Skip to content
This repository has been archived by the owner on Dec 16, 2024. It is now read-only.

Separate policy controller #644

Merged
merged 1 commit into from
Nov 2, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions .github/workflows/ci-e2e.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -65,11 +65,13 @@ jobs:
run: |
export OCM_SINGLE=1
make local-setup
- name: Deploy MGC
- name: Deploy
run: |
make docker-build-controller kind-load-controller deploy-controller
make docker-build-gateway-controller kind-load-gateway-controller docker-build-policy-controller kind-load-policy-controller deploy-gateway-controller
kubectl --context kind-mgc-control-plane -n multicluster-gateway-controller-system wait --timeout=300s --for=condition=Available deployment/mgc-controller-manager
kubectl --context kind-mgc-control-plane -n multicluster-gateway-controller-system wait --timeout=300s --for=condition=Available deployment/mgc-policy-controller-manager
kubectl --context kind-mgc-control-plane logs --all-containers --ignore-errors deployment/mgc-controller-manager -n multicluster-gateway-controller-system
kubectl --context kind-mgc-control-plane logs --all-containers --ignore-errors deployment/mgc-policy-controller-manager -n multicluster-gateway-controller-system
kubectl get managedzones -n multi-cluster-gateways mgc-dev-mz-aws -o yaml
kubectl --context kind-mgc-control-plane -n multi-cluster-gateways wait --timeout=60s --for=condition=Ready managedzone/mgc-dev-mz-aws
kubectl get managedzones -n multi-cluster-gateways mgc-dev-mz-gcp -o yaml
Expand Down
62 changes: 62 additions & 0 deletions .github/workflows/policy-controller-image.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
name: Build and Publish Policy Controller Image

on:
push:
branches:
- main
- "release-*"
tags:
- "v[0-9]+.[0-9]+.[0-9]+"

env:
IMG_REGISTRY_HOST: quay.io
IMG_REGISTRY_ORG: kuadrant
IMG_REGISTRY_REPO: policy-controller
MAIN_BRANCH_NAME: main

jobs:
controller:
if: github.repository_owner == 'kuadrant'
name: Build controller image
runs-on: ubuntu-22.04
outputs:
sha_short: ${{ steps.vars.outputs.sha_short }}
controller_image: ${{ steps.vars.outputs.base_image }}:${{ steps.vars.outputs.sha_short }}
steps:
- uses: actions/checkout@v3

- name: Calculate vars
id: vars
run: |
echo "sha_short=$(echo ${{ github.sha }} | cut -b -7)" >> $GITHUB_OUTPUT
echo "base_image=${{ env.IMG_REGISTRY_HOST }}/${{ env.IMG_REGISTRY_ORG }}/${{ env.IMG_REGISTRY_REPO }}" >> $GITHUB_OUTPUT

- name: Add image tags
id: add-tags
run: echo "IMG_TAGS=${{ steps.vars.outputs.base_image }}:${{ steps.vars.outputs.sha_short }},${{ steps.vars.outputs.base_image }}:${{ github.ref_name }}" >> $GITHUB_ENV

- name: Add latest tag
if: ${{ github.ref_name == env.MAIN_BRANCH_NAME }}
id: add-latest-tag
run: echo "IMG_TAGS=${{ steps.vars.outputs.base_image }}:latest,${{ env.IMG_TAGS }}" >> $GITHUB_ENV

- name: Login to Quay.io
uses: docker/login-action@v2
id: registry-login
with:
registry: ${{ env.IMG_REGISTRY_HOST }}
username: ${{ secrets.IMG_REGISTRY_USERNAME }}
password: ${{ secrets.IMG_REGISTRY_TOKEN }}

- name: Build and push Controller Image
id: build-and-push
uses: docker/build-push-action@v4
with:
push: true
tags: ${{ env.IMG_TAGS }}
target: policy-controller

- name: Print Image URL
run: |
echo "Image pushed to ${{ env.IMG_TAGS }}"
echo "Image digest: ${{ steps.build-and-push.outputs.digest }}"
3 changes: 2 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,8 @@ config/deploy/**/_*
/control-plane.yaml
/workload*.yaml

cmd/controller/__debug_bin
cmd/gateway_controller/__debug_bin
cmd/policy_controller/__debug_bin

# Submariner broker config
/broker-info.subm*
2 changes: 1 addition & 1 deletion .vscode/launch.json
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
"type": "go",
"request": "launch",
"mode": "auto",
"program": "./cmd/controller/main.go",
"program": "./cmd/gateway_controller/main.go",
"args": [
"--metrics-bind-address=:8080",
"--health-probe-bind-address=:8081"
Expand Down
17 changes: 15 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,10 @@ COPY pkg/ pkg/
# the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore,
# by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
FROM builder as controller_builder
RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o controller cmd/controller/main.go
RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o controller cmd/gateway_controller/main.go

FROM builder as policy_builder
RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o policy_controller cmd/policy_controller/main.go

FROM builder as addon_builder
RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o add-on-manager cmd/ocm/main.go
Expand All @@ -42,4 +45,14 @@ WORKDIR /
COPY --from=addon_builder /workspace/add-on-manager .
USER 65532:65532

ENTRYPOINT ["/add-on-manager"]
ENTRYPOINT ["/add-on-manager"]


# Use distroless as minimal base image to package the manager binary
# Refer to https://github.com/GoogleContainerTools/distroless for more details
FROM gcr.io/distroless/static:nonroot as policy-controller
WORKDIR /
COPY --from=policy_builder /workspace/policy_controller .
USER 65532:65532

ENTRYPOINT ["/policy_controller"]
5 changes: 3 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,8 @@ test-unit: manifests generate fmt vet envtest ## Run unit tests.

.PHONY: test-integration
test-integration: ginkgo manifests generate fmt vet envtest ## Run integration tests.
KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" $(GINKGO) -tags=integration -v --focus "${FOCUS}" ./test/integration
KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" $(GINKGO) -tags=integration -v --focus "${FOCUS}" ./test/policy_integration
KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) --bin-dir $(LOCALBIN) -p path)" $(GINKGO) -tags=integration -v --focus "${FOCUS}" ./test/gateway_integration

.PHONY: test
test: test-unit test-integration ## Run tests.
Expand Down Expand Up @@ -109,7 +110,7 @@ local-cleanup-mgc: ## Cleanup MGC from kind clusters
./hack/local-cleanup-mgc.sh

.PHONY: build
build: build-controller ## Build all binaries.
build: build-gateway-controller build-policy-controller ## Build all binaries.

##@ Deployment
ifndef ignore-not-found
Expand Down
15 changes: 11 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -43,12 +43,16 @@ When deploying the multicluster gateway controller using the make targets, the f
1. Build the controller image and load it into the control plane
```sh
kubectl config use-context kind-mgc-control-plane
make kind-load-controller
make kind-load-policy-controller

kubectl config use-context kind-mgc-control-plane
make kind-load-gateway-controller
```

1. Deploy the controller to the control plane cluster
1. Deploy the controller(s) to the control plane cluster
```sh
make deploy-controller
make deploy-policy-controller
make deploy-gateway-controller
```

1. (Optional) View the logs of the deployed controller
Expand All @@ -68,7 +72,10 @@ When deploying the multicluster gateway controller using the make targets, the f
1. Run the controller locally:
```sh
kubectl config use-context kind-mgc-control-plane
make build-controller install run-controller
make build-policy-controller install run-policy-controller

kubectl config use-context kind-mgc-control-plane
make build-gateway-controller install run-gatewway-controller
```

## 3. Running the agent in the cluster:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ metadata:
annotations:
alm-examples: '[]'
capabilities: Basic Install
createdAt: "2023-10-10T15:03:19Z"
createdAt: "2023-10-27T14:36:31Z"
operators.operatorframework.io/builder: operator-sdk-v1.28.0
operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
name: multicluster-gateway-controller.v0.0.0
Expand Down Expand Up @@ -571,6 +571,64 @@ spec:
runAsNonRoot: true
serviceAccountName: mgc-add-on-manager
terminationGracePeriodSeconds: 10
- label:
app.kubernetes.io/component: manager
app.kubernetes.io/created-by: policy-controller
app.kubernetes.io/instance: policy-controller
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: deployment
app.kubernetes.io/part-of: kuadrant
control-plane: controller-manager
name: mgc-policy-controller-manager
spec:
replicas: 1
selector:
matchLabels:
control-plane: policy-controller
strategy: {}
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: manager
labels:
control-plane: policy-controller
spec:
containers:
- args:
- --leader-elect
command:
- /policy_controller
image: quay.io/kuadrant/policy-controller:main
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
name: policy-controller
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits:
cpu: 500m
memory: 256Mi
requests:
cpu: 10m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
securityContext:
runAsNonRoot: true
serviceAccountName: mgc-controller-manager
terminationGracePeriodSeconds: 10
permissions:
- rules:
- apiGroups:
Expand Down
Loading
Loading