Skip to content

Commit

Permalink
Disable lakom via annotation from seed (#106)
Browse files Browse the repository at this point in the history
* Add value & update configmap for controller chart

* Deploy lakom based on deployseedresources flag

* Use default value "true" for deploying seed resources

* Rename `DeploySeedResources` to `Enabled` and move to `SeedBootstrap`

* Add logs for disabling/installing lakom based on `Enabled` in `SeedBootstrap`

* Update configmap with API changes & refactor admission controller deletion code

Co-authored-by: Vladimir Nachev <[email protected]>

* Remove annotation from values.yaml & Rename annotation & Use annotation in configmap

The annotation is a gardener implementation detail that does not need to
be exposed via the values.yaml interface. This it's removed.

Annotation is renamed to better reflect its function and official
annotation naming conventions are used from
https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#label-selector-and-annotation-conventions

* Update chart

* Rerun make generate & make format

* Update how the way `enabled` is rendered & update chart in contr. registration

---------

Co-authored-by: Vladimir Nachev <[email protected]>
  • Loading branch information
rrhubenov and vpnachev authored Oct 2, 2024
1 parent ff96d0d commit a83b159
Show file tree
Hide file tree
Showing 6 changed files with 22 additions and 5 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,10 @@ data:
{{ toYaml .Values.controllers.cosignPublicKeys | indent 6 }}
seedBootstrap:
ownerNamespace: {{ .Release.Namespace }}
# We want to ensure that enabled receives a default value of "true" if the annotation is not passed with the helm chart values.
# Check https://github.com/helm/helm/issues/8026#issuecomment-833059490 for an explanation on why dig is needed.
# Dig only traverses maps but `.Values` is of another type. The `merge (dict)` part transforms it into a map.
enabled: {{ dig "gardener" "seed" "annotations" "service.lakom.extensions.gardener.cloud/enable-lakom-admission-controller" "true" (.Values | merge (dict)) }}
useOnlyImagePullSecrets: {{ .Values.controllers.useOnlyImagePullSecrets }}
allowUntrustedImages: {{ .Values.controllers.allowUntrustedImages }}
allowInsecureRegistries: {{ .Values.controllers.allowInsecureRegistries }}
Expand Down
2 changes: 1 addition & 1 deletion example/controller-registration.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ kind: ControllerDeployment
metadata:
name: shoot-lakom-service
helm:
rawChart: H4sIAAAAAAAAA+0caW/bOHY++1dw1RlMW4zkO5k10MW6iacN2iaGnenuYLEIaIm2OZFFDSk59bTd376PpCTr8pnUTXf9UKQyxeORfDcfNcHcIR7hJvkQEE9Q5pliylhguviWzUxB+JzapPrdfaAGcNpuq/8B8v+r53qzVW+0Gycnsrx+2mi1v0Pte426JYQiwByh7zhMel29Te+/UZhst//WlLgzOvEYJ7uPITf4pNVauf+w7dn9b9RbtcZ3qPbw0y3C//n+P0F9HASEewIFDOkdRndT4qFRSF2HehPkY/sWT4iwKk/Q9ZQKJELfZzyAB6AKF01cNkIzHNhTqP0T4sTFAZ0TaBdMU+XYc6ADj0zgLfPQU5+TMf1AHHRHod5fnlnoynMXiHmqpUQJ+YQjl3rEqljnw5thALhBF2dsNoMO3p8NkUO5qFgTGlTVX41+xRr9yavqb1wwnVTln/inmHvVZUcjmF/oozF1iag8t8SdD39H+Bb+BjN4/g9UfY85ZaFAF+c9GNDn7HdiBxWLOgRXdT0oqlhzYTOHVCtfe1e3hy35/2yKeWAt8MzdY4xN/N9ot/L8Xz9tHvn/EIB9+p5wue8dNK9XsO8nP426VTMqDhE2p36girroNegBZEtqQGPGUTAl6FVEQuitJBk01CSDejFBqYpDSVQgQjw8Ix20HdVV5jEqNQtw+Ya46tuBLfnfYbY1YXuOsYn/T/P2X6PWbJ4c+f8QUK2iYf/8n+YvoP3OmL8AlTkNroEYOqhRazTQsNtHwx4CDsae+oHHoCgpDgiy2czH3kIq9qUMsJkXcDoKQVeLSrVaift/C1TkCWJeQLWAjinhIE3AspgSswGsDfUmrDORXciuxRSZNjJGGB6+//iqOzjvXfYGN6+7Z29uzi8Gn6txTVONx1wXKJiTCRUBV+aFBQ1L6BhZ6PunNg6QZVXh3/veYHhxdfks+kk+4JnvkuqqPqX6W4q1Tkn/hpwIWFTKYIrEJPHwCCwLlJmftqCUZIwKpaUlpanNOAfbAi2RQBkkKn6693vLxC35PyCwMoC52McT3Nn/a9QbrebR/zsE7Lz/N2Dzg10urMDf1hbc7P81c/vfbJ+0j/L/EPDxo4mQA54YuF0GnYFgMZD5+XMFIfmGjtEUi77y1JAhprjRPukYyHqP3RAcQlXfCvAEJS18Tr1gjIwfxN9/EPmanPhMUFANi3VdEFeQsg47e3cICgp+pB7Vczxrl2CHgNcKUhfInzp6Adbyg6nbmHGjpG/Z8mtv6U6wM//bLnAM4WAEwF9humwyAdW11jXcaP+12jn+PzlpHv2/g8CTL2j+Pak82c74M02zknZEx8DJXjCigaWfLMqq8zp2fRBAlVvqOR10psnwF0WGlRkJsIMD3AGOd/EIJIh8QqmOYjqvBgsfHFBDEOIYUEf7oxuYXf6qCJ/YsteI8uUjSCfMoZYeDKFbsrhU/QFXREVRhW1GMHXdqCEn8iU5l7NCAQ8JlKtgWgfdhiPCPQLcaD1f2+9z9ev5Oom0L/9rXB+G/9v10yL/nx75/xDwjfN/X7NMmv+35uglv+0iMmIx8LsATFWLgM7IG7IALhXflu6XsDv/M29MJzPsp1rospUyYAP/108L/H/abB/t/4PAo+T/eT3mckVY77C/K4dbmiSjygLGghYfPyJrACY7FsS6jIulOxB3nKLjDvqkmDuNlhrBSsYV0SCJoLBsl4VOLKnqqn16HqEO4ahyG/yWidcPRy61QXiA8AHsAvabDDHFrswyBCSfs/XRJwQ9w3KiE+3oICTl00sZZQ849mOThN0BYpdbrIGsHAoiz+AupAvVD113SGxOAqFblSC1on7cHXZddvcrVJei2lG1VvdVVjnT0QVQkB1yMtDRMLqpr2L9uDuHjMKJ3pJ4mXSQrs+ZpG5vsrLnVFMr1wZ2BDxKHLoBGuPEhV12Dq0CSf7M22eYktZlA+7M//eQ/8rTnoMDzLjJ5oTfcRqQMiWwSf7XThpZ+d+stRq1o/w/BDwa+R+FmzJhnPeKuK5i2pIEvrOaKCHwFNNF9C0lIfReTtJbKpGsGYl930r5aWDA7o7Oio6oByTrleGS1mVqKuImy5hSqxX1TOlaJ/qllYudfW2KPcJDws7y3yG+yxYz6ZVtmw6yXv7XG43Tes7+bzXrx/yvg8Cjkf9pwQ4yT1QT6X6eUNw9xfuWgjyviVTS2IAIFnI7NiKx57FAWfORvOfx+7w3oJt3kCFjeEZakH4hhSEzNS0xrarz4QMoHDUmkI2J55jCjIA8gkUcEli5LDqmsrR5k7gKJ3MqsXwNRjvji7d0RmEWbfXGB+cHZ83+qPCMhaCqFDZCHcqwKCirQqZvU+v8gCu9z1rFgjTCLkXPqr88WakQMmdQb0rCFK6Fzj+hP0IWpFDLt5P5Biv9DajHqS36MidhY0/CBv9ySdFxJeBm+1aEszURIjU+9Ww3dIhMAKWwZ99b19GSWC9hNn2ZNGpsijIZz5AFiOoDSRhzieyWZuRWSJdag/vMYbWntH4iiaCQ4GaI+EHJeD+mlwDV7xi/lScAeQZnJgeepDNigmhXZxkg9ZVnTpzt2jvABbu18FV8xIzq7Np65DL7ljimTR2eaxtLpxSJTQL0VG5+mSR6huopIQEq0wOZmOJo5nRhabqFF5LVyJhwTpzzEEhrMgQCdULp7V8oPRIV9z4QO1QpmammJrojUn13UL1WS5Xr8aKxrgmfdTIvI8oaZsRmGpQI7X0AzITISqblyLcy/l1OkYXaCDFfZjzBWOjCK3k9VwtaHEYOtBd1b8QzJvaHxXUd42gImM9cNlmo4wMji9OUiUCun7FKIIDsYSBIFmcuFuIyy/tiIUDTmH9NCCFama5tS/q83FdSqJCaHFOGo8BKTOYDvN4Vl8wbgJmcnFdqUHzU53QONuaE9ISNXazTiVXYKqkHfUubUse3SHpJtbEw0OLkXMe8otdSi2HqRQeyet3vIQeVpM6I+DgpxipUkxHPPgOeX2T0qk5A8ZOXGTHLJylaMZEZKbUXVRLY1azLlVJ3mRYuHRN7YbvEnOEPsj3sCAfj2ORE/pC3GF6sUPNJU2vZbLjwbJHGUY4xJdgNpko57j5KqvGmcbRxbGoekzu0NIBW9a6bXMUtukmDfN+5FB2TOi/S21rM+rFKVoEHI4IDM3EbXqyNnxcbwszJnQlqAjYVu7C3MBVn3crpdpZqdxE1G+pW5ZtkjsBJMrHjSPH8orN2T5R9l+slMv226yZtJ6btQ3kbKE3XCVf2t7U6M6JRM3D0OqMcWcBs5nbQ9Vk/KXfpHFZLCBAco4zYmAaB/4oEWeEsbyV1UFUvyJ85NbkG2fIVlCCA1CW+r6+v+6kXUt1S7J4TFy+iHZSaeSkxgQDpznjLVouDo91OKhBvnt5ovVNve93z3uCm97Z3dn1xdXlz2X3XG/a7Z71Uv0pR/gKORHZaY0pcZ0DGeQ2qyvtqzrGTZCVcmNTd0dqP8b14133Vew/IXg1urt73Bv8YXFwXcIXFVi50KoZaLQ2qZrDJaOgCgjwbRYgJISosOwNctvgEWpXOlnHZei0/UG7sOXPDGXkn9b0o7lk2ISI5Lo1hJpvp9S/qplQ9SY/yDDCn8/fcmA2+1wr8Ctu0HX6Z5dKLVTAi1q6SHR87pIl3p8PpGADpWc6IjGzVMitAgxYIxfc7Lf2uC79myg9y0BJDdLD5jjnQc6tRS83teAzxkLBz/B98SYcKHqobgaPQmZCNBwGbzn+bzXz+/0mjccz/OQg8yvi/rxyn5QlAnznnCc29VDR3mKOAR3KmG0efwBX71YvC7OAho/ojD3dHqkiQGYj4M0kvHDyvv71AdatxYtbA5TrDvj4xoNDfG+g6ogHrFQ2iRz186GlLdgG00APMVCZM5Hx33Tu8EF0ZZjgeVO8IO8t/PsL2jh8C2CD/m+1WPv+zWWsd878PAo9C/j9B11fnV0/nvifL5s86aEBmYBYC13uEOMSRXwKZUR1+RgzkTXRVNrkiS4Wy9BdFXaLoFYfBlHH6p75Ce/uz0Bnl2VzyAXPJujzT/BlmZ524fBR6g4eudGlMmcX6irPQj26tyPP1SsbxlKXLzA75EiT2KHoh1a3836VCP9xJLVPsduVKFceKbpHsOdCqU+XiODPsgaPhJKXZ8YznRrFzwyh2k9gKX35lllVzP6uw00G4HQL6alL8FPpA0WS7mSaHlnp4oTN6NSrzImmUrqDNGHeol2a24kCKUnO9wVhYuYGbV3S3MeJyZdzpd1vFgkvPm5IobRb5aJXjXbmfHHoJBdSb/I+JI5hYFOqLd3PNulSS5PmUeL7PKohwJL/apASi7nmYORT7ko7E11bzK2Fn+y+OYe1gAm6w/xr1WqN4//+Y/3cQWGv/Nb/2/Z+IQe+b1i1vxmzt8RdysFI5IyvT2cYcmAW7rhrK1BlSJhAWaAJhRokkpj4mQz/+66MhH43tTtl+MuJjL6NjXJ/1jc///nFrvJIpm3GcIEIgFSgAPHKpB5kTFxhVd2p83mVknzmm0jrJyMtTVFgRKvP4MrbOo1BRcaRFZxxEmueiX4izfDUEU4etZsk56dZZftHwxRNVTbQ7nNt+bQl2hPvAvvofa5tpKzNg0/3/k9P89z/a9XbrqP8PAY8i/rNJ/8cG+v9TzB9cIqYOubNrcM1uSZI59wD7vzP/z32863dgN53/Fb//0Tht1I/8fwh4NPyfS1uQZKZvPju5W5+G5AyZRCrNzySEYkQSA6oFFF72mdON6pV+H+QLCI7YdiyZSWwlpzNCs2Va2qTy5qCQxvkoqYS6vTN3Z9Traj9kmboxIzPGdfYqJ3+ElBMHGavxtpZ9WLqpjrvrlsaaGZe0zH+dLbY8k1ywsgthsrxwKWy/FBR5pqgidun11yU66yTVUk4oXdla1vvWL8duKf91mvueHwDfFP85KX7/s9U4fv/3IPAo5H+KMztln+2tpO/WdFCzUtF5+kqKxl+A7CAScuYT05G3eLjl304sh8yrCYVHX+2v6ktCSXk1fcRSMrYUTBOZCQjWjxQ2firt/2J8yYK+/FQbyKFKWaodyBEpap5E9/E76jmXXxiVZSczZswaYV6KZraVQm9etxpWs5K7rBobipXMwYiU2DCXSLnYfthB7dqsktYI9cbP72gF5J6sE+nhJIWyTHMV1Uvc1UkLetokbA2prI1KJRVmUB8xWJXsv7w7ktxpSDRo+sKBJOOKvBObXEnYUE2f7MR3eotJ+EB9smbh8z16m+WW+Klv+uiSeLNvyaIeFclbMRN5e2c666DBsDscds3+m7Nh3ZzXb9rm8HW30T5J6qpM0E9m8hvoR8LL3quLS9T/9eXbizP0pvebKkxVqjearXyb3uX5ihYpLBuHxBKPbGc7LJe57B30c+1nuQ+pUJQqk+u78itGMcmUf5co87bsY0NxhcLngwofD1rea1rz6Z8Hc+GOcIQjHOEIRzjCEY5whCMc4QhH2Aj/BRSUflEAeAAA
rawChart: H4sIAAAAAAAAA+09a2/bOLbz2b+Cq8xi22Ilv5OOgV5c1/G0QdvEiDPdu7i4yNASY3MjiVpScuppu799D0lJ1suvJHXTuz4YpDLFxyF53jzUTDF3iE+4ST6FxBeU+aaYMRaaLr5lnikIn1Ob1H96CDQATrpd9S9A8V/13Gx3mq1u6/hYljdPWp3uT6j7oFG3hEiEmCP0E4dJr6u36f0PCtPt9t+aEdejU59xsvsYcoOPO52V+w/bnt//VrPTaP2EGo8/3TL8h+//ERrhMCTcFyhkSO8wupsRH00i6jrUn6IA27d4SoRVO0JXMyqQiIKA8RAegCpcNHXZBHk4tGdQ+6+IExeHdE6gXTjLlGPfgQ58MoW3zEfPAk5u6CfioDsK9f703EIXvrtAzFctJUooIBy51CdWzTodX49DwA26GDDPgw4+DsbIoVzUrCkN6+qvRr9mTf7gdfU3KZhN6/JP8lPM/fqyownMLwrQDXWJqL2wxF0Afyf4Fv6GHjz/C6p+xJyySKCz0yEMGHD2D2KHNYs6BNd1PSiqWXNhM4fUa997V7eHLfl/MMM8tBbYc+8xxib+b3U7Rf5vnrQP/L8PwAH9SLjc9x6aN2s4CNKfRtNqGDWHCJvTIFRFffQW9ACyJTWgG8ZROCPoTUxC6L0kGTTWJIOGCUGpimNJVCBCfOyRHtqO6mrzBJWGBbj8QFz148CW/O8w25qye46xif9PivZfq9FuHx/4fx9Qr6Px6PR/zF9B+w1YsACVOQuvgBh6qNVotdC4P0LjIQIOxr76gW9AUVIcEmQzL8D+Qir2pQywmR9yOolAV4tavV5L+n8PVOQLYp5BtZDeUMJBmoBlMSNmC1gb6k1Zbyq7kF2LGTJtZEwwPPz8+U3/8nR4Pry8ftsfvLs+Pbv8Wk9qmmo85rpAwZxMqQi5Mi8saFhBx8hCPz+zcYgsqw7/fRxejs8uzp/HP8kn7AUuqa/qU6q/pVjrVfRvyImARaUMplhMEh9PwLJAuflpC0pJxrhQWlpSmtqMc7At0BIJlEOiFmR7f7BM3JL/QwIrA5iL+3iCO/t/rWar0z74f/uAnff/Gmx+sMuFFQbb2oKb/b92Yf/b3ePuQf7vAz5/NhFywBMDt8ugHggWA5lfv9YQkm/oDZphMVKeGjLEDLe6xz0DWR+xG4FDqOpbIZ6itEXAqR/eIOPP4r//LIo1OQmYoKAaFuu6IK4gVR327t0hKCj4kXlUz8msXYIdAl4rSF0gf+roBVjLD6ZuYyaN0r5ly++9pTvBzvxvu8AxhIMRAH+F6bLpFFTXWtdwo/3X6Rb4//i4ffD/9gJH39D8O6odbWf8maZZyzqiN8DJfjihoaWfLMrq8yZ2AxBAtVvqOz000GT4qyLDmkdC7OAQ94DjXTwBCSKfUKajhM7r4SIAB9QQhDgG1NH+6AZml79qIiC27DWmfPkI0glzqKUHQ+iWLM5Vf8AVcVFcYZsRTF03bsiJfElO5axQyCMC5SqY1kO30YRwnwA3Wi/W9vtC/XqxTiLdl/81ro/D/93mSZn/Tw78vw/4wfl/pFkmy/9bc/SS33YRGYkY+IcATFWLkHrkHVkAl4ofS/dL2J3/mX9Dpx4OMi102UoZsIH/W2X9f9LuHvh/L/Ak+X/eTLhcEdYHHOzK4ZYmybiygLGgxefPyLoEkx0LYp0nxdIdSDrO0HEPfVHMnUVLjWCl44p4kFRQWLbLIieRVE3VPjuPSIdwVLkNfsvUH0UTl9ogPED4AHYh+7sMMSWuzDIEJJ/z9dEXBD3DcqJj7eggJOXTaxllDzkOEpOE3QFi51usga5+hP5G0B2GbkMGDo2IOEHhDCdRLAfMEpvQOREIS/8JR26I5hJbxMBHk2aKIZ1GGcjCvs9CfdZHBYJnsIWESM77ZI3Z8ixhrmecYjGYEfsWzcIwEL16fQotogmsgVeXbfQfKgQ0qb8Ea+FIPcNrDxbEfNluN7q/dH5pqPAa0C35BLLL16jAf3ezBXLoVGEFS0ac5bCnUMzkKSQsoTx8gHmCpBMICBr9Hm/L77IhzBbDlGZA8lI7WOgK5vO7R/iUoGcOtcPnv0vTL5Qd+QLw8ASiIWwZLCuWfSZjxuuqNkYiZSTEZMQKBxnLhRSqUBN4iRgLVKg7jrkCOx4sUSyqY5oykv16Fk8MSCo7gecJVUSCyJPZM+lYjyLXHRObk1BoWqog1RX1k+6w67K736C6VOCOqrW6r6rKuY7OQK7YQKWXOkZKN/VVrp9055BJNNWM2sttzogzKfP86cqeM02tQhtY1IRPbnAa2Fh2Dq1CKRSZf59hKlpXDbhG/j9A/6tIy5zYIOtNBtxyx2lIqoyADfq/2Thu5fV/u9FpNQ76fx/wZPR/HG7MhfE+KuK6SGhLkvLOZkIFgWfYK6ZvqQmh92qS3tKIyLsROAisjJ8ODszu6KzoiPpAsn4VLllbRk1FXOcZU1o1ZTujcq1T+6JTiJ1+b4o9wGPCzvLfIYHLFtLQ2jodaL38b7ZaJ82C/9dpNw/5f3uBJyP/s4IdZJ6op9L9NKW4B4r3LQV5UROppMFLIljE7cRczNjkWt7z5H3RDtfNe7GxnRWk30hhSOfIErO6cqz2oHDUmEA2Jp5jCjMC8ggXSUho5bLomNrSuk3japzMqcTyLZjnjC/eU4/CLLrqTQDOL84b+HHhgEWgqhQ2Qh3KsTgor0Lm7zPr/IgrfZ+1SgRpjF2GnlV/RbJSRwicQb0ZiTK4ljr/gv4ZsTCDWrGdzDdZ6VlAPU5tMZI5KRt7EjbHwZKik0q2dNlF5K2JEKrxqW+7kUNkAjC4w+hn6ypeEus1zGYkk4aNTVFG4zmyAFF9IA1jLpHd0ozcCulKa/A+c1jtKa2fSCooJLg5In5UMr4f00uA6neM38oToCKDM5MDT1KPmCDa1VkWSH3lgxNnu/YOcMFuLQIVHzPjOru2nrjMviWOaVOHF9om0ilDYtMQPZObXyWJnqNmRkiAyvRBJmY4mjl9WJp+6YVkNXJDOCfOaQSkNR0DgTqR9OvPlB6Ji4efiB2plNxMUxPdEam+e6jZaGTK9XjxWFeEe73cy5iyxjmxmQUlQoefADMVQhLlGqY8+eytoMhSbYRYIDPeYCx05le81sHA8jByoHtR90Y8E2J/XFzXMY6GkAXMZdOFOj4y8jjNmAjl+hmrBALIHgaCZDFwsRDned4XCwGaxvwlJYR4Zfq2Lenz/L6SQgXP5Jgy8ARWYjof4PW+OGf+JZjJ6Xm1BsVHI07nYGNOyVDY2MU6nVwFqNJ60Le0KXUki2SXVBsLl1qcnOroVvxaajFM/fhAXq/7A+SgktQ5EZ8kRVmlajK2OWLA84ucXtUJSEH6Midm+TRDKyYyY6X2qk5Cu553uTLqLtfCpTfEXtguMT38SbaHHeEy7s2J/CFvsbxaoebTptay2Xjh2yKLoxxjRrAbzpRy3H2UTONN42jj2NQ8JndoaQCt6l03uUha9JenDIW+CylaJnVeZbe1nPVlVawCDycEh2bqNrzacH5SbAgzJ3cmqAnYVOzC3sJUnHUrp9tZqt1Z3GysW1VvkjkBJ8nEjiPF86ve2j1R9l2hl9j0266brJ2YtQ/lbbAsXadcOdrW6syJRs3A8euccmQhs5nbQ1eDUVru0jmslhAgOCY5sSGPj96QMC+c5a20HqrrBfmjoCbXIFu9ghIEkLrE9+3V1SjzQqpbit1T4uJFvINSMy8lJhAg3Rlv2Wqxd7S7aQXiz7MbrXfq/bB/Ory8Hr4fDq7OLs6vz/sfhuNRfzDM9KsU5a/gSOSndUOJ61ySm6IGVeUjNefESbJSLkzr7mjtJ/iefei/GX4EZC8ury8+Di//dnl2VcIVFlu50JkYar0yqJrDJqehSwjyfBQhIYS4sOoMeNniC2hV6i3jss1GcaDC2HPmRh75IPW9KO9ZPiEmPS5PwJPN9PqXdVOmnqRHedpX0Pn33JgNvtcK/ErbtB1+ueXSi1UyItaukp0cO2SJd6fkhAQAaa9gRMa2apUVoEELhPL7nZZ+14VfM+VHOWhJID7C/MAc6LnTamTmdjiGeEzYOf4PvqRDBY/UjdBJ5EzJxoOATee/7Xbx/sdxq3W4/7EXeJLx/0A5TssTgBFzTlOae61obj9HAU/kTDeJPoEr9psfh9nBQ0bNJx7ujlWRIB6I+IGkFw6e13+9Qk2rdWw2wOUa4ECfGFDo7x10HdOA9YaG8aMePvK1JbsAWhgCZirnJXa+++4dXoi+DDMcDqp3hJ3lP59ge8cPQWyQ/+1up5j/3250Dvm/e4EnIf+P0NXF6cWzeeDLsvnzHrokHpiFwPU6Q1N+CSbOYBSIgbyJr0qnV6SpUJb+oqxLFL3iKJwxTv/QV6hvXwp9oyB/l+CSuWRdnnHxDLO3Tlw+Cb3BI1e6NKbMYn7DWRTEt5bk+Xot53jK0mVmh3wJEnsSv5DqVv7rUqEf7qSWKXe7cqXKY8W3iO450KpT5fI4HvbB0XDS0vx4xguj3LlhlLtJbYVvvzLLqoWfddjpMNoOAX01LXmKAqBost1M00NLPbzQubsalXmZNCpX0GaMO9TPMlt5IEWphd5gLKzcwM0rutsYSbky7vS7rWLBledNaZQ2j3y8ysmuPEwOvYYC6k//n4kjmFgc6kt2c8261NLLExnx/JBVENFEfrVLCUTd8zh3KPYtHYnvreZXws72XxLD2sEE3HT/q9lolb//cMj/2wustf/a3/v+V8ygD03rlhdptvb4SzlYmZyRlelsN1zesnFdNZSpM6RMICzQBMKME0lMfUyG/vK/nw35aGx3yvZXIzn2MnrG1WBkfP2/v2yNVzplM4kTxAhkAgWARyH1IHfiAqPqTo2vu4wcMMdUWicdeXmKCitCZR5fztZ5EioqibTojINY85yNSnGW74Zg5rDVrDgn3TrLLx6+fKKqiXaHc9vvLcEO8BC4r/7H2mbaygzY9P2H45Pi/e9us9s56P99wJOI/2zS/4mB/p8U8weXiKlD7vwaXLFbkmbOPcL+78z/8wDv+h3gTed/5e+/tE5azQP/7wOeDP8X0hYkmcV34wu3Pg3JGTKJVJqfaQjFiCUGVAspvBwxpx/Xq/w+zDcQHIntWDGTxErOZoTmy7S0yeTNQSFN8lEyCXX3ztz1qN/XfsgydcMjHuM6e5WTf0aUEwcZq/G2ln1YuqmOu+uWxpoZV7Qsfp0vsTzTXLCqC2GyvHQp7H4pKPJMUUXssuuvS3TWSaalnFC2srWs96Nfjt1S/sff57jfB+A3xX+Oy99/7bQO33/eCzwJ+Z/hzF7VZ5tr2bs1PdSu1XSevpKiyRdAe4hEnAXEdOQtHm4Ft1PLIfN6SuHx/7Whri8JpeX17BFLxdhSME1lJiBYP1LYBJm0/7ObcxaO5Kf6QA7VqlLtQI5IUXMU38fvqedCfmFclp/MDWPWBPNKNPOtFHrzptWy2rXCZdXEUKzlDkakxIa5xMrFDqIe6ja8WlYjNFsvP9AayD1ZJ/1GTZxCWaW5yuol6eq4Az1tEraGVNZGrZYJM6iPGKxK9l/eHUnvNKQaNHvhQJJxTd6JTa8kbKimT3aSO73lJHygPlmz9Pkmvc1yS4LMN510SbLZt2TRjIvkrZipvL0z83roctwfj/vm6N1g3DTnzeuuOX7bb3WP07oqE/SLmf4G+pHwevjm7ByNfnv9/myA3g3/rgozlZqtdqfYZnh+uqJFBsvWPrHEE9vZDstlLnsPvWy8lPuQCUWpMrm+K79XlJBM9ReIcm+rPiuUVCh9KKj0maDlvaY1H/l5NBfuAAc4wAEOcIADHOAABzjAAbaCfwODb+9PAHgAAA==
values:
image:
tag: v0.14.0-dev
Expand Down
3 changes: 3 additions & 0 deletions pkg/apis/config/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -49,4 +49,7 @@ type SeedBootstrap struct {
// OwnerNamespace is the name of the namespace owning the resources related
// to the seed bootstrap, as well as where the managed resources are deployed.
OwnerNamespace string
// Enabled determines whether any seed bootstrapping will occur.
// Existing lakom resources will be removed from the seed.
Enabled bool
}
3 changes: 3 additions & 0 deletions pkg/apis/config/v1alpha1/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -51,4 +51,7 @@ type SeedBootstrap struct {
// OwnerNamespace is the name of the namespace owning the resources related
// to the seed bootstrap, as well as where the managed resources are deployed.
OwnerNamespace string `json:"ownerNamespace"`
// Enabled determines whether any seed bootstrapping will occur.
// Existing lakom resources will be removed from the seed.
Enabled bool `json:"enabled"`
}
2 changes: 2 additions & 0 deletions pkg/apis/config/v1alpha1/zz_generated.conversion.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

13 changes: 9 additions & 4 deletions pkg/controller/seed/reconciler.go
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,15 @@ func (kcr *kubeSystemReconciler) reconcile(ctx context.Context, logger logr.Logg
const (
kubeSystemNamespaceName = metav1.NamespaceSystem
)
var (
ownerNamespace = kcr.serviceConfig.SeedBootstrap.OwnerNamespace
)

if !kcr.serviceConfig.SeedBootstrap.Enabled {
logger.Info("Deleting lakom admission controller from the seed cluster")
return managedresources.DeleteForSeed(ctx, kcr.client, ownerNamespace, constants.ManagedResourceNamesSeed)
}
logger.Info("Installing lakom admission controller to the seed cluster")

secretsConfig := ConfigsFor(kubeSystemNamespaceName)
secretsManager, err := secretsmanager.New(ctx, logger.WithName("seed-secretsmanager"), clock.RealClock{}, kcr.client, kubeSystemNamespaceName, ManagerIdentity, secretsmanager.Config{CASecretAutoRotation: true})
Expand Down Expand Up @@ -122,10 +131,6 @@ func (kcr *kubeSystemReconciler) reconcile(ctx context.Context, logger logr.Logg
return err
}

var (
ownerNamespace = kcr.serviceConfig.SeedBootstrap.OwnerNamespace
)

if err := managedresources.CreateForSeed(ctx, kcr.client, ownerNamespace, constants.ManagedResourceNamesSeed, false, resources); err != nil {
return err
}
Expand Down

0 comments on commit a83b159

Please sign in to comment.