update PE to support a new ns scoped pods field and status conditions

api/v1alpha1/policyendpoint_types.go

@@ -17,6 +17,7 @@ limitations under the License.
 package v1alpha1
 
 import (
+	"github.com/awslabs/operatorpkg/status"
 	corev1 "k8s.io/api/core/v1"
 	networking "k8s.io/api/networking/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -93,14 +94,28 @@ type PolicyEndpointSpec struct {
 
 	// Egress is the list of egress rules containing resolved network addresses
 	Egress []EndpointInfo `json:"egress,omitempty"`
+
+	// AllPodsInNameSpace is the boolean value indicating should all pods in the policy namespace be selected
+	// +optional
+	AllPodsInNamespace bool `json:"allPodsInNamespace,omitempty"`
 }
 
 // PolicyEndpointStatus defines the observed state of PolicyEndpoint
 type PolicyEndpointStatus struct {
 	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
 	// Important: Run "make" to regenerate code after modifying this file
+
+	// +optional
+	Conditions []status.Condition `json:"conditions,omitempty"`
 }
 
+type PolicyEndpointConditionType string
+
+const (
+	Packed  PolicyEndpointConditionType = "PackedPolicyEndpoint"
+	Updated PolicyEndpointConditionType = "PatchedPolicyEndpoint"
+)
+
 //+kubebuilder:object:root=true
 //+kubebuilder:subresource:status
 
@@ -125,3 +140,15 @@ type PolicyEndpointList struct {
 func init() {
 	SchemeBuilder.Register(&PolicyEndpoint{}, &PolicyEndpointList{})
 }
+
+func (s *PolicyEndpoint) GetConditions() []status.Condition {
+	return []status.Condition(s.Status.Conditions)
+}
+
+func (s *PolicyEndpoint) SetConditions(conds []status.Condition) {
+	s.Status.Conditions = conds
+}
+
+func (s *PolicyEndpoint) StatusConditions() status.ConditionSet {
+	return status.NewReadyConditions().For(s)
+}

cmd/main.go

@@ -116,7 +116,7 @@ func main() {
 		os.Exit(1)
 	}
 
-	policyEndpointsManager := policyendpoints.NewPolicyEndpointsManager(mgr.GetClient(),
+	policyEndpointsManager := policyendpoints.NewPolicyEndpointsManager(ctx, mgr.GetClient(),
 		controllerCFG.EndpointChunkSize, ctrl.Log.WithName("endpoints-manager"))
 	finalizerManager := k8s.NewDefaultFinalizerManager(mgr.GetClient(), ctrl.Log.WithName("finalizer-manager"))
 	policyController := controllers.NewPolicyReconciler(mgr.GetClient(), policyEndpointsManager,

config/crd/bases/networking.k8s.aws_policyendpoints.yaml

@@ -35,6 +35,10 @@ spec:
           spec:
             description: PolicyEndpointSpec defines the desired state of PolicyEndpoint
             properties:
+              allPodsInNamespace:
+                description: AllPodsInNameSpace is the boolean value indicating should
+                  all pods in the policy namespace be selected
+                type: boolean
               egress:
                 description: Egress is the list of egress rules containing resolved
                   network addresses
@@ -225,6 +229,68 @@ spec:
             type: object
           status:
             description: PolicyEndpointStatus defines the observed state of PolicyEndpoint
+            properties:
+              conditions:
+                items:
+                  description: Condition aliases the upstream type and adds additional
+                    helper methods
+                  properties:
+                    lastTransitionTime:
+                      description: lastTransitionTime is the last time the condition
+                        transitioned from one status to another. This should be when
+                        the underlying condition changed.  If that is not known, then
+                        using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: message is a human readable message indicating
+                        details about the transition. This may be an empty string.
+                      maxLength: 32768
+                      type: string
+                    observedGeneration:
+                      description: observedGeneration represents the .metadata.generation
+                        that the condition was set based upon. For instance, if .metadata.generation
+                        is currently 12, but the .status.conditions[x].observedGeneration
+                        is 9, the condition is out of date with respect to the current
+                        state of the instance.
+                      format: int64
+                      minimum: 0
+                      type: integer
+                    reason:
+                      description: reason contains a programmatic identifier indicating
+                        the reason for the condition's last transition. Producers
+                        of specific condition types may define expected values and
+                        meanings for this field, and whether the values are considered
+                        a guaranteed API. The value should be a CamelCase string.
+                        This field may not be empty.
+                      maxLength: 1024
+                      minLength: 1
+                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      type: string
+                    status:
+                      description: status of the condition, one of True, False, Unknown.
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      description: type of condition in CamelCase or in foo.example.com/CamelCase.
+                        --- Many .condition.type values are consistent across resources
+                        like Available, but because arbitrary conditions can be useful
+                        (see .node.status.conditions), the ability to deconflict is
+                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      maxLength: 316
+                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - message
+                  - reason
+                  - status
+                  - type
+                  type: object
+                type: array
             type: object
         type: object
     served: true

go.mod

@@ -21,6 +21,7 @@ require (
 )
 
 require (
+	github.com/awslabs/operatorpkg v0.0.0-20231211224023-fce5f0fa8592
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect

go.sum

@@ -1,3 +1,5 @@
+github.com/awslabs/operatorpkg v0.0.0-20231211224023-fce5f0fa8592 h1:LSaLHzJ4IMZZLgVIx/2YIcvUCIAaE5OqLhjWzdwF060=
+github.com/awslabs/operatorpkg v0.0.0-20231211224023-fce5f0fa8592/go.mod h1:kqgbtyanB/ObfvsSUdGZOk1f3K807kvoibKoKX0wMK4=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=