Housekeeping: Kusk Services (#956)

Issue and Discussion
====================

See #956.

Resolves #956.

Summary
=======

Rename `kusk-gateway-manager-service` to `kusk-gateway-manager`.

Remove `kusk-gateway-validator-service` and `kusk-gateway-auth-service` since they are now part of `kusk-gateway-manager`.

Changes
=======

`internal/services/services.go`
-------------------------------

Introduce `AuthServiceURL` and `ValidatorURL`, so we don't have to repeat service URLs in several places.

`config/manager/manager.yaml`
-----------------------------

Remove `command` from `containers` as we have `ENTRYPOINT ["/manager"]` in `build/manager/Dockerfile`, i.e., the block
below is not needed:

```yaml
        - command:
            - /manager
```

`internal/envoy/auth/parser.go`
-------------------------------

Fix possible null pointer exception when dereferencing `auth.Custom.Host.Path`.

`examples/auth/oauth2/static-route/**`
-------------------------------------

Remove `StaticRoute` example as `paths` is no longer applicable.

`SKAFFOLD.md`
-------------

Remove an item from `TODO` list section as it is no longer applicable.

---

Signed-off-by: Mohamed Bana <mohamed@bana.io>

Makefile

@@ -73,7 +73,7 @@ tail-logs: install-deps ## Tail logs of all containers across all namespaces
 
 .PHONY: tail-xds
 tail-xds: ## Tail logs of kusk-manager
-	kubectl logs --follow --namespace kusk-system services/kusk-gateway-xds-service
+	kubectl logs --follow --namespace kusk-system services/kusk-gateway-manager
 
 .PHONY: tail-envoyfleet
 tail-envoyfleet: ## Tail logs of envoy
@@ -157,6 +157,8 @@ build: generate fmt vet ## Build manager binary.
 docker-build: ## Build docker image with the manager.
 	docker build \
 		--tag ${MANAGER_IMG} \
+		--tag ttl.sh/kubeshop/kusk-gateway:latest \
+		--tag ttl.sh/kubeshop/kusk-gateway:$(shell git describe --tags $(shell git rev-list --tags --max-count=1)) \
 		--tag kusk-gateway:latest \
 		--tag kubeshop/kusk-gateway:latest \
 		--tag kubeshop/kusk-gateway:$(shell git describe --tags $(shell git rev-list --tags --max-count=1)) \

SKAFFOLD.md

@@ -432,5 +432,4 @@ As can seen from above, that's controller's stackframe.
 TODO
 ----
 
-* Currently I've hardcoded a value `runAsNonRoot: false` in `config/manager/manager.yaml` to enable debugging. This isn't ideal or correct. There are better ways of doing this.
 * Multiple Platform Images: Investigate <https://github.com/GoogleContainerTools/skaffold/tree/main/examples/custom-buildx>.

cmd/kusk/cmd/manifest_data_test.go

@@ -0,0 +1,37 @@
+// MIT License
+//
+// Copyright (c) 2022 Kubeshop
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in all
+// copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+// SOFTWARE.
+
+package cmd
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_configManagerServiceYamlBytes(t *testing.T) {
+	assert := assert.New(t)
+
+	yaml, err := configManagerServiceYamlBytes()
+	assert.NoError(err)
+	t.Logf("config/manager/service.yaml=%v", string(yaml))
+}

cmd/manager/main.go

@@ -63,6 +63,7 @@ import (
 	"github.com/kubeshop/kusk-gateway/internal/authz"
 	"github.com/kubeshop/kusk-gateway/internal/controllers"
 	"github.com/kubeshop/kusk-gateway/internal/envoy/manager"
+	"github.com/kubeshop/kusk-gateway/internal/services"
 	"github.com/kubeshop/kusk-gateway/internal/validation"
 	"github.com/kubeshop/kusk-gateway/internal/webhooks"
 	"github.com/kubeshop/kusk-gateway/pkg/analytics"
@@ -251,7 +252,8 @@ func main() {
 	// Validation proxy
 	proxy := validation.NewServer(logger)
 	go func() {
-		if err := proxy.Start(":17000"); err != nil {
+		_, port := services.ValidatorHostPort()
+		if err := proxy.Start(fmt.Sprintf(":%d", port)); err != nil {
 			setupLog.Error(err, "Unable to start validation proxy")
 			os.Exit(1)
 		}
@@ -260,8 +262,9 @@ func main() {
 	// ext authz server
 	authServer := authz.NewServer(logger)
 	go func() {
-		if err := authServer.ListenAndServe(":19000"); err != nil {
-			setupLog.Error(err, "Unable to start validation proxy")
+		_, port := services.AuthServiceHostPort()
+		if err := authServer.ListenAndServe(fmt.Sprintf(":%d", port)); err != nil {
+			setupLog.Error(err, "Unable to start auth service proxy")
 			os.Exit(1)
 		}
 	}()

config/default/kustomization.yaml

@@ -1,10 +1,10 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- ../crd
-- ../rbac
-- ../manager
-- ../webhook
+  - ../crd
+  - ../rbac
+  - ../manager
+  - ../webhook
 
 # Adds namespace to all resources.
 namespace: kusk-system
@@ -22,13 +22,13 @@ commonLabels:
   app.kubernetes.io/name: kusk-gateway
 
 patchesStrategicMerge:
-- manager_auth_proxy_patch.yaml
-- manager_webhook_patch.yaml
+  - manager_auth_proxy_patch.yaml
+  - manager_webhook_patch.yaml
 
 images:
-- name: kusk-gateway
-  newName: kubeshop/kusk-gateway
-  newTag: v1.5.0
-- name: kusk-gateway:dev
-  newName: kubeshop/kusk-gateway
-  newTag: latest
+  - name: kusk-gateway
+    newName: kubeshop/kusk-gateway
+    newTag: v1.5.0
+  - name: kusk-gateway:dev
+    newName: kubeshop/kusk-gateway
+    newTag: latest

config/manager/manager.yaml

@@ -23,9 +23,7 @@ spec:
       securityContext:
         runAsNonRoot: true
       containers:
-        - command:
-            - /manager
-          image: kusk-gateway:latest
+        - image: kusk-gateway:latest
           imagePullPolicy: IfNotPresent
           name: manager
           envFrom:

config/manager/service.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: kusk-gateway-manager-service
+  name: kusk-gateway-manager
   namespace: system
   labels:
     app.kubernetes.io/component: xds-service

examples/auth/cloudentity/example-1/api.yaml

@@ -2,13 +2,13 @@ apiVersion: gateway.kusk.io/v1alpha1
 kind: API
 metadata:
   name: auth-cloudentity
-  namespace: default
+  namespace: kusk-system
 spec:
   fleet:
     name: kusk-gateway-envoy-fleet
     namespace: kusk-system
   spec: |
-    openapi: 3.1.0
+    openapi: 3.0.0
     info:
       title: auth-cloudentity
       description: auth-cloudentity
@@ -20,10 +20,10 @@ spec:
       upstream:
         service:
           name: auth-cloudentity-go-httpbin
-          namespace: default
+          namespace: kusk-system
           port: 80
       auth:
-        cloudentity
+        cloudentity:
           host:
             hostname: cloudentity-authorizer-standalone-authorizer.kusk-system
             port: 9004