diff --git a/Makefile b/Makefile index 8fb86fdd..3b88d94d 100644 --- a/Makefile +++ b/Makefile @@ -498,19 +498,25 @@ _ensure-kong-system-namespace: @kubectl create ns kong-system 2>/dev/null || true # Run a controller from your host. -# TODO: In order not to rely on 'main' version of Gateway API CRDs address but -# on the tag that is used in code (defined in go.mod) address this by solving -# https://github.com/Kong/gateway-operator/pull/480. .PHONY: run -run: webhook-certs-dir manifests generate install.all _ensure-kong-system-namespace +run: webhook-certs-dir manifests generate install.all _ensure-kong-system-namespace install.rbacs @$(MAKE) _run +# Run a controller from your host and make it impersonate the controller-manager service account from kong-system namespace. +.PHONY: run.with_impersonate +run.with_impersonate: webhook-certs-dir manifests generate install.all _ensure-kong-system-namespace install.rbacs + @$(MAKE) _run.with-impersonate + +KUBECONFIG ?= $(HOME)/.kube/config + # Run the operator without checking any preconditions, installing CRDs etc. # This is mostly useful when 'run' was run at least once on a server and CRDs, RBACs # etc didn't change in between the runs. .PHONY: _run _run: - GATEWAY_OPERATOR_DEVELOPMENT_MODE=true go run ./cmd/main.go \ + KUBECONFIG=$(KUBECONFIG) \ + GATEWAY_OPERATOR_DEVELOPMENT_MODE=true \ + go run ./cmd/main.go \ --no-leader-election \ -cluster-ca-secret-namespace kong-system \ -enable-controller-kongplugininstallation \ @@ -520,6 +526,21 @@ _run: -zap-log-level 2 \ -zap-devel true +# Run the operator locally with impersonation of controller-manager service account from kong-system namespace. +# The operator will use a temporary kubeconfig file and impersonate the real RBACs. +.PHONY: _run.with-impersonate +_run.with-impersonate: + @$(eval TMP := $(shell mktemp -d)) + @$(eval TMP_KUBECONFIG := $(TMP)/kubeconfig) + [ ! -z "$(KUBECONFIG)" ] || exit 1 + cp $(KUBECONFIG) $(TMP_KUBECONFIG) + @$(eval TMP_TOKEN := $(shell kubectl create token --namespace=kong-system controller-manager)) + @$(eval CLUSTER := $(shell kubectl config get-contexts | grep '^\*' | tr -s ' ' | cut -d ' ' -f 3)) + KUBECONFIG=$(TMP_KUBECONFIG) kubectl config set-credentials kgo --token=$(TMP_TOKEN) + KUBECONFIG=$(TMP_KUBECONFIG) kubectl config set-context kgo --cluster=$(CLUSTER) --user=kgo --namespace=kong-system + KUBECONFIG=$(TMP_KUBECONFIG) kubectl config use-context kgo + bash -c "trap 'echo deleting temporary kubeconfig $(TMP); rm -rf $(TMP)' EXIT; $(MAKE) _run KUBECONFIG=$(TMP_KUBECONFIG)" + SKAFFOLD_RUN_PROFILE ?= dev .PHONY: _skaffold @@ -569,6 +590,11 @@ KUBERNETES_CONFIGURATION_CRDS_CRDS_LOCAL_PATH = $(shell go env GOPATH)/pkg/mod/$ install.kubernetes-configuration-crds: kustomize $(KUSTOMIZE) build $(KUBERNETES_CONFIGURATION_CRDS_CRDS_LOCAL_PATH) | kubectl apply -f - +# Install RBACs from config/rbac into the K8s cluster specified in ~/.kube/config. +.PHONY: install.rbacs +install.rbacs: kustomize + $(KUSTOMIZE) build config/rbac | kubectl apply -f - + # Install standard and experimental CRDs into the K8s cluster specified in ~/.kube/config. .PHONY: install.all install.all: manifests kustomize install-gateway-api-crds install.kubernetes-configuration-crds