[public-api] Add kube-rbac proxy container to deployment

Author: easyCZ

install/installer/pkg/common/common.go

@@ -280,17 +280,21 @@ func MessageBusWaiterContainer(ctx *RenderContext) *corev1.Container {
 }
 
 func KubeRBACProxyContainer(ctx *RenderContext) *corev1.Container {
+	return KubeRBACProxyContainerWithConfig(ctx, 9500, "http://127.0.0.1:9500/")
+}
+
+func KubeRBACProxyContainerWithConfig(ctx *RenderContext, listenPort int32, upstream string) *corev1.Container {
 	return &corev1.Container{
 		Name:  "kube-rbac-proxy",
 		Image: ctx.ImageName(ThirdPartyContainerRepo(ctx.Config.Repository, KubeRBACProxyRepo), KubeRBACProxyImage, KubeRBACProxyTag),
 		Args: []string{
 			"--v=5",
 			"--logtostderr",
-			"--insecure-listen-address=[$(IP)]:9500",
-			"--upstream=http://127.0.0.1:9500/",
+			fmt.Sprintf("--insecure-listen-address=[$(IP)]:%d", listenPort),
+			fmt.Sprintf("--upstream=%s", upstream),
 		},
 		Ports: []corev1.ContainerPort{
-			{Name: "metrics", ContainerPort: 9500},
+			{Name: "metrics", ContainerPort: listenPort},
 		},
 		Env: []corev1.EnvVar{
 			{

install/installer/pkg/common/common_test.go

@@ -0,0 +1,47 @@
+// Copyright (c) 2022 Gitpod GmbH. All rights reserved.
+// Licensed under the MIT License. See License-MIT.txt in the project root for license information.
+
+package common_test
+
+import (
+	"fmt"
+	"github.com/gitpod-io/gitpod/installer/pkg/common"
+	"github.com/gitpod-io/gitpod/installer/pkg/config/v1"
+	"github.com/gitpod-io/gitpod/installer/pkg/config/versions"
+	"github.com/stretchr/testify/require"
+	corev1 "k8s.io/api/core/v1"
+	"testing"
+)
+
+func TestKubeRBACProxyContainer_DefaultPorts(t *testing.T) {
+	ctx, err := common.NewRenderContext(config.Config{}, versions.Manifest{}, "test_namespace")
+	require.NoError(t, err)
+
+	container := common.KubeRBACProxyContainer(ctx)
+	require.Equal(t, []string{
+		"--v=5",
+		"--logtostderr",
+		"--insecure-listen-address=[$(IP)]:9500",
+		"--upstream=http://127.0.0.1:9500/",
+	}, container.Args)
+	require.Equal(t, []corev1.ContainerPort{
+		{Name: "metrics", ContainerPort: 9500},
+	}, container.Ports)
+}
+
+func TestKubeRBACProxyContainerWithConfig(t *testing.T) {
+	ctx, err := common.NewRenderContext(config.Config{}, versions.Manifest{}, "test_namespace")
+	require.NoError(t, err)
+
+	listenPort := int32(9000)
+	container := common.KubeRBACProxyContainerWithConfig(ctx, listenPort, "http://127.0.0.1:9500/metrics")
+	require.Equal(t, []string{
+		"--v=5",
+		"--logtostderr",
+		fmt.Sprintf("--insecure-listen-address=[$(IP)]:%d", listenPort),
+		"--upstream=http://127.0.0.1:9500/metrics",
+	}, container.Args)
+	require.Equal(t, []corev1.ContainerPort{
+		{Name: "metrics", ContainerPort: listenPort},
+	}, container.Ports)
+}

install/installer/pkg/components/public-api-server/deployment.go

@@ -4,6 +4,7 @@
 package public_api_server
 
 import (
+	"fmt"
 	"github.com/gitpod-io/gitpod/installer/pkg/cluster"
 	"github.com/gitpod-io/gitpod/installer/pkg/common"
 	appsv1 "k8s.io/api/apps/v1"
@@ -92,7 +93,9 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {
 								SuccessThreshold: 1,
 								TimeoutSeconds:   1,
 							},
-						}},
+						},
+							*common.KubeRBACProxyContainerWithConfig(ctx, 9500, fmt.Sprintf("http://127.0.0.1:%d/", HTTPContainerPort)),
+						},
 					},
 				},
 			},

install/installer/pkg/components/public-api-server/deployment_test.go

@@ -0,0 +1,22 @@
+// Copyright (c) 2022 Gitpod GmbH. All rights reserved.
+// Licensed under the MIT License. See License-MIT.txt in the project root for license information.
+
+package public_api_server
+
+import (
+	"github.com/stretchr/testify/require"
+	appsv1 "k8s.io/api/apps/v1"
+	"testing"
+)
+
+func TestDeployment(t *testing.T) {
+	ctx := renderContextWithPublicAPIEnabled(t)
+
+	objects, err := deployment(ctx)
+	require.NoError(t, err)
+
+	require.Len(t, objects, 1, "must render only one object")
+
+	dpl := objects[0].(*appsv1.Deployment)
+	require.Len(t, dpl.Spec.Template.Spec.Containers, 2, "must render 2 containers")
+}

install/installer/pkg/components/public-api-server/objects_test.go

@@ -22,6 +22,14 @@ func TestObjects_NotRenderedDefault(t *testing.T) {
 }
 
 func TestObjects_RenderedWhenExperimentalConfigSet(t *testing.T) {
+	ctx := renderContextWithPublicAPIEnabled(t)
+
+	objects, err := Objects(ctx)
+	require.NoError(t, err)
+	require.NotEmpty(t, objects, "must render objects because experimental config is specified")
+}
+
+func renderContextWithPublicAPIEnabled(t *testing.T) *common.RenderContext {
 	ctx, err := common.NewRenderContext(config.Config{
 		Experimental: &experimental.Config{
 			WebApp: &experimental.WebAppConfig{
@@ -37,7 +45,5 @@ func TestObjects_RenderedWhenExperimentalConfigSet(t *testing.T) {
 	}, "test-namespace")
 	require.NoError(t, err)
 
-	objects, err := Objects(ctx)
-	require.NoError(t, err)
-	require.NotEmpty(t, objects, "must render objects because experimental config is specified")
+	return ctx
 }