Initial commit

[ZITADOPER-1]

src/pkg/builder/builder.go

@@ -0,0 +1,15 @@
+package builder
+
+import (
+	"k8s.io/apimachinery/pkg/runtime"
+)
+
+type Builder struct {
+	scheme *runtime.Scheme
+}
+
+func NewBuilder(scheme *runtime.Scheme) *Builder {
+	return &Builder{
+		scheme: scheme,
+	}
+}

src/pkg/builder/configmap_builder.go

@@ -0,0 +1,39 @@
+package builder
+
+import (
+	zitadelv1alpha1 "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/api/v1alpha1"
+	metadata "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/pkg/builder/metadata"
+	"fmt"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
+)
+
+type ConfigMapOpts struct {
+	Zitadel     *zitadelv1alpha1.ZitadelCluster
+	Key         types.NamespacedName
+	Data        map[string]string
+	Labels      map[string]string
+	Annotations map[string]string
+	Immutable   bool
+}
+
+func (b *Builder) BuildConfigMap(opts ConfigMapOpts, owner metav1.Object) (*corev1.ConfigMap, error) {
+	objMeta :=
+		metadata.NewMetadataBuilder(opts.Key).
+			WithZitadel(opts.Zitadel).
+			WithLabels(opts.Labels).
+			WithAnnotations(opts.Annotations).
+			Build()
+
+	configMap := &corev1.ConfigMap{
+		Data:       opts.Data,
+		ObjectMeta: objMeta,
+		Immutable:  &opts.Immutable,
+	}
+	if err := controllerutil.SetControllerReference(owner, configMap, b.scheme); err != nil {
+		return nil, fmt.Errorf("error setting controller reference in ConfigMap manifest: %v", err)
+	}
+	return configMap, nil
+}

src/pkg/builder/deployment_builder.go

@@ -0,0 +1,125 @@
+package builder
+
+import (
+	"fmt"
+
+	zitadelv1alpha1 "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/api/v1alpha1"
+	labels "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/pkg/builder/labels"
+	metadata "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/pkg/builder/metadata"
+	configuration "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/pkg/configuration"
+	deployment "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/pkg/deployment"
+	"bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/pkg/masterkey"
+	appsv1 "k8s.io/api/apps/v1"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/apimachinery/pkg/util/intstr"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
+)
+
+func (b *Builder) BuildDeployment(zitadel *zitadelv1alpha1.ZitadelCluster, key types.NamespacedName) (*appsv1.Deployment, error) {
+	replicas := zitadel.Spec.Replicas
+	objMeta :=
+		metadata.NewMetadataBuilder(key).
+			WithZitadel(zitadel).
+			Build()
+	selectorLabels :=
+		labels.NewLabelsBuilder().
+			WithZitadelSelectorLabels(zitadel).
+			Build()
+	podTemplate, err := b.buildDepPodTemplate(zitadel, selectorLabels)
+	if err != nil {
+		return nil, fmt.Errorf("error building pod template: %v", err)
+	}
+
+	dep := &appsv1.Deployment{
+		ObjectMeta: objMeta,
+		Spec: appsv1.DeploymentSpec{
+			Replicas: &replicas,
+			Selector: &metav1.LabelSelector{
+				MatchLabels: selectorLabels,
+			},
+			Template: *podTemplate,
+		}}
+	if err := controllerutil.SetControllerReference(zitadel, dep, b.scheme); err != nil {
+		return nil, fmt.Errorf("error setting controller reference to Deployment: %v", err)
+	}
+	return dep, nil
+}
+
+func (b *Builder) buildDepPodTemplate(zitadel *zitadelv1alpha1.ZitadelCluster, labels map[string]string) (*corev1.PodTemplateSpec, error) {
+	objMeta :=
+		metadata.NewMetadataBuilder(client.ObjectKeyFromObject(zitadel)).
+			WithZitadel(zitadel).
+			WithLabels(labels).
+			WithAnnotations(zitadel.Spec.PodAnnotations).
+			Build()
+	group := int64(0)
+	return &corev1.PodTemplateSpec{
+			ObjectMeta: objMeta,
+			Spec: corev1.PodSpec{
+				SecurityContext: &corev1.PodSecurityContext{FSGroup: &group},
+				Containers:      *b.buildDepContainers(zitadel),
+				Volumes: []corev1.Volume{
+					{Name: "zitadel-config-yaml", VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{LocalObjectReference: corev1.LocalObjectReference{Name: configuration.ConfigurationName(zitadel)}}}},
+				},
+			},
+		},
+		nil
+}
+
+func (b *Builder) buildDepContainers(zitadel *zitadelv1alpha1.ZitadelCluster) *[]corev1.Container {
+	probeHandle := corev1.ProbeHandler{
+		HTTPGet: &corev1.HTTPGetAction{HTTPHeaders: []corev1.HTTPHeader{
+			{Name: "Host", Value: zitadel.Spec.Host},
+		},
+			Port:   intstr.FromInt(deployment.ZitadelPort),
+			Scheme: corev1.URISchemeHTTP,
+		}}
+
+	return &[]corev1.Container{
+		{
+			Name:  "zitadel",
+			Image: zitadel.Spec.Image.Name + ":" + zitadel.Spec.Image.Tag,
+			Args: []string{
+				"start",
+				"--config", "/config/zitadel-config-yaml",
+				"--masterkeyFromEnv",
+			},
+			ImagePullPolicy: corev1.PullIfNotPresent,
+			Env: []corev1.EnvVar{
+				{
+					Name:      "ZITADEL_MASTERKEY",
+					ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: masterkey.MasterKeyName(zitadel)}, Key: masterkey.Key}},
+				},
+			},
+			Ports: []corev1.ContainerPort{
+				{Name: deployment.ZitadelName, ContainerPort: deployment.ZitadelPort},
+			},
+			LivenessProbe: &corev1.Probe{
+				ProbeHandler:        probeHandle,
+				FailureThreshold:    3,
+				InitialDelaySeconds: 0,
+				PeriodSeconds:       5,
+			},
+			ReadinessProbe: &corev1.Probe{
+				ProbeHandler:        probeHandle,
+				FailureThreshold:    3,
+				InitialDelaySeconds: 0,
+				PeriodSeconds:       5,
+			},
+
+			StartupProbe: &corev1.Probe{
+				ProbeHandler:        probeHandle,
+				FailureThreshold:    30,
+				InitialDelaySeconds: 0,
+				PeriodSeconds:       1,
+			},
+			Resources: zitadel.Spec.Resources,
+			VolumeMounts: []corev1.VolumeMount{
+				{Name: "zitadel-config-yaml", MountPath: "/config"},
+			},
+		},
+	}
+}

src/pkg/builder/job_builder.go

@@ -0,0 +1,126 @@
+package builder
+
+import (
+	"fmt"
+
+	zitadelv1alpha1 "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/api/v1alpha1"
+	configuration "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/pkg/configuration"
+	"bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/pkg/masterkey"
+	batchv1 "k8s.io/api/batch/v1"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
+)
+
+func (b *Builder) BuildInitJob(zitadel *zitadelv1alpha1.ZitadelCluster, key types.NamespacedName) (*batchv1.Job, error) {
+
+	backOffLimit := int32(5)
+	activeDeadlineSeconds := int64(300)
+	runAsNonRoot := true
+	enableServiceLinks := false
+	user := int64(1000)
+	initJob := &batchv1.Job{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      key.Name,
+			Namespace: key.Namespace,
+		},
+		Spec: batchv1.JobSpec{
+			BackoffLimit:          &backOffLimit,
+			ActiveDeadlineSeconds: &activeDeadlineSeconds,
+			Template: corev1.PodTemplateSpec{
+				Spec: corev1.PodSpec{
+					RestartPolicy: corev1.RestartPolicyOnFailure,
+					SecurityContext: &corev1.PodSecurityContext{
+						RunAsNonRoot: &runAsNonRoot,
+						RunAsUser:    &user,
+					},
+					EnableServiceLinks: &enableServiceLinks,
+					Volumes: []corev1.Volume{
+						{Name: "zitadel-config-yaml", VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{LocalObjectReference: corev1.LocalObjectReference{Name: configuration.ConfigurationName(zitadel)}}}},
+					},
+					Containers: []corev1.Container{
+						{
+							Name:  "zitadel-init",
+							Image: zitadel.Spec.Image.Name + ":" + zitadel.Spec.Image.Tag,
+							Args: []string{
+								"init",
+								"--config", "/config/zitadel-config-yaml",
+							},
+							VolumeMounts: []corev1.VolumeMount{
+								{Name: "zitadel-config-yaml", MountPath: "/config"},
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+	if err := controllerutil.SetControllerReference(zitadel, initJob, b.scheme); err != nil {
+		return nil, fmt.Errorf("error setting controller reference to InitJob: %v", err)
+	}
+	return initJob, nil
+}
+
+func (b *Builder) BuildSetupJob(zitadel *zitadelv1alpha1.ZitadelCluster, key types.NamespacedName) (*batchv1.Job, error) {
+
+	backOffLimit := int32(5)
+	activeDeadlineSeconds := int64(300)
+	runAsNonRoot := true
+	enableServiceLinks := false
+	user := int64(1000)
+	setupJob := &batchv1.Job{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      key.Name,
+			Namespace: key.Namespace,
+		},
+		Spec: batchv1.JobSpec{
+			BackoffLimit:          &backOffLimit,
+			ActiveDeadlineSeconds: &activeDeadlineSeconds,
+			Template: corev1.PodTemplateSpec{
+				Spec: corev1.PodSpec{
+					RestartPolicy: corev1.RestartPolicyOnFailure,
+					SecurityContext: &corev1.PodSecurityContext{
+						RunAsNonRoot: &runAsNonRoot,
+						RunAsUser:    &user,
+					},
+					EnableServiceLinks: &enableServiceLinks,
+					Volumes: []corev1.Volume{
+						{Name: "zitadel-config-yaml", VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{LocalObjectReference: corev1.LocalObjectReference{Name: configuration.ConfigurationName(zitadel)}}}},
+					},
+					Containers: []corev1.Container{
+						{
+							Name:  "zitadel-setup",
+							Image: zitadel.Spec.Image.Name + ":" + zitadel.Spec.Image.Tag,
+							Args: []string{
+								"setup",
+								"--config", "/config/zitadel-config-yaml",
+								"--steps", "/config/zitadel-config-yaml",
+								"--masterkeyFromEnv",
+								"--init-projections=true",
+							},
+
+							Env: []corev1.EnvVar{
+								{
+									Name:      "ZITADEL_MASTERKEY",
+									ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{LocalObjectReference: corev1.LocalObjectReference{Name: masterkey.MasterKeyName(zitadel)}, Key: masterkey.Key}},
+								},
+								{
+									Name:  "ZITADEL_FIRSTINSTANCE_MACHINEKEYPATH",
+									Value: "/machinekey/sa.json",
+								},
+							},
+							VolumeMounts: []corev1.VolumeMount{
+								{Name: "zitadel-config-yaml", MountPath: "/config"},
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+	if err := controllerutil.SetControllerReference(zitadel, setupJob, b.scheme); err != nil {
+		return nil, fmt.Errorf("error setting controller reference to SetupJob: %v", err)
+	}
+	return setupJob, nil
+}

src/pkg/builder/labels/labels.go

@@ -0,0 +1,65 @@
+package builder
+
+import (
+	zitadelv1alpha1 "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/api/v1alpha1"
+	deployment "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/pkg/deployment"
+)
+
+const (
+	appLabel          = "app.kubernetes.io/name"
+	instanceLabel     = "app.kubernetes.io/instance"
+	deploymentPodName = "deployment.kubernetes.io/pod-name"
+	appZitadel        = "zitadel"
+	appExporter       = "exporter"
+)
+
+type LabelsBuilder struct {
+	labels map[string]string
+}
+
+func NewLabelsBuilder() *LabelsBuilder {
+	return &LabelsBuilder{
+		labels: map[string]string{},
+	}
+}
+
+func (b *LabelsBuilder) WithApp(app string) *LabelsBuilder {
+	b.labels[appLabel] = app
+	return b
+}
+
+func (b *LabelsBuilder) WithInstance(instance string) *LabelsBuilder {
+	b.labels[instanceLabel] = instance
+	return b
+}
+
+func (b *LabelsBuilder) WithZitadel(zitadel *zitadelv1alpha1.ZitadelCluster) *LabelsBuilder {
+	return b.WithApp(appZitadel).
+		WithInstance(zitadel.Name)
+}
+
+func (b *LabelsBuilder) WithDeploymentPod(zitadel *zitadelv1alpha1.ZitadelCluster, podIndex int) *LabelsBuilder {
+	b.labels[deploymentPodName] = deployment.PodName(zitadel.ObjectMeta, podIndex)
+	return b
+}
+
+func (b *LabelsBuilder) WithLabels(labels map[string]string) *LabelsBuilder {
+	for k, v := range labels {
+		b.labels[k] = v
+	}
+	return b
+}
+
+func (b *LabelsBuilder) WithZitadelSelectorLabels(zitadel *zitadelv1alpha1.ZitadelCluster) *LabelsBuilder {
+	b = b.WithZitadel(zitadel)
+	return b
+}
+
+func (b *LabelsBuilder) WithMetricsSelectorLabels(zitadel *zitadelv1alpha1.ZitadelCluster) *LabelsBuilder {
+	return b.WithApp(appExporter).
+		WithInstance(zitadel.Name)
+}
+
+func (b *LabelsBuilder) Build() map[string]string {
+	return b.labels
+}

src/pkg/builder/metadata/metadata.go

@@ -0,0 +1,48 @@
+package metadata
+
+import (
+	zitadelv1alpha1 "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/api/v1alpha1"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+)
+
+type MetadataBuilder struct {
+	objMeta metav1.ObjectMeta
+}
+
+func NewMetadataBuilder(key types.NamespacedName) *MetadataBuilder {
+	return &MetadataBuilder{
+		objMeta: metav1.ObjectMeta{
+			Name:        key.Name,
+			Namespace:   key.Namespace,
+			Labels:      map[string]string{},
+			Annotations: map[string]string{},
+		},
+	}
+}
+
+func (b *MetadataBuilder) WithZitadel(zitadel *zitadelv1alpha1.ZitadelCluster) *MetadataBuilder {
+	if zitadel == nil {
+		return b
+	}
+	return b
+}
+
+func (b *MetadataBuilder) WithLabels(labels map[string]string) *MetadataBuilder {
+	for k, v := range labels {
+		b.objMeta.Labels[k] = v
+	}
+	return b
+}
+
+func (b *MetadataBuilder) WithAnnotations(annotations map[string]string) *MetadataBuilder {
+	for k, v := range annotations {
+		b.objMeta.Annotations[k] = v
+	}
+	return b
+}
+
+func (b *MetadataBuilder) Build() metav1.ObjectMeta {
+	return b.objMeta
+}

src/pkg/builder/secret_builder.go

@@ -0,0 +1,38 @@
+package builder
+
+import (
+	zitadelv1alpha1 "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/api/v1alpha1"
+	metadata "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/pkg/builder/metadata"
+	"fmt"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
+)
+
+type SecretOpts struct {
+	Zitadel     *zitadelv1alpha1.ZitadelCluster
+	Key         types.NamespacedName
+	Data        map[string][]byte
+	Labels      map[string]string
+	Annotations map[string]string
+	Immutable   bool
+}
+
+func (b *Builder) BuildSecret(opts SecretOpts, owner metav1.Object) (*corev1.Secret, error) {
+	objMeta :=
+		metadata.NewMetadataBuilder(opts.Key).
+			WithZitadel(opts.Zitadel).
+			WithLabels(opts.Labels).
+			WithAnnotations(opts.Annotations).
+			Build()
+	secret := &corev1.Secret{
+		ObjectMeta: objMeta,
+		Data:       opts.Data,
+		Immutable:  &opts.Immutable,
+	}
+	if err := controllerutil.SetControllerReference(owner, secret, b.scheme); err != nil {
+		return nil, fmt.Errorf("error setting controller reference in Secret manifest: %v", err)
+	}
+	return secret, nil
+}

src/pkg/builder/service_builder.go

@@ -0,0 +1,43 @@
+package builder
+
+import (
+	"fmt"
+
+	zitadelv1alpha1 "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/api/v1alpha1"
+	labels "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/pkg/builder/labels"
+	metadata "bitbucket.org/topmanage-software-engineering/zitadel-k8s-operator/src/pkg/builder/metadata"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
+)
+
+type ServiceOpts struct {
+	Ports []corev1.ServicePort
+}
+
+func (b *Builder) BuildService(zitadel *zitadelv1alpha1.ZitadelCluster, key types.NamespacedName,
+	opts ServiceOpts) (*corev1.Service, error) {
+	objMeta :=
+		metadata.NewMetadataBuilder(key).
+			WithZitadel(zitadel).
+			Build()
+
+	svc := &corev1.Service{
+		ObjectMeta: objMeta,
+		Spec: corev1.ServiceSpec{
+			Type:     corev1.ServiceTypeClusterIP,
+			Ports:    opts.Ports,
+			Selector: serviceSelectorLabels(opts, zitadel),
+		},
+	}
+	if err := controllerutil.SetControllerReference(zitadel, svc, b.scheme); err != nil {
+		return nil, fmt.Errorf("error setting controller reference to Service: %v", err)
+	}
+	return svc, nil
+}
+
+func serviceSelectorLabels(opts ServiceOpts, zitadel *zitadelv1alpha1.ZitadelCluster) map[string]string {
+	return labels.NewLabelsBuilder().
+		WithZitadelSelectorLabels(zitadel).
+		Build()
+}