add a new CRD to delegate vpc resource requests (#210)

aws · May 18, 2023 · 979b2f9 · 979b2f9
1 parent 7971b0c
commit 979b2f9
Show file tree

Hide file tree

Showing 7 changed files with 299 additions and 0 deletions.
diff --git a/apis/vpcresources/v1alpha1/cninode_types.go b/apis/vpcresources/v1alpha1/cninode_types.go
@@ -0,0 +1,61 @@
+// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License"). You may
+// not use this file except in compliance with the License. A copy of the
+// License is located at
+//
+//     http://aws.amazon.com/apache2.0/
+//
+// or in the "license" file accompanying this file. This file is distributed
+// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+// express or implied. See the License for the specific language governing
+// permissions and limitations under the License.
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// FeatureName is a type of feature name supported by AWS VPC CNI. It can be Security Group for Pods, custom networking, or others
+type FeatureName string
+
+const (
+	SecurityGroupsForPods FeatureName = "SecurityGroupsForPods"
+	CustomNetworking      FeatureName = "CustomNetworking"
+)
+
+// Important: Run "make" to regenerate code after modifying this file
+// CNINodeSpec defines the desired state of CNINode
+type CNINodeSpec struct {
+	Features []FeatureName `json:"features,omitempty"`
+}
+
+// CNINodeStatus defines the managed VPC resources.
+type CNINodeStatus struct {
+	//TODO: add VPS resources which will be managed by this CRD and its finalizer
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:printcolumn:name="Features",type=string,JSONPath=`.spec.features`,description="The features delegated to VPC resource controller"
+// +kubebuilder:resource:shortName=cnd
+
+// +kubebuilder:object:root=true
+type CNINode struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+	Spec              CNINodeSpec   `json:"spec,omitempty"`
+	Status            CNINodeStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+// CNINodeList contains a list of CNINodeList
+type CNINodeList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []CNINode `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&CNINode{}, &CNINodeList{})
+}
diff --git a/apis/vpcresources/v1alpha1/groupversion_info.go b/apis/vpcresources/v1alpha1/groupversion_info.go
@@ -0,0 +1,33 @@
+// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License"). You may
+// not use this file except in compliance with the License. A copy of the
+// License is located at
+//
+//     http://aws.amazon.com/apache2.0/
+//
+// or in the "license" file accompanying this file. This file is distributed
+// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+// express or implied. See the License for the specific language governing
+// permissions and limitations under the License.
+
+// Package v1beta1 contains API Schema definitions for the vpcresources v1beta1 API group
+// +kubebuilder:object:generate=true
+// +groupName=vpcresources.k8s.aws
+package v1alpha1
+
+import (
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/controller-runtime/pkg/scheme"
+)
+
+var (
+	// GroupVersion is group version used to register these objects
+	GroupVersion = schema.GroupVersion{Group: "vpcresources.k8s.aws", Version: "v1alpha1"}
+
+	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
+	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
+
+	// AddToScheme adds the types in this group-version to the given scheme.
+	AddToScheme = SchemeBuilder.AddToScheme
+)
diff --git a/apis/vpcresources/v1alpha1/zz_generated.deepcopy.go b/apis/vpcresources/v1alpha1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/vpcresources.k8s.aws_cninodes.yaml b/config/crd/bases/vpcresources.k8s.aws_cninodes.yaml
@@ -0,0 +1,66 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: cninodes.vpcresources.k8s.aws
+spec:
+  group: vpcresources.k8s.aws
+  names:
+    kind: CNINode
+    listKind: CNINodeList
+    plural: cninodes
+    shortNames:
+    - cnd
+    singular: cninode
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - description: The features delegated to VPC resource controller
+      jsonPath: .spec.features
+      name: Features
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: 'Important: Run "make" to regenerate code after modifying
+              this file CNINodeSpec defines the desired state of CNINode'
+            properties:
+              features:
+                items:
+                  description: FeatureName is a type of feature name supported by
+                    EKS networking. It can be Security Group for Pods, custom networking,
+                    or others
+                  type: string
+                type: array
+            type: object
+          status:
+            description: CNINodeStatus defines the managed VPC resources.
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -64,6 +64,17 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - vpcresources.k8s.aws
+  resources:
+  - cninodes
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - watch
 - apiGroups:
   - vpcresources.k8s.aws
   resources:

diff --git a/config/samples/vpcresources_v1alpha1_cninode.yaml b/config/samples/vpcresources_v1alpha1_cninode.yaml
@@ -0,0 +1,10 @@
+# Example of a CNINode
+apiVersion: vpcresources.k8s.aws/v1alpha1
+kind: CNINode
+metadata:
+  name: cninode-example
+spec:
+  features:
+  - SecurityGroupsForPods
+  - CustomNetworking
+
diff --git a/main.go b/main.go
@@ -77,6 +77,7 @@ func init() {
 // +kubebuilder:rbac:groups=apps,resources=deployments,namespace=kube-system,resourceNames=vpc-resource-controller,verbs=get;list;watch
 // +kubebuilder:rbac:groups=crd.k8s.amazonaws.com,resources=eniconfigs,verbs=get;list;watch
 // +kubebuilder:rbac:groups=vpcresources.k8s.aws,resources=securitygrouppolicies,verbs=get;list;watch
+// +kubebuilder:rbac:groups=vpcresources.k8s.aws,resources=cninodes,verbs=get;list;watch;create;patch;delete
 
 // Migration to leases based leader election
 // +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,namespace=kube-system,verbs=create