Merge pull request #43 from manifoldco/drosati/4186-imagepolicy-contr…

…oller add image policy controller
manifoldco · Jun 4, 2018 · 06a2a51 · 06a2a51
2 parents 1e53cd3 + ba3abaa
commit 06a2a51
Show file tree

Hide file tree

Showing 15 changed files with 599 additions and 269 deletions.
diff --git a/_examples/microservice/microservice-full.yaml b/_examples/microservice/microservice-full.yaml
@@ -17,6 +17,13 @@ spec:
   image: hlnr/hello-world
   versioningPolicy:
     name: release-minor
+  imagePullSecrets:
+  - name: helloworld-docker-registry
+  versioningPolicy:
+    name: release-minor
+  filter:
+    github:
+      name: hello-workd
 status:
   releases:
   - image: hlnr/hello-world:latest
@@ -52,7 +59,8 @@ kind: NetworkPolicy
 metadata:
   name: hello-world
 spec:
-  microservice: hello-world
+  microservice:
+    name: hello-world
   ports:
   - name: headless
     port: 80

diff --git a/cmd/heighliner/image_policy.go b/cmd/heighliner/image_policy.go
@@ -0,0 +1,59 @@
+package main
+
+import (
+	"log"
+	"os"
+
+	"github.com/jelmersnoeck/kubekit"
+	flags "github.com/jessevdk/go-flags"
+	"github.com/manifoldco/heighliner/pkg/imagepolicy"
+
+	"github.com/spf13/cobra"
+)
+
+var (
+	ipcCmd = &cobra.Command{
+		Use:   "ipc",
+		Short: "Run the Image Policy Controller",
+		RunE:  ipcCommand,
+	}
+
+	ipcFlags struct {
+		Namespace string `long:"namespace" env:"NAMESPACE" description:"The namespace to run the controller in. By default we'll watch all namespaces."`
+	}
+)
+
+func ipcCommand(cmd *cobra.Command, args []string) error {
+	if _, err := flags.ParseArgs(&ipcFlags, append(args, os.Args...)); err != nil {
+		log.Printf("Could not parse flags: %s", err)
+		return err
+	}
+
+	cfg, cs, acs, err := kubekit.InClusterClientsets()
+	if err != nil {
+		log.Printf("Could not get Clientset: %s\n", err)
+		return err
+	}
+
+	if err := kubekit.CreateCRD(acs, imagepolicy.ImagePolicyResource); err != nil {
+		log.Printf("Could not create ImagePolicy CRD: %s\n", err)
+		return err
+	}
+
+	ctrl, err := imagepolicy.NewController(cfg, cs, ipcFlags.Namespace)
+	if err != nil {
+		log.Printf("Could not create controller: %s\n", err)
+		return err
+	}
+
+	if err := ctrl.Run(); err != nil {
+		log.Printf("Error running controller: %s\n", err)
+		return err
+	}
+
+	return nil
+}
+
+func init() {
+	rootCmd.AddCommand(ipcCmd)
+}
diff --git a/cmd/heighliner/svc.go b/cmd/heighliner/svc.go
@@ -46,11 +46,6 @@ func svcCommand(cmd *cobra.Command, args []string) error {
 		return err
 	}
 
-	if err := kubekit.CreateCRD(acs, svc.ImagePolicyResource); err != nil {
-		log.Printf("Could not create ImagePolicy CRD: %s\n", err)
-		return err
-	}
-
 	if err := kubekit.CreateCRD(acs, svc.HealthPolicyResource); err != nil {
 		log.Printf("Could not create HealthPolicy CRD: %s\n", err)
 		return err

diff --git a/docs/design/github-connector.md b/docs/design/github-connector.md
@@ -26,7 +26,7 @@ below.
 ### API Token
 
 First, an API token will be needed if a CRD is set up. This [GitHub API Token](https://github.com/settings/tokens)
-should have the `admin:repo_hook` and `repo` permissions.
+should have the `admin:repo_hook` and `repo` permissions. Once you have a token you can manually add it to your secrets in development in the namespace that your app expects. The expected token key is `GITHUB_AUTH_TOKEN`
 
 ### Domain
 

diff --git a/docs/kube/image-policy.yaml b/docs/kube/image-policy.yaml
@@ -0,0 +1,69 @@
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  name: heighliner:image-policy
+rules:
+  - apiGroups: ["hlnr.io"]
+    resources: ["imagepolicies"]
+    verbs: ["*"]
+  - apiGroups: ["hlnr.io"]
+    resources: ["microservices"]
+    verbs: ["get", "list"]
+  - apiGroups: ["extensions"]
+    resources: ["ingresses"]
+    verbs: ["*"]
+  - apiGroups: [""]
+    resources: ["services"]
+    verbs: ["*"]
+  - apiGroups: ["apiextensions.k8s.io"]
+    resources: ["customresourcedefinitions"]
+    verbs: ["*"]
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: heighliner:image-policy
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: heighliner:image-policy
+subjects:
+  - name: heighliner-image-policy
+    namespace: hlnr-system
+    kind: ServiceAccount
+
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: heighliner-image-policy
+  namespace: hlnr-system
+
+---
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: image-policy-controller
+  namespace: hlnr-system
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: image-policy-controller
+    spec:
+      serviceAccountName: heighliner-image-policy
+      containers:
+        - name: image-policy-controller
+          image: arigato/heighliner:latest
+          imagePullPolicy: IfNotPresent
+          args:
+          - ipc
+          resources:
+            requests:
+              cpu: 100m
+              memory: 10Mi
diff --git a/pkg/api/v1alpha1/release.go b/pkg/api/v1alpha1/release.go
@@ -26,6 +26,9 @@ type Release struct {
 	// SemVer is the SemVer release object linked to this Release if the
 	// VersioningPolicy associated with it is SemVer.
 	SemVer *SemVerRelease `json:"semVer,omitempty"`
+
+	// Source is where the release code comes from
+	Source *metav1.OwnerReference `json:"source"`
 }
 
 // String concatenates the Release values into a single unique string.

diff --git a/pkg/api/v1alpha1/zz_generated.go b/pkg/api/v1alpha1/zz_generated.go