deploy controllers and webhooks using kind (#32)

feat, deploy controllers and webhooks using kind
KusionStack · Aug 17, 2023 · e53e3af · e53e3af
1 parent 2eb9d2e
commit e53e3af
Show file tree

Hide file tree

Showing 32 changed files with 185 additions and 107 deletions.
diff --git a/Makefile b/Makefile
@@ -1,10 +1,10 @@
 
 # Image URL to use all building/pushing image targets
-IMG ?= controller:202307101
+IMG ?= my.docker.registry/controller:test
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
 ENVTEST_K8S_VERSION = 1.22.1
 # kind cluster name for e2e
-CLUSTER_NAME ?= kindcluster
+CLUSTER_NAME ?= cluster1
 # kind version for e2e
 KIND_VERSION ?= v1.22.2
 

diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml
@@ -0,0 +1,27 @@
+# This kustomization.yaml is not intended to be run by itself,
+# since it depends on service name and namespace that are out of this kustomize package.
+# It should be run by config/default
+resources:
+- bases/apps.kusionstack.io_rulesets.yaml
+- bases/apps.kusionstack.io_collasets.yaml
+- bases/apps.kusionstack.io_resourcecontexts.yaml
+#+kubebuilder:scaffold:crdkustomizeresource
+
+patchesStrategicMerge:
+# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
+# patches here are for enabling the conversion webhook for each CRD
+#- patches/webhook_in_rulesets.yaml
+#- patches/webhook_in_collasets.yaml
+#- patches/webhook_in_operationjobs.yaml
+#+kubebuilder:scaffold:crdkustomizewebhookpatch
+
+# [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix.
+# patches here are for enabling the CA injection for each CRD
+#- patches/cainjection_in_rulesets.yaml
+#- patches/cainjection_in_collasets.yaml
+#- patches/cainjection_in_operationjobs.yaml
+#+kubebuilder:scaffold:crdkustomizecainjectionpatch
+
+# the following config is for teaching kustomize how to do kustomization for CRDs.
+configurations:
+- kustomizeconfig.yaml
diff --git a/config/crd/kustomizeconfig.yaml b/config/crd/kustomizeconfig.yaml
@@ -0,0 +1,19 @@
+# This file is for teaching kustomize how to substitute name and namespace reference in CRD
+nameReference:
+- kind: Service
+  version: v1
+  fieldSpecs:
+  - kind: CustomResourceDefinition
+    version: v1
+    group: apiextensions.k8s.io
+    path: spec/conversion/webhook/clientConfig/service/name
+
+namespace:
+- kind: CustomResourceDefinition
+  version: v1
+  group: apiextensions.k8s.io
+  path: spec/conversion/webhook/clientConfig/service/namespace
+  create: false
+
+varReference:
+- path: metadata/annotations
diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
@@ -1,12 +1,12 @@
 # Adds namespace to all resources.
-namespace: korbito-system
+namespace: kusionstack-system
 
 # Value of this field is prepended to the
 # names of all resources, e.g. a deployment named
 # "wordpress" becomes "alices-wordpress".
 # Note that it should also match with the prefix (text before '-') of the namespace
 # field above.
-namePrefix: korbito-
+namePrefix: kusionstack-
 
 # Labels to add to all resources and selectors.
 #commonLabels:
@@ -16,6 +16,7 @@ bases:
 - ../crd
 - ../rbac
 - ../manager
+- ../webhook
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml
 #- ../webhook

diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
@@ -4,5 +4,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
 - name: controller
-  newName: controller
-  newTag: "202307101"
+  newName: my.docker.registry/controller
+  newTag: test
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -6,8 +6,8 @@ metadata:
     app.kubernetes.io/name: namespace
     app.kubernetes.io/instance: system
     app.kubernetes.io/component: manager
-    app.kubernetes.io/created-by: korbito
-    app.kubernetes.io/part-of: korbito
+    app.kubernetes.io/created-by: kusionstack
+    app.kubernetes.io/part-of: kusionstack
     app.kubernetes.io/managed-by: kustomize
   name: system
 ---
@@ -21,8 +21,8 @@ metadata:
     app.kubernetes.io/name: deployment
     app.kubernetes.io/instance: controller-manager
     app.kubernetes.io/component: manager
-    app.kubernetes.io/created-by: korbito
-    app.kubernetes.io/part-of: korbito
+    app.kubernetes.io/created-by: kusionstack
+    app.kubernetes.io/part-of: kusionstack
     app.kubernetes.io/managed-by: kustomize
 spec:
   selector:
@@ -71,7 +71,7 @@ spec:
         image: controller:latest
         args:
         - "--leader-elect"
-        - "--cert-dir=/korbito-webhook-certs"
+        - "--cert-dir=/webhook-certs"
         - "--health-probe-bind-address=:8081"
         - "--metrics-bind-address=127.0.0.1:8080"
         name: manager
@@ -102,12 +102,12 @@ spec:
             cpu: 10m
             memory: 64Mi
         volumeMounts:
-        - name: korbito-webhook-certs
-          mountPath: "/korbito-webhook-certs"
+        - name: webhook-certs
+          mountPath: "/webhook-certs"
           readOnly: true
       serviceAccountName: controller-manager
-      terminationGracePeriodSeconds: 10
+      terminationGracePeriodSeconds: 0
       volumes:
-      - name: korbito-webhook-certs
+      - name: webhook-certs
         secret:
-          secretName: korbito-webhook-certs
+          secretName: webhook-certs
diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml
@@ -8,8 +8,8 @@ metadata:
     app.kubernetes.io/name: servicemonitor
     app.kubernetes.io/instance: controller-manager-metrics-monitor
     app.kubernetes.io/component: metrics
-    app.kubernetes.io/created-by: korbito
-    app.kubernetes.io/part-of: korbito
+    app.kubernetes.io/created-by: kusionstack
+    app.kubernetes.io/part-of: kusionstack
     app.kubernetes.io/managed-by: kustomize
   name: controller-manager-metrics-monitor
   namespace: system

diff --git a/config/rbac/auth_proxy_client_clusterrole.yaml b/config/rbac/auth_proxy_client_clusterrole.yaml
@@ -5,8 +5,8 @@ metadata:
     app.kubernetes.io/name: clusterrole
     app.kubernetes.io/instance: metrics-reader
     app.kubernetes.io/component: kube-rbac-proxy
-    app.kubernetes.io/created-by: korbito
-    app.kubernetes.io/part-of: korbito
+    app.kubernetes.io/created-by: kusionstack
+    app.kubernetes.io/part-of: kusionstack
     app.kubernetes.io/managed-by: kustomize
   name: metrics-reader
 rules:

diff --git a/config/rbac/auth_proxy_role.yaml b/config/rbac/auth_proxy_role.yaml
@@ -5,8 +5,8 @@ metadata:
     app.kubernetes.io/name: clusterrole
     app.kubernetes.io/instance: proxy-role
     app.kubernetes.io/component: kube-rbac-proxy
-    app.kubernetes.io/created-by: korbito
-    app.kubernetes.io/part-of: korbito
+    app.kubernetes.io/created-by: kusionstack
+    app.kubernetes.io/part-of: kusionstack
     app.kubernetes.io/managed-by: kustomize
   name: proxy-role
 rules:

diff --git a/config/rbac/auth_proxy_role_binding.yaml b/config/rbac/auth_proxy_role_binding.yaml
@@ -5,8 +5,8 @@ metadata:
     app.kubernetes.io/name: clusterrolebinding
     app.kubernetes.io/instance: proxy-rolebinding
     app.kubernetes.io/component: kube-rbac-proxy
-    app.kubernetes.io/created-by: korbito
-    app.kubernetes.io/part-of: korbito
+    app.kubernetes.io/created-by: kusionstack
+    app.kubernetes.io/part-of: kusionstack
     app.kubernetes.io/managed-by: kustomize
   name: proxy-rolebinding
 roleRef:

diff --git a/config/rbac/auth_proxy_service.yaml b/config/rbac/auth_proxy_service.yaml
@@ -6,8 +6,8 @@ metadata:
     app.kubernetes.io/name: service
     app.kubernetes.io/instance: controller-manager-metrics-service
     app.kubernetes.io/component: kube-rbac-proxy
-    app.kubernetes.io/created-by: korbito
-    app.kubernetes.io/part-of: korbito
+    app.kubernetes.io/created-by: kusionstack
+    app.kubernetes.io/part-of: kusionstack
     app.kubernetes.io/managed-by: kustomize
   name: controller-manager-metrics-service
   namespace: system

diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml
@@ -16,6 +16,3 @@ resources:
 - auth_proxy_role.yaml
 - auth_proxy_role_binding.yaml
 - auth_proxy_client_clusterrole.yaml
-- pod_writer_role.yaml
-- pod_reader_role.yaml
-- pod_role_binding.yaml
diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml
@@ -6,8 +6,8 @@ metadata:
     app.kubernetes.io/name: role
     app.kubernetes.io/instance: leader-election-role
     app.kubernetes.io/component: rbac
-    app.kubernetes.io/created-by: korbito
-    app.kubernetes.io/part-of: korbito
+    app.kubernetes.io/created-by: kusionstack
+    app.kubernetes.io/part-of: kusionstack
     app.kubernetes.io/managed-by: kustomize
   name: leader-election-role
 rules:

diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml
@@ -5,8 +5,8 @@ metadata:
     app.kubernetes.io/name: rolebinding
     app.kubernetes.io/instance: leader-election-rolebinding
     app.kubernetes.io/component: rbac
-    app.kubernetes.io/created-by: korbito
-    app.kubernetes.io/part-of: korbito
+    app.kubernetes.io/created-by: kusionstack
+    app.kubernetes.io/part-of: kusionstack
     app.kubernetes.io/managed-by: kustomize
   name: leader-election-rolebinding
 roleRef:

diff --git a/config/rbac/pod_role.yaml b/config/rbac/pod_role.yaml
diff --git a/config/rbac/pod_role_binding.yaml b/config/rbac/pod_role_binding.yaml
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -5,6 +5,18 @@ metadata:
   creationTimestamp: null
   name: manager-role
 rules:
+- apiGroups:
+  - apps
+  resources:
+  - controllerrevisions
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - apps.kusionstack.io
   resources:
@@ -31,6 +43,32 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - apps.kusionstack.io
+  resources:
+  - resourcecontexts
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - apps.kusionstack.io
+  resources:
+  - resourcecontexts/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - apps.kusionstack.io
+  resources:
+  - resourcecontexts/status
+  verbs:
+  - get
+  - patch
+  - update
 - apiGroups:
   - apps.kusionstack.io
   resources:
@@ -57,3 +95,23 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - pods/status
+  verbs:
+  - get
+  - patch
+  - update
diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml
@@ -5,8 +5,8 @@ metadata:
     app.kubernetes.io/name: clusterrolebinding
     app.kubernetes.io/instance: manager-rolebinding
     app.kubernetes.io/component: rbac
-    app.kubernetes.io/created-by: korbito
-    app.kubernetes.io/part-of: korbito
+    app.kubernetes.io/created-by: kusionstack
+    app.kubernetes.io/part-of: kusionstack
     app.kubernetes.io/managed-by: kustomize
   name: manager-rolebinding
 roleRef:

diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml
@@ -5,8 +5,8 @@ metadata:
     app.kubernetes.io/name: serviceaccount
     app.kubernetes.io/instance: controller-manager
     app.kubernetes.io/component: rbac
-    app.kubernetes.io/created-by: korbito
-    app.kubernetes.io/part-of: korbito
+    app.kubernetes.io/created-by: kusionstack
+    app.kubernetes.io/part-of: kusionstack
     app.kubernetes.io/managed-by: kustomize
   name: controller-manager
   namespace: system
diff --git a/config/samples/apps_v1alpha1_collaset.yaml b/config/samples/apps_v1alpha1_collaset.yaml
@@ -1,12 +1,12 @@
-apiVersion: apps.korbito.io/v1alpha1
+apiVersion: apps.kusionstack.io/v1alpha1
 kind: CollaSet
 metadata:
   labels:
     app.kubernetes.io/name: collaset
     app.kubernetes.io/instance: collaset-sample
-    app.kubernetes.io/part-of: korbito
+    app.kubernetes.io/part-of: kusionstack
     app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/created-by: korbito
+    app.kubernetes.io/created-by: kusionstack
   name: collaset-sample
 spec:
   # TODO(user): Add fields here