migrate to operator-sdk v1.3.0

.circleci/config.yml

@@ -6,8 +6,6 @@ experimental:
       only:
         - master
 
-
-
 # Define shareable packages of configuration
 # elements used into the worflow (= Orbs)
 orbs:
@@ -57,7 +55,7 @@ orbs:
               name: Vendor dependencies
               command: if [ ! -d vendor ]; then go mod vendor; fi
           - run:
-              name: Generate k8s
+              name: Generate
               command: |
                 make generate
                 [ "$(git ls-files -m | grep -c zz_generated)" -eq 0 ]
@@ -73,42 +71,6 @@ orbs:
                 - build/_output
                 - vendor
 
-      # Build job, which build operator docker image (with operator-sdk build)
-      build-ci:
-        <<: *params_operator
-        <<: *job_operator
-        steps:
-          - checkout:
-              path: /home/circleci/nifikop
-          - setup_remote_docker # Creates a separate environment for each build for security.
-          - restore_cache: # If exist, restore dependencies libs download cache, from previous pipeline execution.
-              keys: # Use checksum of go.sum to version cache.
-                - << parameters.operatorName >>-build-ci-{{ .Branch }}-{{ checksum "go.sum" }}
-          - attach_workspace:  # Attach artifact from workdir
-              at: /home/circleci
-          - run:
-              name: Build Operator
-              command: make build-ci-image
-          - persist_to_workspace: # Create artifacts
-              root: /home/circleci
-              paths:
-                - << parameters.operatorDir >>/build/_output
-          - deploy:
-              name: Push image to Docker Hub
-              command: |
-                if [[ $(echo "$CIRCLE_BRANCH" | grep -c "pull") -gt 0 ]]; then
-                  echo "This is a PR, we don't push to Hub."
-                else
-                  docker login --username $DOCKERHUB_USER --password $DOCKERHUB_PASSWORD
-                  make push-ci-image
-                fi
-          - save_cache:
-              name: Save build artifacts in cache
-              key: << parameters.operatorName >>-build-ci-{{ .Branch }}-{{ checksum "go.sum" }}
-              paths:
-                - build/_output
-
-
       # Build job, which build operator docker image (with operator-sdk build)
       build-operator:
         <<: *params_operator
@@ -137,7 +99,7 @@ orbs:
                   echo "This is a PR, we don't push to Hub."
                 else
                   docker login --username $DOCKERHUB_USER --password $DOCKERHUB_PASSWORD
-                  make push
+                  make docker-push
                 fi
           - save_cache:
               name: Save build artifacts in cache
@@ -158,15 +120,14 @@ orbs:
           # Unit tests steps
           - run:
               name: Unit Tests
-              command: make unit-test-with-vendor
+              command: make test-with-vendor
           # Artifacts definitions
           - store_artifacts: # Store unit test coverage reports
               path: coverage.html
           - persist_to_workspace:
               root: /home/circleci
               paths:
-                - << parameters.operatorDir >>/coverage.out
-                - << parameters.operatorDir >>/test-report.out
+                - << parameters.operatorDir >>/cover.out
 #      report-sonar:
 #        description: Detect bugs and vulnerabilities
 #        parameters:
@@ -249,7 +210,7 @@ orbs:
                 if [[ $(echo "$CIRCLE_BRANCH" | grep -c "pull") -gt 0 ]]; then
                   echo "This is a PR, we don't publish to helm repo."
                 else
-                  GCP_SA_CREDS=${GCP_POC_RTC_SA_KEY} /home/circleci/nifikop/tools/publish_helm_gcs.sh
+                  CHART_VERSION=$(cat helm/nifikop/Chart.yaml| grep version | awk -F"version: " '{print $2}') GCP_SA_CREDS=${GCP_POC_RTC_SA_KEY} /home/circleci/nifikop/tools/publish_helm_gcs.sh
                 fi
 jobs:
   deploy-website:
@@ -325,13 +286,6 @@ workflows:
             - unit-test-nifikop
           <<: *everytime_filter
 
-      - operator/build-ci:
-          type: approval
-          name: build-ci
-          requires:
-            - unit-test-nifikop
-          <<: *website_publish
-
 #      - operator/report-sonar:
 #          name: report-nifikop
 #          requires:

.dockerignore

@@ -0,0 +1,5 @@
+# More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file
+# Ignore all files which are not go type
+!**/*.go
+!**/*.mod
+!**/*.sum

.gitignore

@@ -104,3 +104,20 @@ website/.env.production.local
 website/npm-debug.log*
 website/yarn-debug.log*
 website/yarn-error.log*
+
+bin
+testbin/*
+
+# Test binary, build with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Kubernetes Generated files - skip generated files, except for vendored files
+
+!vendor/**/zz_generated.*
+
+# editor and IDE paraphernalia
+
+*~

CHANGELOG.md

@@ -2,14 +2,25 @@
 
 ### Added
 
+- [PR #53](https://github.com/Orange-OpenSource/nifikop/pull/53) - **[Operator/NifiUser]** Cert-manager integration can now be disabled (it's still required for secured cluster).
+
 ### Changed
 
+- [PR #53](https://github.com/Orange-OpenSource/nifikop/pull/53) - **[Operator]** Upgrade operator-sdk from v0.18.0 to v.1.3.0, which upgrade k8s dependencies to 0.19.4 and migrate to Kubebuilder aligned project layout.
+- [PR #53](https://github.com/Orange-OpenSource/nifikop/pull/53) - **[CI]** Update steps with new Makefile commands.
+
 ### Deprecated
 
+- [PR #53](https://github.com/Orange-OpenSource/nifikop/pull/53) - **[Operator/CRD]** No more support for Kubernetes cluster under version 1.16 (we no longer provide crds in version v1beta1)
+
 ### Removed
 
 ### Fixed Bugs
 
+- [PR #53](https://github.com/Orange-OpenSource/nifikop/pull/53) - **[Operator]** Upgrade k8s dependencies to match with new version requirement : [#52](https://github.com/Orange-OpenSource/nifikop/issues/52) [#51](https://github.com/Orange-OpenSource/nifikop/issues/51) [#33](https://github.com/Orange-OpenSource/nifikop/issues/33) 
+- [PR #53](https://github.com/Orange-OpenSource/nifikop/pull/53) - **[Operator]** Fix the users used into Reader user group
+- [PR #53](https://github.com/Orange-OpenSource/nifikop/pull/53) - **[Documentation]** Fix the chart version informations : [#51](https://github.com/Orange-OpenSource/nifikop/issues/51)
+
 ## v0.4.2-alpha-release
 
 ### Fixed Bugs
@@ -18,7 +29,6 @@
 
 - [PR #41](https://github.com/Orange-OpenSource/nifikop/pull/42) - **[Operator]** Access policies enum type list
 
-
 ### Added
 
 - [PR #41](https://github.com/Orange-OpenSource/nifikop/pull/41) - **[Operator/NifiUser]** Manage NiFi's users into NiFi Cluster

build/Dockerfile → Dockerfile

@@ -1,15 +1,28 @@
-FROM golang:1.14 as build
-
-ENV GO111MODULE=on
-
-ADD tools tools
-RUN cd tools/health && go build -o ../../health main.go
-
-RUN useradd -u 1001 nifikop
-RUN mkdir -p /tmp && chown nifikop /tmp
-
-FROM registry.access.redhat.com/ubi8/ubi-minimal:latest
-
+# Build the manager binary
+FROM golang:1.15 as builder
+
+WORKDIR /workspace
+
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY main.go main.go
+COPY api/ api/
+COPY controllers/ controllers/
+COPY pkg/ pkg/
+COPY version/ version/
+
+# Build
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager main.go
+
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM gcr.io/distroless/static:nonroot
 LABEL org.opencontainers.image.documentation="https://github.com/Orange-OpenSource/nifikop/blob/master/README.md"
 LABEL org.opencontainers.image.authors="Alexandre Guitton <[email protected]>"
 LABEL org.opencontainers.image.source="https://github.com/Orange-OpenSource/nifikop"
@@ -27,19 +40,10 @@ LABEL org.label-schema.docker.cmd.help="N/A"
 LABEL org.label-schema.docker.cmd.debug="N/A"
 LABEL org.label-schema.docker.params="LOG_LEVEL=define loglevel,RESYNC_PERIOD=period in second to execute resynchronisation,WATCH_NAMESPACE=namespace to watch for nificlusters,OPERATOR_NAME=name of the operator instance pod"
 
-ENV OPERATOR=/usr/local/bin/nifikop \
-    USER_UID=1001 \
-    USER_NAME=nifikop
-
-COPY --from=build /tmp /tmp
-COPY --from=build /go/health /
-
-# install operator binary
-COPY build/_output/bin/nifikop ${OPERATOR}
-
-COPY build/bin /usr/local/bin
-RUN  /usr/local/bin/user_setup
+WORKDIR /
+COPY --from=builder /workspace/manager .
 
-ENTRYPOINT ["/usr/local/bin/entrypoint"]
+#USER 65532:65532
+USER 1001:1001
 
-USER ${USER_UID}
+ENTRYPOINT ["/manager"]