From ec17ccc2461aeea308d38b27dc3c732128c125d8 Mon Sep 17 00:00:00 2001 From: Jean-Gabriel Gill-Couture Date: Fri, 6 Jun 2025 13:59:48 -0400 Subject: [PATCH] feat: Add example-tenant (WIP) --- examples/tenant/Cargo.toml | 18 ++++++++++++++++ examples/tenant/src/main.rs | 41 +++++++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+) create mode 100644 examples/tenant/Cargo.toml create mode 100644 examples/tenant/src/main.rs diff --git a/examples/tenant/Cargo.toml b/examples/tenant/Cargo.toml new file mode 100644 index 0000000..94267da --- /dev/null +++ b/examples/tenant/Cargo.toml @@ -0,0 +1,18 @@ +[package] +name = "example-tenant" +edition = "2024" +version.workspace = true +readme.workspace = true +license.workspace = true +publish = false + +[dependencies] +harmony = { path = "../../harmony" } +harmony_cli = { path = "../../harmony_cli" } +harmony_types = { path = "../../harmony_types" } +cidr = { workspace = true } +tokio = { workspace = true } +harmony_macros = { path = "../../harmony_macros" } +log = { workspace = true } +env_logger = { workspace = true } +url = { workspace = true } diff --git a/examples/tenant/src/main.rs b/examples/tenant/src/main.rs new file mode 100644 index 0000000..a389ac6 --- /dev/null +++ b/examples/tenant/src/main.rs @@ -0,0 +1,41 @@ +use harmony::{ + data::Id, + inventory::Inventory, + maestro::Maestro, + modules::tenant::TenantScore, + topology::{K8sAnywhereTopology, tenant::TenantConfig}, +}; + +#[tokio::main] +async fn main() { + let tenant = TenantScore { + config: TenantConfig { + id: Id::default(), + name: "TestTenant".to_string(), + ..Default::default() + }, + }; + + let mut maestro = Maestro::::initialize( + Inventory::autoload(), + K8sAnywhereTopology::new(), + ) + .await + .unwrap(); + + maestro.register_all(vec![Box::new(tenant)]); + harmony_cli::init(maestro, None).await.unwrap(); +} + +// TODO write tests +// - Create Tenant with default config mostly, make sure namespace is created +// - deploy sample client/server app with nginx unprivileged and a service +// - exec in the client pod and validate the following +// - can reach internet +// - can reach server pod +// - can resolve dns queries to internet +// - can resolve dns queries to services +// - cannot reach services and pods in other namespaces +// - Create Tenant with specific cpu/ram/storage requests / limits and make sure they are enforced by trying to +// deploy a pod with lower requests/limits (accepted) and higher requests/limits (rejected) +// - Create TenantCredentials and make sure they give only access to the correct tenant