Add Device resource + controller and cisco nxos provider support

.github/workflows/test-chart.yml

@@ -84,10 +84,11 @@ jobs:
 #          kubectl wait --namespace monitoring --for=condition=available --timeout=300s deployment/prometheus-server
       - name: Install Helm chart for project
         run: |
-          helm install my-release ./charts/network-operator --create-namespace --namespace network-operator-system
+          helm dependency build ./charts/network-operator
+          helm install network-operator ./charts/network-operator --create-namespace --namespace network-operator-system
       - name: Check Helm release status
         run: |
-          helm status my-release --namespace network-operator-system
+          helm status network-operator --namespace network-operator-system
 # TODO: Uncomment if prometheus.enabled is set to true to confirm that the ServiceMonitor gets created
 #      - name: Check Presence of ServiceMonitor
 #        run: |

.golangci.yaml

@@ -128,6 +128,8 @@ linters:
         - k8s.io/client-go
         # until https://github.com/openconfig/ygnmi/pull/157 is merged
         - github.com/openconfig/ygnmi
+        # for CVE-2025-22868
+        - golang.org/x/oauth2
       toolchain-forbidden: true
       go-version-pattern: 1\.\d+(\.0)?$
     gosec:
@@ -186,6 +188,7 @@ linters:
       - builtin$
       - examples$
       - internal/provider/openconfig
+      - internal/provider/cisco/nxos/genyang
 
 output:
   formats:

Dockerfile

@@ -23,7 +23,7 @@ RUN --mount=type=cache,target=/go/pkg/mod \
 RUN --mount=type=bind,target=.,readwrite \
     --mount=type=cache,target=/go/pkg/mod \
     --mount=type=cache,target=/root/.cache/go-build \
-    GOOS=${TARGETOS} GOARCH=${TARGETARCH} GOTOOLCHAIN=local make PREFIX=/pkg install
+    GOOS=${TARGETOS} GOARCH=${TARGETARCH} GOTOOLCHAIN=local make install
 
 FROM gcr.io/distroless/static:nonroot
 
@@ -37,8 +37,8 @@ LABEL source_repository="https://github.com/ironcore-dev/network-operator" \
     org.opencontainers.image.revision=${BININFO_COMMIT_HASH} \
     org.opencontainers.image.version=${BININFO_VERSION}
 
-COPY --from=builder /pkg/ /usr/
+COPY --from=builder /usr/bin/network-operator /manager
 
 USER 65532:65532
 WORKDIR /
-ENTRYPOINT [ "/usr/bin/network-operator" ]
+ENTRYPOINT [ "/manager" ]

Makefile

@@ -42,7 +42,7 @@ install-kustomize: FORCE
 
 fmt: FORCE install-gofumpt
 	@printf "\e[1;36m>> gofumpt -l -w .\e[0m\n"
-	@gofumpt -l -w $(shell git ls-files '*.go' | grep -v '^internal/provider/openconfig')
+	@gofumpt -l -w $(shell git ls-files '*.go' | grep -v '^internal/provider/openconfig|internal/provider/cisco/nxos/genyang')
 
 # Run the e2e tests against a k8s cluster.
 test-e2e: FORCE
@@ -188,7 +188,7 @@ ifeq ($(GO_TESTPKGS),)
 GO_TESTPKGS := ./...
 endif
 # which packages to measure coverage for
-GO_COVERPKGS := $(shell go list ./... | grep -E '/internal' | grep -Ev '/internal/provider/openconfig')
+GO_COVERPKGS := $(shell go list ./... | grep -E '/internal' | grep -Ev '/internal/provider/openconfig|internal/provider/cisco/nxos/genyang')
 # to get around weird Makefile syntax restrictions, we need variables containing nothing, a space and comma
 null :=
 space := $(null) $(null)

Makefile.maker.yaml

@@ -16,7 +16,7 @@ controllerGen:
 
 coverageTest:
   only: "/internal"
-  except: "/internal/provider/openconfig"
+  except: "/internal/provider/openconfig|internal/provider/cisco/nxos/genyang"
 
 dockerfile:
   enabled: false
@@ -28,6 +28,7 @@ golangciLint:
   createConfig: true
   skipDirs:
     - internal/provider/openconfig
+    - internal/provider/cisco/nxos/genyang
   timeout: 10m
 
 goReleaser:
@@ -80,7 +81,7 @@ verbatim: |
 
   fmt: FORCE install-gofumpt
     @printf "\e[1;36m>> gofumpt -l -w .\e[0m\n"
-    @gofumpt -l -w $(shell git ls-files '*.go' | grep -v '^internal/provider/openconfig')
+    @gofumpt -l -w $(shell git ls-files '*.go' | grep -v '^internal/provider/openconfig|internal/provider/cisco/nxos/genyang')
 
   # Run the e2e tests against a k8s cluster.
   test-e2e: FORCE

PROJECT

@@ -19,4 +19,13 @@ resources:
   kind: Interface
   path: github.com/ironcore-dev/network-operator/api/v1alpha1
   version: v1alpha1
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: cloud.sap
+  group: networking
+  kind: Device
+  path: github.com/ironcore-dev/network-operator/api/v1alpha1
+  version: v1alpha1
 version: "3"

Tiltfile

@@ -5,8 +5,13 @@
 # Don't track us.
 analytics_settings(False)
 
+update_settings(k8s_upsert_timeout_secs=60)
+
 allow_k8s_contexts(['minikube', 'kind-network'])
 
+load('ext://cert_manager', 'deploy_cert_manager')
+deploy_cert_manager(version='v1.18.2')
+
 docker_build('controller:latest', '.', ignore=['*/*/zz_generated.deepcopy.go', 'config/crd/bases/*'], only=[
     'api/', 'cmd/', 'hack/', 'internal/', 'go.mod', 'go.sum', 'Makefile',
 ])
@@ -19,6 +24,12 @@ k8s_yaml(kustomize('config/default'))
 k8s_resource('network-operator-controller-manager', resource_deps=['controller-gen'])
 
 # Sample resources with manual trigger mode
+k8s_yaml('./config/samples/v1alpha1_device.yaml')
+k8s_resource(new_name='credentials', objects=['secret-basic-auth:secret'], trigger_mode=TRIGGER_MODE_MANUAL, auto_init=False)
+k8s_resource(new_name='leaf1', objects=['leaf1:device'], resource_deps=['credentials'], trigger_mode=TRIGGER_MODE_MANUAL, auto_init=False)
+k8s_resource(new_name='issuer', objects=['network-operator:issuer'], trigger_mode=TRIGGER_MODE_MANUAL, auto_init=False)
+k8s_resource(new_name='certificate', objects=['network-operator-ca:certificate'], resource_deps=['issuer'], trigger_mode=TRIGGER_MODE_MANUAL, auto_init=False)
+
 k8s_yaml('./config/samples/v1alpha1_interface.yaml')
 k8s_resource(new_name='lo0', objects=['lo0:interface'], trigger_mode=TRIGGER_MODE_MANUAL, auto_init=False)
 k8s_resource(new_name='lo1', objects=['lo1:interface'], trigger_mode=TRIGGER_MODE_MANUAL, auto_init=False)