wip allow policy controller to be deployed independantly

give policy controller gateway perms give policy controller secret perms move crds update bundle change local-setup mgc to use new crd location move install and uninstall to policy.make
Kuadrant · Nov 6, 2023 · dc55d01 · dc55d01
1 parent a75da13
commit dc55d01
Show file tree

Hide file tree

Showing 49 changed files with 563 additions and 287 deletions.
diff --git a/.github/workflows/ci-e2e.yaml b/.github/workflows/ci-e2e.yaml
@@ -5,6 +5,7 @@ on:
     branches:
       - main
       - "release-*"
+      - separate-controller-deploy
     tags:
       - "v[0-9]+.[0-9]+.[0-9]+"
     paths-ignore:
@@ -69,9 +70,9 @@ jobs:
         run: |
           make docker-build-gateway-controller kind-load-gateway-controller docker-build-policy-controller kind-load-policy-controller deploy-gateway-controller
           kubectl --context kind-mgc-control-plane -n multicluster-gateway-controller-system wait --timeout=300s --for=condition=Available deployment/mgc-controller-manager
-          kubectl --context kind-mgc-control-plane -n multicluster-gateway-controller-system wait --timeout=300s --for=condition=Available deployment/mgc-policy-controller-manager
+          kubectl --context kind-mgc-control-plane -n multicluster-gateway-controller-system wait --timeout=300s --for=condition=Available deployment/mgc-kuadrant-policy-controller-manager
           kubectl --context kind-mgc-control-plane logs --all-containers --ignore-errors deployment/mgc-controller-manager -n multicluster-gateway-controller-system
-          kubectl --context kind-mgc-control-plane logs --all-containers --ignore-errors deployment/mgc-policy-controller-manager -n multicluster-gateway-controller-system
+          kubectl --context kind-mgc-control-plane logs --all-containers --ignore-errors deployment/mgc-kuadrant-policy-controller-manager -n multicluster-gateway-controller-system
           kubectl get managedzones -n multi-cluster-gateways mgc-dev-mz-aws -o yaml
           kubectl --context kind-mgc-control-plane -n multi-cluster-gateways wait --timeout=60s --for=condition=Ready managedzone/mgc-dev-mz-aws
           kubectl get managedzones -n multi-cluster-gateways mgc-dev-mz-gcp -o yaml

diff --git a/.github/workflows/controller-image.yaml b/.github/workflows/controller-image.yaml
@@ -5,6 +5,7 @@ on:
     branches:
       - main
       - "release-*"
+      - separate-controller-deploy
     tags:
       - "v[0-9]+.[0-9]+.[0-9]+"
 

diff --git a/.github/workflows/policy-controller-image.yaml b/.github/workflows/policy-controller-image.yaml
@@ -5,6 +5,7 @@ on:
     branches:
       - main
       - "release-*"
+      - separate-controller-deploy
     tags:
       - "v[0-9]+.[0-9]+.[0-9]+"
 

diff --git a/Makefile b/Makefile
@@ -47,9 +47,17 @@ clean: ## Clean up temporary files.
 	-rm -rf ./tmp
 	-rm -rf ./config/**/charts
 
+.PHONY: gateway-manifests
+gateway-manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
+	$(CONTROLLER_GEN) rbac:roleName=manager-role paths="./pkg/controllers/gateway" output:rbac:artifacts:config=config/rbac
+
+.PHONY: policy-manifests
+policy-manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
+	$(CONTROLLER_GEN) rbac:roleName=policy-role paths="./pkg/controllers/dnshealthcheckprobe" paths="./pkg/controllers/dnspolicy" paths="./pkg/controllers/dnsrecord" paths="./pkg/controllers/managedzone" paths="./pkg/controllers/tlspolicy" output:rbac:dir=config/policy-controller/rbac
+	$(CONTROLLER_GEN) crd paths="./..." output:crd:artifacts:config=config/policy-controller/crd/bases
+
 .PHONY: manifests
-manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
-	$(CONTROLLER_GEN) rbac:roleName=manager-role crd paths="./..." output:crd:artifacts:config=config/crd/bases
+manifests: gateway-manifests policy-manifests
 
 .PHONY: generate
 generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
@@ -117,13 +125,6 @@ ifndef ignore-not-found
   ignore-not-found = false
 endif
 
-.PHONY: install
-install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
-	$(KUSTOMIZE) build config/crd | kubectl apply -f -
-
-.PHONY: uninstall
-uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
-	$(KUSTOMIZE) build config/crd | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
 
 .PHONY: deploy-sample-applicationset
 deploy-sample-applicationset:

diff --git a/README.md b/README.md
@@ -43,10 +43,12 @@ When deploying the multicluster gateway controller using the make targets, the f
 1. Build the controller image and load it into the control plane
     ```sh
    kubectl config use-context kind-mgc-control-plane 
-   make kind-load-policy-controller
+   make kind-load-gateway-controller   
+
 
    kubectl config use-context kind-mgc-control-plane 
-   make kind-load-gateway-controller   
+   make kind-load-policy-controller
+   
     ```
 
 1. Deploy the controller(s) to the control plane cluster
@@ -71,11 +73,12 @@ When deploying the multicluster gateway controller using the make targets, the f
 
 1. Run the controller locally:
     ```sh
+
     kubectl config use-context kind-mgc-control-plane 
-    make build-policy-controller install run-policy-controller
+    make build-gateway-controller install run-gateway-controller    
 
     kubectl config use-context kind-mgc-control-plane 
-    make build-gateway-controller install run-gatewway-controller
+    make build-policy-controller install run-policy-controller
     ```
 
 ## 3. Running the agent in the cluster:

diff --git a/bundle/manifests/multicluster-gateway-controller.clusterserviceversion.yaml b/bundle/manifests/multicluster-gateway-controller.clusterserviceversion.yaml
@@ -4,7 +4,7 @@ metadata:
   annotations:
     alm-examples: '[]'
     capabilities: Basic Install
-    createdAt: "2023-10-27T14:36:31Z"
+    createdAt: "2023-11-06T07:47:49Z"
     operators.operatorframework.io/builder: operator-sdk-v1.28.0
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
   name: multicluster-gateway-controller.v0.0.0
@@ -206,28 +206,6 @@ spec:
           - patch
           - update
           - watch
-        - apiGroups:
-          - cert-manager.io
-          resources:
-          - clusterissuers
-          verbs:
-          - get
-          - list
-        - apiGroups:
-          - cert-manager.io
-          resources:
-          - issuers
-          verbs:
-          - get
-          - list
-        - apiGroups:
-          - cluster.open-cluster-management.io
-          resources:
-          - managedclusters
-          verbs:
-          - get
-          - list
-          - watch
         - apiGroups:
           - cluster.open-cluster-management.io
           resources:
@@ -301,6 +279,101 @@ spec:
           - get
           - list
           - watch
+        - apiGroups:
+          - work.open-cluster-management.io
+          resources:
+          - manifestworks
+          verbs:
+          - create
+          - delete
+          - get
+          - list
+          - patch
+          - update
+          - watch
+        - apiGroups:
+          - authentication.k8s.io
+          resources:
+          - tokenreviews
+          verbs:
+          - create
+        - apiGroups:
+          - authorization.k8s.io
+          resources:
+          - subjectaccessreviews
+          verbs:
+          - create
+        serviceAccountName: mgc-controller-manager
+      - rules:
+        - apiGroups:
+          - ""
+          resources:
+          - secrets
+          verbs:
+          - delete
+          - get
+          - list
+          - watch
+        - apiGroups:
+          - cert-manager.io
+          resources:
+          - certificates
+          verbs:
+          - create
+          - delete
+          - get
+          - list
+          - patch
+          - update
+          - watch
+        - apiGroups:
+          - cert-manager.io
+          resources:
+          - clusterissuers
+          verbs:
+          - get
+          - list
+        - apiGroups:
+          - cert-manager.io
+          resources:
+          - issuers
+          verbs:
+          - get
+          - list
+        - apiGroups:
+          - cluster.open-cluster-management.io
+          resources:
+          - managedclusters
+          verbs:
+          - get
+          - list
+          - watch
+        - apiGroups:
+          - gateway.networking.k8s.io
+          resources:
+          - gateways
+          verbs:
+          - create
+          - delete
+          - get
+          - list
+          - patch
+          - update
+          - watch
+        - apiGroups:
+          - gateway.networking.k8s.io
+          resources:
+          - gateways/finalizers
+          verbs:
+          - update
+        - apiGroups:
+          - gateway.networking.k8s.io
+          resources:
+          - gateways/status
+          verbs:
+          - get
+          - patch
+          - update
         - apiGroups:
           - kuadrant.io
           resources:
@@ -433,31 +506,7 @@ spec:
           - get
           - patch
           - update
-        - apiGroups:
-          - work.open-cluster-management.io
-          resources:
-          - manifestworks
-          verbs:
-          - create
-          - delete
-          - get
-          - list
-          - patch
-          - update
-          - watch
-        - apiGroups:
-          - authentication.k8s.io
-          resources:
-          - tokenreviews
-          verbs:
-          - create
-        - apiGroups:
-          - authorization.k8s.io
-          resources:
-          - subjectaccessreviews
-          verbs:
-          - create
-        serviceAccountName: mgc-controller-manager
+        serviceAccountName: mgc-kuadrant-policy-controller
       deployments:
       - label:
           app.kubernetes.io/component: manager
@@ -487,7 +536,7 @@ spec:
                 - --leader-elect
                 command:
                 - /controller
-                image: quay.io/kuadrant/multicluster-gateway-controller:main
+                image: quay.io/kuadrant/multicluster-gateway-controller:separate-controller-deploy
                 imagePullPolicy: Always
                 livenessProbe:
                   httpGet:
@@ -579,7 +628,7 @@ spec:
           app.kubernetes.io/name: deployment
           app.kubernetes.io/part-of: kuadrant
           control-plane: controller-manager
-        name: mgc-policy-controller-manager
+        name: mgc-kuadrant-policy-controller-manager
         spec:
           replicas: 1
           selector:
@@ -598,7 +647,7 @@ spec:
                 - --leader-elect
                 command:
                 - /policy_controller
-                image: quay.io/kuadrant/policy-controller:main
+                image: quay.io/kuadrant/policy-controller:separate-controller-deploy
                 imagePullPolicy: Always
                 livenessProbe:
                   httpGet:
@@ -627,7 +676,7 @@ spec:
                     - ALL
               securityContext:
                 runAsNonRoot: true
-              serviceAccountName: mgc-controller-manager
+              serviceAccountName: mgc-kuadrant-policy-controller
               terminationGracePeriodSeconds: 10
       permissions:
       - rules:
@@ -663,6 +712,39 @@ spec:
           - create
           - patch
         serviceAccountName: mgc-controller-manager
+      - rules:
+        - apiGroups:
+          - ""
+          resources:
+          - configmaps
+          verbs:
+          - get
+          - list
+          - watch
+          - create
+          - update
+          - patch
+          - delete
+        - apiGroups:
+          - coordination.k8s.io
+          resources:
+          - leases
+          verbs:
+          - get
+          - list
+          - watch
+          - create
+          - update
+          - patch
+          - delete
+        - apiGroups:
+          - ""
+          resources:
+          - events
+          verbs:
+          - create
+          - patch
+        serviceAccountName: mgc-kuadrant-policy-controller
     strategy: deployment
   installModes:
   - supported: false

diff --git a/config/add-on-manager/kustomization.yaml b/config/add-on-manager/kustomization.yaml
@@ -1,6 +1,8 @@
 resources:
 - manager.yaml
 - cluster-management-addon.yaml
+
+
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:

diff --git a/config/add-on-manager/manager.yaml b/config/add-on-manager/manager.yaml
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: kuadrant-add-on-manager
-  namespace: system
+  namespace: multicluster-gateway-controller-system
   labels:
     control-plane: kuadrant-add-on-manager
     app.kubernetes.io/name: deployment

diff --git a/config/default/delete-kuadrant-system-ns-object.yaml b/config/default/delete-kuadrant-system-ns-object.yaml
@@ -0,0 +1,6 @@
+---
+$patch: delete
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kuadrant-system