Add Teleport operator

This commit adds the Teleport operator. The operator reconciles
TeleportUsers and TeleportRoles Kubernetes resources with Users and
Roles Teleport resources.

.drone.yml

@@ -4748,12 +4748,13 @@ steps:
       - name: dockersock
         path: /var/run
     commands:
-      - apk add --no-cache make
+      - apk add --no-cache make bash
       - chown -R $UID:$GID /go
       - docker login -u="$PLUGIN_USERNAME" -p="$PLUGIN_PASSWORD" quay.io
       - docker pull quay.io/gravitational/teleport-buildbox:$BUILDBOX_VERSION || true
       - cd /go/src/github.com/gravitational/teleport
       - make image-ci publish-ci
+      - make publish-operator-ci
 
   - name: Build/push FIPS Docker image
     image: docker
@@ -5311,11 +5312,13 @@ steps:
       - docker pull quay.io/gravitational/teleport-ci:$${VERSION}
       - docker pull quay.io/gravitational/teleport-ent-ci:$${VERSION}
       - docker pull quay.io/gravitational/teleport-ent-ci:$${VERSION}-fips
+      - docker pull quay.io/gravitational/teleport-operator-ci:$${VERSION}
       # retag images to production naming
       - echo "---> Tagging images for $${VERSION}"
       - docker tag quay.io/gravitational/teleport-ci:$${VERSION} quay.io/gravitational/teleport:$${VERSION}
       - docker tag quay.io/gravitational/teleport-ent-ci:$${VERSION} quay.io/gravitational/teleport-ent:$${VERSION}
       - docker tag quay.io/gravitational/teleport-ent-ci:$${VERSION}-fips quay.io/gravitational/teleport-ent:$${VERSION}-fips
+      - docker tag quay.io/gravitational/teleport-operator-ci:$${VERSION} quay.io/gravitational/teleport-operator:$${VERSION}
       # reauthenticate with production credentials
       - docker logout quay.io
       - docker login -u="$PLUGIN_DOCKER_PRODUCTION_USERNAME" -p="$PLUGIN_DOCKER_PRODUCTION_PASSWORD" quay.io
@@ -5324,6 +5327,7 @@ steps:
       - docker push quay.io/gravitational/teleport:$${VERSION}
       - docker push quay.io/gravitational/teleport-ent:$${VERSION}
       - docker push quay.io/gravitational/teleport-ent:$${VERSION}-fips
+      - docker push quay.io/gravitational/teleport-operator:$${VERSION}
 
   - name: Check out code
     image: docker:git
@@ -5619,6 +5623,6 @@ volumes:
       name: drone-s3-debrepo-pvc
 ---
 kind: signature
-hmac: 367ad79b1217c151362b7ac0c86e00cd882df46a1dad13411135a1dc1f04381e
+hmac: 5a84f1468c34f05ab0815842e8760c683908b0eee7d5b431b26da434bf81f97f
 
 ...

Makefile

@@ -15,6 +15,7 @@ VERSION=11.0.0-dev
 
 DOCKER_IMAGE ?= quay.io/gravitational/teleport
 DOCKER_IMAGE_CI ?= quay.io/gravitational/teleport-ci
+DOCKER_IMAGE_OPERATOR_CI ?= quay.io/gravitational/teleport-operator-ci
 
 GOPATH ?= $(shell go env GOPATH)
 
@@ -478,7 +479,7 @@ $(RENDER_TESTS): $(wildcard $(TOOLINGDIR)/cmd/render-tests/*.go)
 # Runs all Go/shell tests, called by CI/CD.
 #
 .PHONY: test
-test: test-helm test-sh test-ci test-api test-go test-rust
+test: test-helm test-sh test-ci test-api test-go test-rust test-operator
 
 # Runs bot Go tests.
 #
@@ -511,7 +512,7 @@ test-helm-update-snapshots:
 .PHONY: test-go
 test-go: ensure-webassets bpf-bytecode rdpclient $(TEST_LOG_DIR) $(RENDER_TESTS)
 test-go: FLAGS ?= -race -shuffle on
-test-go: PACKAGES = $(shell go list ./... | grep -v integration | grep -v tool/tsh)
+test-go: PACKAGES = $(shell go list ./... | grep -v -e integration -e tool/tsh -e operator )
 test-go: CHAOS_FOLDERS = $(shell find . -type f -name '*chaos*.go' | xargs dirname | uniq)
 test-go: $(VERSRC) $(TEST_LOG_DIR)
 	$(CGOFLAG) go test -cover -json -tags "$(PAM_TAG) $(FIPS_TAG) $(BPF_TAG) $(RDPCLIENT_TAG) $(TOUCHID_TAG)" $(PACKAGES) $(FLAGS) $(ADDFLAGS) \
@@ -553,7 +554,7 @@ UNIT_ROOT_REGEX := ^TestRoot
 .PHONY: test-go-root
 test-go-root: ensure-webassets bpf-bytecode rdpclient $(TEST_LOG_DIR) $(RENDER_TESTS)
 test-go-root: FLAGS ?= -race -shuffle on
-test-go-root: PACKAGES = $(shell go list $(ADDFLAGS) ./... | grep -v integration)
+test-go-root: PACKAGES = $(shell go list $(ADDFLAGS) ./... | grep -v -e integration -e operator)
 test-go-root: $(VERSRC)
 	$(CGOFLAG) go test -json -run "$(UNIT_ROOT_REGEX)" -tags "$(PAM_TAG) $(FIPS_TAG) $(BPF_TAG) $(RDPCLIENT_TAG)" $(PACKAGES) $(FLAGS) $(ADDFLAGS)
 		| tee $(TEST_LOG_DIR)/unit-root.json \
@@ -571,6 +572,14 @@ test-api: $(VERSRC) $(TEST_LOG_DIR) $(RENDER_TESTS)
 		| tee $(TEST_LOG_DIR)/api.json \
 		| ${RENDER_TESTS}
 
+#
+# Runs Teleport Operator tests.
+# We have to run them using the makefile to ensure the installation of the k8s test tools (envtest)
+#
+.PHONY: test-operator
+test-operator:
+	make -C operator test
+
 #
 # Runs cargo test on our Rust modules.
 # (a no-op if cargo and rustc are not installed)
@@ -1001,6 +1010,15 @@ publish-ci: image-ci
 	docker push $(DOCKER_IMAGE_CI):$(VERSION)
 	if [ -f e/Makefile ]; then $(MAKE) -C e publish-ci; fi
 
+# Docker image build for Teleport Operator
+.PHONY: image-operator-ci
+image-operator-ci:
+	make -C operator docker-build IMG=$(DOCKER_IMAGE_OPERATOR_CI):$(VERSION)
+
+.PHONY: publish-operator-ci
+publish-operator-ci: image-operator-ci
+	docker push $(DOCKER_IMAGE_OPERATOR_CI):$(VERSION)
+
 .PHONY: print-version
 print-version:
 	@echo $(VERSION)

examples/chart/teleport-cluster/.lint/operator.yaml

@@ -0,0 +1,4 @@
+clusterName: test-cluster-name
+operator:
+  enabled: true
+installCRDs: true

examples/chart/teleport-cluster/Chart.yaml

@@ -1,8 +1,15 @@
+.version: &version "11.0.0-dev"
+
 name: teleport-cluster
 apiVersion: v2
-version: "11.0.0-dev"
-appVersion: "11.0.0-dev"
+version: *version
+appVersion: *version
 description: Teleport is a unified access plane for your infrastructure
 icon: https://goteleport.com/images/logos/logo-teleport-square.svg
 keywords:
   - Teleport
+
+dependencies:
+  - name: teleport-operator
+    version: *version
+    condition: installCRDs

examples/chart/teleport-cluster/charts/teleport-operator/Chart.yaml

@@ -0,0 +1,10 @@
+.version: &version "11.0.0-dev"
+
+name: teleport-operator
+apiVersion: v2
+version: *version
+appVersion: *version
+description: Teleport Operator is a unified access plane for your infrastructure
+icon: https://goteleport.com/images/logos/logo-teleport-square.svg
+keywords:
+  - Teleport