Feature/implement machine health checker (#71)

* Can now build Isolated network with extra CRDs.

* Such awesome, much wow

* Saving progress and switching gears.

* Abstractions gallore.

* Further abstraction of the controller as an idea. Compiles and almost works.

* More generalized than before.

* More abstraction still.

* Made things work.

* Made things work.

* Zones firing.

* Machines work via new style now.

* Slight cleanup.

* Iso net with load balancer rules working now.

* Set nginx to use default ports.

* Isolated networks create and delete with load balancer and fill endpoint hosts now.

* Builds a cluster.

* Added Affinity group crd.

* Added machine health checker.

* Afinity groups are a go.

* Update partially to main.

* Some cleanup. More to come.

* Fixup missing dispose iso net call.

* Removed machine health checker crd.

* Removed machine health checker crd.

* Implement CloudStackMachineStateChecker

* Change to lower cases

* Passes webhook and controller tests. Passes lint.

* Unit tests fixed up.

* Mild cleanup.

* Updated per PR comments.

* Fixup tests.

* Fixup again.

* Readd non-root.

* Fix isolated network deletion.

* pr review comments addressed.

* Fix tests.

* Fixup finalizer.

* Fix issues after merge the CRD breakout PR

* Fix comments

* Update comments

Co-authored-by: Joshua Reed <[email protected]>
Co-authored-by: Wonkun Kim <[email protected]>

Author: wongni

PROJECT

@@ -68,4 +68,13 @@ resources:
   kind: CloudStackAffinityGroup
   path: github.com/aws/cluster-api-provider-cloudstack/api/v1beta1
   version: v1beta1
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: cluster.x-k8s.io
+  group: infrastructure
+  kind: CloudStackMachineStateChecker
+  path: github.com/aws/cluster-api-provider-cloudstack/api/v1beta1
+  version: v1beta1
 version: "3"

api/v1beta1/cloudstackmachinestatechecker_types.go

@@ -0,0 +1,58 @@
+/*
+Copyright 2022 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// CloudStackMachineStateCheckerSpec
+type CloudStackMachineStateCheckerSpec struct {
+	// CloudStack machine instance ID
+	InstanceID string `json:"instanceID,omitempty"`
+}
+
+// CloudStackMachineStateCheckerStatus defines the observed state of CloudStackMachineStateChecker
+type CloudStackMachineStateCheckerStatus struct {
+	// Reflects the readiness of the Machine State Checker.
+	Ready bool `json:"ready"`
+}
+
+//+kubebuilder:object:root=true
+//+kubebuilder:subresource:status
+
+// CloudStackMachineStateChecker is the Schema for the cloudstackmachinestatecheckers API
+type CloudStackMachineStateChecker struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   CloudStackMachineStateCheckerSpec   `json:"spec,omitempty"`
+	Status CloudStackMachineStateCheckerStatus `json:"status,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+
+// CloudStackMachineStateCheckerList contains a list of CloudStackMachineStateChecker
+type CloudStackMachineStateCheckerList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []CloudStackMachineStateChecker `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&CloudStackMachineStateChecker{}, &CloudStackMachineStateCheckerList{})
+}

api/v1beta1/zz_generated.deepcopy.go

@@ -0,0 +1,65 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.4.1
+  creationTimestamp: null
+  name: cloudstackmachinestatecheckers.infrastructure.cluster.x-k8s.io
+spec:
+  group: infrastructure.cluster.x-k8s.io
+  names:
+    kind: CloudStackMachineStateChecker
+    listKind: CloudStackMachineStateCheckerList
+    plural: cloudstackmachinestatecheckers
+    singular: cloudstackmachinestatechecker
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: CloudStackMachineStateChecker is the Schema for the cloudstackmachinestatecheckers
+          API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: CloudStackMachineStateCheckerSpec defines the desired state
+              of CloudStackMachineStateChecker
+            properties:
+              instanceID:
+                description: CloudStack machine instance ID
+                type: string
+            type: object
+          status:
+            description: CloudStackMachineStateCheckerStatus defines the observed
+              state of CloudStackMachineStateChecker
+            properties:
+              ready:
+                description: Reflects the readiness of the Machine State Checker.
+                type: boolean
+            required:
+            - ready
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

config/crd/bases/infrastructure.cluster.x-k8s.io_cloudstackmachinestatecheckers.yaml

@@ -11,6 +11,7 @@ resources:
 - bases/infrastructure.cluster.x-k8s.io_cloudstackisolatednetworks.yaml
 - bases/infrastructure.cluster.x-k8s.io_cloudstackzones.yaml
 - bases/infrastructure.cluster.x-k8s.io_cloudstackaffinitygroups.yaml
+- bases/infrastructure.cluster.x-k8s.io_cloudstackmachinestatecheckers.yaml
 #+kubebuilder:scaffold:crdkustomizeresource
 
 patchesStrategicMerge:
@@ -21,6 +22,7 @@ patchesStrategicMerge:
 #- patches/webhook_in_cloudstackisolatednetworks.yaml
 #- patches/webhook_in_cloudstackzones.yaml
 #- patches/webhook_in_cloudstackaffinitygroups.yaml
+#- patches/webhook_in_cloudstackmachinestatecheckers.yaml
 #+kubebuilder:scaffold:crdkustomizewebhookpatch
 
 # patches here are for enabling the CA injection for each CRD
@@ -30,6 +32,7 @@ patchesStrategicMerge:
 #- patches/cainjection_in_cloudstackisolatednetworks.yaml
 #- patches/cainjection_in_cloudstackzones.yaml
 #- patches/cainjection_in_cloudstackaffinitygroups.yaml
+#- patches/cainjection_in_cloudstackmachinestatecheckers.yaml
 #+kubebuilder:scaffold:crdkustomizecainjectionpatch
 
 # the following config is for teaching kustomize how to do kustomization for CRDs.

config/crd/kustomization.yaml

@@ -0,0 +1,7 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: cloudstackmachinestatecheckers.infrastructure.cluster.x-k8s.io

config/crd/patches/cainjection_in_cloudstackmachinestatecheckers.yaml

@@ -0,0 +1,16 @@
+# The following patch enables a conversion webhook for the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: cloudstackmachinestatecheckers.infrastructure.cluster.x-k8s.io
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        service:
+          namespace: system
+          name: webhook-service
+          path: /convert
+      conversionReviewVersions:
+      - v1

config/crd/patches/webhook_in_cloudstackmachinestatecheckers.yaml

@@ -0,0 +1,24 @@
+# permissions for end users to edit cloudstackmachinestatecheckers.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cloudstackmachinestatechecker-editor-role
+rules:
+- apiGroups:
+  - infrastructure.cluster.x-k8s.io
+  resources:
+  - cloudstackmachinestatecheckers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - infrastructure.cluster.x-k8s.io
+  resources:
+  - cloudstackmachinestatecheckers/status
+  verbs:
+  - get

config/rbac/cloudstackmachinestatechecker_editor_role.yaml

@@ -0,0 +1,20 @@
+# permissions for end users to view cloudstackmachinestatecheckers.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cloudstackmachinestatechecker-viewer-role
+rules:
+- apiGroups:
+  - infrastructure.cluster.x-k8s.io
+  resources:
+  - cloudstackmachinestatecheckers
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - infrastructure.cluster.x-k8s.io
+  resources:
+  - cloudstackmachinestatecheckers/status
+  verbs:
+  - get

config/rbac/cloudstackmachinestatechecker_viewer_role.yaml

@@ -34,6 +34,15 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - machines
+  verbs:
+  - delete
+  - get
+  - list
+  - watch
 - apiGroups:
   - cluster.x-k8s.io
   resources:
@@ -164,6 +173,32 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - infrastructure.cluster.x-k8s.io
+  resources:
+  - cloudstackmachinestatecheckers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - infrastructure.cluster.x-k8s.io
+  resources:
+  - cloudstackmachinestatecheckers/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - infrastructure.cluster.x-k8s.io
+  resources:
+  - cloudstackmachinestatecheckers/status
+  verbs:
+  - get
+  - patch
+  - update
 - apiGroups:
   - infrastructure.cluster.x-k8s.io
   resources: