Generate CRD and RBAC yaml templates from submariner-operator

The submariner-operator repo is the source of truth for the
CRD and RBAC resource yaml used by subctl and the ACM add-on so
we should use it for the helm charts as well. This will avoid
having to duplicate changes from the submariner-operator repo.
All the yaml is assembled in the pkg/embeddedyamls/yamls.go file
in submariner-operator so download and extract the yaml into
template files in the chart templates directories which can then
be included in other manifest files.

Signed-off-by: Tom Pantelis <[email protected]>

.gitignore

@@ -6,3 +6,8 @@ Makefile.dapper
 Makefile.shipyard
 Dockerfile.*
 helm_repo
+yamls
+submariner-k8s-broker/crds/crd.yaml
+submariner-k8s-broker/templates/_role.tpl
+submariner-operator/crds/crd.yaml
+submariner-operator/templates/*-rbac.yaml

Makefile

@@ -25,15 +25,18 @@ REPO_URL=$(shell git config remote.origin.url)
 
 CHART_PACKAGES := submariner-k8s-broker-$(CHARTS_VERSION).tgz submariner-operator-$(CHARTS_VERSION).tgz
 
-local-helm-repo: $(CHART_PACKAGES)
+local-helm-repo: generate-yamls $(CHART_PACKAGES)
 	mkdir -p $(HELM_REPO_LOCATION)
-	for archive in $^; do \
+	for archive in $(CHART_PACKAGES); do \
 	  tar xzf $$archive -C $(HELM_REPO_LOCATION); \
 	done
 
 e2e: local-helm-repo
 	$(SCRIPTS_DIR)/e2e.sh
 
+generate-yamls:
+	./generate-yamls.sh $(BASE_BRANCH)
+
 %.tgz:
 	helm dep update $(subst -$(CHARTS_VERSION),,$(basename $(@F)))
 	helm package --version $(CHARTS_VERSION) --app-version $(CHARTS_VERSION) $(subst -$(CHARTS_VERSION),,$(basename $(@F)))
@@ -52,7 +55,7 @@ helm-docs:
 		exit 1; \
 	fi
 
-release: $(CHART_PACKAGES)
+release: generate-yamls $(CHART_PACKAGES)
 	git checkout gh-pages
 	mv *.tgz $(CHARTS_DIR)
 	if [ -f $(CHARTS_DIR)/index.yaml ]; then \

extract-yamls

@@ -4,7 +4,10 @@
 /= `/ {
     outfile = gensub("_yaml$", ".yaml", "1", $1)
     print "Writing " outfile
-    print substr($0, index($0, "`") + 1) > outfile
+    firstline = substr($0, index($0, "`") + 1)
+    if (firstline !~ "^---")
+        firstline = "---\n"firstline
+    print firstline > outfile
     next
 }
 

generate-yamls.sh

@@ -0,0 +1,102 @@
+#!/bin/bash
+
+set -e
+
+BROKER_ROLE_TPL=submariner-k8s-broker/templates/_role.tpl
+OPERATOR_RBAC_YAML=submariner-operator/templates/operator-rbac.yaml
+GATEWAY_RBAC_YAML=submariner-operator/templates/gateway-rbac.yaml
+ROUTE_AGENT_RBAC_YAML=submariner-operator/templates/routeagent-rbac.yaml
+GLOBALNET_RBAC_YAML=submariner-operator/templates/globalnet-rbac.yaml
+SERVICE_DISC_RBAC_YAML=submariner-operator/templates/service-discovery-rbac.yaml
+OPENSHIFT_MONITORING_YAML=submariner-operator/templates/openshift-monitoring-rbac.yaml
+
+function add_service_acct_ns() {
+    sed -i '/- kind: ServiceAccount/a \ \ \ \ namespace: {{ .Release.Namespace }}' $1
+}
+
+mkdir -p yamls
+cd yamls
+curl -L https://raw.githubusercontent.com/submariner-io/submariner-operator/refs/heads/$1/pkg/embeddedyamls/yamls.go | ../extract-yamls
+cd -
+
+# Generate the CRDs for the broker chart
+mkdir -p submariner-k8s-broker/crds
+cat yamls/Deploy_submariner_crds_submariner_io_endpoints.yaml \
+	  yamls/Deploy_submariner_crds_submariner_io_clusters.yaml \
+		yamls/Deploy_submariner_crds_submariner_io_gateways.yaml \
+		yamls/Deploy_mcsapi_crds_multicluster_x_k8s_io_serviceexports.yaml \
+		yamls/Deploy_mcsapi_crds_multicluster_x_k8s_io_serviceimports.yaml > submariner-k8s-broker/crds/crd.yaml
+
+# Generate the client role yaml for the broker chart
+echo '{{- define "broker-role" -}}' > ${BROKER_ROLE_TPL}
+cat yamls/Config_broker_broker_client_role.yaml >> ${BROKER_ROLE_TPL}
+echo '{{- end -}}' >> ${BROKER_ROLE_TPL}
+sed -i -e 's/name:.*/name: {{ template "submariner-k8s-broker.fullname" \. }}-cluster/' ${BROKER_ROLE_TPL}
+
+# Generate the CRDs for the operator chart
+mkdir -p submariner-operator/crds
+cat yamls/Deploy_crds_submariner_io_submariners.yaml \
+    yamls/Deploy_crds_submariner_io_servicediscoveries.yaml \
+    yamls/Deploy_crds_submariner_io_brokers.yaml > submariner-operator/crds/crd.yaml
+
+# Generate the operator RBAC yaml for the operator chart
+echo '{{- if .Values.rbac.create -}}' > ${OPERATOR_RBAC_YAML}
+add_service_acct_ns yamls/Config_rbac_submariner_operator_cluster_role_binding.yaml
+cat yamls/Config_rbac_submariner_operator_service_account.yaml \
+    yamls/Config_rbac_submariner_operator_role.yaml \
+    yamls/Config_rbac_submariner_operator_role_binding.yaml \
+    yamls/Config_rbac_submariner_operator_cluster_role.yaml \
+    yamls/Config_rbac_submariner_operator_cluster_role_binding.yaml >> ${OPERATOR_RBAC_YAML}
+echo '{{- end -}}' >> ${OPERATOR_RBAC_YAML}
+
+# Generate the gateway RBAC yaml for the operator chart
+echo '{{- if .Values.rbac.create -}}' > ${GATEWAY_RBAC_YAML}
+add_service_acct_ns yamls/Config_rbac_submariner_gateway_cluster_role_binding.yaml
+cat yamls/Config_rbac_submariner_gateway_service_account.yaml \
+    yamls/Config_rbac_submariner_gateway_role.yaml \
+    yamls/Config_rbac_submariner_gateway_role_binding.yaml \
+    yamls/Config_rbac_submariner_gateway_cluster_role.yaml \
+    yamls/Config_rbac_submariner_gateway_cluster_role_binding.yaml >> ${GATEWAY_RBAC_YAML}
+echo '{{- end -}}' >> ${GATEWAY_RBAC_YAML}
+
+# Generate the routeagent RBAC yaml for the operator chart
+echo '{{- if .Values.rbac.create -}}' > ${ROUTE_AGENT_RBAC_YAML}
+add_service_acct_ns yamls/Config_rbac_submariner_route_agent_cluster_role_binding.yaml
+cat yamls/Config_rbac_submariner_route_agent_service_account.yaml \
+    yamls/Config_rbac_submariner_route_agent_role.yaml \
+    yamls/Config_rbac_submariner_route_agent_role_binding.yaml \
+    yamls/Config_rbac_submariner_route_agent_cluster_role.yaml \
+    yamls/Config_rbac_submariner_route_agent_cluster_role_binding.yaml >> ${ROUTE_AGENT_RBAC_YAML}
+echo '{{- end -}}' >> ${ROUTE_AGENT_RBAC_YAML}
+
+# Generate the globalnet RBAC yaml for the operator chart
+echo '{{- if .Values.rbac.create -}}' > ${GLOBALNET_RBAC_YAML}
+echo '{{- if .Values.broker.globalnet }}' >> ${GLOBALNET_RBAC_YAML}
+add_service_acct_ns yamls/Config_rbac_submariner_globalnet_cluster_role_binding.yaml
+cat yamls/Config_rbac_submariner_globalnet_service_account.yaml \
+    yamls/Config_rbac_submariner_globalnet_role.yaml \
+    yamls/Config_rbac_submariner_globalnet_role_binding.yaml \
+    yamls/Config_rbac_submariner_globalnet_cluster_role.yaml \
+    yamls/Config_rbac_submariner_globalnet_cluster_role_binding.yaml >> ${GLOBALNET_RBAC_YAML}
+echo '{{- end -}}' >> ${GLOBALNET_RBAC_YAML}
+echo '{{- end -}}' >> ${GLOBALNET_RBAC_YAML}
+
+# Generate the service discovery RBAC yaml for the operator chart
+echo '{{- if .Values.rbac.create -}}' > ${SERVICE_DISC_RBAC_YAML}
+echo '{{- if .Values.submariner.serviceDiscovery }}' >> ${SERVICE_DISC_RBAC_YAML}
+add_service_acct_ns yamls/Config_rbac_lighthouse_agent_cluster_role_binding.yaml
+add_service_acct_ns yamls/Config_rbac_lighthouse_coredns_cluster_role_binding.yaml
+cat yamls/Config_rbac_lighthouse_agent_service_account.yaml \
+    yamls/Config_rbac_lighthouse_agent_cluster_role.yaml \
+    yamls/Config_rbac_lighthouse_agent_cluster_role_binding.yaml \
+    yamls/Config_rbac_lighthouse_coredns_service_account.yaml \
+    yamls/Config_rbac_lighthouse_coredns_cluster_role.yaml \
+    yamls/Config_rbac_lighthouse_coredns_cluster_role_binding.yaml >> ${SERVICE_DISC_RBAC_YAML}
+echo '{{- end -}}' >> ${SERVICE_DISC_RBAC_YAML}
+echo '{{- end -}}' >> ${SERVICE_DISC_RBAC_YAML}
+
+# Generate the openshift monitoring rbac yaml for the operator chart
+echo '{{- if .Values.rbac.create -}}' > ${OPENSHIFT_MONITORING_YAML}
+cat yamls/Config_openshift_rbac_submariner_metrics_reader_role.yaml \
+    yamls/Config_openshift_rbac_submariner_metrics_reader_role_binding.yaml >> ${OPENSHIFT_MONITORING_YAML}
+echo '{{- end -}}' >> ${OPENSHIFT_MONITORING_YAML}