From 75a8d7b4dacabccc4a324f0feebed3c23f7aa48b Mon Sep 17 00:00:00 2001 From: dd di cesare Date: Wed, 22 Jun 2022 17:24:36 +0200 Subject: [PATCH 1/7] [controller] Reconciling limits `ConfigMap` --- controllers/limitador_controller.go | 36 +++++++++++++ controllers/limitador_controller_test.go | 68 ++++++++++++++++++++++++ go.mod | 1 + pkg/limitador/k8s_objects.go | 41 +++++++++++--- pkg/reconcilers/base_reconciler.go | 5 +- 5 files changed, 144 insertions(+), 7 deletions(-) diff --git a/controllers/limitador_controller.go b/controllers/limitador_controller.go index 83a9236c..1e65456a 100644 --- a/controllers/limitador_controller.go +++ b/controllers/limitador_controller.go @@ -20,6 +20,7 @@ import ( "context" "fmt" "github.com/kuadrant/limitador-operator/pkg/helpers" + v1 "k8s.io/api/core/v1" "strconv" "github.com/go-logr/logr" @@ -86,6 +87,17 @@ func (r *LimitadorReconciler) Reconcile(eventCtx context.Context, req ctrl.Reque return ctrl.Result{}, err } + // Reconcile Limits ConfigMap + limitsConfigMap, err := limitador.LimitsConfigMap(limitadorObj) + if err != nil { + return ctrl.Result{}, err + } + err = r.ReconcileConfigMap(ctx, limitsConfigMap, mutateLimitsConfigMap) + logger.V(1).Info("reconcile limits ConfigMap", "error", err) + if err != nil { + return ctrl.Result{}, err + } + return ctrl.Result{}, nil } @@ -116,6 +128,30 @@ func buildServiceUrl(limitadorObj *limitadorv1alpha1.Limitador) string { strconv.Itoa(int(helpers.GetValueOrDefault(*limitadorObj.Spec.Listener.HTTP.Port, limitador.DefaultServiceHTTPPort).(int32))) } +func mutateLimitsConfigMap(existingObj, desiredObj client.Object) (bool, error) { + existing, ok := existingObj.(*v1.ConfigMap) + if !ok { + return false, fmt.Errorf("%T is not a *v1.ConfigMap", existingObj) + } + desired, ok := desiredObj.(*v1.ConfigMap) + if !ok { + return false, fmt.Errorf("%T is not a *v1.ConfigMap", desiredObj) + } + + updated := false + + if existing.Data[limitador.LimitadorCMHash] != desired.Data[limitador.LimitadorCMHash] { + for k, v := range map[string]string{ + limitador.LimitadorCMHash: desired.Data[limitador.LimitadorCMHash], + limitador.LimitadorConfigFileName: string(desired.Data[limitador.LimitadorConfigFileName]), + } { + existing.Data[k] = v + } + updated = true + } + return updated, nil +} + func mutateLimitadorDeployment(existingObj, desiredObj client.Object) (bool, error) { existing, ok := existingObj.(*appsv1.Deployment) if !ok { diff --git a/controllers/limitador_controller_test.go b/controllers/limitador_controller_test.go index aa770aec..ccc46239 100644 --- a/controllers/limitador_controller_test.go +++ b/controllers/limitador_controller_test.go @@ -2,6 +2,7 @@ package controllers import ( "context" + "github.com/kuadrant/limitador-operator/pkg/limitador" "time" . "github.com/onsi/ginkgo" @@ -143,6 +144,27 @@ var _ = Describe("Limitador controller", func() { }, timeout, interval).Should(Equal("http://" + limitadorObj.Name + ".default.svc.cluster.local:8000")) }) + It("Should create a ConfigMap with the correct limits and hash", func() { + createdConfigMap := v1.ConfigMap{} + Eventually(func() bool { + err := k8sClient.Get( + context.TODO(), + types.NamespacedName{ + Namespace: LimitadorNamespace, + Name: limitador.LimitadorCMNamePrefix + limitadorObj.Name, + }, + &createdConfigMap) + + return err == nil + }, timeout, interval).Should(BeTrue()) + + Expect(createdConfigMap.Data[limitador.LimitadorCMHash]).Should( + Equal("a00c9940ae6bb8de702633ce453e6a97"), + ) + Expect(createdConfigMap.Data[limitador.LimitadorConfigFileName]).Should( + Equal("- conditions:\n - req.method == GET\n max_value: 10\n namespace: test-namespace\n seconds: 60\n variables:\n - user_id\n- conditions:\n - req.method == POST\n max_value: 5\n namespace: test-namespace\n seconds: 60\n variables:\n - user_id\n"), + ) + }) }) Context("Updating a limitador object", func() { @@ -196,5 +218,51 @@ var _ = Describe("Limitador controller", func() { return correctReplicas && correctImage }, timeout, interval).Should(BeTrue()) }) + It("Should modify the ConfigMap accordingly", func() { + updatedLimitador := limitadorv1alpha1.Limitador{} + Eventually(func() bool { + err := k8sClient.Get( + context.TODO(), + types.NamespacedName{ + Namespace: LimitadorNamespace, + Name: limitadorObj.Name, + }, + &updatedLimitador) + + return err == nil + }, timeout, interval).Should(BeTrue()) + + limits := []limitadorv1alpha1.RateLimit{ + { + Conditions: []string{"req.method == GET"}, + MaxValue: 100, + Namespace: "test-namespace", + Seconds: 60, + Variables: []string{"user_id"}, + }, + } + updatedLimitador.Spec.Limits = limits + + Expect(k8sClient.Update(context.TODO(), &updatedLimitador)).Should(Succeed()) + updatedLimitadorConfigMap := v1.ConfigMap{} + Eventually(func() bool { + err := k8sClient.Get( + context.TODO(), + types.NamespacedName{ + Namespace: LimitadorNamespace, + Name: limitador.LimitadorCMNamePrefix + limitadorObj.Name, + }, + &updatedLimitadorConfigMap) + + if err != nil { + return false + } + + correctHash := updatedLimitadorConfigMap.Data[limitador.LimitadorCMHash] == "69b3eab828208274d4200aedc6fd8b19" + correctLimits := updatedLimitadorConfigMap.Data[limitador.LimitadorConfigFileName] == "- conditions:\n - req.method == GET\n max_value: 100\n namespace: test-namespace\n seconds: 60\n variables:\n - user_id\n" + + return correctHash && correctLimits + }, timeout, interval).Should(BeTrue()) + }) }) }) diff --git a/go.mod b/go.mod index ecae2a23..58324c5c 100644 --- a/go.mod +++ b/go.mod @@ -14,4 +14,5 @@ require ( k8s.io/client-go v0.22.1 k8s.io/klog/v2 v2.9.0 sigs.k8s.io/controller-runtime v0.10.0 + sigs.k8s.io/yaml v1.2.0 // indirect ) diff --git a/pkg/limitador/k8s_objects.go b/pkg/limitador/k8s_objects.go index 02107c72..7520cb92 100644 --- a/pkg/limitador/k8s_objects.go +++ b/pkg/limitador/k8s_objects.go @@ -1,21 +1,31 @@ package limitador import ( + "crypto/md5" + "fmt" limitadorv1alpha1 "github.com/kuadrant/limitador-operator/api/v1alpha1" "github.com/kuadrant/limitador-operator/pkg/helpers" appsv1 "k8s.io/api/apps/v1" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + "sigs.k8s.io/yaml" ) const ( - DefaultVersion = "latest" - DefaultReplicas = 1 - Image = "quay.io/3scale/limitador" - StatusEndpoint = "/status" - DefaultServiceHTTPPort = 8080 - DefaultServiceGRPCPort = 8081 + DefaultVersion = "latest" + DefaultReplicas = 1 + Image = "quay.io/3scale/limitador" + StatusEndpoint = "/status" + DefaultServiceHTTPPort = 8080 + DefaultServiceGRPCPort = 8081 + EnvLimitadorConfigFileName = "LIMITADOR_CONFIG_FILE_NAME" + LimitadorCMHash = "hash" + LimitadorCMNamePrefix = "limitador-" +) + +var ( + LimitadorConfigFileName = helpers.FetchEnv(EnvLimitadorConfigFileName, "limitador-config.yaml") ) func LimitadorService(limitador *limitadorv1alpha1.Limitador) *v1.Service { @@ -143,6 +153,25 @@ func LimitadorDeployment(limitador *limitadorv1alpha1.Limitador) *appsv1.Deploym } } +func LimitsConfigMap(limitador *limitadorv1alpha1.Limitador) (*v1.ConfigMap, error) { + limitsMarshalled, marshallErr := yaml.Marshal(limitador.Spec.Limits) + if marshallErr != nil { + return nil, marshallErr + } + + return &v1.ConfigMap{ + Data: map[string]string{ + LimitadorConfigFileName: string(limitsMarshalled), + LimitadorCMHash: fmt.Sprintf("%x", md5.Sum(limitsMarshalled)), + }, + ObjectMeta: metav1.ObjectMeta{ + Name: LimitadorCMNamePrefix + limitador.Name, + Namespace: limitador.Namespace, + Labels: map[string]string{"app": "limitador"}, + }, + }, nil +} + func labels() map[string]string { return map[string]string{"app": "limitador"} } diff --git a/pkg/reconcilers/base_reconciler.go b/pkg/reconcilers/base_reconciler.go index d374549e..42b80341 100644 --- a/pkg/reconcilers/base_reconciler.go +++ b/pkg/reconcilers/base_reconciler.go @@ -18,7 +18,6 @@ package reconcilers import ( "context" - "github.com/go-logr/logr" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" @@ -144,6 +143,10 @@ func (b *BaseReconciler) ReconcileDeployment(ctx context.Context, desired *appsv return b.ReconcileResource(ctx, &appsv1.Deployment{}, desired, mutatefn) } +func (b *BaseReconciler) ReconcileConfigMap(ctx context.Context, desired *corev1.ConfigMap, mutatefn MutateFn) error { + return b.ReconcileResource(ctx, &corev1.ConfigMap{}, desired, mutatefn) +} + func (b *BaseReconciler) GetResource(ctx context.Context, objKey types.NamespacedName, obj client.Object) error { logger := logr.FromContext(ctx) logger.Info("get object", "GKV", obj.GetObjectKind().GroupVersionKind(), "name", obj.GetName(), "namespace", obj.GetNamespace()) From 5594ecfb253c55e4c1cc558b8635977b5a6bcad0 Mon Sep 17 00:00:00 2001 From: dd di cesare Date: Thu, 23 Jun 2022 19:32:58 +0200 Subject: [PATCH 2/7] [deployment] Mounting `ConfigMap` config file from Volume --- controllers/limitador_controller_test.go | 15 ++++++++++--- pkg/limitador/k8s_objects.go | 28 ++++++++++++++++++++++-- 2 files changed, 38 insertions(+), 5 deletions(-) diff --git a/controllers/limitador_controller_test.go b/controllers/limitador_controller_test.go index ccc46239..41b5f7f9 100644 --- a/controllers/limitador_controller_test.go +++ b/controllers/limitador_controller_test.go @@ -94,7 +94,7 @@ var _ = Describe("Limitador controller", func() { Expect(k8sClient.Create(context.TODO(), limitadorObj)).Should(Succeed()) }) - It("Should create a new deployment with the right number of replicas and version", func() { + It("Should create a new deployment with the right number of replicas, version and config file", func() { createdLimitadorDeployment := appsv1.Deployment{} Eventually(func() bool { err := k8sClient.Get( @@ -114,6 +114,15 @@ var _ = Describe("Limitador controller", func() { Expect(createdLimitadorDeployment.Spec.Template.Spec.Containers[0].Image).Should( Equal(LimitadorImage + ":" + LimitadorVersion), ) + Expect(createdLimitadorDeployment.Spec.Template.Spec.Containers[0].Env[1]).Should( + Equal(v1.EnvVar{Name: "LIMITS_FILE", Value: "/limitador-config.yaml", ValueFrom: nil}), + ) + Expect(createdLimitadorDeployment.Spec.Template.Spec.Containers[0].VolumeMounts[0].MountPath).Should( + Equal("/"), + ) + Expect(createdLimitadorDeployment.Spec.Template.Spec.Volumes[0].VolumeSource.ConfigMap.Name).Should( + Equal(limitador.LimitsCMNamePrefix + limitadorObj.Name), + ) }) It("Should create a Limitador service", func() { @@ -151,7 +160,7 @@ var _ = Describe("Limitador controller", func() { context.TODO(), types.NamespacedName{ Namespace: LimitadorNamespace, - Name: limitador.LimitadorCMNamePrefix + limitadorObj.Name, + Name: limitador.LimitsCMNamePrefix + limitadorObj.Name, }, &createdConfigMap) @@ -250,7 +259,7 @@ var _ = Describe("Limitador controller", func() { context.TODO(), types.NamespacedName{ Namespace: LimitadorNamespace, - Name: limitador.LimitadorCMNamePrefix + limitadorObj.Name, + Name: limitador.LimitsCMNamePrefix + limitadorObj.Name, }, &updatedLimitadorConfigMap) diff --git a/pkg/limitador/k8s_objects.go b/pkg/limitador/k8s_objects.go index 7520cb92..17514a3f 100644 --- a/pkg/limitador/k8s_objects.go +++ b/pkg/limitador/k8s_objects.go @@ -21,7 +21,9 @@ const ( DefaultServiceGRPCPort = 8081 EnvLimitadorConfigFileName = "LIMITADOR_CONFIG_FILE_NAME" LimitadorCMHash = "hash" - LimitadorCMNamePrefix = "limitador-" + LimitsCMNamePrefix = "limits-config-" + LimitadorCMMountPath = "/" + LimitadorLimitsFileEnv = "LIMITS_FILE" ) var ( @@ -115,6 +117,10 @@ func LimitadorDeployment(limitador *limitadorv1alpha1.Limitador) *appsv1.Deploym Name: "RUST_LOG", Value: "info", }, + { + Name: LimitadorLimitsFileEnv, + Value: LimitadorCMMountPath + LimitadorConfigFileName, + }, }, LivenessProbe: &v1.Probe{ Handler: v1.Handler{ @@ -144,9 +150,27 @@ func LimitadorDeployment(limitador *limitadorv1alpha1.Limitador) *appsv1.Deploym SuccessThreshold: 1, FailureThreshold: 3, }, + VolumeMounts: []v1.VolumeMount{ + { + Name: "config-file", + MountPath: LimitadorCMMountPath, + }, + }, ImagePullPolicy: v1.PullIfNotPresent, }, }, + Volumes: []v1.Volume{ + { + Name: "config-file", + VolumeSource: v1.VolumeSource{ + ConfigMap: &v1.ConfigMapVolumeSource{ + LocalObjectReference: v1.LocalObjectReference{ + Name: LimitsCMNamePrefix + limitador.Name, + }, + }, + }, + }, + }, }, }, }, @@ -165,7 +189,7 @@ func LimitsConfigMap(limitador *limitadorv1alpha1.Limitador) (*v1.ConfigMap, err LimitadorCMHash: fmt.Sprintf("%x", md5.Sum(limitsMarshalled)), }, ObjectMeta: metav1.ObjectMeta{ - Name: LimitadorCMNamePrefix + limitador.Name, + Name: LimitsCMNamePrefix + limitador.Name, Namespace: limitador.Namespace, Labels: map[string]string{"app": "limitador"}, }, From 095a2bcdb7cdd65c6bdbd6f03b38dda87a6e1efe Mon Sep 17 00:00:00 2001 From: dd di cesare Date: Thu, 23 Jun 2022 19:34:51 +0200 Subject: [PATCH 3/7] [factories] Bonus commit: Testing values from constants --- pkg/limitador/k8s_objects_test.go | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 pkg/limitador/k8s_objects_test.go diff --git a/pkg/limitador/k8s_objects_test.go b/pkg/limitador/k8s_objects_test.go new file mode 100644 index 00000000..1ed2612c --- /dev/null +++ b/pkg/limitador/k8s_objects_test.go @@ -0,0 +1,22 @@ +package limitador + +import ( + "gotest.tools/assert" + "testing" +) + +func TestConstants(t *testing.T) { + assert.Check(t, "latest" == DefaultVersion) + assert.Check(t, 1 == DefaultReplicas) + assert.Check(t, "quay.io/3scale/limitador" == Image) + assert.Check(t, "/status" == StatusEndpoint) + assert.Check(t, 8080 == DefaultServiceHTTPPort) + assert.Check(t, 8081 == DefaultServiceGRPCPort) + assert.Check(t, "LIMITADOR_CONFIG_FILE_NAME" == EnvLimitadorConfigFileName) + assert.Check(t, "hash" == LimitadorCMHash) + assert.Check(t, "limits-config-" == LimitsCMNamePrefix) + assert.Check(t, "/" == LimitadorCMMountPath) + assert.Check(t, "LIMITS_FILE" == LimitadorLimitsFileEnv) +} + +//TODO: Test individual k8s objects. Extract limitadorObj creation from controller_test From 7976628bb64f1d071954b26058a1deafd373a5b3 Mon Sep 17 00:00:00 2001 From: dd di cesare Date: Mon, 27 Jun 2022 19:26:02 +0200 Subject: [PATCH 4/7] [samples] Updating Limitador sample and bundles --- ...itador-operator.clusterserviceversion.yaml | 19 +++++++++++++++++++ .../samples/limitador_v1alpha1_limitador.yaml | 11 +++++++++++ 2 files changed, 30 insertions(+) diff --git a/bundle/manifests/limitador-operator.clusterserviceversion.yaml b/bundle/manifests/limitador-operator.clusterserviceversion.yaml index 9a34adea..406be03a 100644 --- a/bundle/manifests/limitador-operator.clusterserviceversion.yaml +++ b/bundle/manifests/limitador-operator.clusterserviceversion.yaml @@ -11,6 +11,25 @@ metadata: "name": "limitador-sample" }, "spec": { + "limits": [ + { + "conditions": [ + "get-toy == yes" + ], + "max_value": 2, + "namespace": "toystore-app", + "seconds": 30, + "variables": [] + } + ], + "listener": { + "grpc": { + "port": 8081 + }, + "http": { + "port": 8080 + } + }, "replicas": 1, "version": "latest" } diff --git a/config/samples/limitador_v1alpha1_limitador.yaml b/config/samples/limitador_v1alpha1_limitador.yaml index 90788359..469ed1b4 100644 --- a/config/samples/limitador_v1alpha1_limitador.yaml +++ b/config/samples/limitador_v1alpha1_limitador.yaml @@ -5,3 +5,14 @@ metadata: spec: replicas: 1 version: latest + listener: + http: + port: 8080 + grpc: + port: 8081 + limits: + - conditions: ["get-toy == yes"] + max_value: 2 + namespace: toystore-app + seconds: 30 + variables: [] From 2dfd2373a401aaa78a07056493783091e9db3cfd Mon Sep 17 00:00:00 2001 From: dd di cesare Date: Mon, 27 Jun 2022 19:27:32 +0200 Subject: [PATCH 5/7] =?UTF-8?q?[refactor]=C2=A0Addressing=20PR=20review=20?= =?UTF-8?q?comments?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- controllers/limitador_controller_test.go | 12 +++++------ pkg/limitador/k8s_objects.go | 26 ++++++++++-------------- pkg/limitador/k8s_objects_test.go | 4 ++-- 3 files changed, 19 insertions(+), 23 deletions(-) diff --git a/controllers/limitador_controller_test.go b/controllers/limitador_controller_test.go index 41b5f7f9..696ab6b8 100644 --- a/controllers/limitador_controller_test.go +++ b/controllers/limitador_controller_test.go @@ -115,10 +115,10 @@ var _ = Describe("Limitador controller", func() { Equal(LimitadorImage + ":" + LimitadorVersion), ) Expect(createdLimitadorDeployment.Spec.Template.Spec.Containers[0].Env[1]).Should( - Equal(v1.EnvVar{Name: "LIMITS_FILE", Value: "/limitador-config.yaml", ValueFrom: nil}), + Equal(v1.EnvVar{Name: "LIMITS_FILE", Value: "/home/limitador/etc/limitador-config.yaml", ValueFrom: nil}), ) Expect(createdLimitadorDeployment.Spec.Template.Spec.Containers[0].VolumeMounts[0].MountPath).Should( - Equal("/"), + Equal("/home/limitador/etc/"), ) Expect(createdLimitadorDeployment.Spec.Template.Spec.Volumes[0].VolumeSource.ConfigMap.Name).Should( Equal(limitador.LimitsCMNamePrefix + limitadorObj.Name), @@ -267,11 +267,11 @@ var _ = Describe("Limitador controller", func() { return false } - correctHash := updatedLimitadorConfigMap.Data[limitador.LimitadorCMHash] == "69b3eab828208274d4200aedc6fd8b19" - correctLimits := updatedLimitadorConfigMap.Data[limitador.LimitadorConfigFileName] == "- conditions:\n - req.method == GET\n max_value: 100\n namespace: test-namespace\n seconds: 60\n variables:\n - user_id\n" - - return correctHash && correctLimits + return true }, timeout, interval).Should(BeTrue()) + Expect(updatedLimitadorConfigMap.Data[limitador.LimitadorCMHash]).Should(Equal("69b3eab828208274d4200aedc6fd8b19")) + Expect(updatedLimitadorConfigMap.Data[limitador.LimitadorConfigFileName]).Should(Equal("- conditions:\n - req.method == GET\n max_value: 100\n namespace: test-namespace\n seconds: 60\n variables:\n - user_id\n")) + }) }) }) diff --git a/pkg/limitador/k8s_objects.go b/pkg/limitador/k8s_objects.go index 17514a3f..4d318e09 100644 --- a/pkg/limitador/k8s_objects.go +++ b/pkg/limitador/k8s_objects.go @@ -13,21 +13,17 @@ import ( ) const ( - DefaultVersion = "latest" - DefaultReplicas = 1 - Image = "quay.io/3scale/limitador" - StatusEndpoint = "/status" - DefaultServiceHTTPPort = 8080 - DefaultServiceGRPCPort = 8081 - EnvLimitadorConfigFileName = "LIMITADOR_CONFIG_FILE_NAME" - LimitadorCMHash = "hash" - LimitsCMNamePrefix = "limits-config-" - LimitadorCMMountPath = "/" - LimitadorLimitsFileEnv = "LIMITS_FILE" -) - -var ( - LimitadorConfigFileName = helpers.FetchEnv(EnvLimitadorConfigFileName, "limitador-config.yaml") + DefaultVersion = "latest" + DefaultReplicas = 1 + Image = "quay.io/3scale/limitador" + StatusEndpoint = "/status" + DefaultServiceHTTPPort = 8080 + DefaultServiceGRPCPort = 8081 + LimitadorConfigFileName = "limitador-config.yaml" + LimitadorCMHash = "hash" + LimitsCMNamePrefix = "limits-config-" + LimitadorCMMountPath = "/home/limitador/etc/" + LimitadorLimitsFileEnv = "LIMITS_FILE" ) func LimitadorService(limitador *limitadorv1alpha1.Limitador) *v1.Service { diff --git a/pkg/limitador/k8s_objects_test.go b/pkg/limitador/k8s_objects_test.go index 1ed2612c..55f82ae6 100644 --- a/pkg/limitador/k8s_objects_test.go +++ b/pkg/limitador/k8s_objects_test.go @@ -12,10 +12,10 @@ func TestConstants(t *testing.T) { assert.Check(t, "/status" == StatusEndpoint) assert.Check(t, 8080 == DefaultServiceHTTPPort) assert.Check(t, 8081 == DefaultServiceGRPCPort) - assert.Check(t, "LIMITADOR_CONFIG_FILE_NAME" == EnvLimitadorConfigFileName) + assert.Check(t, "limitador-config.yaml" == LimitadorConfigFileName) assert.Check(t, "hash" == LimitadorCMHash) assert.Check(t, "limits-config-" == LimitsCMNamePrefix) - assert.Check(t, "/" == LimitadorCMMountPath) + assert.Check(t, "/home/limitador/etc/" == LimitadorCMMountPath) assert.Check(t, "LIMITS_FILE" == LimitadorLimitsFileEnv) } From 83003796667de3f50abc4186a7e75f9447d54460 Mon Sep 17 00:00:00 2001 From: dd di cesare Date: Mon, 27 Jun 2022 19:44:59 +0200 Subject: [PATCH 6/7] [go] `go mod tidy` --- go.mod | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/go.mod b/go.mod index 58324c5c..aa2c0b02 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,6 @@ require ( github.com/go-logr/logr v0.4.0 github.com/onsi/ginkgo v1.16.4 github.com/onsi/gomega v1.15.0 - github.com/stretchr/testify v1.7.0 go.uber.org/zap v1.19.0 gotest.tools v2.2.0+incompatible k8s.io/api v0.22.1 @@ -14,5 +13,5 @@ require ( k8s.io/client-go v0.22.1 k8s.io/klog/v2 v2.9.0 sigs.k8s.io/controller-runtime v0.10.0 - sigs.k8s.io/yaml v1.2.0 // indirect + sigs.k8s.io/yaml v1.2.0 ) From b4362dc093ff8a53a34a4008fd06e193cb19f9a0 Mon Sep 17 00:00:00 2001 From: dd di cesare Date: Tue, 28 Jun 2022 15:59:34 +0200 Subject: [PATCH 7/7] [controller] Giving permissions to controller over `ConfigMaps` --- .../limitador-operator.clusterserviceversion.yaml | 11 +++++++++++ config/deploy/manfiests.yaml | 11 +++++++++++ config/install/manifests.yaml | 11 +++++++++++ config/rbac/role.yaml | 11 +++++++++++ controllers/limitador_controller.go | 1 + 5 files changed, 45 insertions(+) diff --git a/bundle/manifests/limitador-operator.clusterserviceversion.yaml b/bundle/manifests/limitador-operator.clusterserviceversion.yaml index 406be03a..0efe2c13 100644 --- a/bundle/manifests/limitador-operator.clusterserviceversion.yaml +++ b/bundle/manifests/limitador-operator.clusterserviceversion.yaml @@ -78,6 +78,17 @@ spec: spec: clusterPermissions: - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - update + - watch - apiGroups: - apps resources: diff --git a/config/deploy/manfiests.yaml b/config/deploy/manfiests.yaml index 844723b8..c0c32a3a 100644 --- a/config/deploy/manfiests.yaml +++ b/config/deploy/manfiests.yaml @@ -224,6 +224,17 @@ metadata: creationTimestamp: null name: limitador-operator-manager-role rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - update + - watch - apiGroups: - apps resources: diff --git a/config/install/manifests.yaml b/config/install/manifests.yaml index fb06303e..eb011651 100644 --- a/config/install/manifests.yaml +++ b/config/install/manifests.yaml @@ -217,6 +217,17 @@ metadata: creationTimestamp: null name: limitador-operatormanager-role rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - update + - watch - apiGroups: - apps resources: diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 001e280d..0eed8028 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -6,6 +6,17 @@ metadata: creationTimestamp: null name: manager-role rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - list + - update + - watch - apiGroups: - apps resources: diff --git a/controllers/limitador_controller.go b/controllers/limitador_controller.go index 1e65456a..b81d82cc 100644 --- a/controllers/limitador_controller.go +++ b/controllers/limitador_controller.go @@ -44,6 +44,7 @@ type LimitadorReconciler struct { //+kubebuilder:rbac:groups=limitador.kuadrant.io,resources=limitadors/finalizers,verbs=update //+kubebuilder:rbac:groups=core,resources=services,verbs=get;list;watch;create;update;delete //+kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch;create;update;delete +//+kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch;create;update;delete func (r *LimitadorReconciler) Reconcile(eventCtx context.Context, req ctrl.Request) (ctrl.Result, error) { logger := r.Logger().WithValues("limitador", req.NamespacedName)