Merge pull request #21 from GoogleCloudPlatform/wip-migrate-to-kubebu…

…ilder-3

Migrate to kubebuilder 3

.dockerignore

@@ -0,0 +1,4 @@
+# More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file
+# Ignore build and test binaries.
+bin/
+testbin/

Dockerfile

@@ -1,19 +1,19 @@
-# Copyright 2021 Google LLC
-#
+# Copyright 2022 Google LLC.
+# 
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
 # Build the manager binary
-FROM golang:1.15 as builder
+FROM golang:1.18 as builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests
@@ -29,13 +29,13 @@ COPY api/ api/
 COPY controllers/ controllers/
 
 # Build
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager main.go
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o manager main.go
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
 FROM gcr.io/distroless/static:nonroot
 WORKDIR /
 COPY --from=builder /workspace/manager .
-USER nonroot:nonroot
+USER 65532:65532
 
 ENTRYPOINT ["/manager"]

Makefile

@@ -1,6 +1,8 @@
 
 # Image URL to use all building/pushing image targets
 IMG ?= controller:$(shell git describe --always --dirty)
+# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
+ENVTEST_K8S_VERSION = 1.24.1
 # Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
 CRD_OPTIONS ?= "crd:trivialVersions=true"
 SKIP_TEST ?= false
@@ -12,91 +14,139 @@ else
 GOBIN=$(shell go env GOBIN)
 endif
 
-all: manager
+# Setting SHELL to bash allows bash commands to be executed by recipes.
+# This is a requirement for 'setup-envtest.sh' in the test target.
+# Options are set to exit when a recipe line exits non-zero or a piped command fails.
+SHELL = /usr/bin/env bash -o pipefail
+.SHELLFLAGS = -ec
 
-# Run tests
-test: generate fmt vet manifests
-	[ $(SKIP_TEST) == "true" ] || go test ./... -coverprofile cover.out
+.PHONY: all
+all: build
 
-# Build manager binary
-manager: generate fmt vet
-	go build -o bin/manager main.go
-
-# Run against the configured Kubernetes cluster in ~/.kube/config
-run: generate fmt vet manifests
-	go run ./main.go
+##@ General
 
-# Install CRDs into a cluster
-install: manifests
-	kustomize build config/crd | kubectl apply -f -
+# The help target prints out all targets with their descriptions organized
+# beneath their categories. The categories are represented by '##@' and the
+# target descriptions by '##'. The awk commands is responsible for reading the
+# entire set of makefiles included in this invocation, looking for lines of the
+# file as xyz: ## something, and then pretty-format the target and help. Then,
+# if there's a line with ##@ something, that gets pretty-printed as a category.
+# More info on the usage of ANSI control characters for terminal formatting:
+# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters
+# More info on the awk command:
+# http://linuxcommand.org/lc3_adv_awk.php
 
-# Uninstall CRDs from a cluster
-uninstall: manifests
-	kustomize build config/crd | kubectl delete -f -
+.PHONY: help
+help: ## Display this help.
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
 
-# Deploy controller in the configured Kubernetes cluster in ~/.kube/config
-deploy: manifests
-	cd config/manager && kustomize edit set image controller=${IMG}
-	kustomize build config/default | kubectl apply -f -
+##@ Development
 
-force-deploy-manager: docker-build kind-load-image deploy
-	kubectl -n fqdnnetworkpolicies-system delete pod -l control-plane=controller-manager
+.PHONY: manifests
+manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
+	$(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
 
-# Generate manifests e.g. CRD, RBAC etc.
-manifests: controller-gen
-	$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
+.PHONY: generate
+generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
+	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
 
-# Run go fmt against code
-fmt:
+.PHONY: fmt
+fmt: ## Run go fmt against code.
 	go fmt ./...
 
-# Run go vet against code
-vet:
+.PHONY: vet
+vet: ## Run go vet against code.
 	go vet ./...
 
-# Generate code
-generate: controller-gen
-	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
+.PHONY: test
+test: manifests generate fmt vet envtest ## Run tests.
+	[ $(SKIP_TEST) == "true" ] || KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test ./... -coverprofile cover.out
 
-# Build the docker image
-docker-build: test
-	docker build . -t ${IMG}
+##@ Build
+
+.PHONY: build
+build: generate fmt vet ## Build manager binary.
+	go build -o bin/manager main.go
 
-# Push the docker image
-docker-push:
+.PHONY: run
+run: manifests generate fmt vet ## Run a controller from your host.
+	go run ./main.go
+
+.PHONY: docker-build
+docker-build: test ## Build docker image with the manager.
+	docker build -t ${IMG} .
+
+.PHONY: docker-push
+docker-push: ## Push docker image with the manager.
 	docker push ${IMG}
 
-# find or download controller-gen
-# download controller-gen if necessary
-controller-gen:
-ifeq (, $(shell which controller-gen))
-	@{ \
-	set -e ;\
-	CONTROLLER_GEN_TMP_DIR=$$(mktemp -d) ;\
-	cd $$CONTROLLER_GEN_TMP_DIR ;\
-	go mod init tmp ;\
-	go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.2.5 ;\
-	rm -rf $$CONTROLLER_GEN_TMP_DIR ;\
-	}
-CONTROLLER_GEN=$(GOBIN)/controller-gen
-else
-CONTROLLER_GEN=$(shell which controller-gen)
+##@ Deployment
+
+ifndef ignore-not-found
+  ignore-not-found = false
 endif
 
-kind-cluster:
+.PHONY: install
+install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
+	$(KUSTOMIZE) build config/crd | kubectl apply -f -
+
+.PHONY: uninstall
+uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
+	$(KUSTOMIZE) build config/crd | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
+
+.PHONY: deploy
+deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
+	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+	$(KUSTOMIZE) build config/default | kubectl apply -f -
+
+.PHONY: undeploy
+undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
+	$(KUSTOMIZE) build config/default | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
+
+##@ Build Dependencies
+
+## Location to install dependencies to
+LOCALBIN ?= $(shell pwd)/bin
+$(LOCALBIN):
+	mkdir -p $(LOCALBIN)
+
+## Tool Binaries
+KUSTOMIZE ?= $(LOCALBIN)/kustomize
+CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
+ENVTEST ?= $(LOCALBIN)/setup-envtest
+
+## Tool Versions
+KUSTOMIZE_VERSION ?= v3.8.7
+CONTROLLER_TOOLS_VERSION ?= v0.9.0
+
+KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
+.PHONY: kustomize
+kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
+$(KUSTOMIZE): $(LOCALBIN)
+	curl -s $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN)
+
+.PHONY: controller-gen
+controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary.
+$(CONTROLLER_GEN): $(LOCALBIN)
+	GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_TOOLS_VERSION)
+
+.PHONY: envtest
+envtest: $(ENVTEST) ## Download envtest-setup locally if necessary.
+$(ENVTEST): $(LOCALBIN)
+	GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
+
+.PHONY: kind-cluster
+kind-cluster: ## Create a cluster with kind.
 	kind create cluster --name fqdn-tests
 
-kind-load-image:
+.PHONY: kind-load-image
+kind-load-image: ## Load the manager image into the cluster.
 	kind load docker-image ${IMG} --name fqdn-tests
 
-deploy-cert-manager:
-	kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.1.0/cert-manager.yaml
-
-follow-manager-logs:
-	kubectl -n fqdnnetworkpolicies-system logs -l control-plane=controller-manager -c manager -f
+.PHONY: deploy-cert-manager
+deploy-cert-manager: ## Deploy cert-manager into the cluster.
+	kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.8.0/cert-manager.yaml
 
-latest:
-	test ! -z ${VERSION}
-	echo ${VERSION} > fqdnnetworkpolicies-latest
-	gsutil -h "Cache-Control: no-cache" cp fqdnnetworkpolicies-latest gs://fqdnnetworkpolicies-manifests/latest
-	rm fqdnnetworkpolicies-latest
+.PHONY: force-deploy-manager
+force-deploy-manager: docker-build kind-load-image deploy
+	kubectl -n fqdnnetworkpolicies-system delete pod -l control-plane=controller-manager

PROJECT

@@ -1,7 +1,20 @@
 domain: gke.io
+layout:
+- go.kubebuilder.io/v3
+projectName: gke-fqdnnetworkpolicies-golang
 repo: github.com/GoogleCloudPlatform/gke-fqdnnetworkpolicies-golang
 resources:
-- group: networking
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: gke.io
+  group: networking
   kind: FQDNNetworkPolicy
-  version: v1alpha2
-version: "2"
+  path: github.com/GoogleCloudPlatform/gke-fqdnnetworkpolicies-golang/api/v1alpha3
+  version: v1alpha3
+  webhooks:
+    defaulting: true
+    validation: true
+    webhookVersion: v1
+version: "3"

README.md

@@ -13,7 +13,7 @@ A FQDNNetworkPolicy looks a lot like a NetworkPolicy, but you can configure host
 in the "to" field:
 
 ```
-apiVersion: networking.gke.io/v1alpha2
+apiVersion: networking.gke.io/v1alpha3
 kind: FQDNNetworkPolicy
 metadata:
   name: example
@@ -136,6 +136,11 @@ Upgrading in place from the `v1alpha1` API (used in the 0.1 release) to the
 uninstall the controller, reinstall it, update your FQDNNetworkPolicies to the
 `v1alpha2` API and recreate them.
 
+In the same manner, upgrading in place from the `v1alpha2` API (used in the 0.2 release) to the
+`v1alpha3` (introduced in the 0.3 release) is not supported. You'll need to
+uninstall the controller, reinstall it, update your FQDNNetworkPolicies to the
+`v1alpha3` API and recreate them.
+
 ## Uninstall
 
 To uninstall the FQDNNetworkPolicies controller from your GKE cluster, delete the FQDNNetworkPolicies first,
@@ -159,7 +164,7 @@ You need the following tools installed on your development workstation.
 * kubectl
 * Kind
 * kustomize
-* kubebuilder (2.3.1, you may need to export the [KUBEBUILDER_ASSET variable](https://book.kubebuilder.io/quick-start.html))
+* kubebuilder (3.5.0, you may need to export the [KUBEBUILDER_ASSET variable](https://book.kubebuilder.io/quick-start.html))
 
 ### Building and running locally
 
@@ -187,8 +192,8 @@ You need the following tools installed on your development workstation.
    # In one terminal
    make follow-manager-logs
    # In another terminal
-   kubectl apply -f config/samples/networking_v1alpha2_fqdnnetworkpolicy_invalid.yaml
-   kubectl apply -f config/samples/networking_v1alpha2_fqdnnetworkpolicy_valid.yaml
+   kubectl apply -f config/samples/networking_v1alpha3_fqdnnetworkpolicy_invalid.yaml
+   kubectl apply -f config/samples/networking_v1alpha3_fqdnnetworkpolicy_valid.yaml
    ```
 
 1. Explore the Makefile for other available commands, and read the [kubebuilder book](https://book.kubebuilder.io/introduction.html).

api/v1alpha2/fqdnnetworkpolicy_testing.go → api/v1alpha3/fqdnnetworkpolicy_testing.go

@@ -1,19 +1,5 @@
-// Copyright 2021 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
 /*
-
+Copyright 2022 Google LLC.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -28,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package v1alpha2
+package v1alpha3
 
 import (
 	"io/ioutil"
@@ -59,26 +45,26 @@ func (r *FQDNNetworkPolicy) LoadResource(path string) *FQDNNetworkPolicy {
 
 // GetValidResource returns loads a valid FQDNNetworkPolicy for testing
 func (r *FQDNNetworkPolicy) GetValidResource() *FQDNNetworkPolicy {
-	return r.LoadResource("./config/samples/networking_v1alpha2_fqdnnetworkpolicy_valid.yaml")
+	return r.LoadResource("./config/samples/networking_v1alpha3_fqdnnetworkpolicy_valid.yaml")
 }
 
 // GetValidIngressResource returns loads a valid FQDNNetworkPolicy with an Ingress policy for testing
 func (r *FQDNNetworkPolicy) GetValidIngressResource() *FQDNNetworkPolicy {
-	return r.LoadResource("./config/samples/networking_v1alpha2_fqdnnetworkpolicy_valid_ingress.yaml")
+	return r.LoadResource("./config/samples/networking_v1alpha3_fqdnnetworkpolicy_valid_ingress.yaml")
 }
 
 func (r *FQDNNetworkPolicy) GetValidNoPortResource() *FQDNNetworkPolicy {
-	return r.LoadResource("./config/samples/networking_v1alpha2_fqdnnetworkpolicy_valid_noport.yaml")
+	return r.LoadResource("./config/samples/networking_v1alpha3_fqdnnetworkpolicy_valid_noport.yaml")
 }
 
 func (r *FQDNNetworkPolicy) GetValidNoProtocolResource() *FQDNNetworkPolicy {
-	return r.LoadResource("./config/samples/networking_v1alpha2_fqdnnetworkpolicy_valid_noprotocol.yaml")
+	return r.LoadResource("./config/samples/networking_v1alpha3_fqdnnetworkpolicy_valid_noprotocol.yaml")
 }
 
 func (r *FQDNNetworkPolicy) GetValidNonExistentFQDNResource() *FQDNNetworkPolicy {
-	return r.LoadResource("./config/samples/networking_v1alpha2_fqdnnetworkpolicy_valid_nonexistentfqdn.yaml")
+	return r.LoadResource("./config/samples/networking_v1alpha3_fqdnnetworkpolicy_valid_nonexistentfqdn.yaml")
 }
 
 func (r *FQDNNetworkPolicy) GetInvalidResource() *FQDNNetworkPolicy {
-	return r.LoadResource("./config/samples/networking_v1alpha2_fqdnnetworkpolicy_invalid.yaml")
+	return r.LoadResource("./config/samples/networking_v1alpha3_fqdnnetworkpolicy_invalid.yaml")
 }