From 4a58efed4265f7aa077fdae238861ba35812e1fb Mon Sep 17 00:00:00 2001 From: Sam Stoelinga Date: Sat, 22 Jul 2023 23:52:07 -0700 Subject: [PATCH] fix #129 ensure gcpmanager is included by default (#131) --- Makefile | 6 +- config/default/kustomization.yaml | 1 + config/gcpmanager/gcp-manager.yaml | 2 +- config/gcpmanager/kustomization.yaml | 9 ++ config/manager/kustomization.yaml | 5 +- install/kubernetes/system.yaml | 123 ++++++++++++++++++++++++++- install/scripts/gcp-up.sh | 2 - 7 files changed, 142 insertions(+), 6 deletions(-) create mode 100644 config/gcpmanager/kustomization.yaml diff --git a/Makefile b/Makefile index b8982cac..ef03b511 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,9 @@ # Image URL to use all building/pushing image targets -IMG ?= docker.io/substratusai/controller-manager:v0.6.4-alpha +VERSION ?= v0.6.5-alpha +IMG ?= docker.io/substratusai/controller-manager:${VERSION} +IMG_GCPMANAGER ?= docker.io/substratusai/gcp-manager:${VERSION} + # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. ENVTEST_K8S_VERSION = 1.26.1 @@ -176,6 +179,7 @@ uninstall-crds: manifests kustomize ## Uninstall CRDs from the K8s cluster speci install/kubernetes/system.yaml: manifests kustomize cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} + cd config/gcpmanager && $(KUSTOMIZE) edit set image gcp-manager=${IMG_GCPMANAGER} $(KUSTOMIZE) build config/default > install/kubernetes/system.yaml RUN_SUBSTRATUS_INSTALLER := docker run -it \ diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 92dccf2b..3e423897 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -11,6 +11,7 @@ resources: - ../crd - ../rbac - ../manager + - ../gcpmanager # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml #- ../webhook diff --git a/config/gcpmanager/gcp-manager.yaml b/config/gcpmanager/gcp-manager.yaml index 8760a0a4..a4085e00 100644 --- a/config/gcpmanager/gcp-manager.yaml +++ b/config/gcpmanager/gcp-manager.yaml @@ -25,7 +25,7 @@ spec: - name: gcp-manager # use this when running via skaffold # image: us-central1-docker.pkg.dev/substratus-ai-001/substratus/gcpmanager:latest - image: substratusai/gcp-manager:v0.6.3-alpha + image: gcp-manager:latest imagePullPolicy: Always ports: - containerPort: 10080 diff --git a/config/gcpmanager/kustomization.yaml b/config/gcpmanager/kustomization.yaml new file mode 100644 index 00000000..d30e4957 --- /dev/null +++ b/config/gcpmanager/kustomization.yaml @@ -0,0 +1,9 @@ +resources: +- gcp-manager.yaml +- bootstrapper-job.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: +- name: gcp-manager + newName: docker.io/substratusai/gcp-manager + newTag: v0.6.5-alpha diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 4e1270c8..c74c0e28 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -5,4 +5,7 @@ kind: Kustomization images: - name: controller newName: docker.io/substratusai/controller-manager - newTag: v0.6.4-alpha + newTag: v0.6.5-alpha +- name: gcp-manager + newName: docker.io/substratusai/gcp-manager + newTag: v0.6.5-alpha diff --git a/install/kubernetes/system.yaml b/install/kubernetes/system.yaml index 3b11b99b..956d3976 100644 --- a/install/kubernetes/system.yaml +++ b/install/kubernetes/system.yaml @@ -994,6 +994,18 @@ metadata: name: controller-manager namespace: substratus --- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: gcp-manager + namespace: substratus +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: gcp-manager-bootstrapper + namespace: substratus +--- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: @@ -1040,6 +1052,21 @@ rules: - patch --- apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: service-account-annotator + namespace: substratus +rules: +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: null @@ -1286,6 +1313,20 @@ subjects: namespace: substratus --- apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: service-account-annotator-binding + namespace: substratus +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: service-account-annotator +subjects: +- kind: ServiceAccount + name: gcp-manager-bootstrapper + namespace: substratus +--- +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: @@ -1347,6 +1388,19 @@ spec: selector: control-plane: controller-manager --- +apiVersion: v1 +kind: Service +metadata: + name: gcp-manager + namespace: substratus +spec: + ports: + - port: 10080 + protocol: TCP + targetPort: 10080 + selector: + app: gcp-manager +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -1421,7 +1475,7 @@ spec: envFrom: - configMapRef: name: system - image: docker.io/substratusai/controller-manager:v0.6.4-alpha + image: docker.io/substratusai/controller-manager:v0.6.5-alpha livenessProbe: httpGet: path: /healthz @@ -1451,3 +1505,70 @@ spec: runAsNonRoot: true serviceAccountName: controller-manager terminationGracePeriodSeconds: 10 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gcp-manager + namespace: substratus +spec: + replicas: 1 + selector: + matchLabels: + app: gcp-manager + template: + metadata: + labels: + app: gcp-manager + spec: + containers: + - image: docker.io/substratusai/gcp-manager:v0.6.5-alpha + imagePullPolicy: Always + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 15 + periodSeconds: 20 + successThreshold: 1 + tcpSocket: + port: 10080 + timeoutSeconds: 5 + name: gcp-manager + ports: + - containerPort: 10080 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + serviceAccountName: gcp-manager + terminationGracePeriodSeconds: 10 +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: annotate-gcp-manager-sa + namespace: substratus +spec: + backoffLimit: 2 + template: + spec: + containers: + - command: + - /bin/bash + - -c + - | + # Get the project ID + PROJECT_ID=$(gcloud config get-value project) + # Get the current region + REGION=$(curl -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/zone | awk -F '/' '{print $4}' | sed 's/-[a-z]$//') + # Set the annotation value + ANNOTATION_VALUE="substratus-gcp-manager@${PROJECT_ID}.iam.gserviceaccount.com" + # Annotate the service account + kubectl annotate serviceaccount -n substratus gcp-manager iam.gke.io/gcp-service-account=${ANNOTATION_VALUE} + image: google/cloud-sdk:latest + name: gcloud + restartPolicy: OnFailure + serviceAccountName: gcp-manager-bootstrapper + ttlSecondsAfterFinished: 120 diff --git a/install/scripts/gcp-up.sh b/install/scripts/gcp-up.sh index f720e3da..d0c2e66f 100755 --- a/install/scripts/gcp-up.sh +++ b/install/scripts/gcp-up.sh @@ -44,6 +44,4 @@ if [ "$INSTALL_OPERATOR" == "yes" ]; then kubectl apply -f kubernetes/namespace.yaml kubectl apply -f kubernetes/config.yaml kubectl apply -f kubernetes/system.yaml - kubectl apply -f config/gcpmanager/bootstrapper-job.yaml - kubectl apply -f config/gcpmanager/gcp-manager.yaml fi