New Feature: Service metadata (#77)

* Add service metadata endpoints

* New release 1.5.0-unstable (#70)

Co-authored-by: aalexandru <[email protected]>

* Add chargebackBusinessUnit field; Remove k8sInfraRelease field (#74)

* Add chargebackBusinessUnit field; Remove k8sInfraRelease field

* Fix go deps

* go mod tidy

* Updated controller-gen version

* Fix go.sum imports

* Bump go version to 1.21

* Refactor deprecated clientConfig

* Refactor clientConfig webhook configuration

* Fix G304 (CWE-22)

* Add missing license

* Update makefile K8S_VERSION to 1.25.0

* Update controller-gen crd options

---------

Co-authored-by: aalexandru <[email protected]>

* Add recommended helm labels (#71)

* Add recommended helm labels

* Increase chart version

* New release 1.4.2 (#75)

Co-authored-by: aalexandru <[email protected]>

* Fix leader election (#76)

Co-authored-by: aalexandru <[email protected]>

* Update kind version

* Add new crd & controller reconciliation logic

* Updated serviceMetadata patching logic

* make swagger

* Add chargebackBusinessUnit field; Remove k8sInfraRelease field (#74)

* Add chargebackBusinessUnit field; Remove k8sInfraRelease field

* Fix go deps

* go mod tidy

* Updated controller-gen version

* Fix go.sum imports

* Bump go version to 1.21

* Refactor deprecated clientConfig

* Refactor clientConfig webhook configuration

* Fix G304 (CWE-22)

* Add missing license

* Update makefile K8S_VERSION to 1.25.0

* Update controller-gen crd options

---------

Co-authored-by: aalexandru <[email protected]>

* Update kind version

* Add new crd & controller reconciliation logic

* Updated serviceMetadata patching logic

* make swagger

* Add client config defaults

* Updated service metadata patching logic

* Ignore service object delete events

* Fix linting errors

* Add missing license

---------

Co-authored-by: aalexandru <[email protected]>
Co-authored-by: caradu <[email protected]>

Makefile

@@ -217,7 +217,7 @@ kustomize: ## Download kustomize locally if necessary.
 	@[ -f $(KUSTOMIZE) ] || GOBIN=$(shell pwd)/bin go install sigs.k8s.io/kustomize/kustomize/[email protected]
 
 manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
-	$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=$(MANAGER_ROLE) webhook paths="$(shell pwd)/pkg/api/..." output:crd:artifacts:config=$(shell pwd)/config/crd/bases output:rbac:artifacts:config=$(shell pwd)/config/rbac
+	$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=$(MANAGER_ROLE) webhook paths="$(shell pwd)/pkg/..." output:crd:artifacts:config=$(shell pwd)/config/crd/bases output:rbac:artifacts:config=$(shell pwd)/config/rbac
 
 generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
 	$(CONTROLLER_GEN) object:headerFile="$(shell pwd)/hack/boilerplate.go.txt" paths="$(shell pwd)/pkg/api/..."
@@ -229,5 +229,5 @@ generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and
 
 SWAGGER_CLI = $(shell pwd)/bin/swag
 swagger:
-	@[ -f $(SWAGGER_CLI) ] || GOBIN=$(shell pwd)/bin go install github.com/swaggo/swag/cmd/swag@v1.8.12
+	@[ -f $(SWAGGER_CLI) ] || GOBIN=$(shell pwd)/bin go install github.com/swaggo/swag/cmd/swag@v1.16.2
 	$(SWAGGER_CLI) init --parseDependency --parseInternal --parseDepth 2 -g cmd/apiserver/apiserver.go --output pkg/apiserver/docs/

cmd/apiserver/apiserver.go

@@ -35,7 +35,7 @@ var Version = "dev"
 // @version 1.0
 // @description Cluster Registry API
 
-// @host http://127.0.0.1:8080
+// @host 127.0.0.1:8080
 // @BasePath /api
 
 // @schemes http https

cmd/client/client.go

@@ -13,19 +13,17 @@ governing permissions and limitations under the License.
 package main
 
 import (
+	"encoding/base64"
 	"flag"
-	"k8s.io/client-go/tools/leaderelection/resourcelock"
-	"os"
-	"sigs.k8s.io/controller-runtime/pkg/cache"
-
+	registryv1alpha1 "github.com/adobe/cluster-registry/pkg/api/registry/v1alpha1"
 	"github.com/adobe/cluster-registry/pkg/client/controllers"
 	"github.com/adobe/cluster-registry/pkg/config"
 	monitoring "github.com/adobe/cluster-registry/pkg/monitoring/client"
 	"github.com/adobe/cluster-registry/pkg/sqs"
-
 	"github.com/prometheus/client_golang/prometheus/promhttp"
-
-	"encoding/base64"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/client-go/tools/leaderelection/resourcelock"
+	"os"
 
 	configv1 "github.com/adobe/cluster-registry/pkg/api/config/v1"
 	registryv1 "github.com/adobe/cluster-registry/pkg/api/registry/v1"
@@ -48,10 +46,13 @@ var (
 func init() {
 	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
 	utilruntime.Must(registryv1.AddToScheme(scheme))
+	utilruntime.Must(registryv1alpha1.AddToScheme(scheme))
 	utilruntime.Must(configv1.AddToScheme(scheme))
 }
 
 func main() {
+	ctx := ctrl.SetupSignalHandler()
+
 	var configFile string
 	var metricsAddr string
 	var enableLeaderElection bool
@@ -80,18 +81,20 @@ func main() {
 	ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
 
 	var err error
-	clientConfig := configv1.ClientConfig{
+	var clientConfig configv1.ClientConfig
+	clientConfigDefaults := configv1.ClientConfig{
 		Namespace: namespace,
 		AlertmanagerWebhook: configv1.AlertmanagerWebhookConfig{
 			BindAddress: alertmanagerWebhookAddr,
 			AlertMap:    []configv1.AlertRule{},
 		},
+		ServiceMetadata: configv1.ServiceMetadataConfig{
+			WatchedGVKs:         []configv1.WatchedGVK{},
+			ServiceIdAnnotation: "adobe.serviceid",
+		},
 	}
 	options := ctrl.Options{
-		Scheme: scheme,
-		Cache: cache.Options{
-			Namespaces: []string{namespace},
-		},
+		Scheme:                     scheme,
 		MetricsBindAddress:         metricsAddr,
 		HealthProbeBindAddress:     probeAddr,
 		LeaderElection:             enableLeaderElection,
@@ -100,7 +103,7 @@ func main() {
 	}
 
 	if configFile != "" {
-		options, clientConfig, err = apply(configFile)
+		options, clientConfig, err = apply(configFile, &clientConfigDefaults)
 		if err != nil {
 			setupLog.Error(err, "unable to load the config file")
 			os.Exit(1)
@@ -144,6 +147,27 @@ func main() {
 		os.Exit(1)
 	}
 
+	if err = (&controllers.ServiceMetadataWatcherReconciler{
+		Client: mgr.GetClient(),
+		Log:    ctrl.Log.WithName("controllers").WithName("ServiceMetadataWatcher"),
+		Scheme: mgr.GetScheme(),
+		WatchedGVKs: func(cfg configv1.ClientConfig) []schema.GroupVersionKind {
+			var GVKs []schema.GroupVersionKind
+			for _, gvk := range cfg.ServiceMetadata.WatchedGVKs {
+				GVKs = append(GVKs, schema.GroupVersionKind{
+					Group:   gvk.Group,
+					Version: gvk.Version,
+					Kind:    gvk.Kind,
+				})
+			}
+			return GVKs
+		}(clientConfig),
+		ServiceIdAnnotation: clientConfig.ServiceMetadata.ServiceIdAnnotation,
+	}).SetupWithManager(ctx, mgr); err != nil {
+		setupLog.Error(err, "unable to create controller", "controller", "ServiceMetadataWatcher")
+		os.Exit(1)
+	}
+
 	if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {
 		setupLog.Error(err, "unable to set up health check")
 		os.Exit(1)
@@ -174,14 +198,14 @@ func main() {
 	}()
 
 	setupLog.Info("starting cluster-registry-client")
-	if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil {
+	if err := mgr.Start(ctx); err != nil {
 		setupLog.Error(err, "problem running cluster-registry-client")
 		os.Exit(1)
 	}
 }
 
-func apply(configFile string) (ctrl.Options, configv1.ClientConfig, error) {
-	options, cfg, err := configv1.Load(scheme, configFile)
+func apply(configFile string, clientConfigDefaults *configv1.ClientConfig) (ctrl.Options, configv1.ClientConfig, error) {
+	options, cfg, err := configv1.Load(scheme, configFile, clientConfigDefaults)
 	if err != nil {
 		return options, cfg, err
 	}

config/crd/bases/registry.ethos.adobe.com_clusters.yaml

@@ -204,6 +204,15 @@ spec:
               registeredAt:
                 description: Timestamp when cluster was registered in Cluster Registry
                 type: string
+              services:
+                additionalProperties:
+                  additionalProperties:
+                    additionalProperties:
+                      type: string
+                    type: object
+                  type: object
+                description: ServiceMetadata service specific metadata
+                type: object
               shortName:
                 description: Cluster name, without dash
                 maxLength: 64

config/crd/bases/registry.ethos.adobe.com_servicemetadatawatchers.yaml

@@ -0,0 +1,82 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.13.0
+  name: servicemetadatawatchers.registry.ethos.adobe.com
+spec:
+  group: registry.ethos.adobe.com
+  names:
+    kind: ServiceMetadataWatcher
+    listKind: ServiceMetadataWatcherList
+    plural: servicemetadatawatchers
+    singular: servicemetadatawatcher
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: ServiceMetadataWatcher is the Schema for the servicemetadatawatchers
+          API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ServiceMetadataWatcherSpec defines the desired state of ServiceMetadataWatcher
+            properties:
+              watchedServiceObjects:
+                items:
+                  properties:
+                    objectReference:
+                      properties:
+                        apiVersion:
+                          type: string
+                        kind:
+                          type: string
+                        name:
+                          type: string
+                      required:
+                      - apiVersion
+                      - kind
+                      - name
+                      type: object
+                    watchedFields:
+                      items:
+                        properties:
+                          dst:
+                            type: string
+                          src:
+                            type: string
+                        required:
+                        - dst
+                        - src
+                        type: object
+                      type: array
+                  required:
+                  - objectReference
+                  - watchedFields
+                  type: object
+                type: array
+            required:
+            - watchedServiceObjects
+            type: object
+          status:
+            description: ServiceMetadataWatcherStatus defines the observed state of
+              ServiceMetadataWatcher
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}

config/crd/kustomization.yaml

@@ -3,17 +3,20 @@
 # It should be run by config/default
 resources:
 - bases/registry.ethos.adobe.com_clusters.yaml
+- bases/registry.ethos.adobe.com.servicemetadatawatchers.yaml
 #+kubebuilder:scaffold:crdkustomizeresource
 
 patchesStrategicMerge:
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
 # patches here are for enabling the conversion webhook for each CRD
 #- patches/webhook_in_clusters.yaml
+#- path: patches/webhook_in_servicemetadatawatchers.yaml
 #+kubebuilder:scaffold:crdkustomizewebhookpatch
 
 # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
 # patches here are for enabling the CA injection for each CRD
 #- patches/cainjection_in_clusters.yaml
+#- path: patches/cainjection_in_servicemetadatawatchers.yaml
 #+kubebuilder:scaffold:crdkustomizecainjectionpatch
 
 # the following config is for teaching kustomize how to do kustomization for CRDs.

config/crd/patches/cainjection_in_servicemetadatawatchers.yaml

@@ -0,0 +1,7 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME
+  name: servicemetadatawatchers.registry.ethos.adobe.com

config/crd/patches/webhook_in_servicemetadatawatchers.yaml

@@ -0,0 +1,16 @@
+# The following patch enables a conversion webhook for the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: servicemetadatawatchers.registry.ethos.adobe.com
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        service:
+          namespace: system
+          name: webhook-service
+          path: /convert
+      conversionReviewVersions:
+      - v1

config/rbac/role.yaml

@@ -1,9 +1,7 @@
-
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  creationTimestamp: null
   name: cluster-registry
 rules:
 - apiGroups:
@@ -32,3 +30,29 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - registry.ethos.adobe.com
+  resources:
+  - servicemetadatawatchers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - registry.ethos.adobe.com
+  resources:
+  - servicemetadatawatchers/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - registry.ethos.adobe.com
+  resources:
+  - servicemetadatawatchers/status
+  verbs:
+  - get
+  - patch
+  - update

config/rbac/servicemetadatawatcher_editor_role.yaml

@@ -0,0 +1,31 @@
+# permissions for end users to edit servicemetadatawatchers.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: servicemetadatawatcher-editor-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: cluster-registry
+    app.kubernetes.io/part-of: cluster-registry
+    app.kubernetes.io/managed-by: kustomize
+  name: servicemetadatawatcher-editor-role
+rules:
+- apiGroups:
+  - registry.ethos.adobe.com
+  resources:
+  - servicemetadatawatchers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - registry.ethos.adobe.com
+  resources:
+  - servicemetadatawatchers/status
+  verbs:
+  - get

config/rbac/servicemetadatawatcher_viewer_role.yaml

@@ -0,0 +1,27 @@
+# permissions for end users to view servicemetadatawatchers.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: servicemetadatawatcher-viewer-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: cluster-registry
+    app.kubernetes.io/part-of: cluster-registry
+    app.kubernetes.io/managed-by: kustomize
+  name: servicemetadatawatcher-viewer-role
+rules:
+- apiGroups:
+  - registry.ethos.adobe.com
+  resources:
+  - servicemetadatawatchers
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - registry.ethos.adobe.com
+  resources:
+  - servicemetadatawatchers/status
+  verbs:
+  - get