feat: addint controller and charts

.devcontainer/devcontainer.json

@@ -8,6 +8,9 @@
       "VARIANT": "ubuntu-22.04"
     }
   },
+  "runArgs": [
+    "--add-host=host.docker.internal:host-gateway"
+  ],
   "postStartCommand": "git config --global --add safe.directory ${containerWorkspaceFolder}",
   "postCreateCommand": "bash scripts/postCreateCommand.sh",
   "features": {
@@ -16,6 +19,11 @@
     "ghcr.io/devcontainers/features/kubectl-helm-minikube:1": {},
     "ghcr.io/dhoeric/features/k9s:1": {}
   },
+  "hostRequirements": {
+    "cpus": 8,
+    "memory": "16gb",
+    "storage": "64gb"
+  },
   "customizations": {
     "vscode": {
       "extensions": [

.github/workflows/release.yml

@@ -3,12 +3,15 @@
 name: Release
 
 on:
+  workflow_call:
   push:
     tags:
       - 'v*'
 
 env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  IMAGE_NAME: zeiss/natz-operator
+  REGISTRY: ghcr.io
 
 jobs:
   test:
@@ -17,12 +20,56 @@ jobs:
     uses: ./.github/workflows/main.yml
 
   release:
+    needs: [test]
     runs-on: ubuntu-latest
-    needs: [ test ]
+    permissions:
+      packages: write
+      contents: write
     steps:
       - uses: actions/checkout@v4
+      - run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "[email protected]"
+      - run: |
+          echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
       - uses: actions/setup-go@v5
         with:
           go-version-file: ./go.mod
-      - run: make release
-        if: success()
+          cache-dependency-path: |
+            go.sum
+            tools/go.sum
+      - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - uses: actions/cache@v4
+        with:
+          path: |
+            ~/go/pkg/mod
+          key: ${{ github.job }}-${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ github.job }}-${{ runner.os }}-go-
+      - id: image-tag
+        run: |
+          IMAGE_TAG=${GITHUB_SHA}
+          [[ ${GITHUB_REF_TYPE} == "tag" ]] && IMAGE_TAG=${GITHUB_REF_NAME}
+          echo "IMAGE_TAG=${IMAGE_TAG}" >> $GITHUB_OUTPUT
+      - run: sudo apt-get update && sudo apt install -y libxml2-dev libxslt1-dev liblzma-dev zlib1g-dev
+      - run: |
+          IMAGE_TAG=${{ steps.image-tag.outputs.IMAGE_TAG }} make release
+        env:
+          KO_DOCKER_REPO: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          DIST_DIR: /tmp/dist
+        if: success()
+      - run: |
+          go run internal/tools/updater/main.go --file helm/charts/natz-operator/Chart.yaml --version ${{ env.RELEASE_VERSION }}
+      - uses: azure/setup-helm@v4
+        with:
+          version: v3.11.2
+      - uses: helm/[email protected]
+        with:
+          charts_dir: helm/charts
+          config: helm/cr.yaml
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.goreleaser.yml

@@ -1,13 +1,58 @@
-before:
-  hooks:
-    - go mod tidy
+project_name: natz-operator
+
 builds:
-  - skip: true
+  -
+    id: operator
+    binary: operator-{{.Os}}-{{.Arch}}
+    main: cmd/operator/main.go
+    goos:
+      - linux
+    goarch:
+      - amd64
+      - arm
+      - arm64
+    ignore:
+        - goos: darwin
+          goarch: 386
+    env:
+      - CGO_ENABLED=0
+    ldflags:
+        - -s -w -X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.Date}}
+    no_unique_dist_dir: true
+
+archives:
+  -
+    id: operator
+    builds:
+      - operator
+    name_template: "operator_{{.Version}}_{{.Os}}_{{.Arch}}"
+
+dockers:
+  -
+    dockerfile: Dockerfile.nonroot
+    goos: linux
+    goarch: amd64
+    ids:
+      - operator
+    image_templates:
+      - "ghcr.io/zeiss/{{.ProjectName}}/operator:latest"
+      - "ghcr.io/zeiss/{{.ProjectName}}/operator:{{.Tag}}"
+      - "ghcr.io/zeiss/{{.ProjectName}}/operator"
+    build_flag_templates:
+      - "--pull"
+      - "--label=org.opencontainers.image.created={{.Date}}"
+      - "--label=org.opencontainers.image.title={{.ProjectName}}"
+      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
+      - "--label=org.opencontainers.image.version={{.Version}}"
+      - "--build-arg=BINARY=operator-linux-amd64"
+      - "--platform=linux/amd64"
+
+gomod:
+  proxy: false
+
 release:
-  header: |
-    ## Changelog ({{ .Date }})
+  draft: false
 
-    Welcome to this new release! We hope you enjoy the changes we've made.
 changelog:
   groups:
     - title: Features
@@ -24,3 +69,9 @@ changelog:
       - "^docs:"
       - typo
       - (?i)foo
+
+snapshot:
+  name_template: "{{.Tag}}"
+
+checksum:
+  name_template: "octopinger_go_checksums.txt"

Dockerfile.nonroot

@@ -0,0 +1,9 @@
+FROM gcr.io/distroless/static:nonroot
+ARG BINARY
+
+WORKDIR /
+COPY ${BINARY} /main
+
+USER 65532:65532
+
+ENTRYPOINT ["/main"]

Makefile

@@ -1,15 +1,55 @@
 .DEFAULT_GOAL := build
 
-GO 						?= go
-GO_RUN_TOOLS 	?= $(GO) run -modfile ./tools/go.mod
+VERSION 			?= latest
+
+GO 					?= go
+GO_RUN_TOOLS 		?= $(GO) run -modfile ./tools/go.mod
 GO_TEST 			?= $(GO_RUN_TOOLS) gotest.tools/gotestsum --format pkgname
-GO_RELEASER 	?= $(GO_RUN_TOOLS) github.com/goreleaser/goreleaser
+GO_RELEASER 		?= $(GO_RUN_TOOLS) github.com/goreleaser/goreleaser
 GO_MOD 				?= $(shell ${GO} list -m)
+GO_KUSTOMIZE 		?= $(GO_RUN_TOOLS) sigs.k8s.io/kustomize/kustomize/v5
+
+IMAGE_TAG_BASE 		?= ghcr.io/zeiss/natz-operator/operator
+IMG 				?= $(IMAGE_TAG_BASE):$(VERSION)
+
+ifndef ignore-not-found
+  ignore-not-found = false
+endif
 
 .PHONY: build
 build: ## Build the binary file.
 	$(GO_RELEASER) build --snapshot --clean
 
+.PHONY: snapshot
+snapshot: ## Create a snapshot release
+	$(GO_RELEASER) release --clean --snapshot
+
+.PHONY: release
+release: ## Create a release
+	$(GO_RELEASER) release --clean
+
+.PHONY: install
+install: manifests ## Install CRDs into the K8s cluster specified in ~/.kube/config.
+	$(GO_KUSTOMIZE) build manifests/crd | kubectl apply -f -
+
+.PHONY: uninstall
+uninstall: manifests ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
+	$(GO_KUSTOMIZE) build manifests/crd | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
+
+.PHONY: deploy
+deploy: manifests ## Deploy controller to the K8s cluster specified in ~/.kube/config.
+	cd config/manager && $(GO_KUSTOMIZE) edit set image controller=${IMG}
+	$(GO_KUSTOMIZE) build manifests/default | kubectl apply -f -
+
+.PHONY: undeploy
+undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
+	$(GO_KUSTOMIZE) build manifests/default | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
+
+.PHONY: minikube-push
+minikube-push: ## Push the image to the minikube docker daemon.
+	minikube image rm ${IMG}
+	minikube image load ${IMG}
+
 .PHONY: generate
 generate: ## Generate code.
 	$(GO) generate ./...

api/gen.go

@@ -5,8 +5,8 @@
 //go:generate go run -tags generate sigs.k8s.io/controller-tools/cmd/[email protected] object:headerFile="../hack/copyright.go.txt" paths="./..."
 //go:generate go run -tags generate sigs.k8s.io/controller-tools/cmd/[email protected] rbac:roleName=manager-role crd webhook output:crd:artifacts:config=../manifests/crd/bases paths="./..."
 //go:generate cp ../manifests/crd/bases/natz.zeiss.com_natsaccounts.yaml ../helm/charts/natz-operator/templates/crds/natsaccounts.yaml
-//go:generate cp ../manifests/crd/bases/natz.zeiss.com_natsclusters.yaml ../helm/charts/natz-operator/templates/crds/natsoperators.yaml
-//go:generate cp ../manifests/crd/bases/natz.zeiss.com_natsstreamingclusters.yaml ../helm/charts/natz-operator/templates/crds/natsusers.yaml
+//go:generate cp ../manifests/crd/bases/natz.zeiss.com_natsoperators.yaml ../helm/charts/natz-operator/templates/crds/natsoperators.yaml
+//go:generate cp ../manifests/crd/bases/natz.zeiss.com_natsusers.yaml ../helm/charts/natz-operator/templates/crds/natsusers.yaml
 
 package api
 

cmd/operator/main.go

@@ -1,11 +1,12 @@
-package operator
+package main
 
 import (
 	"context"
 	"fmt"
 
 	"github.com/spf13/cobra"
 	natzv1alpha1 "github.com/zeiss/natz-operator/api/v1alpha1"
+	"github.com/zeiss/natz-operator/controllers"
 
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
@@ -86,7 +87,7 @@ func run(ctx context.Context) error {
 		return err
 	}
 
-	err = setupControllers(f, mgr)
+	err = setupControllers(mgr)
 	if err != nil {
 		return err
 	}
@@ -110,7 +111,22 @@ func run(ctx context.Context) error {
 	return nil
 }
 
-func setupControllers(f *flags, mgr ctrl.Manager) error {
+func setupControllers(mgr ctrl.Manager) error {
+	err := controllers.NewNatsOperatorReconciler(mgr).SetupWithManager(mgr)
+	if err != nil {
+		return err
+	}
+
+	err = controllers.NewNatsAccountReconciler(mgr).SetupWithManager(mgr)
+	if err != nil {
+		return err
+	}
+
+	err = controllers.NewNatsUserReconciler(mgr).SetupWithManager(mgr)
+	if err != nil {
+		return err
+	}
+
 	return nil
 }
 

controllers/const.go

@@ -0,0 +1,23 @@
+package controllers
+
+const (
+	NATZ_OPERATOR_FINALIZER = "natz.zeiss.com/natz-operator"
+	OPERATOR_SEED_KEY       = "seed.nk"
+	OPERATOR_PUBLIC_KEY     = "key.pub"
+	OPERATOR_JWT            = "key.jwt"
+	OPERATOR_CREDS          = "user.creds"
+	OPERATOR_CONFIG_FILE    = "auth.conf"
+	AUTH_CONFIG_TEMPLATE    = `operator: %s
+system_account: %s
+resolver {
+	type: full
+	dir: './jwt'
+	allow_delete: true
+	interval: "2m"
+	timeout: "5s"
+}
+resolver_preload: {
+	%s: %s,
+}
+`
+)