Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

✨ rosa: add missing fields to spec #4832

Closed
wants to merge 4 commits into from
Closed

✨ rosa: add missing fields to spec #4832

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
27cfdc5
rosa: add etcdEncryption, tags
xiangjingli Feb 29, 2024
8dc29e5
rosa: support PrivateLink
stevekuznetsov Feb 29, 2024
d3048af
rosa: expose tag validation error
stevekuznetsov Feb 29, 2024
ce07e08
rosa: expose errors in status
stevekuznetsov Feb 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions config/crd/bases/controlplane.cluster.x-k8s.io_rosacontrolplanes.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,12 @@ spec:
type: object
spec:
properties:
additionalTags:
additionalProperties:
type: string
description: AdditionalTags are user-defined tags to be added on the
AWS resources associated with the control plane.
type: object
autoscaling:
description: Autoscaling specifies auto scaling behaviour for the
MachinePools.
Expand Down Expand Up @@ -100,6 +106,15 @@ spec:
type: string
type: object
x-kubernetes-map-type: atomic
etcdEncryptionKMSArn:
description: EtcdEncryptionKMSArn is the ARN of the KMS key used to
encrypt etcd. The key itself needs to be created out-of-band by
the user and tagged with `red-hat:true`.
maxLength: 2048
type: string
x-kubernetes-validations:
- message: etcdEncryptionKMSArn must be a valid encryption key ARN
rule: self.matches('^arn:aws[\\w-]*:kms:[\\w-]+:\\d{12}:key\\/(mrk-[0-9a-f]{32}$|[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$)')
identityRef:
description: IdentityRef is a reference to an identity to be used
when reconciling the managed control plane. If no identity is specified,
Expand Down Expand Up @@ -162,6 +177,13 @@ spec:
oidcID:
description: The ID of the OpenID Connect Provider.
type: string
private:
description: Private restricts master API endpoint and application
routes to direct, private connectivity. Traffic to these endpoints
will use AWS PrivateLink to have connectivity between VPCs, AWS
services, and your on-premises networks without exposing your traffic
to the public internet.
type: boolean
region:
description: The AWS Region the cluster lives in.
type: string
Expand Down
20 changes: 20 additions & 0 deletions controlplane/rosa/api/v1beta2/rosacontrolplane_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,26 @@ type RosaControlPlaneSpec struct { //nolint: maligned
// Autoscaling specifies auto scaling behaviour for the MachinePools.
// +optional
Autoscaling *expinfrav1.RosaMachinePoolAutoScaling `json:"autoscaling,omitempty"`

// +kubebuilder:validation:Optional
stevekuznetsov marked this conversation as resolved.
Show resolved Hide resolved

// AdditionalTags are user-defined tags to be added on the AWS resources associated with the control plane.
AdditionalTags infrav1.Tags `json:"additionalTags,omitempty"`
stevekuznetsov marked this conversation as resolved.
Show resolved Hide resolved

// +kubebuilder:validation:Optional
// +kubebuilder:validation:MaxLength=2048
// +kubebuilder:validation:XValidation:rule=`self.matches('^arn:aws[\\w-]*:kms:[\\w-]+:\\d{12}:key\\/(mrk-[0-9a-f]{32}$|[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$)')`, message="etcdEncryptionKMSArn must be a valid encryption key ARN"

// EtcdEncryptionKMSArn is the ARN of the KMS key used to encrypt etcd. The key itself needs to be
// created out-of-band by the user and tagged with `red-hat:true`.
EtcdEncryptionKMSArn string `json:"etcdEncryptionKMSArn,omitempty"`

// +kubebuilder:validation:Optional

// Private restricts master API endpoint and application routes to direct, private connectivity.
// Traffic to these endpoints will use AWS PrivateLink to have connectivity between VPCs, AWS services,
// and your on-premises networks without exposing your traffic to the public internet.
Private *bool `json:"private,omitempty"`
stevekuznetsov marked this conversation as resolved.
Show resolved Hide resolved
}

// NetworkSpec for ROSA-HCP.
Expand Down
12 changes: 12 additions & 0 deletions controlplane/rosa/api/v1beta2/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 5 additions & 0 deletions controlplane/rosa/controllers/rosacontrolplane_controller.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -278,6 +278,11 @@ func (r *ROSAControlPlaneReconciler) reconcileNormal(ctx context.Context, rosaSc
DisableWorkloadMonitoring: ptr.To(true),
DefaultIngress: ocm.NewDefaultIngressSpec(), // n.b. this is a no-op when it's set to the default value
ComputeMachineType: rosaScope.ControlPlane.Spec.InstanceType,
Tags: rosaScope.ControlPlane.Spec.AdditionalTags,
EtcdEncryption: rosaScope.ControlPlane.Spec.EtcdEncryptionKMSArn != "",
EtcdEncryptionKMSArn: rosaScope.ControlPlane.Spec.EtcdEncryptionKMSArn,
Private: rosaScope.ControlPlane.Spec.Private,
PrivateLink: rosaScope.ControlPlane.Spec.Private, // all private ROSA HCP clusters are privateLink

SubnetIds: rosaScope.ControlPlane.Spec.Subnets,
AvailabilityZones: rosaScope.ControlPlane.Spec.AvailabilityZones,
Expand Down
Loading