initial code commit

Author: Zbigniew Mandziejewicz

.github/workflows/ci.yaml

@@ -0,0 +1,64 @@
+name: CI
+
+on:
+  push:
+
+jobs:
+  verify:
+    name: Verify
+    runs-on: ubuntu-latest
+    env:
+      CODECOV_FILE: build/coverage.xml
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup Go 
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.24'
+      - name: Generate
+        run: make generate format
+      - name: No changed files
+        run: git diff --name-status --exit-code
+      - name: Lint
+        run: make lint
+      - name: Integration test
+        run: make integration-test coverage
+      - name: Upload coverage reports to Codecov
+        uses: codecov/codecov-action@v5
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          files: ${{ env.CODECOV_FILE }}
+
+  image-build:
+    name: Image Build
+    if: github.actor!= 'dependabot-preview[bot]'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          platforms: linux/amd64,linux/arm64
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Setup Skaffold
+        uses: heypigeonhq/setup-skaffold@v1.0.0
+        with:
+          version: 2.14.1
+      - name: Build images
+        run: |
+          mkdir build
+          skaffold build --file-output=build/images.json
+      - name: Archive image tags
+        uses: actions/upload-artifact@v4
+        with:
+          name: images
+          path: build/images.json

.gitignore

@@ -0,0 +1,2 @@
+build/
+.vscode/

Makefile

@@ -0,0 +1,13 @@
+GOLANGCILINT_VERSION := v2.5.0
+GOTESTSUM_VERSION := v1.13.0
+
+GOCOVERPKG := github.com/agoda-com/argocd-capi-operator/...
+
+CONTROLLER_GEN_VERSION = v0.17.1
+CONTROLLER_GEN_ARGS := \
+	paths={./...} \
+	rbac:roleName=argocd-capi-operator \
+	output:rbac:dir=config/rbac
+
+include makefiles/go.mk
+include makefiles/controller.mk

README.md

@@ -0,0 +1,71 @@
+# argocd-capi-operator
+
+Register [Cluster](https://doc.crds.dev/github.com/kubernetes-sigs/cluster-api/cluster.x-k8s.io/Cluster/v1beta1@v1.8.3) resources using [ArgoCD Cluster API](https://pkg.go.dev/github.com/argoproj/argo-cd/v2@v2.12.3/pkg/apiclient/cluster#ClusterServiceClient).
+
+## How it works
+
+Operator registers an Cluster in ArgoCD using token generated for service account `argocd-manager`.
+
+Using cluster kubeconfig it creates/patches:
+
+- Namespace `argocd`
+- ServiceAccount `argocd-manager` in namespace `argocd`
+- ClusterRole/ClusterRoleBinding `argocd-manager` letting argocd manage crds, webhooks and rbac resources
+
+## Deployment
+
+### Local
+
+```bash
+skaffold run
+```
+
+### Management Cluster
+
+```bash
+skaffold build --kube-context <management-cluster> --quiet | \
+skaffold deploy ---kube-context <management-cluster> --build-artifacts -
+```
+
+## Operations
+
+### Usage
+
+| Name | Default | Usage |
+| --- | --- | --- |
+| context |  | Kubernetes context |
+| health-probe-bind-address | :8081 | The address the probe endpoint binds to |
+| instance |  | Instance to populate argocd.fleet.agoda.com/instance annotation |
+| leader-election | true | Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager |
+| metrics-bind-address | :8080 | The address the metric endpoint binds to |
+| token-ttl | 1h0m0s | Service account bearer token TTL |
+| watch-namespaces | [] | Namespaces to watch for Cluster resources |
+| watch-selector |  | Selector to watch for Cluster resources |
+| zap-devel | false | Development Mode defaults(encoder=consoleEncoder,logLevel=Debug,stackTraceLevel=Warn). Production Mode defaults(encoder=jsonEncoder,logLevel=Info,stackTraceLevel=Error) |
+| zap-encoder |  | Zap log encoding (one of 'json' or 'console') |
+| zap-log-level |  | Zap Level to configure the verbosity of logging. Can be one of 'debug', 'info', 'error', or any integer value > 0 which corresponds to custom debug levels of increasing verbosity |
+| zap-stacktrace-level |  | Zap Level at and above which stacktraces are captured (one of 'info', 'error', 'panic'). |
+| zap-time-encoding |  | Zap time encoding (one of 'epoch', 'millis', 'nano', 'iso8601', 'rfc3339' or 'rfc3339nano'). Defaults to 'epoch'. |
+
+### Cluster discovery
+
+[Cluster](https://doc.crds.dev/github.com/kubernetes-sigs/cluster-api/cluster.x-k8s.io/Cluster/v1beta1@v1.8.3) resources are only watched in namespaces specified by `--watch-namespaces`.
+
+They can be further scoped down by `--watch-filter` which should contain value for `cluster.x-k8s.io/watch-filter` label.
+
+Example:
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: argocd-capi-operator
+spec:
+  template:
+    spec:
+      containers:
+        - name: operator
+          args:
+            - --watch-namespaces=kubernetes,tools,nosql
+            - --watch-filter=argocd
+```

cluster/config.go

@@ -0,0 +1,12 @@
+package cluster
+
+import (
+	"time"
+)
+
+type Config struct {
+	Instance           string
+	Namespace          string
+	ServiceAccountName string
+	TokenTTL           time.Duration
+}