WIP [v1alpha2]: refactor controller

Dockerfile

@@ -2,7 +2,6 @@ FROM gcr.io/distroless/static:debug-nonroot
 
 WORKDIR /
 
-COPY helm helm
 COPY core core
 COPY unpack unpack
 COPY webhooks webhooks

Makefile

@@ -84,11 +84,6 @@ generate: $(CONTROLLER_GEN) ## Generate code and manifests
 		paths=./internal/uploadmgr/... \
 			output:stdout > ./manifests/base/core/resources/cluster_role.yaml
 	$(Q)$(CONTROLLER_GEN) rbac:roleName=webhooks-admin paths=./internal/webhook/... output:stdout > ./manifests/base/apis/webhooks/resources/cluster_role.yaml
-	$(Q)$(CONTROLLER_GEN) rbac:roleName=helm-provisioner-admin \
-		paths=./internal/controllers/bundle/... \
-		paths=./internal/controllers/bundledeployment/... \
-		paths=./internal/provisioner/helm/... \
-		    output:stdout > ./manifests/base/provisioners/helm/resources/cluster_role.yaml
 
 verify: tidy fmt generate ## Verify the current code generation and lint
 	git diff --exit-code
@@ -144,7 +139,6 @@ install-manifests:
 wait:
 	$(KUBECTL) wait --for=condition=Available --namespace=$(RUKPAK_NAMESPACE) deployment/core --timeout=60s
 	$(KUBECTL) wait --for=condition=Available --namespace=$(RUKPAK_NAMESPACE) deployment/rukpak-webhooks --timeout=60s
-	$(KUBECTL) wait --for=condition=Available --namespace=$(RUKPAK_NAMESPACE) deployment/helm-provisioner --timeout=60s
 	$(KUBECTL) wait --for=condition=Available --namespace=crdvalidator-system deployment/crd-validation-webhook --timeout=60s
 
 run: build-container kind-cluster kind-load install ## Build image, stop/start a local kind cluster, and run operator in that cluster
@@ -171,7 +165,7 @@ uninstall: ## Remove all rukpak resources from the cluster
 
 ##@ build/load:
 
-BINARIES=core helm unpack webhooks crdvalidator rukpakctl
+BINARIES=core unpack webhooks crdvalidator rukpakctl
 LINUX_BINARIES=$(join $(addprefix linux/,$(BINARIES)), )
 
 .PHONY: build $(BINARIES) $(LINUX_BINARIES) build-container kind-load kind-load-bundles kind-cluster registry-load-bundles

Tiltfile

@@ -9,7 +9,6 @@ repo = {
     'binaries': {
         'core': 'core',
         'crdvalidator': 'crd-validation-webhook',
-        'helm': 'helm-provisioner',
         'webhooks': 'rukpak-webhooks',
     },
     'starting_debug_port': 10000,

api/v1alpha1/bundledeployment_types.go

@@ -80,6 +80,7 @@ type BundleDeploymentStatus struct {
 //+kubebuilder:printcolumn:name=Provisioner,type=string,JSONPath=`.spec.provisionerClassName`,priority=1
 
 // BundleDeployment is the Schema for the bundledeployments API
+
 type BundleDeployment struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`

api/v1alpha2/bundledeployment_types.go

@@ -0,0 +1,118 @@
+/*
+Copyright 2023.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha2
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+)
+
+var (
+	BundleDeploymentGVK  = SchemeBuilder.GroupVersion.WithKind("BundleDeployment")
+	BundleDeploymentKind = BundleDeploymentGVK.Kind
+)
+
+const (
+	TypeHasValidBundle = "HasValidBundle"
+	TypeInstalled      = "Installed"
+
+	ReasonBundleLoadFailed         = "BundleLoadFailed"
+	ReasonReadingContentFailed     = "ReadingContentFailed"
+	ReasonErrorGettingClient       = "ErrorGettingClient"
+	ReasonErrorGettingReleaseState = "ErrorGettingReleaseState"
+	ReasonInstallFailed            = "InstallFailed"
+	ReasonUpgradeFailed            = "UpgradeFailed"
+	ReasonReconcileFailed          = "ReconcileFailed"
+	ReasonCreateDynamicWatchFailed = "CreateDynamicWatchFailed"
+	ReasonInstallationSucceeded    = "InstallationSucceeded"
+)
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+//+kubebuilder:storageversion
+// +kubebuilder:resource:scope=Cluster,shortName={"bd","bds"}
+// +kubebuilder:printcolumn:name="Install State",type=string,JSONPath=`.status.conditions[?(.type=="Installed")].reason`
+// +kubebuilder:printcolumn:name=Age,type=date,JSONPath=`.metadata.creationTimestamp`
+
+// BundleDeployment is the Schema for the bundledeployments API
+type BundleDeployment struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   BundleDeploymentSpec   `json:"spec"`
+	Status BundleDeploymentStatus `json:"status,omitempty"`
+}
+
+// BundleDeploymentSpec defines the desired state of BundleDeployment
+type BundleDeploymentSpec struct {
+	// Source configures how to pull the bundle content.
+
+	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:MinItems:=1
+	Sources []BundleDeplopymentSource `json:"sources"`
+	// Format refers to the bundle type which is being passed through
+	// the bundle deployment API.
+
+	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:Enum=plain;helm;registry
+	Format FormatType `json:"format"`
+	// Paused is used to configure whether we want the
+	// bundle deployment to reconcile, or remmain in the
+	// last observed state.
+
+	// +kubebuilder:default:=false
+	// +optional
+	Paused bool `json:"paused"`
+	// Config is provisioner specific configurations
+	// TODO: This should be become deployer specific.
+	// Should move to helm deployer configuration.
+	// +kubebuilder:pruning:PreserveUnknownFields
+	Config runtime.RawExtension `json:"config,omitempty"`
+	// +optional
+	DefaultNamespace string `json:"defaultnamespace,omitempty"`
+}
+
+// FormatType refers to the allowed bundle formats that
+// are being accepted in the APIs.
+type FormatType string
+
+// For more details on how each format looks like,
+// refer: https://github.com/operator-framework/rukpak/tree/main/docs/bundles.
+const (
+	FormatPlain      = "plain"
+	FormatRegistryV1 = "registry"
+	FormatHelm       = "helm"
+)
+
+// BundleDeploymentStatus defines the observed state of BundleDeployment
+type BundleDeploymentStatus struct {
+	Conditions         []metav1.Condition `json:"conditions,omitempty"`
+	ObservedGeneration int64              `json:"observedGeneration,omitempty"`
+}
+
+// BundleDeploymentList contains a list of BundleDeployment
+
+// +kubebuilder:object:root=true
+type BundleDeploymentList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []BundleDeployment `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&BundleDeployment{}, &BundleDeploymentList{})
+}

api/v1alpha2/groupversion_info.go

@@ -0,0 +1,36 @@
+/*
+Copyright 2023.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package v1alpha1 contains API Schema definitions for the core v1alpha1 API group
+// +kubebuilder:object:generate=true
+// +groupName=core.rukpak.io
+package v1alpha2
+
+import (
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/controller-runtime/pkg/scheme"
+)
+
+var (
+	// GroupVersion is group version used to register these objects
+	GroupVersion = schema.GroupVersion{Group: "core.rukpak.io", Version: "v1alpha2"}
+
+	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
+	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
+
+	// AddToScheme adds the types in this group-version to the given scheme.
+	AddToScheme = SchemeBuilder.AddToScheme
+)

api/v1alpha2/source_types.go

@@ -0,0 +1,123 @@
+/*
+Copyright 2023.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha2
+
+import (
+	corev1 "k8s.io/api/core/v1"
+)
+
+type SourceKind string
+
+const (
+	// SourceKind refers to the kind of source being
+	// used to unpack contents.
+	SourceKindImage SourceKind = "image"
+	SourceKindGit   SourceKind = "git"
+	SourceKindHTTP  SourceKind = "http"
+
+	TypeUnpacked  = "Unpacked"
+	TypeValidated = "Validated"
+
+	ReasonUnpackPending             = "UnpackPending"
+	ReasonUnpacking                 = "Unpacking"
+	ReasonUnpackSuccessful          = "UnpackSuccessful"
+	ReasonUnpackFailed              = "UnpackFailed"
+	ReasonValidatePending           = "Validating"
+	ReasonValidating                = "Validating"
+	ReasonValidateSuccessful        = "ValidateSuccessful"
+	ReasonValidateFailed            = "ValidateFailed"
+	ReasonProcessingFinalizerFailed = "ProcessingFinalizerFailed"
+
+	PhasePending   = "Pending"
+	PhaseUnpacking = "Unpacking"
+	PhaseFailing   = "Failing"
+	PhaseUnpacked  = "Unpacked"
+)
+
+type BundleDeplopymentSource struct {
+	// Kind of source being passed
+
+	// +kubebuilder:validation:type=string
+	Kind SourceKind `json:"kind"`
+
+	// Image is the bundle image that backs the content of this bundle.
+	Image *ImageSource `json:"image,omitempty"`
+
+	// Git is the git repository that backs the content of this Bundle.
+	Git *GitSource `json:"git,omitempty"`
+
+	//  HTTP is the remote location that backs the content of this Bundle.
+	HTTP *HTTPSource `json:"http,omitempty"`
+
+	// Relative location to place the fetched artifacts
+	// +optional
+	Destination string `json:"destination,omitempty"`
+}
+
+type ImageSource struct {
+	// Ref contains the reference to a container image containing Bundle contents.
+	Ref string `json:"ref"`
+	// Auth configures the authentication method if necessary.
+	Auth *Authorization `json:"auth,omitempty"`
+}
+
+type GitSource struct {
+	// Repository is a URL link to the git repository containing the bundle.
+	// Repository is required and the URL should be parsable by a standard git tool.
+	Repository string `json:"repository"`
+	// Directory refers to the location of the bundle within the git repository.
+	Directory string `json:"directory,omitempty"`
+	// Ref configures the git source to clone a specific branch, tag, or commit
+	// from the specified repo. Ref is required, and exactly one field within Ref
+	// is required. Setting more than one field or zero fields will result in an
+	// error.
+	Ref GitRef `json:"ref"`
+	// Auth configures the authorization method if necessary.
+	Auth Authorization `json:"auth,omitempty"`
+}
+
+type GitRef struct {
+	// Branch refers to the branch to checkout from the repository.
+	// The Branch should contain the bundle manifests in the specified directory.
+	Branch string `json:"branch,omitempty"`
+	// Tag refers to the tag to checkout from the repository.
+	// The Tag should contain the bundle manifests in the specified directory.
+	Tag string `json:"tag,omitempty"`
+	// Commit refers to the commit to checkout from the repository.
+	// The Commit should contain the bundle manifests in the specified directory.
+	Commit string `json:"commit,omitempty"`
+}
+
+type Authorization struct {
+	// Secret contains reference to the secret that has authorization information and is in the namespace that the provisioner is deployed.
+	// The secret is expected to contain `data.username` and `data.password` for the username and password, respectively for http(s) scheme.
+	// Refer to https://kubernetes.io/docs/concepts/configuration/secret/#basic-authentication-secret
+	// For the ssh authorization of the GitSource, the secret is expected to contain `data.ssh-privatekey` and `data.ssh-knownhosts` for the ssh privatekey and the host entry in the known_hosts file respectively.
+	// Refer to https://kubernetes.io/docs/concepts/configuration/secret/#ssh-authentication-secrets
+	Secret corev1.LocalObjectReference `json:"secret,omitempty"`
+	// InsecureSkipVerify controls whether a client verifies the server's certificate chain and host name. If InsecureSkipVerify
+	// is true, the clone operation will accept any certificate presented by the server and any host name in that
+	// certificate. In this mode, TLS is susceptible to machine-in-the-middle attacks unless custom verification is
+	// used. This should be used only for testing.
+	InsecureSkipVerify bool `json:"insecureSkipVerify,omitempty"`
+}
+type HTTPSource struct {
+	// URL is where the bundle contents is.
+	URL string `json:"url"`
+	// Auth configures the authorization method if necessary.
+	Auth Authorization `json:"auth,omitempty"`
+}