completed round of tests

README.md

@@ -1,102 +1,90 @@
 # Namespace Configuration Controller
 
 The namespace configuration controller helps keeping a namespace's configuration aligned with one of more policies specified as a CRD.
-Currently the following objects are part of the namespace configuration:
 
-- ConfigMaps         
-- PodPresets         
-- Quotas              
-- LimitRanges        
-- RoleBindings        
-- ClusterRoleBindings 
-- ServiceAccounts
+The NamespaceConfig CR allow specifying one or more objects that will be created in the selected namespaces:
 
-Dev teams may of may not be granted permissions to create these objects. In case they haven't the namespace configuration controller can be a way to create namespace configuration policy and govern the way namespace are configured.
+Dev teams may of may not be granted permissions to create these objects. In case they haven't the namespace configuration controller can be a way to enforce namespace configuration policies and govern the way namespaces are configured.
 
 A NamespaceConfig CRD looks as follows:
 
-```
-apiVersion: namespaceconfig.raffaelespazzoli.systems/v1alpha1
+```yaml
+apiVersion: redhat-cop.redhat.io/v1alpha1
 kind: NamespaceConfig
 metadata:
-  name: example-namespaceconfig
+  name: small-size
 spec:
   selector:
     matchLabels:
-      namespaceconfig: "true"
-    matchExpressions:
-     - {key: namespaceconfig, operator: In, values: ["true"]}  
-  networkpolicies: []
-  configmaps: []         
-  podpresets: []         
-  quotas: []              
-  limitranges: []        
-  rolebindings: []        
-  clusterrolebindings: [] 
-  serviceaccounts: []
+      size: small  
+  resources:
+  - apiVersion: v1
+    kind: ResourceQuota
+    metadata:
+      name: small-size  
+    spec:
+      hard:
+        requests.cpu: "4"
+        requests.memory: "2Gi"
+  - other resources
 ```
 
 The selector will select the namespaces to which this configuration should be applied.
-In this example all the managed ojects types have a empty array.
-You can add your API object instance there. The namespace field should not be specified and if it exists it will be overwrittent with the namespace name of the namespace to which the configuration is being applied.
-
-## Installation
-Run the following to installe the controller:
-```
-oc new-project namespace-configuration-controller
-oc apply -f deploy/namespace-configuration-controller.yaml
-```
+In this example a quota object is created.
 
+The namespace field of defined resources should not be specified and if it exists it will be overwritten with the namespace name of the namespace to which the configuration is being applied.
 
 ## Configuration Examples
 
 Here is a list of use cases in which the Namespace Configuration Controller can be useful
 
 ### T-Shirt Sized Quotas
 
-during the provisionin gof ne projects to dev teams some organizations start with T-shirt sized quotas. Here is an example of how this can be done with the Namespace Configuration Controller
+During the provisioning of the projects to dev teams some, organizations start with T-shirt sized quotas. Here is an example of how this can be done with the Namespace Configuration Controller
 
-```
-apiVersion: namespaceconfig.raffaelespazzoli.systems/v1alpha1
+```yaml
+apiVersion: redhat-cop.redhat.io/v1alpha1
 kind: NamespaceConfig
 metadata:
   name: small-size
 spec:
   selector:
     matchLabels:
       size: small  
-  quotas:
+  resources:
   - apiVersion: v1
     kind: ResourceQuota
     metadata:
       name: small-size  
     spec:
       hard:
-        requests.cpu: "4" 
-        requests.memory: "2Gi" 
+        requests.cpu: "4"
+        requests.memory: "2Gi"
 ---
-apiVersion: namespaceconfig.raffaelespazzoli.systems/v1alpha1
+apiVersion: redhat-cop.redhat.io/v1alpha1
 kind: NamespaceConfig
 metadata:
   name: large-size
 spec:
   selector:
     matchLabels:
       size: large  
-  quotas:
+  resources:
   - apiVersion: v1
     kind: ResourceQuota
     metadata:
       name: large-size
     spec:
       hard:
-        requests.cpu: "8" 
-        requests.memory: "4Gi" 
+        requests.cpu: "8"
+        requests.memory: "4Gi"  
 ```
 
 We can test the above configuration as follows:
-```
-oc apply -f examples/tshirt-quotas.yaml
+
+```yaml
+oc new-project test-namespace-config
+oc apply -f examples/tshirt-quotas.yaml -n test-namespace-config
 oc new-project large-project
 oc label namespace large-project size=large
 oc new-project small-project
@@ -352,7 +340,7 @@ oc label namespace special-pod unprivileged-pods=true
 This is a cluster-level operator that you can deploy in any namespace, `namespace-configuration-operator` is recommeded.
 
 ```shell
-oc apply -f deploy/crds/redhat-cop_v1alpha1_namespaceconfig_crd.yaml
+oc apply -f deploy/crds/redhatcop_v1alpha1_namespaceconfig_crd.yaml
 oc new-project namespace-configuration-operator
 ```
 

deploy/crds/redhatcop_v1alpha1_namespaceconfig_cr.yaml

@@ -0,0 +1,7 @@
+apiVersion: redhat-cop.redhat.io/v1alpha1
+kind: NamespaceConfig
+metadata:
+  name: example-namespaceconfig
+spec:
+  # Add fields here
+  size: 3

deploy/crds/redhatcop_v1alpha1_namespaceconfig_crd.yaml

@@ -0,0 +1,47 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: namespaceconfigs.redhatcop.redhat.io
+spec:
+  group: redhatcop.redhat.io
+  names:
+    kind: NamespaceConfig
+    listKind: NamespaceConfigList
+    plural: namespaceconfigs
+    singular: namespaceconfig
+  scope: Namespaced
+  validation:
+    openAPIV3Schema:
+      properties:
+        apiVersion:
+          description: 'APIVersion defines the versioned schema of this representation
+            of an object. Servers should convert recognized schemas to the latest
+            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+          type: string
+        kind:
+          description: 'Kind is a string value representing the REST resource this
+            object represents. Servers may infer this from the endpoint the client
+            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+          type: string
+        metadata:
+          type: object
+        spec:
+          properties:
+            resources:
+              items:
+                type: object
+              type: array
+            selector:
+              description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+                Important: Run "operator-sdk generate k8s" to regenerate code after
+                modifying this file Add custom validation using kubebuilder tags:
+                https://book.kubebuilder.io/beyond_basics/generating_crd.html'
+              type: object
+          type: object
+        status:
+          type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true

deploy/role.yaml

@@ -1,54 +1,46 @@
-apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  creationTimestamp: null
   name: namespace-configuration-operator
 rules:
+# leader election   
 - apiGroups:
   - ""
   resources:
+  - configmaps
   - pods
+  verbs:
+  - "*"  
+#Metrics  
+- apiGroups:
+  - ""
+  resources:
   - services
-  - endpoints
-  - persistentvolumeclaims
-  - events
-  - configmaps
-  - secrets
   verbs:
-  - '*'
+  - "*"
+#Metrics  
 - apiGroups:
-  - apps
+  - "apps"
   resources:
-  - deployments
-  - daemonsets
   - replicasets
-  - statefulsets
-  verbs:
-  - '*'
+  - deployments
+  verbs: 
+  - "get"
+  - "list"
+# Metrics  
 - apiGroups:
   - monitoring.coreos.com
   resources:
   - servicemonitors
   verbs:
-  - get
-  - create
+  - "get"
+  - "create"
+# Metrics  
 - apiGroups:
   - apps
-  resourceNames:
-  - namespace-configuration-operator
   resources:
   - deployments/finalizers
+  resourceNames:
+  - cert-utils-operator
   verbs:
-  - update
-- apiGroups:
-  - redhat-cop.io
-  resources:
-  - '*'
-  verbs:
-  - '*'
-- apiGroups:
-  - redhat-cop.redhat.io
-  resources:
-  - '*'
-  verbs:
-  - '*'
+  - "update"

deploy/role_binding.yaml

@@ -1,11 +1,23 @@
-kind: RoleBinding
+kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: namespace-configuration-operator
 subjects:
+- kind: ServiceAccount
+  name: namespace-configuration-operator
+roleRef:
+  kind: ClusterRole
+  name: admin
+  apiGroup: rbac.authorization.k8s.io
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: namespace-configuration-operator
+subjects: 
 - kind: ServiceAccount
   name: namespace-configuration-operator
 roleRef:
   kind: Role
   name: namespace-configuration-operator
-  apiGroup: rbac.authorization.k8s.io
+  apiGroup: rbac.authorization.k8s.io 

pkg/apis/redhatcop/v1alpha1/doc.go

@@ -1,4 +1,4 @@
 // Package v1alpha1 contains API Schema definitions for the redhat-cop v1alpha1 API group
 // +k8s:deepcopy-gen=package,register
-// +groupName=redhat-cop.io
+// +groupName=redhat-cop.redhat.io
 package v1alpha1

pkg/apis/redhatcop/v1alpha1/namespaceconfig_types.go

@@ -2,7 +2,7 @@ package v1alpha1
 
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	runtime "k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime"
 )
 
 // EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!

pkg/apis/redhatcop/v1alpha1/register.go

@@ -2,7 +2,7 @@
 
 // Package v1alpha1 contains API Schema definitions for the redhat-cop v1alpha1 API group
 // +k8s:deepcopy-gen=package,register
-// +groupName=redhat-cop.io
+// +groupName=redhat-cop.redhat.io
 package v1alpha1
 
 import (
@@ -12,7 +12,7 @@ import (
 
 var (
 	// SchemeGroupVersion is group version used to register these objects
-	SchemeGroupVersion = schema.GroupVersion{Group: "redhat-cop.io", Version: "v1alpha1"}
+	SchemeGroupVersion = schema.GroupVersion{Group: "redhat-cop.redhat.io", Version: "v1alpha1"}
 
 	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
 	SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion}