Agent gradual

.golangci.yml

@@ -138,6 +138,9 @@ linters-settings:
         disabled: true
   funlen:
     lines: 65
+  gosec:
+    excludes:
+      - G115
 
 issues:
   exclude-rules:

Dockerfile

@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM docker.io/library/golang:1.21-alpine as builder
+FROM docker.io/library/golang:1.21-alpine AS builder
 
 
 WORKDIR /workspace
@@ -10,28 +10,19 @@ COPY go.sum go.sum
 # and so that source changes don't invalidate our downloaded layer
 RUN go mod download
 
-# Build router
-RUN apk add llvm clang linux-headers libbpf-dev musl-dev
-
 # Copy the go source
-COPY cmd/manager/main.go main.go
+COPY cmd/operator/main.go main.go
 COPY api/ api/
 COPY controllers/ controllers/
 COPY pkg/ pkg/
 
-# Build router
-COPY bpf/ bpf/
-RUN cd pkg/bpf/ && go generate
-
 # Build
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o manager main.go
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o operator main.go
 
 FROM alpine:latest
 
-RUN apk add --no-cache iptables ip6tables
-
 WORKDIR /
-COPY --from=builder /workspace/manager .
+COPY --from=builder /workspace/operator .
 USER 65532:65532
 
-ENTRYPOINT ["/manager"]
+ENTRYPOINT ["/operator"]

Makefile

@@ -1,8 +1,12 @@
 
-# Image URL to use all building/pushing image targets
-IMG ?= ghcr.io/telekom/das-schiff-network-operator:latest
+# Agent image URL to use all building/pushing image targets
+AGENT_IMG ?= ghcr.io/telekom/das-schiff-network-operator-agent:latest
 # Sidecar image URL to use all building/pushing image targets
 SIDECAR_IMG ?= ghcr.io/telekom/frr-exporter:latest
+# Operator image URL to use all building/pushing image targets
+OPERATOR_IMG ?= ghcr.io/telekom/das-schiff-network-opeator:latest
+# Worker image URL to use all building/pushing image targets
+WORKER_IMG ?= ghcr.io/telekom/worker:latest
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
 ENVTEST_K8S_VERSION = 1.25
 
@@ -50,8 +54,13 @@ manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and Cust
 	$(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
 
 .PHONY: generate
-generate: controller-gen bpf-generate ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
+generate: controller-gen bpf-generate ## Generate code containing DeepCopy, DeepCopyInto and DeepCopyObject method implementations and GRPC code.
 	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
+	PATH=$(PATH):$(shell pwd)/bin $(PROTOC) --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative pkg/worker/pb/worker.proto
+
+.PHONY: generate-protobuff
+generate-protobuff: protoc ## Generate code containing DeepCopy, DeepCopyInto and DeepCopyObject method implementations.
+	PATH=$(PATH):$(shell pwd)/bin $(PROTOC) --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative pkg/worker/pb/worker.proto
 
 .PHONY: fmt
 fmt: ## Run go fmt against code.
@@ -68,33 +77,72 @@ test: manifests generate fmt vet envtest ## Run tests.
 ##@ Build
 
 .PHONY: build
-build: generate fmt vet ## Build manager binary.
-	go build -o bin/manager cmd/manager/main.go
+build: generate fmt vet ## Build agent binary.
+	go build -o bin/operator cmd/operator/main.go
+	go build -o bin/agent cmd/agent/main.go
+	go build -o bin/frr-exporter cmd/frr-exporter/main.go
+
+.PHONY: operator-build
+operator-build: generate fmt vet ## Build agent binary.
+	go build -o bin/operator cmd/operator/main.go
 
-.PHONY: sidecar-build
+.PHONY: agent-build
+agent-build: generate fmt vet ## Build agent binary.
+	go build -o bin/agent cmd/agent/main.go
+
+.PHONY: sidecar-build ## Build sidecar (frr-exporter) binary.
 sidecar-build: build
 	go build -o bin/frr-exporter cmd/frr-exporter/main.go
 
+.PHONY: worker-build ## Build worker binary.
+agent-build: generate fmt vet
+	go build -o bin/worker cmd/worker/main.go
+
 .PHONY: run
 run: manifests generate fmt vet ## Run a controller from your host.
-	go run ./cmd/manager/main.go
+	go run ./cmd/agent/main.go
 
 .PHONY: docker-build
 docker-build: test ## Build docker image with the manager.
-	docker build -t ${IMG} .
+	docker build -t ${OPERATOR_IMG} .
+	docker build -t ${AGENT_IMG} -f agent.Dockerfile .
+	docker build -t ${SIDECAR_IMG} -f frr-exporter.Dockerfile .
+	docker build -t ${WORKER_IMG} -f worker.Dockerfile .
+
+.PHONY: docker-build-agent
+docker-build-agent: test ## Build docker image with the manager.
+	docker build -t ${AGENT_IMG} -f agent.Dockerfile .
 
 .PHONY: docker-build-sidecar
 docker-build-sidecar: test ## Build docker image with the manager.
 	docker build -t ${SIDECAR_IMG} -f frr-exporter.Dockerfile .
 
+.PHONY: docker-build-operator
+docker-build-operator: test ## Build docker image with the manager.
+	docker build -t ${OPERATOR_IMG} .
+
+.PHONY: docker-build-worker
+docker-build-worker: test ## Build docker image with the manager.
+	docker build -t ${WORKER_IMG} -f worker.Dockerfile .
+
 .PHONY: docker-push
-docker-push: ## Push docker image with the manager.
-	docker push ${IMG}
+docker-push: docker-push-agent docker-push-sidecar docker-push-operator
+
+.PHONY: docker-push-agent
+docker-push-agent: ## Push docker image with the manager.
+	docker push ${AGENT_IMG}
 
 .PHONY: docker-push-sidecar
 docker-push-sidecar: ## Push docker image with the manager.
 	docker push ${SIDECAR_IMG}
 
+.PHONY: docker-push-operator
+docker-push-operator: ## Push docker image with the manager.
+	docker push ${OPERATOR_IMG}
+
+.PHONY: docker-push-worker
+docker-push-worker: ## Push docker image with the manager.
+	docker push ${WORKER_IMG}
 
 ##@ Release
 
@@ -133,8 +181,10 @@ uninstall-certs: manifests kustomize ## Uninstall certs
 
 .PHONY: deploy
 deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
-	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
-	cd config/manager && $(KUSTOMIZE) edit set image frr-exporter=${SIDECAR_IMG}
+	cd config/agent && $(KUSTOMIZE) edit set image agent=${AGENT_IMG}
+	cd config/agent && $(KUSTOMIZE) edit set image frr-exporter=${SIDECAR_IMG}
+	cd config/operator && $(KUSTOMIZE) edit set image operator=${OPERATOR_IMG}
+	cd config/worker && $(KUSTOMIZE) edit set image worker=${WORKER_IMG}
 	$(KUSTOMIZE) build config/default | kubectl apply -f -
 
 .PHONY: undeploy
@@ -174,3 +224,10 @@ GOBIN=$(PROJECT_DIR)/bin go install $(2) ;\
 rm -rf $$TMP_DIR ;\
 }
 endef
+
+PROTOC_DIR = $(shell pwd)/bin/protoc
+PROTOC = $(shell pwd)/bin/protoc/bin/protoc
+.PHONY: protoc
+protoc: ## Download controller-gen locally if necessary.
+	mkdir -p $(PROTOC_DIR) && cd $(PROTOC_DIR) && wget -nc https://github.com/protocolbuffers/protobuf/releases/download/v27.0/protoc-27.0-linux-x86_64.zip 2> /dev/null && unzip -nqq protoc-27.0-linux-x86_64.zip
+	$(call go-get-tool,$(PROTOC_DIR),google.golang.org/protobuf/cmd/[email protected])

agent.Dockerfile

@@ -0,0 +1,37 @@
+# Build the manager binary
+FROM docker.io/library/golang:1.21-alpine AS builder
+
+
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Build router
+RUN apk add llvm clang linux-headers libbpf-dev musl-dev
+
+# Copy the go source
+COPY cmd/agent/main.go main.go
+COPY api/ api/
+COPY controllers/ controllers/
+COPY pkg/ pkg/
+
+# Build router
+COPY bpf/ bpf/
+RUN cd pkg/bpf/ && go generate
+
+# Build
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o agent main.go
+
+FROM alpine:latest
+
+RUN apk add --no-cache iptables ip6tables
+
+WORKDIR /
+COPY --from=builder /workspace/agent .
+USER 65532:65532
+
+ENTRYPOINT ["/agent"]

api/v1alpha1/networkconfigrevision_types.go

@@ -0,0 +1,102 @@
+/*
+Copyright 2024.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	"crypto/sha256"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// NetworkConfigSpec defines the desired state of NetworkConfig.
+type NetworkConfigRevisionSpec struct {
+	// Config stores global configuration of the nodes.
+	Config NodeNetworkConfigSpec `json:"config"`
+	// Revision is a hash of the NetworkConfigRevision object that is used to identify the particular revision.
+	Revision string `json:"revision"`
+}
+
+type NetworkConfigRevisionStatus struct {
+	// IsInvalid determines if NetworkConfigRevision results in misconfigured nodes (invalid configuration).
+	IsInvalid bool `json:"isInvalid"`
+	// Ready informs about how many nodes were already provisioned with a config derived from the revision.
+	Ready int `json:"ready"`
+	// Ongoing informs about how many nodes are currently provisioned with a config derived from the revision.
+	Ongoing int `json:"ongoing"`
+	// Queued informs about how many nodes are currently waiting to be provisiined with a config derived from the revision.
+	Queued int `json:"queued"`
+	// Total informs about how many nodes in total can be provisiined with a config derived from the revision.
+	Total int `json:"total"`
+}
+
+//+kubebuilder:object:root=true
+//+kubebuilder:subresource:status
+//+kubebuilder:resource:shortName=ncr,scope=Cluster
+//+kubebuilder:printcolumn:name="Invalid",type=string,JSONPath=`.status.isInvalid`
+//+kubebuilder:printcolumn:name="Queued",type="integer",JSONPath=".status.queued"
+//+kubebuilder:printcolumn:name="Ongoing",type="integer",JSONPath=".status.ongoing"
+//+kubebuilder:printcolumn:name="Ready",type="integer",JSONPath=".status.ready"
+//+kubebuilder:printcolumn:name="Total",type="integer",JSONPath=".status.total"
+//+kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
+
+// NetworkConfigRevision is the Schema for the node configuration.
+type NetworkConfigRevision struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   NetworkConfigRevisionSpec   `json:"spec,omitempty"`
+	Status NetworkConfigRevisionStatus `json:"status,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+
+// NetworkConfigRevisionList contains a list of NetworkConfigRevision.
+type NetworkConfigRevisionList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []NetworkConfigRevision `json:"items"`
+}
+
+func NewRevision(config *NodeNetworkConfig) (*NetworkConfigRevision, error) {
+	data, err := json.Marshal(config.Spec)
+	if err != nil {
+		return nil, fmt.Errorf("error marshalling data: %w", err)
+	}
+
+	h := sha256.New()
+	if _, err := h.Write(data); err != nil {
+		return nil, fmt.Errorf("failed hashing network config: %w", err)
+	}
+	hash := h.Sum(nil)
+	hashHex := hex.EncodeToString(hash)
+
+	return &NetworkConfigRevision{
+		ObjectMeta: metav1.ObjectMeta{Name: hashHex[:10]},
+		Spec: NetworkConfigRevisionSpec{
+			Config:   config.Spec,
+			Revision: hashHex,
+		},
+		Status: NetworkConfigRevisionStatus{},
+	}, nil
+}
+
+func init() {
+	SchemeBuilder.Register(&NetworkConfigRevision{}, &NetworkConfigRevisionList{})
+}