Merge pull request #18 from cfryanr/fix_deploy_errors

Fix deploy errors

Dockerfile

@@ -1,4 +1,23 @@
 FROM golang:1.14-alpine as build-env
+
+# It is important that these ARG's are defined after the FROM statement
+ARG ACCESS_TOKEN_USR="nothing"
+ARG ACCESS_TOKEN_PWD="nothing"
+
+# git is required to fetch go dependencies
+RUN apk add --no-cache ca-certificates git
+
+# Create a netrc file using the credentials specified using --build-arg
+RUN printf "machine github.com\n\
+    login ${ACCESS_TOKEN_USR}\n\
+    password ${ACCESS_TOKEN_PWD}\n\
+    \n\
+    machine api.github.com\n\
+    login ${ACCESS_TOKEN_USR}\n\
+    password ${ACCESS_TOKEN_PWD}\n"\
+    >> /root/.netrc
+RUN chmod 600 /root/.netrc
+
 RUN mkdir /work
 RUN mkdir /work/out
 WORKDIR /work

deploy/deployment.yaml

@@ -9,6 +9,12 @@ metadata:
     name: #@ data.values.namespace
 ---
 apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: #@ data.values.app_name + "-service-account"
+  namespace: #@ data.values.namespace
+---
+apiVersion: v1
 kind: ConfigMap
 metadata:
   name: #@ data.values.app_name + "-config"
@@ -39,6 +45,7 @@ spec:
       labels:
         app: #@ data.values.app_name
     spec:
+      serviceAccountName: #@ data.values.app_name + "-service-account"
       containers:
         - name: placeholder-name
           #@ if data.values.image_digest:
@@ -48,25 +55,25 @@ spec:
           #@ end
           imagePullPolicy: IfNotPresent
           command:
-          - ./app
+            - ./app
-          - --config=/etc/config/placeholder-config.yaml
+          args:
-          - --downward-api-path=/etc/podinfo
+            - --config=/etc/config/placeholder-config.yaml
+            - --downward-api-path=/etc/podinfo
           volumeMounts:
-          - name: config-volume
+            - name: config-volume
-            mountPath: /etc/config
+              mountPath: /etc/config
+            - name: podinfo
+              mountPath: /etc/podinfo
       volumes:
-      - name: config-volume
+        - name: config-volume
-        configMap:
+          configMap:
-          name: #@ data.values.app_name + "-config"
+            name: #@ data.values.app_name + "-config"
         - name: podinfo
-          mountPath: /etc/podinfo
+          downwardAPI:
-  volumes:
+            items:
-    - name: podinfo
+              - path: "labels"
-      downwardAPI:
+                fieldRef:
-        items:
+                  fieldPath: metadata.labels
-          - path: "labels"
+              - path: "namespace"
-            fieldRef:
+                fieldRef:
-              fieldPath: metadata.labels
+                  fieldPath: metadata.namespace
-          - path: "namespace"
-            fieldRef:
-              fieldPath: metadata.namespace

deploy/rbac.yaml

@@ -0,0 +1,51 @@
+#@ load("@ytt:data", "data")
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: #@ data.values.app_name + "-aggregated-api-server-cluster-role"
+rules:
+  - apiGroups: [""]
+    resources: [namespaces]
+    verbs: [get, list, watch]
+  - apiGroups: [apiregistration.k8s.io]
+    resources: [apiservices]
+    verbs: [create, get, list, patch, update, watch]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: #@ data.values.app_name + "-aggregated-api-server-cluster-role-binding"
+subjects:
+  - kind: ServiceAccount
+    name: #@ data.values.app_name + "-service-account"
+    namespace: #@ data.values.namespace
+roleRef:
+  kind: ClusterRole
+  name: #@ data.values.app_name + "-aggregated-api-server-cluster-role"
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: #@ data.values.app_name + "-aggregated-api-server-role"
+  namespace: #@ data.values.namespace
+rules:
+  - apiGroups: [""]
+    resources: [services]
+    verbs: [create, get, list, patch, update, watch]
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: #@ data.values.app_name + "-aggregated-api-server-role-binding"
+  namespace: #@ data.values.namespace
+subjects:
+  - kind: ServiceAccount
+    name: #@ data.values.app_name + "-service-account"
+    namespace: #@ data.values.namespace
+roleRef:
+  kind: Role
+  name: #@ data.values.app_name + "-aggregated-api-server-role"
+  apiGroup: rbac.authorization.k8s.io

internal/autoregistration/autoregistration.go

@@ -64,8 +64,8 @@ func Setup(ctx context.Context, options SetupOptions) error {
 		Port:      &svc.Spec.Ports[0].Port,
 	}
 	apiSvc.ObjectMeta.OwnerReferences = []metav1.OwnerReference{{
-		APIVersion: ns.APIVersion,
+		APIVersion: "v1",        // TODO why did we need to hardcode this to avoid errors? was ns.APIVersion
-		Kind:       ns.Kind,
+		Kind:       "Namespace", // TODO why did we need to hardcode this to avoid errors? was ns.Kind
 		UID:        ns.UID,
 		Name:       ns.Name,
 	}}