Skip to content

Commit

Permalink
[WIP] salt, build: automate operator-controller install
Browse files Browse the repository at this point in the history
  • Loading branch information
eg-ayoub committed Dec 12, 2024
1 parent e495890 commit e8851de
Show file tree
Hide file tree
Showing 7 changed files with 1,086 additions and 0 deletions.
1 change: 1 addition & 0 deletions buildchain/buildchain/image.py
Original file line number Diff line number Diff line change
Expand Up @@ -219,6 +219,7 @@ def _local_image(name: str, **kwargs: Any) -> targets.LocalImage:
],
constants.OPERATOR_FRAMEWORK_REPOSITORYT: [
"catalogd",
"operator-controller",
],
constants.KUBE_BUILDER_REPOSITORY: [
"kube-rbac-proxy",
Expand Down
5 changes: 5 additions & 0 deletions buildchain/buildchain/versions.py
Original file line number Diff line number Diff line change
Expand Up @@ -232,6 +232,11 @@ def _version_prefix(version: str, prefix: str = "v") -> str:
version=_version_prefix(OLM_VERSION),
digest="sha256:f74153f1e83cf3066f6ba1179fa09466e6b1defcbaf628c42c02aca500acd73d",
),
Image(
name="operator-controller",
version=_version_prefix(OLM_VERSION),
digest="sha256:a07181e9c9ce02eb7b5c9f12e3fce58bec416b05adbe946982a8273d3ffbc4d3",
),
Image(
name="kube-rbac-proxy",
version="v0.15.0",
Expand Down
53 changes: 53 additions & 0 deletions salt/metalk8s/addons/olm/operator-controller/deployed/cert.sls
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
#!jinja | metalk8s_kubernetes

---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: olmv1-ca
namespace: metalk8s-certs
spec:
commonName: olmv1-ca
isCA: true
issuerRef:
group: cert-manager.io
kind: Issuer
name: self-sign-issuer
privateKey:
algorithm: ECDSA
size: 256
secretName: olmv1-ca
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: olmv1-cert
namespace: olmv1-system
spec:
dnsNames:
- operator-controller.olmv1-system.svc
- operator-controller.olmv1-system.svc.cluster.local
issuerRef:
group: cert-manager.io
kind: ClusterIssuer
name: olmv1-ca
privateKey:
algorithm: ECDSA
size: 256
secretName: olmv1-cert
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: olmv1-ca
spec:
ca:
secretName: olmv1-ca
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: self-sign-issuer
namespace: metalk8s-certs
spec:
selfSigned: {}
591 changes: 591 additions & 0 deletions salt/metalk8s/addons/olm/operator-controller/deployed/crds.sls

Large diffs are not rendered by default.

22 changes: 22 additions & 0 deletions salt/metalk8s/addons/olm/operator-controller/deployed/init.sls
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
include:
- ...catalogd.deployed
- crds
- rbac
- cert
- operator-controller

Wait for the Operator Controller Controller Manager Deployment to be Ready:
test.configurable_test_state:
- changes: False
- result: __slot__:salt:metalk8s_kubernetes.check_object_ready(
apiVersion=apps/v1, kind=Deployment,
name=operator-controller-controller-manager, namespace=olmv1-system)
- comment: Wait for the Operator Controller to be Ready
- retry:
attempts: 30
- require:
- test: Wait for the Catalogd Controller Manager deployment to be Ready
- sls: metalk8s.addons.olm.operator-controller.deployed.crds
- sls: metalk8s.addons.olm.operator-controller.deployed.rbac
- sls: metalk8s.addons.olm.operator-controller.deployed.cert
- sls: metalk8s.addons.olm.operator-controller.deployed.operator-controller
Original file line number Diff line number Diff line change
@@ -0,0 +1,143 @@
#!jinja | metalk8s_kubernetes
{%- from "metalk8s/repo/macro.sls" import build_image_name with context %}
---
apiVersion: v1
kind: Service
metadata:
labels:
control-plane: operator-controller-controller-manager
name: operator-controller-controller-manager-metrics-service
namespace: olmv1-system
spec:
ports:
- name: https
port: 8443
protocol: TCP
targetPort: https
selector:
control-plane: operator-controller-controller-manager
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
kubectl.kubernetes.io/default-logs-container: manager
labels:
control-plane: operator-controller-controller-manager
name: operator-controller-controller-manager
namespace: olmv1-system
spec:
replicas: 1
selector:
matchLabels:
control-plane: operator-controller-controller-manager
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: manager
labels:
control-plane: operator-controller-controller-manager
spec:
nodeSelector:
kubernetes.io/os: linux
node-role.kubernetes.io/infra: ""
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/bootstrap
operator: Exists
- effect: NoSchedule
key: node-role.kubernetes.io/infra
operator: Exists
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
- arm64
- ppc64le
- s390x
- key: kubernetes.io/os
operator: In
values:
- linux
containers:
- args:
- --health-probe-bind-address=:8081
- --metrics-bind-address=127.0.0.1:8080
- --leader-elect
- --ca-certs-dir=/var/certs
command:
- /manager
image: {{ build_image_name("operator-controller") }}
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
name: manager
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources:
requests:
cpu: 10m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: /var/cache
name: cache
- mountPath: /var/certs/
name: olmv1-certificate
readOnly: true
- args:
- --secure-listen-address=0.0.0.0:8443
- --http2-disable
- --upstream=http://127.0.0.1:8080/
- --logtostderr=true
image: {{ build_image_name("kube-rbac-proxy") }}
name: kube-rbac-proxy
ports:
- containerPort: 8443
name: https
protocol: TCP
resources:
requests:
cpu: 5m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
terminationMessagePolicy: FallbackToLogsOnError
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
serviceAccountName: operator-controller-controller-manager
terminationGracePeriodSeconds: 10
volumes:
- emptyDir: {}
name: cache
- name: olmv1-certificate
secret:
items:
- key: ca.crt
path: olm-ca.crt
optional: false
secretName: olmv1-cert
Loading

0 comments on commit e8851de

Please sign in to comment.