From 69a26f38fee50390e54e952c4dee0fd1112e64ea Mon Sep 17 00:00:00 2001 From: Mikhail Fedosin Date: Tue, 26 Dec 2023 10:19:34 +0100 Subject: [PATCH 1/5] Add IPAM provider to API --- api/v1alpha2/ipamprovider_types.go | 59 + api/v1alpha2/ipamprovider_wrapper.go | 61 + api/v1alpha2/zz_generated.deepcopy.go | 91 + ...erator.cluster.x-k8s.io_ipamproviders.yaml | 1548 ++++++++++++++++ config/crd/kustomization.yaml | 3 + .../patches/cainjection_in_ipamproviders.yaml | 8 + .../crd/patches/webhook_in_ipamproviders.yaml | 19 + config/webhook/manifests.yaml | 44 + internal/webhook/ipamprovider_webhook.go | 75 + test/e2e/resources/full-chart-install.yaml | 1564 +++++++++++++++++ 10 files changed, 3472 insertions(+) create mode 100644 api/v1alpha2/ipamprovider_types.go create mode 100644 api/v1alpha2/ipamprovider_wrapper.go create mode 100644 config/crd/bases/operator.cluster.x-k8s.io_ipamproviders.yaml create mode 100644 config/crd/patches/cainjection_in_ipamproviders.yaml create mode 100644 config/crd/patches/webhook_in_ipamproviders.yaml create mode 100644 internal/webhook/ipamprovider_webhook.go diff --git a/api/v1alpha2/ipamprovider_types.go b/api/v1alpha2/ipamprovider_types.go new file mode 100644 index 000000000..996161069 --- /dev/null +++ b/api/v1alpha2/ipamprovider_types.go @@ -0,0 +1,59 @@ +/* +Copyright 2023 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha2 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// IPAMProviderSpec defines the desired state of IPAMProvider. +type IPAMProviderSpec struct { + ProviderSpec `json:",inline"` +} + +// IPAMProviderStatus defines the observed state of IPAMProvider. +type IPAMProviderStatus struct { + ProviderStatus `json:",inline"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:printcolumn:name="InstalledVersion",type="string",JSONPath=".status.installedVersion" +// +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:storageversion + +// IPAMProvider is the Schema for the IPAMProviders API. +type IPAMProvider struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec IPAMProviderSpec `json:"spec,omitempty"` + Status IPAMProviderStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// IPAMProviderList contains a list of IPAMProvider. +type IPAMProviderList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []IPAMProvider `json:"items"` +} + +func init() { + objectTypes = append(objectTypes, &IPAMProvider{}, &IPAMProviderList{}) +} diff --git a/api/v1alpha2/ipamprovider_wrapper.go b/api/v1alpha2/ipamprovider_wrapper.go new file mode 100644 index 000000000..f012fa944 --- /dev/null +++ b/api/v1alpha2/ipamprovider_wrapper.go @@ -0,0 +1,61 @@ +/* +Copyright 2023 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha2 + +import ( + clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1" +) + +var _ GenericProvider = &IPAMProvider{} + +func (p *IPAMProvider) GetConditions() clusterv1.Conditions { + return p.Status.Conditions +} + +func (p *IPAMProvider) SetConditions(conditions clusterv1.Conditions) { + p.Status.Conditions = conditions +} + +func (p *IPAMProvider) GetSpec() ProviderSpec { + return p.Spec.ProviderSpec +} + +func (p *IPAMProvider) SetSpec(in ProviderSpec) { + p.Spec.ProviderSpec = in +} + +func (p *IPAMProvider) GetStatus() ProviderStatus { + return p.Status.ProviderStatus +} + +func (p *IPAMProvider) SetStatus(in ProviderStatus) { + p.Status.ProviderStatus = in +} + +func (p *IPAMProvider) GetType() string { + return "ipam" +} + +func (p *IPAMProviderList) GetItems() []GenericProvider { + providers := []GenericProvider{} + + for index := range p.Items { + providers = append(providers, &p.Items[index]) + } + + return providers +} diff --git a/api/v1alpha2/zz_generated.deepcopy.go b/api/v1alpha2/zz_generated.deepcopy.go index 4c81e750e..22815555a 100644 --- a/api/v1alpha2/zz_generated.deepcopy.go +++ b/api/v1alpha2/zz_generated.deepcopy.go @@ -644,6 +644,97 @@ func (in *FetchConfiguration) DeepCopy() *FetchConfiguration { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPAMProvider) DeepCopyInto(out *IPAMProvider) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPAMProvider. +func (in *IPAMProvider) DeepCopy() *IPAMProvider { + if in == nil { + return nil + } + out := new(IPAMProvider) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *IPAMProvider) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPAMProviderList) DeepCopyInto(out *IPAMProviderList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]IPAMProvider, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPAMProviderList. +func (in *IPAMProviderList) DeepCopy() *IPAMProviderList { + if in == nil { + return nil + } + out := new(IPAMProviderList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *IPAMProviderList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPAMProviderSpec) DeepCopyInto(out *IPAMProviderSpec) { + *out = *in + in.ProviderSpec.DeepCopyInto(&out.ProviderSpec) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPAMProviderSpec. +func (in *IPAMProviderSpec) DeepCopy() *IPAMProviderSpec { + if in == nil { + return nil + } + out := new(IPAMProviderSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPAMProviderStatus) DeepCopyInto(out *IPAMProviderStatus) { + *out = *in + in.ProviderStatus.DeepCopyInto(&out.ProviderStatus) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPAMProviderStatus. +func (in *IPAMProviderStatus) DeepCopy() *IPAMProviderStatus { + if in == nil { + return nil + } + out := new(IPAMProviderStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *InfrastructureProvider) DeepCopyInto(out *InfrastructureProvider) { *out = *in diff --git a/config/crd/bases/operator.cluster.x-k8s.io_ipamproviders.yaml b/config/crd/bases/operator.cluster.x-k8s.io_ipamproviders.yaml new file mode 100644 index 000000000..fa5844a43 --- /dev/null +++ b/config/crd/bases/operator.cluster.x-k8s.io_ipamproviders.yaml @@ -0,0 +1,1548 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.4 + name: ipamproviders.operator.cluster.x-k8s.io +spec: + group: operator.cluster.x-k8s.io + names: + kind: IPAMProvider + listKind: IPAMProviderList + plural: ipamproviders + singular: ipamprovider + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.installedVersion + name: InstalledVersion + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + name: v1alpha2 + schema: + openAPIV3Schema: + description: IPAMProvider is the Schema for the IPAMProviders API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPAMProviderSpec defines the desired state of IPAMProvider. + properties: + additionalManifests: + description: AdditionalManifests is reference to configmap that contains + additional manifests that will be applied together with the provider + components. The key for storing these manifests has to be `manifests`. + The manifests are applied only once when a certain release is installed/upgraded. + If namespace is not specified, the namespace of the provider will + be used. There is no validation of the yaml content inside the configmap. + properties: + name: + description: Name defines the name of the configmap. + type: string + namespace: + description: Namespace defines the namespace of the configmap. + type: string + required: + - name + type: object + configSecret: + description: ConfigSecret is the object with name and namespace of + the Secret providing the configuration variables for the current + provider instance, like e.g. credentials. Such configurations will + be used when creating or upgrading provider components. The contents + of the secret will be treated as immutable. If changes need to be + made, a new object can be created and the name should be updated. + The contents should be in the form of key:value. This secret must + be in the same namespace as the provider. + properties: + name: + description: Name defines the name of the secret. + type: string + namespace: + description: Namespace defines the namespace of the secret. + type: string + required: + - name + type: object + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the provider. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: ContainerSpec defines the properties available + to override for each container in a provider deployment such + as Image and Args to the container’s entrypoint. + properties: + args: + additionalProperties: + type: string + description: Args represents extra provider specific flags + that are not encoded as fields in this API. Explicit controller + manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead + of the container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of + whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + imageUrl: + description: Container Image URL + type: string + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. \n This field + is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where + this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: List of image pull secrets specified in the Deployment + items: + description: LocalObjectReference contains enough information + to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which must be true for + the pod to fit on a node. Selector which must match a node''s + labels for the pod to be scheduled on that node. More info: + https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + replicas: + description: Number of desired pods. This is a pointer to distinguish + between explicit zero and not specified. Defaults to 1. + minimum: 0 + type: integer + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + fetchConfig: + description: FetchConfig determines how the operator will fetch the + components and metadata for the provider. If nil, the operator will + try to fetch components according to default embedded fetch configuration + for the given kind and `ObjectMeta.Name`. For example, the infrastructure + name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. + properties: + selector: + description: 'Selector to be used for fetching provider’s components + and metadata from ConfigMaps stored inside the cluster. Each + ConfigMap is expected to contain components and metadata for + a specific version only. Note: the name of the ConfigMap should + be set to the version or to override this add a label like the + following: provider.cluster.x-k8s.io/version=v1.4.3' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + url: + description: URL to be used for fetching the provider’s components + and metadata from a remote Github repository. For example, https://github.com/{owner}/{repository}/releases + You must set `providerSpec.Version` field for operator to pick + up desired version of the release from GitHub. + type: string + type: object + manager: + description: Manager defines the properties that can be enabled on + the controller manager for the provider. + properties: + cacheNamespace: + description: "CacheNamespace if specified restricts the manager's + cache to watch objects in the desired namespace Defaults to + all namespaces \n Note: If a namespace is specified, controllers + can still Watch for a cluster-scoped resource (e.g Node). For + namespaced resources the cache will only hold objects from the + desired namespace." + type: string + controller: + description: Controller contains global configuration options + for controllers registered within this manager. + properties: + cacheSyncTimeout: + description: CacheSyncTimeout refers to the time limit set + to wait for syncing caches. Defaults to 2 minutes if not + set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: "GroupKindConcurrency is a map from a Kind to + the number of concurrent reconciliation allowed for that + controller. \n When a controller is registered within this + manager using the builder utilities, users have to specify + the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this + map, the concurrency for that controller is set to the number + specified. \n The key is expected to be consistent in form + with GroupKind.String(), e.g. ReplicaSet in apps group (regardless + of version) would be `ReplicaSet.apps`." + type: object + recoverPanic: + description: RecoverPanic indicates if panics should be recovered. + type: boolean + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates define provider specific feature flags + that will be passed in as container args to the provider's controller + manager. Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: GracefulShutdownTimeout is the duration given to + runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) To use + graceful shutdown without timeout, set to a negative duration, + e.G. time.Duration(-1) The graceful shutdown is skipped for + safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: HealthProbeBindAddress is the TCP address that + the controller should bind to for serving health probes + It can be set to "0" or "" to disable serving the health + probe. + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: LeaderElection is the LeaderElection config to be + used when configuring the manager.Manager leader election + properties: + leaderElect: + description: leaderElect enables a leader election client + to gain leadership before executing the main loop. Enable + this when running replicated components for high availability. + type: boolean + leaseDuration: + description: leaseDuration is the duration that non-leader + candidates will wait after observing a leadership renewal + until attempting to acquire leadership of a led but unrenewed + leader slot. This is effectively the maximum duration that + a leader can be stopped before it is replaced by another + candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: renewDeadline is the interval between attempts + by the acting master to renew a leadership slot before it + stops leading. This must be less than or equal to the lease + duration. This is only applicable if leader election is + enabled. + type: string + resourceLock: + description: resourceLock indicates the resource object type + that will be used to lock during leader election cycles. + type: string + resourceName: + description: resourceName indicates the name of resource object + that will be used to lock during leader election cycles. + type: string + resourceNamespace: + description: resourceName indicates the namespace of resource + object that will be used to lock during leader election + cycles. + type: string + retryPeriod: + description: retryPeriod is the duration the clients should + wait between attempting acquisition and renewal of a leadership. + This is only applicable if leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: MaxConcurrentReconciles is the maximum number of + concurrent Reconciles which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains thw controller metrics configuration + properties: + bindAddress: + description: BindAddress is the TCP address that the controller + should bind to for serving prometheus metrics. It can be + set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: ProfilerAddress defines the bind address to expose + the pprof profiler (e.g. localhost:6060). Default empty, meaning + the profiler is disabled. Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: SyncPeriod determines the minimum frequency at which + watched resources are reconciled. A lower period will correct + entropy more quickly, but reduce responsiveness to change if + there are many watched resources. Change this value only if + you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all + controllers so that all controllers will not send list requests + simultaneously. + type: string + verbosity: + default: 1 + description: Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: CertDir is the directory that contains the server + key and certificate. if not set, webhook server would look + up the server key and certificate in {TempDir}/k8s-webhook-server/serving-certs. + The server key and certificate must be named tls.key and + tls.crt, respectively. + type: string + host: + description: Host is the hostname that the webhook server + binds to. It is used to set webhook.Server.Host. + type: string + port: + description: Port is the port that the webhook server serves + at. It is used to set webhook.Server.Port. + type: integer + type: object + type: object + manifestPatches: + description: ManifestPatches are applied to rendered provider manifests + to customize the provider manifests. Patches are applied in the + order they are specified. The `kind` field must match the target + object, and if `apiVersion` is specified it will only be applied + to matching objects. This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 + items: + type: string + type: array + version: + description: Version indicates the provider version. + type: string + type: object + status: + description: IPAMProviderStatus defines the observed state of IPAMProvider. + properties: + conditions: + description: Conditions define the current service state of the provider. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + contract: + description: Contract will contain the core provider contract that + the provider is abiding by, like e.g. v1alpha4. + type: string + installedVersion: + description: InstalledVersion is the version of the provider that + is installed. + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index fa4df33c9..e6c6a7b0f 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -7,6 +7,7 @@ resources: - bases/operator.cluster.x-k8s.io_controlplaneproviders.yaml - bases/operator.cluster.x-k8s.io_infrastructureproviders.yaml - bases/operator.cluster.x-k8s.io_addonproviders.yaml +- bases/operator.cluster.x-k8s.io_ipamproviders.yaml # +kubebuilder:scaffold:crdkustomizeresource patchesStrategicMerge: @@ -17,6 +18,7 @@ patchesStrategicMerge: - patches/webhook_in_controlplaneproviders.yaml - patches/webhook_in_infrastructureproviders.yaml - patches/webhook_in_addonproviders.yaml +- patches/webhook_in_ipamproviders.yaml # +kubebuilder:scaffold:crdkustomizewebhookpatch # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix. @@ -26,6 +28,7 @@ patchesStrategicMerge: - patches/cainjection_in_controlplaneproviders.yaml - patches/cainjection_in_infrastructureproviders.yaml - patches/cainjection_in_addonproviders.yaml +- patches/cainjection_in_ipamproviders.yaml # +kubebuilder:scaffold:crdkustomizecainjectionpatch # the following config is for teaching kustomize how to do kustomization for CRDs. diff --git a/config/crd/patches/cainjection_in_ipamproviders.yaml b/config/crd/patches/cainjection_in_ipamproviders.yaml new file mode 100644 index 000000000..f932c66e7 --- /dev/null +++ b/config/crd/patches/cainjection_in_ipamproviders.yaml @@ -0,0 +1,8 @@ +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: ipamproviders.operator.cluster.x-k8s.io diff --git a/config/crd/patches/webhook_in_ipamproviders.yaml b/config/crd/patches/webhook_in_ipamproviders.yaml new file mode 100644 index 000000000..ba4ba3def --- /dev/null +++ b/config/crd/patches/webhook_in_ipamproviders.yaml @@ -0,0 +1,19 @@ +# The following patch enables conversion webhook for CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: ipamproviders.operator.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: [ "v1", "v1alpha1" ] + clientConfig: + # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, + # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) + caBundle: Cg== + service: + namespace: system + name: webhook-service + path: /convert diff --git a/config/webhook/manifests.yaml b/config/webhook/manifests.yaml index 8f8624d43..7c22b2676 100644 --- a/config/webhook/manifests.yaml +++ b/config/webhook/manifests.yaml @@ -114,6 +114,28 @@ webhooks: resources: - infrastructureproviders sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-operator-cluster-x-k8s-io-v1alpha2-ipamprovider + failurePolicy: Fail + matchPolicy: Equivalent + name: vipamprovider.kb.io + rules: + - apiGroups: + - operator.cluster.x-k8s.io + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - ipamproviders + sideEffects: None --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration @@ -230,3 +252,25 @@ webhooks: resources: - infrastructureproviders sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-operator-cluster-x-k8s-io-v1alpha2-ipamprovider + failurePolicy: Fail + matchPolicy: Equivalent + name: vipamprovider.kb.io + rules: + - apiGroups: + - operator.cluster.x-k8s.io + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - ipamproviders + sideEffects: None diff --git a/internal/webhook/ipamprovider_webhook.go b/internal/webhook/ipamprovider_webhook.go new file mode 100644 index 000000000..fbc60836e --- /dev/null +++ b/internal/webhook/ipamprovider_webhook.go @@ -0,0 +1,75 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package webhook + +import ( + "context" + "fmt" + + apierrors "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/runtime" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/webhook" + "sigs.k8s.io/controller-runtime/pkg/webhook/admission" + + operatorv1 "sigs.k8s.io/cluster-api-operator/api/v1alpha2" +) + +type IPAMProviderWebhook struct{} + +func (r *IPAMProviderWebhook) SetupWebhookWithManager(mgr ctrl.Manager) error { + return ctrl.NewWebhookManagedBy(mgr). + For(&operatorv1.IPAMProvider{}). + WithValidator(r). + WithDefaulter(r). + Complete() +} + +//+kubebuilder:webhook:verbs=create;update,path=/validate-operator-cluster-x-k8s-io-v1alpha2-ipamprovider,mutating=false,failurePolicy=fail,matchPolicy=Equivalent,groups=operator.cluster.x-k8s.io,resources=ipamproviders,versions=v1alpha2,name=vipamprovider.kb.io,sideEffects=None,admissionReviewVersions=v1;v1beta1 +//+kubebuilder:webhook:verbs=create;update,path=/mutate-operator-cluster-x-k8s-io-v1alpha2-ipamprovider,mutating=true,failurePolicy=fail,matchPolicy=Equivalent,matchPolicy=Equivalent,groups=operator.cluster.x-k8s.io,resources=ipamproviders,versions=v1alpha2,name=vipamprovider.kb.io,sideEffects=None,admissionReviewVersions=v1;v1beta1 + +var ( + _ webhook.CustomValidator = &IPAMProviderWebhook{} + _ webhook.CustomDefaulter = &IPAMProviderWebhook{} +) + +// ValidateCreate implements webhook.Validator so a webhook will be registered for the type. +func (r *IPAMProviderWebhook) ValidateCreate(ctx context.Context, obj runtime.Object) (admission.Warnings, error) { + return nil, nil +} + +// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type. +func (r *IPAMProviderWebhook) ValidateUpdate(ctx context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { + return nil, nil +} + +// ValidateDelete implements webhook.Validator so a webhook will be registered for the type. +func (r *IPAMProviderWebhook) ValidateDelete(_ context.Context, obj runtime.Object) (admission.Warnings, error) { + return nil, nil +} + +// Default implements webhook.Default so a webhook will be registered for the type. +func (r *IPAMProviderWebhook) Default(ctx context.Context, obj runtime.Object) error { + ipamProvider, ok := obj.(*operatorv1.IPAMProvider) + if !ok { + return apierrors.NewBadRequest(fmt.Sprintf("expected a IPAMProvider but got a %T", obj)) + } + + setDefaultProviderSpec(&ipamProvider.Spec.ProviderSpec, ipamProvider.Namespace) + + return nil +} diff --git a/test/e2e/resources/full-chart-install.yaml b/test/e2e/resources/full-chart-install.yaml index e7bd8aac2..769086b47 100644 --- a/test/e2e/resources/full-chart-install.yaml +++ b/test/e2e/resources/full-chart-install.yaml @@ -13944,6 +13944,1570 @@ spec: status: {} --- # Source: cluster-api-operator/templates/operator-components.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: 'default/capi-operator-serving-cert' + controller-gen.kubebuilder.io/version: v0.11.4 + labels: + clusterctl.cluster.x-k8s.io/core: capi-operator + name: ipamproviders.operator.cluster.x-k8s.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capi-operator-webhook-service + namespace: 'default' + path: /convert + conversionReviewVersions: + - v1 + - v1alpha1 + group: operator.cluster.x-k8s.io + names: + kind: IPAMProvider + listKind: IPAMProviderList + plural: ipamproviders + singular: ipamprovider + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.installedVersion + name: InstalledVersion + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + name: v1alpha2 + schema: + openAPIV3Schema: + description: IPAMProvider is the Schema for the IPAMProviders API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPAMProviderSpec defines the desired state of IPAMProvider. + properties: + additionalManifests: + description: AdditionalManifests is reference to configmap that contains + additional manifests that will be applied together with the provider + components. The key for storing these manifests has to be `manifests`. + The manifests are applied only once when a certain release is installed/upgraded. + If namespace is not specified, the namespace of the provider will + be used. There is no validation of the yaml content inside the configmap. + properties: + name: + description: Name defines the name of the configmap. + type: string + namespace: + description: Namespace defines the namespace of the configmap. + type: string + required: + - name + type: object + configSecret: + description: ConfigSecret is the object with name and namespace of + the Secret providing the configuration variables for the current + provider instance, like e.g. credentials. Such configurations will + be used when creating or upgrading provider components. The contents + of the secret will be treated as immutable. If changes need to be + made, a new object can be created and the name should be updated. + The contents should be in the form of key:value. This secret must + be in the same namespace as the provider. + properties: + name: + description: Name defines the name of the secret. + type: string + namespace: + description: Namespace defines the namespace of the secret. + type: string + required: + - name + type: object + deployment: + description: Deployment defines the properties that can be enabled + on the deployment for the provider. + properties: + affinity: + description: If specified, the pod's scheduling constraints + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for + the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node matches the corresponding matchExpressions; + the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects + (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with + the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the + corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from + its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term + matches no objects. The requirements of them are + ANDed. The TopologySelectorTerm type implements + a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is + a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators + are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. + If the operator is In or NotIn, the + values array must be non-empty. If the + operator is Exists or DoesNotExist, + the values array must be empty. If the + operator is Gt or Lt, the values array + must have a single element, which will + be interpreted as an integer. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. + co-locate this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the affinity expressions specified + by this field, but it may choose a node that violates + one or more of the expressions. The node that is most + preferred is the one with the greatest sum of weights, + i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the affinity requirements + specified by this field cease to be met at some point + during pod execution (e.g. due to a pod label update), + the system may or may not try to eventually evict the + pod from its node. When there are multiple elements, + the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules + (e.g. avoid putting this pod in the same node, zone, etc. + as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods + to nodes that satisfy the anti-affinity expressions + specified by this field, but it may choose a node that + violates one or more of the expressions. The node that + is most preferred is the one with the greatest sum of + weights, i.e. for each node that meets all of the scheduling + requirements (resource request, requiredDuringScheduling + anti-affinity expressions, etc.), compute a sum by iterating + through the elements of this field and adding "weight" + to the sum if the node has pods which matches the corresponding + podAffinityTerm; the node(s) with the highest sum are + the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred + node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by + this field and the ones listed in the namespaces + field. null selector and null or empty namespaces + list means "this pod's namespace". An empty + selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list + of label selector requirements. The requirements + are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key + that the selector applies to. + type: string + operator: + description: operator represents a + key's relationship to a set of values. + Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of + string values. If the operator is + In or NotIn, the values array must + be non-empty. If the operator is + Exists or DoesNotExist, the values + array must be empty. This array + is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. + The term is applied to the union of the namespaces + listed in this field and the ones selected + by namespaceSelector. null or empty namespaces + list and null namespaceSelector means "this + pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the + pods matching the labelSelector in the specified + namespaces, where co-located is defined as + running on a node whose value of the label + with key topologyKey matches that of any node + on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the + corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified + by this field are not met at scheduling time, the pod + will not be scheduled onto the node. If the anti-affinity + requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod + label update), the system may or may not try to eventually + evict the pod from its node. When there are multiple + elements, the lists of nodes corresponding to each podAffinityTerm + are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not + co-located (anti-affinity) with, where co-located + is defined as running on a node whose value of the + label with key matches that of any node + on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + containers: + description: List of containers specified in the Deployment + items: + description: ContainerSpec defines the properties available + to override for each container in a provider deployment such + as Image and Args to the container’s entrypoint. + properties: + args: + additionalProperties: + type: string + description: Args represents extra provider specific flags + that are not encoded as fields in this API. Explicit controller + manager properties defined in the `Provider.ManagerSpec` + will have higher precedence than those defined in `ContainerSpec.Args`. + For example, `ManagerSpec.SyncPeriod` will be used instead + of the container arg `--sync-period` if both are defined. + The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`. + type: object + command: + description: Command allows override container's entrypoint + array. + items: + type: string + type: array + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of + whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + imageUrl: + description: Container Image URL + type: string + name: + description: Name of the container. Cannot be updated. + type: string + resources: + description: Compute resources required by this container. + properties: + claims: + description: "Claims lists the names of resources, defined + in spec.resourceClaims, that are used by this container. + \n This is an alpha field and requires enabling the + DynamicResourceAllocation feature gate. \n This field + is immutable. It can only be set for containers." + items: + description: ResourceClaim references one entry in + PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry + in pod.spec.resourceClaims of the Pod where + this field is used. It makes that resource available + inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of + compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount + of compute resources required. If Requests is omitted + for a container, it defaults to Limits if that is + explicitly specified, otherwise to an implementation-defined + value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + required: + - name + type: object + type: array + imagePullSecrets: + description: List of image pull secrets specified in the Deployment + items: + description: LocalObjectReference contains enough information + to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which must be true for + the pod to fit on a node. Selector which must match a node''s + labels for the pod to be scheduled on that node. More info: + https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + replicas: + description: Number of desired pods. This is a pointer to distinguish + between explicit zero and not specified. Defaults to 1. + minimum: 0 + type: integer + serviceAccountName: + description: If specified, the pod's service account + type: string + tolerations: + description: If specified, the pod's tolerations. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + fetchConfig: + description: FetchConfig determines how the operator will fetch the + components and metadata for the provider. If nil, the operator will + try to fetch components according to default embedded fetch configuration + for the given kind and `ObjectMeta.Name`. For example, the infrastructure + name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. + properties: + selector: + description: 'Selector to be used for fetching provider’s components + and metadata from ConfigMaps stored inside the cluster. Each + ConfigMap is expected to contain components and metadata for + a specific version only. Note: the name of the ConfigMap should + be set to the version or to override this add a label like the + following: provider.cluster.x-k8s.io/version=v1.4.3' + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + url: + description: URL to be used for fetching the provider’s components + and metadata from a remote Github repository. For example, https://github.com/{owner}/{repository}/releases + You must set `providerSpec.Version` field for operator to pick + up desired version of the release from GitHub. + type: string + type: object + manager: + description: Manager defines the properties that can be enabled on + the controller manager for the provider. + properties: + cacheNamespace: + description: "CacheNamespace if specified restricts the manager's + cache to watch objects in the desired namespace Defaults to + all namespaces \n Note: If a namespace is specified, controllers + can still Watch for a cluster-scoped resource (e.g Node). For + namespaced resources the cache will only hold objects from the + desired namespace." + type: string + controller: + description: Controller contains global configuration options + for controllers registered within this manager. + properties: + cacheSyncTimeout: + description: CacheSyncTimeout refers to the time limit set + to wait for syncing caches. Defaults to 2 minutes if not + set. + format: int64 + type: integer + groupKindConcurrency: + additionalProperties: + type: integer + description: "GroupKindConcurrency is a map from a Kind to + the number of concurrent reconciliation allowed for that + controller. \n When a controller is registered within this + manager using the builder utilities, users have to specify + the type the controller reconciles in the For(...) call. + If the object's kind passed matches one of the keys in this + map, the concurrency for that controller is set to the number + specified. \n The key is expected to be consistent in form + with GroupKind.String(), e.g. ReplicaSet in apps group (regardless + of version) would be `ReplicaSet.apps`." + type: object + recoverPanic: + description: RecoverPanic indicates if panics should be recovered. + type: boolean + type: object + featureGates: + additionalProperties: + type: boolean + description: FeatureGates define provider specific feature flags + that will be passed in as container args to the provider's controller + manager. Controller Manager flag is --feature-gates. + type: object + gracefulShutDown: + description: GracefulShutdownTimeout is the duration given to + runnable to stop before the manager actually returns on stop. + To disable graceful shutdown, set to time.Duration(0) To use + graceful shutdown without timeout, set to a negative duration, + e.G. time.Duration(-1) The graceful shutdown is skipped for + safety reasons in case the leader election lease is lost. + type: string + health: + description: Health contains the controller health configuration + properties: + healthProbeBindAddress: + description: HealthProbeBindAddress is the TCP address that + the controller should bind to for serving health probes + It can be set to "0" or "" to disable serving the health + probe. + type: string + livenessEndpointName: + description: LivenessEndpointName, defaults to "healthz" + type: string + readinessEndpointName: + description: ReadinessEndpointName, defaults to "readyz" + type: string + type: object + leaderElection: + description: LeaderElection is the LeaderElection config to be + used when configuring the manager.Manager leader election + properties: + leaderElect: + description: leaderElect enables a leader election client + to gain leadership before executing the main loop. Enable + this when running replicated components for high availability. + type: boolean + leaseDuration: + description: leaseDuration is the duration that non-leader + candidates will wait after observing a leadership renewal + until attempting to acquire leadership of a led but unrenewed + leader slot. This is effectively the maximum duration that + a leader can be stopped before it is replaced by another + candidate. This is only applicable if leader election is + enabled. + type: string + renewDeadline: + description: renewDeadline is the interval between attempts + by the acting master to renew a leadership slot before it + stops leading. This must be less than or equal to the lease + duration. This is only applicable if leader election is + enabled. + type: string + resourceLock: + description: resourceLock indicates the resource object type + that will be used to lock during leader election cycles. + type: string + resourceName: + description: resourceName indicates the name of resource object + that will be used to lock during leader election cycles. + type: string + resourceNamespace: + description: resourceName indicates the namespace of resource + object that will be used to lock during leader election + cycles. + type: string + retryPeriod: + description: retryPeriod is the duration the clients should + wait between attempting acquisition and renewal of a leadership. + This is only applicable if leader election is enabled. + type: string + required: + - leaderElect + - leaseDuration + - renewDeadline + - resourceLock + - resourceName + - resourceNamespace + - retryPeriod + type: object + maxConcurrentReconciles: + description: MaxConcurrentReconciles is the maximum number of + concurrent Reconciles which can be run. + minimum: 1 + type: integer + metrics: + description: Metrics contains thw controller metrics configuration + properties: + bindAddress: + description: BindAddress is the TCP address that the controller + should bind to for serving prometheus metrics. It can be + set to "0" to disable the metrics serving. + type: string + type: object + profilerAddress: + description: ProfilerAddress defines the bind address to expose + the pprof profiler (e.g. localhost:6060). Default empty, meaning + the profiler is disabled. Controller Manager flag is --profiler-address. + type: string + syncPeriod: + description: SyncPeriod determines the minimum frequency at which + watched resources are reconciled. A lower period will correct + entropy more quickly, but reduce responsiveness to change if + there are many watched resources. Change this value only if + you know what you are doing. Defaults to 10 hours if unset. + there will a 10 percent jitter between the SyncPeriod of all + controllers so that all controllers will not send list requests + simultaneously. + type: string + verbosity: + default: 1 + description: Verbosity set the logs verbosity. Defaults to 1. + Controller Manager flag is --verbosity. + minimum: 0 + type: integer + webhook: + description: Webhook contains the controllers webhook configuration + properties: + certDir: + description: CertDir is the directory that contains the server + key and certificate. if not set, webhook server would look + up the server key and certificate in {TempDir}/k8s-webhook-server/serving-certs. + The server key and certificate must be named tls.key and + tls.crt, respectively. + type: string + host: + description: Host is the hostname that the webhook server + binds to. It is used to set webhook.Server.Host. + type: string + port: + description: Port is the port that the webhook server serves + at. It is used to set webhook.Server.Port. + type: integer + type: object + type: object + manifestPatches: + description: ManifestPatches are applied to rendered provider manifests + to customize the provider manifests. Patches are applied in the + order they are specified. The `kind` field must match the target + object, and if `apiVersion` is specified it will only be applied + to matching objects. This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396 + items: + type: string + type: array + version: + description: Version indicates the provider version. + type: string + type: object + status: + description: IPAMProviderStatus defines the observed state of IPAMProvider. + properties: + conditions: + description: Conditions define the current service state of the provider. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + contract: + description: Contract will contain the core provider contract that + the provider is abiding by, like e.g. v1alpha4. + type: string + installedVersion: + description: InstalledVersion is the version of the provider that + is installed. + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +# Source: cluster-api-operator/templates/operator-components.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: From b808867bf9416889b5daca41b1c0ae3ddcb7040b Mon Sep 17 00:00:00 2001 From: Mikhail Fedosin Date: Tue, 26 Dec 2023 10:54:08 +0100 Subject: [PATCH 2/5] Implement reconciliation of IPAM provider --- PROJECT | 16 +++++++ cmd/main.go | 15 +++++++ .../healthcheck/healthcheck_controller.go | 7 +++ internal/controller/phases.go | 2 + test/e2e/resources/full-chart-install.yaml | 44 +++++++++++++++++++ util/util.go | 2 + 6 files changed, 86 insertions(+) diff --git a/PROJECT b/PROJECT index e965e4c67..47fe76653 100644 --- a/PROJECT +++ b/PROJECT @@ -74,4 +74,20 @@ resources: kind: InfrastructureProvider path: sigs.k8s.io/cluster-api-operator/api/v1alpha2 version: v1alpha2 +- api: + crdVersion: v1 + namespaced: true + domain: cluster.x-k8s.io + group: operator + kind: AddonProvider + path: sigs.k8s.io/cluster-api-operator/api/v1alpha2 + version: v1alpha2 +- api: + crdVersion: v1 + namespaced: true + domain: cluster.x-k8s.io + group: operator + kind: IPAMProvider + path: sigs.k8s.io/cluster-api-operator/api/v1alpha2 + version: v1alpha2 version: "3" diff --git a/cmd/main.go b/cmd/main.go index 738bf0e18..397369997 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -260,6 +260,16 @@ func setupReconcilers(mgr ctrl.Manager) { os.Exit(1) } + if err := (&providercontroller.GenericProviderReconciler{ + Provider: &operatorv1.IPAMProvider{}, + ProviderList: &operatorv1.IPAMProviderList{}, + Client: mgr.GetClient(), + Config: mgr.GetConfig(), + }).SetupWithManager(mgr, concurrency(concurrencyNumber)); err != nil { + setupLog.Error(err, "unable to create controller", "controller", "IPAMProvider") + os.Exit(1) + } + if err := (&healtchcheckcontroller.ProviderHealthCheckReconciler{ Client: mgr.GetClient(), }).SetupWithManager(mgr, concurrency(concurrencyNumber)); err != nil { @@ -293,6 +303,11 @@ func setupWebhooks(mgr ctrl.Manager) { setupLog.Error(err, "unable to create webhook", "webhook", "AddonProvider") os.Exit(1) } + + if err := (&webhook.IPAMProviderWebhook{}).SetupWebhookWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create webhook", "webhook", "IPAMProvider") + os.Exit(1) + } } func concurrency(c int) controller.Options { diff --git a/internal/controller/healthcheck/healthcheck_controller.go b/internal/controller/healthcheck/healthcheck_controller.go index 248beb6a3..559414169 100644 --- a/internal/controller/healthcheck/healthcheck_controller.go +++ b/internal/controller/healthcheck/healthcheck_controller.go @@ -158,6 +158,13 @@ func (r *ProviderHealthCheckReconciler) getGenericProvider(ctx context.Context, return nil, err } + return provider, nil + case "IPAMProvider": + provider := &operatorv1.IPAMProvider{} + if err := r.Client.Get(ctx, types.NamespacedName{Name: providerName, Namespace: providerNamespace}, provider); err != nil { + return nil, err + } + return provider, nil default: return nil, fmt.Errorf("failed to cast interface for type: %s", providerKind) diff --git a/internal/controller/phases.go b/internal/controller/phases.go index 466400d1f..16ddb77bd 100644 --- a/internal/controller/phases.go +++ b/internal/controller/phases.go @@ -515,6 +515,8 @@ func clusterctlProviderName(provider operatorv1.GenericProvider) client.ObjectKe prefix = "infrastructure-" case *operatorv1.AddonProvider: prefix = "addon-" + case *operatorv1.IPAMProvider: + prefix = "ipam-" } return client.ObjectKey{Name: prefix + provider.GetName(), Namespace: provider.GetNamespace()} diff --git a/test/e2e/resources/full-chart-install.yaml b/test/e2e/resources/full-chart-install.yaml index 769086b47..12fdd5231 100644 --- a/test/e2e/resources/full-chart-install.yaml +++ b/test/e2e/resources/full-chart-install.yaml @@ -15868,6 +15868,28 @@ webhooks: resources: - infrastructureproviders sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-operator-webhook-service + namespace: 'default' + path: /mutate-operator-cluster-x-k8s-io-v1alpha2-ipamprovider + failurePolicy: Fail + matchPolicy: Equivalent + name: vipamprovider.kb.io + rules: + - apiGroups: + - operator.cluster.x-k8s.io + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - ipamproviders + sideEffects: None --- # Source: cluster-api-operator/templates/operator-components.yaml apiVersion: admissionregistration.k8s.io/v1 @@ -15989,3 +16011,25 @@ webhooks: resources: - infrastructureproviders sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capi-operator-webhook-service + namespace: 'default' + path: /validate-operator-cluster-x-k8s-io-v1alpha2-ipamprovider + failurePolicy: Fail + matchPolicy: Equivalent + name: vipamprovider.kb.io + rules: + - apiGroups: + - operator.cluster.x-k8s.io + apiVersions: + - v1alpha2 + operations: + - CREATE + - UPDATE + resources: + - ipamproviders + sideEffects: None diff --git a/util/util.go b/util/util.go index ac44f2d29..3f7f57b85 100644 --- a/util/util.go +++ b/util/util.go @@ -40,6 +40,8 @@ func ClusterctlProviderType(genericProvider operatorv1.GenericProvider) clusterc return clusterctlv1.BootstrapProviderType case *operatorv1.AddonProvider: return clusterctlv1.AddonProviderType + case *operatorv1.IPAMProvider: + return clusterctlv1.IPAMProviderType } return clusterctlv1.ProviderTypeUnknown From 480ece64cae8521677c26619cfa743cc89b22c89 Mon Sep 17 00:00:00 2001 From: Mikhail Fedosin Date: Tue, 26 Dec 2023 11:16:54 +0100 Subject: [PATCH 3/5] Add IPAM provider to e2e suite --- test/e2e/helpers_test.go | 4 +++ test/e2e/minimal_configuration_test.go | 44 ++++++++++++++++++++++++++ 2 files changed, 48 insertions(+) diff --git a/test/e2e/helpers_test.go b/test/e2e/helpers_test.go index ca88a91ca..ff4c47103 100644 --- a/test/e2e/helpers_test.go +++ b/test/e2e/helpers_test.go @@ -47,5 +47,9 @@ const ( addonProviderName = "helm" addonProviderDeploymentName = "caaph-controller-manager" + ipamProviderName = "in-cluster" + ipamProviderURL = "https://github.com/kubernetes-sigs/cluster-api-ipam-provider-in-cluster/releases/latest/ipam-components.yaml" + ipamProviderDeploymentName = "caip-in-cluster-controller-manager" + customManifestsFolder = "resources/" ) diff --git a/test/e2e/minimal_configuration_test.go b/test/e2e/minimal_configuration_test.go index e806bf2b7..13dd33f0d 100644 --- a/test/e2e/minimal_configuration_test.go +++ b/test/e2e/minimal_configuration_test.go @@ -267,6 +267,50 @@ metadata: e2eConfig.GetIntervals(bootstrapClusterProxy.GetName(), "wait-controllers")...) }) + It("should successfully create and delete an IPAMProvider", func() { + bootstrapCluster := bootstrapClusterProxy.GetClient() + ipamProvider := &operatorv1.IPAMProvider{ + ObjectMeta: metav1.ObjectMeta{ + Name: ipamProviderName, + Namespace: operatorNamespace, + }, + Spec: operatorv1.IPAMProviderSpec{ + ProviderSpec: operatorv1.ProviderSpec{ + FetchConfig: &operatorv1.FetchConfiguration{ + URL: ipamProviderURL, + }, + }, + }, + } + deployment := &appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{ + Name: ipamProviderDeploymentName, + Namespace: operatorNamespace, + }} + Expect(bootstrapCluster.Create(ctx, ipamProvider)).To(Succeed()) + + By("Waiting for the ipam provider deployment to be ready") + framework.WaitForDeploymentsAvailable(ctx, framework.WaitForDeploymentsAvailableInput{ + Getter: bootstrapCluster, + Deployment: deployment, + }, e2eConfig.GetIntervals(bootstrapClusterProxy.GetName(), "wait-controllers")...) + + By("Waiting for the ipam provider to be ready") + WaitFor(ctx, For(ipamProvider).In(bootstrapCluster).ToSatisfy( + HaveStatusCondition(&ipamProvider.Status.Conditions, operatorv1.ProviderInstalledCondition)), + e2eConfig.GetIntervals(bootstrapClusterProxy.GetName(), "wait-controllers")...) + + By("Waiting for status.IntalledVersion to be set") + WaitFor(ctx, For(ipamProvider).In(bootstrapCluster).ToSatisfy(func() bool { + return ptr.Equal(ipamProvider.Status.InstalledVersion, &ipamProvider.Spec.Version) + }), e2eConfig.GetIntervals(bootstrapClusterProxy.GetName(), "wait-controllers")...) + + Expect(bootstrapCluster.Delete(ctx, ipamProvider)).To(Succeed()) + + By("Waiting for the ipam provider deployment to be deleted") + WaitForDelete(ctx, For(deployment).In(bootstrapCluster), + e2eConfig.GetIntervals(bootstrapClusterProxy.GetName(), "wait-controllers")...) + }) + It("should successfully upgrade a CoreProvider (v1.5.4 -> latest)", func() { bootstrapCluster := bootstrapClusterProxy.GetClient() coreProvider := &operatorv1.CoreProvider{ObjectMeta: metav1.ObjectMeta{ From 8dedfd671ebd7345e324a7e6c01d406293d0d1c0 Mon Sep 17 00:00:00 2001 From: Mikhail Fedosin Date: Tue, 26 Dec 2023 11:17:55 +0100 Subject: [PATCH 4/5] Update docs with IPAM provider --- docs/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/README.md b/docs/README.md index f990d2856..cffe94bb1 100644 --- a/docs/README.md +++ b/docs/README.md @@ -167,13 +167,14 @@ docker run -it --rm registry.k8s.io/capi-operator/cluster-api-operator:${CAPI_OP ## Basic Cluster API Provider Installation -In this section, we will walk you through the basic process of installing Cluster API providers using the operator. The Cluster API operator manages five types of objects: +In this section, we will walk you through the basic process of installing Cluster API providers using the operator. The Cluster API operator manages six types of objects: - CoreProvider - BootstrapProvider - ControlPlaneProvider - InfrastructureProvider - AddonProvider +- IPAMProvider Please note that this example provides a basic configuration of Azure Infrastructure provider for getting started. More detailed examples and CRD descriptions will be provided in subsequent sections of this document. From 48b4ccacf9663aa88efa59f6a0f410e6f9575fc3 Mon Sep 17 00:00:00 2001 From: Mikhail Fedosin Date: Tue, 26 Dec 2023 12:05:08 +0100 Subject: [PATCH 5/5] Uncomment IPAM provider options in the clusterctl plugin --- cmd/plugin/cmd/delete.go | 6 +++--- cmd/plugin/cmd/init.go | 6 +++--- cmd/plugin/cmd/upgrade_apply.go | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/cmd/plugin/cmd/delete.go b/cmd/plugin/cmd/delete.go index 6ab6c76d4..dd1712b82 100644 --- a/cmd/plugin/cmd/delete.go +++ b/cmd/plugin/cmd/delete.go @@ -30,7 +30,7 @@ type deleteOptions struct { bootstrapProviders []string controlPlaneProviders []string infrastructureProviders []string - // ipamProviders []string + ipamProviders []string // runtimeExtensionProviders []string addonProviders []string includeNamespace bool @@ -106,8 +106,8 @@ func init() { "Bootstrap providers and versions (e.g. kubeadm:v1.1.5) to delete from the management cluster") deleteCmd.Flags().StringSliceVarP(&deleteOpts.controlPlaneProviders, "control-plane", "c", nil, "ControlPlane providers and versions (e.g. kubeadm:v1.1.5) to delete from the management cluster") - // deleteCmd.Flags().StringSliceVar(&deleteOpts.ipamProviders, "ipam", nil, - // "IPAM providers and versions (e.g. infoblox:v0.0.1) to delete from the management cluster") + deleteCmd.Flags().StringSliceVar(&deleteOpts.ipamProviders, "ipam", nil, + "IPAM providers and versions (e.g. infoblox:v0.0.1) to delete from the management cluster") // deleteCmd.Flags().StringSliceVar(&deleteOpts.runtimeExtensionProviders, "runtime-extension", nil, // "Runtime extension providers and versions (e.g. test:v0.0.1) to delete from the management cluster") deleteCmd.Flags().StringSliceVar(&deleteOpts.addonProviders, "addon", nil, diff --git a/cmd/plugin/cmd/init.go b/cmd/plugin/cmd/init.go index 26bd36ee3..7ca0d1ff8 100644 --- a/cmd/plugin/cmd/init.go +++ b/cmd/plugin/cmd/init.go @@ -30,7 +30,7 @@ type initOptions struct { bootstrapProviders []string controlPlaneProviders []string infrastructureProviders []string - // ipamProviders []string + ipamProviders []string // runtimeExtensionProviders []string addonProviders []string targetNamespace string @@ -102,8 +102,8 @@ func init() { "Bootstrap providers and versions (e.g. kubeadm:v1.1.5) to add to the management cluster. If unspecified, Kubeadm bootstrap provider's latest release is used.") initCmd.PersistentFlags().StringSliceVarP(&initOpts.controlPlaneProviders, "control-plane", "c", nil, "Control plane providers and versions (e.g. kubeadm:v1.1.5) to add to the management cluster. If unspecified, the Kubeadm control plane provider's latest release is used.") - // initCmd.PersistentFlags().StringSliceVar(&initOpts.ipamProviders, "ipam", nil, - // "IPAM providers and versions (e.g. infoblox:v0.0.1) to add to the management cluster.") + initCmd.PersistentFlags().StringSliceVar(&initOpts.ipamProviders, "ipam", nil, + "IPAM providers and versions (e.g. infoblox:v0.0.1) to add to the management cluster.") // initCmd.PersistentFlags().StringSliceVar(&initOpts.runtimeExtensionProviders, "runtime-extension", nil, // "Runtime extension providers and versions (e.g. test:v0.0.1) to add to the management cluster.") initCmd.PersistentFlags().StringSliceVar(&initOpts.addonProviders, "addon", nil, diff --git a/cmd/plugin/cmd/upgrade_apply.go b/cmd/plugin/cmd/upgrade_apply.go index e53978195..65d67a143 100644 --- a/cmd/plugin/cmd/upgrade_apply.go +++ b/cmd/plugin/cmd/upgrade_apply.go @@ -31,7 +31,7 @@ type upgradeApplyOptions struct { bootstrapProviders []string controlPlaneProviders []string infrastructureProviders []string - // ipamProviders []string + ipamProviders []string // runtimeExtensionProviders []string addonProviders []string waitProviders bool @@ -80,8 +80,8 @@ func init() { "Bootstrap providers instance and versions (e.g. kubeadm:v1.1.5) to upgrade to. This flag can be used as alternative to --contract.") upgradeApplyCmd.Flags().StringSliceVarP(&upgradeApplyOpts.controlPlaneProviders, "control-plane", "c", nil, "ControlPlane providers instance and versions (e.g. kubeadm:v1.1.5) to upgrade to. This flag can be used as alternative to --contract.") - // upgradeApplyCmd.Flags().StringSliceVar(&upgradeApplyOpts.ipamProviders, "ipam", nil, - // "IPAM providers and versions (e.g. infoblox:v0.0.1) to upgrade to. This flag can be used as alternative to --contract.") + upgradeApplyCmd.Flags().StringSliceVar(&upgradeApplyOpts.ipamProviders, "ipam", nil, + "IPAM providers and versions (e.g. infoblox:v0.0.1) to upgrade to. This flag can be used as alternative to --contract.") // upgradeApplyCmd.Flags().StringSliceVar(&upgradeApplyOpts.runtimeExtensionProviders, "runtime-extension", nil, // "Runtime extension providers and versions (e.g. test:v0.0.1) to upgrade to. This flag can be used as alternative to --contract.") upgradeApplyCmd.Flags().StringSliceVar(&upgradeApplyOpts.addonProviders, "addon", nil,