feat: generate boilerplate for IAR

PROJECT

@@ -38,4 +38,13 @@ resources:
   kind: FalconAdmission
   path: github.com/crowdstrike/falcon-operator/api/falcon/v1alpha1
   version: v1alpha1
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: crowdstrike.com
+  group: falcon
+  kind: FalconImage
+  path: github.com/crowdstrike/falcon-operator/api/falcon/v1alpha1
+  version: v1alpha1
 version: "3"

api/falcon/v1alpha1/falconimage_types.go

@@ -0,0 +1,48 @@
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
+
+// FalconImageSpec defines the desired state of FalconImage
+type FalconImageSpec struct {
+	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+
+	// Foo is an example field of FalconImage. Edit falconimage_types.go to remove/update
+	Foo string `json:"foo,omitempty"`
+}
+
+// FalconImageStatus defines the observed state of FalconImage
+type FalconImageStatus struct {
+	// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+	// Important: Run "make" to regenerate code after modifying this file
+}
+
+//+kubebuilder:object:root=true
+//+kubebuilder:subresource:status
+
+// FalconImage is the Schema for the falconimages API
+type FalconImage struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   FalconImageSpec   `json:"spec,omitempty"`
+	Status FalconImageStatus `json:"status,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+
+// FalconImageList contains a list of FalconImage
+type FalconImageList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []FalconImage `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&FalconImage{}, &FalconImageList{})
+}

api/falcon/v1alpha1/zz_generated.deepcopy.go

@@ -754,6 +754,95 @@ func (in *FalconContainerStatus) DeepCopy() *FalconContainerStatus {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *FalconImage) DeepCopyInto(out *FalconImage) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	out.Spec = in.Spec
+	out.Status = in.Status
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconImage.
+func (in *FalconImage) DeepCopy() *FalconImage {
+	if in == nil {
+		return nil
+	}
+	out := new(FalconImage)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *FalconImage) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *FalconImageList) DeepCopyInto(out *FalconImageList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]FalconImage, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconImageList.
+func (in *FalconImageList) DeepCopy() *FalconImageList {
+	if in == nil {
+		return nil
+	}
+	out := new(FalconImageList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *FalconImageList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *FalconImageSpec) DeepCopyInto(out *FalconImageSpec) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconImageSpec.
+func (in *FalconImageSpec) DeepCopy() *FalconImageSpec {
+	if in == nil {
+		return nil
+	}
+	out := new(FalconImageSpec)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *FalconImageStatus) DeepCopyInto(out *FalconImageStatus) {
+	*out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconImageStatus.
+func (in *FalconImageStatus) DeepCopy() *FalconImageStatus {
+	if in == nil {
+		return nil
+	}
+	out := new(FalconImageStatus)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *FalconNodeSensor) DeepCopyInto(out *FalconNodeSensor) {
 	*out = *in

cmd/main.go

@@ -38,6 +38,7 @@ import (
 	falconv1alpha1 "github.com/crowdstrike/falcon-operator/api/falcon/v1alpha1"
 	admissioncontroller "github.com/crowdstrike/falcon-operator/internal/controller/admission"
 	containercontroller "github.com/crowdstrike/falcon-operator/internal/controller/falcon_container"
+	imagecontroller "github.com/crowdstrike/falcon-operator/internal/controller/falcon_image"
 	nodecontroller "github.com/crowdstrike/falcon-operator/internal/controller/falcon_node"
 	"github.com/crowdstrike/falcon-operator/pkg/common"
 	"github.com/crowdstrike/falcon-operator/version"
@@ -167,6 +168,13 @@ func main() {
 		setupLog.Error(err, "unable to create controller", "controller", "FalconAdmission")
 		os.Exit(1)
 	}
+	if err = (&imagecontroller.FalconImageReconciler{
+		Client: mgr.GetClient(),
+		Scheme: mgr.GetScheme(),
+	}).SetupWithManager(mgr); err != nil {
+		setupLog.Error(err, "unable to create controller", "controller", "FalconImage")
+		os.Exit(1)
+	}
 	// +kubebuilder:scaffold:builder
 
 	if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {

config/crd/bases/falcon.crowdstrike.com_falconimages.yaml

@@ -0,0 +1,49 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.12.0
+  name: falconimages.falcon.crowdstrike.com
+spec:
+  group: falcon.crowdstrike.com
+  names:
+    kind: FalconImage
+    listKind: FalconImageList
+    plural: falconimages
+    singular: falconimage
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: FalconImage is the Schema for the falconimages API
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: FalconImageSpec defines the desired state of FalconImage
+            properties:
+              foo:
+                description: Foo is an example field of FalconImage. Edit falconimage_types.go
+                  to remove/update
+                type: string
+            type: object
+          status:
+            description: FalconImageStatus defines the observed state of FalconImage
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}

config/crd/kustomization.yaml

@@ -5,6 +5,7 @@ resources:
 - bases/falcon.crowdstrike.com_falconadmissions.yaml
 - bases/falcon.crowdstrike.com_falconcontainers.yaml
 - bases/falcon.crowdstrike.com_falconnodesensors.yaml
+- bases/falcon.crowdstrike.com_falconimages.yaml
 #+kubebuilder:scaffold:crdkustomizeresource
 
 patches:
@@ -13,13 +14,15 @@ patches:
 #- path: patches/webhook_in_falconadmissions.yaml
 #- path: patches/webhook_in_falconcontainers.yaml
 #- path: patches/webhook_in_falconnodesensors.yaml
+#- path: patches/webhook_in_falconimages.yaml
 #+kubebuilder:scaffold:crdkustomizewebhookpatch
 
 # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix.
 # patches here are for enabling the CA injection for each CRD
 #- path: patches/cainjection_in_falconadmissions.yaml
 #- path: patches/cainjection_in_falconcontainers.yaml
 #- path: patches/cainjection_in_falconnodesensors.yaml
+#- path: patches/cainjection_in_falconimages.yaml
 #+kubebuilder:scaffold:crdkustomizecainjectionpatch
 
 # the following config is for teaching kustomize how to do kustomization for CRDs.

config/crd/patches/cainjection_in_falcon_falconimages.yaml

@@ -0,0 +1,7 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME
+  name: falconimages.falcon.crowdstrike.com

config/crd/patches/webhook_in_falcon_falconimages.yaml

@@ -0,0 +1,16 @@
+# The following patch enables a conversion webhook for the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: falconimages.falcon.crowdstrike.com
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        service:
+          namespace: system
+          name: webhook-service
+          path: /convert
+      conversionReviewVersions:
+      - v1

config/rbac/falcon_falconimage_editor_role.yaml

@@ -0,0 +1,31 @@
+# permissions for end users to edit falconimages.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: falconimage-editor-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: falcon-operator
+    app.kubernetes.io/part-of: falcon-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: falconimage-editor-role
+rules:
+- apiGroups:
+  - falcon.crowdstrike.com
+  resources:
+  - falconimages
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - falcon.crowdstrike.com
+  resources:
+  - falconimages/status
+  verbs:
+  - get

config/rbac/falcon_falconimage_viewer_role.yaml

@@ -0,0 +1,27 @@
+# permissions for end users to view falconimages.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: falconimage-viewer-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: falcon-operator
+    app.kubernetes.io/part-of: falcon-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: falconimage-viewer-role
+rules:
+- apiGroups:
+  - falcon.crowdstrike.com
+  resources:
+  - falconimages
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - falcon.crowdstrike.com
+  resources:
+  - falconimages/status
+  verbs:
+  - get

config/rbac/role.yaml

@@ -222,6 +222,32 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - falcon.crowdstrike.com
+  resources:
+  - falconimages
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - falcon.crowdstrike.com
+  resources:
+  - falconimages/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - falcon.crowdstrike.com
+  resources:
+  - falconimages/status
+  verbs:
+  - get
+  - patch
+  - update
 - apiGroups:
   - falcon.crowdstrike.com
   resources:

config/samples/falcon_v1alpha1_falconimage.yaml

@@ -0,0 +1,12 @@
+apiVersion: falcon.crowdstrike.com/v1alpha1
+kind: FalconImage
+metadata:
+  labels:
+    app.kubernetes.io/name: falconimage
+    app.kubernetes.io/instance: falconimage-sample
+    app.kubernetes.io/part-of: falcon-operator
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/created-by: falcon-operator
+  name: falconimage-sample
+spec:
+  # TODO(user): Add fields here

config/samples/kustomization.yaml

@@ -3,4 +3,5 @@ resources:
 - falcon_v1alpha1_falconadmission.yaml
 - falcon_v1alpha1_falconcontainer.yaml
 - falcon_v1alpha1_falconnodesensor.yaml
+- falcon_v1alpha1_falconimage.yaml
 #+kubebuilder:scaffold:manifestskustomizesamples