Notification feature

README.md

@@ -121,8 +121,12 @@ spec:
     namespace: default
   - name: test-tls-secret
     namespace: default
-  name: test-cert-merge
-  namespace: default
+  notify:
+  - name: istio-ingressgateway
+    namespace: istio-system
+    type: deployment
+  name: istio-ingressgateway
+  namespace: istio-system
 ```
 
 ### Selector
@@ -195,6 +199,22 @@ You can specify specific secrets to merge by listing them :
     namespace: prod
 ```
 
+### Notify
+
+You can specify list of resources to notify about update. Currently the only
+supported type is `deployment`. Deployments are notified by updating
+`.spec.template.metadata.annotations.certmerge.lecentre.net/timestamp` property
+with a current timestamp, therefore triggering rolling update of the individual
+pods of the given Deployment. Typical use case is to notify Istio ingress
+gateway.
+
+```yaml
+    notify:
+    - name: istio-ingressgateway
+      namespace: istio-system
+      type: deployment
+```
+
 ## Changelog
 
 The [list of releases](https://github.com/prune998/certmerge-operator/releases)

deploy/crds/certmerge.lecentre.net_certmerges_crd.yaml

@@ -0,0 +1,151 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: certmerges.certmerge.lecentre.net
+spec:
+  group: certmerge.lecentre.net
+  names:
+    kind: CertMerge
+    listKind: CertMergeList
+    plural: certmerges
+    singular: certmerge
+  scope: Namespaced
+  validation:
+    openAPIV3Schema:
+      description: CertMerge is the Schema for the certmerges API
+      properties:
+        apiVersion:
+          description: 'APIVersion defines the versioned schema of this representation
+            of an object. Servers should convert recognized schemas to the latest
+            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+          type: string
+        kind:
+          description: 'Kind is a string value representing the REST resource this
+            object represents. Servers may infer this from the endpoint the client
+            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+          type: string
+        metadata:
+          type: object
+        spec:
+          description: CertMergeSpec defines the desired state of CertMerge
+          properties:
+            name:
+              type: string
+            namespace:
+              type: string
+            notify:
+              items:
+                description: NotifySpec defines resources to notify on cert update
+                properties:
+                  name:
+                    type: string
+                  namespace:
+                    type: string
+                  type:
+                    type: string
+                required:
+                - name
+                - namespace
+                - type
+                type: object
+              type: array
+            secretlist:
+              items:
+                description: SecretDefinition defines the parameters to search for
+                  secrets by name
+                properties:
+                  name:
+                    type: string
+                  namespace:
+                    type: string
+                required:
+                - name
+                - namespace
+                type: object
+              type: array
+            selector:
+              items:
+                description: SecretSelector defines the needed parameters to search
+                  for secrets by Label
+                properties:
+                  labelselector:
+                    description: A label selector is a label query over a set of resources.
+                      The result of matchLabels and matchExpressions are ANDed. An
+                      empty label selector matches all objects. A null label selector
+                      matches no objects.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list of label selector
+                          requirements. The requirements are ANDed.
+                        items:
+                          description: A label selector requirement is a selector
+                            that contains values, a key, and an operator that relates
+                            the key and values.
+                          properties:
+                            key:
+                              description: key is the label key that the selector
+                                applies to.
+                              type: string
+                            operator:
+                              description: operator represents a key's relationship
+                                to a set of values. Valid operators are In, NotIn,
+                                Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: values is an array of string values. If
+                                the operator is In or NotIn, the values array must
+                                be non-empty. If the operator is Exists or DoesNotExist,
+                                the values array must be empty. This array is replaced
+                                during a strategic merge patch.
+                              items:
+                                type: string
+                              type: array
+                          required:
+                          - key
+                          - operator
+                          type: object
+                        type: array
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: matchLabels is a map of {key,value} pairs. A
+                          single {key,value} in the matchLabels map is equivalent
+                          to an element of matchExpressions, whose key field is "key",
+                          the operator is "In", and the values array contains only
+                          "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                  namespace:
+                    type: string
+                required:
+                - labelselector
+                - namespace
+                type: object
+              type: array
+          required:
+          - name
+          - namespace
+          type: object
+        status:
+          description: CertMergeStatus defines the observed state of CertMerge
+          properties:
+            items:
+              items:
+                type: string
+              type: array
+            updatedTimestamp:
+              format: date-time
+              type: string
+            uptodate:
+              type: boolean
+            version:
+              type: string
+          required:
+          - uptodate
+          type: object
+      type: object
+  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true

go.mod

@@ -0,0 +1,43 @@
+module github.com/prune998/certmerge-operator
+
+go 1.13
+
+require (
+	github.com/go-openapi/spec v0.19.4
+	github.com/google/go-cmp v0.3.1
+	github.com/namsral/flag v1.7.4-pre
+	github.com/operator-framework/operator-sdk v0.14.0
+	github.com/sirupsen/logrus v1.4.2
+	k8s.io/api v0.0.0
+	k8s.io/apimachinery v0.0.0
+	k8s.io/client-go v12.0.0+incompatible
+	k8s.io/kube-openapi v0.0.0-20190918143330-0270cf2f1c1d
+	sigs.k8s.io/controller-runtime v0.4.0
+)
+
+// Pinned to kubernetes-1.16.2
+replace (
+	k8s.io/api => k8s.io/api v0.0.0-20191016110408-35e52d86657a
+	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.0.0-20191016113550-5357c4baaf65
+	k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20191004115801-a2eda9f80ab8
+	k8s.io/apiserver => k8s.io/apiserver v0.0.0-20191016112112-5190913f932d
+	k8s.io/cli-runtime => k8s.io/cli-runtime v0.0.0-20191016114015-74ad18325ed5
+	k8s.io/client-go => k8s.io/client-go v0.0.0-20191016111102-bec269661e48
+	k8s.io/cloud-provider => k8s.io/cloud-provider v0.0.0-20191016115326-20453efc2458
+	k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.0.0-20191016115129-c07a134afb42
+	k8s.io/code-generator => k8s.io/code-generator v0.0.0-20191004115455-8e001e5d1894
+	k8s.io/component-base => k8s.io/component-base v0.0.0-20191016111319-039242c015a9
+	k8s.io/cri-api => k8s.io/cri-api v0.0.0-20190828162817-608eb1dad4ac
+	k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.0.0-20191016115521-756ffa5af0bd
+	k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.0.0-20191016112429-9587704a8ad4
+	k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.0.0-20191016114939-2b2b218dc1df
+	k8s.io/kube-proxy => k8s.io/kube-proxy v0.0.0-20191016114407-2e83b6f20229
+	k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.0.0-20191016114748-65049c67a58b
+	k8s.io/kubectl => k8s.io/kubectl v0.0.0-20191016120415-2ed914427d51
+	k8s.io/kubelet => k8s.io/kubelet v0.0.0-20191016114556-7841ed97f1b2
+	k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.0.0-20191016115753-cf0698c3a16b
+	k8s.io/metrics => k8s.io/metrics v0.0.0-20191016113814-3b1a734dba6e
+	k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.0.0-20191016112829-06bb3c9d77c9
+)
+
+replace github.com/docker/docker => github.com/moby/moby v0.7.3-0.20190826074503-38ab9da00309 // Required by Helm