urbanmedia · leonsteinhaeuser · Aug 29, 2023 · Aug 15, 2023 · Aug 15, 2023 · Aug 15, 2023
@@ -1,9 +1,24 @@
 # More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file
 # Ignore build and test binaries.
-**
-!controllers/
-!api/
-!pkg/
-!go.mod
-!go.sum
-!main.go
+
+# folders
+_data/
+.github/
+bin/
+config/
+e2e/
+hack/
+
+# files
+.envrc
+.gitignore
+.goreleaser.yaml
+CODE_OF_CONDUCT.md
+docker-compose.yaml
+Dockerfile
+Dockerfile.dev
+LICENSE
+Makefile
+PROJECT.md
+README.md
+SECURITY.md
@@ -1,3 +1,3 @@
 # https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners
 
-* @leonsteinhaeuser
+* @urbanmedia/platform @urbanmedia/unitb-platform
@@ -22,7 +22,7 @@ on:
       - "!dependabot/**"
 
 env:
-  go_version: 1.19
+  go_version: '1.20'
   artifact_name: passbolt-operator
   artifact_bin_name: kubebuilder
   IMG: tagesspiegel/passbolt-operator:dev
@@ -214,17 +214,15 @@ jobs:
       - build-temp-image
       - prepare-bin
     env:
-      KUBERNETES_NAMESPACE: kubernetes-passbolt-operator-system
+      KUBERNETES_NAMESPACE: passbolt-operator-system
     strategy:
       fail-fast: false
       matrix:
         kind_node_image:
-          - kindest/node:v1.26.0
-          - kindest/node:v1.25.3
-          - kindest/node:v1.24.7
-          - kindest/node:v1.23.13
-          - kindest/node:v1.22.15
-          - kindest/node:v1.21.14
+          - kindest/node:v1.27.3
+          - kindest/node:v1.26.6
+          - kindest/node:v1.25.11
+          - kindest/node:v1.24.15
     steps:
       - name: Install go ${{ env.go_version }}
         uses: actions/setup-go@v4
@@ -294,6 +292,12 @@ jobs:
       - name: Start the other containers
         run: docker-compose up -d
 
+      - name: Install Prometheus Operator CRDs
+        run: |
+          helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
+          helm repo update
+          helm install prometheus-operator-crds prometheus-community/prometheus-operator-crds
+
       - name: Install cert-manager
         run: |
           helm repo add jetstack https://charts.jetstack.io

@@ -4,20 +4,28 @@
 *.dll
 *.so
 *.dylib
+bin/
+Dockerfile.cross
 
-# Test binary, built with `go test -c`
+# Test binary, build with `go test -c`
 *.test
 
 # Output of the go coverage tool, specifically when used with LiteIDE
 *.out
 
-# Dependency directories (remove the comment below to include it)
-# vendor/
+# Kubernetes Generated files - skip generated files, except for vendored files
 
-bin/
+!vendor/**/zz_generated.*
+
+# editor and IDE paraphernalia
+.idea
+.vscode
+*.swp
+*.swo
+*~
 
 .env
 .envrc
 
 dist/
-generated/
+generated/
@@ -11,7 +11,7 @@ before:
 
 builds:
   - id: controller
-    main: main.go
+    main: cmd/main.go
     binary: controller
     env:
       - CGO_ENABLED=0

@@ -2,4 +2,4 @@ FROM gcr.io/distroless/static:nonroot
 WORKDIR /
 COPY controller /controller
 USER 65532:65532
-ENTRYPOINT ["/controller"]
+ENTRYPOINT ["/controller"]
@@ -8,22 +8,18 @@ WORKDIR /workspace
 # Copy the go source
 ADD . .
 
-# cache deps before building and copying source so that we don't need to re-download as much
-# and so that source changes don't invalidate our downloaded layer
-RUN go mod download
-
 # Build
 # the GOARCH has not a default value to allow the binary be built according to the host where the command
 # was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO
 # the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore,
 # by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
-RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager main.go
+RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o controller cmd/main.go
 
-# Use distroless as minimal base image to package the manager binary
+# Use distroless as minimal base image to package the controller binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
 FROM gcr.io/distroless/static:nonroot
 WORKDIR /
-COPY --from=builder /workspace/manager controller
+COPY --from=builder /workspace/controller .
 USER 65532:65532
 
 ENTRYPOINT ["/controller"]
@@ -2,7 +2,7 @@
 # Image URL to use all building/pushing image targets
 IMG ?= tagesspiegel/passbolt-operator:latest
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
-ENVTEST_K8S_VERSION = 1.25.0
+ENVTEST_K8S_VERSION = 1.27.1
 E2E_APPLY_WAIT_DURATION ?= 10
 KIND_CLUSTER_NAME ?= passbolt-operator
 
@@ -13,6 +13,12 @@ else
 GOBIN=$(shell go env GOBIN)
 endif
 
+# CONTAINER_TOOL defines the container tool to be used for building images.
+# Be aware that the target commands are only tested with Docker which is
+# scaffolded by default. However, you might want to replace it to use other
+# tools. (i.e. podman)
+CONTAINER_TOOL ?= docker
+
 # Setting SHELL to bash allows bash commands to be executed by recipes.
 # Options are set to exit when a recipe line exits non-zero or a piped command fails.
 SHELL = /usr/bin/env bash -o pipefail
@@ -58,15 +64,15 @@ vet: ## Run go vet against code.
 
 .PHONY: test
 test: manifests generate fmt vet envtest ## Run tests.
-	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test ./... -coverprofile cover.out -covermode=atomic
+	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test ./... -coverprofile cover.out
 
 .PHONY: coverhtml
 coverhtml: ## Display test coverage in html
 	go tool cover -html=cover.out
 
 .PHONY: test-e2e
 test-e2e: ## Run e2e tests.
-	kubectl apply -f config/samples/
+	kubectl apply -k config/samples/
 	sleep ${E2E_APPLY_WAIT_DURATION}
 	./e2e/run.sh
 
@@ -77,12 +83,12 @@ kind-load: ## Load docker image into kind cluster
 ##@ Build
 
 .PHONY: build
-build: generate fmt vet ## Build manager binary.
-	go build -o bin/manager main.go
+build: manifests generate fmt vet ## Build manager binary.
+	go build -o bin/manager cmd/main.go
 
 .PHONY: run
-run: manifests generate certs fmt vet ## Run a controller from your host.
-	go run ./main.go
+run: manifests generate fmt vet ## Run a controller from your host.
+	go run ./cmd/main.go
 
 # If you wish built the manager image targeting other platforms you can use the --platform flag.
 # (i.e. docker build --platform linux/arm64 ). However, you must enable docker buildKit for it.
@@ -128,25 +134,20 @@ endif
 
 .PHONY: install
 install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
-	$(KUSTOMIZE) build config/crd | kubectl apply -f -
+	$(KUSTOMIZE) build config/crd | $(KUBECTL) apply -f -
 
 .PHONY: uninstall
 uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
-	$(KUSTOMIZE) build config/crd | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
+	$(KUSTOMIZE) build config/crd | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f -
 
 .PHONY: deploy
 deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
 	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
-	$(KUSTOMIZE) build config/default | kubectl apply -f -
-
-raw: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
-	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
-	$(KUSTOMIZE) build config/default > deploy.raw.yaml
-
+	$(KUSTOMIZE) build config/default | $(KUBECTL) apply -f -
 
 .PHONY: undeploy
 undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
-	$(KUSTOMIZE) build config/default | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
+	$(KUSTOMIZE) build config/default | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f -
 
 .PHONY: generate-manifests
 generate-manifests: manifests kustomize ## Generate manifests and store them in the generated folder
@@ -163,24 +164,29 @@ $(LOCALBIN):
 	mkdir -p $(LOCALBIN)
 
 ## Tool Binaries
+KUBECTL ?= kubectl
 KUSTOMIZE ?= $(LOCALBIN)/kustomize
 CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
 ENVTEST ?= $(LOCALBIN)/setup-envtest
 
 ## Tool Versions
-KUSTOMIZE_VERSION ?= v3.8.7
-CONTROLLER_TOOLS_VERSION ?= v0.9.2
+KUSTOMIZE_VERSION ?= v5.0.1
+CONTROLLER_TOOLS_VERSION ?= v0.12.0
 
-KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
 .PHONY: kustomize
-kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
+kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. If wrong version is installed, it will be removed before downloading.
 $(KUSTOMIZE): $(LOCALBIN)
-	test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); }
+	@if test -x $(LOCALBIN)/kustomize && ! $(LOCALBIN)/kustomize version | grep -q $(KUSTOMIZE_VERSION); then \
+		echo "$(LOCALBIN)/kustomize version is not expected $(KUSTOMIZE_VERSION). Removing it before installing."; \
+		rm -rf $(LOCALBIN)/kustomize; \
+	fi
+	test -s $(LOCALBIN)/kustomize || GOBIN=$(LOCALBIN) GO111MODULE=on go install sigs.k8s.io/kustomize/kustomize/v5@$(KUSTOMIZE_VERSION)
 
 .PHONY: controller-gen
-controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary.
+controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten.
 $(CONTROLLER_GEN): $(LOCALBIN)
-	test -s $(LOCALBIN)/controller-gen || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_TOOLS_VERSION)
+	test -s $(LOCALBIN)/controller-gen && $(LOCALBIN)/controller-gen --version | grep -q $(CONTROLLER_TOOLS_VERSION) || \
+	GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_TOOLS_VERSION)
 
 .PHONY: envtest
 envtest: $(ENVTEST) ## Download envtest-setup locally if necessary.

@@ -4,8 +4,8 @@
 # More info: https://book.kubebuilder.io/reference/project-config.html
 domain: tagesspiegel.de
 layout:
-- go.kubebuilder.io/v3
-projectName: kubernetes-passbolt-operator
+- go.kubebuilder.io/v4
+projectName: passbolt-operator
 repo: github.com/urbanmedia/passbolt-operator
 resources:
 - api:
@@ -20,7 +20,11 @@ resources:
   webhooks:
     conversion: true
     webhookVersion: v1
-- domain: tagesspiegel.de
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: tagesspiegel.de
   group: passbolt
   kind: PassboltSecret
   path: github.com/urbanmedia/passbolt-operator/api/v1alpha2

@@ -119,6 +119,8 @@ The Passbolt Operator can be configured with the following environement variable
 - [Kubectl](https://kubernetes.io/docs/tasks/tools/) >= v1.25
 - [Kind](https://kind.sigs.k8s.io/docs/user/quick-start/) >= v0.17
 - mysql-client >= 15.1 (`mysql --version` => `mysql  Ver 15.1 Distrib 10.6.11-MariaDB`)
+  - [Prometheus Operator CRDs installed in the cluster](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-operator-crds) >= 5.1
+  - [cert-manager](https://cert-manager.io/docs/installation/helm/) >= v1.12
 
 ### Setup the development environment
 

@@ -1,5 +1,5 @@
 /*
-Copyright 2022 @ Verlag Der Tagesspiegel GmbH
+Copyright 2023 Verlag der Tagesspiegel GmbH.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

@@ -1,5 +1,5 @@
 /*
-Copyright 2022 @ Verlag Der Tagesspiegel GmbH
+Copyright 2023 Verlag der Tagesspiegel GmbH.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

@@ -1,5 +1,5 @@
 /*
-Copyright 2022 @ Verlag Der Tagesspiegel GmbH
+Copyright 2023 Verlag der Tagesspiegel GmbH.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -25,7 +25,6 @@ import (
 var passboltsecretlog = logf.Log.WithName("passboltsecret-resource")
 
 func (r *PassboltSecret) SetupWebhookWithManager(mgr ctrl.Manager) error {
-	passboltsecretlog.V(10).Info("setting up webhook", "version", "v1alpha1")
 	return ctrl.NewWebhookManagedBy(mgr).
 		For(r).
 		Complete()