Feature/absorb volume data manager#48
Draft
AleksZimin wants to merge 5 commits into
Draft
Conversation
Migrate the DataExport/DataImport API types and the shared common library from storage-volume-data-manager into storage-foundation (single storage.deckhouse.io/v1alpha1 group). - api/v1alpha1: add DataExport/DataImport(+List) and their sub-types, shared DataExportImportStatus/DataArtifactReference and consts; register the new kinds in AddKnownTypes; add SchemeGroupVersion alias for compatibility with migrated code. Root types use kubebuilder object:root, sub-types keep k8s:deepcopy-gen; deepcopy regenerated via controller-gen. - common/: new Go module github.com/deckhouse/storage-foundation/common (replace ../api); registry secret, leader-election ID and fallback namespace rebranded to storage-foundation. - crds: hand-curated dataexports/dataimports (+doc-ru) at crds/ root and vendored volumepopulators; generate_code.sh now emits generated CRDs to crds/internal and drops the curated DataExport/DataImport duplicates. Signed-off-by: Aleksandr Zimin <alexandr.zimin@flant.com>
…data-source-validator Migrate the container build trees from storage-volume-data-manager. - images/data-manager-controller: DataExport/DataImport reconcilers (renamed from upstream images/controller); Go module github.com/deckhouse/storage-foundation/images/data-manager-controller with replace ../../api and ../../common. Dead pkg/config and pkg/logger are dropped (controller uses common/config); dev-only Makefile/Dockerfile dropped in favour of werf.inc.yaml. - images/data-exporter, images/populator: data plane + lib-volume-populator driver, same module-path rebrand and replace directives. - images/data-source-validator: upstream kubernetes-csi volume-data-source-validator pinned to a fixed commit + health/ready probe patch. - werf.inc.yaml rewritten in storage-foundation style (from: index $.Images, src-artifact adds api+common+images/<name>); oss.yaml gains a data-source-validator component entry for license/dmtlint tracking. Signed-off-by: Aleksandr Zimin <alexandr.zimin@flant.com>
Merge the DataExport admission validator from storage-volume-data-manager into the storage-foundation webhooks image: - add handlers/deValidator.go (+test): structural and bare-VSC security checks on DataExport CREATE, with the api import rebranded to github.com/deckhouse/storage-foundation/api/v1alpha1 - add handlers/validating.go: NewValidatingWebhookHandler factory kept separate from the existing mutating handler in func.go - wire the /dataexport-validate route and dev1alpha1 import into cmd/main.go - require + replace github.com/deckhouse/storage-foundation/api and add api to the werf build context includePaths - add ValidatingWebhookConfiguration d8-storage-foundation-dataexport-validation Signed-off-by: Aleksandr Zimin <alexandr.zimin@flant.com>
…ooks Add the Helm templates, RBAC and finalizer-cleanup wiring for the migrated DataExport/DataImport feature (hybrid design: a dedicated data-manager controller image, validator merged into the shared webhooks server): - templates/data-manager-controller: Deployment/VPA/PDB + SA/Role/ClusterRole and a cross-namespace Role in d8-user-authn, named data-manager-controller to avoid colliding with the existing VCR/VRR controller. Container env follows common/config + common/publish: numeric LOG_LEVEL, CONTROLLER_NAMESPACE, HA_MODE (gates leader election), ingressClassName/ingressPublicDomain. - templates/configmap.yaml (data-exporter-image), templates/data-exporter, templates/data-source-validator, templates/populator (populator runs under the data-manager-controller ServiceAccount). - merge dataexports/dataimports into admin-kubeconfig, user-authz user and cluster-editor, and rbacv2 use view/edit roles (download subresource kept out of broad roles by least-privilege policy). - hooks/go/consts: register DataExport/DataImport for finalizer removal and the dataexport-validation webhook configuration for deletion on module delete. Signed-off-by: Aleksandr Zimin <alexandr.zimin@flant.com>
Document the migrated DataExport/DataImport feature in the storage-foundation module docs: - README (en/ru): add an HTTP-based export/import overview with the ttl and publish key parameters. - USAGE (en/ru): add d8 quick start (correct per-command syntax: export takes a <type>/<name> target, import takes a PVC manifest via -f), a raw-manifest workflow with certificate/token authentication, and an HTTP API reference for filesystem and block export/import. - CR (en/ru): list DataExport/DataImport in the custom resources description. - module.yaml: mention secure HTTP export/import in the module description. The public URL format and the d8 create commands were corrected against the controller (publish.EnsureIngressResource builds the api.<public-domain> host) and the deckhouse-cli implementation. Signed-off-by: Aleksandr Zimin <alexandr.zimin@flant.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Why do we need it, and what problem does it solve?
What is the expected result?
Checklist