diff --git a/.github/workflows/ci-e2e.yaml b/.github/workflows/ci-e2e.yaml
index f7cc67238..10aa8bf3c 100644
--- a/.github/workflows/ci-e2e.yaml
+++ b/.github/workflows/ci-e2e.yaml
@@ -5,6 +5,7 @@ on:
branches:
- main
- "release-*"
+ - "unified_kuadrant"
tags:
- "v[0-9]+.[0-9]+.[0-9]+"
paths-ignore:
@@ -21,6 +22,7 @@ on:
- '**.md'
- 'samples/**'
- 'LICENSE'
+ workflow_dispatch:
jobs:
e2e_test_suite:
diff --git a/README.md b/README.md
index aea04063a..9ba8f4ea2 100644
--- a/README.md
+++ b/README.md
@@ -34,7 +34,8 @@ When deploying the multicluster gateway controller using the make targets, the f
* go >= 1.21
### 1. Running the controller in the cluster:
-1. Set up your DNS Provider by following these [steps](./docs/dnspolicy/dns-provider.md)
+[//]: # (ToD mnairn)
+[//]: # (1. Set up your DNS Provider by following these [steps](./docs/dnspolicy/dns-provider.md))
1. Setup your local environment
```sh
@@ -63,7 +64,9 @@ When deploying the multicluster gateway controller using the make targets, the f
```
## 2. Running the controller locally:
-1. Set up your DNS Provider by following these [steps](./docs/dnspolicy/dns-provider.md)
+
+[//]: # (ToD mnairn)
+[//]: # (1. Set up your DNS Provider by following these [steps](./docs/dnspolicy/dns-provider.md))
1. Setup your local environment
diff --git a/bundle/manifests/kuadrant.io_tlspolicies.yaml b/bundle/manifests/kuadrant.io_tlspolicies.yaml
deleted file mode 100644
index 345103e50..000000000
--- a/bundle/manifests/kuadrant.io_tlspolicies.yaml
+++ /dev/null
@@ -1,315 +0,0 @@
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- controller-gen.kubebuilder.io/version: v0.10.0
- creationTimestamp: null
- labels:
- gateway.networking.k8s.io/policy: direct
- name: tlspolicies.kuadrant.io
-spec:
- group: kuadrant.io
- names:
- kind: TLSPolicy
- listKind: TLSPolicyList
- plural: tlspolicies
- singular: tlspolicy
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - description: TLSPolicy ready.
- jsonPath: .status.conditions[?(@.type=="Ready")].status
- name: Ready
- type: string
- name: v1alpha1
- schema:
- openAPIV3Schema:
- description: TLSPolicy is the Schema for the tlspolicies API
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: TLSPolicySpec defines the desired state of TLSPolicy
- properties:
- commonName:
- description: 'CommonName is a common name to be used on the Certificate.
- The CommonName should have a length of 64 characters or fewer to
- avoid generating invalid CSRs. This value is ignored by TLS clients
- when any subject alt name is set. This is x509 behaviour: https://tools.ietf.org/html/rfc6125#section-6.4.4'
- type: string
- duration:
- description: The requested 'duration' (i.e. lifetime) of the Certificate.
- This option may be ignored/overridden by some issuer types. If unset
- this defaults to 90 days. Certificate will be renewed either 2/3
- through its duration or `renewBefore` period before its expiry,
- whichever is later. Minimum accepted duration is 1 hour. Value must
- be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration
- type: string
- issuerRef:
- description: IssuerRef is a reference to the issuer for this certificate.
- If the `kind` field is not set, or set to `Issuer`, an Issuer resource
- with the given name in the same namespace as the Certificate will
- be used. If the `kind` field is set to `ClusterIssuer`, a ClusterIssuer
- with the provided name will be used. The `name` field in this stanza
- is required at all times.
- properties:
- group:
- description: Group of the resource being referred to.
- type: string
- kind:
- description: Kind of the resource being referred to.
- type: string
- name:
- description: Name of the resource being referred to.
- type: string
- required:
- - name
- type: object
- privateKey:
- description: Options to control private keys used for the Certificate.
- properties:
- algorithm:
- description: Algorithm is the private key algorithm of the corresponding
- private key for this certificate. If provided, allowed values
- are either `RSA`,`Ed25519` or `ECDSA` If `algorithm` is specified
- and `size` is not provided, key size of 256 will be used for
- `ECDSA` key algorithm and key size of 2048 will be used for
- `RSA` key algorithm. key size is ignored when using the `Ed25519`
- key algorithm.
- enum:
- - RSA
- - ECDSA
- - Ed25519
- type: string
- encoding:
- description: The private key cryptography standards (PKCS) encoding
- for this certificate's private key to be encoded in. If provided,
- allowed values are `PKCS1` and `PKCS8` standing for PKCS#1 and
- PKCS#8, respectively. Defaults to `PKCS1` if not specified.
- enum:
- - PKCS1
- - PKCS8
- type: string
- rotationPolicy:
- description: RotationPolicy controls how private keys should be
- regenerated when a re-issuance is being processed. If set to
- Never, a private key will only be generated if one does not
- already exist in the target `spec.secretName`. If one does exists
- but it does not have the correct algorithm or size, a warning
- will be raised to await user intervention. If set to Always,
- a private key matching the specified requirements will be generated
- whenever a re-issuance occurs. Default is 'Never' for backward
- compatibility.
- type: string
- size:
- description: Size is the key bit size of the corresponding private
- key for this certificate. If `algorithm` is set to `RSA`, valid
- values are `2048`, `4096` or `8192`, and will default to `2048`
- if not specified. If `algorithm` is set to `ECDSA`, valid values
- are `256`, `384` or `521`, and will default to `256` if not
- specified. If `algorithm` is set to `Ed25519`, Size is ignored.
- No other values are allowed.
- type: integer
- type: object
- renewBefore:
- description: How long before the currently issued certificate's expiry
- cert-manager should renew the certificate. The default is 2/3 of
- the issued certificate's duration. Minimum accepted value is 5 minutes.
- Value must be in units accepted by Go time.ParseDuration https://golang.org/pkg/time/#ParseDuration
- type: string
- revisionHistoryLimit:
- description: RevisionHistoryLimit is the maximum number of CertificateRequest
- revisions that are maintained in the Certificate's history. Each
- revision represents a single `CertificateRequest` created by this
- Certificate, either when it was created, renewed, or Spec was changed.
- Revisions will be removed by oldest first if the number of revisions
- exceeds this number. If set, revisionHistoryLimit must be a value
- of `1` or greater. If unset (`nil`), revisions will not be garbage
- collected. Default value is `nil`.
- format: int32
- type: integer
- targetRef:
- description: PolicyTargetReference identifies an API object to apply
- a direct or inherited policy to. This should be used as part of
- Policy resources that can target Gateway API resources. For more
- information on how this policy attachment model works, and a sample
- Policy resource, refer to the policy attachment documentation for
- Gateway API.
- properties:
- group:
- description: Group is the group of the target resource.
- maxLength: 253
- pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
- type: string
- kind:
- description: Kind is kind of the target resource.
- maxLength: 63
- minLength: 1
- pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
- type: string
- name:
- description: Name is the name of the target resource.
- maxLength: 253
- minLength: 1
- type: string
- namespace:
- description: Namespace is the namespace of the referent. When
- unspecified, the local namespace is inferred. Even when policy
- targets a resource in a different namespace, it MUST only apply
- to traffic originating from the same namespace as the policy.
- maxLength: 63
- minLength: 1
- pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
- type: string
- required:
- - group
- - kind
- - name
- type: object
- usages:
- description: Usages is the set of x509 usages that are requested for
- the certificate. Defaults to `digital signature` and `key encipherment`
- if not specified.
- items:
- description: 'KeyUsage specifies valid usage contexts for keys.
- See: https://tools.ietf.org/html/rfc5280#section-4.2.1.3 https://tools.ietf.org/html/rfc5280#section-4.2.1.12
- Valid KeyUsage values are as follows: "signing", "digital signature",
- "content commitment", "key encipherment", "key agreement", "data
- encipherment", "cert sign", "crl sign", "encipher only", "decipher
- only", "any", "server auth", "client auth", "code signing", "email
- protection", "s/mime", "ipsec end system", "ipsec tunnel", "ipsec
- user", "timestamping", "ocsp signing", "microsoft sgc", "netscape
- sgc"'
- enum:
- - signing
- - digital signature
- - content commitment
- - key encipherment
- - key agreement
- - data encipherment
- - cert sign
- - crl sign
- - encipher only
- - decipher only
- - any
- - server auth
- - client auth
- - code signing
- - email protection
- - s/mime
- - ipsec end system
- - ipsec tunnel
- - ipsec user
- - timestamping
- - ocsp signing
- - microsoft sgc
- - netscape sgc
- type: string
- type: array
- required:
- - issuerRef
- - targetRef
- type: object
- status:
- description: TLSPolicyStatus defines the observed state of TLSPolicy
- properties:
- conditions:
- description: "conditions are any conditions associated with the policy
- \n If configuring the policy fails, the \"Failed\" condition will
- be set with a reason and message describing the cause of the failure."
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- \n type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are: \"Available\",
- \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
- // +listType=map // +listMapKey=type Conditions []metav1.Condition
- `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
- protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- type: array
- observedGeneration:
- description: observedGeneration is the most recently observed generation
- of the TLSPolicy. When the TLSPolicy is updated, the controller
- updates the corresponding configuration. If an update fails, that
- failure is recorded in the status condition
- format: int64
- type: integer
- type: object
- type: object
- served: true
- storage: true
- subresources:
- status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: null
- storedVersions: null
diff --git a/bundle/manifests/multicluster-gateway-controller.clusterserviceversion.yaml b/bundle/manifests/multicluster-gateway-controller.clusterserviceversion.yaml
index 742ab3fe1..a07fa57f7 100644
--- a/bundle/manifests/multicluster-gateway-controller.clusterserviceversion.yaml
+++ b/bundle/manifests/multicluster-gateway-controller.clusterserviceversion.yaml
@@ -4,7 +4,7 @@ metadata:
annotations:
alm-examples: '[]'
capabilities: Basic Install
- createdAt: "2024-02-04T15:48:27Z"
+ createdAt: "2024-02-09T15:14:21Z"
operators.operatorframework.io/builder: operator-sdk-v1.28.0
operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
name: multicluster-gateway-controller.v0.0.0
@@ -20,7 +20,421 @@ spec:
mediatype: ""
install:
spec:
- deployments: []
+ clusterPermissions:
+ - rules:
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ - events
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - delete
+ - deletecollection
+ - patch
+ - apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - apiGroups:
+ - rbac.authorization.k8s.io
+ resources:
+ - roles
+ - rolebindings
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - delete
+ - apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - get
+ - create
+ - apiGroups:
+ - certificates.k8s.io
+ resources:
+ - certificatesigningrequests
+ - certificatesigningrequests/approval
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - apiGroups:
+ - certificates.k8s.io
+ resources:
+ - signers
+ verbs:
+ - approve
+ - apiGroups:
+ - cluster.open-cluster-management.io
+ resources:
+ - managedclusters
+ verbs:
+ - get
+ - list
+ - watch
+ - update
+ - apiGroups:
+ - work.open-cluster-management.io
+ resources:
+ - manifestworks
+ verbs:
+ - create
+ - update
+ - get
+ - list
+ - watch
+ - delete
+ - deletecollection
+ - patch
+ - apiGroups:
+ - addon.open-cluster-management.io
+ resources:
+ - managedclusteraddons/finalizers
+ verbs:
+ - update
+ - apiGroups:
+ - addon.open-cluster-management.io
+ resources:
+ - clustermanagementaddons/finalizers
+ verbs:
+ - update
+ - apiGroups:
+ - addon.open-cluster-management.io
+ resources:
+ - clustermanagementaddons
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - addon.open-cluster-management.io
+ resources:
+ - managedclusteraddons
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - delete
+ - apiGroups:
+ - addon.open-cluster-management.io
+ resources:
+ - managedclusteraddons/status
+ verbs:
+ - update
+ - patch
+ - apiGroups:
+ - kuadrant.io/v1beta1
+ resources:
+ - kuadrant
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ serviceAccountName: mgc-add-on-manager
+ - rules:
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - delete
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - cert-manager.io
+ resources:
+ - certificates
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - cluster.open-cluster-management.io
+ resources:
+ - managedclusters
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - cluster.open-cluster-management.io
+ resources:
+ - placementdecisions
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - gateway.networking.k8s.io
+ resources:
+ - gatewayclasses
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - gateway.networking.k8s.io
+ resources:
+ - gatewayclasses/finalizers
+ verbs:
+ - update
+ - apiGroups:
+ - gateway.networking.k8s.io
+ resources:
+ - gatewayclasses/status
+ verbs:
+ - get
+ - patch
+ - update
+ - apiGroups:
+ - gateway.networking.k8s.io
+ resources:
+ - gateways
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - gateway.networking.k8s.io
+ resources:
+ - gateways/finalizers
+ verbs:
+ - update
+ - apiGroups:
+ - gateway.networking.k8s.io
+ resources:
+ - gateways/status
+ verbs:
+ - get
+ - patch
+ - update
+ - apiGroups:
+ - kuadrant.io
+ resources:
+ - authpolicies
+ - ratelimitpolicies
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - work.open-cluster-management.io
+ resources:
+ - manifestworks
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+ - apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+ - apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+ serviceAccountName: mgc-controller-manager
+ deployments:
+ - label:
+ control-plane: kuadrant-add-on-manager
+ name: mgc-add-on-manager
+ spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ control-plane: kuadrant-add-on-manager
+ strategy: {}
+ template:
+ metadata:
+ annotations:
+ kubectl.kubernetes.io/default-container: controller
+ labels:
+ control-plane: kuadrant-add-on-manager
+ spec:
+ containers:
+ - args:
+ - --leader-elect
+ command:
+ - /add-on-manager
+ envFrom:
+ - configMapRef:
+ name: controller-config
+ optional: true
+ image: quay.io/kuadrant/addon-manager:main
+ imagePullPolicy: Always
+ name: controller
+ resources:
+ limits:
+ cpu: 500m
+ memory: 128Mi
+ requests:
+ cpu: 10m
+ memory: 64Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ securityContext:
+ runAsNonRoot: true
+ serviceAccountName: mgc-add-on-manager
+ terminationGracePeriodSeconds: 10
+ - label:
+ app.kubernetes.io/component: manager
+ app.kubernetes.io/created-by: multicluster-gateway-controller
+ app.kubernetes.io/instance: controller-manager
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: deployment
+ app.kubernetes.io/part-of: kuadrant
+ control-plane: controller-manager
+ name: mgc-controller-manager
+ spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ control-plane: controller-manager
+ strategy: {}
+ template:
+ metadata:
+ annotations:
+ kubectl.kubernetes.io/default-container: manager
+ labels:
+ control-plane: controller-manager
+ spec:
+ containers:
+ - args:
+ - --metrics-bind-address=0.0.0.0:8080
+ - --leader-elect
+ command:
+ - /controller
+ image: quay.io/kuadrant/multicluster-gateway-controller:main
+ imagePullPolicy: Always
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: 8081
+ initialDelaySeconds: 15
+ periodSeconds: 20
+ name: manager
+ ports:
+ - containerPort: 8080
+ name: metrics
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: 8081
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ resources:
+ limits:
+ cpu: 500m
+ memory: 256Mi
+ requests:
+ cpu: 10m
+ memory: 64Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ securityContext:
+ runAsNonRoot: true
+ serviceAccountName: mgc-controller-manager
+ terminationGracePeriodSeconds: 10
+ permissions:
+ - rules:
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+ - apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+ - apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+ serviceAccountName: mgc-controller-manager
strategy: deployment
installModes:
- supported: false
diff --git a/cmd/gateway_controller/main.go b/cmd/gateway_controller/main.go
index a97ebdf80..6ca936b99 100644
--- a/cmd/gateway_controller/main.go
+++ b/cmd/gateway_controller/main.go
@@ -20,7 +20,6 @@ import (
"flag"
"os"
- certmanv1 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
clusterv1 "open-cluster-management.io/api/cluster/v1"
clusterv1beta2 "open-cluster-management.io/api/cluster/v1beta1"
workv1 "open-cluster-management.io/api/work/v1"
@@ -54,7 +53,6 @@ var (
func init() {
utilruntime.Must(clientgoscheme.AddToScheme(scheme.Scheme))
- utilruntime.Must(certmanv1.AddToScheme(scheme.Scheme))
utilruntime.Must(gatewayapiv1.AddToScheme(scheme.Scheme))
utilruntime.Must(clusterv1beta2.AddToScheme(scheme.Scheme))
utilruntime.Must(workv1.AddToScheme(scheme.Scheme))
diff --git a/config/default/delete-kuadrant-system-ns-object.yaml b/config/default/delete-kuadrant-system-ns-object.yaml
deleted file mode 100644
index b64be7c28..000000000
--- a/config/default/delete-kuadrant-system-ns-object.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-$patch: delete
-apiVersion: v1
-kind: Namespace
-metadata:
- name: kuadrant-system
\ No newline at end of file
diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
index b52ae4ea6..41eda0db8 100644
--- a/config/default/kustomization.yaml
+++ b/config/default/kustomization.yaml
@@ -15,6 +15,3 @@ resources:
patches:
- path: manager_metrics_patch.yaml
-
-patchesStrategicMerge:
- - delete-kuadrant-system-ns-object.yaml
diff --git a/config/dependencies/kuadrant-operator/kustomization.yaml b/config/dependencies/kuadrant-operator/kustomization.yaml
new file mode 100644
index 000000000..4228e3e8d
--- /dev/null
+++ b/config/dependencies/kuadrant-operator/kustomization.yaml
@@ -0,0 +1,7 @@
+resources:
+- github.com/kuadrant/kuadrant-operator/config/deploy?ref=main
+
+images:
+ - name: quay.io/kuadrant/kuadrant-operator
+ newName: quay.io/kuadrant/kuadrant-operator
+ newTag: latest
diff --git a/config/dependencies/kuadrant-operator/olm/catalog_image_patch.yaml b/config/dependencies/kuadrant-operator/olm/catalog_image_patch.yaml
new file mode 100644
index 000000000..9aa3e6867
--- /dev/null
+++ b/config/dependencies/kuadrant-operator/olm/catalog_image_patch.yaml
@@ -0,0 +1,6 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: CatalogSource
+metadata:
+ name: kuadrant-operator-catalog
+spec:
+ image: quay.io/kuadrant/kuadrant-operator-catalog:main
diff --git a/config/dependencies/kuadrant-operator/olm/kustomization.yaml b/config/dependencies/kuadrant-operator/olm/kustomization.yaml
new file mode 100644
index 000000000..85c2e76b8
--- /dev/null
+++ b/config/dependencies/kuadrant-operator/olm/kustomization.yaml
@@ -0,0 +1,5 @@
+resources:
+- github.com/kuadrant/kuadrant-operator/config/deploy/olm?ref=main
+
+patchesStrategicMerge:
+ - catalog_image_patch.yaml
diff --git a/config/samples/kuadrant.io_v1alpha1_tlspolicy.yaml b/config/samples/kuadrant.io_v1alpha1_tlspolicy.yaml
deleted file mode 100644
index 1ad5b032b..000000000
--- a/config/samples/kuadrant.io_v1alpha1_tlspolicy.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: kuadrant.io/v1alpha1
-kind: TLSPolicy
-metadata:
- labels:
- app.kubernetes.io/name: tlspolicy
- app.kubernetes.io/instance: tlspolicy-sample
- app.kubernetes.io/part-of: tmp
- app.kubernetes.io/managed-by: kustomize
- app.kubernetes.io/created-by: tmp
- name: tlspolicy-sample
-spec:
- targetRef:
- name: prod-web
- group: gateway.networking.k8s.io
- kind: Gateway
- issuerRef:
- group: cert-manager.io
- kind: ClusterIssuer
- name: glbc-ca
diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml
index 77be08752..7bc47462a 100644
--- a/config/samples/kustomization.yaml
+++ b/config/samples/kustomization.yaml
@@ -1,4 +1,3 @@
## Append samples you want in your CSV to this file as resources ##
resources:
# Used as examples in kuadrant-operator bundle
-- kuadrant.io_v1alpha1_tlspolicy.yaml
diff --git a/docs/dnspolicy/dns-health-checks.md b/docs/dnspolicy/dns-health-checks.md
deleted file mode 100644
index da4b2eda0..000000000
--- a/docs/dnspolicy/dns-health-checks.md
+++ /dev/null
@@ -1,129 +0,0 @@
-# DNS Health Checks
-DNS Health Checks are a crucial tool for ensuring the availability and reliability of your multi-cluster applications. Kuadrant offers a powerful feature known as DNSPolicy, which allows you to configure and verify health checks for DNS endpoints. This guide provides a comprehensive overview of how to set up, utilize, and understand DNS health checks.
-
-## Video Overview
-
-
-## What are DNS Health Checks?
-DNS Health Checks are a way to assess the availability and health of DNS endpoints associated with your applications. These checks involve sending periodic requests to the specified endpoints to determine their responsiveness and health status. by configuring these checks via the [DNSPolicy](./dnspolicy.md), you can ensure that your applications are correctly registered, operational, and serving traffic as expected.
-
-## Configuration of Health Checks
->Note: By default, health checks occur at 60-second intervals.
-
-To configure a DNS health check, you need to specify the `healthCheck` section of the DNSPolicy. The key part of this configuration is the `healthCheck` section, which includes important properties such as:
-
-* `allowInsecureCertificates`: Added for development environments, allows health probes to not fail when finding an invalid (e.g. self-signed) certificate.
-* `additionalHeadersRef`: This refers to a secret that holds extra headers for the probe to send, often containing important elements like authentication tokens.
-* `endpoint`: This is the path where the health checks take place, usually represented as '/healthz' or something similar.
-* `expectedResponses`: This setting lets you specify the expected HTTP response codes. If you don't set this, the default values assumed are 200 and 201.
-* `failureThreshold`: It's the number of times the health check can fail for the endpoint before it's marked as unhealthy.
-* `interval`: This property allows you to specify the time interval between consecutive health checks. The minimum allowed value is 5 seconds.
-* `port`: Specific port for the connection to be checked.
-* `protocol`: Type of protocol being used, like HTTP or HTTPS. **(Required)**
-
-
-```bash
-kubectl apply -f - < See [the Multicluster Gateways walkthrough](../how-to/multicluster-gateways-walkthrough.md) for step by step
-instructions on deploying these with a simple application.
-
-## Steps
-
-The DNSPolicy will target the existing Multi Cluster Gateway, resulting in the
-creation of DNS Records for each of the Gateway listeners backed by a managed zone,
-ensuring traffic reaches the correct gateway instances and is balanced across them, as well as optional DNS health checks and load balancing.
-
-In order to enable basic DNS, create a minimal DNSPolicy resource
-
-```yaml
-apiVersion: kuadrant.io/v1alpha1
-kind: DNSPolicy
-metadata:
- name: basic-dnspolicy
- namespace:
-spec:
- targetRef:
- name:
- group: gateway.networking.k8s.io
- kind: Gateway
-```
-
-Once created, the multi-cluster Gateway Controller will reconcile the DNS records.
-By default it will setup a round robin / evenly weighted set of records to ensure a balance of traffic across each provisioned gateway instance. You can see the status by querying the DNSRecord resources.
-
-```sh
-kubectl get dnsrecords -A
-```
-
-The DNS records will be propagated in a few minutes, and the application will
-be available through the defined hosts.
-
-## Advanced DNS configuration
-
-The DNSPolicy supports other optional configuration options like geographic and
-weighted load balancing and health checks. For more detailed information about these options, see [DNSPolicy](./dnspolicy.md)
\ No newline at end of file
diff --git a/docs/dnspolicy/dnspolicy.md b/docs/dnspolicy/dnspolicy.md
deleted file mode 100644
index b2b86ccc5..000000000
--- a/docs/dnspolicy/dnspolicy.md
+++ /dev/null
@@ -1,284 +0,0 @@
-# Kuadrant DNSPolicy
-
-The DNSPolicy is a [GatewayAPI](https://gateway-api.sigs.k8s.io/) policy that uses `Direct Policy Attachment` as defined in the [policy attachment mechanism](https://gateway-api.sigs.k8s.io/v1alpha2/references/policy-attachment/) standard.
-This policy is used to provide dns management for gateway listeners by managing the lifecycle of dns records in external dns providers such as AWS Route53 and Google DNS.
-
-## Overview Video
-
-
-## How it works
-
-A DNSPolicy and its targeted Gateway API networking resource contain all the statements to configure both the ingress gateway and the external DNS service.
-The needed dns names are gathered from the listener definitions and the IPAdresses | CNAME hosts are gathered from the status block of the gateway resource.
-
-### The DNSPolicy custom resource
-
-#### Overview
-
-The `DNSPolicy` spec includes the following parts:
-
-* A reference to an existing Gateway API resource (`spec.targetRef`)
-* DNS Routing Strategy (`spec.routingStrategy`)
-* LoadBalancing specification (`spec.loadBalancing`)
-* HealthCheck specification (`spec.healthCheck`)
-
-#### High-level example and field definition
-
-```yaml
-apiVersion: kuadrant.io/v1alpha1
-kind: DNSPolicy
-metadata:
- name: my-dns-policy
-spec:
- # reference to an existing networking resource to attach the policy to
- # it can only be a Gateway API Gateway resource
- # it can only refer to objects in the same namespace as the DNSPolicy
- targetRef:
- group: gateway.networking.k8s.io
- kind: Gateway
- name: mygateway
-
- # (optional) routing strategy to use when creating DNS records, defaults to `loadbalanced`
- # determines what DNS records are created in the DNS provider
- # check out Kuadrant RFC 0005 https://github.com/Kuadrant/architecture/blob/main/rfcs/0005-single-cluster-dnspolicy.md to learn more about the Routing Strategy field
- # One-of: simple, loadbalanced.
- routingStrategy: loadbalanced
-
- # (optional) loadbalancing specification
- # use it for providing the specification of how dns will be configured in order to provide balancing of load across multiple clusters when using the `loadbalanced` routing strategy
- # Primary use of this is for multi cluster deployments
- # check out Kuadrant RFC 0003 https://github.com/Kuadrant/architecture/blob/main/rfcs/0003-dns-policy.md to learn more about the options that can be used in this field
- loadBalancing:
- # (optional) weighted specification
- # use it to control the weight value applied to records
- weighted:
- # use it to change the weight of a record based on labels applied to the target meta resource i.e. Gateway in a single cluster context or ManagedCluster in multi cluster with OCM
- custom:
- - weight: 200
- selector:
- matchLabels:
- kuadrant.io/lb-attribute-custom-weight: AWS
- # (optional) weight value that will be applied to weighted dns records by default. Integer greater than 0 and no larger than the maximum value accepted by the target dns provider, defaults to `120`
- defaultWeight: 100
- # (optional) geo specification
- # use it to control the geo value applied to records
- geo:
- # (optional) default geo to be applied to records
- defaultGeo: IE
-
- # (optional) health check specification
- # health check probes with the following specification will be created for each DNS target
- # check out [DNS Health Checks](./dns-health-checks.md) to learn more about the HealthChecks that can be used in this field
- healthCheck:
- allowInsecureCertificates: true
- endpoint: /
- expectedResponses:
- - 200
- - 201
- - 301
- failureThreshold: 5
- port: 443
- protocol: https
-```
-
-Check out the [API reference](../reference/dnspolicy.md) for a full specification of the DNSPolicy CRD.
-
-## Using the DNSPolicy
-
-### DNS Provider and ManagedZone Setup
-
-A DNSPolicy acts against a target Gateway by processing its listeners for hostnames that it can create dns records for.
-In order for it to do this, it must know about dns providers, and what domains these dns providers are currently hosting.
-This is done through the creation of ManagedZones and dns provider secrets containing the credentials for the dns provider account.
-
-If for example a Gateway is created with a listener with a hostname of `echo.apps.hcpapps.net`:
-```yaml
-apiVersion: gateway.networking.k8s.io/v1
-kind: Gateway
-metadata:
- name: my-gw
-spec:
- listeners:
- - allowedRoutes:
- namespaces:
- from: All
- name: api
- hostname: echo.apps.hcpapps.net
- port: 80
- protocol: HTTP
-```
-
-In order for the DNSPolicy to act upon that listener, a ManagedZone must exist for that hostnames' domain.
-
-```yaml
-apiVersion: kuadrant.io/v1alpha1
-kind: ManagedZone
-metadata:
- name: apps.hcpapps.net
-spec:
- domainName: apps.hcpapps.net
- description: "apps.hcpapps.net managed domain"
- dnsProviderSecretRef:
- name: my-aws-credentials
-```
-
-The managed zone references a secret containing the external DNS provider services credentials.
-
-```yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: my-aws-credentials
- namespace:
-data:
- AWS_ACCESS_KEY_ID:
- AWS_REGION:
- AWS_SECRET_ACCESS_KEY:
-type: kuadrant.io/aws
-```
-
-### Targeting a Gateway networking resource
-
-When a DNSPolicy targets a Gateway, the policy will be enforced on all gateway listeners that have a matching ManagedZone.
-
-Target a Gateway by setting the `spec.targetRef` field of the DNSPolicy as follows:
-
-```yaml
-apiVersion: kuadrant.io/v1beta2
-kind: DNSPolicy
-metadata:
- name:
-spec:
- targetRef:
- group: gateway.networking.k8s.io
- kind: Gateway
- name:
-```
-
-### DNSRecord Resource
-
-The DNSPolicy will create a DNSRecord resource for each listener hostname with a suitable ManagedZone configured. The DNSPolicy resource uses the status of the Gateway to determine what dns records need to be created based on the clusters it has been placed onto.
-
-Given the following multi cluster gateway status:
-```yaml
-status:
- addresses:
- - type: kuadrant.io/MultiClusterIPAddress
- value: kind-mgc-workload-1/172.31.201.1
- - type: kuadrant.io/MultiClusterIPAddress
- value: kind-mgc-workload-2/172.31.202.1
- listeners:
- - attachedRoutes: 1
- conditions: []
- name: kind-mgc-workload-1.api
- supportedKinds: []
- - attachedRoutes: 1
- conditions: []
- name: kind-mgc-workload-2.api
- supportedKinds: []
-```
-
-A DNSPolicy targeting this gateway would create an appropriate DNSRecord based on the routing strategy selected.
-
-#### loadbalanced
-```yaml
-apiVersion: kuadrant.io/v1alpha1
-kind: DNSRecord
-metadata:
- name: echo.apps.hcpapps.net
- namespace:
-spec:
- endpoints:
- - dnsName: 24osuu.lb-2903yb.echo.apps.hcpapps.net
- recordTTL: 60
- recordType: A
- targets:
- - 172.31.202.1
- - dnsName: default.lb-2903yb.echo.apps.hcpapps.net
- providerSpecific:
- - name: weight
- value: "120"
- recordTTL: 60
- recordType: CNAME
- setIdentifier: 24osuu.lb-2903yb.echo.apps.hcpapps.net
- targets:
- - 24osuu.lb-2903yb.echo.apps.hcpapps.net
- - dnsName: default.lb-2903yb.echo.apps.hcpapps.net
- providerSpecific:
- - name: weight
- value: "120"
- recordTTL: 60
- recordType: CNAME
- setIdentifier: lrnse3.lb-2903yb.echo.apps.hcpapps.net
- targets:
- - lrnse3.lb-2903yb.echo.apps.hcpapps.net
- - dnsName: echo.apps.hcpapps.net
- recordTTL: 300
- recordType: CNAME
- targets:
- - lb-2903yb.echo.apps.hcpapps.net
- - dnsName: lb-2903yb.echo.apps.hcpapps.net
- providerSpecific:
- - name: geo-country-code
- value: '*'
- recordTTL: 300
- recordType: CNAME
- setIdentifier: default
- targets:
- - default.lb-2903yb.echo.apps.hcpapps.net
- - dnsName: lrnse3.lb-2903yb.echo.apps.hcpapps.net
- recordTTL: 60
- recordType: A
- targets:
- - 172.31.201.1
- managedZone:
- name: apps.hcpapps.net
-```
-
-After DNSRecord reconciliation the listener hostname should be resolvable through dns:
-
-```bash
-dig echo.apps.hcpapps.net +short
-lb-2903yb.echo.apps.hcpapps.net.
-default.lb-2903yb.echo.apps.hcpapps.net.
-lrnse3.lb-2903yb.echo.apps.hcpapps.net.
-172.31.201.1
-```
-
-#### simple
-```yaml
-apiVersion: kuadrant.io/v1alpha1
-kind: DNSRecord
-metadata:
- name: echo.apps.hcpapps.net
- namespace:
-spec:
- endpoints:
- - dnsName: echo.apps.hcpapps.net
- recordTTL: 60
- recordType: A
- targets:
- - 172.31.201.1
- - 172.31.202.1
- managedZone:
- name: apps.hcpapps.net
-```
-
-After DNSRecord reconciliation the listener hostname should be resolvable through dns:
-
-```bash
-dig echo.apps.hcpapps.net +short
-172.31.201.1
-```
-
-More information about the dns record structure can be found in the [DNSRecord structure](../proposals/DNSRecordStructure.md) document.
-
-### Examples
-
-Check out the following user guides for examples of using the Kuadrant DNSPolicy:
-* [Multicluster LoadBalanced DNSPolicy](../how-to/multicluster-loadbalanced-dnspolicy.md)
-
-### Known limitations
-
-* One Gateway can only be targeted by one DNSPolicy.
-* DNSPolicies can only target Gateways defined within the same namespace of the DNSPolicy.
diff --git a/docs/how-to/multicluster-loadbalanced-dnspolicy.md b/docs/how-to/multicluster-loadbalanced-dnspolicy.md
index 25d52a465..60155604c 100644
--- a/docs/how-to/multicluster-loadbalanced-dnspolicy.md
+++ b/docs/how-to/multicluster-loadbalanced-dnspolicy.md
@@ -111,7 +111,8 @@ The health check section is optional, the following fields are available:
- `port`: The port to connect to
- `protocol`: The protocol to use for this connection
-For more information about DNS Health Checks, see [this guide](../dnspolicy/dns-health-checks.md).
+[//]: # (ToDo mnairn)
+[//]: # (For more information about DNS Health Checks, see [this guide](../dnspolicy/dns-health-checks.md).)
#### Checking status of health checks
To list all health checks:
diff --git a/docs/installation/control-plane-installation.md b/docs/installation/control-plane-installation.md
index 9651dd165..4733f13bc 100644
--- a/docs/installation/control-plane-installation.md
+++ b/docs/installation/control-plane-installation.md
@@ -10,7 +10,9 @@ This guide will show you how to install and configure the Multi-Cluster Gateway
- Any number of additional **spoke clusters** that have been configured as OCM [ManagedClusters](https://open-cluster-management.io/concepts/managedcluster/)
- [Kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) (>= v1.14.0)
- Either a pre-existing [cert-manager](https://cert-manager.io/)(>=v1.12.2) installation _or_ the [Kustomize](https://kubectl.docs.kubernetes.io/installation/kustomize/) and [Helm](https://helm.sh/docs/intro/quickstart/#install-helm) CLIs installed
-- Amazon Web services (AWS) and or Google cloud provider (GCP) credentials. See the [DNS Provider](../dnspolicy/dns-provider.md) guide for obtaining these credentials.
+
+[//]: # (ToDo mnairn)
+[//]: # (- Amazon Web services (AWS) and or Google cloud provider (GCP) credentials. See the [DNS Provider](../dnspolicy/dns-provider.md) guide for obtaining these credentials.)
## Configure OCM with RawFeedbackJsonString Feature Gate
@@ -83,7 +85,8 @@ gatewayclass.gateway.networking.k8s.io/kuadrant-multi-cluster-gateway-instance-p
## Creating a ManagedZone
-**Note:** :exclamation: To manage the creation of DNS records, MGC uses [ManagedZone](../managed-zone.md) resources. A `ManagedZone` can be configured to use DNS Zones on both AWS (Route53), and GCP (Cloud DNS). Commands to create each are provided below.
+[//]: # (ToDo mnairn)
+[//]: # (**Note:** :exclamation: To manage the creation of DNS records, MGC uses [ManagedZone](../managed-zone.md) resources. A `ManagedZone` can be configured to use DNS Zones on both AWS (Route53), and GCP (Cloud DNS). Commands to create each are provided below. )
First, depending on the provider you would like to use export the [environment variables detailed here](https://docs.kuadrant.io/getting-started/#config) in a terminal session.
diff --git a/docs/managed-zone.md b/docs/managed-zone.md
deleted file mode 100644
index ab7f297a4..000000000
--- a/docs/managed-zone.md
+++ /dev/null
@@ -1,87 +0,0 @@
-# Creating and using a ManagedZone resource.
-
-## What is a ManagedZone
-A ManagedZone is a reference to a [DNS zone](https://en.wikipedia.org/wiki/DNS_zone).
-By creating a ManagedZone we are instructing the MGC about a domain or subdomain that can be used as a host by any gateways in the same namespace.
-These gateways can use a subdomain of the ManagedZone.
-
-If a gateway attempts to a use a domain as a host, and there is no matching ManagedZone for that host, then that host on that gateway will fail to function.
-
-A gateway's host will be matched to any ManagedZone that the host is a subdomain of, i.e. `test.api.hcpapps.net` will be matched by any ManagedZone (in the same namespace) of: `test.api.hcpapps.net`, `api.hcpapps.net` or `hcpapps.net`.
-
-When MGC wants to create the DNS Records for a host, it will create them in the most exactly matching ManagedZone.
-e.g. given the zones `hcpapps.net` and `api.hcpapps.net` the DNS Records for the host `test.api.hcpapps.net` will be created in the `api.hcpapps.net` zone.
-
-### Delegation
-Delegation allows you to give control of a subdomain of a root domain to MGC while the root domain has it's DNS zone elsewhere.
-
-In the scenario where a root domain has a zone outside Route53, e.g. `external.com`, and a ManagedZone for `delegated.external.com` is required, the following steps can be taken:
-- Create the ManagedZone for `delegated.external.com` and wait until the status is updated with an array of nameservers (e.g. `ns1.hcpapps.net`, `ns2.hcpapps.net`).
-- Copy these nameservers to your root zone for `external.com`, you can create a NS record for each nameserver against the `delegated.external.com` record.
-
-For example:
-```
-delegated.external.com. 3600 IN NS ns1.hcpapps.net.
-delegated.external.com. 3600 IN NS ns2.hcpapps.net.
-```
-
-Now, when MGC creates a DNS record in it's Route53 zone for `delegated.external.com`, it will be resolved correctly.
-### Creating a ManagedZone
-To create a `ManagedZone`, you will first need to create a DNS provider Secret. To create one, see our [DNS Provider](dnspolicy/dns-provider.md) setup guide, and make note of your provider's secret name.
-
-
-#### Example ManagedZone
-To create a bew `ManagedZone` with AWS Route, with a DNS Provider secret named `my-aws-credentials`:
-
-```bash
-kubectl apply -f - < |
diff --git a/docs/reference/managedzone.md b/docs/reference/managedzone.md
deleted file mode 100644
index b6e2a607d..000000000
--- a/docs/reference/managedzone.md
+++ /dev/null
@@ -1,46 +0,0 @@
-# The ManagedZone Custom Resource Definition (CRD)
-
-- [ManagedZone](#ManagedZone)
-- [ManagedZoneSpec](#managedzonespec)
-- [ManagedZoneStatus](#managedzonestatus)
-
-## ManagedZone
-
-| **Field** | **Type** | **Required** | **Description** |
-|-----------|-------------------------------------|:------------:|------------------------------------------------|
-| `spec` | [ManagedZoneSpec](#managedzonespec) | Yes | The specification for ManagedZone custom resource |
-| `status` | [ManagedZoneStatus](#managedzonestatus) | No | The status for the custom resource |
-
-## ManagedZoneSpec
-
-| **Field** | **Type** | **Required** | **Description** |
-|------------------------|------------------------------------------------|:------------:|--------------------------------------------------------------------------|
-| `id` | String | No | ID is the provider assigned id of this zone (i.e. route53.HostedZone.ID) |
-| `domainName` | String | Yes | Domain name of this ManagedZone |
-| `description` | String | No | Description for this ManagedZone |
-| `parentManagedZone` | [ManagedZoneReference](#managedzonereference) | No | Reference to another managed zone that this managed zone belongs to |
-| `dnsProviderSecretRef` | [SecretRef](#secretref) | No | Reference to a secret containing provider credentials |
-
-## ManagedZoneReference
-
-| **Field** | **Type** | **Required** | **Description** |
-|--------------|----------|:------------:|-------------------------|
-| `name` | String | Yes | Name of a managed zone |
-
-## SecretRef
-
-| **Field** | **Type** | **Required** | **Description** |
-|--------------|----------|:------------:|-------------------------|
-| `name` | String | Yes | Name of the secret |
-| `namespace` | String | Yes | Namespace of the secret |
-
-
-## ManagedZoneStatus
-
-| **Field** | **Type** | **Description** |
-|----------------------|------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------|
-| `observedGeneration` | String | Number of the last observed generation of the resource. Use it to check if the status info is up to date with latest resource spec |
-| `conditions` | [][Kubernetes meta/v1.Condition](https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Condition) | List of conditions that define that status of the resource |
-| `id` | String | The ID assigned by this provider for this zone (i.e. route53.HostedZone.ID) |
-| `recordCount` | Number | The number of records in the provider zone |
-| `nameServers` | []String | The NameServers assigned by the provider for this zone (i.e. route53.DelegationSet.NameServers) |
diff --git a/docs/reference/tlspolicy.md b/docs/reference/tlspolicy.md
deleted file mode 100644
index f2ce44162..000000000
--- a/docs/reference/tlspolicy.md
+++ /dev/null
@@ -1,35 +0,0 @@
-# The TLSPolicy Custom Resource Definition (CRD)
-
-- [TLSPolicy](#TLSPolicy)
-- [TLSPolicySpec](#tlspolicyspec)
-- [TLSPolicyStatus](#tlspolicystatus)
-
-## TLSPolicy
-
-| **Field** | **Type** | **Required** | **Description** |
-|-----------|-------------------------------------|:------------:|-------------------------------------------------|
-| `spec` | [TLSPolicySpec](#tlspolicyspec) | Yes | The specification for TLSPolicy custom resource |
-| `status` | [TLSPolicyStatus](#tlspolicystatus) | No | The status for the custom resource |
-
-## TLSPolicySpec
-
-| **Field** | **Type** | **Required** | **Description** |
-|------------------------|----------------------------------------------------------------------------------------------------------------------------------------------|:------------:|--------------------------------------------------------------------------------------------------------------------------------------------------|
-| `targetRef` | [Gateway API PolicyTargetReference](https://gateway-api.sigs.k8s.io/geps/gep-713/?h=policytargetreference#policy-targetref-api) | Yes | Reference to a Kuberentes resource that the policy attaches to |
-| `issuerRef` | [CertManager meta/v1.ObjectReference](https://cert-manager.io/v1.13-docs/reference/api-docs/#meta.cert-manager.io/v1.ObjectReference) | Yes | IssuerRef is a reference to the issuer for the created certificate |
-| `commonName` | String | No | CommonName is a common name to be used on the created certificate |
-| `duration` | [Kubernetes meta/v1.Duration](https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration) | No | The requested 'duration' (i.e. lifetime) of the created certificate. |
-| `renewBefore` | [Kubernetes meta/v1.Duration](https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration) | No | How long before the currently issued certificate's expiry cert-manager should renew the certificate. |
-| `usages` | [][CertManager v1.KeyUsage](https://cert-manager.io/v1.13-docs/reference/api-docs/#cert-manager.io/v1.KeyUsage) | No | Usages is the set of x509 usages that are requested for the certificate. Defaults to `digital signature` and `key encipherment` if not specified |
-| `revisionHistoryLimit` | Number | No | RevisionHistoryLimit is the maximum number of CertificateRequest revisions that are maintained in the Certificate's history |
-| `privateKey` | [CertManager meta/v1.CertificatePrivateKey](https://cert-manager.io/v1.13-docs/reference/api-docs/#cert-manager.io/v1.CertificatePrivateKey) | No | Options to control private keys used for the Certificate |
-
-
-**IssuerRef certmanmetav1.ObjectReference**
-
-## TLSPolicyStatus
-
-| **Field** | **Type** | **Description** |
-|----------------------|-----------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------|
-| `observedGeneration` | String | Number of the last observed generation of the resource. Use it to check if the status info is up to date with latest resource spec. |
-| `conditions` | [][Kubernetes meta/v1.Condition](https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Condition) | List of conditions that define that status of the resource. |
diff --git a/docs/tlspolicy/tls-policy.md b/docs/tlspolicy/tls-policy.md
deleted file mode 100644
index d62f23c52..000000000
--- a/docs/tlspolicy/tls-policy.md
+++ /dev/null
@@ -1,179 +0,0 @@
-# TLS Policy
-
-The TLSPolicy is a [GatewayAPI](https://gateway-api.sigs.k8s.io/) policy that uses `Direct Policy Attachment` as defined in the [policy attachment mechanism](https://gateway-api.sigs.k8s.io/v1alpha2/references/policy-attachment/) standard.
-This policy is used to provide tls for gateway listeners by managing the lifecycle of tls certificates using [`CertManager`](https://cert-manager.io), and is a policy implementation of [`securing gateway resources`](https://cert-manager.io/docs/usage/gateway/).
-
-## Terms
-
-- [`GatewayAPI`](https://gateway-api.sigs.k8s.io/): resources that model service networking in Kubernetes.
-- [`Gateway`](https://gateway-api.sigs.k8s.io/api-types/gateway/): Kubernetes Gateway resource.
-- [`CertManager`](https://cert-manager.io): X.509 certificate management for Kubernetes and OpenShift.
-- [`TLSPolicy`](https://github.com/Kuadrant/multicluster-gateway-controller/blob/main/config/crd/bases/kuadrant.io_tlspolicies.yaml): Kuadrant policy for managing tls certificates with certificate manager.
-
-
-## TLS Provider Setup
-
-A TLSPolicy acts against a target Gateway by processing its listeners for appropriately configured [tls sections](https://cert-manager.io/docs/usage/gateway/#generate-tls-certs-for-selected-tls-blocks).
-
-If for example a Gateway is created with a listener with a hostname of `echo.apps.hcpapps.net`:
-```yaml
-apiVersion: gateway.networking.k8s.io/v1
-kind: Gateway
-metadata:
- name: prod-web
- namespace: multi-cluster-gateways
-spec:
- gatewayClassName: kuadrant-multi-cluster-gateway-instance-per-cluster
- listeners:
- - allowedRoutes:
- namespaces:
- from: All
- name: api
- hostname: echo.apps.hcpapps.net
- port: 443
- protocol: HTTPS
- tls:
- mode: Terminate
- certificateRefs:
- - name: apps-hcpapps-tls
- kind: Secret
-```
-
-## TLSPolicy creation and attachment
-
-The TLSPolicy requires a reference to an existing [CertManager Issuer](https://cert-manager.io/docs/configuration/).
-If we create a [self-signed cluster](https://cert-manager.io/docs/configuration/selfsigned/) issuer with the following:
-
-```yaml
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
- name: selfsigned-cluster-issuer
-spec:
- selfSigned: {}
-```
-
-We can then create and attach a TLSPolicy to start managing tls certificates for it:
-
-```yaml
-apiVersion: kuadrant.io/v1alpha1
-kind: TLSPolicy
-metadata:
- name: prod-web
- namespace: multi-cluster-gateways
-spec:
- targetRef:
- name: prod-web
- group: gateway.networking.k8s.io
- kind: Gateway
- issuerRef:
- group: cert-manager.io
- kind: ClusterIssuer
- name: selfsigned-cluster-issuer
-```
-
-### Target Reference
-- `targetRef` field is taken from [policy attachment's target reference API](https://gateway-api.sigs.k8s.io/geps/gep-713/#policy-targetref-api). It can only target one resource at a time. Fields included inside:
-- `Group` is the group of the target resource. Only valid option is `gateway.networking.k8s.io`.
-- `Kind` is kind of the target resource. Only valid options are `Gateway`.
-- `Name` is the name of the target resource.
-- `Namespace` is the namespace of the referent. Currently only local objects can be referred so value is ignored.
-
-### Issuer Reference
-- `issuerRef` field is required and is a reference to a [CertManager Issuer](https://cert-manager.io/docs/configuration/). Fields included inside:
-- `Group` is the group of the target resource. Only valid option is `cert-manager.io`.
-- `Kind` is kind of issuer. Only valid options are `Issuer` and `ClusterIssuer`.
-- `Name` is the name of the target issuer.
-
-The example TLSPolicy shown above would create a [CertManager Certificate](https://cert-manager.io/docs/usage/certificate/) like the following:
-```yaml
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
- labels:
- gateway: prod-web
- gateway-namespace: multi-cluster-gateways
- kuadrant.io/tlspolicy: prod-web
- kuadrant.io/tlspolicy-namespace: multi-cluster-gateways
- name: apps-hcpapps-tls
- namespace: multi-cluster-gateways
-spec:
- dnsNames:
- - echo.apps.hcpapps.net
- issuerRef:
- group: cert-manager.io
- kind: ClusterIssuer
- name: selfsigned-cluster-issuer
- secretName: apps-hcpapps-tls
- secretTemplate:
- labels:
- gateway: prod-web
- gateway-namespace: multi-cluster-gateways
- kuadrant.io/tlspolicy: prod-web
- kuadrant.io/tlspolicy-namespace: multi-cluster-gateways
- usages:
- - digital signature
- - key encipherment
-```
-
-And valid tls secrets generated and synced out to workload clusters:
-
-```bash
-kubectl get secrets -A | grep apps-hcpapps-tls
-kuadrant-multi-cluster-gateways apps-hcpapps-tls kubernetes.io/tls 3 6m42s
-multi-cluster-gateways apps-hcpapps-tls kubernetes.io/tls 3 7m12s
-```
-
-## Let's Encrypt Issuer for Route53 hosted domain
-
-Any type of Issuer that is supported by CertManager can be referenced in the TLSPolicy. The following shows how you would create a TLSPolicy that uses [let's encypt](https://letsencrypt.org/) to create production certs for a domain hosted in AWS Route53.
-
-Create a secret containing AWS access key and secret:
-```bash
-kubectl create secret generic le-aws-credentials --from-literal=AWS_ACCESS_KEY_ID= --from-literal=AWS_SECRET_ACCESS_KEY= -n multi-cluster-gateways
-```
-
-Create a new Issuer:
-```yaml
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
- name: le-production
- namespace: multi-cluster-gateways
-spec:
- acme:
- email:
- preferredChain: ""
- privateKeySecretRef:
- name: le-production
- server: https://acme-v02.api.letsencrypt.org/directory
- solvers:
- - dns01:
- route53:
- hostedZoneID:
- region: us-east-1
- accessKeyIDSecretRef:
- key: AWS_ACCESS_KEY_ID
- name: le-aws-credentials
- secretAccessKeySecretRef:
- key: AWS_SECRET_ACCESS_KEY
- name: le-aws-credentials
-```
-
-Create a TLSPolicy:
-```yaml
-apiVersion: kuadrant.io/v1alpha1
-kind: TLSPolicy
-metadata:
- name: prod-web
- namespace: multi-cluster-gateways
-spec:
- targetRef:
- name: prod-web
- group: gateway.networking.k8s.io
- kind: Gateway
- issuerRef:
- group: cert-manager.io
- kind: Issuer
- name: le-production
-```
diff --git a/go.mod b/go.mod
index 05e51515a..8b77a538c 100644
--- a/go.mod
+++ b/go.mod
@@ -3,11 +3,11 @@ module github.com/Kuadrant/multicluster-gateway-controller
go 1.21
require (
+ github.com/cert-manager/cert-manager v1.12.1
github.com/go-logr/logr v1.3.0
github.com/goombaio/namegenerator v0.0.0-20181006234301-989e774b106e
- github.com/jetstack/cert-manager v1.7.1
- github.com/kuadrant/kuadrant-dns-operator v0.0.0-20240202223525-b889335b228f
- github.com/kuadrant/kuadrant-operator v0.1.1-0.20231114121136-3136ed961c70
+ github.com/kuadrant/dns-operator v0.1.0
+ github.com/kuadrant/kuadrant-operator v0.1.1-0.20240213220508-a823a3739fd6
github.com/onsi/ginkgo/v2 v2.13.2
github.com/onsi/gomega v1.30.0
github.com/operator-framework/api v0.17.5
@@ -59,6 +59,7 @@ require (
github.com/kuadrant/authorino-operator v0.9.0 // indirect
github.com/kuadrant/limitador-operator v0.7.0 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
+ github.com/martinlindhe/base36 v1.1.1 // indirect
github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
github.com/mitchellh/copystructure v1.2.0 // indirect
github.com/mitchellh/reflectwalk v1.0.2 // indirect
@@ -66,10 +67,12 @@ require (
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/pkg/errors v0.9.1 // indirect
+ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/prometheus/client_golang v1.17.0 // indirect
github.com/prometheus/client_model v0.5.0 // indirect
github.com/prometheus/common v0.45.0 // indirect
github.com/prometheus/procfs v0.12.0 // indirect
+ github.com/rogpeppe/go-internal v1.11.0 // indirect
github.com/shopspring/decimal v1.3.1 // indirect
github.com/sirupsen/logrus v1.9.3 // indirect
github.com/spf13/cast v1.6.0 // indirect
@@ -115,5 +118,3 @@ require (
replace maistra.io/istio-operator => github.com/maistra/istio-operator v0.0.0-20231214211859-76e404c8df41
replace github.com/imdario/mergo => dario.cat/mergo v0.3.5
-
-replace github.com/kuadrant/kuadrant-operator => /home/mnairn/go/src/github.com/kuadrant/kuadrant-operator
diff --git a/go.sum b/go.sum
index 1bc57ca15..1d2874e9b 100644
--- a/go.sum
+++ b/go.sum
@@ -14,6 +14,8 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
+github.com/cert-manager/cert-manager v1.12.1 h1:QA8/diGdInzBRhqiyTITPC+wI9FaXbgOAAT3Dwe9KZE=
+github.com/cert-manager/cert-manager v1.12.1/go.mod h1:ql0msU88JCcQSceN+PFjEY8U+AMe13y06vO2klJk8bs=
github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
@@ -81,8 +83,6 @@ github.com/goombaio/namegenerator v0.0.0-20181006234301-989e774b106e/go.mod h1:A
github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU=
github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
-github.com/jetstack/cert-manager v1.7.1 h1:qIIP0RN5FzBChJLJ3uGCGJmdAAonwDMdcsJExATa64I=
-github.com/jetstack/cert-manager v1.7.1/go.mod h1:xj0TPp31HE0Jub5mNOnF3Fp3XvhIsiP+tsPZVOmU/Qs=
github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
@@ -101,12 +101,16 @@ github.com/kuadrant/authorino v0.15.0 h1:Xw/buh/wTINdL+IpLSxhlpet4hpleMxZzfx39c4
github.com/kuadrant/authorino v0.15.0/go.mod h1:vXkHKrntn8DR7kt8a8Ohxq+2lgAD0jWivThoP+7ASew=
github.com/kuadrant/authorino-operator v0.9.0 h1:EV7zrYBNcd53HPQMivvTwe/+DIATTK7O4znJzh4xON8=
github.com/kuadrant/authorino-operator v0.9.0/go.mod h1:VkUqS4CHNiaHMrjSFQ5V71DN829kPnqT3FQxqlOntEI=
-github.com/kuadrant/kuadrant-dns-operator v0.0.0-20240202223525-b889335b228f h1:kRhKt1sW8ZqZlEasTGb1aX6xrEutBU1Ef+P4stf3bhY=
-github.com/kuadrant/kuadrant-dns-operator v0.0.0-20240202223525-b889335b228f/go.mod h1:OyP8aXe7uOCP8PKMhd6JXPSUyzcNkztriNDeyearp4M=
+github.com/kuadrant/dns-operator v0.1.0 h1:MlSKdzNejuxDFhIjn6/OFcdYnLyMo95SRMlFs5WZZ+A=
+github.com/kuadrant/dns-operator v0.1.0/go.mod h1:qmqqpvIRFewuTWd4kox/udz32hW7TQsE7Wvd45Eea18=
+github.com/kuadrant/kuadrant-operator v0.1.1-0.20240213220508-a823a3739fd6 h1:VxWU7HgQQKc/Q2CksDrHA8FkSjYeZJQe6mDPaZrDwCI=
+github.com/kuadrant/kuadrant-operator v0.1.1-0.20240213220508-a823a3739fd6/go.mod h1:hv/pNca6YvlpIK1WLmkvx1H4v0XEE8i10Ui9esxem+c=
github.com/kuadrant/limitador-operator v0.7.0 h1:pLIpM6vUxAY/Jn6ny61IGpqS7Oti786duBzJ67DJOuA=
github.com/kuadrant/limitador-operator v0.7.0/go.mod h1:tg+G+3eTzUUfvUmdbiqH3FnScEPSWZ3DmorD1ZAx1bo=
github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/martinlindhe/base36 v1.1.1 h1:1F1MZ5MGghBXDZ2KJ3QfxmiydlWOGB8HCEtkap5NkVg=
+github.com/martinlindhe/base36 v1.1.1/go.mod h1:vMS8PaZ5e/jV9LwFKlm0YLnXl/hpOihiBxKkIoc3g08=
github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg=
github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k=
github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
@@ -137,8 +141,9 @@ github.com/operator-framework/api v0.17.5/go.mod h1:l/cuwtPxkVUY7fzYgdust2m9tlmb
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/prometheus/client_golang v1.17.0 h1:rl2sfwZMtSthVU752MqfjQozy7blglC+1SOtjMAMh+Q=
github.com/prometheus/client_golang v1.17.0/go.mod h1:VeL+gMmOAxkS2IqfCq0ZmHSL+LjWfWDUmp1mBz9JgUY=
github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw=
@@ -147,8 +152,8 @@ github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lne
github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY=
github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=
github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
-github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
-github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
+github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
+github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=
github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
diff --git a/hack/.deployUtils b/hack/.deployUtils
index c164be614..4f97a7952 100644
--- a/hack/.deployUtils
+++ b/hack/.deployUtils
@@ -257,6 +257,7 @@ initController() {
# # Add the mgc CRDs
${KUSTOMIZE_BIN} build config/local-setup/controller/ | kubectl apply -f -
${KUSTOMIZE_BIN} build config/local-setup/issuer/ | kubectl apply -f -
+ ${KUSTOMIZE_BIN} build config/dependencies/kuadrant-operator/ | kubectl apply -f -
if [[ -f "controller-config.env" && -f "gcp-credentials.env" ]]; then
${KUSTOMIZE_BIN} --reorder none --load-restrictor LoadRestrictionsNone build config/local-setup/controller/gcp | kubectl apply -f -
fi
diff --git a/hack/make/addon.make b/hack/make/addon.make
index 5cff2471a..966173d90 100644
--- a/hack/make/addon.make
+++ b/hack/make/addon.make
@@ -5,7 +5,7 @@ build-addon-manager: manifests generate fmt vet ## Build ocm binary.
go build -o bin/addon-manager ./cmd/ocm/main.go
.PHONY: run-addon-manager
-run-addon-manager: manifests generate fmt vet install
+run-addon-manager: manifests generate fmt vet
go run ./cmd/ocm/main.go
diff --git a/hack/make/dependencies.make b/hack/make/dependencies.make
index b2e511781..7547a729a 100644
--- a/hack/make/dependencies.make
+++ b/hack/make/dependencies.make
@@ -33,7 +33,7 @@ ISTIOVERSION ?= 1.20.0
OPERATOR_SDK_VERSION ?= 1.28.0
CLUSTERADM_VERSION ?= 0.6.0
SUBCTL_VERSION ?= release-0.15
-GINKGO_VERSION ?= v2.11.0
+GINKGO_VERSION ?= v2.13.2
OPENSHIFT_GOIMPORTS_VERSION ?= c70783e636f2213cac683f6865d88c5edace3157
.PHONY: dependencies
diff --git a/pkg/controllers/gateway/gateway_controller.go b/pkg/controllers/gateway/gateway_controller.go
index df570c301..002a52162 100644
--- a/pkg/controllers/gateway/gateway_controller.go
+++ b/pkg/controllers/gateway/gateway_controller.go
@@ -48,6 +48,8 @@ import (
"sigs.k8s.io/controller-runtime/pkg/reconcile"
gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1"
+ "github.com/kuadrant/kuadrant-operator/pkg/multicluster"
+
"github.com/Kuadrant/multicluster-gateway-controller/pkg/_internal/gracePeriod"
"github.com/Kuadrant/multicluster-gateway-controller/pkg/_internal/metadata"
"github.com/Kuadrant/multicluster-gateway-controller/pkg/_internal/slice"
@@ -219,7 +221,7 @@ func (r *GatewayReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
}
for _, address := range addresses {
log.V(3).Info("checking address type for mapping", "address.Type", address.Type)
- addressType, supported := AddressTypeToMultiCluster(address)
+ addressType, supported := multicluster.AddressTypeToMultiCluster(address)
if !supported {
continue // ignore address type gatewayapiv1.NamedAddressType. Unsupported for multi cluster gateway
}
@@ -276,7 +278,7 @@ func (r *GatewayReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
func (r *GatewayReconciler) reconcileClusterLabels(ctx context.Context, gateway *gatewayapiv1.Gateway, clusters []string) error {
//Remove all existing clusters.kuadrant.io labels
for key := range gateway.Labels {
- if strings.HasPrefix(key, ClustersLabelPrefix) {
+ if strings.HasPrefix(key, multicluster.ClustersLabelPrefix) {
delete(gateway.Labels, key)
}
}
@@ -293,7 +295,7 @@ func (r *GatewayReconciler) reconcileClusterLabels(ctx context.Context, gateway
if !found {
continue
}
- gateway.Labels[ClustersLabelPrefix+cluster+"_"+attribute] = value
+ gateway.Labels[multicluster.ClustersLabelPrefix+cluster+"_"+attribute] = value
}
}
return nil
@@ -567,33 +569,3 @@ func (r *GatewayReconciler) SetupWithManager(mgr ctrl.Manager, ctx context.Conte
})).
Complete(r)
}
-
-//ToDo These need to be exposed by the kuadrant operator DNSPolicy APIs
-
-const (
- ClustersLabelPrefix = "clusters." + LabelPrefix
- MultiClusterIPAddressType gatewayapiv1.AddressType = LabelPrefix + "MultiClusterIPAddress"
- MultiClusterHostnameAddressType gatewayapiv1.AddressType = LabelPrefix + "MultiClusterHostnameAddress"
-)
-
-// AddressTypeToMultiCluster returns a multi cluster version of the address type
-// and a bool to indicate that provided address type was converted. If not - original type is returned
-func AddressTypeToMultiCluster(address gatewayapiv1.GatewayAddress) (gatewayapiv1.AddressType, bool) {
- if *address.Type == gatewayapiv1.IPAddressType {
- return MultiClusterIPAddressType, true
- } else if *address.Type == gatewayapiv1.HostnameAddressType {
- return MultiClusterHostnameAddressType, true
- }
- return *address.Type, false
-}
-
-// AddressTypeToSingleCluster converts provided multicluster address to single cluster version
-// the bool indicates a successful conversion
-func AddressTypeToSingleCluster(address gatewayapiv1.GatewayAddress) (gatewayapiv1.AddressType, bool) {
- if *address.Type == MultiClusterIPAddressType {
- return gatewayapiv1.IPAddressType, true
- } else if *address.Type == MultiClusterHostnameAddressType {
- return gatewayapiv1.HostnameAddressType, true
- }
- return *address.Type, false
-}
diff --git a/test/e2e/gateway_single_spoke_test.go b/test/e2e/gateway_single_spoke_test.go
index 815369a28..7e05d28ca 100644
--- a/test/e2e/gateway_single_spoke_test.go
+++ b/test/e2e/gateway_single_spoke_test.go
@@ -11,8 +11,8 @@ import (
"strings"
"time"
- certmanv1 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
- certmanmetav1 "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
+ certmanv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
+ certmanmetav1 "github.com/cert-manager/cert-manager/pkg/apis/meta/v1"
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
. "github.com/onsi/gomega/gstruct"
@@ -25,7 +25,7 @@ import (
gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1"
gatewayapiv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
- kuadrantdnsv1alpha1 "github.com/kuadrant/kuadrant-dns-operator/api/v1alpha1"
+ kuadrantdnsv1alpha1 "github.com/kuadrant/dns-operator/api/v1alpha1"
kuadrantv1alpha1 "github.com/kuadrant/kuadrant-operator/api/v1alpha1"
"github.com/Kuadrant/multicluster-gateway-controller/pkg/_internal/conditions"
diff --git a/test/e2e/suite_test.go b/test/e2e/suite_test.go
index ef5e913c1..30a0568e7 100644
--- a/test/e2e/suite_test.go
+++ b/test/e2e/suite_test.go
@@ -16,7 +16,7 @@ import (
logf "sigs.k8s.io/controller-runtime/pkg/log"
"sigs.k8s.io/controller-runtime/pkg/log/zap"
- kuadrantvdns1alpha1 "github.com/kuadrant/kuadrant-dns-operator/api/v1alpha1"
+ kuadrantvdns1alpha1 "github.com/kuadrant/dns-operator/api/v1alpha1"
kuadrantv1alpha1 "github.com/kuadrant/kuadrant-operator/api/v1alpha1"
. "github.com/Kuadrant/multicluster-gateway-controller/test/util"
diff --git a/test/gateway_integration/suite_test.go b/test/gateway_integration/suite_test.go
index 764c42d1c..24c98a18b 100644
--- a/test/gateway_integration/suite_test.go
+++ b/test/gateway_integration/suite_test.go
@@ -39,7 +39,6 @@ import (
. "github.com/Kuadrant/multicluster-gateway-controller/pkg/controllers/gateway"
"github.com/Kuadrant/multicluster-gateway-controller/pkg/placement"
- //"github.com/Kuadrant/multicluster-gateway-controller/pkg/apis/v1alpha1"
//+kubebuilder:scaffold:imports
)
@@ -101,9 +100,6 @@ var _ = BeforeSuite(func() {
err = gatewayapiv1.AddToScheme(scheme.Scheme)
Expect(err).NotTo(HaveOccurred())
- // err = certman.AddToScheme(scheme.Scheme)
- // Expect(err).NotTo(HaveOccurred())
-
err = ocmworkv1.AddToScheme(scheme.Scheme)
Expect(err).NotTo(HaveOccurred())
diff --git a/test/util/helper.go b/test/util/helper.go
index 0dcb801ad..98b0c97cc 100644
--- a/test/util/helper.go
+++ b/test/util/helper.go
@@ -6,7 +6,7 @@ import (
"strings"
"testing"
- certman "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
+ certman "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
corev1 "k8s.io/api/core/v1"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -19,20 +19,14 @@ import (
)
const (
- Domain = "thecat.com"
- ValidTestHostname = "boop." + Domain
- ValidTestWildcard = "*." + Domain
- FailFetchDANSSubdomain = "failfetch"
- FailCreateDNSSubdomain = "failcreate"
- FailEnsureCertHost = "failCreateCert" + "." + Domain
- FailGetCertSecretName = "fail-fail"
- FailEndpointsHostname = "failEndpoints" + "." + Domain
- FailPlacementHostname = "failPlacement" + "." + Domain
- Cluster = "test_cluster_one"
- Namespace = "boop-namespace"
- DummyCRName = "boop"
- Placement = "placement"
- TLSSecretName = "test-tls-cert"
+ Domain = "thecat.com"
+ ValidTestHostname = "boop." + Domain
+ FailPlacementHostname = "failPlacement" + "." + Domain
+ Cluster = "test_cluster_one"
+ Namespace = "boop-namespace"
+ DummyCRName = "boop"
+ Placement = "placement"
+ TLSSecretName = "test-tls-cert"
)
func BuildValidTestRequest(name, ns string) ctrl.Request {
@@ -87,28 +81,6 @@ func AssertNoErrorReconciliation() func(res ctrl.Result, err error, t *testing.T
}
}
-func AssertErrorReconciliation(expectedError string) func(res ctrl.Result, err error, t *testing.T) {
- return func(res ctrl.Result, err error, t *testing.T) {
- if (expectedError == "") != (err == nil) {
- t.Errorf("expected error %s but got %s", expectedError, err)
- }
- if err != nil && !strings.Contains(err.Error(), expectedError) {
- t.Errorf("expected error to be %s but got %s", expectedError, err)
- }
- }
-}
-
-func AssertError(expectedError string) func(t *testing.T, err error) {
- return func(t *testing.T, err error) {
- if (expectedError == "") != (err == nil) {
- t.Errorf("expected error %s but got %s", expectedError, err)
- }
- if err != nil && !strings.Contains(err.Error(), expectedError) {
- t.Errorf("expected error to be %s but got %s", expectedError, err)
- }
- }
-}
-
func GetValidTestClient(initLists ...client.ObjectList) client.WithWatch {
return fake.NewClientBuilder().
WithStatusSubresource(&gatewayapiv1.Gateway{}, &gatewayapiv1.GatewayClass{}).
diff --git a/test/util/suite_config.go b/test/util/suite_config.go
index 308fa1239..bbf57c43b 100644
--- a/test/util/suite_config.go
+++ b/test/util/suite_config.go
@@ -9,8 +9,8 @@ import (
"os"
"strconv"
+ certmanv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
"github.com/goombaio/namegenerator"
- certmanv1 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
ocmclusterv1 "open-cluster-management.io/api/cluster/v1"
ocmclusterv1beta1 "open-cluster-management.io/api/cluster/v1beta1"
ocmclusterv1beta2 "open-cluster-management.io/api/cluster/v1beta2"
diff --git a/test/util/test_dnspolicy_types.go b/test/util/test_dnspolicy_types.go
deleted file mode 100644
index df0d07458..000000000
--- a/test/util/test_dnspolicy_types.go
+++ /dev/null
@@ -1,131 +0,0 @@
-//go:build unit || integration || e2e
-
-package testutil
-
-import (
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
- gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1"
- gatewayapiv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
-
- kuadrantdnsv1alpha1 "github.com/kuadrant/kuadrant-dns-operator/api/v1alpha1"
- kuadrantv1alpha1 "github.com/kuadrant/kuadrant-operator/api/v1alpha1"
-)
-
-// DNSPolicyBuilder wrapper for DNSPolicy builder helper
-type DNSPolicyBuilder struct {
- *kuadrantv1alpha1.DNSPolicy
-}
-
-func NewDNSPolicyBuilder(name, ns string) *DNSPolicyBuilder {
- return &DNSPolicyBuilder{
- &kuadrantv1alpha1.DNSPolicy{
- ObjectMeta: metav1.ObjectMeta{
- Name: name,
- Namespace: ns,
- },
- Spec: kuadrantv1alpha1.DNSPolicySpec{},
- },
- }
-}
-
-func (t *DNSPolicyBuilder) WithTargetRef(targetRef gatewayapiv1alpha2.PolicyTargetReference) *DNSPolicyBuilder {
- t.Spec.TargetRef = targetRef
- return t
-}
-
-func (t *DNSPolicyBuilder) WithHealthCheck(healthCheck kuadrantv1alpha1.HealthCheckSpec) *DNSPolicyBuilder {
- t.Spec.HealthCheck = &healthCheck
- return t
-}
-
-func (t *DNSPolicyBuilder) WithLoadBalancing(loadBalancing kuadrantv1alpha1.LoadBalancingSpec) *DNSPolicyBuilder {
- t.Spec.LoadBalancing = &loadBalancing
- return t
-}
-
-func (t *DNSPolicyBuilder) WithRoutingStrategy(strategy kuadrantv1alpha1.RoutingStrategy) *DNSPolicyBuilder {
- t.Spec.RoutingStrategy = strategy
- return t
-}
-
-//TargetRef
-
-func (t *DNSPolicyBuilder) WithTargetGateway(gwName string) *DNSPolicyBuilder {
- typedNamespace := gatewayapiv1.Namespace(t.GetNamespace())
- return t.WithTargetRef(gatewayapiv1alpha2.PolicyTargetReference{
- Group: "gateway.networking.k8s.io",
- Kind: "Gateway",
- Name: gatewayapiv1.ObjectName(gwName),
- Namespace: &typedNamespace,
- })
-}
-
-//HealthCheck
-
-func (t *DNSPolicyBuilder) WithHealthCheckFor(endpoint string, port *int, protocol kuadrantdnsv1alpha1.HealthProtocol, failureThreshold *int) *DNSPolicyBuilder {
- return t.WithHealthCheck(kuadrantv1alpha1.HealthCheckSpec{
- Endpoint: endpoint,
- Port: port,
- Protocol: &protocol,
- FailureThreshold: failureThreshold,
- AdditionalHeadersRef: nil,
- ExpectedResponses: nil,
- AllowInsecureCertificates: false,
- Interval: nil,
- })
-}
-
-//LoadBalancing
-
-func (t *DNSPolicyBuilder) WithLoadBalancingWeighted(lbWeighted kuadrantv1alpha1.LoadBalancingWeighted) *DNSPolicyBuilder {
- if t.Spec.LoadBalancing == nil {
- t.Spec.LoadBalancing = &kuadrantv1alpha1.LoadBalancingSpec{}
- }
- t.Spec.LoadBalancing.Weighted = &lbWeighted
- return t
-}
-
-func (t *DNSPolicyBuilder) WithLoadBalancingGeo(lbGeo kuadrantv1alpha1.LoadBalancingGeo) *DNSPolicyBuilder {
- if t.Spec.LoadBalancing == nil {
- t.Spec.LoadBalancing = &kuadrantv1alpha1.LoadBalancingSpec{}
- }
- t.Spec.LoadBalancing.Geo = &lbGeo
- return t
-}
-
-func (t *DNSPolicyBuilder) WithLoadBalancingWeightedFor(defaultWeight kuadrantv1alpha1.Weight, custom []*kuadrantv1alpha1.CustomWeight) *DNSPolicyBuilder {
- return t.WithLoadBalancingWeighted(kuadrantv1alpha1.LoadBalancingWeighted{
- DefaultWeight: defaultWeight,
- Custom: custom,
- })
-}
-
-func (t *DNSPolicyBuilder) WithLoadBalancingGeoFor(defaultGeo string) *DNSPolicyBuilder {
- return t.WithLoadBalancingGeo(kuadrantv1alpha1.LoadBalancingGeo{
- DefaultGeo: defaultGeo,
- })
-}
-
-// ManagedZoneBuilder wrapper for ManagedZone builder helper
-type ManagedZoneBuilder struct {
- *kuadrantdnsv1alpha1.ManagedZone
-}
-
-func NewManagedZoneBuilder(name, ns, domainName string) *ManagedZoneBuilder {
- return &ManagedZoneBuilder{
- &kuadrantdnsv1alpha1.ManagedZone{
- ObjectMeta: metav1.ObjectMeta{
- Name: name,
- Namespace: ns,
- },
- Spec: kuadrantdnsv1alpha1.ManagedZoneSpec{
- ID: "1234",
- DomainName: domainName,
- Description: domainName,
- SecretRef: kuadrantdnsv1alpha1.ProviderRef{
- Name: "secretname",
- },
- },
- },
- }
-}
diff --git a/test/util/test_types.go b/test/util/test_types.go
index 1b35e5a9d..b021afbbd 100644
--- a/test/util/test_types.go
+++ b/test/util/test_types.go
@@ -5,12 +5,9 @@ package testutil
import (
"strings"
- certmanv1 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
+ certmanv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
- "k8s.io/apimachinery/pkg/runtime"
- "k8s.io/apimachinery/pkg/runtime/schema"
- "sigs.k8s.io/controller-runtime/pkg/client"
gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1"
gatewayapiv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
)
@@ -134,61 +131,3 @@ func AddListener(name string, hostname gatewayapiv1alpha2.Hostname, secretName g
gw.Spec.Listeners = append(gw.Spec.Listeners, listener)
}
-
-//
-//// TLSPolicyBuilder wrapper for TLSPolicy builder helper
-//type TLSPolicyBuilder struct {
-// *v1alpha1.TLSPolicy
-//}
-//
-//func NewTLSPolicyBuilder(policyName, ns string) *TLSPolicyBuilder {
-// return &TLSPolicyBuilder{
-// &v1alpha1.TLSPolicy{
-// ObjectMeta: metav1.ObjectMeta{
-// Name: policyName,
-// Namespace: ns,
-// },
-// Spec: v1alpha1.TLSPolicySpec{},
-// },
-// }
-//}
-//
-//func (t *TLSPolicyBuilder) Build() *v1alpha1.TLSPolicy {
-// return t.TLSPolicy
-//}
-//
-//func (t *TLSPolicyBuilder) WithTargetGateway(gwName string) *TLSPolicyBuilder {
-// typedNamespace := gatewayapiv1.Namespace(t.GetNamespace())
-// t.Spec.TargetRef = gatewayapiv1alpha2.PolicyTargetReference{
-// Group: "gateway.networking.k8s.io",
-// Kind: "Gateway",
-// Name: gatewayapiv1.ObjectName(gwName),
-// Namespace: &typedNamespace,
-// }
-// return t
-//}
-//
-//func (t *TLSPolicyBuilder) WithIssuerRef(issuerRef certmanmetav1.ObjectReference) *TLSPolicyBuilder {
-// t.Spec.IssuerRef = issuerRef
-// return t
-//}
-//
-//func (t *TLSPolicyBuilder) WithIssuer(name, kind, group string) *TLSPolicyBuilder {
-// t.WithIssuerRef(certmanmetav1.ObjectReference{
-// Name: name,
-// Kind: kind,
-// Group: group,
-// })
-// return t
-//}
-
-var _ client.Object = &TestResource{}
-
-// TestResource dummy client.Object that can be used in place of a real k8s resource for testing
-type TestResource struct {
- metav1.TypeMeta
- metav1.ObjectMeta
-}
-
-func (*TestResource) GetObjectKind() schema.ObjectKind { return nil }
-func (*TestResource) DeepCopyObject() runtime.Object { return nil }