Kubernetes: Support Discovery Only for this Node (#70)

* Support limiting K8s disco to this node
* Augment README

Author: relistan

README.md

@@ -232,6 +232,9 @@ Defaults are in bold at the end of the line:
  * `KUBE_TIMEOUT`: How long until we time out calling the Kube API? **`3s`**
  * `CREDS_PATH`: Where do we find the token file containing API auth credentials?
    **`/var/run/secrets/kubernetes.io/serviceaccount`**
+ * `ANNOUNCE_ALL_NODES`: Should we query the API and announce every node is running
+   the service? This is useful to represent the K8s cluster with a single Sidecar.
+   **`false`**
 
 ### Ports
 

config/config.go

@@ -66,11 +66,12 @@ type StaticConfig struct {
 }
 
 type K8sAPIConfig struct {
-	KubeAPIIP   string        `envconfig:"KUBE_API_IP" default:"127.0.0.1"`
-	KubeAPIPort int           `envconfig:"KUBE_API_PORT" default:"8080"`
-	Namespace   string        `envconfig:"NAMESPACE" default:"default"`
-	KubeTimeout time.Duration `envconfig:"KUBE_TIMEOUT" default:"3s"`
-	CredsPath   string        `envconfig:"CREDS_PATH" default:"/var/run/secrets/kubernetes.io/serviceaccount"`
+	KubeAPIIP        string        `envconfig:"KUBE_API_IP" default:"127.0.0.1"`
+	KubeAPIPort      int           `envconfig:"KUBE_API_PORT" default:"8080"`
+	Namespace        string        `envconfig:"NAMESPACE" default:"default"`
+	KubeTimeout      time.Duration `envconfig:"KUBE_TIMEOUT" default:"3s"`
+	CredsPath        string        `envconfig:"CREDS_PATH" default:"/var/run/secrets/kubernetes.io/serviceaccount"`
+	AnnounceAllNodes bool          `envconfig:"ANNOUNCE_ALL_NODES" default:"false"`
 }
 
 type Config struct {

discovery/kubernetes_api_discovery.go

@@ -19,69 +19,94 @@ type K8sAPIDiscoverer struct {
 
 	Command K8sDiscoveryAdapter
 
-	discoveredSvcs  *K8sServices
-	discoveredNodes *K8sNodes
-	lock            sync.RWMutex
+	discoveredSvcs   *K8sServices
+	discoveredNodes  *K8sNodes
+	lock             sync.RWMutex
+	announceAllNodes bool
+	hostname         string
 }
 
 // NewK8sAPIDiscoverer returns a properly configured K8sAPIDiscoverer
-func NewK8sAPIDiscoverer(kubeHost string, kubePort int, namespace string, timeout time.Duration, credsPath string) *K8sAPIDiscoverer {
+func NewK8sAPIDiscoverer(kubeHost string, kubePort int, namespace string, timeout time.Duration,
+	credsPath string, announceAllNodes bool, hostname string) *K8sAPIDiscoverer {
 
 	cmd := NewKubeAPIDiscoveryCommand(kubeHost, kubePort, namespace, timeout, credsPath)
 
 	return &K8sAPIDiscoverer{
-		discoveredSvcs:  &K8sServices{},
-		discoveredNodes: &K8sNodes{},
-		Namespace:       namespace,
-		Command:         cmd,
+		discoveredSvcs:   &K8sServices{},
+		discoveredNodes:  &K8sNodes{},
+		Namespace:        namespace,
+		Command:          cmd,
+		announceAllNodes: announceAllNodes,
+		hostname:         hostname,
 	}
 }
 
+// servicesForNode will emit all the services that we previously discovered.
+// This means we will attempt to hit the NodePort for each of the nodes when
+// looking for this service over HTTP/TCP.
+func (k *K8sAPIDiscoverer) servicesForNode(hostname, ip string) []service.Service {
+	var services []service.Service
+
+	for _, item := range k.discoveredSvcs.Items {
+		// We require an annotation called 'ServiceName' to make sure this is
+		// a service we want to announce.
+		if item.Metadata.Labels.ServiceName == "" {
+			continue
+		}
+
+		svc := service.Service{
+			ID:        item.Metadata.UID,
+			Name:      item.Metadata.Labels.ServiceName,
+			Image:     item.Metadata.Labels.ServiceName + ":kubernetes-hosted",
+			Created:   item.Metadata.CreationTimestamp,
+			Hostname:  hostname,
+			ProxyMode: "http",
+			Status:    service.ALIVE,
+			Updated:   time.Now().UTC(),
+		}
+
+		for _, port := range item.Spec.Ports {
+			// We only support entries with NodePort defined
+			if port.NodePort < 1 {
+				continue
+			}
+			svc.Ports = append(svc.Ports, service.Port{
+				Type:        "tcp",
+				Port:        int64(port.NodePort),
+				ServicePort: int64(port.Port),
+				IP:          ip,
+			})
+		}
+		services = append(services, svc)
+	}
+
+	return services
+}
+
 // Services implements part of the Discoverer interface and looks at the last
 // cached data from the Command (`kubectl`) and returns services in a format
 // that Sidecar can manage.
 func (k *K8sAPIDiscoverer) Services() []service.Service {
 	k.lock.RLock()
 	defer k.lock.RUnlock()
 
-	// Enumerate all the K8s nodes we discovered, and for each one, emit all the
-	// services that we separately discovered. This means we will attempt to hit
-	// the NodePort for each of the nodes when looking for this service.
+	// Enumerate all the K8s nodes we discovered, and for each one, enumerate
+	// all the services.
 	var services []service.Service
 	for _, node := range k.discoveredNodes.Items {
 		hostname, ip := getIPHostForNode(&node)
+		if k.announceAllNodes {
+			nodeServices := k.servicesForNode(hostname, ip)
+			services = append(services, nodeServices...)
+			continue
+		}
 
-		for _, item := range k.discoveredSvcs.Items {
-			// We require an annotation called 'ServiceName' to make sure this is
-			// a service we want to announce.
-			if item.Metadata.Labels.ServiceName == "" {
-				continue
-			}
-
-			svc := service.Service{
-				ID:        item.Metadata.UID,
-				Name:      item.Metadata.Labels.ServiceName,
-				Image:     item.Metadata.Labels.ServiceName + ":kubernetes-hosted",
-				Created:   item.Metadata.CreationTimestamp,
-				Hostname:  hostname,
-				ProxyMode: "http",
-				Status:    service.ALIVE,
-				Updated:   time.Now().UTC(),
-			}
-
-			for _, port := range item.Spec.Ports {
-				// We only support entries with NodePort defined
-				if port.NodePort < 1 {
-					continue
-				}
-				svc.Ports = append(svc.Ports, service.Port{
-					Type:        "tcp",
-					Port:        int64(port.NodePort),
-					ServicePort: int64(port.Port),
-					IP:          ip,
-				})
-			}
-			services = append(services, svc)
+		// Don't discover all nodes, only this one. Short circuit if we found it
+		// since we'll only be in the list once.
+		if hostname == k.hostname {
+			services = k.servicesForNode(hostname, ip)
+			break
 		}
 	}
 

discovery/kubernetes_api_discovery_test.go

@@ -103,6 +103,24 @@ func (m *mockK8sDiscoveryCommand) GetNodes() ([]byte, error) {
 		               }
 		            ]
 		         }
+		      },
+		      {
+		         "status" : {
+		            "addresses" : [
+		               {
+		                  "address" : "10.100.69.147",
+		                  "type" : "InternalIP"
+		               },
+		               {
+		                  "address" : "heorot.example.com",
+		                  "type" : "Hostname"
+		               },
+		               {
+		                  "address" : "heorot.example.com",
+		                  "type" : "InternalDNS"
+		               }
+		            ]
+		         }
 		      }
 		   ]
 		}
@@ -113,22 +131,25 @@ func (m *mockK8sDiscoveryCommand) GetNodes() ([]byte, error) {
 func Test_NewK8sAPIDiscoverer(t *testing.T) {
 	Convey("NewK8sAPIDiscoverer()", t, func() {
 		Convey("returns a properly configured K8sAPIDiscoverer", func() {
-			disco := NewK8sAPIDiscoverer("127.0.0.1", 443, "heorot", 3*time.Second, credsPath)
+			disco := NewK8sAPIDiscoverer("127.0.0.1", 443, "heorot", 3*time.Second, credsPath, true, "hrothgar")
 
 			So(disco.discoveredSvcs, ShouldNotBeNil)
 			So(disco.Namespace, ShouldEqual, "heorot")
+			So(disco.announceAllNodes, ShouldBeTrue)
+			So(disco.hostname, ShouldEqual, "hrothgar")
 			So(disco.Command, ShouldNotBeNil)
 
 			command := disco.Command.(*KubeAPIDiscoveryCommand)
 			So(command.KubeHost, ShouldEqual, "127.0.0.1")
 			So(command.KubePort, ShouldEqual, 443)
+
 		})
 	})
 }
 
 func Test_K8sHealthCheck(t *testing.T) {
 	Convey("HealthCheck() always returns 'AlwaysSuccessful'", t, func() {
-		disco := NewK8sAPIDiscoverer("127.0.0.1", 443, "heorot", 3*time.Second, credsPath)
+		disco := NewK8sAPIDiscoverer("127.0.0.1", 443, "heorot", 3*time.Second, credsPath, true, "hrothgar")
 		check, args := disco.HealthCheck(nil)
 		So(check, ShouldEqual, "AlwaysSuccessful")
 		So(args, ShouldBeEmpty)
@@ -137,15 +158,15 @@ func Test_K8sHealthCheck(t *testing.T) {
 
 func Test_K8sListeners(t *testing.T) {
 	Convey("Listeners() always returns and empty slice", t, func() {
-		disco := NewK8sAPIDiscoverer("127.0.0.1", 443, "heorot", 3*time.Second, credsPath)
+		disco := NewK8sAPIDiscoverer("127.0.0.1", 443, "heorot", 3*time.Second, credsPath, true, "hrothgar")
 		listeners := disco.Listeners()
 		So(listeners, ShouldBeEmpty)
 	})
 }
 
 func Test_K8sGetServices(t *testing.T) {
 	Convey("GetServices()", t, func() {
-		disco := NewK8sAPIDiscoverer("127.0.0.1", 443, "heorot", 3*time.Second, credsPath)
+		disco := NewK8sAPIDiscoverer("127.0.0.1", 443, "heorot", 3*time.Second, credsPath, true, "hrothgar")
 		mock := &mockK8sDiscoveryCommand{}
 		disco.Command = mock
 
@@ -188,7 +209,7 @@ func Test_K8sGetServices(t *testing.T) {
 
 func Test_K8sGetNodes(t *testing.T) {
 	Convey("GetNodes()", t, func() {
-		disco := NewK8sAPIDiscoverer("127.0.0.1", 443, "heorot", 3*time.Second, credsPath)
+		disco := NewK8sAPIDiscoverer("127.0.0.1", 443, "heorot", 3*time.Second, credsPath, true, "hrothgar")
 		mock := &mockK8sDiscoveryCommand{}
 		disco.Command = mock
 
@@ -203,7 +224,7 @@ func Test_K8sGetNodes(t *testing.T) {
 			So(capture.String(), ShouldNotContainSubstring, "error")
 			So(disco.discoveredNodes, ShouldNotBeNil)
 			So(disco.discoveredNodes, ShouldNotEqual, &K8sNodes{})
-			So(len(disco.discoveredNodes.Items), ShouldEqual, 1)
+			So(len(disco.discoveredNodes.Items), ShouldEqual, 2)
 			So(len(disco.discoveredNodes.Items[0].Status.Addresses), ShouldEqual, 3)
 		})
 
@@ -231,16 +252,43 @@ func Test_K8sGetNodes(t *testing.T) {
 
 func Test_K8sServices(t *testing.T) {
 	Convey("Services()", t, func() {
-		disco := NewK8sAPIDiscoverer("127.0.0.1", 443, "heorot", 3*time.Second, credsPath)
 		mock := &mockK8sDiscoveryCommand{}
-		disco.Command = mock
 
 		Convey("works on a newly-created Discoverer", func() {
+			disco := NewK8sAPIDiscoverer("127.0.0.1", 443, "heorot", 3*time.Second, credsPath, true, "hrothgar")
+			disco.Command = mock
+
 			services := disco.Services()
 			So(len(services), ShouldEqual, 0)
 		})
 
-		Convey("returns the list of cached services", func() {
+		Convey("when discovering for all nodes", func() {
+			disco := NewK8sAPIDiscoverer("127.0.0.1", 443, "heorot", 3*time.Second, credsPath, true, "hrothgar")
+			disco.Command = mock
+
+			Convey("returns the list of cached services", func() {
+				disco.Run(director.NewFreeLooper(director.ONCE, nil))
+				services := disco.Services()
+
+				So(len(services), ShouldEqual, 2)
+				svc := services[0]
+				So(svc.ID, ShouldEqual, "107b5bbf-9640-4fd0-b5de-1e898e8ae9f7")
+				So(svc.Name, ShouldEqual, "chopper")
+				So(svc.Image, ShouldEqual, "chopper:kubernetes-hosted")
+				So(svc.Created.String(), ShouldEqual, "2022-11-07 13:18:03 +0000 UTC")
+				So(svc.Hostname, ShouldEqual, "beowulf.example.com")
+				So(svc.ProxyMode, ShouldEqual, "http")
+				So(svc.Status, ShouldEqual, service.ALIVE)
+				So(svc.Updated.Unix(), ShouldBeGreaterThan, time.Now().UTC().Add(-2*time.Second).Unix())
+				So(len(svc.Ports), ShouldEqual, 1)
+				So(svc.Ports[0].IP, ShouldEqual, "10.100.69.136")
+			})
+		})
+
+		Convey("when discovering for only this node", func() {
+			disco := NewK8sAPIDiscoverer("127.0.0.1", 443, "heorot", 3*time.Second, credsPath, false, "heorot.example.com")
+			disco.Command = mock
+
 			disco.Run(director.NewFreeLooper(director.ONCE, nil))
 			services := disco.Services()
 
@@ -250,12 +298,12 @@ func Test_K8sServices(t *testing.T) {
 			So(svc.Name, ShouldEqual, "chopper")
 			So(svc.Image, ShouldEqual, "chopper:kubernetes-hosted")
 			So(svc.Created.String(), ShouldEqual, "2022-11-07 13:18:03 +0000 UTC")
-			So(svc.Hostname, ShouldEqual, "beowulf.example.com")
+			So(svc.Hostname, ShouldEqual, "heorot.example.com")
 			So(svc.ProxyMode, ShouldEqual, "http")
 			So(svc.Status, ShouldEqual, service.ALIVE)
 			So(svc.Updated.Unix(), ShouldBeGreaterThan, time.Now().UTC().Add(-2*time.Second).Unix())
 			So(len(svc.Ports), ShouldEqual, 1)
-			So(svc.Ports[0].IP, ShouldEqual, "10.100.69.136")
+			So(svc.Ports[0].IP, ShouldEqual, "10.100.69.147")
 		})
 	})
 }

main.go

@@ -91,7 +91,7 @@ func configureHAproxy(config *config.Config) *haproxy.HAproxy {
 	return proxy
 }
 
-func configureDiscovery(config *config.Config, publishedIP string) discovery.Discoverer {
+func configureDiscovery(config *config.Config, publishedIP string, localNode *memberlist.Node) discovery.Discoverer {
 	disco := new(discovery.MultiDiscovery)
 
 	var svcNamer discovery.ServiceNamer
@@ -142,7 +142,8 @@ func configureDiscovery(config *config.Config, publishedIP string) discovery.Dis
 				discovery.NewK8sAPIDiscoverer(
 					config.K8sAPIDiscovery.KubeAPIIP, config.K8sAPIDiscovery.KubeAPIPort,
 					config.K8sAPIDiscovery.Namespace, config.K8sAPIDiscovery.KubeTimeout,
-					config.K8sAPIDiscovery.CredsPath,
+					config.K8sAPIDiscovery.CredsPath, config.K8sAPIDiscovery.AnnounceAllNodes,
+					localNode.Name,
 				),
 			)
 		default:
@@ -339,7 +340,7 @@ func main() {
 	// Register the cluster name with the state object
 	state.ClusterName = config.Sidecar.ClusterName
 
-	disco := configureDiscovery(config, mlConfig.AdvertiseAddr)
+	disco := configureDiscovery(config, mlConfig.AdvertiseAddr, list.LocalNode())
 	go disco.Run(discoLooper)
 
 	// Configure the monitor and use the public address as the default