diff options
author | Jon Marius Venstad <jonmv@users.noreply.github.com> | 2023-01-25 14:31:38 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-01-25 14:31:38 +0100 |
commit | 601d09256ea213a4d1238ffe1526bedbcb42b295 (patch) | |
tree | 540216e609286614e08dea2ea3b97d2ad9c5af20 /controller-server | |
parent | db1bcbfe4768e787d8794c921caea47c3e7cf58f (diff) | |
parent | d5eea4fdd29c8a20a2c66f201188dff74c752478 (diff) |
Merge pull request #25725 from vespa-engine/jonmv/private-endpoints
Jonmv/private endpoints
Diffstat (limited to 'controller-server')
3 files changed, 48 insertions, 47 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/RoutingController.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/RoutingController.java index a81656347d5..fa8851c414d 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/RoutingController.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/RoutingController.java @@ -114,8 +114,8 @@ public class RoutingController { for (var policy : routingPolicies.read(deployment)) { if (!policy.status().isActive()) continue; RoutingMethod routingMethod = controller.zoneRegistry().routingMethod(policy.id().zone()); - endpoints.addAll(policy.zoneEndpointsIn(controller.system(), routingMethod, controller.zoneRegistry())); - endpoints.add(policy.regionEndpointIn(controller.system(), routingMethod, controller.zoneRegistry())); + endpoints.addAll(policy.zoneEndpointsIn(controller.system(), routingMethod)); + endpoints.add(policy.regionEndpointIn(controller.system(), routingMethod)); } return EndpointList.copyOf(endpoints); } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/routing/RoutingPolicies.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/routing/RoutingPolicies.java index 293145eb75a..c737f9b58ef 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/routing/RoutingPolicies.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/routing/RoutingPolicies.java @@ -157,9 +157,9 @@ public class RoutingPolicies { policiesByInstance.forEach((owner, instancePolicies) -> db.writeRoutingPolicies(owner, instancePolicies.asList())); policiesByInstance.forEach((ignored, instancePolicies) -> updateGlobalDnsOf(instancePolicies, Set.of(), - Optional.of(TenantAndApplicationId.from(deployment.applicationId())), + ownerOf(deployment), lock)); - updateApplicationDnsOf(effectivePolicies, Set.of(), Optional.of(TenantAndApplicationId.from(deployment.applicationId())), lock); + updateApplicationDnsOf(effectivePolicies, Set.of(), ownerOf(deployment), lock); } } @@ -229,7 +229,7 @@ public class RoutingPolicies { for (var policy : policies) { if (policy.dnsZone().isEmpty() && policy.canonicalName().isPresent()) continue; if (controller.zoneRegistry().routingMethod(policy.id().zone()) != RoutingMethod.exclusive) continue; - Endpoint endpoint = policy.regionEndpointIn(controller.system(), RoutingMethod.exclusive, controller.zoneRegistry()); + Endpoint endpoint = policy.regionEndpointIn(controller.system(), RoutingMethod.exclusive); var zonePolicy = db.readZoneRoutingPolicy(policy.id().zone()); long weight = 1; if (isConfiguredOut(zonePolicy, policy, inactiveZones)) { @@ -366,7 +366,7 @@ public class RoutingPolicies { if (existingPolicy != null) { newPolicy = newPolicy.with(newPolicy.status().with(existingPolicy.status().routingStatus())); } - updateZoneDnsOf(newPolicy, allocation); + updateZoneDnsOf(newPolicy, loadBalancer, allocation.deployment); policies.put(newPolicy.id(), newPolicy); } RoutingPolicyList updated = RoutingPolicyList.copyOf(policies.values()); @@ -375,47 +375,44 @@ public class RoutingPolicies { } /** Update zone DNS record for given policy */ - private void updateZoneDnsOf(RoutingPolicy policy, LoadBalancerAllocation allocation) { - for (var endpoint : policy.zoneEndpointsIn(controller.system(), RoutingMethod.exclusive, controller.zoneRegistry())) { + private void updateZoneDnsOf(RoutingPolicy policy, LoadBalancer loadBalancer, DeploymentId deploymentId) { + for (var endpoint : policy.zoneEndpointsIn(controller.system(), RoutingMethod.exclusive)) { var name = RecordName.from(endpoint.dnsName()); var record = policy.canonicalName().isPresent() ? new Record(Record.Type.CNAME, name, RecordData.fqdn(policy.canonicalName().get().value())) : new Record(Record.Type.A, name, RecordData.from(policy.ipAddress().orElseThrow())); - nameServiceForwarderIn(policy.id().zone()).createRecord(record, Priority.normal, ownerOf(allocation)); - setPrivateDns(endpoint, allocation); + nameServiceForwarderIn(policy.id().zone()).createRecord(record, Priority.normal, ownerOf(deploymentId)); + setPrivateDns(endpoint, loadBalancer, deploymentId); } } - private void setPrivateDns(Endpoint endpoint, LoadBalancerAllocation allocation) { - allocation.loadBalancers.stream() - .filter(lb -> lb.service().isPresent()) - .findFirst() - .flatMap(lbWithPrivateService -> - controller.serviceRegistry().vpcEndpointService() - .setPrivateDns(DomainName.of(endpoint.dnsName()), - new ClusterId(allocation.deployment, endpoint.cluster()), - lbWithPrivateService.cloudAccount())) - .ifPresent(challenge -> { - try { - nameServiceForwarderIn(allocation.deployment.zoneId()).createTxt(challenge.name(), List.of(challenge.data()), Priority.high, ownerOf(allocation)); - Instant doom = controller.clock().instant().plusSeconds(30); - while (controller.clock().instant().isBefore(doom)) { - try (Mutex lock = controller.curator().lockNameServiceQueue()) { - if (controller.curator().readNameServiceQueue().requests().stream() - .noneMatch(request -> request.name().equals(Optional.of(challenge.name())))) { - challenge.trigger().run(); - nameServiceForwarderIn(allocation.deployment.zoneId()).removeRecords(Type.TXT, challenge.name(), Priority.normal, ownerOf(allocation)); - return; - } - } - Thread.sleep(100); - } - throw new UncheckedTimeoutException("timed out waiting for DNS challenge to be processed"); - } - catch (InterruptedException e) { - throw new UncheckedInterruptedException("interrupted waiting for DNS challenge to be processed", e, true); - } - }); + private void setPrivateDns(Endpoint endpoint, LoadBalancer loadBalancer, DeploymentId deploymentId) { + if (loadBalancer.service().isEmpty()) return; + controller.serviceRegistry().vpcEndpointService() + .setPrivateDns(DomainName.of(endpoint.dnsName()), + new ClusterId(deploymentId, endpoint.cluster()), + loadBalancer.cloudAccount()) + .ifPresent(challenge -> { + try { + nameServiceForwarderIn(deploymentId.zoneId()).createTxt(challenge.name(), List.of(challenge.data()), Priority.high, ownerOf(deploymentId)); + Instant doom = controller.clock().instant().plusSeconds(30); + while (controller.clock().instant().isBefore(doom)) { + try (Mutex lock = controller.curator().lockNameServiceQueue()) { + if (controller.curator().readNameServiceQueue().requests().stream() + .noneMatch(request -> request.name().equals(Optional.of(challenge.name())))) { + try { challenge.trigger().run(); } + finally { nameServiceForwarderIn(deploymentId.zoneId()).removeRecords(Type.TXT, challenge.name(), Priority.normal, ownerOf(deploymentId)); } + return; + } + } + Thread.sleep(100); + } + throw new UncheckedTimeoutException("timed out waiting for DNS challenge to be processed"); + } + catch (InterruptedException e) { + throw new UncheckedInterruptedException("interrupted waiting for DNS challenge to be processed", e, true); + } + }); } /** @@ -429,7 +426,7 @@ public class RoutingPolicies { RoutingPolicyList removable = instancePolicies.deployment(allocation.deployment) .not().matching(policy -> activeIds.contains(policy.id())); for (var policy : removable) { - for (var endpoint : policy.zoneEndpointsIn(controller.system(), RoutingMethod.exclusive, controller.zoneRegistry())) { + for (var endpoint : policy.zoneEndpointsIn(controller.system(), RoutingMethod.exclusive)) { nameServiceForwarderIn(allocation.deployment.zoneId()).removeRecords(Record.Type.CNAME, RecordName.from(endpoint.dnsName()), Priority.normal, @@ -691,8 +688,12 @@ public class RoutingPolicies { } } + private static Optional<TenantAndApplicationId> ownerOf(DeploymentId deploymentId) { + return Optional.of(TenantAndApplicationId.from(deploymentId.applicationId())); + } + private static Optional<TenantAndApplicationId> ownerOf(LoadBalancerAllocation allocation) { - return Optional.of(TenantAndApplicationId.from(allocation.deployment.applicationId())); + return ownerOf(allocation.deployment); } } diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/routing/RoutingPolicy.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/routing/RoutingPolicy.java index 6ae729a3c02..3d43e42af27 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/routing/RoutingPolicy.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/routing/RoutingPolicy.java @@ -94,14 +94,14 @@ public record RoutingPolicy(RoutingPolicyId id, } /** Returns the zone endpoints of this */ - public List<Endpoint> zoneEndpointsIn(SystemName system, RoutingMethod routingMethod, ZoneRegistry zoneRegistry) { + public List<Endpoint> zoneEndpointsIn(SystemName system, RoutingMethod routingMethod) { DeploymentId deployment = new DeploymentId(id.owner(), id.zone()); - return List.of(endpoint(routingMethod, zoneRegistry).target(id.cluster(), deployment).in(system)); + return List.of(endpoint(routingMethod).target(id.cluster(), deployment).in(system)); } /** Returns the region endpoint of this */ - public Endpoint regionEndpointIn(SystemName system, RoutingMethod routingMethod, ZoneRegistry zoneRegistry) { - return endpoint(routingMethod, zoneRegistry).targetRegion(id.cluster(), id.zone()).in(system); + public Endpoint regionEndpointIn(SystemName system, RoutingMethod routingMethod) { + return endpoint(routingMethod).targetRegion(id.cluster(), id.zone()).in(system); } @Override @@ -125,7 +125,7 @@ public record RoutingPolicy(RoutingPolicyId id, id.zone().value()); } - private Endpoint.EndpointBuilder endpoint(RoutingMethod routingMethod, ZoneRegistry zones) { + private Endpoint.EndpointBuilder endpoint(RoutingMethod routingMethod) { return Endpoint.of(id.owner()) .on(Port.fromRoutingMethod(routingMethod)) .routingMethod(routingMethod); |