add target.mpas.ocm.software CRD

PROJECT

@@ -17,4 +17,12 @@ resources:
   kind: Project
   path: github.com/open-component-model/mpas-project-controller/api/v1alpha1
   version: v1alpha1
+- api:
+    crdVersion: v1
+    namespaced: true
+  domain: ocm.software
+  group: mpas
+  kind: Target
+  path: github.com/open-component-model/mpas-project-controller/api/v1alpha1
+  version: v1alpha1
 version: "3"

api/v1alpha1/target_types.go

@@ -0,0 +1,81 @@
+/*
+Copyright 2023.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// TargetSpec defines the desired state of Target
+type TargetSpec struct {
+	// Type specifies the type of the target. Possible values are: kubernetes, ssh, ociRepository
+	// +required
+	// +kubebuilder:validation:Enum=kubernetes;ssh;ociRepository
+	Type string `json:"type"`
+
+	Access *Access `json:"access,omitempty"`
+}
+
+// TargetStatus defines the observed state of Target
+type TargetStatus struct {
+	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+}
+
+// Access defines the access information for a target
+type Access struct {
+	// +required
+	SecretRef *TargetSecretRef `json:"secretRef"`
+}
+
+// TargetSecretRef defines the reference to a secret within the cluster
+type TargetSecretRef struct {
+	// +required
+	Name string `json:"name"`
+
+	// Should we specify a default value?
+	// +optional
+	Namespace string `json:"namespace,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+//+kubebuilder:subresource:status
+
+// Target is the Schema for the targets API
+type Target struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   TargetSpec   `json:"spec,omitempty"`
+	Status TargetStatus `json:"status,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+
+// TargetList contains a list of Target
+type TargetList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []Target `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&Target{}, &TargetList{})
+}

config/crd/bases/mpas.ocm.software_targets.yaml

@@ -0,0 +1,74 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.11.1
+  creationTimestamp: null
+  name: targets.mpas.ocm.software
+spec:
+  group: mpas.ocm.software
+  names:
+    kind: Target
+    listKind: TargetList
+    plural: targets
+    singular: target
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: Target is the Schema for the targets API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: TargetSpec defines the desired state of Target
+            properties:
+              access:
+                description: Access defines the access information for a target
+                properties:
+                  secretRef:
+                    description: TargetSecretRef defines the reference to a secret
+                      within the cluster
+                    properties:
+                      name:
+                        type: string
+                      namespace:
+                        description: Should we specify a default value?
+                        type: string
+                    required:
+                    - name
+                    type: object
+                required:
+                - secretRef
+                type: object
+              type:
+                description: 'Type specifies the type of the target. Possible values
+                  are: kubernetes, ssh, ociRepository'
+                enum:
+                - kubernetes
+                - ssh
+                - ociRepository
+                type: string
+            required:
+            - type
+            type: object
+          status:
+            description: TargetStatus defines the observed state of Target
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}

config/crd/kustomization.yaml

@@ -3,17 +3,20 @@
 # It should be run by config/default
 resources:
 - bases/mpas.ocm.software_projects.yaml
+- bases/mpas.ocm.software_targets.yaml
 #+kubebuilder:scaffold:crdkustomizeresource
 
 patchesStrategicMerge:
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
 # patches here are for enabling the conversion webhook for each CRD
 #- patches/webhook_in_projects.yaml
+#- patches/webhook_in_targets.yaml
 #+kubebuilder:scaffold:crdkustomizewebhookpatch
 
 # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix.
 # patches here are for enabling the CA injection for each CRD
 #- patches/cainjection_in_projects.yaml
+#- patches/cainjection_in_targets.yaml
 #+kubebuilder:scaffold:crdkustomizecainjectionpatch
 
 # the following config is for teaching kustomize how to do kustomization for CRDs.

config/crd/patches/cainjection_in_targets.yaml

@@ -0,0 +1,7 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: targets.mpas.ocm.software

config/crd/patches/webhook_in_targets.yaml

@@ -0,0 +1,16 @@
+# The following patch enables a conversion webhook for the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: targets.mpas.ocm.software
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        service:
+          namespace: system
+          name: webhook-service
+          path: /convert
+      conversionReviewVersions:
+      - v1

config/rbac/target_editor_role.yaml

@@ -0,0 +1,31 @@
+# permissions for end users to edit targets.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: target-editor-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: mpas-project-controller
+    app.kubernetes.io/part-of: mpas-project-controller
+    app.kubernetes.io/managed-by: kustomize
+  name: target-editor-role
+rules:
+- apiGroups:
+  - mpas.ocm.software
+  resources:
+  - targets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - mpas.ocm.software
+  resources:
+  - targets/status
+  verbs:
+  - get

config/rbac/target_viewer_role.yaml

@@ -0,0 +1,27 @@
+# permissions for end users to view targets.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: target-viewer-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: mpas-project-controller
+    app.kubernetes.io/part-of: mpas-project-controller
+    app.kubernetes.io/managed-by: kustomize
+  name: target-viewer-role
+rules:
+- apiGroups:
+  - mpas.ocm.software
+  resources:
+  - targets
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - mpas.ocm.software
+  resources:
+  - targets/status
+  verbs:
+  - get

config/samples/mpas_v1alpha1_target.yaml

@@ -0,0 +1,12 @@
+apiVersion: mpas.ocm.software/v1alpha1
+kind: Target
+metadata:
+  labels:
+    app.kubernetes.io/name: target
+    app.kubernetes.io/instance: target-sample
+    app.kubernetes.io/part-of: mpas-project-controller
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/created-by: mpas-project-controller
+  name: target-sample
+spec:
+  # TODO(user): Add fields here