added config path to file

cmd/main.go

@@ -146,8 +146,13 @@ func main() {
 		setupLog.Error(err, "unable to start manager")
 		os.Exit(1)
 	}
+	configPath := os.Getenv("CONFIG_PATH")
+	if configPath == "" {
+		configPath = "config.yaml"
+	}
+
 	config := &controller.ServerManagerReconcilerConfig{}
-	configData, err := os.ReadFile("config.yaml")
+	configData, err := os.ReadFile(configPath)
 	if err != nil {
 		setupLog.Error(err, "unable to read config file")
 	}

config/manager/config.yaml

@@ -0,0 +1,31 @@
+# https://kubernetes.io/docs/concepts/configuration/configmap/
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: server-manager-config
+  namespace: server-manager
+data:
+  config.yaml: |
+    domain_label: "ddns.acooldomain.co/hostname"
+    default_domain: "acooldomain.co"
+    browser:
+      domain: games.acooldomain.co
+      sub_path: /browsers
+      auth_header: x-authentik-username
+      cert_resolver: letsencrypt
+      entrypoints:
+        - websecure
+
+      additional_routes:
+        - kind: Rule
+          match: "Host(`games.acooldomain.co`) && PathPrefix(`/outpost.goauthentik.io/`)"
+          priority: 15
+          services:
+            - kind: Service
+              name: ak-outpost-traefik
+              namespace: authentik
+              port: 9000
+
+      middleware:
+        name: authentik
+        namespace: authentik

config/manager/kustomization.yaml

@@ -1,2 +1,3 @@
 resources:
-- manager.yaml
+  - config.yaml
+  - manager.yaml

config/manager/manager.yaml

@@ -5,13 +5,13 @@ metadata:
     control-plane: controller-manager
     app.kubernetes.io/name: kubernetes-operator
     app.kubernetes.io/managed-by: kustomize
-  name: system
+  name: server-manager
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: controller-manager
-  namespace: system
+  namespace: server-manager
   labels:
     control-plane: controller-manager
     app.kubernetes.io/name: kubernetes-operator
@@ -48,6 +48,11 @@ spec:
       #             operator: In
       #             values:
       #               - linux
+      volumes:
+        - name: config
+          configMap:
+            name: server-manager-config
+
       securityContext:
         runAsNonRoot: true
         # TODO(user): For common cases that do not require escalating privileges
@@ -55,15 +60,18 @@ spec:
         # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
         # Please uncomment the following code if your project does NOT have to work on old Kubernetes
         # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
-        # seccompProfile:
-        #   type: RuntimeDefault
+        seccompProfile:
+          type: RuntimeDefault
       containers:
         - command:
             - /manager
-        args:
-          - --leader-elect
-          - --health-probe-bind-address=:8081
-        image: controller:latest
+          image: git.acooldomain.co/server-manager/kubernetes-operator:v0.0.3
+          env:
+            - name: CONFIG_PATH
+              value: /etc/server-manager/config.yaml
+          volumeMounts:
+            - name: config
+              mountPath: /etc/server-manager
           name: manager
           securityContext:
             allowPrivilegeEscalation: false
@@ -91,5 +99,5 @@ spec:
             requests:
               cpu: 10m
               memory: 64Mi
-      serviceAccountName: controller-manager
+      serviceAccountName: server-manager
       terminationGracePeriodSeconds: 10

config/rbac/role.yaml

@@ -2,9 +2,9 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: manager-role
+  name: server-manager-role
 rules:
-- resources:
+  - resources:
       - persistentvolumeclaims
       - services
     verbs:
@@ -15,7 +15,9 @@ rules:
       - patch
       - update
       - watch
-- resources:
+    apiGroups:
+      - ""
+  - resources:
       - pods
     verbs:
       - create
@@ -23,14 +25,24 @@ rules:
       - get
       - list
       - watch
-- apiGroups:
+    apiGroups:
+      - ""
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - get
+      - list
+  - apiGroups:
       - server-manager.acooldomain.co
     resources:
       - images
     verbs:
       - get
       - list
-- apiGroups:
+      - watch
+  - apiGroups:
       - server-manager.acooldomain.co
     resources:
       - servermanagers
@@ -42,13 +54,13 @@ rules:
       - patch
       - update
       - watch
-- apiGroups:
+  - apiGroups:
       - server-manager.acooldomain.co
     resources:
       - servermanagers/finalizers
     verbs:
       - update
-- apiGroups:
+  - apiGroups:
       - server-manager.acooldomain.co
     resources:
       - servermanagers/status
@@ -56,7 +68,7 @@ rules:
       - get
       - patch
       - update
-- apiGroups:
+  - apiGroups:
       - traefik.io
     resources:
       - ingressroutes

config/rbac/role_binding.yaml

@@ -4,12 +4,12 @@ metadata:
   labels:
     app.kubernetes.io/name: kubernetes-operator
     app.kubernetes.io/managed-by: kustomize
-  name: manager-rolebinding
+  name: server-manager-rolebinding
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: manager-role
+  name: server-manager-role
 subjects:
-- kind: ServiceAccount
-  name: controller-manager
-  namespace: system
+  - kind: ServiceAccount
+    name: server-manager
+    namespace: server-manager

config/rbac/service_account.yaml

@@ -4,5 +4,5 @@ metadata:
   labels:
     app.kubernetes.io/name: kubernetes-operator
     app.kubernetes.io/managed-by: kustomize
-  name: controller-manager
-  namespace: system
+  name: server-manager
+  namespace: server-manager

internal/controller/servermanager_controller.go

@@ -301,7 +301,7 @@ func (r *ServerManagerReconciler) Reconcile(ctx context.Context, req ctrl.Reques
 			}
 		}
 	}
-	if errors.IsNotFound(err) && !s.Spec.Server.On {
+	if errors.IsNotFound(err) && !s.Spec.Browser.On {
 		if s.Status.Browser.Running {
 			s.Status.Browser.Running = false
 			statusChanged = true