try to just mirror by host not labels - not working yet (see TODO)

SeldonIO · Nov 15, 2019 · 3520904 · 3520904
1 parent 30a6ab6
commit 3520904
Show file tree

Hide file tree

Showing 27 changed files with 921 additions and 2,364 deletions.
diff --git a/helm-charts/seldon-core-operator/templates/certificate_seldon-serving-cert.yaml b/helm-charts/seldon-core-operator/templates/certificate_seldon-serving-cert.yaml
@@ -2,19 +2,12 @@
 apiVersion: certmanager.k8s.io/v1alpha1
 kind: Certificate
 metadata:
-  labels:
-    app: seldon
-    app.kubernetes.io/instance: '{{ .Release.Name }}'
-    app.kubernetes.io/name: '{{ include "seldon.name" . }}'
-    app.kubernetes.io/version: '{{ .Chart.Version }}'
+  labels: {app: seldon, app.kubernetes.io/instance: '{{ .Release.Name }}', app.kubernetes.io/name: '{{ include "seldon.name" . }}', app.kubernetes.io/version: '{{ .Chart.Version }}'}
   name: seldon-serving-cert
   namespace: '{{ .Release.Namespace }}'
 spec:
   commonName: '{{- printf "seldon-webhook-service.%s.svc" .Release.Namespace -}}'
-  dnsNames:
-  - '{{- printf "seldon-webhook-service.%s.svc.cluster.local" .Release.Namespace -}}'
-  issuerRef:
-    kind: Issuer
-    name: seldon-selfsigned-issuer
+  dnsNames: ['{{- printf "seldon-webhook-service.%s.svc.cluster.local" .Release.Namespace -}}']
+  issuerRef: {kind: Issuer, name: seldon-selfsigned-issuer}
   secretName: seldon-webhook-server-cert
 {{- end }}
diff --git a/helm-charts/seldon-core-operator/templates/clusterrole_seldon-manager-role.yaml b/helm-charts/seldon-core-operator/templates/clusterrole_seldon-manager-role.yaml
@@ -3,151 +3,49 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   creationTimestamp: null
-  labels:
-    app: seldon
-    app.kubernetes.io/instance: '{{ .Release.Name }}'
-    app.kubernetes.io/name: '{{ include "seldon.name" . }}'
-    app.kubernetes.io/version: '{{ .Chart.Version }}'
+  labels: {app: seldon, app.kubernetes.io/instance: '{{ .Release.Name }}', app.kubernetes.io/name: '{{ include "seldon.name" . }}', app.kubernetes.io/version: '{{ .Chart.Version }}'}
   name: seldon-manager-role
 rules:
-- apiGroups:
-  - ''
-  resources:
-  - services
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - apps
-  resources:
-  - deployments
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - apps
-  resources:
-  - deployments/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - autoscaling
-  resources:
-  - horizontalpodautoscalers
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - autoscaling
-  resources:
-  - horizontalpodautoscalers/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - machinelearning.seldon.io
-  resources:
-  - seldondeployments
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - machinelearning.seldon.io
-  resources:
-  - seldondeployments/finalizers
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - machinelearning.seldon.io
-  resources:
-  - seldondeployments/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - networking.istio.io
-  resources:
-  - destinationrules
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - networking.istio.io
-  resources:
-  - destinationrules/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - networking.istio.io
-  resources:
-  - virtualservices
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - networking.istio.io
-  resources:
-  - virtualservices/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - v1
-  resources:
-  - services
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - v1
-  resources:
-  - services/status
-  verbs:
-  - get
-  - patch
-  - update
+- apiGroups: ['']
+  resources: [services]
+  verbs: [create, delete, get, list, patch, update, watch]
+- apiGroups: [apps]
+  resources: [deployments]
+  verbs: [create, delete, get, list, patch, update, watch]
+- apiGroups: [apps]
+  resources: [deployments/status]
+  verbs: [get, patch, update]
+- apiGroups: [autoscaling]
+  resources: [horizontalpodautoscalers]
+  verbs: [create, delete, get, list, patch, update, watch]
+- apiGroups: [autoscaling]
+  resources: [horizontalpodautoscalers/status]
+  verbs: [get, patch, update]
+- apiGroups: [machinelearning.seldon.io]
+  resources: [seldondeployments]
+  verbs: [create, delete, get, list, patch, update, watch]
+- apiGroups: [machinelearning.seldon.io]
+  resources: [seldondeployments/finalizers]
+  verbs: [get, patch, update]
+- apiGroups: [machinelearning.seldon.io]
+  resources: [seldondeployments/status]
+  verbs: [get, patch, update]
+- apiGroups: [networking.istio.io]
+  resources: [destinationrules]
+  verbs: [create, delete, get, list, patch, update, watch]
+- apiGroups: [networking.istio.io]
+  resources: [destinationrules/status]
+  verbs: [get, patch, update]
+- apiGroups: [networking.istio.io]
+  resources: [virtualservices]
+  verbs: [create, delete, get, list, patch, update, watch]
+- apiGroups: [networking.istio.io]
+  resources: [virtualservices/status]
+  verbs: [get, patch, update]
+- apiGroups: [v1]
+  resources: [services]
+  verbs: [create, delete, get, list, patch, update, watch]
+- apiGroups: [v1]
+  resources: [services/status]
+  verbs: [get, patch, update]
 {{- end }}
diff --git a/helm-charts/seldon-core-operator/templates/clusterrole_seldon-manager-sas-role.yaml b/helm-charts/seldon-core-operator/templates/clusterrole_seldon-manager-sas-role.yaml
@@ -4,28 +4,14 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   creationTimestamp: null
-  labels:
-    app: seldon
-    app.kubernetes.io/instance: '{{ .Release.Name }}'
-    app.kubernetes.io/name: '{{ include "seldon.name" . }}'
-    app.kubernetes.io/version: '{{ .Chart.Version }}'
+  labels: {app: seldon, app.kubernetes.io/instance: '{{ .Release.Name }}', app.kubernetes.io/name: '{{ include "seldon.name" . }}', app.kubernetes.io/version: '{{ .Chart.Version }}'}
   name: seldon-manager-sas-role
 rules:
-- apiGroups:
-  - ''
-  resources:
-  - secrets
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - ''
-  resources:
-  - serviceaccounts
-  verbs:
-  - get
-  - list
-  - watch
+- apiGroups: ['']
+  resources: [secrets]
+  verbs: [get, list, watch]
+- apiGroups: ['']
+  resources: [serviceaccounts]
+  verbs: [get, list, watch]
 {{- end }}
 {{- end }}
diff --git a/helm-charts/seldon-core-operator/templates/clusterrole_seldon-proxy-role.yaml b/helm-charts/seldon-core-operator/templates/clusterrole_seldon-proxy-role.yaml
@@ -1,22 +1,12 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  labels:
-    app: seldon
-    app.kubernetes.io/instance: '{{ .Release.Name }}'
-    app.kubernetes.io/name: '{{ include "seldon.name" . }}'
-    app.kubernetes.io/version: '{{ .Chart.Version }}'
+  labels: {app: seldon, app.kubernetes.io/instance: '{{ .Release.Name }}', app.kubernetes.io/name: '{{ include "seldon.name" . }}', app.kubernetes.io/version: '{{ .Chart.Version }}'}
   name: seldon-proxy-role
 rules:
-- apiGroups:
-  - authentication.k8s.io
-  resources:
-  - tokenreviews
-  verbs:
-  - create
-- apiGroups:
-  - authorization.k8s.io
-  resources:
-  - subjectaccessreviews
-  verbs:
-  - create
+- apiGroups: [authentication.k8s.io]
+  resources: [tokenreviews]
+  verbs: [create]
+- apiGroups: [authorization.k8s.io]
+  resources: [subjectaccessreviews]
+  verbs: [create]
diff --git a/helm-charts/seldon-core-operator/templates/clusterrole_seldon-spartakus-volunteer.yaml b/helm-charts/seldon-core-operator/templates/clusterrole_seldon-spartakus-volunteer.yaml
@@ -1,13 +1,9 @@
 {{- if .Values.usageMetrics.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRole
-metadata:
-  name: seldon-spartakus-volunteer
+metadata: {name: seldon-spartakus-volunteer}
 rules:
-- apiGroups:
-  - ''
-  resources:
-  - nodes
-  verbs:
-  - list
+- apiGroups: ['']
+  resources: [nodes]
+  verbs: [list]
 {{- end }}
diff --git a/...-charts/seldon-core-operator/templates/clusterrolebinding_seldon-manager-rolebinding.yaml b/...-charts/seldon-core-operator/templates/clusterrolebinding_seldon-manager-rolebinding.yaml
@@ -2,18 +2,9 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  labels:
-    app: seldon
-    app.kubernetes.io/instance: '{{ .Release.Name }}'
-    app.kubernetes.io/name: '{{ include "seldon.name" . }}'
-    app.kubernetes.io/version: '{{ .Chart.Version }}'
+  labels: {app: seldon, app.kubernetes.io/instance: '{{ .Release.Name }}', app.kubernetes.io/name: '{{ include "seldon.name" . }}', app.kubernetes.io/version: '{{ .Chart.Version }}'}
   name: seldon-manager-rolebinding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: seldon-manager-role
+roleRef: {apiGroup: rbac.authorization.k8s.io, kind: ClusterRole, name: seldon-manager-role}
 subjects:
-- kind: ServiceAccount
-  name: '{{ .Values.serviceAccount.name }}'
-  namespace: '{{ .Release.Namespace }}'
+- {kind: ServiceAccount, name: '{{ .Values.serviceAccount.name }}', namespace: '{{ .Release.Namespace }}'}
 {{- end }}
diff --git a/...rts/seldon-core-operator/templates/clusterrolebinding_seldon-manager-sas-rolebinding.yaml b/...rts/seldon-core-operator/templates/clusterrolebinding_seldon-manager-sas-rolebinding.yaml
@@ -3,19 +3,10 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  labels:
-    app: seldon
-    app.kubernetes.io/instance: '{{ .Release.Name }}'
-    app.kubernetes.io/name: '{{ include "seldon.name" . }}'
-    app.kubernetes.io/version: '{{ .Chart.Version }}'
+  labels: {app: seldon, app.kubernetes.io/instance: '{{ .Release.Name }}', app.kubernetes.io/name: '{{ include "seldon.name" . }}', app.kubernetes.io/version: '{{ .Chart.Version }}'}
   name: seldon-manager-sas-rolebinding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: seldon-manager-sas-role
+roleRef: {apiGroup: rbac.authorization.k8s.io, kind: ClusterRole, name: seldon-manager-sas-role}
 subjects:
-- kind: ServiceAccount
-  name: seldon-manager
-  namespace: '{{ .Release.Namespace }}'
+- {kind: ServiceAccount, name: seldon-manager, namespace: '{{ .Release.Namespace }}'}
 {{- end }}
 {{- end }}
diff --git a/helm-charts/seldon-core-operator/templates/clusterrolebinding_seldon-proxy-rolebinding.yaml b/helm-charts/seldon-core-operator/templates/clusterrolebinding_seldon-proxy-rolebinding.yaml
@@ -1,17 +1,8 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  labels:
-    app: seldon
-    app.kubernetes.io/instance: '{{ .Release.Name }}'
-    app.kubernetes.io/name: '{{ include "seldon.name" . }}'
-    app.kubernetes.io/version: '{{ .Chart.Version }}'
+  labels: {app: seldon, app.kubernetes.io/instance: '{{ .Release.Name }}', app.kubernetes.io/name: '{{ include "seldon.name" . }}', app.kubernetes.io/version: '{{ .Chart.Version }}'}
   name: seldon-proxy-rolebinding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: seldon-proxy-role
+roleRef: {apiGroup: rbac.authorization.k8s.io, kind: ClusterRole, name: seldon-proxy-role}
 subjects:
-- kind: ServiceAccount
-  name: default
-  namespace: '{{ .Release.Namespace }}'
+- {kind: ServiceAccount, name: default, namespace: '{{ .Release.Namespace }}'}
diff --git a/...-charts/seldon-core-operator/templates/clusterrolebinding_seldon-spartakus-volunteer.yaml b/...-charts/seldon-core-operator/templates/clusterrolebinding_seldon-spartakus-volunteer.yaml
@@ -1,14 +1,8 @@
 {{- if .Values.usageMetrics.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRoleBinding
-metadata:
-  name: seldon-spartakus-volunteer
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: seldon-spartakus-volunteer
+metadata: {name: seldon-spartakus-volunteer}
+roleRef: {apiGroup: rbac.authorization.k8s.io, kind: ClusterRole, name: seldon-spartakus-volunteer}
 subjects:
-- kind: ServiceAccount
-  name: seldon-spartakus-volunteer
-  namespace: kube-system
+- {kind: ServiceAccount, name: seldon-spartakus-volunteer, namespace: kube-system}
 {{- end }}