├── .dockerignore
├── .github
├── CODEOWNERS
├── PULL_REQUEST_TEMPLATE.md
├── dependabot.yml
└── workflows
│ ├── adm-component-test.yml
│ ├── arm-component-test.yml
│ ├── auto-close.yml
│ ├── auto-update.yml
│ ├── common-comp-tests.yml
│ ├── go-fuzz.yml
│ ├── post-merge-adm-nbi.yaml
│ ├── post-merge-adm.yaml
│ ├── post-merge-arm.yaml
│ ├── post-merge-asp.yaml
│ ├── post-merge-interconnect.yaml
│ └── pre-merge.yml
├── .gitignore
├── .markdownlint.yml
├── .markdownlintignore
├── CODE_OF_CONDUCT.md
├── LICENSES
└── Apache-2.0.txt
├── Makefile
├── PULL_REQUEST_TEMPLATE.md
├── README.md
├── REUSE.toml
├── SECURITY.md
├── VERSION
├── app-deployment-manager
├── .golangci.yml
├── Dockerfile
├── LICENSES
│ └── Apache-2.0.txt
├── Makefile
├── PROJECT
├── README.md
├── REUSE.toml
├── VERSION
├── api
│ ├── nbi
│ │ ├── VERSION
│ │ └── v2
│ │ │ ├── deployment
│ │ │ └── v1
│ │ │ │ ├── cluster_service.pb.go
│ │ │ │ ├── cluster_service.pb.gw.go
│ │ │ │ ├── cluster_service.proto
│ │ │ │ ├── cluster_service_grpc.pb.go
│ │ │ │ ├── resources.pb.go
│ │ │ │ ├── resources.proto
│ │ │ │ ├── service.pb.go
│ │ │ │ ├── service.pb.gw.go
│ │ │ │ ├── service.proto
│ │ │ │ └── service_grpc.pb.go
│ │ │ ├── go.mod
│ │ │ ├── go.sum
│ │ │ ├── pkg
│ │ │ └── restClient
│ │ │ │ ├── client.go
│ │ │ │ └── types.go
│ │ │ └── spec
│ │ │ └── openapi.yaml
│ ├── spec
│ │ └── openapi.yaml
│ └── v1beta1
│ │ ├── cluster_types.go
│ │ ├── deployment_types.go
│ │ ├── deploymentcluster_types.go
│ │ ├── groupversion_info.go
│ │ └── zz_generated.deepcopy.go
├── buf.gen.yaml
├── buf.yaml
├── build
│ └── Dockerfile.gateway
├── cmd
│ ├── app-deployment-manager
│ │ └── main.go
│ └── rest-proxy
│ │ └── rest-proxy.go
├── controllers
│ ├── capi
│ │ └── capi_controller.go
│ ├── cluster
│ │ ├── cluster_controller.go
│ │ ├── cluster_controller_test.go
│ │ └── suite_test.go
│ ├── controller.go
│ ├── deployment
│ │ ├── deployment_controller.go
│ │ ├── deployment_controller_test.go
│ │ └── suite_test.go
│ ├── deploymentcluster
│ │ ├── deploymentcluster_controller.go
│ │ ├── deploymentcluster_controller_test.go
│ │ └── suite_test.go
│ └── license.go.txt
├── deployment
│ └── charts
│ │ ├── app-deployment-crd
│ │ ├── .helmignore
│ │ ├── Chart.yaml
│ │ ├── templates
│ │ │ ├── app.edge-orchestrator.intel.com_clusters.yaml
│ │ │ ├── app.edge-orchestrator.intel.com_deploymentclusters.yaml
│ │ │ └── app.edge-orchestrator.intel.com_deployments.yaml
│ │ └── values.yaml
│ │ └── app-deployment-manager
│ │ ├── .helmignore
│ │ ├── Chart.yaml
│ │ ├── files
│ │ ├── grafana
│ │ │ ├── admin
│ │ │ │ ├── app-orch-scale.json
│ │ │ │ ├── controller-resources-metrics.json
│ │ │ │ └── controller-runtime-metrics.json
│ │ │ └── customer
│ │ │ │ └── adm-status.json
│ │ └── openpolicyagent
│ │ │ ├── common.rego
│ │ │ ├── common_test.rego
│ │ │ ├── create.rego
│ │ │ ├── create_test.rego
│ │ │ ├── delete.rego
│ │ │ ├── delete_test.rego
│ │ │ ├── get.rego
│ │ │ ├── get_app_namespace.rego
│ │ │ ├── get_app_namespace_test.rego
│ │ │ ├── get_kubeconfig.rego
│ │ │ ├── get_kubeconfig_test.rego
│ │ │ ├── get_test.rego
│ │ │ ├── list.rego
│ │ │ ├── list_cluster.rego
│ │ │ ├── list_cluster_test.rego
│ │ │ ├── list_deployment_clusters.rego
│ │ │ ├── list_deployment_clusters_test.rego
│ │ │ ├── list_test.rego
│ │ │ ├── update.rego
│ │ │ └── update_test.rego
│ │ ├── templates
│ │ ├── NOTES.txt
│ │ ├── _helpers.tpl
│ │ ├── cert-webhook.yaml
│ │ ├── configmap.yaml
│ │ ├── deployment-adm.yaml
│ │ ├── deployment-gateway.yaml
│ │ ├── rbac.yaml
│ │ ├── service-gateway.yaml
│ │ ├── service-metrics.yaml
│ │ ├── service-webhook.yaml
│ │ ├── serviceaccount.yaml
│ │ └── webhook-configs.yaml
│ │ └── values.yaml
├── go.mod
├── go.sum
├── grafana
│ ├── Time_measurement_dashboard.json
│ ├── controller-resources-metrics.json
│ ├── controller-runtime-metrics.json
│ └── custom-metrics
│ │ └── config.yaml
├── hadolint.yml
├── internal
│ ├── catalogclient
│ │ ├── catalogclient.go
│ │ ├── catalogclient_suite_test.go
│ │ ├── catalogclient_test.go
│ │ ├── export_test.go
│ │ ├── mockery
│ │ │ └── mockery_catalogclient.go
│ │ └── mocks
│ │ │ └── mock_catalogclient.go
│ ├── grafana
│ │ ├── mockery
│ │ │ ├── mockery_corev1interface.go
│ │ │ └── mockery_secretinterface.go
│ │ └── status.go
│ ├── istio
│ │ └── config.go
│ ├── manager
│ │ ├── manager.go
│ │ ├── manager_suite_test.go
│ │ ├── migration.go
│ │ └── migration_test.go
│ ├── metrics
│ │ └── metrics.go
│ ├── northbound
│ │ ├── app_dependency.go
│ │ ├── app_dependency_test.go
│ │ ├── authorization.go
│ │ ├── authorization_test.go
│ │ ├── cluster.go
│ │ ├── cluster_test.go
│ │ ├── datadelection_test.go
│ │ ├── dataselection.go
│ │ ├── fuzztests
│ │ │ ├── northbound_fuzz_test.go
│ │ │ └── rest_gateway_fuzz_test.go
│ │ ├── mocks
│ │ │ ├── m2m_mocks.go
│ │ │ ├── mock_deployment_service.go
│ │ │ └── mocks.go
│ │ ├── northbound.go
│ │ ├── northbound_test.go
│ │ ├── register.go
│ │ ├── utils.go
│ │ └── utils_test.go
│ ├── patch
│ │ ├── options.go
│ │ ├── patch.go
│ │ └── suit_test.go
│ ├── randomtoken
│ │ ├── token.go
│ │ └── token_test.go
│ ├── restproxy
│ │ └── rest-proxy.go
│ └── tenant
│ │ └── nexus-hook.go
├── main.go
├── pkg
│ ├── appdeploymentclient
│ │ └── v1beta1
│ │ │ ├── appdeployment_client.go
│ │ │ ├── appdeployment_client_test.go
│ │ │ ├── cluster_client.go
│ │ │ ├── cluster_client_test.go
│ │ │ ├── deployment_client.go
│ │ │ ├── deployment_client_test.go
│ │ │ ├── deploymentclusters_client.go
│ │ │ ├── deploymentclusters_client_test.go
│ │ │ └── v1alpha3_suite_test.go
│ ├── fleet
│ │ ├── bundle_client.go
│ │ ├── bundle_client_test.go
│ │ ├── cluster_client.go
│ │ ├── cluster_client_test.go
│ │ ├── configgen.go
│ │ ├── configgen_suite_test.go
│ │ ├── configgen_test.go
│ │ ├── mocks
│ │ │ └── mocks.go
│ │ └── test
│ │ │ └── crd
│ │ │ └── fleet-crd-v0.5.yaml
│ ├── gitclient
│ │ ├── gitclient.go
│ │ ├── gitclient_suite_test.go
│ │ ├── gitclient_test.go
│ │ └── mocks_test.go
│ ├── k8sclient
│ │ ├── client.go
│ │ └── client_test.go
│ ├── logchecker
│ │ ├── logchecker.go
│ │ └── logchecker_test.go
│ ├── utils
│ │ ├── dataselector
│ │ │ ├── dataselector.go
│ │ │ ├── dataselector_test.go
│ │ │ ├── datatypes
│ │ │ │ ├── clusterinfo.go
│ │ │ │ ├── clusterinfo_test.go
│ │ │ │ ├── deployment.go
│ │ │ │ ├── deployment_cluster.go
│ │ │ │ ├── deployment_cluster_test.go
│ │ │ │ └── deployment_test.go
│ │ │ ├── pagination.go
│ │ │ ├── pagination_test.go
│ │ │ ├── query.go
│ │ │ └── std_comparable_types.go
│ │ ├── env_vars.go
│ │ ├── env_vars_test.go
│ │ ├── k8serrors
│ │ │ ├── k8serrors.go
│ │ │ └── k8serrors_test.go
│ │ ├── parser
│ │ │ ├── query_param_parser.go
│ │ │ └── query_param_parser_test.go
│ │ ├── ratelimiter
│ │ │ └── utils.go
│ │ ├── utils.go
│ │ └── utils_test.go
│ └── vault
│ │ ├── manager.go
│ │ └── manager_test.go
├── requirements.txt
├── test
│ ├── auth
│ │ ├── auth_test.go
│ │ └── suite_test.go
│ ├── deployment_create
│ │ ├── create_deployment_test.go
│ │ └── suite_test.go
│ ├── deployment_delete
│ │ ├── deployment_delete_test.go
│ │ └── suite_test.go
│ ├── deployment_status
│ │ ├── deployment_status_test.go
│ │ └── suite_test.go
│ ├── methods
│ │ ├── methods_test.go
│ │ └── suite_test.go
│ ├── negative
│ │ ├── negative_test.go
│ │ └── suite_test.go
│ └── template.html
└── webhooks
│ └── deployment
│ ├── deployment_webhook.go
│ ├── deployment_webhook_test.go
│ └── suite_test.go
├── app-interconnect
├── .golangci.yml
├── LICENSES
│ └── Apache-2.0.txt
├── Makefile
├── README.md
├── REUSE.toml
├── VERSION
├── build
│ └── Dockerfile
├── cmd
│ └── interconnect-manager
│ │ └── interconnect-manager.go
├── config
│ └── crds
│ │ ├── interconnect.app.edge-orchestrator.intel.com_clusters.yaml
│ │ ├── interconnect.app.edge-orchestrator.intel.com_links.yaml
│ │ ├── interconnect.app.edge-orchestrator.intel.com_services.yaml
│ │ ├── network.app.edge-orchestrator.intel.com_networkclusters.yaml
│ │ ├── network.app.edge-orchestrator.intel.com_networklinks.yaml
│ │ ├── network.app.edge-orchestrator.intel.com_networks.yaml
│ │ └── network.app.edge-orchestrator.intel.com_networkservices.yaml
├── deploy
│ └── charts
│ │ └── app-interconnect-manager
│ │ ├── .helmignore
│ │ ├── Chart.yaml
│ │ ├── crds
│ │ ├── interconnect.app.edge-orchestrator.intel.com_clusters.yaml
│ │ ├── interconnect.app.edge-orchestrator.intel.com_links.yaml
│ │ ├── interconnect.app.edge-orchestrator.intel.com_services.yaml
│ │ ├── network.app.edge-orchestrator.intel.com_networkclusters.yaml
│ │ ├── network.app.edge-orchestrator.intel.com_networklinks.yaml
│ │ ├── network.app.edge-orchestrator.intel.com_networks.yaml
│ │ └── network.app.edge-orchestrator.intel.com_networkservices.yaml
│ │ ├── templates
│ │ ├── _helpers.tpl
│ │ ├── clusterrole.yaml
│ │ ├── clusterrolebinding.yaml
│ │ ├── configmap.yaml
│ │ ├── deployment.yaml
│ │ └── serviceaccount.yaml
│ │ └── values.yaml
├── go.mod
├── go.sum
├── hack
│ ├── boilerplate.go.txt
│ └── update-codegen.sh
├── internal
│ ├── cluster
│ │ ├── interface.go
│ │ ├── local.go
│ │ └── orch.go
│ ├── controller
│ │ ├── controller.go
│ │ ├── interconnect
│ │ │ ├── cluster_controller.go
│ │ │ ├── clusterstatus_controller.go
│ │ │ ├── controllers.go
│ │ │ ├── link_controller.go
│ │ │ └── service_controller.go
│ │ ├── network
│ │ │ ├── controllers.go
│ │ │ ├── deployment_controller.go
│ │ │ ├── deploymentcluster_controller.go
│ │ │ ├── deploymentservice_controller.go
│ │ │ ├── deploymentservice_source.go
│ │ │ ├── meta.go
│ │ │ ├── networkcluster_controller.go
│ │ │ ├── networkclusterlink_controller.go
│ │ │ ├── networkclusterstatus_controller.go
│ │ │ ├── networklink_controller.go
│ │ │ └── networkservice_controller.go
│ │ └── utils
│ │ │ └── project_types.go
│ ├── skupper
│ │ ├── NOTE.md
│ │ ├── api
│ │ │ └── types
│ │ │ │ ├── client.go
│ │ │ │ ├── crds
│ │ │ │ ├── skupper_cluster_policy_cr_sample_01.yaml
│ │ │ │ ├── skupper_cluster_policy_cr_sample_02.yaml
│ │ │ │ ├── skupper_cluster_policy_cr_sample_03.yaml
│ │ │ │ └── skupper_cluster_policy_crd.yaml
│ │ │ │ ├── types.go
│ │ │ │ └── types_test.go
│ │ ├── client
│ │ │ ├── client.go
│ │ │ ├── client_debug.go
│ │ │ ├── client_mock_test.go
│ │ │ ├── client_test.go
│ │ │ ├── connector_create.go
│ │ │ ├── connector_create_test.go
│ │ │ ├── connector_inspect.go
│ │ │ ├── connector_inspect_test.go
│ │ │ ├── connector_list.go
│ │ │ ├── connector_remove.go
│ │ │ ├── connector_remove_test.go
│ │ │ ├── connector_token_create.go
│ │ │ ├── connector_token_create_test.go
│ │ │ ├── container
│ │ │ │ ├── client.go
│ │ │ │ └── informer.go
│ │ │ ├── gateway.go
│ │ │ ├── gateway_test.go
│ │ │ ├── generated
│ │ │ │ └── libpod
│ │ │ │ │ ├── client
│ │ │ │ │ ├── containers
│ │ │ │ │ │ ├── container_attach_libpod_parameters.go
│ │ │ │ │ │ ├── container_attach_libpod_responses.go
│ │ │ │ │ │ ├── container_changes_libpod_parameters.go
│ │ │ │ │ │ ├── container_changes_libpod_responses.go
│ │ │ │ │ │ ├── container_checkpoint_libpod_parameters.go
│ │ │ │ │ │ ├── container_checkpoint_libpod_responses.go
│ │ │ │ │ │ ├── container_create_libpod_parameters.go
│ │ │ │ │ │ ├── container_create_libpod_responses.go
│ │ │ │ │ │ ├── container_delete_libpod_parameters.go
│ │ │ │ │ │ ├── container_delete_libpod_responses.go
│ │ │ │ │ │ ├── container_exists_libpod_parameters.go
│ │ │ │ │ │ ├── container_exists_libpod_responses.go
│ │ │ │ │ │ ├── container_export_libpod_parameters.go
│ │ │ │ │ │ ├── container_export_libpod_responses.go
│ │ │ │ │ │ ├── container_healthcheck_libpod_parameters.go
│ │ │ │ │ │ ├── container_healthcheck_libpod_responses.go
│ │ │ │ │ │ ├── container_init_libpod_parameters.go
│ │ │ │ │ │ ├── container_init_libpod_responses.go
│ │ │ │ │ │ ├── container_inspect_libpod_parameters.go
│ │ │ │ │ │ ├── container_inspect_libpod_responses.go
│ │ │ │ │ │ ├── container_kill_libpod_parameters.go
│ │ │ │ │ │ ├── container_kill_libpod_responses.go
│ │ │ │ │ │ ├── container_list_libpod_parameters.go
│ │ │ │ │ │ ├── container_list_libpod_responses.go
│ │ │ │ │ │ ├── container_logs_libpod_parameters.go
│ │ │ │ │ │ ├── container_logs_libpod_responses.go
│ │ │ │ │ │ ├── container_mount_libpod_parameters.go
│ │ │ │ │ │ ├── container_mount_libpod_responses.go
│ │ │ │ │ │ ├── container_pause_libpod_parameters.go
│ │ │ │ │ │ ├── container_pause_libpod_responses.go
│ │ │ │ │ │ ├── container_prune_libpod_parameters.go
│ │ │ │ │ │ ├── container_prune_libpod_responses.go
│ │ │ │ │ │ ├── container_rename_libpod_parameters.go
│ │ │ │ │ │ ├── container_rename_libpod_responses.go
│ │ │ │ │ │ ├── container_resize_libpod_parameters.go
│ │ │ │ │ │ ├── container_resize_libpod_responses.go
│ │ │ │ │ │ ├── container_restart_libpod_parameters.go
│ │ │ │ │ │ ├── container_restart_libpod_responses.go
│ │ │ │ │ │ ├── container_restore_libpod_parameters.go
│ │ │ │ │ │ ├── container_restore_libpod_responses.go
│ │ │ │ │ │ ├── container_show_mounted_libpod_parameters.go
│ │ │ │ │ │ ├── container_show_mounted_libpod_responses.go
│ │ │ │ │ │ ├── container_start_libpod_parameters.go
│ │ │ │ │ │ ├── container_start_libpod_responses.go
│ │ │ │ │ │ ├── container_stats_libpod_parameters.go
│ │ │ │ │ │ ├── container_stats_libpod_responses.go
│ │ │ │ │ │ ├── container_stop_libpod_parameters.go
│ │ │ │ │ │ ├── container_stop_libpod_responses.go
│ │ │ │ │ │ ├── container_top_libpod_parameters.go
│ │ │ │ │ │ ├── container_top_libpod_responses.go
│ │ │ │ │ │ ├── container_unmount_libpod_parameters.go
│ │ │ │ │ │ ├── container_unmount_libpod_responses.go
│ │ │ │ │ │ ├── container_unpause_libpod_parameters.go
│ │ │ │ │ │ ├── container_unpause_libpod_responses.go
│ │ │ │ │ │ ├── container_wait_libpod_parameters.go
│ │ │ │ │ │ ├── container_wait_libpod_responses.go
│ │ │ │ │ │ ├── containers_client.go
│ │ │ │ │ │ ├── containers_stats_all_libpod_parameters.go
│ │ │ │ │ │ ├── containers_stats_all_libpod_responses.go
│ │ │ │ │ │ ├── generate_kube_libpod_parameters.go
│ │ │ │ │ │ ├── generate_kube_libpod_responses.go
│ │ │ │ │ │ ├── generate_systemd_libpod_parameters.go
│ │ │ │ │ │ ├── generate_systemd_libpod_responses.go
│ │ │ │ │ │ ├── image_commit_libpod_parameters.go
│ │ │ │ │ │ ├── image_commit_libpod_responses.go
│ │ │ │ │ │ ├── play_kube_down_libpod_parameters.go
│ │ │ │ │ │ ├── play_kube_down_libpod_responses.go
│ │ │ │ │ │ ├── play_kube_libpod_parameters.go
│ │ │ │ │ │ ├── play_kube_libpod_responses.go
│ │ │ │ │ │ ├── put_container_archive_libpod_parameters.go
│ │ │ │ │ │ └── put_container_archive_libpod_responses.go
│ │ │ │ │ ├── containers_compat
│ │ │ │ │ │ ├── container_archive_libpod_parameters.go
│ │ │ │ │ │ ├── container_archive_libpod_responses.go
│ │ │ │ │ │ ├── container_archive_parameters.go
│ │ │ │ │ │ ├── container_archive_responses.go
│ │ │ │ │ │ ├── container_attach_parameters.go
│ │ │ │ │ │ ├── container_attach_responses.go
│ │ │ │ │ │ ├── container_create_parameters.go
│ │ │ │ │ │ ├── container_create_responses.go
│ │ │ │ │ │ ├── container_delete_parameters.go
│ │ │ │ │ │ ├── container_delete_responses.go
│ │ │ │ │ │ ├── container_export_parameters.go
│ │ │ │ │ │ ├── container_export_responses.go
│ │ │ │ │ │ ├── container_inspect_parameters.go
│ │ │ │ │ │ ├── container_inspect_responses.go
│ │ │ │ │ │ ├── container_kill_parameters.go
│ │ │ │ │ │ ├── container_kill_responses.go
│ │ │ │ │ │ ├── container_list_parameters.go
│ │ │ │ │ │ ├── container_list_responses.go
│ │ │ │ │ │ ├── container_logs_parameters.go
│ │ │ │ │ │ ├── container_logs_responses.go
│ │ │ │ │ │ ├── container_pause_parameters.go
│ │ │ │ │ │ ├── container_pause_responses.go
│ │ │ │ │ │ ├── container_prune_parameters.go
│ │ │ │ │ │ ├── container_prune_responses.go
│ │ │ │ │ │ ├── container_rename_parameters.go
│ │ │ │ │ │ ├── container_rename_responses.go
│ │ │ │ │ │ ├── container_resize_parameters.go
│ │ │ │ │ │ ├── container_resize_responses.go
│ │ │ │ │ │ ├── container_restart_parameters.go
│ │ │ │ │ │ ├── container_restart_responses.go
│ │ │ │ │ │ ├── container_start_parameters.go
│ │ │ │ │ │ ├── container_start_responses.go
│ │ │ │ │ │ ├── container_stats_parameters.go
│ │ │ │ │ │ ├── container_stats_responses.go
│ │ │ │ │ │ ├── container_stop_parameters.go
│ │ │ │ │ │ ├── container_stop_responses.go
│ │ │ │ │ │ ├── container_top_parameters.go
│ │ │ │ │ │ ├── container_top_responses.go
│ │ │ │ │ │ ├── container_unpause_parameters.go
│ │ │ │ │ │ ├── container_unpause_responses.go
│ │ │ │ │ │ ├── container_wait_parameters.go
│ │ │ │ │ │ ├── container_wait_responses.go
│ │ │ │ │ │ ├── containers_compat_client.go
│ │ │ │ │ │ ├── image_commit_parameters.go
│ │ │ │ │ │ ├── image_commit_responses.go
│ │ │ │ │ │ ├── put_container_archive_parameters.go
│ │ │ │ │ │ └── put_container_archive_responses.go
│ │ │ │ │ ├── exec
│ │ │ │ │ │ ├── container_exec_libpod_parameters.go
│ │ │ │ │ │ ├── container_exec_libpod_responses.go
│ │ │ │ │ │ ├── exec_client.go
│ │ │ │ │ │ ├── exec_inspect_libpod_parameters.go
│ │ │ │ │ │ ├── exec_inspect_libpod_responses.go
│ │ │ │ │ │ ├── exec_resize_libpod_parameters.go
│ │ │ │ │ │ ├── exec_resize_libpod_responses.go
│ │ │ │ │ │ ├── exec_start_libpod_parameters.go
│ │ │ │ │ │ └── exec_start_libpod_responses.go
│ │ │ │ │ ├── exec_compat
│ │ │ │ │ │ ├── container_exec_parameters.go
│ │ │ │ │ │ ├── container_exec_responses.go
│ │ │ │ │ │ ├── exec_compat_client.go
│ │ │ │ │ │ ├── exec_inspect_parameters.go
│ │ │ │ │ │ ├── exec_inspect_responses.go
│ │ │ │ │ │ ├── exec_resize_parameters.go
│ │ │ │ │ │ ├── exec_resize_responses.go
│ │ │ │ │ │ ├── exec_start_parameters.go
│ │ │ │ │ │ └── exec_start_responses.go
│ │ │ │ │ ├── images
│ │ │ │ │ │ ├── image_build_libpod_parameters.go
│ │ │ │ │ │ ├── image_build_libpod_responses.go
│ │ │ │ │ │ ├── image_changes_libpod_parameters.go
│ │ │ │ │ │ ├── image_changes_libpod_responses.go
│ │ │ │ │ │ ├── image_delete_all_libpod_parameters.go
│ │ │ │ │ │ ├── image_delete_all_libpod_responses.go
│ │ │ │ │ │ ├── image_delete_libpod_parameters.go
│ │ │ │ │ │ ├── image_delete_libpod_responses.go
│ │ │ │ │ │ ├── image_exists_libpod_parameters.go
│ │ │ │ │ │ ├── image_exists_libpod_responses.go
│ │ │ │ │ │ ├── image_export_libpod_parameters.go
│ │ │ │ │ │ ├── image_export_libpod_responses.go
│ │ │ │ │ │ ├── image_get_libpod_parameters.go
│ │ │ │ │ │ ├── image_get_libpod_responses.go
│ │ │ │ │ │ ├── image_history_libpod_parameters.go
│ │ │ │ │ │ ├── image_history_libpod_responses.go
│ │ │ │ │ │ ├── image_import_libpod_parameters.go
│ │ │ │ │ │ ├── image_import_libpod_responses.go
│ │ │ │ │ │ ├── image_inspect_libpod_parameters.go
│ │ │ │ │ │ ├── image_inspect_libpod_responses.go
│ │ │ │ │ │ ├── image_list_libpod_parameters.go
│ │ │ │ │ │ ├── image_list_libpod_responses.go
│ │ │ │ │ │ ├── image_load_libpod_parameters.go
│ │ │ │ │ │ ├── image_load_libpod_responses.go
│ │ │ │ │ │ ├── image_prune_libpod_parameters.go
│ │ │ │ │ │ ├── image_prune_libpod_responses.go
│ │ │ │ │ │ ├── image_pull_libpod_parameters.go
│ │ │ │ │ │ ├── image_pull_libpod_responses.go
│ │ │ │ │ │ ├── image_push_libpod_parameters.go
│ │ │ │ │ │ ├── image_push_libpod_responses.go
│ │ │ │ │ │ ├── image_search_libpod_parameters.go
│ │ │ │ │ │ ├── image_search_libpod_responses.go
│ │ │ │ │ │ ├── image_tag_libpod_parameters.go
│ │ │ │ │ │ ├── image_tag_libpod_responses.go
│ │ │ │ │ │ ├── image_tree_libpod_parameters.go
│ │ │ │ │ │ ├── image_tree_libpod_responses.go
│ │ │ │ │ │ ├── image_untag_libpod_parameters.go
│ │ │ │ │ │ ├── image_untag_libpod_responses.go
│ │ │ │ │ │ └── images_client.go
│ │ │ │ │ ├── images_compat
│ │ │ │ │ │ ├── image_build_parameters.go
│ │ │ │ │ │ ├── image_build_responses.go
│ │ │ │ │ │ ├── image_create_parameters.go
│ │ │ │ │ │ ├── image_create_responses.go
│ │ │ │ │ │ ├── image_delete_parameters.go
│ │ │ │ │ │ ├── image_delete_responses.go
│ │ │ │ │ │ ├── image_get_all_parameters.go
│ │ │ │ │ │ ├── image_get_all_responses.go
│ │ │ │ │ │ ├── image_get_parameters.go
│ │ │ │ │ │ ├── image_get_responses.go
│ │ │ │ │ │ ├── image_history_parameters.go
│ │ │ │ │ │ ├── image_history_responses.go
│ │ │ │ │ │ ├── image_inspect_parameters.go
│ │ │ │ │ │ ├── image_inspect_responses.go
│ │ │ │ │ │ ├── image_list_parameters.go
│ │ │ │ │ │ ├── image_list_responses.go
│ │ │ │ │ │ ├── image_load_parameters.go
│ │ │ │ │ │ ├── image_load_responses.go
│ │ │ │ │ │ ├── image_prune_parameters.go
│ │ │ │ │ │ ├── image_prune_responses.go
│ │ │ │ │ │ ├── image_push_parameters.go
│ │ │ │ │ │ ├── image_push_responses.go
│ │ │ │ │ │ ├── image_search_parameters.go
│ │ │ │ │ │ ├── image_search_responses.go
│ │ │ │ │ │ ├── image_tag_parameters.go
│ │ │ │ │ │ ├── image_tag_responses.go
│ │ │ │ │ │ └── images_compat_client.go
│ │ │ │ │ ├── manifests
│ │ │ │ │ │ ├── manifest_add_libpod_parameters.go
│ │ │ │ │ │ ├── manifest_add_libpod_responses.go
│ │ │ │ │ │ ├── manifest_create_libpod_parameters.go
│ │ │ │ │ │ ├── manifest_create_libpod_responses.go
│ │ │ │ │ │ ├── manifest_delete_libpod_parameters.go
│ │ │ │ │ │ ├── manifest_delete_libpod_responses.go
│ │ │ │ │ │ ├── manifest_exists_libpod_parameters.go
│ │ │ │ │ │ ├── manifest_exists_libpod_responses.go
│ │ │ │ │ │ ├── manifest_inspect_libpod_parameters.go
│ │ │ │ │ │ ├── manifest_inspect_libpod_responses.go
│ │ │ │ │ │ ├── manifest_modify_libpod_parameters.go
│ │ │ │ │ │ ├── manifest_modify_libpod_responses.go
│ │ │ │ │ │ ├── manifest_push_libpod_parameters.go
│ │ │ │ │ │ ├── manifest_push_libpod_responses.go
│ │ │ │ │ │ ├── manifest_push_v3_libpod_parameters.go
│ │ │ │ │ │ ├── manifest_push_v3_libpod_responses.go
│ │ │ │ │ │ └── manifests_client.go
│ │ │ │ │ ├── networks
│ │ │ │ │ │ ├── network_connect_libpod_parameters.go
│ │ │ │ │ │ ├── network_connect_libpod_responses.go
│ │ │ │ │ │ ├── network_create_libpod_parameters.go
│ │ │ │ │ │ ├── network_create_libpod_responses.go
│ │ │ │ │ │ ├── network_delete_libpod_parameters.go
│ │ │ │ │ │ ├── network_delete_libpod_responses.go
│ │ │ │ │ │ ├── network_disconnect_libpod_parameters.go
│ │ │ │ │ │ ├── network_disconnect_libpod_responses.go
│ │ │ │ │ │ ├── network_exists_libpod_parameters.go
│ │ │ │ │ │ ├── network_exists_libpod_responses.go
│ │ │ │ │ │ ├── network_inspect_libpod_parameters.go
│ │ │ │ │ │ ├── network_inspect_libpod_responses.go
│ │ │ │ │ │ ├── network_list_libpod_parameters.go
│ │ │ │ │ │ ├── network_list_libpod_responses.go
│ │ │ │ │ │ ├── network_prune_libpod_parameters.go
│ │ │ │ │ │ ├── network_prune_libpod_responses.go
│ │ │ │ │ │ └── networks_client.go
│ │ │ │ │ ├── networks_compat
│ │ │ │ │ │ ├── network_connect_parameters.go
│ │ │ │ │ │ ├── network_connect_responses.go
│ │ │ │ │ │ ├── network_create_parameters.go
│ │ │ │ │ │ ├── network_create_responses.go
│ │ │ │ │ │ ├── network_delete_parameters.go
│ │ │ │ │ │ ├── network_delete_responses.go
│ │ │ │ │ │ ├── network_disconnect_parameters.go
│ │ │ │ │ │ ├── network_disconnect_responses.go
│ │ │ │ │ │ ├── network_inspect_parameters.go
│ │ │ │ │ │ ├── network_inspect_responses.go
│ │ │ │ │ │ ├── network_list_parameters.go
│ │ │ │ │ │ ├── network_list_responses.go
│ │ │ │ │ │ ├── network_prune_parameters.go
│ │ │ │ │ │ ├── network_prune_responses.go
│ │ │ │ │ │ └── networks_compat_client.go
│ │ │ │ │ ├── pods
│ │ │ │ │ │ ├── pod_create_libpod_parameters.go
│ │ │ │ │ │ ├── pod_create_libpod_responses.go
│ │ │ │ │ │ ├── pod_delete_libpod_parameters.go
│ │ │ │ │ │ ├── pod_delete_libpod_responses.go
│ │ │ │ │ │ ├── pod_exists_libpod_parameters.go
│ │ │ │ │ │ ├── pod_exists_libpod_responses.go
│ │ │ │ │ │ ├── pod_inspect_libpod_parameters.go
│ │ │ │ │ │ ├── pod_inspect_libpod_responses.go
│ │ │ │ │ │ ├── pod_kill_libpod_parameters.go
│ │ │ │ │ │ ├── pod_kill_libpod_responses.go
│ │ │ │ │ │ ├── pod_list_libpod_parameters.go
│ │ │ │ │ │ ├── pod_list_libpod_responses.go
│ │ │ │ │ │ ├── pod_pause_libpod_parameters.go
│ │ │ │ │ │ ├── pod_pause_libpod_responses.go
│ │ │ │ │ │ ├── pod_prune_libpod_parameters.go
│ │ │ │ │ │ ├── pod_prune_libpod_responses.go
│ │ │ │ │ │ ├── pod_restart_libpod_parameters.go
│ │ │ │ │ │ ├── pod_restart_libpod_responses.go
│ │ │ │ │ │ ├── pod_start_libpod_parameters.go
│ │ │ │ │ │ ├── pod_start_libpod_responses.go
│ │ │ │ │ │ ├── pod_stats_all_libpod_parameters.go
│ │ │ │ │ │ ├── pod_stats_all_libpod_responses.go
│ │ │ │ │ │ ├── pod_stop_libpod_parameters.go
│ │ │ │ │ │ ├── pod_stop_libpod_responses.go
│ │ │ │ │ │ ├── pod_top_libpod_parameters.go
│ │ │ │ │ │ ├── pod_top_libpod_responses.go
│ │ │ │ │ │ ├── pod_unpause_libpod_parameters.go
│ │ │ │ │ │ ├── pod_unpause_libpod_responses.go
│ │ │ │ │ │ └── pods_client.go
│ │ │ │ │ ├── provides_an_api_for_the_libpod_library_client.go
│ │ │ │ │ ├── secrets
│ │ │ │ │ │ ├── secret_create_libpod_parameters.go
│ │ │ │ │ │ ├── secret_create_libpod_responses.go
│ │ │ │ │ │ ├── secret_delete_libpod_parameters.go
│ │ │ │ │ │ ├── secret_delete_libpod_responses.go
│ │ │ │ │ │ ├── secret_inspect_libpod_parameters.go
│ │ │ │ │ │ ├── secret_inspect_libpod_responses.go
│ │ │ │ │ │ ├── secret_list_libpod_parameters.go
│ │ │ │ │ │ ├── secret_list_libpod_responses.go
│ │ │ │ │ │ └── secrets_client.go
│ │ │ │ │ ├── secrets_compat
│ │ │ │ │ │ ├── secret_create_parameters.go
│ │ │ │ │ │ ├── secret_create_responses.go
│ │ │ │ │ │ ├── secret_delete_parameters.go
│ │ │ │ │ │ ├── secret_delete_responses.go
│ │ │ │ │ │ ├── secret_inspect_parameters.go
│ │ │ │ │ │ ├── secret_inspect_responses.go
│ │ │ │ │ │ ├── secret_list_parameters.go
│ │ │ │ │ │ ├── secret_list_responses.go
│ │ │ │ │ │ └── secrets_compat_client.go
│ │ │ │ │ ├── system
│ │ │ │ │ │ ├── system_client.go
│ │ │ │ │ │ ├── system_data_usage_libpod_parameters.go
│ │ │ │ │ │ ├── system_data_usage_libpod_responses.go
│ │ │ │ │ │ ├── system_events_libpod_parameters.go
│ │ │ │ │ │ ├── system_events_libpod_responses.go
│ │ │ │ │ │ ├── system_info_libpod_parameters.go
│ │ │ │ │ │ ├── system_info_libpod_responses.go
│ │ │ │ │ │ ├── system_prune_libpod_parameters.go
│ │ │ │ │ │ ├── system_prune_libpod_responses.go
│ │ │ │ │ │ ├── system_version_libpod_parameters.go
│ │ │ │ │ │ └── system_version_libpod_responses.go
│ │ │ │ │ ├── system_compat
│ │ │ │ │ │ ├── system_auth_parameters.go
│ │ │ │ │ │ ├── system_auth_responses.go
│ │ │ │ │ │ ├── system_compat_client.go
│ │ │ │ │ │ ├── system_data_usage_parameters.go
│ │ │ │ │ │ ├── system_data_usage_responses.go
│ │ │ │ │ │ ├── system_events_parameters.go
│ │ │ │ │ │ ├── system_events_responses.go
│ │ │ │ │ │ ├── system_info_parameters.go
│ │ │ │ │ │ ├── system_info_responses.go
│ │ │ │ │ │ ├── system_ping_parameters.go
│ │ │ │ │ │ ├── system_ping_responses.go
│ │ │ │ │ │ ├── system_version_parameters.go
│ │ │ │ │ │ └── system_version_responses.go
│ │ │ │ │ ├── volumes
│ │ │ │ │ │ ├── volume_create_libpod_parameters.go
│ │ │ │ │ │ ├── volume_create_libpod_responses.go
│ │ │ │ │ │ ├── volume_delete_libpod_parameters.go
│ │ │ │ │ │ ├── volume_delete_libpod_responses.go
│ │ │ │ │ │ ├── volume_exists_libpod_parameters.go
│ │ │ │ │ │ ├── volume_exists_libpod_responses.go
│ │ │ │ │ │ ├── volume_inspect_libpod_parameters.go
│ │ │ │ │ │ ├── volume_inspect_libpod_responses.go
│ │ │ │ │ │ ├── volume_list_libpod_parameters.go
│ │ │ │ │ │ ├── volume_list_libpod_responses.go
│ │ │ │ │ │ ├── volume_prune_libpod_parameters.go
│ │ │ │ │ │ ├── volume_prune_libpod_responses.go
│ │ │ │ │ │ └── volumes_client.go
│ │ │ │ │ └── volumes_compat
│ │ │ │ │ │ ├── volume_create_parameters.go
│ │ │ │ │ │ ├── volume_create_responses.go
│ │ │ │ │ │ ├── volume_delete_parameters.go
│ │ │ │ │ │ ├── volume_delete_responses.go
│ │ │ │ │ │ ├── volume_inspect_parameters.go
│ │ │ │ │ │ ├── volume_inspect_responses.go
│ │ │ │ │ │ ├── volume_list_parameters.go
│ │ │ │ │ │ ├── volume_list_responses.go
│ │ │ │ │ │ ├── volume_prune_parameters.go
│ │ │ │ │ │ ├── volume_prune_responses.go
│ │ │ │ │ │ └── volumes_compat_client.go
│ │ │ │ │ └── models
│ │ │ │ │ ├── address.go
│ │ │ │ │ ├── auth_config.go
│ │ │ │ │ ├── authenticate_o_k_body.go
│ │ │ │ │ ├── auto_user_ns_options.go
│ │ │ │ │ ├── bind_options.go
│ │ │ │ │ ├── cgroup_spec.go
│ │ │ │ │ ├── cgroupns_mode.go
│ │ │ │ │ ├── component_version.go
│ │ │ │ │ ├── config.go
│ │ │ │ │ ├── config_reference.go
│ │ │ │ │ ├── conmon_info.go
│ │ │ │ │ ├── consistency.go
│ │ │ │ │ ├── container_basic_config.go
│ │ │ │ │ ├── container_cgroup_config.go
│ │ │ │ │ ├── container_change_response_item.go
│ │ │ │ │ ├── container_create_created_body.go
│ │ │ │ │ ├── container_health_check_config.go
│ │ │ │ │ ├── container_network_config.go
│ │ │ │ │ ├── container_node.go
│ │ │ │ │ ├── container_resource_config.go
│ │ │ │ │ ├── container_security_config.go
│ │ │ │ │ ├── container_size.go
│ │ │ │ │ ├── container_state.go
│ │ │ │ │ ├── container_storage_config.go
│ │ │ │ │ ├── container_store.go
│ │ │ │ │ ├── container_top_o_k_body.go
│ │ │ │ │ ├── container_update_o_k_body.go
│ │ │ │ │ ├── container_wait_o_k_body.go
│ │ │ │ │ ├── container_wait_o_k_body_error.go
│ │ │ │ │ ├── containers_prune_report.go
│ │ │ │ │ ├── create_container_config.go
│ │ │ │ │ ├── device_mapping.go
│ │ │ │ │ ├── device_request.go
│ │ │ │ │ ├── digest.go
│ │ │ │ │ ├── distribution_info.go
│ │ │ │ │ ├── docker_volume_create.go
│ │ │ │ │ ├── driver.go
│ │ │ │ │ ├── driver_data.go
│ │ │ │ │ ├── duration.go
│ │ │ │ │ ├── endpoint_ip_a_m_config.go
│ │ │ │ │ ├── endpoint_resource.go
│ │ │ │ │ ├── endpoint_settings.go
│ │ │ │ │ ├── error_response.go
│ │ │ │ │ ├── file_mode.go
│ │ │ │ │ ├── graph_driver_data.go
│ │ │ │ │ ├── hardware_addr.go
│ │ │ │ │ ├── health.go
│ │ │ │ │ ├── health_check_log.go
│ │ │ │ │ ├── health_check_results.go
│ │ │ │ │ ├── health_config.go
│ │ │ │ │ ├── healthcheck_result.go
│ │ │ │ │ ├── history.go
│ │ │ │ │ ├── history_response_item.go
│ │ │ │ │ ├── host_config.go
│ │ │ │ │ ├── host_info.go
│ │ │ │ │ ├── id_map.go
│ │ │ │ │ ├── id_mapping_options.go
│ │ │ │ │ ├── id_mappings.go
│ │ │ │ │ ├── id_response.go
│ │ │ │ │ ├── image_config.go
│ │ │ │ │ ├── image_delete_response_item.go
│ │ │ │ │ ├── image_import_report.go
│ │ │ │ │ ├── image_load_report.go
│ │ │ │ │ ├── image_metadata.go
│ │ │ │ │ ├── image_store.go
│ │ │ │ │ ├── image_summary.go
│ │ │ │ │ ├── image_volume.go
│ │ │ │ │ ├── info.go
│ │ │ │ │ ├── inspect_additional_network.go
│ │ │ │ │ ├── inspect_blkio_throttle_device.go
│ │ │ │ │ ├── inspect_blkio_weight_device.go
│ │ │ │ │ ├── inspect_container_config.go
│ │ │ │ │ ├── inspect_container_host_config.go
│ │ │ │ │ ├── inspect_container_state.go
│ │ │ │ │ ├── inspect_device.go
│ │ │ │ │ ├── inspect_host_port.go
│ │ │ │ │ ├── inspect_id_mappings.go
│ │ │ │ │ ├── inspect_log_config.go
│ │ │ │ │ ├── inspect_mount.go
│ │ │ │ │ ├── inspect_network_settings.go
│ │ │ │ │ ├── inspect_pod_container_info.go
│ │ │ │ │ ├── inspect_pod_infra_config.go
│ │ │ │ │ ├── inspect_restart_policy.go
│ │ │ │ │ ├── inspect_secret.go
│ │ │ │ │ ├── inspect_ulimit.go
│ │ │ │ │ ├── ip.go
│ │ │ │ │ ├── ip_a_m.go
│ │ │ │ │ ├── ip_a_m_config.go
│ │ │ │ │ ├── ip_mask.go
│ │ │ │ │ ├── ip_net.go
│ │ │ │ │ ├── ipc_mode.go
│ │ │ │ │ ├── isolation.go
│ │ │ │ │ ├── lease_range.go
│ │ │ │ │ ├── libpod_containers_prune_report.go
│ │ │ │ │ ├── libpod_containers_rm_report.go
│ │ │ │ │ ├── libpod_image_summary.go
│ │ │ │ │ ├── libpod_images_pull_report.go
│ │ │ │ │ ├── libpod_images_remove_report.go
│ │ │ │ │ ├── linux_block_i_o.go
│ │ │ │ │ ├── linux_block_i_o_device.go
│ │ │ │ │ ├── linux_cpu.go
│ │ │ │ │ ├── linux_device.go
│ │ │ │ │ ├── linux_device_cgroup.go
│ │ │ │ │ ├── linux_hugepage_limit.go
│ │ │ │ │ ├── linux_interface_priority.go
│ │ │ │ │ ├── linux_memory.go
│ │ │ │ │ ├── linux_network.go
│ │ │ │ │ ├── linux_personality.go
│ │ │ │ │ ├── linux_personality_domain.go
│ │ │ │ │ ├── linux_personality_flag.go
│ │ │ │ │ ├── linux_pids.go
│ │ │ │ │ ├── linux_rdma.go
│ │ │ │ │ ├── linux_resources.go
│ │ │ │ │ ├── linux_throttle_device.go
│ │ │ │ │ ├── linux_weight_device.go
│ │ │ │ │ ├── list_container.go
│ │ │ │ │ ├── list_container_namespaces.go
│ │ │ │ │ ├── list_pod_container.go
│ │ │ │ │ ├── list_pods_report.go
│ │ │ │ │ ├── log_config.go
│ │ │ │ │ ├── mac_address.go
│ │ │ │ │ ├── manifest_add_options.go
│ │ │ │ │ ├── manifest_annotate_options.go
│ │ │ │ │ ├── manifest_modify_options.go
│ │ │ │ │ ├── manifest_modify_report.go
│ │ │ │ │ ├── manifest_remove_options.go
│ │ │ │ │ ├── mount.go
│ │ │ │ │ ├── mount_point.go
│ │ │ │ │ ├── named_volume.go
│ │ │ │ │ ├── namespace.go
│ │ │ │ │ ├── namespace_mode.go
│ │ │ │ │ ├── net_options.go
│ │ │ │ │ ├── network.go
│ │ │ │ │ ├── network_connect.go
│ │ │ │ │ ├── network_connect_options.go
│ │ │ │ │ ├── network_create.go
│ │ │ │ │ ├── network_create_request.go
│ │ │ │ │ ├── network_disconnect.go
│ │ │ │ │ ├── network_mode.go
│ │ │ │ │ ├── network_prune_report.go
│ │ │ │ │ ├── network_resource.go
│ │ │ │ │ ├── network_rm_report.go
│ │ │ │ │ ├── network_settings.go
│ │ │ │ │ ├── networking_config.go
│ │ │ │ │ ├── o_c_i_runtime_info.go
│ │ │ │ │ ├── overlay_volume.go
│ │ │ │ │ ├── p_o_s_i_x_rlimit.go
│ │ │ │ │ ├── peer_info.go
│ │ │ │ │ ├── per_network_options.go
│ │ │ │ │ ├── pid_mode.go
│ │ │ │ │ ├── play_kube_pod.go
│ │ │ │ │ ├── play_kube_report.go
│ │ │ │ │ ├── play_kube_volume.go
│ │ │ │ │ ├── plugin.go
│ │ │ │ │ ├── plugin_config.go
│ │ │ │ │ ├── plugin_config_args.go
│ │ │ │ │ ├── plugin_config_interface.go
│ │ │ │ │ ├── plugin_config_linux_swagger.go
│ │ │ │ │ ├── plugin_config_network.go
│ │ │ │ │ ├── plugin_config_rootfs.go
│ │ │ │ │ ├── plugin_config_user.go
│ │ │ │ │ ├── plugin_device.go
│ │ │ │ │ ├── plugin_env.go
│ │ │ │ │ ├── plugin_interface_type.go
│ │ │ │ │ ├── plugin_mount.go
│ │ │ │ │ ├── plugin_settings.go
│ │ │ │ │ ├── plugins.go
│ │ │ │ │ ├── pod_basic_config.go
│ │ │ │ │ ├── pod_cgroup_config.go
│ │ │ │ │ ├── pod_create_config.go
│ │ │ │ │ ├── pod_create_options.go
│ │ │ │ │ ├── pod_kill_report.go
│ │ │ │ │ ├── pod_network_config.go
│ │ │ │ │ ├── pod_pause_report.go
│ │ │ │ │ ├── pod_prune_report.go
│ │ │ │ │ ├── pod_resource_config.go
│ │ │ │ │ ├── pod_restart_report.go
│ │ │ │ │ ├── pod_rm_report.go
│ │ │ │ │ ├── pod_security_config.go
│ │ │ │ │ ├── pod_spec_generator.go
│ │ │ │ │ ├── pod_start_report.go
│ │ │ │ │ ├── pod_stop_report.go
│ │ │ │ │ ├── pod_storage_config.go
│ │ │ │ │ ├── pod_unpause_report.go
│ │ │ │ │ ├── port.go
│ │ │ │ │ ├── port_binding.go
│ │ │ │ │ ├── port_map.go
│ │ │ │ │ ├── port_mapping.go
│ │ │ │ │ ├── port_set.go
│ │ │ │ │ ├── propagation.go
│ │ │ │ │ ├── prune_report.go
│ │ │ │ │ ├── remote_socket.go
│ │ │ │ │ ├── resources.go
│ │ │ │ │ ├── restart_policy.go
│ │ │ │ │ ├── root_f_s.go
│ │ │ │ │ ├── schema2_health_config.go
│ │ │ │ │ ├── schema2_list.go
│ │ │ │ │ ├── schema2_manifest_descriptor.go
│ │ │ │ │ ├── schema2_platform_spec.go
│ │ │ │ │ ├── secret.go
│ │ │ │ │ ├── secret_create_request.go
│ │ │ │ │ ├── secret_driver_spec.go
│ │ │ │ │ ├── secret_info_report.go
│ │ │ │ │ ├── secret_info_report_compat.go
│ │ │ │ │ ├── secret_spec.go
│ │ │ │ │ ├── secret_version.go
│ │ │ │ │ ├── security_info.go
│ │ │ │ │ ├── service_info.go
│ │ │ │ │ ├── service_update_response.go
│ │ │ │ │ ├── signal.go
│ │ │ │ │ ├── slirp_info.go
│ │ │ │ │ ├── spec_generator.go
│ │ │ │ │ ├── store_info.go
│ │ │ │ │ ├── str_slice.go
│ │ │ │ │ ├── subnet.go
│ │ │ │ │ ├── swag_compat_network_connect_request.go
│ │ │ │ │ ├── swag_compat_network_disconnect_request.go
│ │ │ │ │ ├── swag_network_connect_request.go
│ │ │ │ │ ├── swag_network_create_libpod.go
│ │ │ │ │ ├── system_df_container_report.go
│ │ │ │ │ ├── system_df_image_report.go
│ │ │ │ │ ├── system_df_volume_report.go
│ │ │ │ │ ├── task.go
│ │ │ │ │ ├── throttle_device.go
│ │ │ │ │ ├── tmpfs_options.go
│ │ │ │ │ ├── type.go
│ │ │ │ │ ├── u_t_s_mode.go
│ │ │ │ │ ├── ulimit.go
│ │ │ │ │ ├── userns_mode.go
│ │ │ │ │ ├── version.go
│ │ │ │ │ ├── volume.go
│ │ │ │ │ ├── volume_config_response.go
│ │ │ │ │ ├── volume_create_body.go
│ │ │ │ │ ├── volume_create_options.go
│ │ │ │ │ ├── volume_list_body.go
│ │ │ │ │ ├── volume_list_o_k_body.go
│ │ │ │ │ ├── volume_options.go
│ │ │ │ │ ├── volume_usage_data.go
│ │ │ │ │ └── weight_device.go
│ │ │ ├── labels.go
│ │ │ ├── labels_test.go
│ │ │ ├── network_status.go
│ │ │ ├── podman
│ │ │ │ ├── container.go
│ │ │ │ ├── container_mock.go
│ │ │ │ ├── container_test.go
│ │ │ │ ├── image.go
│ │ │ │ ├── informer.go
│ │ │ │ ├── informer_test.go
│ │ │ │ ├── network.go
│ │ │ │ ├── rest.go
│ │ │ │ ├── rest_test.go
│ │ │ │ ├── version.go
│ │ │ │ ├── volume.go
│ │ │ │ └── volume_test.go
│ │ │ ├── policy_validator.go
│ │ │ ├── policy_validator_mock_test.go
│ │ │ ├── revoke_all.go
│ │ │ ├── revoke_all_test.go
│ │ │ ├── router_create.go
│ │ │ ├── router_create_test.go
│ │ │ ├── router_inspect.go
│ │ │ ├── router_remove.go
│ │ │ ├── router_update.go
│ │ │ ├── serviceinterface_create.go
│ │ │ ├── serviceinterface_create_test.go
│ │ │ ├── serviceinterface_inspect.go
│ │ │ ├── serviceinterface_inspect_test.go
│ │ │ ├── serviceinterface_list.go
│ │ │ ├── serviceinterface_remove.go
│ │ │ ├── serviceinterface_remove_test.go
│ │ │ ├── serviceinterface_update.go
│ │ │ ├── serviceinterface_update_test.go
│ │ │ ├── site_config_create.go
│ │ │ ├── site_config_inspect.go
│ │ │ ├── site_config_remove.go
│ │ │ ├── site_config_test.go
│ │ │ ├── site_config_update.go
│ │ │ ├── token_claim_create.go
│ │ │ ├── token_claim_create_test.go
│ │ │ ├── utils.go
│ │ │ └── utils_test.go
│ │ ├── pkg
│ │ │ ├── apis
│ │ │ │ └── skupper
│ │ │ │ │ ├── register.go
│ │ │ │ │ └── v1alpha1
│ │ │ │ │ ├── doc.go
│ │ │ │ │ ├── register.go
│ │ │ │ │ ├── types.go
│ │ │ │ │ └── zz_generated.deepcopy.go
│ │ │ ├── certs
│ │ │ │ └── certs.go
│ │ │ ├── cleanhttp
│ │ │ │ └── cleanhttp.go
│ │ │ ├── config
│ │ │ │ ├── local.go
│ │ │ │ ├── local_test.go
│ │ │ │ ├── prometheus-web-config.yml.template
│ │ │ │ ├── prometheus.go
│ │ │ │ ├── prometheus.yml.template
│ │ │ │ ├── startsh-podman.template
│ │ │ │ ├── startup.go
│ │ │ │ ├── stopsh-podman.template
│ │ │ │ ├── systemd.go
│ │ │ │ └── systemd_service.template
│ │ │ ├── data
│ │ │ │ ├── http.go
│ │ │ │ ├── http_test.go
│ │ │ │ ├── query.go
│ │ │ │ ├── query_test.go
│ │ │ │ ├── service.go
│ │ │ │ ├── site.go
│ │ │ │ ├── tcp.go
│ │ │ │ └── tcp_test.go
│ │ │ ├── domain
│ │ │ │ ├── egress.go
│ │ │ │ ├── ingress.go
│ │ │ │ ├── kube
│ │ │ │ │ └── link_kube.go
│ │ │ │ ├── link.go
│ │ │ │ ├── podman
│ │ │ │ │ ├── common.go
│ │ │ │ │ ├── component.go
│ │ │ │ │ ├── controller
│ │ │ │ │ │ ├── controller.go
│ │ │ │ │ │ └── site_beacons.go
│ │ │ │ │ ├── credential_handler.go
│ │ │ │ │ ├── credential_handler_test.go
│ │ │ │ │ ├── deployment.go
│ │ │ │ │ ├── ingress.go
│ │ │ │ │ ├── link.go
│ │ │ │ │ ├── link_test.go
│ │ │ │ │ ├── local_config.go
│ │ │ │ │ ├── main_test.go
│ │ │ │ │ ├── network_status.go
│ │ │ │ │ ├── network_status_sample_data.json
│ │ │ │ │ ├── network_status_test.go
│ │ │ │ │ ├── router.go
│ │ │ │ │ ├── router_config_handler.go
│ │ │ │ │ ├── router_config_handler_test.go
│ │ │ │ │ ├── service.go
│ │ │ │ │ ├── service_test.go
│ │ │ │ │ ├── site.go
│ │ │ │ │ ├── site_test.go
│ │ │ │ │ ├── skrouterd.json
│ │ │ │ │ ├── skupper-services.json
│ │ │ │ │ ├── token.go
│ │ │ │ │ ├── token_test.go
│ │ │ │ │ ├── update_common.go
│ │ │ │ │ ├── update_common_test.go
│ │ │ │ │ ├── update_v1_5_4_test.go
│ │ │ │ │ └── update_v1_6_0.go
│ │ │ │ ├── router.go
│ │ │ │ ├── service.go
│ │ │ │ ├── site.go
│ │ │ │ ├── skupper_component.go
│ │ │ │ ├── skupper_deployment.go
│ │ │ │ ├── token.go
│ │ │ │ ├── update.go
│ │ │ │ └── update_test.go
│ │ │ ├── event
│ │ │ │ ├── event.go
│ │ │ │ └── event_test.go
│ │ │ ├── flow
│ │ │ │ ├── collector.go
│ │ │ │ ├── collector_test.go
│ │ │ │ ├── controller.go
│ │ │ │ ├── controller_test.go
│ │ │ │ ├── encoding.go
│ │ │ │ ├── encoding_test.go
│ │ │ │ ├── flow_mem_driver.go
│ │ │ │ ├── flow_mem_driver_test.go
│ │ │ │ ├── messaging.go
│ │ │ │ ├── record.go
│ │ │ │ └── record_test.go
│ │ │ ├── fs
│ │ │ │ └── watcher.go
│ │ │ ├── generated
│ │ │ │ └── client
│ │ │ │ │ ├── clientset
│ │ │ │ │ └── versioned
│ │ │ │ │ │ ├── clientset.go
│ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ ├── fake
│ │ │ │ │ │ ├── clientset_generated.go
│ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ └── register.go
│ │ │ │ │ │ ├── scheme
│ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ └── register.go
│ │ │ │ │ │ └── typed
│ │ │ │ │ │ └── skupper
│ │ │ │ │ │ └── v1alpha1
│ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ ├── fake
│ │ │ │ │ │ ├── doc.go
│ │ │ │ │ │ ├── fake_skupper_client.go
│ │ │ │ │ │ └── fake_skupperclusterpolicy.go
│ │ │ │ │ │ ├── generated_expansion.go
│ │ │ │ │ │ ├── skupper_client.go
│ │ │ │ │ │ └── skupperclusterpolicy.go
│ │ │ │ │ ├── informers
│ │ │ │ │ └── externalversions
│ │ │ │ │ │ ├── factory.go
│ │ │ │ │ │ ├── generic.go
│ │ │ │ │ │ ├── internalinterfaces
│ │ │ │ │ │ └── factory_interfaces.go
│ │ │ │ │ │ └── skupper
│ │ │ │ │ │ ├── interface.go
│ │ │ │ │ │ └── v1alpha1
│ │ │ │ │ │ ├── interface.go
│ │ │ │ │ │ └── skupperclusterpolicy.go
│ │ │ │ │ └── listers
│ │ │ │ │ └── skupper
│ │ │ │ │ └── v1alpha1
│ │ │ │ │ ├── expansion_generated.go
│ │ │ │ │ └── skupperclusterpolicy.go
│ │ │ ├── images
│ │ │ │ ├── image_utils.go
│ │ │ │ └── images.go
│ │ │ ├── kube
│ │ │ │ ├── claims
│ │ │ │ │ ├── claim_create.go
│ │ │ │ │ ├── claim_create_test.go
│ │ │ │ │ ├── claim_verifier.go
│ │ │ │ │ └── claim_verifier_test.go
│ │ │ │ ├── clients.go
│ │ │ │ ├── clusterrolebindings.go
│ │ │ │ ├── clusterroles.go
│ │ │ │ ├── configmaps.go
│ │ │ │ ├── configmaps_test.go
│ │ │ │ ├── containers.go
│ │ │ │ ├── contour.go
│ │ │ │ ├── deploymentconfigs.go
│ │ │ │ ├── deployments.go
│ │ │ │ ├── deployments_test.go
│ │ │ │ ├── envvars.go
│ │ │ │ ├── events.go
│ │ │ │ ├── exec_util.go
│ │ │ │ ├── externalbridge.go
│ │ │ │ ├── ingress.go
│ │ │ │ ├── misc.go
│ │ │ │ ├── namespaces.go
│ │ │ │ ├── networkpolicies.go
│ │ │ │ ├── pods.go
│ │ │ │ ├── podtargetresolver.go
│ │ │ │ ├── qdr
│ │ │ │ │ ├── mgmt.go
│ │ │ │ │ ├── ssl_profile.go
│ │ │ │ │ ├── tls_handler.go
│ │ │ │ │ └── tls_handler_test.go
│ │ │ │ ├── resolver
│ │ │ │ │ ├── contour.go
│ │ │ │ │ ├── ingress.go
│ │ │ │ │ ├── loadbalancer.go
│ │ │ │ │ ├── local.go
│ │ │ │ │ ├── nodeport.go
│ │ │ │ │ ├── resolver.go
│ │ │ │ │ └── route.go
│ │ │ │ ├── rolebindings.go
│ │ │ │ ├── roles.go
│ │ │ │ ├── routes.go
│ │ │ │ ├── secrets.go
│ │ │ │ ├── secrets_test.go
│ │ │ │ ├── serviceaccounts.go
│ │ │ │ ├── serviceingressbindings.go
│ │ │ │ ├── serviceingressbindings_test.go
│ │ │ │ ├── services.go
│ │ │ │ ├── services_test.go
│ │ │ │ ├── site
│ │ │ │ │ ├── context.go
│ │ │ │ │ └── context_test.go
│ │ │ │ └── volumes.go
│ │ │ ├── messaging
│ │ │ │ ├── messaging.go
│ │ │ │ └── mock.go
│ │ │ ├── network
│ │ │ │ ├── network.go
│ │ │ │ ├── network_test.go
│ │ │ │ └── types.go
│ │ │ ├── qdr
│ │ │ │ ├── amqp_mgmt.go
│ │ │ │ ├── amqp_mgmt_mock_test.go
│ │ │ │ ├── messaging.go
│ │ │ │ ├── qdr.go
│ │ │ │ ├── qdr_test.go
│ │ │ │ ├── request.go
│ │ │ │ ├── router_logging.go
│ │ │ │ ├── router_logging_test.go
│ │ │ │ └── skmanage.go
│ │ │ ├── service
│ │ │ │ ├── bindings.go
│ │ │ │ └── bindings_test.go
│ │ │ ├── service_sync
│ │ │ │ ├── encoding.go
│ │ │ │ ├── encoding_test.go
│ │ │ │ ├── messaging.go
│ │ │ │ ├── messaging_test.go
│ │ │ │ ├── service_sync.go
│ │ │ │ └── service_sync_test.go
│ │ │ ├── site
│ │ │ │ └── site.go
│ │ │ ├── utils
│ │ │ │ ├── configs
│ │ │ │ │ ├── config.go
│ │ │ │ │ ├── manifest.go
│ │ │ │ │ └── manifest_test.go
│ │ │ │ ├── formatter
│ │ │ │ │ ├── list.go
│ │ │ │ │ ├── map.go
│ │ │ │ │ └── status.go
│ │ │ │ ├── retry.go
│ │ │ │ ├── retry_test.go
│ │ │ │ ├── spinner.go
│ │ │ │ ├── tcp.go
│ │ │ │ ├── tcp_test.go
│ │ │ │ ├── tlscfg
│ │ │ │ │ └── tls.go
│ │ │ │ ├── utils.go
│ │ │ │ ├── utils_test.go
│ │ │ │ ├── validator
│ │ │ │ │ ├── simple_validator.go
│ │ │ │ │ └── simple_validator_test.go
│ │ │ │ ├── version.go
│ │ │ │ └── version_test.go
│ │ │ └── version
│ │ │ │ └── version.go
│ │ ├── skupper_methods.go
│ │ └── test
│ │ │ └── utils
│ │ │ ├── base
│ │ │ ├── cluster_context.go
│ │ │ ├── cluster_test_runner.go
│ │ │ ├── cluster_test_runner_test.go
│ │ │ ├── env.go
│ │ │ ├── flag.go
│ │ │ ├── interrupt_handler.go
│ │ │ ├── kubeconfig.go
│ │ │ ├── kubeconfig_test.go
│ │ │ ├── skupper.go
│ │ │ └── test_common.go
│ │ │ ├── constants
│ │ │ └── constants.go
│ │ │ ├── env
│ │ │ └── envvars.go
│ │ │ ├── k8s
│ │ │ ├── deployment.go
│ │ │ ├── execute.go
│ │ │ ├── job.go
│ │ │ ├── namespace.go
│ │ │ ├── pod.go
│ │ │ ├── service.go
│ │ │ ├── service_test.go
│ │ │ └── yaml.go
│ │ │ ├── string.go
│ │ │ └── tools
│ │ │ └── curl.go
│ └── utils
│ │ └── skupper
│ │ └── util.go
├── pkg
│ ├── .keep
│ ├── apis
│ │ ├── apis.go
│ │ ├── interconnect
│ │ │ └── v1alpha1
│ │ │ │ ├── cluster.go
│ │ │ │ ├── doc.go
│ │ │ │ ├── link.go
│ │ │ │ ├── register.go
│ │ │ │ ├── service.go
│ │ │ │ └── zz_generated.deepcopy.go
│ │ └── network
│ │ │ └── v1alpha1
│ │ │ ├── doc.go
│ │ │ ├── network.go
│ │ │ ├── networkcluster.go
│ │ │ ├── networklink.go
│ │ │ ├── networkservice.go
│ │ │ ├── register.go
│ │ │ └── zz_generated.deepcopy.go
│ ├── clientset
│ │ └── versioned
│ │ │ ├── clientset.go
│ │ │ ├── fake
│ │ │ ├── clientset_generated.go
│ │ │ ├── doc.go
│ │ │ └── register.go
│ │ │ ├── scheme
│ │ │ ├── doc.go
│ │ │ └── register.go
│ │ │ └── typed
│ │ │ ├── interconnect
│ │ │ └── v1alpha1
│ │ │ │ ├── cluster.go
│ │ │ │ ├── doc.go
│ │ │ │ ├── fake
│ │ │ │ ├── doc.go
│ │ │ │ ├── fake_cluster.go
│ │ │ │ ├── fake_interconnect_client.go
│ │ │ │ ├── fake_link.go
│ │ │ │ └── fake_service.go
│ │ │ │ ├── generated_expansion.go
│ │ │ │ ├── interconnect_client.go
│ │ │ │ ├── link.go
│ │ │ │ └── service.go
│ │ │ └── network
│ │ │ └── v1alpha1
│ │ │ ├── doc.go
│ │ │ ├── fake
│ │ │ ├── doc.go
│ │ │ ├── fake_network.go
│ │ │ ├── fake_network_client.go
│ │ │ ├── fake_networkcluster.go
│ │ │ ├── fake_networklink.go
│ │ │ └── fake_networkservice.go
│ │ │ ├── generated_expansion.go
│ │ │ ├── network.go
│ │ │ ├── network_client.go
│ │ │ ├── networkcluster.go
│ │ │ ├── networklink.go
│ │ │ └── networkservice.go
│ ├── informers
│ │ └── externalversions
│ │ │ ├── factory.go
│ │ │ ├── generic.go
│ │ │ ├── interconnect
│ │ │ ├── interface.go
│ │ │ └── v1alpha1
│ │ │ │ ├── cluster.go
│ │ │ │ ├── interface.go
│ │ │ │ ├── link.go
│ │ │ │ └── service.go
│ │ │ ├── internalinterfaces
│ │ │ └── factory_interfaces.go
│ │ │ └── network
│ │ │ ├── interface.go
│ │ │ └── v1alpha1
│ │ │ ├── interface.go
│ │ │ ├── network.go
│ │ │ ├── networkcluster.go
│ │ │ ├── networklink.go
│ │ │ └── networkservice.go
│ └── listers
│ │ ├── interconnect
│ │ └── v1alpha1
│ │ │ ├── cluster.go
│ │ │ ├── expansion_generated.go
│ │ │ ├── link.go
│ │ │ └── service.go
│ │ └── network
│ │ └── v1alpha1
│ │ ├── expansion_generated.go
│ │ ├── network.go
│ │ ├── networkcluster.go
│ │ ├── networklink.go
│ │ └── networkservice.go
├── requirements.txt
└── test
│ └── e2e
│ └── data
│ ├── cluster
│ ├── cluster-001.yaml
│ ├── cluster-002.yaml
│ ├── cluster-003.yaml
│ ├── cluster-004.yaml
│ └── cluster-005.yaml
│ ├── crds
│ ├── app.orchestrator.io_clusters.yaml
│ ├── app.orchestrator.io_deploymentclusters.yaml
│ └── app.orchestrator.io_deployments.yaml
│ ├── deployment-cluster
│ ├── test-deployment-cluster-1.yaml
│ ├── test-deployment-cluster-2.yaml
│ ├── test-deployment-cluster-3.yaml
│ ├── test-deployment-cluster-4.yaml
│ └── test-deployment-cluster-5.yaml
│ ├── deployment
│ └── test-deployment.yaml
│ ├── namespace
│ ├── cluster-fleet-default-cluster-001-namespace.yaml
│ ├── cluster-fleet-default-cluster-002-namespace.yaml
│ ├── cluster-fleet-default-cluster-003-namespace.yaml
│ ├── cluster-fleet-default-cluster-004-namespace.yaml
│ ├── cluster-fleet-default-cluster-005-namespace.yaml
│ ├── fleet-default-namespace.yaml
│ ├── interconnect-namespace.yaml
│ ├── test-namespace-1.yaml
│ └── test-namespace-2.yaml
│ └── service
│ ├── test-service-cluster-1.yaml
│ └── test-service-cluster-2.yaml
├── app-resource-manager
├── .chartver.yaml
├── .gitignore
├── .golangci.yml
├── .htmllintrc
├── .markdownlintignore
├── .stylelintrc.json
├── Dockerfile
├── LICENSES
│ └── Apache-2.0.txt
├── Makefile
├── README.md
├── REUSE.toml
├── VERSION
├── api
│ ├── nbi
│ │ └── v2
│ │ │ ├── go.mod
│ │ │ ├── go.sum
│ │ │ ├── pkg
│ │ │ └── restClient
│ │ │ │ └── v2
│ │ │ │ ├── client.go
│ │ │ │ └── types.go
│ │ │ ├── resource
│ │ │ └── v2
│ │ │ │ ├── app_workload_resource.pb.go
│ │ │ │ ├── app_workload_resource.pb.validate.go
│ │ │ │ ├── app_workload_resource.proto
│ │ │ │ ├── app_workload_service.pb.go
│ │ │ │ ├── app_workload_service.pb.gw.go
│ │ │ │ ├── app_workload_service.pb.validate.go
│ │ │ │ ├── app_workload_service.proto
│ │ │ │ ├── app_workload_service_grpc.pb.go
│ │ │ │ ├── endpoint_resource.pb.go
│ │ │ │ ├── endpoint_resource.pb.validate.go
│ │ │ │ ├── endpoint_resource.proto
│ │ │ │ ├── endpoint_service.pb.go
│ │ │ │ ├── endpoint_service.pb.gw.go
│ │ │ │ ├── endpoint_service.pb.validate.go
│ │ │ │ ├── endpoint_service.proto
│ │ │ │ ├── endpoint_service_grpc.pb.go
│ │ │ │ ├── pod_resource.pb.go
│ │ │ │ ├── pod_resource.pb.validate.go
│ │ │ │ ├── pod_resource.proto
│ │ │ │ ├── pod_service.pb.go
│ │ │ │ ├── pod_service.pb.gw.go
│ │ │ │ ├── pod_service.pb.validate.go
│ │ │ │ ├── pod_service.proto
│ │ │ │ ├── pod_service_grpc.pb.go
│ │ │ │ ├── vm_resource.pb.go
│ │ │ │ ├── vm_resource.pb.validate.go
│ │ │ │ ├── vm_resource.proto
│ │ │ │ ├── vm_service.pb.go
│ │ │ │ ├── vm_service.pb.gw.go
│ │ │ │ ├── vm_service.pb.validate.go
│ │ │ │ ├── vm_service.proto
│ │ │ │ └── vm_service_grpc.pb.go
│ │ │ └── spec
│ │ │ └── v2
│ │ │ └── openapi.yaml
│ └── spec
│ │ └── v2
│ │ └── openapi.yaml
├── buf.gen.yaml
├── buf.yaml
├── cmd
│ ├── app-resource-manager
│ │ └── main.go
│ ├── rest-proxy
│ │ └── rest-proxy.go
│ └── vnc-proxy
│ │ └── main.go
├── deployments
│ └── app-resource-manager
│ │ ├── .helmignore
│ │ ├── Chart.yaml
│ │ ├── files
│ │ ├── grafana
│ │ │ └── app-resource-manager-dashboard.json
│ │ └── openpolicyagent
│ │ │ └── v2
│ │ │ ├── common.rego
│ │ │ ├── common_test.rego
│ │ │ ├── delete_pod_endpoint.rego
│ │ │ ├── delete_pod_endpoint_test.rego
│ │ │ ├── get_vnc_endpoint.rego
│ │ │ ├── get_vnc_endpoint_test.rego
│ │ │ ├── list_app_workloads_endpoint.rego
│ │ │ ├── list_app_workloads_endpoint_test.rego
│ │ │ ├── list_endpoints.rego
│ │ │ ├── list_endpoints_test.rego
│ │ │ ├── restart_vm_endpoint.rego
│ │ │ ├── restart_vm_endpoint_test.rego
│ │ │ ├── start_vm_endpoint.rego
│ │ │ ├── start_vm_endpoint_test.rego
│ │ │ ├── stop_vm_endpoint.rego
│ │ │ └── stop_vm_endpoint_test.rego
│ │ ├── templates
│ │ ├── NOTES.txt
│ │ ├── NOTES.txt.license
│ │ ├── _helpers.tpl
│ │ ├── configmap.yaml
│ │ ├── deployment-vnc-proxy.yaml
│ │ ├── deployment.yaml
│ │ ├── ingress.yaml
│ │ ├── service.yaml
│ │ ├── serviceaccount.yaml
│ │ └── tests
│ │ │ └── test-connection.yaml
│ │ └── values.yaml
├── go.mod
├── go.sum
├── grafana
│ └── app-resource-manager-dashboard.json
├── internal
│ ├── adm
│ │ ├── client.go
│ │ ├── mocks
│ │ │ └── adm_client_mock.go
│ │ └── utils.go
│ ├── kubernetes
│ │ ├── manager.go
│ │ ├── manager_test.go
│ │ ├── mocks
│ │ │ └── kubernetes_manager_mock.go
│ │ ├── utils.go
│ │ └── utils_test.go
│ ├── kubevirt
│ │ ├── manager.go
│ │ ├── manager_test.go
│ │ ├── mocks
│ │ │ ├── kubevirt_manager_mock.go
│ │ │ ├── kubevirtclient_mock.go
│ │ │ ├── streaminterface_mock.go
│ │ │ ├── virtualmachineinstanceinterface_mock.go
│ │ │ └── virtualmachineinterface_mock.go
│ │ ├── utils.go
│ │ ├── utils_test.go
│ │ ├── vm.go
│ │ ├── vnc.go
│ │ └── vnc_test.go
│ ├── manager
│ │ └── manager.go
│ ├── model
│ │ ├── config.go
│ │ ├── config_test.go
│ │ ├── sb_vm_state.go
│ │ └── sb_vm_state_test.go
│ ├── northbound
│ │ └── services
│ │ │ └── v2
│ │ │ └── resource
│ │ │ ├── app_workload_service.go
│ │ │ ├── app_workload_service_test.go
│ │ │ ├── endpoint_service.go
│ │ │ ├── endpoint_service_test.go
│ │ │ ├── mocks
│ │ │ ├── mock_app_workload_service.go
│ │ │ ├── mock_endpoints_service.go
│ │ │ ├── mock_pod_service.go
│ │ │ └── mock_vm_service.go
│ │ │ ├── pod_service.go
│ │ │ ├── pod_service_test.go
│ │ │ ├── service.go
│ │ │ ├── service_test.go
│ │ │ ├── utils.go
│ │ │ ├── vm_service.go
│ │ │ ├── vm_service_fuzz_test.go
│ │ │ └── vm_service_test.go
│ ├── opa
│ │ ├── opa.go
│ │ └── opa_test.go
│ ├── restproxy
│ │ ├── rest-proxy.go
│ │ └── rest_gateway_fuzz_test.go
│ ├── southbound
│ │ ├── handler.go
│ │ ├── handler_test.go
│ │ └── mocks
│ │ │ └── handler_mock.go
│ ├── utils
│ │ ├── env
│ │ │ ├── utils.go
│ │ │ └── utils_test.go
│ │ ├── k8serrors
│ │ │ ├── k8serrors.go
│ │ │ └── k8serrors_test.go
│ │ └── ratelimiter
│ │ │ ├── util.go
│ │ │ └── util_test.go
│ ├── vncproxy
│ │ ├── manager.go
│ │ └── manager_test.go
│ └── wsproxy
│ │ ├── counter.go
│ │ ├── counter_test.go
│ │ ├── forwarding.go
│ │ ├── forwarding_test.go
│ │ └── mocks
│ │ ├── counter_mock.go
│ │ ├── reader_mock.go
│ │ └── writer_mock.go
├── requirements.txt
├── set-version.sh
├── test
│ ├── configs
│ │ ├── arm_config.yaml
│ │ └── invalid_config.yaml
│ ├── container
│ │ ├── auth_test.go
│ │ ├── endpoint_test.go
│ │ ├── methods_test.go
│ │ └── suite_test.go
│ ├── template.html
│ ├── utils
│ │ └── utils.go
│ └── vm
│ │ ├── auth_test.go
│ │ ├── endpoint_test.go
│ │ ├── methods_test.go
│ │ └── suite_test.go
├── tools
│ └── tools.go
└── vnc-proxy-web-ui
│ ├── README.md
│ ├── keycloak.min.js
│ ├── rfb.js
│ ├── vnc-proxy-index.html
│ ├── vnc-proxy-main.js
│ └── vnc-proxy-styles.css
├── app-service-proxy
├── .gitignore
├── .golangci.yml
├── .htmllintrc
├── .markdownlintignore
├── .stylelintrc.json
├── Dockerfile
├── LICENSES
│ └── Apache-2.0.txt
├── Makefile
├── PROJECT
├── README.md
├── REUSE.toml
├── VERSION
├── cmd
│ └── app-service-proxy
│ │ └── main.go
├── deployments
│ └── app-service-proxy
│ │ ├── .helmignore
│ │ ├── Chart.yaml
│ │ ├── files
│ │ └── openpolicyagent
│ │ │ ├── allow.rego
│ │ │ └── allow_test.rego
│ │ ├── templates
│ │ ├── NOTES.txt
│ │ ├── _helpers.tpl
│ │ ├── configmap.yaml
│ │ ├── deployment.yaml
│ │ ├── service.yaml
│ │ └── serviceaccount.yaml
│ │ └── values.yaml
├── go.mod
├── go.sum
├── hadolint.yml
├── internal
│ ├── admclient
│ │ ├── admclient.go
│ │ └── utils.go
│ ├── middleware
│ │ ├── middleware.go
│ │ ├── middleware_suite_test.go
│ │ └── middleware_test.go
│ ├── rbac
│ │ └── rbac.go
│ └── server
│ │ ├── fuzztests
│ │ └── server_fuzz_test.go
│ │ ├── server.go
│ │ ├── server_suite_test.go
│ │ ├── server_test.go
│ │ ├── transport.go
│ │ └── transport_test.go
├── requirements.txt
└── web-login
│ ├── README.md
│ ├── app-service-proxy-index.html
│ ├── app-service-proxy-keycloak.min.js
│ ├── app-service-proxy-main.js
│ └── app-service-proxy-styles.css
├── common.mk
├── requirements.txt
├── test-common-utils
├── .gitignore
├── .golangci.yml
├── LICENSES
│ └── Apache-2.0.txt
├── Makefile
├── REUSE.toml
├── VERSION
├── go.mod
├── go.sum
├── pkg
│ ├── auth
│ │ └── auth.go
│ ├── clients
│ │ └── clients.go
│ ├── deployment
│ │ └── deploy.go
│ ├── git
│ │ └── git.go
│ ├── loader
│ │ └── catalog-loader.go
│ ├── portforwarding
│ │ └── portforwarding.go
│ └── types
│ │ └── common_types.go
└── requirements.txt
├── trivy.yaml
└── version.mk
/.dockerignore:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | #
3 | # SPDX-License-Identifier: Apache-2.0
4 |
5 | *
6 |
7 | !/common.mk
8 | !/version.mk
9 |
--------------------------------------------------------------------------------
/.github/CODEOWNERS:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | #
3 | # SPDX-License-Identifier: Apache-2.0
4 |
5 | # These owners will be the default owners for everything in the repo. Unless a
6 | # later match takes precedence, these owners will be requested for review when
7 | # someone opens a pull request.
8 |
9 | # Everything requires team review by default
10 | * @badhrinathpa @pudelkoM @cgoea @ajaythakurintel @adibrastegarnia @SeanCondon @scottmbaker @guptagunjan @sys-devops-approve
11 |
--------------------------------------------------------------------------------
/.github/PULL_REQUEST_TEMPLATE.md:
--------------------------------------------------------------------------------
1 | ## Description
2 |
3 | Describe the purpose of this pull request.
4 |
5 | ## Changes
6 |
7 | List the changes you have made.
8 |
9 | ## Additional Information
10 |
11 | Include any additional information, such as how to test your changes.
12 |
13 | ## Checklist
14 |
15 | - [ ] Tests passed
16 | - [ ] Documentation updated
17 |
--------------------------------------------------------------------------------
/.github/dependabot.yml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2025 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | ---
5 | version: 2
6 | updates:
7 | - package-ecosystem: "gomod"
8 | directories:
9 | - "/"
10 | schedule:
11 | interval: daily
12 | open-pull-requests-limit: 10
13 | commit-message:
14 | prefix: "[gomod] "
15 | - package-ecosystem: "github-actions"
16 | directory: "/"
17 | schedule:
18 | interval: daily
19 | open-pull-requests-limit: 10
20 | commit-message:
21 | prefix: "[gha] "
22 | - package-ecosystem: "docker"
23 | directories:
24 | - "/"
25 | schedule:
26 | interval: daily
27 | open-pull-requests-limit: 10
28 | commit-message:
29 | prefix: "[docker] "
30 |
--------------------------------------------------------------------------------
/.github/workflows/adm-component-test.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # SPDX-FileCopyrightText: (C) 2025 Intel Corporation
3 | # SPDX-License-Identifier: Apache-2.0
4 |
5 | name: ADM Component Tests
6 | on:
7 | pull_request:
8 | types: [labeled]
9 | schedule:
10 | - cron: "0 0 * * *" # Run every day at midnight
11 | workflow_dispatch: # Run on manual trigger
12 | inputs:
13 | run-adm:
14 | description: 'Run App Deployment Manager component tests'
15 | required: true
16 | type: boolean
17 | default: false
18 | emf-branch:
19 | description: 'The branch, tag or SHA to checkout EMF'
20 | required: true
21 | type: string
22 | default: '51d847c5b3a831454981f5fce7cecbbe1ade5e87'
23 | permissions:
24 | contents: read
25 |
26 |
27 | jobs:
28 | component-test-adm:
29 | if: ${{ inputs.run-adm || github.event_name == 'schedule' || github.event.label.name == 'run-adm-component-tests' }}
30 | name: ADM Component Test
31 | uses: ./.github/workflows/common-comp-tests.yml
32 | with:
33 | component: app-deployment-manager
34 | use-enic: true
35 | emf-branch: ${{ inputs.emf-branch || '51d847c5b3a831454981f5fce7cecbbe1ade5e87' }}
36 | secrets: inherit # zizmor: ignore[secrets-inherit]
37 |
--------------------------------------------------------------------------------
/.github/workflows/arm-component-test.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # SPDX-FileCopyrightText: (C) 2025 Intel Corporation
3 | # SPDX-License-Identifier: Apache-2.0
4 |
5 | name: ARM Component Tests
6 | on:
7 | pull_request:
8 | types: [labeled]
9 | schedule:
10 | - cron: "0 0 * * *" # Run every day at midnight
11 | workflow_dispatch: # Run on manual trigger
12 | inputs:
13 | run-arm:
14 | description: 'Run App Resource Manager component tests'
15 | required: true
16 | type: boolean
17 | default: false
18 | emf-branch:
19 | description: 'The branch, tag or SHA to checkout EMF'
20 | required: true
21 | type: string
22 | default: '51d847c5b3a831454981f5fce7cecbbe1ade5e87'
23 | permissions:
24 | contents: read
25 |
26 | jobs:
27 | component-test-arm:
28 | if: ${{ inputs.run-arm || github.event_name == 'schedule' || github.event.label.name == 'run-arm-component-tests' }}
29 | name: ARM Component Test
30 | uses: ./.github/workflows/common-comp-tests.yml
31 | with:
32 | component: app-resource-manager
33 | use-enic: true
34 | emf-branch: ${{ inputs.emf-branch || '51d847c5b3a831454981f5fce7cecbbe1ade5e87' }}
35 | secrets: inherit # zizmor: ignore[secrets-inherit]
--------------------------------------------------------------------------------
/.github/workflows/auto-close.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # SPDX-FileCopyrightText: (C) 2025 Intel Corporation
3 | # SPDX-License-Identifier: Apache-2.0
4 |
5 | name: Stale Pull Requests
6 |
7 | # After 30 days of no activity on a PR, the PR should be marked as stale,
8 | # a comment made on the PR informing the author of the new status,
9 | # and closed after 15 days if there is no further activity from the change to stale state.
10 | on:
11 | schedule:
12 | - cron: '30 1 * * *' # run every day
13 | workflow_dispatch: {}
14 |
15 | permissions:
16 | contents: read
17 |
18 | jobs:
19 | stale-auto-close:
20 | runs-on: ${{ github.repository_owner == 'intel' && 'intel-ubuntu-latest' || 'ubuntu-latest' }}
21 | steps:
22 | - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
23 | with:
24 | repo-token: ${{ secrets.GITHUB_TOKEN }}
25 | stale-pr-message: 'This pull request is stale because it has been open 30 days with no activity. Make a comment or update the PR to avoid closing PR after 15 days.'
26 | days-before-pr-stale: 30
27 | days-before-pr-close: 15
28 | remove-pr-stale-when-updated: 'true'
29 | close-pr-message: 'This pull request was automatically closed due to inactivity'
--------------------------------------------------------------------------------
/.github/workflows/auto-update.yml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2025 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | ---
5 |
6 | name: Auto Update PR
7 |
8 | # On push to the main branch and support branches, update any branches that are out of date
9 | # and have auto-merge enabled. If the branch is currently out of date with the base branch,
10 | # it must be first manually updated and then will be kept up to date on future runs.
11 | on:
12 | push:
13 | branches:
14 | - main
15 | - release-*
16 |
17 | permissions: {}
18 |
19 | concurrency:
20 | group: ${{ github.workflow }}-${{ github.ref }}
21 | cancel-in-progress: true
22 |
23 | jobs:
24 | update-pull-requests:
25 | permissions:
26 | contents: read
27 | pull-requests: write
28 | runs-on: ubuntu-latest
29 |
30 | steps:
31 | - name: Checkout repository
32 | uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
33 | with:
34 | persist-credentials: false
35 |
36 | - name: Update pull requests
37 | uses: open-edge-platform/orch-ci/.github/actions/pr_updater@37eef2d2a0909dfe8ff26bb0730ab2f13dfbcaf6 # 0.1.25
38 | with:
39 | github_token: ${{ secrets.SYS_ORCH_GITHUB }}
--------------------------------------------------------------------------------
/.github/workflows/post-merge-asp.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | # SPDX-FileCopyrightText: (C) 2025 Intel Corporation
3 | # SPDX-License-Identifier: Apache-2.0
4 |
5 | name: Post-Merge App Service Proxy
6 |
7 | on:
8 | push:
9 | branches:
10 | - main
11 | - release-*
12 | paths:
13 | - 'app-service-proxy/**'
14 | workflow_dispatch:
15 |
16 | permissions: {}
17 |
18 | jobs:
19 | post-merge-pipeline:
20 | permissions:
21 | contents: read
22 | security-events: write
23 | id-token: write
24 | uses: open-edge-platform/orch-ci/.github/workflows/post-merge.yml@37eef2d2a0909dfe8ff26bb0730ab2f13dfbcaf6 # 0.1.25
25 | with:
26 | run_version_check: true
27 | run_dep_version_check: false
28 | run_build: true
29 | run_docker_build: true
30 | run_docker_push: true
31 | run_version_tag: true
32 | run_helm_build: true
33 | run_helm_push: true
34 | prefix_tag_separator: "/"
35 | project_folder: "app-service-proxy"
36 | secrets:
37 | SYS_ORCH_GITHUB: ${{ secrets.SYS_ORCH_GITHUB }}
38 | COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
39 | COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
40 | NO_AUTH_ECR_PUSH_USERNAME: ${{ secrets.NO_AUTH_ECR_PUSH_USERNAME }}
41 | NO_AUTH_ECR_PUSH_PASSWD: ${{ secrets.NO_AUTH_ECR_PUSH_PASSWD }}
42 | MSTEAMS_WEBHOOK: ${{ secrets.TEAMS_WEBHOOK }}
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | #
3 | # SPDX-License-Identifier: Apache-2.0
4 |
5 | # jetbrains
6 | .idea
7 | .vscode
8 | .DS_Store
9 | vendor
10 | venv*
11 | *.log
12 | workspace
13 |
14 | *.lock
15 | *.tgz
16 |
17 | */out/**
18 | */bin/**
19 | */build/_output/**
20 |
21 | app-deployment-manager/config/
22 | */test-report.json
23 | # output from make test
24 | */cover.out
25 | */coverage.html
26 | */coverage.xml
27 | app-deployment-manager/pkg/utils/tmpdir/
28 |
29 | # output from Go fuzz tests
30 | app-deployment-manager/internal/northbound/fuzztests/testdata/
31 | app-resource-manager/internal/northbound/services/v2/resource/testdata/
32 | app-service-proxy/internal/server/fuzztests/testdata/
33 |
--------------------------------------------------------------------------------
/.markdownlint.yml:
--------------------------------------------------------------------------------
1 | ---
2 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
3 | # SPDX-License-Identifier: Apache-2.0
4 | default: true
5 | MD004:
6 | style: dash
7 | MD010:
8 | # Code blocks may have hard tabs.
9 | code_blocks: false
10 | MD013:
11 | line_length: 120 # Max line length checking.
12 | code_blocks: false
13 | MD025:
14 | # Ignore the front matter title. Pages still need a top level header (#).
15 | front_matter_title: ""
16 | MD029:
17 | style: ordered
18 | MD033:
19 | allowed_elements:
20 | - ref # allow hugo relative reference links
21 | - br # allow mermaid
to create new line
22 | - a # allow anchors created by protoc-gen-doc and similar tools
23 | - span
24 |
--------------------------------------------------------------------------------
/.markdownlintignore:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2025 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | SECURITY.md
5 | CODE_OF_CONDUCT.md
6 | CONTRIBUTING.md
7 | PULL_REQUEST_TEMPLATE.md
8 | ci/*
9 |
--------------------------------------------------------------------------------
/REUSE.toml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2025 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | version = 1
5 |
6 | [[annotations]]
7 | path = ["VERSION", ".github/PULL_REQUEST_TEMPLATE.md"]
8 | precedence = "aggregate"
9 | SPDX-FileCopyrightText = "2025 Intel Corporation"
10 | SPDX-License-Identifier = "Apache-2.0"
11 |
--------------------------------------------------------------------------------
/SECURITY.md:
--------------------------------------------------------------------------------
1 |
5 |
6 | # Security Policy
7 | Intel is committed to rapidly addressing security vulnerabilities affecting our customers and providing clear guidance on the solution, impact, severity and mitigation.
8 |
9 | ## Reporting a Vulnerability
10 | Please report any security vulnerabilities in this project utilizing the guidelines [here](https://www.intel.com/content/www/us/en/security-center/vulnerability-handling-guidelines.html).
--------------------------------------------------------------------------------
/VERSION:
--------------------------------------------------------------------------------
1 | 0.0.0-dev
2 |
--------------------------------------------------------------------------------
/app-deployment-manager/.golangci.yml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | #
3 | # SPDX-License-Identifier: Apache-2.0
4 |
5 | run:
6 | # Autogenerated files take too much time and memory to load,
7 | # even if we skip them with -skip-dirs or -skip-dirs;
8 | # or mark them as generated; or use nolint annotations.
9 | # So we define this tag and use it in the autogenerated files.
10 | build-tags:
11 | - codeanalysis
12 | # Do not run linters on unit-test files
13 | tests: false
14 |
15 | linters:
16 | enable:
17 | - gofmt
18 | - revive
19 | - misspell
20 | - typecheck
21 | - errcheck
22 | - dogsled
23 | - unconvert
24 | - nakedret
25 | - copyloopvar
26 | - gosec
27 |
28 | issues:
29 | exclude:
30 | - Error return value of `.*Close` is not checked
31 | - Error return value of `.*Flush` is not checked
32 | exclude-dirs:
33 | - api/
34 |
35 |
--------------------------------------------------------------------------------
/app-deployment-manager/REUSE.toml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2025 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | version = 1
5 |
6 | [[annotations]]
7 | path = ["VERSION", "**.json",
8 | "**go.sum", "artifacts/**", "PROJECT", "**VERSION", "deployment/charts/app-deployment-crd/templates/*",
9 | "api/spec/*", "api/nbi/v2/spec/**", "api/nbi/v2/go.mod", "api/nbi/v2/deployment/v1/**",
10 | "api/nbi/v2/pkg/restClient/**",
11 | "internal/catalogclient/mockery/**", "internal/grafana/mockery/**",
12 | "internal/catalogclient/mocks/m*.go",
13 | "config/certmanager/kustom*.yaml",
14 | "config/**",
15 | ]
16 | precedence = "aggregate"
17 | SPDX-FileCopyrightText = "2025 Intel Corporation"
18 | SPDX-License-Identifier = "Apache-2.0"
19 |
--------------------------------------------------------------------------------
/app-deployment-manager/VERSION:
--------------------------------------------------------------------------------
1 | 2.4.15
2 |
--------------------------------------------------------------------------------
/app-deployment-manager/api/nbi/VERSION:
--------------------------------------------------------------------------------
1 | 2.4.3
2 |
--------------------------------------------------------------------------------
/app-deployment-manager/api/nbi/v2/go.mod:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 |
5 | module github.com/open-edge-platform/app-orch-deployment/app-deployment-manager/api/nbi/v2
6 |
7 | go 1.23.0
8 |
9 | toolchain go1.23.1
10 |
11 | require (
12 | buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.34.2-20240717164558-a6c49f84cc0f.2
13 | github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0
14 | github.com/oapi-codegen/runtime v1.1.1
15 | google.golang.org/genproto/googleapis/api v0.0.0-20240610135401-a8a62080eff3
16 | google.golang.org/grpc v1.64.1
17 | google.golang.org/protobuf v1.34.2
18 | )
19 |
20 | require (
21 | github.com/apapsch/go-jsonmerge/v2 v2.0.0 // indirect
22 | github.com/google/uuid v1.6.0 // indirect
23 | golang.org/x/net v0.38.0 // indirect
24 | golang.org/x/sys v0.31.0 // indirect
25 | golang.org/x/text v0.23.0 // indirect
26 | google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 // indirect
27 | )
28 |
--------------------------------------------------------------------------------
/app-deployment-manager/api/v1beta1/groupversion_info.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 |
5 | // Package v1beta1 contains API Schema definitions for the app v1beta1 API group
6 | // +kubebuilder:object:generate=true
7 | // +groupName=app.edge-orchestrator.intel.com
8 | package v1beta1
9 |
10 | import (
11 | "k8s.io/apimachinery/pkg/runtime/schema"
12 | "sigs.k8s.io/controller-runtime/pkg/scheme"
13 | )
14 |
15 | var (
16 | // GroupVersion is group version used to register these objects
17 | GroupVersion = schema.GroupVersion{Group: "app.edge-orchestrator.intel.com", Version: "v1beta1"}
18 |
19 | // SchemeBuilder is used to add go types to the GroupVersionKind scheme
20 | SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
21 |
22 | // AddToScheme adds the types in this group-version to the given scheme.
23 | AddToScheme = SchemeBuilder.AddToScheme
24 |
25 | DeploymentsResource = "deployments"
26 | DeploymentClustersResource = "deploymentclusters"
27 | ClustersResource = "clusters"
28 | )
29 |
--------------------------------------------------------------------------------
/app-deployment-manager/buf.gen.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2025 Intel Corporation
2 | #
3 | # SPDX-License-Identifier: Apache-2.0
4 |
5 | version: v2
6 | managed:
7 | enabled: true
8 | disable:
9 | - file_option: go_package
10 | module: buf.build/googleapis/googleapis
11 | - file_option: go_package
12 | module: buf.build/grpc-ecosystem/grpc-gateway
13 | - file_option: go_package
14 | module: buf.build/bufbuild/protovalidate
15 | override:
16 | - file_option: go_package_prefix
17 | value: github.com/open-edge-platform/app-orch-deployment/app-deployment-manager/api/nbi/v2
18 | plugins:
19 | - remote: buf.build/protocolbuffers/go:v1.28.1
20 | out: api/nbi/v2
21 | opt: paths=source_relative
22 | - remote: buf.build/grpc/go:v1.2.0
23 | out: api/nbi/v2
24 | opt:
25 | - paths=source_relative
26 | - require_unimplemented_servers=false
27 | - local: protoc-gen-openapi
28 | out: api/nbi/v2/spec
29 | opt:
30 | - title=Application Deployment Manager API
31 | - version=2.0.0
32 | - default_response=false
33 | - enum_type=string
34 | - description=Application Deployment Manager service providing operations for deploying and managing applications.
35 | strategy: all
36 | - remote: buf.build/grpc-ecosystem/gateway:v2.15.2
37 | out: api/nbi/v2
38 | opt: paths=source_relative
39 |
--------------------------------------------------------------------------------
/app-deployment-manager/buf.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2025 Intel Corporation
2 | #
3 | # SPDX-License-Identifier: Apache-2.0
4 |
5 | version: v2
6 | modules:
7 | - path: api/nbi/v2
8 | deps:
9 | - buf.build/bufbuild/protovalidate
10 | - buf.build/googleapis/googleapis
11 | lint:
12 | use:
13 | - STANDARD
14 | - ENUM_FIRST_VALUE_ZERO
15 | except:
16 | - FIELD_NOT_REQUIRED
17 | - PACKAGE_NO_IMPORT_CYCLE
18 | - ENUM_VALUE_PREFIX
19 | - ENUM_ZERO_VALUE_SUFFIX
20 | rpc_allow_google_protobuf_empty_responses: true
21 | disallow_comment_ignores: true
22 | breaking:
23 | use:
24 | - FILE
25 | except:
26 | - EXTENSION_NO_DELETE
27 | - FIELD_SAME_DEFAULT
28 |
--------------------------------------------------------------------------------
/app-deployment-manager/cmd/app-deployment-manager/main.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | // SPDX-License-Identifier: Apache-2.0
3 |
4 | package main
5 |
6 | import (
7 | "flag"
8 |
9 | "github.com/open-edge-platform/app-orch-deployment/app-deployment-manager/internal/manager"
10 | _ "github.com/open-edge-platform/orch-library/go/dazl/zap"
11 | )
12 |
13 | func main() {
14 | caPath := flag.String("caPath", "", "path to CA certificate")
15 | keyPath := flag.String("keyPath", "", "path to client private key")
16 | certPath := flag.String("certPath", "", "path to client certificate")
17 | kubeconfig := flag.String("kubeconfig", "", "path to kubeconfig")
18 | flag.Parse()
19 |
20 | ready := make(chan bool)
21 | cfg := manager.Config{
22 | CAPath: *caPath,
23 | KeyPath: *keyPath,
24 | CertPath: *certPath,
25 | GRPCPort: 8080,
26 | Kubeconfig: *kubeconfig,
27 | }
28 |
29 | mgr := manager.NewManager(cfg)
30 | mgr.Run()
31 | <-ready
32 | }
33 |
--------------------------------------------------------------------------------
/app-deployment-manager/controllers/controller.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 |
5 | package controllers
6 |
7 | import (
8 | "k8s.io/apimachinery/pkg/runtime"
9 | "k8s.io/client-go/rest"
10 | "k8s.io/client-go/tools/record"
11 | "sigs.k8s.io/controller-runtime/pkg/cache"
12 | "sigs.k8s.io/controller-runtime/pkg/client"
13 | "sigs.k8s.io/controller-runtime/pkg/manager"
14 | )
15 |
16 | func New(name string, mgr manager.Manager) *Controller {
17 | return &Controller{
18 | Client: mgr.GetClient(),
19 | Cache: mgr.GetCache(),
20 | Scheme: mgr.GetScheme(),
21 | Config: mgr.GetConfig(),
22 | Events: mgr.GetEventRecorderFor(name),
23 | }
24 | }
25 |
26 | type ManagedController interface {
27 | SetupWithManager(mgr manager.Manager) error
28 | }
29 |
30 | type Controller struct {
31 | client.Client
32 | Cache cache.Cache
33 | Scheme *runtime.Scheme
34 | Config *rest.Config
35 | Events record.EventRecorder
36 | }
37 |
--------------------------------------------------------------------------------
/app-deployment-manager/controllers/license.go.txt:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
--------------------------------------------------------------------------------
/app-deployment-manager/deployment/charts/app-deployment-crd/.helmignore:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | #
3 | # SPDX-License-Identifier: Apache-2.0
4 |
5 | # Patterns to ignore when building packages.
6 | # This supports shell glob matching, relative path matching, and
7 | # negation (prefixed with !). Only one pattern per line.
8 | .DS_Store
9 |
10 | # Common VCS dirs
11 | .git/
12 | .gitignore
13 | .bzr/
14 | .bzrignore
15 | .hg/
16 | .hgignore
17 | .svn/
18 |
19 | # Common backup files
20 | *.swp
21 | *.bak
22 | *.tmp
23 | *~
24 |
25 | # Various IDEs
26 | .project
27 | .idea/
28 | *.tmproj
29 |
--------------------------------------------------------------------------------
/app-deployment-manager/deployment/charts/app-deployment-crd/Chart.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 - 2025 Intel Corporation
2 | #
3 | # SPDX-License-Identifier: Apache-2.0
4 | ---
5 | apiVersion: v2
6 | description: App Deployment CustomResourceDefinitions
7 | name: app-deployment-crd
8 | # Correct version will be added by "make helm-package" from VERSION
9 | version: 2.4.15
10 | annotations:
11 | revision: "eb9c779"
12 | created: "2025-06-04T15:48:28Z"
13 | appVersion: 2.4.15
14 |
--------------------------------------------------------------------------------
/app-deployment-manager/deployment/charts/app-deployment-crd/values.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | #
3 | # SPDX-License-Identifier: Apache-2.0
4 |
5 | # This file is intentionally empty
6 |
--------------------------------------------------------------------------------
/app-deployment-manager/deployment/charts/app-deployment-manager/.helmignore:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | #
3 | # SPDX-License-Identifier: Apache-2.0
4 |
5 | # Patterns to ignore when building packages.
6 | # This supports shell glob matching, relative path matching, and
7 | # negation (prefixed with !). Only one pattern per line.
8 | .DS_Store
9 |
10 | # Common VCS dirs
11 | .git/
12 | .gitignore
13 | .bzr/
14 | .bzrignore
15 | .hg/
16 | .hgignore
17 | .svn/
18 |
19 | # Common backup files
20 | *.swp
21 | *.bak
22 | *.tmp
23 | *~
24 |
25 | # Various IDEs
26 | .project
27 | .idea/
28 | *.tmproj
29 |
--------------------------------------------------------------------------------
/app-deployment-manager/deployment/charts/app-deployment-manager/Chart.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 - 2025 Intel Corporation
2 | #
3 | # SPDX-License-Identifier: Apache-2.0
4 | ---
5 | apiVersion: v2
6 | description: App Deployment Manager
7 | name: app-deployment-manager
8 | # Correct version will be added by "make helm-package" from VERSION
9 | version: 2.4.15
10 | annotations:
11 | revision: "eb9c779"
12 | created: "2025-06-04T15:48:28Z"
13 | appVersion: 2.4.15
14 |
--------------------------------------------------------------------------------
/app-deployment-manager/deployment/charts/app-deployment-manager/files/openpolicyagent/common.rego:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | package deploymentv1
5 |
6 | import future.keywords.in
7 |
8 | hasWriteAccess if {
9 | projectRole := sprintf("%s_ao-rw", [input.metadata.activeprojectid[0]])
10 | some role in input.metadata["realm_access/roles"] # iteration
11 | [projectRole][_] == role
12 | }
13 |
14 | hasReadAccess if {
15 | projectRole := sprintf("%s_ao-rw", [input.metadata.activeprojectid[0]])
16 | some role in input.metadata["realm_access/roles"] # iteration
17 | [projectRole][_] == role
18 | }
19 |
20 | hasWriteAccess if {
21 | projectRole := "ao-m2m-rw"
22 | some role in input.metadata["realm_access/roles"] # iteration
23 | [projectRole][_] == role
24 | }
25 |
26 | hasReadAccess if {
27 | projectRole := "ao-m2m-rw"
28 | some role in input.metadata["realm_access/roles"] # iteration
29 | [projectRole][_] == role
30 | }
--------------------------------------------------------------------------------
/app-deployment-manager/deployment/charts/app-deployment-manager/files/openpolicyagent/common_test.rego:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | package deploymentv1
5 |
6 | test_has_write_access if {
7 | hasWriteAccess with input as {
8 | "request": {
9 | "displayName": "test display name",
10 | "publisherName": "intel",
11 | "profileName": "testing",
12 | "appVersion": "0.1.1",
13 | "appName": "test-name",
14 | "overrideValues": [{
15 | "appName": "test-wordpress",
16 | "targetNamespace": "test-targetnamespace",
17 | "values": {"service": {"type": "test-type"}},
18 | }],
19 | "targetClusters": [{
20 | "appName": "wordpress",
21 | "labels": {"color": "red"},
22 | }],
23 | },
24 | "metadata": {"realm_access/roles": [
25 | "default-roles-master",
26 | "offline_access",
27 | "ao-m2m-rw",
28 | "uma_authorization",
29 | ]},
30 | }
31 | }
32 |
33 | test_has_read_access if {
34 | hasReadAccess with input as {
35 | "request": {"depl_id": "5d0cef5c-9981-4987-a67e-3e207783218b"},
36 | "metadata": {"realm_access/roles": [
37 | "default-roles-master",
38 | "offline_access",
39 | "ao-m2m-rw",
40 | "uma_authorization",
41 | ]},
42 | }
43 | }
44 |
--------------------------------------------------------------------------------
/app-deployment-manager/deployment/charts/app-deployment-manager/files/openpolicyagent/create.rego:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | package deploymentv1
5 |
6 | import future.keywords.in
7 |
8 | CreateDeploymentRequest if {
9 | hasWriteAccess
10 | }
11 |
--------------------------------------------------------------------------------
/app-deployment-manager/deployment/charts/app-deployment-manager/files/openpolicyagent/delete.rego:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | package deploymentv1
5 |
6 | import future.keywords.in
7 |
8 | DeleteDeploymentRequest if {
9 | hasWriteAccess
10 | }
11 |
--------------------------------------------------------------------------------
/app-deployment-manager/deployment/charts/app-deployment-manager/files/openpolicyagent/delete_test.rego:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | package deploymentv1
5 |
6 | # delete deployment with app-deployment-manager-write role
7 | test_delete_deployment_write_role if {
8 | DeleteDeploymentRequest with input as {
9 | "request": {"depl_id": "5d0cef5c-9981-4987-a67e-3e207783218b"},
10 | "metadata": {"realm_access/roles": [
11 | "default-roles-master",
12 | "offline_access",
13 | "ao-m2m-rw",
14 | "uma_authorization",
15 | ]},
16 | }
17 | }
18 |
--------------------------------------------------------------------------------
/app-deployment-manager/deployment/charts/app-deployment-manager/files/openpolicyagent/get.rego:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | package deploymentv1
5 |
6 | import future.keywords.in
7 |
8 | GetDeploymentRequest if {
9 | hasReadAccess
10 | }
11 |
12 | GetDeploymentsStatusRequest if {
13 | hasReadAccess
14 | }
15 |
16 | GetClusterRequest if {
17 | hasReadAccess
18 | }
19 |
--------------------------------------------------------------------------------
/app-deployment-manager/deployment/charts/app-deployment-manager/files/openpolicyagent/get_app_namespace.rego:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | package deploymentv1
5 |
6 | import future.keywords.in
7 |
8 | GetAppNamespaceRequest if {
9 | hasReadAccess
10 | }
11 |
--------------------------------------------------------------------------------
/app-deployment-manager/deployment/charts/app-deployment-manager/files/openpolicyagent/get_app_namespace_test.rego:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | package deploymentv1
5 |
6 | # get app namespace with ao-m2m-rw
7 | #
8 | # ao-m2m-rw
9 | #
10 | test_get_app_namespace_read_role if {
11 | GetAppNamespaceRequest with input as {
12 | "request": {"app_id": "b-bf3059c9-a156-5a24-841c-37957ec6d185"},
13 | "metadata": {"realm_access/roles": [
14 | "default-roles-master",
15 | "offline_access",
16 | "ao-m2m-rw",
17 | "uma_authorization",
18 | ]},
19 | }
20 | }
21 |
--------------------------------------------------------------------------------
/app-deployment-manager/deployment/charts/app-deployment-manager/files/openpolicyagent/get_kubeconfig.rego:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | package deploymentv1
5 |
6 | import future.keywords.in
7 |
8 | GetKubeConfigRequest if {
9 | hasReadAccess
10 | }
11 |
--------------------------------------------------------------------------------
/app-deployment-manager/deployment/charts/app-deployment-manager/files/openpolicyagent/get_kubeconfig_test.rego:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | package deploymentv1
5 |
6 | # get kubeConfig with ao-m2m-rw
7 | #
8 | # ao-m2m-rw
9 | test_get_kube_config_read_role if {
10 | GetKubeConfigRequest with input as {
11 | "request": {"cluster_id": "cluster-46f4a3485e28"},
12 | "metadata": {"realm_access/roles": [
13 | "default-roles-master",
14 | "offline_access",
15 | "ao-m2m-rw",
16 | "uma_authorization",
17 | ]},
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/app-deployment-manager/deployment/charts/app-deployment-manager/files/openpolicyagent/list.rego:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | package deploymentv1
5 |
6 | import future.keywords.in
7 |
8 | ListDeploymentsRequest if {
9 | hasReadAccess
10 | }
11 |
--------------------------------------------------------------------------------
/app-deployment-manager/deployment/charts/app-deployment-manager/files/openpolicyagent/list_cluster.rego:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | package deploymentv1
5 |
6 | import future.keywords.in
7 |
8 | ListClustersRequest if {
9 | hasReadAccess
10 | }
11 |
--------------------------------------------------------------------------------
/app-deployment-manager/deployment/charts/app-deployment-manager/files/openpolicyagent/list_cluster_test.rego:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | package deploymentv1
5 |
6 | # list clusters with ao-m2m-rw
7 | test_list_clusters_write_role if {
8 | not ListClustersRequest with input as {
9 | "request": {"labels": "customer=test"},
10 | "metadata": {"realm_access/roles": [
11 | "default-roles-master",
12 | "offline_access",
13 | "uma_authorization",
14 | ]},
15 | }
16 | }
17 |
18 | # list clusters with ao-m2m-rw
19 | test_list_clusters_read_role if {
20 | ListClustersRequest with input as {
21 | "request": {"labels": "customer=test"},
22 | "metadata": {"realm_access/roles": [
23 | "default-roles-master",
24 | "offline_access",
25 | "ao-m2m-rw",
26 | "uma_authorization",
27 | ]},
28 | }
29 | }
30 |
--------------------------------------------------------------------------------
/app-deployment-manager/deployment/charts/app-deployment-manager/files/openpolicyagent/list_deployment_clusters.rego:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | package deploymentv1
5 |
6 | import future.keywords.in
7 |
8 | ListDeploymentClustersRequest if {
9 | hasReadAccess
10 | }
11 |
12 | ListDeploymentsPerClusterRequest if {
13 | hasReadAccess
14 | }
--------------------------------------------------------------------------------
/app-deployment-manager/deployment/charts/app-deployment-manager/files/openpolicyagent/list_deployment_clusters_test.rego:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | package deploymentv1
5 |
6 | import future.keywords.in
7 |
8 | # ao-m2m-rw
9 | test_list_deployment_clusters_read_write_role if {
10 | not ListDeploymentClustersRequest with input as {
11 | "request": {"deplId": "deployment-1"},
12 | "metadata": {"realm_access/roles": [
13 | "default-roles-master",
14 | "offline_access",
15 | "uma_authorization",
16 | ]},
17 | }
18 | }
19 |
20 | # ao-m2m-rw
21 | test_list_deployment_clusters_read_role if {
22 | ListDeploymentClustersRequest with input as {
23 | "request": {"deplId": "deployment-2"},
24 | "metadata": {"realm_access/roles": [
25 | "default-roles-master",
26 | "offline_access",
27 | "ao-m2m-rw",
28 | "uma_authorization",
29 | ]},
30 | }
31 | }
32 |
--------------------------------------------------------------------------------
/app-deployment-manager/deployment/charts/app-deployment-manager/files/openpolicyagent/list_test.rego:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | package deploymentv1
5 |
6 | # list deployments with ao-m2m-rw
7 | test_list_deployments_read_role if {
8 | ListDeploymentsRequest with input as {
9 | "request": {"labels": "customer=test"},
10 | "metadata": {"realm_access/roles": [
11 | "default-roles-master",
12 | "offline_access",
13 | "ao-m2m-rw",
14 | "uma_authorization",
15 | ]},
16 | }
17 | }
18 |
--------------------------------------------------------------------------------
/app-deployment-manager/deployment/charts/app-deployment-manager/files/openpolicyagent/update.rego:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | package deploymentv1
5 |
6 | import future.keywords.in
7 |
8 | UpdateDeploymentRequest if {
9 | hasWriteAccess
10 | }
11 |
--------------------------------------------------------------------------------
/app-deployment-manager/deployment/charts/app-deployment-manager/templates/NOTES.txt:
--------------------------------------------------------------------------------
1 | App Deployment Manager
2 | ---
3 |
4 | The App Deployment Manager service provides a friendly,
5 | high-level interface to the Rancher Fleet GitOps-based deployment tool.
6 |
7 | See https://fleet.rancher.io/ for details on Rancher Fleet.
8 |
9 | ---
10 | revision: {{ .Chart.Annotations.revision }}
11 | created: {{ .Chart.Annotations.created }}
12 | SPDX-License-Identifier: Apache-2.0
13 |
14 | Copyright (C) 2023 Intel Corporation
15 |
--------------------------------------------------------------------------------
/app-deployment-manager/deployment/charts/app-deployment-manager/templates/cert-webhook.yaml:
--------------------------------------------------------------------------------
1 | # yamllint disable-file
2 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
3 | #
4 | # SPDX-License-Identifier: Apache-2.0
5 | ---
6 | apiVersion: cert-manager.io/v1
7 | kind: Issuer
8 | metadata:
9 | name: selfsigned-issuer
10 | namespace: {{ .Release.Namespace }}
11 | spec:
12 | selfSigned: {}
13 | ---
14 | apiVersion: cert-manager.io/v1
15 | kind: Certificate
16 | metadata:
17 | name: webhook-server-cert
18 | namespace: {{ .Release.Namespace }}
19 | spec:
20 | dnsNames:
21 | - "webhook-service.{{ .Release.Namespace }}.svc"
22 | - "webhook-service.{{ .Release.Namespace }}.svc.cluster.local"
23 | issuerRef:
24 | kind: Issuer
25 | name: selfsigned-issuer
26 | secretName: webhook-server-cert
--------------------------------------------------------------------------------
/app-deployment-manager/deployment/charts/app-deployment-manager/templates/service-webhook.yaml:
--------------------------------------------------------------------------------
1 | # yamllint disable-file
2 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
3 | #
4 | # SPDX-License-Identifier: Apache-2.0
5 | ---
6 | apiVersion: v1
7 | kind: Service
8 | metadata:
9 | labels:
10 | app.kubernetes.io/component: webhook
11 | app.kubernetes.io/instance: webhook-service
12 | name: webhook-service
13 | spec:
14 | ports:
15 | - name: tcp-webhook
16 | port: 443
17 | protocol: TCP
18 | targetPort: 9443
19 | selector:
20 | app: {{ template "app-deployment-manager.name" . }}
--------------------------------------------------------------------------------
/app-deployment-manager/deployment/charts/app-deployment-manager/templates/serviceaccount.yaml:
--------------------------------------------------------------------------------
1 | # yamllint disable-file
2 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
3 | #
4 | # SPDX-License-Identifier: Apache-2.0
5 | ---
6 | {{- if .Values.adm.serviceAccount.create }}
7 | apiVersion: v1
8 | kind: ServiceAccount
9 | metadata:
10 | name: {{ template "app-deployment-manager.serviceAccountName" . }}
11 | labels:
12 | {{- include "app-deployment-manager.labels" . | nindent 4 }}
13 | {{- end }}
14 |
--------------------------------------------------------------------------------
/app-deployment-manager/grafana/custom-metrics/config.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | #
3 | # SPDX-License-Identifier: Apache-2.0
4 | ---
5 | customMetrics:
6 | # - metric: # Raw custom metric (required)
7 | # type: # Metric type: counter/gauge/histogram (required)
8 | # expr: # Prom_ql for the metric (optional)
9 | # unit: # Unit of measurement, examples: s,none,bytes,percent,etc. (optional)
10 | #
11 | #
12 | # Example:
13 | # ---
14 | # customMetrics:
15 | # - metric: foo_bar
16 | # unit: none
17 | # type: histogram
18 | # expr: histogram_quantile(0.90, sum by(instance, le) (rate(foo_bar{job=\"$job\", namespace=\"$namespace\"}[5m])))
19 |
--------------------------------------------------------------------------------
/app-deployment-manager/hadolint.yml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2025 Intel Corporation
2 | #
3 | # SPDX-License-Identifier: Apache-2.0
4 |
5 | ---
6 | --ignore SC2086
7 |
--------------------------------------------------------------------------------
/app-deployment-manager/internal/catalogclient/catalogclient_suite_test.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | // SPDX-License-Identifier: Apache-2.0
3 | package catalogclient_test
4 |
5 | import (
6 | "testing"
7 |
8 | . "github.com/onsi/ginkgo/v2"
9 | . "github.com/onsi/gomega"
10 | gomock "go.uber.org/mock/gomock"
11 | )
12 |
13 | var mockCtrl *gomock.Controller
14 |
15 | func TestCatalogclient(t *testing.T) {
16 | RegisterFailHandler(Fail)
17 |
18 | mockCtrl = gomock.NewController(t)
19 | defer mockCtrl.Finish()
20 |
21 | RunSpecs(t, "Catalogclient Suite")
22 | }
23 |
--------------------------------------------------------------------------------
/app-deployment-manager/internal/catalogclient/export_test.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 |
5 | package catalogclient
6 |
7 | var GetProfileMap = getProfileMap
8 | var GetAppValues = getAppValues
9 |
--------------------------------------------------------------------------------
/app-deployment-manager/internal/istio/config.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 |
5 | package istio
6 |
7 | const (
8 | IstioInjectionLabelKey = "istio-injection"
9 | IstioInjectionLabelValueEnabled = "enabled"
10 | )
11 |
--------------------------------------------------------------------------------
/app-deployment-manager/internal/manager/manager_suite_test.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 |
5 | package manager
6 |
7 | import (
8 | "testing"
9 |
10 | . "github.com/onsi/ginkgo/v2"
11 | . "github.com/onsi/gomega"
12 | )
13 |
14 | func TestManager(t *testing.T) {
15 | RegisterFailHandler(Fail)
16 |
17 | RunSpecs(t, "Manager Suite")
18 | }
19 |
--------------------------------------------------------------------------------
/app-deployment-manager/internal/metrics/metrics.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 |
5 | package metrics
6 |
7 | import (
8 | "github.com/prometheus/client_golang/prometheus"
9 | )
10 |
11 | var (
12 | // Custom collector
13 | Reg = prometheus.NewRegistry()
14 |
15 | // DeploymentStatus is a prometheus metric which holds the deployment id,
16 | // deployment name and deployment status of a ADM per-deployment.
17 | DeploymentStatus = prometheus.NewGaugeVec(prometheus.GaugeOpts{
18 | Name: "adm_deployment_status",
19 | Help: "Per-deployment status",
20 | }, []string{"projectId", "deployment_id", "deployment_name", "status"})
21 |
22 | // DeploymentClusterStatus is a prometheus metric which holds the deployment id,
23 | // deployment name, cluster id and cluster status of a ADM per-deployment per-cluster.
24 | DeploymentClusterStatus = prometheus.NewGaugeVec(prometheus.GaugeOpts{
25 | Name: "adm_deployment_cluster_status",
26 | Help: "Per-deployment per-cluster status",
27 | }, []string{"projectId", "deployment_id", "deployment_name", "cluster_id", "cluster_name", "status"})
28 | )
29 |
30 | func init() {
31 | // Register custom metrics with prometheus registry
32 | Reg.MustRegister(DeploymentStatus, DeploymentClusterStatus)
33 | }
34 |
--------------------------------------------------------------------------------
/app-deployment-manager/internal/patch/options.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 |
5 | package patch
6 |
7 | // Option is some configuration that modifies options for a patch request.
8 | type Option interface {
9 | ApplyToHelper(*HelperOptions)
10 | }
11 |
12 | type HelperOptions struct {
13 | // IncludeStatusObservedGeneration sets the status.observedGeneration field
14 | // on the incoming object to match metadata.generation, only if there is a change.
15 | IncludeStatusObservedGeneration bool
16 | }
17 |
18 | type WithStatusObservedGeneration struct{}
19 |
20 | // ApplyToHelper applies this configuration to the given HelperOptions.
21 | func (w WithStatusObservedGeneration) ApplyToHelper(in *HelperOptions) {
22 | in.IncludeStatusObservedGeneration = true
23 | }
24 |
--------------------------------------------------------------------------------
/app-deployment-manager/internal/randomtoken/token.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 |
5 | package randomtoken
6 |
7 | import (
8 | "crypto/rand"
9 | "math/big"
10 | )
11 |
12 | const (
13 | characters = "bcdfghjklmnpqrstvwxz2456789"
14 | tokenLength = 54
15 | )
16 |
17 | var charsLength = big.NewInt(int64(len(characters)))
18 |
19 | func Generate() (string, error) {
20 | token := make([]byte, tokenLength)
21 | for i := range token {
22 | r, err := rand.Int(rand.Reader, charsLength)
23 | if err != nil {
24 | return "", err
25 | }
26 | token[i] = characters[r.Int64()]
27 | }
28 | return string(token), nil
29 | }
30 |
--------------------------------------------------------------------------------
/app-deployment-manager/internal/randomtoken/token_test.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 |
5 | package randomtoken
6 |
7 | import (
8 | "crypto/rand"
9 | "errors"
10 | "github.com/golang/mock/gomock"
11 | "github.com/stretchr/testify/assert"
12 | "github.com/undefinedlabs/go-mpatch"
13 | "io"
14 | "math/big"
15 | "testing"
16 | )
17 |
18 | func unpatchAll(list []*mpatch.Patch) error {
19 | for _, p := range list {
20 | err := p.Unpatch()
21 | if err != nil {
22 | return err
23 | }
24 | }
25 | return nil
26 | }
27 |
28 | func TestGenerate(t *testing.T) {
29 | tk, err := Generate()
30 | assert.NoError(t, err)
31 | assert.NotEqual(t, "", tk)
32 | }
33 |
34 | func TestGenerate_ErrorRand(t *testing.T) {
35 | ctrl := gomock.NewController(t)
36 | defer ctrl.Finish()
37 |
38 | patch := func(ctrl *gomock.Controller) []*mpatch.Patch {
39 | f1, err := mpatch.PatchMethod(rand.Int, func(rand io.Reader, max *big.Int) (n *big.Int, err error) {
40 | return nil, errors.New("tmp")
41 | })
42 | if err != nil {
43 | t.Errorf("patch error: %v", err)
44 | }
45 |
46 | return []*mpatch.Patch{f1}
47 | }
48 | pList := patch(ctrl)
49 | tk, err := Generate()
50 | assert.Error(t, err)
51 | assert.Equal(t, "", tk)
52 | err = unpatchAll(pList)
53 | if err != nil {
54 | t.Error(err)
55 | }
56 | }
57 |
--------------------------------------------------------------------------------
/app-deployment-manager/pkg/appdeploymentclient/v1beta1/v1alpha3_suite_test.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 |
5 | package v1beta1
6 |
7 | import (
8 | "testing"
9 |
10 | . "github.com/onsi/ginkgo/v2"
11 | . "github.com/onsi/gomega"
12 | )
13 |
14 | func TestAppDeploymentClient(t *testing.T) {
15 | RegisterFailHandler(Fail)
16 | RunSpecs(t, "v1beta1 Suite")
17 | }
18 |
--------------------------------------------------------------------------------
/app-deployment-manager/pkg/fleet/mocks/mocks.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 |
5 | package fleetclient
6 |
7 | import (
8 | "bytes"
9 | "encoding/json"
10 | "fmt"
11 | "io"
12 | "net/http"
13 |
14 | runtime "k8s.io/apimachinery/pkg/runtime"
15 | )
16 |
17 | func NewRequestHandler(retObj runtime.Object, statusCode int) func(req *http.Request) (*http.Response, error) {
18 | return func(_ *http.Request) (*http.Response, error) {
19 | retData, err := json.Marshal(retObj)
20 | if err != nil {
21 | return nil, fmt.Errorf("failed to marshall desired return Object: %w", err)
22 | }
23 |
24 | return &http.Response{
25 | StatusCode: statusCode,
26 | Body: io.NopCloser(bytes.NewReader(retData)),
27 | }, nil
28 | }
29 | }
30 |
--------------------------------------------------------------------------------
/app-deployment-manager/pkg/gitclient/gitclient_suite_test.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 | package gitclient
5 |
6 | import (
7 | "testing"
8 |
9 | . "github.com/onsi/ginkgo/v2"
10 | . "github.com/onsi/gomega"
11 | )
12 |
13 | func TestGitclient(t *testing.T) {
14 | RegisterFailHandler(Fail)
15 | RunSpecs(t, "Gitclient Suite")
16 | }
17 |
--------------------------------------------------------------------------------
/app-deployment-manager/pkg/k8sclient/client.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 |
5 | package k8sclient
6 |
7 | import (
8 | "github.com/open-edge-platform/app-orch-deployment/app-deployment-manager/pkg/utils"
9 | "github.com/open-edge-platform/app-orch-deployment/app-deployment-manager/pkg/utils/ratelimiter"
10 |
11 | "github.com/open-edge-platform/orch-library/go/dazl"
12 | "k8s.io/client-go/kubernetes"
13 | )
14 |
15 | var log = dazl.GetPackageLogger()
16 |
17 | // NewClient returns an instance of k8s client based on a given kubeConfig
18 | func NewClient(kubeConfig string) (*kubernetes.Clientset, error) {
19 | config, err := utils.CreateRestConfig(kubeConfig)
20 | if err != nil {
21 | log.Warnw("Failed to create REST config from kubeConfig", dazl.Error(err))
22 | return nil, err
23 | }
24 |
25 | qps, burst, err := ratelimiter.GetRateLimiterParams()
26 | if err != nil {
27 | log.Warnw("Failed to get rate limiter parameters", dazl.Error(err))
28 | return nil, err
29 | }
30 |
31 | config.QPS = float32(qps)
32 | config.Burst = int(burst)
33 |
34 | clientSet, err := kubernetes.NewForConfig(config)
35 | if err != nil {
36 | log.Warnw("Failed to create k8s clientset", dazl.Error(err))
37 | return nil, err
38 | }
39 |
40 | return clientSet, nil
41 | }
42 |
--------------------------------------------------------------------------------
/app-deployment-manager/pkg/logchecker/logchecker.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | // SPDX-License-Identifier: Apache-2.0
3 |
4 | // Package logchecker is a library for checking and transforming log messages based on user-defined rules.
5 | package logchecker
6 |
7 | import (
8 | "regexp"
9 | "sync"
10 | )
11 |
12 | type LogChecker struct {
13 | patterns map[*regexp.Regexp]string
14 | mu sync.RWMutex // Mutex for thread-safe writes to the map
15 | }
16 |
17 | func New() *LogChecker {
18 | return &LogChecker{
19 | patterns: make(map[*regexp.Regexp]string),
20 | }
21 | }
22 |
23 | func (lc *LogChecker) AddCheck(pattern, response string) {
24 | re := regexp.MustCompile(pattern) // Compile the pattern
25 | lc.mu.Lock() // Ensure thread safety on writes
26 | lc.patterns[re] = response
27 | lc.mu.Unlock()
28 | }
29 |
30 | func (lc *LogChecker) ProcessLog(log string) string {
31 | lc.mu.RLock() // Read lock for thread-safe reading
32 | defer lc.mu.RUnlock()
33 | for re, response := range lc.patterns {
34 | if re.MatchString(log) {
35 | return response
36 | }
37 | }
38 | return log // Return the original log if no patterns match
39 | }
40 |
--------------------------------------------------------------------------------
/app-deployment-manager/pkg/utils/ratelimiter/utils.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | // SPDX-License-Identifier: Apache-2.0
3 |
4 | package ratelimiter
5 |
6 | import (
7 | "github.com/open-edge-platform/orch-library/go/dazl"
8 | "os"
9 | "strconv"
10 | )
11 |
12 | const (
13 | rateLimiterQPS = "RATE_LIMITER_QPS"
14 | rateLimiterBurst = "RATE_LIMITER_BURST"
15 | )
16 |
17 | var log = dazl.GetPackageLogger()
18 |
19 | func GetRateLimiterParams() (float64, int64, error) {
20 | qps := os.Getenv(rateLimiterQPS)
21 | qpsValue, err := strconv.ParseFloat(qps, 32)
22 | if err != nil {
23 | log.Warn(err)
24 | return 0, 0, err
25 |
26 | }
27 | burst := os.Getenv(rateLimiterBurst)
28 | burstValue, err := strconv.ParseInt(burst, 10, 32)
29 | if err != nil {
30 | log.Warn(err)
31 | return 0, 0, err
32 |
33 | }
34 | return qpsValue, burstValue, nil
35 |
36 | }
37 |
--------------------------------------------------------------------------------
/app-deployment-manager/requirements.txt:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | #
3 | # SPDX-License-Identifier: Apache-2.0
4 |
5 | # license checking
6 | python-debian==0.1.44
7 | reuse~=5.0.0
8 |
9 | # lint yaml
10 | yamllint~=1.35.1
11 |
--------------------------------------------------------------------------------
/app-interconnect/.golangci.yml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | #
3 | # SPDX-License-Identifier: Apache-2.0
4 |
5 | run:
6 | # Autogenerated files take too much time and memory to load,
7 | # even if we skip them with -skip-dirs or -skip-dirs;
8 | # or mark them as generated; or use nolint annotations.
9 | # So we define this tag and use it in the autogenerated files.
10 | build-tags:
11 | - codeanalysis
12 | # Do not run linters on unit-test files
13 | tests: false
14 |
15 | linters:
16 | enable:
17 | - gofmt
18 | - revive
19 | - misspell
20 | - typecheck
21 | - errcheck
22 | - dogsled
23 | - unconvert
24 | - nakedret
25 | - copyloopvar
26 | - gosec
27 |
28 | issues:
29 | exclude:
30 | - Error return value of `.*Close` is not checked
31 | - Error return value of `.*Flush` is not checked
32 | exclude-dirs:
33 | - internal/skupper
34 |
--------------------------------------------------------------------------------
/app-interconnect/REUSE.toml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2025 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 | version = 1
4 |
5 | [[annotations]]
6 | path = [
7 | "VERSION", "go.sum", "build/_output/**", "internal/skupper/**", "artifacts/**",
8 | "config/**", "deploy/charts/app-interconnect-manager/crds/**"
9 | ]
10 | precedence = "aggregate"
11 | SPDX-FileCopyrightText = "2025 Intel Corporation"
12 | SPDX-License-Identifier = "Apache-2.0"
13 |
--------------------------------------------------------------------------------
/app-interconnect/VERSION:
--------------------------------------------------------------------------------
1 | 0.2.2-dev
2 |
--------------------------------------------------------------------------------
/app-interconnect/build/Dockerfile:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: 2024-present Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | FROM golang:1.24.2@sha256:d9db32125db0c3a680cfb7a1afcaefb89c898a075ec148fdc2f0f646cc2ed509 AS build
5 |
6 | RUN mkdir /build
7 | WORKDIR /build
8 |
9 | COPY go.mod go.sum ./
10 | COPY ./cmd ./cmd
11 | COPY ./pkg ./pkg
12 | COPY ./internal ./internal
13 | COPY ./vendor ./vendor
14 |
15 |
16 | ARG org_label_schema_version=unknown
17 | ARG org_label_schema_vcs_ref=unknown
18 | ARG org_opencord_vcs_dirty=unknown
19 | ARG TARGETPLATFORM
20 |
21 | RUN if [ "${TARGETPLATFORM}" = "linux/amd64" ] ; then \
22 | CGO_ENABLED=0 go build -mod=vendor \
23 | -o interconnect-manager \
24 | -gcflags="all=-spectre=all -N -l" -asmflags="all=-spectre=all" --trimpath \
25 | -ldflags "all=-s -w" \
26 | ./cmd/interconnect-manager; \
27 | else \
28 | CGO_ENABLED=0 go build -mod=vendor -trimpath -o interconnect-manager ./cmd/interconnect-manager; \
29 | fi
30 |
31 | FROM gcr.io/distroless/static:nonroot@sha256:c0f429e16b13e583da7e5a6ec20dd656d325d88e6819cafe0adb0828976529dc
32 | USER nonroot
33 |
34 | COPY --from=build --chown=65532:65532 /build/interconnect-manager /usr/local/bin/interconnect-manager
35 |
36 | ENTRYPOINT ["/usr/local/bin/interconnect-manager"]
37 |
--------------------------------------------------------------------------------
/app-interconnect/deploy/charts/app-interconnect-manager/.helmignore:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | #
3 | # SPDX-License-Identifier: Apache-2.0
4 | # Patterns to ignore when building packages.
5 | # This supports shell glob matching, relative path matching, and
6 | # negation (prefixed with !). Only one pattern per line.
7 | .DS_Store
8 | # Common VCS dirs
9 | .git/
10 | .gitignore
11 | .bzr/
12 | .bzrignore
13 | .hg/
14 | .hgignore
15 | .svn/
16 | # Common backup files
17 | *.swp
18 | *.bak
19 | *.tmp
20 | *.orig
21 | *~
22 | # Various IDEs
23 | .project
24 | .idea/
25 | *.tmproj
26 | .vscode/
27 |
--------------------------------------------------------------------------------
/app-interconnect/deploy/charts/app-interconnect-manager/Chart.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | #
3 | # SPDX-License-Identifier: Apache-2.0
4 | ---
5 | apiVersion: v2
6 | name: app-interconnect-manager
7 | description: A Helm chart for Kubernetes
8 | type: application
9 | version: 0.2.2-dev
10 | appVersion: "0.2.2-dev-30701f0"
11 | annotations:
12 | revision: "30701f0"
13 | created: "2025-05-06T21:49:46Z"
14 |
--------------------------------------------------------------------------------
/app-interconnect/deploy/charts/app-interconnect-manager/templates/clusterrolebinding.yaml:
--------------------------------------------------------------------------------
1 | # yamllint disable-file
2 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
3 | #
4 | # SPDX-License-Identifier: Apache-2.0
5 | ---
6 |
7 | apiVersion: rbac.authorization.k8s.io/v1
8 | kind: ClusterRoleBinding
9 | metadata:
10 | name: {{ template "interconnect-manager.fullname" . }}
11 | labels:
12 | {{ include "interconnect-manager.labels" . | nindent 4 }}
13 | roleRef:
14 | apiGroup: rbac.authorization.k8s.io
15 | kind: ClusterRole
16 | name: {{ template "interconnect-manager.fullname" . }}
17 | subjects:
18 | - kind: ServiceAccount
19 | name: {{ template "interconnect-manager.serviceAccountName" . }}
20 | namespace: {{ .Release.Namespace }}
21 |
--------------------------------------------------------------------------------
/app-interconnect/deploy/charts/app-interconnect-manager/templates/configmap.yaml:
--------------------------------------------------------------------------------
1 | # yamllint disable-file
2 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
3 | #
4 | # SPDX-License-Identifier: Apache-2.0
5 | ---
6 | apiVersion: v1
7 | kind: ConfigMap
8 | metadata:
9 | name: {{ include "interconnect-manager.fullname" . }}
10 | labels:
11 | {{- include "interconnect-manager.labels" . | nindent 4 }}
12 | data:
13 | logging.yaml: |-
14 | {{ toYaml .Values.logging | indent 4 }}
15 |
--------------------------------------------------------------------------------
/app-interconnect/deploy/charts/app-interconnect-manager/templates/serviceaccount.yaml:
--------------------------------------------------------------------------------
1 | # yamllint disable-file
2 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
3 | #
4 | # SPDX-License-Identifier: Apache-2.0
5 | ---
6 | {{- if .Values.interconnect_manager.serviceAccount.create }}
7 | apiVersion: v1
8 | kind: ServiceAccount
9 | metadata:
10 | name: {{ template "interconnect-manager.serviceAccountName" . }}
11 | labels:
12 | {{- include "interconnect-manager.labels" . | nindent 4 }}
13 | {{- end }}
--------------------------------------------------------------------------------
/app-interconnect/hack/boilerplate.go.txt:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
--------------------------------------------------------------------------------
/app-interconnect/hack/update-codegen.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
4 | # SPDX-License-Identifier: Apache-2.0
5 |
6 | set -o errexit
7 | set -o nounset
8 | set -o pipefail
9 |
10 | SCRIPT_DIR="$(dirname "${BASH_SOURCE[0]}")"
11 | SCRIPT_ROOT="${SCRIPT_DIR}/.."
12 | CODEGEN_PKG="${CODEGEN_PKG:-"${SCRIPT_ROOT}/../../code-generator"}"
13 |
14 | source "${CODEGEN_PKG}/kube_codegen.sh"
15 |
16 | THIS_PKG="github.com/open-edge-platform/app-orch-deployment/app-interconnect"
17 |
18 | kube::codegen::gen_helpers \
19 | --boilerplate "${SCRIPT_ROOT}/hack/boilerplate.go.txt" \
20 | "${SCRIPT_ROOT}"
21 |
22 | if [[ -n "${API_KNOWN_VIOLATIONS_DIR:-}" ]]; then
23 | report_filename="${API_KNOWN_VIOLATIONS_DIR}/codegen_violation_exceptions.list"
24 | if [[ "${UPDATE_API_KNOWN_VIOLATIONS:-}" == "true" ]]; then
25 | update_report="--update-report"
26 | fi
27 | fi
28 |
29 | kube::codegen::gen_client \
30 | --with-watch \
31 | --output-dir "${SCRIPT_ROOT}/pkg" \
32 | --output-pkg "${THIS_PKG}/pkg" \
33 | --boilerplate "${SCRIPT_ROOT}/hack/boilerplate.go.txt" \
34 | "${SCRIPT_ROOT}/pkg/apis"
35 |
--------------------------------------------------------------------------------
/app-interconnect/internal/cluster/interface.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 |
5 | package clusterclient
6 |
7 | import (
8 | "context"
9 | "k8s.io/client-go/rest"
10 | )
11 |
12 | type ProjectID string
13 |
14 | type ClusterID string
15 |
16 | type Client interface {
17 | GetClusterConfig(ctx context.Context, clusterID ClusterID, projectID ProjectID) (*rest.Config, error)
18 | }
19 |
--------------------------------------------------------------------------------
/app-interconnect/internal/cluster/local.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 |
5 | package clusterclient
6 |
7 | import (
8 | "context"
9 | "k8s.io/client-go/rest"
10 | )
11 |
12 | type LocalClientOption func(*LocalClientOptions)
13 |
14 | type LocalClientOptions struct {
15 | }
16 |
17 | func NewLocalClient(opts ...LocalClientOption) (Client, error) {
18 | var options LocalClientOptions
19 | for _, opt := range opts {
20 | opt(&options)
21 | }
22 | return &localClient{}, nil
23 | }
24 |
25 | type localClient struct{}
26 |
27 | func (c *localClient) GetClusterConfig(_ context.Context, _ ClusterID, _ ProjectID) (*rest.Config, error) {
28 | return rest.InClusterConfig()
29 | }
30 |
--------------------------------------------------------------------------------
/app-interconnect/internal/controller/controller.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 |
5 | package controller
6 |
7 | import (
8 | "github.com/open-edge-platform/app-orch-deployment/app-interconnect/internal/cluster"
9 | "k8s.io/apimachinery/pkg/runtime"
10 | "k8s.io/client-go/rest"
11 | "k8s.io/client-go/tools/record"
12 | "sigs.k8s.io/controller-runtime/pkg/cache"
13 | "sigs.k8s.io/controller-runtime/pkg/client"
14 | "sigs.k8s.io/controller-runtime/pkg/manager"
15 | )
16 |
17 | func New(mgr manager.Manager, clusters clusterclient.Client) *Controller {
18 | return &Controller{
19 | Client: mgr.GetClient(),
20 | Cache: mgr.GetCache(),
21 | Scheme: mgr.GetScheme(),
22 | Config: mgr.GetConfig(),
23 | Events: mgr.GetEventRecorderFor("interconnect-manager"),
24 | Clusters: clusters,
25 | }
26 | }
27 |
28 | type ManagedController interface {
29 | Setup(mgr manager.Manager) error
30 | }
31 |
32 | type Controller struct {
33 | client.Client
34 | Cache cache.Cache
35 | Scheme *runtime.Scheme
36 | Config *rest.Config
37 | Events record.EventRecorder
38 | Clusters clusterclient.Client
39 | }
40 |
--------------------------------------------------------------------------------
/app-interconnect/internal/controller/interconnect/controllers.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | // SPDX-License-Identifier: Apache-2.0
3 |
4 | package interconnect
5 |
6 | import (
7 | "github.com/open-edge-platform/app-orch-deployment/app-interconnect/internal/cluster"
8 | "github.com/open-edge-platform/orch-library/go/dazl"
9 | "sigs.k8s.io/controller-runtime/pkg/manager"
10 | )
11 |
12 | var log = dazl.GetPackageLogger()
13 |
14 | // AddControllers adds all network controllers to the given manager
15 | func AddControllers(mgr manager.Manager, clusters clusterclient.Client) error {
16 | if err := AddClusterController(mgr, clusters); err != nil {
17 | log.Error(err)
18 | return err
19 | }
20 | if err := AddClusterStatusController(mgr, clusters); err != nil {
21 | log.Error(err)
22 | return err
23 | }
24 | if err := AddLinkController(mgr, clusters); err != nil {
25 | log.Error(err)
26 | return err
27 | }
28 | if err := AddServiceController(mgr, clusters); err != nil {
29 | log.Error(err)
30 | return err
31 | }
32 | return nil
33 | }
34 |
--------------------------------------------------------------------------------
/app-interconnect/internal/controller/utils/project_types.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 |
5 | package utils
6 |
7 | const (
8 | NetworkProjectIDLabel = "network.app.edge-orchestrator.intel.com/project-id"
9 | InterconnectProjectIDLabel = "interconnect.app.edge-orchestrator.intel.com/project-id"
10 | AppOrchProjectIDLabel = "app.edge-orchestrator.intel.com/project-id"
11 | )
12 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/NOTE.md:
--------------------------------------------------------------------------------
1 |
5 |
6 | # Skupper Client Modifications
7 |
8 | We have modified the Skupper client code, originally hosted at [Skupper client], to enforce a robust
9 | cryptographic algorithm and address Kubernetes dependency issues.
10 | These enhancements ensure improved security and compatibility,
11 | making the client more reliable and efficient for our specific use cases.
12 |
13 | [Skupper client]: https://github.com/skupperproject/skupper/tree/v1/client
14 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/api/types/crds/skupper_cluster_policy_cr_sample_01.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: skupper.io/v1alpha1
2 | kind: SkupperClusterPolicy
3 | metadata:
4 | name: cluster-policy-sample-01
5 | spec:
6 | namespaces:
7 | - "*"
8 | allowIncomingLinks: true
9 | allowedExposedResources:
10 | - "*"
11 | allowedOutgoingLinksHostnames: []
12 | allowedServices:
13 | - "*"
14 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/api/types/crds/skupper_cluster_policy_cr_sample_02.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: skupper.io/v1alpha1
2 | kind: SkupperClusterPolicy
3 | metadata:
4 | name: cluster-policy-sample-02
5 | spec:
6 | namespaces:
7 | - "ns1"
8 | - "ns2"
9 | - "ns3"
10 | allowIncomingLinks: true
11 | allowedOutgoingLinksHostnames: ["*"]
12 | allowedExposedResources: []
13 | allowedServices:
14 | - "my-app-a"
15 | - "my-app-b"
16 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/api/types/crds/skupper_cluster_policy_cr_sample_03.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: skupper.io/v1alpha1
2 | kind: SkupperClusterPolicy
3 | metadata:
4 | name: cluster-policy-sample-03
5 | spec:
6 | namespaces:
7 | - "ns4"
8 | - "ns5"
9 | - "ns6"
10 | allowIncomingLinks: true
11 | allowedOutgoingLinksHostnames: ["*"]
12 | allowedExposedResources: ["*"]
13 | allowedServices: ["*"]
14 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/client_mock_test.go:
--------------------------------------------------------------------------------
1 | package client
2 |
3 | import (
4 | "k8s.io/client-go/kubernetes/fake"
5 | )
6 |
7 | func newMockClient(namespace string, context string, kubeConfigPath string) (*VanClient, error) {
8 | return &VanClient{
9 | Namespace: namespace,
10 | KubeClient: fake.NewSimpleClientset(),
11 | }, nil
12 | }
13 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/client_test.go:
--------------------------------------------------------------------------------
1 | package client
2 |
3 | import (
4 | "flag"
5 | "os"
6 | "sort"
7 | "testing"
8 |
9 | "github.com/google/go-cmp/cmp"
10 | "gotest.tools/assert"
11 | )
12 |
13 | var trans = cmp.Transformer("Sort", func(in []string) []string {
14 | out := append([]string(nil), in...)
15 | sort.Strings(out)
16 | return out
17 | })
18 |
19 | func TestNewClient(t *testing.T) {
20 | testcases := []struct {
21 | doc string
22 | namespace string
23 | context string
24 | kubeConfigPath string
25 | expectedError string
26 | expectedVersion string
27 | }{
28 | {
29 | namespace: "skupper",
30 | context: "",
31 | kubeConfigPath: "",
32 | expectedError: "",
33 | doc: "test one",
34 | },
35 | }
36 |
37 | for _, c := range testcases {
38 | _, err := newMockClient(c.namespace, c.context, c.kubeConfigPath)
39 | assert.Check(t, err, c.doc)
40 | }
41 | }
42 |
43 | var clusterRun = flag.Bool("use-cluster", false, "run tests against a configured cluster")
44 |
45 | func TestMain(m *testing.M) {
46 | flag.Parse()
47 | os.Exit(m.Run())
48 | }
49 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/connector_inspect.go:
--------------------------------------------------------------------------------
1 | package client
2 |
3 | import (
4 | "context"
5 |
6 | "github.com/open-edge-platform/app-orch-deployment/app-interconnect/internal/skupper/pkg/qdr"
7 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
8 |
9 | "github.com/open-edge-platform/app-orch-deployment/app-interconnect/internal/skupper/api/types"
10 | kubeqdr "github.com/open-edge-platform/app-orch-deployment/app-interconnect/internal/skupper/pkg/kube/qdr"
11 | )
12 |
13 | // ConnectorInspect VAN connector instance
14 | func (cli *VanClient) ConnectorInspect(ctx context.Context, name string) (*types.LinkStatus, error) {
15 | current, err := cli.getRouterConfig(ctx, "")
16 | if err != nil {
17 | return nil, err
18 | }
19 | secret, err := cli.KubeClient.CoreV1().Secrets(cli.Namespace).Get(ctx, name, metav1.GetOptions{})
20 | if err != nil {
21 | return nil, err
22 | }
23 | connections, _ := kubeqdr.GetConnections(cli.Namespace, cli.KubeClient, cli.RestConfig)
24 | link := qdr.GetLinkStatus(secret, current.IsEdge(), connections)
25 | return &link, nil
26 | }
27 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/container/informer.go:
--------------------------------------------------------------------------------
1 | package container
2 |
3 | type Informer[T any] interface {
4 | OnAdd(obj T)
5 | OnUpdate(oldObj, newObj T)
6 | OnDelete(obj T)
7 | }
8 |
9 | type InformerBase[T any] struct {
10 | Add func(obj T)
11 | Update func(oldObj, newObj T)
12 | Delete func(obj T)
13 | }
14 |
15 | func (e *InformerBase[T]) OnAdd(obj T) {
16 | e.Add(obj)
17 | }
18 |
19 | func (e *InformerBase[T]) OnUpdate(oldObj, newObj T) {
20 | e.Update(oldObj, newObj)
21 | }
22 |
23 | func (e *InformerBase[T]) OnDelete(obj T) {
24 | e.Delete(obj)
25 | }
26 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/generated/libpod/models/cgroup_spec.go:
--------------------------------------------------------------------------------
1 | // Code generated by go-swagger; DO NOT EDIT.
2 |
3 | package models
4 |
5 | // This file was generated by the swagger tool.
6 | // Editing this file might prove futile when you re-run the swagger generate command
7 |
8 | import (
9 | "context"
10 |
11 | "github.com/go-openapi/strfmt"
12 | )
13 |
14 | // CgroupSpec CgroupSpec represents the cgroup to use for the container.
15 | //
16 | // swagger:model CgroupSpec
17 | type CgroupSpec string
18 |
19 | // Validate validates this cgroup spec
20 | func (m CgroupSpec) Validate(formats strfmt.Registry) error {
21 | return nil
22 | }
23 |
24 | // ContextValidate validates this cgroup spec based on context it is used
25 | func (m CgroupSpec) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
26 | return nil
27 | }
28 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/generated/libpod/models/cgroupns_mode.go:
--------------------------------------------------------------------------------
1 | // Code generated by go-swagger; DO NOT EDIT.
2 |
3 | package models
4 |
5 | // This file was generated by the swagger tool.
6 | // Editing this file might prove futile when you re-run the swagger generate command
7 |
8 | import (
9 | "context"
10 |
11 | "github.com/go-openapi/strfmt"
12 | )
13 |
14 | // CgroupnsMode CgroupnsMode represents the cgroup namespace mode of the container
15 | //
16 | // swagger:model CgroupnsMode
17 | type CgroupnsMode string
18 |
19 | // Validate validates this cgroupns mode
20 | func (m CgroupnsMode) Validate(formats strfmt.Registry) error {
21 | return nil
22 | }
23 |
24 | // ContextValidate validates this cgroupns mode based on context it is used
25 | func (m CgroupnsMode) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
26 | return nil
27 | }
28 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/generated/libpod/models/consistency.go:
--------------------------------------------------------------------------------
1 | // Code generated by go-swagger; DO NOT EDIT.
2 |
3 | package models
4 |
5 | // This file was generated by the swagger tool.
6 | // Editing this file might prove futile when you re-run the swagger generate command
7 |
8 | import (
9 | "context"
10 |
11 | "github.com/go-openapi/strfmt"
12 | )
13 |
14 | // Consistency Consistency represents the consistency requirements of a mount.
15 | //
16 | // swagger:model Consistency
17 | type Consistency string
18 |
19 | // Validate validates this consistency
20 | func (m Consistency) Validate(formats strfmt.Registry) error {
21 | return nil
22 | }
23 |
24 | // ContextValidate validates this consistency based on context it is used
25 | func (m Consistency) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
26 | return nil
27 | }
28 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/generated/libpod/models/digest.go:
--------------------------------------------------------------------------------
1 | // Code generated by go-swagger; DO NOT EDIT.
2 |
3 | package models
4 |
5 | // This file was generated by the swagger tool.
6 | // Editing this file might prove futile when you re-run the swagger generate command
7 |
8 | import (
9 | "context"
10 |
11 | "github.com/go-openapi/strfmt"
12 | )
13 |
14 | // Digest Digest allows simple protection of hex formatted digest strings, prefixed
15 | // by their algorithm. Strings of type Digest have some guarantee of being in
16 | // the correct format and it provides quick access to the components of a
17 | // digest string.
18 | //
19 | // The following is an example of the contents of Digest types:
20 | //
21 | // sha256:7173b809ca12ec5dee4506cd86be934c4596dd234ee82c0662eac04a8c2c71dc
22 | //
23 | // This allows to abstract the digest behind this type and work only in those
24 | // terms.
25 | //
26 | // swagger:model Digest
27 | type Digest string
28 |
29 | // Validate validates this digest
30 | func (m Digest) Validate(formats strfmt.Registry) error {
31 | return nil
32 | }
33 |
34 | // ContextValidate validates this digest based on context it is used
35 | func (m Digest) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
36 | return nil
37 | }
38 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/generated/libpod/models/duration.go:
--------------------------------------------------------------------------------
1 | // Code generated by go-swagger; DO NOT EDIT.
2 |
3 | package models
4 |
5 | // This file was generated by the swagger tool.
6 | // Editing this file might prove futile when you re-run the swagger generate command
7 |
8 | import (
9 | "context"
10 |
11 | "github.com/go-openapi/strfmt"
12 | )
13 |
14 | // Duration A Duration represents the elapsed time between two instants
15 | // as an int64 nanosecond count. The representation limits the
16 | // largest representable duration to approximately 290 years.
17 | //
18 | // swagger:model Duration
19 | type Duration int64
20 |
21 | // Validate validates this duration
22 | func (m Duration) Validate(formats strfmt.Registry) error {
23 | return nil
24 | }
25 |
26 | // ContextValidate validates this duration based on context it is used
27 | func (m Duration) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
28 | return nil
29 | }
30 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/generated/libpod/models/file_mode.go:
--------------------------------------------------------------------------------
1 | // Code generated by go-swagger; DO NOT EDIT.
2 |
3 | package models
4 |
5 | // This file was generated by the swagger tool.
6 | // Editing this file might prove futile when you re-run the swagger generate command
7 |
8 | import (
9 | "context"
10 |
11 | "github.com/go-openapi/strfmt"
12 | )
13 |
14 | // FileMode A FileMode represents a file's mode and permission bits.
15 | //
16 | // The bits have the same definition on all systems, so that
17 | // information about files can be moved from one system
18 | // to another portably. Not all bits apply to all systems.
19 | // The only required bit is ModeDir for directories.
20 | //
21 | // swagger:model FileMode
22 | type FileMode uint32
23 |
24 | // Validate validates this file mode
25 | func (m FileMode) Validate(formats strfmt.Registry) error {
26 | return nil
27 | }
28 |
29 | // ContextValidate validates this file mode based on context it is used
30 | func (m FileMode) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
31 | return nil
32 | }
33 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/generated/libpod/models/hardware_addr.go:
--------------------------------------------------------------------------------
1 | // Code generated by go-swagger; DO NOT EDIT.
2 |
3 | package models
4 |
5 | // This file was generated by the swagger tool.
6 | // Editing this file might prove futile when you re-run the swagger generate command
7 |
8 | import (
9 | "context"
10 |
11 | "github.com/go-openapi/strfmt"
12 | )
13 |
14 | // HardwareAddr A HardwareAddr represents a physical hardware address.
15 | //
16 | // swagger:model HardwareAddr
17 | type HardwareAddr []uint8
18 |
19 | // Validate validates this hardware addr
20 | func (m HardwareAddr) Validate(formats strfmt.Registry) error {
21 | return nil
22 | }
23 |
24 | // ContextValidate validates this hardware addr based on context it is used
25 | func (m HardwareAddr) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
26 | return nil
27 | }
28 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/generated/libpod/models/id_response.go:
--------------------------------------------------------------------------------
1 | // Code generated by go-swagger; DO NOT EDIT.
2 |
3 | package models
4 |
5 | // This file was generated by the swagger tool.
6 | // Editing this file might prove futile when you re-run the swagger generate command
7 |
8 | import (
9 | "context"
10 |
11 | "github.com/go-openapi/strfmt"
12 | "github.com/go-openapi/swag"
13 | )
14 |
15 | // IDResponse ID response
16 | //
17 | // swagger:model IDResponse
18 | type IDResponse struct {
19 |
20 | // ID
21 | ID string `json:"Id,omitempty"`
22 | }
23 |
24 | // Validate validates this ID response
25 | func (m *IDResponse) Validate(formats strfmt.Registry) error {
26 | return nil
27 | }
28 |
29 | // ContextValidate validates this ID response based on context it is used
30 | func (m *IDResponse) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
31 | return nil
32 | }
33 |
34 | // MarshalBinary interface implementation
35 | func (m *IDResponse) MarshalBinary() ([]byte, error) {
36 | if m == nil {
37 | return nil, nil
38 | }
39 | return swag.WriteJSON(m)
40 | }
41 |
42 | // UnmarshalBinary interface implementation
43 | func (m *IDResponse) UnmarshalBinary(b []byte) error {
44 | var res IDResponse
45 | if err := swag.ReadJSON(b, &res); err != nil {
46 | return err
47 | }
48 | *m = res
49 | return nil
50 | }
51 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/generated/libpod/models/ip.go:
--------------------------------------------------------------------------------
1 | // Code generated by go-swagger; DO NOT EDIT.
2 |
3 | package models
4 |
5 | // This file was generated by the swagger tool.
6 | // Editing this file might prove futile when you re-run the swagger generate command
7 |
8 | import (
9 | "context"
10 |
11 | "github.com/go-openapi/strfmt"
12 | )
13 |
14 | // IP An IP is a single IP address, a slice of bytes.
15 | // Functions in this package accept either 4-byte (IPv4)
16 | // or 16-byte (IPv6) slices as input.
17 | //
18 | // Note that in this documentation, referring to an
19 | // IP address as an IPv4 address or an IPv6 address
20 | // is a semantic property of the address, not just the
21 | // length of the byte slice: a 16-byte slice can still
22 | // be an IPv4 address.
23 | //
24 | // swagger:model IP
25 | type IP []uint8
26 |
27 | // Validate validates this IP
28 | func (m IP) Validate(formats strfmt.Registry) error {
29 | return nil
30 | }
31 |
32 | // ContextValidate validates this IP based on context it is used
33 | func (m IP) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
34 | return nil
35 | }
36 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/generated/libpod/models/ip_mask.go:
--------------------------------------------------------------------------------
1 | // Code generated by go-swagger; DO NOT EDIT.
2 |
3 | package models
4 |
5 | // This file was generated by the swagger tool.
6 | // Editing this file might prove futile when you re-run the swagger generate command
7 |
8 | import (
9 | "context"
10 |
11 | "github.com/go-openapi/strfmt"
12 | )
13 |
14 | // IPMask An IPMask is a bitmask that can be used to manipulate
15 | // IP addresses for IP addressing and routing.
16 | //
17 | // See type IPNet and func ParseCIDR for details.
18 | //
19 | // swagger:model IPMask
20 | type IPMask []uint8
21 |
22 | // Validate validates this IP mask
23 | func (m IPMask) Validate(formats strfmt.Registry) error {
24 | return nil
25 | }
26 |
27 | // ContextValidate validates this IP mask based on context it is used
28 | func (m IPMask) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
29 | return nil
30 | }
31 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/generated/libpod/models/ipc_mode.go:
--------------------------------------------------------------------------------
1 | // Code generated by go-swagger; DO NOT EDIT.
2 |
3 | package models
4 |
5 | // This file was generated by the swagger tool.
6 | // Editing this file might prove futile when you re-run the swagger generate command
7 |
8 | import (
9 | "context"
10 |
11 | "github.com/go-openapi/strfmt"
12 | )
13 |
14 | // IpcMode IpcMode represents the container ipc stack.
15 | //
16 | // swagger:model IpcMode
17 | type IpcMode string
18 |
19 | // Validate validates this ipc mode
20 | func (m IpcMode) Validate(formats strfmt.Registry) error {
21 | return nil
22 | }
23 |
24 | // ContextValidate validates this ipc mode based on context it is used
25 | func (m IpcMode) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
26 | return nil
27 | }
28 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/generated/libpod/models/isolation.go:
--------------------------------------------------------------------------------
1 | // Code generated by go-swagger; DO NOT EDIT.
2 |
3 | package models
4 |
5 | // This file was generated by the swagger tool.
6 | // Editing this file might prove futile when you re-run the swagger generate command
7 |
8 | import (
9 | "context"
10 |
11 | "github.com/go-openapi/strfmt"
12 | )
13 |
14 | // Isolation Isolation represents the isolation technology of a container. The supported
15 | // values are platform specific
16 | //
17 | // swagger:model Isolation
18 | type Isolation string
19 |
20 | // Validate validates this isolation
21 | func (m Isolation) Validate(formats strfmt.Registry) error {
22 | return nil
23 | }
24 |
25 | // ContextValidate validates this isolation based on context it is used
26 | func (m Isolation) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
27 | return nil
28 | }
29 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/generated/libpod/models/linux_personality_domain.go:
--------------------------------------------------------------------------------
1 | // Code generated by go-swagger; DO NOT EDIT.
2 |
3 | package models
4 |
5 | // This file was generated by the swagger tool.
6 | // Editing this file might prove futile when you re-run the swagger generate command
7 |
8 | import (
9 | "context"
10 |
11 | "github.com/go-openapi/strfmt"
12 | )
13 |
14 | // LinuxPersonalityDomain LinuxPersonalityDomain refers to a personality domain.
15 | //
16 | // swagger:model LinuxPersonalityDomain
17 | type LinuxPersonalityDomain string
18 |
19 | // Validate validates this linux personality domain
20 | func (m LinuxPersonalityDomain) Validate(formats strfmt.Registry) error {
21 | return nil
22 | }
23 |
24 | // ContextValidate validates this linux personality domain based on context it is used
25 | func (m LinuxPersonalityDomain) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
26 | return nil
27 | }
28 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/generated/libpod/models/linux_personality_flag.go:
--------------------------------------------------------------------------------
1 | // Code generated by go-swagger; DO NOT EDIT.
2 |
3 | package models
4 |
5 | // This file was generated by the swagger tool.
6 | // Editing this file might prove futile when you re-run the swagger generate command
7 |
8 | import (
9 | "context"
10 |
11 | "github.com/go-openapi/strfmt"
12 | )
13 |
14 | // LinuxPersonalityFlag LinuxPersonalityFlag refers to an additional personality flag. None are currently defined.
15 | //
16 | // swagger:model LinuxPersonalityFlag
17 | type LinuxPersonalityFlag string
18 |
19 | // Validate validates this linux personality flag
20 | func (m LinuxPersonalityFlag) Validate(formats strfmt.Registry) error {
21 | return nil
22 | }
23 |
24 | // ContextValidate validates this linux personality flag based on context it is used
25 | func (m LinuxPersonalityFlag) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
26 | return nil
27 | }
28 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/generated/libpod/models/mac_address.go:
--------------------------------------------------------------------------------
1 | // Code generated by go-swagger; DO NOT EDIT.
2 |
3 | package models
4 |
5 | // This file was generated by the swagger tool.
6 | // Editing this file might prove futile when you re-run the swagger generate command
7 |
8 | // MacAddress mac address
9 | //
10 | // swagger:model MacAddress
11 | type MacAddress = HardwareAddr
12 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/generated/libpod/models/manifest_remove_options.go:
--------------------------------------------------------------------------------
1 | // Code generated by go-swagger; DO NOT EDIT.
2 |
3 | package models
4 |
5 | // This file was generated by the swagger tool.
6 | // Editing this file might prove futile when you re-run the swagger generate command
7 |
8 | // ManifestRemoveOptions ManifestRemoveOptions provides the model for removing digests from a manifest
9 | //
10 | // swagger:model ManifestRemoveOptions
11 | type ManifestRemoveOptions interface{}
12 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/generated/libpod/models/namespace_mode.go:
--------------------------------------------------------------------------------
1 | // Code generated by go-swagger; DO NOT EDIT.
2 |
3 | package models
4 |
5 | // This file was generated by the swagger tool.
6 | // Editing this file might prove futile when you re-run the swagger generate command
7 |
8 | import (
9 | "context"
10 |
11 | "github.com/go-openapi/strfmt"
12 | )
13 |
14 | // NamespaceMode namespace mode
15 | //
16 | // swagger:model NamespaceMode
17 | type NamespaceMode string
18 |
19 | // Validate validates this namespace mode
20 | func (m NamespaceMode) Validate(formats strfmt.Registry) error {
21 | return nil
22 | }
23 |
24 | // ContextValidate validates this namespace mode based on context it is used
25 | func (m NamespaceMode) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
26 | return nil
27 | }
28 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/generated/libpod/models/network_mode.go:
--------------------------------------------------------------------------------
1 | // Code generated by go-swagger; DO NOT EDIT.
2 |
3 | package models
4 |
5 | // This file was generated by the swagger tool.
6 | // Editing this file might prove futile when you re-run the swagger generate command
7 |
8 | import (
9 | "context"
10 |
11 | "github.com/go-openapi/strfmt"
12 | )
13 |
14 | // NetworkMode NetworkMode represents the container network stack.
15 | //
16 | // swagger:model NetworkMode
17 | type NetworkMode string
18 |
19 | // Validate validates this network mode
20 | func (m NetworkMode) Validate(formats strfmt.Registry) error {
21 | return nil
22 | }
23 |
24 | // ContextValidate validates this network mode based on context it is used
25 | func (m NetworkMode) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
26 | return nil
27 | }
28 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/generated/libpod/models/pid_mode.go:
--------------------------------------------------------------------------------
1 | // Code generated by go-swagger; DO NOT EDIT.
2 |
3 | package models
4 |
5 | // This file was generated by the swagger tool.
6 | // Editing this file might prove futile when you re-run the swagger generate command
7 |
8 | import (
9 | "context"
10 |
11 | "github.com/go-openapi/strfmt"
12 | )
13 |
14 | // PidMode PidMode represents the pid namespace of the container.
15 | //
16 | // swagger:model PidMode
17 | type PidMode string
18 |
19 | // Validate validates this pid mode
20 | func (m PidMode) Validate(formats strfmt.Registry) error {
21 | return nil
22 | }
23 |
24 | // ContextValidate validates this pid mode based on context it is used
25 | func (m PidMode) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
26 | return nil
27 | }
28 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/generated/libpod/models/port_set.go:
--------------------------------------------------------------------------------
1 | // Code generated by go-swagger; DO NOT EDIT.
2 |
3 | package models
4 |
5 | // This file was generated by the swagger tool.
6 | // Editing this file might prove futile when you re-run the swagger generate command
7 |
8 | import (
9 | "context"
10 |
11 | "github.com/go-openapi/strfmt"
12 | )
13 |
14 | // PortSet PortSet is a collection of structs indexed by Port
15 | //
16 | // swagger:model PortSet
17 | type PortSet map[string]interface{}
18 |
19 | // Validate validates this port set
20 | func (m PortSet) Validate(formats strfmt.Registry) error {
21 | return nil
22 | }
23 |
24 | // ContextValidate validates this port set based on context it is used
25 | func (m PortSet) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
26 | return nil
27 | }
28 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/generated/libpod/models/propagation.go:
--------------------------------------------------------------------------------
1 | // Code generated by go-swagger; DO NOT EDIT.
2 |
3 | package models
4 |
5 | // This file was generated by the swagger tool.
6 | // Editing this file might prove futile when you re-run the swagger generate command
7 |
8 | import (
9 | "context"
10 |
11 | "github.com/go-openapi/strfmt"
12 | )
13 |
14 | // Propagation Propagation represents the propagation of a mount.
15 | //
16 | // swagger:model Propagation
17 | type Propagation string
18 |
19 | // Validate validates this propagation
20 | func (m Propagation) Validate(formats strfmt.Registry) error {
21 | return nil
22 | }
23 |
24 | // ContextValidate validates this propagation based on context it is used
25 | func (m Propagation) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
26 | return nil
27 | }
28 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/generated/libpod/models/signal.go:
--------------------------------------------------------------------------------
1 | // Code generated by go-swagger; DO NOT EDIT.
2 |
3 | package models
4 |
5 | // This file was generated by the swagger tool.
6 | // Editing this file might prove futile when you re-run the swagger generate command
7 |
8 | import (
9 | "context"
10 |
11 | "github.com/go-openapi/strfmt"
12 | )
13 |
14 | // Signal A Signal is a number describing a process signal.
15 | //
16 | // It implements the os.Signal interface.
17 | //
18 | // swagger:model Signal
19 | type Signal int64
20 |
21 | // Validate validates this signal
22 | func (m Signal) Validate(formats strfmt.Registry) error {
23 | return nil
24 | }
25 |
26 | // ContextValidate validates this signal based on context it is used
27 | func (m Signal) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
28 | return nil
29 | }
30 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/generated/libpod/models/str_slice.go:
--------------------------------------------------------------------------------
1 | // Code generated by go-swagger; DO NOT EDIT.
2 |
3 | package models
4 |
5 | // This file was generated by the swagger tool.
6 | // Editing this file might prove futile when you re-run the swagger generate command
7 |
8 | import (
9 | "context"
10 |
11 | "github.com/go-openapi/strfmt"
12 | )
13 |
14 | // StrSlice StrSlice represents a string or an array of strings.
15 | //
16 | // We need to override the json decoder to accept both options.
17 | //
18 | // swagger:model StrSlice
19 | type StrSlice []string
20 |
21 | // Validate validates this str slice
22 | func (m StrSlice) Validate(formats strfmt.Registry) error {
23 | return nil
24 | }
25 |
26 | // ContextValidate validates this str slice based on context it is used
27 | func (m StrSlice) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
28 | return nil
29 | }
30 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/generated/libpod/models/type.go:
--------------------------------------------------------------------------------
1 | // Code generated by go-swagger; DO NOT EDIT.
2 |
3 | package models
4 |
5 | // This file was generated by the swagger tool.
6 | // Editing this file might prove futile when you re-run the swagger generate command
7 |
8 | import (
9 | "context"
10 |
11 | "github.com/go-openapi/strfmt"
12 | )
13 |
14 | // Type Type represents the type of a mount.
15 | //
16 | // swagger:model Type
17 | type Type string
18 |
19 | // Validate validates this type
20 | func (m Type) Validate(formats strfmt.Registry) error {
21 | return nil
22 | }
23 |
24 | // ContextValidate validates this type based on context it is used
25 | func (m Type) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
26 | return nil
27 | }
28 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/generated/libpod/models/u_t_s_mode.go:
--------------------------------------------------------------------------------
1 | // Code generated by go-swagger; DO NOT EDIT.
2 |
3 | package models
4 |
5 | // This file was generated by the swagger tool.
6 | // Editing this file might prove futile when you re-run the swagger generate command
7 |
8 | import (
9 | "context"
10 |
11 | "github.com/go-openapi/strfmt"
12 | )
13 |
14 | // UTSMode UTSMode represents the UTS namespace of the container.
15 | //
16 | // swagger:model UTSMode
17 | type UTSMode string
18 |
19 | // Validate validates this u t s mode
20 | func (m UTSMode) Validate(formats strfmt.Registry) error {
21 | return nil
22 | }
23 |
24 | // ContextValidate validates this u t s mode based on context it is used
25 | func (m UTSMode) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
26 | return nil
27 | }
28 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/generated/libpod/models/userns_mode.go:
--------------------------------------------------------------------------------
1 | // Code generated by go-swagger; DO NOT EDIT.
2 |
3 | package models
4 |
5 | // This file was generated by the swagger tool.
6 | // Editing this file might prove futile when you re-run the swagger generate command
7 |
8 | import (
9 | "context"
10 |
11 | "github.com/go-openapi/strfmt"
12 | )
13 |
14 | // UsernsMode UsernsMode represents userns mode in the container.
15 | //
16 | // swagger:model UsernsMode
17 | type UsernsMode string
18 |
19 | // Validate validates this userns mode
20 | func (m UsernsMode) Validate(formats strfmt.Registry) error {
21 | return nil
22 | }
23 |
24 | // ContextValidate validates this userns mode based on context it is used
25 | func (m UsernsMode) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
26 | return nil
27 | }
28 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/labels.go:
--------------------------------------------------------------------------------
1 | package client
2 |
3 | const (
4 | ValidRfc1123Label = `^(` + ValidRfc1123LabelKey + `)+=(` + ValidRfc1123LabelValue + `)+(,(` + ValidRfc1123LabelKey + `)+=(` + ValidRfc1123LabelValue + `)+)*$`
5 | ValidRfc1123LabelKey = "[a-z0-9]([-._a-z0-9]*[a-z0-9])*"
6 | ValidRfc1123LabelValue = "[a-zA-Z0-9]([-._a-zA-Z0-9]*[a-zA-Z0-9])*"
7 | DefaultSkupperExtraLabels string = ""
8 | )
9 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/podman/version.go:
--------------------------------------------------------------------------------
1 | package podman
2 |
3 | import (
4 | "github.com/open-edge-platform/app-orch-deployment/app-interconnect/internal/skupper/client/container"
5 | "github.com/open-edge-platform/app-orch-deployment/app-interconnect/internal/skupper/client/generated/libpod/client/system"
6 | )
7 |
8 | func (p *PodmanRestClient) Version() (*container.Version, error) {
9 | systemCli := system.New(p.RestClient, formats)
10 | info, err := systemCli.SystemInfoLibpod(system.NewSystemInfoLibpodParams())
11 | if err != nil {
12 | return nil, err
13 | }
14 | v := &container.Version{}
15 | if info.Payload.Version != nil {
16 | v.Server = container.VersionInfo{
17 | Version: info.Payload.Version.Version,
18 | APIVersion: info.Payload.Version.APIVersion,
19 | }
20 | v.Hostname = info.Payload.Host.Hostname
21 | v.Arch = info.Payload.Host.Arch
22 | v.Kernel = info.Payload.Host.Kernel
23 | v.OS = info.Payload.Host.OS
24 | }
25 |
26 | return v, nil
27 | }
28 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/router_remove.go:
--------------------------------------------------------------------------------
1 | package client
2 |
3 | import (
4 | "context"
5 | "fmt"
6 |
7 | "k8s.io/apimachinery/pkg/api/errors"
8 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
9 |
10 | "github.com/open-edge-platform/app-orch-deployment/app-interconnect/internal/skupper/api/types"
11 | )
12 |
13 | // RouterRemove delete a VAN (router and controller) deployment
14 | func (cli *VanClient) RouterRemove(ctx context.Context) error {
15 | err := cli.KubeClient.AppsV1().Deployments(cli.Namespace).Delete(ctx, types.TransportDeploymentName, metav1.DeleteOptions{})
16 | if err != nil {
17 | if errors.IsNotFound(err) {
18 | return fmt.Errorf("Skupper not installed in '"+cli.Namespace+"': %w", err)
19 | } else {
20 | return fmt.Errorf("Error while trying to delete: %w", err)
21 | }
22 | }
23 | return nil
24 | }
25 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/serviceinterface_create.go:
--------------------------------------------------------------------------------
1 | package client
2 |
3 | import (
4 | "context"
5 | "fmt"
6 |
7 | "github.com/open-edge-platform/app-orch-deployment/app-interconnect/internal/skupper/api/types"
8 | "k8s.io/apimachinery/pkg/api/errors"
9 | )
10 |
11 | func (cli *VanClient) ServiceInterfaceCreate(ctx context.Context, service *types.ServiceInterface) error {
12 | policy := NewPolicyValidatorAPI(cli)
13 | res, err := policy.Service(service.Address)
14 | if err != nil {
15 | return err
16 | }
17 | if !res.Allowed {
18 | return res.Err()
19 | }
20 | owner, err := getRootObject(cli)
21 | if err == nil {
22 | err = validateServiceInterface(service, cli)
23 | if err != nil {
24 | return err
25 | }
26 |
27 | return updateServiceInterface(service, false, owner, cli)
28 | } else if errors.IsNotFound(err) {
29 | return fmt.Errorf("Skupper is not enabled in namespace '%s'", cli.Namespace)
30 | } else {
31 | return err
32 | }
33 | }
34 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/serviceinterface_inspect.go:
--------------------------------------------------------------------------------
1 | package client
2 |
3 | import (
4 | "context"
5 | jsonencoding "encoding/json"
6 | "fmt"
7 |
8 | "k8s.io/apimachinery/pkg/api/errors"
9 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
10 |
11 | "github.com/open-edge-platform/app-orch-deployment/app-interconnect/internal/skupper/api/types"
12 | )
13 |
14 | func (cli *VanClient) ServiceInterfaceInspect(ctx context.Context, address string) (*types.ServiceInterface, error) {
15 | current, err := cli.KubeClient.CoreV1().ConfigMaps(cli.Namespace).Get(ctx, types.ServiceInterfaceConfigMap, metav1.GetOptions{})
16 | if err == nil {
17 | jsonDef := current.Data[address]
18 | if jsonDef == "" {
19 | return nil, nil
20 | } else {
21 | service := types.ServiceInterface{}
22 | err = jsonencoding.Unmarshal([]byte(jsonDef), &service)
23 | if err != nil {
24 | return nil, fmt.Errorf("Failed to read json for service definition %s: %s", address, err)
25 | } else {
26 | return &service, nil
27 | }
28 | }
29 | } else if errors.IsNotFound(err) {
30 | return nil, nil
31 | } else {
32 | return nil, fmt.Errorf("Could not retrieve service interface definition: %s", err)
33 | }
34 | }
35 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/serviceinterface_list.go:
--------------------------------------------------------------------------------
1 | package client
2 |
3 | import (
4 | "context"
5 | jsonencoding "encoding/json"
6 |
7 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
8 |
9 | "github.com/open-edge-platform/app-orch-deployment/app-interconnect/internal/skupper/api/types"
10 | )
11 |
12 | func (cli *VanClient) ServiceInterfaceList(ctx context.Context) ([]*types.ServiceInterface, error) {
13 | var vsis []*types.ServiceInterface
14 |
15 | current, err := cli.KubeClient.CoreV1().ConfigMaps(cli.Namespace).Get(ctx, types.ServiceInterfaceConfigMap, metav1.GetOptions{})
16 | if err == nil {
17 | for _, v := range current.Data {
18 | if v != "" {
19 | si := types.ServiceInterface{}
20 | err = jsonencoding.Unmarshal([]byte(v), &si)
21 | if err != nil {
22 | return vsis, err
23 | } else {
24 | vsis = append(vsis, &si)
25 | }
26 | }
27 | }
28 | return vsis, nil
29 | } else {
30 | return vsis, err
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/site_config_create.go:
--------------------------------------------------------------------------------
1 | package client
2 |
3 | import (
4 | "context"
5 | "fmt"
6 |
7 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
8 |
9 | "github.com/open-edge-platform/app-orch-deployment/app-interconnect/internal/skupper/api/types"
10 | "github.com/open-edge-platform/app-orch-deployment/app-interconnect/internal/skupper/pkg/site"
11 | )
12 |
13 | func (cli *VanClient) SiteConfigCreate(ctx context.Context, spec types.SiteConfigSpec) (*types.SiteConfig, error) {
14 | siteConfig, err := site.WriteSiteConfig(spec, cli.Namespace)
15 | if err != nil {
16 | return nil, err
17 | }
18 | if spec.IsIngressRoute() && cli.RouteClient == nil {
19 | return nil, fmt.Errorf("OpenShift cluster not detected for --ingress type route")
20 | }
21 |
22 | actual, err := cli.KubeClient.CoreV1().ConfigMaps(cli.Namespace).Create(ctx, siteConfig, metav1.CreateOptions{})
23 | if err != nil {
24 | return nil, err
25 | }
26 | if actual.TypeMeta.Kind == "" || actual.TypeMeta.APIVersion == "" { // why??
27 | actual.TypeMeta = siteConfig.TypeMeta
28 | }
29 | return cli.SiteConfigInspect(ctx, actual)
30 | }
31 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/site_config_remove.go:
--------------------------------------------------------------------------------
1 | package client
2 |
3 | import (
4 | "context"
5 |
6 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
7 |
8 | "github.com/open-edge-platform/app-orch-deployment/app-interconnect/internal/skupper/api/types"
9 | )
10 |
11 | func (cli *VanClient) SiteConfigRemove(ctx context.Context) error {
12 | return cli.KubeClient.CoreV1().ConfigMaps(cli.Namespace).Delete(ctx, types.SiteConfigMapName, metav1.DeleteOptions{})
13 | }
14 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/client/utils.go:
--------------------------------------------------------------------------------
1 | package client
2 |
3 | import (
4 | "hash/crc32"
5 | "sort"
6 | "strings"
7 |
8 | rbacv1 "k8s.io/api/rbac/v1"
9 | )
10 |
11 | func ContainsAllPolicies(elements []rbacv1.PolicyRule, included []rbacv1.PolicyRule) bool {
12 | if nil == elements || nil == included {
13 | return false
14 | }
15 | getHashedRules := func(rules []rbacv1.PolicyRule) []uint32 {
16 | var hashedRules []uint32
17 | for _, inc := range rules {
18 | var resources []string
19 | resources = append(resources, inc.Resources...)
20 | resources = append(resources, inc.Verbs...)
21 | resources = append(resources, inc.APIGroups...)
22 | sort.Strings(resources)
23 | str := strings.Join(resources, "")
24 | hashedRules = append(hashedRules, crc32.ChecksumIEEE([]byte(str)))
25 | }
26 | return hashedRules
27 | }
28 | hashedIncluded := getHashedRules(included)
29 | hashedElements := getHashedRules(elements)
30 |
31 | for _, el := range hashedElements {
32 | if !Contains(hashedIncluded, el) {
33 | return false
34 | }
35 | }
36 | return true
37 | }
38 |
39 | func Contains(elements []uint32, element uint32) bool {
40 | for _, el := range elements {
41 | if el == element {
42 | return true
43 | }
44 | }
45 | return false
46 | }
47 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/apis/skupper/register.go:
--------------------------------------------------------------------------------
1 | package skupper
2 |
3 | const (
4 | GroupName = "skupper.io"
5 | )
6 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/apis/skupper/v1alpha1/doc.go:
--------------------------------------------------------------------------------
1 | // +k8s:deepcopy-gen=package
2 | // +groupName=skupper.io
3 |
4 | package v1alpha1 // import "github.com/open-edge-platform/app-orch-deployment/app-interconnect/internal/skupper/pkg/apis/skupper/v1alpha1"
5 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/apis/skupper/v1alpha1/register.go:
--------------------------------------------------------------------------------
1 | package v1alpha1
2 |
3 | import (
4 | "github.com/open-edge-platform/app-orch-deployment/app-interconnect/internal/skupper/pkg/apis/skupper"
5 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
6 | "k8s.io/apimachinery/pkg/runtime"
7 | "k8s.io/apimachinery/pkg/runtime/schema"
8 | )
9 |
10 | var SchemeGroupVersion = schema.GroupVersion{
11 | Group: skupper.GroupName,
12 | Version: "v1alpha1",
13 | }
14 |
15 | func Kind(kind string) schema.GroupKind {
16 | return SchemeGroupVersion.WithKind(kind).GroupKind()
17 | }
18 |
19 | func Resource(resource string) schema.GroupResource {
20 | return SchemeGroupVersion.WithResource(resource).GroupResource()
21 | }
22 |
23 | var (
24 | SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
25 | AddToScheme = SchemeBuilder.AddToScheme
26 | )
27 |
28 | func addKnownTypes(scheme *runtime.Scheme) error {
29 | scheme.AddKnownTypes(SchemeGroupVersion, &SkupperClusterPolicy{}, &SkupperClusterPolicyList{})
30 | metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
31 | return nil
32 | }
33 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/apis/skupper/v1alpha1/types.go:
--------------------------------------------------------------------------------
1 | package v1alpha1
2 |
3 | import (
4 | v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
5 | )
6 |
7 | // +genclient
8 | // +genclient:noStatus
9 | // +genclient:nonNamespaced
10 | // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
11 |
12 | // SkupperClusterPolicy defines optional cluster level policies
13 | type SkupperClusterPolicy struct {
14 | v1.TypeMeta `json:",inline"`
15 | v1.ObjectMeta `json:"metadata,omitempty"`
16 | Spec SkupperClusterPolicySpec `json:"spec,omitempty"`
17 | }
18 |
19 | // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
20 |
21 | // SkupperClusterPolicyList contains a List of SkupperClusterPolicy
22 | type SkupperClusterPolicyList struct {
23 | v1.TypeMeta `json:",inline"`
24 | v1.ListMeta `json:"metadata,omitempty"`
25 | Items []SkupperClusterPolicy `json:"items"`
26 | }
27 |
28 | type SkupperClusterPolicySpec struct {
29 | Namespaces []string `json:"namespaces"`
30 | AllowIncomingLinks bool `json:"allowIncomingLinks"`
31 | AllowedOutgoingLinksHostnames []string `json:"allowedOutgoingLinksHostnames"`
32 | AllowedExposedResources []string `json:"allowedExposedResources"`
33 | AllowedServices []string `json:"allowedServices"`
34 | }
35 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/cleanhttp/cleanhttp.go:
--------------------------------------------------------------------------------
1 | // cleanhttp has convenience functions for creating clean http clients and
2 | // transports - free of the globally mutable state in http.DefaultClient and
3 | // http.DefaultTransport variables.
4 | package cleanhttp
5 |
6 | import (
7 | "net"
8 | "net/http"
9 | "time"
10 | )
11 |
12 | // DefaultClient returns a clean http Client using the same defaults as go's
13 | // http.DefaultClient without relying on global state shared with other
14 | // clients.
15 | func DefaultClient() *http.Client {
16 | return &http.Client{
17 | Transport: DefaultTransport(),
18 | }
19 | }
20 |
21 | // DefaultTransport returns a clean http Transport with the same defaults as
22 | // go's http.DefaultTransport.
23 | func DefaultTransport() *http.Transport {
24 | transport := &http.Transport{
25 | Proxy: http.ProxyFromEnvironment,
26 | DialContext: (&net.Dialer{
27 | Timeout: 30 * time.Second,
28 | KeepAlive: 30 * time.Second,
29 | }).DialContext,
30 | ForceAttemptHTTP2: true,
31 | MaxIdleConns: 100,
32 | IdleConnTimeout: 90 * time.Second,
33 | TLSHandshakeTimeout: 10 * time.Second,
34 | ExpectContinueTimeout: 1 * time.Second,
35 | }
36 | return transport
37 | }
38 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/config/prometheus-web-config.yml.template:
--------------------------------------------------------------------------------
1 | # TLS configuration.
2 | #{{- if .TlsAuth }}
3 | #tls_server_config:
4 | # cert_file: /etc/tls/certs/tls.crt
5 | # key_file: /etc/tls/certs/tls.key
6 | #{{- end}}
7 | #
8 | # Usernames and passwords required to connect to Prometheus.
9 | # Passwords are hashed with bcrypt: https://github.com/prometheus/exporter-toolkit/blob/master/docs/web-configuration.md#about-bcrypt
10 | #basic_auth_users:
11 | {{- if .BasicAuth}}
12 | # {{.User}}: {{.Hash}}
13 | {{- end}}
14 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/config/prometheus.go:
--------------------------------------------------------------------------------
1 | package config
2 |
3 | import (
4 | "bytes"
5 | _ "embed"
6 | "text/template"
7 |
8 | "golang.org/x/crypto/bcrypt"
9 | )
10 |
11 | var (
12 | //go:embed prometheus.yml.template
13 | PrometheusConfig string
14 |
15 | //go:embed prometheus-web-config.yml.template
16 | WebConfigForPrometheus string
17 | )
18 |
19 | type PrometheusInfo struct {
20 | BasicAuth bool
21 | TlsAuth bool
22 | ServiceName string
23 | Namespace string
24 | Port string
25 | User string
26 | Password string
27 | Hash string
28 | }
29 |
30 | func ScrapeConfigForPrometheus(info PrometheusInfo) string {
31 | var buf bytes.Buffer
32 | promConfig := template.Must(template.New("promConfig").Parse(PrometheusConfig))
33 | promConfig.Execute(&buf, info)
34 |
35 | return buf.String()
36 | }
37 |
38 | func ScrapeWebConfigForPrometheus(info PrometheusInfo) string {
39 | var buf bytes.Buffer
40 | promConfig := template.Must(template.New("prmConfig").Parse(WebConfigForPrometheus))
41 | promConfig.Execute(&buf, info)
42 |
43 | return buf.String()
44 | }
45 |
46 | func HashPrometheusPassword(password string) ([]byte, error) {
47 | return bcrypt.GenerateFromPassword([]byte(password), 14)
48 | }
49 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/config/prometheus.yml.template:
--------------------------------------------------------------------------------
1 | global:
2 | scrape_interval: 15s
3 | evaluation_interval: 15s
4 | alerting:
5 | alertmanagers:
6 | - static_configs:
7 | - targets:
8 | rule_files:
9 | # - "example-file.yml"
10 | scrape_configs:
11 | - job_name: 'prometheus'
12 | metrics_path: "/api/v1alpha1/metrics"
13 | scheme: "https"
14 | tls_config:
15 | insecure_skip_verify: true
16 | static_configs:
17 | {{- if .Namespace}}
18 | - targets: ["{{.ServiceName}}.{{.Namespace}}.svc.cluster.local:{{.Port}}"]
19 | {{- else}}
20 | - targets: ["{{.ServiceName}}:{{.Port}}"]
21 | {{- end}}
22 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/config/startsh-podman.template:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env sh
2 |
3 | set -o errexit
4 | set -o nounset
5 |
6 | for container in $(podman container ls --filter label=application=skupper --format {{.Names}} --all); do
7 | podman start ${container}
8 | done
9 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/config/stopsh-podman.template:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env sh
2 |
3 | set -o errexit
4 | set -o nounset
5 |
6 | for container in $(podman container ls --filter label=application=skupper --format {{.Names}} --all); do
7 | podman stop -t 10 ${container}
8 | done
9 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/config/systemd_service.template:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=skupper-{{.Platform}}.service
3 | Wants=network-online.target
4 | After=network-online.target
5 | RequiresMountsFor={{.RuntimeDir}}/containers
6 |
7 | [Service]
8 | TimeoutStopSec=70
9 | RemainAfterExit=yes
10 | ExecStart={{.DataHomeDir}}/start-{{.Platform}}.sh
11 | ExecStop={{.DataHomeDir}}/stop-{{.Platform}}.sh
12 | Type=simple
13 |
14 | [Install]
15 | WantedBy=default.target
16 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/data/site.go:
--------------------------------------------------------------------------------
1 | package data
2 |
3 | type Site struct {
4 | SiteName string `json:"site_name"`
5 | SiteId string `json:"site_id"`
6 | Version string `json:"version"`
7 | Platform string `json:"platform"`
8 | Connected []string `json:"connected"`
9 | Namespace string `json:"namespace"`
10 | Url string `json:"url"`
11 | Edge bool `json:"edge"`
12 | Gateway bool `json:"gateway"`
13 | }
14 |
15 | func (s *Site) IsConnectedTo(siteId string) bool {
16 | for _, value := range s.Connected {
17 | if value == siteId {
18 | return true
19 | }
20 | }
21 | return false
22 | }
23 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/domain/podman/common.go:
--------------------------------------------------------------------------------
1 | package podman
2 |
3 | import (
4 | "fmt"
5 |
6 | "github.com/open-edge-platform/app-orch-deployment/app-interconnect/internal/skupper/pkg/utils"
7 |
8 | "github.com/open-edge-platform/app-orch-deployment/app-interconnect/internal/skupper/api/types"
9 | )
10 |
11 | const (
12 | SharedTlsCertificates = "skupper-router-certs"
13 | )
14 |
15 | var (
16 | Username = utils.ReadUsername()
17 | SkupperContainerVolumes = []string{
18 | "skupper-services",
19 | "skupper-local-server",
20 | "skupper-internal",
21 | "skupper-site-server",
22 | SharedTlsCertificates,
23 | types.ConsoleServerSecret,
24 | types.ConsoleUsersSecret,
25 | types.NetworkStatusConfigMapName,
26 | "prometheus-server-config",
27 | "prometheus-storage-volume",
28 | }
29 | )
30 |
31 | func OwnedBySkupper(resource string, labels map[string]string) error {
32 | notOwnedErr := fmt.Errorf("%s is not owned by Skupper", resource)
33 | if labels == nil {
34 | return notOwnedErr
35 | }
36 | if app, ok := labels["application"]; !ok || app != types.AppName {
37 | return notOwnedErr
38 | }
39 | return nil
40 | }
41 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/domain/podman/ingress.go:
--------------------------------------------------------------------------------
1 | package podman
2 |
3 | import (
4 | "github.com/open-edge-platform/app-orch-deployment/app-interconnect/internal/skupper/pkg/domain"
5 | )
6 |
7 | type SiteIngressHost struct {
8 | *domain.SiteIngressCommon
9 | }
10 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/domain/podman/local_config.go:
--------------------------------------------------------------------------------
1 | package podman
2 |
3 | import (
4 | "path"
5 |
6 | "github.com/open-edge-platform/app-orch-deployment/app-interconnect/internal/skupper/pkg/config"
7 | )
8 |
9 | var (
10 | ConfigFile = path.Join(config.GetDataHome(), "podman.yaml")
11 | )
12 |
13 | type Config struct {
14 | Endpoint string `yaml:"endpoint"`
15 | }
16 |
17 | type configFileHandler struct {
18 | config *config.ConfigFileHandlerCommon
19 | }
20 |
21 | func (p *configFileHandler) GetConfig() (*Config, error) {
22 | err := p.config.Load()
23 | if err != nil {
24 | return nil, err
25 | }
26 | return p.config.GetData().(*Config), nil
27 | }
28 |
29 | func (p *configFileHandler) Save(config *Config) error {
30 | p.config.SetData(config)
31 | return p.config.Save()
32 | }
33 |
34 | func NewPodmanConfigFileHandler() *configFileHandler {
35 | c := &config.ConfigFileHandlerCommon{}
36 | c.SetFileName(ConfigFile)
37 | c.SetData(&Config{})
38 | p := &configFileHandler{config: c}
39 | return p
40 | }
41 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/domain/podman/skupper-services.json:
--------------------------------------------------------------------------------
1 | {"nginx":{"address":"nginx","protocol":"tcp","ports":[8080],"exposeIngress":"","targets":[{"name":"*domain.EgressResolverHost={\"host\":\"nginx\",\"ports\":{\"8080\":8080}}","targetPorts":{"8080":8080},"service":"nginx"}]}}
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/domain/router.go:
--------------------------------------------------------------------------------
1 | package domain
2 |
3 | import (
4 | "github.com/open-edge-platform/app-orch-deployment/app-interconnect/internal/skupper/pkg/qdr"
5 | )
6 |
7 | // RouterEntityManager manipulates runtime entities
8 | type RouterEntityManager interface {
9 | CreateSslProfile(sslProfile qdr.SslProfile) error
10 | DeleteSslProfile(name string) error
11 | CreateConnector(connector qdr.Connector) error
12 | DeleteConnector(name string) error
13 | QueryAllRouters() ([]qdr.Router, error)
14 | QueryRouterNodes() ([]qdr.RouterNode, error)
15 | QueryEdgeRouters() ([]qdr.Router, error)
16 | QueryConnections(routerId string, edge bool) ([]qdr.Connection, error)
17 | CreateTcpConnector(tcpConnector qdr.TcpEndpoint) error
18 | DeleteTcpConnector(name string) error
19 | CreateHttpConnector(httpConnector qdr.HttpEndpoint) error
20 | DeleteHttpConnector(name string) error
21 | }
22 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/domain/skupper_deployment.go:
--------------------------------------------------------------------------------
1 | package domain
2 |
3 | import "context"
4 |
5 | type SkupperDeployment interface {
6 | GetName() string
7 | GetComponents() []SkupperComponent
8 | }
9 |
10 | type SkupperDeploymentHandler interface {
11 | Deploy(ctx context.Context, deployment SkupperDeployment) error
12 | List() ([]SkupperDeployment, error)
13 | Undeploy(name string) error
14 | }
15 |
16 | type SkupperDeploymentCommon struct {
17 | Components []SkupperComponent
18 | }
19 |
20 | func (s *SkupperDeploymentCommon) GetComponents() []SkupperComponent {
21 | return s.Components
22 | }
23 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/generated/client/clientset/versioned/doc.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2021 The Skupper Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | // Code generated by client-gen. DO NOT EDIT.
18 |
19 | // This package has the automatically generated clientset.
20 | package versioned
21 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/generated/client/clientset/versioned/fake/doc.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2021 The Skupper Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | // Code generated by client-gen. DO NOT EDIT.
18 |
19 | // This package has the automatically generated fake clientset.
20 | package fake
21 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/generated/client/clientset/versioned/scheme/doc.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2021 The Skupper Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | // Code generated by client-gen. DO NOT EDIT.
18 |
19 | // This package contains the scheme of the automatically generated clientset.
20 | package scheme
21 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/generated/client/clientset/versioned/typed/skupper/v1alpha1/doc.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2021 The Skupper Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | // Code generated by client-gen. DO NOT EDIT.
18 |
19 | // This package has the automatically generated typed clients.
20 | package v1alpha1
21 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/generated/client/clientset/versioned/typed/skupper/v1alpha1/fake/doc.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2021 The Skupper Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | // Code generated by client-gen. DO NOT EDIT.
18 |
19 | // Package fake has the automatically generated clients.
20 | package fake
21 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/generated/client/clientset/versioned/typed/skupper/v1alpha1/generated_expansion.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2021 The Skupper Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | // Code generated by client-gen. DO NOT EDIT.
18 |
19 | package v1alpha1
20 |
21 | type SkupperClusterPolicyExpansion interface{}
22 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/generated/client/listers/skupper/v1alpha1/expansion_generated.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright 2021 The Skupper Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | // Code generated by lister-gen. DO NOT EDIT.
18 |
19 | package v1alpha1
20 |
21 | // SkupperClusterPolicyListerExpansion allows custom methods to be added to
22 | // SkupperClusterPolicyLister.
23 | type SkupperClusterPolicyListerExpansion interface{}
24 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/images/images.go:
--------------------------------------------------------------------------------
1 | package images
2 |
3 | const (
4 | DefaultImageRegistry string = "quay.io/skupper"
5 | RouterImageName string = "skupper-router:2.7.0"
6 | ServiceControllerImageName string = "service-controller:main"
7 | ControllerPodmanImageName string = "controller-podman:main"
8 | ConfigSyncImageName string = "config-sync:main"
9 | FlowCollectorImageName string = "flow-collector:main"
10 | SiteControllerImageName string = "site-controller:main"
11 | PrometheusImageRegistry string = "quay.io/prometheus"
12 | PrometheusServerImageName string = "prometheus:v2.42.0"
13 | OauthProxyImageRegistry string = "quay.io/openshift"
14 | OauthProxyImageName string = "origin-oauth-proxy:4.14.0"
15 | )
16 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/kube/clients.go:
--------------------------------------------------------------------------------
1 | /*
2 | Licensed under the Apache License, Version 2.0 (the "License");
3 | you may not use this file except in compliance with the License.
4 | You may obtain a copy of the License at
5 |
6 | http://www.apache.org/licenses/LICENSE-2.0
7 |
8 | Unless required by applicable law or agreed to in writing, software
9 | distributed under the License is distributed on an "AS IS" BASIS,
10 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | See the License for the specific language governing permissions and
12 | limitations under the License.
13 | */
14 |
15 | package kube
16 |
17 | import (
18 | routev1client "github.com/openshift/client-go/route/clientset/versioned/typed/route/v1"
19 | "k8s.io/client-go/discovery"
20 | "k8s.io/client-go/dynamic"
21 | "k8s.io/client-go/kubernetes"
22 | )
23 |
24 | type Clients interface {
25 | GetKubeClient() kubernetes.Interface
26 | GetDynamicClient() dynamic.Interface
27 | GetDiscoveryClient() *discovery.DiscoveryClient
28 | GetRouteClient() *routev1client.RouteV1Client
29 | }
30 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/kube/clusterrolebindings.go:
--------------------------------------------------------------------------------
1 | package kube
2 |
3 | import (
4 | "context"
5 |
6 | rbacv1 "k8s.io/api/rbac/v1"
7 | "k8s.io/apimachinery/pkg/api/errors"
8 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
9 | "k8s.io/client-go/kubernetes"
10 | )
11 |
12 | func CreateClusterRoleBinding(crb *rbacv1.ClusterRoleBinding, kubeclient kubernetes.Interface) (*rbacv1.ClusterRoleBinding, error) {
13 | clusterRoleBindings := kubeclient.RbacV1().ClusterRoleBindings()
14 | created, err := clusterRoleBindings.Create(context.TODO(), crb, metav1.CreateOptions{})
15 | if err != nil {
16 | return nil, err
17 | } else {
18 | return created, nil
19 | }
20 | }
21 |
22 | func DeleteClusterRoleBinding(name string, kubeclient kubernetes.Interface) (bool, error) {
23 | err := kubeclient.RbacV1().ClusterRoleBindings().Delete(context.TODO(), name, metav1.DeleteOptions{})
24 | if errors.IsNotFound(err) {
25 | return false, nil
26 | } else if err != nil {
27 | return false, err
28 | }
29 | return true, nil
30 | }
31 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/kube/deploymentconfigs.go:
--------------------------------------------------------------------------------
1 | package kube
2 |
3 | import (
4 | "context"
5 |
6 | appv1 "github.com/openshift/api/apps/v1"
7 | "github.com/openshift/client-go/apps/clientset/versioned"
8 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
9 | )
10 |
11 | func GetDeploymentConfig(name string, namespace string, appsClient versioned.Interface) (*appv1.DeploymentConfig, error) {
12 | depConfig, err := appsClient.AppsV1().DeploymentConfigs(namespace).Get(context.TODO(), name, metav1.GetOptions{})
13 | return depConfig, err
14 | }
15 |
16 | func GetContainerPortForDeploymentConfig(deploymentConfig *appv1.DeploymentConfig) map[int]int {
17 | if len(deploymentConfig.Spec.Template.Spec.Containers) > 0 && len(deploymentConfig.Spec.Template.Spec.Containers[0].Ports) > 0 {
18 | return GetAllContainerPorts(deploymentConfig.Spec.Template.Spec.Containers[0])
19 | } else {
20 | return map[int]int{}
21 | }
22 | }
23 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/kube/rolebindings.go:
--------------------------------------------------------------------------------
1 | package kube
2 |
3 | import (
4 | "context"
5 |
6 | rbacv1 "k8s.io/api/rbac/v1"
7 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
8 | "k8s.io/client-go/kubernetes"
9 | )
10 |
11 | func CreateRoleBinding(namespace string, rb *rbacv1.RoleBinding, kubeclient kubernetes.Interface) (*rbacv1.RoleBinding, error) {
12 | roleBindings := kubeclient.RbacV1().RoleBindings(namespace)
13 | created, err := roleBindings.Create(context.TODO(), rb, metav1.CreateOptions{})
14 | if err != nil {
15 | return nil, err
16 | } else {
17 | return created, nil
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/messaging/messaging.go:
--------------------------------------------------------------------------------
1 | package messaging
2 |
3 | import (
4 | amqp "github.com/interconnectedcloud/go-amqp"
5 | )
6 |
7 | type ConnectionFactory interface {
8 | Connect() (Connection, error)
9 | Url() string
10 | }
11 |
12 | type Connection interface {
13 | Sender(address string) (Sender, error)
14 | Receiver(address string, credit uint32) (Receiver, error)
15 | Close()
16 | }
17 |
18 | type Sender interface {
19 | Send(msg *amqp.Message) error
20 | Close() error
21 | }
22 |
23 | type Receiver interface {
24 | Receive() (*amqp.Message, error)
25 | Accept(*amqp.Message) error
26 | Close() error
27 | }
28 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/utils/configs/config.go:
--------------------------------------------------------------------------------
1 | package configs
2 |
3 | func ConnectJson(host string) string {
4 | connect_json := `
5 | {
6 | "scheme": "amqps",
7 | "host": "` + host + `",
8 | "port": "5671",
9 | "tls": {
10 | "ca": "/etc/messaging/ca.crt",
11 | "cert": "/etc/messaging/tls.crt",
12 | "key": "/etc/messaging/tls.key",
13 | "verify": true
14 | }
15 | }
16 | `
17 | return connect_json
18 | }
19 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/utils/formatter/map.go:
--------------------------------------------------------------------------------
1 | package formatter
2 |
3 | import (
4 | "fmt"
5 | "os"
6 | "sort"
7 | "text/tabwriter"
8 | )
9 |
10 | func PrintKeyValueMap(entries map[string]string) error {
11 | writer := new(tabwriter.Writer)
12 | writer.Init(os.Stdout, 8, 8, 0, '\t', 0)
13 | defer writer.Flush()
14 |
15 | keys := make([]string, 0, len(entries))
16 | for k := range entries {
17 | keys = append(keys, k)
18 | }
19 | sort.Strings(keys)
20 |
21 | _, err := fmt.Fprint(writer, "")
22 | if err != nil {
23 | return err
24 | }
25 |
26 | for _, key := range keys {
27 | _, err := fmt.Fprintf(writer, "\n %s\t%s\t", key, entries[key])
28 | if err != nil {
29 | return err
30 | }
31 | }
32 |
33 | return nil
34 | }
35 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/utils/spinner.go:
--------------------------------------------------------------------------------
1 | package utils
2 |
3 | import (
4 | "time"
5 |
6 | "github.com/briandowns/spinner"
7 | )
8 |
9 | func NewSpinner(message string, maxRetries int, function func() error) error {
10 |
11 | spin := spinner.New(spinner.CharSets[9], 100*time.Millisecond, spinner.WithHiddenCursor(false))
12 | spin.Prefix = message
13 | spin.FinalMSG = message + "\n"
14 |
15 | spin.Start()
16 |
17 | err := RetryError(time.Second, maxRetries, function)
18 |
19 | spin.Stop()
20 |
21 | if err != nil {
22 | return err
23 | }
24 |
25 | return nil
26 | }
27 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/utils/tcp.go:
--------------------------------------------------------------------------------
1 | package utils
2 |
3 | import (
4 | "fmt"
5 | "net"
6 | "strconv"
7 | )
8 |
9 | func TcpPortInUse(host string, port int) bool {
10 | address := net.JoinHostPort(host, strconv.Itoa(port))
11 | listener, err := net.Listen("tcp", address)
12 | if err != nil {
13 | return true
14 | }
15 | if listener != nil {
16 | _ = listener.Close()
17 | }
18 | return false
19 | }
20 |
21 | func TcpPortNextFree(startPort int) (int, error) {
22 | for port := startPort; port <= 65535; port++ {
23 | if !TcpPortInUse("", port) {
24 | return port, nil
25 | }
26 | }
27 | return 0, fmt.Errorf("no available ports found")
28 | }
29 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/utils/tlscfg/tls.go:
--------------------------------------------------------------------------------
1 | package tlscfg
2 |
3 | import "crypto/tls"
4 |
5 | var (
6 | tlsCiphers []uint16
7 | )
8 |
9 | func init() {
10 | tlsCiphers = make([]uint16, len(tls.CipherSuites()))
11 | for i, suite := range tls.CipherSuites() {
12 | tlsCiphers[i] = suite.ID
13 | }
14 | }
15 |
16 | // Modern TLS Configuration for when TLSv1.3 can be assumed (e.g. when only
17 | // internal clients are expected.)
18 | func Modern() *tls.Config {
19 | return &tls.Config{
20 | MinVersion: tls.VersionTLS13,
21 | }
22 | }
23 |
24 | // Default TLS Configuration excludes cipher suites implemented in crypto/tls
25 | // that have been marked insecure.
26 | func Default() *tls.Config {
27 | suites := make([]uint16, len(tlsCiphers))
28 | copy(suites, tlsCiphers)
29 | return &tls.Config{
30 | CipherSuites: suites,
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/pkg/version/version.go:
--------------------------------------------------------------------------------
1 | package version
2 |
3 | var Version = "undefined"
4 | var MinimumCompatibleVersion = "0.8.0"
5 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/test/utils/base/interrupt_handler.go:
--------------------------------------------------------------------------------
1 | package base
2 |
3 | import (
4 | "log"
5 | "os"
6 | "os/signal"
7 | "syscall"
8 | "testing"
9 | )
10 |
11 | // This indicates that an interrupt signal has been received at least once.
12 | // Functions can access it using IsTestInterrupted() to check whether they
13 | // should continue, or call StopIfInterrupted (if they have t *testing.T)
14 | var userInterrupted bool
15 |
16 | // HandleInterruptSignal runs the given fn in case
17 | // test execution was interrupted
18 | func HandleInterruptSignal(fn func()) {
19 | sigChannel := make(chan os.Signal, 1)
20 | signal.Notify(sigChannel, os.Interrupt, syscall.SIGTERM)
21 | go func() {
22 | <-sigChannel
23 | userInterrupted = true
24 | log.Printf("interrupt signal received")
25 | fn()
26 | }()
27 | }
28 |
29 | // Calls *testing.T.Fatalf if base.UserInterrupted is true
30 | // In other words, stop that test if someone hit Ctrl+C
31 | func StopIfInterrupted(t *testing.T) {
32 | if userInterrupted {
33 | t.Fatalf("Stopping test as user hit interrupt")
34 | }
35 | }
36 |
37 | func IsTestInterrupted() bool {
38 | return userInterrupted
39 | }
40 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/test/utils/constants/constants.go:
--------------------------------------------------------------------------------
1 | package constants
2 |
3 | import (
4 | "time"
5 |
6 | "github.com/open-edge-platform/app-orch-deployment/app-interconnect/internal/skupper/api/types"
7 | "k8s.io/apimachinery/pkg/util/wait"
8 | )
9 |
10 | const (
11 | // until this issue: https://github.com/open-edge-platform/app-orch-deployment/app-interconnect/internal/skupper/issues/163
12 | // is fixed, this is the best we can do
13 | SkupperServiceReadyPeriod time.Duration = 10 * time.Minute
14 | DefaultTick = 5 * time.Second
15 | ImagePullingAndResourceCreationTimeout = 10 * time.Minute
16 | TestSuiteTimeout = 20 * time.Minute
17 | NamespaceDeleteTimeout = 2 * time.Minute
18 | )
19 |
20 | var (
21 | DefaultRetry wait.Backoff = wait.Backoff{
22 | Steps: int(ImagePullingAndResourceCreationTimeout / DefaultTick),
23 | Duration: DefaultTick,
24 | }
25 | )
26 |
27 | func DefaultRouterOptions(spec *types.RouterOptions) types.RouterOptions {
28 | if spec == nil {
29 | spec = &types.RouterOptions{}
30 | }
31 |
32 | if spec.Logging == nil {
33 | spec.Logging = []types.RouterLogConfig{}
34 | }
35 | spec.Logging = append(spec.Logging, types.RouterLogConfig{Module: "DEFAULT", Level: "trace+"})
36 |
37 | return *spec
38 | }
39 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/test/utils/env/envvars.go:
--------------------------------------------------------------------------------
1 | // Package env defines environment variables to be used across integration
2 | // test suites. These variables do not need to be set, but when defined
3 | // they can modify the behavior of the test suites.
4 | package env
5 |
6 | const (
7 | Public1IngressHost = "PUBLIC_1_INGRESS_HOST"
8 | )
9 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/test/utils/k8s/pod.go:
--------------------------------------------------------------------------------
1 | package k8s
2 |
--------------------------------------------------------------------------------
/app-interconnect/internal/skupper/test/utils/string.go:
--------------------------------------------------------------------------------
1 | package utils
2 |
3 | // StrDefault helper function that returns value if not empty
4 | // otherwise returns dflt.
5 | func StrDefault(dflt string, values ...string) string {
6 | for _, value := range values {
7 | if len(value) > 0 {
8 | return value
9 | }
10 | }
11 | return dflt
12 | }
13 |
14 | // StrEmpty returns true if the given string is empty
15 | func StrEmpty(value string) bool {
16 | if value == "" {
17 | return true
18 | }
19 | return false
20 | }
21 |
22 | // StrIn returns true if the given value exists in values
23 | func StrIn(value string, values ...string) bool {
24 | for _, v := range values {
25 | if v == value {
26 | return true
27 | }
28 | }
29 | return false
30 | }
31 |
32 | // AllStrIn returns true if all values provided exist in slice
33 | func AllStrIn(slice []string, values ...string) bool {
34 | if len(values) == 0 {
35 | return false
36 | }
37 | for _, v := range values {
38 | if !StrIn(v, slice...) {
39 | return false
40 | }
41 | }
42 | return true
43 | }
44 |
--------------------------------------------------------------------------------
/app-interconnect/internal/utils/skupper/util.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | // SPDX-License-Identifier: Apache-2.0
3 |
4 | package skupper
5 |
6 | const (
7 | DefaultSkupperNamespace = "interconnect"
8 | )
9 |
10 | const (
11 | IngressNone = "None"
12 | IngressLoadBalancer = "LoadBalancer"
13 | )
14 |
--------------------------------------------------------------------------------
/app-interconnect/pkg/.keep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/open-edge-platform/app-orch-deployment/4b266a2dbd3f2373fb9856ba4cc42406f261f6f9/app-interconnect/pkg/.keep
--------------------------------------------------------------------------------
/app-interconnect/pkg/apis/apis.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | // SPDX-License-Identifier: Apache-2.0
3 |
4 | package apis
5 |
6 | import (
7 | "k8s.io/apimachinery/pkg/runtime"
8 | )
9 |
10 | // AddToSchemes may be used to add all resources defined in the project to a Scheme
11 | var AddToSchemes runtime.SchemeBuilder
12 |
13 | // AddToScheme adds all Subject to the Scheme
14 | func AddToScheme(s *runtime.Scheme) error {
15 | return AddToSchemes.AddToScheme(s)
16 | }
17 |
--------------------------------------------------------------------------------
/app-interconnect/pkg/apis/interconnect/v1alpha1/doc.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | // SPDX-License-Identifier: Apache-2.0
3 |
4 | // Package v1alpha1 contains API Schema definitions for the v1alpha1 API group
5 | // +k8s:deepcopy-gen=package,register
6 | // +groupName=interconnect.app.edge-orchestrator.intel.com
7 | package v1alpha1
8 |
--------------------------------------------------------------------------------
/app-interconnect/pkg/apis/network/v1alpha1/doc.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | // SPDX-License-Identifier: Apache-2.0
3 |
4 | // Package v1alpha1 contains API Schema definitions for the v1alpha1 API group
5 | // +k8s:deepcopy-gen=package,register
6 | // +groupName=network.app.edge-orchestrator.intel.com
7 | package v1alpha1
8 |
--------------------------------------------------------------------------------
/app-interconnect/pkg/clientset/versioned/fake/doc.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 | // Code generated by client-gen. DO NOT EDIT.
5 |
6 | // This package has the automatically generated fake clientset.
7 | package fake
8 |
--------------------------------------------------------------------------------
/app-interconnect/pkg/clientset/versioned/scheme/doc.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 | // Code generated by client-gen. DO NOT EDIT.
5 |
6 | // This package contains the scheme of the automatically generated clientset.
7 | package scheme
8 |
--------------------------------------------------------------------------------
/app-interconnect/pkg/clientset/versioned/typed/interconnect/v1alpha1/doc.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 | // Code generated by client-gen. DO NOT EDIT.
5 |
6 | // This package has the automatically generated typed clients.
7 | package v1alpha1
8 |
--------------------------------------------------------------------------------
/app-interconnect/pkg/clientset/versioned/typed/interconnect/v1alpha1/fake/doc.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 | // Code generated by client-gen. DO NOT EDIT.
5 |
6 | // Package fake has the automatically generated clients.
7 | package fake
8 |
--------------------------------------------------------------------------------
/app-interconnect/pkg/clientset/versioned/typed/interconnect/v1alpha1/fake/fake_interconnect_client.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 | // Code generated by client-gen. DO NOT EDIT.
5 |
6 | package fake
7 |
8 | import (
9 | v1alpha1 "github.com/open-edge-platform/app-orch-deployment/app-interconnect/pkg/clientset/versioned/typed/interconnect/v1alpha1"
10 | rest "k8s.io/client-go/rest"
11 | testing "k8s.io/client-go/testing"
12 | )
13 |
14 | type FakeInterconnectV1alpha1 struct {
15 | *testing.Fake
16 | }
17 |
18 | func (c *FakeInterconnectV1alpha1) Clusters() v1alpha1.ClusterInterface {
19 | return &FakeClusters{c}
20 | }
21 |
22 | func (c *FakeInterconnectV1alpha1) Links() v1alpha1.LinkInterface {
23 | return &FakeLinks{c}
24 | }
25 |
26 | func (c *FakeInterconnectV1alpha1) Services() v1alpha1.ServiceInterface {
27 | return &FakeServices{c}
28 | }
29 |
30 | // RESTClient returns a RESTClient that is used to communicate
31 | // with API server by this client implementation.
32 | func (c *FakeInterconnectV1alpha1) RESTClient() rest.Interface {
33 | var ret *rest.RESTClient
34 | return ret
35 | }
36 |
--------------------------------------------------------------------------------
/app-interconnect/pkg/clientset/versioned/typed/interconnect/v1alpha1/generated_expansion.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 | // Code generated by client-gen. DO NOT EDIT.
5 |
6 | package v1alpha1
7 |
8 | type ClusterExpansion interface{}
9 |
10 | type LinkExpansion interface{}
11 |
12 | type ServiceExpansion interface{}
13 |
--------------------------------------------------------------------------------
/app-interconnect/pkg/clientset/versioned/typed/network/v1alpha1/doc.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 | // Code generated by client-gen. DO NOT EDIT.
5 |
6 | // This package has the automatically generated typed clients.
7 | package v1alpha1
8 |
--------------------------------------------------------------------------------
/app-interconnect/pkg/clientset/versioned/typed/network/v1alpha1/fake/doc.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 | // Code generated by client-gen. DO NOT EDIT.
5 |
6 | // Package fake has the automatically generated clients.
7 | package fake
8 |
--------------------------------------------------------------------------------
/app-interconnect/pkg/clientset/versioned/typed/network/v1alpha1/fake/fake_network_client.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 | // Code generated by client-gen. DO NOT EDIT.
5 |
6 | package fake
7 |
8 | import (
9 | v1alpha1 "github.com/open-edge-platform/app-orch-deployment/app-interconnect/pkg/clientset/versioned/typed/network/v1alpha1"
10 | rest "k8s.io/client-go/rest"
11 | testing "k8s.io/client-go/testing"
12 | )
13 |
14 | type FakeNetworkV1alpha1 struct {
15 | *testing.Fake
16 | }
17 |
18 | func (c *FakeNetworkV1alpha1) Networks() v1alpha1.NetworkInterface {
19 | return &FakeNetworks{c}
20 | }
21 |
22 | func (c *FakeNetworkV1alpha1) NetworkClusters() v1alpha1.NetworkClusterInterface {
23 | return &FakeNetworkClusters{c}
24 | }
25 |
26 | func (c *FakeNetworkV1alpha1) NetworkLinks() v1alpha1.NetworkLinkInterface {
27 | return &FakeNetworkLinks{c}
28 | }
29 |
30 | func (c *FakeNetworkV1alpha1) NetworkServices() v1alpha1.NetworkServiceInterface {
31 | return &FakeNetworkServices{c}
32 | }
33 |
34 | // RESTClient returns a RESTClient that is used to communicate
35 | // with API server by this client implementation.
36 | func (c *FakeNetworkV1alpha1) RESTClient() rest.Interface {
37 | var ret *rest.RESTClient
38 | return ret
39 | }
40 |
--------------------------------------------------------------------------------
/app-interconnect/pkg/clientset/versioned/typed/network/v1alpha1/generated_expansion.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 | // Code generated by client-gen. DO NOT EDIT.
5 |
6 | package v1alpha1
7 |
8 | type NetworkExpansion interface{}
9 |
10 | type NetworkClusterExpansion interface{}
11 |
12 | type NetworkLinkExpansion interface{}
13 |
14 | type NetworkServiceExpansion interface{}
15 |
--------------------------------------------------------------------------------
/app-interconnect/pkg/informers/externalversions/internalinterfaces/factory_interfaces.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 | // Code generated by informer-gen. DO NOT EDIT.
5 |
6 | package internalinterfaces
7 |
8 | import (
9 | time "time"
10 |
11 | versioned "github.com/open-edge-platform/app-orch-deployment/app-interconnect/pkg/clientset/versioned"
12 | v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
13 | runtime "k8s.io/apimachinery/pkg/runtime"
14 | cache "k8s.io/client-go/tools/cache"
15 | )
16 |
17 | // NewInformerFunc takes versioned.Interface and time.Duration to return a SharedIndexInformer.
18 | type NewInformerFunc func(versioned.Interface, time.Duration) cache.SharedIndexInformer
19 |
20 | // SharedInformerFactory a small interface to allow for adding an informer without an import cycle
21 | type SharedInformerFactory interface {
22 | Start(stopCh <-chan struct{})
23 | InformerFor(obj runtime.Object, newFunc NewInformerFunc) cache.SharedIndexInformer
24 | }
25 |
26 | // TweakListOptionsFunc is a function that transforms a v1.ListOptions.
27 | type TweakListOptionsFunc func(*v1.ListOptions)
28 |
--------------------------------------------------------------------------------
/app-interconnect/pkg/listers/interconnect/v1alpha1/expansion_generated.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 | // Code generated by lister-gen. DO NOT EDIT.
5 |
6 | package v1alpha1
7 |
8 | // ClusterListerExpansion allows custom methods to be added to
9 | // ClusterLister.
10 | type ClusterListerExpansion interface{}
11 |
12 | // LinkListerExpansion allows custom methods to be added to
13 | // LinkLister.
14 | type LinkListerExpansion interface{}
15 |
16 | // ServiceListerExpansion allows custom methods to be added to
17 | // ServiceLister.
18 | type ServiceListerExpansion interface{}
19 |
--------------------------------------------------------------------------------
/app-interconnect/pkg/listers/network/v1alpha1/expansion_generated.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 | // Code generated by lister-gen. DO NOT EDIT.
5 |
6 | package v1alpha1
7 |
8 | // NetworkListerExpansion allows custom methods to be added to
9 | // NetworkLister.
10 | type NetworkListerExpansion interface{}
11 |
12 | // NetworkClusterListerExpansion allows custom methods to be added to
13 | // NetworkClusterLister.
14 | type NetworkClusterListerExpansion interface{}
15 |
16 | // NetworkLinkListerExpansion allows custom methods to be added to
17 | // NetworkLinkLister.
18 | type NetworkLinkListerExpansion interface{}
19 |
20 | // NetworkServiceListerExpansion allows custom methods to be added to
21 | // NetworkServiceLister.
22 | type NetworkServiceListerExpansion interface{}
23 |
--------------------------------------------------------------------------------
/app-interconnect/requirements.txt:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | #
3 | # SPDX-License-Identifier: Apache-2.0
4 |
5 | # license checking
6 | python-debian==0.1.44
7 | reuse~=5.0.0
8 |
9 | # lint yaml
10 | yamllint~=1.27.1
11 |
--------------------------------------------------------------------------------
/app-interconnect/test/e2e/data/cluster/cluster-001.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 | ---
4 | apiVersion: app.edge-orchestrator.intel.com/v1beta1
5 | kind: Cluster
6 | metadata:
7 | name: cluster-001
8 | namespace: fleet-default
9 | labels:
10 | app.edge-orchestrator.intel.com/project-id: test-project
11 | spec:
12 | name: cluster-001
13 | displayName: "Cluster 001"
14 | kubeConfigSecretName: "cluster-001-kubeconfig"
--------------------------------------------------------------------------------
/app-interconnect/test/e2e/data/cluster/cluster-002.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 | ---
4 | apiVersion: app.edge-orchestrator.intel.com/v1beta1
5 | kind: Cluster
6 | metadata:
7 | name: cluster-002
8 | namespace: fleet-default
9 | labels:
10 | app.edge-orchestrator.intel.com/project-id: test-project
11 | spec:
12 | name: cluster-002
13 | displayName: "Cluster 002"
14 | kubeConfigSecretName: "cluster-002-kubeconfig"
--------------------------------------------------------------------------------
/app-interconnect/test/e2e/data/cluster/cluster-003.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 | ---
4 | apiVersion: app.edge-orchestrator.intel.com/v1beta1
5 | kind: Cluster
6 | metadata:
7 | name: cluster-003
8 | namespace: fleet-default
9 | labels:
10 | app.edge-orchestrator.intel.com/project-id: test-project
11 | spec:
12 | name: cluster-003
13 | displayName: "Cluster 003"
14 | kubeConfigSecretName: "cluster-003-kubeconfig"
--------------------------------------------------------------------------------
/app-interconnect/test/e2e/data/cluster/cluster-004.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 | ---
4 | apiVersion: app.edge-orchestrator.intel.com/v1beta1
5 | kind: Cluster
6 | metadata:
7 | name: cluster-004
8 | namespace: fleet-default
9 | labels:
10 | app.edge-orchestrator.intel.com/project-id: test-project
11 | spec:
12 | name: cluster-004
13 | displayName: "Cluster 004"
14 | kubeConfigSecretName: "cluster-004-kubeconfig"
--------------------------------------------------------------------------------
/app-interconnect/test/e2e/data/cluster/cluster-005.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 | ---
4 | apiVersion: app.edge-orchestrator.intel.com/v1beta1
5 | kind: Cluster
6 | metadata:
7 | name: cluster-005
8 | namespace: fleet-default
9 | labels:
10 | app.edge-orchestrator.intel.com/project-id: test-project
11 | spec:
12 | name: cluster-005
13 | displayName: "Cluster 005"
14 | kubeConfigSecretName: "cluster-005-kubeconfig"
--------------------------------------------------------------------------------
/app-interconnect/test/e2e/data/deployment-cluster/test-deployment-cluster-1.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 | ---
4 | apiVersion: app.edge-orchestrator.intel.com/v1beta1
5 | kind: DeploymentCluster
6 | metadata:
7 | name: test-deployment-cluster-1
8 | namespace: cluster-fleet-default-cluster-001
9 | labels:
10 | app.edge-orchestrator.intel.com/deployment-id: 32e8a8e9-9f0a-4984-9ad7-98a39da9d246
11 | app.edge-orchestrator.intel.com/deployment-namespace: fleet-default
12 | app.edge-orchestrator.intel.com/deployment-name: test-deployment
13 | app.edge-orchestrator.intel.com/network-name: test-network
14 | cluster.orchestration.io/cluster-id: cluster-001
15 | spec:
16 | deploymentId: 32e8a8e9-9f0a-4984-9ad7-98a39da9d246
17 | clusterId: cluster-001
18 | namespace: fleet-default
19 | status:
20 | apps:
21 | - name: test-app-1
22 | id: a-b321a235-48fb-5223-8fa2-d196caf5a420
--------------------------------------------------------------------------------
/app-interconnect/test/e2e/data/deployment-cluster/test-deployment-cluster-2.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 | ---
4 | apiVersion: app.edge-orchestrator.intel.com/v1beta1
5 | kind: DeploymentCluster
6 | metadata:
7 | name: test-deployment-cluster-2
8 | namespace: cluster-fleet-default-cluster-002
9 | labels:
10 | app.edge-orchestrator.intel.com/deployment-id: 32e8a8e9-9f0a-4984-9ad7-98a39da9d246
11 | app.edge-orchestrator.intel.com/deployment-namespace: fleet-default
12 | app.edge-orchestrator.intel.com/deployment-name: test-deployment
13 | app.edge-orchestrator.intel.com/network-name: test-network
14 | cluster.orchestration.io/cluster-id: cluster-002
15 | spec:
16 | deploymentId: 32e8a8e9-9f0a-4984-9ad7-98a39da9d246
17 | clusterId: cluster-002
18 | namespace: fleet-default
19 | status:
20 | apps:
21 | - name: test-app-2
22 | id: b-b321a235-48fb-5223-8fa2-d196caf5a420
--------------------------------------------------------------------------------
/app-interconnect/test/e2e/data/deployment-cluster/test-deployment-cluster-3.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 | ---
4 | apiVersion: app.edge-orchestrator.intel.com/v1beta1
5 | kind: DeploymentCluster
6 | metadata:
7 | name: test-deployment-cluster-3
8 | namespace: cluster-fleet-default-cluster-003
9 | labels:
10 | app.edge-orchestrator.intel.com/deployment-id: 32e8a8e9-9f0a-4984-9ad7-98a39da9d246
11 | app.edge-orchestrator.intel.com/deployment-namespace: fleet-default
12 | app.edge-orchestrator.intel.com/deployment-name: test-deployment
13 | app.edge-orchestrator.intel.com/network-name: test-network
14 | cluster.orchestration.io/cluster-id: cluster-003
15 | spec:
16 | deploymentId: 32e8a8e9-9f0a-4984-9ad7-98a39da9d246
17 | clusterId: cluster-003
18 | namespace: fleet-default
19 | status:
20 | apps:
21 | - name: test-app-1
22 | id: c-b321a235-48fb-5223-8fa2-d196caf5a420
--------------------------------------------------------------------------------
/app-interconnect/test/e2e/data/deployment-cluster/test-deployment-cluster-4.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 | ---
4 | apiVersion: app.edge-orchestrator.intel.com/v1beta1
5 | kind: DeploymentCluster
6 | metadata:
7 | name: test-deployment-cluster-4
8 | namespace: cluster-fleet-default-cluster-004
9 | labels:
10 | app.edge-orchestrator.intel.com/deployment-id: 32e8a8e9-9f0a-4984-9ad7-98a39da9d246
11 | app.edge-orchestrator.intel.com/deployment-namespace: fleet-default
12 | app.edge-orchestrator.intel.com/deployment-name: test-deployment
13 | app.edge-orchestrator.intel.com/network-name: test-network
14 | cluster.orchestration.io/cluster-id: cluster-002
15 | spec:
16 | deploymentId: 32e8a8e9-9f0a-4984-9ad7-98a39da9d246
17 | clusterId: cluster-004
18 | namespace: fleet-default
19 | status:
20 | apps:
21 | - name: test-app-2
22 | id: d-b321a235-48fb-5223-8fa2-d196caf5a420
--------------------------------------------------------------------------------
/app-interconnect/test/e2e/data/deployment-cluster/test-deployment-cluster-5.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 | ---
4 | apiVersion: app.edge-orchestrator.intel.com/v1beta1
5 | kind: DeploymentCluster
6 | metadata:
7 | name: test-deployment-cluster-5
8 | namespace: cluster-fleet-default-cluster-005
9 | labels:
10 | app.edge-orchestrator.intel.com/deployment-id: 32e8a8e9-9f0a-4984-9ad7-98a39da9d246
11 | app.edge-orchestrator.intel.com/deployment-namespace: fleet-default
12 | app.edge-orchestrator.intel.com/deployment-name: test-deployment
13 | app.edge-orchestrator.intel.com/network-name: test-network
14 | cluster.orchestration.io/cluster-id: cluster-002
15 | spec:
16 | deploymentId: 32e8a8e9-9f0a-4984-9ad7-98a39da9d246
17 | clusterId: cluster-005
18 | namespace: fleet-default
19 | status:
20 | apps:
21 | - name: test-app-1
22 | id: e-b321a235-48fb-5223-8fa2-d196caf5a420
--------------------------------------------------------------------------------
/app-interconnect/test/e2e/data/deployment/test-deployment.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 | ---
4 | apiVersion: app.edge-orchestrator.intel.com/v1beta1
5 | kind: Deployment
6 | metadata:
7 | name: test-deployment
8 | namespace: fleet-default
9 | labels:
10 | app.kubernetes.io/created-by: app-deployment-manager
11 | app.kubernetes.io/instance: deployment-g4smd
12 | app.kubernetes.io/managed-by: kustomize
13 | app.kubernetes.io/name: deployment
14 | app.kubernetes.io/part-of: app-deployment-manager
15 | spec:
16 | displayName: test-deployment
17 | project: test-project
18 | networkRef:
19 | name: test-network
20 | deploymentPackageRef:
21 | name: test-package
22 | version: 1.0.0
23 | applications: []
24 | deploymentType: targeted
--------------------------------------------------------------------------------
/app-interconnect/test/e2e/data/namespace/cluster-fleet-default-cluster-001-namespace.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 | ---
4 | apiVersion: v1
5 | kind: Namespace
6 | metadata:
7 | name: cluster-fleet-default-cluster-001
--------------------------------------------------------------------------------
/app-interconnect/test/e2e/data/namespace/cluster-fleet-default-cluster-002-namespace.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 | ---
4 | apiVersion: v1
5 | kind: Namespace
6 | metadata:
7 | name: cluster-fleet-default-cluster-002
--------------------------------------------------------------------------------
/app-interconnect/test/e2e/data/namespace/cluster-fleet-default-cluster-003-namespace.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 | ---
4 | apiVersion: v1
5 | kind: Namespace
6 | metadata:
7 | name: cluster-fleet-default-cluster-003
--------------------------------------------------------------------------------
/app-interconnect/test/e2e/data/namespace/cluster-fleet-default-cluster-004-namespace.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 | ---
4 | apiVersion: v1
5 | kind: Namespace
6 | metadata:
7 | name: cluster-fleet-default-cluster-004
--------------------------------------------------------------------------------
/app-interconnect/test/e2e/data/namespace/cluster-fleet-default-cluster-005-namespace.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 | ---
4 | apiVersion: v1
5 | kind: Namespace
6 | metadata:
7 | name: cluster-fleet-default-cluster-005
--------------------------------------------------------------------------------
/app-interconnect/test/e2e/data/namespace/fleet-default-namespace.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 | ---
4 | apiVersion: v1
5 | kind: Namespace
6 | metadata:
7 | name: fleet-default
--------------------------------------------------------------------------------
/app-interconnect/test/e2e/data/namespace/interconnect-namespace.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 | ---
4 | apiVersion: v1
5 | kind: Namespace
6 | metadata:
7 | name: interconnect
--------------------------------------------------------------------------------
/app-interconnect/test/e2e/data/namespace/test-namespace-1.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 | ---
4 | apiVersion: v1
5 | kind: Namespace
6 | metadata:
7 | name: test-namespace-1
--------------------------------------------------------------------------------
/app-interconnect/test/e2e/data/namespace/test-namespace-2.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 | ---
4 | apiVersion: v1
5 | kind: Namespace
6 | metadata:
7 | name: test-namespace-2
--------------------------------------------------------------------------------
/app-interconnect/test/e2e/data/service/test-service-cluster-1.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 | ---
4 | apiVersion: v1
5 | kind: Service
6 | metadata:
7 | name: test-service-1
8 | namespace: test-namespace-1
9 | annotations:
10 | meta.helm.sh/release-name: a-b321a235-48fb-5223-8fa2-d196caf5a420
11 | meta.helm.sh/release-namespace: east
12 | network.app.edge-orchestrator.intel.com/expose-service: "true"
13 | network.app.edge-orchestrator.intel.com/expose-port: "80"
14 | objectset.rio.cattle.io/id: default-a-b321a235-48fb-5223-8fa2-d196caf5a420
15 | labels:
16 | helm.sh/chart: skupper-hello-world-backend-0.1.0
17 | objectset.rio.cattle.io/hash: 728cfca556355f5052ebde2a165d7897bb8ee8e4
18 | spec:
19 | selector:
20 | app.edge-orchestrator.intel.com/name: test-app-1
21 | ports:
22 | - protocol: TCP
23 | port: 80
24 | targetPort: 80
--------------------------------------------------------------------------------
/app-interconnect/test/e2e/data/service/test-service-cluster-2.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 | ---
4 | apiVersion: v1
5 | kind: Service
6 | metadata:
7 | name: test-service-2
8 | namespace: test-namespace-2
9 | annotations:
10 | meta.helm.sh/release-name: b-b321a235-48fb-5223-8fa2-d196caf5a420
11 | meta.helm.sh/release-namespace: east
12 | network.app.edge-orchestrator.intel.com/expose-service: "true"
13 | network.app.edge-orchestrator.intel.com/expose-port: "80"
14 | objectset.rio.cattle.io/id: default-b-b321a235-48fb-5223-8fa2-d196caf5a420
15 | labels:
16 | helm.sh/chart: skupper-hello-world-backend-0.1.0
17 | objectset.rio.cattle.io/hash: 728cfca556355f5052ebde2a165d7897bb8ee8e4
18 | spec:
19 | selector:
20 | app.edge-orchestrator.intel.com/name: test-app-2
21 | ports:
22 | - protocol: TCP
23 | port: 80
24 | targetPort: 80
--------------------------------------------------------------------------------
/app-resource-manager/.chartver.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2022 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 | ---
4 | devCharts:
5 | - deployments/app-resource-manager
6 |
--------------------------------------------------------------------------------
/app-resource-manager/.gitignore:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | #
3 | # SPDX-License-Identifier: Apache-2.0
4 |
5 | # jetbrains
6 | /vendor/
7 | /build/_output/*
8 | kind.config.yaml
9 | /cover.out
10 | /coverage.xml
11 | /coverage.html
12 | bin
13 | internal/northbound/testdata/*
14 | venv-env
15 | vendor
16 | *.log
17 | workspace
18 |
19 | *.lock
20 | *.tgz
21 |
22 | testdata
23 | node_modules
24 | package-lock.json
25 | package.json
26 |
--------------------------------------------------------------------------------
/app-resource-manager/.golangci.yml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | #
3 | # SPDX-License-Identifier: Apache-2.0
4 |
5 | run:
6 | # Autogenerated files take too much time and memory to load,
7 | # even if we skip them with -skip-dirs or -skip-dirs;
8 | # or mark them as generated; or use nolint annotations.
9 | # So we define this tag and use it in the autogenerated files.
10 | build-tags:
11 | - codeanalysis
12 | # Do not run linters on unit-test files
13 | tests: false
14 |
15 | linters:
16 | enable:
17 | - gofmt
18 | - revive
19 | - misspell
20 | - typecheck
21 | - errcheck
22 | - dogsled
23 | - unconvert
24 | - nakedret
25 | - copyloopvar
26 | - gosec
27 |
28 | issues:
29 | exclude:
30 | - Error return value of `.*Close` is not checked
31 | - Error return value of `.*Flush` is not checked
32 |
--------------------------------------------------------------------------------
/app-resource-manager/.markdownlintignore:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2025 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | out/
5 | vendor/
6 | venv_app-resource-manager/
7 | node_modules/
8 |
--------------------------------------------------------------------------------
/app-resource-manager/.stylelintrc.json:
--------------------------------------------------------------------------------
1 | {
2 | "extends": "stylelint-config-standard",
3 | "rules": {
4 | "color-no-invalid-hex": true
5 | }
6 | }
7 |
--------------------------------------------------------------------------------
/app-resource-manager/REUSE.toml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2025 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 | version = 1
4 |
5 | [[annotations]]
6 | path = ["venv_app-resource-manager/**", "out/*", "**go.sum", ".tool-versions", "**.json", "VERSION", "api/buf.lock",
7 | "pkg/api/**.pb**.go", "api/spec/**", "api/nbi/v2/pkg/restClient/**", "artifacts/**",
8 | "artifacts/**", "internal/**/mocks/**",
9 | "api/nbi/v2/spec/**", "api/nbi/v2/resource/v2/**",
10 | "vnc-proxy-web-ui/rfb.js","vnc-proxy-web-ui/keycloak.min.js", ".htmllintrc"]
11 | precedence = "aggregate"
12 | SPDX-FileCopyrightText = "2025 Intel Corporation"
13 | SPDX-License-Identifier = "Apache-2.0"
14 |
--------------------------------------------------------------------------------
/app-resource-manager/VERSION:
--------------------------------------------------------------------------------
1 | 2.4.4
2 |
--------------------------------------------------------------------------------
/app-resource-manager/api/nbi/v2/go.mod:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 |
5 | module github.com/open-edge-platform/app-orch-deployment/app-resource-manager/api/nbi/v2
6 |
7 | go 1.23.0
8 |
9 | toolchain go1.24.1
10 |
11 | require (
12 | github.com/envoyproxy/protoc-gen-validate v1.0.4
13 | github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0
14 | github.com/oapi-codegen/runtime v1.1.1
15 | google.golang.org/genproto/googleapis/api v0.0.0-20240624140628-dc46fd24d27d
16 | google.golang.org/grpc v1.64.1
17 | google.golang.org/protobuf v1.34.2
18 | )
19 |
20 | require (
21 | github.com/apapsch/go-jsonmerge/v2 v2.0.0 // indirect
22 | github.com/google/uuid v1.6.0 // indirect
23 | golang.org/x/net v0.38.0 // indirect
24 | golang.org/x/sys v0.31.0 // indirect
25 | golang.org/x/text v0.23.0 // indirect
26 | google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4 // indirect
27 | )
28 |
--------------------------------------------------------------------------------
/app-resource-manager/api/spec/v2/openapi.yaml:
--------------------------------------------------------------------------------
1 | ../../nbi/v2/spec/v2/openapi.yaml
--------------------------------------------------------------------------------
/app-resource-manager/buf.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2025 Intel Corporation
2 | #
3 | # SPDX-License-Identifier: Apache-2.0
4 |
5 | version: v2
6 | modules:
7 | - path: api/nbi/v2
8 | deps:
9 | - buf.build/envoyproxy/protoc-gen-validate
10 | - buf.build/googleapis/googleapis
11 | lint:
12 | use:
13 | - STANDARD
14 | - ENUM_FIRST_VALUE_ZERO
15 | except:
16 | - FIELD_NOT_REQUIRED
17 | - PACKAGE_NO_IMPORT_CYCLE
18 | - ENUM_VALUE_PREFIX
19 | - ENUM_ZERO_VALUE_SUFFIX
20 | rpc_allow_google_protobuf_empty_responses: true
21 | disallow_comment_ignores: true
22 | breaking:
23 | use:
24 | - FILE
25 | except:
26 | - EXTENSION_NO_DELETE
27 | - FIELD_SAME_DEFAULT
28 |
--------------------------------------------------------------------------------
/app-resource-manager/cmd/app-resource-manager/main.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2022 Intel Corporation
2 | // SPDX-License-Identifier: Apache-2.0
3 |
4 | package main
5 |
6 | import (
7 | "flag"
8 | "github.com/open-edge-platform/app-orch-deployment/app-resource-manager/internal/manager"
9 | _ "github.com/open-edge-platform/orch-library/go/dazl/zap"
10 | )
11 |
12 | // The main entry point
13 | func main() {
14 | caPath := flag.String("caPath", "", "path to CA certificate")
15 | keyPath := flag.String("keyPath", "", "path to client private key")
16 | certPath := flag.String("certPath", "", "path to client certificate")
17 | configPath := flag.String("configPath", "/opt/app-resource-manager/config.yaml", "path to config file")
18 | flag.Parse()
19 |
20 | ready := make(chan bool)
21 | cfg := manager.Config{
22 | CAPath: *caPath,
23 | KeyPath: *keyPath,
24 | CertPath: *certPath,
25 | GRPCPort: 8080,
26 | WSPort: 5900,
27 | ConfigPath: *configPath,
28 | }
29 |
30 | mgr := manager.NewManager(cfg)
31 | mgr.Run()
32 | <-ready
33 | }
34 |
--------------------------------------------------------------------------------
/app-resource-manager/cmd/rest-proxy/rest-proxy.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2022 Intel Corporation
2 | // SPDX-License-Identifier: Apache-2.0
3 |
4 | package main
5 |
6 | import (
7 | "flag"
8 | "github.com/open-edge-platform/app-orch-deployment/app-resource-manager/internal/restproxy"
9 | "github.com/open-edge-platform/orch-library/go/dazl"
10 | _ "github.com/open-edge-platform/orch-library/go/dazl/zap"
11 | )
12 |
13 | var log = dazl.GetPackageLogger()
14 |
15 | func main() {
16 | allowedCorsOrigins := flag.String(
17 | "allowedCorsOrigins",
18 | "",
19 | "Comma separated list of allowed CORS origins",
20 | )
21 | basePath := flag.String(
22 | "basePath",
23 | "",
24 | "The rest server base Path",
25 | )
26 | restPort := flag.Int(
27 | "rest-port",
28 | 8081,
29 | "port that REST service runs on",
30 | )
31 | grpcEndpoint := flag.String(
32 | "grpc-endpoint",
33 | "localhost:8080",
34 | "The endpoint of the gRPC server",
35 | )
36 |
37 | flag.Parse()
38 | err := restproxy.Run(*restPort, *grpcEndpoint, *basePath, *allowedCorsOrigins, "/usr/local/etc/v2/openapi.yaml")
39 | if err != nil {
40 | log.Fatal(err)
41 | }
42 | }
43 |
--------------------------------------------------------------------------------
/app-resource-manager/cmd/vnc-proxy/main.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | // SPDX-License-Identifier: Apache-2.0
3 |
4 | package main
5 |
6 | import (
7 | "flag"
8 | "github.com/open-edge-platform/app-orch-deployment/app-resource-manager/internal/vncproxy"
9 | _ "github.com/open-edge-platform/orch-library/go/dazl/zap"
10 | )
11 |
12 | const webFileDir = "/usr/local/html/vnc-proxy-web-ui"
13 |
14 | func main() {
15 | configPath := flag.String("configPath", "/opt/vnc-proxy/config.yaml", "path to config file")
16 | flag.Parse()
17 |
18 | ready := make(chan bool)
19 | cfg := vncproxy.Config{
20 | WSPort: 5900,
21 | ConfigPath: *configPath,
22 | FileBase: webFileDir,
23 | }
24 |
25 | mgr := vncproxy.NewManager(cfg)
26 | mgr.Run()
27 | <-ready
28 | }
29 |
--------------------------------------------------------------------------------
/app-resource-manager/deployments/app-resource-manager/.helmignore:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2022 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | # Patterns to ignore when building packages.
5 | # This supports shell glob matching, relative path matching, and
6 | # negation (prefixed with !). Only one pattern per line.
7 | .DS_Store
8 | # Common VCS dirs
9 | .git/
10 | .gitignore
11 | .bzr/
12 | .bzrignore
13 | .hg/
14 | .hgignore
15 | .svn/
16 | # Common backup files
17 | *.swp
18 | *.bak
19 | *.tmp
20 | *.orig
21 | *~
22 | # Various IDEs
23 | .project
24 | .idea/
25 | *.tmproj
26 | .vscode/
27 |
28 | *.license
29 |
--------------------------------------------------------------------------------
/app-resource-manager/deployments/app-resource-manager/Chart.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2022 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 | apiVersion: v2
4 | name: app-resource-manager
5 | description: A Helm chart for Kubernetes
6 | # A chart can be either an 'application' or a 'library' chart.
7 | #
8 | # Application charts are a collection of templates that can be packaged into versioned archives
9 | # to be deployed.
10 | #
11 | # Library charts provide useful utilities or functions for the chart developer. They're included as
12 | # a dependency of application charts to inject those utilities and functions into the rendering
13 | # pipeline. Library charts do not define any templates and therefore cannot be deployed.
14 | type: application
15 | # This is the chart version. This version number should be incremented each time you make changes
16 | # to the chart and its templates, including the app version.
17 | # Versions are expected to follow Semantic Versioning (https://semver.org/)
18 |
19 | version: 2.4.4
20 | # Default appVersion will be overwritten by the build to use {repo}/VERSION. This
21 | # value is supplied only to enable local unbuilt deployment of default released
22 | # content.
23 | appVersion: 2.4.4
24 | annotations:
25 | revision: "30701f0"
26 | created: "2025-05-06T21:49:13Z"
27 |
--------------------------------------------------------------------------------
/app-resource-manager/deployments/app-resource-manager/files/grafana/app-resource-manager-dashboard.json:
--------------------------------------------------------------------------------
1 | ../../../../grafana/app-resource-manager-dashboard.json
--------------------------------------------------------------------------------
/app-resource-manager/deployments/app-resource-manager/files/openpolicyagent/v2/common.rego:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2022 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | package resourcev2
5 |
6 | import future.keywords.in
7 |
8 | hasReadAccess if {
9 | projectRole := sprintf("%s_ao-rw", [input.metadata.activeprojectid[0]])
10 | some role in input.metadata["realm_access/roles"] # iteration
11 | [projectRole][_] == role
12 | }
13 |
14 | hasWriteAccess if {
15 | projectRole := sprintf("%s_ao-rw", [input.metadata.activeprojectid[0]])
16 | some role in input.metadata["realm_access/roles"] # iteration
17 | [projectRole][_] == role
18 | }
19 |
20 | hasVMConsoleAccess if {
21 | projectRole := sprintf("%s_ao-rw", [input.metadata.activeprojectid[0]])
22 | some role in input.metadata["realm_access/roles"] # iteration
23 | [projectRole][_] == role
24 | }
25 |
26 | hasReadAccess if {
27 | projectRole := "ao-m2m-rw"
28 | some role in input.metadata["realm_access/roles"] # iteration
29 | [projectRole][_] == role
30 | }
31 |
32 | hasWriteAccess if {
33 | projectRole := "ao-m2m-rw"
34 | some role in input.metadata["realm_access/roles"] # iteration
35 | [projectRole][_] == role
36 | }
37 |
38 | hasVMConsoleAccess if {
39 | projectRole := "ao-m2m-rw"
40 | some role in input.metadata["realm_access/roles"] # iteration
41 | [projectRole][_] == role
42 | }
--------------------------------------------------------------------------------
/app-resource-manager/deployments/app-resource-manager/files/openpolicyagent/v2/delete_pod_endpoint.rego:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2022 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | package resourcev2
5 |
6 | DeletePodRequest if {
7 | hasWriteAccess
8 | }
9 |
--------------------------------------------------------------------------------
/app-resource-manager/deployments/app-resource-manager/files/openpolicyagent/v2/delete_pod_endpoint_test.rego:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2022 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | package resourcev2
5 |
6 | test_delete_pod_write_role if {
7 | DeletePodRequest with input as {
8 | "request": {
9 | "app_id": "testapp",
10 | "cluster_id": "testcluester",
11 | "pod_name": "testpod",
12 | },
13 | "metadata": {
14 | "client": ["catalog-cli"],
15 | "realm_access/roles": [
16 | "default-roles-master",
17 | "offline_access",
18 | "ao-m2m-rw",
19 | "uma_authorization",
20 | ],
21 | },
22 | }
23 | }
24 |
25 | test_not_allow_delete_pod_read_role if {
26 | not DeletePodRequest with input as {
27 | "request": {
28 | "app_id": "testapp",
29 | "cluster_id": "testcluester",
30 | "pod_name": "testpod",
31 | },
32 | "metadata": {
33 | "client": ["catalog-cli"],
34 | "realm_access/roles": [
35 | "default-roles-master",
36 | "offline_access",
37 | "uma_authorization",
38 | ],
39 | },
40 | }
41 | }
42 |
--------------------------------------------------------------------------------
/app-resource-manager/deployments/app-resource-manager/files/openpolicyagent/v2/get_vnc_endpoint.rego:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2022 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | package resourcev2
5 |
6 | GetVNCRequest if {
7 | hasVMConsoleAccess
8 | }
9 |
--------------------------------------------------------------------------------
/app-resource-manager/deployments/app-resource-manager/files/openpolicyagent/v2/list_app_workloads_endpoint.rego:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2022 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | package resourcev2
5 |
6 | ListAppWorkloadsRequest if {
7 | hasReadAccess
8 | }
9 |
--------------------------------------------------------------------------------
/app-resource-manager/deployments/app-resource-manager/files/openpolicyagent/v2/list_app_workloads_endpoint_test.rego:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2022 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | package resourcev2
5 |
6 | test_allow_list_workloads_read_role if {
7 | ListAppWorkloadsRequest with input as {
8 | "request": {
9 | "app_id": "testapp",
10 | "cluster_id": "testcluester",
11 | },
12 | "metadata": {
13 | "client": ["catalog-cli"],
14 | "realm_access/roles": [
15 | "default-roles-master",
16 | "offline_access",
17 | "ao-m2m-rw",
18 | "uma_authorization",
19 | ],
20 | },
21 | }
22 | }
23 |
24 | test_not_allow_list_workloads_write_role if {
25 | not ListAppWorkloadsRequest with input as {
26 | "request": {
27 | "app_id": "testapp",
28 | "cluster_id": "testcluester",
29 | },
30 | "metadata": {
31 | "client": ["catalog-cli"],
32 | "realm_access/roles": [
33 | "default-roles-master",
34 | "offline_access",
35 | "uma_authorization",
36 | ],
37 | },
38 | }
39 | }
40 |
--------------------------------------------------------------------------------
/app-resource-manager/deployments/app-resource-manager/files/openpolicyagent/v2/list_endpoints.rego:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2022 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | package resourcev2
5 |
6 | ListAppEndpointsRequest if {
7 | hasReadAccess
8 | }
9 |
--------------------------------------------------------------------------------
/app-resource-manager/deployments/app-resource-manager/files/openpolicyagent/v2/list_endpoints_test.rego:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2022 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | package resourcev2
5 |
6 | test_allow_list_endpoints_read_role if {
7 | ListAppEndpointsRequest with input as {
8 | "request": {
9 | "app_id": "testapp",
10 | "cluster_id": "testcluester",
11 | },
12 | "metadata": {
13 | "client": ["catalog-cli"],
14 | "realm_access/roles": [
15 | "default-roles-master",
16 | "offline_access",
17 | "ao-m2m-rw",
18 | "uma_authorization",
19 | ],
20 | },
21 | }
22 | }
23 |
24 | test_not_allow_list_endpoints_write_role if {
25 | not ListAppEndpointsRequest with input as {
26 | "request": {
27 | "app_id": "testapp",
28 | "cluster_id": "testcluester",
29 | },
30 | "metadata": {
31 | "client": ["catalog-cli"],
32 | "realm_access/roles": [
33 | "default-roles-master",
34 | "offline_access",
35 | "uma_authorization",
36 | ],
37 | },
38 | }
39 | }
40 |
--------------------------------------------------------------------------------
/app-resource-manager/deployments/app-resource-manager/files/openpolicyagent/v2/restart_vm_endpoint.rego:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2022 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | package resourcev2
5 |
6 | RestartVirtualMachineRequest if {
7 | hasWriteAccess
8 | }
9 |
--------------------------------------------------------------------------------
/app-resource-manager/deployments/app-resource-manager/files/openpolicyagent/v2/restart_vm_endpoint_test.rego:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2022 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | package resourcev2
5 |
6 | test_not_allow_restart_vm_read_role if {
7 | not RestartVirtualMachineRequest with input as {
8 | "request": {
9 | "app_id": "testapp",
10 | "cluster_id": "testcluester",
11 | "virtual_machine_id": "5d0cef5c-9981-4987-a67e-3e207783218b",
12 | },
13 | "metadata": {
14 | "client": ["catalog-cli"],
15 | "realm_access/roles": [
16 | "default-roles-master",
17 | "offline_access",
18 | "uma_authorization",
19 | ],
20 | },
21 | }
22 | }
23 |
24 | test_restart_vm_read_write_role if {
25 | RestartVirtualMachineRequest with input as {
26 | "request": {
27 | "app_id": "testapp",
28 | "cluster_id": "testcluester",
29 | "virtual_machine_id": "5d0cef5c-9981-4987-a67e-3e207783218b",
30 | },
31 | "metadata": {
32 | "client": ["catalog-cli"],
33 | "realm_access/roles": [
34 | "default-roles-master",
35 | "offline_access",
36 | "ao-m2m-rw",
37 | "uma_authorization",
38 | ],
39 | },
40 | }
41 | }
42 |
--------------------------------------------------------------------------------
/app-resource-manager/deployments/app-resource-manager/files/openpolicyagent/v2/start_vm_endpoint.rego:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2022 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | package resourcev2
5 |
6 | StartVirtualMachineRequest if {
7 | hasWriteAccess
8 | }
9 |
--------------------------------------------------------------------------------
/app-resource-manager/deployments/app-resource-manager/files/openpolicyagent/v2/start_vm_endpoint_test.rego:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2022 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | package resourcev2
5 |
6 | test_not_allow_start_vm_read_role if {
7 | not StartVirtualMachineRequest with input as {
8 | "request": {
9 | "app_id": "testapp",
10 | "cluster_id": "testcluester",
11 | "virtual_machine_id": "5d0cef5c-9981-4987-a67e-3e207783218b",
12 | },
13 | "metadata": {
14 | "client": ["catalog-cli"],
15 | "realm_access/roles": [
16 | "default-roles-master",
17 | "offline_access",
18 | "uma_authorization",
19 | ],
20 | },
21 | }
22 | }
23 |
24 | test_start_vm_write_role if {
25 | StartVirtualMachineRequest with input as {
26 | "request": {
27 | "app_id": "testapp",
28 | "cluster_id": "testcluester",
29 | "virtual_machine_id": "5d0cef5c-9981-4987-a67e-3e207783218b",
30 | },
31 | "metadata": {
32 | "client": ["catalog-cli"],
33 | "realm_access/roles": [
34 | "default-roles-master",
35 | "offline_access",
36 | "ao-m2m-rw",
37 | "uma_authorization",
38 | ],
39 | },
40 | }
41 | }
42 |
--------------------------------------------------------------------------------
/app-resource-manager/deployments/app-resource-manager/files/openpolicyagent/v2/stop_vm_endpoint.rego:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2022 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | package resourcev2
5 |
6 | StopVirtualMachineRequest if {
7 | hasWriteAccess
8 | }
9 |
--------------------------------------------------------------------------------
/app-resource-manager/deployments/app-resource-manager/files/openpolicyagent/v2/stop_vm_endpoint_test.rego:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2022 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | package resourcev2
5 |
6 | test_not_allow_stop_vm_read_role if {
7 | not StopVirtualMachineRequest with input as {
8 | "request": {
9 | "app_id": "testapp",
10 | "cluster_id": "testcluester",
11 | "virtual_machine_id": "5d0cef5c-9981-4987-a67e-3e207783218b",
12 | },
13 | "metadata": {
14 | "client": ["catalog-cli"],
15 | "realm_access/roles": [
16 | "default-roles-master",
17 | "offline_access",
18 | "uma_authorization",
19 | ],
20 | },
21 | }
22 | }
23 |
24 | test_stop_vm_write_role if {
25 | StopVirtualMachineRequest with input as {
26 | "request": {
27 | "app_id": "testapp",
28 | "cluster_id": "testcluester",
29 | "virtual_machine_id": "5d0cef5c-9981-4987-a67e-3e207783218b",
30 | },
31 | "metadata": {
32 | "client": ["catalog-cli"],
33 | "realm_access/roles": [
34 | "default-roles-master",
35 | "offline_access",
36 | "ao-m2m-rw",
37 | "uma_authorization",
38 | ],
39 | },
40 | }
41 | }
42 |
--------------------------------------------------------------------------------
/app-resource-manager/deployments/app-resource-manager/templates/NOTES.txt:
--------------------------------------------------------------------------------
1 | App Resource Manager Service
2 | ---
3 |
4 | App Resource Manager microservice enables users to control and access
5 | different kind of resources including VMs, containers, etc using API.
6 |
7 | ---
8 | revision: {{ .Chart.Annotations.revision }}
9 | created: {{ .Chart.Annotations.created }}
10 |
--------------------------------------------------------------------------------
/app-resource-manager/deployments/app-resource-manager/templates/NOTES.txt.license:
--------------------------------------------------------------------------------
1 | SPDX-License-Identifier: Apache-2.0
2 | Copyright (C) 2023 Intel Corporation
3 |
--------------------------------------------------------------------------------
/app-resource-manager/deployments/app-resource-manager/templates/configmap.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2022 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 | ---
4 | apiVersion: v1
5 | kind: ConfigMap
6 | metadata:
7 | name: {{ include "app-resource-manager.fullname" . }}
8 | labels:
9 | {{- include "app-resource-manager.labels" . | nindent 4 }}
10 | data:
11 | config.yaml: |-
12 | {{ toYaml .Values.config | indent 4}}
13 | logging.yaml: |-
14 | {{ toYaml .Values.logging | indent 4 }}
15 |
16 | ---
17 |
18 | {{ if .Values.openpolicyagent.enabled }}
19 | apiVersion: v1
20 | kind: ConfigMap
21 | metadata:
22 | name: {{ template "app-resource-manager.fullname" . }}-opa-rego-v2
23 | labels:
24 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
25 | release: "{{ .Release.Name }}"
26 | heritage: "{{ .Release.Service }}"
27 | data:
28 | {{ (.Files.Glob "files/openpolicyagent/v2/*.rego").AsConfig | indent 2 }}
29 | {{- end}}
30 |
31 | ---
32 | apiVersion: v1
33 | kind: ConfigMap
34 | metadata:
35 | name: {{ include "app-resource-manager.fullname" . }}-dashboard
36 | labels:
37 | grafana_admin_dashboard: "1"
38 | {{- include "app-resource-manager.labels" . | nindent 4 }}
39 | annotations:
40 | grafana_folder: "Orchestrator"
41 | data:
42 | {{ (.Files.Glob "files/grafana/*.json").AsConfig | indent 2 }}
43 |
--------------------------------------------------------------------------------
/app-resource-manager/deployments/app-resource-manager/templates/serviceaccount.yaml:
--------------------------------------------------------------------------------
1 | # yamllint disable-file
2 | # SPDX-FileCopyrightText: (C) 2024 Intel Corporation
3 | #
4 | # SPDX-License-Identifier: Apache-2.0
5 | ---
6 | {{- if .Values.serviceAccount.create }}
7 | apiVersion: v1
8 | kind: ServiceAccount
9 | metadata:
10 | name: {{ template "app-resource-manager.serviceAccountName" . }}
11 | labels:
12 | {{- include "app-resource-manager.labels" . | nindent 4 }}
13 | {{- end }}
14 |
--------------------------------------------------------------------------------
/app-resource-manager/deployments/app-resource-manager/templates/tests/test-connection.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2022 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | apiVersion: v1
5 | kind: Pod
6 | metadata:
7 | name: "{{ include "app-resource-manager.fullname" . }}-test-connection"
8 | labels:
9 | {{- include "app-resource-manager.labels" . | nindent 4 }}
10 | annotations:
11 | "helm.sh/hook": test
12 | spec:
13 | containers:
14 | - name: wget
15 | image: busybox:1.36.0
16 | command: ['wget']
17 | args: ['{{ include "app-resource-manager.fullname" . }}:{{ .Values.service.port }}']
18 | restartPolicy: Never
19 |
--------------------------------------------------------------------------------
/app-resource-manager/internal/kubevirt/vnc_test.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2022 Intel Corporation
2 | // SPDX-License-Identifier: Apache-2.0
3 |
4 | package kubevirt
5 |
6 | import (
7 | "github.com/stretchr/testify/assert"
8 | "testing"
9 | )
10 |
11 | const (
12 | testVNCPath = "/vnc/projectID1/appID1/cluster1/vm1"
13 | )
14 |
15 | func TestNewVNCPath(t *testing.T) {
16 | p, err := newVNCPath(testVNCPath)
17 | assert.NoError(t, err)
18 | assert.NotNil(t, p)
19 | }
20 |
21 | func TestNewVNCPath_WrongPath(t *testing.T) {
22 | p, err := newVNCPath("")
23 | assert.Error(t, err)
24 | assert.Nil(t, p)
25 | }
26 |
--------------------------------------------------------------------------------
/app-resource-manager/internal/model/sb_vm_state.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | // SPDX-License-Identifier: Apache-2.0
3 |
4 | package model
5 |
6 | // VMState defines the VM state
7 | type VMState int
8 |
9 | const (
10 | // VMStateUnknown indicates the VM state unknown
11 | VMStateUnknown VMState = iota
12 | // VMStateStart indicates the VM state start
13 | VMStateStart
14 | // VMStateStop indicates the VM state stop
15 | VMStateStop
16 | // VMStateRestart indicates the VM state restart
17 | VMStateRestart
18 | )
19 |
20 | // String returns the VM state in string format
21 | func (v VMState) String() string {
22 | return [...]string{"Unknown", "Start", "Stop", "Restart"}[v]
23 | }
24 |
--------------------------------------------------------------------------------
/app-resource-manager/internal/model/sb_vm_state_test.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2022 Intel Corporation
2 | // SPDX-License-Identifier: Apache-2.0
3 |
4 | package model
5 |
6 | import (
7 | "github.com/stretchr/testify/assert"
8 | "testing"
9 | )
10 |
11 | func TestVMState_String(t *testing.T) {
12 | stateUnknown := VMStateUnknown
13 | assert.Equal(t, "Unknown", stateUnknown.String())
14 | stateStart := VMStateStart
15 | assert.Equal(t, "Start", stateStart.String())
16 | stateStop := VMStateStop
17 | assert.Equal(t, "Stop", stateStop.String())
18 | stateRestart := VMStateRestart
19 | assert.Equal(t, "Restart", stateRestart.String())
20 | }
21 |
--------------------------------------------------------------------------------
/app-resource-manager/internal/northbound/services/v2/resource/utils.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2022 Intel Corporation
2 | // SPDX-License-Identifier: Apache-2.0
3 |
4 | package resource
5 |
6 | import (
7 | "context"
8 | "github.com/open-edge-platform/orch-library/go/dazl"
9 | "google.golang.org/grpc/metadata"
10 | "strings"
11 | )
12 |
13 | func logActivity(ctx context.Context, verb string, thing string, args ...string) {
14 | md, ok := metadata.FromIncomingContext(ctx)
15 | if ok && len(md.Get("name")) > 0 {
16 | log.Infow("User", dazl.Strings("name", md.Get("name")),
17 | dazl.String("verb", verb),
18 | dazl.String("thing", thing),
19 | dazl.String("args", strings.Join(args, "/")))
20 | } else {
21 | log.Infow("User", dazl.Strings("client", md.Get("client")),
22 | dazl.String("verb", verb),
23 | dazl.String("thing", thing),
24 | dazl.String("args", strings.Join(args, "/")))
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/app-resource-manager/internal/utils/env/utils.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2022 Intel Corporation
2 | // SPDX-License-Identifier: Apache-2.0
3 |
4 | package env
5 |
6 | import (
7 | "os"
8 | "strconv"
9 | )
10 |
11 | const (
12 | msgSizeLimit = "MSG_SIZE_LIMIT"
13 | )
14 |
15 | // GetMessageSizeLimit gets message size limit
16 | func GetMessageSizeLimit() (int64, error) {
17 | msgSizeLimitStr := os.Getenv(msgSizeLimit)
18 | msgSizeLimit, err := strconv.ParseInt(msgSizeLimitStr, 10, 64)
19 | if err != nil {
20 | return 0, err
21 | }
22 | msgSizeLimitBytes := msgSizeLimit * 1024 * 1024
23 | return msgSizeLimitBytes, nil
24 | }
25 |
--------------------------------------------------------------------------------
/app-resource-manager/internal/utils/env/utils_test.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2022 Intel Corporation
2 | // SPDX-License-Identifier: Apache-2.0
3 |
4 | package env
5 |
6 | import (
7 | "github.com/stretchr/testify/assert"
8 | "os"
9 | "testing"
10 | )
11 |
12 | func TestGetMessageSizeLimit(t *testing.T) {
13 | tests := []struct {
14 | name string
15 | envVar string
16 | expectedSize int64
17 | expectingErr bool
18 | }{
19 | {
20 | name: "normal case",
21 | envVar: "2",
22 | expectedSize: 2097152,
23 | expectingErr: false,
24 | },
25 | {
26 | name: "no env var",
27 | envVar: "",
28 | expectedSize: 0,
29 | expectingErr: true,
30 | },
31 | }
32 |
33 | for _, tt := range tests {
34 | t.Run(tt.name, func(t *testing.T) {
35 | err := os.Setenv(msgSizeLimit, tt.envVar)
36 | assert.NoError(t, err)
37 |
38 | size, err := GetMessageSizeLimit()
39 |
40 | if tt.expectingErr {
41 | assert.Error(t, err)
42 | } else {
43 | assert.NoError(t, err)
44 | assert.Equal(t, tt.expectedSize, size)
45 | }
46 |
47 | err = os.Unsetenv(msgSizeLimit)
48 | assert.NoError(t, err)
49 | })
50 | }
51 | }
52 |
--------------------------------------------------------------------------------
/app-resource-manager/internal/utils/ratelimiter/util.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2022 Intel Corporation
2 | // SPDX-License-Identifier: Apache-2.0
3 |
4 | package ratelimiter
5 |
6 | import (
7 | "os"
8 | "strconv"
9 | )
10 |
11 | const (
12 | rateLimiterQPS = "RATE_LIMITER_QPS"
13 | rateLimiterBurst = "RATE_LIMITER_BURST"
14 | )
15 |
16 | func GetRateLimiterParams() (float64, int64, error) {
17 | qps := os.Getenv(rateLimiterQPS)
18 | qpsValue, err := strconv.ParseFloat(qps, 32)
19 | if err != nil {
20 | return 0, 0, err
21 | }
22 | burst := os.Getenv(rateLimiterBurst)
23 | burstValue, err := strconv.ParseInt(burst, 10, 32)
24 | if err != nil {
25 | return 0, 0, err
26 | }
27 | return qpsValue, burstValue, nil
28 | }
29 |
--------------------------------------------------------------------------------
/app-resource-manager/internal/utils/ratelimiter/util_test.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2022 Intel Corporation
2 | // SPDX-License-Identifier: Apache-2.0
3 |
4 | package ratelimiter
5 |
6 | import (
7 | "github.com/stretchr/testify/assert"
8 | "os"
9 | "testing"
10 | )
11 |
12 | func TestGetRateLimiterParams(t *testing.T) {
13 | err := os.Setenv(rateLimiterQPS, "20")
14 | assert.NoError(t, err)
15 | err = os.Setenv(rateLimiterBurst, "300")
16 | assert.NoError(t, err)
17 | qps, burst, err := GetRateLimiterParams()
18 | assert.NoError(t, err)
19 |
20 | assert.Equal(t, float64(20), qps)
21 | assert.Equal(t, float64(300), float64(burst))
22 |
23 | }
24 |
25 | func TestGetRateLimiterParamsQpsError(t *testing.T) {
26 | err := os.Setenv(rateLimiterQPS, "test-error")
27 | assert.NoError(t, err)
28 |
29 | qps, burst, err := GetRateLimiterParams()
30 | assert.Error(t, err)
31 | assert.Equal(t, 0, int(qps))
32 | assert.Equal(t, 0, int(burst))
33 |
34 | }
35 |
36 | func TestGetRateLimiterParamsBurstParamError(t *testing.T) {
37 | err := os.Setenv(rateLimiterQPS, "20")
38 | assert.NoError(t, err)
39 | err = os.Setenv(rateLimiterBurst, "test-error")
40 | assert.NoError(t, err)
41 | qps, burst, err := GetRateLimiterParams()
42 | assert.Error(t, err)
43 | assert.Equal(t, 0, int(qps))
44 | assert.Equal(t, 0, int(burst))
45 |
46 | }
47 |
--------------------------------------------------------------------------------
/app-resource-manager/requirements.txt:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | #
3 | # SPDX-License-Identifier: Apache-2.0
4 |
5 | # license checking
6 | python-debian==0.1.44
7 | reuse~=5.0.0
8 |
9 | # lint yaml
10 | yamllint~=1.35.1
--------------------------------------------------------------------------------
/app-resource-manager/test/configs/arm_config.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2022 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | webSocketServer:
5 | protocol: "wss"
6 | hostName: "vnc.kind.internal"
7 | sessionLimitPerIP: 0
8 | sessionLimitPerAccount: 0
9 | readLimitByte: 0
10 | dlIdleTimeoutMin: 0
11 | ulIdleTimeoutMin: 0
12 | allowedOrigins:
13 | - https://vnc.kind.internal
14 |
--------------------------------------------------------------------------------
/app-resource-manager/test/configs/invalid_config.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2022 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | edgeClusterManager:
5 | # missing endpoint is an invalid config
6 | # endpoint: "http://localhost:8080" # for test
7 |
--------------------------------------------------------------------------------
/app-resource-manager/vnc-proxy-web-ui/vnc-proxy-index.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 | Edge Node VNC Proxy
10 |
11 |
12 |
13 |
14 |
15 |
Loading
16 |
Send CtrlAltDel
17 |
19 |
20 |
21 |
22 |
23 |
24 |
--------------------------------------------------------------------------------
/app-resource-manager/vnc-proxy-web-ui/vnc-proxy-styles.css:
--------------------------------------------------------------------------------
1 | /* SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | *SPDX-License-Identifier: Apache-2.0
3 | */
4 |
5 | body {
6 | margin: 0;
7 | background-color: dimgrey;
8 | height: 100%;
9 | display: flex;
10 | flex-direction: column;
11 | }
12 |
13 | html {
14 | height: 100%;
15 | }
16 |
17 | #top-bar {
18 | background-color: #6e84a3;
19 | color: white;
20 | font-family: Helvetica, Arial, Verdana, Tahoma, sans-serif;
21 | font-size: 12px;
22 | padding: 6px 5px 4px;
23 | border-bottom: 1px outset;
24 | }
25 |
26 | #status {
27 | text-align: center;
28 | }
29 |
30 | #send-ctrl-alt-del-button {
31 | position: fixed;
32 | top: 0;
33 | right: 0;
34 | border: 1px outset;
35 | padding: 5px 5px 4px;
36 | cursor: pointer;
37 | }
38 |
39 | #screen {
40 | flex: 1; /* fill remaining space */
41 | overflow: hidden;
42 | }
43 |
--------------------------------------------------------------------------------
/app-service-proxy/.gitignore:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | #
3 | # SPDX-License-Identifier: Apache-2.0
4 |
5 | # jetbrains
6 | /vendor/
7 | /build/out/*
8 | /build/_output/*
9 | kind.config.yaml
10 | /cover.out
11 | /coverage.xml
12 | /coverage.html
13 | bin
14 | internal/northbound/testdata/*
15 | venv_app-service-proxy
16 | vendor
17 | *.log
18 | workspace
19 |
20 | *.lock
21 | *.tgz
22 |
23 | node_modules
24 | package-lock.json
25 | package.json
26 | testdata
27 |
--------------------------------------------------------------------------------
/app-service-proxy/.golangci.yml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | #
3 | # SPDX-License-Identifier: Apache-2.0
4 |
5 | run:
6 | # Autogenerated files take too much time and memory to load,
7 | # even if we skip them with -skip-dirs or -skip-dirs;
8 | # or mark them as generated; or use nolint annotations.
9 | # So we define this tag and use it in the autogenerated files.
10 | build-tags:
11 | - codeanalysis
12 | # Do not run linters on unit-test files
13 | tests: false
14 |
15 | linters:
16 | enable:
17 | - gofmt
18 | - revive
19 | - misspell
20 | - typecheck
21 | - errcheck
22 | - dogsled
23 | - unconvert
24 | - nakedret
25 | - copyloopvar
26 | - gosec
27 |
28 | issues:
29 | exclude:
30 | - Error return value of `.*Close` is not checked
31 | - Error return value of `.*Flush` is not checked
32 |
--------------------------------------------------------------------------------
/app-service-proxy/.markdownlintignore:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2025 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | out/
5 | vendor/
6 | venv_app-service-proxy/
7 | node_modules/
8 |
--------------------------------------------------------------------------------
/app-service-proxy/.stylelintrc.json:
--------------------------------------------------------------------------------
1 | {
2 | "extends": "stylelint-config-standard",
3 | "rules": {
4 | "color-no-invalid-hex": true
5 | }
6 | }
7 |
--------------------------------------------------------------------------------
/app-service-proxy/PROJECT:
--------------------------------------------------------------------------------
1 | # Code generated by tool. DO NOT EDIT.
2 | # This file is used to track the info used to scaffold your project
3 | # and allow the plugins properly work.
4 | # More info: https://book.kubebuilder.io/reference/project-config.html
5 | domain: orchestrator.io
6 | layout:
7 | - go.kubebuilder.io/v4
8 | plugins:
9 | manifests.sdk.operatorframework.io/v2: {}
10 | scorecard.sdk.operatorframework.io/v2: {}
11 | projectName: service-proxy
12 | repo: github.com/open-edge-platform/app-orch-deployment/app-service-proxy
13 | resources:
14 | - controller: true
15 | domain: orchestrator.io
16 | group: app
17 | kind: Cluster
18 | version: v1beta1
19 | version: "3"
20 |
--------------------------------------------------------------------------------
/app-service-proxy/REUSE.toml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2025 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 | version = 1
4 |
5 | [[annotations]]
6 | path = [
7 | "venv_app-service-proxy/**", "out/*", "**go.sum", ".tool-versions", "**.json", "VERSION", "api/buf.lock",
8 | "pkg/api/**.pb**.go", "api/spec/**", "api/nbi/v2/pkg/restClient/**", "artifacts/**", "internal/southbound/mocks/**",
9 | "artifacts/**", "BDBA/**", "internal/kubernetes/mocks/**", "internal/kubevirt/mocks/**", "internal/wsproxy/mocks/**",
10 | "internal/adm/mocks/**", "api/nbi/v2/spec/**", "api/nbi/v2/resource/v2/**", "PROJECT", ".htmllintrc",
11 | "web-login/*.js"
12 | ]
13 | precedence = "aggregate"
14 | SPDX-FileCopyrightText = "2024 Intel Corporation"
15 | SPDX-License-Identifier = "Apache-2.0"
16 |
17 | [[annotations]]
18 | path = ["config/**", "README.md", "venv_app-service-proxy/**"]
19 | precedence = "override"
20 | SPDX-FileCopyrightText = "2024 Intel Corporation"
21 | SPDX-License-Identifier = "Apache-2.0"
22 |
--------------------------------------------------------------------------------
/app-service-proxy/VERSION:
--------------------------------------------------------------------------------
1 | 1.4.4
2 |
--------------------------------------------------------------------------------
/app-service-proxy/deployments/app-service-proxy/.helmignore:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | #
3 | # SPDX-License-Identifier: Apache-2.0
4 |
5 | # Patterns to ignore when building packages.
6 | # This supports shell glob matching, relative path matching, and
7 | # negation (prefixed with !). Only one pattern per line.
8 | .DS_Store
9 |
10 | # Common VCS dirs
11 | .git/
12 | .gitignore
13 | .bzr/
14 | .bzrignore
15 | .hg/
16 | .hgignore
17 | .svn/
18 |
19 | # Common backup files
20 | *.swp
21 | *.bak
22 | *.tmp
23 | *~
24 |
25 | # Various IDEs
26 | .project
27 | .idea/
28 | *.tmproj
29 |
--------------------------------------------------------------------------------
/app-service-proxy/deployments/app-service-proxy/Chart.yaml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | #
3 | # SPDX-License-Identifier: Apache-2.0
4 | ---
5 | apiVersion: v2
6 | name: app-service-proxy
7 | version: "1.4.4"
8 | description: Application Service Proxy
9 | annotations:
10 | revision: "b960fe5"
11 | created: "2025-05-21T05:35:29Z"
12 | appVersion: 1.4.4
13 |
--------------------------------------------------------------------------------
/app-service-proxy/deployments/app-service-proxy/files/openpolicyagent/allow.rego:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | package deploymentv1
5 |
6 | import future.keywords
7 |
8 | allow if {
9 | projectRole := sprintf("%s_ao-rw", [input.metadata.activeprojectid[0]])
10 | some role in input.metadata["realm_access/roles"] # iteration
11 | [projectRole][_] == role
12 | }
13 |
14 | allow if {
15 | projectRole := "ao-m2m-rw"
16 | some role in input.metadata["realm_access/roles"] # iteration
17 | [projectRole][_] == role
18 | }
19 |
20 |
--------------------------------------------------------------------------------
/app-service-proxy/deployments/app-service-proxy/templates/NOTES.txt:
--------------------------------------------------------------------------------
1 | API Proxy Service
2 | ---
3 |
4 | API Proxy is a reverse HTTP proxy service that forwards API calls from
5 | an upstream cluster to applications running in downstream clusters.
6 |
7 | ---
8 | revision: {{ .Chart.Annotations.revision }}
9 | created: {{ .Chart.Annotations.created }}
10 | SPDX-License-Identifier: Apache-2.0
11 |
12 | Copyright (C) 2023 Intel Corporation
--------------------------------------------------------------------------------
/app-service-proxy/deployments/app-service-proxy/templates/configmap.yaml:
--------------------------------------------------------------------------------
1 | # yamllint disable-file
2 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
3 | #
4 | # SPDX-License-Identifier: Apache-2.0
5 |
6 | {{ if .Values.openpolicyagent.enabled }}
7 | apiVersion: v1
8 | kind: ConfigMap
9 | metadata:
10 | name: {{ template "app-service-proxy.fullname" . }}-opa-rego
11 | labels:
12 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
13 | release: "{{ .Release.Name }}"
14 | heritage: "{{ .Release.Service }}"
15 | data:
16 | {{ (.Files.Glob "files/openpolicyagent/*.rego").AsConfig | indent 2 }}
17 | {{- end}}
18 |
--------------------------------------------------------------------------------
/app-service-proxy/deployments/app-service-proxy/templates/serviceaccount.yaml:
--------------------------------------------------------------------------------
1 | # yamllint disable-file
2 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
3 | #
4 | # SPDX-License-Identifier: Apache-2.0
5 | ---
6 | {{- if .Values.serviceAccount.create }}
7 | apiVersion: v1
8 | kind: ServiceAccount
9 | metadata:
10 | name: {{ template "app-service-proxy.serviceAccountName" . }}
11 | labels:
12 | {{- include "app-service-proxy.labels" . | nindent 4 }}
13 | {{- end }}
14 |
--------------------------------------------------------------------------------
/app-service-proxy/hadolint.yml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | ---
5 | --ignore:
6 | DL3059
7 | DL3026
8 |
--------------------------------------------------------------------------------
/app-service-proxy/internal/admclient/utils.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2024 Intel Corporation
2 | // SPDX-License-Identifier: Apache-2.0
3 |
4 | package admclient
5 |
6 | import (
7 | "context"
8 | "github.com/sirupsen/logrus"
9 |
10 | "github.com/open-edge-platform/orch-library/go/pkg/auth"
11 | "google.golang.org/grpc/metadata"
12 | "time"
13 | )
14 |
15 | func getCtxWithToken(ctx context.Context, vaultAuthClient auth.VaultAuth) (context.Context, context.CancelFunc, error) {
16 | token, err := vaultAuthClient.GetM2MToken(ctx)
17 | if err != nil {
18 | return nil, nil, err
19 | }
20 |
21 | if token == "" {
22 | logrus.Error("token is empty")
23 | }
24 |
25 | ctx = metadata.AppendToOutgoingContext(ctx, "authorization", "Bearer "+token)
26 | ctx, cancel := context.WithTimeout(ctx, 30*time.Second)
27 | err = vaultAuthClient.Logout(ctx)
28 | return ctx, cancel, err
29 | }
30 |
--------------------------------------------------------------------------------
/app-service-proxy/internal/middleware/middleware.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 |
5 | package middleware
6 |
7 | import (
8 | "net/http"
9 | )
10 |
11 | // SizeLimitMiddleware returns a middleware function that limits request body size
12 | // The limit parameter specifies the maximum allowed size in bytes.
13 | func SizeLimitMiddleware(limit int64) func(http.Handler) http.Handler {
14 | return func(next http.Handler) http.Handler {
15 | return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
16 | // Limit the size of the request body to the specified limit
17 | r.Body = http.MaxBytesReader(w, r.Body, limit)
18 |
19 | // Call the next handler, which can be another middleware in the chain, or the final handler.
20 | next.ServeHTTP(w, r)
21 | })
22 | }
23 | }
24 |
--------------------------------------------------------------------------------
/app-service-proxy/internal/middleware/middleware_suite_test.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 |
5 | package middleware_test
6 |
7 | import (
8 | "testing"
9 |
10 | . "github.com/onsi/ginkgo/v2"
11 | . "github.com/onsi/gomega"
12 | )
13 |
14 | func TestMiddleware(t *testing.T) {
15 | RegisterFailHandler(Fail)
16 | RunSpecs(t, "Middleware Suite")
17 | }
18 |
--------------------------------------------------------------------------------
/app-service-proxy/internal/server/server_suite_test.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 |
5 | package server
6 |
7 | import (
8 | "testing"
9 |
10 | . "github.com/onsi/ginkgo/v2"
11 | . "github.com/onsi/gomega"
12 | )
13 |
14 | func TestServer(t *testing.T) {
15 | RegisterFailHandler(Fail)
16 | RunSpecs(t, "Server Suite")
17 | }
18 |
--------------------------------------------------------------------------------
/app-service-proxy/requirements.txt:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | #
3 | # SPDX-License-Identifier: Apache-2.0
4 |
5 | # license checking
6 | python-debian==0.1.44
7 | reuse~=5.0.0
8 |
9 | # lint yaml
10 | yamllint~=1.35.1
11 |
--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | #
3 | # SPDX-License-Identifier: Apache-2.0
4 |
5 | # license checking
6 | python-debian==0.1.44
7 | reuse~=5.0.0
8 |
9 | # lint yaml
10 | yamllint~=1.35.1
--------------------------------------------------------------------------------
/test-common-utils/.gitignore:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | #
3 | # SPDX-License-Identifier: Apache-2.0
4 |
5 | # jetbrains
6 | /vendor/
7 | /build/_output/*
8 | kind.config.yaml
9 | /cover.out
10 | /coverage.xml
11 | /coverage.html
12 | bin
13 | internal/northbound/testdata/*
14 | venv-env
15 | vendor
16 | *.log
17 | workspace
18 |
19 | *.lock
20 | *.tgz
21 |
22 | testdata
23 | node_modules
24 | package-lock.json
25 | package.json
26 |
--------------------------------------------------------------------------------
/test-common-utils/.golangci.yml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | #
3 | # SPDX-License-Identifier: Apache-2.0
4 |
5 | run:
6 | # Autogenerated files take too much time and memory to load,
7 | # even if we skip them with -skip-dirs or -skip-dirs;
8 | # or mark them as generated; or use nolint annotations.
9 | # So we define this tag and use it in the autogenerated files.
10 | build-tags:
11 | - codeanalysis
12 | # Do not run linters on unit-test files
13 | tests: false
14 |
15 | linters:
16 | enable:
17 | - gofmt
18 | - revive
19 | - misspell
20 | - typecheck
21 | - errcheck
22 | - dogsled
23 | - unconvert
24 | - nakedret
25 | - copyloopvar
26 | - gosec
27 |
28 | issues:
29 | exclude:
30 | - Error return value of `.*Close` is not checked
31 | - Error return value of `.*Flush` is not checked
32 |
--------------------------------------------------------------------------------
/test-common-utils/Makefile:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2025 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 |
4 | .DEFAULT_GOAL := help
5 | .PHONY: help build test lint
6 |
7 | # Optionally include tool version checks, not used in Docker builds
8 | TOOL_VERSION_CHECK ?= 1
9 |
10 | ##### Variables #####
11 |
12 | # Required Go Dependencies
13 | GOLINT := true
14 | GOCMD ?= go
15 |
16 | # Versioning variables
17 | VERSION := $(shell cat VERSION)
18 |
19 |
20 | # Include shared makefile
21 | include ../common.mk
22 |
23 | # Security config for Go builds
24 | GOEXTRAFLAGS += $(COMMON_GOEXTRAFLAGS)
25 | #### Development Targets ####
26 |
27 | build: go-build ## Build local binaries
28 | go-build:
29 | go-build:
30 | $(GOCMD) build ./...
31 |
32 | lint: license go-lint # Run license, helmlint, go-lint lint tools
33 |
34 | clean: clean-all common-clean ## Delete all build artifacts
35 |
36 |
37 | #### Unsupported targets ###
38 |
39 | dependency-check-ci: ## Unsupported target
40 | echo "no dependency check"
41 |
--------------------------------------------------------------------------------
/test-common-utils/REUSE.toml:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2025 Intel Corporation
2 | # SPDX-License-Identifier: Apache-2.0
3 | version = 1
4 |
5 | [[annotations]]
6 | path = ["venv_/**", "out/*", "**go.sum", ".tool-versions", "**.json", "VERSION", "artifacts/**",
7 | "artifacts/**", "internal/**/mocks/**", ".htmllintrc"]
8 | precedence = "aggregate"
9 | SPDX-FileCopyrightText = "2025 Intel Corporation"
10 | SPDX-License-Identifier = "Apache-2.0"
11 |
--------------------------------------------------------------------------------
/test-common-utils/VERSION:
--------------------------------------------------------------------------------
1 | 0.0.1-dev
--------------------------------------------------------------------------------
/test-common-utils/pkg/types/common_types.go:
--------------------------------------------------------------------------------
1 | // SPDX-FileCopyrightText: (C) 2025-present Intel Corporation
2 | //
3 | // SPDX-License-Identifier: Apache-2.0
4 |
5 | package types
6 |
7 | import "time"
8 |
9 | const (
10 | RestAddressPortForward = "127.0.0.1"
11 | PortForwardServiceNamespace = "orch-app"
12 | AdmPortForwardService = "svc/app-deployment-api-rest-proxy"
13 | ArmPortForwardService = "svc/app-resource-manager-rest-proxy"
14 | AdmPortForwardLocal = "8081"
15 | ArmPortForwardLocal = "8081"
16 | PortForwardAddress = "0.0.0.0"
17 | AdmPortForwardRemote = "8081"
18 | ArmPortForwardRemote = "8082"
19 | )
20 |
21 | const (
22 | SampleOrg = "sample-org"
23 | SampleProject = "sample-project"
24 | KCPass = "ChangeMeOn1stLogin!"
25 | TestClusterID = "demo-cluster"
26 | )
27 |
28 | const (
29 | RetryDelay = 10 * time.Second
30 | )
31 |
32 | const (
33 | RetryCount = 20
34 | )
35 |
--------------------------------------------------------------------------------
/test-common-utils/requirements.txt:
--------------------------------------------------------------------------------
1 | # SPDX-FileCopyrightText: (C) 2023 Intel Corporation
2 | #
3 | # SPDX-License-Identifier: Apache-2.0
4 |
5 | # license checking
6 | python-debian==0.1.44
7 | reuse~=5.0.0
8 |
9 | # lint yaml
10 | yamllint~=1.35.1
--------------------------------------------------------------------------------