krestomatio · jobcespedes · Nov 4, 2024 · Nov 4, 2024 · Nov 4, 2024 · Nov 23, 2024
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,3 @@
-
 # Binaries for programs and plugins
 *.exe
 *.exe~
@@ -9,14 +8,16 @@ bin/*
 Dockerfile.cross
 testbin/*
 
-# Test binary, build with `go test -c`
+# Test binary, built with `go test -c`
 *.test
 
 # Output of the go coverage tool, specifically when used with LiteIDE
 *.out
 
-# Kubernetes Generated files - skip generated files, except for vendored files
+# Go workspace file
+go.work
 
+# Kubernetes Generated files - skip generated files, except for vendored files
 !vendor/**/zz_generated.*
 
 # editor and IDE paraphernalia

diff --git a/.golangci.yml b/.golangci.yml
@@ -1,24 +1,50 @@
 run:
   timeout: 5m
+  allow-parallel-runners: true
+
+issues:
+  # don't skip warning about doc comments
+  # don't exclude the default set of lint
+  exclude-use-default: false
+  # restore some of the defaults
+  # (fill in the rest as needed)
+  exclude-rules:
+    - path: "api/*"
+      linters:
+        - lll
+    - path: "internal/*"
+      linters:
+        - dupl
+        - lll
 linters:
+  disable-all: true
   enable:
-    - nakedret
-    - misspell
-    - ineffassign
+    - dupl
+    - errcheck
+    - exportloopref
     - ginkgolinter
     - goconst
-    - errcheck
-    - unparam
-    - staticcheck
-    - unused
+    - gocyclo
+    - gofmt
+    - goimports
     - gosimple
-    - gosec
-    - dupl
+    - govet
+    - ineffassign
+    - lll
+    - misspell
+    - nakedret
+    - prealloc
+    - revive
+    - staticcheck
+    - typecheck
     - unconvert
-    - gocyclo
-    # - goimports
-    # - revive
+    - unparam
+    - unused
+
 linters-settings:
+  revive:
+    rules:
+      - name: comment-spacings
   dupl:
     # tokens count to trigger issue, 150 by default
     threshold: 300
diff --git a/.lighthouse/jenkins-x/release.yaml b/.lighthouse/jenkins-x/release.yaml
@@ -100,7 +100,9 @@ spec:
           - promote
           command:
           - make
-  podTemplate: {}
+  podTemplate:
+    nodeSelector:
+      kubernetes.io/arch: amd64
   serviceAccountName: tekton-bot
   timeout: 240h0m0s
 status: {}
diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.21 as builder
+FROM golang:1.22 as builder
 ARG TARGETOS
 ARG TARGETARCH
 

diff --git a/Makefile b/Makefile
@@ -1,9 +1,9 @@
 PROJECT_SHORTNAME ?= lms-moodle
 VERSION ?= 0.4.8
-MOODLE_OPERATOR_VERSION ?= 0.6.18
-POSTGRES_OPERATOR_VERSION ?= 0.3.13
-KEYDB_OPERATOR_VERSION ?= 0.3.14
-NFS_OPERATOR_VERSION ?= 0.4.13
+MOODLE_OPERATOR_VERSION ?= 0.6.26
+POSTGRES_OPERATOR_VERSION ?= 0.3.21
+KEYDB_OPERATOR_VERSION ?= 0.3.21
+NFS_OPERATOR_VERSION ?= 0.4.20
 OPERATOR_TYPE ?= go
 PROJECT_TYPE ?= $(OPERATOR_TYPE)-operator
 COMMUNITY_OPERATOR_NAME ?= lms-moodle-operator

diff --git a/Makefile-dist.mk b/Makefile-dist.mk
@@ -48,12 +48,11 @@ endif
 
 # Set the Operator SDK version to use. By default, what is installed on the system is used.
 # This is useful for CI or a project to utilize a specific version of the operator-sdk toolkit.
-OPERATOR_SDK_VERSION ?= v1.33.0
-
+OPERATOR_SDK_VERSION ?= v1.39.1
 # Image URL to use all building/pushing image targets
 IMG ?= controller:latest
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
-ENVTEST_K8S_VERSION = 1.27.1
+ENVTEST_K8S_VERSION = 1.31.0
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
@@ -80,7 +79,7 @@ all: build
 
 # The help target prints out all targets with their descriptions organized
 # beneath their categories. The categories are represented by '##@' and the
-# target descriptions by '##'. The awk commands is responsible for reading the
+# target descriptions by '##'. The awk command is responsible for reading the
 # entire set of makefiles included in this invocation, looking for lines of the
 # file as xyz: ## something, and then pretty-format the target and help. Then,
 # if there's a line with ##@ something, that gets pretty-printed as a category.
@@ -113,7 +112,20 @@ vet: ## Run go vet against code.
 
 .PHONY: test
 test: manifests generate fmt vet envtest ## Run tests.
-	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test ./... -coverprofile cover.out
+	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test $$(go list ./... | grep -v /e2e) -coverprofile cover.out
+
+# Utilize Kind or modify the e2e tests to load the image locally, enabling compatibility with other vendors.
+.PHONY: test-e2e  # Run the e2e tests against a Kind k8s instance that is spun up.
+test-e2e:
+	go test ./test/e2e/ -v -ginkgo.v
+
+.PHONY: lint
+lint: golangci-lint ## Run golangci-lint linter
+	$(GOLANGCI_LINT) run
+
+.PHONY: lint-fix
+lint-fix: golangci-lint ## Run golangci-lint linter and perform fixes
+	$(GOLANGCI_LINT) run --fix
 
 ##@ Build
 
@@ -125,34 +137,40 @@ build: manifests generate fmt vet ## Build manager binary.
 run: manifests generate fmt vet ## Run a controller from your host.
 	go run ./cmd/main.go
 
-# If you wish built the manager image targeting other platforms you can use the --platform flag.
-# (i.e. docker build --platform linux/arm64 ). However, you must enable docker buildKit for it.
+# If you wish to build the manager image targeting other platforms you can use the --platform flag.
+# (i.e. docker build --platform linux/arm64). However, you must enable docker buildKit for it.
 # More info: https://docs.docker.com/develop/develop-images/build_enhancements/
 .PHONY: docker-build
-docker-build: test ## Build docker image with the manager.
+docker-build: ## Build docker image with the manager.
 	$(CONTAINER_TOOL) build -t ${IMG} .
 
 .PHONY: docker-push
 docker-push: ## Push docker image with the manager.
 	$(CONTAINER_TOOL) push ${IMG}
 
-# PLATFORMS defines the target platforms for  the manager image be build to provide support to multiple
+# PLATFORMS defines the target platforms for the manager image be built to provide support to multiple
 # architectures. (i.e. make docker-buildx IMG=myregistry/mypoperator:0.0.1). To use this option you need to:
-# - able to use docker buildx . More info: https://docs.docker.com/build/buildx/
-# - have enable BuildKit, More info: https://docs.docker.com/develop/develop-images/build_enhancements/
-# - be able to push the image for your registry (i.e. if you do not inform a valid value via IMG=<myregistry/image:<tag>> then the export will fail)
-# To properly provided solutions that supports more than one platform you should use this option.
+# - be able to use docker buildx. More info: https://docs.docker.com/build/buildx/
+# - have enabled BuildKit. More info: https://docs.docker.com/develop/develop-images/build_enhancements/
+# - be able to push the image to your registry (i.e. if you do not set a valid value via IMG=<myregistry/image:<tag>> then the export will fail)
+# To adequately provide solutions that are compatible with multiple platforms, you should consider using this option.
 PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le
 .PHONY: docker-buildx
-docker-buildx: test ## Build and push docker image for the manager for cross-platform support
+docker-buildx: ## Build and push docker image for the manager for cross-platform support
 	# copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile
 	sed -e '1 s/\(^FROM\)/FROM --platform=\$$\{BUILDPLATFORM\}/; t' -e ' 1,// s//FROM --platform=\$$\{BUILDPLATFORM\}/' Dockerfile > Dockerfile.cross
-	- $(CONTAINER_TOOL) buildx create --name project-v3-builder
-	$(CONTAINER_TOOL) buildx use project-v3-builder
+	- $(CONTAINER_TOOL) buildx create --name lms-moodle-operator-builder
+	$(CONTAINER_TOOL) buildx use lms-moodle-operator-builder
 	- $(CONTAINER_TOOL) buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross .
-	- $(CONTAINER_TOOL) buildx rm project-v3-builder
+	- $(CONTAINER_TOOL) buildx rm lms-moodle-operator-builder
 	rm Dockerfile.cross
 
+.PHONY: build-installer
+build-installer: manifests generate kustomize ## Generate a consolidated YAML with CRDs and deployment.
+	mkdir -p dist
+	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+	$(KUSTOMIZE) build config/default > dist/install.yaml
+
 ##@ Deployment
 
 ifndef ignore-not-found
@@ -173,10 +191,10 @@ deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in
 	$(KUSTOMIZE) build config/default | $(KUBECTL) apply -f -
 
 .PHONY: undeploy
-undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
+undeploy: kustomize ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
 	$(KUSTOMIZE) build config/default | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f -
 
-##@ Build Dependencies
+##@ Dependencies
 
 ## Location to install dependencies to
 LOCALBIN ?= $(shell pwd)/bin
@@ -188,30 +206,49 @@ KUBECTL ?= kubectl
 KUSTOMIZE ?= $(LOCALBIN)/kustomize
 CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
 ENVTEST ?= $(LOCALBIN)/setup-envtest
+GOLANGCI_LINT = $(LOCALBIN)/golangci-lint
 
 ## Tool Versions
-KUSTOMIZE_VERSION ?= v5.0.1
-CONTROLLER_TOOLS_VERSION := v0.14.0
+KUSTOMIZE_VERSION ?= v5.4.3
+CONTROLLER_TOOLS_VERSION ?= v0.16.1
+ENVTEST_VERSION ?= release-0.19
+GOLANGCI_LINT_VERSION ?= v1.59.1
 
 .PHONY: kustomize
-kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. If wrong version is installed, it will be removed before downloading.
+kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary.
 $(KUSTOMIZE): $(LOCALBIN)
-	@if test -x $(LOCALBIN)/kustomize && ! $(LOCALBIN)/kustomize version | grep -q $(KUSTOMIZE_VERSION); then \
-		echo "$(LOCALBIN)/kustomize version is not expected $(KUSTOMIZE_VERSION). Removing it before installing."; \
-		rm -rf $(LOCALBIN)/kustomize; \
-	fi
-	test -s $(LOCALBIN)/kustomize || GOBIN=$(LOCALBIN) GO111MODULE=on go install sigs.k8s.io/kustomize/kustomize/v5@$(KUSTOMIZE_VERSION)
+	$(call go-install-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/v5,$(KUSTOMIZE_VERSION))
 
 .PHONY: controller-gen
-controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten.
+controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary.
 $(CONTROLLER_GEN): $(LOCALBIN)
-	test -s $(LOCALBIN)/controller-gen && $(LOCALBIN)/controller-gen --version | grep -q $(CONTROLLER_TOOLS_VERSION) || \
-	GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_TOOLS_VERSION)
+	$(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen,$(CONTROLLER_TOOLS_VERSION))
 
 .PHONY: envtest
-envtest: $(ENVTEST) ## Download envtest-setup locally if necessary.
+envtest: $(ENVTEST) ## Download setup-envtest locally if necessary.
 $(ENVTEST): $(LOCALBIN)
-	test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
+	$(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest,$(ENVTEST_VERSION))
+
+.PHONY: golangci-lint
+golangci-lint: $(GOLANGCI_LINT) ## Download golangci-lint locally if necessary.
+$(GOLANGCI_LINT): $(LOCALBIN)
+	$(call go-install-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/cmd/golangci-lint,$(GOLANGCI_LINT_VERSION))
+
+# go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist
+# $1 - target path with name of binary
+# $2 - package url which can be installed
+# $3 - specific version of package
+define go-install-tool
+@[ -f "$(1)-$(3)" ] || { \
+set -e; \
+package=$(2)@$(3) ;\
+echo "Downloading $${package}" ;\
+rm -f $(1) || true ;\
+GOBIN=$(LOCALBIN) go install $${package} ;\
+mv $(1) $(1)-$(3) ;\
+} ;\
+ln -sf $(1)-$(3) $(1)
+endef
 
 .PHONY: operator-sdk
 OPERATOR_SDK ?= $(LOCALBIN)/operator-sdk
@@ -246,7 +283,7 @@ bundle-push: ## Push the bundle image.
 	$(MAKE) docker-push IMG=$(BUNDLE_IMG)
 
 .PHONY: opm
-OPM = ./bin/opm
+OPM = $(LOCALBIN)/opm
 opm: ## Download opm locally if necessary.
 ifeq (,$(wildcard $(OPM)))
 ifeq (,$(shell which opm 2>/dev/null))

diff --git a/api/lms/v1alpha1/keydb_types.go b/api/lms/v1alpha1/keydb_types.go
@@ -109,6 +109,18 @@ type KeydbSpec struct {
 	// KeydbVpaSpec set keydb horizontal pod autoscaler spec
 	// +optional
 	KeydbVpaSpec string `json:"keydbVpaSpec,omitempty"`
+
+	// KeydbNetpolOmit whether to omit default keydb network policy. Default: true
+	// +optional
+	KeydbNetpolOmit bool `json:"keydbNetpolOmit,omitempty"`
+
+	// GaneshaNetpolIngressIpblock defines ingress ip block for keydb default network policy
+	// +optional
+	KeydbNetpolIngressIpblock string `json:"keydbNetpolIngressIpblock,omitempty"`
+
+	// KeydbNetpolEgressIpblock defines egress ip block for keydb default network policy
+	// +optional
+	KeydbNetpolEgressIpblock string `json:"keydbNetpolEgressIpblock,omitempty"`
 }
 
 // KeydbMode describes mode keydb runs

diff --git a/api/lms/v1alpha1/lmsmoodle_types.go b/api/lms/v1alpha1/lmsmoodle_types.go
@@ -33,6 +33,13 @@ type LMSMoodleSpec struct {
 	// +kubebuilder:validation:MaxLength=255
 	LMSMoodleTemplateName string `json:"lmsMoodleTemplateName"`
 
+	// LMSMoodleNetpolOmit whether to omit default network policy for the namespace. Default: false
+	// It will deny all ingress and egress traffic to the namespace
+	// Intended to be used with custom network policies already in place or
+	// by not omitting default network policies of each dependant resource
+	// +optional
+	LMSMoodleNetpolOmit bool `json:"lmsMoodleNetpolOmit,omitempty"`
+
 	// DesiredState defines the desired state to put a LMSMoodle
 	// +kubebuilder:validation:Enum=Ready;Suspended
 	// +kubebuilder:default:="Ready"
@@ -103,16 +110,16 @@ const (
 	SuspendedState string = "Suspended"
 )
 
-//+kubebuilder:object:root=true
-//+kubebuilder:subresource:status
-//+kubebuilder:resource:scope=Cluster,categories={lms},shortName=lm
-//+kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp",description="Age of the resource",priority=0
-//+kubebuilder:printcolumn:name="STATUS",type="string",description="LMSMoodle status such as Unknown/SettingUp/Ready/Failed/Terminating etc",JSONPath=".status.state",priority=0
-//+kubebuilder:printcolumn:name="SINCE",type="date",JSONPath=".status.conditions[?(@.type=='Ready')].lastTransitionTime",description="Time of latest transition",priority=0
-//+kubebuilder:printcolumn:name="TEMPLATE",type="string",description="LMSMoodleTemplate name",JSONPath=".spec.lmsMoodleTemplate",priority=0
-//+kubebuilder:printcolumn:name="URL",type="string",JSONPath=".status.url",description="LMSMoodle URL",priority=0
-//+kubebuilder:printcolumn:name="USERS",type="integer",JSONPath=".status.registeredUsers",description="LMSMoodle registered users",priority=0
-//+kubebuilder:printcolumn:name="GB",type="string",JSONPath=".status.storageGb",description="LMSMoodle storage usage in GB",priority=0
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:resource:scope=Cluster,categories={lms},shortName=lm
+// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp",description="Age of the resource",priority=0
+// +kubebuilder:printcolumn:name="STATUS",type="string",description="LMSMoodle status such as Unknown/SettingUp/Ready/Failed/Terminating etc",JSONPath=".status.state",priority=0
+// +kubebuilder:printcolumn:name="SINCE",type="date",JSONPath=".status.conditions[?(@.type=='Ready')].lastTransitionTime",description="Time of latest transition",priority=0
+// +kubebuilder:printcolumn:name="TEMPLATE",type="string",description="LMSMoodleTemplate name",JSONPath=".spec.lmsMoodleTemplate",priority=0
+// +kubebuilder:printcolumn:name="URL",type="string",JSONPath=".status.url",description="LMSMoodle URL",priority=0
+// +kubebuilder:printcolumn:name="USERS",type="integer",JSONPath=".status.registeredUsers",description="LMSMoodle registered users",priority=0
+// +kubebuilder:printcolumn:name="GB",type="string",JSONPath=".status.storageGb",description="LMSMoodle storage usage in GB",priority=0
 
 // LMSMoodle is the Schema for the lmsmoodles API
 type LMSMoodle struct {
@@ -123,7 +130,7 @@ type LMSMoodle struct {
 	Status LMSMoodleStatus `json:"status,omitempty"`
 }
 
-//+kubebuilder:object:root=true
+// +kubebuilder:object:root=true
 
 // LMSMoodleList contains a list of LMSMoodle
 type LMSMoodleList struct {

diff --git a/api/lms/v1alpha1/lmsmoodletemplate_types.go b/api/lms/v1alpha1/lmsmoodletemplate_types.go
@@ -55,11 +55,11 @@ type LMSMoodleTemplateStatus struct {
 	State string `json:"state,omitempty"`
 }
 
-//+kubebuilder:object:root=true
-//+kubebuilder:subresource:status
-//+kubebuilder:resource:scope=Cluster,categories={lms},shortName=lmt
-//+kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp",description="Age of the resource",priority=0
-//+kubebuilder:printcolumn:name="STATUS",type="string",description="LMSMoodleTemplate status such as Unknown/Used/NotUsed/Terminating etc",JSONPath=".status.state",priority=0
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:resource:scope=Cluster,categories={lms},shortName=lmt
+// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp",description="Age of the resource",priority=0
+// +kubebuilder:printcolumn:name="STATUS",type="string",description="LMSMoodleTemplate status such as Unknown/Used/NotUsed/Terminating etc",JSONPath=".status.state",priority=0
 
 // LMSMoodleTemplate is the Schema for the lmsmoodletemplates API
 type LMSMoodleTemplate struct {
@@ -70,7 +70,7 @@ type LMSMoodleTemplate struct {
 	Status LMSMoodleTemplateStatus `json:"status,omitempty"`
 }
 
-//+kubebuilder:object:root=true
+// +kubebuilder:object:root=true
 
 // LMSMoodleTemplateList contains a list of Moodle Template
 type LMSMoodleTemplateList struct {