k8supdates: label nodes with k8s component hash

2025-11-13 09:00:38 -05:00 · 2022-12-06 18:48:01 +01:00 · 2022-12-06 18:48:01 +01:00 · a1161ae05d
commit a1161ae05d
parent 1466c12972
30 changed files with 869 additions and 18 deletions
--- a/operators/constellation-node-operator/config/crd/bases/update.edgeless.systems_joiningnodes.yaml
+++ b/operators/constellation-node-operator/config/crd/bases/update.edgeless.systems_joiningnodes.yaml
@ -0,0 +1,54 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.9.0
+  creationTimestamp: null
+  name: joiningnodes.update.edgeless.systems
+spec:
+  group: update.edgeless.systems
+  names:
+    kind: JoiningNode
+    listKind: JoiningNodeList
+    plural: joiningnodes
+    singular: joiningnode
+  scope: Cluster
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: JoiningNode is the Schema for the joiningnodes API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: JoiningNodeSpec defines the components hash which the node
+              should be annotated with.
+            properties:
+              componentshash:
+                description: ComponentsHash is the hash of the components that were
+                  sent to the node by the join service.
+                type: string
+              name:
+                description: Name of the node expected to join.
+                type: string
+            type: object
+          status:
+            description: JoiningNodeStatus defines the observed state of JoiningNode.
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
--- a/operators/constellation-node-operator/config/crd/kustomization.yaml
+++ b/operators/constellation-node-operator/config/crd/kustomization.yaml
@ -3,6 +3,7 @@
 # It should be run by config/default
 resources:
 - bases/update.edgeless.systems_nodeimages.yaml
+- bases/update.edgeless.systems_joiningnodes.yaml
 - bases/update.edgeless.systems_autoscalingstrategies.yaml
 - bases/update.edgeless.systems_scalinggroups.yaml
 - bases/update.edgeless.systems_pendingnodes.yaml
@ -12,6 +13,7 @@ patchesStrategicMerge:
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
 # patches here are for enabling the conversion webhook for each CRD
 #- patches/webhook_in_nodeimages.yaml
+#- patches/webhook_in_joiningnodes.yaml
 #- patches/webhook_in_autoscalingstrategies.yaml
 #- patches/webhook_in_scalinggroups.yaml
 #- patches/webhook_in_pendingnodes.yaml
@ -20,6 +22,7 @@ patchesStrategicMerge:
 # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix.
 # patches here are for enabling the CA injection for each CRD
 #- patches/cainjection_in_nodeimages.yaml
+#- patches/cainjection_in_joiningnodes.yaml
 #- patches/cainjection_in_autoscalingstrategies.yaml
 #- patches/cainjection_in_scalinggroups.yaml
 #- patches/cainjection_in_pendingnodes.yaml
--- a/operators/constellation-node-operator/config/crd/patches/cainjection_in_joiningnodes.yaml
+++ b/operators/constellation-node-operator/config/crd/patches/cainjection_in_joiningnodes.yaml
@ -0,0 +1,7 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: joiningnodes.update.edgeless.systems
--- a/operators/constellation-node-operator/config/crd/patches/webhook_in_joiningnodes.yaml
+++ b/operators/constellation-node-operator/config/crd/patches/webhook_in_joiningnodes.yaml
@ -0,0 +1,16 @@
+# The following patch enables a conversion webhook for the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: joiningnodes.update.edgeless.systems
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        service:
+          namespace: system
+          name: webhook-service
+          path: /convert
+      conversionReviewVersions:
+      - v1