Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Security Group support #65

Merged
merged 19 commits into from
Nov 1, 2024
Merged

Add Security Group support #65

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
ae224fe
Add security group crd
nsricardor Oct 21, 2024
d9d294a
Add SecurityGroupRuleProtocol validation
nsricardor Oct 21, 2024
75625c5
Update ServerSpec
nsricardor Oct 21, 2024
26b7f16
Security group only
nsricardor Oct 21, 2024
b73d9e8
Merge branch 'main' into feature/add-security-group-crd
nsricardor Oct 21, 2024
530e669
Upddate deepcopy
nsricardor Oct 21, 2024
e0b77b2
Merge branch 'feature/add-security-group-crd' of https://github.com/n…
nsricardor Oct 21, 2024
8f8bfac
Track provisioned rules
nsricardor Oct 22, 2024
d5c554d
Add to schema
nsricardor Oct 22, 2024
a5679fb
Remove reference to gophercloud
nsricardor Oct 23, 2024
7734fc5
Add api and controller
nsricardor Oct 24, 2024
a4b63d4
Fix securityGroupReadSpec issue
nsricardor Oct 24, 2024
da5512a
re-generate go schema
nsricardor Oct 24, 2024
54e2ccd
Split security group rules on its own CRD, controller and api
nsricardor Oct 30, 2024
1afaf73
Remove convertSecurityGroupRuleProtocol
nsricardor Oct 30, 2024
745388b
Update helm chart and add final bits
nsricardor Oct 30, 2024
2a7c130
Cascade security group deletion when identity deleted
nsricardor Oct 30, 2024
02d92ea
Add missing cluster role
nsricardor Nov 1, 2024
06d45e0
Merge branch 'main' into feature/add-security-group-crd
nsricardor Nov 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,9 @@ REVISION := $(shell git rev-parse HEAD)
CONTROLLERS = \
unikorn-region-controller \
unikorn-identity-controller \
unikorn-physical-network-controller
unikorn-physical-network-controller \
unikorn-security-group-controller \
unikorn-security-group-rule-controller

# Release will do cross compliation of all images for the 'all' target.
# Note we aren't fucking about with docker here because that opens up a
Expand Down
59 changes: 59 additions & 0 deletions charts/region/crds/region.unikorn-cloud.org_openstacksecuritygrouprules.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.1
name: openstacksecuritygrouprules.region.unikorn-cloud.org
spec:
group: region.unikorn-cloud.org
names:
categories:
- unikorn
kind: OpenstackSecurityGroupRule
listKind: OpenstackSecurityGroupRuleList
plural: openstacksecuritygrouprules
singular: openstacksecuritygrouprule
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: OpenstackSecurityGroupRule has no controller, its a database
record of state.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
properties:
securityGroupRuleID:
description: SecurityGroupRuleID is the security group rule ID.
type: string
type: object
status:
type: object
required:
- spec
type: object
served: true
storage: true
subresources: {}
59 changes: 59 additions & 0 deletions charts/region/crds/region.unikorn-cloud.org_openstacksecuritygroups.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.1
name: openstacksecuritygroups.region.unikorn-cloud.org
spec:
group: region.unikorn-cloud.org
names:
categories:
- unikorn
kind: OpenstackSecurityGroup
listKind: OpenstackSecurityGroupList
plural: openstacksecuritygroups
singular: openstacksecuritygroup
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.creationTimestamp
name: age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: OpenstackSecurityGroup has no controller, its a database record
of state.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
properties:
securityGroupID:
description: SecurityGroupID is the security group ID.
type: string
type: object
status:
type: object
required:
- spec
type: object
served: true
storage: true
subresources: {}
156 changes: 156 additions & 0 deletions charts/region/crds/region.unikorn-cloud.org_securitygrouprules.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,156 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.1
name: securitygrouprules.region.unikorn-cloud.org
spec:
group: region.unikorn-cloud.org
names:
categories:
- unikorn
kind: SecurityGroupRule
listKind: SecurityGroupRuleList
plural: securitygrouprules
singular: securitygrouprule
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.conditions[?(@.type=="Available")].reason
name: status
type: string
- jsonPath: .metadata.creationTimestamp
name: age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: SecurityGroupRule defines a security group rule beloning to a
security group.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
properties:
cidr:
description: CIDR is the CIDR block to allow traffic from.
pattern: ^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])\/(?:3[0-2]|[1-2]?[0-9])$
type: string
direction:
description: Direction is the direction of the rule.
enum:
- ingress
- egress
type: string
pause:
description: Pause, if true, will inhibit reconciliation.
type: boolean
port:
description: Port is the port or range of ports.
properties:
number:
description: Number is the port number.
type: integer
range:
description: Range is the port range.
properties:
end:
description: End is the end of the range.
maximum: 65535
type: integer
start:
description: Start is the start of the range.
minimum: 1
type: integer
required:
- end
- start
type: object
type: object
x-kubernetes-validations:
- message: at least one of number or range must be defined
rule: (has(self.number) || has(self.range))
protocol:
description: Protocol is the protocol of the rule.
enum:
- tcp
- udp
type: string
required:
- cidr
- direction
- port
- protocol
type: object
status:
properties:
conditions:
description: Current service state of a security group rule.
items:
description: |-
Condition is a generic condition type for use across all resource types.
It's generic so that the underlying controller-manager functionality can
be shared across all resources.
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status
to another.
format: date-time
type: string
message:
description: Human-readable message indicating details about
last transition.
type: string
reason:
description: Unique, one-word, CamelCase reason for the condition's
last transition.
enum:
- Provisioning
- Provisioned
- Cancelled
- Errored
- Deprovisioning
- Deprovisioned
type: string
status:
description: |-
Status is the status of the condition.
Can be True, False, Unknown.
type: string
type:
description: Type is the type of the condition.
enum:
- Available
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
Loading
Loading