Merge pull request #18 from cfryanr/fix_deploy_errors

Fix deploy errors
This commit is contained in:
Ryan Richard 2020-07-17 14:56:18 -07:00 committed by GitHub
commit 7cac20fc89
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 98 additions and 21 deletions

View File

@ -1,4 +1,23 @@
FROM golang:1.14-alpine as build-env FROM golang:1.14-alpine as build-env
# It is important that these ARG's are defined after the FROM statement
ARG ACCESS_TOKEN_USR="nothing"
ARG ACCESS_TOKEN_PWD="nothing"
# git is required to fetch go dependencies
RUN apk add --no-cache ca-certificates git
# Create a netrc file using the credentials specified using --build-arg
RUN printf "machine github.com\n\
login ${ACCESS_TOKEN_USR}\n\
password ${ACCESS_TOKEN_PWD}\n\
\n\
machine api.github.com\n\
login ${ACCESS_TOKEN_USR}\n\
password ${ACCESS_TOKEN_PWD}\n"\
>> /root/.netrc
RUN chmod 600 /root/.netrc
RUN mkdir /work RUN mkdir /work
RUN mkdir /work/out RUN mkdir /work/out
WORKDIR /work WORKDIR /work

View File

@ -9,6 +9,12 @@ metadata:
name: #@ data.values.namespace name: #@ data.values.namespace
--- ---
apiVersion: v1 apiVersion: v1
kind: ServiceAccount
metadata:
name: #@ data.values.app_name + "-service-account"
namespace: #@ data.values.namespace
---
apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
name: #@ data.values.app_name + "-config" name: #@ data.values.app_name + "-config"
@ -39,6 +45,7 @@ spec:
labels: labels:
app: #@ data.values.app_name app: #@ data.values.app_name
spec: spec:
serviceAccountName: #@ data.values.app_name + "-service-account"
containers: containers:
- name: placeholder-name - name: placeholder-name
#@ if data.values.image_digest: #@ if data.values.image_digest:
@ -48,25 +55,25 @@ spec:
#@ end #@ end
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: command:
- ./app - ./app
- --config=/etc/config/placeholder-config.yaml args:
- --downward-api-path=/etc/podinfo - --config=/etc/config/placeholder-config.yaml
- --downward-api-path=/etc/podinfo
volumeMounts: volumeMounts:
- name: config-volume - name: config-volume
mountPath: /etc/config mountPath: /etc/config
- name: podinfo
mountPath: /etc/podinfo
volumes: volumes:
- name: config-volume - name: config-volume
configMap: configMap:
name: #@ data.values.app_name + "-config" name: #@ data.values.app_name + "-config"
- name: podinfo - name: podinfo
mountPath: /etc/podinfo downwardAPI:
volumes: items:
- name: podinfo - path: "labels"
downwardAPI: fieldRef:
items: fieldPath: metadata.labels
- path: "labels" - path: "namespace"
fieldRef: fieldRef:
fieldPath: metadata.labels fieldPath: metadata.namespace
- path: "namespace"
fieldRef:
fieldPath: metadata.namespace

51
deploy/rbac.yaml Normal file
View File

@ -0,0 +1,51 @@
#@ load("@ytt:data", "data")
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: #@ data.values.app_name + "-aggregated-api-server-cluster-role"
rules:
- apiGroups: [""]
resources: [namespaces]
verbs: [get, list, watch]
- apiGroups: [apiregistration.k8s.io]
resources: [apiservices]
verbs: [create, get, list, patch, update, watch]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: #@ data.values.app_name + "-aggregated-api-server-cluster-role-binding"
subjects:
- kind: ServiceAccount
name: #@ data.values.app_name + "-service-account"
namespace: #@ data.values.namespace
roleRef:
kind: ClusterRole
name: #@ data.values.app_name + "-aggregated-api-server-cluster-role"
apiGroup: rbac.authorization.k8s.io
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: #@ data.values.app_name + "-aggregated-api-server-role"
namespace: #@ data.values.namespace
rules:
- apiGroups: [""]
resources: [services]
verbs: [create, get, list, patch, update, watch]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: #@ data.values.app_name + "-aggregated-api-server-role-binding"
namespace: #@ data.values.namespace
subjects:
- kind: ServiceAccount
name: #@ data.values.app_name + "-service-account"
namespace: #@ data.values.namespace
roleRef:
kind: Role
name: #@ data.values.app_name + "-aggregated-api-server-role"
apiGroup: rbac.authorization.k8s.io

View File

@ -64,8 +64,8 @@ func Setup(ctx context.Context, options SetupOptions) error {
Port: &svc.Spec.Ports[0].Port, Port: &svc.Spec.Ports[0].Port,
} }
apiSvc.ObjectMeta.OwnerReferences = []metav1.OwnerReference{{ apiSvc.ObjectMeta.OwnerReferences = []metav1.OwnerReference{{
APIVersion: ns.APIVersion, APIVersion: "v1", // TODO why did we need to hardcode this to avoid errors? was ns.APIVersion
Kind: ns.Kind, Kind: "Namespace", // TODO why did we need to hardcode this to avoid errors? was ns.Kind
UID: ns.UID, UID: ns.UID,
Name: ns.Name, Name: ns.Name,
}} }}