diff --git a/README.md b/README.md index b8cc489b..9d7b14c0 100644 --- a/README.md +++ b/README.md @@ -1,28 +1,22 @@ -# MKE 4 (Proof of Concept) - -**Table of Contents** -1. [Introduction](#introduction) -2. [Setup](#setup) - 1. [Prerequisites](#prerequisites) - 2. [Create machines on AWS](#create-machines-on-aws) -3. [Install MKE](#install-mke) - 1. [Compile the `mke` binary](#compile-the-mke-binary) - 2. [Generate the `blueprint.yaml` config file](#generate-the-mkeyaml-config-file) - 3. [MKE Config File](#mke-config-file) - 3. [Deploy MKE](#deploy-mke) - 4. [Update MKE](#update-mke) -5. [Connect to MKE](#connect-to-mke) -6. [Core Components](#core-components) -7. [Add-ons](#add-ons) -8. [Destroy MKE 4 deployment](#destroy-mke-4-deployment) -9. [Install MKE 4 on Kind cluster](#install-mke-4-on-kind-cluster) - +# Boundless Operator - Tech Preview ## Introduction TBD -## Setup +## Quick Start + +### Install on Kind + +1. Install Kind + ```` +2. Install Boundless CLI Binary: + ``` + + curl -s -L https://github.com/ranyodh/boundless-tech-preview/releases/download/latest/bocli_darwin_x86_64.tar.gz | tar xvz - -C /usr/local/bin + `` + + ### Prerequisites Ensure that following are installed on the system: diff --git a/cmd/root.go b/cmd/root.go index d09d7088..b8f9e9bb 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -214,7 +214,7 @@ func applyWrapper(c *cli.Context) error { //} log.Infof("Installing MKE Operator") - err = kubectlApply("manifests/mke-operator.yaml") + err = kubectlApply("https://raw.githubusercontent.com/ranyodh/boundless-tech-preview/main/deploy/static/boundless-operator.yaml") if err != nil { return fmt.Errorf("failed to install MKE Operator: %w", err) } diff --git a/manifests/boundles-operator.yaml b/manifests/boundles-operator.yaml new file mode 100644 index 00000000..02ce9a77 --- /dev/null +++ b/manifests/boundles-operator.yaml @@ -0,0 +1,620 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + app.kubernetes.io/component: manager + app.kubernetes.io/created-by: boundless-operator + app.kubernetes.io/instance: system + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: namespace + app.kubernetes.io/part-of: boundless-operator + control-plane: controller-manager + name: boundless-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: addons.boundless.mirantis.com +spec: + group: boundless.mirantis.com + names: + kind: Addon + listKind: AddonList + plural: addons + singular: addon + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Addon is the Schema for the addons API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AddonSpec defines the desired state of Addon + properties: + chart: + properties: + name: + type: string + repo: + type: string + set: + additionalProperties: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + values: + type: string + version: + type: string + required: + - name + - repo + - version + type: object + enabled: + type: boolean + kind: + type: string + name: + type: string + namespace: + type: string + required: + - chart + - enabled + - kind + - name + type: object + status: + description: AddonStatus defines the observed state of Addon + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: clusters.boundless.mirantis.com +spec: + group: boundless.mirantis.com + names: + kind: Cluster + listKind: ClusterList + plural: clusters + singular: cluster + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Cluster is the Schema for the clusters API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ClusterSpec defines the desired state of Cluster + properties: + components: + description: Components contains all the components that should be installed + properties: + addons: + items: + description: AddonSpec defines the desired state of Addon + properties: + chart: + properties: + name: + type: string + repo: + type: string + set: + additionalProperties: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + values: + type: string + version: + type: string + required: + - name + - repo + - version + type: object + enabled: + type: boolean + kind: + type: string + name: + type: string + namespace: + type: string + required: + - chart + - enabled + - kind + - name + type: object + type: array + core: + properties: + ingress: + description: IngressSpec defines the desired state of Ingress + properties: + config: + type: string + enabled: + description: Enabled is a flag to enable/disable the ingress + type: boolean + provider: + type: string + required: + - enabled + - provider + type: object + type: object + type: object + type: object + status: + description: ClusterStatus defines the observed state of Cluster + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: ingresses.boundless.mirantis.com +spec: + group: boundless.mirantis.com + names: + kind: Ingress + listKind: IngressList + plural: ingresses + singular: ingress + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Ingress is the Schema for the ingresses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IngressSpec defines the desired state of Ingress + properties: + config: + type: string + enabled: + description: Enabled is a flag to enable/disable the ingress + type: boolean + provider: + type: string + required: + - enabled + - provider + type: object + status: + description: IngressStatus defines the observed state of Ingress + properties: + ingressReady: + type: boolean + required: + - ingressReady + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: boundless-operator + app.kubernetes.io/instance: controller-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: serviceaccount + app.kubernetes.io/part-of: boundless-operator + name: boundless-operator-controller-manager + namespace: boundless-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: boundless-operator + app.kubernetes.io/instance: leader-election-role + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: role + app.kubernetes.io/part-of: boundless-operator + name: boundless-operator-leader-election-role + namespace: boundless-system +rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: boundless-operator-manager-role +rules: + - apiGroups: + - boundless.mirantis.com + resources: + - addons + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - boundless.mirantis.com + resources: + - addons/finalizers + verbs: + - update + - apiGroups: + - boundless.mirantis.com + resources: + - addons/status + verbs: + - get + - patch + - update + - apiGroups: + - boundless.mirantis.com + resources: + - clusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - boundless.mirantis.com + resources: + - clusters/finalizers + verbs: + - update + - apiGroups: + - boundless.mirantis.com + resources: + - clusters/status + verbs: + - get + - patch + - update + - apiGroups: + - boundless.mirantis.com + resources: + - ingresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - boundless.mirantis.com + resources: + - ingresses/finalizers + verbs: + - update + - apiGroups: + - boundless.mirantis.com + resources: + - ingresses/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: boundless-operator + app.kubernetes.io/instance: metrics-reader + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrole + app.kubernetes.io/part-of: boundless-operator + name: boundless-operator-metrics-reader +rules: + - nonResourceURLs: + - /metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: boundless-operator + app.kubernetes.io/instance: proxy-role + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrole + app.kubernetes.io/part-of: boundless-operator + name: boundless-operator-proxy-role +rules: + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: boundless-operator + app.kubernetes.io/instance: leader-election-rolebinding + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: rolebinding + app.kubernetes.io/part-of: boundless-operator + name: boundless-operator-leader-election-rolebinding + namespace: boundless-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: boundless-operator-leader-election-role +subjects: + - kind: ServiceAccount + name: boundless-operator-controller-manager + namespace: boundless-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: boundless-operator + app.kubernetes.io/instance: manager-rolebinding + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/part-of: boundless-operator + name: boundless-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: boundless-operator-manager-role +subjects: + - kind: ServiceAccount + name: boundless-operator-controller-manager + namespace: boundless-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: boundless-operator + app.kubernetes.io/instance: proxy-rolebinding + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/part-of: boundless-operator + name: boundless-operator-proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: boundless-operator-proxy-role +subjects: + - kind: ServiceAccount + name: boundless-operator-controller-manager + namespace: boundless-system +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: kube-rbac-proxy + app.kubernetes.io/created-by: boundless-operator + app.kubernetes.io/instance: controller-manager-metrics-service + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: service + app.kubernetes.io/part-of: boundless-operator + control-plane: controller-manager + name: boundless-operator-controller-manager-metrics-service + namespace: boundless-system +spec: + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https + selector: + control-plane: controller-manager +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: manager + app.kubernetes.io/created-by: boundless-operator + app.kubernetes.io/instance: controller-manager + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: deployment + app.kubernetes.io/part-of: boundless-operator + control-plane: controller-manager + name: boundless-operator-controller-manager + namespace: boundless-system +spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + - ppc64le + - s390x + - key: kubernetes.io/os + operator: In + values: + - linux + containers: + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + command: + - /manager + image: ghcr.io/mirantis/boundless-operator:latest + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + securityContext: + runAsNonRoot: true + serviceAccountName: boundless-operator-controller-manager + terminationGracePeriodSeconds: 10 diff --git a/manifests/mke-operator.yaml b/manifests/mke-operator.yaml deleted file mode 100644 index cafad36c..00000000 --- a/manifests/mke-operator.yaml +++ /dev/null @@ -1,654 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/component: manager - app.kubernetes.io/created-by: mke-operator - app.kubernetes.io/instance: system - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: namespace - app.kubernetes.io/part-of: mke-operator - control-plane: controller-manager - name: mke-operator-system ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.11.1 - creationTimestamp: null - name: mkeaddons.mke.mirantis.com -spec: - group: mke.mirantis.com - names: - kind: MkeAddon - listKind: MkeAddonList - plural: mkeaddons - singular: mkeaddon - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: MkeAddon is the Schema for the mkeaddons API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: MkeAddonSpec defines the desired state of MkeAddon - properties: - chart: - properties: - name: - type: string - repo: - type: string - set: - additionalProperties: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - values: - type: string - version: - type: string - required: - - name - - repo - - version - type: object - enabled: - type: boolean - kind: - type: string - name: - type: string - namespace: - type: string - required: - - chart - - enabled - - kind - - name - type: object - status: - description: MkeAddonStatus defines the observed state of MkeAddon - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.11.1 - creationTimestamp: null - name: mkeclusters.mke.mirantis.com -spec: - group: mke.mirantis.com - names: - kind: MkeCluster - listKind: MkeClusterList - plural: mkeclusters - singular: mkecluster - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: MkeCluster is the Schema for the mkeclusters API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: MkeClusterSpec defines the desired state of MkeCluster - properties: - components: - description: Components contains all the components that should be - installed - properties: - addons: - items: - description: MkeAddonSpec defines the desired state of MkeAddon - properties: - chart: - properties: - name: - type: string - repo: - type: string - set: - additionalProperties: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - values: - type: string - version: - type: string - required: - - name - - repo - - version - type: object - enabled: - type: boolean - kind: - type: string - name: - type: string - namespace: - type: string - required: - - chart - - enabled - - kind - - name - type: object - type: array - core: - properties: - ingress: - description: MkeIngressSpec defines the desired state of MkeIngress - properties: - config: - type: string - enabled: - description: Enabled is a flag to enable/disable the ingress - type: boolean - provider: - type: string - required: - - enabled - - provider - type: object - type: object - type: object - type: object - status: - description: MkeClusterStatus defines the observed state of MkeCluster - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.11.1 - creationTimestamp: null - name: mkeingresses.mke.mirantis.com -spec: - group: mke.mirantis.com - names: - kind: MkeIngress - listKind: MkeIngressList - plural: mkeingresses - singular: mkeingress - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: MkeIngress is the Schema for the mkeingresses API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: MkeIngressSpec defines the desired state of MkeIngress - properties: - config: - type: string - enabled: - description: Enabled is a flag to enable/disable the ingress - type: boolean - provider: - type: string - required: - - enabled - - provider - type: object - status: - description: MkeIngressStatus defines the observed state of MkeIngress - properties: - ingressReady: - type: boolean - required: - - ingressReady - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: mke-operator - app.kubernetes.io/instance: controller-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: serviceaccount - app.kubernetes.io/part-of: mke-operator - name: mke-operator-controller-manager - namespace: mke-operator-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: mke-operator - app.kubernetes.io/instance: leader-election-role - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: role - app.kubernetes.io/part-of: mke-operator - name: mke-operator-leader-election-role - namespace: mke-operator-system -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - name: mke-operator-manager-role -rules: -- apiGroups: - - mke.mirantis.com - resources: - - mkeaddons - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mke.mirantis.com - resources: - - mkeaddons/finalizers - verbs: - - update -- apiGroups: - - mke.mirantis.com - resources: - - mkeaddons/status - verbs: - - get - - patch - - update -- apiGroups: - - mke.mirantis.com - resources: - - mkeclusters - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mke.mirantis.com - resources: - - mkeclusters/finalizers - verbs: - - update -- apiGroups: - - mke.mirantis.com - resources: - - mkeclusters/status - verbs: - - get - - patch - - update -- apiGroups: - - mke.mirantis.com - resources: - - mkeingresses - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - mke.mirantis.com - resources: - - mkeingresses/finalizers - verbs: - - update -- apiGroups: - - mke.mirantis.com - resources: - - mkeingresses/status - verbs: - - get - - patch - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: mke-operator - app.kubernetes.io/instance: metrics-reader - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: clusterrole - app.kubernetes.io/part-of: mke-operator - name: mke-operator-metrics-reader -rules: -- nonResourceURLs: - - /metrics - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: mke-operator - app.kubernetes.io/instance: proxy-role - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: clusterrole - app.kubernetes.io/part-of: mke-operator - name: mke-operator-proxy-role -rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: mke-operator - app.kubernetes.io/instance: leader-election-rolebinding - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: rolebinding - app.kubernetes.io/part-of: mke-operator - name: mke-operator-leader-election-rolebinding - namespace: mke-operator-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: mke-operator-leader-election-role -subjects: -- kind: ServiceAccount - name: mke-operator-controller-manager - namespace: mke-operator-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: mke-operator - app.kubernetes.io/instance: manager-rolebinding - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: clusterrolebinding - app.kubernetes.io/part-of: mke-operator - name: mke-operator-helm-controoler-manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: -- kind: ServiceAccount - name: mke-operator-controller-manager - namespace: mke-operator-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: mke-operator - app.kubernetes.io/instance: manager-rolebinding - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: clusterrolebinding - app.kubernetes.io/part-of: mke-operator - name: mke-operator-manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: mke-operator-manager-role -subjects: -- kind: ServiceAccount - name: mke-operator-controller-manager - namespace: mke-operator-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: mke-operator - app.kubernetes.io/instance: proxy-rolebinding - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: clusterrolebinding - app.kubernetes.io/part-of: mke-operator - name: mke-operator-proxy-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: mke-operator-proxy-role -subjects: -- kind: ServiceAccount - name: mke-operator-controller-manager - namespace: mke-operator-system ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: mke-operator - app.kubernetes.io/instance: controller-manager-metrics-service - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: service - app.kubernetes.io/part-of: mke-operator - control-plane: controller-manager - name: mke-operator-controller-manager-metrics-service - namespace: mke-operator-system -spec: - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https - selector: - control-plane: controller-manager ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: manager - app.kubernetes.io/created-by: mke-operator - app.kubernetes.io/instance: controller-manager - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: deployment - app.kubernetes.io/part-of: mke-operator - control-plane: controller-manager - name: mke-operator-controller-manager - namespace: mke-operator-system -spec: - replicas: 1 - selector: - matchLabels: - control-plane: controller-manager - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: manager - labels: - control-plane: controller-manager - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: - - amd64 - - arm64 - - ppc64le - - s390x - - key: kubernetes.io/os - operator: In - values: - - linux - containers: - - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=0 - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1 - name: kube-rbac-proxy - ports: - - containerPort: 8443 - name: https - protocol: TCP - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 5m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - - args: - - --health-probe-bind-address=:8081 - - --metrics-bind-address=127.0.0.1:8080 - - --leader-elect - command: - - /manager - image: ranyodh/operator-test:latest - imagePullPolicy: Always - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - name: manager - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 10m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - securityContext: - runAsNonRoot: true - serviceAccountName: mke-operator-controller-manager - terminationGracePeriodSeconds: 10