[Feature] [Networking] Endpoints Destination (#1726)

Author: ajanikow

CHANGELOG.md

@@ -31,6 +31,7 @@
 - (Feature) (Scheduler) Add Status Conditions
 - (Bugfix) Versioning Alignment
 - (Feature) (Scheduler) Merge Strategy
+- (Feature) (Networking) Endpoints Destination
 
 ## [1.2.42](https://github.com/arangodb/kube-arangodb/tree/1.2.42) (2024-07-23)
 - (Maintenance) Go 1.22.4 & Kubernetes 1.29.6 libraries

docs/api/ArangoRoute.V1Alpha1.md

@@ -18,27 +18,80 @@ Deployment specifies the ArangoDeployment object name
 
 ### .spec.destination.authentication.passMode
 
-Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/networking/v1alpha1/route_spec_destination_authentication.go#L28)</sup>
+Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/networking/v1alpha1/route_spec_destination_authentication.go#L32)</sup>
+
+PassMode define authorization details pass mode when authorization was successful
+
+Possible Values: 
+* `"override"` (default) - Generates new token for the user
+* `"pass"` - Pass token provided by the user
+* `"remove"` - Removes authorization details from the request
 
 ***
 
 ### .spec.destination.authentication.type
 
-Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/networking/v1alpha1/route_spec_destination_authentication.go#L29)</sup>
+Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/networking/v1alpha1/route_spec_destination_authentication.go#L37)</sup>
+
+Type of the authentication
+
+Possible Values: 
+* `"optional"` (default) - Authentication is header is validated and passed to the service. In case if is unauthorized, requests is still passed
+* `"required"` - Authentication is header is validated and passed to the service. In case if is unauthorized, returns 403
+
+***
+
+### .spec.destination.endpoints.checksum
+
+Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/shared/v1/object.go#L61)</sup>
+
+UID keeps the information about object Checksum
+
+***
+
+### .spec.destination.endpoints.name
+
+Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/shared/v1/object.go#L52)</sup>
+
+Name of the object
+
+***
+
+### .spec.destination.endpoints.namespace
+
+Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/shared/v1/object.go#L55)</sup>
+
+Namespace of the object. Should default to the namespace of the parent object
+
+***
+
+### .spec.destination.endpoints.port
+
+Type: `intstr.IntOrString` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/networking/v1alpha1/route_spec_destination_endpoint.go#L36)</sup>
+
+Port defines Port or Port Name used as destination
+
+***
+
+### .spec.destination.endpoints.uid
+
+Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/shared/v1/object.go#L58)</sup>
+
+UID keeps the information about object UID
 
 ***
 
 ### .spec.destination.path
 
-Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/networking/v1alpha1/route_spec_destination.go#L36)</sup>
+Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/networking/v1alpha1/route_spec_destination.go#L39)</sup>
 
 Path defines service path used for overrides
 
 ***
 
 ### .spec.destination.schema
 
-Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/networking/v1alpha1/route_spec_destination.go#L30)</sup>
+Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/networking/v1alpha1/route_spec_destination.go#L33)</sup>
 
 Schema defines HTTP/S schema used for connection
 
@@ -70,13 +123,10 @@ Namespace of the object. Should default to the namespace of the parent object
 
 ### .spec.destination.service.port
 
-Type: `intstr.IntOrString` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/networking/v1alpha1/route_spec_destination_service.go#L36)</sup>
+Type: `intstr.IntOrString` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/networking/v1alpha1/route_spec_destination_service.go#L35)</sup>
 
 Port defines Port or Port Name used as destination
 
-Links:
-* [Documentation](https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/)
-
 ***
 
 ### .spec.destination.service.uid
@@ -169,7 +219,7 @@ Type: `integer` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.
 
 ### .status.target.path
 
-Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/networking/v1alpha1/route_status_target.go#L40)</sup>
+Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/networking/v1alpha1/route_status_target.go#L43)</sup>
 
 Path specifies request path override
 
@@ -181,3 +231,11 @@ Type: `boolean` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.
 
 Insecure allows Insecure traffic
 
+***
+
+### .status.target.type
+
+Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/networking/v1alpha1/route_status_target.go#L34)</sup>
+
+Type define destination type
+

pkg/apis/networking/v1alpha1/route_spec_destination.go

@@ -26,6 +26,9 @@ type ArangoRouteSpecDestination struct {
 	// Service defines service upstream reference
 	Service *ArangoRouteSpecDestinationService `json:"service,omitempty"`
 
+	// Endpoints defines service upstream reference - which is used to find endpoints
+	Endpoints *ArangoRouteSpecDestinationEndpoints `json:"endpoints,omitempty"`
+
 	// Schema defines HTTP/S schema used for connection
 	Schema *ArangoRouteSpecDestinationSchema `json:"schema,omitempty"`
 
@@ -47,6 +50,14 @@ func (a *ArangoRouteSpecDestination) GetService() *ArangoRouteSpecDestinationSer
 	return a.Service
 }
 
+func (a *ArangoRouteSpecDestination) GetEndpoints() *ArangoRouteSpecDestinationEndpoints {
+	if a == nil || a.Endpoints == nil {
+		return nil
+	}
+
+	return a.Endpoints
+}
+
 func (a *ArangoRouteSpecDestination) GetSchema() *ArangoRouteSpecDestinationSchema {
 	if a == nil || a.Schema == nil {
 		return nil
@@ -85,7 +96,9 @@ func (a *ArangoRouteSpecDestination) Validate() error {
 	}
 
 	if err := shared.WithErrors(
+		shared.ValidateExclusiveFields(a, 1, "Service", "Endpoints"),
 		shared.ValidateOptionalInterfacePath("service", a.Service),
+		shared.ValidateOptionalInterfacePath("endpoints", a.Endpoints),
 		shared.ValidateOptionalInterfacePath("schema", a.Schema),
 		shared.ValidateOptionalInterfacePath("tls", a.TLS),
 		shared.ValidateOptionalInterfacePath("authentication", a.Authentication),

pkg/apis/networking/v1alpha1/route_spec_destination_authentication.go

@@ -25,8 +25,16 @@ import (
 )
 
 type ArangoRouteSpecDestinationAuthentication struct {
+	// PassMode define authorization details pass mode when authorization was successful
+	// +doc/enum: override|Generates new token for the user
+	// +doc/enum: pass|Pass token provided by the user
+	// +doc/enum: remove|Removes authorization details from the request
 	PassMode *ArangoRouteSpecAuthenticationPassMode `json:"passMode,omitempty"`
-	Type     *ArangoRouteSpecAuthenticationType     `json:"type,omitempty"`
+
+	// Type of the authentication
+	// +doc/enum: optional|Authentication is header is validated and passed to the service. In case if is unauthorized, requests is still passed
+	// +doc/enum: required|Authentication is header is validated and passed to the service. In case if is unauthorized, returns 403
+	Type *ArangoRouteSpecAuthenticationType `json:"type,omitempty"`
 }
 
 func (a *ArangoRouteSpecDestinationAuthentication) GetType() ArangoRouteSpecAuthenticationType {

pkg/apis/networking/v1alpha1/route_spec_destination_endpoint.go

@@ -0,0 +1,59 @@
+//
+// DISCLAIMER
+//
+// Copyright 2024 ArangoDB GmbH, Cologne, Germany
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Copyright holder is ArangoDB GmbH, Cologne, Germany
+//
+
+package v1alpha1
+
+import (
+	"k8s.io/apimachinery/pkg/util/intstr"
+
+	shared "github.com/arangodb/kube-arangodb/pkg/apis/shared"
+	sharedApi "github.com/arangodb/kube-arangodb/pkg/apis/shared/v1"
+)
+
+type ArangoRouteSpecDestinationEndpoints struct {
+	// Keeps information on the service, which maps then to the endpoints
+	*sharedApi.Object `json:",inline,omitempty"`
+
+	// Port defines Port or Port Name used as destination
+	// +doc/type: intstr.IntOrString
+	Port *intstr.IntOrString `json:"port,omitempty"`
+}
+
+func (a *ArangoRouteSpecDestinationEndpoints) GetPort() *intstr.IntOrString {
+	if a == nil || a.Port == nil {
+		return nil
+	}
+
+	return a.Port
+}
+
+func (a *ArangoRouteSpecDestinationEndpoints) Validate() error {
+	if a == nil {
+		a = &ArangoRouteSpecDestinationEndpoints{}
+	}
+
+	if err := shared.WithErrors(a.Object.Validate(), shared.ValidateRequiredPath("port", a.Port, func(i intstr.IntOrString) error {
+		return nil
+	})); err != nil {
+		return err
+	}
+
+	return nil
+}

pkg/apis/networking/v1alpha1/route_spec_destination_service.go

@@ -32,7 +32,6 @@ type ArangoRouteSpecDestinationService struct {
 
 	// Port defines Port or Port Name used as destination
 	// +doc/type: intstr.IntOrString
-	// +doc/link: Documentation|https://kubernetes.io/docs/tasks/administer-cluster/sysctl-cluster/
 	Port *intstr.IntOrString `json:"port,omitempty"`
 }
 

pkg/apis/networking/v1alpha1/route_status_target.go

@@ -30,6 +30,9 @@ type ArangoRouteStatusTarget struct {
 	// Destinations keeps target destinations
 	Destinations ArangoRouteStatusTargetDestinations `json:"destinations,omitempty"`
 
+	// Type define destination type
+	Type ArangoRouteStatusTargetType `json:"type,omitempty"`
+
 	// TLS Keeps target TLS Settings (if not nil, TLS is enabled)
 	TLS *ArangoRouteStatusTargetTLS `json:"TLS,omitempty"`
 
@@ -64,5 +67,5 @@ func (a *ArangoRouteStatusTarget) Hash() string {
 	if a == nil {
 		return ""
 	}
-	return util.SHA256FromStringArray(a.Destinations.Hash(), a.TLS.Hash(), a.Path, a.Authentication.Hash())
+	return util.SHA256FromStringArray(a.Destinations.Hash(), a.Type.Hash(), a.TLS.Hash(), a.Path, a.Authentication.Hash())
 }

pkg/apis/networking/v1alpha1/route_status_target_type.go

@@ -0,0 +1,34 @@
+//
+// DISCLAIMER
+//
+// Copyright 2024 ArangoDB GmbH, Cologne, Germany
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Copyright holder is ArangoDB GmbH, Cologne, Germany
+//
+
+package v1alpha1
+
+import "github.com/arangodb/kube-arangodb/pkg/util"
+
+type ArangoRouteStatusTargetType string
+
+func (a ArangoRouteStatusTargetType) Hash() string {
+	return util.SHA256FromString(string(a))
+}
+
+const (
+	ArangoRouteStatusTargetServiceType   ArangoRouteStatusTargetType = "service"
+	ArangoRouteStatusTargetEndpointsType ArangoRouteStatusTargetType = "endpoints"
+)