Support self-sharding with conditions under helm deployments.

e380c936 · Geoff Simmons · 075c5b26 · e380c936 · e380c936 · e380c936
Commit e380c936 authored May 10, 2021 by Geoff Simmons
10 changed files
--- a/charts/viking-controller/crds/varnishcfg-crd.yaml
+++ b/charts/viking-controller/crds/varnishcfg-crd.yaml
@@ -34,49 +34,107 @@ spec:
            self-sharding:
              type: object
              properties:
-                max-secondary-ttl:
-                  type: string
-                  pattern: '^\d+(\.\d+)?(ms|[smhdwy])$'
-                primaryOnly:
-                  type: boolean
-                key:
-                  type: string
-                  pattern: "^client\\.identity$|^req\\.(url|http\\.[a-zA-Z0-9!#$%&'*+.^_`|~-]+)$"
-                digest:
-                  type: string
-                  enum:
-                  - CRC32
-                  - ICRC32
-                  - MD5
-                  - RS
-                  - SHA1
-                  - SHA224
-                  - SHA256
-                  - SHA384
-                  - SHA512
-                  - SHA3_224
-                  - SHA3_256
-                  - SHA3_512
-                probe:
+                shard:
                  type: object
                  properties:
-                    timeout:
+                    max-secondary-ttl:
                      type: string
                      pattern: '^\d+(\.\d+)?(ms|[smhdwy])$'
-                    interval:
+                    primaryOnly:
+                      type: boolean
+                    key:
                      type: string
-                      pattern: '^\d+(\.\d+)?(ms|[smhdwy])$'
-                    initial:
-                      type: integer
-                      minimum: 0
-                    window:
-                      type: integer
-                      minimum: 0
-                      maximum: 64
-                    threshold:
-                      type: integer
-                      minimum: 0
-                      maximum: 64
+                      pattern: "^client\\.identity$|^req\\.(url|http\\.[a-zA-Z0-9!#$%&'*+.^_`|~-]+)$"
+                    digest:
+                      type: string
+                      enum:
+                        - CRC32
+                        - ICRC32
+                        - MD5
+                        - RS
+                        - SHA1
+                        - SHA224
+                        - SHA256
+                        - SHA384
+                        - SHA512
+                        - SHA3_224
+                        - SHA3_256
+                        - SHA3_512
+                    probe:
+                      type: object
+                      properties:
+                        timeout:
+                          type: string
+                          pattern: '^\d+(\.\d+)?(ms|[smhdwy])$'
+                        interval:
+                          type: string
+                          pattern: '^\d+(\.\d+)?(ms|[smhdwy])$'
+                        initial:
+                          type: integer
+                          minimum: 0
+                        window:
+                          type: integer
+                          minimum: 0
+                          maximum: 64
+                        threshold:
+                          type: integer
+                          minimum: 0
+                          maximum: 64
+                conditions:
+                  type: array
+                  minItems: 1
+                  items:
+                    type: object
+                    required:
+                      - comparand
+                    properties:
+                      comparand:
+                        type: string
+                        pattern: "^req\\.(url|method|proto|http\\.[a-zA-Z0-9!#$%&'*+.^_`|~-]+)$"
+                      compare:
+                        type: string
+                        enum:
+                          - equal
+                          - not-equal
+                          - match
+                          - not-match
+                          - prefix
+                          - not-prefix
+                          - exists
+                          - not-exists
+                      values:
+                        type: array
+                        minItems: 1
+                        items:
+                          type: string
+                      match-flags:
+                        type: object
+                        properties:
+                          max-mem:
+                            type: integer
+                            minimum: 0
+                          anchor:
+                            type: string
+                            enum:
+                              - none
+                              - start
+                              - both
+                          utf8:
+                            type: boolean
+                          posix-syntax:
+                            type: boolean
+                          longest-match:
+                            type: boolean
+                          literal:
+                            type: boolean
+                          never-capture:
+                            type: boolean
+                          case-sensitive:
+                            type: boolean
+                          perl-classes:
+                            type: boolean
+                          word-boundary:
+                            type: boolean
            auth:
              type: array
              minItems: 1

--- a/examples/self-sharding/Makefile
+++ b/examples/self-sharding/Makefile
@@ -58,6 +58,10 @@ deploy-primary-only-by-clientid-helm:
 	@helm install viking-ingress-primary-only-by-clientid $(CHARTDIR)/viking-test-app \
 		--values values-primary-only-by-clientid.yaml

+deploy-shard-conditions-helm:
+	@helm install viking-ingress-shard-conditions $(CHARTDIR)/viking-test-app \
+		--values values-shard-conditions.yaml
+
 deploy-cafe-kubectl:
 	@kubectl apply -f $(mkdir)/../hello/cafe.yaml
 	@kubectl apply -f $(mkdir)/../hello/cafe-ingress.yaml
@@ -115,6 +119,10 @@ undeploy-primary-only-by-clientid-helm:
 	@helm uninstall viking-ingress-primary-only-by-clientid
 	$(MAKE) wait

+undeploy-shard-conditions-helm:
+	@helm uninstall viking-ingress-shard-conditions
+	$(MAKE) wait
+
 undeploy-cafe-kubectl:
 	@kubectl delete -f $(mkdir)/../hello/cafe-ingress.yaml
 	@kubectl delete -f $(mkdir)/../hello/cafe.yaml
@@ -182,6 +190,8 @@ deploy-shard-by-key: deploy-shard-by-key-helm
 undeploy-shard-by-key: undeploy-shard-by-key-helm
 deploy-primary-only-by-clientid: deploy-primary-only-by-clientid-helm
 undeploy-primary-only-by-clientid: undeploy-primary-only-by-clientid-helm
+deploy-shard-conditions: deploy-shard-conditions-helm
+undeploy-shard-conditions: undeploy-shard-conditions-helm
 endif

 ifeq ($(EXAMPLE),self-sharding)

--- a/examples/self-sharding/values-primary-only-by-clientid.yaml
+++ b/examples/self-sharding/values-primary-only-by-clientid.yaml
@@ -19,11 +19,12 @@ ingress:
 vikingAdmSvc: varnish-ingress-admin

 selfSharding:
-  primaryOnly: true
-  key: client.identity
-  probe:
-    timeout: 6s
-    interval: 6s
-    initial: 2
-    window: 4
-    threshold: 3
+  shard:
+    primaryOnly: true
+    key: client.identity
+    probe:
+      timeout: 6s
+      interval: 6s
+      initial: 2
+      window: 4
+      threshold: 3
--- a/examples/self-sharding/values-primary-only.yaml
+++ b/examples/self-sharding/values-primary-only.yaml
@@ -19,10 +19,11 @@ ingress:
 vikingAdmSvc: varnish-ingress-admin

 selfSharding:
-  primaryOnly: true
-  probe:
-    timeout: 6s
-    interval: 6s
-    initial: 2
-    window: 4
-    threshold: 3
+  shard:
+    primaryOnly: true
+    probe:
+      timeout: 6s
+      interval: 6s
+      initial: 2
+      window: 4
+      threshold: 3
--- a/examples/self-sharding/values-self-sharding.yaml
+++ b/examples/self-sharding/values-self-sharding.yaml
@@ -19,10 +19,11 @@ ingress:
 vikingAdmSvc: varnish-ingress-admin

 selfSharding:
-  max-secondary-ttl: 2m
-  probe:
-    timeout: 6s
-    interval: 6s
-    initial: 2
-    window: 4
-    threshold: 3
+  shard:
+    max-secondary-ttl: 2m
+    probe:
+      timeout: 6s
+      interval: 6s
+      initial: 2
+      window: 4
+      threshold: 3
--- a/examples/self-sharding/values-shard-by-digest.yaml
+++ b/examples/self-sharding/values-shard-by-digest.yaml
@@ -19,6 +19,7 @@ ingress:
 vikingAdmSvc: varnish-ingress-admin

 selfSharding:
-  primaryOnly: true
-  key: req.http.Host
-  digest: SHA3_512
+  shard:
+    primaryOnly: true
+    key: req.http.Host
+    digest: SHA3_512
--- a/examples/self-sharding/values-shard-by-key.yaml
+++ b/examples/self-sharding/values-shard-by-key.yaml
@@ -19,5 +19,6 @@ ingress:
 vikingAdmSvc: varnish-ingress-admin

 selfSharding:
-  primaryOnly: true
-  key: req.http.Host
+  shard:
+    primaryOnly: true
+    key: req.http.Host
--- a/examples/self-sharding/values-shard-by-url.yaml
+++ b/examples/self-sharding/values-shard-by-url.yaml
@@ -19,5 +19,6 @@ ingress:
 vikingAdmSvc: varnish-ingress-admin

 selfSharding:
-  primaryOnly: true
-  key: req.url
+  shard:
+    primaryOnly: true
+    key: req.url
--- a/examples/self-sharding/values-shard-conditions.yaml
+++ b/examples/self-sharding/values-shard-conditions.yaml
+apps:
+  coffee:
+    image: nginxdemos/hello:plain-text
+    replicas: 2
+  tea:
+    image: nginxdemos/hello:plain-text
+    replicas: 3
+
+ingress:
+  name: cafe-ingress
+  rules:
+  - host: cafe.example.com
+    paths:
+    - path: /tea
+      app: tea
+    - path: /coffee
+      app: coffee
+
+vikingAdmSvc: varnish-ingress-admin
+
+selfSharding:
+  conditions:
+    - comparand: req.url
+      compare: prefix
+      values:
+        - /foo/
+  shard:
+    primaryOnly: true
+    key: client.identity
+    probe:
+      timeout: 6s
+      interval: 6s
+      initial: 2
+      window: 4
+      threshold: 3
--- a/test/e2e/tmplcfg/values.yaml
+++ b/test/e2e/tmplcfg/values.yaml
@@ -547,11 +547,14 @@ templates:
    import blob;
    import blobdigest;
    import taskvar;
+    import re2;
+    import selector;

    probe vk8s_probe_varnish {
            .request = "HEAD /vk8s_cluster_health HTTP/1.1"
                       "Host: vk8s_cluster"
                       "Connection: close";
+    {{- if .Probe }}
    {{- if .Probe.Timeout}}
            .timeout = {{.Probe.Timeout}};
    {{- end}}
@@ -567,6 +570,7 @@ templates:
    {{- if .Probe.Threshold}}
            .threshold = {{.Probe.Threshold}};
    {{- end}}
+    {{- end}}
    }

    {{range $node := .Nodes -}}
@@ -596,19 +600,45 @@ templates:
            {{ if .PrimaryOnly -}}
            new vk8s_cluster_primary = taskvar.backend();
            {{- end }}
+    {{range $cidx, $c := .Conditions -}}
+            {{if condNeedsMatcher $c -}}
+            new {{condMatcher $cidx}} = {{vmod $c.Compare}}.set({{flags $c}});
+            {{- range $val := $c.Values}}
+            {{condMatcher $cidx}}.add("{{$val}}");
+            {{- end -}}
+            {{end -}}
+    {{end -}}
    }

    sub vcl_recv {
            {{ if .PrimaryOnly -}}
-            {{- digest_update 'c' . }}
-            vk8s_cluster_primary.set(vk8s_cluster.backend(resolve=NOW
-                {{- key 'c' .}}));
-            if (remote.ip !~ vk8s_cluster_acl
-                && "" + vk8s_cluster_primary.get() != server.identity) {
-                    set req.backend_hint = vk8s_cluster_primary.get();
-                    return (pipe);
-            }
-            else {{ end }}if (remote.ip ~ vk8s_cluster_acl) {
+            {{ if .Conditions -}}
+            if (
+                {{- range $cidx, $cond := .Conditions}}
+                {{- if ne $cidx 0}} &&
+                {{end}}
+                {{- if .Negate}}! {{end}}
+                {{- if condNeedsMatcher $cond}}
+                {{- condMatcher $cidx}}.{{match .Compare}}({{.Comparand}})
+                {{- else if exists .Compare}}
+                {{- .Comparand}}
+                {{- else}}
+                {{- .Comparand}} {{cmpRelation .Compare .Negate}} {{value $cond}}
+                {{- end}}
+                {{- end -}}
+            ) {
+            {{ end -}}
+                    {{- digest_update 'c' . }}
+                    vk8s_cluster_primary.set(vk8s_cluster.backend(resolve=NOW
+                            {{- key 'c' .}}));
+                    if (remote.ip !~ vk8s_cluster_acl
+                        && "" + vk8s_cluster_primary.get() != server.identity) {
+                            set req.backend_hint = vk8s_cluster_primary.get();
+                            return (pipe);
+                    }
+            {{ if .Conditions }}}{{ end -}}
+            {{ end -}}
+            if (remote.ip ~ vk8s_cluster_acl) {
                    if (req.http.Host == "vk8s_cluster") {
                            if (req.url == "/vk8s_cluster_health") {
                                    return (synth(200));
@@ -631,7 +661,19 @@ templates:
    sub vcl_backend_fetch {
            {{- digest_update 'b' . }}
            vk8s_cluster_param.set({{ key 'b' .}});
-            if (bereq.retries == 0 
+            if (
+                {{- range $cidx, $cond := .Conditions}}
+                {{- if .Negate}}! {{end}}
+                {{- if condNeedsMatcher $cond}}
+                {{- condMatcher $cidx}}.{{match .Compare}}({{.Comparand}})
+                {{- else if exists .Compare}}
+                {{- .Comparand}}
+                {{- else}}
+                {{- .Comparand}} {{cmpRelation .Compare .Negate}} {{value $cond}}
+                {{- end}}
+                &&
+                {{ end -}}
+                bereq.retries == 0 
                && !bereq.uncacheable
                && remote.ip !~ vk8s_cluster_acl
                && "" + vk8s_cluster.backend(resolve=NOW) != server.identity) {