Skip to content

Commit

Permalink
fix(core): Access configmap from another namespace for KEP-1755 (#4849)
Browse files Browse the repository at this point in the history
* chore(ci): Check kind registry for kustomize
* fix(core): Access configmap from another namespace
* fix(core): Manage forbidden access configmap for KEP-1755
* fix(install): Ensure non-override of kube-public namespace
* chore(ci): Set kind-action version to fix kep-1755 commit
  • Loading branch information
gansheer authored Nov 3, 2023
1 parent e607cd0 commit b5b094f
Show file tree
Hide file tree
Showing 4 changed files with 29 additions and 7 deletions.
2 changes: 1 addition & 1 deletion .github/actions/kamel-config-cluster-kind/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ runs:
steps:
- id: install-cluster
name: Install Cluster
uses: container-tools/kind-action@v2.0.1
uses: container-tools/kind-action@7075d1458484493c6a92d4604cb27b87de0f8107
if: ${{ env.CLUSTER_KIND_CONFIGURED != 'true' }}
with:
version: v0.19.0
Expand Down
7 changes: 7 additions & 0 deletions e2e/install/kustomize/operator_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,13 @@ func TestOperatorBasic(t *testing.T) {
Expect(operatorPod.Spec.Containers[0].SecurityContext.AllowPrivilegeEscalation).To(Equal(kubernetes.DefaultOperatorSecurityContext().AllowPrivilegeEscalation))

Eventually(Platform(ns)).ShouldNot(BeNil())
registry := os.Getenv("KIND_REGISTRY")
if registry != "" {
platform := Platform(ns)()
Expect(platform.Status.Build.Registry).ShouldNot(BeNil())
Expect(platform.Status.Build.Registry.Address).To(Equal(registry))
}

})
}

Expand Down
12 changes: 12 additions & 0 deletions install/setup/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,15 @@ kind: Kustomization

resources:
- ../config/rbac

transformers:
- |-
apiVersion: builtin
kind: PatchTransformer
metadata:
name: fix-local-registry-rbac-namespace
patch: '[{"op": "replace", "path": "/metadata/namespace", "value": "kube-public"}]'
target:
group: rbac.authorization.k8s.io
kind: RoleBinding
name: camel-k-operator-local-registry
15 changes: 9 additions & 6 deletions pkg/util/registry/kep_1755.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,19 +21,22 @@ import (
"context"

"github.com/apache/camel-k/v2/pkg/client"
"github.com/apache/camel-k/v2/pkg/util/log"
"gopkg.in/yaml.v2"
corev1 "k8s.io/api/core/v1"
k8errors "k8s.io/apimachinery/pkg/api/errors"
ctrl "sigs.k8s.io/controller-runtime/pkg/client"
k8serrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

// GetRegistryAddress KEP-1755
// https://github.com/kubernetes/enhancements/tree/master/keps/sig-cluster-lifecycle/generic/1755-communicating-a-local-registry
func GetRegistryAddress(ctx context.Context, c client.Client) (*string, error) {
config := corev1.ConfigMap{}
err := c.Get(ctx, ctrl.ObjectKey{Namespace: "kube-public", Name: "local-registry-hosting"}, &config)
config, err := c.CoreV1().ConfigMaps("kube-public").Get(ctx, "local-registry-hosting", metav1.GetOptions{})
if err != nil {
if k8errors.IsNotFound(err) {
if k8serrors.IsForbidden(err) {
log.Debug("Cannot access registry configuration local-registry-hosting ConfigMap", "error", err)
return nil, nil
} else if k8serrors.IsNotFound(err) {
log.Debug("Cannot find registry configuration local-registry-hosting ConfigMap", "error", err)
return nil, nil
}
return nil, err
Expand Down

0 comments on commit b5b094f

Please sign in to comment.