From 81fa415a6b7998ac3db60b13825e492b63fd50b7 Mon Sep 17 00:00:00 2001 From: jayson wang Date: Mon, 5 Aug 2024 22:33:08 +0800 Subject: [PATCH] initial commit --- .dockerignore | 3 + .editorconfig | 18 + .github/workflows/charts.yaml | 69 +++ .github/workflows/ci.yaml | 49 ++ .github/workflows/docker.yaml | 39 ++ .gitignore | Bin 0 -> 814 bytes .golangci.yml | 44 ++ .run/mobius-manager.run.xml | 12 + Dockerfile | 37 ++ LICENSE | 13 + Makefile | 206 +++++++++ PROJECT | 20 + README.md | 73 +++ api/networking/types.go | 7 + .../v1alpha1/externalproxy_types.go | 191 ++++++++ api/networking/v1alpha1/groupversion_info.go | 36 ++ .../v1alpha1/zz_generated.deepcopy.go | 353 ++++++++++++++ charts/mobius-manager/.helmignore | 23 + charts/mobius-manager/Chart.yaml | 24 + charts/mobius-manager/templates/NOTES.txt | 1 + charts/mobius-manager/templates/_helpers.tpl | 62 +++ charts/mobius-manager/templates/crd.yaml | 435 ++++++++++++++++++ .../mobius-manager/templates/deployment.yaml | 66 +++ charts/mobius-manager/templates/rbac.yaml | 122 +++++ .../templates/serviceaccount.yaml | 13 + charts/mobius-manager/values.yaml | 86 ++++ cmd/main.go | 131 ++++++ ...networking.laboys.org_externalproxies.yaml | 434 +++++++++++++++++ config/crd/kustomization.yaml | 23 + config/crd/kustomizeconfig.yaml | 19 + config/default/kustomization.yaml | 147 ++++++ config/default/manager_metrics_patch.yaml | 4 + config/default/metrics_service.yaml | 17 + config/manager/kustomization.yaml | 2 + config/manager/manager.yaml | 95 ++++ config/prometheus/kustomization.yaml | 2 + config/prometheus/monitor.yaml | 18 + config/rbac/kustomization.yaml | 19 + config/rbac/leader_election_role.yaml | 40 ++ config/rbac/leader_election_role_binding.yaml | 15 + .../networking_externalproxy_editor_role.yaml | 27 ++ .../networking_externalproxy_viewer_role.yaml | 23 + config/rbac/role.yaml | 68 +++ config/rbac/role_binding.yaml | 15 + config/rbac/service_account.yaml | 8 + config/samples/kustomization.yaml | 3 + .../networking_v1alpha1_externalproxy.yaml | 34 ++ go.mod | 78 ++++ go.sum | 204 ++++++++ hack/boilerplate.go.txt | 15 + .../networking/externalproxy_controller.go | 294 ++++++++++++ .../externalproxy_controller_test.go | 172 +++++++ .../networking/externalproxy_status.go | 46 ++ .../networking/externalproxy_watch_event.go | 92 ++++ internal/controller/networking/suite_test.go | 113 +++++ internal/controller/networking/utils.go | 203 ++++++++ internal/expectations/expectations.go | 132 ++++++ internal/expectations/expectations_test.go | 51 ++ internal/fieldindex/fieldindex.go | 31 ++ internal/fieldindex/fieldindex_test.go | 50 ++ internal/patch/patch.go | 24 + internal/patch/patch_test.go | 107 +++++ internal/sync/singleton/filter/filter.go | 58 +++ internal/sync/singleton/filter/filter_test.go | 73 +++ internal/sync/singleton/singleton.go | 97 ++++ internal/sync/singleton/singleton_test.go | 21 + pkg/must/json.go | 15 + pkg/must/json_test.go | 28 ++ pkg/utils/merge.go | 12 + pkg/utils/merge_test.go | 29 ++ test/e2e/e2e_suite_test.go | 33 ++ test/e2e/e2e_test.go | 122 +++++ test/utils/utils.go | 140 ++++++ 73 files changed, 5386 insertions(+) create mode 100644 .dockerignore create mode 100644 .editorconfig create mode 100644 .github/workflows/charts.yaml create mode 100644 .github/workflows/ci.yaml create mode 100644 .github/workflows/docker.yaml create mode 100644 .gitignore create mode 100644 .golangci.yml create mode 100644 .run/mobius-manager.run.xml create mode 100644 Dockerfile create mode 100644 LICENSE create mode 100644 Makefile create mode 100644 PROJECT create mode 100644 README.md create mode 100644 api/networking/types.go create mode 100644 api/networking/v1alpha1/externalproxy_types.go create mode 100644 api/networking/v1alpha1/groupversion_info.go create mode 100644 api/networking/v1alpha1/zz_generated.deepcopy.go create mode 100644 charts/mobius-manager/.helmignore create mode 100644 charts/mobius-manager/Chart.yaml create mode 100644 charts/mobius-manager/templates/NOTES.txt create mode 100644 charts/mobius-manager/templates/_helpers.tpl create mode 100644 charts/mobius-manager/templates/crd.yaml create mode 100644 charts/mobius-manager/templates/deployment.yaml create mode 100644 charts/mobius-manager/templates/rbac.yaml create mode 100644 charts/mobius-manager/templates/serviceaccount.yaml create mode 100644 charts/mobius-manager/values.yaml create mode 100644 cmd/main.go create mode 100644 config/crd/bases/networking.laboys.org_externalproxies.yaml create mode 100644 config/crd/kustomization.yaml create mode 100644 config/crd/kustomizeconfig.yaml create mode 100644 config/default/kustomization.yaml create mode 100644 config/default/manager_metrics_patch.yaml create mode 100644 config/default/metrics_service.yaml create mode 100644 config/manager/kustomization.yaml create mode 100644 config/manager/manager.yaml create mode 100644 config/prometheus/kustomization.yaml create mode 100644 config/prometheus/monitor.yaml create mode 100644 config/rbac/kustomization.yaml create mode 100644 config/rbac/leader_election_role.yaml create mode 100644 config/rbac/leader_election_role_binding.yaml create mode 100644 config/rbac/networking_externalproxy_editor_role.yaml create mode 100644 config/rbac/networking_externalproxy_viewer_role.yaml create mode 100644 config/rbac/role.yaml create mode 100644 config/rbac/role_binding.yaml create mode 100644 config/rbac/service_account.yaml create mode 100644 config/samples/kustomization.yaml create mode 100644 config/samples/networking_v1alpha1_externalproxy.yaml create mode 100644 go.mod create mode 100644 go.sum create mode 100644 hack/boilerplate.go.txt create mode 100644 internal/controller/networking/externalproxy_controller.go create mode 100644 internal/controller/networking/externalproxy_controller_test.go create mode 100644 internal/controller/networking/externalproxy_status.go create mode 100644 internal/controller/networking/externalproxy_watch_event.go create mode 100644 internal/controller/networking/suite_test.go create mode 100644 internal/controller/networking/utils.go create mode 100644 internal/expectations/expectations.go create mode 100644 internal/expectations/expectations_test.go create mode 100644 internal/fieldindex/fieldindex.go create mode 100644 internal/fieldindex/fieldindex_test.go create mode 100644 internal/patch/patch.go create mode 100644 internal/patch/patch_test.go create mode 100644 internal/sync/singleton/filter/filter.go create mode 100644 internal/sync/singleton/filter/filter_test.go create mode 100644 internal/sync/singleton/singleton.go create mode 100644 internal/sync/singleton/singleton_test.go create mode 100644 pkg/must/json.go create mode 100644 pkg/must/json_test.go create mode 100644 pkg/utils/merge.go create mode 100644 pkg/utils/merge_test.go create mode 100644 test/e2e/e2e_suite_test.go create mode 100644 test/e2e/e2e_test.go create mode 100644 test/utils/utils.go diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..a3aab7a --- /dev/null +++ b/.dockerignore @@ -0,0 +1,3 @@ +# More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file +# Ignore build and test binaries. +bin/ diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..1984dcd --- /dev/null +++ b/.editorconfig @@ -0,0 +1,18 @@ +root = true + +[*] +charset = utf-8 +tab_width = 4 +indent_size = 4 +end_of_line = lf +indent_style = space +max_line_length = 120 +insert_final_newline = true +trim_trailing_whitespace = true + +[{*.go,*.go2}] +indent_style = tab + +[{*.yaml,*.yml}] +tab_width = 2 +indent_size = 2 diff --git a/.github/workflows/charts.yaml b/.github/workflows/charts.yaml new file mode 100644 index 0000000..d0249e9 --- /dev/null +++ b/.github/workflows/charts.yaml @@ -0,0 +1,69 @@ +name: Helm Charts + +on: + push: + tags: + - 'v*' + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +env: + HELM_CHART: mobius-manager + HELM_REPO: https://wjiec.github.io/mobius + +# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages +permissions: + contents: read + pages: write + id-token: write + +# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. +# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. +concurrency: + group: "pages" + cancel-in-progress: false + +jobs: + # Build job + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Setup Pages + uses: actions/configure-pages@v3 + + - name: Install helm + run: curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash + + - name: Download charts + run: | + helm repo add self $HELM_REPO || true + CHART_VERSIONS=$(helm search repo -l $HELM_CHART | awk '(NR>1) { print $2 }') + mkdir -p _build && cd _build + for CHART_VERSION in $CHART_VERSIONS; do helm pull self/$HELM_CHART --version $CHART_VERSION; done + + - name: Package + run: | + mkdir -p _build && cd _build + helm package ../charts/* + helm repo index . + + - name: Upload artifact + uses: actions/upload-pages-artifact@v2 + with: + path: ./_build + + # Deployment job + deploy: + environment: + name: github-pages + url: ${{ steps.deployment.outputs.page_url }} + runs-on: ubuntu-latest + needs: build + steps: + - name: Deploy to GitHub Pages + id: deployment + uses: actions/deploy-pages@v2 diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000..14205a5 --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,49 @@ +name: CI + +on: + push: + branches: + - main + pull_request: + branches: + - main + workflow_dispatch: {} + +jobs: + lint: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache-dependency-path: go.sum + + - name: Setup GO env + run: go env -w CGO_ENABLED=0 + + - name: Run Lints + run: make lint + + test: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache-dependency-path: go.sum + + - name: Setup GO env + run: go env -w CGO_ENABLED=0 + + - name: Run Tests + run: make test diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml new file mode 100644 index 0000000..430729b --- /dev/null +++ b/.github/workflows/docker.yaml @@ -0,0 +1,39 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# GitHub recommends pinning actions to a commit SHA. +# To get a newer version, you will need to update the SHA. +# You can also reference a tag or branch, but the action may change without warning. + +name: Docker Build + +on: + push: + tags: + - 'v*' + workflow_dispatch: + +jobs: + docker: + name: Builds the Docker image + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - id: meta + name: Extract metadata + uses: docker/metadata-action@v4 + with: + images: ${{ github.repository }} + + - name: Login to DockerHub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Build and push Docker image + run: make docker-buildx diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000000000000000000000000000000000000..3a4751a218d910367838a83c22f47f340eae4d41 GIT binary patch literal 814 zcmYL{!EPck42FBoQ+U-Ig3x`0RxA~2)vgxQ(@HdxF*6pKI7%{5dg!yS6Igo5Bz9u| z^ZCDpNAwttQ+l!9t}{ne`aT4Q3mzLMhv)U{0b`^VmAZwMWe>xcGN5naNV$i6WcV9Z z$=uwOJDYwS8gIxYrMHt3S(3v9xi=XG>iP^O1T+!IOAsM4XW$(eIItTBX}Vx5U!VWr zffBJ#v$vmjcS`RP9weMvrPqP8E5$CU4Gw{$iKkV@K{{`uNj=Kut=25^G+8eJ%YzmH z4t1sh2V;Bks9W}&L&PNYi{=GIw8Dc#xwMif8Rt%5BbtmY2#1J+B;bDe8&Yq+$vyl> zh-sfWs23DQaSv4zEZMaf)m1NC1e?%O+LzW3j^rOE8b9#7 ze#xhGPS(U_dvesMhWvb@gyJ6KPT*@BIi)%rl-WsIKuw_;$>sAD-#dm}ax?obWy-c( ze;soe>u}1Ty&4APzgbk(WX@D%XFV#rV^i7Q(1?&XF0aX!x{llkZ8 q_WDp)H)2aN*UD4mK`_yTUV0lxMrkp+tcPS-94}Chp{~OAOZ@}-QxnVp literal 0 HcmV?d00001 diff --git a/.golangci.yml b/.golangci.yml new file mode 100644 index 0000000..0d5bb57 --- /dev/null +++ b/.golangci.yml @@ -0,0 +1,44 @@ +run: + timeout: 5m + allow-parallel-runners: true + +issues: + # don't skip warning about doc comments + # don't exclude the default set of lint + exclude-use-default: false + # restore some of the defaults + # (fill in the rest as needed) + exclude-rules: + - path: "api/*" + linters: + - lll + - path: "internal/*" + linters: + - dupl + - lll + - path: "cmd/*" + linters: + - lll +linters: + disable-all: true + enable: + - dupl + - errcheck + - exportloopref + - ginkgolinter + - goconst + - gocyclo + - gofmt + - goimports + - gosimple + - govet + - ineffassign + - lll + - misspell + - nakedret + - prealloc + - staticcheck + - typecheck + - unconvert + - unparam + - unused diff --git a/.run/mobius-manager.run.xml b/.run/mobius-manager.run.xml new file mode 100644 index 0000000..575119f --- /dev/null +++ b/.run/mobius-manager.run.xml @@ -0,0 +1,12 @@ + + + + + + + + + + + + \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..c6d568d --- /dev/null +++ b/Dockerfile @@ -0,0 +1,37 @@ +# Build the manager binary +FROM golang:1.22 AS builder +ARG TARGETOS +ARG TARGETARCH + +WORKDIR /workspace +# Copy the Go Modules manifests +COPY go.mod go.sum ./ +# cache deps before building and copying source so that we don't need to re-download as much +# and so that source changes don't invalidate our downloaded layer +RUN go mod download + +# Copy the go source +COPY cmd/main.go cmd/main.go +COPY api/ api/ +COPY internal/ internal/ +COPY pkg/ pkg/ + +# Build +# the GOARCH has not a default value to allow the binary be built according to the host where the command +# was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO +# the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore, +# by leaving it empty we can ensure that the container and binary shipped on it will have the same platform. +RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager cmd/main.go + + +# Use distroless as minimal base image to package the manager binary +# Refer to https://github.com/GoogleContainerTools/distroless for more details +FROM gcr.io/distroless/static:nonroot + +WORKDIR / + +COPY --from=builder /workspace/manager . + +USER 65532:65532 + +ENTRYPOINT ["/manager"] diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..9fa24ee --- /dev/null +++ b/LICENSE @@ -0,0 +1,13 @@ +Copyright 2024 Jayson Wang. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. \ No newline at end of file diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..e559eb9 --- /dev/null +++ b/Makefile @@ -0,0 +1,206 @@ +# Image URL to use all building/pushing image targets +IMG ?= wjiec/mobius-manager:v0.1.0 +# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. +ENVTEST_K8S_VERSION = 1.30.0 + +# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) +ifeq (,$(shell go env GOBIN)) +GOBIN=$(shell go env GOPATH)/bin +else +GOBIN=$(shell go env GOBIN) +endif + +# CONTAINER_TOOL defines the container tool to be used for building images. +# Be aware that the target commands are only tested with Docker which is +# scaffolded by default. However, you might want to replace it to use other +# tools. (i.e. podman) +CONTAINER_TOOL ?= docker + +# Setting SHELL to bash allows bash commands to be executed by recipes. +# Options are set to exit when a recipe line exits non-zero or a piped command fails. +SHELL = /usr/bin/env bash -o pipefail +.SHELLFLAGS = -ec + +.PHONY: all +all: build + +##@ General + +# The help target prints out all targets with their descriptions organized +# beneath their categories. The categories are represented by '##@' and the +# target descriptions by '##'. The awk command is responsible for reading the +# entire set of makefiles included in this invocation, looking for lines of the +# file as xyz: ## something, and then pretty-format the target and help. Then, +# if there's a line with ##@ something, that gets pretty-printed as a category. +# More info on the usage of ANSI control characters for terminal formatting: +# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters +# More info on the awk command: +# http://linuxcommand.org/lc3_adv_awk.php + +.PHONY: help +help: ## Display this help. + @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) + +##@ Development + +.PHONY: manifests +manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. + $(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases + +.PHONY: generate +generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. + $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..." + +.PHONY: fmt +fmt: ## Run go fmt against code. + go fmt ./... + +.PHONY: vet +vet: ## Run go vet against code. + go vet ./... + +.PHONY: test +test: manifests generate fmt vet envtest ## Run tests. + KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test $$(go list ./... | grep -v /e2e) -coverprofile cover.out + +# Utilize Kind or modify the e2e tests to load the image locally, enabling compatibility with other vendors. +.PHONY: test-e2e # Run the e2e tests against a Kind k8s instance that is spun up. +test-e2e: + go test ./test/e2e/ -v -ginkgo.v + +.PHONY: lint +lint: golangci-lint ## Run golangci-lint linter + $(GOLANGCI_LINT) run + +.PHONY: lint-fix +lint-fix: golangci-lint ## Run golangci-lint linter and perform fixes + $(GOLANGCI_LINT) run --fix + +##@ Build + +.PHONY: build +build: manifests generate fmt vet ## Build manager binary. + go build -o bin/manager cmd/main.go + +.PHONY: run +run: manifests generate fmt vet ## Run a controller from your host. + go run ./cmd/main.go + +# If you wish to build the manager image targeting other platforms you can use the --platform flag. +# (i.e. docker build --platform linux/arm64). However, you must enable docker buildKit for it. +# More info: https://docs.docker.com/develop/develop-images/build_enhancements/ +.PHONY: docker-build +docker-build: ## Build docker image with the manager. + $(CONTAINER_TOOL) build -t ${IMG} . + +.PHONY: docker-push +docker-push: ## Push docker image with the manager. + $(CONTAINER_TOOL) push ${IMG} + +# PLATFORMS defines the target platforms for the manager image be built to provide support to multiple +# architectures. (i.e. make docker-buildx IMG=myregistry/mypoperator:0.0.1). To use this option you need to: +# - be able to use docker buildx. More info: https://docs.docker.com/build/buildx/ +# - have enabled BuildKit. More info: https://docs.docker.com/develop/develop-images/build_enhancements/ +# - be able to push the image to your registry (i.e. if you do not set a valid value via IMG=> then the export will fail) +# To adequately provide solutions that are compatible with multiple platforms, you should consider using this option. +PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le +.PHONY: docker-buildx +docker-buildx: ## Build and push docker image for the manager for cross-platform support + # copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile + sed -e '1 s/\(^FROM\)/FROM --platform=\$$\{BUILDPLATFORM\}/; t' -e ' 1,// s//FROM --platform=\$$\{BUILDPLATFORM\}/' Dockerfile > Dockerfile.cross + - $(CONTAINER_TOOL) buildx create --name mobius-builder + $(CONTAINER_TOOL) buildx use mobius-builder + - $(CONTAINER_TOOL) buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross . + - $(CONTAINER_TOOL) buildx rm mobius-builder + rm Dockerfile.cross + +.PHONY: build-installer +build-installer: manifests generate kustomize ## Generate a consolidated YAML with CRDs and deployment. + mkdir -p dist + cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} + $(KUSTOMIZE) build config/default > dist/install.yaml + +##@ Deployment + +ifndef ignore-not-found + ignore-not-found = false +endif + +.PHONY: install +install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config. + $(KUSTOMIZE) build config/crd | $(KUBECTL) apply -f - + +.PHONY: uninstall +uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. + $(KUSTOMIZE) build config/crd | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f - + +.PHONY: deploy +deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config. + cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} + $(KUSTOMIZE) build config/default | $(KUBECTL) apply -f - + +.PHONY: undeploy +undeploy: kustomize ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. + $(KUSTOMIZE) build config/default | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f - + +.PHONY: apply-samples +apply-samples: kustomize ## Apply samples manifests into the K8s cluster specified in ~/.kube/config. + $(KUSTOMIZE) build config/samples | $(KUBECTL) apply -f - + +.PHONY: helm-charts +helm-charts: kustomize ## Build the kubernetes manifest files and save them into a Helm chart. + $(KUSTOMIZE) build config/crd > charts/mobius-manager/templates/crd.yaml + +##@ Dependencies + +## Location to install dependencies to +LOCALBIN ?= $(shell pwd)/bin +$(LOCALBIN): + mkdir -p $(LOCALBIN) + +## Tool Binaries +KUBECTL ?= kubectl +KUSTOMIZE ?= $(LOCALBIN)/kustomize-$(KUSTOMIZE_VERSION) +CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen-$(CONTROLLER_TOOLS_VERSION) +ENVTEST ?= $(LOCALBIN)/setup-envtest-$(ENVTEST_VERSION) +GOLANGCI_LINT = $(LOCALBIN)/golangci-lint-$(GOLANGCI_LINT_VERSION) + +## Tool Versions +KUSTOMIZE_VERSION ?= v5.4.1 +CONTROLLER_TOOLS_VERSION ?= v0.15.0 +ENVTEST_VERSION ?= release-0.18 +GOLANGCI_LINT_VERSION ?= v1.57.2 + +.PHONY: kustomize +kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. +$(KUSTOMIZE): $(LOCALBIN) + $(call go-install-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/v5,$(KUSTOMIZE_VERSION)) + +.PHONY: controller-gen +controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. +$(CONTROLLER_GEN): $(LOCALBIN) + $(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen,$(CONTROLLER_TOOLS_VERSION)) + +.PHONY: envtest +envtest: $(ENVTEST) ## Download setup-envtest locally if necessary. +$(ENVTEST): $(LOCALBIN) + $(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest,$(ENVTEST_VERSION)) + +.PHONY: golangci-lint +golangci-lint: $(GOLANGCI_LINT) ## Download golangci-lint locally if necessary. +$(GOLANGCI_LINT): $(LOCALBIN) + $(call go-install-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/cmd/golangci-lint,${GOLANGCI_LINT_VERSION}) + +# go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist +# $1 - target path with name of binary (ideally with version) +# $2 - package url which can be installed +# $3 - specific version of package +define go-install-tool +@[ -f $(1) ] || { \ +set -e; \ +package=$(2)@$(3) ;\ +echo "Downloading $${package}" ;\ +GOBIN=$(LOCALBIN) go install $${package} ;\ +mv "$$(echo "$(1)" | sed "s/-$(3)$$//")" $(1) ;\ +} +endef diff --git a/PROJECT b/PROJECT new file mode 100644 index 0000000..73c574f --- /dev/null +++ b/PROJECT @@ -0,0 +1,20 @@ +# Code generated by tool. DO NOT EDIT. +# This file is used to track the info used to scaffold your project +# and allow the plugins properly work. +# More info: https://book.kubebuilder.io/reference/project-config.html +domain: laboys.org +layout: +- go.kubebuilder.io/v4 +projectName: mobius +repo: github.com/wjiec/mobius +resources: +- api: + crdVersion: v1 + namespaced: true + controller: true + domain: laboys.org + group: networking + kind: ExternalProxy + path: github.com/wjiec/mobius/api/networking/v1alpha1 + version: v1alpha1 +version: "3" diff --git a/README.md b/README.md new file mode 100644 index 0000000..513f879 --- /dev/null +++ b/README.md @@ -0,0 +1,73 @@ +# mobius +[![Go Report Card](https://goreportcard.com/badge/github.com/wjiec/mobius)](https://goreportcard.com/report/github.com/wjiec/mobius) +[![License](https://img.shields.io/badge/license-Apache%202-4EB1BA.svg)](https://www.apache.org/licenses/LICENSE-2.0.html) + + +## Introduction + +Mobius aims to better orchestrate services in a personal Homelab through kubernetes. + + +## Getting Started + +This tutorial will detail how to configure and install the mobius to your cluster. + +### Install mobius + +If you have Helm, you can deploy the mobius with the following command: +```bash +helm upgrade --install mobius-manager mobius-manager \ + --repo https://wjiec.github.io/mobius \ + --namespace mobius-manager --create-namespace +``` + +It will install the mobius in the mobius-manager namespace, creating that namespace if it doesn't already exist. + +### Configure a ExternalProxy + +Create this manifests locally and update something to your own. +```yaml +apiVersion: networking.laboys.org/v1alpha1 +kind: ExternalProxy +metadata: + name: openwrt +spec: + backends: + - addresses: + - ip: 172.16.1.1 + ports: + - name: http + port: 80 + service: + type: ClusterIP + ports: + - name: http + port: 80 + ingress: + rules: + - host: openwrt.home.lab + http: + paths: + - pathType: ImplementationSpecific + backend: + port: + name: http + tls: + - hosts: + - openwrt.home.lab + secretName: star-home-lab +``` + + +## Contributing + +We warmly welcome your participation in the development of Mobius. + +**NOTE:** Run `make help` for more information on all potential `make` targets + +More information can be found via the [Kubebuilder Documentation](https://book.kubebuilder.io/introduction.html) + + +## License + +Mobius is licensed under the Apache License, Version 2.0. See [LICENSE](LICENSE) for the full license text. diff --git a/api/networking/types.go b/api/networking/types.go new file mode 100644 index 0000000..bd63a0f --- /dev/null +++ b/api/networking/types.go @@ -0,0 +1,7 @@ +package networking + +const ( + // ExternalProxyRevisionAnnotationKey used to declare a "revision" of a dependent + // resource that belongs to the ExternalProxy resource. + ExternalProxyRevisionAnnotationKey = "networking.laboys.org/revision" +) diff --git a/api/networking/v1alpha1/externalproxy_types.go b/api/networking/v1alpha1/externalproxy_types.go new file mode 100644 index 0000000..da21004 --- /dev/null +++ b/api/networking/v1alpha1/externalproxy_types.go @@ -0,0 +1,191 @@ +/* +Copyright 2024 Jayson Wang. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + corev1 "k8s.io/api/core/v1" + networkingv1 "k8s.io/api/networking/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// ExternalProxySpec defines the desired state of ExternalProxy +type ExternalProxySpec struct { + Backends []ExternalProxyBackend `json:"backends"` + Service ExternalProxyService `json:"service,omitempty"` + Ingress *ExternalProxyIngress `json:"ingress,omitempty"` +} + +type ExternalProxyBackend struct { + Addresses []corev1.EndpointAddress `json:"addresses"` + Ports []corev1.EndpointPort `json:"ports"` +} + +type ExternalProxyService struct { + // Standard object's metadata. + // +kubebuilder:pruning:PreserveUnknownFields + // +kubebuilder:validation:Schemaless + metav1.ObjectMeta `json:"metadata,omitempty"` + + // The name of the Service, if empty the name of the ExternalProxy is used. + Name *string `json:"name,omitempty"` + + // type determines how the Service is exposed. Defaults to ClusterIP. + Type corev1.ServiceType `json:"type"` + + // The list of ports that are exposed by this service. + Ports []corev1.ServicePort `json:"ports"` +} + +type ExternalProxyIngress struct { + // Standard object's metadata. + // +kubebuilder:pruning:PreserveUnknownFields + // +kubebuilder:validation:Schemaless + metav1.ObjectMeta `json:"metadata,omitempty"` + + // ingressClassName is the name of an IngressClass cluster resource. + IngressClassName *string `json:"ingressClassName,omitempty"` + + // defaultBackend is the backend that should handle requests that don't + // match any rule. If Rules are not specified, DefaultBackend must be specified. + // If DefaultBackend is not set, the handling of requests that do not match any + // of the rules will be up to the Ingress controller. + // +optional + DefaultBackend *ExternalProxyIngressBackend `json:"defaultBackend,omitempty"` + + // tls represents the TLS configuration. Currently, the Ingress only supports a + // single TLS port, 443. If multiple members of this list specify different hosts, + // they will be multiplexed on the same port according to the hostname specified + // through the SNI TLS extension, if the ingress controller fulfilling the + // ingress supports SNI. + TLS []networkingv1.IngressTLS `json:"tls,omitempty"` + + // rules is a list of host rules used to configure the Ingress. If unspecified, + // or no rule matches, all traffic is sent to the default backend. + Rules []ExternalProxyIngressRule `json:"rules,omitempty"` +} + +type ExternalProxyIngressMetadata struct { + // Map of string keys and values that can be used to organize and categorize + // (scope and select) objects. May match selectors of replication controllers + // and services. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + // +optional + Labels map[string]string `json:"labels,omitempty" protobuf:"bytes,11,rep,name=labels"` + + // Annotations is an unstructured key value map stored with a resource that may be + // set by external tools to store and retrieve arbitrary metadata. They are not + // queryable and should be preserved when modifying objects. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations + // +optional + Annotations map[string]string `json:"annotations,omitempty" protobuf:"bytes,12,rep,name=annotations"` +} + +// ExternalProxyIngressRule represents the rules mapping the paths under a specified +// host to the related backend services. Incoming requests are first evaluated for a +// host match, then routed to the backend associated with the matching IngressRuleValue. +type ExternalProxyIngressRule struct { + // host is the fully qualified domain name of a network host, as defined by RFC 3986. + // + // Incoming requests are matched against the host before the IngressRuleValue. If the + // host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue. + Host string `json:"host,omitempty"` + + // http represents a rule to route requests for this ExternalProxyIngressRule. + // + // If unspecified, the rule defaults to a http catch-all. Whether that sends + // just traffic matching the host to the default backend or all traffic to the + // default backend, is left to the controller fulfilling the Ingress. + HTTP *ExternalProxyIngressHttpRuleValue `json:"http,omitempty"` +} + +// ExternalProxyIngressHttpRuleValue is a list of http selectors pointing to backends. +type ExternalProxyIngressHttpRuleValue struct { + // paths is a collection of paths that map requests to backends. + Paths []ExternalProxyIngressHttpPath `json:"paths"` +} + +// ExternalProxyIngressHttpPath associates a path with a backend. Incoming urls matching +// the path are forwarded to the backend. +type ExternalProxyIngressHttpPath struct { + // path is matched against the path of an incoming request. Currently, it can + // contain characters disallowed from the conventional "path" part of a URL + // as defined by RFC 3986. Paths must begin with a '/' and must be present + // when using PathType with value "Exact" or "Prefix". + Path string `json:"path,omitempty"` + + // pathType determines the interpretation of the path matching. + PathType *networkingv1.PathType `json:"pathType"` + + // backend defines the referenced service endpoint to which the traffic + // will be forwarded to. + Backend *ExternalProxyIngressBackend `json:"backend,omitempty"` +} + +// ExternalProxyIngressBackend describes all endpoints for a given service and port. +type ExternalProxyIngressBackend struct { + // port of the referenced service. A port name or port number + // is required for a ExternalProxyServiceBackendPort. + Port ExternalProxyServiceBackendPort `json:"port,omitempty"` +} + +// ExternalProxyServiceBackendPort is the service port being referenced. +type ExternalProxyServiceBackendPort struct { + // name is the name of the port on the Service. + // This is a mutually exclusive setting with "Number". + // +optional + Name string `json:"name,omitempty"` + + // number is the numerical port number (e.g. 80) on the Service. + // This is a mutually exclusive setting with "Name". + // +optional + Number int32 `json:"number,omitempty"` +} + +// ExternalProxyStatus defines the observed state of ExternalProxy +type ExternalProxyStatus struct { + Ready bool `json:"ready"` + ServiceName string `json:"serviceName"` + ObservedGeneration int64 `json:"observedGeneration"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:printcolumn:name="Ready",type=boolean,JSONPath=".status.ready" +// +kubebuilder:printcolumn:name="Service",type=string,JSONPath=".status.serviceName" +// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:subresource:status + +// ExternalProxy is the Schema for the externalproxies API +type ExternalProxy struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec ExternalProxySpec `json:"spec,omitempty"` + Status ExternalProxyStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// ExternalProxyList contains a list of ExternalProxy +type ExternalProxyList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []ExternalProxy `json:"items"` +} + +func init() { + SchemeBuilder.Register(&ExternalProxy{}, &ExternalProxyList{}) +} diff --git a/api/networking/v1alpha1/groupversion_info.go b/api/networking/v1alpha1/groupversion_info.go new file mode 100644 index 0000000..a4156ae --- /dev/null +++ b/api/networking/v1alpha1/groupversion_info.go @@ -0,0 +1,36 @@ +/* +Copyright 2024 Jayson Wang. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1alpha1 contains API Schema definitions for the networking v1alpha1 API group +// +kubebuilder:object:generate=true +// +groupName=networking.laboys.org +package v1alpha1 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +var ( + // GroupVersion is group version used to register these objects + GroupVersion = schema.GroupVersion{Group: "networking.laboys.org", Version: "v1alpha1"} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme + SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) diff --git a/api/networking/v1alpha1/zz_generated.deepcopy.go b/api/networking/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 0000000..6f36af8 --- /dev/null +++ b/api/networking/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,353 @@ +//go:build !ignore_autogenerated + +/* +Copyright 2024 Jayson Wang. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by controller-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "k8s.io/api/core/v1" + networkingv1 "k8s.io/api/networking/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalProxy) DeepCopyInto(out *ExternalProxy) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + out.Status = in.Status +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalProxy. +func (in *ExternalProxy) DeepCopy() *ExternalProxy { + if in == nil { + return nil + } + out := new(ExternalProxy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ExternalProxy) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalProxyBackend) DeepCopyInto(out *ExternalProxyBackend) { + *out = *in + if in.Addresses != nil { + in, out := &in.Addresses, &out.Addresses + *out = make([]v1.EndpointAddress, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Ports != nil { + in, out := &in.Ports, &out.Ports + *out = make([]v1.EndpointPort, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalProxyBackend. +func (in *ExternalProxyBackend) DeepCopy() *ExternalProxyBackend { + if in == nil { + return nil + } + out := new(ExternalProxyBackend) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalProxyIngress) DeepCopyInto(out *ExternalProxyIngress) { + *out = *in + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + if in.IngressClassName != nil { + in, out := &in.IngressClassName, &out.IngressClassName + *out = new(string) + **out = **in + } + if in.DefaultBackend != nil { + in, out := &in.DefaultBackend, &out.DefaultBackend + *out = new(ExternalProxyIngressBackend) + **out = **in + } + if in.TLS != nil { + in, out := &in.TLS, &out.TLS + *out = make([]networkingv1.IngressTLS, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Rules != nil { + in, out := &in.Rules, &out.Rules + *out = make([]ExternalProxyIngressRule, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalProxyIngress. +func (in *ExternalProxyIngress) DeepCopy() *ExternalProxyIngress { + if in == nil { + return nil + } + out := new(ExternalProxyIngress) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalProxyIngressBackend) DeepCopyInto(out *ExternalProxyIngressBackend) { + *out = *in + out.Port = in.Port +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalProxyIngressBackend. +func (in *ExternalProxyIngressBackend) DeepCopy() *ExternalProxyIngressBackend { + if in == nil { + return nil + } + out := new(ExternalProxyIngressBackend) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalProxyIngressHttpPath) DeepCopyInto(out *ExternalProxyIngressHttpPath) { + *out = *in + if in.PathType != nil { + in, out := &in.PathType, &out.PathType + *out = new(networkingv1.PathType) + **out = **in + } + if in.Backend != nil { + in, out := &in.Backend, &out.Backend + *out = new(ExternalProxyIngressBackend) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalProxyIngressHttpPath. +func (in *ExternalProxyIngressHttpPath) DeepCopy() *ExternalProxyIngressHttpPath { + if in == nil { + return nil + } + out := new(ExternalProxyIngressHttpPath) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalProxyIngressHttpRuleValue) DeepCopyInto(out *ExternalProxyIngressHttpRuleValue) { + *out = *in + if in.Paths != nil { + in, out := &in.Paths, &out.Paths + *out = make([]ExternalProxyIngressHttpPath, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalProxyIngressHttpRuleValue. +func (in *ExternalProxyIngressHttpRuleValue) DeepCopy() *ExternalProxyIngressHttpRuleValue { + if in == nil { + return nil + } + out := new(ExternalProxyIngressHttpRuleValue) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalProxyIngressMetadata) DeepCopyInto(out *ExternalProxyIngressMetadata) { + *out = *in + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Annotations != nil { + in, out := &in.Annotations, &out.Annotations + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalProxyIngressMetadata. +func (in *ExternalProxyIngressMetadata) DeepCopy() *ExternalProxyIngressMetadata { + if in == nil { + return nil + } + out := new(ExternalProxyIngressMetadata) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalProxyIngressRule) DeepCopyInto(out *ExternalProxyIngressRule) { + *out = *in + if in.HTTP != nil { + in, out := &in.HTTP, &out.HTTP + *out = new(ExternalProxyIngressHttpRuleValue) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalProxyIngressRule. +func (in *ExternalProxyIngressRule) DeepCopy() *ExternalProxyIngressRule { + if in == nil { + return nil + } + out := new(ExternalProxyIngressRule) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalProxyList) DeepCopyInto(out *ExternalProxyList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ExternalProxy, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalProxyList. +func (in *ExternalProxyList) DeepCopy() *ExternalProxyList { + if in == nil { + return nil + } + out := new(ExternalProxyList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ExternalProxyList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalProxyService) DeepCopyInto(out *ExternalProxyService) { + *out = *in + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Ports != nil { + in, out := &in.Ports, &out.Ports + *out = make([]v1.ServicePort, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalProxyService. +func (in *ExternalProxyService) DeepCopy() *ExternalProxyService { + if in == nil { + return nil + } + out := new(ExternalProxyService) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalProxyServiceBackendPort) DeepCopyInto(out *ExternalProxyServiceBackendPort) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalProxyServiceBackendPort. +func (in *ExternalProxyServiceBackendPort) DeepCopy() *ExternalProxyServiceBackendPort { + if in == nil { + return nil + } + out := new(ExternalProxyServiceBackendPort) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalProxySpec) DeepCopyInto(out *ExternalProxySpec) { + *out = *in + if in.Backends != nil { + in, out := &in.Backends, &out.Backends + *out = make([]ExternalProxyBackend, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + in.Service.DeepCopyInto(&out.Service) + if in.Ingress != nil { + in, out := &in.Ingress, &out.Ingress + *out = new(ExternalProxyIngress) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalProxySpec. +func (in *ExternalProxySpec) DeepCopy() *ExternalProxySpec { + if in == nil { + return nil + } + out := new(ExternalProxySpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalProxyStatus) DeepCopyInto(out *ExternalProxyStatus) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalProxyStatus. +func (in *ExternalProxyStatus) DeepCopy() *ExternalProxyStatus { + if in == nil { + return nil + } + out := new(ExternalProxyStatus) + in.DeepCopyInto(out) + return out +} diff --git a/charts/mobius-manager/.helmignore b/charts/mobius-manager/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/mobius-manager/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/mobius-manager/Chart.yaml b/charts/mobius-manager/Chart.yaml new file mode 100644 index 0000000..ccbeca4 --- /dev/null +++ b/charts/mobius-manager/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: mobius-manager +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v0.1.0" diff --git a/charts/mobius-manager/templates/NOTES.txt b/charts/mobius-manager/templates/NOTES.txt new file mode 100644 index 0000000..9163fa0 --- /dev/null +++ b/charts/mobius-manager/templates/NOTES.txt @@ -0,0 +1 @@ +Have a nice day :) diff --git a/charts/mobius-manager/templates/_helpers.tpl b/charts/mobius-manager/templates/_helpers.tpl new file mode 100644 index 0000000..88a7021 --- /dev/null +++ b/charts/mobius-manager/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "mobius-manager.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "mobius-manager.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "mobius-manager.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "mobius-manager.labels" -}} +helm.sh/chart: {{ include "mobius-manager.chart" . }} +{{ include "mobius-manager.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "mobius-manager.selectorLabels" -}} +app.kubernetes.io/name: {{ include "mobius-manager.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "mobius-manager.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "mobius-manager.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/mobius-manager/templates/crd.yaml b/charts/mobius-manager/templates/crd.yaml new file mode 100644 index 0000000..c9e9a14 --- /dev/null +++ b/charts/mobius-manager/templates/crd.yaml @@ -0,0 +1,435 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + labels: + {{- include "mobius-manager.labels" . | nindent 4 }} + name: externalproxies.networking.laboys.org +spec: + group: networking.laboys.org + names: + kind: ExternalProxy + listKind: ExternalProxyList + plural: externalproxies + singular: externalproxy + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.ready + name: Ready + type: boolean + - jsonPath: .status.serviceName + name: Service + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: ExternalProxy is the Schema for the externalproxies API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ExternalProxySpec defines the desired state of ExternalProxy + properties: + backends: + items: + properties: + addresses: + items: + description: EndpointAddress is a tuple that describes single + IP address. + properties: + hostname: + description: The Hostname of this endpoint + type: string + ip: + description: |- + The IP of this endpoint. + May not be loopback (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 or fe80::/10), + or link-local multicast (224.0.0.0/24 or ff02::/16). + type: string + nodeName: + description: 'Optional: Node hosting this endpoint. This + can be used to determine endpoints local to a node.' + type: string + targetRef: + description: Reference to object providing the endpoint. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ip + type: object + x-kubernetes-map-type: atomic + type: array + ports: + items: + description: EndpointPort is a tuple that describes a single + port. + properties: + appProtocol: + description: |- + The application protocol for this port. + This is used as a hint for implementations to offer richer behavior for protocols that they understand. + This field follows standard Kubernetes label syntax. + Valid values are either: + + + * Un-prefixed protocol names - reserved for IANA standard service names (as per + RFC-6335 and https://www.iana.org/assignments/service-names). + + + * Kubernetes-defined prefixed names: + * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + + + * Other protocols should use implementation-defined prefixed names such as + mycompany.com/my-custom-protocol. + type: string + name: + description: |- + The name of this port. This must match the 'name' field in the + corresponding ServicePort. + Must be a DNS_LABEL. + Optional only if one port is defined. + type: string + port: + description: The port number of the endpoint. + format: int32 + type: integer + protocol: + default: TCP + description: |- + The IP protocol for this port. + Must be UDP, TCP, or SCTP. + Default is TCP. + type: string + required: + - port + type: object + x-kubernetes-map-type: atomic + type: array + required: + - addresses + - ports + type: object + type: array + ingress: + properties: + defaultBackend: + description: |- + defaultBackend is the backend that should handle requests that don't + match any rule. If Rules are not specified, DefaultBackend must be specified. + If DefaultBackend is not set, the handling of requests that do not match any + of the rules will be up to the Ingress controller. + properties: + port: + description: |- + port of the referenced service. A port name or port number + is required for a ExternalProxyServiceBackendPort. + properties: + name: + description: |- + name is the name of the port on the Service. + This is a mutually exclusive setting with "Number". + type: string + number: + description: |- + number is the numerical port number (e.g. 80) on the Service. + This is a mutually exclusive setting with "Name". + format: int32 + type: integer + type: object + type: object + ingressClassName: + description: ingressClassName is the name of an IngressClass cluster + resource. + type: string + metadata: + description: Standard object's metadata. + x-kubernetes-preserve-unknown-fields: true + rules: + description: |- + rules is a list of host rules used to configure the Ingress. If unspecified, + or no rule matches, all traffic is sent to the default backend. + items: + description: |- + ExternalProxyIngressRule represents the rules mapping the paths under a specified + host to the related backend services. Incoming requests are first evaluated for a + host match, then routed to the backend associated with the matching IngressRuleValue. + properties: + host: + description: |- + host is the fully qualified domain name of a network host, as defined by RFC 3986. + + + Incoming requests are matched against the host before the IngressRuleValue. If the + host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue. + type: string + http: + description: |- + http represents a rule to route requests for this ExternalProxyIngressRule. + + + If unspecified, the rule defaults to a http catch-all. Whether that sends + just traffic matching the host to the default backend or all traffic to the + default backend, is left to the controller fulfilling the Ingress. + properties: + paths: + description: paths is a collection of paths that map + requests to backends. + items: + description: |- + ExternalProxyIngressHttpPath associates a path with a backend. Incoming urls matching + the path are forwarded to the backend. + properties: + backend: + description: |- + backend defines the referenced service endpoint to which the traffic + will be forwarded to. + properties: + port: + description: |- + port of the referenced service. A port name or port number + is required for a ExternalProxyServiceBackendPort. + properties: + name: + description: |- + name is the name of the port on the Service. + This is a mutually exclusive setting with "Number". + type: string + number: + description: |- + number is the numerical port number (e.g. 80) on the Service. + This is a mutually exclusive setting with "Name". + format: int32 + type: integer + type: object + type: object + path: + description: |- + path is matched against the path of an incoming request. Currently, it can + contain characters disallowed from the conventional "path" part of a URL + as defined by RFC 3986. Paths must begin with a '/' and must be present + when using PathType with value "Exact" or "Prefix". + type: string + pathType: + description: pathType determines the interpretation + of the path matching. + type: string + required: + - pathType + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: |- + tls represents the TLS configuration. Currently, the Ingress only supports a + single TLS port, 443. If multiple members of this list specify different hosts, + they will be multiplexed on the same port according to the hostname specified + through the SNI TLS extension, if the ingress controller fulfilling the + ingress supports SNI. + items: + description: IngressTLS describes the transport layer security + associated with an ingress. + properties: + hosts: + description: |- + hosts is a list of hosts included in the TLS certificate. The values in + this list must match the name/s used in the tlsSecret. Defaults to the + wildcard host setting for the loadbalancer controller fulfilling this + Ingress, if left unspecified. + items: + type: string + type: array + x-kubernetes-list-type: atomic + secretName: + description: |- + secretName is the name of the secret used to terminate TLS traffic on + port 443. Field is left optional to allow TLS routing based on SNI + hostname alone. If the SNI host in a listener conflicts with the "Host" + header field used by an IngressRule, the SNI host is used for termination + and value of the "Host" header is used for routing. + type: string + type: object + type: array + type: object + service: + properties: + metadata: + description: Standard object's metadata. + x-kubernetes-preserve-unknown-fields: true + name: + description: The name of the Service, if empty the name of the + ExternalProxy is used. + type: string + ports: + description: The list of ports that are exposed by this service. + items: + description: ServicePort contains information on service's port. + properties: + appProtocol: + description: |- + The application protocol for this port. + This is used as a hint for implementations to offer richer behavior for protocols that they understand. + This field follows standard Kubernetes label syntax. + Valid values are either: + + + * Un-prefixed protocol names - reserved for IANA standard service names (as per + RFC-6335 and https://www.iana.org/assignments/service-names). + + + * Kubernetes-defined prefixed names: + * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + + + * Other protocols should use implementation-defined prefixed names such as + mycompany.com/my-custom-protocol. + type: string + name: + description: |- + The name of this port within the service. This must be a DNS_LABEL. + All ports within a ServiceSpec must have unique names. When considering + the endpoints for a Service, this must match the 'name' field in the + EndpointPort. + Optional if only one ServicePort is defined on this service. + type: string + nodePort: + description: |- + The port on each node on which this service is exposed when type is + NodePort or LoadBalancer. Usually assigned by the system. If a value is + specified, in-range, and not in use it will be used, otherwise the + operation will fail. If not specified, a port will be allocated if this + Service requires one. If this field is specified when creating a + Service which does not need it, creation will fail. This field will be + wiped when updating a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). + More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: |- + The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". + Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named port in the + target Pod's container ports. If this is not specified, the value + of the 'port' field is used (an identity map). + This field is ignored for services with clusterIP=None, and should be + omitted or set equal to the 'port' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + type: + description: type determines how the Service is exposed. Defaults + to ClusterIP. + type: string + required: + - ports + - type + type: object + required: + - backends + type: object + status: + description: ExternalProxyStatus defines the observed state of ExternalProxy + properties: + observedGeneration: + format: int64 + type: integer + ready: + type: boolean + serviceName: + type: string + required: + - observedGeneration + - ready + - serviceName + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/mobius-manager/templates/deployment.yaml b/charts/mobius-manager/templates/deployment.yaml new file mode 100644 index 0000000..34ae869 --- /dev/null +++ b/charts/mobius-manager/templates/deployment.yaml @@ -0,0 +1,66 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "mobius-manager.fullname" . }} + labels: + {{- include "mobius-manager.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "mobius-manager.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "mobius-manager.labels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "mobius-manager.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: healthy + containerPort: {{ .Values.healthy.port }} + protocol: TCP + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 12 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.volumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.volumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/mobius-manager/templates/rbac.yaml b/charts/mobius-manager/templates/rbac.yaml new file mode 100644 index 0000000..41886ba --- /dev/null +++ b/charts/mobius-manager/templates/rbac.yaml @@ -0,0 +1,122 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Values.rbac.name }}-edit + labels: + {{- include "mobius-manager.labels" . | nindent 4 }} +rules: + - apiGroups: + - networking.laboys.org + resources: + - externalproxies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - networking.laboys.org + resources: + - externalproxies/status + verbs: + - get +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Values.rbac.name }}-view + labels: + {{- include "mobius-manager.labels" . | nindent 4 }} +rules: + - apiGroups: + - networking.laboys.org + resources: + - externalproxies + verbs: + - get + - list + - watch + - apiGroups: + - networking.laboys.org + resources: + - externalproxies/status + verbs: + - get +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Values.rbac.name }}-controller + labels: + {{- include "mobius-manager.labels" . | nindent 4 }} +rules: + - apiGroups: + - "" + resources: + - endpoints + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - networking.laboys.org + resources: + - externalproxies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - networking.laboys.org + resources: + - externalproxies/finalizers + verbs: + - update + - apiGroups: + - networking.laboys.org + resources: + - externalproxies/status + verbs: + - get + - patch + - update +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Values.rbac.name }}-controller + labels: + {{- include "mobius-manager.labels" . | nindent 4 }} +roleRef: + apiGroup: "" + kind: ClusterRole + name: {{ .Values.rbac.name }}-controller +subjects: + - apiGroup: "" + kind: ServiceAccount + name: {{ include "mobius-manager.fullname" . }} + namespace: {{ .Release.Namespace }} diff --git a/charts/mobius-manager/templates/serviceaccount.yaml b/charts/mobius-manager/templates/serviceaccount.yaml new file mode 100644 index 0000000..579f17b --- /dev/null +++ b/charts/mobius-manager/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "mobius-manager.serviceAccountName" . }} + labels: + {{- include "mobius-manager.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/charts/mobius-manager/values.yaml b/charts/mobius-manager/values.yaml new file mode 100644 index 0000000..931df14 --- /dev/null +++ b/charts/mobius-manager/values.yaml @@ -0,0 +1,86 @@ +# Default values for mobius-manager. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: wjiec/mobius-manager + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +healthy: + port: 8081 + +rbac: + name: mobius-manager + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "mobius-manager" + +podAnnotations: {} +podLabels: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +livenessProbe: + httpGet: + path: /healthz + port: healthy +readinessProbe: + httpGet: + path: /readyz + port: healthy + +# Additional volumes on the output Deployment definition. +volumes: [] +# - name: foo +# secret: +# secretName: mysecret +# optional: false + +# Additional volumeMounts on the output Deployment definition. +volumeMounts: [] +# - name: foo +# mountPath: "/etc/foo" +# readOnly: true + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/cmd/main.go b/cmd/main.go new file mode 100644 index 0000000..16a3e26 --- /dev/null +++ b/cmd/main.go @@ -0,0 +1,131 @@ +/* +Copyright 2024 Jayson Wang. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + "context" + "crypto/tls" + "flag" + "os" + + "k8s.io/apimachinery/pkg/runtime" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" + clientgoscheme "k8s.io/client-go/kubernetes/scheme" + _ "k8s.io/client-go/plugin/pkg/client/auth" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/healthz" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" + "sigs.k8s.io/controller-runtime/pkg/webhook" + + networkingv1alpha1 "github.com/wjiec/mobius/api/networking/v1alpha1" + networkingcontroller "github.com/wjiec/mobius/internal/controller/networking" + "github.com/wjiec/mobius/internal/fieldindex" + // +kubebuilder:scaffold:imports +) + +var ( + scheme = runtime.NewScheme() + setupLog = ctrl.Log.WithName("setup") +) + +func init() { + utilruntime.Must(clientgoscheme.AddToScheme(scheme)) + utilruntime.Must(networkingv1alpha1.AddToScheme(scheme)) + // +kubebuilder:scaffold:scheme +} + +func main() { + debug := flag.Bool("debug", false, "Enable debug logging") + metricsAddr := flag.String("metrics-bind-address", "0", "The address the metric endpoint binds to. Use the port :8080. If not set, it will be 0 in order to disable the metrics server") + probeAddr := flag.String("health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") + enableLeaderElection := flag.Bool("leader-elect", false, "Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager.") + secureMetrics := flag.Bool("metrics-secure", false, "If set the metrics endpoint is served securely") + enableHTTP2 := flag.Bool("enable-http2", false, "If set, HTTP/2 will be enabled for the metrics and webhook servers") + leaderElectionId := flag.String("leader-election-id", "mobius-manager", "Determines the name of the resource that leader election will use for holding the leader lock.") + + loggerOptions := zap.Options{Development: !*debug} + loggerOptions.BindFlags(flag.CommandLine) + flag.Parse() + + ctrl.SetLogger(zap.New(zap.UseFlagOptions(&loggerOptions))) + + // if the enable-http2 flag is false (the default), http/2 should be disabled + // due to its vulnerabilities. More specifically, disabling http/2 will + // prevent from being vulnerable to the HTTP/2 Stream Cancellation and + // Rapid Reset CVEs. For more information see: + // - https://github.com/advisories/GHSA-qppj-fm5r-hxr3 + // - https://github.com/advisories/GHSA-4374-p667-p6c8 + disableHTTP2 := func(c *tls.Config) { + setupLog.Info("disabling http/2") + c.NextProtos = []string{"http/1.1"} + } + + var tlsOpts []func(*tls.Config) + if !*enableHTTP2 { + tlsOpts = append(tlsOpts, disableHTTP2) + } + + webhookServer := webhook.NewServer(webhook.Options{ + TLSOpts: tlsOpts, + }) + + mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ + Scheme: scheme, + Metrics: metricsserver.Options{ + BindAddress: *metricsAddr, + SecureServing: *secureMetrics, + TLSOpts: tlsOpts, + }, + WebhookServer: webhookServer, + HealthProbeBindAddress: *probeAddr, + LeaderElection: *enableLeaderElection, + LeaderElectionID: *leaderElectionId, + }) + if err != nil { + setupLog.Error(err, "unable to start manager") + os.Exit(1) + } + + setupLog.Info("register field index") + if err = fieldindex.RegisterFieldIndexes(context.Background(), mgr.GetFieldIndexer()); err != nil { + setupLog.Error(err, "failed to register field index") + os.Exit(1) + } + + if err = networkingcontroller.NewExternalProxyReconciler(mgr.GetClient(), mgr.GetScheme()).SetupWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create controller", "controller", "ExternalProxy") + os.Exit(1) + } + + // +kubebuilder:scaffold:builder + + if err = mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil { + setupLog.Error(err, "unable to set up health check") + os.Exit(1) + } + if err = mgr.AddReadyzCheck("readyz", healthz.Ping); err != nil { + setupLog.Error(err, "unable to set up ready check") + os.Exit(1) + } + + setupLog.Info("starting manager") + if err = mgr.Start(ctrl.SetupSignalHandler()); err != nil { + setupLog.Error(err, "problem running manager") + os.Exit(1) + } +} diff --git a/config/crd/bases/networking.laboys.org_externalproxies.yaml b/config/crd/bases/networking.laboys.org_externalproxies.yaml new file mode 100644 index 0000000..3b92a27 --- /dev/null +++ b/config/crd/bases/networking.laboys.org_externalproxies.yaml @@ -0,0 +1,434 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.15.0 + name: externalproxies.networking.laboys.org +spec: + group: networking.laboys.org + names: + kind: ExternalProxy + listKind: ExternalProxyList + plural: externalproxies + singular: externalproxy + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.ready + name: Ready + type: boolean + - jsonPath: .status.serviceName + name: Service + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: ExternalProxy is the Schema for the externalproxies API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ExternalProxySpec defines the desired state of ExternalProxy + properties: + backends: + items: + properties: + addresses: + items: + description: EndpointAddress is a tuple that describes single + IP address. + properties: + hostname: + description: The Hostname of this endpoint + type: string + ip: + description: |- + The IP of this endpoint. + May not be loopback (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 or fe80::/10), + or link-local multicast (224.0.0.0/24 or ff02::/16). + type: string + nodeName: + description: 'Optional: Node hosting this endpoint. This + can be used to determine endpoints local to a node.' + type: string + targetRef: + description: Reference to object providing the endpoint. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + required: + - ip + type: object + x-kubernetes-map-type: atomic + type: array + ports: + items: + description: EndpointPort is a tuple that describes a single + port. + properties: + appProtocol: + description: |- + The application protocol for this port. + This is used as a hint for implementations to offer richer behavior for protocols that they understand. + This field follows standard Kubernetes label syntax. + Valid values are either: + + + * Un-prefixed protocol names - reserved for IANA standard service names (as per + RFC-6335 and https://www.iana.org/assignments/service-names). + + + * Kubernetes-defined prefixed names: + * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + + + * Other protocols should use implementation-defined prefixed names such as + mycompany.com/my-custom-protocol. + type: string + name: + description: |- + The name of this port. This must match the 'name' field in the + corresponding ServicePort. + Must be a DNS_LABEL. + Optional only if one port is defined. + type: string + port: + description: The port number of the endpoint. + format: int32 + type: integer + protocol: + default: TCP + description: |- + The IP protocol for this port. + Must be UDP, TCP, or SCTP. + Default is TCP. + type: string + required: + - port + type: object + x-kubernetes-map-type: atomic + type: array + required: + - addresses + - ports + type: object + type: array + ingress: + properties: + defaultBackend: + description: |- + defaultBackend is the backend that should handle requests that don't + match any rule. If Rules are not specified, DefaultBackend must be specified. + If DefaultBackend is not set, the handling of requests that do not match any + of the rules will be up to the Ingress controller. + properties: + port: + description: |- + port of the referenced service. A port name or port number + is required for a ExternalProxyServiceBackendPort. + properties: + name: + description: |- + name is the name of the port on the Service. + This is a mutually exclusive setting with "Number". + type: string + number: + description: |- + number is the numerical port number (e.g. 80) on the Service. + This is a mutually exclusive setting with "Name". + format: int32 + type: integer + type: object + type: object + ingressClassName: + description: ingressClassName is the name of an IngressClass cluster + resource. + type: string + metadata: + description: Standard object's metadata. + x-kubernetes-preserve-unknown-fields: true + rules: + description: |- + rules is a list of host rules used to configure the Ingress. If unspecified, + or no rule matches, all traffic is sent to the default backend. + items: + description: |- + ExternalProxyIngressRule represents the rules mapping the paths under a specified + host to the related backend services. Incoming requests are first evaluated for a + host match, then routed to the backend associated with the matching IngressRuleValue. + properties: + host: + description: |- + host is the fully qualified domain name of a network host, as defined by RFC 3986. + + + Incoming requests are matched against the host before the IngressRuleValue. If the + host is unspecified, the Ingress routes all traffic based on the specified IngressRuleValue. + type: string + http: + description: |- + http represents a rule to route requests for this ExternalProxyIngressRule. + + + If unspecified, the rule defaults to a http catch-all. Whether that sends + just traffic matching the host to the default backend or all traffic to the + default backend, is left to the controller fulfilling the Ingress. + properties: + paths: + description: paths is a collection of paths that map + requests to backends. + items: + description: |- + ExternalProxyIngressHttpPath associates a path with a backend. Incoming urls matching + the path are forwarded to the backend. + properties: + backend: + description: |- + backend defines the referenced service endpoint to which the traffic + will be forwarded to. + properties: + port: + description: |- + port of the referenced service. A port name or port number + is required for a ExternalProxyServiceBackendPort. + properties: + name: + description: |- + name is the name of the port on the Service. + This is a mutually exclusive setting with "Number". + type: string + number: + description: |- + number is the numerical port number (e.g. 80) on the Service. + This is a mutually exclusive setting with "Name". + format: int32 + type: integer + type: object + type: object + path: + description: |- + path is matched against the path of an incoming request. Currently, it can + contain characters disallowed from the conventional "path" part of a URL + as defined by RFC 3986. Paths must begin with a '/' and must be present + when using PathType with value "Exact" or "Prefix". + type: string + pathType: + description: pathType determines the interpretation + of the path matching. + type: string + required: + - pathType + type: object + type: array + required: + - paths + type: object + type: object + type: array + tls: + description: |- + tls represents the TLS configuration. Currently, the Ingress only supports a + single TLS port, 443. If multiple members of this list specify different hosts, + they will be multiplexed on the same port according to the hostname specified + through the SNI TLS extension, if the ingress controller fulfilling the + ingress supports SNI. + items: + description: IngressTLS describes the transport layer security + associated with an ingress. + properties: + hosts: + description: |- + hosts is a list of hosts included in the TLS certificate. The values in + this list must match the name/s used in the tlsSecret. Defaults to the + wildcard host setting for the loadbalancer controller fulfilling this + Ingress, if left unspecified. + items: + type: string + type: array + x-kubernetes-list-type: atomic + secretName: + description: |- + secretName is the name of the secret used to terminate TLS traffic on + port 443. Field is left optional to allow TLS routing based on SNI + hostname alone. If the SNI host in a listener conflicts with the "Host" + header field used by an IngressRule, the SNI host is used for termination + and value of the "Host" header is used for routing. + type: string + type: object + type: array + type: object + service: + properties: + metadata: + description: Standard object's metadata. + x-kubernetes-preserve-unknown-fields: true + name: + description: The name of the Service, if empty the name of the + ExternalProxy is used. + type: string + ports: + description: The list of ports that are exposed by this service. + items: + description: ServicePort contains information on service's port. + properties: + appProtocol: + description: |- + The application protocol for this port. + This is used as a hint for implementations to offer richer behavior for protocols that they understand. + This field follows standard Kubernetes label syntax. + Valid values are either: + + + * Un-prefixed protocol names - reserved for IANA standard service names (as per + RFC-6335 and https://www.iana.org/assignments/service-names). + + + * Kubernetes-defined prefixed names: + * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior- + * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455 + * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455 + + + * Other protocols should use implementation-defined prefixed names such as + mycompany.com/my-custom-protocol. + type: string + name: + description: |- + The name of this port within the service. This must be a DNS_LABEL. + All ports within a ServiceSpec must have unique names. When considering + the endpoints for a Service, this must match the 'name' field in the + EndpointPort. + Optional if only one ServicePort is defined on this service. + type: string + nodePort: + description: |- + The port on each node on which this service is exposed when type is + NodePort or LoadBalancer. Usually assigned by the system. If a value is + specified, in-range, and not in use it will be used, otherwise the + operation will fail. If not specified, a port will be allocated if this + Service requires one. If this field is specified when creating a + Service which does not need it, creation will fail. This field will be + wiped when updating a Service to no longer need it (e.g. changing type + from NodePort to ClusterIP). + More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + format: int32 + type: integer + port: + description: The port that will be exposed by this service. + format: int32 + type: integer + protocol: + default: TCP + description: |- + The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". + Default is TCP. + type: string + targetPort: + anyOf: + - type: integer + - type: string + description: |- + Number or name of the port to access on the pods targeted by the service. + Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. + If this is a string, it will be looked up as a named port in the + target Pod's container ports. If this is not specified, the value + of the 'port' field is used (an identity map). + This field is ignored for services with clusterIP=None, and should be + omitted or set equal to the 'port' field. + More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service + x-kubernetes-int-or-string: true + required: + - port + type: object + type: array + type: + description: type determines how the Service is exposed. Defaults + to ClusterIP. + type: string + required: + - ports + - type + type: object + required: + - backends + type: object + status: + description: ExternalProxyStatus defines the observed state of ExternalProxy + properties: + observedGeneration: + format: int64 + type: integer + ready: + type: boolean + serviceName: + type: string + required: + - observedGeneration + - ready + - serviceName + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml new file mode 100644 index 0000000..fba4393 --- /dev/null +++ b/config/crd/kustomization.yaml @@ -0,0 +1,23 @@ +# This kustomization.yaml is not intended to be run by itself, +# since it depends on service name and namespace that are out of this kustomize package. +# It should be run by config/default +resources: +- bases/networking.laboys.org_externalproxies.yaml +# +kubebuilder:scaffold:crdkustomizeresource + +patches: +# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. +# patches here are for enabling the conversion webhook for each CRD +# +kubebuilder:scaffold:crdkustomizewebhookpatch + +# [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix. +# patches here are for enabling the CA injection for each CRD +#- path: patches/cainjection_in_externalproxies.yaml +#- path: patches/cainjection_in_networking_externalproxies.yaml +# +kubebuilder:scaffold:crdkustomizecainjectionpatch + +# [WEBHOOK] To enable webhook, uncomment the following section +# the following config is for teaching kustomize how to do kustomization for CRDs. + +#configurations: +#- kustomizeconfig.yaml diff --git a/config/crd/kustomizeconfig.yaml b/config/crd/kustomizeconfig.yaml new file mode 100644 index 0000000..ec5c150 --- /dev/null +++ b/config/crd/kustomizeconfig.yaml @@ -0,0 +1,19 @@ +# This file is for teaching kustomize how to substitute name and namespace reference in CRD +nameReference: +- kind: Service + version: v1 + fieldSpecs: + - kind: CustomResourceDefinition + version: v1 + group: apiextensions.k8s.io + path: spec/conversion/webhook/clientConfig/service/name + +namespace: +- kind: CustomResourceDefinition + version: v1 + group: apiextensions.k8s.io + path: spec/conversion/webhook/clientConfig/service/namespace + create: false + +varReference: +- path: metadata/annotations diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml new file mode 100644 index 0000000..4c90009 --- /dev/null +++ b/config/default/kustomization.yaml @@ -0,0 +1,147 @@ +# Adds namespace to all resources. +namespace: mobius-system + +# Value of this field is prepended to the +# names of all resources, e.g. a deployment named +# "wordpress" becomes "alices-wordpress". +# Note that it should also match with the prefix (text before '-') of the namespace +# field above. +namePrefix: mobius- + +# Labels to add to all resources and selectors. +#labels: +#- includeSelectors: true +# pairs: +# someName: someValue + +resources: +- ../crd +- ../rbac +- ../manager +# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in +# crd/kustomization.yaml +#- ../webhook +# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. +#- ../certmanager +# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. +#- ../prometheus +# [METRICS] To enable the controller manager metrics service, uncomment the following line. +#- metrics_service.yaml + +# Uncomment the patches line if you enable Metrics, and/or are using webhooks and cert-manager +#patches: +# [METRICS] The following patch will enable the metrics endpoint. Ensure that you also protect this endpoint. +# More info: https://book.kubebuilder.io/reference/metrics +# If you want to expose the metric endpoint of your controller-manager uncomment the following line. +#- path: manager_metrics_patch.yaml +# target: +# kind: Deployment + +# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in +# crd/kustomization.yaml +#- path: manager_webhook_patch.yaml + +# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. +# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. +# 'CERTMANAGER' needs to be enabled to use ca injection +#- path: webhookcainjection_patch.yaml + +# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. +# Uncomment the following replacements to add the cert-manager CA injection annotations +#replacements: +# - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs +# kind: Certificate +# group: cert-manager.io +# version: v1 +# name: serving-cert # this name should match the one in certificate.yaml +# fieldPath: .metadata.namespace # namespace of the certificate CR +# targets: +# - select: +# kind: ValidatingWebhookConfiguration +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 0 +# create: true +# - select: +# kind: MutatingWebhookConfiguration +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 0 +# create: true +# - select: +# kind: CustomResourceDefinition +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 0 +# create: true +# - source: +# kind: Certificate +# group: cert-manager.io +# version: v1 +# name: serving-cert # this name should match the one in certificate.yaml +# fieldPath: .metadata.name +# targets: +# - select: +# kind: ValidatingWebhookConfiguration +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 1 +# create: true +# - select: +# kind: MutatingWebhookConfiguration +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 1 +# create: true +# - select: +# kind: CustomResourceDefinition +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 1 +# create: true +# - source: # Add cert-manager annotation to the webhook Service +# kind: Service +# version: v1 +# name: webhook-service +# fieldPath: .metadata.name # namespace of the service +# targets: +# - select: +# kind: Certificate +# group: cert-manager.io +# version: v1 +# fieldPaths: +# - .spec.dnsNames.0 +# - .spec.dnsNames.1 +# options: +# delimiter: '.' +# index: 0 +# create: true +# - source: +# kind: Service +# version: v1 +# name: webhook-service +# fieldPath: .metadata.namespace # namespace of the service +# targets: +# - select: +# kind: Certificate +# group: cert-manager.io +# version: v1 +# fieldPaths: +# - .spec.dnsNames.0 +# - .spec.dnsNames.1 +# options: +# delimiter: '.' +# index: 1 +# create: true diff --git a/config/default/manager_metrics_patch.yaml b/config/default/manager_metrics_patch.yaml new file mode 100644 index 0000000..6c546ae --- /dev/null +++ b/config/default/manager_metrics_patch.yaml @@ -0,0 +1,4 @@ +# This patch adds the args to allow exposing the metrics endpoint securely +- op: add + path: /spec/template/spec/containers/0/args/0 + value: --metrics-bind-address=:8080 diff --git a/config/default/metrics_service.yaml b/config/default/metrics_service.yaml new file mode 100644 index 0000000..8a514c5 --- /dev/null +++ b/config/default/metrics_service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + app.kubernetes.io/name: mobius + app.kubernetes.io/managed-by: kustomize + name: controller-manager-metrics-service + namespace: system +spec: + ports: + - name: http + port: 8080 + protocol: TCP + targetPort: 8080 + selector: + control-plane: controller-manager diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml new file mode 100644 index 0000000..5c5f0b8 --- /dev/null +++ b/config/manager/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- manager.yaml diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml new file mode 100644 index 0000000..2c5af8a --- /dev/null +++ b/config/manager/manager.yaml @@ -0,0 +1,95 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + control-plane: controller-manager + app.kubernetes.io/name: mobius + app.kubernetes.io/managed-by: kustomize + name: system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system + labels: + control-plane: controller-manager + app.kubernetes.io/name: mobius + app.kubernetes.io/managed-by: kustomize +spec: + selector: + matchLabels: + control-plane: controller-manager + replicas: 1 + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + # TODO(user): Uncomment the following code to configure the nodeAffinity expression + # according to the platforms which are supported by your solution. + # It is considered best practice to support multiple architectures. You can + # build your manager image using the makefile target docker-buildx. + # affinity: + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/arch + # operator: In + # values: + # - amd64 + # - arm64 + # - ppc64le + # - s390x + # - key: kubernetes.io/os + # operator: In + # values: + # - linux + securityContext: + runAsNonRoot: true + # TODO(user): For common cases that do not require escalating privileges + # it is recommended to ensure that all your Pods/Containers are restrictive. + # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted + # Please uncomment the following code if your project does NOT have to work on old Kubernetes + # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ). + # seccompProfile: + # type: RuntimeDefault + containers: + - command: + - /manager + args: + - --leader-elect + - --health-probe-bind-address=:8081 + image: controller:latest + name: manager + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + # TODO(user): Configure the resources accordingly based on the project requirements. + # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + serviceAccountName: controller-manager + terminationGracePeriodSeconds: 10 diff --git a/config/prometheus/kustomization.yaml b/config/prometheus/kustomization.yaml new file mode 100644 index 0000000..ed13716 --- /dev/null +++ b/config/prometheus/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- monitor.yaml diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml new file mode 100644 index 0000000..a603296 --- /dev/null +++ b/config/prometheus/monitor.yaml @@ -0,0 +1,18 @@ +# Prometheus Monitor Service (Metrics) +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + control-plane: controller-manager + app.kubernetes.io/name: mobius + app.kubernetes.io/managed-by: kustomize + name: controller-manager-metrics-monitor + namespace: system +spec: + endpoints: + - path: /metrics + port: http # Ensure this is the name of the port that exposes HTTP metrics + scheme: http + selector: + matchLabels: + control-plane: controller-manager diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml new file mode 100644 index 0000000..f0b4b3d --- /dev/null +++ b/config/rbac/kustomization.yaml @@ -0,0 +1,19 @@ +resources: +# All RBAC will be applied under this service account in +# the deployment namespace. You may comment out this resource +# if your manager will use a service account that exists at +# runtime. Be sure to update RoleBinding and ClusterRoleBinding +# subjects if changing service account names. +- service_account.yaml +- role.yaml +- role_binding.yaml +- leader_election_role.yaml +- leader_election_role_binding.yaml +# For each CRD, "Editor" and "Viewer" roles are scaffolded by +# default, aiding admins in cluster management. Those roles are +# not used by the Project itself. You can comment the following lines +# if you do not want those helpers be installed with your Project. +- networking_externalproxy_editor_role.yaml +- networking_externalproxy_viewer_role.yaml + + diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml new file mode 100644 index 0000000..ab471e5 --- /dev/null +++ b/config/rbac/leader_election_role.yaml @@ -0,0 +1,40 @@ +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/name: mobius + app.kubernetes.io/managed-by: kustomize + name: leader-election-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml new file mode 100644 index 0000000..37ec47f --- /dev/null +++ b/config/rbac/leader_election_role_binding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/name: mobius + app.kubernetes.io/managed-by: kustomize + name: leader-election-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: leader-election-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/config/rbac/networking_externalproxy_editor_role.yaml b/config/rbac/networking_externalproxy_editor_role.yaml new file mode 100644 index 0000000..0f9af20 --- /dev/null +++ b/config/rbac/networking_externalproxy_editor_role.yaml @@ -0,0 +1,27 @@ +# permissions for end users to edit externalproxies. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: mobius + app.kubernetes.io/managed-by: kustomize + name: networking-externalproxy-editor-role +rules: +- apiGroups: + - networking.laboys.org + resources: + - externalproxies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - networking.laboys.org + resources: + - externalproxies/status + verbs: + - get diff --git a/config/rbac/networking_externalproxy_viewer_role.yaml b/config/rbac/networking_externalproxy_viewer_role.yaml new file mode 100644 index 0000000..7d54f4b --- /dev/null +++ b/config/rbac/networking_externalproxy_viewer_role.yaml @@ -0,0 +1,23 @@ +# permissions for end users to view externalproxies. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: mobius + app.kubernetes.io/managed-by: kustomize + name: networking-externalproxy-viewer-role +rules: +- apiGroups: + - networking.laboys.org + resources: + - externalproxies + verbs: + - get + - list + - watch +- apiGroups: + - networking.laboys.org + resources: + - externalproxies/status + verbs: + - get diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml new file mode 100644 index 0000000..1b273a4 --- /dev/null +++ b/config/rbac/role.yaml @@ -0,0 +1,68 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: manager-role +rules: +- apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - networking.laboys.org + resources: + - externalproxies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - networking.laboys.org + resources: + - externalproxies/finalizers + verbs: + - update +- apiGroups: + - networking.laboys.org + resources: + - externalproxies/status + verbs: + - get + - patch + - update diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml new file mode 100644 index 0000000..6e19a96 --- /dev/null +++ b/config/rbac/role_binding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: mobius + app.kubernetes.io/managed-by: kustomize + name: manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: manager-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml new file mode 100644 index 0000000..e4b62b6 --- /dev/null +++ b/config/rbac/service_account.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: mobius + app.kubernetes.io/managed-by: kustomize + name: controller-manager + namespace: system diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml new file mode 100644 index 0000000..18e1c58 --- /dev/null +++ b/config/samples/kustomization.yaml @@ -0,0 +1,3 @@ +resources: +- networking_v1alpha1_externalproxy.yaml +# +kubebuilder:scaffold:manifestskustomizesamples diff --git a/config/samples/networking_v1alpha1_externalproxy.yaml b/config/samples/networking_v1alpha1_externalproxy.yaml new file mode 100644 index 0000000..d328267 --- /dev/null +++ b/config/samples/networking_v1alpha1_externalproxy.yaml @@ -0,0 +1,34 @@ +apiVersion: networking.laboys.org/v1alpha1 +kind: ExternalProxy +metadata: + labels: + app.kubernetes.io/name: mobius + app.kubernetes.io/managed-by: kustomize + name: externalproxy-sample +spec: + backends: + - addresses: + - ip: 192.168.1.1 + ports: + - port: 80 + name: http + service: + name: openwrt + type: ClusterIP + ports: + - name: http + port: 80 + ingress: + rules: + - host: router.laboys.org + http: + paths: + - pathType: ImplementationSpecific + backend: + port: + name: http + tls: + - hosts: + - router.laboys.org + secretName: star-laboys-org + diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..817cf7a --- /dev/null +++ b/go.mod @@ -0,0 +1,78 @@ +module github.com/wjiec/mobius + +go 1.22.0 + +toolchain go1.22.5 + +require ( + github.com/go-logr/logr v1.4.1 + github.com/hashicorp/go-multierror v1.1.1 + github.com/onsi/ginkgo/v2 v2.17.1 + github.com/onsi/gomega v1.32.0 + github.com/stretchr/testify v1.8.4 + k8s.io/api v0.30.0 + k8s.io/apimachinery v0.30.0 + k8s.io/client-go v0.30.0 + k8s.io/klog/v2 v2.120.1 + k8s.io/utils v0.0.0-20230726121419-3b25d923346b + sigs.k8s.io/controller-runtime v0.18.2 +) + +require ( + github.com/beorn7/perks v1.0.1 // indirect + github.com/cespare/xxhash/v2 v2.2.0 // indirect + github.com/davecgh/go-spew v1.1.1 // indirect + github.com/emicklei/go-restful/v3 v3.11.0 // indirect + github.com/evanphx/json-patch/v5 v5.9.0 // indirect + github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/go-logr/zapr v1.3.0 // indirect + github.com/go-openapi/jsonpointer v0.19.6 // indirect + github.com/go-openapi/jsonreference v0.20.2 // indirect + github.com/go-openapi/swag v0.22.3 // indirect + github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect + github.com/gogo/protobuf v1.3.2 // indirect + github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect + github.com/golang/protobuf v1.5.4 // indirect + github.com/google/gnostic-models v0.6.8 // indirect + github.com/google/go-cmp v0.6.0 // indirect + github.com/google/gofuzz v1.2.0 // indirect + github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect + github.com/google/uuid v1.3.0 // indirect + github.com/hashicorp/errwrap v1.0.0 // indirect + github.com/imdario/mergo v0.3.6 // indirect + github.com/josharian/intern v1.0.0 // indirect + github.com/json-iterator/go v1.1.12 // indirect + github.com/mailru/easyjson v0.7.7 // indirect + github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect + github.com/pkg/errors v0.9.1 // indirect + github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/prometheus/client_golang v1.16.0 // indirect + github.com/prometheus/client_model v0.4.0 // indirect + github.com/prometheus/common v0.44.0 // indirect + github.com/prometheus/procfs v0.12.0 // indirect + github.com/spf13/pflag v1.0.5 // indirect + go.uber.org/multierr v1.11.0 // indirect + go.uber.org/zap v1.26.0 // indirect + golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect + golang.org/x/net v0.23.0 // indirect + golang.org/x/oauth2 v0.12.0 // indirect + golang.org/x/sys v0.18.0 // indirect + golang.org/x/term v0.18.0 // indirect + golang.org/x/text v0.14.0 // indirect + golang.org/x/time v0.3.0 // indirect + golang.org/x/tools v0.18.0 // indirect + gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect + google.golang.org/appengine v1.6.7 // indirect + google.golang.org/protobuf v1.33.0 // indirect + gopkg.in/inf.v0 v0.9.1 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect + k8s.io/apiextensions-apiserver v0.30.0 // indirect + k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect + sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect + sigs.k8s.io/yaml v1.3.0 // indirect +) diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..7328e34 --- /dev/null +++ b/go.sum @@ -0,0 +1,204 @@ +github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= +github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= +github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= +github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= +github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= +github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= +github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= +github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= +github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= +github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= +github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= +github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= +github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= +github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= +github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= +github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= +github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= +github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= +github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= +github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= +github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= +github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= +github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= +github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= +github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= +github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= +github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= +github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28= +github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= +github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= +github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= +github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8= +github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= +github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk= +github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8= +github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc= +github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY= +github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= +github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY= +github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY= +github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= +github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= +github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= +github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= +go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= +go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= +go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= +go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= +go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e h1:+WEEuIdZHnUeJJmEUjyYC2gfUMj69yZXw17EnHg/otA= +golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e/go.mod h1:Kr81I6Kryrl9sr8s2FK3vxD90NdsKWRuOIl2O4CvYbA= +golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= +golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/oauth2 v0.12.0 h1:smVPGxink+n1ZI5pkQa8y6fZT0RW0MgCO5bFpepy4B4= +golang.org/x/oauth2 v0.12.0/go.mod h1:A74bZ3aGXgCY0qaIC9Ahg6Lglin4AMAco8cIv9baba4= +golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= +golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ= +golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= +gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= +google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= +google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= +google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= +gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA= +k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE= +k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs= +k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y= +k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= +k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= +k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= +k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= +k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= +k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= +k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/controller-runtime v0.18.2 h1:RqVW6Kpeaji67CY5nPEfRz6ZfFMk0lWQlNrLqlNpx+Q= +sigs.k8s.io/controller-runtime v0.18.2/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= +sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= +sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= diff --git a/hack/boilerplate.go.txt b/hack/boilerplate.go.txt new file mode 100644 index 0000000..a37da9c --- /dev/null +++ b/hack/boilerplate.go.txt @@ -0,0 +1,15 @@ +/* +Copyright 2024 Jayson Wang. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ \ No newline at end of file diff --git a/internal/controller/networking/externalproxy_controller.go b/internal/controller/networking/externalproxy_controller.go new file mode 100644 index 0000000..8ece0f6 --- /dev/null +++ b/internal/controller/networking/externalproxy_controller.go @@ -0,0 +1,294 @@ +/* +Copyright 2024 Jayson Wang. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package networking + +import ( + "context" + "flag" + "slices" + "time" + + corev1 "k8s.io/api/core/v1" + networkingv1 "k8s.io/api/networking/v1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/runtime" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/builder" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/controller" + "sigs.k8s.io/controller-runtime/pkg/log" + "sigs.k8s.io/controller-runtime/pkg/predicate" + "sigs.k8s.io/controller-runtime/pkg/reconcile" + + "github.com/wjiec/mobius/internal/expectations" + "github.com/wjiec/mobius/internal/fieldindex" + "github.com/wjiec/mobius/internal/patch" + "github.com/wjiec/mobius/internal/sync/singleton" + "github.com/wjiec/mobius/internal/sync/singleton/filter" + "github.com/wjiec/mobius/pkg/utils" +) + +func init() { + flag.IntVar(&concurrentReconciles, "externalproxy-workers", concurrentReconciles, "Max concurrent workers for ExternalProxy controller") +} + +var ( + concurrentReconciles = 3 + + _ reconcile.Reconciler = (*Reconciler)(nil) +) + +type Reconciler struct { + client.Client + Scheme *runtime.Scheme + statusUpdater StatusUpdater + serviceSyncer *ServiceSyncer + endpointSyncer *EndpointsSyncer + ingressSyncer *IngressSyncer +} + +// NewExternalProxyReconciler configures a ExternalProxy controller. +func NewExternalProxyReconciler(c client.Client, scheme *runtime.Scheme) *Reconciler { + r := &Reconciler{ + Client: c, + Scheme: scheme, + statusUpdater: NewStatusUpdater(c), + } + + r.serviceSyncer = singleton.New[*ExternalProxy, *corev1.Service](r.Scheme, r.newServiceSyncEventHandler()) + r.endpointSyncer = singleton.New[*ExternalProxy, *corev1.Endpoints](r.Scheme, r.newEndpointsSyncEventHandler()) + r.ingressSyncer = singleton.New[*ExternalProxy, *networkingv1.Ingress](r.Scheme, r.newIngressSyncEventHandler()) + + return r +} + +// +kubebuilder:rbac:groups=core,resources=services,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=core,resources=endpoints,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=networking.laboys.org,resources=externalproxies,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=networking.laboys.org,resources=externalproxies/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=networking.laboys.org,resources=externalproxies/finalizers,verbs=update + +// Reconcile is part of the main kubernetes reconciliation loop which aims to +// move the current state of the cluster closer to the desired state. +// +// For more details, check Reconcile and its Result here: +// - https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile +func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { + ctx = expectations.WithControllerKey(ctx, req.String()) + + logger := log.FromContext(ctx) + defer func(startTime time.Time) { + logger.Info("Finished reconcile", "duration", time.Since(startTime)) + }(time.Now()) + + var instance ExternalProxy + if err := r.Get(ctx, req.NamespacedName, &instance); err != nil { + if errors.IsNotFound(err) { + logger.V(4).Info("Deleted") + } + + // we'll ignore not-found errors, since they can't be fixed by an immediate + // requeue (we'll need to wait for a new notification), and we can get them + // on deleted requests. + return ctrl.Result{}, client.IgnoreNotFound(err) + } + + // If services expectations have not satisfied yet, just skip this reconcile. + if satisfied, unsatisfiedDuration := r.serviceSyncer.SatisfiedExpectations(req.String()); !satisfied { + if unsatisfiedDuration >= expectations.ExpectationTimeout { + logger.Info("Expectation unsatisfied overtime", "overTime", unsatisfiedDuration) + return reconcile.Result{}, nil + } + + return reconcile.Result{RequeueAfter: expectations.ExpectationTimeout - unsatisfiedDuration}, nil + } + if err := r.serviceSyncer.Sync(ctx, &instance); err != nil { + return ctrl.Result{}, err + } + + // If endpoints expectations have not satisfied yet, just skip this reconcile. + if satisfied, unsatisfiedDuration := r.endpointSyncer.SatisfiedExpectations(req.String()); !satisfied { + if unsatisfiedDuration >= expectations.ExpectationTimeout { + logger.Info("Expectation unsatisfied overtime", "overTime", unsatisfiedDuration) + return reconcile.Result{}, nil + } + + return reconcile.Result{RequeueAfter: expectations.ExpectationTimeout - unsatisfiedDuration}, nil + } + if err := r.endpointSyncer.Sync(ctx, &instance); err != nil { + return ctrl.Result{}, err + } + + // If ingress expectations have not satisfied yet, just skip this reconcile. + if satisfied, unsatisfiedDuration := r.ingressSyncer.SatisfiedExpectations(req.String()); !satisfied { + if unsatisfiedDuration >= expectations.ExpectationTimeout { + logger.Info("Expectation unsatisfied overtime", "overTime", unsatisfiedDuration) + return reconcile.Result{}, nil + } + + return reconcile.Result{RequeueAfter: expectations.ExpectationTimeout - unsatisfiedDuration}, nil + } + if err := r.ingressSyncer.Sync(ctx, &instance); err != nil { + return ctrl.Result{}, err + } + + newStatus := &ExternalProxyStatus{ + Ready: true, + ServiceName: getServiceName(&instance), + ObservedGeneration: instance.Generation, + } + return ctrl.Result{}, r.statusUpdater.UpdateStatus(ctx, &instance, newStatus) +} + +func (r *Reconciler) newServiceSyncEventHandler() *singleton.EventHandler[*ExternalProxy, *corev1.Service] { + return &singleton.EventHandler[*ExternalProxy, *corev1.Service]{ + Writer: r.Client, + NewObject: newService, + ListObject: r.listOwnedServices, + ActivatedObject: filter.OverrideName[*ExternalProxy, *corev1.Service](getServiceName), + ObjectRevision: extractExternalProxyRevision[*corev1.Service], + ObjectPatcher: func(controller *ExternalProxy, desiredObject, activatedObject *corev1.Service) (client.Patch, error) { + object := activatedObject.DeepCopy() + object.Spec.Type = desiredObject.Spec.Type + object.Spec.Ports = desiredObject.Spec.Ports + utils.Merge(&object.Labels, desiredObject.Labels) + utils.Merge(&object.Annotations, desiredObject.Annotations) + + return patch.CreateTwoWayMergePatch(activatedObject, applyExternalProxyRevision(controller, object)) + }, + } +} + +func (r *Reconciler) listOwnedServices(ctx context.Context, instance *ExternalProxy) ([]*corev1.Service, error) { + var serviceList corev1.ServiceList + if err := r.listOwnedResources(ctx, &serviceList, instance); err != nil { + return nil, err + } + + services := make([]*corev1.Service, 0, len(serviceList.Items)) + for i := range serviceList.Items { + service := &serviceList.Items[i] + if service.DeletionTimestamp == nil { + services = append(services, service) + } + } + + slices.SortFunc(services, func(a, b *corev1.Service) int { + return b.CreationTimestamp.Compare(a.CreationTimestamp.Time) + }) + + return services, nil +} + +func (r *Reconciler) newEndpointsSyncEventHandler() *singleton.EventHandler[*ExternalProxy, *corev1.Endpoints] { + return &singleton.EventHandler[*ExternalProxy, *corev1.Endpoints]{ + Writer: r.Client, + NewObject: newEndpoints, + ListObject: r.listOwnedEndpoints, + ObjectRevision: extractExternalProxyRevision[*corev1.Endpoints], + ActivatedObject: filter.OverrideName[*ExternalProxy, *corev1.Endpoints](getServiceName), + ObjectPatcher: func(controller *ExternalProxy, desiredObject, activatedObject *corev1.Endpoints) (client.Patch, error) { + object := activatedObject.DeepCopy() + object.Subsets = desiredObject.Subsets + + return patch.CreateTwoWayMergePatch(activatedObject, applyExternalProxyRevision(controller, object)) + }, + } +} + +func (r *Reconciler) listOwnedEndpoints(ctx context.Context, instance *ExternalProxy) ([]*corev1.Endpoints, error) { + var endpointsList corev1.EndpointsList + if err := r.listOwnedResources(ctx, &endpointsList, instance); err != nil { + return nil, err + } + + endpoints := make([]*corev1.Endpoints, 0, len(endpointsList.Items)) + for i := range endpointsList.Items { + endpoint := &endpointsList.Items[i] + if endpoint.DeletionTimestamp == nil { + endpoints = append(endpoints, endpoint) + } + } + + return endpoints, nil +} + +func (r *Reconciler) newIngressSyncEventHandler() *singleton.EventHandler[*ExternalProxy, *networkingv1.Ingress] { + return &singleton.EventHandler[*ExternalProxy, *networkingv1.Ingress]{ + Writer: r.Client, + NewObject: newIngress, + ListObject: r.listOwnedIngresses, + ObjectRevision: extractExternalProxyRevision[*networkingv1.Ingress], + ActivatedObject: filter.Or(filter.SameName[*ExternalProxy, *networkingv1.Ingress], filter.First[*ExternalProxy, *networkingv1.Ingress]), + ObjectPatcher: func(controller *ExternalProxy, desiredObject, activatedObject *networkingv1.Ingress) (client.Patch, error) { + object := activatedObject.DeepCopy() + object.Spec.DefaultBackend = desiredObject.Spec.DefaultBackend + object.Spec.TLS = desiredObject.Spec.TLS + object.Spec.Rules = desiredObject.Spec.Rules + if desiredObject.Spec.IngressClassName != nil { + object.Spec.IngressClassName = desiredObject.Spec.IngressClassName + } + utils.Merge(&object.Labels, desiredObject.Labels) + utils.Merge(&object.Annotations, desiredObject.Annotations) + + return patch.CreateTwoWayMergePatch(activatedObject, applyExternalProxyRevision(controller, object)) + }, + } +} + +func (r *Reconciler) listOwnedIngresses(ctx context.Context, instance *ExternalProxy) ([]*networkingv1.Ingress, error) { + var ingressList networkingv1.IngressList + if err := r.listOwnedResources(ctx, &ingressList, instance); err != nil { + return nil, err + } + + ingresses := make([]*networkingv1.Ingress, 0, len(ingressList.Items)) + for i := range ingressList.Items { + endpoint := &ingressList.Items[i] + if endpoint.DeletionTimestamp == nil { + ingresses = append(ingresses, endpoint) + } + } + + slices.SortFunc(ingresses, func(a, b *networkingv1.Ingress) int { + return b.CreationTimestamp.Compare(a.CreationTimestamp.Time) + }) + + return ingresses, nil +} + +func (r *Reconciler) listOwnedResources(ctx context.Context, list client.ObjectList, instance *ExternalProxy) error { + return r.List(ctx, list, + client.UnsafeDisableDeepCopy, + client.InNamespace(instance.Namespace), + client.MatchingFields{fieldindex.IndexOwnerReferenceUID: string(instance.UID)}, + ) +} + +// SetupWithManager sets up the controller with the Manager. +func (r *Reconciler) SetupWithManager(mgr ctrl.Manager) error { + return ctrl.NewControllerManagedBy(mgr). + For(&ExternalProxy{}, builder.WithPredicates(predicate.GenerationChangedPredicate{})). + Watches(&corev1.Service{}, &watchEventHandler[*corev1.Service]{expectations: r.serviceSyncer}). + Watches(&corev1.Endpoints{}, &watchEventHandler[*corev1.Endpoints]{expectations: r.endpointSyncer}). + Watches(&networkingv1.Ingress{}, &watchEventHandler[*networkingv1.Ingress]{expectations: r.ingressSyncer}). + WithOptions(controller.Options{ + MaxConcurrentReconciles: concurrentReconciles, + }). + Complete(r) +} diff --git a/internal/controller/networking/externalproxy_controller_test.go b/internal/controller/networking/externalproxy_controller_test.go new file mode 100644 index 0000000..1f6f9c8 --- /dev/null +++ b/internal/controller/networking/externalproxy_controller_test.go @@ -0,0 +1,172 @@ +/* +Copyright 2024 Jayson Wang. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package networking + +import ( + "context" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + corev1 "k8s.io/api/core/v1" + networkingv1 "k8s.io/api/networking/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" + "k8s.io/utils/ptr" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/reconcile" + + "github.com/wjiec/mobius/api/networking" + networkingv1alpha1 "github.com/wjiec/mobius/api/networking/v1alpha1" +) + +var _ = Describe("ExternalProxy Controller", func() { + Context("When reconciling a resource", func() { + ctx := context.Background() + namespacedName := types.NamespacedName{ + Name: "test-externalproxy", + Namespace: "default", + } + + BeforeEach(func() { + instance := &networkingv1alpha1.ExternalProxy{} + + By("creating the custom resource for the Kind ExternalProxy") + err := k8sClient.Get(ctx, namespacedName, instance) + if Expect(client.IgnoreNotFound(err)).NotTo(HaveOccurred()) { + instance = &networkingv1alpha1.ExternalProxy{ + ObjectMeta: metav1.ObjectMeta{ + Name: namespacedName.Name, + Namespace: namespacedName.Namespace, + }, + Spec: networkingv1alpha1.ExternalProxySpec{ + Backends: []networkingv1alpha1.ExternalProxyBackend{ + { + Addresses: []corev1.EndpointAddress{ + {IP: "192.168.1.1"}, + }, + Ports: []corev1.EndpointPort{ + {Name: "http", Port: 80}, + }, + }, + }, + Service: networkingv1alpha1.ExternalProxyService{ + Name: ptr.To("example"), + Ports: []corev1.ServicePort{ + {Name: "http", Port: 80}, + }, + }, + Ingress: &networkingv1alpha1.ExternalProxyIngress{ + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{ + "nginx.ingress.kubernetes.io/client-max-body-size": "100m", + }, + }, + TLS: []networkingv1.IngressTLS{ + { + Hosts: []string{"foo.laboys.org"}, + SecretName: "star-laboys-org", + }, + }, + Rules: []networkingv1alpha1.ExternalProxyIngressRule{ + { + Host: "foo.laboys.org", + HTTP: &networkingv1alpha1.ExternalProxyIngressHttpRuleValue{ + Paths: []networkingv1alpha1.ExternalProxyIngressHttpPath{ + { + Path: "/", + PathType: ptr.To(networkingv1.PathTypeImplementationSpecific), + Backend: &networkingv1alpha1.ExternalProxyIngressBackend{ + Port: networkingv1alpha1.ExternalProxyServiceBackendPort{ + Name: "http", + }, + }, + }, + }, + }, + }, + }, + }, + }, + } + + Expect(k8sClient.Create(ctx, instance)).To(Succeed()) + } + }) + + AfterEach(func() { + instance := &networkingv1alpha1.ExternalProxy{} + err := k8sClient.Get(ctx, namespacedName, instance) + Expect(err).NotTo(HaveOccurred()) + + By("Cleanup the specific instance instance ExternalProxy") + Expect(k8sClient.Delete(ctx, instance)).To(Succeed()) + }) + + It("should successfully reconcile the resource", func() { + reconciler := NewExternalProxyReconciler(k8sClient, k8sClient.Scheme()) + Expect(reconciler).NotTo(BeNil()) + + err := reconciler.SetupWithManager(mgr) + Expect(err).NotTo(HaveOccurred()) + + By("Reconciling the created resource") + _, err = reconciler.Reconcile(ctx, reconcile.Request{NamespacedName: namespacedName}) + Expect(err).NotTo(HaveOccurred()) + + Eventually(func() bool { + var instance networkingv1alpha1.ExternalProxy + if err := k8sClient.Get(ctx, namespacedName, &instance); err != nil { + return false + } + + return instance.Status.ServiceName != "" + }).Should(BeTrue()) + + By("refresh the ExternalProxy resource") + resource := &networkingv1alpha1.ExternalProxy{} + err = k8sClient.Get(ctx, namespacedName, resource) + if Expect(err).NotTo(HaveOccurred()) { + Expect(resource.Status.Ready).Should(BeTrue()) + Expect(resource.Status.ServiceName).Should(Equal(getServiceName(resource))) + } + + By("validating Service resources for ExternalProxy") + service := &corev1.Service{} + err = k8sClient.Get(ctx, types.NamespacedName{Namespace: resource.Namespace, Name: resource.Status.ServiceName}, service) + if Expect(err).NotTo(HaveOccurred()) { + Expect(service.Spec.Ports).Should(HaveLen(1)) + } + + By("validating Endpoints resources for ExternalProxy") + endpoint := &corev1.Endpoints{} + err = k8sClient.Get(ctx, types.NamespacedName{Namespace: resource.Namespace, Name: resource.Status.ServiceName}, endpoint) + if Expect(err).NotTo(HaveOccurred()) { + Expect(endpoint.Subsets).Should(HaveLen(1)) + } + + By("validating Ingress resources for ExternalProxy") + ingress := &networkingv1.Ingress{} + err = k8sClient.Get(ctx, namespacedName, ingress) + if Expect(err).NotTo(HaveOccurred()) { + Expect(ingress.Annotations).Should(HaveKey(networking.ExternalProxyRevisionAnnotationKey)) + Expect(ingress.Annotations).Should(HaveKey("nginx.ingress.kubernetes.io/client-max-body-size")) + Expect(ingress.Spec.TLS).Should(HaveLen(1)) + Expect(ingress.Spec.Rules).Should(HaveLen(1)) + } + }) + }) +}) diff --git a/internal/controller/networking/externalproxy_status.go b/internal/controller/networking/externalproxy_status.go new file mode 100644 index 0000000..b8d193d --- /dev/null +++ b/internal/controller/networking/externalproxy_status.go @@ -0,0 +1,46 @@ +package networking + +import ( + "context" + "reflect" + + "k8s.io/apimachinery/pkg/types" + "k8s.io/client-go/util/retry" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/log" + + networkingv1alpha1 "github.com/wjiec/mobius/api/networking/v1alpha1" +) + +type StatusUpdater interface { + UpdateStatus(ctx context.Context, ep *ExternalProxy, newStatus *networkingv1alpha1.ExternalProxyStatus) error +} + +func NewStatusUpdater(c client.Client) StatusUpdater { + return &realStatusUpdater{Client: c} +} + +type realStatusUpdater struct { + client.Client +} + +func (r *realStatusUpdater) UpdateStatus(ctx context.Context, ep *ExternalProxy, newStatus *networkingv1alpha1.ExternalProxyStatus) error { + if reflect.DeepEqual(&ep.Status, newStatus) { + return nil + } + + log.FromContext(ctx).Info("Update ExternalProxy status", "serviceName", newStatus.ServiceName, "ready", newStatus.Ready) + return r.updateStatus(ctx, client.ObjectKeyFromObject(ep), newStatus) +} + +func (r *realStatusUpdater) updateStatus(ctx context.Context, namespaceName types.NamespacedName, newStatus *networkingv1alpha1.ExternalProxyStatus) error { + return retry.RetryOnConflict(retry.DefaultRetry, func() error { + var instance ExternalProxy + if err := r.Get(ctx, namespaceName, &instance); err != nil { + return err + } + + instance.Status = *newStatus + return r.Status().Update(ctx, &instance) + }) +} diff --git a/internal/controller/networking/externalproxy_watch_event.go b/internal/controller/networking/externalproxy_watch_event.go new file mode 100644 index 0000000..6f18c66 --- /dev/null +++ b/internal/controller/networking/externalproxy_watch_event.go @@ -0,0 +1,92 @@ +/* +Copyright 2024 Jayson Wang. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package networking + +import ( + "context" + "time" + + "k8s.io/client-go/util/workqueue" + "k8s.io/klog/v2" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/event" + "sigs.k8s.io/controller-runtime/pkg/log" + + "github.com/wjiec/mobius/internal/expectations" +) + +var ( + // initialingRateLimiter calculates the delay duration for existing resources + // triggered Create event when the Informer cache has just synced. + initialingRateLimiter = workqueue.NewItemExponentialFailureRateLimiter(3*time.Second, 30*time.Second) +) + +type watchEventHandler[T client.Object] struct { + expectations expectations.ControllerExpectations +} + +func (w *watchEventHandler[T]) Create(ctx context.Context, evt event.TypedCreateEvent[client.Object], q workqueue.RateLimitingInterface) { + logger := log.FromContext(ctx) + if evt.Object.GetDeletionTimestamp() != nil { + w.Delete(ctx, event.TypedDeleteEvent[client.Object]{Object: evt.Object}, q) + return + } + + req := resolveControllerRef(evt.Object) + if req == nil { + return + } + + logger.V(4).Info("Created", "obj", klog.KObj(evt.Object), "owner", req) + isSatisfied, _ := w.expectations.SatisfiedExpectations(req.String()) + w.expectations.Observe(req.String(), expectations.ActionCreations, evt.Object.GetName()) + if isSatisfied { + // If the expectation is satisfied, it should be an existing Pod and the Informer + // cache should have just synced. + q.AddAfter(*req, initialingRateLimiter.When(req)) + } else { + // Otherwise, add it immediately and reset the rate limiter + initialingRateLimiter.Forget(req) + q.Add(*req) + } +} + +func (w *watchEventHandler[T]) Update(ctx context.Context, evt event.TypedUpdateEvent[client.Object], q workqueue.RateLimitingInterface) { + if evt.ObjectNew.GetDeletionTimestamp() != nil { + w.Delete(ctx, event.TypedDeleteEvent[client.Object]{Object: evt.ObjectNew}, q) + return + } +} + +func (w *watchEventHandler[T]) Delete(ctx context.Context, evt event.TypedDeleteEvent[client.Object], q workqueue.RateLimitingInterface) { + logger := log.FromContext(ctx) + if _, ok := evt.Object.(T); !ok { + logger.Error(nil, "Skipped deletion event", "deleteStateUnknown", evt.DeleteStateUnknown, "obj", evt.Object) + return + } + + req := resolveControllerRef(evt.Object) + if req == nil { + return + } + + w.expectations.Observe(req.String(), expectations.ActionDeletions, evt.Object.GetName()) + q.Add(*req) +} + +func (w *watchEventHandler[T]) Generic(context.Context, event.TypedGenericEvent[client.Object], workqueue.RateLimitingInterface) { +} diff --git a/internal/controller/networking/suite_test.go b/internal/controller/networking/suite_test.go new file mode 100644 index 0000000..359819c --- /dev/null +++ b/internal/controller/networking/suite_test.go @@ -0,0 +1,113 @@ +/* +Copyright 2024 Jayson Wang. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package networking + +import ( + "context" + "fmt" + "path/filepath" + "runtime" + "testing" + + "github.com/go-logr/logr" + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + "k8s.io/client-go/kubernetes/scheme" + "k8s.io/client-go/rest" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/envtest" + logf "sigs.k8s.io/controller-runtime/pkg/log" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + networkingv1alpha1 "github.com/wjiec/mobius/api/networking/v1alpha1" + "github.com/wjiec/mobius/internal/fieldindex" + // +kubebuilder:scaffold:imports +) + +// These tests use Ginkgo (BDD-style Go testing framework). Refer to +// http://onsi.github.io/ginkgo/ to learn more about Ginkgo. + +var mgr ctrl.Manager +var cfg *rest.Config +var stop context.CancelFunc +var k8sClient client.Client +var testEnv *envtest.Environment + +func TestControllers(t *testing.T) { + RegisterFailHandler(Fail) + + RunSpecs(t, "Controller Suite") +} + +var _ = BeforeSuite(func() { + logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true))) + + By("bootstrapping test environment") + testEnv = &envtest.Environment{ + CRDDirectoryPaths: []string{filepath.Join("..", "..", "..", "config", "crd", "bases")}, + ErrorIfCRDPathMissing: true, + + // The BinaryAssetsDirectory is only required if you want to run the tests directly + // without call the makefile target test. If not informed it will look for the + // default path defined in controller-runtime which is /usr/local/kubebuilder/. + // Note that you must have the required binaries setup under the bin directory to perform + // the tests directly. When we run make test it will be setup and used automatically. + BinaryAssetsDirectory: filepath.Join("..", "..", "..", "bin", "k8s", + fmt.Sprintf("1.30.0-%s-%s", runtime.GOOS, runtime.GOARCH)), + } + + var err error + // cfg is defined in this file globally. + cfg, err = testEnv.Start() + Expect(err).NotTo(HaveOccurred()) + Expect(cfg).NotTo(BeNil()) + + err = networkingv1alpha1.AddToScheme(scheme.Scheme) + Expect(err).NotTo(HaveOccurred()) + + // +kubebuilder:scaffold:scheme + + ctrl.SetLogger(logr.Discard()) + + mgr, err = ctrl.NewManager(cfg, ctrl.Options{Scheme: scheme.Scheme}) + Expect(err).NotTo(HaveOccurred()) + + err = fieldindex.RegisterFieldIndexes(context.Background(), mgr.GetFieldIndexer()) + Expect(err).NotTo(HaveOccurred()) + + k8sClient = mgr.GetClient() + Expect(k8sClient).NotTo(BeNil()) + + var ctx context.Context + ctx, stop = context.WithCancel(context.TODO()) + + go func() { + err = mgr.Start(ctx) + Expect(err).NotTo(HaveOccurred()) + }() + + // Wait for cache to sync before proceeding with the test. + Expect(mgr.GetCache().WaitForCacheSync(ctx)).Should(BeTrue()) +}) + +var _ = AfterSuite(func() { + By("tearing down the test environment") + stop() + err := testEnv.Stop() + Expect(err).NotTo(HaveOccurred()) +}) diff --git a/internal/controller/networking/utils.go b/internal/controller/networking/utils.go new file mode 100644 index 0000000..a7b09e6 --- /dev/null +++ b/internal/controller/networking/utils.go @@ -0,0 +1,203 @@ +/* +Copyright 2024 Jayson Wang. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package networking + +import ( + "context" + "strconv" + + corev1 "k8s.io/api/core/v1" + networkingv1 "k8s.io/api/networking/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + + "github.com/wjiec/mobius/api/networking" + networkingv1alpha1 "github.com/wjiec/mobius/api/networking/v1alpha1" + "github.com/wjiec/mobius/internal/sync/singleton" + "github.com/wjiec/mobius/pkg/utils" +) + +type ( + ExternalProxy = networkingv1alpha1.ExternalProxy + ExternalProxyStatus = networkingv1alpha1.ExternalProxyStatus + + ServiceSyncer = singleton.Singleton[*ExternalProxy, *corev1.Service] + EndpointsSyncer = singleton.Singleton[*ExternalProxy, *corev1.Endpoints] + IngressSyncer = singleton.Singleton[*ExternalProxy, *networkingv1.Ingress] +) + +var ( + APIVersion = networkingv1alpha1.GroupVersion.String() + GroupVersionKind = networkingv1alpha1.GroupVersion.WithKind("ExternalProxy") +) + +// getServiceName retrieves the service name for the given ExternalProxy instance. +// +// If the service name is specified in the ExternalProxy spec, it returns that name. +// Otherwise, it returns the name of the ExternalProxy object. +func getServiceName(ep *ExternalProxy) string { + if ep.Spec.Service.Name != nil { + return *ep.Spec.Service.Name + } + return ep.Name +} + +// resolveControllerRef checks the controller reference of the given +// object and converts it to a controller request. +func resolveControllerRef(object metav1.Object) *ctrl.Request { + if ownerRef := metav1.GetControllerOf(object); ownerRef != nil { + if ownerRef.APIVersion == APIVersion && ownerRef.Kind == GroupVersionKind.Kind { + return &ctrl.Request{ + NamespacedName: types.NamespacedName{ + Namespace: object.GetNamespace(), + Name: ownerRef.Name, + }, + } + } + } + + return nil +} + +func newService(_ context.Context, instance *ExternalProxy) *corev1.Service { + service := &corev1.Service{ + ObjectMeta: metav1.ObjectMeta{ + Name: getServiceName(instance), + Namespace: instance.Namespace, + }, + Spec: corev1.ServiceSpec{ + Ports: instance.Spec.Service.Ports, + Type: instance.Spec.Service.Type, + }, + } + utils.Merge(&service.Labels, instance.Spec.Service.Labels) + utils.Merge(&service.Annotations, instance.Spec.Service.Annotations) + + return applyExternalProxyRevision(instance, service) +} + +func newEndpoints(_ context.Context, instance *ExternalProxy) *corev1.Endpoints { + endpoints := &corev1.Endpoints{ + ObjectMeta: metav1.ObjectMeta{ + Name: getServiceName(instance), + Namespace: instance.Namespace, + }, + Subsets: make([]corev1.EndpointSubset, 0, len(instance.Spec.Backends)), + } + + for _, backend := range instance.Spec.Backends { + endpoints.Subsets = append(endpoints.Subsets, corev1.EndpointSubset{ + Addresses: backend.Addresses, + Ports: backend.Ports, + }) + } + + return applyExternalProxyRevision(instance, endpoints) +} + +func newIngress(_ context.Context, instance *ExternalProxy) *networkingv1.Ingress { + if instance.Spec.Ingress == nil { + return nil + } + + ingress := &networkingv1.Ingress{ + ObjectMeta: metav1.ObjectMeta{ + Name: instance.Name, + Namespace: instance.Namespace, + }, + Spec: networkingv1.IngressSpec{ + IngressClassName: instance.Spec.Ingress.IngressClassName, + }, + } + utils.Merge(&ingress.Labels, instance.Spec.Ingress.Labels) + utils.Merge(&ingress.Annotations, instance.Spec.Ingress.Annotations) + + if defaultBackend := instance.Spec.Ingress.DefaultBackend; defaultBackend != nil { + ingress.Spec.DefaultBackend = &networkingv1.IngressBackend{ + Service: &networkingv1.IngressServiceBackend{ + Name: getServiceName(instance), + Port: networkingv1.ServiceBackendPort{ + Name: defaultBackend.Port.Name, + Number: defaultBackend.Port.Number, + }, + }, + } + } + + for _, tls := range instance.Spec.Ingress.TLS { + ingress.Spec.TLS = append(ingress.Spec.TLS, *tls.DeepCopy()) + } + + for _, rule := range instance.Spec.Ingress.Rules { + rulePaths := make([]networkingv1.HTTPIngressPath, 0, len(rule.HTTP.Paths)) + for _, path := range rule.HTTP.Paths { + rulePaths = append(rulePaths, networkingv1.HTTPIngressPath{ + Path: path.Path, + PathType: path.PathType, + Backend: networkingv1.IngressBackend{ + Service: &networkingv1.IngressServiceBackend{ + Name: getServiceName(instance), + Port: networkingv1.ServiceBackendPort{ + Name: path.Backend.Port.Name, + Number: path.Backend.Port.Number, + }, + }, + }, + }) + } + + ingress.Spec.Rules = append(ingress.Spec.Rules, networkingv1.IngressRule{ + Host: rule.Host, + IngressRuleValue: networkingv1.IngressRuleValue{ + HTTP: &networkingv1.HTTPIngressRuleValue{ + Paths: rulePaths, + }, + }, + }) + } + + return applyExternalProxyRevision(instance, ingress) +} + +// extractExternalProxyRevision retrieves the ExternalProxy revision from the object's annotations. +// +// If the annotation or parsing fails, it returns 0. +func extractExternalProxyRevision[T client.Object](object T) int64 { + revision := object.GetAnnotations()[networking.ExternalProxyRevisionAnnotationKey] + if revision, err := strconv.ParseInt(revision, 10, 64); err == nil { + return revision + } + + return 0 +} + +// applyExternalProxyRevision sets the revision annotation on the target object. +// +// It uses the generation of the controller object as the revision value. +func applyExternalProxyRevision[R client.Object](controller *ExternalProxy, object R) R { + annotation := object.GetAnnotations() + if annotation == nil { + annotation = make(map[string]string) + } + + annotation[networking.ExternalProxyRevisionAnnotationKey] = strconv.FormatInt(controller.Generation, 10) + object.SetAnnotations(annotation) + + return object +} diff --git a/internal/expectations/expectations.go b/internal/expectations/expectations.go new file mode 100644 index 0000000..32c9bea --- /dev/null +++ b/internal/expectations/expectations.go @@ -0,0 +1,132 @@ +package expectations + +import ( + "context" + "flag" + "sync" + "time" + + "k8s.io/apimachinery/pkg/util/sets" +) + +var ( + ExpectationTimeout time.Duration +) + +func init() { + flag.DurationVar(&ExpectationTimeout, "expectation-timeout", 5*time.Minute, "The expectation timeout. Defaults 5min") +} + +type ControllerAction string + +const ( + ActionCreations ControllerAction = "creations" + ActionDeletions ControllerAction = "deletions" +) + +type ControllerKey = string +type controllerKeyHolder struct{} + +func WithControllerKey(ctx context.Context, key ControllerKey) context.Context { + return context.WithValue(ctx, controllerKeyHolder{}, key) +} + +func ControllerKeyFromCtx(ctx context.Context) ControllerKey { + if key, ok := ctx.Value(controllerKeyHolder{}).(ControllerKey); ok { + return key + } + return "" +} + +type ControllerExpectations interface { + Expect(key ControllerKey, action ControllerAction, name string) + Observe(key ControllerKey, action ControllerAction, name string) + SatisfiedExpectations(key ControllerKey) (satisfied bool, unsatisfiedDuration time.Duration) +} + +func NewControllerExpectations() ControllerExpectations { + return &realControllerExpectations{ + cache: make(map[ControllerKey]*objectStore[ControllerAction, string]), + } +} + +type realControllerExpectations struct { + sync.Mutex + + cache map[ControllerKey]*objectStore[ControllerAction, string] +} + +func (r *realControllerExpectations) Expect(key ControllerKey, action ControllerAction, name string) { + r.Lock() + defer r.Unlock() + + expectations := r.cache[key] + if expectations == nil { + expectations = newObjectStore[ControllerAction, string]() + r.cache[key] = expectations + } + + expectations.Insert(action, name) +} + +func (r *realControllerExpectations) Observe(key ControllerKey, action ControllerAction, name string) { + r.Lock() + defer r.Unlock() + + expectations := r.cache[key] + if expectations == nil { + return + } + + if s, ok := expectations.objects[action]; ok { + s.Delete(name) + + for _, elem := range expectations.objects { + if elem.Len() > 0 { + return + } + } + delete(r.cache, key) + } +} + +func (r *realControllerExpectations) SatisfiedExpectations(key ControllerKey) (bool, time.Duration) { + r.Lock() + defer r.Unlock() + + expectations := r.cache[key] + if expectations == nil { + return true, time.Duration(0) + } + + for _, elem := range expectations.objects { + if elem.Len() > 0 { + if expectations.firstUnsatisfied.IsZero() { + expectations.firstUnsatisfied = time.Now() + } + return false, time.Since(expectations.firstUnsatisfied) + } + } + + delete(r.cache, key) + return true, time.Duration(0) +} + +type objectStore[K comparable, V comparable] struct { + objects map[K]sets.Set[V] + firstUnsatisfied time.Time +} + +func newObjectStore[K comparable, V comparable]() *objectStore[K, V] { + return &objectStore[K, V]{ + objects: make(map[K]sets.Set[V]), + } +} + +func (o *objectStore[K, V]) Insert(action K, value V) { + if set, ok := o.objects[action]; !ok { + o.objects[action] = sets.New(value) + } else { + set.Insert(value) + } +} diff --git a/internal/expectations/expectations_test.go b/internal/expectations/expectations_test.go new file mode 100644 index 0000000..e2ad052 --- /dev/null +++ b/internal/expectations/expectations_test.go @@ -0,0 +1,51 @@ +package expectations + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestNewControllerExpectations(t *testing.T) { + assert.NotNil(t, NewControllerExpectations()) +} + +func TestRealControllerExpectations_SatisfiedExpectations(t *testing.T) { + e := NewControllerExpectations() + + satisfied, _ := e.SatisfiedExpectations("default/foo") + assert.True(t, satisfied) + + e.Expect("default/foo", ActionCreations, "res1") + e.Expect("default/foo", ActionCreations, "res2") + satisfied, _ = e.SatisfiedExpectations("default/foo") + assert.False(t, satisfied) + + e.Expect("default/bar", ActionDeletions, "res3") + e.Expect("default/bar", ActionDeletions, "res4") + satisfied, _ = e.SatisfiedExpectations("default/bar") + assert.False(t, satisfied) + + e.Observe("default/foo", ActionCreations, "res1") + e.Observe("default/foo", ActionCreations, "res2") + satisfied, _ = e.SatisfiedExpectations("default/foo") + assert.True(t, satisfied) + + e.Observe("default/bar", ActionDeletions, "res3") + satisfied, _ = e.SatisfiedExpectations("default/bar") + assert.False(t, satisfied) + + e.Observe("default/bar", ActionDeletions, "res4") + satisfied, _ = e.SatisfiedExpectations("default/bar") + assert.True(t, satisfied) +} + +func TestObjectStore_Insert(t *testing.T) { + s := newObjectStore[string, string]() + s.Insert("foo", "value1") + assert.True(t, s.objects["foo"].Has("value1")) + + s.Insert("foo", "value2") + assert.True(t, s.objects["foo"].Has("value1")) + assert.True(t, s.objects["foo"].Has("value2")) +} diff --git a/internal/fieldindex/fieldindex.go b/internal/fieldindex/fieldindex.go new file mode 100644 index 0000000..0907803 --- /dev/null +++ b/internal/fieldindex/fieldindex.go @@ -0,0 +1,31 @@ +package fieldindex + +import ( + "context" + "errors" + + corev1 "k8s.io/api/core/v1" + networkingv1 "k8s.io/api/networking/v1" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +const ( + IndexOwnerReferenceUID = "metadata.controller.uid" +) + +func ownerReferenceUIDIndex(object client.Object) []string { + owners := make([]string, 1) // a slices of size 1 is sufficient + for _, owner := range object.GetOwnerReferences() { + owners = append(owners, string(owner.UID)) + } + + return owners +} + +func RegisterFieldIndexes(ctx context.Context, indexer client.FieldIndexer) (err error) { + err = errors.Join(err, indexer.IndexField(ctx, &corev1.Service{}, IndexOwnerReferenceUID, ownerReferenceUIDIndex)) + err = errors.Join(err, indexer.IndexField(ctx, &corev1.Endpoints{}, IndexOwnerReferenceUID, ownerReferenceUIDIndex)) + err = errors.Join(err, indexer.IndexField(ctx, &networkingv1.Ingress{}, IndexOwnerReferenceUID, ownerReferenceUIDIndex)) + + return err +} diff --git a/internal/fieldindex/fieldindex_test.go b/internal/fieldindex/fieldindex_test.go new file mode 100644 index 0000000..633008d --- /dev/null +++ b/internal/fieldindex/fieldindex_test.go @@ -0,0 +1,50 @@ +package fieldindex + +import ( + "context" + "testing" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/rest" + "sigs.k8s.io/controller-runtime/pkg/cache" + "sigs.k8s.io/controller-runtime/pkg/envtest" + logf "sigs.k8s.io/controller-runtime/pkg/log" + "sigs.k8s.io/controller-runtime/pkg/log/zap" +) + +var testenv *envtest.Environment +var cfg *rest.Config +var clientset *kubernetes.Clientset + +var _ = BeforeSuite(func() { + logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true))) + + testenv = &envtest.Environment{} + + var err error + cfg, err = testenv.Start() + Expect(err).NotTo(HaveOccurred()) + + clientset, err = kubernetes.NewForConfig(cfg) + Expect(err).NotTo(HaveOccurred()) +}) + +var _ = AfterSuite(func() { + Expect(testenv.Stop()).To(Succeed()) +}) + +func TestRegisterFieldIndexes(t *testing.T) { + Describe("RegisterFieldIndexes", func() { + It("should be able to index an object field", func() { + By("creating the cache") + informer, err := cache.New(cfg, cache.Options{}) + Expect(err).NotTo(HaveOccurred()) + + By("register field indexes for mobius controller") + err = RegisterFieldIndexes(context.TODO(), informer) + Expect(err).NotTo(HaveOccurred()) + }) + }) +} diff --git a/internal/patch/patch.go b/internal/patch/patch.go new file mode 100644 index 0000000..28063e1 --- /dev/null +++ b/internal/patch/patch.go @@ -0,0 +1,24 @@ +package patch + +import ( + "k8s.io/apimachinery/pkg/types" + "k8s.io/apimachinery/pkg/util/mergepatch" + "k8s.io/apimachinery/pkg/util/strategicpatch" + "sigs.k8s.io/controller-runtime/pkg/client" + + "github.com/wjiec/mobius/pkg/must" +) + +// CreateTwoWayMergePatch creates a patch that can be passed to StrategicMergePatch between +// the original and desired objects. It will return a [client.Patch] or an error if either of +// the two documents is invalid. +func CreateTwoWayMergePatch[T client.Object](original, desired T, fns ...mergepatch.PreconditionFunc) (client.Patch, error) { + var object T + + data, err := strategicpatch.CreateTwoWayMergePatch(must.JsonMarshal(original), must.JsonMarshal(desired), object, fns...) + if err != nil { + return nil, err + } + + return client.RawPatch(types.StrategicMergePatchType, data), nil +} diff --git a/internal/patch/patch_test.go b/internal/patch/patch_test.go new file mode 100644 index 0000000..3f26d3d --- /dev/null +++ b/internal/patch/patch_test.go @@ -0,0 +1,107 @@ +package patch + +import ( + "testing" + + "github.com/stretchr/testify/assert" + corev1 "k8s.io/api/core/v1" + networkingv1 "k8s.io/api/networking/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" + + networkingv1alpha1 "github.com/wjiec/mobius/api/networking/v1alpha1" +) + +const ( + TestRevisionAnnotationKey = "patch-test-revision" +) + +func TestCreateTwoWayMergePatch(t *testing.T) { + t.Run("normal", func(t *testing.T) { + original := &networkingv1alpha1.ExternalProxy{ + ObjectMeta: metav1.ObjectMeta{ + Name: "example", + Namespace: "default", + CreationTimestamp: metav1.Time{}, + Annotations: map[string]string{ + TestRevisionAnnotationKey: "1", + }, + }, + Spec: networkingv1alpha1.ExternalProxySpec{ + Backends: []networkingv1alpha1.ExternalProxyBackend{ + { + Addresses: []corev1.EndpointAddress{ + {IP: "192.168.1.1"}, + }, + Ports: []corev1.EndpointPort{ + {Name: "http", Port: 80}, + }, + }, + }, + Service: networkingv1alpha1.ExternalProxyService{ + Name: ptr.To("foobar"), + Ports: []corev1.ServicePort{ + {Name: "http", Port: 80}, + }, + }, + }, + } + + desired := original.DeepCopy() + desired.Annotations[TestRevisionAnnotationKey] = "2" + desired.Spec.Service.Name = nil + desired.Spec.Ingress = &networkingv1alpha1.ExternalProxyIngress{ + Rules: []networkingv1alpha1.ExternalProxyIngressRule{ + {Host: "www.example.com"}, + }, + } + + patch, err := CreateTwoWayMergePatch(original, desired) + if assert.NoError(t, err) { + data, err := patch.Data(original) + if assert.NoError(t, err) { + t.Logf("Patch(%s): %s", patch.Type(), data) + } + } + }) + + t.Run("ingress", func(t *testing.T) { + original := &networkingv1.Ingress{ + ObjectMeta: metav1.ObjectMeta{ + Name: "example", + Namespace: "default", + }, + Spec: networkingv1.IngressSpec{ + IngressClassName: ptr.To("nginx"), + Rules: []networkingv1.IngressRule{ + {Host: "example.com"}, + }, + }, + } + + desired := original.DeepCopy() + desired.Spec.IngressClassName = nil + desired.Spec.Rules = []networkingv1.IngressRule{ + {Host: "www.example.com"}, + } + + patch, err := CreateTwoWayMergePatch(original, desired) + if assert.NoError(t, err) { + data, err := patch.Data(original) + if assert.NoError(t, err) { + t.Logf("Patch(%s): %s", patch.Type(), data) + } + } + }) + + t.Run("unchanged", func(t *testing.T) { + original := &networkingv1.Ingress{} + patch, err := CreateTwoWayMergePatch(original, original) + if assert.NoError(t, err) { + data, err := patch.Data(original) + if assert.NoError(t, err) { + t.Logf("Patch(%s): %#v", patch.Type(), data) + } + } + }) +} diff --git a/internal/sync/singleton/filter/filter.go b/internal/sync/singleton/filter/filter.go new file mode 100644 index 0000000..c7b052c --- /dev/null +++ b/internal/sync/singleton/filter/filter.go @@ -0,0 +1,58 @@ +package filter + +import ( + "reflect" + + "sigs.k8s.io/controller-runtime/pkg/client" +) + +// Filter is a type alias for a function that filters and selects +// an object from a list based on the controller. +type Filter[C, R client.Object] func(controller C, objects []R) R + +// First returns the first object from the list. If the +// list is empty, it returns the zero value. +func First[C, R client.Object](_ C, objects []R) R { + if len(objects) != 0 { + return objects[0] + } + + var zero R + return zero +} + +// SameName returns the object from the list that has the same name as the controller. +func SameName[C, R client.Object](controller C, objects []R) R { + return OverrideName[C, R](C.GetName)(controller, objects) +} + +// OverrideName creates a filter that selects an object with a name matching the +// extractor's result for the controller. +func OverrideName[C, R client.Object](extractor func(C) string) Filter[C, R] { + return func(controller C, objects []R) R { + for _, object := range objects { + if extractor(controller) == object.GetName() { + return object + } + } + + var zero R + return zero + } +} + +// Or creates a filter that applies multiple filters in +// sequence and returns the first non-zero result. +func Or[C, R client.Object](filters ...Filter[C, R]) Filter[C, R] { + return func(controller C, objects []R) R { + for _, filter := range filters { + filtered := filter(controller, objects) + if !reflect.ValueOf(filtered).IsZero() { + return filtered + } + } + + var zero R + return zero + } +} diff --git a/internal/sync/singleton/filter/filter_test.go b/internal/sync/singleton/filter/filter_test.go new file mode 100644 index 0000000..9b5549d --- /dev/null +++ b/internal/sync/singleton/filter/filter_test.go @@ -0,0 +1,73 @@ +package filter + +import ( + "testing" + + "github.com/stretchr/testify/assert" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + networkingv1alpha1 "github.com/wjiec/mobius/api/networking/v1alpha1" +) + +type TestObject = networkingv1alpha1.ExternalProxy + +var objects = []*TestObject{ + {ObjectMeta: metav1.ObjectMeta{Name: "foo"}}, + {ObjectMeta: metav1.ObjectMeta{Name: "bar"}}, + {ObjectMeta: metav1.ObjectMeta{Name: "baz"}}, +} + +func TestFirst(t *testing.T) { + t.Run("normal", func(t *testing.T) { + found := First(&TestObject{}, objects) + if assert.NotNil(t, found) { + assert.Equal(t, found.Name, "foo") + } + }) + + t.Run("not found", func(t *testing.T) { + assert.Nil(t, First(&TestObject{}, []*TestObject{})) + }) +} + +func TestSameName(t *testing.T) { + t.Run("normal", func(t *testing.T) { + found := SameName(&TestObject{ObjectMeta: metav1.ObjectMeta{Name: "bar"}}, objects) + if assert.NotNil(t, found) { + assert.Equal(t, found.Name, "bar") + } + }) + + t.Run("not found", func(t *testing.T) { + assert.Nil(t, SameName(&TestObject{ObjectMeta: metav1.ObjectMeta{Name: "zzz"}}, objects)) + }) +} + +func TestOverrideName(t *testing.T) { + fakeExtractor := func(name string) func(*TestObject) string { + return func(*TestObject) string { return name } + } + + t.Run("normal", func(t *testing.T) { + filter := OverrideName[*TestObject, *TestObject](fakeExtractor("foo")) + found := filter(&TestObject{}, objects) + if assert.NotNil(t, found) { + assert.Equal(t, found.Name, "foo") + } + }) + + t.Run("not found", func(t *testing.T) { + filter := OverrideName[*TestObject, *TestObject](fakeExtractor("zzz")) + assert.Nil(t, filter(&TestObject{}, objects)) + }) +} + +func TestOr(t *testing.T) { + t.Run("normal", func(t *testing.T) { + filter := Or(SameName[*TestObject, *TestObject], First[*TestObject, *TestObject]) + found := filter(&TestObject{ObjectMeta: metav1.ObjectMeta{Name: "zzz"}}, objects) + if assert.NotNil(t, found) { + assert.Equal(t, found.Name, "foo") + } + }) +} diff --git a/internal/sync/singleton/singleton.go b/internal/sync/singleton/singleton.go new file mode 100644 index 0000000..f10beb0 --- /dev/null +++ b/internal/sync/singleton/singleton.go @@ -0,0 +1,97 @@ +package singleton + +import ( + "context" + "reflect" + + "github.com/hashicorp/go-multierror" + "k8s.io/apimachinery/pkg/runtime" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + + "github.com/wjiec/mobius/internal/expectations" +) + +type Singleton[C, R client.Object] struct { + expectations.ControllerExpectations + + scheme *runtime.Scheme + eventHandler *EventHandler[C, R] +} + +// New creates a new instance of Singleton with the given scheme and event handler. +func New[C, R client.Object](scheme *runtime.Scheme, eventHandler *EventHandler[C, R]) *Singleton[C, R] { + return &Singleton[C, R]{ + ControllerExpectations: expectations.NewControllerExpectations(), + scheme: scheme, + eventHandler: eventHandler, + } +} + +// EventHandler encapsulates the operations related to object lifecycle events for the Singleton. +type EventHandler[C, R client.Object] struct { + client.Writer + + NewObject func(ctx context.Context, controller C) R + ListObject func(ctx context.Context, controller C) ([]R, error) + + ActivatedObject func(controller C, objects []R) R + ObjectRevision func(Object R) int64 + ObjectPatcher func(controller C, desiredObject, activatedObject R) (client.Patch, error) +} + +// Sync ensures the objects are in sync with the expected state. +func (s *Singleton[C, R]) Sync(ctx context.Context, controller C) error { + // Retrieve objects associated with the controller. + ownerObjects, err := s.eventHandler.ListObject(ctx, controller) + if err != nil { + return err + } + + desiredObject := s.eventHandler.NewObject(ctx, controller) + // If no such object currently exists, and we can create this object + if len(ownerObjects) == 0 && !reflect.ValueOf(desiredObject).IsZero() { + if err = ctrl.SetControllerReference(controller, desiredObject, s.scheme); err != nil { + return err + } + + s.Expect(expectations.ControllerKeyFromCtx(ctx), expectations.ActionCreations, desiredObject.GetName()) + if err = s.eventHandler.Create(ctx, desiredObject); err != nil { + s.Observe(expectations.ControllerKeyFromCtx(ctx), expectations.ActionDeletions, desiredObject.GetName()) + return err + } + + return nil + } + + // Determine the activated object from the object list. + var activatedObject R + var hasActivatedObject bool + if len(ownerObjects) != 0 { + activatedObject = s.eventHandler.ActivatedObject(controller, ownerObjects) + hasActivatedObject = !reflect.ValueOf(activatedObject).IsZero() + } + + // Delete all objects that are inactivated. + var eg multierror.Group + for _, currObject := range ownerObjects { + if !hasActivatedObject || currObject.GetUID() != activatedObject.GetUID() { + eg.Go(func() error { return s.eventHandler.Delete(ctx, currObject) }) + } + } + if err = eg.Wait().ErrorOrNil(); err != nil { + return err + } + + // Check if the revision of the activated object matches the controller's generation. + if hasActivatedObject && s.eventHandler.ObjectRevision(activatedObject) != controller.GetGeneration() { + patch, err := s.eventHandler.ObjectPatcher(controller, desiredObject, activatedObject) + if err != nil { + return err + } + + return s.eventHandler.Patch(ctx, activatedObject, patch) + } + + return nil +} diff --git a/internal/sync/singleton/singleton_test.go b/internal/sync/singleton/singleton_test.go new file mode 100644 index 0000000..ae62a27 --- /dev/null +++ b/internal/sync/singleton/singleton_test.go @@ -0,0 +1,21 @@ +package singleton + +import ( + "testing" + + "github.com/stretchr/testify/assert" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/runtime" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" + clientgoscheme "k8s.io/client-go/kubernetes/scheme" +) + +var scheme = runtime.NewScheme() + +func init() { + utilruntime.Must(clientgoscheme.AddToScheme(scheme)) +} + +func TestNew(t *testing.T) { + assert.NotNil(t, New(scheme, &EventHandler[*corev1.Service, *corev1.Endpoints]{})) +} diff --git a/pkg/must/json.go b/pkg/must/json.go new file mode 100644 index 0000000..ddba110 --- /dev/null +++ b/pkg/must/json.go @@ -0,0 +1,15 @@ +package must + +import "encoding/json" + +// JsonMarshal marshals the given value v to a JSON format data. +// +// If marshalling fails, it panics with the encountered error. +func JsonMarshal[T any](v T) []byte { + data, err := json.Marshal(v) + if err != nil { + panic(err) + } + + return data +} diff --git a/pkg/must/json_test.go b/pkg/must/json_test.go new file mode 100644 index 0000000..2fc430a --- /dev/null +++ b/pkg/must/json_test.go @@ -0,0 +1,28 @@ +package must + +import ( + "testing" + + "github.com/stretchr/testify/assert" + corev1 "k8s.io/api/core/v1" +) + +func TestJsonMarshal(t *testing.T) { + t.Run("normal", func(t *testing.T) { + assert.NotPanics(t, func() { + JsonMarshal(&corev1.Pod{}) + }) + }) + + t.Run("nil", func(t *testing.T) { + assert.NotPanics(t, func() { + JsonMarshal[*corev1.Pod](nil) + }) + }) + + t.Run("panic", func(t *testing.T) { + assert.NotPanics(t, func() { + JsonMarshal(struct{ unexported int }{}) + }) + }) +} diff --git a/pkg/utils/merge.go b/pkg/utils/merge.go new file mode 100644 index 0000000..cc330b7 --- /dev/null +++ b/pkg/utils/merge.go @@ -0,0 +1,12 @@ +package utils + +// Merge merges the src map into the dst map. +func Merge[K comparable, V any](dst *map[K]V, src map[K]V) { + if *dst == nil { + *dst = make(map[K]V) + } + + for k, v := range src { + (*dst)[k] = v + } +} diff --git a/pkg/utils/merge_test.go b/pkg/utils/merge_test.go new file mode 100644 index 0000000..ebc8ec8 --- /dev/null +++ b/pkg/utils/merge_test.go @@ -0,0 +1,29 @@ +package utils + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestMerge(t *testing.T) { + t.Run("normal", func(t *testing.T) { + m := map[string]string{"foo": "foo"} + Merge(&m, map[string]string{"foo": "bar", "say": "hello"}) + + assert.Equal(t, m["foo"], "bar") + assert.Equal(t, m["say"], "hello") + }) + + t.Run("nil", func(t *testing.T) { + var m map[string]string + if assert.Nil(t, m) { + Merge(&m, map[string]string{"foo": "bar", "say": "hello"}) + + if assert.NotNil(t, m) { + assert.Equal(t, m["foo"], "bar") + assert.Equal(t, m["say"], "hello") + } + } + }) +} diff --git a/test/e2e/e2e_suite_test.go b/test/e2e/e2e_suite_test.go new file mode 100644 index 0000000..28e7230 --- /dev/null +++ b/test/e2e/e2e_suite_test.go @@ -0,0 +1,33 @@ +/* +Copyright 2024 Jayson Wang. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package e2e + +import ( + "fmt" + "testing" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" +) + +// Run e2e tests using the Ginkgo runner. +func TestE2E(t *testing.T) { + RegisterFailHandler(Fail) + _, _ = fmt.Fprintf(GinkgoWriter, "Starting mobius suite\n") + + RunSpecs(t, "e2e suite") +} diff --git a/test/e2e/e2e_test.go b/test/e2e/e2e_test.go new file mode 100644 index 0000000..9df70cd --- /dev/null +++ b/test/e2e/e2e_test.go @@ -0,0 +1,122 @@ +/* +Copyright 2024 Jayson Wang. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package e2e + +import ( + "fmt" + "os/exec" + "time" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + + "github.com/wjiec/mobius/test/utils" +) + +const namespace = "mobius-system" + +var _ = Describe("controller", Ordered, func() { + BeforeAll(func() { + By("installing prometheus operator") + Expect(utils.InstallPrometheusOperator()).To(Succeed()) + + By("installing the cert-manager") + Expect(utils.InstallCertManager()).To(Succeed()) + + By("creating manager namespace") + cmd := exec.Command("kubectl", "create", "ns", namespace) + _, _ = utils.Run(cmd) + }) + + AfterAll(func() { + By("uninstalling the Prometheus manager bundle") + utils.UninstallPrometheusOperator() + + By("uninstalling the cert-manager bundle") + utils.UninstallCertManager() + + By("removing manager namespace") + cmd := exec.Command("kubectl", "delete", "ns", namespace) + _, _ = utils.Run(cmd) + }) + + Context("Operator", func() { + It("should run successfully", func() { + var controllerPodName string + var err error + + // projectimage stores the name of the image used in the example + var projectimage = "example.com/mobius:v0.0.1" + + By("building the manager(Operator) image") + cmd := exec.Command("make", "docker-build", fmt.Sprintf("IMG=%s", projectimage)) + _, err = utils.Run(cmd) + ExpectWithOffset(1, err).NotTo(HaveOccurred()) + + By("loading the the manager(Operator) image on Kind") + err = utils.LoadImageToKindClusterWithName(projectimage) + ExpectWithOffset(1, err).NotTo(HaveOccurred()) + + By("installing CRDs") + cmd = exec.Command("make", "install") + _, err = utils.Run(cmd) + ExpectWithOffset(1, err).NotTo(HaveOccurred()) + + By("deploying the controller-manager") + cmd = exec.Command("make", "deploy", fmt.Sprintf("IMG=%s", projectimage)) + _, err = utils.Run(cmd) + ExpectWithOffset(1, err).NotTo(HaveOccurred()) + + By("validating that the controller-manager pod is running as expected") + verifyControllerUp := func() error { + // Get pod name + + cmd = exec.Command("kubectl", "get", + "pods", "-l", "control-plane=controller-manager", + "-o", "go-template={{ range .items }}"+ + "{{ if not .metadata.deletionTimestamp }}"+ + "{{ .metadata.name }}"+ + "{{ \"\\n\" }}{{ end }}{{ end }}", + "-n", namespace, + ) + + podOutput, err := utils.Run(cmd) + ExpectWithOffset(2, err).NotTo(HaveOccurred()) + podNames := utils.GetNonEmptyLines(string(podOutput)) + if len(podNames) != 1 { + return fmt.Errorf("expect 1 controller pods running, but got %d", len(podNames)) + } + controllerPodName = podNames[0] + ExpectWithOffset(2, controllerPodName).Should(ContainSubstring("controller-manager")) + + // Validate pod status + cmd = exec.Command("kubectl", "get", + "pods", controllerPodName, "-o", "jsonpath={.status.phase}", + "-n", namespace, + ) + status, err := utils.Run(cmd) + ExpectWithOffset(2, err).NotTo(HaveOccurred()) + if string(status) != "Running" { + return fmt.Errorf("controller pod in %s status", status) + } + return nil + } + EventuallyWithOffset(1, verifyControllerUp, time.Minute, time.Second).Should(Succeed()) + + }) + }) +}) diff --git a/test/utils/utils.go b/test/utils/utils.go new file mode 100644 index 0000000..a54d8a1 --- /dev/null +++ b/test/utils/utils.go @@ -0,0 +1,140 @@ +/* +Copyright 2024 Jayson Wang. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package utils + +import ( + "fmt" + "os" + "os/exec" + "strings" + + . "github.com/onsi/ginkgo/v2" //nolint:golint,revive +) + +const ( + prometheusOperatorVersion = "v0.72.0" + prometheusOperatorURL = "https://github.com/prometheus-operator/prometheus-operator/" + + "releases/download/%s/bundle.yaml" + + certmanagerVersion = "v1.14.4" + certmanagerURLTmpl = "https://github.com/jetstack/cert-manager/releases/download/%s/cert-manager.yaml" +) + +func warnError(err error) { + fmt.Fprintf(GinkgoWriter, "warning: %v\n", err) +} + +// InstallPrometheusOperator installs the prometheus Operator to be used to export the enabled metrics. +func InstallPrometheusOperator() error { + url := fmt.Sprintf(prometheusOperatorURL, prometheusOperatorVersion) + cmd := exec.Command("kubectl", "create", "-f", url) + _, err := Run(cmd) + return err +} + +// Run executes the provided command within this context +func Run(cmd *exec.Cmd) ([]byte, error) { + dir, _ := GetProjectDir() + cmd.Dir = dir + + if err := os.Chdir(cmd.Dir); err != nil { + fmt.Fprintf(GinkgoWriter, "chdir dir: %s\n", err) + } + + cmd.Env = append(os.Environ(), "GO111MODULE=on") + command := strings.Join(cmd.Args, " ") + fmt.Fprintf(GinkgoWriter, "running: %s\n", command) + output, err := cmd.CombinedOutput() + if err != nil { + return output, fmt.Errorf("%s failed with error: (%v) %s", command, err, string(output)) + } + + return output, nil +} + +// UninstallPrometheusOperator uninstalls the prometheus +func UninstallPrometheusOperator() { + url := fmt.Sprintf(prometheusOperatorURL, prometheusOperatorVersion) + cmd := exec.Command("kubectl", "delete", "-f", url) + if _, err := Run(cmd); err != nil { + warnError(err) + } +} + +// UninstallCertManager uninstalls the cert manager +func UninstallCertManager() { + url := fmt.Sprintf(certmanagerURLTmpl, certmanagerVersion) + cmd := exec.Command("kubectl", "delete", "-f", url) + if _, err := Run(cmd); err != nil { + warnError(err) + } +} + +// InstallCertManager installs the cert manager bundle. +func InstallCertManager() error { + url := fmt.Sprintf(certmanagerURLTmpl, certmanagerVersion) + cmd := exec.Command("kubectl", "apply", "-f", url) + if _, err := Run(cmd); err != nil { + return err + } + // Wait for cert-manager-webhook to be ready, which can take time if cert-manager + // was re-installed after uninstalling on a cluster. + cmd = exec.Command("kubectl", "wait", "deployment.apps/cert-manager-webhook", + "--for", "condition=Available", + "--namespace", "cert-manager", + "--timeout", "5m", + ) + + _, err := Run(cmd) + return err +} + +// LoadImageToKindCluster loads a local docker image to the kind cluster +func LoadImageToKindClusterWithName(name string) error { + cluster := "kind" + if v, ok := os.LookupEnv("KIND_CLUSTER"); ok { + cluster = v + } + kindOptions := []string{"load", "docker-image", name, "--name", cluster} + cmd := exec.Command("kind", kindOptions...) + _, err := Run(cmd) + return err +} + +// GetNonEmptyLines converts given command output string into individual objects +// according to line breakers, and ignores the empty elements in it. +func GetNonEmptyLines(output string) []string { + var res []string + elements := strings.Split(output, "\n") + for _, element := range elements { + if element != "" { + res = append(res, element) + } + } + + return res +} + +// GetProjectDir will return the directory where the project is +func GetProjectDir() (string, error) { + wd, err := os.Getwd() + if err != nil { + return wd, err + } + wd = strings.Replace(wd, "/test/e2e", "", -1) + return wd, nil +}