feat: setup gatewayclass support

Signed-off-by: STRRL <im@strrl.dev>
STRRL · Sep 8, 2024 · 434bcbc · 434bcbc
1 parent 311f60a
commit 434bcbc
Show file tree

Hide file tree

Showing 10 changed files with 289 additions and 77 deletions.
diff --git a/cmd/cloudflare-tunnel-ingress-controller/main.go b/cmd/cloudflare-tunnel-ingress-controller/main.go
@@ -2,18 +2,22 @@ package main
 
 import (
 	"context"
+	"log"
+	"os"
+	"time"
+
 	cloudflarecontroller "github.com/STRRL/cloudflare-tunnel-ingress-controller/pkg/cloudflare-controller"
 	"github.com/STRRL/cloudflare-tunnel-ingress-controller/pkg/controller"
 	"github.com/cloudflare/cloudflare-go"
 	"github.com/go-logr/logr"
 	"github.com/go-logr/stdr"
 	"github.com/spf13/cobra"
-	"log"
-	"os"
+	"k8s.io/apimachinery/pkg/runtime"
+	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
 	"sigs.k8s.io/controller-runtime/pkg/client/config"
 	crlog "sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
-	"time"
+	gatewayv1 "sigs.k8s.io/gateway-api/apis/v1"
 )
 
 type rootCmdFlags struct {
@@ -72,7 +76,20 @@ func main() {
 				os.Exit(1)
 			}
 
-			mgr, err := manager.New(cfg, manager.Options{})
+			scheme := runtime.NewScheme()
+			err = clientgoscheme.AddToScheme(scheme)
+			if err != nil {
+				logger.Error(err, "unable to add scheme")
+				os.Exit(1)
+			}
+			// append gateway-api scheme
+			err = gatewayv1.AddToScheme(scheme)
+			if err != nil {
+				logger.Error(err, "unable to add gateway-api scheme")
+				os.Exit(1)
+			}
+
+			mgr, err := manager.New(cfg, manager.Options{Scheme: scheme})
 			if err != nil {
 				logger.Error(err, "unable to set up manager")
 				os.Exit(1)
@@ -89,6 +106,11 @@ func main() {
 				return err
 			}
 
+			err = controller.RegisterGatewayClassController(logger, mgr)
+			if err != nil {
+				return err
+			}
+
 			ticker := time.NewTicker(10 * time.Second)
 			done := make(chan struct{})
 			defer close(done)

diff --git a/hack/dev/deployment.yaml b/hack/dev/deployment.yaml
@@ -11,74 +11,6 @@ spec:
   selector:
     app: cloudflare-tunnel-ingress-controller
 ---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: cloudflare-tunnel-ingress-controller
-  labels:
-    app: cloudflare-tunnel-ingress-controller
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - services
-      - endpoints
-      - secrets
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - networking.k8s.io
-    resources:
-      - ingresses
-      - ingressclasses
-    verbs:
-      - get
-      - list
-      - watch
-      - update
-  - apiGroups:
-      - networking.k8s.io
-    resources:
-      - ingresses/status
-    verbs:
-      - update
-  - apiGroups:
-      - apps
-    resources:
-      - deployments
-    verbs:
-      - get
-      - list
-      - watch
-      - update
-      - create
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: cloudflare-tunnel-ingress-controller
-  namespace: cloudflare-tunnel-ingress-controller-dev
-  labels:
-    app: cloudflare-tunnel-ingress-controller
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: cloudflare-tunnel-ingress-controller
-  labels:
-    app: cloudflare-tunnel-ingress-controller
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: cloudflare-tunnel-ingress-controller
-subjects:
-  - name: cloudflare-tunnel-ingress-controller
-    kind: ServiceAccount
-    # hardcoded namespace for dev
-    namespace: cloudflare-tunnel-ingress-controller-dev
----
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -132,4 +64,10 @@ spec:
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.namespace
+            - name: CLOUDFLARED_IMAGE
+              value: "cloudflare/cloudflared:latest"
+            - name: CLOUDFLARED_IMAGE_PULL_POLICY
+              value: "IfNotPresent"
+            - name: CLOUDFLARED_REPLICA_COUNT
+              value: "1"
       serviceAccountName: cloudflare-tunnel-ingress-controller
diff --git a/hack/dev/gatewayclass.yaml b/hack/dev/gatewayclass.yaml
@@ -0,0 +1,6 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: GatewayClass
+metadata:
+  name: cloudflare-tunnel
+spec:
+  controllerName: "strrl.dev/cloudflare-tunnel-gatewayclass-controller"
diff --git a/hack/dev/rbac.yaml b/hack/dev/rbac.yaml
@@ -0,0 +1,79 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cloudflare-tunnel-ingress-controller
+  labels:
+    app: cloudflare-tunnel-ingress-controller
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - services
+      - endpoints
+      - secrets
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses
+      - ingressclasses
+    verbs:
+      - get
+      - list
+      - watch
+      - update
+  - apiGroups:
+      - networking.k8s.io
+    resources:
+      - ingresses/status
+    verbs:
+      - update
+  - apiGroups:
+      - apps
+    resources:
+      - deployments
+    verbs:
+      - get
+      - list
+      - watch
+      - update
+      - create
+  - apiGroups:
+      - gateway.networking.k8s.io
+    resources:
+      - gatewayclasses
+      - gatewayclasses/status
+    verbs:
+      - get
+      - list
+      - watch
+      - update
+      - patch
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: cloudflare-tunnel-ingress-controller
+  namespace: cloudflare-tunnel-ingress-controller-dev
+  labels:
+    app: cloudflare-tunnel-ingress-controller
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: cloudflare-tunnel-ingress-controller
+  labels:
+    app: cloudflare-tunnel-ingress-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cloudflare-tunnel-ingress-controller
+subjects:
+  - name: cloudflare-tunnel-ingress-controller
+    kind: ServiceAccount
+    # hardcoded namespace for dev
+    namespace: cloudflare-tunnel-ingress-controller-dev
diff --git a/helm/cloudflare-tunnel-ingress-controller/templates/clusterrole.yaml b/helm/cloudflare-tunnel-ingress-controller/templates/clusterrole.yaml
@@ -38,4 +38,15 @@ rules:
       - list
       - watch
       - update
-      - create
+      - create
+  - apiGroups:
+      - gateway.networking.k8s.io
+    resources:
+      - gatewayclasses
+      - gatewayclasses/status
+    verbs:
+      - get
+      - list
+      - watch
+      - update
+      - patch
diff --git a/helm/cloudflare-tunnel-ingress-controller/templates/gatewayclass.yaml b/helm/cloudflare-tunnel-ingress-controller/templates/gatewayclass.yaml
@@ -0,0 +1,6 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: GatewayClass
+metadata:
+  name: cloudflare-tunnel
+spec:
+  controllerName: "strrl.dev/cloudflare-tunnel-gatewayclass-controller"
diff --git a/pkg/controller/bootstrap.go b/pkg/controller/bootstrap.go
@@ -6,6 +6,7 @@ import (
 	networkingv1 "k8s.io/api/networking/v1"
 	"sigs.k8s.io/controller-runtime/pkg/builder"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
+	gatewayv1 "sigs.k8s.io/gateway-api/apis/v1"
 )
 
 type IngressControllerOptions struct {
@@ -26,8 +27,18 @@ func RegisterIngressController(logger logr.Logger, mgr manager.Manager, options
 		return err
 	}
 
+	return nil
+}
+
+func RegisterGatewayClassController(logger logr.Logger, mgr manager.Manager) error {
+	controller := NewGatewayClassController(logger.WithName("gatewayclass-controller"), mgr.GetClient())
+	err := builder.
+		ControllerManagedBy(mgr).
+		For(&gatewayv1.GatewayClass{}).
+		Complete(controller)
+
 	if err != nil {
-		logger.WithName("register-controller").Error(err, "could not register ingress class controller")
+		logger.WithName("register-controller").Error(err, "could not register gatewayclass controller")
 		return err
 	}