ca-gip · Whisper40 · Jun 22, 2023 · Jun 19, 2023
diff --git a/Makefile b/Makefile
@@ -1,4 +1,4 @@
-.PHONY: clean
+.PHONY: clean dependecy test test-only codegen dependency build build-operator build-api build-webhook
 
 REPO= github.com/ca-gip/kubi
 IMAGE= kubi

diff --git a/Readme.md b/Readme.md
@@ -102,6 +102,10 @@ For specific exceptions, add another network policy.
 |  **DEFAULT_PERMISSION**            | *ClusterRole associated with default service account*    | `view`       | `no   `     | -           |
 |  **BLACKLIST**                     | *Ignore Project*                     | `my-project-dev`                 | `no   `     | -           |
 
+## Versioning
+
+Since version v0.24.0, we have decided to modify the naming of versions for ease of reading and understanding.
+Example: v0.24.0 means that the operator was developed for Kubernetes version 1.24 and that the last 0 corresponds to the various patches we have made to the operator.
 # Client
 
 
@@ -285,7 +289,7 @@ kubectl apply -f https://raw.githubusercontent.com/ca-gip/kubi/master/deployment
 You can customize the default network policy named `kubi-default`, for example:
 
 ```yaml
-apiVersion: "ca-gip.github.com/v1"
+apiVersion: "cagip.github.com/v1"
 kind: NetworkPolicyConfig
 metadata:
   name: kubi-default

diff --git a/Version b/Version
@@ -1 +1 @@
-1.11.5
+0.24.0
diff --git a/deployments/kube-crds.yml b/deployments/kube-crds.yml
@@ -1,148 +1,141 @@
 ---
-apiVersion: apiextensions.k8s.io/v1beta1
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
-  name: networkpolicyconfigs.ca-gip.github.com
+  name: networkpolicyconfigs.cagip.github.com
 spec:
-  group: ca-gip.github.com
+  group: cagip.github.com
   versions:
     - name: v1
       served: true
       storage: true
+      schema:
+        openAPIV3Schema:
+          type: object
+          properties:
+            spec:
+              type: object
+              properties:
+                egress:
+                  type: object
+                  properties:
+                    ports:
+                      type: array
+                      items:
+                        type: integer
+                        minimum: 1
+                        maximum: 65535
+                    cidrs:
+                      type: array
+                      items:
+                        type: string
+                        pattern: '^(\d{1,3}\.){3}\d{1,3}\/\d{1,2}$'
+                    namespaces:
+                      type: array
+                      items:
+                        type: string
+                ingress:
+                  type: object
+                  properties:
+                    namespaces:
+                      type: array
+                      items:
+                        type: string
+      additionalPrinterColumns:
+        - name: Egress-Ports
+          type: string
+          description: List of authorized port for egress traffic
+          jsonPath: .spec.egress.ports
+        - name: Egress-Cidr
+          type: string
+          description: List of authorized cidr for egress traffic
+          jsonPath: .spec.egress.cidrs
+        - name: Egress-Namespaces
+          type: string
+          description: List of egress namespaces
+          jsonPath: .spec.egress.namespaces
+        - name: Ingress-Namespaces
+          type: string
+          description: List of ingress namespaces
+          jsonPath: .spec.ingress.namespaces
   scope: Cluster
   names:
     plural: networkpolicyconfigs
     singular: networkpolicyconfig
     kind: NetworkPolicyConfig
     shortNames:
-      - netpolconf
-  additionalPrinterColumns:
-    - name: Egress-Ports
-      type: string
-      description: List of authorized port for egress traffic
-      JSONPath: .spec.egress.ports
-    - name: Egress-Cidr
-      type: string
-      description: List of authorized cidr for egress traffic
-      JSONPath: .spec.egress.cidrs
-    - name: Egress-Namespaces
-      type: string
-      description: List of egress namespaces
-      JSONPath: .spec.egress.namespaces
-    - name: Ingress-Namespaces
-      type: string
-      description: List of ingress namespaces
-      JSONPath: .spec.ingress.namespaces
-  validation:
-    # openAPIV3Schema is the schema for validating custom objects.
-    openAPIV3Schema:
-      properties:
-        spec:
+    - netpolconf
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: projects.cagip.github.com
+spec:
+  group: cagip.github.com
+  versions:
+    - name: v1
+      served: true
+      storage: true
+      schema:
+        openAPIV3Schema:
           type: object
           properties:
-            egress:
+            spec:
               type: object
+              required:
+              - project
               properties:
-                ports:
-                  type: array
-                  items:
-                    type: integer
-                    minimum: 1
-                    maximum: 65535
-                cidrs:
+                whitelistAddresses:
                   type: array
                   items:
                     type: string
-                    pattern: '^(\d{1,3}\.){3}\d{1,3}\/\d{1,2}$'
-                namespaces:
+                tenant:
+                  type: string
+                environment:
+                  type: string
+                  enum:
+                  - development
+                  - integration
+                  - production
+                  - preproduction
+                  - uat
+                project:
+                  type: string
+                stages:
                   type: array
                   items:
                     type: string
-            ingress:
-              type: object
-              properties:
-                namespaces:
-                  type: array
-                  items:
-                    type: string
-
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: projects.ca-gip.github.com
-spec:
-  group: ca-gip.github.com
-  versions:
-    - name: v1
-      served: true
-      storage: true
+                    enum:
+                    - scratch
+                    - staging
+                    - stable
+                sourceEntity:
+                  type: string
+      additionalPrinterColumns:
+        - name: Tenant
+          type: string
+          description: The customer aka company owning the cluster
+          jsonPath: .spec.tenant
+        - name: Environment
+          type: string
+          description: The environment for this namespace
+          jsonPath: .spec.environment
+        - name: Project
+          type: string
+          description: The project name ( without environment )
+          jsonPath: .spec.project
+        - name: Stages
+          type: string
+          description: Stages allowed for this project, can be mapped to registry or CI/CD
+          jsonPath: .spec.stages
+        - name: Source Entity
+          type: string
+          description: The refering entity ( LDAP group for the moment )
+          jsonPath: .spec.sourceEntity
   scope: Cluster
   names:
     plural: projects
     singular: project
     kind: Project
     shortNames:
-      - project
-  additionalPrinterColumns:
-    - name: Tenant
-      type: string
-      description: The customer aka company owning the cluster
-      JSONPath: .spec.tenant
-    - name: Environment
-      type: string
-      description: The environment for this namespace
-      JSONPath: .spec.environment
-    - name: Project
-      type: string
-      description: The project name ( without environment )
-      JSONPath: .spec.project
-    - name: Stages
-      type: string
-      description: Stages allowed for this project, can be mapped to registry or CI/CD
-      JSONPath: .spec.stages
-    - name: Source Entity
-      type: string
-      description: The refering entity ( LDAP group for the moment )
-      JSONPath: .spec.sourceEntity
-    - name: Contact
-      type: string
-      description: The refering contact for operation
-      JSONPath: .spec.contact
-  validation:
-    # openAPIV3Schema is the schema for validating custom objects.
-    openAPIV3Schema:
-      properties:
-        spec:
-          type: object
-          required:
-            - project
-          properties:
-            whitelistAddresses:
-              type: array
-              items:
-                type: string
-            tenant:
-              type: string
-            environment:
-              type: string
-              enum:
-                - development
-                - integration
-                - uat
-                - preproduction
-                - production
-            project:
-              type: string
-            stages:
-              type: array
-              items:
-                type: string
-                enum:
-                  - scratch
-                  - staging
-                  - stable
-            sourceEntity:
-              type: string
-            contact:
-              type: string
+    - project
diff --git a/deployments/kube-example-netpolconf.yml b/deployments/kube-example-netpolconf.yml
@@ -1,4 +1,4 @@
-apiVersion: "ca-gip.github.com/v1"
+apiVersion: "cagip.github.com/v1"
 kind: NetworkPolicyConfig
 metadata:
   name: kubi-default

diff --git a/deployments/kube-local-config.yml b/deployments/kube-local-config.yml
@@ -106,7 +106,7 @@ apiVersion: v1
 kind: ConfigMap
 data:
   SLAPD_PASSWORD: password
-  SLAPD_DOMAIN: kubi.ca-gip.github.com
+  SLAPD_DOMAIN: kubi.cagip.github.com
   SLAPD_ADDITIONAL_MODULES: memberof
   SLAPD_CONFIG_PASSWORD: config
 metadata:

diff --git a/deployments/kube-prerequisites.yml b/deployments/kube-prerequisites.yml
@@ -26,7 +26,7 @@ rules:
   - apiGroups: [""]
     resources: ["nodes", "namespaces"]
     verbs: ["get", "watch", "list"]
-  - apiGroups: ["ca-gip.github.com"]
+  - apiGroups: ["cagip.github.com"]
     resources: ["projects"]
     verbs: ["get", "watch", "list"]
 ---

diff --git a/go.mod b/go.mod
@@ -1,25 +1,72 @@
 module github.com/ca-gip/kubi
 
-go 1.16
+go 1.19
 
 require (
-	github.com/asaskevich/govalidator v0.0.0-20200108200545-475eaeb16496 // indirect
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/go-ozzo/ozzo-validation v3.6.0+incompatible
-	github.com/gorilla/mux v1.7.4
-	github.com/mitchellh/mapstructure v1.1.2 // indirect
+	github.com/gorilla/mux v1.8.0
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.11.1
 	github.com/rs/zerolog v1.18.0
-	github.com/stretchr/testify v1.7.0
-	gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect
+	github.com/stretchr/testify v1.8.1
 	gopkg.in/ldap.v2 v2.5.1
 	gopkg.in/yaml.v2 v2.4.0
-	k8s.io/api v0.21.11
-	k8s.io/apimachinery v0.21.11
-	k8s.io/client-go v0.21.11
-	k8s.io/code-generator v0.21.11
-	k8s.io/kube-openapi v0.0.0-20211110012726-3cc51fd1e909 // indirect
+	k8s.io/api v0.24.13
+	k8s.io/apimachinery v0.24.13
+	k8s.io/client-go v0.24.13
+	k8s.io/code-generator v0.24.13
+)
+
+require (
+	github.com/asaskevich/govalidator v0.0.0-20200108200545-475eaeb16496 // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/cespare/xxhash/v2 v2.1.1 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/emicklei/go-restful v2.16.0+incompatible // indirect
+	github.com/evanphx/json-patch v4.12.0+incompatible // indirect
+	github.com/go-logr/logr v1.2.4 // indirect
+	github.com/go-openapi/jsonpointer v0.19.6 // indirect
+	github.com/go-openapi/jsonreference v0.20.2 // indirect
+	github.com/go-openapi/swag v0.22.4 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/google/gnostic v0.5.7-v3refs // indirect
+	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/prometheus/client_model v0.2.0 // indirect
+	github.com/prometheus/common v0.26.0 // indirect
+	github.com/prometheus/procfs v0.6.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	golang.org/x/mod v0.11.0 // indirect
+	golang.org/x/net v0.11.0 // indirect
+	golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect
+	golang.org/x/sys v0.9.0 // indirect
+	golang.org/x/term v0.9.0 // indirect
+	golang.org/x/text v0.10.0 // indirect
+	golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect
+	golang.org/x/tools v0.10.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/protobuf v1.30.0 // indirect
+	gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/gengo v0.0.0-20230306165830-ab3349d207d4 // indirect
+	k8s.io/klog/v2 v2.100.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20230614213217-ba0abe644833 // indirect
+	k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 // indirect
+	sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
+	sigs.k8s.io/yaml v1.3.0 // indirect
 )
 
-replace k8s.io/code-generator => github.com/efortin/kubernetes/staging/src/k8s.io/code-generator v0.0.0-20210602081514-49be077fdae8
+replace k8s.io/kube-openapi => k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42