From 901728cd415028664f42a938e2b8c72df0419b58 Mon Sep 17 00:00:00 2001
From: Vicente Cheng <vicente.cheng@suse.com>
Date: Fri, 4 Oct 2024 12:06:04 +0800
Subject: [PATCH] misc/build/deploy

Signed-off-by: Vicente Cheng <vicente.cheng@suse.com>
---
 .../templates/_helpers.tpl                    | 21 +++++++++
 .../templates/rbac.yaml                       | 40 +++++++++++++++++
 .../templates/webhook.yaml                    | 45 +++++++++++++++++++
 .../harvester-node-disk-manager/values.yaml   | 11 ++++-
 package/Dockerfile.webhook                    | 22 +++++++++
 scripts/build                                 |  1 +
 scripts/package                               | 21 +--------
 scripts/package_controller                    | 22 +++++++++
 scripts/package_webhook                       | 22 +++++++++
 9 files changed, 185 insertions(+), 20 deletions(-)
 create mode 100644 deploy/charts/harvester-node-disk-manager/templates/webhook.yaml
 create mode 100644 package/Dockerfile.webhook
 create mode 100755 scripts/package_controller
 create mode 100755 scripts/package_webhook

diff --git a/deploy/charts/harvester-node-disk-manager/templates/_helpers.tpl b/deploy/charts/harvester-node-disk-manager/templates/_helpers.tpl
index fa714413..8004ccf4 100644
--- a/deploy/charts/harvester-node-disk-manager/templates/_helpers.tpl
+++ b/deploy/charts/harvester-node-disk-manager/templates/_helpers.tpl
@@ -50,6 +50,27 @@ app.kubernetes.io/name: {{ include "harvester-node-disk-manager.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
+{{/*
+Webhook labels
+*/}}
+{{- define "harvester-node-disk-manager-webhook.labels" -}}
+helm.sh/chart: {{ include "harvester-node-disk-manager.chart" . }}
+{{ include "harvester-node-disk-manager-webhook.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/component: webhook
+{{- end }}
+
+{{/*
+Webhook Selector labels
+*/}}
+{{- define "harvester-node-disk-manager-webhook.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "harvester-node-disk-manager.name" . }}-webhook
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
 {{/*
 Create the name of the service account to use
 */}}
diff --git a/deploy/charts/harvester-node-disk-manager/templates/rbac.yaml b/deploy/charts/harvester-node-disk-manager/templates/rbac.yaml
index 3cbded9c..d5f1aea7 100644
--- a/deploy/charts/harvester-node-disk-manager/templates/rbac.yaml
+++ b/deploy/charts/harvester-node-disk-manager/templates/rbac.yaml
@@ -35,3 +35,43 @@ subjects:
   - kind: ServiceAccount
     name: {{ include "harvester-node-disk-manager.name" . }}
     namespace: {{ .Release.Namespace }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: harvester-node-disk-manager-webhook
+  namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: harvester-node-disk-manager-webhook
+rules:
+  - apiGroups: [ "" ]
+    resources: [ "secrets", "configmaps" ]
+    verbs: [ "*" ]
+  - apiGroups: [ "harvesterhci.io" ]
+    resources: [ "blockdevices" ]
+    verbs: [ "*" ]
+  - apiGroups: [ "apiregistration.k8s.io" ]
+    resources: [ "apiservices" ]
+    verbs: [ "get", "watch", "list" ]
+  - apiGroups: [ "apiextensions.k8s.io" ]
+    resources: [ "customresourcedefinitions" ]
+    verbs: [ "get", "watch", "list" ]
+  - apiGroups: [ "admissionregistration.k8s.io" ]
+    resources: [ "validatingwebhookconfigurations", "mutatingwebhookconfigurations" ]
+    verbs: [ "*" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: harvester-node-disk-manager-webhook
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: harvester-node-disk-manager-webhook
+subjects:
+  - kind: ServiceAccount
+    name: harvester-node-disk-manager-webhook
+    namespace: {{ .Release.Namespace }}
diff --git a/deploy/charts/harvester-node-disk-manager/templates/webhook.yaml b/deploy/charts/harvester-node-disk-manager/templates/webhook.yaml
new file mode 100644
index 00000000..7e153c5c
--- /dev/null
+++ b/deploy/charts/harvester-node-disk-manager/templates/webhook.yaml
@@ -0,0 +1,45 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "harvester-node-disk-manager-webhook.labels" . | nindent 4 }}
+  name: harvester-node-disk-manager-webhook
+spec:
+  replicas: {{ .Values.webhook.replicas }}
+  selector:
+    matchLabels:
+      {{- include "harvester-node-disk-manager-webhook.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "harvester-node-disk-manager-webhook.labels" . | nindent 8 }}
+    spec:
+      serviceAccountName: harvester-node-disk-manager-webhook
+      containers:
+        - name: harvester-node-disk-manager-webhook
+          image: "{{ .Values.webhook.image.repository }}:{{ .Values.webhook.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.webhook.image.pullPolicy }}
+          env:
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          command:
+            - node-disk-manager-webhook
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: harvester-node-disk-manager-webhook
+  namespace: {{ .Release.Namespace }}
+spec:
+  type: ClusterIP
+  selector:
+    {{- include "harvester-node-disk-manager-webhook.selectorLabels" . | nindent 4 }}
+  ports:
+    - name: https
+      port: 443
+      protocol: TCP
+      targetPort: {{ .Values.webhook.httpsPort }}
\ No newline at end of file
diff --git a/deploy/charts/harvester-node-disk-manager/values.yaml b/deploy/charts/harvester-node-disk-manager/values.yaml
index 611ec5c7..c2b40eb5 100644
--- a/deploy/charts/harvester-node-disk-manager/values.yaml
+++ b/deploy/charts/harvester-node-disk-manager/values.yaml
@@ -6,7 +6,16 @@ image:
   repository: rancher/harvester-node-disk-manager
   pullPolicy: IfNotPresent
   # Overrides the image tag whose default is the chart appVersion.
-  tag: ""
+  tag: "master-head"
+
+webhook:
+  replicas: 1
+  image:
+    repository: rancher/harvester-node-disk-manager-webhook
+    pullPolicy: IfNotPresent
+    # Overrides the image tag whose default is the chart appVersion.
+    tag: "master-head"
+  httpsPort: 8443
 
 imagePullSecrets: []
 nameOverride: ""
diff --git a/package/Dockerfile.webhook b/package/Dockerfile.webhook
new file mode 100644
index 00000000..a83c41c6
--- /dev/null
+++ b/package/Dockerfile.webhook
@@ -0,0 +1,22 @@
+# syntax=docker/dockerfile:1.7.0
+
+FROM registry.suse.com/bci/bci-base:15.6
+
+# util-linux-systemd -> for `lsblk` command
+# e2fsprogs -> for `mkfs.ext4` command
+# iproute2 -> for `ip` command
+#RUN zypper -n rm container-suseconnect && \
+#    zypper -n install util-linux-systemd e2fsprogs iproute2 && \
+#    zypper -n clean -a && rm -rf /tmp/* /var/tmp/* /usr/share/doc/packages/*
+
+ARG TARGETPLATFORM
+
+RUN if [ "$TARGETPLATFORM" != "linux/amd64" ] && [ "$TARGETPLATFORM" != "linux/arm64" ]; then \
+    echo "Error: Unsupported TARGETPLATFORM: $TARGETPLATFORM" && \
+    exit 1; \
+    fi
+
+ENV ARCH=${TARGETPLATFORM#linux/}
+
+COPY bin/node-disk-manager-webhook-${ARCH} /usr/bin/node-disk-manager-webhook
+CMD ["node-disk-manager-webhook"]
diff --git a/scripts/build b/scripts/build
index 8f4cba16..b463d84f 100755
--- a/scripts/build
+++ b/scripts/build
@@ -15,4 +15,5 @@ LINKFLAGS="-X github.com/harvester/node-disk-manager/pkg/version.Version=$VERSIO
 
 for arch in "amd64" "arm64"; do
     GOARCH="$arch" CGO_ENABLED=0 go build -ldflags "$LINKFLAGS $OTHER_LINKFLAGS" -o bin/node-disk-manager-"$arch" cmd/node-disk-manager/main.go
+    GOARCH="$arch" CGO_ENABLED=0 go build -ldflags "$LINKFLAGS $OTHER_LINKFLAGS" -o bin/node-disk-manager-webhook-"$arch" cmd/node-disk-manager-webhook/main.go
 done
\ No newline at end of file
diff --git a/scripts/package b/scripts/package
index b45d182f..2ca80568 100755
--- a/scripts/package
+++ b/scripts/package
@@ -1,22 +1,5 @@
 #!/bin/bash
 set -e
 
-source $(dirname $0)/version
-
-cd $(dirname $0)/..
-
-IMAGE=${REPO}/node-disk-manager:${TAG}
-if [[ -n ${BUILD_FOR_CI} ]]; then
-    IMAGE=ttl.sh/node-disk-manager-${TAG}:1h
-fi
-DOCKERFILE=package/Dockerfile
-if [ -e ${DOCKERFILE}.${ARCH} ]; then
-    DOCKERFILE=${DOCKERFILE}.${ARCH}
-fi
-
-buildx build --load -f ${DOCKERFILE} -t ${IMAGE} .
-echo Built ${IMAGE}
-if [[ -n ${BUILD_FOR_CI} ]]; then
-    docker push ${IMAGE}
-    echo ${IMAGE} pushed
-fi
+./package_controller
+./package_webhook
\ No newline at end of file
diff --git a/scripts/package_controller b/scripts/package_controller
new file mode 100755
index 00000000..b45d182f
--- /dev/null
+++ b/scripts/package_controller
@@ -0,0 +1,22 @@
+#!/bin/bash
+set -e
+
+source $(dirname $0)/version
+
+cd $(dirname $0)/..
+
+IMAGE=${REPO}/node-disk-manager:${TAG}
+if [[ -n ${BUILD_FOR_CI} ]]; then
+    IMAGE=ttl.sh/node-disk-manager-${TAG}:1h
+fi
+DOCKERFILE=package/Dockerfile
+if [ -e ${DOCKERFILE}.${ARCH} ]; then
+    DOCKERFILE=${DOCKERFILE}.${ARCH}
+fi
+
+buildx build --load -f ${DOCKERFILE} -t ${IMAGE} .
+echo Built ${IMAGE}
+if [[ -n ${BUILD_FOR_CI} ]]; then
+    docker push ${IMAGE}
+    echo ${IMAGE} pushed
+fi
diff --git a/scripts/package_webhook b/scripts/package_webhook
new file mode 100755
index 00000000..3ec4665c
--- /dev/null
+++ b/scripts/package_webhook
@@ -0,0 +1,22 @@
+#!/bin/bash
+set -e
+
+source $(dirname $0)/version
+
+cd $(dirname $0)/..
+
+IMAGE=${REPO}/node-disk-manager-webhook:${TAG}
+if [[ -n ${BUILD_FOR_CI} ]]; then
+    IMAGE=ttl.sh/node-disk-manager-webhook-${TAG}:1h
+fi
+DOCKERFILE=package/Dockerfile.webhook
+if [ -e ${DOCKERFILE}.${ARCH} ]; then
+    DOCKERFILE=${DOCKERFILE}.${ARCH}
+fi
+
+buildx build --load -f ${DOCKERFILE} -t ${IMAGE} .
+echo Built ${IMAGE}
+if [[ -n ${BUILD_FOR_CI} ]]; then
+    docker push ${IMAGE}
+    echo ${IMAGE} pushed
+fi