Skip to content

Commit

Permalink
Merge pull request #7 from annismckenzie/add-static-deployment-manifests
Browse files Browse the repository at this point in the history
Add static deployment manifests
  • Loading branch information
annismckenzie authored Jan 8, 2021
2 parents 01502d6 + c9889bb commit 1a6c684
Show file tree
Hide file tree
Showing 5 changed files with 358 additions and 3 deletions.
5 changes: 5 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,11 @@ dev-delete: tools
deploy: manifests tools
$(SKAFFOLD) run -p production

# This is used to update the manifests into deploy/operator.yaml
render-production-manifests:
@ $(SKAFFOLD) build -q -p production
@ $(KUSTOMIZE) build config/production > deploy/operator.yaml

# Generate manifests e.g. CRD, RBAC etc.
manifests: controller-gen
$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
Expand Down
14 changes: 12 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ That Kubernetes operator doesn't exist. At least, it didn't until now. 🤠
## Prerequisites

1. A k3OS cluster that's running [nominally](https://joshdance.medium.com/what-does-nominal-mean-when-spacex-mission-control-says-it-39c2d249da27#:~:text=performing%20or%20achieved%20within%20expected,within%20expected%20and%20acceptable%20limits.).
2. A local clone of https://github.com/sgielen/picl-k3os-image-generator.
2. A local clone of https://github.com/annismckenzie/picl-k3os-image-generator (my fork).
3. The `config` directory with YAML files as describes in https://github.com/sgielen/picl-k3os-image-generator#getting-started:
```
├── config
Expand All @@ -25,7 +25,8 @@ That Kubernetes operator doesn't exist. At least, it didn't until now. 🤠
│ └── dc:a6:32:xx:xx:xx.yaml
```
3. Your local `kubectl` configured to push YAMLs to your k3OS cluster.
4. Execute `make deploy-k3os-config` in your local checkout of `picl-k3os-image-generator`. This will generate the configuration and push it into the cluster.
4. Execute `make update-k3osconfig-secret` in your local checkout of `picl-k3os-image-generator` to validate the YAML files in the `config` directory and to generate the secret for the operator.
5. Execute `make deploy-k3os-config` in your local checkout of `picl-k3os-image-generator`. This will generate the configuration and push it into the cluster.
5. Continue on with the installation steps outlined below.


Expand All @@ -34,3 +35,12 @@ That Kubernetes operator doesn't exist. At least, it didn't until now. 🤠
```sh
kubectl apply -f https://raw.githubusercontent.com/annismckenzie/k3os-config-operator/v0.1.0/deploy/operator.yaml
```


## Releasing

1. Tag locally with `vx.y.z`. Make sure the working directory is clean.
2. Run `make render-production-manifests`. This will build and push the new multi-arch image.
3. Update the installation path above with the new tag.
4. Commit the updated `deploy/operator.yaml` and the update to the README.
5. Delete the local tag, tag again, then push using `git push origin --tags`.
9 changes: 9 additions & 0 deletions config/production/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
- ../default

images:
- name: ghcr.io/annismckenzie/k3os-config-operator
newTag: v0.1.0
332 changes: 332 additions & 0 deletions deploy/operator.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,332 @@
apiVersion: v1
kind: Namespace
metadata:
labels:
app: k3os-config-operator
app.kubernetes.io/name: k3os-config-operator
control-plane: controller-manager
name: k3os-config-operator-system
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
labels:
app: k3os-config-operator
app.kubernetes.io/name: k3os-config-operator
name: k3osconfigs.config.operators.annismckenzie.github.com
spec:
group: config.operators.annismckenzie.github.com
names:
kind: K3OSConfig
listKind: K3OSConfigList
plural: k3osconfigs
singular: k3osconfig
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: K3OSConfig is the Schema for the k3osconfigs API.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: K3OSConfigSpec defines the desired state of K3OSConfig.
properties:
syncNodeLabels:
description: SyncNodeLabels enables syncing node labels set in the
K3OS config.yaml. K3OS by default only sets labels on nodes on first
boot.
type: boolean
syncNodeTaints:
description: SyncNodeTaints enables syncing node taints set in the
K3OS config.yaml. K3OS by default only sets taints on nodes on first
boot.
type: boolean
type: object
status:
description: K3OSConfigStatus defines the observed state of K3OSConfig.
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app: k3os-config-operator
app.kubernetes.io/name: k3os-config-operator
name: k3os-config-operator-leader-election-role
namespace: k3os-config-operator-system
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
creationTimestamp: null
labels:
app: k3os-config-operator
app.kubernetes.io/name: k3os-config-operator
name: k3os-config-operator-manager-role
namespace: k3os-config-operator-system
rules:
- apiGroups:
- config.operators.annismckenzie.github.com
resources:
- k3osconfigs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- config.operators.annismckenzie.github.com
resources:
- k3osconfigs/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
labels:
app: k3os-config-operator
app.kubernetes.io/name: k3os-config-operator
name: k3os-config-operator-manager-role
rules:
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- patch
- update
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: k3os-config-operator
app.kubernetes.io/name: k3os-config-operator
name: k3os-config-operator-metrics-reader
rules:
- nonResourceURLs:
- /metrics
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app: k3os-config-operator
app.kubernetes.io/name: k3os-config-operator
name: k3os-config-operator-proxy-role
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app: k3os-config-operator
app.kubernetes.io/name: k3os-config-operator
name: k3os-config-operator-leader-election-rolebinding
namespace: k3os-config-operator-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: k3os-config-operator-leader-election-role
subjects:
- kind: ServiceAccount
name: default
namespace: k3os-config-operator-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app: k3os-config-operator
app.kubernetes.io/name: k3os-config-operator
name: k3os-config-operator-manager-rolebinding
namespace: k3os-config-operator-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: k3os-config-operator-manager-role
subjects:
- kind: ServiceAccount
name: default
namespace: k3os-config-operator-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: k3os-config-operator
app.kubernetes.io/name: k3os-config-operator
name: k3os-config-operator-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: k3os-config-operator-manager-role
subjects:
- kind: ServiceAccount
name: default
namespace: k3os-config-operator-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app: k3os-config-operator
app.kubernetes.io/name: k3os-config-operator
name: k3os-config-operator-proxy-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: k3os-config-operator-proxy-role
subjects:
- kind: ServiceAccount
name: default
namespace: k3os-config-operator-system
---
apiVersion: v1
kind: Service
metadata:
labels:
app: k3os-config-operator
app.kubernetes.io/name: k3os-config-operator
control-plane: controller-manager
name: k3os-config-operator-controller-manager-metrics-service
namespace: k3os-config-operator-system
spec:
ports:
- name: https
port: 8443
targetPort: https
selector:
app: k3os-config-operator
app.kubernetes.io/name: k3os-config-operator
control-plane: controller-manager
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app: k3os-config-operator
app.kubernetes.io/name: k3os-config-operator
control-plane: controller-manager
name: k3os-config-operator-controller-manager
namespace: k3os-config-operator-system
spec:
selector:
matchLabels:
app: k3os-config-operator
app.kubernetes.io/name: k3os-config-operator
control-plane: controller-manager
template:
metadata:
labels:
app: k3os-config-operator
app.kubernetes.io/name: k3os-config-operator
control-plane: controller-manager
spec:
containers:
- args:
- --secure-listen-address=0.0.0.0:8443
- --upstream=http://127.0.0.1:8080/
- --logtostderr=true
- --v=10
image: quay.io/brancz/kube-rbac-proxy:v0.8.0
name: kube-rbac-proxy
ports:
- containerPort: 8443
name: https
- args:
- --metrics-addr=127.0.0.1:8080
- --enable-leader-election
command:
- /manager
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: ghcr.io/annismckenzie/k3os-config-operator:v0.1.0
name: manager
resources:
limits:
cpu: 100m
memory: 30Mi
requests:
cpu: 100m
memory: 20Mi
terminationGracePeriodSeconds: 10
1 change: 0 additions & 1 deletion skaffold.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@ build:
deploy:
kustomize:
paths:
- config/crd
- config/default
profiles:
- name: production
Expand Down

0 comments on commit 1a6c684

Please sign in to comment.