Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CLOUDP-280230: net peering controller #1930

Draft
wants to merge 3 commits into
base: CLOUDP-280230/net-peering-crd
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .golangci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,9 @@ issues:
# EXC0011 stylecheck: Annoying issue about not having a comment. The rare codebase has such comments
# - (comment on exported (method|function|type|const)|should have( a package)? comment|comment should be of the form)

# ECX0012 staticcheck: Temporary disable deprecated LocalCredentialHolder and api.CredentialsProvider
- (api.LocalCredentialHolder is deprecated|api.CredentialsProvider is deprecated)

- at least one file in a package should have a package comment

exclude-rules:
Expand Down
9 changes: 9 additions & 0 deletions PROJECT
Original file line number Diff line number Diff line change
Expand Up @@ -104,4 +104,13 @@ resources:
kind: AtlasPrivateEndpoint
path: github.com/mongodb/mongodb-atlas-kubernetes/api/v1
version: v1
- api:
crdVersion: v1
namespaced: true
controller: true
domain: mongodb.com
group: atlas
kind: AtlasNetworkPeering
path: github.com/mongodb/mongodb-atlas-kubernetes/api/v1
version: v1
version: "3"
214 changes: 214 additions & 0 deletions config/crd/bases/atlas.mongodb.com_atlasnetworkpeerings.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,214 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.1
name: atlasnetworkpeerings.atlas.mongodb.com
spec:
group: atlas.mongodb.com
names:
categories:
- atlas
kind: AtlasNetworkPeering
listKind: AtlasNetworkPeeringList
plural: atlasnetworkpeerings
shortNames:
- anp
singular: atlasnetworkpeering
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .spec.providerName
name: Provider
type: string
- jsonPath: .spec.containerId
name: Container ID
type: string
- jsonPath: .spec.projectIDRef.id
name: Project ID
type: string
name: v1
schema:
openAPIV3Schema:
description: AtlasNetworkPeering is the Schema for the AtlasNetworkPeering
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: AtlasNetworkPeeringSpec defines the desired state of AtlasNetworkPeering
properties:
awsConfiguration:
description: AWSConfiguration is the specific AWS settings for network
peering
properties:
accepterRegionName:
description: AccepterRegionName is the provider region name of
user's vpc.
type: string
awsAccountId:
description: AccountID of the user's vpc.
type: string
routeTableCidrBlock:
description: User VPC CIDR.
type: string
vpcId:
description: AWS VPC ID.
type: string
required:
- accepterRegionName
type: object
azureConfiguration:
description: AzureConfiguration is the specific Azure settings for
network peering
properties:
azureDirectoryId:
description: AzureDirectoryID is the unique identifier for an
Azure AD directory.
type: string
azureSubscriptionId:
description: AzureSubscriptionID is the unique identifier of the
Azure subscription in which the VNet resides.
type: string
resourceGroupName:
description: ResourceGroupName is the name of your Azure resource
group.
type: string
vnetName:
description: VNetName is name of your Azure VNet. Its applicable
only for Azure.
type: string
type: object
connectionSecret:
description: LocalObjectReference is a reference to an object in the
same namespace as the referent
properties:
name:
description: |-
Name of the resource being referred to
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
required:
- name
type: object
containerId:
description: ID of the network peer container. If not set, operator
will create a new container with ContainerRegion and AtlasCIDRBlock
input.
type: string
externalProjectRef:
description: ExternalProjectRef holds the Atlas project ID the user
belongs to
properties:
id:
description: ID is the Atlas project ID
type: string
required:
- id
type: object
gcpConfiguration:
description: GCPConfiguration is the specific Google Cloud settings
for network peering
properties:
gcpProjectId:
description: User GCP Project ID. Its applicable only for GCP.
type: string
networkName:
description: GCP Network Peer Name. Its applicable only for GCP.
type: string
type: object
projectRef:
description: Project is a reference to AtlasProject resource the user
belongs to
properties:
name:
description: Name is the name of the Kubernetes Resource
type: string
namespace:
description: Namespace is the namespace of the Kubernetes Resource
type: string
required:
- name
type: object
providerName:
description: ProviderName is the name of the provider. If not set,
it will be set to "AWS".
type: string
type: object
x-kubernetes-validations:
- message: must define only one project reference through externalProjectRef
or projectRef
rule: (has(self.externalProjectRef) && !has(self.projectRef)) || (!has(self.externalProjectRef)
&& has(self.projectRef))
- message: must define a local connection secret when referencing an external
project
rule: (has(self.externalProjectRef) && has(self.connectionSecret)) ||
!has(self.externalProjectRef)
status:
description: |-
AtlasNetworkPeeringStatus is a status for the AtlasNetworkPeering Custom resource.
Not the one included in the AtlasProject
properties:
conditions:
description: Conditions is the list of statuses showing the current
state of the Atlas Custom Resource
items:
description: Condition describes the state of an Atlas Custom Resource
at a certain point.
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status
to another.
format: date-time
type: string
message:
description: A human readable message indicating details about
the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of Atlas Custom Resource condition.
type: string
required:
- status
- type
type: object
type: array
observedGeneration:
description: |-
ObservedGeneration indicates the generation of the resource specification that the Atlas Operator is aware of.
The Atlas Operator updates this field to the 'metadata.generation' as soon as it starts reconciliation of the resource.
format: int64
type: integer
required:
- conditions
type: object
type: object
served: true
storage: true
subresources:
status: {}
4 changes: 2 additions & 2 deletions config/crd/bases/atlas.mongodb.com_atlasprivateendpoints.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -106,8 +106,8 @@ spec:
- name
type: object
externalProjectRef:
description: ExternalProject holds the Atlas project ID the user belongs
to
description: ExternalProjectRef holds the Atlas project ID the user
belongs to
properties:
id:
description: ID is the Atlas project ID
Expand Down
1 change: 1 addition & 0 deletions config/crd/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,5 +15,6 @@ resources:
- bases/atlas.mongodb.com_atlassearchindexconfigs.yaml
- bases/atlas.mongodb.com_atlasbackupcompliancepolicies.yaml
- bases/atlas.mongodb.com_atlasprivateendpoints.yaml
- bases/atlas.mongodb.com_atlasnetworkpeerings.yaml
configurations:
- kustomizeconfig.yaml
7 changes: 7 additions & 0 deletions config/crd/patches/cainjection_in_atlasnetworkpeerings.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# The following patch adds a directive for certmanager to inject CA into the CRD
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME
name: atlasnetworkpeerings.atlas.mongodb.com
16 changes: 16 additions & 0 deletions config/crd/patches/webhook_in_atlasnetworkpeerings.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# The following patch enables a conversion webhook for the CRD
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: atlasnetworkpeerings.atlas.mongodb.com
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
service:
namespace: system
name: webhook-service
path: /convert
conversionReviewVersions:
- v1
31 changes: 31 additions & 0 deletions config/rbac/atlasnetworkpeering_editor_role.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# permissions for end users to edit atlasnetworkpeerings.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: clusterrole
app.kubernetes.io/instance: atlasnetworkpeering-editor-role
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: ako-scaffolding
app.kubernetes.io/part-of: ako-scaffolding
app.kubernetes.io/managed-by: kustomize
name: atlasnetworkpeering-editor-role
rules:
- apiGroups:
- atlas.mongodb.com
resources:
- atlasnetworkpeerings
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- atlas.mongodb.com
resources:
- atlasnetworkpeerings/status
verbs:
- get
27 changes: 27 additions & 0 deletions config/rbac/atlasnetworkpeering_viewer_role.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
# permissions for end users to view atlasnetworkpeerings.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: clusterrole
app.kubernetes.io/instance: atlasnetworkpeering-viewer-role
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: ako-scaffolding
app.kubernetes.io/part-of: ako-scaffolding
app.kubernetes.io/managed-by: kustomize
name: atlasnetworkpeering-viewer-role
rules:
- apiGroups:
- atlas.mongodb.com
resources:
- atlasnetworkpeerings
verbs:
- get
- list
- watch
- apiGroups:
- atlas.mongodb.com
resources:
- atlasnetworkpeerings/status
verbs:
- get
8 changes: 8 additions & 0 deletions config/rbac/clusterwide/role.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ rules:
- atlasdatafederations
- atlasdeployments
- atlasfederatedauths
- atlasnetworkpeerings
- atlasprojects
- atlassearchindexconfigs
- atlasstreamconnections
Expand All @@ -56,6 +57,7 @@ rules:
- atlasdatafederations/status
- atlasdeployments/status
- atlasfederatedauths/status
- atlasnetworkpeerings/status
- atlasprojects/status
- atlassearchindexconfigs/status
- atlasstreamconnections/status
Expand All @@ -65,3 +67,9 @@ rules:
- get
- patch
- update
- apiGroups:
- atlas.mongodb.com
resources:
- atlasnetworkpeerings/finalizers
verbs:
- update
6 changes: 6 additions & 0 deletions config/samples/atlas_v1_atlasnetworkpeering.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
apiVersion: atlas.mongodb.com/v1
kind: AtlasNetworkPeering
metadata:
name: atlasnetworkpeering-sample
spec:
# TODO(user): Add fields here
1 change: 1 addition & 0 deletions config/samples/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,5 @@ resources:
- atlas_v1_atlasbackuppolicy.yaml
- atlas_v1_atlasbackupschedule.yaml
- atlas_v1_atlasteam.yaml
- atlas_v1_atlasnetworkpeering.yaml
# +kubebuilder:scaffold:manifestskustomizesamples
Loading
Loading