Merge pull request #648 from Kuadrant/separate-controller-deploy

Separate controller deploy
Kuadrant · Nov 9, 2023 · f452cc6 · f452cc6
2 parents 27469a2 + 061b011
commit f452cc6
Show file tree

Hide file tree

Showing 56 changed files with 659 additions and 399 deletions.
diff --git a/.github/workflows/ci-e2e.yaml b/.github/workflows/ci-e2e.yaml
@@ -69,9 +69,9 @@ jobs:
         run: |
           make docker-build-gateway-controller kind-load-gateway-controller docker-build-policy-controller kind-load-policy-controller deploy-gateway-controller
           kubectl --context kind-mgc-control-plane -n multicluster-gateway-controller-system wait --timeout=300s --for=condition=Available deployment/mgc-controller-manager
-          kubectl --context kind-mgc-control-plane -n multicluster-gateway-controller-system wait --timeout=300s --for=condition=Available deployment/mgc-policy-controller-manager
+          kubectl --context kind-mgc-control-plane -n multicluster-gateway-controller-system wait --timeout=300s --for=condition=Available deployment/mgc-policy-controller
           kubectl --context kind-mgc-control-plane logs --all-containers --ignore-errors deployment/mgc-controller-manager -n multicluster-gateway-controller-system
-          kubectl --context kind-mgc-control-plane logs --all-containers --ignore-errors deployment/mgc-policy-controller-manager -n multicluster-gateway-controller-system
+          kubectl --context kind-mgc-control-plane logs --all-containers --ignore-errors deployment/mgc-policy-controller -n multicluster-gateway-controller-system
           kubectl get managedzones -n multi-cluster-gateways mgc-dev-mz-aws -o yaml
           kubectl --context kind-mgc-control-plane -n multi-cluster-gateways wait --timeout=60s --for=condition=Ready managedzone/mgc-dev-mz-aws
           kubectl get managedzones -n multi-cluster-gateways mgc-dev-mz-gcp -o yaml

diff --git a/Makefile b/Makefile
@@ -47,9 +47,17 @@ clean: ## Clean up temporary files.
 	-rm -rf ./tmp
 	-rm -rf ./config/**/charts
 
+.PHONY: gateway-manifests
+gateway-manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
+	$(CONTROLLER_GEN) rbac:roleName=manager-role paths="./pkg/controllers/gateway" output:rbac:artifacts:config=config/rbac
+
+.PHONY: policy-manifests
+policy-manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
+	$(CONTROLLER_GEN) rbac:roleName=policy-role paths="./pkg/controllers/dnshealthcheckprobe" paths="./pkg/controllers/dnspolicy" paths="./pkg/controllers/dnsrecord" paths="./pkg/controllers/managedzone" paths="./pkg/controllers/tlspolicy" output:rbac:dir=config/policy-controller/rbac
+	$(CONTROLLER_GEN) crd paths="./..." output:crd:artifacts:config=config/policy-controller/crd/bases
+
 .PHONY: manifests
-manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
-	$(CONTROLLER_GEN) rbac:roleName=manager-role crd paths="./..." output:crd:artifacts:config=config/crd/bases
+manifests: gateway-manifests policy-manifests
 
 .PHONY: generate
 generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
@@ -117,13 +125,6 @@ ifndef ignore-not-found
   ignore-not-found = false
 endif
 
-.PHONY: install
-install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config.
-	$(KUSTOMIZE) build config/crd | kubectl apply -f -
-
-.PHONY: uninstall
-uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
-	$(KUSTOMIZE) build config/crd | kubectl delete --ignore-not-found=$(ignore-not-found) -f -
 
 .PHONY: deploy-sample-applicationset
 deploy-sample-applicationset:

diff --git a/README.md b/README.md
@@ -43,10 +43,12 @@ When deploying the multicluster gateway controller using the make targets, the f
 1. Build the controller image and load it into the control plane
     ```sh
    kubectl config use-context kind-mgc-control-plane 
-   make kind-load-policy-controller
+   make kind-load-gateway-controller   
+
 
    kubectl config use-context kind-mgc-control-plane 
-   make kind-load-gateway-controller   
+   make kind-load-policy-controller
+   
     ```
 
 1. Deploy the controller(s) to the control plane cluster
@@ -71,11 +73,12 @@ When deploying the multicluster gateway controller using the make targets, the f
 
 1. Run the controller locally:
     ```sh
+
     kubectl config use-context kind-mgc-control-plane 
-    make build-policy-controller install run-policy-controller
+    make build-gateway-controller install run-gateway-controller    
 
     kubectl config use-context kind-mgc-control-plane 
-    make build-gateway-controller install run-gatewway-controller
+    make build-policy-controller install run-policy-controller
     ```
 
 ## 3. Running the agent in the cluster:

diff --git a/bundle/manifests/mgc-dnsrecord-editor-role_rbac.authorization.k8s.io_v1_clusterrole.yaml b/bundle/manifests/mgc-dnsrecord-editor-role_rbac.authorization.k8s.io_v1_clusterrole.yaml
@@ -0,0 +1,24 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  name: mgc-dnsrecord-editor-role
+rules:
+- apiGroups:
+  - kuadrant.io
+  resources:
+  - dnsrecords
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - kuadrant.io
+  resources:
+  - dnsrecords/status
+  verbs:
+  - get
diff --git a/bundle/manifests/mgc-dnsrecord-viewer-role_rbac.authorization.k8s.io_v1_clusterrole.yaml b/bundle/manifests/mgc-dnsrecord-viewer-role_rbac.authorization.k8s.io_v1_clusterrole.yaml
@@ -0,0 +1,20 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  name: mgc-dnsrecord-viewer-role
+rules:
+- apiGroups:
+  - kuadrant.io
+  resources:
+  - dnsrecords
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - kuadrant.io
+  resources:
+  - dnsrecords/status
+  verbs:
+  - get
diff --git a/config/rbac/dnsrecord_editor_role.yaml → ....authorization.k8s.io_v1_clusterrole.yaml b/config/rbac/dnsrecord_editor_role.yaml → ....authorization.k8s.io_v1_clusterrole.yaml
@@ -1,15 +1,15 @@
-# permissions for end users to edit dnsrecords.
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
+  creationTimestamp: null
   labels:
-    app.kubernetes.io/name: clusterrole
-    app.kubernetes.io/instance: dnsrecord-editor-role
     app.kubernetes.io/component: rbac
     app.kubernetes.io/created-by: multicluster-gateway-controller
-    app.kubernetes.io/part-of: multicluster-gateway-controller
+    app.kubernetes.io/instance: dnsrecord-editor-role
     app.kubernetes.io/managed-by: kustomize
-  name: dnsrecord-editor-role
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/part-of: multicluster-gateway-controller
+  name: mgc-kuadrant-dnsrecord-editor-role
 rules:
 - apiGroups:
   - kuadrant.io

diff --git a/config/rbac/dnsrecord_viewer_role.yaml → ....authorization.k8s.io_v1_clusterrole.yaml b/config/rbac/dnsrecord_viewer_role.yaml → ....authorization.k8s.io_v1_clusterrole.yaml
@@ -1,15 +1,15 @@
-# permissions for end users to view dnsrecords.
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
+  creationTimestamp: null
   labels:
-    app.kubernetes.io/name: clusterrole
-    app.kubernetes.io/instance: dnsrecord-viewer-role
     app.kubernetes.io/component: rbac
     app.kubernetes.io/created-by: multicluster-gateway-controller
-    app.kubernetes.io/part-of: multicluster-gateway-controller
+    app.kubernetes.io/instance: dnsrecord-viewer-role
     app.kubernetes.io/managed-by: kustomize
-  name: dnsrecord-viewer-role
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/part-of: multicluster-gateway-controller
+  name: mgc-kuadrant-dnsrecord-viewer-role
 rules:
 - apiGroups:
   - kuadrant.io