Feature: Service Sync (#51)

This PR implements the Service Sync feature. The purpose of this feature
is to facilitate exposing a service in one cluster to other clusters,
using Cilium Global Services.

It implements all the behaviors described in
[docs/service-sync.md](https://github.com/powerhome/keess/blob/main/docs/service-sync.md).

In a high level overview, this PR
- Implements service sync create and update flows
- Refactors package structure, moving service sync to a subpackage and
renaming main package
- Implements service orphan handling

It does not implement managed namespace deletion, that is left for
another version.

## Notes about the code

- I did an extensive work on the Go E2E tests, trying my best to make
them correct, readable, and covering most if not all from Service Sync
functionality.
- Now for the unit tests (the new ones, for service), they are mostly
the exact thing generated by AI. Quite incomplete, not so good quality,
but don't seem to be harmful either. So I left them there, but I think
we should move on with this and not wait for me to improve them now.
- I placed a few TODO notes on places I believe to be good spots for
unit tests, but left that for the future.

## How this was tested

This code is passing tests-e2e (new) and tests-python-e2e (old).
Together those are covering most functionality of the operator (both
namespace sync and cluster sync).

## How to run tests

```shell
# Create the clusters
make setup-local-clusters-with-keess

# Run tests
make tests
make tests-e2e
make tests-python-e2e

# or run make tests-all
```

---------

Co-authored-by: Copilot <[email protected]>

Author: dgmorales

.gitignore

@@ -35,6 +35,7 @@ _testmain.go
 apiserver.local.config/**
 .DS_Store
 .vscode
-keess
+/keess
 coverage.*
 localTestKubeconfig
+localInternalTestKubeconfig

Makefile

@@ -2,7 +2,10 @@
 PROJECT_NAME := "keess"
 DOCKER_IMAGE_NAME := "keess"
 DOCKER_TAG := "latest"
+# this file will host kubeconfig for local clusters created with kind
 LOCAL_TEST_KUBECONFIG_FILE := "localTestKubeconfig"
+# this file will host the same kubeconfig, but to be used within the clusters themselves
+LOCAL_INTERNAL_TEST_KUBECONFIG_FILE := "localInternalTestKubeconfig"
 LOCAL_CLUSTER := "kind-source-cluster"
 K8S_VERSION_PAC_V1 := v1.22.17
 K8S_VERSION := v1.32.2
@@ -15,12 +18,13 @@ ARCH := $(shell uname -m | sed 's/x86_64/amd64/;s/arm64/arm64/;s/aarch64/arm64/'
 GOBASE := $(shell pwd)
 GOBIN := $(GOBASE)/bin
 
-.PHONY: build docker-build coverage run docker-run create-local-clusters delete-local-clusters local-docker-run help create-local-clusters-pac-v1 install-cilium-cli install-cilium-to-clusters tests e2e-tests python-e2e-tests
+.PHONY: build docker-build coverage run docker-run create-local-clusters create-local-clusters-pac-v1 delete-local-clusters install-cilium-cli install-cilium-to-clusters install-keess setup-local-clusters setup-local-clusters-with-keess local-docker-run tests tests-e2e tests-python-e2e help
 
 # Build the project
 build:
 	@echo "Building $(GOBIN)/$(PROJECT_NAME)..."
-	@GOBIN=$(GOBIN) go build -o $(GOBIN)/$(PROJECT_NAME) $(GOBASE)
+	mkdir -p $(GOBIN)
+	GOBIN=$(GOBIN) go build -o $(GOBIN)/$(PROJECT_NAME) $(GOBASE)
 
 # Build Docker image
 docker-build:
@@ -38,7 +42,7 @@ coverage:
 # Target to execute the application
 run: build
 	@echo "Running the application..."
-	@./bin/keess run --localCluster=$(LOCAL_CLUSTER) --logLevel=debug --kubeConfigPath=$(LOCAL_TEST_KUBECONFIG_FILE) --pollingInterval=10 --housekeepingInterval=10 --namespacePollingInterval=10
+	@$(GOBIN)/$(PROJECT_NAME) run --localCluster=$(LOCAL_CLUSTER) --logLevel=debug --kubeConfigPath=$(LOCAL_TEST_KUBECONFIG_FILE) --pollingInterval=10 --housekeepingInterval=10 --namespacePollingInterval=10
 
 # Target to run the Docker image with the .kube directory mounted
 docker-run:
@@ -52,16 +56,20 @@ create-local-clusters-pac-v1:
 
 # Target to start local kube clusters for testing purposes
 create-local-clusters:
-	@kind create cluster --image=kindest/node:$(K8S_VERSION) -n source-cluster --kubeconfig $(LOCAL_TEST_KUBECONFIG_FILE) --config extra/kind-config-1.yaml
-	@kind create cluster --image=kindest/node:$(K8S_VERSION) -n destination-cluster --kubeconfig $(LOCAL_TEST_KUBECONFIG_FILE) --config extra/kind-config-2.yaml
+	kind create cluster --image=kindest/node:$(K8S_VERSION) -n source-cluster --kubeconfig $(LOCAL_TEST_KUBECONFIG_FILE) --config tests/kind-config-1.yaml
+	kind create cluster --image=kindest/node:$(K8S_VERSION) -n destination-cluster --kubeconfig $(LOCAL_TEST_KUBECONFIG_FILE) --config tests/kind-config-2.yaml
+	KUBECONFIG=$(LOCAL_INTERNAL_TEST_KUBECONFIG_FILE) kind export kubeconfig -n source-cluster --internal
+	KUBECONFIG=$(LOCAL_INTERNAL_TEST_KUBECONFIG_FILE) kind export kubeconfig -n destination-cluster --internal
+
 
 # Target to delete local kube clusters
 delete-local-clusters:
 	@kind delete clusters source-cluster destination-cluster
 
 $(GOBIN)/cilium:
-	@curl -sL https://github.com/cilium/cilium-cli/releases/download/$(CILIUM_CLI_VERSION)/cilium-$(OS)-$(ARCH).tar.gz | tar -xzf - -C $(GOBIN);
-	@chmod +x $(GOBIN)/cilium
+	mkdir -p $(GOBIN)
+	curl -sL https://github.com/cilium/cilium-cli/releases/download/$(CILIUM_CLI_VERSION)/cilium-$(OS)-$(ARCH).tar.gz | tar -xzf - -C $(GOBIN);
+	chmod +x $(GOBIN)/cilium
 
 install-cilium-cli: $(GOBIN)/cilium
 
@@ -79,9 +87,32 @@ install-cilium-to-clusters: install-cilium-cli
 	$(GOBIN)/cilium clustermesh status --wait --kubeconfig $(LOCAL_TEST_KUBECONFIG_FILE) --context kind-source-cluster
 	$(GOBIN)/cilium clustermesh status --wait --kubeconfig $(LOCAL_TEST_KUBECONFIG_FILE) --context kind-destination-cluster
 
-# Fully prepare local clusters for testing purposes
+install-keess: build docker-build
+	@echo "Installing or updating Keess on local clusters..."
+	kind load docker-image $(DOCKER_IMAGE_NAME):$(DOCKER_TAG) --name source-cluster
+	helm upgrade --install keess chart \
+		--kubeconfig $(LOCAL_TEST_KUBECONFIG_FILE) --kube-context kind-source-cluster \
+		--namespace keess --create-namespace \
+		--set localCluster=kind-source-cluster \
+		--set-file config.kubeconfigContent=$(LOCAL_INTERNAL_TEST_KUBECONFIG_FILE) \
+		--values tests/helm-values.yaml
+	kind load docker-image $(DOCKER_IMAGE_NAME):$(DOCKER_TAG) --name destination-cluster
+	helm upgrade --install keess chart \
+		--kubeconfig $(LOCAL_TEST_KUBECONFIG_FILE) --kube-context kind-destination-cluster \
+		--namespace keess --create-namespace \
+		--set localCluster=kind-destination-cluster \
+		--set-file config.kubeconfigContent=$(LOCAL_INTERNAL_TEST_KUBECONFIG_FILE) \
+		--values tests/helm-values.yaml
+	@echo "Make sure we restart Keess pods to apply changes..."
+	kubectl --kubeconfig $(LOCAL_TEST_KUBECONFIG_FILE) --context kind-source-cluster -n keess delete pod --all
+	kubectl --kubeconfig $(LOCAL_TEST_KUBECONFIG_FILE) --context kind-destination-cluster -n keess delete pod --all
+
+# Fully prepare local clusters for testing with Keess running outside of the clusters (with make run)
 setup-local-clusters: create-local-clusters install-cilium-to-clusters
 
+# Fully prepare local clusters for testing with Keess running inside the clusters
+setup-local-clusters-with-keess: setup-local-clusters install-keess
+
 # Target to run the Docker image with local test kubeconfig mounted
 local-docker-run:
 	@echo "Running Docker image with $(LOCAL_TEST_KUBECONFIG_FILE) mounted..."
@@ -99,24 +130,24 @@ local-docker-run:
 			--namespacePollingInterval=10 \
 			--logLevel=debug
 
-# Run tests
+# Run unit tests only (excludes e2e tests in /tests directory)
 tests:
 	@echo "Running Unit tests..."
-	@go test ./...
+	go test $(shell go list ./... | grep -v /tests)
 
 # Run e2e tests (requires local clusters to be running)
 tests-e2e:
 	@echo "Running e2e tests..."
 	@echo "Make sure local clusters are running (use 'make setup-local-clusters' if needed)"
-	@cd tests && ginkgo -v
+	@cd tests/e2e && ginkgo -v
 
 # Original e2e tests on python
 tests-python-e2e:
 	@echo "Running python e2e tests on docker ..."
 	@echo "Building keess-test image"
-	@docker build -f Dockerfile.localTest -t keess-test:1.0 .
+	docker build -f Dockerfile.localTest -t keess-test:1.0 .
 	@echo "Run container ..."
-	@docker run \
+	docker run \
 		-it \
 		--rm \
 		--mount type=bind,source="./$(LOCAL_TEST_KUBECONFIG_FILE)",target=/root/.kube/config,readonly \
@@ -125,6 +156,10 @@ tests-python-e2e:
 		keess-test:1.0 \
 		python test.py
 
+# Run all tests (unit + e2e)
+tests-all: tests tests-e2e tests-python-e2e
+
+
 # Help
 help:
 	@echo "--------------------------------"
@@ -135,8 +170,11 @@ help:
 	@echo "coverage                        - Generate and view code coverage report"
 	@echo "run                             - Run the application from local machine build"
 	@echo "setup-local-clusters            - Create 2 clusters locally using Kind ready for testing for PAC-V2 (includes Cilium)"
-	@echo "tests                           - Run Unit tests"
-	@echo "tests-e2e                       - Run e2e tests (requires local clusters)"
+	@echo "setup-local-clusters-with-keess - Create 2 clusters locally with Keess running inside the clusters"
+	@echo "tests                           - Run Unit tests only"
+	@echo "tests-e2e                       - Run e2e tests (cluster sync focused, requires local clusters)"
+	@echo "tests-python-e2e                - Run python e2e tests using docker (namespace sync focused)"
+	@echo "tests-all                       - Run all tests (unit + e2e)"
 	@echo "delete-local-clusters           - Delete the 2 local clusters created with Kind"
 	@echo "--------------------------------"
 	@echo "## Other Makefile commands:"
@@ -145,6 +183,6 @@ help:
 	@echo "create-local-clusters-pac-v1    - Create 2 clusters locally using Kind with PAC-V1 Kubernetes version (no Cilium)"
 	@echo "install-cilium-cli              - Install Cilium CLI on the local machine"
 	@echo "install-cilium-to-clusters      - Install Cilium on the local clusters"
+	@echo "install-keess                   - Install Keess on local clusters using Helm"
 	@echo "docker-run                      - Run the Docker image with .kube directory mounted"
 	@echo "local-docker-run                - Run the application locally using docker and pointing to the local cluster created with Kind"
-	@echo "tests-python-e2e                - Run python e2e tests using docker"

README.md

@@ -1,12 +1,13 @@
 
-# Keess: Kubernetes Secrets and ConfigMaps Synchronization
+# Keess: Kubernetes Secrets, ConfigMaps, and Services Synchronization
 
-Keess (Keep Stuff Synchronized) is a versatile command-line tool designed to synchronize secrets and configmaps across different namespaces and Kubernetes clusters. Built with simplicity and efficiency in mind, it ensures that your Kubernetes environments are consistently updated, secure, and easy to manage.
+Keess (Keep Stuff Synchronized) is a versatile command-line tool designed to synchronize secrets, configmaps, and services across different namespaces and Kubernetes clusters. Built with simplicity and efficiency in mind, it ensures that your Kubernetes environments are consistently updated, secure, and easy to manage.
 
 ## Features
 
-- **Cross-Namespace Synchronization**: Effortlessly sync secrets and configmaps across multiple namespaces within a single Kubernetes cluster.
+- **Cross-Namespace Synchronization**: Effortlessly sync secrets, configmaps, and services across multiple namespaces within a single Kubernetes cluster.
 - **Inter-Cluster Synchronization**: Extend your synchronization capabilities to multiple clusters, keeping your configurations consistent across different environments.
+- **Service Synchronization**: Sync services across clusters using Cilium Global Services, enabling seamless cross-cluster service access.
 - **Secure and Reliable**: Implements robust mechanisms to securely transfer sensitive information, ensuring data integrity and confidentiality.
 - **Automation**: Automates the synchronization process, reducing manual overhead and minimizing human error.
 - **Customizable**: Offers flexible command line options and Kubernetes annotations to tailor the synchronization process to your specific needs.
@@ -67,6 +68,50 @@ Configure which namespaces to synchronize with:
 
 Specify the remote clusters for synchronization: `keess.powerhrg.com/clusters: clustera, clusterb`
 
+#### Service Synchronization
+
+Keess supports synchronizing services across clusters using Cilium Global Services. This feature enables applications in one cluster to access services in another cluster as if they were local.
+
+**Prerequisites:**
+- Cilium CNI with ClusterMesh enabled on all participating clusters
+- Services must have the `service.cilium.io/global: "true"` annotation
+
+**Configuration:**
+1. Add the sync label to your service: `keess.powerhrg.com/sync: cluster`
+2. Add the clusters annotation: `keess.powerhrg.com/clusters: clustera, clusterb`
+3. Ensure the service has the Cilium global annotation: `service.cilium.io/global: "true"`
+
+**Example:**
+```yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: mysql-svc
+  namespace: my-namespace
+  labels:
+    keess.powerhrg.com/sync: "cluster"
+  annotations:
+    service.cilium.io/global: "true"
+    keess.powerhrg.com/clusters: "cluster-b, cluster-c"
+spec:
+  ports:
+  - name: mysql
+    port: 3306
+    protocol: TCP
+    targetPort: 3306
+  selector:
+    app.kubernetes.io/component: mysql
+  type: ClusterIP
+```
+
+Keess will automatically create service references in the target clusters with:
+- Same name and namespace as the source service
+- Cilium annotations for global service configuration
+- Empty selector (no local endpoints)
+- Keess management labels and annotations
+
+**Note:** Service synchronization only supports cluster-level sync. Namespace-level sync for services is not supported.
+
 ## Contributing
 
 Contributions are welcome! Please refer to our [Contributing Guidelines](CONTRIBUTING.md) for more information.

chart/Chart.yaml

@@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.2.0
+version: 1.3.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.2.0"
+appVersion: "1.3.0"

chart/templates/cluster-role.yaml

@@ -10,10 +10,12 @@ rules:
   resources:
   - configmaps
   - secrets
+  - services
   verbs: ["get", "create", "update", "patch", "delete", "list", "watch"]
 - apiGroups: [""]
   resources:
   - namespaces
+  - endpoints
   verbs: ["get", "list", "watch"]
 - apiGroups: [""]
   resources:

cmd/run.go

@@ -24,7 +24,8 @@ package cmd
 import (
 	"context"
 	"fmt"
-	"keess/pkg/services"
+	"keess/pkg/keess"
+	"keess/pkg/keess/service"
 	"net/http"
 	"os"
 	"time"
@@ -33,7 +34,6 @@ import (
 	"go.uber.org/zap"
 	"go.uber.org/zap/zapcore"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/client-go/kubernetes"
 	_ "k8s.io/client-go/plugin/pkg/client/auth/oidc" // required for oidc
 	"k8s.io/client-go/rest"
 )
@@ -84,20 +84,19 @@ var runCmd = &cobra.Command{
 		logger.Sugar().Debugf("Log level: %s", logLevel)
 		logger.Sugar().Debugf("Kubeconfig path: %s", kubeConfigPath)
 
-
 		config, err := rest.InClusterConfig()
 		if err != nil {
-			config, err = services.BuildConfigWithContextFromFlags(localCluster, kubeConfigPath)
+			config, err = keess.BuildConfigWithContextFromFlags(localCluster, kubeConfigPath)
 			if err != nil {
 				logger.Sugar().Error("Error building localCluster kubeconfig: ", err)
 				return
 			}
 		}
 
 		// create the clientset
-		localKubeClient, err := kubernetes.NewForConfig(config)
+		localKubeClient, err := keess.NewKubeClientAdapter(config)
 		if err != nil {
-			logger.Sugar().Error("Error creating inCluster clientset: ", err)
+			logger.Sugar().Error("Error creating local kube client: ", err)
 			return
 		}
 
@@ -106,20 +105,20 @@ var runCmd = &cobra.Command{
 		defer cancel()
 
 		// Create a map of remote clients
-		remoteKubeClients := make(map[string]services.IKubeClient)
+		remoteKubeClients := make(map[string]keess.IKubeClient)
 
-		kubeConfigLoader := services.NewKubeconfigLoader(kubeConfigPath, logger.Sugar(), remoteKubeClients, configReloaderMaxRetries, configReloaderDebounceTimer)
+		kubeConfigLoader := keess.NewKubeconfigLoader(kubeConfigPath, logger.Sugar(), remoteKubeClients, configReloaderMaxRetries, configReloaderDebounceTimer)
 		kubeConfigLoader.StartWatching(ctx)
 
 		// Create a NamespacePoller
-		namespacePoller := services.NewNamespacePoller(localKubeClient, logger.Sugar())
+		namespacePoller := keess.NewNamespacePoller(localKubeClient, logger.Sugar())
 		namespacePoller.PollNamespaces(ctx, metav1.ListOptions{}, time.Duration(namespacePollingInterval)*time.Second, localCluster)
 
 		// Create a SecretPoller
-		secretPoller := services.NewSecretPoller(localCluster, localKubeClient, logger.Sugar())
+		secretPoller := keess.NewSecretPoller(localCluster, localKubeClient, logger.Sugar())
 
 		// Create a SecretSynchronizer
-		secretSynchronizer := services.NewSecretSynchronizer(
+		secretSynchronizer := keess.NewSecretSynchronizer(
 			localKubeClient,
 			remoteKubeClients,
 			secretPoller,
@@ -131,10 +130,10 @@ var runCmd = &cobra.Command{
 		secretSynchronizer.Start(ctx, time.Duration(pollingInterval)*time.Second, time.Duration(housekeepingInterval)*time.Second)
 
 		// Create a ConfigMapPoller
-		configMapPoller := services.NewConfigMapPoller(localCluster, localKubeClient, logger.Sugar())
+		configMapPoller := keess.NewConfigMapPoller(localCluster, localKubeClient, logger.Sugar())
 
 		// Create a ConfigMapSynchronizer
-		configMapSynchronizer := services.NewConfigMapSynchronizer(
+		configMapSynchronizer := keess.NewConfigMapSynchronizer(
 			localKubeClient,
 			remoteKubeClients,
 			configMapPoller,
@@ -145,6 +144,21 @@ var runCmd = &cobra.Command{
 		// Start the configMap synchronizer
 		configMapSynchronizer.Start(ctx, time.Duration(pollingInterval)*time.Second, time.Duration(housekeepingInterval)*time.Second)
 
+		// Create a ServicePoller
+		servicePoller := service.NewServicePoller(localCluster, localKubeClient, logger.Sugar())
+
+		// Create a ServiceSynchronizer
+		serviceSynchronizer := service.NewServiceSynchronizer(
+			localKubeClient,
+			remoteKubeClients,
+			servicePoller,
+			namespacePoller,
+			logger.Sugar(),
+		)
+
+		// Start the service synchronizer
+		serviceSynchronizer.Start(ctx, time.Duration(pollingInterval)*time.Second, time.Duration(housekeepingInterval)*time.Second)
+
 		// Create an HTTP server and add the health check handler as a handler
 		http.HandleFunc("/health", healthHandler)
 

cmd/version.go

@@ -7,12 +7,12 @@ import (
 )
 
 // Version of the application, set this variable during build
-var version = "1.0.0"
+var version = "1.3.0"
 
 // versionCmd represents the version command
 var versionCmd = &cobra.Command{
 	Use:   "version",
-	
+
 	Short: "Print the version number of the application",
 	Long:  `Print the version number of the application`,
 	Run: func(cmd *cobra.Command, args []string) {