From d948d73a2109d57bba63752b661bb7ea8460e330 Mon Sep 17 00:00:00 2001 From: John McBride Date: Thu, 1 Dec 2022 17:37:25 +0000 Subject: [PATCH] Refactor deployment and yaml generation to use Helm - helm install brupop-crd --create-namespace deploy/charts/bottlerocket-shadow - helm install brupop deploy/charts/bottlerocket-shadow Signed-off-by: John McBride --- .github/workflows/deploy-helm-charts.yaml | 34 + Cargo.lock | 916 +++++++++--------- Cargo.toml | 2 +- Makefile | 7 + README.md | 10 +- agent/src/main.rs | 5 +- bottlerocket-update-operator.yaml | 771 ++++++++++++++- {yamlgen => deploy}/Cargo.toml | 2 +- deploy/build.rs | 31 + deploy/charts/bottlerocket-shadow/Chart.lock | 0 deploy/charts/bottlerocket-shadow/Chart.yaml | 10 + .../charts/bottlerocket-shadow/LICENSE-APACHE | 202 ++++ deploy/charts/bottlerocket-shadow/LICENSE-MIT | 8 + deploy/charts/bottlerocket-shadow/README.md | 14 + .../bottlerocket-shadow/templates/NOTES.txt | 6 + .../templates/_helpers.tpl | 27 + .../templates/custom-resource-definition.yaml | 188 ++++ deploy/charts/bottlerocket-shadow/values.yaml | 7 + .../bottlerocket-update-operator/.helmignore | 23 + .../bottlerocket-update-operator/Chart.lock | 0 .../bottlerocket-update-operator/Chart.yaml | 10 + .../LICENSE-APACHE | 202 ++++ .../bottlerocket-update-operator/LICENSE-MIT | 8 + .../bottlerocket-update-operator/README.md | 16 + .../templates/NOTES.txt | 11 + .../templates/_helpers.tpl | 27 + .../templates/agent-cluster-role-binding.yaml | 20 + .../templates/agent-cluster-role.yaml | 29 + .../templates/agent-daemonset.yaml | 94 ++ .../templates/agent-service-account.yaml | 13 + .../templates/api-server-auth-delegation.yaml | 19 + .../api-server-cluster-role-binding.yaml | 20 + .../templates/api-server-cluster-role.yaml | 58 ++ .../templates/api-server-deployment.yaml | 70 ++ .../templates/api-server-service-account.yaml | 13 + .../templates/api-server-service.yaml | 17 + .../templates/cert-manager-agent-cert.yaml | 21 + .../cert-manager-apiserver-cert.yaml | 21 + .../cert-manager-root-cert-issuer.yaml | 9 + .../templates/cert-manager-selfsigned-ca.yaml | 16 + .../cert-manager-selfsigned-issuer.yaml | 8 + .../controller-cluster-role-binding.yaml | 19 + .../templates/controller-cluster-role.yaml | 50 + .../templates/controller-deployment.yaml | 56 ++ .../templates/controller-priority-class.yaml | 8 + .../templates/controller-service-account.yaml | 13 + .../templates/controller-service.yaml | 20 + .../bottlerocket-update-operator/test.yaml | 0 .../bottlerocket-update-operator/values.yaml | 17 + .../examples}/prometheus-resources.yaml | 0 .../bottlerocket-update-operator.yaml | 7 - .../deploy => deploy/manifests}/cert.yaml | 0 {yamlgen => deploy}/src/lib.rs | 0 design/1.0.0-release.md | 2 +- integ/src/updater.rs | 2 +- models/src/agent.rs | 293 ------ models/src/apiserver.rs | 334 ------- models/src/constants.rs | 4 + models/src/controller.rs | 292 ------ models/src/lib.rs | 4 - models/src/namespace.rs | 19 - yamlgen/build.rs | 195 ---- 62 files changed, 2664 insertions(+), 1636 deletions(-) create mode 100644 .github/workflows/deploy-helm-charts.yaml mode change 120000 => 100644 bottlerocket-update-operator.yaml rename {yamlgen => deploy}/Cargo.toml (94%) create mode 100644 deploy/build.rs create mode 100644 deploy/charts/bottlerocket-shadow/Chart.lock create mode 100644 deploy/charts/bottlerocket-shadow/Chart.yaml create mode 100644 deploy/charts/bottlerocket-shadow/LICENSE-APACHE create mode 100644 deploy/charts/bottlerocket-shadow/LICENSE-MIT create mode 100644 deploy/charts/bottlerocket-shadow/README.md create mode 100644 deploy/charts/bottlerocket-shadow/templates/NOTES.txt create mode 100644 deploy/charts/bottlerocket-shadow/templates/_helpers.tpl create mode 100644 deploy/charts/bottlerocket-shadow/templates/custom-resource-definition.yaml create mode 100644 deploy/charts/bottlerocket-shadow/values.yaml create mode 100644 deploy/charts/bottlerocket-update-operator/.helmignore create mode 100644 deploy/charts/bottlerocket-update-operator/Chart.lock create mode 100644 deploy/charts/bottlerocket-update-operator/Chart.yaml create mode 100644 deploy/charts/bottlerocket-update-operator/LICENSE-APACHE create mode 100644 deploy/charts/bottlerocket-update-operator/LICENSE-MIT create mode 100644 deploy/charts/bottlerocket-update-operator/README.md create mode 100644 deploy/charts/bottlerocket-update-operator/templates/NOTES.txt create mode 100644 deploy/charts/bottlerocket-update-operator/templates/_helpers.tpl create mode 100644 deploy/charts/bottlerocket-update-operator/templates/agent-cluster-role-binding.yaml create mode 100644 deploy/charts/bottlerocket-update-operator/templates/agent-cluster-role.yaml create mode 100644 deploy/charts/bottlerocket-update-operator/templates/agent-daemonset.yaml create mode 100644 deploy/charts/bottlerocket-update-operator/templates/agent-service-account.yaml create mode 100644 deploy/charts/bottlerocket-update-operator/templates/api-server-auth-delegation.yaml create mode 100644 deploy/charts/bottlerocket-update-operator/templates/api-server-cluster-role-binding.yaml create mode 100644 deploy/charts/bottlerocket-update-operator/templates/api-server-cluster-role.yaml create mode 100644 deploy/charts/bottlerocket-update-operator/templates/api-server-deployment.yaml create mode 100644 deploy/charts/bottlerocket-update-operator/templates/api-server-service-account.yaml create mode 100644 deploy/charts/bottlerocket-update-operator/templates/api-server-service.yaml create mode 100644 deploy/charts/bottlerocket-update-operator/templates/cert-manager-agent-cert.yaml create mode 100644 deploy/charts/bottlerocket-update-operator/templates/cert-manager-apiserver-cert.yaml create mode 100644 deploy/charts/bottlerocket-update-operator/templates/cert-manager-root-cert-issuer.yaml create mode 100644 deploy/charts/bottlerocket-update-operator/templates/cert-manager-selfsigned-ca.yaml create mode 100644 deploy/charts/bottlerocket-update-operator/templates/cert-manager-selfsigned-issuer.yaml create mode 100644 deploy/charts/bottlerocket-update-operator/templates/controller-cluster-role-binding.yaml create mode 100644 deploy/charts/bottlerocket-update-operator/templates/controller-cluster-role.yaml create mode 100644 deploy/charts/bottlerocket-update-operator/templates/controller-deployment.yaml create mode 100644 deploy/charts/bottlerocket-update-operator/templates/controller-priority-class.yaml create mode 100644 deploy/charts/bottlerocket-update-operator/templates/controller-service-account.yaml create mode 100644 deploy/charts/bottlerocket-update-operator/templates/controller-service.yaml create mode 100644 deploy/charts/bottlerocket-update-operator/test.yaml create mode 100644 deploy/charts/bottlerocket-update-operator/values.yaml rename {yamlgen/telemetry => deploy/examples}/prometheus-resources.yaml (100%) rename {yamlgen/deploy => deploy/manifests}/bottlerocket-update-operator.yaml (99%) rename {yamlgen/deploy => deploy/manifests}/cert.yaml (100%) rename {yamlgen => deploy}/src/lib.rs (100%) delete mode 100644 models/src/agent.rs delete mode 100644 models/src/apiserver.rs delete mode 100644 models/src/controller.rs delete mode 100644 models/src/namespace.rs delete mode 100644 yamlgen/build.rs diff --git a/.github/workflows/deploy-helm-charts.yaml b/.github/workflows/deploy-helm-charts.yaml new file mode 100644 index 00000000..39bc3016 --- /dev/null +++ b/.github/workflows/deploy-helm-charts.yaml @@ -0,0 +1,34 @@ +name: Release Helm Charts + +on: + release: + # Only cut new helm charts when a new release is published + types: [published] + +jobs: + release: + permissions: + contents: write + runs-on: ubuntu-latest + steps: + - name: Checkout brupop + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Install Helm + uses: azure/setup-helm@v3 + with: + version: v3.10.0 + + - name: Run chart-releaser + uses: helm/chart-releaser-action@v1.4.1 + with: + charts_dir: deploy/charts + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/Cargo.lock b/Cargo.lock index d1d62c6b..cad0849a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -16,7 +16,7 @@ dependencies = [ "memchr", "pin-project-lite", "tokio", - "tokio-util 0.7.1", + "tokio-util", ] [[package]] @@ -44,7 +44,7 @@ dependencies = [ "http", "httparse", "httpdate", - "itoa 1.0.1", + "itoa", "language-tags", "local-channel", "mime", @@ -101,7 +101,7 @@ dependencies = [ "actix-utils", "futures-core", "futures-util", - "mio 0.8.5", + "mio", "num_cpus", "socket2", "tokio", @@ -110,9 +110,9 @@ dependencies = [ [[package]] name = "actix-service" -version = "2.0.1" +version = "2.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8d3dc6a618b082974a08d7a4781d24d4691cba51500059bfebe6656a61ebfe1e" +checksum = "3b894941f818cfdc7ccc4b9e60fa7e53b5042a2e8567270f9147d5591893373a" dependencies = [ "futures-core", "paste", @@ -135,14 +135,14 @@ dependencies = [ "openssl", "pin-project-lite", "tokio-openssl", - "tokio-util 0.7.1", + "tokio-util", ] [[package]] name = "actix-utils" -version = "3.0.0" +version = "3.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e491cbaac2e7fc788dfff99ff48ef317e23b3cf63dbaf7aaab6418f40f92aa94" +checksum = "88a1dcdff1466e3c2488e1cb5c36a71822750ad43839937f85d2f4d9f8b705d8" dependencies = [ "local-waker", "pin-project-lite", @@ -174,7 +174,7 @@ dependencies = [ "futures-core", "futures-util", "http", - "itoa 1.0.1", + "itoa", "language-tags", "log", "mime", @@ -186,7 +186,7 @@ dependencies = [ "serde_urlencoded", "smallvec", "socket2", - "time 0.3.9", + "time 0.3.17", "url", ] @@ -237,7 +237,7 @@ dependencies = [ "models", "opentelemetry", "reqwest", - "semver 1.0.14", + "semver", "serde", "serde_json", "snafu", @@ -261,9 +261,9 @@ dependencies = [ [[package]] name = "ahash" -version = "0.8.0" +version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "57e6e951cfbb2db8de1828d49073a113a29fd7117b1596caa781a258c7e38d72" +checksum = "bf6ccdb167abbf410dcb915cabd428929d7f6a04980b54a11f26a39f1c7f7107" dependencies = [ "cfg-if", "getrandom", @@ -273,9 +273,9 @@ dependencies = [ [[package]] name = "aho-corasick" -version = "0.7.18" +version = "0.7.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1e37cfd5e7657ada45f742d6e99ca5788580b5c529dc78faf11ece6dc702656f" +checksum = "cc936419f96fa211c1b9166887b38e5e40b19958e5b895be7c1f93adec7071ac" dependencies = [ "memchr", ] @@ -396,7 +396,7 @@ dependencies = [ "futures-util", "h2", "http", - "itoa 1.0.1", + "itoa", "log", "mime", "percent-encoding", @@ -429,7 +429,7 @@ dependencies = [ "http", "hyper", "ring", - "time 0.3.9", + "time 0.3.17", "tokio", "tower", "tracing", @@ -632,7 +632,7 @@ dependencies = [ "percent-encoding", "regex", "ring", - "time 0.3.9", + "time 0.3.17", "tracing", ] @@ -689,7 +689,7 @@ dependencies = [ "pin-project-lite", "pin-utils", "tokio", - "tokio-util 0.7.1", + "tokio-util", "tracing", ] @@ -733,10 +733,10 @@ version = "0.51.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b02e06ea63498c43bc0217ea4d16605d4e58d85c12fc23f6572ff6d0a840c61" dependencies = [ - "itoa 1.0.1", + "itoa", "num-integer", "ryu", - "time 0.3.9", + "time 0.3.17", ] [[package]] @@ -759,7 +759,7 @@ dependencies = [ "aws-smithy-http", "aws-smithy-types", "http", - "rustc_version 0.4.0", + "rustc_version", "tracing", "zeroize", ] @@ -825,21 +825,21 @@ dependencies = [ [[package]] name = "bumpalo" -version = "3.8.0" +version = "3.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8f1e260c3a9040a7c19a12468758f4c16f31a81a1fe087482be9570ec864bb6c" +checksum = "572f695136211188308f16ad2ca5c851a712c464060ae6974944458eb83880ba" [[package]] name = "bytes" -version = "1.1.0" +version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c4872d67bab6358e59559027aa3b9157c53d9358c51423c17554809a8858e0f8" +checksum = "dfb24e866b15a1af2a1b663f10c6b6b8f397a84aadb828f12e5b289ec23a3a3c" [[package]] name = "bytes-utils" -version = "0.1.1" +version = "0.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4e314712951c43123e5920a446464929adc667a5eade7f8fb3997776c9df6e54" +checksum = "e47d3a8076e283f3acd27400535992edb3ba4b5bb72f8891ad8fbe7932a7d4b9" dependencies = [ "bytes", "either", @@ -847,18 +847,18 @@ dependencies = [ [[package]] name = "bytestring" -version = "1.0.0" +version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90706ba19e97b90786e19dc0d5e2abd80008d99d4c0c5d1ad0b5e72cec7c494d" +checksum = "f7f83e57d9154148e355404702e2694463241880b939570d7c97c014da7a69a1" dependencies = [ "bytes", ] [[package]] name = "cc" -version = "1.0.71" +version = "1.0.77" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "79c2681d6594606957bbb8631c4b90a7fcaaa72cdb714743a437b156d6a7eedd" +checksum = "e9f73505338f7d905b19d18738976aae232eb46b8efc15554ffc56deb5d9ebe4" dependencies = [ "jobserver", ] @@ -880,7 +880,7 @@ dependencies = [ "num-integer", "num-traits", "serde", - "time 0.1.44", + "time 0.1.45", "wasm-bindgen", "winapi", ] @@ -900,6 +900,16 @@ dependencies = [ "vec_map", ] +[[package]] +name = "codespan-reporting" +version = "0.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3538270d33cc669650c4b093848450d380def10c331d38c768e34cac80576e6e" +dependencies = [ + "termcolor", + "unicode-width", +] + [[package]] name = "console_log" version = "0.2.0" @@ -926,7 +936,7 @@ dependencies = [ "opentelemetry", "opentelemetry-prometheus", "prometheus", - "semver 1.0.14", + "semver", "serde_plain", "snafu", "tokio", @@ -948,15 +958,15 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "344adc371239ef32293cb1c4fe519592fcf21206c79c02854320afcdf3ab4917" dependencies = [ "percent-encoding", - "time 0.3.9", + "time 0.3.17", "version_check", ] [[package]] name = "core-foundation" -version = "0.9.2" +version = "0.9.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6888e10551bb93e424d8df1d07f1a8b4fceb0001a3a4b048bfc47554946f47b3" +checksum = "194a7a9e6de53fa55116934067c844d9d749312f75c6f6d0980e8c252f8c2146" dependencies = [ "core-foundation-sys", "libc", @@ -970,9 +980,9 @@ checksum = "5827cebf4670468b8772dd191856768aedcb1b0278a04f989f7766351917b9dc" [[package]] name = "cpufeatures" -version = "0.2.1" +version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "95059428f66df56b63431fdb4e1947ed2190586af5c5a8a8b71122bdf5a7f469" +checksum = "28d997bd5e24a5928dd43e46dc529867e207907fe0b239c3477d924f7f2ca320" dependencies = [ "libc", ] @@ -988,9 +998,9 @@ dependencies = [ [[package]] name = "crossbeam-channel" -version = "0.5.1" +version = "0.5.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "06ed27e177f16d65f0f0c22a213e17c696ace5dd64b14258b52f9417ccb52db4" +checksum = "c2dd04ddaf88237dc3b8d8f9a3c1004b506b54b3313403944054d23c0870c521" dependencies = [ "cfg-if", "crossbeam-utils", @@ -998,12 +1008,11 @@ dependencies = [ [[package]] name = "crossbeam-utils" -version = "0.8.8" +version = "0.8.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0bf124c720b7686e3c2663cf54062ab0f68a88af2fb6a030e87e30bf721fcb38" +checksum = "4fb766fa798726286dbbb842f174001dab8abc7b627a1dd86e0b7222a95d929f" dependencies = [ "cfg-if", - "lazy_static", ] [[package]] @@ -1016,11 +1025,55 @@ dependencies = [ "typenum", ] +[[package]] +name = "cxx" +version = "1.0.83" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bdf07d07d6531bfcdbe9b8b739b104610c6508dcc4d63b410585faf338241daf" +dependencies = [ + "cc", + "cxxbridge-flags", + "cxxbridge-macro", + "link-cplusplus", +] + +[[package]] +name = "cxx-build" +version = "1.0.83" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d2eb5b96ecdc99f72657332953d4d9c50135af1bac34277801cc3937906ebd39" +dependencies = [ + "cc", + "codespan-reporting", + "once_cell", + "proc-macro2", + "quote", + "scratch", + "syn", +] + +[[package]] +name = "cxxbridge-flags" +version = "1.0.83" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac040a39517fd1674e0f32177648334b0f4074625b5588a64519804ba0553b12" + +[[package]] +name = "cxxbridge-macro" +version = "1.0.83" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1362b0ddcfc4eb0a1f57b68bd77dd99f0e826958a96abd0ae9bd092e114ffed6" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "darling" -version = "0.14.1" +version = "0.14.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4529658bdda7fd6769b8614be250cdcfc3aeb0ee72fe66f9e41e5e5eb73eac02" +checksum = "b0dd3cd20dc6b5a876612a6e5accfe7f3dd883db6d07acfbf14c128f61550dfa" dependencies = [ "darling_core", "darling_macro", @@ -1028,9 +1081,9 @@ dependencies = [ [[package]] name = "darling_core" -version = "0.14.1" +version = "0.14.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "649c91bc01e8b1eac09fb91e8dbc7d517684ca6be8ebc75bb9cafc894f9fdb6f" +checksum = "a784d2ccaf7c98501746bf0be29b2022ba41fd62a2e622af997a03e9f972859f" dependencies = [ "fnv", "ident_case", @@ -1042,9 +1095,9 @@ dependencies = [ [[package]] name = "darling_macro" -version = "0.14.1" +version = "0.14.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ddfc69c5bfcbd2fc09a0f38451d2daf0e372e367986a83906d1b0dbc88134fb5" +checksum = "7618812407e9402654622dd402b0a89dff9ba93badd6540781526117b92aab7e" dependencies = [ "darling_core", "quote", @@ -1053,13 +1106,25 @@ dependencies = [ [[package]] name = "dashmap" -version = "5.3.3" +version = "5.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "391b56fbd302e585b7a9494fb70e40949567b1cf9003a8e4a6041a1687c26573" +checksum = "907076dfda823b0b36d2a1bb5f90c96660a5bbcd7729e10727f07858f22c4edc" dependencies = [ "cfg-if", "hashbrown", "lock_api", + "once_cell", + "parking_lot_core", +] + +[[package]] +name = "deploy" +version = "0.1.0" +dependencies = [ + "dotenv", + "kube", + "models", + "serde_yaml 0.9.14", ] [[package]] @@ -1075,14 +1140,14 @@ dependencies = [ [[package]] name = "derive_more" -version = "0.99.16" +version = "0.99.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "40eebddd2156ce1bb37b20bbe5151340a31828b1f2d22ba4141f3531710e38df" +checksum = "4fb810d30a7c1953f91334de7244731fc3f3c10d7fe163338a35b9f640960321" dependencies = [ "convert_case", "proc-macro2", "quote", - "rustc_version 0.3.3", + "rustc_version", "syn", ] @@ -1094,9 +1159,9 @@ checksum = "6184e33543162437515c2e2b48714794e37845ec9851711914eec9d308f6ebe8" [[package]] name = "digest" -version = "0.10.5" +version = "0.10.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "adfbc57365a37acbd2ebf2b64d7e69bb766e2fea813521ed536f5d0520dcf86c" +checksum = "8168378f4e5023e7218c89c891c0fd8ecdb5e5e4f18cb78f38cf245dd021e76f" dependencies = [ "block-buffer", "crypto-common", @@ -1143,21 +1208,21 @@ checksum = "1435fa1053d8b2fbbe9be7e97eca7f33d37b28409959813daefc1446a14247f1" [[package]] name = "dyn-clone" -version = "1.0.4" +version = "1.0.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ee2626afccd7561a06cf1367e2950c4718ea04565e20fb5029b6c7d8ad09abcf" +checksum = "4f94fa09c2aeea5b8839e414b7b841bf429fd25b9c522116ac97ee87856d88b2" [[package]] name = "either" -version = "1.6.1" +version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e78d4f1cc4ae33bbfc157ed5d5a5ef3bc29227303d595861deb238fcec4e9457" +checksum = "90e5c1c8368803113bf0c9584fc495a58b86dc8a29edbf8fe877d21d9507e797" [[package]] name = "encoding_rs" -version = "0.8.29" +version = "0.8.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a74ea89a0a1b98f6332de42c95baff457ada66d1cb4030f9ff151b2041a1c746" +checksum = "9852635589dc9f9ea1b6fe9f05b50ef208c85c834a562f0c6abb1c475736ec2b" dependencies = [ "cfg-if", ] @@ -1198,18 +1263,18 @@ dependencies = [ [[package]] name = "fastrand" -version = "1.6.0" +version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "779d043b6a0b90cc4c0ed7ee380a6504394cee7efd7db050e3774eee387324b2" +checksum = "a7a407cfaa3385c4ae6b23e84623d48c2798d06e3e6a1878f7f59f17b3f86499" dependencies = [ "instant", ] [[package]] name = "flate2" -version = "1.0.24" +version = "1.0.25" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f82b0f4c27ad9f8bfd1f3208d882da2b09c301bc1c828fd3a00d0216d2fbbff6" +checksum = "a8a2db397cb1c8772f31494cb8917e48cd1e64f0fa7efac59fbd741a0a8ce841" dependencies = [ "crc32fast", "miniz_oxide", @@ -1247,11 +1312,10 @@ checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" [[package]] name = "form_urlencoded" -version = "1.0.1" +version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5fc25a87fa4fd2094bffb06925852034d90a17f0d1e05197d4956d3555752191" +checksum = "a9c384f161156f5260c24a097c56119f9be8c798586aecc13afbcbe7b7e26bf8" dependencies = [ - "matches", "percent-encoding", ] @@ -1352,9 +1416,9 @@ dependencies = [ [[package]] name = "generic-array" -version = "0.14.4" +version = "0.14.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "501466ecc8a30d1d3b7fc9229b122b2ce8ed6e9d9223f1138d4babb253e51817" +checksum = "bff49e947297f3312447abdca79f45f4738097cc82b06e72054d2223f601f1b9" dependencies = [ "typenum", "version_check", @@ -1362,20 +1426,20 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.3" +version = "0.2.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7fcd999463524c52659517fe2cea98493cfe485d10565e7b0fb07dbba7ad2753" +checksum = "c05aeb6a22b8f62540c194aac980f2115af067bfe15a0734d7277a768d396b31" dependencies = [ "cfg-if", "libc", - "wasi 0.10.0+wasi-snapshot-preview1", + "wasi 0.11.0+wasi-snapshot-preview1", ] [[package]] name = "h2" -version = "0.3.14" +version = "0.3.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ca32592cf21ac7ccab1825cd87f6c9b3d9022c44d086172ed0966bec8af30be" +checksum = "5f9f29bc9dda355256b2916cf526ab02ce0aeaaaf2bad60d65ef3f12f11dd0f4" dependencies = [ "bytes", "fnv", @@ -1386,7 +1450,7 @@ dependencies = [ "indexmap", "slab", "tokio", - "tokio-util 0.7.1", + "tokio-util", "tracing", ] @@ -1443,7 +1507,7 @@ checksum = "75f43d41e26995c17e71ee126451dd3941010b0514a81a9d11f3b341debc2399" dependencies = [ "bytes", "fnv", - "itoa 1.0.1", + "itoa", ] [[package]] @@ -1465,15 +1529,15 @@ checksum = "0bfe8eed0a9285ef776bb792479ea3834e8b94e13d615c2f66d03dd50a435a29" [[package]] name = "httparse" -version = "1.5.1" +version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "acd94fdbe1d4ff688b67b04eee2e17bd50995534a61539e45adfefb45e5e5503" +checksum = "d897f394bad6a705d5f4104762e116a75639e470d80901eed05a860a95cb1904" [[package]] name = "httpdate" -version = "1.0.1" +version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6456b8a6c8f33fee7d958fcd1b60d55b11940a79e63ae87013e6d22e26034440" +checksum = "c4a1e36c821dbe04574f602848a19f742f4fb3c98d40449f11bcad18d6b17421" [[package]] name = "humantime" @@ -1483,9 +1547,9 @@ checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" [[package]] name = "hyper" -version = "0.14.14" +version = "0.14.23" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2b91bb1f221b6ea1f1e4371216b70f40748774c2fb5971b450c07773fb92d26b" +checksum = "034711faac9d2166cb1baf1a2fb0b60b1f277f8492fd72176c17f3515e1abd3c" dependencies = [ "bytes", "futures-channel", @@ -1496,7 +1560,7 @@ dependencies = [ "http-body", "httparse", "httpdate", - "itoa 0.4.8", + "itoa", "pin-project-lite", "socket2", "tokio", @@ -1517,7 +1581,7 @@ dependencies = [ "once_cell", "openssl", "openssl-sys", - "parking_lot 0.12.0", + "parking_lot", "tokio", "tokio-openssl", "tower-layer", @@ -1525,9 +1589,9 @@ dependencies = [ [[package]] name = "hyper-rustls" -version = "0.23.0" +version = "0.23.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d87c48c02e0dc5e3b849a2041db3029fd066650f8f717c07bf8ed78ccb895cac" +checksum = "1788965e61b367cd03a62950836d5cd41560c3577d90e40e0819373194d1661c" dependencies = [ "http", "hyper", @@ -1565,17 +1629,28 @@ dependencies = [ [[package]] name = "iana-time-zone" -version = "0.1.50" +version = "0.1.53" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fd911b35d940d2bd0bea0f9100068e5b97b51a1cbe13d13382f132e0365257a0" +checksum = "64c122667b287044802d6ce17ee2ddf13207ed924c712de9a66a5814d5b64765" dependencies = [ "android_system_properties", "core-foundation-sys", + "iana-time-zone-haiku", "js-sys", "wasm-bindgen", "winapi", ] +[[package]] +name = "iana-time-zone-haiku" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0703ae284fc167426161c2e3f1da3ea71d94b21bedbcc9494e92b28e334e3dca" +dependencies = [ + "cxx", + "cxx-build", +] + [[package]] name = "ident_case" version = "1.0.1" @@ -1593,6 +1668,16 @@ dependencies = [ "unicode-normalization", ] +[[package]] +name = "idna" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e14ddfc70884202db2244c223200c204c2bda1bc6e0998d11b5e024d657209e6" +dependencies = [ + "unicode-bidi", + "unicode-normalization", +] + [[package]] name = "if_chain" version = "1.0.2" @@ -1601,9 +1686,9 @@ checksum = "cb56e1aa765b4b4f3aadfab769793b7087bb03a4ea4920644a6d238e2df5b9ed" [[package]] name = "indexmap" -version = "1.9.1" +version = "1.9.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "10a35a97730320ffe8e2d410b5d3b69279b98d2c14bdb8b70ea89ecf7888d41e" +checksum = "1885e79c1fc4b10f0e172c475f458b7f7b93061064d98c3293e98c5ba0c8b399" dependencies = [ "autocfg", "hashbrown", @@ -1640,7 +1725,7 @@ dependencies = [ "maplit", "mockall", "models", - "semver 1.0.14", + "semver", "serde", "serde_json", "snafu", @@ -1653,9 +1738,9 @@ dependencies = [ [[package]] name = "io-lifetimes" -version = "1.0.1" +version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a7d367024b3f3414d8e01f437f704f41a9f64ab36f9067fa73e526ad4c763c87" +checksum = "46112a93252b123d31a119a8d1a1ac19deac4fac6e0e8b0df58f0d4e5870e63c" dependencies = [ "libc", "windows-sys 0.42.0", @@ -1663,15 +1748,15 @@ dependencies = [ [[package]] name = "ipnet" -version = "2.3.1" +version = "2.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "68f2d64f2edebec4ce84ad108148e67e1064789bee435edc5b60ad398714a3a9" +checksum = "11b0d96e660696543b251e58030cf9787df56da39dab19ad60eae7353040917e" [[package]] name = "is-terminal" -version = "0.4.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aae5bc6e2eb41c9def29a3e0f1306382807764b9b53112030eff57435667352d" +checksum = "927609f78c2913a6f6ac3c27a4fe87f43e2a35367c0c4b0f8265e8f49a104330" dependencies = [ "hermit-abi 0.2.6", "io-lifetimes", @@ -1690,39 +1775,33 @@ dependencies = [ [[package]] name = "itoa" -version = "0.4.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b71991ff56294aa922b450139ee08b3bfc70982c6b2c7562771375cf73542dd4" - -[[package]] -name = "itoa" -version = "1.0.1" +version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1aab8fc367588b89dcee83ab0fd66b72b50b72fa1904d7095045ace2b0c81c35" +checksum = "4217ad341ebadf8d8e724e264f13e593e0648f5b3e94b3896a5df283be015ecc" [[package]] name = "jobserver" -version = "0.1.24" +version = "0.1.25" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "af25a77299a7f711a01975c35a6a424eb6862092cc2d6c72c4ed6cbc56dfc1fa" +checksum = "068b1ee6743e4d11fb9c6a1e6064b3693a1b600e7f5f5988047d98b3dc9fb90b" dependencies = [ "libc", ] [[package]] name = "js-sys" -version = "0.3.55" +version = "0.3.60" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7cc9ffccd38c451a86bf13657df244e9c3f37493cce8e5e21e940963777acc84" +checksum = "49409df3e3bf0856b916e2ceaca09ee28e6871cf7d9ce97a692cacfdb2a25a47" dependencies = [ "wasm-bindgen", ] [[package]] name = "json-patch" -version = "0.2.6" +version = "0.2.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f995a3c8f2bc3dd52a18a583e90f9ec109c047fa1603a853e46bcda14d2e279d" +checksum = "eb3fa5a61630976fc4c353c70297f2e93f1930e3ccee574d59d618ccbd5154ce" dependencies = [ "serde", "serde_json", @@ -1792,14 +1871,14 @@ dependencies = [ "pem", "pin-project", "rustls", - "rustls-pemfile 1.0.1", + "rustls-pemfile", "secrecy", "serde", "serde_json", "serde_yaml 0.8.26", "thiserror", "tokio", - "tokio-util 0.7.1", + "tokio-util", "tower", "tower-http", "tracing", @@ -1842,21 +1921,21 @@ version = "0.76.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0b9b312c38884a3f41d67e2f7580824b6f45d360b98497325b5630664b3a359d" dependencies = [ - "ahash 0.8.0", + "ahash 0.8.2", "backoff", "derivative", "futures", "json-patch", "k8s-openapi", "kube-client", - "parking_lot 0.12.0", + "parking_lot", "pin-project", "serde", "serde_json", "smallvec", "thiserror", "tokio", - "tokio-util 0.7.1", + "tokio-util", "tracing", ] @@ -1874,15 +1953,24 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "libc" -version = "0.2.133" +version = "0.2.138" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c0f80d65747a3e43d1596c7c5492d95d5edddaabd45a7fcdb02b95f644164966" +checksum = "db6d7e329c562c5dfab7a46a2afabc8b987ab9a4834c9d1ca04dc54c1546cef8" + +[[package]] +name = "link-cplusplus" +version = "1.0.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9272ab7b96c9046fbc5bc56c06c117cb639fe2d509df0c421cad82d2915cf369" +dependencies = [ + "cc", +] [[package]] name = "linked-hash-map" -version = "0.5.4" +version = "0.5.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7fb9b38af92608140b86b693604b9ffcc5824240a484d1ecd4795bacb2fe88f3" +checksum = "0717cef1bc8b636c6e1c1bbdefc09e6322da8a9321966e8928ef80d20f7f770f" [[package]] name = "linked_hash_set" @@ -1901,9 +1989,9 @@ checksum = "8f9f08d8963a6c613f4b1a78f4f4a4dbfadf8e6545b2d72861731e4858b8b47f" [[package]] name = "local-channel" -version = "0.1.2" +version = "0.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6246c68cf195087205a0512559c97e15eaf95198bf0e206d662092cdcb03fe9f" +checksum = "7f303ec0e94c6c54447f84f3b0ef7af769858a9c4ef56ef2a986d3dcd4c3fc9c" dependencies = [ "futures-core", "futures-sink", @@ -1913,15 +2001,15 @@ dependencies = [ [[package]] name = "local-waker" -version = "0.1.1" +version = "0.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "84f9a2d3e27ce99ce2c3aad0b09b1a7b916293ea9b2bf624c13fe646fadd8da4" +checksum = "e34f76eb3611940e0e7d53a9aaa4e6a3151f69541a282fd0dad5571420c53ff1" [[package]] name = "lock_api" -version = "0.4.7" +version = "0.4.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "327fa5b6a6940e4699ec49a9beae1ea4845c6bab9314e4f84ac68742139d8c53" +checksum = "435011366fe56583b16cf956f9df0095b405b82d76425bc8981c0e22e60ec4df" dependencies = [ "autocfg", "scopeguard", @@ -1959,9 +2047,9 @@ checksum = "a3e378b66a060d48947b590737b30a1be76706c8dd7b8ba0f2fe3989c68a853f" [[package]] name = "memchr" -version = "2.4.1" +version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "308cc39be01b73d0d18f82a0e7b2a3df85245f84af96fdddc5d202d27e47b86a" +checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d" [[package]] name = "mime" @@ -1971,26 +2059,13 @@ checksum = "2a60c7ce501c71e03a9c9c0d35b861413ae925bd979cc7a4e30d060069aaac8d" [[package]] name = "miniz_oxide" -version = "0.5.4" +version = "0.6.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "96590ba8f175222643a85693f33d26e9c8a015f599c216509b1a6894af675d34" +checksum = "b275950c28b37e794e8c55d88aeb5e139d0ce23fdbbeda68f8d7174abdf9e8fa" dependencies = [ "adler", ] -[[package]] -name = "mio" -version = "0.7.14" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8067b404fe97c70829f082dec8bcf4f71225d7eaea1d8645349cb76fa06205cc" -dependencies = [ - "libc", - "log", - "miow", - "ntapi", - "winapi", -] - [[package]] name = "mio" version = "0.8.5" @@ -2003,15 +2078,6 @@ dependencies = [ "windows-sys 0.42.0", ] -[[package]] -name = "miow" -version = "0.3.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b9f1c5b025cda876f66ef43a113f91ebc9f4ccef34843000e0adf6ebbab84e21" -dependencies = [ - "winapi", -] - [[package]] name = "mockall" version = "0.11.3" @@ -2054,7 +2120,7 @@ dependencies = [ "regex", "reqwest", "schemars", - "semver 1.0.14", + "semver", "serde", "serde_json", "snafu", @@ -2066,9 +2132,9 @@ dependencies = [ [[package]] name = "native-tls" -version = "0.2.8" +version = "0.2.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "48ba9f7719b5a0f42f338907614285fb5fd70e53858141f69898a1fb7203b24d" +checksum = "07226173c32f2926027b63cce4bcd8076c3552846cbe7925f3aaffeac0a3b92e" dependencies = [ "lazy_static", "libc", @@ -2088,15 +2154,6 @@ version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "61807f77802ff30975e01f4f071c8ba10c022052f98b3294119f3e615d13e5be" -[[package]] -name = "ntapi" -version = "0.3.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3f6bb902e437b6d86e03cce10a7e2af662292c5dfef23b65899ea3ac9354ad44" -dependencies = [ - "winapi", -] - [[package]] name = "nu-ansi-term" version = "0.46.0" @@ -2109,9 +2166,9 @@ dependencies = [ [[package]] name = "num-integer" -version = "0.1.44" +version = "0.1.45" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d2cc698a63b549a70bc047073d2949cce27cd1c7b0a4a862d08a8031bc2801db" +checksum = "225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9" dependencies = [ "autocfg", "num-traits", @@ -2119,37 +2176,28 @@ dependencies = [ [[package]] name = "num-traits" -version = "0.2.14" +version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9a64b1ec5cda2586e284722486d802acf1f7dbdc623e2bfc57e65ca1cd099290" +checksum = "578ede34cf02f8924ab9447f50c28075b4d3e5b269972345e7e0372b38c6cdcd" dependencies = [ "autocfg", ] [[package]] name = "num_cpus" -version = "1.13.0" +version = "1.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "05499f3756671c15885fee9034446956fff3f243d6077b91e5767df161f766b3" +checksum = "f6058e64324c71e02bc2b150e4f3bc8286db6c83092132ffa3f6b1eab0f9def5" dependencies = [ "hermit-abi 0.1.19", "libc", ] -[[package]] -name = "num_threads" -version = "0.1.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aba1801fb138d8e85e11d0fc70baf4fe1cdfffda7c6cd34a854905df588e5ed0" -dependencies = [ - "libc", -] - [[package]] name = "once_cell" -version = "1.15.0" +version = "1.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e82dad04139b71a90c080c8463fe0dc7902db5192d939bd0950f074d014339e1" +checksum = "86f0b0d4bf799edbc74508c1e8bf170ff5f41238e5f8225603ca7caaae2b7860" [[package]] name = "openssl" @@ -2179,9 +2227,9 @@ dependencies = [ [[package]] name = "openssl-probe" -version = "0.1.4" +version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "28988d872ab76095a6e6ac88d99b54fd267702734fd7ffe610ca27f533ddb95a" +checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" [[package]] name = "openssl-sys" @@ -2266,9 +2314,9 @@ dependencies = [ [[package]] name = "ordered-float" -version = "2.8.0" +version = "2.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97c9d06878b3a851e8026ef94bf7fef9ba93062cd412601da4d9cf369b1cc62d" +checksum = "7940cf2ca942593318d07fcf2596cdca60a85c9e7fab408a5e21a4f9dcd40d87" dependencies = [ "num-traits", ] @@ -2281,96 +2329,62 @@ checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39" [[package]] name = "parking_lot" -version = "0.11.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7d17b78036a60663b797adeaee46f5c9dfebb86948d1255007a1d6be0271ff99" -dependencies = [ - "instant", - "lock_api", - "parking_lot_core 0.8.5", -] - -[[package]] -name = "parking_lot" -version = "0.12.0" +version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87f5ec2493a61ac0506c0f4199f99070cbe83857b0337006a30f3e6719b8ef58" +checksum = "3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f" dependencies = [ "lock_api", - "parking_lot_core 0.9.2", -] - -[[package]] -name = "parking_lot_core" -version = "0.8.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d76e8e1493bcac0d2766c42737f34458f1c8c50c0d23bcb24ea953affb273216" -dependencies = [ - "cfg-if", - "instant", - "libc", - "redox_syscall", - "smallvec", - "winapi", + "parking_lot_core", ] [[package]] name = "parking_lot_core" -version = "0.9.2" +version = "0.9.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "995f667a6c822200b0433ac218e05582f0e2efa1b922a3fd2fbaadc5f87bab37" +checksum = "7ff9f3fef3968a3ec5945535ed654cb38ff72d7495a25619e2247fb15a2ed9ba" dependencies = [ "cfg-if", "libc", "redox_syscall", "smallvec", - "windows-sys 0.34.0", + "windows-sys 0.42.0", ] [[package]] name = "paste" -version = "1.0.5" +version = "1.0.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "acbf547ad0c65e31259204bd90935776d1c693cec2f4ff7abb7a1bbbd40dfe58" +checksum = "cf1c2c742266c2f1041c914ba65355a83ae8747b05f208319784083583494b4b" [[package]] name = "pem" -version = "1.0.2" +version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e9a3b09a20e374558580a4914d3b7d89bd61b954a5a5e1dcbea98753addb1947" +checksum = "03c64931a1a212348ec4f3b4362585eca7159d0d09cbdf4a7f74f02173596fd4" dependencies = [ "base64 0.13.1", ] [[package]] name = "percent-encoding" -version = "2.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d4fd5641d01c8f18a23da7b6fe29298ff4b55afcccdf78973b24cf3175fee32e" - -[[package]] -name = "pest" -version = "2.1.3" +version = "2.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "10f4872ae94d7b90ae48754df22fd42ad52ce740b8f370b03da4835417403e53" -dependencies = [ - "ucd-trie", -] +checksum = "478c572c3d73181ff3c2539045f6eb99e5491218eae919370993b890cdbdd98e" [[package]] name = "pin-project" -version = "1.0.8" +version = "1.0.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "576bc800220cc65dac09e99e97b08b358cfab6e17078de8dc5fee223bd2d0c08" +checksum = "ad29a609b6bcd67fee905812e544992d216af9d755757c05ed2d0e15a74c6ecc" dependencies = [ "pin-project-internal", ] [[package]] name = "pin-project-internal" -version = "1.0.8" +version = "1.0.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e8fe8163d14ce7f0cdac2e040116f22eac817edabff0be91e8aff7e9accf389" +checksum = "069bdb1e05adc7a8990dce9cc75370895fbe4e3d58b9b73bf1aee56359344a55" dependencies = [ "proc-macro2", "quote", @@ -2391,21 +2405,21 @@ checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" [[package]] name = "pkg-config" -version = "0.3.22" +version = "0.3.26" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "12295df4f294471248581bc09bef3c38a5e46f1e36d6a37353621a0c6c357e1f" +checksum = "6ac9a59f73473f1b8d852421e59e64809f025994837ef743615c6d0c5b305160" [[package]] name = "ppv-lite86" -version = "0.2.15" +version = "0.2.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed0cfbc8191465bed66e1718596ee0b0b35d5ee1f41c5df2189d0fe8bde535ba" +checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" [[package]] name = "predicates" -version = "2.1.1" +version = "2.1.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a5aab5be6e4732b473071984b3164dbbfb7a3674d30ea5ff44410b6bcd960c3c" +checksum = "f54fc5dc63ed3bbf19494623db4f3af16842c0d975818e469022d09e53f0aa05" dependencies = [ "difflib", "float-cmp", @@ -2417,15 +2431,15 @@ dependencies = [ [[package]] name = "predicates-core" -version = "1.0.2" +version = "1.0.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "57e35a3326b75e49aa85f5dc6ec15b41108cf5aee58eabb1f274dd18b73c2451" +checksum = "72f883590242d3c6fc5bf50299011695fa6590c2c70eac95ee1bdb9a733ad1a2" [[package]] name = "predicates-tree" -version = "1.0.4" +version = "1.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "338c7be2905b732ae3984a2f40032b5e94fd8f52505b186c7d4d68d193445df7" +checksum = "54ff541861505aabf6ea722d2131ee980b8276e10a1297b94e896dd8b621850d" dependencies = [ "predicates-core", "termtree", @@ -2457,9 +2471,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.46" +version = "1.0.47" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94e2ef8dbfc347b10c094890f778ee2e36ca9bb4262e86dc99cd217e35f3470b" +checksum = "5ea3d908b0e36316caf9e9e2c4625cdde190a7e6f440d794667ed17a1855e725" dependencies = [ "unicode-ident", ] @@ -2474,16 +2488,16 @@ dependencies = [ "fnv", "lazy_static", "memchr", - "parking_lot 0.12.0", + "parking_lot", "protobuf", "thiserror", ] [[package]] name = "protobuf" -version = "2.25.2" +version = "2.28.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "47c327e191621a2158159df97cdbc2e7074bb4e940275e35abf38eb3d2595754" +checksum = "106dd99e98437432fed6519dedecfade6a06a73bb7b2a1e019fdd2bee5778d94" [[package]] name = "quote" @@ -2496,14 +2510,13 @@ dependencies = [ [[package]] name = "rand" -version = "0.8.4" +version = "0.8.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2e7573632e6454cf6b99d7aac4ccca54be06da05aca2ef7423d22d27d4d4bcd8" +checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" dependencies = [ "libc", "rand_chacha", "rand_core", - "rand_hc", ] [[package]] @@ -2518,39 +2531,31 @@ dependencies = [ [[package]] name = "rand_core" -version = "0.6.3" +version = "0.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d34f1408f55294453790c48b2f1ebbb1c5b4b7563eb1f418bcfcfdbb06ebb4e7" +checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" dependencies = [ "getrandom", ] -[[package]] -name = "rand_hc" -version = "0.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d51e9f596de227fda2ea6c84607f5558e196eeaf43c986b724ba4fb8fdf497e7" -dependencies = [ - "rand_core", -] - [[package]] name = "redox_syscall" -version = "0.2.10" +version = "0.2.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8383f39639269cde97d255a32bdb68c047337295414940c68bdd30c2e13203ff" +checksum = "fb5a58c1855b4b6819d59012155603f0b22ad30cad752600aadfcb695265519a" dependencies = [ "bitflags", ] [[package]] name = "redox_users" -version = "0.4.0" +version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "528532f3d801c87aec9def2add9ca802fe569e44a544afe633765267840abe64" +checksum = "b033d837a7cf162d7993aded9304e30a83213c648b6e389db233191f891e5c2b" dependencies = [ "getrandom", "redox_syscall", + "thiserror", ] [[package]] @@ -2575,9 +2580,9 @@ dependencies = [ [[package]] name = "regex-syntax" -version = "0.6.27" +version = "0.6.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a3f87b73ce11b1619a3c6332f45341e0047173771e8b8b73f87bfeefb7b56244" +checksum = "456c603be3e8d448b072f410900c09faf164fbce2d480456f50eea6e25f9c848" [[package]] name = "remove_dir_all" @@ -2590,9 +2595,9 @@ dependencies = [ [[package]] name = "reqwest" -version = "0.11.9" +version = "0.11.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87f242f1488a539a79bac6dbe7c8609ae43b7914b7736210f239a37cccb32525" +checksum = "68cc60575865c7831548863cc02356512e3f1dc2f3f82cb837d7fc4cc8f3c97c" dependencies = [ "base64 0.13.1", "bytes", @@ -2606,10 +2611,10 @@ dependencies = [ "hyper-tls", "ipnet", "js-sys", - "lazy_static", "log", "mime", "native-tls", + "once_cell", "percent-encoding", "pin-project-lite", "serde", @@ -2617,6 +2622,7 @@ dependencies = [ "serde_urlencoded", "tokio", "tokio-native-tls", + "tower-service", "url", "wasm-bindgen", "wasm-bindgen-futures", @@ -2639,29 +2645,20 @@ dependencies = [ "winapi", ] -[[package]] -name = "rustc_version" -version = "0.3.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f0dfe2087c51c460008730de8b57e6a320782fbfb312e1f4d520e6c6fae155ee" -dependencies = [ - "semver 0.11.0", -] - [[package]] name = "rustc_version" version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366" dependencies = [ - "semver 1.0.14", + "semver", ] [[package]] name = "rustix" -version = "0.36.3" +version = "0.36.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b1fbb4dfc4eb1d390c02df47760bb19a84bb80b301ecc947ab5406394d8223e" +checksum = "a3807b5d10909833d3e9acd1eb5fb988f79376ff10fce42937de71a449c4c588" dependencies = [ "bitflags", "errno", @@ -2673,9 +2670,9 @@ dependencies = [ [[package]] name = "rustls" -version = "0.20.4" +version = "0.20.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4fbfeb8d0ddb84706bc597a5574ab8912817c52a397f819e5b614e2265206921" +checksum = "539a2bfe908f471bfa933876bd1eb6a19cf2176d375f82ef7f99530a40e48c2c" dependencies = [ "log", "ring", @@ -2685,25 +2682,16 @@ dependencies = [ [[package]] name = "rustls-native-certs" -version = "0.6.1" +version = "0.6.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ca9ebdfa27d3fc180e42879037b5338ab1c040c06affd00d8338598e7800943" +checksum = "0167bac7a9f490495f3c33013e7722b53cb087ecbe082fb0c6387c96f634ea50" dependencies = [ "openssl-probe", - "rustls-pemfile 0.2.1", + "rustls-pemfile", "schannel", "security-framework", ] -[[package]] -name = "rustls-pemfile" -version = "0.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5eebeaeb360c87bfb72e84abdb3447159c0eaececf1bef2aecd65a8be949d1c9" -dependencies = [ - "base64 0.13.1", -] - [[package]] name = "rustls-pemfile" version = "1.0.1" @@ -2715,24 +2703,24 @@ dependencies = [ [[package]] name = "rustversion" -version = "1.0.6" +version = "1.0.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f2cc38e8fa666e2de3c4aba7edeb5ffc5246c1c2ed0e3d17e560aeeba736b23f" +checksum = "97477e48b4cf8603ad5f7aaf897467cf42ab4218a38ef76fb14c2d6773a6d6a8" [[package]] name = "ryu" -version = "1.0.5" +version = "1.0.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "71d301d4193d031abdd79ff7e3dd721168a9572ef3fe51a1517aba235bd8f86e" +checksum = "4501abdff3ae82a1c1b477a17252eb69cee9e66eb915c1abaa4f44d873df9f09" [[package]] name = "schannel" -version = "0.1.19" +version = "0.1.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8f05ba609c234e60bee0d547fe94a4c7e9da733d1c962cf6e59efa4cd9c8bc75" +checksum = "88d6731146462ea25d9244b2ed5fd1d716d25c52e4d54aa4fb0f3c4e9854dbe2" dependencies = [ "lazy_static", - "winapi", + "windows-sys 0.36.1", ] [[package]] @@ -2765,6 +2753,12 @@ version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd" +[[package]] +name = "scratch" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c8132065adcfd6e02db789d9285a0deb2f3fcb04002865ab67d5fb103533898" + [[package]] name = "sct" version = "0.7.0" @@ -2787,9 +2781,9 @@ dependencies = [ [[package]] name = "security-framework" -version = "2.4.2" +version = "2.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "525bc1abfda2e1998d152c45cf13e696f76d0a4972310b22fac1658b05df7c87" +checksum = "2bc1bb97804af6631813c55739f771071e0f2ed33ee20b68c86ec505d906356c" dependencies = [ "bitflags", "core-foundation", @@ -2800,23 +2794,14 @@ dependencies = [ [[package]] name = "security-framework-sys" -version = "2.4.2" +version = "2.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a9dd14d83160b528b7bfd66439110573efcfbe281b17fc2ca9f39f550d619c7e" +checksum = "0160a13a177a45bfb43ce71c01580998474f556ad854dcbca936dd2841a5c556" dependencies = [ "core-foundation-sys", "libc", ] -[[package]] -name = "semver" -version = "0.11.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f301af10236f6df4160f7c3f04eec6dbc70ace82d23326abad5edee88801c6b6" -dependencies = [ - "semver-parser", -] - [[package]] name = "semver" version = "1.0.14" @@ -2826,15 +2811,6 @@ dependencies = [ "serde", ] -[[package]] -name = "semver-parser" -version = "0.10.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "00b0bef5b7f9e0df16536d3961cfb6e84331c065b4066afb39768d0e319411f7" -dependencies = [ - "pest", -] - [[package]] name = "serde" version = "1.0.150" @@ -2883,7 +2859,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "020ff22c755c2ed3f8cf162dbb41a7268d934702f3ed3631656ea597e08fc3db" dependencies = [ "indexmap", - "itoa 1.0.1", + "itoa", "ryu", "serde", ] @@ -2899,12 +2875,12 @@ dependencies = [ [[package]] name = "serde_urlencoded" -version = "0.7.0" +version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "edfa57a7f8d9c1d260a549e7224100f6c43d43f9103e06dd8b4095a9b2b43ce9" +checksum = "d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd" dependencies = [ "form_urlencoded", - "itoa 0.4.8", + "itoa", "ryu", "serde", ] @@ -2928,7 +2904,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6d232d893b10de3eb7258ff01974d6ee20663d8e833263c99409d4b13a0209da" dependencies = [ "indexmap", - "itoa 1.0.1", + "itoa", "ryu", "serde", "unsafe-libyaml", @@ -2965,9 +2941,12 @@ dependencies = [ [[package]] name = "slab" -version = "0.4.5" +version = "0.4.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9def91fd1e018fe007022791f865d0ccc9b3a0d5001e01aabb8b40e46000afb5" +checksum = "4614a76b2a8be0058caa9dbbaf66d988527d86d003c11a94fbd335d7661edcef" +dependencies = [ + "autocfg", +] [[package]] name = "smallvec" @@ -2999,9 +2978,9 @@ dependencies = [ [[package]] name = "socket2" -version = "0.4.2" +version = "0.4.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5dc90fe6c7be1a323296982db1836d1ea9e47b6839496dde9a541bc496df3516" +checksum = "02e2d2db9033d13a1567121ddd7a095ee144db4e1ca1b1bda3419bc0da294ebd" dependencies = [ "libc", "winapi", @@ -3064,9 +3043,9 @@ dependencies = [ [[package]] name = "syn" -version = "1.0.104" +version = "1.0.105" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4ae548ec36cf198c0ef7710d3c230987c2d6d7bd98ad6edc0274462724c585ce" +checksum = "60b9b43d45702de4c839cb9b51d9f529c5dd26a4aff255b42b1ebc03e88ee908" dependencies = [ "proc-macro2", "quote", @@ -3075,13 +3054,13 @@ dependencies = [ [[package]] name = "tempfile" -version = "3.2.0" +version = "3.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dac1c663cfc93810f88aed9b8941d48cabf856a1b111c29a40439018d870eb22" +checksum = "5cdb1ef4eaeeaddc8fbd371e5017057064af0911902ef36b39801f67cc6d79e4" dependencies = [ "cfg-if", + "fastrand", "libc", - "rand", "redox_syscall", "remove_dir_all", "winapi", @@ -3089,18 +3068,18 @@ dependencies = [ [[package]] name = "termcolor" -version = "1.1.2" +version = "1.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2dfed899f0eb03f32ee8c6a0aabdb8a7949659e3466561fc0adf54e26d88c5f4" +checksum = "bab24d30b911b2376f3a13cc2cd443142f0c81dda04c118693e35b3835757755" dependencies = [ "winapi-util", ] [[package]] name = "termtree" -version = "0.2.3" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "13a4ec180a2de59b57434704ccfad967f789b12737738798fa08798cd5824c16" +checksum = "95059e91184749cb66be6dc994f67f182b6d897cb3df74a5bf66b5e709295fd8" [[package]] name = "textwrap" @@ -3113,18 +3092,18 @@ dependencies = [ [[package]] name = "thiserror" -version = "1.0.30" +version = "1.0.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "854babe52e4df1653706b98fcfc05843010039b406875930a70e4d9644e5c417" +checksum = "10deb33631e3c9018b9baf9dcbbc4f737320d2b576bac10f6aefa048fa407e3e" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.30" +version = "1.0.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aa32fd3f627f367fe16f893e2597ae3c05020f8bba2666a4e6ea73d377e5714b" +checksum = "982d17546b47146b28f7c22e3d08465f6b8903d0ea13c1660d9d84a6e7adcdbb" dependencies = [ "proc-macro2", "quote", @@ -3142,9 +3121,9 @@ dependencies = [ [[package]] name = "time" -version = "0.1.44" +version = "0.1.45" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6db9e6914ab8b1ae1c260a4ae7a49b6c5611b40328a735b21862567685e73255" +checksum = "1b797afad3f312d1c66a56d11d0316f916356d11bd158fbc6ca6389ff6bf805a" dependencies = [ "libc", "wasi 0.10.0+wasi-snapshot-preview1", @@ -3153,27 +3132,36 @@ dependencies = [ [[package]] name = "time" -version = "0.3.9" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c2702e08a7a860f005826c6815dcac101b19b5eb330c27fe4a5928fec1d20ddd" +checksum = "a561bf4617eebd33bca6434b988f39ed798e527f51a1e797d0ee4f61c0a38376" dependencies = [ - "itoa 1.0.1", - "libc", - "num_threads", + "itoa", + "serde", + "time-core", "time-macros", ] +[[package]] +name = "time-core" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2e153e1f1acaef8acc537e68b44906d2db6436e2b35ac2c6b42640fff91f00fd" + [[package]] name = "time-macros" -version = "0.2.4" +version = "0.2.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "42657b1a6f4d817cda8e7a0ace261fe0cc946cf3a80314390b22cc61ae080792" +checksum = "d967f99f534ca7e495c575c62638eebc2898a8c84c119b89e250477bc4ba16b2" +dependencies = [ + "time-core", +] [[package]] name = "tinyvec" -version = "1.5.0" +version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f83b2a3d4d9091d0abd7eba4dc2710b1718583bd4d8992e2190720ea38f391f7" +checksum = "87cc5ceb3875bb20c2890005a4e226a4651264a5c75edb2421b52861a0a0cb50" dependencies = [ "tinyvec_macros", ] @@ -3186,28 +3174,29 @@ checksum = "cda74da7e1a664f795bb1f8a87ec406fb89a02522cf6e50620d016add6dbbf5c" [[package]] name = "tokio" -version = "1.16.1" +version = "1.23.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c27a64b625de6d309e8c57716ba93021dccf1b3b5c97edd6d3dd2d2135afc0a" +checksum = "eab6d665857cc6ca78d6e80303a02cea7a7851e85dfbd77cbdc09bd129f1ef46" dependencies = [ + "autocfg", "bytes", "libc", "memchr", - "mio 0.7.14", + "mio", "num_cpus", - "once_cell", - "parking_lot 0.11.2", + "parking_lot", "pin-project-lite", "signal-hook-registry", + "socket2", "tokio-macros", - "winapi", + "windows-sys 0.42.0", ] [[package]] name = "tokio-io-timeout" -version = "1.1.1" +version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90c49f106be240de154571dd31fbe48acb10ba6c6dd6f6517ad603abffa42de9" +checksum = "30b74022ada614a1b4834de765f9bb43877f910cc8ce4be40e89042c9223a8bf" dependencies = [ "pin-project-lite", "tokio", @@ -3215,9 +3204,9 @@ dependencies = [ [[package]] name = "tokio-macros" -version = "1.7.0" +version = "1.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b557f72f448c511a979e2564e55d74e6c4432fc96ff4f6241bc6bded342643b7" +checksum = "d266c00fde287f55d3f1c3e96c500c362a2b8c695076ec180f27918820bc6df8" dependencies = [ "proc-macro2", "quote", @@ -3259,9 +3248,9 @@ dependencies = [ [[package]] name = "tokio-rustls" -version = "0.23.3" +version = "0.23.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4151fda0cf2798550ad0b34bcfc9b9dcc2a9d2471c895c68f3a8818e54f2389e" +checksum = "c43ee83903113e03984cb9e5cebe6c04a5116269e900e3ddba8f068a62adda59" dependencies = [ "rustls", "tokio", @@ -3270,9 +3259,9 @@ dependencies = [ [[package]] name = "tokio-stream" -version = "0.1.8" +version = "0.1.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "50145484efff8818b5ccd256697f36863f587da82cf8b409c53adf1e840798e3" +checksum = "d660770404473ccd7bc9f8b28494a811bc18542b915c0855c51e8f419d5223ce" dependencies = [ "futures-core", "pin-project-lite", @@ -3281,23 +3270,9 @@ dependencies = [ [[package]] name = "tokio-util" -version = "0.6.9" +version = "0.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9e99e1983e5d376cd8eb4b66604d2e99e79f5bd988c3055891dcd8c9e2604cc0" -dependencies = [ - "bytes", - "futures-core", - "futures-sink", - "log", - "pin-project-lite", - "tokio", -] - -[[package]] -name = "tokio-util" -version = "0.7.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0edfdeb067411dba2044da6d1cb2df793dd35add7888d73c16e3381ded401764" +checksum = "0bb2e075f03b3d66d8d8785356224ba688d2906a371015e225beeb65ca92c740" dependencies = [ "bytes", "futures-core", @@ -3310,16 +3285,16 @@ dependencies = [ [[package]] name = "tower" -version = "0.4.10" +version = "0.4.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c00e500fff5fa1131c866b246041a6bf96da9c965f8fe4128cb1421f23e93c00" +checksum = "b8fa9be0de6cf49e536ce1851f987bd21a43b771b09473c3549a6c853db37c1c" dependencies = [ "futures-core", "futures-util", "pin-project", "pin-project-lite", "tokio", - "tokio-util 0.6.9", + "tokio-util", "tower-layer", "tower-service", "tracing", @@ -3327,9 +3302,9 @@ dependencies = [ [[package]] name = "tower-http" -version = "0.3.4" +version = "0.3.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3c530c8675c1dbf98facee631536fa116b5fb6382d7dd6dc1b118d970eafe3ba" +checksum = "f873044bf02dd1e8239e9c1293ea39dad76dc594ec16185d0a1bf31d8dc8d858" dependencies = [ "base64 0.13.1", "bitflags", @@ -3347,15 +3322,15 @@ dependencies = [ [[package]] name = "tower-layer" -version = "0.3.1" +version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "343bc9466d3fe6b0f960ef45960509f84480bf4fd96f92901afe7ff3df9d3a62" +checksum = "c20c8dbed6283a09604c3e69b4b7eeb54e298b8a600d4d5ecb5ad39de609f1d0" [[package]] name = "tower-service" -version = "0.3.1" +version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "360dfd1d6d30e05fda32ace2c8c70e9c0a9da713275777f5a4dbb8a1893930c6" +checksum = "b6bc1c9ce2b5135ac7f93c72918fc37feb872bdc6a5533a8b85eb4b86bfdae52" [[package]] name = "tracing" @@ -3379,7 +3354,7 @@ dependencies = [ "actix-web", "pin-project", "tracing", - "uuid 1.2.1", + "uuid 1.2.2", ] [[package]] @@ -3463,48 +3438,42 @@ checksum = "59547bce71d9c38b83d9c0e92b6066c4253371f15005def0c30d9657f50c7642" [[package]] name = "typenum" -version = "1.14.0" +version = "1.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b63708a265f51345575b27fe43f9500ad611579e764c79edbc2037b1121959ec" - -[[package]] -name = "ucd-trie" -version = "0.1.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "56dee185309b50d1f11bfedef0fe6d036842e3fb77413abef29f8f8d1c5d4c1c" +checksum = "497961ef93d974e23eb6f433eb5fe1b7930b659f06d12dec6fc44a8f554c0bba" [[package]] name = "unicode-bidi" -version = "0.3.7" +version = "0.3.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1a01404663e3db436ed2746d9fefef640d868edae3cceb81c3b8d5732fda678f" +checksum = "099b7128301d285f79ddd55b9a83d5e6b9e97c92e0ea0daebee7263e932de992" [[package]] name = "unicode-ident" -version = "1.0.4" +version = "1.0.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dcc811dc4066ac62f84f11307873c4850cb653bfa9b1719cee2bd2204a4bc5dd" +checksum = "6ceab39d59e4c9499d4e5a8ee0e2735b891bb7308ac83dfb4e80cad195c9f6f3" [[package]] name = "unicode-normalization" -version = "0.1.19" +version = "0.1.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d54590932941a9e9266f0832deed84ebe1bf2e4c9e4a3554d393d18f5e854bf9" +checksum = "5c5713f0fc4b5db668a2ac63cdb7bb4469d8c9fed047b1d0292cc7b0ce2ba921" dependencies = [ "tinyvec", ] [[package]] name = "unicode-segmentation" -version = "1.8.0" +version = "1.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8895849a949e7845e06bd6dc1aa51731a103c42707010a5b591c0038fb73385b" +checksum = "0fdbf052a0783de01e944a6ce7a8cb939e295b1e7be835a1112c3b9a7f047a5a" [[package]] name = "unicode-width" -version = "0.1.9" +version = "0.1.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3ed742d4ea2bd1176e236172c8429aaf54486e7ac098db29ffe6529e0ce50973" +checksum = "c0edd1e5b14653f783770bce4a4dabb4a5108a5370a5f5d8cfe8710c361f6c8b" [[package]] name = "unsafe-libyaml" @@ -3520,21 +3489,20 @@ checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" [[package]] name = "url" -version = "2.2.2" +version = "2.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a507c383b2d33b5fc35d1861e77e6b383d158b2da5e14fe51b83dfedf6fd578c" +checksum = "0d68c799ae75762b8c3fe375feb6600ef5602c883c5d21eb51c09f22b83c4643" dependencies = [ "form_urlencoded", - "idna", - "matches", + "idna 0.3.0", "percent-encoding", ] [[package]] name = "urlencoding" -version = "2.1.0" +version = "2.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "68b90931029ab9b034b300b797048cf23723400aa757e8a2bfb9d748102f9821" +checksum = "e8db7427f936968176eaa7cdf81b7f98b980b18495ec28f1b5791ac3bfe3eea9" [[package]] name = "uuid" @@ -3548,9 +3516,9 @@ dependencies = [ [[package]] name = "uuid" -version = "1.2.1" +version = "1.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "feb41e78f93363bb2df8b0e86a2ca30eed7806ea16ea0c790d757cf93f79be83" +checksum = "422ee0de9031b5b948b97a8fc04e3aa35230001a722ddd27943e0be31564ce4c" dependencies = [ "getrandom", ] @@ -3561,7 +3529,7 @@ version = "0.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "32ad5bf234c7d3ad1042e5252b7eddb2c4669ee23f32c7dd0e9b7705f07ef591" dependencies = [ - "idna", + "idna 0.2.3", "lazy_static", "regex", "serde", @@ -3645,9 +3613,9 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "wasm-bindgen" -version = "0.2.78" +version = "0.2.83" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "632f73e236b219150ea279196e54e610f5dbafa5d61786303d4da54f84e47fce" +checksum = "eaf9f5aceeec8be17c128b2e93e031fb8a4d469bb9c4ae2d7dc1888b26887268" dependencies = [ "cfg-if", "wasm-bindgen-macro", @@ -3655,13 +3623,13 @@ dependencies = [ [[package]] name = "wasm-bindgen-backend" -version = "0.2.78" +version = "0.2.83" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a317bf8f9fba2476b4b2c85ef4c4af8ff39c3c7f0cdfeed4f82c34a880aa837b" +checksum = "4c8ffb332579b0557b52d268b91feab8df3615f265d5270fec2a8c95b17c1142" dependencies = [ "bumpalo", - "lazy_static", "log", + "once_cell", "proc-macro2", "quote", "syn", @@ -3670,9 +3638,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-futures" -version = "0.4.28" +version = "0.4.33" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8e8d7523cb1f2a4c96c1317ca690031b714a51cc14e05f712446691f413f5d39" +checksum = "23639446165ca5a5de86ae1d8896b737ae80319560fbaa4c2887b7da6e7ebd7d" dependencies = [ "cfg-if", "js-sys", @@ -3682,9 +3650,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.78" +version = "0.2.83" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d56146e7c495528bf6587663bea13a8eb588d39b36b679d83972e1a2dbbdacf9" +checksum = "052be0f94026e6cbc75cdefc9bae13fd6052cdcaf532fa6c45e7ae33a1e6c810" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -3692,9 +3660,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.78" +version = "0.2.83" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7803e0eea25835f8abdc585cd3021b3deb11543c6fe226dcd30b228857c5c5ab" +checksum = "07bc0c051dc5f23e307b13285f9d75df86bfdf816c5721e573dec1f9b8aa193c" dependencies = [ "proc-macro2", "quote", @@ -3705,15 +3673,15 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.78" +version = "0.2.83" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0237232789cf037d5480773fe568aac745bfe2afbc11a863e97901780a6b47cc" +checksum = "1c38c045535d93ec4f0b4defec448e4291638ee608530863b1e2ba115d4fff7f" [[package]] name = "web-sys" -version = "0.3.55" +version = "0.3.60" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "38eb105f1c59d9eaa6b5cdc92b859d85b926e82cb2e0945cd0c9259faa6fe9fb" +checksum = "bcda906d8be16e728fd5adc5b729afad4e444e106ab28cd1c7256e54fa61510f" dependencies = [ "js-sys", "wasm-bindgen", @@ -3762,15 +3730,15 @@ checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" [[package]] name = "windows-sys" -version = "0.34.0" +version = "0.36.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5acdd78cb4ba54c0045ac14f62d8f94a03d10047904ae2a40afa1e99d8f70825" +checksum = "ea04155a16a59f9eab786fe12a4a450e75cdb175f9e0d80da1e17db09f55b8d2" dependencies = [ - "windows_aarch64_msvc 0.34.0", - "windows_i686_gnu 0.34.0", - "windows_i686_msvc 0.34.0", - "windows_x86_64_gnu 0.34.0", - "windows_x86_64_msvc 0.34.0", + "windows_aarch64_msvc 0.36.1", + "windows_i686_gnu 0.36.1", + "windows_i686_msvc 0.36.1", + "windows_x86_64_gnu 0.36.1", + "windows_x86_64_msvc 0.36.1", ] [[package]] @@ -3796,9 +3764,9 @@ checksum = "41d2aa71f6f0cbe00ae5167d90ef3cfe66527d6f613ca78ac8024c3ccab9a19e" [[package]] name = "windows_aarch64_msvc" -version = "0.34.0" +version = "0.36.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "17cffbe740121affb56fad0fc0e421804adf0ae00891205213b5cecd30db881d" +checksum = "9bb8c3fd39ade2d67e9874ac4f3db21f0d710bee00fe7cab16949ec184eeaa47" [[package]] name = "windows_aarch64_msvc" @@ -3808,9 +3776,9 @@ checksum = "dd0f252f5a35cac83d6311b2e795981f5ee6e67eb1f9a7f64eb4500fbc4dcdb4" [[package]] name = "windows_i686_gnu" -version = "0.34.0" +version = "0.36.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2564fde759adb79129d9b4f54be42b32c89970c18ebf93124ca8870a498688ed" +checksum = "180e6ccf01daf4c426b846dfc66db1fc518f074baa793aa7d9b9aaeffad6a3b6" [[package]] name = "windows_i686_gnu" @@ -3820,9 +3788,9 @@ checksum = "fbeae19f6716841636c28d695375df17562ca208b2b7d0dc47635a50ae6c5de7" [[package]] name = "windows_i686_msvc" -version = "0.34.0" +version = "0.36.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9cd9d32ba70453522332c14d38814bceeb747d80b3958676007acadd7e166956" +checksum = "e2e7917148b2812d1eeafaeb22a97e4813dfa60a3f8f78ebe204bcc88f12f024" [[package]] name = "windows_i686_msvc" @@ -3832,9 +3800,9 @@ checksum = "84c12f65daa39dd2babe6e442988fc329d6243fdce47d7d2d155b8d874862246" [[package]] name = "windows_x86_64_gnu" -version = "0.34.0" +version = "0.36.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cfce6deae227ee8d356d19effc141a509cc503dfd1f850622ec4b0f84428e1f4" +checksum = "4dcd171b8776c41b97521e5da127a2d86ad280114807d0b2ab1e462bc764d9e1" [[package]] name = "windows_x86_64_gnu" @@ -3850,9 +3818,9 @@ checksum = "09d525d2ba30eeb3297665bd434a54297e4170c7f1a44cad4ef58095b4cd2028" [[package]] name = "windows_x86_64_msvc" -version = "0.34.0" +version = "0.36.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d19538ccc21819d01deaf88d6a17eae6596a12e9aafdbb97916fb49896d89de9" +checksum = "c811ca4a8c853ef420abd8592ba53ddbbac90410fab6903b3e79972a631f7680" [[package]] name = "windows_x86_64_msvc" @@ -3862,9 +3830,9 @@ checksum = "f40009d85759725a34da6d89a94e63d7bdc50a862acf0dbc7c8e488f1edcb6f5" [[package]] name = "winreg" -version = "0.7.0" +version = "0.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0120db82e8a1e0b9fb3345a539c478767c0048d842860994d96113d5b667bd69" +checksum = "80d0f4e272c85def139476380b12f9ac60926689dd2e01d4923222f40580869d" dependencies = [ "winapi", ] @@ -3884,21 +3852,11 @@ dependencies = [ "linked-hash-map", ] -[[package]] -name = "yamlgen" -version = "0.1.0" -dependencies = [ - "dotenv", - "kube", - "models", - "serde_yaml 0.9.14", -] - [[package]] name = "zeroize" -version = "1.4.3" +version = "1.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d68d9dcec5f9b43a30d38c49f91dfedfaac384cb8f085faca366c26207dd1619" +checksum = "c394b5bd0c6f669e7275d9c20aa90ae064cb22e75a1cad54e1b34088034b149f" [[package]] name = "zstd" @@ -3921,9 +3879,9 @@ dependencies = [ [[package]] name = "zstd-sys" -version = "2.0.1+zstd.1.5.2" +version = "2.0.4+zstd.1.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9fd07cbbc53846d9145dbffdf6dd09a7a0aa52be46741825f5c97bdd4f73f12b" +checksum = "4fa202f2ef00074143e219d15b62ffc317d17cc33909feac471c044087cad7b0" dependencies = [ "cc", "libc", diff --git a/Cargo.toml b/Cargo.toml index 0938b5ca..fd0a7e3b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -4,6 +4,6 @@ members = [ "apiserver", "controller", "models", - "yamlgen", + "deploy", "integ", ] diff --git a/Makefile b/Makefile index c2ec26c0..1d2dbb52 100644 --- a/Makefile +++ b/Makefile @@ -74,3 +74,10 @@ dist: brupop-image clean: -rm -rf target rm -f -- '$(DISTFILE)' + +build-manifest: + kubectl create namespace brupop-bottlerocket-aws \ + --dry-run=client \ + -o yaml > bottlerocket-update-operator.yaml && \ + helm template deploy/charts/bottlerocket-shadow >> bottlerocket-update-operator.yaml && \ + helm template deploy/charts/bottlerocket-update-operator >> bottlerocket-update-operator.yaml diff --git a/README.md b/README.md index 7f95f970..5a174231 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ kubectl apply -f \ https://github.com/cert-manager/cert-manager/releases/download/v1.8.2/cert-manager.yaml ``` -2. The Bottlerocket update operator can then be installed using the recommended configuration defined in [bottlerocket-update-operator.yaml](https://github.com/bottlerocket-os/bottlerocket-update-operator/blob/1.0.0/yamlgen/deploy/bottlerocket-update-operator.yaml). +2. The Bottlerocket update operator can then be installed using the recommended configuration defined in [bottlerocket-update-operator.yaml](https://github.com/bottlerocket-os/bottlerocket-update-operator/blob/1.0.0/deploy/manifests/bottlerocket-update-operator.yaml). This YAML file can also be found in the [Brupop release artifacts](https://github.com/bottlerocket-os/bottlerocket-update-operator/releases): ```sh @@ -261,12 +261,12 @@ brs-node-2 Idle 1.5.1 StagedUpdat The update operator provides metrics endpoints which can be scraped by [Prometheus](https://prometheus.io/). This allows you to monitor the history of update operations using popular metrics analysis and visualization tools. -We provide a [sample configuration](./yamlgen/telemetry/prometheus-resources.yaml) which demonstrates a Prometheus deployment into the cluster that is configured to gather metrics data from the update operator. +We provide a [sample configuration](./deploy/telemetry/prometheus-resources.yaml) which demonstrates a Prometheus deployment into the cluster that is configured to gather metrics data from the update operator. To deploy the sample configuration, you can use `kubectl`: ```sh -kubectl apply -f ./yamlgen/telemetry/prometheus-resources.yaml +kubectl apply -f ./deploy/telemetry/prometheus-resources.yaml ``` Now that Prometheus is running in the cluster, you can use the UI provided to visualize the cluster's history. @@ -335,7 +335,7 @@ Example regional image URI: ## Troubleshooting -When installed with the [default deployment](https://github.com/bottlerocket-os/bottlerocket-update-operator/blob/v1.0.0/yamlgen/deploy/bottlerocket-update-operator.yaml), the logs can be fetched through Kubernetes deployment logs. +When installed with the [default deployment](https://github.com/bottlerocket-os/bottlerocket-update-operator/blob/v1.0.0/deploy/manifests/bottlerocket-update-operator.yaml), the logs can be fetched through Kubernetes deployment logs. Because mutations to a node are orchestrated through the API server component, searching those deployment logs for a node ID can be useful. To get logs for the API server, run the following: @@ -406,7 +406,7 @@ Firstly, modify the `.env` file to contain the desired image name, as well as a Then run the following to regenerate the `.yaml` resource definitions: ```sh -cargo build -p yamlgen +cargo build -p deploy ``` These can of course be deployed using `kubectl apply` or the automatic integration testing tool [integ](https://github.com/bottlerocket-os/bottlerocket-update-operator/tree/develop/integ). diff --git a/agent/src/main.rs b/agent/src/main.rs index 93bef412..0d2a2e13 100644 --- a/agent/src/main.rs +++ b/agent/src/main.rs @@ -7,8 +7,7 @@ use kube::runtime::reflector; use kube::runtime::watcher::watcher; use kube::runtime::WatchStreamExt; use kube::Api; -use models::agent::{AGENT_TOKEN_PATH, TOKEN_PROJECTION_MOUNT_PATH}; -use models::constants::NAMESPACE; +use models::constants::{AGENT_TOKEN_PATH, AGENT_TOKEN_PROJECTION_MOUNT_PATH, NAMESPACE}; use models::node::{brs_name_from_node_name, BottlerocketShadow}; @@ -45,7 +44,7 @@ async fn run_agent() -> Result<()> { .context(agent_error::ClientCreateSnafu)?; // Configure our brupop apiserver client to use the auth token mounted to our Pod. - let token_path = Path::new(TOKEN_PROJECTION_MOUNT_PATH).join(AGENT_TOKEN_PATH); + let token_path = Path::new(AGENT_TOKEN_PROJECTION_MOUNT_PATH).join(AGENT_TOKEN_PATH); let token_path = token_path.to_str().context(agent_error::AssertionSnafu { message: "Token path (defined in models/agent.rs) is not valid unicode.", })?; diff --git a/bottlerocket-update-operator.yaml b/bottlerocket-update-operator.yaml deleted file mode 120000 index 2980a96b..00000000 --- a/bottlerocket-update-operator.yaml +++ /dev/null @@ -1 +0,0 @@ -yamlgen/deploy/bottlerocket-update-operator.yaml \ No newline at end of file diff --git a/bottlerocket-update-operator.yaml b/bottlerocket-update-operator.yaml new file mode 100644 index 00000000..9caed3ac --- /dev/null +++ b/bottlerocket-update-operator.yaml @@ -0,0 +1,770 @@ +apiVersion: v1 +kind: Namespace +metadata: + creationTimestamp: null + name: brupop-bottlerocket-aws +spec: {} +status: {} +--- +# Source: bottlerocket-shadow/templates/custom-resource-definition.yaml +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: brupop-bottlerocket-aws/brupop-apiserver-certificate + name: bottlerocketshadows.brupop.bottlerocket.aws +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: brupop-apiserver + namespace: brupop-bottlerocket-aws + path: /crdconvert + port: 443 + conversionReviewVersions: + - v2 + - v1 + group: brupop.bottlerocket.aws + names: + kind: BottlerocketShadow + plural: bottlerocketshadows + shortNames: + - brs + singular: bottlerocketshadow + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: ".status.current_state" + name: State + type: string + - jsonPath: ".status.current_version" + name: Version + type: string + - jsonPath: ".spec.state" + name: Target State + type: string + - jsonPath: ".spec.version" + name: Target Version + type: string + - jsonPath: ".status.crash_count" + name: Crash Count + type: string + name: v2 + schema: + openAPIV3Schema: + description: "Auto-generated derived type for BottlerocketShadowSpec via `CustomResource`" + properties: + spec: + description: "The `BottlerocketShadowSpec` can be used to drive a node through the update state machine. A node linearly drives towards the desired state. The brupop controller updates the spec to specify a node's desired state, and the host agent drives state changes forward and updates the `BottlerocketShadowStatus`." + properties: + state: + description: "Records the desired state of the `BottlerocketShadow`" + enum: + - Idle + - StagedAndPerformedUpdate + - RebootedIntoUpdate + - MonitoringUpdate + - ErrorReset + type: string + state_transition_timestamp: + description: The time at which the most recent state was set as the desired state. + nullable: true + type: string + version: + description: "The desired update version, if any." + nullable: true + pattern: "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" + type: string + required: + - state + type: object + status: + description: "`BottlerocketShadowStatus` surfaces the current state of a bottlerocket node. The status is updated by the host agent, while the spec is updated by the brupop controller." + nullable: true + properties: + crash_count: + format: uint32 + minimum: 0.0 + type: integer + current_state: + description: "BottlerocketShadowState represents a node's state in the update state machine." + enum: + - Idle + - StagedAndPerformedUpdate + - RebootedIntoUpdate + - MonitoringUpdate + - ErrorReset + type: string + current_version: + pattern: "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" + type: string + state_transition_failure_timestamp: + nullable: true + type: string + target_version: + pattern: "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" + type: string + required: + - crash_count + - current_state + - current_version + - target_version + type: object + required: + - spec + title: BottlerocketShadow + type: object + served: true + storage: true + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: ".status.current_state" + name: State + type: string + - jsonPath: ".status.current_version" + name: Version + type: string + - jsonPath: ".spec.state" + name: Target State + type: string + - jsonPath: ".spec.version" + name: Target Version + type: string + name: v1 + schema: + openAPIV3Schema: + description: "Auto-generated derived type for BottlerocketShadowSpec via `CustomResource`" + properties: + spec: + description: "The `BottlerocketShadowSpec` can be used to drive a node through the update state machine. A node linearly drives towards the desired state. The brupop controller updates the spec to specify a node's desired state, and the host agent drives state changes forward and updates the `BottlerocketShadowStatus`." + properties: + state: + description: "Records the desired state of the `BottlerocketShadow`" + enum: + - Idle + - StagedUpdate + - PerformedUpdate + - RebootedIntoUpdate + - MonitoringUpdate + type: string + state_transition_timestamp: + description: The time at which the most recent state was set as the desired state. + nullable: true + type: string + version: + description: "The desired update version, if any." + nullable: true + pattern: "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" + type: string + required: + - state + type: object + status: + description: "`BottlerocketShadowStatus` surfaces the current state of a bottlerocket node. The status is updated by the host agent, while the spec is updated by the brupop controller." + nullable: true + properties: + current_state: + description: "BottlerocketShadowState represents a node's state in the update state machine." + enum: + - Idle + - StagedUpdate + - PerformedUpdate + - RebootedIntoUpdate + - MonitoringUpdate + type: string + current_version: + pattern: "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" + type: string + target_version: + pattern: "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" + type: string + required: + - current_state + - current_version + - target_version + type: object + required: + - spec + title: BottlerocketShadow + type: object + served: true + storage: false + subresources: + status: {} +--- +# Source: bottlerocket-update-operator/templates/agent-service-account.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + kubernetes.io/service-account.name: brupop-agent-service-account + labels: + app.kubernetes.io/component: agent + app.kubernetes.io/managed-by: brupop + app.kubernetes.io/part-of: brupop + brupop.bottlerocket.aws/component: agent + name: brupop-agent-service-account + namespace: brupop-bottlerocket-aws +--- +# Source: bottlerocket-update-operator/templates/api-server-service-account.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + kubernetes.io/service-account.name: brupop-apiserver-service-account + labels: + app.kubernetes.io/component: apiserver + app.kubernetes.io/managed-by: brupop + app.kubernetes.io/part-of: brupop + brupop.bottlerocket.aws/component: apiserver + name: brupop-apiserver-service-account + namespace: brupop-bottlerocket-aws +--- +# Source: bottlerocket-update-operator/templates/controller-service-account.yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + kubernetes.io/service-account.name: brupop-controller-service-account + labels: + app.kubernetes.io/component: brupop-controller + app.kubernetes.io/managed-by: brupop + app.kubernetes.io/part-of: brupop + brupop.bottlerocket.aws/component: brupop-controller + name: brupop-controller-service-account + namespace: brupop-bottlerocket-aws +--- +# Source: bottlerocket-update-operator/templates/agent-cluster-role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: agent + app.kubernetes.io/managed-by: brupop + app.kubernetes.io/part-of: brupop + brupop.bottlerocket.aws/component: agent + name: brupop-agent-role + namespace: brupop-bottlerocket-aws +rules: + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - brupop.bottlerocket.aws + resources: + - bottlerocketshadows + - bottlerocketshadows/status + verbs: + - get + - list + - watch +--- +# Source: bottlerocket-update-operator/templates/api-server-cluster-role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: apiserver + app.kubernetes.io/managed-by: brupop + app.kubernetes.io/part-of: brupop + brupop.bottlerocket.aws/component: apiserver + name: brupop-apiserver-role + namespace: brupop-bottlerocket-aws +rules: + - apiGroups: + - brupop.bottlerocket.aws + resources: + - bottlerocketshadows + - bottlerocketshadows/status + verbs: + - create + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - patch + - apiGroups: + - "" + resources: + - pods/eviction + verbs: + - create +--- +# Source: bottlerocket-update-operator/templates/controller-cluster-role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: brupop-controller + app.kubernetes.io/managed-by: brupop + app.kubernetes.io/part-of: brupop + brupop.bottlerocket.aws/component: brupop-controller + name: brupop-controller-role + namespace: brupop-bottlerocket-aws +rules: + - apiGroups: + - brupop.bottlerocket.aws + resources: + - bottlerocketshadows + - bottlerocketshadows/status + verbs: + - get + - list + - watch + - apiGroups: + - brupop.bottlerocket.aws + resources: + - bottlerocketshadows + verbs: + - create + - patch + - update + - delete + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +--- +# Source: bottlerocket-update-operator/templates/agent-cluster-role-binding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: agent + app.kubernetes.io/managed-by: brupop + app.kubernetes.io/part-of: brupop + brupop.bottlerocket.aws/component: agent + name: brupop-agent-role-binding + namespace: brupop-bottlerocket-aws +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: brupop-agent-role +subjects: + - kind: ServiceAccount + name: brupop-agent-service-account + namespace: brupop-bottlerocket-aws + namespace: brupop-bottlerocket-aws +--- +# Source: bottlerocket-update-operator/templates/api-server-auth-delegation.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: apiserver + app.kubernetes.io/managed-by: brupop + app.kubernetes.io/part-of: brupop + brupop.bottlerocket.aws/component: apiserver + name: brupop-apiserver-auth-delegator-role-binding + namespace: brupop-bottlerocket-aws +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: +- kind: ServiceAccount + name: brupop-apiserver-service-account + namespace: brupop-bottlerocket-aws +--- +# Source: bottlerocket-update-operator/templates/api-server-cluster-role-binding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: apiserver + app.kubernetes.io/managed-by: brupop + app.kubernetes.io/part-of: brupop + brupop.bottlerocket.aws/component: apiserver + name: brupop-apiserver-role-binding + namespace: brupop-bottlerocket-aws +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: brupop-apiserver-role +subjects: + - kind: ServiceAccount + name: brupop-apiserver-service-account + namespace: brupop-bottlerocket-aws +--- +# Source: bottlerocket-update-operator/templates/controller-cluster-role-binding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: brupop-controller + app.kubernetes.io/managed-by: brupop + app.kubernetes.io/part-of: brupop + brupop.bottlerocket.aws/component: brupop-controller + name: brupop-controller-role-binding + namespace: brupop-bottlerocket-aws +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: brupop-controller-role +subjects: + - kind: ServiceAccount + name: brupop-controller-service-account + namespace: brupop-bottlerocket-aws +--- +# Source: bottlerocket-update-operator/templates/api-server-service.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: apiserver + app.kubernetes.io/managed-by: brupop + app.kubernetes.io/part-of: brupop + brupop.bottlerocket.aws/component: apiserver + name: brupop-apiserver + namespace: brupop-bottlerocket-aws +spec: + ports: + - port: 443 + targetPort: 8443 + selector: + brupop.bottlerocket.aws/component: apiserver +--- +# Source: bottlerocket-update-operator/templates/controller-service.yaml +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app.kubernetes.io/component: brupop-controller + app.kubernetes.io/managed-by: brupop + app.kubernetes.io/part-of: brupop + brupop.bottlerocket.aws/component: brupop-controller + name: brupop-controller-server + namespace: brupop-bottlerocket-aws +spec: + ports: + - port: 80 + targetPort: 8080 + selector: + brupop.bottlerocket.aws/component: brupop-controller +--- +# Source: bottlerocket-update-operator/templates/agent-daemonset.yaml +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: agent + app.kubernetes.io/managed-by: brupop + app.kubernetes.io/part-of: brupop + brupop.bottlerocket.aws/component: agent + name: brupop-agent + namespace: brupop-bottlerocket-aws +spec: + selector: + matchLabels: + brupop.bottlerocket.aws/component: agent + template: + metadata: + labels: + brupop.bottlerocket.aws/component: agent + namespace: brupop-bottlerocket-aws + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux + - key: bottlerocket.aws/updater-interface-version + operator: In + values: + - 2.0.0 + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + containers: + - command: + - "./agent" + env: + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: EXCLUDE_FROM_LB_WAIT_TIME_IN_SEC + value: "0" + - name: APISERVER_SERVICE_PORT + value: "443" + image: public.ecr.aws/bottlerocket/bottlerocket-update-operator:v1.0.0 + name: brupop + resources: + limits: + memory: 50Mi + requests: + cpu: 10m + memory: 50Mi + securityContext: + seLinuxOptions: + level: s0 + role: system_r + type: super_t + user: system_u + volumeMounts: + - mountPath: /run/api.sock + name: bottlerocket-api-socket + - mountPath: /bin/apiclient + name: bottlerocket-apiclient + - mountPath: /var/run/secrets/tokens/ + name: bottlerocket-agent-service-account-token + - mountPath: /etc/brupop-tls-keys + name: bottlerocket-tls-keys + serviceAccountName: brupop-agent-service-account + volumes: + - hostPath: + path: /run/api.sock + type: Socket + name: bottlerocket-api-socket + - hostPath: + path: /bin/apiclient + type: File + name: bottlerocket-apiclient + - name: bottlerocket-agent-service-account-token + projected: + sources: + - serviceAccountToken: + audience: brupop-apiserver + path: bottlerocket-agent-service-account-token + - name: bottlerocket-tls-keys + secret: + optional: false + secretName: brupop-tls +--- +# Source: bottlerocket-update-operator/templates/api-server-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: apiserver + app.kubernetes.io/managed-by: brupop + app.kubernetes.io/part-of: brupop + brupop.bottlerocket.aws/component: apiserver + name: brupop-apiserver + namespace: brupop-bottlerocket-aws +spec: + replicas: 3 + selector: + matchLabels: + brupop.bottlerocket.aws/component: apiserver + strategy: + rollingUpdate: + maxUnavailable: 33% + template: + metadata: + labels: + brupop.bottlerocket.aws/component: apiserver + namespace: brupop-bottlerocket-aws + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + containers: + - command: + - "./apiserver" + env: + - name: APISERVER_INTERNAL_PORT + value: "8443" + image: public.ecr.aws/bottlerocket/bottlerocket-update-operator:v1.0.0 + livenessProbe: + httpGet: + path: /ping + port: 8443 + scheme: HTTPS + initialDelaySeconds: 5 + name: brupop + ports: + - containerPort: 8443 + readinessProbe: + httpGet: + path: /ping + port: 8443 + scheme: HTTPS + initialDelaySeconds: 5 + volumeMounts: + - mountPath: /etc/brupop-tls-keys + name: bottlerocket-tls-keys + serviceAccountName: brupop-apiserver-service-account + volumes: + - name: bottlerocket-tls-keys + secret: + optional: false + secretName: brupop-tls +--- +# Source: bottlerocket-update-operator/templates/controller-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: brupop-controller + app.kubernetes.io/managed-by: brupop + app.kubernetes.io/part-of: brupop + brupop.bottlerocket.aws/component: brupop-controller + name: brupop-controller-deployment + namespace: brupop-bottlerocket-aws +spec: + replicas: 1 + selector: + matchLabels: + brupop.bottlerocket.aws/component: brupop-controller + strategy: + type: Recreate + template: + metadata: + labels: + brupop.bottlerocket.aws/component: brupop-controller + namespace: brupop-bottlerocket-aws + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + containers: + - command: + - "./controller" + env: + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MAX_CONCURRENT_UPDATE + value: "1" + - name: UPDATE_WINDOW_START + value: "0:0:0" + - name: UPDATE_WINDOW_STOP + value: "0:0:0" + image: public.ecr.aws/bottlerocket/bottlerocket-update-operator:v1.0.0 + name: brupop + priorityClassName: brupop-controller-high-priority + serviceAccountName: brupop-controller-service-account +--- +# Source: bottlerocket-update-operator/templates/cert-manager-certificate.yaml +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: brupop-apiserver-certificate + namespace: brupop-bottlerocket-aws +spec: + isCA: true + commonName: my-selfsigned-ca + secretName: brupop-tls + privateKey: + algorithm: RSA + encoding: PKCS8 + dnsNames: + - brupop-apiserver.brupop-bottlerocket-aws.svc.cluster.local + - brupop-apiserver.brupop-bottlerocket-aws.svc + issuerRef: + name: selfsigned-issuer + kind: ClusterIssuer + group: cert-manager.io +--- +# Source: bottlerocket-update-operator/templates/cert-manager-self-signed-issuer.yaml +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: selfsigned-issuer + namespace: brupop-bottlerocket-aws +spec: + selfSigned: {} +--- +# Source: bottlerocket-update-operator/templates/cert-manager-ca-issuer.yaml +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: my-ca-issuer + namespace: brupop-bottlerocket-aws +spec: + ca: + secretName: brupop-tls +--- +# Source: bottlerocket-update-operator/templates/controller-priority-class.yaml +apiVersion: scheduling.k8s.io/v1 +kind: PriorityClass +metadata: + name: brupop-controller-high-priority + namespace: brupop-bottlerocket-aws +preemptionPolicy: Never +value: 1000000 diff --git a/yamlgen/Cargo.toml b/deploy/Cargo.toml similarity index 94% rename from yamlgen/Cargo.toml rename to deploy/Cargo.toml index 16b03805..1da4639b 100644 --- a/yamlgen/Cargo.toml +++ b/deploy/Cargo.toml @@ -1,5 +1,5 @@ [package] -name = "yamlgen" +name = "deploy" version = "0.1.0" edition = "2018" publish = false diff --git a/deploy/build.rs b/deploy/build.rs new file mode 100644 index 00000000..f6a60138 --- /dev/null +++ b/deploy/build.rs @@ -0,0 +1,31 @@ +/*! + +The custom resource definitions are modeled as Rust structs. Here we generate +the corresponding k8s yaml files. + +!*/ + +use models::node::combined_crds; +use std::env; +use std::fs::File; +use std::path::PathBuf; + +const DEPLOY_DIR: &str = env!("CARGO_MANIFEST_DIR"); + +fn main() { + dotenv::dotenv().ok(); + // Re-run this build script if the model changes. + println!("cargo:rerun-if-changed=../models/src"); + // Re-run the yaml generation if these variables change + println!("cargo:rerun-if-env-changed=BRUPOP_CONTAINER_IMAGE"); + println!("cargo:rerun-if-env-changed=BRUPOP_CONTAINER_IMAGE_PULL_SECRET"); + + let path = PathBuf::from(DEPLOY_DIR) + .join("charts") + .join("bottlerocket-shadow") + .join("templates") + .join("custom-resource-definition.yaml"); + let brupop_shadow = File::create(&path).unwrap(); + + serde_yaml::to_writer(&brupop_shadow, &combined_crds("443".to_string())).unwrap(); +} diff --git a/deploy/charts/bottlerocket-shadow/Chart.lock b/deploy/charts/bottlerocket-shadow/Chart.lock new file mode 100644 index 00000000..e69de29b diff --git a/deploy/charts/bottlerocket-shadow/Chart.yaml b/deploy/charts/bottlerocket-shadow/Chart.yaml new file mode 100644 index 00000000..757ae6fc --- /dev/null +++ b/deploy/charts/bottlerocket-shadow/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v2 +name: bottlerocket-shadow +description: A Helm chart for the Bottlerocket shadow CRD used by the Bottlerocket update operator +home: https://github.com/bottlerocket-os/bottlerocket-update-operator +icon: https://avatars.githubusercontent.com/u/61023959?s=200&v=4 +type: application +version: 1.0.0 +appVersion: "1.0.0" +sources: + - https://github.com/bottlerocket-os/bottlerocket-update-operator diff --git a/deploy/charts/bottlerocket-shadow/LICENSE-APACHE b/deploy/charts/bottlerocket-shadow/LICENSE-APACHE new file mode 100644 index 00000000..d6456956 --- /dev/null +++ b/deploy/charts/bottlerocket-shadow/LICENSE-APACHE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/deploy/charts/bottlerocket-shadow/LICENSE-MIT b/deploy/charts/bottlerocket-shadow/LICENSE-MIT new file mode 100644 index 00000000..df3c0d62 --- /dev/null +++ b/deploy/charts/bottlerocket-shadow/LICENSE-MIT @@ -0,0 +1,8 @@ +MIT License +Copyright Amazon.com, Inc., its affiliates, or other contributors. All Rights Reserved. + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/deploy/charts/bottlerocket-shadow/README.md b/deploy/charts/bottlerocket-shadow/README.md new file mode 100644 index 00000000..a52b5ec1 --- /dev/null +++ b/deploy/charts/bottlerocket-shadow/README.md @@ -0,0 +1,14 @@ +# Bottlerocket Shadow + +Bottlerocket shadows are the "reflections" of the bottlerocket nodes themselves. + +They are used by the Bottlerocket update operator to perform update operations through the +host's `apiclient update` interface. + +To install the CRD: +``` +helm install \ + brupop-crd \ + deploy/charts/bottlerocket-shadow \ + --create-namespace +``` diff --git a/deploy/charts/bottlerocket-shadow/templates/NOTES.txt b/deploy/charts/bottlerocket-shadow/templates/NOTES.txt new file mode 100644 index 00000000..06e13d3f --- /dev/null +++ b/deploy/charts/bottlerocket-shadow/templates/NOTES.txt @@ -0,0 +1,6 @@ +Thank you for installing the Bottlerocket Shadow CRD! + +This CRD is meant to be used with the bottlerocket-update-operator (affectionatly called "brupop") +and can be installed with: + +$ helm install brupop diff --git a/deploy/charts/bottlerocket-shadow/templates/_helpers.tpl b/deploy/charts/bottlerocket-shadow/templates/_helpers.tpl new file mode 100644 index 00000000..b093b781 --- /dev/null +++ b/deploy/charts/bottlerocket-shadow/templates/_helpers.tpl @@ -0,0 +1,27 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "bottlerocket-update-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "bottlerocket-update-operator.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + diff --git a/deploy/charts/bottlerocket-shadow/templates/custom-resource-definition.yaml b/deploy/charts/bottlerocket-shadow/templates/custom-resource-definition.yaml new file mode 100644 index 00000000..53a342df --- /dev/null +++ b/deploy/charts/bottlerocket-shadow/templates/custom-resource-definition.yaml @@ -0,0 +1,188 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: brupop-bottlerocket-aws/root-certificate + name: bottlerocketshadows.brupop.bottlerocket.aws +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: brupop-apiserver + namespace: brupop-bottlerocket-aws + path: /crdconvert + port: 443 + conversionReviewVersions: + - v2 + - v1 + group: brupop.bottlerocket.aws + names: + kind: BottlerocketShadow + plural: bottlerocketshadows + shortNames: + - brs + singular: bottlerocketshadow + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: ".status.current_state" + name: State + type: string + - jsonPath: ".status.current_version" + name: Version + type: string + - jsonPath: ".spec.state" + name: Target State + type: string + - jsonPath: ".spec.version" + name: Target Version + type: string + - jsonPath: ".status.crash_count" + name: Crash Count + type: string + name: v2 + schema: + openAPIV3Schema: + description: "Auto-generated derived type for BottlerocketShadowSpec via `CustomResource`" + properties: + spec: + description: "The `BottlerocketShadowSpec` can be used to drive a node through the update state machine. A node linearly drives towards the desired state. The brupop controller updates the spec to specify a node's desired state, and the host agent drives state changes forward and updates the `BottlerocketShadowStatus`." + properties: + state: + description: "Records the desired state of the `BottlerocketShadow`" + enum: + - Idle + - StagedAndPerformedUpdate + - RebootedIntoUpdate + - MonitoringUpdate + - ErrorReset + type: string + state_transition_timestamp: + description: The time at which the most recent state was set as the desired state. + nullable: true + type: string + version: + description: "The desired update version, if any." + nullable: true + pattern: "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" + type: string + required: + - state + type: object + status: + description: "`BottlerocketShadowStatus` surfaces the current state of a bottlerocket node. The status is updated by the host agent, while the spec is updated by the brupop controller." + nullable: true + properties: + crash_count: + format: uint32 + minimum: 0.0 + type: integer + current_state: + description: "BottlerocketShadowState represents a node's state in the update state machine." + enum: + - Idle + - StagedAndPerformedUpdate + - RebootedIntoUpdate + - MonitoringUpdate + - ErrorReset + type: string + current_version: + pattern: "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" + type: string + state_transition_failure_timestamp: + nullable: true + type: string + target_version: + pattern: "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" + type: string + required: + - crash_count + - current_state + - current_version + - target_version + type: object + required: + - spec + title: BottlerocketShadow + type: object + served: true + storage: true + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: ".status.current_state" + name: State + type: string + - jsonPath: ".status.current_version" + name: Version + type: string + - jsonPath: ".spec.state" + name: Target State + type: string + - jsonPath: ".spec.version" + name: Target Version + type: string + name: v1 + schema: + openAPIV3Schema: + description: "Auto-generated derived type for BottlerocketShadowSpec via `CustomResource`" + properties: + spec: + description: "The `BottlerocketShadowSpec` can be used to drive a node through the update state machine. A node linearly drives towards the desired state. The brupop controller updates the spec to specify a node's desired state, and the host agent drives state changes forward and updates the `BottlerocketShadowStatus`." + properties: + state: + description: "Records the desired state of the `BottlerocketShadow`" + enum: + - Idle + - StagedUpdate + - PerformedUpdate + - RebootedIntoUpdate + - MonitoringUpdate + type: string + state_transition_timestamp: + description: The time at which the most recent state was set as the desired state. + nullable: true + type: string + version: + description: "The desired update version, if any." + nullable: true + pattern: "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" + type: string + required: + - state + type: object + status: + description: "`BottlerocketShadowStatus` surfaces the current state of a bottlerocket node. The status is updated by the host agent, while the spec is updated by the brupop controller." + nullable: true + properties: + current_state: + description: "BottlerocketShadowState represents a node's state in the update state machine." + enum: + - Idle + - StagedUpdate + - PerformedUpdate + - RebootedIntoUpdate + - MonitoringUpdate + type: string + current_version: + pattern: "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" + type: string + target_version: + pattern: "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$" + type: string + required: + - current_state + - current_version + - target_version + type: object + required: + - spec + title: BottlerocketShadow + type: object + served: true + storage: false + subresources: + status: {} diff --git a/deploy/charts/bottlerocket-shadow/values.yaml b/deploy/charts/bottlerocket-shadow/values.yaml new file mode 100644 index 00000000..80d4ab7e --- /dev/null +++ b/deploy/charts/bottlerocket-shadow/values.yaml @@ -0,0 +1,7 @@ +# Default values for bottlerocket-update-operator. + +# The namespace to deploy the update operator into +namespace: "brupop-bottlerocket-aws" + +# API server internal address where the conversion webhook is served +apiserver_service_port: "443" diff --git a/deploy/charts/bottlerocket-update-operator/.helmignore b/deploy/charts/bottlerocket-update-operator/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/deploy/charts/bottlerocket-update-operator/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/deploy/charts/bottlerocket-update-operator/Chart.lock b/deploy/charts/bottlerocket-update-operator/Chart.lock new file mode 100644 index 00000000..e69de29b diff --git a/deploy/charts/bottlerocket-update-operator/Chart.yaml b/deploy/charts/bottlerocket-update-operator/Chart.yaml new file mode 100644 index 00000000..94cdef5e --- /dev/null +++ b/deploy/charts/bottlerocket-update-operator/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v2 +name: bottlerocket-update-operator +description: A Helm chart for the Bottlerocket Update Operator +home: https://github.com/bottlerocket-os/bottlerocket-update-operator +icon: https://avatars.githubusercontent.com/u/61023959?s=200&v=4 +type: application +version: 1.0.0 +appVersion: "1.0.0" +sources: + - https://github.com/bottlerocket-os/bottlerocket-update-operator diff --git a/deploy/charts/bottlerocket-update-operator/LICENSE-APACHE b/deploy/charts/bottlerocket-update-operator/LICENSE-APACHE new file mode 100644 index 00000000..d6456956 --- /dev/null +++ b/deploy/charts/bottlerocket-update-operator/LICENSE-APACHE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/deploy/charts/bottlerocket-update-operator/LICENSE-MIT b/deploy/charts/bottlerocket-update-operator/LICENSE-MIT new file mode 100644 index 00000000..df3c0d62 --- /dev/null +++ b/deploy/charts/bottlerocket-update-operator/LICENSE-MIT @@ -0,0 +1,8 @@ +MIT License +Copyright Amazon.com, Inc., its affiliates, or other contributors. All Rights Reserved. + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/deploy/charts/bottlerocket-update-operator/README.md b/deploy/charts/bottlerocket-update-operator/README.md new file mode 100644 index 00000000..cba32720 --- /dev/null +++ b/deploy/charts/bottlerocket-update-operator/README.md @@ -0,0 +1,16 @@ +# Bottlerocket Update Operator Helm Chart + +This helmchart carries the templates and resource definitions for +the bottlerocket-update-operator. + +It depends on the `bottlerocket-shadow` CRD chart and should be installed +before the operator is installed. + +### Local chart development + +``` +helm install \ + brupop \ + deploy/charts/bottlerocket-update-operator \ + --create-namespace +``` diff --git a/deploy/charts/bottlerocket-update-operator/templates/NOTES.txt b/deploy/charts/bottlerocket-update-operator/templates/NOTES.txt new file mode 100644 index 00000000..1a8a4f23 --- /dev/null +++ b/deploy/charts/bottlerocket-update-operator/templates/NOTES.txt @@ -0,0 +1,11 @@ +Thank you for installing Brupop! + +The bottlerocket-update-operator will + +To label all your bottlerocket nodes: + +$ kubectl label node MY_NODE_NAME bottlerocket.aws/updater-interface-version=2.0.0 + +To see the state of your bottlerocket nodes, check the bottlerocket shadows: + +$ kubectl get bottlerocketshadows diff --git a/deploy/charts/bottlerocket-update-operator/templates/_helpers.tpl b/deploy/charts/bottlerocket-update-operator/templates/_helpers.tpl new file mode 100644 index 00000000..b093b781 --- /dev/null +++ b/deploy/charts/bottlerocket-update-operator/templates/_helpers.tpl @@ -0,0 +1,27 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "bottlerocket-update-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "bottlerocket-update-operator.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + diff --git a/deploy/charts/bottlerocket-update-operator/templates/agent-cluster-role-binding.yaml b/deploy/charts/bottlerocket-update-operator/templates/agent-cluster-role-binding.yaml new file mode 100644 index 00000000..774782f5 --- /dev/null +++ b/deploy/charts/bottlerocket-update-operator/templates/agent-cluster-role-binding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: agent + app.kubernetes.io/managed-by: brupop + app.kubernetes.io/part-of: brupop + brupop.bottlerocket.aws/component: agent + name: brupop-agent-role-binding + namespace: {{ .Values.namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: brupop-agent-role +subjects: + - kind: ServiceAccount + name: brupop-agent-service-account + namespace: brupop-bottlerocket-aws + namespace: {{ .Values.namespace }} diff --git a/deploy/charts/bottlerocket-update-operator/templates/agent-cluster-role.yaml b/deploy/charts/bottlerocket-update-operator/templates/agent-cluster-role.yaml new file mode 100644 index 00000000..7cf1a46e --- /dev/null +++ b/deploy/charts/bottlerocket-update-operator/templates/agent-cluster-role.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: agent + app.kubernetes.io/managed-by: brupop + app.kubernetes.io/part-of: brupop + brupop.bottlerocket.aws/component: agent + name: brupop-agent-role + namespace: {{ .Values.namespace }} +rules: + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - brupop.bottlerocket.aws + resources: + - bottlerocketshadows + - bottlerocketshadows/status + verbs: + - get + - list + - watch diff --git a/deploy/charts/bottlerocket-update-operator/templates/agent-daemonset.yaml b/deploy/charts/bottlerocket-update-operator/templates/agent-daemonset.yaml new file mode 100644 index 00000000..59424f36 --- /dev/null +++ b/deploy/charts/bottlerocket-update-operator/templates/agent-daemonset.yaml @@ -0,0 +1,94 @@ +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: agent + app.kubernetes.io/managed-by: brupop + app.kubernetes.io/part-of: brupop + brupop.bottlerocket.aws/component: agent + name: brupop-agent + namespace: {{ .Values.namespace }} +spec: + selector: + matchLabels: + brupop.bottlerocket.aws/component: agent + template: + metadata: + labels: + brupop.bottlerocket.aws/component: agent + namespace: {{ .Values.namespace }} + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux + - key: bottlerocket.aws/updater-interface-version + operator: In + values: + - 2.0.0 + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + containers: + - command: + - "./agent" + env: + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: EXCLUDE_FROM_LB_WAIT_TIME_IN_SEC + value: "0" + - name: APISERVER_SERVICE_PORT + value: "{{ .Values.apiserver_service_port }}" + image: {{ .Values.image }} + name: brupop + resources: + limits: + memory: 50Mi + requests: + cpu: 10m + memory: 50Mi + securityContext: + seLinuxOptions: + level: s0 + role: system_r + type: super_t + user: system_u + volumeMounts: + - mountPath: /run/api.sock + name: bottlerocket-api-socket + - mountPath: /bin/apiclient + name: bottlerocket-apiclient + - mountPath: /var/run/secrets/tokens/ + name: bottlerocket-agent-service-account-token + - mountPath: /etc/brupop-tls-keys + name: bottlerocket-tls-keys + serviceAccountName: brupop-agent-service-account + volumes: + - hostPath: + path: /run/api.sock + type: Socket + name: bottlerocket-api-socket + - hostPath: + path: /bin/apiclient + type: File + name: bottlerocket-apiclient + - name: bottlerocket-agent-service-account-token + projected: + sources: + - serviceAccountToken: + audience: brupop-apiserver + path: bottlerocket-agent-service-account-token + - name: bottlerocket-tls-keys + secret: + optional: false + secretName: brupop-apiserver-client-certificate diff --git a/deploy/charts/bottlerocket-update-operator/templates/agent-service-account.yaml b/deploy/charts/bottlerocket-update-operator/templates/agent-service-account.yaml new file mode 100644 index 00000000..789705f7 --- /dev/null +++ b/deploy/charts/bottlerocket-update-operator/templates/agent-service-account.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + kubernetes.io/service-account.name: brupop-agent-service-account + labels: + app.kubernetes.io/component: agent + app.kubernetes.io/managed-by: brupop + app.kubernetes.io/part-of: brupop + brupop.bottlerocket.aws/component: agent + name: brupop-agent-service-account + namespace: {{ .Values.namespace }} diff --git a/deploy/charts/bottlerocket-update-operator/templates/api-server-auth-delegation.yaml b/deploy/charts/bottlerocket-update-operator/templates/api-server-auth-delegation.yaml new file mode 100644 index 00000000..d64597a7 --- /dev/null +++ b/deploy/charts/bottlerocket-update-operator/templates/api-server-auth-delegation.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: apiserver + app.kubernetes.io/managed-by: brupop + app.kubernetes.io/part-of: brupop + brupop.bottlerocket.aws/component: apiserver + name: brupop-apiserver-auth-delegator-role-binding + namespace: {{ .Values.namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator +subjects: +- kind: ServiceAccount + name: brupop-apiserver-service-account + namespace: {{ .Values.namespace }} diff --git a/deploy/charts/bottlerocket-update-operator/templates/api-server-cluster-role-binding.yaml b/deploy/charts/bottlerocket-update-operator/templates/api-server-cluster-role-binding.yaml new file mode 100644 index 00000000..c746749a --- /dev/null +++ b/deploy/charts/bottlerocket-update-operator/templates/api-server-cluster-role-binding.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: apiserver + app.kubernetes.io/managed-by: brupop + app.kubernetes.io/part-of: brupop + brupop.bottlerocket.aws/component: apiserver + name: brupop-apiserver-role-binding + namespace: {{ .Values.namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: brupop-apiserver-role +subjects: + - kind: ServiceAccount + name: brupop-apiserver-service-account + namespace: {{ .Values.namespace }} + diff --git a/deploy/charts/bottlerocket-update-operator/templates/api-server-cluster-role.yaml b/deploy/charts/bottlerocket-update-operator/templates/api-server-cluster-role.yaml new file mode 100644 index 00000000..5f31a24c --- /dev/null +++ b/deploy/charts/bottlerocket-update-operator/templates/api-server-cluster-role.yaml @@ -0,0 +1,58 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: apiserver + app.kubernetes.io/managed-by: brupop + app.kubernetes.io/part-of: brupop + brupop.bottlerocket.aws/component: apiserver + name: brupop-apiserver-role + namespace: {{ .Values.namespace }} +rules: + - apiGroups: + - brupop.bottlerocket.aws + resources: + - bottlerocketshadows + - bottlerocketshadows/status + verbs: + - create + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - patch + - apiGroups: + - "" + resources: + - pods/eviction + verbs: + - create diff --git a/deploy/charts/bottlerocket-update-operator/templates/api-server-deployment.yaml b/deploy/charts/bottlerocket-update-operator/templates/api-server-deployment.yaml new file mode 100644 index 00000000..0e670cf4 --- /dev/null +++ b/deploy/charts/bottlerocket-update-operator/templates/api-server-deployment.yaml @@ -0,0 +1,70 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: apiserver + app.kubernetes.io/managed-by: brupop + app.kubernetes.io/part-of: brupop + brupop.bottlerocket.aws/component: apiserver + name: brupop-apiserver + namespace: {{ .Values.namespace }} +spec: + replicas: 3 + selector: + matchLabels: + brupop.bottlerocket.aws/component: apiserver + strategy: + rollingUpdate: + maxUnavailable: 33% + template: + metadata: + labels: + brupop.bottlerocket.aws/component: apiserver + namespace: {{ .Values.namespace }} + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + containers: + - command: + - "./apiserver" + env: + - name: APISERVER_INTERNAL_PORT + value: "{{ .Values.apiserver_internal_port }}" + image: {{ .Values.image }} + livenessProbe: + httpGet: + path: /ping + port: {{ .Values.apiserver_internal_port }} + scheme: HTTPS + initialDelaySeconds: 5 + name: brupop + ports: + - containerPort: {{ .Values.apiserver_internal_port }} + readinessProbe: + httpGet: + path: /ping + port: {{ .Values.apiserver_internal_port }} + scheme: HTTPS + initialDelaySeconds: 5 + volumeMounts: + - mountPath: /etc/brupop-tls-keys + name: bottlerocket-tls-keys + serviceAccountName: brupop-apiserver-service-account + volumes: + - name: bottlerocket-tls-keys + secret: + optional: false + secretName: brupop-apiserver-certificate diff --git a/deploy/charts/bottlerocket-update-operator/templates/api-server-service-account.yaml b/deploy/charts/bottlerocket-update-operator/templates/api-server-service-account.yaml new file mode 100644 index 00000000..c529d405 --- /dev/null +++ b/deploy/charts/bottlerocket-update-operator/templates/api-server-service-account.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + kubernetes.io/service-account.name: brupop-apiserver-service-account + labels: + app.kubernetes.io/component: apiserver + app.kubernetes.io/managed-by: brupop + app.kubernetes.io/part-of: brupop + brupop.bottlerocket.aws/component: apiserver + name: brupop-apiserver-service-account + namespace: {{ .Values.namespace }} diff --git a/deploy/charts/bottlerocket-update-operator/templates/api-server-service.yaml b/deploy/charts/bottlerocket-update-operator/templates/api-server-service.yaml new file mode 100644 index 00000000..5f8b5248 --- /dev/null +++ b/deploy/charts/bottlerocket-update-operator/templates/api-server-service.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: apiserver + app.kubernetes.io/managed-by: brupop + app.kubernetes.io/part-of: brupop + brupop.bottlerocket.aws/component: apiserver + name: brupop-apiserver + namespace: {{ .Values.namespace }} +spec: + ports: + - port: {{ .Values.apiserver_service_port }} + targetPort: {{ .Values.apiserver_internal_port }} + selector: + brupop.bottlerocket.aws/component: apiserver diff --git a/deploy/charts/bottlerocket-update-operator/templates/cert-manager-agent-cert.yaml b/deploy/charts/bottlerocket-update-operator/templates/cert-manager-agent-cert.yaml new file mode 100644 index 00000000..5521b94f --- /dev/null +++ b/deploy/charts/bottlerocket-update-operator/templates/cert-manager-agent-cert.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: brupop-apiserver-client-certificate + namespace: {{ .Values.namespace }} +spec: + secretName: brupop-apiserver-client-certificate + privateKey: + algorithm: RSA + encoding: PKCS8 + dnsNames: + - "*.brupop-bottlerocket-aws.svc.cluster.local" + - "*.brupop-bottlerocket-aws.svc" + usages: + - client auth + - key encipherment + - digital signature + issuerRef: + name: brupop-root-certificate-issuer + kind: Issuer diff --git a/deploy/charts/bottlerocket-update-operator/templates/cert-manager-apiserver-cert.yaml b/deploy/charts/bottlerocket-update-operator/templates/cert-manager-apiserver-cert.yaml new file mode 100644 index 00000000..41ebc46c --- /dev/null +++ b/deploy/charts/bottlerocket-update-operator/templates/cert-manager-apiserver-cert.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: brupop-apiserver-certificate + namespace: {{ .Values.namespace }} +spec: + secretName: brupop-apiserver-certificate + privateKey: + algorithm: RSA + encoding: PKCS8 + dnsNames: + - "*.brupop-bottlerocket-aws.svc.cluster.local" + - "*.brupop-bottlerocket-aws.svc" + usages: + - server auth + - key encipherment + - digital signature + issuerRef: + name: brupop-root-certificate-issuer + kind: Issuer diff --git a/deploy/charts/bottlerocket-update-operator/templates/cert-manager-root-cert-issuer.yaml b/deploy/charts/bottlerocket-update-operator/templates/cert-manager-root-cert-issuer.yaml new file mode 100644 index 00000000..eda5592b --- /dev/null +++ b/deploy/charts/bottlerocket-update-operator/templates/cert-manager-root-cert-issuer.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: brupop-root-certificate-issuer + namespace: {{ .Values.namespace }} +spec: + ca: + secretName: brupop-root-ca-secret diff --git a/deploy/charts/bottlerocket-update-operator/templates/cert-manager-selfsigned-ca.yaml b/deploy/charts/bottlerocket-update-operator/templates/cert-manager-selfsigned-ca.yaml new file mode 100644 index 00000000..0b07675a --- /dev/null +++ b/deploy/charts/bottlerocket-update-operator/templates/cert-manager-selfsigned-ca.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: brupop-selfsigned-ca + namespace: {{ .Values.namespace }} +spec: + isCA: true + commonName: brupop-selfsigned-ca + secretName: brupop-root-ca-secret + privateKey: + algorithm: RSA + encoding: PKCS8 + issuerRef: + name: selfsigned-issuer + kind: Issuer diff --git a/deploy/charts/bottlerocket-update-operator/templates/cert-manager-selfsigned-issuer.yaml b/deploy/charts/bottlerocket-update-operator/templates/cert-manager-selfsigned-issuer.yaml new file mode 100644 index 00000000..1bb1e6e4 --- /dev/null +++ b/deploy/charts/bottlerocket-update-operator/templates/cert-manager-selfsigned-issuer.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-issuer + namespace: {{ .Values.namespace }} +spec: + selfSigned: {} diff --git a/deploy/charts/bottlerocket-update-operator/templates/controller-cluster-role-binding.yaml b/deploy/charts/bottlerocket-update-operator/templates/controller-cluster-role-binding.yaml new file mode 100644 index 00000000..673484e0 --- /dev/null +++ b/deploy/charts/bottlerocket-update-operator/templates/controller-cluster-role-binding.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: brupop-controller + app.kubernetes.io/managed-by: brupop + app.kubernetes.io/part-of: brupop + brupop.bottlerocket.aws/component: brupop-controller + name: brupop-controller-role-binding + namespace: {{ .Values.namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: brupop-controller-role +subjects: + - kind: ServiceAccount + name: brupop-controller-service-account + namespace: {{ .Values.namespace }} diff --git a/deploy/charts/bottlerocket-update-operator/templates/controller-cluster-role.yaml b/deploy/charts/bottlerocket-update-operator/templates/controller-cluster-role.yaml new file mode 100644 index 00000000..83f2725e --- /dev/null +++ b/deploy/charts/bottlerocket-update-operator/templates/controller-cluster-role.yaml @@ -0,0 +1,50 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/component: brupop-controller + app.kubernetes.io/managed-by: brupop + app.kubernetes.io/part-of: brupop + brupop.bottlerocket.aws/component: brupop-controller + name: brupop-controller-role + namespace: {{ .Values.namespace }} +rules: + - apiGroups: + - brupop.bottlerocket.aws + resources: + - bottlerocketshadows + - bottlerocketshadows/status + verbs: + - get + - list + - watch + - apiGroups: + - brupop.bottlerocket.aws + resources: + - bottlerocketshadows + verbs: + - create + - patch + - update + - delete + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch diff --git a/deploy/charts/bottlerocket-update-operator/templates/controller-deployment.yaml b/deploy/charts/bottlerocket-update-operator/templates/controller-deployment.yaml new file mode 100644 index 00000000..63740752 --- /dev/null +++ b/deploy/charts/bottlerocket-update-operator/templates/controller-deployment.yaml @@ -0,0 +1,56 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: brupop-controller + app.kubernetes.io/managed-by: brupop + app.kubernetes.io/part-of: brupop + brupop.bottlerocket.aws/component: brupop-controller + name: brupop-controller-deployment + namespace: {{ .Values.namespace }} +spec: + replicas: 1 + selector: + matchLabels: + brupop.bottlerocket.aws/component: brupop-controller + strategy: + type: Recreate + template: + metadata: + labels: + brupop.bottlerocket.aws/component: brupop-controller + namespace: {{ .Values.namespace }} + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + containers: + - command: + - "./controller" + env: + - name: MY_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: MAX_CONCURRENT_UPDATE + value: "{{ .Values.max_concurrent_updates }}" + - name: UPDATE_WINDOW_START + value: "{{ .Values.update_window_start }}" + - name: UPDATE_WINDOW_STOP + value: "{{ .Values.update_window_stop }}" + image: {{ .Values.image }} + name: brupop + priorityClassName: brupop-controller-high-priority + serviceAccountName: brupop-controller-service-account diff --git a/deploy/charts/bottlerocket-update-operator/templates/controller-priority-class.yaml b/deploy/charts/bottlerocket-update-operator/templates/controller-priority-class.yaml new file mode 100644 index 00000000..36ee59dd --- /dev/null +++ b/deploy/charts/bottlerocket-update-operator/templates/controller-priority-class.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: scheduling.k8s.io/v1 +kind: PriorityClass +metadata: + name: brupop-controller-high-priority + namespace: {{ .Values.namespace }} +preemptionPolicy: Never +value: 1000000 diff --git a/deploy/charts/bottlerocket-update-operator/templates/controller-service-account.yaml b/deploy/charts/bottlerocket-update-operator/templates/controller-service-account.yaml new file mode 100644 index 00000000..9fd5be58 --- /dev/null +++ b/deploy/charts/bottlerocket-update-operator/templates/controller-service-account.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + annotations: + kubernetes.io/service-account.name: brupop-controller-service-account + labels: + app.kubernetes.io/component: brupop-controller + app.kubernetes.io/managed-by: brupop + app.kubernetes.io/part-of: brupop + brupop.bottlerocket.aws/component: brupop-controller + name: brupop-controller-service-account + namespace: {{ .Values.namespace }} diff --git a/deploy/charts/bottlerocket-update-operator/templates/controller-service.yaml b/deploy/charts/bottlerocket-update-operator/templates/controller-service.yaml new file mode 100644 index 00000000..17389fe0 --- /dev/null +++ b/deploy/charts/bottlerocket-update-operator/templates/controller-service.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app.kubernetes.io/component: brupop-controller + app.kubernetes.io/managed-by: brupop + app.kubernetes.io/part-of: brupop + brupop.bottlerocket.aws/component: brupop-controller + name: brupop-controller-server + namespace: {{ .Values.namespace }} +spec: + ports: + - port: 80 + targetPort: 8080 + selector: + brupop.bottlerocket.aws/component: brupop-controller diff --git a/deploy/charts/bottlerocket-update-operator/test.yaml b/deploy/charts/bottlerocket-update-operator/test.yaml new file mode 100644 index 00000000..e69de29b diff --git a/deploy/charts/bottlerocket-update-operator/values.yaml b/deploy/charts/bottlerocket-update-operator/values.yaml new file mode 100644 index 00000000..deecb305 --- /dev/null +++ b/deploy/charts/bottlerocket-update-operator/values.yaml @@ -0,0 +1,17 @@ +# Default values for bottlerocket-update-operator. + +# The namespace to deploy the update operator into +namespace: "brupop-bottlerocket-aws" + +# The image to use for brupop +image: "public.ecr.aws/bottlerocket/bottlerocket-update-operator:v1.0.0" + +# The number of max concurrent updates +max_concurrent_updates: "1" + +# Start and stop times for update window +update_window_start: "0:0:0" +update_window_stop: "0:0:0" + +apiserver_internal_port: "8443" +apiserver_service_port: "443" diff --git a/yamlgen/telemetry/prometheus-resources.yaml b/deploy/examples/prometheus-resources.yaml similarity index 100% rename from yamlgen/telemetry/prometheus-resources.yaml rename to deploy/examples/prometheus-resources.yaml diff --git a/yamlgen/deploy/bottlerocket-update-operator.yaml b/deploy/manifests/bottlerocket-update-operator.yaml similarity index 99% rename from yamlgen/deploy/bottlerocket-update-operator.yaml rename to deploy/manifests/bottlerocket-update-operator.yaml index 49093cc2..d8ee6924 100644 --- a/yamlgen/deploy/bottlerocket-update-operator.yaml +++ b/deploy/manifests/bottlerocket-update-operator.yaml @@ -188,13 +188,6 @@ spec: subresources: status: {} --- -apiVersion: v1 -kind: Namespace -metadata: - labels: - name: brupop - name: brupop-bottlerocket-aws ---- apiVersion: cert-manager.io/v1 kind: Issuer metadata: diff --git a/yamlgen/deploy/cert.yaml b/deploy/manifests/cert.yaml similarity index 100% rename from yamlgen/deploy/cert.yaml rename to deploy/manifests/cert.yaml diff --git a/yamlgen/src/lib.rs b/deploy/src/lib.rs similarity index 100% rename from yamlgen/src/lib.rs rename to deploy/src/lib.rs diff --git a/design/1.0.0-release.md b/design/1.0.0-release.md index 0018d5d1..420c4152 100644 --- a/design/1.0.0-release.md +++ b/design/1.0.0-release.md @@ -371,7 +371,7 @@ stores on the cluster. ##### Monitoring cluster history and metrics with Prometheus -[A sample configuration](https://github.com/bottlerocket-os/bottlerocket-update-operator/blob/develop/yamlgen/telemetry/prometheus-resources.yaml) +[A sample configuration](https://github.com/bottlerocket-os/bottlerocket-update-operator/blob/develop/deploy/telemetry/prometheus-resources.yaml) is provided which demonstrates a Prometheus deployment into a cluster that is configured to gather metrics data from the update operator. Once Prometheus is running in the cluster, you can use the Prometheus UI to visualize the diff --git a/integ/src/updater.rs b/integ/src/updater.rs index 4d993cfb..b4e2c43c 100644 --- a/integ/src/updater.rs +++ b/integ/src/updater.rs @@ -30,7 +30,7 @@ pub async fn process_brupop_resources(action: Action, kube_config_path: &str) -> .args([ &action_string.to_lowercase(), "-f", - "yamlgen/deploy/bottlerocket-update-operator.yaml", + "deploy/manifests/bottlerocket-update-operator.yaml", "--kubeconfig", kube_config_path, ]) diff --git a/models/src/agent.rs b/models/src/agent.rs deleted file mode 100644 index edc10567..00000000 --- a/models/src/agent.rs +++ /dev/null @@ -1,293 +0,0 @@ -use crate::brupop_labels; -use crate::constants::{ - AGENT, AGENT_NAME, APISERVER_SERVICE_NAME, APP_COMPONENT, APP_MANAGED_BY, APP_PART_OF, BRUPOP, - BRUPOP_INTERFACE_VERSION, LABEL_BRUPOP_INTERFACE_NAME, LABEL_COMPONENT, NAMESPACE, - TLS_KEY_MOUNT_PATH, -}; -use k8s_openapi::api::apps::v1::{DaemonSet, DaemonSetSpec}; -use k8s_openapi::api::core::v1::{ - Affinity, Container, EnvVar, EnvVarSource, HostPathVolumeSource, LocalObjectReference, - NodeAffinity, NodeSelector, NodeSelectorRequirement, NodeSelectorTerm, ObjectFieldSelector, - PodSpec, PodTemplateSpec, ProjectedVolumeSource, ResourceRequirements, SELinuxOptions, - SecretVolumeSource, SecurityContext, ServiceAccount, ServiceAccountTokenProjection, Volume, - VolumeMount, VolumeProjection, -}; -use k8s_openapi::api::rbac::v1::{ClusterRole, ClusterRoleBinding, PolicyRule, RoleRef, Subject}; -use k8s_openapi::apimachinery::pkg::api::resource::Quantity; -use k8s_openapi::apimachinery::pkg::apis::meta::v1::LabelSelector; -use kube::api::ObjectMeta; -use maplit::btreemap; - -const BRUPOP_AGENT_SERVICE_ACCOUNT: &str = "brupop-agent-service-account"; -const BRUPOP_AGENT_CLUSTER_ROLE: &str = "brupop-agent-role"; -const BRUPOP_APISERVER_CLIENT_CERT_SECRET_NAME: &str = "brupop-apiserver-client-certificate"; - -pub const TOKEN_PROJECTION_MOUNT_PATH: &str = "/var/run/secrets/tokens/"; -pub const AGENT_TOKEN_PATH: &str = "bottlerocket-agent-service-account-token"; - -/// Defines the brupop-agent service account -pub fn agent_service_account() -> ServiceAccount { - ServiceAccount { - metadata: ObjectMeta { - labels: Some(brupop_labels!(AGENT)), - name: Some(BRUPOP_AGENT_SERVICE_ACCOUNT.to_string()), - namespace: Some(NAMESPACE.to_string()), - annotations: Some(btreemap! { - "kubernetes.io/service-account.name".to_string() => BRUPOP_AGENT_SERVICE_ACCOUNT.to_string() - }), - ..Default::default() - }, - ..Default::default() - } -} - -/// Defines the brupop-agent cluster role -pub fn agent_cluster_role() -> ClusterRole { - ClusterRole { - metadata: ObjectMeta { - labels: Some(brupop_labels!(AGENT)), - name: Some(BRUPOP_AGENT_CLUSTER_ROLE.to_string()), - namespace: Some(NAMESPACE.to_string()), - ..Default::default() - }, - rules: Some(vec![ - PolicyRule { - api_groups: Some(vec!["".to_string()]), - resources: Some(vec!["nodes".to_string()]), - verbs: vec!["get", "list", "watch"] - .iter() - .map(|s| s.to_string()) - .collect(), - ..Default::default() - }, - PolicyRule { - api_groups: Some(vec!["brupop.bottlerocket.aws".to_string()]), - resources: Some(vec![ - "bottlerocketshadows".to_string(), - "bottlerocketshadows/status".to_string(), - ]), - verbs: vec!["get", "list", "watch"] - .iter() - .map(|s| s.to_string()) - .collect(), - ..Default::default() - }, - ]), - ..Default::default() - } -} - -/// Defines the brupop-agent cluster role binding -pub fn agent_cluster_role_binding() -> ClusterRoleBinding { - ClusterRoleBinding { - metadata: ObjectMeta { - labels: Some(brupop_labels!(AGENT)), - name: Some("brupop-agent-role-binding".to_string()), - namespace: Some(NAMESPACE.to_string()), - ..Default::default() - }, - role_ref: RoleRef { - api_group: "rbac.authorization.k8s.io".to_string(), - kind: "ClusterRole".to_string(), - name: BRUPOP_AGENT_CLUSTER_ROLE.to_string(), - }, - subjects: Some(vec![Subject { - kind: "ServiceAccount".to_string(), - name: BRUPOP_AGENT_SERVICE_ACCOUNT.to_string(), - namespace: Some(NAMESPACE.to_string()), - ..Default::default() - }]), - } -} - -/// Defines the brupop-agent DaemonSet -pub fn agent_daemonset( - agent_image: String, - image_pull_secret: Option, - exclude_from_lb_wait_time: u64, - apiserver_service_port: String, -) -> DaemonSet { - let image_pull_secrets = - image_pull_secret.map(|secret| vec![LocalObjectReference { name: Some(secret) }]); - - DaemonSet { - metadata: ObjectMeta { - labels: Some(brupop_labels!(AGENT)), - name: Some(AGENT_NAME.to_string()), - namespace: Some(NAMESPACE.to_string()), - ..Default::default() - }, - spec: Some(DaemonSetSpec { - selector: LabelSelector { - match_labels: Some(btreemap! { LABEL_COMPONENT.to_string() => AGENT.to_string()}), - ..Default::default() - }, - template: PodTemplateSpec { - metadata: Some(ObjectMeta { - labels: Some(btreemap! { - LABEL_COMPONENT.to_string() => AGENT.to_string(), - }), - namespace: Some(NAMESPACE.to_string()), - ..Default::default() - }), - spec: Some(PodSpec { - affinity: Some(Affinity { - node_affinity: Some(NodeAffinity { - required_during_scheduling_ignored_during_execution: Some( - NodeSelector { - node_selector_terms: vec![NodeSelectorTerm { - match_expressions: Some(vec![ - NodeSelectorRequirement { - key: "kubernetes.io/os".to_string(), - operator: "In".to_string(), - values: Some(vec!["linux".to_string()]), - }, - NodeSelectorRequirement { - key: LABEL_BRUPOP_INTERFACE_NAME.to_string(), - operator: "In".to_string(), - values: Some(vec![ - BRUPOP_INTERFACE_VERSION.to_string() - ]), - }, - NodeSelectorRequirement { - key: "kubernetes.io/arch".to_string(), - operator: "In".to_string(), - values: Some(vec![ - "amd64".to_string(), - "arm64".to_string(), - ]), - }, - ]), - ..Default::default() - }], - }, - ), - ..Default::default() - }), - ..Default::default() - }), - containers: vec![Container { - image: Some(agent_image), - name: BRUPOP.to_string(), - image_pull_policy: None, - command: Some(vec!["./agent".to_string()]), - env: Some(vec![ - EnvVar { - name: "MY_NODE_NAME".to_string(), - value_from: Some(EnvVarSource { - field_ref: Some(ObjectFieldSelector { - field_path: "spec.nodeName".to_string(), - ..Default::default() - }), - ..Default::default() - }), - ..Default::default() - }, - EnvVar { - name: "EXCLUDE_FROM_LB_WAIT_TIME_IN_SEC".to_string(), - value: Some(exclude_from_lb_wait_time.to_string()), - ..Default::default() - }, - EnvVar { - name: "APISERVER_SERVICE_PORT".to_string(), - value: Some(apiserver_service_port), - ..Default::default() - }, - ]), - resources: Some(ResourceRequirements { - requests: Some(btreemap! { - "memory".to_string() => Quantity("8Mi".to_string()), - "cpu".to_string() => Quantity("5m".to_string()), - }), - limits: Some(btreemap! { - "memory".to_string() => Quantity("50Mi".to_string()), - "cpu".to_string() => Quantity("10m".to_string()), - }), - }), - volume_mounts: Some(vec![ - VolumeMount { - name: "bottlerocket-api-socket".to_string(), - mount_path: "/run/api.sock".to_string(), - ..Default::default() - }, - VolumeMount { - name: "bottlerocket-apiclient".to_string(), - mount_path: "/bin/apiclient".to_string(), - ..Default::default() - }, - VolumeMount { - name: "bottlerocket-agent-service-account-token".to_string(), - mount_path: TOKEN_PROJECTION_MOUNT_PATH.to_string(), - ..Default::default() - }, - VolumeMount { - name: "bottlerocket-tls-keys".to_string(), - mount_path: TLS_KEY_MOUNT_PATH.to_string(), - ..Default::default() - }, - ]), - security_context: Some(SecurityContext { - se_linux_options: Some(SELinuxOptions { - role: Some("system_r".to_string()), - type_: Some("super_t".to_string()), - user: Some("system_u".to_string()), - level: Some("s0".to_string()), - }), - ..Default::default() - }), - ..Default::default() - }], - service_account_name: Some(BRUPOP_AGENT_SERVICE_ACCOUNT.to_string()), - image_pull_secrets, - volumes: Some(vec![ - Volume { - name: "bottlerocket-api-socket".to_string(), - host_path: Some(HostPathVolumeSource { - path: "/run/api.sock".to_string(), - type_: Some("Socket".to_string()), - }), - ..Default::default() - }, - Volume { - name: "bottlerocket-apiclient".to_string(), - host_path: Some(HostPathVolumeSource { - path: "/bin/apiclient".to_string(), - type_: Some("File".to_string()), - }), - ..Default::default() - }, - Volume { - name: "bottlerocket-agent-service-account-token".to_string(), - projected: Some(ProjectedVolumeSource { - sources: Some(vec![VolumeProjection { - service_account_token: Some(ServiceAccountTokenProjection { - path: AGENT_TOKEN_PATH.to_string(), - audience: Some(APISERVER_SERVICE_NAME.to_string()), - ..Default::default() - }), - ..Default::default() - }]), - ..Default::default() - }), - ..Default::default() - }, - Volume { - name: "bottlerocket-tls-keys".to_string(), - secret: Some(SecretVolumeSource { - secret_name: Some( - BRUPOP_APISERVER_CLIENT_CERT_SECRET_NAME.to_string(), - ), - optional: Some(false), - ..Default::default() - }), - ..Default::default() - }, - ]), - ..Default::default() - }), - }, - ..Default::default() - }), - ..Default::default() - } -} diff --git a/models/src/apiserver.rs b/models/src/apiserver.rs deleted file mode 100644 index 91a44240..00000000 --- a/models/src/apiserver.rs +++ /dev/null @@ -1,334 +0,0 @@ -use crate::brupop_labels; -use crate::constants::{ - APISERVER, APISERVER_HEALTH_CHECK_ROUTE, APISERVER_MAX_UNAVAILABLE, APISERVER_SERVICE_NAME, - APP_COMPONENT, APP_MANAGED_BY, APP_PART_OF, BRUPOP, BRUPOP_DOMAIN_LIKE_NAME, LABEL_COMPONENT, - NAMESPACE, TLS_KEY_MOUNT_PATH, -}; -use crate::node::{K8S_NODE_PLURAL, K8S_NODE_STATUS}; -use k8s_openapi::api::apps::v1::{ - Deployment, DeploymentSpec, DeploymentStrategy, RollingUpdateDeployment, -}; -use k8s_openapi::api::core::v1::{ - Affinity, Container, ContainerPort, EnvVar, HTTPGetAction, LocalObjectReference, NodeAffinity, - NodeSelector, NodeSelectorRequirement, NodeSelectorTerm, PodSpec, PodTemplateSpec, Probe, - ResourceRequirements, SecretVolumeSource, Service, ServiceAccount, ServicePort, ServiceSpec, - Volume, VolumeMount, -}; -use k8s_openapi::api::rbac::v1::{ClusterRole, ClusterRoleBinding, PolicyRule, RoleRef, Subject}; -use k8s_openapi::apimachinery::pkg::api::resource::Quantity; -use k8s_openapi::apimachinery::pkg::apis::meta::v1::LabelSelector; -use k8s_openapi::apimachinery::pkg::util::intstr::IntOrString; -use kube::api::ObjectMeta; -use maplit::btreemap; - -const BRUPOP_APISERVER_SERVICE_ACCOUNT: &str = "brupop-apiserver-service-account"; -const BRUPOP_APISERVER_CLUSTER_ROLE: &str = "brupop-apiserver-role"; -const BRUPOP_APISERVER_CERT_SECRET_NAME: &str = "brupop-apiserver-certificate"; - -// A kubernetes system role which allows a system to use the TokenReview API. -const AUTH_DELEGATOR_ROLE_NAME: &str = "system:auth-delegator"; - -/// Defines the brupop-apiserver service account -pub fn apiserver_service_account() -> ServiceAccount { - ServiceAccount { - metadata: ObjectMeta { - labels: Some(brupop_labels!(APISERVER)), - name: Some(BRUPOP_APISERVER_SERVICE_ACCOUNT.to_string()), - namespace: Some(NAMESPACE.to_string()), - annotations: Some(btreemap! { - "kubernetes.io/service-account.name".to_string() => BRUPOP_APISERVER_SERVICE_ACCOUNT.to_string() - }), - ..Default::default() - }, - ..Default::default() - } -} - -/// Defines the brupop-apiserver cluster role -pub fn apiserver_cluster_role() -> ClusterRole { - ClusterRole { - metadata: ObjectMeta { - labels: Some(brupop_labels!(APISERVER)), - name: Some(BRUPOP_APISERVER_CLUSTER_ROLE.to_string()), - namespace: Some(NAMESPACE.to_string()), - ..Default::default() - }, - rules: Some(vec![ - PolicyRule { - api_groups: Some(vec![BRUPOP_DOMAIN_LIKE_NAME.to_string()]), - resources: Some(vec![ - K8S_NODE_PLURAL.to_string(), - K8S_NODE_STATUS.to_string(), - ]), - verbs: vec!["create", "get", "list", "patch", "update", "watch"] - .iter() - .map(|s| s.to_string()) - .collect(), - ..Default::default() - }, - PolicyRule { - api_groups: Some(vec!["apps".to_string()]), - resources: Some(vec!["deployments".to_string()]), - verbs: vec![ - "create", - "delete", - "deletecollection", - "get", - "list", - "patch", - "update", - ] - .iter() - .map(|s| s.to_string()) - .collect(), - ..Default::default() - }, - PolicyRule { - api_groups: Some(vec!["".to_string()]), - resources: Some(vec!["pods".to_string()]), - verbs: vec!["get", "list", "watch"] - .iter() - .map(|s| s.to_string()) - .collect(), - ..Default::default() - }, - PolicyRule { - api_groups: Some(vec!["".to_string()]), - resources: Some(vec!["nodes".to_string()]), - verbs: vec!["get", "list", "patch"] - .iter() - .map(|s| s.to_string()) - .collect(), - ..Default::default() - }, - PolicyRule { - api_groups: Some(vec!["".to_string()]), - resources: Some(vec!["pods/eviction".to_string()]), - verbs: vec!["create"].iter().map(|s| s.to_string()).collect(), - ..Default::default() - }, - ]), - ..Default::default() - } -} - -/// Defines the brupop-apiserver cluster role binding -pub fn apiserver_cluster_role_binding() -> ClusterRoleBinding { - ClusterRoleBinding { - metadata: ObjectMeta { - labels: Some(brupop_labels!(APISERVER)), - name: Some("brupop-apiserver-role-binding".to_string()), - namespace: Some(NAMESPACE.to_string()), - ..Default::default() - }, - role_ref: RoleRef { - api_group: "rbac.authorization.k8s.io".to_string(), - kind: "ClusterRole".to_string(), - name: BRUPOP_APISERVER_CLUSTER_ROLE.to_string(), - }, - subjects: Some(vec![Subject { - kind: "ServiceAccount".to_string(), - name: BRUPOP_APISERVER_SERVICE_ACCOUNT.to_string(), - namespace: Some(NAMESPACE.to_string()), - ..Default::default() - }]), - } -} - -/// Defines the brupop-apiserver cluster role binding -pub fn apiserver_auth_delegator_cluster_role_binding() -> ClusterRoleBinding { - ClusterRoleBinding { - metadata: ObjectMeta { - labels: Some(brupop_labels!(APISERVER)), - name: Some("brupop-apiserver-auth-delegator-role-binding".to_string()), - namespace: Some(NAMESPACE.to_string()), - ..Default::default() - }, - role_ref: RoleRef { - api_group: "rbac.authorization.k8s.io".to_string(), - kind: "ClusterRole".to_string(), - name: AUTH_DELEGATOR_ROLE_NAME.to_string(), - }, - subjects: Some(vec![Subject { - kind: "ServiceAccount".to_string(), - name: BRUPOP_APISERVER_SERVICE_ACCOUNT.to_string(), - namespace: Some(NAMESPACE.to_string()), - ..Default::default() - }]), - } -} - -/// Defines the brupop-apiserver deployment -pub fn apiserver_deployment( - apiserver_image: String, - image_pull_secret: Option, - apiserver_internal_port: String, -) -> Deployment { - let image_pull_secrets = - image_pull_secret.map(|secret| vec![LocalObjectReference { name: Some(secret) }]); - - let apiserver_internal_port_conv: i32 = apiserver_internal_port.parse().unwrap(); - - Deployment { - metadata: ObjectMeta { - labels: Some(brupop_labels!(APISERVER)), - name: Some(APISERVER_SERVICE_NAME.to_string()), - namespace: Some(NAMESPACE.to_string()), - ..Default::default() - }, - spec: Some(DeploymentSpec { - replicas: Some(3), - selector: LabelSelector { - match_labels: Some( - btreemap! { LABEL_COMPONENT.to_string() => APISERVER.to_string()}, - ), - ..Default::default() - }, - strategy: Some(DeploymentStrategy { - rolling_update: Some(RollingUpdateDeployment { - max_unavailable: Some(IntOrString::String( - APISERVER_MAX_UNAVAILABLE.to_string(), - )), - ..Default::default() - }), - ..Default::default() - }), - template: PodTemplateSpec { - metadata: Some(ObjectMeta { - labels: Some(btreemap! { - LABEL_COMPONENT.to_string() => APISERVER.to_string(), - }), - namespace: Some(NAMESPACE.to_string()), - ..Default::default() - }), - spec: Some(PodSpec { - affinity: Some(Affinity { - node_affinity: Some(NodeAffinity { - required_during_scheduling_ignored_during_execution: Some( - NodeSelector { - node_selector_terms: vec![NodeSelectorTerm { - match_expressions: Some(vec![ - NodeSelectorRequirement { - key: "kubernetes.io/os".to_string(), - operator: "In".to_string(), - values: Some(vec!["linux".to_string()]), - }, - NodeSelectorRequirement { - key: "kubernetes.io/arch".to_string(), - operator: "In".to_string(), - // TODO make sure the pod works on arm64 before adding arm64 here. - // https://github.com/bottlerocket-os/bottlerocket-test-system/issues/90 - values: Some(vec![ - "amd64".to_string(), - "arm64".to_string(), - ]), - }, - ]), - ..Default::default() - }], - }, - ), - ..Default::default() - }), - // TODO: Potentially add pods we want to avoid here, e.g. update operator agent pod - pod_anti_affinity: None, - ..Default::default() - }), - containers: vec![Container { - image: Some(apiserver_image), - image_pull_policy: None, - name: BRUPOP.to_string(), - command: Some(vec!["./apiserver".to_string()]), - env: Some(vec![EnvVar { - name: "APISERVER_INTERNAL_PORT".to_string(), - value: Some(apiserver_internal_port), - ..Default::default() - }]), - resources: Some(ResourceRequirements { - requests: Some(btreemap! { - "memory".to_string() => Quantity("8Mi".to_string()), - "cpu".to_string() => Quantity("3m".to_string()), - }), - limits: Some(btreemap! { - "memory".to_string() => Quantity("50Mi".to_string()), - "cpu".to_string() => Quantity("10m".to_string()), - }), - }), - ports: Some(vec![ContainerPort { - container_port: apiserver_internal_port_conv, - ..Default::default() - }]), - liveness_probe: Some(Probe { - http_get: Some(HTTPGetAction { - path: Some(APISERVER_HEALTH_CHECK_ROUTE.to_string()), - port: IntOrString::Int(apiserver_internal_port_conv), - scheme: Some("HTTPS".to_string()), - ..Default::default() - }), - initial_delay_seconds: Some(5), - ..Default::default() - }), - readiness_probe: Some(Probe { - http_get: Some(HTTPGetAction { - path: Some(APISERVER_HEALTH_CHECK_ROUTE.to_string()), - port: IntOrString::Int(apiserver_internal_port_conv), - scheme: Some("HTTPS".to_string()), - ..Default::default() - }), - initial_delay_seconds: Some(5), - ..Default::default() - }), - volume_mounts: Some(vec![VolumeMount { - name: "bottlerocket-tls-keys".to_string(), - mount_path: TLS_KEY_MOUNT_PATH.to_string(), - ..Default::default() - }]), - ..Default::default() - }], - volumes: Some(vec![Volume { - name: "bottlerocket-tls-keys".to_string(), - secret: Some(SecretVolumeSource { - secret_name: Some(BRUPOP_APISERVER_CERT_SECRET_NAME.to_string()), - optional: Some(false), - ..Default::default() - }), - ..Default::default() - }]), - image_pull_secrets, - service_account_name: Some(BRUPOP_APISERVER_SERVICE_ACCOUNT.to_string()), - ..Default::default() - }), - }, - ..Default::default() - }), - ..Default::default() - } -} - -pub fn apiserver_service( - apiserver_internal_port: String, - apiserver_service_port: String, -) -> Service { - let apiserver_internal_port_conv: i32 = apiserver_internal_port.parse().unwrap(); - let apiserver_service_port_conv: i32 = apiserver_service_port.parse().unwrap(); - - Service { - metadata: ObjectMeta { - labels: Some(brupop_labels!(APISERVER)), - name: Some(APISERVER_SERVICE_NAME.to_string()), - namespace: Some(NAMESPACE.to_string()), - ..Default::default() - }, - - spec: Some(ServiceSpec { - selector: Some(btreemap! { LABEL_COMPONENT.to_string() => APISERVER.to_string()}), - ports: Some(vec![ServicePort { - port: apiserver_service_port_conv, - target_port: Some(IntOrString::Int(apiserver_internal_port_conv)), - ..Default::default() - }]), - ..Default::default() - }), - ..Default::default() - } -} diff --git a/models/src/constants.rs b/models/src/constants.rs index 2ddb0fef..702b351f 100644 --- a/models/src/constants.rs +++ b/models/src/constants.rs @@ -1,3 +1,5 @@ +// TODO - need to refactor constants + /// Helper macro to avoid retyping the base domain-like name of our system when creating further /// string constants from it. When given no parameters, this returns the base domain-like name of /// the system. When given a string literal parameter it adds `/parameter` to the end. @@ -63,6 +65,8 @@ pub const APISERVER_SERVICE_NAME: &str = "brupop-apiserver"; // The name for the // agent constants pub const AGENT: &str = "agent"; pub const AGENT_NAME: &str = "brupop-agent"; +pub const AGENT_TOKEN_PROJECTION_MOUNT_PATH: &str = "/var/run/secrets/tokens/"; +pub const AGENT_TOKEN_PATH: &str = "bottlerocket-agent-service-account-token"; // controller constants pub const CONTROLLER: &str = "brupop-controller"; diff --git a/models/src/controller.rs b/models/src/controller.rs deleted file mode 100644 index ead39b48..00000000 --- a/models/src/controller.rs +++ /dev/null @@ -1,292 +0,0 @@ -use crate::brupop_labels; -use crate::constants::{ - APP_COMPONENT, APP_MANAGED_BY, APP_PART_OF, BRUPOP, BRUPOP_CONTROLLER_PREEMPTION_POLICY, - BRUPOP_CONTROLLER_PRIORITY_CLASS, BRUPOP_CONTROLLER_PRIORITY_VALUE, BRUPOP_DOMAIN_LIKE_NAME, - CONTROLLER, CONTROLLER_DEPLOYMENT_NAME, CONTROLLER_INTERNAL_PORT, CONTROLLER_SERVICE_NAME, - CONTROLLER_SERVICE_PORT, LABEL_COMPONENT, NAMESPACE, -}; -use crate::node::{K8S_NODE_PLURAL, K8S_NODE_STATUS}; -use k8s_openapi::api::apps::v1::{Deployment, DeploymentSpec, DeploymentStrategy}; -use k8s_openapi::api::core::v1::{ - Affinity, Container, EnvVar, EnvVarSource, LocalObjectReference, NodeAffinity, NodeSelector, - NodeSelectorRequirement, NodeSelectorTerm, ObjectFieldSelector, PodSpec, PodTemplateSpec, - ResourceRequirements, Service, ServiceAccount, ServicePort, ServiceSpec, -}; -use k8s_openapi::api::rbac::v1::{ClusterRole, ClusterRoleBinding, PolicyRule, RoleRef, Subject}; -use k8s_openapi::api::scheduling::v1::PriorityClass; -use k8s_openapi::apimachinery::pkg::api::resource::Quantity; -use k8s_openapi::apimachinery::pkg::apis::meta::v1::LabelSelector; -use k8s_openapi::apimachinery::pkg::util::intstr::IntOrString; -use kube::api::ObjectMeta; -use maplit::btreemap; - -const BRUPOP_CONTROLLER_SERVICE_ACCOUNT: &str = "brupop-controller-service-account"; -const BRUPOP_CONTROLLER_CLUSTER_ROLE: &str = "brupop-controller-role"; - -/// Defines the brupop-controller service account -pub fn controller_service_account() -> ServiceAccount { - ServiceAccount { - metadata: ObjectMeta { - labels: Some(brupop_labels!(CONTROLLER)), - name: Some(BRUPOP_CONTROLLER_SERVICE_ACCOUNT.to_string()), - namespace: Some(NAMESPACE.to_string()), - annotations: Some(btreemap! { - "kubernetes.io/service-account.name".to_string() => BRUPOP_CONTROLLER_SERVICE_ACCOUNT.to_string() - }), - ..Default::default() - }, - ..Default::default() - } -} - -/// Defines the brupop-controller cluster role -pub fn controller_cluster_role() -> ClusterRole { - ClusterRole { - metadata: ObjectMeta { - labels: Some(brupop_labels!(CONTROLLER)), - name: Some(BRUPOP_CONTROLLER_CLUSTER_ROLE.to_string()), - namespace: Some(NAMESPACE.to_string()), - ..Default::default() - }, - rules: Some(vec![ - PolicyRule { - api_groups: Some(vec![BRUPOP_DOMAIN_LIKE_NAME.to_string()]), - resources: Some(vec![ - K8S_NODE_PLURAL.to_string(), - K8S_NODE_STATUS.to_string(), - ]), - verbs: vec!["get", "list", "watch"] - .iter() - .map(|s| s.to_string()) - .collect(), - ..Default::default() - }, - PolicyRule { - api_groups: Some(vec![BRUPOP_DOMAIN_LIKE_NAME.to_string()]), - resources: Some(vec![K8S_NODE_PLURAL.to_string()]), - verbs: vec!["create", "patch", "update", "delete"] - .iter() - .map(|s| s.to_string()) - .collect(), - ..Default::default() - }, - PolicyRule { - api_groups: Some(vec!["apps".to_string()]), - resources: Some(vec!["deployments".to_string()]), - verbs: vec![ - "create", - "delete", - "deletecollection", - "get", - "list", - "patch", - "update", - ] - .iter() - .map(|s| s.to_string()) - .collect(), - ..Default::default() - }, - PolicyRule { - api_groups: Some(vec!["".to_string()]), - resources: Some(vec!["nodes".to_string()]), - verbs: vec!["get", "list", "watch"] - .iter() - .map(|s| s.to_string()) - .collect(), - ..Default::default() - }, - ]), - ..Default::default() - } -} - -/// Defines the brupop-controller cluster role binding -pub fn controller_cluster_role_binding() -> ClusterRoleBinding { - ClusterRoleBinding { - metadata: ObjectMeta { - labels: Some(brupop_labels!(CONTROLLER)), - name: Some("brupop-controller-role-binding".to_string()), - namespace: Some(NAMESPACE.to_string()), - ..Default::default() - }, - role_ref: RoleRef { - api_group: "rbac.authorization.k8s.io".to_string(), - kind: "ClusterRole".to_string(), - name: BRUPOP_CONTROLLER_CLUSTER_ROLE.to_string(), - }, - subjects: Some(vec![Subject { - kind: "ServiceAccount".to_string(), - name: BRUPOP_CONTROLLER_SERVICE_ACCOUNT.to_string(), - namespace: Some(NAMESPACE.to_string()), - ..Default::default() - }]), - } -} - -/// Defines the brupop-controller deployment -pub fn controller_deployment( - brupop_image: String, - image_pull_secret: Option, - max_concurrent_update: String, - update_window_start: String, - update_window_stop: String, -) -> Deployment { - let image_pull_secrets = - image_pull_secret.map(|secret| vec![LocalObjectReference { name: Some(secret) }]); - - Deployment { - metadata: ObjectMeta { - labels: Some(brupop_labels!(CONTROLLER)), - name: Some(CONTROLLER_DEPLOYMENT_NAME.to_string()), - namespace: Some(NAMESPACE.to_string()), - ..Default::default() - }, - spec: Some(DeploymentSpec { - replicas: Some(1), - selector: LabelSelector { - match_labels: Some( - btreemap! { LABEL_COMPONENT.to_string() => CONTROLLER.to_string()}, - ), - ..Default::default() - }, - strategy: Some(DeploymentStrategy { - type_: Some("Recreate".to_string()), - ..Default::default() - }), - template: PodTemplateSpec { - metadata: Some(ObjectMeta { - labels: Some(btreemap! { - LABEL_COMPONENT.to_string() => CONTROLLER.to_string(), - }), - namespace: Some(NAMESPACE.to_string()), - ..Default::default() - }), - spec: Some(PodSpec { - affinity: Some(Affinity { - node_affinity: Some(NodeAffinity { - required_during_scheduling_ignored_during_execution: Some( - NodeSelector { - node_selector_terms: vec![NodeSelectorTerm { - match_expressions: Some(vec![ - NodeSelectorRequirement { - key: "kubernetes.io/os".to_string(), - operator: "In".to_string(), - values: Some(vec!["linux".to_string()]), - }, - NodeSelectorRequirement { - key: "kubernetes.io/arch".to_string(), - operator: "In".to_string(), - // TODO make sure the pod works on arm64 before adding arm64 here. - // https://github.com/bottlerocket-os/bottlerocket-test-system/issues/90 - values: Some(vec![ - "amd64".to_string(), - "arm64".to_string(), - ]), - }, - ]), - ..Default::default() - }], - }, - ), - ..Default::default() - }), - pod_anti_affinity: None, - ..Default::default() - }), - containers: vec![Container { - image: Some(brupop_image), - image_pull_policy: None, - name: BRUPOP.to_string(), - command: Some(vec!["./controller".to_string()]), - env: Some(vec![ - EnvVar { - name: "MY_NODE_NAME".to_string(), - value_from: Some(EnvVarSource { - field_ref: Some(ObjectFieldSelector { - field_path: "spec.nodeName".to_string(), - ..Default::default() - }), - ..Default::default() - }), - ..Default::default() - }, - EnvVar { - name: "MAX_CONCURRENT_UPDATE".to_string(), - value: Some(max_concurrent_update), - ..Default::default() - }, - EnvVar { - name: "UPDATE_WINDOW_START".to_string(), - value: Some(update_window_start), - ..Default::default() - }, - EnvVar { - name: "UPDATE_WINDOW_STOP".to_string(), - value: Some(update_window_stop), - ..Default::default() - }, - ]), - resources: Some(ResourceRequirements { - requests: Some(btreemap! { - "memory".to_string() => Quantity("8Mi".to_string()), - "cpu".to_string() => Quantity("3m".to_string()), - }), - limits: Some(btreemap! { - "memory".to_string() => Quantity("50Mi".to_string()), - "cpu".to_string() => Quantity("10m".to_string()), - }), - }), - ..Default::default() - }], - image_pull_secrets, - service_account_name: Some(BRUPOP_CONTROLLER_SERVICE_ACCOUNT.to_string()), - priority_class_name: Some(BRUPOP_CONTROLLER_PRIORITY_CLASS.to_string()), - ..Default::default() - }), - }, - ..Default::default() - }), - ..Default::default() - } -} - -pub fn controller_service() -> Service { - Service { - metadata: ObjectMeta { - labels: Some(brupop_labels!(CONTROLLER)), - name: Some(CONTROLLER_SERVICE_NAME.to_string()), - namespace: Some(NAMESPACE.to_string()), - annotations: Some(btreemap! { - "prometheus.io/scrape".to_string() => true.to_string(), - "prometheus.io/port".to_string() => "8080".to_string(), - }), - ..Default::default() - }, - - spec: Some(ServiceSpec { - selector: Some(btreemap! { LABEL_COMPONENT.to_string() => CONTROLLER.to_string()}), - ports: Some(vec![ServicePort { - port: CONTROLLER_SERVICE_PORT, - target_port: Some(IntOrString::Int(CONTROLLER_INTERNAL_PORT)), - ..Default::default() - }]), - ..Default::default() - }), - ..Default::default() - } -} - -/// Defines the brupop-controller priority class -pub fn controller_priority_class() -> PriorityClass { - PriorityClass { - metadata: ObjectMeta { - name: Some(BRUPOP_CONTROLLER_PRIORITY_CLASS.to_string()), - namespace: Some(NAMESPACE.to_string()), - ..Default::default() - }, - preemption_policy: Some(BRUPOP_CONTROLLER_PREEMPTION_POLICY.to_string()), - value: BRUPOP_CONTROLLER_PRIORITY_VALUE, - ..Default::default() - } -} diff --git a/models/src/lib.rs b/models/src/lib.rs index 9383fc74..1aa265ff 100644 --- a/models/src/lib.rs +++ b/models/src/lib.rs @@ -1,6 +1,2 @@ -pub mod agent; -pub mod apiserver; pub mod constants; -pub mod controller; -pub mod namespace; pub mod node; diff --git a/models/src/namespace.rs b/models/src/namespace.rs deleted file mode 100644 index da1b6ee9..00000000 --- a/models/src/namespace.rs +++ /dev/null @@ -1,19 +0,0 @@ -use crate::constants::NAMESPACE; -use k8s_openapi::api::core::v1::Namespace; -use kube::api::ObjectMeta; -use maplit::btreemap; - -/// Defines the brupop namespace -pub fn brupop_namespace() -> Namespace { - Namespace { - metadata: ObjectMeta { - labels: Some(btreemap! { - "name".to_string() => "brupop".to_string() - }), - name: Some(NAMESPACE.to_string()), - ..Default::default() - }, - spec: None, - status: None, - } -} diff --git a/yamlgen/build.rs b/yamlgen/build.rs deleted file mode 100644 index 110c6f32..00000000 --- a/yamlgen/build.rs +++ /dev/null @@ -1,195 +0,0 @@ -/*! - -The custom resource definitions are modeled as Rust structs. Here we generate -the corresponding k8s yaml files. - -!*/ - -use models::{ - agent::{ - agent_cluster_role, agent_cluster_role_binding, agent_daemonset, agent_service_account, - }, - apiserver::{ - apiserver_auth_delegator_cluster_role_binding, apiserver_cluster_role, - apiserver_cluster_role_binding, apiserver_deployment, apiserver_service, - apiserver_service_account, - }, - controller::{ - controller_cluster_role, controller_cluster_role_binding, controller_deployment, - controller_priority_class, controller_service, controller_service_account, - }, - namespace::brupop_namespace, - node::combined_crds, -}; -use std::env; -use std::fs::File; -use std::io::{Read, Write}; -use std::path::PathBuf; - -const YAMLGEN_DIR: &str = env!("CARGO_MANIFEST_DIR"); -const HEADER: &str = "# This file is generated. Do not edit.\n"; -const YAML_DOC_LEADER: &str = "---\n"; - -fn main() { - dotenv::dotenv().ok(); - // Re-run this build script if the model changes. - println!("cargo:rerun-if-changed=../models/src"); - // Re-run the yaml generation if these variables change - println!("cargo:rerun-if-env-changed=BRUPOP_CONTAINER_IMAGE"); - println!("cargo:rerun-if-env-changed=BRUPOP_CONTAINER_IMAGE_PULL_SECRET"); - - let path = PathBuf::from(YAMLGEN_DIR) - .join("deploy") - .join("bottlerocket-update-operator.yaml"); - let mut brupop_resources = File::create(&path).unwrap(); - - // testsys-crd related K8S manifest - let apiserver_internal_port = env::var("APISERVER_INTERNAL_PORT").ok().unwrap(); - let apiserver_service_port = env::var("APISERVER_SERVICE_PORT").ok().unwrap(); - brupop_resources.write_all(HEADER.as_bytes()).unwrap(); - brupop_resources - .write_all(YAML_DOC_LEADER.as_bytes()) - .unwrap(); - serde_yaml::to_writer( - &brupop_resources, - &combined_crds(apiserver_service_port.clone()), - ) - .unwrap(); - - let brupop_image = env::var("BRUPOP_CONTAINER_IMAGE").ok().unwrap(); - let brupop_image_pull_secrets = env::var("BRUPOP_CONTAINER_IMAGE_PULL_SECRET").ok(); - let exclude_from_lb_wait_time: u64 = env::var("EXCLUDE_FROM_LB_WAIT_TIME_IN_SEC") - .ok() - .unwrap() - .parse() - .unwrap(); - let update_window_start: String = env::var("UPDATE_WINDOW_START").ok().unwrap(); - let update_window_stop: String = env::var("UPDATE_WINDOW_STOP").ok().unwrap(); - - let max_concurrent_update: String = env::var("MAX_CONCURRENT_UPDATE") - .ok() - .unwrap() - .to_lowercase(); - // Make sure it is integer if it is not "unlimited" - if !max_concurrent_update.eq("unlimited") { - max_concurrent_update.parse::().unwrap(); - } - brupop_resources - .write_all(YAML_DOC_LEADER.as_bytes()) - .unwrap(); - serde_yaml::to_writer(&brupop_resources, &brupop_namespace()).unwrap(); - - // cert-manager and secret - let cert_path = PathBuf::from(YAMLGEN_DIR).join("deploy").join("cert.yaml"); - let mut cert_file = File::open(cert_path).unwrap(); - let mut contents = String::new(); - cert_file.read_to_string(&mut contents).unwrap(); - brupop_resources.write_all(contents.as_bytes()).unwrap(); - - // apiserver resources - brupop_resources - .write_all(YAML_DOC_LEADER.as_bytes()) - .unwrap(); - serde_yaml::to_writer(&brupop_resources, &apiserver_service_account()).unwrap(); - brupop_resources - .write_all(YAML_DOC_LEADER.as_bytes()) - .unwrap(); - serde_yaml::to_writer(&brupop_resources, &apiserver_cluster_role()).unwrap(); - brupop_resources - .write_all(YAML_DOC_LEADER.as_bytes()) - .unwrap(); - serde_yaml::to_writer(&brupop_resources, &apiserver_cluster_role_binding()).unwrap(); - brupop_resources - .write_all(YAML_DOC_LEADER.as_bytes()) - .unwrap(); - serde_yaml::to_writer( - &brupop_resources, - &apiserver_auth_delegator_cluster_role_binding(), - ) - .unwrap(); - brupop_resources - .write_all(YAML_DOC_LEADER.as_bytes()) - .unwrap(); - serde_yaml::to_writer( - &brupop_resources, - &apiserver_deployment( - brupop_image.clone(), - brupop_image_pull_secrets.clone(), - apiserver_internal_port.clone(), - ), - ) - .unwrap(); - - brupop_resources - .write_all(YAML_DOC_LEADER.as_bytes()) - .unwrap(); - serde_yaml::to_writer( - &brupop_resources, - &apiserver_service(apiserver_internal_port, apiserver_service_port.clone()), - ) - .unwrap(); - - // agent resources - brupop_resources - .write_all(YAML_DOC_LEADER.as_bytes()) - .unwrap(); - serde_yaml::to_writer(&brupop_resources, &agent_service_account()).unwrap(); - brupop_resources - .write_all(YAML_DOC_LEADER.as_bytes()) - .unwrap(); - serde_yaml::to_writer(&brupop_resources, &agent_cluster_role()).unwrap(); - brupop_resources - .write_all(YAML_DOC_LEADER.as_bytes()) - .unwrap(); - serde_yaml::to_writer(&brupop_resources, &agent_cluster_role_binding()).unwrap(); - brupop_resources - .write_all(YAML_DOC_LEADER.as_bytes()) - .unwrap(); - serde_yaml::to_writer( - &brupop_resources, - &agent_daemonset( - brupop_image.clone(), - brupop_image_pull_secrets.clone(), - exclude_from_lb_wait_time, - apiserver_service_port, - ), - ) - .unwrap(); - - // controller resources - brupop_resources - .write_all(YAML_DOC_LEADER.as_bytes()) - .unwrap(); - serde_yaml::to_writer(&brupop_resources, &controller_service_account()).unwrap(); - brupop_resources - .write_all(YAML_DOC_LEADER.as_bytes()) - .unwrap(); - serde_yaml::to_writer(&brupop_resources, &controller_cluster_role()).unwrap(); - brupop_resources - .write_all(YAML_DOC_LEADER.as_bytes()) - .unwrap(); - serde_yaml::to_writer(&brupop_resources, &controller_cluster_role_binding()).unwrap(); - brupop_resources - .write_all(YAML_DOC_LEADER.as_bytes()) - .unwrap(); - serde_yaml::to_writer(&brupop_resources, &controller_priority_class()).unwrap(); - brupop_resources - .write_all(YAML_DOC_LEADER.as_bytes()) - .unwrap(); - serde_yaml::to_writer( - &brupop_resources, - &controller_deployment( - brupop_image, - brupop_image_pull_secrets, - max_concurrent_update, - update_window_start, - update_window_stop, - ), - ) - .unwrap(); - - brupop_resources - .write_all(YAML_DOC_LEADER.as_bytes()) - .unwrap(); - serde_yaml::to_writer(&brupop_resources, &controller_service()).unwrap(); -}