Support WAN Address Annotations (#3420)

* Add wanAddress configuration to the configmap * Set the annotations on the mesh gateway CRD * Patch through the annotations from the Mesh Gateway * Fix Job -> ConfigMap * Use JSON to compare annotations * Add annotations to deployment test * Fix checking annotations in helm tests
hashicorp · Jan 3, 2024 · 6310d7e · 6310d7e
1 parent 3353bd3
commit 6310d7e
Show file tree

Hide file tree

Showing 5 changed files with 126 additions and 6 deletions.
diff --git a/charts/consul/templates/gateway-resources-configmap.yaml b/charts/consul/templates/gateway-resources-configmap.yaml
@@ -1,4 +1,9 @@
 {{- if .Values.connectInject.enabled }}
+
+# Validation
+# For meshGateway.wanAddress, static must be set if source is "Static"
+{{if (and (eq .Values.meshGateway.wanAddress.source "Static") (eq .Values.meshGateway.wanAddress.static ""))}}{{fail ".meshGateway.wanAddress.static must be set to a value if .meshGateway.wanAddress.source is Static"}}{{ end }}
+
 # Configuration of Gateway Resources Job which creates managed Gateway configuration.
 apiVersion: v1
 kind: ConfigMap
@@ -101,6 +106,19 @@ data:
         metadata:
           name: mesh-gateway
           namespace: {{ .Release.Namespace }}
+          annotations: 
+            # TODO are these annotations even necessary?
+            "consul.hashicorp.com/gateway-wan-address-source": {{ .Values.meshGateway.wanAddress.source | quote }}
+            "consul.hashicorp.com/gateway-wan-address-static": {{ .Values.meshGateway.wanAddress.static | quote }}
+            {{- if eq .Values.meshGateway.wanAddress.source "Service" }}
+            {{- if eq .Values.meshGateway.service.type "NodePort" }}
+            "consul.hashicorp.com/gateway-wan-port": {{ .Values.meshGateway.service.nodePort | quote  }}
+            {{- else }}
+            "consul.hashicorp.com/gateway-wan-port": {{ .Values.meshGateway.service.port | quote }}
+            {{- end }}
+            {{- else }}
+            "consul.hashicorp.com/gateway-wan-port": {{ .Values.meshGateway.wanAddress.port | quote }}
+            {{- end }}
         spec:
           gatewayClassName: consul-mesh-gateway
   {{- end }}

diff --git a/charts/consul/test/unit/gateway-resources-configmap.bats b/charts/consul/test/unit/gateway-resources-configmap.bats
@@ -2,18 +2,20 @@
 
 load _helpers
 
+target=templates/gateway-resources-configmap.yaml
+
 @test "gateway-resources/ConfigMap: disabled with connectInject.enabled=false" {
     cd `chart_dir`
     assert_empty helm template \
-        -s templates/gateway-resources-configmap.yaml \
+        -s $target \
         --set 'connectInject.enabled=false' \
         .
 }
 
 @test "gateway-resources/ConfigMap: enabled with connectInject.enabled=true" {
     cd `chart_dir`
     local actual=$(helm template \
-        -s templates/gateway-resources-configmap.yaml \
+        -s $target \
         --set 'connectInject.enabled=true' \
         . | tee /dev/stderr |
         yq 'length > 0' | tee /dev/stderr)
@@ -23,7 +25,7 @@ load _helpers
 @test "gateway-resources/ConfigMap: contains resources configuration as JSON" {
     cd `chart_dir`
     local resources=$(helm template \
-        -s templates/gateway-resources-configmap.yaml \
+        -s $target \
         --set 'connectInject.enabled=true' \
         --set 'connectInject.apiGateway.managedGatewayClass.resources.requests.memory=200Mi' \
         --set 'connectInject.apiGateway.managedGatewayClass.resources.requests.cpu=200m' \
@@ -48,7 +50,7 @@ load _helpers
 @test "gateway-resources/ConfigMap: does not contain config.yaml resources without .global.experiments equal to resource-apis" {
     cd `chart_dir`
     local resources=$(helm template \
-        -s templates/gateway-resources-configmap.yaml \
+        -s $target \
         --set 'connectInject.enabled=true' \
         --set 'ui.enabled=false' \
         . | tee /dev/stderr |
@@ -60,7 +62,7 @@ load _helpers
 @test "gateway-resources/ConfigMap: contains config.yaml resources with .global.experiments equal to resource-apis" {
     cd `chart_dir`
     local resources=$(helm template \
-        -s templates/gateway-resources-configmap.yaml \
+        -s $target \
         --set 'connectInject.enabled=true' \
         --set 'meshGateway.enabled=true' \
         --set 'global.experiments[0]=resource-apis' \
@@ -70,3 +72,76 @@ load _helpers
 
     [ "$resources" != null ]
 }
+
+
+#--------------------------------------------------------------------
+# Mesh Gateway WAN Address configuration
+
+@test "gateway-resources/ConfigMap: Mesh Gateway WAN Address default annotations" {
+    cd `chart_dir`
+    local annotations=$(helm template \
+        -s $target \
+        --set 'connectInject.enabled=true' \
+        --set 'meshGateway.enabled=true' \
+        --set 'global.experiments[0]=resource-apis' \
+        --set 'ui.enabled=false' \
+        . | tee /dev/stderr |
+        yq -r '.data["config.yaml"]' | yq -r '.meshGateways[0].metadata.annotations' | tee /dev/stderr)
+
+    local actual=$(echo "$annotations" | jq -r '.["consul.hashicorp.com/gateway-wan-address-source"]')
+    [ "${actual}" = 'Service' ]
+
+    local actual=$(echo "$annotations" | jq -r '.["consul.hashicorp.com/gateway-wan-port"]')
+    [ "${actual}" = '443' ]
+
+    local actual=$(echo "$annotations" | jq -r '.["consul.hashicorp.com/gateway-wan-address-static"]')
+    [ "${actual}" = '' ]
+}
+
+@test "gateway-resources/ConfigMap: Mesh Gateway WAN Address NodePort annotations" {
+    cd `chart_dir`
+    local annotations=$(helm template \
+        -s $target \
+        --set 'connectInject.enabled=true' \
+        --set 'meshGateway.enabled=true' \
+        --set 'global.experiments[0]=resource-apis' \
+        --set 'ui.enabled=false' \
+        --set 'meshGateway.wanAddress.source=Service' \
+        --set 'meshGateway.service.type=NodePort' \
+        --set 'meshGateway.service.nodePort=30000' \
+        . | tee /dev/stderr |
+        yq -r '.data["config.yaml"]' | yq -r '.meshGateways[0].metadata.annotations' | tee /dev/stderr)
+
+    local actual=$(echo "$annotations" | jq -r '.["consul.hashicorp.com/gateway-wan-address-source"]')
+    [ "${actual}" = 'Service' ]
+
+    local actual=$(echo "$annotations" | jq -r '.["consul.hashicorp.com/gateway-wan-port"]')
+    [ "${actual}" = '30000' ]
+
+    local actual=$(echo "$annotations" | jq -r '.["consul.hashicorp.com/gateway-wan-address-static"]')
+    [ "${actual}" = '' ]
+}
+
+@test "gateway-resources/ConfigMap: Mesh Gateway WAN Address static configuration" {
+    cd `chart_dir`
+    local annotations=$(helm template \
+        -s $target \
+        --set 'connectInject.enabled=true' \
+        --set 'meshGateway.enabled=true' \
+        --set 'global.experiments[0]=resource-apis' \
+        --set 'ui.enabled=false' \
+        --set 'meshGateway.wanAddress.source=Static' \
+        --set 'meshGateway.wanAddress.static=127.0.0.1' \
+        . | tee /dev/stderr |
+        yq -r '.data["config.yaml"]' | yq -r '.meshGateways[0].metadata.annotations' | tee /dev/stderr)
+
+    local actual=$(echo "$annotations" | jq -r '.["consul.hashicorp.com/gateway-wan-address-source"]')
+    [ "${actual}" = 'Static' ]
+
+    local actual=$(echo "$annotations" | jq -r '.["consul.hashicorp.com/gateway-wan-port"]')
+    [ "${actual}" = '443' ]
+
+    local actual=$(echo "$annotations" | jq -r '.["consul.hashicorp.com/gateway-wan-address-static"]')
+    [ "${actual}" = '127.0.0.1' ]
+}
+
diff --git a/charts/consul/values.yaml b/charts/consul/values.yaml
@@ -2771,7 +2771,7 @@ meshGateway:
     #   are routable from other datacenters.
     #
     # - `Static` - Use the address hardcoded in `meshGateway.wanAddress.static`.
-    source: "Service"
+    source: Service
 
     # Port that gets registered for WAN traffic.
     # If source is set to "Service" then this setting will have no effect.

diff --git a/control-plane/gateways/deployment.go b/control-plane/gateways/deployment.go
@@ -70,6 +70,13 @@ func (b *meshGatewayBuilder) deploymentSpec() (*appsv1.DeploymentSpec, error) {
 					constants.AnnotationMeshInject: "false",
 					// This functionality only applies when proxy sidecars are used
 					constants.AnnotationTransparentProxyOverwriteProbes: "false",
+					// This annotation determines which source to use to set the
+					// WAN address and WAN port for the Mesh Gateway service registration.
+					constants.AnnotationGatewayWANSource: b.gateway.Annotations[constants.AnnotationGatewayWANSource],
+					// This annotation determines the WAN port for the Mesh Gateway service registration.
+					constants.AnnotationGatewayWANPort: b.gateway.Annotations[constants.AnnotationGatewayWANPort],
+					// This annotation determines the address for the gateway when the source annotation is "Static".
+					constants.AnnotationGatewayWANAddress: b.gateway.Annotations[constants.AnnotationGatewayWANAddress],
 				},
 			},
 			Spec: corev1.PodSpec{

diff --git a/control-plane/gateways/deployment_test.go b/control-plane/gateways/deployment_test.go
@@ -35,6 +35,13 @@ func Test_meshGatewayBuilder_Deployment(t *testing.T) {
 			name: "happy path",
 			fields: fields{
 				gateway: &meshv2beta1.MeshGateway{
+					ObjectMeta: metav1.ObjectMeta{
+						Annotations: map[string]string{
+							constants.AnnotationGatewayWANSource:  "Service",
+							constants.AnnotationGatewayWANPort:    "443",
+							constants.AnnotationGatewayWANAddress: "",
+						},
+					},
 					Spec: pbmesh.MeshGateway{
 						GatewayClassName: "test-gateway-class",
 					},
@@ -133,6 +140,9 @@ func Test_meshGatewayBuilder_Deployment(t *testing.T) {
 								constants.AnnotationGatewayKind:                     meshGatewayAnnotationKind,
 								constants.AnnotationMeshInject:                      "false",
 								constants.AnnotationTransparentProxyOverwriteProbes: "false",
+								constants.AnnotationGatewayWANSource:                "Service",
+								constants.AnnotationGatewayWANPort:                  "443",
+								constants.AnnotationGatewayWANAddress:               "",
 							},
 						},
 						Spec: corev1.PodSpec{
@@ -389,6 +399,13 @@ func Test_meshGatewayBuilder_Deployment(t *testing.T) {
 			name: "nil gatewayclassconfig - (notfound)",
 			fields: fields{
 				gateway: &meshv2beta1.MeshGateway{
+					ObjectMeta: metav1.ObjectMeta{
+						Annotations: map[string]string{
+							constants.AnnotationGatewayWANSource:  "Service",
+							constants.AnnotationGatewayWANPort:    "443",
+							constants.AnnotationGatewayWANAddress: "",
+						},
+					},
 					Spec: pbmesh.MeshGateway{
 						GatewayClassName: "test-gateway-class",
 					},
@@ -413,6 +430,9 @@ func Test_meshGatewayBuilder_Deployment(t *testing.T) {
 								constants.AnnotationGatewayKind:                     meshGatewayAnnotationKind,
 								constants.AnnotationMeshInject:                      "false",
 								constants.AnnotationTransparentProxyOverwriteProbes: "false",
+								constants.AnnotationGatewayWANSource:                "Service",
+								constants.AnnotationGatewayWANPort:                  "443",
+								constants.AnnotationGatewayWANAddress:               "",
 							},
 						},
 						Spec: corev1.PodSpec{