Creating "CBContainersGuardrails" api

PROJECT

@@ -6,6 +6,9 @@ resources:
 - crdVersion: v1
   kind: CBContainersCluster
   version: v1
+- crdVersion: v1
+  kind: CBContainersGuardrails
+  version: v1
 version: 3-alpha
 plugins:
   manifests.sdk.operatorframework.io/v2: {}

api/v1/cbcontainersguardrails_types.go

@@ -0,0 +1,64 @@
+/*
+Copyright 2021.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// CBContainersGuardrailsSpec defines the desired state of CBContainersGuardrails
+type CBContainersGuardrailsSpec struct {
+	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+
+	// Foo is an example field of CBContainersGuardrails. Edit CBContainersGuardrails_types.go to remove/update
+	Foo string `json:"foo,omitempty"`
+}
+
+// CBContainersGuardrailsStatus defines the observed state of CBContainersGuardrails
+type CBContainersGuardrailsStatus struct {
+	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+
+// CBContainersGuardrails is the Schema for the cbcontainersguardrails API
+type CBContainersGuardrails struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   CBContainersGuardrailsSpec   `json:"spec,omitempty"`
+	Status CBContainersGuardrailsStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// CBContainersGuardrailsList contains a list of CBContainersGuardrails
+type CBContainersGuardrailsList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []CBContainersGuardrails `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&CBContainersGuardrails{}, &CBContainersGuardrailsList{})
+}

config/crd/kustomization.yaml

@@ -3,17 +3,20 @@
 # It should be run by config/default
 resources:
 - bases/operator.containers.carbonblack.io_cbcontainersclusters.yaml
+- bases/operator.containers.carbonblack.io_cbcontainersguardrails.yaml
 # +kubebuilder:scaffold:crdkustomizeresource
 
 patchesStrategicMerge:
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
 # patches here are for enabling the conversion webhook for each CRD
 #- patches/webhook_in_cbcontainersclusters.yaml
+#- patches/webhook_in_cbcontainersguardrails.yaml
 # +kubebuilder:scaffold:crdkustomizewebhookpatch
 
 # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
 # patches here are for enabling the CA injection for each CRD
 #- patches/cainjection_in_cbcontainersclusters.yaml
+#- patches/cainjection_in_cbcontainersguardrails.yaml
 # +kubebuilder:scaffold:crdkustomizecainjectionpatch
 
 # the following config is for teaching kustomize how to do kustomization for CRDs.

config/crd/patches/cainjection_in_cbcontainersguardrails.yaml

@@ -0,0 +1,7 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: cbcontainersguardrails.operator.containers.carbonblack.io

config/crd/patches/webhook_in_cbcontainersguardrails.yaml

@@ -0,0 +1,14 @@
+# The following patch enables a conversion webhook for the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: cbcontainersguardrails.operator.containers.carbonblack.io
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        service:
+          namespace: system
+          name: webhook-service
+          path: /convert

config/rbac/cbcontainersguardrails_editor_role.yaml

@@ -0,0 +1,24 @@
+# permissions for end users to edit cbcontainersguardrails.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cbcontainersguardrails-editor-role
+rules:
+- apiGroups:
+  - operator.containers.carbonblack.io
+  resources:
+  - cbcontainersguardrails
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - operator.containers.carbonblack.io
+  resources:
+  - cbcontainersguardrails/status
+  verbs:
+  - get

config/rbac/cbcontainersguardrails_viewer_role.yaml

@@ -0,0 +1,20 @@
+# permissions for end users to view cbcontainersguardrails.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cbcontainersguardrails-viewer-role
+rules:
+- apiGroups:
+  - operator.containers.carbonblack.io
+  resources:
+  - cbcontainersguardrails
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - operator.containers.carbonblack.io
+  resources:
+  - cbcontainersguardrails/status
+  verbs:
+  - get

config/samples/_v1_cbcontainersguardrails.yaml

@@ -0,0 +1,7 @@
+apiVersion: operator.containers.carbonblack.io/v1
+kind: CBContainersGuardrails
+metadata:
+  name: cbcontainersguardrails-sample
+spec:
+  # Add fields here
+  foo: bar

config/samples/kustomization.yaml

@@ -1,4 +1,5 @@
 ## Append samples you want in your CSV to this file as resources ##
 resources:
 - _v1_cbcontainerscluster.yaml
+- _v1_cbcontainersguardrails.yaml
 # +kubebuilder:scaffold:manifestskustomizesamples

controllers/cbcontainersguardrails_controller.go

@@ -0,0 +1,63 @@
+/*
+Copyright 2021.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package controllers
+
+import (
+	"context"
+
+	"github.com/go-logr/logr"
+	"k8s.io/apimachinery/pkg/runtime"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	operatorcontainerscarbonblackiov1 "github.com/vmware/cbcontainers-operator/api/v1"
+)
+
+// CBContainersGuardrailsReconciler reconciles a CBContainersGuardrails object
+type CBContainersGuardrailsReconciler struct {
+	client.Client
+	Log    logr.Logger
+	Scheme *runtime.Scheme
+}
+
+// +kubebuilder:rbac:groups=operator.containers.carbonblack.io,resources=cbcontainersguardrails,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=operator.containers.carbonblack.io,resources=cbcontainersguardrails/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups=operator.containers.carbonblack.io,resources=cbcontainersguardrails/finalizers,verbs=update
+
+// Reconcile is part of the main kubernetes reconciliation loop which aims to
+// move the current state of the cluster closer to the desired state.
+// TODO(user): Modify the Reconcile function to compare the state specified by
+// the CBContainersGuardrails object against the actual cluster state, and then
+// perform operations to make the cluster state reflect the state specified by
+// the user.
+//
+// For more details, check Reconcile and its Result here:
+// - https://pkg.go.dev/sigs.k8s.io/[email protected]/pkg/reconcile
+func (r *CBContainersGuardrailsReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
+	_ = r.Log.WithValues("cbcontainersguardrails", req.NamespacedName)
+
+	// your logic here
+
+	return ctrl.Result{}, nil
+}
+
+// SetupWithManager sets up the controller with the Manager.
+func (r *CBContainersGuardrailsReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	return ctrl.NewControllerManagedBy(mgr).
+		For(&operatorcontainerscarbonblackiov1.CBContainersGuardrails{}).
+		Complete(r)
+}

controllers/suite_test.go

@@ -64,6 +64,9 @@ var _ = BeforeSuite(func() {
 	err = operatorcontainerscarbonblackiov1.AddToScheme(scheme.Scheme)
 	Expect(err).NotTo(HaveOccurred())
 
+	err = operatorcontainerscarbonblackiov1.AddToScheme(scheme.Scheme)
+	Expect(err).NotTo(HaveOccurred())
+
 	// +kubebuilder:scaffold:scheme
 
 	k8sClient, err = client.New(cfg, client.Options{Scheme: scheme.Scheme})

main.go

@@ -86,6 +86,14 @@ func main() {
 		setupLog.Error(err, "unable to create controller", "controller", "CBContainersCluster")
 		os.Exit(1)
 	}
+	if err = (&controllers.CBContainersGuardrailsReconciler{
+		Client: mgr.GetClient(),
+		Log:    ctrl.Log.WithName("controllers").WithName("CBContainersGuardrails"),
+		Scheme: mgr.GetScheme(),
+	}).SetupWithManager(mgr); err != nil {
+		setupLog.Error(err, "unable to create controller", "controller", "CBContainersGuardrails")
+		os.Exit(1)
+	}
 	// +kubebuilder:scaffold:builder
 
 	if err := mgr.AddHealthzCheck("health", healthz.Ping); err != nil {