Skip to content

Commit

Permalink
Merge pull request #973 from Kuadrant/dns_tls_v1
Browse files Browse the repository at this point in the history
Move DNS and TLS Policies to v1
  • Loading branch information
mikenairn authored Nov 5, 2024
2 parents 87a5613 + cc1b41f commit 0d304ad
Show file tree
Hide file tree
Showing 55 changed files with 298 additions and 306 deletions.
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -296,7 +296,7 @@ endef

.PHONY: manifests
manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
$(CONTROLLER_GEN) crd paths="./api/v1alpha1;./api/v1beta1;./api/v1beta3" output:crd:artifacts:config=config/crd/bases
$(CONTROLLER_GEN) crd paths="./api/v1beta1;./api/v1beta3;./api/v1" output:crd:artifacts:config=config/crd/bases
$(CONTROLLER_GEN) rbac:roleName=manager-role webhook paths="./..."

.PHONY: dependencies-manifests
Expand Down
10 changes: 5 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -48,12 +48,12 @@ to operate the cluster ingress gateway to provide API management with **authenti

The kuadrant control plane owns the following [Custom Resource Definitions, CRDs](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/):

| CRD | Description | Example |
|-----------------------------------------------------------------------------------------------------|----------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------|
| AuthPolicy CRD [\[doc\]](doc/auth.md) [[reference]](doc/reference/authpolicy.md) | Enable AuthN and AuthZ based access control on workloads | [AuthPolicy CR](https://github.com/Kuadrant/kuadrant-operator/blob/main/examples/toystore/authpolicy.yaml) |
| CRD | Description | Example |
|-----------------------------------------------------------------------------------------------------|----------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------|
| AuthPolicy CRD [\[doc\]](doc/auth.md) [[reference]](doc/reference/authpolicy.md) | Enable AuthN and AuthZ based access control on workloads | [AuthPolicy CR](https://github.com/Kuadrant/kuadrant-operator/blob/main/examples/toystore/authpolicy.yaml) |
| RateLimitPolicy CRD [\[doc\]](doc/rate-limiting.md) [[reference]](doc/reference/ratelimitpolicy.md) | Enable access control on workloads based on HTTP rate limiting | [RateLimitPolicy CR](https://raw.githubusercontent.com/Kuadrant/kuadrant-operator/main/examples/toystore/ratelimitpolicy_httproute.yaml) |
| DNSPolicy CRD [\[doc\]](doc/dns.md) [[reference]](doc/reference/dnspolicy.md) | Enable DNS management | [DNSPolicy CR](config/samples/kuadrant_v1alpha1_dnspolicy.yaml) |
| TLSPolicy CRD [\[doc\]](doc/tls.md) [[reference]](doc/reference/tlspolicy.md) | Enable TLS management | [TLSPolicy CR](config/samples/kuadrant_v1alpha1_tlspolicy.yaml) |
| DNSPolicy CRD [\[doc\]](doc/dns.md) [[reference]](doc/reference/dnspolicy.md) | Enable DNS management | [DNSPolicy CR](config/samples/kuadrant_v1_dnspolicy.yaml) |
| TLSPolicy CRD [\[doc\]](doc/tls.md) [[reference]](doc/reference/tlspolicy.md) | Enable TLS management | [TLSPolicy CR](config/samples/kuadrant_v1_tlspolicy.yaml) |

Additionally, Kuadrant provides the following CRDs

Expand Down
37 changes: 35 additions & 2 deletions api/v1alpha1/dnspolicy_types.go → api/v1/dnspolicy_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,20 +14,23 @@ See the License for the specific language governing permissions and
limitations under the License.
*/

package v1alpha1
package v1

import (
"fmt"
"net"
"strings"

dnsv1alpha1 "github.com/kuadrant/dns-operator/api/v1alpha1"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/utils/ptr"
gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1"
gatewayapiv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"

dnsv1alpha1 "github.com/kuadrant/dns-operator/api/v1alpha1"
"github.com/kuadrant/policy-machinery/machinery"

kuadrantgatewayapi "github.com/kuadrant/kuadrant-operator/pkg/library/gatewayapi"
"github.com/kuadrant/kuadrant-operator/pkg/library/kuadrant"
"github.com/kuadrant/kuadrant-operator/pkg/library/utils"
Expand All @@ -38,6 +41,11 @@ const (
WildcardGeo GeoCode = "*"
)

var (
DNSPoliciesResource = GroupVersion.WithResource("dnspolicies")
DNSPolicyGroupKind = schema.GroupKind{Group: GroupVersion.Group, Kind: "DNSPolicy"}
)

// DNSPolicySpec defines the desired state of DNSPolicy
type DNSPolicySpec struct {
// targetRef identifies an API object to apply policy to.
Expand Down Expand Up @@ -161,6 +169,31 @@ type DNSPolicy struct {
Status DNSPolicyStatus `json:"status,omitempty"`
}

var _ machinery.Policy = &DNSPolicy{}

func (p *DNSPolicy) GetTargetRefs() []machinery.PolicyTargetReference {
return []machinery.PolicyTargetReference{
machinery.LocalPolicyTargetReferenceWithSectionName{
LocalPolicyTargetReferenceWithSectionName: p.Spec.TargetRef,
PolicyNamespace: p.Namespace,
},
}
}

func (p *DNSPolicy) GetMergeStrategy() machinery.MergeStrategy {
return func(policy machinery.Policy, _ machinery.Policy) machinery.Policy {
return policy
}
}

func (p *DNSPolicy) Merge(other machinery.Policy) machinery.Policy {
return other
}

func (p *DNSPolicy) GetLocator() string {
return machinery.LocatorFromObject(p)
}

func (p *DNSPolicy) Validate() error {
return p.Spec.ExcludeAddresses.Validate()
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,10 @@ See the License for the specific language governing permissions and
limitations under the License.
*/

// Package v1alpha1 contains API Schema definitions for the kuadrant.io v1alpha1 API group
// Package v1 contains API Schema definitions for the kuadrant.io v1 API group
// +kubebuilder:object:generate=true
// +groupName=kuadrant.io
package v1alpha1
package v1

import (
"k8s.io/apimachinery/pkg/runtime/schema"
Expand All @@ -26,7 +26,7 @@ import (

var (
// GroupVersion is group version used to register these objects
GroupVersion = schema.GroupVersion{Group: "kuadrant.io", Version: "v1alpha1"}
GroupVersion = schema.GroupVersion{Group: "kuadrant.io", Version: "v1"}

// SchemeBuilder is used to add go types to the GroupVersionKind scheme
SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
Expand Down
1 change: 1 addition & 0 deletions api/v1/merge_strategies.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ func NewMergeableRule(rule MergeableRule, defaultSource string) MergeableRule {

// MergeableRule is a policy rule that contains a spec which can be traced back to its source,
// i.e. to the policy where the rule spec was defined.
// +kubebuilder:object:generate=false
type MergeableRule interface {
GetSpec() any
GetSource() string
Expand Down
36 changes: 35 additions & 1 deletion api/v1alpha1/tlspolicy_types.go → api/v1/tlspolicy_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,20 +14,29 @@ See the License for the specific language governing permissions and
limitations under the License.
*/

package v1alpha1
package v1

import (
certmanv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
certmanmetav1 "github.com/cert-manager/cert-manager/pkg/apis/meta/v1"

metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime/schema"
gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1"
gatewayapiv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"

"github.com/kuadrant/policy-machinery/machinery"

kuadrantgatewayapi "github.com/kuadrant/kuadrant-operator/pkg/library/gatewayapi"
"github.com/kuadrant/kuadrant-operator/pkg/library/kuadrant"
"github.com/kuadrant/kuadrant-operator/pkg/library/utils"
)

var (
TLSPoliciesResource = GroupVersion.WithResource("tlspolicies")
TLSPolicyGroupKind = schema.GroupKind{Group: GroupVersion.Group, Kind: "TLSPolicy"}
)

// TLSPolicySpec defines the desired state of TLSPolicy
type TLSPolicySpec struct {
// TargetRef identifies an API object to apply policy to.
Expand Down Expand Up @@ -136,6 +145,31 @@ type TLSPolicy struct {
Status TLSPolicyStatus `json:"status,omitempty"`
}

var _ machinery.Policy = &TLSPolicy{}

func (p *TLSPolicy) GetTargetRefs() []machinery.PolicyTargetReference {
return []machinery.PolicyTargetReference{
machinery.LocalPolicyTargetReference{
LocalPolicyTargetReference: p.Spec.TargetRef,
PolicyNamespace: p.Namespace,
},
}
}

func (p *TLSPolicy) GetMergeStrategy() machinery.MergeStrategy {
return func(policy machinery.Policy, _ machinery.Policy) machinery.Policy {
return policy
}
}

func (p *TLSPolicy) Merge(other machinery.Policy) machinery.Policy {
return other
}

func (p *TLSPolicy) GetLocator() string {
return machinery.LocatorFromObject(p)
}

// Deprecated: kuadrant.Policy.
func (p *TLSPolicy) Kind() string {
return TLSPolicyGroupKind.Kind
Expand Down

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

65 changes: 0 additions & 65 deletions api/v1alpha1/topology.go

This file was deleted.

10 changes: 5 additions & 5 deletions bundle/manifests/kuadrant-operator.clusterserviceversion.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ metadata:
alm-examples: |-
[
{
"apiVersion": "kuadrant.io/v1alpha1",
"apiVersion": "kuadrant.io/v1",
"kind": "DNSPolicy",
"metadata": {
"name": "dnspolicy-sample"
Expand All @@ -23,7 +23,7 @@ metadata:
}
},
{
"apiVersion": "kuadrant.io/v1alpha1",
"apiVersion": "kuadrant.io/v1",
"kind": "TLSPolicy",
"metadata": {
"name": "tlspolicy-sample"
Expand Down Expand Up @@ -106,7 +106,7 @@ metadata:
capabilities: Basic Install
categories: Integration & Delivery
containerImage: quay.io/kuadrant/kuadrant-operator:latest
createdAt: "2024-11-05T09:44:13Z"
createdAt: "2024-11-05T10:52:01Z"
description: A Kubernetes Operator to manage the lifecycle of the Kuadrant system
operators.operatorframework.io/builder: operator-sdk-v1.32.0
operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
Expand All @@ -126,7 +126,7 @@ spec:
displayName: DNSPolicy
kind: DNSPolicy
name: dnspolicies.kuadrant.io
version: v1alpha1
version: v1
- description: Kuadrant configures installations of Kuadrant Service Protection
components
displayName: Kuadrant
Expand All @@ -144,7 +144,7 @@ spec:
displayName: TLSPolicy
kind: TLSPolicy
name: tlspolicies.kuadrant.io
version: v1alpha1
version: v1
description: A Kubernetes Operator to manage the lifecycle of the Kuadrant system
displayName: Kuadrant Operator
icon:
Expand Down
Loading

0 comments on commit 0d304ad

Please sign in to comment.