projects / osm / devops.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fix bug 1547: Add ingress.class annotation to OSM charms
[osm/devops.git] / installers / charm / ng-ui / src / charm.py
1 #!/usr/bin/env python3
2 # Copyright 2021 Canonical Ltd.
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License"); you may
5 # not use this file except in compliance with the License. You may obtain
6 # a copy of the License at
7 #
8 # http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13 # License for the specific language governing permissions and limitations
14 # under the License.
15 #
16 # For those usages not covered by the Apache License, Version 2.0 please
17 # contact: legal@canonical.com
18 #
19 # To get in touch with the maintainers, please contact:
20 # osm-charmers@lists.launchpad.net
21 ##
22
23 # pylint: disable=E0213
24
25
26 from ipaddress import ip_network
27 import logging
28 from pathlib import Path
29 from string import Template
30 from typing import NoReturn, Optional
31 from urllib.parse import urlparse
32
33 from ops.main import main
34 from opslib.osm.charm import CharmedOsmBase, RelationsMissing
35 from opslib.osm.interfaces.http import HttpClient
36 from opslib.osm.pod import (
37 ContainerV3Builder,
38 FilesV3Builder,
39 IngressResourceV3Builder,
40 PodSpecV3Builder,
41 )
42 from opslib.osm.validator import ModelValidator, validator
43
44
45 logger = logging.getLogger(__name__)
46
47
48 class ConfigModel(ModelValidator):
49 port: int
50 server_name: str
51 max_file_size: int
52 site_url: Optional[str]
53 cluster_issuer: Optional[str]
54 ingress_whitelist_source_range: Optional[str]
55 tls_secret_name: Optional[str]
56
57 @validator("port")
58 def validate_port(cls, v):
59 if v <= 0:
60 raise ValueError("value must be greater than 0")
61 return v
62
63 @validator("max_file_size")
64 def validate_max_file_size(cls, v):
65 if v < 0:
66 raise ValueError("value must be equal or greater than 0")
67 return v
68
69 @validator("site_url")
70 def validate_site_url(cls, v):
71 if v:
72 parsed = urlparse(v)
73 if not parsed.scheme.startswith("http"):
74 raise ValueError("value must start with http")
75 return v
76
77 @validator("ingress_whitelist_source_range")
78 def validate_ingress_whitelist_source_range(cls, v):
79 if v:
80 ip_network(v)
81 return v
82
83
84 class NgUiCharm(CharmedOsmBase):
85 def __init__(self, *args) -> NoReturn:
86 super().__init__(*args, oci_image="image")
87
88 self.nbi_client = HttpClient(self, "nbi")
89 self.framework.observe(self.on["nbi"].relation_changed, self.configure_pod)
90 self.framework.observe(self.on["nbi"].relation_broken, self.configure_pod)
91
92 def _check_missing_dependencies(self, config: ConfigModel):
93 missing_relations = []
94
95 if self.nbi_client.is_missing_data_in_app():
96 missing_relations.append("nbi")
97
98 if missing_relations:
99 raise RelationsMissing(missing_relations)
100
101 def _build_files(self, config: ConfigModel):
102 files_builder = FilesV3Builder()
103 files_builder.add_file(
104 "default",
105 Template(Path("files/default").read_text()).substitute(
106 port=config.port,
107 server_name=config.server_name,
108 max_file_size=config.max_file_size,
109 nbi_host=self.nbi_client.host,
110 nbi_port=self.nbi_client.port,
111 ),
112 )
113 return files_builder.build()
114
115 def build_pod_spec(self, image_info):
116 # Validate config
117 config = ConfigModel(**dict(self.config))
118 # Check relations
119 self._check_missing_dependencies(config)
120 # Create Builder for the PodSpec
121 pod_spec_builder = PodSpecV3Builder()
122 # Build Container
123 container_builder = ContainerV3Builder(self.app.name, image_info)
124 container_builder.add_port(name=self.app.name, port=config.port)
125 container = container_builder.build()
126 container_builder.add_tcpsocket_readiness_probe(
127 config.port,
128 initial_delay_seconds=45,
129 timeout_seconds=5,
130 )
131 container_builder.add_tcpsocket_liveness_probe(
132 config.port,
133 initial_delay_seconds=45,
134 timeout_seconds=15,
135 )
136 container_builder.add_volume_config(
137 "configuration",
138 "/etc/nginx/sites-available/",
139 self._build_files(config),
140 )
141 # Add container to pod spec
142 pod_spec_builder.add_container(container)
143 # Add ingress resources to pod spec if site url exists
144 if config.site_url:
145 parsed = urlparse(config.site_url)
146 annotations = {
147 "nginx.ingress.kubernetes.io/proxy-body-size": "{}".format(
148 str(config.max_file_size) + "m"
149 if config.max_file_size > 0
150 else config.max_file_size
151 ),
152 "kubernetes.io/ingress.class": "public",
153 }
154 ingress_resource_builder = IngressResourceV3Builder(
155 f"{self.app.name}-ingress", annotations
156 )
157
158 if config.ingress_whitelist_source_range:
159 annotations[
160 "nginx.ingress.kubernetes.io/whitelist-source-range"
161 ] = config.ingress_whitelist_source_range
162
163 if config.cluster_issuer:
164 annotations["cert-manager.io/cluster-issuer"] = config.cluster_issuer
165
166 if parsed.scheme == "https":
167 ingress_resource_builder.add_tls(
168 [parsed.hostname], config.tls_secret_name
169 )
170 else:
171 annotations["nginx.ingress.kubernetes.io/ssl-redirect"] = "false"
172
173 ingress_resource_builder.add_rule(
174 parsed.hostname, self.app.name, config.port
175 )
176 ingress_resource = ingress_resource_builder.build()
177 pod_spec_builder.add_ingress_resource(ingress_resource)
178 return pod_spec_builder.build()
179
180
181 if __name__ == "__main__":
182 main(NgUiCharm)