NK2: Added script for code-generator, YAMLs with CRDs and stub for main.go

crd/crd.yaml

@@ -0,0 +1,11 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: policies.policy.nirmata.io
+spec:
+  group: policy.nirmata.io
+  names:
+    kind: Policy
+    plural: policies
+    singular: policy
+  version: v1alpha1

crd/policy-example.yaml

@@ -0,0 +1,85 @@
+apiVersion : policy.nirmata.io/v1alpha1
+kind : Policy
+metadata :
+  name : examples
+spec :
+  # failurePolicy is optional. Defaults to stopOnError
+  failurePolicy: continueOnError, stopOnError 
+  # The spec contains a list of rules. Each rule has a resource and an operation. 
+  # Allowed operations are:
+  #   - patch, configMapGenerator, secretGenerator 
+  rules:
+    - resource:
+        #  Allowed resource kinds:
+        #   ConfigMap
+        #   CronJob
+        #   DaemonSet
+        #   Deployment
+        #   Endpoint
+        #   HorizontalPodAutoscaler
+        #   Ingress
+        #   Job
+        #   LimitRange
+        #   Namespace
+        #   NetworkPolicy
+        #   PersistentVolumeClaim
+        #   PodDisruptionBudget
+        #   PodTemplate
+        #   ResourceQuota
+        #   Secret
+        #   Service
+        #   StatefulSet
+        kind : PodTemplateSpec 
+        # name is optional. Either a name or selector must be specified.
+        name:
+        # selector is optional. Either a name or a selector must be specified.
+        selector: 
+          matchLabels :
+            nirmata.io/environment.name : production
+          matchExpressions:
+      # a patch contains multiple entries of path, operation, value
+      #   path: starts with the resource. if blank selects resource.
+      #   operation: Add | Replace | Delete
+      #   value: text, number, JSON string
+      patch : 
+      - path : spec/terminationGracePeriodSeconds
+        operation : Add
+        value : 20
+      - path : spec/containers/0/imagePullPolicy
+        operation : Add
+        value : Always
+    - resource:
+        # Kind needs to be Namespace, when operation is configMapGenerator
+        kind: Namespace
+        name: foo
+      configMapGenerator :
+        name: game-config-env-file
+        # copyFrom is optional. If specified, must point to a valid config map
+        copyFrom: 
+          namespace: some-ns
+          name: some-other-config-map
+        data:
+          foo: bar
+          app.properties: /
+            foo1=bar1
+            foo2=bar2
+          ui.properties: /
+            foo1=bar1
+            foo2=bar2
+    - resource:
+        # Kind needs to be Namespace, when operation is secretGenerator
+        kind: Namespace 
+        name: foo
+      secretGenerator :
+        name: game-secrets
+        copyFrom: 
+          namespace: some-ns
+          name: some-other-secrets
+        data: # data is optional
+status:
+  events: 
+  # log of applied policies. We will need a way to distingush between failed 
+  # and succeeded operations
+
+
+

main.go

@@ -0,0 +1,10 @@
+// main.go
+package main
+
+import (
+	"fmt"
+)
+
+func main() {
+	fmt.Println("Hello from Policy Controller!")
+}

scripts/update-codegen.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+set -o errexit
+set -o nounset
+set -o pipefail
+
+SCRIPT_ROOT=$(dirname ${BASH_SOURCE})/..
+CODEGEN_PKG=${SCRIPT_ROOT}/vendor/k8s.io/code-generator
+
+# generate the code with:
+# --output-base    because this script should also be able to run inside the vendor dir of
+#                  k8s.io/kubernetes. The output-base is needed for the generators to output into the vendor dir
+#                  instead of the $GOPATH directly. For normal projects this can be dropped.
+${CODEGEN_PKG}/generate-groups.sh "deepcopy,client,informer,lister" \
+  github.com/nirmata/kube-policy/pkg/client github.com/nirmata/kube-policy/pkg/apis \
+  policy:v1alpha1
+
+# To use your own boilerplate text use:
+#   --go-header-file ${SCRIPT_ROOT}/hack/custom-boilerplate.go.txt