diff --git a/Dockerfile.multiarch b/Dockerfile.multiarch index 1a2e537a..6cdb09d3 100644 --- a/Dockerfile.multiarch +++ b/Dockerfile.multiarch @@ -1,11 +1,27 @@ FROM alpine:3.18.2 ARG TARGETPLATFORM +ARG TARGETARCH RUN addgroup -S -g 65532 ng-user && \ adduser -S -D -H -u 65532 \ -s /sbin/nologin -G ng-user -g ng-user ng-user +RUN apk update \ + && apk upgrade \ + && apk add --no-cache \ + curl \ + && rm -rf /var/cache/apk/* + +RUN mkdir -p /tmp/nebula-operator +RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/${TARGETARCH}/kubectl +RUN chmod +x ./kubectl +RUN mv ./kubectl /usr/local/bin + +ADD charts/nebula-operator/crds/nebulaautoscalers.yaml /tmp/nebula-operator/nebulaautoscalers.yaml +ADD charts/nebula-operator/crds/nebulaclusters.yaml /tmp/nebula-operator/nebulaclusters.yaml +ADD charts/nebula-operator/crds/nebularestores.yaml /tmp/nebula-operator/nebularestores.yaml + ADD bin/${TARGETPLATFORM}/controller-manager /usr/local/bin/controller-manager ADD bin/${TARGETPLATFORM}/autoscaler /usr/local/bin/autoscaler ADD bin/${TARGETPLATFORM}/scheduler /usr/local/bin/scheduler diff --git a/charts/nebula-operator/templates/controller-manager-rbac.yaml b/charts/nebula-operator/templates/controller-manager-rbac.yaml index 48cd3e30..df49e15a 100644 --- a/charts/nebula-operator/templates/controller-manager-rbac.yaml +++ b/charts/nebula-operator/templates/controller-manager-rbac.yaml @@ -294,6 +294,17 @@ rules: - get - list - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - update + - patch + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/charts/nebula-operator/templates/upgrade_crd.yaml b/charts/nebula-operator/templates/upgrade_crd.yaml new file mode 100644 index 00000000..9d3d4b98 --- /dev/null +++ b/charts/nebula-operator/templates/upgrade_crd.yaml @@ -0,0 +1,36 @@ +{{- if .Values.upgradeCRD }} +apiVersion: batch/v1 +kind: Job +metadata: + name: nebula-operator-upgrade-crd + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-upgrade + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation + labels: + {{- include "nebula-operator.labels" . | nindent 4 }} + app.kubernetes.io/component: "nebula-operator" +spec: + template: + metadata: + name: nebula-operator-upgrade-crd + labels: + {{- include "nebula-operator.labels" . | nindent 8 }} + app.kubernetes.io/component: "nebula-operator" + spec: + serviceAccountName: {{ template "controller-manager.name" . }}-sa + {{- include "nebula-operator.imagePullSecrets" . | indent 6 }} + containers: + - name: upgrade-crd + image: {{ .Values.image.nebulaOperator.image }} + imagePullPolicy: {{ .Values.image.nebulaOperator.imagePullPolicy }} + command: + - /bin/sh + - -c + - > + kubectl apply -f /tmp/nebula-operator/nebulaautoscalers.yaml; + kubectl apply -f /tmp/nebula-operator/nebulaclusters.yaml; + kubectl apply -f /tmp/nebula-operator/nebularestores.yaml; + restartPolicy: OnFailure +{{- end }} \ No newline at end of file diff --git a/charts/nebula-operator/values.yaml b/charts/nebula-operator/values.yaml index 4f45ed5a..e8529f7d 100644 --- a/charts/nebula-operator/values.yaml +++ b/charts/nebula-operator/values.yaml @@ -40,6 +40,9 @@ scheduler: enabled: ["NodeZone"] disabled: [] # only in-tree plugins need to be defined here +# upgrade CRD on chart upgrade +upgradeCRD: true + # Enable openkruise scheme for controller manager. (default false) enableKruiseScheme: false