feat(parser) add flag to log diff on failure

cli/ingress-controller/flag_test.go

@@ -22,6 +22,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/kong/kubernetes-ingress-controller/pkg/util"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -440,3 +441,28 @@ func TestEnvironmentCertificates(t *testing.T) {
 	assert.Equal(expected.AdmissionWebhookKey, conf.AdmissionWebhookKey)
 	assert.Equal(expected.KongAdminCACert, conf.KongAdminCACert)
 }
+
+func TestDumpConfig(t *testing.T) {
+	oldArgs := os.Args
+	defer func() { os.Args = oldArgs }()
+
+	tests := []struct {
+		value        string
+		expectedMode util.ConfigDumpMode
+	}{
+		{"", util.ConfigDumpModeOff},
+		{"enabled", util.ConfigDumpModeEnabled},
+		{"sensitive", util.ConfigDumpModeSensitive},
+		{"garbagedjgnkdgd", util.ConfigDumpModeOff},
+	}
+
+	for _, test := range tests {
+		resetForTesting(func() { t.Fatal("bad parse") })
+		assert := assert.New(t)
+		os.Setenv("CONTROLLER_DUMP_CONFIG", test.value)
+		conf, err := parseFlags()
+		assert.Nil(err, "unexpected error parsing dump config")
+		assert.Equal(test.expectedMode, conf.DumpConfig)
+		os.Unsetenv("CONTROLLER_DUMP_CONFIG")
+	}
+}

cli/ingress-controller/flags.go

@@ -28,6 +28,7 @@ import (
 	apiv1 "k8s.io/api/core/v1"
 
 	"github.com/kong/kubernetes-ingress-controller/pkg/annotations"
+	"github.com/kong/kubernetes-ingress-controller/pkg/util"
 )
 
 const (
@@ -80,6 +81,9 @@ type cliConfig struct {
 	LogLevel  string
 	LogFormat string
 
+	// Diagnostics
+	DumpConfig util.ConfigDumpMode
+
 	// k8s connection details
 	APIServerHost      string
 	KubeConfigFilePath string
@@ -199,6 +203,11 @@ trace, debug, info, warn, error, fatal and panic.`)
 		`Format of logs of the controller. Allowed values are 
 text and json.`)
 
+	// Diagnostics
+	flags.String("dump-config", "",
+		`Dump generated configuration to a temporary directory when set to "enabled".
+When set to "sensitive", dumps will include certificate+key pairs and credentials.`)
+
 	// k8s connection details
 	flags.String("apiserver-host", "",
 		`The address of the Kubernetes Apiserver to connect to in the format of 
@@ -311,6 +320,9 @@ func parseFlags() (cliConfig, error) {
 	config.LogLevel = viper.GetString("log-level")
 	config.LogFormat = viper.GetString("log-format")
 
+	// Diagnostics
+	config.DumpConfig = util.ParseConfigDumpMode(viper.GetString("dump-config"))
+
 	// k8s connection details
 	config.APIServerHost = viper.GetString("apiserver-host")
 	config.KubeConfigFilePath = viper.GetString("kubeconfig")

cli/ingress-controller/main.go

@@ -103,6 +103,8 @@ func controllerConfigFromCLIConfig(cliConfig cliConfig) controller.Configuration
 		UpdateStatus:           cliConfig.UpdateStatus,
 		UpdateStatusOnShutdown: cliConfig.UpdateStatusOnShutdown,
 		ElectionID:             cliConfig.ElectionID,
+
+		DumpConfig: cliConfig.DumpConfig,
 	}
 }
 
@@ -339,6 +341,13 @@ func main() {
 		)
 	}
 
+	if cliConfig.DumpConfig != util.ConfigDumpModeOff {
+		controllerConfig.DumpDir, err = ioutil.TempDir("", "controller")
+		if err != nil {
+			log.Fatalf("failed to create a dump directory: %v", err)
+		}
+	}
+
 	var synced []cache.InformerSynced
 	updateChannel := channels.NewRingChannel(1024)
 	reh := controller.ResourceEventHandler{
@@ -453,6 +462,7 @@ func main() {
 
 	store := store.New(cacheStores, cliConfig.IngressClass, cliConfig.ProcessClasslessIngressV1Beta1,
 		cliConfig.ProcessClasslessIngressV1, cliConfig.ProcessClasslessKongConsumer, log.WithField("component", "store"))
+
 	kong, err := controller.NewKongController(ctx, &controllerConfig, updateChannel,
 		store)
 	if err != nil {

internal/ingress/controller/controller.go

@@ -91,6 +91,9 @@ type Configuration struct {
 	EnableKnativeIngressSupport bool
 
 	Logger logrus.FieldLogger
+
+	DumpConfig util.ConfigDumpMode
+	DumpDir    string
 }
 
 // sync collects all the pieces required to assemble the configuration file and
@@ -152,6 +155,8 @@ func NewKongController(ctx context.Context,
 	n.syncQueue = task.NewTaskQueue(n.syncIngress,
 		config.Logger.WithField("component", "sync-queue"))
 
+	n.dumpDir = config.DumpDir
+
 	electionID := config.ElectionID + "-" + config.IngressClass
 
 	electionConfig := election.Config{
@@ -231,6 +236,8 @@ type KongController struct {
 	PluginSchemaStore PluginSchemaStore
 
 	Logger logrus.FieldLogger
+
+	dumpDir string
 }
 
 // Start starts a new master process running in foreground, blocking until the next call to

internal/ingress/controller/kong.go

@@ -22,7 +22,9 @@ import (
 	"crypto/sha256"
 	"encoding/json"
 	"fmt"
+	"io/ioutil"
 	"net/http"
+	"path/filepath"
 	"reflect"
 	"sort"
 	"strings"
@@ -72,6 +74,15 @@ func (n *KongController) OnUpdate(ctx context.Context, state *kongstate.KongStat
 	} else {
 		err = n.onUpdateDBMode(targetContent)
 	}
+	if n.cfg.DumpConfig != util.ConfigDumpModeOff {
+		if n.cfg.DumpConfig == util.ConfigDumpModeEnabled {
+			targetContent = n.toDeckContent(ctx, state.SanitizedCopy())
+		}
+		dumpErr := dumpConfig(err != nil, n.dumpDir, targetContent)
+		if dumpErr != nil {
+			n.Logger.Warnf("failed to dump configuration: %s", dumpErr)
+		}
+	}
 	if err != nil {
 		return err
 	}
@@ -80,6 +91,19 @@ func (n *KongController) OnUpdate(ctx context.Context, state *kongstate.KongStat
 	return nil
 }
 
+func dumpConfig(failed bool, dumpDir string, targetContent *file.Content) error {
+	target, err := json.Marshal(targetContent)
+	if err != nil {
+		return err
+	}
+	filename := "last_good.json"
+	if failed {
+		filename = "last_bad.json"
+	}
+	err = ioutil.WriteFile(filepath.Join(dumpDir, filename), target, 0600)
+	return err
+}
+
 func generateSHA(targetContent *file.Content,
 	customEntities []byte) ([]byte, error) {
 

pkg/util/types.go

@@ -29,3 +29,22 @@ type RawSSLCert struct {
 	Cert []byte
 	Key  []byte
 }
+
+type ConfigDumpMode int
+
+const (
+	ConfigDumpModeOff       ConfigDumpMode = iota
+	ConfigDumpModeEnabled   ConfigDumpMode = iota
+	ConfigDumpModeSensitive ConfigDumpMode = iota
+)
+
+func ParseConfigDumpMode(in string) ConfigDumpMode {
+	switch in {
+	case "enabled":
+		return ConfigDumpModeEnabled
+	case "sensitive":
+		return ConfigDumpModeSensitive
+	default:
+		return ConfigDumpModeOff
+	}
+}