fix #129 ensure gcpmanager is included by default (#131)

Makefile

@@ -1,6 +1,9 @@
 
 # Image URL to use all building/pushing image targets
-IMG ?= docker.io/substratusai/controller-manager:v0.6.4-alpha
+VERSION ?= v0.6.5-alpha
+IMG ?= docker.io/substratusai/controller-manager:${VERSION}
+IMG_GCPMANAGER ?= docker.io/substratusai/gcp-manager:${VERSION}
+
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
 ENVTEST_K8S_VERSION = 1.26.1
 
@@ -176,6 +179,7 @@ uninstall-crds: manifests kustomize ## Uninstall CRDs from the K8s cluster speci
 
 install/kubernetes/system.yaml: manifests kustomize
 	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+	cd config/gcpmanager && $(KUSTOMIZE) edit set image gcp-manager=${IMG_GCPMANAGER}
 	$(KUSTOMIZE) build config/default > install/kubernetes/system.yaml
 
 RUN_SUBSTRATUS_INSTALLER := docker run -it \

config/default/kustomization.yaml

@@ -11,6 +11,7 @@ resources:
   - ../crd
   - ../rbac
   - ../manager
+  - ../gcpmanager
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml
 #- ../webhook

config/gcpmanager/gcp-manager.yaml

@@ -25,7 +25,7 @@ spec:
         - name: gcp-manager
           # use this when running via skaffold
           # image: us-central1-docker.pkg.dev/substratus-ai-001/substratus/gcpmanager:latest
-          image: substratusai/gcp-manager:v0.6.3-alpha
+          image: gcp-manager:latest
           imagePullPolicy: Always
           ports:
             - containerPort: 10080

config/gcpmanager/kustomization.yaml

@@ -0,0 +1,9 @@
+resources:
+- gcp-manager.yaml
+- bootstrapper-job.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+images:
+- name: gcp-manager
+  newName: docker.io/substratusai/gcp-manager
+  newTag: v0.6.5-alpha

config/manager/kustomization.yaml

@@ -5,4 +5,7 @@ kind: Kustomization
 images:
 - name: controller
   newName: docker.io/substratusai/controller-manager
-  newTag: v0.6.4-alpha
+  newTag: v0.6.5-alpha
+- name: gcp-manager
+  newName: docker.io/substratusai/gcp-manager
+  newTag: v0.6.5-alpha

install/kubernetes/system.yaml

@@ -994,6 +994,18 @@ metadata:
   name: controller-manager
   namespace: substratus
 ---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: gcp-manager
+  namespace: substratus
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: gcp-manager-bootstrapper
+  namespace: substratus
+---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
@@ -1040,6 +1052,21 @@ rules:
   - patch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: service-account-annotator
+  namespace: substratus
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts
+  verbs:
+  - get
+  - patch
+  - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   creationTimestamp: null
@@ -1286,6 +1313,20 @@ subjects:
   namespace: substratus
 ---
 apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: service-account-annotator-binding
+  namespace: substratus
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: service-account-annotator
+subjects:
+- kind: ServiceAccount
+  name: gcp-manager-bootstrapper
+  namespace: substratus
+---
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   labels:
@@ -1347,6 +1388,19 @@ spec:
   selector:
     control-plane: controller-manager
 ---
+apiVersion: v1
+kind: Service
+metadata:
+  name: gcp-manager
+  namespace: substratus
+spec:
+  ports:
+  - port: 10080
+    protocol: TCP
+    targetPort: 10080
+  selector:
+    app: gcp-manager
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -1421,7 +1475,7 @@ spec:
         envFrom:
         - configMapRef:
             name: system
-        image: docker.io/substratusai/controller-manager:v0.6.4-alpha
+        image: docker.io/substratusai/controller-manager:v0.6.5-alpha
         livenessProbe:
           httpGet:
             path: /healthz
@@ -1451,3 +1505,70 @@ spec:
         runAsNonRoot: true
       serviceAccountName: controller-manager
       terminationGracePeriodSeconds: 10
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gcp-manager
+  namespace: substratus
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: gcp-manager
+  template:
+    metadata:
+      labels:
+        app: gcp-manager
+    spec:
+      containers:
+      - image: docker.io/substratusai/gcp-manager:v0.6.5-alpha
+        imagePullPolicy: Always
+        livenessProbe:
+          failureThreshold: 3
+          initialDelaySeconds: 15
+          periodSeconds: 20
+          successThreshold: 1
+          tcpSocket:
+            port: 10080
+          timeoutSeconds: 5
+        name: gcp-manager
+        ports:
+        - containerPort: 10080
+        resources:
+          limits:
+            cpu: 500m
+            memory: 128Mi
+          requests:
+            cpu: 10m
+            memory: 64Mi
+      serviceAccountName: gcp-manager
+      terminationGracePeriodSeconds: 10
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: annotate-gcp-manager-sa
+  namespace: substratus
+spec:
+  backoffLimit: 2
+  template:
+    spec:
+      containers:
+      - command:
+        - /bin/bash
+        - -c
+        - |
+          # Get the project ID
+          PROJECT_ID=$(gcloud config get-value project)
+          # Get the current region
+          REGION=$(curl -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/zone | awk -F '/' '{print $4}' | sed 's/-[a-z]$//')
+          # Set the annotation value
+          ANNOTATION_VALUE="substratus-gcp-manager@${PROJECT_ID}.iam.gserviceaccount.com"
+          # Annotate the service account
+          kubectl annotate serviceaccount -n substratus gcp-manager iam.gke.io/gcp-service-account=${ANNOTATION_VALUE}
+        image: google/cloud-sdk:latest
+        name: gcloud
+      restartPolicy: OnFailure
+      serviceAccountName: gcp-manager-bootstrapper
+  ttlSecondsAfterFinished: 120

install/scripts/gcp-up.sh

@@ -44,6 +44,4 @@ if [ "$INSTALL_OPERATOR" == "yes" ]; then
   kubectl apply -f kubernetes/namespace.yaml
   kubectl apply -f kubernetes/config.yaml
   kubectl apply -f kubernetes/system.yaml
-  kubectl apply -f config/gcpmanager/bootstrapper-job.yaml
-  kubectl apply -f config/gcpmanager/gcp-manager.yaml
 fi