WIP: Generate static deployment manifests

annismckenzie · annismckenzie · commit 9cd538714748 · 2021-01-08T12:27:49.000+01:00
diff --git a/Makefile b/Makefile
@@ -43,6 +43,11 @@ dev-delete: tools
 deploy: manifests tools
 	$(SKAFFOLD) run -p production
 
+# This is used to update the manifests into deploy/operator.yaml
+render-production-manifests:
+	@ $(SKAFFOLD) build -q -p production
+	@ $(KUSTOMIZE) build config/production > deploy/operator.yaml
+
 # Generate manifests e.g. CRD, RBAC etc.
 manifests: controller-gen
 	$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
diff --git a/config/production/kustomization.yaml b/config/production/kustomization.yaml
@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ../default
+
+images:
+  - name: ghcr.io/annismckenzie/k3os-config-operator
+    newTag: v0.1.0
diff --git a/deploy/operator.yaml b/deploy/operator.yaml
@@ -0,0 +1,332 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    app: k3os-config-operator
+    app.kubernetes.io/name: k3os-config-operator
+    control-plane: controller-manager
+  name: k3os-config-operator-system
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.4.1
+  creationTimestamp: null
+  labels:
+    app: k3os-config-operator
+    app.kubernetes.io/name: k3os-config-operator
+  name: k3osconfigs.config.operators.annismckenzie.github.com
+spec:
+  group: config.operators.annismckenzie.github.com
+  names:
+    kind: K3OSConfig
+    listKind: K3OSConfigList
+    plural: k3osconfigs
+    singular: k3osconfig
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: K3OSConfig is the Schema for the k3osconfigs API.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: K3OSConfigSpec defines the desired state of K3OSConfig.
+            properties:
+              syncNodeLabels:
+                description: SyncNodeLabels enables syncing node labels set in the
+                  K3OS config.yaml. K3OS by default only sets labels on nodes on first
+                  boot.
+                type: boolean
+              syncNodeTaints:
+                description: SyncNodeTaints enables syncing node taints set in the
+                  K3OS config.yaml. K3OS by default only sets taints on nodes on first
+                  boot.
+                type: boolean
+            type: object
+          status:
+            description: K3OSConfigStatus defines the observed state of K3OSConfig.
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app: k3os-config-operator
+    app.kubernetes.io/name: k3os-config-operator
+  name: k3os-config-operator-leader-election-role
+  namespace: k3os-config-operator-system
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  creationTimestamp: null
+  labels:
+    app: k3os-config-operator
+    app.kubernetes.io/name: k3os-config-operator
+  name: k3os-config-operator-manager-role
+  namespace: k3os-config-operator-system
+rules:
+- apiGroups:
+  - config.operators.annismckenzie.github.com
+  resources:
+  - k3osconfigs
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - config.operators.annismckenzie.github.com
+  resources:
+  - k3osconfigs/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  labels:
+    app: k3os-config-operator
+    app.kubernetes.io/name: k3os-config-operator
+  name: k3os-config-operator-manager-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - get
+  - list
+  - patch
+  - update
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app: k3os-config-operator
+    app.kubernetes.io/name: k3os-config-operator
+  name: k3os-config-operator-metrics-reader
+rules:
+- nonResourceURLs:
+  - /metrics
+  verbs:
+  - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app: k3os-config-operator
+    app.kubernetes.io/name: k3os-config-operator
+  name: k3os-config-operator-proxy-role
+rules:
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app: k3os-config-operator
+    app.kubernetes.io/name: k3os-config-operator
+  name: k3os-config-operator-leader-election-rolebinding
+  namespace: k3os-config-operator-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: k3os-config-operator-leader-election-role
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: k3os-config-operator-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app: k3os-config-operator
+    app.kubernetes.io/name: k3os-config-operator
+  name: k3os-config-operator-manager-rolebinding
+  namespace: k3os-config-operator-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: k3os-config-operator-manager-role
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: k3os-config-operator-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app: k3os-config-operator
+    app.kubernetes.io/name: k3os-config-operator
+  name: k3os-config-operator-manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: k3os-config-operator-manager-role
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: k3os-config-operator-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app: k3os-config-operator
+    app.kubernetes.io/name: k3os-config-operator
+  name: k3os-config-operator-proxy-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: k3os-config-operator-proxy-role
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: k3os-config-operator-system
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: k3os-config-operator
+    app.kubernetes.io/name: k3os-config-operator
+    control-plane: controller-manager
+  name: k3os-config-operator-controller-manager-metrics-service
+  namespace: k3os-config-operator-system
+spec:
+  ports:
+  - name: https
+    port: 8443
+    targetPort: https
+  selector:
+    app: k3os-config-operator
+    app.kubernetes.io/name: k3os-config-operator
+    control-plane: controller-manager
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  labels:
+    app: k3os-config-operator
+    app.kubernetes.io/name: k3os-config-operator
+    control-plane: controller-manager
+  name: k3os-config-operator-controller-manager
+  namespace: k3os-config-operator-system
+spec:
+  selector:
+    matchLabels:
+      app: k3os-config-operator
+      app.kubernetes.io/name: k3os-config-operator
+      control-plane: controller-manager
+  template:
+    metadata:
+      labels:
+        app: k3os-config-operator
+        app.kubernetes.io/name: k3os-config-operator
+        control-plane: controller-manager
+    spec:
+      containers:
+      - args:
+        - --secure-listen-address=0.0.0.0:8443
+        - --upstream=http://127.0.0.1:8080/
+        - --logtostderr=true
+        - --v=10
+        image: quay.io/brancz/kube-rbac-proxy:v0.8.0
+        name: kube-rbac-proxy
+        ports:
+        - containerPort: 8443
+          name: https
+      - args:
+        - --metrics-addr=127.0.0.1:8080
+        - --enable-leader-election
+        command:
+        - /manager
+        env:
+        - name: NODE_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        image: ghcr.io/annismckenzie/k3os-config-operator:v0.1.0
+        name: manager
+        resources:
+          limits:
+            cpu: 100m
+            memory: 30Mi
+          requests:
+            cpu: 100m
+            memory: 20Mi
+      terminationGracePeriodSeconds: 10
diff --git a/skaffold.yaml b/skaffold.yaml
@@ -12,7 +12,6 @@ build:
 deploy:
   kustomize:
     paths:
-      - config/crd
       - config/default
 profiles:
   - name: production
