Skip to content

Commit

Permalink
Merge 83240cd into 713d5ff
Browse files Browse the repository at this point in the history
  • Loading branch information
@abhinavmpandey08
abhinavmpandey08 authored Apr 29, 2022
2 parents 713d5ff + 83240cd commit dac566d
Show file tree
Hide file tree
Showing 23 changed files with 356 additions and 1 deletion.
13 changes: 13 additions & 0 deletions config/crd/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
# This kustomization.yaml is not intended to be run by itself,
# since it depends on service name and namespace that are out of this kustomize package.
# It should be run by config/default
resources:
- bases/tinkerbell.org_hardware.yaml
- bases/tinkerbell.org_templates.yaml
- bases/tinkerbell.org_workflows.yaml
- bases/tinkerbell.org_workflowdata.yaml
#+kubebuilder:scaffold:crdkustomizeresource

# the following config is for teaching kustomize how to do kustomization for CRDs.
configurations:
- kustomizeconfig.yaml
19 changes: 19 additions & 0 deletions config/crd/kustomizeconfig.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
# This file is for teaching kustomize how to substitute name and namespace reference in CRD
nameReference:
- kind: Service
version: v1
fieldSpecs:
- kind: CustomResourceDefinition
version: v1
group: apiextensions.k8s.io
path: spec/conversion/webhook/clientConfig/service/name

namespace:
- kind: CustomResourceDefinition
version: v1
group: apiextensions.k8s.io
path: spec/conversion/webhook/clientConfig/service/namespace
create: false

varReference:
- path: metadata/annotations
23 changes: 23 additions & 0 deletions config/default/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Adds namespace to all resources.
namespace: tink-system

# Value of this field is prepended to the
# names of all resources, e.g. a deployment named
# "wordpress" becomes "alices-wordpress".
# Note that it should also match with the prefix (text before '-') of the namespace
# field above.
namePrefix: tink-

resources:
- namespace.yaml

bases:
- ../crd
- ../rbac
- ../manager
- ../server
- ../server-rbac

patchesStrategicMerge:
- manager_image_patch.yaml
- server_image_patch.yaml
12 changes: 12 additions & 0 deletions config/default/manager_image_patch.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
# Change the value of image field below to your controller image URL
- image: tink-controller:latest
name: manager
6 changes: 6 additions & 0 deletions config/default/namespace.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
labels:
control-plane: controller-manager
name: system
12 changes: 12 additions & 0 deletions config/default/server_image_patch.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: server
namespace: system
spec:
template:
spec:
containers:
# Change the value of image field below to your controller image URL
- image: tink-server:latest
name: tink-server
2 changes: 2 additions & 0 deletions config/manager/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
resources:
- manager.yaml
32 changes: 32 additions & 0 deletions config/manager/manager.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
labels:
control-plane: controller-manager
spec:
selector:
matchLabels:
control-plane: controller-manager
replicas: 1
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: manager
labels:
control-plane: controller-manager
spec:
containers:
- image: controller:latest
imagePullPolicy: IfNotPresent
name: manager
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 10m
memory: 64Mi
serviceAccountName: controller-manager
terminationGracePeriodSeconds: 10
11 changes: 11 additions & 0 deletions config/rbac/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
resources:
# All RBAC will be applied under this service account in
# the deployment namespace. You may comment out this resource
# if your manager will use a service account that exists at
# runtime. Be sure to update RoleBinding and ClusterRoleBinding
# subjects if changing service account names.
- service_account.yaml
- role.yaml
- role_binding.yaml
- leader_election_role.yaml
- leader_election_role_binding.yaml
36 changes: 36 additions & 0 deletions config/rbac/leader_election_role.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
# permissions to do leader election.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: leader-election-role
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
12 changes: 12 additions & 0 deletions config/rbac/leader_election_role_binding.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: leader-election-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: leader-election-role
subjects:
- kind: ServiceAccount
name: controller-manager
namespace: system
41 changes: 41 additions & 0 deletions config/rbac/role.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: manager-role
rules:
- apiGroups:
- tinkerbell.org
resources:
- hardware
- hardware/status
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- tinkerbell.org
resources:
- templates
- templates/status
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- tinkerbell.org
resources:
- workflows
- workflows/status
verbs:
- delete
- get
- list
- patch
- update
- watch
12 changes: 12 additions & 0 deletions config/rbac/role_binding.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: manager-role
subjects:
- kind: ServiceAccount
name: controller-manager
namespace: system
5 changes: 5 additions & 0 deletions config/rbac/service_account.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: controller-manager
namespace: system
9 changes: 9 additions & 0 deletions config/server-rbac/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
resources:
# All RBAC will be applied under this service account in
# the deployment namespace. You may comment out this resource
# if your manager will use a service account that exists at
# runtime. Be sure to update RoleBinding and ClusterRoleBinding
# subjects if changing service account names.
- service_account.yaml
- role.yaml
- role_binding.yaml
36 changes: 36 additions & 0 deletions config/server-rbac/role.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: server-role
rules:
- apiGroups:
- tinkerbell.org
resources:
- hardware
- hardware/status
verbs:
- get
- list
- watch
- apiGroups:
- tinkerbell.org
resources:
- templates
- templates/status
verbs:
- get
- list
- watch
- apiGroups:
- tinkerbell.org
resources:
- workflows
- workflows/status
verbs:
- get
- list
- patch
- update
- watch
12 changes: 12 additions & 0 deletions config/server-rbac/role_binding.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: server-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: server-role
subjects:
- kind: ServiceAccount
name: server
namespace: system
5 changes: 5 additions & 0 deletions config/server-rbac/service_account.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: server
namespace: system
2 changes: 2 additions & 0 deletions config/server/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
resources:
- server.yaml
39 changes: 39 additions & 0 deletions config/server/server.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: server
namespace: system
labels:
control-plane: server
spec:
selector:
matchLabels:
control-plane: server
replicas: 1
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: server
labels:
control-plane: server
spec:
containers:
- args:
- "--backend=kubernetes"
- "--tls=false"
image: server:latest
imagePullPolicy: IfNotPresent
name: tink-server
ports:
- containerPort: 42113
hostPort: 42113
name: grpc
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 10m
memory: 64Mi
serviceAccountName: server
terminationGracePeriodSeconds: 10
10 changes: 9 additions & 1 deletion kube.mk
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,4 +15,12 @@ generate-manifests: bin/controller-gen # Generate manifests e.g. CRD, RBAC etc.
output:crd:dir=./config/crd/bases \
output:webhook:dir=./config/webhook \
webhook
prettier --write ./config/crd/
controller-gen \
paths=./pkg/controllers/... \
output:rbac:dir=./config/rbac/ \
rbac:roleName=manager-role
controller-gen \
paths=./server/... \
output:rbac:dir=./config/server-rbac \
rbac:roleName=server-role
prettier --write ./config/
4 changes: 4 additions & 0 deletions pkg/controllers/workflow/controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,10 @@ func NewController(kubeClient client.Client) *Controller {
}
}

// +kubebuilder:rbac:groups=tinkerbell.org,resources=hardware;hardware/status,verbs=get;list;watch;update;patch
// +kubebuilder:rbac:groups=tinkerbell.org,resources=templates;templates/status,verbs=get;list;watch;update;patch
// +kubebuilder:rbac:groups=tinkerbell.org,resources=workflows;workflows/status,verbs=get;list;watch;update;patch;delete

func (c *Controller) Reconcile(ctx context.Context, req reconcile.Request) (reconcile.Result, error) {
stored := &v1alpha1.Workflow{}
if err := c.kubeClient.Get(ctx, req.NamespacedName, stored); err != nil {
Expand Down
4 changes: 4 additions & 0 deletions server/kubernetes_api.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,10 @@ import (
"sigs.k8s.io/controller-runtime/pkg/client"
)

// +kubebuilder:rbac:groups=tinkerbell.org,resources=hardware;hardware/status,verbs=get;list;watch
// +kubebuilder:rbac:groups=tinkerbell.org,resources=templates;templates/status,verbs=get;list;watch
// +kubebuilder:rbac:groups=tinkerbell.org,resources=workflows;workflows/status,verbs=get;list;watch;update;patch

// NewKubeBackedServer returns a server that implements the Workflow server interface for a given kubeconfig.
func NewKubeBackedServer(logger log.Logger, kubeconfig, apiserver string) (*KubernetesBackedServer, error) {
ccfg := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(
Expand Down

0 comments on commit dac566d

Please sign in to comment.