Merge pull request #6 from appuio/feat/ratio-webhook

Add request ratio webhook
appuio · Apr 5, 2022 · 9216e2a · 9216e2a
2 parents e07b6f4 + a1f5383
commit 9216e2a
Show file tree

Hide file tree

Showing 16 changed files with 1,634 additions and 27 deletions.
diff --git a/.gitignore b/.gitignore
@@ -13,3 +13,6 @@ node_modules/
 
 # kind
 .kind/
+
+# tem cert
+webhook-certs/
diff --git a/Makefile b/Makefile
@@ -24,12 +24,16 @@ build: build-bin build-docker ## All-in-one build
 .PHONY: build-bin
 build-bin: export CGO_ENABLED = 0
 build-bin: fmt vet ## Build binary
-	@go build -o $(BIN_FILENAME) ./...
+	@go build -o $(BIN_FILENAME)
 
 .PHONY: build-docker
 build-docker: build-bin ## Build docker image
 	$(DOCKER_CMD) build -t $(CONTAINER_IMG) .
 
+.PHONY: run
+run:
+	go run . -webhook-cert-dir webhook-certs
+
 .PHONY: test
 test: test-go ## All-in-one test
 

diff --git a/PROJECT b/PROJECT
@@ -0,0 +1,6 @@
+domain: appuio.io
+layout:
+- go.kubebuilder.io/v3
+projectName: appuio-cloud-agent
+repo: github.com/appuio/appuio-cloud-agent
+version: "3"
diff --git a/README.md b/README.md
@@ -14,3 +14,65 @@
 The APPUiO Cloud Agent is a controller running on every APPUiO Cloud Zone.
 
 
+
+## Run locally
+
+## Local development environment
+
+You can setup a [kind]-based local environment with
+
+```bash
+make kind
+export KUBECONFIG=.kind/kind-kubeconfig-v1.23.0
+```
+
+[kind]: https://kind.sigs.k8s.io/
+
+
+### Running the agent locally
+
+You can run the agent locally against the currently configured Kubernetes cluster with
+
+```bash
+make run
+```
+
+To access the locally running controller webhook server, you need to register it with the [kind]-based local environment.
+You can do this by applying the following manifests:
+
+```
+HOSTIP=$(docker inspect appuio-cloud-agent-v1.23.0-control-plane | jq '.[0].NetworkSettings.Networks.kind.Gateway')
+
+cat <<EOF | sed -e "s/172.21.0.1/$HOSTIP/g" | kubectl apply -f -
+apiVersion: v1
+kind: Service
+metadata:
+  name: webhook-service
+  namespace: default
+spec:
+  ports:
+  - port: 9443
+    protocol: TCP
+    targetPort: 9443
+  type: ExternalName
+  externalName: 172.21.0.1 # Change to host IP
+EOF
+
+kubctl apply -f ./config/webhook/manifests.yaml
+
+kubectl patch validatingwebhookconfiguration validating-webhook-configuration \
+  -p '{
+    "webhooks": [
+      {
+        "name": "validate-users.appuio.io",
+        "clientConfig": {
+          "caBundle": "'"$(base64 -w0 "./local-env/webhook-certs/tls.crt)"'",
+          "service": {
+            "namespace": "default",
+            "port": 9443
+          }
+        }
+      }
+    ]
+  }'
+```
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  name: appuio-cloud-agent
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+  - list
+  - watch
diff --git a/config/webhook/manifests.yaml b/config/webhook/manifests.yaml
@@ -0,0 +1,29 @@
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  creationTimestamp: null
+  name: validating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: system
+      path: /validate-request-ratio
+  failurePolicy: Ignore
+  matchPolicy: Equivalent
+  name: validate-request-ratio.appuio.io
+  rules:
+  - apiGroups:
+    - '*'
+    apiVersions:
+    - '*'
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - '*'
+    scope: "Namespaced"
+  sideEffects: None
diff --git a/go.mod b/go.mod
@@ -2,21 +2,77 @@ module github.com/appuio/appuio-cloud-agent
 
 go 1.18
 
-require sigs.k8s.io/kind v0.11.1
+require (
+	github.com/stretchr/testify v1.7.1
+	k8s.io/api v0.23.5
+	k8s.io/apimachinery v0.23.5
+	k8s.io/client-go v0.23.5
+	sigs.k8s.io/controller-runtime v0.11.2
+	sigs.k8s.io/controller-tools v0.8.0
+	sigs.k8s.io/kind v0.11.1
+)
 
 require (
 	github.com/BurntSushi/toml v0.3.1 // indirect
 	github.com/alessio/shellescape v1.4.1 // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/cespare/xxhash/v2 v2.1.1 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/evanphx/json-patch v4.12.0+incompatible // indirect
 	github.com/evanphx/json-patch/v5 v5.2.0 // indirect
+	github.com/fatih/color v1.12.0 // indirect
+	github.com/fsnotify/fsnotify v1.5.1 // indirect
+	github.com/go-logr/logr v1.2.0 // indirect
+	github.com/go-logr/zapr v1.2.0 // indirect
+	github.com/gobuffalo/flect v0.2.3 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/google/go-cmp v0.5.6 // indirect
+	github.com/google/gofuzz v1.1.0 // indirect
+	github.com/google/uuid v1.1.2 // indirect
+	github.com/googleapis/gnostic v0.5.5 // indirect
+	github.com/imdario/mergo v0.3.12 // indirect
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/mattn/go-colorable v0.1.8 // indirect
 	github.com/mattn/go-isatty v0.0.12 // indirect
-	github.com/pelletier/go-toml v1.8.1 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/pelletier/go-toml v1.9.3 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/spf13/cobra v1.1.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/prometheus/client_golang v1.11.0 // indirect
+	github.com/prometheus/client_model v0.2.0 // indirect
+	github.com/prometheus/common v0.28.0 // indirect
+	github.com/prometheus/procfs v0.6.0 // indirect
+	github.com/spf13/cobra v1.2.1 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	golang.org/x/sys v0.0.0-20210510120138-977fb7262007 // indirect
-	gopkg.in/yaml.v2 v2.2.8 // indirect
+	go.uber.org/atomic v1.7.0 // indirect
+	go.uber.org/multierr v1.6.0 // indirect
+	go.uber.org/zap v1.19.1 // indirect
+	golang.org/x/mod v0.4.2 // indirect
+	golang.org/x/net v0.0.0-20211209124913-491a49abca63 // indirect
+	golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f // indirect
+	golang.org/x/sys v0.0.0-20211029165221-6e7872819dc8 // indirect
+	golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b // indirect
+	golang.org/x/text v0.3.7 // indirect
+	golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect
+	golang.org/x/tools v0.1.6-0.20210820212750-d4cc65f0b2ff // indirect
+	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
+	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/protobuf v1.27.1 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
-	k8s.io/apimachinery v0.20.2 // indirect
-	sigs.k8s.io/yaml v1.2.0 // indirect
+	k8s.io/apiextensions-apiserver v0.23.5 // indirect
+	k8s.io/component-base v0.23.5 // indirect
+	k8s.io/klog/v2 v2.30.0 // indirect
+	k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 // indirect
+	k8s.io/utils v0.0.0-20211116205334-6203023598ed // indirect
+	sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect
+	sigs.k8s.io/yaml v1.3.0 // indirect
 )
-Original file line number
+Diff line change
@@ Expand Up / @@ -13,3 +13,6 @@ node_modules/ @@
     # kind
     .kind/
+    # tem cert
+    webhook-certs/