feat(cloudflare): add functionality to manage loadbalancers on cloudflare

go.mod

@@ -8,7 +8,7 @@ require (
 	github.com/afiskon/promtail-client v0.0.0-20190305142237-506f3f921e9c
 	github.com/aws/aws-sdk-go v1.40.45
 	github.com/caos/oidc v1.0.0
-	github.com/cloudflare/cloudflare-go v0.23.0
+	github.com/cloudflare/cloudflare-go v0.28.0
 	github.com/cloudscale-ch/cloudscale-go-sdk v1.7.1
 	github.com/getsentry/sentry-go v0.11.0
 	github.com/ghodss/yaml v1.0.0

internal/ctrlcrd/networking/networking.go

@@ -2,7 +2,9 @@ package networking
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"github.com/caos/orbos/internal/operator/networking/kinds/networking/legacycf/config"
 
 	"github.com/caos/orbos/internal/api/networking"
 	v1 "github.com/caos/orbos/internal/api/networking/v1"
@@ -39,8 +41,13 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (res ctrl.
 		return res, err
 	}
 
-	query, _, _, _, _, err := orbnw.AdaptFunc(ctx, &r.Version, false)(internalMonitor, desired, &tree.Tree{})
+	query, _, _, _, _, err := orbnw.AdaptFunc(ctx, "", &r.Version, false)(internalMonitor, desired, &tree.Tree{})
 	if err != nil {
+
+		if errors.Is(err, config.ErrNoLBID) {
+			return res, fmt.Errorf("crd mode doesn't support specifying a loadbalancer yet")
+		}
+
 		return res, err
 	}
 

internal/ctrlgitops/networking.go

@@ -33,7 +33,7 @@ func Networking(ctx context.Context, monitor mntr.Monitor, orbConfigPath string,
 			return err
 		}
 
-		takeoff := networking.Takeoff(monitor, gitClient, orb.AdaptFunc(ctx, binaryVersion, true), k8sClient)
+		takeoff := networking.Takeoff(monitor, gitClient, orb.AdaptFunc(ctx, orbConfig.URL, binaryVersion, true), k8sClient)
 
 		go func() {
 			defer func() { monitor.RecoverPanic(recover()) }()

internal/operator/networking/kinds/networking/legacycf/adapt.go

@@ -18,6 +18,7 @@ import (
 func AdaptFunc(
 	ctx context.Context,
 	namespace string,
+	id string,
 	operatorLabels *labels.Operator,
 ) opcore.AdaptFunc {
 	return func(
@@ -53,7 +54,7 @@ func AdaptFunc(
 			return nil, nil, nil, nil, false, err
 		}
 
-		internalSpec, current := desiredKind.Spec.Internal(namespace, apiLabels)
+		internalSpec, current := desiredKind.Spec.Internal(id, namespace, apiLabels)
 
 		legacyQuerier, legacyDestroyer, readyCertificate, err := adaptFunc(ctx, monitor, internalSpec)
 		if err != nil {

internal/operator/networking/kinds/networking/legacycf/app/app.go

@@ -18,8 +18,8 @@ type App struct {
 	internalPrefix string
 }
 
-func New(user string, key string, userServiceKey string, groups map[string][]string, internalPrefix string) (*App, error) {
-	api, err := cloudflare.New(user, key, userServiceKey)
+func New(ctx context.Context, accountName string, user string, key string, userServiceKey string, groups map[string][]string, internalPrefix string) (*App, error) {
+	api, err := cloudflare.New(ctx, accountName, user, key, userServiceKey)
 	if err != nil {
 		return nil, err
 	}
@@ -39,10 +39,95 @@ func (a *App) AddInternalPrefix(desc string) string {
 	return strings.Join([]string{a.internalPrefix, desc}, " ")
 }
 
-func (a *App) Ensure(ctx context.Context, k8sClient kubernetes.ClientInt, namespace string, domain string, subdomains []*config.Subdomain, rules []*config.Rule, originCALabels *labels.Name) error {
+type additionalInfos struct {
+	name      string
+	subdomain string
+	clusterID string
+	region    string
+}
+
+func (a *App) Ensure(
+	ctx context.Context,
+	id string,
+	k8sClient kubernetes.ClientInt,
+	namespace string,
+	domain string,
+	subdomains []*config.Subdomain,
+	rules []*config.Rule,
+	originCALabels *labels.Name,
+	lbs []*config.LoadBalancer,
+) error {
 	firewallRulesInt := make([]*cloudflare.FirewallRule, 0)
 	filtersInt := make([]*cloudflare.Filter, 0)
 	recordsInt := make([]*cloudflare.DNSRecord, 0)
+	poolsInt := make([]*cloudflare.LoadBalancerPool, 0)
+	lbsInt := make([]*cloudflare.LoadBalancer, 0)
+	lbsAdditionalInt := make([]*additionalInfos, 0)
+
+	if lbs != nil {
+		for _, lb := range lbs {
+			for name, ip := range lb.Pool {
+				originsInt := []*cloudflare.LoadBalancerOrigin{{
+					Name:    name,
+					Address: ip,
+					Enabled: true,
+				}}
+				poolsInt = append(poolsInt, &cloudflare.LoadBalancerPool{
+					Name:        getPoolName(lb.Subdomain, domain, lb.Region, lb.ClusterID),
+					Description: id,
+					Enabled:     true,
+					Origins:     originsInt,
+				})
+			}
+		}
+	}
+
+	destroyPools, err := a.EnsureLoadBalancerPools(ctx, id, poolsInt)
+	if err != nil {
+		return err
+	}
+
+	if lbs != nil {
+		for _, lb := range lbs {
+			//ids get filled in the EnsureLoadBalancerPools-function
+			poolNames := []string{}
+			if poolsInt != nil {
+				for _, poolInt := range poolsInt {
+					if poolInt.Name == getPoolName(lb.Subdomain, domain, lb.Region, lb.ClusterID) {
+						poolNames = append(poolNames, poolInt.ID)
+					}
+				}
+			}
+
+			enabled := lb.Enabled
+			lbsInt = append(lbsInt, &cloudflare.LoadBalancer{
+				Name:         config.GetLBName(lb.Subdomain, domain),
+				DefaultPools: poolNames,
+				//the first pool is fallback pool for now
+				FallbackPool:   poolNames[0],
+				Enabled:        &enabled,
+				Proxied:        true,
+				SteeringPolicy: "random",
+			})
+			lbsAdditionalInt = append(lbsAdditionalInt, &additionalInfos{
+				name:      config.GetLBName(lb.Subdomain, domain),
+				clusterID: lb.ClusterID,
+				region:    lb.Region,
+				subdomain: lb.Subdomain,
+			})
+		}
+	}
+
+	if err := a.EnsureLoadBalancers(ctx, id, domain, lbsInt, lbsAdditionalInt); err != nil {
+		return err
+	}
+
+	//pools have to be deleted after the reference in the lbs is deleted
+	if destroyPools() != nil {
+		if err := destroyPools(); err != nil {
+			return err
+		}
+	}
 
 	for _, record := range subdomains {
 
@@ -69,7 +154,7 @@ func (a *App) Ensure(ctx context.Context, k8sClient kubernetes.ClientInt, namesp
 		})
 	}
 
-	err := a.EnsureDNSRecords(ctx, domain, recordsInt)
+	err = a.EnsureDNSRecords(ctx, domain, recordsInt)
 	if err != nil {
 		return err
 	}