Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
extract kpack-image-builder to a standalone deployment
Browse files Browse the repository at this point in the history
pbusko committed Oct 17, 2024
1 parent 73a9346 commit c5d494e
Showing 21 changed files with 471 additions and 141 deletions.
1 change: 0 additions & 1 deletion controllers/Dockerfile
Original file line number Diff line number Diff line change
@@ -12,7 +12,6 @@ RUN --mount=type=cache,target=/go/pkg/mod \

COPY model model
COPY controllers controllers
COPY kpack-image-builder kpack-image-builder
COPY statefulset-runner statefulset-runner
COPY tools tools
COPY version version
13 changes: 1 addition & 12 deletions controllers/config/config.go
Original file line number Diff line number Diff line change
@@ -10,7 +10,6 @@ import (

type ControllerConfig struct {
// components
IncludeKpackImageBuilder bool `yaml:"includeKpackImageBuilder"`
IncludeStatefulsetRunner bool `yaml:"includeStatefulsetRunner"`

// core controllers
@@ -28,13 +27,7 @@ type ControllerConfig struct {
LogLevel zapcore.Level `yaml:"logLevel"`
SpaceFinalizerAppDeletionTimeout *int32 `yaml:"spaceFinalizerAppDeletionTimeout"`

// kpack-image-builder
ClusterBuilderName string `yaml:"clusterBuilderName"`
BuilderServiceAccount string `yaml:"builderServiceAccount"`
BuilderReadinessTimeout string `yaml:"builderReadinessTimeout"`
ContainerRepositoryPrefix string `yaml:"containerRepositoryPrefix"`
ContainerRegistryType string `yaml:"containerRegistryType"`
Networking Networking `yaml:"networking"`
Networking Networking `yaml:"networking"`

ExperimentalManagedServicesEnabled bool `yaml:"experimentalManagedServicesEnabled"`
TrustInsecureServiceBrokers bool `yaml:"trustInsecureServiceBrokers"`
@@ -102,7 +95,3 @@ func (c ControllerConfig) ParseTaskTTL() (time.Duration, error) {

return tools.ParseDuration(c.TaskTTL)
}

func (c ControllerConfig) ParseBuilderReadinessTimeout() (time.Duration, error) {
return tools.ParseDuration(c.BuilderReadinessTimeout)
}
50 changes: 0 additions & 50 deletions controllers/main.go
Original file line number Diff line number Diff line change
@@ -60,12 +60,9 @@ import (
packageswebhook "code.cloudfoundry.org/korifi/controllers/webhooks/workloads/packages"
spaceswebhook "code.cloudfoundry.org/korifi/controllers/webhooks/workloads/spaces"
taskswebhook "code.cloudfoundry.org/korifi/controllers/webhooks/workloads/tasks"
"code.cloudfoundry.org/korifi/kpack-image-builder/controllers"
kpackimagebuilderfinalizer "code.cloudfoundry.org/korifi/kpack-image-builder/controllers/webhooks/finalizer"
statefulsetcontrollers "code.cloudfoundry.org/korifi/statefulset-runner/controllers"
"code.cloudfoundry.org/korifi/tools"
"code.cloudfoundry.org/korifi/tools/image"
"code.cloudfoundry.org/korifi/tools/registry"
"code.cloudfoundry.org/korifi/version"

buildv1alpha2 "github.com/pivotal/kpack/pkg/apis/build/v1alpha2"
@@ -336,49 +333,6 @@ func main() {
os.Exit(1)
}

if controllerConfig.IncludeKpackImageBuilder {
var builderReadinessTimeout time.Duration
builderReadinessTimeout, err = controllerConfig.ParseBuilderReadinessTimeout()
if err != nil {
setupLog.Error(err, "error parsing builderReadinessTimeout")
os.Exit(1)
}
if err = controllers.NewBuildWorkloadReconciler(
mgr.GetClient(),
mgr.GetScheme(),
controllersLog,
controllerConfig,
imageClient,
controllerConfig.ContainerRepositoryPrefix,
registry.NewRepositoryCreator(controllerConfig.ContainerRegistryType),
builderReadinessTimeout,
).SetupWithManager(mgr); err != nil {
setupLog.Error(err, "unable to create controller", "controller", "BuildWorkload")
os.Exit(1)
}

if err = controllers.NewBuilderInfoReconciler(
mgr.GetClient(),
mgr.GetScheme(),
controllersLog,
controllerConfig.ClusterBuilderName,
controllerConfig.CFRootNamespace,
).SetupWithManager(mgr); err != nil {
setupLog.Error(err, "unable to create controller", "controller", "BuilderInfo")
os.Exit(1)
}

if err = controllers.NewKpackBuildController(
mgr.GetClient(),
controllersLog,
imageClient,
controllerConfig.BuilderServiceAccount,
).SetupWithManager(mgr); err != nil {
setupLog.Error(err, "unable to create controller", "controller", "KpackBuild")
os.Exit(1)
}
}

if controllerConfig.IncludeStatefulsetRunner {
if err = statefulsetcontrollers.NewAppWorkloadReconciler(
mgr.GetClient(),
@@ -532,10 +486,6 @@ func main() {
os.Exit(1)
}

if controllerConfig.IncludeKpackImageBuilder {
kpackimagebuilderfinalizer.NewKpackImageBuilderFinalizerWebhook().SetupWebhookWithManager(mgr)
}

if err = mgr.AddReadyzCheck("readyz", mgr.GetWebhookServer().StartedChecker()); err != nil {
setupLog.Error(err, "unable to set up ready check")
os.Exit(1)
2 changes: 0 additions & 2 deletions controllers/remote-debug/Dockerfile
Original file line number Diff line number Diff line change
@@ -12,8 +12,6 @@ RUN --mount=type=cache,target=/go/pkg/mod \

COPY model model
COPY controllers controllers
COPY kpack-image-builder kpack-image-builder
COPY job-task-runner job-task-runner
COPY statefulset-runner statefulset-runner
COPY tools tools
COPY version version
14 changes: 0 additions & 14 deletions helm/korifi/controllers/configmap.yaml
Original file line number Diff line number Diff line change
@@ -5,7 +5,6 @@ metadata:
namespace: {{ .Release.Namespace }}
data:
config.yaml: |-
includeKpackImageBuilder: {{ .Values.kpackImageBuilder.include }}
includeStatefulsetRunner: {{ .Values.statefulsetRunner.include }}
builderName: {{ .Values.reconcilers.build }}
runnerName: {{ .Values.reconcilers.run }}
@@ -37,19 +36,6 @@ data:
maxRetainedPackagesPerApp: {{ .Values.controllers.maxRetainedPackagesPerApp }}
maxRetainedBuildsPerApp: {{ .Values.controllers.maxRetainedBuildsPerApp }}
logLevel: {{ .Values.logLevel }}
{{- if .Values.kpackImageBuilder.include }}
clusterBuilderName: {{ .Values.kpackImageBuilder.clusterBuilderName | default "cf-kpack-cluster-builder" }}
builderReadinessTimeout: {{ required "builderReadinessTimeout is required" .Values.kpackImageBuilder.builderReadinessTimeout }}
containerRepositoryPrefix: {{ .Values.containerRepositoryPrefix | quote }}
builderServiceAccount: kpack-service-account
cfStagingResources:
buildCacheMB: {{ .Values.stagingRequirements.buildCacheMB }}
diskMB: {{ .Values.stagingRequirements.diskMB }}
memoryMB: {{ .Values.stagingRequirements.memoryMB }}
{{- if .Values.eksContainerRegistryRoleARN }}
containerRegistryType: "ECR"
{{- end }}
{{- end }}
networking:
gatewayNamespace: {{ .Release.Namespace }}-gateway
gatewayName: korifi
32 changes: 0 additions & 32 deletions helm/korifi/controllers/rbac.yaml
Original file line number Diff line number Diff line change
@@ -80,38 +80,6 @@ subjects:
name: korifi-controllers-controller-manager
namespace: {{ .Release.Namespace }}

{{- if .Values.jobTaskRunner.include }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: korifi-job-task-runner-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: korifi-job-task-runner-taskworkload-manager-role
subjects:
- kind: ServiceAccount
name: korifi-controllers-controller-manager
namespace: {{ .Release.Namespace }}
{{- end }}

{{- if .Values.kpackImageBuilder.include }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: korifi-kpack-build-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: korifi-kpack-build-manager-role
subjects:
- kind: ServiceAccount
name: korifi-controllers-controller-manager
namespace: {{ .Release.Namespace }}
{{- end }}

{{- if .Values.statefulsetRunner.include }}
---
apiVersion: rbac.authorization.k8s.io/v1
13 changes: 13 additions & 0 deletions helm/korifi/kpack-image-builder/cert.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: kpack-image-builder-serving-cert
namespace: {{ .Release.Namespace }}
spec:
dnsNames:
- kpack-image-builder-webhook-service.{{ .Release.Namespace }}.svc
- kpack-image-builder-webhook-service.{{ .Release.Namespace }}.svc.cluster.local
issuerRef:
kind: Issuer
name: selfsigned-issuer
secretName: kpack-image-builder-webhook-cert
19 changes: 19 additions & 0 deletions helm/korifi/kpack-image-builder/configmap.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: kpack-image-builder-config
namespace: {{ .Release.Namespace }}
data:
config.yaml: |-
cfRootNamespace: {{ .Values.rootNamespace }}
clusterBuilderName: {{ .Values.kpackImageBuilder.clusterBuilderName | default "cf-kpack-cluster-builder" }}
builderReadinessTimeout: {{ required "builderReadinessTimeout is required" .Values.kpackImageBuilder.builderReadinessTimeout }}
containerRepositoryPrefix: {{ .Values.containerRepositoryPrefix | quote }}
builderServiceAccount: kpack-service-account
cfStagingResources:
buildCacheMB: {{ .Values.stagingRequirements.buildCacheMB }}
diskMB: {{ .Values.stagingRequirements.diskMB }}
memoryMB: {{ .Values.stagingRequirements.memoryMB }}
{{- if .Values.eksContainerRegistryRoleARN }}
containerRegistryType: "ECR"
{{- end }}
95 changes: 95 additions & 0 deletions helm/korifi/kpack-image-builder/deployment.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: kpack-image-builder
name: kpack-image-builder-controller-manager
namespace: {{ .Release.Namespace }}
spec:
replicas: {{ .Values.kpackImageBuilder.replicas | default 1}}
selector:
matchLabels:
app: kpack-image-builder
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: manager
prometheus.io/path: /metrics
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
checksum/config: {{ tpl ($.Files.Get "controllers/configmap.yaml") $ | sha256sum }}
labels:
app: kpack-image-builder
spec:
containers:
- name: manager
image: {{ .Values.kpackImageBuilder.image }}
{{- if .Values.debug }}
command:
- "/dlv"
args:
- "--listen=:40000"
- "--headless=true"
- "--api-version=2"
- "exec"
- "/manager"
- "--continue"
- "--accept-multiclient"
- "--"
- "--health-probe-bind-address=:8081"
- "--leader-elect"
- "--config=/etc/kpack-image-builder-config"
{{- else }}
args:
- --health-probe-bind-address=:8081
- --leader-elect
- --config=/etc/kpack-image-builder-config
{{- end }}
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
- containerPort: 8080
name: metrics
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources:
{{- .Values.jobTaskRunner.resources | toYaml | nindent 10 }}
{{- include "korifi.securityContext" . | indent 8 }}
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
- mountPath: /etc/kpack-image-builder-config
name: kpack-image-builder-config
readOnly: true
{{- include "korifi.podSecurityContext" . | indent 6 }}
serviceAccountName: kpack-image-builder-controller-manager
{{- if .Values.kpackImageBuilder.nodeSelector }}
nodeSelector:
{{ toYaml .Values.kpackImageBuilder.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.kpackImageBuilder.tolerations }}
tolerations:
{{- toYaml .Values.kpackImageBuilder.tolerations | nindent 8 }}
{{- end }}
terminationGracePeriodSeconds: 10
volumes:
- name: cert
secret:
defaultMode: 420
secretName: kpack-image-builder-webhook-cert
- configMap:
name: kpack-image-builder-config
name: kpack-image-builder-config
4 changes: 2 additions & 2 deletions helm/korifi/kpack-image-builder/manifests.yaml
Original file line number Diff line number Diff line change
@@ -4,14 +4,14 @@ kind: MutatingWebhookConfiguration
metadata:
name: korifi-kpack-image-builder-mutating-webhook-configuration
annotations:
cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/korifi-controllers-serving-cert'
cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/kpack-image-builder-serving-cert'
webhooks:
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: korifi-controllers-webhook-service
name: kpack-image-builder-webhook-service
namespace: '{{ .Release.Namespace }}'
path: /mutate-korifi-cloudfoundry-org-v1alpha1-kpack-image-builder-finalizer
failurePolicy: Fail
41 changes: 41 additions & 0 deletions helm/korifi/kpack-image-builder/rbac.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kpack-image-builder-controller-manager
namespace: {{ .Release.Namespace }}
{{- if .Values.eksContainerRegistryRoleARN }}
annotations:
eks.amazonaws.com/role-arn: {{ .Values.eksContainerRegistryRoleARN }}
{{- end }}
imagePullSecrets:
{{- range .Values.systemImagePullSecrets }}
- name: {{ . | quote }}
{{- end }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: kpack-image-builder-leader-election-rolebinding
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: korifi-controllers-leader-election-role
subjects:
- kind: ServiceAccount
name: kpack-image-builder-controller-manager
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kpack-image-builder-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: korifi-kpack-build-manager-role
subjects:
- kind: ServiceAccount
name: kpack-image-builder-controller-manager
namespace: {{ .Release.Namespace }}
Loading

0 comments on commit c5d494e

Please sign in to comment.