From 3d91cb3af07e13cb5c25ebff6fa347cce9f44954 Mon Sep 17 00:00:00 2001 From: Prateek Singh Date: Thu, 27 Jul 2023 15:46:13 +0530 Subject: [PATCH] Cleanup of unused files Signed-off-by: Prateek Singh --- .../api/v1alpha1/client/register_crd_test.go | 7 - tetragonpod/config/crd/kustomization.yaml | 21 --- tetragonpod/config/crd/kustomizeconfig.yaml | 19 --- .../patches/cainjection_in_tetragonpods.yaml | 7 - .../crd/patches/webhook_in_tetragonpods.yaml | 16 -- tetragonpod/config/default/kustomization.yaml | 144 ------------------ .../default/manager_auth_proxy_patch.yaml | 55 ------- .../config/default/manager_config_patch.yaml | 10 -- tetragonpod/config/manager/kustomization.yaml | 2 - tetragonpod/config/manager/manager.yaml | 102 ------------- .../config/prometheus/kustomization.yaml | 2 - tetragonpod/config/prometheus/monitor.yaml | 26 ---- .../rbac/auth_proxy_client_clusterrole.yaml | 16 -- tetragonpod/config/rbac/auth_proxy_role.yaml | 24 --- .../config/rbac/auth_proxy_role_binding.yaml | 19 --- .../config/rbac/auth_proxy_service.yaml | 21 --- tetragonpod/config/rbac/kustomization.yaml | 18 --- .../config/rbac/leader_election_role.yaml | 44 ------ .../rbac/leader_election_role_binding.yaml | 19 --- tetragonpod/config/rbac/role.yaml | 33 ---- tetragonpod/config/rbac/role_binding.yaml | 19 --- tetragonpod/config/rbac/service_account.yaml | 12 -- .../config/rbac/tetragonpod_editor_role.yaml | 31 ---- .../config/rbac/tetragonpod_viewer_role.yaml | 27 ---- .../cilium.io_v1alpha1_tetragonpod.yaml | 12 -- tetragonpod/config/samples/kustomization.yaml | 4 - tetragonpod/hack/boilerplate.go.txt | 15 -- tetragonpod/internal/controller/suite_test.go | 79 ---------- 28 files changed, 804 deletions(-) delete mode 100644 tetragonpod/api/v1alpha1/client/register_crd_test.go delete mode 100644 tetragonpod/config/crd/kustomization.yaml delete mode 100644 tetragonpod/config/crd/kustomizeconfig.yaml delete mode 100644 tetragonpod/config/crd/patches/cainjection_in_tetragonpods.yaml delete mode 100644 tetragonpod/config/crd/patches/webhook_in_tetragonpods.yaml delete mode 100644 tetragonpod/config/default/kustomization.yaml delete mode 100644 tetragonpod/config/default/manager_auth_proxy_patch.yaml delete mode 100644 tetragonpod/config/default/manager_config_patch.yaml delete mode 100644 tetragonpod/config/manager/kustomization.yaml delete mode 100644 tetragonpod/config/manager/manager.yaml delete mode 100644 tetragonpod/config/prometheus/kustomization.yaml delete mode 100644 tetragonpod/config/prometheus/monitor.yaml delete mode 100644 tetragonpod/config/rbac/auth_proxy_client_clusterrole.yaml delete mode 100644 tetragonpod/config/rbac/auth_proxy_role.yaml delete mode 100644 tetragonpod/config/rbac/auth_proxy_role_binding.yaml delete mode 100644 tetragonpod/config/rbac/auth_proxy_service.yaml delete mode 100644 tetragonpod/config/rbac/kustomization.yaml delete mode 100644 tetragonpod/config/rbac/leader_election_role.yaml delete mode 100644 tetragonpod/config/rbac/leader_election_role_binding.yaml delete mode 100644 tetragonpod/config/rbac/role.yaml delete mode 100644 tetragonpod/config/rbac/role_binding.yaml delete mode 100644 tetragonpod/config/rbac/service_account.yaml delete mode 100644 tetragonpod/config/rbac/tetragonpod_editor_role.yaml delete mode 100644 tetragonpod/config/rbac/tetragonpod_viewer_role.yaml delete mode 100644 tetragonpod/config/samples/cilium.io_v1alpha1_tetragonpod.yaml delete mode 100644 tetragonpod/config/samples/kustomization.yaml delete mode 100644 tetragonpod/hack/boilerplate.go.txt delete mode 100644 tetragonpod/internal/controller/suite_test.go diff --git a/tetragonpod/api/v1alpha1/client/register_crd_test.go b/tetragonpod/api/v1alpha1/client/register_crd_test.go deleted file mode 100644 index 7da69f3dc99..00000000000 --- a/tetragonpod/api/v1alpha1/client/register_crd_test.go +++ /dev/null @@ -1,7 +0,0 @@ -package client - -// This contains test for register crd file - -// func TestGetCRD(t *testing.T) { -// GetCRD() -// } diff --git a/tetragonpod/config/crd/kustomization.yaml b/tetragonpod/config/crd/kustomization.yaml deleted file mode 100644 index d7a6a37f9a8..00000000000 --- a/tetragonpod/config/crd/kustomization.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# This kustomization.yaml is not intended to be run by itself, -# since it depends on service name and namespace that are out of this kustomize package. -# It should be run by config/default -resources: -- bases/cilium.io_tetragonpods.yaml -#+kubebuilder:scaffold:crdkustomizeresource - -patchesStrategicMerge: -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. -# patches here are for enabling the conversion webhook for each CRD -#- patches/webhook_in_tetragonpods.yaml -#+kubebuilder:scaffold:crdkustomizewebhookpatch - -# [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix. -# patches here are for enabling the CA injection for each CRD -#- patches/cainjection_in_tetragonpods.yaml -#+kubebuilder:scaffold:crdkustomizecainjectionpatch - -# the following config is for teaching kustomize how to do kustomization for CRDs. -configurations: -- kustomizeconfig.yaml diff --git a/tetragonpod/config/crd/kustomizeconfig.yaml b/tetragonpod/config/crd/kustomizeconfig.yaml deleted file mode 100644 index ec5c150a9df..00000000000 --- a/tetragonpod/config/crd/kustomizeconfig.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# This file is for teaching kustomize how to substitute name and namespace reference in CRD -nameReference: -- kind: Service - version: v1 - fieldSpecs: - - kind: CustomResourceDefinition - version: v1 - group: apiextensions.k8s.io - path: spec/conversion/webhook/clientConfig/service/name - -namespace: -- kind: CustomResourceDefinition - version: v1 - group: apiextensions.k8s.io - path: spec/conversion/webhook/clientConfig/service/namespace - create: false - -varReference: -- path: metadata/annotations diff --git a/tetragonpod/config/crd/patches/cainjection_in_tetragonpods.yaml b/tetragonpod/config/crd/patches/cainjection_in_tetragonpods.yaml deleted file mode 100644 index 9874ba9be7b..00000000000 --- a/tetragonpod/config/crd/patches/cainjection_in_tetragonpods.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# The following patch adds a directive for certmanager to inject CA into the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME - name: tetragonpods.cilium.io diff --git a/tetragonpod/config/crd/patches/webhook_in_tetragonpods.yaml b/tetragonpod/config/crd/patches/webhook_in_tetragonpods.yaml deleted file mode 100644 index 226b8e68103..00000000000 --- a/tetragonpod/config/crd/patches/webhook_in_tetragonpods.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# The following patch enables a conversion webhook for the CRD -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: tetragonpods.cilium.io -spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - namespace: system - name: webhook-service - path: /convert - conversionReviewVersions: - - v1 diff --git a/tetragonpod/config/default/kustomization.yaml b/tetragonpod/config/default/kustomization.yaml deleted file mode 100644 index 0038e2cabc6..00000000000 --- a/tetragonpod/config/default/kustomization.yaml +++ /dev/null @@ -1,144 +0,0 @@ -# Adds namespace to all resources. -namespace: tetragonpod-system - -# Value of this field is prepended to the -# names of all resources, e.g. a deployment named -# "wordpress" becomes "alices-wordpress". -# Note that it should also match with the prefix (text before '-') of the namespace -# field above. -namePrefix: tetragonpod- - -# Labels to add to all resources and selectors. -#labels: -#- includeSelectors: true -# pairs: -# someName: someValue - -resources: -- ../crd -- ../rbac -- ../manager -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -#- ../webhook -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. -#- ../certmanager -# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. -#- ../prometheus - -patchesStrategicMerge: -# Protect the /metrics endpoint by putting it behind auth. -# If you want your controller-manager to expose the /metrics -# endpoint w/o any authn/z, please comment the following line. -- manager_auth_proxy_patch.yaml - - - -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -#- manager_webhook_patch.yaml - -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. -# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. -# 'CERTMANAGER' needs to be enabled to use ca injection -#- webhookcainjection_patch.yaml - -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. -# Uncomment the following replacements to add the cert-manager CA injection annotations -#replacements: -# - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs -# kind: Certificate -# group: cert-manager.io -# version: v1 -# name: serving-cert # this name should match the one in certificate.yaml -# fieldPath: .metadata.namespace # namespace of the certificate CR -# targets: -# - select: -# kind: ValidatingWebhookConfiguration -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 0 -# create: true -# - select: -# kind: MutatingWebhookConfiguration -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 0 -# create: true -# - select: -# kind: CustomResourceDefinition -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 0 -# create: true -# - source: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# name: serving-cert # this name should match the one in certificate.yaml -# fieldPath: .metadata.name -# targets: -# - select: -# kind: ValidatingWebhookConfiguration -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 1 -# create: true -# - select: -# kind: MutatingWebhookConfiguration -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 1 -# create: true -# - select: -# kind: CustomResourceDefinition -# fieldPaths: -# - .metadata.annotations.[cert-manager.io/inject-ca-from] -# options: -# delimiter: '/' -# index: 1 -# create: true -# - source: # Add cert-manager annotation to the webhook Service -# kind: Service -# version: v1 -# name: webhook-service -# fieldPath: .metadata.name # namespace of the service -# targets: -# - select: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# fieldPaths: -# - .spec.dnsNames.0 -# - .spec.dnsNames.1 -# options: -# delimiter: '.' -# index: 0 -# create: true -# - source: -# kind: Service -# version: v1 -# name: webhook-service -# fieldPath: .metadata.namespace # namespace of the service -# targets: -# - select: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# fieldPaths: -# - .spec.dnsNames.0 -# - .spec.dnsNames.1 -# options: -# delimiter: '.' -# index: 1 -# create: true diff --git a/tetragonpod/config/default/manager_auth_proxy_patch.yaml b/tetragonpod/config/default/manager_auth_proxy_patch.yaml deleted file mode 100644 index b7512661674..00000000000 --- a/tetragonpod/config/default/manager_auth_proxy_patch.yaml +++ /dev/null @@ -1,55 +0,0 @@ -# This patch inject a sidecar container which is a HTTP proxy for the -# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: - - amd64 - - arm64 - - ppc64le - - s390x - - key: kubernetes.io/os - operator: In - values: - - linux - containers: - - name: kube-rbac-proxy - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1 - args: - - "--secure-listen-address=0.0.0.0:8443" - - "--upstream=http://127.0.0.1:8080/" - - "--logtostderr=true" - - "--v=0" - ports: - - containerPort: 8443 - protocol: TCP - name: https - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 5m - memory: 64Mi - - name: manager - args: - - "--health-probe-bind-address=:8081" - - "--metrics-bind-address=127.0.0.1:8080" - - "--leader-elect" diff --git a/tetragonpod/config/default/manager_config_patch.yaml b/tetragonpod/config/default/manager_config_patch.yaml deleted file mode 100644 index f6f58916922..00000000000 --- a/tetragonpod/config/default/manager_config_patch.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: manager diff --git a/tetragonpod/config/manager/kustomization.yaml b/tetragonpod/config/manager/kustomization.yaml deleted file mode 100644 index 5c5f0b84cba..00000000000 --- a/tetragonpod/config/manager/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: -- manager.yaml diff --git a/tetragonpod/config/manager/manager.yaml b/tetragonpod/config/manager/manager.yaml deleted file mode 100644 index fc704ffa3e8..00000000000 --- a/tetragonpod/config/manager/manager.yaml +++ /dev/null @@ -1,102 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - control-plane: controller-manager - app.kubernetes.io/name: namespace - app.kubernetes.io/instance: system - app.kubernetes.io/component: manager - app.kubernetes.io/created-by: tetragonpod - app.kubernetes.io/part-of: tetragonpod - app.kubernetes.io/managed-by: kustomize - name: system ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system - labels: - control-plane: controller-manager - app.kubernetes.io/name: deployment - app.kubernetes.io/instance: controller-manager - app.kubernetes.io/component: manager - app.kubernetes.io/created-by: tetragonpod - app.kubernetes.io/part-of: tetragonpod - app.kubernetes.io/managed-by: kustomize -spec: - selector: - matchLabels: - control-plane: controller-manager - replicas: 1 - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: manager - labels: - control-plane: controller-manager - spec: - # TODO(user): Uncomment the following code to configure the nodeAffinity expression - # according to the platforms which are supported by your solution. - # It is considered best practice to support multiple architectures. You can - # build your manager image using the makefile target docker-buildx. - # affinity: - # nodeAffinity: - # requiredDuringSchedulingIgnoredDuringExecution: - # nodeSelectorTerms: - # - matchExpressions: - # - key: kubernetes.io/arch - # operator: In - # values: - # - amd64 - # - arm64 - # - ppc64le - # - s390x - # - key: kubernetes.io/os - # operator: In - # values: - # - linux - securityContext: - runAsNonRoot: true - # TODO(user): For common cases that do not require escalating privileges - # it is recommended to ensure that all your Pods/Containers are restrictive. - # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted - # Please uncomment the following code if your project does NOT have to work on old Kubernetes - # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ). - # seccompProfile: - # type: RuntimeDefault - containers: - - command: - - /manager - args: - - --leader-elect - image: controller:latest - name: manager - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - # TODO(user): Configure the resources accordingly based on the project requirements. - # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 10m - memory: 64Mi - serviceAccountName: controller-manager - terminationGracePeriodSeconds: 10 diff --git a/tetragonpod/config/prometheus/kustomization.yaml b/tetragonpod/config/prometheus/kustomization.yaml deleted file mode 100644 index ed137168a1d..00000000000 --- a/tetragonpod/config/prometheus/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: -- monitor.yaml diff --git a/tetragonpod/config/prometheus/monitor.yaml b/tetragonpod/config/prometheus/monitor.yaml deleted file mode 100644 index c94195da524..00000000000 --- a/tetragonpod/config/prometheus/monitor.yaml +++ /dev/null @@ -1,26 +0,0 @@ - -# Prometheus Monitor Service (Metrics) -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - control-plane: controller-manager - app.kubernetes.io/name: servicemonitor - app.kubernetes.io/instance: controller-manager-metrics-monitor - app.kubernetes.io/component: metrics - app.kubernetes.io/created-by: tetragonpod - app.kubernetes.io/part-of: tetragonpod - app.kubernetes.io/managed-by: kustomize - name: controller-manager-metrics-monitor - namespace: system -spec: - endpoints: - - path: /metrics - port: https - scheme: https - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - tlsConfig: - insecureSkipVerify: true - selector: - matchLabels: - control-plane: controller-manager diff --git a/tetragonpod/config/rbac/auth_proxy_client_clusterrole.yaml b/tetragonpod/config/rbac/auth_proxy_client_clusterrole.yaml deleted file mode 100644 index fb1878dab04..00000000000 --- a/tetragonpod/config/rbac/auth_proxy_client_clusterrole.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: clusterrole - app.kubernetes.io/instance: metrics-reader - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: tetragonpod - app.kubernetes.io/part-of: tetragonpod - app.kubernetes.io/managed-by: kustomize - name: metrics-reader -rules: -- nonResourceURLs: - - "/metrics" - verbs: - - get diff --git a/tetragonpod/config/rbac/auth_proxy_role.yaml b/tetragonpod/config/rbac/auth_proxy_role.yaml deleted file mode 100644 index b9905bddaaf..00000000000 --- a/tetragonpod/config/rbac/auth_proxy_role.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: clusterrole - app.kubernetes.io/instance: proxy-role - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: tetragonpod - app.kubernetes.io/part-of: tetragonpod - app.kubernetes.io/managed-by: kustomize - name: proxy-role -rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create diff --git a/tetragonpod/config/rbac/auth_proxy_role_binding.yaml b/tetragonpod/config/rbac/auth_proxy_role_binding.yaml deleted file mode 100644 index d57c42de514..00000000000 --- a/tetragonpod/config/rbac/auth_proxy_role_binding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: clusterrolebinding - app.kubernetes.io/instance: proxy-rolebinding - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: tetragonpod - app.kubernetes.io/part-of: tetragonpod - app.kubernetes.io/managed-by: kustomize - name: proxy-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: proxy-role -subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system diff --git a/tetragonpod/config/rbac/auth_proxy_service.yaml b/tetragonpod/config/rbac/auth_proxy_service.yaml deleted file mode 100644 index 2af359faa0a..00000000000 --- a/tetragonpod/config/rbac/auth_proxy_service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: controller-manager - app.kubernetes.io/name: service - app.kubernetes.io/instance: controller-manager-metrics-service - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: tetragonpod - app.kubernetes.io/part-of: tetragonpod - app.kubernetes.io/managed-by: kustomize - name: controller-manager-metrics-service - namespace: system -spec: - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https - selector: - control-plane: controller-manager diff --git a/tetragonpod/config/rbac/kustomization.yaml b/tetragonpod/config/rbac/kustomization.yaml deleted file mode 100644 index 731832a6ac3..00000000000 --- a/tetragonpod/config/rbac/kustomization.yaml +++ /dev/null @@ -1,18 +0,0 @@ -resources: -# All RBAC will be applied under this service account in -# the deployment namespace. You may comment out this resource -# if your manager will use a service account that exists at -# runtime. Be sure to update RoleBinding and ClusterRoleBinding -# subjects if changing service account names. -- service_account.yaml -- role.yaml -- role_binding.yaml -- leader_election_role.yaml -- leader_election_role_binding.yaml -# Comment the following 4 lines if you want to disable -# the auth proxy (https://github.com/brancz/kube-rbac-proxy) -# which protects your /metrics endpoint. -- auth_proxy_service.yaml -- auth_proxy_role.yaml -- auth_proxy_role_binding.yaml -- auth_proxy_client_clusterrole.yaml diff --git a/tetragonpod/config/rbac/leader_election_role.yaml b/tetragonpod/config/rbac/leader_election_role.yaml deleted file mode 100644 index df0161fe371..00000000000 --- a/tetragonpod/config/rbac/leader_election_role.yaml +++ /dev/null @@ -1,44 +0,0 @@ -# permissions to do leader election. -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/name: role - app.kubernetes.io/instance: leader-election-role - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: tetragonpod - app.kubernetes.io/part-of: tetragonpod - app.kubernetes.io/managed-by: kustomize - name: leader-election-role -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch diff --git a/tetragonpod/config/rbac/leader_election_role_binding.yaml b/tetragonpod/config/rbac/leader_election_role_binding.yaml deleted file mode 100644 index e975821f6d5..00000000000 --- a/tetragonpod/config/rbac/leader_election_role_binding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/name: rolebinding - app.kubernetes.io/instance: leader-election-rolebinding - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: tetragonpod - app.kubernetes.io/part-of: tetragonpod - app.kubernetes.io/managed-by: kustomize - name: leader-election-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: leader-election-role -subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system diff --git a/tetragonpod/config/rbac/role.yaml b/tetragonpod/config/rbac/role.yaml deleted file mode 100644 index b25eb808951..00000000000 --- a/tetragonpod/config/rbac/role.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - name: manager-role -rules: -- apiGroups: - - cilium.io - resources: - - TetragonPods - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - cilium.io - resources: - - TetragonPods/finalizers - verbs: - - update -- apiGroups: - - cilium.io - resources: - - TetragonPods/status - verbs: - - get - - patch - - update diff --git a/tetragonpod/config/rbac/role_binding.yaml b/tetragonpod/config/rbac/role_binding.yaml deleted file mode 100644 index 6930e79c3c3..00000000000 --- a/tetragonpod/config/rbac/role_binding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: clusterrolebinding - app.kubernetes.io/instance: manager-rolebinding - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: tetragonpod - app.kubernetes.io/part-of: tetragonpod - app.kubernetes.io/managed-by: kustomize - name: manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: manager-role -subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system diff --git a/tetragonpod/config/rbac/service_account.yaml b/tetragonpod/config/rbac/service_account.yaml deleted file mode 100644 index 6b34c4fd1d5..00000000000 --- a/tetragonpod/config/rbac/service_account.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/name: serviceaccount - app.kubernetes.io/instance: controller-manager-sa - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: tetragonpod - app.kubernetes.io/part-of: tetragonpod - app.kubernetes.io/managed-by: kustomize - name: controller-manager - namespace: system diff --git a/tetragonpod/config/rbac/tetragonpod_editor_role.yaml b/tetragonpod/config/rbac/tetragonpod_editor_role.yaml deleted file mode 100644 index 20f1e6f8327..00000000000 --- a/tetragonpod/config/rbac/tetragonpod_editor_role.yaml +++ /dev/null @@ -1,31 +0,0 @@ -# permissions for end users to edit tetragonpod. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: clusterrole - app.kubernetes.io/instance: tetragonpod-editor-role - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: tetragonpod - app.kubernetes.io/part-of: tetragonpod - app.kubernetes.io/managed-by: kustomize - name: tetragonpod-editor-role -rules: -- apiGroups: - - cilium.io.tetragon.cilium.io - resources: - - tetragonpods - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - cilium.io - resources: - - tetragonpods/status - verbs: - - get diff --git a/tetragonpod/config/rbac/tetragonpod_viewer_role.yaml b/tetragonpod/config/rbac/tetragonpod_viewer_role.yaml deleted file mode 100644 index 0ca43de1de4..00000000000 --- a/tetragonpod/config/rbac/tetragonpod_viewer_role.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# permissions for end users to view tetragonpods. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: clusterrole - app.kubernetes.io/instance: tetragonpod-viewer-role - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: tetragonpod - app.kubernetes.io/part-of: tetragonpod - app.kubernetes.io/managed-by: kustomize - name: tetragonpod-viewer-role -rules: -- apiGroups: - - cilium.io.tetragon.cilium.io - resources: - - tetragonpods - verbs: - - get - - list - - watch -- apiGroups: - - cilium.io.tetragon.cilium.io - resources: - - tetragonpods/status - verbs: - - get diff --git a/tetragonpod/config/samples/cilium.io_v1alpha1_tetragonpod.yaml b/tetragonpod/config/samples/cilium.io_v1alpha1_tetragonpod.yaml deleted file mode 100644 index 8299c35518e..00000000000 --- a/tetragonpod/config/samples/cilium.io_v1alpha1_tetragonpod.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: cilium.io/v1alpha1 -kind: TetragonPod -metadata: - labels: - app.kubernetes.io/name: tetragonpod - app.kubernetes.io/instance: tetragonpod-sample - app.kubernetes.io/part-of: tetragonpod - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/created-by: tetragonpod - name: tetragonpod-sample -spec: - # TODO(user): Add fields here diff --git a/tetragonpod/config/samples/kustomization.yaml b/tetragonpod/config/samples/kustomization.yaml deleted file mode 100644 index 8a223e34afb..00000000000 --- a/tetragonpod/config/samples/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -## Append samples of your project ## -resources: -- cilium.io_v1alpha1_tetragonpod.yaml -#+kubebuilder:scaffold:manifestskustomizesamples diff --git a/tetragonpod/hack/boilerplate.go.txt b/tetragonpod/hack/boilerplate.go.txt deleted file mode 100644 index 93635d464bd..00000000000 --- a/tetragonpod/hack/boilerplate.go.txt +++ /dev/null @@ -1,15 +0,0 @@ -/* -Copyright 2023 Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ \ No newline at end of file diff --git a/tetragonpod/internal/controller/suite_test.go b/tetragonpod/internal/controller/suite_test.go deleted file mode 100644 index b35183740d8..00000000000 --- a/tetragonpod/internal/controller/suite_test.go +++ /dev/null @@ -1,79 +0,0 @@ -/* -Copyright 2023 Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package controller - -// Write tests using Testify instad of Ginkgo - -// import ( -// "path/filepath" -// "testing" - -// "k8s.io/client-go/kubernetes/scheme" -// "k8s.io/client-go/rest" -// "sigs.k8s.io/controller-runtime/pkg/client" -// "sigs.k8s.io/controller-runtime/pkg/envtest" -// logf "sigs.k8s.io/controller-runtime/pkg/log" -// "sigs.k8s.io/controller-runtime/pkg/log/zap" - -// ciliumiov1alpha1 "github.com/cilium/tetragon/tetragonpod/api/v1alpha1" -// //+kubebuilder:scaffold:imports -// ) - -// // These tests use Ginkgo (BDD-style Go testing framework). Refer to -// // http://onsi.github.io/ginkgo/ to learn more about Ginkgo. - -// var cfg *rest.Config -// var k8sClient client.Client -// var testEnv *envtest.Environment - -// func TestAPIs(t *testing.T) { -// RegisterFailHandler(Fail) - -// RunSpecs(t, "Controller Suite") -// } - -// var _ = BeforeSuite(func() { -// logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true))) - -// By("bootstrapping test environment") -// testEnv = &envtest.Environment{ -// CRDDirectoryPaths: []string{filepath.Join("..", "..", "config", "crd", "bases")}, -// ErrorIfCRDPathMissing: true, -// } - -// var err error -// // cfg is defined in this file globally. -// cfg, err = testEnv.Start() -// Expect(err).NotTo(HaveOccurred()) -// Expect(cfg).NotTo(BeNil()) - -// err = ciliumiov1alpha1.AddToScheme(scheme.Scheme) -// Expect(err).NotTo(HaveOccurred()) - -// //+kubebuilder:scaffold:scheme - -// k8sClient, err = client.New(cfg, client.Options{Scheme: scheme.Scheme}) -// Expect(err).NotTo(HaveOccurred()) -// Expect(k8sClient).NotTo(BeNil()) - -// }) - -// var _ = AfterSuite(func() { -// By("tearing down the test environment") -// err := testEnv.Stop() -// Expect(err).NotTo(HaveOccurred()) -// })