feat: support SNCloud Connection & Compute Workspace & Compute FlinkDeployment (#278)

* add new api crds

* add controller

* add to main

* fix const

* fix ci

* fix version

* try SNBOT_GITHUB_TOKEN

* bump pulsar-client-go

* fix build

* goimport

* fix build

* fix golangci-lint errors

* fix header

* fix docker build

* add docs

* add docs

* go mod tidy

* fix charts

* copy crds

Author: freeznet

.github/workflows/chart-test.yml

@@ -23,6 +23,9 @@ on:
       - 'charts/**'
       - '.github/workflows/chart-test.yml'
 
+env:
+  GOPRIVATE: github.com/streamnative
+
 jobs:
   lint-test:
     runs-on: ubuntu-22.04
@@ -47,7 +50,10 @@ jobs:
             diff config/crd/bases/resource.streamnative.io_pulsarsources.yaml charts/pulsar-resources-operator/crds/resource.streamnative.io_pulsarsources.yaml  && \
             diff config/crd/bases/resource.streamnative.io_pulsarpackages.yaml charts/pulsar-resources-operator/crds/resource.streamnative.io_pulsarpackages.yaml  && \
             diff config/crd/bases/resource.streamnative.io_pulsartopics.yaml charts/pulsar-resources-operator/crds/resource.streamnative.io_pulsartopics.yaml && \
-            diff config/crd/bases/resource.streamnative.io_pulsarnsisolationpolicies.yaml charts/pulsar-resources-operator/crds/resource.streamnative.io_pulsarnsisolationpolicies.yaml
+            diff config/crd/bases/resource.streamnative.io_pulsarnsisolationpolicies.yaml charts/pulsar-resources-operator/crds/resource.streamnative.io_pulsarnsisolationpolicies.yaml && \
+            diff config/crd/bases/resource.streamnative.io_streamnativecloudconnections.yaml charts/pulsar-resources-operator/crds/resource.streamnative.io_streamnativecloudconnections.yaml && \
+            diff config/crd/bases/resource.streamnative.io_computeworkspaces.yaml charts/pulsar-resources-operator/crds/resource.streamnative.io_computeworkspaces.yaml && \
+            diff config/crd/bases/resource.streamnative.io_computeflinkdeployments.yaml charts/pulsar-resources-operator/crds/resource.streamnative.io_computeflinkdeployments.yaml
 
       - name: Set up Helm
         uses: azure/setup-helm@v3

.github/workflows/e2e_test.yml

@@ -21,6 +21,8 @@ on:
     paths:
       - '**.go'
       - '.github/workflows/e2e_test.yml'
+env:
+  GOPRIVATE: github.com/streamnative
 jobs:
   e2e-test:
     name: E2e tests for Operators
@@ -31,7 +33,7 @@ jobs:
     env:
       ALWAYS_UPDATE_PULSAR_RESOURCE: ${{ matrix.alwaysUpdatePulsar }}
       GOPRIVATE: github.com/streamnative
-      ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
+      ACCESS_TOKEN: ${{ secrets.SNBOT_GITHUB_TOKEN }}
       IMAGE: streamnative/sn-platform:2.10.4.3
       WATCH_CERT_MANAGER_CRDS: "false"
     steps:

.github/workflows/golangci-lint.yml

@@ -25,12 +25,14 @@ permissions:
   contents: read
   # Optional: allow read access to pull request. Use with `only-new-issues` option.
   # pull-requests: read
+env:
+  GOPRIVATE: github.com/streamnative
 jobs:
   golangci:
     name: lint
     runs-on: ubuntu-22.04
     env:
-      ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
+      ACCESS_TOKEN: ${{ secrets.SNBOT_GITHUB_TOKEN }}
       GOPRIVATE: github.com/streamnative
     steps:
       - name: Set up git token

.github/workflows/release-certificated-olm.yaml

@@ -28,14 +28,16 @@ on:
         required: true
         default: alpha
 
+env:
+  GOPRIVATE: github.com/streamnative
 jobs:
   operatorhub-prod:
     name: Create PR to the redhat
     runs-on: ubuntu-22.04
     env:
       GITHUB_TOKEN: ${{ secrets.SNBOT_GITHUB_TOKEN }}
       GOPRIVATE: github.com/streamnative
-      ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
+      ACCESS_TOKEN: ${{ secrets.SNBOT_GITHUB_TOKEN }}
     steps:
       - name: Sync up the prod upstream
         run: |

.github/workflows/release-community-olm.yaml

@@ -28,14 +28,16 @@ on:
         required: true
         default: alpha
 
+env:
+  GOPRIVATE: github.com/streamnative
 jobs:
   operatorhub:
     name: Create PR to the operatorhub
     runs-on: ubuntu-22.04
     env:
       GITHUB_TOKEN: ${{ secrets.SNBOT_GITHUB_TOKEN }}
       GOPRIVATE: github.com/streamnative
-      ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
+      ACCESS_TOKEN: ${{ secrets.SNBOT_GITHUB_TOKEN }}
     steps:
       - name: Sync up the upstream
         run: |

.github/workflows/release-operator.yml

@@ -19,13 +19,15 @@ on:
     tags:
       - 'v[0-9]+.[0-9]+.[0-9]+-?*'
 
+env:
+  GOPRIVATE: github.com/streamnative
 jobs:
   build:
     name: Build image and bundle
     runs-on: ubuntu-22.04
     env:
       GOPRIVATE: github.com/streamnative
-      ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
+      ACCESS_TOKEN: ${{ secrets.SNBOT_GITHUB_TOKEN }}
       IMAGE_TAG_BASE: docker.cloudsmith.io/streamnative/operators/pulsar-resources-operator
       IMAGE_TAG_BASE_QUAY: quay.io/streamnativeio/pulsar-resources-operator
       IMAGE_TAG_BASE_DOCKERHUB: docker.io/streamnative/pulsar-resources-operator

.github/workflows/style.yml

@@ -22,13 +22,14 @@ on:
   pull_request:
     branches:
       - '*'
+env:
+  GOPRIVATE: github.com/streamnative
 jobs:
-
   build:
     name: Build
     runs-on: ubuntu-22.04
     env:
-      ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
+      ACCESS_TOKEN: ${{ secrets.SNBOT_GITHUB_TOKEN }}
       GOPRIVATE: github.com/streamnative
     steps:
     - name: Set up Go 1.21

Makefile

@@ -120,7 +120,7 @@ test: manifests generate fmt vet envtest ## Run tests.
 ##@ Build
 
 .PHONY: build
-build: generate fmt vet ## Build manager binary.
+build: generate fmt vet license-fix ## Build manager binary.
 	go build -o bin/manager main.go
 
 .PHONY: run
@@ -129,7 +129,7 @@ run: manifests generate fmt vet ## Run a controller from your host.
 
 .PHONY: docker-build
 docker-build: test ## Build docker image with the manager.
-	docker build -t ${IMG} .
+	docker build -t ${IMG} . --build-arg ACCESS_TOKEN=${ACCESS_TOKEN}
 
 # Build image for redhat certification
 .PHONY: docker-build-redhat

README.md

@@ -130,6 +130,9 @@ In this tutorial, a Kubernetes namespace called `test` is used for examples, whi
 - [PulsarSource](docs/pulsar_source.md)
 - [PulsarGeoReplication](docs/pulsar_geo_replication.md)
 - [NS-Isolation-Policy](docs/pulsar_ns_isolation_policy.md)
+- [StreamNativeCloudConnection](docs/streamnative_cloud_connection.md)
+- [ComputeWorkspace](docs/compute_workspace.md)
+- [ComputeFlinkDeployment](docs/compute_flink_deployment.md)
 
 # Contributing
 

api/v1alpha1/common.go

@@ -1,4 +1,4 @@
-// Copyright 2024 StreamNative
+// Copyright 2025 StreamNative
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -17,6 +17,8 @@ package v1alpha1
 import (
 	"reflect"
 
+	corev1 "k8s.io/api/core/v1"
+
 	"k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
@@ -217,3 +219,141 @@ type FunctionSecretKeyRef struct {
 	Path string `json:"path"`
 	Key  string `json:"key"`
 }
+
+// PodTemplate defines the pod template configuration
+type PodTemplate struct {
+	// Standard object's metadata.
+	// +optional
+	ObjectMeta ObjectMeta `json:"metadata,omitempty"`
+
+	// Specification of the desired behavior of the pod.
+	// +optional
+	Spec PodTemplateSpec `json:"spec,omitempty"`
+}
+
+// ObjectMeta is metadata that all persisted resources must have
+type ObjectMeta struct {
+	// Name of the resource
+	// +optional
+	Name string `json:"name,omitempty"`
+
+	// Namespace of the resource
+	// +optional
+	Namespace string `json:"namespace,omitempty"`
+
+	// Labels of the resource
+	// +optional
+	Labels map[string]string `json:"labels,omitempty"`
+
+	// Annotations of the resource
+	// +optional
+	Annotations map[string]string `json:"annotations,omitempty"`
+}
+
+// PodTemplateSpec describes the data a pod should have when created from a template
+type PodTemplateSpec struct {
+	// List of volumes that can be mounted by containers belonging to the pod.
+	// +optional
+	Volumes []Volume `json:"volumes,omitempty"`
+
+	// List of initialization containers belonging to the pod.
+	// +optional
+	InitContainers []Container `json:"initContainers,omitempty"`
+
+	// List of containers belonging to the pod.
+	// +optional
+	Containers []Container `json:"containers,omitempty"`
+
+	// ServiceAccountName is the name of the ServiceAccount to use to run this pod.
+	// +optional
+	ServiceAccountName string `json:"serviceAccountName,omitempty"`
+
+	// NodeSelector is a selector which must be true for the pod to fit on a node.
+	// +optional
+	NodeSelector map[string]string `json:"nodeSelector,omitempty"`
+
+	// SecurityContext holds pod-level security attributes and common container settings.
+	// +optional
+	SecurityContext *corev1.PodSecurityContext `json:"securityContext,omitempty"`
+
+	// ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec.
+	// +optional
+	ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
+
+	// If specified, the pod's scheduling constraints
+	// +optional
+	Affinity *corev1.Affinity `json:"affinity,omitempty"`
+
+	// If specified, the pod's tolerations.
+	// +optional
+	Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
+}
+
+// Container defines a single application container
+type Container struct {
+	// Name of the container specified as a DNS_LABEL.
+	// +optional
+	Name string `json:"name,omitempty"`
+
+	// Docker image name.
+	// +optional
+	Image string `json:"image,omitempty"`
+
+	// Entrypoint array. Not executed within a shell.
+	// +optional
+	Command []string `json:"command,omitempty"`
+
+	// Arguments to the entrypoint.
+	// +optional
+	Args []string `json:"args,omitempty"`
+
+	// Container's working directory.
+	// +optional
+	WorkingDir string `json:"workingDir,omitempty"`
+
+	// List of environment variables to set in the container.
+	// +optional
+	Env []corev1.EnvVar `json:"env,omitempty"`
+
+	// List of sources to populate environment variables in the container.
+	// +optional
+	EnvFrom []corev1.EnvFromSource `json:"envFrom,omitempty"`
+
+	// Compute Resources required by this container.
+	// +optional
+	Resources corev1.ResourceRequirements `json:"resources,omitempty"`
+
+	// Pod volumes to mount into the container's filesystem.
+	// +optional
+	VolumeMounts []corev1.VolumeMount `json:"volumeMounts,omitempty"`
+
+	// Image pull policy.
+	// +optional
+	ImagePullPolicy corev1.PullPolicy `json:"imagePullPolicy,omitempty"`
+
+	// Security context at container level
+	// +optional
+	SecurityContext *corev1.SecurityContext `json:"securityContext,omitempty"`
+}
+
+// Volume represents a named volume in a pod
+type Volume struct {
+	// Volume's name.
+	// +required
+	Name string `json:"name"`
+
+	// VolumeSource represents the location and type of the mounted volume.
+	// +required
+	VolumeSource `json:",inline"`
+}
+
+// VolumeSource represents the source location of a volume to mount.
+type VolumeSource struct {
+	// ConfigMap represents a configMap that should populate this volume
+	// +optional
+	ConfigMap *corev1.ConfigMapVolumeSource `json:"configMap,omitempty"`
+
+	// Secret represents a secret that should populate this volume.
+	// +optional
+	Secret *corev1.SecretVolumeSource `json:"secret,omitempty"`
+}