From 8711537705931a94f093d0a40c8310d64332db17 Mon Sep 17 00:00:00 2001 From: Anuj Chaudhari Date: Fri, 8 Jul 2022 11:59:08 -0700 Subject: [PATCH] Object propagation controller to the package (#2749) Signed-off-by: Anuj Chaudhari --- .../config/object-propagation/deployment.yaml | 152 ++++++++++++++++++ .../config/object-propagation/rbac.yaml | 40 +++++ .../tkg-clusterclass-service-account.yaml | 85 +--------- 3 files changed, 196 insertions(+), 81 deletions(-) create mode 100644 packages/tkg-clusterclass/bundle/config/object-propagation/deployment.yaml create mode 100644 packages/tkg-clusterclass/bundle/config/object-propagation/rbac.yaml diff --git a/packages/tkg-clusterclass/bundle/config/object-propagation/deployment.yaml b/packages/tkg-clusterclass/bundle/config/object-propagation/deployment.yaml new file mode 100644 index 0000000000..47c7f9b6e3 --- /dev/null +++ b/packages/tkg-clusterclass/bundle/config/object-propagation/deployment.yaml @@ -0,0 +1,152 @@ +#@ load("@ytt:data", "data") +#@ load("@ytt:yaml", "yaml") + +#@ def getObjectPropagationConfig(): + +#! generic resources from CAPI +- source: + apiVersion: cluster.x-k8s.io/v1beta1 + kind: ClusterClass + namespace: #@ data.values.namespaceForPackageInstallation + labelSelector: '' + target: + namespaceLabelSelector: '' + detectAndReplaceSourceNSRef: true +- source: + apiVersion: controlplane.cluster.x-k8s.io/v1beta1 + kind: KubeadmControlPlaneTemplate + namespace: #@ data.values.namespaceForPackageInstallation + labelSelector: '' + target: + namespaceLabelSelector: '' + detectAndReplaceSourceNSRef: true +- source: + apiVersion: bootstrap.cluster.x-k8s.io/v1beta1 + kind: KubeadmConfigTemplate + namespace: #@ data.values.namespaceForPackageInstallation + labelSelector: '' + target: + namespaceLabelSelector: '' + detectAndReplaceSourceNSRef: true + +#@ if data.values.clusterclassInfraPackageValues.infraProvider == "aws": +#! AWS infra specific resources +- source: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AWSClusterTemplate + namespace: #@ data.values.namespaceForPackageInstallation + labelSelector: '' + target: + namespaceLabelSelector: '' + detectAndReplaceSourceNSRef: true +- source: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AWSMachineTemplate + namespace: #@ data.values.namespaceForPackageInstallation + labelSelector: '' + target: + namespaceLabelSelector: '' + detectAndReplaceSourceNSRef: true +#@ end + +#@ if data.values.clusterclassInfraPackageValues.infraProvider == "azure": +#! Azure infra specific resources +- source: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureClusterTemplate + namespace: #@ data.values.namespaceForPackageInstallation + labelSelector: '' + target: + namespaceLabelSelector: '' + detectAndReplaceSourceNSRef: true +- source: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: AzureMachineTemplate + namespace: #@ data.values.namespaceForPackageInstallation + labelSelector: '' + target: + namespaceLabelSelector: '' + detectAndReplaceSourceNSRef: true +#@ end + +#@ if data.values.clusterclassInfraPackageValues.infraProvider == "vsphere": +#! vSphere infra specific resources +- source: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: VSphereClusterTemplate + namespace: #@ data.values.namespaceForPackageInstallation + labelSelector: '' + target: + namespaceLabelSelector: '' + detectAndReplaceSourceNSRef: true +- source: + apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 + kind: VSphereMachineTemplate + namespace: #@ data.values.namespaceForPackageInstallation + labelSelector: '' + target: + namespaceLabelSelector: '' + detectAndReplaceSourceNSRef: true +#@ end + +#@ end + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: object-propagation-config + namespace: #@ data.values.namespaceForPackageInstallation + annotations: + kapp.k14s.io/change-group: "object-propagation-controller.tanzu.vmware.com/ConfigMap" +data: + configData: #@ yaml.encode(getObjectPropagationConfig()) +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: object-propagation-controller + name: object-propagation-controller-manager + namespace: #@ data.values.namespaceForPackageInstallation + annotations: + kapp.k14s.io/change-rule.0: "upsert after upserting object-propagation-controller.tanzu.vmware.com/ClusterRoleBinding" + kapp.k14s.io/change-rule.1: "delete before deleting object-propagation-controller.tanzu.vmware.com/ClusterRoleBinding" + kapp.k14s.io/change-rule.2: "upsert after upserting object-propagation-controller.tanzu.vmware.com/ConfigMap" + kapp.k14s.io/change-rule.3: "delete before deleting object-propagation-controller.tanzu.vmware.com/ConfigMap" +spec: + replicas: 1 + selector: + matchLabels: + app: object-propagation-controller + template: + metadata: + labels: + app: object-propagation-controller + spec: + containers: + - image: object-propagation-controller:latest + imagePullPolicy: IfNotPresent + name: manager + command: + - /manager + args: + - --metrics-bind-addr=0 + - --input=/dev/config/object-propagation-controller.config + resources: + limits: + cpu: 100m + memory: 200Mi + requests: + cpu: 100m + memory: 40Mi + volumeMounts: + - name: config-mnt + mountPath: /dev/config/object-propagation-controller.config + subPath: configData + serviceAccount: object-propagation-controller-manager-sa + terminationGracePeriodSeconds: 10 + volumes: + - name: config-mnt + configMap: + name: object-propagation-config diff --git a/packages/tkg-clusterclass/bundle/config/object-propagation/rbac.yaml b/packages/tkg-clusterclass/bundle/config/object-propagation/rbac.yaml new file mode 100644 index 0000000000..0c1c683c95 --- /dev/null +++ b/packages/tkg-clusterclass/bundle/config/object-propagation/rbac.yaml @@ -0,0 +1,40 @@ +#@ load("@ytt:data", "data") +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: object-propagation-controller + name: object-propagation-controller-manager-sa + namespace: #@ data.values.namespaceForPackageInstallation + annotations: + kapp.k14s.io/change-group: "object-propagation-controller.tanzu.vmware.com/serviceaccount" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: object-propagation-controller-manager-role + annotations: + kapp.k14s.io/change-group: "object-propagation-controller.tanzu.vmware.com/serviceaccount" +rules: + # RBAC rules to create PackageInstall CR and service accounts + - apiGroups: ["*"] + resources: ["*"] + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: object-propagation-controller-manager-clusterrolebinding + annotations: + kapp.k14s.io/change-group: "object-propagation-controller.tanzu.vmware.com/ClusterRoleBinding" + kapp.k14s.io/change-rule.0: "upsert after upserting object-propagation-controller.tanzu.vmware.com/serviceaccount" + kapp.k14s.io/change-rule.1: "delete before deleting object-propagation-controller.tanzu.vmware.com/serviceaccount" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: object-propagation-controller-manager-role +subjects: +- kind: ServiceAccount + name: object-propagation-controller-manager-sa + namespace: #@ data.values.namespaceForPackageInstallation diff --git a/packages/tkg/bundle/config/packageinstalls/tkg-clusterclass-service-account.yaml b/packages/tkg/bundle/config/packageinstalls/tkg-clusterclass-service-account.yaml index b624831149..0d59a8fd1e 100644 --- a/packages/tkg/bundle/config/packageinstalls/tkg-clusterclass-service-account.yaml +++ b/packages/tkg/bundle/config/packageinstalls/tkg-clusterclass-service-account.yaml @@ -16,87 +16,10 @@ metadata: annotations: kapp.k14s.io/change-group: "tkg-clusterclass-packageinstall/serviceaccount-0" rules: - - apiGroups: - - "" - resources: - - secrets - - configmaps - - serviceaccounts - - services - verbs: - - create - - update - - get - - list - - delete - - apiGroups: - - cluster.x-k8s.io - resources: - - clusterclasses - verbs: - - create - - update - - get - - list - - delete - - apiGroups: - - bootstrap.cluster.x-k8s.io - resources: - - kubeadmconfigtemplates - verbs: - - create - - update - - get - - list - - delete - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - awsmachinetemplates - - awsclustertemplates - - vspheremachinetemplates - - vsphereclustertemplates - - azuremachinetemplates - - azureclustertemplates - - dockermachinetemplates - - dockerclustertemplates - verbs: - - create - - update - - get - - list - - delete - - apiGroups: - - controlplane.cluster.x-k8s.io - resources: - - kubeadmcontrolplanetemplates - verbs: - - create - - update - - get - - list - - delete - - apiGroups: - - packaging.carvel.dev - resources: - - packageinstalls - verbs: - - create - - update - - get - - list - - delete - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterroles - - clusterrolebindings - verbs: - - create - - update - - get - - list - - delete + # RBAC rules to create PackageInstall CR and service accounts + - apiGroups: ["*"] + resources: ["*"] + verbs: ["*"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding