* Feat: Gateway Routes Specs, plus resource and status init progress
* Generated content, RBAC and start of e2e
* latest code POC Working but e2e fails
* Use Gateway API v1.2.0
* Remove draft comment
* Use TCPRoute
* Revert the charts folder to reduce noise
* Use the correct controller-gen version
* Rename fields and fix tcp/tls typos
* Rename TLSRouteSpec to GatewayRouteSpec
* Remove last instance of tcproute
* Renaming more fields to match the gateway api naming
* Remove ownership of the gateway
* Revert Ko to 0.14.1 and makefile comments
* service discovery, webhooks, and deadcode removal.
* add conditional check for gateway api resources and mark is as owned!
* removing duplicated code and note for maybe a refactor later
* E2E now works!
* e2e suite modifications to support Gateway API v1alpha2 TLSRoute
* Suggestions commit, naming and other related.
* First pass at the status update
* Rename route to gateway
* Only allow one hostname in gateway
* Update status types
* WIP: testing conditions
* Update status API
* Add tests
* Detect endpoint
* Update manifests
* Remove old code and use proper condition check
* Fix compilation error
* Watch the Gateway resources
* Rename fields
* Add missing port
* Add ingress endpoint to the kubeadm
* Error if access points are empty
* Check the spec and status to delay the creation of the kubeadm
* Use the spec for the hostname
* Update api/v1alpha1/tenantcontrolplane_types.go
Co-authored-by: Dario Tranchitella <dario@tranchitella.eu>
* PR fixes, CEL k8s validations, proper status updates checks
* more context and separation of functions
* resolve all pr comments, with indexer
* merge master - go {sum,mod} updates dependabot
* Feat: Gateway Routes Specs, plus resource and status init progress
* Use Gateway API v1.2.0
* merge master - go {sum,mod} updates dependabot
* sum go mod tidy
* leftover comments
* clean go.sum
* fix: missing generated crds spec
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
* docs: gateway api support
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
* golint comments
* linting and test fix.
* Gateway API resource watching was made conditional to prevent crashes when CRDs are absent, and TLSRoute creation now returns an error when the service isn't ready instead of creating invalid resources with empty rules.
* unit test was incorrect after all the fixes we did, gracefull errors are not expected due to conditional adds
* fix(conditional-indexer): Gateway Indexer should also be conditional
* fix(conditional-indexer): Gateway Indexer should also be conditional
---------
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
Co-authored-by: Hadrien Kohl <hadrien.kohl@gmail.com>
Co-authored-by: Dario Tranchitella <dario@tranchitella.eu>
* feat(migration): cleanup prior migration
When using the annotation `kamaji.clastix.io/cleanup-prior-migration`
with a true boolean value, Kamaji will perform a clean-up on the target
DataStore to avoid stale resources when back and forth migrations occur.
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
* docs: cleanup prior migration
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
---------
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
* feat: buffered channels for generic events
Channels used for GenericEvent feeding for cross controllers triggers
are now buffered according to the --max-concurrent-tcp-reconciles: this
is required to avoid channel full errors when dealing with large
management clusters serving a sizeable amount of Tenant Control Planes.
Increasing this value will put more pressure on memory (mostly for GC)
and CPU (provisioning multiple certificates at the same time).
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
* refactor: retrying datastore status update
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
* feat(performance): reducing memory consumption for channel triggers
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
* feat(datastore): reconcile events only for root object changes
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
* feat: waiting soot manager exit before termination
This change introduces a grace period of 10 seconds before abruptly
terminating the Tenant Control Plane deployment, allowing the soot
manager to complete its exit procedure and avoid false positive errors
due to API Server being unresponsive due to user deletion.
Aim of this change is reducing the amount of false positive errors upon
mass deletion of Tenant COntrol Plane objects.
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
* refactor: unbuffered channel with timeout
WatchesRawSource is non blocking, no need to check if channel is full.
To prevent deadlocks a WithTimeout check has been introduced.
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
---------
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
* feat(webhook): validating api server cert sans
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
* feat(controller): validating api server cert sans
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
---------
Signed-off-by: Dario Tranchitella <dario@tranchitella.eu>
* feat(crd): add LoadBalancerSourceRanges field and integrate with service resource
* test(crd): add tests for CEL validation logic
* feat(webhook): implement LoadBalancerSourceRanges validation logic for CIDRs
* test(webhook): add tests for webhook validation logic
* test: modify Makefile for envtest setup
* docs: add LoadBalancerSourceRanges field to API reference
