From 913277af27015693d3caa36df24caac265ca0a1d Mon Sep 17 00:00:00 2001 From: Patrick Derks Date: Mon, 6 Jan 2025 13:54:43 +0100 Subject: [PATCH 1/3] fix: naming and create proper helm chart with namespace !fixes #70 --- Makefile | 4 ++-- config/crd/kustomization.yaml | 2 +- config/helm/kustomization.yaml | 5 ++++ config/manager/kustomization.yaml | 1 - config/manager/manager.yaml | 21 +++++----------- config/manager/manager_auth_proxy_patch.yaml | 2 +- config/manager/manager_config_patch.yaml | 2 +- config/rbac/kustomization.yaml | 7 ++++++ config/rbac/leader_election_role.yaml | 2 +- config/rbac/leader_election_role_binding.yaml | 6 ++--- config/rbac/name_patch.yaml | 3 +++ config/rbac/role.yaml | 9 ++++++- config/rbac/role_binding.yaml | 6 ++--- config/rbac/service_account.yaml | 2 +- helm/templates/deployment.yaml | 24 +++++++++---------- internal/controller/store_controller.go | 2 +- 16 files changed, 55 insertions(+), 43 deletions(-) create mode 100644 config/helm/kustomization.yaml create mode 100644 config/rbac/name_patch.yaml diff --git a/Makefile b/Makefile index d1a6a15..d09a494 100644 --- a/Makefile +++ b/Makefile @@ -164,10 +164,10 @@ undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/confi .PHONY: helm helm: path version manifests kustomize yq ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. echo Create version $(version) + rm -r $(path) 2> /dev/null || true cp -r helm $(path) $(KUSTOMIZE) build config/crd > $(path)/crds/crd.yaml - $(KUSTOMIZE) build config/rbac > $(path)/templates/rbac.yaml - sed -i '/namespace: default/d' $(path)/templates/rbac.yaml + $(KUSTOMIZE) build config/helm > $(path)/templates/operator.yaml $(YQ) e -i '.appVersion = "$(version)"' $(path)/Chart.yaml $(YQ) e -i '.version = "$(version)"' $(path)/Chart.yaml diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index 33fa0b5..afd8416 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -5,7 +5,7 @@ resources: - bases/shop.shopware.com_stores.yaml #+kubebuilder:scaffold:crdkustomizeresource -patches: +#patches: # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. # patches here are for enabling the conversion webhook for each CRD #- path: patches/webhook_in_stores.yaml diff --git a/config/helm/kustomization.yaml b/config/helm/kustomization.yaml new file mode 100644 index 0000000..8b87ad1 --- /dev/null +++ b/config/helm/kustomization.yaml @@ -0,0 +1,5 @@ +namespace: "{{ .Release.Namespace }}" +namePrefix: '{{ .Release.Name }}-' + +resources: +- ../rbac diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index d43cedd..0c6c1ac 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -1,4 +1,3 @@ -namePrefix: shopware-operator- resources: - manager.yaml apiVersion: kustomize.config.k8s.io/v1beta1 diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 881bfb4..fad6734 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -1,11 +1,11 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: controller-manager + name: shopware-operator labels: - control-plane: controller-manager + control-plane: shopware-operator app.kubernetes.io/name: deployment - app.kubernetes.io/instance: controller-manager + app.kubernetes.io/instance: shopware-operator app.kubernetes.io/component: manager app.kubernetes.io/created-by: shopware-operator app.kubernetes.io/part-of: shopware-operator @@ -13,19 +13,15 @@ metadata: spec: selector: matchLabels: - control-plane: controller-manager + control-plane: shopware-operator replicas: 1 template: metadata: annotations: kubectl.kubernetes.io/default-container: manager labels: - control-plane: controller-manager + control-plane: shopware-operator spec: - # TODO(user): Uncomment the following code to configure the nodeAffinity expression - # according to the platforms which are supported by your solution. - # It is considered best practice to support multiple architectures. You can - # build your manager image using the makefile target docker-buildx. affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -42,11 +38,6 @@ spec: - linux securityContext: runAsNonRoot: true - # TODO(user): For common cases that do not require escalating privileges - # it is recommended to ensure that all your Pods/Containers are restrictive. - # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted - # Please uncomment the following code if your project does NOT have to work on old Kubernetes - # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ). seccompProfile: type: RuntimeDefault containers: @@ -87,5 +78,5 @@ spec: requests: cpu: 10m memory: 64Mi - serviceAccountName: controller-manager + serviceAccountName: shopware-operator terminationGracePeriodSeconds: 10 diff --git a/config/manager/manager_auth_proxy_patch.yaml b/config/manager/manager_auth_proxy_patch.yaml index e52ac1d..9b89999 100644 --- a/config/manager/manager_auth_proxy_patch.yaml +++ b/config/manager/manager_auth_proxy_patch.yaml @@ -3,7 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: controller-manager + name: shopware-operator spec: template: spec: diff --git a/config/manager/manager_config_patch.yaml b/config/manager/manager_config_patch.yaml index b454087..1883b73 100644 --- a/config/manager/manager_config_patch.yaml +++ b/config/manager/manager_config_patch.yaml @@ -1,7 +1,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: controller-manager + name: shopware-operator spec: template: spec: diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index fb5a2b8..cd5ca67 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -16,3 +16,10 @@ resources: # - auth_proxy_role.yaml # - auth_proxy_role_binding.yaml # - auth_proxy_client_clusterrole.yaml +patches: + - target: + group: rbac.authorization.k8s.io + version: v1 + kind: Role + name: manager-role + path: name_patch.yaml diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml index a5efb24..f42cce8 100644 --- a/config/rbac/leader_election_role.yaml +++ b/config/rbac/leader_election_role.yaml @@ -9,7 +9,7 @@ metadata: app.kubernetes.io/created-by: shopware-operator app.kubernetes.io/part-of: shopware-operator app.kubernetes.io/managed-by: kustomize - name: leader-election-role + name: le-shopware-operator rules: - apiGroups: - "" diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml index 84afa21..8411985 100644 --- a/config/rbac/leader_election_role_binding.yaml +++ b/config/rbac/leader_election_role_binding.yaml @@ -8,11 +8,11 @@ metadata: app.kubernetes.io/created-by: shopware-operator app.kubernetes.io/part-of: shopware-operator app.kubernetes.io/managed-by: kustomize - name: leader-election-rolebinding + name: le-shopware-operator roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: leader-election-role + name: le-shopware-operator subjects: - kind: ServiceAccount - name: controller-manager + name: shopware-operator diff --git a/config/rbac/name_patch.yaml b/config/rbac/name_patch.yaml new file mode 100644 index 0000000..5b0ff95 --- /dev/null +++ b/config/rbac/name_patch.yaml @@ -0,0 +1,3 @@ +- op: add + path: /metadata/name + value: 'shopware-operator' diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index f427ef6..2ea091e 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -5,6 +5,14 @@ metadata: name: manager-role namespace: default rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -61,7 +69,6 @@ rules: - stores verbs: - create - - delete - get - list - patch diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml index 6b0647c..401c7ac 100644 --- a/config/rbac/role_binding.yaml +++ b/config/rbac/role_binding.yaml @@ -8,11 +8,11 @@ metadata: app.kubernetes.io/created-by: shopware-operator app.kubernetes.io/part-of: shopware-operator app.kubernetes.io/managed-by: kustomize - name: manager-rolebinding + name: shopware-operator roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: manager-role + name: shopware-operator subjects: - kind: ServiceAccount - name: controller-manager + name: shopware-operator diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml index ea7171e..d863cb7 100644 --- a/config/rbac/service_account.yaml +++ b/config/rbac/service_account.yaml @@ -8,4 +8,4 @@ metadata: app.kubernetes.io/created-by: shopware-operator app.kubernetes.io/part-of: shopware-operator app.kubernetes.io/managed-by: kustomize - name: controller-manager + name: shopware-operator diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml index 5826971..4a9b951 100644 --- a/helm/templates/deployment.yaml +++ b/helm/templates/deployment.yaml @@ -1,16 +1,16 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: shopware-operator + name: '{{ .Release.Name }}-shopware-operator' namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/component: manager app.kubernetes.io/created-by: shopware-operator - app.kubernetes.io/instance: controller-manager - app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/instance: shopware-operator + app.kubernetes.io/managed-by: shopware-operator app.kubernetes.io/name: deployment app.kubernetes.io/part-of: shopware-operator - control-plane: controller-manager + control-plane: shopware-operator {{- with .Values.labels }} {{- toYaml . | nindent 4 }} {{- end }} @@ -18,7 +18,7 @@ spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: - control-plane: controller-manager + control-plane: shopware-operator strategy: rollingUpdate: maxUnavailable: 1 @@ -26,19 +26,19 @@ spec: template: metadata: annotations: - kubectl.kubernetes.io/default-container: manager + kubectl.kubernetes.io/default-container: operator {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} labels: - control-plane: controller-manager + control-plane: shopware-operator spec: - {{ if hasKey .Values "affinity" }} + {{- if hasKey .Values "affinity" }} affinity: {{- with .Values.affinity }} {{- toYaml . | nindent 8 }} {{- end }} - {{ else }} + {{- else }} affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -53,7 +53,7 @@ spec: operator: In values: - linux - {{ end }} + {{- end }} tolerations: {{- with .Values.tolerations }} {{- toYaml . | nindent 10 }} @@ -76,7 +76,7 @@ spec: port: 8081 initialDelaySeconds: 15 periodSeconds: 20 - name: manager + name: operator readinessProbe: httpGet: path: /readyz @@ -96,5 +96,5 @@ spec: runAsNonRoot: true seccompProfile: type: RuntimeDefault - serviceAccountName: controller-manager + serviceAccountName: '{{ .Release.Name }}-shopware-operator' terminationGracePeriodSeconds: 10 diff --git a/internal/controller/store_controller.go b/internal/controller/store_controller.go index d35539a..50b25c1 100644 --- a/internal/controller/store_controller.go +++ b/internal/controller/store_controller.go @@ -84,7 +84,7 @@ func (r *StoreReconciler) findStoreForReconcile( return requests } -//+kubebuilder:rbac:groups=shop.shopware.com,namespace=default,resources=stores,verbs=get;list;watch;create;update;patch;delete +//+kubebuilder:rbac:groups=shop.shopware.com,namespace=default,resources=stores,verbs=get;list;watch;create;update;patch //+kubebuilder:rbac:groups=shop.shopware.com,namespace=default,resources=stores/status,verbs=get;update;patch //+kubebuilder:rbac:groups=shop.shopware.com,namespace=default,resources=stores/finalizers,verbs=update //+kubebuilder:rbac:groups="",namespace=default,resources=secrets,verbs=get;list;watch;create;patch From eedee6cc16270c990e7909fb1c86e5f661f47cc8 Mon Sep 17 00:00:00 2001 From: Patrick Derks Date: Wed, 8 Jan 2025 09:18:41 +0100 Subject: [PATCH 2/3] doc: add verbose to golangci-lint --- .github/workflows/lint.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index e486ad3..a4618ee 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -7,6 +7,7 @@ on: permissions: contents: read + pull-requests: read checks: write jobs: @@ -21,5 +22,5 @@ jobs: - name: golangci-lint uses: golangci/golangci-lint-action@v6 with: - version: v1.59 - args: --timeout=5m + version: v1.60 + args: --timeout=8m --verbose From f14779681463ed3ec4f934d427ad8a292333823b Mon Sep 17 00:00:00 2001 From: Patrick Derks Date: Wed, 8 Jan 2025 09:18:55 +0100 Subject: [PATCH 3/3] feat: add new env for persistent database connection --- api/v1/env.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/api/v1/env.go b/api/v1/env.go index 7d73c4d..e99881a 100644 --- a/api/v1/env.go +++ b/api/v1/env.go @@ -306,6 +306,10 @@ func (s *Store) GetEnv() []corev1.EnvVar { Name: "APP_URL", Value: fmt.Sprintf("https://%s", s.Spec.Network.Host), }, + { + Name: "DATABASE_PERSISTENT_CONNECTION", + Value: "1", + }, } c = append(c, s.getSessionCache()...)