From 4052964bfe73470fecf1790fa28597246c55e22e Mon Sep 17 00:00:00 2001 From: Kushal Harish Naidu Date: Tue, 21 May 2024 10:28:36 +0000 Subject: [PATCH 1/5] add missing packagerevision roles for PVS rbac Signed-off-by: Kushal Harish Naidu --- controllers/packagevariantsets/config/rbac/role.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/controllers/packagevariantsets/config/rbac/role.yaml b/controllers/packagevariantsets/config/rbac/role.yaml index e403fa3f..97c213a8 100644 --- a/controllers/packagevariantsets/config/rbac/role.yaml +++ b/controllers/packagevariantsets/config/rbac/role.yaml @@ -61,3 +61,15 @@ rules: - get - patch - update +- apiGroups: + - porch.kpt.dev + resources: + - packagerevisions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch \ No newline at end of file From 25cf60819071ff516e8df5711f4a9bc4223897e8 Mon Sep 17 00:00:00 2001 From: Kushal Harish Naidu Date: Wed, 22 May 2024 10:00:25 +0000 Subject: [PATCH 2/5] Add rbac to pvs code than role.yaml Signed-off-by: Kushal Harish Naidu --- controllers/packagevariantsets/config/rbac/role.yaml | 12 ------------ .../packagevariantset_controller.go | 2 ++ 2 files changed, 2 insertions(+), 12 deletions(-) diff --git a/controllers/packagevariantsets/config/rbac/role.yaml b/controllers/packagevariantsets/config/rbac/role.yaml index 97c213a8..e403fa3f 100644 --- a/controllers/packagevariantsets/config/rbac/role.yaml +++ b/controllers/packagevariantsets/config/rbac/role.yaml @@ -61,15 +61,3 @@ rules: - get - patch - update -- apiGroups: - - porch.kpt.dev - resources: - - packagerevisions - verbs: - - create - - delete - - get - - list - - patch - - update - - watch \ No newline at end of file diff --git a/controllers/packagevariantsets/pkg/controllers/packagevariantset/packagevariantset_controller.go b/controllers/packagevariantsets/pkg/controllers/packagevariantset/packagevariantset_controller.go index 292aa979..4e9753de 100644 --- a/controllers/packagevariantsets/pkg/controllers/packagevariantset/packagevariantset_controller.go +++ b/controllers/packagevariantsets/pkg/controllers/packagevariantset/packagevariantset_controller.go @@ -73,6 +73,8 @@ const ( //+kubebuilder:rbac:groups=config.porch.kpt.dev,resources=packagevariantsets/status,verbs=get;update;patch //+kubebuilder:rbac:groups=config.porch.kpt.dev,resources=packagevariantsets/finalizers,verbs=update //+kubebuilder:rbac:groups=config.porch.kpt.dev,resources=packagevariants,verbs=create;delete;get;list;patch;update;watch +//+kubebuilder:rbac:groups=porch.kpt.dev,resources=packagerevisions,verbs=create;delete;get;list;patch;update;watch +//+kubebuilder:rbac:groups=porch.kpt.dev,resources=packagerevisionresources,verbs=create;delete;get;list;patch;update;watch //+kubebuilder:rbac:groups=*,resources=*,verbs=list // Reconcile implements the main kubernetes reconciliation loop. From a1c92aa97ac265a6db630d217c6ceff1a4b90bb2 Mon Sep 17 00:00:00 2001 From: Kushal Harish Naidu Date: Thu, 23 May 2024 15:52:28 +0000 Subject: [PATCH 3/5] Disable caching for PackageRevisionResources Signed-off-by: Kushal Harish Naidu --- controllers/main.go | 14 +++++++++++--- .../packagevariantsets/config/rbac/role.yaml | 8 ++++++++ .../packagevariantset_controller.go | 3 +-- 3 files changed, 20 insertions(+), 5 deletions(-) diff --git a/controllers/main.go b/controllers/main.go index c84d141c..9ec66db2 100644 --- a/controllers/main.go +++ b/controllers/main.go @@ -32,6 +32,7 @@ import ( "k8s.io/client-go/tools/leaderelection/resourcelock" "k8s.io/klog/v2" "k8s.io/klog/v2/klogr" + "sigs.k8s.io/controller-runtime/pkg/client" metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" "sigs.k8s.io/controller-runtime/pkg/webhook" @@ -41,6 +42,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/healthz" "sigs.k8s.io/controller-runtime/pkg/reconcile" + "github.com/nephio-project/porch/api/porch" "github.com/nephio-project/porch/controllers/fleetsyncs/pkg/controllers/fleetsync" "github.com/nephio-project/porch/controllers/packagevariants/pkg/controllers/packagevariant" "github.com/nephio-project/porch/controllers/packagevariantsets/pkg/controllers/packagevariantset" @@ -118,11 +120,11 @@ func run(ctx context.Context) error { } managerOptions := ctrl.Options{ - Scheme: scheme, - Metrics: metricsserver.Options{ + Scheme: scheme, + Metrics: metricsserver.Options{ BindAddress: ":8080", }, - WebhookServer: webhook.NewServer(webhook.Options{ + WebhookServer: webhook.NewServer(webhook.Options{ Port: 9443, }), HealthProbeBindAddress: ":8081", @@ -130,6 +132,12 @@ func run(ctx context.Context) error { LeaderElectionID: "porch-operators.config.porch.kpt.dev", LeaderElectionResourceLock: resourcelock.LeasesResourceLock, MapperProvider: controllerrestmapper.New, + Client: client.Options{ + Cache: &client.CacheOptions{ + DisableFor: []client.Object{ + &porch.PackageRevisionResources{}}, + }, + }, } ctrl.SetLogger(klogr.New()) diff --git a/controllers/packagevariantsets/config/rbac/role.yaml b/controllers/packagevariantsets/config/rbac/role.yaml index e403fa3f..d1c8d77f 100644 --- a/controllers/packagevariantsets/config/rbac/role.yaml +++ b/controllers/packagevariantsets/config/rbac/role.yaml @@ -61,3 +61,11 @@ rules: - get - patch - update +- apiGroups: + - porch.kpt.dev + resources: + - packagerevisions + verbs: + - get + - list + - watch diff --git a/controllers/packagevariantsets/pkg/controllers/packagevariantset/packagevariantset_controller.go b/controllers/packagevariantsets/pkg/controllers/packagevariantset/packagevariantset_controller.go index 4e9753de..e4cd1811 100644 --- a/controllers/packagevariantsets/pkg/controllers/packagevariantset/packagevariantset_controller.go +++ b/controllers/packagevariantsets/pkg/controllers/packagevariantset/packagevariantset_controller.go @@ -73,8 +73,7 @@ const ( //+kubebuilder:rbac:groups=config.porch.kpt.dev,resources=packagevariantsets/status,verbs=get;update;patch //+kubebuilder:rbac:groups=config.porch.kpt.dev,resources=packagevariantsets/finalizers,verbs=update //+kubebuilder:rbac:groups=config.porch.kpt.dev,resources=packagevariants,verbs=create;delete;get;list;patch;update;watch -//+kubebuilder:rbac:groups=porch.kpt.dev,resources=packagerevisions,verbs=create;delete;get;list;patch;update;watch -//+kubebuilder:rbac:groups=porch.kpt.dev,resources=packagerevisionresources,verbs=create;delete;get;list;patch;update;watch +//+kubebuilder:rbac:groups=porch.kpt.dev,resources=packagerevisions,verbs=get;list;watch //+kubebuilder:rbac:groups=*,resources=*,verbs=list // Reconcile implements the main kubernetes reconciliation loop. From e7d458e5835dd19a9e88127f1c77cdd579a58350 Mon Sep 17 00:00:00 2001 From: Kushal Harish Naidu Date: Thu, 23 May 2024 16:03:03 +0000 Subject: [PATCH 4/5] remove added rbac --- controllers/packagevariantsets/config/rbac/role.yaml | 8 -------- .../packagevariantset/packagevariantset_controller.go | 1 - 2 files changed, 9 deletions(-) diff --git a/controllers/packagevariantsets/config/rbac/role.yaml b/controllers/packagevariantsets/config/rbac/role.yaml index d1c8d77f..e403fa3f 100644 --- a/controllers/packagevariantsets/config/rbac/role.yaml +++ b/controllers/packagevariantsets/config/rbac/role.yaml @@ -61,11 +61,3 @@ rules: - get - patch - update -- apiGroups: - - porch.kpt.dev - resources: - - packagerevisions - verbs: - - get - - list - - watch diff --git a/controllers/packagevariantsets/pkg/controllers/packagevariantset/packagevariantset_controller.go b/controllers/packagevariantsets/pkg/controllers/packagevariantset/packagevariantset_controller.go index e4cd1811..292aa979 100644 --- a/controllers/packagevariantsets/pkg/controllers/packagevariantset/packagevariantset_controller.go +++ b/controllers/packagevariantsets/pkg/controllers/packagevariantset/packagevariantset_controller.go @@ -73,7 +73,6 @@ const ( //+kubebuilder:rbac:groups=config.porch.kpt.dev,resources=packagevariantsets/status,verbs=get;update;patch //+kubebuilder:rbac:groups=config.porch.kpt.dev,resources=packagevariantsets/finalizers,verbs=update //+kubebuilder:rbac:groups=config.porch.kpt.dev,resources=packagevariants,verbs=create;delete;get;list;patch;update;watch -//+kubebuilder:rbac:groups=porch.kpt.dev,resources=packagerevisions,verbs=get;list;watch //+kubebuilder:rbac:groups=*,resources=*,verbs=list // Reconcile implements the main kubernetes reconciliation loop. From 9a1a1bae6325af54fb9d7f445ec335326229e40e Mon Sep 17 00:00:00 2001 From: Kushal Harish Naidu Date: Fri, 24 May 2024 16:06:53 +0000 Subject: [PATCH 5/5] Add porch to runtime scheme Signed-off-by: Kushal Harish Naidu --- controllers/main.go | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/controllers/main.go b/controllers/main.go index 9ec66db2..0a316f9c 100644 --- a/controllers/main.go +++ b/controllers/main.go @@ -42,7 +42,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/healthz" "sigs.k8s.io/controller-runtime/pkg/reconcile" - "github.com/nephio-project/porch/api/porch" + porchapi "github.com/nephio-project/porch/api/porch/v1alpha1" "github.com/nephio-project/porch/controllers/fleetsyncs/pkg/controllers/fleetsync" "github.com/nephio-project/porch/controllers/packagevariants/pkg/controllers/packagevariant" "github.com/nephio-project/porch/controllers/packagevariantsets/pkg/controllers/packagevariantset" @@ -119,6 +119,10 @@ func run(ctx context.Context) error { return fmt.Errorf("error initializing scheme: %w", err) } + if err := porchapi.AddToScheme(scheme); err != nil { + return fmt.Errorf("error initializing scheme: %w", err) + } + managerOptions := ctrl.Options{ Scheme: scheme, Metrics: metricsserver.Options{ @@ -135,7 +139,7 @@ func run(ctx context.Context) error { Client: client.Options{ Cache: &client.CacheOptions{ DisableFor: []client.Object{ - &porch.PackageRevisionResources{}}, + &porchapi.PackageRevisionResources{}}, }, }, }