From a9ad140f4b45824f57a944e61566d0525c0d48dc Mon Sep 17 00:00:00 2001 From: Lukas Krejci Date: Mon, 9 Sep 2024 10:34:32 +0200 Subject: [PATCH 1/4] Deprecate all of the fields in ToolchainCluster.Spec apart from the link to the secret. --- api/v1alpha1/toolchaincluster_types.go | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/api/v1alpha1/toolchaincluster_types.go b/api/v1alpha1/toolchaincluster_types.go index fa8b5bb4..298a4a0c 100644 --- a/api/v1alpha1/toolchaincluster_types.go +++ b/api/v1alpha1/toolchaincluster_types.go @@ -37,6 +37,8 @@ type ToolchainClusterSpec struct { // // Be aware that this field is going to be replaced with // the Status.APIEndpoint in the future. + // + // Deprecated: This is not used for anything. APIEndpoint string `json:"apiEndpoint"` // CABundle contains the certificate authority information. @@ -44,13 +46,11 @@ type ToolchainClusterSpec struct { // // Note that this is going to be deprecated and removed. It will be replaced by a field in // the kubecondig of the connection secret + // + // Deprecated: This is not used for anything. CABundle string `json:"caBundle,omitempty"` - // Name of the secret containing the token required to access the - // member cluster. The secret needs to exist in the same namespace - // as the control plane and should have a "token" key. - // - // In the near future, the secret will contain the whole kubeconfig required to connect + // Name of the secret containing the kubeconfig required to connect // to the cluster. SecretRef LocalSecretReference `json:"secretRef"` @@ -63,6 +63,8 @@ type ToolchainClusterSpec struct { // // +optional // +listType=set + // + // Deprecated: This is not used for anything. DisabledTLSValidations []TLSValidation `json:"disabledTLSValidations,omitempty"` } From e8d6a97e69f77ba77c90b949ac1e8df72e1ce821 Mon Sep 17 00:00:00 2001 From: Lukas Krejci Date: Tue, 17 Sep 2024 13:46:49 +0200 Subject: [PATCH 2/4] Removing the no longer used fields from the ToolchainCluster spec. --- api/v1alpha1/docs/apiref.adoc | 39 +------------------------- api/v1alpha1/toolchaincluster_types.go | 31 -------------------- api/v1alpha1/zz_generated.deepcopy.go | 7 +---- api/v1alpha1/zz_generated.openapi.go | 39 ++------------------------ 4 files changed, 4 insertions(+), 112 deletions(-) diff --git a/api/v1alpha1/docs/apiref.adoc b/api/v1alpha1/docs/apiref.adoc index 477e55ff..fd4e150e 100644 --- a/api/v1alpha1/docs/apiref.adoc +++ b/api/v1alpha1/docs/apiref.adoc @@ -3023,20 +3023,6 @@ Supported condition types: ConditionReady + | | |=== -[id="{anchor_prefix}-github-com-codeready-toolchain-api-api-v1alpha1-tlsvalidation"] -==== TLSValidation - -_Underlying type:_ _string_ - - - - - -.Appears In: -**** -- xref:{anchor_prefix}-github-com-codeready-toolchain-api-api-v1alpha1-toolchainclusterspec[$$ToolchainClusterSpec$$] -**** - [id="{anchor_prefix}-github-com-codeready-toolchain-api-api-v1alpha1-tiertemplate"] @@ -3239,31 +3225,8 @@ ToolchainClusterSpec defines the desired state of ToolchainCluster [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation -| *`apiEndpoint`* __string__ | The API endpoint of the member cluster. This can be a hostname, + -hostname:port, IP or IP:port. + - - -Be aware that this field is going to be replaced with + -the Status.APIEndpoint in the future. + | | -| *`caBundle`* __string__ | CABundle contains the certificate authority information. + - - -Note that this is going to be deprecated and removed. It will be replaced by a field in + -the kubecondig of the connection secret + | | -| *`secretRef`* __xref:{anchor_prefix}-github-com-codeready-toolchain-api-api-v1alpha1-localsecretreference[$$LocalSecretReference$$]__ | Name of the secret containing the token required to access the + -member cluster. The secret needs to exist in the same namespace + -as the control plane and should have a "token" key. + - - -In the near future, the secret will contain the whole kubeconfig required to connect + +| *`secretRef`* __xref:{anchor_prefix}-github-com-codeready-toolchain-api-api-v1alpha1-localsecretreference[$$LocalSecretReference$$]__ | Name of the secret containing the kubeconfig required to connect + to the cluster. + | | -| *`disabledTLSValidations`* __xref:{anchor_prefix}-github-com-codeready-toolchain-api-api-v1alpha1-tlsvalidation[$$TLSValidation$$] array__ | DisabledTLSValidations defines a list of checks to ignore when validating + -the TLS connection to the member cluster. This can be any of *, SubjectName, or ValidityPeriod. + -If * is specified, it is expected to be the only option in list. + - - -Note that this is going to be deprecated and removed. It will be replaced by + -the kubeconfig stored in the connection secret. + | | |=== diff --git a/api/v1alpha1/toolchaincluster_types.go b/api/v1alpha1/toolchaincluster_types.go index 298a4a0c..be4fb7b4 100644 --- a/api/v1alpha1/toolchaincluster_types.go +++ b/api/v1alpha1/toolchaincluster_types.go @@ -32,40 +32,9 @@ const ( // ToolchainClusterSpec defines the desired state of ToolchainCluster // +k8s:openapi-gen=true type ToolchainClusterSpec struct { - // The API endpoint of the member cluster. This can be a hostname, - // hostname:port, IP or IP:port. - // - // Be aware that this field is going to be replaced with - // the Status.APIEndpoint in the future. - // - // Deprecated: This is not used for anything. - APIEndpoint string `json:"apiEndpoint"` - - // CABundle contains the certificate authority information. - // +optional - // - // Note that this is going to be deprecated and removed. It will be replaced by a field in - // the kubecondig of the connection secret - // - // Deprecated: This is not used for anything. - CABundle string `json:"caBundle,omitempty"` - // Name of the secret containing the kubeconfig required to connect // to the cluster. SecretRef LocalSecretReference `json:"secretRef"` - - // DisabledTLSValidations defines a list of checks to ignore when validating - // the TLS connection to the member cluster. This can be any of *, SubjectName, or ValidityPeriod. - // If * is specified, it is expected to be the only option in list. - // - // Note that this is going to be deprecated and removed. It will be replaced by - // the kubeconfig stored in the connection secret. - // - // +optional - // +listType=set - // - // Deprecated: This is not used for anything. - DisabledTLSValidations []TLSValidation `json:"disabledTLSValidations,omitempty"` } // LocalSecretReference is a reference to a secret within the enclosing diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 6c152100..f992f83e 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -3082,7 +3082,7 @@ func (in *ToolchainCluster) DeepCopyInto(out *ToolchainCluster) { *out = *in out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) + out.Spec = in.Spec in.Status.DeepCopyInto(&out.Status) } @@ -3165,11 +3165,6 @@ func (in *ToolchainClusterList) DeepCopyObject() runtime.Object { func (in *ToolchainClusterSpec) DeepCopyInto(out *ToolchainClusterSpec) { *out = *in out.SecretRef = in.SecretRef - if in.DisabledTLSValidations != nil { - in, out := &in.DisabledTLSValidations, &out.DisabledTLSValidations - *out = make([]TLSValidation, len(*in)) - copy(*out, *in) - } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ToolchainClusterSpec. diff --git a/api/v1alpha1/zz_generated.openapi.go b/api/v1alpha1/zz_generated.openapi.go index 6ee9baf0..7f715cc0 100644 --- a/api/v1alpha1/zz_generated.openapi.go +++ b/api/v1alpha1/zz_generated.openapi.go @@ -4447,50 +4447,15 @@ func schema_codeready_toolchain_api_api_v1alpha1_ToolchainClusterSpec(ref common Description: "ToolchainClusterSpec defines the desired state of ToolchainCluster", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "apiEndpoint": { - SchemaProps: spec.SchemaProps{ - Description: "The API endpoint of the member cluster. This can be a hostname, hostname:port, IP or IP:port.\n\nBe aware that this field is going to be replaced with the Status.APIEndpoint in the future.", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "caBundle": { - SchemaProps: spec.SchemaProps{ - Description: "CABundle contains the certificate authority information.\n\nNote that this is going to be deprecated and removed. It will be replaced by a field in the kubecondig of the connection secret", - Type: []string{"string"}, - Format: "", - }, - }, "secretRef": { SchemaProps: spec.SchemaProps{ - Description: "Name of the secret containing the token required to access the member cluster. The secret needs to exist in the same namespace as the control plane and should have a \"token\" key.\n\nIn the near future, the secret will contain the whole kubeconfig required to connect to the cluster.", + Description: "Name of the secret containing the kubeconfig required to connect to the cluster.", Default: map[string]interface{}{}, Ref: ref("github.com/codeready-toolchain/api/api/v1alpha1.LocalSecretReference"), }, }, - "disabledTLSValidations": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "set", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "DisabledTLSValidations defines a list of checks to ignore when validating the TLS connection to the member cluster. This can be any of *, SubjectName, or ValidityPeriod. If * is specified, it is expected to be the only option in list.\n\nNote that this is going to be deprecated and removed. It will be replaced by the kubeconfig stored in the connection secret.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, }, - Required: []string{"apiEndpoint", "secretRef"}, + Required: []string{"secretRef"}, }, }, Dependencies: []string{ From 38feb7a7a541690733253db656c0dd75a31834d1 Mon Sep 17 00:00:00 2001 From: Lukas Krejci Date: Thu, 3 Oct 2024 16:13:28 +0200 Subject: [PATCH 3/4] Remove the unused "enum constants". --- api/v1alpha1/toolchaincluster_types.go | 8 -------- 1 file changed, 8 deletions(-) diff --git a/api/v1alpha1/toolchaincluster_types.go b/api/v1alpha1/toolchaincluster_types.go index be4fb7b4..8083f693 100644 --- a/api/v1alpha1/toolchaincluster_types.go +++ b/api/v1alpha1/toolchaincluster_types.go @@ -21,14 +21,6 @@ const ( ToolchainClusterLabel = LabelKeyPrefix + "toolchain-cluster" ) -type TLSValidation string - -const ( - TLSAll TLSValidation = "*" - TLSSubjectName TLSValidation = "SubjectName" - TLSValidityPeriod TLSValidation = "ValidityPeriod" -) - // ToolchainClusterSpec defines the desired state of ToolchainCluster // +k8s:openapi-gen=true type ToolchainClusterSpec struct { From c49a47f189dff69736136042704f2689dfa74ee7 Mon Sep 17 00:00:00 2001 From: Lukas Krejci Date: Tue, 8 Oct 2024 14:56:25 +0200 Subject: [PATCH 4/4] Bring back the spec.apiEndpoint but make it optional. We need this indirection because we need to make the removal in two steps so that the potentially different versions of the CRD in host and member stay compatible. --- api/v1alpha1/docs/apiref.adoc | 11 +++++++++-- api/v1alpha1/toolchaincluster_types.go | 10 ++++++++++ api/v1alpha1/zz_generated.openapi.go | 7 +++++++ 3 files changed, 26 insertions(+), 2 deletions(-) diff --git a/api/v1alpha1/docs/apiref.adoc b/api/v1alpha1/docs/apiref.adoc index 846ca747..1cd03f22 100644 --- a/api/v1alpha1/docs/apiref.adoc +++ b/api/v1alpha1/docs/apiref.adoc @@ -3063,8 +3063,6 @@ Supported condition types: ConditionReady + | | |=== - - [id="{anchor_prefix}-github-com-codeready-toolchain-api-api-v1alpha1-tiertemplate"] ==== TierTemplate @@ -3336,6 +3334,15 @@ ToolchainClusterSpec defines the desired state of ToolchainCluster [cols="20a,50a,15a,15a", options="header"] |=== | Field | Description | Default | Validation +| *`apiEndpoint`* __string__ | The API endpoint of the member cluster. This can be a hostname, + +hostname:port, IP or IP:port. + + + +Be aware that this is kept in the spec only for compatibility reasons + +and doesn't serve any purpose. Use the Status.APIEndpoint instead. + + + +Deprecated: This is not used for anything. + | | | *`secretRef`* __xref:{anchor_prefix}-github-com-codeready-toolchain-api-api-v1alpha1-localsecretreference[$$LocalSecretReference$$]__ | Name of the secret containing the kubeconfig required to connect + to the cluster. + | | |=== diff --git a/api/v1alpha1/toolchaincluster_types.go b/api/v1alpha1/toolchaincluster_types.go index 8083f693..c30ad46e 100644 --- a/api/v1alpha1/toolchaincluster_types.go +++ b/api/v1alpha1/toolchaincluster_types.go @@ -24,6 +24,16 @@ const ( // ToolchainClusterSpec defines the desired state of ToolchainCluster // +k8s:openapi-gen=true type ToolchainClusterSpec struct { + // The API endpoint of the member cluster. This can be a hostname, + // hostname:port, IP or IP:port. + // + // Be aware that this is kept in the spec only for compatibility reasons + // and doesn't serve any purpose. Use the Status.APIEndpoint instead. + // + // Deprecated: This is not used for anything. + // +optional + APIEndpoint string `json:"apiEndpoint,omitempty"` + // Name of the secret containing the kubeconfig required to connect // to the cluster. SecretRef LocalSecretReference `json:"secretRef"` diff --git a/api/v1alpha1/zz_generated.openapi.go b/api/v1alpha1/zz_generated.openapi.go index 50da023e..2e69ff82 100644 --- a/api/v1alpha1/zz_generated.openapi.go +++ b/api/v1alpha1/zz_generated.openapi.go @@ -4591,6 +4591,13 @@ func schema_codeready_toolchain_api_api_v1alpha1_ToolchainClusterSpec(ref common Description: "ToolchainClusterSpec defines the desired state of ToolchainCluster", Type: []string{"object"}, Properties: map[string]spec.Schema{ + "apiEndpoint": { + SchemaProps: spec.SchemaProps{ + Description: "The API endpoint of the member cluster. This can be a hostname, hostname:port, IP or IP:port.\n\nBe aware that this is kept in the spec only for compatibility reasons and doesn't serve any purpose. Use the Status.APIEndpoint instead.\n\nDeprecated: This is not used for anything.", + Type: []string{"string"}, + Format: "", + }, + }, "secretRef": { SchemaProps: spec.SchemaProps{ Description: "Name of the secret containing the kubeconfig required to connect to the cluster.",