[node operator] PendingNode API gen

Signed-off-by: Malte Poll <mp@edgeless.systems>

operators/constellation-node-operator/PROJECT

@@ -31,4 +31,12 @@ resources:
   kind: ScalingGroup
   path: github.com/edgelesssys/constellation/operators/constellation-node-operator/api/v1alpha1
   version: v1alpha1
+- api:
+    crdVersion: v1
+  controller: true
+  domain: edgeless.systems
+  group: update
+  kind: PendingNode
+  path: github.com/edgelesssys/constellation/operators/constellation-node-operator/api/v1alpha1
+  version: v1alpha1
 version: "3"

operators/constellation-node-operator/api/v1alpha1/pendingnode_types.go

@@ -0,0 +1,50 @@
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// PendingNodeSpec defines the desired state of PendingNode
+type PendingNodeSpec struct {
+	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+
+	// Foo is an example field of PendingNode. Edit pendingnode_types.go to remove/update
+	Foo string `json:"foo,omitempty"`
+}
+
+// PendingNodeStatus defines the observed state of PendingNode
+type PendingNodeStatus struct {
+	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+}
+
+//+kubebuilder:object:root=true
+//+kubebuilder:subresource:status
+//+kubebuilder:resource:scope=Cluster
+
+// PendingNode is the Schema for the pendingnodes API
+type PendingNode struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   PendingNodeSpec   `json:"spec,omitempty"`
+	Status PendingNodeStatus `json:"status,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+
+// PendingNodeList contains a list of PendingNode
+type PendingNodeList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []PendingNode `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&PendingNode{}, &PendingNodeList{})
+}

operators/constellation-node-operator/api/v1alpha1/zz_generated.deepcopy.go

@@ -188,6 +188,95 @@ func (in *NodeImageStatus) DeepCopy() *NodeImageStatus {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PendingNode) DeepCopyInto(out *PendingNode) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	out.Spec = in.Spec
+	out.Status = in.Status
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PendingNode.
+func (in *PendingNode) DeepCopy() *PendingNode {
+	if in == nil {
+		return nil
+	}
+	out := new(PendingNode)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *PendingNode) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PendingNodeList) DeepCopyInto(out *PendingNodeList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]PendingNode, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PendingNodeList.
+func (in *PendingNodeList) DeepCopy() *PendingNodeList {
+	if in == nil {
+		return nil
+	}
+	out := new(PendingNodeList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *PendingNodeList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PendingNodeSpec) DeepCopyInto(out *PendingNodeSpec) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PendingNodeSpec.
+func (in *PendingNodeSpec) DeepCopy() *PendingNodeSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(PendingNodeSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PendingNodeStatus) DeepCopyInto(out *PendingNodeStatus) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PendingNodeStatus.
+func (in *PendingNodeStatus) DeepCopy() *PendingNodeStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(PendingNodeStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ScalingGroup) DeepCopyInto(out *ScalingGroup) {
 	*out = *in

operators/constellation-node-operator/config/crd/kustomization.yaml

@@ -5,6 +5,7 @@ resources:
 - bases/update.edgeless.systems_nodeimages.yaml
 - bases/update.edgeless.systems_autoscalingstrategies.yaml
 - bases/update.edgeless.systems_scalinggroups.yaml
+- bases/update.edgeless.systems_pendingnodes.yaml
 #+kubebuilder:scaffold:crdkustomizeresource
 
 patchesStrategicMerge:
@@ -13,6 +14,7 @@ patchesStrategicMerge:
 #- patches/webhook_in_nodeimages.yaml
 #- patches/webhook_in_autoscalingstrategies.yaml
 #- patches/webhook_in_scalinggroups.yaml
+#- patches/webhook_in_pendingnodes.yaml
 #+kubebuilder:scaffold:crdkustomizewebhookpatch
 
 # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix.
@@ -20,6 +22,7 @@ patchesStrategicMerge:
 #- patches/cainjection_in_nodeimages.yaml
 #- patches/cainjection_in_autoscalingstrategies.yaml
 #- patches/cainjection_in_scalinggroups.yaml
+#- patches/cainjection_in_pendingnodes.yaml
 #+kubebuilder:scaffold:crdkustomizecainjectionpatch
 
 # the following config is for teaching kustomize how to do kustomization for CRDs.

operators/constellation-node-operator/config/crd/patches/cainjection_in_pendingnodes.yaml

@@ -0,0 +1,7 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: pendingnodes.update.edgeless.systems

operators/constellation-node-operator/config/crd/patches/webhook_in_pendingnodes.yaml

@@ -0,0 +1,16 @@
+# The following patch enables a conversion webhook for the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: pendingnodes.update.edgeless.systems
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        service:
+          namespace: system
+          name: webhook-service
+          path: /convert
+      conversionReviewVersions:
+      - v1

operators/constellation-node-operator/config/rbac/pendingnode_editor_role.yaml

@@ -0,0 +1,24 @@
+# permissions for end users to edit pendingnodes.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: pendingnode-editor-role
+rules:
+- apiGroups:
+  - update.edgeless.systems
+  resources:
+  - pendingnodes
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - update.edgeless.systems
+  resources:
+  - pendingnodes/status
+  verbs:
+  - get

operators/constellation-node-operator/config/rbac/pendingnode_viewer_role.yaml

@@ -0,0 +1,20 @@
+# permissions for end users to view pendingnodes.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: pendingnode-viewer-role
+rules:
+- apiGroups:
+  - update.edgeless.systems
+  resources:
+  - pendingnodes
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - update.edgeless.systems
+  resources:
+  - pendingnodes/status
+  verbs:
+  - get

operators/constellation-node-operator/config/rbac/role.yaml

@@ -57,6 +57,32 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - update.edgeless.systems
+  resources:
+  - pendingnodes
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - update.edgeless.systems
+  resources:
+  - pendingnodes/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - update.edgeless.systems
+  resources:
+  - pendingnodes/status
+  verbs:
+  - get
+  - patch
+  - update
 - apiGroups:
   - update.edgeless.systems
   resources:

operators/constellation-node-operator/config/samples/kustomization.yaml

@@ -3,4 +3,5 @@ resources:
 - update_v1alpha1_nodeimage.yaml
 - update_v1alpha1_autoscalingstrategy.yaml
 - update_v1alpha1_scalinggroup.yaml
+- update_v1alpha1_pendingnode.yaml
 #+kubebuilder:scaffold:manifestskustomizesamples

operators/constellation-node-operator/config/samples/update_v1alpha1_pendingnode.yaml

@@ -0,0 +1,6 @@
+apiVersion: update.edgeless.systems/v1alpha1
+kind: PendingNode
+metadata:
+  name: pendingnode-sample
+spec:
+  # TODO(user): Add fields here

operators/constellation-node-operator/controllers/pendingnode_controller.go

@@ -0,0 +1,47 @@
+
+package controllers
+
+import (
+	"context"
+
+	"k8s.io/apimachinery/pkg/runtime"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/log"
+
+	updatev1alpha1 "github.com/edgelesssys/constellation/operators/constellation-node-operator/api/v1alpha1"
+)
+
+// PendingNodeReconciler reconciles a PendingNode object
+type PendingNodeReconciler struct {
+	client.Client
+	Scheme *runtime.Scheme
+}
+
+//+kubebuilder:rbac:groups=update.edgeless.systems,resources=pendingnodes,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=update.edgeless.systems,resources=pendingnodes/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=update.edgeless.systems,resources=pendingnodes/finalizers,verbs=update
+
+// Reconcile is part of the main kubernetes reconciliation loop which aims to
+// move the current state of the cluster closer to the desired state.
+// TODO(user): Modify the Reconcile function to compare the state specified by
+// the PendingNode object against the actual cluster state, and then
+// perform operations to make the cluster state reflect the state specified by
+// the user.
+//
+// For more details, check Reconcile and its Result here:
+// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.11.2/pkg/reconcile
+func (r *PendingNodeReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
+	_ = log.FromContext(ctx)
+
+	// TODO(user): your logic here
+
+	return ctrl.Result{}, nil
+}
+
+// SetupWithManager sets up the controller with the Manager.
+func (r *PendingNodeReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	return ctrl.NewControllerManagedBy(mgr).
+		For(&updatev1alpha1.PendingNode{}).
+		Complete(r)
+}

operators/constellation-node-operator/main.go

@@ -84,6 +84,13 @@ func main() {
 		setupLog.Error(err, "unable to create controller", "controller", "ScalingGroup")
 		os.Exit(1)
 	}
+	if err = (&controllers.PendingNodeReconciler{
+		Client: mgr.GetClient(),
+		Scheme: mgr.GetScheme(),
+	}).SetupWithManager(mgr); err != nil {
+		setupLog.Error(err, "unable to create controller", "controller", "PendingNode")
+		os.Exit(1)
+	}
 	//+kubebuilder:scaffold:builder
 
 	if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {