Skip to content

Commit

Permalink
api: add NetworkFenceClass CRD
Browse files Browse the repository at this point in the history
adding NetworkFenceClass which is
going to be used to get the client
details to be fenced.

The controller will watch for the NetworkFenceClass
CR and sends a periodic request to all
the sidecars registered with the matching
driver name that registered the
GET_CLIENTS_TO_FENCE caps to get the client
details, once the controller gets the client
details its going to update the CSIAddonsNode
object status with the client information that
can be used to do Network fencing and unfencing.

Signed-off-by: Madhu Rajanna <[email protected]>
  • Loading branch information
Madhu-1 committed Nov 5, 2024
1 parent 56db575 commit 1b2121e
Show file tree
Hide file tree
Showing 17 changed files with 596 additions and 0 deletions.
8 changes: 8 additions & 0 deletions PROJECT
Original file line number Diff line number Diff line change
Expand Up @@ -105,4 +105,12 @@ resources:
kind: EncryptionKeyRotationCronJob
path: github.com/csi-addons/kubernetes-csi-addons/api/csiaddons/v1alpha1
version: v1alpha1
- api:
crdVersion: v1
controller: true
domain: openshift.io
group: csiaddons
kind: NetworkFenceClass
path: github.com/csi-addons/kubernetes-csi-addons/api/csiaddons/v1alpha1
version: v1alpha1
version: "3"
67 changes: 67 additions & 0 deletions api/csiaddons/v1alpha1/networkfenceclass_types.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
/*
Copyright 2022 The Kubernetes-CSI-Addons Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package v1alpha1

import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

// NetworkFenceClassSpec specifies parameters that an underlying storage system uses
// to get client for network fencing. Upon creating a NetworkFenceClass object, a RPC will be set
// to the storage system that matches the provisioner to get the client for network fencing.
// +kubebuilder:validation:XValidation:rule="has(self.parameters) == has(oldSelf.parameters)",message="parameters are immutable"
type NetworkFenceClassSpec struct {
// Provisioner is the name of storage provisioner
// +kubebuilder:validation:Required
// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="provisioner is immutable"
Provisioner string `json:"provisioner"`
// Parameters is a key-value map with storage provisioner specific configurations for
// creating volume replicas
// +kubebuilder:validation:Optional
// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="parameters are immutable"
Parameters map[string]string `json:"parameters,omitempty"`
}

// NetworkFenceClassStatus defines the observed state of NetworkFenceClass
type NetworkFenceClassStatus struct {
}

//+kubebuilder:object:root=true
//+kubebuilder:subresource:status
//+kubebuilder:resource:scope=Cluster

// NetworkFenceClass is the Schema for the networkfenceclasses API
type NetworkFenceClass struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`

Spec NetworkFenceClassSpec `json:"spec,omitempty"`
Status NetworkFenceClassStatus `json:"status,omitempty"`
}

//+kubebuilder:object:root=true

// NetworkFenceClassList contains a list of NetworkFenceClass
type NetworkFenceClassList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []NetworkFenceClass `json:"items"`
}

func init() {
SchemeBuilder.Register(&NetworkFenceClass{}, &NetworkFenceClassList{})
}
96 changes: 96 additions & 0 deletions api/csiaddons/v1alpha1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 8 additions & 0 deletions cmd/manager/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -234,6 +234,14 @@ func main() {
setupLog.Error(err, "unable to create controller", "controller", "EncryptionKeyRotationCronJob")
os.Exit(1)
}

if err = (&controllers.NetworkFenceClassReconciler{
Client: mgr.GetClient(),
Scheme: mgr.GetScheme(),
}).SetupWithManager(mgr); err != nil {
setupLog.Error(err, "unable to create controller", "controller", "NetworkFenceClass")
os.Exit(1)
}
//+kubebuilder:scaffold:builder

if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {
Expand Down
74 changes: 74 additions & 0 deletions config/crd/bases/csiaddons.openshift.io_networkfenceclasses.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
name: networkfenceclasses.csiaddons.openshift.io
spec:
group: csiaddons.openshift.io
names:
kind: NetworkFenceClass
listKind: NetworkFenceClassList
plural: networkfenceclasses
singular: networkfenceclass
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: NetworkFenceClass is the Schema for the networkfenceclasses API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: |-
NetworkFenceClassSpec specifies parameters that an underlying storage system uses
to get client for network fencing. Upon creating a NetworkFenceClass object, a RPC will be set
to the storage system that matches the provisioner to get the client for network fencing.
properties:
parameters:
additionalProperties:
type: string
description: |-
Parameters is a key-value map with storage provisioner specific configurations for
creating volume replicas
type: object
x-kubernetes-validations:
- message: parameters are immutable
rule: self == oldSelf
provisioner:
description: Provisioner is the name of storage provisioner
type: string
x-kubernetes-validations:
- message: provisioner is immutable
rule: self == oldSelf
required:
- provisioner
type: object
x-kubernetes-validations:
- message: parameters are immutable
rule: has(self.parameters) == has(oldSelf.parameters)
status:
description: NetworkFenceClassStatus defines the observed state of NetworkFenceClass
type: object
type: object
served: true
storage: true
subresources:
status: {}
2 changes: 2 additions & 0 deletions config/crd/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ resources:
# yamllint disable-line rule:comments
- bases/csiaddons.openshift.io_encryptionkeyrotationjobs.yaml
- bases/csiaddons.openshift.io_encryptionkeyrotationcronjobs.yaml
- bases/csiaddons.openshift.io_networkfenceclasses.yaml
#+kubebuilder:scaffold:crdkustomizeresource

patchesStrategicMerge:
Expand All @@ -42,6 +43,7 @@ patchesStrategicMerge:
#- patches/cainjection_in_volumegroupreplicationcontents.yaml
#- path: patches/cainjection_in_csiaddons_encryptionkeyrotationjobs.yaml
#- path: patches/cainjection_in_csiaddons_encryptionkeyrotationcronjobs.yaml
#- path: patches/cainjection_in_csiaddons_networkfenceclasses.yaml
#+kubebuilder:scaffold:crdkustomizecainjectionpatch

# the following config is for teaching kustomize how to do kustomization for CRDs.
Expand Down
5 changes: 5 additions & 0 deletions config/manifests/bases/clusterserviceversion.yaml.in
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,11 @@ spec:
kind: VolumeGroupReplicationContent
name: volumegroupreplicationcontents.replication.storage.openshift.io
version: v1alpha1
- description: NetworkFenceClass is the Schema for the networkfenceclasses API
displayName: Network Fence Class
kind: NetworkFenceClass
name: networkfenceclasses.csiaddons.openshift.io
version: v1alpha1
description: CSI Addons provides the CSI Addons Controller that enables advanced
storage operations for CSI-drivers.
displayName: CSI Addons
Expand Down
27 changes: 27 additions & 0 deletions config/rbac/csiaddons_networkfenceclass_editor_role.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
# permissions for end users to edit networkfenceclasses.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: kubernetes-csi-addons
app.kubernetes.io/managed-by: kustomize
name: csiaddons-networkfenceclass-editor-role
rules:
- apiGroups:
- csiaddons.openshift.io
resources:
- networkfenceclasses
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- csiaddons.openshift.io
resources:
- networkfenceclasses/status
verbs:
- get
23 changes: 23 additions & 0 deletions config/rbac/csiaddons_networkfenceclass_viewer_role.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# permissions for end users to view networkfenceclasses.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: kubernetes-csi-addons
app.kubernetes.io/managed-by: kustomize
name: csiaddons-networkfenceclass-viewer-role
rules:
- apiGroups:
- csiaddons.openshift.io
resources:
- networkfenceclasses
verbs:
- get
- list
- watch
- apiGroups:
- csiaddons.openshift.io
resources:
- networkfenceclasses/status
verbs:
- get
2 changes: 2 additions & 0 deletions config/rbac/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,8 @@ resources:
# default, aiding admins in cluster management. Those roles are
# not used by the Project itself. You can comment the following lines
# if you do not want those helpers be installed with your Project.
- csiaddons_networkfenceclass_editor_role.yaml
- csiaddons_networkfenceclass_viewer_role.yaml
# - csiaddons_encryptionkeyrotationcronjob_editor_role.yaml
# - csiaddons_encryptionkeyrotationcronjob_viewer_role.yaml
# - csiaddons_encryptionkeyrotationjob_editor_role.yaml
Expand Down
3 changes: 3 additions & 0 deletions config/rbac/role.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ rules:
- csiaddonsnodes
- encryptionkeyrotationcronjobs
- encryptionkeyrotationjobs
- networkfenceclasses
- networkfences
- reclaimspacecronjobs
- reclaimspacejobs
Expand All @@ -61,6 +62,7 @@ rules:
- csiaddonsnodes/finalizers
- encryptionkeyrotationcronjobs/finalizers
- encryptionkeyrotationjobs/finalizers
- networkfenceclasses/finalizers
- networkfences/finalizers
- reclaimspacecronjobs/finalizers
- reclaimspacejobs/finalizers
Expand All @@ -72,6 +74,7 @@ rules:
- csiaddonsnodes/status
- encryptionkeyrotationcronjobs/status
- encryptionkeyrotationjobs/status
- networkfenceclasses/status
- networkfences/status
- reclaimspacecronjobs/status
- reclaimspacejobs/status
Expand Down
9 changes: 9 additions & 0 deletions config/samples/csiaddons_v1alpha1_networkfenceclass.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
apiVersion: csiaddons.openshift.io/v1alpha1
kind: NetworkFenceClass
metadata:
labels:
app.kubernetes.io/name: kubernetes-csi-addons
app.kubernetes.io/managed-by: kustomize
name: networkfenceclass-sample
spec:
# TODO(user): Add fields here
Loading

0 comments on commit 1b2121e

Please sign in to comment.