create files for stepclusterissuer

32f66b86 · Christian Wolf · 778745db · 32f66b86 · 32f66b86 · 32f66b86
Commit 32f66b86 authored 3 years ago by Christian Wolf
--- a/PROJECT
+++ b/PROJECT
@@ -5,3 +5,7 @@ resources:
 - group: certmanager
  version: v1beta1
  kind: StepIssuer
+- group: certmanager
+  kind: StepClusterIssuer
+  version: v1beta1
--- a/api/v1beta1/stepclusterissuer_types.go
+++ b/api/v1beta1/stepclusterissuer_types.go
+/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package v1beta1
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+// StepClusterIssuerSpec defines the desired state of StepClusterIssuer
+type StepClusterIssuerSpec struct {
+	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+	// Foo is an example field of StepClusterIssuer. Edit StepClusterIssuer_types.go to remove/update
+	Foo string `json:"foo,omitempty"`
+}
+// StepClusterIssuerStatus defines the observed state of StepClusterIssuer
+type StepClusterIssuerStatus struct {
+	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+}
+// +kubebuilder:object:root=true
+// +kubebuilder:resource:scope=Cluster
+// StepClusterIssuer is the Schema for the stepclusterissuers API
+type StepClusterIssuer struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+	Spec   StepClusterIssuerSpec   `json:"spec,omitempty"`
+	Status StepClusterIssuerStatus `json:"status,omitempty"`
+}
+// +kubebuilder:object:root=true
+// StepClusterIssuerList contains a list of StepClusterIssuer
+type StepClusterIssuerList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []StepClusterIssuer `json:"items"`
+}
+func init() {
+	SchemeBuilder.Register(&StepClusterIssuer{}, &StepClusterIssuerList{})
+}
--- a/api/v1beta1/zz_generated.deepcopy.go
+++ b/api/v1beta1/zz_generated.deepcopy.go
@@ -38,6 +38,95 @@ func (in *SecretKeySelector) DeepCopy() *SecretKeySelector {
 	return out
 }
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *StepClusterIssuer) DeepCopyInto(out *StepClusterIssuer) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	out.Spec = in.Spec
+	out.Status = in.Status
+}
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StepClusterIssuer.
+func (in *StepClusterIssuer) DeepCopy() *StepClusterIssuer {
+	if in == nil {
+		return nil
+	}
+	out := new(StepClusterIssuer)
+	in.DeepCopyInto(out)
+	return out
+}
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *StepClusterIssuer) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *StepClusterIssuerList) DeepCopyInto(out *StepClusterIssuerList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]StepClusterIssuer, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StepClusterIssuerList.
+func (in *StepClusterIssuerList) DeepCopy() *StepClusterIssuerList {
+	if in == nil {
+		return nil
+	}
+	out := new(StepClusterIssuerList)
+	in.DeepCopyInto(out)
+	return out
+}
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *StepClusterIssuerList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *StepClusterIssuerSpec) DeepCopyInto(out *StepClusterIssuerSpec) {
+	*out = *in
+}
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StepClusterIssuerSpec.
+func (in *StepClusterIssuerSpec) DeepCopy() *StepClusterIssuerSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(StepClusterIssuerSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *StepClusterIssuerStatus) DeepCopyInto(out *StepClusterIssuerStatus) {
+	*out = *in
+}
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StepClusterIssuerStatus.
+func (in *StepClusterIssuerStatus) DeepCopy() *StepClusterIssuerStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(StepClusterIssuerStatus)
+	in.DeepCopyInto(out)
+	return out
+}
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *StepIssuer) DeepCopyInto(out *StepIssuer) {
 	*out = *in

--- a/config/crd/kustomization.yaml
+++ b/config/crd/kustomization.yaml
@@ -3,17 +3,20 @@
 # It should be run by config/default
 resources:
 - bases/certmanager.step.sm_stepissuers.yaml
+- bases/certmanager.step.sm_stepclusterissuers.yaml
 # +kubebuilder:scaffold:crdkustomizeresource
 patchesStrategicMerge:
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
 # patches here are for enabling the conversion webhook for each CRD
 #- patches/webhook_in_stepissuers.yaml
+#- patches/webhook_in_stepclusterissuers.yaml
 # +kubebuilder:scaffold:crdkustomizewebhookpatch
 # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
 # patches here are for enabling the CA injection for each CRD
 #- patches/cainjection_in_stepissuers.yaml
+#- patches/cainjection_in_stepclusterissuers.yaml
 # +kubebuilder:scaffold:crdkustomizecainjectionpatch
 # the following config is for teaching kustomize how to do kustomization for CRDs.

--- a/config/crd/patches/cainjection_in_stepclusterissuers.yaml
+++ b/config/crd/patches/cainjection_in_stepclusterissuers.yaml
+# The following patch adds a directive for certmanager to inject CA into the CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: stepclusterissuers.certmanager.step.sm
--- a/config/crd/patches/webhook_in_stepclusterissuers.yaml
+++ b/config/crd/patches/webhook_in_stepclusterissuers.yaml
+# The following patch enables conversion webhook for CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: stepclusterissuers.certmanager.step.sm
+spec:
+  conversion:
+    strategy: Webhook
+    webhookClientConfig:
+      # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
+      # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
+      caBundle: Cg==
+      service:
+        namespace: system
+        name: webhook-service
+        path: /convert
--- a/config/rbac/stepclusterissuer_editor_role.yaml
+++ b/config/rbac/stepclusterissuer_editor_role.yaml
+# permissions for end users to edit stepclusterissuers.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: stepclusterissuer-editor-role
+rules:
+- apiGroups:
+  - certmanager.step.sm
+  resources:
+  - stepclusterissuers
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - certmanager.step.sm
+  resources:
+  - stepclusterissuers/status
+  verbs:
+  - get
--- a/config/rbac/stepclusterissuer_viewer_role.yaml
+++ b/config/rbac/stepclusterissuer_viewer_role.yaml
+# permissions for end users to view stepclusterissuers.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: stepclusterissuer-viewer-role
+rules:
+- apiGroups:
+  - certmanager.step.sm
+  resources:
+  - stepclusterissuers
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - certmanager.step.sm
+  resources:
+  - stepclusterissuers/status
+  verbs:
+  - get
--- a/config/samples/certmanager_v1beta1_stepclusterissuer.yaml
+++ b/config/samples/certmanager_v1beta1_stepclusterissuer.yaml
+apiVersion: certmanager.step.sm/v1beta1
+kind: StepClusterIssuer
+metadata:
+  name: stepclusterissuer-sample
+spec:
+  # Add fields here
+  foo: bar
--- a/controllers/stepclusterissuer_controller.go
+++ b/controllers/stepclusterissuer_controller.go
+/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package controllers
+import (
+	"context"
+	"github.com/go-logr/logr"
+	"k8s.io/apimachinery/pkg/runtime"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	certmanagerv1beta1 "github.com/smallstep/step-issuer/api/v1beta1"
+)
+// StepClusterIssuerReconciler reconciles a StepClusterIssuer object
+type StepClusterIssuerReconciler struct {
+	client.Client
+	Log    logr.Logger
+	Scheme *runtime.Scheme
+}
+// +kubebuilder:rbac:groups=certmanager.step.sm,resources=stepclusterissuers,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=certmanager.step.sm,resources=stepclusterissuers/status,verbs=get;update;patch
+func (r *StepClusterIssuerReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
+	_ = context.Background()
+	_ = r.Log.WithValues("stepclusterissuer", req.NamespacedName)
+	// your logic here
+	return ctrl.Result{}, nil
+}
+func (r *StepClusterIssuerReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	return ctrl.NewControllerManagedBy(mgr).
+		For(&certmanagerv1beta1.StepClusterIssuer{}).
+		Complete(r)
+}
--- a/controllers/suite_test.go
+++ b/controllers/suite_test.go
@@ -30,7 +30,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/envtest"
 	"sigs.k8s.io/controller-runtime/pkg/envtest/printer"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
-	"sigs.k8s.io/controller-runtime/pkg/log/zap"
+	"sigs.k8s.io/controller-runtime/pkg/log/zap"	
 	// +kubebuilder:scaffold:imports
 )

--- a/main.go
+++ b/main.go
@@ -99,6 +99,14 @@ func main() {
 		os.Exit(1)
 	}
+	if err = (&controllers.StepClusterIssuerReconciler{
+		Client: mgr.GetClient(),
+		Log:    ctrl.Log.WithName("controllers").WithName("StepClusterIssuer"),
+		Scheme: mgr.GetScheme(),
+	}).SetupWithManager(mgr); err != nil {
+		setupLog.Error(err, "unable to create controller", "controller", "StepClusterIssuer")
+		os.Exit(1)
+	}
 	// +kubebuilder:scaffold:builder
 	setupLog.Info("starting manager")