Merge pull request #1409 from barbacbd/CORS-3841

CORS-3841: Add custom Endpoints to CAPG

Author: k8s-ci-robot

api/v1beta1/endpoints.go

@@ -0,0 +1,49 @@
+/*
+Copyright 2025 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+// ServiceEndpoints contains all the gcp service endpoints that the user may override. Each field corresponds to
+// a service where the expected value is the url that is used to override the default API endpoint.
+type ServiceEndpoints struct {
+	// ComputeServiceEndpoint is the custom endpoint url for the Compute Service
+	// +kubebuilder:validation:Type=string
+	// +kubebuilder:validation:Format=uri
+	// +kubebuilder:validation:Pattern=`^https://`
+	// +optional
+	ComputeServiceEndpoint string `json:"compute,omitempty"`
+
+	// ContainerServiceEndpoint is the custom endpoint url for the Container Service
+	// +kubebuilder:validation:Type=string
+	// +kubebuilder:validation:Format=uri
+	// +kubebuilder:validation:Pattern=`^https://`
+	// +optional
+	ContainerServiceEndpoint string `json:"container,omitempty"`
+
+	// IAMServiceEndpoint is the custom endpoint url for the IAM Service
+	// +kubebuilder:validation:Type=string
+	// +kubebuilder:validation:Format=uri
+	// +kubebuilder:validation:Pattern=`^https://`
+	// +optional
+	IAMServiceEndpoint string `json:"iam,omitempty"`
+
+	// ResourceManagerServiceEndpoint is the custom endpoint url for the Resource Manager Service
+	// +kubebuilder:validation:Type=string
+	// +kubebuilder:validation:Format=uri
+	// +kubebuilder:validation:Pattern=`^https://`
+	// +optional
+	ResourceManagerServiceEndpoint string `json:"resourceManager,omitempty"`
+}

api/v1beta1/gcpcluster_types.go

@@ -68,6 +68,11 @@ type GCPClusterSpec struct {
 	// LoadBalancer contains configuration for one or more LoadBalancers.
 	// +optional
 	LoadBalancer LoadBalancerSpec `json:"loadBalancer,omitempty"`
+
+	// ServiceEndpoints contains the custom GCP Service Endpoint urls for each applicable service.
+	// For instance, the user can specify a new endpoint for the compute service.
+	// +optional
+	ServiceEndpoints *ServiceEndpoints `json:"serviceEndpoints,omitempty"`
 }
 
 // GCPClusterStatus defines the observed state of GCPCluster.

api/v1beta1/zz_generated.deepcopy.go

@@ -89,12 +89,16 @@ func defaultClientOptions(ctx context.Context, credentialsRef *infrav1.ObjectRef
 	return opts, nil
 }
 
-func newComputeService(ctx context.Context, credentialsRef *infrav1.ObjectReference, crClient client.Client) (*compute.Service, error) {
+func newComputeService(ctx context.Context, credentialsRef *infrav1.ObjectReference, crClient client.Client, endpoints *infrav1.ServiceEndpoints) (*compute.Service, error) {
 	opts, err := defaultClientOptions(ctx, credentialsRef, crClient)
 	if err != nil {
 		return nil, fmt.Errorf("getting default gcp client options: %w", err)
 	}
 
+	if endpoints != nil && endpoints.ComputeServiceEndpoint != "" {
+		opts = append(opts, option.WithEndpoint(endpoints.ComputeServiceEndpoint))
+	}
+
 	computeSvc, err := compute.NewService(ctx, opts...)
 	if err != nil {
 		return nil, fmt.Errorf("creating new compute service instance: %w", err)
@@ -103,12 +107,16 @@ func newComputeService(ctx context.Context, credentialsRef *infrav1.ObjectRefere
 	return computeSvc, nil
 }
 
-func newClusterManagerClient(ctx context.Context, credentialsRef *infrav1.ObjectReference, crClient client.Client) (*container.ClusterManagerClient, error) {
+func newClusterManagerClient(ctx context.Context, credentialsRef *infrav1.ObjectReference, crClient client.Client, endpoints *infrav1.ServiceEndpoints) (*container.ClusterManagerClient, error) {
 	opts, err := defaultClientOptions(ctx, credentialsRef, crClient)
 	if err != nil {
 		return nil, fmt.Errorf("getting default gcp client options: %w", err)
 	}
 
+	if endpoints != nil && endpoints.ContainerServiceEndpoint != "" {
+		opts = append(opts, option.WithEndpoint(endpoints.ContainerServiceEndpoint))
+	}
+
 	managedClusterClient, err := container.NewClusterManagerClient(ctx, opts...)
 	if err != nil {
 		return nil, errors.Errorf("failed to create gcp cluster manager client: %v", err)
@@ -117,12 +125,16 @@ func newClusterManagerClient(ctx context.Context, credentialsRef *infrav1.Object
 	return managedClusterClient, nil
 }
 
-func newIamCredentialsClient(ctx context.Context, credentialsRef *infrav1.ObjectReference, crClient client.Client) (*credentials.IamCredentialsClient, error) {
+func newIamCredentialsClient(ctx context.Context, credentialsRef *infrav1.ObjectReference, crClient client.Client, endpoints *infrav1.ServiceEndpoints) (*credentials.IamCredentialsClient, error) {
 	opts, err := defaultClientOptions(ctx, credentialsRef, crClient)
 	if err != nil {
 		return nil, fmt.Errorf("getting default gcp client options: %w", err)
 	}
 
+	if endpoints != nil && endpoints.IAMServiceEndpoint != "" {
+		opts = append(opts, option.WithEndpoint(endpoints.IAMServiceEndpoint))
+	}
+
 	credentialsClient, err := credentials.NewIamCredentialsClient(ctx, opts...)
 	if err != nil {
 		return nil, errors.Errorf("failed to create gcp ciam credentials client: %v", err)
@@ -131,12 +143,16 @@ func newIamCredentialsClient(ctx context.Context, credentialsRef *infrav1.Object
 	return credentialsClient, nil
 }
 
-func newInstanceGroupManagerClient(ctx context.Context, credentialsRef *infrav1.ObjectReference, crClient client.Client) (*computerest.InstanceGroupManagersClient, error) {
+func newInstanceGroupManagerClient(ctx context.Context, credentialsRef *infrav1.ObjectReference, crClient client.Client, endpoints *infrav1.ServiceEndpoints) (*computerest.InstanceGroupManagersClient, error) {
 	opts, err := defaultClientOptions(ctx, credentialsRef, crClient)
 	if err != nil {
 		return nil, fmt.Errorf("getting default gcp client options: %w", err)
 	}
 
+	if endpoints != nil && endpoints.ComputeServiceEndpoint != "" {
+		opts = append(opts, option.WithEndpoint(endpoints.ComputeServiceEndpoint))
+	}
+
 	instanceGroupManagersClient, err := computerest.NewInstanceGroupManagersRESTClient(ctx, opts...)
 	if err != nil {
 		return nil, errors.Errorf("failed to create gcp instance group managers rest client: %v", err)
@@ -145,10 +161,16 @@ func newInstanceGroupManagerClient(ctx context.Context, credentialsRef *infrav1.
 	return instanceGroupManagersClient, nil
 }
 
-func newTagBindingsClient(ctx context.Context, credentialsRef *infrav1.ObjectReference, crClient client.Client, location string) (*resourcemanager.TagBindingsClient, error) {
+func newTagBindingsClient(ctx context.Context, credentialsRef *infrav1.ObjectReference, crClient client.Client, location string, endpoints *infrav1.ServiceEndpoints) (*resourcemanager.TagBindingsClient, error) {
 	opts, err := defaultClientOptions(ctx, credentialsRef, crClient)
-	endpoint := location + "-cloudresourcemanager.googleapis.com:443"
-	opts = append(opts, option.WithEndpoint(endpoint))
+
+	if endpoints != nil && endpoints.ResourceManagerServiceEndpoint != "" {
+		opts = append(opts, option.WithEndpoint(endpoints.ResourceManagerServiceEndpoint))
+	} else {
+		endpoint := location + "-cloudresourcemanager.googleapis.com:443"
+		opts = append(opts, option.WithEndpoint(endpoint))
+	}
+
 	if err != nil {
 		return nil, fmt.Errorf("getting default gcp client options: %w", err)
 	}

cloud/scope/clients.go

@@ -51,7 +51,7 @@ func NewClusterScope(ctx context.Context, params ClusterScopeParams) (*ClusterSc
 	}
 
 	if params.GCPServices.Compute == nil {
-		computeSvc, err := newComputeService(ctx, params.GCPCluster.Spec.CredentialsRef, params.Client)
+		computeSvc, err := newComputeService(ctx, params.GCPCluster.Spec.CredentialsRef, params.Client, params.GCPCluster.Spec.ServiceEndpoints)
 		if err != nil {
 			return nil, errors.Errorf("failed to create gcp compute client: %v", err)
 		}

cloud/scope/cluster.go

@@ -52,7 +52,7 @@ func NewManagedClusterScope(ctx context.Context, params ManagedClusterScopeParam
 	}
 
 	if params.GCPServices.Compute == nil {
-		computeSvc, err := newComputeService(ctx, params.GCPManagedCluster.Spec.CredentialsRef, params.Client)
+		computeSvc, err := newComputeService(ctx, params.GCPManagedCluster.Spec.CredentialsRef, params.Client, params.GCPManagedCluster.Spec.ServiceEndpoints)
 		if err != nil {
 			return nil, errors.Errorf("failed to create gcp compute client: %v", err)
 		}

cloud/scope/managedcluster.go

@@ -70,22 +70,22 @@ func NewManagedControlPlaneScope(ctx context.Context, params ManagedControlPlane
 	}
 
 	if params.ManagedClusterClient == nil {
-		managedClusterClient, err := newClusterManagerClient(ctx, params.GCPManagedCluster.Spec.CredentialsRef, params.Client)
+		managedClusterClient, err := newClusterManagerClient(ctx, params.GCPManagedCluster.Spec.CredentialsRef, params.Client, params.GCPManagedCluster.Spec.ServiceEndpoints)
 		if err != nil {
 			return nil, errors.Errorf("failed to create gcp managed cluster client: %v", err)
 		}
 		params.ManagedClusterClient = managedClusterClient
 	}
 	if params.TagBindingsClient == nil {
-		tagBindingsClient, err := newTagBindingsClient(ctx, params.GCPManagedCluster.Spec.CredentialsRef, params.Client, params.GCPManagedCluster.Spec.Region)
+		tagBindingsClient, err := newTagBindingsClient(ctx, params.GCPManagedCluster.Spec.CredentialsRef, params.Client, params.GCPManagedCluster.Spec.Region, params.GCPManagedCluster.Spec.ServiceEndpoints)
 		if err != nil {
 			return nil, errors.Errorf("failed to create gcp tag bindings client: %v", err)
 		}
 		params.TagBindingsClient = tagBindingsClient
 	}
 	if params.CredentialsClient == nil {
 		var credentialsClient *credentials.IamCredentialsClient
-		credentialsClient, err = newIamCredentialsClient(ctx, params.GCPManagedCluster.Spec.CredentialsRef, params.Client)
+		credentialsClient, err = newIamCredentialsClient(ctx, params.GCPManagedCluster.Spec.CredentialsRef, params.Client, params.GCPManagedCluster.Spec.ServiceEndpoints)
 		if err != nil {
 			return nil, errors.Errorf("failed to create gcp credentials client: %v", err)
 		}

cloud/scope/managedcontrolplane.go

@@ -71,14 +71,14 @@ func NewManagedMachinePoolScope(ctx context.Context, params ManagedMachinePoolSc
 	}
 
 	if params.ManagedClusterClient == nil {
-		managedClusterClient, err := newClusterManagerClient(ctx, params.GCPManagedCluster.Spec.CredentialsRef, params.Client)
+		managedClusterClient, err := newClusterManagerClient(ctx, params.GCPManagedCluster.Spec.CredentialsRef, params.Client, params.GCPManagedCluster.Spec.ServiceEndpoints)
 		if err != nil {
 			return nil, errors.Errorf("failed to create gcp managed cluster client: %v", err)
 		}
 		params.ManagedClusterClient = managedClusterClient
 	}
 	if params.InstanceGroupManagersClient == nil {
-		instanceGroupManagersClient, err := newInstanceGroupManagerClient(ctx, params.GCPManagedCluster.Spec.CredentialsRef, params.Client)
+		instanceGroupManagersClient, err := newInstanceGroupManagerClient(ctx, params.GCPManagedCluster.Spec.CredentialsRef, params.Client, params.GCPManagedCluster.Spec.ServiceEndpoints)
 		if err != nil {
 			return nil, errors.Errorf("failed to create gcp instance group manager client: %v", err)
 		}

cloud/scope/managedmachinepool.go

@@ -324,6 +324,36 @@ spec:
                   - value
                   type: object
                 type: array
+              serviceEndpoints:
+                description: |-
+                  ServiceEndpoints contains the custom GCP Service Endpoint urls for each applicable service.
+                  For instance, the user can specify a new endpoint for the compute service.
+                properties:
+                  compute:
+                    description: ComputeServiceEndpoint is the custom endpoint url
+                      for the Compute Service
+                    format: uri
+                    pattern: ^https://
+                    type: string
+                  container:
+                    description: ContainerServiceEndpoint is the custom endpoint url
+                      for the Container Service
+                    format: uri
+                    pattern: ^https://
+                    type: string
+                  iam:
+                    description: IAMServiceEndpoint is the custom endpoint url for
+                      the IAM Service
+                    format: uri
+                    pattern: ^https://
+                    type: string
+                  resourceManager:
+                    description: ResourceManagerServiceEndpoint is the custom endpoint
+                      url for the Resource Manager Service
+                    format: uri
+                    pattern: ^https://
+                    type: string
+                type: object
             required:
             - project
             - region

config/crd/bases/infrastructure.cluster.x-k8s.io_gcpclusters.yaml

@@ -341,6 +341,36 @@ spec:
                           - value
                           type: object
                         type: array
+                      serviceEndpoints:
+                        description: |-
+                          ServiceEndpoints contains the custom GCP Service Endpoint urls for each applicable service.
+                          For instance, the user can specify a new endpoint for the compute service.
+                        properties:
+                          compute:
+                            description: ComputeServiceEndpoint is the custom endpoint
+                              url for the Compute Service
+                            format: uri
+                            pattern: ^https://
+                            type: string
+                          container:
+                            description: ContainerServiceEndpoint is the custom endpoint
+                              url for the Container Service
+                            format: uri
+                            pattern: ^https://
+                            type: string
+                          iam:
+                            description: IAMServiceEndpoint is the custom endpoint
+                              url for the IAM Service
+                            format: uri
+                            pattern: ^https://
+                            type: string
+                          resourceManager:
+                            description: ResourceManagerServiceEndpoint is the custom
+                              endpoint url for the Resource Manager Service
+                            format: uri
+                            pattern: ^https://
+                            type: string
+                        type: object
                     required:
                     - project
                     - region