Add YurtIngress operator implementation

cmd/yurt-app-manager/app/core.go

@@ -40,6 +40,7 @@ import (
 	"k8s.io/klog"
 	"k8s.io/klog/klogr"
 	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 	// +kubebuilder:scaffold:imports
 )
 
@@ -105,6 +106,10 @@ func Run(opts *options.YurtAppOptions) {
 	cfg := ctrl.GetConfigOrDie()
 	setRestConfig(cfg)
 
+	cacheDisableObjs := []client.Object{
+		&appsv1alpha1.YurtIngress{},
+	}
+
 	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
 		Scheme:                     scheme,
 		MetricsBindAddress:         opts.MetricsAddr,
@@ -114,6 +119,7 @@ func Run(opts *options.YurtAppOptions) {
 		LeaderElectionNamespace:    opts.LeaderElectionNamespace,
 		LeaderElectionResourceLock: resourcelock.LeasesResourceLock, // use lease to election
 		Namespace:                  opts.Namespace,
+		ClientDisableCacheFor:      cacheDisableObjs,
 	})
 	if err != nil {
 		setupLog.Error(err, "unable to start manager")

config/yurt-app-manager/crd/bases/apps.openyurt.io_yurtingresses.yaml

@@ -0,0 +1,157 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.2.9
+  creationTimestamp: null
+  name: yurtingresses.apps.openyurt.io
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .status.nginx_ingress_controller_version
+    description: The nginx ingress controller version
+    name: Nginx-Ingress-Version
+    type: string
+  - JSONPath: .status.ingress_controller_replicas_per_pool
+    description: The nginx ingress controller replicas per pool
+    name: Replicas-Per-Pool
+    type: integer
+  - JSONPath: .status.readyNum
+    description: The number of pools on which ingress is enabled
+    name: ReadyNum
+    type: integer
+  - JSONPath: .status.unreadyNum
+    description: The number of pools on which ingress is enabling or enable failed
+    name: NotReadyNum
+    type: integer
+  - JSONPath: .metadata.creationTimestamp
+    name: Age
+    type: date
+  group: apps.openyurt.io
+  names:
+    categories:
+    - all
+    kind: YurtIngress
+    listKind: YurtIngressList
+    plural: yurtingresses
+    shortNames:
+    - ying
+    singular: yurtingress
+  scope: Cluster
+  subresources:
+    status: {}
+  validation:
+    openAPIV3Schema:
+      description: YurtIngress is the Schema for the yurtingresses API
+      properties:
+        apiVersion:
+          description: 'APIVersion defines the versioned schema of this representation
+            of an object. Servers should convert recognized schemas to the latest
+            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+          type: string
+        kind:
+          description: 'Kind is a string value representing the REST resource this
+            object represents. Servers may infer this from the endpoint the client
+            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+          type: string
+        metadata:
+          type: object
+        spec:
+          description: YurtIngressSpec defines the desired state of YurtIngress
+          properties:
+            ingress_controller_replicas_per_pool:
+              description: Indicates the number of the ingress controllers to be deployed
+                under all the specified nodepools.
+              format: int32
+              type: integer
+            pools:
+              description: Indicates all the nodepools on which to enable ingress.
+              items:
+                description: IngressPool defines the details of a Pool for ingress
+                properties:
+                  name:
+                    description: Indicates the pool name.
+                    type: string
+                required:
+                - name
+                type: object
+              type: array
+          type: object
+        status:
+          description: YurtIngressStatus defines the observed state of YurtIngress
+          properties:
+            conditions:
+              description: Indicates all the nodepools on which to enable ingress.
+              properties:
+                ingressreadypools:
+                  description: Indicates the pools that ingress controller is deployed
+                    successfully.
+                  items:
+                    type: string
+                  type: array
+                ingressunreadypools:
+                  description: Indicates the pools that ingress controller is being
+                    deployed or deployed failed.
+                  items:
+                    description: IngressNotReadyPool defines the condition details
+                      of an ingress not ready Pool
+                    properties:
+                      name:
+                        description: Indicates the pool name.
+                        type: string
+                      poolinfo:
+                        description: Info of ingress not ready condition.
+                        properties:
+                          lastTransitionTime:
+                            description: Last time the condition transitioned from
+                              one status to another.
+                            format: date-time
+                            type: string
+                          message:
+                            description: A human readable message indicating details
+                              about the transition.
+                            type: string
+                          reason:
+                            description: The reason for the condition's last transition.
+                            type: string
+                          type:
+                            description: Type of ingress not ready condition.
+                            type: string
+                        type: object
+                    required:
+                    - name
+                    type: object
+                  type: array
+              type: object
+            ingress_controller_replicas_per_pool:
+              description: Indicates the number of the ingress controllers deployed
+                under all the specified nodepools.
+              format: int32
+              type: integer
+            nginx_ingress_controller_version:
+              description: Indicates the nginx ingress controller version deployed
+                under all the specified nodepools.
+              type: string
+            readyNum:
+              description: Total number of ready pools on which ingress is enabled.
+              format: int32
+              type: integer
+            unreadyNum:
+              description: Total number of unready pools on which ingress is enabling
+                or enable failed.
+              format: int32
+              type: integer
+          type: object
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

config/yurt-app-manager/crd/kustomization.yaml

@@ -5,6 +5,7 @@ resources:
 - bases/apps.openyurt.io_uniteddeployments.yaml
 - bases/apps.openyurt.io_nodepools.yaml
 - bases/apps.openyurt.io_yurtappdaemons.yaml
+- bases/apps.openyurt.io_yurtingresses.yaml
 
 patchesStrategicMerge:
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.

config/yurt-app-manager/crd/patches/cainjection_in_yurtingresses.yaml

@@ -0,0 +1,8 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: yurtingresses.apps.openyurt.io

config/yurt-app-manager/crd/patches/webhook_in_yurtingresses.yaml

@@ -0,0 +1,17 @@
+# The following patch enables conversion webhook for CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: yurtingresses.apps.openyurt.io
+spec:
+  conversion:
+    strategy: Webhook
+    webhookClientConfig:
+      # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
+      # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
+      caBundle: Cg==
+      service:
+        namespace: kube-system
+        name: webhook-service
+        path: /convert

config/yurt-app-manager/rbac/role.yaml

@@ -142,6 +142,38 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - apps.openyurt.io
+  resources:
+  - yurtingresses
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - apps.openyurt.io
+  resources:
+  - yurtingresses/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - batch
+  resources:
+  - jobs
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - coordination.k8s.io
   resources:
@@ -154,6 +186,18 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - ""
   resources:
@@ -166,6 +210,18 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - ""
   resources:
@@ -212,3 +268,51 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - services
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterrolebindings
+  verbs:
+  - '*'
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterroles
+  verbs:
+  - '*'
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - rolebindings
+  verbs:
+  - '*'
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - roles
+  verbs:
+  - '*'

config/yurt-app-manager/rbac/yurtingress_editor_role.yaml

@@ -0,0 +1,24 @@
+# permissions for end users to edit yurtingresses.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: yurtingress-editor-role
+rules:
+- apiGroups:
+  - apps.openyurt.io
+  resources:
+  - yurtingresses
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - apps.openyurt.io
+  resources:
+  - yurtingresses/status
+  verbs:
+  - get

config/yurt-app-manager/rbac/yurtingress_viewer_role.yaml

@@ -0,0 +1,20 @@
+# permissions for end users to view yurtingresses.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: yurtingress-viewer-role
+rules:
+- apiGroups:
+  - apps.openyurt.io
+  resources:
+  - yurtingresses
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - apps.openyurt.io
+  resources:
+  - yurtingresses/status
+  verbs:
+  - get