Devbox rbac

.github/workflows/controllers.yml

@@ -99,6 +99,7 @@ jobs:
           - { name: job-heartbeat, path: job/heartbeat }
           - { name: resources, path: resources }
           - { name: node, path: node }
+          - { name: devbox, path: devbox}
           - { name: objectstorage, path: objectstorage }
     steps:
       - name: Checkout
@@ -201,6 +202,7 @@ jobs:
           - { name: job-heartbeat, path: job/heartbeat }
           - { name: resources, path: resources }
           - { name: node, path: node }
+          - { name: devbox, path: devbox }
           - { name: objectstorage, path: objectstorage }
     steps:
       - name: Checkout

controllers/devbox/config/crd/bases/devbox.sealos.io_devboxes.yaml

@@ -17,7 +17,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.15.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: devboxes.devbox.sealos.io
 spec:
   group: devbox.sealos.io
@@ -90,7 +90,7 @@ spec:
                             Defaults to "TCP".
                           type: string
                       required:
-                        - containerPort
+                      - containerPort
                       type: object
                     type: array
                   type:

controllers/devbox/config/crd/bases/devbox.sealos.io_devboxreleases.yaml

@@ -17,7 +17,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.15.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: devboxreleases.devbox.sealos.io
 spec:
   group: devbox.sealos.io

controllers/devbox/config/crd/bases/devbox.sealos.io_operationrequests.yaml

@@ -17,7 +17,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.15.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: operationrequests.devbox.sealos.io
 spec:
   group: devbox.sealos.io

controllers/devbox/config/crd/bases/devbox.sealos.io_runtimeclasses.yaml

@@ -17,7 +17,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.15.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: runtimeclasses.devbox.sealos.io
 spec:
   group: devbox.sealos.io
@@ -57,15 +57,15 @@ spec:
                 type: string
               kind:
                 enum:
-                  - OS
-                  - Language
-                  - Framework
+                - OS
+                - Language
+                - Framework
                 type: string
               title:
                 type: string
             required:
-              - kind
-              - title
+            - kind
+            - title
             type: object
           status:
             description: RuntimeClassStatus defines the observed state of RuntimeClass

controllers/devbox/config/crd/bases/devbox.sealos.io_runtimes.yaml

@@ -17,7 +17,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.15.0
+    controller-gen.kubebuilder.io/version: v0.14.0
   name: runtimes.devbox.sealos.io
 spec:
   group: devbox.sealos.io

controllers/devbox/config/manager/kustomization.yaml

@@ -18,5 +18,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
 - name: controller
-  newName: docker.io/lingdie/sealos-devbox-controller
+  newName: ghcr.io/labring/sealos-devbox-controller
   newTag: latest

controllers/devbox/config/rbac/role.yaml

@@ -19,9 +19,9 @@ metadata:
   name: manager-role
 rules:
 - apiGroups:
-  - devbox.sealos.io
+  - ""
   resources:
-  - devboxes
+  - pods
   verbs:
   - create
   - delete
@@ -31,23 +31,41 @@ rules:
   - update
   - watch
 - apiGroups:
-  - devbox.sealos.io
+  - ""
   resources:
-  - devboxes/finalizers
+  - pods/status
   verbs:
+  - get
+  - patch
   - update
 - apiGroups:
-  - devbox.sealos.io
+  - ""
   resources:
-  - devboxes/status
+  - secrets
   verbs:
+  - create
+  - delete
   - get
+  - list
   - patch
   - update
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - services
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - devbox.sealos.io
   resources:
-  - devboxreleases
+  - devboxes
   verbs:
   - create
   - delete
@@ -59,21 +77,21 @@ rules:
 - apiGroups:
   - devbox.sealos.io
   resources:
-  - devboxreleases/finalizers
+  - devboxes/finalizers
   verbs:
   - update
 - apiGroups:
   - devbox.sealos.io
   resources:
-  - devboxreleases/status
+  - devboxes/status
   verbs:
   - get
   - patch
   - update
 - apiGroups:
   - devbox.sealos.io
   resources:
-  - operationrequests
+  - devboxreleases
   verbs:
   - create
   - delete
@@ -85,13 +103,13 @@ rules:
 - apiGroups:
   - devbox.sealos.io
   resources:
-  - operationrequests/finalizers
+  - devboxreleases/finalizers
   verbs:
   - update
 - apiGroups:
   - devbox.sealos.io
   resources:
-  - operationrequests/status
+  - devboxreleases/status
   verbs:
   - get
   - patch

controllers/devbox/deploy/Kubefile

@@ -0,0 +1,13 @@
+FROM scratch
+
+USER 65532:65532
+
+COPY registry registry
+COPY manifests manifests
+
+ENV registryAddr="sealos.hub:5000"
+ENV registryUser=admin
+ENV registryPassword=passw0rd
+ENV authAddr="sealos.hub:5000"
+
+CMD ["kubectl apply -f manifests"]