Skip to content

feat: generate and commit CRD manifests#11

Merged
scotwells merged 2 commits into
mainfrom
feat/add-crds
May 3, 2026
Merged

feat: generate and commit CRD manifests#11
scotwells merged 2 commits into
mainfrom
feat/add-crds

Conversation

@scotwells

Copy link
Copy Markdown
Contributor

Summary

  • Generates CRD YAML for Vendor and Subprocessor resources in compliance.miloapis.com/v1alpha1 using controller-gen v0.17.2 (make manifests)
  • Places CRDs at config/base/crd/bases/ with a kustomization.yaml and kustomizeconfig.yaml, matching the billing-system reference pattern
  • Also includes the config layout refactor that moves manager/rbac resources under config/base/ (prerequisite for the base/crd path to be consistent)

Why these CRDs are needed

The compliance-controller-manager watches Vendor and Subprocessor resources. Without these CRDs installed, the controller fails to start — it cannot register its watches against non-existent API groups.

The datum-cloud/infra deployment uses a FluxCD OCIRepository pointing to the compliance OCI artifact and a Kustomization with path: base/crd. This mirrors exactly how milo-os/billing publishes its CRDs (config/base/crd/). Without the CRDs committed here and bundled into the OCI artifact, Flux has nothing to apply and the controller never gets its API types.

Reference pattern

milo-os/billing is the reference:

  • config/base/crd/bases/billing.miloapis.com_*.yaml — generated CRD files
  • config/base/crd/kustomization.yaml — lists each CRD as a resource
  • config/base/crd/kustomizeconfig.yaml — webhook/cert-manager name/namespace substitution config

This PR follows the same structure for compliance.

Files added

  • config/base/crd/bases/compliance.miloapis.com_vendors.yaml
  • config/base/crd/bases/compliance.miloapis.com_subprocessors.yaml
  • config/base/crd/kustomization.yaml
  • config/base/crd/kustomizeconfig.yaml

Test plan

  • kustomize build config/base/crd renders both CRDs without error
  • CRDs can be applied to a cluster: kubectl apply -k config/base/crd
  • compliance-controller-manager starts and registers watches for vendors.compliance.miloapis.com and subprocessors.compliance.miloapis.com
  • Flux applies the CRDs from the OCI artifact using path: base/crd

scotwells added 2 commits May 3, 2026 10:59
Generate CRD YAML for Vendor and Subprocessor resources using
controller-gen v0.17.2 and place them under config/base/crd/bases/,
matching the billing-system reference pattern.

Key changes:
- config/base/crd/bases/compliance.miloapis.com_vendors.yaml
- config/base/crd/bases/compliance.miloapis.com_subprocessors.yaml
- config/base/crd/kustomization.yaml listing both CRDs as resources
- config/base/crd/kustomizeconfig.yaml for webhook/cert-manager support

The compliance-controller-manager cannot start without these CRDs
installed. The datum-cloud/infra deployment expects them at path
base/crd inside the compliance OCI artifact, consistent with how
billing-system publishes its CRDs.
The manager kustomization lives at config/base/manager/ following the
standard kubebuilder layout. The workflow had a stale path pointing to
config/manager which no longer exists.
@scotwells scotwells merged commit e81f567 into main May 3, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant