Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

(helm/v1): fix role.yaml init scaffolding #6769

Merged
merged 1 commit into from
Jun 13, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions changelog/fragments/02-helm-operator-role-generation-fix.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
# entries is a list of entries to include in
# release notes and/or the migration guide
entries:
- description: >
(helm/v1) Fix broken helm-operator role scaffolding which causes reconciler to hang due to lack of permissions.

# kind is one of:
# - addition
# - change
# - deprecation
# - removal
# - bugfix
kind: "bugfix"

# Is this a breaking change?
breaking: false

# Migration can be defined to automatically add a section to
# the migration guide. This is required for breaking changes.
migration:
header: Fix helm-operator scaffolding that was broken in 1.34.0, 1.34.1, and 1.34.2
body: |
Users who scaffolded a helm-operator project with 1.34.0, 1.34.1, or 1.34.2
need re-generate the project in order to get a fixed `config/rbac/role.yaml` file.
8 changes: 1 addition & 7 deletions hack/generate/samples/internal/helm/memcached.go
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ func (mh *Memcached) Run() {

log.Infof("adding customized roles")
err = kbutil.ReplaceInFile(filepath.Join(mh.ctx.Dir, "config", "rbac", "role.yaml"),
rolesFragmentReplaceTarget, policyRolesFragment)
"#+kubebuilder:scaffold:rules", policyRolesFragment)
pkg.CheckError("adding customized roles", err)

log.Infof("creating the bundle")
Expand All @@ -122,12 +122,6 @@ func (mh *Memcached) Run() {

const createdAt = `createdAt: "2022-11-08T17:26:37Z"`

const rolesFragmentReplaceTarget = `
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch"]
`

const policyRolesFragment = `
##
## Base operator rules
Expand Down
5 changes: 2 additions & 3 deletions internal/plugins/helm/v1/scaffolds/init.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,6 @@ limitations under the License.
package scaffolds

import (
"os"

kustomizev2 "sigs.k8s.io/kubebuilder/v3/pkg/plugins/common/kustomize/v2"

"sigs.k8s.io/kubebuilder/v3/pkg/config"
Expand Down Expand Up @@ -67,9 +65,10 @@ func (s *initScaffolder) Scaffold() error {
machinery.WithConfig(s.config),
)

if err := os.MkdirAll(chartutil.HelmChartsDir, 0755); err != nil {
if err := s.fs.FS.MkdirAll(chartutil.HelmChartsDir, 0755); err != nil {
return err
}

return scaffold.Execute(
&templates.Dockerfile{
HelmOperatorVersion: helmOperatorVersion,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ func (f *ManagerRole) SetTemplateDefaults() error {
}

f.TemplateBody = fmt.Sprintf(roleTemplate, machinery.NewMarkerFor(f.Path, rulesMarker))
f.IfExistsAction = machinery.OverwriteFile

return nil
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,72 @@ spec:
spec:
clusterPermissions:
- rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- secrets
verbs:
- '*'
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- cache.example.com
resources:
- memcacheds
- memcacheds/status
- memcacheds/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- pods
- services
- services/finalizers
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- deployments
- daemonsets
- replicasets
- statefulsets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
Expand Down
86 changes: 79 additions & 7 deletions testdata/helm/memcached-operator/config/rbac/role.yaml
Original file line number Diff line number Diff line change
@@ -1,13 +1,6 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: clusterrole
app.kubernetes.io/instance: manager-role
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: memcached-operator
app.kubernetes.io/part-of: memcached-operator
app.kubernetes.io/managed-by: kustomize
name: manager-role
rules:
##
Expand Down Expand Up @@ -88,6 +81,84 @@ rules:
- watch


##
## Base operator rules
##
# We need to get namespaces so the operator can read namespaces to ensure they exist
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
# We need to manage Helm release secrets
- apiGroups:
- ""
resources:
- secrets
verbs:
- "*"
# We need to create events on CRs about things happening during reconciliation
- apiGroups:
- ""
resources:
- events
verbs:
- create

##
## Rules for cache.example.com/v1alpha1, Kind: Memcached
##
- apiGroups:
- cache.example.com
resources:
- memcacheds
- memcacheds/status
- memcacheds/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- pods
- services
- services/finalizers
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- deployments
- daemonsets
- replicasets
- statefulsets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch


##
## Rules customized for cache.example.com/v1alpha1, Kind: Memcached
##
Expand Down Expand Up @@ -119,3 +190,4 @@ rules:
- watch

#+kubebuilder:scaffold:rules

4 changes: 2 additions & 2 deletions website/content/en/docs/contribution-guidelines/plugins.md
Original file line number Diff line number Diff line change
Expand Up @@ -72,8 +72,8 @@ If you are looking to develop similar solutions to allow users for example to cr
[plugin-manifest]: https://github.com/operator-framework/operator-sdk/tree/master/internal/plugins/manifests/v2
[plugin-scorecard]: https://github.com/operator-framework/operator-sdk/tree/master/internal/plugins/scorecard/v2
[kubebuilder-declarative-pattern]: https://github.com/kubernetes-sigs/kubebuilder-declarative-pattern
[kubebuilder-declarative-pattern-example]: https://github.com/kubernetes-sigs/kubebuilder/blob/master/testdata/project-v3/controllers/firstmate_controller.go
[default-scaffold]: https://github.com/kubernetes-sigs/kubebuilder/blob/master/testdata/project-v3/controllers/admiral_controller.go
[kubebuilder-declarative-pattern-example]: https://github.com/kubernetes-sigs/kubebuilder/blob/v3.13.0/testdata/project-v3/controllers/firstmate_controller.go
[default-scaffold]: https://github.com/kubernetes-sigs/kubebuilder/blob/v3.13.0/testdata/project-v3/controllers/admiral_controller.go
[kb-issue]: https://github.com/kubernetes-sigs/kubebuilder/issues/1378
[create-your-own-plugins]: https://master.book.kubebuilder.io/plugins/creating-plugins.html
[scorecard]: /docs/testing-operators/scorecard/
Expand Down
Loading