fix issues in vwc and latest tag

senthilrch · Jun 2, 2020 · ebc3d48 · ebc3d48
1 parent a84b89d
commit ebc3d48
Show file tree

Hide file tree

Showing 8 changed files with 37 additions and 27 deletions.
diff --git a/Makefile b/Makefile
@@ -186,7 +186,7 @@ test:
 
 deploy-using-yaml:
 	-kubectl apply -f deploy/kubefledged-namespace.yaml
-	bash deploy/webhook-create-signed-cert.sh --namespace kube-fledged --service kubefledged-webhook-server --secret kubefledged-webhook-server
+	bash deploy/webhook-create-signed-cert.sh
 	bash deploy/webhook-patch-ca-bundle.sh
 	kubectl apply -f deploy/kubefledged-crd.yaml
 	kubectl apply -f deploy/kubefledged-serviceaccount.yaml
@@ -213,7 +213,7 @@ deploy-using-operator:
 	# Deploy kube-fledged to a separate namespace
 	sed -i "s|{{OPERATOR_NAMESPACE}}|${OPERATOR_NAMESPACE}|g" deploy/kubefledged-operator/deploy/crds/charts.helm.k8s.io_v1alpha1_kubefledged_cr.yaml
 	sed -i "s|{{KUBEFLEDGED_NAMESPACE}}|${KUBEFLEDGED_NAMESPACE}|g" deploy/kubefledged-operator/deploy/crds/charts.helm.k8s.io_v1alpha1_kubefledged_cr.yaml
-	bash deploy/webhook-create-signed-cert.sh --namespace ${KUBEFLEDGED_NAMESPACE} --service kubefledged-webhook-server --secret kubefledged-webhook-server
+	bash deploy/webhook-create-signed-cert.sh --namespace ${KUBEFLEDGED_NAMESPACE}
 	bash deploy/webhook-patch-ca-bundle.sh
 	kubectl apply -f deploy/kubefledged-operator/deploy/crds/charts.helm.k8s.io_v1alpha1_kubefledged_cr.yaml
 
@@ -224,27 +224,29 @@ update:
 	kubectl scale deployment kubefledged-webhook-server --replicas=1 -n kube-fledged && sleep 1
 	kubectl get pods -l app=kubefledged -n kube-fledged
 
-remove:
+remove-kubefledged:
 	-kubectl delete -f deploy/kubefledged-namespace.yaml
 	-kubectl delete -f deploy/kubefledged-clusterrolebinding.yaml
 	-kubectl delete -f deploy/kubefledged-clusterrole.yaml
 	-kubectl delete -f deploy/kubefledged-crd.yaml
 	-kubectl delete -f deploy/kubefledged-validatingwebhook.yaml
+	-git checkout deploy/kubefledged-validatingwebhook.yaml
+	-git checkout deploy/kubefledged-operator/deploy/crds/charts.helm.k8s.io_v1alpha1_kubefledged_cr.yaml
 
-remove-all:
+remove-operator-and-kubefledged:
 	# Remove kubefledged and the namespace
 	-kubectl delete -f deploy/kubefledged-operator/deploy/crds/charts.helm.k8s.io_v1alpha1_kubefledged_cr.yaml
 	-kubectl delete namespace ${KUBEFLEDGED_NAMESPACE}
-	-sed -i "s|${KUBEFLEDGED_NAMESPACE}|{{KUBEFLEDGED_NAMESPACE}}|g" deploy/kubefledged-operator/deploy/crds/charts.helm.k8s.io_v1alpha1_kubefledged_cr.yaml
-	-sed -i "s|${OPERATOR_NAMESPACE}|{{OPERATOR_NAMESPACE}}|g" deploy/kubefledged-operator/deploy/crds/charts.helm.k8s.io_v1alpha1_kubefledged_cr.yaml
-	# Remove the kubefledged-operator and the namespace
+	-git checkout deploy/kubefledged-validatingwebhook.yaml
+	-git checkout deploy/kubefledged-operator/deploy/crds/charts.helm.k8s.io_v1alpha1_kubefledged_cr.yaml
+	# Remove the kubefledged operator and the namespace
 	-kubectl delete -f deploy/kubefledged-operator/deploy/operator.yaml
 	-kubectl delete -f deploy/kubefledged-operator/deploy/clusterrole_binding.yaml
 	-kubectl delete -f deploy/kubefledged-operator/deploy/clusterrole.yaml
 	-kubectl delete -f deploy/kubefledged-operator/deploy/service_account.yaml
 	-kubectl delete -f deploy/kubefledged-operator/deploy/crds/charts.helm.k8s.io_kubefledgeds_crd.yaml
 	-kubectl delete namespace ${OPERATOR_NAMESPACE}
-	-sed -i "s|${OPERATOR_NAMESPACE}|{{OPERATOR_NAMESPACE}}|g" deploy/kubefledged-operator/deploy/operator.yaml
-	-sed -i "s|${OPERATOR_NAMESPACE}|{{OPERATOR_NAMESPACE}}|g" deploy/kubefledged-operator/deploy/clusterrole_binding.yaml
-	-sed -i "s|${OPERATOR_NAMESPACE}|{{OPERATOR_NAMESPACE}}|g" deploy/kubefledged-operator/deploy/service_account.yaml
+	-git checkout deploy/kubefledged-operator/deploy/operator.yaml
+	-git checkout deploy/kubefledged-operator/deploy/clusterrole_binding.yaml
+	-git checkout deploy/kubefledged-operator/deploy/service_account.yaml
 
diff --git a/README.md b/README.md
@@ -54,7 +54,7 @@ _kube-fledged_ provides CRUD APIs to manage the lifecycle of the image cache, an
 
 - A functioning kubernetes cluster (v1.16 or above). It could be a simple development cluster like minikube or a large production cluster.
 - All master and worker nodes having the ["kubernetes.io/hostname"](https://kubernetes.io/docs/reference/kubernetes-api/labels-annotations-taints/#kubernetes-io-hostname) label.
-- git, make, go, docker engine (>= 19.03) and kubectl installed on a local linux machine. kubectl configured properly to access the cluster with cluster-admin privileges.
+- git, make, go, docker engine (>= 19.03), openssl and kubectl installed on a local linux machine. kubectl configured properly to access the cluster with cluster-admin privileges.
 
 ## Quick Install using YAML manifests
 

diff --git a/build/Dockerfile.cri_client b/build/Dockerfile.cri_client
@@ -20,12 +20,12 @@ RUN apk add --no-cache bash curl openssh-client
 ARG DOCKER_VERSION
 ARG CRICTL_VERSION
 
-RUN curl -L -o /tmp/docker-$DOCKER_VERSION.tgz https://download.docker.com/linux/static/stable/x86_64/docker-$DOCKER_VERSION.tgz \
-    && tar -xz -C /tmp -f /tmp/docker-$DOCKER_VERSION.tgz \
-    && mv /tmp/docker/docker /usr/bin \
-    && rm -rf /tmp/docker-$DOCKER_VERSION.tgz /tmp/docker
+RUN curl -L -o /tmp/docker-$DOCKER_VERSION.tgz https://download.docker.com/linux/static/stable/x86_64/docker-$DOCKER_VERSION.tgz && \
+    tar -xz -C /tmp -f /tmp/docker-$DOCKER_VERSION.tgz && \
+    mv /tmp/docker/docker /usr/bin && \
+    rm -rf /tmp/docker-$DOCKER_VERSION.tgz /tmp/docker
 
-RUN curl -L -o /tmp/crictl-$CRICTL_VERSION.tgz https://github.com/kubernetes-sigs/cri-tools/releases/download/$CRICTL_VERSION/crictl-$CRICTL_VERSION-linux-amd64.tar.gz \
-    && tar -xz -C /tmp -f /tmp/crictl-$CRICTL_VERSION.tgz \
-    && mv /tmp/crictl /usr/bin \
-    && rm -rf /tmp/crictl-$CRICTL_VERSION.tgz /tmp/crictl
+RUN curl -L -o /tmp/crictl-$CRICTL_VERSION.tgz https://github.com/kubernetes-sigs/cri-tools/releases/download/$CRICTL_VERSION/crictl-$CRICTL_VERSION-linux-amd64.tar.gz && \
+    tar -xz -C /tmp -f /tmp/crictl-$CRICTL_VERSION.tgz && \
+    mv /tmp/crictl /usr/bin && \
+    rm -rf /tmp/crictl-$CRICTL_VERSION.tgz /tmp/crictl
diff --git a/deploy/kubefledged-operator/helm-charts/kubefledged/templates/service-webhook-server.yaml b/deploy/kubefledged-operator/helm-charts/kubefledged/templates/service-webhook-server.yaml
@@ -2,7 +2,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ include "kubefledged.webhookServiceName" . }}-webhook-server
+  name: kubefledged-webhook-server
   labels:
     {{ include "kubefledged.labels" . | nindent 4 }}
   namespace: {{ .Values.kubefledgedNameSpace }}

diff --git a/deploy/kubefledged-operator/helm-charts/kubefledged/templates/validatingwebhook.yaml b/deploy/kubefledged-operator/helm-charts/kubefledged/templates/validatingwebhook.yaml
@@ -5,14 +5,14 @@ metadata:
   name: {{ include "kubefledged.validatingWebhookName" . }}
 webhooks:
   - name: validate-image-cache.kubefledged.k8s.io
-    admissionReviewVersions: ["v1"]
+    admissionReviewVersions: ["v1beta1", "v1"]
     timeoutSeconds: 1
     failurePolicy: Fail
     sideEffects: None
     clientConfig:
       service:
-        namespace: kube-fledged
-        name: {{ include "kubefledged.webhookServiceName" . }}-webhook-server
+        namespace: {{ .Values.kubefledgedNameSpace }}
+        name: kubefledged-webhook-server
         path: "/validate-image-cache"
         port: {{ .Values.webhookService.port }}
       caBundle: {{ .Values.validatingWebhookCABundle }}

diff --git a/deploy/kubefledged-validatingwebhook.yaml b/deploy/kubefledged-validatingwebhook.yaml
@@ -4,7 +4,7 @@ metadata:
   name: kubefledged
 webhooks:
   - name: validate-image-cache.kubefledged.k8s.io
-    admissionReviewVersions: ["v1"]
+    admissionReviewVersions: ["v1beta1", "v1"]
     timeoutSeconds: 1
     failurePolicy: Fail
     sideEffects: None

diff --git a/deploy/webhook-create-signed-cert.sh b/deploy/webhook-create-signed-cert.sh
@@ -60,15 +60,20 @@ while [[ $# -gt 0 ]]; do
     shift
 done
 
-[ -z ${service} ] && service=admission-webhook-example-svc
-[ -z ${secret} ] && secret=admission-webhook-example-certs
-[ -z ${namespace} ] && namespace=default
+[ -z ${service} ] && service=kubefledged-webhook-server
+[ -z ${secret} ] && secret=kubefledged-webhook-server
+[ -z ${namespace} ] && namespace=kube-fledged
 
 if [ ! -x "$(command -v openssl)" ]; then
     echo "openssl not found"
     exit 1
 fi
 
+if [ ! -x "$(command -v kubectl)" ]; then
+    echo "kubectl not found"
+    exit 1
+fi
+
 csrName=${service}.${namespace}
 tmpdir=$(mktemp -d)
 echo "creating certs in tmpdir ${tmpdir} "

diff --git a/pkg/images/image_helpers.go b/pkg/images/image_helpers.go
@@ -232,6 +232,9 @@ func checkIfImageNeedsToBePulled(imagePullPolicy string, image string, node *cor
 		if !strings.Contains(image, ":") && !strings.Contains(image, "@sha") {
 			return true, nil
 		}
+		if strings.Contains(image, ":latest") {
+			return true, nil
+		}
 		imageAlreadyPresent, err := imageAlreadyPresentInNode(image, node)
 		if err != nil {
 			return false, err