diff --git a/Makefile b/Makefile index 4e0c642..dbe1fb8 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ # To re-generate a bundle for another specific version without changing the standard setup, you can: # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2) # - use environment variables to overwrite this value (e.g export VERSION=0.0.2) -VERSION ?= 0.8.0 +VERSION ?= 0.8.1 # CHANNELS define the bundle channels used in the bundle. # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable") diff --git a/bundle.Dockerfile b/bundle.Dockerfile index 5194c90..bb145bb 100644 --- a/bundle.Dockerfile +++ b/bundle.Dockerfile @@ -6,7 +6,7 @@ LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ LABEL operators.operatorframework.io.bundle.package.v1=cloudflare-operator LABEL operators.operatorframework.io.bundle.channels.v1=alpha -LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.15.0 +LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.18.1 LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v3 diff --git a/bundle/manifests/cloudflare-operator.clusterserviceversion.yaml b/bundle/manifests/cloudflare-operator.clusterserviceversion.yaml index 26656c2..05d6bb8 100644 --- a/bundle/manifests/cloudflare-operator.clusterserviceversion.yaml +++ b/bundle/manifests/cloudflare-operator.clusterserviceversion.yaml @@ -4,6 +4,26 @@ metadata: annotations: alm-examples: |- [ + { + "apiVersion": "networking.cfargotunnel.com/v1alpha1", + "kind": "ClusterTunnel", + "metadata": { + "name": "clustertunnel-sample" + }, + "spec": { + "cloudflare": { + "accountId": "\u003cCloudflare account ID\u003e", + "accountName": "\u003cCloudflare account name\u003e", + "domain": "example.com", + "email": "email@domain.com", + "secret": "cloudflare-secrets" + }, + "newTunnel": { + "name": "new-k8s-cluster-tunnel" + }, + "size": 2 + } + }, { "apiVersion": "networking.cfargotunnel.com/v1alpha1", "kind": "Tunnel", @@ -27,259 +47,296 @@ metadata: } ] capabilities: Basic Install - operators.operatorframework.io/builder: operator-sdk-v1.15.0 + operators.operatorframework.io/builder: operator-sdk-v1.18.1 operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 - name: cloudflare-operator.v0.8.0 + name: cloudflare-operator.v0.8.1 namespace: placeholder spec: apiservicedefinitions: {} customresourcedefinitions: owned: - - description: Tunnel is the Schema for the tunnels API - displayName: Tunnel - kind: Tunnel - name: tunnels.networking.cfargotunnel.com - version: v1alpha1 - description: - This operator provides a Tunnel Custom Resource to create and use existing + - description: ClusterTunnel is the Schema for the clustertunnels API + displayName: Cluster Tunnel + kind: ClusterTunnel + name: clustertunnels.networking.cfargotunnel.com + version: v1alpha1 + - description: Tunnel is the Schema for the tunnels API + displayName: Tunnel + kind: Tunnel + name: tunnels.networking.cfargotunnel.com + version: v1alpha1 + description: This operator provides a Tunnel Custom Resource to create and use existing Cloudflare Tunnels. Further, it provides a Service Controller to add services to be accessible via the internet using the Tunnel resource. displayName: Cloudflare Tunnel Service Operator icon: - - base64data: "" - mediatype: "" + - base64data: "" + mediatype: "" install: spec: clusterPermissions: - - rules: - - apiGroups: - - apps - resources: - - deployments - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - update - - watch - - apiGroups: - - "" - resources: - - services/finalizers - verbs: - - update - - apiGroups: - - networking.cfargotunnel.com - resources: - - tunnels - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - networking.cfargotunnel.com - resources: - - tunnels/finalizers - verbs: - - update - - apiGroups: - - networking.cfargotunnel.com - resources: - - tunnels/status - verbs: - - get - - patch - - update - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - serviceAccountName: cloudflare-operator-controller-manager + - rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - update + - watch + - apiGroups: + - "" + resources: + - services/finalizers + verbs: + - update + - apiGroups: + - networking.cfargotunnel.com + resources: + - clustertunnels + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - networking.cfargotunnel.com + resources: + - clustertunnels/finalizers + verbs: + - update + - apiGroups: + - networking.cfargotunnel.com + resources: + - clustertunnels/status + verbs: + - get + - patch + - update + - apiGroups: + - networking.cfargotunnel.com + resources: + - tunnels + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - networking.cfargotunnel.com + resources: + - tunnels/finalizers + verbs: + - update + - apiGroups: + - networking.cfargotunnel.com + resources: + - tunnels/status + verbs: + - get + - patch + - update + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + serviceAccountName: cloudflare-operator-controller-manager deployments: - - name: cloudflare-operator-controller-manager - spec: - replicas: 1 - selector: - matchLabels: + - name: cloudflare-operator-controller-manager + spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + strategy: {} + template: + metadata: + labels: control-plane: controller-manager - strategy: {} - template: - metadata: - labels: - control-plane: controller-manager - spec: - containers: - - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=10 - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - name: kube-rbac-proxy - ports: - - containerPort: 8443 - name: https - protocol: TCP - resources: {} - - args: - - --health-probe-bind-address=:8081 - - --metrics-bind-address=127.0.0.1:8080 - - --leader-elect - command: - - /manager - image: adyanth/cloudflare-operator:0.8.0 - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - name: manager - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 200m - memory: 100Mi - requests: - cpu: 100m - memory: 20Mi - securityContext: - allowPrivilegeEscalation: false + spec: + containers: + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: {} + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + command: + - /manager + image: adyanth/cloudflare-operator:0.8.1 + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 200m + memory: 100Mi + requests: + cpu: 100m + memory: 20Mi securityContext: - runAsNonRoot: true - serviceAccountName: cloudflare-operator-controller-manager - terminationGracePeriodSeconds: 10 - - name: whoami - spec: - selector: - matchLabels: + allowPrivilegeEscalation: false + securityContext: + runAsNonRoot: true + serviceAccountName: cloudflare-operator-controller-manager + terminationGracePeriodSeconds: 10 + - name: whoami + spec: + selector: + matchLabels: + app: whoami + strategy: {} + template: + metadata: + labels: app: whoami - strategy: {} - template: - metadata: - labels: - app: whoami - spec: - containers: - - image: traefik/whoami - name: whoami - ports: - - containerPort: 80 - resources: - limits: - cpu: 500m - memory: 128Mi + spec: + containers: + - image: traefik/whoami + name: whoami + ports: + - containerPort: 80 + resources: + limits: + cpu: 500m + memory: 128Mi permissions: - - rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - serviceAccountName: cloudflare-operator-controller-manager + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: cloudflare-operator-controller-manager strategy: deployment installModes: - - supported: false - type: OwnNamespace - - supported: false - type: SingleNamespace - - supported: false - type: MultiNamespace - - supported: true - type: AllNamespaces + - supported: false + type: OwnNamespace + - supported: false + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces keywords: - - operator - - cloudflare - - cloudflare-tunnel - - cloudflared - - kubernetes - - kubernetes-operator + - operator + - cloudflare + - cloudflare-tunnel + - cloudflared + - kubernetes + - kubernetes-operator links: - - name: Cloudflare Operator - url: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/run-tunnel + - name: Cloudflare Operator + url: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/run-tunnel maintainers: - - email: me@adyanth.dev - name: adyanth + - email: me@adyanth.dev + name: adyanth maturity: alpha provider: name: adyanth.dev url: https://github.com/adyanth/cloudflare-operator - version: 0.8.0 + version: 0.8.1 diff --git a/bundle/manifests/networking.cfargotunnel.com_clustertunnels.yaml b/bundle/manifests/networking.cfargotunnel.com_clustertunnels.yaml new file mode 100644 index 0000000..7fe0738 --- /dev/null +++ b/bundle/manifests/networking.cfargotunnel.com_clustertunnels.yaml @@ -0,0 +1,164 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: clustertunnels.networking.cfargotunnel.com +spec: + group: networking.cfargotunnel.com + names: + kind: ClusterTunnel + listKind: ClusterTunnelList + plural: clustertunnels + singular: clustertunnel + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterTunnel is the Schema for the clustertunnels API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TunnelSpec defines the desired state of Tunnel + properties: + cloudflare: + description: Cloudflare Credentials + properties: + CLOUDFLARE_API_KEY: + default: CLOUDFLARE_API_KEY + description: Key in the secret to use for Cloudflare API Key, + defaults to CLOUDFLARE_API_KEY. Needs Email also to be provided. + For Delete operations for new tunnels only, or as an alternate + to API Token + type: string + CLOUDFLARE_API_TOKEN: + default: CLOUDFLARE_API_TOKEN + description: Key in the secret to use for Cloudflare API token, + defaults to CLOUDFLARE_API_TOKEN + type: string + CLOUDFLARE_TUNNEL_CREDENTIAL_FILE: + default: CLOUDFLARE_TUNNEL_CREDENTIAL_FILE + description: Key in the secret to use as credentials.json for + an existing tunnel, defaults to CLOUDFLARE_TUNNEL_CREDENTIAL_FILE + type: string + CLOUDFLARE_TUNNEL_CREDENTIAL_SECRET: + default: CLOUDFLARE_TUNNEL_CREDENTIAL_SECRET + description: Key in the secret to use as tunnel secret for an + existing tunnel, defaults to CLOUDFLARE_TUNNEL_CREDENTIAL_SECRET + type: string + accountId: + description: Account ID in Cloudflare. AccountId and AccountName + cannot be both empty. If both are provided, Account ID is used + if valid, else falls back to Account Name. + type: string + accountName: + description: Account Name in Cloudflare. AccountName and AccountId + cannot be both empty. If both are provided, Account ID is used + if valid, else falls back to Account Name. + type: string + domain: + description: Cloudflare Domain to which this tunnel belongs to + type: string + email: + description: Email to use along with API Key for Delete operations + for new tunnels only, or as an alternate to API Token + type: string + secret: + description: Secret containing Cloudflare API key/token + type: string + type: object + existingTunnel: + description: Existing tunnel object. ExistingTunnel and NewTunnel + cannot be both empty and are mutually exclusive. + properties: + id: + description: Existing Tunnel ID to run on. Tunnel ID and Tunnel + Name cannot be both empty. If both are provided, ID is used + if valid, else falls back to Name. + type: string + name: + description: Existing Tunnel name to run on. Tunnel Name and Tunnel + ID cannot be both empty. If both are provided, ID is used if + valid, else falls back to Name. + type: string + type: object + fallbackTarget: + default: http_status:404 + description: FallbackTarget speficies the target for requests that + do not match an ingress. Defaults to http_status:404 + type: string + image: + default: cloudflare/cloudflared:2022.3.4 + description: Image sets the Cloudflared Image to use. Defaults to + the image set during the release of the operator. + type: string + newTunnel: + description: New tunnel object. NewTunnel and ExistingTunnel cannot + be both empty and are mutually exclusive. + properties: + name: + description: Tunnel name to create on Cloudflare. + type: string + type: object + noTlsVerify: + default: false + description: NoTlsVerify disables origin TLS certificate checks when + the endpoint is HTTPS. + type: boolean + originCaPool: + description: OriginCaPool speficies the secret with tls.crt (and other + certs as needed to be referred in the service annotation) of the + Root CA to be trusted when sending traffic to HTTPS endpoints + type: string + size: + default: 1 + description: Size defines the number of Daemon pods to run for this + tunnel + format: int32 + minimum: 0 + type: integer + type: object + status: + description: TunnelStatus defines the observed state of Tunnel + properties: + accountId: + type: string + tunnelId: + description: 'INSERT ADDITIONAL STATUS FIELD - define observed state + of cluster Important: Run "make" to regenerate code after modifying + this file' + type: string + tunnelName: + type: string + zoneId: + type: string + required: + - accountId + - tunnelId + - tunnelName + - zoneId + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/bundle/manifests/networking.cfargotunnel.com_tunnels.yaml b/bundle/manifests/networking.cfargotunnel.com_tunnels.yaml index 0a3e288..1b742a4 100644 --- a/bundle/manifests/networking.cfargotunnel.com_tunnels.yaml +++ b/bundle/manifests/networking.cfargotunnel.com_tunnels.yaml @@ -52,12 +52,12 @@ spec: CLOUDFLARE_TUNNEL_CREDENTIAL_FILE: default: CLOUDFLARE_TUNNEL_CREDENTIAL_FILE description: Key in the secret to use as credentials.json for - the tunnel, defaults to CLOUDFLARE_TUNNEL_CREDENTIAL_FILE + an existing tunnel, defaults to CLOUDFLARE_TUNNEL_CREDENTIAL_FILE type: string CLOUDFLARE_TUNNEL_CREDENTIAL_SECRET: default: CLOUDFLARE_TUNNEL_CREDENTIAL_SECRET - description: Key in the secret to use as credentials.json for - the tunnel, defaults to CLOUDFLARE_TUNNEL_CREDENTIAL_SECRET + description: Key in the secret to use as tunnel secret for an + existing tunnel, defaults to CLOUDFLARE_TUNNEL_CREDENTIAL_SECRET type: string accountId: description: Account ID in Cloudflare. AccountId and AccountName @@ -77,7 +77,7 @@ spec: for new tunnels only, or as an alternate to API Token type: string secret: - description: Secret containing Cloudflare API key + description: Secret containing Cloudflare API key/token type: string type: object existingTunnel: @@ -95,6 +95,16 @@ spec: valid, else falls back to Name. type: string type: object + fallbackTarget: + default: http_status:404 + description: FallbackTarget speficies the target for requests that + do not match an ingress. Defaults to http_status:404 + type: string + image: + default: cloudflare/cloudflared:2022.3.4 + description: Image sets the Cloudflared Image to use. Defaults to + the image set during the release of the operator. + type: string newTunnel: description: New tunnel object. NewTunnel and ExistingTunnel cannot be both empty and are mutually exclusive. @@ -103,9 +113,20 @@ spec: description: Tunnel name to create on Cloudflare. type: string type: object + noTlsVerify: + default: false + description: NoTlsVerify disables origin TLS certificate checks when + the endpoint is HTTPS. + type: boolean + originCaPool: + description: OriginCaPool speficies the secret with tls.crt (and other + certs as needed to be referred in the service annotation) of the + Root CA to be trusted when sending traffic to HTTPS endpoints + type: string size: default: 1 - description: Number of Daemon pods to run for this tunnel + description: Size defines the number of Daemon pods to run for this + tunnel format: int32 minimum: 0 type: integer diff --git a/bundle/metadata/annotations.yaml b/bundle/metadata/annotations.yaml index 03ed7cf..bc0b71b 100644 --- a/bundle/metadata/annotations.yaml +++ b/bundle/metadata/annotations.yaml @@ -5,7 +5,7 @@ annotations: operators.operatorframework.io.bundle.metadata.v1: metadata/ operators.operatorframework.io.bundle.package.v1: cloudflare-operator operators.operatorframework.io.bundle.channels.v1: alpha - operators.operatorframework.io.metrics.builder: operator-sdk-v1.15.0 + operators.operatorframework.io.metrics.builder: operator-sdk-v1.18.1 operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3 diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 2b54f3b..ca52511 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -1,16 +1,16 @@ resources: - - manager.yaml +- manager.yaml generatorOptions: disableNameSuffixHash: true configMapGenerator: - - files: - - controller_manager_config.yaml - name: manager-config +- files: + - controller_manager_config.yaml + name: manager-config apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization images: - - name: controller - newName: adyanth/cloudflare-operator - newTag: 0.8.0 +- name: controller + newName: adyanth/cloudflare-operator + newTag: 0.8.1 diff --git a/config/manifests/bases/cloudflare-operator.clusterserviceversion.yaml b/config/manifests/bases/cloudflare-operator.clusterserviceversion.yaml index c8f95ad..bf6c83e 100644 --- a/config/manifests/bases/cloudflare-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/cloudflare-operator.clusterserviceversion.yaml @@ -10,6 +10,11 @@ spec: apiservicedefinitions: {} customresourcedefinitions: owned: + - description: ClusterTunnel is the Schema for the clustertunnels API + displayName: Cluster Tunnel + kind: ClusterTunnel + name: clustertunnels.networking.cfargotunnel.com + version: v1alpha1 - description: Tunnel is the Schema for the tunnels API displayName: Tunnel kind: Tunnel