From 2a29305571b5bee7d98ce07bcc708b3a452b14ac Mon Sep 17 00:00:00 2001
From: Tejas Parikh <tejas@tejasparikh.com>
Date: Thu, 10 Dec 2020 11:29:23 -0500
Subject: [PATCH] Added Kustomize for controller, sidecar & CRDs

Signed-off-by: Tejas Parikh <tejas@tejasparikh.com>
---
 deploy/base/deployment.yaml | 24 +++++++++++
 deploy/base/ns.yaml         |  5 +++
 deploy/base/rbac.yaml       | 55 +++++++++++++++++++++++++
 deploy/base/sa.yaml         |  6 +++
 kustomization.yaml          | 81 +++++++++++++++++++++++++++++++++++++
 5 files changed, 171 insertions(+)
 create mode 100644 deploy/base/deployment.yaml
 create mode 100644 deploy/base/ns.yaml
 create mode 100644 deploy/base/rbac.yaml
 create mode 100644 deploy/base/sa.yaml
 create mode 100644 kustomization.yaml

diff --git a/deploy/base/deployment.yaml b/deploy/base/deployment.yaml
new file mode 100644
index 0000000..c33295b
--- /dev/null
+++ b/deploy/base/deployment.yaml
@@ -0,0 +1,24 @@
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: objectstorage-controller
+  namespace: objectstorage-system
+spec:
+  replicas: 1
+  strategy:
+    rollingUpdate:
+      maxUnavailable: 0
+      maxSurge: 1
+  selector:
+    matchLabels:
+      app: objectstorage-controller
+  template:
+    metadata:
+      labels:
+        app: objectstorage-controller
+    spec:
+      serviceAccountName: objectstorage-controller-sa
+      containers:
+        - name: objectstorage-controller
+          image: quay.io/containerobjectstorage/objectstorage-controller:latest
diff --git a/deploy/base/ns.yaml b/deploy/base/ns.yaml
new file mode 100644
index 0000000..c31ae9c
--- /dev/null
+++ b/deploy/base/ns.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: objectstorage-system
diff --git a/deploy/base/rbac.yaml b/deploy/base/rbac.yaml
new file mode 100644
index 0000000..1051b69
--- /dev/null
+++ b/deploy/base/rbac.yaml
@@ -0,0 +1,55 @@
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: objectstorage-controller-role
+rules:
+- apiGroups: ["objectstorage.k8s.io"]
+  resources: ["bucketrequests", "bucketaccessrequests"]
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["objectstorage.k8s.io"]
+  resources: ["buckets", "bucketaccess"]
+  verbs: ["get", "list", "watch", "update", "create", "delete"]
+- apiGroups: ["objectstorage.k8s.io"]
+  resources: ["bucketclass","bucketaccessclass"]
+  verbs: ["get", "list"]
+- apiGroups: [""]
+  resources: ["events"]
+  verbs: ["list", "watch", "create", "update", "patch"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: system:objectstorage-controller
+subjects:
+  - kind: ServiceAccount
+    name: objectstorage-controller-sa
+    namespace: objectstorage-system
+roleRef:
+  kind: ClusterRole
+  name: objectstorage-controller-role
+  apiGroup: rbac.authorization.k8s.io
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: objectstorage-controller
+  namespace: objectstorage-system
+rules:
+- apiGroups: ["coordination.k8s.io"]
+  resources: ["leases"]
+  verbs: ["get", "watch", "list", "delete", "update", "create"]
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: objectstorage-controller
+  namespace: objectstorage-system
+subjects:
+  - kind: ServiceAccount
+    name: objectstorage-controller-sa
+    namespace: objectstorage-system
+roleRef:
+  kind: Role
+  name: objectstorage-controller
+  apiGroup: rbac.authorization.k8s.io
diff --git a/deploy/base/sa.yaml b/deploy/base/sa.yaml
new file mode 100644
index 0000000..802dbb8
--- /dev/null
+++ b/deploy/base/sa.yaml
@@ -0,0 +1,6 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: objectstorage-controller-sa
+  namespace: objectstorage-system
diff --git a/kustomization.yaml b/kustomization.yaml
new file mode 100644
index 0000000..0d2ba6d
--- /dev/null
+++ b/kustomization.yaml
@@ -0,0 +1,81 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+images:
+# Controller
+- name: objectstorage-controller
+  newName: quay.io/containerobjectstorage/objectstorage-controller
+  newTag: latest
+# Sidecar
+- name: object-storage-sidecar
+  newName: quay.io/containerobjectstorage/object-storage-sidecar
+  newTag: latest
+# Sample Driver
+- name: sample-driver
+  newName: quay.io/containerobjectstorage/sample-driver
+  newTag: latest
+
+resources:
+# CRDs
+- https://raw.githubusercontent.com/kubernetes-sigs/container-object-storage-interface-api/master/crds/objectstorage.k8s.io_bucketaccessclasses.yaml
+- https://raw.githubusercontent.com/kubernetes-sigs/container-object-storage-interface-api/master/crds/objectstorage.k8s.io_bucketaccesses.yaml
+- https://raw.githubusercontent.com/kubernetes-sigs/container-object-storage-interface-api/master/crds/objectstorage.k8s.io_bucketaccessrequests.yaml
+- https://raw.githubusercontent.com/kubernetes-sigs/container-object-storage-interface-api/master/crds/objectstorage.k8s.io_bucketclasses.yaml
+- https://raw.githubusercontent.com/kubernetes-sigs/container-object-storage-interface-api/master/crds/objectstorage.k8s.io_bucketrequests.yaml
+- https://raw.githubusercontent.com/kubernetes-sigs/container-object-storage-interface-api/master/crds/objectstorage.k8s.io_buckets.yaml
+# Controller
+- deploy/base/ns.yaml
+- deploy/base/sa.yaml
+- deploy/base/rbac.yaml
+- deploy/base/deployment.yaml
+# Sidecar
+- https://raw.githubusercontent.com/container-object-storage-interface/cosi-provisioner-sidecar/master/examples/object-storage-sidecar.yaml
+
+patches:
+# CRDs
+- target:
+    kind: CustomResourceDefinition
+  patch: |-
+    - op: add
+      path: /metadata/annotations
+      value:
+        controller-gen.kubebuilder.io/version: (devel)
+        api-approved.kubernetes.io: https://github.com/kubernetes-sigs/container-object-storage-interface-api/pull/2
+# Controller
+- target:
+    kind: Deployment
+    name: objectstorage-controller
+  patch: |-
+    - op: replace
+      path: /spec/template/spec/containers/0/imagePullPolicy
+      value: IfNotPresent
+# Sidecar
+- target:
+    kind: Deployment
+    name: object-storage-provisioner
+  patch: |-
+    - op: replace
+      path: /spec/template/spec/containers/0/imagePullPolicy
+      value: IfNotPresent
+    - op: replace
+      path: /spec/template/spec/containers/1/imagePullPolicy
+      value: IfNotPresent
+    - op: replace
+      path: /metadata
+      value:
+        name: object-storage-provisioner
+        labels:
+          app: object-storage-provisioner
+        namespace: objectstorage-provisioner-ns
+- target:
+    kind: Secret
+    name: object-storage-provisioner
+  patch: |-
+    - op: replace
+      path: /metadata
+      value:
+        name: object-storage-provisioner
+        labels:
+          app: object-storage-provisioner
+        namespace: objectstorage-provisioner-ns