diff --git a/.github/workflows/spectro-release.yaml b/.github/workflows/spectro-release.yaml new file mode 100644 index 0000000..a4d5bac --- /dev/null +++ b/.github/workflows/spectro-release.yaml @@ -0,0 +1,83 @@ +name: Spectro Release +run-name: Release for Microk8s Cluster API Controlplane provider ${{ github.event.inputs.release_version }} +on: + workflow_dispatch: + inputs: + release_version: + description: 'Microk8s Cluster API Controlplane provider Version to Build' + required: true + default: '0.0.0' + rel_type: + type: choice + description: Type of release + options: + - release + - rc +jobs: + builder: + # edge-runner machine group is a bunch of machines in US Datacenter + runs-on: ubuntu-latest + # Initialize all secrets required for the job + # Ensure that the credentials are provided as encrypted secrets + env: + SPECTRO_VERSION: ${{ github.event.inputs.release_version }} + LEGACY_REGISTRY: gcr.io/spectro-images-public/release/cluster-api/capi-control-plane-provider-microk8s + FIPS_REGISTRY: gcr.io/spectro-images-public/release-fips/cluster-api/capi-control-plane-provider-microk8s + steps: + - + uses: mukunku/tag-exists-action@v1.2.0 + id: checkTag + with: + tag: v${{ github.event.inputs.release_version }}-spectro + - + if: ${{ steps.checkTag.outputs.exists == 'true' }} + run: | + echo "Tag already exists for v${{ github.event.inputs.release_version }}-spectro..." + exit 1 + - + if: ${{ github.event.inputs.rel_type == 'rc' }} + run: | + echo "LEGACY_REGISTRY=gcr.io/spectro-dev-public/release/cluster-api/capi-control-plane-provider-microk8s" >> $GITHUB_ENV + echo "FIPS_REGISTRY=gcr.io/spectro-dev-public/release-fips/cluster-api/capi-control-plane-provider-microk8s" >> $GITHUB_ENV + - + uses: actions/checkout@v3 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + - + name: Login to private registry + uses: docker/login-action@v1 + with: + registry: ${{ secrets.REGISTRY_URL }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} + - + name: Build Image + env: + REGISTRY: ${{ env.LEGACY_REGISTRY }} + run: | + make docker-build-all + make docker-push-all + - + name: Build Image - FIPS Mode + env: + FIPS_ENABLE: yes + REGISTRY: ${{ env.FIPS_REGISTRY }} + ALL_ARCH: amd64 + run: | + make docker-build-all + make docker-push-all + - + name: Create Release + if: ${{ github.event.inputs.rel_type == 'release' }} + id: create_release + uses: actions/create-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + tag_name: v${{ github.event.inputs.release_version }}-spectro + release_name: Release v${{ github.event.inputs.release_version }}-spectro + body: | + Release version v${{ github.event.inputs.release_version }}-spectro + draft: false + prerelease: false diff --git a/Dockerfile b/Dockerfile index 9c1de47..37a6d05 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,19 @@ -# Build the manager binary -FROM golang:1.21 as builder +ARG BUILDER_GOLANG_VERSION +# First stage: build the executable. +FROM --platform=$TARGETPLATFORM gcr.io/spectro-images-public/golang:${BUILDER_GOLANG_VERSION}-alpine as toolchain +# Run this with docker build --build_arg $(go env GOPROXY) to override the goproxy +ARG goproxy=https://proxy.golang.org +ENV GOPROXY=$goproxy -ARG arch +# FIPS +ARG CRYPTO_LIB +ENV GOEXPERIMENT=${CRYPTO_LIB:+boringcrypto} +FROM toolchain as builder WORKDIR /workspace + +RUN apk update + # Copy the Go Modules manifests COPY go.mod go.mod COPY go.sum go.sum @@ -17,7 +27,17 @@ COPY api/ api/ COPY controllers/ controllers/ # Build -RUN CGO_ENABLED=0 GOOS=linux GOARCH=$arch go build -a -ldflags '-s -w' -o manager main.go +ARG ARCH +ARG ldflags +RUN if [ ${CRYPTO_LIB} ]; \ + then \ + GOARCH=${ARCH} go-build-fips.sh -a -o manager main.go;\ + else \ + GOARCH=${ARCH} go-build-static.sh -a -o manager main.go;\ + fi +RUN if [ "${CRYPTO_LIB}" ]; then assert-static.sh manager; fi +RUN if [ "${CRYPTO_LIB}" ]; then assert-fips.sh manager; fi +RUN scan-govulncheck.sh manager # Use distroless as minimal base image to package the manager binary # Refer to https://github.com/GoogleContainerTools/distroless for more details diff --git a/Makefile b/Makefile index 540f6d0..16e820d 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,14 @@ - +ARCH ?= amd64 +ALL_ARCH = amd64 arm64 +SPECTRO_VERSION ?= 4.1.0-dev +TAG ?= v0.6.6-spectro-${SPECTRO_VERSION} # Image URL to use all building/pushing image targets -IMG ?= cdkbot/capi-control-plane-provider-microk8s:latest +REGISTRY ?= gcr.io/spectro-dev-public/$(USER)/capi-control-plane-provider-microk8s +IMG ?= ${REGISTRY}:${TAG} + +BUILDER_GOLANG_VERSION ?= 1.22 +BUILD_ARGS = --build-arg CRYPTO_LIB=${FIPS_ENABLE} --build-arg BUILDER_GOLANG_VERSION=${BUILDER_GOLANG_VERSION} + # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. ENVTEST_K8S_VERSION = 1.23 # Components file to be used by clusterctl @@ -76,23 +84,36 @@ build: generate fmt vet ## Build manager binary. run: manifests generate fmt vet ## Run a controller from your host. go run ./main.go -.PHONY: docker-build -docker-build-%: ## Build docker image with the manager. - docker build -t ${IMG}-$* . --build-arg arch=$* -docker-build: docker-build-amd64 docker-build-arm64 +## Docker build + +docker-build-%: ## Build docker images for a given ARCH + $(MAKE) ARCH=$* docker-build + +.PHONY: docker-build-all ## Build all the architecture docker images +docker-build-all: $(addprefix docker-build-,$(ALL_ARCH)) + +docker-build: ## Build docker image with the manager. + DOCKER_BUILDKIT=1 docker buildx build --load --platform linux/${ARCH} ${BUILD_ARGS} --build-arg ARCH=$(ARCH) -t $(REGISTRY)-$(ARCH):$(TAG) . + +## Docker push + +.PHONY: docker-push-all ## Push all the architecture docker images +docker-push-all: $(addprefix docker-push-,$(ALL_ARCH)) + $(MAKE) docker-push-manifest .PHONY: docker-push -docker-push-%: docker-build-% ## Push docker image with the manager. - docker push ${IMG}-$* -docker-push: docker-push-amd64 docker-push-arm64 - -.PHONY: docker-manifest -docker-manifest: docker-push ## Push docker multi-arch manifest. - docker manifest rm ${IMG} || true - docker manifest create ${IMG} --amend ${IMG}-amd64 --amend ${IMG}-arm64 - docker manifest annotate ${IMG} ${IMG}-amd64 --arch=amd64 - docker manifest annotate ${IMG} ${IMG}-arm64 --arch=arm64 - docker manifest push ${IMG} +docker-push: ## Push the docker image + docker push $(REGISTRY)-$(ARCH):$(TAG) + +docker-push-%: + $(MAKE) ARCH=$* docker-push + +.PHONY: docker-push-manifest +docker-push-manifest: ## Push the fat manifest docker image. + ## Minimum docker version 18.06.0 is required for creating and pushing manifest images. + docker manifest create --amend $(REGISTRY):$(TAG) $(shell echo $(ALL_ARCH) | sed -e "s~[^ ]*~$(REGISTRY)\-&:$(TAG)~g") + @for arch in $(ALL_ARCH); do docker manifest annotate --arch $${arch} ${REGISTRY}:${TAG} ${REGISTRY}-$${arch}:${TAG}; done + docker manifest push --purge ${REGISTRY}:${TAG} .PHONY: lint lint: golangci-lint ## Lint the codebase diff --git a/controllers/reconcile.go b/controllers/reconcile.go index d4e00c0..5ab89f9 100644 --- a/controllers/reconcile.go +++ b/controllers/reconcile.go @@ -265,7 +265,7 @@ func (r *MicroK8sControlPlaneReconciler) reconcileMachines(ctx context.Context, "Scaling down control plane to %d replicas (actual %d)", desiredReplicas, numMachines) - if numMachines < 4 { + if numMachines < 4 && desiredReplicas == 3 { conditions.MarkFalse(mcp, clusterv1beta1.ResizedCondition, clusterv1beta1.ScalingDownReason, clusterv1.ConditionSeverityError, "Cannot scale down control plane nodes to less than 3 nodes") diff --git a/go.mod b/go.mod index 02e3ccc..6529ab9 100644 --- a/go.mod +++ b/go.mod @@ -63,13 +63,13 @@ require ( go.uber.org/atomic v1.10.0 // indirect go.uber.org/multierr v1.8.0 // indirect go.uber.org/zap v1.23.0 // indirect - golang.org/x/crypto v0.1.0 // indirect - golang.org/x/mod v0.7.0 - golang.org/x/net v0.1.0 // indirect + golang.org/x/crypto v0.21.0 // indirect + golang.org/x/mod v0.8.0 + golang.org/x/net v0.23.0 // indirect golang.org/x/oauth2 v0.1.0 // indirect - golang.org/x/sys v0.1.0 // indirect - golang.org/x/term v0.1.0 // indirect - golang.org/x/text v0.4.0 // indirect + golang.org/x/sys v0.18.0 // indirect + golang.org/x/term v0.18.0 // indirect + golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.1.0 // indirect gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect google.golang.org/appengine v1.6.7 // indirect diff --git a/go.sum b/go.sum index b67a207..d8d48af 100644 --- a/go.sum +++ b/go.sum @@ -393,8 +393,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU= -golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= +golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= +golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -425,8 +425,8 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.7.0 h1:LapD9S96VoQRhi/GrNTqeBJFrUjs5UHCAtTlgwA5oZA= -golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -465,8 +465,8 @@ golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0= -golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= +golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= +golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -533,12 +533,12 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U= -golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw= -golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -547,8 +547,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg= -golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= diff --git a/main.go b/main.go index 4b3dbfb..70e426d 100644 --- a/main.go +++ b/main.go @@ -19,7 +19,6 @@ package main import ( "flag" "os" - // Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.) // to ensure that exec-entrypoint and run can make use of them. _ "k8s.io/client-go/plugin/pkg/client/auth" @@ -43,9 +42,13 @@ import ( var ( scheme = runtime.NewScheme() setupLog = ctrl.Log.WithName("setup") + + // flags + ) func init() { + utilruntime.Must(clientgoscheme.AddToScheme(scheme)) utilruntime.Must(clusterv1.AddToScheme(scheme)) utilruntime.Must(v1beta1.AddToScheme(scheme)) @@ -58,11 +61,13 @@ func main() { var metricsAddr string var enableLeaderElection bool var probeAddr string + var watchNamespace string flag.StringVar(&metricsAddr, "metrics-bind-address", ":8082", "The address the metric endpoint binds to.") flag.StringVar(&probeAddr, "health-probe-bind-address", ":8083", "The address the probe endpoint binds to.") flag.BoolVar(&enableLeaderElection, "leader-elect", false, "Enable leader election for controller manager. "+ "Enabling this will ensure there is only one active controller manager.") + flag.StringVar(&watchNamespace, "namespace", "", "Namespace that the controller watches to reconcile cluster-api objects. If unspecified, the controller watches for cluster-api objects across all namespaces.") opts := zap.Options{ Development: true, } @@ -71,6 +76,10 @@ func main() { ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts))) + if watchNamespace != "" { + setupLog.Info("Watching cluster-api objects only in namespace for reconciliation", "namespace", watchNamespace) + } + mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ Scheme: scheme, MetricsBindAddress: metricsAddr, @@ -78,6 +87,7 @@ func main() { HealthProbeBindAddress: probeAddr, LeaderElection: enableLeaderElection, LeaderElectionID: "microk8s-control-plane-manager-leader-election-capi", + Namespace: watchNamespace, }) if err != nil { setupLog.Error(err, "unable to start manager") diff --git a/spectro/base/kustomization.yaml b/spectro/base/kustomization.yaml new file mode 100644 index 0000000..f4614d4 --- /dev/null +++ b/spectro/base/kustomization.yaml @@ -0,0 +1,29 @@ +namespace: capi-microk8s-control-plane-system + +namePrefix: capi-microk8s-control-plane- + +commonLabels: + cluster.x-k8s.io/provider: "control-plane-microk8s" + +resources: + - ../../config/manager + + +patchesStrategicMerge: + - ../../config/default/manager_auth_proxy_patch.yaml + +patchesJson6902: + - target: + group: apps + kind: Deployment + name: controller-manager + namespace: system + version: v1 + path: patch_service_account.yaml + - target: + group: apps + kind: Deployment + name: controller-manager + namespace: system + version: v1 + path: patch_healthcheck.yaml \ No newline at end of file diff --git a/spectro/base/patch_healthcheck.yaml b/spectro/base/patch_healthcheck.yaml new file mode 100644 index 0000000..c6b763a --- /dev/null +++ b/spectro/base/patch_healthcheck.yaml @@ -0,0 +1,6 @@ +#- op: remove +# path: "/spec/template/spec/containers/0/ports" +- op: remove + path: "/spec/template/spec/containers/1/livenessProbe" +- op: remove + path: "/spec/template/spec/containers/1/readinessProbe" \ No newline at end of file diff --git a/spectro/base/patch_service_account.yaml b/spectro/base/patch_service_account.yaml new file mode 100644 index 0000000..d9cd432 --- /dev/null +++ b/spectro/base/patch_service_account.yaml @@ -0,0 +1,2 @@ +- op: remove + path: "/spec/template/spec/serviceAccountName" diff --git a/spectro/generated/core-base.yaml b/spectro/generated/core-base.yaml new file mode 100644 index 0000000..eb3720c --- /dev/null +++ b/spectro/generated/core-base.yaml @@ -0,0 +1,90 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-microk8s + control-plane: controller-manager + name: capi-microk8s-control-plane-system +--- +apiVersion: v1 +data: + controller_manager_config.yaml: | + apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 + kind: ControllerManagerConfig + health: + healthProbeBindAddress: :8081 + metrics: + bindAddress: 127.0.0.1:8080 + webhook: + port: 9443 + leaderElection: + leaderElect: true + resourceName: 43109c0a.cluster.x-k8s.io +kind: ConfigMap +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-microk8s + name: capi-microk8s-control-plane-manager-config + namespace: capi-microk8s-control-plane-system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + cluster.x-k8s.io/provider: control-plane-microk8s + control-plane: controller-manager + name: capi-microk8s-control-plane-controller-manager + namespace: capi-microk8s-control-plane-system +spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: control-plane-microk8s + control-plane: controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + cluster.x-k8s.io/provider: control-plane-microk8s + control-plane: controller-manager + spec: + containers: + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + command: + - /manager + image: docker.io/cdkbot/capi-control-plane-provider-microk8s:latest + name: manager + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + securityContext: + runAsNonRoot: true + terminationGracePeriodSeconds: 10 diff --git a/spectro/generated/core-global.yaml b/spectro/generated/core-global.yaml new file mode 100644 index 0000000..d772e46 --- /dev/null +++ b/spectro/generated/core-global.yaml @@ -0,0 +1,391 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: null + labels: + cluster.x-k8s.io/provider: control-plane-microk8s + cluster.x-k8s.io/v1beta1: v1beta1 + name: microk8scontrolplanes.controlplane.cluster.x-k8s.io +spec: + group: controlplane.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: MicroK8sControlPlane + listKind: MicroK8sControlPlaneList + plural: microk8scontrolplanes + shortNames: + - mcp + singular: microk8scontrolplane + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: MicroK8sControlPlane API Server is ready to receive requests + jsonPath: .status.ready + name: Ready + type: boolean + - description: This denotes whether or not the control plane has the uploaded + microk8s-config configmap + jsonPath: .status.initialized + name: Initialized + type: boolean + - description: Total number of non-terminated machines targeted by this control + plane + jsonPath: .status.replicas + name: Replicas + type: integer + - description: Total number of fully running and ready control plane machines + jsonPath: .status.readyReplicas + name: Ready Replicas + type: integer + - description: Total number of unavailable machines targeted by this control plane + jsonPath: .status.unavailableReplicas + name: Unavailable Replicas + type: integer + name: v1beta1 + schema: + openAPIV3Schema: + description: MicroK8sControlPlane is the Schema for the microk8scontrolplanes + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MicroK8sControlPlaneSpec defines the desired state of MicroK8sControlPlane + properties: + controlPlaneConfig: + description: ControlPlaneConfig is the reference configs to be used + for initializing and joining machines to the control plane. + properties: + clusterConfiguration: + description: InitConfiguration along with ClusterConfiguration + are the configurations necessary for the init command + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + portCompatibilityRemap: + default: true + description: PortCompatibilityRemap switches the default ports + used by cluster agent (25000) and dqlite (19001) to 30000 + and 2379. The default ports are blocked via security groups + in several infra providers. + type: boolean + type: object + initConfiguration: + properties: + IPinIP: + description: The optional IPinIP configuration + type: boolean + addons: + description: List of addons to be enabled upon cluster creation + items: + type: string + type: array + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bootCommands: + description: BootCommands is a list of commands to run during + boot. These will be injected into the `bootcmd` section + of cloud-init. + items: + type: string + type: array + confinement: + description: The confinement (strict or classic) configuration + enum: + - classic + - strict + type: string + extraKubeletArgs: + description: ExtraKubeletArgs is a list of extra arguments + to add to the kubelet. + items: + type: string + type: array + extraWriteFiles: + description: ExtraWriteFiles is a list of extra files to inject + with cloud-init. + items: + description: CloudInitWriteFile is a file that will be injected + by cloud-init + properties: + content: + description: Content of the file to create. + type: string + owner: + description: Owner of the file to create, e.g. "root:root" + type: string + path: + description: Path where the file should be created. + type: string + permissions: + description: Permissions of the file to create, e.g. + "0600" + type: string + required: + - content + - owner + - path + - permissions + type: object + type: array + httpProxy: + description: The optional http proxy configuration + type: string + httpsProxy: + description: The optional https proxy configuration + type: string + joinTokenTTLInSecs: + default: 315569260 + description: The join token will expire after the specified + seconds, defaults to 10 years + format: int64 + minimum: 1 + type: integer + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + noProxy: + description: The optional no proxy configuration + type: string + postRunCommands: + description: PostRunCommands is a list of commands to run + after installing MicroK8s. These will be injected into the + `runcmd` section of cloud-init. + items: + type: string + type: array + preRunCommands: + description: PreRunCommands is a list of commands to run before + installing MicroK8s. These will be injected into the `runcmd` + section of cloud-init. + items: + type: string + type: array + riskLevel: + default: stable + description: The risk-level (stable, candidate, beta, or edge) + for the snaps + enum: + - stable + - candidate + - beta + - edge + type: string + snapstoreHTTPProxy: + description: Optional http proxy configuration for the snap + store + type: string + snapstoreHTTPSProxy: + description: Optional https proxy configuration for the snap + store + type: string + snapstoreProxyDomain: + description: The snap store proxy domain + type: string + snapstoreProxyId: + description: The snap store proxy ID + type: string + type: object + type: object + machineTemplate: + description: MachineTemplate is the machine template to be used for + creating control plane machines. + properties: + infrastructureTemplate: + description: InfrastructureTemplate is a required reference to + a custom resource offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - infrastructureTemplate + type: object + replicas: + description: Replicas is the desired number of control-plane machine + replicas. + format: int32 + type: integer + upgradeStrategy: + description: 'UpgradeStrategy describes how to replace existing machines + with new ones. Values can be: InPlaceUpgrade, RollingUpgrade or + SmartUpgrade.' + enum: + - InPlaceUpgrade + - RollingUpgrade + - SmartUpgrade + type: string + version: + description: Version defines the desired Kubernetes version. + minLength: 2 + pattern: ^v(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)([-0-9a-zA-Z_\.+]*)?$ + type: string + required: + - machineTemplate + - version + type: object + status: + description: MicroK8sControlPlaneStatus defines the observed state of + MicroK8sControlPlane + properties: + bootstrapped: + description: Bootstrapped denotes whether any nodes received bootstrap + request which is required to start etcd and Kubernetes components + in MicroK8s. + type: boolean + conditions: + description: Conditions defines current service state of the MicroK8sControlPlane. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + initialized: + description: Initialized denotes whether or not the control plane + has the uploaded microk8s-config configmap. + type: boolean + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready denotes that the MicroK8sControlPlane API Server + is ready to receive requests. + type: boolean + readyReplicas: + description: Total number of fully running and ready control plane + machines. + format: int32 + type: integer + replicas: + description: Total number of non-terminated machines targeted by this + control plane (their labels match the selector). + format: int32 + type: integer + selector: + description: 'INSERT ADDITIONAL STATUS FIELD - define observed state + of cluster Important: Run "make" to regenerate code after modifying + this file Selector is the label selector in string format to avoid + introspection by clients, and is used to provide the CRD-based integration + for the scale subresource and additional integrations for things + like kubectl describe.. The string will be in the same format as + the query-param syntax. More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors' + type: string + unavailableReplicas: + description: Total number of unavailable machines targeted by this + control plane. This is the total number of machines that are still + required for the deployment to have 100% available capacity. They + may either be machines that are running but not yet ready or machines + that still have not been created. + format: int32 + type: integer + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.selector + specReplicasPath: .spec.replicas + statusReplicasPath: .status.replicas + status: {} diff --git a/spectro/global/kustomization.yaml b/spectro/global/kustomization.yaml new file mode 100644 index 0000000..201b049 --- /dev/null +++ b/spectro/global/kustomization.yaml @@ -0,0 +1,62 @@ +namespace: capi-webhook-system + +namePrefix: capi-microk8s-control-plane- + +commonLabels: + cluster.x-k8s.io/provider: "control-plane-microk8s" + +bases: + - ../../config/crd +# - ../../config/manager +# - ../../../controlplane/kubeadm/config/webhook +# - ../../../controlplane/kubeadm/config/certmanager + +#patchesStrategicMerge: +# - ../../config/crd/patches/webhook_in_microk8scontrolplanes.yaml +# - ../../config/crd/patches/cainjection_in_microk8scontrolplanes.yaml + +#vars: +# - name: CERTIFICATE_NAMESPACE # namespace of the certificate CR +# objref: +# kind: Certificate +# group: cert-manager.io +# version: v1 +# name: serving-cert # this name should match the one in certificate.yaml +# fieldref: +# fieldpath: metadata.namespace +# - name: CERTIFICATE_NAME +# objref: +# kind: Certificate +# group: cert-manager.io +# version: v1 +# name: serving-cert # this name should match the one in certificate.yaml +# - name: SERVICE_NAMESPACE # namespace of the service +# objref: +# kind: Service +# version: v1 +# name: webhook-service +# fieldref: +# fieldpath: metadata.namespace +# - name: SERVICE_NAME +# objref: +# kind: Service +# version: v1 +# name: webhook-service + +configurations: + - ../../config/crd/kustomizeconfig.yaml + +#patchesJson6902: +# - target: +# group: apps +# kind: Deployment +# name: controller-manager +# namespace: system +# version: v1 +# path: patch_service_account.yaml +# - target: +# group: apiextensions.k8s.io +# version: v1 +# kind: CustomResourceDefinition +# name: kubeadmcontrolplanes.controlplane.cluster.x-k8s.io +# path: patch_crd_webhook_namespace.yaml diff --git a/spectro/run.sh b/spectro/run.sh new file mode 100755 index 0000000..31df358 --- /dev/null +++ b/spectro/run.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +rm generated/* + +kustomize build --load-restrictor LoadRestrictionsNone global > ./generated/core-global.yaml +kustomize build --load-restrictor LoadRestrictionsNone base > ./generated/core-base.yaml