Rebased windows-prefix-delegation branch onto master branch

Dockerfile

@@ -1,5 +1,6 @@
 ARG BASE_IMAGE
 ARG BUILD_IMAGE
+ARG ARCH=amd64
 # Build the controller binary
 FROM $BUILD_IMAGE as builder
 
@@ -27,7 +28,7 @@ ENV VERSION_PKG=github.com/aws/amazon-vpc-resource-controller-k8s/pkg/version
 RUN GIT_VERSION=$(git describe --tags --always) && \
         GIT_COMMIT=$(git rev-parse HEAD) && \
         BUILD_DATE=$(date +%Y-%m-%dT%H:%M:%S%z) && \
-        CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build \
+        CGO_ENABLED=0 GOOS=linux GOARCH=${ARCH} GO111MODULE=on go build \
         -ldflags="-X ${VERSION_PKG}.GitVersion=${GIT_VERSION} -X ${VERSION_PKG}.GitCommit=${GIT_COMMIT} -X ${VERSION_PKG}.BuildDate=${BUILD_DATE}" -a -o controller main.go
 
 FROM $BASE_IMAGE

Makefile

@@ -12,6 +12,8 @@ BASE_IMAGE ?= public.ecr.aws/eks-distro-build-tooling/eks-distro-minimal-base-no
 BUILD_IMAGE ?= public.ecr.aws/bitnami/golang:1.20.1
 # Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
 CRD_OPTIONS ?= "crd:trivialVersions=true"
+GOARCH ?= amd64
+PLATFORM ?= linux/amd64
 
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
@@ -68,6 +70,10 @@ vet:
 generate: controller-gen
 	$(CONTROLLER_GEN) object:headerFile="scripts/templates/boilerplate.go.txt" paths="./..."
 
+# Build the docker image with buildx
+docker-buildx: check-env test
+	docker buildx build --platform=$(PLATFORM) -t $(IMAGE)-$(GOARCH) --build-arg BASE_IMAGE=$(BASE_IMAGE) --build-arg BUILD_IMAGE=$(BUILD_IMAGE) --build-arg $(GOARCH) --load .
+
 # Build the docker image
 docker-build: check-env test
 	docker build --build-arg BASE_IMAGE=$(BASE_IMAGE) --build-arg BUILD_IMAGE=$(BUILD_IMAGE) . -t ${IMAGE}

apis/vpcresources/v1alpha1/cninode_types.go

@@ -0,0 +1,61 @@
+// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License"). You may
+// not use this file except in compliance with the License. A copy of the
+// License is located at
+//
+//     http://aws.amazon.com/apache2.0/
+//
+// or in the "license" file accompanying this file. This file is distributed
+// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+// express or implied. See the License for the specific language governing
+// permissions and limitations under the License.
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// FeatureName is a type of feature name supported by AWS VPC CNI. It can be Security Group for Pods, custom networking, or others
+type FeatureName string
+
+const (
+	SecurityGroupsForPods FeatureName = "SecurityGroupsForPods"
+	CustomNetworking      FeatureName = "CustomNetworking"
+)
+
+// Important: Run "make" to regenerate code after modifying this file
+// CNINodeSpec defines the desired state of CNINode
+type CNINodeSpec struct {
+	Features []FeatureName `json:"features,omitempty"`
+}
+
+// CNINodeStatus defines the managed VPC resources.
+type CNINodeStatus struct {
+	//TODO: add VPS resources which will be managed by this CRD and its finalizer
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:printcolumn:name="Features",type=string,JSONPath=`.spec.features`,description="The features delegated to VPC resource controller"
+// +kubebuilder:resource:shortName=cnd
+
+// +kubebuilder:object:root=true
+type CNINode struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+	Spec              CNINodeSpec   `json:"spec,omitempty"`
+	Status            CNINodeStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+// CNINodeList contains a list of CNINodeList
+type CNINodeList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []CNINode `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&CNINode{}, &CNINodeList{})
+}

apis/vpcresources/v1alpha1/groupversion_info.go

@@ -0,0 +1,33 @@
+// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License"). You may
+// not use this file except in compliance with the License. A copy of the
+// License is located at
+//
+//     http://aws.amazon.com/apache2.0/
+//
+// or in the "license" file accompanying this file. This file is distributed
+// on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+// express or implied. See the License for the specific language governing
+// permissions and limitations under the License.
+
+// Package v1beta1 contains API Schema definitions for the vpcresources v1beta1 API group
+// +kubebuilder:object:generate=true
+// +groupName=vpcresources.k8s.aws
+package v1alpha1
+
+import (
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/controller-runtime/pkg/scheme"
+)
+
+var (
+	// GroupVersion is group version used to register these objects
+	GroupVersion = schema.GroupVersion{Group: "vpcresources.k8s.aws", Version: "v1alpha1"}
+
+	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
+	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
+
+	// AddToScheme adds the types in this group-version to the given scheme.
+	AddToScheme = SchemeBuilder.AddToScheme
+)

config/crd/bases/vpcresources.k8s.aws_cninodes.yaml

@@ -0,0 +1,66 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: cninodes.vpcresources.k8s.aws
+spec:
+  group: vpcresources.k8s.aws
+  names:
+    kind: CNINode
+    listKind: CNINodeList
+    plural: cninodes
+    shortNames:
+    - cnd
+    singular: cninode
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - description: The features delegated to VPC resource controller
+      jsonPath: .spec.features
+      name: Features
+      type: string
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: 'Important: Run "make" to regenerate code after modifying
+              this file CNINodeSpec defines the desired state of CNINode'
+            properties:
+              features:
+                items:
+                  description: FeatureName is a type of feature name supported by
+                    AWS VPC CNI. It can be Security Group for Pods, custom networking,
+                    or others
+                  type: string
+                type: array
+            type: object
+          status:
+            description: CNINodeStatus defines the managed VPC resources.
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

config/rbac/role.yaml

@@ -64,6 +64,17 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - vpcresources.k8s.aws
+  resources:
+  - cninodes
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - watch
 - apiGroups:
   - vpcresources.k8s.aws
   resources:

config/samples/vpcresources_v1alpha1_cninode.yaml

@@ -0,0 +1,10 @@
+# Example of a CNINode
+apiVersion: vpcresources.k8s.aws/v1alpha1
+kind: CNINode
+metadata:
+  name: cninode-example
+spec:
+  features:
+  - SecurityGroupsForPods
+  - CustomNetworking
+

controllers/apps/deployment_controller.go

@@ -16,15 +16,17 @@ package apps
 import (
 	"context"
 
-	"github.com/aws/amazon-vpc-resource-controller-k8s/controllers/core"
+	controllers "github.com/aws/amazon-vpc-resource-controller-k8s/controllers/core"
 	"github.com/aws/amazon-vpc-resource-controller-k8s/pkg/condition"
 	"github.com/aws/amazon-vpc-resource-controller-k8s/pkg/config"
+	rcHealthz "github.com/aws/amazon-vpc-resource-controller-k8s/pkg/healthz"
 	"github.com/aws/amazon-vpc-resource-controller-k8s/pkg/k8s"
 	"github.com/aws/amazon-vpc-resource-controller-k8s/pkg/node/manager"
 
 	"github.com/go-logr/logr"
 	appV1 "k8s.io/api/apps/v1"
 	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/healthz"
 )
 
 type DeploymentReconciler struct {
@@ -63,7 +65,13 @@ func (r *DeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 	return ctrl.Result{}, nil
 }
 
-func (r *DeploymentReconciler) SetupWithManager(mgr ctrl.Manager) error {
+func (r *DeploymentReconciler) SetupWithManager(mgr ctrl.Manager, healthzHandler *rcHealthz.HealthzHandler) error {
+	// add health check on subpath for deployment controller
+	// TODO: this is a simple controller and unlikely hit blocking issue but we can revisit this after subpaths are released for a while
+	healthzHandler.AddControllersHealthCheckers(
+		map[string]healthz.Checker{"health-deploy-controller": rcHealthz.SimplePing("deployment controller", r.Log)},
+	)
+
 	return ctrl.NewControllerManagedBy(mgr).
 		For(&appV1.Deployment{}).
 		Complete(r)