Hello World

.github/workflows/ci.yml

@@ -0,0 +1,40 @@
+name: "CI"
+
+on:
+  push:
+    branches:
+      - master
+    tags:
+      - v.*
+
+jobs:
+  e2e_and_publish:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@master
+    - uses: engineerd/[email protected]
+      with:
+          version: "v0.7.0"
+          skipClusterCreation: "true"
+    - name: Set up Python 3.8
+      uses: actions/setup-python@v1
+      with:
+        python-version: "3.8"
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade virtualenv
+    - name: Execute E2E tests
+      run: |
+        make test-e2e
+    - name: Upload E2E logs
+      continue-on-error: true
+      uses: actions/upload-artifact@v1
+      with:
+        name: e2elogs
+        path: e2elogs
+    - name: Publish image
+      run: |
+        docker login -u "${{ secrets.DOCKER_USERNAME }}" -p "${{ secrets.DOCKER_PASSWORD }}"
+        make TAG_VERSION=${GITHUB_REF##*/} publish_dockerhub
+        make TAG_VERSION=dev publish_dockerhub
+        make TAG_VERSION=latest publish_dockerhub

.gitignore

@@ -0,0 +1,15 @@
+.venv-operator
+.venv-validator
+.venv-test
+.venv
+.kube
+.pytest_cache
+.pytest-kind
+.vscode
+
+e2elogs
+
+# Byte-compiled / optimized / DLL files
+**/__pycache__/
+*.py[cod]
+**/*.egg-info

Makefile

@@ -0,0 +1,74 @@
+PROJECTNAME=$(shell basename "$(PWD)")
+CLUSTER_VERSION="1.18.2"
+KIND_CLUSTER_NAME="k8spin-operator"
+PYTEST_PARAMS=""
+TAG_VERSION="dev"
+
+.PHONY: help
+all: help
+help: Makefile
+	@echo
+	@echo " Choose a command run in "$(PROJECTNAME)":"
+	@echo
+	@sed -n 's/^##//p' $< | column -t -s ':' |  sed -e 's/^/ /'
+	@echo
+
+## cluster-up: Creates the kind cluster
+cluster-up:
+	@kind create cluster --name $(KIND_CLUSTER_NAME) --image kindest/node:v${CLUSTER_VERSION} && echo "Cluster created" || echo "Cluster already exists"
+
+## cluster-down: Teardown the kind cluster
+cluster-down:
+	@kind delete cluster --name $(KIND_CLUSTER_NAME) -q && echo "Cluster deleted" || echo "Cluster does not exist exists"
+
+## build: Local build the operator
+build:
+	@docker build -t k8spin/k8spin-operator:dev . -f dockerfiles/Dockerfile-operator
+	@docker build -t k8spin/k8spin-webhook:dev . -f dockerfiles/Dockerfile-webhook
+
+## deploy: Deploys the complete solution
+deploy: load
+	@kubectl --context kind-$(KIND_CLUSTER_NAME) apply -f ./deploy/cert-manager
+	@kubectl --context kind-$(KIND_CLUSTER_NAME) wait --for=condition=Available deployment --timeout=2m -n cert-manager --all
+	@kubectl --context kind-$(KIND_CLUSTER_NAME) apply -f ./deploy/crds/ -n default
+	@kubectl --context kind-$(KIND_CLUSTER_NAME) apply -f ./deploy/ -n default
+
+## update: Update the complete solution
+update: load
+	@kubectl --context kind-$(KIND_CLUSTER_NAME) delete -f ./deploy/ --wait=true -n default
+	@kubectl --context kind-$(KIND_CLUSTER_NAME) apply -f ./deploy/ -n default
+
+## test-e2e: End-to-End tests. Use `PYTEST_ADDOPTS=--keep-cluster make test-e2e` to keep cluster
+## --workers auto could be added when we want multiple workers installing the package pytest-parallel
+test-e2e: build
+	@virtualenv -p python3.8 .venv-test
+	source .venv-test/bin/activate; \
+	pip install -r tests/requirements.txt; \
+	pip install -e k8spin_common; \
+	pytest -v -r=a \
+		--log-cli-level info \
+		--log-cli-format '%(asctime)s %(levelname)s %(message)s' \
+		--cluster-name k8spin-operator \
+		${PYTEST_PARAMS} \
+		tests/e2e;
+
+test-kubeconfig:
+	@export KUBECONFIG=.pytest-kind/k8spin-operator/kind-config-k8spin-operator
+
+load: cluster-up build
+	@kind load docker-image --name $(KIND_CLUSTER_NAME) k8spin/k8spin-operator:dev
+	@kind load docker-image --name $(KIND_CLUSTER_NAME) k8spin/k8spin-webhook:dev
+
+## kubie: Sets the kind cluster context
+kubie:
+	@kubie ctx kind-$(KIND_CLUSTER_NAME)
+
+publish_dockerhub:
+	@docker tag k8spin/k8spin-operator:dev k8spin/k8spin-operator:$(TAG_VERSION)
+	@docker tag k8spin/k8spin-webhook:dev k8spin/k8spin-webhook:$(TAG_VERSION)
+	@docker push k8spin/k8spin-operator:$(TAG_VERSION)
+	@docker push k8spin/k8spin-webhook:$(TAG_VERSION)
+
+clean:
+	@rm -rf .kube .pytest_cache .pytest-kind .venv-test e2elogs
+	@find . -type f -name '*.py[co]' -delete -o -type d -name __pycache__ -delete

README.md

@@ -0,0 +1,97 @@
+# K8Spin Operator
+
+Kubernetes multi-tenant operator. Enables multi-tenant capabilities in your Kubernetes Cluster.
+
+## Features
+
+The main features included in the Operator:
+
+- **Enable Multi-Tenant:** Adds three new hierarchy concepts *(Organizations, Tenants and Spaces)*.
+- **Secure and scalable cluster management delegation:** Cluster Admins creates Organizations
+then delegating its access to users and groups.
+- **Cluster budget management:** Assignning resources in the organization definition makes possible to
+understand how many resources are allocated to a user, team or the whole company.
+
+## Concepts
+
+K8Spin manages the multi-tenant feature with three simple concepts:
+
+- **Organization**: Created by a cluster administrator, hosts **tenants**. Cluster administrator
+can set compute quotas for the whole Organization and grant permissions to users and/or groups.
+- **Tenant**: A tenant can be created by an Organization administrator hosting **spaces**. The Tenant administrator
+can fix compute quotas and assign roles to users and/or groups. Tenants resources should fit into
+Organization resources.
+- **Space**: Tenant administrator can create Spaces. An space is an abstraction layer on top of
+a Namespace. A tenant administrator should assign quotas and roles to the Space. Space resources should fit
+into Tenant resources.
+
+## TL;DR
+
+Clone this repo, cd into it and:
+
+```bash
+# Create a local cluster
+$ kind create cluster
+# Deploy cert-manager
+$ kubectl apply -f deploy/cert-manager/cert-manager.yaml
+$ kubectl wait --for=condition=Available deployment --timeout=2m -n cert-manager --all
+# Deploy K8Spin operator
+$ kubectl apply -f ./deploy/crds/ -n default
+$ kubectl apply -f ./deploy/roles/ -n default
+$ kubectl apply -f ./deploy/ -n default
+$ kubectl wait --for=condition=Available deployment --timeout=2m -n default --all
+```
+
+Now you are ready to use the operator
+
+```bash
+$ kubectl apply -f example-cr/org-1.yaml
+organization.k8spin.cloud/example created
+$ kubectl apply -f example-cr/tenant-1.yaml
+tenant.k8spin.cloud/crm created
+$ kubectl apply -f example-cr/space-1.yaml
+space.k8spin.cloud/dev created
+```
+
+As cluster admin check organizations:
+
+```bash
+$ kubectl get org
+NAME      AGE
+example   86s
+```
+
+As `example` organization admin get available tenants:
+
+```bash
+kubectl get tenants -n org-example --as Angel --as-group "K8Spin.cloud"
+NAME   AGE
+crm    7m31s
+```
+
+As `crm` tenant admin get spaces:
+
+```bash
+$ kubectl get spaces -n org-example-tenant-crm --as Angel --as-group "K8Spin.cloud"
+NAME   AGE
+dev    9m24s
+```
+
+Run a workload in the dev space:
+
+```bash
+$ kubectl run nginx --image nginx --replicas=2 -n org-example-tenant-crm-space-dev --as Angel --as-group "K8Spin.cloud"
+pod/nginx created
+```
+
+Dicover workloads in the dev space as space viewer:
+
+```bash
+$ kubectl get pods -n org-example-tenant-crm-space-dev --as Pau
+NAME    READY   STATUS    RESTARTS   AGE
+nginx   1/1     Running   0          66s
+```
+
+## Documentation
+
+Discover all the power of this operator [reading all the documentation](docs)