From 3361804db8dcd022e5d55707dd458dc1d52fb3fa Mon Sep 17 00:00:00 2001 From: Isala Piyarisi Date: Tue, 15 Feb 2022 23:05:11 +0530 Subject: [PATCH] fix(control-plane): Updated kubernetes manifest files --- control-plane/Makefile | 2 +- .../config/default/kustomization.yaml | 58 +-------------- .../default/manager_auth_proxy_patch.yaml | 34 --------- .../config/default/manager_config_patch.yaml | 20 ----- control-plane/config/manager/configmap.yaml | 7 ++ .../manager/controller_manager_config.yaml | 11 --- .../config/manager/kustomization.yaml | 11 ++- control-plane/config/manager/manager.yaml | 74 +++++++++---------- .../config/prometheus/kustomization.yaml | 2 - control-plane/config/prometheus/monitor.yaml | 20 ----- .../rbac/auth_proxy_client_clusterrole.yaml | 9 --- .../config/rbac/auth_proxy_role.yaml | 17 ----- .../config/rbac/auth_proxy_role_binding.yaml | 12 --- .../config/rbac/auth_proxy_service.yaml | 15 ---- control-plane/config/rbac/kustomization.yaml | 25 ++----- .../config/rbac/leader_election_role.yaml | 37 ---------- .../rbac/leader_election_role_binding.yaml | 12 --- control-plane/config/rbac/role.yaml | 10 ++- control-plane/config/rbac/role_binding.yaml | 10 +-- .../config/rbac/service_account.yaml | 4 +- .../samples/lazykoala_v1alpha1_inspector.yaml | 39 +++++++++- .../controllers/inspector_controller.go | 1 + 22 files changed, 115 insertions(+), 315 deletions(-) delete mode 100644 control-plane/config/default/manager_auth_proxy_patch.yaml delete mode 100644 control-plane/config/default/manager_config_patch.yaml create mode 100644 control-plane/config/manager/configmap.yaml delete mode 100644 control-plane/config/manager/controller_manager_config.yaml delete mode 100644 control-plane/config/prometheus/kustomization.yaml delete mode 100644 control-plane/config/prometheus/monitor.yaml delete mode 100644 control-plane/config/rbac/auth_proxy_client_clusterrole.yaml delete mode 100644 control-plane/config/rbac/auth_proxy_role.yaml delete mode 100644 control-plane/config/rbac/auth_proxy_role_binding.yaml delete mode 100644 control-plane/config/rbac/auth_proxy_service.yaml delete mode 100644 control-plane/config/rbac/leader_election_role.yaml delete mode 100644 control-plane/config/rbac/leader_election_role_binding.yaml diff --git a/control-plane/Makefile b/control-plane/Makefile index b76bec7..33d3f76 100644 --- a/control-plane/Makefile +++ b/control-plane/Makefile @@ -41,7 +41,7 @@ help: ## Display this help. .PHONY: manifests manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. - $(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases + $(CONTROLLER_GEN) rbac:roleName=lazy-koala crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases .PHONY: generate generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. diff --git a/control-plane/config/default/kustomization.yaml b/control-plane/config/default/kustomization.yaml index 60281e1..ad5630e 100644 --- a/control-plane/config/default/kustomization.yaml +++ b/control-plane/config/default/kustomization.yaml @@ -6,7 +6,7 @@ namespace: lazy-koala # "wordpress" becomes "alices-wordpress". # Note that it should also match with the prefix (text before '-') of the namespace # field above. -namePrefix: lazy-koala- +# namePrefix: operator- # Labels to add to all resources and selectors. #commonLabels: @@ -16,59 +16,3 @@ bases: - ../crd - ../rbac - ../manager -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -#- ../webhook -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. -#- ../certmanager -# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. -#- ../prometheus - -patchesStrategicMerge: - # Protect the /metrics endpoint by putting it behind auth. - # If you want your controller-manager to expose the /metrics - # endpoint w/o any authn/z, please comment the following line. - - manager_auth_proxy_patch.yaml - -# Mount the controller config file for loading manager configurations -# through a ComponentConfig type -#- manager_config_patch.yaml - -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -#- manager_webhook_patch.yaml - -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. -# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. -# 'CERTMANAGER' needs to be enabled to use ca injection -#- webhookcainjection_patch.yaml - -# the following config is for teaching kustomize how to do var substitution -vars: -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. -#- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR -# objref: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# name: serving-cert # this name should match the one in certificate.yaml -# fieldref: -# fieldpath: metadata.namespace -#- name: CERTIFICATE_NAME -# objref: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# name: serving-cert # this name should match the one in certificate.yaml -#- name: SERVICE_NAMESPACE # namespace of the service -# objref: -# kind: Service -# version: v1 -# name: webhook-service -# fieldref: -# fieldpath: metadata.namespace -#- name: SERVICE_NAME -# objref: -# kind: Service -# version: v1 -# name: webhook-service diff --git a/control-plane/config/default/manager_auth_proxy_patch.yaml b/control-plane/config/default/manager_auth_proxy_patch.yaml deleted file mode 100644 index 45be318..0000000 --- a/control-plane/config/default/manager_auth_proxy_patch.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# This patch inject a sidecar container which is a HTTP proxy for the -# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: kube-rbac-proxy - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - args: - - "--secure-listen-address=0.0.0.0:8443" - - "--upstream=http://127.0.0.1:8080/" - - "--logtostderr=true" - - "--v=0" - ports: - - containerPort: 8443 - protocol: TCP - name: https - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 5m - memory: 64Mi - - name: manager - args: - - "--health-probe-bind-address=:8081" - - "--metrics-bind-address=127.0.0.1:8080" - - "--leader-elect" diff --git a/control-plane/config/default/manager_config_patch.yaml b/control-plane/config/default/manager_config_patch.yaml deleted file mode 100644 index 6c40015..0000000 --- a/control-plane/config/default/manager_config_patch.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: manager - args: - - "--config=controller_manager_config.yaml" - volumeMounts: - - name: manager-config - mountPath: /controller_manager_config.yaml - subPath: controller_manager_config.yaml - volumes: - - name: manager-config - configMap: - name: manager-config diff --git a/control-plane/config/manager/configmap.yaml b/control-plane/config/manager/configmap.yaml new file mode 100644 index 0000000..01b6f63 --- /dev/null +++ b/control-plane/config/manager/configmap.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: gazer-config + namespace: lazy-koala +data: + config.yaml: | diff --git a/control-plane/config/manager/controller_manager_config.yaml b/control-plane/config/manager/controller_manager_config.yaml deleted file mode 100644 index 0ebed1e..0000000 --- a/control-plane/config/manager/controller_manager_config.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 -kind: ControllerManagerConfig -health: - healthProbeBindAddress: :8081 -metrics: - bindAddress: 127.0.0.1:8080 -webhook: - port: 9443 -leaderElection: - leaderElect: true - resourceName: 1f823054.isala.me diff --git a/control-plane/config/manager/kustomization.yaml b/control-plane/config/manager/kustomization.yaml index 2bcd3ee..50f9ff0 100644 --- a/control-plane/config/manager/kustomization.yaml +++ b/control-plane/config/manager/kustomization.yaml @@ -1,10 +1,13 @@ resources: - manager.yaml +- configmap.yaml generatorOptions: disableNameSuffixHash: true -configMapGenerator: -- name: manager-config - files: - - controller_manager_config.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: +- name: controller + newName: ghcr.io/mrsupiri/lazy-koala/controller + newTag: latest diff --git a/control-plane/config/manager/manager.yaml b/control-plane/config/manager/manager.yaml index cf11cec..11fdf61 100644 --- a/control-plane/config/manager/manager.yaml +++ b/control-plane/config/manager/manager.yaml @@ -2,59 +2,59 @@ apiVersion: v1 kind: Namespace metadata: labels: - control-plane: controller-manager - name: system + control-plane: lazy-koala + name: lazy-koala --- apiVersion: apps/v1 kind: Deployment metadata: - name: controller-manager - namespace: system + name: lazy-koala-operator + namespace: lazy-koala labels: - control-plane: controller-manager + control-plane: lazy-koala spec: selector: matchLabels: - control-plane: controller-manager + control-plane: lazy-koala replicas: 1 template: metadata: annotations: kubectl.kubernetes.io/default-container: manager labels: - control-plane: controller-manager + control-plane: lazy-koala spec: securityContext: runAsNonRoot: true containers: - - command: - - /manager - args: - - --leader-elect - image: controller:latest - name: manager - securityContext: - allowPrivilegeEscalation: false - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - # TODO(user): Configure the resources accordingly based on the project requirements. - # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 10m - memory: 64Mi - serviceAccountName: controller-manager + - command: + - /manager + # args: + # - --leader-elect + image: controller:latest + name: manager + securityContext: + allowPrivilegeEscalation: false + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + # TODO(user): Configure the resources accordingly based on the project requirements. + # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + serviceAccountName: lazy-koala terminationGracePeriodSeconds: 10 diff --git a/control-plane/config/prometheus/kustomization.yaml b/control-plane/config/prometheus/kustomization.yaml deleted file mode 100644 index ed13716..0000000 --- a/control-plane/config/prometheus/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: -- monitor.yaml diff --git a/control-plane/config/prometheus/monitor.yaml b/control-plane/config/prometheus/monitor.yaml deleted file mode 100644 index d19136a..0000000 --- a/control-plane/config/prometheus/monitor.yaml +++ /dev/null @@ -1,20 +0,0 @@ - -# Prometheus Monitor Service (Metrics) -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - control-plane: controller-manager - name: controller-manager-metrics-monitor - namespace: system -spec: - endpoints: - - path: /metrics - port: https - scheme: https - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - tlsConfig: - insecureSkipVerify: true - selector: - matchLabels: - control-plane: controller-manager diff --git a/control-plane/config/rbac/auth_proxy_client_clusterrole.yaml b/control-plane/config/rbac/auth_proxy_client_clusterrole.yaml deleted file mode 100644 index 51a75db..0000000 --- a/control-plane/config/rbac/auth_proxy_client_clusterrole.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: metrics-reader -rules: -- nonResourceURLs: - - "/metrics" - verbs: - - get diff --git a/control-plane/config/rbac/auth_proxy_role.yaml b/control-plane/config/rbac/auth_proxy_role.yaml deleted file mode 100644 index 80e1857..0000000 --- a/control-plane/config/rbac/auth_proxy_role.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: proxy-role -rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create diff --git a/control-plane/config/rbac/auth_proxy_role_binding.yaml b/control-plane/config/rbac/auth_proxy_role_binding.yaml deleted file mode 100644 index ec7acc0..0000000 --- a/control-plane/config/rbac/auth_proxy_role_binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: proxy-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: proxy-role -subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system diff --git a/control-plane/config/rbac/auth_proxy_service.yaml b/control-plane/config/rbac/auth_proxy_service.yaml deleted file mode 100644 index 71f1797..0000000 --- a/control-plane/config/rbac/auth_proxy_service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: controller-manager - name: controller-manager-metrics-service - namespace: system -spec: - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https - selector: - control-plane: controller-manager diff --git a/control-plane/config/rbac/kustomization.yaml b/control-plane/config/rbac/kustomization.yaml index 731832a..2dd9099 100644 --- a/control-plane/config/rbac/kustomization.yaml +++ b/control-plane/config/rbac/kustomization.yaml @@ -1,18 +1,9 @@ resources: -# All RBAC will be applied under this service account in -# the deployment namespace. You may comment out this resource -# if your manager will use a service account that exists at -# runtime. Be sure to update RoleBinding and ClusterRoleBinding -# subjects if changing service account names. -- service_account.yaml -- role.yaml -- role_binding.yaml -- leader_election_role.yaml -- leader_election_role_binding.yaml -# Comment the following 4 lines if you want to disable -# the auth proxy (https://github.com/brancz/kube-rbac-proxy) -# which protects your /metrics endpoint. -- auth_proxy_service.yaml -- auth_proxy_role.yaml -- auth_proxy_role_binding.yaml -- auth_proxy_client_clusterrole.yaml + # All RBAC will be applied under this service account in + # the deployment namespace. You may comment out this resource + # if your manager will use a service account that exists at + # runtime. Be sure to update RoleBinding and ClusterRoleBinding + # subjects if changing service account names. + - service_account.yaml + - role.yaml + - role_binding.yaml diff --git a/control-plane/config/rbac/leader_election_role.yaml b/control-plane/config/rbac/leader_election_role.yaml deleted file mode 100644 index 4190ec8..0000000 --- a/control-plane/config/rbac/leader_election_role.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# permissions to do leader election. -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: leader-election-role -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch diff --git a/control-plane/config/rbac/leader_election_role_binding.yaml b/control-plane/config/rbac/leader_election_role_binding.yaml deleted file mode 100644 index 1d1321e..0000000 --- a/control-plane/config/rbac/leader_election_role_binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: leader-election-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: leader-election-role -subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system diff --git a/control-plane/config/rbac/role.yaml b/control-plane/config/rbac/role.yaml index 08c4939..bd7e73e 100644 --- a/control-plane/config/rbac/role.yaml +++ b/control-plane/config/rbac/role.yaml @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: null - name: manager-role + name: lazy-koala rules: - apiGroups: - "" @@ -32,6 +32,14 @@ rules: - get - list - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list + - watch - apiGroups: - lazykoala.isala.me resources: diff --git a/control-plane/config/rbac/role_binding.yaml b/control-plane/config/rbac/role_binding.yaml index 2070ede..0c4f2c7 100644 --- a/control-plane/config/rbac/role_binding.yaml +++ b/control-plane/config/rbac/role_binding.yaml @@ -1,12 +1,12 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: manager-rolebinding + name: lazy-koala roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: manager-role + name: lazy-koala subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system + - kind: ServiceAccount + name: lazy-koala + namespace: lazy-koala diff --git a/control-plane/config/rbac/service_account.yaml b/control-plane/config/rbac/service_account.yaml index 7cd6025..f1a60c4 100644 --- a/control-plane/config/rbac/service_account.yaml +++ b/control-plane/config/rbac/service_account.yaml @@ -1,5 +1,5 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: controller-manager - namespace: system + name: lazy-koala + namespace: lazy-koala diff --git a/control-plane/config/samples/lazykoala_v1alpha1_inspector.yaml b/control-plane/config/samples/lazykoala_v1alpha1_inspector.yaml index 20d5778..08b9890 100644 --- a/control-plane/config/samples/lazykoala_v1alpha1_inspector.yaml +++ b/control-plane/config/samples/lazykoala_v1alpha1_inspector.yaml @@ -1,6 +1,41 @@ apiVersion: lazykoala.isala.me/v1alpha1 kind: Inspector metadata: - name: inspector-sample + name: service-1-6c63f0f5 spec: - # TODO(user): Add fields here + deploymentRef: service-1-6c63f0f5 + serviceRef: service-1-6c63f0f5 + namespace: default + modelURI: path/to/checkpoint.ckpt +--- +apiVersion: lazykoala.isala.me/v1alpha1 +kind: Inspector +metadata: + name: service-2-6c63f0f5 +spec: + deploymentRef: service-2-6c63f0f5 + serviceRef: service-2-6c63f0f5 + namespace: default + modelURI: path/to/checkpoint.ckpt +--- +apiVersion: lazykoala.isala.me/v1alpha1 +kind: Inspector +metadata: + name: service-3-6c63f0f5 +spec: + deploymentRef: service-3-6c63f0f5 + serviceRef: service-3-6c63f0f5 + namespace: default + modelURI: path/to/checkpoint.ckpt +--- +apiVersion: lazykoala.isala.me/v1alpha1 +kind: Inspector +metadata: + name: service-4-6c63f0f5 +spec: + deploymentRef: service-4-6c63f0f5 + serviceRef: service-4-6c63f0f5 + namespace: default + modelURI: path/to/checkpoint.ckpt +--- + diff --git a/control-plane/controllers/inspector_controller.go b/control-plane/controllers/inspector_controller.go index 5236e4c..9c2b069 100644 --- a/control-plane/controllers/inspector_controller.go +++ b/control-plane/controllers/inspector_controller.go @@ -54,6 +54,7 @@ type ScrapePoint struct { //+kubebuilder:rbac:groups=lazykoala.isala.me,resources=inspectors/status,verbs=get;update;patch //+kubebuilder:rbac:groups=lazykoala.isala.me,resources=inspectors/finalizers,verbs=update //+kubebuilder:rbac:groups="",resources=pods;services;namespaces,verbs=get;watch;list +//+kubebuilder:rbac:groups="apps",resources=deployments,verbs=get;watch;list //+kubebuilder:rbac:groups="",resources=configmaps,verbs=get;watch;list;update;patch //+kubebuilder:rbac:groups="",resources=events,verbs=create;patch