Release and RBAC fixes

Signed-off-by: Danil Grigorev <danil.grigorev@suse.com>

.github/workflows/release.yaml

@@ -12,7 +12,7 @@ permissions:
 
 jobs:
   build:
-    name: create draft release
+    name: build and push release images
     runs-on: ubuntu-latest
     env:
       REGISTRY: ghcr.io/${{ github.actor }}
@@ -38,15 +38,36 @@ jobs:
           echo "OWNER=$(echo $GITHUB_ACTOR | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
           echo "REGISTRY=$(echo $REGISTRY | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
       - name: Build docker image
-        run: make docker-build
+        run: make docker-build-all
       - name: Push docker image
-        run: make docker-push
-      - name: generate release artifacts
+        run: make docker-push-all
+
+  publish:
+    name: Publish the draft release
+    runs-on: ubuntu-latest
+    needs:
+    - build
+    env:
+      REGISTRY: ghcr.io/${{ github.actor }}
+    steps:
+      - name: Set env
+        run:  echo "RELEASE_TAG=${GITHUB_REF:10}" >> $GITHUB_ENV
+      - name: checkout code
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # tag=v3.3.0
+        with:
+          fetch-depth: 0
+      - name: Install go
+        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # tag=v3.5.0
+        with:
+          go-version: '^1.22'
+      - name: Convert actor name to lowercase and store in the env
         run: |
-          make release
+          echo "OWNER=$(echo $GITHUB_ACTOR | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
+          echo "REGISTRY=$(echo $REGISTRY | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
+      - name: generate release artifacts
+        run: make release
       - name: generate release notes
-        run: |
-          make release-notes
+        run: make release-notes
       - name: Release
         uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # tag=v1
         with:

Dockerfile

@@ -15,6 +15,7 @@ RUN go mod download
 COPY cmd/main.go cmd/main.go
 COPY api/ api/
 COPY internal/controller/ internal/controller/
+COPY internal/plugin/ internal/plugin/
 
 # Build
 # the GOARCH has not a default value to allow the binary be built according to the host where the command

Makefile

@@ -189,7 +189,7 @@ GOLANGCI_LINT := $(abspath $(TOOLS_BIN_DIR)/$(GOLANGCI_LINT_BIN))
 # Define Docker related variables. Releases should modify and double check these vars.
 # REGISTRY ?= gcr.io/$(shell gcloud config get-value project)
 REGISTRY ?= ghcr.io/danil-grigorev
-PROD_REGISTRY ?= registry.k8s.io/cluster-api-helm
+PROD_REGISTRY ?= ghcr.io/danil-grigorev
 
 STAGING_REGISTRY ?= gcr.io/k8s-staging-cluster-api-velero
 STAGING_BUCKET ?= artifacts.k8s-staging-cluster-api-velero.appspot.com

config/default/manager_image_patch.yaml

@@ -7,5 +7,5 @@ spec:
   template:
     spec:
       containers:
-      - image: ghcr.io/danil-grigorev/cluster-api-velero-controller-amd64:dev
+      - image: ghcr.io/danil-grigorev/cluster-api-velero-controller:dev
         name: manager

config/default/manager_pull_policy.yaml

@@ -8,4 +8,4 @@ spec:
     spec:
       containers:
       - name: manager
-        imagePullPolicy: Always
+        imagePullPolicy: IfNotPresent

config/rbac/auth_proxy_service.yaml

@@ -4,12 +4,12 @@ metadata:
   labels:
     control-plane: controller-manager
     app.kubernetes.io/name: service
-    app.kubernetes.io/instance: controller-manager-metrics-service
+    app.kubernetes.io/instance: metrics-service
     app.kubernetes.io/component: kube-rbac-proxy
     app.kubernetes.io/created-by: cluster-api-addon-provider-velero
     app.kubernetes.io/part-of: cluster-api-addon-provider-velero
     app.kubernetes.io/managed-by: kustomize
-  name: controller-manager-metrics-service
+  name: metrics-service
   namespace: system
 spec:
   ports:

config/rbac/role.yaml

@@ -4,6 +4,38 @@ kind: ClusterRole
 metadata:
   name: manager-role
 rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - addons.cluster.x-k8s.io
+  resources:
+  - helmchartproxies
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - addons.cluster.x-k8s.io
+  resources:
+  - helmchartproxies/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - addons.cluster.x-k8s.io
+  resources:
+  - helmchartproxies/status
+  verbs:
+  - get
 - apiGroups:
   - addons.cluster.x-k8s.io
   resources:
@@ -108,3 +140,17 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - clusters
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - clusters/status
+  verbs:
+  - get

internal/controller/generic_controller.go

@@ -45,6 +45,9 @@ const (
 	finalizer          = "addons.cluster.x-k8s.io/velero"
 )
 
+//+kubebuilder:rbac:groups=cluster.x-k8s.io,resources=clusters,verbs=get;list;watch
+//+kubebuilder:rbac:groups=cluster.x-k8s.io,resources=clusters/status,verbs=get
+
 // GenericReconciler is a generic interface for velero objects reconciler
 type GenericReconciler[P veleroaddonv1.VeleroProxy[V], V veleroaddonv1.VeleroOrigin] interface {
 	client.Client

internal/controller/veleroinstallation_controller.go

@@ -41,6 +41,10 @@ type VeleroInstallationReconciler struct {
 //+kubebuilder:rbac:groups=addons.cluster.x-k8s.io,resources=veleroinstallations,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=addons.cluster.x-k8s.io,resources=veleroinstallations/status,verbs=get;update;patch
 //+kubebuilder:rbac:groups=addons.cluster.x-k8s.io,resources=veleroinstallations/finalizers,verbs=update
+//+kubebuilder:rbac:groups=addons.cluster.x-k8s.io,resources=helmchartproxies,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=addons.cluster.x-k8s.io,resources=helmchartproxies/status,verbs=get
+//+kubebuilder:rbac:groups=addons.cluster.x-k8s.io,resources=helmchartproxies/finalizers,verbs=update
+//+kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.