Skip to content
This repository was archived by the owner on Mar 16, 2022. It is now read-only.

Commit 16cde65

Browse files
jroperjroper
committed
Operator improvements
* Operator can now watch all namespaces * Operator is configured by a configmap * Fixed roles/rolebindings
1 parent d3a4017 commit 16cde65

19 files changed

+479
-236
lines changed

build.sbt

Lines changed: 15 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -72,6 +72,8 @@ lazy val root = (project in file("."))
7272

7373
lazy val proxyDockerBuild = settingKey[Option[(String, String)]]("Docker artifact name and configuration file which gets overridden by the buildProxy command")
7474

75+
val dockerTagVersion = !sys.props.get("docker.tag.version").forall(_ == "false")
76+
7577
def dockerSettings: Seq[Setting[_]] = Seq(
7678
proxyDockerBuild := None,
7779

@@ -90,7 +92,7 @@ def dockerSettings: Seq[Setting[_]] = Seq(
9092
val single = dockerAlias.value
9193
// So basically, by default we *just* publish latest, but if -Ddocker.tag.version is passed,
9294
// we publish both latest and a tag for the version.
93-
if (!sys.props.get("docker.tag.version").forall(_ == "false")) {
95+
if (dockerTagVersion) {
9496
old
9597
} else {
9698
Seq(single.withTag(Some("latest")))
@@ -369,10 +371,11 @@ lazy val operator = (project in file("operator"))
369371
dockerExposedPorts := Nil,
370372
compileK8sDescriptors := doCompileK8sDescriptors(
371373
baseDirectory.value / "deploy",
372-
baseDirectory.value / "cloudstate.yaml",
374+
baseDirectory.value,
373375
dockerRepository.value,
374376
dockerUsername.value,
375-
version.value
377+
version.value,
378+
streams.value
376379
)
377380
)
378381

@@ -447,19 +450,25 @@ lazy val `tck` = (project in file("tck"))
447450
executeTests in Test := (executeTests in Test).dependsOn(`proxy-core`/assembly).value
448451
)
449452

450-
def doCompileK8sDescriptors(dir: File, target: File, registry: Option[String], username: Option[String], version: String): File = {
453+
def doCompileK8sDescriptors(dir: File, targetDir: File, registry: Option[String], username: Option[String], version: String, streams: TaskStreams): File = {
454+
455+
val targetFileName = if (dockerTagVersion) s"cloudstate-$version.yaml" else "cloudstate.yaml"
456+
val target = targetDir / targetFileName
457+
451458
val files = ((dir / "crds") * "*.yaml").get ++
452459
(dir * "*.yaml").get.sortBy(_.getName)
453460

454461
val fullDescriptor = files.map(IO.read(_)).mkString("\n---\n")
455462

456463
val user = username.getOrElse("cloudstateio")
457464
val registryAndUsername = registry.fold(user)(r => s"$r/$user")
465+
val tag = if (dockerTagVersion) version else "latest"
458466
val substitutedDescriptor = fullDescriptor.replaceAll(
459-
"image: cloudstateio/(.*):latest",
460-
s"image: $registryAndUsername/$$1:$version"
467+
"cloudstateio/(cloudstate-.*):latest",
468+
s"$registryAndUsername/$$1:$tag"
461469
)
462470

463471
IO.write(target, substitutedDescriptor)
472+
streams.log.info("Generated YAML descriptor in " + target)
464473
target
465474
}

operator/cloudstate.yaml

Lines changed: 89 additions & 73 deletions
Original file line numberDiff line numberDiff line change
@@ -32,8 +32,6 @@ spec:
3232
plural: journals
3333
singular: journal
3434
kind: Journal
35-
shortNames:
36-
- esj
3735
subresources:
3836
status: {}
3937
additionalPrinterColumns:
@@ -48,29 +46,38 @@ spec:
4846
- name: Age
4947
type: date
5048
JSONPath: .metadata.creationTimestamp
51-
validation:
52-
openAPIV3Schema:
53-
properties:
54-
spec:
55-
type: object
56-
properties:
5749

58-
type:
59-
type: string
60-
enum:
61-
- Cassandra
6250

63-
deployment:
64-
type: string
65-
enum:
66-
- Unmanaged
51+
---
52+
apiVersion: v1
53+
kind: ServiceAccount
54+
metadata:
55+
name: cloudstate-operator
56+
---
57+
apiVersion: v1
58+
kind: ConfigMap
59+
metadata:
60+
name: cloudstate-operator-config
61+
data:
62+
config: |
63+
cloudstate.operator {
64+
# Watch configuration
65+
watch {
6766
68-
config:
69-
type: object
67+
# This should be a list of namespaces to watch. Either should contain a single "*" to watch all namespaces
68+
# (this is configured in more detail below), or should be a list of namespaces.
69+
namespaces = ["*"]
70+
}
7071
71-
required:
72-
- type
73-
- deployment
72+
# Proxy configuration
73+
proxy {
74+
image {
75+
cassandra = "cloudstateio/cloudstate-proxy-cassandra:latest"
76+
no-journal = "cloudstateio/cloudstate-proxy-no-journal:latest"
77+
in-memory = "cloudstateio/cloudstate-proxy-in-memory:latest"
78+
}
79+
}
80+
}
7481
7582
7683
---
@@ -79,46 +86,42 @@ kind: ClusterRole
7986
metadata:
8087
name: cloudstate-operator-role
8188
rules:
82-
- apiGroups:
83-
- rbac.authorization.k8s.io
84-
resources:
85-
- rolebindings
86-
verbs:
87-
- get
88-
- create
89-
- delete
90-
- patch
91-
- update
92-
- apiGroups:
93-
- rbac.authorization.k8s.io
94-
resources:
95-
- roles
96-
verbs:
97-
- get
98-
- create
99-
- delete
100-
- patch
101-
- update
102-
- apiGroups:
103-
- cloudstate.io
104-
resources:
105-
- eventsourcedjournals
106-
verbs:
107-
- get
108-
- list
109-
- watch
110-
- apiGroups:
111-
- cloudstate.io
112-
resources:
113-
- eventsourcedjournals/status
114-
verbs:
115-
- get
116-
- list
117-
- watch
118-
- create
119-
- delete
120-
- patch
121-
- update
89+
90+
- apiGroups: [""]
91+
resources: ["namespaces"]
92+
verbs: ["get", "list", "watch"]
93+
94+
- apiGroups: [""]
95+
resources: ["services"]
96+
verbs: ["get", "create", "delete", "patch", "update"]
97+
98+
- apiGroups: ["apps"]
99+
resources: ["deployments", "deployments/scale"]
100+
verbs: ["get", "create", "delete", "patch", "update", "watch"]
101+
102+
- apiGroups: ["rbac.authorization.k8s.io"]
103+
resources: ["rolebindings", "roles"]
104+
verbs: ["get", "create", "delete", "patch", "update"]
105+
106+
- apiGroups: ["cloudstate.io"]
107+
resources: ["journals", "statefulservices"]
108+
verbs: ["get", "list", "watch"]
109+
110+
- apiGroups: ["cloudstate.io"]
111+
resources: ["journals/status", "statefulservices/status"]
112+
verbs: ["update", "patch"]
113+
114+
---
115+
116+
apiVersion: rbac.authorization.k8s.io/v1beta1
117+
kind: Role
118+
metadata:
119+
name: cloudstate-operator-role
120+
rules:
121+
- apiGroups: [""]
122+
resources: ["configmaps"]
123+
verbs: ["get", "watch"]
124+
resourceNames: ["cloudstate-operator-config"]
122125

123126
---
124127
apiVersion: rbac.authorization.k8s.io/v1beta1
@@ -127,11 +130,27 @@ metadata:
127130
name: cloudstate-operator
128131
subjects:
129132
- kind: ServiceAccount
130-
name: controller
133+
name: cloudstate-operator
134+
namespace: cloudstate
131135
roleRef:
132136
kind: ClusterRole
133137
name: cloudstate-operator-role
134138
apiGroup: rbac.authorization.k8s.io
139+
140+
---
141+
142+
apiVersion: rbac.authorization.k8s.io/v1beta1
143+
kind: RoleBinding
144+
metadata:
145+
name: cloudstate-operator
146+
subjects:
147+
- kind: ServiceAccount
148+
name: cloudstate-operator
149+
roleRef:
150+
kind: Role
151+
name: cloudstate-operator-role
152+
apiGroup: rbac.authorization.k8s.io
153+
135154
---
136155
apiVersion: apps/v1
137156
kind: Deployment
@@ -151,27 +170,24 @@ spec:
151170
annotations:
152171
sidecar.istio.io/inject: "false"
153172
spec:
154-
serviceAccountName: controller
173+
serviceAccountName: cloudstate-operator
155174
containers:
156175
- name: operator
157176
image: cloudstateio/cloudstate-operator:latest
158177

159178
env:
160-
- name: NAMESPACES
161-
# Update to comma separated list of namespaces to watch
162-
value: default
163-
- name: CASSANDRA_JOURNAL_IMAGE
164-
value: cloudstateio/cloudstate-proxy-cassandra:latest
165-
- name: IN_MEMORY_JOURNAL_IMAGE
166-
value: cloudstateio/cloudstate-proxy-in-memory:latest
167-
- name: NO_JOURNAL_IMAGE
168-
value: cloudstateio/cloudstate-proxy-no-journal:latest
169179
- name: JAVA_OPTS
170180
value: "-Xms128m -Xmx128m"
181+
- name: NAMESPACE
182+
valueFrom:
183+
fieldRef:
184+
fieldPath: "metadata.namespace"
185+
- name: CONFIG_MAP
186+
value: cloudstate-operator-config
171187

172188
resources:
173189
limits:
174190
memory: 256Mi
175191
requests:
176-
cpu: 0.25
192+
cpu: 0.1
177193
memory: 256Mi

operator/deploy/01-service-account.yaml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
apiVersion: v1
2+
kind: ServiceAccount
3+
metadata:
4+
name: cloudstate-operator

operator/deploy/02-operator-config.yaml

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
apiVersion: v1
2+
kind: ConfigMap
3+
metadata:
4+
name: cloudstate-operator-config
5+
data:
6+
config: |
7+
cloudstate.operator {
8+
# Watch configuration
9+
watch {
10+
11+
# This should be a list of namespaces to watch. Either should contain a single "*" to watch all namespaces
12+
# (this is configured in more detail below), or should be a list of namespaces.
13+
namespaces = ["*"]
14+
}
15+
16+
# Proxy configuration
17+
proxy {
18+
image {
19+
cassandra = "cloudstateio/cloudstate-proxy-cassandra:latest"
20+
no-journal = "cloudstateio/cloudstate-proxy-no-journal:latest"
21+
in-memory = "cloudstateio/cloudstate-proxy-in-memory:latest"
22+
}
23+
}
24+
}
25+

operator/deploy/02-role.yaml

Lines changed: 0 additions & 45 deletions
This file was deleted.

operator/deploy/03-role-binding.yaml

Lines changed: 0 additions & 11 deletions
This file was deleted.

0 commit comments

Comments
 (0)