allanger/gitops-diff-operator
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

Init commit

Browse Source
This commit is contained in:
Nikolai Rodionov
2024-07-02 20:28:13 +02:00
parent c8251eddd2
commit 2b1dec7e52
25 changed files with 856 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
src/config/crd/bases/k8s.badhouseplants.net_diffs.yaml Normal file
View File

@ -0,0 +1,62 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.15.0
name: diffs.k8s.badhouseplants.net
spec:
group: k8s.badhouseplants.net
names:
kind: Diff
listKind: DiffList
plural: diffs
singular: diff
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: Diff is the Schema for the diffs API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: DiffSpec defines the desired state of Diff
properties:
appSourceName:
type: string
targetRef:
type: string
required:
- appSourceName
- targetRef
type: object
status:
description: DiffStatus defines the observed state of Diff
properties:
diffSecret:
type: string
required:
- diffSecret
type: object
type: object
served: true
storage: true
subresources:
status: {}

2
src/config/crd/kustomization.yaml
View File

@ -3,6 +3,7 @@
# It should be run by config/default
resources:
- bases/k8s.badhouseplants.net_appsources.yaml
- bases/k8s.badhouseplants.net_diffs.yaml
# +kubebuilder:scaffold:crdkustomizeresource
patches:
@ -13,6 +14,7 @@ patches:
# [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix.
# patches here are for enabling the CA injection for each CRD
#- path: patches/cainjection_in_appsources.yaml
#- path: patches/cainjection_in_diffs.yaml
# +kubebuilder:scaffold:crdkustomizecainjectionpatch
# [WEBHOOK] To enable webhook, uncomment the following section

6
src/config/manager/kustomization.yaml
View File

@ -1,2 +1,8 @@
resources:
- manager.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
images:
- name: controller
newName: controller
newTag: latest

39
src/config/manager/manager.yaml
View File

@ -7,6 +7,28 @@ metadata:
app.kubernetes.io/managed-by: kustomize
name: system
---
apiVersion: v1
kind: Secret
metadata:
labels:
control-plane: controller-manager
app.kubernetes.io/name: gitops-diff-operator
app.kubernetes.io/managed-by: kustomize
name: ssh-key
namespace: system
stringData:
known_hosts: |
git.badhouseplants.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDTsGvo2KESuvWLf4QEwg+1DdetksEgowGAW04OezLhpA6bqT/6WIx0O6NaQCSN+ZxBRV2a/+ICSGFtU+RFTtbcu30Lcsl/yD9qwbzBqNTUweaWPNze5LrHbIV0/J8nTSt4vzCw3eF0wdvnIQWLhdjQ4qjtV1OWlYJDwo1rHPDJ5JAuYKeLz50iEhs7R6oj2ccws2olGUssG4voi/EHWVxQa3khmSNWdHTNR6H6sdkehKWflGokS5oRf5dIUFj+BbFbq6JxJQXzoiVzOoLdfGz1S6m5i1O0UbDgnoL/my+0ZiswbIa5ApbP+oOjvW5NWF1lzehowNj7Kd1Ow9+FN+2eHSPN+g5rXapBNclQ5/JT5pcSP3vjVuvNoUE/GHhLLFLG3nsPd0GuSB9PDWqxBdnAybOjjldL2cTdDajcdkYbyUGT5HCvdjgpCeJe22JQElvTgKWnICDsnCaIXPwrp1ek5soAjY6ylsOv2KYUnoo+gy7P0+Bzf9JzngfgcN/4x5s8keRQ6YNC9I3NiN1XRdJA52/RGMQfuWjqcqG04yk6AHZZLD3OdBJRjLhXSRn4/DixQ6BxT25mZfZVuyS9pOuDXaI9ZmYtX+xSXAp1XTfIH6t/ud1A+jTKbrCeV5AS6CmlGVfge+9ewDw7RRGd3MW5i5N3N7RwJVMfpcTXVPY2sQ==
ssh-key: |
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACD1yCmImxo9MBmRDKGYZAg1zLF2JZR1yWFem2s7+oR7lwAAAJid8CAjnfAg
IwAAAAtzc2gtZWQyNTUxOQAAACD1yCmImxo9MBmRDKGYZAg1zLF2JZR1yWFem2s7+oR7lw
AAAEAx9GITnEAhwE8td+EqwgU7Qnf29DWIsiS1Z2ACfIqZs/XIKYibGj0wGZEMoZhkCDXM
sXYllHXJYV6bazv6hHuXAAAAEGFsbGFuZ2VyQE1ha0Jvb2sBAgMEBQ==
-----END OPENSSH PRIVATE KEY-----
---
apiVersion: apps/v1
kind: Deployment
metadata:
@ -57,6 +79,10 @@ spec:
# versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
# seccompProfile:
# type: RuntimeDefault
volumes:
- name: ssh-key
secret:
secretName: ssh-key
containers:
- command:
- /manager
@ -65,6 +91,9 @@ spec:
- --health-probe-bind-address=:8081
image: controller:latest
name: manager
env:
- name: SSH_KNOWN_HOSTS
value: /var/known_hosts
securityContext:
allowPrivilegeEscalation: false
capabilities:
@ -91,5 +120,15 @@ spec:
requests:
cpu: 10m
memory: 64Mi
volumeMounts:
- mountPath: /var/ssh-key
name: ssh-key
subPath: ssh-key
readOnly: true
- mountPath: /var/known_hosts
name: ssh-key
subPath: known_hosts
readOnly: true
serviceAccountName: controller-manager
terminationGracePeriodSeconds: 10

27
src/config/rbac/diff_editor_role.yaml Normal file
View File

@ -0,0 +1,27 @@
# permissions for end users to edit diffs.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: src
app.kubernetes.io/managed-by: kustomize
name: diff-editor-role
rules:
- apiGroups:
- k8s.badhouseplants.net
resources:
- diffs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- k8s.badhouseplants.net
resources:
- diffs/status
verbs:
- get

23
src/config/rbac/diff_viewer_role.yaml Normal file
View File

@ -0,0 +1,23 @@
# permissions for end users to view diffs.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: src
app.kubernetes.io/managed-by: kustomize
name: diff-viewer-role
rules:
- apiGroups:
- k8s.badhouseplants.net
resources:
- diffs
verbs:
- get
- list
- watch
- apiGroups:
- k8s.badhouseplants.net
resources:
- diffs/status
verbs:
- get

2
src/config/rbac/kustomization.yaml
View File

@ -13,6 +13,8 @@ resources:
# default, aiding admins in cluster management. Those roles are
# not used by the Project itself. You can comment the following lines
# if you do not want those helpers be installed with your Project.
- diff_editor_role.yaml
- diff_viewer_role.yaml
- appsource_editor_role.yaml
- appsource_viewer_role.yaml

6
src/config/rbac/role.yaml
View File

@ -7,7 +7,7 @@ rules:
- apiGroups:
- k8s.badhouseplants.net
resources:
- appsources
- diffs
verbs:
- create
- delete
@ -19,13 +19,13 @@ rules:
- apiGroups:
- k8s.badhouseplants.net
resources:
- appsources/finalizers
- diffs/finalizers
verbs:
- update
- apiGroups:
- k8s.badhouseplants.net
resources:
- appsources/status
- diffs/status
verbs:
- get
- patch

1
src/config/samples/kustomization.yaml
View File

@ -1,4 +1,5 @@
## Append samples of your project ##
resources:
- v1alpha1_appsource.yaml
- v1alpha1_diff.yaml
# +kubebuilder:scaffold:manifestskustomizesamples

6
src/config/samples/v1alpha1_appsource.yaml
View File

@ -6,4 +6,8 @@ metadata:
app.kubernetes.io/managed-by: kustomize
name: appsource-sample
spec:
# TODO(user): Add fields here
resource:
kind: Application
api: argoproj.io/v1alpha1
name: vaultflux
namespace: argo-system

11
src/config/samples/v1alpha1_diff.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: k8s.badhouseplants.net/v1alpha1
kind: Diff
metadata:
labels:
app.kubernetes.io/name: src
app.kubernetes.io/managed-by: kustomize
name: diff-sample
spec:
appSourceName: appsource-sample
targetRef: main
# TODO(user): Add fields here