Implement cluster reconciler.

Closes #2.

Author: Gerrit91

Makefile

@@ -53,7 +53,7 @@ release-manifests: $(KUSTOMIZE) ## Builds the manifests to publish with a releas
 ##@ Development
 
 .PHONY: push-to-capi-lab
-push-to-capi-lab: build
+push-to-capi-lab: generate manifests build install deploy
 	docker build -t $(IMG) -f Dockerfile.dev .
 	kind --name metal-control-plane load docker-image capms-controller:latest
 	kubectl --kubeconfig=$(KUBECONFIG) patch deployments.apps -n capms-system capms-controller-manager --patch='{"spec":{"template":{"spec":{"containers":[{"name": "manager","imagePullPolicy":"IfNotPresent","image":"$(IMG)"}]}}}}'
@@ -154,6 +154,10 @@ ifndef ignore-not-found
   ignore-not-found = false
 endif
 
+# this is configured to work with the capi-lab
+export METAL_API_URL := "http://metal.172.17.0.1.nip.io:8080"
+export METAL_API_HMAC := "metal-admin"
+
 .PHONY: install
 install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
 	$(KUSTOMIZE) build config/crd | $(KUBECTL) apply -f -
@@ -165,11 +169,11 @@ uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified
 .PHONY: deploy
 deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
 	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
-	$(KUSTOMIZE) build config/default | $(KUBECTL) apply -f -
+	$(KUSTOMIZE) build config/default | envsubst | $(KUBECTL) apply -f -
 
 .PHONY: undeploy
 undeploy: kustomize ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
-	$(KUSTOMIZE) build config/default | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f -
+	$(KUSTOMIZE) build config/default | envsubst | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f -
 
 ##@ Dependencies
 

api/v1alpha1/metalstackcluster_types.go

@@ -19,7 +19,18 @@ package v1alpha1
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
+	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 	capierrors "sigs.k8s.io/cluster-api/errors"
+
+	fcmv2 "github.com/metal-stack/firewall-controller-manager/api/v2"
+)
+
+const (
+	// ClusterFinalizer allows to clean up resources associated with before removing it from the apiserver.
+	ClusterFinalizer = "metal-stack.infrastructure.cluster.x-k8s.io/cluster"
+
+	ClusterNodeNetworkEnsured      clusterv1.ConditionType = "ClusterNodeNetworkEnsured"
+	ClusterFirewallDeploymentReady clusterv1.ConditionType = "ClusterFirewallDeploymentReady"
 )
 
 // EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
@@ -32,10 +43,13 @@ type MetalStackClusterSpec struct {
 	ControlPlaneEndpoint APIEndpoint `json:"controlPlaneEndpoint,omitempty"`
 
 	// ProjectID is the project id of the project in metal-stack in which the associated metal-stack resources are created
-	ProjectID string `json:"projectID,omitempty"`
+	ProjectID string `json:"projectID"`
 
 	// Partition is the data center partition in which the resources are created
-	Partition string `json:"partition,omitempty"`
+	Partition string `json:"partition"`
+
+	// Firewall describes the firewall for this cluster
+	Firewall Firewall `json:"firewall"`
 }
 
 // APIEndpoint represents a reachable Kubernetes API endpoint.
@@ -47,6 +61,31 @@ type APIEndpoint struct {
 	Port int `json:"port"`
 }
 
+// Firewall defines parameters for the firewall creation along with configuration for the firewall-controller.
+type Firewall struct {
+	// Size is the machine size of the firewall.
+	// An update on this field requires the recreation of the physical firewall and can therefore lead to traffic interruption for the cluster.
+	Size string `json:"size"`
+	// Image is the os image of the firewall.
+	// An update on this field requires the recreation of the physical firewall and can therefore lead to traffic interruption for the cluster.
+	Image string `json:"image"`
+	// AdditionalNetworks are the networks to which this firewall is connected.
+	// An update on this field requires the recreation of the physical firewall and can therefore lead to traffic interruption for the cluster.
+	// +optional
+	AdditionalNetworks []string `json:"networks,omitempty"`
+
+	// RateLimits allows configuration of rate limit rules for interfaces.
+	// +optional
+	RateLimits []fcmv2.RateLimit `json:"rateLimits,omitempty"`
+	// EgressRules contains egress rules configured for this firewall.
+	// +optional
+	EgressRules []fcmv2.EgressRuleSNAT `json:"egressRules,omitempty"`
+
+	// LogAcceptedConnections if set to true, also log accepted connections in the droptailer log.
+	// +optional
+	LogAcceptedConnections *bool `json:"logAcceptedConnections,omitempty"`
+}
+
 // MetalStackClusterStatus defines the observed state of MetalStackCluster.
 type MetalStackClusterStatus struct {
 	// FailureReason indicates that there is a fatal problem reconciling the
@@ -62,6 +101,10 @@ type MetalStackClusterStatus struct {
 
 	// Ready denotes that the cluster is ready.
 	Ready bool `json:"ready"`
+
+	// Conditions defines current service state of the Metal3Cluster.
+	// +optional
+	Conditions clusterv1.Conditions `json:"conditions,omitempty"`
 }
 
 // +kubebuilder:object:root=true
@@ -88,3 +131,13 @@ type MetalStackClusterList struct {
 func init() {
 	SchemeBuilder.Register(&MetalStackCluster{}, &MetalStackClusterList{})
 }
+
+// GetConditions returns the list of conditions.
+func (c *MetalStackCluster) GetConditions() clusterv1.Conditions {
+	return c.Status.Conditions
+}
+
+// SetConditions will set the given conditions.
+func (c *MetalStackCluster) SetConditions(conditions clusterv1.Conditions) {
+	c.Status.Conditions = conditions
+}

api/v1alpha1/metalstackmachine_types.go

@@ -20,6 +20,11 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
+const (
+	// MachineFinalizer allows to clean up resources associated with before removing it from the apiserver.
+	MachineFinalizer = "metal-stack.infrastructure.cluster.x-k8s.io/machine"
+)
+
 // EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
 // NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
 

api/v1alpha1/zz_generated.deepcopy.go

@@ -18,6 +18,7 @@ package main
 
 import (
 	"crypto/tls"
+	"errors"
 	"flag"
 	"os"
 
@@ -37,6 +38,9 @@ import (
 
 	infrastructurev1alpha1 "github.com/metal-stack/cluster-api-provider-metal-stack/api/v1alpha1"
 	"github.com/metal-stack/cluster-api-provider-metal-stack/internal/controller"
+	fcmv2 "github.com/metal-stack/firewall-controller-manager/api/v2"
+	metalgo "github.com/metal-stack/metal-go"
+	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 	// +kubebuilder:scaffold:imports
 )
 
@@ -47,6 +51,8 @@ var (
 
 func init() {
 	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
+	utilruntime.Must(clusterv1.AddToScheme(scheme))
+	utilruntime.Must(fcmv2.AddToScheme(scheme))
 
 	utilruntime.Must(infrastructurev1alpha1.AddToScheme(scheme))
 	// +kubebuilder:scaffold:scheme
@@ -77,6 +83,12 @@ func main() {
 
 	ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
 
+	metalClient, err := newMetalClient()
+	if err != nil {
+		setupLog.Error(err, "unable to initialize metal-api client")
+		os.Exit(1)
+	}
+
 	// if the enable-http2 flag is false (the default), http/2 should be disabled
 	// due to its vulnerabilities. More specifically, disabling http/2 will
 	// prevent from being vulnerable to the HTTP/2 Stream Cancellation and
@@ -144,9 +156,12 @@ func main() {
 		os.Exit(1)
 	}
 
+	ctx := ctrl.SetupSignalHandler()
+
 	if err = (&controller.MetalStackClusterReconciler{
-		Client: mgr.GetClient(),
-		Scheme: mgr.GetScheme(),
+		MetalClient: metalClient,
+		Client:      mgr.GetClient(),
+		Scheme:      mgr.GetScheme(),
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "MetalStackCluster")
 		os.Exit(1)
@@ -170,8 +185,22 @@ func main() {
 	}
 
 	setupLog.Info("starting manager")
-	if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil {
+	if err := mgr.Start(ctx); err != nil {
 		setupLog.Error(err, "problem running manager")
 		os.Exit(1)
 	}
 }
+
+func newMetalClient() (metalgo.Client, error) {
+	url := os.Getenv("METAL_API_URL")
+	if url == "" {
+		return nil, errors.New("METAL_API_URL environment variable must be set")
+	}
+
+	hmac := os.Getenv("METAL_API_HMAC")
+	if url == "" {
+		return nil, errors.New("METAL_API_HMAC environment variable must be set")
+	}
+
+	return metalgo.NewDriver(url, "", hmac)
+}