From 9e8cee296677c605986322e56512b4b04a67fa5d Mon Sep 17 00:00:00 2001 From: Patryk Rostkowski Date: Thu, 26 Sep 2024 15:25:38 +0200 Subject: [PATCH 01/24] init kubebuilder --- .dockerignore | 3 + .gitignore | 27 ++ .golangci.yml | 47 ++++ Dockerfile | 33 +++ Makefile | 200 ++++++++++++++ PROJECT | 20 ++ api/v1/checker_types.go | 64 +++++ api/v1/groupversion_info.go | 36 +++ api/v1/zz_generated.deepcopy.go | 114 ++++++++ cmd/main.go | 170 ++++++++++++ .../checker.cloudification.io_checkers.yaml | 54 ++++ config/crd/kustomization.yaml | 22 ++ config/crd/kustomizeconfig.yaml | 19 ++ config/default/kustomization.yaml | 151 +++++++++++ config/default/manager_metrics_patch.yaml | 4 + config/default/metrics_service.yaml | 17 ++ config/manager/kustomization.yaml | 2 + config/manager/manager.yaml | 95 +++++++ .../network-policy/allow-metrics-traffic.yaml | 26 ++ config/network-policy/kustomization.yaml | 2 + config/prometheus/kustomization.yaml | 2 + config/prometheus/monitor.yaml | 30 +++ config/rbac/checker_editor_role.yaml | 27 ++ config/rbac/checker_viewer_role.yaml | 23 ++ config/rbac/kustomization.yaml | 27 ++ config/rbac/leader_election_role.yaml | 40 +++ config/rbac/leader_election_role_binding.yaml | 15 ++ config/rbac/metrics_auth_role.yaml | 17 ++ config/rbac/metrics_auth_role_binding.yaml | 12 + config/rbac/metrics_reader_role.yaml | 9 + config/rbac/role.yaml | 32 +++ config/rbac/role_binding.yaml | 15 ++ config/rbac/service_account.yaml | 8 + config/samples/checker_v1_checker.yaml | 9 + config/samples/kustomization.yaml | 4 + example/example.yaml | 7 + go.mod | 98 +++++++ go.sum | 251 ++++++++++++++++++ hack/boilerplate.go.txt | 15 ++ internal/controller/checker_controller.go | 63 +++++ .../controller/checker_controller_test.go | 84 ++++++ internal/controller/suite_test.go | 96 +++++++ test/e2e/e2e_suite_test.go | 32 +++ test/e2e/e2e_test.go | 122 +++++++++ test/utils/utils.go | 140 ++++++++++ 45 files changed, 2284 insertions(+) create mode 100644 .dockerignore create mode 100644 .gitignore create mode 100644 .golangci.yml create mode 100644 Dockerfile create mode 100644 Makefile create mode 100644 PROJECT create mode 100644 api/v1/checker_types.go create mode 100644 api/v1/groupversion_info.go create mode 100644 api/v1/zz_generated.deepcopy.go create mode 100644 cmd/main.go create mode 100644 config/crd/bases/checker.cloudification.io_checkers.yaml create mode 100644 config/crd/kustomization.yaml create mode 100644 config/crd/kustomizeconfig.yaml create mode 100644 config/default/kustomization.yaml create mode 100644 config/default/manager_metrics_patch.yaml create mode 100644 config/default/metrics_service.yaml create mode 100644 config/manager/kustomization.yaml create mode 100644 config/manager/manager.yaml create mode 100644 config/network-policy/allow-metrics-traffic.yaml create mode 100644 config/network-policy/kustomization.yaml create mode 100644 config/prometheus/kustomization.yaml create mode 100644 config/prometheus/monitor.yaml create mode 100644 config/rbac/checker_editor_role.yaml create mode 100644 config/rbac/checker_viewer_role.yaml create mode 100644 config/rbac/kustomization.yaml create mode 100644 config/rbac/leader_election_role.yaml create mode 100644 config/rbac/leader_election_role_binding.yaml create mode 100644 config/rbac/metrics_auth_role.yaml create mode 100644 config/rbac/metrics_auth_role_binding.yaml create mode 100644 config/rbac/metrics_reader_role.yaml create mode 100644 config/rbac/role.yaml create mode 100644 config/rbac/role_binding.yaml create mode 100644 config/rbac/service_account.yaml create mode 100644 config/samples/checker_v1_checker.yaml create mode 100644 config/samples/kustomization.yaml create mode 100644 example/example.yaml create mode 100644 go.mod create mode 100644 go.sum create mode 100644 hack/boilerplate.go.txt create mode 100644 internal/controller/checker_controller.go create mode 100644 internal/controller/checker_controller_test.go create mode 100644 internal/controller/suite_test.go create mode 100644 test/e2e/e2e_suite_test.go create mode 100644 test/e2e/e2e_test.go create mode 100644 test/utils/utils.go diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..a3aab7a --- /dev/null +++ b/.dockerignore @@ -0,0 +1,3 @@ +# More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file +# Ignore build and test binaries. +bin/ diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ada68ff --- /dev/null +++ b/.gitignore @@ -0,0 +1,27 @@ +# Binaries for programs and plugins +*.exe +*.exe~ +*.dll +*.so +*.dylib +bin/* +Dockerfile.cross + +# Test binary, built with `go test -c` +*.test + +# Output of the go coverage tool, specifically when used with LiteIDE +*.out + +# Go workspace file +go.work + +# Kubernetes Generated files - skip generated files, except for vendored files +!vendor/**/zz_generated.* + +# editor and IDE paraphernalia +.idea +.vscode +*.swp +*.swo +*~ diff --git a/.golangci.yml b/.golangci.yml new file mode 100644 index 0000000..aac8a13 --- /dev/null +++ b/.golangci.yml @@ -0,0 +1,47 @@ +run: + timeout: 5m + allow-parallel-runners: true + +issues: + # don't skip warning about doc comments + # don't exclude the default set of lint + exclude-use-default: false + # restore some of the defaults + # (fill in the rest as needed) + exclude-rules: + - path: "api/*" + linters: + - lll + - path: "internal/*" + linters: + - dupl + - lll +linters: + disable-all: true + enable: + - dupl + - errcheck + - exportloopref + - ginkgolinter + - goconst + - gocyclo + - gofmt + - goimports + - gosimple + - govet + - ineffassign + - lll + - misspell + - nakedret + - prealloc + - revive + - staticcheck + - typecheck + - unconvert + - unparam + - unused + +linters-settings: + revive: + rules: + - name: comment-spacings diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..a48973e --- /dev/null +++ b/Dockerfile @@ -0,0 +1,33 @@ +# Build the manager binary +FROM golang:1.22 AS builder +ARG TARGETOS +ARG TARGETARCH + +WORKDIR /workspace +# Copy the Go Modules manifests +COPY go.mod go.mod +COPY go.sum go.sum +# cache deps before building and copying source so that we don't need to re-download as much +# and so that source changes don't invalidate our downloaded layer +RUN go mod download + +# Copy the go source +COPY cmd/main.go cmd/main.go +COPY api/ api/ +COPY internal/controller/ internal/controller/ + +# Build +# the GOARCH has not a default value to allow the binary be built according to the host where the command +# was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO +# the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore, +# by leaving it empty we can ensure that the container and binary shipped on it will have the same platform. +RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager cmd/main.go + +# Use distroless as minimal base image to package the manager binary +# Refer to https://github.com/GoogleContainerTools/distroless for more details +FROM gcr.io/distroless/static:nonroot +WORKDIR / +COPY --from=builder /workspace/manager . +USER 65532:65532 + +ENTRYPOINT ["/manager"] diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..99f3323 --- /dev/null +++ b/Makefile @@ -0,0 +1,200 @@ +# Image URL to use all building/pushing image targets +IMG ?= controller:latest +# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. +ENVTEST_K8S_VERSION = 1.31.0 + +# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) +ifeq (,$(shell go env GOBIN)) +GOBIN=$(shell go env GOPATH)/bin +else +GOBIN=$(shell go env GOBIN) +endif + +# CONTAINER_TOOL defines the container tool to be used for building images. +# Be aware that the target commands are only tested with Docker which is +# scaffolded by default. However, you might want to replace it to use other +# tools. (i.e. podman) +CONTAINER_TOOL ?= docker + +# Setting SHELL to bash allows bash commands to be executed by recipes. +# Options are set to exit when a recipe line exits non-zero or a piped command fails. +SHELL = /usr/bin/env bash -o pipefail +.SHELLFLAGS = -ec + +.PHONY: all +all: build + +##@ General + +# The help target prints out all targets with their descriptions organized +# beneath their categories. The categories are represented by '##@' and the +# target descriptions by '##'. The awk command is responsible for reading the +# entire set of makefiles included in this invocation, looking for lines of the +# file as xyz: ## something, and then pretty-format the target and help. Then, +# if there's a line with ##@ something, that gets pretty-printed as a category. +# More info on the usage of ANSI control characters for terminal formatting: +# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters +# More info on the awk command: +# http://linuxcommand.org/lc3_adv_awk.php + +.PHONY: help +help: ## Display this help. + @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) + +##@ Development + +.PHONY: manifests +manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. + $(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases + +.PHONY: generate +generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. + $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..." + +.PHONY: fmt +fmt: ## Run go fmt against code. + go fmt ./... + +.PHONY: vet +vet: ## Run go vet against code. + go vet ./... + +.PHONY: test +test: manifests generate fmt vet envtest ## Run tests. + KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test $$(go list ./... | grep -v /e2e) -coverprofile cover.out + +# Utilize Kind or modify the e2e tests to load the image locally, enabling compatibility with other vendors. +.PHONY: test-e2e # Run the e2e tests against a Kind k8s instance that is spun up. +test-e2e: + go test ./test/e2e/ -v -ginkgo.v + +.PHONY: lint +lint: golangci-lint ## Run golangci-lint linter + $(GOLANGCI_LINT) run + +.PHONY: lint-fix +lint-fix: golangci-lint ## Run golangci-lint linter and perform fixes + $(GOLANGCI_LINT) run --fix + +##@ Build + +.PHONY: build +build: manifests generate fmt vet ## Build manager binary. + go build -o bin/manager cmd/main.go + +.PHONY: run +run: manifests generate fmt vet ## Run a controller from your host. + go run ./cmd/main.go + +# If you wish to build the manager image targeting other platforms you can use the --platform flag. +# (i.e. docker build --platform linux/arm64). However, you must enable docker buildKit for it. +# More info: https://docs.docker.com/develop/develop-images/build_enhancements/ +.PHONY: docker-build +docker-build: ## Build docker image with the manager. + $(CONTAINER_TOOL) build -t ${IMG} . + +.PHONY: docker-push +docker-push: ## Push docker image with the manager. + $(CONTAINER_TOOL) push ${IMG} + +# PLATFORMS defines the target platforms for the manager image be built to provide support to multiple +# architectures. (i.e. make docker-buildx IMG=myregistry/mypoperator:0.0.1). To use this option you need to: +# - be able to use docker buildx. More info: https://docs.docker.com/build/buildx/ +# - have enabled BuildKit. More info: https://docs.docker.com/develop/develop-images/build_enhancements/ +# - be able to push the image to your registry (i.e. if you do not set a valid value via IMG=> then the export will fail) +# To adequately provide solutions that are compatible with multiple platforms, you should consider using this option. +PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le +.PHONY: docker-buildx +docker-buildx: ## Build and push docker image for the manager for cross-platform support + # copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile + sed -e '1 s/\(^FROM\)/FROM --platform=\$$\{BUILDPLATFORM\}/; t' -e ' 1,// s//FROM --platform=\$$\{BUILDPLATFORM\}/' Dockerfile > Dockerfile.cross + - $(CONTAINER_TOOL) buildx create --name github-checker-operator-builder + $(CONTAINER_TOOL) buildx use github-checker-operator-builder + - $(CONTAINER_TOOL) buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross . + - $(CONTAINER_TOOL) buildx rm github-checker-operator-builder + rm Dockerfile.cross + +.PHONY: build-installer +build-installer: manifests generate kustomize ## Generate a consolidated YAML with CRDs and deployment. + mkdir -p dist + cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} + $(KUSTOMIZE) build config/default > dist/install.yaml + +##@ Deployment + +ifndef ignore-not-found + ignore-not-found = false +endif + +.PHONY: install +install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config. + $(KUSTOMIZE) build config/crd | $(KUBECTL) apply -f - + +.PHONY: uninstall +uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. + $(KUSTOMIZE) build config/crd | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f - + +.PHONY: deploy +deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config. + cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} + $(KUSTOMIZE) build config/default | $(KUBECTL) apply -f - + +.PHONY: undeploy +undeploy: kustomize ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. + $(KUSTOMIZE) build config/default | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f - + +##@ Dependencies + +## Location to install dependencies to +LOCALBIN ?= $(shell pwd)/bin +$(LOCALBIN): + mkdir -p $(LOCALBIN) + +## Tool Binaries +KUBECTL ?= kubectl +KUSTOMIZE ?= $(LOCALBIN)/kustomize +CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen +ENVTEST ?= $(LOCALBIN)/setup-envtest +GOLANGCI_LINT = $(LOCALBIN)/golangci-lint + +## Tool Versions +KUSTOMIZE_VERSION ?= v5.4.3 +CONTROLLER_TOOLS_VERSION ?= v0.16.1 +ENVTEST_VERSION ?= release-0.19 +GOLANGCI_LINT_VERSION ?= v1.59.1 + +.PHONY: kustomize +kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. +$(KUSTOMIZE): $(LOCALBIN) + $(call go-install-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/v5,$(KUSTOMIZE_VERSION)) + +.PHONY: controller-gen +controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. +$(CONTROLLER_GEN): $(LOCALBIN) + $(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen,$(CONTROLLER_TOOLS_VERSION)) + +.PHONY: envtest +envtest: $(ENVTEST) ## Download setup-envtest locally if necessary. +$(ENVTEST): $(LOCALBIN) + $(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest,$(ENVTEST_VERSION)) + +.PHONY: golangci-lint +golangci-lint: $(GOLANGCI_LINT) ## Download golangci-lint locally if necessary. +$(GOLANGCI_LINT): $(LOCALBIN) + $(call go-install-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/cmd/golangci-lint,$(GOLANGCI_LINT_VERSION)) + +# go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist +# $1 - target path with name of binary +# $2 - package url which can be installed +# $3 - specific version of package +define go-install-tool +@[ -f "$(1)-$(3)" ] || { \ +set -e; \ +package=$(2)@$(3) ;\ +echo "Downloading $${package}" ;\ +rm -f $(1) || true ;\ +GOBIN=$(LOCALBIN) go install $${package} ;\ +mv $(1) $(1)-$(3) ;\ +} ;\ +ln -sf $(1)-$(3) $(1) +endef diff --git a/PROJECT b/PROJECT new file mode 100644 index 0000000..47d9f40 --- /dev/null +++ b/PROJECT @@ -0,0 +1,20 @@ +# Code generated by tool. DO NOT EDIT. +# This file is used to track the info used to scaffold your project +# and allow the plugins properly work. +# More info: https://book.kubebuilder.io/reference/project-config.html +domain: cloudification.io +layout: +- go.kubebuilder.io/v4 +projectName: github-checker-operator +repo: github.com/cloudification-io/github-checker-operator +resources: +- api: + crdVersion: v1 + namespaced: true + controller: true + domain: cloudification.io + group: checker + kind: Checker + path: github.com/cloudification-io/github-checker-operator/api/v1 + version: v1 +version: "3" diff --git a/api/v1/checker_types.go b/api/v1/checker_types.go new file mode 100644 index 0000000..594fb1c --- /dev/null +++ b/api/v1/checker_types.go @@ -0,0 +1,64 @@ +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! +// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. + +// CheckerSpec defines the desired state of Checker +type CheckerSpec struct { + // INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + // Important: Run "make" to regenerate code after modifying this file + + // Foo is an example field of Checker. Edit checker_types.go to remove/update + Foo string `json:"foo,omitempty"` +} + +// CheckerStatus defines the observed state of Checker +type CheckerStatus struct { + // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + // Important: Run "make" to regenerate code after modifying this file +} + +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status + +// Checker is the Schema for the checkers API +type Checker struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec CheckerSpec `json:"spec,omitempty"` + Status CheckerStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// CheckerList contains a list of Checker +type CheckerList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []Checker `json:"items"` +} + +func init() { + SchemeBuilder.Register(&Checker{}, &CheckerList{}) +} diff --git a/api/v1/groupversion_info.go b/api/v1/groupversion_info.go new file mode 100644 index 0000000..1d2b429 --- /dev/null +++ b/api/v1/groupversion_info.go @@ -0,0 +1,36 @@ +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1 contains API Schema definitions for the checker v1 API group +// +kubebuilder:object:generate=true +// +groupName=checker.cloudification.io +package v1 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +var ( + // GroupVersion is group version used to register these objects + GroupVersion = schema.GroupVersion{Group: "checker.cloudification.io", Version: "v1"} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme + SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) diff --git a/api/v1/zz_generated.deepcopy.go b/api/v1/zz_generated.deepcopy.go new file mode 100644 index 0000000..e34ca38 --- /dev/null +++ b/api/v1/zz_generated.deepcopy.go @@ -0,0 +1,114 @@ +//go:build !ignore_autogenerated + +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by controller-gen. DO NOT EDIT. + +package v1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Checker) DeepCopyInto(out *Checker) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + out.Status = in.Status +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Checker. +func (in *Checker) DeepCopy() *Checker { + if in == nil { + return nil + } + out := new(Checker) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Checker) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CheckerList) DeepCopyInto(out *CheckerList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Checker, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CheckerList. +func (in *CheckerList) DeepCopy() *CheckerList { + if in == nil { + return nil + } + out := new(CheckerList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CheckerList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CheckerSpec) DeepCopyInto(out *CheckerSpec) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CheckerSpec. +func (in *CheckerSpec) DeepCopy() *CheckerSpec { + if in == nil { + return nil + } + out := new(CheckerSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CheckerStatus) DeepCopyInto(out *CheckerStatus) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CheckerStatus. +func (in *CheckerStatus) DeepCopy() *CheckerStatus { + if in == nil { + return nil + } + out := new(CheckerStatus) + in.DeepCopyInto(out) + return out +} diff --git a/cmd/main.go b/cmd/main.go new file mode 100644 index 0000000..f37f0f2 --- /dev/null +++ b/cmd/main.go @@ -0,0 +1,170 @@ +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + "crypto/tls" + "flag" + "os" + + // Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.) + // to ensure that exec-entrypoint and run can make use of them. + _ "k8s.io/client-go/plugin/pkg/client/auth" + + "k8s.io/apimachinery/pkg/runtime" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" + clientgoscheme "k8s.io/client-go/kubernetes/scheme" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/healthz" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + "sigs.k8s.io/controller-runtime/pkg/metrics/filters" + metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" + "sigs.k8s.io/controller-runtime/pkg/webhook" + + checkerv1 "github.com/cloudification-io/github-checker-operator/api/v1" + "github.com/cloudification-io/github-checker-operator/internal/controller" + // +kubebuilder:scaffold:imports +) + +var ( + scheme = runtime.NewScheme() + setupLog = ctrl.Log.WithName("setup") +) + +func init() { + utilruntime.Must(clientgoscheme.AddToScheme(scheme)) + + utilruntime.Must(checkerv1.AddToScheme(scheme)) + // +kubebuilder:scaffold:scheme +} + +func main() { + var metricsAddr string + var enableLeaderElection bool + var probeAddr string + var secureMetrics bool + var enableHTTP2 bool + var tlsOpts []func(*tls.Config) + flag.StringVar(&metricsAddr, "metrics-bind-address", "0", "The address the metrics endpoint binds to. "+ + "Use :8443 for HTTPS or :8080 for HTTP, or leave as 0 to disable the metrics service.") + flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") + flag.BoolVar(&enableLeaderElection, "leader-elect", false, + "Enable leader election for controller manager. "+ + "Enabling this will ensure there is only one active controller manager.") + flag.BoolVar(&secureMetrics, "metrics-secure", true, + "If set, the metrics endpoint is served securely via HTTPS. Use --metrics-secure=false to use HTTP instead.") + flag.BoolVar(&enableHTTP2, "enable-http2", false, + "If set, HTTP/2 will be enabled for the metrics and webhook servers") + opts := zap.Options{ + Development: true, + } + opts.BindFlags(flag.CommandLine) + flag.Parse() + + ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts))) + + // if the enable-http2 flag is false (the default), http/2 should be disabled + // due to its vulnerabilities. More specifically, disabling http/2 will + // prevent from being vulnerable to the HTTP/2 Stream Cancellation and + // Rapid Reset CVEs. For more information see: + // - https://github.com/advisories/GHSA-qppj-fm5r-hxr3 + // - https://github.com/advisories/GHSA-4374-p667-p6c8 + disableHTTP2 := func(c *tls.Config) { + setupLog.Info("disabling http/2") + c.NextProtos = []string{"http/1.1"} + } + + if !enableHTTP2 { + tlsOpts = append(tlsOpts, disableHTTP2) + } + + webhookServer := webhook.NewServer(webhook.Options{ + TLSOpts: tlsOpts, + }) + + // Metrics endpoint is enabled in 'config/default/kustomization.yaml'. The Metrics options configure the server. + // More info: + // - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.19.0/pkg/metrics/server + // - https://book.kubebuilder.io/reference/metrics.html + metricsServerOptions := metricsserver.Options{ + BindAddress: metricsAddr, + SecureServing: secureMetrics, + // TODO(user): TLSOpts is used to allow configuring the TLS config used for the server. If certificates are + // not provided, self-signed certificates will be generated by default. This option is not recommended for + // production environments as self-signed certificates do not offer the same level of trust and security + // as certificates issued by a trusted Certificate Authority (CA). The primary risk is potentially allowing + // unauthorized access to sensitive metrics data. Consider replacing with CertDir, CertName, and KeyName + // to provide certificates, ensuring the server communicates using trusted and secure certificates. + TLSOpts: tlsOpts, + } + + if secureMetrics { + // FilterProvider is used to protect the metrics endpoint with authn/authz. + // These configurations ensure that only authorized users and service accounts + // can access the metrics endpoint. The RBAC are configured in 'config/rbac/kustomization.yaml'. More info: + // https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.19.0/pkg/metrics/filters#WithAuthenticationAndAuthorization + metricsServerOptions.FilterProvider = filters.WithAuthenticationAndAuthorization + } + + mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ + Scheme: scheme, + Metrics: metricsServerOptions, + WebhookServer: webhookServer, + HealthProbeBindAddress: probeAddr, + LeaderElection: enableLeaderElection, + LeaderElectionID: "ec20a543.cloudification.io", + // LeaderElectionReleaseOnCancel defines if the leader should step down voluntarily + // when the Manager ends. This requires the binary to immediately end when the + // Manager is stopped, otherwise, this setting is unsafe. Setting this significantly + // speeds up voluntary leader transitions as the new leader don't have to wait + // LeaseDuration time first. + // + // In the default scaffold provided, the program ends immediately after + // the manager stops, so would be fine to enable this option. However, + // if you are doing or is intended to do any operation such as perform cleanups + // after the manager stops then its usage might be unsafe. + // LeaderElectionReleaseOnCancel: true, + }) + if err != nil { + setupLog.Error(err, "unable to start manager") + os.Exit(1) + } + + if err = (&controller.CheckerReconciler{ + Client: mgr.GetClient(), + Scheme: mgr.GetScheme(), + }).SetupWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create controller", "controller", "Checker") + os.Exit(1) + } + // +kubebuilder:scaffold:builder + + if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil { + setupLog.Error(err, "unable to set up health check") + os.Exit(1) + } + if err := mgr.AddReadyzCheck("readyz", healthz.Ping); err != nil { + setupLog.Error(err, "unable to set up ready check") + os.Exit(1) + } + + setupLog.Info("starting manager") + if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil { + setupLog.Error(err, "problem running manager") + os.Exit(1) + } +} diff --git a/config/crd/bases/checker.cloudification.io_checkers.yaml b/config/crd/bases/checker.cloudification.io_checkers.yaml new file mode 100644 index 0000000..c6889d7 --- /dev/null +++ b/config/crd/bases/checker.cloudification.io_checkers.yaml @@ -0,0 +1,54 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: checkers.checker.cloudification.io +spec: + group: checker.cloudification.io + names: + kind: Checker + listKind: CheckerList + plural: checkers + singular: checker + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: Checker is the Schema for the checkers API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CheckerSpec defines the desired state of Checker + properties: + foo: + description: Foo is an example field of Checker. Edit checker_types.go + to remove/update + type: string + type: object + status: + description: CheckerStatus defines the observed state of Checker + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml new file mode 100644 index 0000000..2f1a098 --- /dev/null +++ b/config/crd/kustomization.yaml @@ -0,0 +1,22 @@ +# This kustomization.yaml is not intended to be run by itself, +# since it depends on service name and namespace that are out of this kustomize package. +# It should be run by config/default +resources: +- bases/checker.cloudification.io_checkers.yaml +# +kubebuilder:scaffold:crdkustomizeresource + +patches: +# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. +# patches here are for enabling the conversion webhook for each CRD +# +kubebuilder:scaffold:crdkustomizewebhookpatch + +# [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix. +# patches here are for enabling the CA injection for each CRD +#- path: patches/cainjection_in_checkers.yaml +# +kubebuilder:scaffold:crdkustomizecainjectionpatch + +# [WEBHOOK] To enable webhook, uncomment the following section +# the following config is for teaching kustomize how to do kustomization for CRDs. + +#configurations: +#- kustomizeconfig.yaml diff --git a/config/crd/kustomizeconfig.yaml b/config/crd/kustomizeconfig.yaml new file mode 100644 index 0000000..ec5c150 --- /dev/null +++ b/config/crd/kustomizeconfig.yaml @@ -0,0 +1,19 @@ +# This file is for teaching kustomize how to substitute name and namespace reference in CRD +nameReference: +- kind: Service + version: v1 + fieldSpecs: + - kind: CustomResourceDefinition + version: v1 + group: apiextensions.k8s.io + path: spec/conversion/webhook/clientConfig/service/name + +namespace: +- kind: CustomResourceDefinition + version: v1 + group: apiextensions.k8s.io + path: spec/conversion/webhook/clientConfig/service/namespace + create: false + +varReference: +- path: metadata/annotations diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml new file mode 100644 index 0000000..76d5ef1 --- /dev/null +++ b/config/default/kustomization.yaml @@ -0,0 +1,151 @@ +# Adds namespace to all resources. +namespace: github-checker-operator-system + +# Value of this field is prepended to the +# names of all resources, e.g. a deployment named +# "wordpress" becomes "alices-wordpress". +# Note that it should also match with the prefix (text before '-') of the namespace +# field above. +namePrefix: github-checker-operator- + +# Labels to add to all resources and selectors. +#labels: +#- includeSelectors: true +# pairs: +# someName: someValue + +resources: +- ../crd +- ../rbac +- ../manager +# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in +# crd/kustomization.yaml +#- ../webhook +# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. +#- ../certmanager +# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. +#- ../prometheus +# [METRICS] Expose the controller manager metrics service. +- metrics_service.yaml +# [NETWORK POLICY] Protect the /metrics endpoint and Webhook Server with NetworkPolicy. +# Only Pod(s) running a namespace labeled with 'metrics: enabled' will be able to gather the metrics. +# Only CR(s) which requires webhooks and are applied on namespaces labeled with 'webhooks: enabled' will +# be able to communicate with the Webhook Server. +#- ../network-policy + +# Uncomment the patches line if you enable Metrics, and/or are using webhooks and cert-manager +patches: +# [METRICS] The following patch will enable the metrics endpoint using HTTPS and the port :8443. +# More info: https://book.kubebuilder.io/reference/metrics +- path: manager_metrics_patch.yaml + target: + kind: Deployment + +# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in +# crd/kustomization.yaml +#- path: manager_webhook_patch.yaml + +# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. +# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. +# 'CERTMANAGER' needs to be enabled to use ca injection +#- path: webhookcainjection_patch.yaml + +# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. +# Uncomment the following replacements to add the cert-manager CA injection annotations +#replacements: +# - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs +# kind: Certificate +# group: cert-manager.io +# version: v1 +# name: serving-cert # this name should match the one in certificate.yaml +# fieldPath: .metadata.namespace # namespace of the certificate CR +# targets: +# - select: +# kind: ValidatingWebhookConfiguration +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 0 +# create: true +# - select: +# kind: MutatingWebhookConfiguration +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 0 +# create: true +# - select: +# kind: CustomResourceDefinition +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 0 +# create: true +# - source: +# kind: Certificate +# group: cert-manager.io +# version: v1 +# name: serving-cert # this name should match the one in certificate.yaml +# fieldPath: .metadata.name +# targets: +# - select: +# kind: ValidatingWebhookConfiguration +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 1 +# create: true +# - select: +# kind: MutatingWebhookConfiguration +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 1 +# create: true +# - select: +# kind: CustomResourceDefinition +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 1 +# create: true +# - source: # Add cert-manager annotation to the webhook Service +# kind: Service +# version: v1 +# name: webhook-service +# fieldPath: .metadata.name # namespace of the service +# targets: +# - select: +# kind: Certificate +# group: cert-manager.io +# version: v1 +# fieldPaths: +# - .spec.dnsNames.0 +# - .spec.dnsNames.1 +# options: +# delimiter: '.' +# index: 0 +# create: true +# - source: +# kind: Service +# version: v1 +# name: webhook-service +# fieldPath: .metadata.namespace # namespace of the service +# targets: +# - select: +# kind: Certificate +# group: cert-manager.io +# version: v1 +# fieldPaths: +# - .spec.dnsNames.0 +# - .spec.dnsNames.1 +# options: +# delimiter: '.' +# index: 1 +# create: true diff --git a/config/default/manager_metrics_patch.yaml b/config/default/manager_metrics_patch.yaml new file mode 100644 index 0000000..2aaef65 --- /dev/null +++ b/config/default/manager_metrics_patch.yaml @@ -0,0 +1,4 @@ +# This patch adds the args to allow exposing the metrics endpoint using HTTPS +- op: add + path: /spec/template/spec/containers/0/args/0 + value: --metrics-bind-address=:8443 diff --git a/config/default/metrics_service.yaml b/config/default/metrics_service.yaml new file mode 100644 index 0000000..04b2858 --- /dev/null +++ b/config/default/metrics_service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + app.kubernetes.io/name: github-checker-operator + app.kubernetes.io/managed-by: kustomize + name: controller-manager-metrics-service + namespace: system +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: 8443 + selector: + control-plane: controller-manager diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml new file mode 100644 index 0000000..5c5f0b8 --- /dev/null +++ b/config/manager/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- manager.yaml diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml new file mode 100644 index 0000000..9dff1d3 --- /dev/null +++ b/config/manager/manager.yaml @@ -0,0 +1,95 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + control-plane: controller-manager + app.kubernetes.io/name: github-checker-operator + app.kubernetes.io/managed-by: kustomize + name: system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system + labels: + control-plane: controller-manager + app.kubernetes.io/name: github-checker-operator + app.kubernetes.io/managed-by: kustomize +spec: + selector: + matchLabels: + control-plane: controller-manager + replicas: 1 + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + # TODO(user): Uncomment the following code to configure the nodeAffinity expression + # according to the platforms which are supported by your solution. + # It is considered best practice to support multiple architectures. You can + # build your manager image using the makefile target docker-buildx. + # affinity: + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/arch + # operator: In + # values: + # - amd64 + # - arm64 + # - ppc64le + # - s390x + # - key: kubernetes.io/os + # operator: In + # values: + # - linux + securityContext: + runAsNonRoot: true + # TODO(user): For common cases that do not require escalating privileges + # it is recommended to ensure that all your Pods/Containers are restrictive. + # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted + # Please uncomment the following code if your project does NOT have to work on old Kubernetes + # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ). + # seccompProfile: + # type: RuntimeDefault + containers: + - command: + - /manager + args: + - --leader-elect + - --health-probe-bind-address=:8081 + image: controller:latest + name: manager + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + # TODO(user): Configure the resources accordingly based on the project requirements. + # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + serviceAccountName: controller-manager + terminationGracePeriodSeconds: 10 diff --git a/config/network-policy/allow-metrics-traffic.yaml b/config/network-policy/allow-metrics-traffic.yaml new file mode 100644 index 0000000..7c3ec64 --- /dev/null +++ b/config/network-policy/allow-metrics-traffic.yaml @@ -0,0 +1,26 @@ +# This NetworkPolicy allows ingress traffic +# with Pods running on namespaces labeled with 'metrics: enabled'. Only Pods on those +# namespaces are able to gathering data from the metrics endpoint. +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + labels: + app.kubernetes.io/name: github-checker-operator + app.kubernetes.io/managed-by: kustomize + name: allow-metrics-traffic + namespace: system +spec: + podSelector: + matchLabels: + control-plane: controller-manager + policyTypes: + - Ingress + ingress: + # This allows ingress traffic from any namespace with the label metrics: enabled + - from: + - namespaceSelector: + matchLabels: + metrics: enabled # Only from namespaces with this label + ports: + - port: 8443 + protocol: TCP diff --git a/config/network-policy/kustomization.yaml b/config/network-policy/kustomization.yaml new file mode 100644 index 0000000..ec0fb5e --- /dev/null +++ b/config/network-policy/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- allow-metrics-traffic.yaml diff --git a/config/prometheus/kustomization.yaml b/config/prometheus/kustomization.yaml new file mode 100644 index 0000000..ed13716 --- /dev/null +++ b/config/prometheus/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- monitor.yaml diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml new file mode 100644 index 0000000..e9633f8 --- /dev/null +++ b/config/prometheus/monitor.yaml @@ -0,0 +1,30 @@ +# Prometheus Monitor Service (Metrics) +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + control-plane: controller-manager + app.kubernetes.io/name: github-checker-operator + app.kubernetes.io/managed-by: kustomize + name: controller-manager-metrics-monitor + namespace: system +spec: + endpoints: + - path: /metrics + port: https # Ensure this is the name of the port that exposes HTTPS metrics + scheme: https + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + tlsConfig: + # TODO(user): The option insecureSkipVerify: true is not recommended for production since it disables + # certificate verification. This poses a significant security risk by making the system vulnerable to + # man-in-the-middle attacks, where an attacker could intercept and manipulate the communication between + # Prometheus and the monitored services. This could lead to unauthorized access to sensitive metrics data, + # compromising the integrity and confidentiality of the information. + # Please use the following options for secure configurations: + # caFile: /etc/metrics-certs/ca.crt + # certFile: /etc/metrics-certs/tls.crt + # keyFile: /etc/metrics-certs/tls.key + insecureSkipVerify: true + selector: + matchLabels: + control-plane: controller-manager diff --git a/config/rbac/checker_editor_role.yaml b/config/rbac/checker_editor_role.yaml new file mode 100644 index 0000000..83ebfbc --- /dev/null +++ b/config/rbac/checker_editor_role.yaml @@ -0,0 +1,27 @@ +# permissions for end users to edit checkers. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: github-checker-operator + app.kubernetes.io/managed-by: kustomize + name: checker-editor-role +rules: +- apiGroups: + - checker.cloudification.io + resources: + - checkers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - checker.cloudification.io + resources: + - checkers/status + verbs: + - get diff --git a/config/rbac/checker_viewer_role.yaml b/config/rbac/checker_viewer_role.yaml new file mode 100644 index 0000000..f4ea360 --- /dev/null +++ b/config/rbac/checker_viewer_role.yaml @@ -0,0 +1,23 @@ +# permissions for end users to view checkers. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: github-checker-operator + app.kubernetes.io/managed-by: kustomize + name: checker-viewer-role +rules: +- apiGroups: + - checker.cloudification.io + resources: + - checkers + verbs: + - get + - list + - watch +- apiGroups: + - checker.cloudification.io + resources: + - checkers/status + verbs: + - get diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml new file mode 100644 index 0000000..7169fd6 --- /dev/null +++ b/config/rbac/kustomization.yaml @@ -0,0 +1,27 @@ +resources: +# All RBAC will be applied under this service account in +# the deployment namespace. You may comment out this resource +# if your manager will use a service account that exists at +# runtime. Be sure to update RoleBinding and ClusterRoleBinding +# subjects if changing service account names. +- service_account.yaml +- role.yaml +- role_binding.yaml +- leader_election_role.yaml +- leader_election_role_binding.yaml +# The following RBAC configurations are used to protect +# the metrics endpoint with authn/authz. These configurations +# ensure that only authorized users and service accounts +# can access the metrics endpoint. Comment the following +# permissions if you want to disable this protection. +# More info: https://book.kubebuilder.io/reference/metrics.html +- metrics_auth_role.yaml +- metrics_auth_role_binding.yaml +- metrics_reader_role.yaml +# For each CRD, "Editor" and "Viewer" roles are scaffolded by +# default, aiding admins in cluster management. Those roles are +# not used by the Project itself. You can comment the following lines +# if you do not want those helpers be installed with your Project. +- checker_editor_role.yaml +- checker_viewer_role.yaml + diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml new file mode 100644 index 0000000..933b9ca --- /dev/null +++ b/config/rbac/leader_election_role.yaml @@ -0,0 +1,40 @@ +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/name: github-checker-operator + app.kubernetes.io/managed-by: kustomize + name: leader-election-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml new file mode 100644 index 0000000..b5813bb --- /dev/null +++ b/config/rbac/leader_election_role_binding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/name: github-checker-operator + app.kubernetes.io/managed-by: kustomize + name: leader-election-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: leader-election-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/config/rbac/metrics_auth_role.yaml b/config/rbac/metrics_auth_role.yaml new file mode 100644 index 0000000..32d2e4e --- /dev/null +++ b/config/rbac/metrics_auth_role.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: metrics-auth-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create diff --git a/config/rbac/metrics_auth_role_binding.yaml b/config/rbac/metrics_auth_role_binding.yaml new file mode 100644 index 0000000..e775d67 --- /dev/null +++ b/config/rbac/metrics_auth_role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: metrics-auth-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: metrics-auth-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/config/rbac/metrics_reader_role.yaml b/config/rbac/metrics_reader_role.yaml new file mode 100644 index 0000000..51a75db --- /dev/null +++ b/config/rbac/metrics_reader_role.yaml @@ -0,0 +1,9 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: metrics-reader +rules: +- nonResourceURLs: + - "/metrics" + verbs: + - get diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml new file mode 100644 index 0000000..465f059 --- /dev/null +++ b/config/rbac/role.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: manager-role +rules: +- apiGroups: + - checker.cloudification.io + resources: + - checkers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - checker.cloudification.io + resources: + - checkers/finalizers + verbs: + - update +- apiGroups: + - checker.cloudification.io + resources: + - checkers/status + verbs: + - get + - patch + - update diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml new file mode 100644 index 0000000..1034ed2 --- /dev/null +++ b/config/rbac/role_binding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: github-checker-operator + app.kubernetes.io/managed-by: kustomize + name: manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: manager-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml new file mode 100644 index 0000000..64b2909 --- /dev/null +++ b/config/rbac/service_account.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: github-checker-operator + app.kubernetes.io/managed-by: kustomize + name: controller-manager + namespace: system diff --git a/config/samples/checker_v1_checker.yaml b/config/samples/checker_v1_checker.yaml new file mode 100644 index 0000000..3ce6383 --- /dev/null +++ b/config/samples/checker_v1_checker.yaml @@ -0,0 +1,9 @@ +apiVersion: checker.cloudification.io/v1 +kind: Checker +metadata: + labels: + app.kubernetes.io/name: github-checker-operator + app.kubernetes.io/managed-by: kustomize + name: checker-sample +spec: + # TODO(user): Add fields here diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml new file mode 100644 index 0000000..524d7d0 --- /dev/null +++ b/config/samples/kustomization.yaml @@ -0,0 +1,4 @@ +## Append samples of your project ## +resources: +- checker_v1_checker.yaml +# +kubebuilder:scaffold:manifestskustomizesamples diff --git a/example/example.yaml b/example/example.yaml new file mode 100644 index 0000000..c645a16 --- /dev/null +++ b/example/example.yaml @@ -0,0 +1,7 @@ +apiVersion: checker.cloudification.io/v1 +kind: Checker +metadata: + labels: + app.kubernetes.io/name: test + name: test +spec: \ No newline at end of file diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..b03bc90 --- /dev/null +++ b/go.mod @@ -0,0 +1,98 @@ +module github.com/cloudification-io/github-checker-operator + +go 1.22.0 + +require ( + github.com/onsi/ginkgo/v2 v2.19.0 + github.com/onsi/gomega v1.33.1 + k8s.io/apimachinery v0.31.0 + k8s.io/client-go v0.31.0 + sigs.k8s.io/controller-runtime v0.19.0 +) + +require ( + github.com/antlr4-go/antlr/v4 v4.13.0 // indirect + github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a // indirect + github.com/beorn7/perks v1.0.1 // indirect + github.com/blang/semver/v4 v4.0.0 // indirect + github.com/cenkalti/backoff/v4 v4.3.0 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect + github.com/emicklei/go-restful/v3 v3.11.0 // indirect + github.com/evanphx/json-patch/v5 v5.9.0 // indirect + github.com/felixge/httpsnoop v1.0.4 // indirect + github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/fxamacker/cbor/v2 v2.7.0 // indirect + github.com/go-logr/logr v1.4.2 // indirect + github.com/go-logr/stdr v1.2.2 // indirect + github.com/go-logr/zapr v1.3.0 // indirect + github.com/go-openapi/jsonpointer v0.19.6 // indirect + github.com/go-openapi/jsonreference v0.20.2 // indirect + github.com/go-openapi/swag v0.22.4 // indirect + github.com/go-task/slim-sprig/v3 v3.0.0 // indirect + github.com/gogo/protobuf v1.3.2 // indirect + github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect + github.com/golang/protobuf v1.5.4 // indirect + github.com/google/cel-go v0.20.1 // indirect + github.com/google/gnostic-models v0.6.8 // indirect + github.com/google/go-cmp v0.6.0 // indirect + github.com/google/gofuzz v1.2.0 // indirect + github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect + github.com/imdario/mergo v0.3.6 // indirect + github.com/inconshreveable/mousetrap v1.1.0 // indirect + github.com/josharian/intern v1.0.0 // indirect + github.com/json-iterator/go v1.1.12 // indirect + github.com/mailru/easyjson v0.7.7 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect + github.com/pkg/errors v0.9.1 // indirect + github.com/prometheus/client_golang v1.19.1 // indirect + github.com/prometheus/client_model v0.6.1 // indirect + github.com/prometheus/common v0.55.0 // indirect + github.com/prometheus/procfs v0.15.1 // indirect + github.com/spf13/cobra v1.8.1 // indirect + github.com/spf13/pflag v1.0.5 // indirect + github.com/stoewer/go-strcase v1.2.0 // indirect + github.com/x448/float16 v0.8.4 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect + go.opentelemetry.io/otel v1.28.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 // indirect + go.opentelemetry.io/otel/metric v1.28.0 // indirect + go.opentelemetry.io/otel/sdk v1.28.0 // indirect + go.opentelemetry.io/otel/trace v1.28.0 // indirect + go.opentelemetry.io/proto/otlp v1.3.1 // indirect + go.uber.org/multierr v1.11.0 // indirect + go.uber.org/zap v1.26.0 // indirect + golang.org/x/exp v0.0.0-20230515195305-f3d0a9c9a5cc // indirect + golang.org/x/net v0.26.0 // indirect + golang.org/x/oauth2 v0.21.0 // indirect + golang.org/x/sync v0.7.0 // indirect + golang.org/x/sys v0.21.0 // indirect + golang.org/x/term v0.21.0 // indirect + golang.org/x/text v0.16.0 // indirect + golang.org/x/time v0.3.0 // indirect + golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect + gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect + google.golang.org/grpc v1.65.0 // indirect + google.golang.org/protobuf v1.34.2 // indirect + gopkg.in/inf.v0 v0.9.1 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect + k8s.io/api v0.31.0 // indirect + k8s.io/apiextensions-apiserver v0.31.0 // indirect + k8s.io/apiserver v0.31.0 // indirect + k8s.io/component-base v0.31.0 // indirect + k8s.io/klog/v2 v2.130.1 // indirect + k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect + k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect + sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 // indirect + sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect + sigs.k8s.io/yaml v1.4.0 // indirect +) diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..a8ec01d --- /dev/null +++ b/go.sum @@ -0,0 +1,251 @@ +github.com/antlr4-go/antlr/v4 v4.13.0 h1:lxCg3LAv+EUK6t1i0y1V6/SLeUi0eKEKdhQAlS8TVTI= +github.com/antlr4-go/antlr/v4 v4.13.0/go.mod h1:pfChB/xh/Unjila75QW7+VU4TSnWnnk9UTnmpPaOR2g= +github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a h1:idn718Q4B6AGu/h5Sxe66HYVdqdGu2l9Iebqhi/AEoA= +github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= +github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= +github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= +github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= +github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= +github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= +github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/evanphx/json-patch v0.5.2 h1:xVCHIVMUu1wtM/VkR9jVZ45N3FhZfYMMYGorLCR8P3k= +github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ= +github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= +github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= +github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= +github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= +github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= +github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= +github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= +github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= +github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= +github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= +github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= +github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= +github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= +github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU= +github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= +github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= +github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= +github.com/google/cel-go v0.20.1 h1:nDx9r8S3L4pE61eDdt8igGj8rf5kjYR3ILxWIpWNi84= +github.com/google/cel-go v0.20.1/go.mod h1:kWcIzTsPX0zmQ+H3TirHstLLf9ep5QTsZBN9u4dOYLg= +github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= +github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= +github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af h1:kmjWCqn2qkEml422C2Rrd27c3VGxi6a/6HNq8QmHRKM= +github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k= +github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28= +github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= +github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= +github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= +github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA= +github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= +github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= +github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE= +github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho= +github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= +github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= +github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= +github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= +github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= +github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= +github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= +github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stoewer/go-strcase v1.2.0 h1:Z2iHWqGXH00XYgqDmNgQbIBxf3wrNq0F3feEy0ainaU= +github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= +github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= +github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg= +go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo= +go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 h1:3Q/xZUyC1BBkualc9ROb4G8qkH90LXEIICcs5zv1OYY= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0/go.mod h1:s75jGIWA9OfCMzF0xr+ZgfrB5FEbbV7UuYo32ahUiFI= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 h1:qFffATk0X+HD+f1Z8lswGiOQYKHRlzfmdJm0wEaVrFA= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0/go.mod h1:MOiCmryaYtc+V0Ei+Tx9o5S1ZjA7kzLucuVuyzBZloQ= +go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q= +go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s= +go.opentelemetry.io/otel/sdk v1.28.0 h1:b9d7hIry8yZsgtbmM0DKyPWMMUMlK9NEKuIG4aBqWyE= +go.opentelemetry.io/otel/sdk v1.28.0/go.mod h1:oYj7ClPUA7Iw3m+r7GeEjz0qckQRJK2B8zjcZEfu7Pg= +go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g= +go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI= +go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0= +go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= +go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= +go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= +go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= +go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= +go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= +go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/exp v0.0.0-20230515195305-f3d0a9c9a5cc h1:mCRnTeVUjcrhlRmO0VK8a6k6Rrf6TF9htwo2pJVSjIU= +golang.org/x/exp v0.0.0-20230515195305-f3d0a9c9a5cc/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w= +golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= +golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= +golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= +golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= +golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= +golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= +golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= +gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= +google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 h1:7whR9kGa5LUwFtpLm2ArCEejtnxlGeLbAyjFY8sGNFw= +google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157/go.mod h1:99sLkeliLXfdj2J75X3Ho+rrVCaJze0uwN7zDDkjPVU= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 h1:BwIjyKYGsK9dMCBOorzRri8MQwmi7mT9rGHsCEinZkA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= +google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc= +google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ= +google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= +google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= +gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= +gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= +gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +k8s.io/api v0.31.0 h1:b9LiSjR2ym/SzTOlfMHm1tr7/21aD7fSkqgD/CVJBCo= +k8s.io/api v0.31.0/go.mod h1:0YiFF+JfFxMM6+1hQei8FY8M7s1Mth+z/q7eF1aJkTE= +k8s.io/apiextensions-apiserver v0.31.0 h1:fZgCVhGwsclj3qCw1buVXCV6khjRzKC5eCFt24kyLSk= +k8s.io/apiextensions-apiserver v0.31.0/go.mod h1:b9aMDEYaEe5sdK+1T0KU78ApR/5ZVp4i56VacZYEHxk= +k8s.io/apimachinery v0.31.0 h1:m9jOiSr3FoSSL5WO9bjm1n6B9KROYYgNZOb4tyZ1lBc= +k8s.io/apimachinery v0.31.0/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= +k8s.io/apiserver v0.31.0 h1:p+2dgJjy+bk+B1Csz+mc2wl5gHwvNkC9QJV+w55LVrY= +k8s.io/apiserver v0.31.0/go.mod h1:KI9ox5Yu902iBnnyMmy7ajonhKnkeZYJhTZ/YI+WEMk= +k8s.io/client-go v0.31.0 h1:QqEJzNjbN2Yv1H79SsS+SWnXkBgVu4Pj3CJQgbx0gI8= +k8s.io/client-go v0.31.0/go.mod h1:Y9wvC76g4fLjmU0BA+rV+h2cncoadjvjjkkIGoTLcGU= +k8s.io/component-base v0.31.0 h1:/KIzGM5EvPNQcYgwq5NwoQBaOlVFrghoVGr8lG6vNRs= +k8s.io/component-base v0.31.0/go.mod h1:TYVuzI1QmN4L5ItVdMSXKvH7/DtvIuas5/mm8YT3rTo= +k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= +k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= +k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= +k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 h1:2770sDpzrjjsAtVhSeUFseziht227YAWYHLGNM8QPwY= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= +sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q= +sigs.k8s.io/controller-runtime v0.19.0/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= +sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= +sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/hack/boilerplate.go.txt b/hack/boilerplate.go.txt new file mode 100644 index 0000000..ff72ff2 --- /dev/null +++ b/hack/boilerplate.go.txt @@ -0,0 +1,15 @@ +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ \ No newline at end of file diff --git a/internal/controller/checker_controller.go b/internal/controller/checker_controller.go new file mode 100644 index 0000000..27c1601 --- /dev/null +++ b/internal/controller/checker_controller.go @@ -0,0 +1,63 @@ +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package controller + +import ( + "context" + + "k8s.io/apimachinery/pkg/runtime" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/log" + + checkerv1 "github.com/cloudification-io/github-checker-operator/api/v1" +) + +// CheckerReconciler reconciles a Checker object +type CheckerReconciler struct { + client.Client + Scheme *runtime.Scheme +} + +// +kubebuilder:rbac:groups=checker.cloudification.io,resources=checkers,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=checker.cloudification.io,resources=checkers/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=checker.cloudification.io,resources=checkers/finalizers,verbs=update + +// Reconcile is part of the main kubernetes reconciliation loop which aims to +// move the current state of the cluster closer to the desired state. +// TODO(user): Modify the Reconcile function to compare the state specified by +// the Checker object against the actual cluster state, and then +// perform operations to make the cluster state reflect the state specified by +// the user. +// +// For more details, check Reconcile and its Result here: +// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.19.0/pkg/reconcile +func (r *CheckerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { + _ = log.FromContext(ctx) + + // TODO(user): your logic here + log.Log.Info("Hello!") + + return ctrl.Result{}, nil +} + +// SetupWithManager sets up the controller with the Manager. +func (r *CheckerReconciler) SetupWithManager(mgr ctrl.Manager) error { + return ctrl.NewControllerManagedBy(mgr). + For(&checkerv1.Checker{}). + Complete(r) +} diff --git a/internal/controller/checker_controller_test.go b/internal/controller/checker_controller_test.go new file mode 100644 index 0000000..28b06ed --- /dev/null +++ b/internal/controller/checker_controller_test.go @@ -0,0 +1,84 @@ +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package controller + +import ( + "context" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/types" + "sigs.k8s.io/controller-runtime/pkg/reconcile" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + checkerv1 "github.com/cloudification-io/github-checker-operator/api/v1" +) + +var _ = Describe("Checker Controller", func() { + Context("When reconciling a resource", func() { + const resourceName = "test-resource" + + ctx := context.Background() + + typeNamespacedName := types.NamespacedName{ + Name: resourceName, + Namespace: "default", // TODO(user):Modify as needed + } + checker := &checkerv1.Checker{} + + BeforeEach(func() { + By("creating the custom resource for the Kind Checker") + err := k8sClient.Get(ctx, typeNamespacedName, checker) + if err != nil && errors.IsNotFound(err) { + resource := &checkerv1.Checker{ + ObjectMeta: metav1.ObjectMeta{ + Name: resourceName, + Namespace: "default", + }, + // TODO(user): Specify other spec details if needed. + } + Expect(k8sClient.Create(ctx, resource)).To(Succeed()) + } + }) + + AfterEach(func() { + // TODO(user): Cleanup logic after each test, like removing the resource instance. + resource := &checkerv1.Checker{} + err := k8sClient.Get(ctx, typeNamespacedName, resource) + Expect(err).NotTo(HaveOccurred()) + + By("Cleanup the specific resource instance Checker") + Expect(k8sClient.Delete(ctx, resource)).To(Succeed()) + }) + It("should successfully reconcile the resource", func() { + By("Reconciling the created resource") + controllerReconciler := &CheckerReconciler{ + Client: k8sClient, + Scheme: k8sClient.Scheme(), + } + + _, err := controllerReconciler.Reconcile(ctx, reconcile.Request{ + NamespacedName: typeNamespacedName, + }) + Expect(err).NotTo(HaveOccurred()) + // TODO(user): Add more specific assertions depending on your controller's reconciliation logic. + // Example: If you expect a certain status condition after reconciliation, verify it here. + }) + }) +}) diff --git a/internal/controller/suite_test.go b/internal/controller/suite_test.go new file mode 100644 index 0000000..bdb017a --- /dev/null +++ b/internal/controller/suite_test.go @@ -0,0 +1,96 @@ +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package controller + +import ( + "context" + "fmt" + "path/filepath" + "runtime" + "testing" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + + "k8s.io/client-go/kubernetes/scheme" + "k8s.io/client-go/rest" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/envtest" + logf "sigs.k8s.io/controller-runtime/pkg/log" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + checkerv1 "github.com/cloudification-io/github-checker-operator/api/v1" + // +kubebuilder:scaffold:imports +) + +// These tests use Ginkgo (BDD-style Go testing framework). Refer to +// http://onsi.github.io/ginkgo/ to learn more about Ginkgo. + +var cfg *rest.Config +var k8sClient client.Client +var testEnv *envtest.Environment +var ctx context.Context +var cancel context.CancelFunc + +func TestControllers(t *testing.T) { + RegisterFailHandler(Fail) + + RunSpecs(t, "Controller Suite") +} + +var _ = BeforeSuite(func() { + logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true))) + + ctx, cancel = context.WithCancel(context.TODO()) + + By("bootstrapping test environment") + testEnv = &envtest.Environment{ + CRDDirectoryPaths: []string{filepath.Join("..", "..", "config", "crd", "bases")}, + ErrorIfCRDPathMissing: true, + + // The BinaryAssetsDirectory is only required if you want to run the tests directly + // without call the makefile target test. If not informed it will look for the + // default path defined in controller-runtime which is /usr/local/kubebuilder/. + // Note that you must have the required binaries setup under the bin directory to perform + // the tests directly. When we run make test it will be setup and used automatically. + BinaryAssetsDirectory: filepath.Join("..", "..", "bin", "k8s", + fmt.Sprintf("1.31.0-%s-%s", runtime.GOOS, runtime.GOARCH)), + } + + var err error + // cfg is defined in this file globally. + cfg, err = testEnv.Start() + Expect(err).NotTo(HaveOccurred()) + Expect(cfg).NotTo(BeNil()) + + err = checkerv1.AddToScheme(scheme.Scheme) + Expect(err).NotTo(HaveOccurred()) + + // +kubebuilder:scaffold:scheme + + k8sClient, err = client.New(cfg, client.Options{Scheme: scheme.Scheme}) + Expect(err).NotTo(HaveOccurred()) + Expect(k8sClient).NotTo(BeNil()) + +}) + +var _ = AfterSuite(func() { + By("tearing down the test environment") + cancel() + err := testEnv.Stop() + Expect(err).NotTo(HaveOccurred()) +}) diff --git a/test/e2e/e2e_suite_test.go b/test/e2e/e2e_suite_test.go new file mode 100644 index 0000000..d2aa6ad --- /dev/null +++ b/test/e2e/e2e_suite_test.go @@ -0,0 +1,32 @@ +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package e2e + +import ( + "fmt" + "testing" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" +) + +// Run e2e tests using the Ginkgo runner. +func TestE2E(t *testing.T) { + RegisterFailHandler(Fail) + _, _ = fmt.Fprintf(GinkgoWriter, "Starting github-checker-operator suite\n") + RunSpecs(t, "e2e suite") +} diff --git a/test/e2e/e2e_test.go b/test/e2e/e2e_test.go new file mode 100644 index 0000000..4ecd9d5 --- /dev/null +++ b/test/e2e/e2e_test.go @@ -0,0 +1,122 @@ +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package e2e + +import ( + "fmt" + "os/exec" + "time" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + + "github.com/cloudification-io/github-checker-operator/test/utils" +) + +const namespace = "github-checker-operator-system" + +var _ = Describe("controller", Ordered, func() { + BeforeAll(func() { + By("installing prometheus operator") + Expect(utils.InstallPrometheusOperator()).To(Succeed()) + + By("installing the cert-manager") + Expect(utils.InstallCertManager()).To(Succeed()) + + By("creating manager namespace") + cmd := exec.Command("kubectl", "create", "ns", namespace) + _, _ = utils.Run(cmd) + }) + + AfterAll(func() { + By("uninstalling the Prometheus manager bundle") + utils.UninstallPrometheusOperator() + + By("uninstalling the cert-manager bundle") + utils.UninstallCertManager() + + By("removing manager namespace") + cmd := exec.Command("kubectl", "delete", "ns", namespace) + _, _ = utils.Run(cmd) + }) + + Context("Operator", func() { + It("should run successfully", func() { + var controllerPodName string + var err error + + // projectimage stores the name of the image used in the example + var projectimage = "example.com/github-checker-operator:v0.0.1" + + By("building the manager(Operator) image") + cmd := exec.Command("make", "docker-build", fmt.Sprintf("IMG=%s", projectimage)) + _, err = utils.Run(cmd) + ExpectWithOffset(1, err).NotTo(HaveOccurred()) + + By("loading the the manager(Operator) image on Kind") + err = utils.LoadImageToKindClusterWithName(projectimage) + ExpectWithOffset(1, err).NotTo(HaveOccurred()) + + By("installing CRDs") + cmd = exec.Command("make", "install") + _, err = utils.Run(cmd) + ExpectWithOffset(1, err).NotTo(HaveOccurred()) + + By("deploying the controller-manager") + cmd = exec.Command("make", "deploy", fmt.Sprintf("IMG=%s", projectimage)) + _, err = utils.Run(cmd) + ExpectWithOffset(1, err).NotTo(HaveOccurred()) + + By("validating that the controller-manager pod is running as expected") + verifyControllerUp := func() error { + // Get pod name + + cmd = exec.Command("kubectl", "get", + "pods", "-l", "control-plane=controller-manager", + "-o", "go-template={{ range .items }}"+ + "{{ if not .metadata.deletionTimestamp }}"+ + "{{ .metadata.name }}"+ + "{{ \"\\n\" }}{{ end }}{{ end }}", + "-n", namespace, + ) + + podOutput, err := utils.Run(cmd) + ExpectWithOffset(2, err).NotTo(HaveOccurred()) + podNames := utils.GetNonEmptyLines(string(podOutput)) + if len(podNames) != 1 { + return fmt.Errorf("expect 1 controller pods running, but got %d", len(podNames)) + } + controllerPodName = podNames[0] + ExpectWithOffset(2, controllerPodName).Should(ContainSubstring("controller-manager")) + + // Validate pod status + cmd = exec.Command("kubectl", "get", + "pods", controllerPodName, "-o", "jsonpath={.status.phase}", + "-n", namespace, + ) + status, err := utils.Run(cmd) + ExpectWithOffset(2, err).NotTo(HaveOccurred()) + if string(status) != "Running" { + return fmt.Errorf("controller pod in %s status", status) + } + return nil + } + EventuallyWithOffset(1, verifyControllerUp, time.Minute, time.Second).Should(Succeed()) + + }) + }) +}) diff --git a/test/utils/utils.go b/test/utils/utils.go new file mode 100644 index 0000000..6b96ab5 --- /dev/null +++ b/test/utils/utils.go @@ -0,0 +1,140 @@ +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package utils + +import ( + "fmt" + "os" + "os/exec" + "strings" + + . "github.com/onsi/ginkgo/v2" //nolint:golint,revive +) + +const ( + prometheusOperatorVersion = "v0.72.0" + prometheusOperatorURL = "https://github.com/prometheus-operator/prometheus-operator/" + + "releases/download/%s/bundle.yaml" + + certmanagerVersion = "v1.14.4" + certmanagerURLTmpl = "https://github.com/jetstack/cert-manager/releases/download/%s/cert-manager.yaml" +) + +func warnError(err error) { + _, _ = fmt.Fprintf(GinkgoWriter, "warning: %v\n", err) +} + +// InstallPrometheusOperator installs the prometheus Operator to be used to export the enabled metrics. +func InstallPrometheusOperator() error { + url := fmt.Sprintf(prometheusOperatorURL, prometheusOperatorVersion) + cmd := exec.Command("kubectl", "create", "-f", url) + _, err := Run(cmd) + return err +} + +// Run executes the provided command within this context +func Run(cmd *exec.Cmd) ([]byte, error) { + dir, _ := GetProjectDir() + cmd.Dir = dir + + if err := os.Chdir(cmd.Dir); err != nil { + _, _ = fmt.Fprintf(GinkgoWriter, "chdir dir: %s\n", err) + } + + cmd.Env = append(os.Environ(), "GO111MODULE=on") + command := strings.Join(cmd.Args, " ") + _, _ = fmt.Fprintf(GinkgoWriter, "running: %s\n", command) + output, err := cmd.CombinedOutput() + if err != nil { + return output, fmt.Errorf("%s failed with error: (%v) %s", command, err, string(output)) + } + + return output, nil +} + +// UninstallPrometheusOperator uninstalls the prometheus +func UninstallPrometheusOperator() { + url := fmt.Sprintf(prometheusOperatorURL, prometheusOperatorVersion) + cmd := exec.Command("kubectl", "delete", "-f", url) + if _, err := Run(cmd); err != nil { + warnError(err) + } +} + +// UninstallCertManager uninstalls the cert manager +func UninstallCertManager() { + url := fmt.Sprintf(certmanagerURLTmpl, certmanagerVersion) + cmd := exec.Command("kubectl", "delete", "-f", url) + if _, err := Run(cmd); err != nil { + warnError(err) + } +} + +// InstallCertManager installs the cert manager bundle. +func InstallCertManager() error { + url := fmt.Sprintf(certmanagerURLTmpl, certmanagerVersion) + cmd := exec.Command("kubectl", "apply", "-f", url) + if _, err := Run(cmd); err != nil { + return err + } + // Wait for cert-manager-webhook to be ready, which can take time if cert-manager + // was re-installed after uninstalling on a cluster. + cmd = exec.Command("kubectl", "wait", "deployment.apps/cert-manager-webhook", + "--for", "condition=Available", + "--namespace", "cert-manager", + "--timeout", "5m", + ) + + _, err := Run(cmd) + return err +} + +// LoadImageToKindClusterWithName loads a local docker image to the kind cluster +func LoadImageToKindClusterWithName(name string) error { + cluster := "kind" + if v, ok := os.LookupEnv("KIND_CLUSTER"); ok { + cluster = v + } + kindOptions := []string{"load", "docker-image", name, "--name", cluster} + cmd := exec.Command("kind", kindOptions...) + _, err := Run(cmd) + return err +} + +// GetNonEmptyLines converts given command output string into individual objects +// according to line breakers, and ignores the empty elements in it. +func GetNonEmptyLines(output string) []string { + var res []string + elements := strings.Split(output, "\n") + for _, element := range elements { + if element != "" { + res = append(res, element) + } + } + + return res +} + +// GetProjectDir will return the directory where the project is +func GetProjectDir() (string, error) { + wd, err := os.Getwd() + if err != nil { + return wd, err + } + wd = strings.Replace(wd, "/test/e2e", "", -1) + return wd, nil +} From fe5cc52234baf038d8b67fce79973f5b08a9d4f3 Mon Sep 17 00:00:00 2001 From: Patryk Rostkowski Date: Thu, 26 Sep 2024 16:13:31 +0200 Subject: [PATCH 02/24] Handle creation of cronjobs based on checker CRD --- api/v1/checker_types.go | 4 +- .../checker.cloudification.io_checkers.yaml | 9 +- example/example.yaml | 3 +- internal/controller/checker_controller.go | 83 ++++++++++++++++++- 4 files changed, 95 insertions(+), 4 deletions(-) diff --git a/api/v1/checker_types.go b/api/v1/checker_types.go index 594fb1c..b1ef4d3 100644 --- a/api/v1/checker_types.go +++ b/api/v1/checker_types.go @@ -29,13 +29,15 @@ type CheckerSpec struct { // Important: Run "make" to regenerate code after modifying this file // Foo is an example field of Checker. Edit checker_types.go to remove/update - Foo string `json:"foo,omitempty"` + TargetURL string `json:"targetUrl"` } // CheckerStatus defines the observed state of Checker type CheckerStatus struct { // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster // Important: Run "make" to regenerate code after modifying this file + + TargetStatus string `json:"targetStatus"` } // +kubebuilder:object:root=true diff --git a/config/crd/bases/checker.cloudification.io_checkers.yaml b/config/crd/bases/checker.cloudification.io_checkers.yaml index c6889d7..57b06ae 100644 --- a/config/crd/bases/checker.cloudification.io_checkers.yaml +++ b/config/crd/bases/checker.cloudification.io_checkers.yaml @@ -39,13 +39,20 @@ spec: spec: description: CheckerSpec defines the desired state of Checker properties: - foo: + targetUrl: description: Foo is an example field of Checker. Edit checker_types.go to remove/update type: string + required: + - targetUrl type: object status: description: CheckerStatus defines the observed state of Checker + properties: + targetStatus: + type: string + required: + - targetStatus type: object type: object served: true diff --git a/example/example.yaml b/example/example.yaml index c645a16..adfb827 100644 --- a/example/example.yaml +++ b/example/example.yaml @@ -4,4 +4,5 @@ metadata: labels: app.kubernetes.io/name: test name: test -spec: \ No newline at end of file +spec: + targetUrl: https://github.com/ \ No newline at end of file diff --git a/internal/controller/checker_controller.go b/internal/controller/checker_controller.go index 27c1601..98f33f5 100644 --- a/internal/controller/checker_controller.go +++ b/internal/controller/checker_controller.go @@ -20,11 +20,20 @@ import ( "context" "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/types" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" "sigs.k8s.io/controller-runtime/pkg/log" checkerv1 "github.com/cloudification-io/github-checker-operator/api/v1" + batchv1 "k8s.io/api/batch/v1" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +var ( + globalName = "checker" ) // CheckerReconciler reconciles a Checker object @@ -50,11 +59,83 @@ func (r *CheckerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct _ = log.FromContext(ctx) // TODO(user): your logic here - log.Log.Info("Hello!") + + // Retrieve the Checker resource (CRD) + checker := &checkerv1.Checker{} + if err := r.Get(ctx, req.NamespacedName, checker); err != nil { + return ctrl.Result{}, client.IgnoreNotFound(err) + } + + cronJob := &batchv1.CronJob{} + cronJobName := types.NamespacedName{Name: globalName, Namespace: req.Namespace} + + if err := r.Get(ctx, cronJobName, cronJob); err != nil { + if client.IgnoreNotFound(err) != nil { + return ctrl.Result{}, err + } + + log.Log.Info("Creating CronJob for Checker", "Checker.Name", checker.Name) + + newCronJob := &batchv1.CronJob{ + ObjectMeta: metav1.ObjectMeta{ + Name: globalName, + Namespace: req.Namespace, + Labels: map[string]string{ + "app": "curl-checker", + }, + }, + Spec: batchv1.CronJobSpec{ + Schedule: "* * * * *", + ConcurrencyPolicy: batchv1.ForbidConcurrent, + SuccessfulJobsHistoryLimit: int32Ptr(1), + FailedJobsHistoryLimit: int32Ptr(1), + JobTemplate: batchv1.JobTemplateSpec{ + Spec: batchv1.JobSpec{ + Template: corev1.PodTemplateSpec{ + Spec: corev1.PodSpec{ + Containers: []corev1.Container{ + { + Name: "curl", + Image: "curlimages/curl:latest", + Env: []corev1.EnvVar{ + { + Name: "TARGET_URL", + Value: checker.Spec.TargetURL, + }, + }, + Command: []string{"sh", "-c"}, + Args: []string{ + "curl -o /dev/null -s -w \"%{http_code}\" ${TARGET_URL}", + }, + }, + }, + RestartPolicy: corev1.RestartPolicyNever, + }, + }, + }, + }, + }, + } + + if err := controllerutil.SetControllerReference(checker, newCronJob, r.Scheme); err != nil { + return ctrl.Result{}, err + } + + if err := r.Create(ctx, newCronJob); err != nil { + return ctrl.Result{}, err + } + log.Log.Info("CronJob created successfully", "CronJob.Name", newCronJob.Name) + } else { + log.Log.Info("CronJob already exists", "CronJob.Name", cronJob.Name) + } return ctrl.Result{}, nil } +func int32Ptr(i int32) *int32 { + return &i +} + // SetupWithManager sets up the controller with the Manager. func (r *CheckerReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). From 4937049d697b6fd610c95e1a811b779c5e59f0bc Mon Sep 17 00:00:00 2001 From: Patryk Rostkowski Date: Thu, 26 Sep 2024 16:20:21 +0200 Subject: [PATCH 03/24] use CRD name when creating cronjob resources --- example/example.yaml | 4 ++-- example/example2.yaml | 8 ++++++++ internal/controller/checker_controller.go | 8 ++------ 3 files changed, 12 insertions(+), 8 deletions(-) create mode 100644 example/example2.yaml diff --git a/example/example.yaml b/example/example.yaml index adfb827..6843be1 100644 --- a/example/example.yaml +++ b/example/example.yaml @@ -2,7 +2,7 @@ apiVersion: checker.cloudification.io/v1 kind: Checker metadata: labels: - app.kubernetes.io/name: test - name: test + app.kubernetes.io/name: githubbing + name: githubbing spec: targetUrl: https://github.com/ \ No newline at end of file diff --git a/example/example2.yaml b/example/example2.yaml new file mode 100644 index 0000000..d756aea --- /dev/null +++ b/example/example2.yaml @@ -0,0 +1,8 @@ +apiVersion: checker.cloudification.io/v1 +kind: Checker +metadata: + labels: + app.kubernetes.io/name: amazing + name: amazing +spec: + targetUrl: https://www.amazon.com/ \ No newline at end of file diff --git a/internal/controller/checker_controller.go b/internal/controller/checker_controller.go index 98f33f5..513417d 100644 --- a/internal/controller/checker_controller.go +++ b/internal/controller/checker_controller.go @@ -32,10 +32,6 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) -var ( - globalName = "checker" -) - // CheckerReconciler reconciles a Checker object type CheckerReconciler struct { client.Client @@ -67,7 +63,7 @@ func (r *CheckerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct } cronJob := &batchv1.CronJob{} - cronJobName := types.NamespacedName{Name: globalName, Namespace: req.Namespace} + cronJobName := types.NamespacedName{Name: checker.ObjectMeta.Name, Namespace: req.Namespace} if err := r.Get(ctx, cronJobName, cronJob); err != nil { if client.IgnoreNotFound(err) != nil { @@ -78,7 +74,7 @@ func (r *CheckerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct newCronJob := &batchv1.CronJob{ ObjectMeta: metav1.ObjectMeta{ - Name: globalName, + Name: checker.ObjectMeta.Name, Namespace: req.Namespace, Labels: map[string]string{ "app": "curl-checker", From eace34bd0f918ab744820a4c4f60de0439c91e0f Mon Sep 17 00:00:00 2001 From: Patryk Rostkowski Date: Fri, 27 Sep 2024 19:10:38 +0200 Subject: [PATCH 04/24] change int32 helper function to global variable --- internal/controller/checker_controller.go | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/internal/controller/checker_controller.go b/internal/controller/checker_controller.go index 513417d..5fea961 100644 --- a/internal/controller/checker_controller.go +++ b/internal/controller/checker_controller.go @@ -32,6 +32,8 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) +var cronJobLimitPointer int32 = 0 + // CheckerReconciler reconciles a Checker object type CheckerReconciler struct { client.Client @@ -55,6 +57,7 @@ func (r *CheckerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct _ = log.FromContext(ctx) // TODO(user): your logic here + log.Log.Info("Trigger reconcile:", "req.NamespacedName", req.NamespacedName) // Retrieve the Checker resource (CRD) checker := &checkerv1.Checker{} @@ -82,9 +85,9 @@ func (r *CheckerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct }, Spec: batchv1.CronJobSpec{ Schedule: "* * * * *", - ConcurrencyPolicy: batchv1.ForbidConcurrent, - SuccessfulJobsHistoryLimit: int32Ptr(1), - FailedJobsHistoryLimit: int32Ptr(1), + ConcurrencyPolicy: batchv1.ReplaceConcurrent, + SuccessfulJobsHistoryLimit: &cronJobLimitPointer, + FailedJobsHistoryLimit: &cronJobLimitPointer, JobTemplate: batchv1.JobTemplateSpec{ Spec: batchv1.JobSpec{ Template: corev1.PodTemplateSpec{ @@ -128,10 +131,6 @@ func (r *CheckerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct return ctrl.Result{}, nil } -func int32Ptr(i int32) *int32 { - return &i -} - // SetupWithManager sets up the controller with the Manager. func (r *CheckerReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). From eb969046fe509064da88ae5b3b5c2163d2161db6 Mon Sep 17 00:00:00 2001 From: Patryk Rostkowski Date: Fri, 27 Sep 2024 19:48:38 +0200 Subject: [PATCH 05/24] handle updating CRD status --- internal/controller/checker_controller.go | 41 ++++++++++++++++++++--- 1 file changed, 36 insertions(+), 5 deletions(-) diff --git a/internal/controller/checker_controller.go b/internal/controller/checker_controller.go index 5fea961..decf5bd 100644 --- a/internal/controller/checker_controller.go +++ b/internal/controller/checker_controller.go @@ -18,6 +18,7 @@ package controller import ( "context" + "time" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" @@ -32,7 +33,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) -var cronJobLimitPointer int32 = 0 +var cronJobLimitPointer int32 = 1 // CheckerReconciler reconciles a Checker object type CheckerReconciler struct { @@ -79,9 +80,6 @@ func (r *CheckerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct ObjectMeta: metav1.ObjectMeta{ Name: checker.ObjectMeta.Name, Namespace: req.Namespace, - Labels: map[string]string{ - "app": "curl-checker", - }, }, Spec: batchv1.CronJobSpec{ Schedule: "* * * * *", @@ -124,8 +122,39 @@ func (r *CheckerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct return ctrl.Result{}, err } log.Log.Info("CronJob created successfully", "CronJob.Name", newCronJob.Name) + + return ctrl.Result{Requeue: true, RequeueAfter: 10 * time.Second}, nil } else { - log.Log.Info("CronJob already exists", "CronJob.Name", cronJob.Name) + if cronJob.Spec.JobTemplate.Spec.Template.Spec.Containers[0].Env[0].Value != checker.Spec.TargetURL { + cronJob.Spec.JobTemplate.Spec.Template.Spec.Containers[0].Env[0].Value = checker.Spec.TargetURL + if err := r.Update(ctx, cronJob); err != nil { + return ctrl.Result{}, err + } + log.Log.Info("CronJob updated successfully", "CronJob.Name", cronJob.Name) + + return ctrl.Result{Requeue: true, RequeueAfter: 10 * time.Second}, nil + } + } + + jobList := &batchv1.JobList{} + if err := r.List(ctx, jobList, client.InNamespace(req.Namespace)); err != nil { + return ctrl.Result{}, err + } + + for _, job := range jobList.Items { + log.Log.Info("Job:", "job", job.ObjectMeta.OwnerReferences) + if job.Status.Succeeded > 0 { + log.Log.Info("Job completed successfully", "Job.Name", job.Name) + checker.Status.TargetStatus = "Ok" + } else { + log.Log.Info("Job failed", "Job.Name", job.Name) + checker.Status.TargetStatus = "Not Ok" + } + } + + if err := r.Status().Update(ctx, checker); err != nil { + log.Log.Error(err, "unable to update CronJob status") + return ctrl.Result{}, err } return ctrl.Result{}, nil @@ -135,5 +164,7 @@ func (r *CheckerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct func (r *CheckerReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). For(&checkerv1.Checker{}). + Owns(&batchv1.CronJob{}). + Owns(&batchv1.Job{}). Complete(r) } From d0931ea2d6f2de374309aa047371f8c93bce399e Mon Sep 17 00:00:00 2001 From: Patryk Rostkowski Date: Fri, 27 Sep 2024 20:02:18 +0200 Subject: [PATCH 06/24] setup status fetching from pod logs with very bad logic --- internal/controller/checker_controller.go | 25 +++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/internal/controller/checker_controller.go b/internal/controller/checker_controller.go index decf5bd..1c1c072 100644 --- a/internal/controller/checker_controller.go +++ b/internal/controller/checker_controller.go @@ -33,7 +33,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) -var cronJobLimitPointer int32 = 1 +var cronJobLimitPointer int32 = 0 // CheckerReconciler reconciles a Checker object type CheckerReconciler struct { @@ -142,7 +142,6 @@ func (r *CheckerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct } for _, job := range jobList.Items { - log.Log.Info("Job:", "job", job.ObjectMeta.OwnerReferences) if job.Status.Succeeded > 0 { log.Log.Info("Job completed successfully", "Job.Name", job.Name) checker.Status.TargetStatus = "Ok" @@ -150,6 +149,24 @@ func (r *CheckerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct log.Log.Info("Job failed", "Job.Name", job.Name) checker.Status.TargetStatus = "Not Ok" } + + podList := &corev1.PodList{} + if err := r.List(ctx, podList, client.InNamespace(req.Namespace)); err != nil { + log.Log.Error(err, "Unable to list Pods for Job", "Job.Name", job.Name) + continue + } + + for _, pod := range podList.Items { + log.Log.Info("Fetching logs for Pod", "Pod.Name", pod.Name) + podLogs, err := r.getPodLogs(ctx, pod) + if err != nil { + log.Log.Error(err, "Unable to get logs for Pod", "Pod.Name", pod.Name) + checker.Status.TargetStatus = "Unknown" + } else { + log.Log.Info("Pod Logs", "Pod.Name", pod.Name, "Logs", podLogs) + checker.Status.TargetStatus = podLogs + } + } } if err := r.Status().Update(ctx, checker); err != nil { @@ -160,6 +177,10 @@ func (r *CheckerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct return ctrl.Result{}, nil } +func (r *CheckerReconciler) getPodLogs(ctx context.Context, pod corev1.Pod) (string, error) { + return "200", nil +} + // SetupWithManager sets up the controller with the Manager. func (r *CheckerReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). From 8764295ba588795fed3d8a21af4aa2da60aa3e12 Mon Sep 17 00:00:00 2001 From: Patryk Rostkowski Date: Fri, 27 Sep 2024 20:21:31 +0200 Subject: [PATCH 07/24] add custom field to checkers CRD when running kubectl get --- api/v1/checker_types.go | 1 + config/crd/bases/checker.cloudification.io_checkers.yaml | 7 ++++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/api/v1/checker_types.go b/api/v1/checker_types.go index b1ef4d3..496d8c1 100644 --- a/api/v1/checker_types.go +++ b/api/v1/checker_types.go @@ -42,6 +42,7 @@ type CheckerStatus struct { // +kubebuilder:object:root=true // +kubebuilder:subresource:status +// +kubebuilder:printcolumn:name="Target Status",type=string,JSONPath=".status.targetStatus",description="The current target status" // Checker is the Schema for the checkers API type Checker struct { diff --git a/config/crd/bases/checker.cloudification.io_checkers.yaml b/config/crd/bases/checker.cloudification.io_checkers.yaml index 57b06ae..719c108 100644 --- a/config/crd/bases/checker.cloudification.io_checkers.yaml +++ b/config/crd/bases/checker.cloudification.io_checkers.yaml @@ -14,7 +14,12 @@ spec: singular: checker scope: Namespaced versions: - - name: v1 + - additionalPrinterColumns: + - description: The current target status + jsonPath: .status.targetStatus + name: Target Status + type: string + name: v1 schema: openAPIV3Schema: description: Checker is the Schema for the checkers API From 54a4aa261d1ee5c23459594d04b6b27419028cd4 Mon Sep 17 00:00:00 2001 From: Patryk Rostkowski Date: Sun, 29 Sep 2024 18:04:46 +0200 Subject: [PATCH 08/24] clean up reconcile logic, prepare for fetching logs when updating target status --- example/example.yaml | 3 +- internal/controller/checker_controller.go | 124 +------------------ internal/controller/utils.go | 142 ++++++++++++++++++++++ 3 files changed, 149 insertions(+), 120 deletions(-) create mode 100644 internal/controller/utils.go diff --git a/example/example.yaml b/example/example.yaml index 6843be1..90d3704 100644 --- a/example/example.yaml +++ b/example/example.yaml @@ -4,5 +4,6 @@ metadata: labels: app.kubernetes.io/name: githubbing name: githubbing + namespace: checker spec: - targetUrl: https://github.com/ \ No newline at end of file + targetUrl: https://github.com/ diff --git a/internal/controller/checker_controller.go b/internal/controller/checker_controller.go index 1c1c072..a3aff4a 100644 --- a/internal/controller/checker_controller.go +++ b/internal/controller/checker_controller.go @@ -18,23 +18,16 @@ package controller import ( "context" - "time" + corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/types" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" "sigs.k8s.io/controller-runtime/pkg/log" checkerv1 "github.com/cloudification-io/github-checker-operator/api/v1" - batchv1 "k8s.io/api/batch/v1" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) -var cronJobLimitPointer int32 = 0 - // CheckerReconciler reconciles a Checker object type CheckerReconciler struct { client.Client @@ -66,126 +59,19 @@ func (r *CheckerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct return ctrl.Result{}, client.IgnoreNotFound(err) } - cronJob := &batchv1.CronJob{} - cronJobName := types.NamespacedName{Name: checker.ObjectMeta.Name, Namespace: req.Namespace} - - if err := r.Get(ctx, cronJobName, cronJob); err != nil { - if client.IgnoreNotFound(err) != nil { - return ctrl.Result{}, err - } - - log.Log.Info("Creating CronJob for Checker", "Checker.Name", checker.Name) - - newCronJob := &batchv1.CronJob{ - ObjectMeta: metav1.ObjectMeta{ - Name: checker.ObjectMeta.Name, - Namespace: req.Namespace, - }, - Spec: batchv1.CronJobSpec{ - Schedule: "* * * * *", - ConcurrencyPolicy: batchv1.ReplaceConcurrent, - SuccessfulJobsHistoryLimit: &cronJobLimitPointer, - FailedJobsHistoryLimit: &cronJobLimitPointer, - JobTemplate: batchv1.JobTemplateSpec{ - Spec: batchv1.JobSpec{ - Template: corev1.PodTemplateSpec{ - Spec: corev1.PodSpec{ - Containers: []corev1.Container{ - { - Name: "curl", - Image: "curlimages/curl:latest", - Env: []corev1.EnvVar{ - { - Name: "TARGET_URL", - Value: checker.Spec.TargetURL, - }, - }, - Command: []string{"sh", "-c"}, - Args: []string{ - "curl -o /dev/null -s -w \"%{http_code}\" ${TARGET_URL}", - }, - }, - }, - RestartPolicy: corev1.RestartPolicyNever, - }, - }, - }, - }, - }, - } - - if err := controllerutil.SetControllerReference(checker, newCronJob, r.Scheme); err != nil { - return ctrl.Result{}, err - } - - if err := r.Create(ctx, newCronJob); err != nil { - return ctrl.Result{}, err - } - log.Log.Info("CronJob created successfully", "CronJob.Name", newCronJob.Name) - - return ctrl.Result{Requeue: true, RequeueAfter: 10 * time.Second}, nil - } else { - if cronJob.Spec.JobTemplate.Spec.Template.Spec.Containers[0].Env[0].Value != checker.Spec.TargetURL { - cronJob.Spec.JobTemplate.Spec.Template.Spec.Containers[0].Env[0].Value = checker.Spec.TargetURL - if err := r.Update(ctx, cronJob); err != nil { - return ctrl.Result{}, err - } - log.Log.Info("CronJob updated successfully", "CronJob.Name", cronJob.Name) - - return ctrl.Result{Requeue: true, RequeueAfter: 10 * time.Second}, nil - } - } - - jobList := &batchv1.JobList{} - if err := r.List(ctx, jobList, client.InNamespace(req.Namespace)); err != nil { - return ctrl.Result{}, err - } + r.PatchResources(ctx, &req, checker) - for _, job := range jobList.Items { - if job.Status.Succeeded > 0 { - log.Log.Info("Job completed successfully", "Job.Name", job.Name) - checker.Status.TargetStatus = "Ok" - } else { - log.Log.Info("Job failed", "Job.Name", job.Name) - checker.Status.TargetStatus = "Not Ok" - } - - podList := &corev1.PodList{} - if err := r.List(ctx, podList, client.InNamespace(req.Namespace)); err != nil { - log.Log.Error(err, "Unable to list Pods for Job", "Job.Name", job.Name) - continue - } - - for _, pod := range podList.Items { - log.Log.Info("Fetching logs for Pod", "Pod.Name", pod.Name) - podLogs, err := r.getPodLogs(ctx, pod) - if err != nil { - log.Log.Error(err, "Unable to get logs for Pod", "Pod.Name", pod.Name) - checker.Status.TargetStatus = "Unknown" - } else { - log.Log.Info("Pod Logs", "Pod.Name", pod.Name, "Logs", podLogs) - checker.Status.TargetStatus = podLogs - } - } - } + r.CreateResources(ctx, &req, checker) - if err := r.Status().Update(ctx, checker); err != nil { - log.Log.Error(err, "unable to update CronJob status") - return ctrl.Result{}, err - } + r.UpdateStatus(ctx, req, checker) return ctrl.Result{}, nil } -func (r *CheckerReconciler) getPodLogs(ctx context.Context, pod corev1.Pod) (string, error) { - return "200", nil -} - // SetupWithManager sets up the controller with the Manager. func (r *CheckerReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). For(&checkerv1.Checker{}). - Owns(&batchv1.CronJob{}). - Owns(&batchv1.Job{}). + Owns(&corev1.Pod{}). Complete(r) } diff --git a/internal/controller/utils.go b/internal/controller/utils.go new file mode 100644 index 0000000..95c1264 --- /dev/null +++ b/internal/controller/utils.go @@ -0,0 +1,142 @@ +package controller + +import ( + "context" + "time" + + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" + "sigs.k8s.io/controller-runtime/pkg/log" + + checkerv1 "github.com/cloudification-io/github-checker-operator/api/v1" + batchv1 "k8s.io/api/batch/v1" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +var cronJobLimitPointer int32 = 1 + +func (r *CheckerReconciler) RenderCronJob(req *ctrl.Request, checker *checkerv1.Checker) *batchv1.CronJob { + thisCronJob := &batchv1.CronJob{ + ObjectMeta: metav1.ObjectMeta{ + Name: checker.ObjectMeta.Name, + Namespace: req.Namespace, + }, + Spec: batchv1.CronJobSpec{ + Schedule: "* * * * *", + ConcurrencyPolicy: batchv1.ReplaceConcurrent, + SuccessfulJobsHistoryLimit: &cronJobLimitPointer, + FailedJobsHistoryLimit: &cronJobLimitPointer, + JobTemplate: batchv1.JobTemplateSpec{ + Spec: batchv1.JobSpec{ + Template: corev1.PodTemplateSpec{ + Spec: corev1.PodSpec{ + Containers: []corev1.Container{ + { + Name: "curl", + Image: "curlimages/curl:latest", + Env: []corev1.EnvVar{ + { + Name: "TARGET_URL", + Value: checker.Spec.TargetURL, + }, + }, + Command: []string{"sh", "-c"}, + Args: []string{ + "curl -o /dev/null -s -w \"%{http_code}\" ${TARGET_URL}", + }, + }, + }, + RestartPolicy: corev1.RestartPolicyNever, + }, + }, + }, + }, + }, + } + return thisCronJob +} + +func (r *CheckerReconciler) CreateResources(ctx context.Context, req *ctrl.Request, checker *checkerv1.Checker) (ctrl.Result, error) { + newCronJob := r.RenderCronJob(req, checker) + + if err := controllerutil.SetControllerReference(checker, newCronJob, r.Scheme); err != nil { + return ctrl.Result{}, err + } + + if err := r.Create(ctx, newCronJob); err != nil { + return ctrl.Result{}, err + } + + log.Log.Info("CronJob created successfully", "CronJob.Name", newCronJob.Name) + + return ctrl.Result{}, nil +} + +func (r *CheckerReconciler) PatchResources(ctx context.Context, req *ctrl.Request, checker *checkerv1.Checker) (ctrl.Result, error) { + cronJob := &batchv1.CronJob{} + if err := r.Get(ctx, req.NamespacedName, cronJob); err != nil { + return ctrl.Result{}, client.IgnoreNotFound(err) + } + + if cronJob == r.RenderCronJob(req, checker) { + return ctrl.Result{}, nil + } + + cronJob.Spec.JobTemplate.Spec.Template.Spec.Containers[0].Env[0].Value = checker.Spec.TargetURL + if err := r.Update(ctx, cronJob); err != nil { + return ctrl.Result{}, err + } + log.Log.Info("CronJob updated successfully", "CronJob.Name", cronJob.Name) + + return ctrl.Result{Requeue: true, RequeueAfter: 10 * time.Second}, nil +} + +func (r *CheckerReconciler) UpdateStatus(ctx context.Context, req ctrl.Request, checker *checkerv1.Checker) (ctrl.Result, error) { + jobList := &batchv1.JobList{} + if err := r.List(ctx, jobList, client.InNamespace(req.Namespace)); err != nil { + return ctrl.Result{}, err + } + + for _, job := range jobList.Items { + if job.Status.Succeeded > 0 { + // log.Log.Info("Job completed successfully", "Job.Name", job.Name) + checker.Status.TargetStatus = "Ok" + } else { + // log.Log.Info("Job failed", "Job.Name", job.Name) + checker.Status.TargetStatus = "Not Ok" + } + + podList := &corev1.PodList{} + if err := r.List(ctx, podList, client.InNamespace(req.Namespace)); err != nil { + // log.Log.Error(err, "Unable to list Pods for Job", "Job.Name", job.Name) + continue + } + + for _, pod := range podList.Items { + // log.Log.Info("Fetching logs for Pod", "Pod.Name", pod.Name) + podLogs, err := r.getPodLogs(ctx, pod) + if err != nil { + // log.Log.Error(err, "Unable to get logs for Pod", "Pod.Name", pod.Name) + checker.Status.TargetStatus = "Unknown" + } else { + log.Log.Info("Pod Logs", "Pod.Name", pod.Name, "Logs", podLogs) + checker.Status.TargetStatus = podLogs + } + } + } + + if err := r.Status().Update(ctx, checker); err != nil { + // log.Log.Error(err, "unable to update CronJob status") + return ctrl.Result{}, err + } + + log.Log.Info("Status updated successfully", "Checker.Name", checker.Name) + + return ctrl.Result{}, nil +} + +func (r *CheckerReconciler) getPodLogs(ctx context.Context, pod corev1.Pod) (string, error) { + return "200", nil +} From e0faf82eaa93908a002428f7b90a0e216ddb1064 Mon Sep 17 00:00:00 2001 From: Patryk Rostkowski Date: Sun, 29 Sep 2024 19:10:50 +0200 Subject: [PATCH 09/24] add configMap integration --- internal/controller/utils.go | 64 ++++++++++++++++++++++++++++-------- 1 file changed, 50 insertions(+), 14 deletions(-) diff --git a/internal/controller/utils.go b/internal/controller/utils.go index 95c1264..7b16877 100644 --- a/internal/controller/utils.go +++ b/internal/controller/utils.go @@ -16,12 +16,29 @@ import ( ) var cronJobLimitPointer int32 = 1 +var commonLabelKey string = "cloudification.io/checker" + +func (r *CheckerReconciler) RenderConfigMap(req *ctrl.Request, checker *checkerv1.Checker) *corev1.ConfigMap { + thisConfigMap := &corev1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: checker.ObjectMeta.Name, + Namespace: req.Namespace, + }, + Data: map[string]string{ + "TARGET_URL": checker.Spec.TargetURL, + }, + } + return thisConfigMap +} func (r *CheckerReconciler) RenderCronJob(req *ctrl.Request, checker *checkerv1.Checker) *batchv1.CronJob { thisCronJob := &batchv1.CronJob{ ObjectMeta: metav1.ObjectMeta{ Name: checker.ObjectMeta.Name, Namespace: req.Namespace, + Labels: map[string]string{ + commonLabelKey: checker.ObjectMeta.Name, + }, }, Spec: batchv1.CronJobSpec{ Schedule: "* * * * *", @@ -31,15 +48,23 @@ func (r *CheckerReconciler) RenderCronJob(req *ctrl.Request, checker *checkerv1. JobTemplate: batchv1.JobTemplateSpec{ Spec: batchv1.JobSpec{ Template: corev1.PodTemplateSpec{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{ + commonLabelKey: checker.ObjectMeta.Name, + }, + }, Spec: corev1.PodSpec{ Containers: []corev1.Container{ { Name: "curl", Image: "curlimages/curl:latest", - Env: []corev1.EnvVar{ + EnvFrom: []corev1.EnvFromSource{ { - Name: "TARGET_URL", - Value: checker.Spec.TargetURL, + ConfigMapRef: &corev1.ConfigMapEnvSource{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: checker.ObjectMeta.Name, + }, + }, }, }, Command: []string{"sh", "-c"}, @@ -59,33 +84,44 @@ func (r *CheckerReconciler) RenderCronJob(req *ctrl.Request, checker *checkerv1. } func (r *CheckerReconciler) CreateResources(ctx context.Context, req *ctrl.Request, checker *checkerv1.Checker) (ctrl.Result, error) { - newCronJob := r.RenderCronJob(req, checker) - - if err := controllerutil.SetControllerReference(checker, newCronJob, r.Scheme); err != nil { + newConfigMap := r.RenderConfigMap(req, checker) + if err := r.Create(ctx, newConfigMap); err != nil { return ctrl.Result{}, err } + if err := controllerutil.SetControllerReference(checker, newConfigMap, r.Scheme); err != nil { + return ctrl.Result{}, err + } + log.Log.Info("CronJob created successfully", "ConfigMap.Name", newConfigMap.Name) + newCronJob := r.RenderCronJob(req, checker) if err := r.Create(ctx, newCronJob); err != nil { return ctrl.Result{}, err } - + if err := controllerutil.SetControllerReference(checker, newCronJob, r.Scheme); err != nil { + return ctrl.Result{}, err + } log.Log.Info("CronJob created successfully", "CronJob.Name", newCronJob.Name) return ctrl.Result{}, nil } func (r *CheckerReconciler) PatchResources(ctx context.Context, req *ctrl.Request, checker *checkerv1.Checker) (ctrl.Result, error) { - cronJob := &batchv1.CronJob{} - if err := r.Get(ctx, req.NamespacedName, cronJob); err != nil { + configMap := &corev1.ConfigMap{} + if err := r.Get(ctx, req.NamespacedName, configMap); err != nil { return ctrl.Result{}, client.IgnoreNotFound(err) } - - if cronJob == r.RenderCronJob(req, checker) { - return ctrl.Result{}, nil + patchConfigMap := r.RenderConfigMap(req, checker) + if err := r.Update(ctx, patchConfigMap); err != nil { + return ctrl.Result{}, err } + log.Log.Info("ConfigMap updated successfully", "ConfigMap.Name", configMap.Name) - cronJob.Spec.JobTemplate.Spec.Template.Spec.Containers[0].Env[0].Value = checker.Spec.TargetURL - if err := r.Update(ctx, cronJob); err != nil { + cronJob := &batchv1.CronJob{} + if err := r.Get(ctx, req.NamespacedName, cronJob); err != nil { + return ctrl.Result{}, client.IgnoreNotFound(err) + } + patchCronJob := r.RenderCronJob(req, checker) + if err := r.Update(ctx, patchCronJob); err != nil { return ctrl.Result{}, err } log.Log.Info("CronJob updated successfully", "CronJob.Name", cronJob.Name) From 218f626e396b72251fd42e63dcab37af7dee242a Mon Sep 17 00:00:00 2001 From: Patryk Rostkowski Date: Sun, 29 Sep 2024 20:03:46 +0200 Subject: [PATCH 10/24] create somewhat working log parser with kubernetes client --- cmd/main.go | 7 ++- example/example2.yaml | 8 --- internal/controller/checker_controller.go | 4 +- internal/controller/utils.go | 68 ++++++++++++----------- 4 files changed, 43 insertions(+), 44 deletions(-) delete mode 100644 example/example2.yaml diff --git a/cmd/main.go b/cmd/main.go index f37f0f2..3ae2637 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -23,6 +23,8 @@ import ( // Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.) // to ensure that exec-entrypoint and run can make use of them. + + "k8s.io/client-go/kubernetes" _ "k8s.io/client-go/plugin/pkg/client/auth" "k8s.io/apimachinery/pkg/runtime" @@ -145,8 +147,9 @@ func main() { } if err = (&controller.CheckerReconciler{ - Client: mgr.GetClient(), - Scheme: mgr.GetScheme(), + Client: mgr.GetClient(), + Scheme: mgr.GetScheme(), + Clientset: kubernetes.NewForConfigOrDie(mgr.GetConfig()), }).SetupWithManager(mgr); err != nil { setupLog.Error(err, "unable to create controller", "controller", "Checker") os.Exit(1) diff --git a/example/example2.yaml b/example/example2.yaml deleted file mode 100644 index d756aea..0000000 --- a/example/example2.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: checker.cloudification.io/v1 -kind: Checker -metadata: - labels: - app.kubernetes.io/name: amazing - name: amazing -spec: - targetUrl: https://www.amazon.com/ \ No newline at end of file diff --git a/internal/controller/checker_controller.go b/internal/controller/checker_controller.go index a3aff4a..2c8a76d 100644 --- a/internal/controller/checker_controller.go +++ b/internal/controller/checker_controller.go @@ -21,6 +21,7 @@ import ( corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/runtime" + "k8s.io/client-go/kubernetes" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/log" @@ -31,7 +32,8 @@ import ( // CheckerReconciler reconciles a Checker object type CheckerReconciler struct { client.Client - Scheme *runtime.Scheme + Scheme *runtime.Scheme + Clientset *kubernetes.Clientset } // +kubebuilder:rbac:groups=checker.cloudification.io,resources=checkers,verbs=get;list;watch;create;update;patch;delete diff --git a/internal/controller/utils.go b/internal/controller/utils.go index 7b16877..2808425 100644 --- a/internal/controller/utils.go +++ b/internal/controller/utils.go @@ -1,7 +1,9 @@ package controller import ( + "bytes" "context" + "fmt" "time" ctrl "sigs.k8s.io/controller-runtime" @@ -17,6 +19,7 @@ import ( var cronJobLimitPointer int32 = 1 var commonLabelKey string = "cloudification.io/checker" +var unknownStatus string = "Unknown" func (r *CheckerReconciler) RenderConfigMap(req *ctrl.Request, checker *checkerv1.Checker) *corev1.ConfigMap { thisConfigMap := &corev1.ConfigMap{ @@ -130,49 +133,48 @@ func (r *CheckerReconciler) PatchResources(ctx context.Context, req *ctrl.Reques } func (r *CheckerReconciler) UpdateStatus(ctx context.Context, req ctrl.Request, checker *checkerv1.Checker) (ctrl.Result, error) { - jobList := &batchv1.JobList{} - if err := r.List(ctx, jobList, client.InNamespace(req.Namespace)); err != nil { - return ctrl.Result{}, err + if checker.Status.TargetStatus == "" { + checker.Status.TargetStatus = unknownStatus } - for _, job := range jobList.Items { - if job.Status.Succeeded > 0 { - // log.Log.Info("Job completed successfully", "Job.Name", job.Name) - checker.Status.TargetStatus = "Ok" - } else { - // log.Log.Info("Job failed", "Job.Name", job.Name) - checker.Status.TargetStatus = "Not Ok" - } - - podList := &corev1.PodList{} - if err := r.List(ctx, podList, client.InNamespace(req.Namespace)); err != nil { - // log.Log.Error(err, "Unable to list Pods for Job", "Job.Name", job.Name) - continue - } - - for _, pod := range podList.Items { - // log.Log.Info("Fetching logs for Pod", "Pod.Name", pod.Name) - podLogs, err := r.getPodLogs(ctx, pod) - if err != nil { - // log.Log.Error(err, "Unable to get logs for Pod", "Pod.Name", pod.Name) - checker.Status.TargetStatus = "Unknown" - } else { - log.Log.Info("Pod Logs", "Pod.Name", pod.Name, "Logs", podLogs) - checker.Status.TargetStatus = podLogs - } - } + status, err := r.getPodLogs(ctx, checker) + if err != nil { + return ctrl.Result{}, nil } + checker.Status.TargetStatus = status if err := r.Status().Update(ctx, checker); err != nil { - // log.Log.Error(err, "unable to update CronJob status") + log.Log.Error(err, "Unable to update Checker status", "checker.Name", checker.Name) return ctrl.Result{}, err } - log.Log.Info("Status updated successfully", "Checker.Name", checker.Name) return ctrl.Result{}, nil } -func (r *CheckerReconciler) getPodLogs(ctx context.Context, pod corev1.Pod) (string, error) { - return "200", nil +func (r *CheckerReconciler) getPodLogs(ctx context.Context, checker *checkerv1.Checker) (string, error) { + podList, err := r.Clientset.CoreV1().Pods(checker.Namespace).List(ctx, metav1.ListOptions{ + LabelSelector: fmt.Sprintf("%v=%s", commonLabelKey, checker.ObjectMeta.Name), + }) + if err != nil || len(podList.Items) < 1 { + return unknownStatus, err + } + + firstPod := &podList.Items[0] + + req := r.Clientset.CoreV1().Pods(checker.Namespace).GetLogs(firstPod.Name, &corev1.PodLogOptions{}) + + podLogs, err := req.Stream(ctx) + if err != nil { + return "", err + } + defer podLogs.Close() + + buf := new(bytes.Buffer) + _, err = buf.ReadFrom(podLogs) + if err != nil { + return "", err + } + + return buf.String(), nil } From 36a9afe4db96f7897c9dd825a5fb309ec0aaecac Mon Sep 17 00:00:00 2001 From: Patryk Rostkowski Date: Sun, 29 Sep 2024 20:32:54 +0200 Subject: [PATCH 11/24] fix controller owner reference when patching resources --- config/rbac/role.yaml | 24 +++++++++++++++++++++++ internal/controller/checker_controller.go | 6 +++++- internal/controller/utils.go | 14 +++++++++---- 3 files changed, 39 insertions(+), 5 deletions(-) diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 465f059..cc094da 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -4,6 +4,18 @@ kind: ClusterRole metadata: name: manager-role rules: +- apiGroups: + - batch + resources: + - cronjobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - checker.cloudification.io resources: @@ -30,3 +42,15 @@ rules: - get - patch - update +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/internal/controller/checker_controller.go b/internal/controller/checker_controller.go index 2c8a76d..e61157e 100644 --- a/internal/controller/checker_controller.go +++ b/internal/controller/checker_controller.go @@ -27,6 +27,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/log" checkerv1 "github.com/cloudification-io/github-checker-operator/api/v1" + batchv1 "k8s.io/api/batch/v1" ) // CheckerReconciler reconciles a Checker object @@ -39,6 +40,8 @@ type CheckerReconciler struct { // +kubebuilder:rbac:groups=checker.cloudification.io,resources=checkers,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=checker.cloudification.io,resources=checkers/status,verbs=get;update;patch // +kubebuilder:rbac:groups=checker.cloudification.io,resources=checkers/finalizers,verbs=update +// +kubebuilder:rbac:groups=core,resources=configmaps,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=batch,resources=cronjobs,verbs=get;list;watch;create;update;patch;delete // Reconcile is part of the main kubernetes reconciliation loop which aims to // move the current state of the cluster closer to the desired state. @@ -74,6 +77,7 @@ func (r *CheckerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct func (r *CheckerReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). For(&checkerv1.Checker{}). - Owns(&corev1.Pod{}). + Owns(&batchv1.CronJob{}). + Owns(&corev1.ConfigMap{}). Complete(r) } diff --git a/internal/controller/utils.go b/internal/controller/utils.go index 2808425..46ef723 100644 --- a/internal/controller/utils.go +++ b/internal/controller/utils.go @@ -88,19 +88,19 @@ func (r *CheckerReconciler) RenderCronJob(req *ctrl.Request, checker *checkerv1. func (r *CheckerReconciler) CreateResources(ctx context.Context, req *ctrl.Request, checker *checkerv1.Checker) (ctrl.Result, error) { newConfigMap := r.RenderConfigMap(req, checker) - if err := r.Create(ctx, newConfigMap); err != nil { + if err := controllerutil.SetControllerReference(checker, newConfigMap, r.Scheme); err != nil { return ctrl.Result{}, err } - if err := controllerutil.SetControllerReference(checker, newConfigMap, r.Scheme); err != nil { + if err := r.Create(ctx, newConfigMap); err != nil { return ctrl.Result{}, err } log.Log.Info("CronJob created successfully", "ConfigMap.Name", newConfigMap.Name) newCronJob := r.RenderCronJob(req, checker) - if err := r.Create(ctx, newCronJob); err != nil { + if err := controllerutil.SetControllerReference(checker, newCronJob, r.Scheme); err != nil { return ctrl.Result{}, err } - if err := controllerutil.SetControllerReference(checker, newCronJob, r.Scheme); err != nil { + if err := r.Create(ctx, newCronJob); err != nil { return ctrl.Result{}, err } log.Log.Info("CronJob created successfully", "CronJob.Name", newCronJob.Name) @@ -114,6 +114,9 @@ func (r *CheckerReconciler) PatchResources(ctx context.Context, req *ctrl.Reques return ctrl.Result{}, client.IgnoreNotFound(err) } patchConfigMap := r.RenderConfigMap(req, checker) + if err := controllerutil.SetControllerReference(checker, patchConfigMap, r.Scheme); err != nil { + return ctrl.Result{}, err + } if err := r.Update(ctx, patchConfigMap); err != nil { return ctrl.Result{}, err } @@ -124,6 +127,9 @@ func (r *CheckerReconciler) PatchResources(ctx context.Context, req *ctrl.Reques return ctrl.Result{}, client.IgnoreNotFound(err) } patchCronJob := r.RenderCronJob(req, checker) + if err := controllerutil.SetControllerReference(checker, patchCronJob, r.Scheme); err != nil { + return ctrl.Result{}, err + } if err := r.Update(ctx, patchCronJob); err != nil { return ctrl.Result{}, err } From e456b8a7c6e3affeaaa14c0f25c9ca814aac4cb1 Mon Sep 17 00:00:00 2001 From: Patryk Rostkowski Date: Sun, 29 Sep 2024 21:06:20 +0200 Subject: [PATCH 12/24] cosmetic changes --- example/example.yaml | 34 +++++++++++++++++++++-- internal/controller/checker_controller.go | 8 +++--- internal/controller/utils.go | 4 +-- 3 files changed, 38 insertions(+), 8 deletions(-) diff --git a/example/example.yaml b/example/example.yaml index 90d3704..d21f96b 100644 --- a/example/example.yaml +++ b/example/example.yaml @@ -2,8 +2,38 @@ apiVersion: checker.cloudification.io/v1 kind: Checker metadata: labels: - app.kubernetes.io/name: githubbing - name: githubbing + app.kubernetes.io/name: github + name: github namespace: checker spec: targetUrl: https://github.com/ +--- +apiVersion: checker.cloudification.io/v1 +kind: Checker +metadata: + labels: + app.kubernetes.io/name: amazon + name: amazon + namespace: checker +spec: + targetUrl: https://www.amazon.com/ +--- +apiVersion: checker.cloudification.io/v1 +kind: Checker +metadata: + labels: + app.kubernetes.io/name: allegro + name: allegro + namespace: checker +spec: + targetUrl: https://allegro.pl/zobacz/ratyzero +--- +apiVersion: checker.cloudification.io/v1 +kind: Checker +metadata: + labels: + app.kubernetes.io/name: olx + name: olx + namespace: checker +spec: + targetUrl: https://www.olx.pl/ diff --git a/internal/controller/checker_controller.go b/internal/controller/checker_controller.go index e61157e..2267bb4 100644 --- a/internal/controller/checker_controller.go +++ b/internal/controller/checker_controller.go @@ -19,6 +19,7 @@ package controller import ( "context" + batchv1 "k8s.io/api/batch/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/client-go/kubernetes" @@ -27,7 +28,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/log" checkerv1 "github.com/cloudification-io/github-checker-operator/api/v1" - batchv1 "k8s.io/api/batch/v1" ) // CheckerReconciler reconciles a Checker object @@ -64,11 +64,11 @@ func (r *CheckerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct return ctrl.Result{}, client.IgnoreNotFound(err) } - r.PatchResources(ctx, &req, checker) - r.CreateResources(ctx, &req, checker) - r.UpdateStatus(ctx, req, checker) + r.PatchResources(ctx, &req, checker) + + r.UpdateStatus(ctx, &req, checker) return ctrl.Result{}, nil } diff --git a/internal/controller/utils.go b/internal/controller/utils.go index 46ef723..e98800d 100644 --- a/internal/controller/utils.go +++ b/internal/controller/utils.go @@ -138,7 +138,7 @@ func (r *CheckerReconciler) PatchResources(ctx context.Context, req *ctrl.Reques return ctrl.Result{Requeue: true, RequeueAfter: 10 * time.Second}, nil } -func (r *CheckerReconciler) UpdateStatus(ctx context.Context, req ctrl.Request, checker *checkerv1.Checker) (ctrl.Result, error) { +func (r *CheckerReconciler) UpdateStatus(ctx context.Context, req *ctrl.Request, checker *checkerv1.Checker) (ctrl.Result, error) { if checker.Status.TargetStatus == "" { checker.Status.TargetStatus = unknownStatus } @@ -172,7 +172,7 @@ func (r *CheckerReconciler) getPodLogs(ctx context.Context, checker *checkerv1.C podLogs, err := req.Stream(ctx) if err != nil { - return "", err + return unknownStatus, err } defer podLogs.Close() From c1997e918cd858cee46a43b27cf8db3b0080ab8a Mon Sep 17 00:00:00 2001 From: Patryk Rostkowski Date: Sun, 29 Sep 2024 21:27:41 +0200 Subject: [PATCH 13/24] configure rbac to run the oprator inside the cluster --- config/manager/manager.yaml | 2 +- config/rbac/role.yaml | 23 +++++++++++++++++++++++ internal/controller/checker_controller.go | 2 ++ 3 files changed, 26 insertions(+), 1 deletion(-) diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 9dff1d3..5835353 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -63,7 +63,7 @@ spec: args: - --leader-elect - --health-probe-bind-address=:8081 - image: controller:latest + image: patrostkowski/github-checker-operator:latest name: manager securityContext: allowPrivilegeEscalation: false diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index cc094da..b31bb0a 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -4,6 +4,18 @@ kind: ClusterRole metadata: name: manager-role rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - batch resources: @@ -42,6 +54,17 @@ rules: - get - patch - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - update + - watch - apiGroups: - "" resources: diff --git a/internal/controller/checker_controller.go b/internal/controller/checker_controller.go index 2267bb4..e9fd5c0 100644 --- a/internal/controller/checker_controller.go +++ b/internal/controller/checker_controller.go @@ -42,6 +42,8 @@ type CheckerReconciler struct { // +kubebuilder:rbac:groups=checker.cloudification.io,resources=checkers/finalizers,verbs=update // +kubebuilder:rbac:groups=core,resources=configmaps,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=batch,resources=cronjobs,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;list;watch;create;update;delete +// +kubebuilder:rbac:groups="",resources=events,verbs=create;patch;update;watch;list;get;delete // Reconcile is part of the main kubernetes reconciliation loop which aims to // move the current state of the cluster closer to the desired state. From c04ab67b35ef2f0abfdbe715c628004b4d3daefc Mon Sep 17 00:00:00 2001 From: Patryk Rostkowski Date: Sat, 5 Oct 2024 12:19:57 +0200 Subject: [PATCH 14/24] cleanup return values in all utils.go functions --- internal/controller/checker_controller.go | 27 ++++++++---- internal/controller/utils.go | 53 ++++++++++++----------- 2 files changed, 47 insertions(+), 33 deletions(-) diff --git a/internal/controller/checker_controller.go b/internal/controller/checker_controller.go index e9fd5c0..77b968d 100644 --- a/internal/controller/checker_controller.go +++ b/internal/controller/checker_controller.go @@ -18,9 +18,9 @@ package controller import ( "context" + "fmt" + "time" - batchv1 "k8s.io/api/batch/v1" - corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/client-go/kubernetes" ctrl "sigs.k8s.io/controller-runtime" @@ -66,20 +66,31 @@ func (r *CheckerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct return ctrl.Result{}, client.IgnoreNotFound(err) } - r.CreateResources(ctx, &req, checker) + fmt.Print(checker) - r.PatchResources(ctx, &req, checker) + if err := r.SetStatus(ctx, checker, unknownStatus); err != nil { + log.Log.Error(err, "Unable to update Checker status", "checker.Name", checker.Name) + return ctrl.Result{}, err + } + + // if err := r.UpdateStatus(ctx, &req, checker); err != nil { + // log.Log.Error(err, "Could not create resources", "checker.Name", checker.Name) + // } + + // if err := r.CreateResources(ctx, &req, checker); err != nil { + // log.Log.Error(err, "Could not create resources", "checker.Name", checker.Name) + // } - r.UpdateStatus(ctx, &req, checker) + // if err := r.PatchResources(ctx, &req, checker); err != nil { + // log.Log.Error(err, "Could not patch resources", "checker.Name", checker.Name) + // } - return ctrl.Result{}, nil + return ctrl.Result{Requeue: true, RequeueAfter: 60 * time.Second}, nil } // SetupWithManager sets up the controller with the Manager. func (r *CheckerReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). For(&checkerv1.Checker{}). - Owns(&batchv1.CronJob{}). - Owns(&corev1.ConfigMap{}). Complete(r) } diff --git a/internal/controller/utils.go b/internal/controller/utils.go index e98800d..9773f7f 100644 --- a/internal/controller/utils.go +++ b/internal/controller/utils.go @@ -4,7 +4,6 @@ import ( "bytes" "context" "fmt" - "time" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" @@ -86,76 +85,80 @@ func (r *CheckerReconciler) RenderCronJob(req *ctrl.Request, checker *checkerv1. return thisCronJob } -func (r *CheckerReconciler) CreateResources(ctx context.Context, req *ctrl.Request, checker *checkerv1.Checker) (ctrl.Result, error) { +func (r *CheckerReconciler) CreateResources(ctx context.Context, req *ctrl.Request, checker *checkerv1.Checker) error { newConfigMap := r.RenderConfigMap(req, checker) if err := controllerutil.SetControllerReference(checker, newConfigMap, r.Scheme); err != nil { - return ctrl.Result{}, err + return err } if err := r.Create(ctx, newConfigMap); err != nil { - return ctrl.Result{}, err + return err } log.Log.Info("CronJob created successfully", "ConfigMap.Name", newConfigMap.Name) newCronJob := r.RenderCronJob(req, checker) if err := controllerutil.SetControllerReference(checker, newCronJob, r.Scheme); err != nil { - return ctrl.Result{}, err + return err } if err := r.Create(ctx, newCronJob); err != nil { - return ctrl.Result{}, err + return err } log.Log.Info("CronJob created successfully", "CronJob.Name", newCronJob.Name) - return ctrl.Result{}, nil + return nil } -func (r *CheckerReconciler) PatchResources(ctx context.Context, req *ctrl.Request, checker *checkerv1.Checker) (ctrl.Result, error) { +func (r *CheckerReconciler) PatchResources(ctx context.Context, req *ctrl.Request, checker *checkerv1.Checker) error { configMap := &corev1.ConfigMap{} if err := r.Get(ctx, req.NamespacedName, configMap); err != nil { - return ctrl.Result{}, client.IgnoreNotFound(err) + return client.IgnoreNotFound(err) } patchConfigMap := r.RenderConfigMap(req, checker) if err := controllerutil.SetControllerReference(checker, patchConfigMap, r.Scheme); err != nil { - return ctrl.Result{}, err + return err } if err := r.Update(ctx, patchConfigMap); err != nil { - return ctrl.Result{}, err + return err } log.Log.Info("ConfigMap updated successfully", "ConfigMap.Name", configMap.Name) cronJob := &batchv1.CronJob{} if err := r.Get(ctx, req.NamespacedName, cronJob); err != nil { - return ctrl.Result{}, client.IgnoreNotFound(err) + return client.IgnoreNotFound(err) } patchCronJob := r.RenderCronJob(req, checker) if err := controllerutil.SetControllerReference(checker, patchCronJob, r.Scheme); err != nil { - return ctrl.Result{}, err + return err } if err := r.Update(ctx, patchCronJob); err != nil { - return ctrl.Result{}, err + return err } log.Log.Info("CronJob updated successfully", "CronJob.Name", cronJob.Name) - return ctrl.Result{Requeue: true, RequeueAfter: 10 * time.Second}, nil + return nil } -func (r *CheckerReconciler) UpdateStatus(ctx context.Context, req *ctrl.Request, checker *checkerv1.Checker) (ctrl.Result, error) { - if checker.Status.TargetStatus == "" { - checker.Status.TargetStatus = unknownStatus - } - +func (r *CheckerReconciler) UpdateStatus(ctx context.Context, req *ctrl.Request, checker *checkerv1.Checker) error { status, err := r.getPodLogs(ctx, checker) if err != nil { - return ctrl.Result{}, nil + return nil } - checker.Status.TargetStatus = status - if err := r.Status().Update(ctx, checker); err != nil { + if err := r.SetStatus(ctx, checker, status); err != nil { log.Log.Error(err, "Unable to update Checker status", "checker.Name", checker.Name) - return ctrl.Result{}, err + return err } + log.Log.Info("Status updated successfully", "Checker.Name", checker.Name) + return nil +} - return ctrl.Result{}, nil +func (r *CheckerReconciler) SetStatus(ctx context.Context, checker *checkerv1.Checker, status string) error { + checker.Status.TargetStatus = status + if err := r.Status().Update(ctx, checker); err != nil { + log.Log.Error(err, "Unable to update Checker status", "checker.Name", checker.Name) + return err + } + return nil } func (r *CheckerReconciler) getPodLogs(ctx context.Context, checker *checkerv1.Checker) (string, error) { From 4b3c3ce1d9b2ff35c4269b6518ee3150c84f6065 Mon Sep 17 00:00:00 2001 From: Patryk Rostkowski Date: Sat, 5 Oct 2024 12:44:19 +0200 Subject: [PATCH 15/24] rearrange creating resources by controller --- internal/controller/checker_controller.go | 13 ++--- internal/controller/utils.go | 59 +++++++++++++++++++++-- 2 files changed, 58 insertions(+), 14 deletions(-) diff --git a/internal/controller/checker_controller.go b/internal/controller/checker_controller.go index 77b968d..b7a016d 100644 --- a/internal/controller/checker_controller.go +++ b/internal/controller/checker_controller.go @@ -18,7 +18,6 @@ package controller import ( "context" - "fmt" "time" "k8s.io/apimachinery/pkg/runtime" @@ -66,8 +65,6 @@ func (r *CheckerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct return ctrl.Result{}, client.IgnoreNotFound(err) } - fmt.Print(checker) - if err := r.SetStatus(ctx, checker, unknownStatus); err != nil { log.Log.Error(err, "Unable to update Checker status", "checker.Name", checker.Name) return ctrl.Result{}, err @@ -77,13 +74,9 @@ func (r *CheckerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct // log.Log.Error(err, "Could not create resources", "checker.Name", checker.Name) // } - // if err := r.CreateResources(ctx, &req, checker); err != nil { - // log.Log.Error(err, "Could not create resources", "checker.Name", checker.Name) - // } - - // if err := r.PatchResources(ctx, &req, checker); err != nil { - // log.Log.Error(err, "Could not patch resources", "checker.Name", checker.Name) - // } + if err := r.ReconcileResources(ctx, &req, checker); err != nil { + log.Log.Error(err, "Could not create resources", "checker.Name", checker.Name) + } return ctrl.Result{Requeue: true, RequeueAfter: 60 * time.Second}, nil } diff --git a/internal/controller/utils.go b/internal/controller/utils.go index 9773f7f..787f7bd 100644 --- a/internal/controller/utils.go +++ b/internal/controller/utils.go @@ -85,28 +85,79 @@ func (r *CheckerReconciler) RenderCronJob(req *ctrl.Request, checker *checkerv1. return thisCronJob } -func (r *CheckerReconciler) CreateResources(ctx context.Context, req *ctrl.Request, checker *checkerv1.Checker) error { +func (r *CheckerReconciler) CheckIfResourceExists(ctx context.Context, req *ctrl.Request, resource client.Object) (bool, error) { + err := r.Get(ctx, req.NamespacedName, resource) + if err == nil { + return true, nil + } + if client.IgnoreNotFound(err) == nil { + return false, nil + } + return false, err +} + +func (r *CheckerReconciler) CreateConfigMap(ctx context.Context, req *ctrl.Request, checker *checkerv1.Checker) error { newConfigMap := r.RenderConfigMap(req, checker) + + exists, err := r.CheckIfResourceExists(ctx, req, newConfigMap) + if err != nil { + return fmt.Errorf("failed to check ConfigMap existence: %w", err) + } + if exists { + log.Log.Info("ConfigMap already exists, skipping creation", "ConfigMap.Name", newConfigMap.Name) + return nil + } + if err := controllerutil.SetControllerReference(checker, newConfigMap, r.Scheme); err != nil { return err } if err := r.Create(ctx, newConfigMap); err != nil { - return err + if client.IgnoreNotFound(err) != nil { + return err + } } - log.Log.Info("CronJob created successfully", "ConfigMap.Name", newConfigMap.Name) + log.Log.Info("ConfigMap created successfully", "ConfigMap.Name", newConfigMap.Name) + return nil +} + +func (r *CheckerReconciler) CreateCronJob(ctx context.Context, req *ctrl.Request, checker *checkerv1.Checker) error { newCronJob := r.RenderCronJob(req, checker) + + exists, err := r.CheckIfResourceExists(ctx, req, newCronJob) + if err != nil { + return fmt.Errorf("failed to check CronJob existence: %w", err) + } + if exists { + log.Log.Info("CronJob already exists, skipping creation", "CronJob.Name", newCronJob.Name) + return nil + } + if err := controllerutil.SetControllerReference(checker, newCronJob, r.Scheme); err != nil { return err } if err := r.Create(ctx, newCronJob); err != nil { - return err + if client.IgnoreNotFound(err) != nil { + return err + } } log.Log.Info("CronJob created successfully", "CronJob.Name", newCronJob.Name) return nil } +func (r *CheckerReconciler) ReconcileResources(ctx context.Context, req *ctrl.Request, checker *checkerv1.Checker) error { + if err := r.CreateConfigMap(ctx, req, checker); err != nil { + return err + } + + if err := r.CreateCronJob(ctx, req, checker); err != nil { + return err + } + + return nil +} + func (r *CheckerReconciler) PatchResources(ctx context.Context, req *ctrl.Request, checker *checkerv1.Checker) error { configMap := &corev1.ConfigMap{} if err := r.Get(ctx, req.NamespacedName, configMap); err != nil { From 4931209d1408283e648a65307ecdd46b03790618 Mon Sep 17 00:00:00 2001 From: Patryk Rostkowski Date: Sat, 5 Oct 2024 12:51:54 +0200 Subject: [PATCH 16/24] integrate patching resources into resource reconcile function --- internal/controller/utils.go | 38 ++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 13 deletions(-) diff --git a/internal/controller/utils.go b/internal/controller/utils.go index 787f7bd..ca79037 100644 --- a/internal/controller/utils.go +++ b/internal/controller/utils.go @@ -105,6 +105,10 @@ func (r *CheckerReconciler) CreateConfigMap(ctx context.Context, req *ctrl.Reque } if exists { log.Log.Info("ConfigMap already exists, skipping creation", "ConfigMap.Name", newConfigMap.Name) + err := r.PatchConfigMap(ctx, req, checker) + if err != nil { + return err + } return nil } @@ -130,6 +134,10 @@ func (r *CheckerReconciler) CreateCronJob(ctx context.Context, req *ctrl.Request } if exists { log.Log.Info("CronJob already exists, skipping creation", "CronJob.Name", newCronJob.Name) + err := r.PatchCronJob(ctx, req, checker) + if err != nil { + return err + } return nil } @@ -158,32 +166,36 @@ func (r *CheckerReconciler) ReconcileResources(ctx context.Context, req *ctrl.Re return nil } -func (r *CheckerReconciler) PatchResources(ctx context.Context, req *ctrl.Request, checker *checkerv1.Checker) error { - configMap := &corev1.ConfigMap{} - if err := r.Get(ctx, req.NamespacedName, configMap); err != nil { +func (r *CheckerReconciler) PatchCronJob(ctx context.Context, req *ctrl.Request, checker *checkerv1.Checker) error { + cronJob := &batchv1.CronJob{} + if err := r.Get(ctx, req.NamespacedName, cronJob); err != nil { return client.IgnoreNotFound(err) } - patchConfigMap := r.RenderConfigMap(req, checker) - if err := controllerutil.SetControllerReference(checker, patchConfigMap, r.Scheme); err != nil { + patchCronJob := r.RenderCronJob(req, checker) + if err := controllerutil.SetControllerReference(checker, patchCronJob, r.Scheme); err != nil { return err } - if err := r.Update(ctx, patchConfigMap); err != nil { + if err := r.Update(ctx, patchCronJob); err != nil { return err } - log.Log.Info("ConfigMap updated successfully", "ConfigMap.Name", configMap.Name) + log.Log.Info("CronJob updated successfully", "CronJob.Name", cronJob.Name) - cronJob := &batchv1.CronJob{} - if err := r.Get(ctx, req.NamespacedName, cronJob); err != nil { + return nil +} + +func (r *CheckerReconciler) PatchConfigMap(ctx context.Context, req *ctrl.Request, checker *checkerv1.Checker) error { + configMap := &corev1.ConfigMap{} + if err := r.Get(ctx, req.NamespacedName, configMap); err != nil { return client.IgnoreNotFound(err) } - patchCronJob := r.RenderCronJob(req, checker) - if err := controllerutil.SetControllerReference(checker, patchCronJob, r.Scheme); err != nil { + patchConfigMap := r.RenderConfigMap(req, checker) + if err := controllerutil.SetControllerReference(checker, patchConfigMap, r.Scheme); err != nil { return err } - if err := r.Update(ctx, patchCronJob); err != nil { + if err := r.Update(ctx, patchConfigMap); err != nil { return err } - log.Log.Info("CronJob updated successfully", "CronJob.Name", cronJob.Name) + log.Log.Info("ConfigMap updated successfully", "ConfigMap.Name", configMap.Name) return nil } From 77e3f712f748cc30da6b22837d82a647af00f708 Mon Sep 17 00:00:00 2001 From: Patryk Rostkowski Date: Sat, 5 Oct 2024 13:24:13 +0200 Subject: [PATCH 17/24] fix setting wrong CRD status when triggering reconcile --- internal/controller/checker_controller.go | 13 ++++------ internal/controller/utils.go | 29 ++++++++++++++++++----- 2 files changed, 27 insertions(+), 15 deletions(-) diff --git a/internal/controller/checker_controller.go b/internal/controller/checker_controller.go index b7a016d..085e544 100644 --- a/internal/controller/checker_controller.go +++ b/internal/controller/checker_controller.go @@ -65,20 +65,15 @@ func (r *CheckerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct return ctrl.Result{}, client.IgnoreNotFound(err) } - if err := r.SetStatus(ctx, checker, unknownStatus); err != nil { - log.Log.Error(err, "Unable to update Checker status", "checker.Name", checker.Name) - return ctrl.Result{}, err + if err := r.ReconcileResources(ctx, &req, checker); err != nil { + log.Log.Error(err, "Could not create resources", "checker.Name", checker.Name) } - // if err := r.UpdateStatus(ctx, &req, checker); err != nil { - // log.Log.Error(err, "Could not create resources", "checker.Name", checker.Name) - // } - - if err := r.ReconcileResources(ctx, &req, checker); err != nil { + if err := r.UpdateStatus(ctx, &req, checker); err != nil { log.Log.Error(err, "Could not create resources", "checker.Name", checker.Name) } - return ctrl.Result{Requeue: true, RequeueAfter: 60 * time.Second}, nil + return ctrl.Result{Requeue: true, RequeueAfter: 30 * time.Second}, nil } // SetupWithManager sets up the controller with the Manager. diff --git a/internal/controller/utils.go b/internal/controller/utils.go index ca79037..b6909ad 100644 --- a/internal/controller/utils.go +++ b/internal/controller/utils.go @@ -4,6 +4,7 @@ import ( "bytes" "context" "fmt" + "regexp" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" @@ -19,6 +20,7 @@ import ( var cronJobLimitPointer int32 = 1 var commonLabelKey string = "cloudification.io/checker" var unknownStatus string = "Unknown" +var httpStatusCodeRegex = regexp.MustCompile(`\b(2\d{2}|3\d{2}|4\d{2}|5\d{2})\b`) func (r *CheckerReconciler) RenderConfigMap(req *ctrl.Request, checker *checkerv1.Checker) *corev1.ConfigMap { thisConfigMap := &corev1.ConfigMap{ @@ -216,11 +218,17 @@ func (r *CheckerReconciler) UpdateStatus(ctx context.Context, req *ctrl.Request, } func (r *CheckerReconciler) SetStatus(ctx context.Context, checker *checkerv1.Checker, status string) error { - checker.Status.TargetStatus = status + if statusMatches := httpStatusCodeRegex.FindString(status); statusMatches != "" { + checker.Status.TargetStatus = statusMatches + } else { + checker.Status.TargetStatus = unknownStatus + } + if err := r.Status().Update(ctx, checker); err != nil { log.Log.Error(err, "Unable to update Checker status", "checker.Name", checker.Name) return err } + return nil } @@ -232,9 +240,19 @@ func (r *CheckerReconciler) getPodLogs(ctx context.Context, checker *checkerv1.C return unknownStatus, err } - firstPod := &podList.Items[0] + var latestPod *corev1.Pod + for _, pod := range podList.Items { + if latestPod == nil || pod.CreationTimestamp.After(latestPod.CreationTimestamp.Time) { + latestPod = &pod + } + } + if latestPod == nil { + return unknownStatus, fmt.Errorf("no pods found for checker: %s", checker.Name) + } + + log.Log.Info("Looking up logs from found latest pod", "latestPod.Name", latestPod.Name) - req := r.Clientset.CoreV1().Pods(checker.Namespace).GetLogs(firstPod.Name, &corev1.PodLogOptions{}) + req := r.Clientset.CoreV1().Pods(checker.Namespace).GetLogs(latestPod.Name, &corev1.PodLogOptions{}) podLogs, err := req.Stream(ctx) if err != nil { @@ -243,9 +261,8 @@ func (r *CheckerReconciler) getPodLogs(ctx context.Context, checker *checkerv1.C defer podLogs.Close() buf := new(bytes.Buffer) - _, err = buf.ReadFrom(podLogs) - if err != nil { - return "", err + if _, err = buf.ReadFrom(podLogs); err != nil { + return unknownStatus, err } return buf.String(), nil From b40e4ad58dc5b9f49ae9c60a57ad02a4d4f1c156 Mon Sep 17 00:00:00 2001 From: Patryk Rostkowski Date: Sat, 5 Oct 2024 13:48:59 +0200 Subject: [PATCH 18/24] add helper function when searching for latest pod --- internal/controller/checker_controller.go | 2 +- internal/controller/utils.go | 30 +++++++++++++++-------- 2 files changed, 21 insertions(+), 11 deletions(-) diff --git a/internal/controller/checker_controller.go b/internal/controller/checker_controller.go index 085e544..65b4ea7 100644 --- a/internal/controller/checker_controller.go +++ b/internal/controller/checker_controller.go @@ -73,7 +73,7 @@ func (r *CheckerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct log.Log.Error(err, "Could not create resources", "checker.Name", checker.Name) } - return ctrl.Result{Requeue: true, RequeueAfter: 30 * time.Second}, nil + return ctrl.Result{Requeue: true, RequeueAfter: 15 * time.Second}, nil } // SetupWithManager sets up the controller with the Manager. diff --git a/internal/controller/utils.go b/internal/controller/utils.go index b6909ad..895cca1 100644 --- a/internal/controller/utils.go +++ b/internal/controller/utils.go @@ -205,7 +205,7 @@ func (r *CheckerReconciler) PatchConfigMap(ctx context.Context, req *ctrl.Reques func (r *CheckerReconciler) UpdateStatus(ctx context.Context, req *ctrl.Request, checker *checkerv1.Checker) error { status, err := r.getPodLogs(ctx, checker) if err != nil { - return nil + log.Log.Error(err, "Could not get logs from pod") } if err := r.SetStatus(ctx, checker, status); err != nil { @@ -240,18 +240,12 @@ func (r *CheckerReconciler) getPodLogs(ctx context.Context, checker *checkerv1.C return unknownStatus, err } - var latestPod *corev1.Pod - for _, pod := range podList.Items { - if latestPod == nil || pod.CreationTimestamp.After(latestPod.CreationTimestamp.Time) { - latestPod = &pod - } - } - if latestPod == nil { - return unknownStatus, fmt.Errorf("no pods found for checker: %s", checker.Name) + latestPod, err := r.findLatestPod(podList.Items) + if err != nil { + return unknownStatus, err } log.Log.Info("Looking up logs from found latest pod", "latestPod.Name", latestPod.Name) - req := r.Clientset.CoreV1().Pods(checker.Namespace).GetLogs(latestPod.Name, &corev1.PodLogOptions{}) podLogs, err := req.Stream(ctx) @@ -267,3 +261,19 @@ func (r *CheckerReconciler) getPodLogs(ctx context.Context, checker *checkerv1.C return buf.String(), nil } + +func (r *CheckerReconciler) findLatestPod(pods []corev1.Pod) (*corev1.Pod, error) { + var latestPod *corev1.Pod + + for _, pod := range pods { + if latestPod == nil || pod.CreationTimestamp.After(latestPod.CreationTimestamp.Time) { + latestPod = &pod + } + } + + if latestPod == nil { + return nil, fmt.Errorf("no pods found") + } + + return latestPod, nil +} From 0eab5057612571d6b4e8c1c4c8c5efaf602f1d04 Mon Sep 17 00:00:00 2001 From: Patryk Rostkowski Date: Sat, 5 Oct 2024 16:33:28 +0200 Subject: [PATCH 19/24] add namespace scoped config for the controller --- cmd/main.go | 2 ++ internal/controller/checker_controller.go | 14 +++++++------- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/cmd/main.go b/cmd/main.go index 3ae2637..eeefa8b 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -31,6 +31,7 @@ import ( utilruntime "k8s.io/apimachinery/pkg/util/runtime" clientgoscheme "k8s.io/client-go/kubernetes/scheme" ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/cache" "sigs.k8s.io/controller-runtime/pkg/healthz" "sigs.k8s.io/controller-runtime/pkg/log/zap" "sigs.k8s.io/controller-runtime/pkg/metrics/filters" @@ -129,6 +130,7 @@ func main() { HealthProbeBindAddress: probeAddr, LeaderElection: enableLeaderElection, LeaderElectionID: "ec20a543.cloudification.io", + Cache: cache.Options{DefaultNamespaces: map[string]cache.Config{"checker": cache.Config{}}}, // LeaderElectionReleaseOnCancel defines if the leader should step down voluntarily // when the Manager ends. This requires the binary to immediately end when the // Manager is stopped, otherwise, this setting is unsafe. Setting this significantly diff --git a/internal/controller/checker_controller.go b/internal/controller/checker_controller.go index 65b4ea7..e579773 100644 --- a/internal/controller/checker_controller.go +++ b/internal/controller/checker_controller.go @@ -36,13 +36,13 @@ type CheckerReconciler struct { Clientset *kubernetes.Clientset } -// +kubebuilder:rbac:groups=checker.cloudification.io,resources=checkers,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=checker.cloudification.io,resources=checkers/status,verbs=get;update;patch -// +kubebuilder:rbac:groups=checker.cloudification.io,resources=checkers/finalizers,verbs=update -// +kubebuilder:rbac:groups=core,resources=configmaps,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=batch,resources=cronjobs,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;list;watch;create;update;delete -// +kubebuilder:rbac:groups="",resources=events,verbs=create;patch;update;watch;list;get;delete +// +kubebuilder:rbac:groups=checker.cloudification.io,namespace=checker,resources=checkers,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=checker.cloudification.io,namespace=checker,resources=checkers/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=checker.cloudification.io,namespace=checker,resources=checkers/finalizers,verbs=update +// +kubebuilder:rbac:groups=core,namespace=checker,resources=configmaps,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=batch,namespace=checker,resources=cronjobs,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=coordination.k8s.io,namespace=checker,resources=leases,verbs=get;list;watch;create;update;delete +// +kubebuilder:rbac:groups="",namespace=checker,resources=events,verbs=create;patch;update;watch;list;get;delete // Reconcile is part of the main kubernetes reconciliation loop which aims to // move the current state of the cluster closer to the desired state. From d8fe2b39af21c3c588b152da26369f4eb1b872be Mon Sep 17 00:00:00 2001 From: Patryk Rostkowski Date: Sat, 5 Oct 2024 16:57:51 +0200 Subject: [PATCH 20/24] adjust RBAC config for in-cluster deployment --- config/manager/kustomization.yaml | 6 ++++++ config/rbac/role.yaml | 9 ++++++++- internal/controller/checker_controller.go | 15 ++++++++------- 3 files changed, 22 insertions(+), 8 deletions(-) diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 5c5f0b8..ad13e96 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -1,2 +1,8 @@ resources: - manager.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: +- name: controller + newName: controller + newTag: latest diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index b31bb0a..c158565 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -7,7 +7,7 @@ rules: - apiGroups: - "" resources: - - events + - pods verbs: - create - delete @@ -16,6 +16,13 @@ rules: - patch - update - watch +- apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - list - apiGroups: - batch resources: diff --git a/internal/controller/checker_controller.go b/internal/controller/checker_controller.go index e579773..d7cf77b 100644 --- a/internal/controller/checker_controller.go +++ b/internal/controller/checker_controller.go @@ -36,13 +36,14 @@ type CheckerReconciler struct { Clientset *kubernetes.Clientset } -// +kubebuilder:rbac:groups=checker.cloudification.io,namespace=checker,resources=checkers,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=checker.cloudification.io,namespace=checker,resources=checkers/status,verbs=get;update;patch -// +kubebuilder:rbac:groups=checker.cloudification.io,namespace=checker,resources=checkers/finalizers,verbs=update -// +kubebuilder:rbac:groups=core,namespace=checker,resources=configmaps,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=batch,namespace=checker,resources=cronjobs,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=coordination.k8s.io,namespace=checker,resources=leases,verbs=get;list;watch;create;update;delete -// +kubebuilder:rbac:groups="",namespace=checker,resources=events,verbs=create;patch;update;watch;list;get;delete +// +kubebuilder:rbac:groups=checker.cloudification.io,resources=checkers,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=checker.cloudification.io,resources=checkers/status,verbs=get;update;patch +// +kubebuilder:rbac:groups=checker.cloudification.io,resources=checkers/finalizers,verbs=update +// +kubebuilder:rbac:groups=core,resources=configmaps,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=batch,resources=cronjobs,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;list;watch;create;update;delete +// +kubebuilder:rbac:groups="",resources=pods,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups="",resources=pods/log,verbs=get;list // Reconcile is part of the main kubernetes reconciliation loop which aims to // move the current state of the cluster closer to the desired state. From 017787b805f87558c81a4dc46974a439756e9efe Mon Sep 17 00:00:00 2001 From: Patryk Rostkowski Date: Sat, 5 Oct 2024 17:00:49 +0200 Subject: [PATCH 21/24] set curl image to 8.10.1 tag --- internal/controller/utils.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/controller/utils.go b/internal/controller/utils.go index 895cca1..27d69f7 100644 --- a/internal/controller/utils.go +++ b/internal/controller/utils.go @@ -61,7 +61,7 @@ func (r *CheckerReconciler) RenderCronJob(req *ctrl.Request, checker *checkerv1. Containers: []corev1.Container{ { Name: "curl", - Image: "curlimages/curl:latest", + Image: "curlimages/curl:8.10.1", EnvFrom: []corev1.EnvFromSource{ { ConfigMapRef: &corev1.ConfigMapEnvSource{ From 25f583b38d73b765250f64c5c32d37263f387289 Mon Sep 17 00:00:00 2001 From: Patryk Rostkowski Date: Sat, 5 Oct 2024 17:17:42 +0200 Subject: [PATCH 22/24] add example operator config and push arm64 image to dockerhub --- example/example.yaml | 30 --- example/operator.yaml | 411 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 411 insertions(+), 30 deletions(-) create mode 100644 example/operator.yaml diff --git a/example/example.yaml b/example/example.yaml index d21f96b..472bdab 100644 --- a/example/example.yaml +++ b/example/example.yaml @@ -7,33 +7,3 @@ metadata: namespace: checker spec: targetUrl: https://github.com/ ---- -apiVersion: checker.cloudification.io/v1 -kind: Checker -metadata: - labels: - app.kubernetes.io/name: amazon - name: amazon - namespace: checker -spec: - targetUrl: https://www.amazon.com/ ---- -apiVersion: checker.cloudification.io/v1 -kind: Checker -metadata: - labels: - app.kubernetes.io/name: allegro - name: allegro - namespace: checker -spec: - targetUrl: https://allegro.pl/zobacz/ratyzero ---- -apiVersion: checker.cloudification.io/v1 -kind: Checker -metadata: - labels: - app.kubernetes.io/name: olx - name: olx - namespace: checker -spec: - targetUrl: https://www.olx.pl/ diff --git a/example/operator.yaml b/example/operator.yaml new file mode 100644 index 0000000..f665ff6 --- /dev/null +++ b/example/operator.yaml @@ -0,0 +1,411 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: github-checker-operator + control-plane: controller-manager + name: operator +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: checkers.checker.cloudification.io +spec: + group: checker.cloudification.io + names: + kind: Checker + listKind: CheckerList + plural: checkers + singular: checker + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The current target status + jsonPath: .status.targetStatus + name: Target Status + type: string + name: v1 + schema: + openAPIV3Schema: + description: Checker is the Schema for the checkers API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CheckerSpec defines the desired state of Checker + properties: + targetUrl: + description: Foo is an example field of Checker. Edit checker_types.go + to remove/update + type: string + required: + - targetUrl + type: object + status: + description: CheckerStatus defines the observed state of Checker + properties: + targetStatus: + type: string + required: + - targetStatus + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: github-checker-operator + name: github-checker-operator-controller-manager + namespace: operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: github-checker-operator + name: github-checker-operator-leader-election-role + namespace: operator +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: github-checker-operator + name: github-checker-operator-checker-editor-role +rules: +- apiGroups: + - checker.cloudification.io + resources: + - checkers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - checker.cloudification.io + resources: + - checkers/status + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: github-checker-operator + name: github-checker-operator-checker-viewer-role +rules: +- apiGroups: + - checker.cloudification.io + resources: + - checkers + verbs: + - get + - list + - watch +- apiGroups: + - checker.cloudification.io + resources: + - checkers/status + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: github-checker-operator-manager-role +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - list +- apiGroups: + - batch + resources: + - cronjobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - checker.cloudification.io + resources: + - checkers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - checker.cloudification.io + resources: + - checkers/finalizers + verbs: + - update +- apiGroups: + - checker.cloudification.io + resources: + - checkers/status + verbs: + - get + - patch + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: github-checker-operator-metrics-auth-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: github-checker-operator-metrics-reader +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: github-checker-operator + name: github-checker-operator-leader-election-rolebinding + namespace: operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: github-checker-operator-leader-election-role +subjects: +- kind: ServiceAccount + name: github-checker-operator-controller-manager + namespace: operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: github-checker-operator + name: github-checker-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: github-checker-operator-manager-role +subjects: +- kind: ServiceAccount + name: github-checker-operator-controller-manager + namespace: operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: github-checker-operator-metrics-auth-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: github-checker-operator-metrics-auth-role +subjects: +- kind: ServiceAccount + name: github-checker-operator-controller-manager + namespace: operator +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: github-checker-operator + control-plane: controller-manager + name: github-checker-operator-controller-manager-metrics-service + namespace: operator +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: 8443 + selector: + control-plane: controller-manager +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: github-checker-operator + control-plane: controller-manager + name: github-checker-operator-controller-manager + namespace: operator +spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + containers: + - args: + - --metrics-bind-address=:8443 + - --leader-elect + - --health-probe-bind-address=:8081 + command: + - /manager + image: patrostkowski/github-checker-operator:017787b + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + securityContext: + runAsNonRoot: true + serviceAccountName: github-checker-operator-controller-manager + terminationGracePeriodSeconds: 10 From c2d3e1b66799e9124ab703bd634294c8ec9af7fb Mon Sep 17 00:00:00 2001 From: Patryk Rostkowski Date: Sun, 6 Oct 2024 15:24:54 +0200 Subject: [PATCH 23/24] update README.md --- README.md | 67 +++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 65 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f517c58..e4ea17c 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,65 @@ -# github-checker-operator -Repository for test task +# Github Checker Operator + +This project implements a Kubernetes operator written in Golang using Kubebuilder framework that manages custom resources of type `Checker`. The operator handles the creation and management of related resources and continuously monitors pod logs to update the status of the `Checker` resource. + +## Table of Contents + +- [Project Overview](#project-overview) +- [Getting Started](#getting-started) + - [Prerequisites](#prerequisites) + - [Installation](#installation) +- [How the Operator Works](#how-the-operator-works) +- [Usage](#usage) + +## Project Overview + +The `Checker` operator provides the following functionalities: + +1. **Resource Management**: Automatically creates `ConfigMaps` and `CronJobs` based on the definition of a `Checker` custom resource. +2. **Pod Log Monitoring**: The operator tracks the logs of the latest pod created by the CronJob, evaluates the status from the logs, and updates the `Checker` status accordingly. +3. **RBAC Permissions**: RBAC roles and permissions are defined using static manifests, ensuring the operator has the necessary access to manage resources in the cluster. + +## Getting Started + +### Prerequisites + +- A Kubernetes cluster (local or remote). +- `kubectl` CLI installed and configured to manage the cluster. +- Docker installed for building and pushing container images. +- Golang (version 1.22 or later). + +### Installation + +1. **Deploy the Operator**: + + Use the static Kubernetes manifest to deploy the operator in your cluster: + + ```bash + kubectl apply -f example/operator.yaml + ``` + +2. **Create a `Checker` Resource**: + + The operator will automatically generate associated resources. To create an instance of the `Checker` resource: + + ```bash + kubectl apply -f example/example.yaml + ``` + +## How the Operator Works + +- **Checker Custom Resource**: When a `Checker` resource is created, the operator generates a corresponding `ConfigMap` and `CronJob` based on the resource's configuration. +- **Pod Log Monitoring**: The operator monitors the logs of the latest pod created by the CronJob. If the logs indicate a status code in the 2XX, 3XX, 4XX, or 5XX range, it updates the `Checker` resource's status accordingly. +- **Dynamic Status Updates**: The status of the `Checker` resource is continuously updated based on the latest pod logs, providing real-time feedback. + +## Usage + +1. **Check the `Checker` Status**: After creating the `Checker` resource, you can check its status by running: + + ```bash + kubectl get checkers + ``` + +2. **Monitor Logs**: The operator captures the logs of the pods created by the CronJob and automatically updates the `Checker` status. + +3. **Customize the CronJob**: You can modify the `Checker` custom resource spec to adjust the configuration of the `ConfigMap` and the associated `CronJob`. From 1c7051c60de811ff5b55f68c290d2cc71a2d8263 Mon Sep 17 00:00:00 2001 From: Patryk Rostkowski Date: Tue, 8 Oct 2024 14:44:27 +0200 Subject: [PATCH 24/24] fix waiting for latest pod with succeded phase when fetching logs --- internal/controller/utils.go | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/internal/controller/utils.go b/internal/controller/utils.go index 27d69f7..aaf5c30 100644 --- a/internal/controller/utils.go +++ b/internal/controller/utils.go @@ -5,6 +5,7 @@ import ( "context" "fmt" "regexp" + "time" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" @@ -245,6 +246,14 @@ func (r *CheckerReconciler) getPodLogs(ctx context.Context, checker *checkerv1.C return unknownStatus, err } + podCtx, cancel := context.WithTimeout(ctx, 10*time.Second) + defer cancel() + + err = r.waitForPodSucceeded(podCtx, checker.Namespace, latestPod.Name) + if err != nil { + return unknownStatus, err + } + log.Log.Info("Looking up logs from found latest pod", "latestPod.Name", latestPod.Name) req := r.Clientset.CoreV1().Pods(checker.Namespace).GetLogs(latestPod.Name, &corev1.PodLogOptions{}) @@ -262,6 +271,28 @@ func (r *CheckerReconciler) getPodLogs(ctx context.Context, checker *checkerv1.C return buf.String(), nil } +func (r *CheckerReconciler) waitForPodSucceeded(ctx context.Context, namespace, podName string) error { + for { + select { + case <-ctx.Done(): + return fmt.Errorf("context deadline exceeded waiting for pod %s to reach 'Succeeded' phase", podName) + + default: + pod, err := r.Clientset.CoreV1().Pods(namespace).Get(ctx, podName, metav1.GetOptions{}) + if err != nil { + return fmt.Errorf("error retrieving pod %s: %v", podName, err) + } + + if pod.Status.Phase == corev1.PodSucceeded { + log.Log.Info("Pod has reached 'Succeeded' phase", "PodName", podName) + return nil + } + + time.Sleep(time.Second) + } + } +} + func (r *CheckerReconciler) findLatestPod(pods []corev1.Pod) (*corev1.Pod, error) { var latestPod *corev1.Pod