diff --git a/.github/workflows/manual-trigger-e2e-test.yaml b/.github/workflows/manual-trigger-e2e-test.yaml new file mode 100644 index 00000000..e69de29b diff --git a/README.md b/README.md index f45263c3..1e5f4762 100644 --- a/README.md +++ b/README.md @@ -55,5 +55,5 @@ This project is licensed under the Apache-2.0 License. [getting-started]: https://www.gateway-api-controller.eks.aws.dev/guides/getstarted/ [spec]: https://www.gateway-api-controller.eks.aws.dev/api-reference/ [concepts]: https://www.gateway-api-controller.eks.aws.dev/concepts/ -[gh_release]: https://github.com/aws/aws-application-networking-k8s/releases/tag/v1.0.2 +[gh_release]: https://github.com/aws/aws-application-networking-k8s/releases/tag/v1.0.2-rc.1 [godoc]: https://www.gateway-api-controller.eks.aws.dev/ diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index e29e91d6..7538be9a 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -13,4 +13,4 @@ configMapGenerator: images: - name: controller newName: public.ecr.aws/aws-application-networking-k8s/aws-gateway-controller - newTag: v1.0.2 + newTag: v1.0.2-rc.1 diff --git a/docs/guides/deploy.md b/docs/guides/deploy.md index eb7aef9b..a50f7e36 100644 --- a/docs/guides/deploy.md +++ b/docs/guides/deploy.md @@ -159,7 +159,7 @@ Alternatively, you can manually provide configuration variables when installing 1. Run either `kubectl` or `helm` to deploy the controller. Check [Environment Variables](../guides/environment.md) for detailed explanation of each configuration option. ```bash - kubectl apply -f examples/deploy-v1.0.2.yaml + kubectl apply -f examples/deploy-v1.0.2-rc.1.yaml ``` or ```bash @@ -168,7 +168,7 @@ Alternatively, you can manually provide configuration variables when installing # Run helm with either install or upgrade helm install gateway-api-controller \ oci://public.ecr.aws/aws-application-networking-k8s/aws-gateway-controller-chart\ - --version=v1.0.2 \ + --version=v1.0.2-rc.1 \ --set=serviceAccount.create=false --namespace aws-application-networking-system \ # use "debug" for debug level logs --set=log.level=info \ diff --git a/examples/deploy-v0.0.17.yaml b/examples/deploy-v1.0.2-rc.1.yaml similarity index 93% rename from examples/deploy-v0.0.17.yaml rename to examples/deploy-v1.0.2-rc.1.yaml index 1d7b2ea0..61954f53 100644 --- a/examples/deploy-v0.0.17.yaml +++ b/examples/deploy-v1.0.2-rc.1.yaml @@ -7,6 +7,203 @@ metadata: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: accesslogpolicies.application-networking.k8s.aws +spec: + group: application-networking.k8s.aws + names: + categories: + - gateway-api + kind: AccessLogPolicy + listKind: AccessLogPolicyList + plural: accesslogpolicies + shortNames: + - alp + singular: accesslogpolicy + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AccessLogPolicySpec defines the desired state of AccessLogPolicy. + properties: + destinationArn: + description: "The Amazon Resource Name (ARN) of the destination that + will store access logs. Supported values are S3 Bucket, CloudWatch + Log Group, and Firehose Delivery Stream ARNs. \n Changes to this + value results in replacement of the VPC Lattice Access Log Subscription." + pattern: ^arn(:[a-z0-9]+([.-][a-z0-9]+)*){2}(:([a-z0-9]+([.-][a-z0-9]+)*)?){2}:([^/].*)? + type: string + targetRef: + description: "TargetRef points to the Kubernetes Gateway, HTTPRoute, + or GRPCRoute resource that will have this policy attached. \n This + field is following the guidelines of Kubernetes Gateway API policy + attachment." + properties: + group: + description: Group is the group of the target resource. + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: Kind is kind of the target resource. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: Name is the name of the target resource. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: Namespace is the namespace of the referent. When + unspecified, the local namespace is inferred. Even when policy + targets a resource in a different namespace, it MUST only apply + to traffic originating from the same namespace as the policy. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - group + - kind + - name + type: object + required: + - destinationArn + - targetRef + type: object + status: + default: + conditions: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: NotReconciled + status: Unknown + type: Accepted + description: Status defines the current state of AccessLogPolicy. + properties: + conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Accepted + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: "Conditions describe the current conditions of the AccessLogPolicy. + \n Implementations should prefer to express Policy conditions using + the `PolicyConditionType` and `PolicyConditionReason` constants + so that operators and tools can converge on a common vocabulary + to describe AccessLogPolicy state. \n Known condition types are: + \n * \"Accepted\" * \"Ready\"" + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: api-approved.kubernetes.io: https://github.com/kubernetes-sigs/external-dns/pull/2007 @@ -6256,15 +6453,20 @@ status: apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: serviceexports.multicluster.x-k8s.io + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: iamauthpolicies.application-networking.k8s.aws spec: - group: multicluster.x-k8s.io + group: application-networking.k8s.aws names: - kind: ServiceExport - plural: serviceexports + categories: + - gateway-api + kind: IAMAuthPolicy + listKind: IAMAuthPolicyList + plural: iamauthpolicies shortNames: - - svcex - singular: serviceexport + - iap + singular: iamauthpolicy scope: Namespaced versions: - additionalPrinterColumns: @@ -6274,8 +6476,6 @@ spec: name: v1alpha1 schema: openAPIV3Schema: - description: ServiceExport declares that the Service with the same name and - namespace as this export should be consumable from other clusters. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -6289,24 +6489,98 @@ spec: type: string metadata: type: object + spec: + description: IAMAuthPolicySpec defines the desired state of IAMAuthPolicy. + When the controller handles IAMAuthPolicy creation, if the targetRef + k8s and VPC Lattice resource exists, the controller will change the + auth_type of that VPC Lattice resource to AWS_IAM and attach this policy. + When the controller handles IAMAuthPolicy deletion, if the targetRef + k8s and VPC Lattice resource exists, the controller will change the + auth_type of that VPC Lattice resource to NONE and detach this policy. + properties: + policy: + description: IAM auth policy content. It is a JSON string that uses + the same syntax as AWS IAM policies. Please check the VPC Lattice + documentation to get [the common elements in an auth policy](https://docs.aws.amazon.com/vpc-lattice/latest/ug/auth-policies.html#auth-policies-common-elements) + type: string + targetRef: + description: "TargetRef points to the Kubernetes Gateway, HTTPRoute, + or GRPCRoute resource that will have this policy attached. \n This + field is following the guidelines of Kubernetes Gateway API policy + attachment." + properties: + group: + description: Group is the group of the target resource. + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + description: Kind is kind of the target resource. + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: Name is the name of the target resource. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: Namespace is the namespace of the referent. When + unspecified, the local namespace is inferred. Even when policy + targets a resource in a different namespace, it MUST only apply + to traffic originating from the same namespace as the policy. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - group + - kind + - name + type: object + required: + - policy + - targetRef + type: object status: - description: status describes the current state of an exported service. - Service configuration comes from the Service that had the same name - and namespace as this ServiceExport. Populated by the multi-cluster - service implementation's controller. + default: + conditions: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: NotReconciled + status: Unknown + type: Accepted + description: Status defines the current state of IAMAuthPolicy. properties: conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Accepted + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: "Conditions describe the current conditions of the IAMAuthPolicy. + \n Implementations should prefer to express Policy conditions using + the `PolicyConditionType` and `PolicyConditionReason` constants + so that operators and tools can converge on a common vocabulary + to describe IAMAuthPolicy state. \n Known condition types are: \n + * \"Accepted\" * \"Ready\"" items: description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, - type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: - \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type - \ // +patchStrategy=merge // +listType=map // +listMapKey=type - \ Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" properties: lastTransitionTime: description: lastTransitionTime is the last time the condition @@ -6363,11 +6637,14 @@ spec: - status - type type: object + maxItems: 8 type: array x-kubernetes-list-map-keys: - type x-kubernetes-list-type: map type: object + required: + - spec type: object served: true storage: true @@ -6377,30 +6654,95 @@ spec: apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: serviceimports.multicluster.x-k8s.io + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: serviceexports.application-networking.k8s.aws spec: - group: multicluster.x-k8s.io + group: application-networking.k8s.aws names: - kind: ServiceImport - plural: serviceimports - shortNames: - - svcim - singular: serviceimport + kind: ServiceExport + listKind: ServiceExportList + plural: serviceexports + singular: serviceexport scope: Namespaced versions: - - additionalPrinterColumns: - - description: The type of this ServiceImport - jsonPath: .spec.type - name: Type - type: string - - description: The VIP for this ServiceImport - jsonPath: .spec.ips - name: IP - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ServiceExport declares that the Service with the same name and + namespace as this export should be consumable from other clusters. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: status describes the current state of an exported service. + Service configuration comes from the Service that had the same name + and namespace as this ServiceExport. Populated by the multi-cluster + service implementation's controller. + properties: + conditions: + items: + description: "ServiceExportCondition contains details for the current + condition of this service export. \n Once [KEP-1623](https://github.com/kubernetes/enhancements/tree/master/keps/sig-api-machinery/1623-standardize-conditions) + is implemented, this will be replaced by metav1.Condition." + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: Status is one of {"True", "False", "Unknown"} + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: ServiceExportConditionType identifies a specific + condition. + type: string + required: + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + type: object + served: true + storage: true +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: serviceimports.application-networking.k8s.aws +spec: + group: application-networking.k8s.aws + names: + kind: ServiceImport + listKind: ServiceImportList + plural: serviceimports + singular: serviceimport + scope: Namespaced + versions: + - name: v1alpha1 schema: openAPIV3Schema: description: ServiceImport describes a service imported from clusters in a @@ -6453,6 +6795,7 @@ spec: format: int32 type: integer protocol: + default: TCP description: The IP protocol for this port. Supports "TCP", "UDP", and "SCTP". Default is TCP. type: string @@ -6520,8 +6863,6 @@ spec: type: object served: true storage: true - subresources: - status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -6680,12 +7021,113 @@ spec: required: - targetRef type: object + status: + default: + conditions: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: NotReconciled + status: Unknown + type: Accepted + description: Status defines the current state of TargetGroupPolicy. + properties: + conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Accepted + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Programmed + description: "Conditions describe the current conditions of the TargetGroup. + \n Implementations should prefer to express Policy conditions using + the `PolicyConditionType` and `PolicyConditionReason` constants + so that operators and tools can converge on a common vocabulary + to describe TargetGroup state. \n Known condition types are: \n + * \"Accepted\" * \"Ready\"" + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object required: - spec type: object served: true storage: true - subresources: {} + subresources: + status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -6731,11 +7173,8 @@ spec: properties: associateWithVpc: description: "AssociateWithVpc indicates whether the VpcServiceNetworkAssociation - should be created for the current VPC of k8s cluster. \n Both this - flag and Gateway annotation \"application-networking.k8s.aws/lattice-vpc-association\" - are reserved tentatively for backward compatibility. Either one - of them set to true or both of them undefined will result in the - VpcServiceNetworkAssociation created." + should be created for the current VPC of k8s cluster. \n This value + will be considered true by default." type: boolean securityGroupIds: description: "SecurityGroupIds defines the security groups enforced @@ -6787,12 +7226,102 @@ spec: required: - targetRef type: object + status: + description: VpcAssociationPolicyStatus defines the observed state of + VpcAssociationPolicy. + properties: + conditions: + default: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: Waiting for controller + reason: Pending + status: Unknown + type: Accepted + description: "Conditions describe the current conditions of the VpcAssociationPolicy. + \n Implementations should prefer to express Policy conditions using + the `PolicyConditionType` and `PolicyConditionReason` constants + so that operators and tools can converge on a common vocabulary + to describe VpcAssociationPolicy state. \n Known condition types + are: \n * \"Accepted\"" + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object required: - spec type: object served: true storage: true - subresources: {} + subresources: + status: {} --- apiVersion: v1 kind: ServiceAccount @@ -7014,7 +7543,7 @@ rules: - patch - update - apiGroups: - - multicluster.x-k8s.io + - application-networking.k8s.aws resources: - serviceexports verbs: @@ -7026,13 +7555,13 @@ rules: - update - watch - apiGroups: - - multicluster.x-k8s.io + - application-networking.k8s.aws resources: - serviceexports/finalizers verbs: - update - apiGroups: - - multicluster.x-k8s.io + - application-networking.k8s.aws resources: - serviceexports/status verbs: @@ -7040,7 +7569,7 @@ rules: - patch - update - apiGroups: - - multicluster.x-k8s.io + - application-networking.k8s.aws resources: - serviceimports verbs: @@ -7052,13 +7581,13 @@ rules: - update - watch - apiGroups: - - multicluster.x-k8s.io + - application-networking.k8s.aws resources: - serviceimports/finalizers verbs: - update - apiGroups: - - multicluster.x-k8s.io + - application-networking.k8s.aws resources: - serviceimports/status verbs: @@ -7095,6 +7624,14 @@ rules: - targetgrouppolicies/finalizers verbs: - update +- apiGroups: + - application-networking.k8s.aws + resources: + - targetgrouppolicies/status + verbs: + - get + - patch + - update - apiGroups: - application-networking.k8s.aws resources: @@ -7113,6 +7650,66 @@ rules: - vpcassociationpolicies/finalizers verbs: - update +- apiGroups: + - application-networking.k8s.aws + resources: + - vpcassociationpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - application-networking.k8s.aws + resources: + - accesslogpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - application-networking.k8s.aws + resources: + - accesslogpolicies/finalizers + verbs: + - update +- apiGroups: + - application-networking.k8s.aws + resources: + - accesslogpolicies/status + verbs: + - get + - patch + - update +- apiGroups: + - application-networking.k8s.aws + resources: + - iamauthpolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - application-networking.k8s.aws + resources: + - iamauthpolicies/finalizers + verbs: + - update +- apiGroups: + - application-networking.k8s.aws + resources: + - iamauthpolicies/status + verbs: + - get + - patch + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -7210,7 +7807,7 @@ metadata: name: gateway-api-controller namespace: aws-application-networking-system spec: - replicas: 1 + replicas: 2 selector: matchLabels: control-plane: gateway-api-controller @@ -7239,7 +7836,7 @@ spec: - --leader-elect command: - /manager - image: public.ecr.aws/aws-application-networking-k8s/aws-gateway-controller:v0.0.17 + image: public.ecr.aws/aws-application-networking-k8s/aws-gateway-controller:v1.0.2-rc.1 livenessProbe: httpGet: path: /healthz @@ -7264,7 +7861,7 @@ spec: allowPrivilegeEscalation: false capabilities: drop: - - ALL + - ALL readOnlyRootFilesystem: true securityContext: runAsNonRoot: true diff --git a/helm/Chart.yaml b/helm/Chart.yaml index de4f8cdd..adcf8e6b 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 name: aws-gateway-controller-chart description: A Helm chart for the Gateway Controller for AWS VPC Lattice -version: v1.0.2 -appVersion: v1.0.2 +version: v1.0.2-rc.1 +appVersion: v1.0.2-rc.1 home: https://github.com/aws/aws-application-networking-k8s icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png sources: diff --git a/helm/values.yaml b/helm/values.yaml index 5d48e136..33dda74c 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -4,7 +4,7 @@ image: repository: public.ecr.aws/aws-application-networking-k8s/aws-gateway-controller - tag: v1.0.2 + tag: v1.0.2-rc.1 pullPolicy: IfNotPresent pullSecrets: [] diff --git a/pkg/deploy/lattice/gomock_reflect_1370186657/prog.go b/pkg/deploy/lattice/gomock_reflect_1370186657/prog.go new file mode 100644 index 00000000..1f69b579 --- /dev/null +++ b/pkg/deploy/lattice/gomock_reflect_1370186657/prog.go @@ -0,0 +1,66 @@ + +package main + +import ( + "encoding/gob" + "flag" + "fmt" + "os" + "path" + "reflect" + + "github.com/golang/mock/mockgen/model" + + pkg_ "github.com/aws/aws-application-networking-k8s/pkg/deploy/lattice" +) + +var output = flag.String("output", "", "The output file name, or empty to use stdout.") + +func main() { + flag.Parse() + + its := []struct{ + sym string + typ reflect.Type + }{ + + { "RuleManager", reflect.TypeOf((*pkg_.RuleManager)(nil)).Elem()}, + + } + pkg := &model.Package{ + // NOTE: This behaves contrary to documented behaviour if the + // package name is not the final component of the import path. + // The reflect package doesn't expose the package name, though. + Name: path.Base("github.com/aws/aws-application-networking-k8s/pkg/deploy/lattice"), + } + + for _, it := range its { + intf, err := model.InterfaceFromInterfaceType(it.typ) + if err != nil { + fmt.Fprintf(os.Stderr, "Reflection: %v\n", err) + os.Exit(1) + } + intf.Name = it.sym + pkg.Interfaces = append(pkg.Interfaces, intf) + } + + outfile := os.Stdout + if len(*output) != 0 { + var err error + outfile, err = os.Create(*output) + if err != nil { + fmt.Fprintf(os.Stderr, "failed to open output file %q", *output) + } + defer func() { + if err := outfile.Close(); err != nil { + fmt.Fprintf(os.Stderr, "failed to close output file %q", *output) + os.Exit(1) + } + }() + } + + if err := gob.NewEncoder(outfile).Encode(pkg); err != nil { + fmt.Fprintf(os.Stderr, "gob encode: %v\n", err) + os.Exit(1) + } +} diff --git a/pkg/deploy/lattice/gomock_reflect_1773572374/prog.go b/pkg/deploy/lattice/gomock_reflect_1773572374/prog.go new file mode 100644 index 00000000..b04b519d --- /dev/null +++ b/pkg/deploy/lattice/gomock_reflect_1773572374/prog.go @@ -0,0 +1,66 @@ + +package main + +import ( + "encoding/gob" + "flag" + "fmt" + "os" + "path" + "reflect" + + "github.com/golang/mock/mockgen/model" + + pkg_ "github.com/aws/aws-application-networking-k8s/pkg/deploy/lattice" +) + +var output = flag.String("output", "", "The output file name, or empty to use stdout.") + +func main() { + flag.Parse() + + its := []struct{ + sym string + typ reflect.Type + }{ + + { "ListenerManager", reflect.TypeOf((*pkg_.ListenerManager)(nil)).Elem()}, + + } + pkg := &model.Package{ + // NOTE: This behaves contrary to documented behaviour if the + // package name is not the final component of the import path. + // The reflect package doesn't expose the package name, though. + Name: path.Base("github.com/aws/aws-application-networking-k8s/pkg/deploy/lattice"), + } + + for _, it := range its { + intf, err := model.InterfaceFromInterfaceType(it.typ) + if err != nil { + fmt.Fprintf(os.Stderr, "Reflection: %v\n", err) + os.Exit(1) + } + intf.Name = it.sym + pkg.Interfaces = append(pkg.Interfaces, intf) + } + + outfile := os.Stdout + if len(*output) != 0 { + var err error + outfile, err = os.Create(*output) + if err != nil { + fmt.Fprintf(os.Stderr, "failed to open output file %q", *output) + } + defer func() { + if err := outfile.Close(); err != nil { + fmt.Fprintf(os.Stderr, "failed to close output file %q", *output) + os.Exit(1) + } + }() + } + + if err := gob.NewEncoder(outfile).Encode(pkg); err != nil { + fmt.Fprintf(os.Stderr, "gob encode: %v\n", err) + os.Exit(1) + } +} diff --git a/pkg/deploy/lattice/gomock_reflect_422563578/prog.go b/pkg/deploy/lattice/gomock_reflect_422563578/prog.go new file mode 100644 index 00000000..1f69b579 --- /dev/null +++ b/pkg/deploy/lattice/gomock_reflect_422563578/prog.go @@ -0,0 +1,66 @@ + +package main + +import ( + "encoding/gob" + "flag" + "fmt" + "os" + "path" + "reflect" + + "github.com/golang/mock/mockgen/model" + + pkg_ "github.com/aws/aws-application-networking-k8s/pkg/deploy/lattice" +) + +var output = flag.String("output", "", "The output file name, or empty to use stdout.") + +func main() { + flag.Parse() + + its := []struct{ + sym string + typ reflect.Type + }{ + + { "RuleManager", reflect.TypeOf((*pkg_.RuleManager)(nil)).Elem()}, + + } + pkg := &model.Package{ + // NOTE: This behaves contrary to documented behaviour if the + // package name is not the final component of the import path. + // The reflect package doesn't expose the package name, though. + Name: path.Base("github.com/aws/aws-application-networking-k8s/pkg/deploy/lattice"), + } + + for _, it := range its { + intf, err := model.InterfaceFromInterfaceType(it.typ) + if err != nil { + fmt.Fprintf(os.Stderr, "Reflection: %v\n", err) + os.Exit(1) + } + intf.Name = it.sym + pkg.Interfaces = append(pkg.Interfaces, intf) + } + + outfile := os.Stdout + if len(*output) != 0 { + var err error + outfile, err = os.Create(*output) + if err != nil { + fmt.Fprintf(os.Stderr, "failed to open output file %q", *output) + } + defer func() { + if err := outfile.Close(); err != nil { + fmt.Fprintf(os.Stderr, "failed to close output file %q", *output) + os.Exit(1) + } + }() + } + + if err := gob.NewEncoder(outfile).Encode(pkg); err != nil { + fmt.Fprintf(os.Stderr, "gob encode: %v\n", err) + os.Exit(1) + } +} diff --git a/pkg/gateway/gomock_reflect_1170795534/prog.go b/pkg/gateway/gomock_reflect_1170795534/prog.go new file mode 100644 index 00000000..57ce5903 --- /dev/null +++ b/pkg/gateway/gomock_reflect_1170795534/prog.go @@ -0,0 +1,68 @@ + +package main + +import ( + "encoding/gob" + "flag" + "fmt" + "os" + "path" + "reflect" + + "github.com/golang/mock/mockgen/model" + + pkg_ "github.com/aws/aws-application-networking-k8s/pkg/gateway" +) + +var output = flag.String("output", "", "The output file name, or empty to use stdout.") + +func main() { + flag.Parse() + + its := []struct{ + sym string + typ reflect.Type + }{ + + { "SvcExportTargetGroupModelBuilder", reflect.TypeOf((*pkg_.SvcExportTargetGroupModelBuilder)(nil)).Elem()}, + + { "BackendRefTargetGroupModelBuilder", reflect.TypeOf((*pkg_.BackendRefTargetGroupModelBuilder)(nil)).Elem()}, + + } + pkg := &model.Package{ + // NOTE: This behaves contrary to documented behaviour if the + // package name is not the final component of the import path. + // The reflect package doesn't expose the package name, though. + Name: path.Base("github.com/aws/aws-application-networking-k8s/pkg/gateway"), + } + + for _, it := range its { + intf, err := model.InterfaceFromInterfaceType(it.typ) + if err != nil { + fmt.Fprintf(os.Stderr, "Reflection: %v\n", err) + os.Exit(1) + } + intf.Name = it.sym + pkg.Interfaces = append(pkg.Interfaces, intf) + } + + outfile := os.Stdout + if len(*output) != 0 { + var err error + outfile, err = os.Create(*output) + if err != nil { + fmt.Fprintf(os.Stderr, "failed to open output file %q", *output) + } + defer func() { + if err := outfile.Close(); err != nil { + fmt.Fprintf(os.Stderr, "failed to close output file %q", *output) + os.Exit(1) + } + }() + } + + if err := gob.NewEncoder(outfile).Encode(pkg); err != nil { + fmt.Fprintf(os.Stderr, "gob encode: %v\n", err) + os.Exit(1) + } +} diff --git a/scripts/ci-run-e2e-test.sh b/scripts/ci-run-e2e-test.sh new file mode 100644 index 00000000..05b29593 --- /dev/null +++ b/scripts/ci-run-e2e-test.sh @@ -0,0 +1,21 @@ +# Description: This script is used to run e2e tests in CI. + + + + + + + + + + + + + + + + + + + +