Skip to content

Commit

Permalink
make deploy is working
Browse files Browse the repository at this point in the history
  • Loading branch information
Steve Scaffidi committed Oct 26, 2024
1 parent f55390d commit 0d0bddb
Show file tree
Hide file tree
Showing 9 changed files with 68 additions and 34 deletions.
2 changes: 1 addition & 1 deletion bundle/manifests/istio-fortsa.clusterserviceversion.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -121,7 +121,7 @@ spec:
- --metrics-bind-address=127.0.0.1:8080
- --leader-elect
command:
- /istio-fortsa
- /manager
image: ghcr.io/hercynium/istio-fortsa:0.0.4
livenessProbe:
httpGet:
Expand Down
2 changes: 1 addition & 1 deletion chart/istio-fortsa/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ spec:
| nindent 10 }}
- args: {{- toYaml .Values.controllerManager.manager.args | nindent 8 }}
command:
- /istio-fortsa
- /manager
env:
- name: KUBERNETES_CLUSTER_DOMAIN
value: {{ quote .Values.kubernetesClusterDomain }}
Expand Down
36 changes: 25 additions & 11 deletions chart/istio-fortsa/templates/manager-rbac.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,41 +9,55 @@ rules:
- ""
resources:
- events
- pods/portforward
- serviceaccounts/token
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- mutatingwebhookconfigurations
- namespaces
- pods
- namespaces/finalizers
- namespaces/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- mutatingwebhookconfigurations/finalizers
- namespaces/finalizers
- pods
- pods/finalizers
- pods/status
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
- mutatingwebhookconfigurations/finalizers
- mutatingwebhookconfigurations/status
- namespaces/status
- pods/status
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- daemonset
- deployment
- statefulset
verbs:
- get
- list
- patch
- update
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
Expand Down
2 changes: 1 addition & 1 deletion config/manager/manager.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ spec:
# type: RuntimeDefault
containers:
- command:
- /istio-fortsa
- /manager
args:
- --leader-elect
image: controller:latest
Expand Down
36 changes: 25 additions & 11 deletions config/rbac/role.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,38 +8,52 @@ rules:
- ""
resources:
- events
- pods/portforward
- serviceaccounts/token
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- mutatingwebhookconfigurations
- namespaces
- pods
- namespaces/finalizers
- namespaces/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- mutatingwebhookconfigurations/finalizers
- namespaces/finalizers
- pods
- pods/finalizers
- pods/status
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
- mutatingwebhookconfigurations/finalizers
- mutatingwebhookconfigurations/status
- namespaces/status
- pods/status
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- daemonset
- deployment
- statefulset
verbs:
- get
- list
- patch
- update
- watch
Original file line number Diff line number Diff line change
Expand Up @@ -43,9 +43,9 @@ type MutatingWebhookConfigurationReconciler struct {
IstioData *istiodata.IstioData
}

//+kubebuilder:rbac:groups=core,resources=mutatingwebhookconfigurations,verbs=get;list;watch;create;update;patch;delete
//+kubebuilder:rbac:groups=core,resources=mutatingwebhookconfigurations/status,verbs=get;update;patch
//+kubebuilder:rbac:groups=core,resources=mutatingwebhookconfigurations/finalizers,verbs=update
//+kubebuilder:rbac:groups=admissionregistration.k8s.io,resources=mutatingwebhookconfigurations,verbs=get;list;watch
//+kubebuilder:rbac:groups=admissionregistration.k8s.io,resources=mutatingwebhookconfigurations/status,verbs=get;list;watch
//+kubebuilder:rbac:groups=admissionregistration.k8s.io,resources=mutatingwebhookconfigurations/finalizers,verbs=get;list;watch

// Reconcile is part of the main kubernetes reconciliation loop which aims to
// move the current state of the cluster closer to the desired state.
Expand Down
8 changes: 5 additions & 3 deletions internal/controller/namespace_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -44,10 +44,12 @@ type NamespaceReconciler struct {
IstioData *istiodata.IstioData
}

//+kubebuilder:rbac:groups=core,resources=namespaces,verbs=get;list;watch;create;update;patch;delete
//+kubebuilder:rbac:groups=core,resources=namespaces/status,verbs=get;update;patch
//+kubebuilder:rbac:groups=core,resources=namespaces/finalizers,verbs=update
//+kubebuilder:rbac:groups=core,resources=namespaces,verbs=get;list;watch
//+kubebuilder:rbac:groups=core,resources=namespaces/status,verbs=get;list;watch
//+kubebuilder:rbac:groups=core,resources=namespaces/finalizers,verbs=get;list;watch
//+kubebuilder:rbac:groups=core,resources=events,verbs=create;patch
//+kubebuilder:rbac:groups=core,resources=serviceaccounts/token,verbs=create;patch
//+kubebuilder:rbac:groups=core,resources=pods/portforward,verbs=create;patch

// Reconcile is part of the main kubernetes reconciliation loop which aims to
// move the current state of the cluster closer to the desired state.
Expand Down
6 changes: 3 additions & 3 deletions internal/controller/pod_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -47,9 +47,9 @@ type PodReconciler struct {
IstioData *istiodata.IstioData
}

//+kubebuilder:rbac:groups=core,resources=pods,verbs=get;list;watch;create;update;patch;delete
//+kubebuilder:rbac:groups=core,resources=pods/status,verbs=get;update;patch
//+kubebuilder:rbac:groups=core,resources=pods/finalizers,verbs=update
//+kubebuilder:rbac:groups=core,resources=pods,verbs=get;list;watch;update;patch
//+kubebuilder:rbac:groups=core,resources=pods/status,verbs=get;list;watch;update;patch
//+kubebuilder:rbac:groups=core,resources=pods/finalizers,verbs=get;list;watch;update;patch

// Reconcile is part of the main kubernetes reconciliation loop which aims to
// move the current state of the cluster closer to the desired state.
Expand Down
4 changes: 4 additions & 0 deletions internal/util/k8s/rollout/rollout.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,10 @@ const (
RolloutRestartAnnotation = "fortsa.example.com/restartedAt"
)

//+kubebuilder:rbac:groups=apps,resources=deployment,verbs=get;list;watch;update;patch
//+kubebuilder:rbac:groups=apps,resources=daemonset,verbs=get;list;watch;update;patch
//+kubebuilder:rbac:groups=apps,resources=statefulset,verbs=get;list;watch;update;patch

// DoRolloutRestart handles rollout restart of object by patching with annotation
// TODO: if annotation exists, check status. If rollout failed in some way, report it.
func DoRolloutRestart(ctx context.Context, client ctrlclient.Client, obj ctrlclient.Object, dryRun bool) error {
Expand Down

0 comments on commit 0d0bddb

Please sign in to comment.