common: add webhook related build and deploy scripts

Signed-off-by: Vicente Cheng <vicente.cheng@suse.com>
(cherry picked from commit e65be38)

.github/workflows/factory.yaml

@@ -11,6 +11,7 @@ on:
 env:
   repo: "rancher"
   controllerImageName: "harvester-node-disk-manager"
+  webhookImageName: "harvester-node-disk-manager-webhook"
 
 jobs:
   dapper-build:
@@ -54,4 +55,14 @@ jobs:
         platforms: linux/amd64,linux/arm64
         file: package/Dockerfile
         push: ${{ inputs.push }}
-        tags: ${{ env.repo }}/${{ env.controllerImageName }}:${{ inputs.tag }}
+        tags: ${{ env.repo }}/${{ env.controllerImageName }}:${{ inputs.tag }}
+
+    - name: Docker Build (Webhook)
+      uses: docker/build-push-action@v5
+      with:
+        provenance: false
+        context: .
+        platforms: linux/amd64,linux/arm64
+        file: package/Dockerfile.webhook
+        push: ${{ inputs.push }}
+        tags: ${{ env.repo }}/${{ env.webhookImageName }}:${{ inputs.tag }}

deploy/charts/harvester-node-disk-manager/templates/_helpers.tpl

@@ -50,6 +50,27 @@ app.kubernetes.io/name: {{ include "harvester-node-disk-manager.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
+{{/*
+Webhook labels
+*/}}
+{{- define "harvester-node-disk-manager-webhook.labels" -}}
+helm.sh/chart: {{ include "harvester-node-disk-manager.chart" . }}
+{{ include "harvester-node-disk-manager-webhook.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/component: webhook
+{{- end }}
+
+{{/*
+Webhook Selector labels
+*/}}
+{{- define "harvester-node-disk-manager-webhook.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "harvester-node-disk-manager.name" . }}-webhook
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
 {{/*
 Create the name of the service account to use
 */}}

deploy/charts/harvester-node-disk-manager/templates/rbac.yaml

@@ -35,3 +35,43 @@ subjects:
   - kind: ServiceAccount
     name: {{ include "harvester-node-disk-manager.name" . }}
     namespace: {{ .Release.Namespace }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: harvester-node-disk-manager-webhook
+  namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: harvester-node-disk-manager-webhook
+rules:
+  - apiGroups: [ "" ]
+    resources: [ "secrets", "configmaps" ]
+    verbs: [ "*" ]
+  - apiGroups: [ "harvesterhci.io" ]
+    resources: [ "blockdevices" ]
+    verbs: [ "*" ]
+  - apiGroups: [ "apiregistration.k8s.io" ]
+    resources: [ "apiservices" ]
+    verbs: [ "get", "watch", "list" ]
+  - apiGroups: [ "apiextensions.k8s.io" ]
+    resources: [ "customresourcedefinitions" ]
+    verbs: [ "get", "watch", "list" ]
+  - apiGroups: [ "admissionregistration.k8s.io" ]
+    resources: [ "validatingwebhookconfigurations", "mutatingwebhookconfigurations" ]
+    verbs: [ "*" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: harvester-node-disk-manager-webhook
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: harvester-node-disk-manager-webhook
+subjects:
+  - kind: ServiceAccount
+    name: harvester-node-disk-manager-webhook
+    namespace: {{ .Release.Namespace }}

deploy/charts/harvester-node-disk-manager/templates/webhook.yaml

@@ -0,0 +1,45 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "harvester-node-disk-manager-webhook.labels" . | nindent 4 }}
+  name: harvester-node-disk-manager-webhook
+spec:
+  replicas: {{ .Values.webhook.replicas }}
+  selector:
+    matchLabels:
+      {{- include "harvester-node-disk-manager-webhook.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "harvester-node-disk-manager-webhook.labels" . | nindent 8 }}
+    spec:
+      serviceAccountName: harvester-node-disk-manager-webhook
+      containers:
+        - name: harvester-node-disk-manager-webhook
+          image: "{{ .Values.webhook.image.repository }}:{{ .Values.webhook.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.webhook.image.pullPolicy }}
+          env:
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          command:
+            - node-disk-manager-webhook
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: harvester-node-disk-manager-webhook
+  namespace: {{ .Release.Namespace }}
+spec:
+  type: ClusterIP
+  selector:
+    {{- include "harvester-node-disk-manager-webhook.selectorLabels" . | nindent 4 }}
+  ports:
+    - name: https
+      port: 443
+      protocol: TCP
+      targetPort: {{ .Values.webhook.httpsPort }}

deploy/charts/harvester-node-disk-manager/values.yaml

@@ -6,7 +6,16 @@ image:
   repository: rancher/harvester-node-disk-manager
   pullPolicy: IfNotPresent
   # Overrides the image tag whose default is the chart appVersion.
-  tag: ""
+  tag: "master-head"
+
+webhook:
+  replicas: 1
+  image:
+    repository: rancher/harvester-node-disk-manager-webhook
+    pullPolicy: IfNotPresent
+    # Overrides the image tag whose default is the chart appVersion.
+    tag: "master-head"
+  httpsPort: 8443
 
 imagePullSecrets: []
 nameOverride: ""

package/Dockerfile.webhook

@@ -0,0 +1,15 @@
+# syntax=docker/dockerfile:1.7.0
+
+FROM registry.suse.com/bci/bci-base:15.6
+
+ARG TARGETPLATFORM
+
+RUN if [ "$TARGETPLATFORM" != "linux/amd64" ] && [ "$TARGETPLATFORM" != "linux/arm64" ]; then \
+    echo "Error: Unsupported TARGETPLATFORM: $TARGETPLATFORM" && \
+    exit 1; \
+    fi
+
+ENV ARCH=${TARGETPLATFORM#linux/}
+
+COPY bin/node-disk-manager-webhook-${ARCH} /usr/bin/node-disk-manager-webhook
+CMD ["node-disk-manager-webhook"]

scripts/build

@@ -15,4 +15,5 @@ LINKFLAGS="-X github.com/harvester/node-disk-manager/pkg/version.Version=$VERSIO
 
 for arch in "amd64" "arm64"; do
     GOARCH="$arch" CGO_ENABLED=0 go build -ldflags "$LINKFLAGS $OTHER_LINKFLAGS" -o bin/node-disk-manager-"$arch" cmd/node-disk-manager/main.go
+    GOARCH="$arch" CGO_ENABLED=0 go build -ldflags "$LINKFLAGS $OTHER_LINKFLAGS" -o bin/node-disk-manager-webhook-"$arch" cmd/node-disk-manager-webhook/main.go
 done

scripts/package

@@ -1,22 +1,5 @@
 #!/bin/bash
 set -e
 
-source $(dirname $0)/version
-
-cd $(dirname $0)/..
-
-IMAGE=${REPO}/node-disk-manager:${TAG}
-if [[ -n ${BUILD_FOR_CI} ]]; then
-    IMAGE=ttl.sh/node-disk-manager-${TAG}:1h
-fi
-DOCKERFILE=package/Dockerfile
-if [ -e ${DOCKERFILE}.${ARCH} ]; then
-    DOCKERFILE=${DOCKERFILE}.${ARCH}
-fi
-
-buildx build --load -f ${DOCKERFILE} -t ${IMAGE} .
-echo Built ${IMAGE}
-if [[ -n ${BUILD_FOR_CI} ]]; then
-    docker push ${IMAGE}
-    echo ${IMAGE} pushed
-fi
+./package_controller
+./package_webhook

scripts/package_controller

@@ -0,0 +1,22 @@
+#!/bin/bash
+set -e
+
+source $(dirname $0)/version
+
+cd $(dirname $0)/..
+
+IMAGE=${REPO}/node-disk-manager:${TAG}
+if [[ -n ${BUILD_FOR_CI} ]]; then
+    IMAGE=ttl.sh/node-disk-manager-${TAG}:1h
+fi
+DOCKERFILE=package/Dockerfile
+if [ -e ${DOCKERFILE}.${ARCH} ]; then
+    DOCKERFILE=${DOCKERFILE}.${ARCH}
+fi
+
+buildx build --load -f ${DOCKERFILE} -t ${IMAGE} .
+echo Built ${IMAGE}
+if [[ -n ${BUILD_FOR_CI} ]]; then
+    docker push ${IMAGE}
+    echo ${IMAGE} pushed
+fi

scripts/package_webhook

@@ -0,0 +1,22 @@
+#!/bin/bash
+set -e
+
+source $(dirname $0)/version
+
+cd $(dirname $0)/..
+
+IMAGE=${REPO}/node-disk-manager-webhook:${TAG}
+if [[ -n ${BUILD_FOR_CI} ]]; then
+    IMAGE=ttl.sh/node-disk-manager-webhook-${TAG}:1h
+fi
+DOCKERFILE=package/Dockerfile.webhook
+if [ -e ${DOCKERFILE}.${ARCH} ]; then
+    DOCKERFILE=${DOCKERFILE}.${ARCH}
+fi
+
+buildx build --load -f ${DOCKERFILE} -t ${IMAGE} .
+echo Built ${IMAGE}
+if [[ -n ${BUILD_FOR_CI} ]]; then
+    docker push ${IMAGE}
+    echo ${IMAGE} pushed
+fi