Implement the base setup for trats resources Kubernetes controllers (#8)

* Implement the base setup for trats resources kubernetes controller

kubernetes/README.md

@@ -0,0 +1,14 @@
+# tconfigd Kubernetes Configurations
+This directory contains Kubernetes manifest files and installation scripts for tconfigd. Below is an overview of each component:
+
+### crd
+This directory includes custom resource definitions(CRDs) and example custom resources(CRs) for `tratteria.io` custom resources.
+
+### spire
+This directory includes the Kubernetes setup for SPIRE.
+
+### tconfigd
+This directory includes the Kubernetes setup for the tconfigd server components.
+
+## Contribute
+Contributions to the project are welcome, including feature enhancements, bug fixes, and documentation improvements.

kubernetes/crd/deploy.sh

@@ -0,0 +1,4 @@
+kubectl create namespace test-application
+
+kubectl apply -f trat-crd.yaml
+kubectl apply -f example-trat.yaml

kubernetes/crd/destroy.sh

@@ -0,0 +1,3 @@
+kubectl delete crd trats.tratteria.io
+
+kubectl delete namespace test-application

kubernetes/crd/example-trat.yaml

@@ -0,0 +1,23 @@
+apiVersion: tratteria.io/v1alpha1
+kind: TraT
+metadata:
+  name: trade
+  namespace: test-application
+spec:
+  endpoint: "order/trade/{#stock-id}?action={#action}"
+  method: "POST"
+  azd-mapping:
+    quantity:
+      required: true
+      value: "${body.quantity}"
+    action:
+      required: true
+      value: "${action}"
+    stock:
+      required: true
+      value: "${stock-id}"
+  services:
+    - order
+    - catalog
+    - stocks
+    - payment

kubernetes/crd/trat-crd.yaml

@@ -0,0 +1,50 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: trats.tratteria.io
+spec:
+  group: tratteria.io
+  names:
+    kind: TraT
+    plural: trats
+    singular: trat
+    listKind: TraTList
+    shortNames:
+      - trat
+  scope: Namespaced
+  versions:
+    - name: v1alpha1
+      served: true
+      storage: true
+      schema:
+        openAPIV3Schema:
+          type: object
+          properties:
+            apiVersion:
+              type: string
+            kind:
+              type: string
+            metadata:
+              type: object
+            spec:
+              type: object
+              properties:
+                endpoint:
+                  type: string
+                method:
+                  type: string
+                azd-mapping:
+                  type: object
+                  x-kubernetes-preserve-unknown-fields: true
+                services:
+                  type: array
+                  items:
+                    type: string
+              required: ["endpoint", "method", "services"]
+            status:
+              type: object
+              properties:
+                applied:
+                  type: boolean
+      subresources:
+        status: {}

kubernetes/deploy.sh

@@ -1,3 +1,8 @@
+cd crd
+chmod +x deploy.sh
+./deploy.sh
+cd ..
+
 cd spire
 chmod +x deploy.sh
 ./deploy.sh

kubernetes/destroy.sh

@@ -5,4 +5,10 @@ cd ..
 
 cd spire
 chmod +x destroy.sh
-./destroy.sh
+./destroy.sh
+cd ..
+
+cd crd
+chmod +x destroy.sh
+./destroy.sh
+cd ..

kubernetes/tconfigd/deploy.sh

@@ -10,6 +10,8 @@ chmod +x deploy-rules.sh
 cd ../kubernetes/tconfigd
 
 kubectl apply -f service-account.yaml
+kubectl apply -f role.yaml
+kubectl apply -f rolebinding.yaml
 kubectl apply -f deployment.yaml
 kubectl apply -f service.yaml
 kubectl apply -f tratteria-agent-injector-mutating-webhook.yaml

kubernetes/tconfigd/destroy.sh

@@ -1,2 +1,4 @@
 kubectl delete namespace tratteria
+kubectl delete clusterrole tconfigd-service-account-role
+kubectl delete clusterrolebinding tconfigd-service-account-binding
 kubectl delete mutatingwebhookconfiguration tratteria-agent-injector

kubernetes/tconfigd/role.yaml

@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: tconfigd-service-account-role
+rules:
+  - apiGroups: [""]
+    resources: ["events"]
+    verbs: ["create", "patch"]
+  - apiGroups: ["tratteria.io"]
+    resources: ["trats"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["tratteria.io"]
+    resources: ["trats/status"]
+    verbs: ["update"]

kubernetes/tconfigd/rolebinding.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: tconfigd-service-account-binding
+subjects:
+  - kind: ServiceAccount
+    name: tconfigd-service-account
+    namespace: tratteria
+roleRef:
+  kind: ClusterRole
+  name: tconfigd-service-account-role
+  apiGroup: rbac.authorization.k8s.io

service/.golangci.yml

@@ -2,6 +2,7 @@ run:
   skip-dirs:
     - ^tratcontroller/.*$
     - ^tratcontroller$
+    - tratcontroller
 
 linters:
   disable-all: true

service/README.md

@@ -0,0 +1,27 @@
+# tconfigd Components
+This directory holds the source code for tconfigd. Below is an overview of each component and its functionality.
+
+### agentsmanager
+This directory manages agents by enabling agent registrations, handling agent heartbeats, and tracking active agents.
+
+### api
+This directory implements tconfigd's APIs. It holds the following APIs:
+
+- Agent Registration API
+- Agent Heartbeat API
+
+### configdispatcher
+This directory dispatches configurations to tratteria and tratteria agents.
+
+### tratcontroller
+This directory implements Kubernetes controller for `tratteria.io` custom resources. It hosts controllers for the following resources:
+- `tratteria.io/TraT`
+- `tratteria.io/TraTExclusion`
+
+### webhook
+This directory implements Kubernetes Admission Controller Webhooks. It hosts the following webhooks:
+- Tratteria Agent Injection Mutating Admission Controller Webhook
+- `tratteria.io` custom resources Validating Admission Controller Webhook
+
+## Contributions
+Contributions to the project are welcome, including feature enhancements, bug fixes, and documentation improvements.

service/cmd/main.go

@@ -11,6 +11,7 @@ import (
 	"github.com/tratteria/tconfigd/agentsmanager"
 	"github.com/tratteria/tconfigd/api"
 	"github.com/tratteria/tconfigd/config"
+	"github.com/tratteria/tconfigd/tratcontroller"
 	"github.com/tratteria/tconfigd/webhook"
 	"go.uber.org/zap"
 )
@@ -73,6 +74,16 @@ func main() {
 		}
 	}()
 
+	go func() {
+		logger.Info("Starting TraT Controller...")
+
+		tratController := &tratcontroller.TraTController{}
+
+		if err := tratController.Run(); err != nil {
+			logger.Fatal("Failed to start TraT Controller server.", zap.Error(err))
+		}
+	}()
+
 	<-ctx.Done()
 
 	logger.Info("Shutting down servers and controllers...")

service/go.mod

@@ -7,35 +7,63 @@ require (
 	github.com/mattbaird/jsonpatch v0.0.0-20240118010651-0ba75a80ca38
 	github.com/spiffe/go-spiffe/v2 v2.2.0
 	go.uber.org/zap v1.27.0
+	golang.org/x/time v0.3.0
 	google.golang.org/grpc v1.62.1
 	gopkg.in/yaml.v2 v2.4.0
-	k8s.io/api v0.30.1
-	k8s.io/apimachinery v0.30.1
+	k8s.io/api v0.0.0-20240620180645-9f6f03ff043b
+	k8s.io/apimachinery v0.0.0-20240620180412-04fe5186a7b1
+	k8s.io/client-go v0.0.0-20240620181025-b9309ac26b16
+	k8s.io/code-generator v0.0.0-20240620181745-569cc2f167a3
+	k8s.io/klog/v2 v2.130.1
 )
 
 require (
 	github.com/Microsoft/go-winio v0.6.1 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
+	github.com/evanphx/json-patch v0.5.2 // indirect
+	github.com/fxamacker/cbor/v2 v2.7.0-beta // indirect
 	github.com/go-jose/go-jose/v4 v4.0.1 // indirect
 	github.com/go-logr/logr v1.4.1 // indirect
+	github.com/go-openapi/jsonpointer v0.19.6 // indirect
+	github.com/go-openapi/jsonreference v0.20.2 // indirect
+	github.com/go-openapi/swag v0.22.4 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/gnostic-models v0.6.8 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/x448/float16 v0.8.4 // indirect
 	github.com/zeebo/errs v1.3.0 // indirect
 	go.uber.org/multierr v1.10.0 // indirect
-	golang.org/x/crypto v0.21.0 // indirect
-	golang.org/x/mod v0.15.0 // indirect
-	golang.org/x/net v0.23.0 // indirect
-	golang.org/x/sys v0.18.0 // indirect
-	golang.org/x/text v0.14.0 // indirect
-	golang.org/x/tools v0.18.0 // indirect
+	golang.org/x/crypto v0.23.0 // indirect
+	golang.org/x/mod v0.17.0 // indirect
+	golang.org/x/net v0.25.0 // indirect
+	golang.org/x/oauth2 v0.20.0 // indirect
+	golang.org/x/sync v0.7.0 // indirect
+	golang.org/x/sys v0.20.0 // indirect
+	golang.org/x/term v0.20.0 // indirect
+	golang.org/x/text v0.15.0 // indirect
+	golang.org/x/tools v0.21.0 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 // indirect
 	google.golang.org/protobuf v1.33.0 // indirect
+	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
-	k8s.io/klog/v2 v2.120.1 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70 // indirect
+	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
 	k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
+	sigs.k8s.io/yaml v1.4.0 // indirect
 )