Skip to content

Commit

Permalink
🐛 Disable the propagator webhook; Add ClusterManagementAddon manifests (
Browse files Browse the repository at this point in the history
#388)

* Disable the propagator webhook

A webhook was added, but it requires cert-manager as a prerequisite.
Until we can resolve/update that, leave it disabled by default.

Signed-off-by: Dale Haiducek <[email protected]>

* Add `ClusterManagementAddon` for app and policy

A new check blocked enabling addons if this is missing.

Signed-off-by: Dale Haiducek <[email protected]>

---------

Signed-off-by: Dale Haiducek <[email protected]>
  • Loading branch information
dhaiducek authored Nov 6, 2023
1 parent ed10693 commit c43d888
Show file tree
Hide file tree
Showing 10 changed files with 64 additions and 27 deletions.
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@ check-copyright:
@build/check-copyright.sh

.PHONY: test
test:
test: deps
@build/run-unit-tests.sh

.PHONY: clean-test
Expand Down
5 changes: 3 additions & 2 deletions pkg/cmd/create/sampleapp/suite_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,15 @@
package sampleapp

import (
"path/filepath"
"testing"

"k8s.io/apimachinery/pkg/api/meta"
"k8s.io/client-go/discovery"
"k8s.io/client-go/discovery/cached/memory"
"k8s.io/client-go/restmapper"
"k8s.io/client-go/tools/clientcmd"
clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
"path/filepath"
"testing"

"github.com/onsi/ginkgo/v2"
"github.com/onsi/gomega"
Expand Down
6 changes: 5 additions & 1 deletion pkg/cmd/install/hubaddon/exec.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,11 @@ package hubaddon

import (
"fmt"
"open-cluster-management.io/clusteradm/pkg/helpers/reader"
"os"
"strings"

"open-cluster-management.io/clusteradm/pkg/helpers/reader"

"github.com/spf13/cobra"
"k8s.io/klog/v2"

Expand Down Expand Up @@ -89,6 +90,7 @@ func (o *Options) runWithClient() error {
// Install the Application Management Addon
case appMgrAddonName:
files := []string{
"addon/appmgr/clustermanagementaddon_appmgr.yaml",
"addon/appmgr/clusterrole_agent.yaml",
"addon/appmgr/clusterrole_binding.yaml",
"addon/appmgr/clusterrole.yaml",
Expand Down Expand Up @@ -139,6 +141,8 @@ func (o *Options) runWithClient() error {
"addon/policy/propagator_role.yaml",
"addon/policy/propagator_rolebinding.yaml",
"addon/policy/propagator_serviceaccount.yaml",
"addon/policy/clustermanagementaddon_configpolicy.yaml",
"addon/policy/clustermanagementaddon_policyframework.yaml",
"addon/appmgr/crd_placementrule.yaml",
}

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
# Copyright Contributors to the Open Cluster Management project
apiVersion: addon.open-cluster-management.io/v1alpha1
kind: ClusterManagementAddOn
metadata:
name: application-manager
spec:
addOnMeta:
description: Synchronizes application on the managed clusters from the hub
displayName: Application Manager
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# Copyright Contributors to the Open Cluster Management project
apiVersion: addon.open-cluster-management.io/v1alpha1
kind: ClusterManagementAddOn
metadata:
name: config-policy-controller
spec:
addOnMeta:
description: Audits k8s resources and remediates violation based on configuration policies.
displayName: Config Policy Addon
supportedConfigs:
- group: addon.open-cluster-management.io
resource: addondeploymentconfigs
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# Copyright Contributors to the Open Cluster Management project
apiVersion: addon.open-cluster-management.io/v1alpha1
kind: ClusterManagementAddOn
metadata:
name: governance-policy-framework
spec:
addOnMeta:
description: Distributes policies and collects policy evaluation results.
displayName: Governance Policy Framework Addon
supportedConfigs:
- group: addon.open-cluster-management.io
resource: addondeploymentconfigs
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ rules:
- apiGroups:
- ""
resources:
- configmaps
- events
verbs:
- create
- delete
Expand All @@ -53,21 +53,19 @@ rules:
- apiGroups:
- ""
resources:
- events
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resourceNames:
- governance-policy-database
resources:
- secrets
verbs:
- create
- get
- list
- watch
- apiGroups:
- ""
resourceNames:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ spec:
name: governance-policy-propagator
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: governance-policy-propagator
labels:
name: governance-policy-propagator
spec:
Expand All @@ -19,6 +21,7 @@ spec:
- --health-probe-bind-address=:8081
- --metrics-bind-address=:8383
- --leader-elect
- --enable-webhooks=false
command:
- governance-policy-propagator
env:
Expand All @@ -30,6 +33,10 @@ spec:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: governance-policy-propagator
- name: WATCH_NAMESPACE_COMPLIANCE_EVENTS_STORE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/open-cluster-management/governance-policy-propagator:{{ .BundleVersion.PolicyAddon }}
imagePullPolicy: Always
name: governance-policy-propagator
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,18 +5,6 @@ metadata:
name: governance-policy-propagator-leader-election-role
namespace: {{ .Namespace }}
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
Expand Down
10 changes: 8 additions & 2 deletions pkg/cmd/install/hubaddon/suite_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,15 @@
package hubaddon

import (
"path/filepath"
"testing"

"k8s.io/apimachinery/pkg/api/meta"
"k8s.io/client-go/discovery"
"k8s.io/client-go/discovery/cached/memory"
"k8s.io/client-go/restmapper"
"k8s.io/client-go/tools/clientcmd"
clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
"testing"

"github.com/onsi/ginkgo/v2"
"github.com/onsi/gomega"
Expand Down Expand Up @@ -41,7 +43,11 @@ var _ = ginkgo.BeforeSuite(func() {
ginkgo.By("bootstrapping test environment")

// start a kube-apiserver
testEnv = &envtest.Environment{}
testEnv = &envtest.Environment{
CRDDirectoryPaths: []string{
filepath.Join("..", "..", "..", "..", "vendor", "open-cluster-management.io", "api", "addon", "v1alpha1"),
},
}

cfg, err := testEnv.Start()
gomega.Expect(err).ToNot(gomega.HaveOccurred())
Expand Down

0 comments on commit c43d888

Please sign in to comment.