add config pod status crd

open-policy-agent · Sep 14, 2024 · 99bfce6 · 99bfce6
1 parent 3f45732
commit 99bfce6
Show file tree

Hide file tree

Showing 10 changed files with 385 additions and 1 deletion.
diff --git a/apis/config/v1alpha1/config_types.go b/apis/config/v1alpha1/config_types.go
@@ -16,6 +16,7 @@ limitations under the License.
 package v1alpha1
 
 import (
+ status "github.com/open-policy-agent/gatekeeper/v3/apis/status/v1beta1"
  "github.com/open-policy-agent/gatekeeper/v3/pkg/wildcard"
  metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
  "k8s.io/apimachinery/pkg/runtime/schema"
@@ -82,6 +83,7 @@ type ReadinessSpec struct {
 
 // ConfigStatus defines the observed state of Config.
 type ConfigStatus struct { // Important: Run "make" to regenerate code after modifying this file
+ ByPod []status.ConfigPodStatusStatus `json:"byPod,omitempty"`
 }
 
 type GVK struct {
@@ -92,6 +94,8 @@ type GVK struct {
 
 // +kubebuilder:resource:scope=Namespaced
 // +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:storageversion
 
 // Config is the Schema for the configs API.
 type Config struct {

diff --git a/apis/config/v1alpha1/zz_generated.deepcopy.go b/apis/config/v1alpha1/zz_generated.deepcopy.go
diff --git a/apis/status/v1beta1/configpodstatus_types.go b/apis/status/v1beta1/configpodstatus_types.go
@@ -0,0 +1,89 @@
+package v1beta1
+
+import (
+ "github.com/open-policy-agent/gatekeeper/v3/pkg/operations"
+ "github.com/open-policy-agent/gatekeeper/v3/pkg/util"
+ corev1 "k8s.io/api/core/v1"
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ "k8s.io/apimachinery/pkg/runtime"
+
+ // "k8s.io/apimachinery/pkg/runtime"
+ "k8s.io/apimachinery/pkg/types"
+ "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
+)
+
+// ConfigPodStatusStatus defines the observed state of ConfigPodStatus.
+
+// +kubebuilder:object:generate=true
+
+type ConfigPodStatusStatus struct {
+ // Important: Run "make" to regenerate code after modifying this file
+ ID string `json:"id,omitempty"`
+ ConfigUID types.UID `json:"configUID,omitempty"`
+ Operations []string `json:"operations,omitempty"`
+ ObservedGeneration int64 `json:"observedGeneration,omitempty"`
+ Errors []*ConfigError `json:"errors,omitempty"`
+}
+
+// +kubebuilder:object:generate=true
+
+type ConfigError struct {
+ Type string `json:"type,omitempty"`
+ Message string `json:"message"`
+}
+
+// ConfigPodStatus is the Schema for the configpodstatuses API.
+
+// +kubebuilder:object:root=true
+// +kubebuilder:resource:scope=Namespaced
+
+type ConfigPodStatus struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ObjectMeta `json:"metadata,omitempty"`
+
+ Status ConfigPodStatusStatus `json:"status,omitempty"`
+}
+
+// ConfigPodStatusList contains a list of ConfigPodStatus.
+
+// +kubebuilder:object:root=true
+type ConfigPodStatusList struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ListMeta `json:"metadata,omitempty"`
+ Items []ConfigPodStatus `json:"items"`
+}
+
+func init() {
+ SchemeBuilder.Register(&ConfigPodStatus{}, &ConfigPodStatusList{})
+}
+
+// NewConfigStatusForPod returns an config status object
+// that has been initialized with the bare minimum of fields to make it functional
+// with the config status controller.
+func NewConfigStatusForPod(pod *corev1.Pod, configName string, scheme *runtime.Scheme) (*ConfigPodStatus, error) {
+ obj := &ConfigPodStatus{}
+ name, err := KeyForConfig(pod.Name, configName)
+ if err != nil {
+ return nil, err
+ }
+ obj.SetName(name)
+ obj.SetNamespace(util.GetNamespace())
+ obj.Status.ID = pod.Name
+ obj.Status.Operations = operations.AssignedStringList()
+ obj.SetLabels(map[string]string{
+ ConfigNameLabel: configName,
+ PodLabel: pod.Name,
+ })
+
+ if err := controllerutil.SetOwnerReference(pod, obj, scheme); err != nil {
+ return nil, err
+ }
+
+ return obj, nil
+}
+
+// KeyForConfig returns a unique status object name given the Pod ID and
+// a config object.
+func KeyForConfig(id string, configName string) (string, error) {
+ return DashPacker(id, configName)
+}
diff --git a/apis/status/v1beta1/labels.go b/apis/status/v1beta1/labels.go
@@ -2,6 +2,7 @@ package v1beta1
 
 // Label keys used for internal gatekeeper operations.
 const (
+ ConfigNameLabel = "internal.gatekeeper.sh/config-name"
  ExpansionTemplateNameLabel = "internal.gatekeeper.sh/expansiontemplate-name"
  ConstraintNameLabel = "internal.gatekeeper.sh/constraint-name"
  ConstraintKindLabel = "internal.gatekeeper.sh/constraint-kind"

diff --git a/apis/status/v1beta1/zz_generated.deepcopy.go b/apis/status/v1beta1/zz_generated.deepcopy.go
diff --git a/config/crd/bases/config.gatekeeper.sh_configs.yaml b/config/crd/bases/config.gatekeeper.sh_configs.yaml
@@ -112,7 +112,43 @@ spec:
  type: object
  status:
  description: ConfigStatus defines the observed state of Config.
+ properties:
+ byPod:
+ items:
+ properties:
+ configUID:
+ description: |-
+ UID is a type that holds unique ID values, including UUIDs. Because we
+ don't ONLY use UUIDs, this is an alias to string. Being a type captures
+ intent and helps make sure that UIDs and names do not get conflated.
+ type: string
+ errors:
+ items:
+ properties:
+ message:
+ type: string
+ type:
+ type: string
+ required:
+ - message
+ type: object
+ type: array
+ id:
+ description: 'Important: Run "make" to regenerate code after
+ modifying this file'
+ type: string
+ observedGeneration:
+ format: int64
+ type: integer
+ operations:
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
  type: object
  type: object
  served: true
  storage: true
+ subresources:
+ status: {}
diff --git a/config/crd/bases/status.gatekeeper.sh_configpodstatuses.yaml b/config/crd/bases/status.gatekeeper.sh_configpodstatuses.yaml
@@ -0,0 +1,71 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.14.0
+ name: configpodstatuses.status.gatekeeper.sh
+spec:
+ group: status.gatekeeper.sh
+ names:
+ kind: ConfigPodStatus
+ listKind: ConfigPodStatusList
+ plural: configpodstatuses
+ singular: configpodstatus
+ scope: Namespaced
+ versions:
+ - name: v1beta1
+ schema:
+ openAPIV3Schema:
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ status:
+ properties:
+ configUID:
+ description: |-
+ UID is a type that holds unique ID values, including UUIDs. Because we
+ don't ONLY use UUIDs, this is an alias to string. Being a type captures
+ intent and helps make sure that UIDs and names do not get conflated.
+ type: string
+ errors:
+ items:
+ properties:
+ message:
+ type: string
+ type:
+ type: string
+ required:
+ - message
+ type: object
+ type: array
+ id:
+ description: 'Important: Run "make" to regenerate code after modifying
+ this file'
+ type: string
+ observedGeneration:
+ format: int64
+ type: integer
+ operations:
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml
@@ -8,6 +8,7 @@ resources:
 - bases/status.gatekeeper.sh_constrainttemplatepodstatuses.yaml
 - bases/status.gatekeeper.sh_mutatorpodstatuses.yaml
 - bases/status.gatekeeper.sh_expansiontemplatepodstatuses.yaml
+- bases/status.gatekeeper.sh_configpodstatuses.yaml
 - bases/mutations.gatekeeper.sh_assign.yaml
 - bases/mutations.gatekeeper.sh_assignimage.yaml
 - bases/mutations.gatekeeper.sh_assignmetadata.yaml