diff --git a/apis/v1alpha1/ack-generate-metadata.yaml b/apis/v1alpha1/ack-generate-metadata.yaml index d1b15d3..39d077e 100755 --- a/apis/v1alpha1/ack-generate-metadata.yaml +++ b/apis/v1alpha1/ack-generate-metadata.yaml @@ -1,9 +1,9 @@ ack_generate_info: - build_date: "2023-06-01T10:26:45Z" - build_hash: 8f3ba427974fd6e769926778d54834eaee3b81a3 - go_version: go1.19 - version: v0.26.1 -api_directory_checksum: 017e52b555b690a39a60e82a6f9574ab42b52973 + build_date: "2023-09-07T01:53:31Z" + build_hash: 2f2b5e916c59ae2a793a1cc9f9d7333b197c9549 + go_version: go1.21.0 + version: v0.27.0 +api_directory_checksum: 1365c3b571fa3d8a62211030b7826d4859ad929c api_version: v1alpha1 aws_sdk_go_version: v1.44.197 generator_config_info: diff --git a/apis/v1alpha1/topic.go b/apis/v1alpha1/topic.go index e3aa8b5..e1e4dbb 100644 --- a/apis/v1alpha1/topic.go +++ b/apis/v1alpha1/topic.go @@ -76,6 +76,8 @@ type TopicStatus struct { EffectiveDeliveryPolicy *string `json:"effectiveDeliveryPolicy,omitempty"` // +kubebuilder:validation:Optional Owner *string `json:"owner,omitempty"` + // +kubebuilder:validation:Optional + TopicARN *string `json:"topicARN,omitempty"` } // Topic is the Schema for the Topics API diff --git a/apis/v1alpha1/zz_generated.deepcopy.go b/apis/v1alpha1/zz_generated.deepcopy.go index 39186f8..9345e5d 100644 --- a/apis/v1alpha1/zz_generated.deepcopy.go +++ b/apis/v1alpha1/zz_generated.deepcopy.go @@ -959,6 +959,11 @@ func (in *TopicStatus) DeepCopyInto(out *TopicStatus) { *out = new(string) **out = **in } + if in.TopicARN != nil { + in, out := &in.TopicARN, &out.TopicARN + *out = new(string) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TopicStatus. diff --git a/cmd/controller/main.go b/cmd/controller/main.go index 7489633..40aa964 100644 --- a/cmd/controller/main.go +++ b/cmd/controller/main.go @@ -92,13 +92,14 @@ func main() { } mgr, err := ctrlrt.NewManager(ctrlrt.GetConfigOrDie(), ctrlrt.Options{ - Scheme: scheme, - Port: port, - Host: host, - MetricsBindAddress: ackCfg.MetricsAddr, - LeaderElection: ackCfg.EnableLeaderElection, - LeaderElectionID: awsServiceAPIGroup, - Namespace: ackCfg.WatchNamespace, + Scheme: scheme, + Port: port, + Host: host, + MetricsBindAddress: ackCfg.MetricsAddr, + LeaderElection: ackCfg.EnableLeaderElection, + LeaderElectionID: "ack-" + awsServiceAPIGroup, + Namespace: ackCfg.WatchNamespace, + LeaderElectionNamespace: ackCfg.LeaderElectionNamespace, }) if err != nil { setupLog.Error( diff --git a/config/controller/deployment.yaml b/config/controller/deployment.yaml index 3289e9a..07c3a85 100644 --- a/config/controller/deployment.yaml +++ b/config/controller/deployment.yaml @@ -29,14 +29,16 @@ spec: - "$(AWS_REGION)" - --aws-endpoint-url - "$(AWS_ENDPOINT_URL)" - - --enable-development-logging - - "$(ACK_ENABLE_DEVELOPMENT_LOGGING)" + - --enable-development-logging=$(ACK_ENABLE_DEVELOPMENT_LOGGING) - --log-level - "$(ACK_LOG_LEVEL)" - --resource-tags - "$(ACK_RESOURCE_TAGS)" - --watch-namespace - "$(ACK_WATCH_NAMESPACE)" + - --enable-leader-election=$(ENABLE_LEADER_ELECTION) + - --leader-election-namespace + - "$(LEADER_ELECTION_NAMESPACE)" image: controller:latest name: controller ports: @@ -66,6 +68,10 @@ spec: value: "info" - name: ACK_RESOURCE_TAGS value: "services.k8s.aws/controller-version=%CONTROLLER_SERVICE%-%CONTROLLER_VERSION%,services.k8s.aws/namespace=%K8S_NAMESPACE%" + - name: ENABLE_LEADER_ELECTION + value: "false" + - name: LEADER_ELECTION_NAMESPACE + value: "ack-system" securityContext: allowPrivilegeEscalation: false privileged: false diff --git a/config/controller/kustomization.yaml b/config/controller/kustomization.yaml index e9e4305..41b38ef 100644 --- a/config/controller/kustomization.yaml +++ b/config/controller/kustomization.yaml @@ -6,4 +6,4 @@ kind: Kustomization images: - name: controller newName: public.ecr.aws/aws-controllers-k8s/sns-controller - newTag: 1.0.3 + newTag: 1.0.4 diff --git a/config/crd/bases/sns.services.k8s.aws_topics.yaml b/config/crd/bases/sns.services.k8s.aws_topics.yaml index 3ff62d6..0543da2 100644 --- a/config/crd/bases/sns.services.k8s.aws_topics.yaml +++ b/config/crd/bases/sns.services.k8s.aws_topics.yaml @@ -176,6 +176,8 @@ spec: type: string owner: type: string + topicARN: + type: string type: object type: object served: true diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index eb7df60..d9acdee 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -4,4 +4,5 @@ resources: - role-reader.yaml - role-writer.yaml - service-account.yaml - +- leader-election-role.yaml +- leader-election-role-binding.yaml diff --git a/config/rbac/leader-election-role-binding.yaml b/config/rbac/leader-election-role-binding.yaml new file mode 100644 index 0000000..77c4d65 --- /dev/null +++ b/config/rbac/leader-election-role-binding.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + namespace: ack-system + name: sns-leader-election-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: sns-leader-election-role +subjects: +- kind: ServiceAccount + name: ack-sns-controller + namespace: ack-system diff --git a/config/rbac/leader-election-role.yaml b/config/rbac/leader-election-role.yaml new file mode 100644 index 0000000..0c657c7 --- /dev/null +++ b/config/rbac/leader-election-role.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: sns-leader-election-role + namespace: ack-system +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/go.mod b/go.mod index f1ff4c9..f54c117 100644 --- a/go.mod +++ b/go.mod @@ -5,13 +5,13 @@ go 1.19 require ( github.com/aws-controllers-k8s/iam-controller v1.1.1 github.com/aws-controllers-k8s/kms-controller v1.0.2 - github.com/aws-controllers-k8s/runtime v0.26.0 + github.com/aws-controllers-k8s/runtime v0.27.1 github.com/aws/aws-sdk-go v1.44.197 github.com/go-logr/logr v1.2.3 github.com/spf13/pflag v1.0.5 - k8s.io/api v0.26.1 - k8s.io/apimachinery v0.26.1 - k8s.io/client-go v0.26.1 + k8s.io/api v0.26.8 + k8s.io/apimachinery v0.26.8 + k8s.io/client-go v0.26.8 sigs.k8s.io/controller-runtime v0.14.5 ) @@ -33,7 +33,7 @@ require ( github.com/google/gnostic v0.5.7-v3refs // indirect github.com/google/go-cmp v0.5.9 // indirect github.com/google/gofuzz v1.1.0 // indirect - github.com/google/uuid v1.1.2 // indirect + github.com/google/uuid v1.3.0 // indirect github.com/imdario/mergo v0.3.12 // indirect github.com/itchyny/gojq v0.12.6 // indirect github.com/itchyny/timefmt-go v0.1.3 // indirect @@ -56,11 +56,11 @@ require ( go.uber.org/multierr v1.6.0 // indirect go.uber.org/zap v1.24.0 // indirect golang.org/x/exp v0.0.0-20220303212507-bbda1eaf7a17 // indirect - golang.org/x/net v0.7.0 // indirect + golang.org/x/net v0.8.0 // indirect golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect - golang.org/x/sys v0.5.0 // indirect - golang.org/x/term v0.5.0 // indirect - golang.org/x/text v0.7.0 // indirect + golang.org/x/sys v0.6.0 // indirect + golang.org/x/term v0.6.0 // indirect + golang.org/x/text v0.8.0 // indirect golang.org/x/time v0.3.0 // indirect gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect google.golang.org/appengine v1.6.7 // indirect diff --git a/go.sum b/go.sum index 56254bf..b8a0708 100644 --- a/go.sum +++ b/go.sum @@ -42,8 +42,8 @@ github.com/aws-controllers-k8s/iam-controller v1.1.1 h1:O6arh7DNlQF26MEKzgA2/kBE github.com/aws-controllers-k8s/iam-controller v1.1.1/go.mod h1:2+ARwRpazTq5MErjMz0MpXHhtAzRfNtY56Uj0gvu9vE= github.com/aws-controllers-k8s/kms-controller v1.0.2 h1:v8nh/oaX/U6spCwBDaWyem7XXpzoP/MnkJyEjNOZN9s= github.com/aws-controllers-k8s/kms-controller v1.0.2/go.mod h1:BeoijsyGjJ9G5VcDjpFdxBW0IxaeKXYX497XmUJiPSQ= -github.com/aws-controllers-k8s/runtime v0.26.0 h1:XKqygFzHSBtM74Ov9IroZbyCVeYei9Eskp4aKbJ2SFw= -github.com/aws-controllers-k8s/runtime v0.26.0/go.mod h1:jizDzKikL09cueIuA9ZxoZ+4pfn5U7oKW5s/ZAqOA6E= +github.com/aws-controllers-k8s/runtime v0.27.1 h1:tvJRQDioBFkob0kF4DwgS7MsoXZKwkG5QCHWxFEh+2o= +github.com/aws-controllers-k8s/runtime v0.27.1/go.mod h1:oSCqCzbzJLUrzv+cx4TIxCuSUvL75ABJmhxBc87IRqc= github.com/aws/aws-sdk-go v1.44.197 h1:pkg/NZsov9v/CawQWy+qWVzJMIZRQypCtYjUBXFomF8= github.com/aws/aws-sdk-go v1.44.197/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= @@ -167,8 +167,8 @@ github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hf github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y= -github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= +github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= @@ -379,8 +379,8 @@ golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= -golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= -golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.8.0 h1:Zrh2ngAOFYneWTAIAPethzeaQLuHwhuBkuV6ZiRnUaQ= +golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -445,13 +445,13 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= -golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY= -golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.6.0 h1:clScbb1cHjoCkyRbWwBEUZ5H/tIFu5TAXIqaZD0Gcjw= +golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -460,8 +460,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= -golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68= +golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -626,14 +626,14 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.26.1 h1:f+SWYiPd/GsiWwVRz+NbFyCgvv75Pk9NK6dlkZgpCRQ= -k8s.io/api v0.26.1/go.mod h1:xd/GBNgR0f707+ATNyPmQ1oyKSgndzXij81FzWGsejg= +k8s.io/api v0.26.8 h1:k2OtFmQPWfDUyAuYAwQPftVygF/vz4BMGSKnd15iddM= +k8s.io/api v0.26.8/go.mod h1:QaflR7cmG3V9lIz0VLBM+ylndNN897OAUAoJDcgwiQw= k8s.io/apiextensions-apiserver v0.26.1 h1:cB8h1SRk6e/+i3NOrQgSFij1B2S0Y0wDoNl66bn8RMI= k8s.io/apiextensions-apiserver v0.26.1/go.mod h1:AptjOSXDGuE0JICx/Em15PaoO7buLwTs0dGleIHixSM= -k8s.io/apimachinery v0.26.1 h1:8EZ/eGJL+hY/MYCNwhmDzVqq2lPl3N3Bo8rvweJwXUQ= -k8s.io/apimachinery v0.26.1/go.mod h1:tnPmbONNJ7ByJNz9+n9kMjNP8ON+1qoAIIC70lztu74= -k8s.io/client-go v0.26.1 h1:87CXzYJnAMGaa/IDDfRdhTzxk/wzGZ+/HUQpqgVSZXU= -k8s.io/client-go v0.26.1/go.mod h1:IWNSglg+rQ3OcvDkhY6+QLeasV4OYHDjdqeWkDQZwGE= +k8s.io/apimachinery v0.26.8 h1:SzpGtRX3/j/Ylg8Eg65Iobpxi9Jz4vOvI0qcBZyPVrM= +k8s.io/apimachinery v0.26.8/go.mod h1:qYzLkrQ9lhrZRh0jNKo2cfvf/R1/kQONnSiyB7NUJU0= +k8s.io/client-go v0.26.8 h1:pPuTYaVtLlg/7n6rqs3MsKLi4XgNaJ3rTMyS37Y5CKU= +k8s.io/client-go v0.26.8/go.mod h1:1sBQqKmdy9rWZYQnoedpc0gnRXG7kU3HrKZvBe2QbGM= k8s.io/component-base v0.26.1 h1:4ahudpeQXHZL5kko+iDHqLj/FSGAEUnSVO0EBbgDd+4= k8s.io/component-base v0.26.1/go.mod h1:VHrLR0b58oC035w6YQiBSbtsf0ThuSwXP+p5dD/kAWU= k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4= diff --git a/helm/Chart.yaml b/helm/Chart.yaml index e972d17..f227f54 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 name: sns-chart description: A Helm chart for the ACK service controller for Amazon Simple Notification Service (SNS) -version: 1.0.3 -appVersion: 1.0.3 +version: 1.0.4 +appVersion: 1.0.4 home: https://github.com/aws-controllers-k8s/sns-controller icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png sources: diff --git a/helm/crds/sns.services.k8s.aws_topics.yaml b/helm/crds/sns.services.k8s.aws_topics.yaml index 3ff62d6..0543da2 100644 --- a/helm/crds/sns.services.k8s.aws_topics.yaml +++ b/helm/crds/sns.services.k8s.aws_topics.yaml @@ -176,6 +176,8 @@ spec: type: string owner: type: string + topicARN: + type: string type: object type: object served: true diff --git a/helm/templates/NOTES.txt b/helm/templates/NOTES.txt index 8898c4e..04217e7 100644 --- a/helm/templates/NOTES.txt +++ b/helm/templates/NOTES.txt @@ -1,5 +1,5 @@ {{ .Chart.Name }} has been installed. -This chart deploys "public.ecr.aws/aws-controllers-k8s/sns-controller:1.0.3". +This chart deploys "public.ecr.aws/aws-controllers-k8s/sns-controller:1.0.4". Check its status by running: kubectl --namespace {{ .Release.Namespace }} get pods -l "app.kubernetes.io/instance={{ .Release.Name }}" diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml index 7504a61..77a67ea 100644 --- a/helm/templates/deployment.yaml +++ b/helm/templates/deployment.yaml @@ -18,10 +18,12 @@ spec: app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: +{{- if .Values.deployment.annotations }} annotations: {{- range $key, $value := .Values.deployment.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} +{{- end }} labels: app.kubernetes.io/name: {{ include "app.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} @@ -47,7 +49,7 @@ spec: - --aws-endpoint-url - "$(AWS_ENDPOINT_URL)" - --enable-development-logging - - "$(ACK_ENABLE_DEVELOPMENT_LOGGING)" + - "$(ENABLE_DEVELOPMENT_LOGGING)" - --log-level - "$(ACK_LOG_LEVEL)" - --resource-tags @@ -56,6 +58,10 @@ spec: - "$(ACK_WATCH_NAMESPACE)" - --deletion-policy - "$(DELETION_POLICY)" + - --enable-leader-election + - "$(ENABLE_LEADER_ELECTION)" + - --leader-election-namespace + - "$(LEADER_ELECTION_NAMESPACE)" {{- if gt .Values.reconcile.defaultResyncPeriod 0.0 }} - --reconcile-default-resync-seconds - "$(RECONCILE_DEFAULT_RESYNC_SECONDS)" @@ -85,6 +91,10 @@ spec: value: {{ include "watch-namespace" . }} - name: DELETION_POLICY value: {{ .Values.deletionPolicy }} + - name: ENABLED_LEADER_ELECTION + value: {{ .Values.leaderElection.enabled | quote }} + - name: LEADER_ELECTION_NAMESPACE + value: {{ .Values.leaderElection.namespace | quote }} - name: ACK_ENABLE_DEVELOPMENT_LOGGING value: {{ .Values.log.enable_development_logging | quote }} - name: ACK_LOG_LEVEL @@ -104,11 +114,19 @@ spec: value: {{ include "aws.credentials.path" . }} - name: AWS_PROFILE value: {{ .Values.aws.credentials.profile }} + {{- end }} + {{- if .Values.deployment.extraEnvVars -}} + {{ toYaml .Values.deployment.extraEnvVars | nindent 8 }} + {{- end }} volumeMounts: + {{- if .Values.aws.credentials.secretName }} - name: {{ .Values.aws.credentials.secretName }} mountPath: {{ include "aws.credentials.secret_mount_path" . }} readOnly: true {{- end }} + {{- if .Values.deployment.extraVolumeMounts -}} + {{ toYaml .Values.deployment.extraVolumeMounts | nindent 12 }} + {{- end }} securityContext: allowPrivilegeEscalation: false privileged: false @@ -133,9 +151,12 @@ spec: hostIPC: false hostNetwork: false hostPID: false - {{ if .Values.aws.credentials.secretName -}} volumes: + {{- if .Values.aws.credentials.secretName -}} - name: {{ .Values.aws.credentials.secretName }} secret: secretName: {{ .Values.aws.credentials.secretName }} {{ end -}} +{{- if .Values.deployment.extraVolumes }} +{{ toYaml .Values.deployment.extraVolumes | indent 8}} +{{- end }} diff --git a/helm/templates/leader-election-role-binding.yaml b/helm/templates/leader-election-role-binding.yaml new file mode 100644 index 0000000..a48bb45 --- /dev/null +++ b/helm/templates/leader-election-role-binding.yaml @@ -0,0 +1,18 @@ +{{ if .Values.leaderElection.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: sns-leader-election-rolebinding +{{ if .Values.leaderElection.namespace }} + namespace: {{ .Values.leaderElection.namespace }} +{{ else }} + namespace: {{ .Release.Namespace }} +{{ end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: sns-leader-election-role +subjects: +- kind: ServiceAccount + name: ack-sns-controller + namespace: {{ .Release.Namespace }}{{- end }} diff --git a/helm/templates/leader-election-role.yaml b/helm/templates/leader-election-role.yaml new file mode 100644 index 0000000..a8aad6b --- /dev/null +++ b/helm/templates/leader-election-role.yaml @@ -0,0 +1,30 @@ +{{ if .Values.leaderElection.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: sns-leader-election-role +{{ if .Values.leaderElection.namespace }} + namespace: {{ .Values.leaderElection.namespace }} +{{ else }} + namespace: {{ .Release.Namespace }} +{{ end }} +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch{{- end }} diff --git a/helm/values.schema.json b/helm/values.schema.json index 79fd18c..cba0a35 100644 --- a/helm/values.schema.json +++ b/helm/values.schema.json @@ -58,6 +58,15 @@ }, "priorityClassName": { "type": "string" + }, + "extraVolumeMounts": { + "type": "array" + }, + "extraVolumes": { + "type": "array" + }, + "extraEnvVars": { + "type": "array" } }, "required": [ @@ -222,6 +231,18 @@ }, "type": "object" }, + "leaderElection": { + "description": "Parameter to configure the controller's leader election system.", + "properties": { + "enabled": { + "type": "boolean" + }, + "namespace": { + "type": "string" + } + }, + "type": "object" + }, "serviceAccount": { "description": "ServiceAccount settings", "properties": { diff --git a/helm/values.yaml b/helm/values.yaml index ccbc5a9..37c8c9f 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -4,7 +4,7 @@ image: repository: public.ecr.aws/aws-controllers-k8s/sns-controller - tag: 1.0.3 + tag: 1.0.4 pullPolicy: IfNotPresent pullSecrets: [] @@ -28,6 +28,26 @@ deployment: # Which priorityClassName to set? # See: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority priorityClassName: "" + extraVolumes: [] + extraVolumeMounts: [] + + # Additional server container environment variables + # + # You specify this manually like you would a raw deployment manifest. + # This means you can bind in environment variables from secrets. + # + # e.g. static environment variable: + # - name: DEMO_GREETING + # value: "Hello from the environment" + # + # e.g. secret environment variable: + # - name: USERNAME + # valueFrom: + # secretKeyRef: + # name: mysecret + # key: username + extraEnvVars: [] + # If "installScope: cluster" then these labels will be applied to ClusterRole role: @@ -90,7 +110,7 @@ deletionPolicy: delete # controller reconciliation configurations reconcile: # The default duration, in seconds, to wait before resyncing desired state of custom resources. - defaultResyncPeriod: 0 + defaultResyncPeriod: 36000 # 10 Hours # An object representing the reconcile resync configuration for each specific resource. resourceResyncPeriods: {} @@ -101,3 +121,15 @@ serviceAccount: name: ack-sns-controller annotations: {} # eks.amazonaws.com/role-arn: arn:aws:iam::AWS_ACCOUNT_ID:role/IAM_ROLE_NAME + +# Configuration of the leader election. Required for running multiple instances of the +# controller within the same cluster. +# See https://kubernetes.io/docs/concepts/architecture/leases/#leader-election +leaderElection: + # Enable Controller Leader Election. Set this to true to enable leader election + # for this controller. + enabled: false + # Leader election can be scoped to a specific namespace. By default, the controller + # will attempt to use the namespace of the service account mounted to the Controller + # pod. + namespace: ""