Operator improvements

* Operator can now watch all namespaces * Operator is configured by a configmap * Fixed roles/rolebindings
cloudstateio · Aug 16, 2019 · 16cde65 · 16cde65
1 parent d3a4017
commit 16cde65
Show file tree

Hide file tree

Showing 19 changed files with 479 additions and 236 deletions.
diff --git a/build.sbt b/build.sbt
@@ -72,6 +72,8 @@ lazy val root = (project in file("."))
 
 lazy val proxyDockerBuild = settingKey[Option[(String, String)]]("Docker artifact name and configuration file which gets overridden by the buildProxy command")
 
+val dockerTagVersion = !sys.props.get("docker.tag.version").forall(_ == "false")
+
 def dockerSettings: Seq[Setting[_]] = Seq(
   proxyDockerBuild := None,
 
@@ -90,7 +92,7 @@ def dockerSettings: Seq[Setting[_]] = Seq(
     val single = dockerAlias.value
     // So basically, by default we *just* publish latest, but if -Ddocker.tag.version is passed,
     // we publish both latest and a tag for the version.
-    if (!sys.props.get("docker.tag.version").forall(_ == "false")) {
+    if (dockerTagVersion) {
       old
     } else {
       Seq(single.withTag(Some("latest")))
@@ -369,10 +371,11 @@ lazy val operator = (project in file("operator"))
     dockerExposedPorts := Nil,
     compileK8sDescriptors := doCompileK8sDescriptors(
       baseDirectory.value / "deploy",
-      baseDirectory.value / "cloudstate.yaml",
+      baseDirectory.value,
       dockerRepository.value,
       dockerUsername.value,
-      version.value
+      version.value,
+      streams.value
     )
   )
 
@@ -447,19 +450,25 @@ lazy val `tck` = (project in file("tck"))
     executeTests in Test := (executeTests in Test).dependsOn(`proxy-core`/assembly).value
   )
 
-def doCompileK8sDescriptors(dir: File, target: File, registry: Option[String], username: Option[String], version: String): File = {
+def doCompileK8sDescriptors(dir: File, targetDir: File, registry: Option[String], username: Option[String], version: String, streams: TaskStreams): File = {
+
+  val targetFileName = if (dockerTagVersion) s"cloudstate-$version.yaml" else "cloudstate.yaml"
+  val target = targetDir / targetFileName
+
   val files = ((dir / "crds") * "*.yaml").get ++
     (dir * "*.yaml").get.sortBy(_.getName)
 
   val fullDescriptor = files.map(IO.read(_)).mkString("\n---\n")
 
   val user = username.getOrElse("cloudstateio")
   val registryAndUsername = registry.fold(user)(r => s"$r/$user")
+  val tag = if (dockerTagVersion) version else "latest"
   val substitutedDescriptor = fullDescriptor.replaceAll(
-    "image: cloudstateio/(.*):latest", 
-    s"image: $registryAndUsername/$$1:$version"
+    "cloudstateio/(cloudstate-.*):latest", 
+    s"$registryAndUsername/$$1:$tag"
   )
 
   IO.write(target, substitutedDescriptor)
+  streams.log.info("Generated YAML descriptor in " + target)
   target
 }
diff --git a/operator/cloudstate.yaml b/operator/cloudstate.yaml
@@ -32,8 +32,6 @@ spec:
     plural: journals
     singular: journal
     kind: Journal
-    shortNames:
-    - esj
   subresources:
     status: {}
   additionalPrinterColumns:
@@ -48,29 +46,38 @@ spec:
   - name: Age
     type: date
     JSONPath: .metadata.creationTimestamp
-  validation:
-    openAPIV3Schema:
-      properties:
-        spec:
-          type: object
-          properties:
 
-            type:
-              type: string
-              enum:
-              - Cassandra
 
-            deployment:
-              type: string
-              enum:
-              - Unmanaged
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: cloudstate-operator
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cloudstate-operator-config
+data:
+  config: |
+    cloudstate.operator {
+      # Watch configuration
+      watch {
 
-            config:
-              type: object
+        # This should be a list of namespaces to watch. Either should contain a single "*" to watch all namespaces
+        # (this is configured in more detail below), or should be a list of namespaces.
+        namespaces = ["*"]
+      }
 
-          required:
-          - type
-          - deployment
+      # Proxy configuration
+      proxy {
+        image {
+          cassandra = "cloudstateio/cloudstate-proxy-cassandra:latest"
+          no-journal = "cloudstateio/cloudstate-proxy-no-journal:latest"
+          in-memory = "cloudstateio/cloudstate-proxy-in-memory:latest"
+        }
+      }
+    }
 
 
 ---
@@ -79,46 +86,42 @@ kind: ClusterRole
 metadata:
   name: cloudstate-operator-role
 rules:
-- apiGroups:
-  - rbac.authorization.k8s.io
-  resources:
-  - rolebindings
-  verbs:
-  - get
-  - create
-  - delete
-  - patch
-  - update
-- apiGroups:
-  - rbac.authorization.k8s.io
-  resources:
-  - roles
-  verbs:
-  - get
-  - create
-  - delete
-  - patch
-  - update
-- apiGroups:
-  - cloudstate.io
-  resources:
-  - eventsourcedjournals
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - cloudstate.io
-  resources:
-  - eventsourcedjournals/status
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - delete
-  - patch
-  - update
+
+- apiGroups: [""]
+  resources: ["namespaces"]
+  verbs: ["get", "list", "watch"]
+
+- apiGroups: [""]
+  resources: ["services"]
+  verbs: ["get", "create", "delete", "patch", "update"]
+
+- apiGroups: ["apps"]
+  resources: ["deployments", "deployments/scale"]
+  verbs: ["get", "create", "delete", "patch", "update", "watch"]
+
+- apiGroups: ["rbac.authorization.k8s.io"]
+  resources: ["rolebindings", "roles"]
+  verbs: ["get", "create", "delete", "patch", "update"]
+
+- apiGroups: ["cloudstate.io"]
+  resources: ["journals", "statefulservices"]
+  verbs: ["get", "list", "watch"]
+
+- apiGroups: ["cloudstate.io"]
+  resources: ["journals/status", "statefulservices/status"]
+  verbs: ["update", "patch"]
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: Role
+metadata:
+  name: cloudstate-operator-role
+rules:
+- apiGroups: [""]
+  resources: ["configmaps"]
+  verbs: ["get", "watch"]
+  resourceNames: ["cloudstate-operator-config"]
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
@@ -127,11 +130,27 @@ metadata:
   name: cloudstate-operator
 subjects:
 - kind: ServiceAccount
-  name: controller
+  name: cloudstate-operator
+  namespace: cloudstate
 roleRef:
   kind: ClusterRole
   name: cloudstate-operator-role
   apiGroup: rbac.authorization.k8s.io
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+  name: cloudstate-operator
+subjects:
+- kind: ServiceAccount
+  name: cloudstate-operator
+roleRef:
+  kind: Role
+  name: cloudstate-operator-role
+  apiGroup: rbac.authorization.k8s.io
+
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -151,27 +170,24 @@ spec:
       annotations:
         sidecar.istio.io/inject: "false"
     spec:
-      serviceAccountName: controller
+      serviceAccountName: cloudstate-operator
       containers:
       - name: operator
         image: cloudstateio/cloudstate-operator:latest
 
         env:
-        - name: NAMESPACES
-          # Update to comma separated list of namespaces to watch
-          value: default
-        - name: CASSANDRA_JOURNAL_IMAGE
-          value: cloudstateio/cloudstate-proxy-cassandra:latest
-        - name: IN_MEMORY_JOURNAL_IMAGE
-          value: cloudstateio/cloudstate-proxy-in-memory:latest
-        - name: NO_JOURNAL_IMAGE
-          value: cloudstateio/cloudstate-proxy-no-journal:latest
         - name: JAVA_OPTS
           value: "-Xms128m -Xmx128m"
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: "metadata.namespace"
+        - name: CONFIG_MAP
+          value: cloudstate-operator-config
 
         resources:
           limits:
             memory: 256Mi
           requests:
-            cpu: 0.25
+            cpu: 0.1
             memory: 256Mi
diff --git a/operator/deploy/01-service-account.yaml b/operator/deploy/01-service-account.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: cloudstate-operator
diff --git a/operator/deploy/02-operator-config.yaml b/operator/deploy/02-operator-config.yaml
@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cloudstate-operator-config
+data:
+  config: |
+    cloudstate.operator {
+      # Watch configuration
+      watch {
+
+        # This should be a list of namespaces to watch. Either should contain a single "*" to watch all namespaces
+        # (this is configured in more detail below), or should be a list of namespaces.
+        namespaces = ["*"]
+      }
+
+      # Proxy configuration
+      proxy {
+        image {
+          cassandra = "cloudstateio/cloudstate-proxy-cassandra:latest"
+          no-journal = "cloudstateio/cloudstate-proxy-no-journal:latest"
+          in-memory = "cloudstateio/cloudstate-proxy-in-memory:latest"
+        }
+      }
+    }
+
diff --git a/operator/deploy/02-role.yaml b/operator/deploy/02-role.yaml
diff --git a/operator/deploy/03-role-binding.yaml b/operator/deploy/03-role-binding.yaml