package bannerctl import ( "context" "encoding/json" "fmt" "reflect" "strings" "time" computeAPI "github.com/GoogleCloudPlatform/k8s-config-connector/pkg/clients/generated/apis/compute/v1beta1" "github.com/emissary-ingress/emissary/v3/pkg/api/getambassador.io/v3alpha1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" "edge-infra.dev/pkg/sds/ingress/emissary" "edge-infra.dev/pkg/edge/api/graph/mapper" bannerAPI "edge-infra.dev/pkg/edge/apis/banner/v1alpha1" edgeconstants "edge-infra.dev/pkg/edge/constants" bannerconstants "edge-infra.dev/pkg/edge/constants/api/banner" raconstants "edge-infra.dev/pkg/sds/remoteaccess/constants" "edge-infra.dev/pkg/edge/constants/api/fleet" "edge-infra.dev/pkg/f8n/gcp/k8s/controllers/dennis" "edge-infra.dev/pkg/k8s/konfigkonnector/apis/meta" ) func (r *BannerReconciler) createRemoteAccessComputeAddress(ctx context.Context, b *bannerAPI.Banner) client.Object { log := ctrl.LoggerFrom(ctx).WithName("createRemoteAccessComputeAddress") var managedZone string if strings.Contains(r.Domain, "ncr.com") { managedZone = "edge-prod-dns-zone" } else if strings.Contains(r.Domain, "edge-preprod.dev") { managedZone = "edge-preprod-dns-zone" } dnsName := fmt.Sprintf("%s.%s.", b.Name, r.Domain) records := []dennis.RecordConfig{ { Name: dnsName, ManagedZone: managedZone, DNSProjectID: r.PlatInfraProjectID, External: "true", }, } recordsBytes, err := json.Marshal(records) if err != nil { log.Error(err, "failed to marshall DNS RecordConfigs for remote access ComputeAddress", "domain", r.Domain, "dnsName", dnsName, "managedZone", managedZone, "dnsProject", r.PlatInfraProjectID, ) } return &computeAPI.ComputeAddress{ ObjectMeta: metav1.ObjectMeta{ Name: fmt.Sprintf("%s-%s", bannerconstants.RemoteAccessIPName, b.Name), Namespace: b.Name, Annotations: map[string]string{ raconstants.CNRMGoogleProjectIDAnnotation: mapper.ConvertK8sName(b.Status.ClusterInfraClusterProjectID), edgeconstants.Tenant: mapper.ConvertK8sName(b.Status.ClusterInfraClusterProjectID), edgeconstants.Fleet: fleet.Cluster, edgeconstants.Banner: b.Spec.DisplayName, edgeconstants.Organization: b.Spec.BSL.Organization.Name, meta.DeletionPolicyAnnotation: meta.DeletionPolicyAbandon, dennis.RecordConfigsAnnotation: string(recordsBytes), }, OwnerReferences: r.ownerRef(b), }, TypeMeta: gvkToTypeMeta(computeAPI.ComputeAddressGVK), Spec: computeAPI.ComputeAddressSpec{ Location: "global", }, } } func (r *BannerReconciler) createForemanProxyMapping(b *bannerAPI.Banner) client.Object { regexTrue := true skipAuth := true bannerEndpoint := fmt.Sprintf("%s.%s", b.Name, r.Domain) return &v3alpha1.Mapping{ TypeMeta: metav1.TypeMeta{ Kind: reflect.TypeOf(v3alpha1.Mapping{}).Name(), APIVersion: v3alpha1.SchemeBuilder.GroupVersion.Group + "/" + v3alpha1.SchemeBuilder.GroupVersion.Version, }, ObjectMeta: metav1.ObjectMeta{ Name: fmt.Sprintf("banner-proxy-%s", b.Name), Namespace: emissary.EdgeIngressNS, }, Spec: v3alpha1.MappingSpec{ Hostname: r.Domain, Prefix: fmt.Sprintf("/%s/.*", b.Name), PrefixRegex: ®exTrue, Service: fmt.Sprintf("https://%s", bannerEndpoint), HostRewrite: bannerEndpoint, RegexRewrite: &v3alpha1.RegexMap{ Pattern: fmt.Sprintf("/%s/(.*)", b.Name), Substitution: "/\\1", }, AllowUpgrade: []string{"websocket"}, Timeout: &v3alpha1.MillisecondDuration{Duration: time.Millisecond * 60000}, ConnectTimeout: &v3alpha1.MillisecondDuration{Duration: time.Millisecond * 60000}, BypassAuth: &skipAuth, }, } }