Initial version

.dockerignore

@@ -0,0 +1,6 @@
+# More info: https://docs.docker.com/engine/reference/builder/#dockerignore-file
+# Ignore build and test binaries.
+bin/
+charts/
+hack/
+.vscode

.github/renovate.json5

@@ -0,0 +1,12 @@
+{
+  $schema: "https://docs.renovatebot.com/renovate-schema.json",
+  extends: [
+    "github>bjw-s/renovate-config",
+    "github>bjw-s/renovate-config:automerge-github-actions",
+    "github>bjw-s/renovate-config:automerge-docker-digest",
+  ],
+  platform: "github",
+  username: "bjw-s-bot[bot]",
+  gitAuthor: "bjw-s-bot <87358111+bjw-s-bot[bot]@users.noreply.github.com>",
+  repositories: ["bjw-s/k8s-ycl"],
+}

.github/workflows/build.yaml

@@ -0,0 +1,60 @@
+---
+name: Build and release
+
+on:
+  push:
+    branches:
+      - "main"
+      - "development"
+    tags:
+      - "v*"
+  workflow_dispatch:
+
+concurrency:
+  group: build-and-release
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  build_container:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to image registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            ghcr.io/${{ github.repository_owner }}/k8s-ycl
+          tags: |
+            type=raw,value=rolling,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
+            type=ref,event=branch
+            type=ref,event=tag
+
+      - name: Build and push
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.github/workflows/scheduled-keepalive.yaml

@@ -0,0 +1,36 @@
+---
+name: Schedule - Keepalive
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 0 * * *"
+  push:
+    branches:
+      - main
+    paths:
+      - ".github/workflows/scheduled-keepalive.yaml"
+
+jobs:
+  keepalive:
+    name: Keep scheduled GitHub workflows alive
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get GitHub API token
+        id: get-app-token
+        uses: getsentry/action-github-app-token@v2
+        with:
+          app_id: ${{ secrets.BJWS_APP_ID }}
+          private_key: ${{ secrets.BJWS_APP_PRIVATE_KEY }}
+
+      - name: Checkout main branch
+        uses: actions/checkout@v3
+        with:
+          token: ${{ steps.get-app-token.outputs.token }}
+
+      - name: Keep scheduled GitHub workflows alive
+        uses: gautamkrishnar/keepalive-workflow@v1
+        with:
+          gh_token: ${{ steps.get-app-token.outputs.token }}
+          committer_username: "bjw-s-bot[bot]"
+          committer_email: "bjw-s-bot <87358111+bjw-s-bot[bot]@users.noreply.github.com>"

.github/workflows/scheduled-renovate.yaml

@@ -0,0 +1,37 @@
+---
+name: Schedule - Renovate
+
+on:
+  workflow_dispatch:
+    inputs:
+      dryRun:
+        description: "Dry-Run"
+        default: false
+        required: false
+        type: boolean
+      logLevel:
+        description: "Log-Level"
+        default: "debug"
+        required: false
+  schedule:
+    - cron: "0 * * * *"
+  push:
+    branches:
+      - main
+    paths:
+      - ".github/renovate.json5"
+      - ".github/renovate/**.json"
+      - ".github/renovate/**.json5"
+      - ".github/workflows/scheduled-renovate.yaml"
+
+jobs:
+  renovate:
+    name: Renovate
+    uses: bjw-s/gh-workflows/.github/workflows/run-renovate.yaml@main
+    with:
+      configurationFile: ".github/renovate.json5"
+      dryRun: ${{ inputs.dryRun || 'false' }}
+      renovateLogLevel: ${{ inputs.logLevel || 'debug' }}
+    secrets:
+      app_id: ${{ secrets.BJWS_APP_ID }}
+      app_private_key: ${{ secrets.BJWS_APP_PRIVATE_KEY }}

.gitignore

@@ -0,0 +1,26 @@
+
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+bin/*
+Dockerfile.cross
+
+# Test binary, build with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Helm Chart dependencies
+charts/**/charts/
+
+# Test files
+certs/
+hack/
+
+# Kubernetes Generated files - skip generated files, except for vendored files
+
+!vendor/**/zz_generated.*

.pre-commit-config.yaml

@@ -0,0 +1,41 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.4.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: fix-byte-order-marker
+      - id: mixed-line-ending
+      - id: check-added-large-files
+        args: [--maxkb=2048]
+      - id: check-merge-conflict
+      - id: check-executables-have-shebangs
+
+  - repo: https://github.com/Lucas-C/pre-commit-hooks
+    rev: v1.5.1
+    hooks:
+      - id: forbid-crlf
+
+  - repo: https://github.com/sirosen/fix-smartquotes
+    rev: 0.2.0
+    hooks:
+      - id: fix-smartquotes
+
+  - repo: https://github.com/jumanjihouse/pre-commit-hooks
+    rev: 3.0.0
+    hooks:
+      - id: shellcheck
+        language: script
+        args: [--severity=error]
+        additional_dependencies: []
+
+  - repo: https://github.com/dnephin/pre-commit-golang
+    rev: v0.5.1
+    hooks:
+      - id: go-fmt
+      - id: go-vet
+
+  - repo: https://github.com/tekwizely/pre-commit-golang
+    rev: v1.0.0-rc.1
+    hooks:
+    -   id: go-revive

.vscode/launch.json

@@ -0,0 +1,19 @@
+{
+  // Use IntelliSense to learn about possible attributes.
+  // Hover to view descriptions of existing attributes.
+  // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+  "version": "0.2.0",
+  "configurations": [
+    {
+      "name": "Launch Package",
+      "type": "go",
+      "request": "launch",
+      "mode": "auto",
+      "program": "${workspaceFolder}/src",
+      "args": [
+        "--tls-cert-dir",
+        "${workspaceFolder}/certs",
+      ]
+    }
+  ]
+}

Dockerfile

@@ -0,0 +1,33 @@
+# Build the manager binary
+FROM golang:1.20 as builder
+ARG TARGETOS
+ARG TARGETARCH
+
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY src src
+
+WORKDIR /workspace/src
+
+# Build
+# the GOARCH has not a default value to allow the binary be built according to the host where the command
+# was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO
+# the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore,
+# by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
+RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o ../manager
+
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM gcr.io/distroless/static:nonroot
+WORKDIR /
+COPY --from=builder /workspace/manager .
+USER 65532:65532
+
+ENTRYPOINT ["/manager"]

README.md

@@ -1,2 +1,2 @@
 # k8s-ycl
-Admission Controller to Yeet Kubernetes CPU limits 
+Admission Controller to Yeet Kubernetes CPU limits

charts/k8s-ycl/.helmignore

@@ -0,0 +1,30 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS
+
+# helm-docs templates
+*.gotmpl
+
+# helm unit tests
+tests/

charts/k8s-ycl/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: common
+  repository: https://bjw-s.github.io/helm-charts
+  version: 1.5.1
+digest: sha256:3588c89621170f198d4938664d3ea4c469bd91fd78183c83cfcf63f474d348c4
+generated: "2023-07-27T09:32:33.480079+02:00"

charts/k8s-ycl/Chart.yaml

@@ -0,0 +1,30 @@
+---
+apiVersion: v2
+description: Kubernetes admission controller to remove CPU limits from Pods.
+name: k8s-ycl
+version: 0.0.1
+appVersion: 0.0.1
+kubeVersion: ">=1.22.0-0"
+sources:
+  - https://github.com/bjw-s/k8s-ycl
+keywords:
+  - cpu
+  - resources
+  - limits
+  - admission
+  - controller
+maintainers:
+  - name: bjw-s
+    email: [email protected]
+dependencies:
+  - name: common
+    repository: https://bjw-s.github.io/helm-charts
+    version: 1.5.1
+annotations:
+  artifacthub.io/changes: |-
+    - kind: changed
+      description: |
+        Initial version
+  artifacthub.io/links: |
+    - name: "source"
+      url: "https://github.com/bjw-s/k8s-ycl"

charts/k8s-ycl/templates/_helpers.tpl

@@ -0,0 +1,19 @@
+{{- define "k8s-ycl.webhookPort" -}}
+9443
+{{- end -}}
+
+{{- define "k8s-ycl.selfSignedIssuer" -}}
+{{ printf "%s-webhook-selfsign" (include "bjw-s.common.lib.chart.names.fullname" .) }}
+{{- end -}}
+
+{{- define "k8s-ycl.rootCAIssuer" -}}
+{{ printf "%s-webhook-ca" (include "bjw-s.common.lib.chart.names.fullname" .) }}
+{{- end -}}
+
+{{- define "k8s-ycl.rootCACertificate" -}}
+{{ printf "%s-webhook-ca" (include "bjw-s.common.lib.chart.names.fullname" .) }}
+{{- end -}}
+
+{{- define "k8s-ycl.servingCertificate" -}}
+{{ printf "%s-webhook-tls" (include "bjw-s.common.lib.chart.names.fullname" .) }}
+{{- end -}}