feat: allow mounting an existing kubeconfig and setting of KCP_ENABLE…

…D environment variable
openmfp · Oct 24, 2024 · 97d4f83 · 97d4f83
1 parent e46d373
commit 97d4f83
Show file tree

Hide file tree

Showing 5 changed files with 180 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1 +1,2 @@
+.idea
 .vscode/settings.json
diff --git a/charts/account-operator/templates/deployment.yaml b/charts/account-operator/templates/deployment.yaml
@@ -53,7 +53,25 @@ spec:
             requests:
               cpu: {{ .Values.deployment.resources.requests.cpu }}
               memory: {{ .Values.deployment.resources.requests.memory }}
+          env:
+          - name: KCP_ENABLED
+            value: "{{ .Values.kcp.enabled }}"
+          {{- if .Values.kubeconfigSecret }}
+          - name: KUBECONFIG
+            value: /api-kubeconfig/kubeconfig
+          {{- end }}
+          {{- if .Values.kubeconfigSecret }}
+          volumeMounts:
+            - name: external-api-server
+              mountPath: /api-kubeconfig
+          {{- end }}
       terminationGracePeriodSeconds: 10
+      volumes:
+        {{- if .Values.kubeconfigSecret }}
+        - name: external-api-server
+          secret:
+            secretName: {{ .Values.kubeconfigSecret }}
+        {{- end }}
 
 
 
diff --git a/charts/account-operator/tests/__snapshot__/deployment_test.yaml.snap b/charts/account-operator/tests/__snapshot__/deployment_test.yaml.snap
@@ -93,6 +93,9 @@ operator match the snapshot:
                 - --leader-elect
                 - --log-level=
                 - --health-probe-bind-address=:8081
+              env:
+                - name: KCP_ENABLED
+                  value: "false"
               image: ghcr.io/openmfp/account-operator:0.0.0
               livenessProbe:
                 httpGet:
@@ -125,6 +128,154 @@ operator match the snapshot:
                 runAsNonRoot: true
           serviceAccountName: RELEASE-NAME-account-operator
           terminationGracePeriodSeconds: 10
+          volumes: null
+  4: |
+    apiVersion: v1
+    imagePullSecrets:
+      - name: github
+    kind: ServiceAccount
+    metadata:
+      name: RELEASE-NAME-account-operator
+      namespace: NAMESPACE
+operator match the snapshot (with kubeconfigSecret):
+  1: |
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRole
+    metadata:
+      name: RELEASE-NAME-account-operator
+    rules:
+      - apiGroups:
+          - core.openmfp.io
+        resources:
+          - accounts
+        verbs:
+          - create
+          - delete
+          - get
+          - list
+          - patch
+          - update
+          - watch
+      - apiGroups:
+          - coordination.k8s.io
+        resources:
+          - leases
+        verbs:
+          - create
+          - delete
+          - get
+          - list
+          - patch
+          - update
+          - watch
+      - apiGroups:
+          - core.openmfp.io
+        resources:
+          - accounts
+          - accounts/status
+        verbs:
+          - create
+          - delete
+          - get
+          - list
+          - patch
+          - update
+          - watch
+      - apiGroups:
+          - ""
+        resources:
+          - namespaces
+          - events
+        verbs:
+          - get
+          - list
+          - watch
+          - create
+          - update
+          - patch
+          - delete
+  2: |
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRoleBinding
+    metadata:
+      name: RELEASE-NAME-account-operator
+    roleRef:
+      apiGroup: rbac.authorization.k8s.io
+      kind: ClusterRole
+      name: RELEASE-NAME-account-operator
+    subjects:
+      - kind: ServiceAccount
+        name: RELEASE-NAME-account-operator
+        namespace: NAMESPACE
+  3: |
+    apiVersion: apps/v1
+    kind: Deployment
+    metadata:
+      name: RELEASE-NAME-account-operator
+      namespace: NAMESPACE
+    spec:
+      revisionHistoryLimit: 3
+      selector:
+        matchLabels:
+          service: RELEASE-NAME-account-operator
+      template:
+        metadata:
+          annotations:
+            sidecar.istio.io/inject: "false"
+          labels:
+            control-plane: controller-manager
+            service: RELEASE-NAME-account-operator
+        spec:
+          containers:
+            - args:
+                - operator
+                - --leader-elect
+                - --log-level=
+                - --health-probe-bind-address=:8081
+              env:
+                - name: KCP_ENABLED
+                  value: "false"
+                - name: KUBECONFIG
+                  value: /api-kubeconfig/kubeconfig
+              image: ghcr.io/openmfp/account-operator:0.0.0
+              livenessProbe:
+                httpGet:
+                  path: /healthz
+                  port: 8081
+                initialDelaySeconds: 15
+                periodSeconds: 20
+              name: manager
+              ports:
+                - containerPort: 8080
+                  name: metrics
+                  protocol: TCP
+                - containerPort: 8081
+                  name: health-port
+                  protocol: TCP
+              readinessProbe:
+                httpGet:
+                  path: /readyz
+                  port: 8081
+                initialDelaySeconds: 5
+                periodSeconds: 10
+              resources:
+                limits:
+                  cpu: 260m
+                  memory: 512Mi
+                requests:
+                  cpu: 150m
+                  memory: 128Mi
+              securityContext:
+                runAsNonRoot: true
+              volumeMounts:
+                - mountPath: /api-kubeconfig
+                  name: external-api-server
+          serviceAccountName: RELEASE-NAME-account-operator
+          terminationGracePeriodSeconds: 10
+          volumes:
+            - name: external-api-server
+              secret:
+                secretName: kubeconfig
   4: |
     apiVersion: v1
     imagePullSecrets:

diff --git a/charts/account-operator/tests/deployment_test.yaml b/charts/account-operator/tests/deployment_test.yaml
@@ -8,5 +8,10 @@ chart:
   appVersion: 0.0.0
 tests:
   - it: operator match the snapshot
+    asserts:
+      - matchSnapshot: {}
+  - it: operator match the snapshot (with kubeconfigSecret)
+    set:
+      kubeconfigSecret: "kubeconfig"
     asserts:
       - matchSnapshot: {}
diff --git a/charts/account-operator/values.yaml b/charts/account-operator/values.yaml
@@ -22,3 +22,8 @@ deployment:
     requests:
       cpu: 150m
       memory: 128Mi
+
+kcp:
+  enabled: false
+
+kubeconfigSecret: ""