Extra updates for the operator

Signed-off-by: Xiaodong Ye <[email protected]>
openloft · Nov 19, 2023 · 44fd3ae · 44fd3ae
1 parent 5f520f8
commit 44fd3ae
Show file tree

Hide file tree

Showing 7 changed files with 57 additions and 8 deletions.
diff --git a/.github/workflows/makefile.yml b/.github/workflows/makefile.yml
@@ -0,0 +1,29 @@
+name: Makefile CI
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v3
+
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@v2
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Build image
+      run: make docker-build
+
+    - name: Push image
+      run: make docker-push
diff --git a/Makefile b/Makefile
@@ -51,7 +51,7 @@ endif
 OPERATOR_SDK_VERSION ?= v1.32.0
 
 # Image URL to use all building/pushing image targets
-IMG ?= controller:latest
+IMG ?= ghcr.io/openloft/vcluster-operator:latest
 
 .PHONY: all
 all: docker-build

diff --git a/README.md b/README.md
@@ -0,0 +1 @@
+# vCluster Operator
diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
@@ -1,12 +1,12 @@
 # Adds namespace to all resources.
-namespace: vcluster-operator-system
+namespace: openloft-system
 
 # Value of this field is prepended to the
 # names of all resources, e.g. a deployment named
 # "wordpress" becomes "alices-wordpress".
 # Note that it should also match with the prefix (text before '-') of the namespace
 # field above.
-namePrefix: vcluster-operator-
+namePrefix: openloft-
 
 # Labels to add to all resources and selectors.
 #labels:
@@ -21,10 +21,10 @@ resources:
 # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
 #- ../prometheus
 
-patchesStrategicMerge:
 # Protect the /metrics endpoint by putting it behind auth.
 # If you want your controller-manager to expose the /metrics
 # endpoint w/o any authn/z, please comment the following line.
-- manager_auth_proxy_patch.yaml
-
-
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+patches:
+- path: manager_auth_proxy_patch.yaml
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
@@ -1,2 +1,8 @@
 resources:
 - manager.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+images:
+- name: controller
+  newName: ghcr.io/openloft/vcluster-operator
+  newTag: latest
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -93,7 +93,7 @@ spec:
         resources:
           limits:
             cpu: 500m
-            memory: 128Mi
+            memory: 256Mi
           requests:
             cpu: 10m
             memory: 64Mi

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -67,4 +67,17 @@ rules:
   resources:
   - "statefulsets"
 
+##
+## Extra rules used by the controller manager
+##
+- apiGroups: ["networking.k8s.io"]
+  resources: ["networkpolicies", "ingressclasses"]
+  verbs: ["create", "delete", "patch", "update", "get", "list", "watch"]
+- apiGroups: [""]
+  resources: ["limitranges", "resourcequotas"]
+  verbs: ["create", "delete", "patch", "update", "get", "list", "watch"]
+- apiGroups: ["rbac.authorization.k8s.io"]
+  resources: ["clusterroles", "clusterrolebindings"]
+  verbs: ["create", "delete", "patch", "update", "get", "list", "watch"]
+
 #+kubebuilder:scaffold:rules