecord(gateway *gatewayapiv1.Gateway, cl if dnsPolicy.Spec.HealthCheck != nil { healthCheckSpec = &kuadrantdnsv1alpha1.HealthCheckSpec{ - Endpoint: dnsPolicy.Spec.HealthCheck.Endpoint, + Path: dnsPolicy.Spec.HealthCheck.Path, Port: dnsPolicy.Spec.HealthCheck.Port, Protocol: dnsPolicy.Spec.HealthCheck.Protocol, FailureThreshold: dnsPolicy.Spec.HealthCheck.FailureThreshold, + Interval: dnsPolicy.Spec.HealthCheck.Interval, } } dnsRecord := &kuadrantdnsv1alpha1.DNSRecord{ diff --git a/doc/reference/dnspolicy.md b/doc/reference/dnspolicy.md index 2e60d6172..7dfcdd54f 100644 --- a/doc/reference/dnspolicy.md +++ b/doc/reference/dnspolicy.md @@ -52,10 +52,13 @@ |------------|----------|:------------:|----------------------------------------------------------------------------------------| | `name` | String | Yes | Name of the secret in the same namespace that contains the provider credentials |--------------------|------------|:------------:|-----------------------------------------------------------------------------------------------------------| -| `endpoint` | String | Yes | Endpoint is the path to append to the host to reach the expected health check | -| `port` | Number | Yes | Port to connect to the host on | +| `path` | String | Yes | Path is the path to append to the host to reach the expected health check. Must start with "?" or "/", contain only valid URL characters and end with alphanumeric char or "/". For example "/" or "/healthz" are common | +| `port` | Number | Yes | Port to connect to the host on. Must be either 80, 443 or 1024-49151 | | `protocol` | String | Yes | Protocol to use when connecting to the host, valid values are "HTTP" or "HTTPS" | | `failureThreshold` | Number | Yes | FailureThreshold is a limit of consecutive failures that must occur for a host to be considered unhealthy | +| `interval` | Duration | Yes | Interval defines how frequently this probe should execute +| `additionalHeadersRef` | String | No | AdditionalHeadersRef refers to a secret that contains extra headers to send in the probe request, this is primarily useful if an authentication token is required by the endpoint. +| `allowInsecureCertificate` | Boolean | No | AllowInsecureCertificate will instruct the health check probe to not fail on a self-signed or otherwise invalid SSL certificate this is primarily used in development or testing environments ## LoadBalancingSpec diff --git a/examples/dnspolicy/dnspolicy-healthchecks.yaml b/examples/dnspolicy/dnspolicy-healthchecks.yaml index 21f05bb95..7a418ade9 100644 --- a/examples/dnspolicy/dnspolicy-healthchecks.yaml +++ b/examples/dnspolicy/dnspolicy-healthchecks.yaml @@ -15,7 +15,7 @@ spec: geo: EU defaultGeo: true healthCheck: - endpoint: /healthz - port: 1111111 - protocol: HTTP + path: /healthz + port: 443 + protocol: HTTPS failureThreshold: 3 diff --git a/go.mod b/go.mod index a2ef1ae74..6609380b1 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/google/uuid v1.6.0 github.com/kuadrant/authorino v0.18.0 github.com/kuadrant/authorino-operator v0.11.1 - github.com/kuadrant/dns-operator v0.0.0-20240926100317-2e2497411ab3 + github.com/kuadrant/dns-operator v0.0.0-20241002074817-d0cab9eecbdb github.com/kuadrant/limitador-operator v0.9.0 github.com/kuadrant/policy-machinery v0.2.0 github.com/martinlindhe/base36 v1.1.1 diff --git a/go.sum b/go.sum index d33128aeb..75bc3ff74 100644 --- a/go.sum +++ b/go.sum @@ -260,6 +260,10 @@ github.com/kuadrant/authorino-operator v0.11.1 h1:jndTZhiHMU+2Dk0NU+KP2+MUSfvclr github.com/kuadrant/authorino-operator v0.11.1/go.mod h1:TeFFdX477vUTMushCojaHpvwPLga4DpErGI2oQbqFIs= github.com/kuadrant/dns-operator v0.0.0-20240926100317-2e2497411ab3 h1:r5Ed62AetTJhbJGEinM/G7ugdxV6Kp/kcVIpxOVxduM= github.com/kuadrant/dns-operator v0.0.0-20240926100317-2e2497411ab3/go.mod h1:IHAt2o/VH1c0GIZTprggUDZuxoH0I304R9DUErBNIhk= +github.com/kuadrant/dns-operator v0.0.0-20241002074817-d0cab9eecbdb h1:8cb/OsWDOrtjyFBobTzy2NGMQdVxGl4xAaQryFQYdQQ= +github.com/kuadrant/dns-operator v0.0.0-20241002074817-d0cab9eecbdb/go.mod h1:IHAt2o/VH1c0GIZTprggUDZuxoH0I304R9DUErBNIhk= +github.com/kuadrant/dns-operator v0.6.0 h1:PH/cbK8Oz6EXcKO9kQH7Ovt8EskoAr70s58BHNppWpY= +github.com/kuadrant/dns-operator v0.6.0/go.mod h1:v6I6UWXmyVx3u5fatdw3PoS5owNvxkTMUE7gTC/Tfd0= github.com/kuadrant/limitador-operator v0.9.0 h1:hTQ6CFPayf/sL7cIzwWjCoU8uTn6fzWdsJgKbDlnFts= github.com/kuadrant/limitador-operator v0.9.0/go.mod h1:DQOlg9qFOcnWPrwO529JRCMLLOEXJQxkmOes952S/Hw= github.com/kuadrant/policy-machinery v0.2.0 h1:6kACb+bdEwHXz2tvTs6dlLgvxFgFrowvGTZKMI9p0Qo=