Squashed commit of all the changes since we forked Kf.

Refer to https://cloud.google.com/migrate/kf/docs/2.9/resources/release-notes for details about the changes.

Author: guangyw

Diff for: .gcloudignore

@@ -0,0 +1,2 @@
+!.git
+bin

Diff for: .gitignore

@@ -1,2 +1,4 @@
 bin
-vendor
+/vendor
+operator/vendor
+.idea

Diff for: .gitmodules

@@ -1,3 +0,0 @@
-[submodule "docs/kf.dev/themes/themes/docsy"]
-	path = docs/kf.dev/themes/docsy
-	url = https://github.com/google/docsy.git

Diff for: CHANGELOG.md

@@ -1,56 +1,41 @@
 # Kf
 
-[![knative.slack.com][slack-badge]][kf-slack]
+See go/kf for details.
 
-`kf` provides a `cf`-like experience on top of Knative.
+## Getting started the manual way
 
-![](./docs/images/helloworld.gif)
+Follow the install instructions at go/kf-docs to create a GKE cluster,
+install Kf into it, and deploy an app with the `kf` CLI.
 
-`kf` aims to be fully compatible with CF applications and lifecycle. It supports
-logs, buildpacks, app manifests, routing, service brokers, and injected services.
+## Deploy a local Kf install to a new cluster
 
-At the same time, it aims to improve the operational experience by supporting
-git-ops, self-healing infrastructure, containers, a service mesh, autoscaling,
-scale-to-zero, improved quota management and does it all on Kubernetes using
-industry-standard OSS tools including Knative, Istio, and Tekton.
+If you need to set up a new development cluster run the following command:
 
-## Getting started
-
-Follow the [install instructions](docs/install.md) to create a GKE cluster, install Kf into it, and deploy an app with the `kf` CLI.
-
-## How to build
-
-**Requirements:**
+```sh
+./hack/deploy-dev-release.sh
+```
 
-  - Golang `1.12` ([go mod](https://github.com/golang/go/wiki/Modules#quick-start)
-is used and required for dependencies)
+It will fetch all your local sources and kick off a Cloud Build that builds
+a version of Kf, creates a GKE cluster and installs the Kf version onto it.
 
+## Iterative development
 
-**Building:**
+**Building the CLI:**
 
 ```sh
 $ ./hack/build.sh
 ```
 
-**Notes:**
-
-- The `kf` CLI must be built outside of the `$GOPATH` folder unless
-you explicitly use `export GO111MODULE=on`.
-
-## Development and releasing
+**Installing Kf server-side components:**
 
 We use [ko](https://github.com/google/ko) for rapid development
 and during the release process to build a full set of `kf` images
-and installation YAML.
-
-To update your cluster while developing run `ko apply`:
+and installation YAML. Run the following to stage local changes on
+a targeted cluster:
 
-```
-KO_DOCKER_REPO=gcr.io/my-repo ko apply -f config
+```sh
+$ ./hack/ko-apply.sh
 ```
 
 This will build any images required by `config/`, upload them to the provided
 registry, and apply the resulting configuration to the current cluster.
-
-[slack-badge]: https://img.shields.io/badge/slack-knative/kf-purple.svg
-[kf-slack]:    https://knative.slack.com/archives/kf

Diff for: CONTRIBUTING.md

@@ -0,0 +1,26 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM gcr.io/google.com/cloudsdktool/cloud-sdk:alpine
+WORKDIR /scripts
+COPY delete_dm_deployments.py .
+COPY delete_gke_clusters.py .
+COPY cleanup_load_balancers.py .
+COPY cleanup_firewall_rules.py .
+COPY delete_disks.py .
+COPY reap_gcr_containers.py .
+COPY reap_ar_repos.py .
+COPY reap_iam_bindings.py .
+COPY reap_hub_memberships.py .
+COPY reap_service_keys.py .

Diff for: README.md

@@ -0,0 +1,5 @@
+Reap GKE Clusters
+=================
+
+This Cloud Build template creates and publishes a new container used by the
+reapers.

Diff for: SECURITY.md

@@ -0,0 +1,96 @@
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the License);
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an AS IS BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import subprocess
+import json
+import argparse
+
+
+def execute(command):
+    call = subprocess.run(command.split(), stdout=subprocess.PIPE, check=True)
+    return call.stdout.decode("utf-8")
+
+
+def list_compute_instances(project_id):
+    """Lists the compute instances in the given project."""
+    return json.loads(execute("gcloud --project {} compute instances list --format='json'".format(project_id)))
+
+
+def list_compue_instance_tags(project_id):
+    """Returns a set of compute instance tags that are applied to any
+    instance.
+    """
+    tags = set([])
+
+    for instance in list_compute_instances(project_id):
+        if 'tags' in instance:
+            instance_tags = instance['tags']
+            if 'items' in instance_tags:
+                tags.update(instance_tags['items'])
+
+    return tags
+
+
+def list_compute_firewall_rules(project_id):
+    """Returns a list of all firewall rules."""
+    return json.loads(execute("gcloud --project {} compute firewall-rules list --format='json'".format(project_id)))
+
+
+def list_abandoned_firewall_rules(project_id):
+    """Returns a list of all firewall rules that don't target any known GCE
+    instance.
+    """
+    tags = list_compue_instance_tags(project_id)
+    firewall_rules = list_compute_firewall_rules(project_id)
+
+    abandoned = []
+    for rule in firewall_rules:
+        # don't catch anything without tags
+        if 'targetTags' in rule:
+            target_tags = set(rule['targetTags'])
+            if len(target_tags) == 0:
+                # just in case there is an empty targetTags, which is against
+                # the API, but they could change in the future.
+                print("rule {} targets all resources".format(rule['name']))
+            elif tags.isdisjoint(target_tags):
+                abandoned.append(rule)
+            else:
+                print("rule {} is in-use".format(rule['name']))
+        else:
+            print("rule {} targets all resources".format(rule['name']))
+
+    return abandoned
+
+
+def delete_abandoned_firewall_rules(project_id, dry_run=False):
+    """Deletes each of the abandoned firewall rules returned by
+    list_abandoned_firewall_rules.
+    """
+    abandoned = list_abandoned_firewall_rules(project_id)
+    for rule in abandoned:
+        name = rule['name']
+        print('delete firewall-rule {}'.format(name))
+        if dry_run:
+            continue
+        print(execute('gcloud --quiet --project {} compute firewall-rules delete {}'.format(project_id, name)))
+
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser(description='Delete abandoned firewall rules')
+    parser.add_argument('project_id', metavar="PROJECT_ID", type=str)
+    parser.add_argument('--dry-run', action='store_true')
+
+    args = parser.parse_args()
+
+    delete_abandoned_firewall_rules(args.project_id, dry_run=args.dry_run)