*: Generate all manifests

Sharding and autosharding introduced a number of manifests that are very similar, but not identical to the standard manifests. This introduces generating all manifests using jsonnet.
kubernetes · Oct 1, 2019 · 20a3a9e · 20a3a9e
1 parent 1d69c1e
commit 20a3a9e
Show file tree

Hide file tree

Showing 26 changed files with 385 additions and 201 deletions.
diff --git a/.gitignore b/.gitignore
@@ -35,3 +35,6 @@ _testmain.go
 
 # Generated CLI help file
 help.txt
+
+# jsonnet dependency management
+/scripts/vendor
diff --git a/.travis.yml b/.travis.yml
@@ -31,6 +31,8 @@ jobs:
     - stage: all
       name: Lint
       script: make lint
+    - name: Validate generated manifests
+      script: make validate-manifests
     - name: Validate vendor is in sync with go modules
       script: make validate-modules
     - name: Check that all metrics are documented

diff --git a/Makefile b/Makefile
@@ -2,7 +2,8 @@ FLAGS =
 TESTENVVAR =
 REGISTRY = quay.io/coreos
 TAG_PREFIX = v
-TAG = $(TAG_PREFIX)$(shell cat VERSION)
+VERSION = $(shell cat VERSION)
+TAG = $(TAG_PREFIX)$(VERSION)
 LATEST_RELEASE_BRANCH := release-$(shell grep -ohE "[0-9]+.[0-9]+" VERSION)
 PKGS = $(shell go list ./... | grep -v /vendor/ | grep -v /tests/e2e)
 ARCH ?= $(shell go env GOARCH)
@@ -132,6 +133,28 @@ generate: build-local embedmd
 	@./scripts/generate-help-text.sh
 	@$(GOPATH)/bin/embedmd -w `find . -path ./vendor -prune -o -name "*.md" -print`
 
+validate-manifests: kubernetes
+	@git diff --exit-code
+
+kubernetes: kubernetes/standard kubernetes/autosharding
+
+kubernetes/standard: jsonnet $(shell find jsonnet | grep ".libsonnet") scripts/standard.jsonnet scripts/vendor
+	mkdir -p kubernetes/standard
+	jsonnet -J scripts/vendor -m kubernetes/standard --ext-str version="$(VERSION)" scripts/standard.jsonnet | xargs -I{} sh -c 'cat {} | gojsontoyaml > `echo {} | sed "s/\([a-z0-9]\)\([A-Z]\)/\1-\L\2/g"`.yaml; rm -f {}' -- {}
+
+kubernetes/autosharding: jsonnet $(shell find jsonnet | grep ".libsonnet") scripts/autosharding.jsonnet scripts/vendor
+	mkdir -p kubernetes/autosharding
+	jsonnet -J scripts/vendor -m kubernetes/autosharding --ext-str version="$(VERSION)" scripts/autosharding.jsonnet | xargs -I{} sh -c 'cat {} | gojsontoyaml > `echo {} | sed "s/\([a-z0-9]\)\([A-Z]\)/\1-\L\2/g"`.yaml; rm -f {}' -- {}
+
+scripts/vendor: jb scripts/jsonnetfile.json scripts/jsonnetfile.lock.json
+	cd scripts && jb install
+
+jsonnet:
+	GO111MODULE=off go get github.com/google/go-jsonnet/cmd/jsonnet
+
+jb:
+	GO111MODULE=off go get github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb
+
 embedmd:
 	GO111MODULE=off go get github.com/campoy/embedmd
 

diff --git a/README.md b/README.md
@@ -214,7 +214,7 @@ service account token that has read-only access to the Kubernetes cluster.
 
 #### Kubernetes Deployment
 
-To deploy this project, you can simply run `kubectl apply -f kubernetes` and a
+To deploy this project, you can simply run `kubectl apply -f kubernetes/standard` and a
 Kubernetes service and deployment will be created. (Note: Adjust the apiVersion of some resource if your kubernetes cluster's version is not 1.8+, check the yaml file for more information). The service already has a
 `prometheus.io/scrape: 'true'` annotation and if you added the recommended
 Prometheus service-endpoint scraping configuration, Prometheus will pick it up automatically and you can start using the generated
@@ -226,7 +226,7 @@ metrics right away.
 kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=$(gcloud info --format='value(config.account)')
 ```
 
-Note that your GCP identity is case sensitive but `gcloud info` as of Google Cloud SDK 221.0.0 is not. This means that if your IAM member contains capital letters, the above one-liner may not work for you. If you have 403 forbidden responses after running the above command and kubectl apply -f kubernetes, check the IAM member associated with your account at https://console.cloud.google.com/iam-admin/iam?project=PROJECT_ID. If it contains capital letters, you may need to set the --user flag in the command above to the case-sensitive role listed at https://console.cloud.google.com/iam-admin/iam?project=PROJECT_ID.
+Note that your GCP identity is case sensitive but `gcloud info` as of Google Cloud SDK 221.0.0 is not. This means that if your IAM member contains capital letters, the above one-liner may not work for you. If you have 403 forbidden responses after running the above command and `kubectl apply -f kubernetes/standard`, check the IAM member associated with your account at https://console.cloud.google.com/iam-admin/iam?project=PROJECT_ID. If it contains capital letters, you may need to set the --user flag in the command above to the case-sensitive role listed at https://console.cloud.google.com/iam-admin/iam?project=PROJECT_ID.
 
 After running the above, if you see `Clusterrolebinding "cluster-admin-binding" created`, then you are able to continue with the setup of this service.
 

diff --git a/...e-state-metrics-cluster-role-binding.yaml → ...es/autosharding/cluster-role-binding.yaml b/...e-state-metrics-cluster-role-binding.yaml → ...es/autosharding/cluster-role-binding.yaml
@@ -1,7 +1,9 @@
 apiVersion: rbac.authorization.k8s.io/v1
-# kubernetes versions before 1.8.0 should use rbac.authorization.k8s.io/v1beta1
 kind: ClusterRoleBinding
 metadata:
+  labels:
+    app.kubernetes.io/name: kube-state-metrics
+    app.kubernetes.io/version: v1.8.0-rc.0
   name: kube-state-metrics
 roleRef:
   apiGroup: rbac.authorization.k8s.io

diff --git a/kubernetes/autosharding/cluster-role.yaml b/kubernetes/autosharding/cluster-role.yaml
@@ -0,0 +1,94 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: kube-state-metrics
+    app.kubernetes.io/version: v1.8.0-rc.0
+  name: kube-state-metrics
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - secrets
+  - nodes
+  - pods
+  - services
+  - resourcequotas
+  - replicationcontrollers
+  - limitranges
+  - persistentvolumeclaims
+  - persistentvolumes
+  - namespaces
+  - endpoints
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - extensions
+  resources:
+  - daemonsets
+  - deployments
+  - replicasets
+  - ingresses
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - apps
+  resources:
+  - statefulsets
+  - daemonsets
+  - deployments
+  - replicasets
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - batch
+  resources:
+  - cronjobs
+  - jobs
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - autoscaling
+  resources:
+  - horizontalpodautoscalers
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
+- apiGroups:
+  - policy
+  resources:
+  - poddisruptionbudgets
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - certificates.k8s.io
+  resources:
+  - certificatesigningrequests
+  verbs:
+  - list
+  - watch
+- apiGroups:
+  - storage.k8s.io
+  resources:
+  - storageclasses
+  verbs:
+  - list
+  - watch
diff --git a/kubernetes/autosharding/kube-state-metrics-cluster-role.yaml b/kubernetes/autosharding/kube-state-metrics-cluster-role.yaml
diff --git a/kubernetes/autosharding/kube-state-metrics-role.yaml b/kubernetes/autosharding/kube-state-metrics-role.yaml
diff --git a/kubernetes/autosharding/kube-state-metrics-service-account.yaml b/kubernetes/autosharding/kube-state-metrics-service-account.yaml
diff --git a/...ding/kube-state-metrics-role-binding.yaml → kubernetes/autosharding/role-binding.yaml b/...ding/kube-state-metrics-role-binding.yaml → kubernetes/autosharding/role-binding.yaml
@@ -1,13 +1,14 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
+  labels:
+    app.kubernetes.io/name: kube-state-metrics
+    app.kubernetes.io/version: v1.8.0-rc.0
   name: kube-state-metrics
-  namespace: kube-system
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: kube-state-metrics-autosharding
+  name: kube-state-metrics
 subjects:
 - kind: ServiceAccount
   name: kube-state-metrics
-  namespace: kube-system
diff --git a/kubernetes/autosharding/role.yaml b/kubernetes/autosharding/role.yaml
@@ -0,0 +1,23 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/name: kube-state-metrics
+    app.kubernetes.io/version: v1.8.0-rc.0
+  name: kube-state-metrics
+  namespace: kube-system
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+- apiGroups:
+  - apps
+  resourceNames:
+  - kube-state-metrics
+  resources:
+  - statefulsets
+  verbs:
+  - get
diff --git a/kubernetes/autosharding/service-account.yaml b/kubernetes/autosharding/service-account.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: kube-state-metrics
+    app.kubernetes.io/version: v1.8.0-rc.1
+  name: kube-state-metrics
+  namespace: kube-system
diff --git a/kubernetes/kube-state-metrics-service.yaml → kubernetes/autosharding/service.yaml b/kubernetes/kube-state-metrics-service.yaml → kubernetes/autosharding/service.yaml
@@ -1,21 +1,19 @@
 apiVersion: v1
 kind: Service
 metadata:
+  labels:
+    app.kubernetes.io/name: kube-state-metrics
+    app.kubernetes.io/version: v1.8.0-rc.0
   name: kube-state-metrics
   namespace: kube-system
-  labels:
-    k8s-app: kube-state-metrics
-  annotations:
-    prometheus.io/scrape: 'true'
 spec:
+  clusterIP: None
   ports:
   - name: http-metrics
     port: 8080
     targetPort: http-metrics
-    protocol: TCP
   - name: telemetry
     port: 8081
     targetPort: telemetry
-    protocol: TCP
   selector:
-    k8s-app: kube-state-metrics
+    app.kubernetes.io/name: kube-state-metrics