Push events to ingress about domain conditions via driver (#730)

Author: alex-bezek

cmd/api-manager.go

@@ -486,6 +486,7 @@ func getK8sResourceDriver(ctx context.Context, mgr manager.Manager, options apiM
 		managerdriver.WithClusterDomain(options.clusterDomain),
 		managerdriver.WithDisableGatewayReferenceGrants(options.disableGatewayReferenceGrants),
 		managerdriver.WithDefaultDomainReclaimPolicy(defaultDomainReclaimPolicy),
+		managerdriver.WithEventRecorder(mgr.GetEventRecorderFor("k8s-resource-driver")),
 	}
 
 	if tcpRouteCRDInstalled {

internal/testutils/k8s-resources.go

@@ -48,39 +48,46 @@ func NewTestIngressV1WithClass(name string, namespace string, ingressClass strin
 	return i
 }
 
-func NewTestIngressV1(name string, namespace string) *netv1.Ingress {
-	return &netv1.Ingress{
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      name,
-			Namespace: namespace,
-		},
-		Spec: netv1.IngressSpec{
-			Rules: []netv1.IngressRule{
-				{
-					Host: "example.com",
-					IngressRuleValue: netv1.IngressRuleValue{
-						HTTP: &netv1.HTTPIngressRuleValue{
-							Paths: []netv1.HTTPIngressPath{
-								{
-									Path: "/",
-									Backend: netv1.IngressBackend{
-										Service: &netv1.IngressServiceBackend{
-											Name: "example",
-											Port: netv1.ServiceBackendPort{
-												Number: 80,
-											},
-										},
+// NewTestIngressV1WithHosts creates an ingress with the specified hosts.
+func NewTestIngressV1WithHosts(name string, namespace string, hosts ...string) *netv1.Ingress {
+	rules := make([]netv1.IngressRule, 0, len(hosts))
+	for _, host := range hosts {
+		rules = append(rules, netv1.IngressRule{
+			Host: host,
+			IngressRuleValue: netv1.IngressRuleValue{
+				HTTP: &netv1.HTTPIngressRuleValue{
+					Paths: []netv1.HTTPIngressPath{
+						{
+							Path: "/",
+							Backend: netv1.IngressBackend{
+								Service: &netv1.IngressServiceBackend{
+									Name: "example",
+									Port: netv1.ServiceBackendPort{
+										Number: 80,
 									},
 								},
 							},
 						},
 					},
 				},
 			},
+		})
+	}
+	return &netv1.Ingress{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      name,
+			Namespace: namespace,
+		},
+		Spec: netv1.IngressSpec{
+			Rules: rules,
 		},
 	}
 }
 
+func NewTestIngressV1(name string, namespace string) *netv1.Ingress {
+	return NewTestIngressV1WithHosts(name, namespace, "example.com")
+}
+
 func NewTestServiceV1(name string, namespace string) *corev1.Service {
 	return &corev1.Service{
 		ObjectMeta: metav1.ObjectMeta{
@@ -100,8 +107,26 @@ func NewTestServiceV1(name string, namespace string) *corev1.Service {
 	}
 }
 
-func NewDomainV1(name string, namespace string) *ingressv1alpha1.Domain {
-	return &ingressv1alpha1.Domain{
+type DomainOpt func(*ingressv1alpha1.Domain)
+
+// WithDomainStatusCondition adds a condition to the domain's status.
+func WithDomainStatusCondition(condition metav1.Condition) DomainOpt {
+	return func(d *ingressv1alpha1.Domain) {
+		d.Status.Conditions = append(d.Status.Conditions, condition)
+	}
+}
+
+// WithDomainReadyCondition is a convenience helper that sets the Ready condition.
+func WithDomainReadyCondition(status metav1.ConditionStatus, message string) DomainOpt {
+	return WithDomainStatusCondition(metav1.Condition{
+		Type:    "Ready",
+		Status:  status,
+		Message: message,
+	})
+}
+
+func NewDomainV1(name string, namespace string, opts ...DomainOpt) *ingressv1alpha1.Domain {
+	d := &ingressv1alpha1.Domain{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      ingressv1alpha1.HyphenatedDomainNameFromURL(name),
 			Namespace: namespace,
@@ -110,6 +135,10 @@ func NewDomainV1(name string, namespace string) *ingressv1alpha1.Domain {
 			Domain: name,
 		},
 	}
+	for _, opt := range opts {
+		opt(d)
+	}
+	return d
 }
 
 // RandomName generates a random name with the given prefix. The random part is 5 characters long.
@@ -319,3 +348,13 @@ func FindCondition(conditions []metav1.Condition, condType string) *metav1.Condi
 	}
 	return nil
 }
+
+// NewDomainMap creates a map of domain name to Domain objects, useful for testing
+// functions that operate on domain lookups.
+func NewDomainMap(domains ...*ingressv1alpha1.Domain) map[string]ingressv1alpha1.Domain {
+	result := make(map[string]ingressv1alpha1.Domain, len(domains))
+	for _, d := range domains {
+		result[d.Spec.Domain] = *d
+	}
+	return result
+}

pkg/managerdriver/driver.go

@@ -17,6 +17,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/client-go/tools/record"
 	"k8s.io/client-go/util/retry"
 	"k8s.io/utils/ptr"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -67,6 +68,8 @@ type Driver struct {
 	disableGatewayReferenceGrants bool
 
 	defaultDomainReclaimPolicy *ingressv1alpha1.DomainReclaimPolicy
+
+	recorder record.EventRecorder
 }
 
 type DriverOpt func(*Driver)
@@ -113,6 +116,12 @@ func WithDefaultDomainReclaimPolicy(policy ingressv1alpha1.DomainReclaimPolicy)
 	}
 }
 
+func WithEventRecorder(recorder record.EventRecorder) DriverOpt {
+	return func(d *Driver) {
+		d.recorder = recorder
+	}
+}
+
 // NewDriver creates a new driver with a basic logger and cache store setup
 func NewDriver(logger logr.Logger, scheme *runtime.Scheme, controllerName string, managerName types.NamespacedName, opts ...DriverOpt) *Driver {
 	cacheStores := store.NewCacheStores(logger)
@@ -648,6 +657,8 @@ func (d *Driver) updateStatuses(ctx context.Context, c client.Client) error {
 // updateIngressesStatuses iterates over all ingresses and updates their statuses if
 // they need it. It does this by calculating the domains for each ingress and checking
 // against the DomainCRs CNAMETargets to propery set the LoadBalancer.Ingress status.
+// It also records events to ingresses based on domain Ready conditions to help users
+// understand domain-related issues without needing to inspect the Domain CRs directly.
 func (d *Driver) updateIngressStatuses(ctx context.Context, c client.Client) error {
 	domains, err := getDomainsByDomain(ctx, c)
 	if err != nil {
@@ -662,6 +673,9 @@ func (d *Driver) updateIngressStatuses(ctx context.Context, c client.Client) err
 			continue
 		}
 
+		// Record events from domain Ready conditions to help users understand domain issues
+		d.recordDomainEventsForIngress(ingress, domains)
+
 		newLBIPStatus := calculateIngressLoadBalancerIPStatus(ingress, domains)
 		if reflect.DeepEqual(ingress.Status.LoadBalancer.Ingress, newLBIPStatus) {
 			continue
@@ -691,6 +705,38 @@ func (d *Driver) updateIngressStatuses(ctx context.Context, c client.Client) err
 	return g.Wait()
 }
 
+// recordDomainEventsForIngress records events to the ingress based on the Ready condition
+// of its associated domains. This helps users understand domain-related issues (e.g., using
+// an invalid domain on a free account) without needing to inspect Domain CRs directly.
+func (d *Driver) recordDomainEventsForIngress(ingress *netv1.Ingress, domains map[string]ingressv1alpha1.Domain) {
+	if d.recorder == nil {
+		return
+	}
+
+	for _, rule := range ingress.Spec.Rules {
+		domain, ok := domains[rule.Host]
+		if !ok {
+			continue
+		}
+
+		readyCondition := meta.FindStatusCondition(domain.Status.Conditions, "Ready")
+		if readyCondition == nil {
+			continue
+		}
+
+		if readyCondition.Status == metav1.ConditionFalse {
+			d.recorder.Eventf(
+				ingress,
+				corev1.EventTypeWarning,
+				"DomainNotReady",
+				"Domain %q is not ready: %s",
+				rule.Host,
+				readyCondition.Message,
+			)
+		}
+	}
+}
+
 func (d *Driver) updateGatewayStatuses(ctx context.Context, c client.Client) error {
 	domains, err := getDomainsByDomain(ctx, c)
 	if err != nil {

pkg/managerdriver/driver_test.go

@@ -13,6 +13,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/client-go/tools/record"
 	"k8s.io/utils/ptr"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/client/fake"
@@ -1249,3 +1250,109 @@ func TestExtractPolicy(t *testing.T) {
 		})
 	}
 }
+
+var _ = Describe("RecordDomainEventsForIngress", func() {
+	var driver *Driver
+	var fakeRecorder *record.FakeRecorder
+	var scheme = runtime.NewScheme()
+
+	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
+	utilruntime.Must(ingressv1alpha1.AddToScheme(scheme))
+
+	BeforeEach(func() {
+		fakeRecorder = record.NewFakeRecorder(10)
+		driver = NewDriver(
+			GinkgoLogr,
+			scheme,
+			testutils.DefaultControllerName,
+			types.NamespacedName{Name: defaultManagerName},
+			WithEventRecorder(fakeRecorder),
+		)
+	})
+
+	It("Should record warning event when domain Ready condition is false", func() {
+		ingress := testutils.NewTestIngressV1WithHosts("test-ingress", "default", "example.com")
+		domains := testutils.NewDomainMap(
+			testutils.NewDomainV1("example.com", "default",
+				testutils.WithDomainReadyCondition(metav1.ConditionFalse, "domain not available on free plan")),
+		)
+
+		driver.recordDomainEventsForIngress(ingress, domains)
+
+		Expect(fakeRecorder.Events).To(Receive(Equal(
+			"Warning DomainNotReady Domain \"example.com\" is not ready: domain not available on free plan",
+		)))
+	})
+
+	It("Should not record event when domain Ready condition is true", func() {
+		ingress := testutils.NewTestIngressV1WithHosts("test-ingress", "default", "valid.ngrok.io")
+		domains := testutils.NewDomainMap(
+			testutils.NewDomainV1("valid.ngrok.io", "default",
+				testutils.WithDomainReadyCondition(metav1.ConditionTrue, "")),
+		)
+
+		driver.recordDomainEventsForIngress(ingress, domains)
+
+		Expect(fakeRecorder.Events).ToNot(Receive())
+	})
+
+	It("Should not record event when domain not found", func() {
+		ingress := testutils.NewTestIngressV1WithHosts("test-ingress", "default", "unknown.com")
+		domains := testutils.NewDomainMap()
+
+		driver.recordDomainEventsForIngress(ingress, domains)
+
+		Expect(fakeRecorder.Events).ToNot(Receive())
+	})
+
+	It("Should not record event when domain has no Ready condition", func() {
+		ingress := testutils.NewTestIngressV1WithHosts("test-ingress", "default", "pending.com")
+		domains := testutils.NewDomainMap(
+			testutils.NewDomainV1("pending.com", "default"),
+		)
+
+		driver.recordDomainEventsForIngress(ingress, domains)
+
+		Expect(fakeRecorder.Events).ToNot(Receive())
+	})
+
+	It("Should record events for multiple failing domains", func() {
+		ingress := testutils.NewTestIngressV1WithHosts("test-ingress", "default", "fail1.com", "fail2.com")
+		domains := testutils.NewDomainMap(
+			testutils.NewDomainV1("fail1.com", "default",
+				testutils.WithDomainReadyCondition(metav1.ConditionFalse, "error 1")),
+			testutils.NewDomainV1("fail2.com", "default",
+				testutils.WithDomainReadyCondition(metav1.ConditionFalse, "error 2")),
+		)
+
+		driver.recordDomainEventsForIngress(ingress, domains)
+
+		var events []string
+		for i := 0; i < 2; i++ {
+			var event string
+			Expect(fakeRecorder.Events).To(Receive(&event))
+			events = append(events, event)
+		}
+		Expect(events).To(ContainElement("Warning DomainNotReady Domain \"fail1.com\" is not ready: error 1"))
+		Expect(events).To(ContainElement("Warning DomainNotReady Domain \"fail2.com\" is not ready: error 2"))
+	})
+
+	It("Should not panic when recorder is nil", func() {
+		driverNoRecorder := NewDriver(
+			GinkgoLogr,
+			scheme,
+			testutils.DefaultControllerName,
+			types.NamespacedName{Name: defaultManagerName},
+		)
+
+		ingress := testutils.NewTestIngressV1WithHosts("test-ingress", "default", "example.com")
+		domains := testutils.NewDomainMap(
+			testutils.NewDomainV1("example.com", "default",
+				testutils.WithDomainReadyCondition(metav1.ConditionFalse, "some error")),
+		)
+
+		Expect(func() {
+			driverNoRecorder.recordDomainEventsForIngress(ingress, domains)
+		}).ToNot(Panic())
+	})
+})