Base Code for the kubernetes Operator 99/11999/1
authornaman.gupta <naman.gupta@samsung.com>
Thu, 2 Nov 2023 14:01:03 +0000 (19:31 +0530)
committernaman.gupta <naman.gupta@samsung.com>
Thu, 2 Nov 2023 14:01:03 +0000 (19:31 +0530)
Base Code for the kubernetes Operator.

Change-Id: Ifc3bbe38cee31d0dd2f54280f55d9501e3edae52
Signed-off-by: naman.gupta <naman.gupta@samsung.com>
12 files changed:
xappKubernetesOperator/.gitignore [new file with mode: 0644]
xappKubernetesOperator/Dockerfile [new file with mode: 0644]
xappKubernetesOperator/Makefile [new file with mode: 0644]
xappKubernetesOperator/README.md [new file with mode: 0644]
xappKubernetesOperator/api/v1/groupversion_info.go [new file with mode: 0644]
xappKubernetesOperator/api/v1/xappdep_types.go [new file with mode: 0644]
xappKubernetesOperator/api/v1/zz_generated.deepcopy.go [new file with mode: 0644]
xappKubernetesOperator/cmd/main.go [new file with mode: 0644]
xappKubernetesOperator/config/default/kustomization.yaml [new file with mode: 0644]
xappKubernetesOperator/config/default/manager_auth_proxy_patch.yaml [new file with mode: 0644]
xappKubernetesOperator/config/default/manager_config_patch.yaml [new file with mode: 0644]
xappKubernetesOperator/internal/controller/xappdep_controller.go [new file with mode: 0644]

diff --git a/xappKubernetesOperator/.gitignore b/xappKubernetesOperator/.gitignore
new file mode 100644 (file)
index 0000000..7f02333
--- /dev/null
@@ -0,0 +1,26 @@
+
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+bin/*
+Dockerfile.cross
+
+# Test binary, build with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Kubernetes Generated files - skip generated files, except for vendored files
+
+!vendor/**/zz_generated.*
+
+# editor and IDE paraphernalia
+.idea
+.vscode
+*.swp
+*.swo
+*~
diff --git a/xappKubernetesOperator/Dockerfile b/xappKubernetesOperator/Dockerfile
new file mode 100644 (file)
index 0000000..e69de29
diff --git a/xappKubernetesOperator/Makefile b/xappKubernetesOperator/Makefile
new file mode 100644 (file)
index 0000000..e69de29
diff --git a/xappKubernetesOperator/README.md b/xappKubernetesOperator/README.md
new file mode 100644 (file)
index 0000000..e69de29
diff --git a/xappKubernetesOperator/api/v1/groupversion_info.go b/xappKubernetesOperator/api/v1/groupversion_info.go
new file mode 100644 (file)
index 0000000..69f8aff
--- /dev/null
@@ -0,0 +1,36 @@
+/*
+Copyright 2023.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package v1 contains API Schema definitions for the depxapp v1 API group
+// +kubebuilder:object:generate=true
+// +groupName=depxapp.xapp.com
+package v1
+
+import (
+       "k8s.io/apimachinery/pkg/runtime/schema"
+       "sigs.k8s.io/controller-runtime/pkg/scheme"
+)
+
+var (
+       // GroupVersion is group version used to register these objects
+       GroupVersion = schema.GroupVersion{Group: "depxapp.xapp.com", Version: "v1"}
+
+       // SchemeBuilder is used to add go types to the GroupVersionKind scheme
+       SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
+
+       // AddToScheme adds the types in this group-version to the given scheme.
+       AddToScheme = SchemeBuilder.AddToScheme
+)
diff --git a/xappKubernetesOperator/api/v1/xappdep_types.go b/xappKubernetesOperator/api/v1/xappdep_types.go
new file mode 100644 (file)
index 0000000..7da9b82
--- /dev/null
@@ -0,0 +1,64 @@
+/*
+Copyright 2023.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1
+
+import (
+       metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// XappDepSpec defines the desired state of XappDep
+type XappDepSpec struct {
+       // INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+       // Important: Run "make" to regenerate code after modifying this file
+
+       // Foo is an example field of XappDep. Edit xappdep_types.go to remove/update
+       Foo string `json:"foo,omitempty"`
+}
+
+// XappDepStatus defines the observed state of XappDep
+type XappDepStatus struct {
+       // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+       // Important: Run "make" to regenerate code after modifying this file
+}
+
+//+kubebuilder:object:root=true
+//+kubebuilder:subresource:status
+
+// XappDep is the Schema for the xappdeps API
+type XappDep struct {
+       metav1.TypeMeta   `json:",inline"`
+       metav1.ObjectMeta `json:"metadata,omitempty"`
+
+       Spec   XappDepSpec   `json:"spec,omitempty"`
+       Status XappDepStatus `json:"status,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+
+// XappDepList contains a list of XappDep
+type XappDepList struct {
+       metav1.TypeMeta `json:",inline"`
+       metav1.ListMeta `json:"metadata,omitempty"`
+       Items           []XappDep `json:"items"`
+}
+
+func init() {
+       SchemeBuilder.Register(&XappDep{}, &XappDepList{})
+}
diff --git a/xappKubernetesOperator/api/v1/zz_generated.deepcopy.go b/xappKubernetesOperator/api/v1/zz_generated.deepcopy.go
new file mode 100644 (file)
index 0000000..c0c085c
--- /dev/null
@@ -0,0 +1,115 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
+/*
+Copyright 2023.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Code generated by controller-gen. DO NOT EDIT.
+
+package v1
+
+import (
+       runtime "k8s.io/apimachinery/pkg/runtime"
+)
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *XappDep) DeepCopyInto(out *XappDep) {
+       *out = *in
+       out.TypeMeta = in.TypeMeta
+       in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+       out.Spec = in.Spec
+       out.Status = in.Status
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new XappDep.
+func (in *XappDep) DeepCopy() *XappDep {
+       if in == nil {
+               return nil
+       }
+       out := new(XappDep)
+       in.DeepCopyInto(out)
+       return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *XappDep) DeepCopyObject() runtime.Object {
+       if c := in.DeepCopy(); c != nil {
+               return c
+       }
+       return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *XappDepList) DeepCopyInto(out *XappDepList) {
+       *out = *in
+       out.TypeMeta = in.TypeMeta
+       in.ListMeta.DeepCopyInto(&out.ListMeta)
+       if in.Items != nil {
+               in, out := &in.Items, &out.Items
+               *out = make([]XappDep, len(*in))
+               for i := range *in {
+                       (*in)[i].DeepCopyInto(&(*out)[i])
+               }
+       }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new XappDepList.
+func (in *XappDepList) DeepCopy() *XappDepList {
+       if in == nil {
+               return nil
+       }
+       out := new(XappDepList)
+       in.DeepCopyInto(out)
+       return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *XappDepList) DeepCopyObject() runtime.Object {
+       if c := in.DeepCopy(); c != nil {
+               return c
+       }
+       return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *XappDepSpec) DeepCopyInto(out *XappDepSpec) {
+       *out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new XappDepSpec.
+func (in *XappDepSpec) DeepCopy() *XappDepSpec {
+       if in == nil {
+               return nil
+       }
+       out := new(XappDepSpec)
+       in.DeepCopyInto(out)
+       return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *XappDepStatus) DeepCopyInto(out *XappDepStatus) {
+       *out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new XappDepStatus.
+func (in *XappDepStatus) DeepCopy() *XappDepStatus {
+       if in == nil {
+               return nil
+       }
+       out := new(XappDepStatus)
+       in.DeepCopyInto(out)
+       return out
+}
diff --git a/xappKubernetesOperator/cmd/main.go b/xappKubernetesOperator/cmd/main.go
new file mode 100644 (file)
index 0000000..94f0cd4
--- /dev/null
@@ -0,0 +1,17 @@
+/*
+Copyright 2023.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
diff --git a/xappKubernetesOperator/config/default/kustomization.yaml b/xappKubernetesOperator/config/default/kustomization.yaml
new file mode 100644 (file)
index 0000000..bb0d39c
--- /dev/null
@@ -0,0 +1,144 @@
+# Adds namespace to all resources.
+namespace: depxapp-system
+
+# Value of this field is prepended to the
+# names of all resources, e.g. a deployment named
+# "wordpress" becomes "alices-wordpress".
+# Note that it should also match with the prefix (text before '-') of the namespace
+# field above.
+namePrefix: depxapp-
+
+# Labels to add to all resources and selectors.
+#labels:
+#- includeSelectors: true
+#  pairs:
+#    someName: someValue
+
+resources:
+- ../crd
+- ../rbac
+- ../manager
+# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
+# crd/kustomization.yaml
+#- ../webhook
+# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required.
+#- ../certmanager
+# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
+#- ../prometheus
+
+patchesStrategicMerge:
+# Protect the /metrics endpoint by putting it behind auth.
+# If you want your controller-manager to expose the /metrics
+# endpoint w/o any authn/z, please comment the following line.
+- manager_auth_proxy_patch.yaml
+
+
+
+# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
+# crd/kustomization.yaml
+#- manager_webhook_patch.yaml
+
+# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'.
+# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks.
+# 'CERTMANAGER' needs to be enabled to use ca injection
+#- webhookcainjection_patch.yaml
+
+# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
+# Uncomment the following replacements to add the cert-manager CA injection annotations
+#replacements:
+#  - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs
+#      kind: Certificate
+#      group: cert-manager.io
+#      version: v1
+#      name: serving-cert # this name should match the one in certificate.yaml
+#      fieldPath: .metadata.namespace # namespace of the certificate CR
+#    targets:
+#      - select:
+#          kind: ValidatingWebhookConfiguration
+#        fieldPaths:
+#          - .metadata.annotations.[cert-manager.io/inject-ca-from]
+#        options:
+#          delimiter: '/'
+#          index: 0
+#          create: true
+#      - select:
+#          kind: MutatingWebhookConfiguration
+#        fieldPaths:
+#          - .metadata.annotations.[cert-manager.io/inject-ca-from]
+#        options:
+#          delimiter: '/'
+#          index: 0
+#          create: true
+#      - select:
+#          kind: CustomResourceDefinition
+#        fieldPaths:
+#          - .metadata.annotations.[cert-manager.io/inject-ca-from]
+#        options:
+#          delimiter: '/'
+#          index: 0
+#          create: true
+#  - source:
+#      kind: Certificate
+#      group: cert-manager.io
+#      version: v1
+#      name: serving-cert # this name should match the one in certificate.yaml
+#      fieldPath: .metadata.name
+#    targets:
+#      - select:
+#          kind: ValidatingWebhookConfiguration
+#        fieldPaths:
+#          - .metadata.annotations.[cert-manager.io/inject-ca-from]
+#        options:
+#          delimiter: '/'
+#          index: 1
+#          create: true
+#      - select:
+#          kind: MutatingWebhookConfiguration
+#        fieldPaths:
+#          - .metadata.annotations.[cert-manager.io/inject-ca-from]
+#        options:
+#          delimiter: '/'
+#          index: 1
+#          create: true
+#      - select:
+#          kind: CustomResourceDefinition
+#        fieldPaths:
+#          - .metadata.annotations.[cert-manager.io/inject-ca-from]
+#        options:
+#          delimiter: '/'
+#          index: 1
+#          create: true
+#  - source: # Add cert-manager annotation to the webhook Service
+#      kind: Service
+#      version: v1
+#      name: webhook-service
+#      fieldPath: .metadata.name # namespace of the service
+#    targets:
+#      - select:
+#          kind: Certificate
+#          group: cert-manager.io
+#          version: v1
+#        fieldPaths:
+#          - .spec.dnsNames.0
+#          - .spec.dnsNames.1
+#        options:
+#          delimiter: '.'
+#          index: 0
+#          create: true
+#  - source:
+#      kind: Service
+#      version: v1
+#      name: webhook-service
+#      fieldPath: .metadata.namespace # namespace of the service
+#    targets:
+#      - select:
+#          kind: Certificate
+#          group: cert-manager.io
+#          version: v1
+#        fieldPaths:
+#          - .spec.dnsNames.0
+#          - .spec.dnsNames.1
+#        options:
+#          delimiter: '.'
+#          index: 1
+#          create: true
diff --git a/xappKubernetesOperator/config/default/manager_auth_proxy_patch.yaml b/xappKubernetesOperator/config/default/manager_auth_proxy_patch.yaml
new file mode 100644 (file)
index 0000000..73fad2a
--- /dev/null
@@ -0,0 +1,39 @@
+# This patch inject a sidecar container which is a HTTP proxy for the
+# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+      - name: kube-rbac-proxy
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+              - "ALL"
+        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.1
+        args:
+        - "--secure-listen-address=0.0.0.0:8443"
+        - "--upstream=http://127.0.0.1:8080/"
+        - "--logtostderr=true"
+        - "--v=0"
+        ports:
+        - containerPort: 8443
+          protocol: TCP
+          name: https
+        resources:
+          limits:
+            cpu: 500m
+            memory: 128Mi
+          requests:
+            cpu: 5m
+            memory: 64Mi
+      - name: manager
+        args:
+        - "--health-probe-bind-address=:8081"
+        - "--metrics-bind-address=127.0.0.1:8080"
+        - "--leader-elect"
diff --git a/xappKubernetesOperator/config/default/manager_config_patch.yaml b/xappKubernetesOperator/config/default/manager_config_patch.yaml
new file mode 100644 (file)
index 0000000..f6f5891
--- /dev/null
@@ -0,0 +1,10 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+      - name: manager
diff --git a/xappKubernetesOperator/internal/controller/xappdep_controller.go b/xappKubernetesOperator/internal/controller/xappdep_controller.go
new file mode 100644 (file)
index 0000000..ec9a60c
--- /dev/null
@@ -0,0 +1,17 @@
+/*
+Copyright 2023.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package controller