Merge pull request #314 from LionelJouin/operator-merge

Meridio-Operator merged with Merido repository

Author: LionelJouin

.dockerignore

@@ -0,0 +1,5 @@
+# More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file
+# Ignore all files which are not go type
+!**/*.go
+!**/*.mod
+!**/*.sum

.gitignore

@@ -16,4 +16,9 @@
 
 _output/
 bin/
-temp/
+temp/
+testbin/*
+
+# Kubernetes Generated files - skip generated files, except for vendored files
+
+!vendor/**/zz_generated.*

Makefile

@@ -7,13 +7,13 @@ default:
 all: default
 
 help: ## Display this help.
-	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-20s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
 
 ############################################################################
 # Variables
 ############################################################################
 
-IMAGES ?= base-image stateless-lb proxy tapa ipam nsp example-target frontend
+IMAGES ?= base-image stateless-lb proxy tapa ipam nsp example-target frontend operator
 
 # Versions
 VERSION ?= latest
@@ -25,6 +25,7 @@ VERSION_NSP ?= $(VERSION)
 VERSION_EXAMPLE_TARGET ?= $(VERSION)
 VERSION_FRONTEND ?= $(VERSION)
 VERSION_BASE_IMAGE ?= $(VERSION)
+VERSION_OPERATOR ?= $(VERSION)
 LOCAL_VERSION ?= $(VERSION)
 
 # E2E tests
@@ -33,7 +34,7 @@ E2E_PARAMETERS ?= $(shell cat ./test/e2e/environment/kind-helm/dualstack/config.
 E2E_SEED ?= $(shell shuf -i 1-2147483647 -n1)
 
 # Contrainer Registry
-REGISTRY ?= localhost:5000/meridio
+REGISTRY ?= registry.nordix.org/cloud-native/meridio
 BASE_IMAGE ?= $(REGISTRY)/base-image:$(VERSION_BASE_IMAGE)
 DEBUG_IMAGE ?= $(REGISTRY)/debug:$(VERSION)
 
@@ -45,15 +46,23 @@ MOCKGEN = $(shell pwd)/bin/mockgen
 PROTOC_GEN_GO = $(shell pwd)/bin/protoc-gen-go
 PROTOC_GEN_GO_GRPC = $(shell pwd)/bin/protoc-gen-go-grpc
 NANCY = $(shell pwd)/bin/nancy
+CONTROLLER_GEN = $(shell pwd)/bin/controller-gen
+KUSTOMIZE = $(shell pwd)/bin/kustomize
 PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST))))
 
 BUILD_DIR ?= build
 BUILD_STEPS ?= build tag push
 
+# Security Scan
 OUTPUT_DIR ?= _output
-
 SECURITY_SCAN_VOLUME ?= --volume /var/run/docker.sock:/var/run/docker.sock --volume $(HOME)/Library/Caches:/root/.cache/
 
+# Operator
+TEMPLATES_HELM_CHART_VALUES_PATH = config/templates/charts/meridio/values.yaml
+OPERATOR_NAMESPACE = meridio-operator
+ENABLE_MUTATING_WEBHOOK?=true
+WEBHOOK_SUPPORT ?= spire # spire or certmanager
+
 #############################################################################
 # Container: Build, tag, push
 #############################################################################
@@ -73,7 +82,7 @@ push:
 #############################################################################
 
 .PHONY: base-image
-base-image: ## Build the base-image
+base-image: ## Build the base-image.
 	VERSION=$(VERSION_BASE_IMAGE) IMAGE=base-image $(MAKE) -s $(BUILD_STEPS)
 
 .PHONY: debug-image
@@ -101,13 +110,17 @@ nsp: ## Build the nsp.
 	VERSION=$(VERSION_NSP) IMAGE=nsp $(MAKE) -s $(BUILD_STEPS)
 
 .PHONY: example-target
-example-target:
+example-target: ## Build the example target.
 	VERSION=$(VERSION_EXAMPLE_TARGET) BUILD_DIR=examples/target/build IMAGE=example-target $(MAKE) $(BUILD_STEPS)
 
 .PHONY: frontend
 frontend: ## Build the frontend.
 	VERSION=$(VERSION_FRONTEND) IMAGE=frontend $(MAKE) -s $(BUILD_STEPS)
 
+.PHONY: operator
+operator: ## Build the operator.
+	VERSION=$(VERSION_OPERATOR) IMAGE=operator $(MAKE) -s $(BUILD_STEPS)
+
 #############################################################################
 ##@ Testing & Code check
 #############################################################################
@@ -186,6 +199,45 @@ ambassador-proto: proto-compiler
 .PHONY: proto
 proto: ipam-proto nsp-proto ambassador-proto ## Compile the proto.
 
+.PHONY: manifests
+manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
+	$(CONTROLLER_GEN) crd rbac:roleName=operator-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
+
+.PHONY: generate-controller
+generate-controller: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
+	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
+
+#############################################################################
+##@ Operator
+#############################################################################
+
+.PHONY: deploy
+deploy: manifests kustomize namespace configure-webhook set-templates-values ## Deploy controller to the K8s cluster specified in ~/.kube/config.
+	cd config/operator && $(KUSTOMIZE) edit set image operator=${REGISTRY}/operator:${VERSION_OPERATOR}
+	$(KUSTOMIZE) build config/default --enable-helm | kubectl apply -f -
+
+.PHONY: undeploy
+undeploy: namespace configure-webhook ## Undeploy controller from the K8s cluster specified in ~/.kube/config.
+	$(KUSTOMIZE) build config/default --enable-helm | kubectl delete -f - --ignore-not-found=true
+
+.PHONY: set-templates-values
+set-templates-values: # Set the values in the templates helm chart
+	sed -i 's/^version: .*/version: ${VERSION}/' ${TEMPLATES_HELM_CHART_VALUES_PATH} ; \
+	sed -i 's/^registry: .*/registry: $(shell echo ${REGISTRY} | cut -d "/" -f 1)/' ${TEMPLATES_HELM_CHART_VALUES_PATH} ; \
+	sed -i 's#^organization: .*#organization: $(shell echo ${REGISTRY} | cut -d "/" -f 2-)#' ${TEMPLATES_HELM_CHART_VALUES_PATH}
+
+.PHONY: namespace
+namespace: # Edit the namespace of operator to be deployed
+	cd config/default && $(KUSTOMIZE) edit set namespace ${OPERATOR_NAMESPACE}
+
+.PHONY: print-manifests
+print-manifests: manifests kustomize namespace configure-webhook set-templates-values # Generate manifests to be deployed in the cluster
+	cd config/operator && $(KUSTOMIZE) edit set image operator=${REGISTRY}/operator:${VERSION_OPERATOR}
+	$(KUSTOMIZE) build config/default --enable-helm
+
+configure-webhook:
+	ENABLE_MUTATING_WEBHOOK=$(ENABLE_MUTATING_WEBHOOK) WEBHOOK_SUPPORT=$(WEBHOOK_SUPPORT) hack/webhook-switch.sh
+	
 #############################################################################
 # Tools
 #############################################################################
@@ -227,6 +279,14 @@ ginkgo:
 nancy-tool:
 	$(call go-get-tool,$(NANCY),github.com/sonatype-nexus-community/[email protected])
 
+.PHONY: controller-gen
+controller-gen:
+	$(call go-get-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/[email protected])
+
+.PHONY: kustomize
+kustomize:
+	$(call go-get-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/[email protected])
+
 # go-get-tool will 'go get' any package $2 and install it to $1.
 define go-get-tool
 @[ -f $(1) ] || { \
@@ -238,4 +298,4 @@ echo "Downloading $(2)" ;\
 GOBIN=$(PROJECT_DIR)/bin go install $(2) ;\
 rm -rf $$TMP_DIR ;\
 }
-endef
+endef

PROJECT

@@ -0,0 +1,94 @@
+domain: nordix.org
+layout:
+- go.kubebuilder.io/v3
+plugins:
+  manifests.sdk.operatorframework.io/v2: {}
+  scorecard.sdk.operatorframework.io/v2: {}
+projectName: meridio
+repo: github.com/nordix/meridio
+resources:
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: nordix.org
+  group: meridio
+  kind: Trench
+  path: github.com/nordix/meridio/api/v1alpha1
+  version: v1alpha1
+  webhooks:
+    validation: true
+    webhookVersion: v1
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: nordix.org
+  group: meridio
+  kind: Vip
+  path: github.com/nordix/meridio/api/v1alpha1
+  version: v1alpha1
+  webhooks:
+    validation: true
+    webhookVersion: v1
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: nordix.org
+  group: meridio
+  kind: Attractor
+  path: github.com/nordix/meridio/api/v1alpha1
+  version: v1alpha1
+  webhooks:
+    validation: true
+    webhookVersion: v1
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: nordix.org
+  group: meridio
+  kind: Gateway
+  path: github.com/nordix/meridio/api/v1alpha1
+  version: v1alpha1
+  webhooks:
+    validation: true
+    webhookVersion: v1
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: nordix.org
+  group: meridio
+  kind: Conduit
+  path: github.com/nordix/meridio/api/v1alpha1
+  version: v1alpha1
+  webhooks:
+    validation: true
+    webhookVersion: v1
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: nordix.org
+  group: meridio
+  kind: Stream
+  path: github.com/nordix/meridio/api/v1alpha1
+  version: v1alpha1
+  webhooks:
+    validation: true
+    webhookVersion: v1
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: nordix.org
+  group: meridio
+  kind: Flow
+  path: github.com/nordix/meridio/api/v1alpha1
+  version: v1alpha1
+  webhooks:
+    validation: true
+    webhookVersion: v1
+version: "3"

api/v1alpha1/attractor_types.go

@@ -0,0 +1,125 @@
+/*
+Copyright (c) 2021-2022 Nordix Foundation
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+// AttractorSpec defines the desired state of Attractor
+type AttractorSpec struct {
+	// +kubebuilder:default=1
+
+	// The number of front-end pods. (The load-balancer is bundled with front-end currently)
+	// +optional
+	Replicas *int32 `json:"replicas,omitempty"`
+
+	// Reference to the composite conduits
+	Composites []string `json:"composites"`
+
+	// gateways that attractor expect to use
+	// +optional
+	Gateways []string `json:"gateways,omitempty"`
+
+	// vips that attractor will announce to the gateways when possible
+	// +optional
+	Vips []string `json:"vips,omitempty"`
+
+	// defines the interface information that attractor use
+	Interface InterfaceSpec `json:"interface"`
+}
+
+type InterfaceSpec struct {
+	// name of the interface
+	Name string `json:"name"`
+
+	// (immutable) ipv4 prefix of the interface, which is used for frontend to set up communication with the ipv4 gateways
+	PrefixIPv4 string `json:"ipv4-prefix"`
+
+	// (immutable) ipv6 prefix of the interface, which is used for frontend to set up communication with the ipv6 gateways
+	PrefixIPv6 string `json:"ipv6-prefix"`
+
+	// interface choice.
+	// +kubebuilder:default=nsm-vlan
+	// +kubebuilder:validation:Enum=nsm-vlan
+	Type string `json:"type,omitempty"`
+
+	// if the type is "nsm-vlan", this information must be specified
+	NSMVlan NSMVlanSpec `json:"nsm-vlan,omitempty"`
+}
+
+type NSMVlanSpec struct {
+	// (immutable) master interface of the vlan interface to be used for external connectivity
+	BaseInterface string `json:"base-interface,omitempty"`
+
+	// (immutable) vlan ID of the vlan interface to be used for external connectivity
+	VlanID *int32 `json:"vlan-id,omitempty"`
+}
+
+// AttractorStatus defines the observed state of Attractor
+type AttractorStatus struct {
+}
+
+//+kubebuilder:object:root=true
+//+kubebuilder:subresource:status
+//+kubebuilder:printcolumn:name="Interface-Name",type=string,JSONPath=`.spec.interface.name`
+//+kubebuilder:printcolumn:name="Interface-Type",type=string,JSONPath=`.spec.interface.type`
+//+kubebuilder:printcolumn:name="Gateways",type=string,JSONPath=`.spec.gateways`
+//+kubebuilder:printcolumn:name="Vips",type=string,JSONPath=`.spec.vips`
+//+kubebuilder:printcolumn:name="Composites",type=string,JSONPath=`.spec.composites`
+//+kubebuilder:printcolumn:name="Replicas",type=string,JSONPath=`.spec.replicas`
+//+kubebuilder:printcolumn:name="Trench",type=string,JSONPath=`.metadata.labels.trench`
+
+// Attractor is the Schema for the attractors API. It defines how traffic are
+// attracted and lead into the K8s cluster. This includes which external interface
+// to consume. The Attractor is instantiated as a set of pods running frontend
+// functionality.
+type Attractor struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   AttractorSpec   `json:"spec,omitempty"`
+	Status AttractorStatus `json:"status,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+
+// AttractorList contains a list of Attractor
+type AttractorList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []Attractor `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&Attractor{}, &AttractorList{})
+}
+
+func (r *Attractor) GroupResource() schema.GroupResource {
+	return schema.GroupResource{
+		Group:    r.GroupVersionKind().Group,
+		Resource: r.GroupVersionKind().Kind,
+	}
+}
+
+func (r *Attractor) GroupKind() schema.GroupKind {
+	return schema.GroupKind{
+		Group: r.GroupVersionKind().Group,
+		Kind:  r.GroupVersionKind().Kind,
+	}
+}