Skip to content

Commit

Permalink
Update chart for managed service account addon (#514)
Browse files Browse the repository at this point in the history 
* Update chart for managed service account addon

Signed-off-by: zhujian <[email protected]>

* Update permission config for managed service account addontemplate

Signed-off-by: zhujian <[email protected]>

---------

Signed-off-by: zhujian <[email protected]>
  • Loading branch information
@zhujian7
zhujian7 authored Sep 25, 2023
1 parent f9ebd3e commit 646f3be
Show file tree
Hide file tree
Showing 9 changed files with 265 additions and 112 deletions.
16 changes: 16 additions & 0 deletions controllers/backplaneconfig_controller_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,7 @@ var _ = Describe("BackplaneConfig controller", func() {
hiveConfig *unstructured.Unstructured
clusterManagementAddon *unstructured.Unstructured
addonTemplate *unstructured.Unstructured
addonDeploymentConfig *unstructured.Unstructured
tests testList
msaTests testList
secondTests testList
Expand Down Expand Up @@ -199,6 +200,13 @@ var _ = Describe("BackplaneConfig controller", func() {
Kind: "AddOnTemplate",
})

addonDeploymentConfig = &unstructured.Unstructured{}
addonDeploymentConfig.SetGroupVersionKind(schema.GroupVersionKind{
Group: "addon.open-cluster-management.io",
Version: "v1alpha1",
Kind: "AddOnDeploymentConfig",
})

tests = testList{
{
Name: BackplaneConfigTestName,
Expand Down Expand Up @@ -311,6 +319,14 @@ var _ = Describe("BackplaneConfig controller", func() {
}

msaTests = testList{
{
Name: "Managed-ServiceAccount Addon Deployment Config",
NamespacedName: types.NamespacedName{
Name: "managed-serviceaccount-addon-deploy-config",
Namespace: DestinationNamespace},
ResourceType: addonDeploymentConfig,
Expected: nil,
},
{
Name: "Managed-ServiceAccount Addon Template",
NamespacedName: types.NamespacedName{Name: "managed-serviceaccount"},
Expand Down
1 change: 1 addition & 0 deletions hack/bundle-automation/charts-config.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,3 +15,4 @@
escape-template-variables:
- "CLUSTER_NAME"
- "HUB_KUBECONFIG"
- "INSTALL_NAMESPACE"
28 changes: 27 additions & 1 deletion hack/bundle-automation/generate-charts.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,26 @@ def parse_image_ref(image_ref):

return parsed_ref


def updateAddOnDeploymentConfig(yamlContent):
yamlContent['metadata']['namespace'] = '{{ .Values.global.namespace }}'


def updateClusterManagementAddOn(yamlContent):
if 'spec' not in yamlContent:
return
if 'supportedConfigs' not in yamlContent['spec']:
return
supportedConfigs = yamlContent['spec']['supportedConfigs']
for config in supportedConfigs:
if 'defaultConfig' not in config:
continue
defaultConfig = config['defaultConfig']
if 'namespace' not in defaultConfig:
continue
defaultConfig['namespace'] = '{{ .Values.global.namespace }}'


def updateServiceAccount(yamlContent):
yamlContent['metadata'].pop('namespace')

Expand Down Expand Up @@ -95,7 +115,13 @@ def updateResources(outputDir, repo, chart):
with open(filePath, 'r') as f:
yamlContent = yaml.safe_load(f)
kind = yamlContent["kind"]
if kind == "ServiceAccount":
if kind == "AddOnDeploymentConfig":
logging.info(" Updating AddOnDeploymentConfig!")
updateAddOnDeploymentConfig(yamlContent)
elif kind == "ClusterManagementAddOn":
logging.info(" Updating ClusterManagementAddOn!")
updateClusterManagementAddOn(yamlContent)
elif kind == "ServiceAccount":
logging.info(" Updating ServiceAccount!")
updateServiceAccount(yamlContent)
elif kind == "ClusterRoleBinding":
Expand Down
226 changes: 153 additions & 73 deletions hack/unit-test-crds/addondeploymentconfigs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,85 +10,165 @@ spec:
listKind: AddOnDeploymentConfigList
plural: addondeploymentconfigs
singular: addondeploymentconfig
scope: Namespaced
preserveUnknownFields: false
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: AddOnDeploymentConfig represents a deployment configuration for an add-on.
type: object
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec represents a desired configuration for an add-on.
type: object
properties:
customizedVariables:
description: CustomizedVariables is a list of name-value variables for the current add-on deployment. The add-on implementation can use these variables to render its add-on deployment. The default is an empty list.
type: array
items:
description: CustomizedVariable represents a customized variable for add-on deployment.
type: object
required:
- name
properties:
name:
description: Name of this variable.
type: string
maxLength: 255
pattern: ^[a-zA-Z_][_a-zA-Z0-9]*$
value:
description: Value of this variable.
type: string
maxLength: 1024
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
nodePlacement:
description: NodePlacement enables explicit control over the scheduling of the add-on agents on the managed cluster. All add-on agent pods are expected to comply with this node placement. If the placement is nil, the placement is not specified, it will be omitted. If the placement is an empty object, the placement will match all nodes and tolerate nothing.
type: object
- name: v1alpha1
schema:
openAPIV3Schema:
description: AddOnDeploymentConfig represents a deployment configuration for
an add-on.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: spec represents a desired configuration for an add-on.
properties:
agentInstallNamespace:
default: open-cluster-management-agent-addon
description: AgentInstallNamespace is the namespace where the add-on
agent should be installed on the managed cluster.
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
customizedVariables:
description: CustomizedVariables is a list of name-value variables
for the current add-on deployment. The add-on implementation can
use these variables to render its add-on deployment. The default
is an empty list.
items:
description: CustomizedVariable represents a customized variable
for add-on deployment.
properties:
nodeSelector:
description: NodeSelector defines which Nodes the Pods are scheduled on. If the selector is an empty list, it will match all nodes. The default is an empty list.
name:
description: Name of this variable.
maxLength: 255
pattern: ^[a-zA-Z_][_a-zA-Z0-9]*$
type: string
value:
description: Value of this variable.
maxLength: 1024
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
nodePlacement:
description: NodePlacement enables explicit control over the scheduling
of the add-on agents on the managed cluster. All add-on agent pods
are expected to comply with this node placement. If the placement
is nil, the placement is not specified, it will be omitted. If the
placement is an empty object, the placement will match all nodes
and tolerate nothing.
properties:
nodeSelector:
additionalProperties:
type: string
description: NodeSelector defines which Nodes the Pods are scheduled
on. If the selector is an empty list, it will match all nodes.
The default is an empty list.
type: object
tolerations:
description: Tolerations is attached by pods to tolerate any taint
that matches the triple <key,value,effect> using the matching
operator <operator>. If the tolerations is an empty list, it
will tolerate nothing. The default is an empty list.
items:
description: The pod this Toleration is attached to tolerates
any taint that matches the triple <key,value,effect> using
the matching operator <operator>.
properties:
effect:
description: Effect indicates the taint effect to match.
Empty means match all taint effects. When specified, allowed
values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: Key is the taint key that the toleration applies
to. Empty means match all taint keys. If the key is empty,
operator must be Exists; this combination means to match
all values and all keys.
type: string
operator:
description: Operator represents a key's relationship to
the value. Valid operators are Exists and Equal. Defaults
to Equal. Exists is equivalent to wildcard for value,
so that a pod can tolerate all taints of a particular
category.
type: string
tolerationSeconds:
description: TolerationSeconds represents the period of
time the toleration (which must be of effect NoExecute,
otherwise this field is ignored) tolerates the taint.
By default, it is not set, which means tolerate the taint
forever (do not evict). Zero and negative values will
be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
description: Value is the taint value the toleration matches
to. If the operator is Exists, the value should be empty,
otherwise just a regular string.
type: string
type: object
additionalProperties:
type: string
tolerations:
description: Tolerations is attached by pods to tolerate any taint that matches the triple <key,value,effect> using the matching operator <operator>. If the tolerations is an empty list, it will tolerate nothing. The default is an empty list.
type: array
items:
description: The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.
type: object
properties:
effect:
description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.
type: string
operator:
description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
type: string
tolerationSeconds:
description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
type: integer
format: int64
value:
description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.
type: string
served: true
storage: true
type: array
type: object
proxyConfig:
description: ProxyConfig holds proxy settings for add-on agent on
the managed cluster. Empty means no proxy settings is available.
properties:
httpProxy:
description: HTTPProxy is the URL of the proxy for HTTP requests
type: string
httpsProxy:
description: HTTPSProxy is the URL of the proxy for HTTPS requests
type: string
noProxy:
description: NoProxy is a comma-separated list of hostnames and/or
CIDRs and/or IPs for which the proxy should not be used.
type: string
type: object
registries:
description: "Registries describes how to override images used by
the addon agent on the managed cluster. the following example will
override image \"quay.io/open-cluster-management/addon-agent\" to
\"quay.io/ocm/addon-agent\" when deploying the addon agent \n registries:
- source: quay.io/open-cluster-management/addon-agent mirror: quay.io/ocm/addon-agent"
items:
description: ImageMirror describes how to mirror images from a source
properties:
mirror:
description: Mirror is the mirrored registry of the Source.
Will be ignored if Mirror is empty.
type: string
source:
description: Source is the source registry. All image registries
will be replaced by Mirror if Source is empty.
type: string
required:
- mirror
type: object
type: array
type: object
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
storedVersions: []
Loading

0 comments on commit 646f3be

Please sign in to comment.