powerdns-operator
diff --git a/‎api/v1alpha2/cluster_types.go‎
Lines changed: 148 additions & 39 deletions b/‎api/v1alpha2/cluster_types.go‎
Lines changed: 148 additions & 39 deletions
diff --git a/‎api/v1alpha2/zz_generated.deepcopy.go‎
Lines changed: 110 additions & 14 deletions b/‎api/v1alpha2/zz_generated.deepcopy.go‎
Lines changed: 110 additions & 14 deletions
@@ -11,48 +11,104 @@
 package v1alpha2
 
 import (
-	corev1 "k8s.io/api/core/v1"
+	"time"
+
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-// ClusterSpec defines the desired state of Cluster
-type ClusterSpec struct {
-	// ApiURL is the URL of the PowerDNS API
+// ClusterTLSConfig defines TLS configuration for PowerDNS API connection
+type ClusterTLSConfig struct {
+	// Insecure enables insecure connections to PowerDNS API (skip TLS verification)
+	// +kubebuilder:default:=false
+	// +optional
+	Insecure *bool `json:"insecure,omitempty"`
+
+	// CABundleRef is a reference to a ConfigMap or Secret containing a CA bundle
+	// +optional
+	CABundleRef *ClusterCABundleRef `json:"caBundleRef,omitempty"`
+}
+
+// ClusterCABundleRef defines a reference to a CA bundle in a ConfigMap or Secret
+type ClusterCABundleRef struct {
+	// Name is the name of the ConfigMap or Secret
 	// +kubebuilder:validation:Required
-	// +kubebuilder:validation:Pattern=`^https?://.*`
-	ApiURL string `json:"apiUrl"`
+	Name string `json:"name"`
+
+	// Namespace is the namespace of the ConfigMap or Secret
+	// If not specified, defaults to the operator namespace
+	// +optional
+	Namespace *string `json:"namespace,omitempty"`
+
+	// Kind is the kind of resource (ConfigMap or Secret)
+	// +kubebuilder:validation:Enum=ConfigMap;Secret
+	// +kubebuilder:default:="ConfigMap"
+	// +optional
+	Kind *string `json:"kind,omitempty"`
 
-	// ApiSecretRef is a reference to a Kubernetes Secret containing the PowerDNS API key
-	// The secret must contain a key named "apiKey"
+	// Key is the key in the ConfigMap or Secret containing the CA bundle
+	// +kubebuilder:default:="ca.crt"
+	// +optional
+	Key *string `json:"key,omitempty"`
+}
+
+// ClusterCredentials defines credentials configuration for PowerDNS API
+type ClusterCredentials struct {
+	// SecretRef is a reference to a Kubernetes Secret containing the PowerDNS API key
 	// +kubebuilder:validation:Required
-	ApiSecretRef corev1.SecretReference `json:"apiSecretRef"`
+	SecretRef ClusterSecretRef `json:"secretRef"`
+}
 
-	// ApiVhost is the vhost of the PowerDNS API, defaults to "localhost"
-	// +kubebuilder:default:="localhost"
+// ClusterSecretRef defines a reference to a Secret containing API credentials
+type ClusterSecretRef struct {
+	// Name is the name of the Secret
+	// +kubebuilder:validation:Required
+	Name string `json:"name"`
+
+	// Namespace is the namespace of the Secret
+	// If not specified, defaults to the cluster resource namespace
 	// +optional
-	ApiVhost *string `json:"apiVhost,omitempty"`
+	Namespace *string `json:"namespace,omitempty"`
 
-	// ApiTimeout is the timeout for PowerDNS API requests in seconds, defaults to 10
-	// +kubebuilder:default:=10
-	// +kubebuilder:validation:Minimum=1
-	// +kubebuilder:validation:Maximum=300
+	// Key is the key in the Secret containing the API key
+	// +kubebuilder:default:="apiKey"
 	// +optional
-	ApiTimeout *int `json:"apiTimeout,omitempty"`
+	Key *string `json:"key,omitempty"`
+}
 
-	// ApiInsecure enables insecure connections to PowerDNS API (skip TLS verification)
-	// +kubebuilder:default:=false
+// ClusterSpec defines the desired state of Cluster
+type ClusterSpec struct {
+	// Interval is the reconciliation interval to check the connection to the PowerDNS API
+	// +kubebuilder:default:="5m"
 	// +optional
-	ApiInsecure *bool `json:"apiInsecure,omitempty"`
+	Interval *metav1.Duration `json:"interval,omitempty"`
+
+	// URL is the URL of the PowerDNS API
+	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:Pattern=`^https?://.*`
+	URL string `json:"url"`
 
-	// ApiCAPath is the path to the certificate authority file for TLS verification
-	// This should be a path to a mounted secret or configmap in the operator pod
+	// Vhost is the vhost/server ID of the PowerDNS API, defaults to "localhost"
+	// +kubebuilder:default:="localhost"
+	// +optional
+	Vhost *string `json:"vhost,omitempty"`
+
+	// Timeout is the timeout for PowerDNS API requests, defaults to 10s
+	// +kubebuilder:default:="10s"
 	// +optional
-	ApiCAPath *string `json:"apiCAPath,omitempty"`
+	Timeout *metav1.Duration `json:"timeout,omitempty"`
 
-	// ProxyURL is the URL of the HTTP/HTTPS proxy to use for connecting to PowerDNS API
+	// Proxy is the URL of the HTTP/HTTPS proxy to use for connecting to PowerDNS API
 	// Format: http://proxy.example.com:8080 or https://proxy.example.com:8080
 	// +optional
-	ProxyURL *string `json:"proxyUrl,omitempty"`
+	Proxy *string `json:"proxy,omitempty"`
+
+	// TLS defines TLS configuration for PowerDNS API connection
+	// +optional
+	TLS *ClusterTLSConfig `json:"tls,omitempty"`
+
+	// Credentials defines credentials configuration for PowerDNS API
+	// +kubebuilder:validation:Required
+	Credentials ClusterCredentials `json:"credentials"`
 }
 
 // ClusterStatus defines the observed state of Cluster
@@ -90,7 +146,7 @@ type ClusterStatus struct {
 // +kubebuilder:subresource:status
 // +kubebuilder:resource:scope=Cluster
 
-// +kubebuilder:printcolumn:name="API URL",type="string",JSONPath=".spec.apiUrl"
+// +kubebuilder:printcolumn:name="URL",type="string",JSONPath=".spec.url"
 // +kubebuilder:printcolumn:name="Connection Status",type="string",JSONPath=".status.connectionStatus"
 // +kubebuilder:printcolumn:name="PowerDNS Version",type="string",JSONPath=".status.powerDNSVersion"
 // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
@@ -129,26 +185,79 @@ func (c *Cluster) IsConnectionHealthy() bool {
 	return c.Status.ConnectionStatus != nil && *c.Status.ConnectionStatus == "Connected"
 }
 
-// GetApiVhost returns the API vhost, defaulting to "localhost" if not specified
-func (c *Cluster) GetApiVhost() string {
-	if c.Spec.ApiVhost != nil {
-		return *c.Spec.ApiVhost
+// GetVhost returns the API vhost, defaulting to "localhost" if not specified
+func (c *Cluster) GetVhost() string {
+	if c.Spec.Vhost != nil {
+		return *c.Spec.Vhost
 	}
 	return "localhost"
 }
 
-// GetApiTimeout returns the API timeout, defaulting to 10 seconds if not specified
-func (c *Cluster) GetApiTimeout() int {
-	if c.Spec.ApiTimeout != nil {
-		return *c.Spec.ApiTimeout
+// GetTimeout returns the API timeout, defaulting to 10 seconds if not specified
+func (c *Cluster) GetTimeout() time.Duration {
+	if c.Spec.Timeout != nil {
+		return c.Spec.Timeout.Duration
 	}
-	return 10
+	return 10 * time.Second
 }
 
-// GetApiInsecure returns the API insecure setting, defaulting to false if not specified
-func (c *Cluster) GetApiInsecure() bool {
-	if c.Spec.ApiInsecure != nil {
-		return *c.Spec.ApiInsecure
+// GetInterval returns the reconciliation interval, defaulting to 5 minutes if not specified
+func (c *Cluster) GetInterval() time.Duration {
+	if c.Spec.Interval != nil {
+		return c.Spec.Interval.Duration
+	}
+	return 5 * time.Minute
+}
+
+// GetTLSInsecure returns the TLS insecure setting, defaulting to false if not specified
+func (c *Cluster) GetTLSInsecure() bool {
+	if c.Spec.TLS != nil && c.Spec.TLS.Insecure != nil {
+		return *c.Spec.TLS.Insecure
 	}
 	return false
 }
+
+// GetCredentialsSecretName returns the credentials secret name
+func (c *Cluster) GetCredentialsSecretName() string {
+	return c.Spec.Credentials.SecretRef.Name
+}
+
+// GetCredentialsSecretNamespace returns the credentials secret namespace, defaulting to cluster namespace if not specified
+func (c *Cluster) GetCredentialsSecretNamespace() string {
+	if c.Spec.Credentials.SecretRef.Namespace != nil {
+		return *c.Spec.Credentials.SecretRef.Namespace
+	}
+	return c.Namespace
+}
+
+// GetCredentialsSecretKey returns the credentials secret key, defaulting to "apiKey" if not specified
+func (c *Cluster) GetCredentialsSecretKey() string {
+	if c.Spec.Credentials.SecretRef.Key != nil {
+		return *c.Spec.Credentials.SecretRef.Key
+	}
+	return "apiKey"
+}
+
+// GetCABundleRefKind returns the CA bundle reference kind, defaulting to "ConfigMap" if not specified
+func (c *Cluster) GetCABundleRefKind() string {
+	if c.Spec.TLS != nil && c.Spec.TLS.CABundleRef != nil && c.Spec.TLS.CABundleRef.Kind != nil {
+		return *c.Spec.TLS.CABundleRef.Kind
+	}
+	return "ConfigMap"
+}
+
+// GetCABundleRefKey returns the CA bundle reference key, defaulting to "ca.crt" if not specified
+func (c *Cluster) GetCABundleRefKey() string {
+	if c.Spec.TLS != nil && c.Spec.TLS.CABundleRef != nil && c.Spec.TLS.CABundleRef.Key != nil {
+		return *c.Spec.TLS.CABundleRef.Key
+	}
+	return "ca.crt"
+}
+
+// GetCABundleRefNamespace returns the CA bundle reference namespace, defaulting to cluster namespace if not specified
+func (c *Cluster) GetCABundleRefNamespace() string {
+	if c.Spec.TLS != nil && c.Spec.TLS.CABundleRef != nil && c.Spec.TLS.CABundleRef.Namespace != nil {
+		return *c.Spec.TLS.CABundleRef.Namespace
+	}
+	return c.Namespace
+}