Merge pull request #12 from 3scale/feature/add-corsproxy

Feature/Add CORSProxy controller

Makefile

@@ -12,7 +12,7 @@ else ifeq (${UNAME}, Darwin)
   INPLACE_SED=sed -i ""
 endif
 
-TAG ?= v0.3.2
+TAG ?= v0.4.0
 REGISTRY ?= quay.io
 ORG ?= 3scale
 PROJECT ?= 3scale-saas-operator
@@ -37,6 +37,7 @@ operator-deploy: namespace-create ## OPERATOR DEPLOY - Deploy Operator objects (
 	$(KUBE_CLIENT) apply -f deploy/crds/saas.3scale.net_autossls_crd.yaml --validate=false || true
 	$(KUBE_CLIENT) apply -f deploy/crds/saas.3scale.net_backends_crd.yaml --validate=false || true
 	$(KUBE_CLIENT) apply -f deploy/crds/saas.3scale.net_zyncs_crd.yaml --validate=false || true
+	$(KUBE_CLIENT) apply -f deploy/crds/saas.3scale.net_corsproxies_crd.yaml --validate=false || true
 	$(KUBE_CLIENT) apply -f deploy/service_account.yaml -n $(NAMESPACE)
 	$(KUBE_CLIENT) apply -f deploy/role.yaml -n $(NAMESPACE)
 	$(KUBE_CLIENT) apply -f deploy/role_binding.yaml -n $(NAMESPACE)

README.md

@@ -10,12 +10,12 @@ Current 3scale SaaS controllers supported:
 * AutoSSL
 * Backend
 * Zync
+* CORSProxy
 
 Future 3scale SaaS controllers to be added:
 * System
 * Apicast
 * MappingService
-* CORSProxy
 * PostFix
 
 ## Requirements
@@ -30,6 +30,7 @@ Future 3scale SaaS controllers to be added:
 * [AutoSSL Custom Resource Reference](docs/autossl-crd-reference.md)
 * [Backend Custom Resource Reference](docs/backend-crd-reference.md)
 * [Zync Custom Resource Reference](docs/zync-crd-reference.md)
+* [CORSProxy Custom Resource Reference](docs/corsproxy-crd-reference.md)
 
 ## License
 

deploy/crds/saas.3scale.net_corsproxies_crd.yaml

@@ -0,0 +1,150 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: corsproxies.saas.3scale.net
+spec:
+  group: saas.3scale.net
+  names:
+    kind: CORSProxy
+    listKind: CORSProxyList
+    plural: corsproxies
+    singular: corsproxy
+  scope: Namespaced
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      type: object
+      description: CORSProxy is the Schema for CORSProxy instance
+      properties:
+        apiVersion:
+          description: 'APIVersion defines the versioned schema of this representation
+            of an object. Servers should convert recognized schemas to the latest
+            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+          type: string
+        kind:
+          description: 'Kind is a string value representing the REST resource this
+            object represents. Servers may infer this from the endpoint the client
+            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+          type: string
+        metadata:
+          type: object
+        spec:
+          type: object
+          description: CORSProxySpec defines the desired state of CORSProxy
+          required:
+          - secret
+          - ingress
+          properties:
+            image:
+              type: object
+              properties:
+                name:
+                  type: string
+                  description: Image name (docker repository)
+                tag:
+                  type: string
+                  description: Image tag
+                pullSecretName:
+                  type: string
+                  description: Quay pull secret for private repository
+            secret:
+              type: object
+              required:
+              - systemDatabaseVaultPath
+              properties:
+                systemDatabaseVaultPath:
+                  type: string
+                  description: Vault Path with cors-proxy-system-database secret definition
+            replicas:
+              type: integer
+              description: Number of replicas
+            resources:
+              type: object
+              properties:
+                requests:
+                  type: object
+                  properties:
+                    cpu:
+                      type: string
+                      pattern: "[0-9]+m?$"
+                      description: Override CPU requests
+                    memory:
+                      type: string
+                      pattern: "[0-9]+([kKmMgGtTpPeE]i?)?$"
+                      description: Override Memory requests
+                limits:
+                  type: object
+                  properties:
+                    cpu:
+                      type: string
+                      pattern: "[0-9]+m?$"
+                      description: Override CPU limits
+                    memory:
+                      type: string
+                      pattern: "[0-9]+([kKmMgGtTpPeE]i?)?$"
+                      description: Override Memory limits
+            livenessProbe:
+              type: object
+              properties:
+                initialDelaySeconds:
+                  type: integer
+                  description: Override liveness probe initial delay (seconds)
+                timeoutSeconds:
+                  type: integer
+                  description: Override liveness probe timeout (seconds)
+                periodSeconds:
+                  type: integer
+                  description: Override liveness probe period (seconds)
+                successThreshold:
+                  type: integer
+                  description: Override liveness probe success threshold
+                failureThreshold:
+                  type: integer
+                  description: Override liveness probe failure threshold
+            readinessProbe:
+              type: object
+              properties:
+                initialDelaySeconds:
+                  type: integer
+                  description: Override readiness probe initial delay (seconds)
+                timeoutSeconds:
+                  type: integer
+                  description: Override readiness probe timeout (seconds)
+                periodSeconds:
+                  type: integer
+                  description: Override readiness probe period (seconds)
+                successThreshold:
+                  type: integer
+                  description: Override readiness probe success threshold
+                failureThreshold:
+                  type: integer
+                  description: Override readiness probe failure threshold
+            ingress:
+              type: object
+              required:
+              - host
+              properties:
+                path:
+                  type: string
+                  description: Proxy path to configure on Nginx Ingress
+                host:
+                  type: string
+                  description: Host to configure on Nginx Ingress
+            grafanaDashboard:
+              type: object
+              properties:
+                label:
+                  type: object
+                  properties:
+                    key:
+                      type: string
+                      description: Label key used by grafana-operator for dashboard discovery
+                    value:
+                      type: string
+                      description: Label value used by grafana-operator for dashboard discovery
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true

deploy/crds/saas.3scale.net_v1alpha1_corsproxy_cr.yaml

@@ -0,0 +1,13 @@
+apiVersion: saas.3scale.net/v1alpha1
+kind: CORSProxy
+metadata:
+  name: example
+spec:
+  image:
+    tag: v1.1.0
+    pullSecretName: quay-pull-secret
+  secret:
+    systemDatabaseVaultPath: secret/data/openshift/cluster-example/3scale/cors-proxy-system-database
+  replicas: 1
+  ingress:
+    host: "*.example.3sca.net"

deploy/role.yaml

@@ -89,6 +89,19 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  - ingresses/status
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - apps
   resourceNames:

docs/corsproxy-crd-reference.md

@@ -0,0 +1,92 @@
+# CORSProxy Custom Resource Reference
+
+## Simple CR Example
+
+```yaml
+apiVersion: saas.3scale.net/v1alpha1
+kind: CORSProxy
+metadata:
+  name: simple-example
+spec:
+  image:
+    tag: v1.1.0
+    pullSecretName: quay-pull-secret
+  secret:
+    systemDatabaseVaultPath: secret/data/openshift/cluster-example/3scale/cors-proxy-system-database
+  replicas: 1
+  ingress:
+    host: "*.example.3sca.net"
+```
+
+## Full CR Example
+
+Most of the fields do not need to be specified (can use default values), this is just an example of everything that can be overriden under your own risk:
+
+```yaml
+apiVersion: saas.3scale.net/v1alpha1
+kind: CORSProxy
+metadata:
+  name: full-example
+spec:
+  image:
+    name: quay.io/3scale/cors-proxy
+    tag: v1.1.0
+    pullSecretName: quay-pull-secret
+  secret:
+    systemDatabaseVaultPath: secret/data/openshift/cluster-example/3scale/cors-proxy-system-database
+  replicas: 2
+  livenessProbe:
+    initialDelaySeconds: 3
+    timeoutSeconds: 1
+    periodSeconds: 10
+    successThreshold: 1
+    failureThreshold: 3
+  readinessProbe:
+    initialDelaySeconds: 3
+    timeoutSeconds: 1
+    periodSeconds: 10
+    successThreshold: 1
+    failureThreshold: 3
+  resources:
+    requests:
+      cpu: "250m"
+      memory: "250Mi"
+    limits:
+      cpu: "1"
+      memory: "512Mi"
+  ingress:
+    path: /api_docs/proxy
+    host: "*.example.3sca.net"
+  grafanaDashboard:
+    label:
+      key: discovery
+      value: enabled
+```
+
+## CR Spec
+
+| **Field** | **Type** | **Required** | **Default value** | **Description** |
+|:---:|:---:|:---:|:---:|:---:|
+| `image.name` | `string` | No | `quay.io/3scale/cors-proxy` | Image name (docker repository) |
+| `image.tag` | `string` | No | `v1.1.0` | Image tag |
+| `image.pullSecretName` | `string` | No | - | Quay pull secret for private repository |
+| `secret.systemDatabaseVaultPath` | `string` | Yes | - | Vault Path with cors-proxy-system-database secret definition |
+| `replicas` | `int` | No | `2` | Number of replicas |
+| `resources.requests.cpu` | `string` | No | `250m` | Override CPU requests |
+| `resources.requests.memory` | `string` | No | `250Mi` | Override Memory requests |
+| `resources.limits.cpu` | `string` | No | `1` | Override CPU limits |
+| `resources.limits.memory` | `string` | No | `512Mi` | Override Memory limits |
+| `livenessProbe.initialDelaySeconds` | `int` | No | `3` | Override liveness initial delay (seconds) |
+| `livenessProbe.timeoutSeconds` | `int` | No | `1` | Override liveness timeout (seconds) |
+| `livenessProbe.periodSeconds` | `int` | No | `10` | Override liveness period (seconds) |
+| `livenessProbe.successThreshold` | `int` | No | `1` | Override liveness success threshold |
+| `livenessProbe.failureThreshold` | `int` | No | `3` | Override liveness failure threshold |
+| `readinessProbe.initialDelaySeconds` | `int` | No | `3` | Override readiness initial delay (seconds) |
+| `readinessProbe.timeoutSeconds` | `int` | No | `1` | Override readiness timeout (seconds) |
+| `readinessProbe.periodSeconds` | `int` | No | `10` | Override readiness period (seconds) |
+| `readinessProbe.successThreshold` | `int` | No | `1` | Override readiness success threshold |
+| `readinessProbe.failureThreshold` | `int` | No | `3` | Override readiness failure threshold |
+| `ingress.path` | `string` | No | `/api_docs/proxy` | Proxy path to configure on Nginx Ingress |
+| `ingress.host` | `string` | Yes | - | Host to configure on Nginx Ingress |
+| `grafanaDashboard.label.key` | `string` | No | `monitoring-key` | Label `key` used by grafana-operator for dashboard discovery |
+| `grafanaDashboard.label.value` | `string` | No | `middleware` | Label `value` used by grafana-operator for dashboard discovery |

roles/corsproxy/defaults/main.yml

@@ -0,0 +1,27 @@
+---
+
+## Deployment
+replicas: 2
+image_name: "quay.io/3scale/cors-proxy"
+image_tag: "v1.1.0"
+liveness_probe_initial_delay_seconds: 3
+liveness_probe_timeout_seconds: 1
+liveness_probe_period_seconds: 10
+liveness_probe_success_threshold: 1
+liveness_probe_failure_threshold: 3
+readiness_probe_initial_delay_seconds: 3
+readiness_probe_timeout_seconds: 1
+readiness_probe_period_seconds: 10
+readiness_probe_success_threshold: 1
+readiness_probe_failure_threshold: 3
+resources_requests_cpu: "250m"
+resources_requests_memory: "250Mi"
+resources_limits_cpu: "1"
+resources_limits_memory: "512Mi"
+
+## Ingress
+ingress_path: "/api_docs/proxy"
+
+## GrafanaDashboard
+grafana_dashboard_label_key: "monitoring-key"
+grafana_dashboard_label_value: "middleware"

roles/corsproxy/meta/main.yml

@@ -0,0 +1,13 @@
+
+---
+galaxy_info:
+  author: 3scale SRE team
+  description: 3scale corsproxy component
+  company: Red Hat
+  license: license (GPLv2, CC-BY, etc)
+  min_ansible_version: 2.9
+  galaxy_tags: []
+dependencies: []
+collections:
+- operator_sdk.util
+- community.kubernetes

roles/corsproxy/tasks/main.yml

@@ -0,0 +1,25 @@
+---
+
+- name: Manage cors-proxy-system-database SecretDefinition for CORSProxy {{ meta.name }} on Namespace {{ meta.namespace }}
+  k8s:
+    definition: "{{ lookup('template', 'cors-proxy-system-database-secretdefinition.yaml') }}"
+
+- name: Manage cors-proxy Deployment for CORSProxy {{ meta.name }} on Namespace {{ meta.namespace }}
+  k8s:
+    definition: "{{ lookup('template', 'cors-proxy-deployment.yaml') }}"
+
+- name: Manage cors-proxy Service for CORSProxy {{ meta.name }} on Namespace {{ meta.namespace }}
+  k8s:
+    definition: "{{ lookup('template', 'cors-proxy-service.yaml') }}"
+
+- name: Manage cors-proxy Ingress for CORSProxy {{ meta.name }} on Namespace {{ meta.namespace }}
+  k8s:
+    definition: "{{ lookup('template', 'cors-proxy-ingress.yaml') }}"
+
+- name: Manage cors-proxy PodMonitor for CORSProxy {{ meta.name }} on Namespace {{ meta.namespace }}
+  k8s:
+    definition: "{{ lookup('template', 'cors-proxy-podmonitor.yaml') }}"
+
+- name: Manage cors-proxy GrafanaDashboard for CORSProxy {{ meta.name }} on Namespace {{ meta.namespace }}
+  k8s:
+    definition: "{{ lookup('template', 'cors-proxy-grafanadashboard.yaml') }}"