Add initial APIs

On-behalf-of: @SAP marvin.beckers@sap.com
Signed-off-by: Marvin Beckers <marvin@kubermatic.com>

.gitignore

@@ -23,3 +23,6 @@ go.work.sum
 
 # env file
 .env
+
+# Downloaded and built binaries
+bin/

PROJECT

@@ -7,4 +7,45 @@ layout:
 - go.kubebuilder.io/v4
 projectName: kcp-operator
 repo: github.com/kcp-dev/kcp-operator
+resources:
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: operator.kcp.io
+  kind: RootShard
+  path: github.com/kcp-dev/kcp-operator/api/v1alpha1
+  version: v1alpha1
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: operator.kcp.io
+  kind: FrontProxy
+  path: github.com/kcp-dev/kcp-operator/api/v1alpha1
+  version: v1alpha1
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: operator.kcp.io
+  kind: Shard
+  path: github.com/kcp-dev/kcp-operator/api/v1alpha1
+  version: v1alpha1
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: operator.kcp.io
+  kind: CacheServer
+  path: github.com/kcp-dev/kcp-operator/api/v1alpha1
+  version: v1alpha1
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: operator.kcp.io
+  kind: Kubeconfig
+  path: github.com/kcp-dev/kcp-operator/api/v1alpha1
+  version: v1alpha1
 version: "3"

api/v1alpha1/cacheserver_types.go

@@ -0,0 +1,61 @@
+/*
+Copyright 2024 The KCP Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// CacheServerSpec defines the desired state of CacheServer.
+type CacheServerSpec struct {
+	// Etcd configures the etcd cluster that this cache server should be using.
+	Etcd EtcdConfig `json:"etcd"`
+
+	// Optional: Image overwrites the container image used to deploy the cache server.
+	Image *ImageSpec `json:"image,omitempty"`
+}
+
+// CacheServerStatus defines the observed state of CacheServer
+type CacheServerStatus struct {
+	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+
+// CacheServer is the Schema for the cacheservers API
+type CacheServer struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   CacheServerSpec   `json:"spec,omitempty"`
+	Status CacheServerStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// CacheServerList contains a list of CacheServer
+type CacheServerList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []CacheServer `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&CacheServer{}, &CacheServerList{})
+}

api/v1alpha1/common.go

@@ -0,0 +1,48 @@
+/*
+Copyright 2024 The KCP Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	corev1 "k8s.io/api/core/v1"
+)
+
+// ImageSpec defines settings for using a specific image and overwriting the default images used.
+type ImageSpec struct {
+	// Repository is the container image repository to use for KCP containers. Defaults to `ghcr.io/kcp-dev/kcp`.
+	Repository string `json:"repository,omitempty"`
+	// Tag is the container image tag to use for KCP containers. Defaults to the latest kcp release that the operator supports.
+	Tag string `json:"tag,omitempty"`
+	// Optional: ImagePullSecrets is a list of secret references that should be used as image pull secrets (e.g. when a private registry is used).
+	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
+}
+
+type RootShardConfig struct {
+	// Reference references a local RootShard object.
+	Reference *corev1.ObjectReference `json:"ref,omitempty"`
+}
+
+type EtcdConfig struct {
+	// Endpoints is a list of http urls at which etcd nodes are available. The expected format is "https://etcd-hostname:2379".
+	Endpoints []string `json:"endpoints"`
+	// ClientCert configures the client certificate used to access etcd.
+	ClientCert EtcdCertificate `json:"clientCert"`
+}
+
+type EtcdCertificate struct {
+	// SecretRef is the reference to a v1.Secret object that contains the TLS certificate.
+	SecretRef corev1.LocalObjectReference `json:"secretRef"`
+}

api/v1alpha1/frontproxy_types.go

@@ -0,0 +1,67 @@
+/*
+Copyright 2024 The KCP Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// FrontProxySpec defines the desired state of FrontProxy.
+type FrontProxySpec struct {
+	// RootShard configures the kcp root shard that this front-proxy instance should connect to.
+	RootShard RootShardConfig `json:"rootShard"`
+	// Optional: Replicas configures the replica count for the front-proxy Deployment.
+	Replicas *int32 `json:"replicas,omitempty"`
+	// Optional: Auth configures various aspects of Authentication and Authorization for this front-proxy instance.
+	Auth *AuthSpec `json:"auth,omitempty"`
+}
+
+type AuthSpec struct {
+	// Optional: OIDC configures OpenID Connect Authentication
+	OIDC *OIDCConfiguration `json:"oidc,omitempty"`
+}
+
+// FrontProxyStatus defines the observed state of FrontProxy
+type FrontProxyStatus struct {
+	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+
+// FrontProxy is the Schema for the frontproxies API
+type FrontProxy struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   FrontProxySpec   `json:"spec,omitempty"`
+	Status FrontProxyStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// FrontProxyList contains a list of FrontProxy
+type FrontProxyList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []FrontProxy `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&FrontProxy{}, &FrontProxyList{})
+}

api/v1alpha1/groupversion_info.go

@@ -0,0 +1,36 @@
+/*
+Copyright 2024 The KCP Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package v1alpha1 contains API Schema definitions for the  v1alpha1 API group
+// +kubebuilder:object:generate=true
+// +groupName=operator.kcp.io
+package v1alpha1
+
+import (
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/controller-runtime/pkg/scheme"
+)
+
+var (
+	// GroupVersion is group version used to register these objects
+	GroupVersion = schema.GroupVersion{Group: "operator.kcp.io", Version: "v1alpha1"}
+
+	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
+	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
+
+	// AddToScheme adds the types in this group-version to the given scheme.
+	AddToScheme = SchemeBuilder.AddToScheme
+)

api/v1alpha1/kubeconfig_types.go

@@ -0,0 +1,76 @@
+/*
+Copyright 2024 The KCP Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// KubeconfigSpec defines the desired state of Kubeconfig.
+type KubeconfigSpec struct {
+	// Target configures which kcp-operator object this kubeconfig should be generated for (shard or front-proxy).
+	Target KubeconfigTarget `json:"target"`
+
+	// Username defines the username embedded in the TLS certificate generated for this kubeconfig.
+	Username string `json:"username"`
+	// Username defines the groups embedded in the TLS certificate generated for this kubeconfig.
+	Groups []string `json:"groups,omitempty"`
+
+	// Validity configures the lifetime of the embedded TLS certificate. The kubeconfig secret will be automatically regenerated when the certificate expires.
+	Validity metav1.Time `json:"validity"`
+
+	// SecretRef defines the v1.Secret object that the resulting kubeconfig should be written to.
+	SecretRef corev1.LocalObjectReference `json:"secretRef"`
+}
+
+type KubeconfigTarget struct {
+	RootShardRef  *corev1.LocalObjectReference `json:"rootShardRef,omitempty"`
+	ShardRef      *corev1.LocalObjectReference `json:"shardRef,omitempty"`
+	FrontProxyRef *corev1.LocalObjectReference `json:"frontProxyRef,omitempty"`
+}
+
+// KubeconfigStatus defines the observed state of Kubeconfig
+type KubeconfigStatus struct {
+	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+
+// Kubeconfig is the Schema for the kubeconfigs API
+type Kubeconfig struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   KubeconfigSpec   `json:"spec,omitempty"`
+	Status KubeconfigStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// KubeconfigList contains a list of Kubeconfig
+type KubeconfigList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []Kubeconfig `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&Kubeconfig{}, &KubeconfigList{})
+}