From ce1eee4c3282aa79b1b9e81a7d20fdcc7e36354a Mon Sep 17 00:00:00 2001 From: Jimmi Dyson Date: Tue, 5 Sep 2023 16:56:55 +0100 Subject: [PATCH] refactor: Use controller manager to start runtime hooks server This allows us to more easily use a caching client (less overhead on API server) and simplifies startup/shutdown. This commit also removes the ability to configure what hooks are enabled as they are all opt-in in various ways (e.g. adding patches to cluster, labels for CNI, etc) so this felt redundant and again simplifies things, --- charts/capi-runtime-extensions/README.md | 18 +-- .../calico/manifests/docker/installation.yaml | 10 +- .../manifests/tigera-operator-configmap.yaml | 2 +- .../templates/deployment.yaml | 8 +- .../templates/role.yaml | 8 ++ charts/capi-runtime-extensions/values.yaml | 18 +-- cmd/capi-runtime-extensions/main.go | 112 +++++++++++------- common/pkg/server/server.go | 57 ++++----- docs/content/audit-policy.md | 5 - docs/content/calico-cni.md | 5 - docs/content/extra-apiserver-cert-sans.md | 6 - docs/content/http-proxy.md | 6 - docs/content/service-loadbalancer-gc.md | 5 - go.mod | 2 +- hack/addons/update-calico-manifests.sh | 2 +- .../controllermanager/controllermanager.go | 86 -------------- make/dev.mk | 1 - make/kind.mk | 6 +- pkg/handlers/httpproxy/doc.go | 5 + pkg/handlers/httpproxy/inject.go | 2 - pkg/handlers/servicelbgc/doc.go | 5 + 21 files changed, 125 insertions(+), 244 deletions(-) delete mode 100644 internal/controllermanager/controllermanager.go create mode 100644 pkg/handlers/httpproxy/doc.go create mode 100644 pkg/handlers/servicelbgc/doc.go diff --git a/charts/capi-runtime-extensions/README.md b/charts/capi-runtime-extensions/README.md index cd4f1368a..1cb2b09c8 100644 --- a/charts/capi-runtime-extensions/README.md +++ b/charts/capi-runtime-extensions/README.md @@ -28,21 +28,13 @@ A Helm chart for capi-runtime-extensions | certificates.issuer.kind | string | `"Issuer"` | | | certificates.issuer.name | string | `""` | | | certificates.issuer.selfSigned | bool | `true` | | -| controllers.enableLeaderElection | bool | `false` | | | deployment.replicas | int | `1` | | | env | object | `{}` | | -| handlers.AuditPolicyPatch.enabled | bool | `true` | | -| handlers.CalicoCNI.defaultInstallationConfigMaps.DockerCluster.configMap.content | string | `""` | | -| handlers.CalicoCNI.defaultInstallationConfigMaps.DockerCluster.configMap.name | string | `"calico-cni-installation-dockercluster"` | | -| handlers.CalicoCNI.defaultInstallationConfigMaps.DockerCluster.create | bool | `true` | | -| handlers.CalicoCNI.defaultPodSubnet | string | `"192.168.0.0/16"` | | -| handlers.CalicoCNI.defaultTigeraOperatorConfigMap.name | string | `"tigera-operator"` | | -| handlers.CalicoCNI.enabled | bool | `true` | | -| handlers.ExtraAPIServerCertSANsPatch.enabled | bool | `true` | | -| handlers.ExtraAPIServerCertSANsVars.enabled | bool | `true` | | -| handlers.HTTPProxyPatch.enabled | bool | `true` | | -| handlers.HTTPProxyVars.enabled | bool | `true` | | -| handlers.ServiceLoadBalancerGC.enabled | bool | `true` | | +| hooks.CalicoCNI.defaultInstallationConfigMaps.DockerCluster.configMap.content | string | `""` | | +| hooks.CalicoCNI.defaultInstallationConfigMaps.DockerCluster.configMap.name | string | `"calico-cni-installation-dockercluster"` | | +| hooks.CalicoCNI.defaultInstallationConfigMaps.DockerCluster.create | bool | `true` | | +| hooks.CalicoCNI.defaultPodSubnet | string | `"192.168.0.0/16"` | | +| hooks.CalicoCNI.defaultTigeraOperatorConfigMap.name | string | `"tigera-operator"` | | | image.pullPolicy | string | `"IfNotPresent"` | | | image.repository | string | `"ghcr.io/d2iq-labs/capi-runtime-extensions"` | | | image.tag | string | `""` | | diff --git a/charts/capi-runtime-extensions/templates/cni/calico/manifests/docker/installation.yaml b/charts/capi-runtime-extensions/templates/cni/calico/manifests/docker/installation.yaml index 96ed07d4f..f7d2a8e2f 100644 --- a/charts/capi-runtime-extensions/templates/cni/calico/manifests/docker/installation.yaml +++ b/charts/capi-runtime-extensions/templates/cni/calico/manifests/docker/installation.yaml @@ -1,15 +1,15 @@ # Copyright 2023 D2iQ, Inc. All rights reserved. # SPDX-License-Identifier: Apache-2.0 -{{- if and .Values.handlers.CalicoCNI.enabled .Values.handlers.CalicoCNI.defaultInstallationConfigMaps.DockerCluster.create }} +{{- if .Values.hooks.CalicoCNI.defaultInstallationConfigMaps.DockerCluster.create }} apiVersion: v1 kind: ConfigMap metadata: - name: '{{ .Values.handlers.CalicoCNI.defaultInstallationConfigMaps.DockerCluster.configMap.name }}' + name: '{{ .Values.hooks.CalicoCNI.defaultInstallationConfigMaps.DockerCluster.configMap.name }}' data: calico-installation: | -{{- if .Values.handlers.CalicoCNI.defaultInstallationConfigMaps.DockerCluster.configMap.content -}} - {{ .Values.handlers.CalicoCNI.defaultInstallationConfigMaps.DockerCluster.configMap.content | nindent 4}} +{{- if .Values.hooks.CalicoCNI.defaultInstallationConfigMaps.DockerCluster.configMap.content -}} + {{ .Values.hooks.CalicoCNI.defaultInstallationConfigMaps.DockerCluster.configMap.content | nindent 4}} {{- else -}} # This section includes base Calico installation configuration. # For more information, see: https://docs.projectcalico.org/reference/installation/api @@ -25,7 +25,7 @@ data: # Note: The ipPools section cannot be modified post-install. ipPools: - blockSize: 26 - cidr: {{ .Values.handlers.CalicoCNI.defaultPodSubnet }} + cidr: {{ .Values.hooks.CalicoCNI.defaultPodSubnet }} encapsulation: VXLANCrossSubnet natOutgoing: Enabled nodeSelector: all() diff --git a/charts/capi-runtime-extensions/templates/cni/calico/manifests/tigera-operator-configmap.yaml b/charts/capi-runtime-extensions/templates/cni/calico/manifests/tigera-operator-configmap.yaml index 735c440a7..dcea21eb1 100644 --- a/charts/capi-runtime-extensions/templates/cni/calico/manifests/tigera-operator-configmap.yaml +++ b/charts/capi-runtime-extensions/templates/cni/calico/manifests/tigera-operator-configmap.yaml @@ -8,4 +8,4 @@ data: kind: ConfigMap metadata: creationTimestamp: null - name: '{{ .Values.handlers.CalicoCNI.defaultTigeraOperatorConfigMap.name }}' + name: '{{ .Values.hooks.CalicoCNI.defaultTigeraOperatorConfigMap.name }}' diff --git a/charts/capi-runtime-extensions/templates/deployment.yaml b/charts/capi-runtime-extensions/templates/deployment.yaml index 43d1c751f..db1a7bdaa 100644 --- a/charts/capi-runtime-extensions/templates/deployment.yaml +++ b/charts/capi-runtime-extensions/templates/deployment.yaml @@ -28,12 +28,8 @@ spec: image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default $.Chart.AppVersion }}" imagePullPolicy: "{{ .Values.image.pullPolicy }}" args: - - --controllermanager.leader-elect={{ if gt (.Values.deployment.replicas | int) 1 }}true{{ else }}{{ .Values.controllers.enableLeaderElection }}{{ end }} - - --runtimehooks.cert-dir=/runtimehooks-certs/ - {{- range $key, $value := .Values.handlers }}{{ if $value.enabled }} - - --runtimehooks.enabled-handlers={{ $key }} - {{ end }}{{- end }} - - --runtimehooks.calicocni.defaultsNamespace=$(POD_NAMESPACE) + - --webhook-cert-dir=/runtimehooks-certs/ + - --calicocni.defaultsNamespace=$(POD_NAMESPACE) {{- range $key, $value := .Values.extraArgs }} - --{{ $key }}={{ $value }} {{- end }} diff --git a/charts/capi-runtime-extensions/templates/role.yaml b/charts/capi-runtime-extensions/templates/role.yaml index ba9a58a75..5aa332ffb 100644 --- a/charts/capi-runtime-extensions/templates/role.yaml +++ b/charts/capi-runtime-extensions/templates/role.yaml @@ -18,6 +18,14 @@ rules: - patch - update - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch - apiGroups: - addons.cluster.x-k8s.io resources: diff --git a/charts/capi-runtime-extensions/values.yaml b/charts/capi-runtime-extensions/values.yaml index d0b45fecc..c5ec62c65 100644 --- a/charts/capi-runtime-extensions/values.yaml +++ b/charts/capi-runtime-extensions/values.yaml @@ -1,9 +1,8 @@ # Copyright 2023 D2iQ, Inc. All rights reserved. # SPDX-License-Identifier: Apache-2.0 -handlers: +hooks: CalicoCNI: - enabled: true defaultPodSubnet: 192.168.0.0/16 defaultTigeraOperatorConfigMap: name: tigera-operator @@ -13,25 +12,10 @@ handlers: configMap: name: calico-cni-installation-dockercluster content: "" - ServiceLoadBalancerGC: - enabled: true - HTTPProxyVars: - enabled: true - HTTPProxyPatch: - enabled: true - AuditPolicyPatch: - enabled: true - ExtraAPIServerCertSANsVars: - enabled: true - ExtraAPIServerCertSANsPatch: - enabled: true deployment: replicas: 1 -controllers: - enableLeaderElection: false - image: repository: ghcr.io/d2iq-labs/capi-runtime-extensions tag: "" diff --git a/cmd/capi-runtime-extensions/main.go b/cmd/capi-runtime-extensions/main.go index b88f516b3..115e09db2 100644 --- a/cmd/capi-runtime-extensions/main.go +++ b/cmd/capi-runtime-extensions/main.go @@ -5,12 +5,12 @@ package main import ( "flag" + "fmt" "net/http" "os" "time" "github.com/spf13/pflag" - "golang.org/x/sync/errgroup" "k8s.io/apimachinery/pkg/runtime" utilruntime "k8s.io/apimachinery/pkg/util/runtime" clientgoscheme "k8s.io/client-go/kubernetes/scheme" @@ -22,10 +22,11 @@ import ( capiv1 "sigs.k8s.io/cluster-api/api/v1beta1" crsv1 "sigs.k8s.io/cluster-api/exp/addons/api/v1beta1" ctrl "sigs.k8s.io/controller-runtime" - ctrclient "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/healthz" + "sigs.k8s.io/controller-runtime/pkg/manager" + metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" "github.com/d2iq-labs/capi-runtime-extensions/common/pkg/server" - "github.com/d2iq-labs/capi-runtime-extensions/internal/controllermanager" "github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/cni/calico" "github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/extraapiservercertsans" "github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/httpproxy" @@ -53,42 +54,42 @@ func main() { // Creates a logger to be used during the main func. setupLog := ctrl.Log.WithName("main") - controllers := controllermanager.New() - scheme := runtime.NewScheme() utilruntime.Must(clientgoscheme.AddToScheme(scheme)) utilruntime.Must(crsv1.AddToScheme(scheme)) utilruntime.Must(capiv1.AddToScheme(scheme)) - // Gets a client to access the Kubernetes cluster where this RuntimeExtension will be deployed to - restConfig, err := ctrl.GetConfig() - if err != nil { - setupLog.Error(err, "error getting config for the cluster") - os.Exit(1) + mgrOptions := &ctrl.Options{ + Scheme: scheme, + Metrics: metricsserver.Options{ + BindAddress: ":8080", + }, + HealthProbeBindAddress: ":8081", + LeaderElection: false, } - client, err := ctrclient.New(restConfig, ctrclient.Options{Scheme: scheme}) - if err != nil { - setupLog.Error(err, "error creating client to the cluster") - os.Exit(1) - } + pflag.CommandLine.StringVar( + &mgrOptions.Metrics.BindAddress, + "metrics-bind-address", + mgrOptions.Metrics.BindAddress, + "The address the metric endpoint binds to.", + ) + + pflag.CommandLine.StringVar( + &mgrOptions.HealthProbeBindAddress, + "health-probe-bind-address", + mgrOptions.HealthProbeBindAddress, + "The address the probe endpoint binds to.", + ) calicoCNIConfig := &calico.CalicoCNIConfig{} - runtimeWebhookServer := server.NewServer( - servicelbgc.New(client), - calico.New(client, calicoCNIConfig), - httpproxy.NewVariable(), - httpproxy.NewPatch(client), - extraapiservercertsans.NewVariable(), - extraapiservercertsans.NewPatch(), - ) + runtimeWebhookServerOpts := server.NewServerOptions() // Initialize and parse command line flags. initFlags(pflag.CommandLine) - runtimeWebhookServer.AddFlags("runtimehooks", pflag.CommandLine) - controllers.AddFlags("controllermanager", pflag.CommandLine) - calicoCNIConfig.AddFlags("runtimehooks.calicocni", pflag.CommandLine) + runtimeWebhookServerOpts.AddFlags(pflag.CommandLine) + calicoCNIConfig.AddFlags("calicocni", pflag.CommandLine) pflag.CommandLine.SetNormalizeFunc(cliflag.WordSepNormalizeFunc) pflag.CommandLine.AddGoFlagSet(flag.CommandLine) pflag.Parse() @@ -120,26 +121,45 @@ func main() { } signalCtx := ctrl.SetupSignalHandler() - g, ctx := errgroup.WithContext(signalCtx) - - g.Go(func() error { - err := runtimeWebhookServer.Start(ctx) - if err != nil { - setupLog.Error(err, "unable to start runtime hooks wehook server") - } - return err - }) - - g.Go(func() error { - err := controllers.Start(ctx) - if err != nil { - setupLog.Error(err, "unable to start controller manager") - } - return err - }) - - if err := g.Wait(); err != nil { - setupLog.Error(err, "failed to run successfully") + + mgr, err := newManager(mgrOptions) + if err != nil { + setupLog.Error(err, "failed to create a new controller manager") os.Exit(1) } + + runtimeWebhookServer := server.NewServer( + runtimeWebhookServerOpts, + servicelbgc.New(mgr.GetClient()), + calico.New(mgr.GetClient(), calicoCNIConfig), + httpproxy.NewVariable(), + httpproxy.NewPatch(mgr.GetClient()), + extraapiservercertsans.NewVariable(), + extraapiservercertsans.NewPatch(), + ) + if err := mgr.Add(runtimeWebhookServer); err != nil { + setupLog.Error(err, "unable to add runtime webhook server runnable to controller manager") + os.Exit(1) + } + + if err := mgr.Start(signalCtx); err != nil { + setupLog.Error(err, "unable to start controller manager") + os.Exit(1) + } +} + +func newManager(opts *manager.Options) (ctrl.Manager, error) { + mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), *opts) + if err != nil { + return nil, fmt.Errorf("unable to create manager: %w", err) + } + + if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil { + return nil, fmt.Errorf("unable to set up health check: %w", err) + } + if err := mgr.AddReadyzCheck("readyz", healthz.Ping); err != nil { + return nil, fmt.Errorf("unable to set up ready check: %w", err) + } + + return mgr, nil } diff --git a/common/pkg/server/server.go b/common/pkg/server/server.go index 2169248dd..fad4378d2 100644 --- a/common/pkg/server/server.go +++ b/common/pkg/server/server.go @@ -5,7 +5,6 @@ package server import ( "context" - "slices" "strings" "github.com/spf13/pflag" @@ -20,51 +19,43 @@ import ( ) type Server struct { - allExtensionHandlers []handlers.Named - - webhookPort int - webhookCertDir string - catalog *runtimecatalog.Catalog + hooks []handlers.Named - enabledHandlers []string + opts *ServerOptions } -func NewServer(extensionHandlers ...handlers.Named) *Server { +func NewServer(opts *ServerOptions, hooks ...handlers.Named) *Server { // catalog contains all information about RuntimeHooks. catalog := runtimecatalog.New() _ = runtimehooksv1.AddToCatalog(catalog) return &Server{ - allExtensionHandlers: extensionHandlers, - catalog: catalog, - webhookPort: 9443, - webhookCertDir: "/runtimehooks-certs/", + catalog: catalog, + opts: opts, + hooks: hooks, } } -func (s *Server) AddFlags(prefix string, fs *pflag.FlagSet) { - fs.IntVar(&s.webhookPort, prefix+".port", s.webhookPort, "Webhook Server port") +type ServerOptions struct { + webhookPort int + webhookCertDir string +} + +func NewServerOptions() *ServerOptions { + return &ServerOptions{} +} + +func (s *ServerOptions) AddFlags(fs *pflag.FlagSet) { + fs.IntVar(&s.webhookPort, "webhook-port", s.webhookPort, "Webhook Server port") fs.StringVar( &s.webhookCertDir, - prefix+".cert-dir", + "webhook-cert-dir", s.webhookCertDir, "Runtime hooks server cert dir.", ) - - handlerNames := make([]string, 0, len(s.allExtensionHandlers)) - for _, h := range s.allExtensionHandlers { - handlerNames = append(handlerNames, h.Name()) - } - - fs.StringSliceVar( - &s.enabledHandlers, - prefix+".enabled-handlers", - handlerNames, - "list of all enabled handlers", - ) } func (s *Server) Start(ctx context.Context) error { @@ -74,20 +65,16 @@ func (s *Server) Start(ctx context.Context) error { // Create a http server for serving runtime extensions webhookServer, err := server.New(server.Options{ Catalog: s.catalog, - Port: s.webhookPort, - CertDir: s.webhookCertDir, + Port: s.opts.webhookPort, + CertDir: s.opts.webhookCertDir, }) if err != nil { setupLog.Error(err, "error creating webhook server") return err } - for idx := range s.allExtensionHandlers { - h := s.allExtensionHandlers[idx] - - if !slices.Contains(s.enabledHandlers, h.Name()) { - continue - } + for idx := range s.hooks { + h := s.hooks[idx] if t, ok := h.(lifecycle.BeforeClusterCreate); ok { if err := webhookServer.AddExtensionHandler(server.ExtensionHandler{ diff --git a/docs/content/audit-policy.md b/docs/content/audit-policy.md index 4a6d32f4b..15966ae14 100644 --- a/docs/content/audit-policy.md +++ b/docs/content/audit-policy.md @@ -22,8 +22,3 @@ spec: ``` Applying this configuration will result in new bootstrap files on the `KubeadmControlPlaneTemplate`. - -This hook is enabled by default, and can be explicitly disabled by omitting the `AuditPolicyPatch` hook from the -`--runtimehooks.enabled-handlers` flag. - -If deploying via Helm, then this can be disabled by setting `handlers.AuditPolicyPatch.enabled=false`. diff --git a/docs/content/calico-cni.md b/docs/content/calico-cni.md index ef31b171a..b30ca0a30 100644 --- a/docs/content/calico-cni.md +++ b/docs/content/calico-cni.md @@ -11,11 +11,6 @@ to perform any actions. The hook creates two `ClusterResourceSets`: one to deplo Calico via the Tigera `Installation` CRD. The Tigera Operator CRS is shared between all clusters in the operator, whereas the Calico installation CRS is unique per cluster. -This hook is enabled by default, and can be explicitly disabled by omitting the `CalicoCNI` hook from the -`--runtimehooks.enabled-handlers` flag. - -If deploying via Helm, then this can be disabled by setting `handlers.CalicoCNI.enabled=false`. - As ClusterResourceSets must exist in the same name as the cluster they apply to, the lifecycle hook copies default ConfigMaps from the same namespace as the CAPI runtime extensions hook pod is running in. This enables users to configure defaults specific for their environment rather than compiling the defaults into the binary. diff --git a/docs/content/extra-apiserver-cert-sans.md b/docs/content/extra-apiserver-cert-sans.md index 5dc9c76dc..6d1079190 100644 --- a/docs/content/extra-apiserver-cert-sans.md +++ b/docs/content/extra-apiserver-cert-sans.md @@ -39,9 +39,3 @@ spec: Applying this configuration will result in the certificate SANs being correctly set in the `KubeadmControlPlaneTemplate`. - -This hook is enabled by default, and can be explicitly disabled by omitting the `ExtraAPIServerCertSANsVars` -and `ExtraAPIServerCertSANsPatch` hook from the `--runtimehooks.enabled-handlers` flag. - -If deploying via Helm, then this can be disabled by setting `handlers.ExtraAPIServerCertSANsVars.enabled=false` and -`handlers.ExtraAPIServerCertSANsPatch.enabled=false`. diff --git a/docs/content/http-proxy.md b/docs/content/http-proxy.md index 5af21e0da..3418284d0 100644 --- a/docs/content/http-proxy.md +++ b/docs/content/http-proxy.md @@ -45,9 +45,3 @@ The `additionalNo` list will be added to default pre-calculated values that appl Applying this configuration will result in new bootstrap files on the `KubeadmControlPlaneTemplate` and `KubeadmConfigTemplate`. - -This hook is enabled by default, and can be explicitly disabled by omitting the `HTTPProxyVars` -and `HTTPProxyPatch` hook from the `--runtimehooks.enabled-handlers` flag. - -If deploying via Helm, then this can be disabled by setting `handlers.HTTProxyVars.enabled=false` and -`handlers.HTTPProxyPatch.enabled=false`. diff --git a/docs/content/service-loadbalancer-gc.md b/docs/content/service-loadbalancer-gc.md index ee6ae7a7b..019ad97dd 100644 --- a/docs/content/service-loadbalancer-gc.md +++ b/docs/content/service-loadbalancer-gc.md @@ -10,10 +10,5 @@ and thus triggering the cloud provider interface to clean up the external resour load-balancer services have been fully deleted, indicating that the cloud provider interface has cleaned up the external resources. -This hook is enabled by default, and can be explicitly disabled by omitting the `ServiceLoadBalancerGC` hook from the -`--runtimehooks.enabled-handlers` flag. - -If deploying via Helm, then this can be disabled by setting `handlers.ServiceLoadBalancerGC.enabled=false`. - By default, all clusters will be cleaned up when deleting, but this can be opted out from by setting the annotation `capiext.labs.d2iq.io/loadbalancer-gc=false`. diff --git a/go.mod b/go.mod index 37b204fc7..6f99e3193 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,6 @@ require ( github.com/onsi/gomega v1.27.10 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.8.4 - golang.org/x/sync v0.3.0 k8s.io/api v0.28.1 k8s.io/apiextensions-apiserver v0.28.1 k8s.io/apimachinery v0.28.1 @@ -75,6 +74,7 @@ require ( golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect golang.org/x/net v0.13.0 // indirect golang.org/x/oauth2 v0.10.0 // indirect + golang.org/x/sync v0.3.0 // indirect golang.org/x/sys v0.11.0 // indirect golang.org/x/term v0.10.0 // indirect golang.org/x/text v0.11.0 // indirect diff --git a/hack/addons/update-calico-manifests.sh b/hack/addons/update-calico-manifests.sh index 0f4f67384..89c0dfd2a 100755 --- a/hack/addons/update-calico-manifests.sh +++ b/hack/addons/update-calico-manifests.sh @@ -49,6 +49,6 @@ gojq --yaml-input \ <"${CALICO_CNI_ASSETS_DIR}/kustomized.yaml" \ >"${CALICO_CNI_ASSETS_DIR}/tigera-operator.json" -kubectl create configmap "{{ .Values.handlers.CalicoCNI.defaultTigeraOperatorConfigMap.name }}" --dry-run=client --output yaml \ +kubectl create configmap "{{ .Values.hooks.CalicoCNI.defaultTigeraOperatorConfigMap.name }}" --dry-run=client --output yaml \ --from-file "${CALICO_CNI_ASSETS_DIR}/tigera-operator.json" \ >"${GIT_REPO_ROOT}/charts/capi-runtime-extensions/templates/cni/calico/manifests/tigera-operator-configmap.yaml" diff --git a/internal/controllermanager/controllermanager.go b/internal/controllermanager/controllermanager.go deleted file mode 100644 index 7d4bf6adb..000000000 --- a/internal/controllermanager/controllermanager.go +++ /dev/null @@ -1,86 +0,0 @@ -// Copyright 2023 D2iQ, Inc. All rights reserved. -// SPDX-License-Identifier: Apache-2.0 - -package controllermanager - -import ( - "context" - - "github.com/spf13/pflag" - "k8s.io/apimachinery/pkg/runtime" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" - clientgoscheme "k8s.io/client-go/kubernetes/scheme" - capiv1beta1 "sigs.k8s.io/cluster-api/api/v1beta1" - ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/healthz" - "sigs.k8s.io/controller-runtime/pkg/metrics/server" - - capiextv1alpha1 "github.com/d2iq-labs/capi-runtime-extensions/api/v1alpha1" -) - -type Manager struct { - metricsAddr string - enableLeaderElection bool - probeAddr string -} - -func New() *Manager { - return &Manager{ - metricsAddr: ":8080", - probeAddr: ":8081", - enableLeaderElection: false, - } -} - -func (m *Manager) AddFlags(prefix string, fs *pflag.FlagSet) { - fs.StringVar(&m.metricsAddr, prefix+".metrics-bind-address", m.metricsAddr, - "The address the metric endpoint binds to.") - - fs.StringVar(&m.probeAddr, prefix+".health-probe-bind-address", m.probeAddr, - "The address the probe endpoint binds to.") - - fs.BoolVar(&m.enableLeaderElection, prefix+".leader-elect", m.enableLeaderElection, - "Enable leader election for controller manager. "+ - "Enabling this will ensure there is only one active controller manager.") -} - -func (m *Manager) Start(ctx context.Context) error { - scheme := runtime.NewScheme() - utilruntime.Must(clientgoscheme.AddToScheme(scheme)) - utilruntime.Must(capiextv1alpha1.AddToScheme(scheme)) - utilruntime.Must(capiv1beta1.AddToScheme(scheme)) - - setupLog := ctrl.Log.WithName("controllers") - - mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ - Scheme: scheme, - Metrics: server.Options{ - BindAddress: m.metricsAddr, - }, - HealthProbeBindAddress: m.probeAddr, - LeaderElection: m.enableLeaderElection, - LeaderElectionID: capiextv1alpha1.GroupVersion.Group, - LeaderElectionReleaseOnCancel: true, - }) - if err != nil { - setupLog.Error(err, "unable to create manager") - return err - } - - if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil { - setupLog.Error(err, "unable to set up health check") - return err - } - if err := mgr.AddReadyzCheck("readyz", healthz.Ping); err != nil { - setupLog.Error(err, "unable to set up ready check") - return err - } - - setupLog.Info("starting manager") - if err := mgr.Start(ctx); err != nil { - setupLog.Error(err, "problem running manager") - return err - } - - return nil -} diff --git a/make/dev.mk b/make/dev.mk index 7d66c8459..a9f0b0271 100644 --- a/make/dev.mk +++ b/make/dev.mk @@ -13,7 +13,6 @@ endif $$(gojq -r '.[] | select(.type=="Docker Image") | select(.goarch=="$(GOARCH)") | .name' dist/artifacts.json) helm upgrade --install capi-runtime-extensions ./charts/capi-runtime-extensions \ --set-string image.tag=$$(gojq -r .version dist/metadata.json) \ - --set-string addons.provider=$(ADDONS_PROVIDER) \ --wait --wait-for-jobs kubectl rollout restart deployment capi-runtime-extensions kubectl rollout status deployment capi-runtime-extensions diff --git a/make/kind.mk b/make/kind.mk index 826eafcf2..3c82a8963 100644 --- a/make/kind.mk +++ b/make/kind.mk @@ -7,10 +7,10 @@ KIND_CLUSTER_NAME ?= $(GITHUB_REPOSITORY)-dev KIND_KUBECONFIG ?= $(KIND_DIR)/$(KIND_CLUSTER_NAME)/kubeconfig KINDEST_NODE_IMAGE ?= ghcr.io/mesosphere/kind-node -KINDEST_NODE_VERSION_v1.24 ?= v1.24.16 -KINDEST_NODE_VERSION_v1.25 ?= v1.25.12 -KINDEST_NODE_VERSION_v1.26 ?= v1.26.7 +KINDEST_NODE_VERSION_v1.25 ?= v1.25.13 +KINDEST_NODE_VERSION_v1.26 ?= v1.26.8 KINDEST_NODE_VERSION_v1.27 ?= v1.27.5 +KINDEST_NODE_VERSION_v1.28 ?= v1.28.1 # Allow easy override of Kubernetes version to use via `make KIND_KUBERNETES_VERSION=v1.23` to use in CI KIND_KUBERNETES_VERSION ?= v1.27 ifndef KINDEST_NODE_VERSION_$(KIND_KUBERNETES_VERSION) diff --git a/pkg/handlers/httpproxy/doc.go b/pkg/handlers/httpproxy/doc.go new file mode 100644 index 000000000..e30e7656a --- /dev/null +++ b/pkg/handlers/httpproxy/doc.go @@ -0,0 +1,5 @@ +// Copyright 2023 D2iQ, Inc. All rights reserved. +// SPDX-License-Identifier: Apache-2.0 + +// +kubebuilder:rbac:groups=cluster.x-k8s.io,resources=clusters,verbs=watch;list;get +package httpproxy diff --git a/pkg/handlers/httpproxy/inject.go b/pkg/handlers/httpproxy/inject.go index d360ee28f..5a85b3564 100644 --- a/pkg/handlers/httpproxy/inject.go +++ b/pkg/handlers/httpproxy/inject.go @@ -1,8 +1,6 @@ // Copyright 2023 D2iQ, Inc. All rights reserved. // SPDX-License-Identifier: Apache-2.0 -// +kubebuilder:rbac:groups=cluster.x-k8s.io,resources=clusters,verbs=watch;list;get - package httpproxy import ( diff --git a/pkg/handlers/servicelbgc/doc.go b/pkg/handlers/servicelbgc/doc.go new file mode 100644 index 000000000..b8dd6bdb8 --- /dev/null +++ b/pkg/handlers/servicelbgc/doc.go @@ -0,0 +1,5 @@ +// Copyright 2023 D2iQ, Inc. All rights reserved. +// SPDX-License-Identifier: Apache-2.0 + +// +kubebuilder:rbac:groups="",resources=secrets,verbs=watch;list;get +package servicelbgc