WIP: Wait, what's the right commands for a relay?

agones/src/lib.rs

@@ -28,7 +28,7 @@ use k8s_openapi::{
             ConfigMap, Container, EnvVar, Event, HTTPGetAction, Namespace, Pod, PodSpec,
             PodTemplateSpec, Probe, ResourceRequirements, ServiceAccount, VolumeMount,
         },
-        rbac::v1::{RoleBinding, RoleRef, Subject},
+        rbac::v1::{ClusterRole, RoleBinding, RoleRef, Subject},
     },
     apimachinery::pkg::{
         api::resource::Quantity, apis::meta::v1::ObjectMeta, util::intstr::IntOrString,
@@ -215,6 +215,77 @@ async fn add_agones_service_account(client: kube::Client, namespace: String) {
     let _ = role_bindings.create(&pp, &role_binding).await.unwrap();
 }
 
+/// Creates a Service account and related RBAC objects to enable a process to query Agones resources
+/// within a cluster.
+pub async fn create_agones_rbac_read_account(
+    client: &Client,
+    service_accounts: Api<ServiceAccount>,
+    cluster_roles: Api<ClusterRole>,
+    role_bindings: Api<RoleBinding>,
+) -> String {
+    let pp = PostParams::default();
+
+    // create all the rbac rules
+    let rbac_name = "quilkin-agones";
+    let rbac_meta = ObjectMeta {
+        name: Some(rbac_name.into()),
+        ..Default::default()
+    };
+    let service_account = ServiceAccount {
+        metadata: rbac_meta.clone(),
+        ..Default::default()
+    };
+    service_accounts
+        .create(&pp, &service_account)
+        .await
+        .unwrap();
+
+    // Delete the cluster role if it already exists, since it's cluster wide.
+    match cluster_roles
+        .delete(rbac_name, &DeleteParams::default())
+        .await
+    {
+        Ok(_) => {}
+        Err(err) => println!("Cluster role not found: {err}"),
+    };
+    let cluster_role = ClusterRole {
+        metadata: rbac_meta.clone(),
+        rules: Some(vec![
+            PolicyRule {
+                api_groups: Some(vec!["agones.dev".into()]),
+                resources: Some(vec!["gameservers".into()]),
+                verbs: ["get", "list", "watch"].map(String::from).to_vec(),
+                ..Default::default()
+            },
+            PolicyRule {
+                api_groups: Some(vec!["".into()]),
+                resources: Some(vec!["configmaps".into()]),
+                verbs: ["get", "list", "watch"].map(String::from).to_vec(),
+                ..Default::default()
+            },
+        ]),
+        ..Default::default()
+    };
+    cluster_roles.create(&pp, &cluster_role).await.unwrap();
+
+    let binding = RoleBinding {
+        metadata: rbac_meta,
+        subjects: Some(vec![Subject {
+            kind: "User".into(),
+            name: format!("system:serviceaccount:{}:{rbac_name}", client.namespace),
+            api_group: Some("rbac.authorization.k8s.io".into()),
+            ..Default::default()
+        }]),
+        role_ref: RoleRef {
+            api_group: "rbac.authorization.k8s.io".into(),
+            kind: "ClusterRole".into(),
+            name: rbac_name.into(),
+        },
+    };
+    role_bindings.create(&pp, &binding).await.unwrap();
+    rbac_name.into()
+}
+
 /// Returns a test GameServer with the UDP test binary that is used for
 /// Agones e2e tests.
 pub fn game_server() -> GameServer {

agones/src/provider.rs

@@ -47,8 +47,8 @@ mod tests {
     };
 
     use crate::{
-        create_token_router_config, debug_pods, fleet, is_deployment_ready, is_fleet_ready,
-        quilkin_container, Client,
+        create_agones_rbac_read_account, create_token_router_config, debug_pods, fleet,
+        is_deployment_ready, is_fleet_ready, quilkin_container, Client,
     };
 
     const PROXY_DEPLOYMENT: &str = "quilkin-proxies";
@@ -204,64 +204,9 @@ mod tests {
         let role_bindings: Api<RoleBinding> = client.namespaced_api();
         let pp = PostParams::default();
 
-        // create all the rbac rules
-        let rbac_name = "quilkin-agones";
-        let rbac_meta = ObjectMeta {
-            name: Some(rbac_name.into()),
-            ..Default::default()
-        };
-        let service_account = ServiceAccount {
-            metadata: rbac_meta.clone(),
-            ..Default::default()
-        };
-        service_accounts
-            .create(&pp, &service_account)
-            .await
-            .unwrap();
-
-        // Delete the cluster role if it already exists, since it's cluster wide.
-        match cluster_roles
-            .delete(rbac_name, &DeleteParams::default())
-            .await
-        {
-            Ok(_) => {}
-            Err(err) => println!("Cluster role not found: {err}"),
-        };
-        let cluster_role = ClusterRole {
-            metadata: rbac_meta.clone(),
-            rules: Some(vec![
-                PolicyRule {
-                    api_groups: Some(vec!["agones.dev".into()]),
-                    resources: Some(vec!["gameservers".into()]),
-                    verbs: ["get", "list", "watch"].map(String::from).to_vec(),
-                    ..Default::default()
-                },
-                PolicyRule {
-                    api_groups: Some(vec!["".into()]),
-                    resources: Some(vec!["configmaps".into()]),
-                    verbs: ["get", "list", "watch"].map(String::from).to_vec(),
-                    ..Default::default()
-                },
-            ]),
-            ..Default::default()
-        };
-        cluster_roles.create(&pp, &cluster_role).await.unwrap();
-
-        let binding = RoleBinding {
-            metadata: rbac_meta,
-            subjects: Some(vec![Subject {
-                kind: "User".into(),
-                name: format!("system:serviceaccount:{}:{rbac_name}", client.namespace),
-                api_group: Some("rbac.authorization.k8s.io".into()),
-                ..Default::default()
-            }]),
-            role_ref: RoleRef {
-                api_group: "rbac.authorization.k8s.io".into(),
-                kind: "ClusterRole".into(),
-                name: rbac_name.into(),
-            },
-        };
-        role_bindings.create(&pp, &binding).await.unwrap();
+        let rbac_name =
+            create_agones_rbac_read_account(client, service_accounts, cluster_roles, role_bindings)
+                .await;
 
         // Setup the xDS Agones provider server
         let args = [

agones/src/relay.rs

@@ -39,3 +39,55 @@ mod tests {
             .unwrap();
     }
 }
+
+/// Deploys the Agent and Relay Server Deployents and Services
+fn agones_agent_deployment(client: &Client, deployments: Api<Deployment>) {
+    let pp = PostParams::default();
+
+    // Setup the xDS Agones provider server
+    let args = [
+        "manage",
+        "agones",
+        "--config-namespace",
+        client.namespace.as_str(),
+        "--gameservers-namespace",
+        client.namespace.as_str(),
+    ]
+    .map(String::from)
+    .to_vec();
+    let mut container = quilkin_container(client, Some(args), None);
+    container.ports = Some(vec![ContainerPort {
+        container_port: 7777,
+        ..Default::default()
+    }]);
+    let labels = BTreeMap::from([("role".to_string(), "xds".to_string())]);
+    let deployment = Deployment {
+        metadata: ObjectMeta {
+            name: Some("quilkin-manage-agones".into()),
+            labels: Some(labels.clone()),
+            ..Default::default()
+        },
+        spec: Some(DeploymentSpec {
+            replicas: Some(1),
+            selector: LabelSelector {
+                match_expressions: None,
+                match_labels: Some(labels.clone()),
+            },
+            template: PodTemplateSpec {
+                metadata: Some(ObjectMeta {
+                    labels: Some(labels.clone()),
+                    ..Default::default()
+                }),
+                spec: Some(PodSpec {
+                    containers: vec![container],
+                    service_account_name: Some(rbac_name.into()),
+                    ..Default::default()
+                }),
+            },
+            ..Default::default()
+        }),
+        ..Default::default()
+    };
+
+    let deployment = deployments.create(&pp, &deployment).await.unwrap();
+}