1 package bannerctl
2
3 import (
4 "context"
5 "encoding/json"
6 "fmt"
7 "reflect"
8 "strings"
9 "time"
10
11 computeAPI "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/clients/generated/apis/compute/v1beta1"
12 "github.com/emissary-ingress/emissary/v3/pkg/api/getambassador.io/v3alpha1"
13 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
14 ctrl "sigs.k8s.io/controller-runtime"
15 "sigs.k8s.io/controller-runtime/pkg/client"
16
17 "edge-infra.dev/pkg/sds/ingress/emissary"
18
19 "edge-infra.dev/pkg/edge/api/graph/mapper"
20 bannerAPI "edge-infra.dev/pkg/edge/apis/banner/v1alpha1"
21 edgeconstants "edge-infra.dev/pkg/edge/constants"
22 bannerconstants "edge-infra.dev/pkg/edge/constants/api/banner"
23 raconstants "edge-infra.dev/pkg/sds/remoteaccess/constants"
24
25 "edge-infra.dev/pkg/edge/constants/api/fleet"
26 "edge-infra.dev/pkg/f8n/gcp/k8s/controllers/dennis"
27 "edge-infra.dev/pkg/k8s/konfigkonnector/apis/meta"
28 )
29
30 func (r *BannerReconciler) createRemoteAccessComputeAddress(ctx context.Context, b *bannerAPI.Banner) client.Object {
31 log := ctrl.LoggerFrom(ctx).WithName("createRemoteAccessComputeAddress")
32
33 var managedZone string
34 if strings.Contains(r.Domain, "ncr.com") {
35 managedZone = "edge-prod-dns-zone"
36 } else if strings.Contains(r.Domain, "edge-preprod.dev") {
37 managedZone = "edge-preprod-dns-zone"
38 }
39 dnsName := fmt.Sprintf("%s.%s.", b.Name, r.Domain)
40 records := []dennis.RecordConfig{
41 {
42 Name: dnsName,
43 ManagedZone: managedZone,
44 DNSProjectID: r.PlatInfraProjectID,
45 External: "true",
46 },
47 }
48 recordsBytes, err := json.Marshal(records)
49 if err != nil {
50 log.Error(err, "failed to marshall DNS RecordConfigs for remote access ComputeAddress",
51 "domain", r.Domain,
52 "dnsName", dnsName,
53 "managedZone", managedZone,
54 "dnsProject", r.PlatInfraProjectID,
55 )
56 }
57 return &computeAPI.ComputeAddress{
58 ObjectMeta: metav1.ObjectMeta{
59 Name: fmt.Sprintf("%s-%s", bannerconstants.RemoteAccessIPName, b.Name),
60 Namespace: b.Name,
61 Annotations: map[string]string{
62 raconstants.CNRMGoogleProjectIDAnnotation: mapper.ConvertK8sName(b.Status.ClusterInfraClusterProjectID),
63 edgeconstants.Tenant: mapper.ConvertK8sName(b.Status.ClusterInfraClusterProjectID),
64 edgeconstants.Fleet: fleet.Cluster,
65 edgeconstants.Banner: b.Spec.DisplayName,
66 edgeconstants.Organization: b.Spec.BSL.Organization.Name,
67 meta.DeletionPolicyAnnotation: meta.DeletionPolicyAbandon,
68 dennis.RecordConfigsAnnotation: string(recordsBytes),
69 },
70 OwnerReferences: r.ownerRef(b),
71 },
72 TypeMeta: gvkToTypeMeta(computeAPI.ComputeAddressGVK),
73 Spec: computeAPI.ComputeAddressSpec{
74 Location: "global",
75 },
76 }
77 }
78
79 func (r *BannerReconciler) createForemanProxyMapping(b *bannerAPI.Banner) client.Object {
80 regexTrue := true
81 skipAuth := true
82 bannerEndpoint := fmt.Sprintf("%s.%s", b.Name, r.Domain)
83 return &v3alpha1.Mapping{
84 TypeMeta: metav1.TypeMeta{
85 Kind: reflect.TypeOf(v3alpha1.Mapping{}).Name(),
86 APIVersion: v3alpha1.SchemeBuilder.GroupVersion.Group + "/" + v3alpha1.SchemeBuilder.GroupVersion.Version,
87 },
88 ObjectMeta: metav1.ObjectMeta{
89 Name: fmt.Sprintf("banner-proxy-%s", b.Name),
90 Namespace: emissary.EdgeIngressNS,
91 },
92 Spec: v3alpha1.MappingSpec{
93 Hostname: r.Domain,
94 Prefix: fmt.Sprintf("/%s/.*", b.Name),
95 PrefixRegex: ®exTrue,
96 Service: fmt.Sprintf("https://%s", bannerEndpoint),
97 HostRewrite: bannerEndpoint,
98 RegexRewrite: &v3alpha1.RegexMap{
99 Pattern: fmt.Sprintf("/%s/(.*)", b.Name),
100 Substitution: "/\\1",
101 },
102 AllowUpgrade: []string{"websocket"},
103 Timeout: &v3alpha1.MillisecondDuration{Duration: time.Millisecond * 60000},
104 ConnectTimeout: &v3alpha1.MillisecondDuration{Duration: time.Millisecond * 60000},
105 BypassAuth: &skipAuth,
106 },
107 }
108 }
109
View as plain text