From d50c98ef227e90d3ffbf558cf8391834e0ce803c Mon Sep 17 00:00:00 2001 From: Laurent Luce Date: Fri, 18 Oct 2024 14:32:22 -0400 Subject: [PATCH 01/12] Cleanup --- config/rbac/kustomization.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index fe97c75..217a5a3 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -24,8 +24,6 @@ resources: # if you do not want those helpers be installed with your Project. - core_flow_editor_role.yaml - core_flow_viewer_role.yaml -- kardinal_flow_editor_role.yaml -- kardinal_flow_viewer_role.yaml - flow_editor_role.yaml - flow_viewer_role.yaml From 862356129eb083f4fb6b5d607f321e70e533fc1e Mon Sep 17 00:00:00 2001 From: Laurent Luce Date: Fri, 18 Oct 2024 14:39:42 -0400 Subject: [PATCH 02/12] Add kardinal dir to the dockefile --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index a48973e..01dac6f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,6 +15,7 @@ RUN go mod download COPY cmd/main.go cmd/main.go COPY api/ api/ COPY internal/controller/ internal/controller/ +COPY kardinal/ kardinal/ # Build # the GOARCH has not a default value to allow the binary be built according to the host where the command From d96329ee9ded3fce9f64a5eec2065da3b57039c3 Mon Sep 17 00:00:00 2001 From: Laurent Luce Date: Fri, 18 Oct 2024 14:56:14 -0400 Subject: [PATCH 03/12] Build and push operator images --- .github/workflows/publish-artifacts.yml | 38 +++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 .github/workflows/publish-artifacts.yml diff --git a/.github/workflows/publish-artifacts.yml b/.github/workflows/publish-artifacts.yml new file mode 100644 index 0000000..e51bac2 --- /dev/null +++ b/.github/workflows/publish-artifacts.yml @@ -0,0 +1,38 @@ +name: Publish demo artifacts + +on: + push: + branches: + - main + tags: + - "v*.*.*" + pull_request: + branches: + - main + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +jobs: + build-publish-demo: + runs-on: ubuntu-latest + if: github.ref == 'refs/heads/main' + steps: + - name: git checkout + uses: actions/checkout@v3 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Build and push Kardinal Operator images + run: make docker-buildx IMG=kurtosistech/kardinal-operator:latest From a518a9f4f503c4d94f345281ec936aedf1c2ed42 Mon Sep 17 00:00:00 2001 From: Laurent Luce Date: Fri, 18 Oct 2024 15:00:18 -0400 Subject: [PATCH 04/12] Build and push operator images --- .github/workflows/publish-artifacts.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-artifacts.yml b/.github/workflows/publish-artifacts.yml index e51bac2..27946af 100644 --- a/.github/workflows/publish-artifacts.yml +++ b/.github/workflows/publish-artifacts.yml @@ -1,4 +1,4 @@ -name: Publish demo artifacts +name: Publish artifacts on: push: @@ -17,7 +17,7 @@ concurrency: jobs: build-publish-demo: runs-on: ubuntu-latest - if: github.ref == 'refs/heads/main' + # if: github.ref == 'refs/heads/main' steps: - name: git checkout uses: actions/checkout@v3 From 7bf6577e5668d4c508d544bc19ef73969cce44b8 Mon Sep 17 00:00:00 2001 From: Laurent Luce Date: Fri, 18 Oct 2024 17:51:30 -0400 Subject: [PATCH 05/12] Operator deployment --- .github/workflows/publish-artifacts.yml | 2 +- Makefile | 3 ++ README.md | 51 ++++++++++++++++--------- config/manager/kustomization.yaml | 6 +++ 4 files changed, 43 insertions(+), 19 deletions(-) diff --git a/.github/workflows/publish-artifacts.yml b/.github/workflows/publish-artifacts.yml index 27946af..da15903 100644 --- a/.github/workflows/publish-artifacts.yml +++ b/.github/workflows/publish-artifacts.yml @@ -15,7 +15,7 @@ concurrency: cancel-in-progress: true jobs: - build-publish-demo: + build-publish-artifacts: runs-on: ubuntu-latest # if: github.ref == 'refs/heads/main' steps: diff --git a/Makefile b/Makefile index 5c67073..c18ae0e 100644 --- a/Makefile +++ b/Makefile @@ -21,6 +21,9 @@ CONTAINER_TOOL ?= docker SHELL = /usr/bin/env bash -o pipefail .SHELLFLAGS = -ec +# Kardinal Operator +IMG ?= kurtosistech/kardinal-operator:latest + .PHONY: all all: build diff --git a/README.md b/README.md index 729c562..f4a3a8b 100644 --- a/README.md +++ b/README.md @@ -2,22 +2,17 @@ Implementation of [Kardinal](https://github.com/kurtosis-tech/kardinal) as a K8S Operator. -## Development - -Minikube + K8S manifest deployed. K8S context set to your local cluster. -``` -make install (to install the CRDs into the cluster) -``` +## Install -The following three commands are commonly used during development: +The Kardinal Operator is built using Kubebuilder. Run the following commands to install the CRDs and the operator in the cluster pointed by your kubeconfig. ``` -make lint (Run golangci linter. Can also be configured inside your IDE.) -make test (Run tests against local cluster) -make run (Run operator against your local cluster) +make deploy ``` -Manage custom resources with kubectl: +## CRDs + +### Flows ```yaml apiVersion: core.kardinal.dev/v1 @@ -25,7 +20,7 @@ kind: Flow metadata: labels: app.kubernetes.io/name: kardinal - app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/managed-by: kardinal-operator name: flow-test namespace: baseline spec: @@ -33,6 +28,31 @@ spec: image: kurtosistech/frontend:demo-frontend ``` +## Uninstall + +Run the following commands to uninstall the CRDs and the operator in the cluster pointed by your kubeconfig. + +``` +make undeploy +``` + +## Development + +Minikube + K8S manifest deployed. K8S context set to your local cluster. +``` +make install (to install the CRDs into the cluster) +``` + +The following three commands are commonly used during development: + +``` +make lint (Run golangci linter. Can also be configured inside your IDE.) +make test (Run tests against local cluster) +make run (Run operator against your local cluster) +``` + +Manage custom resources with kubectl: + ``` # Create a flow kubectl create -f ./ci/flow-test.yaml @@ -47,11 +67,6 @@ kubectl get flows -n baseline kubectl describe flows flow-test -n baseline ``` -Deploy the operator inside the cluster -``` -make deploy (when you want to test it inside the cluster) -``` - ## Update the CRDs API 1. Read [this document][api-design-doc] to follow the design rules. @@ -73,4 +88,4 @@ make deploy (when you want to test it inside the cluster) 4. NOTE: If you receive an error, please run the specified command in the error and re-run make manifests. [api-design-doc]: https://book.kubebuilder.io/cronjob-tutorial/api-design -[rbac-markers-doc]: https://book.kubebuilder.io/reference/markers/rbac \ No newline at end of file +[rbac-markers-doc]: https://book.kubebuilder.io/reference/markers/rbac diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 5c5f0b8..ad13e96 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -1,2 +1,8 @@ resources: - manager.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: +- name: controller + newName: controller + newTag: latest From e50aaf7ff60538d185be4145728fdf6136ea0238 Mon Sep 17 00:00:00 2001 From: Laurent Luce Date: Fri, 18 Oct 2024 20:55:42 -0400 Subject: [PATCH 06/12] Update permissions --- config/rbac/role.yaml | 48 +++++++++++++++++++-- internal/controller/core/flow_controller.go | 8 ++-- 2 files changed, 50 insertions(+), 6 deletions(-) diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 71c689f..40afa23 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -5,12 +5,29 @@ metadata: name: manager-role rules: - apiGroups: - - "" + - apps resources: - deployments - - destinationrules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: - services - - virtualservices verbs: - create - delete @@ -45,3 +62,28 @@ rules: - get - patch - update +- apiGroups: + - networking.istio.io + resources: + - destinationrules + - virtualservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/internal/controller/core/flow_controller.go b/internal/controller/core/flow_controller.go index c7dc7da..74321eb 100644 --- a/internal/controller/core/flow_controller.go +++ b/internal/controller/core/flow_controller.go @@ -37,10 +37,12 @@ type FlowReconciler struct { // +kubebuilder:rbac:groups=core.kardinal.dev,resources=flows,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=core.kardinal.dev,resources=flows/status,verbs=get;update;patch // +kubebuilder:rbac:groups=core.kardinal.dev,resources=flows/finalizers,verbs=update +// +kubebuilder:rbac:groups=core,resources=namespaces,verbs=get;list;watch // +kubebuilder:rbac:groups=core,resources=services,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=core,resources=deployments,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=core,resources=virtualservices,verbs=get;list;watch;create;update;patch;delete -// +kubebuilder:rbac:groups=core,resources=destinationrules,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=networking.istio.io,resources=virtualservices,verbs=get;list;watch;create;update;patch;delete +// +kubebuilder:rbac:groups=networking.istio.io,resources=destinationrules,verbs=get;list;watch;create;update;patch;delete // Reconcile is part of the main kubernetes reconciliation loop which aims to // move the current state of the cluster closer to the desired state. From 14e4e9a860398eef4acc41e9d09f18f5323ae4b4 Mon Sep 17 00:00:00 2001 From: Laurent Luce Date: Fri, 18 Oct 2024 20:56:24 -0400 Subject: [PATCH 07/12] Update image and platforms --- Makefile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index c18ae0e..3165303 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,5 @@ # Image URL to use all building/pushing image targets -IMG ?= controller:latest +IMG ?= kurtosistech/kardinal-operator:latest # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. ENVTEST_K8S_VERSION = 1.31.0 @@ -22,7 +22,6 @@ SHELL = /usr/bin/env bash -o pipefail .SHELLFLAGS = -ec # Kardinal Operator -IMG ?= kurtosistech/kardinal-operator:latest .PHONY: all all: build @@ -106,7 +105,7 @@ docker-push: ## Push docker image with the manager. # - have enabled BuildKit. More info: https://docs.docker.com/develop/develop-images/build_enhancements/ # - be able to push the image to your registry (i.e. if you do not set a valid value via IMG=> then the export will fail) # To adequately provide solutions that are compatible with multiple platforms, you should consider using this option. -PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le +PLATFORMS ?= linux/arm64,linux/amd64 .PHONY: docker-buildx docker-buildx: ## Build and push docker image for the manager for cross-platform support # copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile From 0794fe58061e604f6779ba1f940dee708b238601 Mon Sep 17 00:00:00 2001 From: Laurent Luce Date: Fri, 18 Oct 2024 20:56:47 -0400 Subject: [PATCH 08/12] Add deploy and undeploy to README --- README.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f4a3a8b..50777f5 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,19 @@ Implementation of [Kardinal](https://github.com/kurtosis-tech/kardinal) as a K8S ## Install -The Kardinal Operator is built using Kubebuilder. Run the following commands to install the CRDs and the operator in the cluster pointed by your kubeconfig. +### Requirements + +Istio is required and your namespaces should be labeled for injection. + +``` +istioctl manifest install --set profile=default + +kubectl label namespace istio-injection=enabled +``` + +### Kardinal Operator + +The Kardinal Operator is built using Kubebuilder. Run the following commands to install the CRDs and the operator in the cluster pointed by your kubeconfig. The operator runs in a newly created namespace `kardinal-operator-system`. ``` make deploy From 5238350f0a337f3b5779f9d83314b5aab67f6eef Mon Sep 17 00:00:00 2001 From: Laurent Luce Date: Fri, 18 Oct 2024 20:57:31 -0400 Subject: [PATCH 09/12] Update image and platforms --- config/manager/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index ad13e96..5d90ad2 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -4,5 +4,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization images: - name: controller - newName: controller + newName: kurtosistech/kardinal-operator newTag: latest From 2073849814d4773090d3d2b1c9df7b6a251bcbe0 Mon Sep 17 00:00:00 2001 From: Laurent Luce Date: Fri, 18 Oct 2024 20:58:48 -0400 Subject: [PATCH 10/12] Push artifacts when PR merges --- .github/workflows/publish-artifacts.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/publish-artifacts.yml b/.github/workflows/publish-artifacts.yml index da15903..fac74b6 100644 --- a/.github/workflows/publish-artifacts.yml +++ b/.github/workflows/publish-artifacts.yml @@ -6,9 +6,6 @@ on: - main tags: - "v*.*.*" - pull_request: - branches: - - main concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} @@ -17,7 +14,7 @@ concurrency: jobs: build-publish-artifacts: runs-on: ubuntu-latest - # if: github.ref == 'refs/heads/main' + if: github.ref == 'refs/heads/main' steps: - name: git checkout uses: actions/checkout@v3 From dc140ba39b8a9af4c751165886fc484ad70799da Mon Sep 17 00:00:00 2001 From: Laurent Luce Date: Fri, 18 Oct 2024 21:00:17 -0400 Subject: [PATCH 11/12] Cleanup --- Makefile | 2 -- 1 file changed, 2 deletions(-) diff --git a/Makefile b/Makefile index 3165303..ecaf84e 100644 --- a/Makefile +++ b/Makefile @@ -21,8 +21,6 @@ CONTAINER_TOOL ?= docker SHELL = /usr/bin/env bash -o pipefail .SHELLFLAGS = -ec -# Kardinal Operator - .PHONY: all all: build From 4e9abae8a37824f7048d5e972e04324299482856 Mon Sep 17 00:00:00 2001 From: Laurent Luce Date: Mon, 21 Oct 2024 11:47:18 -0400 Subject: [PATCH 12/12] Add release please pushing the latest image --- .github/workflows/publish-artifacts.yml | 35 --------------- .github/workflows/release-please.yml | 57 +++++++++++++++++++++++++ 2 files changed, 57 insertions(+), 35 deletions(-) delete mode 100644 .github/workflows/publish-artifacts.yml create mode 100644 .github/workflows/release-please.yml diff --git a/.github/workflows/publish-artifacts.yml b/.github/workflows/publish-artifacts.yml deleted file mode 100644 index fac74b6..0000000 --- a/.github/workflows/publish-artifacts.yml +++ /dev/null @@ -1,35 +0,0 @@ -name: Publish artifacts - -on: - push: - branches: - - main - tags: - - "v*.*.*" - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -jobs: - build-publish-artifacts: - runs-on: ubuntu-latest - if: github.ref == 'refs/heads/main' - steps: - - name: git checkout - uses: actions/checkout@v3 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Login to Docker Hub - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Build and push Kardinal Operator images - run: make docker-buildx IMG=kurtosistech/kardinal-operator:latest diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml new file mode 100644 index 0000000..bcc4106 --- /dev/null +++ b/.github/workflows/release-please.yml @@ -0,0 +1,57 @@ +on: + push: + branches: + - main + +permissions: + contents: write + pull-requests: write + +name: release-please + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +jobs: + release-please: + runs-on: ubuntu-latest + outputs: + tag_name: ${{ steps.release.outputs.tag_name }} + release_created: ${{ steps.release.outputs.release_created }} + # skip releases on forks + if: github.repository == 'kurtosis-tech/kardinal-operator' + steps: + - name: Run Release Please + id: release + uses: googleapis/release-please-action@v3 + with: + token: ${{ secrets.RELEASE_PLEASE_TOKEN }} + release-type: simple + package-name: kardinal-operator + bump-minor-pre-major: true + bump-patch-for-minor-pre-major: true + include-v-in-tag: false + + build-and-publish-artifacts: + needs: release-please + runs-on: ubuntu-latest + if: ${{ needs.release-please.outputs.release_created }} + steps: + - name: git checkout + uses: actions/checkout@v3 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Build and push Kardinal Operator image + run: make docker-buildx IMG=kurtosistech/kardinal-operator:latest