diff --git a/Makefile b/Makefile index 281e23c0..0a3fe7a0 100644 --- a/Makefile +++ b/Makefile @@ -28,7 +28,7 @@ verify: go generate ./... go vet ./... go fmt ./... - controller-gen crd:trivialVersions=true rbac:roleName=controller-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases + controller-gen crd rbac:roleName=controller-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases controller-gen object:headerFile="scripts/templates/boilerplate.go.txt" paths="./..." @git diff --quiet ||\ { echo "New file modification detected in the Git working tree. Please check in before commit."; git --no-pager diff --name-only | uniq | awk '{print " - " $$0}'; \ @@ -50,7 +50,7 @@ toolchain: ## Install developer toolchain ./hack/toolchain.sh apply: image check-deployment-env check-env ## Deploy controller to ~/.kube/config - eksctl create iamserviceaccount vpc-resource-controller --namespace kube-system --cluster ${CLUSTER_NAME} \ + eksctl create iamserviceaccount vpc-resource-controller --namespace kube-system --cluster ${CLUSTER_NAME} --region ${AWS_REGION} \ --role-name VPCResourceControllerRole \ --attach-policy-arn=arn:aws:iam::aws:policy/AdministratorAccess \ --override-existing-serviceaccounts \ @@ -63,7 +63,7 @@ apply: image check-deployment-env check-env ## Deploy controller to ~/.kube/conf delete: ## Delete controller from ~/.kube/config kustomize build config/default | kubectl delete --ignore-not-found -f - - eksctl delete iamserviceaccount vpc-resource-controller --namespace kube-system --cluster ${CLUSTER_NAME} + eksctl delete iamserviceaccount vpc-resource-controller --namespace kube-system --cluster ${CLUSTER_NAME} --region ${AWS_REGION} kubectl patch rolebinding eks-vpc-resource-controller-rolebinding -n kube-system --patch '{"subjects":[{"kind":"ServiceAccount","name":"eks-vpc-resource-controller","namespace":"kube-system"},{"apiGroup":"rbac.authorization.k8s.io","kind":"User","name":"eks:vpc-resource-controller"}]}' kubectl create clusterrolebinding vpc-resource-controller-rolebinding --clusterrole vpc-resource-controller-role --serviceaccount kube-system:eks-vpc-resource-controller --user eks:vpc-resource-controller diff --git a/PROJECT b/PROJECT index 006e6030..b9b09ae0 100644 --- a/PROJECT +++ b/PROJECT @@ -1,8 +1,27 @@ +# Code generated by tool. DO NOT EDIT. +# This file is used to track the info used to scaffold your project +# and allow the plugins properly work. +# More info: https://book.kubebuilder.io/reference/project-config.html domain: k8s.aws +layout: +- go.kubebuilder.io/v3 multigroup: true +projectName: amazon-vpc-resource-controller-k8s repo: github.com/aws/amazon-vpc-resource-controller-k8s resources: -- group: vpcresources +- api: + crdVersion: v1 + namespaced: true + domain: k8s.aws + group: vpcresources kind: SecurityGroupPolicy + path: github.com/aws/amazon-vpc-resource-controller-k8s/apis/v1beta1 version: v1beta1 -version: "2" +- api: + crdVersion: v1 + domain: k8s.aws + group: vpcresources + kind: CNINode + path: github.com/aws/amazon-vpc-resource-controller-k8s/apis/v1alpha1 + version: v1alpha1 +version: "3" diff --git a/apis/vpcresources/v1alpha1/cninode_types.go b/apis/vpcresources/v1alpha1/cninode_types.go index 09f8bfd0..8555f14a 100644 --- a/apis/vpcresources/v1alpha1/cninode_types.go +++ b/apis/vpcresources/v1alpha1/cninode_types.go @@ -39,8 +39,7 @@ type CNINodeSpec struct { // CNINodeStatus defines the managed VPC resources. type CNINodeStatus struct { - //TODO: add VPS resources which will be managed by this CRD and its finalizer - + //TODO: add VPC resources which will be managed by this CRD and its finalizer } // +kubebuilder:object:root=true diff --git a/config/controller/controller.yaml b/config/controller/controller.yaml index bf2fea23..951daf12 100644 --- a/config/controller/controller.yaml +++ b/config/controller/controller.yaml @@ -31,8 +31,8 @@ spec: - args: - --cluster-name=CLUSTER_NAME - --role-arn=USER_ROLE_ARN - - --enable-leader-election - - --metrics-addr=:8443 + - --leader-elect + - --metrics-bind-address=:8443 image: controller:latest name: controller resources: diff --git a/config/crd/bases/vpcresources.k8s.aws_cninodes.yaml b/config/crd/bases/vpcresources.k8s.aws_cninodes.yaml index 5530cc64..393a50ab 100644 --- a/config/crd/bases/vpcresources.k8s.aws_cninodes.yaml +++ b/config/crd/bases/vpcresources.k8s.aws_cninodes.yaml @@ -1,10 +1,9 @@ - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.2 + controller-gen.kubebuilder.io/version: v0.9.0 creationTimestamp: null name: cninodes.vpcresources.k8s.aws spec: @@ -65,9 +64,3 @@ spec: served: true storage: true subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/config/crd/bases/vpcresources.k8s.aws_securitygrouppolicies.yaml b/config/crd/bases/vpcresources.k8s.aws_securitygrouppolicies.yaml index 5e0abff0..64d4aac0 100644 --- a/config/crd/bases/vpcresources.k8s.aws_securitygrouppolicies.yaml +++ b/config/crd/bases/vpcresources.k8s.aws_securitygrouppolicies.yaml @@ -1,10 +1,9 @@ - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.6.2 + controller-gen.kubebuilder.io/version: v0.9.0 creationTimestamp: null name: securitygrouppolicies.vpcresources.k8s.aws spec: @@ -156,9 +155,3 @@ spec: served: true storage: true subresources: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/config/default/controller_auth_proxy_patch.yaml b/config/default/controller_auth_proxy_patch.yaml index c48639d2..14202b6a 100644 --- a/config/default/controller_auth_proxy_patch.yaml +++ b/config/default/controller_auth_proxy_patch.yaml @@ -21,5 +21,5 @@ spec: name: https - name: controller args: - - "--metrics-addr=127.0.0.1:8080" - - "--enable-leader-election" + - "--metrics-bind-address=127.0.0.1:8080" + - "--leader-elect" diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 9b9d5b3c..b292d57b 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -1,4 +1,3 @@ - --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -71,7 +70,6 @@ rules: - get - list - watch - --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role diff --git a/config/webhook/manifests.yaml b/config/webhook/manifests.yaml index 7b8701c0..78f57a87 100644 --- a/config/webhook/manifests.yaml +++ b/config/webhook/manifests.yaml @@ -1,4 +1,3 @@ - --- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration @@ -26,7 +25,6 @@ webhooks: resources: - pods sideEffects: None - --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration diff --git a/hack/toolchain.sh b/hack/toolchain.sh index 939fa3d8..ce5ca130 100755 --- a/hack/toolchain.sh +++ b/hack/toolchain.sh @@ -10,8 +10,8 @@ main() { } tools() { - go install sigs.k8s.io/controller-runtime/tools/setup-envtest@v0.0.0-20220421205612-c162794a9b12 - go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.6.2 + go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest + go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.9.0 go install github.com/google/ko@latest if ! echo "$PATH" | grep -q "${GOPATH:-undefined}/bin\|$HOME/go/bin"; then diff --git a/main.go b/main.go index f7bc7137..5b867f29 100644 --- a/main.go +++ b/main.go @@ -108,7 +108,7 @@ func main() { var enableWindowsPrefixDelegation bool var region string - flag.StringVar(&metricsAddr, "metrics-addr", ":8080", + flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.") flag.StringVar(&roleARN, "role-arn", "", "Role ARN that will be assumed to make EC2 API calls "+ @@ -116,7 +116,7 @@ func main() { "controller on your worker node.") flag.StringVar(&logLevel, "log-level", "info", "Set the controller log level - info(default), debug") - flag.BoolVar(&enableLeaderElection, "enable-leader-election", false, + flag.BoolVar(&enableLeaderElection, "leader-elect", false, "Enable leader election for controller manager. "+ "Enabling this will ensure there is only one active controller manager.") flag.IntVar(&leaderLeaseDurationSeconds, "leader-lease-duration-seconds", 30, diff --git a/test/integration/metrics/metrics_suite_test.go b/test/integration/metrics/metrics_suite_test.go index 9cbafacf..ac09f16c 100644 --- a/test/integration/metrics/metrics_suite_test.go +++ b/test/integration/metrics/metrics_suite_test.go @@ -95,7 +95,7 @@ func ensureControllerReadyTobeScraped() error { // If the metrics endpoint is not created, we should create it for following tests. newController := deployment.DeepCopy() newController.Spec.Template.Spec.Containers[0].Args = append( - newController.Spec.Template.Spec.Containers[0].Args, "--metrics-addr=:8443") + newController.Spec.Template.Spec.Containers[0].Args, "--metrics-bind-address=:8443") port := v1.ContainerPort{ Name: "metrics", ContainerPort: 8443,