Skip to content

Upgrade Kubebuilder Version to v3 #512

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
nigthknight merged 18 commits into from
Jun 25, 2021
Merged

Upgrade Kubebuilder Version to v3 #512

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
3289cbf
Migrate Operator code to kubebuilder v3
J12934 May 4, 2021
59a2d8b
Delete deprecated handlesResult attribute from ParseDefinitions
J12934 May 4, 2021
21df24a
Migrate from outdated rbac api versions
J12934 May 5, 2021
7168408
Add kubebuilder v3 health and ready probes
J12934 May 5, 2021
b9841a4
Update to new kubebuilder leader election cli flag
J12934 May 5, 2021
fe605b8
Update leader election rbac
J12934 May 5, 2021
2677b64
Fix bug in amass scanType template
J12934 May 5, 2021
8ea8b84
Remove accidental name parameter from ssh-scan ScanType
J12934 May 5, 2021
3fffc1e
Remove accidental name parameter from wpscan ScanType
J12934 May 5, 2021
c4c117f
Mark required scan fields as required
J12934 May 6, 2021
ff846ea
Restore some accidentally deleted files
J12934 May 6, 2021
116435e
Set preserveUnkownFields explicitly to false
J12934 May 7, 2021
9eba655
Merge branch 'v3' into feature/kubebuilder-upgrade
J12934 Jun 18, 2021
d1da16b
Merge branch 'main' into feature/kubebuilder-upgrade
J12934 Jun 21, 2021
8aa9fe9
Add license headers
J12934 Jun 23, 2021
9f5cd2c
Switch img namespace back to scb one
J12934 Jun 23, 2021
67726b2
Update to kubebuilder v3.1
J12934 Jun 24, 2021
f70d589
Merge branch 'main' into feature/kubebuilder-upgrade
J12934 Jun 24, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions operator/.dockerignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
# SPDX-FileCopyrightText: 2021 iteratec GmbH
#
# SPDX-License-Identifier: Apache-2.0

# More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file
# Ignore all files which are not go type
!**/*.go
!**/*.mod
!**/*.sum
1 change: 1 addition & 0 deletions operator/.gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
*.so
*.dylib
bin
testbin/*

# Test binary, build with `go test -c`
*.test
Expand Down
132 changes: 80 additions & 52 deletions operator/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
# Image URL to use all building/pushing image targets
IMG ?= securecodebox/operator:latest
# Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
CRD_OPTIONS ?= "crd:trivialVersions=true"
CRD_OPTIONS ?= "crd:trivialVersions=true,preserveUnknownFields=false"

# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
ifeq (,$(shell go env GOBIN))
Expand All @@ -14,70 +14,98 @@ else
GOBIN=$(shell go env GOBIN)
endif

all: manager
# Setting SHELL to bash allows bash commands to be executed by recipes.
# This is a requirement for 'setup-envtest.sh' in the test target.
# Options are set to exit when a recipe line exits non-zero or a piped command fails.
SHELL = /usr/bin/env bash -o pipefail
.SHELLFLAGS = -ec

# Run tests
test: generate fmt vet manifests
go test ./... -coverprofile cover.out
all: build

# Build manager binary
manager: generate fmt vet
go build -o bin/manager main.go

# Run against the configured Kubernetes cluster in ~/.kube/config
run: generate fmt vet manifests
go run ./main.go
##@ General

# Install CRDs into a cluster
install: manifests
kustomize build config/crd | kubectl apply -f -
# The help target prints out all targets with their descriptions organized
# beneath their categories. The categories are represented by '##@' and the
# target descriptions by '##'. The awk commands is responsible for reading the
# entire set of makefiles included in this invocation, looking for lines of the
# file as xyz: ## something, and then pretty-format the target and help. Then,
# if there's a line with ##@ something, that gets pretty-printed as a category.
# More info on the usage of ANSI control characters for terminal formatting:
# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters
# More info on the awk command:
# http://linuxcommand.org/lc3_adv_awk.php

# Uninstall CRDs from a cluster
uninstall: manifests
kustomize build config/crd | kubectl delete -f -
help: ## Display this help.
@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)

# Deploy controller in the configured Kubernetes cluster in ~/.kube/config
deploy: manifests
cd config/manager && kustomize edit set image controller=${IMG}
kustomize build config/default | kubectl apply -f -
##@ Development

# Generate manifests e.g. CRD, RBAC etc.
manifests: controller-gen
manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases

# Run go fmt against code
fmt:
generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."

fmt: ## Run go fmt against code.
go fmt ./...

# Run go vet against code
vet:
vet: ## Run go vet against code.
go vet ./...

# Generate code
generate: controller-gen
$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
ENVTEST_ASSETS_DIR=$(shell pwd)/testbin
test: manifests generate fmt vet ## Run tests.
mkdir -p ${ENVTEST_ASSETS_DIR}
test -f ${ENVTEST_ASSETS_DIR}/setup-envtest.sh || curl -sSLo ${ENVTEST_ASSETS_DIR}/setup-envtest.sh https://raw.githubusercontent.com/kubernetes-sigs/controller-runtime/v0.7.2/hack/setup-envtest.sh
source ${ENVTEST_ASSETS_DIR}/setup-envtest.sh; fetch_envtest_tools $(ENVTEST_ASSETS_DIR); setup_envtest_env $(ENVTEST_ASSETS_DIR); go test ./... -coverprofile cover.out

##@ Build

build: generate fmt vet ## Build manager binary.
go build -o bin/manager main.go

run: manifests generate fmt vet ## Run a controller from your host.
go run ./main.go

# Build the docker image
docker-build: test
docker build . -t ${IMG}
docker-build: test ## Build docker image with the manager.
docker build -t ${IMG} .

# Push the docker image
docker-push:
docker-push: ## Push docker image with the manager.
docker push ${IMG}

# find or download controller-gen
# download controller-gen if necessary
controller-gen:
ifeq (, $(shell which controller-gen))
@{ \
set -e ;\
CONTROLLER_GEN_TMP_DIR=$$(mktemp -d) ;\
cd $$CONTROLLER_GEN_TMP_DIR ;\
go mod init tmp ;\
go get sigs.k8s.io/controller-tools/cmd/[email protected] ;\
rm -rf $$CONTROLLER_GEN_TMP_DIR ;\
}
CONTROLLER_GEN=$(GOBIN)/controller-gen
else
CONTROLLER_GEN=$(shell which controller-gen)
endif
##@ Deployment

install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
$(KUSTOMIZE) build config/crd | kubectl apply -f -

uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config.
$(KUSTOMIZE) build config/crd | kubectl delete -f -

deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
$(KUSTOMIZE) build config/default | kubectl apply -f -

undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config.
$(KUSTOMIZE) build config/default | kubectl delete -f -


CONTROLLER_GEN = $(shell pwd)/bin/controller-gen
controller-gen: ## Download controller-gen locally if necessary.
$(call go-get-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/[email protected])

KUSTOMIZE = $(shell pwd)/bin/kustomize
kustomize: ## Download kustomize locally if necessary.
$(call go-get-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/[email protected])

# go-get-tool will 'go get' any package $2 and install it to $1.
PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST))))
define go-get-tool
@[ -f $(1) ] || { \
set -e ;\
TMP_DIR=$$(mktemp -d) ;\
cd $$TMP_DIR ;\
go mod init tmp ;\
echo "Downloading $(2)" ;\
GOBIN=$(PROJECT_DIR)/bin go get $(2) ;\
rm -rf $$TMP_DIR ;\
}
endef
55 changes: 45 additions & 10 deletions operator/PROJECT
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,23 +1,58 @@
domain: securecodebox.io
layout:
- go.kubebuilder.io/v3
multigroup: true
projectName: operator
repo: github.com/secureCodeBox/secureCodeBox
resources:
- group: execution
- api:
crdVersion: v1
namespaced: true
controller: true
domain: securecodebox.io
group: execution
kind: Scan
path: github.com/secureCodeBox/secureCodeBox/operator/apis/execution/v1
version: v1
- group: execution
- api:
crdVersion: v1
namespaced: true
domain: securecodebox.io
group: execution
kind: ScanType
path: github.com/secureCodeBox/secureCodeBox/operator/apis/execution/v1
version: v1
- group: execution
kind: PersistenceProvider
version: v1
- group: execution
- api:
crdVersion: v1
namespaced: true
domain: securecodebox.io
group: execution
kind: ParseDefinition
path: github.com/secureCodeBox/secureCodeBox/operator/apis/execution/v1
version: v1
- group: execution
kind: ScheduledScan
- api:
crdVersion: v1
namespaced: true
domain: securecodebox.io
group: execution
kind: ScanCompletionHook
path: github.com/secureCodeBox/secureCodeBox/operator/apis/execution/v1
version: v1
- group: cascading
- api:
crdVersion: v1
namespaced: true
domain: securecodebox.io
group: cascading
kind: CascadingRule
path: github.com/secureCodeBox/secureCodeBox/operator/apis/cascading/v1
version: v1
- api:
crdVersion: v1
namespaced: true
controller: true
domain: securecodebox.io
group: execution
kind: ScheduledScan
path: github.com/secureCodeBox/secureCodeBox/operator/apis/execution/v1
version: v1
version: "2"
version: "3"
4 changes: 2 additions & 2 deletions operator/apis/cascading/v1/groupversion_info.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@
// SPDX-License-Identifier: Apache-2.0

// Package v1 contains API Schema definitions for the cascading v1 API group
// +kubebuilder:object:generate=true
// +groupName=cascading.securecodebox.io
//+kubebuilder:object:generate=true
//+groupName=cascading.securecodebox.io
package v1

import (
Expand Down
2 changes: 1 addition & 1 deletion operator/apis/cascading/v1/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions operator/apis/execution/v1/groupversion_info.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@
// SPDX-License-Identifier: Apache-2.0

// Package v1 contains API Schema definitions for the execution v1 API group
// +kubebuilder:object:generate=true
// +groupName=execution.securecodebox.io
//+kubebuilder:object:generate=true
//+groupName=execution.securecodebox.io
package v1

import (
Expand Down
2 changes: 2 additions & 0 deletions operator/apis/execution/v1/scan_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,9 +38,11 @@ type ScanSpec struct {
// Important: Run "make" to regenerate code after modifying this file

// The name of the scanType which should be started.
// +kubebuilder:validation:Required
ScanType string `json:"scanType,omitempty"`

// All CLI parameters to configure the scan container.
// +kubebuilder:validation:Required
Parameters []string `json:"parameters,omitempty"`

// Env allows to specify environment vars for the scanner container. These will be merged will the env vars specified for the first container of the pod defined in the ScanType
Expand Down
0 ...r/apis/execution/v1/scancompletionhook.go → .../execution/v1/scancompletionhook_types.go
View file
Open in desktop
File renamed without changes.
2 changes: 1 addition & 1 deletion operator/apis/execution/v1/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

30 changes: 0 additions & 30 deletions operator/config/certmanager/certificate.yaml
View file
Open in desktop

This file was deleted.

9 changes: 0 additions & 9 deletions operator/config/certmanager/kustomization.yaml
View file
Open in desktop

This file was deleted.

20 changes: 0 additions & 20 deletions operator/config/certmanager/kustomizeconfig.yaml
View file
Open in desktop

This file was deleted.

Loading