kubefleet-dev
diff --git a/‎approval-request-controller/Makefile‎
Lines changed: 78 additions & 0 deletions b/‎approval-request-controller/Makefile‎
Lines changed: 78 additions & 0 deletions
diff --git a/‎approval-request-controller/README.md‎
Lines changed: 74 additions & 0 deletions b/‎approval-request-controller/README.md‎
Lines changed: 74 additions & 0 deletions
diff --git a/‎approval-request-controller/apis/placement/v1beta1/doc.go‎
Lines changed: 20 additions & 0 deletions b/‎approval-request-controller/apis/placement/v1beta1/doc.go‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎approval-request-controller/apis/placement/v1beta1/groupversion_info.go‎
Lines changed: 35 additions & 0 deletions b/‎approval-request-controller/apis/placement/v1beta1/groupversion_info.go‎
Lines changed: 35 additions & 0 deletions
diff --git a/‎approval-request-controller/apis/placement/v1beta1/metriccollectorreport_types.go‎
Lines changed: 105 additions & 0 deletions b/‎approval-request-controller/apis/placement/v1beta1/metriccollectorreport_types.go‎
Lines changed: 105 additions & 0 deletions
@@ -0,0 +1,78 @@
+# Makefile for ApprovalRequest Controller
+
+# Image settings
+IMAGE_NAME ?= approval-request-controller
+IMAGE_TAG ?= latest
+REGISTRY ?=
+
+# Build settings
+GOARCH ?= amd64
+GOOS ?= linux
+
+# Tools
+CONTROLLER_GEN_VERSION ?= v0.16.0
+CONTROLLER_GEN = go run sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_GEN_VERSION)
+
+.PHONY: help
+help: ## Display this help
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
+
+##@ Code Generation
+
+.PHONY: manifests
+manifests: ## Generate CRD manifests
+	$(CONTROLLER_GEN) crd paths="./apis/..." output:crd:artifacts:config=config/crd/bases
+
+.PHONY: generate
+generate: ## Generate DeepCopy code
+	$(CONTROLLER_GEN) object:headerFile="../hack/boilerplate.go.txt" paths="./apis/..."
+
+##@ Build
+
+.PHONY: docker-build
+docker-build: ## Build docker image
+	docker buildx build \
+		--file docker/Dockerfile \
+		--output=type=docker \
+		--platform=linux/$(GOARCH) \
+		--build-arg GOARCH=$(GOARCH) \
+		--tag $(IMAGE_NAME):$(IMAGE_TAG) \
+		--build-context kubefleet=.. \
+		..
+
+.PHONY: docker-push
+docker-push: ## Push docker image
+	docker push $(REGISTRY)$(IMAGE_NAME):$(IMAGE_TAG)
+
+##@ Development
+
+.PHONY: run
+run: ## Run controller locally
+	cd .. && go run ./approval-request-controller/cmd/approvalrequestcontroller/main.go
+
+##@ Deployment
+
+.PHONY: install
+install: ## Install helm chart
+	helm install approval-request-controller ./charts/approval-request-controller \
+		--namespace fleet-system \
+		--create-namespace \
+		--set image.repository=$(IMAGE_NAME) \
+		--set image.tag=$(IMAGE_TAG)
+
+.PHONY: upgrade
+upgrade: ## Upgrade helm chart
+	helm upgrade approval-request-controller ./charts/approval-request-controller \
+		--namespace fleet-system \
+		--set image.repository=$(IMAGE_NAME) \
+		--set image.tag=$(IMAGE_TAG)
+
+.PHONY: uninstall
+uninstall: ## Uninstall helm chart
+	helm uninstall approval-request-controller --namespace fleet-system
+
+##@ Kind
+
+.PHONY: kind-load
+kind-load: docker-build ## Build and load image into kind cluster
+	kind load docker-image $(IMAGE_NAME):$(IMAGE_TAG) --name hub
@@ -0,0 +1,74 @@
+# ApprovalRequest Controller
+
+The ApprovalRequest Controller is a standalone controller that runs on the **hub cluster** to automate approval decisions for staged updates based on workload health metrics.
+
+## Overview
+
+This controller:
+- Watches `ApprovalRequest` and `ClusterApprovalRequest` resources
+- Creates `MetricCollector` resources on member clusters via ClusterResourcePlacement
+- Monitors workload health via `MetricCollectorReport` objects
+- Automatically approves requests when all tracked workloads are healthy
+- Runs every 15 seconds to check health status
+
+## Architecture
+
+The controller is designed to run on the hub cluster and:
+1. Deploys MetricCollector instances to member clusters using CRP
+2. Collects health metrics from MetricCollectorReports
+3. Compares metrics against WorkloadTracker specifications
+4. Approves ApprovalRequests when all workloads are healthy
+
+## Installation
+
+### Prerequisites
+
+The following CRDs must be installed on the hub cluster:
+- `approvalrequests.placement.kubernetes-fleet.io`
+- `clusterapprovalrequests.placement.kubernetes-fleet.io`
+- `metriccollectors.placement.kubernetes-fleet.io`
+- `metriccollectorreports.placement.kubernetes-fleet.io` (installed by this chart)
+- `workloadtrackers.placement.kubernetes-fleet.io`
+- `clusterresourceplacements.placement.kubernetes-fleet.io`
+- `clusterresourceoverrides.placement.kubernetes-fleet.io`
+- `clusterstagedupdateruns.placement.kubernetes-fleet.io`
+- `stagedupdateruns.placement.kubernetes-fleet.io`
+
+### Install via Helm
+
+```bash
+# Build the image
+make docker-build IMAGE_NAME=approval-request-controller IMAGE_TAG=latest
+
+# Load into kind (if using kind)
+kind load docker-image approval-request-controller:latest --name hub
+
+# Install the chart
+helm install approval-request-controller ./charts/approval-request-controller \
+  --namespace fleet-system \
+  --create-namespace
+```
+
+## Configuration
+
+See `charts/approval-request-controller/values.yaml` for all configuration options.
+
+Key settings:
+- `controller.logLevel`: Log verbosity (default: 2)
+- `controller.resources`: Resource requests and limits
+- `rbac.create`: Create RBAC resources (default: true)
+- `crds.install`: Install MetricCollectorReport CRD (default: true)
+
+## Development
+
+### Build
+
+```bash
+make docker-build
+```
+
+### Test Locally
+
+```bash
+go run ./cmd/approvalrequestcontroller/main.go
+```
@@ -0,0 +1,20 @@
+/*
+Copyright 2025 The KubeFleet Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package v1beta1 contains API Schema definitions for the placement v1beta1 API group
+// +kubebuilder:object:generate=true
+// +groupName=placement.kubernetes-fleet.io
+package v1beta1
@@ -0,0 +1,35 @@
+/*
+Copyright 2025 The KubeFleet Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// +kubebuilder:object:generate=true
+// +groupName=placement.kubernetes-fleet.io
+package v1beta1
+
+import (
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/controller-runtime/pkg/scheme"
+)
+
+var (
+	// GroupVersion is group version used to register these objects
+	GroupVersion = schema.GroupVersion{Group: "placement.kubernetes-fleet.io", Version: "v1beta1"}
+
+	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
+	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
+
+	// AddToScheme adds the types in this group-version to the given scheme.
+	AddToScheme = SchemeBuilder.AddToScheme
+)
@@ -0,0 +1,105 @@
+/*
+Copyright 2025 The KubeFleet Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// +genclient
+// +kubebuilder:object:root=true
+// +kubebuilder:resource:scope="Namespaced",shortName=mcr,categories={fleet,fleet-metrics}
+// +kubebuilder:storageversion
+// +kubebuilder:printcolumn:JSONPath=`.workloadsMonitored`,name="Workloads",type=integer
+// +kubebuilder:printcolumn:JSONPath=`.lastCollectionTime`,name="Last-Collection",type=date
+// +kubebuilder:printcolumn:JSONPath=`.metadata.creationTimestamp`,name="Age",type=date
+
+// MetricCollectorReport is created by the MetricCollector controller on the hub cluster
+// in the fleet-member-{clusterName} namespace to report collected metrics from a member cluster.
+// The controller watches MetricCollector objects on the member cluster, collects metrics,
+// and syncs the status to the hub as MetricCollectorReport objects.
+//
+// Controller workflow:
+// 1. MetricCollector reconciles and collects metrics on member cluster
+// 2. Metrics include clusterName from workload_health labels
+// 3. Controller creates/updates MetricCollectorReport in fleet-member-{clusterName} namespace on hub
+// 4. Report name matches MetricCollector name for easy lookup
+//
+// Namespace: fleet-member-{clusterName} (extracted from CollectedMetrics[0].ClusterName)
+// Name: Same as MetricCollector name
+// All metrics in CollectedMetrics are guaranteed to have the same ClusterName.
+type MetricCollectorReport struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// Conditions copied from the MetricCollector status.
+	// +optional
+	Conditions []metav1.Condition `json:"conditions,omitempty"`
+
+	// ObservedGeneration is the generation most recently observed from the MetricCollector.
+	// +optional
+	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
+
+	// WorkloadsMonitored is the count of workloads being monitored.
+	// +optional
+	WorkloadsMonitored int32 `json:"workloadsMonitored,omitempty"`
+
+	// LastCollectionTime is when metrics were last collected on the member cluster.
+	// +optional
+	LastCollectionTime *metav1.Time `json:"lastCollectionTime,omitempty"`
+
+	// CollectedMetrics contains the most recent metrics from each workload.
+	// All metrics are guaranteed to have the same ClusterName since they're collected from one member cluster.
+	// +optional
+	CollectedMetrics []WorkloadMetrics `json:"collectedMetrics,omitempty"`
+
+	// LastReportTime is when this report was last synced to the hub.
+	// +optional
+	LastReportTime *metav1.Time `json:"lastReportTime,omitempty"`
+}
+
+// WorkloadMetrics represents metrics collected from a single workload pod.
+type WorkloadMetrics struct {
+	// Namespace is the namespace of the pod.
+	// +required
+	Namespace string `json:"namespace"`
+
+	// ClusterName from the workload_health metric label.
+	// +required
+	ClusterName string `json:"clusterName"`
+
+	// WorkloadName from the workload_health metric label (typically the deployment name).
+	// +required
+	WorkloadName string `json:"workloadName"`
+
+	// Health indicates if the workload is healthy (true=healthy, false=unhealthy).
+	// +required
+	Health bool `json:"health"`
+}
+
+// +kubebuilder:object:root=true
+
+// MetricCollectorReportList contains a list of MetricCollectorReport.
+type MetricCollectorReportList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []MetricCollectorReport `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&MetricCollectorReport{}, &MetricCollectorReportList{})
+}