Merge pull request Skarlso#104 from Skarlso/add-remote-cluster

feat: add remote cluster apply

Author: Skarlso

.golangci.yaml

@@ -8,66 +8,52 @@ run:
 linters:
   enable-all: true
   disable:
-    # We are working on it
-    - wrapcheck
+    - bodyclose
+    - containedctx     # Struct should not contain context, action does.
+    - contextcheck
+    - cyclop           # Complex functions are not good.
+    - deadcode
     - depguard
-    # Logical next step
-    - forcetypeassert  # Priority: that can lead to serious crashes.
+    - dogsled
+    - dupl             # Check code duplications.
+    - execinquery
+    - exhaustive       # Doesn't really make sense.
+    - exhaustivestruct
+    - exhaustruct      # Doesn't really make sense.
     - exportloopref
-    - goerr113         # Do not define dynamic errors with Errorf.
-    - varnamelen       # m, d, p < These are not so meaningful variables.
-    - testpackage      # Blackbox testing is preffered.
+    - forcetypeassert  # Priority: that can lead to serious crashes.
     - funlen           # Break long functions.
+    - gci
+    - gochecknoglobals
+    - gochecknoinits   # Init functions cause an import to have side effects,
+    - goerr113
+    - goimports        # acts weirdly, dci handles imports anyway
+    - golint
     - gomnd            # Give constant values a name with constants.
+    - ifshort
+    - interfacebloat
+    - interfacer
     - ireturn          # Accept interface, return concrate.
+    - lll
+    - loggercheck         # Doesn't really make sense.
+    - maligned
     - nestif           # Some nexted if statements are 8 or 9 deep.
-    - dupl             # Check code duplications.
-    - cyclop           # Complex functions are not good.
-    - gochecknoinits   # Init functions cause an import to have side effects,
-      #   and side effects are hard to test,
-    #   reduce readability and increase the complexity of code.
-    - containedctx     # Struct should not contain context, action does.
     - nilnil           # A function should return either something valuable
-      #   or an error, but both value and error as nil is
-      #   useless. Like when I call it, why is it nil? Tell me
-    #   in an error why.
-    - bodyclose
-    - unparam
     - nonamedreturns   # Either named return, or use simply `return`.
-
-    # Opinionated (we may want to keep it disabled)
-    - gochecknoglobals
-    - lll
+    - nosnakecase
     - paralleltest
-    - tagliatelle
-    - wsl
-    - interfacebloat
-
-
-    # Disabled with reason
-    - dogsled
-    - exhaustruct      # Doesn't really make sense.
-    - exhaustive       # Doesn't really make sense.
-    - logrlint         # Doesn't really make sense.
-    - goimports        # acts weirdly, dci handles imports anyway
-
-    # Disabled because of generics in go 1.18
-    - contextcheck
     - rowserrcheck
-    - sqlclosecheck
-    - wastedassign
-
-    # Deprecated
-    - deadcode
-    - exhaustivestruct
-    - golint
-    - ifshort
-    - interfacer
-    - maligned
     - scopelint
+    - sqlclosecheck
     - structcheck
+    - tagliatelle
+    - testpackage      # Blackbox testing is preffered.
+    - unparam
     - varcheck
-    - gci
+    - varnamelen       # m, d, p < These are not so meaningful variables.
+    - wastedassign
+    - wrapcheck
+    - wsl
 
 linters-settings:
   gci:
@@ -76,17 +62,18 @@ linters-settings:
       - blank
       - dot
       - default
+      - prefix(github.com/open-component-model/ocm)
     custom-order: true
-  staticcheck:
-    go: "1.22"
-  stylecheck:
-    go: "1.22"
   funlen:
     lines: 110
     statements: 60
   cyclop:
-    max-complexity: 20
+    max-complexity: 46
     skip-tests: true
+  gocognit:
+    # Minimal code complexity to report.
+    # Default: 30 (but we recommend 10-20)
+    min-complexity: 46
   nolintlint:
     allow-unused: false
     require-explanation: true
@@ -108,9 +95,6 @@ issues:
     - path: cmds/
       linters:
         - forbidigo
-    - text: "should not use dot imports|don't use an underscore in package name"
-      linters:
-        - golint
     - source: "https://"
       linters:
         - lll
@@ -122,7 +106,6 @@ issues:
         - govet
     - path: _test\.go
       linters:
-        - goerr113
         - gocyclo
         - errcheck
         - gosec

Makefile

@@ -151,7 +151,7 @@ GOLANGCI_LINT ?= $(LOCALBIN)/golangci-lint
 ## Tool Versions
 KUSTOMIZE_VERSION ?= v5.0.0
 CONTROLLER_TOOLS_VERSION ?= v0.14.0
-GOLANGCI_LINT_VERSION ?= v1.55.2
+GOLANGCI_LINT_VERSION ?= v1.57.2
 
 KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
 .PHONY: kustomize

api/v1alpha1/bootstrap_types.go

@@ -19,6 +19,7 @@ package v1alpha1
 import (
 	"time"
 
+	"github.com/fluxcd/pkg/apis/meta"
 	v1 "k8s.io/api/core/v1"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -28,6 +29,16 @@ const (
 	BootstrapOwnerLabelKey = "delivery.crd-bootstrap.owned"
 )
 
+// KubeConfig defines as way to access a remote cluster.
+type KubeConfig struct {
+	// ServiceAccount defines any custom service accounts to use in order to
+	// apply crds in a remote cluster.
+	ServiceAccount string `json:"serviceAccount,omitempty"`
+	// SecretRef defines a secret with the key in which the kubeconfig is in.
+	// +optional
+	SecretRef *meta.KubeConfigReference `json:"secretRef,omitempty"`
+}
+
 // GitHub defines a GitHub type source where the CRD is coming from `release` section of a GitHub repository.
 type GitHub struct {
 	// BaseURL is used for the GitHub url. Defaults to github.com if not defined.
@@ -169,6 +180,10 @@ type BootstrapSpec struct {
 	// Prune will clean up all applied objects once the Bootstrap object is removed.
 	// +optional
 	Prune bool `json:"prune,omitempty"`
+
+	// KubeConfig defines a kubeconfig that could be used to access another cluster and apply a CRD there.
+	// +optional
+	KubeConfig *KubeConfig `json:"kubeConfig,omitempty"`
 }
 
 // BootstrapStatus defines the observed state of Bootstrap.

api/v1alpha1/zz_generated.deepcopy.go

@@ -58,11 +58,13 @@ func main() {
 	var metricsAddr string
 	var enableLeaderElection bool
 	var probeAddr string
+	var defaultServiceAccount string
 	flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.")
 	flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
 	flag.BoolVar(&enableLeaderElection, "leader-elect", false,
 		"Enable leader election for controller manager. "+
 			"Enabling this will ensure there is only one active controller manager.")
+	flag.StringVar(&defaultServiceAccount, "default-service-account", "", "Default service account used for impersonation.")
 	opts := zap.Options{
 		Development: true,
 	}
@@ -95,9 +97,10 @@ func main() {
 	configMapProvider := configmap.NewSource(mgr.GetClient(), gitlabProvider)
 	helmProvider := helm.NewSource(c, mgr.GetClient(), configMapProvider)
 	if err = (&controller.BootstrapReconciler{
-		Client:         mgr.GetClient(),
-		Scheme:         mgr.GetScheme(),
-		SourceProvider: helmProvider,
+		Client:                mgr.GetClient(),
+		Scheme:                mgr.GetScheme(),
+		SourceProvider:        helmProvider,
+		DefaultServiceAccount: defaultServiceAccount,
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "Bootstrap")
 		os.Exit(1)

cmd/main.go

@@ -47,6 +47,44 @@ spec:
                 description: Interval defines the regular interval at which a poll
                   for new version should happen.
                 type: string
+              kubeConfig:
+                description: KubeConfig defines a kubeconfig that could be used to
+                  access another cluster and apply a CRD there.
+                properties:
+                  secretRef:
+                    description: SecretRef defines a secret with the key in which
+                      the kubeconfig is in.
+                    properties:
+                      secretRef:
+                        description: |-
+                          SecretRef holds the name of a secret that contains a key with
+                          the kubeconfig file as the value. If no key is set, the key will default
+                          to 'value'.
+                          It is recommended that the kubeconfig is self-contained, and the secret
+                          is regularly updated if credentials such as a cloud-access-token expire.
+                          Cloud specific `cmd-path` auth helpers will not function without adding
+                          binaries and credentials to the Pod that is responsible for reconciling
+                          Kubernetes resources.
+                        properties:
+                          key:
+                            description: Key in the Secret, when not specified an
+                              implementation-specific default key is used.
+                            type: string
+                          name:
+                            description: Name of the Secret.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                    required:
+                    - secretRef
+                    type: object
+                  serviceAccount:
+                    description: |-
+                      ServiceAccount defines any custom service accounts to use in order to
+                      apply crds in a remote cluster.
+                    type: string
+                type: object
               prune:
                 description: Prune will clean up all applied objects once the Bootstrap
                   object is removed.

crd-bootstrap/crds/delivery.crd-bootstrap_bootstraps.yaml

@@ -18,7 +18,6 @@ require (
 	k8s.io/api v0.30.3
 	k8s.io/apiextensions-apiserver v0.30.3
 	k8s.io/apimachinery v0.30.3
-	k8s.io/cli-runtime v0.30.3
 	k8s.io/client-go v0.30.3
 	oras.land/oras-go v1.2.6
 	sigs.k8s.io/controller-runtime v0.18.4
@@ -135,6 +134,7 @@ require (
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/apiserver v0.30.3 // indirect
+	k8s.io/cli-runtime v0.30.3 // indirect
 	k8s.io/component-base v0.30.3 // indirect
 	k8s.io/klog/v2 v2.120.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20240411171206-dc4e619f62f3 // indirect