foreigncluster fields refactoring

apis/config/v1alpha1/clusterconfig_types.go

@@ -142,8 +142,7 @@ type DiscoveryConfig struct {
 	EnableDiscovery     bool `json:"enableDiscovery"`
 	EnableAdvertisement bool `json:"enableAdvertisement"`
 
-	AutoJoin          bool `json:"autojoin"`
-	AutoJoinUntrusted bool `json:"autojoinUntrusted"`
+	AutoJoin bool `json:"autojoin"`
 
 	AuthServiceAddress string `json:"authServiceAddress,omitempty"`
 	AuthServicePort    string `json:"authServicePort,omitempty"`

apis/discovery/v1alpha1/foreigncluster_types.go

@@ -21,7 +21,6 @@ import (
 	"k8s.io/client-go/kubernetes/scheme"
 
 	crdclient "github.com/liqotech/liqo/pkg/crdClient"
-	"github.com/liqotech/liqo/pkg/discovery"
 )
 
 // EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
@@ -50,28 +49,43 @@ const (
 	PeeringConditionStatusEmptyDenied PeeringConditionStatusType = "EmptyDenied"
 )
 
+// PeeringEnabledType indicates the desired state for the peering with this remote cluster.
+type PeeringEnabledType string
+
+const (
+	// PeeringEnabledAuto indicates to use the default settings for the discovery method.
+	// This is useful to track that the user did not set the peering state for that cluster,
+	// if the peering is Auto liqo will use the default for that discovery method:
+	// manual -> No
+	// incomingPeering -> No
+	// LAN -> Yes
+	// WAN -> looks at the SearchDomain Spec.
+	PeeringEnabledAuto PeeringEnabledType = "Auto"
+	// PeeringEnabledNo indicates to disable the peering with this remote cluster.
+	PeeringEnabledNo PeeringEnabledType = "No"
+	// PeeringEnabledYes indicates to enable the peering with this remote cluster.
+	PeeringEnabledYes PeeringEnabledType = "Yes"
+)
+
 // ForeignClusterSpec defines the desired state of ForeignCluster.
 type ForeignClusterSpec struct {
 	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
 	// Important: Run "make" to regenerate code after modifying this file
 
 	// Foreign Cluster Identity.
 	ClusterIdentity ClusterIdentity `json:"clusterIdentity,omitempty"`
-	// Namespace where Liqo is deployed. (Deprecated)
-	Namespace string `json:"namespace,omitempty"`
-	// Enable join process to foreign cluster.
-	// +kubebuilder:default=false
-	Join bool `json:"join,omitempty"`
-	// +kubebuilder:validation:Enum="LAN";"WAN";"Manual";"IncomingPeering"
-	// +kubebuilder:default="Manual"
-	// How this ForeignCluster has been discovered.
-	DiscoveryType discovery.Type `json:"discoveryType,omitempty"`
+	// Enable the peering process to the remote cluster.
+	// +kubebuilder:validation:Enum="Auto";"No";"Yes"
+	// +kubebuilder:default="Auto"
+	// +kubebuilder:validation:Optional
+	OutgoingPeeringEnabled PeeringEnabledType `json:"outgoingPeeringEnabled"`
 	// URL where to contact foreign Auth service.
-	AuthURL string `json:"authUrl"`
-	// +kubebuilder:validation:Enum="Unknown";"Trusted";"Untrusted"
-	// +kubebuilder:default="Unknown"
-	// Indicates if this remote cluster is trusted or not.
-	TrustMode discovery.TrustMode `json:"trustMode,omitempty"`
+	// +kubebuilder:validation:Pattern=`https:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)`
+	ForeignAuthURL string `json:"foreignAuthUrl"`
+	// Indicates if the local cluster has to skip the tls verification over the remote Authentication Service or not.
+	// +kubebuilder:default=true
+	// +kubebuilder:validation:Optional
+	InsecureSkipTLSVerify *bool `json:"insecureSkipTLSVerify"`
 	// If discoveryType is LAN or WAN and this indicates the number of seconds after that
 	// this ForeignCluster will be removed if no updates have been received.
 	// +kubebuilder:validation:Minimum=0

apis/discovery/v1alpha1/groupversion_info.go

@@ -43,4 +43,7 @@ var (
 
 	// ForeignClusterGroupResource is the group resource used to register ForeignCluster CRD.
 	ForeignClusterGroupResource = schema.GroupResource{Group: GroupVersion.Group, Resource: "foreignclusters"}
+
+	// SearchDomainGroupResource is the group resource used to register SearchDomain CRD.
+	SearchDomainGroupResource = schema.GroupResource{Group: GroupVersion.Group, Resource: "searchdomains"}
 )

deployments/liqo/README.md

@@ -34,8 +34,7 @@
 | crdReplicator.imageName | string | `"liqo/crd-replicator"` | crdReplicator image repository |
 | crdReplicator.pod.annotations | object | `{}` | crdReplicator pod annotations |
 | crdReplicator.pod.labels | object | `{}` | crdReplicator pod labels |
-| discovery.config.autojoin | bool | `true` | Automatically join discovered cluster exposing the Authentication Service with a valid certificate |
-| discovery.config.autojoinUntrusted | bool | `true` | Automatically join discovered cluster exposing the Authentication Service with a self-signed certificate |
+| discovery.config.autojoin | bool | `true` | Automatically join discovered clusters |
 | discovery.config.clusterLabels | object | `{}` | A set of labels which characterizes the local cluster when exposed remotely as a virtual node. It is suggested to specify the distinguishing characteristics that may be used to decide whether to offload pods on this cluster. |
 | discovery.config.clusterName | string | `""` | Set a mnemonic name for your cluster |
 | discovery.config.enableAdvertisement | bool | `true` | Enable the mDNS advertisement on LANs, set to false to not be discoverable from other clusters in the same LAN |

deployments/liqo/crds/config.liqo.io_clusterconfigs.yaml

@@ -100,8 +100,6 @@ spec:
                     type: string
                   autojoin:
                     type: boolean
-                  autojoinUntrusted:
-                    type: boolean
                   clusterLabels:
                     additionalProperties:
                       type: string
@@ -132,7 +130,6 @@ spec:
                     type: integer
                 required:
                 - autojoin
-                - autojoinUntrusted
                 - domain
                 - enableAdvertisement
                 - enableDiscovery

deployments/liqo/crds/discovery.liqo.io_foreignclusters.yaml

@@ -52,9 +52,6 @@ spec:
           spec:
             description: ForeignClusterSpec defines the desired state of ForeignCluster.
             properties:
-              authUrl:
-                description: URL where to contact foreign Auth service.
-                type: string
               clusterIdentity:
                 description: Foreign Cluster Identity.
                 properties:
@@ -68,29 +65,22 @@ spec:
                 required:
                 - clusterID
                 type: object
-              discoveryType:
-                default: Manual
-                description: How this ForeignCluster has been discovered.
-                enum:
-                - LAN
-                - WAN
-                - Manual
-                - IncomingPeering
+              foreignAuthUrl:
+                description: URL where to contact foreign Auth service.
+                pattern: https:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)
                 type: string
-              join:
-                default: false
-                description: Enable join process to foreign cluster.
+              insecureSkipTLSVerify:
+                default: true
+                description: Indicates if the local cluster has to skip the tls verification
+                  over the remote Authentication Service or not.
                 type: boolean
-              namespace:
-                description: Namespace where Liqo is deployed. (Deprecated)
-                type: string
-              trustMode:
-                default: Unknown
-                description: Indicates if this remote cluster is trusted or not.
+              outgoingPeeringEnabled:
+                default: Auto
+                description: Enable the peering process to the remote cluster.
                 enum:
-                - Unknown
-                - Trusted
-                - Untrusted
+                - Auto
+                - "No"
+                - "Yes"
                 type: string
               ttl:
                 description: If discoveryType is LAN or WAN and this indicates the
@@ -99,7 +89,7 @@ spec:
                 minimum: 0
                 type: integer
             required:
-            - authUrl
+            - foreignAuthUrl
             type: object
           status:
             description: ForeignClusterStatus defines the observed state of ForeignCluster.

deployments/liqo/values.yaml

@@ -100,10 +100,8 @@ discovery:
      # topology.kubernetes.io/zone: us-east-1
      # liqo.io/provider: your-provider
 
-    # -- Automatically join discovered cluster exposing the Authentication Service with a valid certificate
+    # -- Automatically join discovered clusters
     autojoin: true
-    # -- Automatically join discovered cluster exposing the Authentication Service with a self-signed certificate
-    autojoinUntrusted: true
     # -- Enable the mDNS advertisement on LANs, set to false to not be discoverable from other clusters in the same LAN
     enableAdvertisement: true
     # -- Enable the mDNS discovery on LANs, set to false to not look for other clusters available in the same LAN

internal/auth-service/idsHttpHandler.go

@@ -35,8 +35,7 @@ func (authService *Controller) ids(w http.ResponseWriter, r *http.Request, ps ht
 func (authService *Controller) getIdsResponse() *auth.ClusterInfo {
 	conf := authService.getDiscoveryConfig()
 	return &auth.ClusterInfo{
-		ClusterID:      authService.localClusterID.GetClusterID(),
-		ClusterName:    conf.ClusterName,
-		GuestNamespace: auth.LiqoGuestNamespace,
+		ClusterID:   authService.localClusterID.GetClusterID(),
+		ClusterName: conf.ClusterName,
 	}
 }

internal/discovery/discovery-config.go

@@ -189,10 +189,6 @@ func (discovery *Controller) handleConfiguration(config *configv1alpha1.Discover
 			discovery.Config.AutoJoin = config.AutoJoin
 			reloadClient = true
 		}
-		if discovery.Config.AutoJoinUntrusted != config.AutoJoinUntrusted {
-			discovery.Config.AutoJoinUntrusted = config.AutoJoinUntrusted
-			reloadClient = true
-		}
 		if discovery.Config.EnableDiscovery != config.EnableDiscovery {
 			discovery.Config.EnableDiscovery = config.EnableDiscovery
 			reloadClient = true