Move metrics-server manifests to sub-directory

5 years ago · 47a94637dc
11 changed files with 151 additions and 144 deletions
--- a/manifests/metrics-server.yaml
+++ b/manifests/metrics-server.yaml
@ -1,135 +0,0 @@
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: system:metrics-server
-rules:
- apiGroups:
-  - ""
-  resources:
-  - pods
-  - nodes
-  - nodes/stats
-  - namespaces
-  verbs:
-  - get
-  - list
-  - watch
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: system:metrics-server
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:metrics-server
-subjects:
- kind: ServiceAccount
-  name: metrics-server
-  namespace: kube-system
---
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
-metadata:
-  name: metrics-server-auth-reader
-  namespace: kube-system
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: extension-apiserver-authentication-reader
-subjects:
- kind: ServiceAccount
-  name: metrics-server
-  namespace: kube-system
---
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
-  name: metrics-server:system:auth-delegator
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: system:auth-delegator
-subjects:
- kind: ServiceAccount
-  name: metrics-server
-  namespace: kube-system
---
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: system:aggregated-metrics-reader
-  labels:
-    rbac.authorization.k8s.io/aggregate-to-view: "true"
-    rbac.authorization.k8s.io/aggregate-to-edit: "true"
-    rbac.authorization.k8s.io/aggregate-to-admin: "true"
-rules:
- apiGroups: ["metrics.k8s.io"]
-  resources: ["pods", "nodes"]
-  verbs: ["get", "list", "watch"]
---
-apiVersion: apiregistration.k8s.io/v1beta1
-kind: APIService
-metadata:
-  name: v1beta1.metrics.k8s.io
-spec:
-  service:
-    name: metrics-server
-    namespace: kube-system
-  group: metrics.k8s.io
-  version: v1beta1
-  insecureSkipTLSVerify: true
-  groupPriorityMinimum: 100
-  versionPriority: 100
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: metrics-server
-  namespace: kube-system
-  labels:
-    kubernetes.io/name: "Metrics-server"
-    kubernetes.io/cluster-service: "true"
-spec:
-  selector:
-    k8s-app: metrics-server
-  ports:
-  - port: 443
-    protocol: TCP
-    targetPort: 443
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: metrics-server
-  namespace: kube-system
---
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: metrics-server
-  namespace: kube-system
-  labels:
-    k8s-app: metrics-server
-spec:
-  selector:
-    matchLabels:
-      k8s-app: metrics-server
-  template:
-    metadata:
-      name: metrics-server
-      labels:
-        k8s-app: metrics-server
-    spec:
-      serviceAccountName: metrics-server
-      volumes:
-      # mount in tmp so we can safely use from-scratch images and/or read-only containers
-      - name: tmp-dir
-        emptyDir: {}
-      containers:
-      - name: metrics-server
-        image: rancher/metrics-server:v0.3.6
-        volumeMounts:
-        - name: tmp-dir
-          mountPath: /tmp
--- a/manifests/metrics-server/aggregated-metrics-reader.yaml
+++ b/manifests/metrics-server/aggregated-metrics-reader.yaml
@ -0,0 +1,12 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: system:aggregated-metrics-reader
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-view: "true"
+    rbac.authorization.k8s.io/aggregate-to-edit: "true"
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
+rules:
+- apiGroups: ["metrics.k8s.io"]
+  resources: ["pods", "nodes"]
+  verbs: ["get", "list", "watch"]
--- a/manifests/metrics-server/auth-delegator.yaml
+++ b/manifests/metrics-server/auth-delegator.yaml
@ -0,0 +1,13 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: metrics-server:system:auth-delegator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: metrics-server
+  namespace: kube-system
--- a/manifests/metrics-server/auth-reader.yaml
+++ b/manifests/metrics-server/auth-reader.yaml
@ -0,0 +1,14 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+  name: metrics-server-auth-reader
+  namespace: kube-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: extension-apiserver-authentication-reader
+subjects:
+- kind: ServiceAccount
+  name: metrics-server
+  namespace: kube-system
--- a/manifests/metrics-server/metrics-apiservice.yaml
+++ b/manifests/metrics-server/metrics-apiservice.yaml
@ -0,0 +1,14 @@
+---
+apiVersion: apiregistration.k8s.io/v1beta1
+kind: APIService
+metadata:
+  name: v1beta1.metrics.k8s.io
+spec:
+  service:
+    name: metrics-server
+    namespace: kube-system
+  group: metrics.k8s.io
+  version: v1beta1
+  insecureSkipTLSVerify: true
+  groupPriorityMinimum: 100
+  versionPriority: 100
--- a/manifests/metrics-server/metrics-server-deployment.yaml
+++ b/manifests/metrics-server/metrics-server-deployment.yaml
@ -0,0 +1,36 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: metrics-server
+  namespace: kube-system
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: metrics-server
+  namespace: kube-system
+  labels:
+    k8s-app: metrics-server
+spec:
+  selector:
+    matchLabels:
+      k8s-app: metrics-server
+  template:
+    metadata:
+      name: metrics-server
+      labels:
+        k8s-app: metrics-server
+    spec:
+      serviceAccountName: metrics-server
+      volumes:
+      # mount in tmp so we can safely use from-scratch images and/or read-only containers
+      - name: tmp-dir
+        emptyDir: {}
+      containers:
+      - name: metrics-server
+        image: rancher/metrics-server:v0.3.6
+        volumeMounts:
+        - name: tmp-dir
+          mountPath: /tmp
+
--- a/manifests/metrics-server/metrics-server-service.yaml
+++ b/manifests/metrics-server/metrics-server-service.yaml
@ -0,0 +1,16 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: metrics-server
+  namespace: kube-system
+  labels:
+    kubernetes.io/name: "Metrics-server"
+    kubernetes.io/cluster-service: "true"
+spec:
+  selector:
+    k8s-app: metrics-server
+  ports:
+  - port: 443
+    protocol: TCP
+    targetPort: 443
--- a/manifests/metrics-server/resource-reader.yaml
+++ b/manifests/metrics-server/resource-reader.yaml
@ -0,0 +1,30 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: system:metrics-server
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - nodes
+  - nodes/stats
+  - namespaces
+  verbs:
+  - get
+  - list
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: system:metrics-server
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:metrics-server
+subjects:
+- kind: ServiceAccount
+  name: metrics-server
+  namespace: kube-system
--- a/pkg/cli/server/server.go
+++ b/pkg/cli/server/server.go
@ -158,10 +158,6 @@ func run(app *cli.Context, cfg *cmds.Server) error {
 			serverConfig.DisableServiceLB = true
 			continue
 		}
-
-		if !strings.HasSuffix(noDeploy, ".yaml") {
-			noDeploy = noDeploy + ".yaml"
-		}
 		serverConfig.ControlConfig.Skips = append(serverConfig.ControlConfig.Skips, noDeploy)
 	}

--- a/pkg/codegen/main.go
+++ b/pkg/codegen/main.go
@ -36,7 +36,8 @@ func main() {
 	bc = &bindata.Config{
 		Input: []bindata.InputConfig{
 			{
-				Path: "manifests",
+				Path:      "manifests",
+				Recursive: true,
 			},
 		},
 		Package:    "deploy",
--- a/pkg/deploy/stage.go
+++ b/pkg/deploy/stage.go
@ -5,23 +5,32 @@ import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
+	"strings"

 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )

 func Stage(dataDir string, templateVars map[string]string, skipList []string) error {
-	os.MkdirAll(dataDir, 0700)
-
 	skips := map[string]bool{}
 	for _, skip := range skipList {
 		skips[skip] = true
 	}

+staging:
 	for _, name := range AssetNames() {
-		if skips[name] {
-			continue
+		nameNoExtension := strings.TrimSuffix(name, filepath.Ext(name))
+		if skips[name] || skips[nameNoExtension] {
+			continue staging
+		}
+		namePath := strings.Split(name, string(os.PathSeparator))
+		for i := 1; i < len(namePath); i++ {
+			subPath := filepath.Join(namePath[0:i]...)
+			if skips[subPath] {
+				continue staging
+			}
 		}
+
 		content, err := Asset(name)
 		if err != nil {
 			return err
@ -30,6 +39,7 @@ func Stage(dataDir string, templateVars map[string]string, skipList []string) er
 			content = bytes.Replace(content, []byte(k), []byte(v), -1)
 		}
 		p := filepath.Join(dataDir, name)
+		os.MkdirAll(filepath.Dir(p), 0700)
 		logrus.Info("Writing manifest: ", p)
 		if err := ioutil.WriteFile(p, content, 0600); err != nil {
 			return errors.Wrapf(err, "failed to write to %s", name)