Merge pull request #45 from finleap-connect/feature/update-kubebuilder

Update kubebuilder

.dockerignore

@@ -0,0 +1,4 @@
+# More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file
+# Ignore build and test binaries.
+bin/
+testbin/

.github/workflows/golang.yaml

@@ -53,8 +53,8 @@ jobs:
         uses: actions/checkout@v3
       - name: test
         run: |
-          make go-test
-          make go-coverage
+          make test
+          make coverage
       - name: Convert coverage to lcov
         uses: jandelgado/[email protected]
         with:

.gitignore

@@ -1,22 +1,11 @@
-/tools/*
-!/tools/kubebuilder-wrapper
-!/tools/kubebuilder-install
-!/tools/goget-wrapper
-!/tools/helm3-install
-!/tools/vault-install
-/bin
-/reports
-/tmp
-
-*.coverprofile
-
 # Binaries for programs and plugins
 *.exe
 *.exe~
 *.dll
 *.so
 *.dylib
 bin
+testbin/*
 
 # Test binary, build with `go test -c`
 *.test
@@ -34,4 +23,6 @@ bin
 *.swo
 *~
 
+cover.out
 .vscode
+.coverprofile

Dockerfile

@@ -31,13 +31,13 @@ COPY vault/ vault/
 COPY util/ util/
 
 # Build
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager main.go
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o manager main.go
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
 FROM gcr.io/distroless/static:nonroot
 WORKDIR /
 COPY --from=builder /workspace/manager .
-USER nonroot:nonroot
+USER 65532:65532
 
 ENTRYPOINT ["/manager"]

Makefile

@@ -1,30 +1,24 @@
-# Directory, where all required tools are located (absolute path required)
-BUILD_PATH ?= $(shell pwd)
-TOOLS_DIR  ?= $(shell cd tools 2>/dev/null && pwd)
-
-YQ ?= yq
-
-VERSION ?= 0.0.1-local
-KUBE_NAMESPACE ?= vault-operator
-LATEST_REV = $(shell git rev-list --tags --max-count=1)
-LATEST_TAG = $(shell git describe --tags $(LATEST_REV))
-
-# Prerequisite tools
-GO ?= go
-GOOS ?= $(go env GOOS)
-GOARCH ?= $(go env GOARCH)
-DOCKER ?= docker
-KUBECTL ?= kubectl
-
-KIND ?= $(TOOLS_DIR)/kind
-VAULT ?= $(TOOLS_DIR)/vault
-CONTROLLER_GEN ?= $(TOOLS_DIR)/controller-gen
-KUSTOMIZE ?= $(TOOLS_DIR)/kustomize
-KUBEBUILDER ?= $(TOOLS_DIR)/kubebuilder
-KUBEBUILDER_ASSETS ?= $(TOOLS_DIR)
-
-# Variables
-MANAGER_BIN ?= bin/manager
+
+# Image URL to use all building/pushing image targets
+IMG ?= controller:latest
+# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
+ENVTEST_K8S_VERSION = 1.24.1
+
+# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
+ifeq (,$(shell go env GOBIN))
+GOBIN=$(shell go env GOPATH)/bin
+else
+GOBIN=$(shell go env GOBIN)
+endif
+
+# Setting SHELL to bash allows bash commands to be executed by recipes.
+# This is a requirement for 'setup-envtest.sh' in the test target.
+# Options are set to exit when a recipe line exits non-zero or a piped command fails.
+SHELL = /usr/bin/env bash -o pipefail
+.SHELLFLAGS = -ec
+
+.PHONY: all
+all: build
 
 ##@ General
 
@@ -39,52 +33,143 @@ MANAGER_BIN ?= bin/manager
 # More info on the awk command:
 # http://linuxcommand.org/lc3_adv_awk.php
 
+.PHONY: help
 help: ## Display this help.
 	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
 
-export
-
-.PHONY: all go-test install uninstall deploy manifests
-
-all: $(MANAGER_BIN)
-
-$(MANAGER_BIN): generate fmt vet
-	$(GO) build -o $(MANAGER_BIN) ./main.go
-
-add-license: ## Adds the license to every file
-	@docker run --rm -v "$(PWD):/src" -u $(shell id -u) ghcr.io/google/addlicense --ignore **/*.yaml --ignore **/*.yml -c "VaultOperator Authors" -l "apache" -v .
+##@ Development
 
-check-license: ## Checks that the license is set on every file
-	@docker run --rm -v "$(PWD):/src" -u $(shell id -u) ghcr.io/google/addlicense --ignore **/*.yaml --ignore **/*.yml -c "VaultOperator Authors" -l "apache" -v -check .
-
-manifests: $(CONTROLLER_GEN) $(KUSTOMIZE) ## Generate manifests e.g. CRD, RBAC etc.
-	$(CONTROLLER_GEN) crd:trivialVersions=false rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
-	echo "# Generated by 'make manifests'\n" > $(HELM_CHART_DIR)/templates/crds.yaml
+.PHONY: manifests
+manifests: controller-gen kustomize ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
+	$(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
+	echo "# Generated by 'make manifests'" > $(HELM_CHART_DIR)/templates/crds.yaml
 	$(KUSTOMIZE) build config/crd-templates >> $(HELM_CHART_DIR)/templates/crds.yaml
-	echo "# Generated by 'make manifests'\n" > $(HELM_CHART_DIR)/templates/webhook.yaml
+	echo "# Generated by 'make manifests'" > $(HELM_CHART_DIR)/templates/webhook.yaml
 	$(KUSTOMIZE) build config/webhook-templates >> $(HELM_CHART_DIR)/templates/webhook.yaml
 
-generate: $(CONTROLLER_GEN) ## Generate code using controller-gen
-
-tools: $(TOOLS_DIR)/kind $(TOOLS_DIR)/ginkgo $(TOOLS_DIR)/controller-gen $(TOOLS_DIR)/kustomize $(TOOLS_DIR)/golangci-lint $(TOOLS_DIR)/kubebuilder ## Phony target to install all required tools into ${TOOLS_DIR}
-
-$(TOOLS_DIR)/kind:
-	@echo "Installing $@"
-	@GOBIN=$(TOOLS_DIR) go install sigs.k8s.io/[email protected]
-
-$(TOOLS_DIR)/controller-gen:
-	@echo "Installing $@"
-	@GOBIN=$(TOOLS_DIR) go install sigs.k8s.io/controller-tools/cmd/[email protected]
-
-$(TOOLS_DIR)/kustomize:
-	@echo "Installing $@"
-	@$(TOOLS_DIR)/install_kustomize.sh $(TOOLS_DIR)
-
-$(TOOLS_DIR)/vault:
-	@$(TOOLS_DIR)/vault-install
-
-$(TOOLS_DIR)/kubebuilder $(TOOLS_DIR)/kubectl $(TOOLS_DIR)/kube-apiserver $(TOOLS_DIR)/etcd:
-	@$(TOOLS_DIR)/kubebuilder-install
+.PHONY: generate
+generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
+	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
+
+.PHONY: fmt
+fmt: ## Run go fmt against code.
+	go fmt ./...
+
+.PHONY: vet
+vet: ## Run go vet against code.
+	go vet ./...
+
+.PHONY: lint
+lint: golangcilint ## Run linter against code.
+	$(GOLANGCILINT) run -v -E goconst -E misspell
+
+coverage: ## print coverage from coverprofiles
+	go tool cover -func .coverprofile 
+
+.PHONY: test
+test: ginkgo manifests generate fmt vet envtest vault ## Run tests.
+	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" PATH="$(PATH):$(LOCALBIN)" $(GINKGO) -r -v -cover --failFast -requireSuite -covermode count -outputdir=. -coverprofile=.coverprofile
+
+##@ Build
+
+.PHONY: build
+build: generate fmt vet ## Build manager binary.
+	go build -o bin/manager main.go
+
+.PHONY: run
+run: manifests generate fmt vet ## Run a controller from your host.
+	go run ./main.go
+
+.PHONY: docker-build
+docker-build: test ## Build docker image with the manager.
+	docker build -t ${IMG} .
+
+.PHONY: docker-push
+docker-push: ## Push docker image with the manager.
+	docker push ${IMG}
+
+##@ Deployment
+
+ifndef ignore-not-found
+  ignore-not-found = false
+endif
+
+.PHONY: install
+install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
+	$(KUSTOMIZE) build config/crd | kubectl apply -f -
+
+.PHONY: uninstall
+uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
+	$(KUSTOMIZE) build config/crd | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
+
+.PHONY: deploy
+deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
+	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+	$(KUSTOMIZE) build config/default | kubectl apply -f -
+
+.PHONY: undeploy
+undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
+	$(KUSTOMIZE) build config/default | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
+
+##@ Build Dependencies
+
+## Location to install dependencies to
+LOCALBIN ?= $(shell pwd)/bin
+$(LOCALBIN):
+	mkdir -p $(LOCALBIN)
+
+.PHONY:
+clean:
+	rm -R $(LOCALBIN)
+
+## Tool Binaries
+KUSTOMIZE ?= $(LOCALBIN)/kustomize
+CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
+ENVTEST ?= $(LOCALBIN)/setup-envtest
+GINKGO ?= $(LOCALBIN)/ginkgo
+GOLANGCILINT ?= $(LOCALBIN)/golangci-lint
+VAULT ?= $(LOCALBIN)/vault
+
+## Tool Versions
+KUSTOMIZE_VERSION ?= v4.5.5
+CONTROLLER_TOOLS_VERSION ?= v0.8.0
+GINKGO_VERSION ?= v1.16.5
+GOLANGCILINT_VERSION ?= v1.46.1
+VAULT_VERSION ?= 1.9.3
+GO_OS ?= $(shell go env GOOS)
+GO_ARCH ?= $(shell go env GOARCH)
+
+KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
+.PHONY: kustomize
+kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
+$(KUSTOMIZE): $(LOCALBIN)
+	curl -s $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN)
+
+.PHONY: controller-gen
+controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary.
+$(CONTROLLER_GEN): $(LOCALBIN)
+	GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_TOOLS_VERSION)
+
+.PHONY: envtest
+envtest: $(ENVTEST) ## Download envtest-setup locally if necessary.
+$(ENVTEST): $(LOCALBIN)
+	GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
+
+.PHONY: ginkgo
+ginkgo: $(GINKGO) ## Download ginkgo locally if necessary.
+$(GINKGO): $(LOCALBIN)
+	GOBIN=$(LOCALBIN) go install github.com/onsi/ginkgo/ginkgo@$(GINKGO_VERSION)
+
+.PHONY: golangcilint
+golangcilint: $(GOLANGCILINT) ## Download golangci-lint locally if necessary.
+$(GOLANGCILINT): $(LOCALBIN)
+	GOBIN=$(LOCALBIN) go install github.com/golangci/golangci-lint/cmd/golangci-lint@$(GOLANGCILINT_VERSION)
+
+.PHONY: vault
+vault: $(VAULT) ## Download vault locally if necessary.
+$(VAULT): $(LOCALBIN)
+	wget https://releases.hashicorp.com/vault/$(VAULT_VERSION)/vault_$(VAULT_VERSION)_$(GO_OS)_$(GO_ARCH).zip -O $(LOCALBIN)/vault.zip
+	unzip -o $(LOCALBIN)/vault.zip -d $(LOCALBIN)
+	rm $(LOCALBIN)/vault.zip
 
-include go.mk
 include helm.mk

PROJECT

@@ -1,7 +1,16 @@
-domain: github.com/finleap-connect/vaultoperator
-repo: https://github.com/finleap-connect/vaultoperator
+domain: vault.finleap.cloud
+layout:
+- go.kubebuilder.io/v3
+projectName: vaultoperator-new
+repo: github.com/finleap-connect/vaultoperator
 resources:
-- group: vault
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: vault.finleap.cloud
+  group: vault.finleap.cloud
   kind: VaultSecret
+  path: github.com/finleap-connect/vaultoperator/api/v1alpha1
   version: v1alpha1
-version: "2"
+version: "3"

README.md

@@ -129,5 +129,3 @@ are significant differences to the [standard layout](https://github.com/golang-s
 
 The test suite needs the kubebuilder assets. If they are not installed in the default
 path make sure to set `KUBEBUILDER_ASSETS` before running tests.
-Similarly the vault CLI needs to be setup, if it is outside your `PATH` make sure to
-set `VAULT_ASSETS` to the directory containing the vault executable.

api/v1alpha1/groupversion_info.go

@@ -12,9 +12,9 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-// Package v1alpha1 contains API Schema definitions for the vault v1alpha1 API group
-// +kubebuilder:object:generate=true
-// +groupName=vault.finleap.cloud
+// Package v1alpha1 contains API Schema definitions for the vault.finleap.cloud v1alpha1 API group
+//+kubebuilder:object:generate=true
+//+groupName=vault.finleap.cloud
 package v1alpha1
 
 import (

api/v1alpha1/vaultsecret_types.go

@@ -65,7 +65,7 @@ type VaultSecretVariable struct {
 	Location *VaultSecretLocation `json:"location,omitempty"`
 }
 
-// Definition of a single data definiton
+// Definition of a single data definition
 type VaultSecretData struct {
 	// Associated key name for the created secret data.
 	// +kubebuilder:validation:MinLength=1

api/v1alpha1/vaultsecret_webhook.go

@@ -32,7 +32,7 @@ func (r *VaultSecret) SetupWebhookWithManager(mgr ctrl.Manager) error {
 		Complete()
 }
 
-// +kubebuilder:webhook:path=/validate-vault-finleap-cloud-v1alpha1-vaultsecret,mutating=false,failurePolicy=fail,groups=vault.finleap.cloud,resources=vaultsecrets,verbs=create;update,versions=v1alpha1,name=vvaultsecret.kb.io
+// +kubebuilder:webhook:path=/validate-vault-finleap-cloud-v1alpha1-vaultsecret,mutating=false,failurePolicy=fail,groups=vault.finleap.cloud,resources=vaultsecrets,verbs=create;update,versions=v1alpha1,name=vvaultsecret.kb.io,sideEffects=None,admissionReviewVersions=v1;v1beta1;v1alpha1
 
 var _ webhook.Validator = &VaultSecret{}