Create basic manifest.yaml

flame_k8s_controller/config/bonny.exs → config/prod.exs

@@ -23,5 +23,7 @@ config :bonny,
 
   # Operator deployment resources. These are the defaults.
   resources: %{limits: %{cpu: "200m", memory: "200Mi"}, requests: %{cpu: "200m", memory: "200Mi"}},
+
+  # Overrides default manifest
   manifest_override_callback:
     &Mix.Tasks.Bonny.Gen.Manifest.FlameK8sControllerCustomizer.override/1

flame_k8s_controller/lib/mix/tasks/bonny.gen.manifest/customizer.ex

@@ -20,7 +20,6 @@ defmodule Mix.Tasks.Bonny.Gen.Manifest.FlameK8sControllerCustomizer do
   import YamlElixir.Sigil
 
   @spec override(Bonny.Resource.t()) :: Bonny.Resource.t()
-
   def override(%{"kind" => "Deployment"} = resource) do
     image =
       get_in(

flame_k8s_controller/manifest.yaml

@@ -0,0 +1,284 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    k8s-app: flame-controller
+  name: flame-controller
+  namespace: flame
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      k8s-app: flame-controller
+  template:
+    metadata:
+      labels:
+        k8s-app: flame-controller
+    spec:
+      containers:
+        - env:
+            - name: MIX_ENV
+              value: prod
+            - name: BONNY_OPERATOR_NAME
+              value: flame-controller
+            - name: BONNY_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: BONNY_POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: BONNY_POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: BONNY_POD_SERVICE_ACCOUNT
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.serviceAccountName
+          image: eigr/flame-k8s-controller:0.1.0
+          name: flame-controller
+          resources:
+            limits:
+              cpu: 200m
+              memory: 200Mi
+            requests:
+              cpu: 200m
+              memory: 200Mi
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 65534
+      serviceAccountName: flame-controller
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    k8s-app: flame-controller
+  name: flamerunners.flame.org
+spec:
+  group: flame.org
+  names:
+    kind: FlameRunner
+    plural: flamerunners
+    shortNames:
+      - fr
+      - flamerunner
+      - flamerunners
+      - runner
+      - runners
+    singular: flamerunner
+  scope: Namespaced
+  versions:
+    - additionalPrinterColumns: []
+      deprecated: false
+      deprecationWarning:
+      name: v1
+      schema:
+        openAPIV3Schema:
+          properties:
+            status:
+              properties:
+                observedGeneration:
+                  type: integer
+              type: object
+          type: object
+          x-kubernetes-preserve-unknown-fields: true
+      served: true
+      storage: true
+      subresources:
+        status: {}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  labels:
+    k8s-app: flame-controller
+  name: flamepools.flame.org
+spec:
+  group: flame.org
+  names:
+    kind: FlamePool
+    plural: flamepools
+    shortNames:
+      - framepool
+      - framepools
+      - pool
+      - pools
+    singular: flamepool
+  scope: Namespaced
+  versions:
+    - additionalPrinterColumns: []
+      deprecated: false
+      deprecationWarning:
+      name: v1
+      schema:
+        openAPIV3Schema:
+          properties:
+            status:
+              properties:
+                observedGeneration:
+                  type: integer
+              type: object
+          type: object
+          x-kubernetes-preserve-unknown-fields: true
+      served: true
+      storage: true
+      subresources:
+        status: {}
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    k8s-app: flame-controller
+  name: flame-controller
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - '*'
+  - apiGroups:
+      - ""
+    resources:
+      - node
+    verbs:
+      - get
+      - list
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - get
+      - list
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - '*'
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - '*'
+  - apiGroups:
+      - ""
+    resources:
+      - serviceaccount
+    verbs:
+      - '*'
+  - apiGroups:
+      - ""
+    resources:
+      - serviceaccounts
+    verbs:
+      - '*'
+  - apiGroups:
+      - ""
+    resources:
+      - services
+    verbs:
+      - '*'
+  - apiGroups:
+      - apiextensions.k8s.io
+    resources:
+      - customresourcedefinitions
+    verbs:
+      - '*'
+  - apiGroups:
+      - apps
+    resources:
+      - deployments
+    verbs:
+      - '*'
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - '*'
+  - apiGroups:
+      - events.k8s.io
+    resources:
+      - events
+    verbs:
+      - '*'
+  - apiGroups:
+      - flame.org
+    resources:
+      - flamepools
+    verbs:
+      - '*'
+  - apiGroups:
+      - flame.org
+    resources:
+      - flamepools/status
+    verbs:
+      - '*'
+  - apiGroups:
+      - flame.org
+    resources:
+      - flamerunners
+    verbs:
+      - '*'
+  - apiGroups:
+      - flame.org
+    resources:
+      - flamerunners/status
+    verbs:
+      - '*'
+  - apiGroups:
+      - rbac.authorization.k8s.io
+    resources:
+      - role
+    verbs:
+      - '*'
+  - apiGroups:
+      - rbac.authorization.k8s.io
+    resources:
+      - rolebindings
+    verbs:
+      - '*'
+  - apiGroups:
+      - rbac.authorization.k8s.io
+    resources:
+      - roles
+    verbs:
+      - '*'
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    k8s-app: flame-controller
+  name: flame-controller
+  namespace: flame
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    k8s-app: flame-controller
+  name: flame-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: flame-controller
+subjects:
+  - kind: ServiceAccount
+    name: flame-controller
+    namespace: flame

flame_k8s_controller/mix.exs

@@ -9,7 +9,7 @@ defmodule FlameK8sController.MixProject do
       app: @app,
       version: @version,
       build_path: "../_build",
-      config_path: "config/config.exs",
+      config_path: "../config/config.exs",
       deps_path: "../deps",
       lockfile: "../mix.lock",
       elixir: "~> 1.14",

lib/flame/k8s_backend.ex

@@ -222,11 +222,13 @@ defmodule FLAME.K8sBackend do
   end
 
   defp call_shutdown_runner() do
-    name = System.get_env("POD_NAME")
-    namespace = System.get_env("POD_NAMESPACE")
-    time_limit_to_shoot_headhead = System.get_env("POD_TERMINATION_TIMEOUT")
+    _name = System.get_env("POD_NAME")
+    _namespace = System.get_env("POD_NAMESPACE")
+    _time_limit_to_shoot_headhead = System.get_env("POD_TERMINATION_TIMEOUT")
+
     # TODO Send signal to controller to cleanup pod after terminationShutdownPeriod timeout
     # calling "/v1/runners/:namespace/:name" endpoint in the controller service
+    {:ok, :ending}
   end
 
   defp do_loop(_func, {:ok, term}), do: {:ok, term}