Skip to content

Commit 0c6f10a

Browse files
jimmidysonjimmidyson
committed
feat: Enable controller manager
Currently run in same process as runtime hooks server.
1 parent 6a7e398 commit 0c6f10a

File tree

24 files changed

+462
-185
lines changed

24 files changed

+462
-185
lines changed

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,3 +26,4 @@ dist/
2626

2727
*.tar.gz
2828
*.tar
29+
capd-kubeconfig

charts/capi-runtime-extensions/README.md

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -26,9 +26,11 @@ A Helm chart for capi-runtime-extensions
2626
| Key | Type | Default | Description |
2727
|-----|------|---------|-------------|
2828
| addons.provider | string | `"ClusterResourceSet"` | |
29-
| certificate.issuer.kind | string | `"Issuer"` | |
30-
| certificate.issuer.name | string | `""` | |
31-
| certificate.issuer.selfSigned | bool | `true` | |
29+
| certificates.issuer.kind | string | `"Issuer"` | |
30+
| certificates.issuer.name | string | `""` | |
31+
| certificates.issuer.selfSigned | bool | `true` | |
32+
| controllers.enableLeaderElection | bool | `false` | |
33+
| deployment.replicas | int | `1` | |
3234
| env | object | `{}` | |
3335
| image.pullPolicy | string | `"IfNotPresent"` | |
3436
| image.repository | string | `"ghcr.io/d2iq-labs/capi-runtime-extensions"` | |

charts/capi-runtime-extensions/templates/_helpers.tpl

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -38,13 +38,13 @@ app.kubernetes.io/instance: {{ .Release.Name }}
3838
Certificate issuer name
3939
*/}}
4040
{{- define "chart.issuerName" -}}
41-
{{- if .Values.certificate.issuer.selfSigned -}}
42-
{{- if .Values.certificate.issuer.name -}}
43-
{{ .Values.certificate.issuer.name }}
41+
{{- if .Values.certificates.issuer.selfSigned -}}
42+
{{- if .Values.certificates.issuer.name -}}
43+
{{ .Values.certificates.issuer.name }}
4444
{{- else -}}
4545
{{ template "chart.name" . }}-issuer
4646
{{- end -}}
4747
{{- else -}}
48-
{{ required "A valid .Values.certificates.issuer.name is required!" .Values.certificate.issuer.name }}
48+
{{ required "A valid .Values.certificates.issuer.name is required!" .Values.certificates.issuer.name }}
4949
{{- end -}}
5050
{{- end -}}

charts/capi-runtime-extensions/templates/certificate.yaml

Lines changed: 0 additions & 18 deletions
This file was deleted.

charts/capi-runtime-extensions/templates/certificates.yaml

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
# Copyright 2023 D2iQ, Inc. All rights reserved.
2+
# SPDX-License-Identifier: Apache-2.0
3+
4+
apiVersion: cert-manager.io/v1
5+
kind: Certificate
6+
metadata:
7+
name: {{ template "chart.name" . }}-runtimehooks-tls
8+
namespace: {{ .Release.Namespace }}
9+
labels:
10+
{{- include "chart.labels" . | nindent 4 }}
11+
spec:
12+
dnsNames:
13+
- {{ template "chart.name" . }}-runtimehooks.{{ .Release.Namespace }}.svc
14+
- {{ template "chart.name" . }}-runtimehooks.{{ .Release.Namespace }}.svc.cluster.local
15+
issuerRef:
16+
kind: {{ .Values.certificates.issuer.kind }}
17+
name: {{ template "chart.issuerName" . }}
18+
secretName: {{ template "chart.name" . }}-runtimehooks-tls
19+
---
20+
apiVersion: cert-manager.io/v1
21+
kind: Certificate
22+
metadata:
23+
name: {{ template "chart.name" . }}-controllers-tls
24+
namespace: {{ .Release.Namespace }}
25+
labels:
26+
{{- include "chart.labels" . | nindent 4 }}
27+
spec:
28+
dnsNames:
29+
- {{ template "chart.name" . }}-controllers.{{ .Release.Namespace }}.svc
30+
- {{ template "chart.name" . }}-controllers.{{ .Release.Namespace }}.svc.cluster.local
31+
issuerRef:
32+
kind: {{ .Values.certificates.issuer.kind }}
33+
name: {{ template "chart.issuerName" . }}
34+
secretName: {{ template "chart.name" . }}-controllers-tls

charts/capi-runtime-extensions/templates/clusterrole.yaml

Lines changed: 0 additions & 31 deletions
This file was deleted.

charts/capi-runtime-extensions/templates/clusterrolebinding.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ metadata:
1010
roleRef:
1111
apiGroup: rbac.authorization.k8s.io
1212
kind: ClusterRole
13-
name: {{ include "chart.name" . }}
13+
name: {{ include "chart.name" . }}-manager-role
1414
subjects:
1515
- kind: ServiceAccount
1616
name: {{ include "chart.name" . }}

charts/capi-runtime-extensions/templates/deployment.yaml

Lines changed: 36 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ metadata:
88
name: {{ template "chart.name" . }}
99
namespace: {{ .Release.Namespace }}
1010
spec:
11-
replicas: 1
11+
replicas: {{ .Values.deployment.replicas}}
1212
selector:
1313
matchLabels:
1414
{{- include "chart.selectorLabels" . | nindent 6 }}
@@ -35,39 +35,57 @@ spec:
3535
{{- end }}
3636
{{- end }}
3737
args:
38-
- --webhook-cert-dir=/certs/
39-
- --addon-provider={{ .Values.addons.provider }}
38+
- --controllermanager.cert-dir=/controllers-certs/
39+
- --controllermanager.leader-elect={{ if gt (.Values.deployment.replicas | int) 1 }}true{{ else }}{{ .Values.controllers.enableLeaderElection }}{{ end }}
40+
- --runtimehooks.cert-dir=/runtimehooks-certs/
41+
- --runtimehooks.addon-provider={{ .Values.addons.provider }}
4042
{{- range $key, $value := .Values.extraArgs }}
4143
- --{{ $key }}={{ $value }}
4244
{{- end }}
4345
ports:
46+
- containerPort: 8443
47+
name: controllers
48+
protocol: TCP
4449
- containerPort: 9443
45-
name: https
50+
name: runtimehooks
51+
protocol: TCP
52+
- containerPort: 8080
53+
name: metrics
54+
protocol: TCP
55+
- containerPort: 8081
56+
name: probes
4657
protocol: TCP
4758
resources:
4859
{{ with .Values.resources }}
4960
{{- toYaml . | nindent 10 }}
5061
{{- end }}
5162
volumeMounts:
52-
- mountPath: /certs
53-
name: cert
63+
- mountPath: /runtimehooks-certs
64+
name: runtimehooks-cert
5465
readOnly: true
55-
# livenessProbe:
56-
# httpGet:
57-
# port: 9443
58-
# scheme: HTTPS
59-
# path: /healthz
60-
# readinessProbe:
61-
# httpGet:
62-
# port: 9443
63-
# scheme: HTTPS
64-
# path: /readyz
66+
- mountPath: /controllers-certs
67+
name: controllers-cert
68+
readOnly: true
69+
livenessProbe:
70+
httpGet:
71+
port: probes
72+
scheme: HTTP
73+
path: /healthz
74+
readinessProbe:
75+
httpGet:
76+
port: probes
77+
scheme: HTTP
78+
path: /readyz
6579
securityContext:
6680
{{ with .Values.securityContext }}
6781
{{- toYaml . | nindent 8}}
6882
{{- end }}
6983
volumes:
70-
- name: cert
84+
- name: runtimehooks-cert
85+
secret:
86+
defaultMode: 420
87+
secretName: {{ template "chart.name" . }}-runtimehooks-tls
88+
- name: controllers-cert
7189
secret:
7290
defaultMode: 420
73-
secretName: {{ template "chart.name" . }}-tls
91+
secretName: {{ template "chart.name" . }}-controllers-tls

charts/capi-runtime-extensions/templates/extensionconfig.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,12 +5,12 @@ apiVersion: runtime.cluster.x-k8s.io/v1alpha1
55
kind: ExtensionConfig
66
metadata:
77
annotations:
8-
runtime.cluster.x-k8s.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ template "chart.name" . }}-tls
8+
runtime.cluster.x-k8s.io/inject-ca-from-secret: {{ .Release.Namespace }}/{{ template "chart.name" . }}-runtimehooks-tls
99
name: {{ template "chart.name" . }}
1010
namespace: {{ .Release.Namespace }}
1111
spec:
1212
clientConfig:
1313
service:
14-
name: {{ template "chart.name" . }}
14+
name: {{ template "chart.name" . }}-runtimehooks
1515
namespace: {{ .Release.Namespace }}
1616
port: {{ .Values.service.port }}

charts/capi-runtime-extensions/templates/issuer_selfsigned.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,9 @@
11
# Copyright 2023 D2iQ, Inc. All rights reserved.
22
# SPDX-License-Identifier: Apache-2.0
33

4-
{{- if .Values.certificate.issuer.selfSigned }}
4+
{{- if .Values.certificates.issuer.selfSigned }}
55
apiVersion: cert-manager.io/v1
6-
kind: {{ .Values.certificate.issuer.kind }}
6+
kind: {{ .Values.certificates.issuer.kind }}
77
metadata:
88
name: {{ template "chart.issuerName" . }}
99
namespace: {{ .Release.Namespace }}

charts/capi-runtime-extensions/templates/role.yaml

Lines changed: 58 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,40 @@ metadata:
55
creationTimestamp: null
66
name: capi-runtime-extensions-manager-role
77
rules:
8+
- apiGroups:
9+
- ""
10+
resources:
11+
- configmaps
12+
- namespaces
13+
- secrets
14+
verbs:
15+
- create
16+
- delete
17+
- get
18+
- list
19+
- patch
20+
- update
21+
- watch
22+
- apiGroups:
23+
- addons.cluster.x-k8s.io
24+
resources:
25+
- '*'
26+
verbs:
27+
- create
28+
- delete
29+
- get
30+
- list
31+
- patch
32+
- update
33+
- watch
34+
- apiGroups:
35+
- cluster.x-k8s.io
36+
resources:
37+
- clusters
38+
verbs:
39+
- get
40+
- list
41+
- watch
842
- apiGroups:
943
- clusteraddons.labs.d2iq.io
1044
resources:
@@ -34,3 +68,27 @@ rules:
3468
- get
3569
- patch
3670
- update
71+
- apiGroups:
72+
- helm.toolkit.fluxcd.io
73+
resources:
74+
- helmreleases
75+
verbs:
76+
- create
77+
- delete
78+
- get
79+
- list
80+
- patch
81+
- update
82+
- watch
83+
- apiGroups:
84+
- source.toolkit.fluxcd.io
85+
resources:
86+
- helmrepositories
87+
verbs:
88+
- create
89+
- delete
90+
- get
91+
- list
92+
- patch
93+
- update
94+
- watch

charts/capi-runtime-extensions/templates/service.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,15 +10,15 @@ metadata:
1010
{{- end }}
1111
labels:
1212
{{- include "chart.labels" . | nindent 4 }}
13-
name: {{ template "chart.name" . }}
13+
name: {{ template "chart.name" . }}-runtimehooks
1414
namespace: {{ .Release.Namespace }}
1515
spec:
1616
type: {{.Values.service.type}}
1717
ports:
1818
- name: https
1919
port: {{ .Values.service.port }}
2020
protocol: TCP
21-
targetPort: https
21+
targetPort: runtimehooks
2222
{{- if and .Values.service.nodePort (eq "NodePort" .Values.service.type) }}
2323
nodePort: {{ .Values.service.nodePort }}
2424
{{- end }}

charts/capi-runtime-extensions/values.schema.json

Lines changed: 18 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
}
1212
}
1313
},
14-
"certificate": {
14+
"certificates": {
1515
"type": "object",
1616
"properties": {
1717
"issuer": {
@@ -32,6 +32,23 @@
3232
}
3333
}
3434
},
35+
"controllers": {
36+
"type": "object",
37+
"properties": {
38+
"enableLeaderElection": {
39+
"type": "boolean"
40+
}
41+
}
42+
},
43+
"deployment": {
44+
"type": "object",
45+
"properties": {
46+
"replicas": {
47+
"type": "integer",
48+
"minimum": 0
49+
}
50+
}
51+
},
3552
"env": {
3653
"type": "object"
3754
},

charts/capi-runtime-extensions/values.yaml

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,15 @@
11
# Copyright 2023 D2iQ, Inc. All rights reserved.
22
# SPDX-License-Identifier: Apache-2.0
33

4+
deployment:
5+
replicas: 1
6+
47
addons:
58
provider: ClusterResourceSet
69

10+
controllers:
11+
enableLeaderElection: false
12+
713
image:
814
repository: ghcr.io/d2iq-labs/capi-runtime-extensions
915
tag: ""
@@ -13,7 +19,7 @@ image:
1319
imagePullSecrets: []
1420
#- name: Secret with Registry credentials
1521

16-
certificate:
22+
certificates:
1723
issuer:
1824
selfSigned: true
1925
name: ""

0 commit comments

Comments
 (0)