Inspect loadbalancer address from Envoy ingress objects

[hligit]

Contour sets load balancer address in Ingress/HTTPProxy object's status. The load balancer address is extracted from Envoy Service object's status. This doesn't work in configuration that Envoy Service is of type ClusterIP and an Envoy Ingress object is used for inbound. This patch adds support for inspecting the Envoy Ingress object for setting load balancer address.

A new flag --load-balancer-status is introduced as suggested by @tsaarni in #5083 (comment)

Flag --load-balancer-status takes value in one of below formats:

1. hostname:fqdn1[,fqdn2]: This provides the same functionality as --ingress-status-address.
2. sevice:namespace/name: same as flags envoy-service-name and envoy-service-namespace combined.
3. ingress:namespace/name: new feature for getting address from Ingress objects.

Since the new flag covers functionality of some existing flags, if both --load-balancer-status and --ingress-status-address or envoy-service-name/namespace are specified, only value of --load-balancer-status is used and a warning message is logged.

This is based on kahirokunn's PR #5083 .

Fixes #4952

[github-actions]

Hi @hligit! Welcome to our community and thank you for opening your first Pull Request. Someone will review it soon. Thank you for committing to making Contour better. You can also join us on our mailing list and in our channel in the Kubernetes Slack Workspace

[codecov]

Codecov Report

Attention: Patch coverage is 19.87952% with 133 lines in your changes are missing coverage. Please review.

Project coverage is 78.28%. Comparing base (4aee35a) to head (9640ce1).
Report is 263 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #5987      +/-   ##
==========================================
- Coverage   78.62%   78.28%   -0.34%     
==========================================
  Files         138      138              
  Lines       19631    19809     +178     
==========================================
+ Hits        15434    15508      +74     
- Misses       3894     3998     +104     
  Partials      303      303              

Files	Coverage Δ
cmd/contour/servecontext.go	83.70% <100.00%> (+0.03%)	⬆️
internal/provisioner/model/names.go	100.00% <100.00%> (ø)
...ernal/provisioner/objects/deployment/deployment.go	89.07% <100.00%> (+0.33%)	⬆️
pkg/config/parameters.go	86.06% <ø> (ø)
internal/k8s/statusaddress.go	60.78% <0.00%> (-19.12%)	⬇️
cmd/contour/serve.go	20.98% <28.71%> (+1.63%)	⬆️

... and 11 files with indirect coverage changes

[tsaarni]

Hi @hligit, thanks for contributing, and continuing @kahirokunn's work!

I had small initial finding while doing a quick manual testing. Please check comments inline!

Since the new flag covers functionality of some existing flags, if both --load-balancer-status and --ingress-status-address or envoy-service-name/namespace are specified, only value of --load-balancer-status is used and a warning message is logged.

I think that for backwards compatibility, even in case of configuration options like these, it is "safer" to give priority for the old method and not the other way around. Often it may not make big difference, but in this case as the new option got assigned with default values, old option just stops working. It may be simplest just to swap the precedence and prioritise old options first.

[tsaarni]

If we parse the old options also into envoyLoadBalancerStatus struct, we could handle them in the same code as the new options are handled (above this block) and this code could be deleted.

[hligit]

Good idea. I've changed as suggested. Also extracted the block into its own function.

[tsaarni]

When user does not create ContourConfig CR, this will still never be empty string: It gets unconditionally set here with this value via this execution path which fills in the defaults. As result, old options never take effect, even when the new option was not explicitly set.

[hligit]

Good catch! Thanks! I have removed setting value in Defaults().
Also changed the order of flags by inspecting if ingress-status-address is empty, than the new flag and lastly the envoy-service-name and envoy-service-namespace, because they always have default values set.

Do you think this is good enough or we should check if the envoy service flags are explicitly set and should take precedence of the new flags?

[hligit]

Thanks @tsaarni for reviewing and the guidance! Sorry for my late response!

I've addressed the comments in amended commits. There is one issue regarding flag precedence in my reply of your inline comment.

[sunjayBhatia]

currently we support setting ingress status address via config flag/parameter here and it can be an IP or hostname

would be good to keep that functionality (and not just support hostnames) if we intend to deprecate the old method of configuring this

looks like that might just mean a naming change here and elsewhere since existing helpers are being used

[github-actions]

The Contour project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

• After 14d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, the PR is closed

You can:

• Ensure your PR is passing all CI checks. PRs that are fully green are more likely to be reviewed. If you are having trouble with CI checks, reach out to the #contour channel in the Kubernetes Slack workspace.
• Mark this PR as fresh by commenting or pushing a commit
• Close this PR
• Offer to help out with triage

Please send feedback to the #contour channel in the Kubernetes Slack

[kahirokunn]

keep

[github-actions]

The Contour project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

• After 14d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, the PR is closed

You can:

• Ensure your PR is passing all CI checks. PRs that are fully green are more likely to be reviewed. If you are having trouble with CI checks, reach out to the #contour channel in the Kubernetes Slack workspace.
• Mark this PR as fresh by commenting or pushing a commit
• Close this PR
• Offer to help out with triage

Please send feedback to the #contour channel in the Kubernetes Slack

[github-actions]

The Contour project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

• After 14d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, the PR is closed

You can:

• Ensure your PR is passing all CI checks. PRs that are fully green are more likely to be reviewed. If you are having trouble with CI checks, reach out to the #contour channel in the Kubernetes Slack workspace.
• Mark this PR as fresh by commenting or pushing a commit
• Close this PR
• Offer to help out with triage

Please send feedback to the #contour channel in the Kubernetes Slack

[kahirokunn]

keep

[github-actions]

The Contour project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

• After 14d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, the PR is closed

You can:

• Ensure your PR is passing all CI checks. PRs that are fully green are more likely to be reviewed. If you are having trouble with CI checks, reach out to the #contour channel in the Kubernetes Slack workspace.
• Mark this PR as fresh by commenting or pushing a commit
• Close this PR
• Offer to help out with triage

Please send feedback to the #contour channel in the Kubernetes Slack

[kahirokunn]

keep

[github-actions]

The Contour project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

• After 14d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, the PR is closed

You can:

• Ensure your PR is passing all CI checks. PRs that are fully green are more likely to be reviewed. If you are having trouble with CI checks, reach out to the #contour channel in the Kubernetes Slack workspace.
• Mark this PR as fresh by commenting or pushing a commit
• Close this PR
• Offer to help out with triage

Please send feedback to the #contour channel in the Kubernetes Slack

[github-actions]

The Contour project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

• After 14d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, the PR is closed

You can:

• Ensure your PR is passing all CI checks. PRs that are fully green are more likely to be reviewed. If you are having trouble with CI checks, reach out to the #contour channel in the Kubernetes Slack workspace.
• Mark this PR as fresh by commenting or pushing a commit
• Close this PR
• Offer to help out with triage

Please send feedback to the #contour channel in the Kubernetes Slack

[kahirokunn]

keep

[github-actions]

The Contour project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

• After 14d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, the PR is closed

You can:

• Ensure your PR is passing all CI checks. PRs that are fully green are more likely to be reviewed. If you are having trouble with CI checks, reach out to the #contour channel in the Kubernetes Slack workspace.
• Mark this PR as fresh by commenting or pushing a commit
• Close this PR
• Offer to help out with triage

Please send feedback to the #contour channel in the Kubernetes Slack