Skip to content

Commit

Permalink
Add Security Group support (#65)
Browse files Browse the repository at this point in the history 
Adds in CRDs and controllers to allow security groups to be managed for an identity.
  • Loading branch information
@nsricardor
nsricardor authored Nov 1, 2024
1 parent 13365e6 commit 204e54a
Show file tree
Hide file tree
Showing 46 changed files with 6,425 additions and 642 deletions.
4 changes: 3 additions & 1 deletion Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,9 @@ REVISION := $(shell git rev-parse HEAD)
CONTROLLERS = \
unikorn-region-controller \
unikorn-identity-controller \
unikorn-physical-network-controller
unikorn-physical-network-controller \
unikorn-security-group-controller \
unikorn-security-group-rule-controller

# Release will do cross compliation of all images for the 'all' target.
# Note we aren't fucking about with docker here because that opens up a
Expand Down
59 changes: 59 additions & 0 deletions charts/region/crds/region.unikorn-cloud.org_openstacksecuritygrouprules.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.1
name: openstacksecuritygrouprules.region.unikorn-cloud.org
spec:
group: region.unikorn-cloud.org
names:
categories:
- unikorn
kind: OpenstackSecurityGroupRule
listKind: OpenstackSecurityGroupRuleList
plural: openstacksecuritygrouprules
singular: openstacksecuritygrouprule
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: OpenstackSecurityGroupRule has no controller, its a database
record of state.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
properties:
securityGroupRuleID:
description: SecurityGroupRuleID is the security group rule ID.
type: string
type: object
status:
type: object
required:
- spec
type: object
served: true
storage: true
subresources: {}
59 changes: 59 additions & 0 deletions charts/region/crds/region.unikorn-cloud.org_openstacksecuritygroups.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.1
name: openstacksecuritygroups.region.unikorn-cloud.org
spec:
group: region.unikorn-cloud.org
names:
categories:
- unikorn
kind: OpenstackSecurityGroup
listKind: OpenstackSecurityGroupList
plural: openstacksecuritygroups
singular: openstacksecuritygroup
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: OpenstackSecurityGroup has no controller, its a database record
of state.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
properties:
securityGroupID:
description: SecurityGroupID is the security group ID.
type: string
type: object
status:
type: object
required:
- spec
type: object
served: true
storage: true
subresources: {}
156 changes: 156 additions & 0 deletions charts/region/crds/region.unikorn-cloud.org_securitygrouprules.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,156 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.1
name: securitygrouprules.region.unikorn-cloud.org
spec:
group: region.unikorn-cloud.org
names:
categories:
- unikorn
kind: SecurityGroupRule
listKind: SecurityGroupRuleList
plural: securitygrouprules
singular: securitygrouprule
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.conditions[?(@.type=="Available")].reason
name: status
type: string
- jsonPath: .metadata.creationTimestamp
name: age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: SecurityGroupRule defines a security group rule beloning to a
security group.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
properties:
cidr:
description: CIDR is the CIDR block to allow traffic from.
pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])\/(?:3[0-2]|[1-2]?[0-9])$
type: string
direction:
description: Direction is the direction of the rule.
enum:
- ingress
- egress
type: string
pause:
description: Pause, if true, will inhibit reconciliation.
type: boolean
port:
description: Port is the port or range of ports.
properties:
number:
description: Number is the port number.
type: integer
range:
description: Range is the port range.
properties:
end:
description: End is the end of the range.
maximum: 65535
type: integer
start:
description: Start is the start of the range.
minimum: 1
type: integer
required:
- end
- start
type: object
type: object
x-kubernetes-validations:
- message: at least one of number or range must be defined
rule: (has(self.number) || has(self.range))
protocol:
description: Protocol is the protocol of the rule.
enum:
- tcp
- udp
type: string
required:
- cidr
- direction
- port
- protocol
type: object
status:
properties:
conditions:
description: Current service state of a security group rule.
items:
description: |-
Condition is a generic condition type for use across all resource types.
It's generic so that the underlying controller-manager functionality can
be shared across all resources.
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status
to another.
format: date-time
type: string
message:
description: Human-readable message indicating details about
last transition.
type: string
reason:
description: Unique, one-word, CamelCase reason for the condition's
last transition.
enum:
- Provisioning
- Provisioned
- Cancelled
- Errored
- Deprovisioning
- Deprovisioned
type: string
status:
description: |-
Status is the status of the condition.
Can be True, False, Unknown.
type: string
type:
description: Type is the type of the condition.
enum:
- Available
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
Loading

0 comments on commit 204e54a

Please sign in to comment.