From 9697936d2f6b150248057f3d0214c1d80691eae4 Mon Sep 17 00:00:00 2001 From: Camila Macedo Date: Thu, 25 Mar 2021 17:56:25 +0000 Subject: [PATCH] remove dupliations --- changelog/fragments/add_common_kb.yaml | 16 +++ go.mod | 1 + go.sum | 4 +- .../internal/ansible/advanced_molecule.go | 27 ++--- .../samples/internal/ansible/memcached.go | 8 +- .../internal/ansible/memcached_molecule.go | 20 ++-- .../internal/go/v2/memcached_with_webhooks.go | 13 ++- .../internal/go/v3/memcached_with_webhooks.go | 11 +- .../samples/internal/helm/memcached.go | 5 +- internal/cmd/operator-sdk/cli/cli.go | 16 ++- internal/plugins/ansible/v1/init.go | 103 ++++++++++++------ internal/plugins/ansible/v1/scaffolds/init.go | 22 ---- .../config/kdefault/kustomization.go | 73 ------------- .../kdefault/manager_auth_proxy_patch.go | 75 ------------- .../templates/config/manager/config.go | 99 ----------------- .../templates/config/manager/kustomization.go | 47 -------- .../config/prometheus/kustomization.go | 45 -------- .../templates/config/prometheus/monitor.go | 63 ----------- .../rbac/auth_proxy_client_clusterrole.go | 50 --------- .../templates/config/rbac/auth_proxy_role.go | 56 ---------- .../config/rbac/auth_proxy_role_binding.go | 55 ---------- .../config/rbac/auth_proxy_service.go | 57 ---------- .../templates/config/rbac/kustomization.go | 63 ----------- .../config/rbac/leader_election_role.go | 68 ------------ .../rbac/leader_election_role_binding.go | 55 ---------- .../templates/config/rbac/role_binding.go | 57 ---------- .../templates/config/rbac/service_account.go | 48 -------- .../internal/templates/dockerfile.go | 2 + internal/plugins/helm/v1/init.go | 77 +++++++------ internal/plugins/helm/v1/scaffolds/init.go | 18 --- .../config/kdefault/kustomization.go | 73 ------------- .../kdefault/manager_auth_proxy_patch.go | 74 ------------- .../templates/config/manager/config.go | 102 ----------------- .../templates/config/manager/kustomization.go | 47 -------- .../config/prometheus/kustomization.go | 45 -------- .../templates/config/prometheus/monitor.go | 63 ----------- .../templates/config/rbac/auth_proxy_role.go | 56 ---------- .../config/rbac/auth_proxy_role_binding.go | 55 ---------- .../config/rbac/auth_proxy_service.go | 57 ---------- .../config/rbac/client_cluster_role.go | 50 --------- .../templates/config/rbac/kustomization.go | 63 ----------- .../config/rbac/leader_election_role.go | 68 ------------ .../rbac/leader_election_role_binding.go | 55 ---------- .../config/rbac/manager_role_binding.go | 55 ---------- .../templates/config/rbac/service_account.go | 48 -------- .../internal/templates/dockerfile.go | 2 + internal/testutils/olm.go | 4 +- internal/testutils/scorecard.go | 6 +- internal/testutils/utils.go | 51 --------- internal/util/utils.go | 81 ++++++++++++++ test/e2e/ansible/cluster_test.go | 3 +- test/e2e/ansible/suite_test.go | 11 +- test/e2e/helm/cluster_test.go | 5 +- test/e2e/helm/suite_test.go | 3 +- test/integration/suite_test.go | 6 +- .../ansible/memcached-operator/Dockerfile | 2 + ...-operator-manager-config_v1_configmap.yaml | 15 +++ ...cached-operator.clusterserviceversion.yaml | 4 + .../config/default/kustomization.yaml | 4 + .../config/default/manager_config_patch.yaml | 20 ++++ .../manager/controller_manager_config.yaml | 10 ++ .../config/manager/kustomization.yaml | 8 ++ .../config/manager/manager.yaml | 46 ++++---- .../config/prometheus/monitor.yaml | 2 +- .../config/rbac/leader_election_role.yaml | 2 + .../config/rbac/role_binding.yaml | 1 - testdata/helm/memcached-operator/Dockerfile | 2 + ...-operator-manager-config_v1_configmap.yaml | 15 +++ ...cached-operator.clusterserviceversion.yaml | 4 + .../config/default/kustomization.yaml | 4 + .../config/default/manager_config_patch.yaml | 20 ++++ .../manager/controller_manager_config.yaml | 10 ++ .../config/manager/kustomization.yaml | 8 ++ .../config/manager/manager.yaml | 8 +- .../config/rbac/leader_election_role.yaml | 2 + website/content/en/docs/cli/operator-sdk.md | 1 + 76 files changed, 465 insertions(+), 2060 deletions(-) create mode 100644 changelog/fragments/add_common_kb.yaml delete mode 100644 internal/plugins/ansible/v1/scaffolds/internal/templates/config/kdefault/kustomization.go delete mode 100644 internal/plugins/ansible/v1/scaffolds/internal/templates/config/kdefault/manager_auth_proxy_patch.go delete mode 100644 internal/plugins/ansible/v1/scaffolds/internal/templates/config/manager/config.go delete mode 100644 internal/plugins/ansible/v1/scaffolds/internal/templates/config/manager/kustomization.go delete mode 100644 internal/plugins/ansible/v1/scaffolds/internal/templates/config/prometheus/kustomization.go delete mode 100644 internal/plugins/ansible/v1/scaffolds/internal/templates/config/prometheus/monitor.go delete mode 100644 internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/auth_proxy_client_clusterrole.go delete mode 100644 internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/auth_proxy_role.go delete mode 100644 internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/auth_proxy_role_binding.go delete mode 100644 internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/auth_proxy_service.go delete mode 100644 internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/kustomization.go delete mode 100644 internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/leader_election_role.go delete mode 100644 internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/leader_election_role_binding.go delete mode 100644 internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/role_binding.go delete mode 100644 internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/service_account.go delete mode 100644 internal/plugins/helm/v1/scaffolds/internal/templates/config/kdefault/kustomization.go delete mode 100644 internal/plugins/helm/v1/scaffolds/internal/templates/config/kdefault/manager_auth_proxy_patch.go delete mode 100644 internal/plugins/helm/v1/scaffolds/internal/templates/config/manager/config.go delete mode 100644 internal/plugins/helm/v1/scaffolds/internal/templates/config/manager/kustomization.go delete mode 100644 internal/plugins/helm/v1/scaffolds/internal/templates/config/prometheus/kustomization.go delete mode 100644 internal/plugins/helm/v1/scaffolds/internal/templates/config/prometheus/monitor.go delete mode 100644 internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/auth_proxy_role.go delete mode 100644 internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/auth_proxy_role_binding.go delete mode 100644 internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/auth_proxy_service.go delete mode 100644 internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/client_cluster_role.go delete mode 100644 internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/kustomization.go delete mode 100644 internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/leader_election_role.go delete mode 100644 internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/leader_election_role_binding.go delete mode 100644 internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/manager_role_binding.go delete mode 100644 internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/service_account.go create mode 100644 internal/util/utils.go create mode 100644 testdata/ansible/memcached-operator/bundle/manifests/memcached-operator-manager-config_v1_configmap.yaml create mode 100644 testdata/ansible/memcached-operator/config/default/manager_config_patch.yaml create mode 100644 testdata/ansible/memcached-operator/config/manager/controller_manager_config.yaml create mode 100644 testdata/helm/memcached-operator/bundle/manifests/memcached-operator-manager-config_v1_configmap.yaml create mode 100644 testdata/helm/memcached-operator/config/default/manager_config_patch.yaml create mode 100644 testdata/helm/memcached-operator/config/manager/controller_manager_config.yaml diff --git a/changelog/fragments/add_common_kb.yaml b/changelog/fragments/add_common_kb.yaml new file mode 100644 index 00000000000..3aa5d251eb2 --- /dev/null +++ b/changelog/fragments/add_common_kb.yaml @@ -0,0 +1,16 @@ +# entries is a list of entries to include in +# release notes and/or the migration guide +entries: + - description: > + Add common base plugin. + + # kind is one of: + # - addition + # - change + # - deprecation + # - removal + # - bugfix + kind: "addition" + + # Is this a breaking change? + breaking: false diff --git a/go.mod b/go.mod index 0ea489eb13d..fb0a4098124 100644 --- a/go.mod +++ b/go.mod @@ -47,6 +47,7 @@ replace ( github.com/containerd/containerd => github.com/containerd/containerd v1.4.3 github.com/mattn/go-sqlite3 => github.com/mattn/go-sqlite3 v1.10.0 golang.org/x/text => golang.org/x/text v0.3.3 // Required to fix CVE-2020-14040 + sigs.k8s.io/kubebuilder/v3 => github.com/camilamacedo86/kubebuilder/v3 v3.0.0-20210325181645-7ebc46bb648d ) exclude github.com/spf13/viper v1.3.2 // Required to fix CVE-2018-1098 diff --git a/go.sum b/go.sum index feb313b4afd..30ac11d0791 100644 --- a/go.sum +++ b/go.sum @@ -161,6 +161,8 @@ github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0Bsq github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE= github.com/bugsnag/panicwrap v1.2.0 h1:OzrKrRvXis8qEvOkfcxNcYbOd2O7xXS2nnKMEMABFQA= github.com/bugsnag/panicwrap v1.2.0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE= +github.com/camilamacedo86/kubebuilder/v3 v3.0.0-20210325181645-7ebc46bb648d h1:vYixz9WHw09qP7b3ow1UMfqj2G5Qfx04pPnCfnSAlCU= +github.com/camilamacedo86/kubebuilder/v3 v3.0.0-20210325181645-7ebc46bb648d/go.mod h1:eVtLdWzmvL1ixDYLlVrvQe8wjpikJVoSOg5PghTk2Lw= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -1555,8 +1557,6 @@ sigs.k8s.io/controller-tools v0.4.1 h1:VkuV0MxlRPmRu5iTgBZU4UxUX2LiR99n3sdQGRxZF sigs.k8s.io/controller-tools v0.4.1/go.mod h1:G9rHdZMVlBDocIxGkK3jHLWqcTMNvveypYJwrvYKjWU= sigs.k8s.io/controller-tools v0.5.0 h1:3u2RCwOlp0cjCALAigpOcbAf50pE+kHSdueUosrC/AE= sigs.k8s.io/controller-tools v0.5.0/go.mod h1:JTsstrMpxs+9BUj6eGuAaEb6SDSPTeVtUyp0jmnAM/I= -sigs.k8s.io/kubebuilder/v3 v3.0.0-beta.1 h1:WGYvUPZ5tVrAOgvGW/NEqOXV2uYtplB6hJ/SFndrvIc= -sigs.k8s.io/kubebuilder/v3 v3.0.0-beta.1/go.mod h1:eVtLdWzmvL1ixDYLlVrvQe8wjpikJVoSOg5PghTk2Lw= sigs.k8s.io/kustomize v2.0.3+incompatible h1:JUufWFNlI44MdtnjUqVnvh29rR37PQFzPbLXqhyOyX0= sigs.k8s.io/kustomize v2.0.3+incompatible/go.mod h1:MkjgH3RdOWrievjo6c9T245dYlB5QeXV4WCbnt/PEpU= sigs.k8s.io/kustomize/kyaml v0.10.10 h1:caAxDDkaXZp+0kDsZVik4leFJV8LCy09PdVqpaoNeF4= diff --git a/hack/generate/samples/internal/ansible/advanced_molecule.go b/hack/generate/samples/internal/ansible/advanced_molecule.go index 1e96e96eab0..fc922e5db41 100644 --- a/hack/generate/samples/internal/ansible/advanced_molecule.go +++ b/hack/generate/samples/internal/ansible/advanced_molecule.go @@ -25,6 +25,7 @@ import ( "github.com/operator-framework/operator-sdk/hack/generate/samples/internal/pkg" "github.com/operator-framework/operator-sdk/internal/testutils" + "github.com/operator-framework/operator-sdk/internal/util" ) // AdvancedMolecule defines the context for the sample @@ -89,21 +90,21 @@ func (ma *AdvancedMolecule) Run() { data: sentinel: '{{ sentinel }}' groups: '{{ groups | to_nice_yaml }}'` - err = testutils.ReplaceInFile( + err = util.ReplaceInFile( inventoryRoleTask, "# tasks file for InventoryTest", inventoryRoleTaskFragment) pkg.CheckError("replacing inventory task", err) log.Infof("updating inventorytest sample") - err = testutils.ReplaceInFile( + err = util.ReplaceInFile( filepath.Join(ma.ctx.Dir, "config", "samples", "test_v1alpha1_inventorytest.yaml"), "name: inventorytest-sample", inventorysampleFragment) pkg.CheckError("updating inventorytest sample", err) log.Infof("updating spec of inventorytest sample") - err = testutils.ReplaceInFile( + err = util.ReplaceInFile( filepath.Join(ma.ctx.Dir, "config", "samples", "test_v1alpha1_inventorytest.yaml"), "foo: bar", "size: 3") @@ -146,7 +147,7 @@ func (ma *AdvancedMolecule) updateConfig() { - update - watch #+kubebuilder:scaffold:rules` - err := testutils.ReplaceInFile( + err := util.ReplaceInFile( filepath.Join(ma.ctx.Dir, "config", "rbac", "role.yaml"), "#+kubebuilder:scaffold:rules", cmRolesFragment) @@ -183,7 +184,7 @@ func (ma *AdvancedMolecule) updateConfig() { pkg.CheckError("adding vaulting args to the proxy auth", err) log.Infof("adding task to not pull image to the config/testing") - err = testutils.ReplaceInFile( + err = util.ReplaceInFile( filepath.Join(ma.ctx.Dir, "config", "testing", "kustomization.yaml"), "- manager_image.yaml", "- manager_image.yaml\n- pull_policy/Never.yaml") @@ -229,7 +230,7 @@ func (ma *AdvancedMolecule) addMocksFromTestdata() { func (ma *AdvancedMolecule) updateDockerfile() { log.Infof("replacing project Dockerfile to use ansible base image with the dev tag") - err := testutils.ReplaceRegexInFile( + err := util.ReplaceRegexInFile( filepath.Join(ma.ctx.Dir, "Dockerfile"), "quay.io/operator-framework/ansible-operator:.*", "quay.io/operator-framework/ansible-operator:dev") @@ -281,7 +282,7 @@ func (ma *AdvancedMolecule) updatePlaybooks() { data: msg: The decrypted value is {{the_secret.the_secret}} ` - err := testutils.ReplaceInFile( + err := util.ReplaceInFile( filepath.Join(ma.ctx.Dir, "playbooks", "argstest.yml"), originalPlaybookFragment, argsPlaybook) @@ -305,7 +306,7 @@ func (ma *AdvancedMolecule) updatePlaybooks() { data: shouldBeCamel: '{{ camelCaseVar | default("false") }}' ` - err = testutils.ReplaceInFile( + err = util.ReplaceInFile( filepath.Join(ma.ctx.Dir, "playbooks", "casetest.yml"), originalPlaybookFragment, casePlaybook) @@ -324,7 +325,7 @@ func (ma *AdvancedMolecule) updatePlaybooks() { tasks: - command: echo hello - debug: msg='{{ "hello" | test }}'` - err = testutils.ReplaceInFile( + err = util.ReplaceInFile( filepath.Join(ma.ctx.Dir, "playbooks", "inventorytest.yml"), "---\n- hosts: localhost\n gather_facts: no\n collections:\n - community.kubernetes\n - operator_sdk.util\n tasks:\n - import_role:\n name: \"inventorytest\"", inventoryPlaybook) @@ -382,7 +383,7 @@ func (ma *AdvancedMolecule) updatePlaybooks() { time: 1s when: configmap.resources|length > 0 and (configmap.resources.0.data.iterations|int) < 5 ` - err = testutils.ReplaceInFile( + err = util.ReplaceInFile( filepath.Join(ma.ctx.Dir, "playbooks", "reconciliationtest.yml"), originalPlaybookFragment, reconciliationPlaybook) @@ -406,7 +407,7 @@ func (ma *AdvancedMolecule) updatePlaybooks() { data: hello: "world" ` - err = testutils.ReplaceInFile( + err = util.ReplaceInFile( filepath.Join(ma.ctx.Dir, "playbooks", "selectortest.yml"), originalPlaybookFragment, selectorPlaybook) @@ -465,7 +466,7 @@ func (ma *AdvancedMolecule) updatePlaybooks() { execCommandStderr: '{{ exec_result.stderr.strip() }}' logs: '{{ log_result.log }}' ` - err = testutils.ReplaceInFile( + err = util.ReplaceInFile( filepath.Join(ma.ctx.Dir, "playbooks", "subresourcestest.yml"), originalPlaybookFragment, subresourcesPlaybook) @@ -497,7 +498,7 @@ func (ma *AdvancedMolecule) addPlaybooks() { task := fmt.Sprintf("%s_test.yml", k) logMsgForKind = fmt.Sprintf("removing FIXME assert from %s", task) log.Infof(logMsgForKind) - err = testutils.ReplaceInFile( + err = util.ReplaceInFile( filepath.Join(ma.ctx.Dir, "molecule", "default", "tasks", task), fixmeAssert, "") diff --git a/hack/generate/samples/internal/ansible/memcached.go b/hack/generate/samples/internal/ansible/memcached.go index 84d4b9de607..dd829428ac8 100644 --- a/hack/generate/samples/internal/ansible/memcached.go +++ b/hack/generate/samples/internal/ansible/memcached.go @@ -19,6 +19,8 @@ import ( "path/filepath" "strings" + "github.com/operator-framework/operator-sdk/internal/util" + log "github.com/sirupsen/logrus" kbtestutils "sigs.k8s.io/kubebuilder/v3/test/e2e/utils" @@ -91,7 +93,7 @@ func (ma *MemcachedAnsible) addingMoleculeMockData() { moleculeTaskPath := filepath.Join(ma.ctx.Dir, "molecule", "default", "tasks", fmt.Sprintf("%s_test.yml", strings.ToLower(ma.ctx.Kind))) - err := testutils.ReplaceInFile(moleculeTaskPath, + err := util.ReplaceInFile(moleculeTaskPath, originaMemcachedMoleculeTask, fmt.Sprintf(moleculeTaskFragment, ma.ctx.ProjectName, ma.ctx.ProjectName)) pkg.CheckError("replacing molecule default tasks", err) } @@ -105,13 +107,13 @@ func (ma *MemcachedAnsible) addingAnsibleTask() { roleFragment) pkg.CheckError("adding task", err) - err = testutils.ReplaceInFile(filepath.Join(ma.ctx.Dir, "roles", strings.ToLower(ma.ctx.Kind), + err = util.ReplaceInFile(filepath.Join(ma.ctx.Dir, "roles", strings.ToLower(ma.ctx.Kind), "defaults", "main.yml"), fmt.Sprintf("# defaults file for %s", ma.ctx.Kind), defaultsFragment) pkg.CheckError("adding defaulting", err) - err = testutils.ReplaceInFile(filepath.Join(ma.ctx.Dir, "config", "samples", + err = util.ReplaceInFile(filepath.Join(ma.ctx.Dir, "config", "samples", fmt.Sprintf("%s_%s_%s.yaml", ma.ctx.Group, ma.ctx.Version, strings.ToLower(ma.ctx.Kind))), "foo: bar", "size: 1") pkg.CheckError("updating sample CR", err) diff --git a/hack/generate/samples/internal/ansible/memcached_molecule.go b/hack/generate/samples/internal/ansible/memcached_molecule.go index 8af3d003005..fb82f65cb26 100644 --- a/hack/generate/samples/internal/ansible/memcached_molecule.go +++ b/hack/generate/samples/internal/ansible/memcached_molecule.go @@ -20,6 +20,8 @@ import ( "path/filepath" "strings" + "github.com/operator-framework/operator-sdk/internal/util" + kbtestutils "sigs.k8s.io/kubebuilder/v3/test/e2e/utils" "github.com/operator-framework/operator-sdk/hack/generate/samples/internal/pkg" @@ -76,11 +78,11 @@ func (ma *MoleculeAnsible) Run() { pkg.CheckError("replacing memcached task to add foo check", err) log.Infof("replacing project Dockerfile to use ansible base image with the dev tag") - err = testutils.ReplaceRegexInFile(filepath.Join(ma.ctx.Dir, "Dockerfile"), "quay.io/operator-framework/ansible-operator:.*", "quay.io/operator-framework/ansible-operator:dev") + err = util.ReplaceRegexInFile(filepath.Join(ma.ctx.Dir, "Dockerfile"), "quay.io/operator-framework/ansible-operator:.*", "quay.io/operator-framework/ansible-operator:dev") pkg.CheckError("replacing Dockerfile", err) log.Infof("adding RBAC permissions") - err = testutils.ReplaceInFile(filepath.Join(ma.ctx.Dir, "config", "rbac", "role.yaml"), + err = util.ReplaceInFile(filepath.Join(ma.ctx.Dir, "config", "rbac", "role.yaml"), "#+kubebuilder:scaffold:rules", rolesForBaseOperator) pkg.CheckError("replacing in role.yml", err) @@ -106,12 +108,12 @@ func (ma *MoleculeAnsible) Run() { pkg.CheckError("creating api", err) log.Infof("adding task to delete config map") - err = testutils.ReplaceInFile(filepath.Join(ma.ctx.Dir, "roles", "memfin", "tasks", "main.yml"), + err = util.ReplaceInFile(filepath.Join(ma.ctx.Dir, "roles", "memfin", "tasks", "main.yml"), "# tasks file for Memfin", taskToDeleteConfigMap) pkg.CheckError("replacing in tasks/main.yml", err) log.Infof("adding to watches finalizer and blacklist") - err = testutils.ReplaceInFile(filepath.Join(ma.ctx.Dir, "watches.yaml"), + err = util.ReplaceInFile(filepath.Join(ma.ctx.Dir, "watches.yaml"), "playbook: playbooks/memcached.yml", memcachedWatchCustomizations) pkg.CheckError("replacing in watches", err) @@ -133,7 +135,7 @@ func (ma *MoleculeAnsible) Run() { pkg.CheckError("creating api", err) log.Infof("removing ignore group for the secret from watches as an workaround to work with core types") - err = testutils.ReplaceInFile(filepath.Join(ma.ctx.Dir, "watches.yaml"), + err = util.ReplaceInFile(filepath.Join(ma.ctx.Dir, "watches.yaml"), "ignore.example.com", "\"\"") pkg.CheckError("replacing the watches file", err) @@ -143,22 +145,22 @@ func (ma *MoleculeAnsible) Run() { pkg.CheckError("removing secret test file", err) log.Infof("adding Secret task to the role") - err = testutils.ReplaceInFile(filepath.Join(ma.ctx.Dir, "roles", "secret", "tasks", "main.yml"), + err = util.ReplaceInFile(filepath.Join(ma.ctx.Dir, "roles", "secret", "tasks", "main.yml"), originalTaskSecret, taskForSecret) pkg.CheckError("replacing in secret/tasks/main.yml file", err) log.Infof("adding ManageStatus == false for role secret") - err = testutils.ReplaceInFile(filepath.Join(ma.ctx.Dir, "watches.yaml"), + err = util.ReplaceInFile(filepath.Join(ma.ctx.Dir, "watches.yaml"), "role: secret", manageStatusFalseForRoleSecret) pkg.CheckError("replacing in watches.yaml", err) log.Infof("removing FIXME asserts from memfin_test.yml") - err = testutils.ReplaceInFile(filepath.Join(ma.ctx.Dir, "molecule", "default", "tasks", "memfin_test.yml"), + err = util.ReplaceInFile(filepath.Join(ma.ctx.Dir, "molecule", "default", "tasks", "memfin_test.yml"), fixmeAssert, "") pkg.CheckError("replacing memfin_test.yml", err) log.Infof("removing FIXME asserts from foo_test.yml") - err = testutils.ReplaceInFile(filepath.Join(ma.ctx.Dir, "molecule", "default", "tasks", "foo_test.yml"), + err = util.ReplaceInFile(filepath.Join(ma.ctx.Dir, "molecule", "default", "tasks", "foo_test.yml"), fixmeAssert, "") pkg.CheckError("replacing foo_test.yml", err) } diff --git a/hack/generate/samples/internal/go/v2/memcached_with_webhooks.go b/hack/generate/samples/internal/go/v2/memcached_with_webhooks.go index ef7579bd93b..e6b6c8c4589 100644 --- a/hack/generate/samples/internal/go/v2/memcached_with_webhooks.go +++ b/hack/generate/samples/internal/go/v2/memcached_with_webhooks.go @@ -25,6 +25,7 @@ import ( "github.com/operator-framework/operator-sdk/hack/generate/samples/internal/pkg" "github.com/operator-framework/operator-sdk/internal/testutils" + "github.com/operator-framework/operator-sdk/internal/util" ) // MemcachedGoWithWebhooks defines the Memcached Sample in GO using webhooks @@ -195,7 +196,7 @@ func (mh *MemcachedGoWithWebhooks) implementingWebhooks() { webhooksFragment) pkg.CheckError("replacing reconcile", err) - err = testutils.ReplaceInFile(webhookPath, + err = util.ReplaceInFile(webhookPath, "// TODO(user): fill in your defaulting logic.", "if r.Spec.Size == 0 {\n\t\tr.Spec.Size = 3\n\t}") pkg.CheckError("replacing default webhook implementation", err) @@ -224,16 +225,16 @@ func (mh *MemcachedGoWithWebhooks) implementingController() { pkg.CheckError("adding rbac", err) // Replace reconcile content - err = testutils.ReplaceInFile(controllerPath, "_ = context.Background()", "ctx := context.Background()") + err = util.ReplaceInFile(controllerPath, "_ = context.Background()", "ctx := context.Background()") pkg.CheckError("replacing reconcile content", err) - err = testutils.ReplaceInFile(controllerPath, + err = util.ReplaceInFile(controllerPath, fmt.Sprintf("_ = r.Log.WithValues(\"%s\", req.NamespacedName)", strings.ToLower(mh.ctx.Kind)), fmt.Sprintf("log := r.Log.WithValues(\"%s\", req.NamespacedName)", strings.ToLower(mh.ctx.Kind))) pkg.CheckError("replacing reconcile content", err) // Add reconcile implementation - err = testutils.ReplaceInFile(controllerPath, + err = util.ReplaceInFile(controllerPath, "// your logic here", reconcileFragment) pkg.CheckError("replacing reconcile", err) @@ -243,7 +244,7 @@ func (mh *MemcachedGoWithWebhooks) implementingController() { pkg.CheckError("adding helpers methods in the controller", err) // Add watch for the Kind - err = testutils.ReplaceInFile(controllerPath, + err = util.ReplaceInFile(controllerPath, fmt.Sprintf(watchOriginalFragment, mh.ctx.Group, mh.ctx.Version, mh.ctx.Kind), fmt.Sprintf(watchCustomizedFragment, mh.ctx.Group, mh.ctx.Version, mh.ctx.Kind)) pkg.CheckError("replacing reconcile", err) @@ -280,7 +281,7 @@ func (mh *MemcachedGoWithWebhooks) implementingAPI() { fmt.Sprintf("%s_%s_%s.yaml", mh.ctx.Group, mh.ctx.Version, strings.ToLower(mh.ctx.Kind))) log.Infof("updating sample to have size attribute") - err = testutils.ReplaceInFile(filepath.Join(mh.ctx.Dir, sampleFile), "foo: bar", "size: 1") + err = util.ReplaceInFile(filepath.Join(mh.ctx.Dir, sampleFile), "foo: bar", "size: 1") pkg.CheckError("updating sample", err) } diff --git a/hack/generate/samples/internal/go/v3/memcached_with_webhooks.go b/hack/generate/samples/internal/go/v3/memcached_with_webhooks.go index eeafdd9736f..cd2a210a955 100644 --- a/hack/generate/samples/internal/go/v3/memcached_with_webhooks.go +++ b/hack/generate/samples/internal/go/v3/memcached_with_webhooks.go @@ -25,6 +25,7 @@ import ( "github.com/operator-framework/operator-sdk/hack/generate/samples/internal/pkg" "github.com/operator-framework/operator-sdk/internal/testutils" + "github.com/operator-framework/operator-sdk/internal/util" ) // MemcachedGoWithWebhooks defines the Memcached Sample in GO using webhooks @@ -195,7 +196,7 @@ func (mh *MemcachedGoWithWebhooks) implementingWebhooks() { webhooksFragment) pkg.CheckError("replacing webhook validate implementation", err) - err = testutils.ReplaceInFile(webhookPath, + err = util.ReplaceInFile(webhookPath, "// TODO(user): fill in your defaulting logic.", "if r.Spec.Size == 0 {\n\t\tr.Spec.Size = 3\n\t}") pkg.CheckError("replacing webhook default implementation", err) @@ -225,13 +226,13 @@ func (mh *MemcachedGoWithWebhooks) implementingController() { pkg.CheckError("adding rbac", err) // Replace reconcile content - err = testutils.ReplaceInFile(controllerPath, + err = util.ReplaceInFile(controllerPath, fmt.Sprintf("_ = r.Log.WithValues(\"%s\", req.NamespacedName)", strings.ToLower(mh.ctx.Kind)), fmt.Sprintf("log := r.Log.WithValues(\"%s\", req.NamespacedName)", strings.ToLower(mh.ctx.Kind))) pkg.CheckError("replacing reconcile content", err) // Add reconcile implementation - err = testutils.ReplaceInFile(controllerPath, + err = util.ReplaceInFile(controllerPath, "// your logic here", reconcileFragment) pkg.CheckError("replacing reconcile", err) @@ -241,7 +242,7 @@ func (mh *MemcachedGoWithWebhooks) implementingController() { pkg.CheckError("adding helpers methods in the controller", err) // Add watch for the Kind - err = testutils.ReplaceInFile(controllerPath, + err = util.ReplaceInFile(controllerPath, fmt.Sprintf(watchOriginalFragment, mh.ctx.Group, mh.ctx.Version, mh.ctx.Kind), fmt.Sprintf(watchCustomizedFragment, mh.ctx.Group, mh.ctx.Version, mh.ctx.Kind)) pkg.CheckError("replacing reconcile", err) @@ -275,7 +276,7 @@ func (mh *MemcachedGoWithWebhooks) implementingAPI() { fmt.Sprintf("%s_%s_%s.yaml", mh.ctx.Group, mh.ctx.Version, strings.ToLower(mh.ctx.Kind))) log.Infof("updating sample to have size attribute") - err = testutils.ReplaceInFile(filepath.Join(mh.ctx.Dir, sampleFile), "foo: bar", "size: 1") + err = util.ReplaceInFile(filepath.Join(mh.ctx.Dir, sampleFile), "foo: bar", "size: 1") pkg.CheckError("updating sample", err) } diff --git a/hack/generate/samples/internal/helm/memcached.go b/hack/generate/samples/internal/helm/memcached.go index b9cfc086fb3..eaa917ed2b7 100644 --- a/hack/generate/samples/internal/helm/memcached.go +++ b/hack/generate/samples/internal/helm/memcached.go @@ -22,6 +22,7 @@ import ( "github.com/operator-framework/operator-sdk/hack/generate/samples/internal/pkg" "github.com/operator-framework/operator-sdk/internal/testutils" + "github.com/operator-framework/operator-sdk/internal/util" ) // MemcachedHelm defines the Memcached Sample in Helm @@ -77,7 +78,7 @@ func (mh *MemcachedHelm) Run() { pkg.CheckError("creating the project", err) log.Infof("customizing the sample") - err = testutils.ReplaceInFile( + err = util.ReplaceInFile( filepath.Join(mh.ctx.Dir, "config", "samples", "cache_v1alpha1_memcached.yaml"), "securityContext:\n enabled: true", "securityContext:\n enabled: false") pkg.CheckError("customizing the sample", err) @@ -89,7 +90,7 @@ func (mh *MemcachedHelm) Run() { pkg.CheckError("enabling prometheus metrics", err) log.Infof("adding customized roles") - err = testutils.ReplaceInFile(filepath.Join(mh.ctx.Dir, "config", "rbac", "role.yaml"), + err = util.ReplaceInFile(filepath.Join(mh.ctx.Dir, "config", "rbac", "role.yaml"), "#+kubebuilder:scaffold:rules", policyRolesFragment) pkg.CheckError("adding customized roles", err) diff --git a/internal/cmd/operator-sdk/cli/cli.go b/internal/cmd/operator-sdk/cli/cli.go index 37122f5ac12..d49b49466a0 100644 --- a/internal/cmd/operator-sdk/cli/cli.go +++ b/internal/cmd/operator-sdk/cli/cli.go @@ -22,8 +22,11 @@ import ( cfgv2 "sigs.k8s.io/kubebuilder/v3/pkg/config/v2" cfgv3 "sigs.k8s.io/kubebuilder/v3/pkg/config/v3" "sigs.k8s.io/kubebuilder/v3/pkg/plugin" - golangv2 "sigs.k8s.io/kubebuilder/v3/pkg/plugins/golang/v2" - golangv3 "sigs.k8s.io/kubebuilder/v3/pkg/plugins/golang/v3" + commonv2 "sigs.k8s.io/kubebuilder/v3/pkg/plugins/common/v2" + commonv3 "sigs.k8s.io/kubebuilder/v3/pkg/plugins/common/v3" + "sigs.k8s.io/kubebuilder/v3/pkg/plugins/golang" + golangv2 "sigs.k8s.io/kubebuilder/v3/pkg/plugins/golang/base/v2" + golangv3 "sigs.k8s.io/kubebuilder/v3/pkg/plugins/golang/base/v3" "github.com/operator-framework/operator-sdk/internal/cmd/operator-sdk/alpha/config3alphato3" "github.com/operator-framework/operator-sdk/internal/cmd/operator-sdk/bundle" @@ -66,22 +69,26 @@ func Run() error { // the kubebuilder project layout func GetPluginsCLIAndRoot() (*cli.CLI, *cobra.Command) { ansibleBundle, _ := plugin.NewBundle("ansible"+plugins.DefaultNameQualifier, plugin.Version{Number: 1}, + commonv3.Plugin{}, ansiblev1.Plugin{}, manifestsv2.Plugin{}, scorecardv2.Plugin{}, ) - gov2Bundle, _ := plugin.NewBundle(golangv2.Plugin{}.Name(), golangv2.Plugin{}.Version(), + gov2Bundle, _ := plugin.NewBundle(golang.DefaultGoNameQualifier, golangv2.Plugin{}.Version(), + commonv2.Plugin{}, golangv2.Plugin{}, envtestv1.Plugin{}, manifestsv2.Plugin{}, scorecardv2.Plugin{}, ) - gov3Bundle, _ := plugin.NewBundle(golangv3.Plugin{}.Name(), golangv3.Plugin{}.Version(), + gov3Bundle, _ := plugin.NewBundle(golang.DefaultGoNameQualifier, golangv3.Plugin{}.Version(), + commonv3.Plugin{}, golangv3.Plugin{}, manifestsv2.Plugin{}, scorecardv2.Plugin{}, ) helmBundle, _ := plugin.NewBundle("helm"+plugins.DefaultNameQualifier, plugin.Version{Number: 1}, + commonv3.Plugin{}, helmv1.Plugin{}, manifestsv2.Plugin{}, scorecardv2.Plugin{}, @@ -94,6 +101,7 @@ func GetPluginsCLIAndRoot() (*cli.CLI, *cobra.Command) { gov2Bundle, gov3Bundle, helmBundle, + commonv3.Plugin{}, ), cli.WithDefaultPlugins(cfgv2.Version, gov2Bundle), cli.WithDefaultPlugins(cfgv3.Version, gov3Bundle), diff --git a/internal/plugins/ansible/v1/init.go b/internal/plugins/ansible/v1/init.go index 428fb69bc14..8c5822c97a1 100644 --- a/internal/plugins/ansible/v1/init.go +++ b/internal/plugins/ansible/v1/init.go @@ -18,10 +18,9 @@ import ( "fmt" "os" "path/filepath" - "strings" + sdkutil "github.com/operator-framework/operator-sdk/internal/util" "github.com/spf13/pflag" - "k8s.io/apimachinery/pkg/util/validation" "sigs.k8s.io/kubebuilder/v3/pkg/config" "sigs.k8s.io/kubebuilder/v3/pkg/machinery" "sigs.k8s.io/kubebuilder/v3/pkg/plugin" @@ -48,11 +47,9 @@ type initSubcommand struct { commandName string // Flags - group string - domain string - version string - kind string - projectName string + group string + version string + kind string } // UpdateContext injects documentation for the command @@ -99,9 +96,6 @@ Optionally creates a new API, using the same flags as "create api" func (p *initSubcommand) BindFlags(fs *pflag.FlagSet) { fs.SortFlags = false - fs.StringVar(&p.domain, "domain", "my.domain", "domain for groups") - fs.StringVar(&p.projectName, "project-name", "", "name of this project, the default being directory name") - fs.StringVar(&p.group, "group", "", "resource Group") fs.StringVar(&p.version, "version", "", "resource Version") fs.StringVar(&p.kind, "kind", "", "resource Kind") @@ -110,27 +104,6 @@ func (p *initSubcommand) BindFlags(fs *pflag.FlagSet) { func (p *initSubcommand) InjectConfig(c config.Config) error { p.config = c - - if err := p.config.SetDomain(p.domain); err != nil { - return err - } - - // Assign a default project name - if p.projectName == "" { - dir, err := os.Getwd() - if err != nil { - return fmt.Errorf("error getting current directory: %v", err) - } - p.projectName = strings.ToLower(filepath.Base(dir)) - } - // Check if the project name is a valid k8s namespace (DNS 1123 label). - if err := validation.IsDNS1123Label(p.projectName); err != nil { - return fmt.Errorf("project name (%s) is invalid: %v", p.projectName, err) - } - if err := p.config.SetProjectName(p.projectName); err != nil { - return err - } - return nil } @@ -141,6 +114,10 @@ func (p *initSubcommand) Scaffold(fs machinery.Filesystem) error { } func (p *initSubcommand) PostScaffold() error { + if err := runCustomsOnTop(p.config.GetProjectName()); err != nil { + return fmt.Errorf("unable to scaffold the ansible customizations : %s", err) + } + doAPI := p.group != "" || p.version != "" || p.kind != "" if !doAPI { fmt.Printf("Next: define a resource with:\n$ %s create api\n", p.commandName) @@ -172,3 +149,67 @@ func (p *initSubcommand) PostScaffold() error { return nil } + +// runCustomsOnTop will perform the required customizations for Helm-based projects on top of the default scaffold +func runCustomsOnTop(projectName string) error { + managerFile := filepath.Join("config", "manager", "manager.yaml") + + // Add leader election arg in config/manager/manager.yaml and in config/default/manager_auth_proxy_patch.yaml + err := sdkutil.InsertCode(managerFile, + "--leader-elect", + fmt.Sprintf("\n - --leader-election-id=%s", projectName)) + if err != nil { + return err + } + + err = sdkutil.InsertCode("config/default/manager_auth_proxy_patch.yaml", + "- \"--leader-elect\"", + fmt.Sprintf("\n - \"--leader-election-id=%s\"", projectName)) + if err != nil { + return err + } + // remove the resources limits because of issue + // todo: remove it when we solve the issue operator-framework/operator-sdk#3573 + const resourcesLimitsFragment = ` resources: + limits: + cpu: 100m + memory: 30Mi + requests: + cpu: 100m + memory: 20Mi + ` + err = sdkutil.ReplaceInFile(managerFile, resourcesLimitsFragment, "") + if err != nil { + return err + } + + // Add ANSIBLE_GATHERING env var + const envVar = ` + env: + - name: ANSIBLE_GATHERING + value: explicit` + err = sdkutil.InsertCode(managerFile, "name: manager", envVar) + if err != nil { + return err + } + + // replace the default ports because ansible has been using another one + // todo: remove it when we be able to change the port for the default one + // issue: https://github.com/operator-framework/operator-sdk/issues/4331 + err = sdkutil.ReplaceInFile(managerFile, "port: 8081", "port: 6789") + if err != nil { + return err + } + err = sdkutil.ReplaceInFile("config/default/manager_auth_proxy_patch.yaml", "8081", "6789") + if err != nil { + return err + } + + // Remove the webhook option for the componentConfig since webhooks are not supported by helm + err = sdkutil.ReplaceInFile("config/manager/controller_manager_config.yaml", "webhook:\n port: 9443", "") + if err != nil { + return err + } + + return nil +} diff --git a/internal/plugins/ansible/v1/scaffolds/init.go b/internal/plugins/ansible/v1/scaffolds/init.go index 3b20c2fba41..186dde23cb8 100644 --- a/internal/plugins/ansible/v1/scaffolds/init.go +++ b/internal/plugins/ansible/v1/scaffolds/init.go @@ -23,9 +23,6 @@ import ( "sigs.k8s.io/kubebuilder/v3/pkg/plugins" "github.com/operator-framework/operator-sdk/internal/plugins/ansible/v1/scaffolds/internal/templates" - "github.com/operator-framework/operator-sdk/internal/plugins/ansible/v1/scaffolds/internal/templates/config/kdefault" - "github.com/operator-framework/operator-sdk/internal/plugins/ansible/v1/scaffolds/internal/templates/config/manager" - "github.com/operator-framework/operator-sdk/internal/plugins/ansible/v1/scaffolds/internal/templates/config/prometheus" "github.com/operator-framework/operator-sdk/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac" "github.com/operator-framework/operator-sdk/internal/plugins/ansible/v1/scaffolds/internal/templates/config/testing" "github.com/operator-framework/operator-sdk/internal/plugins/ansible/v1/scaffolds/internal/templates/config/testing/pullpolicy" @@ -86,26 +83,7 @@ func (s *initScaffolder) Scaffold() error { &templates.GitIgnore{}, &templates.RequirementsYml{}, &templates.Watches{}, - - &rbac.Kustomization{}, - &rbac.ClientClusterRole{}, - &rbac.AuthProxyRole{}, - &rbac.AuthProxyRoleBinding{}, - &rbac.AuthProxyService{}, - &rbac.LeaderElectionRole{}, - &rbac.LeaderElectionRoleBinding{}, &rbac.ManagerRole{}, - &rbac.RoleBinding{}, - &rbac.ServiceAccount{}, - &prometheus.Kustomization{}, - &prometheus.ServiceMonitor{}, - - &manager.Config{Image: imageName}, - &manager.Kustomization{}, - - &kdefault.Kustomization{}, - &kdefault.ManagerAuthProxyPatch{}, - &roles.Placeholder{}, &playbooks.Placeholder{}, diff --git a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/kdefault/kustomization.go b/internal/plugins/ansible/v1/scaffolds/internal/templates/config/kdefault/kustomization.go deleted file mode 100644 index 4619832082b..00000000000 --- a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/kdefault/kustomization.go +++ /dev/null @@ -1,73 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. -Modifications copyright 2020 The Operator-SDK Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package kdefault - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &Kustomization{} - -// Kustomization scaffolds the kustomization file for the default overlay -type Kustomization struct { - machinery.TemplateMixin - machinery.ProjectNameMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *Kustomization) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "default", "kustomization.yaml") - } - - f.TemplateBody = kustomizeTemplate - - f.IfExistsAction = machinery.Error - - return nil -} - -const kustomizeTemplate = `# Adds namespace to all resources. -namespace: {{ .ProjectName }}-system - -# Value of this field is prepended to the -# names of all resources, e.g. a deployment named -# "wordpress" becomes "alices-wordpress". -# Note that it should also match with the prefix (text before '-') of the namespace -# field above. -namePrefix: {{ .ProjectName }}- - -# Labels to add to all resources and selectors. -#commonLabels: -# someName: someValue - -bases: -- ../crd -- ../rbac -- ../manager -# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. -#- ../prometheus - -patchesStrategicMerge: -# Protect the /metrics endpoint by putting it behind auth. -# If you want your controller-manager to expose the /metrics -# endpoint w/o any authn/z, please comment the following line. -- manager_auth_proxy_patch.yaml -` diff --git a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/kdefault/manager_auth_proxy_patch.go b/internal/plugins/ansible/v1/scaffolds/internal/templates/config/kdefault/manager_auth_proxy_patch.go deleted file mode 100644 index 3c0713beb68..00000000000 --- a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/kdefault/manager_auth_proxy_patch.go +++ /dev/null @@ -1,75 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. -Modifications copyright 2020 The Operator-SDK Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package kdefault - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &ManagerAuthProxyPatch{} - -// ManagerAuthProxyPatch scaffolds the patch file for enabling -// prometheus metrics for manager Pod. -type ManagerAuthProxyPatch struct { - machinery.TemplateMixin - machinery.ProjectNameMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *ManagerAuthProxyPatch) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "default", "manager_auth_proxy_patch.yaml") - } - - f.TemplateBody = kustomizeAuthProxyPatchTemplate - - f.IfExistsAction = machinery.Error - - return nil -} - -const kustomizeAuthProxyPatchTemplate = `# This patch inject a sidecar container which is a HTTP proxy for the -# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: kube-rbac-proxy - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - args: - - "--secure-listen-address=0.0.0.0:8443" - - "--upstream=http://127.0.0.1:8080/" - - "--logtostderr=true" - - "--v=10" - ports: - - containerPort: 8443 - name: https - - name: manager - args: - - "--health-probe-bind-address=:6789" - - "--metrics-bind-address=127.0.0.1:8080" - - "--leader-elect" - - "--leader-election-id={{ .ProjectName }}" -` diff --git a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/manager/config.go b/internal/plugins/ansible/v1/scaffolds/internal/templates/config/manager/config.go deleted file mode 100644 index 1d1a28edcf7..00000000000 --- a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/manager/config.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. -Modifications copyright 2020 The Operator-SDK Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package manager - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &Config{} - -// Config scaffolds yaml config for the manager. -type Config struct { - machinery.TemplateMixin - machinery.ProjectNameMixin - - // Image is controller manager image name - Image string -} - -// SetTemplateDefaults implements machinery.Template -func (f *Config) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "manager", "manager.yaml") - } - - f.TemplateBody = configTemplate - - return nil -} - -const configTemplate = `apiVersion: v1 -kind: Namespace -metadata: - labels: - control-plane: controller-manager - name: system ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system - labels: - control-plane: controller-manager -spec: - selector: - matchLabels: - control-plane: controller-manager - replicas: 1 - template: - metadata: - labels: - control-plane: controller-manager - spec: - securityContext: - runAsNonRoot: true - containers: - - name: manager - args: - - "--leader-elect" - - "--leader-election-id={{ .ProjectName }}" - env: - - name: ANSIBLE_GATHERING - value: explicit - image: {{ .Image }} - securityContext: - allowPrivilegeEscalation: false - livenessProbe: - httpGet: - path: /healthz - port: 6789 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - httpGet: - path: /readyz - port: 6789 - initialDelaySeconds: 5 - periodSeconds: 10 - serviceAccountName: controller-manager - terminationGracePeriodSeconds: 10 -` diff --git a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/manager/kustomization.go b/internal/plugins/ansible/v1/scaffolds/internal/templates/config/manager/kustomization.go deleted file mode 100644 index 1d7340421a7..00000000000 --- a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/manager/kustomization.go +++ /dev/null @@ -1,47 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package manager - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &Kustomization{} - -// Kustomization scaffolds a file that defines the kustomization scheme for the manager folder -type Kustomization struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *Kustomization) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "manager", "kustomization.yaml") - } - - f.TemplateBody = kustomizeManagerTemplate - - f.IfExistsAction = machinery.Error - - return nil -} - -const kustomizeManagerTemplate = `resources: -- manager.yaml -` diff --git a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/prometheus/kustomization.go b/internal/plugins/ansible/v1/scaffolds/internal/templates/config/prometheus/kustomization.go deleted file mode 100644 index 64821e1e411..00000000000 --- a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/prometheus/kustomization.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package prometheus - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &Kustomization{} - -// Kustomization scaffolds the kustomizaiton in the prometheus folder -type Kustomization struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *Kustomization) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "prometheus", "kustomization.yaml") - } - - f.TemplateBody = kustomizationTemplate - - return nil -} - -const kustomizationTemplate = `resources: -- monitor.yaml -` diff --git a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/prometheus/monitor.go b/internal/plugins/ansible/v1/scaffolds/internal/templates/config/prometheus/monitor.go deleted file mode 100644 index 2d2570e2310..00000000000 --- a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/prometheus/monitor.go +++ /dev/null @@ -1,63 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package prometheus - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &ServiceMonitor{} - -// ServiceMonitor scaffolds an issuer CR and a certificate CR -type ServiceMonitor struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *ServiceMonitor) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "prometheus", "monitor.yaml") - } - - f.TemplateBody = serviceMonitorTemplate - - return nil -} - -const serviceMonitorTemplate = `--- -# Prometheus Monitor Service (Metrics) -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - control-plane: controller-manager - name: controller-manager-metrics-monitor - namespace: system -spec: - endpoints: - - path: /metrics - port: https - scheme: https - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - tlsConfig: - insecureSkipVerify: true - selector: - matchLabels: - control-plane: controller-manager -` diff --git a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/auth_proxy_client_clusterrole.go b/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/auth_proxy_client_clusterrole.go deleted file mode 100644 index 281797af6c1..00000000000 --- a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/auth_proxy_client_clusterrole.go +++ /dev/null @@ -1,50 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &ClientClusterRole{} - -// ClientClusterRole scaffolds the config/rbac/client_clusterrole.yaml file -type ClientClusterRole struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *ClientClusterRole) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "auth_proxy_client_clusterrole.yaml") - } - - f.TemplateBody = clientClusterRoleTemplate - - return nil -} - -const clientClusterRoleTemplate = `apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: metrics-reader -rules: -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -` diff --git a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/auth_proxy_role.go b/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/auth_proxy_role.go deleted file mode 100644 index dd18925d633..00000000000 --- a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/auth_proxy_role.go +++ /dev/null @@ -1,56 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &AuthProxyRole{} - -// AuthProxyRole scaffolds the config/rbac/auth_proxy_role.yaml file -type AuthProxyRole struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *AuthProxyRole) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "auth_proxy_role.yaml") - } - - f.TemplateBody = proxyRoleTemplate - - return nil -} - -const proxyRoleTemplate = `apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: proxy-role -rules: -- apiGroups: ["authentication.k8s.io"] - resources: - - tokenreviews - verbs: ["create"] -- apiGroups: ["authorization.k8s.io"] - resources: - - subjectaccessreviews - verbs: ["create"] -` diff --git a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/auth_proxy_role_binding.go b/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/auth_proxy_role_binding.go deleted file mode 100644 index 1e5e98fba9a..00000000000 --- a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/auth_proxy_role_binding.go +++ /dev/null @@ -1,55 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &AuthProxyRoleBinding{} - -// AuthProxyRoleBinding scaffolds the config/rbac/auth_proxy_role_binding_rbac.yaml file -type AuthProxyRoleBinding struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *AuthProxyRoleBinding) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "auth_proxy_role_binding.yaml") - } - - f.TemplateBody = proxyRoleBindinggTemplate - - return nil -} - -const proxyRoleBindinggTemplate = `apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: proxy-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: proxy-role -subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system -` diff --git a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/auth_proxy_service.go b/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/auth_proxy_service.go deleted file mode 100644 index f3e8408874c..00000000000 --- a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/auth_proxy_service.go +++ /dev/null @@ -1,57 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &AuthProxyService{} - -// AuthProxyService scaffolds the config/rbac/auth_proxy_service.yaml file -type AuthProxyService struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *AuthProxyService) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "auth_proxy_service.yaml") - } - - f.TemplateBody = authProxyServiceTemplate - - return nil -} - -const authProxyServiceTemplate = `apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: controller-manager - name: controller-manager-metrics-service - namespace: system -spec: - ports: - - name: https - port: 8443 - targetPort: https - selector: - control-plane: controller-manager -` diff --git a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/kustomization.go b/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/kustomization.go deleted file mode 100644 index 49b5c435a03..00000000000 --- a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/kustomization.go +++ /dev/null @@ -1,63 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &Kustomization{} - -// Kustomization scaffolds the Kustomization file in rbac folder. -type Kustomization struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *Kustomization) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "kustomization.yaml") - } - - f.TemplateBody = kustomizeRBACTemplate - - f.IfExistsAction = machinery.Error - - return nil -} - -const kustomizeRBACTemplate = `resources: -# All RBAC will be applied under this service account in -# the deployment namespace. You may comment out this resource -# if your manager will use a service account that exists at -# runtime. Be sure to update RoleBinding and ClusterRoleBinding -# subjects if changing service account names. -- service_account.yaml -- role.yaml -- role_binding.yaml -- leader_election_role.yaml -- leader_election_role_binding.yaml -# Comment the following 4 lines if you want to disable -# the auth proxy (https://github.com/brancz/kube-rbac-proxy) -# which protects your /metrics endpoint. -- auth_proxy_service.yaml -- auth_proxy_role.yaml -- auth_proxy_role_binding.yaml -- auth_proxy_client_clusterrole.yaml -` diff --git a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/leader_election_role.go b/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/leader_election_role.go deleted file mode 100644 index 8cfccc27792..00000000000 --- a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/leader_election_role.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &LeaderElectionRole{} - -// LeaderElectionRole scaffolds the config/rbac/leader_election_role.yaml file -type LeaderElectionRole struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *LeaderElectionRole) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "leader_election_role.yaml") - } - - f.TemplateBody = leaderElectionRoleTemplate - - return nil -} - -const leaderElectionRoleTemplate = `# permissions to do leader election. -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: leader-election-role -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -` diff --git a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/leader_election_role_binding.go b/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/leader_election_role_binding.go deleted file mode 100644 index d4a901f98d6..00000000000 --- a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/leader_election_role_binding.go +++ /dev/null @@ -1,55 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &LeaderElectionRoleBinding{} - -// LeaderElectionRoleBinding scaffolds the config/rbac/leader_election_role_binding.yaml file -type LeaderElectionRoleBinding struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *LeaderElectionRoleBinding) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "leader_election_role_binding.yaml") - } - - f.TemplateBody = leaderElectionRoleBindingTemplate - - return nil -} - -const leaderElectionRoleBindingTemplate = `apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: leader-election-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: leader-election-role -subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system -` diff --git a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/role_binding.go b/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/role_binding.go deleted file mode 100644 index 1d09866eab1..00000000000 --- a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/role_binding.go +++ /dev/null @@ -1,57 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. -Modifications copyright 2020 The Operator-SDK Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &RoleBinding{} - -// RoleBinding scaffolds the config/rbac/role_binding.yaml file -type RoleBinding struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *RoleBinding) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "role_binding.yaml") - } - - f.TemplateBody = roleBindingTemplate - - return nil -} - -const roleBindingTemplate = `--- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: manager-role -subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system -` diff --git a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/service_account.go b/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/service_account.go deleted file mode 100644 index 87bd6176bf5..00000000000 --- a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/service_account.go +++ /dev/null @@ -1,48 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &ServiceAccount{} - -// ServiceAccount scaffolds a file that defines the service account the manager is deployed in. -type ServiceAccount struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *ServiceAccount) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "service_account.yaml") - } - - f.TemplateBody = serviceAccountTemplate - - return nil -} - -const serviceAccountTemplate = `apiVersion: v1 -kind: ServiceAccount -metadata: - name: controller-manager - namespace: system -` diff --git a/internal/plugins/ansible/v1/scaffolds/internal/templates/dockerfile.go b/internal/plugins/ansible/v1/scaffolds/internal/templates/dockerfile.go index 35db77ea05c..292e07644cf 100644 --- a/internal/plugins/ansible/v1/scaffolds/internal/templates/dockerfile.go +++ b/internal/plugins/ansible/v1/scaffolds/internal/templates/dockerfile.go @@ -63,4 +63,6 @@ RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \ COPY watches.yaml ${HOME}/watches.yaml COPY {{ .RolesDir }}/ ${HOME}/{{ .RolesDir }}/ COPY {{ .PlaybooksDir }}/ ${HOME}/{{ .PlaybooksDir }}/ + +ENTRYPOINT ["/manager"] ` diff --git a/internal/plugins/helm/v1/init.go b/internal/plugins/helm/v1/init.go index 21fb15d2548..6f5490f7767 100644 --- a/internal/plugins/helm/v1/init.go +++ b/internal/plugins/helm/v1/init.go @@ -18,16 +18,15 @@ import ( "fmt" "os" "path/filepath" - "strings" "github.com/spf13/pflag" - "k8s.io/apimachinery/pkg/util/validation" "sigs.k8s.io/kubebuilder/v3/pkg/config" "sigs.k8s.io/kubebuilder/v3/pkg/machinery" "sigs.k8s.io/kubebuilder/v3/pkg/plugin" "sigs.k8s.io/kubebuilder/v3/pkg/plugin/util" "github.com/operator-framework/operator-sdk/internal/plugins/helm/v1/scaffolds" + sdkutil "github.com/operator-framework/operator-sdk/internal/util" ) const ( @@ -45,11 +44,9 @@ type initSubcommand struct { commandName string // Flags - group string - domain string - version string - kind string - projectName string + group string + version string + kind string } var _ plugin.InitSubcommand = &initSubcommand{} @@ -121,9 +118,6 @@ Writes the following files: func (p *initSubcommand) BindFlags(fs *pflag.FlagSet) { fs.SortFlags = false - fs.StringVar(&p.domain, "domain", "my.domain", "domain for groups") - fs.StringVar(&p.projectName, "project-name", "", "name of this project, the default being directory name") - fs.StringVar(&p.group, groupFlag, "", "resource Group") fs.StringVar(&p.version, versionFlag, "", "resource Version") fs.StringVar(&p.kind, kindFlag, "", "resource Kind") @@ -132,27 +126,6 @@ func (p *initSubcommand) BindFlags(fs *pflag.FlagSet) { func (p *initSubcommand) InjectConfig(c config.Config) error { p.config = c - - if err := p.config.SetDomain(p.domain); err != nil { - return err - } - - // Assign a default project name - if p.projectName == "" { - dir, err := os.Getwd() - if err != nil { - return fmt.Errorf("error getting current directory: %v", err) - } - p.projectName = strings.ToLower(filepath.Base(dir)) - } - // Check if the project name is a valid k8s namespace (DNS 1123 label). - if err := validation.IsDNS1123Label(p.projectName); err != nil { - return fmt.Errorf("project name (%s) is invalid: %v", p.projectName, err) - } - if err := p.config.SetProjectName(p.projectName); err != nil { - return err - } - return nil } @@ -164,6 +137,10 @@ func (p *initSubcommand) Scaffold(fs machinery.Filesystem) error { // PostScaffold will run the required actions after the default plugin scaffold func (p *initSubcommand) PostScaffold() error { + if err := runCustomsOnTop(p.config.GetProjectName()); err != nil { + return fmt.Errorf("unable to scaffold the helm customizations : %s", err) + } + doAPI := p.group != "" || p.version != "" || p.kind != "" || p.apiSubcommand.options.chartOptions.Chart != defaultHelmChart if !doAPI { fmt.Printf("Next: define a resource with:\n$ %s create api\n", p.commandName) @@ -198,3 +175,41 @@ func (p *initSubcommand) PostScaffold() error { return nil } + +// runCustomsOnTop will perform the required customizations for Helm-based projects on top of the default scaffold +func runCustomsOnTop(projectName string) error { + managerFile := filepath.Join("config", "manager", "manager.yaml") + + // Add leader election arg in config/manager/manager.yaml and in config/default/manager_auth_proxy_patch.yaml + err := sdkutil.InsertCode(managerFile, + "--leader-elect", + fmt.Sprintf("\n - --leader-election-id=%s", projectName)) + if err != nil { + return err + } + + err = sdkutil.InsertCode("config/default/manager_auth_proxy_patch.yaml", + "- \"--leader-elect\"", + fmt.Sprintf("\n - \"--leader-election-id=%s\"", projectName)) + if err != nil { + return err + } + + // Increase the default memory required. + err = sdkutil.ReplaceInFile(managerFile, "memory: 30Mi", "memory: 90Mi") + if err != nil { + return err + } + err = sdkutil.ReplaceInFile(managerFile, "memory: 20Mi", "memory: 60Mi") + if err != nil { + return err + } + + // Remove the webhook option for the componentConfig since webhooks are not supported by helm + err = sdkutil.ReplaceInFile("config/manager/controller_manager_config.yaml", "webhook:\n port: 9443", "") + if err != nil { + return err + } + + return nil +} diff --git a/internal/plugins/helm/v1/scaffolds/init.go b/internal/plugins/helm/v1/scaffolds/init.go index e461962f255..c1a7eec58af 100644 --- a/internal/plugins/helm/v1/scaffolds/init.go +++ b/internal/plugins/helm/v1/scaffolds/init.go @@ -26,9 +26,6 @@ import ( "github.com/operator-framework/operator-sdk/internal/plugins/helm/v1/chartutil" "github.com/operator-framework/operator-sdk/internal/plugins/helm/v1/scaffolds/internal/templates" - "github.com/operator-framework/operator-sdk/internal/plugins/helm/v1/scaffolds/internal/templates/config/kdefault" - "github.com/operator-framework/operator-sdk/internal/plugins/helm/v1/scaffolds/internal/templates/config/manager" - "github.com/operator-framework/operator-sdk/internal/plugins/helm/v1/scaffolds/internal/templates/config/prometheus" "github.com/operator-framework/operator-sdk/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac" "github.com/operator-framework/operator-sdk/internal/version" ) @@ -87,21 +84,6 @@ func (s *initScaffolder) Scaffold() error { HelmOperatorVersion: helmOperatorVersion, }, &templates.Watches{}, - &rbac.AuthProxyRole{}, - &rbac.AuthProxyRoleBinding{}, - &rbac.AuthProxyService{}, - &rbac.ClientClusterRole{}, - &rbac.Kustomization{}, - &rbac.LeaderElectionRole{}, - &rbac.LeaderElectionRoleBinding{}, &rbac.ManagerRole{}, - &rbac.ManagerRoleBinding{}, - &rbac.ServiceAccount{}, - &manager.Kustomization{}, - &manager.Config{Image: imageName}, - &prometheus.Kustomization{}, - &prometheus.ServiceMonitor{}, - &kdefault.ManagerAuthProxyPatch{}, - &kdefault.Kustomization{}, ) } diff --git a/internal/plugins/helm/v1/scaffolds/internal/templates/config/kdefault/kustomization.go b/internal/plugins/helm/v1/scaffolds/internal/templates/config/kdefault/kustomization.go deleted file mode 100644 index ee488be81f2..00000000000 --- a/internal/plugins/helm/v1/scaffolds/internal/templates/config/kdefault/kustomization.go +++ /dev/null @@ -1,73 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. -Modifications copyright 2020 The Operator-SDK Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package kdefault - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &Kustomization{} - -// Kustomization scaffolds the Kustomization file for the default overlay -type Kustomization struct { - machinery.TemplateMixin - machinery.ProjectNameMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *Kustomization) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "default", "kustomization.yaml") - } - - f.TemplateBody = kustomizeTemplate - - f.IfExistsAction = machinery.Error - - return nil -} - -const kustomizeTemplate = `# Adds namespace to all resources. -namespace: {{ .ProjectName }}-system - -# Value of this field is prepended to the -# names of all resources, e.g. a deployment named -# "wordpress" becomes "alices-wordpress". -# Note that it should also match with the prefix (text before '-') of the namespace -# field above. -namePrefix: {{ .ProjectName }}- - -# Labels to add to all resources and selectors. -#commonLabels: -# someName: someValue - -bases: -- ../crd -- ../rbac -- ../manager -# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. -#- ../prometheus - -patchesStrategicMerge: -# Protect the /metrics endpoint by putting it behind auth. -# If you want your controller-manager to expose the /metrics -# endpoint w/o any authn/z, please comment the following line. -- manager_auth_proxy_patch.yaml -` diff --git a/internal/plugins/helm/v1/scaffolds/internal/templates/config/kdefault/manager_auth_proxy_patch.go b/internal/plugins/helm/v1/scaffolds/internal/templates/config/kdefault/manager_auth_proxy_patch.go deleted file mode 100644 index 73d4b78dcf5..00000000000 --- a/internal/plugins/helm/v1/scaffolds/internal/templates/config/kdefault/manager_auth_proxy_patch.go +++ /dev/null @@ -1,74 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. -Modifications copyright 2020 The Operator-SDK Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package kdefault - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &ManagerAuthProxyPatch{} - -// ManagerAuthProxyPatch scaffolds the patch file for enabling prometheus metrics for manager Pod. -type ManagerAuthProxyPatch struct { - machinery.TemplateMixin - machinery.ProjectNameMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *ManagerAuthProxyPatch) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "default", "manager_auth_proxy_patch.yaml") - } - - f.TemplateBody = kustomizeAuthProxyPatchTemplate - - f.IfExistsAction = machinery.Error - - return nil -} - -const kustomizeAuthProxyPatchTemplate = `# This patch inject a sidecar container which is a HTTP proxy for the -# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: kube-rbac-proxy - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - args: - - "--secure-listen-address=0.0.0.0:8443" - - "--upstream=http://127.0.0.1:8080/" - - "--logtostderr=true" - - "--v=10" - ports: - - containerPort: 8443 - name: https - - name: manager - args: - - "--health-probe-bind-address=:8081" - - "--metrics-bind-address=127.0.0.1:8080" - - "--leader-elect" - - "--leader-election-id={{ .ProjectName }}" -` diff --git a/internal/plugins/helm/v1/scaffolds/internal/templates/config/manager/config.go b/internal/plugins/helm/v1/scaffolds/internal/templates/config/manager/config.go deleted file mode 100644 index 54696b58e2a..00000000000 --- a/internal/plugins/helm/v1/scaffolds/internal/templates/config/manager/config.go +++ /dev/null @@ -1,102 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package manager - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &Config{} - -// Config scaffolds yaml config for the manager. -type Config struct { - machinery.TemplateMixin - machinery.ProjectNameMixin - - // Image is controller manager image name - Image string -} - -// SetTemplateDefaults implements machinery.Template -func (f *Config) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "manager", "manager.yaml") - } - - f.TemplateBody = configTemplate - - return nil -} - -const configTemplate = `apiVersion: v1 -kind: Namespace -metadata: - labels: - control-plane: controller-manager - name: system ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system - labels: - control-plane: controller-manager -spec: - selector: - matchLabels: - control-plane: controller-manager - replicas: 1 - template: - metadata: - labels: - control-plane: controller-manager - spec: - securityContext: - runAsNonRoot: true - containers: - - image: {{ .Image }} - args: - - "--leader-elect" - - "--leader-election-id={{ .ProjectName }}" - name: manager - securityContext: - allowPrivilegeEscalation: false - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 100m - memory: 90Mi - requests: - cpu: 100m - memory: 60Mi - serviceAccountName: controller-manager - terminationGracePeriodSeconds: 10 -` diff --git a/internal/plugins/helm/v1/scaffolds/internal/templates/config/manager/kustomization.go b/internal/plugins/helm/v1/scaffolds/internal/templates/config/manager/kustomization.go deleted file mode 100644 index 6938b010ebb..00000000000 --- a/internal/plugins/helm/v1/scaffolds/internal/templates/config/manager/kustomization.go +++ /dev/null @@ -1,47 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package manager - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &Kustomization{} - -// Kustomization scaffolds a file that defines the kustomization scheme for the manager folder -type Kustomization struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *Kustomization) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "manager", "kustomization.yaml") - } - - f.TemplateBody = kustomizeManagerTemplate - - f.IfExistsAction = machinery.Error - - return nil -} - -const kustomizeManagerTemplate = `resources: -- manager.yaml -` diff --git a/internal/plugins/helm/v1/scaffolds/internal/templates/config/prometheus/kustomization.go b/internal/plugins/helm/v1/scaffolds/internal/templates/config/prometheus/kustomization.go deleted file mode 100644 index 64821e1e411..00000000000 --- a/internal/plugins/helm/v1/scaffolds/internal/templates/config/prometheus/kustomization.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package prometheus - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &Kustomization{} - -// Kustomization scaffolds the kustomizaiton in the prometheus folder -type Kustomization struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *Kustomization) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "prometheus", "kustomization.yaml") - } - - f.TemplateBody = kustomizationTemplate - - return nil -} - -const kustomizationTemplate = `resources: -- monitor.yaml -` diff --git a/internal/plugins/helm/v1/scaffolds/internal/templates/config/prometheus/monitor.go b/internal/plugins/helm/v1/scaffolds/internal/templates/config/prometheus/monitor.go deleted file mode 100644 index 87696014805..00000000000 --- a/internal/plugins/helm/v1/scaffolds/internal/templates/config/prometheus/monitor.go +++ /dev/null @@ -1,63 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package prometheus - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &ServiceMonitor{} - -// ServiceMonitor scaffolds an issuer CR and a certificate CR -type ServiceMonitor struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *ServiceMonitor) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "prometheus", "monitor.yaml") - } - - f.TemplateBody = serviceMonitorTemplate - - return nil -} - -const serviceMonitorTemplate = ` -# Prometheus Monitor Service (Metrics) -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - control-plane: controller-manager - name: controller-manager-metrics-monitor - namespace: system -spec: - endpoints: - - path: /metrics - port: https - scheme: https - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - tlsConfig: - insecureSkipVerify: true - selector: - matchLabels: - control-plane: controller-manager -` diff --git a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/auth_proxy_role.go b/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/auth_proxy_role.go deleted file mode 100644 index dd18925d633..00000000000 --- a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/auth_proxy_role.go +++ /dev/null @@ -1,56 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &AuthProxyRole{} - -// AuthProxyRole scaffolds the config/rbac/auth_proxy_role.yaml file -type AuthProxyRole struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *AuthProxyRole) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "auth_proxy_role.yaml") - } - - f.TemplateBody = proxyRoleTemplate - - return nil -} - -const proxyRoleTemplate = `apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: proxy-role -rules: -- apiGroups: ["authentication.k8s.io"] - resources: - - tokenreviews - verbs: ["create"] -- apiGroups: ["authorization.k8s.io"] - resources: - - subjectaccessreviews - verbs: ["create"] -` diff --git a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/auth_proxy_role_binding.go b/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/auth_proxy_role_binding.go deleted file mode 100644 index 1e5e98fba9a..00000000000 --- a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/auth_proxy_role_binding.go +++ /dev/null @@ -1,55 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &AuthProxyRoleBinding{} - -// AuthProxyRoleBinding scaffolds the config/rbac/auth_proxy_role_binding_rbac.yaml file -type AuthProxyRoleBinding struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *AuthProxyRoleBinding) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "auth_proxy_role_binding.yaml") - } - - f.TemplateBody = proxyRoleBindinggTemplate - - return nil -} - -const proxyRoleBindinggTemplate = `apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: proxy-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: proxy-role -subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system -` diff --git a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/auth_proxy_service.go b/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/auth_proxy_service.go deleted file mode 100644 index f3e8408874c..00000000000 --- a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/auth_proxy_service.go +++ /dev/null @@ -1,57 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &AuthProxyService{} - -// AuthProxyService scaffolds the config/rbac/auth_proxy_service.yaml file -type AuthProxyService struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *AuthProxyService) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "auth_proxy_service.yaml") - } - - f.TemplateBody = authProxyServiceTemplate - - return nil -} - -const authProxyServiceTemplate = `apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: controller-manager - name: controller-manager-metrics-service - namespace: system -spec: - ports: - - name: https - port: 8443 - targetPort: https - selector: - control-plane: controller-manager -` diff --git a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/client_cluster_role.go b/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/client_cluster_role.go deleted file mode 100644 index 281797af6c1..00000000000 --- a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/client_cluster_role.go +++ /dev/null @@ -1,50 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &ClientClusterRole{} - -// ClientClusterRole scaffolds the config/rbac/client_clusterrole.yaml file -type ClientClusterRole struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *ClientClusterRole) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "auth_proxy_client_clusterrole.yaml") - } - - f.TemplateBody = clientClusterRoleTemplate - - return nil -} - -const clientClusterRoleTemplate = `apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: metrics-reader -rules: -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -` diff --git a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/kustomization.go b/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/kustomization.go deleted file mode 100644 index 49b5c435a03..00000000000 --- a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/kustomization.go +++ /dev/null @@ -1,63 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &Kustomization{} - -// Kustomization scaffolds the Kustomization file in rbac folder. -type Kustomization struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *Kustomization) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "kustomization.yaml") - } - - f.TemplateBody = kustomizeRBACTemplate - - f.IfExistsAction = machinery.Error - - return nil -} - -const kustomizeRBACTemplate = `resources: -# All RBAC will be applied under this service account in -# the deployment namespace. You may comment out this resource -# if your manager will use a service account that exists at -# runtime. Be sure to update RoleBinding and ClusterRoleBinding -# subjects if changing service account names. -- service_account.yaml -- role.yaml -- role_binding.yaml -- leader_election_role.yaml -- leader_election_role_binding.yaml -# Comment the following 4 lines if you want to disable -# the auth proxy (https://github.com/brancz/kube-rbac-proxy) -# which protects your /metrics endpoint. -- auth_proxy_service.yaml -- auth_proxy_role.yaml -- auth_proxy_role_binding.yaml -- auth_proxy_client_clusterrole.yaml -` diff --git a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/leader_election_role.go b/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/leader_election_role.go deleted file mode 100644 index 8cfccc27792..00000000000 --- a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/leader_election_role.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &LeaderElectionRole{} - -// LeaderElectionRole scaffolds the config/rbac/leader_election_role.yaml file -type LeaderElectionRole struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *LeaderElectionRole) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "leader_election_role.yaml") - } - - f.TemplateBody = leaderElectionRoleTemplate - - return nil -} - -const leaderElectionRoleTemplate = `# permissions to do leader election. -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: leader-election-role -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -` diff --git a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/leader_election_role_binding.go b/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/leader_election_role_binding.go deleted file mode 100644 index d4a901f98d6..00000000000 --- a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/leader_election_role_binding.go +++ /dev/null @@ -1,55 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &LeaderElectionRoleBinding{} - -// LeaderElectionRoleBinding scaffolds the config/rbac/leader_election_role_binding.yaml file -type LeaderElectionRoleBinding struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *LeaderElectionRoleBinding) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "leader_election_role_binding.yaml") - } - - f.TemplateBody = leaderElectionRoleBindingTemplate - - return nil -} - -const leaderElectionRoleBindingTemplate = `apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: leader-election-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: leader-election-role -subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system -` diff --git a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/manager_role_binding.go b/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/manager_role_binding.go deleted file mode 100644 index ebf018218d6..00000000000 --- a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/manager_role_binding.go +++ /dev/null @@ -1,55 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &ManagerRoleBinding{} - -// ManagerRoleBinding scaffolds the config/rbac/role_binding.yaml file -type ManagerRoleBinding struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *ManagerRoleBinding) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "role_binding.yaml") - } - - f.TemplateBody = managerBindingTemplate - - return nil -} - -const managerBindingTemplate = `apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: manager-role -subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system -` diff --git a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/service_account.go b/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/service_account.go deleted file mode 100644 index 87bd6176bf5..00000000000 --- a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/service_account.go +++ /dev/null @@ -1,48 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &ServiceAccount{} - -// ServiceAccount scaffolds a file that defines the service account the manager is deployed in. -type ServiceAccount struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *ServiceAccount) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "service_account.yaml") - } - - f.TemplateBody = serviceAccountTemplate - - return nil -} - -const serviceAccountTemplate = `apiVersion: v1 -kind: ServiceAccount -metadata: - name: controller-manager - namespace: system -` diff --git a/internal/plugins/helm/v1/scaffolds/internal/templates/dockerfile.go b/internal/plugins/helm/v1/scaffolds/internal/templates/dockerfile.go index 9cc3139cfca..83b5ad07241 100644 --- a/internal/plugins/helm/v1/scaffolds/internal/templates/dockerfile.go +++ b/internal/plugins/helm/v1/scaffolds/internal/templates/dockerfile.go @@ -52,4 +52,6 @@ ENV HOME=/opt/helm COPY watches.yaml ${HOME}/watches.yaml COPY helm-charts ${HOME}/helm-charts WORKDIR ${HOME} + +ENTRYPOINT ["/manager"] ` diff --git a/internal/testutils/olm.go b/internal/testutils/olm.go index 89f3c3e76e4..a3bad9be9f5 100644 --- a/internal/testutils/olm.go +++ b/internal/testutils/olm.go @@ -19,6 +19,8 @@ import ( "io/ioutil" "path/filepath" + "github.com/operator-framework/operator-sdk/internal/util" + _ "sigs.k8s.io/kubebuilder/v3/pkg/config/v2" // Register config/v2 for `config.New` _ "sigs.k8s.io/kubebuilder/v3/pkg/config/v3" // Register config/v3 for `config.New` @@ -80,7 +82,7 @@ func (tc TestContext) DisableManifestsInteractiveMode() error { // pkgmanifest target if it be scaffolded before this call content := "operator-sdk generate kustomize manifests" replace := content + " --interactive=false" - return ReplaceInFile(filepath.Join(tc.Dir, "Makefile"), content, replace) + return util.ReplaceInFile(filepath.Join(tc.Dir, "Makefile"), content, replace) } // GenerateBundle runs all commands to create an operator bundle. diff --git a/internal/testutils/scorecard.go b/internal/testutils/scorecard.go index fb1bfc915b7..4174d3af231 100644 --- a/internal/testutils/scorecard.go +++ b/internal/testutils/scorecard.go @@ -21,6 +21,8 @@ import ( "io/ioutil" "os" "path/filepath" + + "github.com/operator-framework/operator-sdk/internal/util" ) const scorecardImage = "quay.io/operator-framework/scorecard-test:.*" @@ -86,7 +88,7 @@ func (tc TestContext) AddScorecardCustomPatchFile() error { // ReplaceScorecardImagesForDev will replaces the scorecard images in the manifests per dev tag which is built // in the CI based on the code changes made. func (tc TestContext) ReplaceScorecardImagesForDev() error { - err := ReplaceRegexInFile( + err := util.ReplaceRegexInFile( filepath.Join(tc.Dir, "config", "scorecard", "patches", "basic.config.yaml"), scorecardImage, scorecardImageReplace, ) @@ -94,7 +96,7 @@ func (tc TestContext) ReplaceScorecardImagesForDev() error { return err } - err = ReplaceRegexInFile( + err = util.ReplaceRegexInFile( filepath.Join(tc.Dir, "config", "scorecard", "patches", "olm.config.yaml"), scorecardImage, scorecardImageReplace, ) diff --git a/internal/testutils/utils.go b/internal/testutils/utils.go index d1aceed37fd..0797bf17d26 100644 --- a/internal/testutils/utils.go +++ b/internal/testutils/utils.go @@ -17,13 +17,11 @@ package testutils import ( "bufio" "bytes" - "errors" "fmt" "io/ioutil" "os" "os/exec" "path/filepath" - "regexp" "strings" "time" @@ -110,55 +108,6 @@ func (tc TestContext) UninstallOLM() { } } -// ReplaceInFile replaces all instances of old with new in the file at path. -// todo(camilamacedo86): this func can be pushed to upstream/kb -func ReplaceInFile(path, old, new string) error { - info, err := os.Stat(path) - if err != nil { - return err - } - b, err := ioutil.ReadFile(path) - if err != nil { - return err - } - if !strings.Contains(string(b), old) { - return errors.New("unable to find the content to be replaced") - } - s := strings.Replace(string(b), old, new, -1) - err = ioutil.WriteFile(path, []byte(s), info.Mode()) - if err != nil { - return err - } - return nil -} - -// ReplaceRegexInFile finds all strings that match `match` and replaces them -// with `replace` in the file at path. -// todo(camilamacedo86): this func can be pushed to upstream/kb -func ReplaceRegexInFile(path, match, replace string) error { - matcher, err := regexp.Compile(match) - if err != nil { - return err - } - info, err := os.Stat(path) - if err != nil { - return err - } - b, err := ioutil.ReadFile(path) - if err != nil { - return err - } - s := matcher.ReplaceAllString(string(b), replace) - if s == string(b) { - return errors.New("unable to find the content to be replaced") - } - err = ioutil.WriteFile(path, []byte(s), info.Mode()) - if err != nil { - return err - } - return nil -} - // LoadImageToKindClusterWithName loads a local docker image with the name informed to the kind cluster func (tc TestContext) LoadImageToKindClusterWithName(image string) error { cluster := "kind" diff --git a/internal/util/utils.go b/internal/util/utils.go new file mode 100644 index 00000000000..0a9aa3aa1b5 --- /dev/null +++ b/internal/util/utils.go @@ -0,0 +1,81 @@ +// Copyright 2020 The Operator-SDK Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// todo(camilamacedo86): push this helpers to kubbuilder + +package util + +import ( + "errors" + "io/ioutil" + "os" + "regexp" + "strings" +) + +func ReplaceInFile(path, old, new string) error { + info, err := os.Stat(path) + if err != nil { + return err + } + b, err := ioutil.ReadFile(path) + if err != nil { + return err + } + if !strings.Contains(string(b), old) { + return errors.New("unable to find the content to be replaced") + } + s := strings.Replace(string(b), old, new, -1) + err = ioutil.WriteFile(path, []byte(s), info.Mode()) + if err != nil { + return err + } + return nil +} + +func ReplaceRegexInFile(path, match, replace string) error { + matcher, err := regexp.Compile(match) + if err != nil { + return err + } + info, err := os.Stat(path) + if err != nil { + return err + } + b, err := ioutil.ReadFile(path) + if err != nil { + return err + } + s := matcher.ReplaceAllString(string(b), replace) + if s == string(b) { + return errors.New("unable to find the content to be replaced") + } + err = ioutil.WriteFile(path, []byte(s), info.Mode()) + if err != nil { + return err + } + return nil +} + +// InsertCode searches target content in the file and insert `toInsert` after the target. +func InsertCode(filename, target, code string) error { + contents, err := ioutil.ReadFile(filename) + if err != nil { + return err + } + idx := strings.Index(string(contents), target) + out := string(contents[:idx+len(target)]) + code + string(contents[idx+len(target):]) + // false positive + // nolint:gosec + return ioutil.WriteFile(filename, []byte(out), 0644) +} diff --git a/test/e2e/ansible/cluster_test.go b/test/e2e/ansible/cluster_test.go index f5a3c1d5ec3..c7058bec24d 100644 --- a/test/e2e/ansible/cluster_test.go +++ b/test/e2e/ansible/cluster_test.go @@ -26,6 +26,7 @@ import ( kbtestutils "sigs.k8s.io/kubebuilder/v3/test/e2e/utils" "github.com/operator-framework/operator-sdk/internal/testutils" + "github.com/operator-framework/operator-sdk/internal/util" ) var _ = Describe("Running ansible projects", func() { @@ -214,7 +215,7 @@ var _ = Describe("Running ansible projects", func() { Eventually(verifyMemcachedScalesBack, time.Minute, time.Second).Should(Succeed()) By("updating size to 2 in the CR manifest") - err = testutils.ReplaceInFile(memcachedSampleFile, "size: 1", "size: 2") + err = util.ReplaceInFile(memcachedSampleFile, "size: 1", "size: 2") Expect(err).NotTo(HaveOccurred()) By("applying CR manifest with size: 2") diff --git a/test/e2e/ansible/suite_test.go b/test/e2e/ansible/suite_test.go index bdf4d9fcbd5..2a75e11d8a3 100644 --- a/test/e2e/ansible/suite_test.go +++ b/test/e2e/ansible/suite_test.go @@ -27,6 +27,7 @@ import ( . "github.com/onsi/gomega" "github.com/operator-framework/operator-sdk/internal/testutils" + "github.com/operator-framework/operator-sdk/internal/util" ) // TestE2EAnsible ensures the ansible projects built with the SDK tool by using its binary. @@ -62,7 +63,7 @@ var _ = BeforeSuite(func() { Expect(exec.Command("cp", "-r", "../../../testdata/ansible/memcached-operator", tc.Dir).Run()).To(Succeed()) By("enabling debug logging in the manager") - err = testutils.ReplaceInFile(filepath.Join(tc.Dir, "config", "default", "manager_auth_proxy_patch.yaml"), + err = util.ReplaceInFile(filepath.Join(tc.Dir, "config", "default", "manager_auth_proxy_patch.yaml"), "- \"--leader-elect\"", "- \"--zap-log-level=2\"\n - \"--leader-elect\"") Expect(err).NotTo(HaveOccurred()) @@ -78,7 +79,7 @@ var _ = BeforeSuite(func() { Expect(err).NotTo(HaveOccurred()) By("replacing project Dockerfile to use ansible base image with the dev tag") - err = testutils.ReplaceRegexInFile(filepath.Join(tc.Dir, "Dockerfile"), "quay.io/operator-framework/ansible-operator:.*", "quay.io/operator-framework/ansible-operator:dev") + err = util.ReplaceRegexInFile(filepath.Join(tc.Dir, "Dockerfile"), "quay.io/operator-framework/ansible-operator:.*", "quay.io/operator-framework/ansible-operator:dev") Expect(err).Should(Succeed()) By("adding Memcached mock task to the role") @@ -95,12 +96,12 @@ var _ = BeforeSuite(func() { Expect(err).NotTo(HaveOccurred()) By("adding task to delete config map") - err = testutils.ReplaceInFile(filepath.Join(tc.Dir, "roles", "memfin", "tasks", "main.yml"), + err = util.ReplaceInFile(filepath.Join(tc.Dir, "roles", "memfin", "tasks", "main.yml"), "# tasks file for Memfin", taskToDeleteConfigMap) Expect(err).NotTo(HaveOccurred()) By("adding to watches finalizer and blacklist") - err = testutils.ReplaceInFile(filepath.Join(tc.Dir, "watches.yaml"), + err = util.ReplaceInFile(filepath.Join(tc.Dir, "watches.yaml"), "playbook: playbooks/memcached.yml", memcachedWatchCustomizations) Expect(err).NotTo(HaveOccurred()) @@ -113,7 +114,7 @@ var _ = BeforeSuite(func() { Expect(err).NotTo(HaveOccurred()) By("adding RBAC permissions for the Memcached Kind") - err = testutils.ReplaceInFile(filepath.Join(tc.Dir, "config", "rbac", "role.yaml"), + err = util.ReplaceInFile(filepath.Join(tc.Dir, "config", "rbac", "role.yaml"), "#+kubebuilder:scaffold:rules", rolesForBaseOperator) Expect(err).NotTo(HaveOccurred()) diff --git a/test/e2e/helm/cluster_test.go b/test/e2e/helm/cluster_test.go index 55b568b8e55..b3213efe92f 100644 --- a/test/e2e/helm/cluster_test.go +++ b/test/e2e/helm/cluster_test.go @@ -26,6 +26,7 @@ import ( kbtestutils "sigs.k8s.io/kubebuilder/v3/test/e2e/utils" "github.com/operator-framework/operator-sdk/internal/testutils" + "github.com/operator-framework/operator-sdk/internal/util" ) var _ = Describe("Running Helm projects", func() { @@ -114,7 +115,7 @@ var _ = Describe("Running Helm projects", func() { fmt.Sprintf("%s_%s_%s.yaml", tc.Group, tc.Version, strings.ToLower(tc.Kind))) By("updating replicaCount to 1 in the CR manifest") - err = testutils.ReplaceInFile(filepath.Join(tc.Dir, sampleFile), "replicaCount: 3", "replicaCount: 1") + err = util.ReplaceInFile(filepath.Join(tc.Dir, sampleFile), "replicaCount: 3", "replicaCount: 1") Expect(err).NotTo(HaveOccurred()) By("creating an instance of release(CR)") @@ -172,7 +173,7 @@ var _ = Describe("Running Helm projects", func() { Eventually(verifyRelease, time.Minute, time.Second).Should(Succeed()) By("updating replicaCount to 2 in the CR manifest") - err = testutils.ReplaceInFile(filepath.Join(tc.Dir, sampleFile), "replicaCount: 1", "replicaCount: 2") + err = util.ReplaceInFile(filepath.Join(tc.Dir, sampleFile), "replicaCount: 1", "replicaCount: 2") Expect(err).NotTo(HaveOccurred()) By("applying CR manifest with replicaCount: 2") diff --git a/test/e2e/helm/suite_test.go b/test/e2e/helm/suite_test.go index f95d35fc919..9c56bd82b72 100644 --- a/test/e2e/helm/suite_test.go +++ b/test/e2e/helm/suite_test.go @@ -24,6 +24,7 @@ import ( . "github.com/onsi/gomega" "github.com/operator-framework/operator-sdk/internal/testutils" + "github.com/operator-framework/operator-sdk/internal/util" ) // TestE2EHelm ensures the Helm projects built with the SDK tool by using its binary. @@ -71,7 +72,7 @@ var _ = BeforeSuite(func() { Expect(err).NotTo(HaveOccurred()) By("replacing project Dockerfile to use Helm base image with the dev tag") - err = testutils.ReplaceRegexInFile(filepath.Join(tc.Dir, "Dockerfile"), "quay.io/operator-framework/helm-operator:.*", "quay.io/operator-framework/helm-operator:dev") + err = util.ReplaceRegexInFile(filepath.Join(tc.Dir, "Dockerfile"), "quay.io/operator-framework/helm-operator:.*", "quay.io/operator-framework/helm-operator:dev") Expect(err).Should(Succeed()) By("checking the kustomize setup") diff --git a/test/integration/suite_test.go b/test/integration/suite_test.go index 43ab5d961f4..c41a06a0528 100644 --- a/test/integration/suite_test.go +++ b/test/integration/suite_test.go @@ -21,6 +21,8 @@ import ( "path/filepath" "testing" + "github.com/operator-framework/operator-sdk/internal/util" + . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" "github.com/operator-framework/api/pkg/operators/v1alpha1" @@ -176,11 +178,11 @@ func csvPath(tc *testutils.TestContext, version string, isBundle bool) string { func updateProjectConfigs(tc testutils.TestContext) { defaultKustomization := filepath.Join(tc.Dir, "config", "default", "kustomization.yaml") - ExpectWithOffset(1, testutils.ReplaceInFile(defaultKustomization, + ExpectWithOffset(1, util.ReplaceInFile(defaultKustomization, "- ../certmanager", "#- ../certmanager", )).To(Succeed()) - ExpectWithOffset(1, testutils.ReplaceInFile(defaultKustomization, + ExpectWithOffset(1, util.ReplaceInFile(defaultKustomization, "- manager_webhook_patch.yaml", "#- manager_webhook_patch.yaml", )).To(Succeed()) diff --git a/testdata/ansible/memcached-operator/Dockerfile b/testdata/ansible/memcached-operator/Dockerfile index 464a197d33b..d61bd5a7304 100644 --- a/testdata/ansible/memcached-operator/Dockerfile +++ b/testdata/ansible/memcached-operator/Dockerfile @@ -7,3 +7,5 @@ RUN ansible-galaxy collection install -r ${HOME}/requirements.yml \ COPY watches.yaml ${HOME}/watches.yaml COPY roles/ ${HOME}/roles/ COPY playbooks/ ${HOME}/playbooks/ + +ENTRYPOINT ["/manager"] diff --git a/testdata/ansible/memcached-operator/bundle/manifests/memcached-operator-manager-config_v1_configmap.yaml b/testdata/ansible/memcached-operator/bundle/manifests/memcached-operator-manager-config_v1_configmap.yaml new file mode 100644 index 00000000000..727f1bc4ce1 --- /dev/null +++ b/testdata/ansible/memcached-operator/bundle/manifests/memcached-operator-manager-config_v1_configmap.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +data: + controller_manager_config.yaml: | + apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 + kind: ControllerManagerConfig + health: + healthProbeBindAddress: :8081 + metrics: + bindAddress: 127.0.0.1:8080 + leaderElection: + leaderElect: true + resourceName: 811c9dc5.example.com +kind: ConfigMap +metadata: + name: memcached-operator-manager-config diff --git a/testdata/ansible/memcached-operator/bundle/manifests/memcached-operator.clusterserviceversion.yaml b/testdata/ansible/memcached-operator/bundle/manifests/memcached-operator.clusterserviceversion.yaml index e1361a714ca..768ce7fb8d1 100644 --- a/testdata/ansible/memcached-operator/bundle/manifests/memcached-operator.clusterserviceversion.yaml +++ b/testdata/ansible/memcached-operator/bundle/manifests/memcached-operator.clusterserviceversion.yaml @@ -121,6 +121,8 @@ spec: - --metrics-bind-address=127.0.0.1:8080 - --leader-elect - --leader-election-id=memcached-operator + command: + - /manager env: - name: ANSIBLE_GATHERING value: explicit @@ -149,8 +151,10 @@ spec: - rules: - apiGroups: - "" + - coordination.k8s.io resources: - configmaps + - leases verbs: - get - list diff --git a/testdata/ansible/memcached-operator/config/default/kustomization.yaml b/testdata/ansible/memcached-operator/config/default/kustomization.yaml index a7a68300ec4..7a8160b5f58 100644 --- a/testdata/ansible/memcached-operator/config/default/kustomization.yaml +++ b/testdata/ansible/memcached-operator/config/default/kustomization.yaml @@ -24,3 +24,7 @@ patchesStrategicMerge: # If you want your controller-manager to expose the /metrics # endpoint w/o any authn/z, please comment the following line. - manager_auth_proxy_patch.yaml + +# Mount the controller config file for loading manager configurations +# through a ComponentConfig type +#- manager_config_patch.yaml diff --git a/testdata/ansible/memcached-operator/config/default/manager_config_patch.yaml b/testdata/ansible/memcached-operator/config/default/manager_config_patch.yaml new file mode 100644 index 00000000000..6c400155cfb --- /dev/null +++ b/testdata/ansible/memcached-operator/config/default/manager_config_patch.yaml @@ -0,0 +1,20 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + args: + - "--config=controller_manager_config.yaml" + volumeMounts: + - name: manager-config + mountPath: /controller_manager_config.yaml + subPath: controller_manager_config.yaml + volumes: + - name: manager-config + configMap: + name: manager-config diff --git a/testdata/ansible/memcached-operator/config/manager/controller_manager_config.yaml b/testdata/ansible/memcached-operator/config/manager/controller_manager_config.yaml new file mode 100644 index 00000000000..3933b87b509 --- /dev/null +++ b/testdata/ansible/memcached-operator/config/manager/controller_manager_config.yaml @@ -0,0 +1,10 @@ +apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 +kind: ControllerManagerConfig +health: + healthProbeBindAddress: :8081 +metrics: + bindAddress: 127.0.0.1:8080 + +leaderElection: + leaderElect: true + resourceName: 811c9dc5.example.com diff --git a/testdata/ansible/memcached-operator/config/manager/kustomization.yaml b/testdata/ansible/memcached-operator/config/manager/kustomization.yaml index 1a4048d1bb7..9d957eced1c 100644 --- a/testdata/ansible/memcached-operator/config/manager/kustomization.yaml +++ b/testdata/ansible/memcached-operator/config/manager/kustomization.yaml @@ -1,5 +1,13 @@ resources: - manager.yaml + +generatorOptions: + disableNameSuffixHash: true + +configMapGenerator: +- files: + - controller_manager_config.yaml + name: manager-config apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization images: diff --git a/testdata/ansible/memcached-operator/config/manager/manager.yaml b/testdata/ansible/memcached-operator/config/manager/manager.yaml index 2616562df52..cf213897a86 100644 --- a/testdata/ansible/memcached-operator/config/manager/manager.yaml +++ b/testdata/ansible/memcached-operator/config/manager/manager.yaml @@ -25,27 +25,29 @@ spec: securityContext: runAsNonRoot: true containers: - - name: manager - args: - - "--leader-elect" - - "--leader-election-id=memcached-operator" - env: - - name: ANSIBLE_GATHERING - value: explicit - image: controller:latest - securityContext: - allowPrivilegeEscalation: false - livenessProbe: - httpGet: - path: /healthz - port: 6789 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - httpGet: - path: /readyz - port: 6789 - initialDelaySeconds: 5 - periodSeconds: 10 + - command: + - /manager + args: + - --leader-elect + - --leader-election-id=memcached-operator + image: controller:latest + name: manager + env: + - name: ANSIBLE_GATHERING + value: explicit + securityContext: + allowPrivilegeEscalation: false + livenessProbe: + httpGet: + path: /healthz + port: 6789 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 6789 + initialDelaySeconds: 5 + periodSeconds: 10 serviceAccountName: controller-manager terminationGracePeriodSeconds: 10 diff --git a/testdata/ansible/memcached-operator/config/prometheus/monitor.yaml b/testdata/ansible/memcached-operator/config/prometheus/monitor.yaml index a5bd8b17a4a..d19136ae710 100644 --- a/testdata/ansible/memcached-operator/config/prometheus/monitor.yaml +++ b/testdata/ansible/memcached-operator/config/prometheus/monitor.yaml @@ -1,4 +1,4 @@ ---- + # Prometheus Monitor Service (Metrics) apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor diff --git a/testdata/ansible/memcached-operator/config/rbac/leader_election_role.yaml b/testdata/ansible/memcached-operator/config/rbac/leader_election_role.yaml index 53e974910be..6334cc51c83 100644 --- a/testdata/ansible/memcached-operator/config/rbac/leader_election_role.yaml +++ b/testdata/ansible/memcached-operator/config/rbac/leader_election_role.yaml @@ -6,8 +6,10 @@ metadata: rules: - apiGroups: - "" + - coordination.k8s.io resources: - configmaps + - leases verbs: - get - list diff --git a/testdata/ansible/memcached-operator/config/rbac/role_binding.yaml b/testdata/ansible/memcached-operator/config/rbac/role_binding.yaml index 6bbb46c05ee..2070ede4462 100644 --- a/testdata/ansible/memcached-operator/config/rbac/role_binding.yaml +++ b/testdata/ansible/memcached-operator/config/rbac/role_binding.yaml @@ -1,4 +1,3 @@ ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: diff --git a/testdata/helm/memcached-operator/Dockerfile b/testdata/helm/memcached-operator/Dockerfile index f4fea7229a8..5e37074b41f 100644 --- a/testdata/helm/memcached-operator/Dockerfile +++ b/testdata/helm/memcached-operator/Dockerfile @@ -5,3 +5,5 @@ ENV HOME=/opt/helm COPY watches.yaml ${HOME}/watches.yaml COPY helm-charts ${HOME}/helm-charts WORKDIR ${HOME} + +ENTRYPOINT ["/manager"] diff --git a/testdata/helm/memcached-operator/bundle/manifests/memcached-operator-manager-config_v1_configmap.yaml b/testdata/helm/memcached-operator/bundle/manifests/memcached-operator-manager-config_v1_configmap.yaml new file mode 100644 index 00000000000..727f1bc4ce1 --- /dev/null +++ b/testdata/helm/memcached-operator/bundle/manifests/memcached-operator-manager-config_v1_configmap.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +data: + controller_manager_config.yaml: | + apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 + kind: ControllerManagerConfig + health: + healthProbeBindAddress: :8081 + metrics: + bindAddress: 127.0.0.1:8080 + leaderElection: + leaderElect: true + resourceName: 811c9dc5.example.com +kind: ConfigMap +metadata: + name: memcached-operator-manager-config diff --git a/testdata/helm/memcached-operator/bundle/manifests/memcached-operator.clusterserviceversion.yaml b/testdata/helm/memcached-operator/bundle/manifests/memcached-operator.clusterserviceversion.yaml index 84a79721061..66085738cb0 100644 --- a/testdata/helm/memcached-operator/bundle/manifests/memcached-operator.clusterserviceversion.yaml +++ b/testdata/helm/memcached-operator/bundle/manifests/memcached-operator.clusterserviceversion.yaml @@ -209,6 +209,8 @@ spec: - --metrics-bind-address=127.0.0.1:8080 - --leader-elect - --leader-election-id=memcached-operator + command: + - /manager image: quay.io/example/memcached-operator:v0.0.1 livenessProbe: httpGet: @@ -240,8 +242,10 @@ spec: - rules: - apiGroups: - "" + - coordination.k8s.io resources: - configmaps + - leases verbs: - get - list diff --git a/testdata/helm/memcached-operator/config/default/kustomization.yaml b/testdata/helm/memcached-operator/config/default/kustomization.yaml index a7a68300ec4..7a8160b5f58 100644 --- a/testdata/helm/memcached-operator/config/default/kustomization.yaml +++ b/testdata/helm/memcached-operator/config/default/kustomization.yaml @@ -24,3 +24,7 @@ patchesStrategicMerge: # If you want your controller-manager to expose the /metrics # endpoint w/o any authn/z, please comment the following line. - manager_auth_proxy_patch.yaml + +# Mount the controller config file for loading manager configurations +# through a ComponentConfig type +#- manager_config_patch.yaml diff --git a/testdata/helm/memcached-operator/config/default/manager_config_patch.yaml b/testdata/helm/memcached-operator/config/default/manager_config_patch.yaml new file mode 100644 index 00000000000..6c400155cfb --- /dev/null +++ b/testdata/helm/memcached-operator/config/default/manager_config_patch.yaml @@ -0,0 +1,20 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + args: + - "--config=controller_manager_config.yaml" + volumeMounts: + - name: manager-config + mountPath: /controller_manager_config.yaml + subPath: controller_manager_config.yaml + volumes: + - name: manager-config + configMap: + name: manager-config diff --git a/testdata/helm/memcached-operator/config/manager/controller_manager_config.yaml b/testdata/helm/memcached-operator/config/manager/controller_manager_config.yaml new file mode 100644 index 00000000000..3933b87b509 --- /dev/null +++ b/testdata/helm/memcached-operator/config/manager/controller_manager_config.yaml @@ -0,0 +1,10 @@ +apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 +kind: ControllerManagerConfig +health: + healthProbeBindAddress: :8081 +metrics: + bindAddress: 127.0.0.1:8080 + +leaderElection: + leaderElect: true + resourceName: 811c9dc5.example.com diff --git a/testdata/helm/memcached-operator/config/manager/kustomization.yaml b/testdata/helm/memcached-operator/config/manager/kustomization.yaml index 1a4048d1bb7..9d957eced1c 100644 --- a/testdata/helm/memcached-operator/config/manager/kustomization.yaml +++ b/testdata/helm/memcached-operator/config/manager/kustomization.yaml @@ -1,5 +1,13 @@ resources: - manager.yaml + +generatorOptions: + disableNameSuffixHash: true + +configMapGenerator: +- files: + - controller_manager_config.yaml + name: manager-config apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization images: diff --git a/testdata/helm/memcached-operator/config/manager/manager.yaml b/testdata/helm/memcached-operator/config/manager/manager.yaml index ada09553be7..30463f90973 100644 --- a/testdata/helm/memcached-operator/config/manager/manager.yaml +++ b/testdata/helm/memcached-operator/config/manager/manager.yaml @@ -25,10 +25,12 @@ spec: securityContext: runAsNonRoot: true containers: - - image: controller:latest + - command: + - /manager args: - - "--leader-elect" - - "--leader-election-id=memcached-operator" + - --leader-elect + - --leader-election-id=memcached-operator + image: controller:latest name: manager securityContext: allowPrivilegeEscalation: false diff --git a/testdata/helm/memcached-operator/config/rbac/leader_election_role.yaml b/testdata/helm/memcached-operator/config/rbac/leader_election_role.yaml index 53e974910be..6334cc51c83 100644 --- a/testdata/helm/memcached-operator/config/rbac/leader_election_role.yaml +++ b/testdata/helm/memcached-operator/config/rbac/leader_election_role.yaml @@ -6,8 +6,10 @@ metadata: rules: - apiGroups: - "" + - coordination.k8s.io resources: - configmaps + - leases verbs: - get - list diff --git a/website/content/en/docs/cli/operator-sdk.md b/website/content/en/docs/cli/operator-sdk.md index fa7d1c149af..b8725850055 100644 --- a/website/content/en/docs/cli/operator-sdk.md +++ b/website/content/en/docs/cli/operator-sdk.md @@ -26,6 +26,7 @@ and a supported project version for these plugins. Plugin keys | Supported project versions -------------------------------------+---------------------------- ansible.sdk.operatorframework.io/v1 | 3 + common.kubebuilder.io/v3 | 3 go.kubebuilder.io/v2 | 2, 3 go.kubebuilder.io/v3 | 3 helm.sdk.operatorframework.io/v1 | 3