Skip to content

Commit 30ee2eb

Browse files
yaacovyaacov
committed
move resources out
1 parent b682b0c commit 30ee2eb

File tree

7 files changed

+313
-238
lines changed

7 files changed

+313
-238
lines changed

controllers/deployment.go

Lines changed: 90 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,90 @@
1+
package controllers
2+
3+
import (
4+
"fmt"
5+
6+
appsv1 "k8s.io/api/apps/v1"
7+
corev1 "k8s.io/api/core/v1"
8+
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
9+
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
10+
11+
ocgatev1beta1 "github.com/yaacov/oc-gate-operator/api/v1beta1"
12+
)
13+
14+
func (r *GateServerReconciler) deployment(s *ocgatev1beta1.GateServer) (*appsv1.Deployment, error) {
15+
image := s.Spec.IMG
16+
replicas := int32(1)
17+
labels := map[string]string{
18+
"app": s.Name,
19+
}
20+
matchlabels := map[string]string{
21+
"app": s.Name,
22+
}
23+
24+
deployment := &appsv1.Deployment{
25+
ObjectMeta: metav1.ObjectMeta{
26+
Name: s.Name,
27+
Namespace: s.Namespace,
28+
Labels: labels,
29+
},
30+
Spec: appsv1.DeploymentSpec{
31+
Replicas: &replicas,
32+
Selector: &metav1.LabelSelector{
33+
MatchLabels: matchlabels,
34+
},
35+
Template: corev1.PodTemplateSpec{
36+
ObjectMeta: metav1.ObjectMeta{
37+
Labels: matchlabels,
38+
},
39+
Spec: corev1.PodSpec{
40+
Containers: []corev1.Container{{
41+
Image: image,
42+
Name: "kube-gateway",
43+
44+
Ports: []corev1.ContainerPort{{
45+
ContainerPort: 8080,
46+
Name: "https",
47+
}},
48+
VolumeMounts: []corev1.VolumeMount{
49+
{
50+
Name: "serving-cert",
51+
MountPath: "/var/run/secrets/serving-cert",
52+
},
53+
},
54+
Command: []string{
55+
"./kube-gateway",
56+
"-api-server=https://kubernetes.default.svc",
57+
"-gateway-listen=https://0.0.0.0:8080",
58+
"-api-server-ca-file=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt",
59+
"-api-server-bearer-token-file=/var/run/secrets/kubernetes.io/serviceaccount/token",
60+
"-gateway-key-file=/var/run/secrets/serving-cert/tls.key",
61+
"-gateway-cert-file=/var/run/secrets/serving-cert/tls.crt",
62+
fmt.Sprintf("-jwt-public-key-name=%s-secret", s.Name),
63+
fmt.Sprintf("-jwt-public-key-namespace=%s", s.Namespace),
64+
"-jwt-request-enable=true",
65+
fmt.Sprintf("-jwt-private-key-name=%s-secret", s.Name),
66+
fmt.Sprintf("-jwt-private-key-namespace=%s", s.Namespace),
67+
},
68+
}},
69+
70+
Volumes: []corev1.Volume{
71+
{
72+
Name: "serving-cert",
73+
VolumeSource: corev1.VolumeSource{
74+
Secret: &corev1.SecretVolumeSource{
75+
SecretName: fmt.Sprintf("%s-secret", s.Name),
76+
},
77+
},
78+
},
79+
},
80+
81+
ServiceAccountName: s.Name,
82+
},
83+
},
84+
},
85+
}
86+
87+
controllerutil.SetControllerReference(s, deployment, r.Scheme)
88+
89+
return deployment, nil
90+
}

controllers/gateserver_controller.go

Lines changed: 0 additions & 238 deletions
Original file line numberDiff line numberDiff line change
@@ -19,21 +19,15 @@ package controllers
1919
import (
2020
"context"
2121
"fmt"
22-
"strings"
2322
"time"
2423

2524
"github.com/go-logr/logr"
2625
"k8s.io/apimachinery/pkg/api/errors"
2726
"k8s.io/apimachinery/pkg/runtime"
28-
"k8s.io/apimachinery/pkg/util/intstr"
2927
ctrl "sigs.k8s.io/controller-runtime"
3028
"sigs.k8s.io/controller-runtime/pkg/client"
3129
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
3230

33-
routev1 "github.com/openshift/api/route/v1"
34-
appsv1 "k8s.io/api/apps/v1"
35-
corev1 "k8s.io/api/core/v1"
36-
rbacv1 "k8s.io/api/rbac/v1"
3731
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
3832

3933
ocgatev1beta1 "github.com/yaacov/oc-gate-operator/api/v1beta1"
@@ -285,235 +279,3 @@ func (r *GateServerReconciler) SetupWithManager(mgr ctrl.Manager) error {
285279
For(&ocgatev1beta1.GateServer{}).
286280
Complete(r)
287281
}
288-
289-
func (r *GateServerReconciler) service(s *ocgatev1beta1.GateServer) (*corev1.Service, error) {
290-
labels := map[string]string{
291-
"app": s.Name,
292-
}
293-
annotations := map[string]string{
294-
"service.alpha.openshift.io/serving-cert-secret-name": fmt.Sprintf("%s-secret", s.Name),
295-
}
296-
297-
service := &corev1.Service{
298-
ObjectMeta: metav1.ObjectMeta{
299-
Name: s.Name,
300-
Namespace: s.Namespace,
301-
Labels: labels,
302-
Annotations: annotations,
303-
},
304-
Spec: corev1.ServiceSpec{
305-
Selector: labels,
306-
Ports: []corev1.ServicePort{
307-
{
308-
Port: 8080,
309-
Protocol: corev1.ProtocolTCP,
310-
TargetPort: intstr.FromInt(8080),
311-
},
312-
},
313-
},
314-
}
315-
316-
controllerutil.SetControllerReference(s, service, r.Scheme)
317-
318-
return service, nil
319-
}
320-
321-
func (r *GateServerReconciler) route(s *ocgatev1beta1.GateServer) (*routev1.Route, error) {
322-
labels := map[string]string{
323-
"app": s.Name,
324-
}
325-
326-
route := &routev1.Route{
327-
ObjectMeta: metav1.ObjectMeta{
328-
Name: s.Name,
329-
Namespace: s.Namespace,
330-
Labels: labels,
331-
},
332-
Spec: routev1.RouteSpec{
333-
Host: s.Spec.Route,
334-
To: routev1.RouteTargetReference{
335-
Kind: "Service",
336-
Name: s.Name,
337-
},
338-
TLS: &routev1.TLSConfig{
339-
Termination: routev1.TLSTerminationReencrypt,
340-
},
341-
Port: &routev1.RoutePort{
342-
TargetPort: intstr.FromInt(8080),
343-
},
344-
WildcardPolicy: routev1.WildcardPolicyNone,
345-
},
346-
}
347-
348-
controllerutil.SetControllerReference(s, route, r.Scheme)
349-
350-
return route, nil
351-
}
352-
353-
func (r *GateServerReconciler) serviceaccount(s *ocgatev1beta1.GateServer) (*corev1.ServiceAccount, error) {
354-
labels := map[string]string{
355-
"app": s.Name,
356-
}
357-
358-
serviceaccount := &corev1.ServiceAccount{
359-
ObjectMeta: metav1.ObjectMeta{
360-
Name: s.Name,
361-
Namespace: s.Namespace,
362-
Labels: labels,
363-
},
364-
Secrets: []corev1.ObjectReference{
365-
{
366-
Name: fmt.Sprintf("%s-secret", s.Name),
367-
},
368-
},
369-
}
370-
controllerutil.SetControllerReference(s, serviceaccount, r.Scheme)
371-
372-
return serviceaccount, nil
373-
}
374-
375-
func (r *GateServerReconciler) role(s *ocgatev1beta1.GateServer) (*rbacv1.Role, error) {
376-
var verbs []string
377-
var resources []string
378-
379-
labels := map[string]string{
380-
"app": s.Name,
381-
}
382-
383-
if s.Spec.AdminRole == "admin" {
384-
verbs = []string{"get", "list", "watch", "create", "delete", "patch", "update"}
385-
} else {
386-
verbs = []string{"get", "list", "watch"}
387-
}
388-
if s.Spec.AdminResources == "" {
389-
resources = []string{"*"}
390-
} else {
391-
resources = strings.Split(s.Spec.AdminResources, ",")
392-
}
393-
394-
role := &rbacv1.Role{
395-
ObjectMeta: metav1.ObjectMeta{
396-
Name: s.Name,
397-
Namespace: s.Namespace,
398-
Labels: labels,
399-
},
400-
Rules: []rbacv1.PolicyRule{
401-
{
402-
APIGroups: []string{"*"},
403-
Resources: resources,
404-
Verbs: verbs,
405-
},
406-
},
407-
}
408-
409-
controllerutil.SetControllerReference(s, role, r.Scheme)
410-
411-
return role, nil
412-
}
413-
414-
func (r *GateServerReconciler) rolebinding(s *ocgatev1beta1.GateServer) (*rbacv1.RoleBinding, error) {
415-
labels := map[string]string{
416-
"app": s.Name,
417-
}
418-
419-
rolebinding := &rbacv1.RoleBinding{
420-
ObjectMeta: metav1.ObjectMeta{
421-
Name: s.Name,
422-
Namespace: s.Namespace,
423-
Labels: labels,
424-
},
425-
Subjects: []rbacv1.Subject{
426-
{
427-
Kind: "ServiceAccount",
428-
Name: s.Name,
429-
},
430-
},
431-
RoleRef: rbacv1.RoleRef{
432-
APIGroup: "rbac.authorization.k8s.io",
433-
Kind: "Role",
434-
Name: s.Name,
435-
},
436-
}
437-
438-
controllerutil.SetControllerReference(s, rolebinding, r.Scheme)
439-
440-
return rolebinding, nil
441-
}
442-
443-
func (r *GateServerReconciler) deployment(s *ocgatev1beta1.GateServer) (*appsv1.Deployment, error) {
444-
image := s.Spec.IMG
445-
replicas := int32(1)
446-
labels := map[string]string{
447-
"app": s.Name,
448-
}
449-
matchlabels := map[string]string{
450-
"app": s.Name,
451-
}
452-
453-
deployment := &appsv1.Deployment{
454-
ObjectMeta: metav1.ObjectMeta{
455-
Name: s.Name,
456-
Namespace: s.Namespace,
457-
Labels: labels,
458-
},
459-
Spec: appsv1.DeploymentSpec{
460-
Replicas: &replicas,
461-
Selector: &metav1.LabelSelector{
462-
MatchLabels: matchlabels,
463-
},
464-
Template: corev1.PodTemplateSpec{
465-
ObjectMeta: metav1.ObjectMeta{
466-
Labels: matchlabels,
467-
},
468-
Spec: corev1.PodSpec{
469-
Containers: []corev1.Container{{
470-
Image: image,
471-
Name: "kube-gateway",
472-
473-
Ports: []corev1.ContainerPort{{
474-
ContainerPort: 8080,
475-
Name: "https",
476-
}},
477-
VolumeMounts: []corev1.VolumeMount{
478-
{
479-
Name: "serving-cert",
480-
MountPath: "/var/run/secrets/serving-cert",
481-
},
482-
},
483-
Command: []string{
484-
"./kube-gateway",
485-
"-api-server=https://kubernetes.default.svc",
486-
"-gateway-listen=https://0.0.0.0:8080",
487-
"-api-server-ca-file=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt",
488-
"-api-server-bearer-token-file=/var/run/secrets/kubernetes.io/serviceaccount/token",
489-
"-gateway-key-file=/var/run/secrets/serving-cert/tls.key",
490-
"-gateway-cert-file=/var/run/secrets/serving-cert/tls.crt",
491-
fmt.Sprintf("-jwt-public-key-name=%s-secret", s.Name),
492-
fmt.Sprintf("-jwt-public-key-namespace=%s", s.Namespace),
493-
"-jwt-request-enable=true",
494-
fmt.Sprintf("-jwt-private-key-name=%s-secret", s.Name),
495-
fmt.Sprintf("-jwt-private-key-namespace=%s", s.Namespace),
496-
},
497-
}},
498-
499-
Volumes: []corev1.Volume{
500-
{
501-
Name: "serving-cert",
502-
VolumeSource: corev1.VolumeSource{
503-
Secret: &corev1.SecretVolumeSource{
504-
SecretName: fmt.Sprintf("%s-secret", s.Name),
505-
},
506-
},
507-
},
508-
},
509-
510-
ServiceAccountName: s.Name,
511-
},
512-
},
513-
},
514-
}
515-
516-
controllerutil.SetControllerReference(s, deployment, r.Scheme)
517-
518-
return deployment, nil
519-
}

controllers/role.go

Lines changed: 50 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,50 @@
1+
package controllers
2+
3+
import (
4+
"strings"
5+
6+
rbacv1 "k8s.io/api/rbac/v1"
7+
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
8+
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
9+
10+
ocgatev1beta1 "github.com/yaacov/oc-gate-operator/api/v1beta1"
11+
)
12+
13+
func (r *GateServerReconciler) role(s *ocgatev1beta1.GateServer) (*rbacv1.Role, error) {
14+
var verbs []string
15+
var resources []string
16+
17+
labels := map[string]string{
18+
"app": s.Name,
19+
}
20+
21+
if s.Spec.AdminRole == "admin" {
22+
verbs = []string{"get", "list", "watch", "create", "delete", "patch", "update"}
23+
} else {
24+
verbs = []string{"get", "list", "watch"}
25+
}
26+
if s.Spec.AdminResources == "" {
27+
resources = []string{"*"}
28+
} else {
29+
resources = strings.Split(s.Spec.AdminResources, ",")
30+
}
31+
32+
role := &rbacv1.Role{
33+
ObjectMeta: metav1.ObjectMeta{
34+
Name: s.Name,
35+
Namespace: s.Namespace,
36+
Labels: labels,
37+
},
38+
Rules: []rbacv1.PolicyRule{
39+
{
40+
APIGroups: []string{"*"},
41+
Resources: resources,
42+
Verbs: verbs,
43+
},
44+
},
45+
}
46+
47+
controllerutil.SetControllerReference(s, role, r.Scheme)
48+
49+
return role, nil
50+
}

0 commit comments

Comments
 (0)