Add Routing Table as a service CRD

PROJECT

@@ -1,3 +1,7 @@
+# Code generated by tool. DO NOT EDIT.
+# This file is used to track the info used to scaffold your project
+# and allow the plugins properly work.
+# More info: https://book.kubebuilder.io/reference/project-config.html
 domain: schiff.telekom.de
 layout:
 - go.kubebuilder.io/v3
@@ -25,4 +29,13 @@ resources:
   kind: Layer2NetworkConfiguration
   path: github.com/telekom/das-schiff-network-operator/api/v1alpha1
   version: v1alpha1
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: schiff.telekom.de
+  group: network
+  kind: RoutingTable
+  path: github.com/telekom/das-schiff-network-operator/api/v1alpha1
+  version: v1alpha1
 version: "3"

api/v1alpha1/routingtable_types.go

@@ -0,0 +1,64 @@
+/*
+Copyright 2022.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// RoutingTableSpec defines the desired state of RoutingTable.
+type RoutingTableSpec struct {
+
+	// TableID is the host table that can be used to export routes
+	TableID int `json:"tableId"`
+}
+
+// RoutingTableStatus defines the observed state of RoutingTable.
+type RoutingTableStatus struct {
+	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+}
+
+//+kubebuilder:object:root=true
+//+kubebuilder:subresource:status
+//+kubebuilder:resource:shortName=taas,scope=Cluster
+//+kubebuilder:printcolumn:name="Table ID",type=integer,JSONPath=`.spec.tableId`
+
+// RoutingTable is the Schema for the routingtables API.
+type RoutingTable struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   RoutingTableSpec   `json:"spec,omitempty"`
+	Status RoutingTableStatus `json:"status,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+
+// RoutingTableList contains a list of RoutingTable.
+type RoutingTableList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []RoutingTable `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&RoutingTable{}, &RoutingTableList{})
+}

cmd/manager/main.go

@@ -24,6 +24,11 @@ import (
 	"os"
 	"sort"
 
+	"k8s.io/apimachinery/pkg/runtime"
+	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
+	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
+	"k8s.io/client-go/rest"
+
 	networkv1alpha1 "github.com/telekom/das-schiff-network-operator/api/v1alpha1"
 	"github.com/telekom/das-schiff-network-operator/controllers"
 	"github.com/telekom/das-schiff-network-operator/pkg/anycast"
@@ -35,10 +40,6 @@ import (
 	"github.com/telekom/das-schiff-network-operator/pkg/monitoring"
 	"github.com/telekom/das-schiff-network-operator/pkg/notrack"
 	"github.com/telekom/das-schiff-network-operator/pkg/reconciler"
-	"k8s.io/apimachinery/pkg/runtime"
-	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
-	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
-	"k8s.io/client-go/rest"
 
 	// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.) //nolint:gci
 	// to ensure that exec-entrypoint and run can make use of them.
@@ -246,6 +247,14 @@ func setupReconcilers(mgr manager.Manager, anycastTracker *anycast.Tracker) erro
 		return fmt.Errorf("unable to create Layer2NetworkConfiguration controller: %w", err)
 	}
 
+	if err = (&controllers.RoutingTableReconciler{
+		Client:     mgr.GetClient(),
+		Scheme:     mgr.GetScheme(),
+		Reconciler: r,
+	}).SetupWithManager(mgr); err != nil {
+		return fmt.Errorf("unable to create RoutingTable controller: %w", err)
+	}
+
 	return nil
 }
 

config/crd/bases/network.schiff.telekom.de_routingtables.yaml

@@ -0,0 +1,57 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.12.0
+  name: routingtables.network.schiff.telekom.de
+spec:
+  group: network.schiff.telekom.de
+  names:
+    kind: RoutingTable
+    listKind: RoutingTableList
+    plural: routingtables
+    shortNames:
+    - taas
+    singular: routingtable
+  scope: Cluster
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .spec.tableId
+      name: Table ID
+      type: integer
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: RoutingTable is the Schema for the routingtables API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: RoutingTableSpec defines the desired state of RoutingTable.
+            properties:
+              tableId:
+                description: TableID is the host table that can be used to export
+                  routes
+                type: integer
+            required:
+            - tableId
+            type: object
+          status:
+            description: RoutingTableStatus defines the observed state of RoutingTable.
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}

config/crd/kustomization.yaml

@@ -4,16 +4,19 @@
 resources:
 - bases/network.schiff.telekom.de_vrfrouteconfigurations.yaml
 - bases/network.schiff.telekom.de_layer2networkconfigurations.yaml
+- bases/network.schiff.telekom.de_routingtables.yaml
 #+kubebuilder:scaffold:crdkustomizeresource
 
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
 # patches here are for enabling the conversion webhook for each CRD
+#- patches/webhook_in_routingtables.yaml
 #+kubebuilder:scaffold:crdkustomizewebhookpatch
 
 # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix.
 # patches here are for enabling the CA injection for each CRD
 #- patches/cainjection_in_vrfrouteconfigurations.yaml
 #- patches/cainjection_in_layer2networkconfigurations.yaml
+#- patches/cainjection_in_routingtables.yaml
 #+kubebuilder:scaffold:crdkustomizecainjectionpatch
 
 # the following config is for teaching kustomize how to do kustomization for CRDs.
@@ -24,3 +27,4 @@ kind: Kustomization
 patches:
 - path: patches/webhook_in_vrfrouteconfigurations.yaml
 - path: patches/webhook_in_layer2networkconfigurations.yaml
+- path: patches/webhook_in_routingtables.yaml

config/crd/patches/cainjection_in_routingtables.yaml

@@ -0,0 +1,7 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: routingtables.network.schiff.telekom.de

config/crd/patches/webhook_in_routingtables.yaml

@@ -0,0 +1,16 @@
+# The following patch enables a conversion webhook for the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: routingtables.network.schiff.telekom.de
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        service:
+          namespace: system
+          name: webhook-service
+          path: /convert
+      conversionReviewVersions:
+      - v1

config/rbac/role.yaml

@@ -39,6 +39,32 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - network.schiff.telekom.de
+  resources:
+  - routingtables
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - network.schiff.telekom.de
+  resources:
+  - routingtables/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - network.schiff.telekom.de
+  resources:
+  - routingtables/status
+  verbs:
+  - get
+  - patch
+  - update
 - apiGroups:
   - network.schiff.telekom.de
   resources:

config/rbac/routingtable_editor_role.yaml

@@ -0,0 +1,31 @@
+# permissions for end users to edit routingtables.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: routingtable-editor-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: network-operator
+    app.kubernetes.io/part-of: network-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: routingtable-editor-role
+rules:
+- apiGroups:
+  - network.schiff.telekom.de
+  resources:
+  - routingtables
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - network.schiff.telekom.de
+  resources:
+  - routingtables/status
+  verbs:
+  - get