Add ServiceExport CRD

Adds the ServiceExport CRD for lighthouse U/S alignment, only
on the clusters where the operator is installed, not the broker.

Related-Issue: submariner-io/lighthouse#78

deploy/lighthouse/cluster_role.yaml

@@ -17,7 +17,7 @@ rules:
 - apiGroups:
   - lighthouse.submariner.io
   resources:
-  - multiclusterservices
+  - "*"
   verbs:
   - create
   - get

deploy/lighthouse/crds/serviceexport_crd.yaml

@@ -0,0 +1,12 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: serviceexports.lighthouse.submariner.io
+spec:
+  group: lighthouse.submariner.io
+  version: v2alpha1
+  names:
+    kind: ServiceExport
+    plural: serviceexports
+    singular: serviceexport
+  scope: Namespaced

pkg/broker/ensure.go

@@ -38,7 +38,7 @@ func Ensure(config *rest.Config) error {
 		return fmt.Errorf("error setting up the engine requirements: %s", err)
 	}
 
-	err = lighthouse.Ensure(config)
+	_, err = lighthouse.Ensure(config, lighthouse.BrokerCluster)
 	if err != nil {
 		return fmt.Errorf("error setting up the lighthouse requirements: %s", err)
 	}

pkg/broker/rbac.go

@@ -69,7 +69,7 @@ func NewBrokerAdminRole() *rbacv1.Role {
 			rbacv1.PolicyRule{
 				Verbs:     []string{"create", "get", "list", "watch", "patch", "update", "delete"},
 				APIGroups: []string{"lighthouse.submariner.io"},
-				Resources: []string{"multiclusterservices"},
+				Resources: []string{"*"},
 			},
 		},
 	}
@@ -91,7 +91,7 @@ func NewBrokerClusterRole() *rbacv1.Role {
 			rbacv1.PolicyRule{
 				Verbs:     []string{"create", "get", "list", "watch", "patch", "update", "delete"},
 				APIGroups: []string{"lighthouse.submariner.io"},
-				Resources: []string{"multiclusterservices"},
+				Resources: []string{"*"},
 			},
 		},
 	}

pkg/lighthouse/crds.go

@@ -3,37 +3,42 @@ package lighthouse
 import (
 	"fmt"
 
-	"github.com/submariner-io/submariner-operator/pkg/subctl/operator/common/embeddedyamls"
-	"github.com/submariner-io/submariner-operator/pkg/utils"
-	apiextensionsv1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1"
 	"k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset"
 	"k8s.io/client-go/rest"
+
+	"github.com/submariner-io/submariner-operator/pkg/subctl/operator/common/embeddedyamls"
+	"github.com/submariner-io/submariner-operator/pkg/utils"
+)
+
+const (
+	BrokerCluster = true
+	DataCluster   = false
 )
 
 // Ensure ensures that the required resources are deployed on the target system
-// The resources handled here are the lighthouse CRDs: MultiClusterService
-func Ensure(config *rest.Config) error {
+// The resources handled here are the lighthouse CRDs: MultiClusterService and ServiceExport
+func Ensure(config *rest.Config, isBroker bool) (bool, error) {
 	clientSet, err := clientset.NewForConfig(config)
 	if err != nil {
-		return fmt.Errorf("error creating the api extensions client: %s", err)
+		return false, fmt.Errorf("error creating the api extensions client: %s", err)
 	}
-	mcsCrd, err := GetMcsCRD()
+	installedMCS, err := utils.CreateOrUpdateEmbeddedCRD(clientSet,
+		embeddedyamls.Lighthouse_crds_multiclusterservices_crd_yaml)
 	if err != nil {
-		return fmt.Errorf("error creating the MultiClusterService CRD: %s", err)
+		return installedMCS, fmt.Errorf("Error creating the MultiClusterServices CRD: %s", err)
 	}
-	_, err = utils.CreateOrUpdateCRD(clientSet, mcsCrd)
-	if err != nil {
-		return fmt.Errorf("error creating the MultiClusterService CRD: %s", err)
+
+	// The broker does not need the ServiceExport
+	if isBroker {
+		return installedMCS, nil
 	}
-	return nil
-}
 
-func GetMcsCRD() (*apiextensionsv1beta1.CustomResourceDefinition, error) {
-	crd := &apiextensionsv1beta1.CustomResourceDefinition{}
+	installedSE, err := utils.CreateOrUpdateEmbeddedCRD(clientSet,
+		embeddedyamls.Lighthouse_crds_serviceexport_crd_yaml)
 
-	if err := embeddedyamls.GetObject(embeddedyamls.Lighthouse_crds_multiclusterservices_crd_yaml, crd); err != nil {
-		return nil, err
+	if err != nil {
+		return installedSE, fmt.Errorf("Error creating the ServiceExport CRD: %s", err)
 	}
 
-	return crd, nil
+	return installedMCS || installedSE, nil
 }

pkg/subctl/operator/common/embeddedyamls/generators/yamls2go.go

@@ -38,6 +38,7 @@ var files = []string{
 	"submariner/globalnet_cluster_role.yaml",
 	"submariner/globalnet_cluster_role_binding.yaml",
 	"lighthouse/crds/multiclusterservices_crd.yaml",
+	"lighthouse/crds/serviceexport_crd.yaml",
 	"lighthouse/cluster_role_binding.yaml",
 	"lighthouse/cluster_role.yaml",
 }

pkg/subctl/operator/lighthouse/crds/ensure.go

@@ -17,51 +17,37 @@ limitations under the License.
 package crds
 
 import (
-	lighthouse "github.com/submariner-io/submariner-operator/pkg/lighthouse"
+	"github.com/submariner-io/submariner-operator/pkg/lighthouse"
 	"github.com/submariner-io/submariner-operator/pkg/subctl/operator/common/embeddedyamls"
 	"github.com/submariner-io/submariner-operator/pkg/utils"
-	apiextensionsv1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1"
+
+	"fmt"
+
 	"k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset"
 	"k8s.io/client-go/rest"
 )
 
 //go:generate go run generators/yamls2go.go
 
-//Ensure functions updates or installs the operator CRDs in the cluster
 func Ensure(restConfig *rest.Config) (bool, error) {
-	clientSet, err := clientset.NewForConfig(restConfig)
-	if err != nil {
-		return false, err
-	}
-
-	crd, err := getServiceDiscoveryCRD()
-	if err != nil {
-		return false, err
-	}
-
-	serviceDiscoveryResult, err := utils.CreateOrUpdateCRD(clientSet, crd)
+	serviceDiscoveryResult, err := ensureServiceDiscoveryCRD(restConfig)
 	if err != nil {
 		return serviceDiscoveryResult, err
 	}
 
-	mcsCrd, err := lighthouse.GetMcsCRD()
-	if err != nil {
-		return false, err
-	}
-	mcsCRDResult, err := utils.CreateOrUpdateCRD(clientSet, mcsCrd)
+	installed, err := lighthouse.Ensure(restConfig, lighthouse.DataCluster)
 	if err != nil {
-		return mcsCRDResult, err
+		return installed, err
 	}
 
-	return (serviceDiscoveryResult || mcsCRDResult), err
+	return (serviceDiscoveryResult || installed), err
 }
 
-func getServiceDiscoveryCRD() (*apiextensionsv1beta1.CustomResourceDefinition, error) {
-	crd := &apiextensionsv1beta1.CustomResourceDefinition{}
-
-	if err := embeddedyamls.GetObject(embeddedyamls.Crds_submariner_io_servicediscoveries_crd_yaml, crd); err != nil {
-		return nil, err
+func ensureServiceDiscoveryCRD(config *rest.Config) (bool, error) {
+	clientSet, err := clientset.NewForConfig(config)
+	if err != nil {
+		return false, fmt.Errorf("error creating the api extensions client: %s", err)
 	}
 
-	return crd, nil
+	return utils.CreateOrUpdateEmbeddedCRD(clientSet, embeddedyamls.Crds_submariner_io_servicediscoveries_crd_yaml)
 }

pkg/utils/createorupdate.go

@@ -28,6 +28,8 @@ import (
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	clientset "k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/util/retry"
+
+	"github.com/submariner-io/submariner-operator/pkg/subctl/operator/common/embeddedyamls"
 )
 
 func CreateOrUpdateClusterRole(clientSet clientset.Interface, clusterRole *rbacv1.ClusterRole) (bool, error) {
@@ -99,6 +101,17 @@ func CreateOrUpdateCRD(clientSet extendedclientset.Interface, crd *apiextensions
 	return false, err
 }
 
+func CreateOrUpdateEmbeddedCRD(clientSet extendedclientset.Interface, crdYaml string) (bool, error) {
+
+	crd := &apiextensionsv1beta1.CustomResourceDefinition{}
+
+	if err := embeddedyamls.GetObject(crdYaml, crd); err != nil {
+		return false, fmt.Errorf("Error extracting embedded CRD: %s", err)
+	}
+
+	return CreateOrUpdateCRD(clientSet, crd)
+}
+
 func CreateOrUpdateDeployment(clientSet clientset.Interface, namespace string, deployment *appsv1.Deployment) (bool, error) {
 	_, err := clientSet.AppsV1().Deployments(namespace).Create(deployment)
 	if err != nil && errors.IsAlreadyExists(err) {