Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

change from hostPath mounts to TZ environment variable, update RBAC for finalizers #148

Merged
merged 7 commits into from
Jun 16, 2022
Merged

change from hostPath mounts to TZ environment variable, update RBAC for finalizers #148

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
490c5ad
generate rbac for controller
ctrought May 15, 2022
605d580
remove hostPath mounts, add TZ environment variable
ctrought May 15, 2022
30791f7
add finalizers to markers for OwnerReferencesPermissionEnforcement en…
ctrought May 15, 2022
47664b9
add TZ env var
ctrought May 27, 2022
47ab14b
add env to NM schema
ctrought May 27, 2022
1c82cf4
update nm rbac markers
ctrought May 27, 2022
ef0603e
rebase
ctrought Jun 15, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ undeploy:

# Generate manifests e.g. CRD, RBAC etc.
manifests: controller-gen
$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=controller-role webhook paths=./pkg/apis/v2beta1 paths=./pkg/apis/v2beta2 output:crd:artifacts:config=config/crd/bases
$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=controller-role webhook paths=./pkg/apis/v2beta1 paths=./pkg/apis/v2beta2 paths=./controllers output:crd:artifacts:config=config/crd/bases
cd config/manager && kustomize edit set image controller=${IMG} && cd ../../
kustomize build config/default | sed -e '/creationTimestamp/d' > config/bundle.yaml
kustomize build config/samples | sed -e '/creationTimestamp/d' > config/samples/bundle.yaml
Expand Down
13 changes: 3 additions & 10 deletions adapter/deploy/yaml/adapter.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,9 @@ spec:
args:
- --with-stdout=true
imagePullPolicy: Always
volumeMounts:
- mountPath: /etc/localtime
name: host-time
readOnly: true
env:
- name: TZ
value: GMT
lifecycle:
preStop:
httpGet:
Expand All @@ -48,12 +47,6 @@ spec:
requests:
cpu: 20m
memory: 50Mi
volumes:
- hostPath:
path: /etc/localtime
type: ""
name: host-time

---
apiVersion: v1
kind: Service
Expand Down
16 changes: 6 additions & 10 deletions adapter/test/samples/socket.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,16 +19,12 @@ spec:
command:
- socket-server
imagePullPolicy: Always
volumeMounts:
- mountPath: /etc/localtime
name: host-time
readOnly: true
volumes:
- hostPath:
path: /etc/localtime
type: ""
name: host-time

env:
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
---
apiVersion: v1
kind: Service
Expand Down
125 changes: 117 additions & 8 deletions config/bundle.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4808,6 +4808,109 @@ spec:
description: The default namespace to which notification manager secrets
belong.
type: string
env:
description: List of environment variable
items:
description: EnvVar represents an environment variable present in
a Container.
properties:
name:
description: Name of the environment variable. Must be a C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded using
the previous defined environment variables in the container
and any service environment variables. If a variable cannot
be resolved, the reference in the input string will be unchanged.
The $(VAR_NAME) syntax can be escaped with a double $$, ie:
$$(VAR_NAME). Escaped references will never be expanded, regardless
of whether the variable exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's value. Cannot
be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap or its key
must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports metadata.name,
metadata.namespace, `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
spec.nodeName, spec.serviceAccountName, status.hostIP,
status.podIP, status.podIPs.'
properties:
apiVersion:
description: Version of the schema the FieldPath is
written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the specified
API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container: only
resources limits and requests (limits.cpu, limits.memory,
limits.ephemeral-storage, requests.cpu, requests.memory
and requests.ephemeral-storage) are currently supported.'
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the exposed
resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the pod's namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
groupLabels:
description: Labels for grouping notifiations.
items:
Expand Down Expand Up @@ -10924,12 +11027,19 @@ rules:
- apiGroups:
- ""
resources:
- secrets
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
Expand Down Expand Up @@ -10958,6 +11068,12 @@ rules:
- patch
- update
- watch
- apiGroups:
- notification.kubesphere.io
resources:
- notificationmanagers/finalizers
verbs:
- update
- apiGroups:
- notification.kubesphere.io
resources:
Expand Down Expand Up @@ -11127,9 +11243,6 @@ spec:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
- mountPath: /etc/localtime
name: host-time
readOnly: true
- args:
- --secure-listen-address=0.0.0.0:8443
- --upstream=http://127.0.0.1:8080/
Expand All @@ -11147,10 +11260,6 @@ spec:
secret:
defaultMode: 420
secretName: notification-manager-webhook-server-cert
- hostPath:
path: /etc/localtime
type: ""
name: host-time
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
Expand Down
103 changes: 103 additions & 0 deletions config/crd/bases/notification.kubesphere.io_notificationmanagers.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3668,6 +3668,109 @@ spec:
description: The default namespace to which notification manager secrets
belong.
type: string
env:
description: List of environment variable
items:
description: EnvVar represents an environment variable present in
a Container.
properties:
name:
description: Name of the environment variable. Must be a C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded using
the previous defined environment variables in the container
and any service environment variables. If a variable cannot
be resolved, the reference in the input string will be unchanged.
The $(VAR_NAME) syntax can be escaped with a double $$, ie:
$$(VAR_NAME). Escaped references will never be expanded, regardless
of whether the variable exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's value. Cannot
be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap or its key
must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports metadata.name,
metadata.namespace, `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
spec.nodeName, spec.serviceAccountName, status.hostIP,
status.podIP, status.podIPs.'
properties:
apiVersion:
description: Version of the schema the FieldPath is
written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the specified
API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container: only
resources limits and requests (limits.cpu, limits.memory,
limits.ephemeral-storage, requests.cpu, requests.memory
and requests.ephemeral-storage) are currently supported.'
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the exposed
resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the pod's namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
groupLabels:
description: Labels for grouping notifiations.
items:
Expand Down
19 changes: 5 additions & 14 deletions config/manager/manager.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,19 +31,10 @@ spec:
requests:
cpu: 100m
memory: 20Mi
volumeMounts:
- mountPath: /etc/localtime
name: host-time
readOnly: true
env:
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
volumes:
- hostPath:
path: /etc/localtime
type: ""
name: host-time
- name: NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
terminationGracePeriodSeconds: 10
16 changes: 14 additions & 2 deletions config/rbac/role.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,12 +21,19 @@ rules:
- apiGroups:
- ""
resources:
- secrets
- configmaps
ctrought marked this conversation as resolved.
Show resolved Hide resolved
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
Expand Down Expand Up @@ -55,6 +62,12 @@ rules:
- patch
- update
- watch
- apiGroups:
- notification.kubesphere.io
resources:
- notificationmanagers/finalizers
verbs:
- update
- apiGroups:
- notification.kubesphere.io
resources:
Expand All @@ -63,4 +76,3 @@ rules:
- get
- patch
- update

Loading