(cleanup): Reconfigure the manifests & manifest generation#16
(cleanup): Reconfigure the manifests & manifest generation#16grokspawn merged 4 commits intooperator-framework:mainfrom
Conversation
to enable use of kustomize Signed-off-by: Bryce Palmer <bpalmer@redhat.com>
everettraven
force-pushed
the
cleanup/manifests
branch
from
4c68d78 to
bc08fcb
Compare
|
/cc @anik120 |
Signed-off-by: Bryce Palmer <bpalmer@redhat.com>
|
This PR could very well contain some manifest files that we don't care about (and aren't used by default), like webhook configurations, but I kept them in since I felt there could be an argument for keeping them for the future. If we feel it is better to remove them completely I am happy to do so. |
Signed-off-by: Bryce Palmer <bpalmer@redhat.com>
controller-gen generates those if we need them. So they're probably safe to delete if they aren't already being generated. |
| name: catalogd | ||
| namespace: system | ||
| versionPriority: 10 | ||
| caBundle: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUR6RENDQXJTZ0F3SUJBZ0lVT0t0RXJnS3pGMTl4ZXh6cUVXbExxcGlmN2lnd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2RERUxNQWtHQTFVRUJoTUNkVzR4Q3pBSkJnTlZCQWdNQW5OME1Rb3dDQVlEVlFRSERBRnNNUW93Q0FZRApWUVFLREFGdk1Rc3dDUVlEVlFRTERBSnZkVEV6TURFR0ExVUVBd3dxY25WcmNHRnJMWEJoWTJ0aFoyVnpaWEoyClpYSXRZMlZ5ZEdsbWFXTmhkR1V0WVhWMGFHOXlhWFI1TUI0WERUSXlNVEF3TnpFNU1Ua3dNMW9YRFRJek1UQXcKTnpFNU1Ua3dNMW93ZERFTE1Ba0dBMVVFQmhNQ2RXNHhDekFKQmdOVkJBZ01Bbk4wTVFvd0NBWURWUVFIREFGcwpNUW93Q0FZRFZRUUtEQUZ2TVFzd0NRWURWUVFMREFKdmRURXpNREVHQTFVRUF3d3FjblZyY0dGckxYQmhZMnRoCloyVnpaWEoyWlhJdFkyVnlkR2xtYVdOaGRHVXRZWFYwYUc5eWFYUjVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUYKQUFPQ0FROEFNSUlCQ2dLQ0FRRUFxZlRZSkpURmwwZ2F0RVQvUDlFTlhsWjRqYUdLSklMSFZVb2VjankwRmxVRgpDVnYvdTYrMzNwcnFBNjBiWmpzenFzN1FmTmZRTmd3azllTE03TDRiNVkyZnc1SitPTEhtSlc3S0FHVTcxa2JsCnBWaXZ6MFBjbUdNZlFFQU1kYTB0T2xZRjQyNEIvZTE2TEwyNDBQNzdxOFprQzEvU3N1NVlpMkVvRzlOQ3c2ZUgKalhRT2dXcFd0OE1VT1E1ZmZYRUdBcTlwcWJNeGN0UUxDS3JHVlVHVGdmaHQvb2xKWlcxbTJ6QVhEVDRQa0ZYRQo2MnNNVFBmamFFNWtmeUhxKy9nRXlUU0FPbW1LVzdJOXBNOHdZcVJ1ZHB4alZrWm5UQWlMVkNDckk2SGhaVVlECmpURThzTlhld2J2WU5rdnlVUnN4QjdEWHdOcE1kN2d3SzhiQ1BqTHBiUUlEQVFBQm8xWXdWREFkQmdOVkhRNEUKRmdRVVZjeXQ1L2F2RVc2SXJiOC9CKzkvYjhDZnFEb3dId1lEVlIwakJCZ3dGb0FVVmN5dDUvYXZFVzZJcmI4LwpCKzkvYjhDZnFEb3dFZ1lEVlIwVEFRSC9CQWd3QmdFQi93SUJBVEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBClhFbU15L0tnMUZnVFdnL244ajcrak5aSFhHcWs2ZnZQMzNVbTZMaTdVL0JSOWZyQ05rQk9GSU9ZV21BWUlBQksKbEhSMStDQkJ5NncwSjFVMjZ4VEVaTnVPQVhOSHdPQVlNaURia2xRamlIMEdtcWpNUGxDQlhoUGpHTEhBK2h0dwpXd3JTL2h1bkJlU2RmbERtYThUbm9OMDUzTHZBanFNN3cwU3JOaWw3ZzhtM2k2djFmdGxNNkNJU1N0M05wRTZNCllnU2pMRTRLNmxCVFI0VU81K0hsanBVK2JWUCtHcDRMWHBGaEZJMU9jZjAxTC9iRGF3elhmYXNoNm8yVS9lOE8KOUZTa1Q2TzFlVW5COFRyRVMrZDlaKzBQS2dqZXAzU0NmV1N5WDFSdzZKZGM3SmNYY0I0ZmdLQ3FMNWtIbHNXUgpNcXErQ3UycVlZbnNiclo4ZVZaUGtRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=" |
There was a problem hiding this comment.
Where does this CA bundle come from? Should we use cert-manager to generate and inject this?
| spec: | ||
| serviceAccountName: apiserver | ||
| containers: | ||
| - name: apiserver |
There was a problem hiding this comment.
For follow-up: we should setup the security context to make sure this can run under restricted PSA.
There was a problem hiding this comment.
Yea I just remembered, there's already some pending work to make this compatible with restricted PSA : ref
I'll create an issue so that we can track this.
| kind: Kustomization | ||
| images: | ||
| - name: apiserver | ||
| newName: docker.io/anik120/rukpak-packageserver |
There was a problem hiding this comment.
I assume this needs to change in some way?
There was a problem hiding this comment.
I'm guessing this PR was opened before the image hosting was changed.
| #- patches/webhook_in_bundlemetadata.yaml | ||
| #- patches/webhook_in_packages.yaml |
There was a problem hiding this comment.
Since these are served by an apiserver, I assume these comments are fully obsolete, and they'll never make sense in this context?
| - kind: CustomResourceDefinition | ||
| version: v1 | ||
| group: apiextensions.k8s.io | ||
| path: spec/conversion/webhook/clientConfig/service/name |
There was a problem hiding this comment.
Is this present by default in kubebuilder/sdk scaffolding? I assume we're not actually using conversion webhooks, so my instinct would be to remove. But if this is there, but inert, by default I guess no harm in keeping it.
There was a problem hiding this comment.
It was included by default, but seemed to be inert. I removed it anyways in 7a347fb
| - list | ||
| - watch | ||
| - apiGroups: | ||
| - core.catalogd.io |
There was a problem hiding this comment.
Is this domain related to this discussion?
Did anyone register that domain? Do we want to start using it until that has been done?
There was a problem hiding this comment.
My vote is that for now we go with catalogd.operatorframework.io. And we continue the debate. This could be done in a follow-up as far as I'm concerned though.
There was a problem hiding this comment.
I don't know if we reached any concrete conclusion from those discussions. But does feel like follow up PR concern though.
There was a problem hiding this comment.
Since I have to make a few changes anyways I can update the domain as well
Signed-off-by: Bryce Palmer <bpalmer@redhat.com>
| images: | ||
| - name: apiserver | ||
| newName: quay.io/operator-framework/catalogd-server | ||
| newTag: latest |
There was a problem hiding this comment.
Based on discussion in the other PR?
| newTag: latest | |
| newTag: devel |
There was a problem hiding this comment.
I was going to wait and make the necessary changes based on whichever PR gets in first
| @@ -0,0 +1,98 @@ | |||
| --- | |||
| apiVersion: apiextensions.k8s.io/v1 | |||
| kind: CustomResourceDefinition | |||
There was a problem hiding this comment.
Wait, I'm confused. If the Package and BundleMetadata APIs are CRDs what are we getting out of the apiservice and our separate etcd? Seems like I need to go read code.
There was a problem hiding this comment.
My understanding is we are offloading the storage of those resources to the custom apiservice to handle and it was storing them in the separate etcd instance. That being said, I have extremely limited knowledge on custom apiservices and have no idea if this one is working as expected.
cc @anik120
There was a problem hiding this comment.
If that were true, there would be no CRDs for Package and BundleMetadata.
…framework#16) * refactor manifests to enable use of kustomize Signed-off-by: Bryce Palmer <bpalmer@redhat.com> * fix incorrect tag Signed-off-by: Bryce Palmer <bpalmer@redhat.com> * revert storage-class Signed-off-by: Bryce Palmer <bpalmer@redhat.com> * address review comments Signed-off-by: Bryce Palmer <bpalmer@redhat.com> --------- Signed-off-by: Bryce Palmer <bpalmer@redhat.com>
|
|
||
| KUSTOMIZE = $(shell pwd)/bin/kustomize | ||
| ## Tool Binaries | ||
| KUSTOMIZE ?= $(LOCALBIN)/kustomize |
There was a problem hiding this comment.
The deploy target is broken
(KUSTOMIZE) edit set image controller=${IMG}
That should be CONTROLLER_IMG
| # seccompProfile: | ||
| # type: RuntimeDefault |
| # TODO(user): Uncomment the following code to configure the nodeAffinity expression | ||
| # according to the platforms which are supported by your solution. | ||
| # It is considered best practice to support multiple architectures. You can | ||
| # build your manager image using the makefile target docker-buildx. | ||
| # affinity: | ||
| # nodeAffinity: | ||
| # requiredDuringSchedulingIgnoredDuringExecution: | ||
| # nodeSelectorTerms: | ||
| # - matchExpressions: | ||
| # - key: kubernetes.io/arch | ||
| # operator: In | ||
| # values: | ||
| # - amd64 | ||
| # - arm64 | ||
| # - ppc64le | ||
| # - s390x | ||
| # - key: kubernetes.io/os | ||
| # operator: In | ||
| # values: | ||
| # - linux |
There was a problem hiding this comment.
We can get rid of these lines instead of keeping them commented.
Signed-off-by: Bryce Palmer <bpalmer@redhat.com>
Signed-off-by: Bryce Palmer <bpalmer@redhat.com>
4 participants
Description
config/directory to be more similar to the standard put in place by the Operator-SDK and utilize kustomize for building the manifests for deploying catalogd on clustermake kustomizetarget to install Kustomize v5.0.1 under thebin/directoryconfig/rbac/role.yamlfileMotivation
config/directory structure