From 82ac209d90b1afecd58f4c28c06d6c352582a058 Mon Sep 17 00:00:00 2001 From: Pasquale Congiusti Date: Fri, 27 Oct 2023 12:25:15 +0200 Subject: [PATCH] feat(knative): make installation explicit Instead of letting the CLI perfom the installation, we need to make it explicit in order to use the same approach for any other installation methodology. Closes #4716 --- config/rbac/knative/kustomization.yaml | 36 +++++++++++++++++++ ...e-binding-custom-resource-definitions.yaml | 31 ++++++++++++++++ .../operator-role-binding-knative.yaml | 0 .../{ => knative}/operator-role-knative.yaml | 0 .../knative/operator-service-account.yaml | 23 ++++++++++++ config/rbac/kustomization.yaml | 2 -- docs/modules/ROOT/nav.adoc | 5 +-- .../ROOT/pages/installation/knative.adoc | 33 +++++++++++++++++ pkg/install/operator.go | 26 -------------- 9 files changed, 126 insertions(+), 30 deletions(-) create mode 100644 config/rbac/knative/kustomization.yaml create mode 100644 config/rbac/knative/operator-cluster-role-binding-custom-resource-definitions.yaml rename config/rbac/{ => knative}/operator-role-binding-knative.yaml (100%) rename config/rbac/{ => knative}/operator-role-knative.yaml (100%) create mode 100644 config/rbac/knative/operator-service-account.yaml create mode 100644 docs/modules/ROOT/pages/installation/knative.adoc diff --git a/config/rbac/knative/kustomization.yaml b/config/rbac/knative/kustomization.yaml new file mode 100644 index 0000000000..d637001995 --- /dev/null +++ b/config/rbac/knative/kustomization.yaml @@ -0,0 +1,36 @@ +# --------------------------------------------------------------------------- +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# --------------------------------------------------------------------------- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: my-ns +resources: +# Required in order to perform namespace replacement below +- operator-service-account.yaml +- operator-role-knative.yaml +- operator-role-binding-knative.yaml +- operator-cluster-role-binding-custom-resource-definitions.yaml +replacements: +- source: + fieldPath: metadata.namespace + kind: ServiceAccount + name: camel-k-operator + targets: + - fieldPaths: + - subjects.[name=camel-k-operator].namespace + select: + kind: ClusterRoleBinding + name: camel-k-operator-custom-resource-definitions diff --git a/config/rbac/knative/operator-cluster-role-binding-custom-resource-definitions.yaml b/config/rbac/knative/operator-cluster-role-binding-custom-resource-definitions.yaml new file mode 100644 index 0000000000..14d3fa1a88 --- /dev/null +++ b/config/rbac/knative/operator-cluster-role-binding-custom-resource-definitions.yaml @@ -0,0 +1,31 @@ +# --------------------------------------------------------------------------- +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# --------------------------------------------------------------------------- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: camel-k-operator-custom-resource-definitions + labels: + app: "camel-k" +subjects: +- kind: ServiceAccount + name: camel-k-operator + namespace: placeholder +roleRef: + kind: ClusterRole + name: camel-k-operator-custom-resource-definitions + apiGroup: rbac.authorization.k8s.io diff --git a/config/rbac/operator-role-binding-knative.yaml b/config/rbac/knative/operator-role-binding-knative.yaml similarity index 100% rename from config/rbac/operator-role-binding-knative.yaml rename to config/rbac/knative/operator-role-binding-knative.yaml diff --git a/config/rbac/operator-role-knative.yaml b/config/rbac/knative/operator-role-knative.yaml similarity index 100% rename from config/rbac/operator-role-knative.yaml rename to config/rbac/knative/operator-role-knative.yaml diff --git a/config/rbac/knative/operator-service-account.yaml b/config/rbac/knative/operator-service-account.yaml new file mode 100644 index 0000000000..fabf3d38f9 --- /dev/null +++ b/config/rbac/knative/operator-service-account.yaml @@ -0,0 +1,23 @@ +# --------------------------------------------------------------------------- +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# --------------------------------------------------------------------------- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: camel-k-operator + labels: + app: "camel-k" diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index f2600f1626..c7556889ef 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -24,7 +24,6 @@ kind: Kustomization resources: - user-cluster-role.yaml - operator-role-events.yaml -- operator-role-knative.yaml - operator-role.yaml - operator-role-keda.yaml - operator-role-leases.yaml @@ -32,7 +31,6 @@ resources: - operator-role-strimzi.yaml - operator-role-binding-events.yaml - operator-role-binding-keda.yaml -- operator-role-binding-knative.yaml - operator-role-binding-leases.yaml - operator-role-binding-local-registry.yaml - operator-role-binding-podmonitors.yaml diff --git a/docs/modules/ROOT/nav.adoc b/docs/modules/ROOT/nav.adoc index f13dbd7efa..017b36dfc2 100644 --- a/docs/modules/ROOT/nav.adoc +++ b/docs/modules/ROOT/nav.adoc @@ -1,6 +1,7 @@ * xref:installation/installation.adoc[Installation] -** xref:installation/advanced/maven.adoc[Configuring Maven] -** xref:installation/registry/registry.adoc[Configuring Registry] +** xref:installation/advanced/maven.adoc[Configure Maven] +** xref:installation/registry/registry.adoc[Configure Registry] +** xref:installation/knative.adoc[Configure Knative] ** xref:contributing/upgrade.adoc[Upgrade] ** xref:contributing/uninstalling.adoc[Uninstalling] ** xref:installation/advanced/advanced.adoc[Advanced] diff --git a/docs/modules/ROOT/pages/installation/knative.adoc b/docs/modules/ROOT/pages/installation/knative.adoc new file mode 100644 index 0000000000..e965a7785e --- /dev/null +++ b/docs/modules/ROOT/pages/installation/knative.adoc @@ -0,0 +1,33 @@ += Knative installation + +"https://knative.dev[Knative] is an Open-Source Enterprise-level solution to build Serverless and Event Driven Applications. The effort done in this project is a great complement to Camel K, which can leverage natively some feature offered by Knative. In particular, Camel K will be able to leverage "scale to 0" (hence, serverless) feature offered by Knative. + +NOTE: Knative is an optional configuration. It is not required to run Camel K. + +[[install-knative]] +== Knative roles configuration + +Camel K needs to have certain privileges to use the resources used by Knative. We have identified them, so, it follows a few configuration that you will need to apply in order to make Camel K work with Knative. + +NOTE: We assume you have already both the Knative operator and the Camel K operator up and running. If not, the first step is to install both operator. See the guide on xref:installation/installation.adoc[how to install Camel K] and the guide on https://knative.dev/docs/install/[how to install Knative] respectively. + +Once all the resources are installed in the cluster, you'll need to perform the following action: + +```bash +kubectl apply -k https://github.com/apache/camel-k/tree/main/config/rbac/knative?ref=v2.1.0 +``` + +The configuration above is using the released version `2.1.0`. You may want to use instead another version or the latest development available on `main` branch. Something else you need to know is that, by default, that configuration above will use `default` namespace. In order to change it, you must perform some customization locally in a similar fashion: + +```bash +git clone https://github.com/apache/camel-k.git +cd camel-k/config/rbac/knative +kustomize edit set namespace +kubectl apply -k . +``` + +NOTE: you will need `kustomize` CLI available. + +As the installation procedure can vary depending on the cluster and the methodology you use (Helm, OLM, Kustomize, ...), feel free to customize in the way that it results more convenient. In the `/config/rbac/knative` you will already find the basic `kustomization.yaml` on top of which you may provide any further level of customization. + +From now on you should be able to run some Camel application leveraging Knative with Camel K (see https://github.com/apache/camel-k-examples/tree/main/generic-examples/knative[examples]). \ No newline at end of file diff --git a/pkg/install/operator.go b/pkg/install/operator.go index 9daf61ee0c..4fa87df5f2 100644 --- a/pkg/install/operator.go +++ b/pkg/install/operator.go @@ -41,7 +41,6 @@ import ( "github.com/apache/camel-k/v2/pkg/client" "github.com/apache/camel-k/v2/pkg/resources" "github.com/apache/camel-k/v2/pkg/util/envvar" - "github.com/apache/camel-k/v2/pkg/util/knative" "github.com/apache/camel-k/v2/pkg/util/kubernetes" "github.com/apache/camel-k/v2/pkg/util/minikube" "github.com/apache/camel-k/v2/pkg/util/openshift" @@ -283,24 +282,6 @@ func OperatorOrCollect(ctx context.Context, cmd *cobra.Command, c client.Client, return err } - // Additionally, install Knative resources (roles and bindings) - isKnative, err := knative.IsInstalled(c) - if err != nil { - return err - } - if isKnative { - if err := installKnative(ctx, c, cfg.Namespace, customizer, collection, force); err != nil { - return err - } - if err := installClusterRoleBinding(ctx, c, collection, cfg.Namespace, "camel-k-operator-bind-addressable-resolver", "/rbac/operator-cluster-role-binding-addressable-resolver.yaml"); err != nil { - if k8serrors.IsForbidden(err) { - fmt.Fprintln(cmd.ErrOrStderr(), "Warning: the operator will not be able to bind Knative addressable-resolver ClusterRole. Try installing the operator as cluster-admin.") - } else { - return err - } - } - } - if err = installEvents(ctx, c, cfg.Namespace, customizer, collection, force); err != nil { if k8serrors.IsAlreadyExists(err) { return err @@ -512,13 +493,6 @@ func installKedaBindings(ctx context.Context, c client.Client, namespace string, ) } -func installKnative(ctx context.Context, c client.Client, namespace string, customizer ResourceCustomizer, collection *kubernetes.Collection, force bool) error { - return ResourcesOrCollect(ctx, c, namespace, collection, force, customizer, - "/rbac/operator-role-knative.yaml", - "/rbac/operator-role-binding-knative.yaml", - ) -} - func installEvents(ctx context.Context, c client.Client, namespace string, customizer ResourceCustomizer, collection *kubernetes.Collection, force bool) error { return ResourcesOrCollect(ctx, c, namespace, collection, force, customizer, "/rbac/operator-role-events.yaml",