Tenant and Global configurations (#41)

* Tenant and Global configurations Signed-off-by: Waleed Malik <[email protected]> * Enable chart publish job Signed-off-by: Waleed Malik <[email protected]> --------- Signed-off-by: Waleed Malik <[email protected]>
kubermatic · Aug 11, 2024 · b436a7f · b436a7f
1 parent 1afb6b3
commit b436a7f
Show file tree

Hide file tree

Showing 41 changed files with 1,212 additions and 1,169 deletions.
diff --git a/.gitignore b/.gitignore
@@ -8,6 +8,5 @@ _build
 .DS_Store
 /bin
 cover.out
-charts/*/Chart.lock
 kubelb-*.tgz
 __debug*
diff --git a/.golangci.yml b/.golangci.yml
@@ -74,8 +74,8 @@ linters-settings:
 issues:
   exclude:
     # TODO: These methods are more or less the same and we need to build an abstraction for this. That would lower the cyclomatic complexity.
-    - 'cyclomatic complexity 33 of func `\(\*RouteReconciler\)\.createOrUpdateGRPCRoute` is high'
-    - 'cyclomatic complexity 33 of func `\(\*RouteReconciler\)\.createOrUpdateHTTPRoute` is high'
+    - "cyclomatic complexity 33 of func `CreateOrUpdateGRPCRoute` is high"
+    - "cyclomatic complexity 33 of func `CreateOrUpdateHTTPRoute` is high"
   exclude-dirs:
     - hack
     - vendor

diff --git a/.prow/postsubmits.yaml b/.prow/postsubmits.yaml
@@ -67,27 +67,28 @@ postsubmits:
             requests:
               cpu: 100m
               memory: 1Gi
-# - name: ci-push-kubelb-charts
-#   always_run: true
-#   decorate: true
-#   clone_uri: "ssh://[email protected]/kubermatic/kubelb.git"
-#   branches:
-#     # Match on tags
-#     - ^v\d+\.\d+\.\d+.*
-#   reporter_config:
-#     slack:
-#       channel: dev-kubelb
-#   labels:
-#     preset-docker-push: "true"
-#     preset-goproxy: "true"
-#   spec:
-#     containers:
-#       - image: quay.io/kubermatic/build:go-1.22-node-20-kind-0.23-11
-#         command:
-#           - make
-#         args:
-#           - release-charts
-#         resources:
-#           requests:
-#             cpu: 100m
-#             memory: 500m
+
+  - name: ci-push-kubelb-charts
+    always_run: true
+    decorate: true
+    clone_uri: "ssh://[email protected]/kubermatic/kubelb.git"
+    branches:
+      # Match on tags
+      - ^v\d+\.\d+\.\d+.*
+    reporter_config:
+      slack:
+        channel: dev-kubelb
+    labels:
+      preset-docker-push: "true"
+      preset-goproxy: "true"
+    spec:
+      containers:
+        - image: quay.io/kubermatic/build:go-1.22-node-20-kind-0.23-11
+          command:
+            - make
+          args:
+            - release-charts
+          resources:
+            requests:
+              cpu: 100m
+              memory: 500m
diff --git a/.prow/verify.yaml b/.prow/verify.yaml
@@ -133,7 +133,6 @@ presubmits:
               cpu: 4
 
   - name: pull-kubelb-e2e-tests
-    optional: true
     always_run: true
     decorate: true
     clone_uri: "ssh://[email protected]/kubermatic/kubelb.git"

diff --git a/api/kubelb.k8c.io/v1alpha1/addresses_types.go b/api/kubelb.k8c.io/v1alpha1/addresses_types.go
@@ -23,7 +23,7 @@ import (
 // AddressesSpec defines the desired state of Addresses
 type AddressesSpec struct {
 	// Addresses contains a list of addresses.
-	//+kubebuilder:validation:MinItems:=1
+	// +kubebuilder:validation:MinItems:=1
 	Addresses []EndpointAddress `json:"addresses,omitempty" protobuf:"bytes,1,rep,name=addresses"`
 }
 

diff --git a/api/kubelb.k8c.io/v1alpha1/common_types.go b/api/kubelb.k8c.io/v1alpha1/common_types.go
@@ -42,7 +42,7 @@ type LoadBalancerEndpoints struct {
 
 	// IP addresses which offer the related ports that are marked as ready. These endpoints
 	// should be considered safe for load balancers and clients to utilize.
-	//+kubebuilder:validation:MinItems:=1
+	// +kubebuilder:validation:MinItems:=1
 	Addresses []EndpointAddress `json:"addresses,omitempty" protobuf:"bytes,1,rep,name=addresses"`
 
 	// AddressesReference is a reference to the Addresses object that contains the IP addresses.
@@ -53,7 +53,7 @@ type LoadBalancerEndpoints struct {
 	// Port numbers available on the related IP addresses.
 	// This field is ignored for routes that are using kubernetes resources as the source.
 	// +optional
-	//+kubebuilder:validation:MinItems=1
+	// +kubebuilder:validation:MinItems=1
 	Ports []EndpointPort `json:"ports,omitempty" protobuf:"bytes,3,rep,name=ports"`
 }
 
@@ -85,3 +85,15 @@ type EndpointAddress struct {
 	// +optional
 	Hostname string `json:"hostname,omitempty" protobuf:"bytes,3,opt,name=hostname"`
 }
+
+type AnnotationSettings struct {
+	// PropagatedAnnotations defines the list of annotations(key-value pairs) that will be propagated to the LoadBalancer service. Keep the `value` field empty in the key-value pair to allow any value.
+	// This will have a higher precedence than the annotations specified at the Config level.
+	// +optional
+	PropagatedAnnotations *map[string]string `json:"propagatedAnnotations,omitempty"`
+
+	// PropagateAllAnnotations defines whether all annotations will be propagated to the LoadBalancer service. If set to true, PropagatedAnnotations will be ignored.
+	// This will have a higher precedence than the value specified at the Config level.
+	// +optional
+	PropagateAllAnnotations *bool `json:"propagateAllAnnotations,omitempty"`
+}
diff --git a/api/kubelb.k8c.io/v1alpha1/config_types.go b/api/kubelb.k8c.io/v1alpha1/config_types.go
@@ -31,27 +31,14 @@ const (
 
 // ConfigSpec defines the desired state of the Config
 type ConfigSpec struct {
+	AnnotationSettings `json:",inline"`
+
 	// EnvoyProxy defines the desired state of the Envoy Proxy
 	EnvoyProxy EnvoyProxy `json:"envoyProxy,omitempty"`
 
-	// PropagatedAnnotations defines the list of annotations(key-value pairs) that will be propagated to the LoadBalancer service. Keep the value empty to allow any value.
-	// Annotations specified at the namespace level will have a higher precedence than the annotations specified at the Config level.
-	// +optional
-	PropagatedAnnotations map[string]string `json:"propagatedAnnotations,omitempty"`
-
-	// PropagateAllAnnotations defines whether all annotations will be propagated to the LoadBalancer service. If set to true, PropagatedAnnotations will be ignored.
-	// +optional
-	PropagateAllAnnotations bool `json:"propagateAllAnnotations,omitempty"`
-
-	// IngressClassName is the name of the IngressClass that will be used for the routes created by KubeLB. If not specified, KubeLB will replace the IngressClassName
-	// with an empty value in the Ingress resource which would result in the default IngressClass being used.
-	// +optional
-	IngressClassName *string `json:"ingressClassName,omitempty"`
-
-	// GatewayClassName is the name of the GatewayClass that will be used for the routes created by KubeLB.
-	// If not specified, KubeLB will replace the GatewayClassName with an empty value in the Gateway resource which would result in the default GatewayClass being used.
-	// +optional
-	GatewayClassName *string `json:"gatewayClassName,omitempty"`
+	LoadBalancer LoadBalancerSettings `json:"loadBalancer,omitempty"`
+	Ingress      IngressSettings      `json:"ingress,omitempty"`
+	GatewayAPI   GatewayAPISettings   `json:"gatewayAPI,omitempty"`
 }
 
 // EnvoyProxy defines the desired state of the EnvoyProxy
@@ -97,8 +84,8 @@ type EnvoyProxy struct {
 	Affinity *corev1.Affinity `json:"affinity,omitempty"`
 }
 
-//+kubebuilder:object:root=true
-//+kubebuilder:subresource:status
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
 
 // Config is the object that represents the Config for the KubeLB management controller.
 type Config struct {
@@ -108,7 +95,15 @@ type Config struct {
 	Spec ConfigSpec `json:"spec,omitempty"`
 }
 
-//+kubebuilder:object:root=true
+func (c *Config) GetEnvoyProxyTopology() EnvoyProxyTopology {
+	return c.Spec.EnvoyProxy.Topology
+}
+
+func (c *Config) IsGlobalTopology() bool {
+	return c.Spec.EnvoyProxy.Topology == EnvoyProxyTopologyGlobal
+}
+
+// +kubebuilder:object:root=true
 
 // ConfigList contains a list of Config
 type ConfigList struct {

diff --git a/api/kubelb.k8c.io/v1alpha1/loadbalancer_types.go b/api/kubelb.k8c.io/v1alpha1/loadbalancer_types.go
@@ -72,7 +72,7 @@ type LoadBalancerSpec struct {
 
 	// Sets of addresses and ports that comprise an exposed user service on a cluster.
 	// +required
-	//+kubebuilder:validation:MinItems=1
+	// +kubebuilder:validation:MinItems=1
 	Endpoints []LoadBalancerEndpoints `json:"endpoints,omitempty"`
 
 	// The list of ports that are exposed by the load balancer service.
@@ -102,8 +102,8 @@ type LoadBalancerSpec struct {
 // +kubebuilder:object:root=true
 // +kubebuilder:subresource:status
 // +kubebuilder:resource:shortName=lb
-// +kubebuilder:printcolumn:JSONPath=".metadata.labels.kubelb.k8c.io/origin-name",name="OriginName",type="string"
-// +kubebuilder:printcolumn:JSONPath=".metadata.labels.kubelb.k8c.io/origin-ns",name="OriginNamespace",type="string"
+// +kubebuilder:printcolumn:JSONPath=".metadata.labels.kubelb\\.k8c\\.io/origin-name",name="OriginName",type="string"
+// +kubebuilder:printcolumn:JSONPath=".metadata.labels.kubelb\\.k8c\\.io/origin-ns",name="OriginNamespace",type="string"
 // +genclient
 
 // LoadBalancer is the Schema for the loadbalancers API

diff --git a/api/kubelb.k8c.io/v1alpha1/route_types.go b/api/kubelb.k8c.io/v1alpha1/route_types.go
@@ -28,7 +28,7 @@ import (
 type RouteSpec struct {
 	// Sets of addresses and ports that comprise an exposed user service on a cluster.
 	// +required
-	//+kubebuilder:validation:MinItems=1
+	// +kubebuilder:validation:MinItems=1
 	Endpoints []LoadBalancerEndpoints `json:"endpoints,omitempty"`
 
 	// Source contains the information about the source of the route. This is used when the route is created from external sources.
@@ -58,13 +58,6 @@ type KubernetesSource struct {
 	// Services contains the list of services that are used as the source for the Route.
 	// +kubebuilder:pruning:PreserveUnknownFields
 	Services []UpstreamService `json:"services,omitempty"`
-
-	// ReferenceGrants contains the list of ReferenceGrants that are used as the source for the Route.
-	// ReferenceGrant identifies kinds of resources in other namespaces that are
-	// trusted to reference the specified kinds of resources in the same namespace
-	// as the policy.
-	// +kubebuilder:pruning:PreserveUnknownFields
-	ReferenceGrants []UpstreamReferenceGrant `json:"referenceGrants,omitempty"`
 }
 
 // TODO(waleed): Evaluate if this is really worth it, semantically it makes sense but it adds a lot of boilerplate. Alternatively,
@@ -90,11 +83,11 @@ type UpstreamReferenceGrant struct {
 	gwapiv1alpha2.ReferenceGrant `json:",inline"`
 }
 
-//+kubebuilder:object:root=true
-//+kubebuilder:subresource:status
-// +kubebuilder:printcolumn:JSONPath=".metadata.labels.kubelb.k8c.io/origin-name",name="OriginName",type="string"
-// +kubebuilder:printcolumn:JSONPath=".metadata.labels.kubelb.k8c.io/origin-ns",name="OriginNamespace",type="string"
-// +kubebuilder:printcolumn:JSONPath=".metadata.labels.kubelb.k8c.io/origin-resource-kind",name="OriginResource",type="string"
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:printcolumn:JSONPath=".metadata.labels.kubelb\\.k8c\\.io/origin-name",name="OriginName",type="string"
+// +kubebuilder:printcolumn:JSONPath=".metadata.labels.kubelb\\.k8c\\.io/origin-ns",name="OriginNamespace",type="string"
+// +kubebuilder:printcolumn:JSONPath=".metadata.labels.kubelb\\.k8c\\.io/origin-resource-kind",name="OriginResource",type="string"
 
 // Route is the object that represents a route in the cluster.
 type Route struct {
@@ -116,8 +109,6 @@ type RouteResourcesStatus struct {
 
 	Services map[string]RouteServiceStatus `json:"services,omitempty"`
 
-	ReferenceGrants map[string]ResourceState `json:"referenceGrants,omitempty"`
-
 	Route ResourceState `json:"route,omitempty"`
 }
 
@@ -158,7 +149,7 @@ func (t ConditionType) String() string {
 	return string(t)
 }
 
-//+kubebuilder:object:root=true
+// +kubebuilder:object:root=true
 
 // RouteList contains a list of Routes
 type RouteList struct {

diff --git a/api/kubelb.k8c.io/v1alpha1/tenant_types.go b/api/kubelb.k8c.io/v1alpha1/tenant_types.go
@@ -20,43 +20,47 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
-// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
-
 // TenantSpec defines the desired state of Tenant
 type TenantSpec struct {
+	AnnotationSettings `json:",inline"`
+
 	LoadBalancer LoadBalancerSettings `json:"loadBalancer,omitempty"`
-	// Ingress      IngressSettings      `json:"ingress,omitempty"`
-	// GatewayAPI   GatewayAPISettings   `json:"gatewayAPI,omitempty"`
+	Ingress      IngressSettings      `json:"ingress,omitempty"`
+	GatewayAPI   GatewayAPISettings   `json:"gatewayAPI,omitempty"`
 }
 
+// LoadBalancerSettings defines the settings for the load balancers.
 type LoadBalancerSettings struct {
 	// Class is the class of the load balancer to use.
+	// This has higher precedence than the value specified in the Config.
 	// +optional
 	Class *string `json:"class,omitempty"`
 
-	// PropagatedAnnotations defines the list of annotations(key-value pairs) that will be propagated to the LoadBalancer service. Keep the `value` field empty in the key-value pair to allow any value.
-	// This will have a higher precedence than the annotations specified at the Config level.
-	// +optional
-	PropagatedAnnotations *map[string]string `json:"propagatedAnnotations,omitempty"`
+	// Disable is a flag that can be used to disable L4 load balancing for a tenant.
+	Disable bool `json:"disable,omitempty"`
+}
 
-	// PropagateAllAnnotations defines whether all annotations will be propagated to the LoadBalancer service. If set to true, PropagatedAnnotations will be ignored.
-	// This will have a higher precedence than the value specified at the Config level.
+// IngressSettings defines the settings for the ingress.
+type IngressSettings struct {
+	// Class is the class of the ingress to use.
+	// This has higher precedence than the value specified in the Config.
 	// +optional
-	PropagateAllAnnotations *bool `json:"propagateAllAnnotations,omitempty"`
+	Class *string `json:"class,omitempty"`
+
+	// Disable is a flag that can be used to disable Ingress for a tenant.
+	Disable bool `json:"disable,omitempty"`
 }
 
-// type IngressSettings struct {
-// 	// Class is the class of the ingress to use.
-// 	// +optional
-// 	Class *string `json:"class,omitempty"`
-// }
-
-// type GatewayAPISettings struct {
-// 	// Class is the class of the gateway API to use. This can be used to
-// 	// +optional
-// 	Class *string `json:"class,omitempty"`
-// }
+// GatewayAPISettings defines the settings for the gateway API.
+type GatewayAPISettings struct {
+	// Class is the class of the gateway API to use. This can be used to specify a specific gateway API implementation.
+	// This has higher precedence than the value specified in the Config.
+	// +optional
+	Class *string `json:"class,omitempty"`
+
+	// Disable is a flag that can be used to disable Gateway API for a tenant.
+	Disable bool `json:"disable,omitempty"`
+}
 
 // TenantStatus defines the observed state of Tenant
 type TenantStatus struct {