From 2d93c34bd97ec38aea7fd9b11146b032a0cf75d6 Mon Sep 17 00:00:00 2001 From: sroettger Date: Thu, 3 Mar 2022 14:40:45 +0100 Subject: [PATCH] fix web deployments with AddToScheme for missing resources (#363) * fix web deployments with AddToScheme for missing resources * make manifests * make all * Automated commit: update images. * undo some of the changes * Automated commit: update images. --- .../kctf-operator.clusterserviceversion.yaml | 27 ++++++++++++++++++- dist/resources/operator.yaml | 26 +++++++++++++++++- kctf-operator/bundle.Dockerfile | 2 +- .../kctf-operator.clusterserviceversion.yaml | 26 +++++++++++++++++- .../bundle/metadata/annotations.yaml | 2 +- kctf-operator/config/rbac/role.yaml | 24 +++++++++++++++++ .../controllers/challenge_controller.go | 2 ++ kctf-operator/controllers/service/service.go | 3 +-- kctf-operator/main.go | 4 +++ kctf-operator/operator.yaml | 24 +++++++++++++++++ 10 files changed, 133 insertions(+), 7 deletions(-) diff --git a/dist/resources/kctf-operator.clusterserviceversion.yaml b/dist/resources/kctf-operator.clusterserviceversion.yaml index 6297f96f..4e1fe52c 100644 --- a/dist/resources/kctf-operator.clusterserviceversion.yaml +++ b/dist/resources/kctf-operator.clusterserviceversion.yaml @@ -14,7 +14,7 @@ metadata: } ] capabilities: Basic Install - operators.operatorframework.io/builder: operator-sdk-v1.14.0+git + operators.operatorframework.io/builder: operator-sdk-v1.17.0+git operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 name: kctf-operator.v0.0.1 namespace: placeholder @@ -72,6 +72,18 @@ spec: - patch - update - watch + - apiGroups: + - cloud.google.com + resources: + - backendconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - "" resources: @@ -206,6 +218,18 @@ spec: - get - patch - update + - apiGroups: + - networking.gke.io + resources: + - managedcertificates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - networking.k8s.io resources: @@ -304,6 +328,7 @@ spec: value: 0.0.0.0/0 - name: SECURITY_POLICY value: kctf-policy + image: eu.gcr.io/kctf-testing/kctf-operator:dev livenessProbe: httpGet: diff --git a/dist/resources/operator.yaml b/dist/resources/operator.yaml index 09354d18..80a6b0cc 100644 --- a/dist/resources/operator.yaml +++ b/dist/resources/operator.yaml @@ -4194,6 +4194,18 @@ rules: - patch - update - watch +- apiGroups: + - cloud.google.com + resources: + - backendconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - "" resources: @@ -4328,6 +4340,18 @@ rules: - get - patch - update +- apiGroups: + - networking.gke.io + resources: + - managedcertificates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - networking.k8s.io resources: @@ -4520,7 +4544,7 @@ spec: value: 0.0.0.0/0 - name: SECURITY_POLICY value: DISABLED - image: gcr.io/kctf-docker/kctf-operator@sha256:44399c2da5c9ff858a858b7a0163bafc95517345ca94f24b3e782078e5bc4faf + image: gcr.io/kctf-docker/kctf-operator@sha256:12d5b1132b01434f0977e856cd700d98e18fdbfdaaa9959ad25335eb06e83d88 livenessProbe: httpGet: path: /healthz diff --git a/kctf-operator/bundle.Dockerfile b/kctf-operator/bundle.Dockerfile index 45cd66aa..18a3ee08 100644 --- a/kctf-operator/bundle.Dockerfile +++ b/kctf-operator/bundle.Dockerfile @@ -6,7 +6,7 @@ LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ LABEL operators.operatorframework.io.bundle.package.v1=kctf-operator LABEL operators.operatorframework.io.bundle.channels.v1=alpha -LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.14.0+git +LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.17.0+git LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v3 diff --git a/kctf-operator/bundle/manifests/kctf-operator.clusterserviceversion.yaml b/kctf-operator/bundle/manifests/kctf-operator.clusterserviceversion.yaml index e655d08e..529cf64e 100644 --- a/kctf-operator/bundle/manifests/kctf-operator.clusterserviceversion.yaml +++ b/kctf-operator/bundle/manifests/kctf-operator.clusterserviceversion.yaml @@ -14,7 +14,7 @@ metadata: } ] capabilities: Basic Install - operators.operatorframework.io/builder: operator-sdk-v1.14.0+git + operators.operatorframework.io/builder: operator-sdk-v1.17.0+git operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 name: kctf-operator.v0.0.1 namespace: placeholder @@ -72,6 +72,18 @@ spec: - patch - update - watch + - apiGroups: + - cloud.google.com + resources: + - backendconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - "" resources: @@ -206,6 +218,18 @@ spec: - get - patch - update + - apiGroups: + - networking.gke.io + resources: + - managedcertificates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - networking.k8s.io resources: diff --git a/kctf-operator/bundle/metadata/annotations.yaml b/kctf-operator/bundle/metadata/annotations.yaml index d477e815..f12f76ba 100644 --- a/kctf-operator/bundle/metadata/annotations.yaml +++ b/kctf-operator/bundle/metadata/annotations.yaml @@ -5,7 +5,7 @@ annotations: operators.operatorframework.io.bundle.metadata.v1: metadata/ operators.operatorframework.io.bundle.package.v1: kctf-operator operators.operatorframework.io.bundle.channels.v1: alpha - operators.operatorframework.io.metrics.builder: operator-sdk-v1.14.0+git + operators.operatorframework.io.metrics.builder: operator-sdk-v1.17.0+git operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3 diff --git a/kctf-operator/config/rbac/role.yaml b/kctf-operator/config/rbac/role.yaml index 4bcf6f4e..3ae67eb6 100644 --- a/kctf-operator/config/rbac/role.yaml +++ b/kctf-operator/config/rbac/role.yaml @@ -42,6 +42,18 @@ rules: - patch - update - watch +- apiGroups: + - cloud.google.com + resources: + - backendconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - "" resources: @@ -176,6 +188,18 @@ rules: - get - patch - update +- apiGroups: + - networking.gke.io + resources: + - managedcertificates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - networking.k8s.io resources: diff --git a/kctf-operator/controllers/challenge_controller.go b/kctf-operator/controllers/challenge_controller.go index 1f182a8e..d85def53 100644 --- a/kctf-operator/controllers/challenge_controller.go +++ b/kctf-operator/controllers/challenge_controller.go @@ -73,6 +73,8 @@ type ChallengeReconciler struct { //+kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterroles,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterrolebindings,verbs=get;list;watch;create;update;patch;delete +//+kubebuilder:rbac:groups=cloud.google.com,resources=backendconfigs,verbs=get;list;watch;create;update;patch;delete +//+kubebuilder:rbac:groups=networking.gke.io,resources=managedcertificates,verbs=get;list;watch;create;update;patch;delete // Reconcile is part of the main kubernetes reconciliation loop which aims to // move the current state of the cluster closer to the desired state. diff --git a/kctf-operator/controllers/service/service.go b/kctf-operator/controllers/service/service.go index c59d4a18..fca32fd7 100644 --- a/kctf-operator/controllers/service/service.go +++ b/kctf-operator/controllers/service/service.go @@ -70,8 +70,7 @@ func generateBackendConfig(challenge *kctfv1.Challenge) *backendv1.BackendConfig Name: challenge.Name, Namespace: challenge.Namespace, }, - Spec: backendv1.BackendConfigSpec{ - }, + Spec: backendv1.BackendConfigSpec{}, } if os.Getenv("SECURITY_POLICY") != "DISABLED" { config.Spec.SecurityPolicy = &backendv1.SecurityPolicyConfig{ diff --git a/kctf-operator/main.go b/kctf-operator/main.go index d1ddc206..29624615 100644 --- a/kctf-operator/main.go +++ b/kctf-operator/main.go @@ -24,9 +24,11 @@ import ( // to ensure that exec-entrypoint and run can make use of them. _ "k8s.io/client-go/plugin/pkg/client/auth" + gkenetv1 "github.com/GoogleCloudPlatform/gke-managed-certs/pkg/apis/networking.gke.io/v1" "k8s.io/apimachinery/pkg/runtime" utilruntime "k8s.io/apimachinery/pkg/util/runtime" clientgoscheme "k8s.io/client-go/kubernetes/scheme" + backendv1 "k8s.io/ingress-gce/pkg/apis/backendconfig/v1" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/healthz" "sigs.k8s.io/controller-runtime/pkg/log/zap" @@ -47,6 +49,8 @@ func init() { utilruntime.Must(clientgoscheme.AddToScheme(scheme)) utilruntime.Must(kctfv1.AddToScheme(scheme)) + utilruntime.Must(backendv1.AddToScheme(scheme)) + utilruntime.Must(gkenetv1.AddToScheme(scheme)) //+kubebuilder:scaffold:scheme } diff --git a/kctf-operator/operator.yaml b/kctf-operator/operator.yaml index 26d3f5cb..6d3987a3 100644 --- a/kctf-operator/operator.yaml +++ b/kctf-operator/operator.yaml @@ -4194,6 +4194,18 @@ rules: - patch - update - watch +- apiGroups: + - cloud.google.com + resources: + - backendconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - "" resources: @@ -4328,6 +4340,18 @@ rules: - get - patch - update +- apiGroups: + - networking.gke.io + resources: + - managedcertificates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - networking.k8s.io resources: