From 8c8c01a4528153e77d40275611a8765172d86013 Mon Sep 17 00:00:00 2001 From: belyshevdenis <belyshev.denis@apriorit.com> Date: Thu, 7 Mar 2019 18:48:02 +0200 Subject: [PATCH] NK-23: Fixed readme and deployment script, deleted extra resource. --- README.md | 31 +++++++++++++++++++++++++-- scripts/deploy-controller.sh | 8 ++++++- scripts/resources/test-configmap.yaml | 10 --------- 3 files changed, 36 insertions(+), 13 deletions(-) delete mode 100644 scripts/resources/test-configmap.yaml diff --git a/README.md b/README.md index 3188203b9f..4f8e6b972c 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ A Kubernetes native policy engine ## How it works -# Installation +# Build ## Prerequisites @@ -17,6 +17,8 @@ Code generation for CRD controller depends on kubernetes/hack, so before use cod `go get k8s.io/kubernetes/hack` +We are using [dep](https://github.com/golang/dep) + ## You can `go get` Due to the repository privacy, you should to add SSH key to your github user to clone repository using `go get` command. @@ -43,4 +45,29 @@ Navigate to kube-policy project dir and execute: `dep ensure` This will install necessary dependencies described in README.md -# Contributing +## Compiling + +We are using code generator for custom resources objects from here: https://github.com/kubernetes/code-generator +Generate the additional controller code before compiling the project: +`scripts/update-codegen.sh` + +Then you can build the controller: +`go build .` + +# Installation + +There are 2 possible ways to install and use the controller: for **development** and for **production** + +# For development + +_At the time of this writing, only this installation method worked_ + +1. Open your `~/.kube/config` file and copy the value of `certificate-authority-data` to the clipboard +2. Open `crd/MutatingWebhookConfiguration_local.yaml` and replace `${CA_BUNDLE}` with the contents of clipboard +3. Open `~/.kube/config` again and copy the ip of the `server` value, for example `192.168.10.117` +4. Run `scripts/deploy-controller.sh --service=localhost --serverIp=<server_IP>` where `<server_IP>` is a server from clipboard. This scripts will generate TLS certificate for webhook server and register this webhook in the cluster. Also it registers CustomResource `Policy`. +5. Start controller: `sudo kube-policy --cert=certs/server.crt --key=certs/server-key.pem --kubeconfig=~/.kube/config` + +# For production + +_To be implemented_ \ No newline at end of file diff --git a/scripts/deploy-controller.sh b/scripts/deploy-controller.sh index fe33018a47..a9c4a31581 100755 --- a/scripts/deploy-controller.sh +++ b/scripts/deploy-controller.sh @@ -37,7 +37,10 @@ if [ -z "${namespace}" ]; then # controller should be launched locally kubectl delete -f crd/MutatingWebhookConfiguration_local.yaml kubectl create -f crd/MutatingWebhookConfiguration_local.yaml || exit 3 - echo -e "\n### You can build and run kube-policy project locally.\n### To check its work, run it with parameters -cert and -key, which contain generated TLS certificate and key (see their paths in log above)." + kubectl delete -f crd/crd.yaml + kubectl create -f crd/crd.yaml || exit 3 + + echo -e "\n### You can build and run kube-policy project locally.\n### To check its work, run it with parameters -cert, -key and -kubeconfig parameters (see paths of -cert and -key in the log above)." else # controller should be launched within a cluster @@ -60,6 +63,9 @@ else # controller should be launched within a cluster kubectl delete -f crd/MutatingWebhookConfiguration.yaml kubectl create -f crd/MutatingWebhookConfiguration.yaml || exit 3 + kubectl delete -f crd/crd.yaml + kubectl create -f crd/crd.yaml || exit 3 + echo -e "\n### Controller is running in cluster.\n### You can use compile-image.sh to rebuild its image and then the current script to redeploy the controller.\n### Check its work by 'kubectl logs <controller_pod> command'" fi diff --git a/scripts/resources/test-configmap.yaml b/scripts/resources/test-configmap.yaml deleted file mode 100644 index 1ad9d1f5f4..0000000000 --- a/scripts/resources/test-configmap.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -data: - properties: - arms=3 -kind: ConfigMap -metadata: - name: test-configmap - labels: - label1: test1 - label2: test2