Support OpenShifts ingress controller in Authorization (#554)

* refactor CR and add support for certs, annotations, and ocp for ingress * update types * update ingress and cert yamls for all versions * update controller-gen version and crds * fix yaml formatting errors * create ingress dynamically * create self signed certificates dynamically * encode custom tls cert * update CRs for e2e tests * add unit tests and update versioning to v2.0.0-alpha * update csm controller test * fix formatting, linting, and unit tests * fix linting * fix wording in CR * fix CRs * PR edits * fix formatting
dell · May 10, 2024 · 5d1d151 · 5d1d151
1 parent 45cf827
commit 5d1d151
Show file tree

Hide file tree

Showing 55 changed files with 3,540 additions and 1,929 deletions.
diff --git a/Makefile b/Makefile
@@ -20,8 +20,6 @@ endif
 BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL)
 
 
-# Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
-CRD_OPTIONS ?= "crd:trivialVersions=true,preserveUnknownFields=false"
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
 ENVTEST_K8S_VERSION = 1.25
 
@@ -59,10 +57,10 @@ help: ## Display this help.
 ##@ Development
 
 manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
-	$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook output:crd:artifacts:config=config/crd/bases
+	$(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
 
 generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
-	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt"
+	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
 
 #Generate semver.mk
 gen-semver: generate
@@ -130,10 +128,24 @@ deploy: static-manager ## Deploy controller to the K8s cluster specified in ~/.k
 undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config.
 	$(KUSTOMIZE) build config/default | kubectl delete -f -
 
+##@ Build Dependencies
 
-CONTROLLER_GEN = $(shell pwd)/bin/controller-gen
-controller-gen: ## Download controller-gen locally if necessary.
-	$(call go-get-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen,v0.6.1)
+## Location to install dependencies to
+LOCALBIN ?= $(shell pwd)/bin
+$(LOCALBIN):
+	mkdir -p $(LOCALBIN)
+
+## Tool Binaries
+CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
+
+## Tool Versions
+CONTROLLER_TOOLS_VERSION ?= v0.14.0
+
+.PHONY: controller-gen
+controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten.
+$(CONTROLLER_GEN): $(LOCALBIN)
+	test -s $(LOCALBIN)/controller-gen && $(LOCALBIN)/controller-gen --version | grep -q $(CONTROLLER_TOOLS_VERSION) || \
+	GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_TOOLS_VERSION)
 
 KUSTOMIZE = $(shell pwd)/bin/kustomize
 kustomize: ## Download kustomize locally if necessary.

diff --git a/api/v1/types.go b/api/v1/types.go
@@ -1,4 +1,4 @@
-//  Copyright © 2021 - 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
+//  Copyright © 2021 - 2024 Dell Inc. or its subsidiaries. All Rights Reserved.
 //
 //  Licensed under the Apache License, Version 2.0 (the "License");
 //  you may not use this file except in compliance with the License.
@@ -162,6 +162,10 @@ type Module struct {
 	// +operator-sdk:gen-csv:customresourcedefinitions.specDescriptors=true
 	// +operator-sdk:gen-csv:customresourcedefinitions.specDescriptors.displayName="InitContainer"
 	InitContainer []ContainerTemplate `json:"initContainer,omitempty" yaml:"initContainer"`
+
+	// OpenShift is used to indicate if the Container Platform is OpenShift
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="OpenShift"
+	OpenShift bool `json:"openshift,omitempty" yaml:"openshift,omitempty"`
 }
 
 // PodStatus - Represents PodStatus in a daemonset or deployment
@@ -340,6 +344,18 @@ type ContainerTemplate struct {
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Authorization Opa Kube Management Container Image"
 	OpaKubeMgmt string `json:"opaKubeMgmt,omitempty" yaml:"opaKubeMgmt,omitempty"`
 
+	// Hostname is the authorization proxy server hostname
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Authorization Proxy Server Hostname"
+	Hostname string `json:"hostname,omitempty" yaml:"hostname,omitempty"`
+
+	// ProxyServerIngress is the authorization proxy server ingress configuration
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Authorization Proxy Server ingress configuration"
+	ProxyServerIngress []ProxyServerIngress `json:"proxyServerIngress,omitempty" yaml:"proxyServerIngress,omitempty"`
+
+	// RedisStorageClass is the authorization proxy server redis storage class for persistence
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Authorization Proxy Server Redis storage class"
+	RedisStorageClass string `json:"storageclass,omitempty" yaml:"storageclass,omitempty"`
+
 	// ReplicaCount is the replica count for app mobility
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Application Mobility Replica Count"
 	ReplicaCount string `json:"replicaCount,omitempty" yaml:"replicaCount,omitempty"`
@@ -388,6 +404,21 @@ type SnapshotClass struct {
 	Parameters map[string]string `json:"parameters,omitempty" yaml:"parameters"`
 }
 
+// ProxyServerIngress is the authorization ingress configuration struct
+type ProxyServerIngress struct {
+	// IngressClassName is the ingressClassName
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Authorization Proxy Server Ingress Class Name"
+	IngressClassName string `json:"ingressClassName,omitempty" yaml:"ingressClassName,omitempty"`
+
+	// Hosts is the hosts rules for the ingress
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Authorization Proxy Server Hosts"
+	Hosts []string `json:"hosts,omitempty" yaml:"hosts,omitempty"`
+
+	// Annotations is an unstructured key value map that stores additional annotations for the ingress
+	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Authorization Proxy Server Annotations"
+	Annotations map[string]string `json:"annotations,omitempty" yaml:"annotations,omitempty"`
+}
+
 // CSIDriverSpec struct
 type CSIDriverSpec struct {
 	FSGroupPolicy   string `json:"fSGroupPolicy,omitempty" yaml:"fSGroupPolicy,omitempty"`

diff --git a/api/v1/zz_generated.deepcopy.go b/api/v1/zz_generated.deepcopy.go