Add helm-controller and source-controller
This adds functions for the helm-controller and source-controller from Flux v2 [0]. The helm-controller depends on the source-controller and so this includes a composite to wrap both. These components replace the Helm Operator, which is now removed from the gating setup. The Helm Operator function itself will be removed after a suitable migration period. This also adds a format for Helm chart and Helm repository sourcing to the versions catalog. [0]: https://fluxcd.github.io/flux2 Closes: #372 Change-Id: I7287f1bb5b1ebd1dba9920cc0bed8c867720b4c1 Signed-off-by: Sean Eagan <seaneagan1@gmail.com>
This commit is contained in:
parent
9bf8802efd
commit
2ba6561854
6
manifests/composite/flux-helm/kustomization.yaml
Normal file
6
manifests/composite/flux-helm/kustomization.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ../../function/flux/base
|
||||
- ../../function/flux/source-controller
|
||||
- ../../function/flux/helm-controller
|
@ -7,13 +7,13 @@ metadata:
|
||||
labels:
|
||||
airshipit.org/deploy-k8s: "false"
|
||||
|
||||
helm_repositories:
|
||||
ingress-nginx:
|
||||
url: https://kubernetes.github.io/ingress-nginx
|
||||
charts:
|
||||
dex:
|
||||
# TODO: match this data to what is expected by helm-operator or image builder
|
||||
location: TODO
|
||||
reference: TODO
|
||||
subpath: TODO
|
||||
type: TODO
|
||||
ingress-nginx:
|
||||
chart: ingress-nginx
|
||||
version: 3.5.1
|
||||
|
||||
files:
|
||||
k8scontrol:
|
||||
@ -60,5 +60,9 @@ images:
|
||||
helm_operator:
|
||||
helm_operator: # helm-operator Deployment
|
||||
helm_operator: docker.io/fluxcd/helm-operator:1.2.0
|
||||
|
||||
flux:
|
||||
helm_controller: # helm-controller Deployment
|
||||
manager: ghcr.io/fluxcd/helm-controller:v0.2.0
|
||||
source_controller: # source-controller Deployment
|
||||
manager: ghcr.io/fluxcd/source-controller:v0.2.1
|
||||
kubernetes: v1.18.6
|
||||
|
6
manifests/function/flux/base/kustomization.yaml
Normal file
6
manifests/function/flux/base/kustomization.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- rbac
|
||||
- policies
|
7
manifests/function/flux/base/namespace.yaml
Normal file
7
manifests/function/flux/base/namespace.yaml
Normal file
@ -0,0 +1,7 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/instance: flux-system
|
||||
app.kubernetes.io/version: v0.2.0
|
||||
name: flux-system
|
15
manifests/function/flux/base/policies/deny-ingress.yaml
Normal file
15
manifests/function/flux/base/policies/deny-ingress.yaml
Normal file
@ -0,0 +1,15 @@
|
||||
# Only allow ingress from within the same namespace.
|
||||
# Note: This will need to be opened up if Prometheus is running
|
||||
# in a different namespace.
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: deny-ingress
|
||||
namespace: flux-system
|
||||
spec:
|
||||
podSelector: {}
|
||||
policyTypes:
|
||||
- Ingress
|
||||
ingress:
|
||||
- from:
|
||||
- podSelector: {}
|
4
manifests/function/flux/base/policies/kustomization.yaml
Normal file
4
manifests/function/flux/base/policies/kustomization.yaml
Normal file
@ -0,0 +1,4 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- deny-ingress.yaml
|
4
manifests/function/flux/base/rbac/kustomization.yaml
Normal file
4
manifests/function/flux/base/rbac/kustomization.yaml
Normal file
@ -0,0 +1,4 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- role.yaml
|
80
manifests/function/flux/base/rbac/role.yaml
Normal file
80
manifests/function/flux/base/rbac/role.yaml
Normal file
@ -0,0 +1,80 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/instance: flux-system
|
||||
app.kubernetes.io/version: v0.2.0
|
||||
name: crd-controller-flux-system
|
||||
namespace: flux-system
|
||||
rules:
|
||||
- apiGroups:
|
||||
- source.toolkit.fluxcd.io
|
||||
resources:
|
||||
- '*'
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- kustomize.toolkit.fluxcd.io
|
||||
resources:
|
||||
- '*'
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- helm.toolkit.fluxcd.io
|
||||
resources:
|
||||
- '*'
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- notification.toolkit.fluxcd.io
|
||||
resources:
|
||||
- '*'
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
- configmaps/status
|
||||
verbs:
|
||||
- '*'
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- events
|
||||
verbs:
|
||||
- create
|
||||
- patch
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/instance: flux-system
|
||||
app.kubernetes.io/version: v0.2.0
|
||||
name: crd-controller-flux-system
|
||||
namespace: flux-system
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: crd-controller-flux-system
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: default
|
||||
namespace: flux-system
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/instance: flux-system
|
||||
app.kubernetes.io/version: v0.2.0
|
||||
name: cluster-reconciler-flux-system
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: cluster-admin
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: default
|
||||
namespace: flux-system
|
@ -0,0 +1,374 @@
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.3.0
|
||||
creationTimestamp: null
|
||||
labels:
|
||||
app.kubernetes.io/instance: flux-system
|
||||
app.kubernetes.io/version: v0.2.0
|
||||
name: helmreleases.helm.toolkit.fluxcd.io
|
||||
spec:
|
||||
group: helm.toolkit.fluxcd.io
|
||||
names:
|
||||
kind: HelmRelease
|
||||
listKind: HelmReleaseList
|
||||
plural: helmreleases
|
||||
shortNames:
|
||||
- hr
|
||||
singular: helmrelease
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- additionalPrinterColumns:
|
||||
- jsonPath: .status.conditions[?(@.type=="Ready")].status
|
||||
name: Ready
|
||||
type: string
|
||||
- jsonPath: .status.conditions[?(@.type=="Ready")].message
|
||||
name: Status
|
||||
type: string
|
||||
- jsonPath: .metadata.creationTimestamp
|
||||
name: Age
|
||||
type: date
|
||||
name: v2beta1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: HelmRelease is the Schema for the helmreleases API
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: HelmReleaseSpec defines the desired state of a Helm release.
|
||||
properties:
|
||||
chart:
|
||||
description: Chart defines the template of the v1beta1.HelmChart that should be created for this HelmRelease.
|
||||
properties:
|
||||
spec:
|
||||
description: Spec holds the template for the v1beta1.HelmChartSpec for this HelmRelease.
|
||||
properties:
|
||||
chart:
|
||||
description: The name or path the Helm chart is available at in the SourceRef.
|
||||
type: string
|
||||
interval:
|
||||
description: Interval at which to check the v1beta1.Source for updates. Defaults to 'HelmReleaseSpec.Interval'.
|
||||
type: string
|
||||
sourceRef:
|
||||
description: The name and namespace of the v1beta1.Source the chart is available at.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: APIVersion of the referent.
|
||||
type: string
|
||||
kind:
|
||||
description: Kind of the referent.
|
||||
enum:
|
||||
- HelmRepository
|
||||
- GitRepository
|
||||
- Bucket
|
||||
type: string
|
||||
name:
|
||||
description: Name of the referent.
|
||||
maxLength: 253
|
||||
minLength: 1
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace of the referent.
|
||||
maxLength: 63
|
||||
minLength: 1
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
valuesFile:
|
||||
description: Alternative values file to use as the default chart values, expected to be a relative path in the SourceRef. Ignored when omitted.
|
||||
type: string
|
||||
version:
|
||||
description: Version semver expression, ignored for charts from v1beta1.GitRepository and v1beta1.Bucket sources. Defaults to latest when omitted.
|
||||
type: string
|
||||
required:
|
||||
- chart
|
||||
- sourceRef
|
||||
type: object
|
||||
required:
|
||||
- spec
|
||||
type: object
|
||||
dependsOn:
|
||||
description: DependsOn may contain a dependency.CrossNamespaceDependencyReference slice with references to HelmRelease resources that must be ready before this HelmRelease can be reconciled.
|
||||
items:
|
||||
description: CrossNamespaceDependencyReference holds the reference to a dependency.
|
||||
properties:
|
||||
name:
|
||||
description: Name holds the name reference of a dependency.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace holds the namespace reference of a dependency.
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
install:
|
||||
description: Install holds the configuration for Helm install actions for this HelmRelease.
|
||||
properties:
|
||||
disableHooks:
|
||||
description: DisableHooks prevents hooks from running during the Helm install action.
|
||||
type: boolean
|
||||
disableOpenAPIValidation:
|
||||
description: DisableOpenAPIValidation prevents the Helm install action from validating rendered templates against the Kubernetes OpenAPI Schema.
|
||||
type: boolean
|
||||
disableWait:
|
||||
description: DisableWait disables the waiting for resources to be ready after a Helm install has been performed.
|
||||
type: boolean
|
||||
remediation:
|
||||
description: Remediation holds the remediation configuration for when the Helm install action for the HelmRelease fails. The default is to not perform any action.
|
||||
properties:
|
||||
ignoreTestFailures:
|
||||
description: IgnoreTestFailures tells the controller to skip remediation when the Helm tests are run after an install action but fail. Defaults to 'Test.IgnoreFailures'.
|
||||
type: boolean
|
||||
remediateLastFailure:
|
||||
description: RemediateLastFailure tells the controller to remediate the last failure, when no retries remain. Defaults to 'false'.
|
||||
type: boolean
|
||||
retries:
|
||||
description: Retries is the number of retries that should be attempted on failures before bailing. Remediation, using an uninstall, is performed between each attempt. Defaults to '0', a negative integer equals to unlimited retries.
|
||||
type: integer
|
||||
type: object
|
||||
replace:
|
||||
description: Replace tells the Helm install action to re-use the 'ReleaseName', but only if that name is a deleted release which remains in the history.
|
||||
type: boolean
|
||||
skipCRDs:
|
||||
description: SkipCRDs tells the Helm install action to not install any CRDs. By default, CRDs are installed if not already present.
|
||||
type: boolean
|
||||
timeout:
|
||||
description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm install action. Defaults to 'HelmReleaseSpec.Timeout'.
|
||||
type: string
|
||||
type: object
|
||||
interval:
|
||||
description: Interval at which to reconcile the Helm release.
|
||||
type: string
|
||||
maxHistory:
|
||||
description: MaxHistory is the number of revisions saved by Helm for this HelmRelease. Use '0' for an unlimited number of revisions; defaults to '10'.
|
||||
type: integer
|
||||
releaseName:
|
||||
description: ReleaseName used for the Helm release. Defaults to a composition of '[TargetNamespace-]Name'.
|
||||
maxLength: 53
|
||||
minLength: 1
|
||||
type: string
|
||||
rollback:
|
||||
description: Rollback holds the configuration for Helm rollback actions for this HelmRelease.
|
||||
properties:
|
||||
cleanupOnFail:
|
||||
description: CleanupOnFail allows deletion of new resources created during the Helm rollback action when it fails.
|
||||
type: boolean
|
||||
disableHooks:
|
||||
description: DisableHooks prevents hooks from running during the Helm rollback action.
|
||||
type: boolean
|
||||
disableWait:
|
||||
description: DisableWait disables the waiting for resources to be ready after a Helm rollback has been performed.
|
||||
type: boolean
|
||||
force:
|
||||
description: Force forces resource updates through a replacement strategy.
|
||||
type: boolean
|
||||
recreate:
|
||||
description: Recreate performs pod restarts for the resource if applicable.
|
||||
type: boolean
|
||||
timeout:
|
||||
description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'.
|
||||
type: string
|
||||
type: object
|
||||
suspend:
|
||||
description: Suspend tells the controller to suspend reconciliation for this HelmRelease, it does not apply to already started reconciliations. Defaults to false.
|
||||
type: boolean
|
||||
targetNamespace:
|
||||
description: TargetNamespace to target when performing operations for the HelmRelease. Defaults to the namespace of the HelmRelease.
|
||||
maxLength: 63
|
||||
minLength: 1
|
||||
type: string
|
||||
test:
|
||||
description: Test holds the configuration for Helm test actions for this HelmRelease.
|
||||
properties:
|
||||
enable:
|
||||
description: Enable enables Helm test actions for this HelmRelease after an Helm install or upgrade action has been performed.
|
||||
type: boolean
|
||||
ignoreFailures:
|
||||
description: IgnoreFailures tells the controller to skip remediation when the Helm tests are run but fail. Can be overwritten for tests run after install or upgrade actions in 'Install.IgnoreTestFailures' and 'Upgrade.IgnoreTestFailures'.
|
||||
type: boolean
|
||||
timeout:
|
||||
description: Timeout is the time to wait for any individual Kubernetes operation during the performance of a Helm test action. Defaults to 'HelmReleaseSpec.Timeout'.
|
||||
type: string
|
||||
type: object
|
||||
timeout:
|
||||
description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm action. Defaults to '5m0s'.
|
||||
type: string
|
||||
uninstall:
|
||||
description: Uninstall holds the configuration for Helm uninstall actions for this HelmRelease.
|
||||
properties:
|
||||
disableHooks:
|
||||
description: DisableHooks prevents hooks from running during the Helm rollback action.
|
||||
type: boolean
|
||||
keepHistory:
|
||||
description: KeepHistory tells Helm to remove all associated resources and mark the release as deleted, but retain the release history.
|
||||
type: boolean
|
||||
timeout:
|
||||
description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'.
|
||||
type: string
|
||||
type: object
|
||||
upgrade:
|
||||
description: Upgrade holds the configuration for Helm upgrade actions for this HelmRelease.
|
||||
properties:
|
||||
cleanupOnFail:
|
||||
description: CleanupOnFail allows deletion of new resources created during the Helm upgrade action when it fails.
|
||||
type: boolean
|
||||
disableHooks:
|
||||
description: DisableHooks prevents hooks from running during the Helm upgrade action.
|
||||
type: boolean
|
||||
disableOpenAPIValidation:
|
||||
description: DisableOpenAPIValidation prevents the Helm upgrade action from validating rendered templates against the Kubernetes OpenAPI Schema.
|
||||
type: boolean
|
||||
disableWait:
|
||||
description: DisableWait disables the waiting for resources to be ready after a Helm upgrade has been performed.
|
||||
type: boolean
|
||||
force:
|
||||
description: Force forces resource updates through a replacement strategy.
|
||||
type: boolean
|
||||
preserveValues:
|
||||
description: PreserveValues will make Helm reuse the last release's values and merge in overrides from 'Values'. Setting this flag makes the HelmRelease non-declarative.
|
||||
type: boolean
|
||||
remediation:
|
||||
description: Remediation holds the remediation configuration for when the Helm upgrade action for the HelmRelease fails. The default is to not perform any action.
|
||||
properties:
|
||||
ignoreTestFailures:
|
||||
description: IgnoreTestFailures tells the controller to skip remediation when the Helm tests are run after an upgrade action but fail. Defaults to 'Test.IgnoreFailures'.
|
||||
type: boolean
|
||||
remediateLastFailure:
|
||||
description: RemediateLastFailure tells the controller to remediate the last failure, when no retries remain. Defaults to 'false' unless 'Retries' is greater than 0.
|
||||
type: boolean
|
||||
retries:
|
||||
description: Retries is the number of retries that should be attempted on failures before bailing. Remediation, using 'Strategy', is performed between each attempt. Defaults to '0', a negative integer equals to unlimited retries.
|
||||
type: integer
|
||||
strategy:
|
||||
description: Strategy to use for failure remediation. Defaults to 'rollback'.
|
||||
enum:
|
||||
- rollback
|
||||
- uninstall
|
||||
type: string
|
||||
type: object
|
||||
timeout:
|
||||
description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'.
|
||||
type: string
|
||||
type: object
|
||||
values:
|
||||
description: Values holds the values for this Helm release.
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
valuesFrom:
|
||||
description: ValuesFrom holds references to resources containing Helm values for this HelmRelease, and information about how they should be merged.
|
||||
items:
|
||||
description: ValuesReference contains a reference to a resource containing Helm values, and optionally the key they can be found at.
|
||||
properties:
|
||||
kind:
|
||||
description: Kind of the values referent, valid values are ('Secret', 'ConfigMap').
|
||||
enum:
|
||||
- Secret
|
||||
- ConfigMap
|
||||
type: string
|
||||
name:
|
||||
description: Name of the values referent. Should reside in the same namespace as the referring resource.
|
||||
maxLength: 253
|
||||
minLength: 1
|
||||
type: string
|
||||
optional:
|
||||
description: Optional marks this ValuesReference as optional. When set, a not found error for the values reference is ignored, but any ValuesKey, TargetPath or transient error will still result in a reconciliation failure.
|
||||
type: boolean
|
||||
targetPath:
|
||||
description: TargetPath is the YAML dot notation path the value should be merged at. When set, the ValuesKey is expected to be a single flat value. Defaults to 'None', which results in the values getting merged at the root.
|
||||
type: string
|
||||
valuesKey:
|
||||
description: ValuesKey is the data key where the values.yaml or a specific value can be found at. Defaults to 'values.yaml'.
|
||||
type: string
|
||||
required:
|
||||
- kind
|
||||
- name
|
||||
type: object
|
||||
type: array
|
||||
required:
|
||||
- chart
|
||||
- interval
|
||||
type: object
|
||||
status:
|
||||
description: HelmReleaseStatus defines the observed state of a HelmRelease.
|
||||
properties:
|
||||
conditions:
|
||||
description: Conditions holds the conditions for the HelmRelease.
|
||||
items:
|
||||
description: Condition contains condition information of a toolkit resource.
|
||||
properties:
|
||||
lastTransitionTime:
|
||||
description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
|
||||
format: date-time
|
||||
type: string
|
||||
message:
|
||||
description: Message is a human readable description of the details of the last transition, complementing reason.
|
||||
type: string
|
||||
reason:
|
||||
description: Reason is a brief machine readable explanation for the condition's last transition.
|
||||
type: string
|
||||
status:
|
||||
description: Status of the condition, one of ('True', 'False', 'Unknown').
|
||||
type: string
|
||||
type:
|
||||
description: Type of the condition.
|
||||
type: string
|
||||
required:
|
||||
- status
|
||||
- type
|
||||
type: object
|
||||
type: array
|
||||
failures:
|
||||
description: Failures is the reconciliation failure count against the latest desired state. It is reset after a successful reconciliation.
|
||||
format: int64
|
||||
type: integer
|
||||
helmChart:
|
||||
description: HelmChart is the namespaced name of the HelmChart resource created by the controller for the HelmRelease.
|
||||
type: string
|
||||
installFailures:
|
||||
description: InstallFailures is the install failure count against the latest desired state. It is reset after a successful reconciliation.
|
||||
format: int64
|
||||
type: integer
|
||||
lastAppliedRevision:
|
||||
description: LastAppliedRevision is the revision of the last successfully applied source.
|
||||
type: string
|
||||
lastAttemptedRevision:
|
||||
description: LastAttemptedRevision is the revision of the last reconciliation attempt.
|
||||
type: string
|
||||
lastAttemptedValuesChecksum:
|
||||
description: LastAttemptedValuesChecksum is the SHA1 checksum of the values of the last reconciliation attempt.
|
||||
type: string
|
||||
lastHandledReconcileAt:
|
||||
description: LastHandledReconcileAt is the last manual reconciliation request (by annotating the HelmRelease) handled by the reconciler.
|
||||
type: string
|
||||
lastReleaseRevision:
|
||||
description: LastReleaseRevision is the revision of the last successful Helm release.
|
||||
type: integer
|
||||
observedGeneration:
|
||||
description: ObservedGeneration is the last observed generation.
|
||||
format: int64
|
||||
type: integer
|
||||
upgradeFailures:
|
||||
description: UpgradeFailures is the upgrade failure count against the latest desired state. It is reset after a successful reconciliation.
|
||||
format: int64
|
||||
type: integer
|
||||
type: object
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
@ -0,0 +1,4 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- helmreleases.helm.toolkit.fluxcd.io.yaml
|
@ -0,0 +1,5 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- crd
|
||||
- manager
|
@ -0,0 +1,64 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/instance: flux-system
|
||||
app.kubernetes.io/version: v0.2.0
|
||||
control-plane: controller
|
||||
name: helm-controller
|
||||
namespace: flux-system
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: helm-controller
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
prometheus.io/port: "8080"
|
||||
prometheus.io/scrape: "true"
|
||||
labels:
|
||||
app: helm-controller
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- --events-addr=
|
||||
- --watch-all-namespaces=true
|
||||
- --log-level=info
|
||||
- --log-json
|
||||
- --enable-leader-election
|
||||
env:
|
||||
- name: RUNTIME_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
image: ghcr.io/fluxcd/helm-controller:v0.1.3
|
||||
imagePullPolicy: IfNotPresent
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /metrics
|
||||
port: http-prom
|
||||
name: manager
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
name: http-prom
|
||||
resources:
|
||||
limits:
|
||||
cpu: 1000m
|
||||
memory: 1Gi
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 64Mi
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
volumeMounts:
|
||||
- mountPath: /tmp
|
||||
name: temp
|
||||
nodeSelector:
|
||||
kubernetes.io/arch: amd64
|
||||
kubernetes.io/os: linux
|
||||
terminationGracePeriodSeconds: 10
|
||||
volumes:
|
||||
- emptyDir: {}
|
||||
name: temp
|
@ -0,0 +1,4 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- deployment.yaml
|
@ -0,0 +1,4 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- versions.yaml
|
@ -0,0 +1,20 @@
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: ReplacementTransformer
|
||||
metadata:
|
||||
name: helm-controller-versions-replacements
|
||||
annotations:
|
||||
config.kubernetes.io/function: |-
|
||||
container:
|
||||
image: quay.io/airshipit/replacement-transformer:dev
|
||||
replacements:
|
||||
- source:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: versions-airshipctl
|
||||
fieldref: images.flux.helm_controller.manager
|
||||
target:
|
||||
objref:
|
||||
kind: Deployment
|
||||
name: helm-controller
|
||||
fieldrefs: ["spec.template.spec.containers[name=manager].image"]
|
||||
|
@ -0,0 +1,158 @@
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.3.0
|
||||
creationTimestamp: null
|
||||
labels:
|
||||
app.kubernetes.io/instance: flux-system
|
||||
app.kubernetes.io/version: v0.2.0
|
||||
name: buckets.source.toolkit.fluxcd.io
|
||||
spec:
|
||||
group: source.toolkit.fluxcd.io
|
||||
names:
|
||||
kind: Bucket
|
||||
listKind: BucketList
|
||||
plural: buckets
|
||||
singular: bucket
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- additionalPrinterColumns:
|
||||
- jsonPath: .spec.url
|
||||
name: URL
|
||||
type: string
|
||||
- jsonPath: .status.conditions[?(@.type=="Ready")].status
|
||||
name: Ready
|
||||
type: string
|
||||
- jsonPath: .status.conditions[?(@.type=="Ready")].message
|
||||
name: Status
|
||||
type: string
|
||||
- jsonPath: .metadata.creationTimestamp
|
||||
name: Age
|
||||
type: date
|
||||
name: v1beta1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: Bucket is the Schema for the buckets API
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: BucketSpec defines the desired state of an S3 compatible bucket
|
||||
properties:
|
||||
bucketName:
|
||||
description: The bucket name.
|
||||
type: string
|
||||
endpoint:
|
||||
description: The bucket endpoint address.
|
||||
type: string
|
||||
ignore:
|
||||
description: Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore).
|
||||
type: string
|
||||
insecure:
|
||||
description: Insecure allows connecting to a non-TLS S3 HTTP endpoint.
|
||||
type: boolean
|
||||
interval:
|
||||
description: The interval at which to check for bucket updates.
|
||||
type: string
|
||||
provider:
|
||||
description: The S3 compatible storage provider name, default ('generic').
|
||||
enum:
|
||||
- generic
|
||||
- aws
|
||||
type: string
|
||||
region:
|
||||
description: The bucket region.
|
||||
type: string
|
||||
secretRef:
|
||||
description: The name of the secret containing authentication credentials for the Bucket.
|
||||
properties:
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
type: object
|
||||
timeout:
|
||||
description: The timeout for download operations, default ('20s').
|
||||
type: string
|
||||
required:
|
||||
- bucketName
|
||||
- endpoint
|
||||
- interval
|
||||
type: object
|
||||
status:
|
||||
description: BucketStatus defines the observed state of a bucket
|
||||
properties:
|
||||
artifact:
|
||||
description: Artifact represents the output of the last successful Bucket sync.
|
||||
properties:
|
||||
checksum:
|
||||
description: Checksum is the SHA1 checksum of the artifact.
|
||||
type: string
|
||||
lastUpdateTime:
|
||||
description: LastUpdateTime is the timestamp corresponding to the last update of this artifact.
|
||||
format: date-time
|
||||
type: string
|
||||
path:
|
||||
description: Path is the relative file path of this artifact.
|
||||
type: string
|
||||
revision:
|
||||
description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit sha, Git tag, a Helm index timestamp, a Helm chart version, etc.
|
||||
type: string
|
||||
url:
|
||||
description: URL is the HTTP address of this artifact.
|
||||
type: string
|
||||
required:
|
||||
- path
|
||||
- url
|
||||
type: object
|
||||
conditions:
|
||||
description: Conditions holds the conditions for the Bucket.
|
||||
items:
|
||||
description: Condition contains condition information of a toolkit resource.
|
||||
properties:
|
||||
lastTransitionTime:
|
||||
description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
|
||||
format: date-time
|
||||
type: string
|
||||
message:
|
||||
description: Message is a human readable description of the details of the last transition, complementing reason.
|
||||
type: string
|
||||
reason:
|
||||
description: Reason is a brief machine readable explanation for the condition's last transition.
|
||||
type: string
|
||||
status:
|
||||
description: Status of the condition, one of ('True', 'False', 'Unknown').
|
||||
type: string
|
||||
type:
|
||||
description: Type of the condition.
|
||||
type: string
|
||||
required:
|
||||
- status
|
||||
- type
|
||||
type: object
|
||||
type: array
|
||||
observedGeneration:
|
||||
description: ObservedGeneration is the last observed generation.
|
||||
format: int64
|
||||
type: integer
|
||||
url:
|
||||
description: URL is the download link for the artifact output of the last Bucket sync.
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
@ -0,0 +1,177 @@
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.3.0
|
||||
creationTimestamp: null
|
||||
labels:
|
||||
app.kubernetes.io/instance: flux-system
|
||||
app.kubernetes.io/version: v0.2.0
|
||||
name: gitrepositories.source.toolkit.fluxcd.io
|
||||
spec:
|
||||
group: source.toolkit.fluxcd.io
|
||||
names:
|
||||
kind: GitRepository
|
||||
listKind: GitRepositoryList
|
||||
plural: gitrepositories
|
||||
singular: gitrepository
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- additionalPrinterColumns:
|
||||
- jsonPath: .spec.url
|
||||
name: URL
|
||||
type: string
|
||||
- jsonPath: .status.conditions[?(@.type=="Ready")].status
|
||||
name: Ready
|
||||
type: string
|
||||
- jsonPath: .status.conditions[?(@.type=="Ready")].message
|
||||
name: Status
|
||||
type: string
|
||||
- jsonPath: .metadata.creationTimestamp
|
||||
name: Age
|
||||
type: date
|
||||
name: v1beta1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: GitRepository is the Schema for the gitrepositories API
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: GitRepositorySpec defines the desired state of a Git repository.
|
||||
properties:
|
||||
ignore:
|
||||
description: Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are.
|
||||
type: string
|
||||
interval:
|
||||
description: The interval at which to check for repository updates.
|
||||
type: string
|
||||
ref:
|
||||
description: The git reference to checkout and monitor for changes, defaults to master branch.
|
||||
properties:
|
||||
branch:
|
||||
description: The git branch to checkout, defaults to master.
|
||||
type: string
|
||||
commit:
|
||||
description: The git commit sha to checkout, if specified tag filters will be ignored.
|
||||
type: string
|
||||
semver:
|
||||
description: The git tag semver expression, takes precedence over tag.
|
||||
type: string
|
||||
tag:
|
||||
description: The git tag to checkout, takes precedence over branch.
|
||||
type: string
|
||||
type: object
|
||||
secretRef:
|
||||
description: The secret name containing the Git credentials. For HTTPS repositories the secret must contain username and password fields. For SSH repositories the secret must contain identity, identity.pub and known_hosts fields.
|
||||
properties:
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
type: object
|
||||
timeout:
|
||||
description: The timeout for remote git operations like cloning, default to 20s.
|
||||
type: string
|
||||
url:
|
||||
description: The repository URL, can be a HTTP or SSH address.
|
||||
pattern: ^(http|https|ssh)://
|
||||
type: string
|
||||
verify:
|
||||
description: Verify OpenPGP signature for the commit that HEAD points to.
|
||||
properties:
|
||||
mode:
|
||||
description: Mode describes what git object should be verified, currently ('head').
|
||||
enum:
|
||||
- head
|
||||
type: string
|
||||
secretRef:
|
||||
description: The secret name containing the public keys of all trusted git authors.
|
||||
properties:
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
type: object
|
||||
required:
|
||||
- mode
|
||||
type: object
|
||||
required:
|
||||
- interval
|
||||
- url
|
||||
type: object
|
||||
status:
|
||||
description: GitRepositoryStatus defines the observed state of a Git repository.
|
||||
properties:
|
||||
artifact:
|
||||
description: Artifact represents the output of the last successful repository sync.
|
||||
properties:
|
||||
checksum:
|
||||
description: Checksum is the SHA1 checksum of the artifact.
|
||||
type: string
|
||||
lastUpdateTime:
|
||||
description: LastUpdateTime is the timestamp corresponding to the last update of this artifact.
|
||||
format: date-time
|
||||
type: string
|
||||
path:
|
||||
description: Path is the relative file path of this artifact.
|
||||
type: string
|
||||
revision:
|
||||
description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit sha, Git tag, a Helm index timestamp, a Helm chart version, etc.
|
||||
type: string
|
||||
url:
|
||||
description: URL is the HTTP address of this artifact.
|
||||
type: string
|
||||
required:
|
||||
- path
|
||||
- url
|
||||
type: object
|
||||
conditions:
|
||||
description: Conditions holds the conditions for the GitRepository.
|
||||
items:
|
||||
description: Condition contains condition information of a toolkit resource.
|
||||
properties:
|
||||
lastTransitionTime:
|
||||
description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
|
||||
format: date-time
|
||||
type: string
|
||||
message:
|
||||
description: Message is a human readable description of the details of the last transition, complementing reason.
|
||||
type: string
|
||||
reason:
|
||||
description: Reason is a brief machine readable explanation for the condition's last transition.
|
||||
type: string
|
||||
status:
|
||||
description: Status of the condition, one of ('True', 'False', 'Unknown').
|
||||
type: string
|
||||
type:
|
||||
description: Type of the condition.
|
||||
type: string
|
||||
required:
|
||||
- status
|
||||
- type
|
||||
type: object
|
||||
type: array
|
||||
observedGeneration:
|
||||
description: ObservedGeneration is the last observed generation.
|
||||
format: int64
|
||||
type: integer
|
||||
url:
|
||||
description: URL is the download link for the artifact output of the last repository sync.
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
@ -0,0 +1,165 @@
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.3.0
|
||||
creationTimestamp: null
|
||||
labels:
|
||||
app.kubernetes.io/instance: flux-system
|
||||
app.kubernetes.io/version: v0.2.0
|
||||
name: helmcharts.source.toolkit.fluxcd.io
|
||||
spec:
|
||||
group: source.toolkit.fluxcd.io
|
||||
names:
|
||||
kind: HelmChart
|
||||
listKind: HelmChartList
|
||||
plural: helmcharts
|
||||
singular: helmchart
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- additionalPrinterColumns:
|
||||
- jsonPath: .spec.chart
|
||||
name: Chart
|
||||
type: string
|
||||
- jsonPath: .spec.version
|
||||
name: Version
|
||||
type: string
|
||||
- jsonPath: .spec.sourceRef.kind
|
||||
name: Source Kind
|
||||
type: string
|
||||
- jsonPath: .spec.sourceRef.name
|
||||
name: Source Name
|
||||
type: string
|
||||
- jsonPath: .status.conditions[?(@.type=="Ready")].status
|
||||
name: Ready
|
||||
type: string
|
||||
- jsonPath: .status.conditions[?(@.type=="Ready")].message
|
||||
name: Status
|
||||
type: string
|
||||
- jsonPath: .metadata.creationTimestamp
|
||||
name: Age
|
||||
type: date
|
||||
name: v1beta1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: HelmChart is the Schema for the helmcharts API
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: HelmChartSpec defines the desired state of a Helm chart.
|
||||
properties:
|
||||
chart:
|
||||
description: The name or path the Helm chart is available at in the SourceRef.
|
||||
type: string
|
||||
interval:
|
||||
description: The interval at which to check the Source for updates.
|
||||
type: string
|
||||
sourceRef:
|
||||
description: The reference to the Source the chart is available at.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: APIVersion of the referent.
|
||||
type: string
|
||||
kind:
|
||||
description: Kind of the referent, valid values are ('HelmRepository', 'GitRepository', 'Bucket').
|
||||
enum:
|
||||
- HelmRepository
|
||||
- GitRepository
|
||||
- Bucket
|
||||
type: string
|
||||
name:
|
||||
description: Name of the referent.
|
||||
type: string
|
||||
required:
|
||||
- kind
|
||||
- name
|
||||
type: object
|
||||
valuesFile:
|
||||
description: Alternative values file to use as the default chart values, expected to be a relative path in the SourceRef. Ignored when omitted.
|
||||
type: string
|
||||
version:
|
||||
description: The chart version semver expression, ignored for charts from GitRepository and Bucket sources. Defaults to latest when omitted.
|
||||
type: string
|
||||
required:
|
||||
- chart
|
||||
- interval
|
||||
- sourceRef
|
||||
type: object
|
||||
status:
|
||||
description: HelmChartStatus defines the observed state of the HelmChart.
|
||||
properties:
|
||||
artifact:
|
||||
description: Artifact represents the output of the last successful chart sync.
|
||||
properties:
|
||||
checksum:
|
||||
description: Checksum is the SHA1 checksum of the artifact.
|
||||
type: string
|
||||
lastUpdateTime:
|
||||
description: LastUpdateTime is the timestamp corresponding to the last update of this artifact.
|
||||
format: date-time
|
||||
type: string
|
||||
path:
|
||||
description: Path is the relative file path of this artifact.
|
||||
type: string
|
||||
revision:
|
||||
description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit sha, Git tag, a Helm index timestamp, a Helm chart version, etc.
|
||||
type: string
|
||||
url:
|
||||
description: URL is the HTTP address of this artifact.
|
||||
type: string
|
||||
required:
|
||||
- path
|
||||
- url
|
||||
type: object
|
||||
conditions:
|
||||
description: Conditions holds the conditions for the HelmChart.
|
||||
items:
|
||||
description: Condition contains condition information of a toolkit resource.
|
||||
properties:
|
||||
lastTransitionTime:
|
||||
description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
|
||||
format: date-time
|
||||
type: string
|
||||
message:
|
||||
description: Message is a human readable description of the details of the last transition, complementing reason.
|
||||
type: string
|
||||
reason:
|
||||
description: Reason is a brief machine readable explanation for the condition's last transition.
|
||||
type: string
|
||||
status:
|
||||
description: Status of the condition, one of ('True', 'False', 'Unknown').
|
||||
type: string
|
||||
type:
|
||||
description: Type of the condition.
|
||||
type: string
|
||||
required:
|
||||
- status
|
||||
- type
|
||||
type: object
|
||||
type: array
|
||||
observedGeneration:
|
||||
description: ObservedGeneration is the last observed generation.
|
||||
format: int64
|
||||
type: integer
|
||||
url:
|
||||
description: URL is the download link for the last chart pulled.
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
@ -0,0 +1,139 @@
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.3.0
|
||||
creationTimestamp: null
|
||||
labels:
|
||||
app.kubernetes.io/instance: flux-system
|
||||
app.kubernetes.io/version: v0.2.0
|
||||
name: helmrepositories.source.toolkit.fluxcd.io
|
||||
spec:
|
||||
group: source.toolkit.fluxcd.io
|
||||
names:
|
||||
kind: HelmRepository
|
||||
listKind: HelmRepositoryList
|
||||
plural: helmrepositories
|
||||
singular: helmrepository
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- additionalPrinterColumns:
|
||||
- jsonPath: .spec.url
|
||||
name: URL
|
||||
type: string
|
||||
- jsonPath: .status.conditions[?(@.type=="Ready")].status
|
||||
name: Ready
|
||||
type: string
|
||||
- jsonPath: .status.conditions[?(@.type=="Ready")].message
|
||||
name: Status
|
||||
type: string
|
||||
- jsonPath: .metadata.creationTimestamp
|
||||
name: Age
|
||||
type: date
|
||||
name: v1beta1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: HelmRepository is the Schema for the helmrepositories API
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: HelmRepositorySpec defines the reference to a Helm repository.
|
||||
properties:
|
||||
interval:
|
||||
description: The interval at which to check the upstream for updates.
|
||||
type: string
|
||||
secretRef:
|
||||
description: The name of the secret containing authentication credentials for the Helm repository. For HTTP/S basic auth the secret must contain username and password fields. For TLS the secret must contain caFile, keyFile and caCert fields.
|
||||
properties:
|
||||
name:
|
||||
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?'
|
||||
type: string
|
||||
type: object
|
||||
timeout:
|
||||
description: The timeout of index downloading, defaults to 60s.
|
||||
type: string
|
||||
url:
|
||||
description: The Helm repository URL, a valid URL contains at least a protocol and host.
|
||||
type: string
|
||||
required:
|
||||
- interval
|
||||
- url
|
||||
type: object
|
||||
status:
|
||||
description: HelmRepositoryStatus defines the observed state of the HelmRepository.
|
||||
properties:
|
||||
artifact:
|
||||
description: Artifact represents the output of the last successful repository sync.
|
||||
properties:
|
||||
checksum:
|
||||
description: Checksum is the SHA1 checksum of the artifact.
|
||||
type: string
|
||||
lastUpdateTime:
|
||||
description: LastUpdateTime is the timestamp corresponding to the last update of this artifact.
|
||||
format: date-time
|
||||
type: string
|
||||
path:
|
||||
description: Path is the relative file path of this artifact.
|
||||
type: string
|
||||
revision:
|
||||
description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit sha, Git tag, a Helm index timestamp, a Helm chart version, etc.
|
||||
type: string
|
||||
url:
|
||||
description: URL is the HTTP address of this artifact.
|
||||
type: string
|
||||
required:
|
||||
- path
|
||||
- url
|
||||
type: object
|
||||
conditions:
|
||||
description: Conditions holds the conditions for the HelmRepository.
|
||||
items:
|
||||
description: Condition contains condition information of a toolkit resource.
|
||||
properties:
|
||||
lastTransitionTime:
|
||||
description: LastTransitionTime is the timestamp corresponding to the last status change of this condition.
|
||||
format: date-time
|
||||
type: string
|
||||
message:
|
||||
description: Message is a human readable description of the details of the last transition, complementing reason.
|
||||
type: string
|
||||
reason:
|
||||
description: Reason is a brief machine readable explanation for the condition's last transition.
|
||||
type: string
|
||||
status:
|
||||
description: Status of the condition, one of ('True', 'False', 'Unknown').
|
||||
type: string
|
||||
type:
|
||||
description: Type of the condition.
|
||||
type: string
|
||||
required:
|
||||
- status
|
||||
- type
|
||||
type: object
|
||||
type: array
|
||||
observedGeneration:
|
||||
description: ObservedGeneration is the last observed generation.
|
||||
format: int64
|
||||
type: integer
|
||||
url:
|
||||
description: URL is the download link for the last index fetched.
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
status:
|
||||
acceptedNames:
|
||||
kind: ""
|
||||
plural: ""
|
||||
conditions: []
|
||||
storedVersions: []
|
@ -0,0 +1,7 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- buckets.source.toolkit.fluxcd.io.yaml
|
||||
- gitrepositories.source.toolkit.fluxcd.io.yaml
|
||||
- helmcharts.source.toolkit.fluxcd.io.yaml
|
||||
- helmrepositories.source.toolkit.fluxcd.io.yaml
|
@ -0,0 +1,5 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- crd
|
||||
- manager
|
@ -0,0 +1,81 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/instance: flux-system
|
||||
app.kubernetes.io/version: v0.2.0
|
||||
control-plane: controller
|
||||
name: source-controller
|
||||
namespace: flux-system
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: source-controller
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
prometheus.io/port: "8080"
|
||||
prometheus.io/scrape: "true"
|
||||
labels:
|
||||
app: source-controller
|
||||
spec:
|
||||
containers:
|
||||
- args:
|
||||
- --events-addr=
|
||||
- --watch-all-namespaces=true
|
||||
- --log-level=info
|
||||
- --log-json
|
||||
- --enable-leader-election
|
||||
- --storage-path=/data
|
||||
env:
|
||||
- name: RUNTIME_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: http_proxy
|
||||
value: REPLACEMENT_HTTP_PROXY
|
||||
- name: https_proxy
|
||||
value: REPLACEMENT_HTTPS_PROXY
|
||||
- name: no_proxy
|
||||
value: REPLACEMENT_NO_PROXY
|
||||
image: ghcr.io/fluxcd/source-controller:v0.2.1
|
||||
imagePullPolicy: IfNotPresent
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: http
|
||||
name: manager
|
||||
ports:
|
||||
- containerPort: 9090
|
||||
name: http
|
||||
- containerPort: 8080
|
||||
name: http-prom
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: http
|
||||
resources:
|
||||
limits:
|
||||
cpu: 1000m
|
||||
memory: 1Gi
|
||||
requests:
|
||||
cpu: 50m
|
||||
memory: 64Mi
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
volumeMounts:
|
||||
- mountPath: /data
|
||||
name: data
|
||||
- mountPath: /tmp
|
||||
name: tmp
|
||||
nodeSelector:
|
||||
kubernetes.io/arch: amd64
|
||||
kubernetes.io/os: linux
|
||||
terminationGracePeriodSeconds: 10
|
||||
volumes:
|
||||
- emptyDir: {}
|
||||
name: data
|
||||
- emptyDir: {}
|
||||
name: tmp
|
@ -0,0 +1,5 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- deployment.yaml
|
||||
- service.yaml
|
@ -0,0 +1,18 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/instance: flux-system
|
||||
app.kubernetes.io/version: v0.2.0
|
||||
control-plane: controller
|
||||
name: source-controller
|
||||
namespace: flux-system
|
||||
spec:
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
protocol: TCP
|
||||
targetPort: http
|
||||
selector:
|
||||
app: source-controller
|
||||
type: ClusterIP
|
@ -0,0 +1,38 @@
|
||||
# These rules inject env vars into the source-controller function.
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: ReplacementTransformer
|
||||
metadata:
|
||||
name: source-controller-env-vars-replacements
|
||||
annotations:
|
||||
config.kubernetes.io/function: |-
|
||||
container:
|
||||
image: quay.io/airshipit/replacement-transformer:dev
|
||||
replacements:
|
||||
# Replace the proxy vars
|
||||
- source:
|
||||
objref:
|
||||
name: env-vars-catalogue
|
||||
fieldref: env.HTTP_PROXY
|
||||
target:
|
||||
objref:
|
||||
kind: Deployment
|
||||
name: source-controller
|
||||
fieldrefs: ["spec.template.spec.containers[name=manager].env[name=http_proxy].value%REPLACEMENT_HTTP_PROXY%"]
|
||||
- source:
|
||||
objref:
|
||||
name: env-vars-catalogue
|
||||
fieldref: env.HTTPS_PROXY
|
||||
target:
|
||||
objref:
|
||||
kind: Deployment
|
||||
name: source-controller
|
||||
fieldrefs: ["spec.template.spec.containers[name=manager].env[name=https_proxy].value%REPLACEMENT_HTTPS_PROXY%"]
|
||||
- source:
|
||||
objref:
|
||||
name: env-vars-catalogue
|
||||
fieldref: env.NO_PROXY
|
||||
target:
|
||||
objref:
|
||||
kind: Deployment
|
||||
name: source-controller
|
||||
fieldrefs: ["spec.template.spec.containers[name=manager].env[name=no_proxy].value%REPLACEMENT_NO_PROXY%"]
|
@ -0,0 +1,5 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- env-vars.yaml
|
||||
- versions.yaml
|
@ -0,0 +1,20 @@
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: ReplacementTransformer
|
||||
metadata:
|
||||
name: source-controller-versions-replacements
|
||||
annotations:
|
||||
config.kubernetes.io/function: |-
|
||||
container:
|
||||
image: quay.io/airshipit/replacement-transformer:dev
|
||||
replacements:
|
||||
- source:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: versions-airshipctl
|
||||
fieldref: images.flux.source_controller.manager
|
||||
target:
|
||||
objref:
|
||||
kind: Deployment
|
||||
name: source-controller
|
||||
fieldrefs: ["spec.template.spec.containers[name=manager].image"]
|
||||
|
@ -1,7 +1,7 @@
|
||||
resources:
|
||||
- ../../../../function/baremetal-operator
|
||||
- ../../../../function/clusterctl
|
||||
- ../../../../function/helm-operator
|
||||
- ../../../../composite/flux-helm
|
||||
- ../../../../composite/infra
|
||||
- ../catalogues
|
||||
|
||||
@ -11,4 +11,5 @@ commonLabels:
|
||||
transformers:
|
||||
- ../../../../composite/infra/replacements
|
||||
- ../../../../function/baremetal-operator/replacements
|
||||
- ../../../../function/helm-operator/replacements
|
||||
- ../../../../function/flux/source-controller/replacements
|
||||
- ../../../../function/flux/helm-controller/replacements
|
||||
|
@ -1,2 +1,5 @@
|
||||
resources:
|
||||
- ../../../../function/airshipctl-base-catalogues
|
||||
- ../../../../type/gating/target/workload
|
||||
transformers:
|
||||
- ../../../../type/gating/target/workload/ingress/replacements
|
@ -1,15 +1,16 @@
|
||||
---
|
||||
apiVersion: "helm.fluxcd.io/v1"
|
||||
apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
name: ingress
|
||||
spec:
|
||||
wait: true
|
||||
timeout: 600
|
||||
# This chart doesn't have any helm tests, but this still runs a noop
|
||||
# helm test flow, to ensure we can do this.
|
||||
test:
|
||||
enable: true
|
||||
chart:
|
||||
spec:
|
||||
chart: ingress-nginx
|
||||
version: 3.5.1
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: ingress-nginx
|
||||
interval: 1m
|
||||
values:
|
||||
defaultBackend:
|
||||
enabled: true
|
||||
@ -24,7 +25,9 @@ spec:
|
||||
tolerations:
|
||||
- key: node-role.kubernetes.io/master
|
||||
effect: NoSchedule
|
||||
chart:
|
||||
repository: https://kubernetes.github.io/ingress-nginx
|
||||
name: ingress-nginx
|
||||
version: 3.5.1
|
||||
# This chart doesn't have any helm tests, but this still runs a noop
|
||||
# helm test flow, to ensure we can do this.
|
||||
test:
|
||||
enable: true
|
||||
interval: 5m
|
||||
timeout: 10m
|
||||
|
@ -0,0 +1,7 @@
|
||||
apiVersion: source.toolkit.fluxcd.io/v1beta1
|
||||
kind: HelmRepository
|
||||
metadata:
|
||||
name: ingress-nginx
|
||||
spec:
|
||||
url: https://kubernetes.github.io/ingress-nginx
|
||||
interval: 10m
|
@ -1,4 +1,5 @@
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- helmrepository.yaml
|
||||
- helmrelease.yaml
|
||||
namespace: ingress
|
||||
|
@ -0,0 +1,4 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- versions.yaml
|
@ -0,0 +1,39 @@
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: ReplacementTransformer
|
||||
metadata:
|
||||
name: gating-ingress-versions-replacements
|
||||
annotations:
|
||||
config.kubernetes.io/function: |-
|
||||
container:
|
||||
image: quay.io/airshipit/replacement-transformer:dev
|
||||
replacements:
|
||||
- source:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: versions-airshipctl
|
||||
fieldref: helm_repositories.ingress-nginx.url
|
||||
target:
|
||||
objref:
|
||||
kind: HelmRepository
|
||||
name: ingress-nginx
|
||||
fieldrefs: ["spec.url"]
|
||||
- source:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: versions-airshipctl
|
||||
fieldref: charts.ingress-nginx.chart
|
||||
target:
|
||||
objref:
|
||||
kind: HelmRelease
|
||||
name: ingress
|
||||
fieldrefs: ["spec.chart.spec.chart"]
|
||||
- source:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: versions-airshipctl
|
||||
fieldref: charts.ingress-nginx.version
|
||||
target:
|
||||
objref:
|
||||
kind: HelmRelease
|
||||
name: ingress
|
||||
fieldrefs: ["spec.chart.spec.version"]
|
@ -24,11 +24,6 @@ export TARGET_PORT=${TARGET_PORT:-"30000"}
|
||||
echo "Deploy workload"
|
||||
airshipctl phase run workload-target --debug
|
||||
|
||||
# TODO: Remove this after migrating to HelmRelease v2 (helm-controller) which
|
||||
# supports a Ready status condition, which `airshipctl phase run` above will consume.
|
||||
echo "Waiting $TIMEOUT for HelmReleases to become ready."
|
||||
kubectl --timeout $TIMEOUT --kubeconfig $KUBECONFIG --context $KUBECONFIG_TARGET_CONTEXT wait hr --for condition=released --all --all-namespaces
|
||||
|
||||
echo "Ensure we can reach ingress controller default backend"
|
||||
if [ "404" != "$(curl --head --write-out '%{http_code}' --silent --output /dev/null $TARGET_IP:$TARGET_PORT/should-404)" ]; then
|
||||
echo -e "\nFailed to reach ingress controller default backend."
|
||||
|
Loading…
Reference in New Issue
Block a user