Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add capkk #2478

Draft
wants to merge 1 commit into
base: feature-gitops
Choose a base branch
from
Draft

feat: add capkk #2478

wants to merge 1 commit into from
+15,387 −2,031,414

Conversation

redscholar
Copy link
Collaborator

@redscholar redscholar commented Dec 23, 2024
edited
Loading

What type of PR is this?

/kind feature

What this PR does / why we need it:

build image

use command REGISTRY=xxxx make docker-push

Deploying CAPKK

  • Use local file
  1. Generate the infrastructure-components.yaml file, run the following command: REGISTRY=xxxx make generate
    The generated file will be located at:
    config/capkk/infrastructure-components.yaml (This will be included in the release package).
  2. Configure infrastructure-components.yaml in the manager Kubernetes cluster with clusterctl. The clusterctl default configuration file is located at $HOME/.cluster-api/clusterctl.yaml.
providers:
- name: kubekey
   url: [infrastructure-components.yaml's url]
   type: InfrastructureProvider
  1. deploy capkk in manager kubernetes use the following command: clusterctl init -i kubekey
  • Online
    Starting from release 4.x, you can deploy CAPKK inline with a simplified command: clusterctl init -i kubekey

Which issue(s) this PR fixes:

Fixes #
#2456 (comment)

Special notes for reviewers:

https://cluster-api.sigs.k8s.io

Does this PR introduced a user-facing change?

add capkk

Additional documentation, usage docs, etc.:

@kubesphere-prow kubesphere-prow bot added release-note kind/feature Categorizes issue or PR as related to a new feature. labels Dec 23, 2024
@kubesphere-prow Kubesphere Prow
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: redscholar

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kubesphere-prow kubesphere-prow bot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Dec 23, 2024
@redscholar redscholar marked this pull request as draft December 23, 2024 08:16
@kubesphere-prow kubesphere-prow bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Dec 23, 2024
@redscholar redscholar force-pushed the feature branch 4 times, most recently from 47b297e to c6b8087 Compare January 3, 2025 10:28
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 3, 2025
View reviewed changes
config/capkk/deployment/capkk.yaml
app: capkk-controller-manager
spec:
containers:
- args:

Check warning

Code scanning / SonarCloud

Memory limits should be enforced Medium

Specify a memory limit for this container. See more on SonarQube Cloud
config/capkk/deployment/capkk.yaml
periodSeconds: 10
securityContext:
allowPrivilegeEscalation: false
serviceAccountName: capkk

Check warning

Code scanning / SonarCloud

Service account permissions should be restricted Medium

Bind this Service Account to RBAC or disable "automountServiceAccountToken". See more on SonarQube Cloud
config/capkk/infrastructure-components.yaml Fixed Show fixed Hide fixed
config/capkk/infrastructure-components.yaml Fixed Show fixed Hide fixed
config/capkk/infrastructure-components.yaml Fixed Show fixed Hide fixed
config/capkk/infrastructure-components.yaml Fixed Show fixed Hide fixed
config/capkk/infrastructure-components.yaml Fixed Show fixed Hide fixed
config/capkk/rbac/role.yaml Fixed Show fixed Hide fixed
config/capkk/rbac/role.yaml Fixed Show fixed Hide fixed
config/capkk/rbac/role.yaml Fixed Show fixed Hide fixed
@redscholar redscholar force-pushed the feature branch 2 times, most recently from 6abb2fb to c21d36c Compare January 6, 2025 04:36
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 6, 2025
View reviewed changes
config/capkk/rbac/role.yaml Fixed Show fixed Hide fixed
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 6, 2025
View reviewed changes
config/capkk/deployment/kk.yaml
app: kk-controller-manager
spec:
containers:
- args:

Check warning

Code scanning / SonarCloud

Memory limits should be enforced Medium

Specify a memory limit for this container. See more on SonarQube Cloud
config/capkk/deployment/kk.yaml
periodSeconds: 10
securityContext:
allowPrivilegeEscalation: false
serviceAccountName: capkk

Check warning

Code scanning / SonarCloud

Service account permissions should be restricted Medium

Bind this Service Account to RBAC or disable "automountServiceAccountToken". See more on SonarQube Cloud
config/kubekey/templates/role.yaml
resources:
- jobs
- cronjobs
- '*'

Check warning

Code scanning / SonarCloud

Wildcards should not be used to define RBAC permissions Medium

Replace this wildcard with a clear list of allowed resources. See more on SonarQube Cloud
@redscholar redscholar force-pushed the feature branch 2 times, most recently from c7c6c0b to 0eaa5d8 Compare January 7, 2025 02:58
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 7, 2025
View reviewed changes
config/capkk/rbac/role.yaml
- controlplane.cluster.x-k8s.io
- infrastructure.cluster.x-k8s.io
resources:
- '*'

Check warning

Code scanning / SonarCloud

Wildcards should not be used to define RBAC permissions Medium

Replace this wildcard with a clear list of allowed resources. See more on SonarQube Cloud
config/capkk/rbac/role.yaml
- apiGroups:
- kubekey.kubesphere.io
resources:
- '*'

Check warning

Code scanning / SonarCloud

Wildcards should not be used to define RBAC permissions Medium

Replace this wildcard with a clear list of allowed resources. See more on SonarQube Cloud
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Failed Quality Gate failed

Failed conditions
16 Security Hotspots
C Security Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. kind/feature Categorizes issue or PR as related to a new feature. release-note size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@redscholar