From 39f1c0d92c107aac1e0c03efe662c7a3fabb5491 Mon Sep 17 00:00:00 2001 From: ACoolName Date: Sat, 5 Apr 2025 17:15:00 +0300 Subject: [PATCH] added config path to file --- cmd/main.go | 7 +- config/manager/config.yaml | 31 ++++ config/manager/kustomization.yaml | 3 +- config/manager/manager.yaml | 84 ++++++----- config/rbac/role.yaml | 142 ++++++++++-------- config/rbac/role_binding.yaml | 10 +- config/rbac/service_account.yaml | 4 +- .../controller/servermanager_controller.go | 2 +- 8 files changed, 170 insertions(+), 113 deletions(-) create mode 100644 config/manager/config.yaml diff --git a/cmd/main.go b/cmd/main.go index 38594c9..ea971fb 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -146,8 +146,13 @@ func main() { setupLog.Error(err, "unable to start manager") os.Exit(1) } + configPath := os.Getenv("CONFIG_PATH") + if configPath == "" { + configPath = "config.yaml" + } + config := &controller.ServerManagerReconcilerConfig{} - configData, err := os.ReadFile("config.yaml") + configData, err := os.ReadFile(configPath) if err != nil { setupLog.Error(err, "unable to read config file") } diff --git a/config/manager/config.yaml b/config/manager/config.yaml new file mode 100644 index 0000000..bb8aa04 --- /dev/null +++ b/config/manager/config.yaml @@ -0,0 +1,31 @@ +# https://kubernetes.io/docs/concepts/configuration/configmap/ +apiVersion: v1 +kind: ConfigMap +metadata: + name: server-manager-config + namespace: server-manager +data: + config.yaml: | + domain_label: "ddns.acooldomain.co/hostname" + default_domain: "acooldomain.co" + browser: + domain: games.acooldomain.co + sub_path: /browsers + auth_header: x-authentik-username + cert_resolver: letsencrypt + entrypoints: + - websecure + + additional_routes: + - kind: Rule + match: "Host(`games.acooldomain.co`) && PathPrefix(`/outpost.goauthentik.io/`)" + priority: 15 + services: + - kind: Service + name: ak-outpost-traefik + namespace: authentik + port: 9000 + + middleware: + name: authentik + namespace: authentik diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 5c5f0b8..af4b4f7 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -1,2 +1,3 @@ resources: -- manager.yaml + - config.yaml + - manager.yaml diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index d75a64c..00a95ce 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -5,13 +5,13 @@ metadata: control-plane: controller-manager app.kubernetes.io/name: kubernetes-operator app.kubernetes.io/managed-by: kustomize - name: system + name: server-manager --- apiVersion: apps/v1 kind: Deployment metadata: name: controller-manager - namespace: system + namespace: server-manager labels: control-plane: controller-manager app.kubernetes.io/name: kubernetes-operator @@ -48,6 +48,11 @@ spec: # operator: In # values: # - linux + volumes: + - name: config + configMap: + name: server-manager-config + securityContext: runAsNonRoot: true # TODO(user): For common cases that do not require escalating privileges @@ -55,41 +60,44 @@ spec: # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted # Please uncomment the following code if your project does NOT have to work on old Kubernetes # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ). - # seccompProfile: - # type: RuntimeDefault + seccompProfile: + type: RuntimeDefault containers: - - command: - - /manager - args: - - --leader-elect - - --health-probe-bind-address=:8081 - image: controller:latest - name: manager - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - # TODO(user): Configure the resources accordingly based on the project requirements. - # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 10m - memory: 64Mi - serviceAccountName: controller-manager + - command: + - /manager + image: git.acooldomain.co/server-manager/kubernetes-operator:v0.0.3 + env: + - name: CONFIG_PATH + value: /etc/server-manager/config.yaml + volumeMounts: + - name: config + mountPath: /etc/server-manager + name: manager + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + # TODO(user): Configure the resources accordingly based on the project requirements. + # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + serviceAccountName: server-manager terminationGracePeriodSeconds: 10 diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index eeb202d..55faf73 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -2,69 +2,81 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: manager-role + name: server-manager-role rules: -- resources: - - persistentvolumeclaims - - services - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- resources: - - pods - verbs: - - create - - delete - - get - - list - - watch -- apiGroups: - - server-manager.acooldomain.co - resources: - - images - verbs: - - get - - list -- apiGroups: - - server-manager.acooldomain.co - resources: - - servermanagers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - server-manager.acooldomain.co - resources: - - servermanagers/finalizers - verbs: - - update -- apiGroups: - - server-manager.acooldomain.co - resources: - - servermanagers/status - verbs: - - get - - patch - - update -- apiGroups: - - traefik.io - resources: - - ingressroutes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch + - resources: + - persistentvolumeclaims + - services + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + apiGroups: + - "" + - resources: + - pods + verbs: + - create + - delete + - get + - list + - watch + apiGroups: + - "" + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - apiGroups: + - server-manager.acooldomain.co + resources: + - images + verbs: + - get + - list + - watch + - apiGroups: + - server-manager.acooldomain.co + resources: + - servermanagers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - server-manager.acooldomain.co + resources: + - servermanagers/finalizers + verbs: + - update + - apiGroups: + - server-manager.acooldomain.co + resources: + - servermanagers/status + verbs: + - get + - patch + - update + - apiGroups: + - traefik.io + resources: + - ingressroutes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml index 8619f0d..dd1ff44 100644 --- a/config/rbac/role_binding.yaml +++ b/config/rbac/role_binding.yaml @@ -4,12 +4,12 @@ metadata: labels: app.kubernetes.io/name: kubernetes-operator app.kubernetes.io/managed-by: kustomize - name: manager-rolebinding + name: server-manager-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: manager-role + name: server-manager-role subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system + - kind: ServiceAccount + name: server-manager + namespace: server-manager diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml index 0a20477..354f079 100644 --- a/config/rbac/service_account.yaml +++ b/config/rbac/service_account.yaml @@ -4,5 +4,5 @@ metadata: labels: app.kubernetes.io/name: kubernetes-operator app.kubernetes.io/managed-by: kustomize - name: controller-manager - namespace: system + name: server-manager + namespace: server-manager diff --git a/internal/controller/servermanager_controller.go b/internal/controller/servermanager_controller.go index f7f1ea1..703d6d4 100644 --- a/internal/controller/servermanager_controller.go +++ b/internal/controller/servermanager_controller.go @@ -301,7 +301,7 @@ func (r *ServerManagerReconciler) Reconcile(ctx context.Context, req ctrl.Reques } } } - if errors.IsNotFound(err) && !s.Spec.Server.On { + if errors.IsNotFound(err) && !s.Spec.Browser.On { if s.Status.Browser.Running { s.Status.Browser.Running = false statusChanged = true