feat(api): introduces MeshFederation API

This PR extends `MeshFederation` Custom Resource with configuration for local Federation setup.

This configuration that includes:

- network name
- trust domain
- controlPlane's namespace
   - required to create certain mesh-wide resources
- ingress configuration to be used for creating Federation Ingress Gateway
   - the default should be `istio`
   - support for `openshift-router`

It also defines export rules based on selectors (both label matching as
well as expressions)

### Current assumptions

- there should be only one instance of `MeshFederation`  per namespace
- `metadata.name` is used instead of originally proposed `id` to uniquely identify the local instance

### Related Issues

API for openshift-service-mesh#52 openshift-service-mesh#143

Fixes openshift-service-mesh#141

Author: eoinfennessy

api/v1alpha1/meshfederation_types.go

@@ -12,28 +12,16 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+// Run "make build" to regenerate code after modifying this file
+
 package v1alpha1
 
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
-// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
-
-// MeshFederationSpec defines the desired state of MeshFederation.
-type MeshFederationSpec struct {
-	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
-	// Important: Run "make" to regenerate code after modifying this file
-
-	// Foo is an example field of MeshFederation. Edit meshfederation_types.go to remove/update
-	Foo string `json:"foo,omitempty"`
-}
-
-// MeshFederationStatus defines the observed state of MeshFederation.
-type MeshFederationStatus struct {
-	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
-	// Important: Run "make" to regenerate code after modifying this file
+func init() {
+	SchemeBuilder.Register(&MeshFederation{}, &MeshFederationList{})
 }
 
 // +kubebuilder:object:root=true
@@ -58,6 +46,82 @@ type MeshFederationList struct {
 	Items           []MeshFederation `json:"items"`
 }
 
-func init() {
-	SchemeBuilder.Register(&MeshFederation{}, &MeshFederationList{})
+// MeshFederationSpec defines the desired state of MeshFederation.
+type MeshFederationSpec struct {
+	// Network name used by Istio for load balancing
+	// +kubebuilder:validation:Required
+	Network string `json:"network"`
+
+	// +kubebuilder:default:=cluster.local
+	TrustDomain string `json:"trustDomain"`
+
+	// Namespace used to create mesh-wide resources
+	// +kubebuilder:default:=istio-system
+	ControlPlaneNamespace string `json:"controlPlaneNamespace"`
+
+	// TODO: CRD proposal states "If no ingress is specified, it means the controller supports only single network topology". However, some config, such as gateway/port config, seems to be required.
+	// Config specifying ingress type and ingress gateway config
+	// +kubebuilder:validation:Required
+	IngressConfig IngressConfig `json:"ingress"`
+
+	// Selects the K8s Services to export to all remote meshes.
+	// An empty export object matches all Services in all namespaces.
+	// A null export rules object matches no Services.
+	// +kubebuilder:validation:Optional
+	ExportRules *ExportRules `json:"export,omitempty"`
+}
+
+// MeshFederationStatus defines the observed state of MeshFederation.
+type MeshFederationStatus struct {
+	// Conditions describes the state of the MeshFederation resource.
+	// +optional
+	Conditions []metav1.Condition `json:"conditions,omitempty"`
+}
+
+type PortConfig struct {
+	// TODO: Needs clarification: This was marked as optional in the CRD proposal, but the comment states it cannot be empty
+	// Port name of the ingress gateway Service.
+	// This is relevant only when the ingress type is openshift-router, but it cannot be empty
+	// +kubebuilder:validation:Required
+	Name string `json:"name"`
+
+	// Port of the ingress gateway Service
+	// +kubebuilder:validation:Required
+	Number uint32 `json:"number"`
+}
+
+type GatewayConfig struct {
+	// Ingress gateway selector specifies to which workloads Gateway configurations will be applied.
+	// +kubebuilder:validation:MinProperties=1
+	Selector map[string]string `json:"selector"`
+
+	// Specifies the port name and port number of the ingress gateway service
+	// +kubebuilder:validation:Required
+	PortConfig PortConfig `json:"portConfig"`
+}
+
+type IngressConfig struct {
+	// Local ingress type specifies how to expose exported services.
+	// Currently, only two types are supported: istio and openshift-router.
+	// If "istio" is set, then the controller assumes that the Service associated with federation ingress gateway
+	// is LoadBalancer or NodePort and is directly accessible for remote peers, and then it only creates
+	// an auto-passthrough Gateway to expose exported Services.
+	// When "openshift-router" is enabled, then the controller creates also OpenShift Routes and applies EnvoyFilters
+	// to customize the SNI filter in the auto-passthrough Gateway, because the default SNI DNAT format used by Istio
+	// is not supported by OpenShift Router.
+	// +kubebuilder:default:=istio
+	// +kubebuilder:validation:Enum=istio;openshift-router
+	Type string `json:"type"`
+
+	// Specifies the selector and port config of the ingress gateway
+	// +kubebuilder:validation:Required
+	GatewayConfig GatewayConfig `json:"gateway,omitempty"`
+}
+
+type ExportRules struct {
+	// ServiceSelectors is a label query over K8s Services in all namespaces.
+	// The result of matchLabels and matchExpressions are ANDed.
+	// An empty service selector matches all Services.
+	// A null service selector matches no Services.
+	ServiceSelectors *metav1.LabelSelector `json:"serviceSelectors,omitempty"`
 }