Merge branch 'master' into jtyr-fromsec

.github/workflows/release.yml

@@ -1,32 +1,61 @@
-# This is a basic workflow to help you get started with Actions
-
 name: Release
 
-# Controls when the action will run. Triggers the workflow on push or pull request
-# events but only for the master branch
 on:
  push:
  tags:
- - v*.*.*
+ - "v[0-9]+.[0-9]+.[0-9]+*"
+
+permissions:
+ contents: write
+
+env:
+ KUBEBUILDER_VERSION: 3.3.0
 
 jobs:
- release:
+ go-version:
  runs-on: ubuntu-latest
+ outputs:
+ version: ${{ steps.go-version.outputs.version }}
  steps:
- - uses: actions/checkout@v2
- - name: Set up Go
- uses: actions/setup-go@v1
- with:
- go-version: 1.16.9
- - name: Install kubebuilder
- run: |
- curl -L https://github.com/kubernetes-sigs/kubebuilder/releases/download/v2.3.1/kubebuilder_2.3.1_linux_amd64.tar.gz -o /tmp/kb.tgz
- tar zxf /tmp/kb.tgz -C /tmp/
- - name: Run GoReleaser
- uses: goreleaser/[email protected]
- with:
- args: release --skip-sign
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- KUBEBUILDER_ASSETS: /tmp/kubebuilder_2.3.1_linux_amd64/bin/
-
+ - uses: actions/checkout@v2
+ - id: go-version
+ run: echo "::set-output name=version::$(cat ./.go-version)"
+ release-github:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v3
+ with:
+ fetch-depth: 0
+ - name: Set up Go
+ uses: actions/setup-go@v3
+ with:
+ go-version: "${{ needs.go-version.outputs.version }}"
+ - name: Install kubebuilder
+ run: |
+ curl -L https://github.com/kubernetes-sigs/kubebuilder/releases/download/v${{ env.KUBEBUILDER_VERSION }}/kubebuilder_${{ env.KUBEBUILDER_VERSION }}_linux_amd64.tar.gz -o /tmp/kb.tgz
+ tar zxf /tmp/kb.tgz -C /tmp/
+ - name: Run GoReleaser
+ uses: goreleaser/[email protected]
+ if: startsWith(github.ref, 'refs/tags/')
+ with:
+ args: release --skip-sign
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ KUBEBUILDER_ASSETS: /tmp/kubebuilder_${{ env.KUBEBUILDER_VERSION }}_linux_amd64/bin/
+ release-docker-hub:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Login to DockerHub
+ uses: docker/login-action@v2
+ with:
+ username: ${{ secrets.DOCKERHUB_USERNAME }}
+ password: ${{ secrets.DOCKERHUB_TOKEN }}
+ - name: Build and push
+ uses: docker/build-push-action@v3
+ if: startsWith(github.ref, 'refs/tags/')
+ with:
+ push: false
+ tags: hashicorp/terraform-k8s:${{ github.ref_name }}
+ secrets: |
+ GIT_AUTH_TOKEN=${{ secrets.GITHUB_TOKEN }}

.go-version

@@ -1 +1 @@
-1.15.2
+1.18.3

Dockerfile

@@ -1,5 +1,5 @@
 # Build the terraform-k8s binary
-FROM golang:1.15-alpine as builder
+FROM golang:1.18-alpine as builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests
@@ -15,7 +15,7 @@ COPY . .
 # Build
 RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o terraform-k8s main.go
 
-FROM alpine:3.15.0
+FROM alpine:3.16.0
 WORKDIR /
 COPY --from=builder /workspace/terraform-k8s /bin/terraform-k8s
 USER nobody:nobody

Makefile

@@ -1,79 +1,129 @@
 
 # Image URL to use all building/pushing image targets
 IMG ?= terraform-k8s:latest
-# Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
-CRD_OPTIONS ?= "crd:trivialVersions=true"
+# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
+ENVTEST_K8S_VERSION = 1.23
 
-KUSTOMIZE=$(shell which kustomize)
-ifeq ($(.SHELLSTATUS),1)
- $(error "kustomize not found. Please follow the instructions here to install it: https://kubectl.docs.kubernetes.io/installation/kustomize/")
-endif
-CONTROLLER_GEN=$(shell which controller-gen)
-ifeq ($(.SHELLSTATUS),1)
- $(error "controller-gen not found. Please install by running: go get sigs.k8s.io/controller-tools/cmd/[email protected]")
-endif
-KUBEBUILDER=$(shell which kubebuilder)
-ifeq ($(.SHELLSTATUS),1)
- $(error "Kubebuilder and related assets such as the etcd binary could not be found in PATH. Please install kubebuilder as explained here: https://book.kubebuilder.io/quick-start.html#installation")
-endif
-export KUBEBUILDER_ASSETS ?= $(dir $(KUBEBUILDER))
-
-GOOS=$(shell go env GOOS)
-GOARCH=$(shell go env GOARCH)
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
 GOBIN=$(shell go env GOPATH)/bin
 else
 GOBIN=$(shell go env GOBIN)
 endif
 
-all: test deploy
+# Setting SHELL to bash allows bash commands to be executed by recipes.
+# This is a requirement for 'setup-envtest.sh' in the test target.
+# Options are set to exit when a recipe line exits non-zero or a piped command fails.
+SHELL = /usr/bin/env bash -o pipefail
+.SHELLFLAGS = -ec
 
-# Run tests
-test: generate fmt vet manifests
- go test ./... -coverprofile cover.out
+.PHONY: all
+all: build
 
-# Build manager binary
-manager: generate fmt vet
- go build -o bin/terraform-k8s main.go
+##@ General
 
-# Run against the configured Kubernetes cluster in ~/.kube/config
-run: generate fmt vet manifests
- go run ./main.go
+# The help target prints out all targets with their descriptions organized
+# beneath their categories. The categories are represented by '##@' and the
+# target descriptions by '##'. The awk commands is responsible for reading the
+# entire set of makefiles included in this invocation, looking for lines of the
+# file as xyz: ## something, and then pretty-format the target and help. Then,
+# if there's a line with ##@ something, that gets pretty-printed as a category.
+# More info on the usage of ANSI control characters for terminal formatting:
+# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters
+# More info on the awk command:
+# https://linuxcommand.org/lc3_adv_awk.php
 
-# Install CRDs into a cluster
-install: manifests
- $(KUSTOMIZE) build config/crd | kubectl apply -f -
+.PHONY: help
+help: ## Display this help.
+ @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
 
-# Uninstall CRDs from a cluster
-uninstall: manifests
- $(KUSTOMIZE) build config/crd | kubectl delete -f -
+##@ Development
 
-# Deploy controller in the configured Kubernetes cluster in ~/.kube/config
-deploy: manifests
- cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
- $(KUSTOMIZE) build config/default | kubectl apply -f -
+.PHONY: manifests
+manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
+ $(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
 
-# Generate manifests e.g. CRD, RBAC etc.
-manifests:
- $(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=terraform-k8s webhook paths="./..." output:crd:artifacts:config=config/crd/bases
+.PHONY: generate
+generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
+ $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
 
-# Run go fmt against code
-fmt:
+.PHONY: fmt
+fmt: ## Run go fmt against code.
  go fmt ./...
 
-# Run go vet against code
-vet:
+.PHONY: vet
+vet: ## Run go vet against code.
  go vet ./...
 
-# Generate code
-generate:
- $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."
+.PHONY: test
+test: manifests generate fmt vet envtest ## Run tests.
+ KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test ./... -coverprofile cover.out
+
+##@ Build
+
+.PHONY: build
+build: generate fmt vet ## Build manager binary.
+ go build -o bin/manager main.go
 
-# Build the docker image
-docker-build: test
- docker build . -t ${IMG}
+.PHONY: run
+run: manifests generate fmt vet ## Run a controller from your host.
+ go run ./main.go
+
+.PHONY: docker-build
+docker-build: test ## Build docker image with the manager.
+ docker build -t ${IMG} .
 
-# Push the docker image
-docker-push:
+.PHONY: docker-push
+docker-push: ## Push docker image with the manager.
  docker push ${IMG}
+
+##@ Deployment
+
+ifndef ignore-not-found
+ ignore-not-found = false
+endif
+
+.PHONY: install
+install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
+ $(KUSTOMIZE) build config/crd | kubectl apply -f -
+
+.PHONY: uninstall
+uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
+ $(KUSTOMIZE) build config/crd | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
+
+.PHONY: deploy
+deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
+ cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+ $(KUSTOMIZE) build config/default | kubectl apply -f -
+
+.PHONY: undeploy
+undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
+ $(KUSTOMIZE) build config/default | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
+
+CONTROLLER_GEN = $(shell pwd)/bin/controller-gen
+.PHONY: controller-gen
+controller-gen: ## Download controller-gen locally if necessary.
+ $(call go-get-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/[email protected])
+
+KUSTOMIZE = $(shell pwd)/bin/kustomize
+.PHONY: kustomize
+kustomize: ## Download kustomize locally if necessary.
+ $(call go-get-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/[email protected])
+
+ENVTEST = $(shell pwd)/bin/setup-envtest
+.PHONY: envtest
+envtest: ## Download envtest-setup locally if necessary.
+ $(call go-get-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest@latest)
+
+# go-get-tool will 'go get' any package $2 and install it to $1.
+PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST))))
+define go-get-tool
+@[ -f $(1) ] || { \
+set -e ;\
+TMP_DIR=$$(mktemp -d) ;\
+cd $$TMP_DIR ;\
+echo "Downloading $(2)" ;\
+GOBIN=$(PROJECT_DIR)/bin go install $(2) ;\
+rm -rf $$TMP_DIR ;\
+}
+endef

README.md

@@ -263,16 +263,6 @@ $ kubectl apply -n $NAMESPACE -f workspace.yml
 
 ### Delete a Workspace
 
-In order for workspace destruction to work automatically, you must set the `CONFIRM_DESTROY` environment variable in the Terraform Cloud workspace. When you delete the Workspace CustomResource, the operator will attempt to destroy the workspace. As a secondary check, you must deploy the operator with this environment variable defined in the `variables` section if you would like to destroy the workspace in Terraform Cloud.
-
-```yaml
-variables:
- - key: CONFIRM_DESTROY
- value: "1"
- sensitive: false
- environmentVariable: true
-```
-
 When deleting the Workspace CustomResource, the command line will wait for a few moments.
 
 ```shell

api/v1alpha1/workspace_types.go

@@ -168,6 +168,8 @@ type WorkspaceStatus struct {
 // +k8s:openapi-gen=true
 // +kubebuilder:subresource:status
 // +kubebuilder:resource:path=workspaces,scope=Namespaced
+// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp"
+// +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.runStatus`
 type Workspace struct {
  metav1.TypeMeta `json:",inline"`
  metav1.ObjectMeta `json:"metadata,omitempty"`