Merge pull request #15 from damsien/dev

0.0.5
syngit-org · Sep 23, 2024 · ae17f4a · ae17f4a
2 parents d3310ae + 981d6ce
commit ae17f4a
Show file tree

Hide file tree

Showing 39 changed files with 3,638 additions and 8 deletions.
diff --git a/Makefile b/Makefile
@@ -68,9 +68,9 @@ dev-deploy: # Launch dev env on the cluster
 
 .PHONY: cleanup-deploy
 cleanup-deploy: # Cleanup
-	make undeploy
 	cd $(WEBHOOK_PATH) && mv secret.yaml.temp secret.yaml
 	cd $(WEBHOOK_PATH) && mv manifests.yaml.temp manifests.yaml
+	make undeploy
 
 # .PHONY: cleanup-run
 # cleanup-run: # Cleanup
@@ -121,7 +121,7 @@ build: manifests generate fmt vet ## Build manager binary.
 
 .PHONY: run
 run: manifests generate fmt vet ## Run a controller from your host.
-	export MANAGER_NAMESPACE=operator-system DEV=true && go run ./cmd/main.go
+	export MANAGER_NAMESPACE=operator-system DYNAMIC_WEBHOOK_NAME=remotesyncer.syngit.io DEV=true && go run ./cmd/main.go
 
 # If you wish to build the manager image targeting other platforms you can use the --platform flag.
 # (i.e. docker build --platform linux/arm64). However, you must enable docker buildKit for it.

diff --git a/README.md b/README.md
@@ -44,7 +44,7 @@ helm repo add syngit https://syngit-org.github.io/syngit
 1. Install the operator
 You can customize the values before installing the Helm chart.
 ```sh
-helm install syngit syngit/syngit --version 0.0.4
+helm install syngit syngit/syngit --version 0.0.5
 ```
 
 syngit is now installed on your cluster!

diff --git a/api/v3alpha3/remotesyncer_webhook.go b/api/v3alpha3/remotesyncer_webhook.go
@@ -54,9 +54,9 @@ func (r *RemoteSyncerSpec) ValidateRemoteSyncerSpec() field.ErrorList {
 		errors = append(errors, field.Required(field.NewPath("spec").Child("defaultUser"), "should be set when defaultUnauthorizedUserMode is set to \"UseDefaultUser\""))
 	}
 
-	// Validate DefaultBlockAppliedMessage only exists if CommitProcess is set to ApplyCommit
-	if r.DefaultBlockAppliedMessage != "" && r.CommitProcess != "CommitApply" {
-		errors = append(errors, field.Forbidden(field.NewPath("spec").Child("defaultBlockAppliedMessage"), "should not be set if .spec.commitProcess is not set to \"CommitApply\""))
+	// Validate DefaultBlockAppliedMessage only exists if CommitProcess is set to CommitOnly
+	if r.DefaultBlockAppliedMessage != "" && r.CommitProcess != "CommitOnly" {
+		errors = append(errors, field.Forbidden(field.NewPath("spec").Child("defaultBlockAppliedMessage"), "should not be set if .spec.commitProcess is not set to \"CommitOnly\""))
 	}
 
 	// Validate that CommitProcess is either CommitApply or CommitOnly

diff --git a/charts/0.0.5/Chart.yaml b/charts/0.0.5/Chart.yaml
@@ -0,0 +1,11 @@
+apiVersion: v2
+name: syngit
+description: An operator to push resources onto git
+type: application
+version: 0.0.5
+appVersion: 0.0.5
+home: https://github.com/syngit-org/syngit
+icon: https://raw.githubusercontent.com/syngit-org/syngit/main/img/icon.png
+maintainers:
+  - email: [email protected]
+    name: Damien
diff --git a/charts/0.0.5/templates/certmanager/certificate.yaml b/charts/0.0.5/templates/certmanager/certificate.yaml
@@ -0,0 +1,36 @@
+{{- if eq .Values.webhook.certmanager.enable true }}
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  labels:
+    app.kubernetes.io/name: certificate
+    app.kubernetes.io/instance: serving-cert
+    app.kubernetes.io/component: certificate
+    app.kubernetes.io/created-by: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+  name: {{ .Release.Name }}-selfsigned-issuer
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  labels:
+    app.kubernetes.io/name: certificate
+    app.kubernetes.io/instance: serving-cert
+    app.kubernetes.io/component: certificate
+    app.kubernetes.io/created-by: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+  name: operator-webhook-cert
+spec:
+  dnsNames:
+  - webhook-crd-service.{{ .Release.Namespace }}.svc
+  - webhook-crd-service.{{ .Release.Namespace }}.svc.local
+  - syngit-remote-syncer-webhook-service.{{ .Release.Namespace }}.svc
+  - syngit-remote-syncer-webhook-service.{{ .Release.Namespace }}.svc.local
+  issuerRef:
+    kind: Issuer
+    name: {{ .Release.Name }}-selfsigned-issuer
+  secretName: {{ .Values.webhook.certmanager.certificate.secret }}
+{{- end }}
diff --git a/charts/0.0.5/templates/config/bitbucket-configuration.yaml b/charts/0.0.5/templates/config/bitbucket-configuration.yaml
@@ -0,0 +1,8 @@
+{{- if eq .Values.configuration.bitbucket true }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: bitbucket.org
+data:
+  authenticationEndpoint: https://api.bitbucket.org/2.0/user
+{{- end }}
diff --git a/charts/0.0.5/templates/config/github-configuration.yaml b/charts/0.0.5/templates/config/github-configuration.yaml
@@ -0,0 +1,8 @@
+{{- if eq .Values.configuration.github true }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: github.com
+data:
+  authenticationEndpoint: https://api.github.com/user
+{{- end }}
diff --git a/charts/0.0.5/templates/config/gitlab-configuration.yaml b/charts/0.0.5/templates/config/gitlab-configuration.yaml
@@ -0,0 +1,8 @@
+{{- if eq .Values.configuration.gitlab true }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: gitlab.com
+data:
+  authenticationEndpoint: https://gitlab.com/api/v4/user
+{{- end }}
diff --git a/charts/0.0.5/templates/controller/auth_proxy_service.yaml b/charts/0.0.5/templates/controller/auth_proxy_service.yaml
@@ -0,0 +1,22 @@
+{{- if eq .Values.controller.rbacProxy.enable true }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    control-plane: controller-manager
+    app.kubernetes.io/name: service
+    app.kubernetes.io/instance: controller-manager-metrics-service
+    app.kubernetes.io/component: kube-rbac-proxy
+    app.kubernetes.io/created-by: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+  name: {{ .Release.Name }}-controller-manager-metrics-service
+spec:
+  ports:
+  - name: https
+    port: 8443
+    protocol: TCP
+    targetPort: https
+  selector:
+    control-plane: controller-manager
+{{- end }}
diff --git a/charts/0.0.5/templates/controller/manager.yaml b/charts/0.0.5/templates/controller/manager.yaml
@@ -0,0 +1,92 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  labels:
+    control-plane: controller-manager
+    app.kubernetes.io/name: deployment
+    app.kubernetes.io/instance: controller-manager
+    app.kubernetes.io/component: manager
+    app.kubernetes.io/created-by: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  selector:
+    matchLabels:
+      control-plane: controller-manager
+  replicas: 1
+  template:
+    metadata:
+      annotations:
+        kubectl.kubernetes.io/default-container: manager
+      labels:
+        control-plane: controller-manager
+    spec:
+      containers:
+      {{- if eq .Values.controller.metrics.enable true }}
+      - name: kube-rbac-proxy
+        securityContext: {{ toYaml .Values.controller.rbacProxy.securityContext | nindent 10 }}
+        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0
+        args:
+        - "--secure-listen-address=0.0.0.0:8443"
+        - "--upstream={{ .Values.controller.rbacProxy.upstreamAddress }}"
+        - "--logtostderr=true"
+        - "--v=0"
+        ports:
+        - containerPort: 8443
+          protocol: TCP
+          name: https
+        resources: {{ toYaml .Values.controller.rbacProxy.resources | nindent 10 }}
+      {{- end }}
+      - command:
+        - /manager
+        args:
+        - "--leader-elect"
+        {{- if eq .Values.controller.metrics.enable true }}
+        - "--health-probe-bind-address=:8081"
+        - "--metrics-bind-address={{ .Values.controller.metrics.bindAddress }}"
+        {{- end }}
+        image: {{ .Values.controller.image.prefix }}/{{ .Values.controller.image.name }}:{{ .Values.controller.image.tag }}
+        env:
+        - name: MANAGER_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: DYNAMIC_WEBHOOK_NAME
+          value: {{ .Values.controller.dynamicWebhookName }}
+        name: manager
+        securityContext: {{ toYaml .Values.controller.securityContext | nindent 10 }}
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8081
+          initialDelaySeconds: 15
+          periodSeconds: 20
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: 8081
+          initialDelaySeconds: 5
+          periodSeconds: 10
+        resources: {{ toYaml .Values.controller.resources | nindent 10 }}
+        ports:
+        - containerPort: 9443
+          name: wbhk-crd-srv
+          protocol: TCP
+        - containerPort: 9444
+          name: wbhk-pusher-srv
+          protocol: TCP
+        volumeMounts:
+        - mountPath: /tmp/k8s-webhook-server/serving-certs
+          name: cert
+          readOnly: true
+      serviceAccountName: {{ .Release.Name }}-controller-manager
+      terminationGracePeriodSeconds: 10
+      {{- if .Values.controller.tolerations }}
+      tolerations: {{ toYaml .Values.controller.tolerations | nindent 8 }}
+      {{- end }}
+      volumes:
+      - name: cert
+        secret:
+          defaultMode: 420
+          secretName: {{ .Values.webhook.certmanager.certificate.secret }}