From 0a418a54301f8c7a785cb186afebc42fada39cb4 Mon Sep 17 00:00:00 2001 From: liz Date: Wed, 10 Jul 2019 12:16:41 -0400 Subject: [PATCH] Struct-ize some YAML --- objects/all.go | 14 +++++ objects/control_plane.go | 113 +++++++++++++++++++++++++++++++++++++++ objects/rbac.go | 92 +++++++++++++++++++++++++++++++ 3 files changed, 219 insertions(+) create mode 100644 objects/all.go create mode 100644 objects/control_plane.go create mode 100644 objects/rbac.go diff --git a/objects/all.go b/objects/all.go new file mode 100644 index 0000000..be83e6e --- /dev/null +++ b/objects/all.go @@ -0,0 +1,14 @@ +package objects + +import "k8s.io/apimachinery/pkg/runtime" + +func GetAll(capdImage string) []runtime.Object { + statefulSet := GetStatefulSet(capdImage) + + return []runtime.Object{ + &Namespace, + &statefulSet, + &ClusterRole, + &ClusterRoleBinding, + } +} diff --git a/objects/control_plane.go b/objects/control_plane.go new file mode 100644 index 0000000..a76eed4 --- /dev/null +++ b/objects/control_plane.go @@ -0,0 +1,113 @@ +package objects + +import ( + apps "k8s.io/api/apps/v1" + core "k8s.io/api/core/v1" + meta "k8s.io/apimachinery/pkg/apis/meta/v1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/kubernetes/cmd/kubeadm/app/constants" +) + +const namespace = "docker-provider-system" + +var Namespace = core.Namespace{ + ObjectMeta: meta.ObjectMeta{ + Labels: map[string]string{"controller-tools.k8s.io": "1.0"}, + Name: namespace, + }, +} + +var ( + controlPlaneLabel = map[string]string{"control-plane": "controller-manager"} + hostPathSocket = core.HostPathSocket + hostPathDirectory = core.HostPathDirectory +) + +const ( + dockerSockVolumeName = "dockersock" + dockerSockPath = "/var/run/docker.sock" + dockerLibVolumeName = "dockerlib" + dockerLibPath = "/var/lib/docker" +) + +func GetStatefulSet(image string) apps.StatefulSet { + return apps.StatefulSet{ + ObjectMeta: meta.ObjectMeta{ + Labels: controlPlaneLabel, + Name: "docker-provider-controller-manager", + Namespace: namespace, + }, + Spec: apps.StatefulSetSpec{ + Selector: &v1.LabelSelector{ + MatchLabels: controlPlaneLabel, + }, + ServiceName: "docker-provider-controller-manager-service", + Template: core.PodTemplateSpec{ + ObjectMeta: meta.ObjectMeta{ + Labels: controlPlaneLabel, + }, + Spec: core.PodSpec{ + Containers: []core.Container{ + { + Name: "capd-manager", + Image: image, + Command: []string{ + "capd-manager", + }, + VolumeMounts: []core.VolumeMount{ + { + MountPath: dockerSockPath, + Name: dockerSockVolumeName, + }, + { + MountPath: dockerLibPath, + Name: dockerLibVolumeName, + }, + }, + }, + }, + Volumes: []core.Volume{ + { + Name: dockerSockVolumeName, + VolumeSource: core.VolumeSource{ + HostPath: &core.HostPathVolumeSource{ + Path: dockerSockPath, + Type: &hostPathSocket, + }, + }, + }, + { + Name: dockerLibVolumeName, + VolumeSource: core.VolumeSource{ + HostPath: &core.HostPathVolumeSource{ + Path: dockerLibPath, + Type: &hostPathDirectory, + }, + }, + }, + }, + Tolerations: []core.Toleration{ + { + Key: constants.LabelNodeRoleMaster, + Effect: core.TaintEffectNoExecute, + }, + { + Key: "CriticalAddonsOnly", + Operator: core.TolerationOpExists, + }, + { + Key: "node.alpha.kubernetes.io/notReady", + Operator: core.TolerationOpExists, + Effect: core.TaintEffectNoExecute, + }, + { + Key: "node.alpha.kubernetes.io/unreachable", + Operator: core.TolerationOpExists, + Effect: core.TaintEffectNoExecute, + }, + }, + }, + }, + }, + } +} diff --git a/objects/rbac.go b/objects/rbac.go new file mode 100644 index 0000000..b3f55e2 --- /dev/null +++ b/objects/rbac.go @@ -0,0 +1,92 @@ +package objects + +import ( + core "k8s.io/api/core/v1" + rbac "k8s.io/api/rbac/v1" + meta "k8s.io/apimachinery/pkg/apis/meta/v1" + capi "sigs.k8s.io/cluster-api/pkg/apis/cluster/v1alpha1" +) + +var ClusterRole = rbac.ClusterRole{ + ObjectMeta: meta.ObjectMeta{ + Name: "docker-provider-manager-role", + }, + Rules: []rbac.PolicyRule{ + { + APIGroups: []string{ + capi.SchemeGroupVersion.Group, + }, + Resources: []string{ + "clusters", + "clusters/status", + }, + Verbs: []string{ + "get", + "list", + "watch", + "create", + "update", + "patch", + "delete", + }, + }, + { + APIGroups: []string{ + capi.SchemeGroupVersion.Group, + }, + Resources: []string{ + "machines", + "machines/status", + "machinedeployments", + "machinedeployments/status", + "machinesets", + "machinesets/status", + "machineclasses", + }, + Verbs: []string{ + "get", + "list", + "watch", + "create", + "update", + "patch", + "delete", + }, + }, + { + APIGroups: []string{ + core.GroupName, + }, + Resources: []string{ + "nodes", + "events", + "secrets", + }, + Verbs: []string{ + "get", + "list", + "watch", + "create", + "update", + "patch", + "delete", + }, + }, + }, +} + +var ClusterRoleBinding = rbac.ClusterRoleBinding{ + ObjectMeta: meta.ObjectMeta{ + Name: "docker-provider-manager-rolebinding", + }, + RoleRef: rbac.RoleRef{ + Kind: "ClusterRole", + Name: ClusterRole.ObjectMeta.Name, + APIGroup: rbac.GroupName, + }, + Subjects: []rbac.Subject{{ + Kind: rbac.ServiceAccountKind, + Name: "default", + Namespace: namespace, + }}, +}