-
Notifications
You must be signed in to change notification settings - Fork 20
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1 from Kuadrant/foundation2
Authorino Reconciler
- Loading branch information
Showing
34 changed files
with
2,333 additions
and
134 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -3,3 +3,6 @@ | |
!**/*.go | ||
!**/*.mod | ||
!**/*.sum | ||
# Ignore build and test binaries. | ||
bin/ | ||
testbin/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
name: Build and push image | ||
on: | ||
push: | ||
branches: | ||
- 'main' | ||
- 'master' | ||
|
||
jobs: | ||
build: | ||
name: Build and push image | ||
runs-on: ubuntu-20.04 | ||
|
||
steps: | ||
- uses: actions/checkout@v2 | ||
|
||
- name: Build Image | ||
id: build-image | ||
uses: redhat-actions/buildah-build@v2 | ||
with: | ||
image: authorino-operator | ||
tags: latest ${{ github.sha }} | ||
dockerfiles: | | ||
./Dockerfile | ||
- name: Push To quay.io | ||
id: push-to-quay | ||
uses: redhat-actions/push-to-registry@v2 | ||
with: | ||
image: ${{ steps.build-image.outputs.image }} | ||
tags: ${{ steps.build-image.outputs.tags }} | ||
registry: quay.io/3scale | ||
username: 3scale+authorino_github | ||
password: ${{ secrets.REGISTRY_AUTH_TOKEN }} | ||
|
||
- name: Print Image URL | ||
run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -23,3 +23,6 @@ testbin/* | |
*.swp | ||
*.swo | ||
*~ | ||
|
||
# Vendor dependencies | ||
vendor |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -28,17 +28,23 @@ BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL) | |
# This variable is used to construct full image tags for bundle and catalog images. | ||
# | ||
# For example, running 'make bundle-build bundle-push catalog-build catalog-push' will build and push both | ||
# authorino.3scale.net/authorino-operator-bundle:$VERSION and authorino.3scale.net/authorino-operator-catalog:$VERSION. | ||
IMAGE_TAG_BASE ?= authorino.3scale.net/authorino-operator | ||
# authorino.kuadrant.io/authorino-operator-bundle:$VERSION and authorino.kuadrant.io/authorino-operator-catalog:$VERSION. | ||
IMAGE_TAG_BASE ?= authorino.kuadrant.io/authorino-operator | ||
|
||
# BUNDLE_IMG defines the image:tag used for the bundle. | ||
# You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=<some-registry>/<project-name-bundle>:<tag>) | ||
BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION) | ||
|
||
# Image URL to use all building/pushing image targets | ||
IMG ?= controller:latest | ||
DEFAULT_OPERATOR_IMAGE = quay.io/3scale/authorino-operator:latest | ||
OPERATOR_IMAGE ?= $(DEFAULT_OPERATOR_IMAGE) | ||
|
||
# Produce CRDs that work back to Kubernetes 1.11 (no version conversion) | ||
CRD_OPTIONS ?= "crd:trivialVersions=true,preserveUnknownFields=false" | ||
# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. | ||
ENVTEST_K8S_VERSION = 1.21 | ||
|
||
OPERATOR_MANIFESTS ?= $(PROJECT_DIR)/config/install/manifests.yaml | ||
|
||
# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) | ||
ifeq (,$(shell go env GOBIN)) | ||
|
@@ -73,8 +79,8 @@ help: ## Display this help. | |
|
||
##@ Development | ||
|
||
manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. | ||
$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases | ||
manifests: controller-gen kustomize ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. | ||
$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases && $(KUSTOMIZE) build config/install > $(OPERATOR_MANIFESTS) | ||
|
||
generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. | ||
$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..." | ||
|
@@ -85,11 +91,8 @@ fmt: ## Run go fmt against code. | |
vet: ## Run go vet against code. | ||
go vet ./... | ||
|
||
ENVTEST_ASSETS_DIR=$(shell pwd)/testbin | ||
test: manifests generate fmt vet ## Run tests. | ||
mkdir -p ${ENVTEST_ASSETS_DIR} | ||
test -f ${ENVTEST_ASSETS_DIR}/setup-envtest.sh || curl -sSLo ${ENVTEST_ASSETS_DIR}/setup-envtest.sh https://raw.githubusercontent.com/kubernetes-sigs/controller-runtime/v0.8.3/hack/setup-envtest.sh | ||
source ${ENVTEST_ASSETS_DIR}/setup-envtest.sh; fetch_envtest_tools $(ENVTEST_ASSETS_DIR); setup_envtest_env $(ENVTEST_ASSETS_DIR); go test ./... -coverprofile cover.out | ||
test: manifests generate fmt vet envtest ## Run tests. | ||
KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test ./... -coverprofile cover.out | ||
|
||
##@ Build | ||
|
||
|
@@ -99,36 +102,45 @@ build: generate fmt vet ## Build manager binary. | |
run: manifests generate fmt vet ## Run a controller from your host. | ||
go run ./main.go | ||
|
||
docker-build: test ## Build docker image with the manager. | ||
docker build -t ${IMG} . | ||
docker-build: ## Build docker image with the manager. | ||
docker build -t ${OPERATOR_IMAGE} . | ||
|
||
docker-push: ## Push docker image with the manager. | ||
docker push ${IMG} | ||
docker push ${OPERATOR_IMAGE} | ||
|
||
##@ Deployment | ||
|
||
install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config. | ||
$(KUSTOMIZE) build config/crd | kubectl apply -f - | ||
install: manifests kustomize install-authorino ## Install CRDs into the K8s cluster specified in ~/.kube/config. | ||
kubectl apply -f $(OPERATOR_MANIFESTS) | ||
|
||
uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. | ||
$(KUSTOMIZE) build config/crd | kubectl delete -f - | ||
kubectl delete -f $(OPERATOR_MANIFESTS) | ||
|
||
deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config. | ||
cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} | ||
cd config/manager && $(KUSTOMIZE) edit set image controller=${OPERATOR_IMAGE} | ||
$(KUSTOMIZE) build config/default | kubectl apply -f - | ||
# rollback kustomize edit | ||
cd config/manager && $(KUSTOMIZE) edit set image controller=${DEFAULT_OPERATOR_IMAGE} | ||
|
||
|
||
undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. | ||
$(KUSTOMIZE) build config/default | kubectl delete -f - | ||
|
||
install-authorino: kustomize ## install RBAC and CRD for authorino | ||
kubectl apply -f https://raw.githubusercontent.com/Kuadrant/authorino/main/install/manifests.yaml | ||
|
||
CONTROLLER_GEN = $(shell pwd)/bin/controller-gen | ||
controller-gen: ## Download controller-gen locally if necessary. | ||
$(call go-get-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen@v0.4.1) | ||
$(call go-get-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen@v0.6.1) | ||
|
||
KUSTOMIZE = $(shell pwd)/bin/kustomize | ||
kustomize: ## Download kustomize locally if necessary. | ||
$(call go-get-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/[email protected]) | ||
|
||
ENVTEST = $(shell pwd)/bin/setup-envtest | ||
envtest: ## Download envtest-setup locally if necessary. | ||
$(call go-get-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest@latest) | ||
|
||
# go-get-tool will 'go get' any package $2 and install it to $1. | ||
PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST)))) | ||
define go-get-tool | ||
|
@@ -146,7 +158,7 @@ endef | |
.PHONY: bundle | ||
bundle: manifests kustomize ## Generate bundle manifests and metadata, then validate generated files. | ||
operator-sdk generate kustomize manifests -q | ||
cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG) | ||
cd config/manager && $(KUSTOMIZE) edit set image controller=$(OPERATOR_IMAGE) | ||
$(KUSTOMIZE) build config/manifests | operator-sdk generate bundle -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS) | ||
operator-sdk bundle validate ./bundle | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,20 @@ | ||
domain: authorino.3scale.net | ||
domain: authorino.kuadrant.io | ||
layout: | ||
- go.kubebuilder.io/v3 | ||
plugins: | ||
manifests.sdk.operatorframework.io/v2: {} | ||
scorecard.sdk.operatorframework.io/v2: {} | ||
projectName: authorino-operator | ||
repo: github.com/kuadrant/authorino-operator | ||
resources: | ||
- api: | ||
crdVersion: v1 | ||
namespaced: true | ||
controller: true | ||
domain: authorino.kuadrant.io | ||
group: authorino-operator | ||
kind: Authorino | ||
path: github.com/kuadrant/authorino-operator/api/v1beta1 | ||
version: v1beta1 | ||
plural: authorinos | ||
version: "3" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,148 @@ | ||
/* | ||
Copyright 2021. | ||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
http://www.apache.org/licenses/LICENSE-2.0 | ||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
package v1beta1 | ||
|
||
import ( | ||
k8score "k8s.io/api/core/v1" | ||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | ||
) | ||
|
||
// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! | ||
// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. | ||
|
||
type ConditionType string | ||
|
||
const ( | ||
// ConditionReady specifies that the resource is ready | ||
ConditionReady ConditionType = "Ready" | ||
AuthorinoContainerName string = "authorino" | ||
|
||
// Authorino EnvVars | ||
WatchNamespace string = "WATCH_NAMESPACE" | ||
ExtAuthGRPCPort string = "EXT_AUTH_GRPC_PORT" | ||
EnvVarTlsCert string = "TLS_CERT" | ||
EnvVarTlsCertKey string = "TLS_CERT_KEY" | ||
OIDCHTTPPort string = "OIDC_HTTP_PORT" | ||
EnvVarOidcTlsCertPath string = "OIDC_TLS_CERT" | ||
EnvVarOidcTlsCertKeyPath string = "OIDC_TLS_CERT_KEY" | ||
AuthConfigLabelSelector string = "AUTH_CONFIG_LABEL_SELECTOR" | ||
SecretLabelSelector string = "SECRET_LABEL_SELECTOR" | ||
|
||
// Authorino TLS file paths | ||
DefaultTlsCertPath string = "/etc/ssl/certs/tls.crt" | ||
DefaultTlsCertKeyPath string = "/etc/ssl/private/tls.key" | ||
DefaultOidcTlsCertPath string = "/etc/ssl/certs/oidc.crt" | ||
DefaultOidcTlsCertKeyPath string = "/etc/ssl/private/oidc.key" | ||
|
||
AuthorinoVersion string = "latest" | ||
) | ||
|
||
type Condition struct { | ||
// Type of condition | ||
Type ConditionType `json:"type"` | ||
// Status of the condition, one of True, False, Unknown. | ||
Status k8score.ConditionStatus `json:"status"` | ||
// Last time the condition transit from one status to another. | ||
// +optional | ||
LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"` | ||
// (brief) reason for the condition's last transition. | ||
// +optional | ||
Reason string `json:"reason,omitempty"` | ||
// Human readable message indicating details about last transition. | ||
// +optional | ||
Message string `json:"message,omitempty"` | ||
// Last time the condition was updated | ||
// +optional | ||
LastUpdatedTime *metav1.Time `json:"lastUpdatedTime,omitempty"` | ||
} | ||
|
||
// AuthorinoSpec defines the desired state of Authorino | ||
type AuthorinoSpec struct { | ||
// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster | ||
// Important: Run "make" to regenerate code after modifying this file | ||
|
||
Image string `json:"image,omitempty"` | ||
Replicas *int32 `json:"replicas,omitempty"` | ||
ImagePullPolicy string `json:"imagePullPolicy,omitempty"` | ||
ClusterWide bool `json:"clusterWide,omitempty"` | ||
Listener Listener `json:"listener,omitempty"` | ||
OIDCServer OIDCServer `json:"oidcServer,omitempty"` | ||
AuthConfigLabelSelectors string `json:"authConfigLabelSelectors,omitempty"` | ||
SecretLabelSelectors string `json:"secretLabelSelectors,omitempty"` | ||
} | ||
|
||
type Listener struct { | ||
Port *int32 `json:"port,omitempty"` | ||
Tls Tls `json:"tls,omitempty"` | ||
} | ||
|
||
type OIDCServer struct { | ||
Port *int32 `json:"port,omitempty"` | ||
Tls Tls `json:"tls,omitempty"` | ||
} | ||
|
||
type Tls struct { | ||
Enabled *bool `json:"enabled,omitempty"` | ||
CertSecret *k8score.LocalObjectReference `json:"certSecretRef,omitempty"` | ||
} | ||
|
||
// AuthorinoStatus defines the observed state of Authorino | ||
type AuthorinoStatus struct { | ||
// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster | ||
// Important: Run "make" to regenerate code after modifying this file | ||
|
||
// Defines if the authorino intance is ready | ||
Ready bool `json:"ready"` | ||
|
||
// Reports an error during the deployment of an instance | ||
LastError string `json:"lastError"` | ||
|
||
// Conditions is an array of the current Authorino's CR conditions | ||
// Supported condition types: ConditionReady | ||
// +optional | ||
// +patchMergeKey=type | ||
// +patchStrategy=merge | ||
// +listType=map | ||
// +listMapKey=type | ||
Conditions []Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` | ||
} | ||
|
||
//+kubebuilder:object:root=true | ||
//+kubebuilder:subresource:status | ||
//+kubebuilder:resource:path="authorinos" | ||
|
||
// Authorino is the Schema for the authorinos API | ||
type Authorino struct { | ||
metav1.TypeMeta `json:",inline"` | ||
metav1.ObjectMeta `json:"metadata,omitempty"` | ||
|
||
Spec AuthorinoSpec `json:"spec,omitempty"` | ||
Status AuthorinoStatus `json:"status,omitempty"` | ||
} | ||
|
||
//+kubebuilder:object:root=true | ||
|
||
// AuthorinoList contains a list of Authorino | ||
type AuthorinoList struct { | ||
metav1.TypeMeta `json:",inline"` | ||
metav1.ListMeta `json:"metadata,omitempty"` | ||
Items []Authorino `json:"items"` | ||
} | ||
|
||
func init() { | ||
SchemeBuilder.Register(&Authorino{}, &AuthorinoList{}) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
/* | ||
Copyright 2021. | ||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
http://www.apache.org/licenses/LICENSE-2.0 | ||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
// Package v1beta1 contains API Schema definitions for the authorino-operator v1beta1 API group | ||
//+kubebuilder:object:generate=true | ||
//+groupName=operator.authorino.kuadrant.io | ||
package v1beta1 | ||
|
||
import ( | ||
"k8s.io/apimachinery/pkg/runtime/schema" | ||
"sigs.k8s.io/controller-runtime/pkg/scheme" | ||
) | ||
|
||
var ( | ||
// GroupVersion is group version used to register these objects | ||
GroupVersion = schema.GroupVersion{Group: "operator.authorino.kuadrant.io", Version: "v1beta1"} | ||
|
||
// SchemeBuilder is used to add go types to the GroupVersionKind scheme | ||
SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} | ||
|
||
// AddToScheme adds the types in this group-version to the given scheme. | ||
AddToScheme = SchemeBuilder.AddToScheme | ||
) |
Oops, something went wrong.