Merge pull request #36 from linki/operator-sdk-v0.10.0

Update codebase to operator-sdk v0.10.0
linki · Sep 18, 2019 · f6fb410 · f6fb410
2 parents ef6d8fa + f998290
commit f6fb410
Show file tree

Hide file tree

Showing 35 changed files with 1,809 additions and 737 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,20 +1,77 @@
+# Temporary Build Files
+build/_output
+build/_test
+# Created by https://www.gitignore.io/api/go,vim,emacs,visualstudiocode
+### Emacs ###
+# -*- mode: gitignore; -*-
+*~
+\#*\#
+/.emacs.desktop
+/.emacs.desktop.lock
+*.elc
+auto-save-list
+tramp
+.\#*
+# Org-mode
+.org-id-locations
+*_archive
+# flymake-mode
+*_flymake.*
+# eshell files
+/eshell/history
+/eshell/lastdir
+# elpa packages
+/elpa/
+# reftex files
+*.rel
+# AUCTeX auto folder
+/auto/
+# cask packages
+.cask/
+dist/
+# Flycheck
+flycheck_*.el
+# server auth directory
+/server/
+# projectiles files
+.projectile
+projectile-bookmarks.eld
+# directory configuration
+.dir-locals.el
+# saveplace
+places
+# url cache
+url/cache/
+# cedet
+ede-projects.el
+# smex
+smex-items
+# company-statistics
+company-statistics-cache.el
+# anaconda-mode
+anaconda-mode/
+### Go ###
 # Binaries for programs and plugins
 *.exe
+*.exe~
 *.dll
 *.so
 *.dylib
-
-# Test binary, build with `go test -c`
+# Test binary, build with 'go test -c'
 *.test
-
 # Output of the go coverage tool, specifically when used with LiteIDE
 *.out
-
-# Ignore vendored Go libraries
-vendor/
-
-# Ignore build artifacts
-tmp/_output/
-
-# Editor related files to ignore
-.idea/
+### Vim ###
+# swap
+.sw[a-p]
+.*.sw[a-p]
+# session
+Session.vim
+# temporary
+.netrwhist
+# auto-generated tag files
+tags
+### VisualStudioCode ###
+.vscode/*
+.history
+# End of https://www.gitignore.io/api/go,vim,emacs,visualstudiocode
diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
 # builder image
-FROM golang:1.12-alpine3.9 as builder
+FROM golang:1.13-alpine3.10 as builder
 
 ENV CGO_ENABLED 0
 ENV GO111MODULE on

diff --git a/README.md b/README.md
@@ -290,13 +290,12 @@ Check your CloudFormation console once more and validate that your stack as well
 
 Argument | Environment variable | Default value | Description
 ---------|----------------------|---------------|------------
-assume-role | AWS_ASSUME_ROLE | | Assume AWS role when defined. Useful for stacks in another AWS account. Specify the full ARN, e.g. `arn:aws:iam::123456789:role/cloudformation-operator`
-capability | AWS_CAPABILITIES | | Enable specified capabilities for all stacks managed by the operator instance. Current parameter can be used multiple times. For example: `--capability CAPABILITY_NAMED_IAM --capability CAPABILITY_IAM`. Or with a line break when specifying as an environment variable: `AWS_CAPABILITIES=CAPABILITY_IAM$'\n'CAPABILITY_NAMED_IAM`
-debug | DEBUG | | Enable debug logging.
-dry-run | DRY_RUN | | If true, don't actually do anything.
-tag ... | AWS_TAGS | | Default tags which should be applied for all stacks. The format is `--tag=foo=bar --tag=wambo=baz` on the command line or with a line break when specifying as an env var. (e.g. in zsh: `AWS_TAGS="foo=bar"$'\n'"wambo=baz"`)
+assume-role | | | Assume AWS role when defined. Useful for stacks in another AWS account. Specify the full ARN, e.g. `arn:aws:iam::123456789:role/cloudformation-operator`
+capability | | | Enable specified capabilities for all stacks managed by the operator instance. Current parameter can be used multiple times. For example: `--capability CAPABILITY_NAMED_IAM --capability CAPABILITY_IAM`. Or with a line break when specifying as an environment variable: `AWS_CAPABILITIES=CAPABILITY_IAM$'\n'CAPABILITY_NAMED_IAM`
+dry-run | | | If true, don't actually do anything.
+tag ... | | | Default tags which should be applied for all stacks. The format is `--tag=foo=bar --tag=wambo=baz` on the command line or with a line break when specifying as an env var. (e.g. in zsh: `AWS_TAGS="foo=bar"$'\n'"wambo=baz"`)
 namespace | WATCH_NAMESPACE | default | The Kubernetes namespace to watch
-region | AWS_REGION | | The AWS region to use
+region | | | The AWS region to use
 
 # Cleanup
 
@@ -314,26 +313,24 @@ $ kubectl delete -f deploy/operator.yaml
 This project uses the [operator sdk](https://github.com/operator-framework/operator-sdk).
 
 ```console
-$ dep ensure -vendor-only
-$ go build -o ./tmp/_output/bin/cloudformation-operator ./cmd/cloudformation-operator
-$ KUBERNETES_CONFIG=~/.kube/config ./tmp/_output/bin/cloudformation-operator --region eu-central-1
-$ # if you're using the operator-sdk helper use env vars to configure the flags.
-$ AWS_REGION=eu-central-1 operator-sdk up local
+$ go build -o ./tmp/_output/bin/cloudformation-operator ./cmd/manager
+  $ WATCH_NAMESPACE=default KUBERNETES_CONFIG=~/.kube/config ./tmp/_output/bin/cloudformation-operator --region eu-central-1
+$ # if you're using the operator-sdk helper use `operator-flags` to configure the flags.
+$ operator-sdk up local --operator-flags="--region=eu-central-1"
 ```
 
 ## Build the docker image
 
 ```console
-$ operator-sdk build quay.io/linki/cloudformation-operator:v0.4.0
-$ docker push quay.io/linki/cloudformation-operator:v0.4.0
+$ operator-sdk build quay.io/linki/cloudformation-operator:v0.6.0
+$ docker push quay.io/linki/cloudformation-operator:v0.6.0
 $ # or use the previously used Dockerfile (not the one from operator-sdk)
-$ docker build -t quay.io/linki/cloudformation-operator:v0.4.0 .
+$ docker build -t quay.io/linki/cloudformation-operator:v0.6.0 .
 ```
 
 ## Test it locally
 
-The `operator-sdk` doesn't allow to pass in flags, so instead use the environment variables
-`WATCH_NAMESPACE`, `AWS_REGION` (and/or `AWS_PROFILE`), `DRY_RUN`, and `DEBUG`.
+You can use `--operator-flags` to pass in flags using the operator-sdk.
 
 Assuming you are using minikube:
 
@@ -342,10 +339,10 @@ $ minikube start # you will be have a kubeconfig read to use by cloudformation o
 $ export AWS_PROFILE=my_profile # setup your aws config
 $ cd $GOPATH/src/github.com/linki/cloudformation-operator
 $ # run cloudformation operator based on previous settings and env vars
-$ WATCH_NAMESPACE=staging DRY_RUN=true DEBUG=true AWS_REGION=eu-central-1 operator-sdk up local
-INFO[0000] Go Version: go1.10.1
+$ WATCH_NAMESPACE=staging operator-sdk up local --operator-flags="--dry-run=true --region=eu-central-1"
+INFO[0000] Go Version: go1.13.0
 INFO[0000] Go OS/Arch: darwin/amd64
-INFO[0000] operator-sdk Version: 0.0.5+git
-INFO[0000] cloudformation-operator Version: 0.4.0+git
+INFO[0000] operator-sdk Version: v0.10.0
+INFO[0000] cloudformation-operator Version: 0.6.0+git
 INFO[0000] starting stacks controller
 ```
diff --git a/build/Dockerfile b/build/Dockerfile
@@ -0,0 +1,15 @@
+FROM registry.access.redhat.com/ubi7/ubi-minimal:latest
+
+ENV OPERATOR=/usr/local/bin/cloudformation-operator \
+    USER_UID=1001 \
+    USER_NAME=cloudformation-operator
+
+# install operator binary
+COPY build/_output/bin/cloudformation-operator ${OPERATOR}
+
+COPY build/bin /usr/local/bin
+RUN  /usr/local/bin/user_setup
+
+ENTRYPOINT ["/usr/local/bin/entrypoint"]
+
+USER ${USER_UID}
diff --git a/build/bin/entrypoint b/build/bin/entrypoint
@@ -0,0 +1,12 @@
+#!/bin/sh -e
+
+# This is documented here:
+# https://docs.openshift.com/container-platform/3.11/creating_images/guidelines.html#openshift-specific-guidelines
+
+if ! whoami &>/dev/null; then
+  if [ -w /etc/passwd ]; then
+    echo "${USER_NAME:-cloudformation-operator}:x:$(id -u):$(id -g):${USER_NAME:-cloudformation-operator} user:${HOME}:/sbin/nologin" >> /etc/passwd
+  fi
+fi
+
+exec ${OPERATOR} $@
diff --git a/build/bin/user_setup b/build/bin/user_setup
@@ -0,0 +1,13 @@
+#!/bin/sh
+set -x
+
+# ensure $HOME exists and is accessible by group 0 (we don't know what the runtime UID will be)
+mkdir -p ${HOME}
+chown ${USER_UID}:0 ${HOME}
+chmod ug+rwx ${HOME}
+
+# runtime user will need to be able to self-insert in /etc/passwd
+chmod g+rw /etc/passwd
+
+# no need for this script to remain in the image after running
+rm $0
diff --git a/cmd/cloudformation-operator/main.go b/cmd/cloudformation-operator/main.go