From 12e52067495c9a701d4145eb407941893aa4af5e Mon Sep 17 00:00:00 2001 From: Lukas Krejci Date: Thu, 6 Jun 2024 17:06:33 +0200 Subject: [PATCH 1/8] Add notices on the ToolchainCluster.Spec fields that are going to see the changes after we migrate to kubeconfig-based connections. Add fields to the ToolchainCluster.Status that will advertise info from kubeconfig. --- api/v1alpha1/toolchaincluster_types.go | 20 ++++++++++++++++++++ api/v1alpha1/zz_generated.openapi.go | 22 ++++++++++++++++++---- 2 files changed, 38 insertions(+), 4 deletions(-) diff --git a/api/v1alpha1/toolchaincluster_types.go b/api/v1alpha1/toolchaincluster_types.go index 5d9fbf3a..ea33dd94 100644 --- a/api/v1alpha1/toolchaincluster_types.go +++ b/api/v1alpha1/toolchaincluster_types.go @@ -34,20 +34,33 @@ const ( type ToolchainClusterSpec struct { // The API endpoint of the member cluster. This can be a hostname, // hostname:port, IP or IP:port. + // + // Be aware that this field is going to be replaced with + // the Status.APIEndpoint in the future. APIEndpoint string `json:"apiEndpoint"` // CABundle contains the certificate authority information. // +optional + // + // Note that this is going to be deprecated and removed. It will be replaced by a field in + // the kubecondig of the connection secret CABundle string `json:"caBundle,omitempty"` // Name of the secret containing the token required to access the // member cluster. The secret needs to exist in the same namespace // as the control plane and should have a "token" key. + // + // In the near future, the secret will contain the whole kubeconfig required to connect + // to the cluster. SecretRef LocalSecretReference `json:"secretRef"` // DisabledTLSValidations defines a list of checks to ignore when validating // the TLS connection to the member cluster. This can be any of *, SubjectName, or ValidityPeriod. // If * is specified, it is expected to be the only option in list. + // + // Note that this is going to be deprecated and removed. It will be replaced by + // the kubeconfig stored in the connection secret. + // // +optional // +listType=set DisabledTLSValidations []TLSValidation `json:"disabledTLSValidations,omitempty"` @@ -66,6 +79,13 @@ type LocalSecretReference struct { // cluster updated periodically by cluster controller. // +k8s:openapi-gen=true type ToolchainClusterStatus struct { + // APIEndpoint is the API endpoint of the remote cluster. This can be a hostname, + // hostname:port, IP or IP:port. + APIEndpoint string `json:"apiEndpoint,omitempty"` + + // OperatorNamespace is the namespace in which the operator runs in the remote cluster + OperatorNamespace string `json:"operatorNamespace,omitempty"` + // Conditions is an array of current cluster conditions. // +listType=atomic Conditions []Condition `json:"conditions"` diff --git a/api/v1alpha1/zz_generated.openapi.go b/api/v1alpha1/zz_generated.openapi.go index 58a3e438..57ff8cfc 100644 --- a/api/v1alpha1/zz_generated.openapi.go +++ b/api/v1alpha1/zz_generated.openapi.go @@ -4394,7 +4394,7 @@ func schema_codeready_toolchain_api_api_v1alpha1_ToolchainClusterSpec(ref common Properties: map[string]spec.Schema{ "apiEndpoint": { SchemaProps: spec.SchemaProps{ - Description: "The API endpoint of the member cluster. This can be a hostname, hostname:port, IP or IP:port.", + Description: "The API endpoint of the member cluster. This can be a hostname, hostname:port, IP or IP:port.\n\nDeprecated: This is deprecated by the Status.APIEndpoint", Default: "", Type: []string{"string"}, Format: "", @@ -4402,14 +4402,14 @@ func schema_codeready_toolchain_api_api_v1alpha1_ToolchainClusterSpec(ref common }, "caBundle": { SchemaProps: spec.SchemaProps{ - Description: "CABundle contains the certificate authority information.", + Description: "CABundle contains the certificate authority information.\n\nDeprecated: Don't use this. This is replaced by field in the connection secret", Type: []string{"string"}, Format: "", }, }, "secretRef": { SchemaProps: spec.SchemaProps{ - Description: "Name of the secret containing the token required to access the member cluster. The secret needs to exist in the same namespace as the control plane and should have a \"token\" key.", + Description: "Name of the secret containing the token required to access the member cluster. The secret needs to exist in the same namespace as the control plane and should have a \"token\" key.\n\nDeprecated: This is replaced by the owner reference", Default: map[string]interface{}{}, Ref: ref("github.com/codeready-toolchain/api/api/v1alpha1.LocalSecretReference"), }, @@ -4421,7 +4421,7 @@ func schema_codeready_toolchain_api_api_v1alpha1_ToolchainClusterSpec(ref common }, }, SchemaProps: spec.SchemaProps{ - Description: "DisabledTLSValidations defines a list of checks to ignore when validating the TLS connection to the member cluster. This can be any of *, SubjectName, or ValidityPeriod. If * is specified, it is expected to be the only option in list.", + Description: "DisabledTLSValidations defines a list of checks to ignore when validating the TLS connection to the member cluster. This can be any of *, SubjectName, or ValidityPeriod. If * is specified, it is expected to be the only option in list.\n\nDeprecated: This is replaced by the contents of the kubeconfig in the connection secret", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -4450,6 +4450,20 @@ func schema_codeready_toolchain_api_api_v1alpha1_ToolchainClusterStatus(ref comm Description: "ToolchainClusterStatus contains information about the current status of a cluster updated periodically by cluster controller.", Type: []string{"object"}, Properties: map[string]spec.Schema{ + "apiEndpoint": { + SchemaProps: spec.SchemaProps{ + Description: "APIEndpoint is the API endpoint of the remote cluster. This can be a hostname, hostname:port, IP or IP:port.", + Type: []string{"string"}, + Format: "", + }, + }, + "operatorNamespace": { + SchemaProps: spec.SchemaProps{ + Description: "OperatorNamespace is the namespace in which the operator runs in the remote cluster", + Type: []string{"string"}, + Format: "", + }, + }, "conditions": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ From 995c227c977ab44932820a971a7d33db009a7284 Mon Sep 17 00:00:00 2001 From: Lukas Krejci Date: Tue, 2 Jul 2024 18:57:21 +0200 Subject: [PATCH 2/8] regenerate openapi spec. --- api/v1alpha1/zz_generated.openapi.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/api/v1alpha1/zz_generated.openapi.go b/api/v1alpha1/zz_generated.openapi.go index 57ff8cfc..575deb3a 100644 --- a/api/v1alpha1/zz_generated.openapi.go +++ b/api/v1alpha1/zz_generated.openapi.go @@ -4394,7 +4394,7 @@ func schema_codeready_toolchain_api_api_v1alpha1_ToolchainClusterSpec(ref common Properties: map[string]spec.Schema{ "apiEndpoint": { SchemaProps: spec.SchemaProps{ - Description: "The API endpoint of the member cluster. This can be a hostname, hostname:port, IP or IP:port.\n\nDeprecated: This is deprecated by the Status.APIEndpoint", + Description: "The API endpoint of the member cluster. This can be a hostname, hostname:port, IP or IP:port.\n\nBe aware that this field is going to be replaced with the Status.APIEndpoint in the future.", Default: "", Type: []string{"string"}, Format: "", @@ -4402,14 +4402,14 @@ func schema_codeready_toolchain_api_api_v1alpha1_ToolchainClusterSpec(ref common }, "caBundle": { SchemaProps: spec.SchemaProps{ - Description: "CABundle contains the certificate authority information.\n\nDeprecated: Don't use this. This is replaced by field in the connection secret", + Description: "CABundle contains the certificate authority information.\n\nNote that this is going to be deprecated and removed. It will be replaced by a field in the kubecondig of the connection secret", Type: []string{"string"}, Format: "", }, }, "secretRef": { SchemaProps: spec.SchemaProps{ - Description: "Name of the secret containing the token required to access the member cluster. The secret needs to exist in the same namespace as the control plane and should have a \"token\" key.\n\nDeprecated: This is replaced by the owner reference", + Description: "Name of the secret containing the token required to access the member cluster. The secret needs to exist in the same namespace as the control plane and should have a \"token\" key.\n\nIn the near future, the secret will contain the whole kubeconfig required to connect to the cluster.", Default: map[string]interface{}{}, Ref: ref("github.com/codeready-toolchain/api/api/v1alpha1.LocalSecretReference"), }, @@ -4421,7 +4421,7 @@ func schema_codeready_toolchain_api_api_v1alpha1_ToolchainClusterSpec(ref common }, }, SchemaProps: spec.SchemaProps{ - Description: "DisabledTLSValidations defines a list of checks to ignore when validating the TLS connection to the member cluster. This can be any of *, SubjectName, or ValidityPeriod. If * is specified, it is expected to be the only option in list.\n\nDeprecated: This is replaced by the contents of the kubeconfig in the connection secret", + Description: "DisabledTLSValidations defines a list of checks to ignore when validating the TLS connection to the member cluster. This can be any of *, SubjectName, or ValidityPeriod. If * is specified, it is expected to be the only option in list.\n\nNote that this is going to be deprecated and removed. It will be replaced by the kubeconfig stored in the connection secret.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ From 40b2c66a959f36aedffce2127377703e23ed3ce3 Mon Sep 17 00:00:00 2001 From: Lukas Krejci Date: Wed, 3 Jul 2024 12:42:50 +0200 Subject: [PATCH 3/8] regenerate after update to master --- api/v1alpha1/docs/apiref.adoc | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/api/v1alpha1/docs/apiref.adoc b/api/v1alpha1/docs/apiref.adoc index f0753e5c..feaabc54 100644 --- a/api/v1alpha1/docs/apiref.adoc +++ b/api/v1alpha1/docs/apiref.adoc @@ -3228,14 +3228,30 @@ ToolchainClusterSpec defines the desired state of ToolchainCluster |=== | Field | Description | Default | Validation | *`apiEndpoint`* __string__ | The API endpoint of the member cluster. This can be a hostname, + -hostname:port, IP or IP:port. + | | -| *`caBundle`* __string__ | CABundle contains the certificate authority information. + | | +hostname:port, IP or IP:port. + + + +Be aware that this field is going to be replaced with + +the Status.APIEndpoint in the future. + | | +| *`caBundle`* __string__ | CABundle contains the certificate authority information. + + + +Note that this is going to be deprecated and removed. It will be replaced by a field in + +the kubecondig of the connection secret + | | | *`secretRef`* __xref:{anchor_prefix}-github-com-codeready-toolchain-api-api-v1alpha1-localsecretreference[$$LocalSecretReference$$]__ | Name of the secret containing the token required to access the + member cluster. The secret needs to exist in the same namespace + -as the control plane and should have a "token" key. + | | +as the control plane and should have a "token" key. + + + +In the near future, the secret will contain the whole kubeconfig required to connect + +to the cluster. + | | | *`disabledTLSValidations`* __xref:{anchor_prefix}-github-com-codeready-toolchain-api-api-v1alpha1-tlsvalidation[$$TLSValidation$$] array__ | DisabledTLSValidations defines a list of checks to ignore when validating + the TLS connection to the member cluster. This can be any of *, SubjectName, or ValidityPeriod. + -If * is specified, it is expected to be the only option in list. + | | +If * is specified, it is expected to be the only option in list. + + + +Note that this is going to be deprecated and removed. It will be replaced by + +the kubeconfig stored in the connection secret. + | | |=== @@ -3258,6 +3274,9 @@ cluster updated periodically by cluster controller. [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation +| *`apiEndpoint`* __string__ | APIEndpoint is the API endpoint of the remote cluster. This can be a hostname, + +hostname:port, IP or IP:port. + | | +| *`operatorNamespace`* __string__ | OperatorNamespace is the namespace in which the operator runs in the remote cluster + | | | *`conditions`* __xref:{anchor_prefix}-github-com-codeready-toolchain-api-api-v1alpha1-condition[$$Condition$$] array__ | Conditions is an array of current cluster conditions. + | | |=== From a5c351b775d05401b95530279d98e7d2696095bc Mon Sep 17 00:00:00 2001 From: Lukas Krejci Date: Thu, 4 Jul 2024 20:54:59 +0200 Subject: [PATCH 4/8] Update api/v1alpha1/toolchaincluster_types.go Co-authored-by: Francisc Munteanu --- api/v1alpha1/toolchaincluster_types.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/api/v1alpha1/toolchaincluster_types.go b/api/v1alpha1/toolchaincluster_types.go index ea33dd94..cdd547bc 100644 --- a/api/v1alpha1/toolchaincluster_types.go +++ b/api/v1alpha1/toolchaincluster_types.go @@ -81,10 +81,10 @@ type LocalSecretReference struct { type ToolchainClusterStatus struct { // APIEndpoint is the API endpoint of the remote cluster. This can be a hostname, // hostname:port, IP or IP:port. - APIEndpoint string `json:"apiEndpoint,omitempty"` + APIEndpoint string `json:"apiEndpoint"` // OperatorNamespace is the namespace in which the operator runs in the remote cluster - OperatorNamespace string `json:"operatorNamespace,omitempty"` + OperatorNamespace string `json:"operatorNamespace"` // Conditions is an array of current cluster conditions. // +listType=atomic From 4a086a7f3529d359d188623e6b48202d3872bee8 Mon Sep 17 00:00:00 2001 From: Lukas Krejci Date: Thu, 4 Jul 2024 20:56:30 +0200 Subject: [PATCH 5/8] update the generated code. --- api/v1alpha1/zz_generated.openapi.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/api/v1alpha1/zz_generated.openapi.go b/api/v1alpha1/zz_generated.openapi.go index efabdcff..37a3b2b4 100644 --- a/api/v1alpha1/zz_generated.openapi.go +++ b/api/v1alpha1/zz_generated.openapi.go @@ -4482,6 +4482,7 @@ func schema_codeready_toolchain_api_api_v1alpha1_ToolchainClusterStatus(ref comm "apiEndpoint": { SchemaProps: spec.SchemaProps{ Description: "APIEndpoint is the API endpoint of the remote cluster. This can be a hostname, hostname:port, IP or IP:port.", + Default: "", Type: []string{"string"}, Format: "", }, @@ -4489,6 +4490,7 @@ func schema_codeready_toolchain_api_api_v1alpha1_ToolchainClusterStatus(ref comm "operatorNamespace": { SchemaProps: spec.SchemaProps{ Description: "OperatorNamespace is the namespace in which the operator runs in the remote cluster", + Default: "", Type: []string{"string"}, Format: "", }, @@ -4513,7 +4515,7 @@ func schema_codeready_toolchain_api_api_v1alpha1_ToolchainClusterStatus(ref comm }, }, }, - Required: []string{"conditions"}, + Required: []string{"apiEndpoint", "operatorNamespace", "conditions"}, }, }, Dependencies: []string{ From 2c301e3f3b93dca6963844933f330a9436e7c245 Mon Sep 17 00:00:00 2001 From: Lukas Krejci Date: Mon, 8 Jul 2024 10:49:36 +0200 Subject: [PATCH 6/8] Revert "update the generated code." This reverts commit 4a086a7f3529d359d188623e6b48202d3872bee8. --- api/v1alpha1/zz_generated.openapi.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/api/v1alpha1/zz_generated.openapi.go b/api/v1alpha1/zz_generated.openapi.go index 37a3b2b4..efabdcff 100644 --- a/api/v1alpha1/zz_generated.openapi.go +++ b/api/v1alpha1/zz_generated.openapi.go @@ -4482,7 +4482,6 @@ func schema_codeready_toolchain_api_api_v1alpha1_ToolchainClusterStatus(ref comm "apiEndpoint": { SchemaProps: spec.SchemaProps{ Description: "APIEndpoint is the API endpoint of the remote cluster. This can be a hostname, hostname:port, IP or IP:port.", - Default: "", Type: []string{"string"}, Format: "", }, @@ -4490,7 +4489,6 @@ func schema_codeready_toolchain_api_api_v1alpha1_ToolchainClusterStatus(ref comm "operatorNamespace": { SchemaProps: spec.SchemaProps{ Description: "OperatorNamespace is the namespace in which the operator runs in the remote cluster", - Default: "", Type: []string{"string"}, Format: "", }, @@ -4515,7 +4513,7 @@ func schema_codeready_toolchain_api_api_v1alpha1_ToolchainClusterStatus(ref comm }, }, }, - Required: []string{"apiEndpoint", "operatorNamespace", "conditions"}, + Required: []string{"conditions"}, }, }, Dependencies: []string{ From 3d53a2121f9f3ecb1b042593e9080657cfc6620d Mon Sep 17 00:00:00 2001 From: Lukas Krejci Date: Mon, 8 Jul 2024 10:49:53 +0200 Subject: [PATCH 7/8] Revert "Update api/v1alpha1/toolchaincluster_types.go" This reverts commit a5c351b775d05401b95530279d98e7d2696095bc. --- api/v1alpha1/toolchaincluster_types.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/api/v1alpha1/toolchaincluster_types.go b/api/v1alpha1/toolchaincluster_types.go index cdd547bc..ea33dd94 100644 --- a/api/v1alpha1/toolchaincluster_types.go +++ b/api/v1alpha1/toolchaincluster_types.go @@ -81,10 +81,10 @@ type LocalSecretReference struct { type ToolchainClusterStatus struct { // APIEndpoint is the API endpoint of the remote cluster. This can be a hostname, // hostname:port, IP or IP:port. - APIEndpoint string `json:"apiEndpoint"` + APIEndpoint string `json:"apiEndpoint,omitempty"` // OperatorNamespace is the namespace in which the operator runs in the remote cluster - OperatorNamespace string `json:"operatorNamespace"` + OperatorNamespace string `json:"operatorNamespace,omitempty"` // Conditions is an array of current cluster conditions. // +listType=atomic From 4ddd70dc834b38fbdaf4a2598b0399c016af05f2 Mon Sep 17 00:00:00 2001 From: Lukas Krejci Date: Mon, 8 Jul 2024 11:44:20 +0200 Subject: [PATCH 8/8] make the new status fields optional but visible. --- api/v1alpha1/toolchaincluster_types.go | 6 ++++-- api/v1alpha1/zz_generated.openapi.go | 2 ++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/api/v1alpha1/toolchaincluster_types.go b/api/v1alpha1/toolchaincluster_types.go index ea33dd94..fa8b5bb4 100644 --- a/api/v1alpha1/toolchaincluster_types.go +++ b/api/v1alpha1/toolchaincluster_types.go @@ -81,10 +81,12 @@ type LocalSecretReference struct { type ToolchainClusterStatus struct { // APIEndpoint is the API endpoint of the remote cluster. This can be a hostname, // hostname:port, IP or IP:port. - APIEndpoint string `json:"apiEndpoint,omitempty"` + // +optional + APIEndpoint string `json:"apiEndpoint"` // OperatorNamespace is the namespace in which the operator runs in the remote cluster - OperatorNamespace string `json:"operatorNamespace,omitempty"` + // +optional + OperatorNamespace string `json:"operatorNamespace"` // Conditions is an array of current cluster conditions. // +listType=atomic diff --git a/api/v1alpha1/zz_generated.openapi.go b/api/v1alpha1/zz_generated.openapi.go index efabdcff..d8878fbf 100644 --- a/api/v1alpha1/zz_generated.openapi.go +++ b/api/v1alpha1/zz_generated.openapi.go @@ -4482,6 +4482,7 @@ func schema_codeready_toolchain_api_api_v1alpha1_ToolchainClusterStatus(ref comm "apiEndpoint": { SchemaProps: spec.SchemaProps{ Description: "APIEndpoint is the API endpoint of the remote cluster. This can be a hostname, hostname:port, IP or IP:port.", + Default: "", Type: []string{"string"}, Format: "", }, @@ -4489,6 +4490,7 @@ func schema_codeready_toolchain_api_api_v1alpha1_ToolchainClusterStatus(ref comm "operatorNamespace": { SchemaProps: spec.SchemaProps{ Description: "OperatorNamespace is the namespace in which the operator runs in the remote cluster", + Default: "", Type: []string{"string"}, Format: "", },