use envsubst for kustomize

controller/Makefile

@@ -12,6 +12,7 @@ CONTROLLER_GEN ?= $(shell which controller-gen)
 ENVTEST ?= $(shell which setup-envtest)
 GOLANGCI_LINT ?= $(shell which golangci-lint)
 MOCKERY ?= $(shell which mockery)
+ENVSUBST ?= $(shell which envsubst)
 
 # Tool versions
 KUBEBUILDER_VERSION := 3.11.1
@@ -144,10 +145,14 @@ uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified
 	$(KUSTOMIZE) build config/crd | $(KUBECTL) delete --ignore-not-found=$(ignore-not-found) -f -
 
 .PHONY: deploy
-deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
-	@echo asd > /tmp/config.env
-	$(KUSTOMIZE) build config/default | $(KUBECTL) apply -f -
-	@rm /tmp/config.env
+deploy: manifests kustomize envsubst ## Deploy controller to the K8s cluster specified in ~/.kube/config.
+ifndef PLURAL_CONSOLE_URL
+$(error $$PLURAL_CONSOLE_URL environment variable not set)
+endif
+ifndef PLURAL_CONSOLE_TOKEN
+$(error $$PLURAL_CONSOLE_TOKEN environment variable not set)
+endif
+	$(KUSTOMIZE) build config/default | $(ENVSUBST) | $(KUBECTL) apply -f -
 
 .PHONY: undeploy
 undeploy: kustomize ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
@@ -184,6 +189,10 @@ envtest: --tool ## Download and install setup-envtest in the $GOPATH/bin
 mockery: TOOL = mockery
 mockery: --tool
 
+.PHONY: envsubst
+envsubst: TOOL = envsubst
+envsubst: --tool
+
 .PHONY: kubebuilder
 kubebuilder: ## install kubebuilder
 	@curl -L -O --output-dir bin/ "https://github.com/kubernetes-sigs/kubebuilder/releases/download/v${KUBEBUILDER_VERSION}/kubebuilder_${OS}_${ARCH}"

controller/config/default/kustomization.yaml

@@ -27,4 +27,4 @@ patches:
 # If you want your controller-manager to expose the /metrics
 # endpoint w/o any authn/z, please comment the following line.
 - path: manager_auth_proxy_patch.yaml
-- path: manager_config_patch.yaml
+

controller/config/default/manager_auth_proxy_patch.yaml

@@ -36,3 +36,5 @@ spec:
         - "--health-probe-bind-address=:8081"
         - "--metrics-bind-address=127.0.0.1:8080"
         - "--leader-elect"
+        - --console-url=$CONSOLE_URL
+        - --console-token=$CONSOLE_TOKEN

controller/config/manager/kustomization.yaml

@@ -1,8 +1,4 @@
 resources:
 - manager.yaml
 - service_account.yaml
-
-secretGenerator:
-  - name: secrets
-    envs: [/tmp/config.env]
-    behavior: create
+- secret.yaml

controller/config/manager/manager.yaml

@@ -28,37 +28,51 @@ spec:
         seccompProfile:
           type: RuntimeDefault
       containers:
-      - command:
-        - /manager
-        args:
-        - --leader-elect
-        image: deployment-controller
-        name: manager
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - "ALL"
-        livenessProbe:
-          httpGet:
-            path: /healthz
-            port: 8081
-          initialDelaySeconds: 15
-          periodSeconds: 20
-        readinessProbe:
-          httpGet:
-            path: /readyz
-            port: 8081
-          initialDelaySeconds: 5
-          periodSeconds: 10
-        # TODO(user): Configure the resources accordingly based on the project requirements.
-        # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
-        resources:
-          limits:
-            cpu: 500m
-            memory: 128Mi
-          requests:
-            cpu: 10m
-            memory: 64Mi
+        - command:
+            - /manager
+          args:
+            - --leader-elect
+            - --console-url="$(CONSOLE_URL)"
+            - --console-token=$CONSOLE_TOKEN
+          image: deployment-controller:latest
+          imagePullPolicy: Never
+          name: manager
+          env:
+            - name: CONSOLE_URL
+              valueFrom:
+                secretKeyRef:
+                  key: consoleUrl
+                  name: secrets
+            - name: CONSOLE_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  key: consoleToken
+                  name: secrets
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - "ALL"
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 8081
+            initialDelaySeconds: 15
+            periodSeconds: 20
+          readinessProbe:
+            httpGet:
+              path: /readyz
+              port: 8081
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          # TODO(user): Configure the resources accordingly based on the project requirements.
+          # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+          resources:
+            limits:
+              cpu: 500m
+              memory: 128Mi
+            requests:
+              cpu: 10m
+              memory: 64Mi
       serviceAccountName: controller-manager
       terminationGracePeriodSeconds: 10

controller/config/manager/secret.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: secrets
+stringData:
+  consoleUrl: "$PLURAL_CONSOLE_URL" # replaced with envsubst
+  consoleToken: "$PLURAL_CONSOLE_TOKEN" # replaced with envsubst

controller/go.mod

@@ -23,6 +23,7 @@ require (
 
 // Tools
 require (
+	github.com/a8m/envsubst v1.4.2
 	github.com/golangci/golangci-lint v1.55.2
 	github.com/vektra/mockery/v2 v2.38.0
 	sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20231215020716-1b80b9629af8
@@ -260,7 +261,6 @@ require github.com/onsi/ginkgo/v2 v2.13.1
 
 require (
 	github.com/chigopher/pathlib v0.15.0 // indirect
-	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
 	github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect

controller/go.sum

@@ -72,6 +72,8 @@ github.com/OpenPeeDeeP/depguard/v2 v2.1.0 h1:aQl70G173h/GZYhWf36aE5H0KaujXfVMnn/
 github.com/OpenPeeDeeP/depguard/v2 v2.1.0/go.mod h1:PUBgk35fX4i7JDmwzlJwJ+GMe6NfO1723wmJMgPThNQ=
 github.com/Yamashou/gqlgenc v0.16.0 h1:k1X/dvwnkiDImaeYw+C1j+GDX3MnzB4aONOTE6Mrku4=
 github.com/Yamashou/gqlgenc v0.16.0/go.mod h1:yKaNzczoGrIElG3mG8j2Bg3imv4WyIjLSTRBtvhfMtU=
+github.com/a8m/envsubst v1.4.2 h1:4yWIHXOLEJHQEFd4UjrWDrYeYlV7ncFWJOCBRLOZHQg=
+github.com/a8m/envsubst v1.4.2/go.mod h1:MVUTQNGQ3tsjOOtKCNd+fl8RzhsXcDvvAEzkhGtlsbY=
 github.com/alecthomas/assert/v2 v2.2.2 h1:Z/iVC0xZfWTaFNE6bA3z07T86hd45Xe2eLt6WVy2bbk=
 github.com/alecthomas/assert/v2 v2.2.2/go.mod h1:pXcQ2Asjp247dahGEmsZ6ru0UVwnkhktn7S0bBDLxvQ=
 github.com/alecthomas/go-check-sumtype v0.1.3 h1:M+tqMxB68hcgccRXBMVCPI4UJ+QUfdSx0xdbypKCqA8=

controller/tools.go

@@ -3,6 +3,7 @@
 package tools
 
 import (
+	_ "github.com/a8m/envsubst/cmd/envsubst"
 	_ "github.com/golangci/golangci-lint/cmd/golangci-lint"
 	_ "github.com/vektra/mockery/v2"
 	_ "sigs.k8s.io/controller-runtime/tools/setup-envtest"