feat(routable): ingress support routable

Author: duanhongyi

charts/controller/templates/controller-service.yaml

@@ -4,11 +4,6 @@ metadata:
   name: drycc-controller
   labels:
     heritage: drycc
-    router.drycc.cc/routable: "true"
-  annotations:
-    router.drycc.cc/domains: drycc
-    router.drycc.cc/connectTimeout: "10"
-    router.drycc.cc/tcpTimeout: "1200"
 spec:
   ports:
     - name: http

rootfs/api/models/app.py

@@ -150,9 +150,9 @@ def _get_entrypoint(self, container_type):
         # if this is a procfile-based app, switch the entrypoint to slugrunner's default
         # FIXME: remove slugrunner's hardcoded entrypoint
         release = self.release_set.filter(failed=False).latest()
-        if release.build.procfile and \
-           release.build.sha and not \
-           release.build.dockerfile:
+        if release.build.procfile \
+                and release.build.sha \
+                and not release.build.dockerfile:
             entrypoint = ['/runner/init']
         else:
             entrypoint = ['/bin/bash', '-c']
@@ -189,12 +189,25 @@ def _refresh_ingress(self, hosts, tls_map, ssl_redirect):
         whitelist = self.appsettings_set.latest().whitelist
         if whitelist:
             kwargs.update({"whitelist": whitelist})
-        data = self._scheduler.ingress.get(namespace, ingress).json()
-        version = data["metadata"]["resourceVersion"]
-        self._scheduler.ingress.put(
-            ingress, settings.INGRESS_CLASS, namespace, version, **kwargs)
+        try:
+            # In order to create an ingress, we must first have a namespace.
+            if ingress == "":
+                raise ServiceUnavailable('Empty hostname')
+            try:
+                data = self._scheduler.ingress.get(namespace, ingress).json()
+                version = data["metadata"]["resourceVersion"]
+                self._scheduler.ingress.put(
+                    ingress, settings.INGRESS_CLASS, namespace, version, **kwargs)
+            except KubeException:
+                self.log("creating Ingress {}".format(namespace), level=logging.INFO)
+                self._scheduler.ingress.create(
+                    ingress, settings.INGRESS_CLASS, namespace, **kwargs)
+        except KubeException as e:
+            raise ServiceUnavailable('Could not create Ingress in Kubernetes') from e
 
-    def _refresh_ingress_and_tls(self):
+    def refresh_ingress_and_tls(self):
+        if not getattr(self, 'refresh_ingress_and_tls_enabled', True):
+            return
         ingress = self.id
         hosts, tls_map = [], {}
 
@@ -219,11 +232,6 @@ def _refresh_ingress_and_tls(self):
         self._refresh_ingress(hosts, tls_map, ssl_redirect)
         self._refresh_tls(certs_auto_enabled, hosts)
 
-    def refresh(self):
-        if not getattr(self, "refresh_enabled", True):
-            return
-        self._refresh_ingress_and_tls()
-
     def log(self, message, level=logging.INFO):
         """Logs a message in the context of this application.
 
@@ -255,7 +263,7 @@ def create(self, *args, **kwargs):  # noqa
             )
 
         # create required minimum resources in k8s for the application
-        namespace = ingress = service = self.id
+        namespace = service = self.id
         quota_name = '{}-quota'.format(self.id)
         try:
             self.log('creating Namespace {} and services'.format(namespace), level=logging.DEBUG)
@@ -290,22 +298,7 @@ def create(self, *args, **kwargs):  # noqa
                 raise ServiceUnavailable('Could not delete the Namespace in Kubernetes') from e
 
             raise ServiceUnavailable('Kubernetes resources could not be created') from e
-
-        try:
-            # In order to create an ingress, we must first have a namespace.
-            if ingress == "":
-                raise ServiceUnavailable('Empty hostname')
-            try:
-                self._scheduler.ingress.get(namespace, ingress)
-            except KubeException:
-                self.log("creating Ingress {}".format(namespace), level=logging.INFO)
-                host = "%s.%s" % (ingress, settings.PLATFORM_DOMAIN)
-                self._scheduler.ingress.create(
-                    ingress, settings.INGRESS_CLASS, namespace,
-                    hosts=[host, ])
-                self.refresh_enabled = False  # No refresh ingress
-        except KubeException as e:
-            raise ServiceUnavailable('Could not create Ingress in Kubernetes') from e
+        setattr(self, 'refresh_ingress_and_tls_enabled', False)  # do not refresh
         try:
             self.appsettings_set.latest()
         except AppSettings.DoesNotExist:
@@ -317,7 +310,10 @@ def create(self, *args, **kwargs):  # noqa
         # Attach the platform specific application sub domain to the k8s service
         # Only attach it on first release in case a customer has remove the app domain
         if rel.version == 1 and not Domain.objects.filter(domain=self.id).exists():
-            Domain(owner=self.owner, app=self, domain=self.id).save()
+            Domain.objects.create(owner=self.owner, app=self, domain=self.id)
+        # The default routable is true, so refresh ingress and tls
+        setattr(self, 'refresh_ingress_and_tls_enabled', True)
+        self.refresh_ingress_and_tls()  # refresh
 
     def delete(self, *args, **kwargs):
         """Delete this application including all containers"""
@@ -338,7 +334,8 @@ def delete(self, *args, **kwargs):
                         if e.response.status_code == 404:
                             break
             except KubeException as e:
-                raise ServiceUnavailable('Could not delete Kubernetes Namespace {} within 30 seconds'.format(self.id)) from e  # noqa
+                raise ServiceUnavailable(
+                    'Could not delete Kubernetes Namespace {} within 30 seconds'.format(self.id)) from e  # noqa
         except KubeHTTPException:
             # it's fine if the namespace does not exist - delete app from the DB
             pass
@@ -563,8 +560,8 @@ def deploy(self, release, force_deploy=False, rollback_on_failure=True):  # noqa
                     self.structure = structure
                     # if procfile structure exists then we use it
                     if release.build.procfile and \
-                       release.build.sha and not \
-                       release.build.dockerfile:
+                            release.build.sha and not \
+                            release.build.dockerfile:
                         self.procfile_structure = release.build.procfile
                     self.save()
 
@@ -638,21 +635,14 @@ def deploy(self, release, force_deploy=False, rollback_on_failure=True):  # noqa
         # Make sure the application is routable and uses the correct port done after the fact to
         # let initial deploy settle before routing traffic to the application
         if deploys and app_type:
-            app_settings = self.appsettings_set.latest()
-            service_annotations = {
-                'maintenance': app_settings.maintenance,
-            }
-
             routable = deploys[app_type].get('routable')
             port = deploys[app_type].get('envs', {}).get('PORT', None)
-            self._update_application_service(self.id, app_type, port, routable, service_annotations)  # noqa
-
+            self._update_application_service(self.id, app_type, port, routable)  # noqa
             # Wait until application is available in the router
             # Only run when there is no previous build / release
             old = release.previous()
             if old is None or old.build is None:
                 self.verify_application_health(**deploys[app_type])
-
         # cleanup old release objects from kubernetes
         release.cleanup_old()
 
@@ -964,42 +954,25 @@ def maintenance_mode(self, mode):
             self._scheduler.svc.update(self.id, self.id, data=old_service)
             raise ServiceUnavailable(str(e)) from e
 
-        # set maintenance mode for services
-        for svc in self.service_set.all():
-            svc.maintenance_mode(mode)
-
     def routable(self, routable):
         """
         Turn on/off if an application is publically routable
         """
-        service = self._fetch_service_config(self.id)
-        old_service = service.copy()  # in case anything fails for rollback
-
-        try:
-            service['metadata']['labels']['router.drycc.cc/routable'] = str(routable).lower()
-            self._scheduler.svc.update(self.id, self.id, data=service)
-        except KubeException as e:
-            self._scheduler.svc.update(self.id, self.id, data=old_service)
-            raise ServiceUnavailable(str(e)) from e
+        if routable:
+            self.refresh_ingress_and_tls()
+        else:
+            try:
+                namespace = ingress = self.id
+                self._scheduler.ingress.delete(namespace, ingress)
+            except KubeException as e:
+                raise ServiceUnavailable(str(e)) from e
 
-    def _update_application_service(self, namespace, app_type, port, routable=False, annotations={}):  # noqa
+    def _update_application_service(self, namespace, app_type, port, routable=False):  # noqa
         """Update application service with all the various required information"""
         service = self._fetch_service_config(namespace)
         old_service = service.copy()  # in case anything fails for rollback
 
         try:
-            # Update service information
-            for key, value in annotations.items():
-                if value is not None:
-                    service['metadata']['annotations']['router.drycc.cc/%s' % key] = str(value)
-                else:
-                    service['metadata']['annotations'].pop('router.drycc.cc/%s' % key, None)
-            if routable:
-                service['metadata']['labels']['router.drycc.cc/routable'] = 'true'
-            else:
-                # delete the annotation
-                service['metadata']['labels'].pop('router.drycc.cc/routable', None)
-
             # Set app type selector
             service['spec']['selector']['type'] = app_type
 
@@ -1128,10 +1101,12 @@ def _gather_app_settings(self, release, app_settings, process_type, replicas):
         deploy_timeout = int(config.values.get('DRYCC_DEPLOY_TIMEOUT', settings.DRYCC_DEPLOY_TIMEOUT))  # noqa
 
         # configures how many ReplicaSets to keep beside the latest version
-        deployment_history = config.values.get('KUBERNETES_DEPLOYMENTS_REVISION_HISTORY_LIMIT', settings.KUBERNETES_DEPLOYMENTS_REVISION_HISTORY_LIMIT)  # noqa
+        deployment_history = config.values.get('KUBERNETES_DEPLOYMENTS_REVISION_HISTORY_LIMIT',
+                                               settings.KUBERNETES_DEPLOYMENTS_REVISION_HISTORY_LIMIT)  # noqa
 
         # get application level pod termination grace period
-        pod_termination_grace_period_seconds = int(config.values.get('KUBERNETES_POD_TERMINATION_GRACE_PERIOD_SECONDS', settings.KUBERNETES_POD_TERMINATION_GRACE_PERIOD_SECONDS))  # noqa
+        pod_termination_grace_period_seconds = int(config.values.get(
+            'KUBERNETES_POD_TERMINATION_GRACE_PERIOD_SECONDS', settings.KUBERNETES_POD_TERMINATION_GRACE_PERIOD_SECONDS))  # noqa
 
         # set the image pull policy that is associated with the application container
         image_pull_policy = config.values.get('IMAGE_PULL_POLICY', settings.IMAGE_PULL_POLICY)

rootfs/api/models/appsettings.py

@@ -28,9 +28,13 @@ class AppSettings(UuidAuditedModel):
 
     class Meta:
         get_latest_by = 'created'
-        unique_together = (('app', 'uuid'))
+        unique_together = (('app', 'uuid'), )
         ordering = ['-created']
 
+    def __init__(self, *args, **kwargs):
+        UuidAuditedModel.__init__(self, *args, **kwargs)
+        self.summary = []
+
     def __str__(self):
         return "{}-{}".format(self.app.id, str(self.uuid)[:7])
 
@@ -40,12 +44,12 @@ def new(self, user, whitelist):
         on behalf of a user.
         """
 
-        appSettings = AppSettings.objects.create(
+        app_settings = AppSettings.objects.create(
             owner=user, app=self.app, whitelist=whitelist)
 
-        return appSettings
+        return app_settings
 
-    def update_maintenance(self, previous_settings):
+    def _update_maintenance(self, previous_settings):
         old = getattr(previous_settings, 'maintenance', None)
         new = getattr(self, 'maintenance', None)
         # If no previous settings then assume it is the first record and default to true
@@ -59,7 +63,7 @@ def update_maintenance(self, previous_settings):
             self.app.maintenance_mode(new)
             self.summary += ["{} changed maintenance mode from {} to {}".format(self.owner, old, new)]  # noqa
 
-    def update_routable(self, previous_settings):
+    def _update_routable(self, previous_settings):
         old = getattr(previous_settings, 'routable', None)
         new = getattr(self, 'routable', None)
         # If no previous settings then assume it is the first record and default to true
@@ -73,7 +77,7 @@ def update_routable(self, previous_settings):
             self.app.routable(new)
             self.summary += ["{} changed routablity from {} to {}".format(self.owner, old, new)]
 
-    def update_whitelist(self, previous_settings):
+    def _update_whitelist(self, previous_settings):
         # If no previous settings then assume it is the first record and set as empty
         # to prevent from database constraint violation
         if not previous_settings:
@@ -94,7 +98,7 @@ def update_whitelist(self, previous_settings):
                     self.summary += ' and '
                 self.summary += "{} {}".format(self.owner, changes)
 
-    def update_autoscale(self, previous_settings):
+    def _update_autoscale(self, previous_settings):
         data = getattr(previous_settings, 'autoscale', {}).copy()
         new = getattr(self, 'autoscale', {}).copy()
         # If no previous settings then do nothing
@@ -134,7 +138,7 @@ def update_autoscale(self, previous_settings):
             if changes:
                 self.summary += ["{} {}".format(self.owner, changes)]
 
-    def update_label(self, previous_settings):
+    def _update_label(self, previous_settings):
         data = getattr(previous_settings, 'label', {}).copy()
         new = getattr(self, 'label', {}).copy()
         if not previous_settings:
@@ -168,19 +172,18 @@ def update_label(self, previous_settings):
 
     @transaction.atomic
     def save(self, *args, **kwargs):
-        self.summary = []
         previous_settings = None
         try:
             previous_settings = self.app.appsettings_set.latest()
         except AppSettings.DoesNotExist:
             pass
 
         try:
-            self.update_maintenance(previous_settings)
-            self.update_routable(previous_settings)
-            self.update_whitelist(previous_settings)
-            self.update_autoscale(previous_settings)
-            self.update_label(previous_settings)
+            self._update_maintenance(previous_settings)
+            self._update_routable(previous_settings)
+            self._update_whitelist(previous_settings)
+            self._update_autoscale(previous_settings)
+            self._update_label(previous_settings)
         except (UnprocessableEntity, NotFound):
             raise
         except Exception as e:
@@ -195,5 +198,5 @@ def save(self, *args, **kwargs):
         try:
             return super(AppSettings, self).save(**kwargs)
         finally:
-            self.app.refresh()
+            self.app.refresh_ingress_and_tls()
         self.app.log('summary of app setting changes: {}'.format(summary), logging.DEBUG)

rootfs/api/models/domain.py

@@ -30,7 +30,7 @@ def save(self, *args, **kwargs):
             # Save to DB
             return super(Domain, self).save(*args, **kwargs)
         finally:
-            self.app.refresh()
+            self.app.refresh_ingress_and_tls()
 
     @transaction.atomic
     def delete(self, *args, **kwargs):
@@ -41,7 +41,7 @@ def delete(self, *args, **kwargs):
             # Delete from DB
             return super(Domain, self).delete(*args, **kwargs)
         finally:
-            self.app.refresh()
+            self.app.refresh_ingress_and_tls()
 
     def __str__(self):
         return self.domain