From db236e0493ccec643aa23b701290b391388e9b99 Mon Sep 17 00:00:00 2001 From: Mattia Lavacca Date: Fri, 11 Oct 2024 15:56:00 +0200 Subject: [PATCH] chore: impersonate KGO RBACs with make run Signed-off-by: Mattia Lavacca --- .gitignore | 3 +++ Makefile | 25 +++++++++++++++++++++---- 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 0336d5c7d..d110ab1ee 100644 --- a/.gitignore +++ b/.gitignore @@ -29,3 +29,6 @@ go.work.sum # Conformance tests report *-report.yaml + +# Temporary folders +tmp/ diff --git a/Makefile b/Makefile index 5bae84a23..96b40d2d1 100644 --- a/Makefile +++ b/Makefile @@ -497,20 +497,32 @@ webhook-certs-dir: _ensure-kong-system-namespace: @kubectl create ns kong-system 2>/dev/null || true +TMP_DIR=$(shell pwd)/tmp +KUBECONFIG ?= $(HOME)/.kube/config +TMP_KUBECONFIG=$(TMP_DIR)/kubeconfig + +.PHONY: impersonate-kgo +impersonate-kgo: + mkdir -p $(TMP_DIR) + cp $(KUBECONFIG) $(TMP_KUBECONFIG) + KUBECONFIG=$(TMP_KUBECONFIG) kubectl config set-credentials kgo --token=$(shell kubectl create token --namespace=kong-system controller-manager) + KUBECONFIG=$(TMP_KUBECONFIG) kubectl config set-context kgo --cluster=$(shell kubectl config get-contexts | grep '^\*' | tr -s ' ' | cut -d ' ' -f 3) --user=kgo --namespace=kong-system + KUBECONFIG=$(TMP_KUBECONFIG) kubectl config use-context kgo + # Run a controller from your host. # TODO: In order not to rely on 'main' version of Gateway API CRDs address but # on the tag that is used in code (defined in go.mod) address this by solving # https://github.com/Kong/gateway-operator/pull/480. .PHONY: run -run: webhook-certs-dir manifests generate install.all _ensure-kong-system-namespace - @$(MAKE) _run +run: webhook-certs-dir manifests generate install.all _ensure-kong-system-namespace install.rbacs + $(MAKE) _run # Run the operator without checking any preconditions, installing CRDs etc. # This is mostly useful when 'run' was run at least once on a server and CRDs, RBACs # etc didn't change in between the runs. .PHONY: _run -_run: - GATEWAY_OPERATOR_DEVELOPMENT_MODE=true go run ./cmd/main.go \ +_run: impersonate-kgo + KUBECONFIG=$(TMP_KUBECONFIG) GATEWAY_OPERATOR_DEVELOPMENT_MODE=true go run ./cmd/main.go \ --no-leader-election \ -cluster-ca-secret-namespace kong-system \ -enable-controller-kongplugininstallation \ @@ -569,6 +581,11 @@ KUBERNETES_CONFIGURATION_CRDS_CRDS_LOCAL_PATH = $(shell go env GOPATH)/pkg/mod/$ install.kubernetes-configuration-crds: kustomize $(KUSTOMIZE) build $(KUBERNETES_CONFIGURATION_CRDS_CRDS_LOCAL_PATH) | kubectl apply -f - +# Install RBACs from config/rbac into the K8s cluster specified in ~/.kube/config. +.PHONY: install.rbacs +install.rbacs: kustomize + $(KUSTOMIZE) build config/rbac | kubectl apply -f - + # Install standard and experimental CRDs into the K8s cluster specified in ~/.kube/config. .PHONY: install.all install.all: manifests kustomize install-gateway-api-crds install.kubernetes-configuration-crds