Initial release

.editorconfig

@@ -0,0 +1,6 @@
+root = true
+
+[*.{yml,yaml}]
+indent_style = space
+indent_size = 2
+trim_trailing_whitespace = true

.gitattributes

@@ -0,0 +1,6 @@
+* text=auto
+go.mod text eol=lf
+
+# operator build tools require LF normalization
+/scripts/entrypoint text eol=lf
+/scripts/user_setup text eol=lf

.gitignore

@@ -0,0 +1 @@
+sandbox-operator

Dockerfile

@@ -0,0 +1,28 @@
+FROM golang:1.13-alpine AS builder
+WORKDIR /operator
+
+COPY go.mod .
+COPY go.sum .
+RUN go mod download
+
+COPY . .
+
+RUN GOOS=linux GOARCH=amd64 go build -o sandbox-operator main.go
+
+FROM alpine:3.11.2
+ENV OPERATOR=/usr/local/bin/sandbox-operator \
+    USER_UID=1001 \
+    USER_NAME=sandbox-operator
+
+COPY --from=builder /operator/sandbox-operator ${OPERATOR}
+COPY scripts/ /usr/local/bin
+
+RUN chmod +x /usr/local/bin/user_setup
+RUN chmod +x /usr/local/bin/entrypoint
+RUN chmod +x /usr/local/bin/sandbox-operator
+
+RUN /usr/local/bin/user_setup
+
+ENTRYPOINT ["/usr/local/bin/entrypoint"]
+
+USER ${USER_UID}

Makefile

@@ -0,0 +1,35 @@
+KUBERNETES_VERSION=v1.14.10
+CLUSTER_NAME=operator-testing-$(KUBERNETES_VERSION)
+OPERATOR_IMAGE=sandbox-operator:dev
+
+.PHONY: image
+image:
+	docker build . -t $(OPERATOR_IMAGE)
+
+.PHONY: cluster
+cluster:
+	kind create cluster --name $(CLUSTER_NAME) --image kindest/node:$(KUBERNETES_VERSION)
+	kubectl wait --for=condition=Ready --timeout=60s node --all
+
+.PHONY: deploy
+deploy: image
+	kind load docker-image $(OPERATOR_IMAGE) --name $(CLUSTER_NAME)
+	kubectl delete pod --all
+	kustomize build example | kubectl apply -f -
+	kubectl wait --for=condition=Ready --timeout=60s pods --all
+
+.PHONY: lint
+lint:
+	kustomize build example | kubeval --ignore-missing-schemas -
+
+.PHONY: test-unit
+test-unit: 
+	go test ./controller -v -count=1
+
+.PHONY: test-integration
+test-integration: cluster deploy
+	go test ./controller -v --tags=integration -count=1
+
+.PHONY: destroy
+destroy:
+	kind delete cluster --name $(CLUSTER_NAME)

README.md

@@ -1,2 +1,15 @@
 # sandbox-operator
-A kubernetes operator for creating isolated environments
+
+## Introduction
+
+This is a sandbox operator that creates segregated namespaces and sets up RBAC for authenticated users specified in the CRD.
+
+## Local Testing
+
+Run `make test-unit` to run the operator unit tests
+
+Run `make test-integration` to deploy the operator to a Kind cluster and verify the operator pod enters a running state.
+
+Iterative deployments can be made with `make deploy`. This will rebuild the operator and deploy to it to an existing cluster.
+
+To test with a different version of Kubernetes, pass in `KUBERNETES_VERSION` to the `make` command (e.g. `make test-integration KUBERNETES_VERSION=v1.17.0`)

apis/addtoscheme_operators_v1alpha1.go

@@ -0,0 +1,10 @@
+package apis
+
+import (
+	"github.com/plexsystems/sandbox-operator/apis/operators/v1alpha1"
+)
+
+func init() {
+	// Register the types with the Scheme so the components can map objects to GroupVersionKinds and back
+	AddToSchemes = append(AddToSchemes, v1alpha1.SchemeBuilder.AddToScheme)
+}

apis/apis.go

@@ -0,0 +1,13 @@
+package apis
+
+import (
+	"k8s.io/apimachinery/pkg/runtime"
+)
+
+// AddToSchemes may be used to add all resources defined in the project to a Scheme
+var AddToSchemes runtime.SchemeBuilder
+
+// AddToScheme adds all Resources to the Scheme
+func AddToScheme(s *runtime.Scheme) error {
+	return AddToSchemes.AddToScheme(s)
+}

apis/operators/group.go

@@ -0,0 +1,2 @@
+// Package operators contains operators.plex.dev API versions
+package operators

apis/operators/v1alpha1/doc.go

@@ -0,0 +1,4 @@
+// Package v1alpha1 contains API Schema definitions for the operators.plex.dev API group
+// +k8s:deepcopy-gen=package,register
+// +groupName=operators.plex.dev
+package v1alpha1

apis/operators/v1alpha1/register.go

@@ -0,0 +1,19 @@
+// NOTE: Boilerplate only.  Ignore this file.
+
+// Package v1alpha1 contains API Schema definitions for the operators.plex.dev API group
+// +k8s:deepcopy-gen=package,register
+// +groupName=operators.plex.dev
+package v1alpha1
+
+import (
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"sigs.k8s.io/controller-runtime/pkg/runtime/scheme"
+)
+
+var (
+	// SchemeGroupVersion is group version used to register these objects
+	SchemeGroupVersion = schema.GroupVersion{Group: "operators.plex.dev", Version: "v1alpha1"}
+
+	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
+	SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion}
+)

apis/operators/v1alpha1/sandbox_types.go

@@ -0,0 +1,41 @@
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// SandboxSpec defines the desired state of Sandbox
+// +k8s:openapi-gen=true
+type SandboxSpec struct {
+	Owners []string `json:"owners"`
+}
+
+// SandboxStatus defines the observed state of Sandbox
+// +k8s:openapi-gen=true
+type SandboxStatus struct{}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// Sandbox is the Schema for the sandboxes API
+// +k8s:openapi-gen=true
+// +kubebuilder:subresource:status
+type Sandbox struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   SandboxSpec   `json:"spec,omitempty"`
+	Status SandboxStatus `json:"status,omitempty"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// SandboxList contains a list of Sandbox
+type SandboxList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []Sandbox `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&Sandbox{}, &SandboxList{})
+}

apis/operators/v1alpha1/zz_generated.openapi.go

@@ -0,0 +1,85 @@
+// +build !ignore_autogenerated
+
+// This file was autogenerated by openapi-gen. Do not edit it manually!
+
+package v1alpha1
+
+import (
+	spec "github.com/go-openapi/spec"
+	common "k8s.io/kube-openapi/pkg/common"
+)
+
+func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenAPIDefinition {
+	return map[string]common.OpenAPIDefinition{
+		"./pkg/apis/operators/v1alpha1.Sandbox":       schema_pkg_apis_operators_v1alpha1_Sandbox(ref),
+		"./pkg/apis/operators/v1alpha1.SandboxSpec":   schema_pkg_apis_operators_v1alpha1_SandboxSpec(ref),
+		"./pkg/apis/operators/v1alpha1.SandboxStatus": schema_pkg_apis_operators_v1alpha1_SandboxStatus(ref),
+	}
+}
+
+func schema_pkg_apis_operators_v1alpha1_Sandbox(ref common.ReferenceCallback) common.OpenAPIDefinition {
+	return common.OpenAPIDefinition{
+		Schema: spec.Schema{
+			SchemaProps: spec.SchemaProps{
+				Description: "Sandbox is the Schema for the sandboxes API",
+				Properties: map[string]spec.Schema{
+					"kind": {
+						SchemaProps: spec.SchemaProps{
+							Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds",
+							Type:        []string{"string"},
+							Format:      "",
+						},
+					},
+					"apiVersion": {
+						SchemaProps: spec.SchemaProps{
+							Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources",
+							Type:        []string{"string"},
+							Format:      "",
+						},
+					},
+					"metadata": {
+						SchemaProps: spec.SchemaProps{
+							Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"),
+						},
+					},
+					"spec": {
+						SchemaProps: spec.SchemaProps{
+							Ref: ref("./pkg/apis/operators/v1alpha1.SandboxSpec"),
+						},
+					},
+					"status": {
+						SchemaProps: spec.SchemaProps{
+							Ref: ref("./pkg/apis/operators/v1alpha1.SandboxStatus"),
+						},
+					},
+				},
+			},
+		},
+		Dependencies: []string{
+			"./pkg/apis/operators/v1alpha1.SandboxSpec", "./pkg/apis/operators/v1alpha1.SandboxStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"},
+	}
+}
+
+func schema_pkg_apis_operators_v1alpha1_SandboxSpec(ref common.ReferenceCallback) common.OpenAPIDefinition {
+	return common.OpenAPIDefinition{
+		Schema: spec.Schema{
+			SchemaProps: spec.SchemaProps{
+				Description: "SandboxSpec defines the desired state of Sandbox",
+				Properties:  map[string]spec.Schema{},
+			},
+		},
+		Dependencies: []string{},
+	}
+}
+
+func schema_pkg_apis_operators_v1alpha1_SandboxStatus(ref common.ReferenceCallback) common.OpenAPIDefinition {
+	return common.OpenAPIDefinition{
+		Schema: spec.Schema{
+			SchemaProps: spec.SchemaProps{
+				Description: "SandboxStatus defines the observed state of Sandbox",
+				Properties:  map[string]spec.Schema{},
+			},
+		},
+		Dependencies: []string{},
+	}
+}