feat: Deployment iteration #1 (#10)

* Cleanup * Add kardinal dir to the dockefile * Build and push operator images * Build and push operator images * Operator deployment * Update permissions * Update image and platforms * Add deploy and undeploy to README * Update image and platforms * Push artifacts when PR merges * Cleanup * Add release please pushing the latest image
kurtosis-tech · Oct 21, 2024 · d4e350f · d4e350f
1 parent 21bdbf9
commit d4e350f
Show file tree

Hide file tree

Showing 8 changed files with 158 additions and 25 deletions.
diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
@@ -0,0 +1,57 @@
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: write
+  pull-requests: write
+
+name: release-please
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  release-please:
+    runs-on: ubuntu-latest
+    outputs:
+      tag_name: ${{ steps.release.outputs.tag_name }}
+      release_created: ${{ steps.release.outputs.release_created }}
+    # skip releases on forks
+    if: github.repository == 'kurtosis-tech/kardinal-operator'
+    steps:
+      - name: Run Release Please
+        id: release
+        uses: googleapis/release-please-action@v3
+        with:
+          token: ${{ secrets.RELEASE_PLEASE_TOKEN }}
+          release-type: simple
+          package-name: kardinal-operator
+          bump-minor-pre-major: true
+          bump-patch-for-minor-pre-major: true
+          include-v-in-tag: false
+
+  build-and-publish-artifacts:
+    needs: release-please
+    runs-on: ubuntu-latest
+    if: ${{ needs.release-please.outputs.release_created }}
+    steps:
+      - name: git checkout
+        uses: actions/checkout@v3
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build and push Kardinal Operator image
+        run: make docker-buildx IMG=kurtosistech/kardinal-operator:latest
diff --git a/Dockerfile b/Dockerfile
@@ -15,6 +15,7 @@ RUN go mod download
 COPY cmd/main.go cmd/main.go
 COPY api/ api/
 COPY internal/controller/ internal/controller/
+COPY kardinal/ kardinal/
 
 # Build
 # the GOARCH has not a default value to allow the binary be built according to the host where the command

diff --git a/Makefile b/Makefile
@@ -1,5 +1,5 @@
 # Image URL to use all building/pushing image targets
-IMG ?= controller:latest
+IMG ?= kurtosistech/kardinal-operator:latest
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
 ENVTEST_K8S_VERSION = 1.31.0
 
@@ -103,7 +103,7 @@ docker-push: ## Push docker image with the manager.
 # - have enabled BuildKit. More info: https://docs.docker.com/develop/develop-images/build_enhancements/
 # - be able to push the image to your registry (i.e. if you do not set a valid value via IMG=<myregistry/image:<tag>> then the export will fail)
 # To adequately provide solutions that are compatible with multiple platforms, you should consider using this option.
-PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le
+PLATFORMS ?= linux/arm64,linux/amd64
 .PHONY: docker-buildx
 docker-buildx: ## Build and push docker image for the manager for cross-platform support
 	# copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile

diff --git a/README.md b/README.md
@@ -2,37 +2,69 @@
 
 Implementation of [Kardinal](https://github.com/kurtosis-tech/kardinal) as a K8S Operator.
 
-## Development
+## Install
+
+### Requirements
+
+Istio is required and your namespaces should be labeled for injection. 
 
-Minikube + K8S manifest deployed. K8S context set to your local cluster.
 ```
-make install (to install the CRDs into the cluster)
+istioctl manifest install --set profile=default
+
+kubectl label namespace <namespace name> istio-injection=enabled
 ```
 
-The following three commands are commonly used during development:
+### Kardinal Operator
+
+The Kardinal Operator is built using Kubebuilder.  Run the following commands to install the CRDs and the operator in the cluster pointed by your kubeconfig.  The operator runs in a newly created namespace `kardinal-operator-system`.
 
 ```
-make lint (Run golangci linter. Can also be configured inside your IDE.)
-make test (Run tests against local cluster)
-make run (Run operator against your local cluster)
+make deploy
 ```
 
-Manage custom resources with kubectl:
+## CRDs
+
+### Flows
 
 ```yaml
 apiVersion: core.kardinal.dev/v1
 kind: Flow
 metadata:
   labels:
     app.kubernetes.io/name: kardinal
-    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/managed-by: kardinal-operator
   name: flow-test
   namespace: baseline
 spec:
   service: frontend
   image: kurtosistech/frontend:demo-frontend
 ```
 
+## Uninstall
+
+Run the following commands to uninstall the CRDs and the operator in the cluster pointed by your kubeconfig.
+
+```
+make undeploy
+```
+
+## Development
+
+Minikube + K8S manifest deployed. K8S context set to your local cluster.
+```
+make install (to install the CRDs into the cluster)
+```
+
+The following three commands are commonly used during development:
+
+```
+make lint (Run golangci linter. Can also be configured inside your IDE.)
+make test (Run tests against local cluster)
+make run (Run operator against your local cluster)
+```
+
+Manage custom resources with kubectl:
+
 ```
 # Create a flow 
 kubectl create -f ./ci/flow-test.yaml
@@ -47,11 +79,6 @@ kubectl get flows -n baseline
 kubectl describe flows flow-test -n baseline
 ```
 
-Deploy the operator inside the cluster
-```
-make deploy (when you want to test it inside the cluster)
-```
-
 ## Update the CRDs API
 
 1. Read [this document][api-design-doc] to follow the design rules.
@@ -73,4 +100,4 @@ make deploy (when you want to test it inside the cluster)
    4. NOTE: If you receive an error, please run the specified command in the error and re-run make manifests.
 
 [api-design-doc]: https://book.kubebuilder.io/cronjob-tutorial/api-design
-[rbac-markers-doc]: https://book.kubebuilder.io/reference/markers/rbac
+[rbac-markers-doc]: https://book.kubebuilder.io/reference/markers/rbac
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
@@ -1,2 +1,8 @@
 resources:
 - manager.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+images:
+- name: controller
+  newName: kurtosistech/kardinal-operator
+  newTag: latest
diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml
@@ -24,8 +24,6 @@ resources:
 # if you do not want those helpers be installed with your Project.
 - core_flow_editor_role.yaml
 - core_flow_viewer_role.yaml
-- kardinal_flow_editor_role.yaml
-- kardinal_flow_viewer_role.yaml
 - flow_editor_role.yaml
 - flow_viewer_role.yaml
 
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -5,12 +5,29 @@ metadata:
   name: manager-role
 rules:
 - apiGroups:
-  - ""
+  - apps
   resources:
   - deployments
-  - destinationrules
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
   - services
-  - virtualservices
   verbs:
   - create
   - delete
@@ -45,3 +62,28 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - networking.istio.io
+  resources:
+  - destinationrules
+  - virtualservices
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
diff --git a/internal/controller/core/flow_controller.go b/internal/controller/core/flow_controller.go
@@ -37,10 +37,12 @@ type FlowReconciler struct {
 // +kubebuilder:rbac:groups=core.kardinal.dev,resources=flows,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=core.kardinal.dev,resources=flows/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=core.kardinal.dev,resources=flows/finalizers,verbs=update
+// +kubebuilder:rbac:groups=core,resources=namespaces,verbs=get;list;watch
 // +kubebuilder:rbac:groups=core,resources=services,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups=core,resources=deployments,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups=core,resources=virtualservices,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups=core,resources=destinationrules,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=networking.istio.io,resources=virtualservices,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=networking.istio.io,resources=destinationrules,verbs=get;list;watch;create;update;patch;delete
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.