From 1b094236f29f0413d426b50dfb74456aff2db879 Mon Sep 17 00:00:00 2001 From: Mattia Lavacca Date: Thu, 12 Sep 2024 16:21:43 +0200 Subject: [PATCH] feat: update `DataPlaneKonnectExtension` (#578) * feat: DataPlaneKonnectExtension CRD update Signed-off-by: Mattia Lavacca * chore: update sample Signed-off-by: Mattia Lavacca * chore: CHANGELOG updated Signed-off-by: Mattia Lavacca --------- Signed-off-by: Mattia Lavacca --- CHANGELOG.md | 2 +- .../dataplane_konnect_extension_types.go | 19 +++++++++-- api/v1alpha1/zz_generated.deepcopy.go | 32 +++++++++++++++++++ ...konghq.com_dataplanekonnectextensions.yaml | 27 +++++++++++++--- .../samples/dataplane-konnect-extension.yaml | 4 ++- docs/api-reference.md | 32 ++++++++++++++++++- 6 files changed, 106 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 95d5ac42f..391987774 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -56,7 +56,7 @@ [#513](https://github.com/Kong/gateway-operator/pull/513), [#535](https://github.com/Kong/gateway-operator/pull/535) - The `DataPlaneKonnectExtension` CRD has been introduced. Such a CRD can be attached to a `DataPlane` via the extensions field to have a konnect-flavored `DataPlane`. - [#453](https://github.com/Kong/gateway-operator/pull/453) + [#453](https://github.com/Kong/gateway-operator/pull/453), [#578](https://github.com/Kong/gateway-operator/pull/578) - Entities created in Konnect are now labeled (or tagged for those that does not support labels) with origin Kubernetes object's metadata: `k8s-name`, `k8s-namespace`, `k8s-uid`, `k8s-generation`, `k8s-kind`, `k8s-group`, `k8s-version`. diff --git a/api/v1alpha1/dataplane_konnect_extension_types.go b/api/v1alpha1/dataplane_konnect_extension_types.go index fe4d1feb6..1d524829b 100644 --- a/api/v1alpha1/dataplane_konnect_extension_types.go +++ b/api/v1alpha1/dataplane_konnect_extension_types.go @@ -33,6 +33,7 @@ func init() { // and is intended to be referenced as extension by the dataplane API. // If a DataPlane successfully refers a DataPlaneKonnectExtension, the DataPlane // deployment spec gets customized to include the konnect-related configuration. +// +kubebuilder:validation:XValidation:rule="oldSelf.spec.controlPlaneRef == self.spec.controlPlaneRef", message="spec.controlPlaneRef is immutable." type DataPlaneKonnectExtension struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -78,15 +79,29 @@ type DataPlaneKonnectExtensionSpec struct { // +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$` ServerHostname string `json:"serverHostname"` - // ClusterCertificateSecretName is a name of the Secret containing the Konnect Control Plane's cluster certificate. + // AuthConfiguration must be used to configure the Konnect API authentication. // +kubebuilder:validation:Required - ClusterCertificateSecretName string `json:"clusterCertificateSecretName"` + AuthConfiguration KonnectControlPlaneAPIAuthConfiguration `json:"konnectControlPlaneAPIAuthConfiguration"` // ClusterDataPlaneLabels is a set of labels that will be applied to the Konnect DataPlane. // +optional ClusterDataPlaneLabels map[string]string `json:"clusterDataPlaneLabels,omitempty"` } +// KonnectControlPlaneAPIAuthConfiguration contains the configuration to authenticate with Konnect API ControlPlane. +type KonnectControlPlaneAPIAuthConfiguration struct { + // ClusterCertificateSecretName is a name of the Secret containing the Konnect Control Plane's cluster certificate. + // +kubebuilder:validation:Required + ClusterCertificateSecretName ClusterCertificateSecretRef `json:"clusterCertificateSecretRef"` +} + +// ClusterCertificateSecretRef contains the reference to the Secret containing the Konnect Control Plane's cluster certificate. +type ClusterCertificateSecretRef struct { + // Name is the name of the Secret containing the Konnect Control Plane's cluster certificate. + // +kubebuilder:validation:Required + Name string `json:"name"` +} + // DataPlaneKonnectExtensionStatus defines the observed state of DataPlaneKonnectExtension. type DataPlaneKonnectExtensionStatus struct { // DataPlaneRefs is the array of DataPlane references this is associated with. diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 2f1265469..caa2f69ef 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -260,6 +260,21 @@ func (in *CloudHostedLargeLanguageModel) DeepCopy() *CloudHostedLargeLanguageMod return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterCertificateSecretRef) DeepCopyInto(out *ClusterCertificateSecretRef) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterCertificateSecretRef. +func (in *ClusterCertificateSecretRef) DeepCopy() *ClusterCertificateSecretRef { + if in == nil { + return nil + } + out := new(ClusterCertificateSecretRef) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DataPlaneKonnectExtension) DeepCopyInto(out *DataPlaneKonnectExtension) { *out = *in @@ -323,6 +338,7 @@ func (in *DataPlaneKonnectExtensionList) DeepCopyObject() runtime.Object { func (in *DataPlaneKonnectExtensionSpec) DeepCopyInto(out *DataPlaneKonnectExtensionSpec) { *out = *in in.ControlPlaneRef.DeepCopyInto(&out.ControlPlaneRef) + out.AuthConfiguration = in.AuthConfiguration if in.ClusterDataPlaneLabels != nil { in, out := &in.ClusterDataPlaneLabels, &out.ClusterDataPlaneLabels *out = make(map[string]string, len(*in)) @@ -577,6 +593,22 @@ func (in *KongPluginInstallationStatus) DeepCopy() *KongPluginInstallationStatus return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *KonnectControlPlaneAPIAuthConfiguration) DeepCopyInto(out *KonnectControlPlaneAPIAuthConfiguration) { + *out = *in + out.ClusterCertificateSecretName = in.ClusterCertificateSecretName +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KonnectControlPlaneAPIAuthConfiguration. +func (in *KonnectControlPlaneAPIAuthConfiguration) DeepCopy() *KonnectControlPlaneAPIAuthConfiguration { + if in == nil { + return nil + } + out := new(KonnectControlPlaneAPIAuthConfiguration) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *LLMPrompt) DeepCopyInto(out *LLMPrompt) { *out = *in diff --git a/config/crd/bases/gateway-operator.konghq.com_dataplanekonnectextensions.yaml b/config/crd/bases/gateway-operator.konghq.com_dataplanekonnectextensions.yaml index 9286d5094..d297435f3 100644 --- a/config/crd/bases/gateway-operator.konghq.com_dataplanekonnectextensions.yaml +++ b/config/crd/bases/gateway-operator.konghq.com_dataplanekonnectextensions.yaml @@ -47,10 +47,6 @@ spec: description: Spec is the specification of the DataPlaneKonnectExtension resource. properties: - clusterCertificateSecretName: - description: ClusterCertificateSecretName is a name of the Secret - containing the Konnect Control Plane's cluster certificate. - type: string clusterDataPlaneLabels: additionalProperties: type: string @@ -100,6 +96,24 @@ spec: Plane. example: us type: string + konnectControlPlaneAPIAuthConfiguration: + description: AuthConfiguration must be used to configure the Konnect + API authentication. + properties: + clusterCertificateSecretRef: + description: ClusterCertificateSecretName is a name of the Secret + containing the Konnect Control Plane's cluster certificate. + properties: + name: + description: Name is the name of the Secret containing the + Konnect Control Plane's cluster certificate. + type: string + required: + - name + type: object + required: + - clusterCertificateSecretRef + type: object serverHostname: description: |- ServerHostname is the fully qualified domain name of the konnect server. This @@ -115,9 +129,9 @@ spec: pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - - clusterCertificateSecretName - controlPlaneRef - controlPlaneRegion + - konnectControlPlaneAPIAuthConfiguration - serverHostname type: object status: @@ -151,6 +165,9 @@ spec: type: array type: object type: object + x-kubernetes-validations: + - message: spec.controlPlaneRef is immutable. + rule: oldSelf.spec.controlPlaneRef == self.spec.controlPlaneRef served: true storage: true subresources: diff --git a/config/samples/dataplane-konnect-extension.yaml b/config/samples/dataplane-konnect-extension.yaml index c958c6847..4fa4e72d2 100644 --- a/config/samples/dataplane-konnect-extension.yaml +++ b/config/samples/dataplane-konnect-extension.yaml @@ -28,7 +28,9 @@ spec: konnectID: serverHostname: your.konnect.server controlPlaneRegion: eu - clusterCertificateSecretName: konnect-client-tls + konnectControlPlaneAPIAuthConfiguration: + clusterCertificateSecretRef: + name: konnect-client-tls --- apiVersion: gateway-operator.konghq.com/v1beta1 kind: DataPlane diff --git a/docs/api-reference.md b/docs/api-reference.md index 393320b5c..fdd810527 100644 --- a/docs/api-reference.md +++ b/docs/api-reference.md @@ -262,6 +262,21 @@ Azure, e.t.c.). _Appears in:_ - [LargeLanguageModels](#largelanguagemodels) +#### ClusterCertificateSecretRef + + +ClusterCertificateSecretRef contains the reference to the Secret containing the Konnect Control Plane's cluster certificate. + + + +| Field | Description | +| --- | --- | +| `name` _string_ | Name is the name of the Secret containing the Konnect Control Plane's cluster certificate. | + + +_Appears in:_ +- [KonnectControlPlaneAPIAuthConfiguration](#konnectcontrolplaneapiauthconfiguration) + #### DataPlaneKonnectExtensionSpec @@ -274,7 +289,7 @@ DataPlaneKonnectExtensionSpec defines the desired state of DataPlaneKonnectExten | `controlPlaneRef` _[ControlPlaneRef](#controlplaneref)_ | ControlPlaneRef is a reference to a ControlPlane this DataPlaneKonnectExtension is associated with. | | `controlPlaneRegion` _string_ | ControlPlaneRegion is the region of the Konnect Control Plane. | | `serverHostname` _string_ | ServerHostname is the fully qualified domain name of the konnect server. This matches the RFC 1123 definition of a hostname with 1 notable exception that numeric IP addresses are not allowed.

Note that as per RFC1035 and RFC1123, a *label* must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character. No other punctuation is allowed. | -| `clusterCertificateSecretName` _string_ | ClusterCertificateSecretName is a name of the Secret containing the Konnect Control Plane's cluster certificate. | +| `konnectControlPlaneAPIAuthConfiguration` _[KonnectControlPlaneAPIAuthConfiguration](#konnectcontrolplaneapiauthconfiguration)_ | AuthConfiguration must be used to configure the Konnect API authentication. | | `clusterDataPlaneLabels` _object (keys:string, values:string)_ | ClusterDataPlaneLabels is a set of labels that will be applied to the Konnect DataPlane. | @@ -402,6 +417,21 @@ KongPluginInstallationStatus defines the observed state of KongPluginInstallatio _Appears in:_ - [KongPluginInstallation](#kongplugininstallation) +#### KonnectControlPlaneAPIAuthConfiguration + + +KonnectControlPlaneAPIAuthConfiguration contains the configuration to authenticate with Konnect API ControlPlane. + + + +| Field | Description | +| --- | --- | +| `clusterCertificateSecretRef` _[ClusterCertificateSecretRef](#clustercertificatesecretref)_ | ClusterCertificateSecretName is a name of the Secret containing the Konnect Control Plane's cluster certificate. | + + +_Appears in:_ +- [DataPlaneKonnectExtensionSpec](#dataplanekonnectextensionspec) + #### LLMPrompt