RosaNetwork

Author: mzazrivec

PROJECT

@@ -58,3 +58,6 @@ resources:
 - group: infrastructure
   version: v1beta2
   kind: AWSManagedCluster
+- group: infrastructure
+  kind: RosaNetwork
+  version: v1beta2

config/crd/bases/infrastructure.cluster.x-k8s.io_rosanetworks.yaml

@@ -0,0 +1,196 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.16.5
+  name: rosanetworks.infrastructure.cluster.x-k8s.io
+spec:
+  group: infrastructure.cluster.x-k8s.io
+  names:
+    categories:
+    - cluster-api
+    kind: RosaNetwork
+    listKind: RosaNetworkList
+    plural: rosanetworks
+    shortNames:
+    - rosanet
+    singular: rosanetwork
+  scope: Namespaced
+  versions:
+  - name: v1beta2
+    schema:
+      openAPIV3Schema:
+        description: RosaNetwork is the Schema for the rosanetworks API
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: RosaNetworkSpec defines the desired state of RosaNetwork
+            properties:
+              availabilityZoneCount:
+                default: 1
+                description: |-
+                  The number of availability zones to be used for creation of the network infrastructure.
+                  You can specify anything between one and four, depending on the chosen AWS region.
+                type: integer
+              availabilityZones:
+                description: |-
+                  The list of availability zones to be used for creation of the network infrastructure.
+                  You can specify anything between one and four valid availability zones from a given region.
+                  Should you specify both the availabilityZoneCount and availabilityZones, the list of availability zones takes preference.
+                items:
+                  type: string
+                type: array
+              cidrBlock:
+                description: CIDR block to be used for the VPC
+                format: cidr
+                type: string
+              identityRef:
+                description: |-
+                  IdentityRef is a reference to an identity to be used when reconciling rosa network.
+                  If no identity is specified, the default identity for this controller will be used.
+                properties:
+                  kind:
+                    description: Kind of the identity.
+                    enum:
+                    - AWSClusterControllerIdentity
+                    - AWSClusterRoleIdentity
+                    - AWSClusterStaticIdentity
+                    type: string
+                  name:
+                    description: Name of the identity.
+                    minLength: 1
+                    type: string
+                required:
+                - kind
+                - name
+                type: object
+              region:
+                description: The AWS region in which the components of ROSA network
+                  infrastruture are to be crated
+                type: string
+            required:
+            - cidrBlock
+            - region
+            type: object
+          status:
+            description: RosaNetworkStatus defines the observed state of RosaNetwork
+            properties:
+              conditions:
+                description: Conditions specifies the conditions for RosaNetwork
+                items:
+                  description: Condition defines an observation of a Cluster API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: |-
+                        Last time the condition transitioned from one status to another.
+                        This should be when the underlying condition changed. If that is not known, then using the time when
+                        the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: |-
+                        A human readable message indicating details about the transition.
+                        This field may be empty.
+                      type: string
+                    reason:
+                      description: |-
+                        The reason for the condition's last transition in CamelCase.
+                        The specific API may choose whether or not this field is considered a guaranteed API.
+                        This field may be empty.
+                      type: string
+                    severity:
+                      description: |-
+                        severity provides an explicit classification of Reason code, so the users or machines can immediately
+                        understand the current situation and act accordingly.
+                        The Severity field MUST be set only when Status=False.
+                      type: string
+                    status:
+                      description: status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: |-
+                        type of condition in CamelCase or in foo.example.com/CamelCase.
+                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+                        can be useful (see .node.status.conditions), the ability to deconflict is important.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - status
+                  - type
+                  type: object
+                type: array
+              resources:
+                description: Resources created in the cloudformation stack
+                items:
+                  description: CFResource groups information pertaining to a resource
+                    created as a part of a cloudformation stack
+                  properties:
+                    ID:
+                      description: Identified of the created resource. Will be filled
+                        in once the resource is created & ready
+                      type: string
+                    reason:
+                      description: Message pertaining to the status of the resource
+                      type: string
+                    resource:
+                      description: 'Name of the created resource: NATGateway1, VPC,
+                        SecurityGroup, ...'
+                      type: string
+                    status:
+                      description: 'Status of the resource: CREATE_IN_PROGRESS, CREATE_COMPLETE,
+                        ...'
+                      type: string
+                  required:
+                  - ID
+                  - reason
+                  - resource
+                  - status
+                  type: object
+                type: array
+              subnets:
+                description: Array of created private, public subnets and availability
+                  zones, grouped by availability zones
+                items:
+                  description: RosaNetworkSubnet groups public and private subnet
+                    and the availability zone in which the two subnets got created
+                  properties:
+                    availabilityZone:
+                      description: Availability zone of the subnet pair
+                      type: string
+                    privateSubnet:
+                      description: ID of the private subnet
+                      type: string
+                    publicSubnet:
+                      description: ID of the public subnet
+                      type: string
+                  required:
+                  - availabilityZone
+                  - privateSubnet
+                  - publicSubnet
+                  type: object
+                type: array
+            required:
+            - resources
+            - subnets
+            type: object
+        type: object
+    served: true
+    storage: true

config/crd/kustomization.yaml

@@ -24,6 +24,7 @@ resources:
 - bases/controlplane.cluster.x-k8s.io_rosacontrolplanes.yaml
 - bases/infrastructure.cluster.x-k8s.io_rosaclusters.yaml
 - bases/infrastructure.cluster.x-k8s.io_rosamachinepools.yaml
+- bases/infrastructure.cluster.x-k8s.io_rosanetworks.yaml
 # +kubebuilder:scaffold:crdkustomizeresource
 
 patchesStrategicMerge:
@@ -38,6 +39,7 @@ patchesStrategicMerge:
 - patches/webhook_in_awsmanagedcontrolplanes.yaml
 - patches/webhook_in_eksconfigs.yaml
 - patches/webhook_in_eksconfigtemplates.yaml
+#- patches/webhook_in_rosanetworks.yaml
   # +kubebuilder:scaffold:crdkustomizewebhookpatch
 
 # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
@@ -52,6 +54,7 @@ patchesStrategicMerge:
 - patches/cainjection_in_awsmanagedclusters.yaml
 - patches/cainjection_in_eksconfigs.yaml
 - patches/cainjection_in_eksconfigtemplates.yaml
+#- patches/cainjection_in_rosanetworks.yaml
 # +kubebuilder:scaffold:crdkustomizecainjectionpatch
 
 # [LABEL] To enable label, uncomment all the sections with [LABEL] prefix.

config/crd/patches/cainjection_in_rosanetworks.yaml

@@ -0,0 +1,8 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: rosanetworks.infrastructure.cluster.x-k8s.io

config/crd/patches/webhook_in_rosanetworks.yaml

@@ -0,0 +1,17 @@
+# The following patch enables conversion webhook for CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: rosanetworks.infrastructure.cluster.x-k8s.io
+spec:
+  conversion:
+    strategy: Webhook
+    webhookClientConfig:
+      # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
+      # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
+      caBundle: Cg==
+      service:
+        namespace: system
+        name: webhook-service
+        path: /convert

config/rbac/role.yaml

@@ -176,6 +176,7 @@ rules:
   - awsfargateprofiles/status
   - rosaclusters/status
   - rosamachinepools/status
+  - rosanetworks/status
   verbs:
   - get
   - patch
@@ -197,6 +198,7 @@ rules:
   - infrastructure.cluster.x-k8s.io
   resources:
   - awsmachines
+  - rosanetworks
   verbs:
   - create
   - delete

exp/api/v1beta2/rosanetwork_types.go

@@ -0,0 +1,128 @@
+/*
+Copyright The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta2
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	infrav1 "sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2"
+	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
+)
+
+// RosaNetworkSpec defines the desired state of RosaNetwork
+type RosaNetworkSpec struct {
+	// The AWS region in which the components of ROSA network infrastruture are to be crated
+	// +immutable
+	Region string `json:"region"`
+
+	// The number of availability zones to be used for creation of the network infrastructure.
+	// You can specify anything between one and four, depending on the chosen AWS region.
+	// +kubebuilder:default=1
+	// +optional
+	// +immutable
+	AvailabilityZoneCount int `json:"availabilityZoneCount"`
+
+	// The list of availability zones to be used for creation of the network infrastructure.
+	// You can specify anything between one and four valid availability zones from a given region.
+	// Should you specify both the availabilityZoneCount and availabilityZones, the list of availability zones takes preference.
+	// +optional
+	// +immutable
+	AvailabilityZones []string `json:"availabilityZones"`
+
+	// CIDR block to be used for the VPC
+	// +kubebuilder:validation:Format=cidr
+	// +immutable
+	CIDRBlock string `json:"cidrBlock"`
+
+	// IdentityRef is a reference to an identity to be used when reconciling rosa network.
+	// If no identity is specified, the default identity for this controller will be used.
+	//
+	// +optional
+	IdentityRef *infrav1.AWSIdentityReference `json:"identityRef,omitempty"`
+}
+
+// RosaNetworkSubnet groups public and private subnet and the availability zone in which the two subnets got created
+type RosaNetworkSubnet struct {
+	// Availability zone of the subnet pair
+	AvailabilityZone string `json:"availabilityZone"`
+
+	// ID of the public subnet
+	PublicSubnet string `json:"publicSubnet"`
+
+	// ID of the private subnet
+	PrivateSubnet string `json:"privateSubnet"`
+}
+
+// CFResource groups information pertaining to a resource created as a part of a cloudformation stack
+type CFResource struct {
+	// Name of the created resource: NATGateway1, VPC, SecurityGroup, ...
+	Resource string `json:"resource"`
+
+	// Identified of the created resource. Will be filled in once the resource is created & ready
+	ID string `json:"ID"`
+
+	// Status of the resource: CREATE_IN_PROGRESS, CREATE_COMPLETE, ...
+	Status string `json:"status"`
+
+	// Message pertaining to the status of the resource
+	Reason string `json:"reason"`
+}
+
+// RosaNetworkStatus defines the observed state of RosaNetwork
+type RosaNetworkStatus struct {
+	// Array of created private, public subnets and availability zones, grouped by availability zones
+	Subnets []RosaNetworkSubnet `json:"subnets"`
+
+	// Resources created in the cloudformation stack
+	Resources []CFResource `json:"resources"`
+
+	// Conditions specifies the conditions for RosaNetwork
+	Conditions clusterv1.Conditions `json:"conditions,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:resource:path=rosanetworks,shortName=rosanet,scope=Namespaced,categories=cluster-api
+
+// RosaNetwork is the Schema for the rosanetworks API
+type RosaNetwork struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   RosaNetworkSpec   `json:"spec,omitempty"`
+	Status RosaNetworkStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// RosaNetworkList contains a list of RosaNetwork
+type RosaNetworkList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []RosaNetwork `json:"items"`
+}
+
+const (
+	// RosaNetworkReadyCondition condition reports on the successful reconciliation of RosaNetwork.
+	RosaNetworkReadyCondition clusterv1.ConditionType = "RosaNetworkReady"
+
+	// RosaNetworkDeletionFailedReason used to report failures while deleting RosaNetwork.
+	RosaNetworkDeletionFailedReason = "DeletionFailed"
+)
+
+func init() {
+	SchemeBuilder.Register(&RosaNetwork{}, &RosaNetworkList{})
+}