Skip to content

Commit

Permalink
Define backward-compatible attached clusters API for the direct contr…
Browse files Browse the repository at this point in the history
…oller.
  • Loading branch information
hankfreund committed Sep 30, 2024
1 parent 93278d7 commit 277201c
Show file tree
Hide file tree
Showing 11 changed files with 1,213 additions and 182 deletions.
197 changes: 197 additions & 0 deletions apis/containerattached/v1beta1/containerattachedcluster_types.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,197 @@
// Copyright 2024 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package v1beta1

import (
refs "github.com/GoogleCloudPlatform/k8s-config-connector/apis/refs/v1beta1"
"github.com/GoogleCloudPlatform/k8s-config-connector/pkg/apis/k8s/v1alpha1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

var ContainerAttachedClusterGVK = GroupVersion.WithKind("ContainerAttachedCluster")

// ContainerAttachedClusterSpec defines the desired state of ContainerAttachedCluster
// +kcc:proto=google.cloud.gkemulticloud.v1.AttachedCluster
type ContainerAttachedClusterSpec struct {
/* The ID of the project in which the resource belongs. If it is not provided, the provider project is used. */
// +optional
ProjectRef *refs.ProjectRef `json:"projectRef,omitempty"`

// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ResourceID field is immutable"
// Immutable, Optional.
// The ContainerAttachedCluster name. If not given, the metadata.name will be used.
ResourceID *string `json:"resourceID,omitempty"`

// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Location field is immutable"
// Immutable. The location for the resource.
Location string `json:"location"`

// Optional. A human readable description of this Attached cluster.
// Cannot be longer than 255 UTF-8 encoded bytes.
Description *string `json:"description,omitempty"`

// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="OidcConfig field is immutable"
/* Required. OpenID Connect (OIDC) discovery information of the target cluster.
Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster
API server. This field indicates how GCP services validate KSA tokens in order
to allow system workloads (such as GKE Connect and telemetry agents) to
authenticate back to GCP.
Both clusters with public and private issuer URLs are supported.
Clusters with public issuers only need to specify the 'issuerUrl' field
while clusters with private issuers need to provide both 'issuerUrl' and 'jwks'.
*/
OidcConfig AttachedOidcConfig `json:"oidcConfig"`

// Required. The platform version for the cluster (e.g. `1.30.0-gke.1`).
PlatformVersion string `json:"platformVersion"`

// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Distribution field is immutable"
// Immutable. The Kubernetes distribution of the underlying attached cluster.
//
// Supported values: ["eks", "aks", "generic"].
Distribution string `json:"distribution"`

// Required. Fleet configuration.
Fleet Fleet `json:"fleet"`

/*NOTYET
// Allows clients to perform consistent read-modify-writes
// through optimistic concurrency control.
//
// Can be sent on update and delete requests to ensure the
// client has an up-to-date value before proceeding.
Etag *string `json:"etag,omitempty"`
*/

// Optional. Annotations on the cluster.
//
// This field has the same restrictions as Kubernetes annotations.
// The total size of all keys and values combined is limited to 256k.
// Key can have 2 segments: prefix (optional) and name (required),
// separated by a slash (/).
// Prefix must be a DNS subdomain.
// Name must be 63 characters or less, begin and end with alphanumerics,
// with dashes (-), underscores (_), dots (.), and alphanumerics between.
Annotations map[string]string `json:"annotations,omitempty"`

// Optional. Logging configuration for this cluster.
LoggingConfig *LoggingConfig `json:"loggingConfig,omitempty"`

// Optional. Configuration related to the cluster RBAC settings.
Authorization *AttachedClustersAuthorization `json:"authorization,omitempty"`

// Optional. Monitoring configuration for this cluster.
MonitoringConfig *MonitoringConfig `json:"monitoringConfig,omitempty"`

/*NOTYET
// Optional. Proxy configuration for outbound HTTP(S) traffic.
ProxyConfig *AttachedProxyConfig `json:"proxyConfig,omitempty"`
*/

// Optional. Binary Authorization configuration for this cluster.
BinaryAuthorization *BinaryAuthorization `json:"binaryAuthorization,omitempty"`

// Optional. Policy to determine what flags to send on delete.
DeletionPolicy *string `json:"deletionPolicy,omitempty"`
}

// ContainerAttachedClusterStatus defines the config connector machine state of ContainerAttachedCluster
type ContainerAttachedClusterStatus struct {
/* Conditions represent the latest available observations of the
object's current state. */
Conditions []v1alpha1.Condition `json:"conditions,omitempty"`

// ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource.
ObservedGeneration *int64 `json:"observedGeneration,omitempty"`

// A globally unique identifier for the cluster.
Uid *string `json:"uid,omitempty"`

// The region where this cluster runs.
//
// For EKS clusters, this is an AWS region. For AKS clusters,
// this is an Azure region.
ClusterRegion *string `json:"clusterRegion,omitempty"`

// The Kubernetes version of the cluster.
KubernetesVersion *string `json:"kubernetesVersion,omitempty"`

// Workload Identity settings.
WorkloadIdentityConfig []WorkloadIdentityConfig `json:"workloadIdentityConfig,omitempty"`

// The time at which this cluster was registered.
CreateTime *string `json:"createTime,omitempty"`

// The time at which this cluster was last updated.
UpdateTime *string `json:"updateTime,omitempty"`

// If set, there are currently changes in flight to the cluster.
Reconciling *bool `json:"reconciling,omitempty"`

/* The current state of the cluster.
Possible values: STATE_UNSPECIFIED, PROVISIONING, RUNNING, RECONCILING, STOPPING, ERROR, DEGRADED. */
State *string `json:"state,omitempty"`

// A set of errors found in the cluster.
Errors []AttachedClusterError `json:"errors,omitempty"`

// ObservedState is the state of the resource as most recently observed in GCP.
ObservedState *ContainerAttachedClusterObservedState `json:"observedState,omitempty"`
}

// ContainerAttachedClusterObservedState is the state of the ContainerAttachedCluster resource as most recently observed in GCP.
type ContainerAttachedClusterObservedState struct {
// Output only. The name of the managed Hub Membership resource associated to
// this cluster.
//
// Membership names are formatted as
// `projects/<project-number>/locations/global/membership/<cluster-id>`.
// This field mirrors the Spec.Fleet.Membership field.
FleetMembership *string `json:"fleetMembership,omitempty"`
}

// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:categories=gcp,shortName=gcpcontainerattachedcluster;gcpcontainerattachedclusters
// +kubebuilder:subresource:status
// +kubebuilder:metadata:labels="cnrm.cloud.google.com/tf2crd=true";"cnrm.cloud.google.com/managed-by-kcc=true";"cnrm.cloud.google.com/stability-level=stable";"cnrm.cloud.google.com/system=true"
// +kubebuilder:printcolumn:name="Age",JSONPath=".metadata.creationTimestamp",type="date"
// +kubebuilder:printcolumn:name="Ready",JSONPath=".status.conditions[?(@.type=='Ready')].status",type="string",description="When 'True', the most recent reconcile of the resource succeeded"
// +kubebuilder:printcolumn:name="Status",JSONPath=".status.conditions[?(@.type=='Ready')].reason",type="string",description="The reason for the value in 'Ready'"
// +kubebuilder:printcolumn:name="Status Age",JSONPath=".status.conditions[?(@.type=='Ready')].lastTransitionTime",type="date",description="The last transition time for the value in 'Status'"

// ContainerAttachedCluster is the Schema for the ContainerAttachedCluster API
// +k8s:openapi-gen=true
type ContainerAttachedCluster struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`

Spec ContainerAttachedClusterSpec `json:"spec"`
Status ContainerAttachedClusterStatus `json:"status,omitempty"`
}

// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ContainerAttachedClusterList contains a list of ContainerAttachedCluster
type ContainerAttachedClusterList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []ContainerAttachedCluster `json:"items"`
}

func init() {
SchemeBuilder.Register(&ContainerAttachedCluster{}, &ContainerAttachedClusterList{})
}
16 changes: 16 additions & 0 deletions apis/containerattached/v1beta1/doc.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
// Copyright 2024 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

// +kcc:proto=google.cloud.gkemulticloud.v1
package v1beta1
33 changes: 33 additions & 0 deletions apis/containerattached/v1beta1/groupversion_info.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
// Copyright 2024 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

// +kubebuilder:object:generate=true
// +groupName=containerattached.cnrm.cloud.google.com
package v1beta1

import (
"k8s.io/apimachinery/pkg/runtime/schema"
"sigs.k8s.io/controller-runtime/pkg/scheme"
)

var (
// GroupVersion is group version used to register these objects
GroupVersion = schema.GroupVersion{Group: "containerattached.cnrm.cloud.google.com", Version: "v1beta1"}

// SchemeBuilder is used to add go types to the GroupVersionKind scheme
SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

// AddToScheme adds the types in this group-version to the given scheme.
AddToScheme = SchemeBuilder.AddToScheme
)
24 changes: 24 additions & 0 deletions apis/containerattached/v1beta1/refs.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
// Copyright 2024 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package v1beta1

type FleetProjectRef struct {
/* The project of the fleet. Allowed value: The Google Cloud resource name of a `Project` resource (format: `projects/{{name}}`).*/
External string `json:"external,omitempty"`
/* Name of the project resource. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names */
Name string `json:"name,omitempty"`
/* Namespace of the project resource. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ */
Namespace string `json:"namespace,omitempty"`
}
Loading

0 comments on commit 277201c

Please sign in to comment.