Skip to content

Commit

Permalink
feat: Use the latest image of vm-console-proxy
Browse files Browse the repository at this point in the history 
- Updated data/vm-console-proxy-bundle/vm-console-proxy.yaml
- Updated release script to change vm-console-proxy image tag.
- csv-generator uses VM_CONSOLE_PROXY_IMAGE env variable to set the image.
- Operator deploys new resources needed by vm-console-proxy.
- Operator removes Route resource, that is no longer needed.

Signed-off-by: Andrej Krejcir <[email protected]>
  • Loading branch information
@akrejcir
akrejcir committed Aug 15, 2023
1 parent b76f208 commit ccdef89
Show file tree
Hide file tree
Showing 19 changed files with 729 additions and 131 deletions.
1 change: 1 addition & 0 deletions .github/workflows/release-vm-console-proxy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ jobs:
OUTPUT_FILE=./data/vm-console-proxy-bundle/vm-console-proxy.yaml
mkdir -p ./data/vm-console-proxy-bundle
curl -L https://github.com/kubevirt/vm-console-proxy/releases/download/${RELEASE_VERSION}/vm-console-proxy.yaml > ${OUTPUT_FILE}
sed -i "s/defaultVmConsoleProxyImageTag = .*$/defaultVmConsoleProxyImageTag = \"${RELEASE_VERSION}\"/" ./internal/operands/vm-console-proxy/defaults.go
- name: Create pull request
if: ${{ github.event.client_payload.release_version }} != ''
Expand Down
1 change: 1 addition & 0 deletions config/manager/manager.template.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ spec:
- name: OPERATOR_VERSION
- name: TEKTON_TASKS_IMAGE
- name: TEKTON_TASKS_DISK_VIRT_IMAGE
- name: VM_CONSOLE_PROXY_IMAGE
image: controller:latest
name: manager
resources:
Expand Down
57 changes: 47 additions & 10 deletions config/rbac/role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,17 @@ rules:
verbs:
- list
- watch
- apiGroups:
- apiregistration.k8s.io
resources:
- apiservices
verbs:
- create
- delete
- get
- list
- update
- watch
- apiGroups:
- apps
resources:
Expand Down Expand Up @@ -184,16 +195,32 @@ rules:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- serviceaccounts/token
verbs:
- create
- apiGroups:
- ""
resources:
Expand Down Expand Up @@ -225,14 +252,6 @@ rules:
- list
- update
- watch
- apiGroups:
- kubevirt.io
resources:
- virtualmachineinstances
verbs:
- get
- list
- watch
- apiGroups:
- kubevirt.io
resources:
Expand Down Expand Up @@ -279,6 +298,18 @@ rules:
- list
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- rolebindings
verbs:
- create
- delete
- list
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
Expand Down Expand Up @@ -320,18 +351,18 @@ rules:
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- create
- delete
- list
- update
- watch
- apiGroups:
- ssp.kubevirt.io
Expand All @@ -353,6 +384,12 @@ rules:
- ssps/status
verbs:
- update
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachineinstances/vnc
verbs:
- get
- apiGroups:
- subresources.kubevirt.io
resources:
Expand Down
58 changes: 48 additions & 10 deletions data/olm-catalog/ssp-operator.clusterserviceversion.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,17 @@ spec:
verbs:
- list
- watch
- apiGroups:
- apiregistration.k8s.io
resources:
- apiservices
verbs:
- create
- delete
- get
- list
- update
- watch
- apiGroups:
- apps
resources:
Expand Down Expand Up @@ -245,16 +256,32 @@ spec:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- serviceaccounts/token
verbs:
- create
- apiGroups:
- ""
resources:
Expand Down Expand Up @@ -286,14 +313,6 @@ spec:
- list
- update
- watch
- apiGroups:
- kubevirt.io
resources:
- virtualmachineinstances
verbs:
- get
- list
- watch
- apiGroups:
- kubevirt.io
resources:
Expand Down Expand Up @@ -340,6 +359,18 @@ spec:
- list
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- rolebindings
verbs:
- create
- delete
- list
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
Expand Down Expand Up @@ -381,18 +412,18 @@ spec:
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- create
- delete
- list
- update
- watch
- apiGroups:
- ssp.kubevirt.io
Expand All @@ -414,6 +445,12 @@ spec:
- ssps/status
verbs:
- update
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachineinstances/vnc
verbs:
- get
- apiGroups:
- subresources.kubevirt.io
resources:
Expand Down Expand Up @@ -494,6 +531,7 @@ spec:
value: 0.14.0
- name: TEKTON_TASKS_IMAGE
- name: TEKTON_TASKS_DISK_VIRT_IMAGE
- name: VM_CONSOLE_PROXY_IMAGE
image: quay.io/kubevirt/ssp-operator:latest
livenessProbe:
httpGet:
Expand Down
76 changes: 69 additions & 7 deletions data/vm-console-proxy-bundle/vm-console-proxy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,48 @@ rules:
- kubevirt.io
resources:
- virtualmachineinstances
- virtualmachines
verbs:
- get
- list
- watch
- apiGroups:
- subresources.kubevirt.io
resources:
- virtualmachineinstances/vnc
verbs:
- get
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- get
- list
- watch
- create
- update
- delete
- patch
- apiGroups:
- ""
resources:
- serviceaccounts/token
verbs:
- create
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
- rolebindings
verbs:
- get
- list
- watch
- create
- update
- delete
- patch
- apiGroups:
- authentication.k8s.io
resources:
Expand All @@ -41,6 +79,20 @@ rules:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: vm-console-proxy
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: vm-console-proxy
namespace: kubevirt
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: vm-console-proxy
Expand Down Expand Up @@ -100,7 +152,7 @@ spec:
- args: []
command:
- /console
image: quay.io/kubevirt/vm-console-proxy:v0.2.0
image: quay.io/kubevirt/vm-console-proxy:v0.3.0
imagePullPolicy: Always
name: console
ports:
Expand All @@ -119,9 +171,6 @@ spec:
- mountPath: /tmp/vm-console-proxy-cert
name: vm-console-proxy-cert
readOnly: true
- mountPath: /etc/virt-handler/clientcertificates
name: kubevirt-virt-handler-certs
readOnly: true
securityContext:
runAsNonRoot: true
seccompProfile:
Expand All @@ -135,6 +184,19 @@ spec:
- name: vm-console-proxy-cert
secret:
secretName: vm-console-proxy-cert
- name: kubevirt-virt-handler-certs
secret:
secretName: kubevirt-virt-handler-certs
---
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
annotations:
service.beta.openshift.io/inject-cabundle: "true"
name: v1alpha1.token.kubevirt.io
spec:
group: token.kubevirt.io
groupPriorityMinimum: 2000
service:
name: vm-console-proxy
namespace: kubevirt
port: 443
version: v1alpha1
versionPriority: 10
Loading

0 comments on commit ccdef89

Please sign in to comment.