Implement ztunnel controller in Sail Operator

This PR implements the ztunnel controller and the associated unit tests in Sail Operator. Related to: #500 Signed-off-by: Sridhar Gaddam <[email protected]>
istio-ecosystem · Dec 6, 2024 · 1464eb2 · 1464eb2
1 parent 02d1c8a
commit 1464eb2
Show file tree

Hide file tree

Showing 8 changed files with 972 additions and 0 deletions.
diff --git a/bundle/manifests/sailoperator.clusterserviceversion.yaml b/bundle/manifests/sailoperator.clusterserviceversion.yaml
@@ -586,6 +586,32 @@ spec:
           - securitycontextconstraints
           verbs:
           - use
+        - apiGroups:
+          - sailoperator.io
+          resources:
+          - ztunnels
+          verbs:
+          - create
+          - delete
+          - get
+          - list
+          - patch
+          - update
+          - watch
+        - apiGroups:
+          - sailoperator.io
+          resources:
+          - ztunnels/finalizers
+          verbs:
+          - update
+        - apiGroups:
+          - sailoperator.io
+          resources:
+          - ztunnels/status
+          verbs:
+          - get
+          - patch
+          - update
         serviceAccountName: sail-operator
       deployments:
       - label:

diff --git a/chart/samples/ambient/istio-sample.yaml b/chart/samples/ambient/istio-sample.yaml
@@ -0,0 +1,14 @@
+apiVersion: sailoperator.io/v1alpha1
+kind: Istio
+metadata:
+  name: default
+spec:
+  version: v1.24.0
+  namespace: istio-system
+  profile: ambient
+  updateStrategy:
+    type: InPlace
+    inactiveRevisionDeletionGracePeriodSeconds: 30
+  values:
+    pilot:
+      trustedZtunnelNamespace: "ztunnel"
diff --git a/chart/samples/ambient/istiocni-sample.yaml b/chart/samples/ambient/istiocni-sample.yaml
@@ -0,0 +1,8 @@
+apiVersion: sailoperator.io/v1alpha1
+kind: IstioCNI
+metadata:
+  name: default
+spec:
+  version: v1.24.0
+  profile: ambient
+  namespace: istio-cni
diff --git a/chart/samples/ambient/istioztunnel-sample.yaml b/chart/samples/ambient/istioztunnel-sample.yaml
@@ -0,0 +1,8 @@
+apiVersion: sailoperator.io/v1alpha1
+kind: ZTunnel
+metadata:
+  name: default
+spec:
+  version: v1.24.0
+  namespace: ztunnel
+  profile: ambient
diff --git a/chart/templates/rbac/role.yaml b/chart/templates/rbac/role.yaml
@@ -209,3 +209,29 @@ rules:
   - securitycontextconstraints
   verbs:
   - use
+- apiGroups:
+    - sailoperator.io
+  resources:
+    - ztunnels
+  verbs:
+    - create
+    - delete
+    - get
+    - list
+    - patch
+    - update
+    - watch
+- apiGroups:
+    - sailoperator.io
+  resources:
+    - ztunnels/finalizers
+  verbs:
+    - update
+- apiGroups:
+    - sailoperator.io
+  resources:
+    - ztunnels/status
+  verbs:
+    - get
+    - patch
+    - update
diff --git a/cmd/main.go b/cmd/main.go
@@ -25,6 +25,7 @@ import (
 	"github.com/istio-ecosystem/sail-operator/controllers/istiorevision"
 	"github.com/istio-ecosystem/sail-operator/controllers/istiorevisiontag"
 	"github.com/istio-ecosystem/sail-operator/controllers/webhook"
+	"github.com/istio-ecosystem/sail-operator/controllers/ztunnel"
 	"github.com/istio-ecosystem/sail-operator/pkg/config"
 	"github.com/istio-ecosystem/sail-operator/pkg/enqueuelogger"
 	"github.com/istio-ecosystem/sail-operator/pkg/helm"
@@ -165,6 +166,13 @@ func main() {
 		os.Exit(1)
 	}
 
+	err = ztunnel.NewReconciler(reconcilerCfg, mgr.GetClient(), mgr.GetScheme(), chartManager).
+		SetupWithManager(mgr)
+	if err != nil {
+		setupLog.Error(err, "unable to create controller", "controller", "ZTunnel")
+		os.Exit(1)
+	}
+
 	err = webhook.NewReconciler(mgr.GetClient(), mgr.GetScheme()).
 		SetupWithManager(mgr)
 	if err != nil {