From b10f0fee64872a88a64b64d8bdce7cc9a606b20d Mon Sep 17 00:00:00 2001 From: Joe Lanford Date: Tue, 23 May 2023 13:59:01 -0400 Subject: [PATCH] update Makefile and goreleaser config for more generic builds Signed-off-by: Joe Lanford --- .gitignore | 4 - .goreleaser.yml | 84 ++++---------- controller.Dockerfile => Dockerfile | 0 Makefile | 126 +++++++------------- apiserver.Dockerfile | 16 --- cmd/manager/main.go | 2 +- config/apiserver/apiserver.yaml | 128 --------------------- config/apiserver/kustomization.yaml | 8 -- config/default/kustomization.yaml | 3 - config/manager/kustomization.yaml | 2 +- config/rbac/apiserver_role.yaml | 25 ---- config/rbac/apiserver_rolebindings.yaml | 27 ----- config/rbac/apiserver_service_account.yaml | 13 --- config/rbac/kustomization.yaml | 4 - go.mod | 2 +- internal/version/version.go | 19 +-- 16 files changed, 81 insertions(+), 382 deletions(-) rename controller.Dockerfile => Dockerfile (100%) delete mode 100644 apiserver.Dockerfile delete mode 100644 config/apiserver/apiserver.yaml delete mode 100644 config/apiserver/kustomization.yaml delete mode 100644 config/rbac/apiserver_role.yaml delete mode 100644 config/rbac/apiserver_rolebindings.yaml delete mode 100644 config/rbac/apiserver_service_account.yaml diff --git a/.gitignore b/.gitignore index de319430..283a8154 100644 --- a/.gitignore +++ b/.gitignore @@ -12,7 +12,3 @@ bin/ dist/ cover.out catalogd.yaml - - -# apiserver certificates -config/certificates \ No newline at end of file diff --git a/.goreleaser.yml b/.goreleaser.yml index 10b2d749..0919e7c6 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -8,9 +8,9 @@ before: - go mod tidy - go mod download builds: - - id: catalogd-controller + - id: manager main: ./cmd/manager/ - binary: bin/manager + binary: manager goos: - linux goarch: @@ -18,92 +18,58 @@ builds: - arm64 - ppc64le - s390x + tags: + - "{{ .Env.GO_BUILD_TAGS }}" + mod_timestamp: "{{ .CommitTimestamp }}" + asmflags: + - all=-trimpath={{ dir .Env.PWD }} + gcflags: + - all=-trimpath={{ dir .Env.PWD }} ldflags: - -X {{ .Env.VERSION_PKG }}.gitVersion={{ .Env.GIT_VERSION }} - # TODO: When the apiserver is working properly, uncomment this - # - id: catalogd-server - # main: ./cmd/apiserver/ - # binary: bin/apiserver - # goos: - # - linux - # goarch: - # - amd64 - # - arm64 - # - ppc64le - # - s390x - # ldflags: - # - -X {{ .Env.VERSION_PKG }}.gitVersion={{ .Env.GIT_VERSION }} - # - -X {{ .Env.VERSION_PKG }}.gitCommit={{ .Env.GIT_COMMIT }} - # - -X {{ .Env.VERSION_PKG }}.gitTreeState={{ .Env.GIT_TREE_STATE }} - # - -X {{ .Env.VERSION_PKG }}.commitDate={{ .Env.COMMIT_DATE }} + - -X {{ .Env.VERSION_PKG }}.gitCommit={{ .Env.GIT_COMMIT }} + - -X {{ .Env.VERSION_PKG }}.gitTreeState={{ .Env.GIT_TREE_STATE }} + - -X {{ .Env.VERSION_PKG }}.commitDate={{ .CommitTimestamp }} dockers: - image_templates: - - "{{ .Env.CONTROLLER_IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}-amd64" - dockerfile: controller.Dockerfile + - "{{ .Env.IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}-amd64" + dockerfile: Dockerfile goos: linux goarch: amd64 use: buildx build_flag_templates: - "--platform=linux/amd64" - image_templates: - - "{{ .Env.CONTROLLER_IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}-arm64" - dockerfile: controller.Dockerfile + - "{{ .Env.IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}-arm64" + dockerfile: Dockerfile goos: linux goarch: arm64 use: buildx build_flag_templates: - "--platform=linux/arm64" - image_templates: - - "{{ .Env.CONTROLLER_IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}-ppc64le" - dockerfile: controller.Dockerfile + - "{{ .Env.IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}-ppc64le" + dockerfile: Dockerfile goos: linux goarch: ppc64le use: buildx build_flag_templates: - "--platform=linux/ppc64le" - image_templates: - - "{{ .Env.CONTROLLER_IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}-s390x" - dockerfile: controller.Dockerfile + - "{{ .Env.IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}-s390x" + dockerfile: Dockerfile goos: linux goarch: s390x use: buildx build_flag_templates: - "--platform=linux/s390x" -# TODO: When the apiserver is working properly, uncomment this: -# - image_templates: -# - "{{ .Env.APISERVER_IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}-amd64" -# dockerfile: apiserver.Dockerfile -# goos: linux -# goarch: amd64 -# - image_templates: -# - "{{ .Env.APISERVER_IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}-arm64" -# dockerfile: apiserver.Dockerfile -# goos: linux -# goarch: arm64 -# - image_templates: -# - "{{ .Env.APISERVER_IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}-ppc64le" -# dockerfile: apiserver.Dockerfile -# goos: linux -# goarch: ppc64le -# - image_templates: -# - "{{ .Env.APISERVER_IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}-s390x" -# dockerfile: apiserver.Dockerfile -# goos: linux -# goarch: s390x docker_manifests: -- name_template: "{{ .Env.CONTROLLER_IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}" +- name_template: "{{ .Env.IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}" image_templates: - - "{{ .Env.CONTROLLER_IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}-amd64" - - "{{ .Env.CONTROLLER_IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}-arm64" - - "{{ .Env.CONTROLLER_IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}-ppc64le" - - "{{ .Env.CONTROLLER_IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}-s390x" -# TODO: When the apiserver is working properly, uncomment this: -# - name_template: "{{ .Env.APISERVER_IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}" -# image_templates: -# - "{{ .Env.APISERVER_IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}-amd64" -# - "{{ .Env.APISERVER_IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}-arm64" -# - "{{ .Env.APISERVER_IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}-ppc64le" -# - "{{ .Env.APISERVER_IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}-s390x" + - "{{ .Env.IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}-amd64" + - "{{ .Env.IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}-arm64" + - "{{ .Env.IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}-ppc64le" + - "{{ .Env.IMAGE_REPO }}:{{ .Env.IMAGE_TAG }}-s390x" release: disable: '{{ ne .Env.ENABLE_RELEASE_PIPELINE "true" }}' extra_files: diff --git a/controller.Dockerfile b/Dockerfile similarity index 100% rename from controller.Dockerfile rename to Dockerfile diff --git a/Makefile b/Makefile index 6f5daaa8..09789df8 100644 --- a/Makefile +++ b/Makefile @@ -1,26 +1,13 @@ # Build info -GIT_COMMIT ?= $(shell git rev-parse HEAD) -GIT_VERSION ?= $(shell git describe --tags --always --dirty) -GIT_STATUS ?= $(shell git status --porcelain) -GIT_TREE_STATE ?= $(shell [ -z "${GIT_STATUS}" ] && echo "clean" || echo "dirty") -COMMIT_DATE ?= $(shell git show -s --date=format:'%Y-%m-%dT%H:%M:%SZ' --format=%cd) -ORG ?= github.com/operator-framework -REPO ?= $(ORG)/catalogd -VERSION_PKG ?= $(REPO)/internal/version -CTRL_LDFLAGS ?= -ldflags="-X '$(VERSION_PKG).gitVersion=$(GIT_VERSION)'" -SERVER_LDFLAGS ?= -ldflags "-X '$(VERSION_PKG).gitVersion=$(GIT_VERSION)' -X '$(VERSION_PKG).gitCommit=$(GIT_COMMIT)' -X '$(VERSION_PKG).gitTreeState=$(GIT_TREE_STATE)' -X '$(VERSION_PKG).commitDate=$(COMMIT_DATE)'" -GO_BUILD_TAGS ?= upstream -# Image URL to use all building/pushing controller image targets -CONTROLLER_IMG ?= quay.io/operator-framework/catalogd-controller -# Image URL to use all building/pushing apiserver image targets -# TODO: When the apiserver is working properly, uncomment this line: -# SERVER_IMG ?= quay.io/operator-framework/catalogd-server -# Tag to use when building/pushing images -IMG_TAG ?= devel -## Location to build controller/apiserver binaries in -LOCALBIN ?= $(shell pwd)/bin -$(LOCALBIN): - mkdir -p $(LOCALBIN) +export GO_BUILD_TAGS ?= '' +export GIT_COMMIT ?= $(shell git rev-parse HEAD) +export GIT_VERSION ?= $(shell git describe --tags --always --dirty) +export GIT_TREE_STATE ?= $(shell [ -z "$(shell git status --porcelain)" ] && echo "clean" || echo "dirty") +export VERSION_PKG ?= $(shell go list -m)/internal/version + +export IMAGE_REPO ?= quay.io/operator-framework/catalogd +export IMAGE_TAG ?= devel +IMAGE=$(IMAGE_REPO):$(IMAGE_TAG) # Dependencies @@ -64,7 +51,7 @@ fmt: ## Run go fmt against code. .PHONY: vet vet: ## Run go vet against code. - go vet ./... + go vet -tags $(GO_BUILD_TAGS) ./... .PHONY: test test-unit: generate fmt vet setup-envtest ## Run tests. @@ -75,89 +62,69 @@ tidy: ## Update dependencies go mod tidy .PHONY: verify -verify: tidy fmt generate ## Verify the current code generation and lint +verify: tidy fmt vet generate ## Verify the current code generation and lint git diff --exit-code ##@ Build -.PHONY: build-controller -build-controller: generate fmt vet ## Build manager binary. - CGO_ENABLED=0 GOOS=linux go build -tags $(GO_BUILD_TAGS) $(CTRL_LDFLAGS) -o bin/manager cmd/manager/main.go +BINARIES=manager +LINUX_BINARIES=$(join $(addprefix linux/,$(BINARIES)), ) -# TODO: When the apiserver is working properly, uncomment this target: -# .PHONY: build-server -# build-server: fmt vet ## Build api-server binary. -# CGO_ENABLED=0 GOOS=linux go build -tags $(GO_BUILD_TAGS) $(SERVER_LDFLAGS) -o bin/apiserver cmd/apiserver/main.go +BUILDCMD = sh -c 'mkdir -p $(BUILDBIN) && $(GORELEASER) build $(GORELEASER_ARGS) --id $(notdir $@) --single-target -o $(BUILDBIN)/$(notdir $@)' +BUILDDEPS = goreleaser -.PHONY: run -run: generate fmt vet ## Run a controller from your host. - go run ./main.go +.PHONY: build +build: $(BINARIES) ## Build all project binaries for the local OS and architecture. -.PHONY: docker-build-controller -docker-build-controller: build-controller test ## Build docker image with the controller manager. - docker build -f controller.Dockerfile -t ${CONTROLLER_IMG}:${IMG_TAG} bin/ +.PHONY: build-linux +build-linux: $(LINUX_BINARIES) ## Build all project binaries for GOOS=linux and the local architecture. -.PHONY: docker-push-controller -docker-push-controller: ## Push docker image with the controller manager. - docker push ${CONTROLLER_IMG} +.PHONY: $(BINARIES) +$(BINARIES): BUILDBIN = bin +$(BINARIES): $(BUILDDEPS) + $(BUILDCMD) -# TODO: When the apiserver is working properly, uncomment the 2 targets below: -# .PHONY: docker-build-server -# docker-build-server: build-server test ## Build docker image with the apiserver. -# docker build -f apiserver.Dockerfile -t ${SERVER_IMG}:${IMG_TAG} bin/ +.PHONY: $(LINUX_BINARIES) +$(LINUX_BINARIES): BUILDBIN = bin/linux +$(LINUX_BINARIES): $(BUILDDEPS) + GOOS=linux $(BUILDCMD) + +.PHONY: run +run: generate kind-cluster install ## Create a kind cluster and install a local build of catalogd -# .PHONY: docker-push-server -# docker-push-server: ## Push docker image with the apiserver. -# docker push ${SERVER_IMG} +.PHONY: build-container +build-container: build-linux ## Build docker image for catalogd. + docker build -f Dockerfile -t $(IMAGE) bin/linux ##@ Deploy .PHONY: kind-cluster kind-cluster: kind kind-cluster-cleanup ## Standup a kind cluster - $(KIND) create cluster --name ${KIND_CLUSTER_NAME} - $(KIND) export kubeconfig --name ${KIND_CLUSTER_NAME} + $(KIND) create cluster --name $(KIND_CLUSTER_NAME) + $(KIND) export kubeconfig --name $(KIND_CLUSTER_NAME) .PHONY: kind-cluster-cleanup kind-cluster-cleanup: kind ## Delete the kind cluster - $(KIND) delete cluster --name ${KIND_CLUSTER_NAME} + $(KIND) delete cluster --name $(KIND_CLUSTER_NAME) -# TODO: When the apiserver is working properly, add this line back to the end of this target: -# $(KIND) load docker-image $(SERVER_IMG):${IMG_TAG} --name $(KIND_CLUSTER_NAME) .PHONY: kind-load kind-load: kind ## Load the built images onto the local cluster - $(KIND) export kubeconfig --name ${KIND_CLUSTER_NAME} - $(KIND) load docker-image $(CONTROLLER_IMG):${IMG_TAG} --name $(KIND_CLUSTER_NAME) + $(KIND) export kubeconfig --name $(KIND_CLUSTER_NAME) + $(KIND) load docker-image $(IMAGE) --name $(KIND_CLUSTER_NAME) -# TODO: When the apiserver is working properly, add the `docker-build-server` and `cert-manager` targets back as a dependency to this target: .PHONY: install -install: docker-build-controller kind-load deploy wait ## Install local catalogd +install: build-container kind-load deploy wait ## Install local catalogd -# TODO: When the apiserver is working properly, add this line back after the manager edit: -# cd config/apiserver && $(KUSTOMIZE) edit set image apiserver=${SERVER_IMG}:${IMG_TAG} .PHONY: deploy -deploy: kustomize ## Deploy Catalog controller and ApiServer to the K8s cluster specified in ~/.kube/config. - cd config/manager && $(KUSTOMIZE) edit set image controller=${CONTROLLER_IMG}:${IMG_TAG} +deploy: kustomize ## Deploy Catalogd to the K8s cluster specified in ~/.kube/config. + cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMAGE) $(KUSTOMIZE) build config/default | kubectl apply -f - .PHONY: undeploy -undeploy: kustomize ## Undeploy Catalog controller and ApiServer from the K8s cluster specified in ~/.kube/config. +undeploy: kustomize ## Undeploy Catalogd from the K8s cluster specified in ~/.kube/config. $(KUSTOMIZE) build config/default | kubectl delete --ignore-not-found=true -f - -.PHONY: uninstall -uninstall: undeploy ## Uninstall local catalogd - kubectl wait --for=delete namespace/$(CATALOGD_NAMESPACE) --timeout=60s - -# TODO: cert-manager was only needed due to the apiserver. When the apiserver is working properly, uncomment this target -# .PHONY: cert-manager -# cert-manager: ## Deploy cert-manager on the cluster -# kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/$(CERT_MGR_VERSION)/cert-manager.yaml -# kubectl wait --for=condition=Available --namespace=cert-manager deployment/cert-manager-webhook --timeout=60s - -# TODO: When the apiserver is working properly, add the following lines to this target: -# kubectl wait --for=condition=Available --namespace=$(CATALOGD_NAMESPACE) deployment/catalogd-apiserver --timeout=60s -# kubectl rollout status --watch --namespace=$(CATALOGD_NAMESPACE) statefulset/catalogd-etcd --timeout=60s - wait: kubectl wait --for=condition=Available --namespace=$(CATALOGD_NAMESPACE) deployment/catalogd-controller-manager --timeout=60s @@ -165,15 +132,6 @@ wait: export ENABLE_RELEASE_PIPELINE ?= false export GORELEASER_ARGS ?= --snapshot --clean -export CONTROLLER_IMAGE_REPO ?= $(CONTROLLER_IMG) -# TODO: When the apiserver is working properly, uncomment this line: -# export APISERVER_IMAGE_REPO ?= $(SERVER_IMG) -export IMAGE_TAG ?= $(IMG_TAG) -export VERSION_PKG ?= $(VERSION_PKG) -export GIT_VERSION ?= $(GIT_VERSION) -export GIT_COMMIT ?= $(GIT_COMMIT) -export GIT_TREE_STATE ?= $(GIT_TREE_STATE) -export COMMIT_DATE ?= $(COMMIT_DATE) export CERT_MGR_VERSION ?= $(CERT_MGR_VERSION) release: goreleaser ## Runs goreleaser for catalogd. By default, this will run only as a snapshot and will not publish any artifacts unless it is run with different arguments. To override the arguments, run with "GORELEASER_ARGS=...". When run as a github action from a tag, this target will publish a full release. $(GORELEASER) $(GORELEASER_ARGS) diff --git a/apiserver.Dockerfile b/apiserver.Dockerfile deleted file mode 100644 index 1351124e..00000000 --- a/apiserver.Dockerfile +++ /dev/null @@ -1,16 +0,0 @@ -# Use distroless as minimal base image to package the manager binary -# Refer to https://github.com/GoogleContainerTools/distroless for more details - -#Note: PoC is running as root but we can run this as nonroot by making the apiserver listen on 8443 internally and then map 443 to 8443 in the Service -# eg this is what the openshift-apiserver does -# more info: https://coreos.slack.com/archives/G3T7N42NP/p1667580247206729?thread_ts=1667577965.339339&cid=G3T7N42NP - # ports: - # - name: https - # port: 443 - # protocol: TCP - # targetPort: 8443 -FROM gcr.io/distroless/static:latest -WORKDIR / -COPY apiserver . - -ENTRYPOINT ["/apiserver"] \ No newline at end of file diff --git a/cmd/manager/main.go b/cmd/manager/main.go index 23ac9b43..9df47ce5 100644 --- a/cmd/manager/main.go +++ b/cmd/manager/main.go @@ -79,7 +79,7 @@ func main() { flag.Parse() if catalogdVersion { - fmt.Printf("catalogd version: %s", version.ControllerVersion()) + fmt.Printf("%#v\n", version.Version()) os.Exit(0) } diff --git a/config/apiserver/apiserver.yaml b/config/apiserver/apiserver.yaml deleted file mode 100644 index ee508fce..00000000 --- a/config/apiserver/apiserver.yaml +++ /dev/null @@ -1,128 +0,0 @@ -apiVersion: apiregistration.k8s.io/v1 -kind: APIService -metadata: - name: v1beta1.catalogd.operatorframework.io - labels: - api: catalogd - apiserver: "true" - app.kubernetes.io/name: apiservice - app.kubernetes.io/instance: system - app.kubernetes.io/component: apiservice - app.kubernetes.io/created-by: catalogd - app.kubernetes.io/part-of: catalogd - app.kubernetes.io/managed-by: kustomize - annotations: - # Have cert manager inject the caBundle field using the cert we created - cert-manager.io/inject-ca-from: catalogd-system/server-cert -spec: - version: v1beta1 - group: catalogd.operatorframework.io - groupPriorityMinimum: 2000 - service: - name: catalogd - namespace: system - versionPriority: 10 ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: apiserver - namespace: system - labels: - api: catalogd - apiserver: "true" - app.kubernetes.io/name: deployment - app.kubernetes.io/instance: system - app.kubernetes.io/component: apiservice - app.kubernetes.io/created-by: catalogd - app.kubernetes.io/part-of: catalogd - app.kubernetes.io/managed-by: kustomize -spec: - selector: - matchLabels: - api: catalogd - apiserver: "true" - replicas: 1 - template: - metadata: - labels: - api: catalogd - apiserver: "true" - spec: - serviceAccountName: apiserver - containers: - - name: apiserver - image: apiserver:latest - imagePullPolicy: IfNotPresent - volumeMounts: - - name: catalogd-apiserver-certs - mountPath: /apiserver.local.config/certificates - readOnly: true - command: - - "./apiserver" - args: - - "--etcd-servers=http://catalogd-etcd-svc:2379" - - "--tls-cert-file=/apiserver.local.config/certificates/tls.crt" - - "--tls-private-key-file=/apiserver.local.config/certificates/tls.key" - - "--audit-log-path=-" - - "--feature-gates=APIPriorityAndFairness=false" - - "--audit-log-maxage=0" - - "--audit-log-maxbackup=0" - - "--profiling" - resources: - requests: - cpu: 100m - memory: 20Mi - limits: - cpu: 100m - memory: 30Mi - volumes: - - name: catalogd-apiserver-certs - secret: - secretName: catalogd-apiserver ---- -apiVersion: v1 -kind: Service -metadata: - name: apiserver - namespace: system - labels: - api: catalogd - apiserver: "true" -spec: - ports: - - port: 443 - protocol: TCP - targetPort: 443 - selector: - api: catalogd - apiserver: "true" ---- -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - labels: - api: catalogd - apiserver: "true" - name: selfsigned-issuer - namespace: system -spec: - selfSigned: {} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - labels: - api: catalogd - apiserver: "true" - name: server-cert - namespace: system -spec: - dnsNames: - - catalogd-apiserver.catalogd.svc - - catalogd-apiserver.catalogd.svc.cluster.local - - localhost - issuerRef: - kind: Issuer - name: catalogd-selfsigned-issuer - secretName: catalogd-apiserver diff --git a/config/apiserver/kustomization.yaml b/config/apiserver/kustomization.yaml deleted file mode 100644 index af48d03c..00000000 --- a/config/apiserver/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ -resources: -- apiserver.yaml -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -images: -- name: apiserver - newName: quay.io/operator-framework/catalogd-server - newTag: devel diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 91a5c287..312e99b6 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -15,8 +15,5 @@ resources: - ../crd - ../rbac - ../manager -# TODO: When the apiserver is working properly, uncomment this -# - ../apiserver -# - ../etcd patches: - path: manager_auth_proxy_patch.yaml diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 8cb43470..11dd667d 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -4,5 +4,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization images: - name: controller - newName: quay.io/operator-framework/catalogd-controller + newName: quay.io/operator-framework/catalogd newTag: devel diff --git a/config/rbac/apiserver_role.yaml b/config/rbac/apiserver_role.yaml deleted file mode 100644 index 86fa259c..00000000 --- a/config/rbac/apiserver_role.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: apiserver-auth-reader -rules: - - apiGroups: - - "" - resources: - - configmaps - - namespaces - verbs: - - get - - list - - watch - - apiGroups: - - 'admissionregistration.k8s.io' - resources: - - '*' - verbs: - - 'list' - - 'watch' - - nonResourceURLs: - - '*' - verbs: - - '*' diff --git a/config/rbac/apiserver_rolebindings.yaml b/config/rbac/apiserver_rolebindings.yaml deleted file mode 100644 index 18ac8395..00000000 --- a/config/rbac/apiserver_rolebindings.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: apiserver-auth-reader - namespace: system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: catalogd-apiserver-auth-reader -subjects: - - kind: ServiceAccount - namespace: catalogd-system - name: catalogd-apiserver ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: apiserver-auth-delegator - namespace: system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: - - kind: ServiceAccount - namespace: catalogd-system - name: catalogd-apiserver diff --git a/config/rbac/apiserver_service_account.yaml b/config/rbac/apiserver_service_account.yaml deleted file mode 100644 index 865f4c63..00000000 --- a/config/rbac/apiserver_service_account.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/name: serviceaccount - app.kuberentes.io/instance: apiserver - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: catalogd - app.kubernetes.io/part-of: catalogd - app.kubernetes.io/managed-by: kustomize - name: apiserver - namespace: system \ No newline at end of file diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index e300f985..731832a6 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -16,7 +16,3 @@ resources: - auth_proxy_role.yaml - auth_proxy_role_binding.yaml - auth_proxy_client_clusterrole.yaml -# TODO: When the apiserver is working properly, uncomment the following lines: -# - apiserver_role.yaml -# - apiserver_rolebindings.yaml -# - apiserver_service_account.yaml diff --git a/go.mod b/go.mod index 7da2f647..a3ec1927 100644 --- a/go.mod +++ b/go.mod @@ -3,6 +3,7 @@ module github.com/operator-framework/catalogd go 1.19 require ( + github.com/blang/semver/v4 v4.0.0 github.com/nlepage/go-tarfs v1.1.0 github.com/onsi/ginkgo/v2 v2.6.0 github.com/onsi/gomega v1.24.1 @@ -15,7 +16,6 @@ require ( require ( github.com/beorn7/perks v1.0.1 // indirect - github.com/blang/semver/v4 v4.0.0 // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/emicklei/go-restful/v3 v3.9.0 // indirect diff --git a/internal/version/version.go b/internal/version/version.go index 4c07dc77..73ba429a 100644 --- a/internal/version/version.go +++ b/internal/version/version.go @@ -3,7 +3,9 @@ package version import ( "fmt" "runtime" + "strings" + "github.com/blang/semver/v4" genericversion "k8s.io/apimachinery/pkg/version" ) @@ -14,14 +16,9 @@ var ( commitDate = "unknown" // build date in ISO8601 format, output of $(date -u +'%Y-%m-%dT%H:%M:%SZ') ) -// ControllerVersion returns a version string for the controller -func ControllerVersion() string { - return gitVersion -} - -// ApiserverVersion returns a version.Info object for the apiserver -func ApiserverVersion() *genericversion.Info { - return &genericversion.Info{ +// Version returns a version struct for the build +func Version() genericversion.Info { + info := genericversion.Info{ GitVersion: gitVersion, GitCommit: gitCommit, GitTreeState: gitTreeState, @@ -30,4 +27,10 @@ func ApiserverVersion() *genericversion.Info { Compiler: runtime.Compiler, Platform: fmt.Sprintf("%s/%s", runtime.GOOS, runtime.GOARCH), } + v, err := semver.Parse(strings.TrimPrefix(gitVersion, "v")) + if err == nil { + info.Major = fmt.Sprintf("%d", v.Major) + info.Minor = fmt.Sprintf("%d", v.Minor) + } + return info }