Add recommendation engine flags & values (#174)

Signed-off-by: Pulak Kanti Bhowmick <pulak@appscode.com>

apis/installer/v1alpha1/kubevault_operator_types.go

@@ -78,6 +78,8 @@ type KubevaultOperatorSpec struct {
 	License string `json:"license"`
 	// +optional
 	ClusterName string `json:"clusterName"`
+	// +optional
+	RecommendationEngine RecommendationEngineConfig `json:"recommendationEngine"`
 }
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
@@ -89,3 +91,10 @@ type KubevaultOperatorList struct {
 	// Items is a list of KubevaultOperator CRD objects
 	Items []KubevaultOperator `json:"items,omitempty"`
 }
+
+type RecommendationEngineConfig struct {
+	RecommendationResyncPeriod                  metav1.Duration `json:"recommendationResyncPeriod"`
+	GenRotateTLSRecommendationBeforeExpiryYear  int             `json:"genRotateTLSRecommendationBeforeExpiryYear"`
+	GenRotateTLSRecommendationBeforeExpiryMonth int             `json:"genRotateTLSRecommendationBeforeExpiryMonth"`
+	GenRotateTLSRecommendationBeforeExpiryDay   int             `json:"genRotateTLSRecommendationBeforeExpiryDay"`
+}

charts/kubevault-operator/templates/cluster-role.yaml

@@ -115,4 +115,8 @@ rules:
   - policy
   resources:
   - poddisruptionbudgets
-  verbs: ["get", "list", "create", "delete", "patch", "deletecollection"]
+  verbs: ["get", "list", "create", "delete", "patch", "deletecollection"]
+- apiGroups:
+  - supervisor.appscode.com
+  resources: ["*"]
+  verbs: ["create", "get", "list", "watch", "update", "patch"]

charts/kubevault-operator/templates/deployment.yaml

@@ -45,6 +45,12 @@ spec:
         - --cluster-name={{ .Values.clusterName }}
         - --metrics-bind-address=:{{ .Values.monitoring.bindPort }}
         - --health-probe-bind-address=:{{ .Values.apiserver.healthcheck.probePort }}
+        {{- with .Values.recommendationEngine }}
+        - --recommendation-resync-period={{ .recommendationResyncPeriod }}
+        - --gen-rotate-tls-recommendation-before-expiry-year={{ .genRotateTLSRecommendationBeforeExpiryYear }}
+        - --gen-rotate-tls-recommendation-before-expiry-month={{ .genRotateTLSRecommendationBeforeExpiryMonth }}
+        - --gen-rotate-tls-recommendation-before-expiry-day={{ .genRotateTLSRecommendationBeforeExpiryDay }}
+        {{- end }}
         {{- if include "appscode.license" . }}
         - --license-file=/var/run/secrets/appscode/license/key.txt
         {{- end }}

charts/kubevault-operator/values.openapiv3_schema.yaml

@@ -1153,6 +1153,22 @@ properties:
             type: string
         type: object
     type: object
+  recommendationEngine:
+    properties:
+      genRotateTLSRecommendationBeforeExpiryDay:
+        type: integer
+      genRotateTLSRecommendationBeforeExpiryMonth:
+        type: integer
+      genRotateTLSRecommendationBeforeExpiryYear:
+        type: integer
+      recommendationResyncPeriod:
+        type: string
+    required:
+    - genRotateTLSRecommendationBeforeExpiryDay
+    - genRotateTLSRecommendationBeforeExpiryMonth
+    - genRotateTLSRecommendationBeforeExpiryYear
+    - recommendationResyncPeriod
+    type: object
   registryFQDN:
     type: string
   replicaCount:

charts/kubevault-operator/values.yaml

@@ -97,3 +97,21 @@ monitoring:
     labels: {}
 # Name of cluster used in a multi-cluster setup
 clusterName: ""
+recommendationEngine:
+  # Recommendation will be generated after every given duration based on the resource status at that moment.
+  # Default value is one hour.
+  # The flag accepts a integer 64 bit value in nanosecond for time.Duration. Ref: https://pkg.go.dev/time#Duration
+  recommendationResyncPeriod: 1h0m0s
+  # Rotate TLS recommendation will be generated before given year of expiration.
+  # It also depends on gen-rotate-tls-recommendation-before-expiry-month and gen-rotate-tls-recommendation-before-expiry-year.
+  # Default values are 0(zero) for gen-rotate-tls-recommendation-before-expiry-year, 1(one) for gen-rotate-tls-recommendation-before-expiry-month,
+  # 0(zero) for gen-rotate-tls-recommendation-before-expiry-day flags.
+  genRotateTLSRecommendationBeforeExpiryYear: 0
+  # Rotate TLS recommendation will be generated before given month of expiration.
+  # It also depends on gen-rotate-tls-recommendation-before-expiry-year and gen-rotate-tls-recommendation-before-expiry-day flag.
+  # By default it is set as 1(one).
+  genRotateTLSRecommendationBeforeExpiryMonth: 1
+  # Rotate TLS recommendation will be generated before given day of expiration.
+  # It also depends on gen-rotate-tls-recommendation-before-expiry-year and gen-rotate-tls-recommendation-before-expiry-month flag.
+  # By default it is set as 0(zero).
+  genRotateTLSRecommendationBeforeExpiryDay: 0

charts/kubevault/values.openapiv3_schema.yaml

@@ -1263,6 +1263,22 @@ properties:
                 type: string
             type: object
         type: object
+      recommendationEngine:
+        properties:
+          genRotateTLSRecommendationBeforeExpiryDay:
+            type: integer
+          genRotateTLSRecommendationBeforeExpiryMonth:
+            type: integer
+          genRotateTLSRecommendationBeforeExpiryYear:
+            type: integer
+          recommendationResyncPeriod:
+            type: string
+        required:
+        - genRotateTLSRecommendationBeforeExpiryDay
+        - genRotateTLSRecommendationBeforeExpiryMonth
+        - genRotateTLSRecommendationBeforeExpiryYear
+        - recommendationResyncPeriod
+        type: object
       registryFQDN:
         type: string
       replicaCount:

hack/scripts/import-crds.sh

@@ -76,3 +76,7 @@ crd-importer \
 crd-importer \
     --input=https://github.com/kubernetes-sigs/secrets-store-csi-driver/raw/v1.1.2/config/crd/bases/secrets-store.csi.x-k8s.io_secretproviderclasses.yaml \
     --out=./charts/secrets-store-reader/crds
+
+crd-importer \
+    --input=https://github.com/kubeops/supervisor/raw/v0.0.1/crds/supervisor.appscode.com_recommendations.yaml \
+    --out=./charts/kubevault-operator/crds