From e8b6c267b8cd1652d6c05a3e0f84852ecb240324 Mon Sep 17 00:00:00 2001 From: Daishan Date: Sun, 10 Nov 2019 23:32:50 -0700 Subject: [PATCH] Cleaning up code 1. remove devMode, move proper arguments to controller 2. move linkerd-job to a stack 3. split rio-controller into controller and bootstrap stack --- cli/cmd/builds/build.go | 8 +- cli/cmd/install/install.go | 23 +- cli/cmd/up/up.go | 20 +- cli/{cmd/up/pkg => pkg/up}/build.go | 2 +- main.go | 27 +- modules/linkerd/feature/feature.go | 22 +- modules/linkerd/module.go | 50 --- modules/rdns/controllers/service/handler.go | 17 +- pkg/apis/admin.rio.cattle.io/v1/info.go | 1 - pkg/config/config.go | 12 +- pkg/controllers/systemstatus/controller.go | 121 ------ pkg/server/startup.go | 20 +- pkg/stack/stack.go | 4 + pkg/stack/systemstack.go | 9 +- pkg/webhook/webhook.go | 33 +- scripts/build | 9 +- scripts/test | 5 +- scripts/validate | 3 +- stacks/bindata-non-static.go | 11 + stacks/bindata.go | 115 ++++- stacks/linkerd-install-stack.yaml | 28 ++ stacks/rio-bootstrap-stack.yaml | 435 +++++++++++++++++++ stacks/rio-controller-stack.yaml | 442 +------------------- 23 files changed, 710 insertions(+), 707 deletions(-) rename cli/{cmd/up/pkg => pkg/up}/build.go (99%) delete mode 100644 pkg/controllers/systemstatus/controller.go create mode 100644 stacks/bindata-non-static.go create mode 100644 stacks/linkerd-install-stack.yaml create mode 100644 stacks/rio-bootstrap-stack.yaml diff --git a/cli/cmd/builds/build.go b/cli/cmd/builds/build.go index d0f6809d4..e30623e6c 100644 --- a/cli/cmd/builds/build.go +++ b/cli/cmd/builds/build.go @@ -5,9 +5,9 @@ import ( "io/ioutil" "path/filepath" - "github.com/rancher/rio/cli/cmd/up/pkg" "github.com/rancher/rio/cli/pkg/builder" "github.com/rancher/rio/cli/pkg/clicontext" + "github.com/rancher/rio/cli/pkg/up" riov1 "github.com/rancher/rio/pkg/apis/rio.cattle.io/v1" "github.com/rancher/rio/pkg/stack" "github.com/urfave/cli" @@ -37,12 +37,12 @@ type Build struct { } func (b *Build) Run(ctx *clicontext.CLIContext) error { - content, err := pkg.LoadRiofile(b.F_File) + content, err := up.LoadRiofile(b.F_File) if err != nil { return err } - answers, err := pkg.LoadAnswer("") + answers, err := up.LoadAnswer("") if err != nil { return err } @@ -57,7 +57,7 @@ func (b *Build) Run(ctx *clicontext.CLIContext) error { return err } - images, err := pkg.Build(imageBuilds, ctx, false) + images, err := up.Build(imageBuilds, ctx, false) if err != nil { return err } diff --git a/cli/cmd/install/install.go b/cli/cmd/install/install.go index 319c93844..fc39e8588 100644 --- a/cli/cmd/install/install.go +++ b/cli/cmd/install/install.go @@ -28,7 +28,6 @@ type Install struct { IPAddress []string `desc:"Manually specify IP addresses to generate rdns domain, supports comma separated values" name:"ip-address"` DisableFeatures []string `desc:"Manually specify features to disable, supports comma separated values"` EnableDebug bool `desc:"Enable debug logging in controller"` - HTTPProxy string `desc:"Set HTTP_PROXY environment variable for control plane"` Yaml bool `desc:"Only print out k8s yaml manifest"` Check bool `desc:"Only check status, don't deploy controller"` } @@ -39,23 +38,30 @@ func (i *Install) Run(ctx *clicontext.CLIContext) error { } namespace := ctx.SystemNamespace + bootstrapStack := stack.NewSystemStack(ctx.Apply, nil, namespace, "rio-bootstrap") controllerStack := stack.NewSystemStack(ctx.Apply, nil, namespace, "rio-controller") answers := map[string]string{ - "NAMESPACE": namespace, - "DEBUG": strconv.FormatBool(i.EnableDebug), - "IMAGE": fmt.Sprintf("%s:%s", constants.ControllerImage, constants.ControllerImageTag), - "HTTP_PROXY": i.HTTPProxy, - "RUN_CONTROLLER": "true", + "NAMESPACE": namespace, + "RIO_DEBUG": strconv.FormatBool(i.EnableDebug), + "IMAGE": fmt.Sprintf("%s:%s", constants.ControllerImage, constants.ControllerImageTag), + "RUN_API_VALIDATOR": "\"TRUE\"", } + bootstrapStack.WithAnswer(answers) + controllerStack.WithAnswer(answers) if i.Yaml { + bootstrapObjects, err := bootstrapStack.GetObjects() + if err != nil { + return err + } + cm, err := i.getConfigMap(ctx, true) if err != nil { return err } - yamlOutput, err := controllerStack.Yaml(answers, cm) + yamlOutput, err := controllerStack.Yaml(nil, append(bootstrapObjects, cm)...) if err != nil { return err } @@ -79,6 +85,9 @@ func (i *Install) Run(ctx *clicontext.CLIContext) error { } fmt.Println("Deploying Rio control plane....") + if err := bootstrapStack.Deploy(answers); err != nil { + return err + } if err := controllerStack.Deploy(answers, cm); err != nil { return err } diff --git a/cli/cmd/up/up.go b/cli/cmd/up/up.go index c925b4c77..d57e0d554 100644 --- a/cli/cmd/up/up.go +++ b/cli/cmd/up/up.go @@ -3,8 +3,8 @@ package up import ( "fmt" - "github.com/rancher/rio/cli/cmd/up/pkg" "github.com/rancher/rio/cli/pkg/clicontext" + "github.com/rancher/rio/cli/pkg/up" riov1 "github.com/rancher/rio/pkg/apis/rio.cattle.io/v1" "github.com/rancher/rio/pkg/riofile/stringers" "github.com/rancher/rio/pkg/stack" @@ -33,7 +33,7 @@ const ( func (u *Up) Run(c *clicontext.CLIContext) error { if u.Name == "" { - u.Name = pkg.GetCurrentDir() + u.Name = up.GetCurrentDir() } stack, err := u.ensureStack(c) @@ -103,12 +103,12 @@ func (u *Up) setBuild(c *clicontext.CLIContext) error { } func (u *Up) loadFileAndAnswer(c *clicontext.CLIContext) (string, map[string]string, error) { - answers, err := pkg.LoadAnswer(u.Answers) + answers, err := up.LoadAnswer(u.Answers) if err != nil { return "", nil, err } - content, err := pkg.LoadRiofile(u.F_File) + content, err := up.LoadRiofile(u.F_File) if err != nil { return "", nil, err } @@ -122,7 +122,7 @@ func (u *Up) up(content string, answers map[string]string, s *riov1.Stack, c *cl return err } - images, err := pkg.Build(imageBuilds, c, u.P_Parallel) + images, err := up.Build(imageBuilds, c, u.P_Parallel) if err != nil { return err } @@ -151,7 +151,15 @@ func (u *Up) up(content string, answers map[string]string, s *riov1.Stack, c *cl knowngvks = s.Spec.AdditionalGroupVersionKinds } - err = c.Apply.WithListerNamespace(c.GetSetNamespace()).WithDefaultNamespace(c.GetSetNamespace()).WithOwner(s).WithSetOwnerReference(true, true).WithGVK(knowngvks...).WithDynamicLookup().ApplyObjects(objs...) + err = c.Apply. + WithListerNamespace(c.GetSetNamespace()). + WithDefaultNamespace(c.GetSetNamespace()). + WithOwner(s). + WithSetOwnerReference(true, true). + WithGVK(knowngvks...). + WithRestrictClusterScoped(). + WithDynamicLookup(). + ApplyObjects(objs...) if err != nil { return err } diff --git a/cli/cmd/up/pkg/build.go b/cli/pkg/up/build.go similarity index 99% rename from cli/cmd/up/pkg/build.go rename to cli/pkg/up/build.go index d4e9b7db5..0435a819c 100644 --- a/cli/cmd/up/pkg/build.go +++ b/cli/pkg/up/build.go @@ -1,4 +1,4 @@ -package pkg +package up import ( "fmt" diff --git a/main.go b/main.go index 965bca684..a9f2df808 100644 --- a/main.go +++ b/main.go @@ -1,5 +1,5 @@ //go:generate go run pkg/codegen/cleanup/main.go -//go:generate go run ./vendor/github.com/go-bindata/go-bindata/go-bindata -o ./stacks/bindata.go -ignore bindata.go -pkg stacks -modtime 1557785965 -mode 0644 ./stacks/ +//go:generate go run ./vendor/github.com/go-bindata/go-bindata/go-bindata -tags static -o ./stacks/bindata.go -ignore bindata.go -pkg stacks -modtime 1557785965 -mode 0644 ./stacks/ //go:generate go fmt stacks/bindata.go //go:generate go run pkg/codegen/main.go @@ -12,6 +12,8 @@ import ( _ "net/http/pprof" "os" + "github.com/rancher/rio/pkg/config" + "github.com/rancher/norman/pkg/debug" "github.com/rancher/rio/pkg/server" "github.com/rancher/rio/pkg/version" @@ -42,6 +44,29 @@ func main() { Value: "rio-system", Destination: &namespace, }, + cli.BoolFlag{ + Name: "run_api_validator", + Usage: "Whether to run api validator webhook", + EnvVar: "RUN_API_VALIDATOR", + Destination: &config.ConfigController.RunAPIValidatorWebhook, + }, + cli.StringFlag{ + Name: "webhook_port", + Usage: "Specify which port webhook should listen on", + EnvVar: "RUN_API_VALIDATOR_PORT", + Destination: &config.ConfigController.WebhookPort, + }, + cli.StringFlag{ + Name: "webhook_host", + Usage: "Specify which host webhook should listen on", + EnvVar: "RUN_API_VALIDATOR_HOST", + Destination: &config.ConfigController.WebhookHost, + }, + cli.StringFlag{ + Name: "ip_address", + Usage: "Specify which ip address RDNS should generate record for", + Destination: &config.ConfigController.IPAddresses, + }, } app.Flags = append(app.Flags, debug.Flags(&debugConfig)...) app.Action = run diff --git a/modules/linkerd/feature/feature.go b/modules/linkerd/feature/feature.go index 0ac24d648..be8e24b53 100644 --- a/modules/linkerd/feature/feature.go +++ b/modules/linkerd/feature/feature.go @@ -5,22 +5,42 @@ import ( "github.com/rancher/rio/modules/linkerd/controller/inject" "github.com/rancher/rio/modules/linkerd/pkg/injector" + "github.com/rancher/rio/pkg/constants" "github.com/rancher/rio/pkg/features" "github.com/rancher/rio/pkg/stack" "github.com/rancher/rio/types" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +const ( + linkerdNamespace = "linkerd" + linkerdConfigName = "linkerd-config" ) func Register(ctx context.Context, rContext *types.Context) error { + cmClient := rContext.Core.Core().V1().ConfigMap() + linkerdUpgrade := "" + if _, err := cmClient.Get(linkerdNamespace, linkerdConfigName, metav1.GetOptions{}); err == nil { + linkerdUpgrade = "\"TRUE\"" + } + apply := rContext.Apply.WithCacheTypes(rContext.Batch.Batch().V1().Job()) feature := &features.FeatureController{ FeatureName: "linkerd", FeatureSpec: features.FeatureSpec{ Description: "linkerd service mesh", Enabled: true, }, - SystemStacks: []*stack.SystemStack{}, + SystemStacks: []*stack.SystemStack{ + stack.NewSystemStack(apply, rContext.Admin.Admin().V1().SystemStack(), rContext.Namespace, "linkerd-install"), + }, Controllers: []features.ControllerRegister{ inject.Register, }, + FixedAnswers: map[string]string{ + "LINKERD_UPGRADE": linkerdUpgrade, + "LINKERD_INSTALL_IMAGE": constants.LinkerdInstallImage, + "NAMESPACE": rContext.Namespace, + }, OnStart: func() error { injector.RegisterInjector() rContext.Rio.Rio().V1().Service().Enqueue("*", "*") diff --git a/modules/linkerd/module.go b/modules/linkerd/module.go index b4ac25722..0c21a3a09 100644 --- a/modules/linkerd/module.go +++ b/modules/linkerd/module.go @@ -4,59 +4,9 @@ import ( "context" "github.com/rancher/rio/modules/linkerd/feature" - "github.com/rancher/rio/pkg/constants" "github.com/rancher/rio/types" - batchv1 "k8s.io/api/batch/v1" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) func Register(ctx context.Context, rContext *types.Context) error { - if err := installLinkerd(rContext); err != nil { - return err - } return feature.Register(ctx, rContext) } - -func installLinkerd(rContext *types.Context) error { - cmClient := rContext.Core.Core().V1().ConfigMap() - linkerdUpgrade := "" - if _, err := cmClient.Get("linkerd", "linkerd-config", metav1.GetOptions{}); err == nil { - linkerdUpgrade = "TRUE" - } - if constants.DevMode && linkerdUpgrade == "TRUE" { - return nil - } - - job := &batchv1.Job{ - ObjectMeta: metav1.ObjectMeta{ - Namespace: rContext.Namespace, - GenerateName: "linkerd-install-", - }, - Spec: batchv1.JobSpec{ - TTLSecondsAfterFinished: &[]int32{120}[0], - BackoffLimit: &[]int32{1}[0], - Template: v1.PodTemplateSpec{ - Spec: v1.PodSpec{ - ServiceAccountName: "rio-controller-serviceaccount", - RestartPolicy: v1.RestartPolicyNever, - Containers: []v1.Container{ - { - Name: "linkerd-install", - Image: constants.LinkerdInstallImage, - ImagePullPolicy: v1.PullAlways, - Env: []v1.EnvVar{ - { - Name: "LINKERD_UPGRADE", - Value: linkerdUpgrade, - }, - }, - }, - }, - }, - }, - }, - } - _, err := rContext.Batch.Batch().V1().Job().Create(job) - return err -} diff --git a/modules/rdns/controllers/service/handler.go b/modules/rdns/controllers/service/handler.go index d5daaa617..a1e21ab38 100644 --- a/modules/rdns/controllers/service/handler.go +++ b/modules/rdns/controllers/service/handler.go @@ -3,7 +3,7 @@ package service import ( "context" "fmt" - "os" + "strings" approuter "github.com/rancher/rdns-server/client" adminv1 "github.com/rancher/rio/pkg/apis/admin.rio.cattle.io/v1" @@ -159,13 +159,16 @@ func (h *handler) generate(svc *corev1.Service, status corev1.ServiceStatus) ([] } func (h *handler) staticAddress() ([]adminv1.Address, error) { - if constants.DevMode && os.Getenv("IP_ADDRESS") != "" { - return []adminv1.Address{ - { - IP: os.Getenv("IP_ADDRESS"), + if config.ConfigController.IPAddresses != "" { + ips := strings.Split(config.ConfigController.IPAddresses, ",") + var addresses []adminv1.Address + for _, ip := range ips { + addresses = append(addresses, adminv1.Address{ + IP: ip, Hostname: "", - }, - }, nil + }) + } + return addresses, nil } cm, err := h.configMapCache.Get(h.systemNamespace, config.ConfigName) if err != nil { diff --git a/pkg/apis/admin.rio.cattle.io/v1/info.go b/pkg/apis/admin.rio.cattle.io/v1/info.go index 22c85f8bb..e9074a7c9 100644 --- a/pkg/apis/admin.rio.cattle.io/v1/info.go +++ b/pkg/apis/admin.rio.cattle.io/v1/info.go @@ -26,6 +26,5 @@ type RioInfoStatus struct { GitCommit string `json:"gitCommit,omitempty"` SystemNamespace string `json:"systemNamespace,omitempty"` Conditions []genericcondition.GenericCondition `json:"conditions,omitempty"` - Ready bool `json:"ready,omitempty"` SystemComponentReadyMap map[string]string `json:"systemComponentReadyMap,omitempty"` } diff --git a/pkg/config/config.go b/pkg/config/config.go index 22dc3ad48..02cfc4374 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -4,15 +4,23 @@ import ( "encoding/json" "strings" - v1 "k8s.io/api/core/v1" - adminv1 "github.com/rancher/rio/pkg/apis/admin.rio.cattle.io/v1" + v1 "k8s.io/api/core/v1" ) var ( ConfigName = "rio-config" + + ConfigController = ControllerConfig{} ) +type ControllerConfig struct { + RunAPIValidatorWebhook bool + WebhookPort string + WebhookHost string + IPAddresses string +} + type Config struct { Features map[string]FeatureConfig `json:"features,omitempty"` LetsEncrypt LetsEncrypt `json:"letsEncrypt,omitempty"` diff --git a/pkg/controllers/systemstatus/controller.go b/pkg/controllers/systemstatus/controller.go deleted file mode 100644 index 9cc96c9d5..000000000 --- a/pkg/controllers/systemstatus/controller.go +++ /dev/null @@ -1,121 +0,0 @@ -package systemstatus - -import ( - "context" - "fmt" - "net/http" - "reflect" - - "github.com/rancher/rio/pkg/config" - "github.com/rancher/rio/pkg/constants" - "github.com/rancher/rio/pkg/controllers/pkg" - "github.com/rancher/rio/pkg/deployment" - adminv1controller "github.com/rancher/rio/pkg/generated/controllers/admin.rio.cattle.io/v1" - "github.com/rancher/rio/types" - corev1controller "github.com/rancher/wrangler-api/pkg/generated/controllers/core/v1" - "github.com/sirupsen/logrus" - appsv1 "k8s.io/api/apps/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/selection" -) - -func Register(ctx context.Context, rContext *types.Context) error { - h := handler{ - systemNamespace: rContext.Namespace, - rioinfos: rContext.Admin.Admin().V1().RioInfo(), - configs: rContext.Core.Core().V1().ConfigMap().Cache(), - pods: rContext.Core.Core().V1().Pod().Cache(), - } - - rContext.Apps.Apps().V1().Deployment().OnChange(ctx, "systemstatus-check", h.sync) - return nil -} - -type handler struct { - systemNamespace string - rioinfos adminv1controller.RioInfoController - configs corev1controller.ConfigMapCache - pods corev1controller.PodCache -} - -func (h handler) sync(key string, obj *appsv1.Deployment) (*appsv1.Deployment, error) { - if obj == nil || obj.DeletionTimestamp != nil { - return obj, nil - } - - if obj.Namespace != h.systemNamespace { - return obj, nil - } - - infoObj, err := h.rioinfos.Get("rio", metav1.GetOptions{}) - if err != nil { - return obj, err - } - - info := infoObj.DeepCopy() - readyMap := info.Status.SystemComponentReadyMap - if readyMap == nil { - readyMap = make(map[string]string) - } - - deploymentReady := deployment.IsReady(&obj.Status) - if deploymentReady { - readyMap[obj.Name] = "Ready" - } else { - r, err := labels.NewRequirement("app", selection.Equals, []string{obj.Name}) - if err != nil { - return nil, err - } - l := labels.NewSelector().Add(*r) - pods, err := h.pods.List(obj.Namespace, l) - if err != nil { - return nil, err - } - if len(pods) > 0 { - readyMap[obj.Name] = pkg.PodDetail(pods[0]) - } - } - - cm, err := h.configs.Get(h.systemNamespace, config.ConfigName) - if err != nil { - return nil, err - } - r, err := config.FromConfigMap(cm) - if err != nil { - return nil, err - } - - var ready bool - if constants.DevMode { - ready = true - } else { - if _, err := http.Get(fmt.Sprintf("http://%s.%s", r.Gateway.ServiceName, r.Gateway.ServiceNamespace)); err == nil { - ready = true - } else { - ready = false - } - } - - var update bool - if !reflect.DeepEqual(info.Status.SystemComponentReadyMap, readyMap) { - info.Status.SystemComponentReadyMap = readyMap - update = true - } - - if info.Status.Ready != ready && ready { - if ready { - logrus.Info("Able to access gateway service, set systemState to ready") - } - info.Status.Ready = ready - update = true - } - - if update { - if _, err := h.rioinfos.Update(info); err != nil { - return obj, err - } - } - - return obj, nil -} diff --git a/pkg/server/startup.go b/pkg/server/startup.go index c05412735..b5648538c 100644 --- a/pkg/server/startup.go +++ b/pkg/server/startup.go @@ -4,7 +4,6 @@ import ( "context" "github.com/rancher/rio/modules" - "github.com/rancher/rio/pkg/constants" "github.com/rancher/rio/pkg/controllers" "github.com/rancher/rio/pkg/stack" "github.com/rancher/rio/pkg/webhook" @@ -12,8 +11,6 @@ import ( "github.com/rancher/wrangler/pkg/crd" "github.com/rancher/wrangler/pkg/kubeconfig" "github.com/rancher/wrangler/pkg/leader" - "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/runtime" "k8s.io/client-go/rest" ) @@ -31,13 +28,12 @@ func Startup(ctx context.Context, systemNamespace, kubeConfig string) error { ctx, rioContext := types.BuildContext(ctx, systemNamespace, restConfig) - // detect and bootstrap developer environment if err := bootstrapResources(rioContext, systemNamespace); err != nil { return err } // setting up auth webhook - w := webhook.New(rioContext, kubeConfig, constants.DevMode) + w := webhook.New(rioContext, kubeConfig) if err := w.Setup(); err != nil { return err } @@ -53,17 +49,11 @@ func Startup(ctx context.Context, systemNamespace, kubeConfig string) error { } func bootstrapResources(rioContext *types.Context, systemNamespace string) error { - if _, err := rioContext.Apps.Apps().V1().Deployment().Get(systemNamespace, "rio-controller", metav1.GetOptions{}); errors.IsNotFound(err) { - constants.DevMode = true - controllerStack := stack.NewSystemStack(rioContext.Apply, rioContext.Admin.Admin().V1().SystemStack(), systemNamespace, "rio-controller") - answer := map[string]string{ - "NAMESPACE": systemNamespace, - } - if err := controllerStack.Deploy(answer); err != nil { - return err - } + controllerStack := stack.NewSystemStack(rioContext.Apply, rioContext.Admin.Admin().V1().SystemStack(), systemNamespace, "rio-bootstrap") + answer := map[string]string{ + "NAMESPACE": systemNamespace, } - return nil + return controllerStack.Deploy(answer) } func Types(ctx context.Context, config *rest.Config) error { diff --git a/pkg/stack/stack.go b/pkg/stack/stack.go index 6463e7e54..b948e8c9e 100644 --- a/pkg/stack/stack.go +++ b/pkg/stack/stack.go @@ -42,6 +42,10 @@ func (s *Stack) Questions() ([]v1.Question, error) { return t.Questions() } +func (s *Stack) WithAnswer(answer map[string]string) { + s.answers = answer +} + func (s *Stack) Yaml(answers map[string]string, additionalObjects ...runtime.Object) (string, error) { mergedAnswers := map[string]string{} for k, v := range s.answers { diff --git a/pkg/stack/systemstack.go b/pkg/stack/systemstack.go index 9d264da5a..8fc171c9e 100644 --- a/pkg/stack/systemstack.go +++ b/pkg/stack/systemstack.go @@ -1,12 +1,7 @@ package stack import ( - "io/ioutil" - - "k8s.io/apimachinery/pkg/runtime" - adminv1 "github.com/rancher/rio/pkg/apis/admin.rio.cattle.io/v1" - "github.com/rancher/rio/pkg/constants" adminv1controller "github.com/rancher/rio/pkg/generated/controllers/admin.rio.cattle.io/v1" "github.com/rancher/rio/pkg/riofile" "github.com/rancher/rio/pkg/template" @@ -16,6 +11,7 @@ import ( "github.com/sirupsen/logrus" "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" "k8s.io/client-go/dynamic" ) @@ -83,8 +79,5 @@ func (s *SystemStack) WithApply(apply apply.Apply) { } func (s *SystemStack) content() ([]byte, error) { - if constants.DevMode { - return ioutil.ReadFile("stacks/" + s.name + "-stack.yaml") - } return stacks.Asset("stacks/" + s.name + "-stack.yaml") } diff --git a/pkg/webhook/webhook.go b/pkg/webhook/webhook.go index 952f2284c..978ea667c 100644 --- a/pkg/webhook/webhook.go +++ b/pkg/webhook/webhook.go @@ -8,6 +8,8 @@ import ( "os" "path/filepath" + "github.com/rancher/rio/pkg/config" + "github.com/linkerd/linkerd2/controller/k8s" "github.com/linkerd/linkerd2/controller/webhook" "github.com/linkerd/linkerd2/pkg/tls" @@ -47,31 +49,30 @@ var ( type Webhook struct { rContext *types.Context kubeconfig string - devMode bool listenHost string port string } -func New(rContext *types.Context, kc string, devMode bool) Webhook { +func New(rContext *types.Context, kc string) Webhook { w := Webhook{ rContext: rContext, kubeconfig: kc, - devMode: devMode, listenHost: fmt.Sprintf("%s.%s.svc", constants.AuthWebhookServiceName, rContext.Namespace), port: ":443", } - if devMode { - w.listenHost = os.Getenv("WEBHOOK_LISTEN") - if w.listenHost == "" { - w.listenHost = "127.0.0.1" - } - w.port = constants.DevWebhookPort + if config.ConfigController.WebhookHost != "" { + w.listenHost = config.ConfigController.WebhookHost + } + + if config.ConfigController.WebhookPort != "" { + w.port = config.ConfigController.WebhookPort } + return w } func (w Webhook) Setup() error { - if constants.DevMode && os.Getenv("RUN_WEBHOOK") == "" { + if !config.ConfigController.RunAPIValidatorWebhook { return nil } if err := w.setup(); err != nil { @@ -172,7 +173,8 @@ func (w Webhook) reconcileSecret() ([]byte, error) { } } - if w.devMode { + // if WebhookHost is not empty set up webhook locally + if config.ConfigController.WebhookHost != "" { tlsKeyPath = fmt.Sprintf("%s/.local/ssl/tls.key", os.Getenv("HOME")) tlsCrtPath = fmt.Sprintf("%s/.local/ssl/tls.crt", os.Getenv("HOME")) if err := os.MkdirAll(filepath.Dir(tlsKeyPath), 0755); err != nil { @@ -235,7 +237,8 @@ func (w Webhook) reconcileWebhook(caBundle []byte) error { }, } - if w.devMode { + // if WebhookHost is not empty set up webhook locally + if config.ConfigController.WebhookHost != "" { validatingWebhook.Webhooks[0].ClientConfig = v1beta1.WebhookClientConfig{ URL: &[]string{fmt.Sprintf("https://%s%s", w.listenHost, constants.DevWebhookPort)}[0], CABundle: caBundle, @@ -259,10 +262,6 @@ func (w Webhook) reconcileWebhook(caBundle []byte) error { } func (w Webhook) run() error { - port := w.port - if constants.DevMode { - port = constants.DevWebhookPort - } k8sAPI, err := k8s.InitializeAPI(w.kubeconfig) if err != nil { log.Fatalf("failed to initialize Kubernetes API: %s", err) @@ -285,7 +284,7 @@ func (w Webhook) run() error { ignoreServiceAccount: fmt.Sprintf(rioAdminAccount, w.rContext.Namespace), } - s, err := webhook.NewServer(k8sAPI, port, cred, h.ValidateAuth, constants.AuthWebhookServiceName) + s, err := webhook.NewServer(k8sAPI, w.port, cred, h.ValidateAuth, constants.AuthWebhookServiceName) if err != nil { log.Fatalf("failed to initialize the webhook server: %s", err) } diff --git a/scripts/build b/scripts/build index 81427dc9b..2a0ee6630 100755 --- a/scripts/build +++ b/scripts/build @@ -13,9 +13,10 @@ LINKFLAGS="-X github.com/rancher/rio/pkg/version.Version=$VERSION" LINKFLAGS="-X github.com/rancher/rio/pkg/version.GitCommit=$COMMIT $LINKFLAGS" LINKFLAGS="-X github.com/rancher/rio/pkg/constants.ControllerImage=${REPO}/rio-controller $LINKFLAGS" LINKFLAGS="-X github.com/rancher/rio/pkg/constants.ControllerImageTag=${TAG} $LINKFLAGS" -GOOS=linux CGO_ENABLED=0 go build -ldflags "$LINKFLAGS $OTHER_LINKFLAGS" -o bin/rio ./cli +BUILDTAGS="static" +GOOS=linux CGO_ENABLED=0 go build -tags "$BUILDTAGS" -ldflags "$LINKFLAGS $OTHER_LINKFLAGS" -o bin/rio ./cli if [ "$CROSS" = "true" ] && [ "$ARCH" = "amd64" ]; then - GOOS=darwin go build -ldflags "$LINKFLAGS" -o bin/rio-darwin ./cli - GOOS=windows go build -ldflags "$LINKFLAGS" -o bin/rio-windows ./cli + GOOS=darwin go build -tags "$BUILDTAGS" -ldflags "$LINKFLAGS" -o bin/rio-darwin ./cli + GOOS=windows go build -tags "$BUILDTAGS" -ldflags "$LINKFLAGS" -o bin/rio-windows ./cli fi -GOOS=linux CGO_ENABLED=0 go build -ldflags "$LINKFLAGS $OTHER_LINKFLAGS" -o bin/rio-controller +GOOS=linux CGO_ENABLED=0 go build -tags "$BUILDTAGS" -ldflags "$LINKFLAGS $OTHER_LINKFLAGS" -o bin/rio-controller diff --git a/scripts/test b/scripts/test index 66590be60..c71368535 100755 --- a/scripts/test +++ b/scripts/test @@ -27,7 +27,8 @@ if [[ ${ARCH} == amd64 ]]; then fatal "Integration tests must not be focused" fi - go test -cover -tags=test ./... + BUILDTAGS="test,static" + go test -cover -tags "$BUILDTAGS" ./... k3s server --no-deploy traefik >/dev/null 2>&1 & sleep 30 @@ -35,7 +36,7 @@ if [[ ${ARCH} == amd64 ]]; then export KUBECONFIG=/etc/rancher/k3s/k3s.yaml export PATH=$(pwd)/bin:$PATH - RUN_WEBHOOK=true rio-controller & > ./rio-controller-log & + RUN_API_VALIDATOR=true RUN_API_VALIDATOR_PORT=:7443 RUN_API_VALIDATOR_HOST=127.0.0.1 rio-controller & > ./rio-controller-log & rio install --check 2>&1 kubectl get po -n rio-system diff --git a/scripts/validate b/scripts/validate index 7f98128bd..4b7d0305c 100755 --- a/scripts/validate +++ b/scripts/validate @@ -5,7 +5,8 @@ cd $(dirname $0)/.. echo Running validation -PACKAGES="$(go list ./...)" +BUILDTAGS="static" +PACKAGES="$(go list -tags "$BUILDTAGS" ./...)" if ! command -v golangci-lint; then echo Skipping validation: no golangci-lint available diff --git a/stacks/bindata-non-static.go b/stacks/bindata-non-static.go new file mode 100644 index 000000000..c838c0ad5 --- /dev/null +++ b/stacks/bindata-non-static.go @@ -0,0 +1,11 @@ +// +build !static + +package stacks + +import ( + "io/ioutil" +) + +func Asset(name string) ([]byte, error) { + return ioutil.ReadFile(name) +} diff --git a/stacks/bindata.go b/stacks/bindata.go index b710d237c..7856907b5 100644 --- a/stacks/bindata.go +++ b/stacks/bindata.go @@ -1,15 +1,20 @@ // Package stacks Code generated by go-bindata. (@generated) DO NOT EDIT. // sources: +// stacks/bindata-non-static.go // stacks/build-stack.yaml // stacks/cert-manager-stack.yaml // stacks/dashboard-stack.yaml // stacks/gloo-stack.sh // stacks/gloo-stack.yaml // stacks/gloo-values.yaml +// stacks/linkerd-install-stack.yaml // stacks/rio-autoscaler-stack.yaml +// stacks/rio-bootstrap-stack.yaml // stacks/rio-controller-stack.yaml // stacks/tekton-stack.sh // stacks/tekton-stack.yaml +// +build static + package stacks import ( @@ -86,6 +91,26 @@ func (fi bindataFileInfo) Sys() interface{} { return nil } +var _stacksBindataNonStaticGo = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x24\xcb\x31\xae\xc2\x30\x0c\x06\xe0\xb9\xff\x29\xfc\x3a\x35\x7a\x88\x9e\x81\x85\x03\xb0\x22\x06\x37\x35\x95\xd5\x34\xa9\x1c\x67\x40\x88\xbb\x23\xe0\x00\xdf\x38\xd2\xff\xd4\x34\xcd\xf4\x57\x9d\x5d\x23\xb0\x73\x5c\x79\x11\xaa\xce\x71\xad\x80\x6e\x7b\x31\xa7\x01\x5d\xaf\x65\xd4\xd2\x5c\x53\x8f\x00\xdc\x5b\x8e\x74\xaa\x55\x7c\xc8\xbc\x7d\x80\x69\x5e\x02\x0d\xd7\xdb\xf4\x70\x39\x90\x98\x15\x0b\xf4\x44\x67\xe2\xcd\x32\xfd\xf0\xf1\x22\x3c\x9f\x35\xc9\x97\x05\xbc\xf0\x0e\x00\x00\xff\xff\x68\x6b\x86\x91\x86\x00\x00\x00") + +func stacksBindataNonStaticGoBytes() ([]byte, error) { + return bindataRead( + _stacksBindataNonStaticGo, + "stacks/bindata-non-static.go", + ) +} + +func stacksBindataNonStaticGo() (*asset, error) { + bytes, err := stacksBindataNonStaticGoBytes() + if err != nil { + return nil, err + } + + info := bindataFileInfo{name: "stacks/bindata-non-static.go", size: 134, mode: os.FileMode(420), modTime: time.Unix(1557785965, 0)} + a := &asset{bytes: bytes, info: info} + return a, nil +} + var _stacksBuildStackYaml = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x84\x52\x4d\x8b\xdb\x30\x10\xbd\xe7\x57\x0c\xee\x61\x61\x89\x3f\xb2\x1b\xb2\x59\x81\x0f\x0b\x5b\xda\x1e\x0a\x21\xcd\xa5\x2c\x25\xc8\xf2\x44\x11\x91\x2d\x21\x4d\x92\x06\xfa\xe3\x8b\x63\xf9\x23\xdd\xc2\x62\x30\xe2\xcd\x7b\x33\x9a\xa7\x27\x4c\xbd\x53\xd2\xb3\x09\x40\x71\x54\xba\x3c\x28\x2a\xe3\x16\x6c\xb0\x11\x9a\x90\xa9\x34\x83\x3f\x57\x14\xa0\xc4\xe2\x28\x73\x72\x47\x0c\xc0\x9b\x14\xbf\xc2\x11\x00\x6b\x5e\x68\x2c\xf3\x1d\xd7\xbe\x27\x9c\x8d\x3b\xa0\x4b\x8c\x50\xef\x89\xa3\x46\x00\x52\xdc\x08\x1b\xe0\x80\x68\x3d\x19\xc7\x25\xe6\xb3\xec\xe9\xf1\x69\x3e\x5b\x3e\xcc\xfb\xd1\xce\x8e\x86\xf3\xb2\x74\xe8\x3d\xe4\xf0\x06\x11\x09\xcb\xd2\x34\x4b\xae\x1f\x5b\x66\xcb\x2c\x82\x81\xfa\xa9\xdd\xe3\x25\x28\x94\xef\xc5\x3b\xe3\x80\x13\x71\xb1\x57\xb5\x04\x69\xc0\x3a\xb3\x53\x1a\x3d\xf0\xba\x6c\x55\x12\x9d\x4f\xfa\x56\x37\x8d\x72\x88\xba\x91\x8b\x6c\x91\x45\x93\x89\x47\x77\x52\x02\x6f\x9d\x6e\x2d\x0e\xa5\xef\xe8\xf7\x0c\x86\xc5\x55\xc5\x25\x32\x88\x2a\x53\x5c\xd2\x4e\xc2\x4e\x59\xb2\x48\x66\xd1\x95\x61\x8d\x23\xdf\xf6\x88\xa1\x59\x2d\xdd\x13\xd9\x69\xc7\x9d\xe2\x6f\x6b\x3c\x8e\xbc\xb4\x4e\x9d\x94\x46\x89\x25\x83\xde\xf1\x51\x04\x9a\x3e\xef\x62\x90\x22\x89\x7e\x7e\xa7\x20\xae\x6a\x74\xbd\xa8\xe6\x15\x32\x70\x28\x95\x27\x77\x09\x9e\x74\x0b\x74\x30\x7b\x88\x26\xdd\xab\x9f\x58\x38\xc6\xb0\xfe\xfc\xe5\xdb\x8f\xcd\xfa\xe7\xf6\xeb\x66\xb3\xda\xbe\xbc\xbe\xae\xf3\xe1\xb9\x02\x6b\xb4\x69\xbb\x2b\x5b\x66\x29\x09\x3b\xed\x7a\xff\xbb\xeb\x19\x8b\xbd\x31\x87\x56\x22\xb5\x29\xb8\xde\x5a\x74\x95\xf2\x5e\x99\xba\xbf\x77\x74\x0f\x52\xd1\x99\x93\xd8\xa3\x4b\x04\x27\xd2\x98\x28\x93\x0e\xa0\x8f\x3e\xa6\x0a\x53\x55\x8a\x7a\xe6\xdd\x7d\xf0\xb4\xe2\xd6\xdf\x0d\x20\x9e\xb0\xa6\x1e\x90\x48\x53\xad\x3c\x81\x35\xa5\x0f\x98\x70\xc8\x09\xa7\x7d\x29\x6d\x6a\xa9\x36\x32\xd4\x3d\x0a\x87\xe4\xc7\xf1\x70\xbc\x6e\x2e\x34\xba\x71\x13\x91\x79\xf2\x78\x25\x71\x37\x3c\xec\xc0\x08\x40\x1c\x37\x43\xb0\x8e\x43\xe6\x03\xcc\x96\xd9\x73\x36\x8c\x58\x1d\xb5\x5e\x19\xad\xc4\x85\x01\xd7\x67\x7e\xf1\xff\xcb\xde\x73\xc8\x5e\xf3\x8b\x83\xf9\x93\xbf\x01\x00\x00\xff\xff\x58\xcd\x9d\x87\x5d\x04\x00\x00") func stacksBuildStackYamlBytes() ([]byte, error) { @@ -206,6 +231,26 @@ func stacksGlooValuesYaml() (*asset, error) { return a, nil } +var _stacksLinkerdInstallStackYaml = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x8c\x92\x41\x8b\xdb\x40\x0c\x85\xef\xf9\x15\x3a\xf4\x6a\xda\xa5\xb7\xb9\x99\x6e\x08\x69\xb3\x26\xc4\x6d\xaf\x8b\x3c\x56\xb6\xc2\x33\x1a\xa3\x91\x0d\xa5\xdd\xff\x5e\xec\x24\xac\xbd\xec\x42\x8f\x7a\xef\xe9\x1b\x34\x52\x37\x34\xa4\x42\x46\xd9\x6d\x00\x22\x0a\x9f\x29\x9b\x83\xbf\xc5\x06\x00\x00\x7b\xfe\x49\x9a\x39\x89\x83\x06\xcd\xff\xfa\x38\xde\xcd\x46\xc7\xd2\x3a\xf8\x9a\x9a\xb9\x8a\x64\xd8\xa2\xa1\x9b\x2b\x80\x27\x12\x52\x34\xaa\x30\x92\x83\xc0\xd2\x91\xb6\x05\x4b\x36\x0c\xa1\xb8\x86\x04\x23\xe5\x1e\x3d\x39\xf8\xf0\xa7\x2a\x1f\xb6\xf5\xb1\xfc\xb2\x7d\x9e\xdd\xdc\x93\xbf\xc1\x1a\xf4\x5d\x3a\x9f\x0f\x1c\xd9\x1c\xdc\x5d\x55\x9f\x62\x1f\xc8\x38\x49\x7e\x11\x7b\x54\x0c\x81\x02\xe7\xf8\x22\x1a\xc5\x3e\xa0\xd1\x8d\xb7\xa6\x5f\x58\x62\xc8\x42\x9a\x97\x6a\x01\x24\xe3\x52\x98\x24\x99\x27\x2a\x4f\xbb\x7a\x65\x00\x8c\x18\x86\x79\x92\x7d\x55\x7f\x2f\x0f\x87\xc7\x29\xf3\xfc\x66\xf7\x61\x5f\x7d\xdb\x9e\xee\x1f\x7f\x1c\x77\xa7\xf2\x7e\xfb\x1e\xe8\x55\x6c\xcd\xe2\x88\x4f\xab\xd4\xed\xd9\xfd\x43\xb9\x7b\x95\x95\xb7\xb6\xb0\x48\x28\x65\x43\xb5\x63\x0a\xec\x7f\x3b\xa8\x68\x24\x5d\xd8\x99\x74\x64\x4f\xa5\xf7\x69\x10\x73\xa0\x9c\x8a\xe9\xc7\x34\x85\x40\x5a\x5c\x6d\xbc\xd8\xef\xf6\x5d\x4e\xe1\x7f\x7b\x8d\x34\xb2\xe0\xb4\xde\x9d\xa2\xa7\x23\x29\xa7\xb6\x26\x9f\xa4\xcd\x0e\x3e\x7f\xda\x6c\x96\x6b\x25\x19\xeb\xa1\x99\xee\xd6\x74\xa0\x7f\x01\x00\x00\xff\xff\xef\xc1\x1e\x03\xd4\x02\x00\x00") + +func stacksLinkerdInstallStackYamlBytes() ([]byte, error) { + return bindataRead( + _stacksLinkerdInstallStackYaml, + "stacks/linkerd-install-stack.yaml", + ) +} + +func stacksLinkerdInstallStackYaml() (*asset, error) { + bytes, err := stacksLinkerdInstallStackYamlBytes() + if err != nil { + return nil, err + } + + info := bindataFileInfo{name: "stacks/linkerd-install-stack.yaml", size: 724, mode: os.FileMode(420), modTime: time.Unix(1557785965, 0)} + a := &asset{bytes: bytes, info: info} + return a, nil +} + var _stacksRioAutoscalerStackYaml = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x84\x90\xc1\x6a\xf3\x30\x0c\xc7\xef\x79\x0a\x1f\x3e\x28\x7c\x2c\x49\xb7\x53\x1b\xe8\xa1\x8c\x1e\x37\x02\x7d\x80\xa1\x38\xaa\x31\xb3\x2d\x63\xc9\xd9\xc2\xd8\xbb\x8f\x64\x6b\x9a\xc3\x60\x37\x4b\xbf\x9f\xfc\x47\x62\x4c\x83\xd5\xc8\x4d\xa1\x14\x64\x21\xd6\xe0\x30\x4d\x95\x52\xc6\x51\x07\xee\x25\x62\xf2\x96\xd9\x52\xe0\xef\x7e\xa9\x36\xff\x55\xa4\x9e\x37\xb7\x52\x53\xb8\x58\xe3\x21\xae\x9b\xcb\x87\x55\xb2\x54\x69\x10\x71\x58\x59\xaa\xaf\xa1\x73\x16\x6a\xf2\x1e\x43\x0f\x32\x25\xac\xa6\x7f\x9f\xf9\x53\xa8\x59\x40\xf2\x8f\x67\x3d\x18\x6c\x14\x4b\xa2\x60\x3c\x85\x57\x1c\xef\xf7\xfb\x87\x7a\xb5\x6a\x8f\xc3\x4d\x6d\xb3\x73\x2d\x39\xab\xc7\x46\x81\x7b\x83\x91\x67\x86\x61\xb8\xae\xfe\x7c\x7c\x3a\x9d\xdb\xe3\xe3\xe9\xf0\xef\x63\x79\x7f\xce\x30\x52\x92\xe5\x44\xbb\x6d\xb3\xdb\xde\xe1\x7b\x24\xc6\xc3\x05\x1c\xe3\x0c\x20\x99\x45\x29\xcb\x1e\xbb\x6c\x8a\x42\xd0\x47\x07\x82\x13\xc0\x30\x9c\x73\xc7\xd2\x28\x49\x19\x8b\xaf\x00\x00\x00\xff\xff\xd0\xa3\x52\x98\xa0\x01\x00\x00") func stacksRioAutoscalerStackYamlBytes() ([]byte, error) { @@ -226,7 +271,27 @@ func stacksRioAutoscalerStackYaml() (*asset, error) { return a, nil } -var _stacksRioControllerStackYaml = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xe4\x5a\x4d\x6f\xdb\x38\x13\xbe\xe7\x57\x10\xc6\x0b\x14\x28\x20\xe7\xdd\x6e\x0f\x0b\xdd\xd2\x34\xe8\x16\xc8\x87\xe1\xa6\xc5\xee\xa9\x18\x53\x63\x65\xd6\x14\xa9\x25\x87\x4e\xdd\x6e\xfe\xfb\x82\x92\xad\x48\xb2\x22\x3b\x8e\x9d\xa2\x5b\x9f\xc2\x99\xe1\x7c\x6b\xa4\x87\xcc\xcc\x4f\xd0\x6a\x64\x74\xf1\x91\x10\x19\x68\x9a\xa2\xe3\x58\xfc\x13\x1d\x09\x21\x04\xe4\xf4\x09\xad\x23\xa3\x63\x31\xff\xa5\x20\xcd\x48\x27\xb1\xb8\x84\x0c\x5d\x0e\x12\x0b\x5a\x86\x0c\x09\x30\xc4\xc5\x4a\x08\x0d\x19\xc6\xe2\x7f\xdf\x2e\x4f\x2e\xce\x3e\x8c\x4e\x4e\xcf\xee\x96\x0c\x05\x13\x54\x6e\x25\x26\x2c\x99\xa1\x04\x66\x85\x43\x32\xc7\xe4\x22\xb7\x70\x8c\x59\x2c\x06\x6c\x3d\x0e\x0a\xb1\x28\x5a\x77\xc5\x4e\x40\x0e\xc1\xf3\x8d\xb1\xf4\x15\x98\x8c\x1e\xce\x7e\x73\x41\x47\xc3\xc9\x53\xe5\x1d\xa3\x1d\x1b\xd5\xe7\xa6\x25\x13\xc9\x52\x32\x82\x24\x23\x5d\x70\xad\x57\xb8\x74\x34\x0a\xb6\xdf\x59\xe3\xf3\xca\xf3\x48\x0c\x06\xcb\x3f\x2d\x3a\xe3\xad\xc4\x3a\xef\xe5\x8a\x39\x47\x3b\xe9\x60\x44\x42\x1b\x3d\x5e\x6e\xfc\x38\x3e\xdf\x66\xef\x8b\x97\x2f\x7a\xbc\x81\x9c\x2c\xa6\xe4\xd8\xd6\xd3\xd1\xe7\x23\xe4\xe4\xd0\xce\x49\xa2\xdb\xe8\x6d\xa7\xc5\x24\x23\x17\xca\xf1\x48\xbb\x99\x67\x60\xd2\xe9\x2d\x4e\x6e\x8c\x99\x49\xa3\xa7\x94\xfa\x72\x7b\xe5\x49\x24\x06\x73\x50\x94\x6c\x96\x7c\x94\xcf\xf8\x85\x51\xbb\x96\x21\xc8\x73\xd7\xe7\xb0\xc5\x5c\x91\x04\x87\x5c\xdf\x95\x60\xae\xcc\x22\x43\xdd\xa4\x02\x66\x46\xb7\x44\x1d\x03\xe3\xd4\xab\x3a\xf9\x51\xc5\x9d\x78\x52\xc9\x70\xa6\x81\x69\x8e\xc3\x04\xe7\x35\xe5\x12\xe4\x0d\xe9\x74\x48\x9a\xd1\x6a\x50\x5d\x62\xbb\xb5\x68\x97\x27\x12\x2d\x47\x19\x68\x48\xd1\x6e\xa8\xf3\x6e\x06\x34\xf2\xad\xb1\xb3\x10\x51\xb3\x95\x3a\xab\xd7\x65\x97\x74\x6a\xd1\x39\xac\x57\xa0\xa2\x1d\x87\x5a\xf8\xdd\x9a\x67\x02\x2c\x6f\xf6\x1f\x31\x78\x36\x4e\x82\x22\x9d\xee\x5f\xf9\x83\x83\xf2\x00\x71\x84\xd1\x39\x6c\x4c\xf4\x03\xc4\x73\x58\xf5\x29\xf1\x6d\xa8\x32\xda\x43\x5a\x51\xa4\x67\x68\x93\x0d\xba\x97\xc3\x39\xb7\x66\x4a\x6a\xd7\x19\x9d\xd3\xfd\x43\xb3\x45\xe5\xa5\x77\x6c\xb2\x15\x27\xc1\x29\x69\xda\x7d\xda\x86\xbe\x43\xcd\x24\xcb\xc6\x23\xc7\x64\x0e\x92\xd0\xdc\x28\x92\x8b\x3e\xbd\xb9\x49\x1c\x4a\x6f\x89\x17\x85\x30\xed\x98\x50\x97\x2b\xe2\xa1\xcb\x28\x72\x39\xca\x0d\xc1\xb0\x85\xe9\x94\x64\xb1\x67\x47\x73\x6c\x2c\xa4\xb8\x45\xe5\x96\x92\x52\x41\x7d\xf4\x3d\xae\xf9\x81\xf1\x16\x16\x43\x67\x54\x28\xd3\x70\xfe\x6a\xf0\x20\xb3\xce\x51\xc6\xb4\xc9\x7b\x2b\x2d\xe3\x8c\x8d\x0e\xef\xb2\x87\x35\x33\xb8\x99\xab\x56\xcb\x2f\xb9\x26\x31\xac\xac\xd7\xf7\x84\x9c\x72\x54\xa4\x71\x9d\xd2\x29\x56\x59\xed\x0e\x21\x45\xae\xfe\x56\xe4\xee\x17\xd2\x22\x30\x56\x4b\x9f\x27\xf5\x65\x82\x0a\x6b\xcb\x3c\x4c\x9e\x6a\x75\x5b\xad\x9e\x94\x98\x10\xce\xf1\x94\x34\x28\xfa\x8a\xb6\x3b\xdc\x75\xfe\x8f\x13\xdf\xea\x8d\xde\x59\xff\x36\xaf\x4a\x48\x8b\x5e\x75\xc3\x43\x8c\xbe\x4d\x95\x63\x4d\x81\xef\x9f\xc2\x72\x2a\xb6\xd2\x57\xe0\xb6\x76\x9a\xa3\xf6\xe3\xd0\x91\xec\x8e\x09\xda\x1d\xa9\x77\xa5\xbf\xfb\xc1\x6d\x6f\x48\x27\xa4\xd3\x82\xd9\x03\xdf\x8c\x66\x6b\x94\x42\x1b\x4d\x6a\x1b\xac\x51\x38\xc6\xe9\x4a\x7e\x95\xa3\x1e\x3f\x96\x92\xdd\xf0\xb1\x1f\x30\x3a\x3f\xf9\x0b\x25\x57\x98\xb1\xd4\xf1\xa1\x7c\x8b\x9f\x48\x69\xbc\xe6\x3e\xc7\x97\xef\x7b\x58\x93\x2c\x60\x76\x07\x9a\xee\x4a\x70\x23\x8d\x1d\xb6\xb7\x4a\xe1\x21\x3c\x91\x16\x37\x79\x00\x39\x45\x4b\xd0\x67\xec\x1e\xe3\xdf\xb3\xd9\xf0\xe2\x5f\x69\xc9\x8d\xe5\x5a\xeb\x97\x4a\x6f\x98\x73\x17\xbd\x7e\xfd\xeb\x92\x5e\x8a\xc5\xa2\x41\xb1\x86\x8d\x34\x2a\x16\xd7\xa7\xa3\x8a\xca\x60\x53\xe4\x51\x4b\xda\xa1\x42\xc9\xc6\x56\xa7\x26\xad\x7a\x3d\xff\x69\xc9\xf6\xa7\x24\x8d\xef\xf5\x7d\x7f\x1c\x74\x20\x8e\xbd\x9b\x58\x82\x33\x3c\xac\x99\x6d\xde\x76\x83\xd5\xdb\x6b\xa7\x8f\xbb\x03\xe0\xbd\xda\xb1\xc9\xd6\xe0\x7c\xf7\x53\x87\xd5\xa1\xc3\xa1\xe0\xeb\xa3\xbe\xec\x0f\x89\xfb\x76\xd3\xfd\x24\x8d\xcf\x31\x33\x2c\x42\x62\xb4\x5a\x3c\xcf\xd8\x48\x91\x07\xf5\xc4\xbb\xfa\xf2\xf6\xfe\x20\xe7\x70\x4f\xe3\x93\x3c\xd8\xad\x9c\x4f\x33\xb9\xdf\xe7\x79\x6b\x5f\x9e\xa3\xf7\x72\x4b\x73\x52\x98\x62\xf2\xfd\x5f\x5a\xff\xf5\xe6\x2a\x07\x76\x01\x6a\x7e\xd2\x6e\x73\x0c\x3a\x01\xfb\x4c\xbd\xb6\x73\x5d\x0a\x42\x09\x37\x1b\xd7\x1a\x01\x70\xd6\x08\xf9\x4f\x3e\x2c\x7f\x88\x7e\xfe\xf6\x2d\x12\x34\x15\xc3\x4f\xa0\x3c\xba\xe1\xf8\xe3\xe5\xe7\xd3\xab\xcb\xeb\xf1\xd5\xf9\xf9\xd9\xf8\xee\x6e\xad\xe7\x83\xb7\xcd\xf6\x7e\x5b\x5d\x67\x6d\xe8\xee\x7b\xdc\x51\x63\x6d\x83\x95\xd6\x61\x4c\x16\x02\x39\x6f\xde\x08\xf7\xa3\x1b\x21\x18\xb3\x5c\x01\x63\x4d\x4b\xcb\x55\xb1\x7e\xcd\xbc\x59\x6d\xd3\xd5\xd2\xdd\x3a\x78\xbe\xdc\x1a\x27\x17\xe5\x34\xca\xd7\x8e\x59\x44\x0d\x1c\xba\x02\x09\x77\x82\xce\x95\xdd\x20\xd0\x74\x5d\x88\x04\xa7\xe0\x15\x5f\x98\x04\x63\xf1\xfa\xd5\xff\x5b\x6c\x93\x87\xb9\x05\x2a\x16\x21\xa8\x16\xb3\xd4\x78\xd9\x0b\x78\xc3\x2f\x44\x06\xa4\xd1\xb6\x1c\xa7\x0c\xd2\xa2\xb8\xef\x2f\x4e\xde\x55\x37\xf9\xe5\xaf\xe0\x8d\xbc\x52\xa3\xe2\xb0\x29\x16\x27\xea\x16\x16\xae\x21\xd3\xd3\x3b\xe5\x0f\x6c\xda\xaa\x55\xd4\x27\xde\x6e\xf6\xf7\x57\x9f\xdf\x9e\xbd\xf9\xf8\xee\xee\xae\xa5\x23\x8a\x12\x9c\xf8\x74\x6d\x33\xea\xa4\x25\x8b\x7a\xde\x76\xa0\xf4\x3a\x28\xaf\x7a\xba\x95\xd7\x79\xb0\xdf\xf9\x5f\x0e\x4d\x1d\xbf\x5f\x5f\x8f\x3e\x8f\xc6\x57\x7f\xfc\xf9\x90\x82\x7b\x89\xa6\x86\xb2\x8f\x2e\x42\x77\xad\x25\x28\x0b\xd4\x11\xf0\x4d\x2c\x8e\xe7\x60\x8f\xad\xd7\xc7\x96\xcc\xb1\x73\xaa\x65\x66\xcb\xc6\x0b\x23\x0a\x92\x2b\xad\x16\xb5\x2e\xba\x4f\xd7\x51\xfd\xc9\x4b\xcd\xf5\x6a\xb5\x92\x45\x3d\xff\xe0\x27\x8e\x2b\xc2\xdf\x1e\x5d\x71\x77\x14\x36\x44\x62\x0e\x96\x60\xa2\x30\x16\xcd\x7c\x26\xe8\xa4\xa5\xa2\x7f\x63\x31\xa8\x86\x89\x60\x23\xca\x2b\x76\xc1\x05\x5c\xaa\x6b\x68\x65\xb4\xa9\x22\x3c\xc8\x34\x5d\x14\xc7\x30\x22\xb7\xe6\xcb\x42\x38\x64\x5e\x5e\xaf\xd6\xd5\x34\xc7\xe4\xd1\xbf\x01\x00\x00\xff\xff\x3a\x30\x97\x90\x0b\x23\x00\x00") +var _stacksRioBootstrapStackYaml = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xe4\x59\x5f\x6f\xe3\x36\x0c\x7f\xef\xa7\x10\x82\x01\x07\x1c\x60\x1f\xb6\xdd\xc3\x90\xb7\xae\x38\xec\x65\x3b\x14\xed\x6d\xef\x8c\xcc\xb8\x5c\x64\x49\xa0\xa8\x64\xb9\x6d\xdf\x7d\xf0\x9f\xb8\x4e\xea\x3a\xa9\x1b\xe7\xb6\xdd\x5b\x44\x52\xe4\x8f\x7f\x4c\x89\xca\x2a\x2e\x90\x2d\x0a\x86\xf9\x95\x52\x05\x58\x5a\x62\x90\xb9\xfa\x2b\xb9\x52\x4a\x29\xf0\xf4\x1b\x72\x20\x67\xe7\x6a\xfd\x6d\x45\x5a\x91\xcd\xe6\xea\x23\x14\x18\x3c\x68\xac\x68\x05\x0a\x64\x20\x30\xaf\x56\x4a\x59\x28\x70\xae\xbe\xf9\xf3\xe3\xf5\x2f\x1f\xee\x6f\xaf\x6f\x3e\xfc\xdd\x30\x0c\x2c\xd0\x84\x9d\x98\x62\x72\xa9\x06\x11\x83\x29\xb9\x77\x14\x92\xb0\x0d\x82\xc5\x5c\xcd\x84\x23\xce\x2a\xb1\x24\x79\x0a\x85\x17\xa0\x53\x88\xf2\xe0\x98\x3e\x83\x90\xb3\xe9\xea\x87\x50\xea\xd8\x03\x79\x63\x62\x10\xe4\x3b\x67\x86\x60\x32\xb9\x44\xd7\x92\x09\x64\x05\xd9\x8a\xcb\xd1\x60\x03\x34\x29\x6d\xff\xc4\x2e\xfa\x16\x79\xa2\x66\xb3\xe6\x27\x63\x70\x91\x35\x76\x79\x6f\x77\xcc\x35\xf2\xa2\x87\x91\x28\xeb\xec\x5d\xb3\xf1\xd7\xbb\x9f\x4f\xd9\xfb\xe6\xed\x9b\x01\x34\xe0\x89\x31\xa7\x20\xdc\x0d\xc7\x10\x46\xf0\x14\x90\xd7\xa4\x31\x1c\x45\xdb\x6b\x31\x2b\x28\x94\xe9\x78\xa1\xdd\x22\x0a\x08\xd9\x7c\x83\x8b\x07\xe7\x56\xda\xd9\x25\xe5\xb1\xde\xde\x22\x49\xd4\x6c\x0d\x86\xb2\xe3\x92\x2f\xc2\x8c\x7f\x08\xda\x70\x60\x08\xbc\x0f\x43\x80\x19\xbd\x21\x0d\x01\xa5\xbb\x2b\x43\x6f\xdc\xb6\x40\xbb\x4f\x05\x2c\x9c\x3d\x10\x0d\x02\x82\xcb\x68\xba\xe4\x17\x25\x77\x11\xc9\x64\xe9\xca\x82\xd0\x1a\xd3\x0c\xd7\x1d\xe5\x1a\xf4\x03\xd9\x3c\x25\x2b\xc8\x16\x4c\x9f\xd8\xb8\x12\xed\x43\xa2\x91\x25\x29\xc0\x42\x8e\x7c\x24\xcf\xe3\x0c\x58\x94\x8d\xe3\x55\xe9\xd1\x7e\x29\xf5\x66\xaf\xcf\x2e\xd9\x9c\x31\x04\xec\x66\xa0\xa5\xbd\x2b\x73\x11\xc7\x15\xcf\x02\x44\x3f\x9c\xdf\x63\x88\xe2\x82\x06\x43\x36\x3f\xbf\xf2\x67\x1b\xe5\x04\x7e\x94\xad\x33\xdd\xeb\xe8\x13\xf8\x33\xad\xfa\x9c\x64\x53\x66\x19\x79\x4a\x2b\x86\xec\x0a\x39\x3b\xa2\xbb\x69\xce\x9e\xdd\x92\xcc\xd8\x1e\xed\xe9\xf1\xa3\x39\x21\xf3\x3a\x06\x71\xc5\x8e\x93\xe1\x92\x2c\x8d\xef\xb6\x65\xdd\xa1\x15\xd2\x75\xe1\x51\x10\x72\x93\x04\xd4\x3b\x43\x7a\x3b\xa4\xd7\xbb\x2c\xa0\x8e\x4c\xb2\xad\x84\x69\x64\x40\x83\x37\x24\x69\x28\x28\x09\x1e\xf5\x11\x67\x84\x61\xb9\x24\x5d\xed\x19\x69\x4e\x1c\x43\x8e\x27\x64\xae\x91\xd4\x06\xba\xad\xef\x65\xc5\x0f\x82\x1b\xd8\xa6\xc1\x99\x32\x4d\xe9\xfa\xbb\xd9\xb3\xcc\x2e\xc7\x38\x77\x48\x3e\x5b\x6a\x05\x57\xe2\x6c\x79\x96\x3d\xaf\x59\x20\xac\x42\xbb\x6a\x6e\x72\xfb\xc4\x72\xc5\xd1\x3e\x12\x3c\x79\x34\x64\xf1\x29\xa5\x57\xac\xb5\xda\xef\x42\x8e\xd2\xfe\x36\x14\x1e\x17\x9a\x11\x04\xdb\x65\xf4\x59\x77\x99\xa1\xc1\xce\xd2\x97\x9d\xa7\x5d\x6d\xda\xd5\xab\x02\x53\xba\xf3\x6e\x49\x16\x0c\x7d\x46\xee\x77\xf7\x29\xff\xbf\xe3\xdf\xee\x44\xef\xcd\xff\x21\xaf\x0d\xc8\x01\xbd\xad\x86\xe7\x18\x43\x9b\x5a\x60\xfb\x02\x5f\x3e\x84\x75\x57\x3c\x08\x5f\x35\xb7\x1d\x86\x39\x39\xfc\x1c\x7a\x82\xdd\xd3\x41\xfb\x3d\x8d\xa1\xc6\x7b\x9e\xb9\xed\x47\xb2\x19\xd9\xbc\x62\x0e\x8c\x6f\xce\x0a\x3b\x63\x90\x93\x45\x67\x03\x3b\x83\x77\xb8\xdc\xc9\xef\x62\x34\x80\xa3\x91\xec\x1f\x1f\x87\x07\xc6\x10\x17\xbf\xa3\x96\x76\x66\xac\x75\xdc\xd7\xa7\xf8\xb5\xd6\x2e\x5a\x19\x02\xde\x9c\xf7\xf0\x44\xb2\x1a\xb3\x7b\xa6\xe9\xbe\x00\xef\x85\xb1\xc7\xf6\x49\x21\x9c\x02\x89\x66\x3c\x86\x00\x3c\x25\xcd\xd0\xe7\xf8\x8c\xfe\x9f\xd9\x6c\x79\xf0\xef\xb4\x78\xc7\xd2\x29\xfd\x5a\xe9\x83\x88\x0f\xc9\xfb\xf7\xdf\x37\xf4\x5a\x6c\xae\xf6\x28\xec\xc4\x69\x67\xe6\xea\xd3\xcd\x6d\x4b\x15\xe0\x1c\xe5\xf6\x40\x3a\xa0\x41\x2d\x8e\xdb\x57\x93\x83\x7c\x5d\xfe\xb5\xe4\xf4\x57\x92\xbd\xfb\xfa\xb9\x2f\x07\x3d\x13\xc7\xd9\x4d\x34\xc3\x19\x4e\x6b\xe6\x94\xd3\x6e\xb6\x3b\xbd\x46\x5d\xee\x26\x98\xf7\x3a\xcf\x26\x27\x0f\xe7\xe3\x5f\x1d\x76\x8f\x0e\x53\x8d\xaf\x2f\xba\xd9\x4f\x39\xf7\x8d\xd3\xfd\x2a\x8d\x97\xe8\x19\x8c\x90\x39\x6b\xb6\x97\x69\x1b\x39\xca\xac\x1b\xf8\xd0\x5d\x6e\x1e\x1f\x72\xa6\xfb\x1a\x5f\x85\x60\x5c\x3a\x5f\x67\xf2\xbc\xdf\xf3\xc9\x58\x2e\x51\x7b\x9e\x69\x4d\x06\x73\xcc\xbe\xfc\xa1\xf5\x7f\x2f\xae\xba\x61\x57\x43\xcd\x57\x5a\x6d\x41\xc0\x66\xc0\x17\xaa\xb5\xd1\x79\xa9\x08\xf5\xb8\xb9\xf7\xb7\x46\x39\x70\x76\x08\xfe\x2b\x6f\x96\xff\xfa\x7a\xbe\x12\x2c\xbc\x01\xc1\x72\x7f\xee\x3e\xed\x56\xaa\x1c\x0a\xae\x94\x42\xbb\xbe\x8f\x8b\x20\x35\xe1\x9f\x00\x00\x00\xff\xff\x15\x16\x17\xdf\xf0\x1d\x00\x00") + +func stacksRioBootstrapStackYamlBytes() ([]byte, error) { + return bindataRead( + _stacksRioBootstrapStackYaml, + "stacks/rio-bootstrap-stack.yaml", + ) +} + +func stacksRioBootstrapStackYaml() (*asset, error) { + bytes, err := stacksRioBootstrapStackYamlBytes() + if err != nil { + return nil, err + } + + info := bindataFileInfo{name: "stacks/rio-bootstrap-stack.yaml", size: 7664, mode: os.FileMode(420), modTime: time.Unix(1557785965, 0)} + a := &asset{bytes: bytes, info: info} + return a, nil +} + +var _stacksRioControllerStackYaml = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x8c\x54\x4f\x6f\x1a\x3f\x10\xbd\xf3\x29\x46\xe8\x77\x75\xf8\xb5\xea\xc9\xb7\x6d\x41\x11\x52\xf8\x23\x92\x70\x45\x83\x77\x20\x56\xbc\xf6\xc6\x7f\xb6\x42\x94\xef\x5e\xd9\xbb\x10\xd6\x34\x69\xf7\xe6\x99\xb7\x6f\xde\xcc\x3c\xfb\x35\x6c\xc9\x6a\xf2\xe4\xf8\x00\xa0\x42\x2d\x77\xe4\x3c\x87\x5f\x6c\x00\x00\x80\xb5\x5c\x93\x75\xd2\x68\x0e\x58\xd7\x6e\xd4\x7c\x49\xf1\x57\xa9\x4b\x0e\x63\xaa\x95\x39\x54\xa4\x7d\x0a\x56\xe4\xb1\x44\x8f\x3c\x9d\x00\x34\x56\xc4\xc1\x4a\xc3\x84\xd1\xde\x1a\xa5\xc8\x5e\xa5\x5c\x8d\x82\x38\xfc\x77\x9c\x17\xb3\xc9\xe3\xb2\xf8\x31\x39\xa5\xac\xab\x49\x9c\x29\x1c\x29\x12\xde\xd8\xf3\x39\x4a\xf4\xe2\xe5\x01\xb7\xa4\xdc\x7b\x10\xb2\x2a\x1c\x86\xde\x06\x1a\x76\x00\x4f\x55\xad\xd0\xd3\x15\x4b\x26\x35\x7e\xea\x86\xf4\x2f\xb4\x7d\xa9\xad\x5c\xdb\x48\x41\x85\x10\x26\x68\x3f\xff\x43\xff\xac\x83\x60\x0b\xb9\xfa\xb7\x31\x2a\x54\xd4\xab\xcf\xba\x11\x3a\x12\x96\x3c\xc3\x5a\xb2\x06\x95\x2c\xd1\x1b\xdb\x93\xd9\x02\xfa\xd2\x01\x4a\xda\x61\x50\x7e\x66\x4a\xe2\xf0\xed\xeb\xff\x59\xda\xd4\x5e\x1a\x8d\x8a\x43\x6c\x2a\x4b\xb6\x8c\xef\x1d\x7c\x54\x3b\x76\x86\x52\x93\xcd\x84\xcb\x0a\xf7\x69\xb9\xd3\x59\x71\xdf\x2d\xf6\xfc\xa5\xdc\x32\x28\xb5\x34\x4a\x8a\x03\x87\x42\xfd\xc4\x83\xeb\x61\x3e\xf1\x4e\xfb\xa1\xdd\x67\xbb\x62\x9f\xc1\x8f\x47\x06\x72\x07\xf4\x06\x77\x6b\x54\x81\xdc\xdd\x6a\xba\xd8\x8c\x27\xdf\x9f\xef\xbb\xa5\xc2\xe9\x94\xd1\x31\x56\xd2\x36\xec\x6f\x78\x48\x97\x19\x96\x74\x93\x6b\x69\x1b\x58\x3d\xcf\x37\xc5\x72\xba\x59\x17\x0f\xd3\x71\xf1\xb4\x58\x65\x63\x6e\xa2\x96\x38\xa6\x1b\x60\x2e\xa6\xe3\x9b\x2e\x36\x97\xeb\xf2\x11\x57\x76\x9f\x2e\xf9\x64\xb0\x59\xb4\xdd\xcd\xe4\xaa\x18\x5d\xa2\x7f\xe1\x30\x6a\xd0\x8e\x6c\xd0\x23\x2b\xcd\xc8\x39\x95\x55\xf9\x47\x47\x02\x58\xc2\x72\xa1\xd5\xa1\xb3\xd7\xe0\xfa\x12\xee\xcd\xd3\xf9\x74\x36\x1f\xe9\xe6\x31\x6c\xe3\xd3\xd3\x05\xde\x02\xb9\x68\xd0\xa4\x95\x41\x83\x56\xe2\x56\x11\x87\x7e\xff\x25\x39\x61\x65\xb2\x32\x87\xe1\xe5\x5d\x01\x6f\xa0\x4c\xcf\x13\x78\x33\xcc\x18\x2e\xab\xcf\xe3\x37\xdb\xfa\x1d\x00\x00\xff\xff\xc7\x18\xf0\xa7\x1f\x05\x00\x00") func stacksRioControllerStackYamlBytes() ([]byte, error) { return bindataRead( @@ -241,7 +306,7 @@ func stacksRioControllerStackYaml() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "stacks/rio-controller-stack.yaml", size: 8971, mode: os.FileMode(420), modTime: time.Unix(1557785965, 0)} + info := bindataFileInfo{name: "stacks/rio-controller-stack.yaml", size: 1311, mode: os.FileMode(420), modTime: time.Unix(1557785965, 0)} a := &asset{bytes: bytes, info: info} return a, nil } @@ -338,16 +403,19 @@ func AssetNames() []string { // _bindata is a table, holding each asset generator, mapped to its name. var _bindata = map[string]func() (*asset, error){ - "stacks/build-stack.yaml": stacksBuildStackYaml, - "stacks/cert-manager-stack.yaml": stacksCertManagerStackYaml, - "stacks/dashboard-stack.yaml": stacksDashboardStackYaml, - "stacks/gloo-stack.sh": stacksGlooStackSh, - "stacks/gloo-stack.yaml": stacksGlooStackYaml, - "stacks/gloo-values.yaml": stacksGlooValuesYaml, - "stacks/rio-autoscaler-stack.yaml": stacksRioAutoscalerStackYaml, - "stacks/rio-controller-stack.yaml": stacksRioControllerStackYaml, - "stacks/tekton-stack.sh": stacksTektonStackSh, - "stacks/tekton-stack.yaml": stacksTektonStackYaml, + "stacks/bindata-non-static.go": stacksBindataNonStaticGo, + "stacks/build-stack.yaml": stacksBuildStackYaml, + "stacks/cert-manager-stack.yaml": stacksCertManagerStackYaml, + "stacks/dashboard-stack.yaml": stacksDashboardStackYaml, + "stacks/gloo-stack.sh": stacksGlooStackSh, + "stacks/gloo-stack.yaml": stacksGlooStackYaml, + "stacks/gloo-values.yaml": stacksGlooValuesYaml, + "stacks/linkerd-install-stack.yaml": stacksLinkerdInstallStackYaml, + "stacks/rio-autoscaler-stack.yaml": stacksRioAutoscalerStackYaml, + "stacks/rio-bootstrap-stack.yaml": stacksRioBootstrapStackYaml, + "stacks/rio-controller-stack.yaml": stacksRioControllerStackYaml, + "stacks/tekton-stack.sh": stacksTektonStackSh, + "stacks/tekton-stack.yaml": stacksTektonStackYaml, } // AssetDir returns the file names below a certain @@ -392,16 +460,19 @@ type bintree struct { var _bintree = &bintree{nil, map[string]*bintree{ "stacks": &bintree{nil, map[string]*bintree{ - "build-stack.yaml": &bintree{stacksBuildStackYaml, map[string]*bintree{}}, - "cert-manager-stack.yaml": &bintree{stacksCertManagerStackYaml, map[string]*bintree{}}, - "dashboard-stack.yaml": &bintree{stacksDashboardStackYaml, map[string]*bintree{}}, - "gloo-stack.sh": &bintree{stacksGlooStackSh, map[string]*bintree{}}, - "gloo-stack.yaml": &bintree{stacksGlooStackYaml, map[string]*bintree{}}, - "gloo-values.yaml": &bintree{stacksGlooValuesYaml, map[string]*bintree{}}, - "rio-autoscaler-stack.yaml": &bintree{stacksRioAutoscalerStackYaml, map[string]*bintree{}}, - "rio-controller-stack.yaml": &bintree{stacksRioControllerStackYaml, map[string]*bintree{}}, - "tekton-stack.sh": &bintree{stacksTektonStackSh, map[string]*bintree{}}, - "tekton-stack.yaml": &bintree{stacksTektonStackYaml, map[string]*bintree{}}, + "bindata-non-static.go": &bintree{stacksBindataNonStaticGo, map[string]*bintree{}}, + "build-stack.yaml": &bintree{stacksBuildStackYaml, map[string]*bintree{}}, + "cert-manager-stack.yaml": &bintree{stacksCertManagerStackYaml, map[string]*bintree{}}, + "dashboard-stack.yaml": &bintree{stacksDashboardStackYaml, map[string]*bintree{}}, + "gloo-stack.sh": &bintree{stacksGlooStackSh, map[string]*bintree{}}, + "gloo-stack.yaml": &bintree{stacksGlooStackYaml, map[string]*bintree{}}, + "gloo-values.yaml": &bintree{stacksGlooValuesYaml, map[string]*bintree{}}, + "linkerd-install-stack.yaml": &bintree{stacksLinkerdInstallStackYaml, map[string]*bintree{}}, + "rio-autoscaler-stack.yaml": &bintree{stacksRioAutoscalerStackYaml, map[string]*bintree{}}, + "rio-bootstrap-stack.yaml": &bintree{stacksRioBootstrapStackYaml, map[string]*bintree{}}, + "rio-controller-stack.yaml": &bintree{stacksRioControllerStackYaml, map[string]*bintree{}}, + "tekton-stack.sh": &bintree{stacksTektonStackSh, map[string]*bintree{}}, + "tekton-stack.yaml": &bintree{stacksTektonStackYaml, map[string]*bintree{}}, }}, }} diff --git a/stacks/linkerd-install-stack.yaml b/stacks/linkerd-install-stack.yaml new file mode 100644 index 000000000..6a89f17cc --- /dev/null +++ b/stacks/linkerd-install-stack.yaml @@ -0,0 +1,28 @@ +kubernetes: + manifest: |- + apiVersion: batch/v1 + kind: Job + metadata: + generateName: linkerd-install- + namespace: ${NAMESPACE} + spec: + backoffLimit: 1 + completions: 1 + parallelism: 1 + template: + spec: + containers: + - env: + - name: ARGS + value: ${INSTALL_ARGS} + - name: LINKERD_UPGRADE + value: ${LINKERD_UPGRADE} + image: ${LINKERD_INSTALL_IMAGE} + name: linkerd-install + restartPolicy: Never + serviceAccount: rio-controller-serviceaccount + serviceAccountName: rio-controller-serviceaccount + terminationGracePeriodSeconds: 30 + +template: + envSubst: true \ No newline at end of file diff --git a/stacks/rio-bootstrap-stack.yaml b/stacks/rio-bootstrap-stack.yaml new file mode 100644 index 000000000..090298859 --- /dev/null +++ b/stacks/rio-bootstrap-stack.yaml @@ -0,0 +1,435 @@ +kubernetes: + manifest: |- + apiVersion: v1 + kind: Namespace + metadata: + name: ${NAMESPACE} + labels: + rio.cattle.io/is-system: "true" + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: rio-cluster-admin + rules: + - apiGroups: + - "" + resources: + - "*" + verbs: + - "*" + - nonResourceURLs: + - "*" + verbs: + - '*' + - apiGroups: + - "apiregistration.k8s.io" + resources: + - "apiservices" + verbs: + - "*" + - apiGroups: + - "admissionregistration.k8s.io" + resources: + - "mutatingwebhookconfigurations" + - "validatingwebhookconfigurations" + verbs: + - "*" + - apiGroups: + - "extensions" + - "apps" + resources: + - "replicasets" + - "deployments" + - "daemonsets" + - "statefulsets" + verbs: + - '*' + - apiGroups: + - "build.knative.dev" + - "caching.internal.knative.dev" + resources: + - "*" + verbs: + - "*" + - apiGroups: + - "cert-manager.io" + resources: + - "*" + verbs: + - "*" + - apiGroups: + - "networking.k8s.io" + - "extensions" + resources: + - "ingresses" + - "ingresses/status" + verbs: + - "*" + - apiGroups: + - "batch" + resources: + - "*" + verbs: + - "*" + - apiGroups: + - "autoscaling" + resources: + - "*" + verbs: + - "*" + - apiGroups: + - "rbac.authorization.k8s.io" + resources: + - "*" + verbs: + - "*" + - apiGroups: + - "admin.rio.cattle.io" + resources: + - "*" + verbs: + - "*" + - apiGroups: + - "rio.cattle.io" + resources: + - "*" + verbs: + - "*" + - apiGroups: + - "gitwatcher.cattle.io" + resources: + - "*" + verbs: + - "*" + - apiGroups: + - "linkerd.io" + resources: + - "serviceprofiles" + verbs: + - "*" + - apiGroups: + - "apiextensions.k8s.io" + resources: + - "customresourcedefinitions" + verbs: + - "*" + - apiGroups: + - "authentication.istio.io" + resources: + - "*" + verbs: + - "*" + - apiGroups: + - "policy" + resources: + - "podsecuritypolicies" + verbs: + - "*" + - apiGroups: + - "split.smi-spec.io" + resources: + - "trafficsplits" + verbs: + - "*" + - apiGroups: + - "storage.k8s.io" + resources: + - "storageclasses" + verbs: + - "*" + - apiGroups: + - "gateway.solo.io.v2" + - "gateway.solo.io" + - "gloo.solo.io" + resources: + - "*" + verbs: + - "*" + - apiGroups: + - tekton.dev + resources: + - tasks + - clustertasks + - taskruns + - pipelines + - pipelineruns + - pipelineresources + verbs: + - get + - list + - create + - update + - delete + - patch + - watch + - apiGroups: + - tekton.dev + resources: + - taskruns/finalizers + - pipelineruns/finalizers + verbs: + - get + - list + - create + - update + - delete + - patch + - watch + - apiGroups: + - tekton.dev + resources: + - tasks/status + - clustertasks/status + - taskruns/status + - pipelines/status + - pipelineruns/status + - pipelineresources/status + verbs: + - get + - list + - create + - update + - delete + - patch + - watch + - apiGroups: + - policy + resourceNames: + - tekton-pipelines + resources: + - podsecuritypolicies + verbs: + - use + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: rio-controller-binding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: rio-cluster-admin + subjects: + - kind: ServiceAccount + name: rio-controller-serviceaccount + namespace: ${NAMESPACE} + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + name: rio-controller-serviceaccount + namespace: ${NAMESPACE} + --- + apiVersion: v1 + kind: Secret + metadata: + name: rio-api-validator + namespace: ${NAMESPACE} + --- + apiVersion: v1 + kind: Service + metadata: + name: rio-api-validator + namespace: ${NAMESPACE} + spec: + ports: + - name: https-443 + port: 443 + protocol: TCP + targetPort: 443 + selector: + rio-controller: "true" + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: rio-admin + rules: + - apiGroups: + - rio.cattle.io + resources: + - "*" + verbs: + - "*" + - apiGroups: + - admin.rio.cattle.io + resources: + - "*" + verbs: + - "*" + - apiGroups: + - autoscale.rio.cattle.io + resources: + - "*" + verbs: + - "*" + - apiGroups: + - tekton.dev + resources: + - "taskruns" + verbs: + - "*" + - apiGroups: + - "" + resources: + - "*" + verbs: + - "*" + - apiGroups: + - "apps" + - "extensions" + resources: + - "*" + verbs: + - "*" + - apiGroups: + - "certmanager.k8s.io" + resources: + - "*" + verbs: + - "*" + - apiGroups: + - "split.smi-spec.io" + resources: + - "*" + verbs: + - "*" + - apiGroups: + - "linkerd.io" + resources: + - "*" + verbs: + - "*" + - apiGroups: + - "" + resources: + - "*" + verbs: + - "*" + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: rio-readonly + rules: + - apiGroups: + - rio.cattle.io + resources: + - "*" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - tekton.dev + resources: + - "taskruns" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "" + resources: + - "*" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "apps" + - "extensions" + resources: + - "*" + verbs: + - "get" + - "list" + - "watch" + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: rio-privileged + rules: + - apiGroups: + - rio.cattle.io + resources: + - "*" + verbs: + - "*" + - apiGroups: + - tekton.dev + resources: + - "taskruns" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "" + resources: + - "*" + verbs: + - "get" + - "list" + - "watch" + - "create" + - apiGroups: + - "apps" + - "extensions" + resources: + - "*" + verbs: + - "get" + - "list" + - "watch" + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: rio-standard + rules: + - apiGroups: + - rio.cattle.io + resources: + - "*" + verbs: + - "get" + - "list" + - "watch" + - "create" + - "update" + - "delete" + - "patch" + - apiGroups: + - tekton.dev + resources: + - "taskruns" + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - "" + resources: + - "*" + verbs: + - "get" + - "list" + - "watch" + - "create" + - apiGroups: + - "apps" + - "extensions" + resources: + - "*" + verbs: + - "get" + - "list" + - "watch" + --- + +template: + goTemplate: true + envSubst: true \ No newline at end of file diff --git a/stacks/rio-controller-stack.yaml b/stacks/rio-controller-stack.yaml index 9c8014422..e55ed2171 100644 --- a/stacks/rio-controller-stack.yaml +++ b/stacks/rio-controller-stack.yaml @@ -1,435 +1,5 @@ kubernetes: manifest: |- - apiVersion: v1 - kind: Namespace - metadata: - name: ${NAMESPACE} - labels: - rio.cattle.io/is-system: "true" - --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: rio-cluster-admin - rules: - - apiGroups: - - "" - resources: - - "*" - verbs: - - "*" - - nonResourceURLs: - - "*" - verbs: - - '*' - - apiGroups: - - "apiregistration.k8s.io" - resources: - - "apiservices" - verbs: - - "*" - - apiGroups: - - "admissionregistration.k8s.io" - resources: - - "mutatingwebhookconfigurations" - - "validatingwebhookconfigurations" - verbs: - - "*" - - apiGroups: - - "extensions" - - "apps" - resources: - - "replicasets" - - "deployments" - - "daemonsets" - - "statefulsets" - verbs: - - '*' - - apiGroups: - - "build.knative.dev" - - "caching.internal.knative.dev" - resources: - - "*" - verbs: - - "*" - - apiGroups: - - "cert-manager.io" - resources: - - "*" - verbs: - - "*" - - apiGroups: - - "networking.k8s.io" - - "extensions" - resources: - - "ingresses" - - "ingresses/status" - verbs: - - "*" - - apiGroups: - - "batch" - resources: - - "*" - verbs: - - "*" - - apiGroups: - - "autoscaling" - resources: - - "*" - verbs: - - "*" - - apiGroups: - - "rbac.authorization.k8s.io" - resources: - - "*" - verbs: - - "*" - - apiGroups: - - "admin.rio.cattle.io" - resources: - - "*" - verbs: - - "*" - - apiGroups: - - "rio.cattle.io" - resources: - - "*" - verbs: - - "*" - - apiGroups: - - "gitwatcher.cattle.io" - resources: - - "*" - verbs: - - "*" - - apiGroups: - - "linkerd.io" - resources: - - "serviceprofiles" - verbs: - - "*" - - apiGroups: - - "apiextensions.k8s.io" - resources: - - "customresourcedefinitions" - verbs: - - "*" - - apiGroups: - - "authentication.istio.io" - resources: - - "*" - verbs: - - "*" - - apiGroups: - - "policy" - resources: - - "podsecuritypolicies" - verbs: - - "*" - - apiGroups: - - "split.smi-spec.io" - resources: - - "trafficsplits" - verbs: - - "*" - - apiGroups: - - "storage.k8s.io" - resources: - - "storageclasses" - verbs: - - "*" - - apiGroups: - - "gateway.solo.io.v2" - - "gateway.solo.io" - - "gloo.solo.io" - resources: - - "*" - verbs: - - "*" - - apiGroups: - - tekton.dev - resources: - - tasks - - clustertasks - - taskruns - - pipelines - - pipelineruns - - pipelineresources - verbs: - - get - - list - - create - - update - - delete - - patch - - watch - - apiGroups: - - tekton.dev - resources: - - taskruns/finalizers - - pipelineruns/finalizers - verbs: - - get - - list - - create - - update - - delete - - patch - - watch - - apiGroups: - - tekton.dev - resources: - - tasks/status - - clustertasks/status - - taskruns/status - - pipelines/status - - pipelineruns/status - - pipelineresources/status - verbs: - - get - - list - - create - - update - - delete - - patch - - watch - - apiGroups: - - policy - resourceNames: - - tekton-pipelines - resources: - - podsecuritypolicies - verbs: - - use - --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: rio-controller-binding - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: rio-cluster-admin - subjects: - - kind: ServiceAccount - name: rio-controller-serviceaccount - namespace: ${NAMESPACE} - --- - apiVersion: v1 - kind: ServiceAccount - metadata: - name: rio-controller-serviceaccount - namespace: ${NAMESPACE} - --- - apiVersion: v1 - kind: Secret - metadata: - name: rio-api-validator - namespace: ${NAMESPACE} - --- - apiVersion: v1 - kind: Service - metadata: - name: rio-api-validator - namespace: ${NAMESPACE} - spec: - ports: - - name: https-443 - port: 443 - protocol: TCP - targetPort: 443 - selector: - rio-controller: "true" - --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: rio-admin - rules: - - apiGroups: - - rio.cattle.io - resources: - - "*" - verbs: - - "*" - - apiGroups: - - admin.rio.cattle.io - resources: - - "*" - verbs: - - "*" - - apiGroups: - - autoscale.rio.cattle.io - resources: - - "*" - verbs: - - "*" - - apiGroups: - - tekton.dev - resources: - - "taskruns" - verbs: - - "*" - - apiGroups: - - "" - resources: - - "*" - verbs: - - "*" - - apiGroups: - - "apps" - - "extensions" - resources: - - "*" - verbs: - - "*" - - apiGroups: - - "certmanager.k8s.io" - resources: - - "*" - verbs: - - "*" - - apiGroups: - - "split.smi-spec.io" - resources: - - "*" - verbs: - - "*" - - apiGroups: - - "linkerd.io" - resources: - - "*" - verbs: - - "*" - - apiGroups: - - "" - resources: - - "*" - verbs: - - "*" - --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: rio-readonly - rules: - - apiGroups: - - rio.cattle.io - resources: - - "*" - verbs: - - "get" - - "list" - - "watch" - - apiGroups: - - tekton.dev - resources: - - "taskruns" - verbs: - - "get" - - "list" - - "watch" - - apiGroups: - - "" - resources: - - "*" - verbs: - - "get" - - "list" - - "watch" - - apiGroups: - - "apps" - - "extensions" - resources: - - "*" - verbs: - - "get" - - "list" - - "watch" - --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: rio-privileged - rules: - - apiGroups: - - rio.cattle.io - resources: - - "*" - verbs: - - "*" - - apiGroups: - - tekton.dev - resources: - - "taskruns" - verbs: - - "get" - - "list" - - "watch" - - apiGroups: - - "" - resources: - - "*" - verbs: - - "get" - - "list" - - "watch" - - "create" - - apiGroups: - - "apps" - - "extensions" - resources: - - "*" - verbs: - - "get" - - "list" - - "watch" - --- - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: - name: rio-standard - rules: - - apiGroups: - - rio.cattle.io - resources: - - "*" - verbs: - - "get" - - "list" - - "watch" - - "create" - - "update" - - "delete" - - "patch" - - apiGroups: - - tekton.dev - resources: - - "taskruns" - verbs: - - "get" - - "list" - - "watch" - - apiGroups: - - "" - resources: - - "*" - verbs: - - "get" - - "list" - - "watch" - - "create" - - apiGroups: - - "apps" - - "extensions" - resources: - - "*" - verbs: - - "get" - - "list" - - "watch" - --- - {{- if .Values.RUN_CONTROLLER}} apiVersion: apps/v1 kind: Deployment metadata: @@ -457,19 +27,18 @@ kubernetes: name: rio-controller args: - rio-controller - {{- if .Values.RIO_DEBUG}} + {{- if eq .Values.RIO_DEBUG "true" }} - --debug {{- end}} env: + - name: RUN_API_VALIDATOR + value: ${RUN_API_VALIDATOR} - name: RIO_NAMESPACE value: ${NAMESPACE} - - name: HTTP_PROXY - value: ${HTTP_PROXY} volumeMounts: - mountPath: /var/run/rio/ssl name: secret-api-validator readOnly: true - {{- end}} template: goTemplate: true @@ -477,6 +46,5 @@ template: questions: - variable: NAMESPACE description: "namespace to deploy to" - - variable: HTTP_PROXY - description: "specify http proxy setting" - - variable: RUN_CONTROLLER + - variable: RIO_DEBUG + - variable: RUN_API_VALIDATOR