Minor fixes and improvements (#37)

* Update go dependencies

Signed-off-by: Waleed Malik <[email protected]>

* Fix RBAC in helm charts:

Signed-off-by: Waleed Malik <[email protected]>

* Use golang 1.22.5 and corresponding build images

Signed-off-by: Waleed Malik <[email protected]>

* Add helm lint make target

Signed-off-by: Waleed Malik <[email protected]>

* Add icons for helm chart

Signed-off-by: Waleed Malik <[email protected]>

* Update Dockerfiles

Signed-off-by: Waleed Malik <[email protected]>

* Add NOTES.txt for charts

Signed-off-by: Waleed Malik <[email protected]>

* Enable automation for helm charts

Signed-off-by: Waleed Malik <[email protected]>

* Disable automation for helm charts

Signed-off-by: Waleed Malik <[email protected]>

* Remove dedicated topology

Signed-off-by: Waleed Malik <[email protected]>

* Update generated CRDs

Signed-off-by: Waleed Malik <[email protected]>

* Fix tests

Signed-off-by: Waleed Malik <[email protected]>

* Make controllers for CCM optional

Signed-off-by: Waleed Malik <[email protected]>

* Use upstream controller utils for finalizers

Signed-off-by: Waleed Malik <[email protected]>

* Additional prow jobs for code verification

Signed-off-by: Waleed Malik <[email protected]>

* Fix images

Signed-off-by: Waleed Malik <[email protected]>

* Upgrade to Envoy Proxy v1.31.0

Signed-off-by: Waleed Malik <[email protected]>

* Refactored code

Signed-off-by: Waleed Malik <[email protected]>

* Add additional printer columns for loadbalancer and routes

Signed-off-by: Waleed Malik <[email protected]>

* Add option to disable Gateway API

Signed-off-by: Waleed Malik <[email protected]>

* Minor fixes

Signed-off-by: Waleed Malik <[email protected]>

---------

Signed-off-by: Waleed Malik <[email protected]>

.prow/postsubmits.yaml

@@ -30,7 +30,7 @@ postsubmits:
       preset-goproxy: "true"
     spec:
       containers:
-        - image: quay.io/kubermatic/build:go-1.22-node-20-kind-0.22-4
+        - image: quay.io/kubermatic/build:go-1.22-node-20-kind-0.23-11
           command:
             - /bin/bash
             - -c
@@ -60,35 +60,34 @@ postsubmits:
       preset-goproxy: "true"
     spec:
       containers:
-        - image: quay.io/kubermatic/build:go-1.22-node-20-kind-0.22-4
+        - image: quay.io/kubermatic/build:go-1.22-node-20-kind-0.23-11
           command:
             - "./hack/ci/upload-gocache.sh"
           resources:
             requests:
               cpu: 100m
               memory: 1Gi
-
-  # - name: ci-push-kubelb-charts
-  #   always_run: true
-  #   decorate: true
-  #   clone_uri: "ssh://[email protected]/kubermatic/kubelb.git"
-  #   branches:
-  #     # Match on tags
-  #     - ^v\d+\.\d+\.\d+.*
-  #   reporter_config:
-  #     slack:
-  #       channel: dev-kubelb
-  #   labels:
-  #     preset-docker-push: "true"
-  #     preset-goproxy: "true"
-  #   spec:
-  #     containers:
-  #       - image: quay.io/kubermatic/build:go-1.22-node-20-kind-0.22-4
-  #         command:
-  #           - make
-  #         args:
-  #           - release-charts
-  #         resources:
-  #           requests:
-  #             cpu: 100m
-  #             memory: 500m
+# - name: ci-push-kubelb-charts
+#   always_run: true
+#   decorate: true
+#   clone_uri: "ssh://[email protected]/kubermatic/kubelb.git"
+#   branches:
+#     # Match on tags
+#     - ^v\d+\.\d+\.\d+.*
+#   reporter_config:
+#     slack:
+#       channel: dev-kubelb
+#   labels:
+#     preset-docker-push: "true"
+#     preset-goproxy: "true"
+#   spec:
+#     containers:
+#       - image: quay.io/kubermatic/build:go-1.22-node-20-kind-0.23-11
+#         command:
+#           - make
+#         args:
+#           - release-charts
+#         resources:
+#           requests:
+#             cpu: 100m
+#             memory: 500m

.prow/verify.yaml

@@ -39,7 +39,7 @@ presubmits:
       preset-goproxy: "true"
     spec:
       containers:
-        - image: golangci/golangci-lint:v1.59.0
+        - image: golangci/golangci-lint:v1.59.1
           command:
             - make
           args:
@@ -57,7 +57,7 @@ presubmits:
       preset-goproxy: "true"
     spec:
       containers:
-        - image: quay.io/kubermatic/build:go-1.22-node-20-kind-0.22-4
+        - image: quay.io/kubermatic/build:go-1.22-node-20-kind-0.23-11
           command:
             - make
           args:
@@ -72,7 +72,7 @@ presubmits:
     clone_uri: "ssh://[email protected]/kubermatic/kubelb.git"
     spec:
       containers:
-        - image: quay.io/kubermatic/build:go-1.22-node-20-kind-0.22-4
+        - image: quay.io/kubermatic/build:go-1.22-node-20-kind-0.23-11
           command:
             - make
           args:
@@ -84,7 +84,7 @@ presubmits:
     clone_uri: "ssh://[email protected]/kubermatic/kubelb.git"
     spec:
       containers:
-        - image: quay.io/kubermatic/build:go-1.22-node-20-kind-0.22-4
+        - image: quay.io/kubermatic/build:go-1.22-node-20-kind-0.23-11
           command:
             - make
           args:
@@ -142,7 +142,7 @@ presubmits:
       preset-goproxy: "true"
     spec:
       containers:
-        - image: quay.io/kubermatic/build:go-1.22-node-20-kind-0.22-4
+        - image: quay.io/kubermatic/build:go-1.22-node-20-kind-0.23-11
           securityContext:
             privileged: true
           env:
@@ -169,3 +169,47 @@ presubmits:
             limits:
               memory: 16Gi
               cpu: 4
+
+  - name: pull-kubelb-verify-shfmt
+    run_if_changed: "^hack/"
+    decorate: true
+    clone_uri: "ssh://[email protected]/kubermatic/kubelb.git"
+    spec:
+      containers:
+        - image: quay.io/kubermatic/build:go-1.22-node-20-kind-0.23-11
+          command:
+            - shfmt
+          args:
+            #   -l        list files whose formatting differs from shfmt's
+            #   -d        error with a diff when the formatting differs
+            #   -i uint   indent: 0 for tabs (default), >0 for number of spaces
+            #   -sr       redirect operators will be followed by a space
+            - "-l"
+            - "-sr"
+            - "-i"
+            - "2"
+            - "-d"
+            - "hack"
+          resources:
+            requests:
+              memory: 32Mi
+              cpu: 50m
+            limits:
+              memory: 256Mi
+              cpu: 250m
+
+  - name: pull-kubelb-license-validation
+    always_run: true
+    decorate: true
+    clone_uri: "ssh://[email protected]/kubermatic/kubelb.git"
+    labels:
+      preset-goproxy: "true"
+    spec:
+      containers:
+        - image: quay.io/kubermatic/build:go-1.22-node-20-kind-0.23-11
+          command:
+            - ./hack/verify-licenses.sh
+          resources:
+            requests:
+              memory: 2Gi
+              cpu: 2

.wwhrd.yml

@@ -0,0 +1,30 @@
+# Copyright 2024 The KubeLB Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+blacklist:
+  - GPL-2.0
+
+whitelist:
+  - Apache-2.0
+  - BSD-2-Clause
+  - BSD-3-Clause
+  - FreeBSD
+  - ISC
+  - LGPL-3.0
+  - MIT
+  - MPL-2.0
+  - NewBSD
+
+exceptions:
+  - github.com/ajeddeloh/go-json # Since it's a fork, https://github.com/golang/go/blob/master/LICENSE

Makefile

@@ -3,8 +3,13 @@ SHELL = /bin/bash -eu -o pipefail
 # Image URL to use all building/pushing image targets
 KUBELB_IMG ?= quay.io/kubermatic/kubelb-manager
 KUBELB_CCM_IMG ?= quay.io/kubermatic/kubelb-ccm
+
+## Tool Versions
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
-ENVTEST_K8S_VERSION = 1.28.0
+ENVTEST_K8S_VERSION = 1.30.0
+KUSTOMIZE_VERSION ?= v5.4.3
+CONTROLLER_TOOLS_VERSION ?= v0.15.0
+GO_VERSION = 1.22.5
 
 export GOPATH?=$(shell go env GOPATH)
 export CGO_ENABLED=0
@@ -13,10 +18,11 @@ export GO111MODULE=on
 export GOFLAGS?=-mod=readonly -trimpath
 export GIT_TAG ?= $(shell git tag --points-at HEAD)
 
-GO_VERSION = 1.22.2
-
 IMAGE_TAG = \
 		$(shell echo $$(git rev-parse HEAD && if [[ -n $$(git status --porcelain) ]]; then echo '-dirty'; fi)|tr -d ' ')
+
+VERSION = $(shell cat VERSION)
+
 CCM_IMAGE_NAME ?= $(KUBELB_CCM_IMG):$(IMAGE_TAG)
 KUBELB_IMAGE_NAME ?= $(KUBELB_IMG):$(IMAGE_TAG)
 
@@ -71,6 +77,8 @@ manifests: generate controller-gen ## Generate WebhookConfiguration, ClusterRole
 generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
 	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate/boilerplate.go.txt" paths="./..."
 
+update-codegen: generate controller-gen manifests fmt vet go-mod-tidy
+
 .PHONY: fmt
 fmt: ## Run go fmt against code.
 	go fmt ./...
@@ -88,6 +96,9 @@ yamllint:  ## Run yamllint against code.
 check-dependencies: ## Verify go.mod.
 	go mod verify
 
+go-mod-tidy:
+	go mod tidy
+
 verify-boilerplate:  ## Run verify-boilerplate code.
 	./hack/verify-boilerplate.sh
 
@@ -185,10 +196,6 @@ KUSTOMIZE ?= $(LOCALBIN)/kustomize
 CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
 ENVTEST ?= $(LOCALBIN)/setup-envtest
 
-## Tool Versions
-KUSTOMIZE_VERSION ?= v5.3.0
-CONTROLLER_TOOLS_VERSION ?= v0.14.0
-
 KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
 .PHONY: kustomize
 kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
@@ -205,12 +212,19 @@ envtest: $(ENVTEST) ## Download envtest-setup locally if necessary.
 $(ENVTEST): $(LOCALBIN)
 	test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
 
+.PHONY: shfmt
+shfmt:
+	shfmt -w -sr -i 2 hack
+
 HELM_DOCS ?= $(LOCALBIN)/helm-docs
 
 .PHONY: helm-docs
 helm-docs: $(HELM_DOCS) ## Download helm-docs locally if necessary.
 $(HELM_DOCS): $(LOCALBIN)
-	test -s $(LOCALBIN)/helm-docs || GOBIN=$(LOCALBIN) go install github.com/norwoodj/helm-docs/cmd/[email protected]
+	test -s $(LOCALBIN)/helm-docs || GOBIN=$(LOCALBIN) go install github.com/norwoodj/helm-docs/cmd/[email protected]
+
+helm-lint:
+	helm lint charts/*
 
 generate-helm-docs: helm-docs
 	$(LOCALBIN)/helm-docs charts/
@@ -222,5 +236,5 @@ bump-chart:
 	$(SED) -i "s/tag:.*/tag: $(IMAGE_TAG)/" charts/*/values.yaml
 
 .PHONY: release-charts helm-docs generate-helm-docs
-release-charts: bump-chart
+release-charts: helm-lint generate-helm-docs bump-chart
 	CHART_VERSION=$(IMAGE_TAG) ./hack/release-helm-charts.sh

api/kubelb.k8c.io/v1alpha1/config_types.go

@@ -56,10 +56,12 @@ type ConfigSpec struct {
 
 // EnvoyProxy defines the desired state of the EnvoyProxy
 type EnvoyProxy struct {
-	// Topology defines the deployment topology for Envoy Proxy. Valid values are: shared, dedicated, and global.
 	// +kubebuilder:validation:Enum=shared;dedicated;global
 	// +kubebuilder:default=shared
-	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf || (self != oldSelf && oldSelf == 'dedicated')",message="Value is immutable and only allowed change is from dedicated(deprecated) to shared/global"
+
+	// Topology defines the deployment topology for Envoy Proxy. Valid values are: shared and global.
+	// DEPRECATION NOTICE: The value "dedicated" is deprecated and will be removed in a future release. Dedicated topology will now default to shared topology.
 	// +optional
 	Topology EnvoyProxyTopology `json:"topology,omitempty"`
 
@@ -70,7 +72,7 @@ type EnvoyProxy struct {
 
 	// Replicas defines the number of replicas for Envoy Proxy. This field is ignored if UseDaemonset is set to true.
 	// +kubebuilder:validation:Minimum=1
-	// +kubeblider:default=3
+	// +kubebuilder:default=3
 	// +optional
 	Replicas int32 `json:"replicas,omitempty"`
 

api/kubelb.k8c.io/v1alpha1/loadbalancer_types.go

@@ -102,6 +102,8 @@ type LoadBalancerSpec struct {
 // +kubebuilder:object:root=true
 // +kubebuilder:subresource:status
 // +kubebuilder:resource:shortName=lb
+// +kubebuilder:printcolumn:JSONPath=".metadata.labels.kubelb.k8c.io/origin-name",name="OriginName",type="string"
+// +kubebuilder:printcolumn:JSONPath=".metadata.labels.kubelb.k8c.io/origin-ns",name="OriginNamespace",type="string"
 // +genclient
 
 // LoadBalancer is the Schema for the loadbalancers API

api/kubelb.k8c.io/v1alpha1/route_types.go

@@ -92,6 +92,9 @@ type UpstreamReferenceGrant struct {
 
 //+kubebuilder:object:root=true
 //+kubebuilder:subresource:status
+// +kubebuilder:printcolumn:JSONPath=".metadata.labels.kubelb.k8c.io/origin-name",name="OriginName",type="string"
+// +kubebuilder:printcolumn:JSONPath=".metadata.labels.kubelb.k8c.io/origin-ns",name="OriginNamespace",type="string"
+// +kubebuilder:printcolumn:JSONPath=".metadata.labels.kubelb.k8c.io/origin-resource-kind",name="OriginResource",type="string"
 
 // Route is the object that represents a route in the cluster.
 type Route struct {

ccm.dockerfile

@@ -12,20 +12,26 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM docker.io/golang:1.22.2 as builder
+FROM docker.io/golang:1.22.5 as builder
 
-WORKDIR /go/src/k8c.io/kubelb
-COPY . .
-RUN make build-ccm
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
 
-FROM gcr.io/distroless/static:nonroot
-
-WORKDIR /
+# Copy the go source
+COPY cmd/ cmd/
+COPY api/ api/
+COPY internal/ internal/
 
-COPY --from=builder \
-    /go/src/k8c.io/kubelb/bin/ccm \
-    /usr/local/bin/
+RUN CGO_ENABLED=0 go build -a -o ccm cmd/ccm/main.go
 
+FROM gcr.io/distroless/static:nonroot
+WORKDIR /
+COPY --from=builder /workspace/ccm .
 USER 65532:65532
 
-ENTRYPOINT ["/usr/local/bin/ccm"]
+ENTRYPOINT ["/ccm"]

charts/kubelb-ccm/Chart.yaml

@@ -1,6 +1,7 @@
 apiVersion: v2
 name: kubelb-ccm
 description: Helm chart for KubeLB CCM
+icon: https://raw.githubusercontent.com/kubermatic/kubelb/main/docs/kubelb-logo.png
 type: application
 maintainers:
   - name: Kubermatic

charts/kubelb-ccm/README.md

@@ -48,9 +48,16 @@ helm install kubelb-ccm kubelb-ccm --namespace kubelb -f values.yaml
 | image.tag | string | `"v1.0.0"` |  |
 | imagePullSecrets | list | `[]` |  |
 | kubelb.clusterSecretName | string | `"kubelb-cluster"` |  |
+| kubelb.disableGRPCRouteController | bool | `false` |  |
+| kubelb.disableGatewayController | bool | `false` | disableGatewayController specifies whether to disable the Gateway Controller. |
+| kubelb.disableHTTPRouteController | bool | `false` |  |
+| kubelb.disableIngressController | bool | `false` | disableIngressController specifies whether to disable the Ingress Controller. |
 | kubelb.enableLeaderElection | bool | `true` |  |
 | kubelb.nodeAddressType | string | `"InternalIP"` |  |
 | kubelb.tenantName | string | `nil` |  |
+| kubelb.useGatewayClass | bool | `true` | useGatewayClass specifies whether to target resources with `kubelb` gateway class or all resources. |
+| kubelb.useIngressClass | bool | `true` | useIngressClass specifies whether to target resources with `kubelb` ingress class or all resources. |
+| kubelb.useLoadBalancerClass | bool | `false` | useLoadBalancerClass specifies whether to target services of type LoadBalancer with `kubelb` load balancer class or all services of type LoadBalancer. |
 | nameOverride | string | `""` |  |
 | nodeSelector | object | `{}` |  |
 | podAnnotations | object | `{}` |  |

charts/kubelb-ccm/templates/NOTES.txt

@@ -0,0 +1,5 @@
+Thank you for installing KubeLB CCM! 🎉
+
+Your release is named: {{ .Release.Name }} and exists in namespace: {{ .Release.Namespace }}.
+
+For more details, please check the official documentation at https://docs.kubermatic.com/kubelb