Merge remote-tracking branch 'josh/feature/multi-endpoint-failure-domains' into multiple-endpoints

Author: wongni

Makefile

@@ -63,11 +63,16 @@ config/.flag.mk: bin/controller-gen $(MANIFEST_GEN_INPUTS)
 .PHONY: release-manifests
 RELEASE_MANIFEST_TARGETS=$(RELEASE_DIR)/infrastructure-components.yaml $(RELEASE_DIR)/metadata.yaml
 RELEASE_MANIFEST_INPUTS=bin/kustomize config/.flag.mk $(shell find config)
+RELEASE_MANIFEST_SOURCE_BASE ?= config/default
 release-manifests: $(RELEASE_MANIFEST_TARGETS) ## Create kustomized release manifest in $RELEASE_DIR (defaults to out).
 $(RELEASE_DIR)/%: $(RELEASE_MANIFEST_INPUTS)
 	@mkdir -p $(RELEASE_DIR)
 	cp metadata.yaml $(RELEASE_DIR)/metadata.yaml
-	kustomize build config/default > $(RELEASE_DIR)/infrastructure-components.yaml
+	kustomize build $(RELEASE_MANIFEST_SOURCE_BASE) > $(RELEASE_DIR)/infrastructure-components.yaml
+
+.PHONY: release-manifests-metrics-port
+release-manifests-metrics-port:
+	make release-manifests RELEASE_MANIFEST_SOURCE_BASE=config/default-with-metrics-port
 
 DEEPCOPY_GEN_TARGETS=$(shell find api -type d -name "v*" -exec echo {}\/zz_generated.deepcopy.go \;)
 DEEPCOPY_GEN_INPUTS=$(shell find ./api -name "*test*" -prune -o -name "*zz_generated*" -prune -o -type f -print)

api/v1beta2/cloudstackcluster_types.go

@@ -23,8 +23,7 @@ import (
 )
 
 const (
-	ClusterFinalizer           = "cloudstackcluster.infrastructure.cluster.x-k8s.io"
-	CloudStackClusterLabelName = "cloudstackcluster.infrastructure.cluster.x-k8s.io/name"
+	ClusterFinalizer = "cloudstackcluster.infrastructure.cluster.x-k8s.io"
 )
 
 var K8sClient client.Client
@@ -35,14 +34,6 @@ type CloudStackClusterSpec struct {
 
 	// The kubernetes control plane endpoint.
 	ControlPlaneEndpoint clusterv1.APIEndpoint `json:"controlPlaneEndpoint"`
-
-	// CloudStack account.
-	// +optional
-	Account string `json:"account,omitempty"`
-
-	// CloudStack domain.
-	// +optional
-	Domain string `json:"domain,omitempty"`
 }
 
 // The status of the CloudStackCluster object.

api/v1beta2/cloudstackcluster_webhook.go

@@ -56,10 +56,6 @@ func (r *CloudStackCluster) ValidateCreate() error {
 	cloudstackclusterlog.V(1).Info("entered validate create webhook", "api resource name", r.Name)
 
 	var errorList field.ErrorList
-	if (r.Spec.Account != "") && (r.Spec.Domain == "") {
-		errorList = append(errorList, field.Required(
-			field.NewPath("spec", "account"), "specifying account requires additionally specifying domain"))
-	}
 
 	// Require FailureDomains and their respective sub-fields.
 	if len(r.Spec.FailureDomains) <= 0 {

api/v1beta2/cloudstackcluster_webhook_test.go

@@ -63,11 +63,11 @@ var _ = Describe("CloudStackCluster webhooks", func() {
 
 		It("Should reject updates to CloudStackCluster FailureDomains", func() {
 			dummies.CSCluster.Spec.FailureDomains[0].Zone.Name = "SomeRandomUpdate"
-			Ω(k8sClient.Update(ctx, dummies.CSCluster)).Should(MatchError(MatchRegexp(forbiddenRegex, "FailureDomains and sub")))
+			Ω(k8sClient.Update(ctx, dummies.CSCluster)).Should(MatchError(MatchRegexp(forbiddenRegex, "Cannot change FailureDomain")))
 		})
 		It("Should reject updates to Networks specified in CloudStackCluster Zones", func() {
 			dummies.CSCluster.Spec.FailureDomains[0].Zone.Network.Name = "ArbitraryUpdateNetworkName"
-			Ω(k8sClient.Update(ctx, dummies.CSCluster)).Should(MatchError(MatchRegexp(forbiddenRegex, "FailureDomains and sub")))
+			Ω(k8sClient.Update(ctx, dummies.CSCluster)).Should(MatchError(MatchRegexp(forbiddenRegex, "Cannot change FailureDomain")))
 		})
 		It("Should reject updates to CloudStackCluster controlplaneendpoint.host", func() {
 			dummies.CSCluster.Spec.ControlPlaneEndpoint.Host = "1.1.1.1"

config/crd/bases/infrastructure.cluster.x-k8s.io_cloudstackclusters.yaml

@@ -201,9 +201,6 @@ spec:
           spec:
             description: CloudStackClusterSpec defines the desired state of CloudStackCluster.
             properties:
-              account:
-                description: CloudStack account.
-                type: string
               controlPlaneEndpoint:
                 description: The kubernetes control plane endpoint.
                 properties:
@@ -218,9 +215,6 @@ spec:
                 - host
                 - port
                 type: object
-              domain:
-                description: CloudStack domain.
-                type: string
               failureDomains:
                 items:
                   description: CloudStackFailureDomainSpec defines the desired state

config/default-with-metrics-port/auth_proxy_client_clusterrole.yaml

@@ -0,0 +1,9 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: metrics-reader
+rules:
+- nonResourceURLs:
+  - "/metrics"
+  verbs:
+  - get

config/default-with-metrics-port/auth_proxy_role.yaml

@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: proxy-role
+rules:
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create

config/default-with-metrics-port/auth_proxy_role_binding.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: proxy-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: proxy-role
+subjects:
+- kind: ServiceAccount
+  name: controller-manager
+  namespace: system

config/default-with-metrics-port/auth_proxy_service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    control-plane: controller-manager
+  name: controller-manager-metrics-service
+  namespace: system
+spec:
+  ports:
+  - name: https
+    port: 8443
+    protocol: TCP
+    targetPort: https
+  selector:
+    control-plane: capc-controller-manager

config/default-with-metrics-port/kustomization.yaml

@@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+bases:
+- ../default
+
+resources:
+- auth_proxy_client_clusterrole.yaml
+- auth_proxy_role.yaml
+- auth_proxy_role_binding.yaml
+- auth_proxy_service.yaml
+
+patchesStrategicMerge:
+  - manager_auth_proxy_patch.yaml