From b15dbe073daa09fe51cdf9d7a3ddaeda4d8e01b8 Mon Sep 17 00:00:00 2001 From: Brad Wadsworth Date: Wed, 28 Aug 2024 08:44:03 -0500 Subject: [PATCH] added reference for private endpoint subnetworks for gke cluster Signed-off-by: Brad Wadsworth --- apis/container/v1beta1/zz_cluster_types.go | 18 ++ .../v1beta1/zz_generated.deepcopy.go | 20 ++ apis/container/v1beta2/zz_cluster_types.go | 20 ++ .../v1beta2/zz_generated.deepcopy.go | 20 ++ .../v1beta2/zz_generated.resolvers.go | 42 +++ config/container/config.go | 4 + .../container.gcp.upbound.io_clusters.yaml | 304 ++++++++++++++++++ 7 files changed, 428 insertions(+) diff --git a/apis/container/v1beta1/zz_cluster_types.go b/apis/container/v1beta1/zz_cluster_types.go index 6c1ba2161..7d9d8a9c8 100755 --- a/apis/container/v1beta1/zz_cluster_types.go +++ b/apis/container/v1beta1/zz_cluster_types.go @@ -4566,7 +4566,17 @@ type PrivateClusterConfigInitParameters struct { MasterIPv4CidrBlock *string `json:"masterIpv4CidrBlock,omitempty" tf:"master_ipv4_cidr_block,omitempty"` // Subnetwork in cluster's network where master's endpoint will be provisioned. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta2.Subnetwork + // +crossplane:generate:reference:extractor=github.com/upbound/provider-gcp/config/common.SelfLinkExtractor() PrivateEndpointSubnetwork *string `json:"privateEndpointSubnetwork,omitempty" tf:"private_endpoint_subnetwork,omitempty"` + + // Reference to a Subnetwork in compute to populate privateEndpointSubnetwork. + // +kubebuilder:validation:Optional + PrivateEndpointSubnetworkRef *v1.Reference `json:"privateEndpointSubnetworkRef,omitempty" tf:"-"` + + // Selector for a Subnetwork in compute to populate privateEndpointSubnetwork. + // +kubebuilder:validation:Optional + PrivateEndpointSubnetworkSelector *v1.Selector `json:"privateEndpointSubnetworkSelector,omitempty" tf:"-"` } type PrivateClusterConfigObservation struct { @@ -4643,6 +4653,14 @@ type PrivateClusterConfigParameters struct { // Subnetwork in cluster's network where master's endpoint will be provisioned. // +kubebuilder:validation:Optional PrivateEndpointSubnetwork *string `json:"privateEndpointSubnetwork,omitempty" tf:"private_endpoint_subnetwork,omitempty"` + + // Reference to a Subnetwork in compute to populate privateEndpointSubnetwork. + // +kubebuilder:validation:Optional + PrivateEndpointSubnetworkRef *v1.Reference `json:"privateEndpointSubnetworkRef,omitempty" tf:"-"` + + // Selector for a Subnetwork in compute to populate privateEndpointSubnetwork. + // +kubebuilder:validation:Optional + PrivateEndpointSubnetworkSelector *v1.Selector `json:"privateEndpointSubnetworkSelector,omitempty" tf:"-"` } type PrivateRegistryAccessConfigCertificateAuthorityDomainConfigGCPSecretManagerCertificateConfigInitParameters struct { diff --git a/apis/container/v1beta1/zz_generated.deepcopy.go b/apis/container/v1beta1/zz_generated.deepcopy.go index e3ec73b33..24c0fe069 100644 --- a/apis/container/v1beta1/zz_generated.deepcopy.go +++ b/apis/container/v1beta1/zz_generated.deepcopy.go @@ -14447,6 +14447,16 @@ func (in *PrivateClusterConfigInitParameters) DeepCopyInto(out *PrivateClusterCo *out = new(string) **out = **in } + if in.PrivateEndpointSubnetworkRef != nil { + in, out := &in.PrivateEndpointSubnetworkRef, &out.PrivateEndpointSubnetworkRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.PrivateEndpointSubnetworkSelector != nil { + in, out := &in.PrivateEndpointSubnetworkSelector, &out.PrivateEndpointSubnetworkSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrivateClusterConfigInitParameters. @@ -14546,6 +14556,16 @@ func (in *PrivateClusterConfigParameters) DeepCopyInto(out *PrivateClusterConfig *out = new(string) **out = **in } + if in.PrivateEndpointSubnetworkRef != nil { + in, out := &in.PrivateEndpointSubnetworkRef, &out.PrivateEndpointSubnetworkRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.PrivateEndpointSubnetworkSelector != nil { + in, out := &in.PrivateEndpointSubnetworkSelector, &out.PrivateEndpointSubnetworkSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrivateClusterConfigParameters. diff --git a/apis/container/v1beta2/zz_cluster_types.go b/apis/container/v1beta2/zz_cluster_types.go index 4db957d95..98be18acd 100755 --- a/apis/container/v1beta2/zz_cluster_types.go +++ b/apis/container/v1beta2/zz_cluster_types.go @@ -4572,7 +4572,17 @@ type PrivateClusterConfigInitParameters struct { MasterIPv4CidrBlock *string `json:"masterIpv4CidrBlock,omitempty" tf:"master_ipv4_cidr_block,omitempty"` // Subnetwork in cluster's network where master's endpoint will be provisioned. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta2.Subnetwork + // +crossplane:generate:reference:extractor=github.com/upbound/provider-gcp/config/common.SelfLinkExtractor() PrivateEndpointSubnetwork *string `json:"privateEndpointSubnetwork,omitempty" tf:"private_endpoint_subnetwork,omitempty"` + + // Reference to a Subnetwork in compute to populate privateEndpointSubnetwork. + // +kubebuilder:validation:Optional + PrivateEndpointSubnetworkRef *v1.Reference `json:"privateEndpointSubnetworkRef,omitempty" tf:"-"` + + // Selector for a Subnetwork in compute to populate privateEndpointSubnetwork. + // +kubebuilder:validation:Optional + PrivateEndpointSubnetworkSelector *v1.Selector `json:"privateEndpointSubnetworkSelector,omitempty" tf:"-"` } type PrivateClusterConfigObservation struct { @@ -4647,8 +4657,18 @@ type PrivateClusterConfigParameters struct { MasterIPv4CidrBlock *string `json:"masterIpv4CidrBlock,omitempty" tf:"master_ipv4_cidr_block,omitempty"` // Subnetwork in cluster's network where master's endpoint will be provisioned. + // +crossplane:generate:reference:type=github.com/upbound/provider-gcp/apis/compute/v1beta2.Subnetwork + // +crossplane:generate:reference:extractor=github.com/upbound/provider-gcp/config/common.SelfLinkExtractor() // +kubebuilder:validation:Optional PrivateEndpointSubnetwork *string `json:"privateEndpointSubnetwork,omitempty" tf:"private_endpoint_subnetwork,omitempty"` + + // Reference to a Subnetwork in compute to populate privateEndpointSubnetwork. + // +kubebuilder:validation:Optional + PrivateEndpointSubnetworkRef *v1.Reference `json:"privateEndpointSubnetworkRef,omitempty" tf:"-"` + + // Selector for a Subnetwork in compute to populate privateEndpointSubnetwork. + // +kubebuilder:validation:Optional + PrivateEndpointSubnetworkSelector *v1.Selector `json:"privateEndpointSubnetworkSelector,omitempty" tf:"-"` } type PrivateRegistryAccessConfigCertificateAuthorityDomainConfigGCPSecretManagerCertificateConfigInitParameters struct { diff --git a/apis/container/v1beta2/zz_generated.deepcopy.go b/apis/container/v1beta2/zz_generated.deepcopy.go index 08c0c5699..41395bfaa 100644 --- a/apis/container/v1beta2/zz_generated.deepcopy.go +++ b/apis/container/v1beta2/zz_generated.deepcopy.go @@ -13813,6 +13813,16 @@ func (in *PrivateClusterConfigInitParameters) DeepCopyInto(out *PrivateClusterCo *out = new(string) **out = **in } + if in.PrivateEndpointSubnetworkRef != nil { + in, out := &in.PrivateEndpointSubnetworkRef, &out.PrivateEndpointSubnetworkRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.PrivateEndpointSubnetworkSelector != nil { + in, out := &in.PrivateEndpointSubnetworkSelector, &out.PrivateEndpointSubnetworkSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrivateClusterConfigInitParameters. @@ -13908,6 +13918,16 @@ func (in *PrivateClusterConfigParameters) DeepCopyInto(out *PrivateClusterConfig *out = new(string) **out = **in } + if in.PrivateEndpointSubnetworkRef != nil { + in, out := &in.PrivateEndpointSubnetworkRef, &out.PrivateEndpointSubnetworkRef + *out = new(v1.Reference) + (*in).DeepCopyInto(*out) + } + if in.PrivateEndpointSubnetworkSelector != nil { + in, out := &in.PrivateEndpointSubnetworkSelector, &out.PrivateEndpointSubnetworkSelector + *out = new(v1.Selector) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrivateClusterConfigParameters. diff --git a/apis/container/v1beta2/zz_generated.resolvers.go b/apis/container/v1beta2/zz_generated.resolvers.go index 131c5871b..e5dfb9f56 100644 --- a/apis/container/v1beta2/zz_generated.resolvers.go +++ b/apis/container/v1beta2/zz_generated.resolvers.go @@ -67,6 +67,27 @@ func (mg *Cluster) ResolveReferences(ctx context.Context, c client.Reader) error mg.Spec.ForProvider.NodeConfig.ServiceAccount = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.ForProvider.NodeConfig.ServiceAccountRef = rsp.ResolvedReference + } + if mg.Spec.ForProvider.PrivateClusterConfig != nil { + { + m, l, err = apisresolver.GetManagedResource("compute.gcp.upbound.io", "v1beta2", "Subnetwork", "SubnetworkList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.ForProvider.PrivateClusterConfig.PrivateEndpointSubnetwork), + Extract: common.SelfLinkExtractor(), + Reference: mg.Spec.ForProvider.PrivateClusterConfig.PrivateEndpointSubnetworkRef, + Selector: mg.Spec.ForProvider.PrivateClusterConfig.PrivateEndpointSubnetworkSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.ForProvider.PrivateClusterConfig.PrivateEndpointSubnetwork") + } + mg.Spec.ForProvider.PrivateClusterConfig.PrivateEndpointSubnetwork = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.ForProvider.PrivateClusterConfig.PrivateEndpointSubnetworkRef = rsp.ResolvedReference + } { m, l, err = apisresolver.GetManagedResource("compute.gcp.upbound.io", "v1beta2", "Subnetwork", "SubnetworkList") @@ -126,6 +147,27 @@ func (mg *Cluster) ResolveReferences(ctx context.Context, c client.Reader) error mg.Spec.InitProvider.NodeConfig.ServiceAccount = reference.ToPtrValue(rsp.ResolvedValue) mg.Spec.InitProvider.NodeConfig.ServiceAccountRef = rsp.ResolvedReference + } + if mg.Spec.InitProvider.PrivateClusterConfig != nil { + { + m, l, err = apisresolver.GetManagedResource("compute.gcp.upbound.io", "v1beta2", "Subnetwork", "SubnetworkList") + if err != nil { + return errors.Wrap(err, "failed to get the reference target managed resource and its list for reference resolution") + } + rsp, err = r.Resolve(ctx, reference.ResolutionRequest{ + CurrentValue: reference.FromPtrValue(mg.Spec.InitProvider.PrivateClusterConfig.PrivateEndpointSubnetwork), + Extract: common.SelfLinkExtractor(), + Reference: mg.Spec.InitProvider.PrivateClusterConfig.PrivateEndpointSubnetworkRef, + Selector: mg.Spec.InitProvider.PrivateClusterConfig.PrivateEndpointSubnetworkSelector, + To: reference.To{List: l, Managed: m}, + }) + } + if err != nil { + return errors.Wrap(err, "mg.Spec.InitProvider.PrivateClusterConfig.PrivateEndpointSubnetwork") + } + mg.Spec.InitProvider.PrivateClusterConfig.PrivateEndpointSubnetwork = reference.ToPtrValue(rsp.ResolvedValue) + mg.Spec.InitProvider.PrivateClusterConfig.PrivateEndpointSubnetworkRef = rsp.ResolvedReference + } { m, l, err = apisresolver.GetManagedResource("compute.gcp.upbound.io", "v1beta2", "Subnetwork", "SubnetworkList") diff --git a/config/container/config.go b/config/container/config.go index 615b9473d..231c291df 100644 --- a/config/container/config.go +++ b/config/container/config.go @@ -125,6 +125,10 @@ func Configure(p *config.Provider) { //nolint:gocyclo TerraformName: "google_compute_subnetwork", Extractor: common.PathSelfLinkExtractor, } + r.References["private_cluster_config.private_endpoint_subnetwork"] = config.Reference{ + TerraformName: "google_compute_subnetwork", + Extractor: common.PathSelfLinkExtractor, + } config.MarkAsRequired(r.TerraformResource, "location") }) diff --git a/package/crds/container.gcp.upbound.io_clusters.yaml b/package/crds/container.gcp.upbound.io_clusters.yaml index 5a7debe8e..4a2f16c31 100644 --- a/package/crds/container.gcp.upbound.io_clusters.yaml +++ b/package/crds/container.gcp.upbound.io_clusters.yaml @@ -1864,6 +1864,82 @@ spec: description: Subnetwork in cluster's network where master's endpoint will be provisioned. type: string + privateEndpointSubnetworkRef: + description: Reference to a Subnetwork in compute to populate + privateEndpointSubnetwork. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + privateEndpointSubnetworkSelector: + description: Selector for a Subnetwork in compute to populate + privateEndpointSubnetwork. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object type: object type: array privateIpv6GoogleAccess: @@ -3871,6 +3947,82 @@ spec: description: Subnetwork in cluster's network where master's endpoint will be provisioned. type: string + privateEndpointSubnetworkRef: + description: Reference to a Subnetwork in compute to populate + privateEndpointSubnetwork. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + privateEndpointSubnetworkSelector: + description: Selector for a Subnetwork in compute to populate + privateEndpointSubnetwork. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object type: object type: array privateIpv6GoogleAccess: @@ -8592,6 +8744,82 @@ spec: description: Subnetwork in cluster's network where master's endpoint will be provisioned. type: string + privateEndpointSubnetworkRef: + description: Reference to a Subnetwork in compute to populate + privateEndpointSubnetwork. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + privateEndpointSubnetworkSelector: + description: Selector for a Subnetwork in compute to populate + privateEndpointSubnetwork. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object type: object privateIpv6GoogleAccess: description: The desired state of IPv6 connectivity to Google @@ -10403,6 +10631,82 @@ spec: description: Subnetwork in cluster's network where master's endpoint will be provisioned. type: string + privateEndpointSubnetworkRef: + description: Reference to a Subnetwork in compute to populate + privateEndpointSubnetwork. + properties: + name: + description: Name of the referenced object. + type: string + policy: + description: Policies for referencing. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + required: + - name + type: object + privateEndpointSubnetworkSelector: + description: Selector for a Subnetwork in compute to populate + privateEndpointSubnetwork. + properties: + matchControllerRef: + description: |- + MatchControllerRef ensures an object with the same controller reference + as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching + labels is selected. + type: object + policy: + description: Policies for selection. + properties: + resolution: + default: Required + description: |- + Resolution specifies whether resolution of this reference is required. + The default is 'Required', which means the reconcile will fail if the + reference cannot be resolved. 'Optional' means this reference will be + a no-op if it cannot be resolved. + enum: + - Required + - Optional + type: string + resolve: + description: |- + Resolve specifies when this reference should be resolved. The default + is 'IfNotPresent', which will attempt to resolve the reference only when + the corresponding field is not present. Use 'Always' to resolve the + reference on every reconcile. + enum: + - Always + - IfNotPresent + type: string + type: object + type: object type: object privateIpv6GoogleAccess: description: The desired state of IPv6 connectivity to Google