Bazel CRD and RBAC role generation #543
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: randomvariable The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
k8s-ci-robot
added
the
size/L
randomvariable
force-pushed
the
bazel-crd-generation
branch
3 times, most recently
from
f149b7b to
9abb7ea
Compare
randomvariable
changed the title
build/install.bzl
Outdated
|
|
||
| def _install_impl(ctx): | ||
|
|
||
| cmd = "" |
There was a problem hiding this comment.
An alternative implementation to consider:
def _install_impl(ctx):
copy_format = "cp -f {} {}"
touch_format = "touch {}"
cmds = []
for s in ctx.attr.srcs:
files = s.files.to_list()
file = files[0].path
root_file = paths.relativize(file, "bazel-out/k8-fastbuild/genfiles/")
cmds.append(copy_format.format(file, root_file))
cmds.append(touch_format.append(ctx.outputs.record.path))
cmd = " && ".join(cmd)
...If you want to be really safe, the last line should be:
# Remove empty items from cmdList to avoid an erroneous " && && "
" && ".join(filter(None, cmdList))I'm also looking into how to make this work on a Darwin system. It's failing for me with this error:
salazar:cluster-api-provider-aws cha$ make crds
bazel build //config:config_install
WARNING: failed to raise resource limit 8 to 524288: Invalid argument
Starting local Bazel server and connecting to it...
INFO: Invocation ID: 456b2a2b-7895-4f8f-865b-45226a773acc
ERROR: /Users/cha/go/src/sigs.k8s.io/cluster-api-provider-aws/config/BUILD.bazel:17:1: in install rule //config:config_install:
Traceback (most recent call last):
File "/Users/cha/go/src/sigs.k8s.io/cluster-api-provider-aws/config/BUILD.bazel", line 17
install(name = 'config_install')
File "/Users/cha/go/src/sigs.k8s.io/cluster-api-provider-aws/build/install.bzl", line 28, in _install_impl
paths.relativize(file, "bazel-out/k8-fastbuild/genf...")
File "/private/var/tmp/_bazel_cha/b7ce3b297716e241b109da3b2c60846f/external/bazel_skylib/lib/paths.bzl", line 186, in paths.relativize
fail(("Path '%s' is not beneath '%s'"...)))
Path 'bazel-out/darwin-fastbuild/genfiles/config/rbac/rbac_role.yaml' is not beneath 'bazel-out/k8-fastbuild/genfiles/'
ERROR: Analysis of target '//config:config_install' failed; build aborted: Analysis of target '//config:config_install' failed; build aborted
INFO: Elapsed time: 13.016s
INFO: 0 processes.
FAILED: Build did NOT complete successfully (358 packages loaded, 9342 targets configured)
make: *** [crds] Error 1
There was a problem hiding this comment.
Thanks for checking this out, was interested how it'd behave on os x. Will dig deeper, or more likely, split it out into a separate PR
build/install.bzl
Outdated
| for s in ctx.attr.srcs: | ||
| files = s.files.to_list() | ||
| file = files[0].path | ||
| root_file = paths.relativize(file,"bazel-out/k8-fastbuild/genfiles/") |
There was a problem hiding this comment.
define a build_dir outside the for loop:
build_dir = "bazel-out/{}-{}/genfiles".format(ctx.var["TARGET_CPU"], ctx.var["COMPILATION_MODE"])and then this line can be
root_file = paths.relativize(file, build_dir)There was a problem hiding this comment.
lol or just ctx.var["GENDIR"] thx Bazel
| @@ -41,6 +41,11 @@ import ( | |||
| controllerError "sigs.k8s.io/cluster-api/pkg/controller/error" | |||
| ) | |||
|
|
|||
| //+kubebuilder:rbac:groups=awsprovider.k8s.io,resources=awsmachineproviderconfigs;awsmachineproviderstatuses,verbs=get;list;watch;create;update;patch;delete | |||
There was a problem hiding this comment.
Are these being added so that the rbac rules are a bit more restrictive?
|
Should this PR also clean up the Makefile and remove the crd generation from the |
Makefile
Outdated
| @@ -163,6 +163,10 @@ manifests: cmd/clusterctl/examples/aws/out/credentials ## Generate manifests for | |||
| manifests-dev: dep-ensure dep-install binaries-dev ## Builds development manifests | |||
| MANAGER_IMAGE=$(DEV_MANAGER_IMAGE) MANAGER_IMAGE_PULL_POLICY="Always" $(MAKE) manifests | |||
|
|
|||
| .PHONY: crds | |||
| crds: | |||
| bazel build //config:config_install | |||
| def _qualified_genfile(label): | ||
| return "$$GO_GENRULE_EXECROOT/$(location %s)" % label | ||
|
|
||
| def controller_gen(name, importpath, api, visibility, deps = []): |
There was a problem hiding this comment.
I would love to bring these upstream if that's even possible. We should also add some more comments around these functions and their objective.
There was a problem hiding this comment.
100% agree. Have added comments for now, then I'll PR to the controller-runtime repo after we know we're happy with it.
build/install.bzl
Outdated
| for s in ctx.attr.srcs: | ||
| files = s.files.to_list() | ||
| file = files[0].path | ||
| root_file = paths.relativize(file,"bazel-out/k8-fastbuild/genfiles/") |
randomvariable
force-pushed
the
bazel-crd-generation
branch
from
aebe53d to
c3b856f
Compare
* Add annotations to controllers as required * New controller_gen build rule for generating CRD and RBAC Signed-off-by: Naadir Jeewa <[email protected]>
randomvariable
force-pushed
the
bazel-crd-generation
branch
from
c3b856f to
5e2dbe5
Compare
|
Alright, taken out the install.bzl magic until I understand the sandboxing across Linux and OS X better. |
|
@randomvariable Huh, which part do you want to understand more? It looked pretty good to me with that one fix for darwin architecture. Also should this PR also clean up the Makefile and remove the crd generation from the |
Signed-off-by: Naadir Jeewa <[email protected]>
|
@chuckha Was short on time this week, so just want to do it as a separate PR now. Have cleaned up the Makefile - deleted the CRD gen from |
|
whoops. was cleaning up dead branches in my fork... |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
What this PR does / why we need it:
Moves CRD and RBAC yaml generation directly into Bazel.
Our current set of RBAC were not automatically generated as intended from Kubebuilder.
The annotations have been put into the actuators to make this happen.
Eventually, this should move to Cluster API and/or Kubebuilder.
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Extracted from #371
Special notes for your reviewer:
Please confirm that if this PR changes any image versions, then that's the sole change this PR makes.
Release note: