Add helm-controller and source-controller

This adds functions for the helm-controller and source-controller from
Flux v2 [0]. The helm-controller depends on the source-controller and
so this includes a composite to wrap both. These components replace the
Helm Operator, which is now removed from the gating setup. The Helm Operator
function itself will be removed after a suitable migration period.

This also adds a format for Helm chart and Helm repository sourcing
to the versions catalog.

[0]: https://fluxcd.github.io/flux2

Closes: #372

Change-Id: I7287f1bb5b1ebd1dba9920cc0bed8c867720b4c1
Signed-off-by: Sean Eagan <seaneagan1@gmail.com>
This commit is contained in:
Sean Eagan 2020-10-08 13:37:27 -05:00 committed by Dmitry Ukov
parent 9bf8802efd
commit 2ba6561854
35 changed files with 1499 additions and 27 deletions

View File

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../function/flux/base
- ../../function/flux/source-controller
- ../../function/flux/helm-controller

View File

@ -7,13 +7,13 @@ metadata:
labels:
airshipit.org/deploy-k8s: "false"
helm_repositories:
ingress-nginx:
url: https://kubernetes.github.io/ingress-nginx
charts:
dex:
# TODO: match this data to what is expected by helm-operator or image builder
location: TODO
reference: TODO
subpath: TODO
type: TODO
ingress-nginx:
chart: ingress-nginx
version: 3.5.1
files:
k8scontrol:
@ -60,5 +60,9 @@ images:
helm_operator:
helm_operator: # helm-operator Deployment
helm_operator: docker.io/fluxcd/helm-operator:1.2.0
flux:
helm_controller: # helm-controller Deployment
manager: ghcr.io/fluxcd/helm-controller:v0.2.0
source_controller: # source-controller Deployment
manager: ghcr.io/fluxcd/source-controller:v0.2.1
kubernetes: v1.18.6

View File

@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- rbac
- policies

View File

@ -0,0 +1,7 @@
apiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: v0.2.0
name: flux-system

View File

@ -0,0 +1,15 @@
# Only allow ingress from within the same namespace.
# Note: This will need to be opened up if Prometheus is running
# in a different namespace.
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: deny-ingress
namespace: flux-system
spec:
podSelector: {}
policyTypes:
- Ingress
ingress:
- from:
- podSelector: {}

View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deny-ingress.yaml

View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- role.yaml

View File

@ -0,0 +1,80 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: v0.2.0
name: crd-controller-flux-system
namespace: flux-system
rules:
- apiGroups:
- source.toolkit.fluxcd.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- kustomize.toolkit.fluxcd.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- helm.toolkit.fluxcd.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- notification.toolkit.fluxcd.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- ""
resources:
- configmaps
- configmaps/status
verbs:
- '*'
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: v0.2.0
name: crd-controller-flux-system
namespace: flux-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: crd-controller-flux-system
subjects:
- kind: ServiceAccount
name: default
namespace: flux-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: v0.2.0
name: cluster-reconciler-flux-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: default
namespace: flux-system

View File

@ -0,0 +1,374 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: v0.2.0
name: helmreleases.helm.toolkit.fluxcd.io
spec:
group: helm.toolkit.fluxcd.io
names:
kind: HelmRelease
listKind: HelmReleaseList
plural: helmreleases
shortNames:
- hr
singular: helmrelease
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v2beta1
schema:
openAPIV3Schema:
description: HelmRelease is the Schema for the helmreleases API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: HelmReleaseSpec defines the desired state of a Helm release.
properties:
chart:
description: Chart defines the template of the v1beta1.HelmChart that should be created for this HelmRelease.
properties:
spec:
description: Spec holds the template for the v1beta1.HelmChartSpec for this HelmRelease.
properties:
chart:
description: The name or path the Helm chart is available at in the SourceRef.
type: string
interval:
description: Interval at which to check the v1beta1.Source for updates. Defaults to 'HelmReleaseSpec.Interval'.
type: string
sourceRef:
description: The name and namespace of the v1beta1.Source the chart is available at.
properties:
apiVersion:
description: APIVersion of the referent.
type: string
kind:
description: Kind of the referent.
enum:
- HelmRepository
- GitRepository
- Bucket
type: string
name:
description: Name of the referent.
maxLength: 253
minLength: 1
type: string
namespace:
description: Namespace of the referent.
maxLength: 63
minLength: 1
type: string
required:
- name
type: object
valuesFile:
description: Alternative values file to use as the default chart values, expected to be a relative path in the SourceRef. Ignored when omitted.
type: string
version:
description: Version semver expression, ignored for charts from v1beta1.GitRepository and v1beta1.Bucket sources. Defaults to latest when omitted.
type: string
required:
- chart
- sourceRef
type: object
required:
- spec
type: object
dependsOn:
description: DependsOn may contain a dependency.CrossNamespaceDependencyReference slice with references to HelmRelease resources that must be ready before this HelmRelease can be reconciled.
items:
description: CrossNamespaceDependencyReference holds the reference to a dependency.
properties:
name:
description: Name holds the name reference of a dependency.
type: string
namespace:
description: Namespace holds the namespace reference of a dependency.
type: string
required:
- name
type: object
type: array
install:
description: Install holds the configuration for Helm install actions for this HelmRelease.
properties:
disableHooks:
description: DisableHooks prevents hooks from running during the Helm install action.
type: boolean
disableOpenAPIValidation:
description: DisableOpenAPIValidation prevents the Helm install action from validating rendered templates against the Kubernetes OpenAPI Schema.
type: boolean
disableWait:
description: DisableWait disables the waiting for resources to be ready after a Helm install has been performed.
type: boolean
remediation:
description: Remediation holds the remediation configuration for when the Helm install action for the HelmRelease fails. The default is to not perform any action.
properties:
ignoreTestFailures:
description: IgnoreTestFailures tells the controller to skip remediation when the Helm tests are run after an install action but fail. Defaults to 'Test.IgnoreFailures'.
type: boolean
remediateLastFailure:
description: RemediateLastFailure tells the controller to remediate the last failure, when no retries remain. Defaults to 'false'.
type: boolean
retries:
description: Retries is the number of retries that should be attempted on failures before bailing. Remediation, using an uninstall, is performed between each attempt. Defaults to '0', a negative integer equals to unlimited retries.
type: integer
type: object
replace:
description: Replace tells the Helm install action to re-use the 'ReleaseName', but only if that name is a deleted release which remains in the history.
type: boolean
skipCRDs:
description: SkipCRDs tells the Helm install action to not install any CRDs. By default, CRDs are installed if not already present.
type: boolean
timeout:
description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm install action. Defaults to 'HelmReleaseSpec.Timeout'.
type: string
type: object
interval:
description: Interval at which to reconcile the Helm release.
type: string
maxHistory:
description: MaxHistory is the number of revisions saved by Helm for this HelmRelease. Use '0' for an unlimited number of revisions; defaults to '10'.
type: integer
releaseName:
description: ReleaseName used for the Helm release. Defaults to a composition of '[TargetNamespace-]Name'.
maxLength: 53
minLength: 1
type: string
rollback:
description: Rollback holds the configuration for Helm rollback actions for this HelmRelease.
properties:
cleanupOnFail:
description: CleanupOnFail allows deletion of new resources created during the Helm rollback action when it fails.
type: boolean
disableHooks:
description: DisableHooks prevents hooks from running during the Helm rollback action.
type: boolean
disableWait:
description: DisableWait disables the waiting for resources to be ready after a Helm rollback has been performed.
type: boolean
force:
description: Force forces resource updates through a replacement strategy.
type: boolean
recreate:
description: Recreate performs pod restarts for the resource if applicable.
type: boolean
timeout:
description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'.
type: string
type: object
suspend:
description: Suspend tells the controller to suspend reconciliation for this HelmRelease, it does not apply to already started reconciliations. Defaults to false.
type: boolean
targetNamespace:
description: TargetNamespace to target when performing operations for the HelmRelease. Defaults to the namespace of the HelmRelease.
maxLength: 63
minLength: 1
type: string
test:
description: Test holds the configuration for Helm test actions for this HelmRelease.
properties:
enable:
description: Enable enables Helm test actions for this HelmRelease after an Helm install or upgrade action has been performed.
type: boolean
ignoreFailures:
description: IgnoreFailures tells the controller to skip remediation when the Helm tests are run but fail. Can be overwritten for tests run after install or upgrade actions in 'Install.IgnoreTestFailures' and 'Upgrade.IgnoreTestFailures'.
type: boolean
timeout:
description: Timeout is the time to wait for any individual Kubernetes operation during the performance of a Helm test action. Defaults to 'HelmReleaseSpec.Timeout'.
type: string
type: object
timeout:
description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm action. Defaults to '5m0s'.
type: string
uninstall:
description: Uninstall holds the configuration for Helm uninstall actions for this HelmRelease.
properties:
disableHooks:
description: DisableHooks prevents hooks from running during the Helm rollback action.
type: boolean
keepHistory:
description: KeepHistory tells Helm to remove all associated resources and mark the release as deleted, but retain the release history.
type: boolean
timeout:
description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'.
type: string
type: object
upgrade:
description: Upgrade holds the configuration for Helm upgrade actions for this HelmRelease.
properties:
cleanupOnFail:
description: CleanupOnFail allows deletion of new resources created during the Helm upgrade action when it fails.
type: boolean
disableHooks:
description: DisableHooks prevents hooks from running during the Helm upgrade action.
type: boolean
disableOpenAPIValidation:
description: DisableOpenAPIValidation prevents the Helm upgrade action from validating rendered templates against the Kubernetes OpenAPI Schema.
type: boolean
disableWait:
description: DisableWait disables the waiting for resources to be ready after a Helm upgrade has been performed.
type: boolean
force:
description: Force forces resource updates through a replacement strategy.
type: boolean
preserveValues:
description: PreserveValues will make Helm reuse the last release's values and merge in overrides from 'Values'. Setting this flag makes the HelmRelease non-declarative.
type: boolean
remediation:
description: Remediation holds the remediation configuration for when the Helm upgrade action for the HelmRelease fails. The default is to not perform any action.
properties:
ignoreTestFailures:
description: IgnoreTestFailures tells the controller to skip remediation when the Helm tests are run after an upgrade action but fail. Defaults to 'Test.IgnoreFailures'.
type: boolean
remediateLastFailure:
description: RemediateLastFailure tells the controller to remediate the last failure, when no retries remain. Defaults to 'false' unless 'Retries' is greater than 0.
type: boolean
retries:
description: Retries is the number of retries that should be attempted on failures before bailing. Remediation, using 'Strategy', is performed between each attempt. Defaults to '0', a negative integer equals to unlimited retries.
type: integer
strategy:
description: Strategy to use for failure remediation. Defaults to 'rollback'.
enum:
- rollback
- uninstall
type: string
type: object
timeout:
description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'.
type: string
type: object
values:
description: Values holds the values for this Helm release.
x-kubernetes-preserve-unknown-fields: true
valuesFrom:
description: ValuesFrom holds references to resources containing Helm values for this HelmRelease, and information about how they should be merged.
items:
description: ValuesReference contains a reference to a resource containing Helm values, and optionally the key they can be found at.
properties:
kind:
description: Kind of the values referent, valid values are ('Secret', 'ConfigMap').
enum:
- Secret
- ConfigMap
type: string
name:
description: Name of the values referent. Should reside in the same namespace as the referring resource.
maxLength: 253
minLength: 1
type: string
optional:
description: Optional marks this ValuesReference as optional. When set, a not found error for the values reference is ignored, but any ValuesKey, TargetPath or transient error will still result in a reconciliation failure.
type: boolean
targetPath:
description: TargetPath is the YAML dot notation path the value should be merged at. When set, the ValuesKey is expected to be a single flat value. Defaults to 'None', which results in the values getting merged at the root.
type: string
valuesKey:
description: ValuesKey is the data key where the values.yaml or a specific value can be found at. Defaults to 'values.yaml'.
type: string
required:
- kind
- name
type: object
type: array
required:
- chart
- interval
type: object
status:
description: HelmReleaseStatus defines the observed state of a HelmRelease.
properties:
conditions:
description: Conditions holds the conditions for the HelmRelease.
items:
description: Condition contains condition information of a toolkit resource.
properties:
lastTransitionTime:
description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
format: date-time
type: string
message:
description: Message is a human readable description of the details of the last transition, complementing reason.
type: string
reason:
description: Reason is a brief machine readable explanation for the condition's last transition.
type: string
status:
description: Status of the condition, one of ('True', 'False', 'Unknown').
type: string
type:
description: Type of the condition.
type: string
required:
- status
- type
type: object
type: array
failures:
description: Failures is the reconciliation failure count against the latest desired state. It is reset after a successful reconciliation.
format: int64
type: integer
helmChart:
description: HelmChart is the namespaced name of the HelmChart resource created by the controller for the HelmRelease.
type: string
installFailures:
description: InstallFailures is the install failure count against the latest desired state. It is reset after a successful reconciliation.
format: int64
type: integer
lastAppliedRevision:
description: LastAppliedRevision is the revision of the last successfully applied source.
type: string
lastAttemptedRevision:
description: LastAttemptedRevision is the revision of the last reconciliation attempt.
type: string
lastAttemptedValuesChecksum:
description: LastAttemptedValuesChecksum is the SHA1 checksum of the values of the last reconciliation attempt.
type: string
lastHandledReconcileAt:
description: LastHandledReconcileAt is the last manual reconciliation request (by annotating the HelmRelease) handled by the reconciler.
type: string
lastReleaseRevision:
description: LastReleaseRevision is the revision of the last successful Helm release.
type: integer
observedGeneration:
description: ObservedGeneration is the last observed generation.
format: int64
type: integer
upgradeFailures:
description: UpgradeFailures is the upgrade failure count against the latest desired state. It is reset after a successful reconciliation.
format: int64
type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmreleases.helm.toolkit.fluxcd.io.yaml

View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- crd
- manager

View File

@ -0,0 +1,64 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: v0.2.0
control-plane: controller
name: helm-controller
namespace: flux-system
spec:
replicas: 1
selector:
matchLabels:
app: helm-controller
template:
metadata:
annotations:
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
labels:
app: helm-controller
spec:
containers:
- args:
- --events-addr=
- --watch-all-namespaces=true
- --log-level=info
- --log-json
- --enable-leader-election
env:
- name: RUNTIME_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: ghcr.io/fluxcd/helm-controller:v0.1.3
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /metrics
port: http-prom
name: manager
ports:
- containerPort: 8080
name: http-prom
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 100m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /tmp
name: temp
nodeSelector:
kubernetes.io/arch: amd64
kubernetes.io/os: linux
terminationGracePeriodSeconds: 10
volumes:
- emptyDir: {}
name: temp

View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml

View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- versions.yaml

View File

@ -0,0 +1,20 @@
apiVersion: airshipit.org/v1alpha1
kind: ReplacementTransformer
metadata:
name: helm-controller-versions-replacements
annotations:
config.kubernetes.io/function: |-
container:
image: quay.io/airshipit/replacement-transformer:dev
replacements:
- source:
objref:
kind: VariableCatalogue
name: versions-airshipctl
fieldref: images.flux.helm_controller.manager
target:
objref:
kind: Deployment
name: helm-controller
fieldrefs: ["spec.template.spec.containers[name=manager].image"]

View File

@ -0,0 +1,158 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: v0.2.0
name: buckets.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
names:
kind: Bucket
listKind: BucketList
plural: buckets
singular: bucket
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.url
name: URL
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1beta1
schema:
openAPIV3Schema:
description: Bucket is the Schema for the buckets API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: BucketSpec defines the desired state of an S3 compatible bucket
properties:
bucketName:
description: The bucket name.
type: string
endpoint:
description: The bucket endpoint address.
type: string
ignore:
description: Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore).
type: string
insecure:
description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.
type: boolean
interval:
description: The interval at which to check for bucket updates.
type: string
provider:
description: The S3 compatible storage provider name, default ('generic').
enum:
- generic
- aws
type: string
region:
description: The bucket region.
type: string
secretRef:
description: The name of the secret containing authentication credentials for the Bucket.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
timeout:
description: The timeout for download operations, default ('20s').
type: string
required:
- bucketName
- endpoint
- interval
type: object
status:
description: BucketStatus defines the observed state of a bucket
properties:
artifact:
description: Artifact represents the output of the last successful Bucket sync.
properties:
checksum:
description: Checksum is the SHA1 checksum of the artifact.
type: string
lastUpdateTime:
description: LastUpdateTime is the timestamp corresponding to the last update of this artifact.
format: date-time
type: string
path:
description: Path is the relative file path of this artifact.
type: string
revision:
description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit sha, Git tag, a Helm index timestamp, a Helm chart version, etc.
type: string
url:
description: URL is the HTTP address of this artifact.
type: string
required:
- path
- url
type: object
conditions:
description: Conditions holds the conditions for the Bucket.
items:
description: Condition contains condition information of a toolkit resource.
properties:
lastTransitionTime:
description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
format: date-time
type: string
message:
description: Message is a human readable description of the details of the last transition, complementing reason.
type: string
reason:
description: Reason is a brief machine readable explanation for the condition's last transition.
type: string
status:
description: Status of the condition, one of ('True', 'False', 'Unknown').
type: string
type:
description: Type of the condition.
type: string
required:
- status
- type
type: object
type: array
observedGeneration:
description: ObservedGeneration is the last observed generation.
format: int64
type: integer
url:
description: URL is the download link for the artifact output of the last Bucket sync.
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

View File

@ -0,0 +1,177 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: v0.2.0
name: gitrepositories.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
names:
kind: GitRepository
listKind: GitRepositoryList
plural: gitrepositories
singular: gitrepository
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.url
name: URL
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1beta1
schema:
openAPIV3Schema:
description: GitRepository is the Schema for the gitrepositories API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: GitRepositorySpec defines the desired state of a Git repository.
properties:
ignore:
description: Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are.
type: string
interval:
description: The interval at which to check for repository updates.
type: string
ref:
description: The git reference to checkout and monitor for changes, defaults to master branch.
properties:
branch:
description: The git branch to checkout, defaults to master.
type: string
commit:
description: The git commit sha to checkout, if specified tag filters will be ignored.
type: string
semver:
description: The git tag semver expression, takes precedence over tag.
type: string
tag:
description: The git tag to checkout, takes precedence over branch.
type: string
type: object
secretRef:
description: The secret name containing the Git credentials. For HTTPS repositories the secret must contain username and password fields. For SSH repositories the secret must contain identity, identity.pub and known_hosts fields.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
timeout:
description: The timeout for remote git operations like cloning, default to 20s.
type: string
url:
description: The repository URL, can be a HTTP or SSH address.
pattern: ^(http|https|ssh)://
type: string
verify:
description: Verify OpenPGP signature for the commit that HEAD points to.
properties:
mode:
description: Mode describes what git object should be verified, currently ('head').
enum:
- head
type: string
secretRef:
description: The secret name containing the public keys of all trusted git authors.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
required:
- mode
type: object
required:
- interval
- url
type: object
status:
description: GitRepositoryStatus defines the observed state of a Git repository.
properties:
artifact:
description: Artifact represents the output of the last successful repository sync.
properties:
checksum:
description: Checksum is the SHA1 checksum of the artifact.
type: string
lastUpdateTime:
description: LastUpdateTime is the timestamp corresponding to the last update of this artifact.
format: date-time
type: string
path:
description: Path is the relative file path of this artifact.
type: string
revision:
description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit sha, Git tag, a Helm index timestamp, a Helm chart version, etc.
type: string
url:
description: URL is the HTTP address of this artifact.
type: string
required:
- path
- url
type: object
conditions:
description: Conditions holds the conditions for the GitRepository.
items:
description: Condition contains condition information of a toolkit resource.
properties:
lastTransitionTime:
description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
format: date-time
type: string
message:
description: Message is a human readable description of the details of the last transition, complementing reason.
type: string
reason:
description: Reason is a brief machine readable explanation for the condition's last transition.
type: string
status:
description: Status of the condition, one of ('True', 'False', 'Unknown').
type: string
type:
description: Type of the condition.
type: string
required:
- status
- type
type: object
type: array
observedGeneration:
description: ObservedGeneration is the last observed generation.
format: int64
type: integer
url:
description: URL is the download link for the artifact output of the last repository sync.
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

View File

@ -0,0 +1,165 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: v0.2.0
name: helmcharts.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
names:
kind: HelmChart
listKind: HelmChartList
plural: helmcharts
singular: helmchart
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.chart
name: Chart
type: string
- jsonPath: .spec.version
name: Version
type: string
- jsonPath: .spec.sourceRef.kind
name: Source Kind
type: string
- jsonPath: .spec.sourceRef.name
name: Source Name
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1beta1
schema:
openAPIV3Schema:
description: HelmChart is the Schema for the helmcharts API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: HelmChartSpec defines the desired state of a Helm chart.
properties:
chart:
description: The name or path the Helm chart is available at in the SourceRef.
type: string
interval:
description: The interval at which to check the Source for updates.
type: string
sourceRef:
description: The reference to the Source the chart is available at.
properties:
apiVersion:
description: APIVersion of the referent.
type: string
kind:
description: Kind of the referent, valid values are ('HelmRepository', 'GitRepository', 'Bucket').
enum:
- HelmRepository
- GitRepository
- Bucket
type: string
name:
description: Name of the referent.
type: string
required:
- kind
- name
type: object
valuesFile:
description: Alternative values file to use as the default chart values, expected to be a relative path in the SourceRef. Ignored when omitted.
type: string
version:
description: The chart version semver expression, ignored for charts from GitRepository and Bucket sources. Defaults to latest when omitted.
type: string
required:
- chart
- interval
- sourceRef
type: object
status:
description: HelmChartStatus defines the observed state of the HelmChart.
properties:
artifact:
description: Artifact represents the output of the last successful chart sync.
properties:
checksum:
description: Checksum is the SHA1 checksum of the artifact.
type: string
lastUpdateTime:
description: LastUpdateTime is the timestamp corresponding to the last update of this artifact.
format: date-time
type: string
path:
description: Path is the relative file path of this artifact.
type: string
revision:
description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit sha, Git tag, a Helm index timestamp, a Helm chart version, etc.
type: string
url:
description: URL is the HTTP address of this artifact.
type: string
required:
- path
- url
type: object
conditions:
description: Conditions holds the conditions for the HelmChart.
items:
description: Condition contains condition information of a toolkit resource.
properties:
lastTransitionTime:
description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
format: date-time
type: string
message:
description: Message is a human readable description of the details of the last transition, complementing reason.
type: string
reason:
description: Reason is a brief machine readable explanation for the condition's last transition.
type: string
status:
description: Status of the condition, one of ('True', 'False', 'Unknown').
type: string
type:
description: Type of the condition.
type: string
required:
- status
- type
type: object
type: array
observedGeneration:
description: ObservedGeneration is the last observed generation.
format: int64
type: integer
url:
description: URL is the download link for the last chart pulled.
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

View File

@ -0,0 +1,139 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: v0.2.0
name: helmrepositories.source.toolkit.fluxcd.io
spec:
group: source.toolkit.fluxcd.io
names:
kind: HelmRepository
listKind: HelmRepositoryList
plural: helmrepositories
singular: helmrepository
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.url
name: URL
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1beta1
schema:
openAPIV3Schema:
description: HelmRepository is the Schema for the helmrepositories API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: HelmRepositorySpec defines the reference to a Helm repository.
properties:
interval:
description: The interval at which to check the upstream for updates.
type: string
secretRef:
description: The name of the secret containing authentication credentials for the Helm repository. For HTTP/S basic auth the secret must contain username and password fields. For TLS the secret must contain caFile, keyFile and caCert fields.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
type: object
timeout:
description: The timeout of index downloading, defaults to 60s.
type: string
url:
description: The Helm repository URL, a valid URL contains at least a protocol and host.
type: string
required:
- interval
- url
type: object
status:
description: HelmRepositoryStatus defines the observed state of the HelmRepository.
properties:
artifact:
description: Artifact represents the output of the last successful repository sync.
properties:
checksum:
description: Checksum is the SHA1 checksum of the artifact.
type: string
lastUpdateTime:
description: LastUpdateTime is the timestamp corresponding to the last update of this artifact.
format: date-time
type: string
path:
description: Path is the relative file path of this artifact.
type: string
revision:
description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit sha, Git tag, a Helm index timestamp, a Helm chart version, etc.
type: string
url:
description: URL is the HTTP address of this artifact.
type: string
required:
- path
- url
type: object
conditions:
description: Conditions holds the conditions for the HelmRepository.
items:
description: Condition contains condition information of a toolkit resource.
properties:
lastTransitionTime:
description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
format: date-time
type: string
message:
description: Message is a human readable description of the details of the last transition, complementing reason.
type: string
reason:
description: Reason is a brief machine readable explanation for the condition's last transition.
type: string
status:
description: Status of the condition, one of ('True', 'False', 'Unknown').
type: string
type:
description: Type of the condition.
type: string
required:
- status
- type
type: object
type: array
observedGeneration:
description: ObservedGeneration is the last observed generation.
format: int64
type: integer
url:
description: URL is the download link for the last index fetched.
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

View File

@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- buckets.source.toolkit.fluxcd.io.yaml
- gitrepositories.source.toolkit.fluxcd.io.yaml
- helmcharts.source.toolkit.fluxcd.io.yaml
- helmrepositories.source.toolkit.fluxcd.io.yaml

View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- crd
- manager

View File

@ -0,0 +1,81 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: v0.2.0
control-plane: controller
name: source-controller
namespace: flux-system
spec:
replicas: 1
selector:
matchLabels:
app: source-controller
template:
metadata:
annotations:
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
labels:
app: source-controller
spec:
containers:
- args:
- --events-addr=
- --watch-all-namespaces=true
- --log-level=info
- --log-json
- --enable-leader-election
- --storage-path=/data
env:
- name: RUNTIME_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: http_proxy
value: REPLACEMENT_HTTP_PROXY
- name: https_proxy
value: REPLACEMENT_HTTPS_PROXY
- name: no_proxy
value: REPLACEMENT_NO_PROXY
image: ghcr.io/fluxcd/source-controller:v0.2.1
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /
port: http
name: manager
ports:
- containerPort: 9090
name: http
- containerPort: 8080
name: http-prom
readinessProbe:
httpGet:
path: /
port: http
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 50m
memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /data
name: data
- mountPath: /tmp
name: tmp
nodeSelector:
kubernetes.io/arch: amd64
kubernetes.io/os: linux
terminationGracePeriodSeconds: 10
volumes:
- emptyDir: {}
name: data
- emptyDir: {}
name: tmp

View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml
- service.yaml

View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/instance: flux-system
app.kubernetes.io/version: v0.2.0
control-plane: controller
name: source-controller
namespace: flux-system
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: http
selector:
app: source-controller
type: ClusterIP

View File

@ -0,0 +1,38 @@
# These rules inject env vars into the source-controller function.
apiVersion: airshipit.org/v1alpha1
kind: ReplacementTransformer
metadata:
name: source-controller-env-vars-replacements
annotations:
config.kubernetes.io/function: |-
container:
image: quay.io/airshipit/replacement-transformer:dev
replacements:
# Replace the proxy vars
- source:
objref:
name: env-vars-catalogue
fieldref: env.HTTP_PROXY
target:
objref:
kind: Deployment
name: source-controller
fieldrefs: ["spec.template.spec.containers[name=manager].env[name=http_proxy].value%REPLACEMENT_HTTP_PROXY%"]
- source:
objref:
name: env-vars-catalogue
fieldref: env.HTTPS_PROXY
target:
objref:
kind: Deployment
name: source-controller
fieldrefs: ["spec.template.spec.containers[name=manager].env[name=https_proxy].value%REPLACEMENT_HTTPS_PROXY%"]
- source:
objref:
name: env-vars-catalogue
fieldref: env.NO_PROXY
target:
objref:
kind: Deployment
name: source-controller
fieldrefs: ["spec.template.spec.containers[name=manager].env[name=no_proxy].value%REPLACEMENT_NO_PROXY%"]

View File

@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- env-vars.yaml
- versions.yaml

View File

@ -0,0 +1,20 @@
apiVersion: airshipit.org/v1alpha1
kind: ReplacementTransformer
metadata:
name: source-controller-versions-replacements
annotations:
config.kubernetes.io/function: |-
container:
image: quay.io/airshipit/replacement-transformer:dev
replacements:
- source:
objref:
kind: VariableCatalogue
name: versions-airshipctl
fieldref: images.flux.source_controller.manager
target:
objref:
kind: Deployment
name: source-controller
fieldrefs: ["spec.template.spec.containers[name=manager].image"]

View File

@ -1,7 +1,7 @@
resources:
- ../../../../function/baremetal-operator
- ../../../../function/clusterctl
- ../../../../function/helm-operator
- ../../../../composite/flux-helm
- ../../../../composite/infra
- ../catalogues
@ -11,4 +11,5 @@ commonLabels:
transformers:
- ../../../../composite/infra/replacements
- ../../../../function/baremetal-operator/replacements
- ../../../../function/helm-operator/replacements
- ../../../../function/flux/source-controller/replacements
- ../../../../function/flux/helm-controller/replacements

View File

@ -1,2 +1,5 @@
resources:
- ../../../../function/airshipctl-base-catalogues
- ../../../../type/gating/target/workload
transformers:
- ../../../../type/gating/target/workload/ingress/replacements

View File

@ -1,15 +1,16 @@
---
apiVersion: "helm.fluxcd.io/v1"
apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
kind: HelmRelease
metadata:
name: ingress
spec:
wait: true
timeout: 600
# This chart doesn't have any helm tests, but this still runs a noop
# helm test flow, to ensure we can do this.
test:
enable: true
chart:
spec:
chart: ingress-nginx
version: 3.5.1
sourceRef:
kind: HelmRepository
name: ingress-nginx
interval: 1m
values:
defaultBackend:
enabled: true
@ -24,7 +25,9 @@ spec:
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
chart:
repository: https://kubernetes.github.io/ingress-nginx
name: ingress-nginx
version: 3.5.1
# This chart doesn't have any helm tests, but this still runs a noop
# helm test flow, to ensure we can do this.
test:
enable: true
interval: 5m
timeout: 10m

View File

@ -0,0 +1,7 @@
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: HelmRepository
metadata:
name: ingress-nginx
spec:
url: https://kubernetes.github.io/ingress-nginx
interval: 10m

View File

@ -1,4 +1,5 @@
resources:
- namespace.yaml
- helmrepository.yaml
- helmrelease.yaml
namespace: ingress

View File

@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- versions.yaml

View File

@ -0,0 +1,39 @@
apiVersion: airshipit.org/v1alpha1
kind: ReplacementTransformer
metadata:
name: gating-ingress-versions-replacements
annotations:
config.kubernetes.io/function: |-
container:
image: quay.io/airshipit/replacement-transformer:dev
replacements:
- source:
objref:
kind: VariableCatalogue
name: versions-airshipctl
fieldref: helm_repositories.ingress-nginx.url
target:
objref:
kind: HelmRepository
name: ingress-nginx
fieldrefs: ["spec.url"]
- source:
objref:
kind: VariableCatalogue
name: versions-airshipctl
fieldref: charts.ingress-nginx.chart
target:
objref:
kind: HelmRelease
name: ingress
fieldrefs: ["spec.chart.spec.chart"]
- source:
objref:
kind: VariableCatalogue
name: versions-airshipctl
fieldref: charts.ingress-nginx.version
target:
objref:
kind: HelmRelease
name: ingress
fieldrefs: ["spec.chart.spec.version"]

View File

@ -24,11 +24,6 @@ export TARGET_PORT=${TARGET_PORT:-"30000"}
echo "Deploy workload"
airshipctl phase run workload-target --debug
# TODO: Remove this after migrating to HelmRelease v2 (helm-controller) which
# supports a Ready status condition, which `airshipctl phase run` above will consume.
echo "Waiting $TIMEOUT for HelmReleases to become ready."
kubectl --timeout $TIMEOUT --kubeconfig $KUBECONFIG --context $KUBECONFIG_TARGET_CONTEXT wait hr --for condition=released --all --all-namespaces
echo "Ensure we can reach ingress controller default backend"
if [ "404" != "$(curl --head --write-out '%{http_code}' --silent --output /dev/null $TARGET_IP:$TARGET_PORT/should-404)" ]; then
echo -e "\nFailed to reach ingress controller default backend."