Implement Boxcutter applier, revision controller

Author: thetechnick

api/v1/clusterextensionrevision_types.go

@@ -0,0 +1,122 @@
+/*
+Copyright 2024.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/types"
+)
+
+const ClusterExtensionRevisionKind = "ClusterExtensionRevision"
+
+// ClusterExtensionRevisionSpec defines the desired state of ClusterExtensionRevision.
+type ClusterExtensionRevisionSpec struct {
+	// Specifies the lifecycle state of the ClusterExtensionRevision.
+	// +kubebuilder:default="Active"
+	// +kubebuilder:validation:Enum=Active;Paused;Archived
+	// +kubebuilder:validation:XValidation:rule="oldSelf == "Active" || oldSelf == "Paused" || oldSelf == 'Archived' && oldSelf == self", message="can not un-archive"
+	LifecycleState ClusterExtensionRevisionLifecycleState `json:"lifecycleState,omitempty"`
+	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf", message="revision is immutable"
+	Revision int64 `json:"revision"`
+	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf", message="phases is immutable"
+	Phases []ClusterExtensionRevisionPhase `json:"phases"`
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf", message="previous is immutable"
+	Previous []ClusterExtensionRevisionPrevious `json:"previous"`
+}
+
+// ClusterExtensionRevisionLifecycleState specifies the lifecycle state of the ClusterExtensionRevision.
+type ClusterExtensionRevisionLifecycleState string
+
+const (
+	// ClusterExtensionRevisionLifecycleStateActive / "Active" is the default lifecycle state.
+	ClusterExtensionRevisionLifecycleStateActive ClusterExtensionRevisionLifecycleState = "Active"
+	// ClusterExtensionRevisionLifecycleStatePaused / "Paused" disables reconciliation of the ClusterExtensionRevision.
+	// Only Status updates will still propagated, but object changes will not be reconciled.
+	ClusterExtensionRevisionLifecycleStatePaused ClusterExtensionRevisionLifecycleState = "Paused"
+	// ClusterExtensionRevisionLifecycleStateArchived / "Archived" disables reconciliation while also "scaling to zero",
+	// which deletes all objects that are not excluded via the pausedFor property and
+	// removes itself from the owner list of all other objects previously under management.
+	ClusterExtensionRevisionLifecycleStateArchived ClusterExtensionRevisionLifecycleState = "Archived"
+)
+
+type ClusterExtensionRevisionPhase struct {
+	Name    string                           `json:"name"`
+	Objects []ClusterExtensionRevisionObject `json:"objects"`
+}
+
+type ClusterExtensionRevisionObject struct {
+	// +kubebuilder:validation:EmbeddedResource
+	// +kubebuilder:pruning:PreserveUnknownFields
+	Object unstructured.Unstructured `json:"object"`
+}
+
+type ClusterExtensionRevisionPrevious struct {
+	// +kubebuilder:validation:Required
+	Name string `json:"name"`
+	// +kubebuilder:validation:Required
+	UID types.UID `json:"uid"`
+}
+
+// ClusterExtensionRevisionStatus defines the observed state of a ClusterExtensionRevision.
+type ClusterExtensionRevisionStatus struct {
+	// +patchMergeKey=type
+	// +patchStrategy=merge
+	// +listType=map
+	// +listMapKey=type
+	// +optional
+	Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"`
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:resource:scope=Cluster
+// +kubebuilder:subresource:status
+
+// ClusterExtensionRevision is the Schema for the clusterextensionrevisions API
+type ClusterExtensionRevision struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	// spec is an optional field that defines the desired state of the ClusterExtension.
+	// +optional
+	Spec ClusterExtensionRevisionSpec `json:"spec,omitempty"`
+
+	// status is an optional field that defines the observed state of the ClusterExtension.
+	// +optional
+	Status ClusterExtensionRevisionStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// ClusterExtensionRevisionList contains a list of ClusterExtensionRevision
+type ClusterExtensionRevisionList struct {
+	metav1.TypeMeta `json:",inline"`
+
+	// +optional
+	metav1.ListMeta `json:"metadata,omitempty"`
+
+	// items is a required list of ClusterExtensionRevision objects.
+	//
+	// +kubebuilder:validation:Required
+	Items []ClusterExtensionRevision `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&ClusterExtensionRevision{}, &ClusterExtensionRevisionList{})
+}

api/v1/zz_generated.deepcopy.go

@@ -32,13 +32,18 @@ import (
 	"github.com/spf13/cobra"
 	rbacv1 "k8s.io/api/rbac/v1"
 	apiextensionsv1client "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1"
+	"k8s.io/apimachinery/pkg/labels"
 	k8slabels "k8s.io/apimachinery/pkg/labels"
+	"k8s.io/apimachinery/pkg/selection"
 	k8stypes "k8s.io/apimachinery/pkg/types"
 	apimachineryrand "k8s.io/apimachinery/pkg/util/rand"
+	"k8s.io/client-go/discovery"
 	corev1client "k8s.io/client-go/kubernetes/typed/core/v1"
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
+	"k8s.io/client-go/rest"
 	"k8s.io/klog/v2"
 	"k8s.io/utils/ptr"
+	"pkg.package-operator.run/boxcutter/managedcache"
 	ctrl "sigs.k8s.io/controller-runtime"
 	crcache "sigs.k8s.io/controller-runtime/pkg/cache"
 	"sigs.k8s.io/controller-runtime/pkg/certwatcher"
@@ -272,7 +277,8 @@ func run() error {
 			"Metrics will not be served since the TLS certificate and key file are not provided.")
 	}
 
-	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
+	restConfig := ctrl.GetConfigOrDie()
+	mgr, err := ctrl.NewManager(restConfig, ctrl.Options{
 		Scheme:                        scheme.Scheme,
 		Metrics:                       metricsServerOptions,
 		PprofBindAddress:              cfg.pprofAddr,
@@ -462,6 +468,31 @@ func run() error {
 		return err
 	}
 
+	// Boxcutter
+	discoveryClient, err := discovery.NewDiscoveryClientForConfig(restConfig)
+	if err != nil {
+		setupLog.Error(err, "unable to create discovery client")
+		return err
+	}
+	mapFunc := func(ctx context.Context, ce *ocv1.ClusterExtension, c *rest.Config, o crcache.Options) (*rest.Config, crcache.Options, error) {
+		// TODO: Rest Config Mapping / change ServiceAccount
+
+		// Cache scoping
+		req1, err := labels.NewRequirement(
+			controllers.ClusterExtensionRevisionOwnerLabel, selection.Equals, []string{ce.Name})
+		if err != nil {
+			return nil, o, err
+		}
+		o.DefaultLabelSelector = labels.NewSelector().Add(*req1)
+
+		return c, o, nil
+	}
+	accessManager := managedcache.NewObjectBoundAccessManager[*ocv1.ClusterExtension](
+		ctrl.Log.WithName("accessmanager"), mapFunc, restConfig, crcache.Options{
+			Scheme: mgr.GetScheme(), Mapper: mgr.GetRESTMapper(),
+		})
+	// Boxcutter
+
 	if err = (&controllers.ClusterExtensionReconciler{
 		Client:                cl,
 		Resolver:              resolver,
@@ -476,6 +507,17 @@ func run() error {
 		return err
 	}
 
+	if err = (&controllers.ClusterExtensionRevisionReconciler{
+		Client:          cl,
+		AccessManager:   accessManager,
+		Scheme:          mgr.GetScheme(),
+		RestMapper:      mgr.GetRESTMapper(),
+		DiscoveryClient: discoveryClient,
+	}).SetupWithManager(mgr); err != nil {
+		setupLog.Error(err, "unable to create controller", "controller", "ClusterExtension")
+		return err
+	}
+
 	if err = (&controllers.ClusterCatalogReconciler{
 		Client:                cl,
 		CatalogCache:          catalogClientBackend,