From abce31b80e9168122c5a4b8e562f01cd00e42960 Mon Sep 17 00:00:00 2001 From: Le Yao Date: Thu, 14 Jan 2021 04:56:11 +0000 Subject: [PATCH] Register service and applicaion CR to webhook Register new CRs to Webhook Fix some typo errors Signed-off-by: Le Yao Change-Id: I7a0556cf9877769b55f41598cfdca9df182b94d1 --- platform/crd-ctrlr/examples/sdewan-controller.yaml | 142 ++++++++++++++++++++- .../src/api/v1alpha1/bucket_permission_webhook.go | 6 +- .../src/api/v1alpha1/label_validate_webhook.go | 6 +- .../crd-ctrlr/src/config/local/webhook_config.yaml | 4 + .../crd-ctrlr/src/config/webhook/manifests.yaml | 4 + .../src/controllers/cnfservice_controller.go | 10 +- .../controllers/sdewanapplication_controller.go | 2 +- 7 files changed, 163 insertions(+), 11 deletions(-) diff --git a/platform/crd-ctrlr/examples/sdewan-controller.yaml b/platform/crd-ctrlr/examples/sdewan-controller.yaml index a9e8d50..174e1b4 100644 --- a/platform/crd-ctrlr/examples/sdewan-controller.yaml +++ b/platform/crd-ctrlr/examples/sdewan-controller.yaml @@ -20,6 +20,8 @@ spec: plural: cnfservices singular: cnfservice scope: Namespaced + subresources: + status: {} validation: openAPIV3Schema: description: CNFService is the Schema for the cnfservices API @@ -35,12 +37,28 @@ spec: spec: description: CNFServiceSpec defines the desired state of CNFService properties: - foo: - description: Foo is an example field of CNFService. Edit CNFService_types.go to remove/update + dport: + type: string + fullname: + type: string + port: type: string type: object status: - description: CNFServiceStatus defines the observed state of CNFService + description: status subsource used for Sdewan rule CRDs + properties: + appliedGeneration: + format: int64 + type: integer + appliedTime: + format: date-time + type: string + message: + type: string + state: + type: string + required: + - state type: object type: object version: v1alpha1 @@ -1009,6 +1027,100 @@ status: conditions: [] storedVersions: [] --- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.5 + creationTimestamp: null + name: sdewanapplications.batch.sdewan.akraino.org +spec: + group: batch.sdewan.akraino.org + names: + kind: SdewanApplication + listKind: SdewanApplicationList + plural: sdewanapplications + singular: sdewanapplication + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: SdewanApplication is the Schema for the sdewanapplications API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SdewanApplicationSpec defines the desired state of SdewanApplication + properties: + appNamespace: + type: string + podSelector: + description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + type: object + status: + description: status subsource used for Sdewan rule CRDs + properties: + appliedGeneration: + format: int64 + type: integer + appliedTime: + format: date-time + type: string + message: + type: string + state: + type: string + required: + - state + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -1285,6 +1397,26 @@ rules: - get - patch - update +- apiGroups: + - batch.sdewan.akraino.org + resources: + - sdewanapplications + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch.sdewan.akraino.org + resources: + - sdewanapplications/status + verbs: + - get + - patch + - update - apiGroups: - rbac.authorization.k8s.io resources: @@ -1493,6 +1625,8 @@ webhooks: - firewallrules - firewallsnats - firewalldnats + - cnfservice + - sdewanapplication - ipsecproposals - ipsechosts - ipsecsites @@ -1522,6 +1656,8 @@ webhooks: - firewallrules - firewallsnats - firewalldnats + - cnfservice + - sdewanapplication - ipsecproposals - ipsechosts - ipsecsites diff --git a/platform/crd-ctrlr/src/api/v1alpha1/bucket_permission_webhook.go b/platform/crd-ctrlr/src/api/v1alpha1/bucket_permission_webhook.go index 0982260..aeff1f4 100644 --- a/platform/crd-ctrlr/src/api/v1alpha1/bucket_permission_webhook.go +++ b/platform/crd-ctrlr/src/api/v1alpha1/bucket_permission_webhook.go @@ -45,7 +45,7 @@ func SetupBucketPermissionWebhookWithManager(mgr ctrl.Manager) error { return nil } -// +kubebuilder:webhook:path=/validate-sdewan-bucket-permission,mutating=false,failurePolicy=fail,groups="batch.sdewan.akraino.org",resources=mwan3policies;mwan3rules;firewallzones;firewallforwardings;firewallrules;firewallsnats;firewalldnats;ipsecproposals;ipsechosts;ipsecsites,verbs=create;update;delete,versions=v1alpha1,name=validate-sdewan-bucket.akraino.org +// +kubebuilder:webhook:path=/validate-sdewan-bucket-permission,mutating=false,failurePolicy=fail,groups="batch.sdewan.akraino.org",resources=mwan3policies;mwan3rules;firewallzones;firewallforwardings;firewallrules;firewallsnats;firewalldnats;cnfservice;sdewanapplication;ipsecproposals;ipsechosts;ipsecsites,verbs=create;update;delete,versions=v1alpha1,name=validate-sdewan-bucket.akraino.org // bucketPermissionValidator validates Pods type bucketPermissionValidator struct { @@ -103,6 +103,10 @@ func (v *bucketPermissionValidator) Handle(ctx context.Context, req admission.Re obj = &IpsecHost{} case "IpsecSite": obj = &IpsecSite{} + case "CNFService": + obj = &CNFService{} + case "SdewanApplication": + obj = &SdewanApplication{} default: return admission.Errored( http.StatusBadRequest, diff --git a/platform/crd-ctrlr/src/api/v1alpha1/label_validate_webhook.go b/platform/crd-ctrlr/src/api/v1alpha1/label_validate_webhook.go index 9332c87..ac388d9 100644 --- a/platform/crd-ctrlr/src/api/v1alpha1/label_validate_webhook.go +++ b/platform/crd-ctrlr/src/api/v1alpha1/label_validate_webhook.go @@ -42,7 +42,7 @@ func SetupLabelValidateWebhookWithManager(mgr ctrl.Manager) error { return nil } -// +kubebuilder:webhook:path=/validate-label,mutating=false,failurePolicy=fail,groups=apps;batch.sdewan.akraino.org,resources=deployments;mwan3policies;mwan3rules;firewallzones;firewallforwardings;firewallrules;firewallsnats;firewalldnats;ipsecproposals;ipsechosts;ipsecsites,verbs=update,versions=v1;v1alpha1,name=validate-label.akraino.org +// +kubebuilder:webhook:path=/validate-label,mutating=false,failurePolicy=fail,groups=apps;batch.sdewan.akraino.org,resources=deployments;mwan3policies;mwan3rules;firewallzones;firewallforwardings;firewallrules;firewallsnats;firewalldnats;cnfservice;sdewanapplication;ipsecproposals;ipsechosts;ipsecsites,verbs=update,versions=v1;v1alpha1,name=validate-label.akraino.org type labelValidator struct { Client client.Client @@ -74,6 +74,10 @@ func (v *labelValidator) Handle(ctx context.Context, req admission.Request) admi obj = &IpsecHost{} case "IpsecSite": obj = &IpsecSite{} + case "CNFService": + obj = &CNFService{} + case "SdewanApplication": + obj = &SdewanApplication{} default: return admission.Errored( http.StatusBadRequest, diff --git a/platform/crd-ctrlr/src/config/local/webhook_config.yaml b/platform/crd-ctrlr/src/config/local/webhook_config.yaml index d50877b..0da6a92 100644 --- a/platform/crd-ctrlr/src/config/local/webhook_config.yaml +++ b/platform/crd-ctrlr/src/config/local/webhook_config.yaml @@ -31,6 +31,8 @@ webhooks: - ipsechosts - ipsecproposals - ipsecsites + - cnfservice + - sdewanapplication scope: '*' sideEffects: Unknown timeoutSeconds: 30 @@ -62,6 +64,8 @@ webhooks: - firewallzones - ipsechosts - ipsecproposals + - cnfservice + - sdewanapplication scope: '*' sideEffects: Unknown timeoutSeconds: 30 diff --git a/platform/crd-ctrlr/src/config/webhook/manifests.yaml b/platform/crd-ctrlr/src/config/webhook/manifests.yaml index e45e878..c5b1135 100644 --- a/platform/crd-ctrlr/src/config/webhook/manifests.yaml +++ b/platform/crd-ctrlr/src/config/webhook/manifests.yaml @@ -31,6 +31,8 @@ webhooks: - firewallrules - firewallsnats - firewalldnats + - cnfservice + - sdewanapplication - ipsecproposals - ipsechosts - ipsecsites @@ -60,6 +62,8 @@ webhooks: - firewallrules - firewallsnats - firewalldnats + - cnfservice + - sdewanapplication - ipsecproposals - ipsechosts - ipsecsites diff --git a/platform/crd-ctrlr/src/controllers/cnfservice_controller.go b/platform/crd-ctrlr/src/controllers/cnfservice_controller.go index 8967c95..93d8354 100644 --- a/platform/crd-ctrlr/src/controllers/cnfservice_controller.go +++ b/platform/crd-ctrlr/src/controllers/cnfservice_controller.go @@ -122,11 +122,11 @@ func (r *CNFServiceReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). For(&batchv1alpha1.CNFService{}). Watches( - &source.Kind{Type: &appsv1.Deployment{}}, - &handler.EnqueueRequestsFromMapFunc{ - ToRequests: handler.ToRequestsFunc(GetToRequestsFunc(r, &batchv1alpha1.CNFServiceList{})), - }, - Filter). + &source.Kind{Type: &appsv1.Deployment{}}, + &handler.EnqueueRequestsFromMapFunc{ + ToRequests: handler.ToRequestsFunc(GetToRequestsFunc(r, &batchv1alpha1.CNFServiceList{})), + }, + Filter). Watches( &source.Kind{Type: &corev1.Service{}}, &handler.EnqueueRequestsFromMapFunc{ diff --git a/platform/crd-ctrlr/src/controllers/sdewanapplication_controller.go b/platform/crd-ctrlr/src/controllers/sdewanapplication_controller.go index 8be6749..3cc60d3 100644 --- a/platform/crd-ctrlr/src/controllers/sdewanapplication_controller.go +++ b/platform/crd-ctrlr/src/controllers/sdewanapplication_controller.go @@ -48,7 +48,7 @@ type AppCRError struct { Message string } -func (e AppCRError) Error() string { +func (e *AppCRError) Error() string { return fmt.Sprintf("Error Code: %d, Error Message: %s", e.Code, e.Message) } -- 2.16.6