Merge pull request #50 from cyclops-k8s/ec-endpointslices

Convert to endpoint slices

Author: EdwardCooke

.config/dotnet-tools.json

@@ -3,7 +3,7 @@
   "isRoot": true,
   "tools": {
     "kubeops.cli": {
-      "version": "10.0.3",
+      "version": "10.3.2",
       "commands": [
         "kubeops"
       ],

.devcontainer/devcontainer.json

@@ -1,42 +1,39 @@
 {
-	"name": "Vecc.K8s.MultiCluster",
-	"image": "mcr.microsoft.com/devcontainers/dotnet:10.0",
-	
-	"features": {
-		"ghcr.io/devcontainers/features/docker-in-docker:2": {
-			"version": "latest",
-			"dockerDashComposeVersion": "v2"
-		},
-		"ghcr.io/devcontainers/features/kubectl-helm-minikube:1": {
-			"version": "latest",
-			"helm": "latest",
-			"minikube": "none"
-		}
-	},
-
-	"customizations": {
-		"vscode": {
-			"extensions": [
-				"editorconfig.editorconfig",
-				"ms-dotnettools.csharp",
-				"ms-dotnettools.csdevkit",
-				"ms-kubernetes-tools.vscode-kubernetes-tools",
-				"ms-azuretools.vscode-docker",
-				"redhat.vscode-yaml"
-			],
-			"settings": {
-				"dotnet.server.useOmnisharp": false
-			}
-		}
-	},
-
-	"forwardPorts": [5000, 5001],
-
-	"postCreateCommand": "sudo apt-get update && sudo apt-get install -y dnsutils kubectx",
-
-	"remoteUser": "vscode",
-
-	"mounts": [
-		"source=${localEnv:HOME}${localEnv:USERPROFILE}/.ssh,target=/home/vscode/.ssh,readonly,type=bind"
-	]
-}
+  "name": "Vecc.K8s.MultiCluster",
+  "image": "mcr.microsoft.com/devcontainers/dotnet:10.0",
+  "features": {
+    "ghcr.io/devcontainers/features/docker-outside-of-docker:1": {
+      "version": "latest",
+      "dockerDashComposeVersion": "v2"
+    },
+    "ghcr.io/devcontainers/features/kubectl-helm-minikube:1": {
+      "version": "latest",
+      "helm": "latest",
+      "minikube": "none"
+    }
+  },
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        "editorconfig.editorconfig",
+        "ms-dotnettools.csharp",
+        "ms-dotnettools.csdevkit",
+        "ms-kubernetes-tools.vscode-kubernetes-tools",
+        "ms-azuretools.vscode-docker",
+        "redhat.vscode-yaml"
+      ],
+      "settings": {
+        "dotnet.server.useOmnisharp": false
+      }
+    }
+  },
+  "forwardPorts": [
+    5000,
+    5001
+  ],
+  "postCreateCommand": "sudo apt-get update && sudo apt-get install -y dnsutils kubectx",
+  "remoteUser": "vscode",
+  "mounts": [
+    "source=${localEnv:HOME}${localEnv:USERPROFILE}/.ssh,target=/home/vscode/.ssh,readonly,type=bind"
+  ]
+}

.gitattributes

@@ -1,3 +1,2 @@
 *.sh text eol=lf
 test/**/* text eol=lf
-*.cs text eol=crlf

Dockerfile

@@ -7,9 +7,13 @@ EXPOSE 80
 FROM mcr.microsoft.com/dotnet/sdk:10.0 AS build
 WORKDIR /src
 COPY ["src/Vecc.K8s.MultiCluster.Api/Vecc.K8s.MultiCluster.Api.csproj", "src/Vecc.K8s.MultiCluster.Api/"]
+COPY ["src/Vecc.K8s.MultiCluster.Api.Tests/Vecc.K8s.MultiCluster.Api.Tests.csproj", "src/Vecc.K8s.MultiCluster.Api.Tests/"]
 RUN dotnet restore "src/Vecc.K8s.MultiCluster.Api/Vecc.K8s.MultiCluster.Api.csproj"
+RUN dotnet restore "src/Vecc.K8s.MultiCluster.Api.Tests/Vecc.K8s.MultiCluster.Api.Tests.csproj"
 COPY . .
 RUN dotnet build "src/Vecc.K8s.MultiCluster.Api/Vecc.K8s.MultiCluster.Api.csproj" -c Release
+RUN dotnet build "src/Vecc.K8s.MultiCluster.Api.Tests/Vecc.K8s.MultiCluster.Api.Tests.csproj" -c Release
+RUN dotnet test "src/Vecc.K8s.MultiCluster.Api.Tests/Vecc.K8s.MultiCluster.Api.Tests.csproj" -c Release --no-build
 
 FROM build AS publish
 RUN dotnet publish "src/Vecc.K8s.MultiCluster.Api/Vecc.K8s.MultiCluster.Api.csproj" -c Release -o /app/publish /p:UseAppHost=false

Vecc.K8s.MultiCluster.sln

@@ -1,35 +1,70 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
 # Visual Studio Version 18
-VisualStudioVersion = 18.1.11304.174 d18.0
+VisualStudioVersion = 18.1.11304.174
 MinimumVisualStudioVersion = 10.0.40219.1
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{D2E1A479-9A98-4F6D-934E-645ADA1B62D0}"
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Vecc.K8s.MultiCluster.Api", "src\Vecc.K8s.MultiCluster.Api\Vecc.K8s.MultiCluster.Api.csproj", "{42A2A630-C590-497E-B678-8AC01597644D}"
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Vecc.IngressOperator", "test\ingress-operator\Vecc.IngressOperator.csproj", "{C5D31554-4347-F128-103B-30EE4B035182}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Vecc.K8s.MultiCluster.Api.Tests", "src\Vecc.K8s.MultiCluster.Api.Tests\Vecc.K8s.MultiCluster.Api.Tests.csproj", "{286F8C83-014A-4BD0-8518-51AEB462289D}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
+		Debug|x64 = Debug|x64
+		Debug|x86 = Debug|x86
 		Release|Any CPU = Release|Any CPU
+		Release|x64 = Release|x64
+		Release|x86 = Release|x86
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
 		{42A2A630-C590-497E-B678-8AC01597644D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{42A2A630-C590-497E-B678-8AC01597644D}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{42A2A630-C590-497E-B678-8AC01597644D}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{42A2A630-C590-497E-B678-8AC01597644D}.Debug|x64.Build.0 = Debug|Any CPU
+		{42A2A630-C590-497E-B678-8AC01597644D}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{42A2A630-C590-497E-B678-8AC01597644D}.Debug|x86.Build.0 = Debug|Any CPU
 		{42A2A630-C590-497E-B678-8AC01597644D}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{42A2A630-C590-497E-B678-8AC01597644D}.Release|Any CPU.Build.0 = Release|Any CPU
+		{42A2A630-C590-497E-B678-8AC01597644D}.Release|x64.ActiveCfg = Release|Any CPU
+		{42A2A630-C590-497E-B678-8AC01597644D}.Release|x64.Build.0 = Release|Any CPU
+		{42A2A630-C590-497E-B678-8AC01597644D}.Release|x86.ActiveCfg = Release|Any CPU
+		{42A2A630-C590-497E-B678-8AC01597644D}.Release|x86.Build.0 = Release|Any CPU
 		{C5D31554-4347-F128-103B-30EE4B035182}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{C5D31554-4347-F128-103B-30EE4B035182}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{C5D31554-4347-F128-103B-30EE4B035182}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{C5D31554-4347-F128-103B-30EE4B035182}.Debug|x64.Build.0 = Debug|Any CPU
+		{C5D31554-4347-F128-103B-30EE4B035182}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{C5D31554-4347-F128-103B-30EE4B035182}.Debug|x86.Build.0 = Debug|Any CPU
 		{C5D31554-4347-F128-103B-30EE4B035182}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{C5D31554-4347-F128-103B-30EE4B035182}.Release|Any CPU.Build.0 = Release|Any CPU
+		{C5D31554-4347-F128-103B-30EE4B035182}.Release|x64.ActiveCfg = Release|Any CPU
+		{C5D31554-4347-F128-103B-30EE4B035182}.Release|x64.Build.0 = Release|Any CPU
+		{C5D31554-4347-F128-103B-30EE4B035182}.Release|x86.ActiveCfg = Release|Any CPU
+		{C5D31554-4347-F128-103B-30EE4B035182}.Release|x86.Build.0 = Release|Any CPU
+		{286F8C83-014A-4BD0-8518-51AEB462289D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{286F8C83-014A-4BD0-8518-51AEB462289D}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{286F8C83-014A-4BD0-8518-51AEB462289D}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{286F8C83-014A-4BD0-8518-51AEB462289D}.Debug|x64.Build.0 = Debug|Any CPU
+		{286F8C83-014A-4BD0-8518-51AEB462289D}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{286F8C83-014A-4BD0-8518-51AEB462289D}.Debug|x86.Build.0 = Debug|Any CPU
+		{286F8C83-014A-4BD0-8518-51AEB462289D}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{286F8C83-014A-4BD0-8518-51AEB462289D}.Release|Any CPU.Build.0 = Release|Any CPU
+		{286F8C83-014A-4BD0-8518-51AEB462289D}.Release|x64.ActiveCfg = Release|Any CPU
+		{286F8C83-014A-4BD0-8518-51AEB462289D}.Release|x64.Build.0 = Release|Any CPU
+		{286F8C83-014A-4BD0-8518-51AEB462289D}.Release|x86.ActiveCfg = Release|Any CPU
+		{286F8C83-014A-4BD0-8518-51AEB462289D}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
 	EndGlobalSection
 	GlobalSection(NestedProjects) = preSolution
 		{42A2A630-C590-497E-B678-8AC01597644D} = {D2E1A479-9A98-4F6D-934E-645ADA1B62D0}
 		{C5D31554-4347-F128-103B-30EE4B035182} = {D2E1A479-9A98-4F6D-934E-645ADA1B62D0}
+		{286F8C83-014A-4BD0-8518-51AEB462289D} = {D2E1A479-9A98-4F6D-934E-645ADA1B62D0}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {7F434610-6131-4036-A349-82A0EC3CA201}

charts/multicluster-ingress/templates/operator-role.yaml

@@ -29,16 +29,29 @@ rules:
   - '*'
 - apiGroups:
   - networking.k8s.io
-  - ""
   resources:
   - ingresses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
   - services
-  - endpoints
   - namespaces
   verbs:
   - get
   - list
   - watch
+- apiGroups:
+  - discovery.k8s.io
+  resources:
+  - endpointslices
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - networking.k8s.io
   resources:

src/Vecc.K8s.MultiCluster.Api.Tests/Controllers/AuthenticationControllerTests.cs

@@ -0,0 +1,177 @@
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Options;
+using Moq;
+using Vecc.K8s.MultiCluster.Api.Controllers;
+using Vecc.K8s.MultiCluster.Api.Models.Api;
+using Vecc.K8s.MultiCluster.Api.Services;
+using Vecc.K8s.MultiCluster.Api.Services.Authentication;
+
+namespace Vecc.K8s.MultiCluster.Api.Tests.Controllers
+{
+    public class AuthenticationControllerTests
+    {
+        private readonly Mock<IOptions<ApiAuthenticationHandlerOptions>> _authOptionsMock;
+        private readonly Mock<IOptions<MultiClusterOptions>> _optionsMock;
+        private readonly ApiAuthenticationHasher _hasher;
+        private readonly AuthenticationController _controller;
+
+        public AuthenticationControllerTests()
+        {
+            _authOptionsMock = new Mock<IOptions<ApiAuthenticationHandlerOptions>>();
+            _optionsMock = new Mock<IOptions<MultiClusterOptions>>();
+
+            var authOptions = new ApiAuthenticationHandlerOptions
+            {
+                ApiKeys = new[]
+                {
+                    new ApiKey { ClusterIdentifier = "cluster1", Key = "key1" }
+                }
+            };
+            _authOptionsMock.Setup(x => x.Value).Returns(authOptions);
+
+            var multiClusterOptions = new MultiClusterOptions
+            {
+                ClusterIdentifier = "local-cluster",
+                ClusterSalt = new byte[] { 1, 2, 3, 4 }
+            };
+            _optionsMock.Setup(x => x.Value).Returns(multiClusterOptions);
+
+            _hasher = new ApiAuthenticationHasher(_optionsMock.Object);
+
+            _controller = new AuthenticationController(_authOptionsMock.Object, _hasher, _optionsMock.Object);
+            _controller.ControllerContext = new ControllerContext
+            {
+                HttpContext = new DefaultHttpContext()
+            };
+            _controller.ControllerContext.HttpContext.Request.Scheme = "https";
+            _controller.ControllerContext.HttpContext.Request.Host = new HostString("test.example.com");
+        }
+
+        [Fact]
+        public async Task Auth_WithIdentifier_UsesProvidedIdentifier()
+        {
+            var result = await _controller.Auth("my-cluster");
+
+            var okResult = Assert.IsType<OkObjectResult>(result.Result);
+            var model = Assert.IsType<NewAuthModel>(okResult.Value);
+            Assert.Contains("my-cluster", model.LocalAuthModel.ConfigMap.ClusterIdentifier);
+        }
+
+        [Fact]
+        public async Task Auth_WithoutIdentifier_GeneratesGuidIdentifier()
+        {
+            var result = await _controller.Auth(null);
+
+            var okResult = Assert.IsType<OkObjectResult>(result.Result);
+            var model = Assert.IsType<NewAuthModel>(okResult.Value);
+            Assert.False(string.IsNullOrWhiteSpace(model.LocalAuthModel.ConfigMap.ClusterIdentifier));
+            Assert.Contains("Authentication__ApiKeys__", model.LocalAuthModel.ConfigMap.ClusterIdentifier);
+        }
+
+        [Fact]
+        public async Task Auth_WithEmptyString_GeneratesGuidIdentifier()
+        {
+            var result = await _controller.Auth("");
+
+            var okResult = Assert.IsType<OkObjectResult>(result.Result);
+            var model = Assert.IsType<NewAuthModel>(okResult.Value);
+            Assert.False(string.IsNullOrWhiteSpace(model.LocalAuthModel.ConfigMap.ClusterIdentifier));
+        }
+
+        [Fact]
+        public async Task Auth_ReturnsCorrectNextIndex_WhenApiKeysExist()
+        {
+            var result = await _controller.Auth("test");
+
+            var okResult = Assert.IsType<OkObjectResult>(result.Result);
+            var model = Assert.IsType<NewAuthModel>(okResult.Value);
+            Assert.StartsWith("Authentication__ApiKeys__1__ClusterIdentifier:", model.LocalAuthModel.ConfigMap.ClusterIdentifier);
+        }
+
+        [Fact]
+        public async Task Auth_ReturnsCorrectNextIndex_WhenNoApiKeysExist()
+        {
+            var emptyAuthOptions = new ApiAuthenticationHandlerOptions { ApiKeys = Array.Empty<ApiKey>() };
+            _authOptionsMock.Setup(x => x.Value).Returns(emptyAuthOptions);
+
+            var controller = new AuthenticationController(_authOptionsMock.Object, _hasher, _optionsMock.Object);
+            controller.ControllerContext = new ControllerContext
+            {
+                HttpContext = new DefaultHttpContext()
+            };
+            controller.ControllerContext.HttpContext.Request.Scheme = "https";
+            controller.ControllerContext.HttpContext.Request.Host = new HostString("test.example.com");
+
+            var result = await controller.Auth("test");
+
+            var okResult = Assert.IsType<OkObjectResult>(result.Result);
+            var model = Assert.IsType<NewAuthModel>(okResult.Value);
+            Assert.StartsWith("Authentication__ApiKeys__0__ClusterIdentifier:", model.LocalAuthModel.ConfigMap.ClusterIdentifier);
+        }
+
+        [Fact]
+        public async Task Auth_ReturnsRemoteAuthModel_WithCorrectClusterIdentifier()
+        {
+            var result = await _controller.Auth("test");
+
+            var okResult = Assert.IsType<OkObjectResult>(result.Result);
+            var model = Assert.IsType<NewAuthModel>(okResult.Value);
+            Assert.Contains("local-cluster", model.RemoteAuthModel.ConfigMap.ClusterIdentifier);
+        }
+
+        [Fact]
+        public async Task Auth_ReturnsRemoteAuthModel_WithCorrectUrl()
+        {
+            var result = await _controller.Auth("test");
+
+            var okResult = Assert.IsType<OkObjectResult>(result.Result);
+            var model = Assert.IsType<NewAuthModel>(okResult.Value);
+            Assert.Contains("https://test.example.com", model.RemoteAuthModel.ConfigMap.Url);
+        }
+
+        [Fact]
+        public async Task Auth_ReturnsLocalSecretHash_NonEmpty()
+        {
+            var result = await _controller.Auth("test");
+
+            var okResult = Assert.IsType<OkObjectResult>(result.Result);
+            var model = Assert.IsType<NewAuthModel>(okResult.Value);
+            Assert.False(string.IsNullOrWhiteSpace(model.LocalAuthModel.Secret.Hash));
+            Assert.StartsWith("Authentication__ApiKeys__", model.LocalAuthModel.Secret.Hash);
+        }
+
+        [Fact]
+        public async Task Auth_ReturnsRemoteSecretKey_NonEmpty()
+        {
+            var result = await _controller.Auth("test");
+
+            var okResult = Assert.IsType<OkObjectResult>(result.Result);
+            var model = Assert.IsType<NewAuthModel>(okResult.Value);
+            Assert.False(string.IsNullOrWhiteSpace(model.RemoteAuthModel.Secret.Key));
+            Assert.StartsWith("Peers__0__Key:", model.RemoteAuthModel.Secret.Key);
+        }
+
+        [Fact]
+        public async Task Salt_ReturnsOkResult_WithSaltModel()
+        {
+            var result = await _controller.Salt();
+
+            var okResult = Assert.IsType<OkObjectResult>(result.Result);
+            var model = Assert.IsType<NewSaltModel>(okResult.Value);
+            Assert.StartsWith("ClusterSalt:", model.Salt);
+        }
+
+        [Fact]
+        public async Task Salt_ReturnsSaltWithBase64Value()
+        {
+            var result = await _controller.Salt();
+
+            var okResult = Assert.IsType<OkObjectResult>(result.Result);
+            var model = Assert.IsType<NewSaltModel>(okResult.Value);
+            var saltValue = model.Salt.Replace("ClusterSalt: ", "");
+            var exception = Record.Exception(() => Convert.FromBase64String(saltValue));
+            Assert.Null(exception);
+        }
+    }
+}