From 583047a8516981c15265302aa8430cc3e63f335b Mon Sep 17 00:00:00 2001
From: craig <cbrookes@redhat.com>
Date: Fri, 27 Oct 2023 15:24:40 +0100
Subject: [PATCH] update deployment suff

---
 .github/workflows/policy-controller-image.yaml |  2 +-
 Dockerfile                                     | 17 +++++++++++++++--
 cmd/policy_controller/main.go                  |  3 +++
 config/default/kustomization.yaml              |  1 +
 config/{manager => default}/namespace.yaml     |  0
 config/manager/kustomization.yaml              |  1 -
 config/policy-controller/manager.yaml          |  4 ++--
 hack/.deployUtils                              |  4 ++--
 hack/make/policy_controller.make               | 12 ++++++------
 9 files changed, 30 insertions(+), 14 deletions(-)
 rename config/{manager => default}/namespace.yaml (100%)

diff --git a/.github/workflows/policy-controller-image.yaml b/.github/workflows/policy-controller-image.yaml
index 6958f9b52..f48418dda 100644
--- a/.github/workflows/policy-controller-image.yaml
+++ b/.github/workflows/policy-controller-image.yaml
@@ -54,7 +54,7 @@ jobs:
         with:
           push: true
           tags: ${{ env.IMG_TAGS }}
-          target: controller
+          target: policy-controller
 
       - name: Print Image URL
         run: |
diff --git a/Dockerfile b/Dockerfile
index e7369cd5c..e3b9cf172 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -21,7 +21,10 @@ COPY pkg/ pkg/
 # the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore,
 # by leaving it empty we can ensure that the container and binary shipped on it will have the same platform.
 FROM builder as controller_builder
-RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o controller cmd/controller/main.go
+RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o controller cmd/gateway_controller/main.go
+
+FROM builder as policy_builder
+RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o policy_controller cmd/policy_controller/main.go
 
 FROM builder as addon_builder
 RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o add-on-manager cmd/ocm/main.go
@@ -42,4 +45,14 @@ WORKDIR /
 COPY --from=addon_builder /workspace/add-on-manager .
 USER 65532:65532
 
-ENTRYPOINT ["/add-on-manager"]
\ No newline at end of file
+ENTRYPOINT ["/add-on-manager"]
+
+
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM gcr.io/distroless/static:nonroot as policy-controller
+WORKDIR /
+COPY --from=policy_builder /workspace/policy_controller .
+USER 65532:65532
+
+ENTRYPOINT ["/policy_controller"]
\ No newline at end of file
diff --git a/cmd/policy_controller/main.go b/cmd/policy_controller/main.go
index 5164b5f09..a5f69059b 100644
--- a/cmd/policy_controller/main.go
+++ b/cmd/policy_controller/main.go
@@ -21,6 +21,7 @@ import (
 	"os"
 
 	certmanv1 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
+	clusterv1 "open-cluster-management.io/api/cluster/v1"
 
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/client-go/kubernetes/scheme"
@@ -50,6 +51,8 @@ func init() {
 	utilruntime.Must(gatewayapi.AddToScheme(scheme.Scheme))
 	utilruntime.Must(v1alpha1.AddToScheme(scheme.Scheme))
 	utilruntime.Must(certmanv1.AddToScheme(scheme.Scheme))
+	//this is need for now but will be removed soon
+	utilruntime.Must(clusterv1.AddToScheme(scheme.Scheme))
 }
 
 func main() {
diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
index dd0be7194..cad637732 100644
--- a/config/default/kustomization.yaml
+++ b/config/default/kustomization.yaml
@@ -31,6 +31,7 @@ namePrefix: mgc-
 resources:
 - ../crd
 - ../rbac
+- namespace.yaml
 - ../manager
 - ../add-on-manager
 - ../policy-controller
diff --git a/config/manager/namespace.yaml b/config/default/namespace.yaml
similarity index 100%
rename from config/manager/namespace.yaml
rename to config/default/namespace.yaml
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
index fe5263851..730f91846 100644
--- a/config/manager/kustomization.yaml
+++ b/config/manager/kustomization.yaml
@@ -1,5 +1,4 @@
 resources:
-- namespace.yaml
 - manager.yaml
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
diff --git a/config/policy-controller/manager.yaml b/config/policy-controller/manager.yaml
index 5d098b4a3..ab13c4927 100644
--- a/config/policy-controller/manager.yaml
+++ b/config/policy-controller/manager.yaml
@@ -27,12 +27,12 @@ spec:
         runAsNonRoot: true
       containers:
       - command:
-        - /policy-controller
+        - /policy_controller
         args:
         - --leader-elect
         image: policy-controller:latest
         imagePullPolicy: Always
-        name: manager
+        name: policy-controller
         securityContext:
           allowPrivilegeEscalation: false
           capabilities:
diff --git a/hack/.deployUtils b/hack/.deployUtils
index 22c47c303..298d1b44a 100644
--- a/hack/.deployUtils
+++ b/hack/.deployUtils
@@ -50,7 +50,7 @@ deployOLM(){
   kubectl config use-context kind-${clusterName}
   kubectl config --kubeconfig=${TMP_DIR}/kubeconfig use-context kind-${clusterName}
   echo "Installing OLM in ${clusterName}"
-  ${OPERATOR_SDK_BIN} olm install --timeout 6m0s
+  ${OPERATOR_SDK_BIN} olm install --timeout 10m0s
 }
 
 
@@ -110,7 +110,7 @@ deployMetalLB () {
   echo "Deploying MetalLB to ${clusterName}"
   ${KUSTOMIZE_BIN} build ${METALLB_KUSTOMIZATION_DIR} | kubectl apply -f -
   echo "Waiting for deployments to be ready ..."
-  kubectl -n metallb-system wait --for=condition=ready pod --selector=app=metallb --timeout=300s
+  kubectl -n metallb-system wait --for=condition=ready pod --selector=app=metallb --timeout=600s
   configureMetalLB ${clusterName} ${metalLBSubnet}
 }
 
diff --git a/hack/make/policy_controller.make b/hack/make/policy_controller.make
index 8cd480ced..13e25ac75 100644
--- a/hack/make/policy_controller.make
+++ b/hack/make/policy_controller.make
@@ -1,6 +1,6 @@
-##@ Controller
+##@ PolicyController
 
-CONTROLLER_IMG ?= policy-controller:$(TAG)
+POLICY_CONTROLLER_IMG ?= policy-controller:$(TAG)
 LOG_LEVEL ?= 3
 
 .PHONY: build-policy-controller
@@ -16,20 +16,20 @@ run-policy-controller: manifests generate fmt vet  install
 
 .PHONY: docker-build-policy-controller
 docker-build-policy-controller: ## Build docker image with the controller.
-	docker build --target controller -t ${CONTROLLER_IMG} .
+	docker build --target policy-controller -t ${POLICY_CONTROLLER_IMG} .
 	docker image prune -f --filter label=stage=mgc-builder
 
 .PHONY: kind-load-policy-controller
 kind-load-policy-controller: docker-build-policy-controller
-	kind load docker-image ${CONTROLLER_IMG} --name mgc-control-plane  --nodes mgc-control-plane-control-plane
+	kind load docker-image ${POLICY_CONTROLLER_IMG} --name mgc-control-plane  --nodes mgc-control-plane-control-plane
 
 .PHONY: docker-push-policy-controller
 docker-push-policy-controller: ## Push docker image with the controller.
-	docker push ${CONTROLLER_IMG}
+	docker push ${POLICY_CONTROLLER_IMG}
 
 .PHONY: deploy-policy-controller
 deploy-policy-controller: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
-	cd config/policy-controller && $(KUSTOMIZE) edit set image controller=${CONTROLLER_IMG}
+	cd config/policy-controller && $(KUSTOMIZE) edit set image controller=${POLICY_CONTROLLER_IMG}
 	$(KUSTOMIZE) --load-restrictor LoadRestrictionsNone build config/deploy/local | kubectl apply -f -
 	@if [ $(METRICS) = "true" ]; then\
 		$(KUSTOMIZE) build config/prometheus | kubectl apply -f -;\