Merge branch 'feature/tenant-eventsourcing'

.dockerignore

@@ -2,3 +2,4 @@
 # Ignore build and test binaries.
 bin/
 testbin/
+!dist/

.gitignore

@@ -23,3 +23,8 @@ testbin/*
 *.swp
 *.swo
 *~
+
+# dotenv
+.env
+
+dist/

.goreleaser.yaml

@@ -0,0 +1,55 @@
+# This is an example .goreleaser.yml file with some sensible defaults.
+# Make sure to check the documentation at https://goreleaser.com
+before:
+  hooks:
+    - go mod tidy
+    - go mod download
+builds:
+  - id: aeto
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+      - darwin
+    goarch:
+      - "amd64"
+      - "arm64"
+archives:
+  - id: aeto
+    builds:
+      - aeto
+    replacements:
+      darwin: Darwin
+      linux: Linux
+    files:
+      - README*
+      - LICENCE*
+      - config/crd/*
+      - config/rbac/*
+      - config/manager/*
+      - config/prometheus/*
+      - config/default/*
+      - config/default-resources/*
+      - config/samples/*
+dockers:
+  - id: docker_amd64
+    goos: linux
+    goarch: amd64
+    build_flag_templates:
+      - "--platform=linux/amd64"
+    dockerfile: "Dockerfile.goreleaser"
+    image_templates:
+      - "kristofferahl/aeto:{{ .Tag }}"
+      # - "kristofferahl/aeto:v{{ .Major }}"
+      # - "kristofferahl/aeto:v{{ .Major }}.{{ .Minor }}"
+      - "kristofferahl/aeto:latest"
+checksum:
+  name_template: "checksums.txt"
+snapshot:
+  name_template: "{{ incpatch .Version }}-next"
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - "^.vscode:"
+      - "^hack:"

.vscode/launch.json

@@ -0,0 +1,16 @@
+{
+    // Use IntelliSense to learn about possible attributes.
+    // Hover to view descriptions of existing attributes.
+    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "name": "Debug operator",
+            "type": "go",
+            "request": "launch",
+            "mode": "auto",
+            "program": "${workspaceFolder}/main.go",
+            "envFile": "${workspaceFolder}/.env"
+        }
+    ]
+}

Dockerfile

@@ -13,6 +13,7 @@ RUN go mod download
 COPY main.go main.go
 COPY apis/ apis/
 COPY controllers/ controllers/
+COPY internal/ internal/
 
 # Build
 RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o manager main.go

Dockerfile.goreleaser

@@ -0,0 +1,8 @@
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM gcr.io/distroless/static:nonroot
+WORKDIR /
+COPY ./aeto .
+USER 65532:65532
+
+ENTRYPOINT ["/aeto"]

Makefile

@@ -54,6 +54,7 @@ SHELL = /usr/bin/env bash -o pipefail
 .SHELLFLAGS = -ec
 
 # Zap Log level to use when running make run
+# Set "ZAP_LOG_LEVEL = 2" to enable trace logging
 ZAP_LOG_LEVEL = debug
 
 # Run Zap in development mode

NOTES.md

@@ -0,0 +1,19 @@
+mkdir aeto
+cd aeto
+
+git init
+operator-sdk init --repo github.com/kristofferahl/aeto --domain aeto.net --project-name aeto
+git add .
+kubebuilder edit --multigroup=true
+operator-sdk create api --group event --version v1alpha1 --kind EventStreamChunk --resource --controller
+operator-sdk create api --group core --version v1alpha1 --kind Tenant --resource --controller
+operator-sdk create api --group core --version v1alpha1 --kind ResourceTemplate --resource --controller
+operator-sdk create api --group core --version v1alpha1 --kind Blueprint --resource --controller
+operator-sdk create api --group core --version v1alpha1 --kind ResourceSet --resource --controller
+operator-sdk create api --group route53.aws --version v1alpha1 --kind HostedZone --resource --controller
+operator-sdk create api --group acm.aws --version v1alpha1 --kind Certificate --resource --controller
+operator-sdk create api --group acm.aws --version v1alpha1 --kind CertificateConnector --resource --controller
+
+github.com/aws/aws-sdk-go-v2/service/acm
+github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2
+github.com/aws/aws-sdk-go-v2/service/route53

PROJECT

@@ -71,4 +71,13 @@ resources:
   kind: CertificateConnector
   path: github.com/kristofferahl/aeto/apis/acm.aws/v1alpha1
   version: v1alpha1
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: aeto.net
+  group: event
+  kind: EventStreamChunk
+  path: github.com/kristofferahl/aeto/apis/event/v1alpha1
+  version: v1alpha1
 version: "3"

README.md

@@ -0,0 +1,60 @@
+# aeto - aws-eks-tenant-operator
+
+A Kubernetes "tenant" operator.
+
+## Status
+
+![GitHub](https://img.shields.io/badge/status-alpha-blue?style=for-the-badge)
+![GitHub](https://img.shields.io/github/license/kristofferahl/aeto?style=for-the-badge)
+![GitHub go.mod Go version](https://img.shields.io/github/go-mod/go-version/kristofferahl/aeto?style=for-the-badge)
+
+## Resources
+
+### Core
+
+- Tenant
+- Blueprint
+- ResourceTemplate
+- ResourceSet
+
+### AWS
+
+- Route53 HostedZone
+- ACM Certificate
+- ACM CertificateConnector
+
+### Event
+
+- EventStreamChunk
+
+## Examples
+
+The `config/samples` and `config/default-resources` contains a working default setup with an example tenant.
+
+## Development
+
+### Pre-requisites
+
+- [Go](https://golang.org/) 1.16 or later
+- [operator-sdk](https://sdk.operatorframework.io/) 1.15.0
+- [Kubebuilder](https://kubebuilder.io/) 3.2.0
+- [AWS](https://aws.amazon.com/) account and credentials
+- [Kubernetes](https://kubernetes.io/) cluster
+
+### Getting started
+
+```bash
+export AWS_ACCESS_KEY_ID=""
+export AWS_SECRET_ACCESS_KEY=""
+export AWS_SESSION_TOKEN=""
+export AWS_REGION='eu-central-1'
+make manifests
+make install
+make run
+```
+
+### Running tests
+
+```bash
+make test
+```

aeto

@@ -0,0 +1,157 @@
+#!/usr/bin/env bash
+
+declare resource_prefix="${AETO_RESOURCE_PREFIX:-tenant-}"
+
+print() {
+  local all=false
+  [[ "${1:-}" == '--all' ]] && all=true
+
+  if [[ ${all:?} == true ]]; then
+    echo
+    echo 'ResourceTemplate'
+    kubectl get resourcetemplate -A -o wide
+
+    echo
+    echo 'Blueprint'
+    kubectl get blueprint -A -o wide
+  fi
+
+  echo
+  echo 'Tenant'
+  kubectl get tenant -A -o wide
+
+  echo
+  echo 'EventStreamChunk'
+  kubectl get eventstreamchunk -A -o wide
+
+  echo
+  echo 'ResourceSet'
+  kubectl get resourceset -A -o wide
+
+  if [[ ${all:?} == true ]]; then
+    echo
+    echo 'Namespaces'
+    kubectl get namespaces | grep "${resource_prefix:?}"
+
+    echo
+    echo 'NetworkPolicy'
+    kubectl get networkpolicy -A
+
+    echo
+    echo 'LimitRange'
+    kubectl get limitrange -A
+  fi
+
+  echo
+  echo 'AWS Route53 HostedZone'
+  kubectl get hostedzone -A -o wide
+
+  echo
+  echo 'AWS ACM Certificate'
+  kubectl get certificate -A -o wide
+
+  echo
+  echo 'AWS ACM CertificateConnector'
+  kubectl get certificateconnector -A -o wide
+
+  if [[ ${all:?} == true ]]; then
+    echo
+    echo 'Deployment'
+    kubectl get deployment -A | grep "${resource_prefix:?}"
+
+    echo
+    echo 'Service'
+    kubectl get service -A | grep "${resource_prefix:?}"
+
+    echo
+    echo 'Ingress'
+    kubectl get ingress -A | grep "${resource_prefix:?}"
+  fi
+
+  echo
+}
+
+events() {
+  echo
+  echo 'EventStreamChunks:'
+  kubectl -n aeto get eventstreamchunk -o wide
+
+  echo
+  echo 'Event summary:'
+  kubectl -n aeto get eventstreamchunk -o json | jq -r '.items[].spec.events[].raw' | jq -c -r .type
+
+  echo
+  echo 'Event details:'
+  kubectl -n aeto get eventstreamchunk -o json | jq -r '.items[].spec.events[].raw' | jq -c .
+}
+
+apply() {
+  kubectl apply -k config/default-resources/
+  kubectl apply -k config/samples/
+  echo 'watching Tenant and ResourceSets...'
+  # kubectl --namespace <namespace> tenant <name> wait --for=condition=ready -o name
+  sleep 1
+  while true; do
+    clear && print
+    sleep 3
+  done
+}
+
+destroy() {
+  kubectl delete -k config/samples/
+  print --all
+  echo 'Press any key to continue running a full cleanup...'
+  read -r
+  cleanup
+}
+
+cleanup() {
+  echo 'running a full cleanup'
+  kubectl delete -k config/default-resources/
+  # shellcheck disable=SC2046
+  kubectl -n aeto delete resourceset $(kubectl -n aeto get resourceset -o jsonpath='{.items[*].metadata.name}')
+  # shellcheck disable=SC2046
+  kubectl -n aeto delete eventstreamchunk $(kubectl -n aeto get eventstreamchunk -o jsonpath='{.items[*].metadata.name}')
+  kubectl delete namespace tenant-example
+}
+
+watch() {
+  while true; do
+    clear && print && sleep 3
+  done
+}
+
+localenv() {
+  {
+    sed "/AWS_REGION=.*/d" <.env |
+      sed "/AWS_ACCESS_KEY_ID=.*/d" |
+      sed "/AWS_SECRET_ACCESS_KEY=.*/d" |
+      sed "/AWS_SESSION_TOKEN=.*/d"
+    echo "AWS_REGION=${AWS_REGION:?}"
+    echo "AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID:?}"
+    echo "AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY:?}"
+    echo "AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN:?}"
+  } >.tempenv
+  mv .tempenv .env
+}
+
+release() {
+  make manifests
+  make generate
+  goreleaser release --rm-dist
+}
+
+main() {
+  case "${1:-}" in
+  localenv) localenv ;;
+  apply) apply ;;
+  destroy) destroy ;;
+  cleanup) cleanup ;;
+  watch) watch ;;
+  events) events ;;
+  release) release ;;
+  *) print --all ;;
+  esac
+}
+
+main "$@"