[node operator] ScalingGroup API gen

Signed-off-by: Malte Poll <mp@edgeless.systems>

operators/constellation-node-operator/config/crd/kustomization.yaml

@@ -4,6 +4,7 @@
 resources:
 - bases/update.edgeless.systems_nodeimages.yaml
 - bases/update.edgeless.systems_autoscalingstrategies.yaml
+- bases/update.edgeless.systems_scalinggroups.yaml
 #+kubebuilder:scaffold:crdkustomizeresource
 
 patchesStrategicMerge:
@@ -11,12 +12,14 @@ patchesStrategicMerge:
 # patches here are for enabling the conversion webhook for each CRD
 #- patches/webhook_in_nodeimages.yaml
 #- patches/webhook_in_autoscalingstrategies.yaml
+#- patches/webhook_in_scalinggroups.yaml
 #+kubebuilder:scaffold:crdkustomizewebhookpatch
 
 # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix.
 # patches here are for enabling the CA injection for each CRD
 #- patches/cainjection_in_nodeimages.yaml
 #- patches/cainjection_in_autoscalingstrategies.yaml
+#- patches/cainjection_in_scalinggroups.yaml
 #+kubebuilder:scaffold:crdkustomizecainjectionpatch
 
 # the following config is for teaching kustomize how to do kustomization for CRDs.

operators/constellation-node-operator/config/crd/patches/cainjection_in_scalinggroups.yaml

@@ -0,0 +1,7 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: scalinggroups.update.edgeless.systems

operators/constellation-node-operator/config/crd/patches/webhook_in_scalinggroups.yaml

@@ -0,0 +1,16 @@
+# The following patch enables a conversion webhook for the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: scalinggroups.update.edgeless.systems
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        service:
+          namespace: system
+          name: webhook-service
+          path: /convert
+      conversionReviewVersions:
+      - v1

operators/constellation-node-operator/config/rbac/role.yaml

@@ -57,3 +57,29 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - update.edgeless.systems
+  resources:
+  - scalinggroups
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - update.edgeless.systems
+  resources:
+  - scalinggroups/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - update.edgeless.systems
+  resources:
+  - scalinggroups/status
+  verbs:
+  - get
+  - patch
+  - update

operators/constellation-node-operator/config/rbac/scalinggroup_editor_role.yaml

@@ -0,0 +1,24 @@
+# permissions for end users to edit scalinggroups.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: scalinggroup-editor-role
+rules:
+- apiGroups:
+  - update.edgeless.systems
+  resources:
+  - scalinggroups
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - update.edgeless.systems
+  resources:
+  - scalinggroups/status
+  verbs:
+  - get

operators/constellation-node-operator/config/rbac/scalinggroup_viewer_role.yaml

@@ -0,0 +1,20 @@
+# permissions for end users to view scalinggroups.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: scalinggroup-viewer-role
+rules:
+- apiGroups:
+  - update.edgeless.systems
+  resources:
+  - scalinggroups
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - update.edgeless.systems
+  resources:
+  - scalinggroups/status
+  verbs:
+  - get

operators/constellation-node-operator/config/samples/kustomization.yaml

@@ -2,4 +2,5 @@
 resources:
 - update_v1alpha1_nodeimage.yaml
 - update_v1alpha1_autoscalingstrategy.yaml
+- update_v1alpha1_scalinggroup.yaml
 #+kubebuilder:scaffold:manifestskustomizesamples

operators/constellation-node-operator/config/samples/update_v1alpha1_scalinggroup.yaml

@@ -0,0 +1,6 @@
+apiVersion: update.edgeless.systems/v1alpha1
+kind: ScalingGroup
+metadata:
+  name: scalinggroup-sample
+spec:
+  # TODO(user): Add fields here