From 68fa214dd3440866bcc12aee243e3266dee3b76f Mon Sep 17 00:00:00 2001 From: Ryota Arai Date: Tue, 10 Jun 2025 08:58:16 +0900 Subject: [PATCH 1/5] chore(release): Release the kubectl plugin too. --- .goreleaser.yaml | 64 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 905d2d930..ef56cac49 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -20,9 +20,39 @@ builds: - -a ldflags: - -s -w -X github.com/pfnet/hierarchical-namespaces/cmd.Version={{.Version}} -X github.com/pfnet/hierarchical-namespaces/cmd.Revision={{.ShortCommit}} -extldflags "-static" +- id: kubectl-hns + env: + - CGO_ENABLED=0 + - GO111MODULE=on + main: ./cmd/kubectl/main.go + binary: kubectl-hns + goos: + - linux + - darwin + - windows + goarch: + - amd64 + - arm64 + flags: + - -a + ldflags: + - -s -w -X github.com/pfnet/hierarchical-namespaces/internal/version.Version={{.Version}} -extldflags "-static" + +archives: +- id: manager + ids: # builds IDs + - manager + name_template: 'hnc-manager_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ with .Arm }}v{{ . }}{{ end }}{{ with .Mips }}_{{ . }}{{ end }}{{ if not (eq .Amd64 "v1") }}{{ .Amd64 }}{{ end }}' +- id: kubectl-hns + ids: # builds IDs + - kubectl-hns + name_template: 'kubectl-hns_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ with .Arm }}v{{ . }}{{ end }}{{ with .Mips }}_{{ . }}{{ end }}{{ if not (eq .Amd64 "v1") }}{{ .Amd64 }}{{ end }}' + release: extra_files: - glob: "releases/hrq.yaml" + - glob: "dist/krew/hns.yaml" + name_template: 'kubectl-hns.krew.yaml' dockers: - image_templates: ["ghcr.io/pfnet/{{ .ProjectName }}:{{ .Version }}-amd64"] @@ -61,3 +91,37 @@ docker_manifests: image_templates: - ghcr.io/pfnet/{{ .ProjectName }}:{{ .Version }}-amd64 - ghcr.io/pfnet/{{ .ProjectName }}:{{ .Version }}-arm64v8 + +krews: +- name: hns + ids: # archives IDs + - kubectl-hns + short_description: Manage hierarchical namespaces (part of HNC) + skip_upload: true + description: | + Manipulates hierarchical namespaces provided by the Hierarchical Namespace + Controller (HNC). + + HNC allows you to arrange your namespaces into hierarchies, which enables + two key benefits: + * Owners of parent namespaces can create policies that are enforced on + all descendant namespaces. + * Users without cluster-level permissions to create namespaces can create + restricted "subnamespaces" instead. + + HNC is controlled via regular Kubernetes objects, but this plugin makes it + easy to create subnamespaces, arrange regular (full) namespaces into + hierarchies, and configure HNC to propagate different kinds of objects. + caveats: | + This plugin works best if you have the most recent minor version of HNC on + your cluster. Get the latest version of HNC, as well as prior versions of + this plugin, at: + + https://github.com/pfnet/hierarchical-namespaces + + Watch out for the following common misconceptions when using HNC: + + * Not all child namespaces are subnamespaces! + * Only RBAC Roles and RoleBindings are propagated by default, but you can configure more. + + The user guide contains much more information. From ae0b494f95eeb6be8c00fd99378fd4618e0984fe Mon Sep 17 00:00:00 2001 From: Ryota Arai Date: Tue, 10 Jun 2025 08:59:37 +0900 Subject: [PATCH 2/5] chore(Makefile): Remove krew-related build and installation steps from Makefile and delete krew manifest file. --- Makefile | 22 --------- hack/krew-kubectl-hns.yaml | 96 -------------------------------------- 2 files changed, 118 deletions(-) delete mode 100644 hack/krew-kubectl-hns.yaml diff --git a/Makefile b/Makefile index 4c0601063..84bc74ec5 100644 --- a/Makefile +++ b/Makefile @@ -454,25 +454,3 @@ endif ifeq ($(COULDNT_READ_RELEASE_IMG), 0) $(error The image ${HNC_RELEASE_IMG} already exists. Force and overwrite this image by using HNC_FORCE_RELEASE=true) endif - -# Generate the Krew manifest and put it in manifests/. Note that 'manifests' must exist because -# krew-build calls krew-tar calls build calls manifests. -krew-build: krew-tar - cp hack/krew-kubectl-hns.yaml manifests/krew-kubectl-hns.yaml - sed -i 's/HNC_KREW_TAR_SHA256/${HNC_KREW_TAR_SHA256}/' manifests/krew-kubectl-hns.yaml - sed -i 's/HNC_IMG_TAG/${HNC_IMG_TAG}/' manifests/krew-kubectl-hns.yaml - sed -i 's/HNC_RELEASE_REPO_OWNER/${HNC_RELEASE_REPO_OWNER}/' manifests/krew-kubectl-hns.yaml - -# This needs to be separate from krew-build so that the HNC_KREW_TAR_SHA256 env -# var can be evaluated before the recipe starts running. -krew-tar: build - cp LICENSE bin/kubectl - tar -zcvf bin/kubectl-hns.tar.gz bin/kubectl - -# Install kubectl plugin locally using krew. -krew-install: krew-build - kubectl krew install --manifest=manifests/krew-kubectl-hns.yaml --archive=bin/kubectl-hns.tar.gz - -# Uninstall kubectl plugin locally using krew. -krew-uninstall: - -kubectl krew uninstall hns diff --git a/hack/krew-kubectl-hns.yaml b/hack/krew-kubectl-hns.yaml deleted file mode 100644 index 89565b495..000000000 --- a/hack/krew-kubectl-hns.yaml +++ /dev/null @@ -1,96 +0,0 @@ -apiVersion: krew.googlecontainertools.github.com/v1alpha2 -kind: Plugin -metadata: - name: hns -spec: - shortDescription: Manage hierarchical namespaces (part of HNC) - description: | - Manipulates hierarchical namespaces provided by the Hierarchical Namespace - Controller (HNC). - - HNC allows you to arrange your namespaces into hierarchies, which enables - two key benefits: - * Owners of parent namespaces can create policies that are enforced on - all descendant namespaces. - * Users without cluster-level permissions to create namespaces can create - restricted "subnamespaces" instead. - - HNC is controlled via regular Kubernetes objects, but this plugin makes it - easy to create subnamespaces, arrange regular (full) namespaces into - hierarchies, and configure HNC to propagate different kinds of objects. - version: HNC_IMG_TAG - caveats: | - This plugin works best if you have the most recent minor version of HNC on - your cluster. Get the latest version of HNC, as well as prior versions of - this plugin, at: - - https://github.com/kubernetes-sigs/hierarchical-namespaces - - Watch out for the following common misconceptions when using HNC: - - * Not all child namespaces are subnamespaces! - * Only RBAC Roles and RoleBindings are propagated by default, but you can configure more. - - The user guide contains much more information. - homepage: https://github.com/HNC_RELEASE_REPO_OWNER/hierarchical-namespaces/tree/master/docs/user-guide - platforms: - - uri: https://github.com/HNC_RELEASE_REPO_OWNER/hierarchical-namespaces/releases/download/HNC_IMG_TAG/kubectl-hns.tar.gz - selector: - matchLabels: - os: linux - arch: amd64 - sha256: HNC_KREW_TAR_SHA256 - files: - - from: "bin/kubectl/kubectl-hns_linux_amd64" - to: "." - - from: "bin/kubectl/LICENSE" - to: "." - bin: "./kubectl-hns_linux_amd64" - - uri: https://github.com/HNC_RELEASE_REPO_OWNER/hierarchical-namespaces/releases/download/HNC_IMG_TAG/kubectl-hns.tar.gz - selector: - matchLabels: - os: linux - arch: arm64 - sha256: HNC_KREW_TAR_SHA256 - files: - - from: "bin/kubectl/kubectl-hns_linux_arm64" - to: "." - - from: "bin/kubectl/LICENSE" - to: "." - bin: "./kubectl-hns_linux_arm64" - - uri: https://github.com/HNC_RELEASE_REPO_OWNER/hierarchical-namespaces/releases/download/HNC_IMG_TAG/kubectl-hns.tar.gz - selector: - matchLabels: - os: darwin - arch: amd64 - sha256: HNC_KREW_TAR_SHA256 - files: - - from: "bin/kubectl/kubectl-hns_darwin_amd64" - to: "." - - from: "bin/kubectl/LICENSE" - to: "." - bin: "./kubectl-hns_darwin_amd64" - - uri: https://github.com/HNC_RELEASE_REPO_OWNER/hierarchical-namespaces/releases/download/HNC_IMG_TAG/kubectl-hns.tar.gz - selector: - matchLabels: - os: darwin - arch: arm64 - sha256: HNC_KREW_TAR_SHA256 - files: - - from: "bin/kubectl/kubectl-hns_darwin_arm64" - to: "." - - from: "bin/kubectl/LICENSE" - to: "." - bin: "./kubectl-hns_darwin_arm64" - - uri: https://github.com/HNC_RELEASE_REPO_OWNER/hierarchical-namespaces/releases/download/HNC_IMG_TAG/kubectl-hns.tar.gz - selector: - matchLabels: - os: windows - arch: amd64 - sha256: HNC_KREW_TAR_SHA256 - files: - - from: "bin/kubectl/kubectl-hns_windows_amd64.exe" - to: "." - - from: "bin/kubectl/LICENSE" - to: "." - bin: "./kubectl-hns_windows_amd64.exe" From f7cf70207185d520cefdc4f09e584c6e74513ba3 Mon Sep 17 00:00:00 2001 From: Ryota Arai Date: Tue, 10 Jun 2025 09:00:08 +0900 Subject: [PATCH 3/5] chore(.gitignore): Add 'dist/' directory to .gitignore. --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 18b87702b..0163d62b5 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ # Release files releases/ +dist/ # Binaries for programs and plugins *.exe From 11e3d58b08d67a59581462721d4e61131cb99841 Mon Sep 17 00:00:00 2001 From: Ryota Arai Date: Tue, 10 Jun 2025 09:11:17 +0900 Subject: [PATCH 4/5] fix(release): Update name_template for krew manifest to include version --- .goreleaser.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.goreleaser.yaml b/.goreleaser.yaml index ef56cac49..af3d13d0d 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -52,7 +52,7 @@ release: extra_files: - glob: "releases/hrq.yaml" - glob: "dist/krew/hns.yaml" - name_template: 'kubectl-hns.krew.yaml' + name_template: 'kubectl-hns_{{ .Version }}.krew.yaml' dockers: - image_templates: ["ghcr.io/pfnet/{{ .ProjectName }}:{{ .Version }}-amd64"] From c99fa20d9a4e90b2b684f07b4c6699fe9792db68 Mon Sep 17 00:00:00 2001 From: Ryota Arai Date: Tue, 10 Jun 2025 09:18:10 +0900 Subject: [PATCH 5/5] Revert "chore(Makefile): Remove krew-related build and installation steps from Makefile and delete krew manifest file." This reverts commit ae0b494f95eeb6be8c00fd99378fd4618e0984fe. --- Makefile | 22 +++++++++ hack/krew-kubectl-hns.yaml | 96 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 118 insertions(+) create mode 100644 hack/krew-kubectl-hns.yaml diff --git a/Makefile b/Makefile index 84bc74ec5..4c0601063 100644 --- a/Makefile +++ b/Makefile @@ -454,3 +454,25 @@ endif ifeq ($(COULDNT_READ_RELEASE_IMG), 0) $(error The image ${HNC_RELEASE_IMG} already exists. Force and overwrite this image by using HNC_FORCE_RELEASE=true) endif + +# Generate the Krew manifest and put it in manifests/. Note that 'manifests' must exist because +# krew-build calls krew-tar calls build calls manifests. +krew-build: krew-tar + cp hack/krew-kubectl-hns.yaml manifests/krew-kubectl-hns.yaml + sed -i 's/HNC_KREW_TAR_SHA256/${HNC_KREW_TAR_SHA256}/' manifests/krew-kubectl-hns.yaml + sed -i 's/HNC_IMG_TAG/${HNC_IMG_TAG}/' manifests/krew-kubectl-hns.yaml + sed -i 's/HNC_RELEASE_REPO_OWNER/${HNC_RELEASE_REPO_OWNER}/' manifests/krew-kubectl-hns.yaml + +# This needs to be separate from krew-build so that the HNC_KREW_TAR_SHA256 env +# var can be evaluated before the recipe starts running. +krew-tar: build + cp LICENSE bin/kubectl + tar -zcvf bin/kubectl-hns.tar.gz bin/kubectl + +# Install kubectl plugin locally using krew. +krew-install: krew-build + kubectl krew install --manifest=manifests/krew-kubectl-hns.yaml --archive=bin/kubectl-hns.tar.gz + +# Uninstall kubectl plugin locally using krew. +krew-uninstall: + -kubectl krew uninstall hns diff --git a/hack/krew-kubectl-hns.yaml b/hack/krew-kubectl-hns.yaml new file mode 100644 index 000000000..89565b495 --- /dev/null +++ b/hack/krew-kubectl-hns.yaml @@ -0,0 +1,96 @@ +apiVersion: krew.googlecontainertools.github.com/v1alpha2 +kind: Plugin +metadata: + name: hns +spec: + shortDescription: Manage hierarchical namespaces (part of HNC) + description: | + Manipulates hierarchical namespaces provided by the Hierarchical Namespace + Controller (HNC). + + HNC allows you to arrange your namespaces into hierarchies, which enables + two key benefits: + * Owners of parent namespaces can create policies that are enforced on + all descendant namespaces. + * Users without cluster-level permissions to create namespaces can create + restricted "subnamespaces" instead. + + HNC is controlled via regular Kubernetes objects, but this plugin makes it + easy to create subnamespaces, arrange regular (full) namespaces into + hierarchies, and configure HNC to propagate different kinds of objects. + version: HNC_IMG_TAG + caveats: | + This plugin works best if you have the most recent minor version of HNC on + your cluster. Get the latest version of HNC, as well as prior versions of + this plugin, at: + + https://github.com/kubernetes-sigs/hierarchical-namespaces + + Watch out for the following common misconceptions when using HNC: + + * Not all child namespaces are subnamespaces! + * Only RBAC Roles and RoleBindings are propagated by default, but you can configure more. + + The user guide contains much more information. + homepage: https://github.com/HNC_RELEASE_REPO_OWNER/hierarchical-namespaces/tree/master/docs/user-guide + platforms: + - uri: https://github.com/HNC_RELEASE_REPO_OWNER/hierarchical-namespaces/releases/download/HNC_IMG_TAG/kubectl-hns.tar.gz + selector: + matchLabels: + os: linux + arch: amd64 + sha256: HNC_KREW_TAR_SHA256 + files: + - from: "bin/kubectl/kubectl-hns_linux_amd64" + to: "." + - from: "bin/kubectl/LICENSE" + to: "." + bin: "./kubectl-hns_linux_amd64" + - uri: https://github.com/HNC_RELEASE_REPO_OWNER/hierarchical-namespaces/releases/download/HNC_IMG_TAG/kubectl-hns.tar.gz + selector: + matchLabels: + os: linux + arch: arm64 + sha256: HNC_KREW_TAR_SHA256 + files: + - from: "bin/kubectl/kubectl-hns_linux_arm64" + to: "." + - from: "bin/kubectl/LICENSE" + to: "." + bin: "./kubectl-hns_linux_arm64" + - uri: https://github.com/HNC_RELEASE_REPO_OWNER/hierarchical-namespaces/releases/download/HNC_IMG_TAG/kubectl-hns.tar.gz + selector: + matchLabels: + os: darwin + arch: amd64 + sha256: HNC_KREW_TAR_SHA256 + files: + - from: "bin/kubectl/kubectl-hns_darwin_amd64" + to: "." + - from: "bin/kubectl/LICENSE" + to: "." + bin: "./kubectl-hns_darwin_amd64" + - uri: https://github.com/HNC_RELEASE_REPO_OWNER/hierarchical-namespaces/releases/download/HNC_IMG_TAG/kubectl-hns.tar.gz + selector: + matchLabels: + os: darwin + arch: arm64 + sha256: HNC_KREW_TAR_SHA256 + files: + - from: "bin/kubectl/kubectl-hns_darwin_arm64" + to: "." + - from: "bin/kubectl/LICENSE" + to: "." + bin: "./kubectl-hns_darwin_arm64" + - uri: https://github.com/HNC_RELEASE_REPO_OWNER/hierarchical-namespaces/releases/download/HNC_IMG_TAG/kubectl-hns.tar.gz + selector: + matchLabels: + os: windows + arch: amd64 + sha256: HNC_KREW_TAR_SHA256 + files: + - from: "bin/kubectl/kubectl-hns_windows_amd64.exe" + to: "." + - from: "bin/kubectl/LICENSE" + to: "." + bin: "./kubectl-hns_windows_amd64.exe"