Implement an RBAC-free machanism in the driver

Create a gRPC server in the controller to receive the status updates from the driver to avoid the RBAC for the driver Pod. - Add gRPC server in the controller - Use mTLS or TLS as the secured protocol - Update the driver to use the gRPC client to update the status Signed-off-by: Yihong Wang <yh.wang@ibm.com>
foundation-model-stack · Jul 3, 2024 · 0a59abf · 0a59abf
1 parent 757bb44
commit 0a59abf
Show file tree

Hide file tree

Showing 25 changed files with 1,491 additions and 241 deletions.
diff --git a/Makefile b/Makefile
@@ -111,6 +111,11 @@ docker-push: ## Push docker image with the manager.
 docker-push-driver: ## Push docker image with the manager.
 	$(CONTAINER_TOOL) push ${IMG_DRIVER}
 
+.PHONY: proto
+proto: ## generate GRPC client and server code
+	protoc --experimental_allow_proto3_optional --go_out=. --go_opt=paths=source_relative --go-grpc_out=. \
+		--go-grpc_opt=paths=source_relative backend/api/v1beta1/update_status.proto
+
 # PLATFORMS defines the target platforms for the manager image be built to provide support to multiple
 # architectures. (i.e. make docker-buildx IMG=myregistry/mypoperator:0.0.1). To use this option you need to:
 # - be able to use docker buildx. More info: https://docs.docker.com/build/buildx/

diff --git a/backend/api/v1beta1/update_status.pb.go b/backend/api/v1beta1/update_status.pb.go