Skip to content

Commit

Permalink
Iterate on API
Browse files Browse the repository at this point in the history
  • Loading branch information
pwittrock committed Mar 12, 2021
1 parent 4b4f6a6 commit 1e0fee5
Show file tree
Hide file tree
Showing 16 changed files with 205 additions and 195 deletions.
12 changes: 6 additions & 6 deletions pkg/cli/alpha/config-gen/cert-generation-filter.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ type CertFilter struct {
// Filter implements kio.Filter
func (c CertFilter) Filter(input []*yaml.RNode) ([]*yaml.RNode, error) {

if !c.Spec.Development.GenerateCert {
if !c.Spec.DevelopmentOptions.GenerateCert {
return input, nil
}
if err := c.generateCert(); err != nil {
Expand Down Expand Up @@ -69,7 +69,7 @@ func (c CertFilter) Filter(input []*yaml.RNode) ([]*yaml.RNode, error) {
return err
}
err = node.PipeE(yaml.LookupCreate(yaml.ScalarNode, "clientConfig", "service", "namespace"),
yaml.FieldSetter{StringValue: c.Spec.Namespace})
yaml.FieldSetter{StringValue: c.Namespace})
if err != nil {
return err
}
Expand Down Expand Up @@ -115,7 +115,7 @@ func (c CertFilter) Filter(input []*yaml.RNode) ([]*yaml.RNode, error) {
}
err = matches[i].PipeE(yaml.LookupCreate(
yaml.ScalarNode, "spec", "conversion", "webhookClientConfig", "service", "namespace"),
yaml.FieldSetter{StringValue: c.Spec.Namespace})
yaml.FieldSetter{StringValue: c.Namespace})
if err != nil {
return nil, err
}
Expand All @@ -135,8 +135,8 @@ func (c CertFilter) generateCert() error {
var err error
var req = csr.New()
req.Hosts = []string{
fmt.Sprintf("webhook-service.%s.svc", c.Spec.Namespace),
fmt.Sprintf("webhook-service.%s.svc.cluster.local", c.Spec.Namespace),
fmt.Sprintf("webhook-service.%s.svc", c.Namespace),
fmt.Sprintf("webhook-service.%s.svc.cluster.local", c.Namespace),
}
req.CN = "kb-dev-controller-manager"

Expand All @@ -152,7 +152,7 @@ func (c CertFilter) generateCert() error {
}

profile := config.DefaultConfig()
profile.Expiry = c.Spec.Development.CertDuration
profile.Expiry = c.Spec.DevelopmentOptions.CertDuration
cert, err := selfsign.Sign(priv, csrPEM, profile)
if err != nil {
return err
Expand Down
85 changes: 48 additions & 37 deletions pkg/cli/alpha/config-gen/cmd.go
Original file line number Diff line number Diff line change
Expand Up @@ -140,43 +140,54 @@ The KubebuilderConfigGen resource has the following fields:
namespace: project-namespace
spec:
# image used to run the controller-manager in the Deployment
# required
image: org/project:v0.1.0
# path to project root directory to generate the CRDs
# optional -- defaults to '.'
directory: ./relative/path
# enable / disable generation of specific components
# optional -- defaults to the values shown
components:
controller-manager: true
crds: true
namespace: true
rbac: true
cert-manager: false
prometheus: false
webhooks: false
# disable using the auth proxy
# optional -- defaults to false
disableAuthProxy: false
# enable conversion webhooks for a particular API
# requires setting the webhook component to true
# optional -- defaults to empty
conversionWebhooks:
"bars.example.my.domain": true
# if set, use component config for the project
# optional -- defaults to unset
componentConfigFilepath: ./path/to/componentconfig.yaml
# options for project development not intended for production
developmentOptions:
# generate the webhook certificate and wire it as needed
generateCert: true
# configure how CRDs are generated
crds:
# path to project root directory to generate the CRDs
# optional -- defaults to '.'
sourceDirectory: ./relative/path
# configure how the controller-manager is generated
controllerManager:
# image to run
image: org/project:v0.1.0
# if set, use component config for the controller-manager
# optional
componentConfig:
# use component config
enable: true
# path to component config to put into a ConfigMap
configFilepath: ./path/to/componentconfig.yaml
# configure how metrics are exposed
metrics:
# disable the auth proxy required for scraping metrics
# disable: false
# generate prometheus ServiceMonitor resource
enableServiceMonitor: true
# configure how webhooks are generated
# optional -- defaults to not generating webhook configuration
webhooks:
# enable will cause webhook config to be generated
enable: true
# configures these crds to use conversion
enableConversion:
"bars.example.my.domain": true
# configures where to get the webhook certificate from
# discriminated union
certificateSource:
# type of certificate source
# one of ["manual", "certManager", "dev"]
type: "dev"
# options for a dev certificate
devCertificate:
duration: 1h
`)
c.Example = strings.TrimSpace(`
#
Expand Down
2 changes: 1 addition & 1 deletion pkg/cli/alpha/config-gen/component-filter.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ func (cf ComponentFilter) Filter(input []*yaml.RNode) ([]*yaml.RNode, error) {
APIVersions: []string{"v1"},
Kinds: []string{"ConfigMap"},
Names: []string{"manager-config"},
Namespaces: []string{cf.Spec.Namespace},
Namespaces: []string{cf.Namespace},
}
matches, err := s.GetMatches(&framework.ResourceList{Items: input})
if err != nil {
Expand Down
30 changes: 12 additions & 18 deletions pkg/cli/alpha/config-gen/controller-gen-filter.go
Original file line number Diff line number Diff line change
Expand Up @@ -44,28 +44,22 @@ func (cgr ControllerGenFilter) Filter(input []*yaml.RNode) ([]*yaml.RNode, error
gens := genall.Generators{}

// generate CRD definitions
if cgr.Spec.Enabled(CRDsComponent) {
desclen := 40
crdGen := genall.Generator(crd.Generator{
TrivialVersions: true,
MaxDescLen: &desclen,
})
gens = append(gens, &crdGen)
}
desclen := 40
crdGen := genall.Generator(crd.Generator{
TrivialVersions: true,
MaxDescLen: &desclen,
})
gens = append(gens, &crdGen)

// generate RBAC definitions
if cgr.Spec.Enabled(RBACComponent) {
rbacGen := genall.Generator(rbac.Generator{
RoleName: cgr.Spec.Namespace + "-manager-role",
})
gens = append(gens, &rbacGen)
}
rbacGen := genall.Generator(rbac.Generator{
RoleName: cgr.Namespace + "-manager-role",
})
gens = append(gens, &rbacGen)

// generate Webhook definitions
if cgr.Spec.Enabled(WebhooksComponent) {
webhookGen := genall.Generator(webhook.Generator{})
gens = append(gens, &webhookGen)
}
webhookGen := genall.Generator(webhook.Generator{})
gens = append(gens, &webhookGen)

// set the directory
b := bufferedGenerator{}
Expand Down
2 changes: 1 addition & 1 deletion pkg/cli/alpha/config-gen/controller-manager-patches.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ func ControllerManagerPatchTemplate(kp *KubebuilderConfigGen) framework.PT {
Selector: func() *framework.Selector {
return &framework.Selector{
Kinds: []string{"Deployment"},
Namespaces: []string{kp.Spec.Namespace},
Namespaces: []string{kp.Namespace},
Names: []string{"controller-manager"},
Labels: map[string]string{"control-plane": "controller-manager"},
TemplatizeValues: true,
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{{ if .Spec.Enabled "cert-manager" }}
metadata:
annotations:
cert-manager.io/inject-ca-from: {{ .Spec.Namespace }}/{{ .Spec.Name }}-serving-cert
cert-manager.io/inject-ca-from: {{ .Namespace }}/{{ .Name }}-serving-cert
{{ end }}
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,15 @@ spec:
conversion:
strategy: Webhook
webhookClientConfig:
{{- if .Spec.Development.GenerateCert }}
{{- if .Spec.DevelopmentOptions.GenerateCert }}
caBundle: {{ .Status.CertCA }}
{{- else }}
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: Cg==
{{- end }}
service:
namespace: {{ .Spec.Namespace }}
namespace: {{ .Namespace }}
name: webhook-service
path: /convert
{{ end }}
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ .Spec.Name }}-proxy-role
name: {{ .Name }}-proxy-role
rules:
- apiGroups: ["authentication.k8s.io"]
resources:
Expand All @@ -16,14 +16,14 @@ rules:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ .Spec.Name }}-proxy-rolebinding
name: {{ .Name }}-proxy-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ .Spec.Name }}-proxy-role
name: {{ .Name }}-proxy-role
subjects:
- kind: ServiceAccount
name: default
namespace: {{ .Spec.Namespace }}
namespace: {{ .Namespace }}
---
{{ end }}{{ end }}
Original file line number Diff line number Diff line change
Expand Up @@ -6,20 +6,20 @@
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: {{ .Spec.Name }}-selfsigned-issuer
namespace: {{ .Spec.Namespace }}
name: {{ .Name }}-selfsigned-issuer
namespace: {{ .Namespace }}
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ .Spec.Name }}-serving-cert
namespace: {{ .Spec.Namespace }}
name: {{ .Name }}-serving-cert
namespace: {{ .Namespace }}
spec:
dnsNames:
- webhook-service.{{ .Spec.Namespace }}.svc
- webhook-service.{{ .Spec.Namespace }}.svc.cluster.local
- webhook-service.{{ .Namespace }}.svc
- webhook-service.{{ .Namespace }}.svc.cluster.local
issuerRef:
kind: Issuer
name: selfsigned-issuer
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: v1
kind: ConfigMap
metadata:
name: manager-config
namespace: {{ .Spec.Namespace }}
namespace: {{ .Namespace }}
labels:
control-plane: controller-manager
data:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: {{ .Spec.Namespace }}
namespace: {{ .Namespace }}
labels:
control-plane: controller-manager
spec:
Expand Down Expand Up @@ -36,7 +36,7 @@ spec:
apiVersion: v1
kind: Service
metadata:
namespace: {{ .Spec.Namespace }}
namespace: {{ .Namespace }}
name: webhook-service
labels:
control-plane: webhook
Expand All @@ -52,7 +52,7 @@ spec:
apiVersion: v1
kind: Service
metadata:
namespace: {{ .Spec.Namespace }}
namespace: {{ .Namespace }}
name: metrics-service
labels:
control-plane: controller-manager
Expand Down
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
{{- if .Spec.Development.GenerateCert }}
{{- if .Spec.DevelopmentOptions.GenerateCert }}
apiVersion: v1
kind: Secret
metadata:
name: webhook-server-cert
namespace: {{ .Spec.Namespace }}
namespace: {{ .Namespace }}
data:
tls.key: {{ .Status.CertKey }}
tls.crt: {{ .Status.CertCA }}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,6 @@ kind: Namespace
metadata:
labels:
control-plane: controller-manager
name: {{ .Spec.Namespace }}
name: {{ .Namespace }}
---
{{- end }}
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
namespace: {{ .Spec.Namespace }}
namespace: {{ .Namespace }}
name: controller-manager-metrics-monitor
labels:
control-plane: controller-manager
Expand Down
18 changes: 9 additions & 9 deletions pkg/cli/alpha/config-gen/templates/resources/rbac.template.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,21 +2,21 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ .Spec.Namespace }}-manager-rolebinding
name: {{ .Namespace }}-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ .Spec.Namespace }}-manager-role
name: {{ .Namespace }}-manager-role
subjects:
- kind: ServiceAccount
name: default
namespace: {{ .Spec.Namespace }}
namespace: {{ .Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ .Spec.Namespace }}-leader-election-role
namespace: {{ .Spec.Namespace }}
name: {{ .Namespace }}-leader-election-role
namespace: {{ .Namespace }}
rules:
- apiGroups:
- ""
Expand Down Expand Up @@ -48,15 +48,15 @@ rules:
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ .Spec.Namespace }}-leader-election-rolebinding
namespace: {{ .Spec.Namespace }}
name: {{ .Namespace }}-leader-election-rolebinding
namespace: {{ .Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ .Spec.Namespace }}-leader-election-role
name: {{ .Namespace }}-leader-election-role
subjects:
- kind: ServiceAccount
name: default
namespace: {{ .Spec.Namespace }}
namespace: {{ .Namespace }}
---
{{ end }}
Loading

0 comments on commit 1e0fee5

Please sign in to comment.