From ee2bae2ee64ecbfdc37026df9d56effcf117e219 Mon Sep 17 00:00:00 2001 From: shivi28 Date: Mon, 26 Jul 2021 14:40:44 +0530 Subject: [PATCH] GCPCluster template CRD added --- PROJECT | 3 + api/v1alpha4/gcpclustertemplate_types.go | 56 +++++++ api/v1alpha4/gcpclustertemplate_webhook.go | 76 ++++++++++ api/v1alpha4/zz_generated.deepcopy.go | 90 ++++++++++++ ....cluster.x-k8s.io_gcpclustertemplates.yaml | 137 ++++++++++++++++++ config/crd/kustomization.yaml | 3 + .../cainjection_in_gcpclustertemplates.yaml | 8 + .../webhook_in_gcpclustertemplates.yaml | 19 +++ .../rbac/gcpclustertemplate_editor_role.yaml | 24 +++ .../rbac/gcpclustertemplate_viewer_role.yaml | 20 +++ config/webhook/manifests.yaml | 42 ++++++ main.go | 4 + 12 files changed, 482 insertions(+) create mode 100644 api/v1alpha4/gcpclustertemplate_types.go create mode 100644 api/v1alpha4/gcpclustertemplate_webhook.go create mode 100644 config/crd/bases/infrastructure.cluster.x-k8s.io_gcpclustertemplates.yaml create mode 100644 config/crd/patches/cainjection_in_gcpclustertemplates.yaml create mode 100644 config/crd/patches/webhook_in_gcpclustertemplates.yaml create mode 100644 config/rbac/gcpclustertemplate_editor_role.yaml create mode 100644 config/rbac/gcpclustertemplate_viewer_role.yaml diff --git a/PROJECT b/PROJECT index d8b08efcb2..e1e8f9dc19 100644 --- a/PROJECT +++ b/PROJECT @@ -20,3 +20,6 @@ resources: - group: infrastructure version: v1alpha4 kind: GCPMachineTemplate +- group: infrastructure + version: v1alpha4 + kind: GCPClusterTemplate \ No newline at end of file diff --git a/api/v1alpha4/gcpclustertemplate_types.go b/api/v1alpha4/gcpclustertemplate_types.go new file mode 100644 index 0000000000..dea9fb56eb --- /dev/null +++ b/api/v1alpha4/gcpclustertemplate_types.go @@ -0,0 +1,56 @@ +/* +Copyright 2021 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha4 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// GCPClusterTemplateSpec defines the desired state of GCPClusterTemplate. +type GCPClusterTemplateSpec struct { + Template GCPClusterTemplateResource `json:"template"` +} + +// GCPClusterTemplateResource contains spec for GCPClusterSpec. +type GCPClusterTemplateResource struct { + Spec GCPClusterSpec `json:"spec"` +} + +//+kubebuilder:object:root=true +//+kubebuilder:resource:path=gcpclustertemplates,scope=Namespaced,categories=cluster-api,shortName=gcpct +//+kubebuilder:storageversion + +// GCPClusterTemplate is the Schema for the gcpclustertemplates API. +type GCPClusterTemplate struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec GCPClusterTemplateSpec `json:"spec,omitempty"` +} + +//+kubebuilder:object:root=true + +// GCPClusterTemplateList contains a list of GCPClusterTemplate. +type GCPClusterTemplateList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []GCPClusterTemplate `json:"items"` +} + +func init() { + SchemeBuilder.Register(&GCPClusterTemplate{}, &GCPClusterTemplateList{}) +} diff --git a/api/v1alpha4/gcpclustertemplate_webhook.go b/api/v1alpha4/gcpclustertemplate_webhook.go new file mode 100644 index 0000000000..b6a7224991 --- /dev/null +++ b/api/v1alpha4/gcpclustertemplate_webhook.go @@ -0,0 +1,76 @@ +/* +Copyright 2021 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha4 + +import ( + "fmt" + "reflect" + + apierrors "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/runtime" + ctrl "sigs.k8s.io/controller-runtime" + logf "sigs.k8s.io/controller-runtime/pkg/log" + "sigs.k8s.io/controller-runtime/pkg/webhook" +) + +// log is for logging in this package. +var gcpclustertemplatelog = logf.Log.WithName("gcpclustertemplate-resource") + +func (r *GCPClusterTemplate) SetupWebhookWithManager(mgr ctrl.Manager) error { + return ctrl.NewWebhookManagedBy(mgr). + For(r). + Complete() +} + +//+kubebuilder:webhook:verbs=create;update,path=/mutate-infrastructure-cluster-x-k8s-io-v1alpha4-gcpclustertemplate,mutating=true,failurePolicy=fail,matchPolicy=Equivalent,groups=infrastructure.cluster.x-k8s.io,resources=gcpclustertemplates,versions=v1alpha4,name=default.gcpclustertemplate.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1beta1 + +var _ webhook.Defaulter = &GCPClusterTemplate{} + +// Default implements webhook.Defaulter so a webhook will be registered for the type. +func (r *GCPClusterTemplate) Default() { + gcpclustertemplatelog.Info("default", "name", r.Name) +} + +//+kubebuilder:webhook:verbs=create;update,path=/validate-infrastructure-cluster-x-k8s-io-v1alpha4-gcpclustertemplate,mutating=false,failurePolicy=fail,matchPolicy=Equivalent,groups=infrastructure.cluster.x-k8s.io,resources=gcpclustertemplates,versions=v1alpha4,name=validation.gcpclustertemplate.infrastructure.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1beta1 + +var _ webhook.Validator = &GCPClusterTemplate{} + +// ValidateCreate implements webhook.Validator so a webhook will be registered for the type. +func (r *GCPClusterTemplate) ValidateCreate() error { + gcpclustertemplatelog.Info("validate create", "name", r.Name) + + return nil +} + +// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type. +func (r *GCPClusterTemplate) ValidateUpdate(oldRaw runtime.Object) error { + old, ok := oldRaw.(*GCPClusterTemplate) + if !ok { + return apierrors.NewBadRequest(fmt.Sprintf("expected an GCPClusterTemplate but got a %T", oldRaw)) + } + + if !reflect.DeepEqual(r.Spec, old.Spec) { + return apierrors.NewBadRequest("GCPClusterTemplate.Spec is immutable") + } + return nil +} + +// ValidateDelete implements webhook.Validator so a webhook will be registered for the type. +func (r *GCPClusterTemplate) ValidateDelete() error { + gcpclustertemplatelog.Info("validate delete", "name", r.Name) + return nil +} diff --git a/api/v1alpha4/zz_generated.deepcopy.go b/api/v1alpha4/zz_generated.deepcopy.go index d1d8d50e57..f8ea095bcc 100644 --- a/api/v1alpha4/zz_generated.deepcopy.go +++ b/api/v1alpha4/zz_generated.deepcopy.go @@ -210,6 +210,96 @@ func (in *GCPClusterStatus) DeepCopy() *GCPClusterStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GCPClusterTemplate) DeepCopyInto(out *GCPClusterTemplate) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPClusterTemplate. +func (in *GCPClusterTemplate) DeepCopy() *GCPClusterTemplate { + if in == nil { + return nil + } + out := new(GCPClusterTemplate) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *GCPClusterTemplate) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GCPClusterTemplateList) DeepCopyInto(out *GCPClusterTemplateList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]GCPClusterTemplate, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPClusterTemplateList. +func (in *GCPClusterTemplateList) DeepCopy() *GCPClusterTemplateList { + if in == nil { + return nil + } + out := new(GCPClusterTemplateList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *GCPClusterTemplateList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GCPClusterTemplateResource) DeepCopyInto(out *GCPClusterTemplateResource) { + *out = *in + in.Spec.DeepCopyInto(&out.Spec) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPClusterTemplateResource. +func (in *GCPClusterTemplateResource) DeepCopy() *GCPClusterTemplateResource { + if in == nil { + return nil + } + out := new(GCPClusterTemplateResource) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GCPClusterTemplateSpec) DeepCopyInto(out *GCPClusterTemplateSpec) { + *out = *in + in.Template.DeepCopyInto(&out.Template) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GCPClusterTemplateSpec. +func (in *GCPClusterTemplateSpec) DeepCopy() *GCPClusterTemplateSpec { + if in == nil { + return nil + } + out := new(GCPClusterTemplateSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GCPMachine) DeepCopyInto(out *GCPMachine) { *out = *in diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpclustertemplates.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpclustertemplates.yaml new file mode 100644 index 0000000000..bf68a55c71 --- /dev/null +++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_gcpclustertemplates.yaml @@ -0,0 +1,137 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.5.0 + creationTimestamp: null + name: gcpclustertemplates.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: GCPClusterTemplate + listKind: GCPClusterTemplateList + plural: gcpclustertemplates + shortNames: + - gcpct + singular: gcpclustertemplate + scope: Namespaced + versions: + - name: v1alpha4 + schema: + openAPIV3Schema: + description: GCPClusterTemplate is the Schema for the gcpclustertemplates API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GCPClusterTemplateSpec defines the desired state of GCPClusterTemplate. + properties: + template: + description: GCPClusterTemplateResource contains spec for GCPClusterSpec. + properties: + spec: + description: GCPClusterSpec defines the desired state of GCPCluster. + properties: + additionalLabels: + additionalProperties: + type: string + description: AdditionalLabels is an optional set of tags to add to GCP resources managed by the GCP provider, in addition to the ones added by default. + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + failureDomains: + description: FailureDomains is an optional field which is used to assign selected availability zones to a cluster FailureDomains if empty, defaults to all the zones in the selected region and if specified would override the default zones. + items: + type: string + type: array + network: + description: NetworkSpec encapsulates all things related to GCP network. + properties: + autoCreateSubnetworks: + description: "AutoCreateSubnetworks: When set to true, the VPC network is created in \"auto\" mode. When set to false, the VPC network is created in \"custom\" mode. \n An auto mode VPC network starts with one subnet per region. Each subnet has a predetermined range as described in Auto mode VPC network IP ranges. \n Defaults to true." + type: boolean + loadBalancerBackendPort: + description: Allow for configuration of load balancer backend (useful for changing apiserver port) + format: int32 + type: integer + name: + description: Name is the name of the network to be used. + type: string + subnets: + description: Subnets configuration. + items: + description: SubnetSpec configures an GCP Subnet. + properties: + cidrBlock: + description: CidrBlock is the range of internal addresses that are owned by this subnetwork. Provide this property when you create the subnetwork. For example, 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and non-overlapping within a network. Only IPv4 is supported. This field can be set only at resource creation time. + type: string + description: + description: Description is an optional description associated with the resource. + type: string + name: + description: Name defines a unique identifier to reference this resource. + type: string + privateGoogleAccess: + description: PrivateGoogleAccess defines whether VMs in this subnet can access Google services without assigning external IP addresses + type: boolean + region: + description: Region is the name of the region where the Subnetwork resides. + type: string + routeTableId: + description: 'EnableFlowLogs: Whether to enable flow logging for this subnetwork. If this field is not explicitly set, it will not appear in get listings. If not set the default behavior is to disable flow logging.' + type: boolean + secondaryCidrBlocks: + additionalProperties: + type: string + description: SecondaryCidrBlocks defines secondary CIDR ranges, from which secondary IP ranges of a VM may be allocated + type: object + type: object + type: array + type: object + project: + description: Project is the name of the project to deploy the cluster to. + type: string + region: + description: The GCP Region the cluster lives in. + type: string + required: + - project + - region + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index f1ba83a7a5..80883110d6 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -8,6 +8,7 @@ resources: - bases/infrastructure.cluster.x-k8s.io_gcpmachines.yaml - bases/infrastructure.cluster.x-k8s.io_gcpclusters.yaml - bases/infrastructure.cluster.x-k8s.io_gcpmachinetemplates.yaml +- bases/infrastructure.cluster.x-k8s.io_gcpclustertemplates.yaml # +kubebuilder:scaffold:crdkustomizeresource patchesStrategicMerge: @@ -16,6 +17,7 @@ patchesStrategicMerge: - patches/webhook_in_gcpmachines.yaml - patches/webhook_in_gcpclusters.yaml - patches/webhook_in_gcpmachinetemplates.yaml +- patches/webhook_in_gcpclustertemplates.yaml # +kubebuilder:scaffold:crdkustomizewebhookpatch # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix. @@ -23,6 +25,7 @@ patchesStrategicMerge: - patches/cainjection_in_gcpmachines.yaml - patches/cainjection_in_gcpclusters.yaml - patches/cainjection_in_gcpmachinetemplates.yaml +- patches/cainjection_in_gcpclustertemplates.yaml # +kubebuilder:scaffold:crdkustomizecainjectionpatch # the following config is for teaching kustomize how to do kustomization for CRDs. diff --git a/config/crd/patches/cainjection_in_gcpclustertemplates.yaml b/config/crd/patches/cainjection_in_gcpclustertemplates.yaml new file mode 100644 index 0000000000..b906664fd9 --- /dev/null +++ b/config/crd/patches/cainjection_in_gcpclustertemplates.yaml @@ -0,0 +1,8 @@ +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: gcpclustertemplates.infrastructure.cluster.x-k8s.io diff --git a/config/crd/patches/webhook_in_gcpclustertemplates.yaml b/config/crd/patches/webhook_in_gcpclustertemplates.yaml new file mode 100644 index 0000000000..4965e5387c --- /dev/null +++ b/config/crd/patches/webhook_in_gcpclustertemplates.yaml @@ -0,0 +1,19 @@ +# The following patch enables a conversion webhook for the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: gcpclustertemplates.infrastructure.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, + # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) + caBundle: Cg== + service: + namespace: system + name: webhook-service + path: /convert + conversionReviewVersions: ["v1", "v1beta1"] diff --git a/config/rbac/gcpclustertemplate_editor_role.yaml b/config/rbac/gcpclustertemplate_editor_role.yaml new file mode 100644 index 0000000000..6ca552087c --- /dev/null +++ b/config/rbac/gcpclustertemplate_editor_role.yaml @@ -0,0 +1,24 @@ +# permissions for end users to edit gcpclustertemplates. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: gcpclustertemplate-editor-role +rules: +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - gcpclustertemplates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - gcpclustertemplates/status + verbs: + - get diff --git a/config/rbac/gcpclustertemplate_viewer_role.yaml b/config/rbac/gcpclustertemplate_viewer_role.yaml new file mode 100644 index 0000000000..610adca463 --- /dev/null +++ b/config/rbac/gcpclustertemplate_viewer_role.yaml @@ -0,0 +1,20 @@ +# permissions for end users to view gcpclustertemplates. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: gcpclustertemplate-viewer-role +rules: +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - gcpclustertemplates + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - gcpclustertemplates/status + verbs: + - get diff --git a/config/webhook/manifests.yaml b/config/webhook/manifests.yaml index 0cc50ce6dc..fdfc4d25bf 100644 --- a/config/webhook/manifests.yaml +++ b/config/webhook/manifests.yaml @@ -27,6 +27,27 @@ webhooks: resources: - gcpclusters sideEffects: None +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-infrastructure-cluster-x-k8s-io-v1alpha4-gcpclustertemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.gcpclustertemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha4 + operations: + - CREATE + - UPDATE + resources: + - gcpclustertemplates + sideEffects: None - admissionReviewVersions: - v1beta1 clientConfig: @@ -77,6 +98,27 @@ webhooks: resources: - gcpclusters sideEffects: None +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-infrastructure-cluster-x-k8s-io-v1alpha4-gcpclustertemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.gcpclustertemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1alpha4 + operations: + - CREATE + - UPDATE + resources: + - gcpclustertemplates + sideEffects: None - admissionReviewVersions: - v1beta1 clientConfig: diff --git a/main.go b/main.go index ffb3e9ab23..31d6baa84c 100644 --- a/main.go +++ b/main.go @@ -152,6 +152,10 @@ func main() { setupLog.Error(err, "unable to create webhook", "webhook", "GCPCluster") os.Exit(1) } + if err = (&infrav1alpha4.GCPClusterTemplate{}).SetupWebhookWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create webhook", "webhook", "GCPClusterTemplate") + os.Exit(1) + } if err = (&infrav1alpha4.GCPMachine{}).SetupWebhookWithManager(mgr); err != nil { setupLog.Error(err, "unable to create webhook", "webhook", "GCPMachine") os.Exit(1)