Skip to content
This repository has been archived by the owner on May 6, 2022. It is now read-only.

Commit

Permalink
Replaces the Aggregated API Server with the CustomResourceDefinitions…
Browse files Browse the repository at this point in the history
… (CRDs) solution (#2630)

* Add basic validation to crds

* Add webhook skeleton, remove api-server from chart, add webhoook server in chart, move PrepareForCreate login into webhook handler (#2)

* Add webhook skeleton, remove api-server from chart, add webhoook server in chart, move PrepareForCreate login into webhook handler

* Add logger and GVK matcher

* Add test coverage for webhook (#6)

* Add Status entry initialization in binding and instance controller (#5)

* Change fs to label selector (#9)

* Fix removing finalizer after switching to CRD /status sub-resource (#8)

* Add tests to webhooks (#11)

* Replace changevalidator with webhook (#14)

* Replace default service plan with webhook (#10)

* Add tests to webhooks - fix

* Rewrite defaultServicePlan feature to webhook

* Replace plugins by webhook (#16)

* Replace ServiceBinding plugin by webhook

* Replace Broker plugins by webhook

* Adjust webhooks to multi validation handlers

* Service Catalog going towards to CRDs (#18)

* Migrate registry/strategy Updates to webhooks (#17)

* Use Update instead of updateReference method (#19)

* Replace tableconvertor with APC (#20)

* Fix svcat tests after the rebase with the upstream master branch

* Pre delete jobs - remove CRD after delete helm release (#21)

* Apply fixes after executing `make verify`

* Create docs about webhook implementation (#24)

* Change the securePort for the webhook server because colidates with old api-server

* Change import paths to kubernetes-sigs, and rebase with master

* Apply fixes after rebase

Fixes:
* makefile targets,
* instance deprovision operation
* entries under additionalPrinterColumns in crds.yaml
* unit tests after rebase

* Update documentation (#40)

* Update docs

* Fix vendor after rebase with k8s 1.15 bump

* Apply changes after review

- remove the contrib/hack/crd folder
- remove reference to Kyma project
- rebase with current master
- restore the image in chart
- extract CRDs defintion to dedicated folder
  • Loading branch information
mszostok authored and k8s-ci-robot committed Sep 20, 2019
1 parent 48622fa commit ccab523
Show file tree
Hide file tree
Showing 358 changed files with 39,771 additions and 2,152 deletions.
112 changes: 103 additions & 9 deletions Gopkg.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 4 additions & 0 deletions Gopkg.toml
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,10 @@ required = [
name = "github.com/kubernetes-sigs/go-open-service-broker-client"
revision = "906fa5f9c24914e93e61f0dee2e417b2b24f77bd"

[[constraint]]
name="sigs.k8s.io/controller-runtime"
version="v0.2.0-beta.0"

# All dependencies of Kubernetes from branch release-1.13 converted to override clauses. This include dependencies that
# are not used in this project. See
# https://github.com/kubernetes/kubernetes/blob/release-1.13/Godeps/Godeps.json
Expand Down
12 changes: 3 additions & 9 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -175,8 +175,8 @@ $(BINDIR)/%-gen: $$(shell find vendor/k8s.io/code-generator/cmd/$$*-gen vendor/k

# Regenerate all files if the gen exes changed or any "types.go" files changed
.generate_files: .init generators $(TYPES_FILES)
# generate apiserver deps
$(DOCKER_CMD) $(BUILD_DIR)/update-apiserver-gen.sh
# generate api deps
$(DOCKER_CMD) $(BUILD_DIR)/update-apis-gen.sh
# generate all pkg/client contents
$(DOCKER_CMD) $(BUILD_DIR)/update-client-gen.sh
touch $@
Expand Down Expand Up @@ -241,7 +241,7 @@ verify-docs: .init
@$(DOCKER_CMD) verify-links.sh -s .pkg -s .bundler -s _plugins -s _includes -t $(SKIP_HTTP) .

verify-generated: .init generators
$(DOCKER_CMD) $(BUILD_DIR)/update-apiserver-gen.sh --verify-only
$(DOCKER_CMD) $(BUILD_DIR)/update-apis-gen.sh --verify-only

verify-client-gen: .init generators
$(DOCKER_CMD) $(BUILD_DIR)/verify-client-gen.sh
Expand Down Expand Up @@ -279,15 +279,9 @@ test-update-goldenfiles: .init
$(DOCKER_CMD) go test ./cmd/svcat/... -update

build-integration: .generate_files
$(DOCKER_CMD) go test -race github.com/kubernetes-sigs/service-catalog/test/integration/... -c
$(DOCKER_CMD) go test --tags="integration" -race github.com/kubernetes-sigs/service-catalog/pkg/controller/... -c

test-integration: .init $(scBuildImageTarget) build build-integration
# test kubectl
contrib/hack/setup-kubectl.sh
contrib/hack/test-apiserver.sh
# # golang integration tests
$(DOCKER_CMD) ./integration.test -test.v $(INT_TEST_FLAGS)
$(DOCKER_CMD) ./controller.test

test-e2e:
Expand Down
File renamed without changes.
46 changes: 12 additions & 34 deletions charts/catalog/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -40,38 +40,18 @@ chart and their default values.

| Parameter | Description | Default |
|-----------|-------------|---------|
| `image` | apiserver image to use | `quay.io/kubernetes-service-catalog/service-catalog:v0.2.2` |
| `image` | Service catalog image to use | `quay.io/kubernetes-service-catalog/service-catalog:v0.2.2` |
| `imagePullPolicy` | `imagePullPolicy` for the service catalog | `Always` |
| `apiserver.replicas` | `replicas` for the service catalog apiserver pod count | `1` |
| `apiserver.updateStrategy` | `updateStrategy` for the service catalog apiserver deployments | `RollingUpdate` |
| `apiserver.minReadySeconds` | how many seconds an apiServer pod needs to be ready before killing the next, during update | `1` |
| `apiserver.annotations` | Annotations for apiserver pods | `{}` |
| `apiserver.nodeSelector` | A nodeSelector value to apply to the apiserver pods. If not specified, no nodeSelector will be applied | |
| `apiserver.aggregator.priority` | Priority of the APIService. | `100` |
| `apiserver.aggregator.groupPriorityMinimum` | The minimum priority the group should have. | `10000` |
| `apiserver.aggregator.versionPriority` | The ordering of this API inside of the group | `20` |
| `apiserver.tls.requestHeaderCA` | Base64-encoded CA used to validate request-header authentication, when receiving delegated authentication from an aggregator. If not set, the service catalog API server will inherit this CA from the `extension-apiserver-authentication` ConfigMap if available. | `nil` |
| `apiserver.service.type` | Type of service; valid values are `LoadBalancer` , `NodePort` and `ClusterIP` | `NodePort` |
| `apiserver.service.nodePort.securePort` | If service type is `NodePort`, specifies a port in allowable range (e.g. 30000 - 32767 on minikube); The TLS-enabled endpoint will be exposed here | `30443` |
| `apiserver.service.clusterIP` | If service type is ClusterIP, specify clusterIP as `None` for `headless services` OR specify your own specific IP OR leave blank to let Kubernetes assign a cluster IP | |
| `apiserver.storage.type` | The storage backend to use; the only valid value is `etcd`, left for other storages support in future, e.g. `crd` | `etcd` |
| `apiserver.storage.etcd.useEmbedded` | If storage type is `etcd`: Whether to embed an etcd container in the apiserver pod; THIS IS INADEQUATE FOR PRODUCTION USE! | `true` |
| `apiserver.storage.etcd.servers` | If storage type is `etcd`: etcd URL(s); override this if NOT using embedded etcd. Only etcd v3 is supported. | `http://localhost:2379` |
| `apiserver.storage.etcd.image` | etcd image to use | `quay.io/coreos/etcd:latest` |
| `apiserver.storage.etcd.imagePullPolicy` | `imagePullPolicy` for etcd | `Always` |
| `apiserver.storage.etcd.persistence.enabled` | Enable persistence using PVC | `false` |
| `apiserver.storage.etcd.persistence.storageClass` | PVC Storage Class | `nil` (uses alpha storage class annotation) |
| `apiserver.storage.etcd.persistence.accessMode` | PVC Access Mode | `ReadWriteOnce` |
| `apiserver.storage.etcd.persistence.size` | PVC Storage Request | `4Gi` |
| `apiserver.storage.etcd.resources` | Resources allocation (Requests and Limits) | `{requests: {cpu: 100m, memory: 30Mi}, limits: {cpu: 100m, memory: 40Mi}}` |
| `apiserver.verbosity` | Log level; valid values are in the range 0 - 10 | `10` |
| `apiserver.auth.enabled` | Enable authentication and authorization | `true` |
| `apiserver.audit.activated` | If true, enables the use of audit features via this chart. | `false` |
| `apiserver.audit.logPath` | If specified, audit log goes to specified path. | `"/tmp/service-catalog-apiserver-audit.log"` |
| `apiserver.healthcheck.enabled` | Enable readiness and liveliness probes | `true` |
| `apiserver.serviceAccount` | Service account. | `service-catalog-apiserver` |
| `apiserver.serveOpenAPISpec` | If true, makes the API server serve the OpenAPI schema | `false` |
| `apiserver.resources` | Resources allocation (Requests and Limits) | `{requests: {cpu: 100m, memory: 20Mi}, limits: {cpu: 100m, memory: 30Mi}}` |
| `webhook.updateStrategy` | `updateStrategy` for the service catalog webhook deployment | `RollingUpdate` |
| `webhook.minReadySeconds` | how many seconds an webhook server pod needs to be ready before killing the next, during update | `1` |
| `webhook.annotations` | Annotations for webhook pods | `{}` |
| `webhook.nodeSelector` | A nodeSelector value to apply to the webhook pods. If not specified, no nodeSelector will be applied | |
| `webhook.service.type` | Type of service; valid values are `LoadBalancer` , `NodePort` and `ClusterIP` | `NodePort` |
| `webhook.service.nodePort.securePort` | If service type is `NodePort`, specifies a port in allowable range (e.g. 30000 - 32767 on minikube); The TLS-enabled endpoint will be exposed here | `30443` |
| `webhook.service.clusterIP` | If service type is ClusterIP, specify clusterIP as `None` for `headless services` OR specify your own specific IP OR leave blank to let Kubernetes assign a cluster IP | |
| `webhook.verbosity` | Log level; valid values are in the range 0 - 10 | `10` |
| `webhook.healthcheck.enabled` | Enable readiness and liveliness probes | `true` |
| `webhook.resources` | Resources allocation (Requests and Limits) | `{requests: {cpu: 100m, memory: 20Mi}, limits: {cpu: 100m, memory: 30Mi}}` |
| `controllerManager.replicas` | `replicas` for the service catalog controllerManager pod count | `1` |
| `controllerManager.updateStrategy` | `updateStrategy` for the service catalog controllerManager deployments | `RollingUpdate` |
| `controllerManager.minReadySeconds` | how many seconds a controllerManager pod needs to be ready before killing the next, during update | `1` |
Expand All @@ -87,13 +67,11 @@ chart and their default values.
| `controllerManager.profiling.contentionProfiling` | Enables lock contention profiling, if profiling is enabled | `false` |
| `controllerManager.leaderElection.activated` | Whether the controller has leader election enabled | `false` |
| `controllerManager.serviceAccount` | Service account | `service-catalog-controller-manager` |
| `controllerManager.apiserverSkipVerify` | Controls whether the API server's TLS verification should be skipped | `true` |
| `controllerManager.enablePrometheusScrape` | Whether the controller will expose metrics on /metrics | `false` |
| `controllerManager.resources` | Resources allocation (Requests and Limits) | `{requests: {cpu: 100m, memory: 20Mi}, limits: {cpu: 100m, memory: 30Mi}}` |
| `controllerManager.service.type` | Type of service; valid values are `LoadBalancer` , `NodePort` and `ClusterIP` | `ClusterIP` |
| `controllerManager.service.nodePort.securePort` | If service type is `NodePort`, specifies a port in allowable range (e.g. 30000 - 32767 on minikube); The TLS-enabled endpoint will be exposed here | `30444` |
| `controllerManager.service.clusterIP` | If service type is ClusterIP, specify clusterIP as `None` for `headless services` OR specify your own specific IP OR leave blank to let Kubernetes assign a cluster IP | |
| `controllerManager.resources` | Resources allocation (Requests and Limits) | `{requests: {cpu: 100m, memory: 20Mi}, limits: {cpu: 100m, memory: 30Mi}}` |
| `useAggregator` | whether or not to set up the controller-manager to go through the main Kubernetes API server's API aggregator | `true` |
| `rbacEnable` | If true, create & use RBAC resources | `true` |
| `originatingIdentityEnabled` | Whether the OriginatingIdentity feature should be enabled | `true` |
| `asyncBindingOperationsEnabled` | Whether or not alpha support for async binding operations is enabled | `false` |
Expand Down
50 changes: 0 additions & 50 deletions charts/catalog/templates/apiregistration.yaml

This file was deleted.

Loading

0 comments on commit ccab523

Please sign in to comment.