Skip to content

Commit

Permalink
fix: use internal ingress if set, otherwise stick with k8s networking
Browse files Browse the repository at this point in the history
  • Loading branch information
shipperizer committed Jul 4, 2024
1 parent 8fec05f commit e44716a
Show file tree
Hide file tree
Showing 4 changed files with 33 additions and 24 deletions.
27 changes: 12 additions & 15 deletions src/charm.py
Original file line number Diff line number Diff line change
Expand Up @@ -264,10 +264,12 @@ def __init__(self, *args: Any) -> None:
self.framework.observe(self.tracing.on.endpoint_removed, self._on_config_changed)

self.framework.observe(
self.on[INTERNAL_INGRESS_RELATION_NAME].relation_joined, self._configure_ingress
self.on[INTERNAL_INGRESS_RELATION_NAME].relation_joined,
self._configure_internal_ingress,
)
self.framework.observe(
self.on[INTERNAL_INGRESS_RELATION_NAME].relation_changed, self._configure_ingress
self.on[INTERNAL_INGRESS_RELATION_NAME].relation_changed,
self._configure_internal_ingress,
)
self.framework.observe(
self.on[INTERNAL_INGRESS_RELATION_NAME].relation_broken,
Expand Down Expand Up @@ -363,11 +365,6 @@ def _public_url(self) -> Optional[str]:
url = self.public_ingress.url
return normalise_url(url) if url else None

@property
def _admin_url(self) -> Optional[str]:
url = self.admin_ingress.url
return normalise_url(url) if url else None

@property
def _internal_url(self) -> Optional[str]:
host = self.internal_ingress.external_host
Expand Down Expand Up @@ -458,18 +455,14 @@ def _internal_ingress_config(self) -> dict:
@property
def _kratos_endpoints(self) -> Tuple[str, str]:
admin_endpoint = (
self._admin_url
self._internal_url
or f"http://{self.app.name}.{self.model.name}.svc.cluster.local:{KRATOS_ADMIN_PORT}"
)
public_endpoint = (
self._public_url
self._internal_url
or f"http://{self.app.name}.{self.model.name}.svc.cluster.local:{KRATOS_PUBLIC_PORT}"
)

admin_endpoint, public_endpoint = (
admin_endpoint.replace("https", "http"),
public_endpoint.replace("https", "http"),
)
return admin_endpoint, public_endpoint

@property
Expand Down Expand Up @@ -1197,8 +1190,10 @@ def _on_run_migration_action(self, event: ActionEvent) -> None:
def _promtail_error(self, event: PromtailDigestError) -> None:
logger.error(event.message)

def _configure_ingress(self, event: HookEvent) -> None:
"""Since :class:`TraefikRouteRequirer` may not have been constructed with an existing
def _configure_internal_ingress(self, event: HookEvent) -> None:
"""Method setting up the internal networking.
Since :class:`TraefikRouteRequirer` may not have been constructed with an existing
relation if a :class:`RelationJoinedEvent` comes through during the charm lifecycle, if we
get one here, we should recreate it, but OF will give us grief about "two objects claiming
to be ...", so manipulate its private `_relation` variable instead.
Expand All @@ -1218,6 +1213,8 @@ def _configure_ingress(self, event: HookEvent) -> None:
# and config-change
if self.internal_ingress.is_ready():
self.internal_ingress.submit_to_traefik(self._internal_ingress_config)
self._update_kratos_endpoints_relation_data(event)
self._update_kratos_info_relation_data(event)


if __name__ == "__main__":
Expand Down
2 changes: 1 addition & 1 deletion src/constants.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Copyright 2023 Canonical Ltd.
# See LICENSE file for licensing details.

"""File contianing all constants"""
"""File containing all constants."""

INTERNAL_INGRESS_RELATION_NAME = "internal-ingress"
3 changes: 3 additions & 0 deletions src/utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,9 @@ def normalise_url(url: str) -> str:
"""
parsed_url = urlparse(url)

# latest versions of traefik automatically redirect to https if ceritficate relation is
# set, this would void the changes below as even a request to the http url would be redirected
# make sure to disable the certificate relation for the internal ingress or trust that certificate
parsed_url = parsed_url._replace(scheme="https")
parsed_url = parsed_url._replace(netloc=parsed_url.netloc.rsplit(":", 1)[0])

Expand Down
25 changes: 17 additions & 8 deletions tests/integration/test_charm.py
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ async def test_ingress_relation(ops_test: OpsTest) -> None:
channel="latest/edge",
config={"external_hostname": "some_hostname"},
)
await ops_test.model.integrate(f"{KRATOS_APP}:admin-ingress", TRAEFIK_ADMIN_APP)
await ops_test.model.integrate(f"{KRATOS_APP}:internal-ingress", TRAEFIK_ADMIN_APP)
await ops_test.model.integrate(f"{KRATOS_APP}:public-ingress", TRAEFIK_PUBLIC_APP)

await ops_test.model.wait_for_idle(
Expand All @@ -118,15 +118,24 @@ async def test_has_public_ingress(ops_test: OpsTest) -> None:
assert resp.status_code == 200


async def test_has_admin_ingress(ops_test: OpsTest) -> None:
async def test_has_internal_ingress(ops_test: OpsTest) -> None:
# Get the traefik address and try to reach kratos
admin_address = await get_unit_address(ops_test, TRAEFIK_ADMIN_APP, 0)

resp = requests.get(
f"http://{admin_address}/{ops_test.model.name}-{KRATOS_APP}/admin/identities"
internal_address = await get_unit_address(ops_test, TRAEFIK_ADMIN_APP, 0)

# test admin endpoint
assert (
requests.get(
f"http://{internal_address}/{ops_test.model.name}-{KRATOS_APP}/admin/identities"
).status_code
== 200
)
# test public endpoint
assert (
requests.get(
f"http://{internal_address}/{ops_test.model.name}-{KRATOS_APP}/sessions/whoami"
).status_code
== 401
)

assert resp.status_code == 200


@pytest.mark.abort_on_fail
Expand Down

0 comments on commit e44716a

Please sign in to comment.