Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add capkk #2478

Draft
wants to merge 1 commit into
base: feature-gitops
Choose a base branch
from
Draft

Conversation

redscholar
Copy link
Collaborator

@redscholar redscholar commented Dec 23, 2024

What type of PR is this?

/kind feature

What this PR does / why we need it:

build image

use command REGISTRY=xxxx make docker-push

Deploying CAPKK

  • Use local file
  1. Generate the infrastructure-components.yaml file, run the following command: REGISTRY=xxxx make generate
    The generated file will be located at:
    config/capkk/infrastructure-components.yaml (This will be included in the release package).
  2. Configure infrastructure-components.yaml in the manager Kubernetes cluster with clusterctl. The clusterctl default configuration file is located at $HOME/.cluster-api/clusterctl.yaml.
providers:
- name: kubekey
   url: [infrastructure-components.yaml's url]
   type: InfrastructureProvider
  1. deploy capkk in manager kubernetes use the following command: clusterctl init -i kubekey
  • Online
    Starting from release 4.x, you can deploy CAPKK inline with a simplified command: clusterctl init -i kubekey

Which issue(s) this PR fixes:

Fixes #
#2456 (comment)

Special notes for reviewers:

https://cluster-api.sigs.k8s.io

Does this PR introduced a user-facing change?

add capkk

Additional documentation, usage docs, etc.:


@kubesphere-prow kubesphere-prow bot added release-note kind/feature Categorizes issue or PR as related to a new feature. labels Dec 23, 2024
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: redscholar

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kubesphere-prow kubesphere-prow bot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Dec 23, 2024
@redscholar redscholar marked this pull request as draft December 23, 2024 08:16
@kubesphere-prow kubesphere-prow bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Dec 23, 2024
@redscholar redscholar force-pushed the feature branch 4 times, most recently from 47b297e to c6b8087 Compare January 3, 2025 10:28
app: capkk-controller-manager
spec:
containers:
- args:

Check warning

Code scanning / SonarCloud

Memory limits should be enforced Medium

Specify a memory limit for this container. See more on SonarQube Cloud
periodSeconds: 10
securityContext:
allowPrivilegeEscalation: false
serviceAccountName: capkk

Check warning

Code scanning / SonarCloud

Service account permissions should be restricted Medium

Bind this Service Account to RBAC or disable "automountServiceAccountToken". See more on SonarQube Cloud
config/capkk/infrastructure-components.yaml Fixed Show fixed Hide fixed
config/capkk/infrastructure-components.yaml Fixed Show fixed Hide fixed
config/capkk/infrastructure-components.yaml Fixed Show fixed Hide fixed
config/capkk/infrastructure-components.yaml Fixed Show fixed Hide fixed
config/capkk/infrastructure-components.yaml Fixed Show fixed Hide fixed
config/capkk/rbac/role.yaml Fixed Show fixed Hide fixed
config/capkk/rbac/role.yaml Fixed Show fixed Hide fixed
config/capkk/rbac/role.yaml Fixed Show fixed Hide fixed
@redscholar redscholar force-pushed the feature branch 2 times, most recently from 6abb2fb to c21d36c Compare January 6, 2025 04:36
config/capkk/rbac/role.yaml Fixed Show fixed Hide fixed
app: kk-controller-manager
spec:
containers:
- args:

Check warning

Code scanning / SonarCloud

Memory limits should be enforced Medium

Specify a memory limit for this container. See more on SonarQube Cloud
periodSeconds: 10
securityContext:
allowPrivilegeEscalation: false
serviceAccountName: capkk

Check warning

Code scanning / SonarCloud

Service account permissions should be restricted Medium

Bind this Service Account to RBAC or disable "automountServiceAccountToken". See more on SonarQube Cloud
resources:
- jobs
- cronjobs
- '*'

Check warning

Code scanning / SonarCloud

Wildcards should not be used to define RBAC permissions Medium

Replace this wildcard with a clear list of allowed resources. See more on SonarQube Cloud
@redscholar redscholar force-pushed the feature branch 2 times, most recently from c7c6c0b to 0eaa5d8 Compare January 7, 2025 02:58
- controlplane.cluster.x-k8s.io
- infrastructure.cluster.x-k8s.io
resources:
- '*'

Check warning

Code scanning / SonarCloud

Wildcards should not be used to define RBAC permissions Medium

Replace this wildcard with a clear list of allowed resources. See more on SonarQube Cloud
- apiGroups:
- kubekey.kubesphere.io
resources:
- '*'

Check warning

Code scanning / SonarCloud

Wildcards should not be used to define RBAC permissions Medium

Replace this wildcard with a clear list of allowed resources. See more on SonarQube Cloud
@redscholar redscholar force-pushed the feature branch 9 times, most recently from f206881 to ae25139 Compare January 15, 2025 10:13
@redscholar redscholar force-pushed the feature branch 2 times, most recently from 5b7e95d to 0a6f8ce Compare January 17, 2025 07:02
Signed-off-by: joyceliu <[email protected]>
Copy link

Quality Gate Failed Quality Gate failed

Failed conditions
16 Security Hotspots
C Security Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. kind/feature Categorizes issue or PR as related to a new feature. release-note size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant