Skip to content
This repository has been archived by the owner on Oct 17, 2024. It is now read-only.

Commit

Permalink
separate the manifests and operations for klusterlet operator
Browse files Browse the repository at this point in the history 
Signed-off-by: zhujian <jiazhu@redhat.com>
  • Loading branch information
@zhujian7
zhujian7 committed Dec 17, 2021
1 parent 07b951b commit cec4ec8
Show file tree
Hide file tree
Showing 30 changed files with 241 additions and 224 deletions.
2 changes: 1 addition & 1 deletion hack/copy-crds.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ done

for f in $SPOKE_CRD_FILES
do
cp $f ./manifests/klusterlet/
cp $f ./manifests/klusterlet/managed/
done

cp $CLUSTER_MANAGER_CRD_FILE ./deploy/cluster-manager/config/crds/
Expand Down
2 changes: 1 addition & 1 deletion hack/verify-crds.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ done

for f in $SPOKE_CRD_FILES
do
diff -N $f ./manifests/klusterlet/$(basename $f) || ( echo 'crd content is incorrect' && false )
diff -N $f ./manifests/klusterlet/managed/$(basename $f) || ( echo 'crd content is incorrect' && false )
done

diff -N $CLUSTER_MANAGER_CRD_FILE ./deploy/cluster-manager/config/crds/$(basename $CLUSTER_MANAGER_CRD_FILE) || ( echo 'crd content is incorrect' && false )
Expand Down
6 changes: 2 additions & 4 deletions manifests/fs.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,7 @@ import "embed"
//go:embed cluster-manager
var ClusterManagerManifestFiles embed.FS

//go:embed klusterlet
//go:embed klusterlet/detached
//go:embed klusterlet/management
//go:embed klusterlet/managed
//go:embed klusterletkube111
var KlusterletManifestFiles embed.FS

// var Klusterlet111ManifestFiles embed.FS
13 changes: 0 additions & 13 deletions manifests/klusterlet/detached/klusterlet-registration-role-management.yaml
View file

This file was deleted.

13 changes: 0 additions & 13 deletions manifests/klusterlet/detached/klusterlet-registration-rolebinding-management.yaml
View file

This file was deleted.

0 ...nagement.io_appliedmanifestworks.crd.yaml → ...nagement.io_appliedmanifestworks.crd.yaml
View file
File renamed without changes.
0 ...ster-management.io_clusterclaims.crd.yaml → ...ster-management.io_clusterclaims.crd.yaml
View file
File renamed without changes.
0 ...nagement.io_appliedmanifestworks.crd.yaml → ...nagement.io_appliedmanifestworks.crd.yaml
View file
File renamed without changes.
0 ...ster-management.io_clusterclaims.crd.yaml → ...ster-management.io_clusterclaims.crd.yaml
View file
File renamed without changes.
8 changes: 5 additions & 3 deletions .../klusterlet-registration-clusterrole.yaml → .../klusterlet-registration-clusterrole.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,12 @@ metadata:
name: open-cluster-management:{{ .KlusterletName }}-registration:agent
rules:
# Allow agent to get/list/watch nodes and configmaps.
- apiGroups: [""]
resources: ["nodes", "configmaps"]
verbs: ["get", "list", "watch"]
# - apiGroups: [""]
# resources: ["nodes", "configmaps"]
# verbs: ["get", "list", "watch"]

# Allow agent to get/list/watch/create/delete/update/patch secrets.
# TODO(zhujian7): consider to delete when addon agents can deployed on the management cluster.
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]
Expand Down
0 ...rlet-registration-clusterrolebinding.yaml → ...rlet-registration-clusterrolebinding.yaml
View file
File renamed without changes.
0 ...usterlet-registration-serviceaccount.yaml → ...usterlet-registration-serviceaccount.yaml
View file
File renamed without changes.
6 changes: 3 additions & 3 deletions ...usterlet/klusterlet-work-clusterrole.yaml → .../managed/klusterlet-work-clusterrole.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,9 @@ rules:
resources: ["subjectaccessreviews"]
verbs: ["create"]
# Allow agent to create events
- apiGroups: ["", "events.k8s.io"]
resources: ["events"]
verbs: ["create", "patch", "update"]
# - apiGroups: ["", "events.k8s.io"]
# resources: ["events"]
# verbs: ["create", "patch", "update"]
# Allow agent to managed appliedmanifestworks
- apiGroups: ["work.open-cluster-management.io"]
resources: ["appliedmanifestworks"]
Expand Down
0 ...let-work-clusterrolebinding-addition.yaml → ...let-work-clusterrolebinding-addition.yaml
View file
File renamed without changes.
0 ...t/klusterlet-work-clusterrolebinding.yaml → ...d/klusterlet-work-clusterrolebinding.yaml
View file
File renamed without changes.
0 ...erlet/klusterlet-work-serviceaccount.yaml → ...naged/klusterlet-work-serviceaccount.yaml
View file
File renamed without changes.
0 ...t/klusterlet-registration-deployment.yaml → ...t/klusterlet-registration-deployment.yaml
View file
File renamed without changes.
3 changes: 3 additions & 0 deletions ...sterlet/klusterlet-registration-role.yaml → ...agement/klusterlet-registration-role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@ metadata:
name: open-cluster-management:{{ .KlusterletName }}-registration:agent
namespace: {{ .KlusterletNamespace }}
rules:
# leader election needs to operate configmaps, create hub-kubeconfig external-managed-registration/work secrets
# TODO(zhujian7): may be replaced by a clusterrole to grant secret operation for others namespaces when addon
# agents are supported running on the management cluster
- apiGroups: [""]
resources: ["configmaps", "secrets"]
verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]
Expand Down
0 ...nding-extension-apiserver-management.yaml → ...tion-rolebinding-extension-apiserver.yaml
View file
File renamed without changes.
0 .../klusterlet-registration-rolebinding.yaml → .../klusterlet-registration-rolebinding.yaml
View file
File renamed without changes.
0 ...gistration-serviceaccount-management.yaml → ...usterlet-registration-serviceaccount.yaml
View file
File renamed without changes.
0 ...lusterlet/klusterlet-work-deployment.yaml → ...anagement/klusterlet-work-deployment.yaml
View file
File renamed without changes.
9 changes: 5 additions & 4 deletions ...ched/klusterlet-work-role-management.yaml → ...rlet/management/klusterlet-work-role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,12 @@ metadata:
name: open-cluster-management:{{ .KlusterletName }}-work:agent
namespace: {{ .KlusterletNamespace }}
rules:
# leader election needs to operate configmaps
# - apiGroups: [""]
# resources: ["configmaps"]
# verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]
- apiGroups: [""]
resources: ["secrets"]
resources: ["configmaps", "secrets"]
verbs: ["get", "list", "watch"]
- apiGroups: ["", "events.k8s.io"]
resources: ["events"]
Expand Down
0 ...nding-extension-apiserver-management.yaml → ...work-rolebinding-extension-apiserver.yaml
View file
File renamed without changes.
0 ...usterlet-work-rolebinding-management.yaml → ...nagement/klusterlet-work-rolebinding.yaml
View file
File renamed without changes.
0 ...erlet-work-serviceaccount-management.yaml → ...ement/klusterlet-work-serviceaccount.yaml
View file
File renamed without changes.
Loading

0 comments on commit cec4ec8

Please sign in to comment.