Skip to content

Commit

Permalink
L7 CRDs (#3019)
Browse files Browse the repository at this point in the history
* Create sub-folders for auth and mesh
* Support CRDs for L7 mesh

- TCPRoute
- HTTPRoute
- GRPCRoute
- ProxyConfiguration

Update TrafficPermissions to embed proto type directly.
  • Loading branch information
Ashwin Venkatesh authored Oct 16, 2023
1 parent 0b6d4eb commit f4ccbaa
Show file tree
Hide file tree
Showing 132 changed files with 13,781 additions and 4,410 deletions.
14 changes: 9 additions & 5 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@ gen-helm-docs: ## Generate Helm reference docs from values.yaml and update Consu
copy-crds-to-chart: ## Copy generated CRD YAML into charts/consul. Usage: make copy-crds-to-chart
@cd hack/copy-crds-to-chart; go run ./...

camel-crds: ## Convert snake_case keys in yaml to camelCase. Usage: make camel-crds
@cd hack/camel-crds; go run ./...

generate-external-crds: ## Generate CRDs for externally defined CRDs and copy them to charts/consul. Usage: make generate-external-crds
@cd ./control-plane/config/crd/external; \
kustomize build | yq --split-exp '.metadata.name + ".yaml"' --no-doc
Expand Down Expand Up @@ -174,6 +177,7 @@ lint: cni-plugin-lint ## Run linter in the control-plane, cli, and acceptance di
ctrl-manifests: get-controller-gen ## Generate CRD manifests.
make ensure-controller-gen-version
cd control-plane; $(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
make camel-crds
make copy-crds-to-chart
make generate-external-crds
make add-copyright-header
Expand All @@ -185,17 +189,17 @@ ifeq (, $(shell which controller-gen))
CONTROLLER_GEN_TMP_DIR=$$(mktemp -d) ;\
cd $$CONTROLLER_GEN_TMP_DIR ;\
go mod init tmp ;\
go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.8.0 ;\
go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.12.1 ;\
rm -rf $$CONTROLLER_GEN_TMP_DIR ;\
}
CONTROLLER_GEN=$(shell go env GOPATH)/bin/controller-gen
else
CONTROLLER_GEN=$(shell which controller-gen)
endif

ensure-controller-gen-version: ## Ensure controller-gen version is v0.8.0.
ifeq (, $(shell $(CONTROLLER_GEN) --version | grep v0.8.0))
@echo "controller-gen version is not v0.8.0, uninstall the binary and install the correct version with 'make get-controller-gen'."
ensure-controller-gen-version: ## Ensure controller-gen version is v0.12.1.
ifeq (, $(shell $(CONTROLLER_GEN) --version | grep v0.12.1))
@echo "controller-gen version is not v0.12.1, uninstall the binary and install the correct version with 'make get-controller-gen'."
@echo "Found version: $(shell $(CONTROLLER_GEN) --version)"
@exit 1
else
Expand Down Expand Up @@ -314,4 +318,4 @@ DOCKER_HUB_USER=$(shell cat $(HOME)/.dockerhub)
GIT_COMMIT?=$(shell git rev-parse --short HEAD)
GIT_DIRTY?=$(shell test -n "`git status --porcelain`" && echo "+CHANGES" || true)
GIT_DESCRIBE?=$(shell git describe --tags --always)
CRD_OPTIONS ?= "crd:allowDangerousTypes=true"
CRD_OPTIONS ?= "crd:ignoreUnexportedFields=true,allowDangerousTypes=true"
3 changes: 3 additions & 0 deletions acceptance/tests/cloud/load/remote.go
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0

package load

import (
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ metadata:
spec:
destination:
identityName: multiport
action: allow
action: ACTION_ALLOW
permissions:
- sources:
- identityName: static-client
Original file line number Diff line number Diff line change
Expand Up @@ -6,4 +6,4 @@ kind: TrafficPermissions
metadata:
name: client-to-server
spec:
action: deny
action: ACTION_DENY
26 changes: 26 additions & 0 deletions charts/consul/templates/connect-inject-clusterrole.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,32 @@ rules:
- get
- patch
- update
- apiGroups:
- mesh.consul.hashicorp.com
resources:
- grpcroutes
- httproutes
- tcproutes
- proxyconfigurations
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- mesh.consul.hashicorp.com
resources:
- grpcroutes/status
- httproutes/status
- tcproutes/status
- proxyconfigurations/status
verbs:
- get
- patch
- update
{{- end }}
- apiGroups: [ "" ]
resources: [ "secrets", "serviceaccounts", "endpoints", "services", "namespaces", "nodes" ]
Expand Down
12 changes: 2 additions & 10 deletions charts/consul/templates/crd-controlplanerequestlimits.yaml
Original file line number Diff line number Diff line change
@@ -1,18 +1,16 @@
{{- if .Values.connectInject.enabled }}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: controlplanerequestlimits.consul.hashicorp.com
controller-gen.kubebuilder.io/version: v0.12.1
labels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
component: crd
name: controlplanerequestlimits.consul.hashicorp.com
spec:
group: consul.hashicorp.com
names:
Expand Down Expand Up @@ -194,10 +192,4 @@ spec:
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
{{- end }}
12 changes: 2 additions & 10 deletions charts/consul/templates/crd-exportedservices.yaml
Original file line number Diff line number Diff line change
@@ -1,18 +1,16 @@
{{- if .Values.connectInject.enabled }}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: exportedservices.consul.hashicorp.com
controller-gen.kubebuilder.io/version: v0.12.1
labels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
component: crd
name: exportedservices.consul.hashicorp.com
spec:
group: consul.hashicorp.com
names:
Expand Down Expand Up @@ -138,10 +136,4 @@ spec:
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
{{- end }}
12 changes: 2 additions & 10 deletions charts/consul/templates/crd-gatewayclassconfigs.yaml
Original file line number Diff line number Diff line change
@@ -1,18 +1,16 @@
{{- if .Values.connectInject.enabled }}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: gatewayclassconfigs.consul.hashicorp.com
controller-gen.kubebuilder.io/version: v0.12.1
labels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
component: crd
name: gatewayclassconfigs.consul.hashicorp.com
spec:
group: consul.hashicorp.com
names:
Expand Down Expand Up @@ -200,10 +198,4 @@ spec:
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
{{- end }}
12 changes: 2 additions & 10 deletions charts/consul/templates/crd-gatewaypolicies.yaml
Original file line number Diff line number Diff line change
@@ -1,18 +1,16 @@
{{- if .Values.connectInject.enabled }}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
name: gatewaypolicies.consul.hashicorp.com
controller-gen.kubebuilder.io/version: v0.12.1
labels:
app: {{ template "consul.name" . }}
chart: {{ template "consul.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
component: crd
name: gatewaypolicies.consul.hashicorp.com
spec:
group: consul.hashicorp.com
names:
Expand Down Expand Up @@ -281,10 +279,4 @@ spec:
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
{{- end }}
File renamed without changes.
Loading

0 comments on commit f4ccbaa

Please sign in to comment.