Rename to compute and tidy up the install bundle

.github/workflows/publish.yaml

@@ -13,7 +13,7 @@ jobs:
       packages: write
     uses: datum-cloud/actions/.github/workflows/publish-docker.yaml@v1.13.1
     with:
-      image-name: workload-operator
+      image-name: compute
       platforms: linux/amd64,linux/arm64
     secrets: inherit
 
@@ -24,6 +24,6 @@ jobs:
       packages: write
     uses: datum-cloud/actions/.github/workflows/publish-kustomize-bundle.yaml@v1.5.1
     with:
-      bundle-name: ghcr.io/datum-cloud/workload-operator-kustomize
+      bundle-name: ghcr.io/datum-cloud/compute-kustomize
       bundle-path: config
     secrets: inherit

Makefile

@@ -45,7 +45,7 @@ help: ## Display this help.
 
 .PHONY: manifests
 manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
-	$(CONTROLLER_GEN) rbac:roleName=manager-role crd:generateEmbeddedObjectMeta=true webhook paths="./..." output:crd:artifacts:config=config/crd/bases
+	$(CONTROLLER_GEN) rbac:roleName=compute crd:generateEmbeddedObjectMeta=true webhook paths="./..." output:crd:artifacts:config=config/crd/bases output:rbac:artifacts:config=config/controller_rbac
 
 .PHONY: generate
 generate: controller-gen defaulter-gen

PROJECT

@@ -5,8 +5,8 @@
 domain: datumapis.com
 layout:
 - go.kubebuilder.io/v4
-projectName: workload-operator
-repo: go.datum.net/workload-operator
+projectName: compute
+repo: go.datum.net/compute
 resources:
 - api:
     crdVersion: v1
@@ -15,7 +15,7 @@ resources:
   domain: datumapis.com
   group: compute
   kind: Workload
-  path: go.datum.net/workload-operator/api/v1alpha
+  path: go.datum.net/compute/api/v1alpha
   version: v1alpha
   webhooks:
     defaulting: true
@@ -28,7 +28,7 @@ resources:
   domain: datumapis.com
   group: compute
   kind: WorkloadDeployment
-  path: go.datum.net/workload-operator/api/v1alpha
+  path: go.datum.net/compute/api/v1alpha
   version: v1alpha
 - api:
     crdVersion: v1
@@ -37,7 +37,7 @@ resources:
   domain: datumapis.com
   group: compute
   kind: Instance
-  path: go.datum.net/workload-operator/api/v1alpha
+  path: go.datum.net/compute/api/v1alpha
   version: v1alpha
   # webhooks:
   #   defaulting: true

README.md

@@ -1,14 +1,15 @@
-# Datum Workload Operator
+# Datum Compute
 
-The workload operator defines APIs and core controllers for interacting
-with compute infrastructure related entities such as Workloads and Instances.
+Compute defines the APIs and core controllers for the
+`compute.datumapis.com` API group, including Workloads, WorkloadDeployments,
+and Instances.
 
 Workload and Instance API types include references to types defined in the
 [network-services-operator][network-services-operator] project, such as Networks
 and Network Policies, in order to attach to networks or influence instance
 network connectivity.
 
-The operator itself is not responsible for provisioning of resources, but
+Compute itself is not responsible for provisioning of resources, but
 instead relies on infrastructure providers such as the
 [GCP Infrastructure Provider][infra-provider-gcp] to interact with vendor or
 platform specific APIs in order to satisfy the intents defined in custom resources

cmd/main.go

@@ -29,12 +29,12 @@ import (
 	"sigs.k8s.io/multicluster-runtime/pkg/multicluster"
 	mcsingle "sigs.k8s.io/multicluster-runtime/providers/single"
 
+	computev1alpha "go.datum.net/compute/api/v1alpha"
+	"go.datum.net/compute/internal/config"
+	"go.datum.net/compute/internal/controller"
+	computewebhook "go.datum.net/compute/internal/webhook"
+	computev1alphawebhooks "go.datum.net/compute/internal/webhook/v1alpha"
 	networkingv1alpha "go.datum.net/network-services-operator/api/v1alpha"
-	computev1alpha "go.datum.net/workload-operator/api/v1alpha"
-	"go.datum.net/workload-operator/internal/config"
-	"go.datum.net/workload-operator/internal/controller"
-	computewebhook "go.datum.net/workload-operator/internal/webhook"
-	computev1alphawebhooks "go.datum.net/workload-operator/internal/webhook/v1alpha"
 	multiclusterproviders "go.miloapis.com/milo/pkg/multicluster-runtime"
 	milomulticluster "go.miloapis.com/milo/pkg/multicluster-runtime/milo"
 	// +kubebuilder:scaffold:imports
@@ -87,7 +87,7 @@ func main() {
 
 	ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
 
-	setupLog.Info("starting workload-operator",
+	setupLog.Info("starting compute",
 		"version", version,
 		"gitCommit", gitCommit,
 		"gitTreeState", gitTreeState,
@@ -136,12 +136,17 @@ func main() {
 
 	metricsServerOptions := serverConfig.MetricsServer.Options(ctx, deploymentClusterClient)
 
-	webhookServer := webhook.NewServer(
-		serverConfig.WebhookServer.Options(ctx, deploymentClusterClient),
-	)
+	var webhookServer webhook.Server
+	if serverConfig.WebhookServer != nil {
+		webhookServer = webhook.NewServer(
+			serverConfig.WebhookServer.Options(ctx, deploymentClusterClient),
+		)
 
-	if serverConfig.Discovery.Mode != multiclusterproviders.ProviderSingle {
-		webhookServer = computewebhook.NewClusterAwareWebhookServer(webhookServer)
+		if serverConfig.Discovery.Mode != multiclusterproviders.ProviderSingle {
+			webhookServer = computewebhook.NewClusterAwareWebhookServer(webhookServer)
+		}
+	} else {
+		setupLog.Info("webhookServer not configured; admission webhook server disabled")
 	}
 
 	mgr, err := mcmanager.New(cfg, provider, ctrl.Options{
@@ -186,9 +191,11 @@ func main() {
 		os.Exit(1)
 	}
 
-	if err = computev1alphawebhooks.SetupWorkloadWebhookWithManager(mgr); err != nil {
-		setupLog.Error(err, "unable to create webhook", "webhook", "Workload")
-		os.Exit(1)
+	if serverConfig.WebhookServer != nil {
+		if err = computev1alphawebhooks.SetupWorkloadWebhookWithManager(mgr); err != nil {
+			setupLog.Error(err, "unable to create webhook", "webhook", "Workload")
+			os.Exit(1)
+		}
 	}
 
 	// +kubebuilder:scaffold:builder

config/certmanager/certificate.yaml

@@ -5,7 +5,7 @@ apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
   labels:
-    app.kubernetes.io/name: workload-operator
+    app.kubernetes.io/name: compute
     app.kubernetes.io/managed-by: kustomize
   name: selfsigned-issuer
   namespace: system
@@ -19,17 +19,16 @@ metadata:
     app.kubernetes.io/name: certificate
     app.kubernetes.io/instance: serving-cert
     app.kubernetes.io/component: certificate
-    app.kubernetes.io/created-by: workload-operator
-    app.kubernetes.io/part-of: workload-operator
+    app.kubernetes.io/created-by: compute
+    app.kubernetes.io/part-of: compute
     app.kubernetes.io/managed-by: kustomize
-  name: serving-cert  # this name should match the one appeared in kustomizeconfig.yaml
+  name: compute-serving-cert
   namespace: system
 spec:
-  # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize
   dnsNames:
-  - SERVICE_NAME.SERVICE_NAMESPACE.svc
-  - SERVICE_NAME.SERVICE_NAMESPACE.svc.cluster.local
+  - compute-webhook.system.svc
+  - compute-webhook.system.svc.cluster.local
   issuerRef:
     kind: Issuer
     name: selfsigned-issuer
-  secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize
+  secretName: compute-webhook-cert

config/controller_rbac/kustomization.yaml

@@ -0,0 +1,15 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+resources:
+  - role.yaml
+  - role_binding.yaml
+  # Metrics endpoint authn/authz protection.
+  # More info: https://book.kubebuilder.io/reference/metrics.html
+  - metrics_auth_role.yaml
+  - metrics_auth_role_binding.yaml
+  - metrics_reader_role.yaml
+  # Editor/Viewer aggregation roles for cluster admins.
+  - workloaddeployment_editor_role.yaml
+  - workloaddeployment_viewer_role.yaml
+  - workload_editor_role.yaml
+  - workload_viewer_role.yaml

config/rbac/metrics_auth_role_binding.yaml → config/controller_rbac/metrics_auth_role_binding.yaml

@@ -8,5 +8,5 @@ roleRef:
   name: metrics-auth-role
 subjects:
 - kind: ServiceAccount
-  name: controller-manager
+  name: compute
   namespace: system

config/rbac/role.yaml → config/controller_rbac/role.yaml

@@ -2,7 +2,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: manager-role
+  name: compute
 rules:
 - apiGroups:
   - compute.datumapis.com

config/rbac/role_binding.yaml → config/controller_rbac/role_binding.yaml

@@ -2,14 +2,14 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   labels:
-    app.kubernetes.io/name: workload-operator
+    app.kubernetes.io/name: compute
     app.kubernetes.io/managed-by: kustomize
-  name: manager-rolebinding
+  name: compute
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: manager-role
+  name: compute
 subjects:
 - kind: ServiceAccount
-  name: controller-manager
+  name: compute
   namespace: system

config/rbac/workload_editor_role.yaml → config/controller_rbac/workload_editor_role.yaml

@@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   labels:
-    app.kubernetes.io/name: workload-operator
+    app.kubernetes.io/name: compute
     app.kubernetes.io/managed-by: kustomize
   name: workload-editor-role
 rules:

config/rbac/workload_viewer_role.yaml → config/controller_rbac/workload_viewer_role.yaml

@@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   labels:
-    app.kubernetes.io/name: workload-operator
+    app.kubernetes.io/name: compute
     app.kubernetes.io/managed-by: kustomize
   name: workload-viewer-role
 rules:

config/rbac/workloaddeployment_editor_role.yaml → config/controller_rbac/workloaddeployment_editor_role.yaml

@@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   labels:
-    app.kubernetes.io/name: workload-operator
+    app.kubernetes.io/name: compute
     app.kubernetes.io/managed-by: kustomize
   name: workloaddeployment-editor-role
 rules:

config/rbac/workloaddeployment_viewer_role.yaml → config/controller_rbac/workloaddeployment_viewer_role.yaml

@@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   labels:
-    app.kubernetes.io/name: workload-operator
+    app.kubernetes.io/name: compute
     app.kubernetes.io/managed-by: kustomize
   name: workloaddeployment-viewer-role
 rules: