From 97e7f9249fe0777ae9dd9ba812dbba1640abceb6 Mon Sep 17 00:00:00 2001 From: Jon Huhn Date: Fri, 14 Apr 2023 14:37:08 -0500 Subject: [PATCH] add ASO install --- Makefile | 12 ++--- config/aso/credentials.yaml | 10 ++++ config/aso/kustomization.yaml | 53 +++++++++++++++++++ .../aad-pod-identity-deployment.yaml | 0 config/{default => capz}/credentials.yaml | 0 config/capz/kustomization.yaml | 53 +++++++++++++++++++ config/{default => capz}/kustomizeconfig.yaml | 0 .../manager_credentials_patch.yaml | 0 .../manager_image_patch.yaml | 0 .../manager_prometheus_metrics_patch.yaml | 0 .../manager_pull_policy.yaml | 0 .../manager_webhook_patch.yaml | 0 config/{default => capz}/namespace.yaml | 0 .../webhookcainjection_patch.yaml | 0 config/default/kustomization.yaml | 53 +------------------ 15 files changed, 123 insertions(+), 58 deletions(-) create mode 100644 config/aso/credentials.yaml create mode 100644 config/aso/kustomization.yaml rename config/{default => capz}/aad-pod-identity-deployment.yaml (100%) rename config/{default => capz}/credentials.yaml (100%) create mode 100644 config/capz/kustomization.yaml rename config/{default => capz}/kustomizeconfig.yaml (100%) rename config/{default => capz}/manager_credentials_patch.yaml (100%) rename config/{default => capz}/manager_image_patch.yaml (100%) rename config/{default => capz}/manager_prometheus_metrics_patch.yaml (100%) rename config/{default => capz}/manager_pull_policy.yaml (100%) rename config/{default => capz}/manager_webhook_patch.yaml (100%) rename config/{default => capz}/namespace.yaml (100%) rename config/{default => capz}/webhookcainjection_patch.yaml (100%) diff --git a/Makefile b/Makefile index 47c399d706c..2ce07f6edcc 100644 --- a/Makefile +++ b/Makefile @@ -374,8 +374,8 @@ docker-pull-prerequisites: ## Pull prerequisites for building controller-manager .PHONY: docker-build docker-build: docker-pull-prerequisites ## Build the docker image for controller-manager. DOCKER_BUILDKIT=1 docker build --build-arg goproxy=$(GOPROXY) --build-arg ARCH=$(ARCH) --build-arg ldflags="$(LDFLAGS)" . -t $(CONTROLLER_IMG)-$(ARCH):$(TAG) - $(MAKE) set-manifest-image MANIFEST_IMG=$(CONTROLLER_IMG)-$(ARCH) MANIFEST_TAG=$(TAG) TARGET_RESOURCE="./config/default/manager_image_patch.yaml" - $(MAKE) set-manifest-pull-policy TARGET_RESOURCE="./config/default/manager_pull_policy.yaml" + $(MAKE) set-manifest-image MANIFEST_IMG=$(CONTROLLER_IMG)-$(ARCH) MANIFEST_TAG=$(TAG) TARGET_RESOURCE="./config/capz/manager_image_patch.yaml" + $(MAKE) set-manifest-pull-policy TARGET_RESOURCE="./config/capz/manager_pull_policy.yaml" .PHONY: docker-push docker-push: ## Push the docker image @@ -412,12 +412,12 @@ docker-push-manifest: ## Push the fat manifest docker image. .PHONY: set-manifest-image set-manifest-image: ## Update kustomize image patch file for default resource. $(info Updating kustomize image patch file for default resource) - sed -i'' -e 's@image: .*@image: '"${MANIFEST_IMG}:$(MANIFEST_TAG)"'@' ./config/default/manager_image_patch.yaml + sed -i'' -e 's@image: .*@image: '"${MANIFEST_IMG}:$(MANIFEST_TAG)"'@' ./config/capz/manager_image_patch.yaml .PHONY: set-manifest-pull-policy set-manifest-pull-policy: ## Update kustomize pull policy file for default resource. $(info Updating kustomize pull policy file for default resource) - sed -i'' -e 's@imagePullPolicy: .*@imagePullPolicy: '"$(PULL_POLICY)"'@' ./config/default/manager_pull_policy.yaml + sed -i'' -e 's@imagePullPolicy: .*@imagePullPolicy: '"$(PULL_POLICY)"'@' ./config/capz/manager_pull_policy.yaml ## -------------------------------------- ## Generate @@ -686,8 +686,8 @@ test-e2e-skip-push: ## Run "docker-build" rule then run e2e tests. .PHONY: test-e2e-skip-build-and-push test-e2e-skip-build-and-push: - $(MAKE) set-manifest-image MANIFEST_IMG=$(CONTROLLER_IMG)-$(ARCH) MANIFEST_TAG=$(TAG) TARGET_RESOURCE="./config/default/manager_image_patch.yaml" - $(MAKE) set-manifest-pull-policy TARGET_RESOURCE="./config/default/manager_pull_policy.yaml" PULL_POLICY=IfNotPresent + $(MAKE) set-manifest-image MANIFEST_IMG=$(CONTROLLER_IMG)-$(ARCH) MANIFEST_TAG=$(TAG) TARGET_RESOURCE="./config/capz/manager_image_patch.yaml" + $(MAKE) set-manifest-pull-policy TARGET_RESOURCE="./config/capz/manager_pull_policy.yaml" PULL_POLICY=IfNotPresent MANAGER_IMAGE=$(CONTROLLER_IMG)-$(ARCH):$(TAG) \ $(MAKE) test-e2e-run diff --git a/config/aso/credentials.yaml b/config/aso/credentials.yaml new file mode 100644 index 00000000000..6476ac11352 --- /dev/null +++ b/config/aso/credentials.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: Secret +metadata: + name: aso-controller-settings +type: Opaque +data: + AZURE_SUBSCRIPTION_ID: ${AZURE_SUBSCRIPTION_ID_B64:=""} + AZURE_TENANT_ID: ${AZURE_TENANT_ID_B64:=""} + AZURE_CLIENT_ID: ${AZURE_CLIENT_ID_B64:=""} + AZURE_CLIENT_SECRET: ${AZURE_CLIENT_SECRET_B64:=""} diff --git a/config/aso/kustomization.yaml b/config/aso/kustomization.yaml new file mode 100644 index 00000000000..ec9a10feb17 --- /dev/null +++ b/config/aso/kustomization.yaml @@ -0,0 +1,53 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component +namespace: capz-system +resources: +- https://github.com/Azure/azure-service-operator/releases/download/v2.0.0/azureserviceoperator_v2.0.0.yaml +- https://github.com/Azure/azure-service-operator/releases/download/v2.0.0/azureserviceoperator_customresourcedefinitions_v2.0.0.yaml +- credentials.yaml + +patches: + - patch: |- # default kustomization includes a namespace already + $patch: delete + apiVersion: v1 + kind: Namespace + metadata: + name: capz-system + - patch: |- # CAPZ will manage ASO's CRDs + - op: test + path: /spec/template/spec/containers/0/args/4 + value: --crd-pattern=* + - op: remove + path: /spec/template/spec/containers/0/args/4 + target: + group: apps + version: v1 + kind: Deployment + name: azureserviceoperator-controller-manager + +replacements: + - source: + kind: Certificate + group: cert-manager.io + version: v1 + name: azureserviceoperator-serving-cert + fieldPath: metadata.namespace + targets: + - select: + version: v1 + fieldPaths: + - metadata.annotations.cert-manager\.io/inject-ca-from + options: + delimiter: / + index: 0 + - select: + group: cert-manager.io + version: v1 + kind: Certificate + name: azureserviceoperator-serving-cert + fieldPaths: + - spec.dnsNames.0 + - spec.dnsNames.1 + options: + delimiter: . + index: 1 diff --git a/config/default/aad-pod-identity-deployment.yaml b/config/capz/aad-pod-identity-deployment.yaml similarity index 100% rename from config/default/aad-pod-identity-deployment.yaml rename to config/capz/aad-pod-identity-deployment.yaml diff --git a/config/default/credentials.yaml b/config/capz/credentials.yaml similarity index 100% rename from config/default/credentials.yaml rename to config/capz/credentials.yaml diff --git a/config/capz/kustomization.yaml b/config/capz/kustomization.yaml new file mode 100644 index 00000000000..e73000cc2fc --- /dev/null +++ b/config/capz/kustomization.yaml @@ -0,0 +1,53 @@ +namespace: capz-system + +namePrefix: capz- + +resources: + - namespace.yaml + - credentials.yaml + - aad-pod-identity-deployment.yaml + +bases: + - ../crd + - ../rbac + - ../manager + - ../webhook + - ../certmanager + +patchesStrategicMerge: + - manager_image_patch.yaml + - manager_pull_policy.yaml + - manager_credentials_patch.yaml + - manager_webhook_patch.yaml + - webhookcainjection_patch.yaml + +vars: + - name: CERTIFICATE_NAMESPACE # namespace of the certificate CR + objref: + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldref: + fieldpath: metadata.namespace + - name: CERTIFICATE_NAME + objref: + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + - name: SERVICE_NAMESPACE # namespace of the service + objref: + kind: Service + version: v1 + name: webhook-service + fieldref: + fieldpath: metadata.namespace + - name: SERVICE_NAME + objref: + kind: Service + version: v1 + name: webhook-service + +configurations: + - kustomizeconfig.yaml diff --git a/config/default/kustomizeconfig.yaml b/config/capz/kustomizeconfig.yaml similarity index 100% rename from config/default/kustomizeconfig.yaml rename to config/capz/kustomizeconfig.yaml diff --git a/config/default/manager_credentials_patch.yaml b/config/capz/manager_credentials_patch.yaml similarity index 100% rename from config/default/manager_credentials_patch.yaml rename to config/capz/manager_credentials_patch.yaml diff --git a/config/default/manager_image_patch.yaml b/config/capz/manager_image_patch.yaml similarity index 100% rename from config/default/manager_image_patch.yaml rename to config/capz/manager_image_patch.yaml diff --git a/config/default/manager_prometheus_metrics_patch.yaml b/config/capz/manager_prometheus_metrics_patch.yaml similarity index 100% rename from config/default/manager_prometheus_metrics_patch.yaml rename to config/capz/manager_prometheus_metrics_patch.yaml diff --git a/config/default/manager_pull_policy.yaml b/config/capz/manager_pull_policy.yaml similarity index 100% rename from config/default/manager_pull_policy.yaml rename to config/capz/manager_pull_policy.yaml diff --git a/config/default/manager_webhook_patch.yaml b/config/capz/manager_webhook_patch.yaml similarity index 100% rename from config/default/manager_webhook_patch.yaml rename to config/capz/manager_webhook_patch.yaml diff --git a/config/default/namespace.yaml b/config/capz/namespace.yaml similarity index 100% rename from config/default/namespace.yaml rename to config/capz/namespace.yaml diff --git a/config/default/webhookcainjection_patch.yaml b/config/capz/webhookcainjection_patch.yaml similarity index 100% rename from config/default/webhookcainjection_patch.yaml rename to config/capz/webhookcainjection_patch.yaml diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index e5e7199c267..e162d40ca67 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -1,57 +1,6 @@ -namespace: capz-system - -namePrefix: capz- - # Labels to add to all resources and selectors. commonLabels: cluster.x-k8s.io/provider: "infrastructure-azure" resources: - - namespace.yaml - - credentials.yaml - - aad-pod-identity-deployment.yaml - -bases: - - ../crd - - ../rbac - - ../manager - - ../webhook - - ../certmanager - -patchesStrategicMerge: - - manager_image_patch.yaml - - manager_pull_policy.yaml - - manager_credentials_patch.yaml - - manager_webhook_patch.yaml - - webhookcainjection_patch.yaml - -vars: - - name: CERTIFICATE_NAMESPACE # namespace of the certificate CR - objref: - kind: Certificate - group: cert-manager.io - version: v1 - name: serving-cert # this name should match the one in certificate.yaml - fieldref: - fieldpath: metadata.namespace - - name: CERTIFICATE_NAME - objref: - kind: Certificate - group: cert-manager.io - version: v1 - name: serving-cert # this name should match the one in certificate.yaml - - name: SERVICE_NAMESPACE # namespace of the service - objref: - kind: Service - version: v1 - name: webhook-service - fieldref: - fieldpath: metadata.namespace - - name: SERVICE_NAME - objref: - kind: Service - version: v1 - name: webhook-service - -configurations: - - kustomizeconfig.yaml + - ../capz