Deploy OS UI (Whisker) with Goldmane #3775
Conversation
Brian-McM
force-pushed
the
bm-add-whisker
branch
from
798fc8c to
1fa1508
Compare
There was a problem hiding this comment.
Very first pass. I think building tooling to more consistently, easily, and reliably construct common Objects is probably a good idea, but I do worry about the work required to roll this out across the board and the likelihood of us ending up needing to maintain multiple different ways of constructing objects as a result. So I'm on the fence about shipping it as part of this PR - let's see what @tmjd and @rene-dekker have to say.
pkg/controller/clusterconnection/clusterconnection_controller.go
Outdated
Show resolved
Hide resolved
|
@Brian-McM I think you'll need some logic like this as well: https://github.com/caseydavenport/operator/pull/6/files#diff-ffe7b4311a6538484cedc5e685c3bde3e6ce1a95f86828103fb12992e8158842 |
Brian-McM
force-pushed
the
bm-add-whisker
branch
from
1fa1508 to
b1eb33d
Compare
| metav1.TypeMeta `json:",inline"` | ||
| metav1.ObjectMeta `json:"metadata,omitempty"` | ||
|
|
||
| Status WhiskerStatus `json:"status,omitempty"` |
There was a problem hiding this comment.
We'll need to add container overrides to everything this deploys. I'm OK for that to be a follow-up, but I also think it should be rather trivial to add now.
There was a problem hiding this comment.
If you're cool with it I'm going to defer it, I tracked it in a ticket. Not sure if goldmane is going to stay here so kind of want to leave overrides until we sort that out.
|
|
||
| var log = logf.Log.WithName(controllerName) | ||
|
|
||
| // Add creates a new ManagementClusterConnection Controller and adds it to the Manager. The Manager will set fields on the Controller |
There was a problem hiding this comment.
Still copy/paste error in this comment
pkg/render/whisker/component.go
Outdated
| }, | ||
| { | ||
| APIGroups: []string{"projectcalico.org"}, | ||
| Resources: []string{"felixconfigurations"}, |
There was a problem hiding this comment.
Hm, what accesses felixconfigurations from this deployment?
There was a problem hiding this comment.
UI APIs seems to need it when it's connected.
pkg/render/whisker/component.go
Outdated
| { | ||
| APIGroups: []string{"*"}, | ||
| Resources: []string{"*"}, | ||
| Verbs: []string{"get", "list", "watch"}, |
There was a problem hiding this comment.
Should remove this wildcard permission
| } | ||
|
|
||
| func (c *Component) clusterRole() *rbacv1.ClusterRole { | ||
| policyRules := []rbacv1.PolicyRule{ |
There was a problem hiding this comment.
Goldmane needs access to ConfigMaps in its own Namespace (should be done via a Role not ClusterRole, though)
| for _, secretName := range []string{ | ||
| monitor.PrometheusServerTLSSecretName, | ||
| whisker.ManagedClusterConnectionSecretName, | ||
| "whisker-trusted-bundle", |
| @@ -99,6 +99,10 @@ func createTrustedBundle(includeSystemBundle bool, name string, ca CertificateIn | |||
| return bundle, err | |||
| } | |||
|
|
|||
| func (t *trustedBundle) SetName(name string) { | |||
There was a problem hiding this comment.
I'd rather that we follow the established pattern and have the existing controller (core_controller in this case) add the certificates.
pkg/render/whisker/component.go
Outdated
| Name: "PUSH_URL", | ||
| Value: "https://localhost:8080/api/v1/flows/bulk"}) | ||
| volumeMounts = []corev1.VolumeMount{ | ||
| secretMount("/certs", c.cfg.LinseedPublicCASecret), |
There was a problem hiding this comment.
How does this secret get into the namespace? I don't see it rendered in the PR, unless I'm missing something.
There was a problem hiding this comment.
It's via the install manifest retrieved from CC.
pkg/render/whisker/component.go
Outdated
| c.clusterRoleBinding(), | ||
| c.goldmaneService(), | ||
| c.whiskerService(), | ||
| c.cfg.TrustedCertBundle.ConfigMap(WhiskerNamespace)) |
There was a problem hiding this comment.
This is not how we render the bundle elsewhere. I'd rather have us use the established pattern.
| Scheme *runtime.Scheme | ||
| } | ||
|
|
||
| // +kubebuilder:rbac:groups=operator.tigera.io,resources=managementclusterconnections,verbs=get;list;watch;create;update;patch;delete |
There was a problem hiding this comment.
The comments in this file are incorrect
| return nil | ||
| } | ||
|
|
||
| statusManager := status.New(mgr.GetClient(), "gold-rush", opts.KubernetesVersion) |
There was a problem hiding this comment.
What is the reason and meaning for this name? Wouldn't it be better if we stick with whisker?
There was a problem hiding this comment.
This is left over from some previous naming
Description
For PR author
make gen-filesmake gen-versionsFor PR reviewers
A note for code reviewers - all pull requests must have the following:
kind/bugif this is a bugfix.kind/enhancementif this is a a new feature.enterpriseif this PR applies to Calico Enterprise only.