Merge pull request #28 from dmendiza/barbican-api

Barbican API is running

api/go.mod

@@ -4,6 +4,7 @@ go 1.19
 
 require (
 	github.com/openstack-k8s-operators/lib-common/modules/common v0.0.0-20230714104628-12cc1e43cccd
+	k8s.io/api v0.26.6
 	k8s.io/apimachinery v0.27.1
 	sigs.k8s.io/controller-runtime v0.14.6
 )
@@ -55,7 +56,6 @@ require (
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/api v0.26.6 // indirect
 	k8s.io/apiextensions-apiserver v0.26.6 // indirect
 	k8s.io/client-go v0.26.6 // indirect
 	k8s.io/component-base v0.26.6 // indirect

api/v1beta1/barbicanapi_types.go

@@ -17,6 +17,7 @@ limitations under the License.
 package v1beta1
 
 import (
+	"github.com/openstack-k8s-operators/lib-common/modules/common/condition"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -35,12 +36,31 @@ type BarbicanAPISpec struct {
 	BarbicanTemplate `json:",inline"`
 
 	BarbicanAPITemplate `json:",inline"`
+
+	// TransportURLSecret - Secret containing RabbitMQ transportURL
+	TransportURLSecret string `json:"transportURLSecret,omitempty"`
 }
 
 // BarbicanAPIStatus defines the observed state of BarbicanAPI
 type BarbicanAPIStatus struct {
-	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
-	// Important: Run "make" to regenerate code after modifying this file
+
+	// ReadyCount of barbican API instances
+	ReadyCount int32 `json:"readyCount,omitempty"`
+
+	// Map of hashes to track e.g. job status
+	Hash map[string]string `json:"hash,omitempty"`
+
+	// API endpoint
+	APIEndpoints map[string]string `json:"apiEndpoint,omitempty"`
+
+	// Conditions
+	Conditions condition.Conditions `json:"conditions,omitempty" optional:"true"`
+
+	// NetworkAttachments status of the deployment pods
+	NetworkAttachments map[string][]string `json:"networkAttachments,omitempty"`
+
+	// Barbican Database Hostname
+	DatabaseHostname string `json:"databaseHostname,omitempty"`
 }
 
 //+kubebuilder:object:root=true

api/v1beta1/barbicanworker_types.go

@@ -33,6 +33,8 @@ type BarbicanWorkerSpec struct {
 	BarbicanTemplate `json:",inline"`
 
 	BarbicanWorkerTemplate `json:",inline"`
+
+	TransportURLSecret string `json:"transportURLSecret,omitempty"`
 }
 
 // BarbicanWorkerStatus defines the observed state of BarbicanWorker

api/v1beta1/common_types.go

@@ -1,6 +1,9 @@
 package v1beta1
 
-import "github.com/openstack-k8s-operators/lib-common/modules/common/endpoint"
+import (
+	"github.com/openstack-k8s-operators/lib-common/modules/common/endpoint"
+	corev1 "k8s.io/api/core/v1"
+)
 
 // BarbicanTemplate defines common Spec elements for all Barbican components
 type BarbicanTemplate struct {
@@ -32,6 +35,10 @@ type BarbicanTemplate struct {
 	// Needed to request a transportURL that is created and used in Barbican
 	RabbitMqClusterName string `json:"rabbitMqClusterName"`
 
+	// +kubebuilder:validation:Optional
+	// Secret containing SimpleCrypto KEK
+	SimpleCryptoBackendKEKSecret string `json:"simpleCryptoBackendKEKSecret,omitempty"`
+
 	// +kubebuilder:validation:Optional
 	// Secret containing all passwords / keys needed
 	Secret string `json:"secret"`
@@ -91,6 +98,17 @@ type BarbicanComponentTemplate struct {
 	// TODO: -> implement
 	DefaultConfigOverwrite map[string]string `json:"defaultConfigOverwrite,omitempty"`
 
+	// +kubebuilder:validation:Optional
+	// CustomServiceConfigSecrets - customize the service config using this parameter to specify Secrets
+	// that contain sensitive service config data. The content of each Secret gets added to the
+	// /etc/<service>/<service>.conf.d directory as a custom config file.
+	CustomServiceConfigSecrets []string `json:"customServiceConfigSecrets,omitempty"`
+
+	// +kubebuilder:validation:Optional
+	// Resources - Compute Resources required by this service (Limits/Requests).
+	// https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+	Resources corev1.ResourceRequirements `json:"resources,omitempty"`
+
 	// +kubebuilder:validation:Optional
 	// NetworkAttachments is a list of NetworkAttachment resource names to expose the services to the given network
 	NetworkAttachments []string `json:"networkAttachments,omitempty"`
@@ -106,10 +124,6 @@ type PasswordSelector struct {
 	// +kubebuilder:default="BarbicanPassword"
 	// Service - Selector to get the barbican service user password from the Secret
 	Service string `json:"service"`
-
-	// +kubebuilder:validation:Optional
-	// SimpleCryptoKEK - base64 encoded KEK for SimpleCrypto backend
-	SimpleCryptoKEK string `json:"simpleCryptoKEK,omitempty"`
 }
 
 // BarbicanDebug indicates whether certain stages of deployment should be paused

api/v1beta1/conditions.go

@@ -5,6 +5,7 @@ import "github.com/openstack-k8s-operators/lib-common/modules/common/condition"
 const (
 	// BarbicanAPIReadyCondition -
 	BarbicanAPIReadyCondition condition.Type = "BarbicanAPIReady"
+
 	// BarbicanWorkerReadyCondition -
 	BarbicanWorkerReadyCondition condition.Type = "BarbicanWorkerReady"
 	// BarbicanRabbitMQTransportURLReadyCondition -
@@ -14,6 +15,8 @@ const (
 const (
 	// BarbicanAPIReadyInitMessage -
 	BarbicanAPIReadyInitMessage = "BarbicanAPI not started"
+	// BarbicanAPIReadyErrorMessage -
+	BarbicanAPIReadyErrorMessage = "BarbicanAPI error occured %s"
 	// BarbicanWorkerReadyInitMessage -
 	BarbicanWorkerReadyInitMessage = "BarbicanWorker not started"
 

config/crd/bases/barbican.openstack.org_barbicanapis.yaml

@@ -46,6 +46,14 @@ spec:
                   added to to /etc/<service>/<service>.conf.d directory as custom.conf
                   file.
                 type: string
+              customServiceConfigSecrets:
+                description: CustomServiceConfigSecrets - customize the service config
+                  using this parameter to specify Secrets that contain sensitive service
+                  config data. The content of each Secret gets added to the /etc/<service>/<service>.conf.d
+                  directory as a custom config file.
+                items:
+                  type: string
+                type: array
               databaseInstance:
                 description: 'MariaDB instance name TODO(dmendiza): Is this comment
                   right? Right now required by the maridb-operator to get the credentials
@@ -162,10 +170,6 @@ spec:
                     description: Service - Selector to get the barbican service user
                       password from the Secret
                     type: string
-                  simpleCryptoKEK:
-                    description: SimpleCryptoKEK - base64 encoded KEK for SimpleCrypto
-                      backend
-                    type: string
                 type: object
               rabbitMqClusterName:
                 default: rabbitmq
@@ -179,6 +183,54 @@ spec:
                 maximum: 32
                 minimum: 0
                 type: integer
+              resources:
+                description: Resources - Compute Resources required by this service
+                  (Limits/Requests). https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                properties:
+                  claims:
+                    description: "Claims lists the names of resources, defined in
+                      spec.resourceClaims, that are used by this container. \n This
+                      is an alpha field and requires enabling the DynamicResourceAllocation
+                      feature gate. \n This field is immutable. It can only be set
+                      for containers."
+                    items:
+                      description: ResourceClaim references one entry in PodSpec.ResourceClaims.
+                      properties:
+                        name:
+                          description: Name must match the name of one entry in pod.spec.resourceClaims
+                            of the Pod where this field is used. It makes that resource
+                            available inside a container.
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                    x-kubernetes-list-map-keys:
+                    - name
+                    x-kubernetes-list-type: map
+                  limits:
+                    additionalProperties:
+                      anyOf:
+                      - type: integer
+                      - type: string
+                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                      x-kubernetes-int-or-string: true
+                    description: 'Limits describes the maximum amount of compute resources
+                      allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                    type: object
+                  requests:
+                    additionalProperties:
+                      anyOf:
+                      - type: integer
+                      - type: string
+                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                      x-kubernetes-int-or-string: true
+                    description: 'Requests describes the minimum amount of compute
+                      resources required. If Requests is omitted for a container,
+                      it defaults to Limits if that is explicitly specified, otherwise
+                      to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
+                    type: object
+                type: object
               secret:
                 description: Secret containing all passwords / keys needed
                 type: string
@@ -191,6 +243,12 @@ spec:
                 description: ServiceUser - optional username used for this service
                   to register in keystone
                 type: string
+              simpleCryptoBackendKEKSecret:
+                description: Secret containing SimpleCrypto KEK
+                type: string
+              transportURLSecret:
+                description: TransportURLSecret - Secret containing RabbitMQ transportURL
+                type: string
             required:
             - containerImage
             - databaseInstance
@@ -199,6 +257,74 @@ spec:
             type: object
           status:
             description: BarbicanAPIStatus defines the observed state of BarbicanAPI
+            properties:
+              apiEndpoint:
+                additionalProperties:
+                  type: string
+                description: API endpoint
+                type: object
+              conditions:
+                description: Conditions
+                items:
+                  description: Condition defines an observation of a API resource
+                    operational state.
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another. This should be when the underlying condition changed.
+                        If that is not known, then using the time when the API field
+                        changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: A human readable message indicating details about
+                        the transition.
+                      type: string
+                    reason:
+                      description: The reason for the condition's last transition
+                        in CamelCase.
+                      type: string
+                    severity:
+                      description: Severity provides a classification of Reason code,
+                        so the current situation is immediately understandable and
+                        could act accordingly. It is meant for situations where Status=False
+                        and it should be indicated if it is just informational, warning
+                        (next reconciliation might fix it) or an error (e.g. DB create
+                        issue and no actions to automatically resolve the issue can/should
+                        be done). For conditions where Status=Unknown or Status=True
+                        the Severity should be SeverityNone.
+                      type: string
+                    status:
+                      description: Status of the condition, one of True, False, Unknown.
+                      type: string
+                    type:
+                      description: Type of condition in CamelCase.
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - status
+                  - type
+                  type: object
+                type: array
+              databaseHostname:
+                description: Barbican Database Hostname
+                type: string
+              hash:
+                additionalProperties:
+                  type: string
+                description: Map of hashes to track e.g. job status
+                type: object
+              networkAttachments:
+                additionalProperties:
+                  items:
+                    type: string
+                  type: array
+                description: NetworkAttachments status of the deployment pods
+                type: object
+              readyCount:
+                description: ReadyCount of barbican API instances
+                format: int32
+                type: integer
             type: object
         type: object
     served: true