[icxtunnel] implement alpha tunnel connect command

api/core/v1alpha2/doc.go

@@ -0,0 +1,7 @@
+// +k8s:openapi-gen=true
+// +kubebuilder:object:generate=true
+// +groupName=core.apoxy.dev
+// +k8s:deepcopy-gen=package,register
+
+// Package v1alpha2 contains API Schema definitions for the core v1alpha2 API group
+package v1alpha2 // import "github.com/apoxy-dev/apoxy/api/core/v1alpha2"

api/core/v1alpha2/tunnel_agent_types.go

@@ -0,0 +1,120 @@
+package v1alpha2
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/apiserver/pkg/registry/rest"
+	"sigs.k8s.io/apiserver-runtime/pkg/builder/resource"
+)
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:subresource:log
+
+// +genclient
+// +genclient:nonNamespaced
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// TunnelAgent represents a tunnel agent.
+type TunnelAgent struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   TunnelAgentSpec   `json:"spec,omitempty"`
+	Status TunnelAgentStatus `json:"status,omitempty"`
+}
+
+type TunnelAgentSpec struct {
+	// Reference to the Tunnel this agent belongs to.
+	TunnelRef TunnelRef `json:"tunnelRef"`
+}
+
+type TunnelCredentials struct {
+	// Bearer token for authentication with tunnel relays.
+	Token string `json:"token,omitempty"`
+}
+
+type TunnelAgentStatus struct {
+	// Credentials for authenticating with tunnel relays.
+	Credentials *TunnelCredentials `json:"credentials,omitempty"`
+	// Overlay CIDR of the agent. Currently we're using a /96 prefix which
+	// can be used for 4in6 tunneling.
+	Prefix string `json:"prefix,omitempty"`
+}
+
+var _ resource.StatusSubResource = &TunnelAgentStatus{}
+
+func (ps *TunnelAgentStatus) SubResourceName() string {
+	return "status"
+}
+
+func (ps *TunnelAgentStatus) CopyTo(parent resource.ObjectWithStatusSubResource) {
+	parent.(*TunnelAgent).Status = *ps
+}
+
+var (
+	_ runtime.Object                       = &TunnelAgent{}
+	_ resource.Object                      = &TunnelAgent{}
+	_ resource.ObjectWithStatusSubResource = &TunnelAgent{}
+	_ rest.SingularNameProvider            = &TunnelAgent{}
+)
+
+func (p *TunnelAgent) GetObjectMeta() *metav1.ObjectMeta {
+	return &p.ObjectMeta
+}
+
+func (p *TunnelAgent) NamespaceScoped() bool {
+	return false
+}
+
+func (p *TunnelAgent) New() runtime.Object {
+	return &TunnelAgent{}
+}
+
+func (p *TunnelAgent) NewList() runtime.Object {
+	return &TunnelAgentList{}
+}
+
+func (p *TunnelAgent) GetGroupVersionResource() schema.GroupVersionResource {
+	return schema.GroupVersionResource{
+		Group:    SchemeGroupVersion.Group,
+		Version:  SchemeGroupVersion.Version,
+		Resource: "TunnelAgents",
+	}
+}
+
+func (p *TunnelAgent) IsStorageVersion() bool {
+	return true
+}
+
+func (p *TunnelAgent) GetSingularName() string {
+	return "TunnelAgent"
+}
+
+func (p *TunnelAgent) GetStatus() resource.StatusSubResource {
+	return &p.Status
+}
+
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// TunnelAgentList contains a list of TunnelAgent objects.
+type TunnelAgentList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []TunnelAgent `json:"items"`
+}
+
+var _ resource.ObjectList = &TunnelAgentList{}
+
+func (pl *TunnelAgentList) GetListMeta() *metav1.ListMeta {
+	return &pl.ListMeta
+}
+
+// TunnelAgentRef is a reference to a TunnelAgent.
+type TunnelAgentRef struct {
+	// Name of the tunnel agent. Required.
+	// +kubebuilder:validation:MinLength=1
+	Name string `json:"name"`
+}

api/core/v1alpha2/tunnel_endpoint_types.go

@@ -0,0 +1,110 @@
+package v1alpha2
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/apiserver/pkg/registry/rest"
+	"sigs.k8s.io/apiserver-runtime/pkg/builder/resource"
+)
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:subresource:log
+
+// +genclient
+// +genclient:nonNamespaced
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// TunnelEndpoint represents a tunnel endpoint.
+// It is created whenever an agent connects to a relay.
+type TunnelEndpoint struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   TunnelEndpointSpec   `json:"spec,omitempty"`
+	Status TunnelEndpointStatus `json:"status,omitempty"`
+}
+
+type TunnelEndpointSpec struct {
+	// Reference to the TunnelAgent this endpoint belongs to.
+	TunnelAgentRef TunnelAgentRef `json:"tunnelAgentRef"`
+	// Public address/port of the endpoint.
+	Address string `json:"address,omitempty"`
+	// VNI is the GENEVE network identifier for this endpoint.
+	VNI int `json:"vni,omitempty"`
+	// TODO: the address of the relay this endpoint is connected to?
+}
+
+type TunnelEndpointStatus struct {
+	// TODO: stats?
+}
+
+var _ resource.StatusSubResource = &TunnelEndpointStatus{}
+
+func (ps *TunnelEndpointStatus) SubResourceName() string {
+	return "status"
+}
+
+func (ps *TunnelEndpointStatus) CopyTo(parent resource.ObjectWithStatusSubResource) {
+	parent.(*TunnelEndpoint).Status = *ps
+}
+
+var (
+	_ runtime.Object                       = &TunnelEndpoint{}
+	_ resource.Object                      = &TunnelEndpoint{}
+	_ resource.ObjectWithStatusSubResource = &TunnelEndpoint{}
+	_ rest.SingularNameProvider            = &TunnelEndpoint{}
+)
+
+func (p *TunnelEndpoint) GetObjectMeta() *metav1.ObjectMeta {
+	return &p.ObjectMeta
+}
+
+func (p *TunnelEndpoint) NamespaceScoped() bool {
+	return false
+}
+
+func (p *TunnelEndpoint) New() runtime.Object {
+	return &TunnelEndpoint{}
+}
+
+func (p *TunnelEndpoint) NewList() runtime.Object {
+	return &TunnelEndpointList{}
+}
+
+func (p *TunnelEndpoint) GetGroupVersionResource() schema.GroupVersionResource {
+	return schema.GroupVersionResource{
+		Group:    SchemeGroupVersion.Group,
+		Version:  SchemeGroupVersion.Version,
+		Resource: "TunnelEndpoints",
+	}
+}
+
+func (p *TunnelEndpoint) IsStorageVersion() bool {
+	return true
+}
+
+func (p *TunnelEndpoint) GetSingularName() string {
+	return "TunnelEndpoint"
+}
+
+func (p *TunnelEndpoint) GetStatus() resource.StatusSubResource {
+	return &p.Status
+}
+
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// TunnelEndpointList contains a list of TunnelEndpoint objects.
+type TunnelEndpointList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []TunnelEndpoint `json:"items"`
+}
+
+var _ resource.ObjectList = &TunnelEndpointList{}
+
+func (pl *TunnelEndpointList) GetListMeta() *metav1.ListMeta {
+	return &pl.ListMeta
+}

api/core/v1alpha2/tunnel_types.go

@@ -0,0 +1,124 @@
+package v1alpha2
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/apiserver/pkg/registry/rest"
+	"sigs.k8s.io/apiserver-runtime/pkg/builder/resource"
+)
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:subresource:log
+
+// +genclient
+// +genclient:nonNamespaced
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// Tunnel represents a tunnel network.
+type Tunnel struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   TunnelSpec   `json:"spec,omitempty"`
+	Status TunnelStatus `json:"status,omitempty"`
+}
+
+type EgressGatewaySpec struct {
+	// Whether the egress gateway is enabled. Default is false.
+	// When enabled, the egress gateway will be used to route traffic from the
+	// tunnel agent to the internet. Traffic will be SNAT'ed.
+	// +optional
+	Enabled bool `json:"enabled,omitempty"`
+}
+
+type TunnelSpec struct {
+	// Configures egress gateway mode on the tunnel. In this mode, the tunnel
+	// relay acts as a gateway for outbound connections originating from the
+	// agent side in addition to its default mode (where the connections arrive
+	// in the direction of the agent).
+	// +optional
+	EgressGateway *EgressGatewaySpec `json:"egressGateway,omitempty"`
+}
+
+type TunnelStatus struct {
+	// A list of public address/ports of the relay instances for this network.
+	Addresses []string `json:"addresses,omitempty"`
+}
+
+var _ resource.StatusSubResource = &TunnelStatus{}
+
+func (ps *TunnelStatus) SubResourceName() string {
+	return "status"
+}
+
+func (ps *TunnelStatus) CopyTo(parent resource.ObjectWithStatusSubResource) {
+	parent.(*Tunnel).Status = *ps
+}
+
+var (
+	_ runtime.Object                       = &Tunnel{}
+	_ resource.Object                      = &Tunnel{}
+	_ resource.ObjectWithStatusSubResource = &Tunnel{}
+	_ rest.SingularNameProvider            = &Tunnel{}
+)
+
+func (p *Tunnel) GetObjectMeta() *metav1.ObjectMeta {
+	return &p.ObjectMeta
+}
+
+func (p *Tunnel) NamespaceScoped() bool {
+	return false
+}
+
+func (p *Tunnel) New() runtime.Object {
+	return &Tunnel{}
+}
+
+func (p *Tunnel) NewList() runtime.Object {
+	return &TunnelList{}
+}
+
+func (p *Tunnel) GetGroupVersionResource() schema.GroupVersionResource {
+	return schema.GroupVersionResource{
+		Group:    SchemeGroupVersion.Group,
+		Version:  SchemeGroupVersion.Version,
+		Resource: "Tunnels",
+	}
+}
+
+func (p *Tunnel) IsStorageVersion() bool {
+	return true
+}
+
+func (p *Tunnel) GetSingularName() string {
+	return "Tunnel"
+}
+
+func (p *Tunnel) GetStatus() resource.StatusSubResource {
+	return &p.Status
+}
+
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// TunnelList contains a list of Tunnel objects.
+type TunnelList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []Tunnel `json:"items"`
+}
+
+var _ resource.ObjectList = &TunnelList{}
+
+func (pl *TunnelList) GetListMeta() *metav1.ListMeta {
+	return &pl.ListMeta
+}
+
+// TunnelRef is a reference to a Tunnel.
+type TunnelRef struct {
+	// Name of the Tunnel. Required.
+	// +kubebuilder:validation:MinLength=1
+	Name string `json:"name"`
+}