Merge pull request #306 from pdettori/issue-163

✨ add support for adopting external cluster
kubestellar · Jan 28, 2025 · 2fc9be0 · 2fc9be0
2 parents 40017f7 + b20d5b1
commit 2fc9be0
Show file tree

Hide file tree

Showing 45 changed files with 1,355 additions and 129 deletions.
diff --git a/.github/workflows/test-e2e.yaml b/.github/workflows/test-e2e.yaml
@@ -26,6 +26,8 @@ jobs:
           go-version: v1.22
           cache: true
 
+      - uses: ko-build/setup-ko@v0.8    
+
       - name: Install kubectl
         uses: azure/setup-kubectl@v4
         id: install

diff --git a/.gitignore b/.gitignore
@@ -21,4 +21,4 @@ dist/
 *.tgz
 .DS_Store
 
-.vscode/
+.vscode/
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
@@ -31,4 +31,4 @@ This Code of Conduct is adapted from the Contributor Covenant (http://contributo
 CNCF Events Code of Conduct
 
 CNCF events are governed by the Linux Foundation Code of Conduct available on the event page. This is designed to be compatible with the above policy and also includes more details on responding to incidents.
-<!--coc-end-->
+<!--coc-end-->
diff --git a/DCO b/DCO
@@ -31,4 +31,4 @@ By making a contribution to this project, I certify that:
     are public and that a record of the contribution (including all
     personal information I submit with it, including my sign-off) is
     maintained indefinitely and may be redistributed consistent with
-    this project or the open source license(s) involved.
+    this project or the open source license(s) involved.
diff --git a/LICENSE b/LICENSE
@@ -198,4 +198,5 @@
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
-   limitations under the License.
+   limitations under the License.
+
diff --git a/Makefile b/Makefile
@@ -18,8 +18,11 @@ CONTAINER_REGISTRY ?= ghcr.io/kubestellar/kubeflex
 # latest tag
 LATEST_TAG ?= $(shell git describe --tags $(git rev-list --tags --max-count=1))
 
-# Image URL to use all building/pushing image targets
-IMG ?= ghcr.io/kubestellar/kubeflex/manager:latest
+KO_DOCKER_REPO = ko.local
+IMAGE_TAG ?= $(shell git rev-parse --short HEAD)
+CMD_NAME ?= manager
+IMG ?= ${KO_DOCKER_REPO}/${CMD_NAME}:${IMAGE_TAG}
+
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
 ENVTEST_K8S_VERSION = 1.26.1
 
@@ -195,6 +198,19 @@ chart: manifests kustomize
 	@mkdir -p chart/crds
 	$(KUSTOMIZE) build config/crd > chart/crds/crds.yaml
 
+.PHONY: ko-local-build
+ko-local-build:
+	KO_DOCKER_REPO=${KO_DOCKER_REPO} ko build -B ./cmd/${CMD_NAME} -t ${IMAGE_TAG} --platform linux/${ARCH}
+
+# this is used for local testing
+.PHONY: kind-load-image
+kind-load-image:
+	kind load docker-image ${IMG} --name kubeflex
+
+.PHONY: install-local-chart
+install-local-chart: chart kind-load-image
+	helm upgrade --install --create-namespace -n kubeflex-system kubeflex-operator ./chart
+
 ##@ Build Dependencies
 
 ## Location to install dependencies to

diff --git a/api/v1alpha1/conditions_test.go b/api/v1alpha1/conditions_test.go
@@ -99,5 +99,5 @@ func generateCondition(ctype ConditionType, reason ConditionReason, message stri
 }
 
 func addTime(t time.Duration) metav1.Time {
-	return metav1.NewTime(time.Now().Add(2 * time.Hour))
+	return metav1.NewTime(time.Now().Add(t))
 }
diff --git a/api/v1alpha1/controlplane_types.go b/api/v1alpha1/controlplane_types.go
@@ -22,10 +22,18 @@ import (
 
 // ControlPlaneSpec defines the desired state of ControlPlane
 type ControlPlaneSpec struct {
-	Type               ControlPlaneType  `json:"type,omitempty"`
-	Backend            BackendDBType     `json:"backend,omitempty"`
-	PostCreateHook     *string           `json:"postCreateHook,omitempty"`
-	PostCreateHookVars map[string]string `json:"postCreateHookVars,omitempty"`
+	Type    ControlPlaneType `json:"type,omitempty"`
+	Backend BackendDBType    `json:"backend,omitempty"`
+	// bootstrapSecretRef contains a reference to the kubeconfig used to bootstrap adoption of
+	// an external cluster
+	// +optional
+	BootstrapSecretRef *BootstrapSecretReference `json:"bootstrapSecretRef,omitempty"`
+	// tokenExpirationSeconds is the expiration time for generated auth token
+	// +optional
+	// +kubebuilder:default:=31536000
+	TokenExpirationSeconds *int64            `json:"tokenExpirationSeconds,omitempty"`
+	PostCreateHook         *string           `json:"postCreateHook,omitempty"`
+	PostCreateHookVars     map[string]string `json:"postCreateHookVars,omitempty"`
 }
 
 // ControlPlaneStatus defines the observed state of ControlPlane
@@ -71,16 +79,25 @@ const (
 	BackendDBTypeDedicated BackendDBType = "dedicated"
 )
 
-// +kubebuilder:validation:Enum=k8s;ocm;vcluster;host
+// +kubebuilder:validation:Enum=k8s;ocm;vcluster;host;external
 type ControlPlaneType string
 
 const (
 	ControlPlaneTypeK8S      ControlPlaneType = "k8s"
 	ControlPlaneTypeOCM      ControlPlaneType = "ocm"
 	ControlPlaneTypeVCluster ControlPlaneType = "vcluster"
 	ControlPlaneTypeHost     ControlPlaneType = "host"
+	ControlPlaneTypeExternal ControlPlaneType = "external"
 )
 
+// SecretReference is a reference to a secret that holds the kubeconfigs for
+// a control plane hosted in the kubeflex hosting cluster, or for a kubeconfig
+// for the hosting cluster itself (in the case of a control plane of type 'host') or
+// for a control plane representing an external cluster.
+// The 'Key' field references the kubeconfig that can be used for acccess to a control
+// plane API server from outside the KubeFlex hosting cluster, while the 'InClusterKey'
+// references the kubeconfig that can be used for acccess to a control
+// plane API server from inside the cluster.
 // We do not use ObjectReference as its use is discouraged in favor of a locally defined type.
 // See ObjectReference in https://github.com/kubernetes/api/blob/master/core/v1/types.go
 type SecretReference struct {
@@ -90,12 +107,29 @@ type SecretReference struct {
 	// `name` is the name of the secret.
 	// Required
 	Name string `json:"name"`
-	// Required
+	// This field is present for control planes of type `k8s`, `vcluster`, `ocm`, `host`.`
+	// it is not present for control planes of type `external`.
+	// Controllers for control planes of type `external` should always use the `InClusterKey`.
+	// +optional
 	Key string `json:"key"`
 	// Required
 	InClusterKey string `json:"inClusterKey"`
 }
 
+// BootstrapSecretReference is a reference to a secret that holds the Kubeconfig for
+// an external cluster to adopt. See SecretReference comments for why this is not
+// using an ObjectReference.
+type BootstrapSecretReference struct {
+	// `namespace` is the namespace of the secret.
+	// Required
+	Namespace string `json:"namespace"`
+	// `name` is the name of the secret.
+	// Required
+	Name string `json:"name"`
+	// Required
+	InClusterKey string `json:"inClusterKey"`
+}
+
 func init() {
 	SchemeBuilder.Register(&ControlPlane{}, &ControlPlaneList{})
 }
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/chart/crds/crds.yaml b/chart/crds/crds.yaml
@@ -59,18 +59,48 @@ spec:
                 - shared
                 - dedicated
                 type: string
+              bootstrapSecretRef:
+                description: |-
+                  bootstrapSecretRef contains a reference to the kubeconfig used to bootstrap adoption of
+                  an external cluster
+                properties:
+                  inClusterKey:
+                    description: Required
+                    type: string
+                  name:
+                    description: |-
+                      `name` is the name of the secret.
+                      Required
+                    type: string
+                  namespace:
+                    description: |-
+                      `namespace` is the namespace of the secret.
+                      Required
+                    type: string
+                required:
+                - inClusterKey
+                - name
+                - namespace
+                type: object
               postCreateHook:
                 type: string
               postCreateHookVars:
                 additionalProperties:
                   type: string
                 type: object
+              tokenExpirationSeconds:
+                default: 31536000
+                description: tokenExpirationSeconds is the expiration time for generated
+                  auth token
+                format: int64
+                type: integer
               type:
                 enum:
                 - k8s
                 - ocm
                 - vcluster
                 - host
+                - external
                 type: string
             type: object
           status:
@@ -119,7 +149,10 @@ spec:
                     description: Required
                     type: string
                   key:
-                    description: Required
+                    description: |-
+                      This field is present for control planes of type `k8s`, `vcluster`, `ocm`, `host`.`
+                      it is not present for control planes of type `external`.
+                      Controllers for control planes of type `external` should always use the `InClusterKey`.
                     type: string
                   name:
                     description: |-
@@ -133,7 +166,6 @@ spec:
                     type: string
                 required:
                 - inClusterKey
-                - key
                 - name
                 - namespace
                 type: object
@@ -253,7 +285,10 @@ spec:
                     description: Required
                     type: string
                   key:
-                    description: Required
+                    description: |-
+                      This field is present for control planes of type `k8s`, `vcluster`, `ocm`, `host`.`
+                      it is not present for control planes of type `external`.
+                      Controllers for control planes of type `external` should always use the `InClusterKey`.
                     type: string
                   name:
                     description: |-
@@ -267,7 +302,6 @@ spec:
                     type: string
                 required:
                 - inClusterKey
-                - key
                 - name
                 - namespace
                 type: object

diff --git a/chart/templates/operator.yaml b/chart/templates/operator.yaml
@@ -591,7 +591,6 @@ spec:
         - --secure-listen-address=0.0.0.0:8443
         - --upstream=http://127.0.0.1:8080/
         - --logtostderr=true
-        - --v={{.Values.verbosity}}
         image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1
         name: kube-rbac-proxy
         ports:
@@ -614,12 +613,13 @@ spec:
         - --health-probe-bind-address=:8081
         - --metrics-bind-address=127.0.0.1:8080
         - --leader-elect
+        - --zap-log-level={{max (.Values.verbosity | default 2 | int) 1}}
         env:
         - name: HELM_CONFIG_HOME
           value: /tmp
         - name: HELM_CACHE_HOME
           value: /tmp
-        image: ghcr.io/kubestellar/kubeflex/manager:latest
+        image: ko.local/manager:4619735
         imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:

diff --git a/chart/values.yaml b/chart/values.yaml
@@ -7,4 +7,4 @@ externalPort: "9443"
 isOpenShift: "false"
 installPostgreSQL: true
 hostContainer: kubeflex-control-plane
-verbosity: 2 # must be > 0
+verbosity: 2 # must be > 0