From f4dbc9b6f11b09c3f3c47cadfddd1e4e859ebf12 Mon Sep 17 00:00:00 2001 From: Varsha Prasad Narsing Date: Mon, 18 Sep 2023 13:01:50 -0400 Subject: [PATCH] [fix/cleanup] This PR fixes using of multiple sources and cleans up Helm provisioner - Create a new fs from source, only if destination is specified. This allows specifying multiple sources. - Remove helm provisioner related manifests and controller. Signed-off-by: Varsha Prasad Narsing --- Dockerfile | 1 - Tiltfile | 1 - cmd/core/main.go | 40 +------- go.mod | 2 +- go.sum | 10 +- .../bundledeployment/bundledeployment.go | 5 +- internal/controllers/v1alpha2/source/git.go | 51 ++++++++-- internal/controllers/v1alpha2/source/image.go | 20 ---- internal/util/fs.go | 23 +++++ .../base/provisioners/helm/kustomization.yaml | 20 ---- .../helm/resources/cluster_role.yaml | 93 ------------------- .../helm/resources/cluster_role_binding.yaml | 13 --- .../helm/resources/deployment.yaml | 72 -------------- .../provisioners/helm/resources/service.yaml | 12 --- .../helm/resources/serviceaccount.yaml | 5 - .../base/provisioners/kustomization.yaml | 2 +- .../overlays/cert-manager/kustomization.yaml | 8 +- .../provisioners/helm/certificate.yaml | 14 --- .../provisioners/helm/kustomization.yaml | 2 - .../resources/provisioners/kustomization.yaml | 2 +- 20 files changed, 78 insertions(+), 318 deletions(-) delete mode 100644 manifests/base/provisioners/helm/kustomization.yaml delete mode 100644 manifests/base/provisioners/helm/resources/cluster_role.yaml delete mode 100644 manifests/base/provisioners/helm/resources/cluster_role_binding.yaml delete mode 100644 manifests/base/provisioners/helm/resources/deployment.yaml delete mode 100644 manifests/base/provisioners/helm/resources/service.yaml delete mode 100644 manifests/base/provisioners/helm/resources/serviceaccount.yaml delete mode 100644 manifests/overlays/cert-manager/resources/provisioners/helm/certificate.yaml delete mode 100644 manifests/overlays/cert-manager/resources/provisioners/helm/kustomization.yaml diff --git a/Dockerfile b/Dockerfile index 48e17a25..6d93a693 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,6 @@ FROM gcr.io/distroless/static:debug-nonroot WORKDIR / -COPY helm helm COPY core core COPY unpack unpack COPY webhooks webhooks diff --git a/Tiltfile b/Tiltfile index 550617b4..205d7aba 100644 --- a/Tiltfile +++ b/Tiltfile @@ -9,7 +9,6 @@ repo = { 'binaries': { 'core': 'core', 'crdvalidator': 'crd-validation-webhook', - 'helm': 'helm-provisioner', 'webhooks': 'rukpak-webhooks', }, 'starting_debug_port': 10000, diff --git a/cmd/core/main.go b/cmd/core/main.go index b8bc6496..6a787d4c 100644 --- a/cmd/core/main.go +++ b/cmd/core/main.go @@ -118,7 +118,6 @@ func main() { dependentSelector := labels.NewSelector().Add(*dependentRequirement) cfg := ctrl.GetConfigOrDie() - fmt.Println("systemNs:!!!!", systemNamespace) if systemNamespace == "" { systemNamespace = util.PodNamespace() } @@ -127,7 +126,7 @@ func main() { opts.Scheme = scheme opts.Namespace = systemNamespace }) - fmt.Println("systemNsCluster!!!!!!!", systemNsCluster) + if err != nil { setupLog.Error(err, "unable to create system namespace cluster") os.Exit(1) @@ -228,38 +227,9 @@ func main() { os.Exit(1) } - // commonBundleProvisionerOptions := []bundle.Option{ - // bundle.WithUnpacker(unpacker), - // bundle.WithFinalizers(bundleFinalizers), - // bundle.WithStorage(bundleStorage), - // } - cfgGetter := helmclient.NewActionConfigGetter(mgr.GetConfig(), mgr.GetRESTMapper(), mgr.GetLogger()) acg := helmclient.NewActionClientGetter(cfgGetter) deployer := v1alpha2deployer.NewDefaultHelmDeployerWithOpts(v1alpha2deployer.WithActionClientGetter(acg), v1alpha2deployer.WithReleaseNamespace(systemNamespace)) - // commonBDProvisionerOptions := []bundledeployment.Option{ - // bundledeployment.WithReleaseNamespace(systemNamespace), - // bundledeployment.WithActionClientGetter(acg), - // bundledeployment.WithStorage(bundleStorage), - // } - - // if err := bundle.SetupWithManager(mgr, systemNsCluster.GetCache(), systemNamespace, append( - // commonBundleProvisionerOptions, - // bundle.WithProvisionerID(plain.ProvisionerID), - // bundle.WithHandler(bundle.HandlerFunc(plain.HandleBundle)), - // )...); err != nil { - // setupLog.Error(err, "unable to create controller", "controller", rukpakv1alpha1.BundleKind, "provisionerID", plain.ProvisionerID) - // os.Exit(1) - // } - - // if err := bundle.SetupWithManager(mgr, systemNsCluster.GetCache(), systemNamespace, append( - // commonBundleProvisionerOptions, - // bundle.WithProvisionerID(registry.ProvisionerID), - // bundle.WithHandler(bundle.HandlerFunc(registry.HandleBundle)), - // )...); err != nil { - // setupLog.Error(err, "unable to create controller", "controller", rukpakv1alpha1.BundleKind, "provisionerID", registry.ProvisionerID) - // os.Exit(1) - // } if err := v1alpha2bd.SetupWithManager(mgr, systemNsCluster.GetCache(), @@ -270,14 +240,6 @@ func main() { os.Exit(1) } - // if err := bundledeployment.SetupWithManager(mgr, append( - // commonBDProvisionerOptions, - // bundledeployment.WithProvisionerID(plain.ProvisionerID), - // bundledeployment.WithHandler(bundledeployment.HandlerFunc(plain.HandleBundleDeployment)), - // )...); err != nil { - // setupLog.Error(err, "unable to create controller", "controller", rukpakv1alpha1.BundleDeploymentKind, "provisionerID", plain.ProvisionerID) - // os.Exit(1) - // } //+kubebuilder:scaffold:builder if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil { diff --git a/go.mod b/go.mod index fce7561d..6bf05383 100644 --- a/go.mod +++ b/go.mod @@ -15,6 +15,7 @@ require ( github.com/operator-framework/api v0.17.4-0.20230223191600-0131a6301e42 github.com/operator-framework/helm-operator-plugins v0.0.11 github.com/operator-framework/operator-registry v1.28.0 + github.com/otiai10/copy v1.11.0 github.com/spf13/afero v1.6.0 github.com/spf13/cobra v1.7.0 github.com/stretchr/testify v1.8.4 @@ -134,7 +135,6 @@ require ( github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.1.0-rc2 // indirect github.com/operator-framework/operator-lib v0.11.0 // indirect - github.com/otiai10/copy v1.2.0 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/pkg/errors v0.9.1 // indirect diff --git a/go.sum b/go.sum index bfbf5098..c5422c3e 100644 --- a/go.sum +++ b/go.sum @@ -858,13 +858,9 @@ github.com/operator-framework/operator-lib v0.11.0 h1:eYzqpiOfq9WBI4Trddisiq/X9B github.com/operator-framework/operator-lib v0.11.0/go.mod h1:RpyKhFAoG6DmKTDIwMuO6pI3LRc8IE9rxEYWy476o6g= github.com/operator-framework/operator-registry v1.28.0 h1:vtmd2WgJxkx7vuuOxW4k5Le/oo0SfonSeJVMU3rKIfk= github.com/operator-framework/operator-registry v1.28.0/go.mod h1:UYw3uaZyHwHgnczLRYmUqMpgRgP2EfkqOsaR+LI+nK8= -github.com/otiai10/copy v1.2.0 h1:HvG945u96iNadPoG2/Ja2+AUJeW5YuFQMixq9yirC+k= -github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw= -github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE= -github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs= -github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo= -github.com/otiai10/mint v1.3.1 h1:BCmzIS3n71sGfHB5NMNDB3lHYPz8fWSkCAErHed//qc= -github.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc= +github.com/otiai10/copy v1.11.0 h1:OKBD80J/mLBrwnzXqGtFCzprFSGioo30JcmR4APsNwc= +github.com/otiai10/copy v1.11.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww= +github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc= diff --git a/internal/controllers/v1alpha2/controllers/bundledeployment/bundledeployment.go b/internal/controllers/v1alpha2/controllers/bundledeployment/bundledeployment.go index 676800fd..ede52b14 100644 --- a/internal/controllers/v1alpha2/controllers/bundledeployment/bundledeployment.go +++ b/internal/controllers/v1alpha2/controllers/bundledeployment/bundledeployment.go @@ -29,6 +29,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/cache" "sigs.k8s.io/controller-runtime/pkg/client/apiutil" "sigs.k8s.io/controller-runtime/pkg/reconcile" + "sigs.k8s.io/controller-runtime/pkg/source" v1alpha2deployer "github.com/operator-framework/rukpak/internal/controllers/v1alpha2/deployer" v1alpha2source "github.com/operator-framework/rukpak/internal/controllers/v1alpha2/source" @@ -50,7 +51,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/source" crsource "sigs.k8s.io/controller-runtime/pkg/source" ) @@ -100,7 +100,6 @@ func WithDeployer(u v1alpha2deployer.Deployer) Option { // For more details, check Reconcile and its Result here: // - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.9.2/pkg/reconcile func (b *bundleDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { - fmt.Println("reconciling") log := log.FromContext(ctx) existingBD := &v1alpha2.BundleDeployment{} @@ -116,6 +115,7 @@ func (b *bundleDeploymentReconciler) Reconcile(ctx context.Context, req ctrl.Req // Skip reconciling if `spec.paused` is set. if existingBD.Spec.Paused { + log.Info("bundledeployment has been paused for reconciliation", "bundle deployment name", existingBD.Name) return ctrl.Result{}, nil } @@ -192,7 +192,6 @@ func (b *bundleDeploymentReconciler) reconcile(ctx context.Context, bd *v1alpha2 return ctrl.Result{}, fmt.Errorf("unkown deploy state %q for bundle deployment %s: %v", deployRes.State, bd.GetName(), bd.Generation) } - fmt.Println("deplpoy done") for _, obj := range deployRes.AppliedObjects { uMap, err := runtime.DefaultUnstructuredConverter.ToUnstructured(obj) if err != nil { diff --git a/internal/controllers/v1alpha2/source/git.go b/internal/controllers/v1alpha2/source/git.go index e1ad5a49..baf51952 100644 --- a/internal/controllers/v1alpha2/source/git.go +++ b/internal/controllers/v1alpha2/source/git.go @@ -21,6 +21,7 @@ import ( sshgit "github.com/go-git/go-git/v5/plumbing/transport/ssh" "github.com/go-logr/logr" "github.com/operator-framework/rukpak/api/v1alpha2" + "github.com/operator-framework/rukpak/internal/util" "github.com/spf13/afero" "golang.org/x/crypto/ssh" corev1 "k8s.io/api/core/v1" @@ -33,6 +34,10 @@ type Git struct { Log logr.Logger } +const ( + gitCachePath = "var/cache/git/" +) + func (r *Git) Unpack(ctx context.Context, bundeDepName string, bundleSrc v1alpha2.BundleDeplopymentSource, base afero.Fs, opts UnpackOption) (*Result, error) { // Validate inputs if err := r.validate(bundleSrc); err != nil { @@ -72,20 +77,40 @@ func (r *Git) Unpack(ctx context.Context, bundeDepName string, bundleSrc v1alpha // create a destination path to clone the repository to. // destination would be /bd.spec.sources.destination. // verify if path already exists if so, clean up. - if err := base.RemoveAll(bundleSrc.Destination); err != nil { - return nil, fmt.Errorf("error removing contents from local destination %v", err) + if bundleSrc.Destination != "" { + if err := base.RemoveAll(bundleSrc.Destination); err != nil { + return nil, fmt.Errorf("error removing contents from local destination %v", err) + } + if err := base.MkdirAll(bundleSrc.Destination, 0755); err != nil { + return nil, fmt.Errorf("error creating storagepath %q", err) + } + } + + if err := util.CreateDirPath(base, gitCachePath); err != nil { + return nil, err } - if err := base.MkdirAll(bundleSrc.Destination, 0755); err != nil { - return nil, fmt.Errorf("error creating storagepath %q", err) + defer deleteCacheDir(base) + + // clone to local but in a cache dir. + repo, err := git.PlainCloneContext(ctx, filepath.Join(bundeDepName, gitCachePath), false, &cloneOpts) + if err != nil { + return nil, fmt.Errorf("bundle unpack git clone error: %v - %s", err, progress.String()) } // refers to the full local path where contents need to be stored. storagePath := filepath.Join(bundeDepName, filepath.Clean(bundleSrc.Destination)) - // clone to local. - repo, err := git.PlainCloneContext(ctx, storagePath, false, &cloneOpts) - if err != nil { - return nil, fmt.Errorf("bundle unpack git clone error: %v - %s", err, progress.String()) + cacheSrcPath := filepath.Join(bundeDepName, gitCachePath) + if gitsource.Directory != "" { + directory := filepath.Clean(gitsource.Directory) + if directory[:3] == "../" || directory[0] == '/' { + return nil, fmt.Errorf("get subdirectory %q for repository %q: %s", gitsource.Directory, gitsource.Repository, "directory can not start with '../' or '/'") + } + cacheSrcPath = filepath.Join(cacheSrcPath, directory) + } + + if err := util.CopyDir(base, cacheSrcPath, storagePath); err != nil { + return nil, fmt.Errorf("copying contents from cache to local dir: %v", err) } commitHash, err := repo.ResolveRevision("HEAD") @@ -102,10 +127,18 @@ func (r *Git) Unpack(ctx context.Context, bundeDepName string, bundleSrc v1alpha Kind: v1alpha2.SourceTypeGit, Git: resolvedGit, } - return &Result{ResolvedSource: resolvedSource, State: StateUnpacked, Message: "Successfully unpacked git bundle"}, nil } +func deleteCacheDir(fs afero.Fs) error { + paths := strings.Split(gitCachePath, string(os.PathSeparator)) + if len(paths) <= 0 { + // shouldn't happen + return fmt.Errorf("unable to find cache directory: %s", gitCachePath) + } + return fs.RemoveAll(paths[0]) +} + func (r *Git) validate(bundleSrc v1alpha2.BundleDeplopymentSource) error { if bundleSrc.Kind != v1alpha2.SourceTypeGit { return fmt.Errorf("bundle source type %q not supported", bundleSrc.Kind) diff --git a/internal/controllers/v1alpha2/source/image.go b/internal/controllers/v1alpha2/source/image.go index 9fbe9f3a..11bdf446 100644 --- a/internal/controllers/v1alpha2/source/image.go +++ b/internal/controllers/v1alpha2/source/image.go @@ -5,7 +5,6 @@ import ( "bytes" "compress/gzip" "context" - "encoding/base64" "encoding/json" "errors" "fmt" @@ -42,7 +41,6 @@ func (i *Image) Unpack(ctx context.Context, bdName string, bdSrc v1alpha2.Bundle if err := i.validate(&bdSrc, opts); err != nil { return nil, fmt.Errorf("validation unsuccessful during unpacking %v", err) } - // storage path to store contents in local directory. storagePath := filepath.Join(bdName, filepath.Clean(bdSrc.Destination)) return i.unpack(ctx, bdName, storagePath, bdSrc, base, opts) @@ -332,21 +330,3 @@ func pendingImagePodResult(pod *corev1.Pod) *Result { } return &Result{State: StateUnpackPending, Message: strings.Join(messages, "; ")} } - -// Perform a base64 encoding to get the directoryName to store caches -func getCacheDirName(bdName string, bd v1alpha2.BundleDeplopymentSource) string { - switch bd.Kind { - case v1alpha2.SourceTypeImage: - return encode(bdName, string(bd.Kind), bd.Image.ImageRef) - case v1alpha2.SourceTypeGit: - return encode(bdName, string(bd.Kind), bd.Git.Repository) - case v1alpha2.SourceTypeHTTP: - return encode(bdName, string(bd.Kind), bd.HTTP.URL) - default: - return "" - } -} - -func encode(str1, str2, str3 string) string { - return base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s-%s-%s", str1, str2, str3))) -} diff --git a/internal/util/fs.go b/internal/util/fs.go index b036ebe3..788e92ea 100644 --- a/internal/util/fs.go +++ b/internal/util/fs.go @@ -7,6 +7,9 @@ import ( "path/filepath" "strings" "testing/fstest" + + cp "github.com/otiai10/copy" + "github.com/spf13/afero" ) // FilesOnlyFilesystem is an fs.FS implementation that treats non-regular files @@ -88,3 +91,23 @@ func (f baseDirFS) Open(name string) (fs.File, error) { } return nil, fs.ErrNotExist } + +// CopyDir copies contents from one directory to another in afero.Fs +func CopyDir(fs afero.Fs, srcPath, destPath string) error { + return cp.Copy(srcPath, destPath, cp.Options{ + OnDirExists: func(src, dest string) cp.DirExistsAction { + return cp.Merge + }, + }) +} + +func CreateDirPath(fs afero.Fs, path string) error { + if err := fs.RemoveAll(path); err != nil { + return fmt.Errorf("error removing existing contents from local path: %s: %v", path, err) + } + + if err := fs.MkdirAll(path, 0755); err != nil { + return fmt.Errorf("error creating path %s: %v", path, err) + } + return nil +} diff --git a/manifests/base/provisioners/helm/kustomization.yaml b/manifests/base/provisioners/helm/kustomization.yaml deleted file mode 100644 index 6fadba83..00000000 --- a/manifests/base/provisioners/helm/kustomization.yaml +++ /dev/null @@ -1,20 +0,0 @@ -resources: - - resources/cluster_role.yaml - - resources/cluster_role_binding.yaml - - resources/deployment.yaml - - resources/service.yaml - - resources/serviceaccount.yaml - -vars: - - name: HELM_PROVISIONER_SERVICE_NAMESPACE # namespace of the service - objref: - kind: Service - version: v1 - name: helm-provisioner - fieldref: - fieldpath: metadata.namespace - - name: HELM_PROVISIONER_SERVICE_NAME - objref: - kind: Service - version: v1 - name: helm-provisioner diff --git a/manifests/base/provisioners/helm/resources/cluster_role.yaml b/manifests/base/provisioners/helm/resources/cluster_role.yaml deleted file mode 100644 index c5475a75..00000000 --- a/manifests/base/provisioners/helm/resources/cluster_role.yaml +++ /dev/null @@ -1,93 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: helm-provisioner-admin -rules: -- nonResourceURLs: - - /bundles/* - - /uploads/* - verbs: - - get -- apiGroups: - - '*' - resources: - - '*' - verbs: - - '*' -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create -- apiGroups: - - "" - resources: - - configmaps - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - create - - delete - - list - - watch -- apiGroups: - - "" - resources: - - pods/log - verbs: - - get -- apiGroups: - - core.rukpak.io - resources: - - bundledeployments - verbs: - - list - - watch -- apiGroups: - - core.rukpak.io - resources: - - bundledeployments/finalizers - verbs: - - update -- apiGroups: - - core.rukpak.io - resources: - - bundledeployments/status - verbs: - - patch - - update -- apiGroups: - - core.rukpak.io - resources: - - bundles - verbs: - - list - - patch - - update - - watch -- apiGroups: - - core.rukpak.io - resources: - - bundles/finalizers - verbs: - - update -- apiGroups: - - core.rukpak.io - resources: - - bundles/status - verbs: - - patch - - update diff --git a/manifests/base/provisioners/helm/resources/cluster_role_binding.yaml b/manifests/base/provisioners/helm/resources/cluster_role_binding.yaml deleted file mode 100644 index 54dbbbe4..00000000 --- a/manifests/base/provisioners/helm/resources/cluster_role_binding.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: helm-provisioner-admin -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: helm-provisioner-admin -subjects: - - apiGroup: "" - kind: ServiceAccount - name: helm-provisioner-admin - namespace: rukpak-system diff --git a/manifests/base/provisioners/helm/resources/deployment.yaml b/manifests/base/provisioners/helm/resources/deployment.yaml deleted file mode 100644 index bd5070d3..00000000 --- a/manifests/base/provisioners/helm/resources/deployment.yaml +++ /dev/null @@ -1,72 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - namespace: rukpak-system - name: helm-provisioner - labels: - app: helm-provisioner -spec: - replicas: 1 - selector: - matchLabels: - app: helm-provisioner - template: - metadata: - labels: - app: helm-provisioner - annotations: - kubectl.kubernetes.io/default-container: manager - spec: - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - serviceAccountName: helm-provisioner-admin - containers: - - name: kube-rbac-proxy - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: [ "ALL" ] - image: quay.io/brancz/kube-rbac-proxy:v0.12.0 - args: - - "--secure-listen-address=0.0.0.0:8443" - - "--upstream=http://127.0.0.1:8080/" - - "--logtostderr=true" - - "--v=1" - - "--client-ca-file=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" - ports: - - containerPort: 8443 - protocol: TCP - name: https - volumeMounts: [] - resources: - requests: - cpu: 1m - memory: 15Mi - - name: manager - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: [ "ALL" ] - image: quay.io/operator-framework/rukpak:devel - imagePullPolicy: IfNotPresent - command: ["/helm"] - args: - - "--unpack-image=quay.io/operator-framework/rukpak:devel" - - "--base-upload-manager-url=https://$(CORE_SERVICE_NAME).$(CORE_SERVICE_NAMESPACE).svc" - - "--storage-dir=/var/cache/bundles" - - "--http-bind-address=127.0.0.1:8080" - - "--http-external-address=https://$(HELM_PROVISIONER_SERVICE_NAME).$(HELM_PROVISIONER_SERVICE_NAMESPACE).svc" - ports: - - containerPort: 8080 - volumeMounts: - - name: bundle-cache - mountPath: /var/cache/bundles - resources: - requests: - cpu: 10m - memory: 160Mi - volumes: - - name: bundle-cache - emptyDir: {} \ No newline at end of file diff --git a/manifests/base/provisioners/helm/resources/service.yaml b/manifests/base/provisioners/helm/resources/service.yaml deleted file mode 100644 index 29abcc1c..00000000 --- a/manifests/base/provisioners/helm/resources/service.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - namespace: rukpak-system - name: helm-provisioner -spec: - ports: - - port: 443 - protocol: TCP - targetPort: 8443 - selector: - app: helm-provisioner diff --git a/manifests/base/provisioners/helm/resources/serviceaccount.yaml b/manifests/base/provisioners/helm/resources/serviceaccount.yaml deleted file mode 100644 index 77a24928..00000000 --- a/manifests/base/provisioners/helm/resources/serviceaccount.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: helm-provisioner-admin - namespace: rukpak-system diff --git a/manifests/base/provisioners/kustomization.yaml b/manifests/base/provisioners/kustomization.yaml index 64661514..96b17e65 100644 --- a/manifests/base/provisioners/kustomization.yaml +++ b/manifests/base/provisioners/kustomization.yaml @@ -1,3 +1,3 @@ resources: -- ./helm +# - ./helm diff --git a/manifests/overlays/cert-manager/kustomization.yaml b/manifests/overlays/cert-manager/kustomization.yaml index 0c60a15c..dfe3c0c1 100644 --- a/manifests/overlays/cert-manager/kustomization.yaml +++ b/manifests/overlays/cert-manager/kustomization.yaml @@ -22,10 +22,10 @@ patches: kind: Deployment name: core path: patches/core_deployment_certs.yaml -- target: - kind: Deployment - name: helm-provisioner - path: patches/helm_provisioner_deployment_certs.yaml +# - target: +# kind: Deployment +# name: helm-provisioner +# path: patches/helm_provisioner_deployment_certs.yaml replacements: - source: # replaces CERTIFICATE_NAMESPACE with namespace of the certificate CR diff --git a/manifests/overlays/cert-manager/resources/provisioners/helm/certificate.yaml b/manifests/overlays/cert-manager/resources/provisioners/helm/certificate.yaml deleted file mode 100644 index 1c6b5f6b..00000000 --- a/manifests/overlays/cert-manager/resources/provisioners/helm/certificate.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: helm-provisioner - namespace: rukpak-system -spec: - secretName: helm-provisioner-cert - dnsNames: - - $(HELM_PROVISIONER_SERVICE_NAME).$(HELM_PROVISIONER_SERVICE_NAMESPACE).svc - - $(HELM_PROVISIONER_SERVICE_NAME).$(HELM_PROVISIONER_SERVICE_NAMESPACE).svc.cluster.local - issuerRef: - kind: Issuer - name: rukpak-ca-issuer diff --git a/manifests/overlays/cert-manager/resources/provisioners/helm/kustomization.yaml b/manifests/overlays/cert-manager/resources/provisioners/helm/kustomization.yaml deleted file mode 100644 index 8968ed76..00000000 --- a/manifests/overlays/cert-manager/resources/provisioners/helm/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: -- certificate.yaml \ No newline at end of file diff --git a/manifests/overlays/cert-manager/resources/provisioners/kustomization.yaml b/manifests/overlays/cert-manager/resources/provisioners/kustomization.yaml index cafdcab7..38530d83 100644 --- a/manifests/overlays/cert-manager/resources/provisioners/kustomization.yaml +++ b/manifests/overlays/cert-manager/resources/provisioners/kustomization.yaml @@ -1,2 +1,2 @@ resources: -- ./helm +# - ./helm