Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/add selectors cluster private endpoint #610

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Feature/add selectors cluster private endpoint #610

wants to merge 4 commits into from

Conversation

bradkwadsworth-mw
Copy link
Contributor

Description of your changes

Added resource selectors for spec.forProvider.privateClusterConfig.privateEndpointSubnetwork

Fixes #609

I have:

  • Read and followed Crossplane's [contribution process].
  • Run make reviewable to ensure this PR is ready for review.
  • Added backport release-x.y labels to auto-backport this PR if necessary.

How has this code been tested

Applied to a local Kind cluster
manifest:

---
apiVersion: compute.gcp.upbound.io/v1beta1
kind: Network
metadata:
  annotations:
    uptest.upbound.io/timeout: "4800"
    meta.upbound.io/example-id: compute/v1beta1/network
  labels:
    testing.upbound.io/example-name: example_network
  name: example-network
spec:
  forProvider:
    autoCreateSubnetworks: false
---
apiVersion: compute.gcp.upbound.io/v1beta1
kind: Subnetwork
metadata:
  annotations:
    meta.upbound.io/example-id: compute/v1beta1/subnetwork
  labels:
    testing.upbound.io/example-name: example_subnet
  name: gke
spec:
  forProvider:
    ipCidrRange: 10.0.0.0/24
    networkSelector:
      matchLabels:
        testing.upbound.io/example-name: example_network
    region: us-central1
    privateIpGoogleAccess: true
    secondaryIpRange:
      - ipCidrRange: 10.1.0.0/16
        rangeName: pods
      - ipCidrRange: 10.2.0.0/20
        rangeName: services
---
apiVersion: compute.gcp.upbound.io/v1beta1
kind: Router
metadata:
  annotations:
    meta.upbound.io/example-id: compute/v1beta1/router
  labels:
    testing.upbound.io/example-name: example_router
  name: example-router
spec:
  forProvider:
    networkSelector:
      matchLabels:
        testing.upbound.io/example-name: example_network
    region: us-central1
---
apiVersion: compute.gcp.upbound.io/v1beta1
kind: RouterNAT
metadata:
  annotations:
    meta.upbound.io/example-id: compute/v1beta1/routernat
  labels:
    testing.upbound.io/example-name: example_routernat
  name: example-routernat
spec:
  forProvider:
    natIpAllocateOption: AUTO_ONLY
    region: us-central1
    routerSelector:
      matchLabels:
        testing.upbound.io/example-name: example_router
    sourceSubnetworkIpRangesToNat: ALL_SUBNETWORKS_ALL_IP_RANGES
---
apiVersion: container.gcp.upbound.io/v1beta1
kind: Cluster
metadata:
  annotations:
    meta.upbound.io/example-id: container/v1beta1/cluster
  labels:
    testing.upbound.io/example-name: cluster
  name: cluster
spec:
  forProvider:
    addonsConfig:
      - gcePersistentDiskCsiDriverConfig:
          - enabled: true
        gcpFilestoreCsiDriverConfig:
          - enabled: true
        gkeBackupAgentConfig:
          - enabled: true
    binaryAuthorization:
      - evaluationMode: PROJECT_SINGLETON_POLICY_ENFORCE
    datapathProvider: ADVANCED_DATAPATH
    deletionProtection: false
    enableAutopilot: false
    enableIntranodeVisibility: true
    enableL4IlbSubsetting: true
    enableShieldedNodes: true
    gatewayApiConfig:
      - channel: CHANNEL_STANDARD
    initialNodeCount: 1
    ipAllocationPolicy:
      - clusterSecondaryRangeName: pods
        servicesSecondaryRangeName: services
    location: us-central1
    masterAuthorizedNetworksConfig:
      - gcpPublicCidrsAccessEnabled: false
        cidrBlocks:
          - cidrBlock: 10.0.0.0/24
            displayName: bastion
    networkSelector:
      matchLabels:
        testing.upbound.io/example-name: example_network
    networkingMode: VPC_NATIVE
    privateClusterConfig:
      - enablePrivateEndpoint: true
        enablePrivateNodes: true
        masterGlobalAccessConfig:
          - enabled: false
        privateEndpointSubnetworkSelector:
          matchLabels:
            testing.upbound.io/example-name: example_subnet
    releaseChannel:
      - channel: STABLE
    removeDefaultNodePool: true
    subnetworkSelector:
      matchLabels:
        testing.upbound.io/example-name: example_subnet
Screenshot 2024-09-03 at 5 25 54 PM

@bradkwadsworth-mw bradkwadsworth-mw force-pushed the feature/add-selectors-cluster-private-endpoint branch 2 times, most recently from 76c15b4 to 984b284 Compare September 3, 2024 22:31
@turkenf
Copy link
Collaborator

turkenf commented Sep 4, 2024

Hi @bradkwadsworth-mw, thanks for the PR.

For failed CI pipelines, please run make submodules and force push the changes.

@bradkwadsworth-mw
Copy link
Contributor Author

I ran make submodules and there were no changes.

@bradkwadsworth-mw
Copy link
Contributor Author

@turkenf Any ideas on how I should proceed?

@bradkwadsworth-mw bradkwadsworth-mw force-pushed the feature/add-selectors-cluster-private-endpoint branch 2 times, most recently from cf25db5 to 6a65aeb Compare September 16, 2024 14:51
@bradkwadsworth-mw
Copy link
Contributor Author

@turkenf It looks like the tests are passing now.

@bradkwadsworth-mw bradkwadsworth-mw force-pushed the feature/add-selectors-cluster-private-endpoint branch 2 times, most recently from 556b732 to 4ec146b Compare October 9, 2024 14:05
@bradkwadsworth-mw bradkwadsworth-mw force-pushed the feature/add-selectors-cluster-private-endpoint branch from 4ec146b to a997a66 Compare October 9, 2024 14:07
@bradkwadsworth-mw
Copy link
Contributor Author

@turkenf Just rebased against current main.

@turkenf
Copy link
Collaborator

turkenf commented Oct 9, 2024

/test-examples="examples/cloudplatform/v1beta1/serviceaccount.yaml"

turkenf
turkenf reviewed Oct 9, 2024
View reviewed changes
Copy link
Collaborator

@turkenf turkenf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for your effort @bradkwadsworth-mw, I left two comments. And, do you have a specific reason for updating the build submodule, if not would you revert it to the same commit as main?

apis/container/v1beta1/zz_cluster_types.go
Comment on lines +4606 to +4617
// +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta2.Subnetwork
// +crossplane:generate:reference:extractor=github.com/upbound/provider-gcp/config/common.SelfLinkExtractor()
PrivateEndpointSubnetwork *string `json:"privateEndpointSubnetwork,omitempty" tf:"private_endpoint_subnetwork,omitempty"`

// Reference to a Subnetwork in compute to populate privateEndpointSubnetwork.
// +kubebuilder:validation:Optional
PrivateEndpointSubnetworkRef *v1.Reference `json:"privateEndpointSubnetworkRef,omitempty" tf:"-"`

// Selector for a Subnetwork in compute to populate privateEndpointSubnetwork.
// +kubebuilder:validation:Optional
PrivateEndpointSubnetworkSelector *v1.Selector `json:"privateEndpointSubnetworkSelector,omitempty" tf:"-"`

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see that these changes are made in PrivateClusterConfigInitParameters in v1beta2 file, can you please move it from observation to init parameters?

apis/container/v1beta1/zz_cluster_types.go
@@ -4641,8 +4651,17 @@ type PrivateClusterConfigParameters struct {
MasterIPv4CidrBlock *string `json:"masterIpv4CidrBlock,omitempty" tf:"master_ipv4_cidr_block,omitempty"`

// Subnetwork in cluster's network where master's endpoint will be provisioned.
// +kubebuilder:validation:Optional
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a reason you removed this line?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@turkenf turkenf turkenf left review comments

@ulucinar ulucinar Awaiting requested review from ulucinar ulucinar is a code owner

@sergenyalcin sergenyalcin Awaiting requested review from sergenyalcin sergenyalcin is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add resource selectors for privateEndpointSubnetwork to clusters.container.gcp.upbound.io
2 participants
@bradkwadsworth-mw @turkenf