Configure the KinD cluster to expose the compliance events API

Signed-off-by: mprahl <[email protected]>
(cherry picked from commit b9ce393)

Makefile

@@ -33,6 +33,7 @@ CONTROLLER_NAMESPACE ?= open-cluster-management
 # Handle KinD configuration
 CLUSTER_NAME ?= hub
 KIND_NAMESPACE ?= $(CONTROLLER_NAMESPACE)
+POSTGRES_HOST ?= localhost
 
 # Test coverage threshold
 export COVERAGE_MIN ?= 75
@@ -143,6 +144,7 @@ generate-operator-yaml: kustomize manifests
 ############################################################
 
 .PHONY: kind-bootstrap-cluster
+kind-bootstrap-cluster: POSTGRES_HOST=postgres
 kind-bootstrap-cluster: kind-bootstrap-cluster-dev webhook kind-deploy-controller install-resources
 
 .PHONY: kind-bootstrap-cluster-dev
@@ -169,7 +171,7 @@ postgres: cert-manager
 	kubectl -n $(KIND_NAMESPACE) create secret generic governance-policy-database \
 		--from-literal="user=grc" \
 		--from-literal="password=grc" \
-		--from-literal="host=localhost" \
+		--from-literal="host=$(POSTGRES_HOST)" \
 		--from-literal="dbname=ocm-compliance-history" \
 		--from-literal="ca=$$(kubectl -n $(KIND_NAMESPACE) get secret postgres-cert -o json | jq -r '.data["ca.crt"]' | base64 -d)"
 
@@ -192,11 +194,13 @@ kind-deploy-controller: manifests
 
 .PHONY: kind-deploy-controller-dev
 kind-deploy-controller-dev: kind-deploy-controller
-	@echo Pushing image to KinD cluster
-	kind load docker-image $(REGISTRY)/$(IMG):$(TAG) --name $(KIND_NAME)
 	@echo "Patch deployment image"
 	kubectl patch deployment $(IMG) -n $(KIND_NAMESPACE) -p "{\"spec\":{\"template\":{\"spec\":{\"containers\":[{\"name\":\"$(IMG)\",\"imagePullPolicy\":\"Never\"}]}}}}"
 	kubectl patch deployment $(IMG) -n $(KIND_NAMESPACE) -p "{\"spec\":{\"template\":{\"spec\":{\"containers\":[{\"name\":\"$(IMG)\",\"image\":\"$(REGISTRY)/$(IMG):$(TAG)\"}]}}}}"
+
+	@echo Pushing image to KinD cluster
+	kind load docker-image $(REGISTRY)/$(IMG):$(TAG) --name $(KIND_NAME)
+	kubectl rollout restart deployment/$(IMG) -n $(KIND_NAMESPACE)
 	kubectl rollout status -n $(KIND_NAMESPACE) deployment $(IMG) --timeout=180s
 
 # Specify KIND_VERSION to indicate the version tag of the KinD image

build/kind/kind-config.yaml

@@ -6,3 +6,5 @@ nodes:
   extraPortMappings:
   - containerPort: 30543
     hostPort: 5432
+  - containerPort: 30838
+    hostPort: 8384

build/kind/postgres.yaml

@@ -23,6 +23,21 @@ spec:
       nodePort: 30543
   type: NodePort
 ---
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres
+  namespace: open-cluster-management
+  labels:
+    app: postgres
+spec:
+  selector:
+    app: postgres
+  ports:
+    - name: postgres
+      port: 5432
+      targetPort: 5432
+---
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
@@ -32,6 +47,7 @@ spec:
   dnsNames:
     - postgres-external.open-cluster-management.svc
     - postgres-external.open-cluster-management.svc.cluster.local
+    - postgres
     - localhost
   issuerRef:
     kind: Issuer
@@ -100,3 +116,20 @@ spec:
         - name: postgres-db
           emptyDir:
             sizeLimit: 250Mi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: compliance-api-external
+  namespace: open-cluster-management
+  labels:
+    app: compliance-api
+spec:
+  selector:
+    name: governance-policy-propagator
+  ports:
+    - name: compliance-api-external
+      port: 8384
+      targetPort: 8384
+      nodePort: 30838
+  type: NodePort

deploy/manager/manager.yaml

@@ -29,10 +29,14 @@ spec:
             - "--health-probe-bind-address=:8081"
             - "--metrics-bind-address=:8383"
             - "--leader-elect"
+            - "--event-history-api-host=0.0.0.0"
           ports:
             - containerPort: 8383
               protocol: TCP
               name: http
+            - containerPort: 8384
+              protocol: TCP
+              name: compliance-api
             - containerPort: 9443
               protocol: TCP
               name: webhook-http
@@ -59,3 +63,15 @@ spec:
         secret:
           defaultMode: 420
           secretName: propagator-webhook-server-cert
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: governance-compliance-api
+spec:
+  ports:
+  - port: 8384
+    protocol: TCP
+    targetPort: 8384
+  selector:
+    name: governance-policy-propagator

deploy/operator.yaml

@@ -238,6 +238,18 @@ subjects:
   name: governance-policy-propagator
   namespace: open-cluster-management
 ---
+apiVersion: v1
+kind: Service
+metadata:
+  name: governance-compliance-api
+spec:
+  ports:
+  - port: 8384
+    protocol: TCP
+    targetPort: 8384
+  selector:
+    name: governance-policy-propagator
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -263,6 +275,7 @@ spec:
         - --health-probe-bind-address=:8081
         - --metrics-bind-address=:8383
         - --leader-elect
+        - --event-history-api-host=0.0.0.0
         command:
         - governance-policy-propagator
         env:
@@ -285,6 +298,9 @@ spec:
         - containerPort: 8383
           name: http
           protocol: TCP
+        - containerPort: 8384
+          name: compliance-api
+          protocol: TCP
         - containerPort: 9443
           name: webhook-http
           protocol: TCP

main.go

@@ -158,7 +158,7 @@ func main() {
 		"The hostname that the event history API will listen on",
 	)
 	pflag.StringVar(
-		&eventHistoryAPIPort, "event-history-api-port", "5480",
+		&eventHistoryAPIPort, "event-history-api-port", "8384",
 		"The port that the event history API will listen on",
 	)