Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🌱 Enable Webhooks and CertManager for CAPI operator #4132

Closed
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
34 commits
Select commit Hold shift + click to select a range
6ea2b4e
Initial scaffolding for operator
Jan 25, 2021
0e87483
Create API scaffolding for CoreProvider
Jan 25, 2021
533fb43
Create API scaffolding for BootstrapProvider
Jan 25, 2021
26d6e8f
Create API scaffolding for ControlPlaneProvider
Jan 25, 2021
7c7ffbe
Create API scaffolding for InfrastructureProvider
Jan 25, 2021
425d657
Add placeholders for ProviderSpec and ProviderStatus
Jan 25, 2021
94f2983
Fix boilerplate on files
Jan 28, 2021
ea60a2d
Add make operator cmd
Jan 26, 2021
c602e25
Add make generate-go-operator command
Jan 26, 2021
aa737db
Add make generate-operator-manifests command
Jan 26, 2021
68a8bac
Add make docker-build-operator command
Jan 26, 2021
a00a565
Add make docker-push-operator-manifest command
Jan 26, 2021
ab864d2
Update make release command to include operator resources
Jan 26, 2021
b1b717d
Update make release-manifests to include operator manifests
Jan 26, 2021
f579de4
Fix image patch and pull policy
Jan 26, 2021
898ffc0
Remove unused Dockerfile, Makefile, and .gitignore
Jan 26, 2021
dcd219a
Updates from PR review feedback
Jan 27, 2021
69f6d63
Use klogr intead of zap
Jan 27, 2021
cafd42a
Fix flag names
Jan 27, 2021
fc66a3b
Update suite_test to use vanilla go test pattern
Jan 28, 2021
328c27d
Use logger from context
Jan 28, 2021
ff18602
Temporarily remove maligned linting error
Jan 28, 2021
bb76b00
Rebased and fix version pkg path
Jan 29, 2021
7d9e4bc
Fix flags in manager_auth_proxy_patch
Jan 29, 2021
8c83fac
Add leases to leader_election_role
Jan 29, 2021
ca50f42
Add webhook scaffolding for CoreProvider
Jan 28, 2021
8a4a64e
Add webhook scaffolding for BootstrapProvider
Jan 28, 2021
a0f3a0a
Add webhook scaffolding for ControlPlaneProvider
Jan 28, 2021
fde335d
Add webhook scaffolding for InfrastructureProvider
Jan 28, 2021
e3fdfc5
Enable webhook handlers for the providers
Jan 28, 2021
3a83927
Enable cert-manager for operator
Jan 28, 2021
e2c40e2
Fix boilerplate for webhook files
Jan 29, 2021
a6d13af
Refactor main.go to be consistent with other controller mains
Jan 29, 2021
da91042
Set webhook port to 9443
Jan 29, 2021
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
52 changes: 52 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,10 @@ KUBEADM_BOOTSTRAP_CONTROLLER_IMG ?= $(REGISTRY)/$(KUBEADM_BOOTSTRAP_IMAGE_NAME)
KUBEADM_CONTROL_PLANE_IMAGE_NAME ?= kubeadm-control-plane-controller
KUBEADM_CONTROL_PLANE_CONTROLLER_IMG ?= $(REGISTRY)/$(KUBEADM_CONTROL_PLANE_IMAGE_NAME)

# operator
OPERATOR_IMAGE_NAME ?= operator-controller
OPERATOR_CONTROLLER_IMG ?= $(REGISTRY)/$(OPERATOR_IMAGE_NAME)

TAG ?= dev
ARCH ?= amd64
ALL_ARCH = amd64 arm arm64 ppc64le s390x
Expand Down Expand Up @@ -134,6 +138,10 @@ test-e2e: ## Run the e2e tests
## Binaries
## --------------------------------------

.PHONY: operator
operator: ## Build operator binary
go build -ldflags "$(LDFLAGS)" -o $(BIN_DIR)/operator sigs.k8s.io/cluster-api/operator

.PHONY: manager-core
manager-core: ## Build core manager binary
go build -ldflags "$(LDFLAGS)" -o $(BIN_DIR)/manager sigs.k8s.io/cluster-api
Expand Down Expand Up @@ -222,6 +230,7 @@ generate-go: $(GOBINDATA) ## Runs Go related generate targets
$(MAKE) generate-go-core
$(MAKE) generate-go-kubeadm-bootstrap
$(MAKE) generate-go-kubeadm-control-plane
$(MAKE) generate-go-operator

.PHONY: generate-go-core
generate-go-core: $(CONTROLLER_GEN) $(CONVERSION_GEN)
Expand Down Expand Up @@ -267,6 +276,12 @@ generate-go-kubeadm-control-plane: $(CONTROLLER_GEN) $(CONVERSION_GEN) ## Runs G
--output-file-base=zz_generated.conversion \
--go-header-file=./hack/boilerplate/boilerplate.generatego.txt

.PHONY: generate-go-operator
generate-go-operator: $(CONTROLLER_GEN) ## Runs Go related generate targets for the operator
$(CONTROLLER_GEN) \
object:headerFile=./hack/boilerplate/boilerplate.generatego.txt \
paths=./operator/api/...

.PHONY: generate-bindata
generate-bindata: $(KUSTOMIZE) $(GOBINDATA) clean-bindata $(CLOUDINIT_GENERATED) ## Generate code for embedding the clusterctl api manifest
# Package manifest YAML into a single file.
Expand All @@ -289,6 +304,7 @@ generate-manifests: ## Generate manifests e.g. CRD, RBAC etc.
$(MAKE) generate-core-manifests
$(MAKE) generate-kubeadm-bootstrap-manifests
$(MAKE) generate-kubeadm-control-plane-manifests
$(MAKE) generate-operator-manifests

.PHONY: generate-core-manifests
generate-core-manifests: $(CONTROLLER_GEN) ## Generate manifests for the core provider e.g. CRD, RBAC etc.
Expand Down Expand Up @@ -336,6 +352,18 @@ generate-kubeadm-control-plane-manifests: $(CONTROLLER_GEN) ## Generate manifest
output:webhook:dir=./controlplane/kubeadm/config/webhook \
webhook

.PHONY: generate-operator-manifests
generate-operator-manifests: $(CONTROLLER_GEN) ## Generate manifests for the operator e.g. CRD, RBAC etc.
$(CONTROLLER_GEN) \
paths=./operator/api/... \
paths=./operator/controllers/... \
crd:crdVersions=v1 \
rbac:roleName=manager-role \
output:crd:dir=./operator/config/crd/bases \
output:rbac:dir=./operator/config/rbac \
output:webhook:dir=./operator/config/webhook \
webhook

.PHONY: modules
modules: ## Runs go mod to ensure modules are up to date.
go mod tidy
Expand All @@ -357,6 +385,7 @@ docker-build: docker-pull-prerequisites ## Build the docker images for controlle
$(MAKE) ARCH=$(ARCH) docker-build-core
$(MAKE) ARCH=$(ARCH) docker-build-kubeadm-bootstrap
$(MAKE) ARCH=$(ARCH) docker-build-kubeadm-control-plane
$(MAKE) ARCH=$(ARCH) docker-build-operator

.PHONY: docker-build-core
docker-build-core: ## Build the docker image for core controller manager
Expand All @@ -376,6 +405,12 @@ docker-build-kubeadm-control-plane: ## Build the docker image for kubeadm contro
$(MAKE) set-manifest-image MANIFEST_IMG=$(KUBEADM_CONTROL_PLANE_CONTROLLER_IMG)-$(ARCH) MANIFEST_TAG=$(TAG) TARGET_RESOURCE="./controlplane/kubeadm/config/manager/manager_image_patch.yaml"
$(MAKE) set-manifest-pull-policy TARGET_RESOURCE="./controlplane/kubeadm/config/manager/manager_pull_policy.yaml"

.PHONY: docker-build-operator
docker-build-operator: ## Build the docker image for management cluster operator
DOCKER_BUILDKIT=1 docker build --build-arg goproxy=$(GOPROXY) --build-arg ARCH=$(ARCH) --build-arg package=./operator --build-arg ldflags="$(LDFLAGS)" . -t $(OPERATOR_CONTROLLER_IMG)-$(ARCH):$(TAG)
$(MAKE) set-manifest-image MANIFEST_IMG=$(OPERATOR_CONTROLLER_IMG)-$(ARCH) MANIFEST_TAG=$(TAG) TARGET_RESOURCE="./operator/config/default/manager_image_patch.yaml"
$(MAKE) set-manifest-pull-policy TARGET_RESOURCE="./operator/config/default/manager_pull_policy.yaml"

.PHONY: docker-push
docker-push: ## Push the docker images
docker push $(CONTROLLER_IMG)-$(ARCH):$(TAG)
Expand All @@ -397,6 +432,7 @@ docker-push-all: $(addprefix docker-push-,$(ALL_ARCH))
$(MAKE) docker-push-core-manifest
$(MAKE) docker-push-kubeadm-bootstrap-manifest
$(MAKE) docker-push-kubeadm-control-plane-manifest
$(MAKE) docker-push-operator-manifest

docker-push-%:
$(MAKE) ARCH=$* docker-push
Expand Down Expand Up @@ -428,6 +464,15 @@ docker-push-kubeadm-control-plane-manifest: ## Push the fat manifest docker imag
$(MAKE) set-manifest-image MANIFEST_IMG=$(KUBEADM_CONTROL_PLANE_CONTROLLER_IMG) MANIFEST_TAG=$(TAG) TARGET_RESOURCE="./controlplane/kubeadm/config/manager/manager_image_patch.yaml"
$(MAKE) set-manifest-pull-policy TARGET_RESOURCE="./controlplane/kubeadm/config/manager/manager_pull_policy.yaml"

.PHONY: docker-push-operator-manifest
docker-push-operator-manifest: ## Push the fat manifest docker image for the operator image.
## Minimum docker version 18.06.0 is required for creating and pushing manifest images.
docker manifest create --amend $(OPERATOR_CONTROLLER_IMG):$(TAG) $(shell echo $(ALL_ARCH) | sed -e "s~[^ ]*~$(OPERATOR_CONTROLLER_IMG)\-&:$(TAG)~g")
@for arch in $(ALL_ARCH); do docker manifest annotate --arch $${arch} ${OPERATOR_CONTROLLER_IMG}:${TAG} ${OPERATOR_CONTROLLER_IMG}-$${arch}:${TAG}; done
docker manifest push --purge $(OPERATOR_CONTROLLER_IMG):$(TAG)
$(MAKE) set-manifest-image MANIFEST_IMG=$(OPERATOR_CONTROLLER_IMG) MANIFEST_TAG=$(TAG) TARGET_RESOURCE="./operator/config/default/manager_image_patch.yaml"
$(MAKE) set-manifest-pull-policy TARGET_RESOURCE="./operator/config/default/manager_pull_policy.yaml"

.PHONY: set-manifest-pull-policy
set-manifest-pull-policy:
$(info Updating kustomize pull policy file for manager resources)
Expand Down Expand Up @@ -467,9 +512,14 @@ release: clean-release ## Builds and push container images using the latest git
$(MAKE) set-manifest-image \
MANIFEST_IMG=$(PROD_REGISTRY)/$(KUBEADM_CONTROL_PLANE_IMAGE_NAME) MANIFEST_TAG=$(RELEASE_TAG) \
TARGET_RESOURCE="./controlplane/kubeadm/config/manager/manager_image_patch.yaml"
# Set the operator image to the production bucket.
$(MAKE) set-manifest-image \
MANIFEST_IMG=$(PROD_REGISTRY)/$(OPERATOR_IMAGE_NAME) MANIFEST_TAG=$(RELEASE_TAG) \
TARGET_RESOURCE="./operator/config/default/manager_image_patch.yaml"
$(MAKE) set-manifest-pull-policy PULL_POLICY=IfNotPresent TARGET_RESOURCE="./config/manager/manager_pull_policy.yaml"
$(MAKE) set-manifest-pull-policy PULL_POLICY=IfNotPresent TARGET_RESOURCE="./bootstrap/kubeadm/config/manager/manager_pull_policy.yaml"
$(MAKE) set-manifest-pull-policy PULL_POLICY=IfNotPresent TARGET_RESOURCE="./controlplane/kubeadm/config/manager/manager_pull_policy.yaml"
$(MAKE) set-manifest-pull-policy PULL_POLICY=IfNotPresent TARGET_RESOURCE="./operator/config/default/manager_pull_policy.yaml"
## Build the manifests
$(MAKE) release-manifests clean-release-git
## Build the development manifests
Expand All @@ -483,6 +533,8 @@ release-manifests: $(RELEASE_DIR) $(KUSTOMIZE) ## Builds the manifests to publis
$(KUSTOMIZE) build bootstrap/kubeadm/config > $(RELEASE_DIR)/bootstrap-components.yaml
# Build control-plane-components.
$(KUSTOMIZE) build controlplane/kubeadm/config > $(RELEASE_DIR)/control-plane-components.yaml
# Build operator components.
$(KUSTOMIZE) build operator/config/default > $(RELEASE_DIR)/operator-components.yaml

## Build cluster-api-components (aggregate of all of the above).
cat $(RELEASE_DIR)/core-components.yaml > $(RELEASE_DIR)/cluster-api-components.yaml
Expand Down
16 changes: 16 additions & 0 deletions operator/PROJECT
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
domain: cluster.x-k8s.io
repo: sigs.k8s.io/cluster-api
resources:
- group: operator
kind: CoreProvider
version: v1alpha4
- group: operator
kind: BootstrapProvider
version: v1alpha4
- group: operator
kind: ControlPlaneProvider
version: v1alpha4
- group: operator
kind: InfrastructureProvider
version: v1alpha4
version: "2"
57 changes: 57 additions & 0 deletions operator/api/v1alpha4/bootstrapprovider_types.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
/*
Copyright 2021 The Kubernetes Authors.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package v1alpha4

import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

// BootstrapProviderSpec defines the desired state of BootstrapProvider
type BootstrapProviderSpec struct {
ProviderSpec `json:",inline"`
}

// BootstrapProviderStatus defines the observed state of BootstrapProvider
type BootstrapProviderStatus struct {
ProviderStatus `json:",inline"`
}

// +kubebuilder:object:root=true
// +kubebuilder:resource:path=bootstrapproviders,scope=Namespaced,categories=providers
// +kubebuilder:storageversion

// BootstrapProvider is the Schema for the bootstrapproviders API
type BootstrapProvider struct { //nolint:maligned
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`

Spec BootstrapProviderSpec `json:"spec,omitempty"`
Status BootstrapProviderStatus `json:"status,omitempty"`
}

// +kubebuilder:object:root=true

// BootstrapProviderList contains a list of BootstrapProvider
type BootstrapProviderList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []BootstrapProvider `json:"items"`
}

func init() {
SchemeBuilder.Register(&BootstrapProvider{}, &BootstrapProviderList{})
}
71 changes: 71 additions & 0 deletions operator/api/v1alpha4/bootstrapprovider_webhook.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
/*
Copyright 2021 The Kubernetes Authors.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package v1alpha4

import (
"k8s.io/apimachinery/pkg/runtime"
ctrl "sigs.k8s.io/controller-runtime"
logf "sigs.k8s.io/controller-runtime/pkg/log"
"sigs.k8s.io/controller-runtime/pkg/webhook"
)

// log is for logging in this package.
var bootstrapproviderlog = logf.Log.WithName("bootstrapprovider-resource")

func (r *BootstrapProvider) SetupWebhookWithManager(mgr ctrl.Manager) error {
return ctrl.NewWebhookManagedBy(mgr).
For(r).
Complete()
}

// +kubebuilder:webhook:verbs=create;update,path=/mutate-operator-cluster-x-k8s-io-v1alpha4-bootstrapprovider,mutating=true,failurePolicy=fail,matchPolicy=Equivalent,groups=operator.cluster.x-k8s.io,resources=bootstrapproviders,versions=v1alpha4,name=default.bootstrapprovider.operator.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1beta1
// +kubebuilder:webhook:verbs=create;update,path=/validate-operator-cluster-x-k8s-io-v1alpha4-bootstrapprovider,mutating=false,failurePolicy=fail,matchPolicy=Equivalent,groups=operator.cluster.x-k8s.io,resources=bootstrapproviders,versions=v1alpha4,name=validation.bootstrapprovider.operator.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1beta1

var _ webhook.Defaulter = &BootstrapProvider{}

// Default implements webhook.Defaulter so a webhook will be registered for the type
func (r *BootstrapProvider) Default() {
bootstrapproviderlog.Info("default", "name", r.Name)

// TODO(user): fill in your defaulting logic.
}

var _ webhook.Validator = &BootstrapProvider{}

// ValidateCreate implements webhook.Validator so a webhook will be registered for the type
func (r *BootstrapProvider) ValidateCreate() error {
bootstrapproviderlog.Info("validate create", "name", r.Name)

// TODO(user): fill in your validation logic upon object creation.
return nil
}

// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
func (r *BootstrapProvider) ValidateUpdate(old runtime.Object) error {
bootstrapproviderlog.Info("validate update", "name", r.Name)

// TODO(user): fill in your validation logic upon object update.
return nil
}

// ValidateDelete implements webhook.Validator so a webhook will be registered for the type
func (r *BootstrapProvider) ValidateDelete() error {
bootstrapproviderlog.Info("validate delete", "name", r.Name)

// TODO(user): fill in your validation logic upon object deletion.
return nil
}
57 changes: 57 additions & 0 deletions operator/api/v1alpha4/controlplaneprovider_types.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
/*
Copyright 2021 The Kubernetes Authors.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package v1alpha4

import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

// ControlPlaneProviderSpec defines the desired state of ControlPlaneProvider
type ControlPlaneProviderSpec struct {
ProviderSpec `json:",inline"`
}

// ControlPlaneProviderStatus defines the observed state of ControlPlaneProvider
type ControlPlaneProviderStatus struct {
ProviderStatus `json:",inline"`
}

// +kubebuilder:object:root=true
// +kubebuilder:resource:path=controlplaneproviders,scope=Namespaced,categories=providers
// +kubebuilder:storageversion

// ControlPlaneProvider is the Schema for the controlplaneproviders API
type ControlPlaneProvider struct { //nolint:maligned
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`

Spec ControlPlaneProviderSpec `json:"spec,omitempty"`
Status ControlPlaneProviderStatus `json:"status,omitempty"`
}

// +kubebuilder:object:root=true

// ControlPlaneProviderList contains a list of ControlPlaneProvider
type ControlPlaneProviderList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []ControlPlaneProvider `json:"items"`
}

func init() {
SchemeBuilder.Register(&ControlPlaneProvider{}, &ControlPlaneProviderList{})
}
Loading