-
Notifications
You must be signed in to change notification settings - Fork 326
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CRD Controller #353
Merged
Merged
CRD Controller #353
Changes from 35 commits
Commits
Show all changes
37 commits
Select commit
Hold shift + click to select a range
688d36d
push latest image for crd-controller-base branch (#307)
alvin-huang 04f04cb
fix ifelse in makefile (#308)
alvin-huang e656c46
Update kubernetes and golang dependencies
hashicorp-ci 85c7713
Apply suggestions from code review
2790a9c
Remove unnecessary dep on prometheus logging (#311)
kschoche 55bd0f5
Merge POC into consul-k8s (#309)
c89e4d2
Remove patch for validating webhook (#314)
lkysow 3059542
Update docs for CRDs (#318)
lkysow 3a61dfe
Add -create-controller-token flag
lkysow e78313c
Update ACLs for consul ent and controller (#322)
lkysow 2092f5d
Support Consul Ent NS's for CRDs (#323)
lkysow 9cf39f6
Add defaults and validation for ServiceDefaults (#320)
767a5cf
Provision webhooks with self-generated certs (#316)
cc1d16d
Ensure system recovers quickly from failures or drift in state (#326)
b333e0b
ServiceResolver controller and webhook (#325)
lkysow 1e9a70b
Fix bug with service-resolver validation (#330)
lkysow aa64895
Pass down path through validators (#331)
lkysow 1b33c49
Implement webhook support for consul ent (#329)
lkysow c77a9f5
Add -enable-webhooks flag (#336)
lkysow 092fc5f
ProxyDefaults CRD (#328)
bc9ae7a
Ignore ProxyDefaultsValidator from deepcopy (#338)
bd17a55
Remove metrics flag since we're not using it (#337)
lkysow 90b9c80
ServiceRouter support (#332)
lkysow 9f994ed
Update to latest serviceresolver code (#335)
lkysow 33a9810
Clarify cookie docs (#341)
lkysow 423cbac
Add support for ServiceSplitter (#339)
ishustava 3a97323
Replace reflect.DeepEqual with gocmp.Equal (#340)
7aaa508
Refactor ent controller tests (#342)
6f37b01
Pull consul dev images (#344)
alvin-huang 40d03ab
Use metadata field from configEntry (#343)
5ecc0d4
Support split weights that have a value of 0 (#349)
46baf63
Crd controller service intentions (#346)
e9cc25b
Add -log-level flag to controller (#348)
lkysow fc52045
L7 intentions (#352)
5213536
Merge remote-tracking branch 'origin/master' into crd-controller-base
lkysow 704ca54
Tidy up go.sum
b7f17e1
Bump commit sha's for Consul
lkysow File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
# this is a generated file used for operator sdk during code generation of CRDs, Controllers and webhooks | ||
domain: hashicorp.com | ||
layout: go.kubebuilder.io/v2 | ||
repo: github.com/hashicorp/consul-k8s | ||
version: 3-alpha | ||
plugins: | ||
go.operator-sdk.io/v2-alpha: {} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
// Package common holds code that isn't tied to a particular CRD version or type. | ||
package common | ||
|
||
const ( | ||
ServiceDefaults string = "servicedefaults" | ||
ProxyDefaults string = "proxydefaults" | ||
ServiceResolver string = "serviceresolver" | ||
ServiceRouter string = "servicerouter" | ||
ServiceSplitter string = "servicesplitter" | ||
ServiceIntentions string = "serviceintentions" | ||
|
||
Global string = "global" | ||
DefaultConsulNamespace string = "default" | ||
WildcardNamespace string = "*" | ||
|
||
SourceKey string = "external-source" | ||
DatacenterKey string = "consul.hashicorp.com/source-datacenter" | ||
SourceValue string = "kubernetes" | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
package common | ||
|
||
import ( | ||
"github.com/hashicorp/consul/api" | ||
corev1 "k8s.io/api/core/v1" | ||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | ||
"k8s.io/apimachinery/pkg/runtime" | ||
"k8s.io/apimachinery/pkg/runtime/schema" | ||
) | ||
|
||
// ConfigEntryResource is a generic config entry custom resource. It is implemented | ||
// by each config entry type so that they can be acted upon generically. | ||
// It is not tied to a specific CRD version. | ||
type ConfigEntryResource interface { | ||
// GetObjectMeta returns object meta. | ||
GetObjectMeta() metav1.ObjectMeta | ||
// AddFinalizer adds a finalizer to the list of finalizers. | ||
AddFinalizer(name string) | ||
// RemoveFinalizer removes this finalizer from the list. | ||
RemoveFinalizer(name string) | ||
// Finalizers returns the list of finalizers for this object. | ||
Finalizers() []string | ||
// ConsulKind returns the Consul config entry kind, i.e. service-defaults, not | ||
// servicedefaults. | ||
ConsulKind() string | ||
// ConsulGlobalResource returns if the resource exists in the default | ||
// Consul namespace only. | ||
ConsulGlobalResource() bool | ||
// ConsulMirroringNS returns the Consul namespace that the config entry should | ||
// be created in if namespaces and mirroring are enabled. | ||
ConsulMirroringNS() string | ||
// KubeKind returns the Kube config entry kind, i.e. servicedefaults, not | ||
// service-defaults. | ||
KubeKind() string | ||
// ConsulName returns the name of the config entry as saved in Consul. | ||
// This may be different than KubernetesName() in the case of a ServiceIntentions | ||
// config entry. | ||
ConsulName() string | ||
// KubernetesName returns the name of the Kubernetes resource. | ||
KubernetesName() string | ||
// SetSyncedCondition updates the synced condition. | ||
SetSyncedCondition(status corev1.ConditionStatus, reason, message string) | ||
// SyncedCondition gets the synced condition. | ||
SyncedCondition() (status corev1.ConditionStatus, reason, message string) | ||
// SyncedConditionStatus returns the status of the synced condition. | ||
SyncedConditionStatus() corev1.ConditionStatus | ||
// ToConsul converts the resource to the corresponding Consul API definition. | ||
// Its return type is the generic ConfigEntry but a specific config entry | ||
// type should be constructed e.g. ServiceConfigEntry. | ||
ToConsul(datacenter string) api.ConfigEntry | ||
// MatchesConsul returns true if the resource has the same fields as the Consul | ||
// config entry. | ||
MatchesConsul(candidate api.ConfigEntry) bool | ||
// GetObjectKind should be implemented by the generated code. | ||
GetObjectKind() schema.ObjectKind | ||
// DeepCopyObject should be implemented by the generated code. | ||
DeepCopyObject() runtime.Object | ||
// Validate returns an error if the resource is invalid. | ||
Validate() error | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
package common | ||
|
||
import ( | ||
"context" | ||
"fmt" | ||
"net/http" | ||
|
||
"github.com/go-logr/logr" | ||
"k8s.io/api/admission/v1beta1" | ||
"sigs.k8s.io/controller-runtime/pkg/webhook/admission" | ||
) | ||
|
||
// ConfigEntryLister is implemented by CRD-specific webhooks. | ||
type ConfigEntryLister interface { | ||
// List returns all resources of this type across all namespaces in a | ||
// Kubernetes cluster. | ||
List(ctx context.Context) ([]ConfigEntryResource, error) | ||
} | ||
|
||
// ValidateConfigEntry validates cfgEntry. It is a generic method that | ||
// can be used by all CRD-specific validators. | ||
// Callers should pass themselves as validator and kind should be the custom | ||
// resource name, e.g. "ServiceDefaults". | ||
func ValidateConfigEntry( | ||
ctx context.Context, | ||
req admission.Request, | ||
logger logr.Logger, | ||
configEntryLister ConfigEntryLister, | ||
cfgEntry ConfigEntryResource, | ||
enableConsulNamespaces bool, | ||
nsMirroring bool) admission.Response { | ||
|
||
// On create we need to validate that there isn't already a resource with | ||
// the same name in a different namespace if we're need to mapping all Kube | ||
// resources to a single Consul namespace. The only case where we're not | ||
// mapping all kube resources to a single Consul namespace is when we | ||
// are running Consul enterprise with namespace mirroring. | ||
singleConsulDestNS := !(enableConsulNamespaces && nsMirroring) | ||
if req.Operation == v1beta1.Create && singleConsulDestNS { | ||
logger.Info("validate create", "name", cfgEntry.KubernetesName()) | ||
|
||
list, err := configEntryLister.List(ctx) | ||
if err != nil { | ||
return admission.Errored(http.StatusInternalServerError, err) | ||
} | ||
for _, item := range list { | ||
if item.KubernetesName() == cfgEntry.KubernetesName() { | ||
return admission.Errored(http.StatusBadRequest, | ||
fmt.Errorf("%s resource with name %q is already defined – all %s resources must have unique names across namespaces", | ||
cfgEntry.KubeKind(), | ||
cfgEntry.KubernetesName(), | ||
cfgEntry.KubeKind())) | ||
} | ||
} | ||
} | ||
if err := cfgEntry.Validate(); err != nil { | ||
return admission.Errored(http.StatusBadRequest, err) | ||
} | ||
return admission.Allowed(fmt.Sprintf("valid %s request", cfgEntry.KubeKind())) | ||
} |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Todo: we need these to point at 1.9.0 so the controller tests pass.