Merge pull request #28 from projectsyn/fix/non-ocp

Remove service servingCert configuration on non-OCP distributions

.github/workflows/test.yaml

@@ -29,6 +29,11 @@ jobs:
           args: 'check'
   test:
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        instance:
+          - defaults
+          - openshift4
     defaults:
       run:
         working-directory: ${{ env.COMPONENT_NAME }}
@@ -40,6 +45,11 @@ jobs:
         run: make test
   golden:
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        instance:
+          - defaults
+          - openshift4
     defaults:
       run:
         working-directory: ${{ env.COMPONENT_NAME }}
@@ -48,4 +58,4 @@ jobs:
         with:
           path: ${{ env.COMPONENT_NAME }}
       - name: Golden diff
-        run: make golden-diff
+        run: make golden-diff -e instance=${{ matrix.instance }}

.sync.yml

@@ -5,3 +5,11 @@
 docs/antora.yml:
   name: resource-locker
   title: Resource Locker Operator
+
+.github/workflows/test.yaml:
+  goldenTest_makeTarget: golden-diff -e instance=${{ matrix.instance }}
+  matrix:
+    key: instance
+    entries:
+      - defaults
+      - openshift4

class/resource-locker.yml

@@ -30,3 +30,9 @@ parameters:
         input_paths:
           - resource-locker/helmcharts/resource-locker-operator-${resource_locker:charts:resource-locker-operator}/crds/
         output_path: resource-locker/00_crds/
+  commodore:
+    postprocess:
+      filters:
+        - type: jsonnet
+          filter: postprocess/non-openshift.jsonnet
+          path: resource-locker/01_resource_locker_operator_helmchart/resource-locker-operator/templates

postprocess/non-openshift.jsonnet

@@ -0,0 +1,90 @@
+local com = import 'lib/commodore.libjsonnet';
+
+local inv = com.inventory();
+local distribution = inv.parameters.facts.distribution;
+
+local chart_output_dir = std.extVar('output_path');
+
+local list_dir(dir, basename=true) =
+  std.native('list_dir')(dir, basename);
+
+local chart_files = list_dir(chart_output_dir);
+local input_file(elem) = chart_output_dir + '/' + elem;
+
+local stem(elem) =
+  local elems = std.split(elem, '.');
+  std.join('.', elems[:std.length(elems) - 1]);
+
+local fixup_deploy(obj) =
+  obj {
+    spec+: {
+      template+: {
+        spec+: {
+          containers: [
+            c {
+              ports: [
+                {
+                  containerPort: 8080,
+                  name: 'http',
+                },
+              ],
+            }
+            for c in super.containers
+            if c.name != 'kube-rbac-proxy'
+          ],
+          volumes: [
+            v
+            for v in super.volumes
+            if v.name != 'tls-cert'
+          ],
+        },
+      },
+    },
+  };
+local fixup_service(obj) =
+  obj {
+    spec+: {
+      ports: [
+        {
+          name: 'http',
+          port: 8080,
+          targetPort: 'http',
+        },
+      ],
+    },
+  };
+local fixup_servicemonitor(obj) =
+  obj {
+    spec+: {
+      endpoints: [
+        {
+          interval: '30s',
+          port: 'http',
+          scheme: 'http',
+        },
+      ],
+    },
+  };
+
+local fixup_obj(obj) =
+  if obj.kind == 'Deployment' then
+    fixup_deploy(obj)
+  else if obj.kind == 'Service' then
+    fixup_service(obj)
+  else if obj.kind == 'ServiceMonitor' then
+    fixup_servicemonitor(obj)
+  else
+    obj;
+
+local fixup(obj_file) =
+  local objs = std.prune(com.yaml_load_all(obj_file));
+  // process all objs
+  [ fixup_obj(obj) for obj in objs ];
+
+if distribution != 'openshift4' then
+  {
+    [stem(elem)]: fixup(input_file(elem))
+    for elem in chart_files
+  }
+else
+  {}

tests/golden/defaults/resource-locker/resource-locker/01_resource_locker_operator_helmchart/resource-locker-operator/templates/manager.yaml

@@ -22,52 +22,31 @@ spec:
         operator: resource-locker-operator
     spec:
       containers:
-        - args:
-            - --secure-listen-address=0.0.0.0:8443
-            - --upstream=http://127.0.0.1:8080/
-            - --logtostderr=true
-            - --tls-cert-file=/etc/certs/tls/tls.crt
-            - --tls-private-key-file=/etc/certs/tls/tls.key
-            - --v=10
-          image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0
-          imagePullPolicy: IfNotPresent
-          name: kube-rbac-proxy
-          ports:
-            - containerPort: 8443
-              name: https
-          resources:
-            requests:
-              cpu: 100m
-              memory: 20Mi
-          volumeMounts:
-            - mountPath: /etc/certs/tls
-              name: tls-cert
-        - args:
-            - --leader-elect
-          command:
-            - /manager
-          image: quay.io/redhat-cop/resource-locker-operator:v1.1.0
-          imagePullPolicy: IfNotPresent
-          livenessProbe:
-            httpGet:
-              path: /healthz
-              port: 8081
-            initialDelaySeconds: 15
-            periodSeconds: 20
-          name: resource-locker-operator
-          readinessProbe:
-            httpGet:
-              path: /readyz
-              port: 8081
-            initialDelaySeconds: 5
-            periodSeconds: 10
-          resources:
-            requests:
-              cpu: 100m
-              memory: 20Mi
+      - args:
+        - --leader-elect
+        command:
+        - /manager
+        image: quay.io/redhat-cop/resource-locker-operator:v1.1.0
+        imagePullPolicy: IfNotPresent
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8081
+          initialDelaySeconds: 15
+          periodSeconds: 20
+        name: resource-locker-operator
+        ports:
+        - containerPort: 8080
+          name: http
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: 8081
+          initialDelaySeconds: 5
+          periodSeconds: 10
+        resources:
+          requests:
+            cpu: 100m
+            memory: 20Mi
       serviceAccountName: resource-locker-operator-controller-manager
-      volumes:
-        - name: tls-cert
-          secret:
-            defaultMode: 420
-            secretName: resource-locker-operator-certs
+      volumes: []