Actual mesh resource

.circleci/config.yml

@@ -6,8 +6,8 @@ executors:
       - image: docker.mirror.hashicorp.services/circleci/golang:1.14
     environment:
       TEST_RESULTS: /tmp/test-results # path to where test results are saved
-      CONSUL_VERSION: 1.10.0-beta1 # Consul's OSS version to use in tests
-      CONSUL_ENT_VERSION: 1.10.0+ent-beta1 # Consul's enterprise version to use in tests
+      CONSUL_VERSION: 1.10.0-beta2 # Consul's OSS version to use in tests
+      CONSUL_ENT_VERSION: 1.10.0+ent-beta2 # Consul's enterprise version to use in tests
 
 jobs:
   go-fmt-and-vet:

CHANGELOG.md

@@ -10,6 +10,7 @@ IMPROVEMENTS:
   using this CRD but via annotations. [[GH-502](https://github.com/hashicorp/consul-k8s/pull/502)], [[GH-485](https://github.com/hashicorp/consul-k8s/pull/485)]
 * CRDs: Update ProxyDefaults with Mode and TransparentProxy fields. Note: Mode and TransparentProxy should not be set
   using the CRD but via annotations. [[GH-505](https://github.com/hashicorp/consul-k8s/pull/505)], [[GH-485](https://github.com/hashicorp/consul-k8s/pull/485)]
+* CRDs: Add CRD for MeshConfigEntry. Supported in Consul 1.10+ [[GH-513](https://github.com/hashicorp/consul-k8s/pull/513)]
 * Connect: No longer set multiple tagged addresses in Consul when k8s service has multiple ports and Transparent Proxy is enabled.
   [[GH-511](https://github.com/hashicorp/consul-k8s/pull/511)]
 * Connect: Allow exclusion of inbound ports, outbound ports and CIDRs, and additional user IDs when

api/common/common.go

@@ -12,6 +12,7 @@ const (
 	TerminatingGateway string = "terminatinggateway"
 
 	Global                 string = "global"
+	Mesh                   string = "mesh"
 	DefaultConsulNamespace string = "default"
 	WildcardNamespace      string = "*"
 

api/v1alpha1/mesh_types.go

@@ -0,0 +1,163 @@
+package v1alpha1
+
+import (
+	"github.com/google/go-cmp/cmp"
+	"github.com/google/go-cmp/cmp/cmpopts"
+	"github.com/hashicorp/consul-k8s/api/common"
+	capi "github.com/hashicorp/consul/api"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+const (
+	MeshKubeKind = "mesh"
+)
+
+func init() {
+	SchemeBuilder.Register(&Mesh{}, &MeshList{})
+}
+
+//+kubebuilder:object:root=true
+//+kubebuilder:subresource:status
+
+// Mesh is the Schema for the mesh API
+// +kubebuilder:printcolumn:name="Synced",type="string",JSONPath=".status.conditions[?(@.type==\"Synced\")].status",description="The sync status of the resource with Consul"
+// +kubebuilder:printcolumn:name="Last Synced",type="date",JSONPath=".status.lastSyncedTime",description="The last successful synced time of the resource with Consul"
+// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="The age of the resource"
+type Mesh struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   MeshSpec `json:"spec,omitempty"`
+	Status `json:"status,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+
+// MeshList contains a list of Mesh
+type MeshList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []Mesh `json:"items"`
+}
+
+// MeshSpec defines the desired state of Mesh
+type MeshSpec struct {
+	TransparentProxy TransparentProxyMeshConfig `json:"transparentProxy,omitempty"`
+}
+
+// TransparentProxyMeshConfig controls configuration specific to proxies in "transparent" mode. Added in v1.10.0.
+type TransparentProxyMeshConfig struct {
+	// CatalogDestinationsOnly determines whether sidecar proxies operating in "transparent" mode can proxy traffic
+	// to IP addresses not registered in Consul's catalog. If enabled, traffic will only be proxied to upstreams
+	// with service registrations in the catalog.
+	CatalogDestinationsOnly bool `json:"catalogDestinationsOnly,omitempty"`
+}
+
+func (in *TransparentProxyMeshConfig) toConsul() capi.TransparentProxyMeshConfig {
+	return capi.TransparentProxyMeshConfig{CatalogDestinationsOnly: in.CatalogDestinationsOnly}
+}
+
+func (in *Mesh) GetObjectMeta() metav1.ObjectMeta {
+	return in.ObjectMeta
+}
+
+func (in *Mesh) AddFinalizer(name string) {
+	in.ObjectMeta.Finalizers = append(in.Finalizers(), name)
+}
+
+func (in *Mesh) RemoveFinalizer(name string) {
+	var newFinalizers []string
+	for _, oldF := range in.Finalizers() {
+		if oldF != name {
+			newFinalizers = append(newFinalizers, oldF)
+		}
+	}
+	in.ObjectMeta.Finalizers = newFinalizers
+
+}
+
+func (in *Mesh) Finalizers() []string {
+	return in.ObjectMeta.Finalizers
+}
+
+func (in *Mesh) ConsulKind() string {
+	return capi.MeshConfig
+}
+
+func (in *Mesh) ConsulMirroringNS() string {
+	return common.DefaultConsulNamespace
+}
+
+func (in *Mesh) KubeKind() string {
+	return MeshKubeKind
+}
+
+func (in *Mesh) SyncedCondition() (status corev1.ConditionStatus, reason, message string) {
+	cond := in.Status.GetCondition(ConditionSynced)
+	if cond == nil {
+		return corev1.ConditionUnknown, "", ""
+	}
+	return cond.Status, cond.Reason, cond.Message
+}
+
+func (in *Mesh) SyncedConditionStatus() corev1.ConditionStatus {
+	cond := in.Status.GetCondition(ConditionSynced)
+	if cond == nil {
+		return corev1.ConditionUnknown
+	}
+	return cond.Status
+}
+
+func (in *Mesh) ConsulName() string {
+	return in.ObjectMeta.Name
+}
+
+func (in *Mesh) ConsulGlobalResource() bool {
+	return true
+}
+
+func (in *Mesh) KubernetesName() string {
+	return in.ObjectMeta.Name
+}
+
+func (in *Mesh) SetSyncedCondition(status corev1.ConditionStatus, reason string, message string) {
+	in.Status.Conditions = Conditions{
+		{
+			Type:               ConditionSynced,
+			Status:             status,
+			LastTransitionTime: metav1.Now(),
+			Reason:             reason,
+			Message:            message,
+		},
+	}
+}
+
+func (in *Mesh) SetLastSyncedTime(time *metav1.Time) {
+	in.Status.LastSyncedTime = time
+}
+
+func (in *Mesh) ToConsul(datacenter string) capi.ConfigEntry {
+	return &capi.MeshConfigEntry{
+		TransparentProxy: in.Spec.TransparentProxy.toConsul(),
+		Meta:             meta(datacenter),
+	}
+}
+
+func (in *Mesh) MatchesConsul(candidate capi.ConfigEntry) bool {
+	configEntry, ok := candidate.(*capi.MeshConfigEntry)
+	if !ok {
+		return false
+	}
+	// No datacenter is passed to ToConsul as we ignore the Meta field when checking for equality.
+	return cmp.Equal(in.ToConsul(""), configEntry, cmpopts.IgnoreFields(capi.MeshConfigEntry{}, "Namespace", "Meta", "ModifyIndex", "CreateIndex"), cmpopts.IgnoreUnexported(), cmpopts.EquateEmpty())
+}
+
+func (in *Mesh) Validate(_ bool) error {
+	return nil
+}
+
+// DefaultNamespaceFields has no behaviour here as meshes have no namespace specific fields.
+func (in *Mesh) DefaultNamespaceFields(_ bool, _ string, _ bool, _ string) {
+	return
+}