Skip to content

Commit 679a909

Browse files
authored
Identity Controller Boilerplate (#50)
At present, when provisioning in a cluster, it blocks a long time waiting for OpenStack to do what it needs to do. This has a knock on effect for UX in that said delay is visible in the UI and CLI tools. This lays down the groundwork to make this asychronous so we don't hold up uer interaction, but we do cluster provisioning. This is a template also for phyiscal network provisioning that takes even longer, and causes request timeouts that need to be avoided.
1 parent b4b82f1 commit 679a909

File tree

42 files changed

+1431
-614
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

42 files changed

+1431
-614
lines changed

Makefile

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,8 @@ REVISION := $(shell git rev-parse HEAD)
1111
# for your host's architecture. The latter are going to run in Kubernetes, so
1212
# want to be amd64.
1313
CONTROLLERS = \
14-
unikorn-region-controller
14+
unikorn-region-controller \
15+
unikorn-identity-controller
1516

1617
# Release will do cross compliation of all images for the 'all' target.
1718
# Note we aren't fucking about with docker here because that opens up a

charts/region/Chart.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,8 @@ description: A Helm chart for deploying Unikorn's Region Controller
44

55
type: application
66

7-
version: v0.1.32
8-
appVersion: v0.1.32
7+
version: v0.1.33
8+
appVersion: v0.1.33
99

1010
icon: https://raw.githubusercontent.com/unikorn-cloud/assets/main/images/logos/dark-on-light/icon.png
1111

charts/region/crds/region.unikorn-cloud.org_identities.yaml

Lines changed: 52 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -57,38 +57,9 @@ spec:
5757
spec:
5858
description: IdentitySpec stores any state necessary to manage identity.
5959
properties:
60-
openstack:
61-
description: OpenStack is populated when the provider type is set
62-
to "openstack".
63-
properties:
64-
cloud:
65-
description: Cloud is the cloud name in the cloud config to use.
66-
type: string
67-
cloudConfig:
68-
description: CloudConfig is a client compatible cloud configuration.
69-
format: byte
70-
type: string
71-
password:
72-
description: Password is the login for the user.
73-
type: string
74-
projectID:
75-
description: ProjectID is the ID of the project created for the
76-
identity.
77-
type: string
78-
serverGroupID:
79-
description: ServerGroupID is the ID of the server group created
80-
for the identity.
81-
type: string
82-
userID:
83-
description: UserID is the ID of the user created for the identity.
84-
type: string
85-
required:
86-
- cloud
87-
- cloudConfig
88-
- password
89-
- projectID
90-
- userID
91-
type: object
60+
pause:
61+
description: Pause, if true, will inhibit reconciliation.
62+
type: boolean
9263
provider:
9364
description: Provider defines the provider type.
9465
enum:
@@ -116,11 +87,58 @@ spec:
11687
- provider
11788
type: object
11889
status:
90+
properties:
91+
conditions:
92+
description: Current service state of a cluster manager.
93+
items:
94+
description: |-
95+
Condition is a generic condition type for use across all resource types.
96+
It's generic so that the underlying controller-manager functionality can
97+
be shared across all resources.
98+
properties:
99+
lastTransitionTime:
100+
description: Last time the condition transitioned from one status
101+
to another.
102+
format: date-time
103+
type: string
104+
message:
105+
description: Human-readable message indicating details about
106+
last transition.
107+
type: string
108+
reason:
109+
description: Unique, one-word, CamelCase reason for the condition's
110+
last transition.
111+
enum:
112+
- Provisioning
113+
- Provisioned
114+
- Cancelled
115+
- Errored
116+
- Deprovisioning
117+
- Deprovisioned
118+
type: string
119+
status:
120+
description: |-
121+
Status is the status of the condition.
122+
Can be True, False, Unknown.
123+
type: string
124+
type:
125+
description: Type is the type of the condition.
126+
enum:
127+
- Available
128+
type: string
129+
required:
130+
- lastTransitionTime
131+
- message
132+
- reason
133+
- status
134+
- type
135+
type: object
136+
type: array
119137
type: object
120138
required:
121139
- spec
122-
- status
123140
type: object
124141
served: true
125142
storage: true
126-
subresources: {}
143+
subresources:
144+
status: {}
Lines changed: 87 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,87 @@
1+
---
2+
apiVersion: apiextensions.k8s.io/v1
3+
kind: CustomResourceDefinition
4+
metadata:
5+
annotations:
6+
controller-gen.kubebuilder.io/version: v0.14.0
7+
name: openstackidentities.region.unikorn-cloud.org
8+
spec:
9+
group: region.unikorn-cloud.org
10+
names:
11+
categories:
12+
- unikorn
13+
kind: OpenstackIdentity
14+
listKind: OpenstackIdentityList
15+
plural: openstackidentities
16+
singular: openstackidentity
17+
scope: Namespaced
18+
versions:
19+
- additionalPrinterColumns:
20+
- jsonPath: .spec.provider
21+
name: provider
22+
type: string
23+
- jsonPath: .metadata.creationTimestamp
24+
name: age
25+
type: date
26+
name: v1alpha1
27+
schema:
28+
openAPIV3Schema:
29+
description: OpenstackIdentity has no controller, its a database record of
30+
state.
31+
properties:
32+
apiVersion:
33+
description: |-
34+
APIVersion defines the versioned schema of this representation of an object.
35+
Servers should convert recognized schemas to the latest internal value, and
36+
may reject unrecognized values.
37+
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
38+
type: string
39+
kind:
40+
description: |-
41+
Kind is a string value representing the REST resource this object represents.
42+
Servers may infer this from the endpoint the client submits requests to.
43+
Cannot be updated.
44+
In CamelCase.
45+
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
46+
type: string
47+
metadata:
48+
type: object
49+
spec:
50+
properties:
51+
applicationCredentialID:
52+
description: ApplicationCredentialID is the ID of the user's application
53+
credential.
54+
type: string
55+
applicationCredentialSecret:
56+
description: ApplicationCredentialSecret is the one-time secret for
57+
the application credential.
58+
type: string
59+
cloud:
60+
description: Cloud is the cloud name in the cloud config to use.
61+
type: string
62+
cloudConfig:
63+
description: CloudConfig is a client compatible cloud configuration.
64+
format: byte
65+
type: string
66+
password:
67+
description: Password is the login for the user.
68+
type: string
69+
projectID:
70+
description: ProjectID is the ID of the project created for the identity.
71+
type: string
72+
serverGroupID:
73+
description: ServerGroupID is the ID of the server group created for
74+
the identity.
75+
type: string
76+
userID:
77+
description: UserID is the ID of the user created for the identity.
78+
type: string
79+
type: object
80+
status:
81+
type: object
82+
required:
83+
- spec
84+
type: object
85+
served: true
86+
storage: true
87+
subresources: {}

charts/region/crds/region.unikorn-cloud.org_physicalnetworks.yaml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -85,7 +85,6 @@ spec:
8585
type: object
8686
required:
8787
- spec
88-
- status
8988
type: object
9089
served: true
9190
storage: true

charts/region/templates/_helpers.tpl

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,10 @@ Create the container images
55
{{- .Values.image | default (printf "%s/unikorn-region-controller:%s" (include "unikorn.defaultRepositoryPath" .) (.Values.tag | default .Chart.Version)) }}
66
{{- end }}
77

8+
{{- define "unikorn.identityControllerImage" -}}
9+
{{- .Values.identityController.image | default (printf "%s/unikorn-identity-controller:%s" (include "unikorn.defaultRepositoryPath" .) (.Values.tag | default .Chart.Version)) }}
10+
{{- end }}
11+
812
{{/*
913
Create image pull secrets
1014
*/}}
Lines changed: 47 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,47 @@
1+
apiVersion: rbac.authorization.k8s.io/v1
2+
kind: ClusterRole
3+
metadata:
4+
name: unikorn-identity-controller
5+
labels:
6+
{{- include "unikorn.labels" . | nindent 4 }}
7+
rules:
8+
# Orchestrate Unikorn resources (my job).
9+
- apiGroups:
10+
- region.unikorn-cloud.org
11+
resources:
12+
- identities
13+
verbs:
14+
- list
15+
- watch
16+
- patch
17+
- update
18+
- apiGroups:
19+
- region.unikorn-cloud.org
20+
resources:
21+
- identities/status
22+
verbs:
23+
- update
24+
- apiGroups:
25+
- region.unikorn-cloud.org
26+
resources:
27+
- openstackidentities
28+
verbs:
29+
- list
30+
- watch
31+
- create
32+
- update
33+
- delete
34+
- apiGroups:
35+
- ""
36+
resources:
37+
- secrets
38+
verbs:
39+
- list
40+
- watch
41+
- apiGroups:
42+
- region.unikorn-cloud.org
43+
resources:
44+
- regions
45+
verbs:
46+
- list
47+
- watch
Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
apiVersion: rbac.authorization.k8s.io/v1
2+
kind: ClusterRoleBinding
3+
metadata:
4+
name: unikorn-identity-controller
5+
labels:
6+
{{- include "unikorn.labels" . | nindent 4 }}
7+
subjects:
8+
- kind: ServiceAccount
9+
namespace: {{ .Release.Namespace }}
10+
name: unikorn-identity-controller
11+
roleRef:
12+
apiGroup: rbac.authorization.k8s.io
13+
kind: ClusterRole
14+
name: unikorn-identity-controller
Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
apiVersion: apps/v1
2+
kind: Deployment
3+
metadata:
4+
name: unikorn-identity-controller
5+
labels:
6+
{{- include "unikorn.labels" . | nindent 4 }}
7+
spec:
8+
replicas: 1
9+
selector:
10+
matchLabels:
11+
app: unikorn-identity-controller
12+
template:
13+
metadata:
14+
labels:
15+
app: unikorn-identity-controller
16+
spec:
17+
containers:
18+
- name: unikorn-identity-controller
19+
image: {{ include "unikorn.identityControllerImage" . }}
20+
args:
21+
{{- include "unikorn.otlp.flags" . | nindent 8 }}
22+
ports:
23+
- name: http
24+
containerPort: 6080
25+
- name: prometheus
26+
containerPort: 8080
27+
- name: pprof
28+
containerPort: 6060
29+
resources:
30+
requests:
31+
cpu: "50m"
32+
memory: 50Mi
33+
limits:
34+
cpu: "100m"
35+
memory: 100Mi
36+
securityContext:
37+
readOnlyRootFilesystem: true
38+
serviceAccountName: unikorn-identity-controller
39+
securityContext:
40+
runAsNonRoot: true
Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
apiVersion: rbac.authorization.k8s.io/v1
2+
kind: Role
3+
metadata:
4+
name: unikorn-identity-controller
5+
labels:
6+
{{- include "unikorn.labels" . | nindent 4 }}
7+
rules:
8+
# Controller prerequisites.
9+
- apiGroups:
10+
- coordination.k8s.io
11+
resources:
12+
- leases
13+
verbs:
14+
- create
15+
- get
16+
- update
17+
- apiGroups:
18+
- ""
19+
resources:
20+
- events
21+
verbs:
22+
- create
23+
- update

0 commit comments

Comments
 (0)