diff --git a/.github/blunderbuss.yml b/.github/blunderbuss.yml index 824af4b2..81a3c0a3 100644 --- a/.github/blunderbuss.yml +++ b/.github/blunderbuss.yml @@ -20,6 +20,7 @@ assign_issues: # - kurtisvg assign_prs: # - shubha-rajan - - enocom + - hessjcg + # - enocom # - jackwotherspoon # - kurtisvg diff --git a/CHANGELOG.md b/CHANGELOG.md index 665349c1..4f0d5864 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,22 @@ # Changelog +## [0.2.0](https://github.com/GoogleCloudPlatform/cloud-sql-proxy-operator/compare/v0.1.0...v0.2.0) (2023-01-18) + + +### ⚠ BREAKING CHANGES + +* remove Namespace field from AuthProxyWorkloadSelector ([#168](https://github.com/GoogleCloudPlatform/cloud-sql-proxy-operator/issues/168)) + +### Bug Fixes + +* remove Namespace field from AuthProxyWorkloadSelector ([#168](https://github.com/GoogleCloudPlatform/cloud-sql-proxy-operator/issues/168)) ([7bcc27d](https://github.com/GoogleCloudPlatform/cloud-sql-proxy-operator/commit/7bcc27d080f0f848da80740a2e4bbe75c0397031)) +* Update installer.sh to use helm for cert-manager ([#163](https://github.com/GoogleCloudPlatform/cloud-sql-proxy-operator/issues/163)) ([62fc5dc](https://github.com/GoogleCloudPlatform/cloud-sql-proxy-operator/commit/62fc5dc49a7e373fc468a512c5e54f6adfcedde4)), closes [#157](https://github.com/GoogleCloudPlatform/cloud-sql-proxy-operator/issues/157) + + +### Miscellaneous Chores + +* release 0.2.0 ([#175](https://github.com/GoogleCloudPlatform/cloud-sql-proxy-operator/issues/175)) ([44babcd](https://github.com/GoogleCloudPlatform/cloud-sql-proxy-operator/commit/44babcd3dbe703f55b9bc464597a79bdf6adb718)) + ## [0.1.0](https://github.com/GoogleCloudPlatform/cloud-sql-proxy-operator/compare/v0.0.3...v0.1.0) (2022-12-13) diff --git a/Makefile b/Makefile index 6f7eb5d3..31095425 100644 --- a/Makefile +++ b/Makefile @@ -85,7 +85,7 @@ help: ## Display this help. install_tools: remove_tools all_tools ## Installs all development tools .PHONY: generate -generate: ctrl_generate ctrl_manifests go_lint tf_lint installer reset_image add_copyright_header update_version_in_docs go_fmt yaml_fmt ## Runs code generation, format, and validation tools +generate: ctrl_generate ctrl_manifests go_lint tf_lint installer reset_image add_copyright_header go_fmt yaml_fmt ## Runs code generation, format, and validation tools .PHONY: build build: generate build_push_docker ## Builds and pushes the docker image to tag defined in envvar IMG @@ -176,9 +176,17 @@ update_image: kustomize # Update the image used in the kubernetes config to $(IM deploy_with_kubeconfig: install_certmanager install_crd deploy_operator .PHONY: install_certmanager -install_certmanager: kubectl # Install the cert-manager operator to manage the certificates for the operator webhooks - $(KUBECTL) apply -f "https://github.com/cert-manager/cert-manager/releases/download/$(CERT_MANAGER_VERSION)/cert-manager.yaml" - $(KUBECTL) rollout status deployment -n cloud-sql-proxy-operator-system cloud-sql-proxy-operator-controller-manager --timeout=90s +install_certmanager: helm # Install the cert-manager operator to manage the certificates for the operator webhooks + helm repo add jetstack https://charts.jetstack.io + helm repo update + helm get all -n cert-manager cert-manager || \ + helm install \ + cert-manager jetstack/cert-manager \ + --namespace cert-manager \ + --version "$(CERT_MANAGER_VERSION)" \ + --create-namespace \ + --set global.leaderElection.namespace=cert-manager \ + --set installCRDs=true .PHONY: install_crd install_crd: kustomize kubectl # Install CRDs into the K8s cluster using the kubectl default behavior @@ -268,10 +276,18 @@ e2e_cluster_destroy: e2e_project terraform # Destroy the infrastructure for e2e testinfra/run.sh destroy .PHONY: e2e_cert_manager_deploy -e2e_cert_manager_deploy: e2e_project kubectl # Deploy the certificate manager - $(E2E_KUBECTL) apply -f https://github.com/cert-manager/cert-manager/releases/download/$(CERT_MANAGER_VERSION)/cert-manager.yaml - # wait for cert manager to become available before continuing - $(E2E_KUBECTL) rollout status deployment cert-manager -n cert-manager --timeout=90s +e2e_cert_manager_deploy: e2e_project helm # Deploy the certificate manager + helm repo add jetstack https://charts.jetstack.io --kubeconfig=$(KUBECONFIG_E2E) + helm repo update --kubeconfig=$(KUBECONFIG_E2E) + helm get all -n cert-manager cert-manager --kubeconfig=$(KUBECONFIG_E2E) || \ + helm --kubeconfig=$(KUBECONFIG_E2E) install \ + cert-manager jetstack/cert-manager \ + --kubeconfig=$(KUBECONFIG_E2E) \ + --namespace cert-manager \ + --version "$(CERT_MANAGER_VERSION)" \ + --create-namespace \ + --set global.leaderElection.namespace=cert-manager \ + --set installCRDs=true .PHONY: e2e_install_crd @@ -407,3 +423,10 @@ gcloud: echo "Instructions on how to install https://cloud.google.com/sdk/docs/install " ; \ exit 1) +.PHONY: helm +helm: + @which helm > /dev/null || \ + (echo "Helm command line tools are not available in your path" ; \ + echo "Instructions on how to install https://helm.sh/docs/helm/helm_install/ " ; \ + exit 1) + diff --git a/README.md b/README.md index 86bcb4cb..81e1e956 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,8 @@ # Cloud SQL Proxy Operator +*Warning*: This project is in Public Preview, and may contain breaking changes +before it becomes Generally Available. + Cloud SQL Proxy Operator is an open-source Kubernetes operator that automates most of the intricate steps needed to connect a workload in a kubernetes cluster to Cloud SQL databases. @@ -20,11 +23,27 @@ Confirm that kubectl can connect to your kubernetes cluster. kubectl cluster-info ``` +Install cert-manager using helm. Note that you need to use this particular +version with these specific cli arguments to make cert-manager work on +your GKE cluster. + +```shell +helm repo add jetstack https://charts.jetstack.io +helm repo update +helm install \ + cert-manager jetstack/cert-manager \ + --namespace cert-manager \ + --version "v1.9.1" \ + --create-namespace \ + --set global.leaderElection.namespace=cert-manager \ + --set installCRDs=true +``` + Run the following command to install the cloud sql proxy operator into your kubernetes cluster: ```shell -curl https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy-operator/v0.1.0/install.sh | bash +kubectl apply -f https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy-operator/v0.1.0/cloud-sql-proxy-operator.yaml ``` Confirm that the operator is installed and running by listing its pods: diff --git a/config/crd/bases/cloudsql.cloud.google.com_authproxyworkloads.yaml b/config/crd/bases/cloudsql.cloud.google.com_authproxyworkloads.yaml index 9262663f..ea59b4f9 100644 --- a/config/crd/bases/cloudsql.cloud.google.com_authproxyworkloads.yaml +++ b/config/crd/bases/cloudsql.cloud.google.com_authproxyworkloads.yaml @@ -1,10 +1,10 @@ -# Copyright 2022 Google LLC +# Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, @@ -15,7 +15,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: authproxyworkloads.cloudsql.cloud.google.com spec: @@ -903,9 +903,6 @@ spec: name: description: Name specifies the name of the resource to select. type: string - namespace: - description: Namespace specifies namespace in which to select the resource. Optional, defaults to the namespace of the AuthProxyWorkload resource. All or Wildcard namespaces are not supported. - type: string selector: description: Selector selects resources using labels. See "Label selectors" in the kubernetes docs https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors properties: diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 57fa34a6..7f68c2a7 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -1,10 +1,10 @@ -# Copyright 2022 Google LLC +# Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, diff --git a/config/webhook/manifests.yaml b/config/webhook/manifests.yaml index f96f7d4e..4e42f8b9 100644 --- a/config/webhook/manifests.yaml +++ b/config/webhook/manifests.yaml @@ -1,10 +1,10 @@ -# Copyright 2022 Google LLC +# Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, diff --git a/docs/quick-start.md b/docs/quick-start.md index ed92f820..b5b7a619 100644 --- a/docs/quick-start.md +++ b/docs/quick-start.md @@ -17,10 +17,19 @@ kubectl cluster-info ``` Run the following command to install the cloud sql proxy operator into -your kuberentes cluster: +your kubernetes cluster: ```shell -curl https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy-operator/v0.1.0/install.sh | bash +curl https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy-operator/v0.2.0/install.sh | bash +``` + +This will use `helm` to install the `cert-manager` operator, a prerequisite. Then +it will install the Cloud SQL Proxy Operator in your cluster. + +Wait for the Cloud SQL Auth Proxy Operator to start. + +```shell +kubectl rollout status deployment -n cloud-sql-proxy-operator-system cloud-sql-proxy-operator-controller-manager --timeout=90s ``` Confirm that the operator is installed and running by listing its pods: @@ -44,22 +53,22 @@ apiVersion: cloudsql.cloud.google.com/v1alpha1 kind: AuthProxyWorkload metadata: name: authproxyworkload-sample - -spec: +spec: workloadSelector: kind: "Deployment" name: "gke-cloud-sql-quickstart" instances: - - connectionString: "" - portEnvName: "DB_PORT" - hostEnvName: "INSTANCE_HOST" + - connectionString: "" + portEnvName: "DB_PORT" + hostEnvName: "INSTANCE_HOST" ``` Update with the Cloud SQL instance connection name -retrieved from the gcloud command on the previous step. The format is +retrieved from the gcloud command on the previous step. This should follow the format project_id:region:instance_name. The instance connection name is also visible -in the Cloud SQL instance Overview page. +in the Google Cloud Console on the Cloud SQL Instance Overview page. -Apply the proxy configuration to to kubernetes: +Apply the proxy configuration to kubernetes: ```shell kubectl apply -f authproxyworkload.yaml diff --git a/go.mod b/go.mod index f0a81e37..a00c17c3 100644 --- a/go.mod +++ b/go.mod @@ -3,8 +3,8 @@ module github.com/GoogleCloudPlatform/cloud-sql-proxy-operator go 1.18 require ( - github.com/go-logr/logr v1.2.0 - go.uber.org/zap v1.19.1 + github.com/go-logr/logr v1.2.3 + go.uber.org/zap v1.24.0 k8s.io/api v0.24.2 k8s.io/apimachinery v0.24.2 k8s.io/client-go v0.24.2 @@ -68,7 +68,7 @@ require ( google.golang.org/protobuf v1.27.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/apiextensions-apiserver v0.24.2 // indirect k8s.io/component-base v0.24.2 // indirect k8s.io/klog/v2 v2.60.1 // indirect diff --git a/go.sum b/go.sum index b81635ea..475c57eb 100644 --- a/go.sum +++ b/go.sum @@ -158,8 +158,9 @@ github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= -github.com/go-logr/logr v1.2.0 h1:QK40JKJyMdUDz+h+xvCsru/bJhvG0UxvePV0ufL/AcE= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= +github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/zapr v1.2.0 h1:n4JnPI1T3Qq1SFEi/F8rwLrZERp2bso19PJZDB9dayk= github.com/go-logr/zapr v1.2.0/go.mod h1:Qa4Bsj2Vb+FAVeAKsLD8RLQ+YRJB8YDmOAKxaBQf7Ro= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= @@ -445,8 +446,8 @@ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UV github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= @@ -492,7 +493,6 @@ go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= -go.uber.org/goleak v1.1.11-0.20210813005559-691160354723/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/goleak v1.1.12 h1:gZAh5/EyT/HQwlpkCy6wTpqfH9H8Lz8zbm3dZh+OyzA= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= @@ -500,8 +500,8 @@ go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9i go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= -go.uber.org/zap v1.19.1 h1:ue41HOKd1vGURxrmeKIgELGb3jPW9DMUDGtsinblHwI= -go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI= +go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60= +go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= @@ -913,8 +913,9 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/installer/cloud-sql-proxy-operator.yaml b/installer/cloud-sql-proxy-operator.yaml index 13da76a2..3f50d2fb 100644 --- a/installer/cloud-sql-proxy-operator.yaml +++ b/installer/cloud-sql-proxy-operator.yaml @@ -1,10 +1,10 @@ -# Copyright 2022 Google LLC +# Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, @@ -24,7 +24,7 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: cloud-sql-proxy-operator-system/cloud-sql-proxy-operator-serving-cert - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 name: authproxyworkloads.cloudsql.cloud.google.com spec: conversion: @@ -921,9 +921,6 @@ spec: name: description: Name specifies the name of the resource to select. type: string - namespace: - description: Namespace specifies namespace in which to select the resource. Optional, defaults to the namespace of the AuthProxyWorkload resource. All or Wildcard namespaces are not supported. - type: string selector: description: Selector selects resources using labels. See "Label selectors" in the kubernetes docs https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors properties: @@ -1364,7 +1361,7 @@ spec: - --leader-elect command: - /manager - image: gcr.io/cloud-sql-connectors/cloud-sql-operator/cloud-sql-proxy-operator:0.1.0 + image: gcr.io/cloud-sql-connectors/cloud-sql-operator/cloud-sql-proxy-operator:0.2.0 livenessProbe: httpGet: path: /healthz diff --git a/installer/install.sh b/installer/install.sh index a8439efe..6b8f6297 100644 --- a/installer/install.sh +++ b/installer/install.sh @@ -16,9 +16,16 @@ set -euxo # exit 1 from the script when command fails -VERSION="v0.1.0" -CERT_MANAGER_VERSION="v1.9.1" +# If CSQL_OPERATOR_VERSION is not set, use the release version: v0.2.0. +CSQL_OPERATOR_VERSION="${CSQL_OPERATOR_VERSION:-v0.2.0}" +# If CSQL_CERT_MANAGER_VERSION is not set, use the default: v1.9.1. +CSQL_CERT_MANAGER_VERSION="${CSQL_CERT_MANAGER_VERSION:-v1.9.1}" + +# If CSQL_OPERATOR_URL is not set, use the default value from the CSQL_OPERATOR_VERSION +CSQL_OPERATOR_URL="${CSQL_OPERATOR_URL:-https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy-operator/$CSQL_OPERATOR_VERSION/cloud-sql-proxy-operator.yaml}" + +# Ensure kubectl exists if ! which kubectl ; then echo "kubectl, the kubernetes command line client, was not found in the PATH." echo "See https://kubernetes.io/docs/tasks/tools/ for instructions on how to" @@ -26,14 +33,29 @@ if ! which kubectl ; then exit 1 fi -# Install cert-manager -kubectl apply -f "https://github.com/cert-manager/cert-manager/releases/download/$CERT_MANAGER_VERSION/cert-manager.yaml" +# Ensure helm exists +if ! which helm ; then + echo "helm, the installer for kubernetes applications, was not found in the PATH." + echo "See https://helm.sh/docs/intro/install/ for instructions on how to" + echo "install helm." + exit 1 +fi -# Wait for cert-manager to become available before continuing -kubectl rollout status deployment cert-manager -n cert-manager --timeout=90s +# Install cert-manager using helm +if ! helm get all -n cert-manager cert-manager > /dev/null ; then + helm repo add jetstack https://charts.jetstack.io + helm repo update + helm install \ + cert-manager jetstack/cert-manager \ + --namespace cert-manager \ + --version "$CSQL_CERT_MANAGER_VERSION" \ + --create-namespace \ + --set global.leaderElection.namespace=cert-manager \ + --set installCRDs=true +fi # Install the cloud-sql-proxy-operator -kubectl apply -f "https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy-operator-dev/$VERSION/cloud-sql-proxy-operator.yaml" +kubectl apply -f "$CSQL_OPERATOR_URL" # Wait for cloud-sql-proxy-operator to become available kubectl rollout status deployment -n cloud-sql-proxy-operator-system cloud-sql-proxy-operator-controller-manager --timeout=90s diff --git a/internal/api/v1alpha1/authproxyworkload_types.go b/internal/api/v1alpha1/authproxyworkload_types.go index 01b427ff..86ddfeeb 100644 --- a/internal/api/v1alpha1/authproxyworkload_types.go +++ b/internal/api/v1alpha1/authproxyworkload_types.go @@ -90,12 +90,6 @@ type WorkloadSelectorSpec struct { //+kubebuilder:validation:Pattern=\w+(\.\w+)* Kind string `json:"kind"` - // Namespace specifies namespace in which to select the resource. - // Optional, defaults to the namespace of the AuthProxyWorkload resource. - // All or Wildcard namespaces are not supported. - //+kubebuilder:validation:Optional - Namespace string `json:"namespace,omitempty"` - // Name specifies the name of the resource to select. //+kubebuilder:validation:Optional Name string `json:"name,omitempty"` diff --git a/internal/controller/authproxyworkload_controller.go b/internal/controller/authproxyworkload_controller.go index cc6cf2a7..d5168d43 100644 --- a/internal/controller/authproxyworkload_controller.go +++ b/internal/controller/authproxyworkload_controller.go @@ -398,9 +398,6 @@ func newStatus(wl workload.Workload) *cloudsqlapi.WorkloadStatus { // listWorkloads produces a list of Workload's that match the WorkloadSelectorSpec // in the specified namespace. func (r *AuthProxyWorkloadReconciler) listWorkloads(ctx context.Context, workloadSelector cloudsqlapi.WorkloadSelectorSpec, ns string) ([]workload.Workload, error) { - if workloadSelector.Namespace != "" { - ns = workloadSelector.Namespace - } if workloadSelector.Name != "" { return r.loadByName(ctx, workloadSelector, ns) diff --git a/internal/controller/authproxyworkload_controller_test.go b/internal/controller/authproxyworkload_controller_test.go index 7e852cb8..0f5098a9 100644 --- a/internal/controller/authproxyworkload_controller_test.go +++ b/internal/controller/authproxyworkload_controller_test.go @@ -71,9 +71,8 @@ func TestReconcileDeleted(t *testing.T) { }, "project:region:db") p.Finalizers = []string{finalizerName} p.Spec.Workload = v1alpha1.WorkloadSelectorSpec{ - Kind: "Pod", - Namespace: "default", - Name: "thing", + Kind: "Pod", + Name: "thing", } cb, err := clientBuilder() @@ -117,9 +116,8 @@ func TestReconcileState21ByName(t *testing.T) { }, "project:region:db") p.Finalizers = []string{finalizerName} p.Spec.Workload = v1alpha1.WorkloadSelectorSpec{ - Kind: "Pod", - Name: "testpod", - Namespace: "default", + Kind: "Pod", + Name: "testpod", } err := runReconcileTestcase(p, []client.Object{p}, false, metav1.ConditionTrue, v1alpha1.ReasonNoWorkloadsFound) @@ -135,8 +133,7 @@ func TestReconcileState21BySelector(t *testing.T) { }, "project:region:db") p.Finalizers = []string{finalizerName} p.Spec.Workload = v1alpha1.WorkloadSelectorSpec{ - Kind: "Pod", - Namespace: "default", + Kind: "Pod", Selector: &metav1.LabelSelector{ MatchLabels: map[string]string{"app": "things"}, }, @@ -161,8 +158,7 @@ func TestReconcileState31(t *testing.T) { p.Generation = 1 p.Finalizers = []string{finalizerName} p.Spec.Workload = v1alpha1.WorkloadSelectorSpec{ - Kind: "Deployment", - Namespace: "default", + Kind: "Deployment", Selector: &metav1.LabelSelector{ MatchLabels: map[string]string{"app": "things"}, }, diff --git a/internal/workload/podspec_updates.go b/internal/workload/podspec_updates.go index b4f1118e..9637dd79 100644 --- a/internal/workload/podspec_updates.go +++ b/internal/workload/podspec_updates.go @@ -34,7 +34,7 @@ import ( // package and documented here so that they appear in the godoc. These also // need to be documented in the CRD const ( - DefaultProxyImage = "gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.0.0-preview.4" + DefaultProxyImage = "gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.0.0" // DefaultFirstPort is the first port number chose for an instance listener by the // proxy. diff --git a/testinfra/main.tf b/testinfra/main.tf index d0b73c75..941a86bd 100644 --- a/testinfra/main.tf +++ b/testinfra/main.tf @@ -18,7 +18,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = "4.31.0" + version = "4.48.0" } } } diff --git a/tools/install.sh b/tools/install.sh old mode 100644 new mode 100755 index 8a2239c9..95da6f16 --- a/tools/install.sh +++ b/tools/install.sh @@ -16,9 +16,16 @@ set -euxo # exit 1 from the script when command fails -VERSION="__VERSION__" -CERT_MANAGER_VERSION="__CERT_MANAGER_VERSION__" +# If CSQL_OPERATOR_VERSION is not set, use the release version: __VERSION__. +CSQL_OPERATOR_VERSION="${CSQL_OPERATOR_VERSION:-__VERSION__}" +# If CSQL_CERT_MANAGER_VERSION is not set, use the default: __CERT_MANAGER_VERSION__. +CSQL_CERT_MANAGER_VERSION="${CSQL_CERT_MANAGER_VERSION:-__CERT_MANAGER_VERSION__}" + +# If CSQL_OPERATOR_URL is not set, use the default value from the CSQL_OPERATOR_VERSION +CSQL_OPERATOR_URL="${CSQL_OPERATOR_URL:-https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy-operator/$CSQL_OPERATOR_VERSION/cloud-sql-proxy-operator.yaml}" + +# Ensure kubectl exists if ! which kubectl ; then echo "kubectl, the kubernetes command line client, was not found in the PATH." echo "See https://kubernetes.io/docs/tasks/tools/ for instructions on how to" @@ -26,14 +33,29 @@ if ! which kubectl ; then exit 1 fi -# Install cert-manager -kubectl apply -f "https://github.com/cert-manager/cert-manager/releases/download/$CERT_MANAGER_VERSION/cert-manager.yaml" +# Ensure helm exists +if ! which helm ; then + echo "helm, the installer for kubernetes applications, was not found in the PATH." + echo "See https://helm.sh/docs/intro/install/ for instructions on how to" + echo "install helm." + exit 1 +fi -# Wait for cert-manager to become available before continuing -kubectl rollout status deployment cert-manager -n cert-manager --timeout=90s +# Install cert-manager using helm +if ! helm get all -n cert-manager cert-manager > /dev/null ; then + helm repo add jetstack https://charts.jetstack.io + helm repo update + helm install \ + cert-manager jetstack/cert-manager \ + --namespace cert-manager \ + --version "$CSQL_CERT_MANAGER_VERSION" \ + --create-namespace \ + --set global.leaderElection.namespace=cert-manager \ + --set installCRDs=true +fi # Install the cloud-sql-proxy-operator -kubectl apply -f "https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy-operator-dev/$VERSION/cloud-sql-proxy-operator.yaml" +kubectl apply -f "$CSQL_OPERATOR_URL" # Wait for cloud-sql-proxy-operator to become available kubectl rollout status deployment -n cloud-sql-proxy-operator-system cloud-sql-proxy-operator-controller-manager --timeout=90s diff --git a/tools/release-pr-generate.sh b/tools/release-pr-generate.sh index 9e471bf3..18c295e6 100755 --- a/tools/release-pr-generate.sh +++ b/tools/release-pr-generate.sh @@ -19,7 +19,7 @@ PROJECT_DIR=$( dirname "$SCRIPT_DIR") cd "$PROJECT_DIR" -make generate +make update_version_in_docs generate if git diff --exit-code ; then echo "Generate did not cause any changes to the code. OK to proceed with the release" diff --git a/version.txt b/version.txt index 6e8bf73a..0ea3a944 100644 --- a/version.txt +++ b/version.txt @@ -1 +1 @@ -0.1.0 +0.2.0