feat: Implement a StaticService CRD

StaticService is a simple Service that wraps a static set of IP prefixes and can stand as a backend when we want to access to a set of known IP prefixes through STUNner. This is particularly useful when STUNner is used as a standalone public TURN server, where there is no Kubernetes service that would abstract the user base which is now outside the cluster.
l7mp · Jul 13, 2023 · 5aed163 · 5aed163
1 parent e770d05
commit 5aed163
Show file tree

Hide file tree

Showing 20 changed files with 1,314 additions and 71 deletions.
diff --git a/api/v1alpha1/staticservice_types.go b/api/v1alpha1/staticservice_types.go
@@ -0,0 +1,69 @@
+/*
+Copyright 2022 The l7mp/stunner team.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+//+kubebuilder:object:root=true
+// //+kubebuilder:subresource:status
+//+kubebuilder:resource:categories=stunner,shortName=ssvc
+
+// StaticService is a set of static IP address prefixes STUNner allows access to via a Route. The
+// purpose is to allow a Service-like CRD containing a set of static IP address prefixes to be set
+// as the backend of a UDPRoute (or TCPRoute).
+type StaticService struct {
+	metav1.TypeMeta `json:",inline"`
+	// +optional
+	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
+
+	// Spec defines the behavior of a service.
+	Spec StaticServiceSpec `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
+}
+
+// StaticServiceSpec describes the prefixes reachable via a StaticService.
+type StaticServiceSpec struct {
+	// The list of ports reachable via this service (currently omitted).
+	// +patchMergeKey=port
+	// +patchStrategy=merge
+	// +listType=map
+	// +listMapKey=port
+	// +listMapKey=protocol
+	// +optional
+	Ports []corev1.ServicePort `json:"ports,omitempty" patchStrategy:"merge" patchMergeKey:"port" protobuf:"bytes,1,rep,name=ports"`
+
+	// Prefixes is a list of IP address prefixes reachable via this route.
+	Prefixes []string `json:"prefixes"`
+}
+
+//+kubebuilder:object:root=true
+
+// StaticServiceList holds a list of static services.
+type StaticServiceList struct {
+	metav1.TypeMeta `json:",inline"`
+	// +optional
+	metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
+
+	// List of services.
+	Items []StaticService `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&StaticService{}, &StaticServiceList{})
+}
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml
@@ -3,6 +3,7 @@
 # It should be run by config/default
 resources:
 - bases/stunner.l7mp.io_gatewayconfigs.yaml
+- bases/stunner.l7mp.io_staticservices.yaml
 #+kubebuilder:scaffold:crdkustomizeresource
 
 patchesStrategicMerge:

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -79,6 +79,7 @@ rules:
   - stunner.l7mp.io
   resources:
   - gatewayconfigs
+  - staticservices
   verbs:
   - get
   - list
@@ -89,5 +90,6 @@ rules:
   - stunner.l7mp.io
   resources:
   - gatewayconfigs/finalizers
+  - staticservices/finalizers
   verbs:
   - update
diff --git a/internal/controllers/rbac.go b/internal/controllers/rbac.go
@@ -3,8 +3,8 @@ package controllers
 // RBAC for directly watched resources.
 // +kubebuilder:rbac:groups="gateway.networking.k8s.io",resources=gatewayclasses;gateways;udproutes,verbs=get;list;watch;update;patch
 // +kubebuilder:rbac:groups="gateway.networking.k8s.io",resources=gatewayclasses/status;gateways/status;udproutes/status,verbs=update;patch
-// +kubebuilder:rbac:groups="stunner.l7mp.io",resources=gatewayconfigs,verbs=get;list;watch;update;patch
-// +kubebuilder:rbac:groups="stunner.l7mp.io",resources=gatewayconfigs/finalizers,verbs=update
+// +kubebuilder:rbac:groups="stunner.l7mp.io",resources=gatewayconfigs;staticservices,verbs=get;list;watch;update;patch
+// +kubebuilder:rbac:groups="stunner.l7mp.io",resources=gatewayconfigs/finalizers;staticservices/finalizers,verbs=update
 
 // RBAC for references in watched resources.
 // +kubebuilder:rbac:groups=core,resources=services,verbs=get;list;watch;create;update;patch;delete