fix: update ingress rbac

buttahtoast · Oct 30, 2023 · 1681fc7 · 1681fc7
1 parent 55a1ffb
commit 1681fc7
Show file tree

Hide file tree

Showing 26 changed files with 574 additions and 104 deletions.
diff --git a/.ko.yaml b/.ko.yaml
@@ -0,0 +1,8 @@
+defaultPlatforms:
+- linux/arm64
+- linux/amd64
+builds:
+- id: svc-ingress-propagator
+  main: cmd/main.go
+  ldflags:
+  - '{{ if index .Env "LD_FLAGS" }}{{ .Env.LD_FLAGS }}{{ end }}'
diff --git a/Makefile b/Makefile
@@ -0,0 +1,62 @@
+# Version
+GIT_HEAD_COMMIT ?= $(shell git rev-parse --short HEAD)
+VERSION         ?= $(or $(shell git describe --abbrev=0 --tags --match "v*" 2>/dev/null),$(GIT_HEAD_COMMIT))
+
+# Defaults
+REGISTRY        ?= ghcr.io
+REPOSITORY      ?= buttahtoast/svc-ingress-propagator
+GIT_TAG_COMMIT  ?= $(shell git rev-parse --short $(VERSION))
+GIT_MODIFIED_1  ?= $(shell git diff $(GIT_HEAD_COMMIT) $(GIT_TAG_COMMIT) --quiet && echo "" || echo ".dev")
+GIT_MODIFIED_2  ?= $(shell git diff --quiet && echo "" || echo ".dirty")
+GIT_MODIFIED    ?= $(shell echo "$(GIT_MODIFIED_1)$(GIT_MODIFIED_2)")
+GIT_REPO        ?= $(shell git config --get remote.origin.url)
+BUILD_DATE      ?= $(shell git log -1 --format="%at" | xargs -I{} sh -c 'if [ "$(shell uname)" = "Darwin" ]; then date -r {} +%Y-%m-%dT%H:%M:%S; else date -d @{} +%Y-%m-%dT%H:%M:%S; fi')
+IMG_BASE        ?= $(REPOSITORY)
+IMG             ?= $(IMG_BASE):$(VERSION)
+FULL_IMG        ?= $(REGISTRY)/$(IMG_BASE)
+
+
+# Docker Image Build
+# ------------------
+
+.PHONY: ko-build-controller
+ko-build-controller: ko
+	@echo Building Controller $(FULL_IMG) - $(KO_TAGS) >&2
+	@LD_FLAGS=$(LD_FLAGS) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=$(FULL_IMG) \
+		$(KO) build ./cmd/ --bare --tags=$(KO_TAGS) --push=false --local
+
+.PHONY: ko-build-all
+ko-build-all: ko-build-controller
+
+# Docker Image Publish
+# ------------------
+
+REGISTRY_PASSWORD   ?= dummy
+REGISTRY_USERNAME   ?= dummy
+
+.PHONY: ko-login
+ko-login: ko
+	@$(KO) login $(REGISTRY) --username $(REGISTRY_USERNAME) --password $(REGISTRY_PASSWORD)
+
+.PHONY: ko-publish-controller
+ko-publish-controller: ko-login
+	@LD_FLAGS=$(LD_FLAGS) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=$(FULL_IMG) \
+		$(KO) build . --bare --tags=$(KO_TAGS)
+
+.PHONY: ko-publish-all
+ko-publish-all: ko-publish-controller
+
+
+KO = $(shell pwd)/bin/ko
+KO_VERSION = v0.14.1
+ko:
+	$(call go-install-tool,$(KO),github.com/google/ko@v0.14.1)
+
+# go-install-tool will 'go install' any package $2 and install it to $1.
+PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST))))
+define go-install-tool
+@[ -f $(1) ] || { \
+set -e ;\
+GOBIN=$(PROJECT_DIR)/bin go install $(2) ;\
+}
+endef
diff --git a/README.md b/README.md
@@ -1,2 +1,22 @@
 # svc-ingress-propagator
 Propagtes Loadbalancer Services as Ingress to Loadbalancer cluster
+
+
+
+# Target Cluster
+
+Ensure the following is applied on the target cluster:
+
+```
+
+
+```
+
+
+## KubeConfig
+
+
+
+
+
+
diff --git a/bin/ko b/bin/ko
diff --git a/cmd/main.go b/cmd/main.go
@@ -4,57 +4,67 @@ import (
 	"context"
 	"log"
 	"os"
-	"time"
 
 	"github.com/go-logr/logr"
 	"github.com/go-logr/stdr"
-	"github.com/oliverbaehler/cloudflare-tunnel-ingress-controller/pkg/controller"
+	"github.com/oliverbaehler/svc-ingress-propagator/pkg/controller"
 	"github.com/spf13/cobra"
+	"k8s.io/client-go/tools/clientcmd"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/client/config"
 	crlog "sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 )
 
 type rootCmdFlags struct {
-	logger logr.Logger
+	controllerClass string
+	logger          logr.Logger
 	// for annotation on Ingress
 	ingressClass string
-	// Ingress class on loadbalancer cluster
-	targetIngressClass string
-	// for IngressClass.spec.controller
-	namespace string
 	// for identifying objects on parent cluster
 	identifier string
 	// Kubeconfig for parent cluster
 	kubeconfig string
-
+	// Binary log level
 	logLevel int
+	// Ingress class on loadbalancer cluster
+	targetIngressClass string
+	targetNamespace    string
+	targetKubeconfig   string
 }
 
 func main() {
 	var rootLogger = stdr.NewWithOptions(log.New(os.Stderr, "", log.LstdFlags), stdr.Options{LogCaller: stdr.All})
 
 	options := rootCmdFlags{
-		logger:          rootLogger.WithName("main"),
-		ingressClass:    "cloudflare-tunnel",
-		controllerClass: "strrl.dev/cloudflare-tunnel-ingress-controller",
-		logLevel:        0,
-		namespace:       "default",
+		logger:             rootLogger.WithName("main"),
+		ingressClass:       "propagator",
+		targetIngressClass: "propagator",
+		targetNamespace:    "propagator",
+		controllerClass:    "buttah.cloud/svc-ingress-propagator",
+		logLevel:           0,
 	}
 
 	crlog.SetLogger(rootLogger.WithName("controller-runtime"))
 
 	rootCommand := cobra.Command{
 		Use: "tunnel-controller",
 		RunE: func(cmd *cobra.Command, args []string) error {
-			ctx := context.Background()
 			stdr.SetVerbosity(options.logLevel)
 			logger := options.logger
 			logger.Info("logging verbosity", "level", options.logLevel)
 
-			cfg, err := config.GetConfig()
+			cfg := config.GetConfigOrDie()
+
+			// Load the kubeconfig from the provided file path
+			target, err := clientcmd.BuildConfigFromFlags("", options.targetKubeconfig)
 			if err != nil {
-				logger.Error(err, "unable to get kubeconfig")
+				logger.Error(err, "unable to load target kubeconfig")
+				os.Exit(1)
+			}
+			targetClient, err := client.New(target, client.Options{})
+			if err != nil {
+				logger.Error(err, "unable to set up target client")
 				os.Exit(1)
 			}
 
@@ -64,9 +74,10 @@ func main() {
 				os.Exit(1)
 			}
 
-			logger.Info("cloudflare-tunnel-ingress-controller start serving")
-			err = controller.RegisterIngressController(logger, mgr,
-				controller.IngressControllerOptions{
+			logger.Info("propagation controller start serving")
+			err = controller.RegisterPropagationController(logger, mgr,
+				targetClient,
+				controller.PropagationControllerOptions{
 					Identifier:             options.identifier,
 					IngressClassName:       options.ingressClass,
 					TargetIngressClassName: options.targetIngressClass,
@@ -76,37 +87,18 @@ func main() {
 				return err
 			}
 
-			ticker := time.NewTicker(10 * time.Second)
-			done := make(chan struct{})
-			defer close(done)
-
-			go func() {
-				for {
-					select {
-					case <-done:
-						return
-					case _ = <-ticker.C:
-						err := controller.CreateControlledCloudflaredIfNotExist(ctx, mgr.GetClient(), tunnelClient, options.namespace)
-						if err != nil {
-							logger.WithName("controlled-cloudflared").Error(err, "create controlled cloudflared")
-						}
-					}
-				}
-			}()
-
 			// controller-runtime manager would graceful shutdown with signal by itself, no need to provide context
 			return mgr.Start(context.Background())
 		},
 	}
 
 	rootCommand.PersistentFlags().StringVar(&options.ingressClass, "ingress-class", options.ingressClass, "ingress class name")
-	rootCommand.PersistentFlags().StringVar(&options.targetIngressClass, "ingress-class", options.targetIngressClass, "ingress class name")
 	rootCommand.PersistentFlags().StringVar(&options.controllerClass, "controller-class", options.controllerClass, "controller class name")
 	rootCommand.PersistentFlags().IntVarP(&options.logLevel, "log-level", "v", options.logLevel, "numeric log level")
-	rootCommand.PersistentFlags().StringVar(&options.cloudflareAPIToken, "cloudflare-api-token", options.cloudflareAPIToken, "cloudflare api token")
-	rootCommand.PersistentFlags().StringVar(&options.cloudflareAccountId, "cloudflare-account-id", options.cloudflareAccountId, "cloudflare account id")
-	rootCommand.PersistentFlags().StringVar(&options.cloudflareTunnelName, "cloudflare-tunnel-name", options.cloudflareTunnelName, "cloudflare tunnel name")
-	rootCommand.PersistentFlags().StringVar(&options.namespace, "namespace", options.namespace, "namespace to execute cloudflared connector")
+	rootCommand.PersistentFlags().StringVar(&options.targetIngressClass, "target-ingress-class", options.targetIngressClass, "Ingress Class on target cluster")
+	rootCommand.PersistentFlags().StringVar(&options.identifier, "identifier", options.identifier, "propagator identifier, if multiple propagators sync to the same target namespace, this should be different for each")
+	rootCommand.PersistentFlags().StringVar(&options.targetNamespace, "target-namespace", options.targetNamespace, "namespace on target cluster, where manifests are synced to")
+	rootCommand.PersistentFlags().StringVar(&options.targetKubeconfig, "target-kubeconfig", options.targetKubeconfig, "namespace on target cluster, where manifests are synced to")
 
 	err := rootCommand.Execute()
 	if err != nil {

diff --git a/go.mod b/go.mod
@@ -1,37 +1,35 @@
-module svc-ingress-propagator
+module github.com/oliverbaehler/svc-ingress-propagator
 
 go 1.20
 
 require (
 	github.com/go-logr/logr v1.3.0
 	github.com/go-logr/stdr v1.2.2
-	github.com/oliverbaehler/cloudflare-tunnel-ingress-controller v0.0.334
+	github.com/pkg/errors v0.9.1
 	github.com/spf13/cobra v1.7.0
+	k8s.io/api v0.28.3
+	k8s.io/apimachinery v0.28.3
+	k8s.io/client-go v0.28.3
 	sigs.k8s.io/controller-runtime v0.16.3
 )
 
 require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
-	github.com/cloudflare/cloudflare-go v0.78.0 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/evanphx/json-patch/v5 v5.7.0 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/go-openapi/jsonpointer v0.20.0 // indirect
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
 	github.com/go-openapi/swag v0.22.4 // indirect
-	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
-	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/uuid v1.3.1 // indirect
-	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.4 // indirect
 	github.com/imdario/mergo v0.3.16 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
@@ -41,7 +39,6 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
 	github.com/prometheus/client_golang v1.17.0 // indirect
 	github.com/prometheus/client_model v0.5.0 // indirect
 	github.com/prometheus/common v0.44.0 // indirect
@@ -60,10 +57,7 @@ require (
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/api v0.28.3 // indirect
 	k8s.io/apiextensions-apiserver v0.28.3 // indirect
-	k8s.io/apimachinery v0.28.3 // indirect
-	k8s.io/client-go v0.28.3 // indirect
 	k8s.io/component-base v0.28.3 // indirect
 	k8s.io/klog/v2 v2.100.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20231009201959-f62364c3c354 // indirect