update health check propagation (#903)

Signed-off-by: Phil Brookes <[email protected]>

api/v1alpha1/dnspolicy_types.go

@@ -23,7 +23,6 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/utils/ptr"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 	gatewayapiv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
@@ -280,9 +279,9 @@ func (p *DNSPolicy) WithTargetGateway(gwName string) *DNSPolicy {
 
 func (p *DNSPolicy) WithHealthCheckFor(endpoint string, port int, protocol string, failureThreshold int) *DNSPolicy {
 	return p.WithHealthCheck(dnsv1alpha1.HealthCheckSpec{
-		Endpoint:         endpoint,
+		Path:             endpoint,
 		Port:             &port,
-		Protocol:         ptr.To(dnsv1alpha1.HealthProtocol(protocol)),
+		Protocol:         dnsv1alpha1.Protocol(protocol),
 		FailureThreshold: &failureThreshold,
 	})
 }

bundle/manifests/kuadrant.io_dnspolicies.yaml

@@ -81,19 +81,38 @@ spec:
                   By default this health check will be applied to each unique DNS A Record for
                   the listeners assigned to the target gateway
                 properties:
-                  endpoint:
+                  additionalHeadersRef:
                     description: |-
-                      Endpoint is the path to append to the host to reach the expected health check.
-                      Must start with "?" or "/", contain only valid URL characters and end with alphanumeric char or "/". For example "/" or "/healthz" are common
-                    pattern: ^(?:\?|\/)[\w\-.~:\/?#\[\]@!$&'()*+,;=]+(?:[a-zA-Z0-9]|\/){1}$
-                    type: string
+                      AdditionalHeadersRef refers to a secret that contains extra headers to send in the probe request, this is primarily useful if an authentication
+                      token is required by the endpoint.
+                    properties:
+                      name:
+                        type: string
+                    required:
+                    - name
+                    type: object
+                  allowInsecureCertificate:
+                    description: |-
+                      AllowInsecureCertificate will instruct the health check probe to not fail on a self-signed or otherwise invalid SSL certificate
+                      this is primarily used in development or testing environments
+                    type: boolean
                   failureThreshold:
                     description: FailureThreshold is a limit of consecutive failures
                       that must occur for a host to be considered unhealthy
                     type: integer
                     x-kubernetes-validations:
                     - message: Failure threshold must be greater than 0
                       rule: self > 0
+                  interval:
+                    description: Interval defines how frequently this probe should
+                      execute
+                    type: string
+                  path:
+                    description: |-
+                      Path is the path to append to the host to reach the expected health check.
+                      Must start with "?" or "/", contain only valid URL characters and end with alphanumeric char or "/". For example "/" or "/healthz" are common
+                    pattern: ^(?:\?|\/)[\w\-.~:\/?#\[\]@!$&'()*+,;=]+(?:[a-zA-Z0-9]|\/){1}$
+                    type: string
                   port:
                     description: Port to connect to the host on. Must be either 80,
                       443 or 1024-49151

charts/kuadrant-operator/templates/manifests.yaml

@@ -13281,19 +13281,38 @@ spec:
                   By default this health check will be applied to each unique DNS A Record for
                   the listeners assigned to the target gateway
                 properties:
-                  endpoint:
+                  additionalHeadersRef:
                     description: |-
-                      Endpoint is the path to append to the host to reach the expected health check.
-                      Must start with "?" or "/", contain only valid URL characters and end with alphanumeric char or "/". For example "/" or "/healthz" are common
-                    pattern: ^(?:\?|\/)[\w\-.~:\/?#\[\]@!$&'()*+,;=]+(?:[a-zA-Z0-9]|\/){1}$
-                    type: string
+                      AdditionalHeadersRef refers to a secret that contains extra headers to send in the probe request, this is primarily useful if an authentication
+                      token is required by the endpoint.
+                    properties:
+                      name:
+                        type: string
+                    required:
+                    - name
+                    type: object
+                  allowInsecureCertificate:
+                    description: |-
+                      AllowInsecureCertificate will instruct the health check probe to not fail on a self-signed or otherwise invalid SSL certificate
+                      this is primarily used in development or testing environments
+                    type: boolean
                   failureThreshold:
                     description: FailureThreshold is a limit of consecutive failures
                       that must occur for a host to be considered unhealthy
                     type: integer
                     x-kubernetes-validations:
                     - message: Failure threshold must be greater than 0
                       rule: self > 0
+                  interval:
+                    description: Interval defines how frequently this probe should
+                      execute
+                    type: string
+                  path:
+                    description: |-
+                      Path is the path to append to the host to reach the expected health check.
+                      Must start with "?" or "/", contain only valid URL characters and end with alphanumeric char or "/". For example "/" or "/healthz" are common
+                    pattern: ^(?:\?|\/)[\w\-.~:\/?#\[\]@!$&'()*+,;=]+(?:[a-zA-Z0-9]|\/){1}$
+                    type: string
                   port:
                     description: Port to connect to the host on. Must be either 80,
                       443 or 1024-49151

config/crd/bases/kuadrant.io_dnspolicies.yaml

@@ -80,19 +80,38 @@ spec:
                   By default this health check will be applied to each unique DNS A Record for
                   the listeners assigned to the target gateway
                 properties:
-                  endpoint:
+                  additionalHeadersRef:
                     description: |-
-                      Endpoint is the path to append to the host to reach the expected health check.
-                      Must start with "?" or "/", contain only valid URL characters and end with alphanumeric char or "/". For example "/" or "/healthz" are common
-                    pattern: ^(?:\?|\/)[\w\-.~:\/?#\[\]@!$&'()*+,;=]+(?:[a-zA-Z0-9]|\/){1}$
-                    type: string
+                      AdditionalHeadersRef refers to a secret that contains extra headers to send in the probe request, this is primarily useful if an authentication
+                      token is required by the endpoint.
+                    properties:
+                      name:
+                        type: string
+                    required:
+                    - name
+                    type: object
+                  allowInsecureCertificate:
+                    description: |-
+                      AllowInsecureCertificate will instruct the health check probe to not fail on a self-signed or otherwise invalid SSL certificate
+                      this is primarily used in development or testing environments
+                    type: boolean
                   failureThreshold:
                     description: FailureThreshold is a limit of consecutive failures
                       that must occur for a host to be considered unhealthy
                     type: integer
                     x-kubernetes-validations:
                     - message: Failure threshold must be greater than 0
                       rule: self > 0
+                  interval:
+                    description: Interval defines how frequently this probe should
+                      execute
+                    type: string
+                  path:
+                    description: |-
+                      Path is the path to append to the host to reach the expected health check.
+                      Must start with "?" or "/", contain only valid URL characters and end with alphanumeric char or "/". For example "/" or "/healthz" are common
+                    pattern: ^(?:\?|\/)[\w\-.~:\/?#\[\]@!$&'()*+,;=]+(?:[a-zA-Z0-9]|\/){1}$
+                    type: string
                   port:
                     description: Port to connect to the host on. Must be either 80,
                       443 or 1024-49151

controllers/dnspolicy_dnsrecords.go

@@ -137,10 +137,11 @@ func (r *DNSPolicyReconciler) desiredDNSRecord(gateway *gatewayapiv1.Gateway, cl
 
 	if dnsPolicy.Spec.HealthCheck != nil {
 		healthCheckSpec = &kuadrantdnsv1alpha1.HealthCheckSpec{
-			Endpoint:         dnsPolicy.Spec.HealthCheck.Endpoint,
+			Path:             dnsPolicy.Spec.HealthCheck.Path,
 			Port:             dnsPolicy.Spec.HealthCheck.Port,
 			Protocol:         dnsPolicy.Spec.HealthCheck.Protocol,
 			FailureThreshold: dnsPolicy.Spec.HealthCheck.FailureThreshold,
+			Interval:         dnsPolicy.Spec.HealthCheck.Interval,
 		}
 	}
 	dnsRecord := &kuadrantdnsv1alpha1.DNSRecord{

doc/reference/dnspolicy.md

@@ -52,10 +52,13 @@
 |------------|----------|:------------:|----------------------------------------------------------------------------------------|
 | `name`     | String   |     Yes      | Name of the secret in the same namespace that contains the provider credentials
 |--------------------|------------|:------------:|-----------------------------------------------------------------------------------------------------------|
-| `endpoint`         | String     |     Yes      | Endpoint is the path to append to the host to reach the expected health check                             | 
-| `port`             | Number     |     Yes      | Port to connect to the host on                                                                            | 
+| `path`         | String     |     Yes      | Path is the path to append to the host to reach the expected health check. Must start with "?" or "/", contain only valid URL characters and end with alphanumeric char or "/". For example "/" or "/healthz" are common              | 
+| `port`             | Number     |     Yes      | Port to connect to the host on. Must be either 80, 443 or 1024-49151                          | 
 | `protocol`         | String     |     Yes      | Protocol to use when connecting to the host, valid values are "HTTP" or "HTTPS"                           | 
 | `failureThreshold` | Number     |     Yes      | FailureThreshold is a limit of consecutive failures that must occur for a host to be considered unhealthy | 
+| `interval`         | Duration     |     Yes      | Interval defines how frequently this probe should execute     
+| `additionalHeadersRef`         | String     |     No      | AdditionalHeadersRef refers to a secret that contains extra headers to send in the probe request, this is primarily useful if an authentication token is required by the endpoint.
+| `allowInsecureCertificate`         | Boolean     |     No      | AllowInsecureCertificate will instruct the health check probe to not fail on a self-signed or otherwise invalid SSL certificate this is primarily used in development or testing environments
 
 ## LoadBalancingSpec
 

examples/dnspolicy/dnspolicy-healthchecks.yaml

@@ -15,7 +15,7 @@ spec:
     geo: EU
     defaultGeo: true
   healthCheck:
-    endpoint: /healthz
-    port: 1111111
-    protocol: HTTP
+    path: /healthz
+    port: 443
+    protocol: HTTPS
     failureThreshold: 3

go.mod

@@ -12,7 +12,7 @@ require (
 	github.com/google/uuid v1.6.0
 	github.com/kuadrant/authorino v0.18.0
 	github.com/kuadrant/authorino-operator v0.11.1
-	github.com/kuadrant/dns-operator v0.0.0-20240926100317-2e2497411ab3
+	github.com/kuadrant/dns-operator v0.0.0-20241002074817-d0cab9eecbdb
 	github.com/kuadrant/limitador-operator v0.9.0
 	github.com/kuadrant/policy-machinery v0.2.0
 	github.com/martinlindhe/base36 v1.1.1

go.sum

@@ -260,6 +260,10 @@ github.com/kuadrant/authorino-operator v0.11.1 h1:jndTZhiHMU+2Dk0NU+KP2+MUSfvclr
 github.com/kuadrant/authorino-operator v0.11.1/go.mod h1:TeFFdX477vUTMushCojaHpvwPLga4DpErGI2oQbqFIs=
 github.com/kuadrant/dns-operator v0.0.0-20240926100317-2e2497411ab3 h1:r5Ed62AetTJhbJGEinM/G7ugdxV6Kp/kcVIpxOVxduM=
 github.com/kuadrant/dns-operator v0.0.0-20240926100317-2e2497411ab3/go.mod h1:IHAt2o/VH1c0GIZTprggUDZuxoH0I304R9DUErBNIhk=
+github.com/kuadrant/dns-operator v0.0.0-20241002074817-d0cab9eecbdb h1:8cb/OsWDOrtjyFBobTzy2NGMQdVxGl4xAaQryFQYdQQ=
+github.com/kuadrant/dns-operator v0.0.0-20241002074817-d0cab9eecbdb/go.mod h1:IHAt2o/VH1c0GIZTprggUDZuxoH0I304R9DUErBNIhk=
+github.com/kuadrant/dns-operator v0.6.0 h1:PH/cbK8Oz6EXcKO9kQH7Ovt8EskoAr70s58BHNppWpY=
+github.com/kuadrant/dns-operator v0.6.0/go.mod h1:v6I6UWXmyVx3u5fatdw3PoS5owNvxkTMUE7gTC/Tfd0=
 github.com/kuadrant/limitador-operator v0.9.0 h1:hTQ6CFPayf/sL7cIzwWjCoU8uTn6fzWdsJgKbDlnFts=
 github.com/kuadrant/limitador-operator v0.9.0/go.mod h1:DQOlg9qFOcnWPrwO529JRCMLLOEXJQxkmOes952S/Hw=
 github.com/kuadrant/policy-machinery v0.2.0 h1:6kACb+bdEwHXz2tvTs6dlLgvxFgFrowvGTZKMI9p0Qo=