[Fix] - make deploy target not works well (OT-CONTAINER-KIT#662)

* execute make manifests Signed-off-by: drivebyer <[email protected]> * fix indent Signed-off-by: drivebyer <[email protected]> * match operator's name && namespace Signed-off-by: drivebyer <[email protected]> * disable webhook related resources Signed-off-by: drivebyer <[email protected]> * fix no-group name for core api resources Signed-off-by: drivebyer <[email protected]> * disable manager auth by default Signed-off-by: drivebyer <[email protected]> * fix ClusterRoleBinding Signed-off-by: drivebyer <[email protected]> --------- Signed-off-by: drivebyer <[email protected]> Signed-off-by: Matt Robinson <[email protected]>
mattrobinsonsre · Jul 11, 2024 · 809ce33 · 809ce33
1 parent 21582e1
commit 809ce33
Show file tree

Hide file tree

Showing 19 changed files with 5,832 additions and 3,954 deletions.
diff --git a/Makefile b/Makefile
@@ -51,7 +51,7 @@ uninstall: manifests kustomize
 # Deploy controller in the configured Kubernetes cluster in ~/.kube/config
 deploy: manifests kustomize
 	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
-	$(KUSTOMIZE) build config/default | kubectl apply -f -
+	$(KUSTOMIZE) build config/default | kubectl apply --server-side=true -f -
 
 # UnDeploy controller from the configured Kubernetes cluster in ~/.kube/config
 undeploy:

diff --git a/api/rbac.go b/api/rbac.go
@@ -5,7 +5,7 @@ package api
 // +kubebuilder:rbac:groups=apiextensions.k8s.io,resources=customresourcedefinitions,verbs=get;list;watch
 // +kubebuilder:rbac:groups=redis.redis.opstreelabs.in,resources=redis/finalizers;rediscluster/finalizers;redisclusters/finalizers;redissentinel/finalizers;redissentinels/finalizers;redisreplication/finalizers;redisreplications/finalizers,verbs=update
 // +kubebuilder:rbac:groups=redis.redis.opstreelabs.in,resources=redis/status;rediscluster/status;redisclusters/status;redissentinel/status;redissentinels/status;redisreplication/status;redisreplications/status,verbs=get;patch;update
-// +kubebuilder:rbac:groups=,resources=secrets;pods/exec;pods;services;configmaps;events;persistentvolumeclaims;namespaces,verbs=create;delete;get;list;patch;update;watch
+// +kubebuilder:rbac:groups="",resources=secrets;pods/exec;pods;services;configmaps;events;persistentvolumeclaims;namespaces,verbs=create;delete;get;list;patch;update;watch
 // +kubebuilder:rbac:groups=apps,resources=statefulsets,verbs=create;delete;get;list;patch;update;watch
 // +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=create;delete;get;list;patch;update;watch
 // +kubebuilder:rbac:groups=policy,resources=poddisruptionbudgets,verbs=create;delete;get;list;patch;update;watch
diff --git a/config/certmanager/certificate.yaml b/config/certmanager/certificate.yaml
@@ -5,15 +5,15 @@ apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
   name: selfsigned-issuer
-  namespace: system
+  namespace: ot-operators
 spec:
   selfSigned: {}
 ---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
   name: serving-cert  # this name should match the one appeared in kustomizeconfig.yaml
-  namespace: system
+  namespace: ot-operators
 spec:
   # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize
   dnsNames:

diff --git a/config/crd/bases/redis.redis.opstreelabs.in_redis.yaml b/config/crd/bases/redis.redis.opstreelabs.in_redis.yaml
diff --git a/config/crd/bases/redis.redis.opstreelabs.in_redisclusters.yaml b/config/crd/bases/redis.redis.opstreelabs.in_redisclusters.yaml
diff --git a/config/crd/bases/redis.redis.opstreelabs.in_redisreplications.yaml b/config/crd/bases/redis.redis.opstreelabs.in_redisreplications.yaml
diff --git a/config/crd/bases/redis.redis.opstreelabs.in_redissentinels.yaml b/config/crd/bases/redis.redis.opstreelabs.in_redissentinels.yaml
diff --git a/config/crd/patches/webhook_in_redis.yaml b/config/crd/patches/webhook_in_redis.yaml
@@ -9,7 +9,7 @@ spec:
     webhook:
       clientConfig:
         service:
-          namespace: system
+          namespace: ot-operators
           name: webhook-service
           path: /convert
       conversionReviewVersions: ["v1beta2", "v1beta1"]
diff --git a/config/crd/patches/webhook_in_redisclusters.yaml b/config/crd/patches/webhook_in_redisclusters.yaml
@@ -9,7 +9,7 @@ spec:
     webhook:
       clientConfig:
         service:
-          namespace: system
+          namespace: ot-operators
           name: webhook-service
           path: /convert
       conversionReviewVersions: ["v1beta2", "v1beta1"]
diff --git a/config/crd/patches/webhook_in_redisreplications.yaml b/config/crd/patches/webhook_in_redisreplications.yaml
@@ -9,7 +9,7 @@ spec:
     webhook:
       clientConfig:
         service:
-          namespace: system
+          namespace: ot-operators
           name: webhook-service
           path: /convert
       conversionReviewVersions: ["v1beta2", "v1beta1"]
diff --git a/config/crd/patches/webhook_in_redissentinels.yaml b/config/crd/patches/webhook_in_redissentinels.yaml
@@ -9,7 +9,7 @@ spec:
     webhook:
       clientConfig:
         service:
-          namespace: system
+          namespace: ot-operators
           name: webhook-service
           path: /convert
       conversionReviewVersions: ["v1beta2", "v1beta1"]
diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
@@ -24,51 +24,51 @@ bases:
 # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
 #- ../prometheus
 
-patchesStrategicMerge:
+#patchesStrategicMerge:
 # Protect the /metrics endpoint by putting it behind auth.
-# If you want your controller-manager to expose the /metrics
+# If you want your redis-operator to expose the /metrics
 # endpoint w/o any authn/z, please comment the following line.
-- manager_auth_proxy_patch.yaml
+#- manager_auth_proxy_patch.yaml
 
 # Mount the controller config file for loading manager configurations
 # through a ComponentConfig type
 #- manager_config_patch.yaml
 
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml
-- manager_webhook_patch.yaml
+#- manager_webhook_patch.yaml
 
 # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'.
 # Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks.
 # 'CERTMANAGER' needs to be enabled to use ca injection
-- webhookcainjection_patch.yaml
+#- webhookcainjection_patch.yaml
 
 # the following config is for teaching kustomize how to do var substitution
-vars:
-# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
-- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
- objref:
-   kind: Certificate
-   group: cert-manager.io
-   version: v1
-   name: serving-cert # this name should match the one in certificate.yaml
- fieldref:
-   fieldpath: metadata.namespace
-- name: CERTIFICATE_NAME
- objref:
-   kind: Certificate
-   group: cert-manager.io
-   version: v1
-   name: serving-cert # this name should match the one in certificate.yaml
-- name: SERVICE_NAMESPACE # namespace of the service
- objref:
-   kind: Service
-   version: v1
-   name: webhook-service
- fieldref:
-   fieldpath: metadata.namespace
-- name: SERVICE_NAME
- objref:
-   kind: Service
-   version: v1
-   name: webhook-service
+#vars:
+## [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
+#- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
+#  objref:
+#    kind: Certificate
+#    group: cert-manager.io
+#    version: v1
+#    name: serving-cert # this name should match the one in certificate.yaml
+#  fieldref:
+#    fieldpath: metadata.namespace
+#- name: CERTIFICATE_NAME
+#  objref:
+#    kind: Certificate
+#    group: cert-manager.io
+#    version: v1
+#    name: serving-cert # this name should match the one in certificate.yaml
+#- name: SERVICE_NAMESPACE # namespace of the service
+#  objref:
+#    kind: Service
+#    version: v1
+#    name: webhook-service
+#  fieldref:
+#    fieldpath: metadata.namespace
+#- name: SERVICE_NAME
+#  objref:
+#    kind: Service
+#    version: v1
+#    name: webhook-service
diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml
@@ -3,8 +3,8 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: controller-manager
-  namespace: system
+  name: redis-operator
+  namespace: ot-operators
 spec:
   template:
     spec:

diff --git a/config/default/manager_config_patch.yaml b/config/default/manager_config_patch.yaml
@@ -1,8 +1,8 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: controller-manager
-  namespace: system
+  name: redis-operator
+  namespace: ot-operators
 spec:
   template:
     spec:

diff --git a/config/default/manager_webhook_patch.yaml b/config/default/manager_webhook_patch.yaml
@@ -1,8 +1,8 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: controller-manager
-  namespace: system
+  name: redis-operator
+  namespace: ot-operators
 spec:
   template:
     spec:

diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml
@@ -4,13 +4,13 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
   labels:
-    control-plane: controller-manager
-  name: controller-manager-metrics-monitor
-  namespace: system
+    control-plane: redis-operator
+  name: redis-operator-metrics-monitor
+  namespace: ot-operators
 spec:
   endpoints:
     - path: /metrics
       port: https
   selector:
     matchLabels:
-      control-plane: controller-manager
+      control-plane: redis-operator
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -10,7 +10,9 @@ rules:
   - '*'
   verbs:
   - get
-- resources:
+- apiGroups:
+  - ""
+  resources:
   - configmaps
   - events
   - namespaces

diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml
@@ -5,7 +5,7 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: redis-operator
+  name: redis-operator-manager-role
 subjects:
 - kind: ServiceAccount
   name: redis-operator

diff --git a/config/webhook/service.yaml b/config/webhook/service.yaml
@@ -10,11 +10,11 @@ metadata:
     app.kubernetes.io/part-of: redis-operator
     app.kubernetes.io/managed-by: kustomize
   name: webhook-service
-  namespace: system
+  namespace: ot-operators
 spec:
   ports:
     - port: 443
       protocol: TCP
       targetPort: 9443
   selector:
-    control-plane: controller-manager
+    control-plane: redis-operator