From c9017c26ec8944fd1f06a7932464f69444bc90aa Mon Sep 17 00:00:00 2001 From: Camila Macedo Date: Wed, 7 Apr 2021 15:40:53 +0100 Subject: [PATCH] align with kb to use common plugin instead of duplicate the code Signed-off-by: Camila Macedo --- changelog/fragments/add_common_kb.yaml | 60 +++++++++ go.mod | 2 +- go.sum | 4 +- .../internal/ansible/advanced_molecule.go | 39 +++--- .../samples/internal/ansible/memcached.go | 7 +- .../internal/ansible/memcached_molecule.go | 21 +-- .../internal/go/v2/memcached_with_webhooks.go | 13 +- .../internal/go/v3/memcached_with_webhooks.go | 11 +- .../samples/internal/helm/memcached.go | 5 +- internal/cmd/operator-sdk/cli/cli.go | 12 +- internal/plugins/ansible/v1/init.go | 122 +++++++++++++----- internal/plugins/ansible/v1/scaffolds/init.go | 20 --- .../config/kdefault/kustomization.go | 4 +- .../kdefault/manager_auth_proxy_patch.go | 75 ----------- .../templates/config/manager/config.go | 99 -------------- .../templates/config/manager/kustomization.go | 47 ------- .../config/prometheus/kustomization.go | 45 ------- .../templates/config/prometheus/monitor.go | 63 --------- .../rbac/auth_proxy_client_clusterrole.go | 50 ------- .../templates/config/rbac/auth_proxy_role.go | 56 -------- .../config/rbac/auth_proxy_role_binding.go | 55 -------- .../config/rbac/auth_proxy_service.go | 57 -------- .../templates/config/rbac/kustomization.go | 63 --------- .../config/rbac/leader_election_role.go | 68 ---------- .../rbac/leader_election_role_binding.go | 55 -------- .../templates/config/rbac/role_binding.go | 57 -------- .../templates/config/rbac/service_account.go | 48 ------- internal/plugins/helm/v1/init.go | 92 ++++++++----- internal/plugins/helm/v1/scaffolds/init.go | 16 --- .../config/kdefault/kustomization.go | 4 +- .../kdefault/manager_auth_proxy_patch.go | 74 ----------- .../templates/config/manager/config.go | 102 --------------- .../templates/config/manager/kustomization.go | 47 ------- .../config/prometheus/kustomization.go | 45 ------- .../templates/config/prometheus/monitor.go | 63 --------- .../templates/config/rbac/auth_proxy_role.go | 56 -------- .../config/rbac/auth_proxy_role_binding.go | 55 -------- .../config/rbac/auth_proxy_service.go | 57 -------- .../config/rbac/client_cluster_role.go | 50 ------- .../templates/config/rbac/kustomization.go | 63 --------- .../config/rbac/leader_election_role.go | 68 ---------- .../rbac/leader_election_role_binding.go | 55 -------- .../config/rbac/manager_role_binding.go | 55 -------- .../templates/config/rbac/service_account.go | 48 ------- internal/util/utils.go | 81 ++++++++++++ test/e2e/ansible/cluster_test.go | 3 +- test/e2e/ansible/suite_test.go | 11 +- test/e2e/helm/cluster_test.go | 5 +- test/e2e/helm/suite_test.go | 3 +- ...-operator-manager-config_v1_configmap.yaml | 15 +++ ...cached-operator.clusterserviceversion.yaml | 2 + .../config/default/manager_config_patch.yaml | 20 +++ .../manager/controller_manager_config.yaml | 10 ++ .../config/manager/kustomization.yaml | 8 ++ .../config/manager/manager.yaml | 44 +++---- .../config/prometheus/monitor.yaml | 2 +- .../config/rbac/leader_election_role.yaml | 2 + .../config/rbac/role_binding.yaml | 1 - ...-operator-manager-config_v1_configmap.yaml | 15 +++ ...cached-operator.clusterserviceversion.yaml | 2 + .../config/default/manager_config_patch.yaml | 20 +++ .../manager/controller_manager_config.yaml | 10 ++ .../config/manager/kustomization.yaml | 8 ++ .../config/manager/manager.yaml | 8 +- .../config/rbac/leader_election_role.yaml | 2 + 65 files changed, 513 insertions(+), 1867 deletions(-) create mode 100644 changelog/fragments/add_common_kb.yaml delete mode 100644 internal/plugins/ansible/v1/scaffolds/internal/templates/config/kdefault/manager_auth_proxy_patch.go delete mode 100644 internal/plugins/ansible/v1/scaffolds/internal/templates/config/manager/config.go delete mode 100644 internal/plugins/ansible/v1/scaffolds/internal/templates/config/manager/kustomization.go delete mode 100644 internal/plugins/ansible/v1/scaffolds/internal/templates/config/prometheus/kustomization.go delete mode 100644 internal/plugins/ansible/v1/scaffolds/internal/templates/config/prometheus/monitor.go delete mode 100644 internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/auth_proxy_client_clusterrole.go delete mode 100644 internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/auth_proxy_role.go delete mode 100644 internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/auth_proxy_role_binding.go delete mode 100644 internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/auth_proxy_service.go delete mode 100644 internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/kustomization.go delete mode 100644 internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/leader_election_role.go delete mode 100644 internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/leader_election_role_binding.go delete mode 100644 internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/role_binding.go delete mode 100644 internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/service_account.go delete mode 100644 internal/plugins/helm/v1/scaffolds/internal/templates/config/kdefault/manager_auth_proxy_patch.go delete mode 100644 internal/plugins/helm/v1/scaffolds/internal/templates/config/manager/config.go delete mode 100644 internal/plugins/helm/v1/scaffolds/internal/templates/config/manager/kustomization.go delete mode 100644 internal/plugins/helm/v1/scaffolds/internal/templates/config/prometheus/kustomization.go delete mode 100644 internal/plugins/helm/v1/scaffolds/internal/templates/config/prometheus/monitor.go delete mode 100644 internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/auth_proxy_role.go delete mode 100644 internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/auth_proxy_role_binding.go delete mode 100644 internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/auth_proxy_service.go delete mode 100644 internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/client_cluster_role.go delete mode 100644 internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/kustomization.go delete mode 100644 internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/leader_election_role.go delete mode 100644 internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/leader_election_role_binding.go delete mode 100644 internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/manager_role_binding.go delete mode 100644 internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/service_account.go create mode 100644 internal/util/utils.go create mode 100644 testdata/ansible/memcached-operator/bundle/manifests/memcached-operator-manager-config_v1_configmap.yaml create mode 100644 testdata/ansible/memcached-operator/config/default/manager_config_patch.yaml create mode 100644 testdata/ansible/memcached-operator/config/manager/controller_manager_config.yaml create mode 100644 testdata/helm/memcached-operator/bundle/manifests/memcached-operator-manager-config_v1_configmap.yaml create mode 100644 testdata/helm/memcached-operator/config/default/manager_config_patch.yaml create mode 100644 testdata/helm/memcached-operator/config/manager/controller_manager_config.yaml diff --git a/changelog/fragments/add_common_kb.yaml b/changelog/fragments/add_common_kb.yaml new file mode 100644 index 00000000000..30b4088865d --- /dev/null +++ b/changelog/fragments/add_common_kb.yaml @@ -0,0 +1,60 @@ +# entries is a list of entries to include in +# release notes and/or the migration guide +entries: + - description: > + (ansible/v1,helm/v1) Add componentConfig option. For further information check [here](https://master.book.kubebuilder.io/component-config-tutorial/tutorial.html) + kind: "addition" + breaking: false + migration: + header: (ansible/v1,helm/v1) Add componentConfig option. + body: > + To add this option your project you will need to: + - Create the file [/config/default/manager_config_patch.yaml](https://github.com/operator-framework/operator-sdk/blob/v1.6.0/testdata/ansible/memcached-operator/config/default/manager_config_patch.yaml). + - Create the file [/config/default/manager_config_patch.yaml](https://github.com/operator-framework/operator-sdk/blob/v1.6.0/testdata/ansible/memcached-operator/config/manager/controller_manager_config.yaml) . + - Update the `config/default/kustomization.yaml` by adding: + ```yaml + # Mount the controller config file for loading manager configurations + # through a ComponentConfig type + #- manager_config_patch.yaml + ``` + - Update the `config/manager/kustomization.yaml` by adding: + ```yaml + generatorOptions: + disableNameSuffixHash: true + + configMapGenerator: + - files: + - controller_manager_config.yaml + name: manager-config + apiVersion: kustomize.config.k8s.io/v1beta1 + kind: Kustomization + images: + - name: controller + newName: quay.io/example/memcached-operator + newTag: v0.0.1 + ``` + - description: > + (golang/v3) Not scaffold the specific webhooks config manifests by default + kind: "bugfix" + + # Is this a breaking change? + breaking: false + - description: > + (ansible/v1,helm/v1) Add rules for leader election + kind: "addition" + + # Is this a breaking change? + breaking: false + migration: + header: (ansible/v1,helm/v1) Add rules for leader election. + body: > + Add the rule for the `apiGroups` `coordination.k8s.io` and the resource `leases` in config/rbac/leader_election_role.yaml: + ```yaml + rules: + - apiGroups: + - "" + - coordination.k8s.io + resources: + - configmaps + - leases + ``` diff --git a/go.mod b/go.mod index 790085b794f..f74f0e6f304 100644 --- a/go.mod +++ b/go.mod @@ -36,7 +36,7 @@ require ( rsc.io/letsencrypt v0.0.3 // indirect sigs.k8s.io/controller-runtime v0.8.2 sigs.k8s.io/controller-tools v0.5.0 - sigs.k8s.io/kubebuilder/v3 v3.0.0-beta.1 + sigs.k8s.io/kubebuilder/v3 v3.0.0-alpha.0.0.20210407152553-d5e70a57ccb0 sigs.k8s.io/yaml v1.2.0 ) diff --git a/go.sum b/go.sum index 6b8f213d753..d615f8dd3df 100644 --- a/go.sum +++ b/go.sum @@ -1557,8 +1557,8 @@ sigs.k8s.io/controller-tools v0.4.1 h1:VkuV0MxlRPmRu5iTgBZU4UxUX2LiR99n3sdQGRxZF sigs.k8s.io/controller-tools v0.4.1/go.mod h1:G9rHdZMVlBDocIxGkK3jHLWqcTMNvveypYJwrvYKjWU= sigs.k8s.io/controller-tools v0.5.0 h1:3u2RCwOlp0cjCALAigpOcbAf50pE+kHSdueUosrC/AE= sigs.k8s.io/controller-tools v0.5.0/go.mod h1:JTsstrMpxs+9BUj6eGuAaEb6SDSPTeVtUyp0jmnAM/I= -sigs.k8s.io/kubebuilder/v3 v3.0.0-beta.1 h1:WGYvUPZ5tVrAOgvGW/NEqOXV2uYtplB6hJ/SFndrvIc= -sigs.k8s.io/kubebuilder/v3 v3.0.0-beta.1/go.mod h1:eVtLdWzmvL1ixDYLlVrvQe8wjpikJVoSOg5PghTk2Lw= +sigs.k8s.io/kubebuilder/v3 v3.0.0-alpha.0.0.20210407152553-d5e70a57ccb0 h1:7xXfjzq8NfOwBEo3ZGa/+G5uABPfHIDXdoy3ERn5kxQ= +sigs.k8s.io/kubebuilder/v3 v3.0.0-alpha.0.0.20210407152553-d5e70a57ccb0/go.mod h1:eVtLdWzmvL1ixDYLlVrvQe8wjpikJVoSOg5PghTk2Lw= sigs.k8s.io/kustomize v2.0.3+incompatible h1:JUufWFNlI44MdtnjUqVnvh29rR37PQFzPbLXqhyOyX0= sigs.k8s.io/kustomize v2.0.3+incompatible/go.mod h1:MkjgH3RdOWrievjo6c9T245dYlB5QeXV4WCbnt/PEpU= sigs.k8s.io/kustomize/kyaml v0.10.10 h1:caAxDDkaXZp+0kDsZVik4leFJV8LCy09PdVqpaoNeF4= diff --git a/hack/generate/samples/internal/ansible/advanced_molecule.go b/hack/generate/samples/internal/ansible/advanced_molecule.go index 1e96e96eab0..bd960fbab1e 100644 --- a/hack/generate/samples/internal/ansible/advanced_molecule.go +++ b/hack/generate/samples/internal/ansible/advanced_molecule.go @@ -25,6 +25,7 @@ import ( "github.com/operator-framework/operator-sdk/hack/generate/samples/internal/pkg" "github.com/operator-framework/operator-sdk/internal/testutils" + "github.com/operator-framework/operator-sdk/internal/util" ) // AdvancedMolecule defines the context for the sample @@ -89,21 +90,21 @@ func (ma *AdvancedMolecule) Run() { data: sentinel: '{{ sentinel }}' groups: '{{ groups | to_nice_yaml }}'` - err = testutils.ReplaceInFile( + err = util.ReplaceInFile( inventoryRoleTask, "# tasks file for InventoryTest", inventoryRoleTaskFragment) pkg.CheckError("replacing inventory task", err) log.Infof("updating inventorytest sample") - err = testutils.ReplaceInFile( + err = util.ReplaceInFile( filepath.Join(ma.ctx.Dir, "config", "samples", "test_v1alpha1_inventorytest.yaml"), "name: inventorytest-sample", inventorysampleFragment) pkg.CheckError("updating inventorytest sample", err) log.Infof("updating spec of inventorytest sample") - err = testutils.ReplaceInFile( + err = util.ReplaceInFile( filepath.Join(ma.ctx.Dir, "config", "samples", "test_v1alpha1_inventorytest.yaml"), "foo: bar", "size: 3") @@ -146,7 +147,7 @@ func (ma *AdvancedMolecule) updateConfig() { - update - watch #+kubebuilder:scaffold:rules` - err := testutils.ReplaceInFile( + err := util.ReplaceInFile( filepath.Join(ma.ctx.Dir, "config", "rbac", "role.yaml"), "#+kubebuilder:scaffold:rules", cmRolesFragment) @@ -154,19 +155,19 @@ func (ma *AdvancedMolecule) updateConfig() { log.Infof("adding manager arg") const ansibleVaultArg = ` - - "--ansible-args='--vault-password-file /opt/ansible/pwd.yml'"` + - --ansible-args='--vault-password-file /opt/ansible/pwd.yml'` err = kbtestutils.InsertCode( filepath.Join(ma.ctx.Dir, "config", "manager", "manager.yaml"), - "- \"--leader-election-id=advanced-molecule-operator\"", + "- --leader-election-id=advanced-molecule-operator", ansibleVaultArg) pkg.CheckError("adding manager arg", err) log.Infof("adding manager env") const managerEnv = ` - - name: ANSIBLE_DEBUG_LOGS - value: "TRUE" - - name: ANSIBLE_INVENTORY - value: /opt/ansible/inventory` + - name: ANSIBLE_DEBUG_LOGS + value: "TRUE" + - name: ANSIBLE_INVENTORY + value: /opt/ansible/inventory` err = kbtestutils.InsertCode( filepath.Join(ma.ctx.Dir, "config", "manager", "manager.yaml"), "value: explicit", @@ -183,7 +184,7 @@ func (ma *AdvancedMolecule) updateConfig() { pkg.CheckError("adding vaulting args to the proxy auth", err) log.Infof("adding task to not pull image to the config/testing") - err = testutils.ReplaceInFile( + err = util.ReplaceInFile( filepath.Join(ma.ctx.Dir, "config", "testing", "kustomization.yaml"), "- manager_image.yaml", "- manager_image.yaml\n- pull_policy/Never.yaml") @@ -229,7 +230,7 @@ func (ma *AdvancedMolecule) addMocksFromTestdata() { func (ma *AdvancedMolecule) updateDockerfile() { log.Infof("replacing project Dockerfile to use ansible base image with the dev tag") - err := testutils.ReplaceRegexInFile( + err := util.ReplaceRegexInFile( filepath.Join(ma.ctx.Dir, "Dockerfile"), "quay.io/operator-framework/ansible-operator:.*", "quay.io/operator-framework/ansible-operator:dev") @@ -281,7 +282,7 @@ func (ma *AdvancedMolecule) updatePlaybooks() { data: msg: The decrypted value is {{the_secret.the_secret}} ` - err := testutils.ReplaceInFile( + err := util.ReplaceInFile( filepath.Join(ma.ctx.Dir, "playbooks", "argstest.yml"), originalPlaybookFragment, argsPlaybook) @@ -305,7 +306,7 @@ func (ma *AdvancedMolecule) updatePlaybooks() { data: shouldBeCamel: '{{ camelCaseVar | default("false") }}' ` - err = testutils.ReplaceInFile( + err = util.ReplaceInFile( filepath.Join(ma.ctx.Dir, "playbooks", "casetest.yml"), originalPlaybookFragment, casePlaybook) @@ -324,7 +325,7 @@ func (ma *AdvancedMolecule) updatePlaybooks() { tasks: - command: echo hello - debug: msg='{{ "hello" | test }}'` - err = testutils.ReplaceInFile( + err = util.ReplaceInFile( filepath.Join(ma.ctx.Dir, "playbooks", "inventorytest.yml"), "---\n- hosts: localhost\n gather_facts: no\n collections:\n - community.kubernetes\n - operator_sdk.util\n tasks:\n - import_role:\n name: \"inventorytest\"", inventoryPlaybook) @@ -382,7 +383,7 @@ func (ma *AdvancedMolecule) updatePlaybooks() { time: 1s when: configmap.resources|length > 0 and (configmap.resources.0.data.iterations|int) < 5 ` - err = testutils.ReplaceInFile( + err = util.ReplaceInFile( filepath.Join(ma.ctx.Dir, "playbooks", "reconciliationtest.yml"), originalPlaybookFragment, reconciliationPlaybook) @@ -406,7 +407,7 @@ func (ma *AdvancedMolecule) updatePlaybooks() { data: hello: "world" ` - err = testutils.ReplaceInFile( + err = util.ReplaceInFile( filepath.Join(ma.ctx.Dir, "playbooks", "selectortest.yml"), originalPlaybookFragment, selectorPlaybook) @@ -465,7 +466,7 @@ func (ma *AdvancedMolecule) updatePlaybooks() { execCommandStderr: '{{ exec_result.stderr.strip() }}' logs: '{{ log_result.log }}' ` - err = testutils.ReplaceInFile( + err = util.ReplaceInFile( filepath.Join(ma.ctx.Dir, "playbooks", "subresourcestest.yml"), originalPlaybookFragment, subresourcesPlaybook) @@ -497,7 +498,7 @@ func (ma *AdvancedMolecule) addPlaybooks() { task := fmt.Sprintf("%s_test.yml", k) logMsgForKind = fmt.Sprintf("removing FIXME assert from %s", task) log.Infof(logMsgForKind) - err = testutils.ReplaceInFile( + err = util.ReplaceInFile( filepath.Join(ma.ctx.Dir, "molecule", "default", "tasks", task), fixmeAssert, "") diff --git a/hack/generate/samples/internal/ansible/memcached.go b/hack/generate/samples/internal/ansible/memcached.go index 84d4b9de607..b3263bf566b 100644 --- a/hack/generate/samples/internal/ansible/memcached.go +++ b/hack/generate/samples/internal/ansible/memcached.go @@ -24,6 +24,7 @@ import ( "github.com/operator-framework/operator-sdk/hack/generate/samples/internal/pkg" "github.com/operator-framework/operator-sdk/internal/testutils" + "github.com/operator-framework/operator-sdk/internal/util" ) // MemcachedAnsible defines the context for the sample @@ -91,7 +92,7 @@ func (ma *MemcachedAnsible) addingMoleculeMockData() { moleculeTaskPath := filepath.Join(ma.ctx.Dir, "molecule", "default", "tasks", fmt.Sprintf("%s_test.yml", strings.ToLower(ma.ctx.Kind))) - err := testutils.ReplaceInFile(moleculeTaskPath, + err := util.ReplaceInFile(moleculeTaskPath, originaMemcachedMoleculeTask, fmt.Sprintf(moleculeTaskFragment, ma.ctx.ProjectName, ma.ctx.ProjectName)) pkg.CheckError("replacing molecule default tasks", err) } @@ -105,13 +106,13 @@ func (ma *MemcachedAnsible) addingAnsibleTask() { roleFragment) pkg.CheckError("adding task", err) - err = testutils.ReplaceInFile(filepath.Join(ma.ctx.Dir, "roles", strings.ToLower(ma.ctx.Kind), + err = util.ReplaceInFile(filepath.Join(ma.ctx.Dir, "roles", strings.ToLower(ma.ctx.Kind), "defaults", "main.yml"), fmt.Sprintf("# defaults file for %s", ma.ctx.Kind), defaultsFragment) pkg.CheckError("adding defaulting", err) - err = testutils.ReplaceInFile(filepath.Join(ma.ctx.Dir, "config", "samples", + err = util.ReplaceInFile(filepath.Join(ma.ctx.Dir, "config", "samples", fmt.Sprintf("%s_%s_%s.yaml", ma.ctx.Group, ma.ctx.Version, strings.ToLower(ma.ctx.Kind))), "foo: bar", "size: 1") pkg.CheckError("updating sample CR", err) diff --git a/hack/generate/samples/internal/ansible/memcached_molecule.go b/hack/generate/samples/internal/ansible/memcached_molecule.go index 8af3d003005..add57b9ad0c 100644 --- a/hack/generate/samples/internal/ansible/memcached_molecule.go +++ b/hack/generate/samples/internal/ansible/memcached_molecule.go @@ -20,11 +20,12 @@ import ( "path/filepath" "strings" + log "github.com/sirupsen/logrus" kbtestutils "sigs.k8s.io/kubebuilder/v3/test/e2e/utils" "github.com/operator-framework/operator-sdk/hack/generate/samples/internal/pkg" "github.com/operator-framework/operator-sdk/internal/testutils" - log "github.com/sirupsen/logrus" + "github.com/operator-framework/operator-sdk/internal/util" ) // MoleculeAnsible defines the context for the sample @@ -76,11 +77,11 @@ func (ma *MoleculeAnsible) Run() { pkg.CheckError("replacing memcached task to add foo check", err) log.Infof("replacing project Dockerfile to use ansible base image with the dev tag") - err = testutils.ReplaceRegexInFile(filepath.Join(ma.ctx.Dir, "Dockerfile"), "quay.io/operator-framework/ansible-operator:.*", "quay.io/operator-framework/ansible-operator:dev") + err = util.ReplaceRegexInFile(filepath.Join(ma.ctx.Dir, "Dockerfile"), "quay.io/operator-framework/ansible-operator:.*", "quay.io/operator-framework/ansible-operator:dev") pkg.CheckError("replacing Dockerfile", err) log.Infof("adding RBAC permissions") - err = testutils.ReplaceInFile(filepath.Join(ma.ctx.Dir, "config", "rbac", "role.yaml"), + err = util.ReplaceInFile(filepath.Join(ma.ctx.Dir, "config", "rbac", "role.yaml"), "#+kubebuilder:scaffold:rules", rolesForBaseOperator) pkg.CheckError("replacing in role.yml", err) @@ -106,12 +107,12 @@ func (ma *MoleculeAnsible) Run() { pkg.CheckError("creating api", err) log.Infof("adding task to delete config map") - err = testutils.ReplaceInFile(filepath.Join(ma.ctx.Dir, "roles", "memfin", "tasks", "main.yml"), + err = util.ReplaceInFile(filepath.Join(ma.ctx.Dir, "roles", "memfin", "tasks", "main.yml"), "# tasks file for Memfin", taskToDeleteConfigMap) pkg.CheckError("replacing in tasks/main.yml", err) log.Infof("adding to watches finalizer and blacklist") - err = testutils.ReplaceInFile(filepath.Join(ma.ctx.Dir, "watches.yaml"), + err = util.ReplaceInFile(filepath.Join(ma.ctx.Dir, "watches.yaml"), "playbook: playbooks/memcached.yml", memcachedWatchCustomizations) pkg.CheckError("replacing in watches", err) @@ -133,7 +134,7 @@ func (ma *MoleculeAnsible) Run() { pkg.CheckError("creating api", err) log.Infof("removing ignore group for the secret from watches as an workaround to work with core types") - err = testutils.ReplaceInFile(filepath.Join(ma.ctx.Dir, "watches.yaml"), + err = util.ReplaceInFile(filepath.Join(ma.ctx.Dir, "watches.yaml"), "ignore.example.com", "\"\"") pkg.CheckError("replacing the watches file", err) @@ -143,22 +144,22 @@ func (ma *MoleculeAnsible) Run() { pkg.CheckError("removing secret test file", err) log.Infof("adding Secret task to the role") - err = testutils.ReplaceInFile(filepath.Join(ma.ctx.Dir, "roles", "secret", "tasks", "main.yml"), + err = util.ReplaceInFile(filepath.Join(ma.ctx.Dir, "roles", "secret", "tasks", "main.yml"), originalTaskSecret, taskForSecret) pkg.CheckError("replacing in secret/tasks/main.yml file", err) log.Infof("adding ManageStatus == false for role secret") - err = testutils.ReplaceInFile(filepath.Join(ma.ctx.Dir, "watches.yaml"), + err = util.ReplaceInFile(filepath.Join(ma.ctx.Dir, "watches.yaml"), "role: secret", manageStatusFalseForRoleSecret) pkg.CheckError("replacing in watches.yaml", err) log.Infof("removing FIXME asserts from memfin_test.yml") - err = testutils.ReplaceInFile(filepath.Join(ma.ctx.Dir, "molecule", "default", "tasks", "memfin_test.yml"), + err = util.ReplaceInFile(filepath.Join(ma.ctx.Dir, "molecule", "default", "tasks", "memfin_test.yml"), fixmeAssert, "") pkg.CheckError("replacing memfin_test.yml", err) log.Infof("removing FIXME asserts from foo_test.yml") - err = testutils.ReplaceInFile(filepath.Join(ma.ctx.Dir, "molecule", "default", "tasks", "foo_test.yml"), + err = util.ReplaceInFile(filepath.Join(ma.ctx.Dir, "molecule", "default", "tasks", "foo_test.yml"), fixmeAssert, "") pkg.CheckError("replacing foo_test.yml", err) } diff --git a/hack/generate/samples/internal/go/v2/memcached_with_webhooks.go b/hack/generate/samples/internal/go/v2/memcached_with_webhooks.go index ef7579bd93b..e6b6c8c4589 100644 --- a/hack/generate/samples/internal/go/v2/memcached_with_webhooks.go +++ b/hack/generate/samples/internal/go/v2/memcached_with_webhooks.go @@ -25,6 +25,7 @@ import ( "github.com/operator-framework/operator-sdk/hack/generate/samples/internal/pkg" "github.com/operator-framework/operator-sdk/internal/testutils" + "github.com/operator-framework/operator-sdk/internal/util" ) // MemcachedGoWithWebhooks defines the Memcached Sample in GO using webhooks @@ -195,7 +196,7 @@ func (mh *MemcachedGoWithWebhooks) implementingWebhooks() { webhooksFragment) pkg.CheckError("replacing reconcile", err) - err = testutils.ReplaceInFile(webhookPath, + err = util.ReplaceInFile(webhookPath, "// TODO(user): fill in your defaulting logic.", "if r.Spec.Size == 0 {\n\t\tr.Spec.Size = 3\n\t}") pkg.CheckError("replacing default webhook implementation", err) @@ -224,16 +225,16 @@ func (mh *MemcachedGoWithWebhooks) implementingController() { pkg.CheckError("adding rbac", err) // Replace reconcile content - err = testutils.ReplaceInFile(controllerPath, "_ = context.Background()", "ctx := context.Background()") + err = util.ReplaceInFile(controllerPath, "_ = context.Background()", "ctx := context.Background()") pkg.CheckError("replacing reconcile content", err) - err = testutils.ReplaceInFile(controllerPath, + err = util.ReplaceInFile(controllerPath, fmt.Sprintf("_ = r.Log.WithValues(\"%s\", req.NamespacedName)", strings.ToLower(mh.ctx.Kind)), fmt.Sprintf("log := r.Log.WithValues(\"%s\", req.NamespacedName)", strings.ToLower(mh.ctx.Kind))) pkg.CheckError("replacing reconcile content", err) // Add reconcile implementation - err = testutils.ReplaceInFile(controllerPath, + err = util.ReplaceInFile(controllerPath, "// your logic here", reconcileFragment) pkg.CheckError("replacing reconcile", err) @@ -243,7 +244,7 @@ func (mh *MemcachedGoWithWebhooks) implementingController() { pkg.CheckError("adding helpers methods in the controller", err) // Add watch for the Kind - err = testutils.ReplaceInFile(controllerPath, + err = util.ReplaceInFile(controllerPath, fmt.Sprintf(watchOriginalFragment, mh.ctx.Group, mh.ctx.Version, mh.ctx.Kind), fmt.Sprintf(watchCustomizedFragment, mh.ctx.Group, mh.ctx.Version, mh.ctx.Kind)) pkg.CheckError("replacing reconcile", err) @@ -280,7 +281,7 @@ func (mh *MemcachedGoWithWebhooks) implementingAPI() { fmt.Sprintf("%s_%s_%s.yaml", mh.ctx.Group, mh.ctx.Version, strings.ToLower(mh.ctx.Kind))) log.Infof("updating sample to have size attribute") - err = testutils.ReplaceInFile(filepath.Join(mh.ctx.Dir, sampleFile), "foo: bar", "size: 1") + err = util.ReplaceInFile(filepath.Join(mh.ctx.Dir, sampleFile), "foo: bar", "size: 1") pkg.CheckError("updating sample", err) } diff --git a/hack/generate/samples/internal/go/v3/memcached_with_webhooks.go b/hack/generate/samples/internal/go/v3/memcached_with_webhooks.go index eeafdd9736f..cd2a210a955 100644 --- a/hack/generate/samples/internal/go/v3/memcached_with_webhooks.go +++ b/hack/generate/samples/internal/go/v3/memcached_with_webhooks.go @@ -25,6 +25,7 @@ import ( "github.com/operator-framework/operator-sdk/hack/generate/samples/internal/pkg" "github.com/operator-framework/operator-sdk/internal/testutils" + "github.com/operator-framework/operator-sdk/internal/util" ) // MemcachedGoWithWebhooks defines the Memcached Sample in GO using webhooks @@ -195,7 +196,7 @@ func (mh *MemcachedGoWithWebhooks) implementingWebhooks() { webhooksFragment) pkg.CheckError("replacing webhook validate implementation", err) - err = testutils.ReplaceInFile(webhookPath, + err = util.ReplaceInFile(webhookPath, "// TODO(user): fill in your defaulting logic.", "if r.Spec.Size == 0 {\n\t\tr.Spec.Size = 3\n\t}") pkg.CheckError("replacing webhook default implementation", err) @@ -225,13 +226,13 @@ func (mh *MemcachedGoWithWebhooks) implementingController() { pkg.CheckError("adding rbac", err) // Replace reconcile content - err = testutils.ReplaceInFile(controllerPath, + err = util.ReplaceInFile(controllerPath, fmt.Sprintf("_ = r.Log.WithValues(\"%s\", req.NamespacedName)", strings.ToLower(mh.ctx.Kind)), fmt.Sprintf("log := r.Log.WithValues(\"%s\", req.NamespacedName)", strings.ToLower(mh.ctx.Kind))) pkg.CheckError("replacing reconcile content", err) // Add reconcile implementation - err = testutils.ReplaceInFile(controllerPath, + err = util.ReplaceInFile(controllerPath, "// your logic here", reconcileFragment) pkg.CheckError("replacing reconcile", err) @@ -241,7 +242,7 @@ func (mh *MemcachedGoWithWebhooks) implementingController() { pkg.CheckError("adding helpers methods in the controller", err) // Add watch for the Kind - err = testutils.ReplaceInFile(controllerPath, + err = util.ReplaceInFile(controllerPath, fmt.Sprintf(watchOriginalFragment, mh.ctx.Group, mh.ctx.Version, mh.ctx.Kind), fmt.Sprintf(watchCustomizedFragment, mh.ctx.Group, mh.ctx.Version, mh.ctx.Kind)) pkg.CheckError("replacing reconcile", err) @@ -275,7 +276,7 @@ func (mh *MemcachedGoWithWebhooks) implementingAPI() { fmt.Sprintf("%s_%s_%s.yaml", mh.ctx.Group, mh.ctx.Version, strings.ToLower(mh.ctx.Kind))) log.Infof("updating sample to have size attribute") - err = testutils.ReplaceInFile(filepath.Join(mh.ctx.Dir, sampleFile), "foo: bar", "size: 1") + err = util.ReplaceInFile(filepath.Join(mh.ctx.Dir, sampleFile), "foo: bar", "size: 1") pkg.CheckError("updating sample", err) } diff --git a/hack/generate/samples/internal/helm/memcached.go b/hack/generate/samples/internal/helm/memcached.go index b9cfc086fb3..eaa917ed2b7 100644 --- a/hack/generate/samples/internal/helm/memcached.go +++ b/hack/generate/samples/internal/helm/memcached.go @@ -22,6 +22,7 @@ import ( "github.com/operator-framework/operator-sdk/hack/generate/samples/internal/pkg" "github.com/operator-framework/operator-sdk/internal/testutils" + "github.com/operator-framework/operator-sdk/internal/util" ) // MemcachedHelm defines the Memcached Sample in Helm @@ -77,7 +78,7 @@ func (mh *MemcachedHelm) Run() { pkg.CheckError("creating the project", err) log.Infof("customizing the sample") - err = testutils.ReplaceInFile( + err = util.ReplaceInFile( filepath.Join(mh.ctx.Dir, "config", "samples", "cache_v1alpha1_memcached.yaml"), "securityContext:\n enabled: true", "securityContext:\n enabled: false") pkg.CheckError("customizing the sample", err) @@ -89,7 +90,7 @@ func (mh *MemcachedHelm) Run() { pkg.CheckError("enabling prometheus metrics", err) log.Infof("adding customized roles") - err = testutils.ReplaceInFile(filepath.Join(mh.ctx.Dir, "config", "rbac", "role.yaml"), + err = util.ReplaceInFile(filepath.Join(mh.ctx.Dir, "config", "rbac", "role.yaml"), "#+kubebuilder:scaffold:rules", policyRolesFragment) pkg.CheckError("adding customized roles", err) diff --git a/internal/cmd/operator-sdk/cli/cli.go b/internal/cmd/operator-sdk/cli/cli.go index 37122f5ac12..117ead050d4 100644 --- a/internal/cmd/operator-sdk/cli/cli.go +++ b/internal/cmd/operator-sdk/cli/cli.go @@ -22,6 +22,8 @@ import ( cfgv2 "sigs.k8s.io/kubebuilder/v3/pkg/config/v2" cfgv3 "sigs.k8s.io/kubebuilder/v3/pkg/config/v3" "sigs.k8s.io/kubebuilder/v3/pkg/plugin" + kustomizev1 "sigs.k8s.io/kubebuilder/v3/pkg/plugins/common/kustomize/v1" + "sigs.k8s.io/kubebuilder/v3/pkg/plugins/golang" golangv2 "sigs.k8s.io/kubebuilder/v3/pkg/plugins/golang/v2" golangv3 "sigs.k8s.io/kubebuilder/v3/pkg/plugins/golang/v3" @@ -66,22 +68,28 @@ func Run() error { // the kubebuilder project layout func GetPluginsCLIAndRoot() (*cli.CLI, *cobra.Command) { ansibleBundle, _ := plugin.NewBundle("ansible"+plugins.DefaultNameQualifier, plugin.Version{Number: 1}, + kustomizev1.Plugin{}, ansiblev1.Plugin{}, manifestsv2.Plugin{}, scorecardv2.Plugin{}, ) - gov2Bundle, _ := plugin.NewBundle(golangv2.Plugin{}.Name(), golangv2.Plugin{}.Version(), + + // todo: Export the bundles KB and then change here to use the bundles exported instead + // more info: https://github.com/kubernetes-sigs/kubebuilder/pull/2112 + gov2Bundle, _ := plugin.NewBundle(golang.DefaultNameQualifier, golangv2.Plugin{}.Version(), golangv2.Plugin{}, envtestv1.Plugin{}, manifestsv2.Plugin{}, scorecardv2.Plugin{}, ) - gov3Bundle, _ := plugin.NewBundle(golangv3.Plugin{}.Name(), golangv3.Plugin{}.Version(), + gov3Bundle, _ := plugin.NewBundle(golang.DefaultNameQualifier, golangv3.Plugin{}.Version(), + kustomizev1.Plugin{}, golangv3.Plugin{}, manifestsv2.Plugin{}, scorecardv2.Plugin{}, ) helmBundle, _ := plugin.NewBundle("helm"+plugins.DefaultNameQualifier, plugin.Version{Number: 1}, + kustomizev1.Plugin{}, helmv1.Plugin{}, manifestsv2.Plugin{}, scorecardv2.Plugin{}, diff --git a/internal/plugins/ansible/v1/init.go b/internal/plugins/ansible/v1/init.go index 747e4cc0f0e..7d8178b943b 100644 --- a/internal/plugins/ansible/v1/init.go +++ b/internal/plugins/ansible/v1/init.go @@ -18,16 +18,15 @@ import ( "fmt" "os" "path/filepath" - "strings" "github.com/spf13/pflag" - "k8s.io/apimachinery/pkg/util/validation" "sigs.k8s.io/kubebuilder/v3/pkg/config" "sigs.k8s.io/kubebuilder/v3/pkg/machinery" "sigs.k8s.io/kubebuilder/v3/pkg/plugin" "sigs.k8s.io/kubebuilder/v3/pkg/plugin/util" "github.com/operator-framework/operator-sdk/internal/plugins/ansible/v1/scaffolds" + sdkutil "github.com/operator-framework/operator-sdk/internal/util" ) const ( @@ -48,11 +47,9 @@ type initSubcommand struct { commandName string // Flags - group string - domain string - version string - kind string - projectName string + group string + version string + kind string } // UpdateContext injects documentation for the command @@ -99,11 +96,6 @@ Optionally creates a new API, using the same flags as "create api" func (p *initSubcommand) BindFlags(fs *pflag.FlagSet) { fs.SortFlags = false - fs.StringVar(&p.domain, "domain", "my.domain", "domain for groups") - fs.StringVar(&p.projectName, "project-name", "", "name of this project, the default being directory name") - - // Bind GVK flags here so they can be passed to `create api`, - // for which GVK flags are auto-bound by the CLI. fs.StringVar(&p.group, "group", "", "resource Group") fs.StringVar(&p.version, "version", "", "resource Version") fs.StringVar(&p.kind, "kind", "", "resource Kind") @@ -112,31 +104,14 @@ func (p *initSubcommand) BindFlags(fs *pflag.FlagSet) { func (p *initSubcommand) InjectConfig(c config.Config) error { p.config = c - - if err := p.config.SetDomain(p.domain); err != nil { - return err - } - - // Assign a default project name - if p.projectName == "" { - dir, err := os.Getwd() - if err != nil { - return fmt.Errorf("error getting current directory: %v", err) - } - p.projectName = strings.ToLower(filepath.Base(dir)) - } - // Check if the project name is a valid k8s namespace (DNS 1123 label). - if err := validation.IsDNS1123Label(p.projectName); err != nil { - return fmt.Errorf("project name (%s) is invalid: %v", p.projectName, err) - } - if err := p.config.SetProjectName(p.projectName); err != nil { - return err - } - return nil } func (p *initSubcommand) Scaffold(fs machinery.Filesystem) error { + if err := addInitCustomizations(p.config.GetProjectName()); err != nil { + return fmt.Errorf("unable to scaffold the ansible customizations : %s", err) + } + scaffolder := scaffolds.NewInitScaffolder(p.config) scaffolder.InjectFS(fs) return scaffolder.Scaffold() @@ -174,3 +149,84 @@ func (p *initSubcommand) PostScaffold() error { return nil } + +// addInitCustomizations will perform the required customizations for this plugin on the common base +func addInitCustomizations(projectName string) error { + managerFile := filepath.Join("config", "manager", "manager.yaml") + + // todo: we ought to use afero instead. Replace this methods to insert/update + // by https://github.com/kubernetes-sigs/kubebuilder/pull/2119 + + // Add leader election + err := sdkutil.InsertCode(managerFile, + "--leader-elect", + fmt.Sprintf("\n - --leader-election-id=%s", projectName)) + if err != nil { + return err + } + err = sdkutil.InsertCode("config/default/manager_auth_proxy_patch.yaml", + "- \"--leader-elect\"", + fmt.Sprintf("\n - \"--leader-election-id=%s\"", projectName)) + if err != nil { + return err + } + + // remove the resources limits + // todo: remove it when we solve the issue operator-framework/operator-sdk#3573 + const resourcesLimitsFragment = ` resources: + limits: + cpu: 100m + memory: 30Mi + requests: + cpu: 100m + memory: 20Mi + ` + err = sdkutil.ReplaceInFile(managerFile, resourcesLimitsFragment, "") + if err != nil { + return err + } + + // Add ANSIBLE_GATHERING env var + const envVar = ` + env: + - name: ANSIBLE_GATHERING + value: explicit` + err = sdkutil.InsertCode(managerFile, "name: manager", envVar) + if err != nil { + return err + } + + // replace the default ports because ansible has been using another one + // todo: remove it when we be able to change the port for the default one + // issue: https://github.com/operator-framework/operator-sdk/issues/4331 + err = sdkutil.ReplaceInFile(managerFile, "port: 8081", "port: 6789") + if err != nil { + return err + } + err = sdkutil.ReplaceInFile("config/default/manager_auth_proxy_patch.yaml", "8081", "6789") + if err != nil { + return err + } + err = sdkutil.ReplaceInFile("config/manager/controller_manager_config.yaml", "8081", "6789") + if err != nil { + return err + } + + // Remove the webhook option for the componentConfig since webhooks are not supported by ansible + err = sdkutil.ReplaceInFile("config/manager/controller_manager_config.yaml", "webhook:\n port: 9443", "") + if err != nil { + return err + } + + // Remove the call to the command as manager. Helm/Ansible has not been exposing this entrypoint + // todo: provide the manager entrypoint for helm/ansible and then remove it + const command = `command: + - /manager + ` + err = sdkutil.ReplaceInFile(managerFile, command, "") + if err != nil { + return err + } + + return nil +} diff --git a/internal/plugins/ansible/v1/scaffolds/init.go b/internal/plugins/ansible/v1/scaffolds/init.go index 3b20c2fba41..661585f9f33 100644 --- a/internal/plugins/ansible/v1/scaffolds/init.go +++ b/internal/plugins/ansible/v1/scaffolds/init.go @@ -24,8 +24,6 @@ import ( "github.com/operator-framework/operator-sdk/internal/plugins/ansible/v1/scaffolds/internal/templates" "github.com/operator-framework/operator-sdk/internal/plugins/ansible/v1/scaffolds/internal/templates/config/kdefault" - "github.com/operator-framework/operator-sdk/internal/plugins/ansible/v1/scaffolds/internal/templates/config/manager" - "github.com/operator-framework/operator-sdk/internal/plugins/ansible/v1/scaffolds/internal/templates/config/prometheus" "github.com/operator-framework/operator-sdk/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac" "github.com/operator-framework/operator-sdk/internal/plugins/ansible/v1/scaffolds/internal/templates/config/testing" "github.com/operator-framework/operator-sdk/internal/plugins/ansible/v1/scaffolds/internal/templates/config/testing/pullpolicy" @@ -86,26 +84,8 @@ func (s *initScaffolder) Scaffold() error { &templates.GitIgnore{}, &templates.RequirementsYml{}, &templates.Watches{}, - - &rbac.Kustomization{}, - &rbac.ClientClusterRole{}, - &rbac.AuthProxyRole{}, - &rbac.AuthProxyRoleBinding{}, - &rbac.AuthProxyService{}, - &rbac.LeaderElectionRole{}, - &rbac.LeaderElectionRoleBinding{}, &rbac.ManagerRole{}, - &rbac.RoleBinding{}, - &rbac.ServiceAccount{}, - &prometheus.Kustomization{}, - &prometheus.ServiceMonitor{}, - - &manager.Config{Image: imageName}, - &manager.Kustomization{}, - &kdefault.Kustomization{}, - &kdefault.ManagerAuthProxyPatch{}, - &roles.Placeholder{}, &playbooks.Placeholder{}, diff --git a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/kdefault/kustomization.go b/internal/plugins/ansible/v1/scaffolds/internal/templates/config/kdefault/kustomization.go index 4619832082b..869347d5802 100644 --- a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/kdefault/kustomization.go +++ b/internal/plugins/ansible/v1/scaffolds/internal/templates/config/kdefault/kustomization.go @@ -39,7 +39,9 @@ func (f *Kustomization) SetTemplateDefaults() error { f.TemplateBody = kustomizeTemplate - f.IfExistsAction = machinery.Error + // For Anible/Helm is no supported webhooks then, we customize + // it in the init + f.IfExistsAction = machinery.OverwriteFile return nil } diff --git a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/kdefault/manager_auth_proxy_patch.go b/internal/plugins/ansible/v1/scaffolds/internal/templates/config/kdefault/manager_auth_proxy_patch.go deleted file mode 100644 index 3c0713beb68..00000000000 --- a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/kdefault/manager_auth_proxy_patch.go +++ /dev/null @@ -1,75 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. -Modifications copyright 2020 The Operator-SDK Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package kdefault - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &ManagerAuthProxyPatch{} - -// ManagerAuthProxyPatch scaffolds the patch file for enabling -// prometheus metrics for manager Pod. -type ManagerAuthProxyPatch struct { - machinery.TemplateMixin - machinery.ProjectNameMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *ManagerAuthProxyPatch) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "default", "manager_auth_proxy_patch.yaml") - } - - f.TemplateBody = kustomizeAuthProxyPatchTemplate - - f.IfExistsAction = machinery.Error - - return nil -} - -const kustomizeAuthProxyPatchTemplate = `# This patch inject a sidecar container which is a HTTP proxy for the -# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: kube-rbac-proxy - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - args: - - "--secure-listen-address=0.0.0.0:8443" - - "--upstream=http://127.0.0.1:8080/" - - "--logtostderr=true" - - "--v=10" - ports: - - containerPort: 8443 - name: https - - name: manager - args: - - "--health-probe-bind-address=:6789" - - "--metrics-bind-address=127.0.0.1:8080" - - "--leader-elect" - - "--leader-election-id={{ .ProjectName }}" -` diff --git a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/manager/config.go b/internal/plugins/ansible/v1/scaffolds/internal/templates/config/manager/config.go deleted file mode 100644 index 1d1a28edcf7..00000000000 --- a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/manager/config.go +++ /dev/null @@ -1,99 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. -Modifications copyright 2020 The Operator-SDK Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package manager - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &Config{} - -// Config scaffolds yaml config for the manager. -type Config struct { - machinery.TemplateMixin - machinery.ProjectNameMixin - - // Image is controller manager image name - Image string -} - -// SetTemplateDefaults implements machinery.Template -func (f *Config) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "manager", "manager.yaml") - } - - f.TemplateBody = configTemplate - - return nil -} - -const configTemplate = `apiVersion: v1 -kind: Namespace -metadata: - labels: - control-plane: controller-manager - name: system ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system - labels: - control-plane: controller-manager -spec: - selector: - matchLabels: - control-plane: controller-manager - replicas: 1 - template: - metadata: - labels: - control-plane: controller-manager - spec: - securityContext: - runAsNonRoot: true - containers: - - name: manager - args: - - "--leader-elect" - - "--leader-election-id={{ .ProjectName }}" - env: - - name: ANSIBLE_GATHERING - value: explicit - image: {{ .Image }} - securityContext: - allowPrivilegeEscalation: false - livenessProbe: - httpGet: - path: /healthz - port: 6789 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - httpGet: - path: /readyz - port: 6789 - initialDelaySeconds: 5 - periodSeconds: 10 - serviceAccountName: controller-manager - terminationGracePeriodSeconds: 10 -` diff --git a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/manager/kustomization.go b/internal/plugins/ansible/v1/scaffolds/internal/templates/config/manager/kustomization.go deleted file mode 100644 index 1d7340421a7..00000000000 --- a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/manager/kustomization.go +++ /dev/null @@ -1,47 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package manager - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &Kustomization{} - -// Kustomization scaffolds a file that defines the kustomization scheme for the manager folder -type Kustomization struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *Kustomization) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "manager", "kustomization.yaml") - } - - f.TemplateBody = kustomizeManagerTemplate - - f.IfExistsAction = machinery.Error - - return nil -} - -const kustomizeManagerTemplate = `resources: -- manager.yaml -` diff --git a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/prometheus/kustomization.go b/internal/plugins/ansible/v1/scaffolds/internal/templates/config/prometheus/kustomization.go deleted file mode 100644 index 64821e1e411..00000000000 --- a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/prometheus/kustomization.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package prometheus - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &Kustomization{} - -// Kustomization scaffolds the kustomizaiton in the prometheus folder -type Kustomization struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *Kustomization) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "prometheus", "kustomization.yaml") - } - - f.TemplateBody = kustomizationTemplate - - return nil -} - -const kustomizationTemplate = `resources: -- monitor.yaml -` diff --git a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/prometheus/monitor.go b/internal/plugins/ansible/v1/scaffolds/internal/templates/config/prometheus/monitor.go deleted file mode 100644 index 2d2570e2310..00000000000 --- a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/prometheus/monitor.go +++ /dev/null @@ -1,63 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package prometheus - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &ServiceMonitor{} - -// ServiceMonitor scaffolds an issuer CR and a certificate CR -type ServiceMonitor struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *ServiceMonitor) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "prometheus", "monitor.yaml") - } - - f.TemplateBody = serviceMonitorTemplate - - return nil -} - -const serviceMonitorTemplate = `--- -# Prometheus Monitor Service (Metrics) -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - control-plane: controller-manager - name: controller-manager-metrics-monitor - namespace: system -spec: - endpoints: - - path: /metrics - port: https - scheme: https - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - tlsConfig: - insecureSkipVerify: true - selector: - matchLabels: - control-plane: controller-manager -` diff --git a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/auth_proxy_client_clusterrole.go b/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/auth_proxy_client_clusterrole.go deleted file mode 100644 index 281797af6c1..00000000000 --- a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/auth_proxy_client_clusterrole.go +++ /dev/null @@ -1,50 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &ClientClusterRole{} - -// ClientClusterRole scaffolds the config/rbac/client_clusterrole.yaml file -type ClientClusterRole struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *ClientClusterRole) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "auth_proxy_client_clusterrole.yaml") - } - - f.TemplateBody = clientClusterRoleTemplate - - return nil -} - -const clientClusterRoleTemplate = `apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: metrics-reader -rules: -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -` diff --git a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/auth_proxy_role.go b/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/auth_proxy_role.go deleted file mode 100644 index dd18925d633..00000000000 --- a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/auth_proxy_role.go +++ /dev/null @@ -1,56 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &AuthProxyRole{} - -// AuthProxyRole scaffolds the config/rbac/auth_proxy_role.yaml file -type AuthProxyRole struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *AuthProxyRole) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "auth_proxy_role.yaml") - } - - f.TemplateBody = proxyRoleTemplate - - return nil -} - -const proxyRoleTemplate = `apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: proxy-role -rules: -- apiGroups: ["authentication.k8s.io"] - resources: - - tokenreviews - verbs: ["create"] -- apiGroups: ["authorization.k8s.io"] - resources: - - subjectaccessreviews - verbs: ["create"] -` diff --git a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/auth_proxy_role_binding.go b/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/auth_proxy_role_binding.go deleted file mode 100644 index 1e5e98fba9a..00000000000 --- a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/auth_proxy_role_binding.go +++ /dev/null @@ -1,55 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &AuthProxyRoleBinding{} - -// AuthProxyRoleBinding scaffolds the config/rbac/auth_proxy_role_binding_rbac.yaml file -type AuthProxyRoleBinding struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *AuthProxyRoleBinding) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "auth_proxy_role_binding.yaml") - } - - f.TemplateBody = proxyRoleBindinggTemplate - - return nil -} - -const proxyRoleBindinggTemplate = `apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: proxy-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: proxy-role -subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system -` diff --git a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/auth_proxy_service.go b/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/auth_proxy_service.go deleted file mode 100644 index f3e8408874c..00000000000 --- a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/auth_proxy_service.go +++ /dev/null @@ -1,57 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &AuthProxyService{} - -// AuthProxyService scaffolds the config/rbac/auth_proxy_service.yaml file -type AuthProxyService struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *AuthProxyService) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "auth_proxy_service.yaml") - } - - f.TemplateBody = authProxyServiceTemplate - - return nil -} - -const authProxyServiceTemplate = `apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: controller-manager - name: controller-manager-metrics-service - namespace: system -spec: - ports: - - name: https - port: 8443 - targetPort: https - selector: - control-plane: controller-manager -` diff --git a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/kustomization.go b/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/kustomization.go deleted file mode 100644 index 49b5c435a03..00000000000 --- a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/kustomization.go +++ /dev/null @@ -1,63 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &Kustomization{} - -// Kustomization scaffolds the Kustomization file in rbac folder. -type Kustomization struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *Kustomization) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "kustomization.yaml") - } - - f.TemplateBody = kustomizeRBACTemplate - - f.IfExistsAction = machinery.Error - - return nil -} - -const kustomizeRBACTemplate = `resources: -# All RBAC will be applied under this service account in -# the deployment namespace. You may comment out this resource -# if your manager will use a service account that exists at -# runtime. Be sure to update RoleBinding and ClusterRoleBinding -# subjects if changing service account names. -- service_account.yaml -- role.yaml -- role_binding.yaml -- leader_election_role.yaml -- leader_election_role_binding.yaml -# Comment the following 4 lines if you want to disable -# the auth proxy (https://github.com/brancz/kube-rbac-proxy) -# which protects your /metrics endpoint. -- auth_proxy_service.yaml -- auth_proxy_role.yaml -- auth_proxy_role_binding.yaml -- auth_proxy_client_clusterrole.yaml -` diff --git a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/leader_election_role.go b/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/leader_election_role.go deleted file mode 100644 index 8cfccc27792..00000000000 --- a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/leader_election_role.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &LeaderElectionRole{} - -// LeaderElectionRole scaffolds the config/rbac/leader_election_role.yaml file -type LeaderElectionRole struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *LeaderElectionRole) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "leader_election_role.yaml") - } - - f.TemplateBody = leaderElectionRoleTemplate - - return nil -} - -const leaderElectionRoleTemplate = `# permissions to do leader election. -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: leader-election-role -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -` diff --git a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/leader_election_role_binding.go b/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/leader_election_role_binding.go deleted file mode 100644 index d4a901f98d6..00000000000 --- a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/leader_election_role_binding.go +++ /dev/null @@ -1,55 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &LeaderElectionRoleBinding{} - -// LeaderElectionRoleBinding scaffolds the config/rbac/leader_election_role_binding.yaml file -type LeaderElectionRoleBinding struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *LeaderElectionRoleBinding) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "leader_election_role_binding.yaml") - } - - f.TemplateBody = leaderElectionRoleBindingTemplate - - return nil -} - -const leaderElectionRoleBindingTemplate = `apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: leader-election-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: leader-election-role -subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system -` diff --git a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/role_binding.go b/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/role_binding.go deleted file mode 100644 index 1d09866eab1..00000000000 --- a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/role_binding.go +++ /dev/null @@ -1,57 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. -Modifications copyright 2020 The Operator-SDK Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &RoleBinding{} - -// RoleBinding scaffolds the config/rbac/role_binding.yaml file -type RoleBinding struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *RoleBinding) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "role_binding.yaml") - } - - f.TemplateBody = roleBindingTemplate - - return nil -} - -const roleBindingTemplate = `--- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: manager-role -subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system -` diff --git a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/service_account.go b/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/service_account.go deleted file mode 100644 index 87bd6176bf5..00000000000 --- a/internal/plugins/ansible/v1/scaffolds/internal/templates/config/rbac/service_account.go +++ /dev/null @@ -1,48 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &ServiceAccount{} - -// ServiceAccount scaffolds a file that defines the service account the manager is deployed in. -type ServiceAccount struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *ServiceAccount) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "service_account.yaml") - } - - f.TemplateBody = serviceAccountTemplate - - return nil -} - -const serviceAccountTemplate = `apiVersion: v1 -kind: ServiceAccount -metadata: - name: controller-manager - namespace: system -` diff --git a/internal/plugins/helm/v1/init.go b/internal/plugins/helm/v1/init.go index f15a475b081..d86be6d8e1d 100644 --- a/internal/plugins/helm/v1/init.go +++ b/internal/plugins/helm/v1/init.go @@ -18,16 +18,15 @@ import ( "fmt" "os" "path/filepath" - "strings" "github.com/spf13/pflag" - "k8s.io/apimachinery/pkg/util/validation" "sigs.k8s.io/kubebuilder/v3/pkg/config" "sigs.k8s.io/kubebuilder/v3/pkg/machinery" "sigs.k8s.io/kubebuilder/v3/pkg/plugin" "sigs.k8s.io/kubebuilder/v3/pkg/plugin/util" "github.com/operator-framework/operator-sdk/internal/plugins/helm/v1/scaffolds" + sdkutil "github.com/operator-framework/operator-sdk/internal/util" ) const ( @@ -45,11 +44,9 @@ type initSubcommand struct { commandName string // Flags - group string - domain string - version string - kind string - projectName string + group string + version string + kind string } var _ plugin.InitSubcommand = &initSubcommand{} @@ -121,11 +118,6 @@ Writes the following files: func (p *initSubcommand) BindFlags(fs *pflag.FlagSet) { fs.SortFlags = false - fs.StringVar(&p.domain, "domain", "my.domain", "domain for groups") - fs.StringVar(&p.projectName, "project-name", "", "name of this project, the default being directory name") - - // Bind GVK flags here so they can be passed to `create api`, - // for which GVK flags are auto-bound by the CLI. fs.StringVar(&p.group, groupFlag, "", "resource Group") fs.StringVar(&p.version, versionFlag, "", "resource Version") fs.StringVar(&p.kind, kindFlag, "", "resource Kind") @@ -134,31 +126,14 @@ func (p *initSubcommand) BindFlags(fs *pflag.FlagSet) { func (p *initSubcommand) InjectConfig(c config.Config) error { p.config = c - - if err := p.config.SetDomain(p.domain); err != nil { - return err - } - - // Assign a default project name - if p.projectName == "" { - dir, err := os.Getwd() - if err != nil { - return fmt.Errorf("error getting current directory: %v", err) - } - p.projectName = strings.ToLower(filepath.Base(dir)) - } - // Check if the project name is a valid k8s namespace (DNS 1123 label). - if err := validation.IsDNS1123Label(p.projectName); err != nil { - return fmt.Errorf("project name (%s) is invalid: %v", p.projectName, err) - } - if err := p.config.SetProjectName(p.projectName); err != nil { - return err - } - return nil } func (p *initSubcommand) Scaffold(fs machinery.Filesystem) error { + if err := addInitCustomizations(p.config.GetProjectName()); err != nil { + return fmt.Errorf("unable to scaffold the helm customizations : %s", err) + } + scaffolder := scaffolds.NewInitScaffolder(p.config) scaffolder.InjectFS(fs) return scaffolder.Scaffold() @@ -200,3 +175,54 @@ func (p *initSubcommand) PostScaffold() error { return nil } + +// addInitCustomizations will perform the required customizations for this plugin on the common base +func addInitCustomizations(projectName string) error { + managerFile := filepath.Join("config", "manager", "manager.yaml") + + // todo: we ought to use afero instead. Replace this methods to insert/update + // by https://github.com/kubernetes-sigs/kubebuilder/pull/2119 + + // Add leader election arg in config/manager/manager.yaml and in config/default/manager_auth_proxy_patch.yaml + err := sdkutil.InsertCode(managerFile, + "--leader-elect", + fmt.Sprintf("\n - --leader-election-id=%s", projectName)) + if err != nil { + return err + } + + err = sdkutil.InsertCode("config/default/manager_auth_proxy_patch.yaml", + "- \"--leader-elect\"", + fmt.Sprintf("\n - \"--leader-election-id=%s\"", projectName)) + if err != nil { + return err + } + + // Increase the default memory required. + err = sdkutil.ReplaceInFile(managerFile, "memory: 30Mi", "memory: 90Mi") + if err != nil { + return err + } + err = sdkutil.ReplaceInFile(managerFile, "memory: 20Mi", "memory: 60Mi") + if err != nil { + return err + } + + // Remove the webhook option for the componentConfig since webhooks are not supported by helm + err = sdkutil.ReplaceInFile("config/manager/controller_manager_config.yaml", "webhook:\n port: 9443", "") + if err != nil { + return err + } + + // Remove the call to the command as manager. Helm/Ansible has not been exposing this entrypoint + // todo: provide the manager entrypoint for helm/ansible and then remove it + const command = `command: + - /manager + ` + err = sdkutil.ReplaceInFile(managerFile, command, "") + if err != nil { + return err + } + + return nil +} diff --git a/internal/plugins/helm/v1/scaffolds/init.go b/internal/plugins/helm/v1/scaffolds/init.go index e461962f255..69e2c77c317 100644 --- a/internal/plugins/helm/v1/scaffolds/init.go +++ b/internal/plugins/helm/v1/scaffolds/init.go @@ -27,8 +27,6 @@ import ( "github.com/operator-framework/operator-sdk/internal/plugins/helm/v1/chartutil" "github.com/operator-framework/operator-sdk/internal/plugins/helm/v1/scaffolds/internal/templates" "github.com/operator-framework/operator-sdk/internal/plugins/helm/v1/scaffolds/internal/templates/config/kdefault" - "github.com/operator-framework/operator-sdk/internal/plugins/helm/v1/scaffolds/internal/templates/config/manager" - "github.com/operator-framework/operator-sdk/internal/plugins/helm/v1/scaffolds/internal/templates/config/prometheus" "github.com/operator-framework/operator-sdk/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac" "github.com/operator-framework/operator-sdk/internal/version" ) @@ -87,21 +85,7 @@ func (s *initScaffolder) Scaffold() error { HelmOperatorVersion: helmOperatorVersion, }, &templates.Watches{}, - &rbac.AuthProxyRole{}, - &rbac.AuthProxyRoleBinding{}, - &rbac.AuthProxyService{}, - &rbac.ClientClusterRole{}, - &rbac.Kustomization{}, - &rbac.LeaderElectionRole{}, - &rbac.LeaderElectionRoleBinding{}, &rbac.ManagerRole{}, - &rbac.ManagerRoleBinding{}, - &rbac.ServiceAccount{}, - &manager.Kustomization{}, - &manager.Config{Image: imageName}, - &prometheus.Kustomization{}, - &prometheus.ServiceMonitor{}, - &kdefault.ManagerAuthProxyPatch{}, &kdefault.Kustomization{}, ) } diff --git a/internal/plugins/helm/v1/scaffolds/internal/templates/config/kdefault/kustomization.go b/internal/plugins/helm/v1/scaffolds/internal/templates/config/kdefault/kustomization.go index ee488be81f2..42e9e380319 100644 --- a/internal/plugins/helm/v1/scaffolds/internal/templates/config/kdefault/kustomization.go +++ b/internal/plugins/helm/v1/scaffolds/internal/templates/config/kdefault/kustomization.go @@ -39,7 +39,9 @@ func (f *Kustomization) SetTemplateDefaults() error { f.TemplateBody = kustomizeTemplate - f.IfExistsAction = machinery.Error + // For Anible/Helm is no supported webhooks then, we customize + // it in the init + f.IfExistsAction = machinery.OverwriteFile return nil } diff --git a/internal/plugins/helm/v1/scaffolds/internal/templates/config/kdefault/manager_auth_proxy_patch.go b/internal/plugins/helm/v1/scaffolds/internal/templates/config/kdefault/manager_auth_proxy_patch.go deleted file mode 100644 index 73d4b78dcf5..00000000000 --- a/internal/plugins/helm/v1/scaffolds/internal/templates/config/kdefault/manager_auth_proxy_patch.go +++ /dev/null @@ -1,74 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. -Modifications copyright 2020 The Operator-SDK Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package kdefault - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &ManagerAuthProxyPatch{} - -// ManagerAuthProxyPatch scaffolds the patch file for enabling prometheus metrics for manager Pod. -type ManagerAuthProxyPatch struct { - machinery.TemplateMixin - machinery.ProjectNameMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *ManagerAuthProxyPatch) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "default", "manager_auth_proxy_patch.yaml") - } - - f.TemplateBody = kustomizeAuthProxyPatchTemplate - - f.IfExistsAction = machinery.Error - - return nil -} - -const kustomizeAuthProxyPatchTemplate = `# This patch inject a sidecar container which is a HTTP proxy for the -# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: kube-rbac-proxy - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - args: - - "--secure-listen-address=0.0.0.0:8443" - - "--upstream=http://127.0.0.1:8080/" - - "--logtostderr=true" - - "--v=10" - ports: - - containerPort: 8443 - name: https - - name: manager - args: - - "--health-probe-bind-address=:8081" - - "--metrics-bind-address=127.0.0.1:8080" - - "--leader-elect" - - "--leader-election-id={{ .ProjectName }}" -` diff --git a/internal/plugins/helm/v1/scaffolds/internal/templates/config/manager/config.go b/internal/plugins/helm/v1/scaffolds/internal/templates/config/manager/config.go deleted file mode 100644 index 54696b58e2a..00000000000 --- a/internal/plugins/helm/v1/scaffolds/internal/templates/config/manager/config.go +++ /dev/null @@ -1,102 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package manager - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &Config{} - -// Config scaffolds yaml config for the manager. -type Config struct { - machinery.TemplateMixin - machinery.ProjectNameMixin - - // Image is controller manager image name - Image string -} - -// SetTemplateDefaults implements machinery.Template -func (f *Config) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "manager", "manager.yaml") - } - - f.TemplateBody = configTemplate - - return nil -} - -const configTemplate = `apiVersion: v1 -kind: Namespace -metadata: - labels: - control-plane: controller-manager - name: system ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system - labels: - control-plane: controller-manager -spec: - selector: - matchLabels: - control-plane: controller-manager - replicas: 1 - template: - metadata: - labels: - control-plane: controller-manager - spec: - securityContext: - runAsNonRoot: true - containers: - - image: {{ .Image }} - args: - - "--leader-elect" - - "--leader-election-id={{ .ProjectName }}" - name: manager - securityContext: - allowPrivilegeEscalation: false - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 100m - memory: 90Mi - requests: - cpu: 100m - memory: 60Mi - serviceAccountName: controller-manager - terminationGracePeriodSeconds: 10 -` diff --git a/internal/plugins/helm/v1/scaffolds/internal/templates/config/manager/kustomization.go b/internal/plugins/helm/v1/scaffolds/internal/templates/config/manager/kustomization.go deleted file mode 100644 index 6938b010ebb..00000000000 --- a/internal/plugins/helm/v1/scaffolds/internal/templates/config/manager/kustomization.go +++ /dev/null @@ -1,47 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package manager - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &Kustomization{} - -// Kustomization scaffolds a file that defines the kustomization scheme for the manager folder -type Kustomization struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *Kustomization) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "manager", "kustomization.yaml") - } - - f.TemplateBody = kustomizeManagerTemplate - - f.IfExistsAction = machinery.Error - - return nil -} - -const kustomizeManagerTemplate = `resources: -- manager.yaml -` diff --git a/internal/plugins/helm/v1/scaffolds/internal/templates/config/prometheus/kustomization.go b/internal/plugins/helm/v1/scaffolds/internal/templates/config/prometheus/kustomization.go deleted file mode 100644 index 64821e1e411..00000000000 --- a/internal/plugins/helm/v1/scaffolds/internal/templates/config/prometheus/kustomization.go +++ /dev/null @@ -1,45 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package prometheus - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &Kustomization{} - -// Kustomization scaffolds the kustomizaiton in the prometheus folder -type Kustomization struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *Kustomization) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "prometheus", "kustomization.yaml") - } - - f.TemplateBody = kustomizationTemplate - - return nil -} - -const kustomizationTemplate = `resources: -- monitor.yaml -` diff --git a/internal/plugins/helm/v1/scaffolds/internal/templates/config/prometheus/monitor.go b/internal/plugins/helm/v1/scaffolds/internal/templates/config/prometheus/monitor.go deleted file mode 100644 index 87696014805..00000000000 --- a/internal/plugins/helm/v1/scaffolds/internal/templates/config/prometheus/monitor.go +++ /dev/null @@ -1,63 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package prometheus - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &ServiceMonitor{} - -// ServiceMonitor scaffolds an issuer CR and a certificate CR -type ServiceMonitor struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *ServiceMonitor) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "prometheus", "monitor.yaml") - } - - f.TemplateBody = serviceMonitorTemplate - - return nil -} - -const serviceMonitorTemplate = ` -# Prometheus Monitor Service (Metrics) -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - control-plane: controller-manager - name: controller-manager-metrics-monitor - namespace: system -spec: - endpoints: - - path: /metrics - port: https - scheme: https - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - tlsConfig: - insecureSkipVerify: true - selector: - matchLabels: - control-plane: controller-manager -` diff --git a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/auth_proxy_role.go b/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/auth_proxy_role.go deleted file mode 100644 index dd18925d633..00000000000 --- a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/auth_proxy_role.go +++ /dev/null @@ -1,56 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &AuthProxyRole{} - -// AuthProxyRole scaffolds the config/rbac/auth_proxy_role.yaml file -type AuthProxyRole struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *AuthProxyRole) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "auth_proxy_role.yaml") - } - - f.TemplateBody = proxyRoleTemplate - - return nil -} - -const proxyRoleTemplate = `apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: proxy-role -rules: -- apiGroups: ["authentication.k8s.io"] - resources: - - tokenreviews - verbs: ["create"] -- apiGroups: ["authorization.k8s.io"] - resources: - - subjectaccessreviews - verbs: ["create"] -` diff --git a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/auth_proxy_role_binding.go b/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/auth_proxy_role_binding.go deleted file mode 100644 index 1e5e98fba9a..00000000000 --- a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/auth_proxy_role_binding.go +++ /dev/null @@ -1,55 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &AuthProxyRoleBinding{} - -// AuthProxyRoleBinding scaffolds the config/rbac/auth_proxy_role_binding_rbac.yaml file -type AuthProxyRoleBinding struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *AuthProxyRoleBinding) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "auth_proxy_role_binding.yaml") - } - - f.TemplateBody = proxyRoleBindinggTemplate - - return nil -} - -const proxyRoleBindinggTemplate = `apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: proxy-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: proxy-role -subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system -` diff --git a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/auth_proxy_service.go b/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/auth_proxy_service.go deleted file mode 100644 index f3e8408874c..00000000000 --- a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/auth_proxy_service.go +++ /dev/null @@ -1,57 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &AuthProxyService{} - -// AuthProxyService scaffolds the config/rbac/auth_proxy_service.yaml file -type AuthProxyService struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *AuthProxyService) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "auth_proxy_service.yaml") - } - - f.TemplateBody = authProxyServiceTemplate - - return nil -} - -const authProxyServiceTemplate = `apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: controller-manager - name: controller-manager-metrics-service - namespace: system -spec: - ports: - - name: https - port: 8443 - targetPort: https - selector: - control-plane: controller-manager -` diff --git a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/client_cluster_role.go b/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/client_cluster_role.go deleted file mode 100644 index 281797af6c1..00000000000 --- a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/client_cluster_role.go +++ /dev/null @@ -1,50 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &ClientClusterRole{} - -// ClientClusterRole scaffolds the config/rbac/client_clusterrole.yaml file -type ClientClusterRole struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *ClientClusterRole) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "auth_proxy_client_clusterrole.yaml") - } - - f.TemplateBody = clientClusterRoleTemplate - - return nil -} - -const clientClusterRoleTemplate = `apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: metrics-reader -rules: -- nonResourceURLs: ["/metrics"] - verbs: ["get"] -` diff --git a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/kustomization.go b/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/kustomization.go deleted file mode 100644 index 49b5c435a03..00000000000 --- a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/kustomization.go +++ /dev/null @@ -1,63 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &Kustomization{} - -// Kustomization scaffolds the Kustomization file in rbac folder. -type Kustomization struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *Kustomization) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "kustomization.yaml") - } - - f.TemplateBody = kustomizeRBACTemplate - - f.IfExistsAction = machinery.Error - - return nil -} - -const kustomizeRBACTemplate = `resources: -# All RBAC will be applied under this service account in -# the deployment namespace. You may comment out this resource -# if your manager will use a service account that exists at -# runtime. Be sure to update RoleBinding and ClusterRoleBinding -# subjects if changing service account names. -- service_account.yaml -- role.yaml -- role_binding.yaml -- leader_election_role.yaml -- leader_election_role_binding.yaml -# Comment the following 4 lines if you want to disable -# the auth proxy (https://github.com/brancz/kube-rbac-proxy) -# which protects your /metrics endpoint. -- auth_proxy_service.yaml -- auth_proxy_role.yaml -- auth_proxy_role_binding.yaml -- auth_proxy_client_clusterrole.yaml -` diff --git a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/leader_election_role.go b/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/leader_election_role.go deleted file mode 100644 index 8cfccc27792..00000000000 --- a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/leader_election_role.go +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &LeaderElectionRole{} - -// LeaderElectionRole scaffolds the config/rbac/leader_election_role.yaml file -type LeaderElectionRole struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *LeaderElectionRole) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "leader_election_role.yaml") - } - - f.TemplateBody = leaderElectionRoleTemplate - - return nil -} - -const leaderElectionRoleTemplate = `# permissions to do leader election. -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: leader-election-role -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -` diff --git a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/leader_election_role_binding.go b/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/leader_election_role_binding.go deleted file mode 100644 index d4a901f98d6..00000000000 --- a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/leader_election_role_binding.go +++ /dev/null @@ -1,55 +0,0 @@ -/* -Copyright 2018 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &LeaderElectionRoleBinding{} - -// LeaderElectionRoleBinding scaffolds the config/rbac/leader_election_role_binding.yaml file -type LeaderElectionRoleBinding struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *LeaderElectionRoleBinding) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "leader_election_role_binding.yaml") - } - - f.TemplateBody = leaderElectionRoleBindingTemplate - - return nil -} - -const leaderElectionRoleBindingTemplate = `apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: leader-election-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: leader-election-role -subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system -` diff --git a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/manager_role_binding.go b/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/manager_role_binding.go deleted file mode 100644 index ebf018218d6..00000000000 --- a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/manager_role_binding.go +++ /dev/null @@ -1,55 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &ManagerRoleBinding{} - -// ManagerRoleBinding scaffolds the config/rbac/role_binding.yaml file -type ManagerRoleBinding struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *ManagerRoleBinding) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "role_binding.yaml") - } - - f.TemplateBody = managerBindingTemplate - - return nil -} - -const managerBindingTemplate = `apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: manager-role -subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system -` diff --git a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/service_account.go b/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/service_account.go deleted file mode 100644 index 87bd6176bf5..00000000000 --- a/internal/plugins/helm/v1/scaffolds/internal/templates/config/rbac/service_account.go +++ /dev/null @@ -1,48 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package rbac - -import ( - "path/filepath" - - "sigs.k8s.io/kubebuilder/v3/pkg/machinery" -) - -var _ machinery.Template = &ServiceAccount{} - -// ServiceAccount scaffolds a file that defines the service account the manager is deployed in. -type ServiceAccount struct { - machinery.TemplateMixin -} - -// SetTemplateDefaults implements machinery.Template -func (f *ServiceAccount) SetTemplateDefaults() error { - if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "service_account.yaml") - } - - f.TemplateBody = serviceAccountTemplate - - return nil -} - -const serviceAccountTemplate = `apiVersion: v1 -kind: ServiceAccount -metadata: - name: controller-manager - namespace: system -` diff --git a/internal/util/utils.go b/internal/util/utils.go new file mode 100644 index 00000000000..0a9aa3aa1b5 --- /dev/null +++ b/internal/util/utils.go @@ -0,0 +1,81 @@ +// Copyright 2020 The Operator-SDK Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// todo(camilamacedo86): push this helpers to kubbuilder + +package util + +import ( + "errors" + "io/ioutil" + "os" + "regexp" + "strings" +) + +func ReplaceInFile(path, old, new string) error { + info, err := os.Stat(path) + if err != nil { + return err + } + b, err := ioutil.ReadFile(path) + if err != nil { + return err + } + if !strings.Contains(string(b), old) { + return errors.New("unable to find the content to be replaced") + } + s := strings.Replace(string(b), old, new, -1) + err = ioutil.WriteFile(path, []byte(s), info.Mode()) + if err != nil { + return err + } + return nil +} + +func ReplaceRegexInFile(path, match, replace string) error { + matcher, err := regexp.Compile(match) + if err != nil { + return err + } + info, err := os.Stat(path) + if err != nil { + return err + } + b, err := ioutil.ReadFile(path) + if err != nil { + return err + } + s := matcher.ReplaceAllString(string(b), replace) + if s == string(b) { + return errors.New("unable to find the content to be replaced") + } + err = ioutil.WriteFile(path, []byte(s), info.Mode()) + if err != nil { + return err + } + return nil +} + +// InsertCode searches target content in the file and insert `toInsert` after the target. +func InsertCode(filename, target, code string) error { + contents, err := ioutil.ReadFile(filename) + if err != nil { + return err + } + idx := strings.Index(string(contents), target) + out := string(contents[:idx+len(target)]) + code + string(contents[idx+len(target):]) + // false positive + // nolint:gosec + return ioutil.WriteFile(filename, []byte(out), 0644) +} diff --git a/test/e2e/ansible/cluster_test.go b/test/e2e/ansible/cluster_test.go index f5a3c1d5ec3..c7058bec24d 100644 --- a/test/e2e/ansible/cluster_test.go +++ b/test/e2e/ansible/cluster_test.go @@ -26,6 +26,7 @@ import ( kbtestutils "sigs.k8s.io/kubebuilder/v3/test/e2e/utils" "github.com/operator-framework/operator-sdk/internal/testutils" + "github.com/operator-framework/operator-sdk/internal/util" ) var _ = Describe("Running ansible projects", func() { @@ -214,7 +215,7 @@ var _ = Describe("Running ansible projects", func() { Eventually(verifyMemcachedScalesBack, time.Minute, time.Second).Should(Succeed()) By("updating size to 2 in the CR manifest") - err = testutils.ReplaceInFile(memcachedSampleFile, "size: 1", "size: 2") + err = util.ReplaceInFile(memcachedSampleFile, "size: 1", "size: 2") Expect(err).NotTo(HaveOccurred()) By("applying CR manifest with size: 2") diff --git a/test/e2e/ansible/suite_test.go b/test/e2e/ansible/suite_test.go index bdf4d9fcbd5..2a75e11d8a3 100644 --- a/test/e2e/ansible/suite_test.go +++ b/test/e2e/ansible/suite_test.go @@ -27,6 +27,7 @@ import ( . "github.com/onsi/gomega" "github.com/operator-framework/operator-sdk/internal/testutils" + "github.com/operator-framework/operator-sdk/internal/util" ) // TestE2EAnsible ensures the ansible projects built with the SDK tool by using its binary. @@ -62,7 +63,7 @@ var _ = BeforeSuite(func() { Expect(exec.Command("cp", "-r", "../../../testdata/ansible/memcached-operator", tc.Dir).Run()).To(Succeed()) By("enabling debug logging in the manager") - err = testutils.ReplaceInFile(filepath.Join(tc.Dir, "config", "default", "manager_auth_proxy_patch.yaml"), + err = util.ReplaceInFile(filepath.Join(tc.Dir, "config", "default", "manager_auth_proxy_patch.yaml"), "- \"--leader-elect\"", "- \"--zap-log-level=2\"\n - \"--leader-elect\"") Expect(err).NotTo(HaveOccurred()) @@ -78,7 +79,7 @@ var _ = BeforeSuite(func() { Expect(err).NotTo(HaveOccurred()) By("replacing project Dockerfile to use ansible base image with the dev tag") - err = testutils.ReplaceRegexInFile(filepath.Join(tc.Dir, "Dockerfile"), "quay.io/operator-framework/ansible-operator:.*", "quay.io/operator-framework/ansible-operator:dev") + err = util.ReplaceRegexInFile(filepath.Join(tc.Dir, "Dockerfile"), "quay.io/operator-framework/ansible-operator:.*", "quay.io/operator-framework/ansible-operator:dev") Expect(err).Should(Succeed()) By("adding Memcached mock task to the role") @@ -95,12 +96,12 @@ var _ = BeforeSuite(func() { Expect(err).NotTo(HaveOccurred()) By("adding task to delete config map") - err = testutils.ReplaceInFile(filepath.Join(tc.Dir, "roles", "memfin", "tasks", "main.yml"), + err = util.ReplaceInFile(filepath.Join(tc.Dir, "roles", "memfin", "tasks", "main.yml"), "# tasks file for Memfin", taskToDeleteConfigMap) Expect(err).NotTo(HaveOccurred()) By("adding to watches finalizer and blacklist") - err = testutils.ReplaceInFile(filepath.Join(tc.Dir, "watches.yaml"), + err = util.ReplaceInFile(filepath.Join(tc.Dir, "watches.yaml"), "playbook: playbooks/memcached.yml", memcachedWatchCustomizations) Expect(err).NotTo(HaveOccurred()) @@ -113,7 +114,7 @@ var _ = BeforeSuite(func() { Expect(err).NotTo(HaveOccurred()) By("adding RBAC permissions for the Memcached Kind") - err = testutils.ReplaceInFile(filepath.Join(tc.Dir, "config", "rbac", "role.yaml"), + err = util.ReplaceInFile(filepath.Join(tc.Dir, "config", "rbac", "role.yaml"), "#+kubebuilder:scaffold:rules", rolesForBaseOperator) Expect(err).NotTo(HaveOccurred()) diff --git a/test/e2e/helm/cluster_test.go b/test/e2e/helm/cluster_test.go index 55b568b8e55..b3213efe92f 100644 --- a/test/e2e/helm/cluster_test.go +++ b/test/e2e/helm/cluster_test.go @@ -26,6 +26,7 @@ import ( kbtestutils "sigs.k8s.io/kubebuilder/v3/test/e2e/utils" "github.com/operator-framework/operator-sdk/internal/testutils" + "github.com/operator-framework/operator-sdk/internal/util" ) var _ = Describe("Running Helm projects", func() { @@ -114,7 +115,7 @@ var _ = Describe("Running Helm projects", func() { fmt.Sprintf("%s_%s_%s.yaml", tc.Group, tc.Version, strings.ToLower(tc.Kind))) By("updating replicaCount to 1 in the CR manifest") - err = testutils.ReplaceInFile(filepath.Join(tc.Dir, sampleFile), "replicaCount: 3", "replicaCount: 1") + err = util.ReplaceInFile(filepath.Join(tc.Dir, sampleFile), "replicaCount: 3", "replicaCount: 1") Expect(err).NotTo(HaveOccurred()) By("creating an instance of release(CR)") @@ -172,7 +173,7 @@ var _ = Describe("Running Helm projects", func() { Eventually(verifyRelease, time.Minute, time.Second).Should(Succeed()) By("updating replicaCount to 2 in the CR manifest") - err = testutils.ReplaceInFile(filepath.Join(tc.Dir, sampleFile), "replicaCount: 1", "replicaCount: 2") + err = util.ReplaceInFile(filepath.Join(tc.Dir, sampleFile), "replicaCount: 1", "replicaCount: 2") Expect(err).NotTo(HaveOccurred()) By("applying CR manifest with replicaCount: 2") diff --git a/test/e2e/helm/suite_test.go b/test/e2e/helm/suite_test.go index f95d35fc919..9c56bd82b72 100644 --- a/test/e2e/helm/suite_test.go +++ b/test/e2e/helm/suite_test.go @@ -24,6 +24,7 @@ import ( . "github.com/onsi/gomega" "github.com/operator-framework/operator-sdk/internal/testutils" + "github.com/operator-framework/operator-sdk/internal/util" ) // TestE2EHelm ensures the Helm projects built with the SDK tool by using its binary. @@ -71,7 +72,7 @@ var _ = BeforeSuite(func() { Expect(err).NotTo(HaveOccurred()) By("replacing project Dockerfile to use Helm base image with the dev tag") - err = testutils.ReplaceRegexInFile(filepath.Join(tc.Dir, "Dockerfile"), "quay.io/operator-framework/helm-operator:.*", "quay.io/operator-framework/helm-operator:dev") + err = util.ReplaceRegexInFile(filepath.Join(tc.Dir, "Dockerfile"), "quay.io/operator-framework/helm-operator:.*", "quay.io/operator-framework/helm-operator:dev") Expect(err).Should(Succeed()) By("checking the kustomize setup") diff --git a/testdata/ansible/memcached-operator/bundle/manifests/memcached-operator-manager-config_v1_configmap.yaml b/testdata/ansible/memcached-operator/bundle/manifests/memcached-operator-manager-config_v1_configmap.yaml new file mode 100644 index 00000000000..b8b880af9b3 --- /dev/null +++ b/testdata/ansible/memcached-operator/bundle/manifests/memcached-operator-manager-config_v1_configmap.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +data: + controller_manager_config.yaml: | + apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 + kind: ControllerManagerConfig + health: + healthProbeBindAddress: :6789 + metrics: + bindAddress: 127.0.0.1:8080 + leaderElection: + leaderElect: true + resourceName: 811c9dc5.example.com +kind: ConfigMap +metadata: + name: memcached-operator-manager-config diff --git a/testdata/ansible/memcached-operator/bundle/manifests/memcached-operator.clusterserviceversion.yaml b/testdata/ansible/memcached-operator/bundle/manifests/memcached-operator.clusterserviceversion.yaml index e1361a714ca..915456f2f1d 100644 --- a/testdata/ansible/memcached-operator/bundle/manifests/memcached-operator.clusterserviceversion.yaml +++ b/testdata/ansible/memcached-operator/bundle/manifests/memcached-operator.clusterserviceversion.yaml @@ -149,8 +149,10 @@ spec: - rules: - apiGroups: - "" + - coordination.k8s.io resources: - configmaps + - leases verbs: - get - list diff --git a/testdata/ansible/memcached-operator/config/default/manager_config_patch.yaml b/testdata/ansible/memcached-operator/config/default/manager_config_patch.yaml new file mode 100644 index 00000000000..6c400155cfb --- /dev/null +++ b/testdata/ansible/memcached-operator/config/default/manager_config_patch.yaml @@ -0,0 +1,20 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + args: + - "--config=controller_manager_config.yaml" + volumeMounts: + - name: manager-config + mountPath: /controller_manager_config.yaml + subPath: controller_manager_config.yaml + volumes: + - name: manager-config + configMap: + name: manager-config diff --git a/testdata/ansible/memcached-operator/config/manager/controller_manager_config.yaml b/testdata/ansible/memcached-operator/config/manager/controller_manager_config.yaml new file mode 100644 index 00000000000..23bf17448fa --- /dev/null +++ b/testdata/ansible/memcached-operator/config/manager/controller_manager_config.yaml @@ -0,0 +1,10 @@ +apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 +kind: ControllerManagerConfig +health: + healthProbeBindAddress: :6789 +metrics: + bindAddress: 127.0.0.1:8080 + +leaderElection: + leaderElect: true + resourceName: 811c9dc5.example.com diff --git a/testdata/ansible/memcached-operator/config/manager/kustomization.yaml b/testdata/ansible/memcached-operator/config/manager/kustomization.yaml index 1a4048d1bb7..9d957eced1c 100644 --- a/testdata/ansible/memcached-operator/config/manager/kustomization.yaml +++ b/testdata/ansible/memcached-operator/config/manager/kustomization.yaml @@ -1,5 +1,13 @@ resources: - manager.yaml + +generatorOptions: + disableNameSuffixHash: true + +configMapGenerator: +- files: + - controller_manager_config.yaml + name: manager-config apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization images: diff --git a/testdata/ansible/memcached-operator/config/manager/manager.yaml b/testdata/ansible/memcached-operator/config/manager/manager.yaml index 2616562df52..9325e1ddfd3 100644 --- a/testdata/ansible/memcached-operator/config/manager/manager.yaml +++ b/testdata/ansible/memcached-operator/config/manager/manager.yaml @@ -25,27 +25,27 @@ spec: securityContext: runAsNonRoot: true containers: - - name: manager - args: - - "--leader-elect" - - "--leader-election-id=memcached-operator" - env: - - name: ANSIBLE_GATHERING - value: explicit - image: controller:latest - securityContext: - allowPrivilegeEscalation: false - livenessProbe: - httpGet: - path: /healthz - port: 6789 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - httpGet: - path: /readyz - port: 6789 - initialDelaySeconds: 5 - periodSeconds: 10 + - args: + - --leader-elect + - --leader-election-id=memcached-operator + image: controller:latest + name: manager + env: + - name: ANSIBLE_GATHERING + value: explicit + securityContext: + allowPrivilegeEscalation: false + livenessProbe: + httpGet: + path: /healthz + port: 6789 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 6789 + initialDelaySeconds: 5 + periodSeconds: 10 serviceAccountName: controller-manager terminationGracePeriodSeconds: 10 diff --git a/testdata/ansible/memcached-operator/config/prometheus/monitor.yaml b/testdata/ansible/memcached-operator/config/prometheus/monitor.yaml index a5bd8b17a4a..d19136ae710 100644 --- a/testdata/ansible/memcached-operator/config/prometheus/monitor.yaml +++ b/testdata/ansible/memcached-operator/config/prometheus/monitor.yaml @@ -1,4 +1,4 @@ ---- + # Prometheus Monitor Service (Metrics) apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor diff --git a/testdata/ansible/memcached-operator/config/rbac/leader_election_role.yaml b/testdata/ansible/memcached-operator/config/rbac/leader_election_role.yaml index 53e974910be..6334cc51c83 100644 --- a/testdata/ansible/memcached-operator/config/rbac/leader_election_role.yaml +++ b/testdata/ansible/memcached-operator/config/rbac/leader_election_role.yaml @@ -6,8 +6,10 @@ metadata: rules: - apiGroups: - "" + - coordination.k8s.io resources: - configmaps + - leases verbs: - get - list diff --git a/testdata/ansible/memcached-operator/config/rbac/role_binding.yaml b/testdata/ansible/memcached-operator/config/rbac/role_binding.yaml index 6bbb46c05ee..2070ede4462 100644 --- a/testdata/ansible/memcached-operator/config/rbac/role_binding.yaml +++ b/testdata/ansible/memcached-operator/config/rbac/role_binding.yaml @@ -1,4 +1,3 @@ ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: diff --git a/testdata/helm/memcached-operator/bundle/manifests/memcached-operator-manager-config_v1_configmap.yaml b/testdata/helm/memcached-operator/bundle/manifests/memcached-operator-manager-config_v1_configmap.yaml new file mode 100644 index 00000000000..727f1bc4ce1 --- /dev/null +++ b/testdata/helm/memcached-operator/bundle/manifests/memcached-operator-manager-config_v1_configmap.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +data: + controller_manager_config.yaml: | + apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 + kind: ControllerManagerConfig + health: + healthProbeBindAddress: :8081 + metrics: + bindAddress: 127.0.0.1:8080 + leaderElection: + leaderElect: true + resourceName: 811c9dc5.example.com +kind: ConfigMap +metadata: + name: memcached-operator-manager-config diff --git a/testdata/helm/memcached-operator/bundle/manifests/memcached-operator.clusterserviceversion.yaml b/testdata/helm/memcached-operator/bundle/manifests/memcached-operator.clusterserviceversion.yaml index 84a79721061..3e28ebce0c1 100644 --- a/testdata/helm/memcached-operator/bundle/manifests/memcached-operator.clusterserviceversion.yaml +++ b/testdata/helm/memcached-operator/bundle/manifests/memcached-operator.clusterserviceversion.yaml @@ -240,8 +240,10 @@ spec: - rules: - apiGroups: - "" + - coordination.k8s.io resources: - configmaps + - leases verbs: - get - list diff --git a/testdata/helm/memcached-operator/config/default/manager_config_patch.yaml b/testdata/helm/memcached-operator/config/default/manager_config_patch.yaml new file mode 100644 index 00000000000..6c400155cfb --- /dev/null +++ b/testdata/helm/memcached-operator/config/default/manager_config_patch.yaml @@ -0,0 +1,20 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + args: + - "--config=controller_manager_config.yaml" + volumeMounts: + - name: manager-config + mountPath: /controller_manager_config.yaml + subPath: controller_manager_config.yaml + volumes: + - name: manager-config + configMap: + name: manager-config diff --git a/testdata/helm/memcached-operator/config/manager/controller_manager_config.yaml b/testdata/helm/memcached-operator/config/manager/controller_manager_config.yaml new file mode 100644 index 00000000000..3933b87b509 --- /dev/null +++ b/testdata/helm/memcached-operator/config/manager/controller_manager_config.yaml @@ -0,0 +1,10 @@ +apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 +kind: ControllerManagerConfig +health: + healthProbeBindAddress: :8081 +metrics: + bindAddress: 127.0.0.1:8080 + +leaderElection: + leaderElect: true + resourceName: 811c9dc5.example.com diff --git a/testdata/helm/memcached-operator/config/manager/kustomization.yaml b/testdata/helm/memcached-operator/config/manager/kustomization.yaml index 1a4048d1bb7..9d957eced1c 100644 --- a/testdata/helm/memcached-operator/config/manager/kustomization.yaml +++ b/testdata/helm/memcached-operator/config/manager/kustomization.yaml @@ -1,5 +1,13 @@ resources: - manager.yaml + +generatorOptions: + disableNameSuffixHash: true + +configMapGenerator: +- files: + - controller_manager_config.yaml + name: manager-config apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization images: diff --git a/testdata/helm/memcached-operator/config/manager/manager.yaml b/testdata/helm/memcached-operator/config/manager/manager.yaml index ada09553be7..6dde7ee47fb 100644 --- a/testdata/helm/memcached-operator/config/manager/manager.yaml +++ b/testdata/helm/memcached-operator/config/manager/manager.yaml @@ -25,10 +25,10 @@ spec: securityContext: runAsNonRoot: true containers: - - image: controller:latest - args: - - "--leader-elect" - - "--leader-election-id=memcached-operator" + - args: + - --leader-elect + - --leader-election-id=memcached-operator + image: controller:latest name: manager securityContext: allowPrivilegeEscalation: false diff --git a/testdata/helm/memcached-operator/config/rbac/leader_election_role.yaml b/testdata/helm/memcached-operator/config/rbac/leader_election_role.yaml index 53e974910be..6334cc51c83 100644 --- a/testdata/helm/memcached-operator/config/rbac/leader_election_role.yaml +++ b/testdata/helm/memcached-operator/config/rbac/leader_election_role.yaml @@ -6,8 +6,10 @@ metadata: rules: - apiGroups: - "" + - coordination.k8s.io resources: - configmaps + - leases verbs: - get - list