Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Jake Sanders <i@am.so-aweso.me>
- Loading branch information
Showing
58 changed files
with
3,814 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
|
||
# Binaries for programs and plugins | ||
*.exe | ||
*.exe~ | ||
*.dll | ||
*.so | ||
*.dylib | ||
bin | ||
|
||
# Test binary, build with `go test -c` | ||
*.test | ||
|
||
# Output of the go coverage tool, specifically when used with LiteIDE | ||
*.out | ||
|
||
# Kubernetes Generated files - skip generated files, except for vendored files | ||
|
||
!vendor/**/zz_generated.* | ||
|
||
# editor and IDE paraphernalia | ||
.idea | ||
*.swp | ||
*.swo | ||
*~ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
# Build the manager binary | ||
FROM golang:1.13 as builder | ||
|
||
WORKDIR /workspace | ||
# Copy the Go Modules manifests | ||
COPY go.mod go.mod | ||
COPY go.sum go.sum | ||
# cache deps before building and copying source so that we don't need to re-download as much | ||
# and so that source changes don't invalidate our downloaded layer | ||
RUN go mod download | ||
|
||
# Copy the go source | ||
COPY main.go main.go | ||
COPY api/ api/ | ||
COPY controllers/ controllers/ | ||
|
||
# Build | ||
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager main.go | ||
|
||
# Use distroless as minimal base image to package the manager binary | ||
# Refer to https://github.com/GoogleContainerTools/distroless for more details | ||
FROM gcr.io/distroless/static:nonroot | ||
WORKDIR / | ||
COPY --from=builder /workspace/manager . | ||
USER nonroot:nonroot | ||
|
||
ENTRYPOINT ["/manager"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
|
||
# Image URL to use all building/pushing image targets | ||
IMG ?= controller:latest | ||
# Produce CRDs that work back to Kubernetes 1.11 (no version conversion) | ||
CRD_OPTIONS ?= "crd:trivialVersions=true" | ||
|
||
# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) | ||
ifeq (,$(shell go env GOBIN)) | ||
GOBIN=$(shell go env GOPATH)/bin | ||
else | ||
GOBIN=$(shell go env GOBIN) | ||
endif | ||
|
||
all: manager | ||
|
||
# Run tests | ||
test: generate fmt vet manifests | ||
go test ./... -coverprofile cover.out | ||
|
||
# Build manager binary | ||
manager: generate fmt vet | ||
go build -o bin/manager main.go | ||
|
||
# Run against the configured Kubernetes cluster in ~/.kube/config | ||
run: generate fmt vet manifests | ||
go run ./main.go | ||
|
||
# Install CRDs into a cluster | ||
install: manifests | ||
kustomize build config/crd | kubectl apply -f - | ||
|
||
# Uninstall CRDs from a cluster | ||
uninstall: manifests | ||
kustomize build config/crd | kubectl delete -f - | ||
|
||
# Deploy controller in the configured Kubernetes cluster in ~/.kube/config | ||
deploy: manifests | ||
cd config/manager && kustomize edit set image controller=${IMG} | ||
kustomize build config/default | kubectl apply -f - | ||
|
||
# Generate manifests e.g. CRD, RBAC etc. | ||
manifests: controller-gen | ||
$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases | ||
|
||
# Run go fmt against code | ||
fmt: | ||
go fmt ./... | ||
|
||
# Run go vet against code | ||
vet: | ||
go vet ./... | ||
|
||
# Generate code | ||
generate: controller-gen | ||
$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..." | ||
|
||
# Build the docker image | ||
docker-build: test | ||
docker build . -t ${IMG} | ||
|
||
# Push the docker image | ||
docker-push: | ||
docker push ${IMG} | ||
|
||
# find or download controller-gen | ||
# download controller-gen if necessary | ||
controller-gen: | ||
ifeq (, $(shell which controller-gen)) | ||
@{ \ | ||
set -e ;\ | ||
CONTROLLER_GEN_TMP_DIR=$$(mktemp -d) ;\ | ||
cd $$CONTROLLER_GEN_TMP_DIR ;\ | ||
go mod init tmp ;\ | ||
go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.2.5 ;\ | ||
rm -rf $$CONTROLLER_GEN_TMP_DIR ;\ | ||
} | ||
CONTROLLER_GEN=$(GOBIN)/controller-gen | ||
else | ||
CONTROLLER_GEN=$(shell which controller-gen) | ||
endif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
domain: jetstack.io | ||
repo: github.com/jetstack/google-cas-issuer | ||
resources: | ||
- group: issuers | ||
kind: GoogleCASIssuer | ||
version: v1alpha1 | ||
- group: issuers | ||
kind: GoogleCASClusterIssuer | ||
version: v1alpha1 | ||
version: "2" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,89 @@ | ||
/* | ||
Copyright 2020 the cert-manager authors. | ||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
http://www.apache.org/licenses/LICENSE-2.0 | ||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
package v1alpha1 | ||
|
||
import ( | ||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | ||
) | ||
|
||
// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! | ||
// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. | ||
|
||
// GoogleCASClusterIssuerSpec defines the desired state of GoogleCASClusterIssuer | ||
type GoogleCASClusterIssuerSpec struct { | ||
// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster | ||
// Important: Run "make" to regenerate code after modifying this file | ||
|
||
// Project is the Google Cloud Project ID | ||
Project string `json:"project,omitempty"` | ||
|
||
// Location is the Google Cloud Project Location | ||
Location string `json:"location,omitempty"` | ||
|
||
// CertificateAuthorityID is The ID of the Google Private certificate authority that will sign certificates | ||
CertificateAuthorityID string `json:"certificateAuthorityID,omitempty"` | ||
|
||
// Credentials is a reference to a Kubernetes Secret Key that contains Google Service Account Credentials | ||
// +optional | ||
Credentials NamespaceSecretKeySelector `json:"credentials,omitempty"` | ||
} | ||
|
||
// NamespaceSecretKeySelector contains the reference to a secret in a namespace. | ||
type NamespaceSecretKeySelector struct { | ||
// The name of the secret in the given namespace to select from. | ||
Name string `json:"name,omitempty"` | ||
|
||
// The Namespace in which to get the secret | ||
Namespace string `json:"namespace,omitempty"` | ||
|
||
// The key of the secret to select from. Must be a valid secret key. | ||
Key string `json:"key,omitempty"` | ||
} | ||
|
||
// GoogleCASClusterIssuerStatus defines the observed state of GoogleCASClusterIssuer | ||
type GoogleCASClusterIssuerStatus struct { | ||
// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster | ||
// Important: Run "make" to regenerate code after modifying this file | ||
|
||
// +optional | ||
Conditions []GoogleCASIssuerCondition `json:"conditions,omitempty"` | ||
} | ||
|
||
// +kubebuilder:object:root=true | ||
// +kubebuilder:resource:scope=Cluster | ||
|
||
// GoogleCASClusterIssuer is the Schema for the googlecasclusterissuers API | ||
type GoogleCASClusterIssuer struct { | ||
metav1.TypeMeta `json:",inline"` | ||
metav1.ObjectMeta `json:"metadata,omitempty"` | ||
|
||
Spec GoogleCASClusterIssuerSpec `json:"spec,omitempty"` | ||
Status GoogleCASClusterIssuerStatus `json:"status,omitempty"` | ||
} | ||
|
||
// +kubebuilder:object:root=true | ||
|
||
// GoogleCASClusterIssuerList contains a list of GoogleCASClusterIssuer | ||
type GoogleCASClusterIssuerList struct { | ||
metav1.TypeMeta `json:",inline"` | ||
metav1.ListMeta `json:"metadata,omitempty"` | ||
Items []GoogleCASClusterIssuer `json:"items"` | ||
} | ||
|
||
func init() { | ||
SchemeBuilder.Register(&GoogleCASClusterIssuer{}, &GoogleCASClusterIssuerList{}) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,139 @@ | ||
/* | ||
Copyright 2020 the cert-manager authors. | ||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
http://www.apache.org/licenses/LICENSE-2.0 | ||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
package v1alpha1 | ||
|
||
import ( | ||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" | ||
) | ||
|
||
// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! | ||
// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. | ||
|
||
// GoogleCASIssuerSpec defines the desired state of GoogleCASIssuer | ||
type GoogleCASIssuerSpec struct { | ||
// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster | ||
// Important: Run "make" to regenerate code after modifying this file | ||
|
||
// Project is the Google Cloud Project ID | ||
Project string `json:"project,omitempty"` | ||
|
||
// Location is the Google Cloud Project Location | ||
Location string `json:"location,omitempty"` | ||
|
||
// CertificateAuthorityID is The ID of the Google Private certificate authority that will sign certificates | ||
CertificateAuthorityID string `json:"certificateAuthorityID,omitempty"` | ||
|
||
// Credentials is a reference to a Kubernetes Secret Key that contains Google Service Account Credentials | ||
// +optional | ||
Credentials SecretKeySelector `json:"credentials,omitempty"` | ||
} | ||
|
||
// GoogleCASIssuerStatus defines the observed state of GoogleCASIssuer | ||
type GoogleCASIssuerStatus struct { | ||
// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster | ||
// Important: Run "make" to regenerate code after modifying this file | ||
|
||
// +optional | ||
Conditions []GoogleCASIssuerCondition `json:"conditions,omitempty"` | ||
} | ||
|
||
// +kubebuilder:object:root=true | ||
|
||
// GoogleCASIssuer is the Schema for the googlecasissuers API | ||
type GoogleCASIssuer struct { | ||
metav1.TypeMeta `json:",inline"` | ||
metav1.ObjectMeta `json:"metadata,omitempty"` | ||
|
||
Spec GoogleCASIssuerSpec `json:"spec,omitempty"` | ||
Status GoogleCASIssuerStatus `json:"status,omitempty"` | ||
} | ||
|
||
// +kubebuilder:object:root=true | ||
|
||
// GoogleCASIssuerList contains a list of GoogleCASIssuer | ||
type GoogleCASIssuerList struct { | ||
metav1.TypeMeta `json:",inline"` | ||
metav1.ListMeta `json:"metadata,omitempty"` | ||
Items []GoogleCASIssuer `json:"items"` | ||
} | ||
|
||
// SecretKeySelector contains the reference to a secret. | ||
type SecretKeySelector struct { | ||
// The name of the secret in the pod's namespace to select from. | ||
Name string `json:"name"` | ||
|
||
// The key of the secret to select from. Must be a valid secret key. | ||
Key string `json:"key,omitempty"` | ||
} | ||
|
||
// +kubebuilder:validation:Enum=Ready | ||
type GoogleCASIssuerConditionType string | ||
|
||
const ( | ||
// IssuerConditionReady indicates that a CAS Issuer is ready for use. | ||
// This is defined as: | ||
IssuerConditionReady GoogleCASIssuerConditionType = "Ready" | ||
) | ||
|
||
// ConditionStatus represents a condition's status. | ||
// +kubebuilder:validation:Enum=True;False;Unknown | ||
type ConditionStatus string | ||
|
||
// These are valid condition statuses. "ConditionTrue" means a resource is in | ||
// the condition; "ConditionFalse" means a resource is not in the condition; | ||
// "ConditionUnknown" means kubernetes can't decide if a resource is in the | ||
// condition or not. In the future, we could add other intermediate | ||
// conditions, e.g. ConditionDegraded. | ||
const ( | ||
// ConditionTrue represents the fact that a given condition is true | ||
ConditionTrue ConditionStatus = "True" | ||
|
||
// ConditionFalse represents the fact that a given condition is false | ||
ConditionFalse ConditionStatus = "False" | ||
|
||
// ConditionUnknown represents the fact that a given condition is unknown | ||
ConditionUnknown ConditionStatus = "Unknown" | ||
) | ||
|
||
// IssuerCondition contains condition information for a CAS Issuer. | ||
type GoogleCASIssuerCondition struct { | ||
// Type of the condition, currently ('Ready'). | ||
Type GoogleCASIssuerConditionType `json:"type"` | ||
|
||
// Status of the condition, one of ('True', 'False', 'Unknown'). | ||
// +kubebuilder:validation:Enum=True;False;Unknown | ||
Status ConditionStatus `json:"status"` | ||
|
||
// LastTransitionTime is the timestamp corresponding to the last status | ||
// change of this condition. | ||
// +optional | ||
LastTransitionTime *metav1.Time `json:"lastTransitionTime,omitempty"` | ||
|
||
// Reason is a brief machine readable explanation for the condition's last | ||
// transition. | ||
// +optional | ||
Reason string `json:"reason,omitempty"` | ||
|
||
// Message is a human readable description of the details of the last | ||
// transition, complementing reason. | ||
// +optional | ||
Message string `json:"message,omitempty"` | ||
} | ||
|
||
func init() { | ||
SchemeBuilder.Register(&GoogleCASIssuer{}, &GoogleCASIssuerList{}) | ||
} |
Oops, something went wrong.