Sync/initial

Dockerfile

@@ -0,0 +1,69 @@
+# Build the manager binary
+FROM golang:1.22.1-alpine as builder
+ARG TARGETOS
+ARG TARGETARCH
+
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# Copy the go source
+COPY main.go main.go
+COPY api api/
+COPY controllers controllers/
+
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+RUN GO111MODULE=on go get github.com/mikefarah/yq/v3
+RUN apk add curl
+
+ARG TAG_default_tag=from_dockerfile
+
+# Build
+# the GOARCH has not a default value to allow the binary be built according to the host where the command
+# was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO
+# the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore,
+# by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
+RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -ldflags="-X 'main.buildVersion=${TAG_default_tag}'" -a -o manager main.go
+
+
+ENV VERSION_SERVICEBINDING=0.4.0
+ENV VERSION_KPACK=0.13.4
+ENV VERSION_CERT_MANAGER=1.14.6
+ENV VERSION_GATEWAY_API=1.1.0
+ENV VERSION_TWUNI=2.2.3
+ENV VERSION_KORIFI=0.12.0
+
+
+WORKDIR /workspace/module-data/servicebinding
+RUN curl -O https://github.com/servicebinding/runtime/releases/download/v$VERSION_SERVICEBINDING/servicebinding-runtime-v$VERSION_SERVICEBINDING.yaml
+RUN curl -O https://github.com/servicebinding/runtime/releases/download/v$VERSION_SERVICEBINDING/servicebinding-workloadresourcemappings-v$VERSION_SERVICEBINDING.yaml 
+
+WORKDIR /workspace/module-data/kpack
+RUN curl -O https://github.com/buildpacks-community/kpack/releases/download/v$VERSION_KPACK/release-$VERSION_KPACK.yaml
+
+WORKDIR /workspace/module-data/cert-manager
+RUN curl -O https://github.com/cert-manager/cert-manager/releases/download/v$VERSION_CERT_MANAGER/cert-manager.yaml
+
+WORKDIR /workspace/module-data/gateway-api
+RUN curl -O https://github.com/kubernetes-sigs/gateway-api/releases/download/v$VERSION_GATEWAY_API/experimental-install.yaml
+
+WORKDIR /workspace/module-data/twuni-helm
+RUN curl -L -O https://github.com/twuni/docker-registry.helm/archive/refs/tags/v$VERSION_TWUNI.tar.gz
+
+#Some day we are going to use the OSS Korifi project
+#WORKDIR /workspace/module-data/korifi
+#RUN curl -L -O https://github.com/cloudfoundry/korifi/releases/download/v$VERSION_KORIFI/korifi-$VERSION_KORIFI.tgz
+
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM gcr.io/distroless/static:nonroot
+WORKDIR /
+COPY --from=builder /workspace/manager .
+COPY --from=builder --chown=65532:65532  /workspace/module-data module-data/
+COPY --chown=65532:65532 module-data module-data/ 
+USER 65532:65532
+
+ENTRYPOINT ["/manager"]

Makefile

@@ -0,0 +1,241 @@
+# Image URL to use all building/pushing image targets
+#IMG ?= controller:latest
+VERSION ?= 0.0.0
+#IMG ?= trinity.common.repositories.cloud.sap/kyma-module/cfapi-controller-$(VERSION)
+REGISTRY = ghcr.io
+IMG ?= kyma-project/cfapi/cfapi-controller-$(VERSION)
+
+# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
+ENVTEST_K8S_VERSION = 1.24.1
+
+# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
+ifeq (,$(shell go env GOBIN))
+GOBIN=$(shell go env GOPATH)/bin
+else
+GOBIN=$(shell go env GOBIN)
+endif
+
+# Credentials used for authenticating into the module registry
+# see `kyma alpha mod create --help for more info`
+
+# This will change the flags of the `kyma alpha module create` command in case we spot credentials
+# Otherwise we will assume http-based local registries without authentication (e.g. for k3d)
+ifneq (,$(PROW_JOB_ID))
+GCP_ACCESS_TOKEN=$(shell gcloud auth application-default print-access-token)
+MODULE_CREATION_FLAGS=--registry $(MODULE_REGISTRY) --module-archive-version-overwrite -c oauth2accesstoken:$(GCP_ACCESS_TOKEN)
+else ifeq (,$(MODULE_CREDENTIALS))
+# when built locally we should not include security content.
+MODULE_CREATION_FLAGS=--registry $(MODULE_REGISTRY) --module-archive-version-overwrite --insecure --sec-scanners-config=sec-scanners-config-local.yaml
+else
+MODULE_CREATION_FLAGS=--registry $(MODULE_REGISTRY) --module-archive-version-overwrite -c $(MODULE_CREDENTIALS)
+endif
+
+# Setting SHELL to bash allows bash commands to be executed by recipes.
+# This is a requirement for 'setup-envtest.sh' in the test target.
+# Options are set to exit when a recipe line exits non-zero or a piped command fails.
+SHELL = /usr/bin/env bash -o pipefail
+.SHELLFLAGS = -ec
+
+.PHONY: all
+all: build
+
+##@ General
+
+# The help target prints out all targets with their descriptions organized
+# beneath their categories. The categories are represented by '##@' and the
+# target descriptions by '##'. The awk commands is responsible for reading the
+# entire set of makefiles included in this invocation, looking for lines of the
+# file as xyz: ## something, and then pretty-format the target and help. Then,
+# if there's a line with ##@ something, that gets pretty-printed as a category.
+# More info on the usage of ANSI control characters for terminal formatting:
+# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters
+# More info on the awk command:
+# http://linuxcommand.org/lc3_adv_awk.php
+
+.PHONY: help
+help: ## Display this help.
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
+
+##@ Development
+
+.PHONY: manifests
+manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
+	$(CONTROLLER_GEN) crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
+
+.PHONY: generate
+generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
+	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
+
+.PHONY: test
+test: manifests generate fmt vet envtest ## Run tests.
+	ACK_GINKGO_DEPRECATIONS=1.16.5 KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test ./... -coverprofile cover.out
+
+##@ Build
+
+.PHONY: build
+build: generate fmt vet lint ## Build manager binary.
+	go build -o bin/manager main.go
+
+.PHONY: run
+run: manifests generate fmt vet ## Run a controller from your host.
+	go run ./main.go
+
+.PHONY: docker-build
+docker-build: ## Build docker image with the manager.
+	docker build -t ${REGISTRY}/${IMG} --build-arg TARGETARCH=amd64 .
+
+.PHONY: docker-push
+docker-push: ## Push docker image with the manager.
+ifneq (,$(GCR_DOCKER_PASSWORD))
+	docker login $(IMG_REGISTRY) -u oauth2accesstoken --password $(GCR_DOCKER_PASSWORD)
+endif
+	docker push ${REGISTRY}/${IMG}
+
+##@ Release
+.PHONY: release
+release: manifests kustomize
+	rm -rf release-$(VERSION)
+	mkdir -p release-$(VERSION)
+	cp default-cr.yaml release-$(VERSION)/cfapi-default-cr.yaml
+	$(KUSTOMIZE) build config/crd > release-$(VERSION)/cfapi-crd.yaml
+	pushd config/manager && $(KUSTOMIZE) edit set image controller=${REGISRRY}/${IMG} && popd
+	$(KUSTOMIZE) build config/default > release-$(VERSION)/cfapi-manager.yaml
+
+##@ Deployment
+
+ifndef ignore-not-found
+  ignore-not-found = false
+endif
+
+.PHONY: provision
+provision: kyma
+	${KYMA} provision --ci k3d
+	kubectl create namespace cfapi-system
+
+.PHONY: install-istio
+install-istio: system-namespace
+	kubectl label namespace cfapi-system istio-injection=enabled --overwrite
+	kubectl apply -f https://github.com/kyma-project/istio/releases/latest/download/istio-manager.yaml
+	kubectl apply -f module-data/istio/istio-default-cr.yaml
+
+.PHONY: install-istio-experimental
+install-istio-experimental: system-namespace
+	kubectl label namespace cfapi-system istio-injection=enabled --overwrite
+	kubectl apply -f https://github.com/kyma-project/istio/releases/latest/download/istio-manager-experimental.yaml
+	kubectl apply -f module-data/istio/istio-default-cr-experimental.yaml
+
+
+.PHONY: install
+install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
+	$(KUSTOMIZE) build config/crd | kubectl apply -f -
+
+.PHONY: uninstall
+uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
+	$(KUSTOMIZE) build config/crd | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
+
+.PHONY: system-namespace
+system-namespace: 
+	kubectl create namespace cfapi-system --dry-run=client -o yaml | kubectl apply -f -
+
+.PHONY: deploy
+deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
+	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+	$(KUSTOMIZE) build config/default | kubectl apply -f -
+
+.PHONY: deploy-cr
+deploy-cr: manifests
+	kubectl apply -f default-cr.yaml
+
+.PHONY: undeploy
+undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
+	$(KUSTOMIZE) build config/default | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
+
+##@ Tools
+
+## Location to install dependencies to
+LOCALBIN ?= $(shell pwd)/bin
+$(LOCALBIN):
+	mkdir -p $(LOCALBIN)
+
+########## Kustomize ###########
+KUSTOMIZE ?= $(LOCALBIN)/kustomize
+KUSTOMIZE_VERSION ?= v5.3.0
+.PHONY: kustomize
+kustomize: $(KUSTOMIZE) ## Download & Build kustomize locally if necessary.
+$(KUSTOMIZE): $(LOCALBIN)
+	GOBIN=$(LOCALBIN) go install sigs.k8s.io/kustomize/kustomize/v5@$(KUSTOMIZE_VERSION)
+
+########## controller-gen ###########
+CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
+CONTROLLER_TOOLS_VERSION ?= v0.14.0
+.PHONY: controller-gen
+controller-gen: $(CONTROLLER_GEN) ## Download & Build controller-gen locally if necessary.
+$(CONTROLLER_GEN): $(LOCALBIN)
+	GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_TOOLS_VERSION)
+
+########## envtest ###########
+ENVTEST ?= $(LOCALBIN)/setup-envtest
+.PHONY: envtest
+envtest: $(ENVTEST) ## Download & Build envtest-setup locally if necessary.
+$(ENVTEST): $(LOCALBIN)
+	GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
+
+##@ Checks
+
+########## static code checks ###########
+.PHONY: fmt
+fmt: ## Run go fmt against code.
+	go fmt ./...
+
+.PHONY: vet
+vet: ## Run go vet against code.
+	go vet ./...
+
+GOLANG_CI_LINT = $(LOCALBIN)/golangci-lint
+GOLANG_CI_LINT_VERSION ?= v1.56.2
+.PHONY: lint
+lint: ## Download & Build & Run golangci-lint against code.
+	GOBIN=$(LOCALBIN) go install github.com/golangci/golangci-lint/cmd/golangci-lint@$(GOLANG_CI_LINT_VERSION)
+	$(LOCALBIN)/golangci-lint run
+
+.PHONY: configure-git-origin
+configure-git-origin:
+	@git remote | grep '^origin$$' -q || \
+		git remote add origin https://github.com/kyma-project/template-operator
+
+.PHONY: build-manifests
+build-manifests: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
+	$(KUSTOMIZE) build config/default > template-operator.yaml
+
+DEFAULT_CR ?= $(shell pwd)/config/samples/default-sample-cr.yaml
+.PHONY: build-module
+build-module: kyma build-manifests configure-git-origin ## Build the Module and push it to a registry defined in MODULE_REGISTRY
+	#################################################################
+	## Building module with:
+	# - image: ${IMG}
+	# - channel: ${MODULE_CHANNEL}
+	# - name: kyma-project.io/module/$(MODULE_NAME)
+	# - version: $(MODULE_VERSION)
+	echo "running alpha create"
+	@$(KYMA) alpha create module --path . --output=module-template.yaml --module-config-file=module-config.yaml $(MODULE_CREATION_FLAGS)
+
+########## Kyma CLI ###########
+KYMA_STABILITY ?= unstable
+
+# $(call os_error, os-type, os-architecture)
+define os_error
+$(error Error: unsuported platform OS_TYPE:$1, OS_ARCH:$2; to mitigate this problem set variable KYMA with absolute path to kyma-cli binary compatible with your operating system and architecture)
+endef
+
+KYMA_FILE_NAME ?= $(shell ./scripts/local/get_kyma_file_name.sh)
+KYMA ?= $(LOCALBIN)/kyma-$(KYMA_STABILITY)
+
+.PHONY: kyma
+kyma: $(LOCALBIN) $(KYMA) ## Download kyma CLI locally if necessary.
+$(KYMA):
+	#################################################################
+	$(if $(KYMA_FILE_NAME),,$(call os_error, ${OS_TYPE}, ${OS_ARCH}))
+	## Downloading Kyma CLI: https://storage.googleapis.com/kyma-cli-$(KYMA_STABILITY)/$(KYMA_FILE_NAME)
+	test -f $@ || curl -s -Lo $(KYMA) https://storage.googleapis.com/kyma-cli-$(KYMA_STABILITY)/$(KYMA_FILE_NAME)
+	chmod 0100 $(KYMA)
+	${KYMA} version -c

RELEASE.md

@@ -0,0 +1,10 @@
+# RELEASE version 0.0.4
+
+# Prerequisites
+* UAA set as OIDC provider
+* A dockerregistry secret with name cfapi-system-registry with credentials to artifactory project trinity
+
+# In this release 
+* API servicebinding.io installed
+* CR OpenIDConnect installed in case CRD is found
+* Istio experimental Gateway API supported

api/go.mod

@@ -0,0 +1,22 @@
+module github.com/kyma-project/template-operator/api
+
+go 1.22.1
+
+require k8s.io/apimachinery v0.28.3
+
+require (
+	github.com/go-logr/logr v1.2.4 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	golang.org/x/net v0.17.0 // indirect
+	golang.org/x/text v0.13.0 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	k8s.io/klog/v2 v2.100.1 // indirect
+	k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
+)