-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
operators: make Bazel authoritative while still supporting kubebuilder #2837
base: main
Are you sure you want to change the base?
Conversation
✅ Deploy Preview for constellation-docs canceled.
|
I do see your point regarding overhead for supporting the kubebuilder workflows. The added benefits are quite limited. Before we invest more costs into supporting it: What is your preferred resolution? |
What I think is valuable to keep are the CRD and RBAC permission workflows, which is part of the reason why I ported them to Bazel in the first place. I like the idea of stating the permissions you need right next to the location where you use them in code, and nobody should be hand-crafting any CRD yaml :) What I can definitely live without is the Makefile, the config dir etc - if nobody is using this for rapid feedback operator development, I'd say we're better off without that. |
Sounds good to me. Let's go with that. |
This commit adds the controller-gen tool as a Bazel dep and adds the equivalent of `make manifests` to //:generate. Rename CRDs in the operator Helm chart to match kubebuilder v4 generated names and add a generation directive to output CRD resources directly into the Helm chart. CRDs are not templated, so we don't need to helmify them. Split the manager-rbac.yaml into a role.yaml and a rolebinding.yaml, and add a directive to generate role.yaml from operator sources. We're losing the labels on the role, but that is only a cosmetic defect.
710badb
to
cc49510
Compare
Context
It's not obvious to the casual contributor how the Constellation Node Operator module interacts with its Helm chart: some resources are duplicated, even with a slight mismatch sometimes, and changing the Kubernetes resources is in the best case toily, but in the worst case might lead to bugs (diff between
make deploy
vs. what ends up bundled in the CLI).On a related note: the kubebuilder project version we're using does not seem to be supported anymore for current Kubernetes versions. A scary warning reads:
This PR assumes that we want to keep compatibility with kubebuilder workflows (e.g. make deploy)! If we can drop this requirement, we would not need to migrate project versions and could remove a lot of things in the
operators/constellation-node-operator
directory.This PR does not fix the discrepancies between kustomized resources in
o/c/config/...
and helmified resources ini/c/helm/...
! (e.g. thecsp
value) This is fundamentally hard, because we have diffs on top of the initially generated Helm chart that we would need to backport to kustomize. I suggest to ignore this for now - the embedded code generation directives are imho much more error prone than resource patches in a directory clearly related to kubebuilder Makefiles, and we're fixing the former here. This problem would obviously go away if we were to drop support for kubebuilder dev workflows.Proposed change(s)
go/v4
layout (guide)generate
andmanifests
targets of the kubebuilderMakefile
.The commits are suitable for individual review, which might also help understanding the logical relationships better.
Additional info
Checklist