Initial controller implementation (#4)

projectsyn · Dec 8, 2023 · 83e1185 · 83e1185
1 parent bce657d
commit 83e1185
Show file tree

Hide file tree

Showing 24 changed files with 1,747 additions and 86 deletions.
diff --git a/Makefile b/Makefile
@@ -57,7 +57,7 @@ clean: ## Cleans up the generated resources
 
 .PHONY: run
 run: manifests generate fmt vet ## Run a controller from your host.
-	go run ./main.go
+	go run ./main.go $(RUN_ARGS)
 
 ###
 ### Assets

diff --git a/README.md b/README.md
@@ -74,3 +74,23 @@ make manifests
 **NOTE:** Run `make --help` for more information on all potential `make` targets
 
 More information can be found via the [Kubebuilder Documentation](https://book.kubebuilder.io/introduction.html)
+
+## VSHN Development Infrastructure
+
+For a full E2E development setup the VSHN infrastructure has you covered.
+
+1. Create your isolated realm on the testing Keycloak <https://id.test.vshn.net/auth/admin/master/console/#/master/add-realm>.
+2. Create a user for the controller in the admin realm <https://id.test.vshn.net/auth/admin/master/console/#/master/users/add-user>.
+Configure as follows:
+![User Details](./docs/keycloak-config/user-details.png "User Details")
+![User Password](./docs/keycloak-config/user-pw.png "User Password")
+![User Roles](./docs/keycloak-config/user-roles.png "User Roles")
+3. [Sign in](https://kb.vshn.ch/corp-tech/projectsyn/how-tos/connect-to-lieutenant-clusters.html) to the `lieutenant-dev` cluster at <https://syn-lieutenant-dev.apps.cloudscale-lpg-2.appuio.cloud/>.
+4. Run the controller with the following command:
+```sh
+REALM=your-realm-name
+KEYCLOAK_USER=your-controller-user
+KEYCLOAK_PASSWORD=your-controller-password
+
+make RUN_ARGS="--keycloak-realm=$REALM --keycloak-base-url=https://id.test.vshn.net --keycloak-user=$KEYCLOAK_USER --keycloak-password=$KEYCLOAK_PASSWORD --keycloak-login-realm=master --keycloak-legacy-wildfly-support=true --vault-address=https://vault-dev.syn.vshn.net/ --vault-token=$(kubectl create token -n lieutenant lieutenant-keycloak-idp-controller)" run
+```
diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
@@ -40,6 +40,7 @@ kind: Kustomization
 resources:
 - ../rbac
 - ../manager
-- ../prometheus
+# We deploy lieutenant in its own vCluster and do not have a Prometheus operator there
+# - ../prometheus
 patches:
 - path: manager_auth_proxy_patch.yaml
diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml
@@ -53,4 +53,3 @@ spec:
         - "--health-probe-bind-address=:8081"
         - "--metrics-bind-address=127.0.0.1:8080"
         - "--leader-elect"
-        - "--namespace=$(POD_NAMESPACE)"
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -43,7 +43,6 @@ spec:
       containers:
       - args:
         - --leader-elect
-        - --namespace=$(POD_NAMESPACE)
         env:
         - name: POD_NAMESPACE
           valueFrom:

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -11,6 +11,8 @@ rules:
   verbs:
   - get
   - list
+  - patch
+  - update
   - watch
 - apiGroups:
   - syn.tools
-Original file line number
+Diff line change
@@ Expand Up / @@ -11,6 +11,8 @@ rules: @@
       verbs:
       - get
       - list
+      - patch
+      - update
       - watch
     - apiGroups:
       - syn.tools
@@ Expand Down @@