Merge pull request #8 from syngit-org/dev

0.0.3
syngit-org · Aug 23, 2024 · 43ecf77 · 43ecf77
2 parents 9b693bb + ed43d79
commit 43ecf77
Show file tree

Hide file tree

Showing 69 changed files with 6,377 additions and 152 deletions.
diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml
@@ -15,6 +15,11 @@ jobs:
     name: Build Docker image and push to repositories
     # run only when code is compiling and tests are passing
     runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
 
     # steps to perform in job
     steps:
@@ -51,7 +56,7 @@ jobs:
         uses: docker/build-push-action@v2
         with:
           platforms: linux/amd64,linux/arm64
-          tags: ghcr.io/syngit-org/syngit:${{ env.tag }}
+          tags: ghcr.io/${{ github.repository }}:${{ env.tag }}
           push: ${{ github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') }}
 
       - name: Image digest

diff --git a/PROJECT b/PROJECT
@@ -71,4 +71,34 @@ resources:
   webhooks:
     validation: true
     webhookVersion: v1
+- api:
+    crdVersion: v1
+    namespaced: true
+  domain: syngit.io
+  group: syngit
+  kind: RemoteSyncer
+  path: syngit.io/syngit/api/v3alpha3
+  version: v3alpha3
+  webhooks:
+    validation: true
+    webhookVersion: v1
+- api:
+    crdVersion: v1
+    namespaced: true
+  domain: syngit.io
+  group: syngit
+  kind: RemoteUser
+  path: syngit.io/syngit/api/v3alpha3
+  version: v3alpha3
+  webhooks:
+    validation: true
+    webhookVersion: v1
+- api:
+    crdVersion: v1
+    namespaced: true
+  domain: syngit.io
+  group: syngit
+  kind: RemoteUserBinding
+  path: syngit.io/syngit/api/v3alpha3
+  version: v3alpha3
 version: "3"
diff --git a/README.md b/README.md
@@ -2,7 +2,7 @@
 
 # syngit
 
-syngit is a Kubernetes operator that allows you to push resources on a git repository. It leverage the gitops by unifying the source of truth between your cluster and your git repository. It acts as a proxy between your client tool (`kubectl` or any UI) and the cluster.
+syngit is a Kubernetes operator that allows you to push resources on a git repository and manage their lifecycle. It leverage the gitops by unifying the source of truth between your cluster and your git repository. It acts as a proxy between your client tool (`kubectl` or any UI) and the cluster.
 
 ![syngit-proxy](./img/wiki/conception/commitonly-proxy.png)
 
@@ -70,7 +70,7 @@ stringData:
 ```
 
 ```yaml
-apiVersion: syngit.syngit.io/v2alpha2
+apiVersion: syngit.syngit.io/v3alpha3
 kind: RemoteUser
 metadata:
   name: remoteuser-sample
@@ -108,7 +108,7 @@ The RemoteSyncer object contains the whole logic part of the operator.
 In this example, the RemoteSyncer will intercept all the *configmaps*. It will push them to *https://github.com/my_repo_path.git* in the branch *main* under the path `my_configmaps/`. Because the `commitProcess` is set to `CommitApply`, the changes will be pushed and then applied to the cluster.
 
 ```yaml
-apiVersion: syngit.syngit.io/v2alpha2
+apiVersion: syngit.syngit.io/v3alpha3
 kind: RemoteSyncer
 metadata:
   name: remotesyncer-sample
@@ -118,8 +118,6 @@ spec:
   branch: main
   rootPath: "root-folder"
   commitProcess: CommitApply
-  authorizedUsers:
-    - name: owned-rub-kubernetes-<kubernetes_user_id>
   defaultUnauthorizedUserMode: Block
   excludedFields:
     - metadata.managedFields
@@ -159,7 +157,7 @@ Using the `CommitApply` mode, the automatic reconciliation will not have any eff
 
 **What if the connection with my git repository does not work?**
 
-As explained [here](https://github.com/syngit-org/syngit/wiki/Contribute), by default, the webhook logic will first try to commit & push and then apply the changes to the cluster. If, for any reason, the resource has not been pushed, the resource will not be applied. Therefore, the GitOps philosophy is not broken.
+As explained [here](https://github.com/syngit-org/syngit/wiki/Architecture), by default, the webhook logic will first try to commit & push and then apply the changes to the cluster. If, for any reason, the resource has not been pushed, the resource will not be applied. Therefore, the GitOps philosophy is not broken.
 
 ## Wiki
 

diff --git a/api/v2alpha2/remotesyncer_types.go b/api/v2alpha2/remotesyncer_types.go
@@ -78,7 +78,6 @@ type RemoteSyncerStatus struct {
 
 //+kubebuilder:object:root=true
 //+kubebuilder:subresource:status
-//+kubebuilder:storageversion
 
 // RemoteSyncer is the Schema for the remotesyncers API
 type RemoteSyncer struct {

diff --git a/api/v2alpha2/remotesyncer_webhook.go b/api/v2alpha2/remotesyncer_webhook.go
@@ -39,8 +39,6 @@ func (r *RemoteSyncer) SetupWebhookWithManager(mgr ctrl.Manager) error {
 		Complete()
 }
 
-//+kubebuilder:webhook:path=/validate-syngit-syngit-io-v2alpha2-remotesyncer,mutating=false,failurePolicy=fail,sideEffects=None,groups=syngit.syngit.io,resources=remotesyncers,verbs=create;update,versions=v2alpha2,name=vremotesyncer.kb.io,admissionReviewVersions=v1
-
 var _ webhook.Validator = &RemoteSyncer{}
 
 // Validate validates the RemoteSyncerSpec

diff --git a/api/v2alpha2/remoteuser_types.go b/api/v2alpha2/remoteuser_types.go
@@ -67,7 +67,6 @@ type RemoteUserStatus struct {
 
 //+kubebuilder:object:root=true
 //+kubebuilder:subresource:status
-//+kubebuilder:storageversion
 
 // RemoteUser is the Schema for the remoteusers API
 type RemoteUser struct {

diff --git a/api/v2alpha2/remoteuser_webhook.go b/api/v2alpha2/remoteuser_webhook.go
@@ -36,9 +36,6 @@ func (r *RemoteUser) SetupWebhookWithManager(mgr ctrl.Manager) error {
 		Complete()
 }
 
-//+kubebuilder:webhook:path=/validate-syngit-syngit-io-v2alpha2-remoteuser,mutating=false,failurePolicy=fail,sideEffects=None,groups=syngit.syngit.io,resources=remoteusers,verbs=create;update,versions=v2alpha2,name=vremoteuser.kb.io,admissionReviewVersions=v1
-//+kubebuilder:webhook:path=/reconcile-syngit-remoteuser-owner,mutating=false,failurePolicy=fail,sideEffects=None,groups=syngit.syngit.io,resources=remoteusers,verbs=create;delete,versions=v2alpha2,admissionReviewVersions=v1,name=vremoteusers-owner.kb.io
-
 var _ webhook.Validator = &RemoteUser{}
 
 // Validate validates the RemoteUserSpec

diff --git a/api/v2alpha2/remoteuserbinding_types.go b/api/v2alpha2/remoteuserbinding_types.go
@@ -47,7 +47,6 @@ type RemoteUserBindingStatus struct {
 
 //+kubebuilder:object:root=true
 //+kubebuilder:subresource:status
-//+kubebuilder:storageversion
 
 // RemoteUserBinding is the Schema for the remoteuserbindings API
 type RemoteUserBinding struct {

diff --git a/api/v3alpha3/groupversion_info.go b/api/v3alpha3/groupversion_info.go
@@ -0,0 +1,36 @@
+/*
+Copyright 2024.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package v3alpha3 contains API Schema definitions for the syngit v3alpha3 API group
+// +kubebuilder:object:generate=true
+// +groupName=syngit.syngit.io
+package v3alpha3
+
+import (
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/controller-runtime/pkg/scheme"
+)
+
+var (
+	// GroupVersion is group version used to register these objects
+	GroupVersion = schema.GroupVersion{Group: "syngit.syngit.io", Version: "v3alpha3"}
+
+	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
+	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
+
+	// AddToScheme adds the types in this group-version to the given scheme.
+	AddToScheme = SchemeBuilder.AddToScheme
+)