From 0c9c4fe1d10e6acbd853b2c947db736cdac27ac2 Mon Sep 17 00:00:00 2001 From: Rajat Chopra Date: Fri, 21 Sep 2018 14:02:42 -0400 Subject: [PATCH 1/2] asset/manifests: Moved content/*go to content/bootkube/*go to make way for tectonic templates. Other cosmetic changes for functions of manifest asset structure. --- pkg/asset/manifests/BUILD.bazel | 2 +- .../{ => bootkube}/01-tectonic-namespace.go | 2 +- .../{ => bootkube}/02-ingress-namespace.go | 2 +- .../03-openshift-web-console-namespace.go | 2 +- .../04-openshift-machine-config-operator.go | 2 +- .../05-openshift-cluster-api-namespace.go | 2 +- .../content/{ => bootkube}/BUILD.bazel | 2 +- .../{ => bootkube}/app-version-kind.go | 2 +- .../content/{ => bootkube}/app-version-mao.go | 2 +- .../app-version-tectonic-network.go | 2 +- .../{ => bootkube}/cluster-apiserver-certs.go | 2 +- .../content/{ => bootkube}/ign-config.go | 2 +- .../{ => bootkube}/kube-apiserver-secret.go | 2 +- .../{ => bootkube}/kube-cloud-config.go | 2 +- .../kube-controller-manager-secret.go | 2 +- .../{ => bootkube}/machine-api-operator.go | 2 +- .../machine-config-operator-00-config-crd.go | 2 +- ...ine-config-operator-01-images-configmap.go | 2 +- .../machine-config-operator-02-rbac.go | 2 +- .../machine-config-operator-03-deployment.go | 2 +- .../machine-config-server-tls-secret.go | 2 +- .../openshift-apiserver-secret.go | 2 +- .../{ => bootkube}/operatorstatus-crd.go | 2 +- .../manifests/content/{ => bootkube}/pull.go | 2 +- .../tectonic-network-operator.go | 2 +- pkg/asset/manifests/operators.go | 169 +++++++++--------- pkg/asset/manifests/template.go | 2 +- 27 files changed, 110 insertions(+), 111 deletions(-) rename pkg/asset/manifests/content/{ => bootkube}/01-tectonic-namespace.go (95%) rename pkg/asset/manifests/content/{ => bootkube}/02-ingress-namespace.go (96%) rename pkg/asset/manifests/content/{ => bootkube}/03-openshift-web-console-namespace.go (95%) rename pkg/asset/manifests/content/{ => bootkube}/04-openshift-machine-config-operator.go (95%) rename pkg/asset/manifests/content/{ => bootkube}/05-openshift-cluster-api-namespace.go (95%) rename pkg/asset/manifests/content/{ => bootkube}/BUILD.bazel (97%) rename pkg/asset/manifests/content/{ => bootkube}/app-version-kind.go (95%) rename pkg/asset/manifests/content/{ => bootkube}/app-version-mao.go (95%) rename pkg/asset/manifests/content/{ => bootkube}/app-version-tectonic-network.go (96%) rename pkg/asset/manifests/content/{ => bootkube}/cluster-apiserver-certs.go (96%) rename pkg/asset/manifests/content/{ => bootkube}/ign-config.go (95%) rename pkg/asset/manifests/content/{ => bootkube}/kube-apiserver-secret.go (98%) rename pkg/asset/manifests/content/{ => bootkube}/kube-cloud-config.go (95%) rename pkg/asset/manifests/content/{ => bootkube}/kube-controller-manager-secret.go (96%) rename pkg/asset/manifests/content/{ => bootkube}/machine-api-operator.go (98%) rename pkg/asset/manifests/content/{ => bootkube}/machine-config-operator-00-config-crd.go (98%) rename pkg/asset/manifests/content/{ => bootkube}/machine-config-operator-01-images-configmap.go (97%) rename pkg/asset/manifests/content/{ => bootkube}/machine-config-operator-02-rbac.go (96%) rename pkg/asset/manifests/content/{ => bootkube}/machine-config-operator-03-deployment.go (99%) rename pkg/asset/manifests/content/{ => bootkube}/machine-config-server-tls-secret.go (96%) rename pkg/asset/manifests/content/{ => bootkube}/openshift-apiserver-secret.go (98%) rename pkg/asset/manifests/content/{ => bootkube}/operatorstatus-crd.go (98%) rename pkg/asset/manifests/content/{ => bootkube}/pull.go (95%) rename pkg/asset/manifests/content/{ => bootkube}/tectonic-network-operator.go (99%) diff --git a/pkg/asset/manifests/BUILD.bazel b/pkg/asset/manifests/BUILD.bazel index 7a7c1e4e3d1..b0d0616d7e7 100644 --- a/pkg/asset/manifests/BUILD.bazel +++ b/pkg/asset/manifests/BUILD.bazel @@ -18,7 +18,7 @@ go_library( "//pkg/asset:go_default_library", "//pkg/asset/installconfig:go_default_library", "//pkg/asset/kubeconfig:go_default_library", - "//pkg/asset/manifests/content:go_default_library", + "//pkg/asset/manifests/content/bootkube:go_default_library", "//pkg/asset/tls:go_default_library", "//pkg/rhcos:go_default_library", "//pkg/types:go_default_library", diff --git a/pkg/asset/manifests/content/01-tectonic-namespace.go b/pkg/asset/manifests/content/bootkube/01-tectonic-namespace.go similarity index 95% rename from pkg/asset/manifests/content/01-tectonic-namespace.go rename to pkg/asset/manifests/content/bootkube/01-tectonic-namespace.go index 9206b05812d..67a93added7 100644 --- a/pkg/asset/manifests/content/01-tectonic-namespace.go +++ b/pkg/asset/manifests/content/bootkube/01-tectonic-namespace.go @@ -1,4 +1,4 @@ -package content +package bootkube const ( // TectonicNamespace is the constant to represent contents of Tectonic_Namespace.yaml file diff --git a/pkg/asset/manifests/content/02-ingress-namespace.go b/pkg/asset/manifests/content/bootkube/02-ingress-namespace.go similarity index 96% rename from pkg/asset/manifests/content/02-ingress-namespace.go rename to pkg/asset/manifests/content/bootkube/02-ingress-namespace.go index 9d557c69076..4e5a9380900 100644 --- a/pkg/asset/manifests/content/02-ingress-namespace.go +++ b/pkg/asset/manifests/content/bootkube/02-ingress-namespace.go @@ -1,4 +1,4 @@ -package content +package bootkube const ( // IngressNamespace is the constant to represent contents of Ingress_Namespace.yaml file diff --git a/pkg/asset/manifests/content/03-openshift-web-console-namespace.go b/pkg/asset/manifests/content/bootkube/03-openshift-web-console-namespace.go similarity index 95% rename from pkg/asset/manifests/content/03-openshift-web-console-namespace.go rename to pkg/asset/manifests/content/bootkube/03-openshift-web-console-namespace.go index a7aac7f2237..a0b818e1f66 100644 --- a/pkg/asset/manifests/content/03-openshift-web-console-namespace.go +++ b/pkg/asset/manifests/content/bootkube/03-openshift-web-console-namespace.go @@ -1,4 +1,4 @@ -package content +package bootkube const ( // OpenshiftWebConsoleNamespace is the constant to represent contents of Openshift_WebConsoleNamespace.yaml file diff --git a/pkg/asset/manifests/content/04-openshift-machine-config-operator.go b/pkg/asset/manifests/content/bootkube/04-openshift-machine-config-operator.go similarity index 95% rename from pkg/asset/manifests/content/04-openshift-machine-config-operator.go rename to pkg/asset/manifests/content/bootkube/04-openshift-machine-config-operator.go index e3f721cd733..dd7dcfd50f0 100644 --- a/pkg/asset/manifests/content/04-openshift-machine-config-operator.go +++ b/pkg/asset/manifests/content/bootkube/04-openshift-machine-config-operator.go @@ -1,4 +1,4 @@ -package content +package bootkube const ( // OpenshiftMachineConfigOperator is the constant to represent contents of Openshift_MachineConfigOperator.yaml file diff --git a/pkg/asset/manifests/content/05-openshift-cluster-api-namespace.go b/pkg/asset/manifests/content/bootkube/05-openshift-cluster-api-namespace.go similarity index 95% rename from pkg/asset/manifests/content/05-openshift-cluster-api-namespace.go rename to pkg/asset/manifests/content/bootkube/05-openshift-cluster-api-namespace.go index 6795b263a75..52fbb034591 100644 --- a/pkg/asset/manifests/content/05-openshift-cluster-api-namespace.go +++ b/pkg/asset/manifests/content/bootkube/05-openshift-cluster-api-namespace.go @@ -1,4 +1,4 @@ -package content +package bootkube const ( // OpenshiftClusterAPINamespace is the constant to represent contents of Openshift_ClusterApiNamespace.yaml file diff --git a/pkg/asset/manifests/content/BUILD.bazel b/pkg/asset/manifests/content/bootkube/BUILD.bazel similarity index 97% rename from pkg/asset/manifests/content/BUILD.bazel rename to pkg/asset/manifests/content/bootkube/BUILD.bazel index 8081a25160f..a117993d240 100644 --- a/pkg/asset/manifests/content/BUILD.bazel +++ b/pkg/asset/manifests/content/bootkube/BUILD.bazel @@ -27,6 +27,6 @@ go_library( "pull.go", "tectonic-network-operator.go", ], - importpath = "github.com/openshift/installer/pkg/asset/manifests/content", + importpath = "github.com/openshift/installer/pkg/asset/manifests/content/bootkube", visibility = ["//visibility:public"], ) diff --git a/pkg/asset/manifests/content/app-version-kind.go b/pkg/asset/manifests/content/bootkube/app-version-kind.go similarity index 95% rename from pkg/asset/manifests/content/app-version-kind.go rename to pkg/asset/manifests/content/bootkube/app-version-kind.go index b6dafe7acd2..c8a37301b41 100644 --- a/pkg/asset/manifests/content/app-version-kind.go +++ b/pkg/asset/manifests/content/bootkube/app-version-kind.go @@ -1,4 +1,4 @@ -package content +package bootkube const ( // AppVersionKind is the constant to represent contents of App_VersionKind.yaml file diff --git a/pkg/asset/manifests/content/app-version-mao.go b/pkg/asset/manifests/content/bootkube/app-version-mao.go similarity index 95% rename from pkg/asset/manifests/content/app-version-mao.go rename to pkg/asset/manifests/content/bootkube/app-version-mao.go index 4244f115db6..e916280a743 100644 --- a/pkg/asset/manifests/content/app-version-mao.go +++ b/pkg/asset/manifests/content/bootkube/app-version-mao.go @@ -1,4 +1,4 @@ -package content +package bootkube const ( // AppVersionMao is the constant to represent contents of App_VersionMao.yaml file diff --git a/pkg/asset/manifests/content/app-version-tectonic-network.go b/pkg/asset/manifests/content/bootkube/app-version-tectonic-network.go similarity index 96% rename from pkg/asset/manifests/content/app-version-tectonic-network.go rename to pkg/asset/manifests/content/bootkube/app-version-tectonic-network.go index bf5645f60f6..e48bc057f7b 100644 --- a/pkg/asset/manifests/content/app-version-tectonic-network.go +++ b/pkg/asset/manifests/content/bootkube/app-version-tectonic-network.go @@ -1,4 +1,4 @@ -package content +package bootkube const ( // AppVersionTectonicNetwork is the constant to represent contents of App_VersionTectonicNetwork.yaml file diff --git a/pkg/asset/manifests/content/cluster-apiserver-certs.go b/pkg/asset/manifests/content/bootkube/cluster-apiserver-certs.go similarity index 96% rename from pkg/asset/manifests/content/cluster-apiserver-certs.go rename to pkg/asset/manifests/content/bootkube/cluster-apiserver-certs.go index 08f945f3622..0dfb7a6e0c9 100644 --- a/pkg/asset/manifests/content/cluster-apiserver-certs.go +++ b/pkg/asset/manifests/content/bootkube/cluster-apiserver-certs.go @@ -1,4 +1,4 @@ -package content +package bootkube import ( "text/template" diff --git a/pkg/asset/manifests/content/ign-config.go b/pkg/asset/manifests/content/bootkube/ign-config.go similarity index 95% rename from pkg/asset/manifests/content/ign-config.go rename to pkg/asset/manifests/content/bootkube/ign-config.go index 473e31ea3c2..0b9fe358223 100644 --- a/pkg/asset/manifests/content/ign-config.go +++ b/pkg/asset/manifests/content/bootkube/ign-config.go @@ -1,4 +1,4 @@ -package content +package bootkube import ( "text/template" diff --git a/pkg/asset/manifests/content/kube-apiserver-secret.go b/pkg/asset/manifests/content/bootkube/kube-apiserver-secret.go similarity index 98% rename from pkg/asset/manifests/content/kube-apiserver-secret.go rename to pkg/asset/manifests/content/bootkube/kube-apiserver-secret.go index af80c34eaeb..b52c90c0820 100644 --- a/pkg/asset/manifests/content/kube-apiserver-secret.go +++ b/pkg/asset/manifests/content/bootkube/kube-apiserver-secret.go @@ -1,4 +1,4 @@ -package content +package bootkube import ( "text/template" diff --git a/pkg/asset/manifests/content/kube-cloud-config.go b/pkg/asset/manifests/content/bootkube/kube-cloud-config.go similarity index 95% rename from pkg/asset/manifests/content/kube-cloud-config.go rename to pkg/asset/manifests/content/bootkube/kube-cloud-config.go index 0838eca5077..85ce2d7b98f 100644 --- a/pkg/asset/manifests/content/kube-cloud-config.go +++ b/pkg/asset/manifests/content/bootkube/kube-cloud-config.go @@ -1,4 +1,4 @@ -package content +package bootkube import ( "text/template" diff --git a/pkg/asset/manifests/content/kube-controller-manager-secret.go b/pkg/asset/manifests/content/bootkube/kube-controller-manager-secret.go similarity index 96% rename from pkg/asset/manifests/content/kube-controller-manager-secret.go rename to pkg/asset/manifests/content/bootkube/kube-controller-manager-secret.go index b901d07205f..8d9fb805622 100644 --- a/pkg/asset/manifests/content/kube-controller-manager-secret.go +++ b/pkg/asset/manifests/content/bootkube/kube-controller-manager-secret.go @@ -1,4 +1,4 @@ -package content +package bootkube import ( "text/template" diff --git a/pkg/asset/manifests/content/machine-api-operator.go b/pkg/asset/manifests/content/bootkube/machine-api-operator.go similarity index 98% rename from pkg/asset/manifests/content/machine-api-operator.go rename to pkg/asset/manifests/content/bootkube/machine-api-operator.go index acd7e1ddabe..48e4765eb88 100644 --- a/pkg/asset/manifests/content/machine-api-operator.go +++ b/pkg/asset/manifests/content/bootkube/machine-api-operator.go @@ -1,4 +1,4 @@ -package content +package bootkube const ( // MachineAPIOperator is the constant to represent contents of Machine_Api_Operator.yaml file diff --git a/pkg/asset/manifests/content/machine-config-operator-00-config-crd.go b/pkg/asset/manifests/content/bootkube/machine-config-operator-00-config-crd.go similarity index 98% rename from pkg/asset/manifests/content/machine-config-operator-00-config-crd.go rename to pkg/asset/manifests/content/bootkube/machine-config-operator-00-config-crd.go index 6b3749198e6..44254564406 100644 --- a/pkg/asset/manifests/content/machine-config-operator-00-config-crd.go +++ b/pkg/asset/manifests/content/bootkube/machine-config-operator-00-config-crd.go @@ -1,4 +1,4 @@ -package content +package bootkube const ( // MachineConfigOperator00ConfigCrd is the constant to represent contents of Machine_ConfigOperator00ConfigCrd.yaml file diff --git a/pkg/asset/manifests/content/machine-config-operator-01-images-configmap.go b/pkg/asset/manifests/content/bootkube/machine-config-operator-01-images-configmap.go similarity index 97% rename from pkg/asset/manifests/content/machine-config-operator-01-images-configmap.go rename to pkg/asset/manifests/content/bootkube/machine-config-operator-01-images-configmap.go index 4e02244d46c..fbea072d20d 100644 --- a/pkg/asset/manifests/content/machine-config-operator-01-images-configmap.go +++ b/pkg/asset/manifests/content/bootkube/machine-config-operator-01-images-configmap.go @@ -1,4 +1,4 @@ -package content +package bootkube const ( // MachineConfigOperator01ImagesConfigmap is the constant to represent contents of Machine_ConfigOperator01ImagesConfigmap.yaml file diff --git a/pkg/asset/manifests/content/machine-config-operator-02-rbac.go b/pkg/asset/manifests/content/bootkube/machine-config-operator-02-rbac.go similarity index 96% rename from pkg/asset/manifests/content/machine-config-operator-02-rbac.go rename to pkg/asset/manifests/content/bootkube/machine-config-operator-02-rbac.go index ed406076baf..78c9f5691cc 100644 --- a/pkg/asset/manifests/content/machine-config-operator-02-rbac.go +++ b/pkg/asset/manifests/content/bootkube/machine-config-operator-02-rbac.go @@ -1,4 +1,4 @@ -package content +package bootkube const ( // MachineConfigOperator02Rbac is the constant to represent contents of manifest file machine-config-operator-02-rbac.yaml diff --git a/pkg/asset/manifests/content/machine-config-operator-03-deployment.go b/pkg/asset/manifests/content/bootkube/machine-config-operator-03-deployment.go similarity index 99% rename from pkg/asset/manifests/content/machine-config-operator-03-deployment.go rename to pkg/asset/manifests/content/bootkube/machine-config-operator-03-deployment.go index 4893531d315..425e651503c 100644 --- a/pkg/asset/manifests/content/machine-config-operator-03-deployment.go +++ b/pkg/asset/manifests/content/bootkube/machine-config-operator-03-deployment.go @@ -1,4 +1,4 @@ -package content +package bootkube import ( "text/template" diff --git a/pkg/asset/manifests/content/machine-config-server-tls-secret.go b/pkg/asset/manifests/content/bootkube/machine-config-server-tls-secret.go similarity index 96% rename from pkg/asset/manifests/content/machine-config-server-tls-secret.go rename to pkg/asset/manifests/content/bootkube/machine-config-server-tls-secret.go index 838cd1b6ae9..2b4d5bdfcdc 100644 --- a/pkg/asset/manifests/content/machine-config-server-tls-secret.go +++ b/pkg/asset/manifests/content/bootkube/machine-config-server-tls-secret.go @@ -1,4 +1,4 @@ -package content +package bootkube import ( "text/template" diff --git a/pkg/asset/manifests/content/openshift-apiserver-secret.go b/pkg/asset/manifests/content/bootkube/openshift-apiserver-secret.go similarity index 98% rename from pkg/asset/manifests/content/openshift-apiserver-secret.go rename to pkg/asset/manifests/content/bootkube/openshift-apiserver-secret.go index fe6c6c2da43..f272d117cd2 100644 --- a/pkg/asset/manifests/content/openshift-apiserver-secret.go +++ b/pkg/asset/manifests/content/bootkube/openshift-apiserver-secret.go @@ -1,4 +1,4 @@ -package content +package bootkube import ( "text/template" diff --git a/pkg/asset/manifests/content/operatorstatus-crd.go b/pkg/asset/manifests/content/bootkube/operatorstatus-crd.go similarity index 98% rename from pkg/asset/manifests/content/operatorstatus-crd.go rename to pkg/asset/manifests/content/bootkube/operatorstatus-crd.go index e3e3eac2776..78894ca6f90 100644 --- a/pkg/asset/manifests/content/operatorstatus-crd.go +++ b/pkg/asset/manifests/content/bootkube/operatorstatus-crd.go @@ -1,4 +1,4 @@ -package content +package bootkube const ( // OperatorstatusCrd is the constant to represent contents of Operatorstatus_Crd.yaml file diff --git a/pkg/asset/manifests/content/pull.go b/pkg/asset/manifests/content/bootkube/pull.go similarity index 95% rename from pkg/asset/manifests/content/pull.go rename to pkg/asset/manifests/content/bootkube/pull.go index 95c191672db..20981cb442c 100644 --- a/pkg/asset/manifests/content/pull.go +++ b/pkg/asset/manifests/content/bootkube/pull.go @@ -1,4 +1,4 @@ -package content +package bootkube import ( "text/template" diff --git a/pkg/asset/manifests/content/tectonic-network-operator.go b/pkg/asset/manifests/content/bootkube/tectonic-network-operator.go similarity index 99% rename from pkg/asset/manifests/content/tectonic-network-operator.go rename to pkg/asset/manifests/content/bootkube/tectonic-network-operator.go index 86c89a133b8..e3ff2bb2ee4 100644 --- a/pkg/asset/manifests/content/tectonic-network-operator.go +++ b/pkg/asset/manifests/content/bootkube/tectonic-network-operator.go @@ -1,4 +1,4 @@ -package content +package bootkube import ( "text/template" diff --git a/pkg/asset/manifests/operators.go b/pkg/asset/manifests/operators.go index f4e3440b9f2..59a5365435d 100644 --- a/pkg/asset/manifests/operators.go +++ b/pkg/asset/manifests/operators.go @@ -8,7 +8,7 @@ import ( "github.com/openshift/installer/pkg/asset" "github.com/openshift/installer/pkg/asset/installconfig" - "github.com/openshift/installer/pkg/asset/manifests/content" + "github.com/openshift/installer/pkg/asset/manifests/content/bootkube" ) const ( @@ -44,47 +44,46 @@ var _ asset.Asset = (*manifests)(nil) type genericData map[string]string // Name returns a human friendly name for the operator -func (o *manifests) Name() string { +func (m *manifests) Name() string { return "Common Manifests" } // Dependencies returns all of the dependencies directly needed by an // manifests asset. -func (o *manifests) Dependencies() []asset.Asset { +func (m *manifests) Dependencies() []asset.Asset { return []asset.Asset{ - o.installConfig, - o.assetStock.KubeCoreOperator(), - o.assetStock.NetworkOperator(), - o.assetStock.KubeAddonOperator(), - o.assetStock.Mao(), - o.rootCA, - o.etcdCA, - o.ingressCertKey, - o.kubeCA, - o.aggregatorCA, - o.serviceServingCA, - o.clusterAPIServerCertKey, - o.etcdClientCertKey, - o.apiServerCertKey, - o.openshiftAPIServerCertKey, - o.apiServerProxyCertKey, - o.adminCertKey, - o.kubeletCertKey, - o.mcsCertKey, - o.serviceAccountKeyPair, - o.kubeconfig, + m.installConfig, + m.assetStock.KubeCoreOperator(), + m.assetStock.NetworkOperator(), + m.assetStock.KubeAddonOperator(), + m.assetStock.Mao(), + m.rootCA, + m.etcdCA, + m.ingressCertKey, + m.kubeCA, + m.aggregatorCA, + m.serviceServingCA, + m.clusterAPIServerCertKey, + m.etcdClientCertKey, + m.apiServerCertKey, + m.openshiftAPIServerCertKey, + m.apiServerProxyCertKey, + m.adminCertKey, + m.kubeletCertKey, + m.tncCertKey, + m.serviceAccountKeyPair, + m.kubeconfig, } } // Generate generates the respective operator config.yml files -func (o *manifests) Generate(dependencies map[asset.Asset]*asset.State) (*asset.State, error) { - //cvo := dependencies[o.assetStock.ClusterVersionOperator()].Contents[0] - kco := dependencies[o.assetStock.KubeCoreOperator()].Contents[0] - no := dependencies[o.assetStock.NetworkOperator()].Contents[0] - //ingress := dependencies[o.assetStock.IngressOperator()].Contents[0] - addon := dependencies[o.assetStock.KubeAddonOperator()].Contents[0] - mao := dependencies[o.assetStock.Mao()].Contents[0] - installConfig := dependencies[o.installConfig].Contents[0] +func (m *manifests) Generate(dependencies map[asset.Asset]*asset.State) (*asset.State, error) { + //cvo := dependencies[m.assetStock.ClusterVersionOperator()].Contents[0] + kco := dependencies[m.assetStock.KubeCoreOperator()].Contents[0] + no := dependencies[m.assetStock.NetworkOperator()].Contents[0] + addon := dependencies[m.assetStock.KubeAddonOperator()].Contents[0] + mao := dependencies[m.assetStock.Mao()].Contents[0] + installConfig := dependencies[m.installConfig].Contents[0] // kco+no+mao go to kube-system config map kubeSys, err := configMap("kube-system", "cluster-config-v1", genericData{ @@ -105,7 +104,7 @@ func (o *manifests) Generate(dependencies map[asset.Asset]*asset.State) (*asset. return nil, err } - templateAssetContents := o.generateTemplateAssets(dependencies) + bootkubeContents := m.generateBootKubeManifests(dependencies) state := &asset.State{ Contents: []asset.Content{ @@ -119,113 +118,113 @@ func (o *manifests) Generate(dependencies map[asset.Asset]*asset.State) (*asset. }, }, } - state.Contents = append(state.Contents, templateAssetContents...) + state.Contents = append(state.Contents, bootkubeContents...) return state, nil } -func (o *manifests) generateTemplateAssets(dependencies map[asset.Asset]*asset.State) []asset.Content { - ic, err := installconfig.GetInstallConfig(o.installConfig, dependencies) +func (m *manifests) generateBootKubeManifests(dependencies map[asset.Asset]*asset.State) []asset.Content { + ic, err := installconfig.GetInstallConfig(m.installConfig, dependencies) if err != nil { return nil } assetContents := make([]asset.Content, 0) - templateData := &templateData{ - AggregatorCaCert: string(dependencies[o.aggregatorCA].Contents[certIndex].Data), - AggregatorCaKey: string(dependencies[o.aggregatorCA].Contents[keyIndex].Data), - ApiserverCert: string(dependencies[o.apiServerCertKey].Contents[certIndex].Data), - ApiserverKey: string(dependencies[o.apiServerCertKey].Contents[keyIndex].Data), - ApiserverProxyCert: string(dependencies[o.apiServerProxyCertKey].Contents[certIndex].Data), - ApiserverProxyKey: string(dependencies[o.apiServerProxyCertKey].Contents[keyIndex].Data), + templateData := &bootkubeTemplateData{ + AggregatorCaCert: string(dependencies[m.aggregatorCA].Contents[certIndex].Data), + AggregatorCaKey: string(dependencies[m.aggregatorCA].Contents[keyIndex].Data), + ApiserverCert: string(dependencies[m.apiServerCertKey].Contents[certIndex].Data), + ApiserverKey: string(dependencies[m.apiServerCertKey].Contents[keyIndex].Data), + ApiserverProxyCert: string(dependencies[m.apiServerProxyCertKey].Contents[certIndex].Data), + ApiserverProxyKey: string(dependencies[m.apiServerProxyCertKey].Contents[keyIndex].Data), Base64encodeCloudProviderConfig: "", // FIXME - ClusterapiCaCert: string(dependencies[o.clusterAPIServerCertKey].Contents[certIndex].Data), - ClusterapiCaKey: string(dependencies[o.clusterAPIServerCertKey].Contents[keyIndex].Data), - EtcdCaCert: string(dependencies[o.etcdCA].Contents[certIndex].Data), - EtcdClientCert: string(dependencies[o.etcdClientCertKey].Contents[certIndex].Data), - EtcdClientKey: string(dependencies[o.etcdClientCertKey].Contents[keyIndex].Data), - KubeCaCert: string(dependencies[o.kubeCA].Contents[certIndex].Data), - KubeCaKey: string(dependencies[o.kubeCA].Contents[keyIndex].Data), + ClusterapiCaCert: string(dependencies[m.clusterAPIServerCertKey].Contents[certIndex].Data), + ClusterapiCaKey: string(dependencies[m.clusterAPIServerCertKey].Contents[keyIndex].Data), + EtcdCaCert: string(dependencies[m.etcdCA].Contents[certIndex].Data), + EtcdClientCert: string(dependencies[m.etcdClientCertKey].Contents[certIndex].Data), + EtcdClientKey: string(dependencies[m.etcdClientCertKey].Contents[keyIndex].Data), + KubeCaCert: string(dependencies[m.kubeCA].Contents[certIndex].Data), + KubeCaKey: string(dependencies[m.kubeCA].Contents[keyIndex].Data), MachineConfigOperatorImage: "docker.io/openshift/origin-machine-config-operator:v4.0.0", - McsTLSCert: string(dependencies[o.adminCertKey].Contents[certIndex].Data), - McsTLSKey: string(dependencies[o.adminCertKey].Contents[keyIndex].Data), - OidcCaCert: string(dependencies[o.kubeCA].Contents[certIndex].Data), - OpenshiftApiserverCert: string(dependencies[o.openshiftAPIServerCertKey].Contents[certIndex].Data), - OpenshiftApiserverKey: string(dependencies[o.openshiftAPIServerCertKey].Contents[keyIndex].Data), - OpenshiftLoopbackKubeconfig: string(dependencies[o.kubeconfig].Contents[0].Data), + McsTLSCert: string(dependencies[m.adminCertKey].Contents[certIndex].Data), + McsTLSKey: string(dependencies[m.adminCertKey].Contents[keyIndex].Data), + OidcCaCert: string(dependencies[m.kubeCA].Contents[certIndex].Data), + OpenshiftApiserverCert: string(dependencies[m.openshiftAPIServerCertKey].Contents[certIndex].Data), + OpenshiftApiserverKey: string(dependencies[m.openshiftAPIServerCertKey].Contents[keyIndex].Data), + OpenshiftLoopbackKubeconfig: string(dependencies[m.kubeconfig].Contents[0].Data), PullSecret: string(ic.PullSecret), - RootCaCert: string(dependencies[o.rootCA].Contents[certIndex].Data), - ServiceaccountKey: string(dependencies[o.serviceAccountKeyPair].Contents[keyIndex].Data), - ServiceaccountPub: string(dependencies[o.serviceAccountKeyPair].Contents[certIndex].Data), - ServiceServingCaCert: string(dependencies[o.serviceServingCA].Contents[certIndex].Data), - ServiceServingCaKey: string(dependencies[o.serviceServingCA].Contents[keyIndex].Data), + RootCaCert: string(dependencies[m.rootCA].Contents[certIndex].Data), + ServiceaccountKey: string(dependencies[m.serviceAccountKeyPair].Contents[keyIndex].Data), + ServiceaccountPub: string(dependencies[m.serviceAccountKeyPair].Contents[certIndex].Data), + ServiceServingCaCert: string(dependencies[m.serviceServingCA].Contents[certIndex].Data), + ServiceServingCaKey: string(dependencies[m.serviceServingCA].Contents[keyIndex].Data), TectonicNetworkOperatorImage: "quay.io/coreos/tectonic-network-operator-dev:3b6952f5a1ba89bb32dd0630faddeaf2779c9a85", - WorkerIgnConfig: "", // FIXME: this means that depending on ignition assets (risk of cyclical dependencies) + WorkerIgnConfig: "", // FIXME: this means depending on ignition assets (risk of cyclical dependencies) } // belongs to machine api operator - data := applyTemplateData(content.ClusterApiserverCerts, templateData) + data := applyTemplateData(bootkube.ClusterApiserverCerts, templateData) assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "cluster-apiserver-certs.yaml"), Data: []byte(data)}) // machine api operator - data = applyTemplateData(content.IgnConfig, templateData) + data = applyTemplateData(bootkube.IgnConfig, templateData) assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "ign-config.yaml"), Data: []byte(data)}) // kco - data = applyTemplateData(content.KubeApiserverSecret, templateData) + data = applyTemplateData(bootkube.KubeApiserverSecret, templateData) assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "kube-apiserver-secret.yaml"), Data: []byte(data)}) // kco - data = applyTemplateData(content.KubeCloudConfig, templateData) + data = applyTemplateData(bootkube.KubeCloudConfig, templateData) assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "kube-cloud-config.yaml"), Data: []byte(data)}) // kco - data = applyTemplateData(content.KubeControllerManagerSecret, templateData) + data = applyTemplateData(bootkube.KubeControllerManagerSecret, templateData) assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "kube-controller-manager-secret.yaml"), Data: []byte(data)}) // mco - data = applyTemplateData(content.MachineConfigOperator03Deployment, templateData) + data = applyTemplateData(bootkube.MachineConfigOperator03Deployment, templateData) assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "machine-config-operator-03-deployment.yaml"), Data: []byte(data)}) // mco - data = applyTemplateData(content.MachineConfigServerTLSSecret, templateData) + data = applyTemplateData(bootkube.MachineConfigServerTLSSecret, templateData) assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "machine-config-server-tls-secret.yaml"), Data: []byte(data)}) // kube core - data = applyTemplateData(content.OpenshiftApiserverSecret, templateData) + data = applyTemplateData(bootkube.OpenshiftApiserverSecret, templateData) assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "openshift-apiserver-secret.yaml"), Data: []byte(data)}) // common - data = applyTemplateData(content.Pull, templateData) + data = applyTemplateData(bootkube.Pull, templateData) assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "pull.json"), Data: []byte(data)}) // network operator - data = applyTemplateData(content.TectonicNetworkOperator, templateData) + data = applyTemplateData(bootkube.TectonicNetworkOperator, templateData) assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "tectonic-network-operator.yaml"), Data: []byte(data)}) // common - assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "01-tectonic-namespace.yaml"), Data: []byte(content.TectonicNamespace)}) + assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "01-tectonic-namespace.yaml"), Data: []byte(bootkube.TectonicNamespace)}) // ingress - assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "02-ingress-namespace.yaml"), Data: []byte(content.IngressNamespace)}) + assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "02-ingress-namespace.yaml"), Data: []byte(bootkube.IngressNamespace)}) // kao - assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "03-openshift-web-console-namespace.yaml"), Data: []byte(content.OpenshiftWebConsoleNamespace)}) + assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "03-openshift-web-console-namespace.yaml"), Data: []byte(bootkube.OpenshiftWebConsoleNamespace)}) // mco - assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "openshift-machine-config-operator.yaml"), Data: []byte(content.OpenshiftMachineConfigOperator)}) + assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "openshift-machine-config-operator.yaml"), Data: []byte(bootkube.OpenshiftMachineConfigOperator)}) // machine api operator - assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "openshift-cluster-api-namespace.yaml"), Data: []byte(content.OpenshiftClusterAPINamespace)}) + assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "openshift-cluster-api-namespace.yaml"), Data: []byte(bootkube.OpenshiftClusterAPINamespace)}) // common - assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "app-version-kind.yaml"), Data: []byte(content.AppVersionKind)}) + assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "app-version-kind.yaml"), Data: []byte(bootkube.AppVersionKind)}) // cmacine api operator - assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "app-version-mao.yaml"), Data: []byte(content.AppVersionMao)}) + assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "app-version-mao.yaml"), Data: []byte(bootkube.AppVersionMao)}) // network - assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "app-version-tectonic-network.yaml"), Data: []byte(content.AppVersionTectonicNetwork)}) + assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "app-version-tectonic-network.yaml"), Data: []byte(bootkube.AppVersionTectonicNetwork)}) // machine api operator - assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "machine-api-operator.yaml"), Data: []byte(content.MachineAPIOperator)}) + assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "machine-api-operator.yaml"), Data: []byte(bootkube.MachineAPIOperator)}) // mco - assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "machine-config-operator-00-config-crd.yaml"), Data: []byte(content.MachineConfigOperator00ConfigCrd)}) - assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "machine-config-operator-01-images-configmap.yaml"), Data: []byte(content.MachineConfigOperator01ImagesConfigmap)}) - assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "machine-config-operator-02-rbac.yaml"), Data: []byte(content.MachineConfigOperator02Rbac)}) + assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "machine-config-operator-00-config-crd.yaml"), Data: []byte(bootkube.MachineConfigOperator00ConfigCrd)}) + assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "machine-config-operator-01-images-configmap.yaml"), Data: []byte(bootkube.MachineConfigOperator01ImagesConfigmap)}) + assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "machine-config-operator-02-rbac.yaml"), Data: []byte(bootkube.MachineConfigOperator02Rbac)}) // common/cvo - assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "operatorstatus-crd.yaml"), Data: []byte(content.OperatorstatusCrd)}) + assetContents = append(assetContents, asset.Content{Name: filepath.Join(manifestDir, "operatorstatus-crd.yaml"), Data: []byte(bootkube.OperatorstatusCrd)}) return assetContents } diff --git a/pkg/asset/manifests/template.go b/pkg/asset/manifests/template.go index 2b41f1ff0d2..a51b21a442b 100644 --- a/pkg/asset/manifests/template.go +++ b/pkg/asset/manifests/template.go @@ -1,6 +1,6 @@ package manifests -type templateData struct { +type bootkubeTemplateData struct { AggregatorCaCert string AggregatorCaKey string ApiserverCert string From dc4a94c558d4347f166d2f0ed58bf84ffd2e4f1b Mon Sep 17 00:00:00 2001 From: Rajat Chopra Date: Fri, 21 Sep 2018 14:15:46 -0400 Subject: [PATCH 2/2] asset/manifests: Create tectonic manifest files from templates. Tectonic is an asset as well --- cmd/openshift-install/main.go | 1 + pkg/asset/ignition/BUILD.bazel | 3 +- pkg/asset/manifests/BUILD.bazel | 8 ++ .../content/tectonic/ingress/BUILD.bazel | 12 +++ .../tectonic/ingress/cluster-config.go | 23 ++++ .../content/tectonic/ingress/pull.go | 23 ++++ .../content/tectonic/ingress/svc-account.go | 12 +++ .../content/tectonic/rbac/BUILD.bazel | 13 +++ .../content/tectonic/rbac/binding-admin.go | 22 ++++ .../tectonic/rbac/binding-discovery.go | 20 ++++ .../content/tectonic/rbac/role-admin.go | 17 +++ .../content/tectonic/rbac/role-user.go | 74 +++++++++++++ .../content/tectonic/secrets/BUILD.bazel | 12 +++ .../content/tectonic/secrets/ca-cert.go | 19 ++++ .../content/tectonic/secrets/ingress-tls.go | 21 ++++ .../content/tectonic/secrets/pull.go | 23 ++++ .../content/tectonic/security/BUILD.bazel | 8 ++ .../security/priviledged-scc-tectonic.go | 38 +++++++ .../content/tectonic/updater/BUILD.bazel | 11 ++ .../tectonic/updater/app-version-kind.go | 17 +++ .../tectonic/updater/appversions/BUILD.bazel | 13 +++ .../appversions/app-version-kube-addon.go | 22 ++++ .../appversions/app-version-kube-core.go | 20 ++++ .../app-version-tectonic-cluster.go | 24 +++++ .../app-version-tectonic-ingress.go | 21 ++++ .../tectonic/updater/migration-status-kind.go | 17 +++ .../tectonic/updater/operators/BUILD.bazel | 12 +++ .../updater/operators/kube-addon-operator.go | 62 +++++++++++ .../updater/operators/kube-core-operator.go | 65 +++++++++++ .../tectonic-ingress-controller-operator.go | 63 +++++++++++ pkg/asset/manifests/operators.go | 2 +- pkg/asset/manifests/stock.go | 12 +++ pkg/asset/manifests/tectonic.go | 102 ++++++++++++++++++ pkg/asset/manifests/template.go | 14 +++ 34 files changed, 823 insertions(+), 3 deletions(-) create mode 100644 pkg/asset/manifests/content/tectonic/ingress/BUILD.bazel create mode 100644 pkg/asset/manifests/content/tectonic/ingress/cluster-config.go create mode 100644 pkg/asset/manifests/content/tectonic/ingress/pull.go create mode 100644 pkg/asset/manifests/content/tectonic/ingress/svc-account.go create mode 100644 pkg/asset/manifests/content/tectonic/rbac/BUILD.bazel create mode 100644 pkg/asset/manifests/content/tectonic/rbac/binding-admin.go create mode 100644 pkg/asset/manifests/content/tectonic/rbac/binding-discovery.go create mode 100644 pkg/asset/manifests/content/tectonic/rbac/role-admin.go create mode 100644 pkg/asset/manifests/content/tectonic/rbac/role-user.go create mode 100644 pkg/asset/manifests/content/tectonic/secrets/BUILD.bazel create mode 100644 pkg/asset/manifests/content/tectonic/secrets/ca-cert.go create mode 100644 pkg/asset/manifests/content/tectonic/secrets/ingress-tls.go create mode 100644 pkg/asset/manifests/content/tectonic/secrets/pull.go create mode 100644 pkg/asset/manifests/content/tectonic/security/BUILD.bazel create mode 100644 pkg/asset/manifests/content/tectonic/security/priviledged-scc-tectonic.go create mode 100644 pkg/asset/manifests/content/tectonic/updater/BUILD.bazel create mode 100644 pkg/asset/manifests/content/tectonic/updater/app-version-kind.go create mode 100644 pkg/asset/manifests/content/tectonic/updater/appversions/BUILD.bazel create mode 100644 pkg/asset/manifests/content/tectonic/updater/appversions/app-version-kube-addon.go create mode 100644 pkg/asset/manifests/content/tectonic/updater/appversions/app-version-kube-core.go create mode 100644 pkg/asset/manifests/content/tectonic/updater/appversions/app-version-tectonic-cluster.go create mode 100644 pkg/asset/manifests/content/tectonic/updater/appversions/app-version-tectonic-ingress.go create mode 100644 pkg/asset/manifests/content/tectonic/updater/migration-status-kind.go create mode 100644 pkg/asset/manifests/content/tectonic/updater/operators/BUILD.bazel create mode 100644 pkg/asset/manifests/content/tectonic/updater/operators/kube-addon-operator.go create mode 100644 pkg/asset/manifests/content/tectonic/updater/operators/kube-core-operator.go create mode 100644 pkg/asset/manifests/content/tectonic/updater/operators/tectonic-ingress-controller-operator.go create mode 100644 pkg/asset/manifests/tectonic.go diff --git a/cmd/openshift-install/main.go b/cmd/openshift-install/main.go index 59071369a00..b97964c67a6 100644 --- a/cmd/openshift-install/main.go +++ b/cmd/openshift-install/main.go @@ -37,6 +37,7 @@ func main() { case manifestsCommand.FullCommand(): targetAssets = []asset.Asset{ assetStock.Manifests(), + assetStock.Tectonic(), } } diff --git a/pkg/asset/ignition/BUILD.bazel b/pkg/asset/ignition/BUILD.bazel index 778b4edbf78..8b9ebf728e6 100644 --- a/pkg/asset/ignition/BUILD.bazel +++ b/pkg/asset/ignition/BUILD.bazel @@ -17,6 +17,7 @@ go_library( "//pkg/asset/ignition/content:go_default_library", "//pkg/asset/installconfig:go_default_library", "//pkg/asset/kubeconfig:go_default_library", + "//pkg/asset/manifests:go_default_library", "//pkg/asset/tls:go_default_library", "//pkg/types:go_default_library", "//vendor/github.com/coreos/ignition/config/util:go_default_library", @@ -28,7 +29,6 @@ go_library( go_test( name = "go_default_test", srcs = [ - "bootstrap_test.go", "master_test.go", "testasset_test.go", "testutils_test.go", @@ -37,7 +37,6 @@ go_test( embed = [":go_default_library"], deps = [ "//pkg/asset:go_default_library", - "//pkg/asset/ignition/content:go_default_library", "//vendor/github.com/stretchr/testify/assert:go_default_library", "//vendor/github.com/vincent-petithory/dataurl:go_default_library", ], diff --git a/pkg/asset/manifests/BUILD.bazel b/pkg/asset/manifests/BUILD.bazel index b0d0616d7e7..bdcdf4c9776 100644 --- a/pkg/asset/manifests/BUILD.bazel +++ b/pkg/asset/manifests/BUILD.bazel @@ -9,6 +9,7 @@ go_library( "network-operator.go", "operators.go", "stock.go", + "tectonic.go", "template.go", "utils.go", ], @@ -19,6 +20,13 @@ go_library( "//pkg/asset/installconfig:go_default_library", "//pkg/asset/kubeconfig:go_default_library", "//pkg/asset/manifests/content/bootkube:go_default_library", + "//pkg/asset/manifests/content/tectonic/ingress:go_default_library", + "//pkg/asset/manifests/content/tectonic/rbac:go_default_library", + "//pkg/asset/manifests/content/tectonic/secrets:go_default_library", + "//pkg/asset/manifests/content/tectonic/security:go_default_library", + "//pkg/asset/manifests/content/tectonic/updater:go_default_library", + "//pkg/asset/manifests/content/tectonic/updater/appversions:go_default_library", + "//pkg/asset/manifests/content/tectonic/updater/operators:go_default_library", "//pkg/asset/tls:go_default_library", "//pkg/rhcos:go_default_library", "//pkg/types:go_default_library", diff --git a/pkg/asset/manifests/content/tectonic/ingress/BUILD.bazel b/pkg/asset/manifests/content/tectonic/ingress/BUILD.bazel new file mode 100644 index 00000000000..5a2407d61a4 --- /dev/null +++ b/pkg/asset/manifests/content/tectonic/ingress/BUILD.bazel @@ -0,0 +1,12 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") + +go_library( + name = "go_default_library", + srcs = [ + "cluster-config.go", + "pull.go", + "svc-account.go", + ], + importpath = "github.com/openshift/installer/pkg/asset/manifests/content/tectonic/ingress", + visibility = ["//visibility:public"], +) diff --git a/pkg/asset/manifests/content/tectonic/ingress/cluster-config.go b/pkg/asset/manifests/content/tectonic/ingress/cluster-config.go new file mode 100644 index 00000000000..aff7522fc3a --- /dev/null +++ b/pkg/asset/manifests/content/tectonic/ingress/cluster-config.go @@ -0,0 +1,23 @@ +package ingress + +import ( + "text/template" +) + +var ( + // ClusterConfig is the variable/constant representing the contents of the respective file + ClusterConfig = template.Must(template.New("cluster-config.yaml").Parse(` +apiVersion: v1 +kind: ConfigMap +metadata: + name: cluster-config-v1 + namespace: openshift-ingress +data: + ingress-config: | + apiVersion: v1 + kind: TectonicIngressOperatorConfig + type: {{.IngressKind}} + statsPassword: {{.IngressStatusPassword}} + statsUsername: admin +`)) +) diff --git a/pkg/asset/manifests/content/tectonic/ingress/pull.go b/pkg/asset/manifests/content/tectonic/ingress/pull.go new file mode 100644 index 00000000000..d0987ba2550 --- /dev/null +++ b/pkg/asset/manifests/content/tectonic/ingress/pull.go @@ -0,0 +1,23 @@ +package ingress + +import ( + "text/template" +) + +var ( + // Pull is the variable/constant representing the contents of the respective file + Pull = template.Must(template.New("pull.json").Parse(` +{ + "apiVersion": "v1", + "kind": "Secret", + "type": "kubernetes.io/dockerconfigjson", + "metadata": { + "namespace": "openshift-ingress", + "name": "coreos-pull-secret" + }, + "data": { + ".dockerconfigjson": "{{.PullSecret}}" + } +} +`)) +) diff --git a/pkg/asset/manifests/content/tectonic/ingress/svc-account.go b/pkg/asset/manifests/content/tectonic/ingress/svc-account.go new file mode 100644 index 00000000000..5d979fc16b4 --- /dev/null +++ b/pkg/asset/manifests/content/tectonic/ingress/svc-account.go @@ -0,0 +1,12 @@ +package ingress + +const ( + // SvcAccount is the variable/constant representing the contents of the respective file + SvcAccount = ` +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tectonic-ingress-controller-operator + namespace: openshift-ingress +` +) diff --git a/pkg/asset/manifests/content/tectonic/rbac/BUILD.bazel b/pkg/asset/manifests/content/tectonic/rbac/BUILD.bazel new file mode 100644 index 00000000000..126e4729c48 --- /dev/null +++ b/pkg/asset/manifests/content/tectonic/rbac/BUILD.bazel @@ -0,0 +1,13 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") + +go_library( + name = "go_default_library", + srcs = [ + "binding-admin.go", + "binding-discovery.go", + "role-admin.go", + "role-user.go", + ], + importpath = "github.com/openshift/installer/pkg/asset/manifests/content/tectonic/rbac", + visibility = ["//visibility:public"], +) diff --git a/pkg/asset/manifests/content/tectonic/rbac/binding-admin.go b/pkg/asset/manifests/content/tectonic/rbac/binding-admin.go new file mode 100644 index 00000000000..c6a4b2945b9 --- /dev/null +++ b/pkg/asset/manifests/content/tectonic/rbac/binding-admin.go @@ -0,0 +1,22 @@ +package rbac + +const ( + // BindingAdmin is the variable/constant representing the contents of the respective file + BindingAdmin = ` +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: admin-user +subjects: + - kind: ServiceAccount + namespace: tectonic-system + name: default + - kind: ServiceAccount + namespace: openshift-ingress + name: tectonic-ingress-controller-operator +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io +` +) diff --git a/pkg/asset/manifests/content/tectonic/rbac/binding-discovery.go b/pkg/asset/manifests/content/tectonic/rbac/binding-discovery.go new file mode 100644 index 00000000000..fbd2d19a5e5 --- /dev/null +++ b/pkg/asset/manifests/content/tectonic/rbac/binding-discovery.go @@ -0,0 +1,20 @@ +package rbac + +const ( + // BindingDiscovery is the variable/constant representing the contents of the respective file + BindingDiscovery = ` +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: discovery +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:discovery +subjects: +- kind: Group + name: 'system:unauthenticated' +- kind: Group + name: 'system:authenticated' +` +) diff --git a/pkg/asset/manifests/content/tectonic/rbac/role-admin.go b/pkg/asset/manifests/content/tectonic/rbac/role-admin.go new file mode 100644 index 00000000000..2cb3690eb11 --- /dev/null +++ b/pkg/asset/manifests/content/tectonic/rbac/role-admin.go @@ -0,0 +1,17 @@ +package rbac + +const ( + // RoleAdmin is the variable/constant representing the contents of the respective file + RoleAdmin = ` +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: admin +rules: + - apiGroups: ["*"] + resources: ["*"] + verbs: ["*"] + - nonResourceURLs: ["*"] + verbs: ["*"] +` +) diff --git a/pkg/asset/manifests/content/tectonic/rbac/role-user.go b/pkg/asset/manifests/content/tectonic/rbac/role-user.go new file mode 100644 index 00000000000..d9d30816459 --- /dev/null +++ b/pkg/asset/manifests/content/tectonic/rbac/role-user.go @@ -0,0 +1,74 @@ +package rbac + +const ( + // RoleUser is the variable/constant representing the contents of the respective file + RoleUser = ` +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: user +rules: + - apiGroups: [""] + resources: [ + "bindings", "configmaps", "events", "pods", "replicationcontrollers", + "secrets", "services", "serviceaccounts", + "pods/attach", + "pods/binding", + "pods/exec", + "pods/log", + "pods/portforward", + "pods/proxy", + "pods/status", + "replicationcontrollers/scale", + "replicationcontrollers/status", + "services/proxy", + "services/status" + ] + verbs: ["*"] + nonResourceURLs: [] + + - apiGroups: [""] + resources: [ + "componentstatuses", "endpoints", "limitranges", "nodes", "nodes/proxy", "nodes/status", + "namespaces", "namespaces/status", "namespaces/finalize", + "persistentvolumeclaims", "persistentvolumeclaims/status", "persistentvolumes", "resourcequotas", + "resourcequotas/status" + ] + verbs: ["get", "list", "watch", "proxy", "redirect"] + nonResourceURLs: [] + + - apiGroups: ["apps", "batch", "autoscaling", "policy"] + resources: ["*"] + verbs: ["*"] + nonResourceURLs: [] + + - apiGroups: ["extensions"] + resources: [ + "daemonsets", "deployments", "horizontalpodautoscalers", "ingresses", + "jobs", "replicasets", "replicationcontrollers", + + "daemonsets/status", + "deployments/rollback", + "deployments/scale", + "deployments/status", + "horizontalpodautoscalers/status", + "ingresses/status", + "jobs/status", + "replicasets/scale", + "replicasets/status", + "replicationcontrollers/scale" + ] + verbs: ["*"] + nonResourceURLs: [] + + - apiGroups: ["extensions"] + resources: ["networkpolicies", "thirdpartyresources"] + verbs: ["get", "list", "watch", "proxy", "redirect"] + nonResourceURLs: [] + + - apiGroups: ["rbac.authorization.k8s.io"] + resources: ["*"] + verbs: ["get", "list", "watch", "proxy", "redirect"] + nonResourceURLs: [] +` +) diff --git a/pkg/asset/manifests/content/tectonic/secrets/BUILD.bazel b/pkg/asset/manifests/content/tectonic/secrets/BUILD.bazel new file mode 100644 index 00000000000..e6d51f8e086 --- /dev/null +++ b/pkg/asset/manifests/content/tectonic/secrets/BUILD.bazel @@ -0,0 +1,12 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") + +go_library( + name = "go_default_library", + srcs = [ + "ca-cert.go", + "ingress-tls.go", + "pull.go", + ], + importpath = "github.com/openshift/installer/pkg/asset/manifests/content/tectonic/secrets", + visibility = ["//visibility:public"], +) diff --git a/pkg/asset/manifests/content/tectonic/secrets/ca-cert.go b/pkg/asset/manifests/content/tectonic/secrets/ca-cert.go new file mode 100644 index 00000000000..a4c45946aa6 --- /dev/null +++ b/pkg/asset/manifests/content/tectonic/secrets/ca-cert.go @@ -0,0 +1,19 @@ +package secrets + +import ( + "text/template" +) + +var ( + // CaCert is the variable/constant representing the contents of the respective file + CaCert = template.Must(template.New("ca-cert.yaml").Parse(` +apiVersion: v1 +kind: Secret +metadata: + name: tectonic-ca-cert-secret + namespace: tectonic-system +type: Opaque +data: + ca-cert: {{.IngressCaCert}} +`)) +) diff --git a/pkg/asset/manifests/content/tectonic/secrets/ingress-tls.go b/pkg/asset/manifests/content/tectonic/secrets/ingress-tls.go new file mode 100644 index 00000000000..e875b022719 --- /dev/null +++ b/pkg/asset/manifests/content/tectonic/secrets/ingress-tls.go @@ -0,0 +1,21 @@ +package secrets + +import ( + "text/template" +) + +var ( + // IngressTLS is the variable/constant representing the contents of the respective file + IngressTLS = template.Must(template.New("ingress-tls.yaml").Parse(` +apiVersion: v1 +kind: Secret +metadata: + name: tectonic-ingress-tls + namespace: openshift-ingress +type: Opaque +data: + tls.crt: {{.IngressTLSCert}} + tls.key: {{.IngressTLSKey}} + bundle.crt: {{.IngressTLSBundle}} +`)) +) diff --git a/pkg/asset/manifests/content/tectonic/secrets/pull.go b/pkg/asset/manifests/content/tectonic/secrets/pull.go new file mode 100644 index 00000000000..be6e104988e --- /dev/null +++ b/pkg/asset/manifests/content/tectonic/secrets/pull.go @@ -0,0 +1,23 @@ +package secrets + +import ( + "text/template" +) + +var ( + // Pull is the variable/constant representing the contents of the respective file + Pull = template.Must(template.New("pull.json").Parse(` +{ + "apiVersion": "v1", + "kind": "Secret", + "type": "kubernetes.io/dockerconfigjson", + "metadata": { + "namespace": "tectonic-system", + "name": "coreos-pull-secret" + }, + "data": { + ".dockerconfigjson": "{{.PullSecret}}" + } +} +`)) +) diff --git a/pkg/asset/manifests/content/tectonic/security/BUILD.bazel b/pkg/asset/manifests/content/tectonic/security/BUILD.bazel new file mode 100644 index 00000000000..97bb9433685 --- /dev/null +++ b/pkg/asset/manifests/content/tectonic/security/BUILD.bazel @@ -0,0 +1,8 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") + +go_library( + name = "go_default_library", + srcs = ["priviledged-scc-tectonic.go"], + importpath = "github.com/openshift/installer/pkg/asset/manifests/content/tectonic/security", + visibility = ["//visibility:public"], +) diff --git a/pkg/asset/manifests/content/tectonic/security/priviledged-scc-tectonic.go b/pkg/asset/manifests/content/tectonic/security/priviledged-scc-tectonic.go new file mode 100644 index 00000000000..bd8cae82c38 --- /dev/null +++ b/pkg/asset/manifests/content/tectonic/security/priviledged-scc-tectonic.go @@ -0,0 +1,38 @@ +package security + +const ( + // PriviledgedSccTectonic is the variable/constant representing the contents of the respective file + PriviledgedSccTectonic = ` +apiVersion: security.openshift.io/v1 +kind: SecurityContextConstraints +metadata: + annotations: + kubernetes.io/description: "privileged-tectonic temporarily for running tectonic assets." + name: privileged-tectonic +allowHostDirVolumePlugin: true +allowHostIPC: true +allowHostNetwork: true +allowHostPID: true +allowHostPorts: true +allowPrivilegedContainer: true +allowedCapabilities: +- "*" +fsGroup: + type: RunAsAny +groups: +- system:serviceaccounts:tectonic-system +- system:serviceaccounts:openshift-ingress +readOnlyRootFilesystem: false +runAsUser: + type: RunAsAny +seLinuxContext: + type: RunAsAny +seccompProfiles: +- "*" +supplementalGroups: + type: RunAsAny +users: [] +volumes: +- "*" +` +) diff --git a/pkg/asset/manifests/content/tectonic/updater/BUILD.bazel b/pkg/asset/manifests/content/tectonic/updater/BUILD.bazel new file mode 100644 index 00000000000..5c56adde9bd --- /dev/null +++ b/pkg/asset/manifests/content/tectonic/updater/BUILD.bazel @@ -0,0 +1,11 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") + +go_library( + name = "go_default_library", + srcs = [ + "app-version-kind.go", + "migration-status-kind.go", + ], + importpath = "github.com/openshift/installer/pkg/asset/manifests/content/tectonic/updater", + visibility = ["//visibility:public"], +) diff --git a/pkg/asset/manifests/content/tectonic/updater/app-version-kind.go b/pkg/asset/manifests/content/tectonic/updater/app-version-kind.go new file mode 100644 index 00000000000..6b391526a10 --- /dev/null +++ b/pkg/asset/manifests/content/tectonic/updater/app-version-kind.go @@ -0,0 +1,17 @@ +package updater + +const ( + // AppVersionKind is the variable/constant representing the contents of the respective file + AppVersionKind = ` +apiVersion: "apiextensions.k8s.io/v1beta1" +kind: "CustomResourceDefinition" +metadata: + name: "appversions.tco.coreos.com" +spec: + group: "tco.coreos.com" + version: "v1" + names: + plural: "appversions" + kind: "AppVersion" + ` +) diff --git a/pkg/asset/manifests/content/tectonic/updater/appversions/BUILD.bazel b/pkg/asset/manifests/content/tectonic/updater/appversions/BUILD.bazel new file mode 100644 index 00000000000..a5c4c8af60c --- /dev/null +++ b/pkg/asset/manifests/content/tectonic/updater/appversions/BUILD.bazel @@ -0,0 +1,13 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") + +go_library( + name = "go_default_library", + srcs = [ + "app-version-kube-addon.go", + "app-version-kube-core.go", + "app-version-tectonic-cluster.go", + "app-version-tectonic-ingress.go", + ], + importpath = "github.com/openshift/installer/pkg/asset/manifests/content/tectonic/updater/appversions", + visibility = ["//visibility:public"], +) diff --git a/pkg/asset/manifests/content/tectonic/updater/appversions/app-version-kube-addon.go b/pkg/asset/manifests/content/tectonic/updater/appversions/app-version-kube-addon.go new file mode 100644 index 00000000000..cdb012284bc --- /dev/null +++ b/pkg/asset/manifests/content/tectonic/updater/appversions/app-version-kube-addon.go @@ -0,0 +1,22 @@ +package appversions + +const ( + // AppVersionKubeAddon is the variable/constant representing the contents of the respective file + AppVersionKubeAddon = ` +apiVersion: tco.coreos.com/v1 +kind: AppVersion +metadata: + name: kube-addon + namespace: tectonic-system + labels: + managed-by-channel-operator: "true" +spec: + desiredVersion: + paused: false +status: + currentVersion: + paused: false +upgradereq: 1 +upgradecomp: 0 +` +) diff --git a/pkg/asset/manifests/content/tectonic/updater/appversions/app-version-kube-core.go b/pkg/asset/manifests/content/tectonic/updater/appversions/app-version-kube-core.go new file mode 100644 index 00000000000..7d5f14d475a --- /dev/null +++ b/pkg/asset/manifests/content/tectonic/updater/appversions/app-version-kube-core.go @@ -0,0 +1,20 @@ +package appversions + +const ( + // AppVersionKubeCore is the variable/constant representing the contents of the respective file + AppVersionKubeCore = ` +apiVersion: tco.coreos.com/v1 +kind: AppVersion +metadata: + name: kube-core + namespace: tectonic-system + labels: + managed-by-channel-operator: "true" +spec: + paused: false +status: + paused: false +upgradereq: 0 +upgradecomp: 0 +` +) diff --git a/pkg/asset/manifests/content/tectonic/updater/appversions/app-version-tectonic-cluster.go b/pkg/asset/manifests/content/tectonic/updater/appversions/app-version-tectonic-cluster.go new file mode 100644 index 00000000000..05de50302ac --- /dev/null +++ b/pkg/asset/manifests/content/tectonic/updater/appversions/app-version-tectonic-cluster.go @@ -0,0 +1,24 @@ +package appversions + +import ( + "text/template" +) + +var ( + // AppVersionTectonicCluster is the variable/constant representing the contents of the respective file + AppVersionTectonicCluster = template.Must(template.New("app-version-tectonic-cluster.yaml").Parse(` +apiVersion: tco.coreos.com/v1 +kind: AppVersion +metadata: + name: tectonic-cluster + namespace: tectonic-system + labels: + managed-by-channel-operator: "true" +spec: + desiredVersion: {{.TectonicVersion}} + paused: false +status: + currentVersion: {{.TectonicVersion}} + paused: false + `)) +) diff --git a/pkg/asset/manifests/content/tectonic/updater/appversions/app-version-tectonic-ingress.go b/pkg/asset/manifests/content/tectonic/updater/appversions/app-version-tectonic-ingress.go new file mode 100644 index 00000000000..055c70311bb --- /dev/null +++ b/pkg/asset/manifests/content/tectonic/updater/appversions/app-version-tectonic-ingress.go @@ -0,0 +1,21 @@ +package appversions + +const ( + // AppVersionTectonicIngress is the variable/constant representing the contents of the respective file + AppVersionTectonicIngress = ` +apiVersion: tco.coreos.com/v1 +kind: AppVersion +metadata: + name: tectonic-ingress + namespace: tectonic-system + labels: + managed-by-channel-operator: "true" +spec: + desiredVersion: + paused: false +status: + paused: false +upgradereq: 1 +upgradecomp: 0 +` +) diff --git a/pkg/asset/manifests/content/tectonic/updater/migration-status-kind.go b/pkg/asset/manifests/content/tectonic/updater/migration-status-kind.go new file mode 100644 index 00000000000..87344ac1f53 --- /dev/null +++ b/pkg/asset/manifests/content/tectonic/updater/migration-status-kind.go @@ -0,0 +1,17 @@ +package updater + +const ( + // MigrationStatusKind is the variable/constant representing the contents of the respective file + MigrationStatusKind = ` +apiVersion: "apiextensions.k8s.io/v1beta1" +kind: "CustomResourceDefinition" +metadata: + name: "migrationstatuses.kvo.coreos.com" +spec: + group: "kvo.coreos.com" + version: "v1" + names: + plural: "migrationstatuses" + kind: "MigrationStatus" + ` +) diff --git a/pkg/asset/manifests/content/tectonic/updater/operators/BUILD.bazel b/pkg/asset/manifests/content/tectonic/updater/operators/BUILD.bazel new file mode 100644 index 00000000000..ad5eeeedd75 --- /dev/null +++ b/pkg/asset/manifests/content/tectonic/updater/operators/BUILD.bazel @@ -0,0 +1,12 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_library") + +go_library( + name = "go_default_library", + srcs = [ + "kube-addon-operator.go", + "kube-core-operator.go", + "tectonic-ingress-controller-operator.go", + ], + importpath = "github.com/openshift/installer/pkg/asset/manifests/content/tectonic/updater/operators", + visibility = ["//visibility:public"], +) diff --git a/pkg/asset/manifests/content/tectonic/updater/operators/kube-addon-operator.go b/pkg/asset/manifests/content/tectonic/updater/operators/kube-addon-operator.go new file mode 100644 index 00000000000..a33ef49a57b --- /dev/null +++ b/pkg/asset/manifests/content/tectonic/updater/operators/kube-addon-operator.go @@ -0,0 +1,62 @@ +package operators + +import ( + "text/template" +) + +var ( + // KubeAddonOperator is the variable/constant representing the contents of the respective file + KubeAddonOperator = template.Must(template.New("kube-addon-operator.yaml").Parse(` +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: kube-addon-operator + namespace: tectonic-system + labels: + k8s-app: kube-addon-operator + managed-by-channel-operator: "true" +spec: + replicas: 1 + selector: + matchLabels: + k8s-app: kube-addon-operator + template: + metadata: + labels: + k8s-app: kube-addon-operator + tectonic-app-version-name: kube-addon + spec: + containers: + - name: kube-addon-operator + image: {{.KubeAddonOperatorImage}} + resources: + limits: + cpu: 20m + memory: 50Mi + requests: + cpu: 20m + memory: 50Mi + volumeMounts: + - name: cluster-config + mountPath: /etc/cluster-config + imagePullSecrets: + - name: coreos-pull-secret + nodeSelector: + node-role.kubernetes.io/master: "" + restartPolicy: Always + securityContext: + runAsNonRoot: true + runAsUser: 65534 + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" + volumes: + - name: cluster-config + configMap: + name: cluster-config-v1 + items: + - key: addon-config + path: addon-config +`)) +) diff --git a/pkg/asset/manifests/content/tectonic/updater/operators/kube-core-operator.go b/pkg/asset/manifests/content/tectonic/updater/operators/kube-core-operator.go new file mode 100644 index 00000000000..d6d95e759d1 --- /dev/null +++ b/pkg/asset/manifests/content/tectonic/updater/operators/kube-core-operator.go @@ -0,0 +1,65 @@ +package operators + +import ( + "text/template" +) + +var ( + // KubeCoreOperator is the variable/constant representing the contents of the respective file + KubeCoreOperator = template.Must(template.New("kube-core-operator.yaml").Parse(` +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: kube-core-operator + namespace: kube-system + labels: + k8s-app: kube-core-operator + managed-by-channel-operator: "true" +spec: + replicas: 1 + selector: + matchLabels: + k8s-app: kube-core-operator + template: + metadata: + labels: + k8s-app: kube-core-operator + tectonic-app-version-name: kube-core + spec: + containers: + - name: kube-core-operator + image: {{.KubeCoreOperatorImage}} + imagePullPolicy: Always + args: + - --config=/etc/cluster-config/kco-config.yaml + resources: + limits: + cpu: 20m + memory: 50Mi + requests: + cpu: 20m + memory: 50Mi + volumeMounts: + - name: cluster-config + mountPath: /etc/cluster-config + imagePullSecrets: + - name: coreos-pull-secret + nodeSelector: + node-role.kubernetes.io/master: "" + restartPolicy: Always + securityContext: + runAsNonRoot: true + runAsUser: 65534 + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" + volumes: + - name: cluster-config + configMap: + name: cluster-config-v1 + items: + - key: kco-config + path: kco-config.yaml +`)) +) diff --git a/pkg/asset/manifests/content/tectonic/updater/operators/tectonic-ingress-controller-operator.go b/pkg/asset/manifests/content/tectonic/updater/operators/tectonic-ingress-controller-operator.go new file mode 100644 index 00000000000..498bfeca87e --- /dev/null +++ b/pkg/asset/manifests/content/tectonic/updater/operators/tectonic-ingress-controller-operator.go @@ -0,0 +1,63 @@ +package operators + +import ( + "text/template" +) + +var ( + // TectonicIngressControllerOperator is the variable/constant representing the contents of the respective file + TectonicIngressControllerOperator = template.Must(template.New("tectonic-ingress-controller-operator.yaml").Parse(` +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: tectonic-ingress-controller-operator + namespace: openshift-ingress + labels: + k8s-app: tectonic-ingress-controller-operator + managed-by-channel-operator: "true" +spec: + replicas: 1 + selector: + matchLabels: + k8s-app: tectonic-ingress-controller-operator + template: + metadata: + labels: + k8s-app: tectonic-ingress-controller-operator + tectonic-app-version-name: tectonic-ingress + spec: + containers: + - name: tectonic-ingress-controller-operator + image: {{.TectonicIngressControllerOperatorImage}} + resources: + limits: + cpu: 20m + memory: 50Mi + requests: + cpu: 20m + memory: 50Mi + volumeMounts: + - name: cluster-config + mountPath: /etc/cluster-config + imagePullSecrets: + - name: coreos-pull-secret + nodeSelector: + node-role.kubernetes.io/master: "" + restartPolicy: Always + securityContext: + runAsNonRoot: true + runAsUser: 65534 + serviceAccount: tectonic-ingress-controller-operator + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" + volumes: + - name: cluster-config + configMap: + name: cluster-config-v1 + items: + - key: ingress-config + path: ingress-config +`)) +) diff --git a/pkg/asset/manifests/operators.go b/pkg/asset/manifests/operators.go index 59a5365435d..795ca0247b7 100644 --- a/pkg/asset/manifests/operators.go +++ b/pkg/asset/manifests/operators.go @@ -57,6 +57,7 @@ func (m *manifests) Dependencies() []asset.Asset { m.assetStock.NetworkOperator(), m.assetStock.KubeAddonOperator(), m.assetStock.Mao(), + m.assetStock.Tectonic(), m.rootCA, m.etcdCA, m.ingressCertKey, @@ -70,7 +71,6 @@ func (m *manifests) Dependencies() []asset.Asset { m.apiServerProxyCertKey, m.adminCertKey, m.kubeletCertKey, - m.tncCertKey, m.serviceAccountKeyPair, m.kubeconfig, } diff --git a/pkg/asset/manifests/stock.go b/pkg/asset/manifests/stock.go index d8a40e16751..96aee2fbe84 100644 --- a/pkg/asset/manifests/stock.go +++ b/pkg/asset/manifests/stock.go @@ -26,6 +26,9 @@ type Stock interface { // Mao returns the machine api operator asset object Mao() asset.Asset + + // Tectonic returns the tectonic manfests asset object + Tectonic() asset.Asset } // StockImpl implements the Stock interface for manifests @@ -36,6 +39,7 @@ type StockImpl struct { networkOperator asset.Asset addonOperator asset.Asset mao asset.Asset + tectonic asset.Asset } var _ Stock = (*StockImpl)(nil) @@ -75,6 +79,11 @@ func (s *StockImpl) EstablishStock(stock installconfig.Stock, tlsStock tls.Stock installConfigAsset: stock.InstallConfig(), aggregatorCA: tlsStock.AggregatorCA(), } + s.tectonic = &tectonic{ + installConfig: stock.InstallConfig(), + ingressCertKey: tlsStock.IngressCertKey(), + kubeCA: tlsStock.KubeCA(), + } // TODO: //s.clusterVersionOperator = &clusterVersionOperator{} } @@ -96,3 +105,6 @@ func (s *StockImpl) KubeAddonOperator() asset.Asset { return s.addonOperator } // Mao returns the machine API operator asset object func (s *StockImpl) Mao() asset.Asset { return s.mao } + +// Tectonic returns the tectonic manifests asset object +func (s *StockImpl) Tectonic() asset.Asset { return s.tectonic } diff --git a/pkg/asset/manifests/tectonic.go b/pkg/asset/manifests/tectonic.go new file mode 100644 index 00000000000..8073bec66f2 --- /dev/null +++ b/pkg/asset/manifests/tectonic.go @@ -0,0 +1,102 @@ +package manifests + +import ( + "path/filepath" + + "github.com/openshift/installer/pkg/asset" + "github.com/openshift/installer/pkg/asset/installconfig" + "github.com/openshift/installer/pkg/asset/manifests/content/tectonic/ingress" + "github.com/openshift/installer/pkg/asset/manifests/content/tectonic/rbac" + "github.com/openshift/installer/pkg/asset/manifests/content/tectonic/secrets" + "github.com/openshift/installer/pkg/asset/manifests/content/tectonic/security" + "github.com/openshift/installer/pkg/asset/manifests/content/tectonic/updater" + "github.com/openshift/installer/pkg/asset/manifests/content/tectonic/updater/appversions" + "github.com/openshift/installer/pkg/asset/manifests/content/tectonic/updater/operators" +) + +// tectonic generates the dependent resource manifests for tectonic (as against bootkube) +type tectonic struct { + installConfig asset.Asset + ingressCertKey asset.Asset + kubeCA asset.Asset +} + +var _ asset.Asset = (*tectonic)(nil) + +// Name returns a human friendly name for the operator +func (t *tectonic) Name() string { + return "Tectonic Manifests" +} + +// Dependencies returns all of the dependencies directly needed by the +// tectonic asset +func (t *tectonic) Dependencies() []asset.Asset { + return []asset.Asset{ + t.installConfig, + t.ingressCertKey, + t.kubeCA, + } +} + +// Generate generates the respective operator config.yml files +func (t *tectonic) Generate(dependencies map[asset.Asset]*asset.State) (*asset.State, error) { + ic, err := installconfig.GetInstallConfig(t.installConfig, dependencies) + if err != nil { + return nil, err + } + manifestDir := "tectonic" + assetContents := make([]asset.Content, 0) + + ingressContents := dependencies[t.ingressCertKey].Contents + templateData := &tectonicTemplateData{ + IngressCaCert: string(dependencies[t.kubeCA].Contents[certIndex].Data), + IngressKind: "haproxy-router", + IngressStatusPassword: ic.Admin.Password, // FIXME: generate a new random one instead? + IngressTLSBundle: string(ingressContents[certIndex].Data), + IngressTLSCert: string(ingressContents[certIndex].Data), + IngressTLSKey: string(ingressContents[keyIndex].Data), + KubeAddonOperatorImage: "quay.io/coreos/kube-addon-operator-dev:3b6952f5a1ba89bb32dd0630faddeaf2779c9a85", + KubeCoreOperatorImage: "quay.io/coreos/kube-core-operator-dev:3b6952f5a1ba89bb32dd0630faddeaf2779c9a85", + PullSecret: ic.PullSecret, + TectonicIngressControllerOperatorImage: "quay.io/coreos/tectonic-ingress-controller-operator-dev:3b6952f5a1ba89bb32dd0630faddeaf2779c9a85", + TectonicVersion: "1.8.4-tectonic.2", + } + + assetContentMap := map[string]string{ + // template files + "secrets/ingress-tls.yaml": applyTemplateData(secrets.IngressTLS, templateData), + "secrets/ca-cert.yaml": applyTemplateData(secrets.CaCert, templateData), + "secrets/pull.json": applyTemplateData(secrets.Pull, templateData), + "updater/operators/tectonic-ingress-controller-operator.yaml": applyTemplateData(operators.TectonicIngressControllerOperator, templateData), + "updater/operators/kube-addon-operator.yaml": applyTemplateData(operators.KubeAddonOperator, templateData), + "updater/operators/kube-core-operator.yaml": applyTemplateData(operators.KubeCoreOperator, templateData), + "updater/app_versions/app-version-tectonic-cluster.yaml": applyTemplateData(appversions.AppVersionTectonicCluster, templateData), + "ingress/pull.json": applyTemplateData(ingress.Pull, templateData), + "ingress/cluster-config.yaml": applyTemplateData(ingress.ClusterConfig, templateData), + + // constant files + "security/priviledged-scc-tectonic.yaml": security.PriviledgedSccTectonic, + "rbac/role-admin.yaml": rbac.RoleAdmin, + "rbac/binding-admin.yaml": rbac.BindingAdmin, + "rbac/binding-discovery.yaml": rbac.BindingDiscovery, + "rbac/role-user.yaml": rbac.RoleUser, + "updater/migration-status-kind.yaml": updater.MigrationStatusKind, + "updater/app_versions/app-version-kube-addon.yaml": appversions.AppVersionKubeAddon, + "updater/app_versions/app-version-tectonic-ingress.yaml": appversions.AppVersionTectonicIngress, + "updater/app_versions/app-version-kube-core.yaml": appversions.AppVersionKubeCore, + "updater/app-version-kind.yaml": updater.AppVersionKind, + "ingress/svc-account.yaml": ingress.SvcAccount, + } + + for k, v := range assetContentMap { + assetContent := asset.Content{ + Name: filepath.Join(manifestDir, k), + Data: []byte(v), + } + assetContents = append(assetContents, assetContent) + } + state := &asset.State{ + Contents: assetContents, + } + return state, nil +} diff --git a/pkg/asset/manifests/template.go b/pkg/asset/manifests/template.go index a51b21a442b..ca2a864ac58 100644 --- a/pkg/asset/manifests/template.go +++ b/pkg/asset/manifests/template.go @@ -31,3 +31,17 @@ type bootkubeTemplateData struct { TectonicNetworkOperatorImage string WorkerIgnConfig string } + +type tectonicTemplateData struct { + IngressCaCert string + IngressKind string + IngressStatusPassword string + IngressTLSBundle string + IngressTLSCert string + IngressTLSKey string + KubeAddonOperatorImage string + KubeCoreOperatorImage string + PullSecret string + TectonicIngressControllerOperatorImage string + TectonicVersion string +}