feat: reconcile control planes and workspace proxies

README.md

@@ -4,8 +4,10 @@
 
 `coder-k8s` is a Go-based Kubernetes control-plane project with two app modes:
 
-- A `controller-runtime` operator for managing `CoderControlPlane` resources (`coder.com/v1alpha1`).
-- An aggregated API server for `CoderWorkspace` and `CoderTemplate` resources (`aggregation.coder.com/v1alpha1`).
+- A `controller-runtime` operator for managing `CoderControlPlane` and
+  `WorkspaceProxy` resources (`coder.com/v1alpha1`).
+- An aggregated API server for `CoderWorkspace` and `CoderTemplate` resources
+  (`aggregation.coder.com/v1alpha1`).
 
 ## Prerequisites
 

api/v1alpha1/codercontrolplane_types.go

@@ -1,17 +1,45 @@
 package v1alpha1
 
-import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+import (
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+const (
+	// CoderControlPlanePhasePending indicates the control plane has not reported ready yet.
+	CoderControlPlanePhasePending = "Pending"
+	// CoderControlPlanePhaseReady indicates at least one control plane pod is ready.
+	CoderControlPlanePhaseReady = "Ready"
+)
 
 // CoderControlPlaneSpec defines the desired state of a CoderControlPlane.
 type CoderControlPlaneSpec struct {
-	// Image is the placeholder container image for the control plane deployment.
+	// Image is the container image used for the Coder control plane pod.
 	Image string `json:"image,omitempty"`
+	// Replicas is the desired number of control plane pods.
+	Replicas *int32 `json:"replicas,omitempty"`
+	// Service controls the service created in front of the control plane.
+	Service ServiceSpec `json:"service,omitempty"`
+	// ExtraArgs are appended to the default Coder server arguments.
+	ExtraArgs []string `json:"extraArgs,omitempty"`
+	// ExtraEnv are injected into the Coder control plane container.
+	ExtraEnv []corev1.EnvVar `json:"extraEnv,omitempty"`
+	// ImagePullSecrets are used by the pod to pull private images.
+	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
 }
 
 // CoderControlPlaneStatus defines the observed state of a CoderControlPlane.
 type CoderControlPlaneStatus struct {
-	// Phase is a placeholder status field for future reconciliation stages.
+	// ObservedGeneration tracks the spec generation this status reflects.
+	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
+	// ReadyReplicas is the number of ready pods observed in the deployment.
+	ReadyReplicas int32 `json:"readyReplicas,omitempty"`
+	// URL is the in-cluster URL for the control plane service.
+	URL string `json:"url,omitempty"`
+	// Phase is a high-level readiness indicator.
 	Phase string `json:"phase,omitempty"`
+	// Conditions are Kubernetes-standard conditions for this resource.
+	Conditions []metav1.Condition `json:"conditions,omitempty"`
 }
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

api/v1alpha1/types_shared.go

@@ -0,0 +1,26 @@
+package v1alpha1
+
+import corev1 "k8s.io/api/core/v1"
+
+const (
+	// DefaultTokenSecretKey is the default key used for proxy session tokens.
+	DefaultTokenSecretKey = "token"
+)
+
+// ServiceSpec defines the Service configuration reconciled by the operator.
+type ServiceSpec struct {
+	// Type controls the Kubernetes service type.
+	Type corev1.ServiceType `json:"type,omitempty"`
+	// Port controls the exposed service port.
+	Port int32 `json:"port,omitempty"`
+	// Annotations are applied to the reconciled service object.
+	Annotations map[string]string `json:"annotations,omitempty"`
+}
+
+// SecretKeySelector identifies a key in a Secret.
+type SecretKeySelector struct {
+	// Name is the Kubernetes Secret name.
+	Name string `json:"name"`
+	// Key is the key inside the Secret data map.
+	Key string `json:"key,omitempty"`
+}

api/v1alpha1/workspaceproxy_types.go

@@ -0,0 +1,97 @@
+package v1alpha1
+
+import (
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+const (
+	// WorkspaceProxyPhasePending indicates the proxy deployment is not ready.
+	WorkspaceProxyPhasePending = "Pending"
+	// WorkspaceProxyPhaseReady indicates at least one proxy pod is ready.
+	WorkspaceProxyPhaseReady = "Ready"
+)
+
+// ProxyBootstrapSpec configures optional registration with the Coder API.
+type ProxyBootstrapSpec struct {
+	// CoderURL is the URL for the primary Coder control plane API.
+	CoderURL string `json:"coderURL"`
+	// CredentialsSecretRef points to a Secret containing a Coder session token.
+	CredentialsSecretRef SecretKeySelector `json:"credentialsSecretRef"`
+	// ProxyName is the name used when registering the proxy in Coder.
+	ProxyName string `json:"proxyName,omitempty"`
+	// DisplayName is the human-readable name for the proxy region.
+	DisplayName string `json:"displayName,omitempty"`
+	// Icon is the optional icon URL or emoji path for the proxy region.
+	Icon string `json:"icon,omitempty"`
+	// GeneratedTokenSecretName stores the generated proxy token.
+	GeneratedTokenSecretName string `json:"generatedTokenSecretName,omitempty"`
+}
+
+// WorkspaceProxySpec defines the desired state of a WorkspaceProxy.
+type WorkspaceProxySpec struct {
+	// Image is the container image used for the workspace proxy pod.
+	Image string `json:"image,omitempty"`
+	// Replicas is the desired number of proxy pods.
+	Replicas *int32 `json:"replicas,omitempty"`
+	// Service controls the service created in front of the workspace proxy.
+	Service ServiceSpec `json:"service,omitempty"`
+	// PrimaryAccessURL is the coderd URL the proxy should connect to.
+	PrimaryAccessURL string `json:"primaryAccessURL,omitempty"`
+	// ProxySessionTokenSecretRef points to a Secret key containing the proxy token.
+	ProxySessionTokenSecretRef *SecretKeySelector `json:"proxySessionTokenSecretRef,omitempty"`
+	// Bootstrap optionally registers the proxy and mints a proxy token.
+	Bootstrap *ProxyBootstrapSpec `json:"bootstrap,omitempty"`
+	// DerpOnly configures the workspace proxy to only serve DERP traffic.
+	DerpOnly bool `json:"derpOnly,omitempty"`
+	// ExtraArgs are appended to the default workspace proxy arguments.
+	ExtraArgs []string `json:"extraArgs,omitempty"`
+	// ExtraEnv are injected into the workspace proxy container.
+	ExtraEnv []corev1.EnvVar `json:"extraEnv,omitempty"`
+	// ImagePullSecrets are used by the pod to pull private images.
+	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
+}
+
+// WorkspaceProxyStatus defines the observed state of a WorkspaceProxy.
+type WorkspaceProxyStatus struct {
+	// ObservedGeneration tracks the spec generation this status reflects.
+	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
+	// ReadyReplicas is the number of ready pods observed in the deployment.
+	ReadyReplicas int32 `json:"readyReplicas,omitempty"`
+	// Registered reports whether bootstrap registration completed successfully.
+	Registered bool `json:"registered,omitempty"`
+	// ProxyTokenSecretRef is the Secret used for the proxy session token.
+	ProxyTokenSecretRef *SecretKeySelector `json:"proxyTokenSecretRef,omitempty"`
+	// Phase is a high-level readiness indicator.
+	Phase string `json:"phase,omitempty"`
+	// Conditions are Kubernetes-standard conditions for this resource.
+	Conditions []metav1.Condition `json:"conditions,omitempty"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:object:root=true
+// +kubebuilder:resource:scope=Namespaced
+// +kubebuilder:subresource:status
+
+// WorkspaceProxy is the schema for Coder workspace proxy resources.
+type WorkspaceProxy struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   WorkspaceProxySpec   `json:"spec,omitempty"`
+	Status WorkspaceProxyStatus `json:"status,omitempty"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:object:root=true
+
+// WorkspaceProxyList contains a list of WorkspaceProxy objects.
+type WorkspaceProxyList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []WorkspaceProxy `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&WorkspaceProxy{}, &WorkspaceProxyList{})
+}