diff --git a/.github/workflows/nexus-operator-integration-checks.yaml b/.github/workflows/nexus-operator-integration-checks.yaml index 69eda8b8..33e6eae1 100644 --- a/.github/workflows/nexus-operator-integration-checks.yaml +++ b/.github/workflows/nexus-operator-integration-checks.yaml @@ -31,6 +31,13 @@ jobs: with: go-version: ${{ env.GO_VERSION }} id: go + - name: Setup Python + uses: actions/setup-python@v1 + with: + python-version: 3.7 + - name: Install yq + run: | + pip install yq - name: Check Vet run: | make generate @@ -66,6 +73,14 @@ jobs: restore-keys: | ${{ runner.os }}-go-cache- + - name: Setup Python + uses: actions/setup-python@v1 + with: + python-version: 3.7 + - name: Install yq + run: | + pip install yq + - name: Cache Operator SDK uses: actions/cache@v2 with: @@ -131,6 +146,13 @@ jobs: key: ${{ runner.os }}-go-${{ env.GO_VERSION }} restore-keys: | ${{ runner.os }}-go-${{ env.GO_VERSION }} + - name: Setup Python + uses: actions/setup-python@v1 + with: + python-version: 3.7 + - name: Install yq + run: | + pip install yq - name: Install Operator SDK run: | ./hack/ci/install-operator-sdk.sh diff --git a/Makefile b/Makefile index 0241f47c..300d8737 100644 --- a/Makefile +++ b/Makefile @@ -162,9 +162,6 @@ run_with_image=true pr-prep: CREATE_NAMESPACE=$(create_namespace) RUN_WITH_IMAGE=$(run_with_image) ./hack/pr-prep.sh +# Generate the installer without webhook configs, secrets and what not generate-webhookless-installer: - # first, let's filter out all manifests we don't care about - # then delete the volumes which would contain the certs - # then finally insert the env var which disables webhooks - # TODO : find a way to make this more readable - kustomize build config/default/ | yq -Y 'select(.kind != "ValidatingWebhookConfiguration" and .kind != "Issuer" and .kind != "Certificate" and .kind != "MutatingWebhookConfiguration" and .metadata.name != "nexus-operator-webhook-service")' | yq -Y 'del(.. | .volumes?, .volumeMounts?)' | yq -Y 'if .kind=="Deployment" then .spec.template.spec.containers[1].env[0]={"name":"USE_WEBHOOKS", "value":"FALSE"} else . end' > webhookless-nexus-operator.yaml + ./hack/generate-webhookless-installer.sh diff --git a/hack/generate-webhookless-installer.sh b/hack/generate-webhookless-installer.sh new file mode 100755 index 00000000..c6f27033 --- /dev/null +++ b/hack/generate-webhookless-installer.sh @@ -0,0 +1,30 @@ +#!/bin/bash +# Copyright 2020 Nexus Operator and/or its authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +command -v yq > /dev/null || ( echo "Please install yq before proceeding (https://pypi.org/project/yq/)" && exit 1 ) +command -v kustomize >/dev/null || go get sigs.k8s.io/kustomize/kustomize/v3@v3.5.4 || exit 1 + +# first, let's filter out all manifests for kinds we don't care about +# 'select(.kind != "ValidatingWebhookConfiguration" and .kind != "Issuer" and .kind != "Certificate" and .kind != "MutatingWebhookConfiguration" and .metadata.name != "nexus-operator-webhook-service")' + +# then delete the volumes which would contain the certs +# 'del(.. | .volumes?, .volumeMounts?)' + +# then finally insert the env var which disables webhooks +# 'if .kind=="Deployment" then .spec.template.spec.containers[1].env[0]={"name":"USE_WEBHOOKS", "value":"FALSE"} else . end' + +kustomize build config/default/ | yq -Y 'select(.kind != "ValidatingWebhookConfiguration" and .kind != "Issuer" and .kind != "Certificate" and .kind != "MutatingWebhookConfiguration" and .metadata.name != "nexus-operator-webhook-service")' \ + | yq -Y 'del(.. | .volumes?, .volumeMounts?)' \ + | yq -Y 'if .kind=="Deployment" then .spec.template.spec.containers[1].env[0]={"name":"USE_WEBHOOKS", "value":"FALSE"} else . end' > webhookless-nexus-operator.yaml diff --git a/webhookless-nexus-operator.yaml b/webhookless-nexus-operator.yaml index 4d0506c2..e78a6bab 100644 --- a/webhookless-nexus-operator.yaml +++ b/webhookless-nexus-operator.yaml @@ -11,7 +11,6 @@ metadata: annotations: cert-manager.io/inject-ca-from: nexus-operator-system/nexus-operator-serving-cert controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null name: nexus.apps.m88i.io spec: additionalPrinterColumns: @@ -694,16 +693,6 @@ spec: control-plane: controller-manager spec: containers: - - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=10 - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 - name: kube-rbac-proxy - ports: - - containerPort: 8443 - name: https - args: - --metrics-addr=127.0.0.1:8080 - --enable-leader-election @@ -719,6 +708,16 @@ spec: requests: cpu: 100m memory: 20Mi + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --logtostderr=true + - --v=10 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https env: - name: USE_WEBHOOKS value: 'FALSE'