shalm-controller running inside cluster

Dockerfile

@@ -3,7 +3,7 @@ FROM golang:1.13-alpine as builder
 
 WORKDIR /workspace
 
-ADD https://storage.googleapis.com/kubernetes-release/release/v1.6.4/bin/linux/amd64/kubectl /workspace/kubectl
+ADD https://storage.googleapis.com/kubernetes-release/release/v1.17.0/bin/linux/amd64/kubectl /workspace/kubectl
 RUN chmod +x /workspace/kubectl
 
 # Copy the Go Modules manifests
@@ -25,12 +25,12 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o shalm ma
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM gcr.io/distroless/static:nonroot
+# FROM gcr.io/distroless/static
+FROM alpine
 
 WORKDIR /app
 ENV HOME=/app
 COPY --from=builder /workspace/shalm .
 COPY --from=builder /workspace/kubectl /usr/bin/kubectl
-USER nonroot:nonroot
 
 ENTRYPOINT ["/app/shalm","controller"]

charts/shalm/templates/deployment.yaml

@@ -0,0 +1,21 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: shalm-controller
+  labels:
+    app: shalm-controller
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: shalm-controller
+  template:
+    metadata:
+      labels:
+        app: shalm-controller
+    spec:
+      serviceAccountName: shalm-controller
+      containers:
+      - name: shalm-controller
+        image: shalm-controller:latest
+        imagePullPolicy: Never

charts/shalm/templates/rbac.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: shalm-controller
+  namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: shalm-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+  - kind: ServiceAccount
+    name: shalm-controller
+    namespace: {{ .Release.Namespace }}

pkg/shalm/chart_init.go

@@ -114,7 +114,7 @@ func (c *chartImpl) init(thread *starlark.Thread, repo Repo, args starlark.Tuple
 			if err != nil {
 				return starlark.None, err
 			}
-			return &k8sValueImpl{&k8sImpl{kubeconfig: kubeconfig, namespace: c.namespace}}, nil
+			return &k8sValueImpl{&k8sImpl{kubeconfig: &kubeconfig, namespace: c.namespace}}, nil
 		}),
 	}
 	globals, err := starlark.ExecFile(thread, file, nil, internal)

pkg/shalm/k8s.go

@@ -17,19 +17,23 @@ import (
 func NewK8s() K8s {
 	kubeconfig, ok := os.LookupEnv("KUBECONFIG")
 	if !ok {
+		_, ok = os.LookupEnv("KUBERNETES_SERVICE_HOST")
+		if ok {
+			return &k8sImpl{}
+		}
 		home, err := os.UserHomeDir()
 		if err != nil {
 			panic(err)
 		}
 		kubeconfig = path.Join(home, ".kube", "config")
 	}
-	return &k8sImpl{kubeconfig: kubeconfig}
+	return &k8sImpl{kubeconfig: &kubeconfig}
 }
 
 // k8sImpl -
 type k8sImpl struct {
 	namespace  string
-	kubeconfig string
+	kubeconfig *string
 	cmd        string
 }
 
@@ -38,7 +42,10 @@ var (
 )
 
 func (k *k8sImpl) Inspect() string {
-	return "kubeconfig = " + k.kubeconfig + " namespace = " + k.namespace
+	if k.kubeconfig != nil {
+		return "kubeconfig = " + *k.kubeconfig + " namespace = " + k.namespace
+	}
+	return "namespace = " + k.namespace
 }
 
 // Apply -
@@ -115,7 +122,11 @@ func run(cmd *exec.Cmd) error {
 }
 
 func (k *k8sImpl) kubectl(command string, options *K8sOptions, flags ...string) *exec.Cmd {
-	flags = append([]string{command, "--kubeconfig", k.kubeconfig}, flags...)
+	if k.kubeconfig != nil {
+		flags = append([]string{command, "--kubeconfig", *k.kubeconfig}, flags...)
+	} else {
+		flags = append([]string{command}, flags...)
+	}
 	if options.Namespaced {
 		flags = append(flags, "-n", k.namespace)
 	}

pkg/shalm/k8s_test.go

@@ -35,7 +35,7 @@ var _ = Describe("k8s", func() {
 		writer := &bytes.Buffer{}
 		err := k8s.Get("kind", "name", writer, &K8sOptions{})
 		Expect(err).NotTo(HaveOccurred())
-		Expect(writer.String()).To(Equal("get --kubeconfig  kind name -o json\n"))
+		Expect(writer.String()).To(Equal("get kind name -o json\n"))
 	})
 	// It("watch works", func() {
 	// 	reader, err := k8s.Watch("kind", "name", &K8sOptions{})