Merge pull request #1 from SomtochiAma/kubeproxy-complete

Makes controller run in-cluster

kubeproxy/Dockerfile

@@ -1,3 +1,8 @@
+FROM ubuntu:latest as kubectl
+RUN apt-get update
+RUN apt-get install curl -y
+RUN curl -fsSL https://dl.k8s.io/release/v1.17.4/bin/linux/amd64/kubectl > /usr/bin/kubectl
+RUN chmod a+rx /usr/bin/kubectl
 # Build the manager binary
 FROM golang:1.12.5 as builder
 
@@ -19,9 +24,11 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM gcr.io/distroless/static:nonroot 
+FROM gcr.io/distroless/static:nonroot
 WORKDIR /
 COPY --from=builder /workspace/manager .
+COPY --from=kubectl /usr/bin/kubectl /usr/bin/kubectl
+COPY channels/ channels/
 USER nonroot:nonroot
 
 ENTRYPOINT ["/manager"]

kubeproxy/InCluster.md

@@ -0,0 +1,53 @@
+## This Readme documents how to run the KubeProxy operator in a kinder cluster
+
+# 1. Create a kinder cluster
+Ensure kinder is installed. [Installation docs](https://github.com/kubernetes/kubeadm/blob/master/kinder/README.md)
+
+```bash
+kinder create cluster --image=kindest/node:v1.18.0
+
+kinder do kubeadm-config
+kinder do loadbalancer
+
+docker exec -it kind-control-plane-1  /kind/bin/kubeadm init --skip-phases="addon/kube-proxy"  --ignore-preflight-errors="FileContent--proc-sys-net-bridge-bridge-nf-call-iptables,Swap,SystemVerification" --config /kind/kubeadm.conf
+kinder exec @all -- sysctl -w net.ipv4.conf.all.rp_filter=1
+
+kinder cp @cp1:/etc/kubernetes/admin.conf $(kinder get kubeconfig-path)
+export KUBECONFIG=$(kinder get kubeconfig-path)
+```
+
+You might have set the server ip in the KUBECONFIG to use localhost to reach the cluster, `insecure-skip-tls-verify` to true, and delete the ca certificate. To find the port, run `docker ps | grep kind` and check the port
+
+> insecure-skip-tls-verify: true
+> server: https://127.0.0.1:<port>
+
+2. Set the Kubernetes Service host and port in manager.yaml
+ssh into the node and get the host and port.
+The command below should give the host.
+```bash
+docker inspect kind-control-plane-1 | grep IPAddress
+```
+
+Replace it in the `manager.yaml`
+
+>- name: KUBERNETES_SERVICE_HOST
+>  value: "172.17.0.2"
+>- name: KUBERNETES_SERVICE_PORT
+>  value: "6443"
+
+
+3. Build and deploy Docker image
+```bash
+make docker-build
+
+make deploy
+```
+
+4. Install CRD
+
+```bash
+make install
+kubectl apply -f config/samples/
+```
+
+5. KubeProxy should be up and running

kubeproxy/channels/packages/kubeproxy/1.15.0/manifest.yaml

@@ -25,7 +25,7 @@ spec:
     - description: Project Homepage
       url: "https://github.com/kubernetes/kubernetes"
 ---
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   name: kube-proxy
@@ -60,7 +60,7 @@ spec:
         command:
         - /bin/sh
         - -c
-        - kube-proxy --resource-container="" --oom-score-adj=-998 {{params}} 
+        - kube-proxy --resource-container="" --oom-score-adj=-998 {{params}}
           #1>>/var/log/kube-proxy.log 2>&1
         securityContext:
           privileged: true
@@ -104,4 +104,3 @@ roleRef:
   kind: ClusterRole
   name: system:node-proxier
   apiGroup: rbac.authorization.k8s.io
-

kubeproxy/config/crd/bases/addons.x-k8s.io_kubeproxies.yaml

@@ -3,6 +3,8 @@
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.2.4
   creationTimestamp: null
   name: kubeproxies.addons.x-k8s.io
 spec:
@@ -12,20 +14,20 @@ spec:
     listKind: KubeProxyList
     plural: kubeproxies
     singular: kubeproxy
-  scope: ""
+  scope: Namespaced
   validation:
     openAPIV3Schema:
       description: KubeProxy is the Schema for the  API
       properties:
         apiVersion:
           description: 'APIVersion defines the versioned schema of this representation
             of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
           type: string
         kind:
           description: 'Kind is a string value representing the REST resource this
             object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
           type: string
         metadata:
           type: object

kubeproxy/config/manager/kustomization.yaml

@@ -1,2 +1,11 @@
 resources:
 - manager.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+images:
+- name: controller
+  newName: controller
+  newTag: latest
+patchesStrategicMerge:
+- patches/apiserver_endpoint.patch.yaml
+- patches/tolerations_controlplane.patch.yaml

kubeproxy/config/manager/manager.yaml

@@ -22,12 +22,14 @@ spec:
       labels:
         control-plane: controller-manager
     spec:
+      hostNetwork: true
       containers:
       - command:
         - /manager
         args:
         - --enable-leader-election
         image: controller:latest
+        imagePullPolicy: IfNotPresent
         name: manager
         resources:
           limits:

kubeproxy/config/manager/patches/apiserver_endpoint.patch.yaml

@@ -0,0 +1,15 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+      - name: manager
+        env:
+          - name: KUBERNETES_SERVICE_HOST
+            value: "172.17.0.2"
+          - name: KUBERNETES_SERVICE_PORT
+            value: "6443"

kubeproxy/config/manager/patches/tolerations_controlplane.patch.yaml

@@ -0,0 +1,15 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      tolerations:
+      - key: "node.kubernetes.io/not-ready"
+        operator: "Exists"
+        effect: "NoSchedule"
+      - key: "node-role.kubernetes.io/master"
+        operator: "Exists"
+        effect: "NoSchedule"

kubeproxy/go.mod

@@ -3,14 +3,22 @@ module addon-operators/kubeproxy
 go 1.12
 
 require (
+	github.com/appscode/jsonpatch v0.0.0-20190108182946-7c0e3b262f30 // indirect
 	github.com/go-logr/logr v0.1.0
-	github.com/onsi/ginkgo v1.7.0
-	github.com/onsi/gomega v1.4.3
-	k8s.io/apimachinery v0.0.0-20190404173353-6a84e37a896d
-	k8s.io/client-go v11.0.1-0.20190409021438-1a26190bd76a+incompatible
-	k8s.io/klog v0.3.0
+	github.com/gobuffalo/envy v1.6.10 // indirect
+	github.com/imdario/mergo v0.3.7 // indirect
+	github.com/mattbaird/jsonpatch v0.0.0-20171005235357-81af80346b1a // indirect
+	github.com/onsi/ginkgo v1.10.1
+	github.com/onsi/gomega v1.7.0
+	github.com/petar/GoLLRB v0.0.0-20130427215148-53be0d36a84c // indirect
+	k8s.io/apimachinery v0.17.0
+	k8s.io/client-go v0.17.0
+	k8s.io/klog v1.0.0
 	k8s.io/kubeadm v0.0.0-20191014153037-d541f020334c // indirect
-	k8s.io/kubeadm/kinder v0.0.0-20191014153037-d541f020334c // indirect
-	sigs.k8s.io/controller-runtime v0.2.2
-	sigs.k8s.io/kubebuilder-declarative-pattern v0.0.0-20190926123507-e845b6c6f25a
+	sigs.k8s.io/cluster-addons/dashboard v0.0.0-20200515184536-657eb5be7e85
+	sigs.k8s.io/controller-runtime v0.4.0
+	sigs.k8s.io/controller-tools v0.1.6 // indirect
+	sigs.k8s.io/kind v0.1.0 // indirect
+	sigs.k8s.io/kubebuilder-declarative-pattern v0.0.0-20200226054827-748a6481b2a4
+	sigs.k8s.io/kustomize v2.0.3+incompatible // indirect
 )