Object propagation controller to the package (#2749)

Signed-off-by: Anuj Chaudhari <anujc@vmware.com>
vmware-tanzu · Jul 8, 2022 · 8711537 · 8711537
1 parent cb46355
commit 8711537
Show file tree

Hide file tree

Showing 3 changed files with 196 additions and 81 deletions.
diff --git a/packages/tkg-clusterclass/bundle/config/object-propagation/deployment.yaml b/packages/tkg-clusterclass/bundle/config/object-propagation/deployment.yaml
@@ -0,0 +1,152 @@
+#@ load("@ytt:data", "data")
+#@ load("@ytt:yaml", "yaml")
+
+#@ def getObjectPropagationConfig():
+
+#! generic resources from CAPI
+- source:
+    apiVersion: cluster.x-k8s.io/v1beta1
+    kind: ClusterClass
+    namespace: #@ data.values.namespaceForPackageInstallation
+    labelSelector: ''
+  target:
+    namespaceLabelSelector: ''
+    detectAndReplaceSourceNSRef: true
+- source:
+    apiVersion: controlplane.cluster.x-k8s.io/v1beta1
+    kind: KubeadmControlPlaneTemplate
+    namespace: #@ data.values.namespaceForPackageInstallation
+    labelSelector: ''
+  target:
+    namespaceLabelSelector: ''
+    detectAndReplaceSourceNSRef: true
+- source:
+    apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
+    kind: KubeadmConfigTemplate
+    namespace: #@ data.values.namespaceForPackageInstallation
+    labelSelector: ''
+  target:
+    namespaceLabelSelector: ''
+    detectAndReplaceSourceNSRef: true
+
+#@ if data.values.clusterclassInfraPackageValues.infraProvider == "aws":
+#! AWS infra specific resources
+- source:
+    apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+    kind: AWSClusterTemplate
+    namespace: #@ data.values.namespaceForPackageInstallation
+    labelSelector: ''
+  target:
+    namespaceLabelSelector: ''
+    detectAndReplaceSourceNSRef: true
+- source:
+    apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+    kind: AWSMachineTemplate
+    namespace: #@ data.values.namespaceForPackageInstallation
+    labelSelector: ''
+  target:
+    namespaceLabelSelector: ''
+    detectAndReplaceSourceNSRef: true
+#@ end
+
+#@ if data.values.clusterclassInfraPackageValues.infraProvider == "azure":
+#! Azure infra specific resources
+- source:
+    apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+    kind: AzureClusterTemplate
+    namespace: #@ data.values.namespaceForPackageInstallation
+    labelSelector: ''
+  target:
+    namespaceLabelSelector: ''
+    detectAndReplaceSourceNSRef: true
+- source:
+    apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+    kind: AzureMachineTemplate
+    namespace: #@ data.values.namespaceForPackageInstallation
+    labelSelector: ''
+  target:
+    namespaceLabelSelector: ''
+    detectAndReplaceSourceNSRef: true
+#@ end
+
+#@ if data.values.clusterclassInfraPackageValues.infraProvider == "vsphere":
+#! vSphere infra specific resources
+- source:
+    apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+    kind: VSphereClusterTemplate
+    namespace: #@ data.values.namespaceForPackageInstallation
+    labelSelector: ''
+  target:
+    namespaceLabelSelector: ''
+    detectAndReplaceSourceNSRef: true
+- source:
+    apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
+    kind: VSphereMachineTemplate
+    namespace: #@ data.values.namespaceForPackageInstallation
+    labelSelector: ''
+  target:
+    namespaceLabelSelector: ''
+    detectAndReplaceSourceNSRef: true
+#@ end
+
+#@ end
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: object-propagation-config
+  namespace: #@ data.values.namespaceForPackageInstallation
+  annotations:
+    kapp.k14s.io/change-group: "object-propagation-controller.tanzu.vmware.com/ConfigMap"
+data:
+  configData: #@ yaml.encode(getObjectPropagationConfig())
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: object-propagation-controller
+  name: object-propagation-controller-manager
+  namespace: #@ data.values.namespaceForPackageInstallation
+  annotations:
+    kapp.k14s.io/change-rule.0: "upsert after upserting object-propagation-controller.tanzu.vmware.com/ClusterRoleBinding"
+    kapp.k14s.io/change-rule.1: "delete before deleting object-propagation-controller.tanzu.vmware.com/ClusterRoleBinding"
+    kapp.k14s.io/change-rule.2: "upsert after upserting object-propagation-controller.tanzu.vmware.com/ConfigMap"
+    kapp.k14s.io/change-rule.3: "delete before deleting object-propagation-controller.tanzu.vmware.com/ConfigMap"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: object-propagation-controller
+  template:
+    metadata:
+      labels:
+        app: object-propagation-controller
+    spec:
+      containers:
+      - image: object-propagation-controller:latest
+        imagePullPolicy: IfNotPresent
+        name: manager
+        command:
+        - /manager
+        args:
+        - --metrics-bind-addr=0
+        - --input=/dev/config/object-propagation-controller.config
+        resources:
+          limits:
+            cpu: 100m
+            memory: 200Mi
+          requests:
+            cpu: 100m
+            memory: 40Mi
+        volumeMounts:
+          - name: config-mnt
+            mountPath: /dev/config/object-propagation-controller.config
+            subPath: configData
+      serviceAccount: object-propagation-controller-manager-sa
+      terminationGracePeriodSeconds: 10
+      volumes:
+      - name: config-mnt
+        configMap:
+          name: object-propagation-config
diff --git a/packages/tkg-clusterclass/bundle/config/object-propagation/rbac.yaml b/packages/tkg-clusterclass/bundle/config/object-propagation/rbac.yaml
@@ -0,0 +1,40 @@
+#@ load("@ytt:data", "data")
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app: object-propagation-controller
+  name: object-propagation-controller-manager-sa
+  namespace: #@ data.values.namespaceForPackageInstallation
+  annotations:
+    kapp.k14s.io/change-group: "object-propagation-controller.tanzu.vmware.com/serviceaccount"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: object-propagation-controller-manager-role
+  annotations:
+    kapp.k14s.io/change-group: "object-propagation-controller.tanzu.vmware.com/serviceaccount"
+rules:
+  #  RBAC rules to create PackageInstall CR and service accounts
+  - apiGroups: ["*"]
+    resources: ["*"]
+    verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: object-propagation-controller-manager-clusterrolebinding
+  annotations:
+    kapp.k14s.io/change-group: "object-propagation-controller.tanzu.vmware.com/ClusterRoleBinding"
+    kapp.k14s.io/change-rule.0: "upsert after upserting object-propagation-controller.tanzu.vmware.com/serviceaccount"
+    kapp.k14s.io/change-rule.1: "delete before deleting object-propagation-controller.tanzu.vmware.com/serviceaccount"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: object-propagation-controller-manager-role
+subjects:
+- kind: ServiceAccount
+  name: object-propagation-controller-manager-sa
+  namespace: #@ data.values.namespaceForPackageInstallation
diff --git a/packages/tkg/bundle/config/packageinstalls/tkg-clusterclass-service-account.yaml b/packages/tkg/bundle/config/packageinstalls/tkg-clusterclass-service-account.yaml
@@ -16,87 +16,10 @@ metadata:
   annotations:
     kapp.k14s.io/change-group: "tkg-clusterclass-packageinstall/serviceaccount-0"
 rules:
-  - apiGroups:
-      - ""
-    resources:
-      - secrets
-      - configmaps
-      - serviceaccounts
-      - services
-    verbs:
-      - create
-      - update
-      - get
-      - list
-      - delete
-  - apiGroups:
-      - cluster.x-k8s.io
-    resources:
-      - clusterclasses
-    verbs:
-      - create
-      - update
-      - get
-      - list
-      - delete
-  - apiGroups:
-      - bootstrap.cluster.x-k8s.io
-    resources:
-      - kubeadmconfigtemplates
-    verbs:
-      - create
-      - update
-      - get
-      - list
-      - delete
-  - apiGroups:
-      - infrastructure.cluster.x-k8s.io
-    resources:
-      - awsmachinetemplates
-      - awsclustertemplates
-      - vspheremachinetemplates
-      - vsphereclustertemplates
-      - azuremachinetemplates
-      - azureclustertemplates
-      - dockermachinetemplates
-      - dockerclustertemplates
-    verbs:
-      - create
-      - update
-      - get
-      - list
-      - delete
-  - apiGroups:
-      - controlplane.cluster.x-k8s.io
-    resources:
-      - kubeadmcontrolplanetemplates
-    verbs:
-      - create
-      - update
-      - get
-      - list
-      - delete
-  - apiGroups:
-      - packaging.carvel.dev
-    resources:
-      - packageinstalls
-    verbs:
-      - create
-      - update
-      - get
-      - list
-      - delete
-  - apiGroups:
-      - rbac.authorization.k8s.io
-    resources:
-      - clusterroles
-      - clusterrolebindings
-    verbs:
-      - create
-      - update
-      - get
-      - list
-      - delete
+  #  RBAC rules to create PackageInstall CR and service accounts
+  - apiGroups: ["*"]
+    resources: ["*"]
+    verbs: ["*"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding