Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CRD Controller #353

Merged
merged 37 commits into from
Oct 8, 2020
Merged

CRD Controller #353

merged 37 commits into from
Oct 8, 2020

Conversation

lkysow
Copy link
Member

@lkysow lkysow commented Oct 7, 2020

Changes proposed in this PR:

  • Add new commands controller and webhook-cert-manager
  • Add operator-sdk files needed to generate CRDs and controller code

Checklist:

  • Tests added

=> changelog will be added in upcoming PR

  • CHANGELOG entry added (HashiCorp engineers only, community PRs should not add a changelog entry)

alvin-huang and others added 30 commits August 13, 2020 13:39
Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
Merge POC into consul-k8s

Signed-off-by: Ashwin Venkatesh <ashwin@hashicorp.com>
Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
Will create an ACL token for controller. No Consul Enterprise support
right now.
* Support Consul Ent NS's for CRDs
* Add defaults and validation for ServiceDefaults
* Provision webhooks with self-generated certs

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Luke Kysow <lkysow@users.noreply.github.com>
* Ensure system recovers quickly from failures or drift in state

- helm upgrades will cause the caBundle to get reset on the mutating
  webhooks. By "reconciling" the state of the system every second, we
ensure the drift in this state has a minimal impact on the uptime of the
system. it will now verify that the certificates as well as the CA
bundle are "correct" every second and update them if they arent.

* Compare CABundle on webhook with the CA cert on the bundle without
encoding

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
* Also make controller and webhook code generic
* Update to controller-runtime 0.6.3 to fix spurious log error message.
- Pass the path down to the validation methods so they don't need to know
where in the struct they are placed.
- Also use .Index() and .Key() instead of fmt.Sprintf to indicate where
in a slice/map we are.
- if running ent and namespace mirroring is enabled then allow multiple
resources with the same name across namespaces.
- make Validator structs public and remove constructors
- defaults to true
- replaces ENABLE_WEBHOOKS environment variable
Proxy Defaults controller and webhook
* ServiceRouter support

* controllers => controller for logger name
Also, update the version of controller-tools to 0.4.0 to support float types. With this version, we can pass allowDangerousTypes marker to allow CRDs to have float32 types. This comes with a breaking change to CRD and webhook versions, where now we have to explicitly set versions to v1beta1 since controller-tools now defaults to v1.
* Replace reflect.DeepEqual with gocmp.Equal

• go-cmp has a more robust library for compares as it allows ignoring
  unexported fields.
• Replace other usages of reflect.DeepEqual with cmp.Equal
• Remove unnecessary matchesConsul methods
• Restructure MatchesConsul test to test against mismatched type
• Explicitly ignore fields instead of zero-ing them out during a comapare
* Rework Controller Enterprise tests to reduce duplication
* add ci config to pull s3 dev builds for tests

* pick some initial oss/ent hashes of dev builds

* use env var properly

* use the directory flag properly to untar

* use sudo for tar to access /usr/local/bin
* Use metadata field from configEntry to determine if resource is managed in external cluster
* Add tests for controller not updating unowned entries
* Add error message in logs if Consul entry isnt deleted.
* Extract private method to share meta across resources.
Ashwin Venkatesh and others added 5 commits October 5, 2020 14:46
* Add support for L4 service-intentions config entry
* Add -log-level flag to controller
* crds: Add support for L7 intentions

Co-authored-by: Iryna Shustava <iryna@hashicorp.com>
Comment on lines 10 to 11
- CONSUL_VERSION: aa0f5ff839c515aad3baa38c7936b4630263ca89 # Consul's OSS version to use in tests
- CONSUL_ENT_VERSION: 511f5942610bfa3ae53a40ca05db1858b25c2263 # Consul's enterprise version to use in tests
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Todo: we need these to point at 1.9.0 so the controller tests pass.

Ashwin Venkatesh and others added 2 commits October 7, 2020 17:29
Tests will run against more up-to-date master versions
@lkysow lkysow requested review from thisisnotashwin, a team and kschoche and removed request for a team October 8, 2020 15:57
@lkysow lkysow marked this pull request as ready for review October 8, 2020 15:57
Copy link
Contributor

@thisisnotashwin thisisnotashwin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🦊 🐧 This is all approved so who am i to get in the way

Copy link
Contributor

@kschoche kschoche left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excellent work!

@thisisnotashwin thisisnotashwin merged commit 01f62a3 into master Oct 8, 2020
@thisisnotashwin thisisnotashwin deleted the crd-controller-base branch October 8, 2020 18:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants