feat: Add ClusterConfig variable and patch handler (#142)

Author: jimmidyson

.gitignore

@@ -36,3 +36,5 @@ public/
 resources/
 node_modules/
 .hugo_build.lock
+
+/cluster.yaml

.golangci.yml

@@ -81,3 +81,7 @@ issues:
     - source: "^// \\+kubebuilder:"
       linters:
         - lll
+    # Idiomatic to use init functions to register APIs with scheme
+    - path: "api/*"
+      linters:
+        - gochecknoinits

.goreleaser.yml

@@ -28,7 +28,7 @@ gomod:
 
 builds:
   - id: capi-runtime-extensions
-    dir: ./cmd/capi-runtime-extensions
+    dir: ./cmd
     env:
       - CGO_ENABLED=0
     flags:

PROJECT

@@ -7,4 +7,13 @@ layout:
 - go.kubebuilder.io/v4
 projectName: capi-runtime-extensions
 repo: github.com/d2iq-labs/capi-runtime-extensions
+resources:
+- api:
+    crdVersion: v1
+    namespaced: true
+  domain: labs.d2iq.io
+  group: capiext.labs.d2iq.io
+  kind: ClusterConfig
+  path: github.com/d2iq-labs/capi-runtime-extensions/api/v1alpha1
+  version: v1alpha1
 version: "3"

api/v1alpha1/clusterconfig_types.go

@@ -0,0 +1,111 @@
+// Copyright 2023 D2iQ, Inc. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
+
+	"github.com/d2iq-labs/capi-runtime-extensions/common/pkg/openapi/patterns"
+)
+
+//+kubebuilder:object:root=true
+
+// ClusterConfig is the Schema for the clusterconfigs API.
+type ClusterConfig struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec ClusterConfigSpec `json:"spec,omitempty"`
+}
+
+// ClusterConfigSpec defines the desired state of ClusterConfig.
+type ClusterConfigSpec struct {
+	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+
+	// +optional
+	Proxy *HTTPProxy `json:"proxy,omitempty"`
+
+	// +optional
+	ExtraAPIServerCertSANs ExtraAPIServerCertSANs `json:"extraAPIServerCertSANs,omitempty"`
+}
+
+func (ClusterConfigSpec) VariableSchema() clusterv1.VariableSchema {
+	return clusterv1.VariableSchema{
+		OpenAPIV3Schema: clusterv1.JSONSchemaProps{
+			Description: "Cluster configuration",
+			Type:        "object",
+			Properties: map[string]clusterv1.JSONSchemaProps{
+				"proxy":                  HTTPProxy{}.VariableSchema().OpenAPIV3Schema,
+				"extraAPIServerCertSANs": ExtraAPIServerCertSANs{}.VariableSchema().OpenAPIV3Schema,
+			},
+		},
+	}
+}
+
+// HTTPProxy required for providing proxy configuration.
+type HTTPProxy struct {
+	// HTTP proxy.
+	HTTP string `json:"http,omitempty"`
+
+	// HTTPS proxy.
+	HTTPS string `json:"https,omitempty"`
+
+	// AdditionalNo Proxy list that will be added to the automatically calculated
+	// values that will apply no_proxy configuration for cluster internal network.
+	// Default values: localhost,127.0.0.1,<POD_NETWORK>,<SERVICE_NETWORK>,kubernetes
+	//   ,kubernetes.default,.svc,.svc.<SERVICE_DOMAIN>
+	AdditionalNo []string `json:"additionalNo"`
+}
+
+func (HTTPProxy) VariableSchema() clusterv1.VariableSchema {
+	return clusterv1.VariableSchema{
+		OpenAPIV3Schema: clusterv1.JSONSchemaProps{
+			Type: "object",
+			Properties: map[string]clusterv1.JSONSchemaProps{
+				"http": {
+					Description: "HTTP proxy value.",
+					Type:        "string",
+				},
+				"https": {
+					Description: "HTTPS proxy value.",
+					Type:        "string",
+				},
+				"additionalNo": {
+					Description: "Additional No Proxy list that will be added to the automatically calculated " +
+						"values required for cluster internal network. " +
+						"Default value: localhost,127.0.0.1,<POD_NETWORK>,<SERVICE_NETWORK>,kubernetes," +
+						"kubernetes.default,.svc,.svc.<SERVICE_DOMAIN>",
+					Type: "array",
+					Items: &clusterv1.JSONSchemaProps{
+						Type: "string",
+					},
+				},
+			},
+		},
+	}
+}
+
+// ExtraAPIServerCertSANs required for providing API server cert SANs.
+type ExtraAPIServerCertSANs []string
+
+func (ExtraAPIServerCertSANs) VariableSchema() clusterv1.VariableSchema {
+	return clusterv1.VariableSchema{
+		OpenAPIV3Schema: clusterv1.JSONSchemaProps{
+			Description: "Extra Subject Alternative Names for the API Server signing cert",
+			Type:        "array",
+			UniqueItems: true,
+			Items: &clusterv1.JSONSchemaProps{
+				Type:    "string",
+				Pattern: patterns.Anchored(patterns.DNS1123Subdomain),
+			},
+		},
+	}
+}
+
+// +kubebuilder:object:root=true
+func init() {
+	SchemeBuilder.Register(&ClusterConfig{})
+}

api/v1alpha1/doc.go

@@ -0,0 +1,11 @@
+// Copyright 2023 D2iQ, Inc. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// Package v1alpha1 contains API Schema definitions for the CAPI extensions v1alpha1 API group
+// +kubebuilder:object:generate=true
+// +groupName=capiext.labs.d2iq.io
+//
+//go:generate -command CTRLGEN controller-gen  paths="./..."
+//go:generate CTRLGEN rbac:headerFile="../../hack/license-header.yaml.txt",roleName=capi-runtime-extensions-manager-role output:rbac:artifacts:config=../../charts/capi-runtime-extensions/templates
+//go:generate CTRLGEN object:headerFile="../../hack/license-header.go.txt" output:object:artifacts:config=/dev/null
+package v1alpha1

api/v1alpha1/groupversion_info.go

@@ -1,19 +1,18 @@
 // Copyright 2023 D2iQ, Inc. All rights reserved.
 // SPDX-License-Identifier: Apache-2.0
 
-// Package v1alpha1 contains API Schema definitions for the CAPI extensions v1alpha1 API group
-// +kubebuilder:object:generate=true
-// +groupName=capiext.labs.d2iq.io
 package v1alpha1
 
 import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"sigs.k8s.io/controller-runtime/pkg/scheme"
 )
 
+const APIGroup = "capiext.labs.d2iq.io"
+
 var (
 	// GroupVersion is group version used to register these objects.
-	GroupVersion = schema.GroupVersion{Group: "capiext.labs.d2iq.io", Version: "v1alpha1"}
+	GroupVersion = schema.GroupVersion{Group: APIGroup, Version: "v1alpha1"}
 
 	// SchemeBuilder is used to add go types to the GroupVersionKind scheme.
 	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

api/v1alpha1/zz_generated.deepcopy.go

@@ -26,7 +26,10 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
 
+	"github.com/d2iq-labs/capi-runtime-extensions/common/pkg/capi/clustertopology/handlers/mutation"
 	"github.com/d2iq-labs/capi-runtime-extensions/common/pkg/server"
+	"github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/auditpolicy"
+	"github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/clusterconfig"
 	"github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/cni/calico"
 	"github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/extraapiservercertsans"
 	"github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/httpproxy"
@@ -130,12 +133,29 @@ func main() {
 
 	runtimeWebhookServer := server.NewServer(
 		runtimeWebhookServerOpts,
+
 		servicelbgc.New(mgr.GetClient()),
+
 		calico.New(mgr.GetClient(), calicoCNIConfig),
+
 		httpproxy.NewVariable(),
-		httpproxy.NewPatch(mgr.GetClient()),
+		httpproxy.NewPatch(mgr.GetClient(), httpproxy.VariableName),
+
 		extraapiservercertsans.NewVariable(),
-		extraapiservercertsans.NewPatch(),
+		extraapiservercertsans.NewPatch(extraapiservercertsans.VariableName),
+
+		auditpolicy.NewPatch(),
+
+		clusterconfig.NewVariable(),
+		mutation.NewMetaGeneratePatchesHandler(
+			"clusterConfigPatch",
+			httpproxy.NewPatch(mgr.GetClient(), clusterconfig.VariableName, httpproxy.VariableName),
+			extraapiservercertsans.NewPatch(
+				clusterconfig.VariableName,
+				extraapiservercertsans.VariableName,
+			),
+			auditpolicy.NewPatch(),
+		),
 	)
 	if err := mgr.Add(runtimeWebhookServer); err != nil {
 		setupLog.Error(err, "unable to add runtime webhook server runnable to controller manager")

cmd/capi-runtime-extensions/main.go renamed to cmd/main.go

@@ -0,0 +1,52 @@
+// Copyright 2023 D2iQ, Inc. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package mutation
+
+import (
+	"context"
+	"strings"
+
+	runtimehooksv1 "sigs.k8s.io/cluster-api/exp/runtime/hooks/api/v1alpha1"
+
+	"github.com/d2iq-labs/capi-runtime-extensions/common/pkg/capi/clustertopology/handlers"
+)
+
+type metaGeneratePatches struct {
+	name            string
+	wrappedHandlers []GeneratePatches
+}
+
+func NewMetaGeneratePatchesHandler(name string, gp ...GeneratePatches) handlers.Named {
+	return metaGeneratePatches{
+		name:            name,
+		wrappedHandlers: gp,
+	}
+}
+
+func (mgp metaGeneratePatches) Name() string {
+	return mgp.name
+}
+
+func (mgp metaGeneratePatches) GeneratePatches(
+	ctx context.Context,
+	req *runtimehooksv1.GeneratePatchesRequest,
+	resp *runtimehooksv1.GeneratePatchesResponse,
+) {
+	for _, h := range mgp.wrappedHandlers {
+		wrappedResp := &runtimehooksv1.GeneratePatchesResponse{}
+		h.GeneratePatches(ctx, req, wrappedResp)
+		resp.Items = append(resp.Items, wrappedResp.Items...)
+		if wrappedResp.Message != "" {
+			resp.Message = strings.TrimPrefix(resp.Message+"\n"+wrappedResp.Message, "\n")
+		}
+		resp.Status = wrappedResp.Status
+		if resp.Status == runtimehooksv1.ResponseStatusFailure {
+			return
+		}
+	}
+
+	if resp.Status == "" {
+		resp.Status = runtimehooksv1.ResponseStatusSuccess
+	}
+}