Skip to content

Commit

Permalink
updating CRD apiversion to v1 (#156)
Browse files Browse the repository at this point in the history
  • Loading branch information
Luke Reed committed Oct 23, 2020
1 parent 8136b4c commit 4ef3d0c
Show file tree
Hide file tree
Showing 7 changed files with 172 additions and 76 deletions.
39 changes: 29 additions & 10 deletions .circleci/config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,20 @@ references:
else
echo "Skipping push for forked PR"
fi
e2e_configuration: &e2e_configuration
pre_script: e2e/pre.sh
script: e2e/test.sh
command_runner_image: quay.io/reactiveops/ci-images:v11-stretch
enable_docker_layer_caching: true
kind_version: 0.9.0
requires:
- test
- build
filters:
branches:
only: /.*/
tags:
ignore: /v.*/

jobs:
test:
Expand Down Expand Up @@ -61,16 +75,21 @@ workflows:
- build:
context: org-global
- rok8s-scripts/kubernetes_e2e_tests:
pre_script: e2e/pre.sh
script: e2e/test.sh
requires:
- test
- build
filters:
branches:
only: /.*/
tags:
ignore: /v.*/
name: "End-To-End Kubernetes 1.16.15"
kind_node_image: "kindest/node:v1.16.15@sha256:a89c771f7de234e6547d43695c7ab047809ffc71a0c3b65aa54eda051c45ed20"
<<: *e2e_configuration
- rok8s-scripts/kubernetes_e2e_tests:
name: "End-To-End Kubernetes 1.17.11"
kind_node_image: "kindest/node:v1.17.11@sha256:5240a7a2c34bf241afb54ac05669f8a46661912eab05705d660971eeb12f6555"
<<: *e2e_configuration
- rok8s-scripts/kubernetes_e2e_tests:
name: "End-To-End Kubernetes 1.18.8"
kind_node_image: "kindest/node:v1.18.8@sha256:f4bcc97a0ad6e7abaf3f643d890add7efe6ee4ab90baeb374b4f41a4c95567eb"
<<: *e2e_configuration
- rok8s-scripts/kubernetes_e2e_tests:
name: "End-To-End Kubernetes 1.19.1"
kind_node_image: "kindest/node:v1.19.1@sha256:98cf5288864662e37115e362b23e4369c8c4a408f99cbc06e58ac30ddc721600"
<<: *e2e_configuration
release:
jobs:
- release:
Expand Down
4 changes: 3 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,8 @@ helm repo add fairwinds-stable https://charts.fairwinds.com/stable
helm install fairwinds-stable/rbac-manager --name rbac-manager --namespace rbac-manager
```

If utilizing the below deploy directory to release or test, be aware that it now requires kubernetes 1.16+ because of apiVersion changes.

```
kubectl apply -f deploy/
```
Expand Down Expand Up @@ -126,7 +128,7 @@ If an `RBACDefinition` defines a `ServiceAccount` as a subject, rbac-manager wil

### ImagePullSecrets and ServiceAccounts

Service accounts support adding `ImagePullSecrets` to their definition. What happens is that when a `Pod` (via `Deployment` or otherwise) is launched specifying a `ServiceAccount` that specifies `ImagePullSecrets`, the pull secrets will be injected into the Pod spec automatically. An example of this using rbac-manager [can be found in the examples directory](examples/rbacdefinition-sa-imagepull.yaml).
Service accounts support adding `ImagePullSecrets` to their definition. What happens is that when a `Pod` (via `Deployment` or otherwise) is launched specifying a `ServiceAccount` that includes `ImagePullSecrets`, the pull secrets will be injected into the Pod spec automatically. An example of this using rbac-manager [can be found in the examples directory](examples/rbacdefinition-sa-imagepull.yaml).

Please note: rbac-manager will not manage secrets, and assumes they are already present in the same namespace that the `ServiceAccount` is in. Also, `ImagePullSecrets` only apply when the `Subject` is a `ServiceAccount`.

Expand Down
9 changes: 4 additions & 5 deletions ROADMAP.md
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
# Roadmap

## Q32019
## Q42020
Below is a list of work we plan to get done this quarter. Some more details can be found
[in the milestone](https://github.com/FairwindsOps/rbac-manager/milestone/1)
[in the milestone](https://github.com/FairwindsOps/rbac-manager/milestone/3)

* Update CRD to apiextensions.k8s.io/v1

* Add contributing instructions
* Add release process instructions
* Investigate AKS/EKS compatibility
150 changes: 95 additions & 55 deletions deploy/all.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ metadata:
labels:
app: rbac-manager
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: rbac-manager
Expand Down Expand Up @@ -51,7 +51,7 @@ rules:
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: rbac-manager
Expand All @@ -66,7 +66,7 @@ subjects:
name: rbac-manager
namespace: "rbac-manager"
---
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
Expand All @@ -77,64 +77,104 @@ spec:
names:
kind: RBACDefinition
plural: rbacdefinitions
singular: rbacdefinition
shortNames:
- rbd
- rbacdef
scope: Cluster
validation:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
versions:
- name: v1beta1
served: true
storage: true
schema:
openAPIV3Schema:
required:
- rbacBindings
type: object
rbacBindings:
items:
properties:
clusterRoleBindings:
items:
properties:
clusterRole:
type: string
required:
- clusterRole
type: object
type: array
name:
type: string
roleBindings:
items:
properties:
clusterRole:
type: string
namespace:
type: string
namespaceSelector:
properties:
rbacBindings:
items:
properties:
clusterRoleBindings:
items:
properties:
clusterRole:
type: string
required:
- clusterRole
type: object
type: array
name:
type: string
roleBindings:
items:
properties:
matchLabels:
clusterRole:
type: string
namespace:
type: string
namespaceSelector:
type: object
matchExpressions:
properties:
matchLabels:
type: object
additionalProperties:
type: string
matchExpressions:
type: array
items:
type: object
properties:
key:
type: string
operator:
type:
string
enum:
- Exists
- DoesNotExist
- In
- NotIn
values:
type: array
items:
type: string
required:
- key
- operator
role:
type: string
type: object
type: array
subjects:
items:
type: object
properties:
imagePullSecrets:
type: array
role:
type: string
type: object
type: array
subjects:
items:
type: object
type: array
required:
- name
- subjects
type: object
type: array
status:
type: object
required:
- metadata
- rbacBindings
type: object
version: v1beta1
items:
type: string
kind:
type: string
enum:
- Group
- ServiceAccount
- User
name:
type: string
namespace:
type: string
required:
- name
- kind
type: array
required:
- name
- subjects
type: object
type: array
status:
type: object
---
apiVersion: apps/v1
kind: Deployment
Expand Down
10 changes: 6 additions & 4 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ go 1.13

require (
cloud.google.com/go v0.37.1
github.com/Azure/go-autorest/autorest v0.11.10 // indirect
github.com/appscode/jsonpatch v0.0.0-20190108182946-7c0e3b262f30
github.com/beorn7/perks v1.0.0
github.com/davecgh/go-spew v1.1.1
Expand All @@ -17,6 +18,7 @@ require (
github.com/google/gofuzz v0.0.0-20170612174753-24818f796faf
github.com/google/uuid v1.1.1
github.com/googleapis/gnostic v0.2.0
github.com/gophercloud/gophercloud v0.13.0 // indirect
github.com/gregjones/httpcache v0.0.0-20190212212710-3befbb6ad0cc
github.com/hashicorp/golang-lru v0.5.1
github.com/imdario/mergo v0.3.7
Expand All @@ -39,15 +41,15 @@ require (
go.uber.org/atomic v1.4.0
go.uber.org/multierr v1.2.0
go.uber.org/zap v1.11.0
golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576
golang.org/x/net v0.0.0-20190324223953-e3b2ff56ed87
golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3
golang.org/x/oauth2 v0.0.0-20190319182350-c85d3e98c914
golang.org/x/sys v0.0.0-20190322080309-f49334f85ddc
golang.org/x/sys v0.0.0-20191128015809-6d18c012aee9
golang.org/x/text v0.3.3
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4
google.golang.org/appengine v1.5.0
gopkg.in/inf.v0 v0.9.1
gopkg.in/yaml.v2 v2.2.2
gopkg.in/yaml.v2 v2.3.0
k8s.io/api v0.0.0-20181213150558-05914d821849
k8s.io/apimachinery v0.0.0-20181127025237-2b1284ed4c93
k8s.io/client-go v0.0.0-20181213151034-8d9ed539ba31
Expand Down
Loading

0 comments on commit 4ef3d0c

Please sign in to comment.