From 8a1a85f0c9cd87f91a68caab392a372c8b5e715f Mon Sep 17 00:00:00 2001 From: Mark Mandel Date: Mon, 9 Apr 2018 16:13:11 -0700 Subject: [PATCH] Generate the install.yaml from `helm template` This implements a `make gen-install` target that will generate the install.yaml via `helm template`. This also extends `make test` to have a test to ensure that the `install.yaml` is always kept up to sync with the Helm chart, otehrwise the build will fail. This does remove the explicit permissions for RBAC, but we don't have a specific need for them right now, so I feel it's worth the sacrifice to ensure these two configuration options stay in sync. Blocks on #170, Parent ticket: #101 --- build/Makefile | 17 +- build/README.md | 3 + install/yaml/install.yaml | 386 ++++++++++++++++++++++++++------------ 3 files changed, 289 insertions(+), 117 deletions(-) diff --git a/build/Makefile b/build/Makefile index b4ccdf9e1a..00bef2e076 100644 --- a/build/Makefile +++ b/build/Makefile @@ -98,9 +98,19 @@ build-images: build-controller-image build-agones-sdk-image build-sdks: build-sdk-cpp # Run all tests -test: ensure-build-image +test: ensure-build-image test-go test-install-yaml + +# Run go tests +test-go: docker run --rm $(common_mounts) $(build_tag) go test -race $(agones_package)/... +# Run test on install yaml - make sure there is no change +# mostly this is for CI +test-install-yaml: + cp $(agones_path)/install/yaml/install.yaml /tmp/install.yaml + $(MAKE) gen-install + diff /tmp/install.yaml $(agones_path)/install/yaml/install.yaml + # Push all the images up to $(REGISTRY) push: push-controller-image push-agones-sdk-image @@ -149,6 +159,11 @@ build-sdk-cpp: ensure-build-image push-agones-sdk-image: ensure-build-image docker push $(sidecar_tag) +# Generate the static install script +gen-install: ensure-build-image + docker run --rm $(common_mounts) $(DOCKER_RUN_ARGS) $(build_tag) bash -c \ + 'helm template --name=agones-manual $(mount_path)/install/helm/agones > $(mount_path)/install/yaml/install.yaml' + # Generate the SDK gRPC server and client code gen-gameservers-sdk-grpc: ensure-build-image docker run --rm $(common_mounts) -w $(mount_path) $(build_tag) /root/gen-grpc-go.sh diff --git a/build/README.md b/build/README.md index 48453b6432..73dab9db2f 100644 --- a/build/README.md +++ b/build/README.md @@ -275,6 +275,9 @@ Compile the gameserver controller and then build the docker image #### `make build-agones-sdk-image` Compile the gameserver sidecar and then build the docker image +#### `make gen-install` +Generate the `/install/yaml/install.yaml` from the Helm template + #### `make gen-crd-client` Generate the Custom Resource Definition client(s) diff --git a/install/yaml/install.yaml b/install/yaml/install.yaml index ca87f06839..ef75e9b99e 100644 --- a/install/yaml/install.yaml +++ b/install/yaml/install.yaml @@ -1,4 +1,6 @@ -# Copyright 2017 Google Inc. All Rights Reserved. +--- +# Source: agones/templates/crds/gameserver.yaml +# Copyright 2018 Google Inc. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,15 +14,16 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Namespace -metadata: - name: agones-system ---- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: gameservers.stable.agones.dev + labels: + component: crd + app: agones + chart: agones-0.2.0 + release: agones-manual + heritage: Tiller spec: group: stable.agones.dev version: v1alpha1 @@ -125,11 +128,222 @@ spec: minimum: 1 maximum: 2147483648 --- +# Source: agones/templates/namespace.yaml +# Copyright 2018 Google Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Namespace +metadata: + name: agones-system + labels: + app: agones + chart: agones-0.2.0 + release: agones-manual + heritage: Tiller +--- +# Source: agones/templates/serviceaccounts/controller.yaml +# Copyright 2018 Google Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: agones-controller + namespace: agones-system + labels: + app: agones + chart: agones-0.2.0 + release: agones-manual + heritage: Tiller +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: agones-controller + namespace: agones-system + labels: + app: agones + chart: agones-0.2.0 + release: agones-manual + heritage: Tiller +rules: +- apiGroups: [""] + resources: ["events"] + verbs: ["create"] +- apiGroups: [""] + resources: ["pods"] + verbs: ["create", "delete", "list", "watch"] +- apiGroups: [""] + resources: ["nodes"] + verbs: ["list", "watch"] +- apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get"] +- apiGroups: ["stable.agones.dev"] + resources: ["gameservers"] + verbs: ["delete", "get", "list", "update", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: agones-controller-access + namespace: agones-system + labels: + app: agones + chart: agones-0.2.0 + release: agones-manual + heritage: Tiller +subjects: +- kind: User + name: system:serviceaccount:agones-system:agones-controller + apiGroup: rbac.authorization.k8s.io +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: agones-controller + +--- +# Source: agones/templates/serviceaccounts/sdk.yaml +# Copyright 2018 Google Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: agones-sdk + labels: + app: agones + chart: agones-0.2.0 + release: agones-manual + heritage: Tiller +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: agones-sdk + namespace: agones-system + labels: + app: agones + chart: agones-0.2.0 + release: agones-manual + heritage: Tiller +rules: +- apiGroups: ["stable.agones.dev"] + resources: ["gameservers"] + verbs: ["get", "update"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: agones-sdk-access + namespace: agones-system + labels: + app: agones + chart: agones-0.2.0 + release: agones-manual + heritage: Tiller +subjects: +- kind: User + name: system:serviceaccount:default:agones-sdk + apiGroup: rbac.authorization.k8s.io +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: agones-sdk +--- +# Source: agones/templates/service.yaml +# Copyright 2018 Google Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: agones-controller-service + namespace: agones-system + labels: + component: controller + app: agones + chart: agones-0.2.0 + release: agones-manual + heritage: Tiller +spec: + selector: + stable.agones.dev/role: controller + ports: + - port: 443 + targetPort: 8081 +--- +# Source: agones/templates/controller.yaml +# Copyright 2018 Google Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: extensions/v1beta1 kind: Deployment metadata: name: agones-controller namespace: agones-system + labels: + component: controller + app: agones + chart: agones-0.2.0 + release: agones-manual + heritage: Tiller spec: replicas: 1 strategy: @@ -138,44 +352,62 @@ spec: metadata: labels: stable.agones.dev/role: controller + app: agones + chart: agones-0.2.0 + release: agones-manual + heritage: Tiller spec: serviceAccountName: agones-controller containers: - name: agones-controller - image: gcr.io/agones-images/agones-controller:0.1 + image: "gcr.io/agones-images/agones-controller:0.2" + imagePullPolicy: IfNotPresent env: + - name: ALWAYS_PULL_SIDECAR # set the sidecar imagePullPolicy to Always + value: "false" # minimum port that can be exposed to GameServer traffic - name: MIN_PORT - value: "7000" + value: "7000" # maximum port that can be exposed to GameServer traffic - name: MAX_PORT value: "8000" - # - name: SIDECAR # overwrite the GameServer sidecar image that is used - # value: gcr.io/agones-images/agones-sdk:0.1 + - name: SIDECAR # overwrite the GameServer sidecar image that is used + value: "gcr.io/agones-images/agones-sdk:0.2" livenessProbe: httpGet: path: /live port: 8080 initialDelaySeconds: 3 periodSeconds: 3 + failureThreshold: 3 + timeoutSeconds: 1 --- -apiVersion: v1 -kind: Service -metadata: - name: agones-controller-service - namespace: agones-system -spec: - selector: - stable.agones.dev/role: controller - ports: - - port: 443 - targetPort: 8081 ---- +# Source: agones/templates/mutatingwebhook.yaml +# Copyright 2018 Google Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + apiVersion: admissionregistration.k8s.io/v1beta1 kind: MutatingWebhookConfiguration metadata: name: agones-mutation-webhook namespace: agones-system + labels: + component: controller + app: agones + chart: agones-0.2.0 + release: agones-manual + heritage: Tiller webhooks: - name: mutations.stable.agones.dev failurePolicy: Fail @@ -194,6 +426,22 @@ webhooks: - "v1alpha1" operations: - CREATE +--- +# Source: agones/templates/validatingwebhook.yaml +# Copyright 2018 Google Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + --- apiVersion: admissionregistration.k8s.io/v1beta1 kind: ValidatingWebhookConfiguration @@ -218,97 +466,3 @@ webhooks: - "v1alpha1" operations: - CREATE ---- -# Service account, secret, role and rolebinding for sidecar (agones-sdk) pod -apiVersion: v1 -kind: ServiceAccount -metadata: - name: agones-sdk -secrets: -- name: agones-sdk-secret ---- -apiVersion: v1 -kind: Secret -metadata: - name: agones-sdk-secret - annotations: - kubernetes.io/service-account.name: agones-sdk -type: kubernetes.io/service-account-token ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: agones-sdk - namespace: agones-system -rules: -- apiGroups: ["stable.agones.dev"] - resources: ["gameservers"] - verbs: ["get", "update"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: agones-sdk-access - namespace: agones-system -subjects: -- kind: User - name: system:serviceaccount:default:agones-sdk - apiGroup: rbac.authorization.k8s.io -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: agones-sdk ---- -# Service account, secret, role and rolebinding for agones-controller -apiVersion: v1 -kind: ServiceAccount -metadata: - name: agones-controller - namespace: agones-system -secrets: -- name: agones-controller-secret ---- -apiVersion: v1 -kind: Secret -metadata: - name: agones-controller-secret - namespace: agones-system - annotations: - kubernetes.io/service-account.name: agones-controller -type: kubernetes.io/service-account-token ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: agones-controller - namespace: agones-system -rules: -- apiGroups: [""] - resources: ["events"] - verbs: ["create"] -- apiGroups: [""] - resources: ["pods"] - verbs: ["create", "delete", "list", "watch"] -- apiGroups: [""] - resources: ["nodes"] - verbs: ["list", "watch"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get"] -- apiGroups: ["stable.agones.dev"] - resources: ["gameservers"] - verbs: ["delete", "get", "list", "update", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: agones-controller-access - namespace: agones-system -subjects: -- kind: User - name: system:serviceaccount:agones-system:agones-controller - apiGroup: rbac.authorization.k8s.io -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: agones-controller