From 09199ca13a0bc7105c564bb5a02ee70760613013 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bastian=20Echterh=C3=B6lter?= Date: Wed, 26 Nov 2025 15:41:01 +0100 Subject: [PATCH 1/8] ci: transitioning to shared workflows MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bastian Echterhölter On-behalf-of: @SAP --- .github/workflows/docker-image.yaml | 50 ------- .github/workflows/e2e.yaml | 31 ----- .github/workflows/examples.yaml | 75 ----------- .github/workflows/helm.yml | 123 ------------------ .github/workflows/job-ocm.yaml | 22 ---- .github/workflows/lint.yaml | 30 ----- .github/workflows/pipeline.yml | 21 +++ .github/workflows/test.yaml | 29 ----- .github/workflows/wait-for-status-checks.yaml | 26 ---- 9 files changed, 21 insertions(+), 386 deletions(-) delete mode 100644 .github/workflows/docker-image.yaml delete mode 100644 .github/workflows/e2e.yaml delete mode 100644 .github/workflows/examples.yaml delete mode 100644 .github/workflows/helm.yml delete mode 100644 .github/workflows/job-ocm.yaml delete mode 100644 .github/workflows/lint.yaml create mode 100644 .github/workflows/pipeline.yml delete mode 100644 .github/workflows/test.yaml delete mode 100644 .github/workflows/wait-for-status-checks.yaml diff --git a/.github/workflows/docker-image.yaml b/.github/workflows/docker-image.yaml deleted file mode 100644 index 32e1a7a..0000000 --- a/.github/workflows/docker-image.yaml +++ /dev/null @@ -1,50 +0,0 @@ -name: docker-image -on: - push: - tags: - - 'docker-*' - branches: - - main - pull_request: - branches: - - main - paths: - - Makefile - - Dockerfile - - docker-bake.hcl - workflow_dispatch: - -permissions: - contents: read # to checkout the repository - packages: write # to create packages - -jobs: - docker: - runs-on: [ubuntu-latest] - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - with: - fetch-depth: 0 - fetch-tags: true - - - id: get-vars - run: | - echo "registry_uri=$(make print-registry)" >> $GITHUB_OUTPUT - echo "version=$(make print-docker-version)" >> $GITHUB_OUTPUT - - - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3 - - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3 - if: ${{ github.event_name != 'pull_request' }} - with: - registry: ${{ steps.get-vars.outputs.registry_uri }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - uses: docker/bake-action@3acf805d94d93a86cce4ca44798a76464a75b88c # v6 - env: - VERSION: ${{ steps.get-vars.outputs.version }} - with: - push: ${{ github.event_name != 'pull_request' }} - set: | - *.cache-from=type=gha - *.cache-to=type=gha,mode=max diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml deleted file mode 100644 index ba63af3..0000000 --- a/.github/workflows/e2e.yaml +++ /dev/null @@ -1,31 +0,0 @@ -name: go -permissions: - contents: read - -on: - push: - branches: - - main - pull_request: - branches: - - main - paths: - - go.mod - - go.sum - - '**/*.go' - -jobs: - e2e: - runs-on: ubuntu-latest - environment: e2e-approval - steps: - - name: Checkout code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - with: - fetch-depth: 0 - - name: Set up Go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 - with: - go-version-file: go.mod - - name: Run e2e tests - run: make kind-test-e2e diff --git a/.github/workflows/examples.yaml b/.github/workflows/examples.yaml deleted file mode 100644 index 6d11bf9..0000000 --- a/.github/workflows/examples.yaml +++ /dev/null @@ -1,75 +0,0 @@ -name: examples - -on: - push: - branches: - - main - pull_request: - branches: - - main - workflow_dispatch: - -permissions: - contents: read - -jobs: - list-examples: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - with: - fetch-depth: 0 - - id: list-examples - run: | - { - echo -n 'examples=[' - find examples -mindepth 1 -maxdepth 1 -type d -printf '"%f",' - echo -n ']' - } > "$GITHUB_OUTPUT" - sed -i 's#,]#]#' "$GITHUB_OUTPUT" - outputs: - examples: ${{ steps.list-examples.outputs.examples }} - - # TODO: if we built the image every time anyhow this can also be done - # in the docker-build job and the examples can depend on it - build-image: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - with: - fetch-depth: 0 - - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3 - - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6 - with: - tags: local/local-httpbin:dev - cache-from: type=gha - cache-to: type=gha,mode=max - - run-examples: - runs-on: ubuntu-latest - needs: - - list-examples - - build-image - strategy: - matrix: - example: ${{ fromJson(needs.list-examples.outputs.examples) }} - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - with: - fetch-depth: 0 - - uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1 - with: - cluster_name: local-httpbin - - - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3 - - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6 - with: - tags: local/local-httpbin:dev - cache-from: type=gha - cache-to: type=gha,mode=max - outputs: type=docker - - - run: ./hack/markdown2script.sh ./examples/${{ matrix.example }}/readme.md noci > run.sh - - run: cat ./run.sh - - run: sh ./run.sh - diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml deleted file mode 100644 index cca8121..0000000 --- a/.github/workflows/helm.yml +++ /dev/null @@ -1,123 +0,0 @@ -name: Release Helm Charts - -on: - push: - tags: - - 'charts-*' - branches: - - main - pull_request: - branches: - - main - paths: - - 'charts/**' - workflow_dispatch: - -permissions: - contents: read # to checkout the repository - packages: write # to read packages - -jobs: - lint: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - with: - fetch-depth: 0 - - - name: Set HELM_REGISTRY_URI from Makefile - run: | - HELM_REGISTRY=$(make print-registry) - echo "HELM_REGISTRY_URI=$HELM_REGISTRY" >> $GITHUB_ENV - echo "Parsed Helm Registry URL $HELM_REGISTRY from Makefile..." - - - name: Helm Registry Login - run: | - # workaround because of https://github.com/helm/helm/issues/30873#issuecomment-2930367515 - curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash - helm version - echo ${{ secrets.GITHUB_TOKEN }} | helm registry login -u "$GITHUB_ACTOR" --password-stdin ${{ env.HELM_REGISTRY_URI }} - - # Python is required because `ct lint` runs Yamale (https://github.com/23andMe/Yamale) and - # yamllint (https://github.com/adrienverge/yamllint) which require Python - - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6 - with: - python-version: "3.12" - - - uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2 - - - run: ct lint --config ct.yaml - env: - CT_CHECK_VERSION_INCREMENT: false - CT_VALIDATE_MAINTAINERS: false - - # TODO: Enable once the repository is public - # - id: list-changed - # run: | - # changed=$(ct list-changed --config ct.yaml) - # if [[ -n "$changed" ]]; then - # echo "changed=true" >> $GITHUB_OUTPUT - # fi - # - # - uses: helm/kind-action@v1 - # if: steps.list-changed.outputs.changed == 'true' - # - # - run: ct install --config ct.yaml - # if: steps.list-changed.outputs.changed == 'true' - - release: - if: ${{ startsWith(github.ref, 'refs/tags/charts-') }} - needs: lint - - permissions: - contents: write # to create releases - packages: write # to create packages - - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - with: - fetch-depth: 0 - fetch-tags: true - persist-credentials: true # Required for chart-releaser to push to gh-pages (v6 defaults to false) - - - name: Set HELM_REGISTRY_URI from Makefile - run: | - echo "HELM_REGISTRY_URI=$(make print-registry)" >> $GITHUB_ENV - echo "CHART_VERSION=$(make print-helm-version)" >> $GITHUB_ENV - - - name: Set Chart Versions - run: | - sed -i \ - -e "s/^version: .*/version: ${{ env.CHART_VERSION }}/" \ - -e "s/^appVersion: .*/appVersion: ${{ env.CHART_VERSION }}/" \ - charts/*/Chart.yaml - - - name: Helm Registry Login - run: | - # workaround because of https://github.com/helm/helm/issues/30873#issuecomment-2930367515 - curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash - helm version - echo ${{ secrets.GITHUB_TOKEN }} | helm registry login -u "${{ github.repository_owner }}" --password-stdin ${{ env.HELM_REGISTRY_URI }} - - - name: Configure Git for chart-releaser - run: | - git config user.name "${{ github.repository_owner }}" - git config user.email "${{ github.repository_owner }}@users.noreply.github.com" - - - name: Run chart-releaser - uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f # v1.7.0 - with: - charts_dir: charts - env: - CR_GENERATE_RELEASE_NOTES: true - CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - CR_SKIP_EXISTING: true - - - name: Upload to OCI-based registry - run: | - if [ -d ".cr-release-packages" ]; then - helm registry login ghcr.io -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} - find .cr-release-packages/ -name *.tgz -exec helm push {} oci://${{ env.HELM_REGISTRY_URI }}/charts \; - fi diff --git a/.github/workflows/job-ocm.yaml b/.github/workflows/job-ocm.yaml deleted file mode 100644 index d8df3bb..0000000 --- a/.github/workflows/job-ocm.yaml +++ /dev/null @@ -1,22 +0,0 @@ -name: OCM -on: - push: - tags: - - 'ocm-*' - branches: - - main - -permissions: - contents: read # to checkout the repository - packages: write # to create packages - -jobs: - release: - if: ${{ startsWith(github.ref, 'refs/tags/ocm-') }} - uses: platform-mesh/.github/.github/workflows/job-ocm.yml@main - secrets: inherit - with: - chartPath: charts/example-httpbin-operator - componentName: github.com/platform-mesh/example-httpbin-operator - componentConstructorFile: ./component-constructor.yaml - ocmRegistryUrl: ghcr.io/platform-mesh diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml deleted file mode 100644 index 44777cc..0000000 --- a/.github/workflows/lint.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -name: go -permissions: - contents: read - -on: - push: - branches: - - main - pull_request: - branches: - - main - paths: - - go.mod - - go.sum - - '**/*.go' - -jobs: - lint: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - with: - fetch-depth: 0 - - name: Set up Go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 - with: - go-version-file: go.mod - - run: make lint diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml new file mode 100644 index 0000000..4ae4e68 --- /dev/null +++ b/.github/workflows/pipeline.yml @@ -0,0 +1,21 @@ +name: ci +on: + push: + branches: + - main + pull_request: + types: + - opened + - synchronize + +jobs: + pipe: + concurrency: + group: ${{ github.ref }} + cancel-in-progress: true + uses: platform-mesh/.github/.github/workflows/pipeline-golang-app.yml@main + secrets: inherit + with: + imageTagName: ghcr.io/platform-mesh/example-httpbin-operator + repoVersionUpdate: platform-mesh/helm-charts + diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml deleted file mode 100644 index df3c75b..0000000 --- a/.github/workflows/test.yaml +++ /dev/null @@ -1,29 +0,0 @@ -name: go -permissions: - contents: read - -on: - push: - branches: - - main - pull_request: - branches: - - main - paths: - - go.mod - - go.sum - - '**/*.go' - -jobs: - test: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - with: - fetch-depth: 0 - - name: Set up Go - uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6 - with: - go-version-file: go.mod - - run: make test diff --git a/.github/workflows/wait-for-status-checks.yaml b/.github/workflows/wait-for-status-checks.yaml deleted file mode 100644 index 4c44a85..0000000 --- a/.github/workflows/wait-for-status-checks.yaml +++ /dev/null @@ -1,26 +0,0 @@ -name: wait-for-status-checks - -on: - pull_request: {} - -jobs: - # Branch protection rules can enforce that status checks must pass - # before merging - however it requires to name each check explicitly - # in the configuration. It is no longer possible to require all - # checks. - # This job waits for all checks to complete, so it can be set as - # _thre_ required check in the branch protection rules. - wait-for-status-checks: - runs-on: ubuntu-latest - permissions: - checks: read - steps: - - name: GitHub Checks - uses: poseidon/wait-for-status-checks@899c768d191b56eef585c18f8558da19e1f3e707 # v0.6.0 - with: - token: ${{ secrets.GITHUB_TOKEN }} - # CodeQL intially comes back with a neutral status, which - # causes wait-for-status-checks to fail: - # https://github.com/poseidon/wait-for-status-checks/issues/420 - # https://github.com/poseidon/wait-for-status-checks/pull/445 - ignore: 'CodeQL' From 5c41c18ceb513a01c2055b0f3b5fa9e9c842a3a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bastian=20Echterh=C3=B6lter?= Date: Wed, 26 Nov 2025 15:52:03 +0100 Subject: [PATCH 2/8] ci: update pipeline workflow to support Go applications MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bastian Echterhölter On-behalf-of: @SAP --- .github/workflows/pipeline.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index 4ae4e68..5ad6d08 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -13,9 +13,10 @@ jobs: concurrency: group: ${{ github.ref }} cancel-in-progress: true - uses: platform-mesh/.github/.github/workflows/pipeline-golang-app.yml@main + uses: platform-mesh/.github/.github/workflows/pipeline-golang-app.yml@make-support-for-go-app secrets: inherit with: imageTagName: ghcr.io/platform-mesh/example-httpbin-operator repoVersionUpdate: platform-mesh/helm-charts + useMake: true From 9e432bdcef138fe1fdb752293d6e7e99b7980494 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bastian=20Echterh=C3=B6lter?= Date: Wed, 26 Nov 2025 15:53:05 +0100 Subject: [PATCH 3/8] ci: add permissions for write access in pipeline workflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bastian Echterhölter On-behalf-of: @SAP --- .github/workflows/pipeline.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index 5ad6d08..0bc9a2b 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -8,6 +8,10 @@ on: - opened - synchronize +permissions: + contents: write + packages: write + jobs: pipe: concurrency: From 6c594a772cd5a3a06d602ceadf3c20683cfb5547 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bastian=20Echterh=C3=B6lter?= Date: Wed, 26 Nov 2025 15:58:47 +0100 Subject: [PATCH 4/8] ci: add test coverage configuration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bastian Echterhölter On-behalf-of: @SAP --- .testcoverage.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 .testcoverage.yml diff --git a/.testcoverage.yml b/.testcoverage.yml new file mode 100644 index 0000000..4ac8791 --- /dev/null +++ b/.testcoverage.yml @@ -0,0 +1,19 @@ +exclude: + paths: + - api/v1alpha1 # skipping generated files and crd type definitions + - main\.go$ # skip covering main.go + - ^cmd # skip covering cmd directory + +# Holds coverage thresholds percentages, values should be in range [0-100]. +threshold: + # (optional; default 0) + # Minimum coverage percentage required for individual files. + file: 20 + + # (optional; default 0) + # Minimum coverage percentage required for each package. + package: 20 + + # (optional; default 0) + # Minimum overall project coverage percentage required. + total: 20 \ No newline at end of file From 34391e8ab6d16ff2c21d9c06cd00a332ec83c510 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bastian=20Echterh=C3=B6lter?= Date: Wed, 26 Nov 2025 16:00:44 +0100 Subject: [PATCH 5/8] ci: enable local coverage configuration in pipeline MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bastian Echterhölter On-behalf-of: @SAP --- .github/workflows/pipeline.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index 0bc9a2b..34b130c 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -23,4 +23,5 @@ jobs: imageTagName: ghcr.io/platform-mesh/example-httpbin-operator repoVersionUpdate: platform-mesh/helm-charts useMake: true + useLocalCoverageConfig: true From c388a7b615ad43a4f23c397b323bd490bef2d31a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bastian=20Echterh=C3=B6lter?= Date: Wed, 26 Nov 2025 16:04:07 +0100 Subject: [PATCH 6/8] ci: add permissions for pull requests in pipeline workflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bastian Echterhölter On-behalf-of: @SAP --- .github/workflows/pipeline.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index 34b130c..21e5cf1 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -11,6 +11,7 @@ on: permissions: contents: write packages: write + pull-requests: write jobs: pipe: From eab714c9b513f8fcb3b8397fb23cdc14e5245518 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bastian=20Echterh=C3=B6lter?= Date: Wed, 26 Nov 2025 16:18:31 +0100 Subject: [PATCH 7/8] ci: update pipeline workflow to use the main branch for Go applications MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bastian Echterhölter On-behalf-of: @SAP --- .github/workflows/pipeline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index 21e5cf1..92de84b 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -18,7 +18,7 @@ jobs: concurrency: group: ${{ github.ref }} cancel-in-progress: true - uses: platform-mesh/.github/.github/workflows/pipeline-golang-app.yml@make-support-for-go-app + uses: platform-mesh/.github/.github/workflows/pipeline-golang-app.yml@main secrets: inherit with: imageTagName: ghcr.io/platform-mesh/example-httpbin-operator From b4aa96df881285749797622efb3759f46cbef719 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bastian=20Echterh=C3=B6lter?= Date: Wed, 26 Nov 2025 16:43:19 +0100 Subject: [PATCH 8/8] ci: update README and Makefile for Helm chart installation from GHCR MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bastian Echterhölter On-behalf-of: @SAP --- .gitignore | 3 +- Makefile | 46 +---- charts/example-httpbin-operator/Chart.yaml | 9 - ...e.platform-mesh.io_httpbindeployments.yaml | 194 ------------------ ...orchestrate.platform-mesh.io_httpbins.yaml | 133 ------------ .../templates/_helpers.tpl | 55 ----- .../templates/deployment/deployment.yaml | 75 ------- .../rbac/api_syncagent_publishedresource.yaml | 13 -- .../templates/rbac/api_syncagent_role.yaml | 35 ---- .../templates/rbac/httpbin_editor_role.yaml | 28 --- .../templates/rbac/httpbin_viewer_role.yaml | 24 --- .../rbac/httpbindeployment_editor_role.yaml | 28 --- .../rbac/httpbindeployment_viewer_role.yaml | 24 --- .../templates/rbac/leader_election_role.yaml | 42 ---- .../rbac/leader_election_role_binding.yaml | 17 -- .../templates/rbac/metrics_auth_role.yaml | 21 -- .../rbac/metrics_auth_role_binding.yaml | 16 -- .../templates/rbac/metrics_reader_role.yaml | 13 -- .../templates/rbac/role.yaml | 75 ------- .../templates/rbac/role_binding.yaml | 16 -- .../templates/rbac/service_account.yaml | 15 -- .../templates/secret.yaml | 29 --- charts/example-httpbin-operator/values.yaml | 76 ------- component-constructor.yaml | 36 ---- ct.yaml | 3 - examples/local-httpbin/readme.md | 24 +-- 26 files changed, 15 insertions(+), 1035 deletions(-) delete mode 100644 charts/example-httpbin-operator/Chart.yaml delete mode 100644 charts/example-httpbin-operator/crds/orchestrate.platform-mesh.io_httpbindeployments.yaml delete mode 100644 charts/example-httpbin-operator/crds/orchestrate.platform-mesh.io_httpbins.yaml delete mode 100644 charts/example-httpbin-operator/templates/_helpers.tpl delete mode 100644 charts/example-httpbin-operator/templates/deployment/deployment.yaml delete mode 100644 charts/example-httpbin-operator/templates/rbac/api_syncagent_publishedresource.yaml delete mode 100644 charts/example-httpbin-operator/templates/rbac/api_syncagent_role.yaml delete mode 100644 charts/example-httpbin-operator/templates/rbac/httpbin_editor_role.yaml delete mode 100644 charts/example-httpbin-operator/templates/rbac/httpbin_viewer_role.yaml delete mode 100644 charts/example-httpbin-operator/templates/rbac/httpbindeployment_editor_role.yaml delete mode 100644 charts/example-httpbin-operator/templates/rbac/httpbindeployment_viewer_role.yaml delete mode 100644 charts/example-httpbin-operator/templates/rbac/leader_election_role.yaml delete mode 100644 charts/example-httpbin-operator/templates/rbac/leader_election_role_binding.yaml delete mode 100644 charts/example-httpbin-operator/templates/rbac/metrics_auth_role.yaml delete mode 100644 charts/example-httpbin-operator/templates/rbac/metrics_auth_role_binding.yaml delete mode 100644 charts/example-httpbin-operator/templates/rbac/metrics_reader_role.yaml delete mode 100644 charts/example-httpbin-operator/templates/rbac/role.yaml delete mode 100644 charts/example-httpbin-operator/templates/rbac/role_binding.yaml delete mode 100644 charts/example-httpbin-operator/templates/rbac/service_account.yaml delete mode 100644 charts/example-httpbin-operator/templates/secret.yaml delete mode 100644 charts/example-httpbin-operator/values.yaml delete mode 100644 component-constructor.yaml delete mode 100644 ct.yaml diff --git a/.gitignore b/.gitignore index b244fae..293b69e 100644 --- a/.gitignore +++ b/.gitignore @@ -37,4 +37,5 @@ charts/**/*.tar.gz charts/**/*.tgz /dist .helm-charts -CLAUDE.md \ No newline at end of file +CLAUDE.md +CLAUDE.local.md \ No newline at end of file diff --git a/Makefile b/Makefile index d8fa00c..0af6203 100644 --- a/Makefile +++ b/Makefile @@ -59,15 +59,6 @@ help: ## Display this help. .PHONY: manifests manifests: ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. $(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases - @# update CRDs in helm - this is using the intended CRD install of helm: https://helm.sh/docs/chart_best_practices/custom_resource_definitions/ - @# while helm itself has some problems with updating CRDs commonly used replacements like fluxcd and kustomize have no problem with that - rm -f ./charts/example-httpbin-operator/crds/* - cp ./config/crd/bases/*.yaml ./charts/example-httpbin-operator/crds/ - @# update the RBAC -- TODO: replace the entire helm chart with the generated version. makes it much easier. - # TODO fails in CI - # $(KUBEBUILDER) edit --plugins helm/v1-alpha - # rm -rf ./charts/example-httpbin-operator/templates/rbac - # cp -r ./dist/chart/templates/rbac ./charts/example-httpbin-operator/templates/rbac .PHONY: generate generate: ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. @@ -158,26 +149,6 @@ deploy: manifests docker-build ## Deploy controller to the K8s cluster specified undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. $(KUSTOMIZE) build config/default | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f - -##@ Helm Chart - -CHART_VERSION_RAW=$(shell git describe --tags --always --dirty --match 'charts-*') -CHART_VERSION=$(patsubst charts-%,%,$(CHART_VERSION_RAW)) - -print-helm-version: - @echo $(CHART_VERSION) - -.PHONY: chart-push -chart-push: ## Push Helm chart to GHCR (after pushing multi-arch container image) - @echo "Pushing Helm chart to $(REGISTRY)..." - $(HELM) push dist/example-httpbin-operator-$(CHART_VERSION).tgz oci://$(REGISTRY)/charts - $(HELM) push dist/example-httpbin-operator-crds-$(CHART_VERSION).tgz oci://$(REGISTRY)/charts - -.PHONY: charts -charts: manifests generate ## Generate and package Helm chart with multi-arch image support. Always runs manifests first to ensure CRDs are up to date - $(HELM) dependency update charts/example-httpbin-operator - mkdir -p dist - $(HELM) package charts/example-httpbin-operator -d dist --version $(CHART_VERSION) - ## OCM OCM_VERSION_RAW=$(shell git describe --tags --always --dirty --match 'ocm-*') @@ -189,24 +160,25 @@ print-ocm-version: ## Print the OCM version ##@ Testing .PHONY: kind-test -kind-test: kind-test-cleanup docker-build charts ## Create kind cluster, load image, and deploy helm chart +kind-test: kind-test-cleanup docker-build ## Create kind cluster, load image, and deploy with Helm chart from GHCR @echo "Creating kind cluster..." $(KIND) create cluster --name example-httpbin-operator $(KIND) get kubeconfig --name example-httpbin-operator > msp.kubeconfig.yaml @echo "Loading operator image into kind..." $(KIND) load docker-image ${IMG} --name example-httpbin-operator - @echo "Installing helm chart..." - $(HELM) install example-httpbin-operator dist/example-httpbin-operator-$(CHART_VERSION).tgz \ + @echo "Installing helm chart from GHCR..." + $(HELM) upgrade --install example-httpbin-operator \ + oci://ghcr.io/platform-mesh/helm-charts/example-httpbin-operator \ --namespace example-httpbin-operator-system \ - --set image.tag=$(DOCKER_VERSION) \ --create-namespace \ - --force + --set image.tag=$(word 2,$(subst :, ,${IMG})) \ + --wait @echo "Waiting for operator deployment..." $(KUBECTL) wait --for=condition=available deployment/example-httpbin-operator --namespace example-httpbin-operator-system --timeout=60s @echo "Deployment status:" $(KUBECTL) get deployment example-httpbin-operator --namespace example-httpbin-operator-system @echo "CRD status:" - $(KUBECTL) get crds -n example-httpbin-operator-system | grep httpbin + $(KUBECTL) get crds | grep httpbin .PHONY: kind-test-cleanup kind-test-cleanup: ## Delete the kind test cluster @@ -215,12 +187,12 @@ kind-test-cleanup: ## Delete the kind test cluster @$(KIND) delete cluster --name example-httpbin-operator-crds 2>/dev/null || true .PHONY: kind-test-crds -kind-test-crds: ## Create kind cluster and deploy CRDs only +kind-test-crds: manifests ## Create kind cluster and deploy CRDs only @echo "Creating kind cluster..." $(KIND) create cluster --name example-httpbin-operator-crds $(KIND) get kubeconfig --name example-httpbin-operator-crds > msp-cp.kubeconfig.yaml @echo "Installing CRDs only..." - $(KUBECTL) apply -f charts/example-httpbin-operator/crds/ + $(KUSTOMIZE) build config/crd | $(KUBECTL) apply -f - @echo "CRD status:" $(KUBECTL) get crds | grep httpbin diff --git a/charts/example-httpbin-operator/Chart.yaml b/charts/example-httpbin-operator/Chart.yaml deleted file mode 100644 index 94630b7..0000000 --- a/charts/example-httpbin-operator/Chart.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v2 -name: example-httpbin-operator -description: A Helm chart for deploying the httpbin operator and its CRDs -type: application -version: 0.3.0 -appVersion: "0.2.0" -annotations: - # Automatically install and upgrade CRDs - "helm.sh/resource-policy": keep diff --git a/charts/example-httpbin-operator/crds/orchestrate.platform-mesh.io_httpbindeployments.yaml b/charts/example-httpbin-operator/crds/orchestrate.platform-mesh.io_httpbindeployments.yaml deleted file mode 100644 index 5684a44..0000000 --- a/charts/example-httpbin-operator/crds/orchestrate.platform-mesh.io_httpbindeployments.yaml +++ /dev/null @@ -1,194 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.19.0 - name: httpbindeployments.orchestrate.platform-mesh.io -spec: - group: orchestrate.platform-mesh.io - names: - kind: HttpBinDeployment - listKind: HttpBinDeploymentList - plural: httpbindeployments - singular: httpbindeployment - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.readyReplicas - name: Ready - type: integer - - jsonPath: .spec.service.type - name: Service Type - type: string - - jsonPath: .spec.service.port - name: Port - type: integer - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: HttpBinDeployment is the Schema for the httpbindeployments API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: HttpBinDeploymentSpec defines the desired state of HttpBinDeployment - properties: - deployment: - description: Deployment defines the deployment configuration for HttpBin - properties: - annotations: - additionalProperties: - type: string - description: Annotations to be added to the deployment and pods - type: object - labels: - additionalProperties: - type: string - description: Labels to be added to the deployment and pods - type: object - name: - description: Name is the name of the deployment. If not provided, - the HttpBinDeployment name will be used. - type: string - replicas: - default: 1 - description: Replicas is the number of desired replicas - format: int32 - minimum: 0 - type: integer - type: object - service: - description: Service defines the service configuration for the HttpBin - deployment - properties: - annotations: - additionalProperties: - type: string - description: Annotations to be added to the service - type: object - name: - description: Name is the name of the service. If not provided, - the HttpBinDeployment name will be used. - type: string - port: - default: 80 - description: Port is the port on which the service will listen - format: int32 - maximum: 65535 - minimum: 1 - type: integer - type: - default: ClusterIP - description: |- - Type determines how the Service is exposed. Defaults to ClusterIP. - Valid values are: - - "ClusterIP": Exposes the service on a cluster-internal IP (default) - - "NodePort": Exposes the service on each Node's IP at a static port - - "LoadBalancer": Exposes the service externally using a cloud provider's load balancer - enum: - - ClusterIP - - NodePort - - LoadBalancer - type: string - type: object - type: object - status: - description: HttpBinDeploymentStatus defines the observed state of HttpBinDeployment - properties: - conditions: - description: Conditions represent the latest available observations - of an object's state - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - isDeploymentReady: - description: IsDeploymentReady indicates if the deployment is ready - (all replicas are available) - type: boolean - readyReplicas: - description: ReadyReplicas is the number of pods targeted by this - HttpBin deployment with a Ready Condition - format: int32 - type: integer - url: - description: |- - URL is the HTTPS URL for accessing the httpbin service - Format: https://HOST - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/charts/example-httpbin-operator/crds/orchestrate.platform-mesh.io_httpbins.yaml b/charts/example-httpbin-operator/crds/orchestrate.platform-mesh.io_httpbins.yaml deleted file mode 100644 index fc710b4..0000000 --- a/charts/example-httpbin-operator/crds/orchestrate.platform-mesh.io_httpbins.yaml +++ /dev/null @@ -1,133 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.19.0 - name: httpbins.orchestrate.platform-mesh.io -spec: - group: orchestrate.platform-mesh.io - names: - kind: HttpBin - listKind: HttpBinList - plural: httpbins - singular: httpbin - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: HttpBin is the Schema for the httpbins API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: HttpBinSpec defines the desired state of HttpBin - properties: - enableHTTPS: - default: false - description: |- - EnableHTTPS determines if HTTPS should be enabled - If true, service port will be 8443 - If false or not set, service port will be 443 - type: boolean - foo: - description: Foo is an example field of HttpBin. Edit httpbin_types.go - to remove/update - type: string - region: - description: Region can be used to filter which HttpBin should be - served - type: string - type: object - status: - description: HttpBinStatus defines the observed state of HttpBin - properties: - conditions: - description: Conditions represent the latest available observations - of an object's state - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - ready: - description: Ready indicates if the underlying HttpBinDeployment's - deployment is ready - type: boolean - url: - description: |- - URL is the HTTPS URL for accessing the httpbin service - Format: https://HOST - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/charts/example-httpbin-operator/templates/_helpers.tpl b/charts/example-httpbin-operator/templates/_helpers.tpl deleted file mode 100644 index a434f2c..0000000 --- a/charts/example-httpbin-operator/templates/_helpers.tpl +++ /dev/null @@ -1,55 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "example-httpbin-operator.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "example-httpbin-operator.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "example-httpbin-operator.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "example-httpbin-operator.labels" -}} -helm.sh/chart: {{ include "example-httpbin-operator.chart" . }} -{{ include "example-httpbin-operator.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "example-httpbin-operator.selectorLabels" -}} -app.kubernetes.io/name: {{ include "example-httpbin-operator.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{- define "chart.labels" -}} -{{- include "example-httpbin-operator.labels" . }} -{{- end }} diff --git a/charts/example-httpbin-operator/templates/deployment/deployment.yaml b/charts/example-httpbin-operator/templates/deployment/deployment.yaml deleted file mode 100644 index 88d227d..0000000 --- a/charts/example-httpbin-operator/templates/deployment/deployment.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{- if .Values.operator.install }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "example-httpbin-operator.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "example-httpbin-operator.labels" . | nindent 4 }} -spec: - replicas: 1 - selector: - matchLabels: - {{- include "example-httpbin-operator.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "example-httpbin-operator.selectorLabels" . | nindent 8 }} - {{- with .Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ .Values.controllerManager.serviceAccountName }} - securityContext: {} - {{- if .Values.operator.remoteKubeconfig }} - volumes: - - name: kubeconfig-override - secret: - secretName: {{ .Values.operator.remoteKubeconfig }} - defaultMode: 420 - {{- end }} - containers: - - name: {{ .Chart.Name }} - securityContext: {} - image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - args: - {{- if .Values.operator.args }} - {{- toYaml .Values.operator.args | nindent 10 }} - {{- end }} - {{- if .Values.operator.remoteKubeconfig }} - - "--remote-kubeconfig=/kubeconfig-override.yaml" - {{- end }} - volumeMounts: - {{- if .Values.operator.remoteKubeconfig }} - - name: kubeconfig-override - mountPath: /kubeconfig-override.yaml - readOnly: true - {{- if .Values.operator.remoteKubeconfigSubPath }} - subPath: {{ .Values.operator.remoteKubeconfigSubPath }} - {{- else }} - {{- end }} - {{- end }} - resources: - {{- toYaml .Values.operator.resources | nindent 10 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/charts/example-httpbin-operator/templates/rbac/api_syncagent_publishedresource.yaml b/charts/example-httpbin-operator/templates/rbac/api_syncagent_publishedresource.yaml deleted file mode 100644 index da28b74..0000000 --- a/charts/example-httpbin-operator/templates/rbac/api_syncagent_publishedresource.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.apiSyncagent.publishedResources.enable }} -apiVersion: syncagent.kcp.io/v1alpha1 -kind: PublishedResource -metadata: - labels: - {{- include "chart.labels" . | nindent 4 }} - name: httpbin-local-provider -spec: - resource: - kind: HttpBin - apiGroup: orchestrate.platform-mesh.io - version: v1alpha1 -{{- end -}} diff --git a/charts/example-httpbin-operator/templates/rbac/api_syncagent_role.yaml b/charts/example-httpbin-operator/templates/rbac/api_syncagent_role.yaml deleted file mode 100644 index 3c401ef..0000000 --- a/charts/example-httpbin-operator/templates/rbac/api_syncagent_role.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if .Values.apiSyncagent.rbac.enable }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - {{- include "chart.labels" . | nindent 4 }} - name: 'api-syncagent:httpbin-local-provider' -rules: - - apiGroups: - - orchestrate.platform-mesh.io - resources: - - httpbins - verbs: - - get - - list - - watch - - create - - update - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - {{- include "chart.labels" . | nindent 4 }} - name: api-syncagent:httpbin-local-provider -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: api-syncagent:httpbin-local-provider -subjects: - - kind: ServiceAccount - name: {{ .Values.apiSyncagent.serviceAccount.name }} - namespace: {{ .Values.apiSyncagent.serviceAccount.namespace }} -{{- end -}} diff --git a/charts/example-httpbin-operator/templates/rbac/httpbin_editor_role.yaml b/charts/example-httpbin-operator/templates/rbac/httpbin_editor_role.yaml deleted file mode 100644 index 448c1d7..0000000 --- a/charts/example-httpbin-operator/templates/rbac/httpbin_editor_role.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.rbac.enable }} -# permissions for end users to edit httpbins. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - {{- include "chart.labels" . | nindent 4 }} - name: httpbin-editor-role -rules: -- apiGroups: - - orchestrate.platform-mesh.io - resources: - - httpbins - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - orchestrate.platform-mesh.io - resources: - - httpbins/status - verbs: - - get -{{- end -}} diff --git a/charts/example-httpbin-operator/templates/rbac/httpbin_viewer_role.yaml b/charts/example-httpbin-operator/templates/rbac/httpbin_viewer_role.yaml deleted file mode 100644 index bd9c027..0000000 --- a/charts/example-httpbin-operator/templates/rbac/httpbin_viewer_role.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.rbac.enable }} -# permissions for end users to view httpbins. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - {{- include "chart.labels" . | nindent 4 }} - name: httpbin-viewer-role -rules: -- apiGroups: - - orchestrate.platform-mesh.io - resources: - - httpbins - verbs: - - get - - list - - watch -- apiGroups: - - orchestrate.platform-mesh.io - resources: - - httpbins/status - verbs: - - get -{{- end -}} diff --git a/charts/example-httpbin-operator/templates/rbac/httpbindeployment_editor_role.yaml b/charts/example-httpbin-operator/templates/rbac/httpbindeployment_editor_role.yaml deleted file mode 100644 index e571ed0..0000000 --- a/charts/example-httpbin-operator/templates/rbac/httpbindeployment_editor_role.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.rbac.enable }} -# permissions for end users to edit httpbindeployments. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - {{- include "chart.labels" . | nindent 4 }} - name: httpbindeployment-editor-role -rules: -- apiGroups: - - orchestrate.platform-mesh.io - resources: - - httpbindeployments - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - orchestrate.platform-mesh.io - resources: - - httpbindeployments/status - verbs: - - get -{{- end -}} diff --git a/charts/example-httpbin-operator/templates/rbac/httpbindeployment_viewer_role.yaml b/charts/example-httpbin-operator/templates/rbac/httpbindeployment_viewer_role.yaml deleted file mode 100644 index 727f532..0000000 --- a/charts/example-httpbin-operator/templates/rbac/httpbindeployment_viewer_role.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.rbac.enable }} -# permissions for end users to view httpbindeployments. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - {{- include "chart.labels" . | nindent 4 }} - name: httpbindeployment-viewer-role -rules: -- apiGroups: - - orchestrate.platform-mesh.io - resources: - - httpbindeployments - verbs: - - get - - list - - watch -- apiGroups: - - orchestrate.platform-mesh.io - resources: - - httpbindeployments/status - verbs: - - get -{{- end -}} diff --git a/charts/example-httpbin-operator/templates/rbac/leader_election_role.yaml b/charts/example-httpbin-operator/templates/rbac/leader_election_role.yaml deleted file mode 100644 index e1c99a8..0000000 --- a/charts/example-httpbin-operator/templates/rbac/leader_election_role.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if .Values.rbac.enable }} -# permissions to do leader election. -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - {{- include "chart.labels" . | nindent 4 }} - namespace: {{ .Release.Namespace }} - name: example-httpbin-operator-leader-election-role -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -{{- end -}} diff --git a/charts/example-httpbin-operator/templates/rbac/leader_election_role_binding.yaml b/charts/example-httpbin-operator/templates/rbac/leader_election_role_binding.yaml deleted file mode 100644 index e969148..0000000 --- a/charts/example-httpbin-operator/templates/rbac/leader_election_role_binding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Values.rbac.enable }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - {{- include "chart.labels" . | nindent 4 }} - namespace: {{ .Release.Namespace }} - name: example-httpbin-operator-leader-election-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: example-httpbin-operator-leader-election-role -subjects: -- kind: ServiceAccount - name: {{ .Values.controllerManager.serviceAccountName }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/example-httpbin-operator/templates/rbac/metrics_auth_role.yaml b/charts/example-httpbin-operator/templates/rbac/metrics_auth_role.yaml deleted file mode 100644 index 4d3a0f0..0000000 --- a/charts/example-httpbin-operator/templates/rbac/metrics_auth_role.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and .Values.rbac.enable .Values.metrics.enable }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - {{- include "chart.labels" . | nindent 4 }} - name: example-httpbin-operator-metrics-auth-role -rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create -{{- end -}} diff --git a/charts/example-httpbin-operator/templates/rbac/metrics_auth_role_binding.yaml b/charts/example-httpbin-operator/templates/rbac/metrics_auth_role_binding.yaml deleted file mode 100644 index 3e4bd07..0000000 --- a/charts/example-httpbin-operator/templates/rbac/metrics_auth_role_binding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if and .Values.rbac.enable .Values.metrics.enable }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - {{- include "chart.labels" . | nindent 4 }} - name: example-httpbin-operator-metrics-auth-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: example-httpbin-operator-metrics-auth-role -subjects: -- kind: ServiceAccount - name: {{ .Values.controllerManager.serviceAccountName }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/example-httpbin-operator/templates/rbac/metrics_reader_role.yaml b/charts/example-httpbin-operator/templates/rbac/metrics_reader_role.yaml deleted file mode 100644 index 65ec623..0000000 --- a/charts/example-httpbin-operator/templates/rbac/metrics_reader_role.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if and .Values.rbac.enable .Values.metrics.enable }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - {{- include "chart.labels" . | nindent 4 }} - name: example-httpbin-operator-metrics-reader -rules: -- nonResourceURLs: - - "/metrics" - verbs: - - get -{{- end -}} diff --git a/charts/example-httpbin-operator/templates/rbac/role.yaml b/charts/example-httpbin-operator/templates/rbac/role.yaml deleted file mode 100644 index 0a63f25..0000000 --- a/charts/example-httpbin-operator/templates/rbac/role.yaml +++ /dev/null @@ -1,75 +0,0 @@ -{{- if .Values.rbac.enable }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - {{- include "chart.labels" . | nindent 4 }} - name: example-httpbin-operator-manager-role -rules: -- apiGroups: - - "" - resources: - - services - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - orchestrate.platform-mesh.io - resources: - - httpbindeployments - - httpbins - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - orchestrate.platform-mesh.io - resources: - - httpbindeployments/finalizers - - httpbindeployments/status - - httpbins/status - verbs: - - get - - patch - - update -- apiGroups: - - orchestrate.platform-mesh.io - resources: - - httpbins/finalizers - verbs: - - update -{{- end -}} diff --git a/charts/example-httpbin-operator/templates/rbac/role_binding.yaml b/charts/example-httpbin-operator/templates/rbac/role_binding.yaml deleted file mode 100644 index 1684585..0000000 --- a/charts/example-httpbin-operator/templates/rbac/role_binding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.rbac.enable }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - {{- include "chart.labels" . | nindent 4 }} - name: example-httpbin-operator-manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: example-httpbin-operator-manager-role -subjects: -- kind: ServiceAccount - name: {{ .Values.controllerManager.serviceAccountName }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/example-httpbin-operator/templates/rbac/service_account.yaml b/charts/example-httpbin-operator/templates/rbac/service_account.yaml deleted file mode 100644 index 93e0a32..0000000 --- a/charts/example-httpbin-operator/templates/rbac/service_account.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.rbac.enable }} -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - {{- include "chart.labels" . | nindent 4 }} - {{- if and .Values.controllerManager.serviceAccount .Values.controllerManager.serviceAccount.annotations }} - annotations: - {{- range $key, $value := .Values.controllerManager.serviceAccount.annotations }} - {{ $key }}: {{ $value }} - {{- end }} - {{- end }} - name: {{ .Values.controllerManager.serviceAccountName }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/charts/example-httpbin-operator/templates/secret.yaml b/charts/example-httpbin-operator/templates/secret.yaml deleted file mode 100644 index a90cd06..0000000 --- a/charts/example-httpbin-operator/templates/secret.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if .Values.operator.install -}} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "example-httpbin-operator.fullname" . }}-kubeconfig - namespace: {{ .Release.Namespace }} - labels: - {{- include "example-httpbin-operator.labels" . | nindent 4 }} -type: Opaque -stringData: - kubeconfig: | - apiVersion: v1 - kind: Config - clusters: - - cluster: - certificate-authority: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - server: https://kubernetes.default.svc - name: default - contexts: - - context: - cluster: default - user: default - name: default - current-context: default - users: - - name: default - user: - tokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token -{{- end }} diff --git a/charts/example-httpbin-operator/values.yaml b/charts/example-httpbin-operator/values.yaml deleted file mode 100644 index 8ce99ba..0000000 --- a/charts/example-httpbin-operator/values.yaml +++ /dev/null @@ -1,76 +0,0 @@ -# Default values for example-httpbin-operator -enabled: true -nameOverride: "" -fullnameOverride: "" - -# Installation configuration -operator: - install: true - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 100m - memory: 64Mi - args: [] - # Name of a secret containing a kubeconfig for a remote cluster. - # Use remoteKubeconfigSubPath to specify the path within the secret. - # - # E.g. if a kubeconfig secret was created with: - # kubectl create secret generic remote-kubeconfig --from-file=kubeconfig=/path/to/kubeconfig - # - # Then set remoteKubeconfig to "remote-kubeconfig" and remoteKubeconfigSubPath to "kubeconfig". - remoteKubeconfig: '' - remoteKubeconfigSubPath: '' - -# Image configuration -image: - name: ghcr.io/platform-mesh/example-httpbin-operator - registry: ghcr.io - repository: platform-mesh/example-httpbin-operator - tag: 0.2.0@sha256:b2bb2f8714545b2645a76bd20df8f3a1e8aaebbde13b0bdd48d599aa88259436 - pullPolicy: IfNotPresent - -controllerManager: - serviceAccountName: example-httpbin-operator-controller-manager - serviceAccount: - annotations: {} - -rbac: - enable: true - -# [API-SYNCAGENT]: kcp api-syncagent integration -apiSyncagent: - rbac: - enable: false - publishedResources: - enable: false - serviceAccount: - name: api-syncagent - namespace: platform-mesh-system - -podAnnotations: {} -podLabels: {} - -nodeSelector: {} -tolerations: [] -affinity: {} - -# [METRICS]: Set to true to generate manifests for exporting metrics. -# To disable metrics export set false, and ensure that the -# ControllerManager argument "--metrics-bind-address=:8443" is removed. -metrics: - enable: true - -# [PROMETHEUS]: To enable a ServiceMonitor to export metrics to Prometheus set true -prometheus: - enable: false - -# [CERT-MANAGER]: To enable cert-manager injection to webhooks set true -certmanager: - enable: false - -# [NETWORK POLICIES]: To enable NetworkPolicies set true -networkPolicy: - enable: false diff --git a/component-constructor.yaml b/component-constructor.yaml deleted file mode 100644 index b36f95f..0000000 --- a/component-constructor.yaml +++ /dev/null @@ -1,36 +0,0 @@ -# yaml-language-server: $schema= https://ocm.software/schemas/configuration-schema.yaml -# ocm get resources ghcr.io/platform-mesh//github.com/platform-mesh/example-httpbin-operator --latest -r -o treewide -components: - - name: github.com/kcp-dev/api-syncagent - version: 0.4.4 - provider: - name: kcp - resources: - - name: chart - type: helmChart - version: 0.4.4 - access: - type: helm - helmChart: api-syncagent:0.4.4 - helmRepository: https://kcp-dev.github.io/helm-charts - - name: github.com/platform-mesh/example-httpbin-operator - version: 0.3.0 - provider: - name: platform-mesh - componentReferences: - - name: api-syncagent - componentName: github.com/kcp-dev/api-syncagent - version: 0.4.4 - resources: - - name: oci-helm-chart-example-httpbin-operator - type: helmChart - version: 0.3.0 - access: - type: ociArtifact - imageReference: ghcr.io/platform-mesh/charts/example-httpbin-operator:0.3.0 - - name: image-example-httpbin-operator - type: ociImage - version: 0.2.0 - access: - type: ociArtifact - imageReference: ghcr.io/platform-mesh/example-httpbin-operator:0.2.0 diff --git a/ct.yaml b/ct.yaml deleted file mode 100644 index 7e431e1..0000000 --- a/ct.yaml +++ /dev/null @@ -1,3 +0,0 @@ -remote: origin -target-branch: main -charts-dir: charts diff --git a/examples/local-httpbin/readme.md b/examples/local-httpbin/readme.md index be0b31a..015b706 100644 --- a/examples/local-httpbin/readme.md +++ b/examples/local-httpbin/readme.md @@ -26,30 +26,14 @@ make docker-install IMG=local/local-httpbin:dev KIND_CLUSTER=local-httpbin Install the CRDs and operator: +Using Helm (from OCI registry): ```bash +# Install using helm from GHCR helm --kube-context kind-local-httpbin upgrade --install \ - example-httpbin-operator ./charts/example-httpbin-operator \ + example-httpbin-operator oci://ghcr.io/platform-mesh/helm-charts/example-httpbin-operator \ --set image.registry=local \ --set image.repository=local-httpbin \ --set image.tag=dev \ --set operator.args={--local-ingress} \ --wait -``` - -Wait for the operator to be ready: - -```bash -kubectl wait --for=condition=Available deploy -l app.kubernetes.io/name=example-httpbin-operator -``` - -Create a HttpBin resource: - -```bash -kubectl apply -f examples/local-httpbin/httpbin.yaml -``` - -Wait for the operator to fulfil the request: - -```bash -kubectl wait --for=jsonpath='{.status.url}' httpbins/httpbin-test -``` +``` \ No newline at end of file