├── .dockerignore ├── .github ├── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md ├── PULL_REQUEST_TEMPLATE.md └── workflows │ └── golangci-lint.yml ├── .gitignore ├── .golangci.yml ├── CONTRIBUTING.md ├── Dockerfile ├── LICENSE ├── Makefile ├── OWNERS ├── OWNERS_ALIASES ├── PROJECT ├── README.md ├── RELEASE.md ├── SECURITY.md ├── SECURITY_CONTACTS ├── api └── v1alpha4 │ ├── groupversion_info.go │ ├── nestedcluster_types.go │ ├── nestedcluster_webhook.go │ ├── nestedcluster_webhook_test.go │ ├── webhooks.go │ └── zz_generated.deepcopy.go ├── cloudbuild.yaml ├── code-of-conduct.md ├── config ├── certmanager │ ├── certificate.yaml │ ├── kustomization.yaml │ └── kustomizeconfig.yaml ├── crd │ ├── bases │ │ └── infrastructure.cluster.x-k8s.io_nestedclusters.yaml │ └── kustomization.yaml ├── default │ ├── kustomization.yaml │ ├── manager_auth_proxy_patch.yaml │ ├── manager_image_patch.yaml │ ├── manager_pull_policy.yaml │ ├── manager_webhook_patch.yaml │ └── webhookcainjection_patch.yaml ├── manager │ ├── kustomization.yaml │ └── manager.yaml ├── prometheus │ ├── kustomization.yaml │ └── monitor.yaml ├── rbac │ ├── auth_proxy_client_clusterrole.yaml │ ├── auth_proxy_role.yaml │ ├── auth_proxy_role_binding.yaml │ ├── auth_proxy_service.yaml │ ├── kustomization.yaml │ ├── leader_election_role.yaml │ ├── leader_election_role_binding.yaml │ ├── nestedcluster_editor_role.yaml │ ├── nestedcluster_viewer_role.yaml │ ├── role.yaml │ ├── role_binding.yaml │ └── service_account.yaml ├── samples │ ├── controlplane_v1alpha4_nestedapiserver.yaml │ ├── controlplane_v1alpha4_nestedcontrollermanager.yaml │ ├── controlplane_v1alpha4_nestedcontrolplane.yaml │ ├── controlplane_v1alpha4_nestedetcd.yaml │ ├── infrastructure_v1alpha4_nestedcluster.yaml │ └── v1alpha4_cluster.yaml └── webhook │ ├── kustomization.yaml │ ├── kustomizeconfig.yaml │ ├── manifests.yaml │ └── service.yaml ├── controllers ├── nestedcluster_controller.go └── suite_test.go ├── controlplane └── nested │ ├── PROJECT │ ├── api │ └── v1alpha4 │ │ ├── groupversion_info.go │ │ ├── nestedapiserver_types.go │ │ ├── nestedcomponent_types.go │ │ ├── nestedcontrollermanager_types.go │ │ ├── nestedcontrolplane_types.go │ │ ├── nestedetcd_types.go │ │ └── zz_generated.deepcopy.go │ ├── certificate │ ├── consts.go │ ├── helpers.go │ ├── keypair.go │ ├── keypair_test.go │ ├── keypairs.go │ ├── keypairs_test.go │ ├── types.go │ └── util │ │ └── util.go │ ├── config │ ├── certmanager │ │ ├── certificate.yaml │ │ ├── kustomization.yaml │ │ └── kustomizeconfig.yaml │ ├── crd │ │ ├── bases │ │ │ ├── controlplane.cluster.x-k8s.io_nestedapiservers.yaml │ │ │ ├── controlplane.cluster.x-k8s.io_nestedcontrollermanagers.yaml │ │ │ ├── controlplane.cluster.x-k8s.io_nestedcontrolplanes.yaml │ │ │ └── controlplane.cluster.x-k8s.io_nestedetcds.yaml │ │ └── kustomization.yaml │ ├── default │ │ ├── kustomization.yaml │ │ ├── manager_auth_proxy_patch.yaml │ │ ├── manager_image_patch.yaml │ │ ├── manager_pull_policy.yaml │ │ ├── manager_webhook_patch.yaml │ │ └── webhookcainjection_patch.yaml │ ├── manager │ │ ├── kustomization.yaml │ │ └── manager.yaml │ ├── rbac │ │ ├── auth_proxy_client_clusterrole.yaml │ │ ├── auth_proxy_role.yaml │ │ ├── auth_proxy_role_binding.yaml │ │ ├── auth_proxy_service.yaml │ │ ├── kustomization.yaml │ │ ├── leader_election_role.yaml │ │ ├── leader_election_role_binding.yaml │ │ ├── nestedapiserver_editor_role.yaml │ │ ├── nestedapiserver_viewer_role.yaml │ │ ├── nestedcontrollermanager_editor_role.yaml │ │ ├── nestedcontrollermanager_viewer_role.yaml │ │ ├── nestedcontrolplane_editor_role.yaml │ │ ├── nestedcontrolplane_viewer_role.yaml │ │ ├── nestedetcd_editor_role.yaml │ │ ├── nestedetcd_viewer_role.yaml │ │ ├── role.yaml │ │ ├── role_binding.yaml │ │ └── service_account.yaml │ └── webhook │ │ ├── kustomization.yaml │ │ ├── kustomizeconfig.yaml │ │ └── service.yaml │ ├── controllers │ ├── consts.go │ ├── controller_util.go │ ├── controller_util_test.go │ ├── nestedapiserver_controller.go │ ├── nestedcontrollermanager_controller.go │ ├── nestedcontrolplane_controller.go │ ├── nestedetcd_controller.go │ └── suite_test.go │ ├── kubeadm │ ├── consts.go │ └── kubeadm.go │ └── main.go ├── docs ├── Makefile ├── README.md ├── dev-quickstart.md └── proposals │ ├── 00_capn-glossary.md │ ├── 20201026-creating-control-plane-components.md │ ├── 20210126-nc-and-ncp.md │ ├── 20220206-quota.md │ ├── YYYYMMDD-template.md │ ├── images │ ├── componentcontrollers │ │ ├── in-tree.png │ │ └── out-of-tree.png │ ├── nestedcontrolplane │ │ ├── nc-activity.plantuml │ │ ├── nc-activity.png │ │ ├── ncp-activity.plantuml │ │ └── ncp-activity.png │ └── quota │ │ └── plugin.png │ └── out-of-tree.png ├── go.mod ├── go.sum ├── hack ├── boilerplate.go.txt ├── boilerplate │ ├── boilerplate.Dockerfile.txt │ ├── boilerplate.Makefile.txt │ ├── boilerplate.bzl.txt │ ├── boilerplate.generatebzl.txt │ ├── boilerplate.generatego.txt │ ├── boilerplate.go.txt │ ├── boilerplate.py │ ├── boilerplate.py.txt │ ├── boilerplate.sh.txt │ ├── boilerplate_test.py │ └── test │ │ ├── fail.go │ │ ├── fail.py │ │ ├── pass.go │ │ └── pass.py ├── ensure-go.sh ├── ensure-golangci-lint.sh ├── ensure-kind.sh ├── ensure-kubectl.sh ├── ensure-kustomize.sh ├── pin-dependency.sh ├── tools │ ├── go.mod │ ├── go.sum │ ├── release │ │ └── notes.go │ └── tools.go ├── utils.sh ├── verify-boilerplate.sh ├── verify-doctoc.sh ├── verify-shellcheck.sh ├── verify-starlark.sh └── version.sh ├── main.go ├── metadata.yaml ├── scripts ├── ci-build.sh ├── ci-make.sh ├── ci-test.sh └── fetch_ext_bins.sh ├── templates ├── cluster-template-certmanager.yaml ├── cluster-template-virtualcluster.yaml └── cluster-template.yaml └── virtualcluster ├── .gitignore ├── .golangci.yml ├── Dockerfile ├── Makefile ├── OWNERS ├── PROJECT ├── README.md ├── cmd ├── kubectl-vc │ ├── create.go │ ├── exec.go │ ├── root.go │ └── util.go ├── manager │ └── main.go ├── syncer │ ├── app │ │ ├── config │ │ │ └── config.go │ │ ├── options │ │ │ └── options.go │ │ └── server.go │ ├── builtins.go │ ├── builtins_extra.go │ └── main.go └── vn-agent │ ├── app │ ├── options │ │ └── options.go │ └── server.go │ └── main.go ├── config ├── crd │ ├── tenancy.x-k8s.io_clusterversions.yaml │ └── tenancy.x-k8s.io_virtualclusters.yaml ├── default │ ├── kustomization.yaml │ ├── manager_auth_proxy_patch.yaml │ ├── manager_image_patch.yaml │ └── manager_prometheus_metrics_patch.yaml ├── manager │ └── manager.yaml ├── rbac │ ├── auth_proxy_role.yaml │ ├── auth_proxy_role_binding.yaml │ ├── auth_proxy_service.yaml │ ├── rbac_role.yaml │ ├── rbac_role_binding.yaml │ └── role.yaml ├── sampleswithspec │ ├── clusterversion_v1_loadbalancer.yaml │ ├── clusterversion_v1_nodeport.yaml │ ├── coredns.yaml │ ├── coredns_external.yaml │ ├── example_foo.yaml │ ├── tenancy.x-k8s.io_clusterversions.yaml │ ├── virtualcluster_1_loadbalancer.yaml │ ├── virtualcluster_1_nodeport.yaml │ └── virtualcluster_capi.yaml └── setup │ ├── all_in_one.yaml │ ├── all_in_one_aliyun.yaml │ ├── all_in_one_capi.yaml │ └── sample_foo_controller.yaml ├── doc ├── customresource-syncer.md ├── demo.md ├── images │ └── cr-syncer.png ├── tenant-dns.md └── vc-icdcs.pdf ├── experiment ├── .gitignore ├── Makefile ├── OWNERS ├── README.md ├── cmd │ └── scheduler │ │ ├── app │ │ ├── config │ │ │ └── config.go │ │ ├── options │ │ │ └── options.go │ │ └── server.go │ │ ├── main.go │ │ ├── superclusterresources.go │ │ └── virtualclusterresource.go ├── config │ ├── crd │ │ └── cluster.x-k8s.io_clusters.yaml │ └── setup │ │ ├── all_in_one.yaml │ │ ├── cluster-id.yaml.sed │ │ ├── deploy-cluster-id.sh │ │ ├── deploy-syncer.sh │ │ ├── setup-supercluster-minikube.sh │ │ └── syncer.yaml.sed ├── doc │ ├── demo-arch.png │ └── demo.md ├── hack │ ├── lib │ │ ├── build.sh │ │ ├── docker-image.sh │ │ ├── init.sh │ │ └── util.sh │ └── make-rules │ │ ├── build.sh │ │ └── release-images.sh └── pkg │ ├── apis │ └── cluster │ │ └── v1alpha4 │ │ ├── cluster_phase_types.go │ │ ├── cluster_types.go │ │ ├── condition_types.go │ │ ├── doc.go │ │ ├── register.go │ │ └── zz_generated.deepcopy.go │ ├── client │ ├── clientset │ │ └── versioned │ │ │ ├── clientset.go │ │ │ ├── doc.go │ │ │ ├── fake │ │ │ ├── clientset_generated.go │ │ │ ├── doc.go │ │ │ └── register.go │ │ │ ├── scheme │ │ │ ├── doc.go │ │ │ └── register.go │ │ │ └── typed │ │ │ └── cluster │ │ │ └── v1alpha4 │ │ │ ├── cluster.go │ │ │ ├── cluster_client.go │ │ │ ├── doc.go │ │ │ ├── fake │ │ │ ├── doc.go │ │ │ ├── fake_cluster.go │ │ │ └── fake_cluster_client.go │ │ │ └── generated_expansion.go │ ├── informers │ │ └── externalversions │ │ │ ├── cluster │ │ │ ├── interface.go │ │ │ └── v1alpha4 │ │ │ │ ├── cluster.go │ │ │ │ └── interface.go │ │ │ ├── factory.go │ │ │ ├── generic.go │ │ │ └── internalinterfaces │ │ │ └── factory_interfaces.go │ └── listers │ │ └── cluster │ │ └── v1alpha4 │ │ ├── cluster.go │ │ └── expansion_generated.go │ └── scheduler │ ├── algorithm │ ├── namespacesched.go │ └── types.go │ ├── apis │ └── config │ │ └── types.go │ ├── cache │ ├── cache.go │ ├── cache_test.go │ ├── cluster.go │ ├── cluster_test.go │ ├── interface.go │ ├── namespace.go │ ├── namespace_test.go │ ├── pod.go │ ├── snapshot.go │ └── snapshot_test.go │ ├── constants │ └── constants.go │ ├── engine │ ├── schedulerengine.go │ └── schedulerengine_test.go │ ├── health.go │ ├── manager │ └── manager.go │ ├── metrics │ └── metrics.go │ ├── reconciler.go │ ├── resource │ ├── supercluster │ │ └── namespace │ │ │ └── controller.go │ └── virtualcluster │ │ ├── namespace │ │ └── controller.go │ │ ├── pod │ │ └── controller.go │ │ └── resourcequota │ │ └── controller.go │ ├── scheduler.go │ └── util │ ├── helper.go │ └── helper_test.go ├── go.mod ├── go.sum ├── hack ├── boilerplate.go.txt ├── install │ └── install_ci_related.sh ├── lib │ ├── build.sh │ ├── docker-image.sh │ ├── init.sh │ └── util.sh ├── make-rules │ ├── build.sh │ ├── release-images.sh │ ├── replace-null.sh │ └── test-e2e-k8s.sh ├── tools.go └── update-codegen.sh ├── pkg ├── apis │ ├── addtoscheme_tenancy_v1alpha1.go │ ├── apis.go │ └── tenancy │ │ ├── group.go │ │ └── v1alpha1 │ │ ├── clusterversion.go │ │ ├── clusterversion_types.go │ │ ├── clusterversion_types_test.go │ │ ├── doc.go │ │ ├── register.go │ │ ├── v1alpha1_suite_test.go │ │ ├── virtualcluster_types.go │ │ ├── virtualcluster_types_test.go │ │ ├── virtualcluster_webhook.go │ │ └── zz_generated.deepcopy.go ├── client │ ├── clientset │ │ └── versioned │ │ │ ├── clientset.go │ │ │ ├── doc.go │ │ │ ├── fake │ │ │ ├── clientset_generated.go │ │ │ ├── doc.go │ │ │ └── register.go │ │ │ ├── scheme │ │ │ ├── doc.go │ │ │ └── register.go │ │ │ └── typed │ │ │ └── tenancy │ │ │ └── v1alpha1 │ │ │ ├── clusterversion.go │ │ │ ├── doc.go │ │ │ ├── fake │ │ │ ├── doc.go │ │ │ ├── fake_clusterversion.go │ │ │ ├── fake_tenancy_client.go │ │ │ └── fake_virtualcluster.go │ │ │ ├── generated_expansion.go │ │ │ ├── tenancy_client.go │ │ │ └── virtualcluster.go │ ├── informers │ │ └── externalversions │ │ │ ├── factory.go │ │ │ ├── generic.go │ │ │ ├── internalinterfaces │ │ │ └── factory_interfaces.go │ │ │ └── tenancy │ │ │ ├── interface.go │ │ │ └── v1alpha1 │ │ │ ├── clusterversion.go │ │ │ ├── interface.go │ │ │ └── virtualcluster.go │ └── listers │ │ └── tenancy │ │ └── v1alpha1 │ │ ├── clusterversion.go │ │ ├── expansion_generated.go │ │ └── virtualcluster.go ├── controller │ ├── constants │ │ └── constants.go │ ├── controller.go │ ├── controllers │ │ ├── capi_virtualcluster_controller.go │ │ ├── clusterversion_controller.go │ │ ├── clusterversion_controller_test.go │ │ ├── metrics.go │ │ ├── provisioner │ │ │ ├── provisioner.go │ │ │ ├── provisioner_aliyun.go │ │ │ └── provisioner_native.go │ │ ├── suite_test.go │ │ ├── virtualcluster_controller.go │ │ └── virtualcluster_controller_test.go │ ├── kubeconfig │ │ └── kubeconfig.go │ ├── pki │ │ └── pki.go │ ├── secret │ │ └── secret.go │ └── util │ │ ├── aliyun │ │ └── util.go │ │ ├── kube │ │ └── util.go │ │ ├── logr │ │ └── util.go │ │ ├── net │ │ └── util.go │ │ └── strings │ │ └── util.go ├── syncer │ ├── apis │ │ └── config │ │ │ └── types.go │ ├── constants │ │ └── constants.go │ ├── conversion │ │ ├── envvars │ │ │ ├── doc.go │ │ │ ├── envvars.go │ │ │ └── envvars_test.go │ │ ├── equality.go │ │ ├── equality_test.go │ │ ├── helper.go │ │ ├── helper_test.go │ │ ├── mutate.go │ │ └── mutate_test.go │ ├── manager │ │ ├── manager.go │ │ └── manager_test.go │ ├── metrics │ │ └── metrics.go │ ├── patrol │ │ ├── differ │ │ │ ├── differ.go │ │ │ ├── differ_test.go │ │ │ └── handler.go │ │ ├── options.go │ │ └── patroller.go │ ├── resources │ │ ├── configmap │ │ │ ├── checker.go │ │ │ ├── checker_test.go │ │ │ ├── controller.go │ │ │ ├── dws.go │ │ │ └── dws_test.go │ │ ├── crd │ │ │ ├── checker.go │ │ │ ├── controller.go │ │ │ └── uws.go │ │ ├── endpoints │ │ │ ├── checker.go │ │ │ ├── checker_test.go │ │ │ ├── controller.go │ │ │ ├── dws.go │ │ │ └── dws_test.go │ │ ├── event │ │ │ ├── controller.go │ │ │ ├── uws.go │ │ │ └── uws_test.go │ │ ├── ingress │ │ │ ├── checker.go │ │ │ ├── checker_test.go │ │ │ ├── controller.go │ │ │ ├── dws.go │ │ │ ├── dws_test.go │ │ │ ├── uws.go │ │ │ └── uws_test.go │ │ ├── namespace │ │ │ ├── checker.go │ │ │ ├── checker_test.go │ │ │ ├── controller.go │ │ │ ├── dws.go │ │ │ └── dws_test.go │ │ ├── node │ │ │ ├── controller.go │ │ │ ├── dws.go │ │ │ ├── uws.go │ │ │ └── uws_test.go │ │ ├── persistentvolume │ │ │ ├── checker.go │ │ │ ├── checker_test.go │ │ │ ├── controller.go │ │ │ ├── uws.go │ │ │ └── uws_test.go │ │ ├── persistentvolumeclaim │ │ │ ├── checker.go │ │ │ ├── checker_test.go │ │ │ ├── controller.go │ │ │ ├── dws.go │ │ │ ├── dws_test.go │ │ │ ├── uws.go │ │ │ └── uws_test.go │ │ ├── pod │ │ │ ├── checker.go │ │ │ ├── checker_test.go │ │ │ ├── controller.go │ │ │ ├── dws.go │ │ │ ├── dws_test.go │ │ │ ├── mutatorplugin │ │ │ │ ├── interface.go │ │ │ │ ├── podkubeapiaccessmutator.go │ │ │ │ ├── podkubeapiaccessmutator_test.go │ │ │ │ ├── podmountserviceaccounttokenmutator.go │ │ │ │ ├── podrootcacertmutator.go │ │ │ │ ├── podrootcacertmutator_test.go │ │ │ │ └── podservicelinkmutator.go │ │ │ ├── uws.go │ │ │ ├── uws_test.go │ │ │ └── validationplugin │ │ │ │ ├── README.md │ │ │ │ └── interface.go │ │ ├── priorityclass │ │ │ ├── checker.go │ │ │ ├── checker_test.go │ │ │ ├── controller.go │ │ │ ├── uws.go │ │ │ └── uws_test.go │ │ ├── secret │ │ │ ├── checker.go │ │ │ ├── checker_test.go │ │ │ ├── controller.go │ │ │ ├── dws.go │ │ │ └── dws_test.go │ │ ├── service │ │ │ ├── checker.go │ │ │ ├── checker_test.go │ │ │ ├── controller.go │ │ │ ├── dws.go │ │ │ ├── dws_test.go │ │ │ ├── uws.go │ │ │ └── uws_test.go │ │ ├── serviceaccount │ │ │ ├── checker.go │ │ │ ├── checker_test.go │ │ │ ├── controller.go │ │ │ ├── dws.go │ │ │ └── dws_test.go │ │ └── storageclass │ │ │ ├── checker.go │ │ │ ├── checker_test.go │ │ │ ├── controller.go │ │ │ ├── uws.go │ │ │ └── uws_test.go │ ├── syncer.go │ ├── util │ │ ├── featuregate │ │ │ └── gate.go │ │ ├── helper.go │ │ ├── scheme │ │ │ └── scheme.go │ │ └── test │ │ │ ├── featuregate.go │ │ │ ├── runDWS.go │ │ │ ├── runPatrol.go │ │ │ └── runUWS.go │ ├── uwcontroller │ │ ├── options.go │ │ └── uwcontroller.go │ └── vnode │ │ ├── native │ │ ├── provider.go │ │ └── provider_test.go │ │ ├── pod │ │ ├── provider.go │ │ └── provider_test.go │ │ ├── provider │ │ └── provider.go │ │ ├── service │ │ ├── provider.go │ │ └── provider_test.go │ │ └── vnode.go ├── util │ ├── cluster │ │ ├── cluster.go │ │ └── fake_cluster.go │ ├── constants │ │ └── constants.go │ ├── errors │ │ ├── errors.go │ │ └── errors_test.go │ ├── fairqueue │ │ ├── balancer │ │ │ ├── balancer.go │ │ │ └── weightedroundrobin │ │ │ │ ├── scheduler.go │ │ │ │ └── scheduler_test.go │ │ ├── delaying.go │ │ ├── fair.go │ │ ├── fair_test.go │ │ ├── fifo.go │ │ └── option.go │ ├── flag │ │ └── flags.go │ ├── handler │ │ ├── enqueue_object.go │ │ ├── enqueue_object_test.go │ │ └── types.go │ ├── listener │ │ ├── adapter.go │ │ └── listener.go │ ├── mccontroller │ │ ├── mccontroller.go │ │ └── options.go │ ├── pki │ │ └── util.go │ ├── plugin │ │ ├── context.go │ │ ├── plugin.go │ │ └── plugin_test.go │ ├── reconciler │ │ └── reconciler.go │ └── record │ │ └── event.go ├── version │ ├── base.go │ ├── verflag │ │ └── verflag.go │ └── version.go ├── vn-agent │ ├── certificate │ │ └── cert.go │ ├── config │ │ └── config.go │ ├── server │ │ ├── metrics.go │ │ ├── route.go │ │ ├── server.go │ │ ├── test │ │ │ ├── go.mod │ │ │ ├── go.sum │ │ │ └── server_test.go │ │ └── translate.go │ └── testcerts │ │ ├── certs.go │ │ └── gencerts.sh └── webhook │ ├── add_virtualcluster.go │ ├── virtualcluster │ └── virtualcluster_webhook.go │ └── webhook.go └── test └── e2e ├── e2e.go ├── e2e_test.go ├── framework ├── cleanup.go ├── clusterversion │ ├── create.go │ └── delete.go ├── framework.go ├── ginkgowrapper │ └── wrapper.go ├── log │ └── logger.go ├── pod │ └── resource.go ├── text_context.go ├── util.go ├── vc.go └── virtualcluster │ └── wait.go └── multi-tenancy ├── framework.go └── virtual_cluster.go /.dockerignore: -------------------------------------------------------------------------------- 1 | .git 2 | .github 3 | .vscode 4 | bin/ 5 | # **/*.yaml 6 | hack/ 7 | docs/ 8 | logos/ 9 | scripts/ 10 | **/*.md 11 | **/config/**/*.yaml 12 | **/config/**/*.yaml-e 13 | _artifacts 14 | Makefile 15 | **/Makefile 16 | 17 | .dockerignore 18 | # We want to ignore any frequently modified files to avoid cache-busting the COPY ./ ./ 19 | # Binaries for programs and plugins 20 | **/*.exe 21 | **/*.dll 22 | **/*.so 23 | **/*.dylib 24 | **/bin/** 25 | **/out/** 26 | 27 | # Test binary, build with `go test -c` 28 | **/*.test 29 | 30 | # Output of the go coverage tool, specifically when used with LiteIDE 31 | **/*.out 32 | 33 | # Common editor / temporary files 34 | **/*~ 35 | **/*.tmp 36 | **/.DS_Store 37 | **/*.swp 38 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Tell us about a problem you are experiencing 4 | 5 | --- 6 | 7 | **What steps did you take and what happened:** 8 | [A clear and concise description on how to REPRODUCE the bug.] 9 | 10 | 11 | **What did you expect to happen:** 12 | 13 | 14 | **Anything else you would like to add:** 15 | [Miscellaneous information that will assist in solving the issue.] 16 | 17 | 18 | **Environment:** 19 | 20 | - cluster-api-provider-nested version: 21 | - Minikube/KIND version: 22 | - Kubernetes version: (use `kubectl version`): 23 | - OS (e.g. from `/etc/os-release`): 24 | 25 | /kind bug 26 | [One or more /area label. See https://github.com/kubernetes-sigs/cluster-api-provider-nested/labels?q=area for the list of labels] 27 | 28 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | 5 | --- 6 | 7 | 8 | 9 | **User Story** 10 | 11 | As a [developer/user/operator] I would like to [high level description] for [reasons] 12 | 13 | **Detailed Description** 14 | 15 | [A clear and concise description of what you want to happen.] 16 | 17 | **Anything else you would like to add:** 18 | 19 | [Miscellaneous information that will assist in solving the issue.] 20 | 21 | /kind feature 22 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | **What this PR does / why we need it**: 5 | 6 | **Which issue(s) this PR fixes** *(optional, in `fixes #(, fixes #, ...)` format, will close the issue(s) when PR gets merged)*: 7 | Fixes # 8 | -------------------------------------------------------------------------------- /.github/workflows/golangci-lint.yml: -------------------------------------------------------------------------------- 1 | name: golangci-lint 2 | on: 3 | pull_request: 4 | types: [opened, edited, synchronize, reopened] 5 | jobs: 6 | golangci: 7 | name: lint 8 | runs-on: ubuntu-latest 9 | strategy: 10 | matrix: 11 | working-directory: 12 | - "" 13 | - "virtualcluster" 14 | steps: 15 | - uses: actions/checkout@v3 16 | - uses: actions/setup-go@v3 17 | with: 18 | go-version: 1.17 19 | - name: golangci-lint 20 | uses: golangci/golangci-lint-action@v3.2.0 21 | with: 22 | version: v1.47.2 23 | working-directory: ${{matrix.working-directory}} 24 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Binaries for programs and plugins 2 | *.exe 3 | *.dll 4 | *.so 5 | *.dylib 6 | cmd/clusterctl/clusterctl 7 | bin 8 | hack/tools/bin 9 | out 10 | 11 | # Test binary, build with `go test -c` 12 | *.test 13 | 14 | # E2E test templates 15 | test/e2e/data/infrastructure-docker/*-template 16 | 17 | # Output of the go coverage tool, specifically when used with LiteIDE 18 | *.out 19 | 20 | # IntelliJ 21 | .idea/ 22 | *.iml 23 | 24 | # VSCode 25 | .vscode/ 26 | 27 | # kubeconfigs 28 | minikube.kubeconfig 29 | 30 | # Book 31 | docs/book/book/ 32 | 33 | # Common editor / temporary files 34 | *~ 35 | *.tmp 36 | .DS_Store 37 | 38 | # rbac and manager config for example provider 39 | config/ci/rbac/role_binding.yaml 40 | config/ci/rbac/role.yaml 41 | config/ci/rbac/aggregated_role.yaml 42 | config/ci/rbac/auth_proxy_role.yaml 43 | config/ci/rbac/auth_proxy_role_binding.yaml 44 | config/ci/rbac/auth_proxy_service.yaml 45 | config/ci/manager/manager.yaml 46 | manager_image_patch.yaml-e 47 | manager_pull_policy.yaml-e 48 | 49 | config/ci 50 | 51 | # Temporary clusterctl directory 52 | cmd/clusterctl/config/manifest 53 | 54 | # The golang vendor directory that contains local copies of external 55 | # dependencies that satisfy Go imports in this project. 56 | vendor 57 | 58 | # User-supplied Tiltfile extensions, settings, and builds 59 | tilt.d 60 | tilt-settings.json 61 | .tiltbuild 62 | 63 | # User-supplied clusterctl hacks settings 64 | clusterctl-settings.json 65 | 66 | # test results 67 | _artifacts 68 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing Guidelines 2 | 3 | Welcome to Kubernetes. We are excited about the prospect of you joining our [community](https://git.k8s.io/community)! The Kubernetes community abides by the CNCF [code of conduct](code-of-conduct.md). Here is an excerpt: 4 | 5 | _As contributors and maintainers of this project, and in the interest of fostering an open and welcoming community, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities._ 6 | 7 | ## Getting Started 8 | 9 | We have full documentation on how to get started contributing here: 10 | 11 | 14 | 15 | - [Contributor License Agreement](https://git.k8s.io/community/CLA.md) Kubernetes projects require that you sign a Contributor License Agreement (CLA) before we can accept your pull requests 16 | - [Kubernetes Contributor Guide](https://git.k8s.io/community/contributors/guide) - Main contributor documentation, or you can just jump directly to the [contributing section](https://git.k8s.io/community/contributors/guide#contributing) 17 | - [Contributor Cheat Sheet](https://git.k8s.io/community/contributors/guide/contributor-cheatsheet) - Common resources for existing developers 18 | 19 | ## Mentorship 20 | 21 | - [Mentoring Initiatives](https://git.k8s.io/community/mentoring) - We have a diverse set of mentorship programs available that are always looking for volunteers! 22 | 23 | ## Contact Information 24 | 25 | - [Slack](https://kubernetes.slack.com/messages/sig-cluster-lifecycle) 26 | - [Mailing List](https://groups.google.com/forum/#!forum/kubernetes-sig-cluster-lifecycle) 27 | -------------------------------------------------------------------------------- /OWNERS: -------------------------------------------------------------------------------- 1 | # See the OWNERS docs at https://go.k8s.io/owners 2 | 3 | approvers: 4 | - sig-cluster-lifecycle-leads 5 | - cluster-api-admins 6 | - cluster-api-maintainers 7 | - cluster-api-provider-nested-maintainers 8 | -------------------------------------------------------------------------------- /OWNERS_ALIASES: -------------------------------------------------------------------------------- 1 | # See the OWNERS docs: https://git.k8s.io/community/docs/devel/owners.md 2 | 3 | aliases: 4 | sig-cluster-lifecycle-leads: 5 | - neolit123 6 | - justinsb 7 | - timothysc 8 | - fabriziopandini 9 | cluster-api-admins: 10 | - justinsb 11 | - detiber 12 | - davidewatson 13 | - vincepri 14 | cluster-api-maintainers: 15 | - justinsb 16 | - detiber 17 | - vincepri 18 | - CecileRobertMichon 19 | cluster-api-provider-nested-maintainers: 20 | - christopherhein 21 | - charleszheng44 22 | - Fei-Guo 23 | - resouer 24 | - zhuangqh 25 | -------------------------------------------------------------------------------- /PROJECT: -------------------------------------------------------------------------------- 1 | domain: cluster.x-k8s.io 2 | layout: 3 | - go.kubebuilder.io/v3 4 | projectName: cluster-api-provider-nested 5 | repo: sigs.k8s.io/cluster-api-provider-nested 6 | resources: 7 | - api: 8 | crdVersion: v1 9 | namespaced: true 10 | controller: true 11 | domain: cluster.x-k8s.io 12 | group: infrastructure 13 | kind: NestedCluster 14 | path: sigs.k8s.io/cluster-api-provider-nested/api/v1alpha4 15 | version: v1alpha4 16 | version: "3" 17 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Kubernetes Cluster API Provider Nested 2 | 3 | Cluster API Provider for Nested Clusters 4 | 5 | ## Community, discussion, contribution, and support 6 | 7 | Learn how to engage with the Kubernetes community on the [community page](http://kubernetes.io/community/). 8 | 9 | You can reach the maintainers of this project at: 10 | 11 | - [Slack](https://kubernetes.slack.com/messages/cluster-api-nested) 12 | - [Mailing List](https://groups.google.com/forum/#!forum/kubernetes-sig-cluster-lifecycle) 13 | - Join our Cluster API Provider Nested working group sessions 14 | - Weekly on Tuesdays @ 10:00 PT 15 | - Previous meetings: 16 | [notes](https://docs.google.com/document/d/10aTeq2lhXW_3aFQAd_MdGjY8PtZPslKhZCCcXxFp3_Q/edit#) 17 | 18 | ### Code of conduct 19 | 20 | Participation in the Kubernetes community is governed by the [Kubernetes Code of Conduct](code-of-conduct.md). 21 | -------------------------------------------------------------------------------- /RELEASE.md: -------------------------------------------------------------------------------- 1 | # Release Process 2 | 3 | The Kubernetes Template Project is released on an as-needed basis. The process is as follows: 4 | 5 | 1. An issue is proposing a new release with a changelog since the last release 6 | 1. All [OWNERS](OWNERS) must LGTM this release 7 | 1. An OWNER runs `git tag -s $VERSION` and inserts the changelog and pushes the tag with `git push $VERSION` 8 | 1. The release issue is closed 9 | 1. An announcement email is sent to `kubernetes-dev@googlegroups.com` with the subject `[ANNOUNCE] kubernetes-template-project $VERSION is released` 10 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Security Policy 2 | 3 | ## Security Announcements 4 | 5 | Join the [kubernetes-security-announce] group for security and vulnerability announcements. 6 | 7 | You can also subscribe to an RSS feed of the above using [this link][kubernetes-security-announce-rss]. 8 | 9 | ## Reporting a Vulnerability 10 | 11 | Instructions for reporting a vulnerability can be found on the 12 | [Kubernetes Security and Disclosure Information] page. 13 | 14 | ## Supported Versions 15 | 16 | Information about supported Kubernetes versions can be found on the 17 | [Kubernetes version and version skew support policy] page on the Kubernetes website. 18 | 19 | [kubernetes-security-announce]: https://groups.google.com/forum/#!forum/kubernetes-security-announce 20 | [kubernetes-security-announce-rss]: https://groups.google.com/forum/feed/kubernetes-security-announce/msgs/rss_v2_0.xml?num=50 21 | [Kubernetes version and version skew support policy]: https://kubernetes.io/docs/setup/release/version-skew-policy/#supported-versions 22 | [Kubernetes Security and Disclosure Information]: https://kubernetes.io/docs/reference/issues-security/security/#report-a-vulnerability 23 | -------------------------------------------------------------------------------- /SECURITY_CONTACTS: -------------------------------------------------------------------------------- 1 | # Defined below are the security contacts for this repo. 2 | # 3 | # They are the contact point for the Product Security Committee to reach out 4 | # to for triaging and handling of incoming issues. 5 | # 6 | # The below names agree to abide by the 7 | # [Embargo Policy](https://git.k8s.io/security/private-distributors-list.md#embargo-policy) 8 | # and will be removed and replaced if they violate that agreement. 9 | # 10 | # DO NOT REPORT SECURITY VULNERABILITIES DIRECTLY TO THESE NAMES, FOLLOW THE 11 | # INSTRUCTIONS AT https://kubernetes.io/security/ 12 | 13 | christopherhein 14 | Fei-Guo 15 | detiber 16 | justinsb 17 | luxas 18 | timothysc 19 | -------------------------------------------------------------------------------- /api/v1alpha4/groupversion_info.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package v1alpha4 contains API Schema definitions for the infrastructure v1alpha4 API group. 18 | // +kubebuilder:object:generate=true 19 | // +groupName=infrastructure.cluster.x-k8s.io 20 | package v1alpha4 21 | 22 | import ( 23 | "k8s.io/apimachinery/pkg/runtime/schema" 24 | "sigs.k8s.io/controller-runtime/pkg/scheme" 25 | ) 26 | 27 | var ( 28 | // GroupVersion is group version used to register these objects. 29 | GroupVersion = schema.GroupVersion{Group: "infrastructure.cluster.x-k8s.io", Version: "v1alpha4"} 30 | 31 | // SchemeBuilder is used to add go types to the GroupVersionKind scheme. 32 | SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} 33 | 34 | // AddToScheme adds the types in this group-version to the given scheme. 35 | AddToScheme = SchemeBuilder.AddToScheme 36 | ) 37 | -------------------------------------------------------------------------------- /api/v1alpha4/webhooks.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1alpha4 18 | 19 | import ( 20 | apierrors "k8s.io/apimachinery/pkg/api/errors" 21 | "k8s.io/apimachinery/pkg/runtime/schema" 22 | "k8s.io/apimachinery/pkg/util/validation/field" 23 | ) 24 | 25 | func aggregateObjErrors(gk schema.GroupKind, name string, allErrs field.ErrorList) error { 26 | if len(allErrs) == 0 { 27 | return nil 28 | } 29 | 30 | return apierrors.NewInvalid( 31 | gk, 32 | name, 33 | allErrs, 34 | ) 35 | } 36 | -------------------------------------------------------------------------------- /cloudbuild.yaml: -------------------------------------------------------------------------------- 1 | # See https://cloud.google.com/cloud-build/docs/build-config 2 | timeout: 2700s 3 | options: 4 | substitution_option: ALLOW_LOOSE 5 | machineType: 'N1_HIGHCPU_8' 6 | steps: 7 | - name: 'gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20221214-1b4dd4d69a' 8 | entrypoint: make 9 | env: 10 | - DOCKER_CLI_EXPERIMENTAL=enabled 11 | - TAG=$_GIT_TAG 12 | - PULL_BASE_REF=$_PULL_BASE_REF 13 | - DOCKER_BUILDKIT=1 14 | args: 15 | - release-staging 16 | substitutions: 17 | # _GIT_TAG will be filled with a git-based tag for the image, of the form vYYYYMMDD-hash, and 18 | # can be used as a substitution 19 | _GIT_TAG: '12345' 20 | _PULL_BASE_REF: 'dev' 21 | -------------------------------------------------------------------------------- /code-of-conduct.md: -------------------------------------------------------------------------------- 1 | # Kubernetes Community Code of Conduct 2 | 3 | Please refer to our [Kubernetes Community Code of Conduct](https://git.k8s.io/community/code-of-conduct.md) 4 | -------------------------------------------------------------------------------- /config/certmanager/certificate.yaml: -------------------------------------------------------------------------------- 1 | # The following manifests contain a self-signed issuer CR and a certificate CR. 2 | # More document can be found at https://docs.cert-manager.io 3 | # WARNING: Targets CertManager 0.11 check https://docs.cert-manager.io/en/latest/tasks/upgrading/index.html for 4 | # breaking changes 5 | apiVersion: cert-manager.io/v1alpha2 6 | kind: Issuer 7 | metadata: 8 | name: selfsigned-issuer 9 | namespace: system 10 | spec: 11 | selfSigned: {} 12 | --- 13 | apiVersion: cert-manager.io/v1alpha2 14 | kind: Certificate 15 | metadata: 16 | name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml 17 | namespace: system 18 | spec: 19 | # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize 20 | dnsNames: 21 | - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc 22 | - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local 23 | issuerRef: 24 | kind: Issuer 25 | name: selfsigned-issuer 26 | secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize 27 | -------------------------------------------------------------------------------- /config/certmanager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - certificate.yaml 3 | 4 | configurations: 5 | - kustomizeconfig.yaml 6 | -------------------------------------------------------------------------------- /config/certmanager/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This configuration is for teaching kustomize how to update name ref and var substitution 2 | nameReference: 3 | - kind: Issuer 4 | group: cert-manager.io 5 | fieldSpecs: 6 | - kind: Certificate 7 | group: cert-manager.io 8 | path: spec/issuerRef/name 9 | 10 | varReference: 11 | - kind: Certificate 12 | group: cert-manager.io 13 | path: spec/commonName 14 | - kind: Certificate 15 | group: cert-manager.io 16 | path: spec/dnsNames 17 | -------------------------------------------------------------------------------- /config/crd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # This kustomization.yaml is not intended to be run by itself, 2 | # since it depends on service name and namespace that are out of this kustomize package. 3 | # It should be run by config/default 4 | resources: 5 | - bases/infrastructure.cluster.x-k8s.io_nestedclusters.yaml 6 | #+kubebuilder:scaffold:crdkustomizeresource 7 | 8 | patchesStrategicMerge: 9 | # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. 10 | # patches here are for enabling the conversion webhook for each CRD 11 | #+kubebuilder:scaffold:crdkustomizewebhookpatch 12 | 13 | # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix. 14 | # patches here are for enabling the CA injection for each CRD 15 | #+kubebuilder:scaffold:crdkustomizecainjectionpatch 16 | 17 | # the following config is for teaching kustomize how to do kustomization for CRDs. 18 | configurations: 19 | # - kustomizeconfig.yaml 20 | 21 | 22 | commonLabels: 23 | # When using CAPI we need to define the contract version labels so that the 24 | # capi system can cross reference the proper controlplane & infra refs 25 | # https://cluster-api.sigs.k8s.io/developer/providers/v1alpha2-to-v1alpha3.html#apply-the-contract-version-label-clusterx-k8sioversion-version1_version2_version3-to-your-crds 26 | cluster.x-k8s.io/v1alpha3: v1alpha4 27 | cluster.x-k8s.io/v1alpha4: v1alpha4 28 | cluster.x-k8s.io/v1beta1: v1alpha4 29 | -------------------------------------------------------------------------------- /config/default/manager_auth_proxy_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch inject a sidecar container which is a HTTP proxy for the 2 | # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: controller-manager 7 | namespace: system 8 | spec: 9 | template: 10 | spec: 11 | containers: 12 | - name: kube-rbac-proxy 13 | image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 14 | args: 15 | - "--secure-listen-address=0.0.0.0:8443" 16 | - "--upstream=http://127.0.0.1:8080/" 17 | - "--logtostderr=true" 18 | - "--v=10" 19 | ports: 20 | - containerPort: 8443 21 | name: https 22 | - name: manager 23 | args: 24 | - "--metrics-bind-address=127.0.0.1:8080" 25 | - "--leader-elect" 26 | -------------------------------------------------------------------------------- /config/default/manager_image_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - image: gcr.io/cluster-api-nested-controller-amd64:dev 11 | name: manager -------------------------------------------------------------------------------- /config/default/manager_pull_policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | imagePullPolicy: Never 12 | -------------------------------------------------------------------------------- /config/default/manager_webhook_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | ports: 12 | - containerPort: 9443 13 | name: webhook-server 14 | protocol: TCP 15 | volumeMounts: 16 | - mountPath: /tmp/k8s-webhook-server/serving-certs 17 | name: cert 18 | readOnly: true 19 | volumes: 20 | - name: cert 21 | secret: 22 | defaultMode: 420 23 | secretName: webhook-server-cert 24 | -------------------------------------------------------------------------------- /config/default/webhookcainjection_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch add annotation to admission webhook config and 2 | # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. 3 | #apiVersion: admissionregistration.k8s.io/v1beta1 4 | #kind: MutatingWebhookConfiguration 5 | #metadata: 6 | # name: mutating-webhook-configuration 7 | # annotations: 8 | # cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 9 | --- 10 | apiVersion: admissionregistration.k8s.io/v1 11 | kind: ValidatingWebhookConfiguration 12 | metadata: 13 | name: validating-webhook-configuration 14 | annotations: 15 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 16 | -------------------------------------------------------------------------------- /config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | -------------------------------------------------------------------------------- /config/manager/manager.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: system 7 | --- 8 | apiVersion: apps/v1 9 | kind: Deployment 10 | metadata: 11 | name: controller-manager 12 | namespace: system 13 | labels: 14 | control-plane: controller-manager 15 | spec: 16 | selector: 17 | matchLabels: 18 | control-plane: controller-manager 19 | replicas: 1 20 | template: 21 | metadata: 22 | labels: 23 | control-plane: controller-manager 24 | spec: 25 | containers: 26 | - command: 27 | - /manager 28 | args: 29 | - --leader-elect 30 | image: controller:latest 31 | name: manager 32 | resources: 33 | limits: 34 | cpu: 100m 35 | memory: 30Mi 36 | requests: 37 | cpu: 100m 38 | memory: 20Mi 39 | terminationGracePeriodSeconds: 10 40 | serviceAccountName: manager 41 | -------------------------------------------------------------------------------- /config/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | -------------------------------------------------------------------------------- /config/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Prometheus Monitor Service (Metrics) 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | control-plane: controller-manager 8 | name: controller-manager-metrics-monitor 9 | namespace: system 10 | spec: 11 | endpoints: 12 | - path: /metrics 13 | port: https 14 | selector: 15 | matchLabels: 16 | control-plane: controller-manager 17 | -------------------------------------------------------------------------------- /config/rbac/auth_proxy_client_clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: metrics-reader 5 | rules: 6 | - nonResourceURLs: ["/metrics"] 7 | verbs: ["get"] 8 | -------------------------------------------------------------------------------- /config/rbac/auth_proxy_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: proxy-role 5 | rules: 6 | - apiGroups: ["authentication.k8s.io"] 7 | resources: 8 | - tokenreviews 9 | verbs: ["create"] 10 | - apiGroups: ["authorization.k8s.io"] 11 | resources: 12 | - subjectaccessreviews 13 | verbs: ["create"] 14 | -------------------------------------------------------------------------------- /config/rbac/auth_proxy_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: proxy-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: proxy-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /config/rbac/auth_proxy_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: controller-manager-metrics-service 7 | namespace: system 8 | spec: 9 | ports: 10 | - name: https 11 | port: 8443 12 | targetPort: https 13 | selector: 14 | control-plane: controller-manager 15 | -------------------------------------------------------------------------------- /config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - role.yaml 3 | - role_binding.yaml 4 | - service_account.yaml 5 | - leader_election_role.yaml 6 | - leader_election_role_binding.yaml 7 | # Comment the following 4 lines if you want to disable 8 | # the auth proxy (https://github.com/brancz/kube-rbac-proxy) 9 | # which protects your /metrics endpoint. 10 | - auth_proxy_service.yaml 11 | - auth_proxy_role.yaml 12 | - auth_proxy_role_binding.yaml 13 | - auth_proxy_client_clusterrole.yaml 14 | -------------------------------------------------------------------------------- /config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: leader-election-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | - coordination.k8s.io 10 | resources: 11 | - configmaps 12 | - leases 13 | verbs: 14 | - get 15 | - list 16 | - watch 17 | - create 18 | - update 19 | - patch 20 | - delete 21 | - apiGroups: 22 | - "" 23 | - coordination.k8s.io 24 | resources: 25 | - configmaps/status 26 | - leases/status 27 | verbs: 28 | - get 29 | - update 30 | - patch 31 | - apiGroups: 32 | - "" 33 | resources: 34 | - events 35 | verbs: 36 | - create 37 | - patch -------------------------------------------------------------------------------- /config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /config/rbac/nestedcluster_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit nestedclusters. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: nestedcluster-editor-role 6 | rules: 7 | - apiGroups: 8 | - infrastructure.cluster.x-k8s.io 9 | resources: 10 | - nestedclusters 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - infrastructure.cluster.x-k8s.io 21 | resources: 22 | - nestedclusters/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/nestedcluster_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view nestedclusters. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: nestedcluster-viewer-role 6 | rules: 7 | - apiGroups: 8 | - infrastructure.cluster.x-k8s.io 9 | resources: 10 | - nestedclusters 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - infrastructure.cluster.x-k8s.io 17 | resources: 18 | - nestedclusters/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/role.yaml: -------------------------------------------------------------------------------- 1 | 2 | --- 3 | apiVersion: rbac.authorization.k8s.io/v1 4 | kind: ClusterRole 5 | metadata: 6 | creationTimestamp: null 7 | name: manager-role 8 | rules: 9 | - apiGroups: 10 | - cluster.x-k8s.io 11 | resources: 12 | - clusters 13 | verbs: 14 | - get 15 | - list 16 | - watch 17 | - apiGroups: 18 | - controlplane.cluster.x-k8s.io 19 | resources: 20 | - nestedcontrolplanes 21 | verbs: 22 | - get 23 | - list 24 | - watch 25 | - apiGroups: 26 | - infrastructure.cluster.x-k8s.io 27 | resources: 28 | - nestedclusters 29 | verbs: 30 | - create 31 | - delete 32 | - get 33 | - list 34 | - patch 35 | - update 36 | - watch 37 | - apiGroups: 38 | - infrastructure.cluster.x-k8s.io 39 | resources: 40 | - nestedclusters/finalizers 41 | verbs: 42 | - update 43 | - apiGroups: 44 | - infrastructure.cluster.x-k8s.io 45 | resources: 46 | - nestedclusters/status 47 | verbs: 48 | - get 49 | - patch 50 | - update 51 | -------------------------------------------------------------------------------- /config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /config/rbac/service_account.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: manager 6 | namespace: system -------------------------------------------------------------------------------- /config/samples/controlplane_v1alpha4_nestedapiserver.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: controlplane.cluster.x-k8s.io/v1alpha4 2 | kind: NestedAPIServer 3 | metadata: 4 | name: nestedapiserver-sample 5 | spec: 6 | replicas: 1 7 | -------------------------------------------------------------------------------- /config/samples/controlplane_v1alpha4_nestedcontrollermanager.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: controlplane.cluster.x-k8s.io/v1alpha4 2 | kind: NestedControllerManager 3 | metadata: 4 | name: nestedcontrollermanager-sample 5 | spec: 6 | replicas: 1 7 | -------------------------------------------------------------------------------- /config/samples/controlplane_v1alpha4_nestedcontrolplane.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: controlplane.cluster.x-k8s.io/v1alpha4 2 | kind: NestedControlPlane 3 | metadata: 4 | name: nestedcontrolplane-sample 5 | spec: 6 | etcd: 7 | apiVersion: controlplane.cluster.x-k8s.io/v1alpha4 8 | kind: NestedEtcd 9 | name: nestedetcd-sample 10 | apiserver: 11 | apiVersion: controlplane.cluster.x-k8s.io/v1alpha4 12 | kind: NestedAPIServer 13 | name: nestedapiserver-sample 14 | controllerManager: 15 | apiVersion: controlplane.cluster.x-k8s.io/v1alpha4 16 | kind: NestedControllerManager 17 | name: nestedcontrollermanager-sample -------------------------------------------------------------------------------- /config/samples/controlplane_v1alpha4_nestedetcd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: controlplane.cluster.x-k8s.io/v1alpha4 2 | kind: NestedEtcd 3 | metadata: 4 | name: nestedetcd-sample 5 | spec: 6 | replicas: 1 7 | -------------------------------------------------------------------------------- /config/samples/infrastructure_v1alpha4_nestedcluster.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4 2 | kind: NestedCluster 3 | metadata: 4 | name: nestedcluster-sample 5 | labels: 6 | cluster.x-k8s.io/v1beta1: v1alpha4_v1beta1 7 | spec: 8 | controlPlaneEndpoint: 9 | host: "localhost" 10 | port: 6443 11 | -------------------------------------------------------------------------------- /config/samples/v1alpha4_cluster.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cluster.x-k8s.io/v1alpha4 2 | kind: Cluster 3 | metadata: 4 | name: cluster-sample 5 | namespace: default 6 | spec: 7 | controlPlaneEndpoint: 8 | # currently this has to be the in-cluster endpoint, the in-cluster 9 | # kubeconfig is used by controller-manager w/ ClusterIP services 10 | # we can `port-forward` this service and be able to test 11 | host: "cluster-sample-apiserver" 12 | port: 6443 13 | controlPlaneRef: 14 | apiVersion: controlplane.cluster.x-k8s.io/v1alpha4 15 | kind: NestedControlPlane 16 | name: nestedcontrolplane-sample 17 | namespace: default 18 | infrastructureRef: 19 | apiVersion: infrastructure.cluster.x-k8s.io/v1alpha4 20 | kind: NestedCluster 21 | name: nestedcluster-sample 22 | namespace: default 23 | -------------------------------------------------------------------------------- /config/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manifests.yaml 3 | - service.yaml 4 | 5 | configurations: 6 | - kustomizeconfig.yaml 7 | -------------------------------------------------------------------------------- /config/webhook/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # the following config is for teaching kustomize where to look at when substituting vars. 2 | # It requires kustomize v2.1.0 or newer to work properly. 3 | nameReference: 4 | - kind: Service 5 | version: v1 6 | fieldSpecs: 7 | - kind: MutatingWebhookConfiguration 8 | group: admissionregistration.k8s.io 9 | path: webhooks/clientConfig/service/name 10 | - kind: ValidatingWebhookConfiguration 11 | group: admissionregistration.k8s.io 12 | path: webhooks/clientConfig/service/name 13 | 14 | namespace: 15 | - kind: MutatingWebhookConfiguration 16 | group: admissionregistration.k8s.io 17 | path: webhooks/clientConfig/service/namespace 18 | create: true 19 | - kind: ValidatingWebhookConfiguration 20 | group: admissionregistration.k8s.io 21 | path: webhooks/clientConfig/service/namespace 22 | create: true 23 | 24 | varReference: 25 | - path: metadata/annotations 26 | -------------------------------------------------------------------------------- /config/webhook/manifests.yaml: -------------------------------------------------------------------------------- 1 | 2 | --- 3 | apiVersion: admissionregistration.k8s.io/v1 4 | kind: ValidatingWebhookConfiguration 5 | metadata: 6 | creationTimestamp: null 7 | name: validating-webhook-configuration 8 | webhooks: 9 | - admissionReviewVersions: 10 | - v1beta1 11 | clientConfig: 12 | service: 13 | name: webhook-service 14 | namespace: system 15 | path: /validate-infrastructure-cluster-x-k8s-io-v1alpha4-nestedcluster 16 | failurePolicy: Fail 17 | matchPolicy: Equivalent 18 | name: validation.nestedclusters.infrastructure.x-k8s.io 19 | rules: 20 | - apiGroups: 21 | - infrastructure.cluster.x-k8s.io 22 | apiVersions: 23 | - v1alpha4 24 | operations: 25 | - CREATE 26 | - UPDATE 27 | resources: 28 | - nestedclusters 29 | sideEffects: None 30 | -------------------------------------------------------------------------------- /config/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: capn-webhook-service 6 | namespace: capn-system 7 | spec: 8 | ports: 9 | - port: 443 10 | targetPort: 9443 11 | selector: 12 | control-plane: controller-manager 13 | -------------------------------------------------------------------------------- /controlplane/nested/PROJECT: -------------------------------------------------------------------------------- 1 | domain: cluster.x-k8s.io 2 | layout: 3 | - go.kubebuilder.io/v3 4 | projectName: cluster-api-provider-nested 5 | repo: sigs.k8s.io/cluster-api-provider-nested 6 | resources: 7 | - api: 8 | crdVersion: v1 9 | namespaced: true 10 | controller: true 11 | domain: cluster.x-k8s.io 12 | group: controlplane 13 | kind: NestedControlPlane 14 | path: sigs.k8s.io/cluster-api-provider-nested/controlplane/nested/api/v1alpha4 15 | version: v1alpha4 16 | - api: 17 | crdVersion: v1 18 | namespaced: true 19 | controller: true 20 | domain: cluster.x-k8s.io 21 | group: controlplane 22 | kind: NestedEtcd 23 | path: sigs.k8s.io/cluster-api-provider-nested/controlplane/nested/api/v1alpha4 24 | version: v1alpha4 25 | - api: 26 | crdVersion: v1 27 | namespaced: true 28 | controller: true 29 | domain: cluster.x-k8s.io 30 | group: controlplane 31 | kind: NestedAPIServer 32 | path: sigs.k8s.io/cluster-api-provider-nested/controlplane/api/v1alpha4 33 | version: v1alpha4 34 | - api: 35 | crdVersion: v1 36 | namespaced: true 37 | controller: true 38 | domain: cluster.x-k8s.io 39 | group: controlplane 40 | kind: NestedControllerManager 41 | path: sigs.k8s.io/cluster-api-provider-nested/controlplane/api/v1alpha4 42 | version: v1alpha4 43 | version: "3" 44 | -------------------------------------------------------------------------------- /controlplane/nested/api/v1alpha4/groupversion_info.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package v1alpha4 contains API Schema definitions for the controlplane v1alpha4 API group. 18 | // +kubebuilder:object:generate=true 19 | // +groupName=controlplane.cluster.x-k8s.io 20 | package v1alpha4 21 | 22 | import ( 23 | "k8s.io/apimachinery/pkg/runtime/schema" 24 | "sigs.k8s.io/controller-runtime/pkg/scheme" 25 | ) 26 | 27 | var ( 28 | // GroupVersion is group version used to register these objects. 29 | GroupVersion = schema.GroupVersion{Group: "controlplane.cluster.x-k8s.io", Version: "v1alpha4"} 30 | 31 | // SchemeBuilder is used to add go types to the GroupVersionKind scheme. 32 | SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} 33 | 34 | // AddToScheme adds the types in this group-version to the given scheme. 35 | AddToScheme = SchemeBuilder.AddToScheme 36 | ) 37 | -------------------------------------------------------------------------------- /controlplane/nested/certificate/consts.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | http://www.apache.org/licenses/LICENSE-2.0 7 | Unless required by applicable law or agreed to in writing, software 8 | distributed under the License is distributed on an "AS IS" BASIS, 9 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 10 | See the License for the specific language governing permissions and 11 | limitations under the License. 12 | */ 13 | 14 | // Package certificate contains helpers for managing KeyPairs. 15 | package certificate 16 | 17 | import "sigs.k8s.io/cluster-api/util/secret" 18 | 19 | const ( 20 | // defaultClusterDomain defines the default that all control planes are 21 | // provisioned with. 22 | defaultClusterDomain = "cluster.local" 23 | 24 | // EtcdClient defines the client cert name for etcd. 25 | EtcdClient secret.Purpose = "etcd-client" 26 | 27 | // EtcdHealthClient defines the client cert name for etcd. 28 | EtcdHealthClient secret.Purpose = "etcd-health-client" 29 | 30 | // APIServerClient defines the client cert name for apiserver. 31 | APIServerClient secret.Purpose = "apiserver-client" 32 | 33 | // APIServerEtcdClient mirrors capi APIServerEtcdClient. 34 | APIServerEtcdClient secret.Purpose = secret.APIServerEtcdClient 35 | 36 | // KubeletClient defines the client cert name for kubelet. 37 | KubeletClient secret.Purpose = "kubelet-client" 38 | 39 | // ProxyClient defines the client cert name for the front proxy. 40 | ProxyClient secret.Purpose = "proxy-client" 41 | 42 | // ControllerManagerKubeconfig defines the secret purpose for KCM Kubeconfigs. 43 | ControllerManagerKubeconfig secret.Purpose = "controller-manager-kubeconfig" 44 | ) 45 | -------------------------------------------------------------------------------- /controlplane/nested/certificate/keypair.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | http://www.apache.org/licenses/LICENSE-2.0 7 | Unless required by applicable law or agreed to in writing, software 8 | distributed under the License is distributed on an "AS IS" BASIS, 9 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 10 | See the License for the specific language governing permissions and 11 | limitations under the License. 12 | */ 13 | 14 | package certificate 15 | 16 | import ( 17 | "crypto/rsa" 18 | 19 | corev1 "k8s.io/api/core/v1" 20 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 21 | clusterv1 "sigs.k8s.io/cluster-api/api/v1alpha4" 22 | 23 | "sigs.k8s.io/cluster-api-provider-nested/controlplane/nested/certificate/util" 24 | 25 | "sigs.k8s.io/cluster-api/util/secret" 26 | "sigs.k8s.io/controller-runtime/pkg/client" 27 | ) 28 | 29 | // AsSecret will take a KeyPair and convert it into a corev1.Secret. 30 | func (k *KeyPair) AsSecret(clusterName client.ObjectKey, owner metav1.OwnerReference) *corev1.Secret { 31 | s := &corev1.Secret{ 32 | ObjectMeta: metav1.ObjectMeta{ 33 | Namespace: clusterName.Namespace, 34 | Name: secret.Name(clusterName.Name, k.Purpose), 35 | Labels: map[string]string{ 36 | clusterv1.ClusterLabelName: clusterName.Name, 37 | }, 38 | }, 39 | Data: map[string][]byte{ 40 | secret.TLSKeyDataName: util.EncodePrivateKeyPEM(k.Key.(*rsa.PrivateKey)), 41 | secret.TLSCrtDataName: util.EncodeCertPEM(k.Cert), 42 | }, 43 | Type: clusterv1.ClusterSecretType, 44 | } 45 | 46 | if k.Generated { 47 | s.OwnerReferences = []metav1.OwnerReference{owner} 48 | } 49 | return s 50 | } 51 | -------------------------------------------------------------------------------- /controlplane/nested/certificate/types.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | http://www.apache.org/licenses/LICENSE-2.0 7 | Unless required by applicable law or agreed to in writing, software 8 | distributed under the License is distributed on an "AS IS" BASIS, 9 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 10 | See the License for the specific language governing permissions and 11 | limitations under the License. 12 | */ 13 | 14 | package certificate 15 | 16 | import ( 17 | "crypto" 18 | "crypto/x509" 19 | 20 | "sigs.k8s.io/cluster-api/util/secret" 21 | ) 22 | 23 | // KeyPair defines a cert/key pair that is used for the Kubernetes clients 24 | // this was inspired by CAPI's KCP and how it manages CAs. 25 | type KeyPair struct { 26 | Purpose secret.Purpose 27 | Cert *x509.Certificate 28 | Key crypto.Signer 29 | Generated bool 30 | New bool 31 | } 32 | 33 | // KeyPairs defines a set of keypairs to act on, this is useful in providing 34 | // helpers to operate on many keypairs. 35 | type KeyPairs []*KeyPair 36 | -------------------------------------------------------------------------------- /controlplane/nested/config/certmanager/certificate.yaml: -------------------------------------------------------------------------------- 1 | # The following manifests contain a self-signed issuer CR and a certificate CR. 2 | # More document can be found at https://docs.cert-manager.io 3 | # WARNING: Targets CertManager 0.11 check https://docs.cert-manager.io/en/latest/tasks/upgrading/index.html for 4 | # breaking changes 5 | apiVersion: cert-manager.io/v1alpha2 6 | kind: Issuer 7 | metadata: 8 | name: selfsigned-issuer 9 | namespace: system 10 | spec: 11 | selfSigned: {} 12 | --- 13 | apiVersion: cert-manager.io/v1alpha2 14 | kind: Certificate 15 | metadata: 16 | name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml 17 | namespace: system 18 | spec: 19 | # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize 20 | dnsNames: 21 | - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc 22 | - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local 23 | issuerRef: 24 | kind: Issuer 25 | name: selfsigned-issuer 26 | secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize 27 | -------------------------------------------------------------------------------- /controlplane/nested/config/certmanager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - certificate.yaml 3 | 4 | configurations: 5 | - kustomizeconfig.yaml 6 | -------------------------------------------------------------------------------- /controlplane/nested/config/certmanager/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This configuration is for teaching kustomize how to update name ref and var substitution 2 | nameReference: 3 | - kind: Issuer 4 | group: cert-manager.io 5 | fieldSpecs: 6 | - kind: Certificate 7 | group: cert-manager.io 8 | path: spec/issuerRef/name 9 | 10 | varReference: 11 | - kind: Certificate 12 | group: cert-manager.io 13 | path: spec/commonName 14 | - kind: Certificate 15 | group: cert-manager.io 16 | path: spec/dnsNames 17 | -------------------------------------------------------------------------------- /controlplane/nested/config/crd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # This kustomization.yaml is not intended to be run by itself, 2 | # since it depends on service name and namespace that are out of this kustomize package. 3 | # It should be run by config/default 4 | resources: 5 | - bases/controlplane.cluster.x-k8s.io_nestedcontrolplanes.yaml 6 | - bases/controlplane.cluster.x-k8s.io_nestedetcds.yaml 7 | - bases/controlplane.cluster.x-k8s.io_nestedapiservers.yaml 8 | - bases/controlplane.cluster.x-k8s.io_nestedcontrollermanagers.yaml 9 | #+kubebuilder:scaffold:crdkustomizeresource 10 | 11 | patchesStrategicMerge: 12 | # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. 13 | # patches here are for enabling the conversion webhook for each CRD 14 | #+kubebuilder:scaffold:crdkustomizewebhookpatch 15 | 16 | # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix. 17 | # patches here are for enabling the CA injection for each CRD 18 | #+kubebuilder:scaffold:crdkustomizecainjectionpatch 19 | 20 | # the following config is for teaching kustomize how to do kustomization for CRDs. 21 | configurations: 22 | # - kustomizeconfig.yaml 23 | 24 | 25 | commonLabels: 26 | # When using CAPI we need to define the contract version labels so that the 27 | # capi system can cross reference the proper controlplane & infra refs 28 | # https://cluster-api.sigs.k8s.io/developer/providers/v1alpha2-to-v1alpha3.html#apply-the-contract-version-label-clusterx-k8sioversion-version1_version2_version3-to-your-crds 29 | cluster.x-k8s.io/v1alpha3: v1alpha4 30 | cluster.x-k8s.io/v1alpha4: v1alpha4 31 | cluster.x-k8s.io/v1beta1: v1alpha4 32 | -------------------------------------------------------------------------------- /controlplane/nested/config/default/manager_auth_proxy_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch inject a sidecar container which is a HTTP proxy for the 2 | # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: controller-manager 7 | namespace: system 8 | spec: 9 | template: 10 | spec: 11 | containers: 12 | - name: kube-rbac-proxy 13 | image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 14 | args: 15 | - "--secure-listen-address=0.0.0.0:8443" 16 | - "--upstream=http://127.0.0.1:8080/" 17 | - "--logtostderr=true" 18 | - "--v=10" 19 | ports: 20 | - containerPort: 8443 21 | name: https 22 | - name: manager 23 | args: 24 | - "--metrics-bind-address=127.0.0.1:8080" 25 | - "--leader-elect" 26 | -------------------------------------------------------------------------------- /controlplane/nested/config/default/manager_image_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - image: gcr.io/nested-controlplane-controller-amd64:dev 11 | name: manager -------------------------------------------------------------------------------- /controlplane/nested/config/default/manager_pull_policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | imagePullPolicy: Never 12 | -------------------------------------------------------------------------------- /controlplane/nested/config/default/manager_webhook_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | ports: 12 | - containerPort: 9443 13 | name: webhook-server 14 | protocol: TCP 15 | volumeMounts: 16 | - mountPath: /tmp/k8s-webhook-server/serving-certs 17 | name: cert 18 | readOnly: true 19 | volumes: 20 | - name: cert 21 | secret: 22 | defaultMode: 420 23 | secretName: webhook-server-cert 24 | -------------------------------------------------------------------------------- /controlplane/nested/config/default/webhookcainjection_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch add annotation to admission webhook config and 2 | # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. 3 | apiVersion: admissionregistration.k8s.io/v1beta1 4 | kind: MutatingWebhookConfiguration 5 | metadata: 6 | name: mutating-webhook-configuration 7 | annotations: 8 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 9 | --- 10 | apiVersion: admissionregistration.k8s.io/v1beta1 11 | kind: ValidatingWebhookConfiguration 12 | metadata: 13 | name: validating-webhook-configuration 14 | annotations: 15 | cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) 16 | -------------------------------------------------------------------------------- /controlplane/nested/config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | -------------------------------------------------------------------------------- /controlplane/nested/config/manager/manager.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: system 7 | --- 8 | apiVersion: apps/v1 9 | kind: Deployment 10 | metadata: 11 | name: controller-manager 12 | namespace: system 13 | labels: 14 | control-plane: controller-manager 15 | spec: 16 | selector: 17 | matchLabels: 18 | control-plane: controller-manager 19 | replicas: 1 20 | template: 21 | metadata: 22 | labels: 23 | control-plane: controller-manager 24 | spec: 25 | containers: 26 | - command: 27 | - /manager 28 | args: 29 | - --leader-elect 30 | image: controller:latest 31 | name: manager 32 | resources: 33 | limits: 34 | cpu: 100m 35 | memory: 30Mi 36 | requests: 37 | cpu: 100m 38 | memory: 20Mi 39 | terminationGracePeriodSeconds: 10 40 | serviceAccountName: manager 41 | -------------------------------------------------------------------------------- /controlplane/nested/config/rbac/auth_proxy_client_clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: metrics-reader 5 | rules: 6 | - nonResourceURLs: ["/metrics"] 7 | verbs: ["get"] 8 | -------------------------------------------------------------------------------- /controlplane/nested/config/rbac/auth_proxy_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: proxy-role 5 | rules: 6 | - apiGroups: ["authentication.k8s.io"] 7 | resources: 8 | - tokenreviews 9 | verbs: ["create"] 10 | - apiGroups: ["authorization.k8s.io"] 11 | resources: 12 | - subjectaccessreviews 13 | verbs: ["create"] 14 | -------------------------------------------------------------------------------- /controlplane/nested/config/rbac/auth_proxy_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: proxy-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: proxy-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /controlplane/nested/config/rbac/auth_proxy_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | control-plane: controller-manager 6 | name: controller-manager-metrics-service 7 | namespace: system 8 | spec: 9 | ports: 10 | - name: https 11 | port: 8443 12 | targetPort: https 13 | selector: 14 | control-plane: controller-manager 15 | -------------------------------------------------------------------------------- /controlplane/nested/config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - role.yaml 3 | - role_binding.yaml 4 | - service_account.yaml 5 | - leader_election_role.yaml 6 | - leader_election_role_binding.yaml 7 | # Comment the following 4 lines if you want to disable 8 | # the auth proxy (https://github.com/brancz/kube-rbac-proxy) 9 | # which protects your /metrics endpoint. 10 | - auth_proxy_service.yaml 11 | - auth_proxy_role.yaml 12 | - auth_proxy_role_binding.yaml 13 | - auth_proxy_client_clusterrole.yaml 14 | -------------------------------------------------------------------------------- /controlplane/nested/config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: leader-election-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | - coordination.k8s.io 10 | resources: 11 | - configmaps 12 | - leases 13 | verbs: 14 | - get 15 | - list 16 | - watch 17 | - create 18 | - update 19 | - patch 20 | - delete 21 | - apiGroups: 22 | - "" 23 | - coordination.k8s.io 24 | resources: 25 | - configmaps/status 26 | - leases/status 27 | verbs: 28 | - get 29 | - update 30 | - patch 31 | - apiGroups: 32 | - "" 33 | resources: 34 | - events 35 | verbs: 36 | - create 37 | - patch 38 | -------------------------------------------------------------------------------- /controlplane/nested/config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /controlplane/nested/config/rbac/nestedapiserver_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit nestedapiservers. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: nestedapiserver-editor-role 6 | rules: 7 | - apiGroups: 8 | - controlplane.cluster.x-k8s.io 9 | resources: 10 | - nestedapiservers 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - controlplane.cluster.x-k8s.io 21 | resources: 22 | - nestedapiservers/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /controlplane/nested/config/rbac/nestedapiserver_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view nestedapiservers. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: nestedapiserver-viewer-role 6 | rules: 7 | - apiGroups: 8 | - controlplane.cluster.x-k8s.io 9 | resources: 10 | - nestedapiservers 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - controlplane.cluster.x-k8s.io 17 | resources: 18 | - nestedapiservers/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /controlplane/nested/config/rbac/nestedcontrollermanager_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit nestedcontrollermanagers. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: nestedcontrollermanager-editor-role 6 | rules: 7 | - apiGroups: 8 | - controlplane.cluster.x-k8s.io 9 | resources: 10 | - nestedcontrollermanagers 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - controlplane.cluster.x-k8s.io 21 | resources: 22 | - nestedcontrollermanagers/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /controlplane/nested/config/rbac/nestedcontrollermanager_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view nestedcontrollermanagers. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: nestedcontrollermanager-viewer-role 6 | rules: 7 | - apiGroups: 8 | - controlplane.cluster.x-k8s.io 9 | resources: 10 | - nestedcontrollermanagers 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - controlplane.cluster.x-k8s.io 17 | resources: 18 | - nestedcontrollermanagers/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /controlplane/nested/config/rbac/nestedcontrolplane_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit nestedcontrolplanes. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: nestedcontrolplane-editor-role 6 | rules: 7 | - apiGroups: 8 | - controlplane.cluster.x-k8s.io 9 | resources: 10 | - nestedcontrolplanes 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - controlplane.cluster.x-k8s.io 21 | resources: 22 | - nestedcontrolplanes/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /controlplane/nested/config/rbac/nestedcontrolplane_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view nestedcontrolplanes. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: nestedcontrolplane-viewer-role 6 | rules: 7 | - apiGroups: 8 | - controlplane.cluster.x-k8s.io 9 | resources: 10 | - nestedcontrolplanes 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - controlplane.cluster.x-k8s.io 17 | resources: 18 | - nestedcontrolplanes/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /controlplane/nested/config/rbac/nestedetcd_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit nestedetcds. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: nestedetcd-editor-role 6 | rules: 7 | - apiGroups: 8 | - controlplane.cluster.x-k8s.io 9 | resources: 10 | - nestedetcds 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - controlplane.cluster.x-k8s.io 21 | resources: 22 | - nestedetcds/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /controlplane/nested/config/rbac/nestedetcd_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view nestedetcds. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: nestedetcd-viewer-role 6 | rules: 7 | - apiGroups: 8 | - controlplane.cluster.x-k8s.io 9 | resources: 10 | - nestedetcds 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - controlplane.cluster.x-k8s.io 17 | resources: 18 | - nestedetcds/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /controlplane/nested/config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /controlplane/nested/config/rbac/service_account.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: manager 6 | namespace: system -------------------------------------------------------------------------------- /controlplane/nested/config/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manifests.yaml 3 | - service.yaml 4 | 5 | configurations: 6 | - kustomizeconfig.yaml 7 | -------------------------------------------------------------------------------- /controlplane/nested/config/webhook/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # the following config is for teaching kustomize where to look at when substituting vars. 2 | # It requires kustomize v2.1.0 or newer to work properly. 3 | nameReference: 4 | - kind: Service 5 | version: v1 6 | fieldSpecs: 7 | - kind: MutatingWebhookConfiguration 8 | group: admissionregistration.k8s.io 9 | path: webhooks/clientConfig/service/name 10 | - kind: ValidatingWebhookConfiguration 11 | group: admissionregistration.k8s.io 12 | path: webhooks/clientConfig/service/name 13 | 14 | namespace: 15 | - kind: MutatingWebhookConfiguration 16 | group: admissionregistration.k8s.io 17 | path: webhooks/clientConfig/service/namespace 18 | create: true 19 | - kind: ValidatingWebhookConfiguration 20 | group: admissionregistration.k8s.io 21 | path: webhooks/clientConfig/service/namespace 22 | create: true 23 | 24 | varReference: 25 | - path: metadata/annotations 26 | -------------------------------------------------------------------------------- /controlplane/nested/config/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: webhook-service 6 | namespace: system 7 | spec: 8 | ports: 9 | - port: 443 10 | targetPort: 9443 11 | selector: 12 | control-plane: controller-manager 13 | -------------------------------------------------------------------------------- /controlplane/nested/controllers/consts.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package controllers contains the controller for the Control Plane 18 | // api group. 19 | package controllers 20 | 21 | const ( 22 | statefulsetOwnerKeyNEtcd = ".metadata.netcd.controller" 23 | statefulsetOwnerKeyNKas = ".metadata.nkas.controller" 24 | statefulsetOwnerKeyNKcm = ".metadata.nkcm.controller" 25 | // KASManifestConfigmapName is the key name of the apiserver manifest in the configmap. 26 | KASManifestConfigmapName = "nkas-manifest" 27 | // KCMManifestConfigmapName is the key name of the controller-manager manifest in the configmap. 28 | KCMManifestConfigmapName = "nkcm-manifest" 29 | // EtcdManifestConfigmapName is the key name of the etcd manifest in the configmap. 30 | EtcdManifestConfigmapName = "netcd-manifest" 31 | loopbackAddress = "127.0.0.1" 32 | ) 33 | -------------------------------------------------------------------------------- /docs/Makefile: -------------------------------------------------------------------------------- 1 | # Copyright 2019 The Kubernetes Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | ROOT_DIR:=$(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) 16 | 17 | SOURCES := $(shell find ${ROOT_DIR} -name \*.plantuml) 18 | DIAGRAMS := $(SOURCES:%.plantuml=%.png) 19 | 20 | # Hosts running SELinux need :z added to volume mounts 21 | SELINUX_ENABLED := $(shell cat /sys/fs/selinux/enforce 2> /dev/null || echo 0) 22 | 23 | ifeq ($(SELINUX_ENABLED),1) 24 | DOCKER_VOL_OPTS?=:z 25 | endif 26 | 27 | .PHONY: diagrams 28 | diagrams: $(DIAGRAMS) 29 | 30 | %.png: %.plantuml 31 | docker run \ 32 | --rm \ 33 | --volume ${ROOT_DIR}:/workdir$(DOCKER_VOL_OPTS) \ 34 | --user $(shell id -u):$(shell id -g) \ 35 | k8s.gcr.io/cluster-api/plantuml:1.2019.6 \ 36 | -v /workdir/$(shell echo '$^' | sed -e 's,.*docs/,,g' ) -------------------------------------------------------------------------------- /docs/proposals/00_capn-glossary.md: -------------------------------------------------------------------------------- 1 | # Table of Contents 2 | 3 | This document inherits terms from [Cluster API 4 | Glossary](https://cluster-api.sigs.k8s.io/reference/glossary.html) to support 5 | definitions for the Cluster API Provider Nested implementation. 6 | 7 | [C](#c) | [E](#e) | [N](#n) | [S](#s) 8 | 9 | # C 10 | --- 11 | 12 | 13 | 14 | ### CAPN 15 | 16 | Cluster API Provider Nested 17 | 18 | ### Component Controller 19 | 20 | Operators that create the NestedControlPlane components, including the NestedEtcd controller, NestedAPIServer controller and NestedControllerManager controller. 21 | 22 | ### Cluster Admin 23 | 24 | Responsible for creating the underlying super cluster, deploying component controllers, and in-charge of creating Nested clusters. 25 | 26 | # E 27 | --- 28 | 29 | ### End User 30 | 31 | Represents a nested cluster user. These users have limited access to the super cluster. 32 | 33 | # N 34 | --- 35 | 36 | ### NestedControlPlane(NCP) 37 | 38 | The control plane that are hosted on the super cluster. 39 | 40 | ### NestedEtcd(NEtcd) 41 | 42 | The etcd that belongs to the control plane of the nested cluster. 43 | 44 | ### NestedAPIServer(NKAS) 45 | 46 | The kube-apiserver which belongs to the control plane of the nested cluster. 47 | 48 | ### NestedControllerManager(NKCM) 49 | 50 | The kube-control-manager which belongs to the control plane of the nested cluster. 51 | 52 | ### NCP 53 | 54 | The abbreviation of the NestedControlPlane. 55 | 56 | ### NEtcd 57 | 58 | The abbreviation of the NestedEtcd. 59 | 60 | ### NKAS 61 | 62 | The abbreviation of the NestedAPIServer. 63 | 64 | ### NKCM 65 | 66 | The abbreviation of the NestedControllerManager. 67 | 68 | # S 69 | --- 70 | 71 | ### Super Cluster 72 | 73 | The underlying cluster that manages the physical nodes, all pods created through the NestedControlPlanes will run on this cluster. 74 | -------------------------------------------------------------------------------- /docs/proposals/images/componentcontrollers/in-tree.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes-retired/cluster-api-provider-nested/4d19ac600cbb70ed9b6e1712b2cbad104f3ca115/docs/proposals/images/componentcontrollers/in-tree.png -------------------------------------------------------------------------------- /docs/proposals/images/componentcontrollers/out-of-tree.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes-retired/cluster-api-provider-nested/4d19ac600cbb70ed9b6e1712b2cbad104f3ca115/docs/proposals/images/componentcontrollers/out-of-tree.png -------------------------------------------------------------------------------- /docs/proposals/images/nestedcontrolplane/nc-activity.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes-retired/cluster-api-provider-nested/4d19ac600cbb70ed9b6e1712b2cbad104f3ca115/docs/proposals/images/nestedcontrolplane/nc-activity.png -------------------------------------------------------------------------------- /docs/proposals/images/nestedcontrolplane/ncp-activity.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes-retired/cluster-api-provider-nested/4d19ac600cbb70ed9b6e1712b2cbad104f3ca115/docs/proposals/images/nestedcontrolplane/ncp-activity.png -------------------------------------------------------------------------------- /docs/proposals/images/quota/plugin.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes-retired/cluster-api-provider-nested/4d19ac600cbb70ed9b6e1712b2cbad104f3ca115/docs/proposals/images/quota/plugin.png -------------------------------------------------------------------------------- /docs/proposals/out-of-tree.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes-retired/cluster-api-provider-nested/4d19ac600cbb70ed9b6e1712b2cbad104f3ca115/docs/proposals/out-of-tree.png -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module sigs.k8s.io/cluster-api-provider-nested 2 | 3 | go 1.16 4 | 5 | require ( 6 | github.com/go-logr/logr v0.4.0 7 | github.com/onsi/ginkgo v1.16.4 8 | github.com/onsi/gomega v1.14.0 9 | github.com/pkg/errors v0.9.1 10 | github.com/spf13/pflag v1.0.5 11 | gopkg.in/yaml.v2 v2.4.0 12 | k8s.io/api v0.21.9 13 | k8s.io/apimachinery v0.21.9 14 | k8s.io/component-base v0.21.9 15 | k8s.io/client-go v0.21.9 16 | k8s.io/klog/v2 v2.10.0 17 | sigs.k8s.io/cluster-api v0.4.0 18 | sigs.k8s.io/controller-runtime v0.9.3 19 | sigs.k8s.io/kubebuilder-declarative-pattern v0.0.0-20210630174303-f77bb4933dfb 20 | ) 21 | -------------------------------------------------------------------------------- /hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | -------------------------------------------------------------------------------- /hack/boilerplate/boilerplate.Dockerfile.txt: -------------------------------------------------------------------------------- 1 | # syntax=docker/dockerfile:1.1-experimental 2 | 3 | # Copyright YEAR The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | -------------------------------------------------------------------------------- /hack/boilerplate/boilerplate.Makefile.txt: -------------------------------------------------------------------------------- 1 | # Copyright YEAR The Kubernetes Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | -------------------------------------------------------------------------------- /hack/boilerplate/boilerplate.bzl.txt: -------------------------------------------------------------------------------- 1 | # Copyright YEAR The Kubernetes Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | -------------------------------------------------------------------------------- /hack/boilerplate/boilerplate.generatebzl.txt: -------------------------------------------------------------------------------- 1 | # Copyright The Kubernetes Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | -------------------------------------------------------------------------------- /hack/boilerplate/boilerplate.generatego.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | -------------------------------------------------------------------------------- /hack/boilerplate/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright YEAR The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | -------------------------------------------------------------------------------- /hack/boilerplate/boilerplate.py.txt: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | # Copyright YEAR The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | -------------------------------------------------------------------------------- /hack/boilerplate/boilerplate.sh.txt: -------------------------------------------------------------------------------- 1 | # Copyright YEAR The Kubernetes Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | -------------------------------------------------------------------------------- /hack/boilerplate/boilerplate_test.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | # Copyright 2016 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | import boilerplate 18 | import unittest 19 | import StringIO 20 | import os 21 | import sys 22 | 23 | class TestBoilerplate(unittest.TestCase): 24 | """ 25 | Note: run this test from the hack/boilerplate directory. 26 | 27 | $ python -m unittest boilerplate_test 28 | """ 29 | 30 | def test_boilerplate(self): 31 | os.chdir("test/") 32 | 33 | class Args(object): 34 | def __init__(self): 35 | self.filenames = [] 36 | self.rootdir = "." 37 | self.boilerplate_dir = "../" 38 | self.verbose = True 39 | 40 | # capture stdout 41 | old_stdout = sys.stdout 42 | sys.stdout = StringIO.StringIO() 43 | 44 | boilerplate.args = Args() 45 | ret = boilerplate.main() 46 | 47 | output = sorted(sys.stdout.getvalue().split()) 48 | 49 | sys.stdout = old_stdout 50 | 51 | self.assertEquals( 52 | output, ['././fail.go', '././fail.py']) 53 | -------------------------------------------------------------------------------- /hack/boilerplate/test/fail.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2014 The Kubernetes Authors. 3 | 4 | fail 5 | 6 | Licensed under the Apache License, Version 2.0 (the "License"); 7 | you may not use this file except in compliance with the License. 8 | You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, software 13 | distributed under the License is distributed on an "AS IS" BASIS, 14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | See the License for the specific language governing permissions and 16 | limitations under the License. 17 | */ 18 | 19 | // Package test contains test boilerplate. 20 | package test 21 | -------------------------------------------------------------------------------- /hack/boilerplate/test/fail.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | # Copyright 2015 The Kubernetes Authors. 4 | # 5 | # failed 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | -------------------------------------------------------------------------------- /hack/boilerplate/test/pass.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2014 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package test 18 | -------------------------------------------------------------------------------- /hack/boilerplate/test/pass.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | # Copyright 2015 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | True 18 | -------------------------------------------------------------------------------- /hack/ensure-go.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2019 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | # Ensure the go tool exists and is a viable version. 22 | verify_go_version() { 23 | if [[ -z "$(command -v go)" ]]; then 24 | cat <&2 35 | done 36 | 37 | exit 1 38 | fi 39 | -------------------------------------------------------------------------------- /metadata.yaml: -------------------------------------------------------------------------------- 1 | # maps release series of major.minor to cluster-api contract version 2 | # the contract version may change between minor or major versions, but *not* 3 | # between patch versions. 4 | # 5 | # update this file only when a new major or minor version is released 6 | apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 7 | releaseSeries: 8 | - major: 0 9 | minor: 1 10 | contract: v1alpha4 -------------------------------------------------------------------------------- /scripts/ci-build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright 2021 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | REPO_ROOT=$(dirname "${BASH_SOURCE[0]}")/.. 22 | # shellcheck source=../hack/ensure-go.sh 23 | source "${REPO_ROOT}/hack/ensure-go.sh" 24 | 25 | cd "${REPO_ROOT}" && make binaries 26 | 27 | cd "${REPO_ROOT}/virtualcluster/" && \ 28 | make build 29 | -------------------------------------------------------------------------------- /scripts/ci-make.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright 2021 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | REPO_ROOT=$(dirname "${BASH_SOURCE[0]}")/.. 22 | # shellcheck source=../hack/ensure-go.sh 23 | source "${REPO_ROOT}/hack/ensure-go.sh" 24 | 25 | cd "${REPO_ROOT}" && make docker-build 26 | 27 | cd "${REPO_ROOT}/virtualcluster/" && \ 28 | make build-images 29 | -------------------------------------------------------------------------------- /scripts/ci-test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright 2021 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | REPO_ROOT=$(dirname "${BASH_SOURCE[0]}")/.. 22 | # shellcheck source=../hack/ensure-go.sh 23 | source "${REPO_ROOT}/hack/ensure-go.sh" 24 | 25 | source ./scripts/fetch_ext_bins.sh && \ 26 | fetch_tools && \ 27 | setup_envs && \ 28 | 29 | cd "${REPO_ROOT}" && \ 30 | make generate test 31 | 32 | echo "===================" 33 | echo "Test virtualcluster" 34 | 35 | cd "${REPO_ROOT}/virtualcluster/" && \ 36 | make test 37 | -------------------------------------------------------------------------------- /virtualcluster/.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # Binaries for programs and plugins 3 | *.exe 4 | *.exe~ 5 | *.dll 6 | *.so 7 | *.dylib 8 | _output 9 | coverage 10 | 11 | # Test binary, build with `go test -c` 12 | *.test 13 | 14 | # Output of the go coverage tool, specifically when used with LiteIDE 15 | *.out 16 | 17 | # Kubernetes Generated files - skip generated files, except for vendored files 18 | 19 | vendor/ 20 | 21 | # editor and IDE paraphernalia 22 | .idea 23 | *.swp 24 | *.swo 25 | *~ 26 | -------------------------------------------------------------------------------- /virtualcluster/Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax=docker/dockerfile:1.1-experimental 2 | 3 | # Copyright 2021 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # Build the manager binary 18 | FROM golang:1.16.2 as builder 19 | 20 | ENV GO111MODULE=on 21 | 22 | WORKDIR /go/virtualcluster 23 | 24 | COPY go.mod . 25 | COPY go.sum . 26 | 27 | RUN go mod download 28 | 29 | COPY pkg/ pkg/ 30 | COPY cmd/ cmd/ 31 | 32 | # Build 33 | RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o manager sigs.k8s.io/cluster-api-provider-nested/virtualcluster/cmd/manager 34 | 35 | # Copy the controller-manager into a thin image 36 | FROM ubuntu:latest 37 | WORKDIR / 38 | COPY --from=builder /go/virtualcluster/manager . 39 | ENTRYPOINT ["/manager"] 40 | -------------------------------------------------------------------------------- /virtualcluster/OWNERS: -------------------------------------------------------------------------------- 1 | # See the OWNERS docs: https://git.k8s.io/community/contributors/guide/owners.md 2 | 3 | approvers: 4 | - charleszheng44 5 | - christopherhein 6 | - Fei-Guo 7 | - zhuangqh 8 | 9 | reviewers: 10 | - charleszheng44 11 | - christopherhein 12 | - Fei-Guo 13 | - zhuangqh 14 | -------------------------------------------------------------------------------- /virtualcluster/PROJECT: -------------------------------------------------------------------------------- 1 | version: "1" 2 | domain: x-k8s.io 3 | projectName: virtualcluster 4 | repo: sigs.k8s.io/cluster-api-provider-nested/virtualcluster 5 | -------------------------------------------------------------------------------- /virtualcluster/cmd/kubectl-vc/root.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package main 18 | 19 | import ( 20 | "fmt" 21 | "os" 22 | 23 | "github.com/spf13/cobra" 24 | _ "k8s.io/client-go/plugin/pkg/client/auth" 25 | 26 | "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/version" 27 | ) 28 | 29 | func main() { 30 | f, err := NewFactory() 31 | if err != nil { 32 | fmt.Fprintf(os.Stderr, "failed to new client factory: %v", err) 33 | os.Exit(1) 34 | } 35 | 36 | rootCmd := &cobra.Command{ 37 | Use: "kubectl-vc", 38 | Short: "VirtualCluster Command tool", 39 | Version: version.BriefVersion(), 40 | RunE: runHelp, 41 | } 42 | 43 | rootCmd.AddCommand(NewCmdCreate(f)) 44 | rootCmd.AddCommand(NewCmdExec(f)) 45 | 46 | CheckErr(rootCmd.Execute()) 47 | } 48 | 49 | func runHelp(cmd *cobra.Command, args []string) error { 50 | return cmd.Help() 51 | } 52 | -------------------------------------------------------------------------------- /virtualcluster/cmd/syncer/builtins.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package main 18 | 19 | import ( 20 | _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/resources/configmap" 21 | _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/resources/endpoints" 22 | _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/resources/event" 23 | _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/resources/namespace" 24 | _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/resources/node" 25 | _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/resources/persistentvolume" 26 | _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/resources/persistentvolumeclaim" 27 | _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/resources/pod" 28 | _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/resources/secret" 29 | _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/resources/service" 30 | _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/resources/serviceaccount" 31 | _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/resources/storageclass" 32 | ) 33 | -------------------------------------------------------------------------------- /virtualcluster/cmd/syncer/builtins_extra.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package main 18 | 19 | import ( 20 | _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/resources/crd" 21 | _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/resources/ingress" 22 | _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/resources/priorityclass" 23 | ) 24 | -------------------------------------------------------------------------------- /virtualcluster/cmd/syncer/main.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package main 18 | 19 | import ( 20 | "math/rand" 21 | "os" 22 | "time" 23 | 24 | genericapiserver "k8s.io/apiserver/pkg/server" 25 | "k8s.io/component-base/logs" 26 | 27 | "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/cmd/syncer/app" 28 | ) 29 | 30 | func mainMethod() error { 31 | rand.Seed(time.Now().UTC().UnixNano()) 32 | 33 | logs.InitLogs() 34 | defer logs.FlushLogs() 35 | 36 | stopChan := genericapiserver.SetupSignalHandler() 37 | 38 | return app.NewSyncerCommand(stopChan).Execute() 39 | } 40 | 41 | func main() { 42 | if mainMethod() != nil { 43 | os.Exit(1) 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /virtualcluster/cmd/vn-agent/main.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package main 18 | 19 | import ( 20 | "math/rand" 21 | "os" 22 | "time" 23 | 24 | genericapiserver "k8s.io/apiserver/pkg/server" 25 | "k8s.io/component-base/logs" 26 | 27 | "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/cmd/vn-agent/app" 28 | ) 29 | 30 | func mainMethod() error { 31 | rand.Seed(time.Now().UTC().UnixNano()) 32 | 33 | logs.InitLogs() 34 | defer logs.FlushLogs() 35 | 36 | stopChan := genericapiserver.SetupSignalHandler() 37 | 38 | return app.NewVnAgentCommand(stopChan).Execute() 39 | } 40 | 41 | func main() { 42 | if mainMethod() != nil { 43 | os.Exit(1) 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /virtualcluster/config/crd/tenancy.x-k8s.io_clusterversions.yaml: -------------------------------------------------------------------------------- 1 | 2 | --- 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | controller-gen.kubebuilder.io/version: v0.4.1 8 | creationTimestamp: null 9 | name: clusterversions.tenancy.x-k8s.io 10 | spec: 11 | group: tenancy.x-k8s.io 12 | names: 13 | kind: ClusterVersion 14 | listKind: ClusterVersionList 15 | plural: clusterversions 16 | shortNames: 17 | - cv 18 | singular: clusterversion 19 | scope: Cluster 20 | versions: 21 | - name: v1alpha1 22 | schema: 23 | openAPIV3Schema: 24 | type: object 25 | x-kubernetes-preserve-unknown-fields: true 26 | served: true 27 | storage: true 28 | status: 29 | acceptedNames: 30 | kind: "" 31 | plural: "" 32 | conditions: [] 33 | storedVersions: [] 34 | -------------------------------------------------------------------------------- /virtualcluster/config/default/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # Adds namespace to all resources. 2 | namespace: virtualcluster-system 3 | 4 | # Value of this field is prepended to the 5 | # names of all resources, e.g. a deployment named 6 | # "wordpress" becomes "alices-wordpress". 7 | # Note that it should also match with the prefix (text before '-') of the namespace 8 | # field above. 9 | namePrefix: virtualcluster- 10 | 11 | # Labels to add to all resources and selectors. 12 | #commonLabels: 13 | # someName: someValue 14 | 15 | # Each entry in this list must resolve to an existing 16 | # resource definition in YAML. These are the resource 17 | # files that kustomize reads, modifies and emits as a 18 | # YAML string, with resources separated by document 19 | # markers ("---"). 20 | resources: 21 | - ../rbac/rbac_role.yaml 22 | - ../rbac/rbac_role_binding.yaml 23 | - ../manager/manager.yaml 24 | # Comment the following 3 lines if you want to disable 25 | # the auth proxy (https://github.com/brancz/kube-rbac-proxy) 26 | # which protects your /metrics endpoint. 27 | - ../rbac/auth_proxy_service.yaml 28 | - ../rbac/auth_proxy_role.yaml 29 | - ../rbac/auth_proxy_role_binding.yaml 30 | 31 | patches: 32 | - manager_image_patch.yaml 33 | # Protect the /metrics endpoint by putting it behind auth. 34 | # Only one of manager_auth_proxy_patch.yaml and 35 | # manager_prometheus_metrics_patch.yaml should be enabled. 36 | - manager_auth_proxy_patch.yaml 37 | # If you want your controller-manager to expose the /metrics 38 | # endpoint w/o any authn/z, uncomment the following line and 39 | # comment manager_auth_proxy_patch.yaml. 40 | # Only one of manager_auth_proxy_patch.yaml and 41 | # manager_prometheus_metrics_patch.yaml should be enabled. 42 | #- manager_prometheus_metrics_patch.yaml 43 | 44 | vars: 45 | - name: WEBHOOK_SECRET_NAME 46 | objref: 47 | kind: Secret 48 | name: webhook-server-secret 49 | apiVersion: v1 50 | -------------------------------------------------------------------------------- /virtualcluster/config/default/manager_auth_proxy_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch inject a sidecar container which is a HTTP proxy for the controller manager, 2 | # it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. 3 | apiVersion: apps/v1 4 | kind: StatefulSet 5 | metadata: 6 | name: controller-manager 7 | namespace: system 8 | spec: 9 | template: 10 | spec: 11 | containers: 12 | - name: kube-rbac-proxy 13 | image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0 14 | args: 15 | - "--secure-listen-address=0.0.0.0:8443" 16 | - "--upstream=http://127.0.0.1:8080/" 17 | - "--logtostderr=true" 18 | - "--v=10" 19 | ports: 20 | - containerPort: 8443 21 | name: https 22 | - name: manager 23 | args: 24 | - "--metrics-addr=127.0.0.1:8080" 25 | -------------------------------------------------------------------------------- /virtualcluster/config/default/manager_image_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: StatefulSet 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | # Change the value of image field below to your controller image URL 11 | - image: IMAGE_URL 12 | name: manager 13 | -------------------------------------------------------------------------------- /virtualcluster/config/default/manager_prometheus_metrics_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch enables Prometheus scraping for the manager pod. 2 | apiVersion: apps/v1 3 | kind: StatefulSet 4 | metadata: 5 | name: controller-manager 6 | namespace: system 7 | spec: 8 | template: 9 | metadata: 10 | annotations: 11 | prometheus.io/scrape: 'true' 12 | spec: 13 | containers: 14 | # Expose the prometheus metrics on default port 15 | - name: manager 16 | ports: 17 | - containerPort: 8080 18 | name: metrics 19 | protocol: TCP 20 | -------------------------------------------------------------------------------- /virtualcluster/config/rbac/auth_proxy_role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | name: proxy-role 5 | rules: 6 | - apiGroups: ["authentication.k8s.io"] 7 | resources: 8 | - tokenreviews 9 | verbs: ["create"] 10 | - apiGroups: ["authorization.k8s.io"] 11 | resources: 12 | - subjectaccessreviews 13 | verbs: ["create"] 14 | -------------------------------------------------------------------------------- /virtualcluster/config/rbac/auth_proxy_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: proxy-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: proxy-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: default 12 | namespace: system 13 | -------------------------------------------------------------------------------- /virtualcluster/config/rbac/auth_proxy_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | annotations: 5 | prometheus.io/port: "8443" 6 | prometheus.io/scheme: https 7 | prometheus.io/scrape: "true" 8 | labels: 9 | control-plane: controller-manager 10 | controller-tools.k8s.io: "1.0" 11 | name: controller-manager-metrics-service 12 | namespace: kube-system 13 | spec: 14 | ports: 15 | - name: https 16 | port: 8443 17 | targetPort: https 18 | selector: 19 | control-plane: controller-manager 20 | controller-tools.k8s.io: "1.0" 21 | -------------------------------------------------------------------------------- /virtualcluster/config/rbac/rbac_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | creationTimestamp: null 5 | name: manager-rolebinding 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: ClusterRole 9 | name: manager-role 10 | subjects: 11 | - kind: ServiceAccount 12 | name: default 13 | namespace: system 14 | -------------------------------------------------------------------------------- /virtualcluster/config/sampleswithspec/example_foo.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: samplecontroller.k8s.io/v1alpha1 2 | kind: Foo 3 | metadata: 4 | name: example-foo 5 | spec: 6 | deploymentName: example-foo 7 | replicas: 1 -------------------------------------------------------------------------------- /virtualcluster/config/sampleswithspec/virtualcluster_1_loadbalancer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tenancy.x-k8s.io/v1alpha1 2 | kind: VirtualCluster 3 | metadata: 4 | labels: 5 | controller-tools.k8s.io: "1.0" 6 | name: vc-sample-1 7 | namespace: default 8 | spec: 9 | clusterDomain: cluster.local 10 | clusterVersionName: cv-sample-lb 11 | # will expire in one year 12 | pkiExpireDays: 365 13 | opaqueMetaPrefixes: 14 | - "tenancy.x-k8s.io" 15 | transparentMetaPrefixes: 16 | - "k8s.net.status" 17 | -------------------------------------------------------------------------------- /virtualcluster/config/sampleswithspec/virtualcluster_1_nodeport.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tenancy.x-k8s.io/v1alpha1 2 | kind: VirtualCluster 3 | metadata: 4 | labels: 5 | controller-tools.k8s.io: "1.0" 6 | name: vc-sample-1 7 | namespace: default 8 | spec: 9 | clusterDomain: cluster.local 10 | clusterVersionName: cv-sample-np 11 | # will expire in one year 12 | pkiExpireDays: 365 13 | opaqueMetaPrefixes: 14 | - "tenancy.x-k8s.io" 15 | transparentMetaPrefixes: 16 | - "k8s.net.status" 17 | -------------------------------------------------------------------------------- /virtualcluster/config/sampleswithspec/virtualcluster_capi.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: tenancy.x-k8s.io/v1alpha1 2 | kind: VirtualCluster 3 | metadata: 4 | name: vc-sample-1 5 | annotations: 6 | cluster.x-k8s.io/name: cluster-sample 7 | tenancy.x-k8s.io/secret.admin-kubeconfig: cluster-sample-kubeconfig 8 | spec: 9 | clusterVersionName: "capi" 10 | opaqueMetaPrefixes: 11 | - "tenancy.x-k8s.io" 12 | transparentMetaPrefixes: 13 | - "k8s.net.status" 14 | -------------------------------------------------------------------------------- /virtualcluster/doc/images/cr-syncer.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes-retired/cluster-api-provider-nested/4d19ac600cbb70ed9b6e1712b2cbad104f3ca115/virtualcluster/doc/images/cr-syncer.png -------------------------------------------------------------------------------- /virtualcluster/doc/vc-icdcs.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes-retired/cluster-api-provider-nested/4d19ac600cbb70ed9b6e1712b2cbad104f3ca115/virtualcluster/doc/vc-icdcs.pdf -------------------------------------------------------------------------------- /virtualcluster/experiment/.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # Binaries for programs and plugins 3 | *.exe 4 | *.exe~ 5 | *.dll 6 | *.so 7 | *.dylib 8 | _output 9 | coverage 10 | 11 | # Test binary, build with `go test -c` 12 | *.test 13 | 14 | # Output of the go coverage tool, specifically when used with LiteIDE 15 | *.out 16 | 17 | # Kubernetes Generated files - skip generated files, except for vendored files 18 | 19 | vendor/ 20 | 21 | # editor and IDE paraphernalia 22 | .idea 23 | *.swp 24 | *.swo 25 | *~ 26 | -------------------------------------------------------------------------------- /virtualcluster/experiment/Makefile: -------------------------------------------------------------------------------- 1 | # Explicitly opt into go modules, even though we're inside a GOPATH directory 2 | export GO111MODULE=on 3 | 4 | # Image URL to use all building/pushing image targets 5 | DOCKER_REG ?= ${or ${VC_DOCKER_REGISTRY},"virtualcluster"} 6 | IMG ?= ${DOCKER_REG}/scheduler-amd64 7 | 8 | # TEST_FLAGS used as flags of go test. 9 | TEST_FLAGS ?= -v --race 10 | 11 | 12 | # CRD_OPTIONS ?= "crd:trivialVersions=true" 13 | CRD_OPTIONS ?= "crd:trivialVersions=true,maxDescLen=0" 14 | 15 | .PHONY: all 16 | all: build 17 | 18 | build: 19 | hack/make-rules/build.sh $(WHAT) 20 | 21 | .PHONY: clean 22 | clean: ## clean to remove bin/* and files created by module 23 | @go mod tidy 24 | @rm -rf _output/* 25 | @rm -rf coverage/* 26 | 27 | # Run go fmt against code 28 | fmt: 29 | go fmt ./pkg/... ./cmd/... 30 | 31 | # Run go vet against code 32 | vet: 33 | go vet ./pkg/... ./cmd/... 34 | 35 | 36 | # Build docker image. 37 | # 38 | # 1. build all binaries. 39 | # 2. copy binaries to the corresponding docker image. 40 | build-images: 41 | hack/make-rules/release-images.sh $(WHAT) 42 | 43 | # Push the docker image 44 | docker-push: 45 | $(foreach i,$(IMG),docker push $i;) 46 | -------------------------------------------------------------------------------- /virtualcluster/experiment/OWNERS: -------------------------------------------------------------------------------- 1 | # See the OWNERS docs: https://git.k8s.io/community/contributors/guide/owners.md 2 | 3 | approvers: 4 | - Fei-Guo 5 | - zhuangqh 6 | 7 | reviewers: 8 | - zhuangqh 9 | - Fei-Guo 10 | - christopherhein 11 | -------------------------------------------------------------------------------- /virtualcluster/experiment/cmd/scheduler/main.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package main 18 | 19 | import ( 20 | "os" 21 | 22 | genericapiserver "k8s.io/apiserver/pkg/server" 23 | "k8s.io/component-base/logs" 24 | 25 | "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/experiment/cmd/scheduler/app" 26 | ) 27 | 28 | func mainMethod() error { 29 | logs.InitLogs() 30 | defer logs.FlushLogs() 31 | 32 | stopChan := genericapiserver.SetupSignalHandler() 33 | 34 | return app.NewSchedulerCommand(stopChan).Execute() 35 | } 36 | 37 | func main() { 38 | if mainMethod() != nil { 39 | os.Exit(1) 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /virtualcluster/experiment/cmd/scheduler/superclusterresources.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package main 18 | 19 | import ( 20 | _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/experiment/pkg/scheduler/resource/supercluster/namespace" 21 | ) 22 | -------------------------------------------------------------------------------- /virtualcluster/experiment/cmd/scheduler/virtualclusterresource.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package main 18 | 19 | import ( 20 | _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/experiment/pkg/scheduler/resource/virtualcluster/namespace" 21 | _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/experiment/pkg/scheduler/resource/virtualcluster/pod" 22 | _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/experiment/pkg/scheduler/resource/virtualcluster/resourcequota" 23 | ) 24 | -------------------------------------------------------------------------------- /virtualcluster/experiment/config/setup/cluster-id.yaml.sed: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | id: CLUSTER_ID 4 | kind: ConfigMap 5 | metadata: 6 | name: supercluster-info 7 | namespace: kube-system 8 | -------------------------------------------------------------------------------- /virtualcluster/experiment/config/setup/deploy-cluster-id.sh: -------------------------------------------------------------------------------- 1 | CLUSTER_ID=$1 2 | 3 | if [[ -z $CLUSTER_ID ]]; then 4 | echo "cluster id cannot be empty" 5 | exit 1 6 | fi 7 | 8 | DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )" 9 | YAML_TEMPLATE="$DIR/cluster-id.yaml.sed" 10 | 11 | sed -e "s/CLUSTER_ID/$CLUSTER_ID/g" \ 12 | "${YAML_TEMPLATE}" -------------------------------------------------------------------------------- /virtualcluster/experiment/config/setup/deploy-syncer.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | 4 | show_help () { 5 | cat << USAGE 6 | usage: $0 [ -s SYNCER_NAME ] [ -c SUPER_CLUSTER_CONFIG ] [ -t YAML-TEMPLATE ] 7 | -s : the vc-syncer deployment name. 8 | -c : the super cluster configmap name. 9 | USAGE 10 | exit 0 11 | } 12 | 13 | DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )" 14 | YAML_TEMPLATE="$DIR/syncer.yaml.sed" 15 | 16 | while getopts "hs:c:" opt; do 17 | case "$opt" in 18 | h) show_help 19 | ;; 20 | s) SYNCER_NAME="$OPTARG" 21 | ;; 22 | c) SUPER_CLUSTER_CONFIG=$OPTARG 23 | ;; 24 | t) YAML_TEMPLATE=$OPTARG 25 | ;; 26 | esac 27 | done 28 | 29 | if [[ -z $SYNCER_NAME ]]; then 30 | echo "vc-syncer name cannot be empty" 31 | show_help 32 | exit 1 33 | fi 34 | 35 | if [[ -z $SUPER_CLUSTER_CONFIG ]]; then 36 | echo "super cluster config cannot be empty" 37 | show_help 38 | exit 1 39 | fi 40 | 41 | sed -e "s/SYNCER_NAME/$SYNCER_NAME/g" \ 42 | -e "s/SUPER_CLUSTER_CONFIG/$SUPER_CLUSTER_CONFIG/g" \ 43 | "${YAML_TEMPLATE}" 44 | -------------------------------------------------------------------------------- /virtualcluster/experiment/doc/demo-arch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kubernetes-retired/cluster-api-provider-nested/4d19ac600cbb70ed9b6e1712b2cbad104f3ca115/virtualcluster/experiment/doc/demo-arch.png -------------------------------------------------------------------------------- /virtualcluster/experiment/hack/lib/init.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2020 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | export GO111MODULE=on 22 | 23 | VC_EXPERIMENT_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd -P)" 24 | VC_EXPERIMENT_OUTPUT_DIR=${VC_EXPERIMENT_ROOT}/_output/ 25 | VC_EXPERIMENT_BIN_DIR=${VC_EXPERIMENT_OUTPUT_DIR}/bin/ 26 | VC_EXPERIMENT_RELEASE_DIR=${VC_EXPERIMENT_OUTPUT_DIR}/release/ 27 | 28 | readonly VC_DOCKER_REGISTRY="${VC_DOCKER_REGISTRY:-virtualcluster}" 29 | readonly VC_BASE_IMAGE_REGISTRY="${VC_BASE_IMAGE_REGISTRY:-k8s.gcr.io}" 30 | 31 | DOCKER="docker" 32 | 33 | source "${VC_EXPERIMENT_ROOT}/hack/lib/build.sh" 34 | source "${VC_EXPERIMENT_ROOT}/hack/lib/docker-image.sh" 35 | source "${VC_EXPERIMENT_ROOT}/hack/lib/util.sh" 36 | -------------------------------------------------------------------------------- /virtualcluster/experiment/hack/lib/util.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2020 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # Wait for background jobs to finish. Return with 18 | # an error status if any of the jobs failed. 19 | wait-for-jobs() { 20 | local fail=0 21 | local job 22 | for job in $(jobs -p); do 23 | wait "${job}" || fail=$((fail + 1)) 24 | done 25 | return ${fail} 26 | } 27 | -------------------------------------------------------------------------------- /virtualcluster/experiment/hack/make-rules/build.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2020 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | VC_EXPERIMENT_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd -P)" 18 | source "${VC_EXPERIMENT_ROOT}/hack/lib/init.sh" 19 | 20 | build_binaries "$@" 21 | -------------------------------------------------------------------------------- /virtualcluster/experiment/hack/make-rules/release-images.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2020 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | VC_EXPERIMENT_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd -P)" 18 | source "${VC_EXPERIMENT_ROOT}/hack/lib/init.sh" 19 | 20 | build_binaries "$@" 21 | build_images "$@" 22 | -------------------------------------------------------------------------------- /virtualcluster/experiment/pkg/apis/cluster/v1alpha4/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // +k8s:deepcopy-gen=package 18 | // +groupName=cluster.x-k8s.io 19 | 20 | package v1alpha4 21 | -------------------------------------------------------------------------------- /virtualcluster/experiment/pkg/apis/cluster/v1alpha4/register.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1alpha4 18 | 19 | import ( 20 | "k8s.io/apimachinery/pkg/runtime/schema" 21 | "sigs.k8s.io/controller-runtime/pkg/scheme" 22 | ) 23 | 24 | var ( 25 | // SchemeGroupVersion is group version used to register these objects 26 | SchemeGroupVersion = schema.GroupVersion{Group: "cluster.x-k8s.io", Version: "v1alpha4"} 27 | 28 | // SchemeBuilder is used to add go types to the GroupVersionKind scheme 29 | SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion} 30 | 31 | // AddToScheme is required by pkg/client/... 32 | AddToScheme = SchemeBuilder.AddToScheme 33 | ) 34 | 35 | // Resource is required by pkg/client/listers/... 36 | func Resource(resource string) schema.GroupResource { 37 | return SchemeGroupVersion.WithResource(resource).GroupResource() 38 | } 39 | -------------------------------------------------------------------------------- /virtualcluster/experiment/pkg/client/clientset/versioned/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // This package has the automatically generated clientset. 20 | package versioned 21 | -------------------------------------------------------------------------------- /virtualcluster/experiment/pkg/client/clientset/versioned/fake/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // This package has the automatically generated fake clientset. 20 | package fake 21 | -------------------------------------------------------------------------------- /virtualcluster/experiment/pkg/client/clientset/versioned/scheme/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // This package contains the scheme of the automatically generated clientset. 20 | package scheme 21 | -------------------------------------------------------------------------------- /virtualcluster/experiment/pkg/client/clientset/versioned/typed/cluster/v1alpha4/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // This package has the automatically generated typed clients. 20 | package v1alpha4 21 | -------------------------------------------------------------------------------- /virtualcluster/experiment/pkg/client/clientset/versioned/typed/cluster/v1alpha4/fake/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // Package fake has the automatically generated clients. 20 | package fake 21 | -------------------------------------------------------------------------------- /virtualcluster/experiment/pkg/client/clientset/versioned/typed/cluster/v1alpha4/fake/fake_cluster_client.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | package fake 20 | 21 | import ( 22 | rest "k8s.io/client-go/rest" 23 | testing "k8s.io/client-go/testing" 24 | v1alpha4 "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/experiment/pkg/client/clientset/versioned/typed/cluster/v1alpha4" 25 | ) 26 | 27 | type FakeClusterV1alpha4 struct { 28 | *testing.Fake 29 | } 30 | 31 | func (c *FakeClusterV1alpha4) Clusters(namespace string) v1alpha4.ClusterInterface { 32 | return &FakeClusters{c, namespace} 33 | } 34 | 35 | // RESTClient returns a RESTClient that is used to communicate 36 | // with API server by this client implementation. 37 | func (c *FakeClusterV1alpha4) RESTClient() rest.Interface { 38 | var ret *rest.RESTClient 39 | return ret 40 | } 41 | -------------------------------------------------------------------------------- /virtualcluster/experiment/pkg/client/clientset/versioned/typed/cluster/v1alpha4/generated_expansion.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | package v1alpha4 20 | 21 | type ClusterExpansion interface{} 22 | -------------------------------------------------------------------------------- /virtualcluster/experiment/pkg/client/informers/externalversions/cluster/v1alpha4/interface.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by informer-gen. DO NOT EDIT. 18 | 19 | package v1alpha4 20 | 21 | import ( 22 | internalinterfaces "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/experiment/pkg/client/informers/externalversions/internalinterfaces" 23 | ) 24 | 25 | // Interface provides access to all the informers in this group version. 26 | type Interface interface { 27 | // Clusters returns a ClusterInformer. 28 | Clusters() ClusterInformer 29 | } 30 | 31 | type version struct { 32 | factory internalinterfaces.SharedInformerFactory 33 | namespace string 34 | tweakListOptions internalinterfaces.TweakListOptionsFunc 35 | } 36 | 37 | // New returns a new Interface. 38 | func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { 39 | return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} 40 | } 41 | 42 | // Clusters returns a ClusterInformer. 43 | func (v *version) Clusters() ClusterInformer { 44 | return &clusterInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} 45 | } 46 | -------------------------------------------------------------------------------- /virtualcluster/experiment/pkg/client/informers/externalversions/internalinterfaces/factory_interfaces.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by informer-gen. DO NOT EDIT. 18 | 19 | package internalinterfaces 20 | 21 | import ( 22 | time "time" 23 | 24 | v1 "k8s.io/apimachinery/pkg/apis/meta/v1" 25 | runtime "k8s.io/apimachinery/pkg/runtime" 26 | cache "k8s.io/client-go/tools/cache" 27 | versioned "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/experiment/pkg/client/clientset/versioned" 28 | ) 29 | 30 | // NewInformerFunc takes versioned.Interface and time.Duration to return a SharedIndexInformer. 31 | type NewInformerFunc func(versioned.Interface, time.Duration) cache.SharedIndexInformer 32 | 33 | // SharedInformerFactory a small interface to allow for adding an informer without an import cycle 34 | type SharedInformerFactory interface { 35 | Start(stopCh <-chan struct{}) 36 | InformerFor(obj runtime.Object, newFunc NewInformerFunc) cache.SharedIndexInformer 37 | } 38 | 39 | // TweakListOptionsFunc is a function that transforms a v1.ListOptions. 40 | type TweakListOptionsFunc func(*v1.ListOptions) 41 | -------------------------------------------------------------------------------- /virtualcluster/experiment/pkg/client/listers/cluster/v1alpha4/expansion_generated.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by lister-gen. DO NOT EDIT. 18 | 19 | package v1alpha4 20 | 21 | // ClusterListerExpansion allows custom methods to be added to 22 | // ClusterLister. 23 | type ClusterListerExpansion interface{} 24 | 25 | // ClusterNamespaceListerExpansion allows custom methods to be added to 26 | // ClusterNamespaceLister. 27 | type ClusterNamespaceListerExpansion interface{} 28 | -------------------------------------------------------------------------------- /virtualcluster/experiment/pkg/scheduler/algorithm/types.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package algorithm 18 | 19 | import ( 20 | corev1 "k8s.io/api/core/v1" 21 | ) 22 | 23 | // SliceInfo is the input to the algorithm. 24 | type SliceInfo struct { 25 | Namespace string // namespace key 26 | Request corev1.ResourceList 27 | Mandatory string // if not empty, it is the cluster that the slice should go if all checks are passed 28 | Hint string // if not empty, it is the preferred cluster 29 | 30 | Result string // scheduled cluster name 31 | Err error 32 | } 33 | 34 | // SliceInfoArray is the list of SliceInfo. 35 | type SliceInfoArray []*SliceInfo 36 | 37 | // Repeat adds the request to SliceInfoArray one more time. 38 | func (s *SliceInfoArray) Repeat(n int, namespace string, request corev1.ResourceList, mandatory, hint string) { 39 | for i := 0; i < n; i++ { 40 | *s = append(*s, &SliceInfo{ 41 | Namespace: namespace, 42 | Request: request.DeepCopy(), 43 | Mandatory: mandatory, 44 | Hint: hint, 45 | }) 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /virtualcluster/experiment/pkg/scheduler/apis/config/types.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package config 18 | 19 | import ( 20 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 21 | "k8s.io/client-go/rest" 22 | componentbaseconfig "k8s.io/component-base/config" 23 | ) 24 | 25 | // SchedulerConfiguration configures a vc namespace scheduler. It is read only during scheduler life cycle. 26 | type SchedulerConfiguration struct { 27 | metav1.TypeMeta 28 | 29 | // LeaderElection defines the configuration of leader election client. 30 | LeaderElection SchedulerLeaderElectionConfiguration 31 | 32 | // ClientConnection specifies the kubeconfig file and client connection 33 | // settings for the proxy server to use when communicating with the apiserver. 34 | ClientConnection componentbaseconfig.ClientConnectionConfiguration 35 | 36 | // Super control plane rest config 37 | RestConfig *rest.Config 38 | } 39 | 40 | // SchedulerLeaderElectionConfiguration expands LeaderElectionConfiguration 41 | // to include syncer specific configuration. 42 | type SchedulerLeaderElectionConfiguration struct { 43 | componentbaseconfig.LeaderElectionConfiguration 44 | // LockObjectNamespace defines the namespace of the lock object 45 | LockObjectNamespace string 46 | // LockObjectName defines the lock object name 47 | LockObjectName string 48 | } 49 | -------------------------------------------------------------------------------- /virtualcluster/experiment/pkg/scheduler/cache/interface.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package cache 18 | 19 | import ( 20 | corev1 "k8s.io/api/core/v1" 21 | ) 22 | 23 | type Cache interface { 24 | AddTenant(string) 25 | RemoveTenant(string) error 26 | GetNamespace(string) *Namespace 27 | AddNamespace(*Namespace) error 28 | RemoveNamespace(*Namespace) error 29 | UpdateNamespace(*Namespace, *Namespace) error 30 | AddCluster(*Cluster) error 31 | RemoveCluster(string) error 32 | GetPod(string) *Pod 33 | AddPod(*Pod) error 34 | RemovePod(*Pod) error 35 | AddProvision(string, string, []*Slice) error 36 | RemoveProvision(string, string) error 37 | UpdateClusterCapacity(string, corev1.ResourceList) error 38 | SnapshotForNamespaceSched(...*Namespace) (*NamespaceSchedSnapshot, error) 39 | SnapshotForPodSched(pod *Pod) (*PodSchedSnapshot, error) 40 | Dump() string 41 | } 42 | -------------------------------------------------------------------------------- /virtualcluster/experiment/pkg/scheduler/metrics/metrics.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package metrics 18 | 19 | import ( 20 | "sync" 21 | 22 | "github.com/prometheus/client_golang/prometheus" 23 | _ "k8s.io/component-base/metrics/prometheus/workqueue" // add workqueue metrics 24 | ) 25 | 26 | const ( 27 | SchedulerSubsystem = "scheduler" 28 | SuperClusterHealthKey = "super_cluster_health" 29 | VirtualClusterHealthKey = "virtual_cluster_health" 30 | ) 31 | 32 | var ( 33 | SuperClusterHealthStats = prometheus.NewGaugeVec( 34 | prometheus.GaugeOpts{ 35 | Subsystem: SchedulerSubsystem, 36 | Name: SuperClusterHealthKey, 37 | Help: "Last health scan status for super clusters.", 38 | }, 39 | []string{"status"}, 40 | ) 41 | VirtualClusterHealthStats = prometheus.NewGaugeVec( 42 | prometheus.GaugeOpts{ 43 | Subsystem: SchedulerSubsystem, 44 | Name: VirtualClusterHealthKey, 45 | Help: "Last health scan status for virtual clusters.", 46 | }, 47 | []string{"status"}, 48 | ) 49 | ) 50 | 51 | var registerMetrics sync.Once 52 | 53 | // Register all metrics. 54 | func Register() { 55 | registerMetrics.Do(func() { 56 | prometheus.MustRegister(SuperClusterHealthStats) 57 | prometheus.MustRegister(VirtualClusterHealthStats) 58 | }) 59 | } 60 | -------------------------------------------------------------------------------- /virtualcluster/hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ -------------------------------------------------------------------------------- /virtualcluster/hack/install/install_ci_related.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2020 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -euo pipefail 18 | 19 | cd "$(dirname "${BASH_SOURCE[0]}")" 20 | 21 | # ci_related::install_gocovmerge installs gocovmerge for coverage combine. 22 | ci_related::install_gocovmerge() { 23 | local has_installed 24 | 25 | has_installed="$(command -v gocovmerge || echo false)" 26 | if [[ "${has_installed}" != "false" ]]; then 27 | echo "gocovmerge has been installed." 28 | return 29 | fi 30 | 31 | go get -u github.com/wadey/gocovmerge 32 | } 33 | 34 | main() { 35 | echo "install CI related tools..." 36 | ci_related::install_gocovmerge 37 | echo 38 | } 39 | 40 | main 41 | -------------------------------------------------------------------------------- /virtualcluster/hack/lib/init.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2019 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | export GO111MODULE=on 22 | 23 | VC_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd -P)" 24 | VC_OUTPUT_DIR=${VC_ROOT}/_output/ 25 | VC_BIN_DIR=${VC_OUTPUT_DIR}/bin/ 26 | VC_RELEASE_DIR=${VC_OUTPUT_DIR}/release/ 27 | 28 | readonly VC_DOCKER_REGISTRY="${VC_DOCKER_REGISTRY:-virtualcluster}" 29 | readonly VC_BASE_IMAGE_REGISTRY="${VC_BASE_IMAGE_REGISTRY:-k8s.gcr.io}" 30 | 31 | DOCKER="docker" 32 | 33 | source "${VC_ROOT}/hack/lib/build.sh" 34 | source "${VC_ROOT}/hack/lib/docker-image.sh" 35 | source "${VC_ROOT}/hack/lib/util.sh" 36 | -------------------------------------------------------------------------------- /virtualcluster/hack/lib/util.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2019 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | # Wait for background jobs to finish. Return with 18 | # an error status if any of the jobs failed. 19 | wait-for-jobs() { 20 | local fail=0 21 | local job 22 | for job in $(jobs -p); do 23 | wait "${job}" || fail=$((fail + 1)) 24 | done 25 | return ${fail} 26 | } 27 | 28 | # Replaces the `conditions: null` and `storedVersions: null` to 29 | # `conditions: []` and `storedVersions: []` 30 | # 31 | # NOTE: this is a hack. controller-gen@0.1.1 uses null to 32 | # represent empty array in yaml, which will cause `kubectl apply -f` 33 | # to fail. Due to dependencies issue, we will stick with this version 34 | # of controller-gen for now. 35 | # TODO replace controller-gen, and remove this hack 36 | replace-null() { 37 | for f in config/crd/*; do 38 | sed 's/conditions: null/conditions: []/g; s/storedVersions: null/storedVersions: []/g' $f > $f.tmp 39 | mv $f.tmp $f 40 | done 41 | } 42 | -------------------------------------------------------------------------------- /virtualcluster/hack/make-rules/build.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2019 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | VC_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd -P)" 18 | source "${VC_ROOT}/hack/lib/init.sh" 19 | 20 | build_binaries "$@" 21 | -------------------------------------------------------------------------------- /virtualcluster/hack/make-rules/release-images.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2019 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | VC_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd -P)" 18 | source "${VC_ROOT}/hack/lib/init.sh" 19 | 20 | build_binaries "$@" 21 | build_images "$@" 22 | -------------------------------------------------------------------------------- /virtualcluster/hack/make-rules/replace-null.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2019 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | VC_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd -P)" 18 | source "${VC_ROOT}/hack/lib/init.sh" 19 | 20 | replace-null 21 | -------------------------------------------------------------------------------- /virtualcluster/hack/tools.go: -------------------------------------------------------------------------------- 1 | //go:build tools 2 | // +build tools 3 | 4 | /* 5 | Copyright 2019 The Kubernetes Authors. 6 | Licensed under the Apache License, Version 2.0 (the "License"); 7 | you may not use this file except in compliance with the License. 8 | You may obtain a copy of the License at 9 | http://www.apache.org/licenses/LICENSE-2.0 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // This package imports things required by build scripts, to force `go mod` to see them as dependencies 18 | package tools 19 | 20 | import _ "k8s.io/code-generator" 21 | -------------------------------------------------------------------------------- /virtualcluster/hack/update-codegen.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2020 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | SCRIPT_ROOT=$(dirname "${BASH_SOURCE[0]}")/.. 22 | CODEGEN_PKG=${CODEGEN_PKG:-$(cd "${SCRIPT_ROOT}"; ls -d -1 ./vendor/k8s.io/code-generator 2>/dev/null || echo ../code-generator)} 23 | 24 | # generate the code with: 25 | # --output-base because this script should also be able to run inside the vendor dir of 26 | # k8s.io/kubernetes. The output-base is needed for the generators to output into the vendor dir 27 | # instead of the $GOPATH directly. For normal projects this can be dropped. 28 | bash "${CODEGEN_PKG}"/generate-groups.sh "deepcopy,client,informer,lister" \ 29 | sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/client sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/apis \ 30 | tenancy:v1alpha1 \ 31 | --output-base "$(dirname "${BASH_SOURCE[0]}")/../../../../.." \ 32 | --go-header-file "${SCRIPT_ROOT}"/hack/boilerplate.go.txt 33 | -------------------------------------------------------------------------------- /virtualcluster/pkg/apis/addtoscheme_tenancy_v1alpha1.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package apis 18 | 19 | import ( 20 | "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/apis/tenancy/v1alpha1" 21 | ) 22 | 23 | func init() { 24 | // Register the types with the Scheme so the components can map objects to GroupVersionKinds and back 25 | AddToSchemes = append(AddToSchemes, v1alpha1.SchemeBuilder.AddToScheme) 26 | } 27 | -------------------------------------------------------------------------------- /virtualcluster/pkg/apis/apis.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package apis contains Kubernetes API groups. 18 | package apis 19 | 20 | import ( 21 | "k8s.io/apimachinery/pkg/runtime" 22 | ) 23 | 24 | // AddToSchemes may be used to add all resources defined in the project to a Scheme 25 | var AddToSchemes runtime.SchemeBuilder 26 | 27 | // AddToScheme adds all Resources to the Scheme 28 | func AddToScheme(s *runtime.Scheme) error { 29 | return AddToSchemes.AddToScheme(s) 30 | } 31 | -------------------------------------------------------------------------------- /virtualcluster/pkg/apis/tenancy/group.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package tenancy contains tenancy API versions 18 | package tenancy 19 | -------------------------------------------------------------------------------- /virtualcluster/pkg/apis/tenancy/v1alpha1/clusterversion.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1alpha1 18 | 19 | import "fmt" 20 | 21 | // GetEtcdDomain returns the dns of etcd service, note that, though the 22 | // complete etcd svc dns is {etcdSvcName}.{namespace}.svc.{clusterdomain}, 23 | // this EtcdDomain is only used by apiserver that in the same namespace, 24 | // so the etcdSvcName is adequate 25 | func (cv *ClusterVersion) GetEtcdDomain() string { 26 | return cv.Spec.ETCD.Service.Name 27 | } 28 | 29 | // GetEtcdServers returns the list of hostnames of etcd pods 30 | func (cv *ClusterVersion) GetEtcdServers() (etcdServers []string) { 31 | etcdStsName := cv.Spec.ETCD.StatefulSet.Name 32 | replicas := cv.Spec.ETCD.StatefulSet.Spec.Replicas 33 | var i int32 34 | for ; i < *replicas; i++ { 35 | etcdServers = append(etcdServers, fmt.Sprintf("%s-%d.%s", etcdStsName, i, cv.GetEtcdDomain())) 36 | } 37 | return etcdServers 38 | } 39 | 40 | // GetAPIServerDomain returns the dns of the apiserver service 41 | // 42 | // TODO support NodePort and ClusterIP for accessing apiserver from 43 | // outside the cluster 44 | func (cv *ClusterVersion) GetAPIServerDomain(namespace string) string { 45 | return cv.Spec.APIServer.Service.Name + "." + namespace 46 | } 47 | -------------------------------------------------------------------------------- /virtualcluster/pkg/apis/tenancy/v1alpha1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package v1alpha1 contains API Schema definitions for the tenancy v1alpha1 API group 18 | // +kubebuilder:object:generate=true 19 | // +k8s:openapi-gen=true 20 | // +k8s:deepcopy-gen=package,register 21 | // +k8s:conversion-gen=sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/apis/tenancy 22 | // +k8s:defaulter-gen=TypeMeta 23 | // +groupName=tenancy.x-k8s.io 24 | package v1alpha1 25 | -------------------------------------------------------------------------------- /virtualcluster/pkg/apis/tenancy/v1alpha1/register.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1alpha1 18 | 19 | import ( 20 | "k8s.io/apimachinery/pkg/runtime/schema" 21 | "sigs.k8s.io/controller-runtime/pkg/scheme" 22 | ) 23 | 24 | var ( 25 | // SchemeGroupVersion is group version used to register these objects 26 | SchemeGroupVersion = schema.GroupVersion{Group: "tenancy.x-k8s.io", Version: "v1alpha1"} 27 | 28 | // SchemeBuilder is used to add go types to the GroupVersionKind scheme 29 | SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion} 30 | 31 | // AddToScheme is required by pkg/client/... 32 | AddToScheme = SchemeBuilder.AddToScheme 33 | ) 34 | 35 | // Resource is required by pkg/client/listers/... 36 | func Resource(resource string) schema.GroupResource { 37 | return SchemeGroupVersion.WithResource(resource).GroupResource() 38 | } 39 | -------------------------------------------------------------------------------- /virtualcluster/pkg/apis/tenancy/v1alpha1/v1alpha1_suite_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1alpha1 18 | 19 | import ( 20 | "log" 21 | "os" 22 | "path/filepath" 23 | "testing" 24 | 25 | "k8s.io/client-go/kubernetes/scheme" 26 | "k8s.io/client-go/rest" 27 | "sigs.k8s.io/controller-runtime/pkg/client" 28 | "sigs.k8s.io/controller-runtime/pkg/envtest" 29 | ) 30 | 31 | var cfg *rest.Config 32 | var c client.Client 33 | 34 | func TestMain(m *testing.M) { 35 | t := &envtest.Environment{ 36 | CRDDirectoryPaths: []string{filepath.Join("..", "..", "..", "..", "config", "crds")}, 37 | } 38 | 39 | err := SchemeBuilder.AddToScheme(scheme.Scheme) 40 | if err != nil { 41 | log.Fatal(err) 42 | } 43 | 44 | if cfg, err = t.Start(); err != nil { 45 | log.Fatal(err) 46 | } 47 | 48 | if c, err = client.New(cfg, client.Options{Scheme: scheme.Scheme}); err != nil { 49 | log.Fatal(err) 50 | } 51 | 52 | code := m.Run() 53 | _ = t.Stop() 54 | os.Exit(code) 55 | } 56 | -------------------------------------------------------------------------------- /virtualcluster/pkg/client/clientset/versioned/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by client-gen. DO NOT EDIT. 17 | 18 | // This package has the automatically generated clientset. 19 | package versioned 20 | -------------------------------------------------------------------------------- /virtualcluster/pkg/client/clientset/versioned/fake/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by client-gen. DO NOT EDIT. 17 | 18 | // This package has the automatically generated fake clientset. 19 | package fake 20 | -------------------------------------------------------------------------------- /virtualcluster/pkg/client/clientset/versioned/scheme/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by client-gen. DO NOT EDIT. 17 | 18 | // This package contains the scheme of the automatically generated clientset. 19 | package scheme 20 | -------------------------------------------------------------------------------- /virtualcluster/pkg/client/clientset/versioned/typed/tenancy/v1alpha1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by client-gen. DO NOT EDIT. 17 | 18 | // This package has the automatically generated typed clients. 19 | package v1alpha1 20 | -------------------------------------------------------------------------------- /virtualcluster/pkg/client/clientset/versioned/typed/tenancy/v1alpha1/fake/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by client-gen. DO NOT EDIT. 17 | 18 | // Package fake has the automatically generated clients. 19 | package fake 20 | -------------------------------------------------------------------------------- /virtualcluster/pkg/client/clientset/versioned/typed/tenancy/v1alpha1/fake/fake_tenancy_client.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by client-gen. DO NOT EDIT. 17 | 18 | package fake 19 | 20 | import ( 21 | rest "k8s.io/client-go/rest" 22 | testing "k8s.io/client-go/testing" 23 | v1alpha1 "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/client/clientset/versioned/typed/tenancy/v1alpha1" 24 | ) 25 | 26 | type FakeTenancyV1alpha1 struct { 27 | *testing.Fake 28 | } 29 | 30 | func (c *FakeTenancyV1alpha1) ClusterVersions() v1alpha1.ClusterVersionInterface { 31 | return &FakeClusterVersions{c} 32 | } 33 | 34 | func (c *FakeTenancyV1alpha1) VirtualClusters(namespace string) v1alpha1.VirtualClusterInterface { 35 | return &FakeVirtualClusters{c, namespace} 36 | } 37 | 38 | // RESTClient returns a RESTClient that is used to communicate 39 | // with API server by this client implementation. 40 | func (c *FakeTenancyV1alpha1) RESTClient() rest.Interface { 41 | var ret *rest.RESTClient 42 | return ret 43 | } 44 | -------------------------------------------------------------------------------- /virtualcluster/pkg/client/clientset/versioned/typed/tenancy/v1alpha1/generated_expansion.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by client-gen. DO NOT EDIT. 17 | 18 | package v1alpha1 19 | 20 | type ClusterVersionExpansion interface{} 21 | 22 | type VirtualClusterExpansion interface{} 23 | -------------------------------------------------------------------------------- /virtualcluster/pkg/client/informers/externalversions/internalinterfaces/factory_interfaces.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by informer-gen. DO NOT EDIT. 17 | 18 | package internalinterfaces 19 | 20 | import ( 21 | time "time" 22 | 23 | v1 "k8s.io/apimachinery/pkg/apis/meta/v1" 24 | runtime "k8s.io/apimachinery/pkg/runtime" 25 | cache "k8s.io/client-go/tools/cache" 26 | versioned "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/client/clientset/versioned" 27 | ) 28 | 29 | // NewInformerFunc takes versioned.Interface and time.Duration to return a SharedIndexInformer. 30 | type NewInformerFunc func(versioned.Interface, time.Duration) cache.SharedIndexInformer 31 | 32 | // SharedInformerFactory a small interface to allow for adding an informer without an import cycle 33 | type SharedInformerFactory interface { 34 | Start(stopCh <-chan struct{}) 35 | InformerFor(obj runtime.Object, newFunc NewInformerFunc) cache.SharedIndexInformer 36 | } 37 | 38 | // TweakListOptionsFunc is a function that transforms a v1.ListOptions. 39 | type TweakListOptionsFunc func(*v1.ListOptions) 40 | -------------------------------------------------------------------------------- /virtualcluster/pkg/client/listers/tenancy/v1alpha1/expansion_generated.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | // Code generated by lister-gen. DO NOT EDIT. 17 | 18 | package v1alpha1 19 | 20 | // ClusterVersionListerExpansion allows custom methods to be added to 21 | // ClusterVersionLister. 22 | type ClusterVersionListerExpansion interface{} 23 | 24 | // VirtualClusterListerExpansion allows custom methods to be added to 25 | // VirtualClusterLister. 26 | type VirtualClusterListerExpansion interface{} 27 | 28 | // VirtualClusterNamespaceListerExpansion allows custom methods to be added to 29 | // VirtualClusterNamespaceLister. 30 | type VirtualClusterNamespaceListerExpansion interface{} 31 | -------------------------------------------------------------------------------- /virtualcluster/pkg/controller/constants/constants.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package constants 18 | 19 | const ( 20 | VirtualClusterWebhookCertDir = "/tmp/k8s-webhook-server/serving-certs" 21 | VirtualClusterWebhookPort = 9443 22 | VirtualClusterCAPIName = "cluster.x-k8s.io/name" 23 | ) 24 | -------------------------------------------------------------------------------- /virtualcluster/pkg/controller/controllers/metrics.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2022 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | https://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package controllers 18 | 19 | import ( 20 | "github.com/prometheus/client_golang/prometheus" 21 | ) 22 | 23 | var ( 24 | clustersUpgradedCounter = prometheus.NewCounterVec( 25 | prometheus.CounterOpts{ 26 | Name: "clusters_upgraded", 27 | Help: "Amount of clusters upgraded by reconciler in featuregate.ClusterVersionPartialUpgrade", 28 | }, 29 | []string{"cluster_version", "resource_version"}, 30 | ) 31 | clustersUpgradeFailedCounter = prometheus.NewCounterVec( 32 | prometheus.CounterOpts{ 33 | Name: "clusters_upgrade_failed", 34 | Help: "Amount of clusters failed to upgrade by reconciler in featuregate.ClusterVersionPartialUpgrade", 35 | }, 36 | []string{"cluster_version", "resource_version"}, 37 | ) 38 | clustersUpgradeSeconds = prometheus.NewHistogramVec( 39 | prometheus.HistogramOpts{ 40 | Name: "clusters_upgrade_seconds", 41 | Help: "Duration of cluster upgrade by reconciler in featuregate.ClusterVersionPartialUpgrade", 42 | Buckets: []float64{.1, .5, 1, 5, 10, 20, 30, 60, 90, 120, 300, 600, 900}, 43 | }, 44 | []string{"cluster_version", "resource_version"}, 45 | ) 46 | ) 47 | -------------------------------------------------------------------------------- /virtualcluster/pkg/controller/controllers/provisioner/provisioner.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package provisioner 18 | 19 | import ( 20 | "context" 21 | 22 | tenancyv1alpha1 "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/apis/tenancy/v1alpha1" 23 | ) 24 | 25 | type Provisioner interface { 26 | CreateVirtualCluster(ctx context.Context, vc *tenancyv1alpha1.VirtualCluster) error 27 | DeleteVirtualCluster(ctx context.Context, vc *tenancyv1alpha1.VirtualCluster) error 28 | GetProvisioner() string 29 | // UpgradeVirtualCluster is used to apply current clusterversion if featuregate.VirtualClusterApplyUpdate enabled 30 | UpgradeVirtualCluster(ctx context.Context, vc *tenancyv1alpha1.VirtualCluster) error 31 | } 32 | -------------------------------------------------------------------------------- /virtualcluster/pkg/controller/util/logr/util.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package logr 18 | 19 | import ( 20 | "github.com/go-logr/logr" 21 | "github.com/go-logr/zapr" 22 | "go.uber.org/zap" 23 | ) 24 | 25 | // NewLogger creates a new logr.Logger based on the zap.Logger. If the 'logFile' 26 | // is not empty, log to stderr and the 'logFile', otherwise, log to the stderr 27 | // only. stacktrace indicates whether manager will disable the stacktrace 28 | func NewLogger(logFile string, disableStacktrace bool) (logr.Logger, error) { 29 | cfg := zap.NewProductionConfig() 30 | cfg.OutputPaths = []string{"stderr"} 31 | // logs to both stderr and 'logFile' 32 | if logFile != "" { 33 | cfg.OutputPaths = append(cfg.OutputPaths, logFile) 34 | } 35 | // allow user to disable noisy stacktrace 36 | cfg.DisableStacktrace = disableStacktrace 37 | // the caller will always be zapr.go, which is useless 38 | cfg.DisableCaller = true 39 | zLogr, err := cfg.Build() 40 | if err != nil { 41 | return nil, err 42 | } 43 | return zapr.NewLogger(zLogr), nil 44 | } 45 | -------------------------------------------------------------------------------- /virtualcluster/pkg/controller/util/strings/util.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package strings 18 | 19 | import ( 20 | "strings" 21 | ) 22 | 23 | // ContainString checks if string slice sli contains string s 24 | func ContainString(sli []string, s string) bool { 25 | for _, str := range sli { 26 | if str == s { 27 | return true 28 | } 29 | } 30 | return false 31 | } 32 | 33 | // RemoveString removes string s from the string slice sli 34 | func RemoveString(sli []string, s string) (newSli []string) { 35 | for _, str := range sli { 36 | if str == s { 37 | continue 38 | } 39 | newSli = append(newSli, str) 40 | } 41 | return 42 | } 43 | 44 | // SplitFields splits string s into substrings separated by delimiters in 45 | // rs and returns a slice of the substrings 46 | func SplitFields(s string, rs ...rune) []string { 47 | fn := func(ru rune) bool { 48 | for _, r := range rs { 49 | if ru == r { 50 | return true 51 | } 52 | } 53 | return false 54 | } 55 | return strings.FieldsFunc(s, fn) 56 | } 57 | -------------------------------------------------------------------------------- /virtualcluster/pkg/syncer/conversion/envvars/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2014 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package envvars is the package that build the environment variables that kubernetes provides 18 | // to the containers run by it. 19 | // This package has been copied from k8s.io/kubernetes/pkg/kubelet/envvars@v1.18.6 20 | package envvars // import "k8s.io/kubernetes/pkg/kubelet/envvars" 21 | -------------------------------------------------------------------------------- /virtualcluster/pkg/syncer/patrol/options.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package patrol 18 | 19 | import ( 20 | "time" 21 | 22 | "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/util/reconciler" 23 | ) 24 | 25 | type OptConfig func(*Options) 26 | 27 | // WithOptions set options. 28 | func WithOptions(o *Options) OptConfig { 29 | return func(options *Options) { 30 | if o == nil { 31 | return 32 | } 33 | WithControllerName(o.name)(options) 34 | WithReconciler(o.Reconciler)(options) 35 | WithPeriod(o.Period)(options) 36 | } 37 | } 38 | 39 | // WithControllerName set the controller name. 40 | func WithControllerName(name string) OptConfig { 41 | return func(options *Options) { 42 | if name != "" { 43 | options.name = name 44 | } 45 | } 46 | } 47 | 48 | // WithReconciler set the reconciler. 49 | func WithReconciler(rc reconciler.PatrolReconciler) OptConfig { 50 | return func(options *Options) { 51 | if rc != nil { 52 | options.Reconciler = rc 53 | } 54 | } 55 | } 56 | 57 | // WithPeriod set patrol JitterPeriod. 58 | func WithPeriod(t time.Duration) OptConfig { 59 | return func(options *Options) { 60 | if t > 0 { 61 | options.Period = t 62 | } 63 | } 64 | } 65 | -------------------------------------------------------------------------------- /virtualcluster/pkg/syncer/resources/pod/mutatorplugin/interface.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2022 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package mutatorplugin 18 | 19 | import ( 20 | "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/conversion" 21 | uplugin "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/util/plugin" 22 | ) 23 | 24 | type Interface interface { 25 | Mutator() conversion.PodMutator 26 | } 27 | 28 | var MutatorRegister uplugin.ResourceRegister 29 | -------------------------------------------------------------------------------- /virtualcluster/pkg/syncer/resources/pod/mutatorplugin/podmountserviceaccounttokenmutator.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2022 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package mutatorplugin 18 | 19 | import ( 20 | "k8s.io/utils/pointer" 21 | 22 | "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/apis/config" 23 | "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/conversion" 24 | uplugin "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/util/plugin" 25 | ) 26 | 27 | func init() { 28 | MutatorRegister.Register(&uplugin.Registration{ 29 | ID: "00_PodMountServiceAccountTokenMutator", 30 | InitFn: func(ctx *uplugin.InitContext) (interface{}, error) { 31 | return &PodMountServiceAccountTokenMutatorPlugin{disable: ctx.Config.(*config.SyncerConfiguration).DisableServiceAccountToken}, nil 32 | }, 33 | }) 34 | } 35 | 36 | type PodMountServiceAccountTokenMutatorPlugin struct { 37 | disable bool 38 | } 39 | 40 | func (pl *PodMountServiceAccountTokenMutatorPlugin) Mutator() conversion.PodMutator { 41 | return func(p *conversion.PodMutateCtx) error { 42 | if pl.disable { 43 | p.PPod.Spec.AutomountServiceAccountToken = pointer.BoolPtr(false) 44 | } 45 | return nil 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /virtualcluster/pkg/syncer/resources/pod/mutatorplugin/podservicelinkmutator.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2022 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package mutatorplugin 18 | 19 | import ( 20 | "k8s.io/utils/pointer" 21 | 22 | "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/apis/config" 23 | "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/conversion" 24 | uplugin "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/util/plugin" 25 | ) 26 | 27 | func init() { 28 | MutatorRegister.Register(&uplugin.Registration{ 29 | ID: "00_PodServiceLinkMutator", 30 | InitFn: func(ctx *uplugin.InitContext) (interface{}, error) { 31 | return &PodServiceLinkMutatorPlugin{disable: ctx.Config.(*config.SyncerConfiguration).DisablePodServiceLinks}, nil 32 | }, 33 | }) 34 | } 35 | 36 | type PodServiceLinkMutatorPlugin struct { 37 | disable bool 38 | } 39 | 40 | func (pl *PodServiceLinkMutatorPlugin) Mutator() conversion.PodMutator { 41 | return func(p *conversion.PodMutateCtx) error { 42 | if pl.disable { 43 | p.PPod.Spec.EnableServiceLinks = pointer.BoolPtr(false) 44 | } 45 | return nil 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /virtualcluster/pkg/syncer/resources/pod/validationplugin/interface.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2022 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package validationplugin 18 | 19 | import ( 20 | "sync" 21 | 22 | "sigs.k8s.io/controller-runtime/pkg/client" 23 | 24 | mc "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/util/mccontroller" 25 | uplugin "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/util/plugin" 26 | ) 27 | 28 | type Interface interface { 29 | Validation(client.Object, string) bool 30 | GetTenantLocker(string) *Tenant 31 | Enabled() bool 32 | ContextInit(*mc.MultiClusterController, bool) 33 | } 34 | 35 | type Tenant struct { 36 | ClusterName string 37 | Cond *sync.Mutex 38 | } 39 | 40 | const ( 41 | QuotaValidationPluginName = "quota" 42 | ) 43 | 44 | var ValidationRegister uplugin.ResourceRegister 45 | -------------------------------------------------------------------------------- /virtualcluster/pkg/syncer/util/scheme/scheme.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package scheme 18 | 19 | import clientgoscheme "k8s.io/client-go/kubernetes/scheme" 20 | 21 | var Scheme = clientgoscheme.Scheme 22 | -------------------------------------------------------------------------------- /virtualcluster/pkg/syncer/util/test/featuregate.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package util 18 | 19 | import ( 20 | "testing" 21 | 22 | "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/syncer/util/featuregate" 23 | ) 24 | 25 | // SetFeatureGateDuringTest sets the specified gate to the specified value, and returns a function that restores the original value. 26 | // Failures to set or restore cause the test to fail. 27 | // 28 | // Example use: 29 | // 30 | // defer util.SetFeatureGateDuringTest(t, featuregate.DefaultFeatureGate, featuregate.SuperClusterPooling, true)() 31 | func SetFeatureGateDuringTest(tb testing.TB, gate featuregate.FeatureGate, f featuregate.Feature, value bool) func() { 32 | originalValue := gate.Enabled(f) 33 | 34 | if err := gate.Set(f, value); err != nil { 35 | tb.Errorf("error setting %s=%v: %v", f, value, err) 36 | } 37 | 38 | return func() { 39 | if err := gate.Set(f, originalValue); err != nil { 40 | tb.Errorf("error restoring %s=%v: %v", f, originalValue, err) 41 | } 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /virtualcluster/pkg/util/errors/errors.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package errors 18 | 19 | import ( 20 | "fmt" 21 | 22 | pkgerr "github.com/pkg/errors" 23 | ) 24 | 25 | const ( 26 | codeClusterNotFound = iota 27 | codeUnknown 28 | ) 29 | 30 | // Error is a type of error used for sync request. 31 | type errorType struct { 32 | code int 33 | msg string 34 | } 35 | 36 | func (e errorType) Error() string { 37 | return e.msg 38 | } 39 | 40 | var _ error = errorType{} 41 | 42 | func reasonForError(err error) int { 43 | err = pkgerr.Cause(err) 44 | if t, ok := err.(errorType); ok { 45 | return t.code 46 | } 47 | return codeUnknown 48 | } 49 | 50 | // NewClusterNotFound returns an error indicating that the cluster was not found. 51 | func NewClusterNotFound(clusterName string) error { 52 | return errorType{ 53 | code: codeClusterNotFound, 54 | msg: fmt.Sprintf("cluster %s not found", clusterName), 55 | } 56 | } 57 | 58 | // IsClusterNotFound returns true if the specified error was ClusterNotFound. 59 | func IsClusterNotFound(err error) bool { 60 | return reasonForError(err) == codeClusterNotFound 61 | } 62 | -------------------------------------------------------------------------------- /virtualcluster/pkg/util/errors/errors_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package errors 18 | 19 | import ( 20 | "testing" 21 | 22 | pkgerr "github.com/pkg/errors" 23 | ) 24 | 25 | func TestErrorCheck(t *testing.T) { 26 | if !IsClusterNotFound(NewClusterNotFound("test")) { 27 | t.Error("expected to be ClusterNotFoundError") 28 | } 29 | if !IsClusterNotFound(pkgerr.Wrapf(NewClusterNotFound("test"), "nested error")) { 30 | t.Error("expected to be ClusterNotFoundError") 31 | } 32 | if IsClusterNotFound(errorType{-1, "unknown"}) { 33 | t.Error("expected to not be ClusterNotFoundError") 34 | } 35 | if IsClusterNotFound(nil) { 36 | t.Error("expected to not be ClusterNotFoundError") 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /virtualcluster/pkg/util/fairqueue/balancer/balancer.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package balancer 18 | 19 | // Scheduler performs load balancer algorithm. 20 | type Scheduler interface { 21 | // Next find the next selected item. 22 | Next() string 23 | // Add adds the new item to selection pool. 24 | Add(id string, weight int) 25 | // Remove remove an item from pool. 26 | Remove(id string) 27 | // Clear remove all of the items and reset the scheduler state. 28 | Clear() 29 | } 30 | -------------------------------------------------------------------------------- /virtualcluster/pkg/util/flag/flags.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package flag 18 | 19 | import ( 20 | "github.com/spf13/pflag" 21 | "k8s.io/klog/v2" 22 | ) 23 | 24 | // PrintFlags logs the flags in the flagset 25 | func PrintFlags(flags *pflag.FlagSet) { 26 | flags.VisitAll(func(flag *pflag.Flag) { 27 | klog.V(1).Infof("FLAG: --%s=%q", flag.Name, flag.Value) 28 | }) 29 | } 30 | -------------------------------------------------------------------------------- /virtualcluster/pkg/util/handler/enqueue_object.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package handler 18 | 19 | import ( 20 | "k8s.io/apimachinery/pkg/api/meta" 21 | 22 | "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/util/reconciler" 23 | ) 24 | 25 | type EnqueueRequestForObject struct { 26 | ClusterName string 27 | Queue Queue 28 | AttachUID bool 29 | } 30 | 31 | func (e *EnqueueRequestForObject) enqueue(obj interface{}) { 32 | o, err := meta.Accessor(obj) 33 | if err != nil { 34 | return 35 | } 36 | 37 | r := reconciler.Request{} 38 | r.ClusterName = e.ClusterName 39 | r.Namespace = o.GetNamespace() 40 | r.Name = o.GetName() 41 | if e.AttachUID { 42 | r.UID = string(o.GetUID()) 43 | } 44 | 45 | e.Queue.Add(r) 46 | } 47 | 48 | func (e *EnqueueRequestForObject) OnAdd(obj interface{}) { 49 | e.enqueue(obj) 50 | } 51 | 52 | func (e *EnqueueRequestForObject) OnUpdate(oldObj, newObj interface{}) { 53 | e.enqueue(newObj) 54 | } 55 | 56 | func (e *EnqueueRequestForObject) OnDelete(obj interface{}) { 57 | e.enqueue(obj) 58 | } 59 | -------------------------------------------------------------------------------- /virtualcluster/pkg/util/handler/types.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package handler 18 | 19 | type Queue interface { 20 | Add(item interface{}) 21 | } 22 | -------------------------------------------------------------------------------- /virtualcluster/pkg/util/listener/listener.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package listener 18 | 19 | import ( 20 | mc "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/util/mccontroller" 21 | ) 22 | 23 | var Listeners []ClusterChangeListener 24 | 25 | type ClusterChangeListener interface { 26 | AddCluster(cluster mc.ClusterInterface) 27 | WatchCluster(cluster mc.ClusterInterface) 28 | RemoveCluster(cluster mc.ClusterInterface) 29 | } 30 | 31 | func AddListener(listener ClusterChangeListener) { 32 | Listeners = append(Listeners, listener) 33 | } 34 | -------------------------------------------------------------------------------- /virtualcluster/pkg/util/plugin/context.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package plugin 18 | 19 | import ( 20 | "context" 21 | 22 | "k8s.io/client-go/informers" 23 | clientset "k8s.io/client-go/kubernetes" 24 | 25 | vcclient "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/client/clientset/versioned" 26 | vcinformers "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/client/informers/externalversions/tenancy/v1alpha1" 27 | ) 28 | 29 | // InitContext is used for plugin initialization 30 | type InitContext struct { 31 | Context context.Context 32 | Config interface{} 33 | Client clientset.Interface 34 | Informer informers.SharedInformerFactory 35 | VCClient vcclient.Interface 36 | VCInformer vcinformers.VirtualClusterInformer 37 | } 38 | -------------------------------------------------------------------------------- /virtualcluster/pkg/version/base.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package version 18 | 19 | // Base version information. 20 | // 21 | // This is the fallback data used when version information from git is not 22 | // provided via go ldflags. 23 | var ( 24 | gitVersion = "v0.0.0" 25 | gitCommit = "unknown" // sha1 from git, output of $(git rev-parse HEAD) 26 | buildDate = "1970-01-01T00:00:00Z" // build date in ISO8601 format, output of $(date -u +'%Y-%m-%dT%H:%M:%SZ') 27 | ) 28 | -------------------------------------------------------------------------------- /virtualcluster/pkg/version/version.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package version 18 | 19 | import ( 20 | "fmt" 21 | "runtime" 22 | ) 23 | 24 | // Info contains versioning information. 25 | type Info struct { 26 | GitVersion string `json:"gitVersion"` 27 | GitCommit string `json:"gitCommit"` 28 | BuildDate string `json:"buildDate"` 29 | GoVersion string `json:"goVersion"` 30 | Compiler string `json:"compiler"` 31 | Platform string `json:"platform"` 32 | } 33 | 34 | // Get returns the overall codebase version. It's for detecting 35 | // what code a binary was built from. 36 | func Get() Info { 37 | // These variables typically come from -ldflags settings and in 38 | // their absence fallback to the default settings. 39 | return Info{ 40 | GitVersion: gitVersion, 41 | GitCommit: gitCommit, 42 | BuildDate: buildDate, 43 | GoVersion: runtime.Version(), 44 | Compiler: runtime.Compiler, 45 | Platform: fmt.Sprintf("%s/%s", runtime.GOOS, runtime.GOARCH), 46 | } 47 | } 48 | 49 | // BriefVersion returns short version from commit 50 | func BriefVersion() string { 51 | var commit string 52 | if len(gitCommit) > 7 { 53 | commit = gitCommit[:7] 54 | } 55 | return fmt.Sprintf("%s-%s", gitVersion, commit) 56 | } 57 | -------------------------------------------------------------------------------- /virtualcluster/pkg/vn-agent/config/config.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package config 18 | 19 | import ( 20 | "crypto/tls" 21 | ) 22 | 23 | // TLSOptions holds the TLS options. 24 | type TLSOptions struct { 25 | // CertFile is a cert file for TLS 26 | CertFile string 27 | // KeyFile is a key file for TLS 28 | KeyFile string 29 | } 30 | 31 | // Config holds the config of the server. 32 | type Config struct { 33 | KubeletClientCert *tls.Certificate 34 | KubeletServerHost string 35 | } 36 | -------------------------------------------------------------------------------- /virtualcluster/pkg/webhook/add_virtualcluster.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package webhook 18 | 19 | import ( 20 | "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/webhook/virtualcluster" 21 | ) 22 | 23 | func init() { 24 | // AddToManagerFuncs is a list of functions to create webhook and add them to a manager. 25 | AddToManagerFuncs = append(AddToManagerFuncs, virtualcluster.Add) 26 | } 27 | -------------------------------------------------------------------------------- /virtualcluster/pkg/webhook/webhook.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2019 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package webhook 18 | 19 | import ( 20 | "sigs.k8s.io/controller-runtime/pkg/manager" 21 | ) 22 | 23 | // AddToManagerFuncs is a list of functions to add all Controllers to the Manager 24 | var AddToManagerFuncs []func(manager.Manager, string) error 25 | 26 | // AddToManager adds all Controllers to the Manager 27 | // +kubebuilder:rbac:groups=admissionregistration.k8s.io,resources=mutatingwebhookconfigurations;validatingwebhookconfigurations,verbs=get;list;watch;create;update;patch;delete 28 | // +kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch;create;update;patch;delete 29 | // +kubebuilder:rbac:groups="",resources=services,verbs=get;list;watch;create;update;patch;delete 30 | func AddToManager(m manager.Manager, certDir string) error { 31 | for _, f := range AddToManagerFuncs { 32 | if err := f(m, certDir); err != nil { 33 | return err 34 | } 35 | } 36 | return nil 37 | } 38 | -------------------------------------------------------------------------------- /virtualcluster/test/e2e/e2e_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | https://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package e2e 18 | 19 | import ( 20 | "flag" 21 | "math/rand" 22 | "os" 23 | "testing" 24 | "time" 25 | 26 | "k8s.io/client-go/kubernetes/scheme" 27 | 28 | vcapis "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/apis" 29 | "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/test/e2e/framework" 30 | 31 | // test sources 32 | _ "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/test/e2e/multi-tenancy" 33 | ) 34 | 35 | func TestMain(m *testing.M) { 36 | // Register test flags, then parse flags. 37 | framework.HandleFlags() 38 | 39 | framework.AfterReadingAllFlags(&framework.TestContext) 40 | 41 | rand.Seed(time.Now().UnixNano()) 42 | os.Exit(m.Run()) 43 | } 44 | 45 | func TestE2E(t *testing.T) { 46 | flag.Parse() 47 | err := vcapis.AddToScheme(scheme.Scheme) 48 | if err != nil { 49 | t.Fatal(err) 50 | } 51 | 52 | RunE2ETests(t) 53 | } 54 | -------------------------------------------------------------------------------- /virtualcluster/test/e2e/framework/clusterversion/delete.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package clusterversion 18 | 19 | import ( 20 | "fmt" 21 | 22 | apierrors "k8s.io/apimachinery/pkg/api/errors" 23 | 24 | "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/apis/tenancy/v1alpha1" 25 | vcclient "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/pkg/client/clientset/versioned" 26 | "sigs.k8s.io/cluster-api-provider-nested/virtualcluster/test/e2e/framework" 27 | ) 28 | 29 | func DeleteCV(client vcclient.Interface, cv *v1alpha1.ClusterVersion) error { 30 | if cv == nil { 31 | return nil 32 | } 33 | return DeleteCVByName(client, cv.GetName()) 34 | } 35 | 36 | func DeleteCVByName(client vcclient.Interface, name string) error { 37 | framework.Logf("Deleting cv %q", name) 38 | err := client.TenancyV1alpha1().ClusterVersions().Delete(name, nil) 39 | if err != nil { 40 | if apierrors.IsNotFound(err) { 41 | return nil 42 | } 43 | return fmt.Errorf("clusterVersion delete API error: %v", err) 44 | } 45 | return nil 46 | } 47 | -------------------------------------------------------------------------------- /virtualcluster/test/e2e/multi-tenancy/framework.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2020 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package multitenancy 18 | 19 | import "github.com/onsi/ginkgo" 20 | 21 | // SIGDescribe describes SIG information 22 | func SIGDescribe(text string, body func()) bool { 23 | return ginkgo.Describe("[sig-multi-tenancy] "+text, body) 24 | } 25 | --------------------------------------------------------------------------------