csi-addons · mergify · Nov 5, 2024 · Oct 30, 2024
diff --git a/PROJECT b/PROJECT
@@ -105,4 +105,12 @@ resources:
   kind: EncryptionKeyRotationCronJob
   path: github.com/csi-addons/kubernetes-csi-addons/api/csiaddons/v1alpha1
   version: v1alpha1
+- api:
+    crdVersion: v1
+  controller: true
+  domain: openshift.io
+  group: csiaddons
+  kind: NetworkFenceClass
+  path: github.com/csi-addons/kubernetes-csi-addons/api/csiaddons/v1alpha1
+  version: v1alpha1
 version: "3"
diff --git a/api/csiaddons/v1alpha1/networkfenceclass_types.go b/api/csiaddons/v1alpha1/networkfenceclass_types.go
@@ -0,0 +1,67 @@
+/*
+Copyright 2022 The Kubernetes-CSI-Addons Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// NetworkFenceClassSpec specifies parameters that an underlying storage system uses
+// to get client for network fencing. Upon creating a NetworkFenceClass object, a RPC will be set
+// to the storage system that matches the provisioner to get the client for network fencing.
+// +kubebuilder:validation:XValidation:rule="has(self.parameters) == has(oldSelf.parameters)",message="parameters are immutable"
+type NetworkFenceClassSpec struct {
+	// Provisioner is the name of storage provisioner
+	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="provisioner is immutable"
+	Provisioner string `json:"provisioner"`
+	// Parameters is a key-value map with storage provisioner specific configurations for
+	// creating volume replicas
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="parameters are immutable"
+	Parameters map[string]string `json:"parameters,omitempty"`
+}
+
+// NetworkFenceClassStatus defines the observed state of NetworkFenceClass
+type NetworkFenceClassStatus struct {
+}
+
+//+kubebuilder:object:root=true
+//+kubebuilder:subresource:status
+//+kubebuilder:resource:scope=Cluster
+
+// NetworkFenceClass is the Schema for the networkfenceclasses API
+type NetworkFenceClass struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   NetworkFenceClassSpec   `json:"spec,omitempty"`
+	Status NetworkFenceClassStatus `json:"status,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+
+// NetworkFenceClassList contains a list of NetworkFenceClass
+type NetworkFenceClassList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []NetworkFenceClass `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&NetworkFenceClass{}, &NetworkFenceClassList{})
+}
diff --git a/api/csiaddons/v1alpha1/zz_generated.deepcopy.go b/api/csiaddons/v1alpha1/zz_generated.deepcopy.go
diff --git a/cmd/manager/main.go b/cmd/manager/main.go
@@ -234,6 +234,14 @@ func main() {
 		setupLog.Error(err, "unable to create controller", "controller", "EncryptionKeyRotationCronJob")
 		os.Exit(1)
 	}
+
+	if err = (&controllers.NetworkFenceClassReconciler{
+		Client: mgr.GetClient(),
+		Scheme: mgr.GetScheme(),
+	}).SetupWithManager(mgr); err != nil {
+		setupLog.Error(err, "unable to create controller", "controller", "NetworkFenceClass")
+		os.Exit(1)
+	}
 	//+kubebuilder:scaffold:builder
 
 	if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {

diff --git a/config/crd/bases/csiaddons.openshift.io_networkfenceclasses.yaml b/config/crd/bases/csiaddons.openshift.io_networkfenceclasses.yaml
@@ -0,0 +1,74 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.16.5
+  name: networkfenceclasses.csiaddons.openshift.io
+spec:
+  group: csiaddons.openshift.io
+  names:
+    kind: NetworkFenceClass
+    listKind: NetworkFenceClassList
+    plural: networkfenceclasses
+    singular: networkfenceclass
+  scope: Cluster
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: NetworkFenceClass is the Schema for the networkfenceclasses API
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: |-
+              NetworkFenceClassSpec specifies parameters that an underlying storage system uses
+              to get client for network fencing. Upon creating a NetworkFenceClass object, a RPC will be set
+              to the storage system that matches the provisioner to get the client for network fencing.
+            properties:
+              parameters:
+                additionalProperties:
+                  type: string
+                description: |-
+                  Parameters is a key-value map with storage provisioner specific configurations for
+                  creating volume replicas
+                type: object
+                x-kubernetes-validations:
+                - message: parameters are immutable
+                  rule: self == oldSelf
+              provisioner:
+                description: Provisioner is the name of storage provisioner
+                type: string
+                x-kubernetes-validations:
+                - message: provisioner is immutable
+                  rule: self == oldSelf
+            required:
+            - provisioner
+            type: object
+            x-kubernetes-validations:
+            - message: parameters are immutable
+              rule: has(self.parameters) == has(oldSelf.parameters)
+          status:
+            description: NetworkFenceClassStatus defines the observed state of NetworkFenceClass
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml
@@ -17,6 +17,7 @@ resources:
 # yamllint disable-line rule:comments
 - bases/csiaddons.openshift.io_encryptionkeyrotationjobs.yaml
 - bases/csiaddons.openshift.io_encryptionkeyrotationcronjobs.yaml
+- bases/csiaddons.openshift.io_networkfenceclasses.yaml
 #+kubebuilder:scaffold:crdkustomizeresource
 
 patchesStrategicMerge:
@@ -42,6 +43,7 @@ patchesStrategicMerge:
 #- patches/cainjection_in_volumegroupreplicationcontents.yaml
 #- path: patches/cainjection_in_csiaddons_encryptionkeyrotationjobs.yaml
 #- path: patches/cainjection_in_csiaddons_encryptionkeyrotationcronjobs.yaml
+#- path: patches/cainjection_in_csiaddons_networkfenceclasses.yaml
 #+kubebuilder:scaffold:crdkustomizecainjectionpatch
 
 # the following config is for teaching kustomize how to do kustomization for CRDs.

diff --git a/config/manifests/bases/clusterserviceversion.yaml.in b/config/manifests/bases/clusterserviceversion.yaml.in
@@ -66,6 +66,11 @@ spec:
       kind: VolumeGroupReplicationContent
       name: volumegroupreplicationcontents.replication.storage.openshift.io
       version: v1alpha1
+    - description: NetworkFenceClass is the Schema for the networkfenceclasses API
+      displayName: Network Fence Class
+      kind: NetworkFenceClass
+      name: networkfenceclasses.csiaddons.openshift.io
+      version: v1alpha1
   description: CSI Addons provides the CSI Addons Controller that enables advanced
     storage operations for CSI-drivers.
   displayName: CSI Addons

diff --git a/config/rbac/csiaddons_networkfenceclass_editor_role.yaml b/config/rbac/csiaddons_networkfenceclass_editor_role.yaml
@@ -0,0 +1,27 @@
+# permissions for end users to edit networkfenceclasses.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: kubernetes-csi-addons
+    app.kubernetes.io/managed-by: kustomize
+  name: csiaddons-networkfenceclass-editor-role
+rules:
+- apiGroups:
+  - csiaddons.openshift.io
+  resources:
+  - networkfenceclasses
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - csiaddons.openshift.io
+  resources:
+  - networkfenceclasses/status
+  verbs:
+  - get
diff --git a/config/rbac/csiaddons_networkfenceclass_viewer_role.yaml b/config/rbac/csiaddons_networkfenceclass_viewer_role.yaml
@@ -0,0 +1,23 @@
+# permissions for end users to view networkfenceclasses.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: kubernetes-csi-addons
+    app.kubernetes.io/managed-by: kustomize
+  name: csiaddons-networkfenceclass-viewer-role
+rules:
+- apiGroups:
+  - csiaddons.openshift.io
+  resources:
+  - networkfenceclasses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - csiaddons.openshift.io
+  resources:
+  - networkfenceclasses/status
+  verbs:
+  - get
diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml
@@ -31,6 +31,8 @@ resources:
 # default, aiding admins in cluster management. Those roles are
 # not used by the Project itself. You can comment the following lines
 # if you do not want those helpers be installed with your Project.
+- csiaddons_networkfenceclass_editor_role.yaml
+- csiaddons_networkfenceclass_viewer_role.yaml
 # - csiaddons_encryptionkeyrotationcronjob_editor_role.yaml
 # - csiaddons_encryptionkeyrotationcronjob_viewer_role.yaml
 # - csiaddons_encryptionkeyrotationjob_editor_role.yaml

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -44,6 +44,7 @@ rules:
   - csiaddonsnodes
   - encryptionkeyrotationcronjobs
   - encryptionkeyrotationjobs
+  - networkfenceclasses
   - networkfences
   - reclaimspacecronjobs
   - reclaimspacejobs
@@ -61,6 +62,7 @@ rules:
   - csiaddonsnodes/finalizers
   - encryptionkeyrotationcronjobs/finalizers
   - encryptionkeyrotationjobs/finalizers
+  - networkfenceclasses/finalizers
   - networkfences/finalizers
   - reclaimspacecronjobs/finalizers
   - reclaimspacejobs/finalizers
@@ -72,6 +74,7 @@ rules:
   - csiaddonsnodes/status
   - encryptionkeyrotationcronjobs/status
   - encryptionkeyrotationjobs/status
+  - networkfenceclasses/status
   - networkfences/status
   - reclaimspacecronjobs/status
   - reclaimspacejobs/status

diff --git a/config/samples/csiaddons_v1alpha1_networkfenceclass.yaml b/config/samples/csiaddons_v1alpha1_networkfenceclass.yaml
@@ -0,0 +1,9 @@
+apiVersion: csiaddons.openshift.io/v1alpha1
+kind: NetworkFenceClass
+metadata:
+  labels:
+    app.kubernetes.io/name: kubernetes-csi-addons
+    app.kubernetes.io/managed-by: kustomize
+  name: networkfenceclass-sample
+spec:
+  # TODO(user): Add fields here