Create dockerfile / makefile / manifest for pushing controllers to cl…

…uster (kptdev#2694)

This lets us start to run these on the server, instead of just locally.

porch/controllers/Dockerfile

@@ -0,0 +1,54 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM golang:1.17-bullseye as builder
+
+WORKDIR /workspace
+COPY go.mod go.sum ./
+COPY porch/api/go.mod porch/api/go.sum porch/api/
+COPY porch/controllers/go.mod porch/controllers/go.sum porch/controllers/
+COPY porch/controllers/remoterootsync/go.mod porch/controllers/remoterootsync/go.sum porch/controllers/remoterootsync/
+COPY porch/repository/go.mod porch/repository/go.sum porch/repository/
+
+WORKDIR /workspace/porch/controllers/remoterootsync/
+RUN go mod download
+# Prebuild some libraries to warm the cache
+RUN CGO_ENABLED=0 go build -v \
+  k8s.io/klog/v2 \
+  k8s.io/klog/v2/klogr \
+  k8s.io/client-go/plugin/pkg/client/auth \
+  sigs.k8s.io/controller-runtime \
+  sigs.k8s.io/controller-runtime/pkg/client \
+  sigs.k8s.io/controller-runtime/pkg/controller/controllerutil \
+  k8s.io/client-go/kubernetes \
+  go.opentelemetry.io/otel \
+  cloud.google.com/go/container/apiv1 \
+  github.com/google/go-containerregistry/pkg/gcrane \
+  github.com/google/go-containerregistry/pkg/v1 \
+  github.com/google/go-containerregistry/pkg/v1/cache \
+  k8s.io/client-go/discovery/cached
+
+WORKDIR /workspace
+COPY porch/api/ porch/api/
+COPY porch/controllers/ porch/controllers/
+COPY porch/repository/ porch/repository/
+
+WORKDIR /workspace/porch/controllers/remoterootsync/
+RUN CGO_ENABLED=0 go build -o /porch-controllers -v .
+
+FROM gcr.io/distroless/static
+WORKDIR /data
+COPY --from=builder /porch-controllers /porch-controllers
+
+ENTRYPOINT ["/porch-controllers"]

porch/controllers/Makefile

@@ -0,0 +1,20 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# GCP project to use for development
+GCP_PROJECT_ID ?= $(shell gcloud config get-value project)
+
+.PHONY: push-image
+push-image:
+	cd ../..; docker buildx build --push --tag gcr.io/${GCP_PROJECT_ID}/porch-controllers:latest -f porch/controllers/Dockerfile .

porch/controllers/config/deploy/manifest.yaml

@@ -0,0 +1,83 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: porch-system
+
+---
+
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: porch-controllers
+  namespace: porch-system
+
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: porch-controllers
+  namespace: porch-system
+  labels:
+    k8s-app: "porch-controllers"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      k8s-app: "porch-controllers"
+  template:
+    metadata:
+      labels:
+        k8s-app: "porch-controllers"
+    spec:
+      serviceAccountName: porch-controllers
+      containers:
+      - name: porch-controllers
+        # Update to the image of your porch-controllers build.
+        image: gcr.io/example-google-project-id/porch-controllers:latest
+
+---
+
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: porch-controllers
+rules:
+- apiGroups: ["config.porch.kpt.dev"]
+  resources: ["repositories"]
+  verbs: ["get", "list", "watch", "create", "update", "patch"]
+- apiGroups: ["config.cloud.google.com"]
+  resources: ["remoterootsyncsets"]
+  verbs: ["get", "list", "watch", "create", "update", "patch"]
+- apiGroups: ["config.cloud.google.com"]
+  resources: ["remoterootsyncsets/status"]
+  verbs: ["get", "list", "watch", "create", "update", "patch"]
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: porch-system:porch-controllers
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: porch-controllers
+subjects:
+- kind: ServiceAccount
+  name: porch-controllers
+  namespace: porch-system

porch/controllers/remoterootsync/Makefile

@@ -17,4 +17,4 @@ GCP_PROJECT_ID ?= $(shell gcloud config get-value project)
 
 .PHONY: run-local
 run-local:
-	GCP_PROJECT_ID=${GCP_PROJECT_ID} HACK_ENABLE_LOOPBACK=1 go run .
+	GCP_PROJECT_ID=${GCP_PROJECT_ID} HACK_ENABLE_LOOPBACK=1 go run .