Added ClusterGitTrack

Makefile.tools

@@ -30,10 +30,14 @@ golangci-lint:
 		curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(go env GOPATH)/bin v1.15.0; \
 	fi
 
+kustomize_version ?= 3.0.2
+
 .PHONY: kustomize
 kustomize:
 	@ if [ ! $$(which kustomize) ]; then \
-	 	go get -u sigs.k8s.io/kustomize; \
+	 	curl -LO https://github.com/kubernetes-sigs/kustomize/releases/download/v${kustomize_version}/kustomize_${kustomize_version}_linux_amd64; \
+		chmod u+x kustomize_${kustomize_version}_linux_amd64; \
+	 	mv kustomize_${kustomize_version}_linux_amd64 /bin/kustomize; \
 	fi
 
 .PHONY: snyk

README.md

@@ -153,6 +153,32 @@ Kubernetes resource it finds referenced within its GitTracks. If however, the
 non-namespaced resource clashes and is defined in another GitTrack within
 another namespace, Faros will ignore the resource. First owner wins.
 
+#### Cross-Namespace Ownership
+
+Faros creates resources in the namespaces as defined by the resource.
+A namespaced GitTrack, however, should never own cluster-scoped resources or
+resources in other namespaces. 
+
+To maintain backward-compatibility, the following flag defaults to true.
+In this mode, a GitTrack can own cluster-scoped resources and resources in all
+namespaces. 
+
+```
+allow-cross-namespace-ownership=true
+```
+
+It is recommended to set it to `false` and create a GitTrack for each namespace
+that Faros should manage.
+
+```
+allow-cross-namespace-ownership=false
+```
+
+In this mode, resources in a namespace not managed by a GitTrack will be ignored.
+
+Alternatively, create a ClusterGitTrack, which can own cluster-scoped resources
+as well as resources in all namespaces.
+
 #### Leader Election
 
 Faros can be run in an active-standby HA configuration using Kubernetes leader

config/crds/faros_v1alpha1_gittrack.yaml

@@ -60,9 +60,14 @@ spec:
                     the deploy secret
                   type: string
                 secretName:
-                  description: SecretName is the name of the Secret object containins
+                  description: SecretName is the name of the Secret object containing
                     the key
                   type: string
+                secretNamespace:
+                  description: SecretNamespace is the namespace of the Secret object
+                    containing the key. Defaults to the GitTrack's namespace. Required
+                    for ClusterGitTrack.
+                  type: string
                 type:
                   description: Type is the type of credential. Accepted values are
                     "SSH", "HTTPBasicAuth". Defaults to "SSH".

config/crds/faros_v1alpha2_clustergittrack.yaml

@@ -0,0 +1,164 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  creationTimestamp: null
+  labels:
+    controller-tools.k8s.io: "1.0"
+  name: clustergittracks.faros.pusher.com
+spec:
+  additionalPrinterColumns:
+  - JSONPath: .spec.repository
+    name: Repository
+    priority: 1
+    type: string
+  - JSONPath: .spec.reference
+    name: Reference
+    type: string
+  - JSONPath: .status.objectsApplied
+    name: Children Created
+    type: integer
+  - JSONPath: .status.objectsDiscovered
+    name: Resources Discovered
+    type: integer
+  - JSONPath: .status.objectsIgnored
+    name: Resources Ignored
+    type: integer
+  - JSONPath: .status.objectsInSync
+    name: Children In Sync
+    type: integer
+  - JSONPath: .metadata.creationTimestamp
+    name: Age
+    type: date
+  group: faros.pusher.com
+  names:
+    kind: ClusterGitTrack
+    plural: clustergittracks
+  scope: Cluster
+  validation:
+    openAPIV3Schema:
+      properties:
+        apiVersion:
+          description: 'APIVersion defines the versioned schema of this representation
+            of an object. Servers should convert recognized schemas to the latest
+            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+          type: string
+        kind:
+          description: 'Kind is a string value representing the REST resource this
+            object represents. Servers may infer this from the endpoint the client
+            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+          type: string
+        metadata:
+          type: object
+        spec:
+          properties:
+            deployKey:
+              description: DeployKey holds a reference to an SSH key needed to access
+                the repository
+              properties:
+                key:
+                  description: Key is the key within the Secret object that contains
+                    the deploy secret
+                  type: string
+                secretName:
+                  description: SecretName is the name of the Secret object containing
+                    the key
+                  type: string
+                secretNamespace:
+                  description: SecretNamespace is the namespace of the Secret object
+                    containing the key. Defaults to the GitTrack's namespace. Required
+                    for ClusterGitTrack.
+                  type: string
+                type:
+                  description: Type is the type of credential. Accepted values are
+                    "SSH", "HTTPBasicAuth". Defaults to "SSH".
+                  enum:
+                  - SSH
+                  - HTTPBasicAuth
+                  type: string
+              required:
+              - secretName
+              - key
+              type: object
+            reference:
+              description: Reference contains the git reference this GitTrack tracks
+              type: string
+            repository:
+              description: Repository is the git repository URI to clone from
+              type: string
+            subPath:
+              description: SubPath is the subpath within the repository underneath
+                which files are considered
+              pattern: ^[a-zA-Z0-9/\-.]*$
+              type: string
+          required:
+          - reference
+          - repository
+          type: object
+        status:
+          properties:
+            conditions:
+              description: Conditions are the conditions on this GitTrack
+              items:
+                properties:
+                  lastTransitionTime:
+                    description: LastTransitionTime of this condition
+                    format: date-time
+                    type: string
+                  lastUpdateTime:
+                    description: LastUpdateTime of this condition
+                    format: date-time
+                    type: string
+                  message:
+                    description: Message associated with this condition
+                    type: string
+                  reason:
+                    description: Reason for the current status of this condition
+                    type: string
+                  status:
+                    description: Status of this condition
+                    type: string
+                  type:
+                    description: Type of this condition
+                    type: string
+                required:
+                - type
+                - status
+                type: object
+              type: array
+            ignoredFiles:
+              description: IgnoredFiles is the list of YAML files containing invalid
+                k8s manifests.
+              type: object
+            objectsApplied:
+              description: ObjectsApplied is the number of k8s objects for which a
+                GitTrackObjects was created
+              format: int64
+              type: integer
+            objectsDiscovered:
+              description: ObjectsDiscovered is the number of k8s objects found in
+                the repository path
+              format: int64
+              type: integer
+            objectsIgnored:
+              description: ObjectsIgnored is the number of k8s objects found in the
+                repository path for which no GitTrackObject was created
+              format: int64
+              type: integer
+            objectsInSync:
+              description: ObjectsInSync is the number of GitTrackObjects that were
+                successfully applied to the cluster
+              format: int64
+              type: integer
+          required:
+          - objectsDiscovered
+          - objectsApplied
+          - objectsIgnored
+          - objectsInSync
+          type: object
+  version: v1alpha2
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

config/rbac/manager_role.yaml

@@ -16,6 +16,18 @@ rules:
   - update
   - patch
   - delete
+- apiGroups:
+  - faros.pusher.com
+  resources:
+  - clustergittracks
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
 - apiGroups:
   - faros.pusher.com
   resources:

config/samples/faros_v1alpha2_clustergittrack.yaml

@@ -0,0 +1,9 @@
+apiVersion: faros.pusher.com/v1alpha2
+kind: ClusterGitTrack
+metadata:
+  labels:
+    controller-tools.k8s.io: "1.0"
+  name: clustergittrack-sample
+spec:
+  # Add fields here
+  foo: bar

pkg/apis/addtoscheme_faros_v1alpha2.go

@@ -0,0 +1,26 @@
+/*
+Copyright 2018 Pusher Ltd.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package apis
+
+import (
+	"github.com/pusher/faros/pkg/apis/faros/v1alpha2"
+)
+
+func init() {
+	// Register the types with the Scheme so the components can map objects to GroupVersionKinds and back
+	AddToSchemes = append(AddToSchemes, v1alpha2.SchemeBuilder.AddToScheme)
+}

pkg/apis/apis.go

@@ -18,13 +18,13 @@ limitations under the License.
 //go:generate go run ../../vendor/k8s.io/code-generator/cmd/deepcopy-gen/main.go -O zz_generated.deepcopy -i ./... -h ../../hack/boilerplate.go.txt
 
 // Generate clientset for apis
-//go:generate go run ../../vendor/k8s.io/code-generator/cmd/client-gen/main.go --input-base=github.com/pusher/faros/pkg/apis --input="faros/v1alpha1" -n clientset -p github.com/pusher/faros/pkg/client -h ../../hack/boilerplate.go.txt
+//go:generate go run ../../vendor/k8s.io/code-generator/cmd/client-gen/main.go --input-base=github.com/pusher/faros/pkg/apis --input="faros/v1alpha1" --input="faros/v1alpha2" -n clientset -p github.com/pusher/faros/pkg/client -h ../../hack/boilerplate.go.txt
 
 // Generate listers for apis
-//go:generate go run ../../vendor/k8s.io/code-generator/cmd/lister-gen/main.go --input-dirs=github.com/pusher/faros/pkg/apis/faros/v1alpha1 -p github.com/pusher/faros/pkg/client/listers -h ../../hack/boilerplate.go.txt
+//go:generate go run ../../vendor/k8s.io/code-generator/cmd/lister-gen/main.go --input-dirs=github.com/pusher/faros/pkg/apis/faros/v1alpha1,github.com/pusher/faros/pkg/apis/faros/v1alpha2 -p github.com/pusher/faros/pkg/client/listers -h ../../hack/boilerplate.go.txt
 
-// Generate infromers for apis
-//go:generate go run ../../vendor/k8s.io/code-generator/cmd/informer-gen/main.go --input-dirs=github.com/pusher/faros/pkg/apis/faros/v1alpha1 -p github.com/pusher/faros/pkg/client/informers --listers-package github.com/pusher/faros/pkg/client/listers --versioned-clientset-package github.com/pusher/faros/pkg/client/clientset -h ../../hack/boilerplate.go.txt
+// Generate informers for apis
+//go:generate go run ../../vendor/k8s.io/code-generator/cmd/informer-gen/main.go --input-dirs=github.com/pusher/faros/pkg/apis/faros/v1alpha1,github.com/pusher/faros/pkg/apis/faros/v1alpha2 -p github.com/pusher/faros/pkg/client/informers --listers-package github.com/pusher/faros/pkg/client/listers --versioned-clientset-package github.com/pusher/faros/pkg/client/clientset -h ../../hack/boilerplate.go.txt
 
 // Package apis contains Kubernetes API groups.
 package apis

pkg/apis/faros/v1alpha1/gittrack_types.go

@@ -17,6 +17,8 @@ limitations under the License.
 package v1alpha1
 
 import (
+	"fmt"
+
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
@@ -49,9 +51,12 @@ type GitTrackSpec struct {
 
 // GitTrackDeployKey holds a reference to a secret such as an SSH key or HTTP Basic Auth credentials needed to access the repository
 type GitTrackDeployKey struct {
-	// SecretName is the name of the Secret object containins the key
+	// SecretName is the name of the Secret object containing the key
 	SecretName string `json:"secretName"`
 
+	// SecretNamespace is the namespace of the Secret object containing the key. Defaults to the GitTrack's namespace. Required for ClusterGitTrack.
+	SecretNamespace string `json:"secretNamespace,omitempty"`
+
 	// Key is the key within the Secret object that contains the deploy secret
 	Key string `json:"key"`
 
@@ -142,6 +147,36 @@ type GitTrack struct {
 	Status GitTrackStatus `json:"status,omitempty"`
 }
 
+// GetNamespacedName implementes the GitTrack interface
+func (g *GitTrack) GetNamespacedName() string {
+	return fmt.Sprintf("%s/%s", g.Namespace, g.Name)
+}
+
+// GetSpec implements the GitTrack interface
+func (g *GitTrack) GetSpec() GitTrackSpec {
+	return g.Spec
+}
+
+// SetSpec implements the GitTrack interface
+func (g *GitTrack) SetSpec(s GitTrackSpec) {
+	g.Spec = s
+}
+
+// GetStatus implements the GitTrack interface
+func (g *GitTrack) GetStatus() GitTrackStatus {
+	return g.Status
+}
+
+// SetStatus implements the GitTrack interface
+func (g *GitTrack) SetStatus(s GitTrackStatus) {
+	g.Status = s
+}
+
+// DeepCopyInterface implements the GitTrack interface
+func (g *GitTrack) DeepCopyInterface() GitTrackInterface {
+	return g.DeepCopy()
+}
+
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
 
 // GitTrackList contains a list of GitTrack

pkg/apis/faros/v1alpha1/interfaces.go

@@ -22,6 +22,21 @@ import (
 	"k8s.io/apimachinery/pkg/runtime/schema"
 )
 
+// GitTrackInterface represents an interface implemented by both
+// GitTrack and ClusterGitTrack to allow them to be passed
+// interchangably.
+type GitTrackInterface interface {
+	runtime.Object
+	v1.Object
+	schema.ObjectKind
+	GetNamespacedName() string
+	GetSpec() GitTrackSpec
+	SetSpec(GitTrackSpec)
+	GetStatus() GitTrackStatus
+	SetStatus(GitTrackStatus)
+	DeepCopyInterface() GitTrackInterface
+}
+
 // GitTrackObjectInterface represents an interface implemented by both
 // GitTrackObject and ClusterGitTrackObject to allow them to be passed
 // interchangably.