Add EAS api implementation

1. add a new eas service in nsx-operator
2. register eas service to k8s api server
3. start a http service on 9553 port
4. add eas service implentations for ip usages api yamls

Author: seanpang-vmware

Makefile

@@ -97,6 +97,11 @@ build-clean: generate fmt vet ## Build clean binary.
 	@mkdir -p $(BINDIR)
 	GOOS=linux go build -o $(BINDIR)/clean $(GOFLAGS) -ldflags '$(LDFLAGS)' cmd_clean/main.go
 
+.PHONY: build-eas
+build-eas: generate fmt vet ## Build EAS (Extension API Server) binary.
+	@mkdir -p $(BINDIR)
+	GOOS=linux go build -o $(BINDIR)/eas $(GOFLAGS) -ldflags '$(LDFLAGS)' cmd_eas/main.go
+
 .PHONY: run
 run: manifests generate fmt vet ## Run a controller from your host.
 	go run ./cmd/main.go
@@ -113,6 +118,10 @@ docker-push: ## Push docker image with the manager.
 photon:
 	docker build -t github.com/vmware-tanzu/nsx-operator -f build/image/photon/Dockerfile .
 
+.PHONY: eas
+eas:
+	docker build -t github.com/vmware-tanzu/nsx-eas -f build/image/eas/Dockerfile .
+
 .PHONY: clean
 clean:
 	@rm -rf $(BINDIR)

build/image/eas/Dockerfile

@@ -0,0 +1,17 @@
+FROM golang:1.25.7 as golang-build
+
+WORKDIR /source
+
+COPY . /source
+RUN CGO_ENABLED=0 go build -o eas cmd_eas/main.go
+
+FROM photon
+
+RUN tdnf -y install shadow && \
+    useradd -s /bin/bash eas
+
+COPY --from=golang-build /source/eas /usr/local/bin/
+
+USER eas
+
+ENTRYPOINT ["/usr/local/bin/eas"]

build/yaml/crd/eas/eas.nsx.vmware.com_ipblockusages.yaml

@@ -1,3 +1,10 @@
+# DO NOT INSTALL - Schema reference only.
+# These CRD definitions are for documentation and schema validation purposes only.
+# The eas.nsx.vmware.com/v1alpha1 group is served by the EAS Extension API Server
+# (not from etcd).  Installing these CRDs causes kube-aggregator to create an
+# auto-managed APIService with no spec.service, which routes all requests to etcd
+# (returning empty results) instead of the EAS backend.
+# See build/yaml/eas/apiservice.yaml for the correct APIService configuration.
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition

build/yaml/crd/eas/eas.nsx.vmware.com_subnetdhcpserverstats.yaml

@@ -1,3 +1,10 @@
+# DO NOT INSTALL - Schema reference only.
+# These CRD definitions are for documentation and schema validation purposes only.
+# The eas.nsx.vmware.com/v1alpha1 group is served by the EAS Extension API Server
+# (not from etcd).  Installing these CRDs causes kube-aggregator to create an
+# auto-managed APIService with no spec.service, which routes all requests to etcd
+# (returning empty results) instead of the EAS backend.
+# See build/yaml/eas/apiservice.yaml for the correct APIService configuration.
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition

build/yaml/crd/eas/eas.nsx.vmware.com_subnetippools.yaml

@@ -1,3 +1,10 @@
+# DO NOT INSTALL - Schema reference only.
+# These CRD definitions are for documentation and schema validation purposes only.
+# The eas.nsx.vmware.com/v1alpha1 group is served by the EAS Extension API Server
+# (not from etcd).  Installing these CRDs causes kube-aggregator to create an
+# auto-managed APIService with no spec.service, which routes all requests to etcd
+# (returning empty results) instead of the EAS backend.
+# See build/yaml/eas/apiservice.yaml for the correct APIService configuration.
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition

build/yaml/crd/eas/eas.nsx.vmware.com_vpcipaddressusages.yaml

@@ -1,3 +1,10 @@
+# DO NOT INSTALL - Schema reference only.
+# These CRD definitions are for documentation and schema validation purposes only.
+# The eas.nsx.vmware.com/v1alpha1 group is served by the EAS Extension API Server
+# (not from etcd).  Installing these CRDs causes kube-aggregator to create an
+# auto-managed APIService with no spec.service, which routes all requests to etcd
+# (returning empty results) instead of the EAS backend.
+# See build/yaml/eas/apiservice.yaml for the correct APIService configuration.
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
@@ -107,7 +114,8 @@ spec:
                     - start
                     type: object
                   type: array
-                name:
+                ipBlockID:
+                  description: NSX resource ID of the IP block (leaf segment of the policy path).
                   type: string
                 percentageUsed:
                   description: Percentage of used IP address space.

build/yaml/eas/apiservice.yaml

@@ -10,4 +10,4 @@ spec:
   service:
     name: nsx-eas
     namespace: vmware-system-nsx
-  insecureSkipTLSVerify: true
+  insecureSkipTLSVerify: true

build/yaml/eas/clusterrole.yaml

@@ -10,6 +10,9 @@ rules:
   - subnetippools
   - subnetdhcpserverstats
   verbs: ["get", "list"]
+- apiGroups: ["apiregistration.k8s.io"]
+  resources: ["apiservices"]
+  verbs: ["get", "create", "update", "patch"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding

build/yaml/eas/eas-service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: nsx-eas
+  namespace: vmware-system-nsx
+  labels:
+    app.kubernetes.io/name: service
+    app.kubernetes.io/instance: eas-service
+    app.kubernetes.io/component: eas
+    app.kubernetes.io/created-by: nsx-operator
+    app.kubernetes.io/part-of: nsx-operator
+    app.kubernetes.io/managed-by: kustomize
+spec:
+  ports:
+  - port: 443
+    targetPort: 9553
+    protocol: TCP
+  selector:
+    component: nsx-ncp