diff --git a/.dockerignore b/.dockerignore index 3aec13d..a3aab7a 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,13 +1,3 @@ -.bookkeeping -.coverage -.envrc* -.github -.mypy_cache -.pre-commit-config.yaml -.pytest_cache -.python-version -.vscode -Dockerfile -Makefile -tests -**/*.pyc +# More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file +# Ignore build and test binaries. +bin/ diff --git a/.github/codeql-config.yml b/.github/codeql-config.yml deleted file mode 100644 index 4b7f5da..0000000 --- a/.github/codeql-config.yml +++ /dev/null @@ -1,4 +0,0 @@ -query-filters: - -paths-ignore: - - tests/**/test_*.py diff --git a/.github/workflows/docker-images.yaml b/.github/workflows/docker-images.yaml deleted file mode 100644 index 526370a..0000000 --- a/.github/workflows/docker-images.yaml +++ /dev/null @@ -1,59 +0,0 @@ -name: Docker images - -on: - push: - branches: - - main - - pull_request: - branches: - - main - -permissions: - contents: read - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: ${{ github.event_name == 'pull_request' }} - -jobs: - unit-tests: - name: Docker images - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v4 - with: - persist-credentials: false - fetch-depth: 0 - - - name: Get setuptools version - id: setuptools - shell: bash - run: | - pip install --upgrade setuptools_scm 'setuptools>61' - echo "version=`python -m setuptools_scm`" >> "$GITHUB_OUTPUT" - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: PrefectHQ/prefect-operator - tags: | - type=pep440,pattern={{version}} - type=pep440,pattern={{major}}.{{minor}} - type=pep440,pattern={{major}} - type=raw,value=${{ steps.setuptools.outputs.version }} - type=raw,value=latest - - - name: Build and push image - uses: docker/build-push-action@v6 - with: - context: . - platforms: linux/amd64,linux/arm64 - tags: ${{ steps.meta.outputs.tags }} - push: false - pull: true diff --git a/.github/workflows/static-analysis.yaml b/.github/workflows/static-analysis.yaml deleted file mode 100644 index 307a9cb..0000000 --- a/.github/workflows/static-analysis.yaml +++ /dev/null @@ -1,73 +0,0 @@ -name: Static analysis - -on: - push: - branches: - - main - - pull_request: - branches: - - main - -permissions: - contents: read - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: ${{ github.event_name == 'pull_request' }} - -jobs: - pre-commit-checks: - name: Pre-commit checks - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v4 - with: - persist-credentials: false - fetch-depth: 0 - - - name: Set up Python - uses: actions/setup-python@v5 - id: setup_python - with: - python-version: "3.12.4" - - - name: UV Cache - uses: actions/cache@v4 - id: cache-uv - with: - path: ~/.cache/uv - key: uvcache-${{ runner.os }}-${{ steps.setup_python.outputs.python-version }}-${{ hashFiles('requirements.txt', 'requirements-dev.txt') }} - - - name: Install packages - run: | - python -m pip install -U uv pre-commit - uv pip install --system -r requirements-dev.txt - uv pip install --system -e . - - - name: Run pre-commit - run: pre-commit run --show-diff-on-failure --color=always --all-files - - analyze: - name: Analyze - runs-on: ubuntu-latest - - permissions: - contents: read - actions: read - security-events: write - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Initialize CodeQL - uses: github/codeql-action/init@v3 - with: - languages: python - config-file: ./.github/codeql-config.yml - queries: security-extended - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/unit-tests.yaml b/.github/workflows/unit-tests.yaml deleted file mode 100644 index 9748f9f..0000000 --- a/.github/workflows/unit-tests.yaml +++ /dev/null @@ -1,50 +0,0 @@ -name: Unit tests - -on: - push: - branches: - - main - - pull_request: - branches: - - main - -permissions: - contents: read - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: ${{ github.event_name == 'pull_request' }} - -jobs: - unit-tests: - name: Unit tests - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v4 - with: - persist-credentials: false - fetch-depth: 0 - - - name: Set up Python - uses: actions/setup-python@v5 - id: setup_python - with: - python-version: "3.12.4" - - - name: UV Cache - uses: actions/cache@v4 - id: cache-uv - with: - path: ~/.cache/uv - key: uvcache-${{ runner.os }}-${{ steps.setup_python.outputs.python-version }}-${{ hashFiles('requirements.txt', 'requirements-dev.txt') }} - - - name: Install packages - run: | - python -m pip install -U uv pre-commit - uv pip install --system -r requirements-dev.txt - uv pip install --system -e . - - - name: Run pytest - run: pytest diff --git a/.gitignore b/.gitignore index f62afda..ada68ff 100644 --- a/.gitignore +++ b/.gitignore @@ -1,9 +1,27 @@ -.bookkeeping -.coverage -*.egg-info -.mypy_cache -__pycache__ -.pytest_cache -.python-version +# Binaries for programs and plugins +*.exe +*.exe~ +*.dll +*.so +*.dylib +bin/* +Dockerfile.cross + +# Test binary, built with `go test -c` +*.test + +# Output of the go coverage tool, specifically when used with LiteIDE +*.out + +# Go workspace file +go.work + +# Kubernetes Generated files - skip generated files, except for vendored files +!vendor/**/zz_generated.* + +# editor and IDE paraphernalia +.idea .vscode -.ruff_cache +*.swp +*.swo +*~ diff --git a/.golangci.yml b/.golangci.yml new file mode 100644 index 0000000..ca69a11 --- /dev/null +++ b/.golangci.yml @@ -0,0 +1,40 @@ +run: + timeout: 5m + allow-parallel-runners: true + +issues: + # don't skip warning about doc comments + # don't exclude the default set of lint + exclude-use-default: false + # restore some of the defaults + # (fill in the rest as needed) + exclude-rules: + - path: "api/*" + linters: + - lll + - path: "internal/*" + linters: + - dupl + - lll +linters: + disable-all: true + enable: + - dupl + - errcheck + - exportloopref + - goconst + - gocyclo + - gofmt + - goimports + - gosimple + - govet + - ineffassign + - lll + - misspell + - nakedret + - prealloc + - staticcheck + - typecheck + - unconvert + - unparam + - unused diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml deleted file mode 100644 index d6b2242..0000000 --- a/.pre-commit-config.yaml +++ /dev/null @@ -1,31 +0,0 @@ ---- -repos: - - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.6.0 - hooks: - - id: trailing-whitespace - - id: end-of-file-fixer - - id: check-toml - - repo: https://github.com/astral-sh/ruff-pre-commit - rev: v0.5.5 - hooks: - - id: ruff - args: [--fix] - - id: ruff-format - - repo: https://github.com/pre-commit/mirrors-mypy - rev: v1.11.1 - hooks: - - id: mypy - additional_dependencies: [pytest==8.3.2, types-pyyaml==6.0.12.20240724] - - repo: https://github.com/codespell-project/codespell - rev: v2.2.6 - hooks: - - id: codespell - - repo: local - hooks: - - id: generate-crds - name: Generate CRD manifests - entry: bash -c 'python -m prefect_operator generate-crds > crds.yaml' - language: system - types: [python] - pass_filenames: false diff --git a/Dockerfile b/Dockerfile index e6b9e76..aca26f9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,20 +1,33 @@ -FROM python:3.12.4-slim-bookworm - -RUN apt-get update && apt-get install -y git && apt-get clean - -WORKDIR /app -ENTRYPOINT [ "prefect-operator" ] -CMD [ "run" ] - -RUN pip install -U pip uv - -COPY requirements.txt . - -RUN uv pip install --system -r requirements.txt - -COPY pyproject.toml . -COPY src src - -RUN --mount=source=.git,target=.git,type=bind pip install --no-cache-dir -e . - -RUN prefect-operator --version +# Build the manager binary +FROM golang:1.21 AS builder +ARG TARGETOS +ARG TARGETARCH + +WORKDIR /workspace +# Copy the Go Modules manifests +COPY go.mod go.mod +COPY go.sum go.sum +# cache deps before building and copying source so that we don't need to re-download as much +# and so that source changes don't invalidate our downloaded layer +RUN go mod download + +# Copy the go source +COPY cmd/main.go cmd/main.go +COPY api/ api/ +COPY internal/controller/ internal/controller/ + +# Build +# the GOARCH has not a default value to allow the binary be built according to the host where the command +# was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO +# the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore, +# by leaving it empty we can ensure that the container and binary shipped on it will have the same platform. +RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager cmd/main.go + +# Use distroless as minimal base image to package the manager binary +# Refer to https://github.com/GoogleContainerTools/distroless for more details +FROM gcr.io/distroless/static:nonroot +WORKDIR / +COPY --from=builder /workspace/manager . +USER 65532:65532 + +ENTRYPOINT ["/manager"] diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 8a8f20e..0000000 --- a/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright 2019- Prefect Technologies, Inc. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/Makefile b/Makefile index 2847713..5ba1de5 100644 --- a/Makefile +++ b/Makefile @@ -1,49 +1,322 @@ -.DEFAULT_GOAL := install +# VERSION defines the project version for the bundle. +# Update this value when you upgrade the version of your project. +# To re-generate a bundle for another specific version without changing the standard setup, you can: +# - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2) +# - use environment variables to overwrite this value (e.g export VERSION=0.0.2) +VERSION ?= 0.0.1 -.bookkeeping/uv: - mkdir -p .bookkeeping - touch .bookkeeping/uv.next - - pip install -U pip uv +# CHANNELS define the bundle channels used in the bundle. +# Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable") +# To re-generate a bundle for other specific channels without changing the standard setup, you can: +# - use the CHANNELS as arg of the bundle target (e.g make bundle CHANNELS=candidate,fast,stable) +# - use environment variables to overwrite this value (e.g export CHANNELS="candidate,fast,stable") +ifneq ($(origin CHANNELS), undefined) +BUNDLE_CHANNELS := --channels=$(CHANNELS) +endif -ifdef PYENV_VIRTUAL_ENV - pyenv rehash +# DEFAULT_CHANNEL defines the default channel used in the bundle. +# Add a new line here if you would like to change its default config. (E.g DEFAULT_CHANNEL = "stable") +# To re-generate a bundle for any other default channel without changing the default setup, you can: +# - use the DEFAULT_CHANNEL as arg of the bundle target (e.g make bundle DEFAULT_CHANNEL=stable) +# - use environment variables to overwrite this value (e.g export DEFAULT_CHANNEL="stable") +ifneq ($(origin DEFAULT_CHANNEL), undefined) +BUNDLE_DEFAULT_CHANNEL := --default-channel=$(DEFAULT_CHANNEL) endif +BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL) - mv .bookkeeping/uv.next .bookkeeping/uv +# IMAGE_TAG_BASE defines the docker.io namespace and part of the image name for remote images. +# This variable is used to construct full image tags for bundle and catalog images. +# +# For example, running 'make bundle-build bundle-push catalog-build catalog-push' will build and push both +# prefect.io/prefect-operator-bundle:$VERSION and prefect.io/prefect-operator-catalog:$VERSION. +IMAGE_TAG_BASE ?= prefect.io/prefect-operator -.bookkeeping/development.txt: .bookkeeping/uv requirements-dev.txt pyproject.toml - mkdir -p .bookkeeping - cat requirements-dev.txt > .bookkeeping/development.txt.next +# BUNDLE_IMG defines the image:tag used for the bundle. +# You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=/:) +BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION) - uv pip sync .bookkeeping/development.txt.next - uv pip install -e . +# BUNDLE_GEN_FLAGS are the flags passed to the operator-sdk generate bundle command +BUNDLE_GEN_FLAGS ?= -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS) -ifdef PYENV_VIRTUAL_ENV - pyenv rehash +# USE_IMAGE_DIGESTS defines if images are resolved via tags or digests +# You can enable this value if you would like to use SHA Based Digests +# To enable set flag to true +USE_IMAGE_DIGESTS ?= false +ifeq ($(USE_IMAGE_DIGESTS), true) + BUNDLE_GEN_FLAGS += --use-image-digests endif - mv .bookkeeping/development.txt.next .bookkeeping/development.txt +# Set the Operator SDK version to use. By default, what is installed on the system is used. +# This is useful for CI or a project to utilize a specific version of the operator-sdk toolkit. +OPERATOR_SDK_VERSION ?= v1.36.1 +# Image URL to use all building/pushing image targets +IMG ?= controller:latest +# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. +ENVTEST_K8S_VERSION = 1.29.0 + +# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) +ifeq (,$(shell go env GOBIN)) +GOBIN=$(shell go env GOPATH)/bin +else +GOBIN=$(shell go env GOBIN) +endif + +# CONTAINER_TOOL defines the container tool to be used for building images. +# Be aware that the target commands are only tested with Docker which is +# scaffolded by default. However, you might want to replace it to use other +# tools. (i.e. podman) +CONTAINER_TOOL ?= docker + +# Setting SHELL to bash allows bash commands to be executed by recipes. +# Options are set to exit when a recipe line exits non-zero or a piped command fails. +SHELL = /usr/bin/env bash -o pipefail +.SHELLFLAGS = -ec + +.PHONY: all +all: build + +##@ General + +# The help target prints out all targets with their descriptions organized +# beneath their categories. The categories are represented by '##@' and the +# target descriptions by '##'. The awk command is responsible for reading the +# entire set of makefiles included in this invocation, looking for lines of the +# file as xyz: ## something, and then pretty-format the target and help. Then, +# if there's a line with ##@ something, that gets pretty-printed as a category. +# More info on the usage of ANSI control characters for terminal formatting: +# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters +# More info on the awk command: +# http://linuxcommand.org/lc3_adv_awk.php + +.PHONY: help +help: ## Display this help. + @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) + +##@ Development + +.PHONY: manifests +manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. + $(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases + +.PHONY: generate +generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. + $(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..." -requirements.txt: requirements.in .bookkeeping/uv - uv pip compile requirements.in --output-file $@ +.PHONY: fmt +fmt: ## Run go fmt against code. + go fmt ./... -requirements-dev.txt: requirements.txt requirements-dev.in .bookkeeping/uv - uv pip compile requirements.txt requirements-dev.in --output-file $@ +.PHONY: vet +vet: ## Run go vet against code. + go vet ./... -.git/hooks/pre-commit: .bookkeeping/development.txt - pre-commit install +.PHONY: test +test: manifests generate fmt vet envtest ## Run tests. + KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" go test $$(go list ./... | grep -v /e2e) -coverprofile cover.out -.pre-commit-config.yaml: .bookkeeping/development.txt - ./sync-pre-commit +# Utilize Kind or modify the e2e tests to load the image locally, enabling compatibility with other vendors. +.PHONY: test-e2e # Run the e2e tests against a Kind k8s instance that is spun up. +test-e2e: + go test ./test/e2e/ -v -ginkgo.v -.PHONY: docker -docker: Dockerfile .dockerignore requirements.txt - docker build -t PrefectHQ/prefect-operator:latest . +.PHONY: lint +lint: golangci-lint ## Run golangci-lint linter & yamllint + $(GOLANGCI_LINT) run + +.PHONY: lint-fix +lint-fix: golangci-lint ## Run golangci-lint linter and perform fixes + $(GOLANGCI_LINT) run --fix + +##@ Build + +.PHONY: build +build: manifests generate fmt vet ## Build manager binary. + go build -o bin/manager cmd/main.go + +.PHONY: run +run: manifests generate fmt vet ## Run a controller from your host. + go run ./cmd/main.go + +# If you wish to build the manager image targeting other platforms you can use the --platform flag. +# (i.e. docker build --platform linux/arm64). However, you must enable docker buildKit for it. +# More info: https://docs.docker.com/develop/develop-images/build_enhancements/ +.PHONY: docker-build +docker-build: ## Build docker image with the manager. + $(CONTAINER_TOOL) build -t ${IMG} . + +.PHONY: docker-push +docker-push: ## Push docker image with the manager. + $(CONTAINER_TOOL) push ${IMG} + +# PLATFORMS defines the target platforms for the manager image be built to provide support to multiple +# architectures. (i.e. make docker-buildx IMG=myregistry/mypoperator:0.0.1). To use this option you need to: +# - be able to use docker buildx. More info: https://docs.docker.com/build/buildx/ +# - have enabled BuildKit. More info: https://docs.docker.com/develop/develop-images/build_enhancements/ +# - be able to push the image to your registry (i.e. if you do not set a valid value via IMG=> then the export will fail) +# To adequately provide solutions that are compatible with multiple platforms, you should consider using this option. +PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le +.PHONY: docker-buildx +docker-buildx: ## Build and push docker image for the manager for cross-platform support + # copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile + sed -e '1 s/\(^FROM\)/FROM --platform=\$$\{BUILDPLATFORM\}/; t' -e ' 1,// s//FROM --platform=\$$\{BUILDPLATFORM\}/' Dockerfile > Dockerfile.cross + - $(CONTAINER_TOOL) buildx create --name project-v3-builder + $(CONTAINER_TOOL) buildx use project-v3-builder + - $(CONTAINER_TOOL) buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross . + - $(CONTAINER_TOOL) buildx rm project-v3-builder + rm Dockerfile.cross + +.PHONY: build-installer +build-installer: manifests generate kustomize ## Generate a consolidated YAML with CRDs and deployment. + mkdir -p dist + cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} + $(KUSTOMIZE) build config/default > dist/install.yaml + +##@ Deployment + +ifndef ignore-not-found + ignore-not-found = false +endif .PHONY: install -install: .bookkeeping/development.txt .git/hooks/pre-commit .pre-commit-config.yaml docker +install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config. + $(KUSTOMIZE) build config/crd | $(KUBECTL) apply -f - + +.PHONY: uninstall +uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. + $(KUSTOMIZE) build config/crd | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f - + +.PHONY: deploy +deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config. + cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} + $(KUSTOMIZE) build config/default | $(KUBECTL) apply -f - + +.PHONY: undeploy +undeploy: kustomize ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. + $(KUSTOMIZE) build config/default | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f - + +##@ Dependencies + +## Location to install dependencies to +LOCALBIN ?= $(shell pwd)/bin +$(LOCALBIN): + mkdir -p $(LOCALBIN) + +## Tool Binaries +KUBECTL ?= kubectl +KUSTOMIZE ?= $(LOCALBIN)/kustomize-$(KUSTOMIZE_VERSION) +CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen-$(CONTROLLER_TOOLS_VERSION) +ENVTEST ?= $(LOCALBIN)/setup-envtest-$(ENVTEST_VERSION) +GOLANGCI_LINT = $(LOCALBIN)/golangci-lint-$(GOLANGCI_LINT_VERSION) + +## Tool Versions +KUSTOMIZE_VERSION ?= v5.3.0 +CONTROLLER_TOOLS_VERSION ?= v0.14.0 +ENVTEST_VERSION ?= release-0.17 +GOLANGCI_LINT_VERSION ?= v1.57.2 + +.PHONY: kustomize +kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. +$(KUSTOMIZE): $(LOCALBIN) + $(call go-install-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/v5,$(KUSTOMIZE_VERSION)) + +.PHONY: controller-gen +controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. +$(CONTROLLER_GEN): $(LOCALBIN) + $(call go-install-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen,$(CONTROLLER_TOOLS_VERSION)) + +.PHONY: envtest +envtest: $(ENVTEST) ## Download setup-envtest locally if necessary. +$(ENVTEST): $(LOCALBIN) + $(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest,$(ENVTEST_VERSION)) + +.PHONY: golangci-lint +golangci-lint: $(GOLANGCI_LINT) ## Download golangci-lint locally if necessary. +$(GOLANGCI_LINT): $(LOCALBIN) + $(call go-install-tool,$(GOLANGCI_LINT),github.com/golangci/golangci-lint/cmd/golangci-lint,${GOLANGCI_LINT_VERSION}) + +# go-install-tool will 'go install' any package with custom target and name of binary, if it doesn't exist +# $1 - target path with name of binary (ideally with version) +# $2 - package url which can be installed +# $3 - specific version of package +define go-install-tool +@[ -f $(1) ] || { \ +set -e; \ +package=$(2)@$(3) ;\ +echo "Downloading $${package}" ;\ +GOBIN=$(LOCALBIN) go install $${package} ;\ +mv "$$(echo "$(1)" | sed "s/-$(3)$$//")" $(1) ;\ +} +endef + +.PHONY: operator-sdk +OPERATOR_SDK ?= $(LOCALBIN)/operator-sdk +operator-sdk: ## Download operator-sdk locally if necessary. +ifeq (,$(wildcard $(OPERATOR_SDK))) +ifeq (, $(shell which operator-sdk 2>/dev/null)) + @{ \ + set -e ;\ + mkdir -p $(dir $(OPERATOR_SDK)) ;\ + OS=$(shell go env GOOS) && ARCH=$(shell go env GOARCH) && \ + curl -sSLo $(OPERATOR_SDK) https://github.com/operator-framework/operator-sdk/releases/download/$(OPERATOR_SDK_VERSION)/operator-sdk_$${OS}_$${ARCH} ;\ + chmod +x $(OPERATOR_SDK) ;\ + } +else +OPERATOR_SDK = $(shell which operator-sdk) +endif +endif + +.PHONY: bundle +bundle: manifests kustomize operator-sdk ## Generate bundle manifests and metadata, then validate generated files. + $(OPERATOR_SDK) generate kustomize manifests -q + cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG) + $(KUSTOMIZE) build config/manifests | $(OPERATOR_SDK) generate bundle $(BUNDLE_GEN_FLAGS) + $(OPERATOR_SDK) bundle validate ./bundle + +.PHONY: bundle-build +bundle-build: ## Build the bundle image. + docker build -f bundle.Dockerfile -t $(BUNDLE_IMG) . + +.PHONY: bundle-push +bundle-push: ## Push the bundle image. + $(MAKE) docker-push IMG=$(BUNDLE_IMG) + +.PHONY: opm +OPM = $(LOCALBIN)/opm +opm: ## Download opm locally if necessary. +ifeq (,$(wildcard $(OPM))) +ifeq (,$(shell which opm 2>/dev/null)) + @{ \ + set -e ;\ + mkdir -p $(dir $(OPM)) ;\ + OS=$(shell go env GOOS) && ARCH=$(shell go env GOARCH) && \ + curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.23.0/$${OS}-$${ARCH}-opm ;\ + chmod +x $(OPM) ;\ + } +else +OPM = $(shell which opm) +endif +endif + +# A comma-separated list of bundle images (e.g. make catalog-build BUNDLE_IMGS=example.com/operator-bundle:v0.1.0,example.com/operator-bundle:v0.2.0). +# These images MUST exist in a registry and be pull-able. +BUNDLE_IMGS ?= $(BUNDLE_IMG) + +# The image tag given to the resulting catalog image (e.g. make catalog-build CATALOG_IMG=example.com/operator-catalog:v0.2.0). +CATALOG_IMG ?= $(IMAGE_TAG_BASE)-catalog:v$(VERSION) + +# Set CATALOG_BASE_IMG to an existing catalog image tag to add $BUNDLE_IMGS to that image. +ifneq ($(origin CATALOG_BASE_IMG), undefined) +FROM_INDEX_OPT := --from-index $(CATALOG_BASE_IMG) +endif + +# Build a catalog image by adding bundle images to an empty catalog using the operator package manager tool, 'opm'. +# This recipe invokes 'opm' in 'semver' bundle add mode. For more information on add modes, see: +# https://github.com/operator-framework/community-operators/blob/7f1438c/docs/packaging-operator.md#updating-your-existing-operator +.PHONY: catalog-build +catalog-build: opm ## Build a catalog image. + $(OPM) index add --container-tool docker --mode semver --tag $(CATALOG_IMG) --bundles $(BUNDLE_IMGS) $(FROM_INDEX_OPT) -.PHONY: clean -clean: - rm -Rf .bookkeeping/ +# Push the catalog image. +.PHONY: catalog-push +catalog-push: ## Push a catalog image. + $(MAKE) docker-push IMG=$(CATALOG_IMG) diff --git a/PROJECT b/PROJECT new file mode 100644 index 0000000..f959c19 --- /dev/null +++ b/PROJECT @@ -0,0 +1,30 @@ +# Code generated by tool. DO NOT EDIT. +# This file is used to track the info used to scaffold your project +# and allow the plugins properly work. +# More info: https://book.kubebuilder.io/reference/project-config.html +domain: prefect.io +layout: +- go.kubebuilder.io/v4 +plugins: + manifests.sdk.operatorframework.io/v2: {} + scorecard.sdk.operatorframework.io/v2: {} +projectName: prefect-operator +repo: github.com/PrefectHQ/prefect-operator +resources: +- api: + crdVersion: v1 + namespaced: true + controller: true + domain: prefect.io + kind: PrefectServer + path: github.com/PrefectHQ/prefect-operator/api/v1 + version: v1 +- api: + crdVersion: v1 + namespaced: true + controller: true + domain: prefect.io + kind: PrefectWorkPool + path: github.com/PrefectHQ/prefect-operator/api/v1 + version: v1 +version: "3" diff --git a/README.md b/README.md index 85aa1d8..1dc16ed 100644 --- a/README.md +++ b/README.md @@ -1,41 +1,114 @@ -# Prefect operator for Kubernetes +# prefect-operator +// TODO(user): Add simple overview of use/purpose -## Development +## Description +// TODO(user): An in-depth paragraph about your project and overview of use -After cloning, create and activate a Python virtual environment, the run `make`. -On subsequent pulls, or when changing dependencies (in `requirements.in`), -`make` will bring the environment up to the latest. +## Getting Started -Run the development version of the operator on your host with +### Prerequisites +- go version v1.21.0+ +- docker version 17.03+. +- kubectl version v1.11.3+. +- Access to a Kubernetes v1.11.3+ cluster. -```shell -kopf run prefect_operator.py +### To Deploy on the cluster +**Build and push your image to the location specified by `IMG`:** + +```sh +make docker-build docker-push IMG=/prefect-operator:tag +``` + +**NOTE:** This image ought to be published in the personal registry you specified. +And it is required to have access to pull the image from the working environment. +Make sure you have the proper permission to the registry if the above commands don’t work. + +**Install the CRDs into the cluster:** + +```sh +make install +``` + +**Deploy the Manager to the cluster with the image specified by `IMG`:** + +```sh +make deploy IMG=/prefect-operator:tag +``` + +> **NOTE**: If you encounter RBAC errors, you may need to grant yourself cluster-admin +privileges or be logged in as admin. + +**Create instances of your solution** +You can apply the samples (examples) from the config/sample: + +```sh +kubectl apply -k config/samples/ +``` + +>**NOTE**: Ensure that the samples has default values to test it out. + +### To Uninstall +**Delete the instances (CRs) from the cluster:** + +```sh +kubectl delete -k config/samples/ +``` + +**Delete the APIs(CRDs) from the cluster:** + +```sh +make uninstall ``` -The examples refer to a Kubernetes storage class named `standard`, which comes -with `minikube` by default. You may need to adjust this for your cluster if you -are using a different stack or have changed your storage setup. +**UnDeploy the controller from the cluster:** -## Development and prototyping with `minikube` +```sh +make undeploy +``` + +## Project Distribution -First, you should have `minikube` -[installed](https://minikube.sigs.k8s.io/docs/start/) or an equivalent local -Kubernetes cluster installed and configured. +Following are the steps to build the installer and distribute this project to users. -Make sure `minikube` is the cluster you're configured to connect to; +1. Build the installer for the image built and published in the registry: -```shell -kubectl config current-context +```sh +make build-installer IMG=/prefect-operator:tag ``` -You should see `minikube` as the output. +NOTE: The makefile target mentioned above generates an 'install.yaml' +file in the dist directory. This file contains all the resources built +with Kustomize, which are necessary to install this project without +its dependencies. -To deploy the example system on `postgres`: +2. Using the installer -```shell -./deploy-example postgres +Users can just run kubectl apply -f to install the project, i.e.: + +```sh +kubectl apply -f https://raw.githubusercontent.com//prefect-operator//dist/install.yaml ``` -This will deploy the manifests in `examples/postgres`, including the namespace -`pop-pg`, a PostgreSQL database server, a `PrefectServer` and a -`PrefectWorkPool` using that server. +## Contributing +// TODO(user): Add detailed information on how you would like others to contribute to this project + +**NOTE:** Run `make help` for more information on all potential `make` targets + +More information can be found via the [Kubebuilder Documentation](https://book.kubebuilder.io/introduction.html) + +## License + +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + diff --git a/api/v1/groupversion_info.go b/api/v1/groupversion_info.go new file mode 100644 index 0000000..733007c --- /dev/null +++ b/api/v1/groupversion_info.go @@ -0,0 +1,36 @@ +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package v1 contains API Schema definitions for the v1 API group +// +kubebuilder:object:generate=true +// +groupName=prefect.io +package v1 + +import ( + "k8s.io/apimachinery/pkg/runtime/schema" + "sigs.k8s.io/controller-runtime/pkg/scheme" +) + +var ( + // GroupVersion is group version used to register these objects + GroupVersion = schema.GroupVersion{Group: "prefect.io", Version: "v1"} + + // SchemeBuilder is used to add go types to the GroupVersionKind scheme + SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} + + // AddToScheme adds the types in this group-version to the given scheme. + AddToScheme = SchemeBuilder.AddToScheme +) diff --git a/api/v1/prefectserver_types.go b/api/v1/prefectserver_types.go new file mode 100644 index 0000000..bb109cc --- /dev/null +++ b/api/v1/prefectserver_types.go @@ -0,0 +1,294 @@ +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + "strconv" + + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/resource" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" +) + +const DEFAULT_PREFECT_IMAGE = "prefecthq/prefect:3.0.0rc15-python3.12" + +// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! +// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. + +// PrefectServerSpec defines the desired state of a PrefectServer +type PrefectServerSpec struct { + // Version defines the version of the Prefect Server to deploy + Version *string `json:"version,omitempty"` + + // Image defines the exact image to deploy for the Prefect Server, overriding Version + Image *string `json:"image,omitempty"` + + // Ephemeral defines whether the server will be deployed with an ephemeral storage backend + Ephemeral *EphemeralConfiguration `json:"ephemeral,omitempty"` + + // SQLite defines whether the server will be deployed with a SQLite backend with persistent volume storage + SQLite *SQLiteConfiguration `json:"sqlite,omitempty"` + + // Postgres defines whether the server will be deployed with a PostgreSQL backend connecting to the + // database with the provided connection information + Postgres *PostgresConfiguration `json:"postgres,omitempty"` + + // A list of environment variables to set on the Prefect Server + Settings []corev1.EnvVar `json:"settings,omitempty"` +} + +type EphemeralConfiguration struct { +} + +func (s *EphemeralConfiguration) ToEnvVars() []corev1.EnvVar { + return []corev1.EnvVar{ + { + Name: "PREFECT_API_DATABASE_DRIVER", + Value: "sqlite+aiosqlite", + }, + { + Name: "PREFECT_API_DATABASE_NAME", + Value: "/var/lib/prefect/prefect.db", + }, + { + Name: "PREFECT_API_DATABASE_MIGRATE_ON_START", + Value: "True", + }, + } +} + +type SQLiteConfiguration struct { + // StorageClassName is the name of the StorageClass of the PersistentVolumeClaim storing the SQLite database + StorageClassName string `json:"storageClassName,omitempty"` + + // Size is the requested size of the PersistentVolumeClaim storing the `prefect.db` + Size resource.Quantity `json:"size,omitempty"` +} + +func (s *SQLiteConfiguration) ToEnvVars() []corev1.EnvVar { + return []corev1.EnvVar{ + { + Name: "PREFECT_API_DATABASE_DRIVER", + Value: "sqlite+aiosqlite", + }, + { + Name: "PREFECT_API_DATABASE_NAME", + Value: "/var/lib/prefect/prefect.db", + }, + { + Name: "PREFECT_API_DATABASE_MIGRATE_ON_START", + Value: "True", + }, + } +} + +type PostgresConfiguration struct { + Host *string `json:"host,omitempty"` + HostFrom *corev1.EnvVarSource `json:"hostFrom,omitempty"` + Port *int `json:"port,omitempty"` + PortFrom *corev1.EnvVarSource `json:"portFrom,omitempty"` + User *string `json:"user,omitempty"` + UserFrom *corev1.EnvVarSource `json:"userFrom,omitempty"` + Password *string `json:"password,omitempty"` + PasswordFrom *corev1.EnvVarSource `json:"passwordFrom,omitempty"` + Database *string `json:"database,omitempty"` + DatabaseFrom *corev1.EnvVarSource `json:"databaseFrom,omitempty"` +} + +func (p *PostgresConfiguration) ToEnvVars() []corev1.EnvVar { + return []corev1.EnvVar{ + { + Name: "PREFECT_API_DATABASE_DRIVER", + Value: "postgresql+asyncpg", + }, + p.HostEnvVar(), + p.PortEnvVar(), + p.UserEnvVar(), + p.PasswordEnvVar(), + p.DatabaseEnvVar(), + { + Name: "PREFECT_API_DATABASE_MIGRATE_ON_START", + Value: "False", + }, + } +} + +func (p *PostgresConfiguration) HostEnvVar() corev1.EnvVar { + if p.Host != nil && *p.Host != "" { + return corev1.EnvVar{ + Name: "PREFECT_API_DATABASE_HOST", + Value: *p.Host, + } + } + return corev1.EnvVar{ + Name: "PREFECT_API_DATABASE_HOST", + ValueFrom: p.HostFrom, + } +} + +func (p *PostgresConfiguration) PortEnvVar() corev1.EnvVar { + if p.Port != nil && *p.Port != 0 { + return corev1.EnvVar{ + Name: "PREFECT_API_DATABASE_PORT", + Value: strconv.Itoa(*p.Port), + } + } + return corev1.EnvVar{ + Name: "PREFECT_API_DATABASE_PORT", + ValueFrom: p.PortFrom, + } +} + +func (p *PostgresConfiguration) UserEnvVar() corev1.EnvVar { + if p.User != nil && *p.User != "" { + return corev1.EnvVar{ + Name: "PREFECT_API_DATABASE_USER", + Value: *p.User, + } + } + return corev1.EnvVar{ + Name: "PREFECT_API_DATABASE_USER", + ValueFrom: p.UserFrom, + } +} + +func (p *PostgresConfiguration) PasswordEnvVar() corev1.EnvVar { + if p.Password != nil && *p.Password != "" { + return corev1.EnvVar{ + Name: "PREFECT_API_DATABASE_PASSWORD", + Value: *p.Password, + } + } + return corev1.EnvVar{ + Name: "PREFECT_API_DATABASE_PASSWORD", + ValueFrom: p.PasswordFrom, + } +} + +func (p *PostgresConfiguration) DatabaseEnvVar() corev1.EnvVar { + if p.Database != nil && *p.Database != "" { + return corev1.EnvVar{ + Name: "PREFECT_API_DATABASE_NAME", + Value: *p.Database, + } + } + return corev1.EnvVar{ + Name: "PREFECT_API_DATABASE_NAME", + ValueFrom: p.DatabaseFrom, + } +} + +// PrefectServerStatus defines the observed state of PrefectServer +type PrefectServerStatus struct { + // Represents the observations of a PrefectServer's current state. + // PrefectServer.status.conditions.type are: "Available", "Progressing", and "Degraded" + // PrefectServer.status.conditions.status are one of True, False, Unknown. + // PrefectServer.status.conditions.reason the value should be a CamelCase string and producers of specific + // condition types may define expected values and meanings for this field, and whether the values + // are considered a guaranteed API. + // PrefectServer.status.conditions.Message is a human readable message indicating details about the transition. + // For further information see: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties + + // Conditions store the status conditions of the PrefectServer instances + // +operator-sdk:csv:customresourcedefinitions:type=status + Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` +} + +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// PrefectServer is the Schema for the prefectservers API +type PrefectServer struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec PrefectServerSpec `json:"spec,omitempty"` + Status PrefectServerStatus `json:"status,omitempty"` +} + +func (s *PrefectServer) ServerLabels() map[string]string { + return map[string]string{ + "app": s.Name, + } +} + +func (s *PrefectServer) Image() string { + if s.Spec.Image != nil && *s.Spec.Image != "" { + return *s.Spec.Image + } + if s.Spec.Version != nil && *s.Spec.Version == "" { + return "prefecthq/prefect:" + *s.Spec.Version + "-3.0.0rc15-python3.12" + } + return DEFAULT_PREFECT_IMAGE +} + +func (s *PrefectServer) Command() []string { + return []string{"prefect", "server", "start", "--host", "0.0.0.0"} +} + +func (s *PrefectServer) HealthProbe() corev1.ProbeHandler { + return corev1.ProbeHandler{ + HTTPGet: &corev1.HTTPGetAction{ + Path: "/api/health", + Port: intstr.FromInt(4200), + Scheme: corev1.URISchemeHTTP, + }, + } +} + +func (s *PrefectServer) StartupProbe() *corev1.Probe { + return &corev1.Probe{ + ProbeHandler: s.HealthProbe(), + InitialDelaySeconds: 10, + PeriodSeconds: 5, + TimeoutSeconds: 5, + SuccessThreshold: 1, + FailureThreshold: 30, + } +} +func (s *PrefectServer) ReadinessProbe() *corev1.Probe { + return &corev1.Probe{ + ProbeHandler: s.HealthProbe(), + InitialDelaySeconds: 10, + PeriodSeconds: 5, + TimeoutSeconds: 5, + SuccessThreshold: 1, + FailureThreshold: 30, + } +} +func (s *PrefectServer) LivenessProbe() *corev1.Probe { + return &corev1.Probe{ + ProbeHandler: s.HealthProbe(), + InitialDelaySeconds: 120, + PeriodSeconds: 10, + TimeoutSeconds: 5, + SuccessThreshold: 1, + FailureThreshold: 2, + } +} + +// +kubebuilder:object:root=true +// PrefectServerList contains a list of PrefectServer +type PrefectServerList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []PrefectServer `json:"items"` +} + +func init() { + SchemeBuilder.Register(&PrefectServer{}, &PrefectServerList{}) +} diff --git a/api/v1/prefectworkpool_types.go b/api/v1/prefectworkpool_types.go new file mode 100644 index 0000000..c4ca57c --- /dev/null +++ b/api/v1/prefectworkpool_types.go @@ -0,0 +1,78 @@ +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! +// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. + +// PrefectWorkPoolSpec defines the desired state of PrefectWorkPool +type PrefectWorkPoolSpec struct { + // INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + // Important: Run "make" to regenerate code after modifying this file + + // Version defines the version of Prefect the Work Pool will run + Version string `json:"version,omitempty"` + + // Server defines which Prefect Server to connect to + Server PrefectServerReference `json:"server,omitempty"` + + // Workers defines the number of workers to run in the Work Pool + Workers int32 `json:"workers,omitempty"` +} + +type PrefectServerReference struct { + // Namespace is the namespace where the Prefect Server is running + Namespace string `json:"namespace,omitempty"` + + // Name is the name of the Prefect Server in the given namespace + Name string `json:"name,omitempty"` +} + +// PrefectWorkPoolStatus defines the observed state of PrefectWorkPool +type PrefectWorkPoolStatus struct { + // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster + // Important: Run "make" to regenerate code after modifying this file +} + +//+kubebuilder:object:root=true +//+kubebuilder:subresource:status + +// PrefectWorkPool is the Schema for the prefectworkpools API +type PrefectWorkPool struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec PrefectWorkPoolSpec `json:"spec,omitempty"` + Status PrefectWorkPoolStatus `json:"status,omitempty"` +} + +//+kubebuilder:object:root=true + +// PrefectWorkPoolList contains a list of PrefectWorkPool +type PrefectWorkPoolList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []PrefectWorkPool `json:"items"` +} + +func init() { + SchemeBuilder.Register(&PrefectWorkPool{}, &PrefectWorkPoolList{}) +} diff --git a/api/v1/zz_generated.deepcopy.go b/api/v1/zz_generated.deepcopy.go new file mode 100644 index 0000000..38569c0 --- /dev/null +++ b/api/v1/zz_generated.deepcopy.go @@ -0,0 +1,356 @@ +//go:build !ignore_autogenerated + +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by controller-gen. DO NOT EDIT. + +package v1 + +import ( + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *EphemeralConfiguration) DeepCopyInto(out *EphemeralConfiguration) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EphemeralConfiguration. +func (in *EphemeralConfiguration) DeepCopy() *EphemeralConfiguration { + if in == nil { + return nil + } + out := new(EphemeralConfiguration) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PostgresConfiguration) DeepCopyInto(out *PostgresConfiguration) { + *out = *in + if in.Host != nil { + in, out := &in.Host, &out.Host + *out = new(string) + **out = **in + } + if in.HostFrom != nil { + in, out := &in.HostFrom, &out.HostFrom + *out = new(corev1.EnvVarSource) + (*in).DeepCopyInto(*out) + } + if in.Port != nil { + in, out := &in.Port, &out.Port + *out = new(int) + **out = **in + } + if in.PortFrom != nil { + in, out := &in.PortFrom, &out.PortFrom + *out = new(corev1.EnvVarSource) + (*in).DeepCopyInto(*out) + } + if in.User != nil { + in, out := &in.User, &out.User + *out = new(string) + **out = **in + } + if in.UserFrom != nil { + in, out := &in.UserFrom, &out.UserFrom + *out = new(corev1.EnvVarSource) + (*in).DeepCopyInto(*out) + } + if in.Password != nil { + in, out := &in.Password, &out.Password + *out = new(string) + **out = **in + } + if in.PasswordFrom != nil { + in, out := &in.PasswordFrom, &out.PasswordFrom + *out = new(corev1.EnvVarSource) + (*in).DeepCopyInto(*out) + } + if in.Database != nil { + in, out := &in.Database, &out.Database + *out = new(string) + **out = **in + } + if in.DatabaseFrom != nil { + in, out := &in.DatabaseFrom, &out.DatabaseFrom + *out = new(corev1.EnvVarSource) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PostgresConfiguration. +func (in *PostgresConfiguration) DeepCopy() *PostgresConfiguration { + if in == nil { + return nil + } + out := new(PostgresConfiguration) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrefectServer) DeepCopyInto(out *PrefectServer) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrefectServer. +func (in *PrefectServer) DeepCopy() *PrefectServer { + if in == nil { + return nil + } + out := new(PrefectServer) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PrefectServer) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrefectServerList) DeepCopyInto(out *PrefectServerList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]PrefectServer, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrefectServerList. +func (in *PrefectServerList) DeepCopy() *PrefectServerList { + if in == nil { + return nil + } + out := new(PrefectServerList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PrefectServerList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrefectServerReference) DeepCopyInto(out *PrefectServerReference) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrefectServerReference. +func (in *PrefectServerReference) DeepCopy() *PrefectServerReference { + if in == nil { + return nil + } + out := new(PrefectServerReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrefectServerSpec) DeepCopyInto(out *PrefectServerSpec) { + *out = *in + if in.Version != nil { + in, out := &in.Version, &out.Version + *out = new(string) + **out = **in + } + if in.Image != nil { + in, out := &in.Image, &out.Image + *out = new(string) + **out = **in + } + if in.Ephemeral != nil { + in, out := &in.Ephemeral, &out.Ephemeral + *out = new(EphemeralConfiguration) + **out = **in + } + if in.SQLite != nil { + in, out := &in.SQLite, &out.SQLite + *out = new(SQLiteConfiguration) + (*in).DeepCopyInto(*out) + } + if in.Postgres != nil { + in, out := &in.Postgres, &out.Postgres + *out = new(PostgresConfiguration) + (*in).DeepCopyInto(*out) + } + if in.Settings != nil { + in, out := &in.Settings, &out.Settings + *out = make([]corev1.EnvVar, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrefectServerSpec. +func (in *PrefectServerSpec) DeepCopy() *PrefectServerSpec { + if in == nil { + return nil + } + out := new(PrefectServerSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrefectServerStatus) DeepCopyInto(out *PrefectServerStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]metav1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrefectServerStatus. +func (in *PrefectServerStatus) DeepCopy() *PrefectServerStatus { + if in == nil { + return nil + } + out := new(PrefectServerStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrefectWorkPool) DeepCopyInto(out *PrefectWorkPool) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + out.Status = in.Status +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrefectWorkPool. +func (in *PrefectWorkPool) DeepCopy() *PrefectWorkPool { + if in == nil { + return nil + } + out := new(PrefectWorkPool) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PrefectWorkPool) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrefectWorkPoolList) DeepCopyInto(out *PrefectWorkPoolList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]PrefectWorkPool, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrefectWorkPoolList. +func (in *PrefectWorkPoolList) DeepCopy() *PrefectWorkPoolList { + if in == nil { + return nil + } + out := new(PrefectWorkPoolList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PrefectWorkPoolList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrefectWorkPoolSpec) DeepCopyInto(out *PrefectWorkPoolSpec) { + *out = *in + out.Server = in.Server +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrefectWorkPoolSpec. +func (in *PrefectWorkPoolSpec) DeepCopy() *PrefectWorkPoolSpec { + if in == nil { + return nil + } + out := new(PrefectWorkPoolSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PrefectWorkPoolStatus) DeepCopyInto(out *PrefectWorkPoolStatus) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PrefectWorkPoolStatus. +func (in *PrefectWorkPoolStatus) DeepCopy() *PrefectWorkPoolStatus { + if in == nil { + return nil + } + out := new(PrefectWorkPoolStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SQLiteConfiguration) DeepCopyInto(out *SQLiteConfiguration) { + *out = *in + out.Size = in.Size.DeepCopy() +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SQLiteConfiguration. +func (in *SQLiteConfiguration) DeepCopy() *SQLiteConfiguration { + if in == nil { + return nil + } + out := new(SQLiteConfiguration) + in.DeepCopyInto(out) + return out +} diff --git a/cmd/main.go b/cmd/main.go new file mode 100644 index 0000000..c248354 --- /dev/null +++ b/cmd/main.go @@ -0,0 +1,155 @@ +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package main + +import ( + "crypto/tls" + "flag" + "os" + + // Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.) + // to ensure that exec-entrypoint and run can make use of them. + _ "k8s.io/client-go/plugin/pkg/client/auth" + + "k8s.io/apimachinery/pkg/runtime" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" + clientgoscheme "k8s.io/client-go/kubernetes/scheme" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/healthz" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" + "sigs.k8s.io/controller-runtime/pkg/webhook" + + prefectiov1 "github.com/PrefectHQ/prefect-operator/api/v1" + "github.com/PrefectHQ/prefect-operator/internal/controller" + //+kubebuilder:scaffold:imports +) + +var ( + scheme = runtime.NewScheme() + setupLog = ctrl.Log.WithName("setup") +) + +func init() { + utilruntime.Must(clientgoscheme.AddToScheme(scheme)) + + utilruntime.Must(prefectiov1.AddToScheme(scheme)) + //+kubebuilder:scaffold:scheme +} + +func main() { + var metricsAddr string + var enableLeaderElection bool + var probeAddr string + var secureMetrics bool + var enableHTTP2 bool + flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.") + flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") + flag.BoolVar(&enableLeaderElection, "leader-elect", false, + "Enable leader election for controller manager. "+ + "Enabling this will ensure there is only one active controller manager.") + flag.BoolVar(&secureMetrics, "metrics-secure", false, + "If set the metrics endpoint is served securely") + flag.BoolVar(&enableHTTP2, "enable-http2", false, + "If set, HTTP/2 will be enabled for the metrics and webhook servers") + opts := zap.Options{ + Development: true, + } + opts.BindFlags(flag.CommandLine) + flag.Parse() + + ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts))) + + // if the enable-http2 flag is false (the default), http/2 should be disabled + // due to its vulnerabilities. More specifically, disabling http/2 will + // prevent from being vulnerable to the HTTP/2 Stream Cancellation and + // Rapid Reset CVEs. For more information see: + // - https://github.com/advisories/GHSA-qppj-fm5r-hxr3 + // - https://github.com/advisories/GHSA-4374-p667-p6c8 + disableHTTP2 := func(c *tls.Config) { + setupLog.Info("disabling http/2") + c.NextProtos = []string{"http/1.1"} + } + + tlsOpts := []func(*tls.Config){} + if !enableHTTP2 { + tlsOpts = append(tlsOpts, disableHTTP2) + } + + webhookServer := webhook.NewServer(webhook.Options{ + TLSOpts: tlsOpts, + }) + + mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ + Scheme: scheme, + Metrics: metricsserver.Options{ + BindAddress: metricsAddr, + SecureServing: secureMetrics, + TLSOpts: tlsOpts, + }, + WebhookServer: webhookServer, + HealthProbeBindAddress: probeAddr, + LeaderElection: enableLeaderElection, + LeaderElectionID: "fd9f6399.prefect.io", + // LeaderElectionReleaseOnCancel defines if the leader should step down voluntarily + // when the Manager ends. This requires the binary to immediately end when the + // Manager is stopped, otherwise, this setting is unsafe. Setting this significantly + // speeds up voluntary leader transitions as the new leader don't have to wait + // LeaseDuration time first. + // + // In the default scaffold provided, the program ends immediately after + // the manager stops, so would be fine to enable this option. However, + // if you are doing or is intended to do any operation such as perform cleanups + // after the manager stops then its usage might be unsafe. + LeaderElectionReleaseOnCancel: true, + }) + if err != nil { + setupLog.Error(err, "unable to start manager") + os.Exit(1) + } + + if err = (&controller.PrefectServerReconciler{ + Client: mgr.GetClient(), + Scheme: mgr.GetScheme(), + }).SetupWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create controller", "controller", "PrefectServer") + os.Exit(1) + } + if err = (&controller.PrefectWorkPoolReconciler{ + Client: mgr.GetClient(), + Scheme: mgr.GetScheme(), + }).SetupWithManager(mgr); err != nil { + setupLog.Error(err, "unable to create controller", "controller", "PrefectWorkPool") + os.Exit(1) + } + //+kubebuilder:scaffold:builder + + if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil { + setupLog.Error(err, "unable to set up health check") + os.Exit(1) + } + if err := mgr.AddReadyzCheck("readyz", healthz.Ping); err != nil { + setupLog.Error(err, "unable to set up ready check") + os.Exit(1) + } + + setupLog.Info("starting manager") + if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil { + setupLog.Error(err, "problem running manager") + os.Exit(1) + } +} diff --git a/config/crd/bases/prefect.io_prefectservers.yaml b/config/crd/bases/prefect.io_prefectservers.yaml new file mode 100644 index 0000000..af0350a --- /dev/null +++ b/config/crd/bases/prefect.io_prefectservers.yaml @@ -0,0 +1,715 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: prefectservers.prefect.io +spec: + group: prefect.io + names: + kind: PrefectServer + listKind: PrefectServerList + plural: prefectservers + singular: prefectserver + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: PrefectServer is the Schema for the prefectservers API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PrefectServerSpec defines the desired state of a PrefectServer + properties: + ephemeral: + description: Ephemeral defines whether the server will be deployed + with an ephemeral storage backend + type: object + image: + description: Image defines the exact image to deploy for the Prefect + Server, overriding Version + type: string + postgres: + description: |- + Postgres defines whether the server will be deployed with a PostgreSQL backend connecting to the + database with the provided connection information + properties: + database: + type: string + databaseFrom: + description: EnvVarSource represents a source for the value of + an EnvVar. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + host: + type: string + hostFrom: + description: EnvVarSource represents a source for the value of + an EnvVar. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + password: + type: string + passwordFrom: + description: EnvVarSource represents a source for the value of + an EnvVar. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + port: + type: integer + portFrom: + description: EnvVarSource represents a source for the value of + an EnvVar. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + user: + type: string + userFrom: + description: EnvVarSource represents a source for the value of + an EnvVar. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + type: object + settings: + description: A list of environment variables to set on the Prefect + Server + items: + description: EnvVar represents an environment variable present in + a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot + be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is + written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + sqlite: + description: SQLite defines whether the server will be deployed with + a SQLite backend with persistent volume storage + properties: + size: + anyOf: + - type: integer + - type: string + description: Size is the requested size of the PersistentVolumeClaim + storing the `prefect.db` + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + storageClassName: + description: StorageClassName is the name of the StorageClass + of the PersistentVolumeClaim storing the SQLite database + type: string + type: object + version: + description: Version defines the version of the Prefect Server to + deploy + type: string + type: object + status: + description: PrefectServerStatus defines the observed state of PrefectServer + properties: + conditions: + description: Conditions store the status conditions of the PrefectServer + instances + items: + description: "Condition contains details for one aspect of the current + state of this API Resource.\n---\nThis struct is intended for + direct use as an array at the field path .status.conditions. For + example,\n\n\n\ttype FooStatus struct{\n\t // Represents the + observations of a foo's current state.\n\t // Known .status.conditions.type + are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // + +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t + \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t + \ // other fields\n\t}" + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + --- + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be + useful (see .node.status.conditions), the ability to deconflict is important. + The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/bases/prefect.io_prefectworkpools.yaml b/config/crd/bases/prefect.io_prefectworkpools.yaml new file mode 100644 index 0000000..194f0df --- /dev/null +++ b/config/crd/bases/prefect.io_prefectworkpools.yaml @@ -0,0 +1,71 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: prefectworkpools.prefect.io +spec: + group: prefect.io + names: + kind: PrefectWorkPool + listKind: PrefectWorkPoolList + plural: prefectworkpools + singular: prefectworkpool + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: PrefectWorkPool is the Schema for the prefectworkpools API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: PrefectWorkPoolSpec defines the desired state of PrefectWorkPool + properties: + server: + description: Server defines which Prefect Server to connect to + properties: + name: + description: Name is the name of the Prefect Server in the given + namespace + type: string + namespace: + description: Namespace is the namespace where the Prefect Server + is running + type: string + type: object + version: + description: Version defines the version of Prefect the Work Pool + will run + type: string + workers: + description: Workers defines the number of workers to run in the Work + Pool + format: int32 + type: integer + type: object + status: + description: PrefectWorkPoolStatus defines the observed state of PrefectWorkPool + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml new file mode 100644 index 0000000..daa9b90 --- /dev/null +++ b/config/crd/kustomization.yaml @@ -0,0 +1,24 @@ +# This kustomization.yaml is not intended to be run by itself, +# since it depends on service name and namespace that are out of this kustomize package. +# It should be run by config/default +resources: +- bases/prefect.io_prefectservers.yaml +- bases/prefect.io_prefectworkpools.yaml +#+kubebuilder:scaffold:crdkustomizeresource + +patches: +# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. +# patches here are for enabling the conversion webhook for each CRD +#+kubebuilder:scaffold:crdkustomizewebhookpatch + +# [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix. +# patches here are for enabling the CA injection for each CRD +#- path: patches/cainjection_in_prefectservers.yaml +#- path: patches/cainjection_in_prefectworkpools.yaml +#+kubebuilder:scaffold:crdkustomizecainjectionpatch + +# [WEBHOOK] To enable webhook, uncomment the following section +# the following config is for teaching kustomize how to do kustomization for CRDs. + +#configurations: +#- kustomizeconfig.yaml diff --git a/config/crd/kustomizeconfig.yaml b/config/crd/kustomizeconfig.yaml new file mode 100644 index 0000000..ec5c150 --- /dev/null +++ b/config/crd/kustomizeconfig.yaml @@ -0,0 +1,19 @@ +# This file is for teaching kustomize how to substitute name and namespace reference in CRD +nameReference: +- kind: Service + version: v1 + fieldSpecs: + - kind: CustomResourceDefinition + version: v1 + group: apiextensions.k8s.io + path: spec/conversion/webhook/clientConfig/service/name + +namespace: +- kind: CustomResourceDefinition + version: v1 + group: apiextensions.k8s.io + path: spec/conversion/webhook/clientConfig/service/namespace + create: false + +varReference: +- path: metadata/annotations diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml new file mode 100644 index 0000000..83e13d2 --- /dev/null +++ b/config/default/kustomization.yaml @@ -0,0 +1,142 @@ +# Adds namespace to all resources. +namespace: prefect-operator-system + +# Value of this field is prepended to the +# names of all resources, e.g. a deployment named +# "wordpress" becomes "alices-wordpress". +# Note that it should also match with the prefix (text before '-') of the namespace +# field above. +namePrefix: prefect-operator- + +# Labels to add to all resources and selectors. +#labels: +#- includeSelectors: true +# pairs: +# someName: someValue + +resources: +- ../crd +- ../rbac +- ../manager +# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in +# crd/kustomization.yaml +#- ../webhook +# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. +#- ../certmanager +# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. +#- ../prometheus + +patches: +# Protect the /metrics endpoint by putting it behind auth. +# If you want your controller-manager to expose the /metrics +# endpoint w/o any authn/z, please comment the following line. +- path: manager_auth_proxy_patch.yaml + +# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in +# crd/kustomization.yaml +#- path: manager_webhook_patch.yaml + +# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. +# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. +# 'CERTMANAGER' needs to be enabled to use ca injection +#- path: webhookcainjection_patch.yaml + +# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. +# Uncomment the following replacements to add the cert-manager CA injection annotations +#replacements: +# - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs +# kind: Certificate +# group: cert-manager.io +# version: v1 +# name: serving-cert # this name should match the one in certificate.yaml +# fieldPath: .metadata.namespace # namespace of the certificate CR +# targets: +# - select: +# kind: ValidatingWebhookConfiguration +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 0 +# create: true +# - select: +# kind: MutatingWebhookConfiguration +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 0 +# create: true +# - select: +# kind: CustomResourceDefinition +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 0 +# create: true +# - source: +# kind: Certificate +# group: cert-manager.io +# version: v1 +# name: serving-cert # this name should match the one in certificate.yaml +# fieldPath: .metadata.name +# targets: +# - select: +# kind: ValidatingWebhookConfiguration +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 1 +# create: true +# - select: +# kind: MutatingWebhookConfiguration +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 1 +# create: true +# - select: +# kind: CustomResourceDefinition +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 1 +# create: true +# - source: # Add cert-manager annotation to the webhook Service +# kind: Service +# version: v1 +# name: webhook-service +# fieldPath: .metadata.name # namespace of the service +# targets: +# - select: +# kind: Certificate +# group: cert-manager.io +# version: v1 +# fieldPaths: +# - .spec.dnsNames.0 +# - .spec.dnsNames.1 +# options: +# delimiter: '.' +# index: 0 +# create: true +# - source: +# kind: Service +# version: v1 +# name: webhook-service +# fieldPath: .metadata.namespace # namespace of the service +# targets: +# - select: +# kind: Certificate +# group: cert-manager.io +# version: v1 +# fieldPaths: +# - .spec.dnsNames.0 +# - .spec.dnsNames.1 +# options: +# delimiter: '.' +# index: 1 +# create: true diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml new file mode 100644 index 0000000..4c3c276 --- /dev/null +++ b/config/default/manager_auth_proxy_patch.yaml @@ -0,0 +1,39 @@ +# This patch inject a sidecar container which is a HTTP proxy for the +# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: kube-rbac-proxy + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.16.0 + args: + - "--secure-listen-address=0.0.0.0:8443" + - "--upstream=http://127.0.0.1:8080/" + - "--logtostderr=true" + - "--v=0" + ports: + - containerPort: 8443 + protocol: TCP + name: https + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + - name: manager + args: + - "--health-probe-bind-address=:8081" + - "--metrics-bind-address=127.0.0.1:8080" + - "--leader-elect" diff --git a/config/default/manager_config_patch.yaml b/config/default/manager_config_patch.yaml new file mode 100644 index 0000000..f6f5891 --- /dev/null +++ b/config/default/manager_config_patch.yaml @@ -0,0 +1,10 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml new file mode 100644 index 0000000..5c5f0b8 --- /dev/null +++ b/config/manager/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- manager.yaml diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml new file mode 100644 index 0000000..e12385b --- /dev/null +++ b/config/manager/manager.yaml @@ -0,0 +1,94 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + control-plane: controller-manager + app.kubernetes.io/name: prefect-operator + app.kubernetes.io/managed-by: kustomize + name: system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system + labels: + control-plane: controller-manager + app.kubernetes.io/name: prefect-operator + app.kubernetes.io/managed-by: kustomize +spec: + selector: + matchLabels: + control-plane: controller-manager + replicas: 1 + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + # TODO(user): Uncomment the following code to configure the nodeAffinity expression + # according to the platforms which are supported by your solution. + # It is considered best practice to support multiple architectures. You can + # build your manager image using the makefile target docker-buildx. + # affinity: + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/arch + # operator: In + # values: + # - amd64 + # - arm64 + # - ppc64le + # - s390x + # - key: kubernetes.io/os + # operator: In + # values: + # - linux + securityContext: + runAsNonRoot: true + # TODO(user): For common cases that do not require escalating privileges + # it is recommended to ensure that all your Pods/Containers are restrictive. + # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted + # Please uncomment the following code if your project does NOT have to work on old Kubernetes + # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ). + # seccompProfile: + # type: RuntimeDefault + containers: + - command: + - /manager + args: + - --leader-elect + image: controller:latest + name: manager + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + # TODO(user): Configure the resources accordingly based on the project requirements. + # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + serviceAccountName: controller-manager + terminationGracePeriodSeconds: 10 diff --git a/config/manifests/kustomization.yaml b/config/manifests/kustomization.yaml new file mode 100644 index 0000000..2d02f78 --- /dev/null +++ b/config/manifests/kustomization.yaml @@ -0,0 +1,28 @@ +# These resources constitute the fully configured set of manifests +# used to generate the 'manifests/' directory in a bundle. +resources: +- bases/prefect-operator.clusterserviceversion.yaml +- ../default +- ../samples +- ../scorecard + +# [WEBHOOK] To enable webhooks, uncomment all the sections with [WEBHOOK] prefix. +# Do NOT uncomment sections with prefix [CERTMANAGER], as OLM does not support cert-manager. +# These patches remove the unnecessary "cert" volume and its manager container volumeMount. +#patchesJson6902: +#- target: +# group: apps +# version: v1 +# kind: Deployment +# name: controller-manager +# namespace: system +# patch: |- +# # Remove the manager container's "cert" volumeMount, since OLM will create and mount a set of certs. +# # Update the indices in this path if adding or removing containers/volumeMounts in the manager's Deployment. +# - op: remove + +# path: /spec/template/spec/containers/0/volumeMounts/0 +# # Remove the "cert" volume, since OLM will create and mount a set of certs. +# # Update the indices in this path if adding or removing volumes in the manager's Deployment. +# - op: remove +# path: /spec/template/spec/volumes/0 diff --git a/config/prometheus/kustomization.yaml b/config/prometheus/kustomization.yaml new file mode 100644 index 0000000..ed13716 --- /dev/null +++ b/config/prometheus/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- monitor.yaml diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml new file mode 100644 index 0000000..ac7009c --- /dev/null +++ b/config/prometheus/monitor.yaml @@ -0,0 +1,21 @@ +# Prometheus Monitor Service (Metrics) +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + control-plane: controller-manager + app.kubernetes.io/name: prefect-operator + app.kubernetes.io/managed-by: kustomize + name: controller-manager-metrics-monitor + namespace: system +spec: + endpoints: + - path: /metrics + port: https + scheme: https + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + tlsConfig: + insecureSkipVerify: true + selector: + matchLabels: + control-plane: controller-manager diff --git a/config/rbac/auth_proxy_client_clusterrole.yaml b/config/rbac/auth_proxy_client_clusterrole.yaml new file mode 100644 index 0000000..d8bb099 --- /dev/null +++ b/config/rbac/auth_proxy_client_clusterrole.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: prefect-operator + app.kubernetes.io/managed-by: kustomize + name: metrics-reader +rules: +- nonResourceURLs: + - "/metrics" + verbs: + - get diff --git a/config/rbac/auth_proxy_role.yaml b/config/rbac/auth_proxy_role.yaml new file mode 100644 index 0000000..c109d79 --- /dev/null +++ b/config/rbac/auth_proxy_role.yaml @@ -0,0 +1,20 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: prefect-operator + app.kubernetes.io/managed-by: kustomize + name: proxy-role +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create diff --git a/config/rbac/auth_proxy_role_binding.yaml b/config/rbac/auth_proxy_role_binding.yaml new file mode 100644 index 0000000..57b53da --- /dev/null +++ b/config/rbac/auth_proxy_role_binding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: prefect-operator + app.kubernetes.io/managed-by: kustomize + name: proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: proxy-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/config/rbac/auth_proxy_service.yaml b/config/rbac/auth_proxy_service.yaml new file mode 100644 index 0000000..f3f8d25 --- /dev/null +++ b/config/rbac/auth_proxy_service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + app.kubernetes.io/name: prefect-operator + app.kubernetes.io/managed-by: kustomize + name: controller-manager-metrics-service + namespace: system +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml new file mode 100644 index 0000000..7c47baf --- /dev/null +++ b/config/rbac/kustomization.yaml @@ -0,0 +1,26 @@ +resources: +# All RBAC will be applied under this service account in +# the deployment namespace. You may comment out this resource +# if your manager will use a service account that exists at +# runtime. Be sure to update RoleBinding and ClusterRoleBinding +# subjects if changing service account names. +- service_account.yaml +- role.yaml +- role_binding.yaml +- leader_election_role.yaml +- leader_election_role_binding.yaml +# Comment the following 4 lines if you want to disable +# the auth proxy (https://github.com/brancz/kube-rbac-proxy) +# which protects your /metrics endpoint. +- auth_proxy_service.yaml +- auth_proxy_role.yaml +- auth_proxy_role_binding.yaml +- auth_proxy_client_clusterrole.yaml +# For each CRD, "Editor" and "Viewer" roles are scaffolded by +# default, aiding admins in cluster management. Those roles are +# not used by the Project itself. You can comment the following lines +# if you do not want those helpers be installed with your Project. +- prefectworkpool_editor_role.yaml +- prefectworkpool_viewer_role.yaml +- prefectserver_editor_role.yaml +- prefectserver_viewer_role.yaml diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml new file mode 100644 index 0000000..5a43bad --- /dev/null +++ b/config/rbac/leader_election_role.yaml @@ -0,0 +1,40 @@ +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/name: prefect-operator + app.kubernetes.io/managed-by: kustomize + name: leader-election-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml new file mode 100644 index 0000000..927cd5a --- /dev/null +++ b/config/rbac/leader_election_role_binding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/name: prefect-operator + app.kubernetes.io/managed-by: kustomize + name: leader-election-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: leader-election-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/config/rbac/prefectserver_editor_role.yaml b/config/rbac/prefectserver_editor_role.yaml new file mode 100644 index 0000000..368c05a --- /dev/null +++ b/config/rbac/prefectserver_editor_role.yaml @@ -0,0 +1,27 @@ +# permissions for end users to edit prefectservers. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: prefect-operator + app.kubernetes.io/managed-by: kustomize + name: prefectserver-editor-role +rules: +- apiGroups: + - prefect.io + resources: + - prefectservers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - prefect.io + resources: + - prefectservers/status + verbs: + - get diff --git a/config/rbac/prefectserver_viewer_role.yaml b/config/rbac/prefectserver_viewer_role.yaml new file mode 100644 index 0000000..30bb85a --- /dev/null +++ b/config/rbac/prefectserver_viewer_role.yaml @@ -0,0 +1,23 @@ +# permissions for end users to view prefectservers. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: prefect-operator + app.kubernetes.io/managed-by: kustomize + name: prefectserver-viewer-role +rules: +- apiGroups: + - prefect.io + resources: + - prefectservers + verbs: + - get + - list + - watch +- apiGroups: + - prefect.io + resources: + - prefectservers/status + verbs: + - get diff --git a/config/rbac/prefectworkpool_editor_role.yaml b/config/rbac/prefectworkpool_editor_role.yaml new file mode 100644 index 0000000..e4a72a6 --- /dev/null +++ b/config/rbac/prefectworkpool_editor_role.yaml @@ -0,0 +1,27 @@ +# permissions for end users to edit prefectworkpools. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: prefect-operator + app.kubernetes.io/managed-by: kustomize + name: prefectworkpool-editor-role +rules: +- apiGroups: + - prefect.io + resources: + - prefectworkpools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - prefect.io + resources: + - prefectworkpools/status + verbs: + - get diff --git a/config/rbac/prefectworkpool_viewer_role.yaml b/config/rbac/prefectworkpool_viewer_role.yaml new file mode 100644 index 0000000..4aad49c --- /dev/null +++ b/config/rbac/prefectworkpool_viewer_role.yaml @@ -0,0 +1,23 @@ +# permissions for end users to view prefectworkpools. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: prefect-operator + app.kubernetes.io/managed-by: kustomize + name: prefectworkpool-viewer-role +rules: +- apiGroups: + - prefect.io + resources: + - prefectworkpools + verbs: + - get + - list + - watch +- apiGroups: + - prefect.io + resources: + - prefectworkpools/status + verbs: + - get diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml new file mode 100644 index 0000000..7830f18 --- /dev/null +++ b/config/rbac/role.yaml @@ -0,0 +1,97 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: manager-role +rules: +- apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - prefect.io + resources: + - prefectservers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - prefect.io + resources: + - prefectservers/finalizers + verbs: + - update +- apiGroups: + - prefect.io + resources: + - prefectservers/status + verbs: + - get + - patch + - update +- apiGroups: + - prefect.io + resources: + - prefectworkpools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - prefect.io + resources: + - prefectworkpools/finalizers + verbs: + - update +- apiGroups: + - prefect.io + resources: + - prefectworkpools/status + verbs: + - get + - patch + - update diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml new file mode 100644 index 0000000..bd314a7 --- /dev/null +++ b/config/rbac/role_binding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: prefect-operator + app.kubernetes.io/managed-by: kustomize + name: manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: manager-role +subjects: +- kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml new file mode 100644 index 0000000..0ec9072 --- /dev/null +++ b/config/rbac/service_account.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: prefect-operator + app.kubernetes.io/managed-by: kustomize + name: controller-manager + namespace: system diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml new file mode 100644 index 0000000..5b3a63b --- /dev/null +++ b/config/samples/kustomization.yaml @@ -0,0 +1,9 @@ +## Append samples of your project ## +resources: + - v1_prefectserver_sqlite.yaml + - _v1_prefectserver_sqlite.yaml + - v1_prefectserver_postgres.yaml + - _v1_prefectserver_postgres.yaml + - v1_prefectworkpool.yaml + - _v1_prefectworkpool.yaml +#+kubebuilder:scaffold:manifestskustomizesamples diff --git a/config/samples/v1_prefectserver_ephemeral.yaml b/config/samples/v1_prefectserver_ephemeral.yaml new file mode 100644 index 0000000..6c81cea --- /dev/null +++ b/config/samples/v1_prefectserver_ephemeral.yaml @@ -0,0 +1,8 @@ +apiVersion: prefect.io/v1 +kind: PrefectServer +metadata: + labels: + app.kubernetes.io/name: prefect-operator + app.kubernetes.io/managed-by: kustomize + name: prefect-ephemeral +spec: diff --git a/examples/postgres/01-postgres.yaml b/config/samples/v1_prefectserver_postgres.yaml similarity index 53% rename from examples/postgres/01-postgres.yaml rename to config/samples/v1_prefectserver_postgres.yaml index 13196d9..16f0865 100644 --- a/examples/postgres/01-postgres.yaml +++ b/config/samples/v1_prefectserver_postgres.yaml @@ -1,15 +1,21 @@ apiVersion: v1 +kind: ConfigMap +metadata: + name: database-config +data: + user: prefect + database: prefect +--- +apiVersion: v1 kind: Secret metadata: - namespace: pop-pg - name: postgres-secrets + name: database-secrets stringData: - password: super-secret + password: supers3cret! --- apiVersion: apps/v1 kind: StatefulSet metadata: - namespace: pop-pg name: postgres spec: replicas: 1 @@ -26,13 +32,19 @@ spec: image: postgres:16 env: - name: POSTGRES_DB - value: prefect + valueFrom: + configMapKeyRef: + name: database-config + key: database - name: POSTGRES_USER - value: prefect + valueFrom: + configMapKeyRef: + name: database-config + key: user - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: postgres-secrets + name: database-secrets key: password ports: - containerPort: 5432 @@ -54,7 +66,6 @@ spec: apiVersion: v1 kind: Service metadata: - namespace: pop-pg name: postgres spec: selector: @@ -63,3 +74,27 @@ spec: - protocol: TCP port: 5432 targetPort: 5432 +--- +apiVersion: prefect.io/v1 +kind: PrefectServer +metadata: + labels: + app.kubernetes.io/name: prefect-operator + app.kubernetes.io/managed-by: kustomize + name: prefect-postgres +spec: + postgres: + host: postgres + port: 5432 + userFrom: + configMapKeyRef: + name: database-config + key: user + passwordFrom: + secretKeyRef: + name: database-secrets + key: password + databaseFrom: + configMapKeyRef: + name: database-config + key: database diff --git a/config/samples/v1_prefectserver_sqlite.yaml b/config/samples/v1_prefectserver_sqlite.yaml new file mode 100644 index 0000000..e9c2d68 --- /dev/null +++ b/config/samples/v1_prefectserver_sqlite.yaml @@ -0,0 +1,11 @@ +apiVersion: prefect.io/v1 +kind: PrefectServer +metadata: + labels: + app.kubernetes.io/name: prefect-operator + app.kubernetes.io/managed-by: kustomize + name: prefect-sqlite +spec: + sqlite: + storageClassName: standard + size: 1Gi diff --git a/config/samples/v1_prefectworkpool.yaml b/config/samples/v1_prefectworkpool.yaml new file mode 100644 index 0000000..f9565d1 --- /dev/null +++ b/config/samples/v1_prefectworkpool.yaml @@ -0,0 +1,11 @@ +apiVersion: prefect.io/v1 +kind: PrefectWorkPool +metadata: + labels: + app.kubernetes.io/name: prefect-operator + app.kubernetes.io/managed-by: kustomize + name: prefectworkpool-sample +spec: + server: + namespace: default + name: prefectserver-sqlite diff --git a/config/scorecard/bases/config.yaml b/config/scorecard/bases/config.yaml new file mode 100644 index 0000000..c770478 --- /dev/null +++ b/config/scorecard/bases/config.yaml @@ -0,0 +1,7 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: [] diff --git a/config/scorecard/kustomization.yaml b/config/scorecard/kustomization.yaml new file mode 100644 index 0000000..50cd2d0 --- /dev/null +++ b/config/scorecard/kustomization.yaml @@ -0,0 +1,16 @@ +resources: +- bases/config.yaml +patchesJson6902: +- path: patches/basic.config.yaml + target: + group: scorecard.operatorframework.io + version: v1alpha3 + kind: Configuration + name: config +- path: patches/olm.config.yaml + target: + group: scorecard.operatorframework.io + version: v1alpha3 + kind: Configuration + name: config +#+kubebuilder:scaffold:patchesJson6902 diff --git a/config/scorecard/patches/basic.config.yaml b/config/scorecard/patches/basic.config.yaml new file mode 100644 index 0000000..d6d858a --- /dev/null +++ b/config/scorecard/patches/basic.config.yaml @@ -0,0 +1,10 @@ +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.36.1 + labels: + suite: basic + test: basic-check-spec-test diff --git a/config/scorecard/patches/olm.config.yaml b/config/scorecard/patches/olm.config.yaml new file mode 100644 index 0000000..b4325b7 --- /dev/null +++ b/config/scorecard/patches/olm.config.yaml @@ -0,0 +1,50 @@ +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.36.1 + labels: + suite: olm + test: olm-bundle-validation-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.36.1 + labels: + suite: olm + test: olm-crds-have-validation-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:v1.36.1 + labels: + suite: olm + test: olm-crds-have-resources-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.36.1 + labels: + suite: olm + test: olm-spec-descriptors-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:v1.36.1 + labels: + suite: olm + test: olm-status-descriptors-test diff --git a/crds.yaml b/crds.yaml deleted file mode 100644 index f9ad2d1..0000000 --- a/crds.yaml +++ /dev/null @@ -1,141 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: prefectservers.prefect.io -spec: - group: prefect.io - names: - kind: PrefectServer - plural: prefectservers - singular: prefectserver - scope: Namespaced - versions: - - name: v3 - schema: - openAPIV3Schema: - properties: - spec: - properties: - postgres: - default: null - properties: - database: - title: Database - type: string - host: - title: Host - type: string - passwordSecretKeyRef: - properties: - key: - title: Key - type: string - name: - title: Name - type: string - required: - - name - - key - title: SecretKeyReference - type: object - port: - title: Port - type: integer - user: - title: User - type: string - required: - - host - - port - - user - - passwordSecretKeyRef - - database - title: PrefectPostgresDatabase - type: object - settings: - default: [] - items: - properties: - name: - title: Name - type: string - value: - title: Value - type: string - required: - - name - - value - title: PrefectSetting - type: object - title: Settings - type: array - sqlite: - default: null - properties: - size: - title: Size - type: string - storageClassName: - title: Storageclassname - type: string - required: - - storageClassName - - size - title: PrefectSqliteDatabase - type: object - version: - default: 3.0.0rc13 - title: Version - type: string - title: PrefectServer - type: object - type: object - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: prefectworkpools.prefect.io -spec: - group: prefect.io - names: - kind: PrefectWorkPool - plural: prefectworkpools - singular: prefectworkpool - scope: Namespaced - versions: - - name: v3 - schema: - openAPIV3Schema: - properties: - spec: - properties: - server: - properties: - name: - title: Name - type: string - namespace: - default: '' - title: Namespace - type: string - required: - - name - title: PrefectServerReference - type: object - version: - default: 3.0.0rc13 - title: Version - type: string - workers: - default: 1 - title: Workers - type: integer - required: - - server - title: PrefectWorkPool - type: object - type: object - served: true - storage: true diff --git a/deploy-example b/deploy-example deleted file mode 100755 index f1172e3..0000000 --- a/deploy-example +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash -kubectl apply -f - << NAMESPACE -apiVersion: v1 -kind: Namespace -metadata: - name: prefect-operator -NAMESPACE - -make docker -kubectl -n prefect-operator apply -f operator.yaml -kubectl -n prefect-operator rollout restart deployment prefect-operator - -python -m prefect_operator generate-crds > crds.yaml -kubectl apply -f crds.yaml - -if [ -z "$1" ]; then - exit 0 -fi - -for f in examples/$1/*.yaml; do - kubectl apply -f $f -done diff --git a/examples/postgres/00-namespace.yaml b/examples/postgres/00-namespace.yaml deleted file mode 100644 index 4b8c0b4..0000000 --- a/examples/postgres/00-namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: pop-pg diff --git a/examples/postgres/02-prefect.yaml b/examples/postgres/02-prefect.yaml deleted file mode 100644 index d3ac922..0000000 --- a/examples/postgres/02-prefect.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: prefect.io/v3 -kind: PrefectServer -metadata: - namespace: pop-pg - name: my-server -spec: - version: 3.0.0rc13 - postgres: - host: postgres - port: 5432 - user: prefect - passwordSecretKeyRef: - name: postgres-secrets - key: password - database: prefect - settings: - - name: PREFECT_LOGGING_SERVER_LEVEL - value: INFO - - name: PREFECT_SERVER_ANALYTICS_ENABLED - value: "false" ---- -apiVersion: prefect.io/v3 -kind: PrefectWorkPool -metadata: - namespace: pop-pg - name: my-work-pool -spec: - version: 3.0.0rc13 - server: - namespace: pop-pg - name: my-server - workers: 2 diff --git a/examples/sqlite/00-namespace.yaml b/examples/sqlite/00-namespace.yaml deleted file mode 100644 index 78bfa4d..0000000 --- a/examples/sqlite/00-namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: pop-sl diff --git a/examples/sqlite/01-prefect.yaml b/examples/sqlite/01-prefect.yaml deleted file mode 100644 index fbfdafe..0000000 --- a/examples/sqlite/01-prefect.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: prefect.io/v3 -kind: PrefectServer -metadata: - namespace: pop-sl - name: my-server -spec: - sqlite: - storageClassName: standard - size: 256Mi - settings: - - name: PREFECT_LOGGING_SERVER_LEVEL - value: INFO - - name: PREFECT_SERVER_ANALYTICS_ENABLED - value: "false" ---- -apiVersion: prefect.io/v3 -kind: PrefectWorkPool -metadata: - namespace: pop-sl - name: my-work-pool -spec: - server: - namespace: pop-sl - name: my-server - workers: 2 diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..b875a1d --- /dev/null +++ b/go.mod @@ -0,0 +1,73 @@ +module github.com/PrefectHQ/prefect-operator + +go 1.21 + +require ( + github.com/onsi/ginkgo/v2 v2.14.0 + github.com/onsi/gomega v1.30.0 + k8s.io/apimachinery v0.29.2 + k8s.io/client-go v0.29.2 + sigs.k8s.io/controller-runtime v0.17.3 +) + +require ( + github.com/beorn7/perks v1.0.1 // indirect + github.com/cespare/xxhash/v2 v2.2.0 // indirect + github.com/davecgh/go-spew v1.1.1 // indirect + github.com/emicklei/go-restful/v3 v3.11.0 // indirect + github.com/evanphx/json-patch/v5 v5.8.0 // indirect + github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/go-logr/logr v1.4.1 // indirect + github.com/go-logr/zapr v1.3.0 // indirect + github.com/go-openapi/jsonpointer v0.19.6 // indirect + github.com/go-openapi/jsonreference v0.20.2 // indirect + github.com/go-openapi/swag v0.22.3 // indirect + github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect + github.com/gogo/protobuf v1.3.2 // indirect + github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect + github.com/golang/protobuf v1.5.3 // indirect + github.com/google/gnostic-models v0.6.8 // indirect + github.com/google/go-cmp v0.6.0 // indirect + github.com/google/gofuzz v1.2.0 // indirect + github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect + github.com/google/uuid v1.3.0 // indirect + github.com/imdario/mergo v0.3.6 // indirect + github.com/josharian/intern v1.0.0 // indirect + github.com/json-iterator/go v1.1.12 // indirect + github.com/mailru/easyjson v0.7.7 // indirect + github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect + github.com/pkg/errors v0.9.1 // indirect + github.com/prometheus/client_golang v1.18.0 // indirect + github.com/prometheus/client_model v0.5.0 // indirect + github.com/prometheus/common v0.45.0 // indirect + github.com/prometheus/procfs v0.12.0 // indirect + github.com/spf13/pflag v1.0.5 // indirect + go.uber.org/multierr v1.11.0 // indirect + go.uber.org/zap v1.26.0 // indirect + golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect + golang.org/x/net v0.19.0 // indirect + golang.org/x/oauth2 v0.12.0 // indirect + golang.org/x/sys v0.16.0 // indirect + golang.org/x/term v0.15.0 // indirect + golang.org/x/text v0.14.0 // indirect + golang.org/x/time v0.3.0 // indirect + golang.org/x/tools v0.16.1 // indirect + gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect + google.golang.org/appengine v1.6.7 // indirect + google.golang.org/protobuf v1.31.0 // indirect + gopkg.in/inf.v0 v0.9.1 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect + k8s.io/api v0.29.2 // indirect + k8s.io/apiextensions-apiserver v0.29.2 // indirect + k8s.io/component-base v0.29.2 // indirect + k8s.io/klog/v2 v2.110.1 // indirect + k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect + k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect + sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect + sigs.k8s.io/yaml v1.4.0 // indirect +) diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..9b3607f --- /dev/null +++ b/go.sum @@ -0,0 +1,205 @@ +github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= +github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= +github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= +github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= +github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= +github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= +github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch/v5 v5.8.0 h1:lRj6N9Nci7MvzrXuX6HFzU8XjmhPiXPlsKEy1u0KQro= +github.com/evanphx/json-patch/v5 v5.8.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= +github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= +github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= +github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= +github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= +github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= +github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= +github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= +github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= +github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= +github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= +github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= +github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= +github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= +github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= +github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= +github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= +github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= +github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= +github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28= +github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= +github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= +github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= +github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= +github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg= +github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= +github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/onsi/ginkgo/v2 v2.14.0 h1:vSmGj2Z5YPb9JwCWT6z6ihcUvDhuXLc3sJiqd3jMKAY= +github.com/onsi/ginkgo/v2 v2.14.0/go.mod h1:JkUdW7JkN0V6rFvsHcJ478egV3XH9NxpD27Hal/PhZw= +github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= +github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk= +github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA= +github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= +github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= +github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM= +github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY= +github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= +github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= +github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= +github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= +go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= +go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= +go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= +go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= +go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e h1:+WEEuIdZHnUeJJmEUjyYC2gfUMj69yZXw17EnHg/otA= +golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e/go.mod h1:Kr81I6Kryrl9sr8s2FK3vxD90NdsKWRuOIl2O4CvYbA= +golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= +golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= +golang.org/x/oauth2 v0.12.0 h1:smVPGxink+n1ZI5pkQa8y6fZT0RW0MgCO5bFpepy4B4= +golang.org/x/oauth2 v0.12.0/go.mod h1:A74bZ3aGXgCY0qaIC9Ahg6Lglin4AMAco8cIv9baba4= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= +golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= +golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= +golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA= +golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= +gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= +google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= +google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= +google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= +gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +k8s.io/api v0.29.2 h1:hBC7B9+MU+ptchxEqTNW2DkUosJpp1P+Wn6YncZ474A= +k8s.io/api v0.29.2/go.mod h1:sdIaaKuU7P44aoyyLlikSLayT6Vb7bvJNCX105xZXY0= +k8s.io/apiextensions-apiserver v0.29.2 h1:UK3xB5lOWSnhaCk0RFZ0LUacPZz9RY4wi/yt2Iu+btg= +k8s.io/apiextensions-apiserver v0.29.2/go.mod h1:aLfYjpA5p3OwtqNXQFkhJ56TB+spV8Gc4wfMhUA3/b8= +k8s.io/apimachinery v0.29.2 h1:EWGpfJ856oj11C52NRCHuU7rFDwxev48z+6DSlGNsV8= +k8s.io/apimachinery v0.29.2/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU= +k8s.io/client-go v0.29.2 h1:FEg85el1TeZp+/vYJM7hkDlSTFZ+c5nnK44DJ4FyoRg= +k8s.io/client-go v0.29.2/go.mod h1:knlvFZE58VpqbQpJNbCbctTVXcd35mMyAAwBdpt4jrA= +k8s.io/component-base v0.29.2 h1:lpiLyuvPA9yV1aQwGLENYyK7n/8t6l3nn3zAtFTJYe8= +k8s.io/component-base v0.29.2/go.mod h1:BfB3SLrefbZXiBfbM+2H1dlat21Uewg/5qtKOl8degM= +k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= +k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo= +k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780= +k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= +k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= +k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/controller-runtime v0.17.3 h1:65QmN7r3FWgTxDMz9fvGnO1kbf2nu+acg9p2R9oYYYk= +sigs.k8s.io/controller-runtime v0.17.3/go.mod h1:N0jpP5Lo7lMTF9aL56Z/B2oWBJjey6StQM0jRbKQXtY= +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= +sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= +sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= +sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= +sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/hack/boilerplate.go.txt b/hack/boilerplate.go.txt new file mode 100644 index 0000000..ff72ff2 --- /dev/null +++ b/hack/boilerplate.go.txt @@ -0,0 +1,15 @@ +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ \ No newline at end of file diff --git a/internal/controller/prefectserver_controller.go b/internal/controller/prefectserver_controller.go new file mode 100644 index 0000000..6081946 --- /dev/null +++ b/internal/controller/prefectserver_controller.go @@ -0,0 +1,364 @@ +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package controller + +import ( + "context" + + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/types" + "k8s.io/apimachinery/pkg/util/intstr" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/log" + + prefectiov1 "github.com/PrefectHQ/prefect-operator/api/v1" +) + +// PrefectServerReconciler reconciles a PrefectServer object +type PrefectServerReconciler struct { + client.Client + Scheme *runtime.Scheme +} + +//+kubebuilder:rbac:groups=prefect.io,resources=prefectservers,verbs=get;list;watch;create;update;patch;delete +//+kubebuilder:rbac:groups=prefect.io,resources=prefectservers/status,verbs=get;update;patch +//+kubebuilder:rbac:groups=prefect.io,resources=prefectservers/finalizers,verbs=update +//+kubebuilder:rbac:groups=core,resources=events,verbs=create;patch +//+kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete +//+kubebuilder:rbac:groups=core,resources=services,verbs=get;list;watch;create;update;patch;delete +//+kubebuilder:rbac:groups=core,resources=pods,verbs=get;list;watch + +// Reconcile is part of the main kubernetes reconciliation loop which aims to +// move the current state of the cluster closer to the desired state. +// +// TODO(user): Modify the Reconcile function to compare the state specified by +// the PrefectServer object against the actual cluster state, and then +// perform operations to make the cluster state reflect the state specified by +// the user. +// +// For more details, check Reconcile and its Result here: +// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.17.3/pkg/reconcile +func (r *PrefectServerReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { + _ = log.FromContext(ctx) + + server := &prefectiov1.PrefectServer{} + err := r.Get(ctx, req.NamespacedName, server) + if errors.IsNotFound(err) { + return ctrl.Result{}, nil + } else if err != nil { + return ctrl.Result{}, err + } + + desiredDeployment, desiredPVC := r.prefectServerDeployment(server) + desiredService := r.prefectServerService(server) + + // Reconcile the PVC, if one is required + if desiredPVC != nil { + foundPVC := &corev1.PersistentVolumeClaim{} + err = r.Get(ctx, types.NamespacedName{Name: desiredPVC.Name, Namespace: server.Namespace}, foundPVC) + if errors.IsNotFound(err) { + if err = r.Create(ctx, desiredPVC); err != nil { + return ctrl.Result{}, err + } + return ctrl.Result{Requeue: true}, nil + } else if err != nil { + return ctrl.Result{}, err + } else if !metav1.IsControlledBy(foundPVC, server) { + return ctrl.Result{}, errors.NewBadRequest("PVC already exists and is not controlled by PrefectServer") + } else { + // TODO: handle patching the PVC if there are meaningful updates + } + } + + // Reconcile the Deployment + foundDeployment := &appsv1.Deployment{} + err = r.Get(ctx, types.NamespacedName{Name: server.Name, Namespace: server.Namespace}, foundDeployment) + if errors.IsNotFound(err) { + if err = r.Create(ctx, &desiredDeployment); err != nil { + return ctrl.Result{}, err + } + return ctrl.Result{Requeue: true}, nil + } else if err != nil { + return ctrl.Result{}, err + } else if !metav1.IsControlledBy(foundDeployment, server) { + return ctrl.Result{}, errors.NewBadRequest("Deployment already exists and is not controlled by PrefectServer") + } else { + if err = r.Update(ctx, &desiredDeployment); err != nil { + return ctrl.Result{}, err + } + } + + // Reconcile the Service + foundService := &corev1.Service{} + err = r.Get(ctx, types.NamespacedName{Name: server.Name, Namespace: server.Namespace}, foundService) + if errors.IsNotFound(err) { + if err = r.Create(ctx, &desiredService); err != nil { + return ctrl.Result{}, err + } + return ctrl.Result{Requeue: true}, nil + } else if err != nil { + return ctrl.Result{}, err + } else if !metav1.IsControlledBy(foundService, server) { + return ctrl.Result{}, errors.NewBadRequest("Service already exists and is not controlled by PrefectServer") + } else { + if err = r.Update(ctx, &desiredService); err != nil { + return ctrl.Result{}, err + } + } + + return ctrl.Result{}, nil +} + +func (r *PrefectServerReconciler) prefectServerDeployment(server *prefectiov1.PrefectServer) (appsv1.Deployment, *corev1.PersistentVolumeClaim) { + var pvc *corev1.PersistentVolumeClaim + var deploymentSpec appsv1.DeploymentSpec + + if server.Spec.SQLite != nil { + pvc = &corev1.PersistentVolumeClaim{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: server.Namespace, + Name: server.Name + "-data", + }, + Spec: corev1.PersistentVolumeClaimSpec{ + StorageClassName: &server.Spec.SQLite.StorageClassName, + AccessModes: []corev1.PersistentVolumeAccessMode{ + corev1.ReadWriteOnce, + }, + Resources: corev1.VolumeResourceRequirements{ + Requests: corev1.ResourceList{ + corev1.ResourceStorage: server.Spec.SQLite.Size, + }, + }, + }, + } + + deploymentSpec = r.sqliteDeploymentSpec(server, pvc) + } else if server.Spec.Postgres != nil { + deploymentSpec = r.postgresDeploymentSpec(server) + } else { + if server.Spec.Ephemeral == nil { + server.Spec.Ephemeral = &prefectiov1.EphemeralConfiguration{} + } + deploymentSpec = r.ephemeralDeploymentSpec(server) + } + + dep := &appsv1.Deployment{ + ObjectMeta: metav1.ObjectMeta{ + Name: server.Name, + Namespace: server.Namespace, + }, + Spec: deploymentSpec, + } + + // Set PrefectServer instance as the owner and controller + ctrl.SetControllerReference(server, dep, r.Scheme) + if pvc != nil { + ctrl.SetControllerReference(server, pvc, r.Scheme) + } + return *dep, pvc +} + +func (r *PrefectServerReconciler) ephemeralDeploymentSpec(server *prefectiov1.PrefectServer) appsv1.DeploymentSpec { + return appsv1.DeploymentSpec{ + Strategy: appsv1.DeploymentStrategy{ + Type: appsv1.RollingUpdateDeploymentStrategyType, + }, + Selector: &metav1.LabelSelector{ + MatchLabels: server.ServerLabels(), + }, + Template: corev1.PodTemplateSpec{ + ObjectMeta: metav1.ObjectMeta{ + Labels: server.ServerLabels(), + }, + Spec: corev1.PodSpec{ + Volumes: []corev1.Volume{ + { + Name: "prefect-data", + VolumeSource: corev1.VolumeSource{ + EmptyDir: &corev1.EmptyDirVolumeSource{}, + }, + }, + }, + Containers: []corev1.Container{ + { + Name: server.Name, + Image: server.Image(), + Command: server.Command(), + VolumeMounts: []corev1.VolumeMount{ + { + Name: "prefect-data", + MountPath: "/var/lib/prefect/", + }, + }, + Env: append(append([]corev1.EnvVar{ + { + Name: "PREFECT_HOME", + Value: "/var/lib/prefect/", + }, + }, server.Spec.Ephemeral.ToEnvVars()...), server.Spec.Settings...), + Ports: []corev1.ContainerPort{ + { + Name: "api", + ContainerPort: 4200, + }, + }, + StartupProbe: server.StartupProbe(), + ReadinessProbe: server.ReadinessProbe(), + LivenessProbe: server.LivenessProbe(), + }, + }, + }, + }, + } +} + +func (r *PrefectServerReconciler) sqliteDeploymentSpec(server *prefectiov1.PrefectServer, pvc *corev1.PersistentVolumeClaim) appsv1.DeploymentSpec { + return appsv1.DeploymentSpec{ + Strategy: appsv1.DeploymentStrategy{ + Type: appsv1.RecreateDeploymentStrategyType, + }, + Selector: &metav1.LabelSelector{ + MatchLabels: server.ServerLabels(), + }, + Template: corev1.PodTemplateSpec{ + ObjectMeta: metav1.ObjectMeta{ + Labels: server.ServerLabels(), + }, + Spec: corev1.PodSpec{ + Volumes: []corev1.Volume{ + { + Name: pvc.Name, + VolumeSource: corev1.VolumeSource{ + PersistentVolumeClaim: &corev1.PersistentVolumeClaimVolumeSource{ + ClaimName: pvc.Name, + }, + }, + }, + }, + Containers: []corev1.Container{ + { + Name: server.Name, + Image: server.Image(), + Command: server.Command(), + VolumeMounts: []corev1.VolumeMount{ + { + Name: pvc.Name, + MountPath: "/var/lib/prefect/", + }, + }, + Env: append(append([]corev1.EnvVar{ + { + Name: "PREFECT_HOME", + Value: "/var/lib/prefect/", + }, + }, server.Spec.SQLite.ToEnvVars()...), server.Spec.Settings...), + Ports: []corev1.ContainerPort{ + { + Name: "api", + ContainerPort: 4200, + }, + }, + StartupProbe: server.StartupProbe(), + ReadinessProbe: server.ReadinessProbe(), + LivenessProbe: server.LivenessProbe(), + }, + }, + }, + }, + } +} + +func (r *PrefectServerReconciler) postgresDeploymentSpec(server *prefectiov1.PrefectServer) appsv1.DeploymentSpec { + return appsv1.DeploymentSpec{ + Strategy: appsv1.DeploymentStrategy{ + Type: appsv1.RollingUpdateDeploymentStrategyType, + }, + Selector: &metav1.LabelSelector{ + MatchLabels: server.ServerLabels(), + }, + Template: corev1.PodTemplateSpec{ + ObjectMeta: metav1.ObjectMeta{ + Labels: server.ServerLabels(), + }, + Spec: corev1.PodSpec{ + Containers: []corev1.Container{ + { + Name: server.Name, + Image: server.Image(), + Command: server.Command(), + Env: append(append([]corev1.EnvVar{ + { + Name: "PREFECT_HOME", + Value: "/var/lib/prefect/", + }, + }, server.Spec.Postgres.ToEnvVars()...), server.Spec.Settings...), + Ports: []corev1.ContainerPort{ + { + Name: "api", + ContainerPort: 4200, + }, + }, + StartupProbe: server.StartupProbe(), + ReadinessProbe: server.ReadinessProbe(), + LivenessProbe: server.LivenessProbe(), + }, + }, + }, + }, + } +} + +func (r *PrefectServerReconciler) prefectServerService(server *prefectiov1.PrefectServer) corev1.Service { + service := corev1.Service{ + ObjectMeta: metav1.ObjectMeta{ + Name: server.Name, + Namespace: server.Namespace, + }, + Spec: corev1.ServiceSpec{ + Selector: map[string]string{ + "app": server.Name, + }, + Ports: []corev1.ServicePort{ + { + Name: "api", + Protocol: corev1.ProtocolTCP, + Port: 4200, + TargetPort: intstr.FromString("api"), + }, + }, + }, + } + + ctrl.SetControllerReference(server, &service, r.Scheme) + + return service +} + +// SetupWithManager sets up the controller with the Manager. +func (r *PrefectServerReconciler) SetupWithManager(mgr ctrl.Manager) error { + return ctrl.NewControllerManagedBy(mgr). + For(&prefectiov1.PrefectServer{}). + Owns(&appsv1.Deployment{}). + Owns(&corev1.Service{}). + Owns(&corev1.PersistentVolumeClaim{}). + Complete(r) +} diff --git a/internal/controller/prefectserver_controller_test.go b/internal/controller/prefectserver_controller_test.go new file mode 100644 index 0000000..1414f91 --- /dev/null +++ b/internal/controller/prefectserver_controller_test.go @@ -0,0 +1,84 @@ +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package controller + +import ( + "context" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/types" + "sigs.k8s.io/controller-runtime/pkg/reconcile" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + prefectiov1 "github.com/PrefectHQ/prefect-operator/api/v1" +) + +var _ = Describe("PrefectServer Controller", func() { + Context("When reconciling a resource", func() { + const resourceName = "test-resource" + + ctx := context.Background() + + typeNamespacedName := types.NamespacedName{ + Name: resourceName, + Namespace: "default", // TODO(user):Modify as needed + } + prefectserver := &prefectiov1.PrefectServer{} + + BeforeEach(func() { + By("creating the custom resource for the Kind PrefectServer") + err := k8sClient.Get(ctx, typeNamespacedName, prefectserver) + if err != nil && errors.IsNotFound(err) { + resource := &prefectiov1.PrefectServer{ + ObjectMeta: metav1.ObjectMeta{ + Name: resourceName, + Namespace: "default", + }, + // TODO(user): Specify other spec details if needed. + } + Expect(k8sClient.Create(ctx, resource)).To(Succeed()) + } + }) + + AfterEach(func() { + // TODO(user): Cleanup logic after each test, like removing the resource instance. + resource := &prefectiov1.PrefectServer{} + err := k8sClient.Get(ctx, typeNamespacedName, resource) + Expect(err).NotTo(HaveOccurred()) + + By("Cleanup the specific resource instance PrefectServer") + Expect(k8sClient.Delete(ctx, resource)).To(Succeed()) + }) + It("should successfully reconcile the resource", func() { + By("Reconciling the created resource") + controllerReconciler := &PrefectServerReconciler{ + Client: k8sClient, + Scheme: k8sClient.Scheme(), + } + + _, err := controllerReconciler.Reconcile(ctx, reconcile.Request{ + NamespacedName: typeNamespacedName, + }) + Expect(err).NotTo(HaveOccurred()) + // TODO(user): Add more specific assertions depending on your controller's reconciliation logic. + // Example: If you expect a certain status condition after reconciliation, verify it here. + }) + }) +}) diff --git a/internal/controller/prefectworkpool_controller.go b/internal/controller/prefectworkpool_controller.go new file mode 100644 index 0000000..d7007e5 --- /dev/null +++ b/internal/controller/prefectworkpool_controller.go @@ -0,0 +1,64 @@ +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package controller + +import ( + "context" + + appsv1 "k8s.io/api/apps/v1" + "k8s.io/apimachinery/pkg/runtime" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/log" + + prefectiov1 "github.com/PrefectHQ/prefect-operator/api/v1" +) + +// PrefectWorkPoolReconciler reconciles a PrefectWorkPool object +type PrefectWorkPoolReconciler struct { + client.Client + Scheme *runtime.Scheme +} + +//+kubebuilder:rbac:groups=prefect.io,resources=prefectworkpools,verbs=get;list;watch;create;update;patch;delete +//+kubebuilder:rbac:groups=prefect.io,resources=prefectworkpools/status,verbs=get;update;patch +//+kubebuilder:rbac:groups=prefect.io,resources=prefectworkpools/finalizers,verbs=update + +// Reconcile is part of the main kubernetes reconciliation loop which aims to +// move the current state of the cluster closer to the desired state. +// TODO(user): Modify the Reconcile function to compare the state specified by +// the PrefectWorkPool object against the actual cluster state, and then +// perform operations to make the cluster state reflect the state specified by +// the user. +// +// For more details, check Reconcile and its Result here: +// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.17.3/pkg/reconcile +func (r *PrefectWorkPoolReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { + _ = log.FromContext(ctx) + + // TODO(user): your logic here + + return ctrl.Result{}, nil +} + +// SetupWithManager sets up the controller with the Manager. +func (r *PrefectWorkPoolReconciler) SetupWithManager(mgr ctrl.Manager) error { + return ctrl.NewControllerManagedBy(mgr). + For(&prefectiov1.PrefectWorkPool{}). + Owns(&appsv1.Deployment{}). + Complete(r) +} diff --git a/internal/controller/prefectworkpool_controller_test.go b/internal/controller/prefectworkpool_controller_test.go new file mode 100644 index 0000000..5278a0b --- /dev/null +++ b/internal/controller/prefectworkpool_controller_test.go @@ -0,0 +1,84 @@ +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package controller + +import ( + "context" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/types" + "sigs.k8s.io/controller-runtime/pkg/reconcile" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + prefectiov1 "github.com/PrefectHQ/prefect-operator/api/v1" +) + +var _ = Describe("PrefectWorkPool Controller", func() { + Context("When reconciling a resource", func() { + const resourceName = "test-resource" + + ctx := context.Background() + + typeNamespacedName := types.NamespacedName{ + Name: resourceName, + Namespace: "default", // TODO(user):Modify as needed + } + prefectworkpool := &prefectiov1.PrefectWorkPool{} + + BeforeEach(func() { + By("creating the custom resource for the Kind PrefectWorkPool") + err := k8sClient.Get(ctx, typeNamespacedName, prefectworkpool) + if err != nil && errors.IsNotFound(err) { + resource := &prefectiov1.PrefectWorkPool{ + ObjectMeta: metav1.ObjectMeta{ + Name: resourceName, + Namespace: "default", + }, + // TODO(user): Specify other spec details if needed. + } + Expect(k8sClient.Create(ctx, resource)).To(Succeed()) + } + }) + + AfterEach(func() { + // TODO(user): Cleanup logic after each test, like removing the resource instance. + resource := &prefectiov1.PrefectWorkPool{} + err := k8sClient.Get(ctx, typeNamespacedName, resource) + Expect(err).NotTo(HaveOccurred()) + + By("Cleanup the specific resource instance PrefectWorkPool") + Expect(k8sClient.Delete(ctx, resource)).To(Succeed()) + }) + It("should successfully reconcile the resource", func() { + By("Reconciling the created resource") + controllerReconciler := &PrefectWorkPoolReconciler{ + Client: k8sClient, + Scheme: k8sClient.Scheme(), + } + + _, err := controllerReconciler.Reconcile(ctx, reconcile.Request{ + NamespacedName: typeNamespacedName, + }) + Expect(err).NotTo(HaveOccurred()) + // TODO(user): Add more specific assertions depending on your controller's reconciliation logic. + // Example: If you expect a certain status condition after reconciliation, verify it here. + }) + }) +}) diff --git a/internal/controller/suite_test.go b/internal/controller/suite_test.go new file mode 100644 index 0000000..61cd0e2 --- /dev/null +++ b/internal/controller/suite_test.go @@ -0,0 +1,90 @@ +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package controller + +import ( + "fmt" + "path/filepath" + "runtime" + "testing" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + + "k8s.io/client-go/kubernetes/scheme" + "k8s.io/client-go/rest" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/envtest" + logf "sigs.k8s.io/controller-runtime/pkg/log" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + + prefectiov1 "github.com/PrefectHQ/prefect-operator/api/v1" + //+kubebuilder:scaffold:imports +) + +// These tests use Ginkgo (BDD-style Go testing framework). Refer to +// http://onsi.github.io/ginkgo/ to learn more about Ginkgo. + +var cfg *rest.Config +var k8sClient client.Client +var testEnv *envtest.Environment + +func TestControllers(t *testing.T) { + RegisterFailHandler(Fail) + + RunSpecs(t, "Controller Suite") +} + +var _ = BeforeSuite(func() { + logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true))) + + By("bootstrapping test environment") + testEnv = &envtest.Environment{ + CRDDirectoryPaths: []string{filepath.Join("..", "..", "config", "crd", "bases")}, + ErrorIfCRDPathMissing: true, + + // The BinaryAssetsDirectory is only required if you want to run the tests directly + // without call the makefile target test. If not informed it will look for the + // default path defined in controller-runtime which is /usr/local/kubebuilder/. + // Note that you must have the required binaries setup under the bin directory to perform + // the tests directly. When we run make test it will be setup and used automatically. + BinaryAssetsDirectory: filepath.Join("..", "..", "bin", "k8s", + fmt.Sprintf("1.29.0-%s-%s", runtime.GOOS, runtime.GOARCH)), + } + + var err error + // cfg is defined in this file globally. + cfg, err = testEnv.Start() + Expect(err).NotTo(HaveOccurred()) + Expect(cfg).NotTo(BeNil()) + + err = prefectiov1.AddToScheme(scheme.Scheme) + Expect(err).NotTo(HaveOccurred()) + + //+kubebuilder:scaffold:scheme + + k8sClient, err = client.New(cfg, client.Options{Scheme: scheme.Scheme}) + Expect(err).NotTo(HaveOccurred()) + Expect(k8sClient).NotTo(BeNil()) + +}) + +var _ = AfterSuite(func() { + By("tearing down the test environment") + err := testEnv.Stop() + Expect(err).NotTo(HaveOccurred()) +}) diff --git a/operator.yaml b/operator.yaml deleted file mode 100644 index 5628130..0000000 --- a/operator.yaml +++ /dev/null @@ -1,93 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: prefect-operator-role-cluster -rules: - - # Kopf framework: knowing which other operators are running (i.e. peering) - - apiGroups: [kopf.dev] - resources: [clusterkopfpeerings] - verbs: [list, watch, patch, get] - - # Kopf framework: runtime observation of namespaces & CRDs (addition/deletion) - - apiGroups: [apiextensions.k8s.io] - resources: [customresourcedefinitions] - verbs: [list, watch] - - apiGroups: [""] - resources: [namespaces] - verbs: [list, watch] - - # Kopf framework: admission webhook configuration management - - apiGroups: [admissionregistration.k8s.io/v1, admissionregistration.k8s.io/v1beta1] - resources: [validatingwebhookconfigurations, mutatingwebhookconfigurations] - verbs: [create, patch] - - # Kopf framework: events - - apiGroups: [""] - resources: [events] - verbs: [create] - - # Prefect operator: read-only access for watching prefect-operator CRDs cluster-wide - - apiGroups: [prefect.io] - resources: [prefectservers, prefectworkpools] - verbs: [list, get, watch, patch] - - # Prefect operator: write access to deployments, services, etc - - apiGroups: [""] - resources: [services, persistentvolumeclaims] - verbs: [list, get, create, update, patch, delete] - - - apiGroups: ["apps"] - resources: [deployments] - verbs: [list, get, create, update, patch, delete] - - - apiGroups: ["batch"] - resources: [jobs] - verbs: [list, get, create, update, patch, delete] - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - namespace: prefect-operator - name: prefect-operator - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: prefect-operator-rolebinding-cluster -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: prefect-operator-role-cluster -subjects: - - kind: ServiceAccount - namespace: prefect-operator - name: prefect-operator - ---- - -apiVersion: apps/v1 -kind: Deployment -metadata: - namespace: prefect-operator - name: prefect-operator -spec: - replicas: 1 - strategy: - type: Recreate - selector: - matchLabels: - app: prefect-operator - template: - metadata: - labels: - app: prefect-operator - spec: - serviceAccountName: prefect-operator - containers: - - name: operator - image: PrefectHQ/prefect-operator:latest - imagePullPolicy: IfNotPresent diff --git a/pyproject.toml b/pyproject.toml deleted file mode 100644 index e200121..0000000 --- a/pyproject.toml +++ /dev/null @@ -1,21 +0,0 @@ -[build-system] -requires = ["setuptools>=64", "setuptools_scm>=8"] -build-backend = "setuptools.build_meta" - -[tool.setuptools_scm] - -[project] -name = "prefect-operator" -requires-python = ">=3.11" - -dynamic = ["version"] - -[project.scripts] -prefect-operator = "prefect_operator.__main__:main" - -[tool.pytest.ini_options] -minversion = "8.3" -addopts = "--cov prefect_operator --cov tests --cov-branch --cov-report=term-missing" -testpaths = [ - "tests" -] diff --git a/requirements-dev.in b/requirements-dev.in deleted file mode 100644 index d09162a..0000000 --- a/requirements-dev.in +++ /dev/null @@ -1,10 +0,0 @@ -ipython -mypy -pre-commit -pytest -pytest-coverage -pytest-xdist -ruff -types-pyyaml -yamlfix -uv diff --git a/requirements-dev.txt b/requirements-dev.txt deleted file mode 100644 index adf9efd..0000000 --- a/requirements-dev.txt +++ /dev/null @@ -1,259 +0,0 @@ -# This file was autogenerated by uv via the following command: -# uv pip compile requirements.txt requirements-dev.in --output-file requirements-dev.txt -aiohappyeyeballs==2.3.4 - # via - # -r requirements.txt - # aiohttp -aiohttp==3.10.0 - # via - # -r requirements.txt - # kopf -aiosignal==1.3.1 - # via - # -r requirements.txt - # aiohttp -annotated-types==0.7.0 - # via - # -r requirements.txt - # pydantic -anyio==4.4.0 - # via - # -r requirements.txt - # httpx -asttokens==2.4.1 - # via stack-data -attrs==23.2.0 - # via - # -r requirements.txt - # aiohttp -cachetools==5.4.0 - # via - # -r requirements.txt - # google-auth -certifi==2024.7.4 - # via - # -r requirements.txt - # httpcore - # httpx - # kubernetes - # requests -cfgv==3.4.0 - # via pre-commit -charset-normalizer==3.3.2 - # via - # -r requirements.txt - # requests -click==8.1.7 - # via - # -r requirements.txt - # kopf - # maison - # yamlfix -coverage==7.6.0 - # via pytest-cov -decorator==5.1.1 - # via ipython -distlib==0.3.8 - # via virtualenv -distro==1.9.0 - # via ruyaml -execnet==2.1.1 - # via pytest-xdist -executing==2.0.1 - # via stack-data -filelock==3.15.4 - # via virtualenv -frozenlist==1.4.1 - # via - # -r requirements.txt - # aiohttp - # aiosignal -google-auth==2.32.0 - # via - # -r requirements.txt - # kubernetes -h11==0.14.0 - # via - # -r requirements.txt - # httpcore -httpcore==1.0.5 - # via - # -r requirements.txt - # httpx -httpx==0.27.0 - # via -r requirements.txt -identify==2.6.0 - # via pre-commit -idna==3.7 - # via - # -r requirements.txt - # anyio - # httpx - # requests - # yarl -iniconfig==2.0.0 - # via pytest -ipython==8.26.0 - # via -r requirements-dev.in -iso8601==2.1.0 - # via - # -r requirements.txt - # kopf -jedi==0.19.1 - # via ipython -kopf==1.37.2 - # via -r requirements.txt -kubernetes==30.1.0 - # via -r requirements.txt -maison==1.4.3 - # via yamlfix -matplotlib-inline==0.1.7 - # via ipython -multidict==6.0.5 - # via - # -r requirements.txt - # aiohttp - # yarl -mypy==1.11.1 - # via -r requirements-dev.in -mypy-extensions==1.0.0 - # via mypy -nodeenv==1.9.1 - # via pre-commit -oauthlib==3.2.2 - # via - # -r requirements.txt - # kubernetes - # requests-oauthlib -packaging==24.1 - # via pytest -parso==0.8.4 - # via jedi -pexpect==4.9.0 - # via ipython -platformdirs==4.2.2 - # via virtualenv -pluggy==1.5.0 - # via pytest -pre-commit==3.8.0 - # via -r requirements-dev.in -prompt-toolkit==3.0.47 - # via ipython -ptyprocess==0.7.0 - # via pexpect -pure-eval==0.2.3 - # via stack-data -pyasn1==0.6.0 - # via - # -r requirements.txt - # pyasn1-modules - # rsa -pyasn1-modules==0.4.0 - # via - # -r requirements.txt - # google-auth -pydantic==2.8.2 - # via - # -r requirements.txt - # maison -pydantic-core==2.20.1 - # via - # -r requirements.txt - # pydantic -pygments==2.18.0 - # via ipython -pytest==8.3.2 - # via - # -r requirements-dev.in - # pytest-cov - # pytest-xdist -pytest-cov==5.0.0 - # via pytest-cover -pytest-cover==3.0.0 - # via pytest-coverage -pytest-coverage==0.0 - # via -r requirements-dev.in -pytest-xdist==3.6.1 - # via -r requirements-dev.in -python-dateutil==2.9.0.post0 - # via - # -r requirements.txt - # kubernetes -python-json-logger==2.0.7 - # via - # -r requirements.txt - # kopf -pyyaml==6.0.1 - # via - # -r requirements.txt - # kopf - # kubernetes - # pre-commit -requests==2.32.3 - # via - # -r requirements.txt - # kubernetes - # requests-oauthlib -requests-oauthlib==2.0.0 - # via - # -r requirements.txt - # kubernetes -rsa==4.9 - # via - # -r requirements.txt - # google-auth -ruff==0.5.5 - # via -r requirements-dev.in -ruyaml==0.91.0 - # via yamlfix -setuptools==72.1.0 - # via ruyaml -six==1.16.0 - # via - # -r requirements.txt - # asttokens - # kubernetes - # python-dateutil -sniffio==1.3.1 - # via - # -r requirements.txt - # anyio - # httpx -stack-data==0.6.3 - # via ipython -toml==0.10.2 - # via maison -traitlets==5.14.3 - # via - # ipython - # matplotlib-inline -types-pyyaml==6.0.12.20240724 - # via -r requirements-dev.in -typing-extensions==4.12.2 - # via - # -r requirements.txt - # kopf - # mypy - # pydantic - # pydantic-core -urllib3==2.2.2 - # via - # -r requirements.txt - # kubernetes - # requests -uv==0.2.33 - # via -r requirements-dev.in -virtualenv==20.26.3 - # via pre-commit -wcwidth==0.2.13 - # via prompt-toolkit -websocket-client==1.8.0 - # via - # -r requirements.txt - # kubernetes -yamlfix==1.16.0 - # via -r requirements-dev.in -yarl==1.9.4 - # via - # -r requirements.txt - # aiohttp diff --git a/requirements.in b/requirements.in deleted file mode 100644 index 966c660..0000000 --- a/requirements.in +++ /dev/null @@ -1,5 +0,0 @@ -httpx -kopf -kubernetes -pydantic -pyyaml diff --git a/requirements.txt b/requirements.txt deleted file mode 100644 index 34ab1da..0000000 --- a/requirements.txt +++ /dev/null @@ -1,106 +0,0 @@ -# This file was autogenerated by uv via the following command: -# uv pip compile requirements.in --output-file requirements.txt -aiohappyeyeballs==2.3.4 - # via aiohttp -aiohttp==3.10.0 - # via kopf -aiosignal==1.3.1 - # via aiohttp -annotated-types==0.7.0 - # via pydantic -anyio==4.4.0 - # via httpx -attrs==23.2.0 - # via aiohttp -cachetools==5.4.0 - # via google-auth -certifi==2024.7.4 - # via - # httpcore - # httpx - # kubernetes - # requests -charset-normalizer==3.3.2 - # via requests -click==8.1.7 - # via kopf -frozenlist==1.4.1 - # via - # aiohttp - # aiosignal -google-auth==2.32.0 - # via kubernetes -h11==0.14.0 - # via httpcore -httpcore==1.0.5 - # via httpx -httpx==0.27.0 - # via -r requirements.in -idna==3.7 - # via - # anyio - # httpx - # requests - # yarl -iso8601==2.1.0 - # via kopf -kopf==1.37.2 - # via -r requirements.in -kubernetes==30.1.0 - # via -r requirements.in -multidict==6.0.5 - # via - # aiohttp - # yarl -oauthlib==3.2.2 - # via - # kubernetes - # requests-oauthlib -pyasn1==0.6.0 - # via - # pyasn1-modules - # rsa -pyasn1-modules==0.4.0 - # via google-auth -pydantic==2.8.2 - # via -r requirements.in -pydantic-core==2.20.1 - # via pydantic -python-dateutil==2.9.0.post0 - # via kubernetes -python-json-logger==2.0.7 - # via kopf -pyyaml==6.0.1 - # via - # -r requirements.in - # kopf - # kubernetes -requests==2.32.3 - # via - # kubernetes - # requests-oauthlib -requests-oauthlib==2.0.0 - # via kubernetes -rsa==4.9 - # via google-auth -six==1.16.0 - # via - # kubernetes - # python-dateutil -sniffio==1.3.1 - # via - # anyio - # httpx -typing-extensions==4.12.2 - # via - # kopf - # pydantic - # pydantic-core -urllib3==2.2.2 - # via - # kubernetes - # requests -websocket-client==1.8.0 - # via kubernetes -yarl==1.9.4 - # via aiohttp diff --git a/src/prefect_operator/__init__.py b/src/prefect_operator/__init__.py deleted file mode 100644 index 30bb45f..0000000 --- a/src/prefect_operator/__init__.py +++ /dev/null @@ -1,5 +0,0 @@ -from importlib.metadata import version - -__version__ = version("prefect-operator") - -DEFAULT_PREFECT_VERSION = "3.0.0rc13" diff --git a/src/prefect_operator/__main__.py b/src/prefect_operator/__main__.py deleted file mode 100644 index debb079..0000000 --- a/src/prefect_operator/__main__.py +++ /dev/null @@ -1,57 +0,0 @@ -import argparse -import importlib -import os -import sys - -import yaml - -from prefect_operator import __version__ -from prefect_operator.resources import CustomResource - -parser = argparse.ArgumentParser(description="Prefect Operator") - -subparsers = parser.add_subparsers(dest="command", help="Available commands") - -parser.add_argument("--version", action="version", version=__version__) -subparsers.add_parser("version", help="Print the version") - -run_parser = subparsers.add_parser("run", help="Run prefect-operator") - -generate_crds_parser = subparsers.add_parser( - "generate-crds", - help="Generate the Custom Resource Definitions", -) - -args = parser.parse_args() - -modules = [ - "prefect_operator.server", - "prefect_operator.work_pool", -] - - -def main(): - match args.command: - case "run": - os.execvp( - "kopf", - [ - "kopf", - "run", - "--all-namespaces", - ] - + [(f"--module={module}") for module in modules], - ) - case "generate-crds": - for module in modules: - importlib.import_module(module) - - yaml.dump_all(CustomResource.definitions(), stream=sys.stdout) - case "version": - print(__version__) - case _: - parser.print_help() - - -if __name__ == "__main__": - main() diff --git a/src/prefect_operator/port_forwarding_transport.py b/src/prefect_operator/port_forwarding_transport.py deleted file mode 100644 index 94d43a3..0000000 --- a/src/prefect_operator/port_forwarding_transport.py +++ /dev/null @@ -1,125 +0,0 @@ -import typing - -import kubernetes -from httpcore import SOCKET_OPTION, ConnectionPool, NetworkBackend, NetworkStream -from httpcore._backends.sync import SyncStream -from httpx import Client, HTTPTransport, Limits, create_ssl_context -from httpx._config import DEFAULT_LIMITS -from httpx._types import CertTypes, ProxyTypes, VerifyTypes -from kubernetes import config -from kubernetes.stream import portforward -from kubernetes.stream.ws_client import PortForward - - -class KubernetesPortForwardBackend(NetworkBackend): - def __init__(self) -> None: - config.load_kube_config() - - self._api = kubernetes.client.CoreV1Api() - - def connect_tcp( - self, - host: str, - port: int, - timeout: typing.Optional[float] = None, - local_address: typing.Optional[str] = None, - socket_options: typing.Optional[typing.Iterable[SOCKET_OPTION]] = None, - ) -> NetworkStream: - try: - name, namespace, kind, *_ = host.split(".") - except ValueError: - raise NotImplementedError(f"Unsupported hostname: {host}") - - if kind == "svc": - try: - service = self._api.read_namespaced_service(name, namespace) - except kubernetes.client.rest.ApiException as e: - if e.status == 404: - raise NotImplementedError( - f"Service {name!r} not found in namespace {namespace!r}" - ) - raise - - selector = service.spec.selector - - pods = self._api.list_namespaced_pod( - namespace=namespace, - label_selector=" ".join(f"{k}={v}" for k, v in selector.items()), - ) - for pod in pods.items: - if pod.status.phase == "Running": - name = pod.metadata.name - break - else: - raise NotImplementedError( - f"No running pod found matching the service selector: {selector}" - ) - elif kind != "pod": - raise NotImplementedError(f"Unsupported hostname: {host}") - - forward: PortForward = portforward( - self._api.connect_get_namespaced_pod_portforward, - namespace=namespace, - name=name, - ports=f"{port}", - ) - - socket: PortForward._Port._Socket = forward.socket(port) - - return SyncStream(socket) - - -class KubernetesPortForwardTransport(HTTPTransport): - def __init__( - self, - verify: VerifyTypes = True, - cert: CertTypes | None = None, - http1: bool = True, - http2: bool = False, - limits: Limits = DEFAULT_LIMITS, - trust_env: bool = True, - proxy: ProxyTypes | None = None, - uds: str | None = None, - local_address: str | None = None, - retries: int = 0, - socket_options: typing.Iterable[SOCKET_OPTION] | None = None, - ) -> None: - super().__init__( - verify=verify, - cert=cert, - http1=http1, - http2=http2, - limits=limits, - trust_env=trust_env, - proxy=proxy, - uds=uds, - local_address=local_address, - retries=retries, - socket_options=socket_options, - ) - ssl_context = create_ssl_context(verify=verify, cert=cert, trust_env=trust_env) - self._pool = ConnectionPool( - ssl_context=ssl_context, - max_connections=limits.max_connections, - max_keepalive_connections=limits.max_keepalive_connections, - keepalive_expiry=limits.keepalive_expiry, - http1=http1, - http2=http2, - uds=uds, - local_address=local_address, - retries=retries, - socket_options=socket_options, - network_backend=KubernetesPortForwardBackend(), - ) - - -def main(): - config.load_kube_config() - - with Client(transport=KubernetesPortForwardTransport()) as client: - response = client.get("http://my-server.pop-pg.svc:4200/api/health") - print(response) - - -if __name__ == "__main__": - main() diff --git a/src/prefect_operator/resources.py b/src/prefect_operator/resources.py deleted file mode 100644 index aaade99..0000000 --- a/src/prefect_operator/resources.py +++ /dev/null @@ -1,124 +0,0 @@ -from typing import Any, ClassVar, Iterable - -from pydantic import BaseModel, ValidationInfo, model_validator - - -class CustomResource(BaseModel): - kind: ClassVar[str] - plural: ClassVar[str] - singular: ClassVar[str] - - @classmethod - def concrete_resources(cls) -> Iterable[type["CustomResource"]]: - if hasattr(cls, "kind"): - yield cls - for subclass in cls.__subclasses__(): - yield from subclass.concrete_resources() - - @classmethod - def definitions(cls) -> Iterable[dict[str, Any]]: - return [resource.definition() for resource in cls.concrete_resources()] - - @classmethod - def definition(cls) -> dict[str, Any]: - return { - "apiVersion": "apiextensions.k8s.io/v1", - "kind": "CustomResourceDefinition", - "metadata": {"name": f"{cls.plural}.prefect.io"}, - "spec": { - "group": "prefect.io", - "scope": "Namespaced", - "names": { - "kind": cls.kind, - "plural": cls.plural, - "singular": cls.singular, - }, - "versions": [ - { - "name": "v3", - "served": True, - "storage": True, - "schema": { - "openAPIV3Schema": { - "type": "object", - "properties": { - "spec": cls.model_json_schema_inlined(), - }, - } - }, - } - ], - }, - } - - @classmethod - def model_json_schema_inlined(cls) -> dict[str, Any]: - schema = cls.model_json_schema() - definitions = schema.pop("$defs") or {} - - def resolve_refs(obj: Any): - if isinstance(obj, dict): - if "$ref" in obj: - ref = obj["$ref"] - if isinstance(ref, str) and ref.startswith("#/$defs/"): - del obj["$ref"] - obj.update(definitions[ref.split("/")[-1]]) - - for v in obj.values(): - resolve_refs(v) - - if isinstance(obj, list): - for v in obj: - resolve_refs(v) - - def collapse_optionals(obj: Any): - if isinstance(obj, dict): - if ( - "anyOf" in obj - and len(obj["anyOf"]) == 2 - and obj["anyOf"][0]["type"] == "object" - and obj["anyOf"][1]["type"] == "null" - ): - any_of = obj.pop("anyOf") - obj.update(any_of[0]) - - for v in obj.values(): - collapse_optionals(v) - - if isinstance(obj, list): - for v in obj: - collapse_optionals(v) - - resolve_refs(definitions) - resolve_refs(schema) - collapse_optionals(schema) - - return schema - - -class NamedResource(CustomResource): - name: str - namespace: str - - @model_validator(mode="before") - @classmethod - def set_name_and_namespace( - cls, values: dict[str, Any], validation_info: ValidationInfo - ) -> dict[str, Any]: - if validation_info.context: - values = dict(values) - values.setdefault("name", validation_info.context.get("name")) - values.setdefault("namespace", validation_info.context.get("namespace")) - return values - - @classmethod - def model_json_schema_inlined(cls) -> dict[str, Any]: - schema = super().model_json_schema_inlined() - # The name and namespace attributes aren't actually part of the spec - schema["properties"].pop("name", None) - schema["properties"].pop("namespace", None) - schema["required"].remove("name") - schema["required"].remove("namespace") - if not schema["required"]: - schema.pop("required") - return schema diff --git a/src/prefect_operator/server.py b/src/prefect_operator/server.py deleted file mode 100644 index d9e6539..0000000 --- a/src/prefect_operator/server.py +++ /dev/null @@ -1,372 +0,0 @@ -import time -from typing import Any, ClassVar, Optional - -import kopf -import kubernetes -from pydantic import BaseModel, Field - -from . import DEFAULT_PREFECT_VERSION -from .resources import NamedResource - - -class PrefectSqliteDatabase(BaseModel): - storageClassName: str - size: str - - def desired_persistent_volume_claim( - self, server: "PrefectServer" - ) -> dict[str, Any] | None: - return { - "apiVersion": "v1", - "kind": "PersistentVolumeClaim", - "metadata": { - "namespace": server.namespace, - "name": f"{server.name}-database", - }, - "spec": { - "storageClassName": self.storageClassName, - "accessModes": ["ReadWriteOnce"], - "resources": {"requests": {"storage": self.size}}, - }, - } - - def configure_prefect_server_workload( - self, - server: "PrefectServer", - prefect_server_workload_spec: dict[str, Any], - prefect_server_container: dict[str, Any], - ) -> None: - prefect_server_workload_spec["replicas"] = 1 - prefect_server_workload_spec["strategy"] = {"type": "Recreate"} - - prefect_server_container["env"].extend( - [ - { - "name": "PREFECT_API_DATABASE_MIGRATE_ON_START", - "value": "True", - }, - { - "name": "PREFECT_API_DATABASE_CONNECTION_URL", - "value": "sqlite+aiosqlite:////var/lib/prefect/prefect.db", - }, - ] - ) - prefect_server_container["volumeMounts"] = [ - { - "name": "database", - "mountPath": "/var/lib/prefect/", - } - ] - prefect_server_workload_spec["template"]["spec"]["volumes"] = [ - { - "name": "database", - "persistentVolumeClaim": {"claimName": f"{server.name}-database"}, - } - ] - - def desired_database_migration_job( - self, server: "PrefectServer" - ) -> dict[str, Any] | None: - return None - - -class SecretKeyReference(BaseModel): - name: str - key: str - - -class PrefectPostgresDatabase(BaseModel): - host: str - port: int - user: str - passwordSecretKeyRef: SecretKeyReference - database: str - - def desired_persistent_volume_claim( - self, server: "PrefectServer" - ) -> dict[str, Any] | None: - return None - - def configure_prefect_server_workload( - self, - server: "PrefectServer", - prefect_server_workload_spec: dict[str, Any], - prefect_server_container: dict[str, Any], - ) -> None: - prefect_server_container["env"].extend( - [ - { - "name": "PREFECT_API_DATABASE_CONNECTION_URL", - "value": ( - "postgresql+asyncpg://" - f"{ self.user }:${{PREFECT_API_DATABASE_PASSWORD}}" - "@" - f"{ self.host }:{ self.port }" - "/" - f"{self.database}" - ), - }, - { - "name": "PREFECT_API_DATABASE_PASSWORD", - "valueFrom": { - "secretKeyRef": { - "name": self.passwordSecretKeyRef.name, - "key": self.passwordSecretKeyRef.key, - } - }, - }, - { - "name": "PREFECT_API_DATABASE_MIGRATE_ON_START", - "value": "False", - }, - ] - ) - - def desired_database_migration_job(self, server: "PrefectServer") -> dict[str, Any]: - migration_container = { - "name": "migrate", - "image": f"prefecthq/prefect:{server.version}-python3.12", - "env": [s.as_environment_variable() for s in server.settings], - "command": [ - "prefect", - "server", - "database", - "upgrade", - "--yes", - ], - } - job_spec = { - "template": { - "spec": { - "containers": [migration_container], - "restartPolicy": "OnFailure", - }, - }, - } - - self.configure_prefect_server_workload(server, job_spec, migration_container) - - return { - "apiVersion": "batch/v1", - "kind": "Job", - "metadata": { - "namespace": server.namespace, - "name": f"{server.name}-migrate", - }, - "spec": job_spec, - } - - -class PrefectSetting(BaseModel): - name: str - value: str - - def as_environment_variable(self) -> dict[str, str]: - return {"name": self.name, "value": self.value} - - -class PrefectServer(NamedResource): - kind: ClassVar[str] = "PrefectServer" - plural: ClassVar[str] = "prefectservers" - singular: ClassVar[str] = "prefectserver" - - version: str = Field(DEFAULT_PREFECT_VERSION) - sqlite: Optional[PrefectSqliteDatabase] = Field(None) - postgres: Optional[PrefectPostgresDatabase] = Field(None) - settings: list[PrefectSetting] = Field([]) - - def desired_deployment(self) -> dict[str, Any]: - container_template = { - "name": "prefect-server", - "image": f"prefecthq/prefect:{self.version}-python3.12", - "env": [ - { - "name": "PREFECT_HOME", - "value": "/var/lib/prefect/", - }, - *[s.as_environment_variable() for s in self.settings], - ], - "command": ["prefect", "server", "start", "--host", "0.0.0.0"], - "ports": [{"containerPort": 4200}], - "readinessProbe": { - "httpGet": {"path": "/api/health", "port": 4200, "scheme": "HTTP"}, - "initialDelaySeconds": 10, - "periodSeconds": 5, - "timeoutSeconds": 5, - "successThreshold": 1, - "failureThreshold": 30, - }, - "livenessProbe": { - "httpGet": {"path": "/api/health", "port": 4200, "scheme": "HTTP"}, - "initialDelaySeconds": 120, - "periodSeconds": 10, - "timeoutSeconds": 5, - "successThreshold": 1, - "failureThreshold": 2, - }, - } - - pod_template: dict[str, Any] = { - "metadata": {"labels": {"app": self.name}}, - "spec": { - "containers": [container_template], - }, - } - - deployment_spec = { - "replicas": 1, - "selector": {"matchLabels": {"app": self.name}}, - "template": pod_template, - } - - database = self.postgres or self.sqlite - if not database: - raise NotImplementedError("No database defined") - - database.configure_prefect_server_workload( - self, deployment_spec, container_template - ) - - return { - "apiVersion": "apps/v1", - "kind": "Deployment", - "metadata": {"namespace": self.namespace, "name": self.name}, - "spec": deployment_spec, - } - - def desired_service(self) -> dict[str, Any]: - return { - "apiVersion": "v1", - "kind": "Service", - "metadata": {"namespace": self.namespace, "name": self.name}, - "spec": { - "selector": {"app": self.name}, - "ports": [{"port": 4200, "protocol": "TCP"}], - }, - } - - -@kopf.on.resume("prefect.io", "v3", "prefectserver") -@kopf.on.create("prefect.io", "v3", "prefectserver") -@kopf.on.update("prefect.io", "v3", "prefectserver") -def reconcile_server( - namespace: str, name: str, spec: dict[str, Any], logger: kopf.Logger, **_ -): - server = PrefectServer.model_validate( - spec, context={"name": name, "namespace": namespace} - ) - print(repr(server)) - - database = server.postgres or server.sqlite - if database: - api = kubernetes.client.BatchV1Api() - desired_database_migration = database.desired_database_migration_job(server) - if desired_database_migration: - try: - api.delete_namespaced_job( - name=desired_database_migration["metadata"]["name"], - namespace=namespace, - ) - except kubernetes.client.ApiException as e: - if e.status not in (404, 409): - raise - - while True: - try: - api.create_namespaced_job( - server.namespace, desired_database_migration - ) - break - except kubernetes.client.ApiException as e: - if e.status == 409: - time.sleep(1) - continue - raise - - desired_persistent_volume_claim = database.desired_persistent_volume_claim(server) - if desired_persistent_volume_claim: - api = kubernetes.client.CoreV1Api() - try: - api.create_namespaced_persistent_volume_claim( - server.namespace, - desired_persistent_volume_claim, - ) - logger.info("Created persistent volume claim %s", name) - except kubernetes.client.ApiException as e: - if e.status != 409: - raise - - api = kubernetes.client.AppsV1Api() - desired_deployment = server.desired_deployment() - try: - api.create_namespaced_deployment(server.namespace, desired_deployment) - logger.info("Created deployment %s", name) - except kubernetes.client.ApiException as e: - if e.status != 409: - raise - - api.replace_namespaced_deployment( - desired_deployment["metadata"]["name"], - server.namespace, - desired_deployment, - ) - logger.info("Updated deployment %s", name) - - desired_service = server.desired_service() - api = kubernetes.client.CoreV1Api() - try: - api.create_namespaced_service( - server.namespace, - desired_service, - ) - logger.info("Created service %s", name) - except kubernetes.client.ApiException as e: - if e.status != 409: - raise - - api.replace_namespaced_service( - desired_service["metadata"]["name"], - server.namespace, - desired_service, - ) - logger.info("Updated service %s", name) - - -@kopf.on.delete("prefect.io", "v3", "prefectserver") -def delete_server( - namespace: str, name: str, spec: dict[str, Any], logger: kopf.Logger, **_ -): - server = PrefectServer.model_validate( - spec, context={"name": name, "namespace": namespace} - ) - print(repr(server)) - - api = kubernetes.client.BatchV1Api() - try: - api.delete_namespaced_job( - name=f"{server.name}-migrate", - namespace=namespace, - ) - except kubernetes.client.ApiException as e: - if e.status not in (404, 409): - raise - - api = kubernetes.client.AppsV1Api() - try: - api.delete_namespaced_deployment(name, namespace) - logger.info("Deleted deployment %s", name) - except kubernetes.client.ApiException as e: - if e.status == 404: - logger.info("Deployment %s not found", name) - else: - raise - - api = kubernetes.client.CoreV1Api() - try: - api.delete_namespaced_service(name, namespace) - logger.info("Deleted service %s", name) - except kubernetes.client.ApiException as e: - if e.status == 404: - logger.info("Service %s not found", name) - else: - raise diff --git a/src/prefect_operator/work_pool.py b/src/prefect_operator/work_pool.py deleted file mode 100644 index 262b46a..0000000 --- a/src/prefect_operator/work_pool.py +++ /dev/null @@ -1,133 +0,0 @@ -from contextlib import contextmanager -from typing import Any, ClassVar, Generator - -import httpx -import kopf -import kubernetes -from pydantic import BaseModel, Field - -from . import DEFAULT_PREFECT_VERSION -from .resources import NamedResource - - -class PrefectServerReference(BaseModel): - namespace: str = Field("") - name: str - - @property - def as_environment_variable(self) -> dict[str, Any]: - return {"name": "PREFECT_API_URL", "value": self.in_cluster_api_url} - - @property - def in_cluster_api_url(self) -> str: - return f"http://{self.name}.{self.namespace}.svc:4200/api" - - @contextmanager - def client(self) -> Generator[httpx.Client, None, None]: - with httpx.Client(base_url=self.in_cluster_api_url) as c: - yield c - - -class PrefectWorkPool(NamedResource): - kind: ClassVar[str] = "PrefectWorkPool" - plural: ClassVar[str] = "prefectworkpools" - singular: ClassVar[str] = "prefectworkpool" - - # TODO: can we get the version from the server version at runtime? - version: str = Field(DEFAULT_PREFECT_VERSION) - server: PrefectServerReference - workers: int = Field(1) - - @property - def work_pool_name(self) -> str: - return f"{self.namespace}:{self.name}" - - def desired_deployment(self) -> dict[str, Any]: - container_template = { - "name": "prefect-worker", - "image": f"prefecthq/prefect:{self.version}-python3.12-kubernetes", - "env": [ - self.server.as_environment_variable, - ], - "command": [ - "bash", - "-c", - ( - "prefect worker start --type kubernetes " - f"--pool '{ self.work_pool_name }' " - f'--name "{ self.namespace }:${{HOSTNAME}}"' - ), - ], - } - - pod_template: dict[str, Any] = { - "metadata": {"labels": {"app": self.name}}, - "spec": { - "containers": [container_template], - }, - } - - deployment_spec = { - "replicas": self.workers, - "selector": {"matchLabels": {"app": self.name}}, - "template": pod_template, - } - - return { - "apiVersion": "apps/v1", - "kind": "Deployment", - "metadata": {"namespace": self.namespace, "name": self.name}, - "spec": deployment_spec, - } - - -@kopf.on.resume("prefect.io", "v3", "prefectworkpool") -@kopf.on.create("prefect.io", "v3", "prefectworkpool") -@kopf.on.update("prefect.io", "v3", "prefectworkpool") -def reconcile_work_pool( - namespace: str, name: str, spec: dict[str, Any], logger: kopf.Logger, **_ -): - work_pool = PrefectWorkPool.model_validate( - spec, context={"name": name, "namespace": namespace} - ) - print(repr(work_pool)) - - api = kubernetes.client.AppsV1Api() - desired_deployment = work_pool.desired_deployment() - - try: - api.create_namespaced_deployment( - work_pool.namespace, - desired_deployment, - ) - logger.info("Created deployment %s", name) - except kubernetes.client.ApiException as e: - if e.status != 409: - raise - - api.replace_namespaced_deployment( - desired_deployment["metadata"]["name"], - work_pool.namespace, - desired_deployment, - ) - logger.info("Updated deployment %s", name) - - -@kopf.on.delete("prefect.io", "v3", "prefectworkpool") -def delete_work_pool( - namespace: str, name: str, spec: dict[str, Any], logger: kopf.Logger, **_ -): - work_pool = PrefectWorkPool.model_validate( - spec, context={"name": name, "namespace": namespace} - ) - print(repr(work_pool)) - - api = kubernetes.client.AppsV1Api() - try: - api.delete_namespaced_deployment(name, namespace) - logger.info("Deleted deployment %s", name) - except kubernetes.client.ApiException as e: - if e.status == 404: - logger.info("deployment %s not found", name) - else: - raise diff --git a/sync-pre-commit b/sync-pre-commit deleted file mode 100755 index 8c20bf3..0000000 --- a/sync-pre-commit +++ /dev/null @@ -1,105 +0,0 @@ -#!/usr/bin/env python -import os -import re -from typing import Any - -import yaml - - -def pinned_development_requirements() -> dict[str, str]: - """Gets a dictionary of all the pinned packages (keys) and their version - specifiers (values)""" - pinned: dict[str, str] = {} - - with open("requirements-dev.txt", "r") as dev_requirements: - for line in dev_requirements: - line = line.strip() - if line.startswith("#") or line.startswith("-e"): - continue - - package = re.split("[ =<>]", line)[0] - specifier = line[len(package) :] - pinned[package] = specifier - - return pinned - - -def precommit_config() -> dict: - """Return the full pre-commit configuration, and also the mypy hook config""" - with open(".pre-commit-config.yaml", "r") as pre_commit_file: - return yaml.load(pre_commit_file, yaml.SafeLoader) - - -def find_repo(precommit: dict[str, Any], hook_id: str) -> dict[str, Any]: - for repo in precommit["repos"]: - for hook in repo["hooks"]: - if hook["id"] == hook_id: - return repo - - raise Exception("Where did it go?!") - - -def find_hook(precommit: dict[str, Any], hook_id: str) -> dict[str, Any]: - for repo in precommit["repos"]: - for hook in repo["hooks"]: - if hook["id"] == hook_id: - return hook - - raise Exception("Where did it go?!") - - -def requested_mypy_requirements() -> set[str]: - """Gets the currently declared packages from the pre-commit configuration for - mypy, without their version specifiers""" - hook = find_hook(precommit_config(), "mypy") - mypy_dependencies = hook["additional_dependencies"] - return {re.split("[ =<>]", dep)[0] for dep in mypy_dependencies} - - -def resolve_repo_versions(pinned: dict[str, str]) -> dict[str, str]: - def version_only(specifier: str): - return specifier.lstrip("=") - - return { - "ruff": "v" + version_only(pinned["ruff"]), - "mypy": "v" + version_only(pinned["mypy"]), - } - - -def resolve_mypy_dependencies(pinned: dict[str, str], mypy: set[str]) -> list[str]: - """Given the pinned development dependencies and the requested mypy dependencies, - resolve them into pip version specifiers (like "mypackage>=1.2.3")""" - resolved = {f"{dep}{pinned[dep]}" for dep in mypy if dep in pinned} - - # weave in any other types-* packages, assuming they are type stubs - for dep, specifier in pinned.items(): - if dep.startswith("types-"): - resolved.add(f"{dep}{specifier}") - - return sorted(resolved) - - -def update_pre_commit(hook_versions: dict[str, str], mypy_requirements: list[str]): - precommit = precommit_config() - - for hook_id, version in hook_versions.items(): - hook = find_repo(precommit, hook_id) - hook["rev"] = version - - mypy = find_hook(precommit, "mypy") - mypy["additional_dependencies"] = sorted(mypy_requirements) - - with open(".pre-commit-config.yaml", "w") as pre_commit_file: - yaml.dump(precommit, pre_commit_file, sort_keys=False, explicit_start=True) - - -if __name__ == "__main__": - pinned = pinned_development_requirements() - update_pre_commit( - resolve_repo_versions(pinned), - resolve_mypy_dependencies( - pinned, - requested_mypy_requirements(), - ), - ) - os.system("yamlfix .pre-commit-config.yaml") diff --git a/test/e2e/e2e_suite_test.go b/test/e2e/e2e_suite_test.go new file mode 100644 index 0000000..a9654a1 --- /dev/null +++ b/test/e2e/e2e_suite_test.go @@ -0,0 +1,32 @@ +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package e2e + +import ( + "fmt" + "testing" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" +) + +// Run e2e tests using the Ginkgo runner. +func TestE2E(t *testing.T) { + RegisterFailHandler(Fail) + fmt.Fprintf(GinkgoWriter, "Starting prefect-operator suite\n") + RunSpecs(t, "e2e suite") +} diff --git a/test/e2e/e2e_test.go b/test/e2e/e2e_test.go new file mode 100644 index 0000000..08f7cab --- /dev/null +++ b/test/e2e/e2e_test.go @@ -0,0 +1,122 @@ +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package e2e + +import ( + "fmt" + "os/exec" + "time" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + + "github.com/PrefectHQ/prefect-operator/test/utils" +) + +const namespace = "prefect-operator-system" + +var _ = Describe("controller", Ordered, func() { + BeforeAll(func() { + By("installing prometheus operator") + Expect(utils.InstallPrometheusOperator()).To(Succeed()) + + By("installing the cert-manager") + Expect(utils.InstallCertManager()).To(Succeed()) + + By("creating manager namespace") + cmd := exec.Command("kubectl", "create", "ns", namespace) + _, _ = utils.Run(cmd) + }) + + AfterAll(func() { + By("uninstalling the Prometheus manager bundle") + utils.UninstallPrometheusOperator() + + By("uninstalling the cert-manager bundle") + utils.UninstallCertManager() + + By("removing manager namespace") + cmd := exec.Command("kubectl", "delete", "ns", namespace) + _, _ = utils.Run(cmd) + }) + + Context("Operator", func() { + It("should run successfully", func() { + var controllerPodName string + var err error + + // projectimage stores the name of the image used in the example + var projectimage = "example.com/prefect-operator:v0.0.1" + + By("building the manager(Operator) image") + cmd := exec.Command("make", "docker-build", fmt.Sprintf("IMG=%s", projectimage)) + _, err = utils.Run(cmd) + ExpectWithOffset(1, err).NotTo(HaveOccurred()) + + By("loading the the manager(Operator) image on Kind") + err = utils.LoadImageToKindClusterWithName(projectimage) + ExpectWithOffset(1, err).NotTo(HaveOccurred()) + + By("installing CRDs") + cmd = exec.Command("make", "install") + _, err = utils.Run(cmd) + ExpectWithOffset(1, err).NotTo(HaveOccurred()) + + By("deploying the controller-manager") + cmd = exec.Command("make", "deploy", fmt.Sprintf("IMG=%s", projectimage)) + _, err = utils.Run(cmd) + ExpectWithOffset(1, err).NotTo(HaveOccurred()) + + By("validating that the controller-manager pod is running as expected") + verifyControllerUp := func() error { + // Get pod name + + cmd = exec.Command("kubectl", "get", + "pods", "-l", "control-plane=controller-manager", + "-o", "go-template={{ range .items }}"+ + "{{ if not .metadata.deletionTimestamp }}"+ + "{{ .metadata.name }}"+ + "{{ \"\\n\" }}{{ end }}{{ end }}", + "-n", namespace, + ) + + podOutput, err := utils.Run(cmd) + ExpectWithOffset(2, err).NotTo(HaveOccurred()) + podNames := utils.GetNonEmptyLines(string(podOutput)) + if len(podNames) != 1 { + return fmt.Errorf("expect 1 controller pods running, but got %d", len(podNames)) + } + controllerPodName = podNames[0] + ExpectWithOffset(2, controllerPodName).Should(ContainSubstring("controller-manager")) + + // Validate pod status + cmd = exec.Command("kubectl", "get", + "pods", controllerPodName, "-o", "jsonpath={.status.phase}", + "-n", namespace, + ) + status, err := utils.Run(cmd) + ExpectWithOffset(2, err).NotTo(HaveOccurred()) + if string(status) != "Running" { + return fmt.Errorf("controller pod in %s status", status) + } + return nil + } + EventuallyWithOffset(1, verifyControllerUp, time.Minute, time.Second).Should(Succeed()) + + }) + }) +}) diff --git a/test/utils/utils.go b/test/utils/utils.go new file mode 100644 index 0000000..e3eb79b --- /dev/null +++ b/test/utils/utils.go @@ -0,0 +1,140 @@ +/* +Copyright 2024. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package utils + +import ( + "fmt" + "os" + "os/exec" + "strings" + + . "github.com/onsi/ginkgo/v2" //nolint:golint,revive +) + +const ( + prometheusOperatorVersion = "v0.72.0" + prometheusOperatorURL = "https://github.com/prometheus-operator/prometheus-operator/" + + "releases/download/%s/bundle.yaml" + + certmanagerVersion = "v1.14.4" + certmanagerURLTmpl = "https://github.com/jetstack/cert-manager/releases/download/%s/cert-manager.yaml" +) + +func warnError(err error) { + fmt.Fprintf(GinkgoWriter, "warning: %v\n", err) +} + +// InstallPrometheusOperator installs the prometheus Operator to be used to export the enabled metrics. +func InstallPrometheusOperator() error { + url := fmt.Sprintf(prometheusOperatorURL, prometheusOperatorVersion) + cmd := exec.Command("kubectl", "create", "-f", url) + _, err := Run(cmd) + return err +} + +// Run executes the provided command within this context +func Run(cmd *exec.Cmd) ([]byte, error) { + dir, _ := GetProjectDir() + cmd.Dir = dir + + if err := os.Chdir(cmd.Dir); err != nil { + fmt.Fprintf(GinkgoWriter, "chdir dir: %s\n", err) + } + + cmd.Env = append(os.Environ(), "GO111MODULE=on") + command := strings.Join(cmd.Args, " ") + fmt.Fprintf(GinkgoWriter, "running: %s\n", command) + output, err := cmd.CombinedOutput() + if err != nil { + return output, fmt.Errorf("%s failed with error: (%v) %s", command, err, string(output)) + } + + return output, nil +} + +// UninstallPrometheusOperator uninstalls the prometheus +func UninstallPrometheusOperator() { + url := fmt.Sprintf(prometheusOperatorURL, prometheusOperatorVersion) + cmd := exec.Command("kubectl", "delete", "-f", url) + if _, err := Run(cmd); err != nil { + warnError(err) + } +} + +// UninstallCertManager uninstalls the cert manager +func UninstallCertManager() { + url := fmt.Sprintf(certmanagerURLTmpl, certmanagerVersion) + cmd := exec.Command("kubectl", "delete", "-f", url) + if _, err := Run(cmd); err != nil { + warnError(err) + } +} + +// InstallCertManager installs the cert manager bundle. +func InstallCertManager() error { + url := fmt.Sprintf(certmanagerURLTmpl, certmanagerVersion) + cmd := exec.Command("kubectl", "apply", "-f", url) + if _, err := Run(cmd); err != nil { + return err + } + // Wait for cert-manager-webhook to be ready, which can take time if cert-manager + // was re-installed after uninstalling on a cluster. + cmd = exec.Command("kubectl", "wait", "deployment.apps/cert-manager-webhook", + "--for", "condition=Available", + "--namespace", "cert-manager", + "--timeout", "5m", + ) + + _, err := Run(cmd) + return err +} + +// LoadImageToKindCluster loads a local docker image to the kind cluster +func LoadImageToKindClusterWithName(name string) error { + cluster := "kind" + if v, ok := os.LookupEnv("KIND_CLUSTER"); ok { + cluster = v + } + kindOptions := []string{"load", "docker-image", name, "--name", cluster} + cmd := exec.Command("kind", kindOptions...) + _, err := Run(cmd) + return err +} + +// GetNonEmptyLines converts given command output string into individual objects +// according to line breakers, and ignores the empty elements in it. +func GetNonEmptyLines(output string) []string { + var res []string + elements := strings.Split(output, "\n") + for _, element := range elements { + if element != "" { + res = append(res, element) + } + } + + return res +} + +// GetProjectDir will return the directory where the project is +func GetProjectDir() (string, error) { + wd, err := os.Getwd() + if err != nil { + return wd, err + } + wd = strings.Replace(wd, "/test/e2e", "", -1) + return wd, nil +} diff --git a/tests/test_server.py b/tests/test_server.py deleted file mode 100644 index 096f265..0000000 --- a/tests/test_server.py +++ /dev/null @@ -1,263 +0,0 @@ -import pytest -from prefect_operator.server import ( - PrefectPostgresDatabase, - PrefectServer, - PrefectSqliteDatabase, -) - - -def test_server_uses_context_for_namespace_and_name(): - server = PrefectServer.model_validate( - {"version": "3.0.0rc42"}, - context={"name": "my-prefect", "namespace": "my-app"}, - ) - assert server.namespace == "my-app" - assert server.name == "my-prefect" - assert server.version == "3.0.0rc42" - - -def test_server_instantiated_directly(): - server = PrefectServer( - name="my-prefect", - namespace="my-app", - version="3.0.0rc42", - ) - assert server.namespace == "my-app" - assert server.name == "my-prefect" - assert server.version == "3.0.0rc42" - - -def environment_as_dict(container): - return {e["name"]: e.get("value") or e.get("valueFrom") for e in container["env"]} - - -@pytest.fixture -def generic_server() -> PrefectServer: - return PrefectServer( - name="my-prefect", - namespace="my-app", - version="3.0.0rc42", - settings=[ - {"name": "PREFECT_THIS", "value": "that"}, - {"name": "PREFECT_THAT", "value": "this"}, - ], - ) - - -def test_service(generic_server: PrefectServer): - assert generic_server.desired_service() == { - "apiVersion": "v1", - "kind": "Service", - "metadata": {"namespace": "my-app", "name": "my-prefect"}, - "spec": { - "selector": {"app": "my-prefect"}, - "ports": [{"port": 4200, "protocol": "TCP"}], - }, - } - - -def test_cannot_produce_deployment_with_no_database(generic_server: PrefectServer): - assert generic_server.sqlite is None - assert generic_server.postgres is None - with pytest.raises(NotImplementedError, match="database"): - generic_server.desired_deployment() - - -@pytest.fixture -def sqlite_server() -> PrefectServer: - return PrefectServer( - name="my-prefect", - namespace="my-app", - version="3.0.0rc42", - sqlite=PrefectSqliteDatabase( - storageClassName="the-fast-stuff", - size="1Gi", - ), - settings=[ - {"name": "PREFECT_THIS", "value": "that"}, - {"name": "PREFECT_THAT", "value": "this"}, - ], - ) - - -def test_sqlite_server_migrates_itself(sqlite_server: PrefectServer): - assert sqlite_server.sqlite - assert not sqlite_server.sqlite.desired_database_migration_job(sqlite_server) - - desired_deployment = sqlite_server.desired_deployment() - pod_template = desired_deployment["spec"]["template"] - container = pod_template["spec"]["containers"][0] - - environment = environment_as_dict(container) - assert environment["PREFECT_API_DATABASE_MIGRATE_ON_START"] == "True" - - -def test_sqlite_server_forces_recreate(sqlite_server: PrefectServer): - desired_deployment = sqlite_server.desired_deployment() - assert desired_deployment["kind"] == "Deployment" - assert desired_deployment["spec"]["replicas"] == 1 - assert desired_deployment["spec"]["strategy"] == {"type": "Recreate"} - - -def test_sqlite_server_adds_volume(sqlite_server: PrefectServer): - assert sqlite_server.sqlite - desired_pvc = sqlite_server.sqlite.desired_persistent_volume_claim(sqlite_server) - - assert desired_pvc - assert desired_pvc["kind"] == "PersistentVolumeClaim" - assert desired_pvc["metadata"]["name"] == "my-prefect-database" - assert desired_pvc["spec"]["storageClassName"] == "the-fast-stuff" - assert desired_pvc["spec"]["resources"]["requests"]["storage"] == "1Gi" - - desired_deployment = sqlite_server.desired_deployment() - pod_template = desired_deployment["spec"]["template"] - container = pod_template["spec"]["containers"][0] - assert pod_template["spec"]["volumes"] == [ - { - "name": "database", - "persistentVolumeClaim": {"claimName": "my-prefect-database"}, - } - ] - assert container["volumeMounts"] == [ - { - "name": "database", - "mountPath": "/var/lib/prefect/", - } - ] - - environment = environment_as_dict(container) - assert environment["PREFECT_HOME"] == "/var/lib/prefect/" - assert ( - environment["PREFECT_API_DATABASE_CONNECTION_URL"] - == "sqlite+aiosqlite:////var/lib/prefect/prefect.db" - ) - - -def test_sqlite_server_adds_environment(sqlite_server: PrefectServer): - desired_deployment = sqlite_server.desired_deployment() - - pod_template = desired_deployment["spec"]["template"] - container = pod_template["spec"]["containers"][0] - - environment = environment_as_dict(container) - assert environment["PREFECT_THIS"] == "that" - assert environment["PREFECT_THAT"] == "this" - - -@pytest.fixture -def postgres_server() -> PrefectServer: - return PrefectServer( - name="my-prefect", - namespace="my-app", - version="3.0.0rc42", - postgres=PrefectPostgresDatabase( - host="my-postgres", - port=5432, - user="my-user", - passwordSecretKeyRef={ - "name": "my-secrets", - "key": "my-password", - }, - database="my-database", - ), - settings=[ - {"name": "PREFECT_THIS", "value": "that"}, - {"name": "PREFECT_THAT", "value": "this"}, - ], - ) - - -def test_postgres_server_uses_migration_job(postgres_server: PrefectServer): - assert postgres_server.postgres - assert postgres_server.postgres.desired_database_migration_job(postgres_server) == { - "apiVersion": "batch/v1", - "kind": "Job", - "metadata": {"namespace": "my-app", "name": "my-prefect-migrate"}, - "spec": { - "template": { - "spec": { - "containers": [ - { - "name": "migrate", - "image": "prefecthq/prefect:3.0.0rc42-python3.12", - "command": [ - "prefect", - "server", - "database", - "upgrade", - "--yes", - ], - "env": [ - {"name": "PREFECT_THIS", "value": "that"}, - {"name": "PREFECT_THAT", "value": "this"}, - { - "name": "PREFECT_API_DATABASE_CONNECTION_URL", - "value": "postgresql+asyncpg://my-user:${PREFECT_API_DATABASE_PASSWORD}@my-postgres:5432/my-database", - }, - { - "name": "PREFECT_API_DATABASE_PASSWORD", - "valueFrom": { - "secretKeyRef": { - "name": "my-secrets", - "key": "my-password", - } - }, - }, - { - "name": "PREFECT_API_DATABASE_MIGRATE_ON_START", - "value": "False", - }, - ], - } - ], - "restartPolicy": "OnFailure", - } - } - }, - } - - desired_deployment = postgres_server.desired_deployment() - pod_template = desired_deployment["spec"]["template"] - container = pod_template["spec"]["containers"][0] - - environment = environment_as_dict(container) - assert environment["PREFECT_API_DATABASE_MIGRATE_ON_START"] == "False" - - -def test_postgres_server_uses_default_strategy(postgres_server: PrefectServer): - desired_deployment = postgres_server.desired_deployment() - assert desired_deployment["kind"] == "Deployment" - assert desired_deployment["spec"]["replicas"] == 1 - assert "strategy" not in desired_deployment["spec"] - - -def test_postgres_server_does_not_add_volume(postgres_server: PrefectServer): - assert postgres_server.postgres - assert not postgres_server.postgres.desired_persistent_volume_claim(postgres_server) - - desired_deployment = postgres_server.desired_deployment() - pod_template = desired_deployment["spec"]["template"] - container = pod_template["spec"]["containers"][0] - assert "volumes" not in pod_template["spec"] - assert "volumeMounts" not in container - - environment = environment_as_dict(container) - assert environment["PREFECT_HOME"] == "/var/lib/prefect/" - assert ( - environment["PREFECT_API_DATABASE_CONNECTION_URL"] - == "postgresql+asyncpg://my-user:${PREFECT_API_DATABASE_PASSWORD}@my-postgres:5432/my-database" - ) - assert environment["PREFECT_API_DATABASE_PASSWORD"] == { - "secretKeyRef": {"name": "my-secrets", "key": "my-password"} - } - - -def test_postgres_server_adds_environment(postgres_server: PrefectServer): - desired_deployment = postgres_server.desired_deployment() - - pod_template = desired_deployment["spec"]["template"] - container = pod_template["spec"]["containers"][0] - - environment = environment_as_dict(container) - assert environment["PREFECT_THIS"] == "that" - assert environment["PREFECT_THAT"] == "this" diff --git a/tests/test_version.py b/tests/test_version.py deleted file mode 100644 index b7b9c99..0000000 --- a/tests/test_version.py +++ /dev/null @@ -1,9 +0,0 @@ -from packaging.version import Version - -from prefect_operator import __version__ - - -def test_version_is_sensible(): - version = Version(__version__) - assert version.major >= 0 - assert version.minor > 0 diff --git a/tests/test_work_pool.py b/tests/test_work_pool.py deleted file mode 100644 index 6975c95..0000000 --- a/tests/test_work_pool.py +++ /dev/null @@ -1,122 +0,0 @@ -from prefect_operator.work_pool import PrefectServerReference, PrefectWorkPool - - -def test_work_pool_uses_context_for_namespace_and_name(): - work_pool = PrefectWorkPool.model_validate( - { - "server": {"namespace": "my-app", "name": "my-prefect"}, - "workers": 3, - }, - context={"name": "my-pool", "namespace": "my-app"}, - ) - assert work_pool.namespace == "my-app" - assert work_pool.name == "my-pool" - assert work_pool.server.namespace == "my-app" - assert work_pool.server.name == "my-prefect" - assert work_pool.workers == 3 - - -def test_work_pool_instantiated_directly(): - work_pool = PrefectWorkPool( - name="my-pool", - namespace="my-app", - server=PrefectServerReference(namespace="my-app", name="my-prefect"), - workers=3, - ) - assert work_pool.namespace == "my-app" - assert work_pool.name == "my-pool" - assert work_pool.server.namespace == "my-app" - assert work_pool.server.name == "my-prefect" - assert work_pool.workers == 3 - - -def test_work_pool_for_in_namespace_server(): - work_pool = PrefectWorkPool( - name="my-pool", - namespace="my-app", - server=PrefectServerReference(namespace="my-app", name="my-prefect"), - workers=3, - version="3.0.0rc42", - ) - - assert work_pool.desired_deployment() == { - "apiVersion": "apps/v1", - "kind": "Deployment", - "metadata": {"namespace": "my-app", "name": "my-pool"}, - "spec": { - "replicas": 3, - "selector": {"matchLabels": {"app": "my-pool"}}, - "template": { - "metadata": {"labels": {"app": "my-pool"}}, - "spec": { - "containers": [ - { - "name": "prefect-worker", - "image": "prefecthq/prefect:3.0.0rc42-python3.12-kubernetes", - "env": [ - { - "name": "PREFECT_API_URL", - "value": "http://my-prefect.my-app.svc:4200/api", - }, - ], - "command": [ - "bash", - "-c", - ( - "prefect worker start --type kubernetes " - "--pool 'my-app:my-pool' " - '--name "my-app:${HOSTNAME}"' - ), - ], - }, - ], - }, - }, - }, - } - - -def test_work_pool_for_cross_namespace_server(): - work_pool = PrefectWorkPool( - name="my-pool", - namespace="my-app", - server=PrefectServerReference(namespace="some-other-app", name="my-prefect"), - workers=3, - version="3.0.0rc42", - ) - - assert work_pool.desired_deployment() == { - "apiVersion": "apps/v1", - "kind": "Deployment", - "metadata": {"namespace": "my-app", "name": "my-pool"}, - "spec": { - "replicas": 3, - "selector": {"matchLabels": {"app": "my-pool"}}, - "template": { - "metadata": {"labels": {"app": "my-pool"}}, - "spec": { - "containers": [ - { - "name": "prefect-worker", - "image": "prefecthq/prefect:3.0.0rc42-python3.12-kubernetes", - "env": [ - { - "name": "PREFECT_API_URL", - "value": "http://my-prefect.some-other-app.svc:4200/api", - }, - ], - "command": [ - "bash", - "-c", - ( - "prefect worker start --type kubernetes " - "--pool 'my-app:my-pool' " - '--name "my-app:${HOSTNAME}"' - ), - ], - }, - ], - }, - }, - }, - }