Merge pull request #18 from gabemontero/auto-prov-tekton-olm

BUILD-260: auto provision tekton via tekton operator if necessary
shipwright-io · Sep 3, 2021 · 32476e2 · 32476e2
2 parents 4dc4648 + e5f838b
commit 32476e2
Show file tree

Hide file tree

Showing 582 changed files with 43,725 additions and 6,538 deletions.
diff --git a/README.md b/README.md
@@ -13,13 +13,6 @@ To deploy and manage instances of [Shipwright Build-Controller][build-controller
 operator is up-and-running, and then create the following:
 
 ```yml
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: shipwright-build
-spec: {}
-
 ---
 apiVersion: operator.shipwright.io/v1alpha1
 kind: ShipwrightBuild
@@ -34,4 +27,7 @@ It will deploy the Build-Controller in `shipwright-build` namespace. When `.spec
 set, it will use the `shipwright-build` namespace, this namespace needs to be created before the
 actual deployment takes place.
 
+It will also ensure Tekton is sufficient installed at the required level if the minimally required version
+of the [Tekton Operator](https://github.com/tektoncd/operator) is installed on the cluster.
+
 [build-controller]: https://github.com/shipwright-io/build
diff --git a/bundle/manifests/operator.clusterserviceversion.yaml b/bundle/manifests/operator.clusterserviceversion.yaml
@@ -30,6 +30,10 @@ spec:
       kind: ShipwrightBuild
       name: shipwrightbuilds.operator.shipwright.io
       version: v1alpha1
+    required:
+    - kind: TektonConfig
+      name: tektonconfigs.operator.tekton.dev
+      version: v1alpha1
   description: Install Shipwright Builds on your Kubernetes cluster
   displayName: Shipwright Operator
   icon:
@@ -200,6 +204,18 @@ spec:
           - patch
           - update
           - watch
+        - apiGroups:
+          - ""
+          resources:
+          - namespaces
+          verbs:
+          - create
+          - delete
+          - get
+          - list
+          - patch
+          - update
+          - watch
         - apiGroups:
           - authentication.k8s.io
           resources:
@@ -212,6 +228,18 @@ spec:
           - subjectaccessreviews
           verbs:
           - create
+        - apiGroups:
+          - operator.tekton.dev
+          resources:
+          - tektonconfigs
+          verbs:
+          - create
+          - delete
+          - get
+          - list
+          - patch
+          - update
+          - watch
         serviceAccountName: default
       deployments:
       - name: operator-controller-manager

diff --git a/cmd/operator/main.go b/cmd/operator/main.go
@@ -13,13 +13,16 @@ import (
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 
 	apiextv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	crdclientv1 "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 
+	tektonoperatorv1alpha1client "github.com/tektoncd/operator/pkg/client/clientset/versioned/typed/operator/v1alpha1"
+
 	operatorv1alpha1 "github.com/shipwright-io/operator/api/v1alpha1"
 	"github.com/shipwright-io/operator/controllers"
 	// +kubebuilder:scaffold:imports
@@ -79,10 +82,23 @@ func main() {
 		os.Exit(1)
 	}
 
+	crdClient, err := crdclientv1.NewForConfig(mgr.GetConfig())
+	if err != nil {
+		setupLog.Error(err, "unable to get crd client")
+		os.Exit(1)
+	}
+	tektonOperatorClient, err := tektonoperatorv1alpha1client.NewForConfig(mgr.GetConfig())
+	if err != nil {
+		setupLog.Error(err, "unable to get tekton operator client")
+		os.Exit(1)
+	}
+
 	if err = (&controllers.ShipwrightBuildReconciler{
-		Client: mgr.GetClient(),
-		Scheme: mgr.GetScheme(),
-		Logger: ctrl.Log.WithName("controllers").WithName("ShipwrightBuild"),
+		CRDClient:            crdClient,
+		TektonOperatorClient: tektonOperatorClient,
+		Client:               mgr.GetClient(),
+		Scheme:               mgr.GetScheme(),
+		Logger:               ctrl.Log.WithName("controllers").WithName("ShipwrightBuild"),
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "ShipwrightBuild")
 		os.Exit(1)

diff --git a/config/manifests/bases/operator.clusterserviceversion.yaml b/config/manifests/bases/operator.clusterserviceversion.yaml
@@ -16,6 +16,10 @@ spec:
       kind: ShipwrightBuild
       name: shipwrightbuilds.operator.shipwright.io
       version: v1alpha1
+    required:
+    - kind: TektonConfig
+      name: tektonconfigs.operator.tekton.dev
+      version: v1alpha1
   description: Install Shipwright Builds on your Kubernetes cluster
   displayName: Shipwright Operator
   icon:

diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml
@@ -3,6 +3,10 @@ resources:
 - role_binding.yaml
 - leader_election_role.yaml
 - leader_election_role_binding.yaml
+- tektonconfig_operator_role.yaml
+- tektonconfig_operator_rolebinding.yaml
+- namespace_role.yaml
+- namespace_rolebinding.yaml
 # Comment the following 4 lines if you want to disable
 # the auth proxy (https://github.com/brancz/kube-rbac-proxy)
 # which protects your /metrics endpoint.

diff --git a/config/rbac/namespace_role.yaml b/config/rbac/namespace_role.yaml
@@ -0,0 +1,18 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: namespace-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
diff --git a/config/rbac/namespace_rolebinding.yaml b/config/rbac/namespace_rolebinding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: namespace-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: namespace-role
+subjects:
+  - kind: ServiceAccount
+    name: default
+    namespace: system
diff --git a/config/rbac/tektonconfig_operator_role.yaml b/config/rbac/tektonconfig_operator_role.yaml
@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: tektonconfig-operator-role
+rules:
+  - apiGroups:
+      - operator.tekton.dev
+    resources:
+      - tektonconfigs
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
diff --git a/config/rbac/tektonconfig_operator_rolebinding.yaml b/config/rbac/tektonconfig_operator_rolebinding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: tektonconfig-operator-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: tektonconfig-operator-role
+subjects:
+  - kind: ServiceAccount
+    name: default
+    namespace: system