Forem: Ishan Khare The latest articles on Forem by Ishan Khare (@ishankhare07). https://forem.com/ishankhare07 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F47369%2Fce4f75a9-f497-4f29-bf54-85f3f131d01e.png Forem: Ishan Khare https://forem.com/ishankhare07 en Dabbling with envoy - Part II Ishan Khare Thu, 13 Jan 2022 22:35:49 +0000 https://forem.com/ishankhare07/dabbling-with-envoy-part-ii-3a7o https://forem.com/ishankhare07/dabbling-with-envoy-part-ii-3a7o <h4> Dynamic configuration from control plane </h4> <p>There are already some production ready control planes available like</p> <ol> <li>Gloo</li> <li>Istio</li> </ol> <p>We are going to experiment with what's at the core of these service meshes - <a href="https://github.com/envoyproxy/go-control-plane" rel="noopener noreferrer">Go control plane</a></p> <p>In order to tell envoy where to look for the control plane for getting the configuration we need some of the following things:</p> <ol> <li><a href="https://www.envoyproxy.io/docs/envoy/v1.20.1/start/quick-start/configuration-dynamic-control-plane#start-quick-start-dynamic-node" rel="noopener noreferrer">node</a></li> <li><a href="https://www.envoyproxy.io/docs/envoy/v1.20.1/start/quick-start/configuration-dynamic-control-plane#start-quick-start-dynamic-dynamic-resources" rel="noopener noreferrer">dynamic_resources</a></li> <li><a href="https://www.envoyproxy.io/docs/envoy/v1.20.1/start/quick-start/configuration-dynamic-control-plane#start-quick-start-dynamic-static-resources" rel="noopener noreferrer">static_resources</a></li> </ol> <h5> node </h5> <p>The node configuration remains the same as in the previous setup of the envoy configurations:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">node</span><span class="pi">:</span> <span class="na">cluster</span><span class="pi">:</span> <span class="s">test-cluster</span> <span class="na">id</span><span class="pi">:</span> <span class="s">test-id</span> </code></pre> </div> <h5> dynamic_resources </h5> <p>This tells envoy which configurations to update dynamically<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">dynamic_resources</span><span class="pi">:</span> <span class="na">ads_config</span><span class="pi">:</span> <span class="na">api_type</span><span class="pi">:</span> <span class="s">GRPC</span> <span class="na">transport_api_version</span><span class="pi">:</span> <span class="s">V3</span> <span class="na">grpc_services</span><span class="pi">:</span> <span class="na">envoy_grpc</span><span class="pi">:</span> <span class="na">cluster_name</span><span class="pi">:</span> <span class="s">xds_cluster</span> <span class="na">cds_config</span><span class="pi">:</span> <span class="na">resource_api_version</span><span class="pi">:</span> <span class="s">V3</span> <span class="na">ads</span><span class="pi">:</span> <span class="pi">{}</span> <span class="na">lds_config</span><span class="pi">:</span> <span class="na">resource_api_version</span><span class="pi">:</span> <span class="s">V3</span> <span class="na">ads</span><span class="pi">:</span> <span class="pi">{}</span> </code></pre> </div> <p>This basically tells envoy that the <code>Cluster Discovery Service</code> and the <code>Listener Discovery Service</code> are being served as part of the <code>ADS</code> (<code>Aggregate Discovery Service</code>). The <code>ads</code> configuration itself is a GRPC api served by a <code>cluster</code> named <code>xds_cluster</code>.</p> <h5> static_resources </h5> <p>This will tell envoy where to receive its dynamic configuration from, i.e. where to find the control plane<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">static_resources</span><span class="pi">:</span> <span class="na">clusters</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">type</span><span class="pi">:</span> <span class="s">STRICT_DNS</span> <span class="na">typed_extension_protocol_options</span><span class="pi">:</span> <span class="na">envoy.extensions.upstreams.http.v3.HttpProtocolOptions</span><span class="pi">:</span> <span class="s2">"</span><span class="s">@type"</span><span class="err">:</span> <span class="s">type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions</span> <span class="s">explicit_http_config</span><span class="err">:</span> <span class="na">http2_protocol_options</span><span class="pi">:</span> <span class="pi">{}</span> <span class="na">name</span><span class="pi">:</span> <span class="s">xds_cluster</span> <span class="na">http2_protocol_options</span><span class="pi">:</span> <span class="pi">{}</span> <span class="na">connect_timeout</span><span class="pi">:</span> <span class="s">3s</span> <span class="na">load_assignment</span><span class="pi">:</span> <span class="na">cluster_name</span><span class="pi">:</span> <span class="s">xds_cluster</span> <span class="na">endpoints</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">lb_endpoints</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">endpoint</span><span class="pi">:</span> <span class="na">address</span><span class="pi">:</span> <span class="na">socket_address</span><span class="pi">:</span> <span class="na">address</span><span class="pi">:</span> <span class="s">localhost</span> <span class="na">port_value</span><span class="pi">:</span> <span class="m">18000</span> </code></pre> </div> <p>Here we define the details of where can envoy find the previously specified <code>xds_cluster</code> serving the <code>ADS</code> configuration.</p> <p>This is the basic configuration that we need to bootstrap our envoy instance to connect to our control plane and start getting updated configuration from it. The main advantage of this pattern over the previously described ones is that we can now take advantage of the powerful programmable API of the control plane and update the configuration programmatically. So lets see ho we can get this done.</p> <h4> Control Plane </h4> <p>At the heart of the control place configuration, there's what envoy calls a <code>Snapshot</code>. Going through the envoy docs, this is what the definition of a snapshot says it is:</p> <blockquote> <p>Snapshot is an internally consistent snapshot of xDS resources</p> </blockquote> <p>And what does the <code>Snapshot</code> look like you may ask?<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">Snapshot</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Resources</span> <span class="p">[</span><span class="n">types</span><span class="o">.</span><span class="n">UnknownType</span><span class="p">]</span><span class="n">Resources</span> <span class="c">// VersionMap holds the current hash map of all resources in the snapshot.</span> <span class="c">// This field should remain nil until it is used, at which point should be</span> <span class="c">// instantiated by calling ConstructVersionMap().</span> <span class="c">// VersionMap is only to be used with delta xDS.</span> <span class="n">VersionMap</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">string</span> <span class="p">}</span> </code></pre> </div> <p>Hmm, that isn't very helpful. It doesn't give us much information about what does the <code>Resources</code> hold. On further examiniation of the docs, I found the following method in the <a href="https://pkg.go.dev/github.com/envoyproxy/go-control-plane/pkg/cache/v3" rel="noopener noreferrer">cache package</a>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">NewSnapshot</span><span class="p">(</span><span class="n">version</span> <span class="kt">string</span><span class="p">,</span> <span class="n">resources</span> <span class="k">map</span><span class="p">[</span><span class="n">resource</span><span class="o">.</span><span class="n">Type</span><span class="p">][]</span><span class="n">types</span><span class="o">.</span><span class="n">Resource</span><span class="p">)</span> <span class="p">(</span><span class="n">Snapshot</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> </code></pre> </div> <p>And examining the <a href="https://pkg.go.dev/github.com/envoyproxy/go-control-plane@v0.10.1/pkg/resource/v3" rel="noopener noreferrer">resource</a> package we get these constants<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">const</span> <span class="p">(</span> <span class="n">EndpointType</span> <span class="o">=</span> <span class="n">apiTypePrefix</span> <span class="o">+</span> <span class="s">"envoy.config.endpoint.v3.ClusterLoadAssignment"</span> <span class="n">ClusterType</span> <span class="o">=</span> <span class="n">apiTypePrefix</span> <span class="o">+</span> <span class="s">"envoy.config.cluster.v3.Cluster"</span> <span class="n">RouteType</span> <span class="o">=</span> <span class="n">apiTypePrefix</span> <span class="o">+</span> <span class="s">"envoy.config.route.v3.RouteConfiguration"</span> <span class="n">ScopedRouteType</span> <span class="o">=</span> <span class="n">apiTypePrefix</span> <span class="o">+</span> <span class="s">"envoy.config.route.v3.ScopedRouteConfiguration"</span> <span class="n">ListenerType</span> <span class="o">=</span> <span class="n">apiTypePrefix</span> <span class="o">+</span> <span class="s">"envoy.config.listener.v3.Listener"</span> <span class="n">SecretType</span> <span class="o">=</span> <span class="n">apiTypePrefix</span> <span class="o">+</span> <span class="s">"envoy.extensions.transport_sockets.tls.v3.Secret"</span> <span class="n">ExtensionConfigType</span> <span class="o">=</span> <span class="n">apiTypePrefix</span> <span class="o">+</span> <span class="s">"envoy.config.core.v3.TypedExtensionConfig"</span> <span class="n">RuntimeType</span> <span class="o">=</span> <span class="n">apiTypePrefix</span> <span class="o">+</span> <span class="s">"envoy.service.runtime.v3.Runtime"</span> <span class="c">// AnyType is used only by ADS</span> <span class="n">AnyType</span> <span class="o">=</span> <span class="s">""</span> <span class="p">)</span> </code></pre> </div> <p>So now it makes sense – the snapshot is just a fancy register that will store a point-in-time snapshot of the envoy configuration for different envoy resources like <code>listener</code>, <code>route</code>, <code>endpoint</code> etc. This is good but is there anything better? – a better abstraction that we can probably use? It turns out there is. On further examination I found the <a href="https://pkg.go.dev/github.com/envoyproxy/go-control-plane/pkg/cache/v3#SnapshotCache" rel="noopener noreferrer">SnapshotCache</a> :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">SnapshotCache</span> <span class="k">interface</span> <span class="p">{</span> <span class="n">Cache</span> <span class="n">SetSnapshot</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">node</span> <span class="kt">string</span><span class="p">,</span> <span class="n">snapshot</span> <span class="n">Snapshot</span><span class="p">)</span> <span class="kt">error</span> <span class="n">GetSnapshot</span><span class="p">(</span><span class="n">node</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="n">Snapshot</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="n">ClearSnapshot</span><span class="p">(</span><span class="n">node</span> <span class="kt">string</span><span class="p">)</span> <span class="n">GetStatusInfo</span><span class="p">(</span><span class="kt">string</span><span class="p">)</span> <span class="n">StatusInfo</span> <span class="n">GetStatusKeys</span><span class="p">()</span> <span class="p">[]</span><span class="kt">string</span> <span class="p">}</span> <span class="k">func</span> <span class="n">NewSnapshotCache</span><span class="p">(</span><span class="n">ads</span> <span class="kt">bool</span><span class="p">,</span> <span class="n">hash</span> <span class="n">NodeHash</span><span class="p">,</span> <span class="n">logger</span> <span class="n">log</span><span class="o">.</span><span class="n">Logger</span><span class="p">)</span> <span class="n">SnapshotCache</span> </code></pre> </div> <blockquote> <p>SnapshotCache is a snapshot-based cache that maintains a single versioned snapshot of responses per node. SnapshotCache consistently replies with the latest snapshot</p> </blockquote> <p>Alright now we have some idea of the structure we want to put around this thing:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fstorage.googleapis.com%2Fahins%2Fimages%2Fbasic_struct.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fstorage.googleapis.com%2Fahins%2Fimages%2Fbasic_struct.png"></a></p> <p>We will start implementing the same in the following snippets:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">GenerateSnapshot</span><span class="p">(</span><span class="n">listenerName</span><span class="p">,</span> <span class="n">routeName</span><span class="p">,</span> <span class="n">clusterName</span><span class="p">,</span> <span class="n">upstreamHost</span> <span class="kt">string</span><span class="p">,</span> <span class="n">listenerPort</span><span class="p">,</span> <span class="n">upstreamPort</span> <span class="kt">uint32</span><span class="p">)</span> <span class="n">cache</span><span class="o">.</span><span class="n">Snapshot</span> <span class="p">{</span> <span class="k">return</span> <span class="n">cache</span><span class="o">.</span><span class="n">NewSnapshot</span><span class="p">(</span><span class="s">"1"</span><span class="p">,</span> <span class="c">// endpoints</span> <span class="p">[]</span><span class="n">types</span><span class="o">.</span><span class="n">Resource</span><span class="p">{},</span> <span class="c">// clusters</span> <span class="p">[]</span><span class="n">types</span><span class="o">.</span><span class="n">Resource</span><span class="p">{</span><span class="n">makeCluster</span><span class="p">(</span><span class="n">clusterName</span><span class="p">,</span> <span class="n">upstreamHost</span><span class="p">,</span> <span class="n">upstreamPort</span><span class="p">)},</span> <span class="c">// routes</span> <span class="p">[]</span><span class="n">types</span><span class="o">.</span><span class="n">Resource</span><span class="p">{</span><span class="n">makeRoute</span><span class="p">(</span><span class="n">routeName</span><span class="p">,</span> <span class="n">clusterName</span><span class="p">,</span> <span class="n">upstreamHost</span><span class="p">)},</span> <span class="c">// listeners</span> <span class="p">[]</span><span class="n">types</span><span class="o">.</span><span class="n">Resource</span><span class="p">{</span><span class="n">makeListener</span><span class="p">(</span><span class="n">listenerName</span><span class="p">,</span> <span class="n">routeName</span><span class="p">,</span> <span class="n">listenerPort</span><span class="p">)},</span> <span class="c">// runtimes</span> <span class="p">[]</span><span class="n">types</span><span class="o">.</span><span class="n">Resource</span><span class="p">{},</span> <span class="c">// secrets</span> <span class="p">[]</span><span class="n">types</span><span class="o">.</span><span class="n">Resource</span><span class="p">{},</span> <span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>Now we implement the methods <code>makeCluster</code>, <code>makeRoute</code>, <code>makeListener</code>:</p> <h5> Cluster and Endpoint </h5> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">import</span> <span class="p">(</span> <span class="s">"time"</span> <span class="n">cluster</span> <span class="s">"github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3"</span> <span class="s">"github.com/golang/protobuf/ptypes"</span> <span class="n">core</span> <span class="s">"github.com/envoyproxy/go-control-plane/envoy/config/core/v3"</span> <span class="n">endpoint</span> <span class="s">"github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">makeCluster</span><span class="p">(</span><span class="n">clusterName</span><span class="p">,</span> <span class="n">upstreamHost</span> <span class="kt">string</span><span class="p">,</span> <span class="n">upstreamPort</span> <span class="kt">uint32</span><span class="p">)</span> <span class="o">*</span><span class="n">cluster</span><span class="o">.</span><span class="n">Cluster</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">cluster</span><span class="o">.</span><span class="n">Cluster</span><span class="p">{</span> <span class="n">Name</span><span class="o">:</span> <span class="n">clusterName</span><span class="p">,</span> <span class="n">ConnectTimeout</span><span class="o">:</span> <span class="n">ptypes</span><span class="o">.</span><span class="n">DurationProto</span><span class="p">(</span><span class="m">5</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">),</span> <span class="n">ClusterDiscoveryType</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">cluster</span><span class="o">.</span><span class="n">Cluster_Type</span><span class="p">{</span> <span class="n">Type</span><span class="o">:</span> <span class="n">cluster</span><span class="o">.</span><span class="n">Cluster_LOGICAL_DNS</span><span class="p">,</span> <span class="p">},</span> <span class="n">LbPolicy</span><span class="o">:</span> <span class="n">cluster</span><span class="o">.</span><span class="n">Cluster_ROUND_ROBIN</span><span class="p">,</span> <span class="n">LoadAssignment</span><span class="o">:</span> <span class="n">makeEndpoint</span><span class="p">(</span><span class="n">clusterName</span><span class="p">,</span> <span class="n">upstreamHost</span><span class="p">,</span> <span class="n">upstreamPort</span><span class="p">),</span> <span class="n">DnsLookupFamily</span><span class="o">:</span> <span class="n">cluster</span><span class="o">.</span><span class="n">Cluster_V4_ONLY</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> <span class="k">func</span> <span class="n">makeEndpoint</span><span class="p">(</span><span class="n">clusterName</span><span class="p">,</span> <span class="n">upstreamHost</span> <span class="kt">string</span><span class="p">,</span> <span class="n">upstreamPort</span> <span class="kt">uint32</span><span class="p">)</span> <span class="o">*</span><span class="n">endpoint</span><span class="o">.</span><span class="n">ClusterLoadAssignment</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">endpoint</span><span class="o">.</span><span class="n">ClusterLoadAssignment</span><span class="p">{</span> <span class="n">ClusterName</span><span class="o">:</span> <span class="n">clusterName</span><span class="p">,</span> <span class="n">Endpoints</span><span class="o">:</span> <span class="p">[]</span><span class="o">*</span><span class="n">endpoint</span><span class="o">.</span><span class="n">LocalityLbEndpoints</span><span class="p">{</span> <span class="p">{</span> <span class="n">LbEndpoints</span><span class="o">:</span> <span class="p">[]</span><span class="o">*</span><span class="n">endpoint</span><span class="o">.</span><span class="n">LbEndpoint</span><span class="p">{</span> <span class="p">{</span> <span class="n">HostIdentifier</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">endpoint</span><span class="o">.</span><span class="n">LbEndpoint_Endpoint</span><span class="p">{</span> <span class="n">Endpoint</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">endpoint</span><span class="o">.</span><span class="n">Endpoint</span><span class="p">{</span> <span class="n">Address</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">core</span><span class="o">.</span><span class="n">Address</span><span class="p">{</span> <span class="n">Address</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">core</span><span class="o">.</span><span class="n">Address_SocketAddress</span><span class="p">{</span> <span class="n">SocketAddress</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">core</span><span class="o">.</span><span class="n">SocketAddress</span><span class="p">{</span> <span class="n">Protocol</span><span class="o">:</span> <span class="n">core</span><span class="o">.</span><span class="n">SocketAddress_TCP</span><span class="p">,</span> <span class="n">Address</span><span class="o">:</span> <span class="n">upstreamHost</span><span class="p">,</span> <span class="n">PortSpecifier</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">core</span><span class="o">.</span><span class="n">SocketAddress_PortValue</span><span class="p">{</span> <span class="n">PortValue</span><span class="o">:</span> <span class="n">upstreamPort</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h5> Route </h5> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="k">func</span> <span class="n">makeRoute</span><span class="p">(</span><span class="n">routeName</span><span class="p">,</span> <span class="n">clusterName</span><span class="p">,</span> <span class="n">upstreamHost</span> <span class="kt">string</span><span class="p">)</span> <span class="o">*</span><span class="n">route</span><span class="o">.</span><span class="n">RouteConfiguration</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">route</span><span class="o">.</span><span class="n">RouteConfiguration</span><span class="p">{</span> <span class="n">Name</span><span class="o">:</span> <span class="n">routeName</span><span class="p">,</span> <span class="n">VirtualHosts</span><span class="o">:</span> <span class="p">[]</span><span class="o">*</span><span class="n">route</span><span class="o">.</span><span class="n">VirtualHost</span><span class="p">{</span> <span class="p">{</span> <span class="n">Name</span><span class="o">:</span> <span class="s">"local_service"</span><span class="p">,</span> <span class="n">Domains</span><span class="o">:</span> <span class="p">[]</span><span class="kt">string</span><span class="p">{</span><span class="s">"*"</span><span class="p">},</span> <span class="n">Routes</span><span class="o">:</span> <span class="p">[]</span><span class="o">*</span><span class="n">route</span><span class="o">.</span><span class="n">Route</span><span class="p">{</span> <span class="p">{</span> <span class="n">Match</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">route</span><span class="o">.</span><span class="n">RouteMatch</span><span class="p">{</span> <span class="n">PathSpecifier</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">route</span><span class="o">.</span><span class="n">RouteMatch_Prefix</span><span class="p">{</span> <span class="n">Prefix</span><span class="o">:</span> <span class="s">"/"</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="n">Action</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">route</span><span class="o">.</span><span class="n">Route_Route</span><span class="p">{</span> <span class="n">Route</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">route</span><span class="o">.</span><span class="n">RouteAction</span><span class="p">{</span> <span class="n">ClusterSpecifier</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">route</span><span class="o">.</span><span class="n">RouteAction_Cluster</span><span class="p">{</span> <span class="n">Cluster</span><span class="o">:</span> <span class="n">clusterName</span><span class="p">,</span> <span class="p">},</span> <span class="n">HostRewriteSpecifier</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">route</span><span class="o">.</span><span class="n">RouteAction_HostRewriteLiteral</span><span class="p">{</span> <span class="n">HostRewriteLiteral</span><span class="o">:</span> <span class="n">upstreamHost</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h5> Listener, connection manager and config source </h5> <p>This is probably the most complicated one – but will conform to the structure we defined in the <a href="https://ishankhare.dev/posts/8/#dynamic_config" rel="noopener noreferrer">previous article's dynamic listerner config</a> – the only difference being it was in <code>yaml</code> and this is in pure <code>go</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">import</span> <span class="p">(</span> <span class="n">core</span> <span class="s">"github.com/envoyproxy/go-control-plane/envoy/config/core/v3"</span> <span class="n">listener</span> <span class="s">"github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"</span> <span class="n">hcm</span> <span class="s">"github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3"</span> <span class="s">"github.com/envoyproxy/go-control-plane/pkg/cache/types"</span> <span class="s">"github.com/envoyproxy/go-control-plane/pkg/cache/v3"</span> <span class="s">"github.com/envoyproxy/go-control-plane/pkg/resource/v3"</span> <span class="s">"github.com/envoyproxy/go-control-plane/pkg/wellknown"</span> <span class="s">"github.com/golang/protobuf/ptypes"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">makeListener</span><span class="p">(</span><span class="n">listenerName</span><span class="p">,</span> <span class="n">routeName</span> <span class="kt">string</span><span class="p">,</span> <span class="n">listenerPort</span> <span class="kt">uint32</span><span class="p">)</span> <span class="o">*</span><span class="n">listener</span><span class="o">.</span><span class="n">Listener</span> <span class="p">{</span> <span class="n">manager</span> <span class="o">:=</span> <span class="n">makeHTTPConnManager</span><span class="p">(</span><span class="n">routeName</span><span class="p">)</span> <span class="n">typedConfig</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">ptypes</span><span class="o">.</span><span class="n">MarshalAny</span><span class="p">(</span><span class="n">manager</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="nb">panic</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">listener</span><span class="o">.</span><span class="n">Listener</span><span class="p">{</span> <span class="n">Name</span><span class="o">:</span> <span class="n">listenerName</span><span class="p">,</span> <span class="n">Address</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">core</span><span class="o">.</span><span class="n">Address</span><span class="p">{</span> <span class="n">Address</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">core</span><span class="o">.</span><span class="n">Address_SocketAddress</span><span class="p">{</span> <span class="n">SocketAddress</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">core</span><span class="o">.</span><span class="n">SocketAddress</span><span class="p">{</span> <span class="n">Protocol</span><span class="o">:</span> <span class="n">core</span><span class="o">.</span><span class="n">SocketAddress_TCP</span><span class="p">,</span> <span class="n">Address</span><span class="o">:</span> <span class="s">"0.0.0.0"</span><span class="p">,</span> <span class="n">PortSpecifier</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">core</span><span class="o">.</span><span class="n">SocketAddress_PortValue</span><span class="p">{</span> <span class="n">PortValue</span><span class="o">:</span> <span class="n">listenerPort</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="n">FilterChains</span><span class="o">:</span> <span class="p">[]</span><span class="o">*</span><span class="n">listener</span><span class="o">.</span><span class="n">FilterChain</span><span class="p">{</span> <span class="p">{</span> <span class="n">Filters</span><span class="o">:</span> <span class="p">[]</span><span class="o">*</span><span class="n">listener</span><span class="o">.</span><span class="n">Filter</span><span class="p">{</span> <span class="p">{</span> <span class="n">Name</span><span class="o">:</span> <span class="n">wellknown</span><span class="o">.</span><span class="n">HTTPConnectionManager</span><span class="p">,</span> <span class="n">ConfigType</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">listener</span><span class="o">.</span><span class="n">Filter_TypedConfig</span><span class="p">{</span> <span class="n">TypedConfig</span><span class="o">:</span> <span class="n">typedConfig</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">}</span> <span class="p">}</span> <span class="k">func</span> <span class="n">makeHTTPConnManager</span><span class="p">(</span><span class="n">routeName</span> <span class="kt">string</span><span class="p">)</span> <span class="o">*</span><span class="n">hcm</span><span class="o">.</span><span class="n">HttpConnectionManager</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">hcm</span><span class="o">.</span><span class="n">HttpConnectionManager</span><span class="p">{</span> <span class="n">CodecType</span><span class="o">:</span> <span class="n">hcm</span><span class="o">.</span><span class="n">HttpConnectionManager_AUTO</span><span class="p">,</span> <span class="n">StatPrefix</span><span class="o">:</span> <span class="s">"http"</span><span class="p">,</span> <span class="c">// AccessLog: []*accesslog.AccessLog{</span> <span class="c">// {</span> <span class="c">// Name: "envoy.access_loggers.stdout",</span> <span class="c">// ConfigType: &amp;accesslog.AccessLog_TypedConfig{},</span> <span class="c">// },</span> <span class="c">// },</span> <span class="n">RouteSpecifier</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">hcm</span><span class="o">.</span><span class="n">HttpConnectionManager_Rds</span><span class="p">{</span> <span class="n">Rds</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">hcm</span><span class="o">.</span><span class="n">Rds</span><span class="p">{</span> <span class="n">ConfigSource</span><span class="o">:</span> <span class="n">makeConfigSource</span><span class="p">(),</span> <span class="n">RouteConfigName</span><span class="o">:</span> <span class="n">routeName</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="n">HttpFilters</span><span class="o">:</span> <span class="p">[]</span><span class="o">*</span><span class="n">hcm</span><span class="o">.</span><span class="n">HttpFilter</span><span class="p">{</span> <span class="p">{</span> <span class="n">Name</span><span class="o">:</span> <span class="n">wellknown</span><span class="o">.</span><span class="n">Router</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">}</span> <span class="p">}</span> <span class="k">func</span> <span class="n">makeConfigSource</span><span class="p">()</span> <span class="o">*</span><span class="n">core</span><span class="o">.</span><span class="n">ConfigSource</span> <span class="p">{</span> <span class="n">source</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">core</span><span class="o">.</span><span class="n">ConfigSource</span><span class="p">{}</span> <span class="n">source</span><span class="o">.</span><span class="n">ResourceApiVersion</span> <span class="o">=</span> <span class="n">resource</span><span class="o">.</span><span class="n">DefaultAPIVersion</span> <span class="n">source</span><span class="o">.</span><span class="n">ConfigSourceSpecifier</span> <span class="o">=</span> <span class="o">&amp;</span><span class="n">core</span><span class="o">.</span><span class="n">ConfigSource_ApiConfigSource</span><span class="p">{</span> <span class="n">ApiConfigSource</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">core</span><span class="o">.</span><span class="n">ApiConfigSource</span><span class="p">{</span> <span class="n">TransportApiVersion</span><span class="o">:</span> <span class="n">resource</span><span class="o">.</span><span class="n">DefaultAPIVersion</span><span class="p">,</span> <span class="n">ApiType</span><span class="o">:</span> <span class="n">core</span><span class="o">.</span><span class="n">ApiConfigSource_GRPC</span><span class="p">,</span> <span class="n">SetNodeOnFirstMessageOnly</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span> <span class="n">GrpcServices</span><span class="o">:</span> <span class="p">[]</span><span class="o">*</span><span class="n">core</span><span class="o">.</span><span class="n">GrpcService</span><span class="p">{</span> <span class="p">{</span> <span class="n">TargetSpecifier</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">core</span><span class="o">.</span><span class="n">GrpcService_EnvoyGrpc_</span><span class="p">{</span> <span class="n">EnvoyGrpc</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">core</span><span class="o">.</span><span class="n">GrpcService_EnvoyGrpc</span><span class="p">{</span> <span class="n">ClusterName</span><span class="o">:</span> <span class="s">"xds_cluster"</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">},</span> <span class="p">}</span> <span class="k">return</span> <span class="n">source</span> <span class="p">}</span> </code></pre> </div> <p>So far what we've managed to do is to:</p> <ol> <li>Define our whole configuration in Go using the envoy's <code>go-control-plane</code> library</li> <li>Wrap that configuration in an envoy <code>Snapshot</code> </li> </ol> <p>With one more call we can wrap this <code>Snapshot</code> inside a <code>SnapshotCache</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">snapshotCache</span> <span class="o">=</span> <span class="n">cache</span><span class="o">.</span><span class="n">NewSnapshotCache</span><span class="p">(</span><span class="no">false</span><span class="p">,</span> <span class="n">cache</span><span class="o">.</span><span class="n">IDHash</span><span class="p">{},</span> <span class="n">log</span><span class="p">)</span> <span class="n">snapshot</span> <span class="o">:=</span> <span class="n">snapshot</span><span class="o">.</span><span class="n">GenerateSnapshot</span><span class="p">(</span><span class="s">"listener_0"</span><span class="p">,</span> <span class="s">"local_route"</span><span class="p">,</span> <span class="s">"example_cluster"</span><span class="p">,</span> <span class="s">"www.envoyproxy.io"</span><span class="p">,</span> <span class="m">10000</span><span class="p">,</span> <span class="m">80</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">snapshotCache</span><span class="o">.</span><span class="n">SetSnapshot</span><span class="p">(</span><span class="s">"test-id"</span><span class="p">,</span> <span class="n">snapshot</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"snapshot error %q for %+v"</span><span class="p">,</span> <span class="n">err</span><span class="p">,</span> <span class="n">snapshot</span><span class="p">)</span> <span class="n">os</span><span class="o">.</span><span class="n">Exit</span><span class="p">(</span><span class="m">1</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>This is pretty simple – with all that we've already written above in our <code>makeCluster</code>, <code>makeRoute</code>, <code>makeListener</code> methods, we are basically defining:</p> <ol> <li>A <code>listener</code> name <code>listener_0</code> </li> <li>A <code>route</code> named <code>local_route</code> </li> <li>A <code>cluster</code> named <code>example_cluster</code> </li> <li>An upstream <code>host</code> which is <code>www.envoyproxy.io</code> </li> <li> <code>Listener</code> port <code>10000</code> </li> <li> <code>Upstream</code> port <code>80</code> </li> </ol> <p>This should mean that this configuration should create a <code>listener</code> binding to port <code>10000</code> and proxying to <a href="http://www.envoyproxy.io" rel="noopener noreferrer">www.envoyproxy.io</a> on port <code>80</code></p> <p>The last line is the method <code>SetSnapshot</code> where we tell the <code>SnapshotCache</code> of the active <code>snapshot</code> in the cache and the name of that snapshot.</p> <h5> Setting up the gRPC services </h5> <p>Since in this post we are talking about dynamic serving of envoy through the xDS control plane, the gRPC protocol forms the basis of how this configuration will be served to the envoy proxies. So lets set that up now:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">import</span> <span class="p">(</span> <span class="s">"context"</span> <span class="s">"encoding/json"</span> <span class="s">"fmt"</span> <span class="s">"net"</span> <span class="s">"os"</span> <span class="n">clusterservice</span> <span class="s">"github.com/envoyproxy/go-control-plane/envoy/service/cluster/v3"</span> <span class="n">discoverygrpc</span> <span class="s">"github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3"</span> <span class="n">endpointservice</span> <span class="s">"github.com/envoyproxy/go-control-plane/envoy/service/endpoint/v3"</span> <span class="n">listenerservice</span> <span class="s">"github.com/envoyproxy/go-control-plane/envoy/service/listener/v3"</span> <span class="n">routeservice</span> <span class="s">"github.com/envoyproxy/go-control-plane/envoy/service/route/v3"</span> <span class="n">runtimeservice</span> <span class="s">"github.com/envoyproxy/go-control-plane/envoy/service/runtime/v3"</span> <span class="n">secretservice</span> <span class="s">"github.com/envoyproxy/go-control-plane/envoy/service/secret/v3"</span> <span class="n">generator</span> <span class="s">"github.com/ishankhare07/envoy-dynamic/pkg/snapshot"</span> <span class="s">"github.com/ishankhare07/envoy-dynamic/pkg/logger"</span> <span class="s">"github.com/envoyproxy/go-control-plane/pkg/cache/v3"</span> <span class="s">"github.com/envoyproxy/go-control-plane/pkg/server/v3"</span> <span class="s">"github.com/envoyproxy/go-control-plane/pkg/test/v3"</span> <span class="s">"google.golang.org/grpc"</span> <span class="s">"google.golang.org/grpc/reflection"</span> <span class="p">)</span> <span class="k">var</span> <span class="n">log</span> <span class="o">*</span><span class="n">logger</span><span class="o">.</span><span class="n">Logger</span> <span class="k">var</span> <span class="n">snapshotCache</span> <span class="n">cache</span><span class="o">.</span><span class="n">SnapshotCache</span> <span class="k">func</span> <span class="n">init</span><span class="p">()</span> <span class="p">{</span> <span class="n">log</span> <span class="o">=</span> <span class="o">&amp;</span><span class="n">logger</span><span class="o">.</span><span class="n">Logger</span><span class="p">{</span><span class="n">Debug</span><span class="o">:</span> <span class="no">true</span><span class="p">}</span> <span class="p">}</span> <span class="k">func</span> <span class="n">RunServer</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">port</span> <span class="kt">uint</span><span class="p">)</span> <span class="p">{</span> <span class="n">grpcServer</span> <span class="o">:=</span> <span class="n">grpc</span><span class="o">.</span><span class="n">NewServer</span><span class="p">()</span> <span class="n">lis</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">net</span><span class="o">.</span><span class="n">Listen</span><span class="p">(</span><span class="s">"tcp"</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">":%d"</span><span class="p">,</span> <span class="n">port</span><span class="p">))</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"%v"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">snapshotCache</span> <span class="o">=</span> <span class="n">cache</span><span class="o">.</span><span class="n">NewSnapshotCache</span><span class="p">(</span><span class="no">false</span><span class="p">,</span> <span class="n">cache</span><span class="o">.</span><span class="n">IDHash</span><span class="p">{},</span> <span class="n">log</span><span class="p">)</span> <span class="n">snapshot</span> <span class="o">:=</span> <span class="n">generator</span><span class="o">.</span><span class="n">GenerateSnapshot</span><span class="p">(</span><span class="s">"listener_0"</span><span class="p">,</span> <span class="s">"local_route"</span><span class="p">,</span> <span class="s">"example_cluster"</span><span class="p">,</span> <span class="s">"www.envoyproxy.io"</span><span class="p">,</span> <span class="m">10000</span><span class="p">,</span> <span class="m">80</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">snapshot</span><span class="o">.</span><span class="n">Consistent</span><span class="p">();</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"snapshot inconsistency: %+v</span><span class="se">\n</span><span class="s">%+v"</span><span class="p">,</span> <span class="n">snapshot</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="n">os</span><span class="o">.</span><span class="n">Exit</span><span class="p">(</span><span class="m">1</span><span class="p">)</span> <span class="p">}</span> <span class="n">t</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="n">json</span><span class="o">.</span><span class="n">MarshalIndent</span><span class="p">(</span><span class="n">snapshot</span><span class="p">,</span> <span class="s">""</span><span class="p">,</span> <span class="s">" "</span><span class="p">)</span> <span class="n">log</span><span class="o">.</span><span class="n">Debugf</span><span class="p">(</span><span class="s">"will serve snapshot %s"</span><span class="p">,</span> <span class="n">t</span><span class="p">)</span> <span class="c">// Add the snapshot to the cache</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">snapshotCache</span><span class="o">.</span><span class="n">SetSnapshot</span><span class="p">(</span><span class="s">"test-id"</span><span class="p">,</span> <span class="n">snapshot</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"snapshot error %q for %+v"</span><span class="p">,</span> <span class="n">err</span><span class="p">,</span> <span class="n">snapshot</span><span class="p">)</span> <span class="n">os</span><span class="o">.</span><span class="n">Exit</span><span class="p">(</span><span class="m">1</span><span class="p">)</span> <span class="p">}</span> <span class="n">cb</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">test</span><span class="o">.</span><span class="n">Callbacks</span><span class="p">{</span><span class="n">Debug</span><span class="o">:</span> <span class="n">log</span><span class="o">.</span><span class="n">Debug</span><span class="p">}</span> <span class="n">srv</span> <span class="o">:=</span> <span class="n">server</span><span class="o">.</span><span class="n">NewServer</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">snapshotCache</span><span class="p">,</span> <span class="n">cb</span><span class="p">)</span> <span class="n">registerServer</span><span class="p">(</span><span class="n">grpcServer</span><span class="p">,</span> <span class="n">srv</span><span class="p">)</span> <span class="n">helloworldservice</span><span class="o">.</span><span class="n">RegisterGreeterServer</span><span class="p">(</span><span class="n">grpcServer</span><span class="p">,</span> <span class="n">helloworldservice</span><span class="o">.</span><span class="n">NewHelloWorldServer</span><span class="p">(</span><span class="n">snapshotCache</span><span class="p">))</span> <span class="n">reflection</span><span class="o">.</span><span class="n">Register</span><span class="p">(</span><span class="n">grpcServer</span><span class="p">)</span> <span class="n">log</span><span class="o">.</span><span class="n">Infof</span><span class="p">(</span><span class="s">"management server listening on port %d</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">port</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">=</span> <span class="n">grpcServer</span><span class="o">.</span><span class="n">Serve</span><span class="p">(</span><span class="n">lis</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"%v"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="nb">panic</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="k">func</span> <span class="n">registerServer</span><span class="p">(</span><span class="n">grpcServer</span> <span class="o">*</span><span class="n">grpc</span><span class="o">.</span><span class="n">Server</span><span class="p">,</span> <span class="n">server</span> <span class="n">server</span><span class="o">.</span><span class="n">Server</span><span class="p">)</span> <span class="p">{</span> <span class="c">// register services</span> <span class="n">discoverygrpc</span><span class="o">.</span><span class="n">RegisterAggregatedDiscoveryServiceServer</span><span class="p">(</span><span class="n">grpcServer</span><span class="p">,</span> <span class="n">server</span><span class="p">)</span> <span class="n">endpointservice</span><span class="o">.</span><span class="n">RegisterEndpointDiscoveryServiceServer</span><span class="p">(</span><span class="n">grpcServer</span><span class="p">,</span> <span class="n">server</span><span class="p">)</span> <span class="n">clusterservice</span><span class="o">.</span><span class="n">RegisterClusterDiscoveryServiceServer</span><span class="p">(</span><span class="n">grpcServer</span><span class="p">,</span> <span class="n">server</span><span class="p">)</span> <span class="n">routeservice</span><span class="o">.</span><span class="n">RegisterRouteDiscoveryServiceServer</span><span class="p">(</span><span class="n">grpcServer</span><span class="p">,</span> <span class="n">server</span><span class="p">)</span> <span class="n">listenerservice</span><span class="o">.</span><span class="n">RegisterListenerDiscoveryServiceServer</span><span class="p">(</span><span class="n">grpcServer</span><span class="p">,</span> <span class="n">server</span><span class="p">)</span> <span class="n">secretservice</span><span class="o">.</span><span class="n">RegisterSecretDiscoveryServiceServer</span><span class="p">(</span><span class="n">grpcServer</span><span class="p">,</span> <span class="n">server</span><span class="p">)</span> <span class="n">runtimeservice</span><span class="o">.</span><span class="n">RegisterRuntimeDiscoveryServiceServer</span><span class="p">(</span><span class="n">grpcServer</span><span class="p">,</span> <span class="n">server</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>So our previously posted diagram becomes something like this<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fstorage.googleapis.com%2Fahins%2Fimages%2Fstruct.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fstorage.googleapis.com%2Fahins%2Fimages%2Fstruct.png"></a></p> <p>Lets make sure we serve this!<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"context"</span> <span class="n">aggregateGRPCServer</span> <span class="s">"github.com/ishankhare07/envoy-dynamic/pkg/server"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">ctx</span> <span class="o">:=</span> <span class="n">context</span><span class="o">.</span><span class="n">Background</span><span class="p">()</span> <span class="n">aggregateGRPCServer</span><span class="o">.</span><span class="n">RunServer</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="m">18000</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>So our <code>xDS</code> server will be serving configuration on port <code>18000</code>, and according to the configuration <code>listener_0</code> will be binding and proxying on <code>localhost:10000</code> to <code>www.envoyproxy.io:80</code></p> <h5> Running the envoy proxy </h5> <p>Since we are serving the config from xDS control plane this time, does that mean we don't need to write any <code>static_configuration</code> now?<br> Unfortunately NO! – We still need to tell envoy where the dynamic configuration is being server at. The main flexibiliy that this control plane mode is allowing us is to programatically control the configuration – something that we'll explore soon in the following blog posts of this series. but for now we still need to write some basic envoy config:<br> envoy-dynamic-control-plane.yaml<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">node</span><span class="pi">:</span> <span class="na">cluster</span><span class="pi">:</span> <span class="s">test-cluster</span> <span class="na">id</span><span class="pi">:</span> <span class="s">test-id</span> <span class="na">dynamic_resources</span><span class="pi">:</span> <span class="na">ads_config</span><span class="pi">:</span> <span class="na">api_type</span><span class="pi">:</span> <span class="s">GRPC</span> <span class="na">transport_api_version</span><span class="pi">:</span> <span class="s">V3</span> <span class="na">grpc_services</span><span class="pi">:</span> <span class="na">envoy_grpc</span><span class="pi">:</span> <span class="na">cluster_name</span><span class="pi">:</span> <span class="s">xds_cluster</span> <span class="na">cds_config</span><span class="pi">:</span> <span class="na">resource_api_version</span><span class="pi">:</span> <span class="s">V3</span> <span class="na">ads</span><span class="pi">:</span> <span class="pi">{}</span> <span class="na">lds_config</span><span class="pi">:</span> <span class="na">resource_api_version</span><span class="pi">:</span> <span class="s">V3</span> <span class="na">ads</span><span class="pi">:</span> <span class="pi">{}</span> <span class="na">static_resources</span><span class="pi">:</span> <span class="na">clusters</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">type</span><span class="pi">:</span> <span class="s">STRICT_DNS</span> <span class="na">typed_extension_protocol_options</span><span class="pi">:</span> <span class="na">envoy.extensions.upstreams.http.v3.HttpProtocolOptions</span><span class="pi">:</span> <span class="s2">"</span><span class="s">@type"</span><span class="err">:</span> <span class="s">type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions</span> <span class="s">explicit_http_config</span><span class="err">:</span> <span class="na">http2_protocol_options</span><span class="pi">:</span> <span class="pi">{}</span> <span class="na">name</span><span class="pi">:</span> <span class="s">xds_cluster</span> <span class="na">http2_protocol_options</span><span class="pi">:</span> <span class="pi">{}</span> <span class="na">connect_timeout</span><span class="pi">:</span> <span class="s">3s</span> <span class="na">load_assignment</span><span class="pi">:</span> <span class="na">cluster_name</span><span class="pi">:</span> <span class="s">xds_cluster</span> <span class="na">endpoints</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">lb_endpoints</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">endpoint</span><span class="pi">:</span> <span class="na">address</span><span class="pi">:</span> <span class="na">socket_address</span><span class="pi">:</span> <span class="na">address</span><span class="pi">:</span> <span class="s">localhost</span> <span class="na">port_value</span><span class="pi">:</span> <span class="m">18000</span> <span class="na">admin</span><span class="pi">:</span> <span class="na">access_log_path</span><span class="pi">:</span> <span class="s">/dev/null</span> <span class="na">address</span><span class="pi">:</span> <span class="na">socket_address</span><span class="pi">:</span> <span class="na">address</span><span class="pi">:</span> <span class="s">0.0.0.0</span> <span class="na">port_value</span><span class="pi">:</span> <span class="m">19000</span> <span class="na">layered_runtime</span><span class="pi">:</span> <span class="na">layers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">runtime-0</span> <span class="na">rtds_layer</span><span class="pi">:</span> <span class="na">rtds_config</span><span class="pi">:</span> <span class="na">resource_api_version</span><span class="pi">:</span> <span class="s">V3</span> <span class="na">api_config_source</span><span class="pi">:</span> <span class="na">transport_api_version</span><span class="pi">:</span> <span class="s">V3</span> <span class="na">api_type</span><span class="pi">:</span> <span class="s">GRPC</span> <span class="na">grpc_services</span><span class="pi">:</span> <span class="na">envoy_grpc</span><span class="pi">:</span> <span class="na">cluster_name</span><span class="pi">:</span> <span class="s">xds_cluster</span> <span class="na">name</span><span class="pi">:</span> <span class="s">runtime-0</span> </code></pre> </div> <p>Interesting parts are:</p> <ol> <li> <code>dynamic_resources.ads_config</code> – here we tell envoy to: <ul> <li>Expect a GRPC configuration</li> <li>Conforming to V3 of the envoy api</li> <li>Served by a envoy <code>cluster</code> named <code>xds_cluster</code> – where would envoy find <code>xds_cluster</code> now? Read along</li> </ul> </li> <li> <code>static_resources.clusters[0].name</code> – answer to your question above</li> <li> <code>static_resources.clusters[0].endpoints</code> – what endpoints to expect in this cluster (basically the <code>host</code> and <code>port</code> of our gRPC <code>xDS</code> server serving the dynamic configuration)</li> </ol> <p>Here's what things look like now<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fstorage.googleapis.com%2Fahins%2Fimages%2Ffinal_struct.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fstorage.googleapis.com%2Fahins%2Fimages%2Ffinal_struct.png"></a></p> <h4> Running everything </h4> <p>If you've followed along till now, here's the reward. Lets run the control plane and the envoy server:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># in one shell let's start the control plane</span> go run main.go 2022/01/14 03:11:48 will serve snapshot <span class="o">{</span> <span class="s2">"Resources"</span>: <span class="o">[</span> <span class="o">{</span> <span class="s2">"Version"</span>: <span class="s2">"1"</span>, <span class="s2">"Items"</span>: <span class="o">{}</span> <span class="o">}</span>, <span class="o">{</span> <span class="s2">"Version"</span>: <span class="s2">"1"</span>, <span class="s2">"Items"</span>: <span class="o">{</span> <span class="s2">"example_cluster"</span>: <span class="o">{</span> <span class="s2">"Resource"</span>: <span class="o">{</span> <span class="s2">"name"</span>: <span class="s2">"example_cluster"</span>, <span class="s2">"ClusterDiscoveryType"</span>: <span class="o">{</span> <span class="s2">"Type"</span>: 2 <span class="o">}</span>, <span class="s2">"connect_timeout"</span>: <span class="o">{</span> <span class="s2">"seconds"</span>: 5 <span class="o">}</span>, <span class="s2">"load_assignment"</span>: <span class="o">{</span> <span class="s2">"cluster_name"</span>: <span class="s2">"example_cluster"</span>, <span class="s2">"endpoints"</span>: <span class="o">[</span> <span class="o">{</span> <span class="s2">"lb_endpoints"</span>: <span class="o">[</span> <span class="o">{</span> <span class="s2">"HostIdentifier"</span>: <span class="o">{</span> <span class="s2">"Endpoint"</span>: <span class="o">{</span> <span class="s2">"address"</span>: <span class="o">{</span> <span class="s2">"Address"</span>: <span class="o">{</span> <span class="s2">"SocketAddress"</span>: <span class="o">{</span> <span class="s2">"address"</span>: <span class="s2">"www.envoyproxy.io"</span>, <span class="s2">"PortSpecifier"</span>: <span class="o">{</span> <span class="s2">"PortValue"</span>: 80 <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">]</span> <span class="o">}</span> <span class="o">]</span> <span class="o">}</span>, <span class="s2">"dns_lookup_family"</span>: 1, <span class="s2">"LbConfig"</span>: null <span class="o">}</span>, <span class="s2">"Ttl"</span>: null <span class="o">}</span> <span class="o">}</span> <span class="o">}</span>, <span class="o">{</span> <span class="s2">"Version"</span>: <span class="s2">"1"</span>, <span class="s2">"Items"</span>: <span class="o">{</span> <span class="s2">"local_route"</span>: <span class="o">{</span> <span class="s2">"Resource"</span>: <span class="o">{</span> <span class="s2">"name"</span>: <span class="s2">"local_route"</span>, <span class="s2">"virtual_hosts"</span>: <span class="o">[</span> <span class="o">{</span> <span class="s2">"name"</span>: <span class="s2">"local_service"</span>, <span class="s2">"domains"</span>: <span class="o">[</span> <span class="s2">"*"</span> <span class="o">]</span>, <span class="s2">"routes"</span>: <span class="o">[</span> <span class="o">{</span> <span class="s2">"match"</span>: <span class="o">{</span> <span class="s2">"PathSpecifier"</span>: <span class="o">{</span> <span class="s2">"Prefix"</span>: <span class="s2">"/"</span> <span class="o">}</span> <span class="o">}</span>, <span class="s2">"Action"</span>: <span class="o">{</span> <span class="s2">"Route"</span>: <span class="o">{</span> <span class="s2">"ClusterSpecifier"</span>: <span class="o">{</span> <span class="s2">"Cluster"</span>: <span class="s2">"example_cluster"</span> <span class="o">}</span>, <span class="s2">"HostRewriteSpecifier"</span>: <span class="o">{</span> <span class="s2">"HostRewriteLiteral"</span>: <span class="s2">"www.envoyproxy.io"</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">]</span> <span class="o">}</span> <span class="o">]</span> <span class="o">}</span>, <span class="s2">"Ttl"</span>: null <span class="o">}</span> <span class="o">}</span> <span class="o">}</span>, <span class="o">{</span> <span class="s2">"Version"</span>: <span class="s2">"1"</span>, <span class="s2">"Items"</span>: <span class="o">{</span> <span class="s2">"listener_0"</span>: <span class="o">{</span> <span class="s2">"Resource"</span>: <span class="o">{</span> <span class="s2">"name"</span>: <span class="s2">"listener_0"</span>, <span class="s2">"address"</span>: <span class="o">{</span> <span class="s2">"Address"</span>: <span class="o">{</span> <span class="s2">"SocketAddress"</span>: <span class="o">{</span> <span class="s2">"address"</span>: <span class="s2">"0.0.0.0"</span>, <span class="s2">"PortSpecifier"</span>: <span class="o">{</span> <span class="s2">"PortValue"</span>: 10000 <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span>, <span class="s2">"filter_chains"</span>: <span class="o">[</span> <span class="o">{</span> <span class="s2">"filters"</span>: <span class="o">[</span> <span class="o">{</span> <span class="s2">"name"</span>: <span class="s2">"envoy.filters.network.http_connection_manager"</span>, <span class="s2">"ConfigType"</span>: <span class="o">{</span> <span class="s2">"TypedConfig"</span>: <span class="o">{</span> <span class="s2">"type_url"</span>: <span class="s2">"type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"</span>, <span class="s2">"value"</span>: <span class="s2">"EgRodHRwKhsKGWVudm95LmZpbHRlcnMuaHR0cC5yb3V0ZXIaKgobMAISFwgCIg8KDQoLeGRzX2NsdXN0ZXI4AUACEgtsb2NhbF9yb3V0ZQ=="</span> <span class="o">}</span> <span class="o">}</span> <span class="o">}</span> <span class="o">]</span> <span class="o">}</span> <span class="o">]</span>, <span class="s2">"ListenerSpecifier"</span>: null <span class="o">}</span>, <span class="s2">"Ttl"</span>: null <span class="o">}</span> <span class="o">}</span> <span class="o">}</span>, <span class="o">{</span> <span class="s2">"Version"</span>: <span class="s2">"1"</span>, <span class="s2">"Items"</span>: <span class="o">{}</span> <span class="o">}</span>, <span class="o">{</span> <span class="s2">"Version"</span>: <span class="s2">"1"</span>, <span class="s2">"Items"</span>: <span class="o">{}</span> <span class="o">}</span>, <span class="o">{</span> <span class="s2">"Version"</span>: <span class="s2">"1"</span>, <span class="s2">"Items"</span>: <span class="o">{}</span> <span class="o">}</span> <span class="o">]</span>, <span class="s2">"VersionMap"</span>: null <span class="o">}</span> 2022/01/14 03:11:48 management server listening on port 18000 </code></pre> </div> <p>We are spitting out the served <code>xDS</code> configuration for convenience. Lets start the envoy server in another terminal with the previously defined configuration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>envoy <span class="nt">-c</span> envoy-dynamic-control-plane.yaml <span class="nt">-l</span> debug <span class="nb">.</span> <span class="nb">.</span> <span class="nb">.</span> <span class="o">[</span>2022-01-14 03:14:28.280][4602226][debug][router] <span class="o">[</span><span class="nb">source</span>/common/router/router.cc:486] <span class="o">[</span>C0][S9032965470346210647] cluster <span class="s1">'xds_cluster'</span> match <span class="k">for </span>URL <span class="s1">'/envoy.service.discovery.v3.AggregatedDiscoveryServic e/StreamAggregatedResources'</span> <span class="o">[</span>2022-01-14 03:14:28.280][4602226][debug][router] <span class="o">[</span><span class="nb">source</span>/common/router/router.cc:702] <span class="o">[</span>C0][S9032965470346210647] router decoding headers: <span class="s1">':method'</span>, <span class="s1">'POST'</span> <span class="s1">':path'</span>, <span class="s1">'/envoy.service.discovery.v3.AggregatedDiscoveryService/StreamAggregatedResources'</span> <span class="s1">':authority'</span>, <span class="s1">'xds_cluster'</span> <span class="s1">':scheme'</span>, <span class="s1">'http'</span> <span class="s1">'te'</span>, <span class="s1">'trailers'</span> <span class="s1">'content-type'</span>, <span class="s1">'application/grpc'</span> <span class="s1">'x-envoy-internal'</span>, <span class="s1">'true'</span> <span class="s1">'x-forwarded-for'</span>, <span class="s1">'192.168.29.160'</span> <span class="nb">.</span> <span class="nb">.</span> <span class="nb">.</span> <span class="nb">.</span> </code></pre> </div> <p>There will be lots of information but the one I've pasted above confirms that envoy was able to find the xds_cluster serving our configuration. Also if we go and look at the <code>control_plane</code> terminal, we'll find this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>2022/01/14 03:14:27 stream 1 open <span class="k">for </span>type.googleapis.com/envoy.service.runtime.v3.Runtime 2022/01/14 03:14:27 respond type.googleapis.com/envoy.service.runtime.v3.Runtime[runtime-0] version <span class="s2">""</span> with version <span class="s2">"1"</span> 2022/01/14 03:14:27 open watch 1 <span class="k">for </span>type.googleapis.com/envoy.service.runtime.v3.Runtime[runtime-0] from nodeID <span class="s2">"test-id"</span>, version <span class="s2">"1"</span> 2022/01/14 03:14:28 stream 2 open <span class="k">for </span>2022/01/14 03:14:42 respond type.googleapis.com/envoy.config.cluster.v3.Cluster[] version <span class="s2">""</span> with version <span class="s2">"1"</span> 2022/01/14 03:14:42 open watch 2 <span class="k">for </span>type.googleapis.com/envoy.config.cluster.v3.Cluster[] from nodeID <span class="s2">"test-id"</span>, version <span class="s2">"1"</span> 2022/01/14 03:14:43 respond type.googleapis.com/envoy.config.listener.v3.Listener[] version <span class="s2">""</span> with version <span class="s2">"1"</span> 2022/01/14 03:14:43 stream 3 open <span class="k">for </span>type.googleapis.com/envoy.config.route.v3.RouteConfiguration 2022/01/14 03:14:43 open watch 3 <span class="k">for </span>type.googleapis.com/envoy.config.listener.v3.Listener[] from nodeID <span class="s2">"test-id"</span>, version <span class="s2">"1"</span> 2022/01/14 03:14:43 respond type.googleapis.com/envoy.config.route.v3.RouteConfiguration[local_route] version <span class="s2">""</span> with version <span class="s2">"1"</span> 2022/01/14 03:14:43 open watch 4 <span class="k">for </span>type.googleapis.com/envoy.config.route.v3.RouteConfiguration[local_route] from nodeID <span class="s2">"test-id"</span>, version <span class="s2">"1"</span> </code></pre> </div> <p>Let's test by visiting <a href="http://localhost:10000" rel="noopener noreferrer">http://localhost:10000</a> – on clicking this link you should be redirected to <a href="http://www.envoyproxy.io:80" rel="noopener noreferrer">www.envoyproxy.io:80</a> <br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fstorage.googleapis.com%2Fahins%2Fimages%2FScreenshot_2022-01-14_at_03-21-02_Envoy_Proxy_-_Home.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fstorage.googleapis.com%2Fahins%2Fimages%2FScreenshot_2022-01-14_at_03-21-02_Envoy_Proxy_-_Home.png"></a></p> <p>And there you have it!</p> <p>If you would like to see the whole repo and code better organized that this blog post, head ove to this github repo – github.com/ishankhare07/envoy-dynamic</p> <h5> What next?! </h5> <p>Continuing my habbit of fiddling with all kinds of things, I've decided to convert this already long 2 part series of posts even longer. The goal is to start from envoy basics already discussed in the past and the current post and going all the way up to a very curde service mesh implementation. In the coming days I would be covering more of the following topics:</p> <ol> <li>Dynamically adding more upstreams to our control plane through an exposed gRPC endpoint.</li> <li>Write a <code>sidecar</code> injector that is able to inject envoy proxies into our k8s pods</li> <li>Serve control plane inside k8s cluster with the <code>sidecar</code> injector enabled</li> <li>Make the envoy sidecars fetch the dynamic configuration from the in-cluster control plane and proxy few upstreams.</li> <li>Wrap the control plane in a k8s controller and use a CRD to add / remove upstreams</li> <li>Proxy <code>Pod</code>-to-<code>Pod</code> communication and updating the upstream configuration using the k8s controller.</li> </ol> reverseproxy servicemesh envoy go Dabbling with Envoy configurations - Part I Ishan Khare Mon, 28 Jun 2021 12:44:36 +0000 https://forem.com/ishankhare07/dabbling-with-envoy-configurations-part-i-3lfi https://forem.com/ishankhare07/dabbling-with-envoy-configurations-part-i-3lfi <h3> Types of envoy configurations </h3> <ol> <li>Static configuration</li> <li>Dynamic configuration. This can be done in two ways: <ul> <li>From Filesystem</li> <li>From Control plane</li> </ul> </li> </ol> <h3> Static configuration </h3> <p>To start envoy in static configuration we need the following:</p> <ol> <li><a href="https://www.envoyproxy.io/docs/envoy/latest/start/quick-start/configuration-static#start-quick-start-static-listeners">listeners</a></li> <li><a href="https://www.envoyproxy.io/docs/envoy/latest/start/quick-start/configuration-static#start-quick-start-static-clusters">clusters</a></li> <li><a href="https://www.envoyproxy.io/docs/envoy/latest/start/quick-start/configuration-static#start-quick-start-static-static-resources">static_reources</a></li> <li>(Optional) <a href="https://www.envoyproxy.io/docs/envoy/latest/start/quick-start/admin#start-quick-start-admin">admin</a> section</li> </ol> <h5> static_resources </h5> <p>Contain everything that is configured statically when envoy starts. Can contain the following:</p> <ul> <li><code>[]listeners</code></li> <li><code>[]clusters</code></li> <li><code>[]secrets</code></li> </ul> <h5> listeners </h5> <p>Lets configure an example listener on port 10000. Here all paths are matched and routed to <code>service_envoyproxy_io</code> cluster<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">listeners</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">listener_0</span> <span class="na">address</span><span class="pi">:</span> <span class="na">socket_address</span><span class="pi">:</span> <span class="na">address</span><span class="pi">:</span> <span class="s">0.0.0.0</span> <span class="na">port_value</span><span class="pi">:</span> <span class="m">10000</span> <span class="na">filter_chains</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">filters</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">envoy.filters.network.http_connection_manager</span> <span class="na">typed_config</span><span class="pi">:</span> <span class="s2">"</span><span class="s">@type"</span><span class="pi">:</span> <span class="s">type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager</span> <span class="na">stat_prefix</span><span class="pi">:</span> <span class="s">ingress_http</span> <span class="na">access_log</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">envoy.access_loggers.stdout</span> <span class="na">typed_config</span><span class="pi">:</span> <span class="s2">"</span><span class="s">@type"</span><span class="pi">:</span> <span class="s">type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog</span> <span class="na">http_filters</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">envoy.filters.http.router</span> <span class="na">route_config</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">local_route</span> <span class="na">virtual_hosts</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">local_service</span> <span class="na">domains</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">*"</span><span class="pi">]</span> <span class="na">routes</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">match</span><span class="pi">:</span> <span class="na">prefix</span><span class="pi">:</span> <span class="s2">"</span><span class="s">/"</span> <span class="na">route</span><span class="pi">:</span> <span class="na">host_rewrite_literal</span><span class="pi">:</span> <span class="s">www.envoyproxy.io</span> <span class="na">cluster</span><span class="pi">:</span> <span class="s">service_envoyproxy_io</span> </code></pre> </div> <h5> cluster </h5> <p>The service_envoyproxy_io cluster proxies over <code>TLS</code> to <a href="https://www.envoyproxy.io">https://www.envoyproxy.io</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">clusters</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">service_envoyproxy_io</span> <span class="na">type</span><span class="pi">:</span> <span class="s">LOGICAL_DNS</span> <span class="c1"># Comment out the following line to test on v6 networks</span> <span class="na">dns_lookup_family</span><span class="pi">:</span> <span class="s">V4_ONLY</span> <span class="na">load_assignment</span><span class="pi">:</span> <span class="na">cluster_name</span><span class="pi">:</span> <span class="s">service_envoyproxy_io</span> <span class="na">endpoints</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">lb_endpoints</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">endpoint</span><span class="pi">:</span> <span class="na">address</span><span class="pi">:</span> <span class="na">socket_address</span><span class="pi">:</span> <span class="na">address</span><span class="pi">:</span> <span class="s">www.envoyproxy.io</span> <span class="na">port_value</span><span class="pi">:</span> <span class="m">443</span> <span class="na">transport_socket</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">envoy.transport_sockets.tls</span> <span class="na">typed_config</span><span class="pi">:</span> <span class="s2">"</span><span class="s">@type"</span><span class="pi">:</span> <span class="s">type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext</span> <span class="na">sni</span><span class="pi">:</span> <span class="s">www.envoyproxy.io</span> </code></pre> </div> <h5> Testing this static configuration </h5> <p>If now we start envoy with this configuration using command <code>envoy -c &lt;config_name&gt;.yaml</code> and try querying the <a href="http://localhost:10000">localhost:10000</a> port, we should get the envoyproxy homepage.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>curl <span class="nt">-v</span> localhost:10000 </code></pre> </div> <h3> Dynamic Configuration from filesystem </h3> <p>In this setup Envoy will automatically update its configuration whenever the files are changed on the filesystem. The following sections are a must for dynamic configuration:</p> <ol> <li><a href="https://www.envoyproxy.io/docs/envoy/latest/start/quick-start/configuration-dynamic-filesystem#start-quick-start-dynamic-fs-node">node</a></li> <li><a href="https://www.envoyproxy.io/docs/envoy/latest/start/quick-start/configuration-dynamic-filesystem#start-quick-start-dynamic-fs-dynamic-resources">dynamic_resources</a></li> </ol> <h5> node </h5> <p>node needs a <code>cluster</code> and an <code>id</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">node</span><span class="pi">:</span> <span class="na">cluster</span><span class="pi">:</span> <span class="s">test-cluster</span> <span class="na">id</span><span class="pi">:</span> <span class="s">test-id</span> </code></pre> </div> <h5> dynamic_resources </h5> <p>Specifies where to load dynamic configuration from<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">dynamic_resources</span><span class="pi">:</span> <span class="na">cds_config</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="s">./cds.yaml</span> <span class="na">lds_config</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="s">./lds_yaml</span> </code></pre> </div> <h5> <code>listener</code> resources </h5> <p>The linked <code>lds_config</code> should be an implementation of a <a href="https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/lds#config-listeners-lds">Listener Discovery Service</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">resources</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">@type"</span><span class="pi">:</span> <span class="s">type.googleapis.com/envoy.config.listener.v3.Listener</span> <span class="na">name</span><span class="pi">:</span> <span class="s">listener_0</span> <span class="na">address</span><span class="pi">:</span> <span class="na">socket_address</span><span class="pi">:</span> <span class="na">address</span><span class="pi">:</span> <span class="s">0.0.0.0</span> <span class="na">port_value</span><span class="pi">:</span> <span class="m">10000</span> <span class="na">filter_chains</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">filters</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">envoy.http_connection_manager</span> <span class="na">typed_config</span><span class="pi">:</span> <span class="s2">"</span><span class="s">@type"</span><span class="pi">:</span> <span class="s">type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager</span> <span class="na">stat_prefix</span><span class="pi">:</span> <span class="s">ingress_http</span> <span class="na">http_filters</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">envoy.router</span> <span class="na">route_config</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">local_route</span> <span class="na">virtual_hosts</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">local_service</span> <span class="na">domains</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">*"</span> <span class="na">routes</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">match</span><span class="pi">:</span> <span class="na">prefix</span><span class="pi">:</span> <span class="s2">"</span><span class="s">/"</span> <span class="na">route</span><span class="pi">:</span> <span class="na">host_rewrite_literal</span><span class="pi">:</span> <span class="s">www.envoyproxy.io</span> <span class="na">cluster</span><span class="pi">:</span> <span class="s">example_proxy_cluster</span> </code></pre> </div> <h5> <code>cluster</code> resources </h5> <p>The linked <code>cds_config</code> should be an implementation of a <a href="https://www.envoyproxy.io/docs/envoy/latest/configuration/upstream/cluster_manager/cds#config-cluster-manager-cds">Cluster Discovery Service</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">resources</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">@type"</span><span class="pi">:</span> <span class="s">type.googleapis.com/envoy.config.cluster.v3.Cluster</span> <span class="na">name</span><span class="pi">:</span> <span class="s">example_proxy_cluster</span> <span class="na">type</span><span class="pi">:</span> <span class="s">STRICT_DNS</span> <span class="na">connect_timeout</span><span class="pi">:</span> <span class="s">3s</span> <span class="na">typed_extension_protocol_options</span><span class="pi">:</span> <span class="s">envoy.extensions.upstreams.http.v3.HttpProtocolOptions</span><span class="pi">:</span> <span class="s2">"</span><span class="s">@type"</span><span class="pi">:</span> <span class="s">type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions</span> <span class="na">explicit_http_config</span><span class="pi">:</span> <span class="na">http2_protocol_options</span><span class="pi">:</span> <span class="pi">{}</span> <span class="na">load_assignment</span><span class="pi">:</span> <span class="na">cluster_name</span><span class="pi">:</span> <span class="s">example_proxy_cluster</span> <span class="na">endpoints</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">lb_endpoints</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">endpoint</span><span class="pi">:</span> <span class="na">address</span><span class="pi">:</span> <span class="na">socket_address</span><span class="pi">:</span> <span class="na">address</span><span class="pi">:</span> <span class="s">www.envoyproxy.io</span> <span class="na">port_value</span><span class="pi">:</span> <span class="m">443</span> <span class="na">transport_socket</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">envoy.transport_sockets.tls</span> <span class="na">typed_config</span><span class="pi">:</span> <span class="s2">"</span><span class="s">@type"</span><span class="pi">:</span> <span class="s">type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext</span> <span class="na">sni</span><span class="pi">:</span> <span class="s">www.envoyproxy.io</span> </code></pre> </div> <h5> Dynamically editing the configuration </h5> <p>Let's try editing this config to start proxying to google.com instead of envoyproxy.io<br><br> In the <code>lds.yaml</code> file change the following:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight diff"><code> routes: - match: prefix: "/" route: <span class="gd">- host_rewrite_literal: www.envoyproxy.io </span><span class="gi">+ host_rewrite_literal: www.google.com </span> cluster: example_proxy_cluster </code></pre> </div> <p>As soon as we do this write in the file, the LDS config in the envoy will update and will show in the logs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>lds: add/update listener <span class="s1">'listener_0'</span> </code></pre> </div> <p>We need to update the <code>cds.yaml</code> config as well:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight diff"><code> load_assignment: cluster_name: example_proxy_cluster endpoints: - lb_endpoints: - endpoint: address: socket_address: <span class="gd">- address: www.envoyproxy.io </span><span class="gi">+ address: www.google.com </span> port_value: 443 transport_socket: name: envoy.transport_sockets.tls typed_config: "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext <span class="gd">- sni: www.envoyproxy.io </span><span class="gi">+ sni: www.google.com </span></code></pre> </div> <p>We should see the similar update in envoy's logs about the CDS config update<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>cds: added/updated 1 cluster<span class="o">(</span>s<span class="o">)</span>, skipped 0 unmodified cluster<span class="o">(</span>s<span class="o">)</span> </code></pre> </div> <p>Hence we were able to reload the envoy configuration dynamically without restarting the server itself.</p> reverseproxy servicemesh istio envoy Teaching kubernetes service mesh tricks Ishan Khare Tue, 02 Mar 2021 21:03:21 +0000 https://forem.com/ishankhare07/teaching-kubernetes-service-mesh-tricks-23g9 https://forem.com/ishankhare07/teaching-kubernetes-service-mesh-tricks-23g9 <h3> What we'll cover in this post? </h3> <p>This post in general is about how we can leverage kubernetes controllers and the <a href="https://github.com/kubernetes/community/blob/master/contributors/design-proposals/architecture/resource-management.md" rel="noopener noreferrer">kubernetes resource model</a> to automate and manage heavy lifting of tricky deployment and management scenarios.</p> <p>Controller are often explained in layman terms as <em>software-SRE's</em>. The good thing about that is:</p> <ul> <li>They are always available and ready to step in when things go wrong.</li> <li>They have all the operational logic in the form of code related to the steps to take when certain things don't work.</li> <li>They don't need to go over runbooks/playbooks or other documentations to fix issues.</li> <li>Since they are always watching resources and their states (as we'll see later in this post), they don't have to spend time to <em>find</em> where the errors/misconfiguration happened.</li> </ul> <p>This can give us a few positive outcomes:</p> <ul> <li>Humans don't have to be on hectic on-call schedules.</li> <li>In cases of errors, the software itself is healing the system, hence the MTTR(mean time to response) is considerably decreased.</li> </ul> <blockquote> <p>"With great power comes great responsibilities". With all the advantages of implementing controllers, they also come with high cost of implementation details. <br> Implementing controllers is generally more complex than traditional systems.</p> </blockquote> <p>Now that we know a bit about controllers, we'll take a use case and try to implement a controller to solve it.</p> <h4> Tl;Dr </h4> <p>If you want to directly go ahead and checkout the code implementation and test it on your local machine, I have the entire thing residing<br> in this – <a href="https://github.com/ishankhare07/launchpad" rel="noopener noreferrer">github.com/ishankhare07/launchpad</a> repo. There is a detailed readme which walks you through<br> a Makefile that:</p> <ul> <li>Sets up a local kind cluster</li> <li>Installs Istio on it</li> <li>Deploys demo workloads(Deployments)</li> <li>Applies the right Istio CRD's – a <code>VirtualService</code> and a <code>DestinationRule</code> to achieve a traffic split.</li> <li>Check and verify the traffic split.</li> </ul> <p>It then also walks you through the controller way of doing things and also the magic of <em>Software-SRE's</em> that they bring along.</p> <h4> Use case </h4> <p>The use case we are trying to tackle here is doing a traffic split using a a service mesh. Since this blog post can only have limited scope, what we will NOT talk about is:</p> <ul> <li>Service mesh in general or service mesh comparison. We'll just go ahead and use Istio.</li> <li>We'll not go into the details of how Istio or any other service mesh works.</li> </ul> <p>The specific scenario we would want to cover is a <code>Traffic Split</code>/<code>Canary</code>. More details can be found by giving a look at this awesome example site – <a href="https://www.istiobyexample.dev/canary" rel="noopener noreferrer">istiobyexample.dev/canary</a> – by <a href="https://twitter.com/askmeegs" rel="noopener noreferrer">@askmeegs</a>. Borrowing the following screenshot from that same article, demonstrating what we want to achieve:<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fstorage.googleapis.com%2Fahins%2Fimages%2FScreenshot_2021-03-02_Canary_Deployments__Istio_By_Example_.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fstorage.googleapis.com%2Fahins%2Fimages%2FScreenshot_2021-03-02_Canary_Deployments__Istio_By_Example_.png"></a>. The page also details how we can achieve this by creating Istio specific CRD's. We'll look at both the approaches and see the advantages first-hand where controllers come in.</p> <p>Below are the Istio CRD's that we would want to create in the cluster in order for Istio to do things for us:<br><br> <code>DestinationRule</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">networking.istio.io/v1alpha3</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">DestinationRule</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">helloworld</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">host</span><span class="pi">:</span> <span class="s">helloworld</span> <span class="na">subsets</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">version</span><span class="pi">:</span> <span class="s">v1</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">v2</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">version</span><span class="pi">:</span> <span class="s">v2</span> </code></pre> </div> <p><code>VirtualService</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">networking.istio.io/v1alpha3</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">VirtualService</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">helloworld</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">hosts</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">helloworld</span> <span class="na">http</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">route</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">destination</span><span class="pi">:</span> <span class="na">host</span><span class="pi">:</span> <span class="s">helloworld</span> <span class="na">subset</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">weight</span><span class="pi">:</span> <span class="m">80</span> <span class="pi">-</span> <span class="na">destination</span><span class="pi">:</span> <span class="na">host</span><span class="pi">:</span> <span class="s">helloworld</span> <span class="na">subset</span><span class="pi">:</span> <span class="s">v2</span> <span class="na">weight</span><span class="pi">:</span> <span class="m">20</span> </code></pre> </div> <p>Too much going around the core of this post, lets dive in now.</p> <blockquote> <p>This post uses the awesome <a href="https://github.com/kubernetes-sigs/kubebuilder" rel="noopener noreferrer">kubebuilder</a> framework for implementing the controller. If you're unfamiliar about it and want an intro<br> I've written a previous article about it on my blog which you can read here – <a href="https://ishankhare.dev/posts/6/" rel="noopener noreferrer">Writing a kubernetes controller in Go with kubebuilder</a></p> </blockquote> <h4> The Deep Dive </h4> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fstorage.googleapis.com%2Fahins%2Fimages%2FIMG_20190824_143526709.jpg" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fstorage.googleapis.com%2Fahins%2Fimages%2FIMG_20190824_143526709.jpg"></a><br> We'll start by initializing our project for the controller using <code>go mod</code> and the <code>kubebuilder</code> framework<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>go mod init github.com/ishankhare07/launchpad <span class="nv">$ </span>kubebuilder init <span class="nt">--domain</span> ishankhare.dev <span class="c"># create scaffolding for the project</span> <span class="nv">$ </span>kubebuilder create api <span class="nt">--group</span> labs <span class="nt">--version</span> v1alpha1 <span class="nt">--kind</span> Workload Create Resource <span class="o">[</span>y/n] y Create Controller <span class="o">[</span>y/n] y Writing scaffold <span class="k">for </span>you to edit... </code></pre> </div> <h5> The CRD </h5> <p>Next step is to define the CRD which we want to use for defining our traffic split to our controller. We want roughly the following yaml spec for it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">labs.ishankhare.dev/v1alpha1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Workload</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">workload-sample</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">host</span><span class="pi">:</span> <span class="s">helloworld</span> <span class="na">targets</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">helloworld-v1</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">default</span> <span class="na">trafficSplit</span><span class="pi">:</span> <span class="na">hosts</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">helloworld</span> <span class="na">subset</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">version</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">destinationHost</span><span class="pi">:</span> <span class="s">helloworld</span> <span class="na">weight</span><span class="pi">:</span> <span class="m">80</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">helloworld-v2</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">default</span> <span class="na">trafficSplit</span><span class="pi">:</span> <span class="na">hosts</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">helloworld</span> <span class="na">subset</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">v2</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">version</span><span class="pi">:</span> <span class="s">v2</span> <span class="na">destinationHost</span><span class="pi">:</span> <span class="s">helloworld</span> <span class="na">weight</span><span class="pi">:</span> <span class="m">20</span> </code></pre> </div> <p>I know there's room for improvement and this can be refined further, but for the purpose of this post, this should do fine. Lets go about defining this spec in our <code>api/v1alpha1/workload_types.go</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="o">...</span> <span class="k">const</span> <span class="p">(</span> <span class="n">PhasePending</span> <span class="o">=</span> <span class="s">"PENDING"</span> <span class="n">PhaseCreated</span> <span class="o">=</span> <span class="s">"CREATED"</span> <span class="p">)</span> <span class="c">// +kubebuilder:object:root=true</span> <span class="c">// +kubebuilder:subresource:status</span> <span class="c">// Workload is the Schema for the workloads API</span> <span class="k">type</span> <span class="n">Workload</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">metav1</span><span class="o">.</span><span class="n">TypeMeta</span> <span class="s">`json:",inline"`</span> <span class="n">metav1</span><span class="o">.</span><span class="n">ObjectMeta</span> <span class="s">`json:"metadata,omitempty"`</span> <span class="n">Spec</span> <span class="n">WorkloadSpec</span> <span class="s">`json:"spec,omitempty"`</span> <span class="n">Status</span> <span class="n">WorkloadStatus</span> <span class="s">`json:"status,omitempty"`</span> <span class="p">}</span> <span class="k">type</span> <span class="n">WorkloadSpec</span> <span class="k">struct</span> <span class="p">{</span> <span class="c">// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster</span> <span class="c">// Important: Run "make" to regenerate code after modifying this file</span> <span class="c">// Host is the name of the service from the service registry</span> <span class="n">Host</span> <span class="kt">string</span> <span class="s">`json:"host,omitempty"`</span> <span class="n">Targets</span> <span class="p">[]</span><span class="n">DeploymentTarget</span> <span class="s">`json:"targets,omitempty"`</span> <span class="p">}</span> <span class="c">// WorkloadStatus defines the observed state of Workload</span> <span class="k">type</span> <span class="n">WorkloadStatus</span> <span class="k">struct</span> <span class="p">{</span> <span class="c">// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster</span> <span class="c">// Important: Run "make" to regenerate code after modifying this file</span> <span class="n">VirtualServiceState</span> <span class="kt">string</span> <span class="s">`json:"virtualServiceState,omitempty"`</span> <span class="n">DestinationRuleState</span> <span class="kt">string</span> <span class="s">`json:"destinationRuleState,omitempty"`</span> <span class="p">}</span> <span class="k">type</span> <span class="n">DeploymentTarget</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Name</span> <span class="kt">string</span> <span class="s">`json:"name,omitempty"`</span> <span class="n">Namespace</span> <span class="kt">string</span> <span class="s">`json:"namespace,omitempty"`</span> <span class="n">TrafficSplit</span> <span class="n">TrafficSplit</span> <span class="s">`json:"trafficSplit,omitempty"`</span> <span class="p">}</span> <span class="k">type</span> <span class="n">TrafficSplit</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Hosts</span> <span class="p">[]</span><span class="kt">string</span> <span class="s">`json:"hosts,omitempty"`</span> <span class="n">Subset</span> <span class="n">Subset</span> <span class="s">`json:"subset,omitempty"`</span> <span class="n">DestinationHost</span> <span class="kt">string</span> <span class="s">`json:"destinationHost,omitempty"`</span> <span class="n">Weight</span> <span class="kt">int</span> <span class="s">`json:"weight,omitempty"`</span> <span class="p">}</span> <span class="k">type</span> <span class="n">Subset</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Name</span> <span class="kt">string</span> <span class="s">`json:"name,omitempty"`</span> <span class="n">Labels</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">string</span> <span class="s">`json:"labels,omitempty"`</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">w</span> <span class="o">*</span><span class="n">Workload</span><span class="p">)</span> <span class="n">GetIstioResourceName</span><span class="p">()</span> <span class="kt">string</span> <span class="p">{</span> <span class="k">return</span> <span class="n">w</span><span class="o">.</span><span class="n">Spec</span><span class="o">.</span><span class="n">Host</span> <span class="c">// strings.Split(w.Spec.Targets[0].Name, "-")[0]</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">w</span> <span class="o">*</span><span class="n">Workload</span><span class="p">)</span> <span class="n">GetHosts</span><span class="p">()</span> <span class="p">[]</span><span class="kt">string</span> <span class="p">{</span> <span class="c">// need hosts as a set data structure</span> <span class="n">hostSet</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">(</span><span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">bool</span><span class="p">)</span> <span class="n">hosts</span> <span class="o">:=</span> <span class="p">[]</span><span class="kt">string</span><span class="p">{}</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">target</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">w</span><span class="o">.</span><span class="n">Spec</span><span class="o">.</span><span class="n">Targets</span> <span class="p">{</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">host</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">target</span><span class="o">.</span><span class="n">TrafficSplit</span><span class="o">.</span><span class="n">Hosts</span> <span class="p">{</span> <span class="n">hostSet</span><span class="p">[</span><span class="n">host</span><span class="p">]</span> <span class="o">=</span> <span class="no">true</span> <span class="p">}</span> <span class="p">}</span> <span class="k">for</span> <span class="n">host</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">hostSet</span> <span class="p">{</span> <span class="n">hosts</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">hosts</span><span class="p">,</span> <span class="n">host</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="n">hosts</span> <span class="p">}</span> </code></pre> </div> <p>This should be enough to define our define the yaml that we presented before. If you're following along the code in the repo, the above is defined in <a href="https://github.com/ishankhare07/launchpad/blob/master/api/v1alpha1/workload_types.go" rel="noopener noreferrer">api/v1alpha1/workload_types.go</a>. We also add some additional helper methods on the objects that will be useful later.</p> <h5> The controller </h5> <p>Let's jump to <a href="https://github.com/ishankhare07/launchpad/blob/master/controllers/workload_controller.go" rel="noopener noreferrer">controllers/workload_controller.go</a>. I'm only going to show the relevant sections of the code here in favour of brevity. For detailed code one can go and see the linked file.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="o">...</span> <span class="k">func</span> <span class="p">(</span><span class="n">r</span> <span class="o">*</span><span class="n">WorkloadReconciler</span><span class="p">)</span> <span class="n">Reconcile</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">req</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">Request</span><span class="p">)</span> <span class="p">(</span><span class="n">ctrl</span><span class="o">.</span><span class="n">Result</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">reqLogger</span> <span class="o">:=</span> <span class="n">r</span><span class="o">.</span><span class="n">Log</span><span class="o">.</span><span class="n">WithValues</span><span class="p">(</span><span class="s">"workload"</span><span class="p">,</span> <span class="n">req</span><span class="o">.</span><span class="n">NamespacedName</span><span class="p">)</span> <span class="c">// your logic here</span> <span class="n">reqLogger</span><span class="o">.</span><span class="n">Info</span><span class="p">(</span><span class="s">"====== Reconciling Workload ======="</span><span class="p">)</span> <span class="n">instance</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">labsv1alpha1</span><span class="o">.</span><span class="n">Workload</span><span class="p">{}</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">r</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="n">context</span><span class="o">.</span><span class="n">TODO</span><span class="p">(),</span> <span class="n">req</span><span class="o">.</span><span class="n">NamespacedName</span><span class="p">,</span> <span class="n">instance</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="c">// object not found, could have been deleted after</span> <span class="c">// reconcile request, hence don't requeue</span> <span class="k">if</span> <span class="n">errors</span><span class="o">.</span><span class="n">IsNotFound</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">Result</span><span class="p">{},</span> <span class="no">nil</span> <span class="p">}</span> <span class="c">// error reading the object, requeue the request</span> <span class="k">return</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">Result</span><span class="p">{},</span> <span class="n">err</span> <span class="p">}</span> <span class="n">reqLogger</span><span class="o">.</span><span class="n">Info</span><span class="p">(</span><span class="s">"Workload created for following targets."</span><span class="p">)</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">target</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">instance</span><span class="o">.</span><span class="n">Spec</span><span class="o">.</span><span class="n">Targets</span> <span class="p">{</span> <span class="n">reqLogger</span><span class="o">.</span><span class="n">Info</span><span class="p">(</span><span class="s">"target"</span><span class="p">,</span> <span class="s">"name"</span><span class="p">,</span> <span class="n">target</span><span class="o">.</span><span class="n">Name</span><span class="p">,</span> <span class="s">"namespace"</span><span class="p">,</span> <span class="n">target</span><span class="o">.</span><span class="n">Namespace</span><span class="p">,</span> <span class="s">"hosts"</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"%v"</span><span class="p">,</span> <span class="n">target</span><span class="o">.</span><span class="n">TrafficSplit</span><span class="o">.</span><span class="n">Hosts</span><span class="p">))</span> <span class="n">reqLogger</span><span class="o">.</span><span class="n">Info</span><span class="p">(</span><span class="s">"subset"</span><span class="p">,</span> <span class="s">"subset name"</span><span class="p">,</span> <span class="n">target</span><span class="o">.</span><span class="n">TrafficSplit</span><span class="o">.</span><span class="n">Subset</span><span class="o">.</span><span class="n">Name</span><span class="p">,</span> <span class="s">"subset labels"</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"%v"</span><span class="p">,</span> <span class="n">target</span><span class="o">.</span><span class="n">TrafficSplit</span><span class="o">.</span><span class="n">Subset</span><span class="o">.</span><span class="n">Labels</span><span class="p">),</span> <span class="s">"weight"</span><span class="p">,</span> <span class="n">target</span><span class="o">.</span><span class="n">TrafficSplit</span><span class="o">.</span><span class="n">Weight</span><span class="p">)</span> <span class="p">}</span> <span class="c">// check current status of owned resources</span> <span class="k">if</span> <span class="n">instance</span><span class="o">.</span><span class="n">Status</span><span class="o">.</span><span class="n">VirtualServiceState</span> <span class="o">==</span> <span class="s">""</span> <span class="p">{</span> <span class="n">instance</span><span class="o">.</span><span class="n">Status</span><span class="o">.</span><span class="n">VirtualServiceState</span> <span class="o">=</span> <span class="n">labsv1alpha1</span><span class="o">.</span><span class="n">PhasePending</span> <span class="p">}</span> <span class="k">if</span> <span class="n">instance</span><span class="o">.</span><span class="n">Status</span><span class="o">.</span><span class="n">DestinationRuleState</span> <span class="o">==</span> <span class="s">""</span> <span class="p">{</span> <span class="n">instance</span><span class="o">.</span><span class="n">Status</span><span class="o">.</span><span class="n">DestinationRuleState</span> <span class="o">=</span> <span class="n">labsv1alpha1</span><span class="o">.</span><span class="n">PhasePending</span> <span class="p">}</span> <span class="c">// check virtual service status</span> <span class="n">vsResult</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">r</span><span class="o">.</span><span class="n">checkVirtualServiceStatus</span><span class="p">(</span><span class="n">instance</span><span class="p">,</span> <span class="n">req</span><span class="p">,</span> <span class="n">reqLogger</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">vsResult</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// check destination rule status</span> <span class="n">destRuleResult</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">r</span><span class="o">.</span><span class="n">checkDestinationRuleStatus</span><span class="p">(</span><span class="n">instance</span><span class="p">,</span> <span class="n">req</span><span class="p">,</span> <span class="n">reqLogger</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">destRuleResult</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="c">// update status</span> <span class="n">err</span> <span class="o">=</span> <span class="n">r</span><span class="o">.</span><span class="n">Status</span><span class="p">()</span><span class="o">.</span><span class="n">Update</span><span class="p">(</span><span class="n">context</span><span class="o">.</span><span class="n">TODO</span><span class="p">(),</span> <span class="n">instance</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">Result</span><span class="p">{},</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">Result</span><span class="p">{},</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>Here we are simply logging what the controller "sees" is requested to be created as <em>"desired state"</em> through the CRD.<br> Next we are calling the relevant functions <code>checkVirtualServiceStatus</code> and <code>checkDestinationRuleStatus</code>. There implementation is explained below, with just the following intention:</p> <blockquote> <p>If the <code>VirtualService</code> or <code>DestinationRule</code> doesn't exist yet, try to create it with the correct spec.</p> </blockquote> <h5> The VirtualService check </h5> <p>In the same file let's implement the <code>checkVirtualServiceStatus</code> method, please scroll to the right for extra comments explaining each section:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="o">...</span> <span class="k">func</span> <span class="p">(</span><span class="n">r</span> <span class="o">*</span><span class="n">WorkloadReconciler</span><span class="p">)</span> <span class="n">checkVirtualServiceStatus</span><span class="p">(</span><span class="n">instance</span> <span class="o">*</span><span class="n">labsv1alpha1</span><span class="o">.</span><span class="n">Workload</span><span class="p">,</span> <span class="n">req</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">Request</span><span class="p">,</span> <span class="n">logger</span> <span class="n">logr</span><span class="o">.</span><span class="n">Logger</span><span class="p">)</span> <span class="p">(</span><span class="n">ctrl</span><span class="o">.</span><span class="n">Result</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">switch</span> <span class="n">instance</span><span class="o">.</span><span class="n">Status</span><span class="o">.</span><span class="n">VirtualServiceState</span> <span class="p">{</span> <span class="k">case</span> <span class="n">labsv1alpha1</span><span class="o">.</span><span class="n">PhasePending</span><span class="o">:</span> <span class="n">logger</span><span class="o">.</span><span class="n">Info</span><span class="p">(</span><span class="s">"Virtual Service"</span><span class="p">,</span> <span class="s">"PHASE:"</span><span class="p">,</span> <span class="n">instance</span><span class="o">.</span><span class="n">Status</span><span class="o">.</span><span class="n">VirtualServiceState</span><span class="p">)</span> <span class="c">// If still in pending state (initial condition)</span> <span class="n">logger</span><span class="o">.</span><span class="n">Info</span><span class="p">(</span><span class="s">"Transitioning state to create Virtual Service"</span><span class="p">)</span> <span class="c">// transition to the creating state </span> <span class="n">instance</span><span class="o">.</span><span class="n">Status</span><span class="o">.</span><span class="n">VirtualServiceState</span> <span class="o">=</span> <span class="n">labsv1alpha1</span><span class="o">.</span><span class="n">PhaseCreated</span> <span class="c">//</span> <span class="k">case</span> <span class="n">labsv1alpha1</span><span class="o">.</span><span class="n">PhaseCreated</span><span class="o">:</span> <span class="n">logger</span><span class="o">.</span><span class="n">Info</span><span class="p">(</span><span class="s">"Virtual Service"</span><span class="p">,</span> <span class="s">"PHASE:"</span><span class="p">,</span> <span class="n">instance</span><span class="o">.</span><span class="n">Status</span><span class="o">.</span><span class="n">VirtualServiceState</span><span class="p">)</span> <span class="c">//</span> <span class="n">query</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">istiov1alpha3</span><span class="o">.</span><span class="n">VirtualService</span><span class="p">{}</span> <span class="c">// create an empty query object</span> <span class="c">//</span> <span class="c">// check if virtual service already exists //---------\</span> <span class="n">lookupKey</span> <span class="o">:=</span> <span class="n">types</span><span class="o">.</span><span class="n">NamespacedName</span><span class="p">{</span> <span class="c">// \</span> <span class="n">Name</span><span class="o">:</span> <span class="n">instance</span><span class="o">.</span><span class="n">GetIstioResourceName</span><span class="p">(),</span> <span class="c">// --- construct the query object</span> <span class="n">Namespace</span><span class="o">:</span> <span class="n">instance</span><span class="o">.</span><span class="n">GetNamespace</span><span class="p">(),</span> <span class="c">// /</span> <span class="p">}</span> <span class="c">//---------/</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">r</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="n">context</span><span class="o">.</span><span class="n">TODO</span><span class="p">(),</span> <span class="n">lookupKey</span><span class="p">,</span> <span class="n">query</span><span class="p">)</span> <span class="c">// query result</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="o">&amp;&amp;</span> <span class="n">errors</span><span class="o">.</span><span class="n">IsNotFound</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">{</span> <span class="c">//</span> <span class="n">logger</span><span class="o">.</span><span class="n">Info</span><span class="p">(</span><span class="s">"virtual service not found but should exist"</span><span class="p">,</span> <span class="s">"lookup key"</span><span class="p">,</span> <span class="n">lookupKey</span><span class="p">)</span> <span class="c">//</span> <span class="n">logger</span><span class="o">.</span><span class="n">Info</span><span class="p">(</span><span class="n">err</span><span class="o">.</span><span class="n">Error</span><span class="p">())</span> <span class="c">//</span> <span class="c">// virtual service got deleted or hasn't been created yet //</span> <span class="c">// create one now //</span> <span class="n">vs</span> <span class="o">:=</span> <span class="n">spawn</span><span class="o">.</span><span class="n">CreateVirtualService</span><span class="p">(</span><span class="n">instance</span><span class="p">)</span> <span class="c">// create the actual virtual service as defined by Istio</span> <span class="n">err</span> <span class="o">=</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">SetControllerReference</span><span class="p">(</span><span class="n">instance</span><span class="p">,</span> <span class="n">vs</span><span class="p">,</span> <span class="n">r</span><span class="o">.</span><span class="n">Scheme</span><span class="p">)</span> <span class="c">// Set owner references on the created object</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="c">//</span> <span class="n">logger</span><span class="o">.</span><span class="n">Error</span><span class="p">(</span><span class="n">err</span><span class="p">,</span> <span class="s">"Error setting controller reference"</span><span class="p">)</span> <span class="c">//</span> <span class="k">return</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">Result</span><span class="p">{},</span> <span class="n">err</span> <span class="c">//</span> <span class="p">}</span> <span class="c">//</span> <span class="c">// </span> <span class="n">err</span> <span class="o">=</span> <span class="n">r</span><span class="o">.</span><span class="n">Create</span><span class="p">(</span><span class="n">context</span><span class="o">.</span><span class="n">TODO</span><span class="p">(),</span> <span class="n">vs</span><span class="p">)</span> <span class="c">// request the API server to create the actual object in</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="c">// the cluster i.e. persist in the etcd store</span> <span class="n">logger</span><span class="o">.</span><span class="n">Error</span><span class="p">(</span><span class="n">err</span><span class="p">,</span> <span class="s">"Unable to create Virtual Service"</span><span class="p">)</span> <span class="c">//</span> <span class="k">return</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">Result</span><span class="p">{},</span> <span class="n">err</span> <span class="c">//</span> <span class="p">}</span> <span class="c">//</span> <span class="c">//</span> <span class="n">logger</span><span class="o">.</span><span class="n">Info</span><span class="p">(</span><span class="s">"Successfully created virtual service"</span><span class="p">)</span> <span class="c">//</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="c">//</span> <span class="n">logger</span><span class="o">.</span><span class="n">Error</span><span class="p">(</span><span class="n">err</span><span class="p">,</span> <span class="s">"Unable to create Virtual Service"</span><span class="p">)</span> <span class="c">//</span> <span class="k">return</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">Result</span><span class="p">{},</span> <span class="n">err</span> <span class="c">//</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="c">//</span> <span class="c">// don't requeue, it will happen automatically when //</span> <span class="c">// virtual service status changes //</span> <span class="k">return</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">Result</span><span class="p">{},</span> <span class="no">nil</span> <span class="c">//</span> <span class="p">}</span> <span class="c">//</span> <span class="c">// more fields related to virtual service status can be checked</span> <span class="c">// see more at https://pkg.go.dev/istio.io/api/meta/v1alpha1#IstioStatus</span> <span class="p">}</span> <span class="k">return</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">Result</span><span class="p">{},</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>The line <code>vs := spawn.CreateVirtualService(instance)</code> defines another function to create the actual <code>Istio</code> <code>VirtualService</code> for us which we will define further in the <code>spawn</code> package.</p> <h5> The DestinationRule check </h5> <p>Similar to the virtual service, we'll create the <code>checkDestinationRuleStatus</code> method in the same file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="o">...</span> <span class="k">func</span> <span class="p">(</span><span class="n">r</span> <span class="o">*</span><span class="n">WorkloadReconciler</span><span class="p">)</span> <span class="n">checkDestinationRuleStatus</span><span class="p">(</span><span class="n">instance</span> <span class="o">*</span><span class="n">labsv1alpha1</span><span class="o">.</span><span class="n">Workload</span><span class="p">,</span> <span class="n">req</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">Request</span><span class="p">,</span> <span class="n">logger</span> <span class="n">logr</span><span class="o">.</span><span class="n">Logger</span><span class="p">)</span> <span class="p">(</span><span class="n">ctrl</span><span class="o">.</span><span class="n">Result</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">switch</span> <span class="n">instance</span><span class="o">.</span><span class="n">Status</span><span class="o">.</span><span class="n">DestinationRuleState</span> <span class="p">{</span> <span class="k">case</span> <span class="n">labsv1alpha1</span><span class="o">.</span><span class="n">PhasePending</span><span class="o">:</span> <span class="n">logger</span><span class="o">.</span><span class="n">Info</span><span class="p">(</span><span class="s">"Destination Rule"</span><span class="p">,</span> <span class="s">"PHASE:"</span><span class="p">,</span> <span class="n">instance</span><span class="o">.</span><span class="n">Status</span><span class="o">.</span><span class="n">DestinationRuleState</span><span class="p">)</span> <span class="n">logger</span><span class="o">.</span><span class="n">Info</span><span class="p">(</span><span class="s">"Transitioning state to create Destination Rule"</span><span class="p">)</span> <span class="n">instance</span><span class="o">.</span><span class="n">Status</span><span class="o">.</span><span class="n">DestinationRuleState</span> <span class="o">=</span> <span class="n">labsv1alpha1</span><span class="o">.</span><span class="n">PhaseCreated</span> <span class="k">case</span> <span class="n">labsv1alpha1</span><span class="o">.</span><span class="n">PhaseCreated</span><span class="o">:</span> <span class="n">logger</span><span class="o">.</span><span class="n">Info</span><span class="p">(</span><span class="s">"Destination Rule"</span><span class="p">,</span> <span class="s">"PHASE:"</span><span class="p">,</span> <span class="n">instance</span><span class="o">.</span><span class="n">Status</span><span class="o">.</span><span class="n">DestinationRuleState</span><span class="p">)</span> <span class="n">query</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">istiov1alpha3</span><span class="o">.</span><span class="n">DestinationRule</span><span class="p">{}</span> <span class="c">// check if destination rule already exists</span> <span class="n">lookupKey</span> <span class="o">:=</span> <span class="n">types</span><span class="o">.</span><span class="n">NamespacedName</span><span class="p">{</span> <span class="n">Name</span><span class="o">:</span> <span class="n">instance</span><span class="o">.</span><span class="n">GetIstioResourceName</span><span class="p">(),</span> <span class="n">Namespace</span><span class="o">:</span> <span class="n">instance</span><span class="o">.</span><span class="n">GetNamespace</span><span class="p">(),</span> <span class="p">}</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">r</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="n">context</span><span class="o">.</span><span class="n">TODO</span><span class="p">(),</span> <span class="n">lookupKey</span><span class="p">,</span> <span class="n">query</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="o">&amp;&amp;</span> <span class="n">errors</span><span class="o">.</span><span class="n">IsNotFound</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">{</span> <span class="n">logger</span><span class="o">.</span><span class="n">Info</span><span class="p">(</span><span class="s">"destination rule not found but should exist"</span><span class="p">,</span> <span class="s">"req key"</span><span class="p">,</span> <span class="n">lookupKey</span><span class="p">)</span> <span class="n">logger</span><span class="o">.</span><span class="n">Info</span><span class="p">(</span><span class="n">err</span><span class="o">.</span><span class="n">Error</span><span class="p">())</span> <span class="c">// destination rule got deleted or hasn't been created yet</span> <span class="c">// create one now</span> <span class="n">dr</span> <span class="o">:=</span> <span class="n">spawn</span><span class="o">.</span><span class="n">CreateDestinationRule</span><span class="p">(</span><span class="n">instance</span><span class="p">)</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">SetControllerReference</span><span class="p">(</span><span class="n">instance</span><span class="p">,</span> <span class="n">dr</span><span class="p">,</span> <span class="n">r</span><span class="o">.</span><span class="n">Scheme</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">logger</span><span class="o">.</span><span class="n">Error</span><span class="p">(</span><span class="n">err</span><span class="p">,</span> <span class="s">"Error setting controller reference"</span><span class="p">)</span> <span class="k">return</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">Result</span><span class="p">{},</span> <span class="n">err</span> <span class="p">}</span> <span class="n">err</span> <span class="o">=</span> <span class="n">r</span><span class="o">.</span><span class="n">Create</span><span class="p">(</span><span class="n">context</span><span class="o">.</span><span class="n">TODO</span><span class="p">(),</span> <span class="n">dr</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">logger</span><span class="o">.</span><span class="n">Error</span><span class="p">(</span><span class="n">err</span><span class="p">,</span> <span class="s">"Unable to create Destination Rule"</span><span class="p">)</span> <span class="k">return</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">Result</span><span class="p">{},</span> <span class="n">err</span> <span class="p">}</span> <span class="n">logger</span><span class="o">.</span><span class="n">Info</span><span class="p">(</span><span class="s">"Successfully created Destination Rule"</span><span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">logger</span><span class="o">.</span><span class="n">Error</span><span class="p">(</span><span class="n">err</span><span class="p">,</span> <span class="s">"Unable to create destination rule"</span><span class="p">)</span> <span class="k">return</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">Result</span><span class="p">{},</span> <span class="n">err</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="c">// don't requeue, it will happen automatically when</span> <span class="c">// destination rule status changes</span> <span class="k">return</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">Result</span><span class="p">{},</span> <span class="no">nil</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">Result</span><span class="p">{},</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>The line <code>dr := spawn.CreateDestinationRule(instance)</code> defines another function to create the actual <code>Istio</code> <code>DestinationRule</code> for us, which we will define further in the <code>spawn</code> package.</p> <h5> Creating the Istio CRD's (defining the 'spawn') package </h5> <p>Let's create the following two files in the <code>pkg</code> directory:</p> <ol> <li><a href="https://github.com/ishankhare07/launchpad/blob/master/pkg/spawn/destination-rule.go" rel="noopener noreferrer">destination-rule.go</a></li> <li><a href="https://github.com/ishankhare07/launchpad/blob/master/pkg/spawn/virtual-service.go" rel="noopener noreferrer">virtual-service.go</a></li> </ol> <p>The structure should be as follows:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>tree ./pkg ./pkg └── spawn ├── destination-rule.go └── virtual-service.go </code></pre> </div> <p>In the file <a href="https://github.com/ishankhare07/launchpad/blob/master/pkg/spawn/virtual-service.go" rel="noopener noreferrer"><code>virtual-service.go</code></a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">spawn</span> <span class="k">import</span> <span class="p">(</span> <span class="n">labsv1alpha1</span> <span class="s">"github.com/ishankhare07/launchpad/api/v1alpha1"</span> <span class="n">istionetworkingv1alpha3</span> <span class="s">"istio.io/api/networking/v1alpha3"</span> <span class="c">// ---------\</span> <span class="c">// - import the required Istio structures (CRD's)</span> <span class="n">istiov1alpha3</span> <span class="s">"istio.io/client-go/pkg/apis/networking/v1alpha3"</span> <span class="c">// ---------/</span> <span class="n">metav1</span> <span class="s">"k8s.io/apimachinery/pkg/apis/meta/v1"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">CreateVirtualService</span><span class="p">(</span><span class="n">workload</span> <span class="o">*</span><span class="n">labsv1alpha1</span><span class="o">.</span><span class="n">Workload</span><span class="p">)</span> <span class="o">*</span><span class="n">istiov1alpha3</span><span class="o">.</span><span class="n">VirtualService</span> <span class="p">{</span> <span class="n">vs</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">istiov1alpha3</span><span class="o">.</span><span class="n">VirtualService</span><span class="p">{</span> <span class="n">ObjectMeta</span><span class="o">:</span> <span class="n">metav1</span><span class="o">.</span><span class="n">ObjectMeta</span><span class="p">{</span> <span class="n">Name</span><span class="o">:</span> <span class="n">workload</span><span class="o">.</span><span class="n">GetIstioResourceName</span><span class="p">(),</span> <span class="n">Namespace</span><span class="o">:</span> <span class="s">"default"</span><span class="p">,</span> <span class="p">},</span> <span class="p">}</span> <span class="n">routeDestination</span> <span class="o">:=</span> <span class="p">[]</span><span class="o">*</span><span class="n">istionetworkingv1alpha3</span><span class="o">.</span><span class="n">HTTPRouteDestination</span><span class="p">{}</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">target</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">workload</span><span class="o">.</span><span class="n">Spec</span><span class="o">.</span><span class="n">Targets</span> <span class="p">{</span> <span class="c">// extract route from CRD</span> <span class="n">route</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">istionetworkingv1alpha3</span><span class="o">.</span><span class="n">HTTPRouteDestination</span><span class="p">{</span> <span class="n">Destination</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">istionetworkingv1alpha3</span><span class="o">.</span><span class="n">Destination</span><span class="p">{</span> <span class="n">Host</span><span class="o">:</span> <span class="n">target</span><span class="o">.</span><span class="n">TrafficSplit</span><span class="o">.</span><span class="n">DestinationHost</span><span class="p">,</span> <span class="n">Subset</span><span class="o">:</span> <span class="n">target</span><span class="o">.</span><span class="n">TrafficSplit</span><span class="o">.</span><span class="n">Subset</span><span class="o">.</span><span class="n">Name</span><span class="p">,</span> <span class="p">},</span> <span class="n">Weight</span><span class="o">:</span> <span class="kt">int32</span><span class="p">(</span><span class="n">target</span><span class="o">.</span><span class="n">TrafficSplit</span><span class="o">.</span><span class="n">Weight</span><span class="p">),</span> <span class="p">}</span> <span class="c">// append routes into route destination</span> <span class="n">routeDestination</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">routeDestination</span><span class="p">,</span> <span class="n">route</span><span class="p">)</span> <span class="p">}</span> <span class="c">// append route destination to VirtualService.Routes</span> <span class="n">vs</span><span class="o">.</span><span class="n">Spec</span><span class="o">.</span><span class="n">Http</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">vs</span><span class="o">.</span><span class="n">Spec</span><span class="o">.</span><span class="n">Http</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">istionetworkingv1alpha3</span><span class="o">.</span><span class="n">HTTPRoute</span><span class="p">{</span> <span class="n">Route</span><span class="o">:</span> <span class="n">routeDestination</span><span class="p">,</span> <span class="p">})</span> <span class="c">// set hosts</span> <span class="n">vs</span><span class="o">.</span><span class="n">Spec</span><span class="o">.</span><span class="n">Hosts</span> <span class="o">=</span> <span class="n">workload</span><span class="o">.</span><span class="n">GetHosts</span><span class="p">()</span> <span class="k">return</span> <span class="n">vs</span> <span class="p">}</span> </code></pre> </div> <p>We import the right structures from the Istio's upstream repo and construct the object based on the values provided in our original <code>Workload</code> CRD.<br> In the similar way we define the destination rule object generation in the file <a href="https://github.com/ishankhare07/launchpad/blob/master/pkg/spawn/destination-rule.go" rel="noopener noreferrer"><code>destination-rule.go</code></a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">spawn</span> <span class="k">import</span> <span class="p">(</span> <span class="n">labsv1alpha1</span> <span class="s">"github.com/ishankhare07/launchpad/api/v1alpha1"</span> <span class="n">istionetworkingv1alpha3</span> <span class="s">"istio.io/api/networking/v1alpha3"</span> <span class="n">istiov1alpha3</span> <span class="s">"istio.io/client-go/pkg/apis/networking/v1alpha3"</span> <span class="n">metav1</span> <span class="s">"k8s.io/apimachinery/pkg/apis/meta/v1"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">CreateDestinationRule</span><span class="p">(</span><span class="n">workload</span> <span class="o">*</span><span class="n">labsv1alpha1</span><span class="o">.</span><span class="n">Workload</span><span class="p">)</span> <span class="o">*</span><span class="n">istiov1alpha3</span><span class="o">.</span><span class="n">DestinationRule</span> <span class="p">{</span> <span class="n">dr</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">istiov1alpha3</span><span class="o">.</span><span class="n">DestinationRule</span><span class="p">{</span> <span class="n">ObjectMeta</span><span class="o">:</span> <span class="n">metav1</span><span class="o">.</span><span class="n">ObjectMeta</span><span class="p">{</span> <span class="n">Name</span><span class="o">:</span> <span class="n">workload</span><span class="o">.</span><span class="n">GetIstioResourceName</span><span class="p">(),</span> <span class="n">Namespace</span><span class="o">:</span> <span class="n">workload</span><span class="o">.</span><span class="n">GetNamespace</span><span class="p">(),</span> <span class="p">},</span> <span class="p">}</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">target</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">workload</span><span class="o">.</span><span class="n">Spec</span><span class="o">.</span><span class="n">Targets</span> <span class="p">{</span> <span class="n">dr</span><span class="o">.</span><span class="n">Spec</span><span class="o">.</span><span class="n">Subsets</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">dr</span><span class="o">.</span><span class="n">Spec</span><span class="o">.</span><span class="n">Subsets</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">istionetworkingv1alpha3</span><span class="o">.</span><span class="n">Subset</span><span class="p">{</span> <span class="n">Name</span><span class="o">:</span> <span class="n">target</span><span class="o">.</span><span class="n">TrafficSplit</span><span class="o">.</span><span class="n">Subset</span><span class="o">.</span><span class="n">Name</span><span class="p">,</span> <span class="n">Labels</span><span class="o">:</span> <span class="n">target</span><span class="o">.</span><span class="n">TrafficSplit</span><span class="o">.</span><span class="n">Subset</span><span class="o">.</span><span class="n">Labels</span><span class="p">,</span> <span class="p">})</span> <span class="p">}</span> <span class="n">dr</span><span class="o">.</span><span class="n">Spec</span><span class="o">.</span><span class="n">Host</span> <span class="o">=</span> <span class="n">workload</span><span class="o">.</span><span class="n">Spec</span><span class="o">.</span><span class="n">Host</span> <span class="k">return</span> <span class="n">dr</span> <span class="p">}</span> </code></pre> </div> <h5> Telling the controller to 'watch' the resources we own </h5> <p>One last trick left in the implementation of our controller is, when we set the Owner references for each created <code>VirtualService</code> and <code>DestinationRule</code> in these lines:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="o">...</span> <span class="n">err</span> <span class="o">=</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">SetControllerReference</span><span class="p">(</span><span class="n">instance</span><span class="p">,</span> <span class="n">vs</span><span class="p">,</span> <span class="n">r</span><span class="o">.</span><span class="n">Scheme</span><span class="p">)</span> <span class="o">...</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">SetControllerReference</span><span class="p">(</span><span class="n">instance</span><span class="p">,</span> <span class="n">dr</span><span class="p">,</span> <span class="n">r</span><span class="o">.</span><span class="n">Scheme</span><span class="p">)</span> <span class="o">...</span> </code></pre> </div> <p>We are essentially telling kubernetes that these objects are "owned" by <em>THIS</em> controller<br><br> We can then ask kubernetes to send is events related to these "OWNED" resources whenever anything happens with them (delete/update)</p> <p>To do this we go back to the end of the <a href="https://github.com/ishankhare07/launchpad/blob/master/controllers/workload_controller.go" rel="noopener noreferrer"><code>controllers/workload_controller.go</code></a> and add the following:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="p">(</span><span class="n">r</span> <span class="o">*</span><span class="n">WorkloadReconciler</span><span class="p">)</span> <span class="n">SetupWithManager</span><span class="p">(</span><span class="n">mgr</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">Manager</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="k">return</span> <span class="n">ctrl</span><span class="o">.</span><span class="n">NewControllerManagedBy</span><span class="p">(</span><span class="n">mgr</span><span class="p">)</span><span class="o">.</span> <span class="n">For</span><span class="p">(</span><span class="o">&amp;</span><span class="n">labsv1alpha1</span><span class="o">.</span><span class="n">Workload</span><span class="p">{})</span><span class="o">.</span> <span class="n">Owns</span><span class="p">(</span><span class="o">&amp;</span><span class="n">istiov1alpha3</span><span class="o">.</span><span class="n">VirtualService</span><span class="p">{})</span><span class="o">.</span> <span class="c">// we own both these type of objects</span> <span class="n">Owns</span><span class="p">(</span><span class="o">&amp;</span><span class="n">istiov1alpha3</span><span class="o">.</span><span class="n">DestinationRule</span><span class="p">{})</span><span class="o">.</span> <span class="c">// hence send us events related to these</span> <span class="n">Complete</span><span class="p">(</span><span class="n">r</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <h5> Are we done? </h5> <p>One last thing. Since <code>Istio</code>'s <code>VirtualService</code> and <code>DestinationRule</code> are external kubernetes obejcts (for which we have registered the CRD's while installing istio), we are still using <em>raw golang</em> objects / structs and passing it to the <a href="https://github.com/kubernetes-sigs/controller-runtime" rel="noopener noreferrer"><code>controller-runtime</code></a> client.<br><br> The client needs some additional information to "map the golang obejcts with the registered crds".</p> <blockquote> <p>Note that the golang objects we created don't have information like <code>apiVersion</code>, <code>kind</code><br> Hence to provide this information we need to register something called as a <code>scheme</code>. </p> </blockquote> <p>A Scheme basically maps the Go object to what we call GVK(<em>GroupVersionKind</em>) in kubernetes. This is usually auto generated when CRD's are defined using any framework like kubebuilder or operatorsdk. There's even one generated for our <code>Workload</code> kind which you can take a look at here – <a href="https://github.com/ishankhare07/launchpad/blob/master/api/v1alpha1/groupversion_info.go" rel="noopener noreferrer">api/v1alpha1/groupversion_info.go</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="o">...</span> <span class="k">var</span> <span class="p">(</span> <span class="c">// GroupVersion is group version used to register these objects</span> <span class="n">GroupVersion</span> <span class="o">=</span> <span class="n">schema</span><span class="o">.</span><span class="n">GroupVersion</span><span class="p">{</span><span class="n">Group</span><span class="o">:</span> <span class="s">"labs.ishankhare.dev"</span><span class="p">,</span> <span class="n">Version</span><span class="o">:</span> <span class="s">"v1alpha1"</span><span class="p">}</span> <span class="c">// SchemeBuilder is used to add go types to the GroupVersionKind scheme</span> <span class="n">SchemeBuilder</span> <span class="o">=</span> <span class="o">&amp;</span><span class="n">scheme</span><span class="o">.</span><span class="n">Builder</span><span class="p">{</span><span class="n">GroupVersion</span><span class="o">:</span> <span class="n">GroupVersion</span><span class="p">}</span> <span class="c">// AddToScheme adds the types in this group-version to the given scheme.</span> <span class="n">AddToScheme</span> <span class="o">=</span> <span class="n">SchemeBuilder</span><span class="o">.</span><span class="n">AddToScheme</span> <span class="p">)</span> </code></pre> </div> <p>A similar scheme is defined by the <code>Istio</code> library, which we can register in our <a href="https://github.com/ishankhare07/launchpad/blob/master/main.go#L47" rel="noopener noreferrer">main.go</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">import</span> <span class="p">(</span> <span class="o">...</span> <span class="n">istioscheme</span> <span class="s">"istio.io/client-go/pkg/clientset/versioned/scheme"</span> <span class="o">...</span> <span class="p">)</span> <span class="o">...</span> <span class="k">func</span> <span class="n">init</span><span class="p">()</span> <span class="p">{</span> <span class="o">...</span> <span class="n">_</span> <span class="o">=</span> <span class="n">istioscheme</span><span class="o">.</span><span class="n">AddToScheme</span><span class="p">(</span><span class="n">scheme</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>Now we are done! You can follow along the <a href="https://github.com/ishankhare07/launchpad/blob/master/README.md#controller-demo" rel="noopener noreferrer">Controller-demo</a> to see the magic happen!</p> <h5> Some final highlights </h5> <p>As pointed out the <a href="https://github.com/ishankhare07/launchpad/blob/master/README.md#is-that-it" rel="noopener noreferrer">final sections of the demo</a>, even if someone/something accidentally or deliberately deletes either of the <code>VirtualService</code> or the <code>DestinationRule</code>, the controller immediately steps in and recreates it for us.</p> <blockquote> <p>One more trick left to showcase. If you were to go and delete either the VirtualService or the DestinationRule now, since the controller is watching over them, it will instantly recreate it with the correct configuration. This simulates an actual human error which have triggered alerts for the team in the past only to realise that somewhere, somebody did a kubectl delete vs helloworld. Go ahead, try it. Then try to run <code>kubectl get vs,dr</code> again.</p> </blockquote> <p>Lastly I'd like to mention the awesome work being done by folks at <a href="https://twitter.com/crossplane_io" rel="noopener noreferrer">@crossplane</a> and <a href="https://twitter.com/hasheddan" rel="noopener noreferrer">@hasheddan</a> who are building some really cool stuff leveraging the controllers and the KRM(kubernetes resource model). If you're more interested, checkout the following resources:</p> <ol> <li> <a href="https://blog.upbound.io/how-the-kubernetes-resource-model-enables-configuration-as-data/" rel="noopener noreferrer">Kubernetes as a Framework for Control Planes</a>.</li> <li>Crossplane team integrating GKE Autopilot before the night ends <a href="https://www.youtube.com/watch?v=3VddZSTPc4Y" rel="noopener noreferrer">on live stream</a>.</li> </ol> <h5> What's next? </h5> <p>In a follow-up post I'll talk about how we can bring <a href="https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#what-are-admission-webhooks" rel="noopener noreferrer">Admission Webhooks</a>, particularly Validating Admission Webhooks into the picture and make sure nobody's able to create our <code>Workload</code> CRD with wrong values – like a traffic split that doesn't add up to a 100% for eg. (<code>80:30</code> or <code>40:30</code>)</p> <p>This post was original posted on my personal blog <a href="https://ishankhare.dev" rel="noopener noreferrer">ishankhare.dev</a></p> kubernetes go controllers istio Writing a kubernetes controller in Go with kubebuilder Ishan Khare Tue, 17 Nov 2020 23:49:05 +0000 https://forem.com/ishankhare07/writing-a-simple-kubernetes-controller-in-go-with-kubebuilder-ib8 https://forem.com/ishankhare07/writing-a-simple-kubernetes-controller-in-go-with-kubebuilder-ib8 <p>In this post we'll implement a simple kubernetes controller using the <a href="https://github.com/kubernetes-sigs/kubebuilder" rel="noopener noreferrer">kubebuilder</a></p> <h3> Installing kubebuilder </h3> <p>The installation instructions can be found on kubebuilder <a href="https://book.kubebuilder.io/quick-start.html#installation" rel="noopener noreferrer">installation docs</a></p> <h3> Install kustomize </h3> <p>Since kubebuilder internally relies on kustomize, hence we need to install that from the <a href="https://kubernetes-sigs.github.io/kustomize/installation/" rel="noopener noreferrer">instructions here</a></p> <p>Now we're all set up to start building our controller</p> <h3> Start the project </h3> <p>I have initialized an empty go project<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>go mod init cnat </code></pre> </div> <p>Next we'll initialize the controller project<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>kubebuilder init --domain ishankhare.dev </code></pre> </div> <p>Now we'll ask kubebuilder to setup all the necessary scaffolding for our project<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>kubebuilder create api --group cnat --version v1alpha1 --kind At </code></pre> </div> <p>Kubebuilder will ask us whether to create <code>Resource</code> and <code>Controller</code> directories, to which we can answer <code>y</code> each, since we want these to be created<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Create Resource [y/n] y Create Controller [y/n] y Writing scaffold for you to edit... </code></pre> </div> <h4> Test install scaffold </h4> <p>If we now run <code>make install</code>, kubebuilder should generate the base <code>CRDs</code> under <code>config/crd/bases</code> and a few other files for us.</p> <p>Running <code>make run</code> should now allow us to launch the operator locally. This is really helpful for local testing while we will be implementing and debugging the business logic of our operator code. The live logs will give us insights about how our codebase changes reflect to what's happening with the operator.</p> <h4> Enable status subresource </h4> <p>In the file <code>api/v1alpha1/at_types.go</code> add the following comment above <code>At</code> struct.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// +kubebuilder:object:root=true // +kubebuilder:subresource:status // At is the Schema for the ats API type At struct { . . . </code></pre> </div> <p>This will enable us to use privilege separation between <code>spec</code> and <code>status</code> fields.</p> <h4> Background </h4> <p>A little background on what we're going to build here. Our controller is basically a 'Cloud Native At' (cnat) for short – a cloud native version of the Unix's <code>at</code> command. We provide a <code>CRD</code> manifest containing 2 main things:</p> <ol> <li>A command to execute</li> <li>Time to execute the command</li> </ol> <p>Our controller will basically wait and watch till the appropriate time, then would spawn a <code>Pod</code> and run the given command in that <code>Pod</code>. All this will it will also keep updating the <code>Status</code> of that <code>CRD</code> which we can view with <code>kubectl</code></p> <p>So let's begin</p> <h4> <code>CRD</code> outline </h4> <p>This section basically describes how we want our <code>CRD</code> to look like. Given the two points we listed above, we can basically represent them as:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>apiVersion: cnat.ishankhare.dev/v1alpha1 kind: At metadata: name: at-sample spec: schedule: "2020-11-16T10:12:00Z" command: "echo hello world!" </code></pre> </div> <p>This is enough information for our controller to decide 'when' and 'what' to execute.</p> <h4> Defining the <code>CRD</code> </h4> <p>Now that we know what we expect out of the <code>CRD</code> let's implement that. Goto the file <code>api/v1alpha1/at_types.go</code> and add the following fields to the code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>const ( PhasePending = "PENDING" PhaseRunning = "RUNNING" PhaseDone = "DONE" ) </code></pre> </div> <p>Also we edit the existing <code>AtSpec</code> and <code>AtStatus</code> structs as follows:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>type AtSpec struct { Schedule string `json:"schedule,omitempty"` Command string `json:"command,omitempty"` } type AtStatus struct { Phase string `json:"phase,omitempty"` } </code></pre> </div> <p>We save this as we run<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>$ make manifests go: creating new go.mod: module tmp go: found sigs.k8s.io/controller-tools/cmd/controller-gen in sigs.k8s.io/controller-tools v0.2.5 /Users/ishankhare/godev/bin/controller-gen "crd:trivialVersions=true" rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases $ make install # this will install the generated CRD into k8s </code></pre> </div> <p>We should now be able to see an exhaustive <code>CustomResourceDefinition</code> generated for us at <code>config/crd/bases/cnat.ishankhare.dev_ats.yaml</code>. For people new to <code>CRD</code>'s, they will basically help kubernetes identify what our <code>kind: At</code> means. Unlike builtin resource types like <code>Deployments</code>, <code>Pods</code> etc. we need to define custom types for kubernetes through a <code>CustomResourceDefinition</code>. Let's try to create an <code>At</code> resource:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>cat &gt;sample-at.yaml&lt;&lt;EOF apiVersion: cnat.ishankhare.dev/v1alpha1 kind: At metadata: name: at-sample spec: schedule: "2020-11-16T10:12:00Z" command: "echo hello world!" EOF </code></pre> </div> <p>If we now do a <code>kubectl apply -f</code> to the previously shown CRD:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>kubectl apply -f sample-at.yaml kubectl get at NAME AGE at-sample 124m </code></pre> </div> <p>So now kubernetes recognizes our custom type, but it still does NOT know what to do with it. The logic part of the controller is still missing, but we have the skeleton ready to start writing our logic around it.</p> <h4> Implementing the Controller logic </h4> <p>Now we're coming to the fun part – implementing the logic for our operator. This will basically tell kubernetes what to do with our generated CRD. As few say its like "making kubernetes do tricks!".</p> <p>Most of the scaffolding as been already generated for us by kubebuilder in <code>main.go</code> and <code>controllers/</code>. Inside the <code>controllers/at_controller.go</code> file we have the function <code>Reconcile</code>. Consider this is the reconcile loop's body.</p> <p>A small refresher – a controller basically runs a periodic loop over the said objects and watches for any changes to those objects. When changes happen the loop body is triggered and the relevant logic can be executed. This function <code>Reconcile</code> is that logical piece, the entry-point for all our controller logic.</p> <p>Let's start adding a basic structuring around it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>func (r *AtReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) { reqLogger := r.Log.WithValues("at", req.NamespacedName) reqLogger.Info("=== Reconciling At") instance := &amp;cnatv1alpha1.At{} err := r.Get(context.TODO(), req.NamespacedName, instance) if err != nil { if errors.IsNotFound(err) { // object not found, could have been deleted after // reconcile request, hence don't requeue return ctrl.Result{}, nil } // error reading the object, requeue the request return ctrl.Result{}, err } // if no phase set, default to Pending if instance.Status.Phase == "" { instance.Status.Phase = cnatv1alpha1.PhasePending } // state transition PENDING -&gt; RUNNING -&gt; DONE return ctrl.Result{}, nil } </code></pre> </div> <p>Here we basically create a logger and an empty instance of the <code>At</code> object, which will allow use to query kubernetes for existing <code>At</code> objects and read/write to their status etc. The function is supposed to return the result of the reconciliation logic and an error. The <code>ctrl.Result</code> object can optionally tell the reconciler to either <code>Requeue</code> immediately (bool) or <code>RequeueAfter</code> with a <code>time.Duration</code> – again these are optional.</p> <p>Now lets come to the important part, the state diagram. The image below explains what basically happens when we create a new <code>At</code>:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F02dsdoh5wnysmwar83v7.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2F02dsdoh5wnysmwar83v7.png" alt="State diagram" width="800" height="783"></a></p> <p>Now, lets start implementing this logic in the function:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>... // state transition PENDING -&gt; RUNNING -&gt; DONE switch instance.Status.Phase { case cnatv1alpha1.PhasePending: reqLogger.Info("Phase: PENDING") diff, err := schedule.TimeUntilSchedule(instance.Spec.Schedule) if err != nil { reqLogger.Error(err, "Schedule parsing failure") return ctrl.Result{}, err } reqLogger.Info("Schedule parsing done", "Result", fmt.Sprintf("%v", diff)) if diff &gt; 0 { // not yet time to execute, wait until scheduled time return ctrl.Result{RequeueAfter: diff * time.Second}, nil } reqLogger.Info("It's time!", "Ready to execute", instance.Spec.Command) // change state instance.Status.Phase = cnatv1alpha1.PhaseRunning </code></pre> </div> <p>The <code>schedule.TimeUntilSchedule</code> function is simple to implement like so:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>package schedule import "time" func TimeUntilSchedule(schedule string) (time.Duration, error) { now := time.Now().UTC() layout := "2006-01-02T15:04:05Z" scheduledTime, err := time.Parse(layout, schedule) if err != nil { return time.Duration(0), err } return scheduledTime.Sub(now), nil } </code></pre> </div> <p>The next <code>case</code> in our <code>switch</code> body is for <code>RUNNING</code> phase. This is the most complicated one and I've added comments wherever I can to explain it better.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>case cnatv1alpha1.PhaseRunning: reqLogger.Info("Phase: RUNNING") pod := spawn.NewPodForCR(instance) err := ctrl.SetControllerReference(instance, pod, r.Scheme) if err != nil { // requeue with error return ctrl.Result{}, err } query := &amp;corev1.Pod{} // try to see if the pod already exists err = r.Get(context.TODO(), req.NamespacedName, query) if err != nil &amp;&amp; errors.IsNotFound(err) { // does not exist, create a pod err = r.Create(context.TODO(), pod) if err != nil { return ctrl.Result{}, err } // Successfully created a Pod reqLogger.Info("Pod Created successfully", "name", pod.Name) return ctrl.Result{}, nil } else if err != nil { // requeue with err reqLogger.Error(err, "cannot create pod") return ctrl.Result{}, err } else if query.Status.Phase == corev1.PodFailed || query.Status.Phase == corev1.PodSucceeded { // pod already finished or errored out` reqLogger.Info("Container terminated", "reason", query.Status.Reason, "message", query.Status.Message) instance.Status.Phase = cnatv1alpha1.PhaseDone } else { // don't requeue, it will happen automatically when // pod status changes return ctrl.Result{}, nil } </code></pre> </div> <p>We set the <code>ctrl.SetControllerReference</code> that basically tells kubernetes runtime that the created <code>Pod</code> is "owned" by this <code>At</code> instance. This is later going to come handy for us when watching on resources created by our Controller.<br> We also use another external function here <code>spawn.NewPodForCR</code> which is basically responsible for spawning the new <code>Pod</code> for our <code>At</code> custom resource spec. This is implemented as follows:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>package spawn import ( cnatv1alpha1 "cnat/api/v1alpha1" "strings" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) func NewPodForCR(cr *cnatv1alpha1.At) *corev1.Pod { labels := map[string]string{ "app": cr.Name, } return &amp;corev1.Pod{ ObjectMeta: metav1.ObjectMeta{ Name: cr.Name, Namespace: cr.Namespace, Labels: labels, }, Spec: corev1.PodSpec{ Containers: []corev1.Container{ { Name: "busybox", Image: "busybox", Command: strings.Split(cr.Spec.Command, " "), }, }, RestartPolicy: corev1.RestartPolicyOnFailure, }, } } </code></pre> </div> <p>The last bits of code deal with the <code>DONE</code> phase and the <code>default</code> case of <code>switch</code>. We also do the updation of our <code>status</code> subresource outside the switch as a common part of code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>case cnatv1alpha1.PhaseDone: reqLogger.Info("Phase: DONE") // reconcile without requeuing return ctrl.Result{}, nil default: reqLogger.Info("NOP") return ctrl.Result{}, nil } // update status err = r.Status().Update(context.TODO(), instance) if err != nil { return ctrl.Result{}, err } return ctrl.Result{}, nil </code></pre> </div> <p>Lastly we utilize the <code>SetControllerReference</code> by adding the following to the <code>SetupWithManager</code> function in the same file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>err := ctrl.NewControllerManagedBy(mgr). For(&amp;cnatv1alpha1.At{}). Owns(&amp;corev1.Pod{}). Complete(r) if err != nil { return err } return nil </code></pre> </div> <p>The part specifying <code>Owns(&amp;corev1.Pod{})</code> is important and tells the controller manager that pods created by this controller also needs to be watched for changes.</p> <p>If you want to have a look at the entire final code implementation, head over the this github repo – <a href="https://github.com/ishankhare07/kubebuilder-controller" rel="noopener noreferrer">ishankhare07/kubebuilder-controller</a>.<br> With this in place, we are now done with implementation of our controller, we can run and test it on a cluster in our current kube context using <code>make run</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>go: creating new go.mod: module tmp go: found sigs.k8s.io/controller-tools/cmd/controller-gen in sigs.k8s.io/controller-tools v0.2.5 /Users/ishankhare/godev/bin/controller-gen object:headerFile="hack/boilerplate.go.txt" paths="./..." go fmt ./... go vet ./... /Users/ishankhare/godev/bin/controller-gen "crd:trivialVersions=true" rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases go run ./main.go 2020-11-18T05:05:45.531+0530 INFO controller-runtime.metrics metrics server is starting to listen {"addr": ":8080"} 2020-11-18T05:05:45.531+0530 INFO setup starting manager 2020-11-18T05:05:45.531+0530 INFO controller-runtime.manager starting metrics server {"path": "/metrics"} 2020-11-18T05:05:45.531+0530 INFO controller-runtime.controller Starting EventSource {"controller": "at", "source": "kind source: /, Kind="} 2020-11-18T05:05:45.732+0530 INFO controller-runtime.controller Starting EventSource {"controller": "at", "source": "kind source: /, Kind="} 2020-11-18T05:05:46.232+0530 INFO controller-runtime.controller Starting Controller {"controller": "at"} 2020-11-18T05:05:46.232+0530 INFO controller-runtime.controller Starting workers {"controller": "at", "worker count": 1} 2020-11-18T05:05:46.232+0530 INFO controllers.At === Reconciling At {"at": "cnat/at-sample"} 2020-11-18T05:05:46.232+0530 INFO controllers.At Phase: PENDING {"at": "cnat/at-sample"} 2020-11-18T05:05:46.232+0530 INFO controllers.At Schedule parsing done {"at": "cnat/at-sample", "Result": "-14053h23m46.232658s"} 2020-11-18T05:05:46.232+0530 INFO controllers.At It's time! {"at": "cnat/at-sample", "Ready to execute": "echo YAY!"} 2020-11-18T05:05:46.436+0530 DEBUG controller-runtime.controller Successfully Reconciled {"controller": "at", "request": "cnat/at-sample"} 2020-11-18T05:05:46.443+0530 INFO controllers.At === Reconciling At {"at": "cnat/at-sample"} 2020-11-18T05:05:46.443+0530 INFO controllers.At Phase: RUNNING {"at": "cnat/at-sample"} 2020-11-18T05:05:46.718+0530 INFO controllers.At Pod Created successfully {"at": "cnat/at-sample", "name": "at-sample"} 2020-11-18T05:05:46.718+0530 DEBUG controller-runtime.controller Successfully Reconciled {"controller": "at", "request": "cnat/at-sample"} 2020-11-18T05:05:46.722+0530 INFO controllers.At === Reconciling At {"at": "cnat/at-sample"} 2020-11-18T05:05:46.722+0530 INFO controllers.At Phase: RUNNING {"at": "cnat/at-sample"} 2020-11-18T05:05:46.722+0530 DEBUG controller-runtime.controller Successfully Reconciled {"controller": "at", "request": "cnat/at-sample"} 2020-11-18T05:05:46.778+0530 INFO controllers.At === Reconciling At {"at": "cnat/at-sample"} 2020-11-18T05:05:46.778+0530 INFO controllers.At Phase: RUNNING {"at": "cnat/at-sample"} 2020-11-18T05:05:46.778+0530 DEBUG controller-runtime.controller Successfully Reconciled {"controller": "at", "request": "cnat/at-sample"} 2020-11-18T05:05:46.846+0530 INFO controllers.At === Reconciling At {"at": "cnat/at-sample"} 2020-11-18T05:05:46.847+0530 INFO controllers.At Phase: RUNNING {"at": "cnat/at-sample"} 2020-11-18T05:05:46.847+0530 DEBUG controller-runtime.controller Successfully Reconciled {"controller": "at", "request": "cnat/at-sample"} 2020-11-18T05:05:49.831+0530 INFO controllers.At === Reconciling At {"at": "cnat/at-sample"} 2020-11-18T05:05:49.831+0530 INFO controllers.At Phase: RUNNING {"at": "cnat/at-sample"} 2020-11-18T05:05:49.831+0530 INFO controllers.At Container terminated {"at": "cnat/at-sample", "reason": "", "message": ""} 2020-11-18T05:05:50.054+0530 DEBUG controller-runtime.controller Successfully Reconciled {"controller": "at", "request": "cnat/at-sample"} 2020-11-18T05:05:50.056+0530 INFO controllers.At === Reconciling At {"at": "cnat/at-sample"} 2020-11-18T05:05:50.056+0530 INFO controllers.At Phase: DONE {"at": "cnat/at-sample"} 2020-11-18T05:05:50.056+0530 DEBUG controller-runtime.controller Successfully Reconciled {"controller": "at", "request": "cnat/at-sample"} </code></pre> </div> <p>If you're interested to see the output command we can run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>$ kubectl logs -f at-sample hello world! </code></pre> </div> <p>This post was first published on my personal blog <a href="https://ishankhare.dev" rel="noopener noreferrer">ishankhare.dev</a></p> kubernetes go operators controllers Deploy a golang API on Kubernetes with Nginx ingress Ishan Khare Thu, 28 Nov 2019 09:28:58 +0000 https://forem.com/ishankhare07/deploy-a-golang-api-on-kubernetes-with-nginx-ingress-33k6 https://forem.com/ishankhare07/deploy-a-golang-api-on-kubernetes-with-nginx-ingress-33k6 <p>This blog post is a follow up on my <a href="https://ishankhare.com/posts/1/" rel="noopener noreferrer">previous post</a> where we talked about deploying a Python app with nginx reverse proxy using docker.</p> <p>So lets line up all the things that we're going to touch in this post:</p> <ol> <li><a href="https://kubernetes.io/docs/concepts/services-networking/ingress/" rel="noopener noreferrer">Ingress</a></li> <li><a href="https://kubernetes.io/docs/concepts/services-networking/service/" rel="noopener noreferrer">Services</a></li> <li><a href="https://kubernetes.io/docs/concepts/workloads/controllers/deployment/" rel="noopener noreferrer">Deployments</a></li> </ol> <p>Now that we have set the tone, lets go in brief about what the above this are about that what role they play.<br> We will then actually go over each and code them and implement the deployment in kubernetes.</p> <h4> What is Ingress? </h4> <p>From the kubernetes documentation Ingress is defined as:</p> <blockquote> <p>Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster. Traffic routing is controlled by rules defined on the Ingress resource.</p> </blockquote> <p>Also this diagram seems to provide a bit more details so I'll just leave it here:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> internet | [ Ingress ] --|-----|-- [ Services ] </code></pre> </div> <p>All though IMO the above diagram is a bit more simplified. Hence I came up with this arch. diagram explaining the above arrangement in a bit more detail.</p> <p>Another way to look at Ingress is that its a Layer 7 load balancer. As layer 7 LB is application aware, it can determine where to send the traffic depending on application state.<br><br> In contrast, a simple load balancer like Google cloud load balancer or AWS' ELB are Layer 4 LB. You would use it to expose single app or service to the outside world. It would balance the load based<br> on destination IP address, protocol and port.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fishankhare.com%2Fmedia%2Fimages%2Fkube-nignx-ingress-arch.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fishankhare.com%2Fmedia%2Fimages%2Fkube-nignx-ingress-arch.png"></a></p> <h4> What are services? </h4> <p>Without going into much detail about what services are, k8s docs describe services as:</p> <blockquote> <p>An abstract way to expose an application running on a set of Pods as a network service.</p> </blockquote> <h4> And Deployments? </h4> <p>Deployment are merely high level abstractions over Pods (which in themselves are abstractions over your containers). Well that's only half correct.</p> <p>In fact <a href="https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/" rel="noopener noreferrer">ReplicaSets</a> are a direct abstractions on your Pods and Deployments are an abstraction over ReplicaSets.<br> Again from the docs:</p> <blockquote> <p>You describe a desired state in a Deployment, and the Deployment Controller changes the actual state to the desired state at a controlled rate. You can define Deployments to create new ReplicaSets, or to remove existing Deployments and adopt all their resources with new Deployments.</p> </blockquote> <h4> So lets dive right in </h4> <p>Let's first see how our Go code is going to look like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"fmt"</span> <span class="s">"net/http"</span> <span class="s">"github.com/gin-gonic/gin"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">greet</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">{</span> <span class="n">name</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">Param</span><span class="p">(</span><span class="s">"name"</span><span class="p">)</span> <span class="n">c</span><span class="o">.</span><span class="n">String</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">StatusOK</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"Hello %s!"</span><span class="p">,</span> <span class="n">name</span><span class="p">))</span> <span class="p">}</span> <span class="k">func</span> <span class="n">stranger</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">{</span> <span class="n">c</span><span class="o">.</span><span class="n">String</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">StatusOK</span><span class="p">,</span> <span class="s">"Hello stranger!"</span><span class="p">)</span> <span class="p">}</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">router</span> <span class="o">:=</span> <span class="n">gin</span><span class="o">.</span><span class="n">Default</span><span class="p">()</span> <span class="n">router</span><span class="o">.</span><span class="n">GET</span><span class="p">(</span><span class="s">"/hello/:name"</span><span class="p">,</span> <span class="n">greet</span><span class="p">)</span> <span class="n">router</span><span class="o">.</span><span class="n">GET</span><span class="p">(</span><span class="s">"/hello/"</span><span class="p">,</span> <span class="n">stranger</span><span class="p">)</span> <span class="n">router</span><span class="o">.</span><span class="n">GET</span><span class="p">(</span><span class="s">"/"</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">{</span> <span class="n">c</span><span class="o">.</span><span class="n">String</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">StatusOK</span><span class="p">,</span> <span class="s">""</span><span class="p">)</span> <span class="p">})</span> <span class="n">router</span><span class="o">.</span><span class="n">Run</span><span class="p">(</span><span class="s">":8000"</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>This is a very trivial api, we add three endpoints. The root url is basically also a health check and hence must return a <code>200</code> OK http status.</p> <p>Once we have this go code built into a container – which BTW is not the subject of this post and I'm skipping it out, we can start concentrating on more about how to deploy<br> this service on kubernetes.</p> <p>I'm going to deploy this to a k8s cluster on Google Cloud, but the code should work seamlessly on any other k8s deployments as well.</p> <p>Also, I've created a container with the above code and made it available on docker hub publicly. The container can be found here – <a href="https://hub.docker.com/repository/docker/ishankhare07/ingress-test" rel="noopener noreferrer">https://hub.docker.com/repository/docker/ishankhare07/ingress-test</a></p> <p>You can pull down the image using <code>docker pull ishankhare07/ingress-test:0.0.3</code></p> <h4> The cluster </h4> <p>So lets get down to business, I'm assuming you have your cluster running and <code>kubectl</code> command configured to connect to the cluster. We'll be setting up an</p> <ul> <li><code>ingress resource</code></li> <li><code>ingress controller</code></li> </ul> <p>While there are many plug-and-play options for ingress available today written over the <code>ingress api</code>, the simplest and most straight forward one is <a href="https://kubernetes.github.io/ingress-nginx/" rel="noopener noreferrer">nginx ingress</a>.<br> I've given the link to official docs which details the exact installation steps for setting it up. But these steps vary slightly depending on the cloud provider, k8s version etc.</p> <p>Hence the best and easiest way to actually setup nginx ingress is through <a href="https://helm.sh/" rel="noopener noreferrer">helm</a></p> <h4> WTF is helm? </h4> <p>Helm is a package manager for k8s. Consider it like <code>apt-get</code> or <code>yum</code> but for kubernetes. Just tell helm the package – which are called <code>charts</code> in helm terminology to be installed, and helm will do it for you. The good this about helm is – its sort of an automation tool over kubernetes. So if you have something that requires multiple steps to setup, helm will do it for you – like run a few deployments, expose it at a port through a service, mount a volume from a persistent disk etc. More on helm some other day. Right now go ahead and install helm on your cluster.</p> <p>And yes you read that right, "install on cluster". You see helm is a 2 part thing</p> <ol> <li>The helm cli client that is installed on your dev machine.</li> <li>The tiller controllers that are spun as pod controllers inside your cluster</li> </ol> <p>The way it works is you tell helm what to install using the helm cli. The cli then communicates this to the tiller controllers running on your k8s cluster.<br> Those controllers fetch and spin the required pods etc. in the cluster for you. In a way we are using kubernetes provided primitives to automate and extend kubernetes itself.</p> <p>Once you've helm installed and setup, we can now proceed with deploying our application.</p> <h4> Deploying our go backend </h4> <p>We want out go backend to be available on port <code>8000</code> because that is what we exposed in our code.<br> So lets write a <code>greeter.yaml</code> file with the following content<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">kind</span><span class="pi">:</span> <span class="s">Deployment</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">apps/v1</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">go-greeter</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">greeter</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">replicas</span><span class="pi">:</span> <span class="m">3</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">greeter</span> <span class="na">template</span><span class="pi">:</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">greeter</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">greeter</span> <span class="na">image</span><span class="pi">:</span> <span class="s">ishankhare07/ingress-test:0.0.3</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">/go/bin/ingress-test"</span><span class="pi">]</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">8000</span> <span class="nn">---</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Service</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">greeter-service</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">greeter</span> <span class="na">type</span><span class="pi">:</span> <span class="s">NodePort</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">port</span><span class="pi">:</span> <span class="m">8000</span> </code></pre> </div> <p>We define a Deployment – with a replicaset of 3 pods. Each pod's port <code>8000</code> is open only accessible from inside the cluster. Next we expose a service that <em>funnels</em> all the incoming data to the 3 replicas of our containers in a round robin fashion.</p> <p>Lets deploy this to our cluster first:<br> <code>kubectl apply -f greeter.yaml</code></p> <p>Lets see the deployment:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl get deploy NAME READY UP-TO-DATE AVAILABLE AGE go-greeter 3/3 3 3 13d </code></pre> </div> <p>Also we deployed a service, lets check that too:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT<span class="o">(</span>S<span class="o">)</span> AGE greeter-service NodePort 10.36.7.174 &lt;none&gt; 8000:31269/TCP 13d </code></pre> </div> <p>So our Deployment is up and running and is exposed inside the cluster through a service. Next we need to connect it to the outside world through Ingress.</p> <h4> Installing nginx ingress through helm </h4> <p>Assuming helm is installed and setup with RBAC roles applied, we can install nginx-ingress chart with the following command:<br> <code>helm install --name nginx-ingress stable/nginx-ingress --set rbac.create=true --set controller.publishService.enabled=true</code></p> <p>If all goes well, this should give us the following output:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>NAME TYPE CLUSTER-IP EXTERNAL-IP PORT<span class="o">(</span>S<span class="o">)</span> AGE nginx-ingress-controller LoadBalancer 10.7.248.226 pending 80:30890/TCP,443:30258/TCP 1s nginx-ingress-default-backend ClusterIP 10.7.245.75 none 80/TCP 1s </code></pre> </div> <p>So we have our ingress controller and the default backend setup and running. Now all that's left is telling this nginx-ingress-controller how and where to redirect incoming traffic.<br> Let's write a new file <code>ingress.yaml</code> for it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">extensions/v1beta1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Ingress</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">my-ingress</span> <span class="na">annotations</span><span class="pi">:</span> <span class="na">kubernetes.io/ingress.class</span><span class="pi">:</span> <span class="s2">"</span><span class="s">nginx"</span> <span class="na">ingress.kubernetes.io/rewrite-target</span><span class="pi">:</span> <span class="s">/</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">rules</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">http</span><span class="pi">:</span> <span class="na">paths</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/hello/</span> <span class="na">backend</span><span class="pi">:</span> <span class="na">serviceName</span><span class="pi">:</span> <span class="s">greeter-service</span> <span class="na">servicePort</span><span class="pi">:</span> <span class="m">8000</span> </code></pre> </div> <p>Let's deploy this now:<br> <code>kubectl apply -f ingress.yaml</code></p> <p>This will create and ingress and a loadbalancer service and attach a public IP address, which can be seen by:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl get ingress NAME HOSTS ADDRESS PORTS AGE my-ingress <span class="k">*</span> XXX.XXX.XXX.XXX 80 11d </code></pre> </div> <p>Now, if we visit the above IP Address we'll hit the default backend for 404 – since <code>/</code> url is not defined in our ingress.<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fishankhare.com%2Fmedia%2Fimages%2FScreenshot_2019-11-11_at_6.18.33_PM.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fishankhare.com%2Fmedia%2Fimages%2FScreenshot_2019-11-11_at_6.18.33_PM.png"></a></p> <p>Now on hitting the first path <code>/hello</code>, this is what we get:<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fishankhare.com%2Fmedia%2Fimages%2FScreenshot_2019-11-11_at_6.20.03_PM.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fishankhare.com%2Fmedia%2Fimages%2FScreenshot_2019-11-11_at_6.20.03_PM.png"></a></p> <p>Also we have another internal API endpoint in our greeter service, lets hit that too – <code>/hello/ishan</code>, what we get:<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fishankhare.com%2Fmedia%2Fimages%2FScreenshot_2019-11-11_at_6.26.51_PM.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fishankhare.com%2Fmedia%2Fimages%2FScreenshot_2019-11-11_at_6.26.51_PM.png"></a></p> <p>Now that we are able to direct traffic to different deployments using the ingress, let's deploy a new pod and try to redirect some traffic there. We'll simply use <code>hashicorp/http-echo</code><br> to use as a second service. Let's write a manifest for this:<br> <code>apple.yaml</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">kind</span><span class="pi">:</span> <span class="s">Pod</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">apple-app</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">apple</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">apple-app</span> <span class="na">image</span><span class="pi">:</span> <span class="s">hashicorp/http-echo</span> <span class="na">args</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">-text=apple"</span> <span class="nn">---</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Service</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">apple-service</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">apple</span> <span class="na">type</span><span class="pi">:</span> <span class="s">NodePort</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">port</span><span class="pi">:</span> <span class="m">5678</span> </code></pre> </div> <p>Let's deploy this:<br> <code>kubectl apply -f apple.yaml</code></p> <p>Now that we have this pod running and exposed through the service, we would want to update the ingress file with these changes.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">extensions/v1beta1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Ingress</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">local-ingress</span> <span class="na">annotations</span><span class="pi">:</span> <span class="na">kubernetes.io/ingress.class</span><span class="pi">:</span> <span class="s2">"</span><span class="s">nginx"</span> <span class="na">ingress.kubernetes.io/rewrite-target</span><span class="pi">:</span> <span class="s">/</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">rules</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">http</span><span class="pi">:</span> <span class="na">paths</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/apple</span> <span class="na">backend</span><span class="pi">:</span> <span class="na">serviceName</span><span class="pi">:</span> <span class="s">apple-service</span> <span class="na">servicePort</span><span class="pi">:</span> <span class="m">5678</span> <span class="pi">-</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/hello/</span> <span class="na">backend</span><span class="pi">:</span> <span class="na">serviceName</span><span class="pi">:</span> <span class="s">greeter-service</span> <span class="na">servicePort</span><span class="pi">:</span> <span class="m">8000</span> </code></pre> </div> <p>Re-configure the ingress by running:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl apply <span class="nt">-f</span> ingress.yaml ingress.extensions/my-ingress configured </code></pre> </div> <p>We can test it by going to the path <code>/apple</code><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fishankhare.com%2Fmedia%2Fimages%2FScreenshot_2019-11-11_at_7.08.40_PM.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fishankhare.com%2Fmedia%2Fimages%2FScreenshot_2019-11-11_at_7.08.40_PM.png"></a></p> <p>And that's it! I'm sure we can all appreciate the loosely coupled nature of kubernetes and the scalability it provides. In the next blog post we'll look into deploying a <a href="https://grpc.io/" rel="noopener noreferrer"><code>gRPC</code></a> endpoint written in Go deployed on this same k8s cluster behind the ingress. We'll also try to connect it to via a python client.</p> <p>This post was originally published on my blog at <a href="https://ishankhare.com" rel="noopener noreferrer">ishankhare.com</a></p> kubernetes go nginxingress reverseproxy Go Concurrency pipelines Ishan Khare Mon, 19 Aug 2019 09:09:32 +0000 https://forem.com/ishankhare07/go-concurrency-pipelines-gmc https://forem.com/ishankhare07/go-concurrency-pipelines-gmc <p>In this blog we're going to explore some design patterns related to concurrency pipelines in Go</p> <ul> <li>We'll take a real world use case as an example to begin with and try to optimize it with goroutines first. </li> <li>Next we'll see the challenges that arise and how to debug them.</li> <li>Finally we'll introduce another redesign that will enable us to collect stats about all the processing that we do in the above steps.</li> </ul> <h4> The problem statement </h4> <p>Let's say we have a set of users, and we want to make a few calls to an external microservice to filter out the set of users based on a set of parameters.<br><br> Since this external call an be over plain HTTP or over modern alternatives like gRPC, we won't go into the implementation of those.</p> <p>What we'll focus on instead is first a brute force way of optimizing this functionality.</p> <h4> Implementation with goroutines </h4> <p>To start with lets say we have a file named <code>handler.go</code> with the following code:<br> <code>handler.go</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">handler</span> <span class="k">func</span> <span class="n">PerformOperationAfterFiltering</span><span class="p">(</span><span class="n">users</span> <span class="p">[]</span><span class="n">users</span><span class="p">)</span> <span class="p">{</span> <span class="c">// make external call and filter out users</span> <span class="n">operationToBePerformed</span><span class="p">(</span><span class="n">users</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <h5> High level design </h5> <p>Let's say we are getting a list of 1000 users each time on an average. It would be a good idea to break down this into batches before making external calls.<br> What this would enable us to do is split out our network calls. Hence if any batch fails due to some network factors, other batches won't be affected. If we do<br><br> a single call and that fails, we would loose the response for the entire 1000 users. Also breaking down this process into smaller chunks would also enable us to optimize<br> it further in the subsequent steps – divide and conquer.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--_u2yrvJP--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://ishankhare.com/media/images/Simple_batching.jpg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--_u2yrvJP--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://ishankhare.com/media/images/Simple_batching.jpg" alt="simple batching"></a></p> <p>But before we do that, we need to understand how we plan to communicate the results back to the calling function, and how do we know all requests have finished?</p> <p>We'll be using 2 golang constructs for this:</p> <ol> <li>Channels</li> <li>WaitGroup</li> </ol> <p>the high-level architecture should look something like this:<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--Euk4CW96--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://ishankhare.com/media/images/initial_arch.jpeg1.jpg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--Euk4CW96--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://ishankhare.com/media/images/initial_arch.jpeg1.jpg" alt=""></a></p> <p>Let's open a new file to write our request function<br> <code>request.go</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">request</span> <span class="k">import</span> <span class="s">"sync"</span> <span class="k">func</span> <span class="n">Request</span><span class="p">(</span><span class="n">users</span> <span class="p">[]</span><span class="n">Users</span><span class="p">)</span> <span class="k">chan</span> <span class="n">Users</span> <span class="p">{</span> <span class="n">resp</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">(</span><span class="k">chan</span> <span class="n">Users</span><span class="p">)</span> <span class="n">batchSize</span> <span class="o">:=</span> <span class="m">250</span> <span class="k">var</span> <span class="n">batches</span> <span class="p">[][]</span><span class="n">Users</span> <span class="k">var</span> <span class="n">wg</span> <span class="n">sync</span><span class="o">.</span><span class="n">WaitGroup</span> <span class="k">for</span> <span class="n">batchSize</span> <span class="o">&lt;</span> <span class="nb">len</span><span class="p">(</span><span class="n">users</span><span class="p">)</span> <span class="p">{</span> <span class="n">users</span><span class="p">,</span> <span class="n">batches</span> <span class="o">:=</span> <span class="n">users</span><span class="p">[</span><span class="n">batchSize</span><span class="o">:</span><span class="p">],</span> <span class="nb">append</span><span class="p">(</span><span class="n">batches</span><span class="p">,</span> <span class="n">users</span><span class="p">[</span><span class="m">0</span><span class="o">:</span><span class="n">batchSize</span><span class="p">])</span> <span class="p">}</span> <span class="n">batches</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">batches</span><span class="p">,</span> <span class="n">batchSize</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>Now that we have our batches created, we can start the requests for each batch in a goroutine of its own.<br> But everytime we start a new goroutine, we'll add (or register) it with a WaitGroup to keep track of the completion of each of the individual goroutines.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">Request</span><span class="p">(</span><span class="n">users</span> <span class="p">[]</span><span class="n">Users</span><span class="p">)</span> <span class="k">chan</span> <span class="n">Users</span> <span class="p">{</span> <span class="n">resp</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">(</span><span class="k">chan</span> <span class="n">Users</span><span class="p">)</span> <span class="n">batchSize</span> <span class="o">:=</span> <span class="m">250</span> <span class="k">var</span> <span class="n">batches</span> <span class="p">[][]</span><span class="n">Users</span> <span class="k">for</span> <span class="n">batchSize</span> <span class="o">&lt;</span> <span class="nb">len</span><span class="p">(</span><span class="n">users</span><span class="p">)</span> <span class="p">{</span> <span class="n">users</span><span class="p">,</span> <span class="n">batches</span> <span class="o">:=</span> <span class="n">users</span><span class="p">[</span><span class="n">batchSize</span><span class="o">:</span><span class="p">],</span> <span class="nb">append</span><span class="p">(</span><span class="n">batches</span><span class="p">,</span> <span class="n">users</span><span class="p">[</span><span class="m">0</span><span class="o">:</span><span class="n">batchSize</span><span class="p">])</span> <span class="p">}</span> <span class="n">batches</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">batches</span><span class="p">,</span> <span class="n">batchSize</span><span class="p">)</span> <span class="k">var</span> <span class="n">wg</span> <span class="n">sync</span><span class="o">.</span><span class="n">WaitGroup</span> <span class="k">for</span> <span class="n">batch</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">batches</span> <span class="p">{</span> <span class="n">wg</span><span class="o">.</span><span class="n">Add</span><span class="p">(</span><span class="m">1</span><span class="p">)</span> <span class="k">go</span> <span class="k">func</span><span class="p">(</span><span class="n">batch</span> <span class="p">[]</span><span class="n">Users</span><span class="p">)</span> <span class="p">{</span> <span class="k">defer</span> <span class="n">wg</span><span class="o">.</span><span class="n">Done</span><span class="p">()</span> <span class="n">response</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">MakeRequestToThirdParty</span><span class="p">(</span><span class="n">batch</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="c">// log error and probably</span> <span class="c">// also the batch of users that failed</span> <span class="p">}</span> <span class="k">for</span> <span class="n">r</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">response</span> <span class="p">{</span> <span class="k">if</span> <span class="n">r</span><span class="o">.</span><span class="n">CurrentBalance</span> <span class="o">&gt;</span> <span class="m">500</span> <span class="p">{</span> <span class="c">// we've got our user</span> <span class="c">// push it back on our channel</span> <span class="n">resp</span> <span class="o">&lt;-</span> <span class="n">r</span><span class="o">.</span><span class="n">u</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}(</span><span class="n">batch</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="n">resp</span> <span class="p">}</span> </code></pre> </div> <blockquote> <p>Note that the function returns a <code>channel</code> of type <code>Users</code>.</p> </blockquote> <p>Also we added a defer call to <code>wg.Done()</code>. This will decrement our waitgroup so that our exit stages knows when all our goroutines are done.</p> <p>Before we goto the exit stage, let's see how we plan to consume the users from the channel. Channels <a href="https://gobyexample.com/range-over-channels">fit right in</a> with the golang's for loop – i.e. we can consume<br> objects from channel just by the <code>for-range</code> loop of go.<br> In our <code>handler.go</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">handler</span> <span class="k">import</span> <span class="s">"request"</span> <span class="k">func</span> <span class="n">PerformOperationAfterFiltering</span><span class="p">(</span><span class="n">users</span> <span class="p">[]</span><span class="n">users</span><span class="p">)</span> <span class="p">{</span> <span class="c">// make external call and filter out users</span> <span class="k">var</span> <span class="n">filteredUsers</span> <span class="p">[]</span><span class="n">Users</span> <span class="k">for</span> <span class="n">user</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">Request</span><span class="p">(</span><span class="n">users</span><span class="p">)</span> <span class="p">{</span> <span class="n">filteredUsers</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">filteredUsers</span><span class="p">,</span> <span class="n">user</span><span class="p">)</span> <span class="p">}</span> <span class="n">operationToBePerformed</span><span class="p">(</span><span class="n">users</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>That's exactly what we're doing here. <code>range</code>-ing over the open channel. How or when will the loop exit you may ask?<br> – When we <code>close()</code> the channel. And that's where the <code>EXIT</code> stage comes in.</p> <p>So we go on to the exit stage. Back in our <code>request.go</code>, we add another closure, which makes use of our <code>WaitGroup</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">Request</span><span class="p">(</span><span class="n">users</span> <span class="p">[]</span><span class="n">Users</span><span class="p">)</span> <span class="k">chan</span> <span class="n">Users</span> <span class="p">{</span> <span class="n">resp</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">(</span><span class="k">chan</span> <span class="n">Users</span><span class="p">)</span> <span class="n">batchSize</span> <span class="o">:=</span> <span class="m">250</span> <span class="k">var</span> <span class="n">batches</span> <span class="p">[][]</span><span class="n">Users</span> <span class="k">for</span> <span class="n">batchSize</span> <span class="o">&lt;</span> <span class="nb">len</span><span class="p">(</span><span class="n">users</span><span class="p">)</span> <span class="p">{</span> <span class="n">users</span><span class="p">,</span> <span class="n">batches</span> <span class="o">:=</span> <span class="n">users</span><span class="p">[</span><span class="n">batchSize</span><span class="o">:</span><span class="p">],</span> <span class="nb">append</span><span class="p">(</span><span class="n">batches</span><span class="p">,</span> <span class="n">users</span><span class="p">[</span><span class="m">0</span><span class="o">:</span><span class="n">batchSize</span><span class="p">])</span> <span class="p">}</span> <span class="n">batches</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">batches</span><span class="p">,</span> <span class="n">batchSize</span><span class="p">)</span> <span class="k">var</span> <span class="n">wg</span> <span class="n">sync</span><span class="o">.</span><span class="n">WaitGroup</span> <span class="k">for</span> <span class="n">batch</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">batches</span> <span class="p">{</span> <span class="n">wg</span><span class="o">.</span><span class="n">Add</span><span class="p">(</span><span class="m">1</span><span class="p">)</span> <span class="k">go</span> <span class="k">func</span><span class="p">(</span><span class="n">batch</span> <span class="p">[]</span><span class="n">Users</span><span class="p">)</span> <span class="p">{</span> <span class="k">defer</span> <span class="n">wg</span><span class="o">.</span><span class="n">Done</span><span class="p">()</span> <span class="n">response</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">MakeRequestToThirdParty</span><span class="p">(</span><span class="n">batch</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="c">// log error and probably</span> <span class="c">// also the batch of users that failed</span> <span class="p">}</span> <span class="k">for</span> <span class="n">r</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">response</span> <span class="p">{</span> <span class="k">if</span> <span class="n">r</span><span class="o">.</span><span class="n">CurrentBalance</span> <span class="o">&gt;</span> <span class="m">500</span> <span class="p">{</span> <span class="c">// we've got our user</span> <span class="c">// push it back on our channel</span> <span class="n">resp</span> <span class="o">&lt;-</span> <span class="n">r</span><span class="o">.</span><span class="n">User</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}(</span><span class="n">batch</span><span class="p">)</span> <span class="p">}</span> <span class="c">// EXIT stage</span> <span class="k">go</span> <span class="k">func</span><span class="p">()</span> <span class="p">{</span> <span class="c">// wait for the wait group counter to drop down to 0</span> <span class="c">// which will happen when all goroutines are done</span> <span class="n">wg</span><span class="o">.</span><span class="n">Wait</span><span class="p">()</span> <span class="c">// now we close the response channel</span> <span class="c">// this will make our loop also exit</span> <span class="nb">close</span><span class="p">(</span><span class="n">resp</span><span class="p">)</span> <span class="p">}()</span> <span class="k">return</span> <span class="n">resp</span> <span class="p">}</span> </code></pre> </div> <p>The code above is self-explanatory and mimics our initial arch design completely without any issues.</p> <h4> Where things get dim? </h4> <p>The current code works perfectly. But when we deploy such code to production we usually want to log and collect metrics related to what happened.<br> What went wrong, what worked, how many users passed, how many didn't etc.</p> <p>The current design leaves little room for collecting such metrics as we'll see soon.</p> <h4> Collecting metrics </h4> <p>The simplest approach to collecting metrics is:</p> <ul> <li>Build 2 maps with userids to user objects – one for users passing the condition, another for users failing the condition.</li> <li>On response, add the user to the relevant map</li> </ul> <p>So let's add this simple solution to our code<br> <code>handler.go</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">Request</span><span class="p">(</span><span class="n">users</span> <span class="p">[]</span><span class="n">Users</span><span class="p">)</span> <span class="k">chan</span> <span class="n">Users</span> <span class="p">{</span> <span class="n">resp</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">(</span><span class="k">chan</span> <span class="n">Users</span><span class="p">)</span> <span class="n">batchSize</span> <span class="o">:=</span> <span class="m">250</span> <span class="k">var</span> <span class="n">batches</span> <span class="p">[][]</span><span class="n">Users</span> <span class="n">passedUsers</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">(</span><span class="k">map</span><span class="p">[</span><span class="kt">int64</span><span class="p">]</span><span class="n">Users</span><span class="p">)</span> <span class="n">skippedUsers</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">(</span><span class="k">map</span><span class="p">[</span><span class="kt">int64</span><span class="p">]</span><span class="n">Users</span><span class="p">)</span> <span class="k">for</span> <span class="n">batchSize</span> <span class="o">&lt;</span> <span class="nb">len</span><span class="p">(</span><span class="n">users</span><span class="p">)</span> <span class="p">{</span> <span class="n">users</span><span class="p">,</span> <span class="n">batches</span> <span class="o">:=</span> <span class="n">users</span><span class="p">[</span><span class="n">batchSize</span><span class="o">:</span><span class="p">],</span> <span class="nb">append</span><span class="p">(</span><span class="n">batches</span><span class="p">,</span> <span class="n">users</span><span class="p">[</span><span class="m">0</span><span class="o">:</span><span class="n">batchSize</span><span class="p">])</span> <span class="p">}</span> <span class="n">batches</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">batches</span><span class="p">,</span> <span class="n">batchSize</span><span class="p">)</span> <span class="k">var</span> <span class="n">wg</span> <span class="n">sync</span><span class="o">.</span><span class="n">WaitGroup</span> <span class="k">for</span> <span class="n">batch</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">batches</span> <span class="p">{</span> <span class="n">wg</span><span class="o">.</span><span class="n">Add</span><span class="p">(</span><span class="m">1</span><span class="p">)</span> <span class="k">go</span> <span class="k">func</span><span class="p">(</span><span class="n">batch</span> <span class="p">[]</span><span class="n">Users</span><span class="p">)</span> <span class="p">{</span> <span class="k">defer</span> <span class="n">wg</span><span class="o">.</span><span class="n">Done</span><span class="p">()</span> <span class="n">response</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">MakeRequestToThirdParty</span><span class="p">(</span><span class="n">batch</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="c">// log error and probably</span> <span class="c">// also the batch of users that failed</span> <span class="p">}</span> <span class="k">for</span> <span class="n">r</span><span class="p">,</span> <span class="n">_</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">response</span> <span class="p">{</span> <span class="k">if</span> <span class="n">r</span><span class="o">.</span><span class="n">CurrentBalance</span> <span class="o">&gt;</span> <span class="m">500</span> <span class="p">{</span> <span class="c">// we've got our user</span> <span class="c">// push it back on our channel</span> <span class="n">resp</span> <span class="o">&lt;-</span> <span class="n">r</span><span class="o">.</span><span class="n">User</span> <span class="n">passedUsers</span><span class="p">[</span><span class="n">r</span><span class="o">.</span><span class="n">User</span><span class="o">.</span><span class="n">UserId</span><span class="p">]</span> <span class="o">=</span> <span class="n">r</span><span class="o">.</span><span class="n">User</span> <span class="p">}</span> <span class="n">skippedUsers</span><span class="p">[</span><span class="n">r</span><span class="o">.</span><span class="n">User</span><span class="o">.</span><span class="n">UserId</span><span class="p">]</span> <span class="o">=</span> <span class="n">r</span><span class="o">.</span><span class="n">User</span> <span class="p">}</span> <span class="p">}(</span><span class="n">batch</span><span class="p">)</span> <span class="p">}</span> <span class="c">// EXIT stage</span> <span class="k">go</span> <span class="k">func</span><span class="p">()</span> <span class="p">{</span> <span class="c">// wait for the wait group counter to drop down to 0</span> <span class="c">// which will happen when all goroutines are done</span> <span class="n">wg</span><span class="o">.</span><span class="n">Wait</span><span class="p">()</span> <span class="k">defer</span> <span class="n">LogMetrics</span><span class="p">(</span><span class="n">passedUsers</span><span class="p">,</span> <span class="n">skippedUsers</span><span class="p">)</span> <span class="c">// now we close the response channel</span> <span class="c">// this will make our loop also exit</span> <span class="nb">close</span><span class="p">(</span><span class="n">resp</span><span class="p">)</span> <span class="p">}()</span> <span class="k">return</span> <span class="n">resp</span> <span class="p">}</span> </code></pre> </div> <p>The code looks fine – we have added two maps and are writing our users to it. In the exit stage we've added a <code>defer</code> statement which will basically make sure that metrics are definitely registered. This code would compile without any errors and also run without errors for sometime, but there is a serious bug which will crash our code in very weird ways.</p> <h4> The issue </h4> <p>Whenever we write a concurrent piece of code in go and it panics due to some reason which seems weird, <a href="https://blog.golang.org/race-detector">go race detector</a> the the tool to run for.</p> <p>The issue comes do to a race condition where we are trying to write to our hashmaps inside our goroutines. You see these hashmaps are shared data among the goroutines, and it will so happen that at a time more that one goroutine might try to write to these maps – which would result in a data race. And data race in in go are undefined behavior and will basically crash the whole program with not so friendly error messages. This is show in the image in red.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--jP_Ya9x3--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://ishankhare.com/media/images/old_arch.jpg" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--jP_Ya9x3--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://ishankhare.com/media/images/old_arch.jpg" alt=""></a></p> <p>On running the above code with race detector enabled, we'll get some output like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">==================</span> WARNING: DATA RACE Read by goroutine 5: request.Request·001<span class="o">()</span> request.go:36 +0x169 Previous write by goroutine 1: request.Request<span class="o">()</span> request.go:36 +0x174 Goroutine 5 <span class="o">(</span>running<span class="o">)</span> created at: request.goFunc<span class="o">()</span> request.go:19 +0x56 <span class="o">==================</span> </code></pre> </div> <p>This simply tells us the line nos where the data race occurred, this is the first data race, another similar one is right below it where we access the <code>skippedUsers</code> map.</p> <p>In order to fix this, we need to redesign our pipeline architecture slightly. Which we will see in the next iteration of this post.</p> go goroutine channels concurrency Nginx as reverse proxy for a flask app using Docker Ishan Khare Fri, 08 Mar 2019 16:44:22 +0000 https://forem.com/ishankhare07/nginx-as-reverse-proxy-for-a-flask-app-using-docker-3ajg https://forem.com/ishankhare07/nginx-as-reverse-proxy-for-a-flask-app-using-docker-3ajg <h3> So what is a reverse proxy? </h3> <p>A reverse proxy is a type of proxy server that retrieves resources on behalf of a client from one or more servers. These resources are then returned to the client as if they originated from the Web server itself. In this setup, the following diagram gives a better description of our architecture:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fishankhare.com%2Fmedia%2Fimages%2Fnginx-reverse-proxy.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fishankhare.com%2Fmedia%2Fimages%2Fnginx-reverse-proxy.png"></a></p> <h3> Running Nginx with docker </h3> <p>Lets start by running a simple nginx container listening on our localhost's default port(80). We need docker installed for this to work, for instructions on installing docker refer <a href="https://docs.docker.com/engine/installation/" rel="noopener noreferrer">here</a>.<br><br> Next we will pull nginx container image from <a href="https://hub.docker.com/_/nginx/" rel="noopener noreferrer">docker hub</a> with the following command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker pull nginx:1.13.7 </code></pre> </div> <p>We can see the downloaded image<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx 1.13.7 f895b3fb9e30 5 weeks ago 108MB </code></pre> </div> <p>Once we have nginx image, we run the container with an exposed port.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker run <span class="nt">--name</span> nginx_test <span class="nt">-d</span> <span class="nt">-p</span> 80:80 nginx:1.13.7 66de8420687d0687f6c923269ccd1554c0d247f230dc3d064c10fcd8a099fb5d <span class="nv">$ </span>docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 66de8420687d nginx:1.13.7 <span class="s2">"nginx -g 'daemon of…"</span> 8 minutes ago Up 8 minutes 0.0.0.0:80-&gt;80/tcp nginx_test </code></pre> </div> <p>The <code>-d</code> in the command runs our container in <code>daemon</code> mode (in background) without blocking our shell.</p> <blockquote> <p>Note that the "PORTS" columns says <code>0.0.0.0:80-&gt;80/tcp</code> which means we have mapped and exposed the port 80 of our container to our host machine. Hence we should now be able to access nginx on localhost.</p> </blockquote> <p>We can see that here:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fishankhare.com%2Fmedia%2Fimages%2FScreenshot_from_2018-01-20_02-20-16.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fishankhare.com%2Fmedia%2Fimages%2FScreenshot_from_2018-01-20_02-20-16.png" alt="nginx welcome page"></a></p> <p>Stop the running container<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker stop nginx_test </code></pre> </div> <p>We got nginx working with a docker container. This was easy-peasy right?<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj9kvdf0c3x0yvshylk92.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fj9kvdf0c3x0yvshylk92.png"></a></p> <h3> docker-compose </h3> <p>We have more than one container, in our use case:</p> <ol> <li>nginx</li> <li>python</li> </ol> <p>Also we want to be able to link these containers somehow (more on this very shortly). What could be a possible, easy and efficient way to achieve this - Enter <code>docker-compose</code>. The official docker documentation describes <code>docker-compose</code> as</p> <blockquote> <p>Compose is a tool for defining and running multi-container Docker applications.</p> </blockquote> <p>Firstly, install docker compose by going through the <a href="https://docs.docker.com/compose/install/" rel="noopener noreferrer">instructions here</a></p> <p>Next, we'll write a <code>docker-compose.yml</code> file. First lets start by replicating our work until now, getting an nginx container working on localhost, but this time using <strong><code>docker-compose</code></strong></p> <h4> docker-compose.yml </h4> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">version</span><span class="pi">:</span> <span class="s1">'</span><span class="s">3.1'</span> <span class="na">services</span><span class="pi">:</span> <span class="na">nginx</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">nginx:1.13.7</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">80:80</span> </code></pre> </div> <p>Lets test it: <code>docker-compose up -d nginx</code>. You can now see on localhost the same nginx welcome page.<br> Also a <code>docker ps</code> will also give you a similar output.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES fc6308ec4ff6 nginx:1.13.7 <span class="s2">"nginx -g 'daemon of…"</span> 4 minutes ago Up 3 seconds 0.0.0.0:80-&gt;80/tcp code_nginx_1 </code></pre> </div> <p>Next step is to make our flask container and run it with docker-compose.</p> <h3> The python container </h3> <p>Let's pull the python container:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker pull python:3 </code></pre> </div> <p>Now let's write a <code>Dockerfile</code> for installling our dependencies for python.<br><br> <strong>Dockerfile</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="s"> python:3</span> <span class="k">RUN </span>pip <span class="nb">install </span>flask </code></pre> </div> <p>The build process will install all the dependencies of <code>flask</code> itself. Now that we can hook up the <code>Dockerfile</code> with a simple <code>hello world</code> flask program and make sure everything's working. We'll put this file inside <code>code</code> directory so that we are able to mount it in our container.</p> <p><strong>code/main.py</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">flask</span> <span class="kn">import</span> <span class="n">Flask</span> <span class="n">app</span> <span class="o">=</span> <span class="nc">Flask</span><span class="p">(</span><span class="n">__name__</span><span class="p">)</span> <span class="nd">@app.route</span><span class="p">(</span><span class="sh">'</span><span class="s">/</span><span class="sh">'</span><span class="p">)</span> <span class="k">def</span> <span class="nf">index</span><span class="p">():</span> <span class="k">return</span> <span class="sh">'</span><span class="s">Hello world!</span><span class="sh">'</span> </code></pre> </div> <p>Now let's set this up with <code>docker-compose</code> as well<br> <strong>docker-compose.yml</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">version</span><span class="pi">:</span> <span class="s1">'</span><span class="s">3.1'</span> <span class="na">services</span><span class="pi">:</span> <span class="na">nginx</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">nginx:1.13.7</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">nginx</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">80:80</span> <span class="na">flask</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="na">context</span><span class="pi">:</span> <span class="s">./</span> <span class="na">dockerfile</span><span class="pi">:</span> <span class="s">Dockerfile</span> <span class="na">image</span><span class="pi">:</span> <span class="s">flask:0.0.1</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">flask</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./:/code/</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">FLASK_APP=/code/main.py</span> <span class="na">command</span><span class="pi">:</span> <span class="s">flask run --host=0.0.0.0</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">8080:5000</span> </code></pre> </div> <p>Let's test it:<br> First stop the previous running container of nginx<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker stop &lt;your container name&gt; </code></pre> </div> <p>Now, lets start the cluster with <code>docker-compose</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker-compose up <span class="nt">-d</span> Starting flask ... Starting nginx ... <span class="k">done</span> <span class="nv">$ </span>docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f0f5bd9a2da1 nginx:1.13.7 <span class="s2">"nginx -g 'daemon of…"</span> About a minute ago Up 15 seconds 0.0.0.0:80-&gt;80/tcp nginx 9b065e02145b flask:0.0.1 <span class="s2">"flask run --host=0.…"</span> About a minute ago Up 15 seconds 0.0.0.0:8080-&gt;5000/tcp flask </code></pre> </div> <p>Now that we have both the <code>nginx</code> and <code>flask</code> containers running, we can verify that everything works fine in both the containers. All we need to do now is configure <code>nginx</code> to <strong>reverse proxy</strong> our <code>flask</code> container</p> <h3> Configuring nginx </h3> <p>We want to basically <a href="https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass" rel="noopener noreferrer"><code>proxy_pass</code></a> all our traffic coming at <code>/</code> to our <code>flask</code> container.</p> <p>lets start with our <code>nginx.conf</code> file<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight nginx"><code><span class="k">server</span> <span class="p">{</span> <span class="kn">listen</span> <span class="mi">80</span><span class="p">;</span> <span class="kn">server_name</span> <span class="s">localhost</span><span class="p">;</span> <span class="kn">location</span> <span class="n">/</span> <span class="p">{</span> <span class="kn">proxy_pass</span> <span class="s">http://flask-app:5000/</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Host</span> <span class="s">"localhost"</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>All we have done is:</p> <ol> <li>Declared the server layer, which tells to listen to port 80.</li> <li>Given the <code>server_name</code>, this is particularly useful when setting a domain name, in our case though localhost is fine enough.</li> <li>Next we come on <code>location directive</code> of nginx. We can have a <code>regex</code> pattern to match after the <code>location</code>. In our case though <code>/</code> is good enough. We are currently reverse-proxying <strong>entire</strong> content to flask app.</li> <li>The <code>proxy_pass</code> directive takes as argument the <code>url</code> to which we are proxying. In our case we will alias our flask container in the <code>docker network</code> as <code>flask-app</code>. This makes our flask app accessible at <code>http://flask-app:5000/</code> from inside the nginx container.</li> <li>The <code>proxy_set_header</code> will set the <code>__Host header__</code> for the request between our nginx and flask, this helps to avoid certain errors, specially if one is using Django instead of flask, the <code>ALLOWED_HOSTS</code> setting would require this <code>Host</code> header.</li> </ol> <p>we mount this file in our <code>nginx</code> container with the following line<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">nginx</span><span class="pi">:</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./nginx.conf:/etc/nginx/conf.d/default.conf</span> </code></pre> </div> <p>This will <strong>overwrite</strong> our default nginx configuration file inside the container.</p> <h3> Setting up docker network </h3> <p>At the bottom of <code>docker-compose</code> file, add this line:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">networks</span><span class="pi">:</span> <span class="na">my-network</span><span class="pi">:</span> </code></pre> </div> <p>In the <code>flask</code> section add the following lines:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">networks</span><span class="pi">:</span> <span class="na">my-network</span><span class="pi">:</span> <span class="na">aliases</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">flask-app</span> </code></pre> </div> <p>This has added both our containers to a network called <code>my-network</code> with the flask container available on that network with the alias <code>flask-app</code>. All we have to do now is list flask container as a dependency for <code>nginx</code> container, so that it automatically starts the flask app.</p> <p>Also note that now that we have completed the setup, we do not require to expose port for flask container, so we can get rid of the following lines from flask's section<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">8080:5000</span> </code></pre> </div> <h4> To sum up here are final versions of the files: </h4> <p>docker-compose.yml<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">version</span><span class="pi">:</span> <span class="s1">'</span><span class="s">3.1'</span> <span class="na">services</span><span class="pi">:</span> <span class="na">nginx</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">nginx:1.13.7</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">nginx</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">flask</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./nginx.conf:/etc/nginx/conf.d/default.conf</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">my-network</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">80:80</span> <span class="na">flask</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="na">context</span><span class="pi">:</span> <span class="s">./</span> <span class="na">dockerfile</span><span class="pi">:</span> <span class="s">Dockerfile</span> <span class="na">image</span><span class="pi">:</span> <span class="s">flask:0.0.1</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">flask</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./:/code/</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">FLASK_APP=/code/main.py</span> <span class="na">command</span><span class="pi">:</span> <span class="s">flask run --host=0.0.0.0</span> <span class="na">networks</span><span class="pi">:</span> <span class="na">my-network</span><span class="pi">:</span> <span class="na">aliases</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">flask-app</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">8080:5000</span> <span class="na">networks</span><span class="pi">:</span> <span class="na">my-network</span><span class="pi">:</span> </code></pre> </div> <p>Dockerfile<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="s"> python:3</span> <span class="k">RUN </span>pip <span class="nb">install </span>flask </code></pre> </div> <p>nginx.conf<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>server { listen 80; server_name localhost; location / { proxy_pass http://flask-app:5000/; proxy_set_header Host "localhost"; } } </code></pre> </div> <h3> Let's run it finally </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>docker-compose up <span class="nt">-d</span> nginx Starting flask ... <span class="k">done </span>Starting nginx ... <span class="k">done</span> <span class="nv">$ </span>docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 874454f2ceb1 nginx:1.13.7 <span class="s2">"nginx -g 'daemon of…"</span> 13 minutes ago Up 20 seconds 0.0.0.0:80-&gt;80/tcp nginx 502fc6cc9603 flask:0.0.1 <span class="s2">"flask run --host=0.…"</span> 6 weeks ago Up 23 seconds 0.0.0.0:8080-&gt;5000/tcp flask </code></pre> </div> <blockquote> <p>Note that since we listed flask as a dependency in nginx container, <code>docker-compose</code> first starts the flask container for us and then nginx. This works for a chain of such dependencies.</p> </blockquote> <p>This post was originally published on my blog <a href="//ishankhare.com">ishankhare.com</a></p> docker nginx reverseproxy Kubernetes internals Ishan Khare Fri, 08 Mar 2019 16:08:41 +0000 https://forem.com/ishankhare07/kubernetes-internals-14nk https://forem.com/ishankhare07/kubernetes-internals-14nk <p>In this blog post we are going to setup a kubernetes cluster with automated certificate generation using certbot. Will cover up some interesting concepts of kubernetes along the way, like:</p> <ul> <li><a href="https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/" rel="noopener noreferrer">Job controllers</a></li> <li><a href="https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer" rel="noopener noreferrer">Load balancer Service</a></li> <li><a href="https://kubernetes.io/docs/reference/access-authn-authz/rbac/" rel="noopener noreferrer">Role Based Access Control</a></li> <li><a href="https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/" rel="noopener noreferrer">In-Cluster kubernetes Access</a></li> </ul> <p>So let's get started.</p> <h4> Why do we need this? </h4> <p>When using a traditional <code>VM's/instances</code>, one has access to ssh into a fixed instance with an assigned and fixed public IP that the DNS can resolve to. Once the DNS is set to resolve your hostname to your instance, you can install certbot on it and generate the certs on that instance.</p> <p>With kubernetes, things get a bit tricky. You will still have a <b>set</b> of instances in your cluster, but they aren't directly accessible from outside the cluster. Plus you cannot preempt on which node your <code>nginx</code> or other ingress pod will be scheduled to run. Hence the most straight forward way to setup is doing everything through <code>kubernetes</code> and <code>docker</code>. This will also provide us with a few advantages:</p> <ul> <li>The cert generation process will be documented as part of the kubernetes manifest files and Dockerfiles</li> <li>Our solution would work for any number of pods and services. Basically we won't be bogged down due to issues arising because of scalability like when adding more pods or even adding more nodes to our cluster. Things will work seamlessly until we don't create a new cluster.</li> <li>Our solution will be platform independent, just like docker and kubernetes. It will work on any cloud provider GCP, AWS or even Azure(hopefully).</li> </ul> <blockquote> <p>I'll be using GCP for some parts of this blog post but replicating those parts on other cloud platforms is pretty straight forward.</p> </blockquote> <p>We'll start by reserving a static IP for our cluster and then forward a DNS record to that IP so that certbot can easily resolve to our cluster.<br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fishankhare.com%2Fmedia%2Fimages%2FScreenshot_2018-12-03_at_6.11.50_PM.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fishankhare.com%2Fmedia%2Fimages%2FScreenshot_2018-12-03_at_6.11.50_PM.png"></a> </p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fishankhare.com%2Fmedia%2Fimages%2FScreenshot_2018-12-03_at_6.14.04_PM.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fishankhare.com%2Fmedia%2Fimages%2FScreenshot_2018-12-03_at_6.14.04_PM.png"></a></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fishankhare.com%2Fmedia%2Fimages%2FScreenshot_2018-12-03_at_6.15.54_PM.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fishankhare.com%2Fmedia%2Fimages%2FScreenshot_2018-12-03_at_6.15.54_PM.png"></a></p> <blockquote> <p>Make sure to keep the region of the static IP and your cluster same.</p> </blockquote> <p>Now that we have the static IP, we can move on to the kubernetes part - the fun part.</p> <h4> The LoadBalancer service </h4> <p>The first thing that we setup is the load balancer service, we will then use this service to resolve to the pods running our certbot client and later on our own application pods.<br> Below is the YAML for our LoadBalancer service. It utilizes the static IP we created in the previous step.</p> <p><code>svc.yml</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Service</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">certbot-lb</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">certbot-lb</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">LoadBalancer</span> <span class="na">loadBalancerIP</span><span class="pi">:</span> <span class="s">X.X.X.X</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">port</span><span class="pi">:</span> <span class="m">80</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">http"</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">TCP</span> <span class="pi">-</span> <span class="na">port</span><span class="pi">:</span> <span class="m">443</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">tls"</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">TCP</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">certbot-generator</span> </code></pre> </div> <p>Most of it is self explanatory, few fields of interest are:</p> <ul> <li> <code>spec.type</code> : <code>LoadBalancer</code> - This spins up a <a href="https://cloud.google.com/load-balancing/" rel="noopener noreferrer">Google Cloud LoadBalancer</a> on GCP and <a href="https://aws.amazon.com/elasticloadbalancing/" rel="noopener noreferrer">AWS Elastic LoadBalancer</a> on AWS</li> <li> <code>spec.loadBalancerIP</code> - This assign the previously generated static IP to our <code>loadBalancer</code>, now all traffic coming to our IP address is funneled into this load balancer.</li> <li> <code>ports.port</code> - We opened 2 TCP ports, <code>port 80</code> and <code>port 443</code> for accepting HTTP and HTTPS traffic respectively.</li> <li> <code>spec.selector</code> - These are the set of labels that allow us to govern which pods can our loadBalancer resolve to. We'll later use the same set of labels in our <code>Job</code> and <code>Pod</code> templates</li> </ul> <p>Let's deploy this service to our cluster.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl apply <span class="nt">-f</span> svc.yml service <span class="s2">"certbot-lb"</span> created </code></pre> </div> <p>If we see the status of our service now, we should see this<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl get svc certbot-lb NAME TYPE CLUSTER-IP EXTERNAL-IP PORT<span class="o">(</span>S<span class="o">)</span> AGE certbot-lb LoadBalancer X.X.X.X X.X.X.X 80:30271/TCP,443:32224/TCP 1m </code></pre> </div> <blockquote> <p>If you're trying this on minikube, LoadBalancer service is not available. Besides, it makes no sense trying to generate a SSL cert on your local environment.</p> </blockquote> <p>Next we have to think about where to run our certbot container.</p> <h4> Job Controllers </h4> <p>The <a href="https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/" rel="noopener noreferrer">Job controllers</a> of kubernetes allows us to schedule pods which run to completion. That is, these are jobs that if finished without error, need not be run again in future. This is exactly what we want when generating SSL certs. Once the certbot process is done and has given us the certificates, we no longer need that container to be running. Also we don't want kubernetes to restart this pod when it exits. However we can ask kubernetes to automatically reschedule the pod in case is case the pod exists with a failure/error.</p> <p>So lets write a Job spec file that will generate the SSL cert for us using certbot. Certbot provides an <a href="https://store.docker.com/community/images/certbot/certbot" rel="noopener noreferrer">official docker container</a> that we can just reuse in our case.</p> <p><code>jobs.yml</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">batch/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Job</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">certbot</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">template</span><span class="pi">:</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">certbot-generator</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">certbot</span> <span class="na">image</span><span class="pi">:</span> <span class="s">certbot/certbot</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">certbot"</span><span class="pi">]</span> <span class="na">args</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">certonly"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">--noninteractive"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">--agree-tos"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">--staging"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">--standalone"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">-d"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">staging.ishankhare.com"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">-m"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">me@ishankhare.com"</span><span class="pi">]</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">80</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">443</span> <span class="na">restartPolicy</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Never"</span> </code></pre> </div> <p>Few important fields here are:</p> <ul> <li> <code>spec.template.metadata.labels</code> - This matches with the <code>spec.selector</code> specified in our <code>LoadBalancer</code> service. This brings our pod under our loadBalancer. Now everything coming on port 80 and 443 will be funneled to our pod.</li> <li> <code>spec.template.spec.containers[0].image</code> - The <code>certbot/certbot</code> docker image. Kubernetes will do a <code>docker pull certbot/certbot</code> on the server for us when scheduling this pod.</li> <li> <code>spec.template.spec.containers[0].command</code> - The command to run in the pod.</li> <li> <code>spec.template.spec.containers[0].args</code> - The arguments to the above command. We're using the standalone mode of certbot to generate the certs here as it makes things straightforward. You can read more about this command in <a href="https://certbot.eff.org/docs/" rel="noopener noreferrer">certbot docs</a> </li> <li> <code>spec.template.spec.containers[0].ports</code> - We've opened port 80 and 443 for our container.</li> </ul> <blockquote> <p>Before deploying this to our cluster, make sure that the domain you specify is actually pointing to the static IP we setup in the previous steps.</p> </blockquote> <p>Let's deploy this to our cluster:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl apply <span class="nt">-f</span> jobs.yml job.batch <span class="s2">"certbot"</span> created </code></pre> </div> <p>This <code>Job</code> will spin-up a single pod for us, we can get that:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl get pods NAME READY STATUS RESTARTS AGE certbot-sgd4w 1/1 Running 0 5s </code></pre> </div> <p>We can now see the STDOUT logs on this pod<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl logs <span class="nt">-f</span> certbot-sgd4w Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge <span class="k">for </span>staging.ishankhare.com Waiting <span class="k">for </span>verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/staging.ishankhare.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/staging.ishankhare.com/privkey.pem Your cert will expire on 2019-03-04. To obtain a new or tweaked version of this certificate <span class="k">in </span>the future, simply run certbot again. To non-interactively renew <span class="k">*</span>all<span class="k">*</span> of your certificates, run <span class="s2">"certbot renew"</span> - Your account credentials have been saved <span class="k">in </span>your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. </code></pre> </div> <p>After this, the certbot process exits without error and so does our pod. If we now list our pods<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl get pods NAME READY STATUS RESTARTS AGE certbot-sgd4w 0/1 Completed 0 45m </code></pre> </div> <p>We see only a single pod whose status is completed.</p> <blockquote> <p>We can add <code>.spec.ttlSecondsAfterFinish</code> to our <code>jobs.yml</code> like so:</p> <pre class="highlight yaml"><code><span class="na">spec</span><span class="pi">:</span> <span class="na">ttlSecondsAfterFinish</span><span class="pi">:</span> <span class="m">10</span> </code></pre> <p>This will automatically garbage collect our certbot pod after its finished.<br> Only supported in kubernetes v1.12 alpha. Hence not recommended right now.</p> </blockquote> <h4> Where to save the generated SSL certificate? </h4> <p>We currently have 2 options when it comes to saving the certs:</p> <ol> <li>Save it in a mounted volume. (Not recommended) <ul> <li>Would require a <code>PersistentVolume</code> and a <code>PersistentVolumeClaim</code> </li> <li>The certificate might be just a few KB in size, but the minimum volume size that GKE allots is <code>1Gi</code>. Hence this is highly inefficient.</li> </ul> </li> <li>Use <code>kubernetes Secrets</code>. (Recommended) <ul> <li>This would also require us to use kubernetes client's <code>in cluster configuration</code>, which is straightforward to use and is usually the recommended way in such cases.</li> <li>Would require us to setup <code>ClusterRole</code> and <code>ClusterRoleBinding</code>.</li> <li>Can be configured to allow specific access to specific people using the concept of <code>rbac</code> (RoleBasedAccessControl)</li> </ul> </li> </ol> <h4> Why in-cluster access? </h4> <p>To understand this, we need to go a little deeper into our current architecture.<br> Our current setup looks roughly like this:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fishankhare.com%2Fmedia%2Fimages%2FCluster_arch_33MMq8w.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fishankhare.com%2Fmedia%2Fimages%2FCluster_arch_33MMq8w.png" alt="Cluster Architecture"></a></p> <p>As we can see here, the certs generated by our <code>certbot</code> Job Controller Pod are already inside the cluster. We want these cert credentials to be stored on the secrets.</p> <p>When we fetch/create/modify secrets in normal flow, its usually done through the <code>kubectl</code> client like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl get secrets NAME TYPE DATA AGE default-token-hks8k kubernetes.io/service-account-token 3 1m <span class="nv">$ </span>kubectl create secret Create a secret using specified subcommand. Available Commands: docker-registry Create a secret <span class="k">for </span>use with a Docker registry generic Create a secret from a <span class="nb">local </span>file, directory or literal value tls Create a TLS secret Usage: kubectl create secret <span class="o">[</span>flags] <span class="o">[</span>options] </code></pre> </div> <p>But, in our case, we want to store these credentials as secrets from inside a <code>Pod</code> which is itself inside the cluster. This is exactly what I meant by in-cluster access above.</p> <h3> What all do we need for In-Cluster access? </h3> <ul> <li><a href="https://kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/" rel="noopener noreferrer">kube-proxy</a></li> <li><a href="https://kubernetes.io/docs/reference/kubectl/overview/" rel="noopener noreferrer">kubectl</a></li> <li><a href="https://kubernetes.io/docs/reference/access-authn-authz/rbac/" rel="noopener noreferrer">RBAC</a></li> </ul> <blockquote> <p>We'll need the first 2 mentioned above in the same Pod that is trying to access the secrets.<br> Hence its best to extend the <code>certbot/certbot</code> docker image with the above dependencies added in the container image itself.</p> </blockquote> <p>This will change our cluster architecture a bit. The image below shows the rough cluster arch with our modified setup.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fishankhare.com%2Fmedia%2Fimages%2FCluster_arch_with_kube.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fishankhare.com%2Fmedia%2Fimages%2FCluster_arch_with_kube.png" alt="Cluster Architecture with kube-proxy and kubectl"></a></p> <p>Let's first create our <code>Dockerfile</code> for our extended container:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="s"> certbot/certbot</span> <span class="k">COPY</span><span class="s"> ./script.sh /script.sh</span> <span class="k">RUN </span>wget https://storage.googleapis.com/kubernetes-release/release/v1.6.3/bin/linux/amd64/kubectl <span class="k">RUN </span><span class="nb">chmod</span> +x kubectl <span class="k">RUN </span><span class="nb">mv </span>kubectl /usr/local/bin <span class="k">ENTRYPOINT</span><span class="s"> /script.sh</span> </code></pre> </div> <blockquote> <p>We have also used an extra <code>script.sh</code> in our container. We'll use this script as our entrypoint instead of the default entrypoint of <code>certbot/certbot</code> image.<br> This allows us to start our auxiliary <code>kube-proxy</code> and use kubectl as we desire. We present the <code>script.sh</code> below:<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/sh</span> <span class="c"># start kube proxy</span> kubectl proxy &amp; certbot certonly <span class="nt">--noninteractive</span> <span class="nt">--force-renewal</span> <span class="nt">--agree-tos</span> <span class="nt">--staging</span> <span class="nt">--standalone</span> <span class="nt">-d</span> staging.ishankhare.com <span class="nt">-m</span> me@ishankhare.com kubectl create secret tls cert <span class="nt">--cert</span><span class="o">=</span>/etc/letsencrypt/live/staging.ishankhare.com/fullchain.pem <span class="se">\</span> <span class="nt">--key</span><span class="o">=</span>/etc/letsencrypt/live/staging.ishankhare.com/privkey.pem <span class="c"># kill the kubectl process running in background</span> <span class="nb">kill</span> %1 </code></pre> </div> <ul> <li>First we start our kube-proxy as a background process.</li> <li>Next we run our certbot command for generating the cert.</li> <li>The certbot command generates certs for us at <code>/etc/letsencrypt/live/staging.ishankhare.com/</code>, we now use these paths to create the <code>tls</code> type Secret using <code>kubectl create secret tls</code>. This command has the following syntax: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl create secret tls <span class="nt">-h</span> Create a TLS secret from the given public/private key pair. The public/private key pair must exist before hand. The public key certificate must be .PEM encoded and match the given private key. Examples: <span class="c"># Create a new TLS secret named tls-secret with the given key pair:</span> kubectl create secret tls tls-secret <span class="nt">--cert</span><span class="o">=</span>path/to/tls.cert <span class="nt">--key</span><span class="o">=</span>path/to/tls.key </code></pre> </div> <p>Hence our command above will create a secret named <code>cert</code></p> <ul> <li>Finally we kill our kube-proxy background process.</li> </ul> <h4> Update our jobs.yml </h4> <p>Since we are now using an updated Dockerfile with own own script as its entrypoint, we can modify the Job manifest file like below:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">batch/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Job</span> <span class="na">metadata</span><span class="pi">:</span> <span class="c1">#labels:</span> <span class="c1"># app: certbot-generator</span> <span class="na">name</span><span class="pi">:</span> <span class="s">certbot</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">template</span><span class="pi">:</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">certbot-generator</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">certbot</span> <span class="na">image</span><span class="pi">:</span> <span class="s">ishankhare07/certbot:0.0.6</span> <span class="s">- containerPort</span><span class="err">:</span> <span class="m">80</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">443</span> <span class="na">restartPolicy</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Never"</span> </code></pre> </div> <p>With this we are ready to run our job now.</p> <p>First verify that our LoadBalancer service is up:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT<span class="o">(</span>S<span class="o">)</span> AGE certbot-lb LoadBalancer 10.11.240.100 X.X.X.X 80:31855/TCP,443:32457/TCP 32m <span class="c"># delete our older job</span> <span class="nv">$ </span>kubectl delete job certbot job.batch <span class="s2">"certbot"</span> deleted </code></pre> </div> <p>Now we deploy our new Job file<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl apply <span class="nt">-f</span> jobs.yml job.batch <span class="s2">"certbot"</span> created <span class="c"># list the pod created for the job</span> <span class="nv">$ </span>kubectl get pods NAME READY STATUS RESTARTS AGE certbot-5nn5h 1/1 Running 0 3s <span class="c"># get STDOUT logs for this pod</span> <span class="nv">$ </span>kubectl logs <span class="nt">-f</span> certbot-5nn5h Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge <span class="k">for </span>staging.ishankhare.com Waiting <span class="k">for </span>verification... Cleaning up challenges Starting to serve on 127.0.0.1:8001IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/staging.ishankhare.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/staging.ishankhare.com/privkey.pem Your cert will expire on 2019-03-13. To obtain a new or tweaked version of this certificate <span class="k">in </span>the future, simply run certbot again. To non-interactively renew <span class="k">*</span>all<span class="k">*</span> of your certificates, run <span class="s2">"certbot renew"</span> - Your account credentials have been saved <span class="k">in </span>your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. Error from server <span class="o">(</span>Forbidden<span class="o">)</span>: secrets is forbidden: User <span class="s2">"system:serviceaccount:default:default"</span> cannot create secrets <span class="k">in </span>the namespace <span class="s2">"default"</span> </code></pre> </div> <p>The certificate generation was successful. But we cannot yet write to Secrets. The last line in the above output shows us that.</p> <blockquote> <p>Error from server (Forbidden): secrets is forbidden: User "system:serviceaccount:default:default" cannot create secrets in the namespace "default"</p> </blockquote> <p>Why is that? Because RBAC....</p> <p>RBAC or Role Based Access Control in kubernetes consists of 2 parts:</p> <ul> <li> <code>Role</code>/<code>ClusterRole</code> </li> <li> <code>RoleBinding</code>/<code>ClusterRoleBinding</code> </li> </ul> <p>We will be using <code>ClusterRole</code> and <code>ClusterRoleBinding</code> approach to provide cluster wide access to our Pod. More fine-grained, role-based access can be provided with the <code>Role</code> and <code>RoleBinding</code> approach which can be referred from the docs - <a href="https://kubernetes.io/docs/reference/access-authn-authz/rbac/" rel="noopener noreferrer">https://kubernetes.io/docs/reference/access-authn-authz/rbac/</a></p> <p>Let's create 2 files called <code>rbac-cr.yml</code> and <code>rbac-crb.yml</code> with the following contents:<br> <code>rbac-cr.yml</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">rbac.authorization.k8s.io/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">ClusterRole</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">default</span> <span class="na">name</span><span class="pi">:</span> <span class="s">secret-reader</span> <span class="na">rules</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">apiGroups</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">"</span><span class="pi">]</span> <span class="na">resources</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">secrets"</span><span class="pi">]</span> <span class="na">verbs</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">get"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">list"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">create"</span><span class="pi">]</span> </code></pre> </div> <p>This allows access to <code>Secrets</code>, in-particular to <code>get</code>, <code>list</code> and <code>create</code> Secrets. The last verb <code>create</code> is what concerns us.</p> <p><code>rbac-crb.yml</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">rbac.authorization.k8s.io/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">ClusterRoleBinding</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">secret-reader</span> <span class="na">subjects</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">User</span> <span class="na">name</span><span class="pi">:</span> <span class="s">&lt;your account here&gt;</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">default</span> <span class="pi">-</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">ServiceAccount</span> <span class="na">name</span><span class="pi">:</span> <span class="s">default</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">default</span> <span class="na">roleRef</span><span class="pi">:</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">ClusterRole</span> <span class="na">name</span><span class="pi">:</span> <span class="s">cluster-admin</span> <span class="na">apiGroup</span><span class="pi">:</span> <span class="s">rbac.authorization.k8s.io</span> </code></pre> </div> <p>Fields of interest here are <code>.subjects</code>. It is an array and we have defined two <code>kind</code>s in this.</p> <ol> <li> <code>kind: User</code> : This refers to the current user, who is executing these commands using kubectl. This is required so as to grant the current user enough permissions to grant the <code>.rules.resources</code> and <code>.rules.verbs</code> related access that we have defined in the <code>rbac-cr.yml</code> i.e. our <code>ClusterRole</code> definition.</li> <li> <code>kind: ServiceAccount</code> : This refers to the account use inside the cluster when our pod will be creating the secrets using the <code>kube-proxy</code>.</li> </ol> <p>We push this to our kubernetes cluster in this particular order <em>only</em>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl apply <span class="nt">-f</span> rbac-crb.yml clusterrolebinding.rbac.authorization.k8s.io <span class="s2">"secret-reader"</span> created <span class="nv">$ </span>kubectl apply <span class="nt">-f</span> rbac-cr.yml clusterrole.rbac.authorization.k8s.io <span class="s2">"secret-reader"</span> created </code></pre> </div> <p>The order is important, because we first need to create <code>ClusterRoleBinding</code> (defined in rbac-crb.yml) and then using that binding on our account, we are going to apply a <code>ClusterRole</code> (defined in rbac-cr.yml).</p> <h4> Finally re-run jobs.yml again </h4> <p>I say re-run because since previous job still exists:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl get <span class="nb">jobs </span>NAME DESIRED SUCCESSFUL AGE certbot 1 1 1h </code></pre> </div> <p>and because of this job, a stagnant Pod exists as well:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl get pods NAME READY STATUS RESTARTS AGE certbot-5nn5h 0/1 Completed 0 1h </code></pre> </div> <p>If we just try to apply our jobs.yml file now, kubernetes sees that nothing as changed in our yml manifest and chooses to take no action:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl apply <span class="nt">-f</span> jobs.yml job.batch <span class="s2">"certbot"</span> unchanged </code></pre> </div> <p>Hence we delete and apply our job from scratch:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl delete job certbot job.batch <span class="s2">"certbot"</span> deleted <span class="nv">$ </span>kubectl apply <span class="nt">-f</span> jobs.yml job.batch <span class="s2">"certbot"</span> created <span class="c"># get the pod created by the above job</span> <span class="nv">$ </span>kubectl get pods NAME READY STATUS RESTARTS AGE certbot-c9h6m 1/1 Running 0 2s </code></pre> </div> <p>We try to see the STDOUT logs of this container<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl logs <span class="nt">-f</span> certbot-c9h6m Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge <span class="k">for </span>staging.ishankhare.com Waiting <span class="k">for </span>verification... Cleaning up challenges Starting to serve on 127.0.0.1:8001IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/staging.ishankhare.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/staging.ishankhare.com/privkey.pem Your cert will expire on 2019-03-13. To obtain a new or tweaked version of this certificate <span class="k">in </span>the future, simply run certbot again. To non-interactively renew <span class="k">*</span>all<span class="k">*</span> of your certificates, run <span class="s2">"certbot renew"</span> - Your account credentials have been saved <span class="k">in </span>your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. secret <span class="s2">"cert"</span> created </code></pre> </div> <p>The last line says <code>secret "cert" created</code></p> <h3> Mission accomplished! </h3> <p>We can now see this recently created secret:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl get secret cert NAME TYPE DATA AGE cert kubernetes.io/tls 2 9m </code></pre> </div> <p>If you actually want to get the contents of the cert you can:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>kubectl get secret cert <span class="nt">-o</span> yaml <span class="o">&gt;</span> cert.yml <span class="c"># or</span> <span class="nv">$ </span>kubectl get secret cert <span class="nt">-o</span> json <span class="o">&gt;</span> cert.json </code></pre> </div> <blockquote> <p>It is always desirable to redirect the above streams to a file rather than printing them directly to the console.</p> </blockquote> <p>With this goal achieved, I'll wrap up this post here now. I'll be back with more posts soon detailing on:</p> <ol> <li>Options available for using these certificated once we have created them.</li> <li>Proper use of <code>Init Containers</code> along with the <code>Job Controllers</code> used in this post and our good old <code>Pods</code> and <code>Deployments</code> to see how we can make these interdependent services wait for the depending services to complete before spawning themselves.</li> </ol> <p>Do let me know what you think of this post and if you have any questions in the comments section below.</p> <p>This post was originally published on my blog <a href="//ishankhare.com">ishankhare.com</a></p> kubernetes jobs rbac inclusteraccess Let's implement a hashtable Ishan Khare Fri, 08 Mar 2019 15:58:20 +0000 https://forem.com/ishankhare07/you-think-you-understand-key-value-pairs-m7l https://forem.com/ishankhare07/you-think-you-understand-key-value-pairs-m7l <h3> How hashmaps work? </h3> <p>Okay, so lets start with what hashmaps are?<br> Hashmaps or hashtables are known by different names in different languages.</p> <ul> <li>Python has dict/dictionaries </li> <li>Ruby calls it Hash </li> <li>Java has hashmap </li> <li>C++ has unordered_map</li> <li>Even Javascript has maps, which is how basically objects are implemented in javascript. (just look at JSON)</li> </ul> <p>What the last point says about hashmaps being used to implement objects in Javascript is also true in case of Python, Ruby and a few others.</p> <p>So hashmaps/dicts/hashtables whatever you want to call them are basically key-value storage data structures. You pass in a value identified by a key, and you can get back the same value with that key - simple as that.</p> <p>So lets try and get hands on with how it looks in code.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">a</span> <span class="o">=</span> <span class="p">{}</span> <span class="c1"># add a key-value pair </span><span class="n">a</span><span class="p">[</span><span class="sh">'</span><span class="s">name</span><span class="sh">'</span><span class="p">]</span> <span class="o">=</span> <span class="sh">'</span><span class="s">ishan</span><span class="sh">'</span> <span class="c1"># lets see whats in there </span><span class="nf">print</span><span class="p">(</span><span class="n">a</span><span class="p">)</span> <span class="c1"># {'name': 'ishan'} </span> <span class="c1"># add more key-value pairs </span><span class="n">a</span><span class="p">[</span><span class="sh">'</span><span class="s">age</span><span class="sh">'</span><span class="p">]</span> <span class="o">=</span> <span class="mi">23</span> <span class="n">a</span><span class="p">[</span><span class="sh">'</span><span class="s">gender</span><span class="sh">'</span><span class="p">]</span> <span class="o">=</span> <span class="sh">'</span><span class="s">male</span><span class="sh">'</span> <span class="nf">print</span><span class="p">(</span><span class="n">a</span><span class="p">)</span> <span class="c1"># {'gender': 'male', 'age': 23, 'name': 'ishan'} </span> <span class="c1"># note above that the keys are not in the same order as we entered them, # this is because python's dictionaries are unordered # see https://stackoverflow.com/a/15479974/2972348 </span> <span class="c1"># get a specific value </span><span class="nf">print</span><span class="p">(</span><span class="n">a</span><span class="p">[</span><span class="sh">'</span><span class="s">name</span><span class="sh">'</span><span class="p">])</span> <span class="c1"># 'ishan' </span> <span class="c1"># let's update a value </span><span class="n">a</span><span class="p">[</span><span class="sh">'</span><span class="s">age</span><span class="sh">'</span><span class="p">]</span> <span class="o">=</span> <span class="mi">24</span> <span class="nf">print</span><span class="p">(</span><span class="n">a</span><span class="p">)</span> <span class="c1"># {'gender': 'male', 'age': 24, 'name': 'ishan'} </span> <span class="c1"># let's delete some values </span><span class="k">del</span> <span class="n">a</span><span class="p">[</span><span class="sh">'</span><span class="s">age</span><span class="sh">'</span><span class="p">]</span> <span class="nf">print</span><span class="p">(</span><span class="n">a</span><span class="p">)</span> <span class="c1"># {'gender': 'male', 'name': 'ishan'} </span></code></pre> </div> <p>That gives us the list of basic operations on a dict:</p> <ol> <li>insert</li> <li>fetch</li> <li>delete</li> </ol> <p>The same can be shown with Javascript:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">a</span> <span class="o">=</span> <span class="p">{}</span> <span class="nx">a</span><span class="p">[</span><span class="dl">'</span><span class="s1">name</span><span class="dl">'</span><span class="p">]</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">ishan</span><span class="dl">'</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">a</span><span class="p">)</span> <span class="c1">// { name: 'ishan' }</span> <span class="c1">// or the other way</span> <span class="nx">a</span><span class="p">.</span><span class="nx">age</span> <span class="o">=</span> <span class="mi">24</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">a</span><span class="p">)</span> <span class="c1">// { name: 'ishan', age: 24 }</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">a</span><span class="p">.</span><span class="nx">name</span><span class="p">)</span> <span class="c1">// ishan</span> <span class="k">delete</span> <span class="nx">a</span><span class="p">.</span><span class="nx">age</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="nx">a</span><span class="p">)</span> <span class="c1">// { name: 'ishan' }</span> </code></pre> </div> <p>Enough of examples now, lets get to see how these things work on the inside</p> <p>So, we will be implementing a simple hashtable in <a href="https://golang.org/" rel="noopener noreferrer">Golang</a>. If you haven’t heard or written code in Go, and are skeptical about understanding the code that follows - worry not, Go has a syntax very similar to C and Javascript. And if you can code (in a language), you’re gonna do just fine!</p> <h4> The building blocks </h4> <p>This image taken from wikipedia shows the basic structure of our hashtable. This will help us understand and break down the problem at hand better:<br><br> <a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fishankhare.com%2Fmedia%2Fimages%2FHash_table_3_1_1_0_1_0_0_SP.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fishankhare.com%2Fmedia%2Fimages%2FHash_table_3_1_1_0_1_0_0_SP.png"></a></p> <p>To summarize, we have:</p> <ul> <li>the hash function</li> <li>the linear array that the hash function maps to</li> <li>and the actual data nodes that hold our key-value pairs</li> </ul> <h4> The array </h4> <p>So lets start with our <strong><em>linear array</em></strong> to begin with. So we basically need a statically allocated array of some size n. This will be the array holding the pointer to our actual key value pairs. This is how our basic array will look like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> +----+ 1 | | +----+ 2 | | +----+ 3 | | +----+ 4 | | +----+ 5 | | +----+ 6 | | +----+ 7 | | +----+ 8 | | +----+ 9 | | +----+ 10| | +----+ </code></pre> </div> <p>Let us code this up in Go. To have a basic array inside our hashmap data type. This is going to be fairly easy to achieve.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="s">"fmt"</span> <span class="k">const</span> <span class="n">MAP_SIZE</span> <span class="o">=</span> <span class="m">50</span> <span class="k">type</span> <span class="n">HashMap</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Data</span> <span class="p">[]</span><span class="o">*</span><span class="kt">int</span> <span class="p">}</span> <span class="k">func</span> <span class="n">NewDict</span><span class="p">()</span> <span class="o">*</span><span class="n">HashMap</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">HashMap</span><span class="p">{}</span> <span class="p">}</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">a</span> <span class="o">:=</span> <span class="n">NewDict</span><span class="p">()</span> <span class="p">}</span> </code></pre> </div> <p>The above code is explained below:</p> <ol> <li>We declare the current file as main package with package main.</li> <li>We import a package called “fmt”, we’ll later use it to print things to terminal.</li> <li> <p>We declare a constant variable MAP_SIZE with value 50 . This will be the size of our linear array.</p> <blockquote> <p>For the sake of simplicity, we are assuming that we just have a fixed size array that we use for implementing our hashmap, and we don’t take resizing into account. Actual implementations do account for these things - which will be covered in a future blog post. For more info refer here.</p> </blockquote> </li> <li><p>Next we create a function NewDict that creates this array for us and returns a pointer to it.</p></li> </ol> <p>This completes our bare-bones structure for the array itself. But we are presented with the next challenge. Which is, how to represent the key-value pairs that contain our actual data and link it with our array.</p> <h4> Creating the nodes and linking with array </h4> <p>There is one problem in the code presented above — we have created an array of <strong><em>pointer to integer</em></strong> values. Basically the <code>Data []*int</code> on <strong>line8</strong>. This is wrong because we need to actually <strong>not</strong> point to integers but to <strong><em>some</em></strong> object that holds our key-value pairs. We don’t know what that object will be yet, but we know that it needs at least 2 fields — key and value. So lets go ahead and create this new object’s structure in our code.</p> <p>We add the following lines:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">Node</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">key</span> <span class="kt">string</span> <span class="n">value</span> <span class="kt">string</span> <span class="n">next</span> <span class="o">*</span><span class="n">Node</span> <span class="p">}</span> </code></pre> </div> <p>We create a structure to hold our key-value pairs and a <strong><em>pointer to a Node</em></strong> type. We will need this pointer later on in order to deal with hash conflicts. More on this later, for now just let it sit around there.</p> <p>Now since we want every index of our array to point to these <strong><em>Node</em></strong> type, we should change the type of our data array.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">HashMap</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Data</span> <span class="p">[]</span><span class="o">*</span><span class="n">Node</span> <span class="p">}</span> </code></pre> </div> <p>So at the end of these changes, this is how our code should look like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="s">"fmt"</span> <span class="k">const</span> <span class="n">MAP_SIZE</span> <span class="o">=</span> <span class="m">50</span> <span class="k">type</span> <span class="n">Node</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">key</span> <span class="kt">string</span> <span class="n">value</span> <span class="kt">string</span> <span class="n">next</span> <span class="o">*</span><span class="n">Node</span> <span class="p">}</span> <span class="k">type</span> <span class="n">HashMap</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Data</span> <span class="p">[]</span><span class="o">*</span><span class="n">Node</span> <span class="p">}</span> <span class="k">func</span> <span class="n">NewDict</span><span class="p">()</span> <span class="o">*</span><span class="n">HashMap</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">HashMap</span><span class="p">{</span> <span class="n">Data</span><span class="o">:</span> <span class="nb">make</span><span class="p">([]</span><span class="o">*</span><span class="n">Node</span><span class="p">,</span> <span class="n">MAP_SIZE</span><span class="p">)</span> <span class="p">}</span> <span class="c">// we initialize our array with make(), see </span> <span class="c">// https://golang.org/pkg/builtin/#make</span> <span class="p">}</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">a</span> <span class="o">:=</span> <span class="n">NewDict</span><span class="p">()</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"%q"</span><span class="p">,</span> <span class="n">a</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>If you run this program right now, you should see something like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="o">&amp;</span><span class="p">{[</span><span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span> <span class="o">&lt;</span><span class="no">nil</span><span class="o">&gt;</span><span class="p">]}</span> </code></pre> </div> <p>We have our hashmap object consisting of an <strong><em>array of 50 pointers</em></strong> each pointing to <code>&lt;nil&gt;</code> which is something equivalent to:</p> <ul> <li> <code>NULL</code> in C.</li> <li> <code>null</code> in Java.</li> <li> <code>None</code> in Python.</li> <li> <code>undefined</code> in Javascript.</li> </ul> <p>This is just as expected, we haven’t inserted any value in the hash table so all pointers are pointing to <code>null</code>/<code>nil</code> . Next we have to think about inserting objects into our hashmap.</p> <blockquote> <p>Before we could even reach that, we need to find a way to convert our keys to corresponding indexes on the array.</p> </blockquote> <p>A typical implementation of hash maps relies on a good hash function. The job of a hash function is to convert the value passed to it (in our current case, a string) and return an integer value representing an index on the array. And this integer value <strong><em>has to be the same every time</em></strong>.</p> <p>This means that if <code>hash("hello")</code> gives me <code>966170508347869221</code>, then every time I pass <code>"hello"</code> I should get the same <code>966170508347869221</code> as a return value.</p> <blockquote> <p>You can test the above mentioned code in the Python interpreter. Python has a builtin function <code>hash</code> that will return the hash value.</p> </blockquote> <p>But we cannot have index <code>966170508347869221</code> on our array. Currently we have only indexes <code>1-49</code> available. Hence we need to somehow bring it down to this range.</p> <h4> Modulo to the rescue </h4> <p>The simplest solution to this problem is using the modulo (<code>%</code>) operator. This operator gives us the remainder of the division performed. That is, if </p> <p><code>966170508347869221 / 50 = 19323410166957384 + 21</code> </p> <p>then <code>966170508347869221 % 50 = 21</code>. The remainder.</p> <p>But with this, we have another problem, there will be <em>keys</em> which will be mapped to the same index, hence we’ll get a hash collision.</p> <p>From this point on, we have 3 problems to solve at hand:</p> <ol> <li>How do you implement the hash function.</li> <li>Make the hash value fall in range of our array.</li> <li>How to manage hash collisions.</li> </ol> <blockquote> <p>Let’s start with the hash generation function first</p> </blockquote> <h4> Choosing a hash algorithm </h4> <p>Wikipedia has a list of many <strong><em>hash_functions</em></strong>. Which you can refer here <a href="https://en.wikipedia.org/wiki/List_of_hash_functions" rel="noopener noreferrer">https://en.wikipedia.org/wiki/List_of_hash_functions</a></p> <p>For our purpose, we’ll use a <a href="https://en.wikipedia.org/wiki/Jenkins_hash_function" rel="noopener noreferrer">Jenkins hash function</a>. It is a hash function that produces 32-bit hashes. The wikipedia article also has the implementation of the algorithm in C. We’ll just translate that to our go code.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">hash</span><span class="p">(</span><span class="n">key</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="n">hash</span> <span class="kt">uint32</span><span class="p">)</span> <span class="p">{</span> <span class="n">hash</span> <span class="o">=</span> <span class="m">0</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">ch</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">key</span> <span class="p">{</span> <span class="n">hash</span> <span class="o">+=</span> <span class="kt">uint32</span><span class="p">(</span><span class="n">ch</span><span class="p">)</span> <span class="n">hash</span> <span class="o">+=</span> <span class="n">hash</span> <span class="o">&lt;&lt;</span> <span class="m">10</span> <span class="n">hash</span> <span class="o">^=</span> <span class="n">hash</span> <span class="o">&gt;&gt;</span> <span class="m">6</span> <span class="p">}</span> <span class="n">hash</span> <span class="o">+=</span> <span class="n">hash</span> <span class="o">&lt;&lt;</span> <span class="m">3</span> <span class="n">hash</span> <span class="o">^=</span> <span class="n">hash</span> <span class="o">&gt;&gt;</span> <span class="m">11</span> <span class="n">hash</span> <span class="o">+=</span> <span class="n">hash</span> <span class="o">&lt;&lt;</span> <span class="m">15</span> <span class="k">return</span> <span class="p">}</span> </code></pre> </div> <p>The above function uses a named-return — see <a href="https://golang.org/doc/effective_go.html#named-results" rel="noopener noreferrer">https://golang.org/doc/effective_go.html#named-results</a></p> <p>With this in place our code should look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="s">"fmt"</span> <span class="k">const</span> <span class="n">MAP_SIZE</span> <span class="o">=</span> <span class="m">50</span> <span class="k">type</span> <span class="n">Node</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">key</span> <span class="kt">string</span> <span class="n">value</span> <span class="kt">string</span> <span class="n">next</span> <span class="o">*</span><span class="n">Node</span> <span class="p">}</span> <span class="k">type</span> <span class="n">HashMap</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Data</span> <span class="p">[]</span><span class="o">*</span><span class="n">Node</span> <span class="p">}</span> <span class="k">func</span> <span class="n">hash</span><span class="p">(</span><span class="n">key</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="n">hash</span> <span class="kt">uint32</span><span class="p">)</span> <span class="p">{</span> <span class="n">hash</span> <span class="o">=</span> <span class="m">0</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">ch</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">key</span> <span class="p">{</span> <span class="n">hash</span> <span class="o">+=</span> <span class="kt">uint32</span><span class="p">(</span><span class="n">ch</span><span class="p">)</span> <span class="n">hash</span> <span class="o">+=</span> <span class="n">hash</span> <span class="o">&lt;&lt;</span> <span class="m">10</span> <span class="n">hash</span> <span class="o">^=</span> <span class="n">hash</span> <span class="o">&gt;&gt;</span> <span class="m">6</span> <span class="p">}</span> <span class="n">hash</span> <span class="o">+=</span> <span class="n">hash</span> <span class="o">&lt;&lt;</span> <span class="m">3</span> <span class="n">hash</span> <span class="o">^=</span> <span class="n">hash</span> <span class="o">&gt;&gt;</span> <span class="m">11</span> <span class="n">hash</span> <span class="o">+=</span> <span class="n">hash</span> <span class="o">&lt;&lt;</span> <span class="m">15</span> <span class="k">return</span> <span class="p">}</span> <span class="k">func</span> <span class="n">NewDict</span><span class="p">()</span> <span class="o">*</span><span class="n">HashMap</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">HashMap</span><span class="p">{</span> <span class="n">Data</span><span class="o">:</span> <span class="nb">make</span><span class="p">([]</span><span class="o">*</span><span class="n">Node</span><span class="p">,</span> <span class="n">MAP_SIZE</span><span class="p">)</span> <span class="p">}</span> <span class="c">// we initialize our array with make(), see </span> <span class="c">// https://golang.org/pkg/builtin/#make</span> <span class="p">}</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">a</span> <span class="o">:=</span> <span class="n">NewDict</span><span class="p">()</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="n">a</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <h4> Mapping the hash to our array </h4> <p>Now that we have found our way to convert our keys to the hash value, we now need to make sure that this value falls within out array. For this we implement a <code>getIndex</code> function:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">getIndex</span><span class="p">(</span><span class="n">key</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="n">index</span> <span class="kt">int</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="kt">int</span><span class="p">(</span><span class="n">hash</span><span class="p">(</span><span class="n">key</span><span class="p">))</span> <span class="o">%</span> <span class="n">MAP_SIZE</span> <span class="p">}</span> </code></pre> </div> <p>With this in place, we have taken care of 2 of our 3 problem statements. The 3rd problem - managing collisions will be taken care of at a later stage. First we now need to focus on inserting the key-value pairs in our array. Lets write a function for that.</p> <h3> Insertion </h3> <p>The following function uses a <a href="https://tour.golang.org/methods/4" rel="noopener noreferrer">receiver</a>, which are a powerful feature of go.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="p">(</span><span class="n">h</span> <span class="o">*</span><span class="n">HashMap</span><span class="p">)</span> <span class="n">Insert</span><span class="p">(</span><span class="n">key</span> <span class="kt">string</span><span class="p">,</span> <span class="n">value</span> <span class="kt">string</span><span class="p">)</span> <span class="p">{</span> <span class="n">index</span> <span class="o">:=</span> <span class="n">getIndex</span><span class="p">(</span><span class="n">key</span><span class="p">)</span> <span class="k">if</span> <span class="n">h</span><span class="o">.</span><span class="n">Data</span><span class="p">[</span><span class="n">index</span><span class="p">]</span> <span class="o">==</span> <span class="no">nil</span> <span class="p">{</span> <span class="c">// index is empty, go ahead and insert</span> <span class="n">h</span><span class="o">.</span><span class="n">Data</span><span class="p">[</span><span class="n">index</span><span class="p">]</span> <span class="o">=</span> <span class="o">&amp;</span><span class="n">Node</span><span class="p">{</span><span class="n">key</span><span class="o">:</span> <span class="n">key</span><span class="p">,</span> <span class="n">value</span><span class="o">:</span> <span class="n">value</span><span class="p">}</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="c">// there is a collision, get into linked-list mode</span> <span class="n">starting_node</span> <span class="o">:=</span> <span class="n">h</span><span class="o">.</span><span class="n">Data</span><span class="p">[</span><span class="n">index</span><span class="p">]</span> <span class="k">for</span> <span class="p">;</span> <span class="n">starting_node</span><span class="o">.</span><span class="n">next</span> <span class="o">!=</span> <span class="no">nil</span><span class="p">;</span> <span class="n">starting_node</span> <span class="o">=</span> <span class="n">starting_node</span><span class="o">.</span><span class="n">next</span> <span class="p">{</span> <span class="k">if</span> <span class="n">starting_node</span><span class="o">.</span><span class="n">key</span> <span class="o">==</span> <span class="n">key</span> <span class="p">{</span> <span class="c">// the key exists, its a modifying operation</span> <span class="n">starting_node</span><span class="o">.</span><span class="n">value</span> <span class="o">=</span> <span class="n">value</span> <span class="k">return</span> <span class="p">}</span> <span class="p">}</span> <span class="n">starting_node</span><span class="o">.</span><span class="n">next</span> <span class="o">=</span> <span class="o">&amp;</span><span class="n">Node</span><span class="p">{</span><span class="n">key</span><span class="o">:</span> <span class="n">key</span><span class="p">,</span> <span class="n">value</span><span class="o">:</span> <span class="n">value</span><span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The code is mostly self explanatory, but we'll briefly go over it anyway.</p> <p>We first call <code>getIndex</code> with the <code>key</code>, which in-turns calls the <code>hash</code> function <strong><em>internally</em></strong>. This gives us the <code>index</code> on our array where we can store that key-value pair.</p> <p>Next we check if the index is empty, if yes - then we simply store the K-V Pair there. This would look something like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> +----+ 1 | | +----+ 2 | | +----+ +------------------+ 3 | * |----&gt;| Key: Value | +----+ | Next: nil | 4 | | +------------------+ +----+ 5 | | +----+ +------------------+ 6 | * |----&gt;| Key: Value | +----+ | Next: nil | 7 | | +------------------+ +----+ 8 | | +----+ 9 | | +----+ 10| | +----+ </code></pre> </div> <p>The above denotes the <code>if</code> part of our code - when there are no collisions. The else part of our code handles the collision.</p> <p>There are a few different ways of handling collisions in hashmaps:</p> <ol> <li>Separate chaining with linked lists</li> <li>Open addressing</li> <li>Double Hashing</li> </ol> <p>The current code in the else block handles collisions with the <strong>Separate chaining with linked lists</strong> technique.</p> <p>The linked list technique will result in a data structure very similar to the following image:</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fishankhare.com%2Fmedia%2Fimages%2FScreen_Shot_2018-08-17_at_3.13.40_PM.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fishankhare.com%2Fmedia%2Fimages%2FScreen_Shot_2018-08-17_at_3.13.40_PM.png"></a></p> <p>The two keys mapping to the same index - hence resulting in a collision are shown in red.</p> <p>Next we'll talk about retrieving the value back from our hashtable</p> <h4> Fetch </h4> <p>The next basic operation on hashmaps that we are going to look at is <code>Fetch</code>. Fetch is fairly simple and identical to insert - we pass our <code>key</code> as input to the hash function and get a hash value, which is then mapped to our array using the <code>getIndex</code> function.</p> <p>We can then have 3 possible outcomes:</p> <ol> <li>We check if the <code>key</code> on that index is matching the we are looking for - if yes, then we have our match.</li> <li>If the key does not match, we check if its next value is <strong>not</strong> <code>nil</code> - basically checking for collision and find that element in the <em>separate chained linked list</em> </li> <li>If both of the above conditions fail, we concur that the requested key does not exist in our hashtable.</li> </ol> <p>The code implementing the above explanation is shown below:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="p">(</span><span class="n">h</span> <span class="o">*</span><span class="n">HashMap</span><span class="p">)</span> <span class="n">Get</span><span class="p">(</span><span class="n">key</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="kt">string</span><span class="p">,</span> <span class="kt">bool</span><span class="p">)</span> <span class="p">{</span> <span class="n">index</span> <span class="o">:=</span> <span class="n">getIndex</span><span class="p">(</span><span class="n">key</span><span class="p">)</span> <span class="k">if</span> <span class="n">h</span><span class="o">.</span><span class="n">Data</span><span class="p">[</span><span class="n">index</span><span class="p">]</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="c">// key is on this index, but might be somewhere in linked list</span> <span class="n">starting_node</span> <span class="o">:=</span> <span class="n">h</span><span class="o">.</span><span class="n">Data</span><span class="p">[</span><span class="n">index</span><span class="p">]</span> <span class="k">for</span> <span class="p">;</span> <span class="p">;</span> <span class="n">starting_node</span> <span class="o">=</span> <span class="n">starting_node</span><span class="o">.</span><span class="n">next</span> <span class="p">{</span> <span class="k">if</span> <span class="n">starting_node</span><span class="o">.</span><span class="n">key</span> <span class="o">==</span> <span class="n">key</span> <span class="p">{</span> <span class="c">// key matched</span> <span class="k">return</span> <span class="n">starting_node</span><span class="o">.</span><span class="n">value</span><span class="p">,</span> <span class="no">true</span> <span class="p">}</span> <span class="k">if</span> <span class="n">starting_node</span><span class="o">.</span><span class="n">next</span> <span class="o">==</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">break</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="c">// key does not exists</span> <span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="no">false</span> <span class="p">}</span> </code></pre> </div> <blockquote> <p>The above code uses golang's <a href="https://gobyexample.com/multiple-return-values" rel="noopener noreferrer">multiple return values</a> feature.</p> </blockquote> <p>With this in place, we'll write the main function and test these operations that we have implemented.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">a</span> <span class="o">:=</span> <span class="n">NewDict</span><span class="p">()</span> <span class="n">a</span><span class="o">.</span><span class="n">Insert</span><span class="p">(</span><span class="s">"name"</span><span class="p">,</span> <span class="s">"ishan"</span><span class="p">)</span> <span class="n">a</span><span class="o">.</span><span class="n">Insert</span><span class="p">(</span><span class="s">"gender"</span><span class="p">,</span> <span class="s">"male"</span><span class="p">)</span> <span class="n">a</span><span class="o">.</span><span class="n">Insert</span><span class="p">(</span><span class="s">"city"</span><span class="p">,</span> <span class="s">"mumbai"</span><span class="p">)</span> <span class="n">a</span><span class="o">.</span><span class="n">Insert</span><span class="p">(</span><span class="s">"lastname"</span><span class="p">,</span> <span class="s">"khare"</span><span class="p">)</span> <span class="k">if</span> <span class="n">value</span><span class="p">,</span> <span class="n">ok</span> <span class="o">:=</span> <span class="n">a</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="s">"name"</span><span class="p">);</span> <span class="n">ok</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="n">value</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"Value did not match!"</span><span class="p">)</span> <span class="p">}</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="n">a</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>Also lets add a convenience function that allows us to print our hashmap in the desired format.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="p">(</span><span class="n">h</span> <span class="o">*</span><span class="n">HashMap</span><span class="p">)</span> <span class="n">String</span><span class="p">()</span> <span class="kt">string</span> <span class="p">{</span> <span class="k">var</span> <span class="n">output</span> <span class="n">bytes</span><span class="o">.</span><span class="n">Buffer</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Fprintln</span><span class="p">(</span><span class="o">&amp;</span><span class="n">output</span><span class="p">,</span> <span class="s">"{"</span><span class="p">)</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">n</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">h</span><span class="o">.</span><span class="n">Data</span> <span class="p">{</span> <span class="k">if</span> <span class="n">n</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Fprintf</span><span class="p">(</span><span class="o">&amp;</span><span class="n">output</span><span class="p">,</span> <span class="s">"</span><span class="se">\t</span><span class="s">%s: %s</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">n</span><span class="o">.</span><span class="n">key</span><span class="p">,</span> <span class="n">n</span><span class="o">.</span><span class="n">value</span><span class="p">)</span> <span class="k">for</span> <span class="n">node</span> <span class="o">:=</span> <span class="n">n</span><span class="o">.</span><span class="n">next</span><span class="p">;</span> <span class="n">node</span> <span class="o">!=</span> <span class="no">nil</span><span class="p">;</span> <span class="n">node</span> <span class="o">=</span> <span class="n">node</span><span class="o">.</span><span class="n">next</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Fprintf</span><span class="p">(</span><span class="o">&amp;</span><span class="n">output</span><span class="p">,</span> <span class="s">"</span><span class="se">\t</span><span class="s">%s: %s</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">node</span><span class="o">.</span><span class="n">key</span><span class="p">,</span> <span class="n">node</span><span class="o">.</span><span class="n">value</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Fprintln</span><span class="p">(</span><span class="o">&amp;</span><span class="n">output</span><span class="p">,</span> <span class="s">"}"</span><span class="p">)</span> <span class="k">return</span> <span class="n">output</span><span class="o">.</span><span class="n">String</span><span class="p">()</span> <span class="p">}</span> </code></pre> </div> <p>This overrides the default print output for our defined <code>HashMap</code> type.</p> <blockquote> <p>The above method is just a convenience method used for printing the entire hashmap in a pretty format. It is in no way required for proper functioning of the data structure</p> </blockquote> <p>To sum it up, here's our final code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"fmt"</span> <span class="s">"bytes"</span> <span class="p">)</span> <span class="k">const</span> <span class="n">MAP_SIZE</span> <span class="o">=</span> <span class="m">10</span> <span class="k">type</span> <span class="n">Node</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">key</span> <span class="kt">string</span> <span class="n">value</span> <span class="kt">string</span> <span class="n">next</span> <span class="o">*</span><span class="n">Node</span> <span class="p">}</span> <span class="k">type</span> <span class="n">HashMap</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Data</span> <span class="p">[]</span><span class="o">*</span><span class="n">Node</span> <span class="p">}</span> <span class="k">func</span> <span class="n">NewDict</span><span class="p">()</span> <span class="o">*</span><span class="n">HashMap</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">HashMap</span><span class="p">{</span> <span class="n">Data</span><span class="o">:</span> <span class="nb">make</span><span class="p">([]</span><span class="o">*</span><span class="n">Node</span><span class="p">,</span> <span class="n">MAP_SIZE</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">n</span> <span class="o">*</span><span class="n">Node</span><span class="p">)</span> <span class="n">String</span><span class="p">()</span> <span class="kt">string</span> <span class="p">{</span> <span class="k">return</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"&lt;Key: %s, Value: %s&gt;</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">n</span><span class="o">.</span><span class="n">key</span><span class="p">,</span> <span class="n">n</span><span class="o">.</span><span class="n">value</span><span class="p">)</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">h</span> <span class="o">*</span><span class="n">HashMap</span><span class="p">)</span> <span class="n">String</span><span class="p">()</span> <span class="kt">string</span> <span class="p">{</span> <span class="k">var</span> <span class="n">output</span> <span class="n">bytes</span><span class="o">.</span><span class="n">Buffer</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Fprintln</span><span class="p">(</span><span class="o">&amp;</span><span class="n">output</span><span class="p">,</span> <span class="s">"{"</span><span class="p">)</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">n</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">h</span><span class="o">.</span><span class="n">Data</span> <span class="p">{</span> <span class="k">if</span> <span class="n">n</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Fprintf</span><span class="p">(</span><span class="o">&amp;</span><span class="n">output</span><span class="p">,</span> <span class="s">"</span><span class="se">\t</span><span class="s">%s: %s</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">n</span><span class="o">.</span><span class="n">key</span><span class="p">,</span> <span class="n">n</span><span class="o">.</span><span class="n">value</span><span class="p">)</span> <span class="k">for</span> <span class="n">node</span> <span class="o">:=</span> <span class="n">n</span><span class="o">.</span><span class="n">next</span><span class="p">;</span> <span class="n">node</span> <span class="o">!=</span> <span class="no">nil</span><span class="p">;</span> <span class="n">node</span> <span class="o">=</span> <span class="n">node</span><span class="o">.</span><span class="n">next</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Fprintf</span><span class="p">(</span><span class="o">&amp;</span><span class="n">output</span><span class="p">,</span> <span class="s">"</span><span class="se">\t</span><span class="s">%s: %s</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">node</span><span class="o">.</span><span class="n">key</span><span class="p">,</span> <span class="n">node</span><span class="o">.</span><span class="n">value</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Fprintln</span><span class="p">(</span><span class="o">&amp;</span><span class="n">output</span><span class="p">,</span> <span class="s">"}"</span><span class="p">)</span> <span class="k">return</span> <span class="n">output</span><span class="o">.</span><span class="n">String</span><span class="p">()</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">h</span> <span class="o">*</span><span class="n">HashMap</span><span class="p">)</span> <span class="n">Insert</span><span class="p">(</span><span class="n">key</span> <span class="kt">string</span><span class="p">,</span> <span class="n">value</span> <span class="kt">string</span><span class="p">)</span> <span class="p">{</span> <span class="n">index</span> <span class="o">:=</span> <span class="n">getIndex</span><span class="p">(</span><span class="n">key</span><span class="p">)</span> <span class="k">if</span> <span class="n">h</span><span class="o">.</span><span class="n">Data</span><span class="p">[</span><span class="n">index</span><span class="p">]</span> <span class="o">==</span> <span class="no">nil</span> <span class="p">{</span> <span class="c">// index is empty, go ahead and insert</span> <span class="n">h</span><span class="o">.</span><span class="n">Data</span><span class="p">[</span><span class="n">index</span><span class="p">]</span> <span class="o">=</span> <span class="o">&amp;</span><span class="n">Node</span><span class="p">{</span><span class="n">key</span><span class="o">:</span> <span class="n">key</span><span class="p">,</span> <span class="n">value</span><span class="o">:</span> <span class="n">value</span><span class="p">}</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="c">// there is a collision, get into linked-list mode</span> <span class="n">starting_node</span> <span class="o">:=</span> <span class="n">h</span><span class="o">.</span><span class="n">Data</span><span class="p">[</span><span class="n">index</span><span class="p">]</span> <span class="k">for</span> <span class="p">;</span> <span class="n">starting_node</span><span class="o">.</span><span class="n">next</span> <span class="o">!=</span> <span class="no">nil</span><span class="p">;</span> <span class="n">starting_node</span> <span class="o">=</span> <span class="n">starting_node</span><span class="o">.</span><span class="n">next</span> <span class="p">{</span> <span class="k">if</span> <span class="n">starting_node</span><span class="o">.</span><span class="n">key</span> <span class="o">==</span> <span class="n">key</span> <span class="p">{</span> <span class="c">// the key exists, its a modifying operation</span> <span class="n">starting_node</span><span class="o">.</span><span class="n">value</span> <span class="o">=</span> <span class="n">value</span> <span class="k">return</span> <span class="p">}</span> <span class="p">}</span> <span class="n">starting_node</span><span class="o">.</span><span class="n">next</span> <span class="o">=</span> <span class="o">&amp;</span><span class="n">Node</span><span class="p">{</span><span class="n">key</span><span class="o">:</span> <span class="n">key</span><span class="p">,</span> <span class="n">value</span><span class="o">:</span> <span class="n">value</span><span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">h</span> <span class="o">*</span><span class="n">HashMap</span><span class="p">)</span> <span class="n">Get</span><span class="p">(</span><span class="n">key</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="kt">string</span><span class="p">,</span> <span class="kt">bool</span><span class="p">)</span> <span class="p">{</span> <span class="n">index</span> <span class="o">:=</span> <span class="n">getIndex</span><span class="p">(</span><span class="n">key</span><span class="p">)</span> <span class="k">if</span> <span class="n">h</span><span class="o">.</span><span class="n">Data</span><span class="p">[</span><span class="n">index</span><span class="p">]</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="c">// key is on this index, but might be somewhere in linked list</span> <span class="n">starting_node</span> <span class="o">:=</span> <span class="n">h</span><span class="o">.</span><span class="n">Data</span><span class="p">[</span><span class="n">index</span><span class="p">]</span> <span class="k">for</span> <span class="p">;</span> <span class="p">;</span> <span class="n">starting_node</span> <span class="o">=</span> <span class="n">starting_node</span><span class="o">.</span><span class="n">next</span> <span class="p">{</span> <span class="k">if</span> <span class="n">starting_node</span><span class="o">.</span><span class="n">key</span> <span class="o">==</span> <span class="n">key</span> <span class="p">{</span> <span class="c">// key matched</span> <span class="k">return</span> <span class="n">starting_node</span><span class="o">.</span><span class="n">value</span><span class="p">,</span> <span class="no">true</span> <span class="p">}</span> <span class="k">if</span> <span class="n">starting_node</span><span class="o">.</span><span class="n">next</span> <span class="o">==</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">break</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="c">// key does not exists</span> <span class="k">return</span> <span class="s">""</span><span class="p">,</span> <span class="no">false</span> <span class="p">}</span> <span class="k">func</span> <span class="n">hash</span><span class="p">(</span><span class="n">key</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="n">hash</span> <span class="kt">uint8</span><span class="p">)</span> <span class="p">{</span> <span class="c">// a jenkins one-at-a-time-hash</span> <span class="c">// refer https://en.wikipedia.org/wiki/Jenkins_hash_function</span> <span class="n">hash</span> <span class="o">=</span> <span class="m">0</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">ch</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">key</span> <span class="p">{</span> <span class="n">hash</span> <span class="o">+=</span> <span class="kt">uint8</span><span class="p">(</span><span class="n">ch</span><span class="p">)</span> <span class="n">hash</span> <span class="o">+=</span> <span class="n">hash</span> <span class="o">&lt;&lt;</span> <span class="m">10</span> <span class="n">hash</span> <span class="o">^=</span> <span class="n">hash</span> <span class="o">&gt;&gt;</span> <span class="m">6</span> <span class="p">}</span> <span class="n">hash</span> <span class="o">+=</span> <span class="n">hash</span> <span class="o">&lt;&lt;</span> <span class="m">3</span> <span class="n">hash</span> <span class="o">^=</span> <span class="n">hash</span> <span class="o">&gt;&gt;</span> <span class="m">11</span> <span class="n">hash</span> <span class="o">+=</span> <span class="n">hash</span> <span class="o">&lt;&lt;</span> <span class="m">15</span> <span class="k">return</span> <span class="p">}</span> <span class="k">func</span> <span class="n">getIndex</span><span class="p">(</span><span class="n">key</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="n">index</span> <span class="kt">int</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="kt">int</span><span class="p">(</span><span class="n">hash</span><span class="p">(</span><span class="n">key</span><span class="p">))</span> <span class="o">%</span> <span class="n">MAP_SIZE</span> <span class="p">}</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">a</span> <span class="o">:=</span> <span class="n">NewDict</span><span class="p">()</span> <span class="n">a</span><span class="o">.</span><span class="n">Insert</span><span class="p">(</span><span class="s">"name"</span><span class="p">,</span> <span class="s">"ishan"</span><span class="p">)</span> <span class="n">a</span><span class="o">.</span><span class="n">Insert</span><span class="p">(</span><span class="s">"gender"</span><span class="p">,</span> <span class="s">"male"</span><span class="p">)</span> <span class="n">a</span><span class="o">.</span><span class="n">Insert</span><span class="p">(</span><span class="s">"city"</span><span class="p">,</span> <span class="s">"mumbai"</span><span class="p">)</span> <span class="n">a</span><span class="o">.</span><span class="n">Insert</span><span class="p">(</span><span class="s">"lastname"</span><span class="p">,</span> <span class="s">"khare"</span><span class="p">)</span> <span class="k">if</span> <span class="n">value</span><span class="p">,</span> <span class="n">ok</span> <span class="o">:=</span> <span class="n">a</span><span class="o">.</span><span class="n">Get</span><span class="p">(</span><span class="s">"name"</span><span class="p">);</span> <span class="n">ok</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="n">value</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"Value did not match!"</span><span class="p">)</span> <span class="p">}</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="n">a</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <h4> Running </h4> <p>On running the above code, we get the following output:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>ishan { city: mumbai name: ishan lastname: khare gender: male } </code></pre> </div> <ul> <li>The first line is the value of our key <code>name</code>.</li> <li>The output from 2nd line onwards is basically our custom-coded pretty-print function that outputs our entire hashmap.</li> </ul> <p>If you're interested in running/experimenting with this code, please feel free to fork the following repl. You can also play around on this webpage interactively.</p> <p>Our current implementation only supports strings as keys. In the next blog post we'll talk about how we can make this a more generic implementation.</p> <p>This post was originally published on my blog at ishankhare.com</p> go hashmaps dictionaries datastructures