Update dependencies and change metrics port (#162)

* Updating client go * fixes for client-go 0.19 * update other deps * tidy * try something * logging * changing metrics port * port * split yaml out * order * fix script * facepalm * Update e2e/pre.sh Co-authored-by: Luke Reed <[email protected]> Co-authored-by: Luke Reed <[email protected]>
FairwindsOps · Dec 7, 2020 · ad2dc70 · ad2dc70
1 parent e02e12f
commit ad2dc70
Show file tree

Hide file tree

Showing 18 changed files with 1,139 additions and 234 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,5 @@
 .pre-commit-config.yaml
+/rbac-manager
 
 # Binaries for programs and plugins
 *.exe

diff --git a/cmd/manager/main.go b/cmd/manager/main.go
@@ -37,7 +37,7 @@ import (
 )
 
 var logLevel = flag.String("log-level", logrus.InfoLevel.String(), "Logrus log level")
-var addr = flag.String("metrics-address", ":8080", "The address to serve prometheus metrics.")
+var addr = flag.String("metrics-address", ":8042", "The address to serve prometheus metrics.")
 
 func init() {
 	klog.InitFlags(nil)
@@ -62,15 +62,15 @@ func main() {
 	logrus.Debug("Setting up client for manager")
 	cfg, err := config.GetConfig()
 	if err != nil {
-		logrus.Error(err, "unable to set up client config")
+		logrus.Error(err, ": unable to set up client config")
 		os.Exit(1)
 	}
 
 	// Create a new Cmd to provide shared dependencies and start components
 	logrus.Debug("Setting up manager")
 	mgr, err := manager.New(cfg, manager.Options{})
 	if err != nil {
-		logrus.Error(err, "unable to set up overall controller manager")
+		logrus.Error(err, ": unable to set up overall controller manager")
 		os.Exit(1)
 	}
 
@@ -79,14 +79,14 @@ func main() {
 	// Setup Scheme for all resources
 	logrus.Debug("Setting up scheme")
 	if err := apis.AddToScheme(mgr.GetScheme()); err != nil {
-		logrus.Error(err, "unable add APIs to scheme")
+		logrus.Error(err, ": unable add APIs to scheme")
 		os.Exit(1)
 	}
 
 	// Setup all Controllers
 	logrus.Debug("Setting up controller")
 	if err := controller.Add(mgr); err != nil {
-		logrus.Error(err, "unable to register controller to the manager")
+		logrus.Error(err, ": unable to register controller to the manager")
 		os.Exit(1)
 	}
 
@@ -99,15 +99,15 @@ func main() {
 		metrics.RegisterMetrics()
 		http.Handle("/metrics", promhttp.Handler())
 		if err := http.ListenAndServe(*addr, nil); err != nil {
-			logrus.Error(err, "unable to serve the metrics endpoint")
+			logrus.Error(err, ": unable to serve the metrics endpoint")
 			os.Exit(1)
 		}
 	}()
 
 	// Start the Cmd
 	logrus.Info("Watching RBAC Definitions")
 	if err := mgr.Start(signals.SetupSignalHandler()); err != nil {
-		logrus.Error(err, "unable to run the manager")
+		logrus.Error(err, ": unable to run the manager")
 		os.Exit(1)
 	}
 }
diff --git a/deploy/0_namespace.yaml b/deploy/0_namespace.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: rbac-manager
+  labels:
+    app: rbac-manager
diff --git a/deploy/1_rbac.yaml b/deploy/1_rbac.yaml
@@ -0,0 +1,60 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: rbac-manager
+  namespace: rbac-manager
+  labels:
+    app: rbac-manager
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: rbac-manager
+  labels:
+    app: rbac-manager
+rules:
+  - apiGroups:
+      - rbacmanager.reactiveops.io
+    resources:
+      - rbacdefinitions
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - rbac.authorization.k8s.io
+      - authorization.k8s.io
+    resources:
+      - '*'
+    verbs:
+      - '*'
+  - apiGroups:
+      - "" # core
+    resources:
+      - serviceaccounts
+    verbs:
+      - '*'
+  - apiGroups:
+      - "" # core
+    resources:
+      - namespaces
+    verbs:
+      - get
+      - list
+      - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: rbac-manager
+  labels:
+    app: rbac-manager
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: rbac-manager
+subjects:
+  - kind: ServiceAccount
+    name: rbac-manager
+    namespace: "rbac-manager"
diff --git a/deploy/all.yaml → deploy/2_crd.yaml b/deploy/all.yaml → deploy/2_crd.yaml
@@ -1,71 +1,4 @@
 ---
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: rbac-manager
-  labels:
-    app: rbac-manager
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: rbac-manager
-  namespace: rbac-manager
-  labels:
-    app: rbac-manager
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: rbac-manager
-  labels:
-    app: rbac-manager
-rules:
-  - apiGroups:
-      - rbacmanager.reactiveops.io
-    resources:
-      - rbacdefinitions
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - rbac.authorization.k8s.io
-      - authorization.k8s.io
-    resources:
-      - '*'
-    verbs:
-      - '*'
-  - apiGroups:
-      - "" # core
-    resources:
-      - serviceaccounts
-    verbs:
-      - '*'
-  - apiGroups:
-      - "" # core
-    resources:
-      - namespaces
-    verbs:
-      - get
-      - list
-      - watch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: rbac-manager
-  labels:
-    app: rbac-manager
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: rbac-manager
-subjects:
-  - kind: ServiceAccount
-    name: rbac-manager
-    namespace: "rbac-manager"
----
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
@@ -175,67 +108,3 @@ spec:
               type: array
             status:
               type: object
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: rbac-manager
-  namespace: rbac-manager
-  labels:
-    app: rbac-manager
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: rbac-manager
-      release: rbac-manager
-  template:
-    metadata:
-      labels:
-        app: rbac-manager
-        release: rbac-manager
-    spec:
-      serviceAccountName: rbac-manager
-      containers:
-      - name: rbac-manager
-        image: "quay.io/reactiveops/rbac-manager:v0.9.4"
-        imagePullPolicy: Always
-        # these liveness probes use the metrics endpoint
-        readinessProbe:
-          httpGet:
-            scheme: HTTP
-            path: /metrics
-            port: 8080
-          initialDelaySeconds: 5
-          timeoutSeconds: 3
-          periodSeconds: 3
-          failureThreshold: 3
-        livenessProbe:
-          httpGet:
-            scheme: HTTP
-            path: /metrics
-            port: 8080
-          initialDelaySeconds: 5
-          timeoutSeconds: 3
-          periodSeconds: 10
-          failureThreshold: 3
-        securityContext:
-          allowPrivilegeEscalation: false
-          privileged: false
-          readOnlyRootFilesystem: true
-          runAsNonRoot: true
-          capabilities:
-            drop:
-              - ALL
-        resources:
-          limits:
-            cpu: 100m
-            memory: 128Mi
-          requests:
-            cpu: 100m
-            memory: 128Mi
-        ports:
-          # metrics port
-          - name: http-metrics
-            containerPort: 8080
-            protocol: TCP
diff --git a/deploy/3_deployment.yaml b/deploy/3_deployment.yaml
@@ -0,0 +1,63 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: rbac-manager
+  namespace: rbac-manager
+  labels:
+    app: rbac-manager
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: rbac-manager
+      release: rbac-manager
+  template:
+    metadata:
+      labels:
+        app: rbac-manager
+        release: rbac-manager
+    spec:
+      serviceAccountName: rbac-manager
+      containers:
+      - name: rbac-manager
+        image: "quay.io/reactiveops/rbac-manager:v0.9.4"
+        imagePullPolicy: Always
+        # these liveness probes use the metrics endpoint
+        readinessProbe:
+          httpGet:
+            scheme: HTTP
+            path: /metrics
+            port: 8042
+          initialDelaySeconds: 5
+          timeoutSeconds: 3
+          periodSeconds: 3
+          failureThreshold: 3
+        livenessProbe:
+          httpGet:
+            scheme: HTTP
+            path: /metrics
+            port: 8042
+          initialDelaySeconds: 5
+          timeoutSeconds: 3
+          periodSeconds: 10
+          failureThreshold: 3
+        securityContext:
+          allowPrivilegeEscalation: false
+          privileged: false
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          capabilities:
+            drop:
+              - ALL
+        resources:
+          limits:
+            cpu: 100m
+            memory: 128Mi
+          requests:
+            cpu: 100m
+            memory: 128Mi
+        ports:
+          # metrics port
+          - name: http-metrics
+            containerPort: 8042
+            protocol: TCP
diff --git a/e2e/pre.sh b/e2e/pre.sh
@@ -12,7 +12,7 @@ else
     echo "CI_SHA1: $CI_SHA1"
 fi
 
-yq w -d5 -i deploy/all.yaml 'spec.template.spec.containers[0].image' "quay.io/reactiveops/rbac-manager:dev-$CI_SHA1"
-cat deploy/all.yaml
+yq w -i deploy/3_deployment.yaml 'spec.template.spec.containers[0].image' "quay.io/reactiveops/rbac-manager:dev-$CI_SHA1"
+cat deploy/3_deployment.yaml
 
 docker cp deploy e2e-command-runner:/
diff --git a/e2e/test.sh b/e2e/test.sh
@@ -17,7 +17,7 @@ echo "** Install rbac-manager at $CI_SHA1 **"
 echo "********************************************************************"
 printf "\n\n"
 
-kubectl apply -f deploy/all.yaml
+kubectl apply -f deploy/
 kubectl -n rbac-manager wait deployment/rbac-manager --timeout=120s --for condition=available