Merge pull request #2 from e-breuninger/kustomization

Kustomization

.github/dependabot.yaml

@@ -0,0 +1,10 @@
+version: 2
+updates:
+- package-ecosystem: terraform
+  directory: "/"
+  schedule:
+    interval: daily
+- package-ecosystem: github-actions
+  directory: "/"
+  schedule:
+    interval: daily

.github/workflows/pre-commit.yml

@@ -0,0 +1,29 @@
+name: pre-commit
+on:
+  push:
+    branches: ["*"]
+jobs:
+  pre-commit:
+    permissions: read-all
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/antonbabenko/pre-commit-terraform:v1.86.0
+    steps:
+      - name: Install job dependencies
+        run: apk add tar git
+      - uses: actions/cache@v3
+        with:
+          path: ~/.cache
+          key: pre-commit
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Ensure cache directories
+        run: |
+          mkdir -p ~/.cache/pip
+          mkdir -p ~/.cache/pre-commit
+      - name: Run pre-commit-hooks
+        run: |
+          git config --global --add safe.directory $PWD
+          pre-commit run --all-files --color=always --show-diff-on-failure

.github/workflows/semantic-release.yml

@@ -0,0 +1,43 @@
+name: semantic-release
+on:
+  workflow_run:
+    workflows: [pre-commit]
+    types: [completed]
+    branches: [master]
+jobs:
+  semantic-release:
+    permissions:
+      contents: write # to be able to publish a GitHub release
+      issues: write # to be able to comment on released issues
+      pull-requests: write # to be able to comment on released pull requests
+      id-token: write # to enable use of OIDC for npm provenance
+    runs-on: ubuntu-latest
+    container:
+      image: node:lts-alpine3.19
+    env:
+      NPM_CACHE_DIR: ~/.cache/npm
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    steps:
+      - name: Install job dependencies
+        run: apk add tar git
+      - uses: actions/cache@v3
+        with:
+          path: ~/.cache
+          key: semantic-release
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Install semantic-release and plugins
+        run: npm install --cache $NPM_CACHE_DIR
+          semantic-release
+          @semantic-release/github
+          @semantic-release/changelog
+          @semantic-release/git
+          @semantic-release/exec
+          conventional-changelog-conventionalcommits
+      - name: Run semantic-release
+        run: |
+          git config --global --add safe.directory $PWD
+          npx semantic-release

.pre-commit-config.yaml

@@ -1,7 +1,7 @@
 ---
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.72.2
+    rev: v1.77.0
     hooks:
       - id: terraform_fmt
       - id: terraform_tflint
@@ -11,10 +11,14 @@ repos:
       - id: terraform-docs-system
         args: [./]
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.3.0
+    rev: v4.4.0
     hooks:
       - id: trailing-whitespace
       - id: check-added-large-files
-      - id: check-yaml
-        args: [--allow-multiple-documents]
       - id: detect-private-key
+      - id: end-of-file-fixer
+  - repo: https://github.com/adrienverge/yamllint.git
+    rev: v1.17.0
+    hooks:
+      - id: yamllint
+        args: [-c=.yaml-lint.yml]

.releaserc.yml

@@ -0,0 +1,15 @@
+---
+branches:
+  - master
+plugins:
+  - - "@semantic-release/commit-analyzer"
+    - preset: conventionalcommits
+  - - "@semantic-release/release-notes-generator"
+    - preset: conventionalcommits
+  - "@semantic-release/github"
+  - - "@semantic-release/changelog"
+    - changelogFile: CHANGELOG.md
+      changelogTitle: "# Changelog"
+  - - "@semantic-release/git"
+    - assets: CHANGELOG.md
+      message: "chore(release): ${nextRelease.version}\n\n${nextRelease.notes}"

.yaml-lint.yml

@@ -0,0 +1,4 @@
+---
+rules:
+  line-length:
+    max: 120

README.md

@@ -1,13 +1,130 @@
+# Terraform Module OLM
+
+Installs [Operator Lifecycle Manager](https://github.com/operator-framework/operator-lifecycle-manager/)
+into a Kubernetes cluster.
+
 <!-- BEGIN_TF_DOCS -->
 
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_olm_version"></a> [olm\_version](#input\_olm\_version) | Version of the operator lifecycle manager. | `string` | `"v0.18.3"` | no |
+| <a name="input_olm_version"></a> [olm\_version](#input\_olm\_version) | Version of the operator lifecycle manager. | `string` | `"v0.26.0"` | no |
 
 ## Outputs
 
 No outputs.
 <!-- END_TF_DOCS -->
+
+## Upgrade to v2.0.0
+
+Remove olm resources from state
+
+```bash
+terraform state rm 'module.olm.kubectl_manifest.olm["/apis/apps/v1/namespaces/olm/deployments/catalog-operator"]'
+terraform state rm 'module.olm.kubectl_manifest.olm["/apis/operators.coreos.com/v1/namespaces/olm/operatorgroups/olm-operators"]'
+terraform state rm 'module.olm.kubectl_manifest.olm["/apis/operators.coreos.com/v1/namespaces/operators/operatorgroups/global-operators"]'
+terraform state rm 'module.olm.kubectl_manifest.olm["/apis/operators.coreos.com/v1alpha1/namespaces/olm/catalogsources/operatorhubio-catalog"]'
+terraform state rm 'module.olm.kubectl_manifest.olm["/apis/operators.coreos.com/v1alpha1/namespaces/olm/clusterserviceversions/packageserver"]'
+terraform state rm 'module.olm.kubectl_manifest.olm["/apis/rbac.authorization.k8s.io/v1/clusterroles/aggregate-olm-edit"]'
+terraform state rm 'module.olm.kubectl_manifest.olm["/apis/rbac.authorization.k8s.io/v1/clusterroles/aggregate-olm-view"]'
+terraform state rm 'module.olm.kubectl_manifest.olm_crds["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/catalogsources.operators.coreos.com"]'
+terraform state rm 'module.olm.kubectl_manifest.olm_crds["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/clusterserviceversions.operators.coreos.com"]'
+terraform state rm 'module.olm.kubectl_manifest.olm_crds["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/installplans.operators.coreos.com"]'
+terraform state rm 'module.olm.kubectl_manifest.olm_crds["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/operatorconditions.operators.coreos.com"]'
+terraform state rm 'module.olm.kubectl_manifest.olm_crds["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/operatorgroups.operators.coreos.com"]'
+terraform state rm 'module.olm.kubectl_manifest.olm_crds["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/operators.operators.coreos.com"]'
+terraform state rm 'module.olm.kubectl_manifest.olm_crds["/apis/apiextensions.k8s.io/v1/customresourcedefinitions/subscriptions.operators.coreos.com"]'
+terraform state rm 'module.olm.kubectl_manifest.olm_deployment["/api/v1/namespaces/olm"]'
+terraform state rm 'module.olm.kubectl_manifest.olm_deployment["/api/v1/namespaces/olm/serviceaccounts/olm-operator-serviceaccount"]'
+terraform state rm 'module.olm.kubectl_manifest.olm_deployment["/api/v1/namespaces/operators"]'
+terraform state rm 'module.olm.kubectl_manifest.olm_deployment["/apis/apps/v1/namespaces/olm/deployments/olm-operator"]'
+terraform state rm 'module.olm.kubectl_manifest.olm_deployment["/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/olm-operator-binding-olm"]'
+terraform state rm 'module.olm.kubectl_manifest.olm_deployment["/apis/rbac.authorization.k8s.io/v1/clusterroles/system:controller:operator-lifecycle-manager"]'
+```
+
+Import to new olm module kustomization resources. Replace `module.olm` with `module.MODULE_NAME`.
+
+```terraform
+import {
+  to = module.olm.module.kustomization.kustomization_resource.p0["_/Namespace/_/olm"]
+  id = "_/Namespace/_/olm"
+}
+import {
+  to = module.olm.module.kustomization.kustomization_resource.p0["_/Namespace/_/operators"]
+  id = "_/Namespace/_/operators"
+}
+import {
+  to = module.olm.module.kustomization.kustomization_resource.p0["apiextensions.k8s.io/CustomResourceDefinition/_/catalogsources.operators.coreos.com"]
+  id = "apiextensions.k8s.io/CustomResourceDefinition/_/catalogsources.operators.coreos.com"
+}
+import {
+  to = module.olm.module.kustomization.kustomization_resource.p0["apiextensions.k8s.io/CustomResourceDefinition/_/clusterserviceversions.operators.coreos.com"]
+  id = "apiextensions.k8s.io/CustomResourceDefinition/_/clusterserviceversions.operators.coreos.com"
+}
+import {
+  to = module.olm.module.kustomization.kustomization_resource.p0["apiextensions.k8s.io/CustomResourceDefinition/_/installplans.operators.coreos.com"]
+  id = "apiextensions.k8s.io/CustomResourceDefinition/_/installplans.operators.coreos.com"
+}
+import {
+  to = module.olm.module.kustomization.kustomization_resource.p0["apiextensions.k8s.io/CustomResourceDefinition/_/operatorconditions.operators.coreos.com"]
+  id = "apiextensions.k8s.io/CustomResourceDefinition/_/operatorconditions.operators.coreos.com"
+}
+import {
+  to = module.olm.module.kustomization.kustomization_resource.p0["apiextensions.k8s.io/CustomResourceDefinition/_/operatorgroups.operators.coreos.com"]
+  id = "apiextensions.k8s.io/CustomResourceDefinition/_/operatorgroups.operators.coreos.com"
+}
+import {
+  to = module.olm.module.kustomization.kustomization_resource.p0["apiextensions.k8s.io/CustomResourceDefinition/_/operators.operators.coreos.com"]
+  id = "apiextensions.k8s.io/CustomResourceDefinition/_/operators.operators.coreos.com"
+}
+import {
+  to = module.olm.module.kustomization.kustomization_resource.p0["apiextensions.k8s.io/CustomResourceDefinition/_/subscriptions.operators.coreos.com"]
+  id = "apiextensions.k8s.io/CustomResourceDefinition/_/subscriptions.operators.coreos.com"
+}
+import {
+  to = module.olm.module.kustomization.kustomization_resource.p1["_/ServiceAccount/olm/olm-operator-serviceaccount"]
+  id = "_/ServiceAccount/olm/olm-operator-serviceaccount"
+}
+import {
+  to = module.olm.module.kustomization.kustomization_resource.p1["apps/Deployment/olm/catalog-operator"]
+  id = "apps/Deployment/olm/catalog-operator"
+}
+import {
+  to = module.olm.module.kustomization.kustomization_resource.p1["apps/Deployment/olm/olm-operator"]
+  id = "apps/Deployment/olm/olm-operator"
+}
+import {
+  to = module.olm.module.kustomization.kustomization_resource.p1["operators.coreos.com/CatalogSource/olm/operatorhubio-catalog"]
+  id = "operators.coreos.com/CatalogSource/olm/operatorhubio-catalog"
+}
+import {
+  to = module.olm.module.kustomization.kustomization_resource.p1["operators.coreos.com/ClusterServiceVersion/olm/packageserver"]
+  id = "operators.coreos.com/ClusterServiceVersion/olm/packageserver"
+}
+import {
+  to = module.olm.module.kustomization.kustomization_resource.p1["operators.coreos.com/OperatorGroup/olm/olm-operators"]
+  id = "operators.coreos.com/OperatorGroup/olm/olm-operators"
+}
+import {
+  to = module.olm.module.kustomization.kustomization_resource.p1["operators.coreos.com/OperatorGroup/operators/global-operators"]
+  id = "operators.coreos.com/OperatorGroup/operators/global-operators"
+}
+import {
+  to = module.olm.module.kustomization.kustomization_resource.p1["rbac.authorization.k8s.io/ClusterRole/_/aggregate-olm-edit"]
+  id = "rbac.authorization.k8s.io/ClusterRole/_/aggregate-olm-edit"
+}
+import {
+  to = module.olm.module.kustomization.kustomization_resource.p1["rbac.authorization.k8s.io/ClusterRole/_/aggregate-olm-view"]
+  id = "rbac.authorization.k8s.io/ClusterRole/_/aggregate-olm-view"
+}
+import {
+  to = module.olm.module.kustomization.kustomization_resource.p1["rbac.authorization.k8s.io/ClusterRole/_/system:controller:operator-lifecycle-manager"]
+  id = "rbac.authorization.k8s.io/ClusterRole/_/system:controller:operator-lifecycle-manager"
+}
+import {
+  to = module.olm.module.kustomization.kustomization_resource.p1["rbac.authorization.k8s.io/ClusterRoleBinding/_/olm-operator-binding-olm"]
+  id = "rbac.authorization.k8s.io/ClusterRoleBinding/_/olm-operator-binding-olm"
+}
+```

main.tf

@@ -5,9 +5,9 @@ terraform {
       source  = "hashicorp/http"
       version = "~> 3.2"
     }
-    kubectl = {
-      source  = "gavinbunney/kubectl"
-      version = "~> 1.14"
+    kustomization = {
+      source  = "kbst/kustomization"
+      version = "~> 0.9"
     }
   }
 }
@@ -23,55 +23,17 @@ locals {
     "https://github.com/operator-framework/operator-lifecycle-manager/releases/download/%s",
     var.olm_version
   )
-  # Make sure dependencies are resolved correctly, this is important in context of terraform destroy to make sure the
-  # controller is not being deleted before the apiservice resource, otherwise some finalizers will never finalize.
-  olm_deployment_manifests = toset([
-    "/api/v1/namespaces/olm",
-    "/api/v1/namespaces/operators",
-    "/api/v1/namespaces/olm/serviceaccounts/olm-operator-serviceaccount",
-    "/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/olm-operator-binding-olm",
-    "/apis/rbac.authorization.k8s.io/v1/clusterroles/system:controller:operator-lifecycle-manager",
-    "/apis/apps/v1/namespaces/olm/deployments/olm-operator"
-  ])
-  olm_manifests = setsubtract(keys(data.kubectl_file_documents.olm.manifests), local.olm_deployment_manifests)
 }
 
-data "http" "olm_crds" {
-  url = format("%s/crds.yaml", local.olm_base_url)
-}
-
-data "http" "olm" {
-  url = format("%s/olm.yaml", local.olm_base_url)
-}
-
-data "kubectl_file_documents" "olm_crds" {
-  content = data.http.olm_crds.response_body
-}
-
-data "kubectl_file_documents" "olm" {
-  content = data.http.olm.response_body
-}
-
-resource "kubectl_manifest" "olm_crds" {
-  for_each  = data.kubectl_file_documents.olm_crds.manifests
-  yaml_body = each.value
-  wait      = true
-}
-
-resource "kubectl_manifest" "olm_deployment" {
-  for_each  = local.olm_deployment_manifests
-  yaml_body = data.kubectl_file_documents.olm.manifests[each.value]
-  depends_on = [
-    kubectl_manifest.olm_crds
+data "kustomization_overlay" "olm" {
+  resources = [
+    format("%s/crds.yaml", local.olm_base_url),
+    format("%s/olm.yaml", local.olm_base_url)
   ]
-  wait = true
 }
 
-resource "kubectl_manifest" "olm" {
-  for_each  = local.olm_manifests
-  yaml_body = data.kubectl_file_documents.olm.manifests[each.value]
-  depends_on = [
-    kubectl_manifest.olm_deployment
-  ]
-  wait = true
+module "kustomization" {
+  source                    = "e-breuninger/kustomization/module"
+  version                   = "1.0.0"
+  kustomization_data_source = data.kustomization_overlay.olm
 }