feat(ctrl): implement MeshFederation reconciliation

This commit introduces the initial implementation of the MeshFederation
controller. The controller is responsible for:

- Managing the MeshFederation server lifecycle (openshift-service-mesh#152)
- Configuring MeshFederation resources, including:
  - IngressGateway
  - PeerAuthentication
  - EnvoyFilter (for OpenShift Router)
  - Routes (for OpenShift Router)
- Watching Kubernetes services to:
  - Push SotW updates to all connected peers (openshift-service-mesh#153)
  - Update MeshFederation cluster configuration
  - Support both label selectors and expressions (openshift-service-mesh#52 openshift-service-mesh#143)

Basic EnvTest tests are included to verify the setup.

Fixes openshift-service-mesh#152 openshift-service-mesh#52 openshift-service-mesh#143 openshift-service-mesh#153

Author: bartoszmajsak

.gitignore

@@ -5,6 +5,10 @@ bin/
 .idea/
 .vscode/
 
+# Test artifacts
+cover.out
+ginkgo-test-results.xml
+
 # demo output
 Makefile.selfsigned.mk
 common.mk

Makefile

@@ -10,6 +10,7 @@ export ISTIO_VERSION ?= 1.23.0
 LOCALBIN := $(PROJECT_DIR)/bin
 
 include Makefile.tooling.mk
+include Makefile.func.mk
 
 PROTOBUF_API_DIR := $(PROJECT_DIR)/api/proto/federation
 PROTOBUF_API_SRC := $(shell find $(PROTOBUF_API_DIR) -type f -name "*.proto")
@@ -40,15 +41,34 @@ build: deps $(PROTOBUF_GEN) $(CRD_GEN) ## Builds the project
 ##@ Development
 
 .PHONY: test
-test: build ## Runs tests
-	go test $(PROJECT_DIR)/...
+test: test-unit test-ctrl ## Runs unit and controller tests
+
+.PHONY: test-unit
+test-unit: build ## Runs unit tests
+	go test $(PROJECT_DIR)/internal/pkg/...
+
+ENVTEST_K8S_VERSION = 1.31 # refers to the version of kubebuilder assets to be downloaded by envtest binary.
+test-ctrl: fetch-test-crds
+test-ctrl: $(ENVTEST) $(GINKGO) ## Runs controller tests using k8s envtest
+	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" \
+	$(GINKGO) $(PROJECT_DIR)/internal/controller/... -r \
+		-vet=off \
+		-coverprofile cover.out \
+		--junit-report=ginkgo-test-results.xml ${args}
+
+.PHONY: fetch-test-crds
+fetch-test-crds: $(CONTROLLER_GEN)
+	$(eval crd_folder = "$(PROJECT_DIR)/test/testdata/crds/external")
+	@$(call fetch-external-crds,github.com/openshift/api,route/v1,$(crd_folder))
+	@curl -s https://raw.githubusercontent.com/istio/istio/$(ISTIO_VERSION)/manifests/charts/base/crds/crd-all.gen.yaml > $(crd_folder)/istio.yaml
+
 
 define local_tag
 $(TAG)$(shell [ "$(USE_LOCAL_IMAGE)" = "true" ] && echo "-local")
 endef
 
-.PHONY: e2e
 TEST_SUITES ?= remote_ip remote_dns_name spire
+.PHONY: e2e
 e2e: kind-clusters ## Runs end-to-end tests against KinD clusters
 	@local_tag=$(call local_tag); \
 	$(foreach suite, $(TEST_SUITES), \

Makefile.func.mk

@@ -0,0 +1,18 @@
+define go-mod-version
+$(shell go mod graph | grep $(1) | head -n 1 | cut -d'@' -f 2)
+endef
+
+# Using controller-gen to fetch external CRDs and put them in defined folder folder
+# They can be used e.g. in testing using EnvTest where controller under test
+# requires additional resources to manage.
+#
+# $(1) - repository to fetch CRDs from, e.g. github.com/openshift/api
+# $(2) - location, e.g. route/v1
+# $(3) - target folder
+#
+# Example use in Makefile target: $(call fetch-external-crds,github.com/openshift/api,route/v1,test/testdata/crds)
+define fetch-external-crds
+GOFLAGS="-mod=readonly" $(CONTROLLER_GEN) crd \
+paths=$(shell go env GOPATH)/pkg/mod/$(1)@$(call go-mod-version,$(1))/$(2)/... \
+output:crd:artifacts:config=$(3)
+endef

Makefile.tooling.mk

@@ -1,5 +1,6 @@
 ## Versions
 CONTROLLER_TOOLS_VERSION ?= v0.16.4
+ENVTEST_PACKAGE_VERSION = release-0.20
 
 ## Binaries
 KIND := $(LOCALBIN)/kind
@@ -10,6 +11,8 @@ PROTOC_GEN_GRPC := $(LOCALBIN)/protoc-gen-go-grpc
 PROTOC_GEN_DEEPCOPY := $(LOCALBIN)/protoc-gen-golang-deepcopy
 CONTROLLER_GEN := $(LOCALBIN)/controller-gen
 GCI := $(LOCALBIN)/gci
+GINKGO := $(LOCALBIN)/ginkgo
+ENVTEST := $(LOCALBIN)/setup-envtest
 
 $(shell mkdir -p $(LOCALBIN))
 
@@ -46,3 +49,10 @@ $(KIND):
 $(CONTROLLER_GEN):
 	GOBIN=$(LOCALBIN) go install -mod=readonly sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_TOOLS_VERSION)
 
+$(GINKGO):
+	@GOBIN=$(LOCALBIN) go install -mod=readonly github.com/onsi/ginkgo/v2/ginkgo
+
+$(ENVTEST):
+	GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@$(ENVTEST_PACKAGE_VERSION)
+
+

api/v1alpha1/meshfederation_types.go

@@ -76,6 +76,9 @@ type MeshFederationStatus struct {
 	// Conditions describes the state of the MeshFederation resource.
 	// +optional
 	Conditions []metav1.Condition `json:"conditions,omitempty"`
+
+	// +optional
+	ExportedServices []string `json:"exportedServices,omitempty"`
 }
 
 type PortConfig struct {

api/v1alpha1/zz_generated.deepcopy.go

@@ -227,6 +227,10 @@ spec:
                   - type
                   type: object
                 type: array
+              exportedServices:
+                items:
+                  type: string
+                type: array
             type: object
         type: object
     served: true

chart/crds/federation.openshift-service-mesh.io_meshfederations.yaml

@@ -30,9 +30,7 @@ import (
 	"istio.io/istio/pkg/slices"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime"
-	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/client-go/informers"
-	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
 	v1 "k8s.io/client-go/listers/core/v1"
 	// +kubebuilder:scaffold:imports
 	"k8s.io/client-go/rest"
@@ -41,7 +39,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 	"sigs.k8s.io/controller-runtime/pkg/metrics/server"
 
-	"github.com/openshift-service-mesh/federation/api/v1alpha1"
+	"github.com/openshift-service-mesh/federation/internal/controller"
 	"github.com/openshift-service-mesh/federation/internal/controller/federatedservice"
 	"github.com/openshift-service-mesh/federation/internal/controller/meshfederation"
 	"github.com/openshift-service-mesh/federation/internal/pkg/config"
@@ -78,10 +76,7 @@ var (
 )
 
 func init() {
-	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
-	utilruntime.Must(v1alpha1.AddToScheme(scheme))
-	utilruntime.Must(v1alpha1.AddToScheme(scheme))
-	// +kubebuilder:scaffold:scheme
+	controller.MustAddToScheme(scheme)
 }
 
 const reconnectDelay = time.Second * 5
@@ -158,7 +153,7 @@ func runCtrls(ctx context.Context, cancel context.CancelFunc) {
 	}
 
 	if err = meshfederation.NewReconciler(mgr.GetClient()).SetupWithManager(mgr); err != nil {
-		log.Errorf("unable to create controller for MeshFederation custom resource: %s", err)
+		log.Errorf("unable to create MeshFederation controller: %s", err)
 		os.Exit(1)
 	}
 	if err = federatedservice.NewReconciler(mgr.GetClient()).SetupWithManager(mgr); err != nil {
@@ -329,7 +324,7 @@ func startFDSClient(ctx context.Context, remote config.Remote, meshConfigPushReq
 		DiscoveryAddr: discoveryAddr,
 		Authority:     remote.ServiceFQDN(),
 		Handlers: map[string]adsc.ResponseHandler{
-			xds.ExportedServiceTypeUrl: fds.NewImportedServiceHandler(importedServiceStore, meshConfigPushRequests),
+			xds.FederatedServiceTypeUrl: fds.NewImportedServiceHandler(importedServiceStore, meshConfigPushRequests),
 		},
 		ReconnectDelay: reconnectDelay,
 	})