kubebuilder create api --group containerregistry --version v1alpha1 -…

…-kind Harbor --make false --resource false --controller true

Signed-off-by: Pierre Péronnet <pierre.peronnet@corp.ovh.com>

PROJECT

@@ -1,3 +1,7 @@
 domain: ovhcloud.com
 repo: github.com/ovh/harbor-operator
+resources:
+- group: containerregistry
+  kind: Harbor
+  version: v1alpha1
 version: "2"

api/v1alpha1/groupversion_info.go

@@ -0,0 +1,24 @@
+/*
+.
+*/
+
+// Package v1alpha1 contains API Schema definitions for the containerregistry v1alpha1 API group
+// +kubebuilder:object:generate=true
+// +groupName=containerregistry.ovhcloud.com
+package v1alpha1
+
+import (
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/controller-runtime/pkg/scheme"
+)
+
+var (
+	// GroupVersion is group version used to register these objects
+	GroupVersion = schema.GroupVersion{Group: "containerregistry.ovhcloud.com", Version: "v1alpha1"}
+
+	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
+	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}
+
+	// AddToScheme adds the types in this group-version to the given scheme.
+	AddToScheme = SchemeBuilder.AddToScheme
+)

api/v1alpha1/harbor_types.go

@@ -0,0 +1,51 @@
+/*
+.
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// HarborSpec defines the desired state of Harbor
+type HarborSpec struct {
+	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+
+	// Foo is an example field of Harbor. Edit Harbor_types.go to remove/update
+	Foo string `json:"foo,omitempty"`
+}
+
+// HarborStatus defines the observed state of Harbor
+type HarborStatus struct {
+	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+}
+
+// +kubebuilder:object:root=true
+
+// Harbor is the Schema for the harbors API
+type Harbor struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   HarborSpec   `json:"spec,omitempty"`
+	Status HarborStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// HarborList contains a list of Harbor
+type HarborList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []Harbor `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&Harbor{}, &HarborList{})
+}

config/crd/kustomization.yaml

@@ -0,0 +1,21 @@
+# This kustomization.yaml is not intended to be run by itself,
+# since it depends on service name and namespace that are out of this kustomize package.
+# It should be run by config/default
+resources:
+- bases/containerregistry.ovhcloud.com_harbors.yaml
+# +kubebuilder:scaffold:crdkustomizeresource
+
+patchesStrategicMerge:
+# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
+# patches here are for enabling the conversion webhook for each CRD
+#- patches/webhook_in_harbors.yaml
+# +kubebuilder:scaffold:crdkustomizewebhookpatch
+
+# [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
+# patches here are for enabling the CA injection for each CRD
+#- patches/cainjection_in_harbors.yaml
+# +kubebuilder:scaffold:crdkustomizecainjectionpatch
+
+# the following config is for teaching kustomize how to do kustomization for CRDs.
+configurations:
+- kustomizeconfig.yaml

config/crd/kustomizeconfig.yaml

@@ -0,0 +1,17 @@
+# This file is for teaching kustomize how to substitute name and namespace reference in CRD
+nameReference:
+- kind: Service
+  version: v1
+  fieldSpecs:
+  - kind: CustomResourceDefinition
+    group: apiextensions.k8s.io
+    path: spec/conversion/webhookClientConfig/service/name
+
+namespace:
+- kind: CustomResourceDefinition
+  group: apiextensions.k8s.io
+  path: spec/conversion/webhookClientConfig/service/namespace
+  create: false
+
+varReference:
+- path: metadata/annotations

config/crd/patches/cainjection_in_harbors.yaml

@@ -0,0 +1,8 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: harbors.containerregistry.ovhcloud.com

config/crd/patches/webhook_in_harbors.yaml

@@ -0,0 +1,17 @@
+# The following patch enables conversion webhook for CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: harbors.containerregistry.ovhcloud.com
+spec:
+  conversion:
+    strategy: Webhook
+    webhookClientConfig:
+      # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
+      # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
+      caBundle: Cg==
+      service:
+        namespace: system
+        name: webhook-service
+        path: /convert

config/rbac/harbor_editor_role.yaml

@@ -0,0 +1,26 @@
+# permissions to do edit harbors.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: harbor-editor-role
+rules:
+- apiGroups:
+  - containerregistry.ovhcloud.com
+  resources:
+  - harbors
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - containerregistry.ovhcloud.com
+  resources:
+  - harbors/status
+  verbs:
+  - get
+  - patch
+  - update

config/rbac/harbor_viewer_role.yaml

@@ -0,0 +1,20 @@
+# permissions to do viewer harbors.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: harbor-viewer-role
+rules:
+- apiGroups:
+  - containerregistry.ovhcloud.com
+  resources:
+  - harbors
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - containerregistry.ovhcloud.com
+  resources:
+  - harbors/status
+  verbs:
+  - get

config/samples/containerregistry_v1alpha1_harbor.yaml

@@ -0,0 +1,7 @@
+apiVersion: containerregistry.ovhcloud.com/v1alpha1
+kind: Harbor
+metadata:
+  name: harbor-sample
+spec:
+  # Add fields here
+  foo: bar

controllers/harbor_controller.go

@@ -0,0 +1,41 @@
+/*
+.
+*/
+
+package controllers
+
+import (
+	"context"
+
+	"github.com/go-logr/logr"
+	"k8s.io/apimachinery/pkg/runtime"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	containerregistryv1alpha1 "github.com/ovh/harbor-operator/api/v1alpha1"
+)
+
+// HarborReconciler reconciles a Harbor object
+type HarborReconciler struct {
+	client.Client
+	Log    logr.Logger
+	Scheme *runtime.Scheme
+}
+
+// +kubebuilder:rbac:groups=containerregistry.ovhcloud.com,resources=harbors,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=containerregistry.ovhcloud.com,resources=harbors/status,verbs=get;update;patch
+
+func (r *HarborReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
+	_ = context.Background()
+	_ = r.Log.WithValues("harbor", req.NamespacedName)
+
+	// your logic here
+
+	return ctrl.Result{}, nil
+}
+
+func (r *HarborReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	return ctrl.NewControllerManagedBy(mgr).
+		For(&containerregistryv1alpha1.Harbor{}).
+		Complete(r)
+}