Skip to content

Bump: CRD API Version v1beta1=>v1, golang 1.14.7=>1.25 #45

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
mlajkim wants to merge 9 commits into
base: master
Choose a base branch
from
Open

Bump: CRD API Version v1beta1=>v1, golang 1.14.7=>1.25 #45

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
3bf3f0d
fix: deprecated/removed apiextensions.k8s.io/v1beta1
mlajkim Jan 10, 2026
bbc07f2
feat: docker version up
mlajkim Jan 10, 2026
df8457c
doc
mlajkim Jan 10, 2026
a133ffc
feat: no latest
mlajkim Jan 11, 2026
330dbe4
feat
mlajkim Jan 11, 2026
1f11140
remove: tzdata
mlajkim Jan 11, 2026
85e6fee
fix
mlajkim Jan 11, 2026
88e9321
fix: dont delete it
mlajkim Jan 11, 2026
78f9599
Update Dockerfile
mlajkim Jan 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 14 additions & 6 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1,24 @@
FROM golang:1.14.7 as builder
FROM golang:1.25-alpine AS builder

WORKDIR $GOPATH/src/github.com/yahoo/k8s-athenz-syncer
WORKDIR /workspace

COPY go.mod go.sum ./
RUN go mod download

COPY . .

RUN CGO_ENABLED=0 GOOS=linux go install ./... && \
go test ./...
RUN CGO_ENABLED=0 go test -v ./...
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-w -s" -o k8s-athenz-syncer .

FROM alpine:latest

RUN apk --update add ca-certificates
RUN apk --no-cache add ca-certificates

WORKDIR /
COPY --from=builder /workspace/k8s-athenz-syncer /usr/bin/k8s-athenz-syncer

COPY --from=builder /go/bin/k8s-athenz-syncer /usr/bin/k8s-athenz-syncer
# TODO: Consider using a non-root user for better security practices
# Run as a non-root user for security best practices
# USER 65532:65532

ENTRYPOINT ["/usr/bin/k8s-athenz-syncer"]
11 changes: 10 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,14 +123,23 @@ The Athenz Domain custom resource definition must be first created in order for
kubectl apply -f k8s/athenzdomain.yaml
```


#### K8s Namespace

The controller `k8s-athenz-syncer` must be deployed in a specific namespace. You can either use an existing namespace or create a new one. For this instruction, we will use the namespace `kube-yahoo`. Run the following command:

```sh
kubectl create ns kube-yahoo
```

#### Service Account
In order to tell SIA which service to provide an X.509 certificate to, a service account must be present. This is required for the controller to authenticate with ZMS for api calls. Run the following command:
```
kubectl apply -f k8s/serviceaccount.yaml
```
or
```
kubectl create serviceaccount k8s-athenz-syncer
kubectl create serviceaccount k8s-athenz-syncer -n kube-yahoo
```

#### ClusterRole and ClusterRoleBinding
Expand Down
12 changes: 10 additions & 2 deletions k8s/athenzdomain.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,18 @@
kind: CustomResourceDefinition
apiVersion: apiextensions.k8s.io/v1beta1
apiVersion: apiextensions.k8s.io/v1
metadata:
name: athenzdomains.athenz.io
spec:
group: athenz.io
version: v1
versions:
- name: v1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
# Ignore unknown fields in the AthenzDomain spec, as it could be a bit complex:
x-kubernetes-preserve-unknown-fields: true
scope: Cluster
names:
plural: athenzdomains
Expand Down
Loading