diff --git a/.reuse/dep5 b/.reuse/dep5 index 851edc27..75f55a5d 100644 --- a/.reuse/dep5 +++ b/.reuse/dep5 @@ -10,6 +10,7 @@ Comment: # source code Files: .gitignore + .github .golangci.yaml .test-defs CODEOWNERS @@ -20,6 +21,8 @@ Files: charts/gardener-extension-shoot-rsyslog-relp/templates/_helpers.tpl charts/gardener-extension-shoot-rsyslog-relp-admission/.helmignore charts/gardener-extension-shoot-rsyslog-relp-admission/templates/_helpers.tpl + example/extension/.gitignore + example/extension/extension-config-patch.yaml.tmpl example/local/charts/rsyslog-relp-echo-server/.helmignore example/controller-registration.yaml hack/api-reference/*.json diff --git a/Dockerfile b/Dockerfile index fc0616b6..d2f3a047 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,7 +15,6 @@ RUN go mod download COPY . . ARG EFFECTIVE_VERSION -ARG TARGETARCH RUN make install EFFECTIVE_VERSION=$EFFECTIVE_VERSION diff --git a/Makefile b/Makefile index afceb302..2e0154b3 100644 --- a/Makefile +++ b/Makefile @@ -18,6 +18,15 @@ ECHO_SERVER_VERSION := v0.1.0 IMAGE_TAG := $(EFFECTIVE_VERSION) LD_FLAGS := "-w $(shell EFFECTIVE_VERSION=$(EFFECTIVE_VERSION) bash $(GARDENER_HACK_DIR)/get-build-ld-flags.sh k8s.io/component-base $(REPO_ROOT)/VERSION $(EXTENSION_PREFIX)-$(NAME))" PARALLEL_E2E_TESTS := 2 +GARDENER_REPO_ROOT ?= $(REPO_ROOT)/../gardener +SEED_NAME := provider-extensions +SEED_KUBECONFIG := $(GARDENER_REPO_ROOT)/example/provider-extensions/seed/kubeconfig +SHOOT_NAME ?= local +SHOOT_NAMESPACE ?= garden-local + +ifneq ($(SEED_NAME),provider-extensions) + SEED_KUBECONFIG := $(GARDENER_REPO_ROOT)/example/provider-extensions/seed/kubeconfig-$(SEED_NAME) +endif ifndef ARTIFACTS export ARTIFACTS=/tmp/artifacts @@ -142,3 +151,14 @@ extension-dev: $(SKAFFOLD) $(HELM) $(KUBECTL) $(KIND) extension-down: $(SKAFFOLD) $(HELM) $(KUBECTL) $(SKAFFOLD) delete + +remote-extension-up remote-extension-down: export SKAFFOLD_LABEL = skaffold.dev/run-id=extension-remote + +remote-extension-up: $(SKAFFOLD) $(HELM) $(KUBECTL) $(YQ) + @LD_FLAGS=$(LD_FLAGS) ./hack/remote-extension-up.sh --path-seed-kubeconfig $(SEED_KUBECONFIG) + +remote-extension-down: $(SKAFFOLD) $(HELM) $(KUBECTL) + $(SKAFFOLD) delete -m admission,extension + +configure-shoot: $(HELM) $(KUBECTL) $(YQ) + @./hack/configure-shoot.sh --shoot-name $(SHOOT_NAME) --shoot-namespace $(SHOOT_NAMESPACE) --echo-server-image "$(ECHO_SERVER_IMAGE):$(ECHO_SERVER_VERSION)" \ No newline at end of file diff --git a/charts/gardener-extension-shoot-rsyslog-relp/doc.go b/charts/gardener-extension-shoot-rsyslog-relp/doc.go index 6e8a56aa..720b70cb 100644 --- a/charts/gardener-extension-shoot-rsyslog-relp/doc.go +++ b/charts/gardener-extension-shoot-rsyslog-relp/doc.go @@ -2,7 +2,7 @@ // // SPDX-License-Identifier: Apache-2.0 -//go:generate sh -c "bash $GARDENER_HACK_DIR/generate-controller-registration.sh shoot-rsyslog-relp . $(cat ../../VERSION) ../../example/controller-registration.yaml Extension:shoot-rsyslog-relp" +//go:generate sh -c "bash $GARDENER_HACK_DIR/generate-controller-registration.sh extension-shoot-rsyslog-relp . $(cat ../../VERSION) ../../example/controller-registration.yaml Extension:shoot-rsyslog-relp" // Package chart enables go:generate support for generating the correct controller registration. package chart diff --git a/docs/development/getting-started-remotely.md b/docs/development/getting-started-remotely.md new file mode 100644 index 00000000..27cbca25 --- /dev/null +++ b/docs/development/getting-started-remotely.md @@ -0,0 +1,65 @@ +--- +title: Deploying Rsyslog Relp Extension Remotely +description: Learn how to set up a development environment using own Seed clusters on an existing Kubernetes cluster +--- + +# Deploying Rsyslog Relp Extension Remotely + +This document will walk you through running the Rsyslog Relp extension controller on a remote seed cluster and the rsyslog relp admission component in your local garden cluster for development purposes. This guide uses Gardener's [setup with provider extensions](https://github.com/gardener/gardener/blob/master/docs/deployment/getting_started_locally_with_extensions.md) and builds on top of it. + +If you encounter difficulties, please open an issue so that we can make this process easier. + +## Prerequisites + +- Make sure that you have a running Gardener setup with provider extensions. The steps to complete this can be found in the [Deploying Gardener Locally and Enabling Provider-Extensions](https://github.com/gardener/gardener/blob/master/docs/deployment/getting_started_locally_with_extensions.md) guide. +- Make sure you are running Gardener version `>= 1.95.0` or the latest version of the master branch. + +## Setting up the Rsyslog Relp Extension + +**Important:** Make sure that your `KUBECONFIG` env variable is targeting the local Gardener cluster! + +The location of the Gardener project from the Gardener setup is expected to be under the same root as this repository (e.g. ~/go/src/github.com/gardener/). If this is not the case, the location of Gardener project should be specified in `GARDENER_REPO_ROOT` environment variable: + +```bash +export GARDENER_REPO_ROOT="" +``` + +Then you can run: + + ```bash +make remote-extension-up +``` + +In case you have added additional Seeds you can specify the seed name: + +```bash +make remote-extension-up SEED_NAME= +``` + +## Creating a Shoot Cluster + +Once the above step is completed, you can create a Shoot cluster. In order to create a Shoot cluster, please create your own `Shoot` definition depending on providers on your `Seed` cluster. + +## Configuring the Shoot Cluster and deploying the Rsyslog Relp Echo Server + +To be able to properly test the rsyslog relp extension you need a running rsyslog relp echo server to which logs from the Shoot nodes can be sent. To deploy the server and configure the rsyslog relp extension on your Shoot cluster you can run: + +```bash +make configure-shoot SHOOT_NAME= SHOOT_NAMESPACE= +``` + +This command will deploy an rsyslog relp echo server in your Shoot cluster in the `rsyslog-relp-echo-server` namespace. +It will also add configuration for the `shoot-rsyslog-relp` extension to your `Shoot` spec by patching it with `./example/extension/----extension-config-patch.yaml`. This file is automatically copied from `extension-config-patch.yaml.tmpl` in the same directory when you run `make configure-shoot` for the first time. The file also includes explanations of the properties you should set or change. +The command will also deploy the `rsyslog-relp-tls` secret in case you wish to enable tls. + + + +## Tearing Down the Development Environment + +To tear down the development environment, delete the Shoot cluster or disable the `shoot-rsyslog-relp` extension in the Shoot's specification. When the extension is not used by the Shoot anymore, you can run: + +```bash +make remote-extension-down +``` + +The make target will delete the ControllerDeployment and ControllerRegistration of the extension, and the `shoot-rsyslog-relp` admission helm deployment. \ No newline at end of file diff --git a/example/controller-registration.yaml b/example/controller-registration.yaml index 85f7e5c6..5de53760 100644 --- a/example/controller-registration.yaml +++ b/example/controller-registration.yaml @@ -2,23 +2,23 @@ apiVersion: core.gardener.cloud/v1beta1 kind: ControllerDeployment metadata: - name: shoot-rsyslog-relp + name: extension-shoot-rsyslog-relp type: helm providerConfig: - chart: H4sIAAAAAAAAA+0da2/bOLKf9St46gJtF5X8ThYGekA28bbBtomRZHN3OBwCWmJsXiRRR0pO3cf99huSkqyHHctpz0m6GhSOTZHD4XBmOBwO1SnmLgkIt8jHiASCssASM8Yii4uF8NjU4sQLW8++CdoA+4OB+gtQ/qu+d3r9TnfQ3duT5Z39Tn/vGRp8W7f1IBYR5gg94zDou+ptev5EYVpr/u0Z8Xw6DRgn9+hDTvBev792/mHai/Pf7fTavWeo/d1HuwL+5PP/HI1xFBEeCBQxpKcY3c5IgCYx9VwaTFGInRs8JcI2nqOLGRVIxGHIeARfQCw8NPXYBPk4cmZQ+zUCgcERnRNoF81y5ThwAUFApvCUBehlyMk1/UhcdEuh3l9e2eg08BaIBaqlJAmFhCOPBsQ27KPzq/MIaAMUh8z3AcHl4TlyKReGPaVRS31q8g178om31GdaMJu25Ef6U8yD1hLRBMYXh+iaekQYP9viNoTPCb6Bz8iH7/+FqpeYUxYLdHw0gg5Dzv5NnMiwqUtwS9eDIsOeC4e5pGU89KzWh3r6fzjDPLIX2Pfu08cm/Qe9L+t/e7/b6P8uAIf0knA570M07xg4DLOfZsdum4ZLhMNpGKmiA/QOFgLkSHFA14yjaEbQ20SE0JkWGXQGIoNGqTypeudSpsCCBNgnQ1RL6Ix5SkjbBkqekE49Jain/y5z7Cm7bx+b9H9vv1/SfzAJnUb/dwGtFjofH/3d+g1Wv0MWLmDJnEUXIAxDBLPQQ+cHY3Q+QqDCOFA/8DUslBRHBDnMD3GwkAv70gY4LIg4ncSwVguj1TJS/O+pA+JFrGOoFtFrSjhYE/AsZsTqgnJDvSkbTiUKiVrMkOUgc4Lhy09vD86ORiejs6t3B4e/Xx0dn7XSepbqjXkeyC8nUyoirpwLG5pVpRjZ6KeXDo6Qbbfg3+Xo7Pz49ORV8pN8xH7okdY6lHLxWxq1YRW9KQcB3pRylhITSQI8Aa8CFcamvSdlFpNC6WVJS+owzsGvQEsaUIEGI8xj/y4WsZ7+RwR4A8SLe+0Et97/dTsdMBfN/m8HsO38X4HLD265sKOwti+4yf53er3S/Pf6e83+byfw+bOFXNiIwa7L9Ah2Ccw3mCCQA+qayPr61bhLMCzdxErbGBIdgfVANnzooTVQA7bVf8cDhSEcVidSez+4Qf+7+/vl+E+/395v9H8X8Pz/6P49N57Xc/4syzLyG1E+wY6N42jGOP2kXZ+bX4RNWQu2qDc0cIfoUMvhGcih4ZMIuzjCQwMhvcHMhFnYqYDbjsdid/j5M7IvsRcTYQvC50DYCbRAYK4Q8vCEeEJiQQg2wvZNPCE8ICD2suu1W9e7UK5CRAMQucABZLIlbJYJFsRO2/AYHMahYUFD+pazOFQEWeuHBE85ESzmDkmqJjoq4AfsoSdJ6ZRE6q8H/qT6citDc9WOsOtTITsquJ6a/9W+/DhS/ustmYDZuIH5v6bTWDeqR4D8Focwf0QTz0n6NVxNYEbBRkb4OABv2c1Ki/SYP5tV5Ka5gp9qUD4O74tAio4AeS9TUHdKtpj7ZdXSzxYIXRTXn5KwPDm1RioIzF9Uh08OY9ylwd3SpVSjhC0nIJv45oMXA5YIxNOGrRVhAv74K4h2OA6JnmXNtpAzMCozEguljrWZlqMtJ9JLVrqg7JGMYV+cHp2+5NccB59uyKshOiM+mxPYBFIBJhaUFx3EU9BiaYX79golDZUwlgcCU0yuY09UpmANzd+0/k/AEEvWbnQDNqz/nW63HP8d7Hcb/38n8AOs/79qOfzB3AAY2Bm5llSkqn8HX6BW1S36Fi6IeCJPuJQjojGf6woHjsPiIMqQb8mIbCWsjloVQ62H1og/F2xt/1NfyKI++FZzEBLGLVi7+C2n0eo94Sb73x6U4j+9dq/bxP93Ao/G/svIEb3OLIeSrkslXaepcEkTUjqvTKyeEsoPOFyxBmxjoFbLdD2z9VgWjnT0aijiqqiZQ/TFyHW3kslfEPAU5gn1Jbo0oNfE835M2Nb+uyT02MIH+aifDnK3/e+097rl859+t4n/7QYejf3PG3a5u126+keZyH2jea9pyMsrkUoaO0t32hoPDgIW6SCXtvfrglIt3XyIzIjHxMzb00eyYMg2M5h2C88xBYpgeqOFpf08e+2wokUI+JYH1YYIiTNUIYk5lVS+owKEYPGe+lQKk3oSetTBQpORDCApPJSbCk2NUIdJjGu2qPzB9zk+fUdO3YdXqSVMqMvJo8JXFgsJIObOjYj91pIuzV3VBw0cL3aJzIekwIKf7IukB/tX6HkscyjNSktle81XyIbVWsxwd7AH+JfDqulLVQhcOvfLDle6RPUpr7NfuHsgmbasGBnwn1NH2DrP4lzG8WQuRW5sy0ienF0d6cuUcXUlmZ0BVXKyk3aj8ja+fjXXUecV5PS7Sur99FoCVL9l/EZG6tZrM7Ow5+mVX1iyFws4KQkBIiMntPr9Hphlz2O3xF2FuYqPg0JTP4dny/YuqFChRWpg9IRRBuKzOPSwECdFnoLfAkpqDdrtpLIoRC5O7jsD0tZhCm2yCbbutwZpUOpQMIWqpFJlHHvemIGNXBQqh1lxQUb4NCd+FrISe/GmRSKnVXDpcoak0MCj18RZOB6xfPxRNndizmHthVbyh0ySfpOjY7kCCDtrai+bnS8CR+RJlH3oNdFiIdEHRdbSbq7DrZucpi0OsgZl3KWMBIu6b3K2akWOg13GkBxlJayzMpfhzR1bv7Wtk9m3pOnIjy2ppneuqYyMtX3ZhA+Gtxkd4auwzQjm0YTgaNthLRvCrJJbCyw+dILBZkixcNfKRNbOVu2Ok2bnulW5l0yTktzfPNbMRCTPym0TI23JYwkLu/LUT7wZrrfi5eF50Wx9W/28zFGPzoEiIcacTchS78CfiqLwLYnyRUjdhxiilkb1qfhILTkb+5MgYLWWRufdxcU494AGNKLYOyIeXiTMHaJOO6vBQe7p1rTKVoudkDrIKpBgnjdh2sS+Hx0cjc6uRu9HhxfHpydXJwcfRufjg8NRDu9c0vMbLOXFocB2w3OTUHqlfKzGmbpxdqYUFQLO/ji5OP4w2l3HW/pwKZ3HHw7eji6BS6dnV6eXo7O/nR1fVGiFmVUZpLnwUGtlvKhATcHVqRDIixskDbnzSZCYiP1DJtFWW3xBoJn+MvLUaZc7KvU9Z17skw9yPRdVYSlkqGm7meOAL1tp9ldWxVw1KfryQtIQSV/xW6dlgz+9hrzKJNWjr8AszaqKz3IXj5w0nJqX3PI4qlEiu8JqINkXRfG30A1ZDNEq70ODtjzV51sxflu23zHi7xI/TsEl1zj2og/MBcz9bjs3tgcKsm4b/1u5E93Qx6b838F+Of930Ov0m/jfLuBRxv9qHezUM0V1An4p3pxED9EXK4mm5dIS8j3kTtWTdqU97LyDvXCGOwpNfjhJdtzjOE/ZVv9D5rpU8FhdCJzE7pRsPgjYdP7b65Xzf/bge6P/u4BHqf+hCmwsTwDGzD3KhO5XJXS7OQp4JCH6NPTl449/BEmY3oO6nUceLk98NkF88IUOpbxwgsy/vkEdu7tntU1kH+JQnzhQwPc7oE5kwH5Lo8v8Pj8O9D5zAbIwAsqkJKRhsQPvFi/EgYwV5s5XHlqzngZsa/+3uviRwCb7328PSva/u7/f5P/sBB6l/a+R/7nm4sfTWQPkG3VsMdN7/Ae8V7KLPPzt+kjL1SzoZ7Ui+NYqJmbx5yLxuex8cCYeWgkfEO5j/2sn/iew2f8vv/+h32v8/93AU7b/6xP/m2XgO98rKFwo2IrI5ibBo4Zt7X8yD1ttATbY/241/tvr7zf5nzuBR2n/MyufmIpdWfhK+l6d3KlrznwLanmuFTGVmCGG6MU/P5shZxFzmGcOzYvDsfnalM/MfFbBHVkbX//1YjsKVP4WIa6lc9wskGrwbIWVpFAVCCvTUcqMeF0mfRtiMk5baWQq6TUXmoLOzeKiVTgIh141UnMrNoTMtdQanfW8THIBNlCZeVq4Hv1DLOhpbFAn5Cb3/47HlcjgA+YXa9Er51XflbuZnt8mdVS/lcSTVfk8qeAOEchtMdk6xZkmVGl1W416Y3ZWsR9ZovVtvBlTpuIPbfoV3HP9x9p5q+cGbDr/3dsvx/8G7UGz/9sJPIn1P90qPOWN3rZmE7ZjTOUCFXlwwW4IcOgae4J8jxPkbfV/HuKt3wO8Kf4jn5Xi/3vN+x92A49G/0vegZQz7Rm4pVu/ptQM4YBDB85gFhYyE4sB1SIKD8fMPUjqwSK/E8ORemIrRpL6rPmM/WKZtjbZHQNVSNO0PWv5QF9fePHzi+RI1qfBgfbwcxeOwliRycl/YsqJi8z1tNhLBDa0Q1Rkzcw7hlBulkt59InP+OJeBOim96EhaanIKHh92i3LsnBX3TJc5ufkbhreLwFQHlSrk4X8pOoSnfOXaykHlK9sL+vt8OJ1Pfs/1yTf8wXwm+z/YFD9/x/67cb+7wIejf1P7kORmLOQWC5zbmBjH95MbZfMW5mUJv/zQiuMJ6AzWfkyLRV2KBXxHSrXJTLC3FWq4+sTFo3BoEhlN3JaPFzx5mgjf0tVpt0YhbNLaawAf2KslfU1B21fXxNMzaG51/9AZZEnb8SKYfHhoNOVT43c1ZmhqpvcqMqWh/y1Kn1rIjvhTC8iV6/ZDFFPphqvvUOV+pNG6a5zVg62SmJPFuQs5XzVElZdkBRDgB9GcX2Q/NhoL025iANf0oke6mPcxBOAB8vbJ0P0S/sXmJrnSJBIvpJQqFdsJ1GC14jYU1u/6k2GGSYLpKJly6ufRlJzaKQBAcDXzkadBiiSwRuFjf3QyK4ZalL6/V5SpLf78i4O7GofWtsbaKCBBhpooIEGGmiggQYa+LPC/wBNhJ0VAHgAAA== + chart: H4sIAAAAAAAAA+0da2/bOLKf9St46gJtF5X8ThYGekA28bbBtomRZHN3OBwCWmJsXiRRR0pO3cf99huSkqyHHctpz0m6GhSJI5HD4XBeHA7dKeYuCQi3yMeIBIKywBIzxiKLi4Xw2NTixAtbz74J2gD7g4H6DVD+rT53ev1Od9Dd25PPO/ud/t4zNPi2YetBLCLMEXrGYdJ3tdv0/onCtNb62zPi+XQaME7uMYZc4L1+f+36w7IX17/b6bV7z1D7u892BfzJ1/85GuMoIjwQKGJILzG6nZEATWLquTSYohA7N3hKhG08RxczKpCIw5DxCD6AWHho6rEJ8nHkzKD1awQCgyM6J9AvmuWe48AFBAGZwlsWoJchJ9f0I3HRLYV2f3llo9PAWyAWqJ6SJBQSjjwaENuwj86vziOgDVAcMt8HBJeH58ilXBj2lEYt9VOTb9iTT7ylfqYPZtOW/JH+KeZBa4loAvOLQ3RNPSKMn21xG8LPCb6Bn5EPn/8LTS8xpywW6PhoBAOGnP2bOJFhU5fglm4Hjwx7Lhzmkpbx0KtaH+rp/+EM88heYN+7zxib9B/0vqz/7f1uo/+7ABzSS8Llug/RvGPgMMz+NDt22zRcIhxOw0g9OkDvwBEgR4oDumYcRTOC3iYihM60yKAzEBk0SuVJtTuXMgUWJMA+GaJaQmfMU0LaNlDyhHTqKUE9/XeZY0/ZfcfYpP/77bL/b3f7g0b/dwGtFjofH/3d+g283yELF+AyZ9EFCMMQwSr00PnBGJ2PEKgwDtQf+BocJcURQQ7zQxwspGNf2gCHBRGnkxh8tTBaLSPF/546IF7EOoZmEb2mhIM1gchiRqwuKDe0m7LhVKKQqMUMWQ4yJxg+/PT24OxodDI6u3p3cPj71dHxWSttZ6nRmOeB/HIypSLiKriwodtd8oxs9NNLB0fItlvw73J0dn58evIq+ZN8xH7okdY65NINLs3bsIrelNOBuEqFTYmxJAGeQHyBCrPUcZQykMlDGW9Jm+owziHCQEsaUIEGI8xj/wbbWE//IwIcAZLFvXaCW+//up0OmItm/7cD2Hb9ryDkh7Bc2FFYOxbcZP87vV5p/Xv9vWb/txP4/NlCLmzEYNdlegS7BNYbDA/IAXVNZH39atwlGJbuYqV9DImOgD+QHR96ag3UgG313/FAYQgHn0Rq7wc36H93f78c//X77f1G/3cBz/+P4d9z43m94M+yLCO/EeUT7Ng4jmaM00864Ln5RdiUtWCLekMDd4gOtRyegRwaPomwiyM8NBDSG8xMmIWdCrjteCx2h58/I/sSezERtiB8DoSdQA8E5gohD0+IJyQWhGAjbN/EE8IDAmIvh167db0L5SpENACRCxxAJnvCZplgQey0D48hTBwaFnSkbzmLQ0WQtX5K8JYTwWLukKRpoqMC/oA99CR5OiWR+u1BFKk+3MrUXHUg7PpUyIEKAafmf3UsP45U1HpLJmA2bmD9r+k01p3qESA/xSGsH9HEc5J+DFcTmFGwkRE+DiBGdrOnRXrMn80qctNcwU81KR+H90UgRUeAvJcpqLskW6z9smnpzxYIXRTXX5KwvDi1ZioIrF9Uh08OY9ylwd3SpVSjhC0nIJv45kMUA5YIxNOGDRVhAn75K4h2OA6JXmXNtpAzMCozEguljrWZlqMtJ9JLVrqg7JHMYV+cHp2+5NccB59uyKshOiM+mxPY+lEBJhaUFx3EU9BiaYX79golDZUwlicCS0yuY09UlmANzd/k/ydgiCVrN4YBG/x/p9st538H+90m/t8J/AD+/1cthz9YGAATOyPXkopU9e/gC7SqhkXfwgURT+QJlwpENOZz3eDAcVgcRBnyLRmRecLqrNVjaPXQGvHngq3tfxoLWdSH2GoOQsK4Bb6L33Iard4TbrL/7UEp/9Nr97qdxv7vAh6N/ZeZI3qdWQ4lXZdKuk5T4ZImpHRemVg9JZQfcLjCB2xjoFbLdD2z9VgcRzp7NRVxVdTMIfpi5IZbyeQvCHgK64T6El2a0GvyeT8mbGv/XRJ6bOGDfNQvB7nb/nfae93y+U+/2+T/dgOPxv7nDbvc3S5D/aNM5L7RvNc05GVPpIrGztKdtsaDg4BFOsml7f26pFRLdx8iM+IxMfP29JE4DNlnBstu4TmmQBEsb7SwdJxnr51WtAgB3/J42hAhcYYqJTGnksp3VIAQLN5Tn0phUm9CjzpYaDKSCSQPD+WmQlMj1GES45otqn7wfY5P35FT9+FVagkT6nLyqPCVxUICiLlzI2K/taRLc1eNQQPHi10i6yEpsOAn+yIZwf4VRh7LGkqz0lPZXvMVssFbixnuDvYA/3JaNWOpCoHL4H454MqQqD7ldfYLd08k05YVMwP+c+oIW1dXnMs8nqygyM1tmcmTq6szfZkyrm4kazKgSU520mFUtcbXr+Y66ryCnH5XSb2fXkuA5reM38hM3XptZhb2PO35hSVHsYCTkhAgMnJCq9/vgVn2PHZL3FWYq/g4KDT1c3i27O+CChV6pAZGLxhlID6LQw8LcVLkKcQtoKTWoN1OGotC5uLkvisgbR2m0CdbYOt+PkiDUoeCKVRPKk3GseeNGdjIRaFxmD0uyAif5sTPQlZiL960SOS0CiFdzpAUOnj0mjgLxyOWjz/K7k7MOfhe6CX/kEXSb3J0LD2AsLOu9rLb+SJwRJ5EOYb2iRYLiT4ospZ2cx1u3eU07XGQdSjjLlUkWNR9k7NVK2oc7DKG5CgrYZ2VhQxv7tj6re2drL4lTUd+bkkzvXNNZWSs7csmfDC9zegIX4VtRjCPJgRH205r2RFWldxaYPFhEAw2Q4qFu1Ymsn626necdDvXvcqjZJqU1P7msWYmInlX7psYaUseS1jYlad+4s1wvRUvT8+LZuv76vdljnp0DhQJMeZsQpZ6B/FUFIVvSZR/hNR9iCFqaVSfiq+Uy9k4ngQB3loanXcXF+PcCxrQiGLviHh4kTB3iDrtrAUHuadb0yp7LXZC6iBrQIJ53oRpE/t+dHA0OrsavR8dXhyfnlydHHwYnY8PDkc5vHNJz2/gyotTge2G5yap9MrzsZpnGsbZmVJUCDj74+Ti+MNodwNvGcOldB5/OHg7ugQunZ5dnV6Ozv52dnxRoRVWVtWN5tJDrZX5ogI1hVCnQiAvbpA05M4nQWIi9g9ZOlvt8QWBZvrLzFOnXR6oNPacebFPPkh/LqrCUqhQ03YzxwFf9tLsr3jFXDMp+vJC0hDJWPFbl2VDPL2GvMoi1aOvwCzNqkrMchePnDSdmpfc8jyqWSK7wmog2RdF8bfQDVkM0aroQ4O2PNX3WzF+W7bfMePvkj9OwSXXOPaiD8wFzP1uOze3B0qybpv/W7kT3TDGpvrfwX65/nfQ6/Sb/N8u4FHm/2od7NQzRXUSfinenEQP0RcryablyhLyI+RO1ZN+pT3svIO9cIY7Ck1+Okl13OM4T9lW/0PmulTwWF0InMTulGw+CNh0/tvrlet/9uBzo/+7gEep/6FKbCxPAMbMPcqE7lcldLs5CngkKfo09eXjj38ESZreg7adR54uT2I2QXyIhQ6lvHCCzL++QR27u2e1TWQf4lCfOFDA9zugTmTAfkujy/w+Pw70PnMBsjACyqQkpGmxA+8WL8SBzBXmzlceWrOeBmxr/7e6+JHAJvvfbw9K9r+7v9/U/+wEHqX9r1H/uebix9PxAfIbdWwx03v8B7xXsos6/O3GSJ+rVdDvamXwrVVMzPLPReJz1fkQTDy0Ej4g3Mf+1y78T2Bz/N8v1//0mvh/N/CU7f/6wv/GDXznewWFCwVbEdncJHjUsK39T9Zhqy3ABvvfreZ/e/39pv5zJ/Ao7X9m5RNTsSsLXynfq1M7dc2Zb0Erz7UipgozxBC9+OdnM+QsYg7zzKF5cTg2X5vynZmvKrijauPrv15sR4Gq3yLEtXSNmwVSDZGtsJISqgJhZTpKlRGvy6RvQ0zGaSvNTCWj5lJTMLhZdFqFg3AYVSM1t2JDyFxL+ehs5GWRC7CBysrTwvXoH8Khp7lBXZCb3P87Hlcygw9YX6xFr1xXfVftZnp+m7RR41YKT1bV86SCO0Qgt8Vi6xRnWlCl1W016o3VWcVx5BOtb+PNmDIVf2jTr+Ce/h/r4K1eGLDp/Hdvv5z/G7QHzf5vJ/Ak/H+6VXjKG71tzSZsx5iqBSry4ILdEODQNfYE+R4nyNvq/zzEW38P8Kb8j3xXyv/vNd//sBt4NPpfig6knOnIwC3d+jWlZggHAjoIBrO0kJlYDGgWUXg5Zu5B0g6c/E4MRxqJrZhJGrPmK/aLz7S1ye4YqIc0Lduzli/09YUXP79IjmR9GhzoCD934SiMFZmc/CemnLjIXE+LvURgQz9ERdbNvGMK5W65kkef+Iwv7kWA7nofGpKeioxC1KfDsqwKd9Utw2V9Tu6m4f0KAOVBtTpZyC+qfqJr/nI95YTyje1lux1evK5n/+ea5Ht+Afwm+z8YVP//h367sf+7gEdj/5P7UCTmLCSWy5wb2NiHN1PbJfNWJqXJ/7zQCuMJ6Ez2fFmWCjuUivgOVegSGWHuKtXx9QmLxmBQpLIbOS0eohVfRZ+/pSrLbozC2aU0VoA/MdbK+pqDtq+vCabm0Nzrf6DykSdvxIph8eWg05VvjdzVmaFqm9yoytxD/lqVvjWRnXCmF5Gr12yGqCdLjdfeoUrjSaN01zl7DrZKYk8cclZyvsqFVR2SYgjwwyj6B8mPjfbSlE4c+JIu9FAf4yaRALxY3j4Zol/av8DSPEeCRPIrCYX6Yu0kS/AaEXtq6696k2mGyQKpbNny6qeRtBwaaUIA8LWzWacJimTyRmFjPzSya4aalH6/lzzS2315Fwd2tQ+t7Q000EADDTTQQAMNNNBAAw38WeF/vDLX+QB4AAA= values: image: europe-docker.pkg.dev/gardener-project/public/gardener/extensions/shoot-rsyslog-relp:v0.5.0-dev --- apiVersion: core.gardener.cloud/v1beta1 kind: ControllerRegistration metadata: - name: shoot-rsyslog-relp + name: extension-shoot-rsyslog-relp annotations: security.gardener.cloud/pod-security-enforce: baseline spec: deployment: deploymentRefs: - - name: shoot-rsyslog-relp + - name: extension-shoot-rsyslog-relp resources: - kind: Extension type: shoot-rsyslog-relp diff --git a/example/extension/.gitignore b/example/extension/.gitignore new file mode 100644 index 00000000..0e2fbf51 --- /dev/null +++ b/example/extension/.gitignore @@ -0,0 +1,3 @@ +* +!.gitignore +!extension-config-patch.yaml.tmpl diff --git a/example/extension/extension-config-patch.yaml.tmpl b/example/extension/extension-config-patch.yaml.tmpl new file mode 100644 index 00000000..3f80b5ae --- /dev/null +++ b/example/extension/extension-config-patch.yaml.tmpl @@ -0,0 +1,37 @@ +spec: + extensions: + - type: shoot-rsyslog-relp + providerConfig: + apiVersion: rsyslog-relp.extensions.gardener.cloud/v1alpha1 + kind: RsyslogRelpConfig + # target will be assigned automatically based on the service IP + # of the rsyslog relp echo server deployed in the Shoot cluster. + target: + # If you want to enable tls, use port 443 instead. + port: 80 + # These loggingRules will forward everything to the rsyslog + # relp echo server. Specify concrete programNames or reduce + # secerity to filter log messages + loggingRules: + - severity: 7 + resumeRetryCount: -1 + timeout: 90 + rebindInterval: 1000 + reportSuspensionContinuation: true + tls: + # If you enable the tls connection to the rsyslog relp echo server + # you also have to uncomment the resources array below. The rsyslog-relp-tls + # secret is automatically deployed in the local Garden cluster when you + # run `make configure-shoot`. + enabled: false + secretReferenceName: rsyslog-tls-certificates + authMode: name + tlsLib: openssl + permittedPeer: + - "rsyslog-server" +# resources: +# - name: rsyslog-tls-certificates +# resourceRef: +# kind: Secret +# name: rsyslog-relp-tls +# apiVersion: v1 \ No newline at end of file diff --git a/hack/configure-shoot.sh b/hack/configure-shoot.sh new file mode 100755 index 00000000..49df77db --- /dev/null +++ b/hack/configure-shoot.sh @@ -0,0 +1,97 @@ +#!/usr/bin/env bash +# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +# +# SPDX-License-Identifier: Apache-2.0 + +set -o errexit +set -o nounset +set -o pipefail + +SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" +REPO_ROOT_DIR="$(realpath "${SCRIPT_DIR}"/..)" + +SHOOT_NAME="" +SHOOT_NAMESPACE="" +ECHO_SERVER_IMAGE="" + +parse_flags() { + while test $# -gt 0; do + case "$1" in + --shoot-name) + shift; SHOOT_NAME="$1" + ;; + --shoot-namespace) + shift; SHOOT_NAMESPACE="$1" + ;; + --echo-server-image) + shift; ECHO_SERVER_IMAGE="$1" + ;; + *) + echo "Unknown argument: $1" + exit 1 + ;; + esac + shift + done +} + +ensure_file_from_template() { + local file=$1 + local tmpl="${file}".tmpl + if [[ -n "$2" ]]; then + tmpl=$2 + fi + if [[ ! -f "${file}" ]]; then + echo "Creating \"${file}\" from template." + cp "${tmpl}" "${file}" + fi +} + +parse_flags "$@" + +tmp_shoot_kubeconfig=$(mktemp) +cleanup_shoot_kubeconfig() { + rm -f "${tmp_shoot_kubeconfig}" +} +trap cleanup_shoot_kubeconfig EXIT + +echo "Generating temporary kubeconfig for '${SHOOT_NAMESPACE}/${SHOOT_NAME}'." +cat << EOF | kubectl create --raw /apis/core.gardener.cloud/v1beta1/namespaces/"${SHOOT_NAMESPACE}"/shoots/"${SHOOT_NAME}"/adminkubeconfig -f - | jq -r '.status.kubeconfig' | base64 -d > "${tmp_shoot_kubeconfig}" +{ + "apiVersion": "authentication.gardener.cloud/v1alpha1", + "kind": "AdminKubeconfigRequest", + "spec": { + "expirationSeconds": 600 + } +} +EOF + +echo "Installing rsyslog relp echo server into shoot cluster." +echo_server_service="rsyslog-relp-echo-server" +echo_server_namespace="rsyslog-relp-echo-server" +helm upgrade --install \ + --wait \ + --history-max=4 \ + --namespace "${echo_server_namespace}" \ + --create-namespace \ + --kubeconfig "${tmp_shoot_kubeconfig}" \ + --set images.rsyslog="${ECHO_SERVER_IMAGE}" \ + rsyslog-relp-echo-server \ + "${REPO_ROOT_DIR}/example/local/charts/rsyslog-relp-echo-server" + +echo "Retrieving ClusterIP of the ${echo_server_namespace}/${echo_server_service} service." +service_ip=$(kubectl --kubeconfig "${tmp_shoot_kubeconfig}" -n "${echo_server_namespace}" get service "${echo_server_service}" -o yaml | yq '.spec.clusterIPs[0]') +if [[ -z "${service_ip}" || "${service_ip}" == "null" ]]; then + echo "ClusterIP of ${echo_server_namespace}/${echo_server_service} service not assigned." + exit 1 +fi + +echo "Deploying rsyslog-relp-tls secret in Garden cluster." +kubectl apply -f <(yq -e ".metadata.namespace = \"${SHOOT_NAMESPACE}\"" "${REPO_ROOT_DIR}/example/secret-rsyslog-tls-certs.yaml") + +extension_config_patch_file="${SHOOT_NAMESPACE}--${SHOOT_NAME}--extension-config-patch.yaml" + +echo "Enabling shoot-rsyslog-relp extension by patching shoot with ${extension_config_patch_file}." +ensure_file_from_template "${REPO_ROOT_DIR}/example/extension/${extension_config_patch_file}" "${REPO_ROOT_DIR}/example/extension/extension-config-patch.yaml.tmpl" +yq -ie ".spec.extensions[0].providerConfig.target = \"${service_ip}\"" "${REPO_ROOT_DIR}/example/extension/${extension_config_patch_file}" +kubectl -n "${SHOOT_NAMESPACE}" patch shoot "${SHOOT_NAME}" --patch-file "${REPO_ROOT_DIR}/example/extension/${extension_config_patch_file}" \ No newline at end of file diff --git a/hack/remote-extension-up.sh b/hack/remote-extension-up.sh new file mode 100755 index 00000000..dee7f41e --- /dev/null +++ b/hack/remote-extension-up.sh @@ -0,0 +1,53 @@ +#!/usr/bin/env bash +# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors +# +# SPDX-License-Identifier: Apache-2.0 + +set -o errexit +set -o nounset +set -o pipefail + +PATH_SEED_KUBECONFIG="" + +parse_flags() { + while test $# -gt 0; do + case "$1" in + --path-seed-kubeconfig) + shift; PATH_SEED_KUBECONFIG="$1" + ;; + *) + echo "Unknown argument: $1" + exit 1 + ;; + esac + shift + done +} + +parse_flags "$@" + +temp_shoot_info=$(mktemp) +cleanup_shoot_info() { + rm -f "$temp_shoot_info" +} +trap cleanup_shoot_info EXIT + +if kubectl get configmaps -n kube-system shoot-info --kubeconfig "$PATH_SEED_KUBECONFIG" -o yaml > "$temp_shoot_info"; then + echo "Getting registry domain from shoot" + registry_domain=reg.$(yq -e '.data.domain' "$temp_shoot_info") +else + echo "Please enter domain name for registry on the seed" + echo "Registry domain:" + read -er registry_domain +fi + +echo "Deploying shoot-rsyslog-relp admission in garden cluster" +SKAFFOLD_DEFAULT_REPO=localhost:5001 SKAFFOLD_PUSH=true skaffold run -m admission -p remote-extension + +echo "Deploying shoot-rsyslog-relp extension" +SKAFFOLD_DEFAULT_REPO=$registry_domain \ +SKAFFOLD_CHECK_CLUSTER_NODE_PLATFORMS="false" \ +SKAFFOLD_PLATFORM="linux/amd64" \ +SKAFFOLD_DISABLE_MULTI_PLATFORM_BUILD="false" \ + SKAFFOLD_PUSH=true \ + skaffold run -m extension \ No newline at end of file diff --git a/skaffold.yaml b/skaffold.yaml index bc09c2ec..d1e12f20 100644 --- a/skaffold.yaml +++ b/skaffold.yaml @@ -4,10 +4,10 @@ metadata: name: rsyslog-relp-echo-server build: artifacts: - - image: europe-docker.pkg.dev/gardener-project/public/gardener/extensions/rsyslog-relp-echo-server + - image: europe-docker.pkg.dev/gardener-project/public/gardener/extensions/shoot-rsyslog-relp-echo-server docker: cacheFrom: - - europe-docker.pkg.dev/gardener-project/public/gardener/extensions/rsyslog-relp-echo-server + - europe-docker.pkg.dev/gardener-project/public/gardener/extensions/shoot-rsyslog-relp-echo-server local: {} deploy: helm: @@ -18,7 +18,7 @@ deploy: wait: true chartPath: example/local/charts/rsyslog-relp-echo-server setValueTemplates: - images.rsyslog: '{{.IMAGE_FULLY_QUALIFIED_europe_docker_pkg_dev_gardener_project_public_gardener_extensions_rsyslog_relp_echo_server}}' + images.rsyslog: '{{.IMAGE_FULLY_QUALIFIED_europe_docker_pkg_dev_gardener_project_public_gardener_extensions_shoot_rsyslog_relp_echo_server}}' setValues: service.clusterIP: 10.2.64.54 --- @@ -96,3 +96,10 @@ deploy: setValueTemplates: global.image.repository: '{{.IMAGE_REPO_europe_docker_pkg_dev_gardener_project_public_gardener_extensions_shoot_rsyslog_relp_admission}}' global.image.tag: '{{.IMAGE_TAG_europe_docker_pkg_dev_gardener_project_public_gardener_extensions_shoot_rsyslog_relp_admission}}@{{.IMAGE_DIGEST_europe_docker_pkg_dev_gardener_project_public_gardener_extensions_shoot_rsyslog_relp_admission}}' +profiles: + - name: remote-extension + patches: + - op: add + path: /deploy/helm/releases/0/setValues + value: + global.vpa.enabled: false