feat: update DataPlaneKonnectExtension (#578)

* feat: DataPlaneKonnectExtension CRD update Signed-off-by: Mattia Lavacca <[email protected]> * chore: update sample Signed-off-by: Mattia Lavacca <[email protected]> * chore: CHANGELOG updated Signed-off-by: Mattia Lavacca <[email protected]> --------- Signed-off-by: Mattia Lavacca <[email protected]>
Kong · Sep 12, 2024 · 1b09423 · 1b09423
1 parent 9a1072f
commit 1b09423
Show file tree

Hide file tree

Showing 6 changed files with 106 additions and 10 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -56,7 +56,7 @@
   [#513](https://github.com/Kong/gateway-operator/pull/513), [#535](https://github.com/Kong/gateway-operator/pull/535)
 - The `DataPlaneKonnectExtension` CRD has been introduced. Such a CRD can be attached
   to a `DataPlane` via the extensions field to have a konnect-flavored `DataPlane`.
-  [#453](https://github.com/Kong/gateway-operator/pull/453)
+  [#453](https://github.com/Kong/gateway-operator/pull/453), [#578](https://github.com/Kong/gateway-operator/pull/578)
 - Entities created in Konnect are now labeled (or tagged for those that does not
   support labels) with origin Kubernetes object's metadata: `k8s-name`, `k8s-namespace`,
   `k8s-uid`, `k8s-generation`, `k8s-kind`, `k8s-group`, `k8s-version`.

diff --git a/api/v1alpha1/dataplane_konnect_extension_types.go b/api/v1alpha1/dataplane_konnect_extension_types.go
@@ -33,6 +33,7 @@ func init() {
 // and is intended to be referenced as extension by the dataplane API.
 // If a DataPlane successfully refers a DataPlaneKonnectExtension, the DataPlane
 // deployment spec gets customized to include the konnect-related configuration.
+// +kubebuilder:validation:XValidation:rule="oldSelf.spec.controlPlaneRef == self.spec.controlPlaneRef", message="spec.controlPlaneRef is immutable."
 type DataPlaneKonnectExtension struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
@@ -78,15 +79,29 @@ type DataPlaneKonnectExtensionSpec struct {
 	// +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$`
 	ServerHostname string `json:"serverHostname"`
 
-	// ClusterCertificateSecretName is a name of the Secret containing the Konnect Control Plane's cluster certificate.
+	// AuthConfiguration must be used to configure the Konnect API authentication.
 	// +kubebuilder:validation:Required
-	ClusterCertificateSecretName string `json:"clusterCertificateSecretName"`
+	AuthConfiguration KonnectControlPlaneAPIAuthConfiguration `json:"konnectControlPlaneAPIAuthConfiguration"`
 
 	// ClusterDataPlaneLabels is a set of labels that will be applied to the Konnect DataPlane.
 	// +optional
 	ClusterDataPlaneLabels map[string]string `json:"clusterDataPlaneLabels,omitempty"`
 }
 
+// KonnectControlPlaneAPIAuthConfiguration contains the configuration to authenticate with Konnect API ControlPlane.
+type KonnectControlPlaneAPIAuthConfiguration struct {
+	// ClusterCertificateSecretName is a name of the Secret containing the Konnect Control Plane's cluster certificate.
+	// +kubebuilder:validation:Required
+	ClusterCertificateSecretName ClusterCertificateSecretRef `json:"clusterCertificateSecretRef"`
+}
+
+// ClusterCertificateSecretRef contains the reference to the Secret containing the Konnect Control Plane's cluster certificate.
+type ClusterCertificateSecretRef struct {
+	// Name is the name of the Secret containing the Konnect Control Plane's cluster certificate.
+	// +kubebuilder:validation:Required
+	Name string `json:"name"`
+}
+
 // DataPlaneKonnectExtensionStatus defines the observed state of DataPlaneKonnectExtension.
 type DataPlaneKonnectExtensionStatus struct {
 	// DataPlaneRefs is the array  of DataPlane references this is associated with.

diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/gateway-operator.konghq.com_dataplanekonnectextensions.yaml b/config/crd/bases/gateway-operator.konghq.com_dataplanekonnectextensions.yaml
@@ -47,10 +47,6 @@ spec:
             description: Spec is the specification of the DataPlaneKonnectExtension
               resource.
             properties:
-              clusterCertificateSecretName:
-                description: ClusterCertificateSecretName is a name of the Secret
-                  containing the Konnect Control Plane's cluster certificate.
-                type: string
               clusterDataPlaneLabels:
                 additionalProperties:
                   type: string
@@ -100,6 +96,24 @@ spec:
                   Plane.
                 example: us
                 type: string
+              konnectControlPlaneAPIAuthConfiguration:
+                description: AuthConfiguration must be used to configure the Konnect
+                  API authentication.
+                properties:
+                  clusterCertificateSecretRef:
+                    description: ClusterCertificateSecretName is a name of the Secret
+                      containing the Konnect Control Plane's cluster certificate.
+                    properties:
+                      name:
+                        description: Name is the name of the Secret containing the
+                          Konnect Control Plane's cluster certificate.
+                        type: string
+                    required:
+                    - name
+                    type: object
+                required:
+                - clusterCertificateSecretRef
+                type: object
               serverHostname:
                 description: |-
                   ServerHostname is the fully qualified domain name of the konnect server. This
@@ -115,9 +129,9 @@ spec:
                 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
                 type: string
             required:
-            - clusterCertificateSecretName
             - controlPlaneRef
             - controlPlaneRegion
+            - konnectControlPlaneAPIAuthConfiguration
             - serverHostname
             type: object
           status:
@@ -151,6 +165,9 @@ spec:
                 type: array
             type: object
         type: object
+        x-kubernetes-validations:
+        - message: spec.controlPlaneRef is immutable.
+          rule: oldSelf.spec.controlPlaneRef == self.spec.controlPlaneRef
     served: true
     storage: true
     subresources:

diff --git a/config/samples/dataplane-konnect-extension.yaml b/config/samples/dataplane-konnect-extension.yaml
@@ -28,7 +28,9 @@ spec:
     konnectID: <YOUR-CP-KONNECT-ID>
   serverHostname: your.konnect.server
   controlPlaneRegion: eu
-  clusterCertificateSecretName: konnect-client-tls
+  konnectControlPlaneAPIAuthConfiguration:
+    clusterCertificateSecretRef:
+      name: konnect-client-tls
 ---
 apiVersion: gateway-operator.konghq.com/v1beta1
 kind: DataPlane

diff --git a/docs/api-reference.md b/docs/api-reference.md
@@ -262,6 +262,21 @@ Azure, e.t.c.).
 _Appears in:_
 - [LargeLanguageModels](#largelanguagemodels)
 
+#### ClusterCertificateSecretRef
+
+
+ClusterCertificateSecretRef contains the reference to the Secret containing the Konnect Control Plane's cluster certificate.
+
+
+
+| Field | Description |
+| --- | --- |
+| `name` _string_ | Name is the name of the Secret containing the Konnect Control Plane's cluster certificate. |
+
+
+_Appears in:_
+- [KonnectControlPlaneAPIAuthConfiguration](#konnectcontrolplaneapiauthconfiguration)
+
 #### DataPlaneKonnectExtensionSpec
 
 
@@ -274,7 +289,7 @@ DataPlaneKonnectExtensionSpec defines the desired state of DataPlaneKonnectExten
 | `controlPlaneRef` _[ControlPlaneRef](#controlplaneref)_ | ControlPlaneRef is a reference to a ControlPlane this DataPlaneKonnectExtension is associated with. |
 | `controlPlaneRegion` _string_ | ControlPlaneRegion is the region of the Konnect Control Plane. |
 | `serverHostname` _string_ | ServerHostname is the fully qualified domain name of the konnect server. This matches the RFC 1123 definition of a hostname with 1 notable exception that numeric IP addresses are not allowed.<br /><br /> Note that as per RFC1035 and RFC1123, a *label* must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character. No other punctuation is allowed. |
-| `clusterCertificateSecretName` _string_ | ClusterCertificateSecretName is a name of the Secret containing the Konnect Control Plane's cluster certificate. |
+| `konnectControlPlaneAPIAuthConfiguration` _[KonnectControlPlaneAPIAuthConfiguration](#konnectcontrolplaneapiauthconfiguration)_ | AuthConfiguration must be used to configure the Konnect API authentication. |
 | `clusterDataPlaneLabels` _object (keys:string, values:string)_ | ClusterDataPlaneLabels is a set of labels that will be applied to the Konnect DataPlane. |
 
 
@@ -402,6 +417,21 @@ KongPluginInstallationStatus defines the observed state of KongPluginInstallatio
 _Appears in:_
 - [KongPluginInstallation](#kongplugininstallation)
 
+#### KonnectControlPlaneAPIAuthConfiguration
+
+
+KonnectControlPlaneAPIAuthConfiguration contains the configuration to authenticate with Konnect API ControlPlane.
+
+
+
+| Field | Description |
+| --- | --- |
+| `clusterCertificateSecretRef` _[ClusterCertificateSecretRef](#clustercertificatesecretref)_ | ClusterCertificateSecretName is a name of the Secret containing the Konnect Control Plane's cluster certificate. |
+
+
+_Appears in:_
+- [DataPlaneKonnectExtensionSpec](#dataplanekonnectextensionspec)
+
 #### LLMPrompt