Merge pull request #4 from integr8ly/add_image_build_targets

Add image build and push make targets
integr8ly · Nov 21, 2019 · 58d39c5 · 58d39c5
2 parents f264d4a + 20d1192
commit 58d39c5
Show file tree

Hide file tree

Showing 10 changed files with 94 additions and 34 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,5 @@
 # Temporary Build Files
+tmp/_output/bin/heimdall-operator
 build/_output
 build/_test
 # Created by https://www.gitignore.io/api/go,vim,emacs,visualstudiocode

diff --git a/Makefile b/Makefile
@@ -1,4 +1,8 @@
-
+ORG=integreatly
+PROJECT=heimdall-operator
+REG=quay.io
+TAG=master
+COMPILE_TARGET=./tmp/_output/bin/$(PROJECT)
 
 SHELL=/bin/bash
 
@@ -12,6 +16,17 @@ setup/moq:
 	dep ensure
 	cd vendor/github.com/matryer/moq/ && go install .
 
+.PHONY: image/build
+image/build:
+	@operator-sdk build $(REG)/$(ORG)/$(PROJECT):$(TAG)
+
+.PHONY: image/push
+image/push:
+	docker push $(REG)/$(ORG)/$(PROJECT):$(TAG)
+
+.PHONY: image/build/push
+image/build/push: image/build image/push
+
 .PHONY: cluster/prepare/local
 cluster/prepare/local:
 	-oc create -f deploy/crds/*_crd.yaml

diff --git a/build/Dockerfile b/build/Dockerfile
@@ -1,8 +1,15 @@
-FROM centos:7
+FROM registry.access.redhat.com/ubi8/ubi:8.0
 
+ENV OPERATOR=/usr/local/bin/heimdall \
+    USER_UID=1001 \
+    USER_NAME=heimdall
 
-RUN yum update -h && yum update -y && yum install atomic -y
+# install operator binary
+COPY build/_output/bin/heimdall ${OPERATOR}
 
-#USER nobody
+COPY build/bin /usr/local/bin
+RUN  /usr/local/bin/user_setup
 
-#ADD build/_output/bin/heimdall /usr/local/bin/heimdall
+ENTRYPOINT ["/usr/local/bin/entrypoint"]
+
+USER ${USER_UID}
diff --git a/build/bin/entrypoint b/build/bin/entrypoint
@@ -0,0 +1,12 @@
+#!/bin/sh -e
+
+# This is documented here:
+# https://docs.openshift.com/container-platform/3.11/creating_images/guidelines.html#openshift-specific-guidelines
+
+if ! whoami &>/dev/null; then
+  if [ -w /etc/passwd ]; then
+    echo "${USER_NAME:-heimdall}:x:$(id -u):$(id -g):${USER_NAME:-heimdall} user:${HOME}:/sbin/nologin" >> /etc/passwd
+  fi
+fi
+
+exec ${OPERATOR} $@
diff --git a/build/bin/user_setup b/build/bin/user_setup
@@ -0,0 +1,13 @@
+#!/bin/sh
+set -x
+
+# ensure $HOME exists and is accessible by group 0 (we don't know what the runtime UID will be)
+mkdir -p ${HOME}
+chown ${USER_UID}:0 ${HOME}
+chmod ug+rwx ${HOME}
+
+# runtime user will need to be able to self-insert in /etc/passwd
+chmod g+rw /etc/passwd
+
+# no need for this script to remain in the image after running
+rm $0
diff --git a/deploy/cluster_role.yaml b/deploy/cluster_role.yaml
@@ -2,24 +2,39 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   creationTimestamp: null
-  name: image-monitor
-  - apiGroups:
-      - ""
-      - apps.openshift.io
-    resources:
-      - pods
-      - deploymentconfigs
-    verbs:
-      - '*'
-  - apiGroups:
-      - ""
-    resources:
-      - namespaces
-    verbs:
-      - get
-  - apiGroups:
-      - apps
-    resources:
-      - deployments
-    verbs:
-      - '*'
+  name: heimdall
+rules:
+- apiGroups:
+  - ""
+  - apps.openshift.io
+  resources:
+  - pods
+  - deploymentconfigs
+  - configmaps
+  - imagemonitors
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  verbs:
+  - '*'
+- apiGroups:
+    - imagemonitor.integreatly.org
+  resources:
+    - imagemonitors
+  verbs:
+    - '*'
+- apiGroups:
+    - image.openshift.io
+  resources:
+    - imagestreamtags
+  verbs:
+    - '*'
diff --git a/deploy/cluster_role_binding.yaml b/deploy/cluster_role_binding.yaml
@@ -5,7 +5,7 @@ metadata:
 subjects:
   - kind: ServiceAccount
     name: heimdall
-    namespace: openshift-heimdall
+    namespace: heimdall
 roleRef:
   kind: ClusterRole
   name: heimdall

diff --git a/deploy/crds/imagemonitor_v1alpha1_imagemonitor_cr.yaml b/deploy/crds/imagemonitor_v1alpha1_imagemonitor_cr.yaml
@@ -3,5 +3,4 @@ kind: ImageMonitor
 metadata:
   name: example-imagemonitor
 spec:
-  # Add fields here
-  namespaces: 3
+  excludePattern: ""
diff --git a/deploy/operator.yaml b/deploy/operator.yaml
@@ -15,8 +15,7 @@ spec:
       serviceAccountName: heimdall
       containers:
         - name: heimdall
-          # Replace this with the built image name
-          image: REPLACE_IMAGE
+          image: quay.io/integreatly/heimdall-operator:master
           ports:
           - containerPort: 60000
             name: metrics
@@ -33,9 +32,7 @@ spec:
             failureThreshold: 1
           env:
             - name: WATCH_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
+              value: ""
             - name: POD_NAME
               valueFrom:
                 fieldRef:

diff --git a/deploy/role.yaml b/deploy/role.yaml
@@ -10,6 +10,7 @@ rules:
   resources:
   - pods
   - deploymentconfigs
+  - configmaps
   verbs:
   - '*'
 - apiGroups: