fix web deployments with AddToScheme for missing resources (#363)

* fix web deployments with AddToScheme for missing resources

* make manifests

* make all

* Automated commit: update images.

* undo some of the changes

* Automated commit: update images.

Author: sroettger

dist/resources/kctf-operator.clusterserviceversion.yaml

@@ -14,7 +14,7 @@ metadata:
         }
       ]
     capabilities: Basic Install
-    operators.operatorframework.io/builder: operator-sdk-v1.14.0+git
+    operators.operatorframework.io/builder: operator-sdk-v1.17.0+git
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
   name: kctf-operator.v0.0.1
   namespace: placeholder
@@ -72,6 +72,18 @@ spec:
           - patch
           - update
           - watch
+        - apiGroups:
+          - cloud.google.com
+          resources:
+          - backendconfigs
+          verbs:
+          - create
+          - delete
+          - get
+          - list
+          - patch
+          - update
+          - watch
         - apiGroups:
           - ""
           resources:
@@ -206,6 +218,18 @@ spec:
           - get
           - patch
           - update
+        - apiGroups:
+          - networking.gke.io
+          resources:
+          - managedcertificates
+          verbs:
+          - create
+          - delete
+          - get
+          - list
+          - patch
+          - update
+          - watch
         - apiGroups:
           - networking.k8s.io
           resources:
@@ -304,6 +328,7 @@ spec:
                   value: 0.0.0.0/0
                 - name: SECURITY_POLICY
                   value: kctf-policy
+
                 image: eu.gcr.io/kctf-testing/kctf-operator:dev
                 livenessProbe:
                   httpGet:

dist/resources/operator.yaml

@@ -4194,6 +4194,18 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - cloud.google.com
+  resources:
+  - backendconfigs
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - ""
   resources:
@@ -4328,6 +4340,18 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - networking.gke.io
+  resources:
+  - managedcertificates
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - networking.k8s.io
   resources:
@@ -4520,7 +4544,7 @@ spec:
           value: 0.0.0.0/0
         - name: SECURITY_POLICY
           value: DISABLED
-        image: gcr.io/kctf-docker/kctf-operator@sha256:44399c2da5c9ff858a858b7a0163bafc95517345ca94f24b3e782078e5bc4faf
+        image: gcr.io/kctf-docker/kctf-operator@sha256:12d5b1132b01434f0977e856cd700d98e18fdbfdaaa9959ad25335eb06e83d88
         livenessProbe:
           httpGet:
             path: /healthz

kctf-operator/bundle.Dockerfile

@@ -6,7 +6,7 @@ LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/
 LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
 LABEL operators.operatorframework.io.bundle.package.v1=kctf-operator
 LABEL operators.operatorframework.io.bundle.channels.v1=alpha
-LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.14.0+git
+LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.17.0+git
 LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1
 LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v3
 

kctf-operator/bundle/manifests/kctf-operator.clusterserviceversion.yaml

@@ -14,7 +14,7 @@ metadata:
         }
       ]
     capabilities: Basic Install
-    operators.operatorframework.io/builder: operator-sdk-v1.14.0+git
+    operators.operatorframework.io/builder: operator-sdk-v1.17.0+git
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
   name: kctf-operator.v0.0.1
   namespace: placeholder
@@ -72,6 +72,18 @@ spec:
           - patch
           - update
           - watch
+        - apiGroups:
+          - cloud.google.com
+          resources:
+          - backendconfigs
+          verbs:
+          - create
+          - delete
+          - get
+          - list
+          - patch
+          - update
+          - watch
         - apiGroups:
           - ""
           resources:
@@ -206,6 +218,18 @@ spec:
           - get
           - patch
           - update
+        - apiGroups:
+          - networking.gke.io
+          resources:
+          - managedcertificates
+          verbs:
+          - create
+          - delete
+          - get
+          - list
+          - patch
+          - update
+          - watch
         - apiGroups:
           - networking.k8s.io
           resources:

kctf-operator/bundle/metadata/annotations.yaml

@@ -5,7 +5,7 @@ annotations:
   operators.operatorframework.io.bundle.metadata.v1: metadata/
   operators.operatorframework.io.bundle.package.v1: kctf-operator
   operators.operatorframework.io.bundle.channels.v1: alpha
-  operators.operatorframework.io.metrics.builder: operator-sdk-v1.14.0+git
+  operators.operatorframework.io.metrics.builder: operator-sdk-v1.17.0+git
   operators.operatorframework.io.metrics.mediatype.v1: metrics+v1
   operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3
 

kctf-operator/config/rbac/role.yaml

@@ -42,6 +42,18 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - cloud.google.com
+  resources:
+  - backendconfigs
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - ""
   resources:
@@ -176,6 +188,18 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - networking.gke.io
+  resources:
+  - managedcertificates
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - networking.k8s.io
   resources:

kctf-operator/controllers/challenge_controller.go

@@ -73,6 +73,8 @@ type ChallengeReconciler struct {
 //+kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterroles,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterrolebindings,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=cloud.google.com,resources=backendconfigs,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=networking.gke.io,resources=managedcertificates,verbs=get;list;watch;create;update;patch;delete
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.

kctf-operator/controllers/service/service.go

@@ -70,8 +70,7 @@ func generateBackendConfig(challenge *kctfv1.Challenge) *backendv1.BackendConfig
 			Name:      challenge.Name,
 			Namespace: challenge.Namespace,
 		},
-		Spec: backendv1.BackendConfigSpec{
-		},
+		Spec: backendv1.BackendConfigSpec{},
 	}
 	if os.Getenv("SECURITY_POLICY") != "DISABLED" {
 		config.Spec.SecurityPolicy = &backendv1.SecurityPolicyConfig{

kctf-operator/main.go

@@ -24,9 +24,11 @@ import (
 	// to ensure that exec-entrypoint and run can make use of them.
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 
+	gkenetv1 "github.com/GoogleCloudPlatform/gke-managed-certs/pkg/apis/networking.gke.io/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
+	backendv1 "k8s.io/ingress-gce/pkg/apis/backendconfig/v1"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
@@ -47,6 +49,8 @@ func init() {
 	utilruntime.Must(clientgoscheme.AddToScheme(scheme))
 
 	utilruntime.Must(kctfv1.AddToScheme(scheme))
+	utilruntime.Must(backendv1.AddToScheme(scheme))
+	utilruntime.Must(gkenetv1.AddToScheme(scheme))
 	//+kubebuilder:scaffold:scheme
 }
 

kctf-operator/operator.yaml

@@ -4194,6 +4194,18 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - cloud.google.com
+  resources:
+  - backendconfigs
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - ""
   resources:
@@ -4328,6 +4340,18 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - networking.gke.io
+  resources:
+  - managedcertificates
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - networking.k8s.io
   resources: