From 2ba6561854cd8dfb3098bef9e52208fe861d9e32 Mon Sep 17 00:00:00 2001 From: Sean Eagan Date: Thu, 8 Oct 2020 13:37:27 -0500 Subject: [PATCH] Add helm-controller and source-controller This adds functions for the helm-controller and source-controller from Flux v2 [0]. The helm-controller depends on the source-controller and so this includes a composite to wrap both. These components replace the Helm Operator, which is now removed from the gating setup. The Helm Operator function itself will be removed after a suitable migration period. This also adds a format for Helm chart and Helm repository sourcing to the versions catalog. [0]: https://fluxcd.github.io/flux2 Closes: #372 Change-Id: I7287f1bb5b1ebd1dba9920cc0bed8c867720b4c1 Signed-off-by: Sean Eagan --- .../composite/flux-helm/kustomization.yaml | 6 + .../versions-airshipctl.yaml | 18 +- .../function/flux/base/kustomization.yaml | 6 + manifests/function/flux/base/namespace.yaml | 7 + .../flux/base/policies/deny-ingress.yaml | 15 + .../flux/base/policies/kustomization.yaml | 4 + .../flux/base/rbac/kustomization.yaml | 4 + manifests/function/flux/base/rbac/role.yaml | 80 ++++ .../helmreleases.helm.toolkit.fluxcd.io.yaml | 374 ++++++++++++++++++ .../helm-controller/crd/kustomization.yaml | 4 + .../flux/helm-controller/kustomization.yaml | 5 + .../helm-controller/manager/deployment.yaml | 64 +++ .../manager/kustomization.yaml | 4 + .../replacements/kustomization.yaml | 4 + .../replacements/versions.yaml | 20 + .../crd/buckets.source.toolkit.fluxcd.io.yaml | 158 ++++++++ ...repositories.source.toolkit.fluxcd.io.yaml | 177 +++++++++ .../helmcharts.source.toolkit.fluxcd.io.yaml | 165 ++++++++ ...repositories.source.toolkit.fluxcd.io.yaml | 139 +++++++ .../source-controller/crd/kustomization.yaml | 7 + .../flux/source-controller/kustomization.yaml | 5 + .../source-controller/manager/deployment.yaml | 81 ++++ .../manager/kustomization.yaml | 5 + .../source-controller/manager/service.yaml | 18 + .../replacements/env-vars.yaml | 38 ++ .../replacements/kustomization.yaml | 5 + .../replacements/versions.yaml | 20 + .../target/initinfra/kustomization.yaml | 5 +- .../target/workload/kustomization.yaml | 3 + .../target/workload/ingress/helmrelease.yaml | 27 +- .../workload/ingress/helmrepository.yaml | 7 + .../workload/ingress/kustomization.yaml | 1 + .../ingress/replacements/kustomization.yaml | 4 + .../ingress/replacements/versions.yaml | 39 ++ tools/deployment/35_deploy_workload.sh | 7 +- 35 files changed, 1499 insertions(+), 27 deletions(-) create mode 100644 manifests/composite/flux-helm/kustomization.yaml create mode 100644 manifests/function/flux/base/kustomization.yaml create mode 100644 manifests/function/flux/base/namespace.yaml create mode 100644 manifests/function/flux/base/policies/deny-ingress.yaml create mode 100644 manifests/function/flux/base/policies/kustomization.yaml create mode 100644 manifests/function/flux/base/rbac/kustomization.yaml create mode 100644 manifests/function/flux/base/rbac/role.yaml create mode 100644 manifests/function/flux/helm-controller/crd/helmreleases.helm.toolkit.fluxcd.io.yaml create mode 100644 manifests/function/flux/helm-controller/crd/kustomization.yaml create mode 100644 manifests/function/flux/helm-controller/kustomization.yaml create mode 100644 manifests/function/flux/helm-controller/manager/deployment.yaml create mode 100644 manifests/function/flux/helm-controller/manager/kustomization.yaml create mode 100644 manifests/function/flux/helm-controller/replacements/kustomization.yaml create mode 100644 manifests/function/flux/helm-controller/replacements/versions.yaml create mode 100644 manifests/function/flux/source-controller/crd/buckets.source.toolkit.fluxcd.io.yaml create mode 100644 manifests/function/flux/source-controller/crd/gitrepositories.source.toolkit.fluxcd.io.yaml create mode 100644 manifests/function/flux/source-controller/crd/helmcharts.source.toolkit.fluxcd.io.yaml create mode 100644 manifests/function/flux/source-controller/crd/helmrepositories.source.toolkit.fluxcd.io.yaml create mode 100644 manifests/function/flux/source-controller/crd/kustomization.yaml create mode 100644 manifests/function/flux/source-controller/kustomization.yaml create mode 100644 manifests/function/flux/source-controller/manager/deployment.yaml create mode 100644 manifests/function/flux/source-controller/manager/kustomization.yaml create mode 100644 manifests/function/flux/source-controller/manager/service.yaml create mode 100644 manifests/function/flux/source-controller/replacements/env-vars.yaml create mode 100644 manifests/function/flux/source-controller/replacements/kustomization.yaml create mode 100644 manifests/function/flux/source-controller/replacements/versions.yaml create mode 100644 manifests/type/gating/target/workload/ingress/helmrepository.yaml create mode 100644 manifests/type/gating/target/workload/ingress/replacements/kustomization.yaml create mode 100644 manifests/type/gating/target/workload/ingress/replacements/versions.yaml diff --git a/manifests/composite/flux-helm/kustomization.yaml b/manifests/composite/flux-helm/kustomization.yaml new file mode 100644 index 000000000..3e8cbdcb4 --- /dev/null +++ b/manifests/composite/flux-helm/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../../function/flux/base + - ../../function/flux/source-controller + - ../../function/flux/helm-controller diff --git a/manifests/function/airshipctl-base-catalogues/versions-airshipctl.yaml b/manifests/function/airshipctl-base-catalogues/versions-airshipctl.yaml index f17ec0f47..ea07c3cdb 100644 --- a/manifests/function/airshipctl-base-catalogues/versions-airshipctl.yaml +++ b/manifests/function/airshipctl-base-catalogues/versions-airshipctl.yaml @@ -7,13 +7,13 @@ metadata: labels: airshipit.org/deploy-k8s: "false" +helm_repositories: + ingress-nginx: + url: https://kubernetes.github.io/ingress-nginx charts: - dex: - # TODO: match this data to what is expected by helm-operator or image builder - location: TODO - reference: TODO - subpath: TODO - type: TODO + ingress-nginx: + chart: ingress-nginx + version: 3.5.1 files: k8scontrol: @@ -60,5 +60,9 @@ images: helm_operator: helm_operator: # helm-operator Deployment helm_operator: docker.io/fluxcd/helm-operator:1.2.0 - + flux: + helm_controller: # helm-controller Deployment + manager: ghcr.io/fluxcd/helm-controller:v0.2.0 + source_controller: # source-controller Deployment + manager: ghcr.io/fluxcd/source-controller:v0.2.1 kubernetes: v1.18.6 diff --git a/manifests/function/flux/base/kustomization.yaml b/manifests/function/flux/base/kustomization.yaml new file mode 100644 index 000000000..eb15e0620 --- /dev/null +++ b/manifests/function/flux/base/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - namespace.yaml + - rbac + - policies diff --git a/manifests/function/flux/base/namespace.yaml b/manifests/function/flux/base/namespace.yaml new file mode 100644 index 000000000..85fbe0597 --- /dev/null +++ b/manifests/function/flux/base/namespace.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/version: v0.2.0 + name: flux-system diff --git a/manifests/function/flux/base/policies/deny-ingress.yaml b/manifests/function/flux/base/policies/deny-ingress.yaml new file mode 100644 index 000000000..849d122b7 --- /dev/null +++ b/manifests/function/flux/base/policies/deny-ingress.yaml @@ -0,0 +1,15 @@ +# Only allow ingress from within the same namespace. +# Note: This will need to be opened up if Prometheus is running +# in a different namespace. +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: deny-ingress + namespace: flux-system +spec: + podSelector: {} + policyTypes: + - Ingress + ingress: + - from: + - podSelector: {} diff --git a/manifests/function/flux/base/policies/kustomization.yaml b/manifests/function/flux/base/policies/kustomization.yaml new file mode 100644 index 000000000..79146c166 --- /dev/null +++ b/manifests/function/flux/base/policies/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- deny-ingress.yaml diff --git a/manifests/function/flux/base/rbac/kustomization.yaml b/manifests/function/flux/base/rbac/kustomization.yaml new file mode 100644 index 000000000..d072a242d --- /dev/null +++ b/manifests/function/flux/base/rbac/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- role.yaml diff --git a/manifests/function/flux/base/rbac/role.yaml b/manifests/function/flux/base/rbac/role.yaml new file mode 100644 index 000000000..531b1913d --- /dev/null +++ b/manifests/function/flux/base/rbac/role.yaml @@ -0,0 +1,80 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/version: v0.2.0 + name: crd-controller-flux-system + namespace: flux-system +rules: +- apiGroups: + - source.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - kustomize.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - helm.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - notification.toolkit.fluxcd.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - "" + resources: + - configmaps + - configmaps/status + verbs: + - '*' +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/version: v0.2.0 + name: crd-controller-flux-system + namespace: flux-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: crd-controller-flux-system +subjects: +- kind: ServiceAccount + name: default + namespace: flux-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/version: v0.2.0 + name: cluster-reconciler-flux-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: default + namespace: flux-system diff --git a/manifests/function/flux/helm-controller/crd/helmreleases.helm.toolkit.fluxcd.io.yaml b/manifests/function/flux/helm-controller/crd/helmreleases.helm.toolkit.fluxcd.io.yaml new file mode 100644 index 000000000..21d81337e --- /dev/null +++ b/manifests/function/flux/helm-controller/crd/helmreleases.helm.toolkit.fluxcd.io.yaml @@ -0,0 +1,374 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/version: v0.2.0 + name: helmreleases.helm.toolkit.fluxcd.io +spec: + group: helm.toolkit.fluxcd.io + names: + kind: HelmRelease + listKind: HelmReleaseList + plural: helmreleases + shortNames: + - hr + singular: helmrelease + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v2beta1 + schema: + openAPIV3Schema: + description: HelmRelease is the Schema for the helmreleases API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HelmReleaseSpec defines the desired state of a Helm release. + properties: + chart: + description: Chart defines the template of the v1beta1.HelmChart that should be created for this HelmRelease. + properties: + spec: + description: Spec holds the template for the v1beta1.HelmChartSpec for this HelmRelease. + properties: + chart: + description: The name or path the Helm chart is available at in the SourceRef. + type: string + interval: + description: Interval at which to check the v1beta1.Source for updates. Defaults to 'HelmReleaseSpec.Interval'. + type: string + sourceRef: + description: The name and namespace of the v1beta1.Source the chart is available at. + properties: + apiVersion: + description: APIVersion of the referent. + type: string + kind: + description: Kind of the referent. + enum: + - HelmRepository + - GitRepository + - Bucket + type: string + name: + description: Name of the referent. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: Namespace of the referent. + maxLength: 63 + minLength: 1 + type: string + required: + - name + type: object + valuesFile: + description: Alternative values file to use as the default chart values, expected to be a relative path in the SourceRef. Ignored when omitted. + type: string + version: + description: Version semver expression, ignored for charts from v1beta1.GitRepository and v1beta1.Bucket sources. Defaults to latest when omitted. + type: string + required: + - chart + - sourceRef + type: object + required: + - spec + type: object + dependsOn: + description: DependsOn may contain a dependency.CrossNamespaceDependencyReference slice with references to HelmRelease resources that must be ready before this HelmRelease can be reconciled. + items: + description: CrossNamespaceDependencyReference holds the reference to a dependency. + properties: + name: + description: Name holds the name reference of a dependency. + type: string + namespace: + description: Namespace holds the namespace reference of a dependency. + type: string + required: + - name + type: object + type: array + install: + description: Install holds the configuration for Helm install actions for this HelmRelease. + properties: + disableHooks: + description: DisableHooks prevents hooks from running during the Helm install action. + type: boolean + disableOpenAPIValidation: + description: DisableOpenAPIValidation prevents the Helm install action from validating rendered templates against the Kubernetes OpenAPI Schema. + type: boolean + disableWait: + description: DisableWait disables the waiting for resources to be ready after a Helm install has been performed. + type: boolean + remediation: + description: Remediation holds the remediation configuration for when the Helm install action for the HelmRelease fails. The default is to not perform any action. + properties: + ignoreTestFailures: + description: IgnoreTestFailures tells the controller to skip remediation when the Helm tests are run after an install action but fail. Defaults to 'Test.IgnoreFailures'. + type: boolean + remediateLastFailure: + description: RemediateLastFailure tells the controller to remediate the last failure, when no retries remain. Defaults to 'false'. + type: boolean + retries: + description: Retries is the number of retries that should be attempted on failures before bailing. Remediation, using an uninstall, is performed between each attempt. Defaults to '0', a negative integer equals to unlimited retries. + type: integer + type: object + replace: + description: Replace tells the Helm install action to re-use the 'ReleaseName', but only if that name is a deleted release which remains in the history. + type: boolean + skipCRDs: + description: SkipCRDs tells the Helm install action to not install any CRDs. By default, CRDs are installed if not already present. + type: boolean + timeout: + description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm install action. Defaults to 'HelmReleaseSpec.Timeout'. + type: string + type: object + interval: + description: Interval at which to reconcile the Helm release. + type: string + maxHistory: + description: MaxHistory is the number of revisions saved by Helm for this HelmRelease. Use '0' for an unlimited number of revisions; defaults to '10'. + type: integer + releaseName: + description: ReleaseName used for the Helm release. Defaults to a composition of '[TargetNamespace-]Name'. + maxLength: 53 + minLength: 1 + type: string + rollback: + description: Rollback holds the configuration for Helm rollback actions for this HelmRelease. + properties: + cleanupOnFail: + description: CleanupOnFail allows deletion of new resources created during the Helm rollback action when it fails. + type: boolean + disableHooks: + description: DisableHooks prevents hooks from running during the Helm rollback action. + type: boolean + disableWait: + description: DisableWait disables the waiting for resources to be ready after a Helm rollback has been performed. + type: boolean + force: + description: Force forces resource updates through a replacement strategy. + type: boolean + recreate: + description: Recreate performs pod restarts for the resource if applicable. + type: boolean + timeout: + description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'. + type: string + type: object + suspend: + description: Suspend tells the controller to suspend reconciliation for this HelmRelease, it does not apply to already started reconciliations. Defaults to false. + type: boolean + targetNamespace: + description: TargetNamespace to target when performing operations for the HelmRelease. Defaults to the namespace of the HelmRelease. + maxLength: 63 + minLength: 1 + type: string + test: + description: Test holds the configuration for Helm test actions for this HelmRelease. + properties: + enable: + description: Enable enables Helm test actions for this HelmRelease after an Helm install or upgrade action has been performed. + type: boolean + ignoreFailures: + description: IgnoreFailures tells the controller to skip remediation when the Helm tests are run but fail. Can be overwritten for tests run after install or upgrade actions in 'Install.IgnoreTestFailures' and 'Upgrade.IgnoreTestFailures'. + type: boolean + timeout: + description: Timeout is the time to wait for any individual Kubernetes operation during the performance of a Helm test action. Defaults to 'HelmReleaseSpec.Timeout'. + type: string + type: object + timeout: + description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm action. Defaults to '5m0s'. + type: string + uninstall: + description: Uninstall holds the configuration for Helm uninstall actions for this HelmRelease. + properties: + disableHooks: + description: DisableHooks prevents hooks from running during the Helm rollback action. + type: boolean + keepHistory: + description: KeepHistory tells Helm to remove all associated resources and mark the release as deleted, but retain the release history. + type: boolean + timeout: + description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'. + type: string + type: object + upgrade: + description: Upgrade holds the configuration for Helm upgrade actions for this HelmRelease. + properties: + cleanupOnFail: + description: CleanupOnFail allows deletion of new resources created during the Helm upgrade action when it fails. + type: boolean + disableHooks: + description: DisableHooks prevents hooks from running during the Helm upgrade action. + type: boolean + disableOpenAPIValidation: + description: DisableOpenAPIValidation prevents the Helm upgrade action from validating rendered templates against the Kubernetes OpenAPI Schema. + type: boolean + disableWait: + description: DisableWait disables the waiting for resources to be ready after a Helm upgrade has been performed. + type: boolean + force: + description: Force forces resource updates through a replacement strategy. + type: boolean + preserveValues: + description: PreserveValues will make Helm reuse the last release's values and merge in overrides from 'Values'. Setting this flag makes the HelmRelease non-declarative. + type: boolean + remediation: + description: Remediation holds the remediation configuration for when the Helm upgrade action for the HelmRelease fails. The default is to not perform any action. + properties: + ignoreTestFailures: + description: IgnoreTestFailures tells the controller to skip remediation when the Helm tests are run after an upgrade action but fail. Defaults to 'Test.IgnoreFailures'. + type: boolean + remediateLastFailure: + description: RemediateLastFailure tells the controller to remediate the last failure, when no retries remain. Defaults to 'false' unless 'Retries' is greater than 0. + type: boolean + retries: + description: Retries is the number of retries that should be attempted on failures before bailing. Remediation, using 'Strategy', is performed between each attempt. Defaults to '0', a negative integer equals to unlimited retries. + type: integer + strategy: + description: Strategy to use for failure remediation. Defaults to 'rollback'. + enum: + - rollback + - uninstall + type: string + type: object + timeout: + description: Timeout is the time to wait for any individual Kubernetes operation (like Jobs for hooks) during the performance of a Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'. + type: string + type: object + values: + description: Values holds the values for this Helm release. + x-kubernetes-preserve-unknown-fields: true + valuesFrom: + description: ValuesFrom holds references to resources containing Helm values for this HelmRelease, and information about how they should be merged. + items: + description: ValuesReference contains a reference to a resource containing Helm values, and optionally the key they can be found at. + properties: + kind: + description: Kind of the values referent, valid values are ('Secret', 'ConfigMap'). + enum: + - Secret + - ConfigMap + type: string + name: + description: Name of the values referent. Should reside in the same namespace as the referring resource. + maxLength: 253 + minLength: 1 + type: string + optional: + description: Optional marks this ValuesReference as optional. When set, a not found error for the values reference is ignored, but any ValuesKey, TargetPath or transient error will still result in a reconciliation failure. + type: boolean + targetPath: + description: TargetPath is the YAML dot notation path the value should be merged at. When set, the ValuesKey is expected to be a single flat value. Defaults to 'None', which results in the values getting merged at the root. + type: string + valuesKey: + description: ValuesKey is the data key where the values.yaml or a specific value can be found at. Defaults to 'values.yaml'. + type: string + required: + - kind + - name + type: object + type: array + required: + - chart + - interval + type: object + status: + description: HelmReleaseStatus defines the observed state of a HelmRelease. + properties: + conditions: + description: Conditions holds the conditions for the HelmRelease. + items: + description: Condition contains condition information of a toolkit resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the details of the last transition, complementing reason. + type: string + reason: + description: Reason is a brief machine readable explanation for the condition's last transition. + type: string + status: + description: Status of the condition, one of ('True', 'False', 'Unknown'). + type: string + type: + description: Type of the condition. + type: string + required: + - status + - type + type: object + type: array + failures: + description: Failures is the reconciliation failure count against the latest desired state. It is reset after a successful reconciliation. + format: int64 + type: integer + helmChart: + description: HelmChart is the namespaced name of the HelmChart resource created by the controller for the HelmRelease. + type: string + installFailures: + description: InstallFailures is the install failure count against the latest desired state. It is reset after a successful reconciliation. + format: int64 + type: integer + lastAppliedRevision: + description: LastAppliedRevision is the revision of the last successfully applied source. + type: string + lastAttemptedRevision: + description: LastAttemptedRevision is the revision of the last reconciliation attempt. + type: string + lastAttemptedValuesChecksum: + description: LastAttemptedValuesChecksum is the SHA1 checksum of the values of the last reconciliation attempt. + type: string + lastHandledReconcileAt: + description: LastHandledReconcileAt is the last manual reconciliation request (by annotating the HelmRelease) handled by the reconciler. + type: string + lastReleaseRevision: + description: LastReleaseRevision is the revision of the last successful Helm release. + type: integer + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + upgradeFailures: + description: UpgradeFailures is the upgrade failure count against the latest desired state. It is reset after a successful reconciliation. + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/function/flux/helm-controller/crd/kustomization.yaml b/manifests/function/flux/helm-controller/crd/kustomization.yaml new file mode 100644 index 000000000..87a2ae130 --- /dev/null +++ b/manifests/function/flux/helm-controller/crd/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- helmreleases.helm.toolkit.fluxcd.io.yaml diff --git a/manifests/function/flux/helm-controller/kustomization.yaml b/manifests/function/flux/helm-controller/kustomization.yaml new file mode 100644 index 000000000..f7a57ead0 --- /dev/null +++ b/manifests/function/flux/helm-controller/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- crd +- manager diff --git a/manifests/function/flux/helm-controller/manager/deployment.yaml b/manifests/function/flux/helm-controller/manager/deployment.yaml new file mode 100644 index 000000000..793aee79d --- /dev/null +++ b/manifests/function/flux/helm-controller/manager/deployment.yaml @@ -0,0 +1,64 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/version: v0.2.0 + control-plane: controller + name: helm-controller + namespace: flux-system +spec: + replicas: 1 + selector: + matchLabels: + app: helm-controller + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app: helm-controller + spec: + containers: + - args: + - --events-addr= + - --watch-all-namespaces=true + - --log-level=info + - --log-json + - --enable-leader-election + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: ghcr.io/fluxcd/helm-controller:v0.1.3 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /metrics + port: http-prom + name: manager + ports: + - containerPort: 8080 + name: http-prom + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 100m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /tmp + name: temp + nodeSelector: + kubernetes.io/arch: amd64 + kubernetes.io/os: linux + terminationGracePeriodSeconds: 10 + volumes: + - emptyDir: {} + name: temp diff --git a/manifests/function/flux/helm-controller/manager/kustomization.yaml b/manifests/function/flux/helm-controller/manager/kustomization.yaml new file mode 100644 index 000000000..42835f535 --- /dev/null +++ b/manifests/function/flux/helm-controller/manager/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- deployment.yaml diff --git a/manifests/function/flux/helm-controller/replacements/kustomization.yaml b/manifests/function/flux/helm-controller/replacements/kustomization.yaml new file mode 100644 index 000000000..1d43ee154 --- /dev/null +++ b/manifests/function/flux/helm-controller/replacements/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - versions.yaml diff --git a/manifests/function/flux/helm-controller/replacements/versions.yaml b/manifests/function/flux/helm-controller/replacements/versions.yaml new file mode 100644 index 000000000..2ce3eec51 --- /dev/null +++ b/manifests/function/flux/helm-controller/replacements/versions.yaml @@ -0,0 +1,20 @@ +apiVersion: airshipit.org/v1alpha1 +kind: ReplacementTransformer +metadata: + name: helm-controller-versions-replacements + annotations: + config.kubernetes.io/function: |- + container: + image: quay.io/airshipit/replacement-transformer:dev +replacements: +- source: + objref: + kind: VariableCatalogue + name: versions-airshipctl + fieldref: images.flux.helm_controller.manager + target: + objref: + kind: Deployment + name: helm-controller + fieldrefs: ["spec.template.spec.containers[name=manager].image"] + diff --git a/manifests/function/flux/source-controller/crd/buckets.source.toolkit.fluxcd.io.yaml b/manifests/function/flux/source-controller/crd/buckets.source.toolkit.fluxcd.io.yaml new file mode 100644 index 000000000..7f8234cd7 --- /dev/null +++ b/manifests/function/flux/source-controller/crd/buckets.source.toolkit.fluxcd.io.yaml @@ -0,0 +1,158 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/version: v0.2.0 + name: buckets.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: Bucket + listKind: BucketList + plural: buckets + singular: bucket + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Bucket is the Schema for the buckets API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BucketSpec defines the desired state of an S3 compatible bucket + properties: + bucketName: + description: The bucket name. + type: string + endpoint: + description: The bucket endpoint address. + type: string + ignore: + description: Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). + type: string + insecure: + description: Insecure allows connecting to a non-TLS S3 HTTP endpoint. + type: boolean + interval: + description: The interval at which to check for bucket updates. + type: string + provider: + description: The S3 compatible storage provider name, default ('generic'). + enum: + - generic + - aws + type: string + region: + description: The bucket region. + type: string + secretRef: + description: The name of the secret containing authentication credentials for the Bucket. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + timeout: + description: The timeout for download operations, default ('20s'). + type: string + required: + - bucketName + - endpoint + - interval + type: object + status: + description: BucketStatus defines the observed state of a bucket + properties: + artifact: + description: Artifact represents the output of the last successful Bucket sync. + properties: + checksum: + description: Checksum is the SHA1 checksum of the artifact. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to the last update of this artifact. + format: date-time + type: string + path: + description: Path is the relative file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit sha, Git tag, a Helm index timestamp, a Helm chart version, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + conditions: + description: Conditions holds the conditions for the Bucket. + items: + description: Condition contains condition information of a toolkit resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the details of the last transition, complementing reason. + type: string + reason: + description: Reason is a brief machine readable explanation for the condition's last transition. + type: string + status: + description: Status of the condition, one of ('True', 'False', 'Unknown'). + type: string + type: + description: Type of the condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + url: + description: URL is the download link for the artifact output of the last Bucket sync. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/function/flux/source-controller/crd/gitrepositories.source.toolkit.fluxcd.io.yaml b/manifests/function/flux/source-controller/crd/gitrepositories.source.toolkit.fluxcd.io.yaml new file mode 100644 index 000000000..943a0699d --- /dev/null +++ b/manifests/function/flux/source-controller/crd/gitrepositories.source.toolkit.fluxcd.io.yaml @@ -0,0 +1,177 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/version: v0.2.0 + name: gitrepositories.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: GitRepository + listKind: GitRepositoryList + plural: gitrepositories + singular: gitrepository + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: GitRepository is the Schema for the gitrepositories API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: GitRepositorySpec defines the desired state of a Git repository. + properties: + ignore: + description: Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are. + type: string + interval: + description: The interval at which to check for repository updates. + type: string + ref: + description: The git reference to checkout and monitor for changes, defaults to master branch. + properties: + branch: + description: The git branch to checkout, defaults to master. + type: string + commit: + description: The git commit sha to checkout, if specified tag filters will be ignored. + type: string + semver: + description: The git tag semver expression, takes precedence over tag. + type: string + tag: + description: The git tag to checkout, takes precedence over branch. + type: string + type: object + secretRef: + description: The secret name containing the Git credentials. For HTTPS repositories the secret must contain username and password fields. For SSH repositories the secret must contain identity, identity.pub and known_hosts fields. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + timeout: + description: The timeout for remote git operations like cloning, default to 20s. + type: string + url: + description: The repository URL, can be a HTTP or SSH address. + pattern: ^(http|https|ssh):// + type: string + verify: + description: Verify OpenPGP signature for the commit that HEAD points to. + properties: + mode: + description: Mode describes what git object should be verified, currently ('head'). + enum: + - head + type: string + secretRef: + description: The secret name containing the public keys of all trusted git authors. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + required: + - mode + type: object + required: + - interval + - url + type: object + status: + description: GitRepositoryStatus defines the observed state of a Git repository. + properties: + artifact: + description: Artifact represents the output of the last successful repository sync. + properties: + checksum: + description: Checksum is the SHA1 checksum of the artifact. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to the last update of this artifact. + format: date-time + type: string + path: + description: Path is the relative file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit sha, Git tag, a Helm index timestamp, a Helm chart version, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + conditions: + description: Conditions holds the conditions for the GitRepository. + items: + description: Condition contains condition information of a toolkit resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the details of the last transition, complementing reason. + type: string + reason: + description: Reason is a brief machine readable explanation for the condition's last transition. + type: string + status: + description: Status of the condition, one of ('True', 'False', 'Unknown'). + type: string + type: + description: Type of the condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + url: + description: URL is the download link for the artifact output of the last repository sync. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/function/flux/source-controller/crd/helmcharts.source.toolkit.fluxcd.io.yaml b/manifests/function/flux/source-controller/crd/helmcharts.source.toolkit.fluxcd.io.yaml new file mode 100644 index 000000000..6d14f35b4 --- /dev/null +++ b/manifests/function/flux/source-controller/crd/helmcharts.source.toolkit.fluxcd.io.yaml @@ -0,0 +1,165 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/version: v0.2.0 + name: helmcharts.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: HelmChart + listKind: HelmChartList + plural: helmcharts + singular: helmchart + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.chart + name: Chart + type: string + - jsonPath: .spec.version + name: Version + type: string + - jsonPath: .spec.sourceRef.kind + name: Source Kind + type: string + - jsonPath: .spec.sourceRef.name + name: Source Name + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: HelmChart is the Schema for the helmcharts API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HelmChartSpec defines the desired state of a Helm chart. + properties: + chart: + description: The name or path the Helm chart is available at in the SourceRef. + type: string + interval: + description: The interval at which to check the Source for updates. + type: string + sourceRef: + description: The reference to the Source the chart is available at. + properties: + apiVersion: + description: APIVersion of the referent. + type: string + kind: + description: Kind of the referent, valid values are ('HelmRepository', 'GitRepository', 'Bucket'). + enum: + - HelmRepository + - GitRepository + - Bucket + type: string + name: + description: Name of the referent. + type: string + required: + - kind + - name + type: object + valuesFile: + description: Alternative values file to use as the default chart values, expected to be a relative path in the SourceRef. Ignored when omitted. + type: string + version: + description: The chart version semver expression, ignored for charts from GitRepository and Bucket sources. Defaults to latest when omitted. + type: string + required: + - chart + - interval + - sourceRef + type: object + status: + description: HelmChartStatus defines the observed state of the HelmChart. + properties: + artifact: + description: Artifact represents the output of the last successful chart sync. + properties: + checksum: + description: Checksum is the SHA1 checksum of the artifact. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to the last update of this artifact. + format: date-time + type: string + path: + description: Path is the relative file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit sha, Git tag, a Helm index timestamp, a Helm chart version, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + conditions: + description: Conditions holds the conditions for the HelmChart. + items: + description: Condition contains condition information of a toolkit resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the details of the last transition, complementing reason. + type: string + reason: + description: Reason is a brief machine readable explanation for the condition's last transition. + type: string + status: + description: Status of the condition, one of ('True', 'False', 'Unknown'). + type: string + type: + description: Type of the condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + url: + description: URL is the download link for the last chart pulled. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/function/flux/source-controller/crd/helmrepositories.source.toolkit.fluxcd.io.yaml b/manifests/function/flux/source-controller/crd/helmrepositories.source.toolkit.fluxcd.io.yaml new file mode 100644 index 000000000..22bb491a5 --- /dev/null +++ b/manifests/function/flux/source-controller/crd/helmrepositories.source.toolkit.fluxcd.io.yaml @@ -0,0 +1,139 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/version: v0.2.0 + name: helmrepositories.source.toolkit.fluxcd.io +spec: + group: source.toolkit.fluxcd.io + names: + kind: HelmRepository + listKind: HelmRepositoryList + plural: helmrepositories + singular: helmrepository + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.url + name: URL + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].message + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: HelmRepository is the Schema for the helmrepositories API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: HelmRepositorySpec defines the reference to a Helm repository. + properties: + interval: + description: The interval at which to check the upstream for updates. + type: string + secretRef: + description: The name of the secret containing authentication credentials for the Helm repository. For HTTP/S basic auth the secret must contain username and password fields. For TLS the secret must contain caFile, keyFile and caCert fields. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + timeout: + description: The timeout of index downloading, defaults to 60s. + type: string + url: + description: The Helm repository URL, a valid URL contains at least a protocol and host. + type: string + required: + - interval + - url + type: object + status: + description: HelmRepositoryStatus defines the observed state of the HelmRepository. + properties: + artifact: + description: Artifact represents the output of the last successful repository sync. + properties: + checksum: + description: Checksum is the SHA1 checksum of the artifact. + type: string + lastUpdateTime: + description: LastUpdateTime is the timestamp corresponding to the last update of this artifact. + format: date-time + type: string + path: + description: Path is the relative file path of this artifact. + type: string + revision: + description: Revision is a human readable identifier traceable in the origin source system. It can be a Git commit sha, Git tag, a Helm index timestamp, a Helm chart version, etc. + type: string + url: + description: URL is the HTTP address of this artifact. + type: string + required: + - path + - url + type: object + conditions: + description: Conditions holds the conditions for the HelmRepository. + items: + description: Condition contains condition information of a toolkit resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the timestamp corresponding to the last status change of this condition. + format: date-time + type: string + message: + description: Message is a human readable description of the details of the last transition, complementing reason. + type: string + reason: + description: Reason is a brief machine readable explanation for the condition's last transition. + type: string + status: + description: Status of the condition, one of ('True', 'False', 'Unknown'). + type: string + type: + description: Type of the condition. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + description: ObservedGeneration is the last observed generation. + format: int64 + type: integer + url: + description: URL is the download link for the last index fetched. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/manifests/function/flux/source-controller/crd/kustomization.yaml b/manifests/function/flux/source-controller/crd/kustomization.yaml new file mode 100644 index 000000000..1880abd89 --- /dev/null +++ b/manifests/function/flux/source-controller/crd/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- buckets.source.toolkit.fluxcd.io.yaml +- gitrepositories.source.toolkit.fluxcd.io.yaml +- helmcharts.source.toolkit.fluxcd.io.yaml +- helmrepositories.source.toolkit.fluxcd.io.yaml diff --git a/manifests/function/flux/source-controller/kustomization.yaml b/manifests/function/flux/source-controller/kustomization.yaml new file mode 100644 index 000000000..f7a57ead0 --- /dev/null +++ b/manifests/function/flux/source-controller/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- crd +- manager diff --git a/manifests/function/flux/source-controller/manager/deployment.yaml b/manifests/function/flux/source-controller/manager/deployment.yaml new file mode 100644 index 000000000..2f01fccad --- /dev/null +++ b/manifests/function/flux/source-controller/manager/deployment.yaml @@ -0,0 +1,81 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/version: v0.2.0 + control-plane: controller + name: source-controller + namespace: flux-system +spec: + replicas: 1 + selector: + matchLabels: + app: source-controller + template: + metadata: + annotations: + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + labels: + app: source-controller + spec: + containers: + - args: + - --events-addr= + - --watch-all-namespaces=true + - --log-level=info + - --log-json + - --enable-leader-election + - --storage-path=/data + env: + - name: RUNTIME_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: http_proxy + value: REPLACEMENT_HTTP_PROXY + - name: https_proxy + value: REPLACEMENT_HTTPS_PROXY + - name: no_proxy + value: REPLACEMENT_NO_PROXY + image: ghcr.io/fluxcd/source-controller:v0.2.1 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: / + port: http + name: manager + ports: + - containerPort: 9090 + name: http + - containerPort: 8080 + name: http-prom + readinessProbe: + httpGet: + path: / + port: http + resources: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 50m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /data + name: data + - mountPath: /tmp + name: tmp + nodeSelector: + kubernetes.io/arch: amd64 + kubernetes.io/os: linux + terminationGracePeriodSeconds: 10 + volumes: + - emptyDir: {} + name: data + - emptyDir: {} + name: tmp diff --git a/manifests/function/flux/source-controller/manager/kustomization.yaml b/manifests/function/flux/source-controller/manager/kustomization.yaml new file mode 100644 index 000000000..dffc32ffe --- /dev/null +++ b/manifests/function/flux/source-controller/manager/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- deployment.yaml +- service.yaml diff --git a/manifests/function/flux/source-controller/manager/service.yaml b/manifests/function/flux/source-controller/manager/service.yaml new file mode 100644 index 000000000..4646bf730 --- /dev/null +++ b/manifests/function/flux/source-controller/manager/service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: flux-system + app.kubernetes.io/version: v0.2.0 + control-plane: controller + name: source-controller + namespace: flux-system +spec: + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + selector: + app: source-controller + type: ClusterIP diff --git a/manifests/function/flux/source-controller/replacements/env-vars.yaml b/manifests/function/flux/source-controller/replacements/env-vars.yaml new file mode 100644 index 000000000..559426329 --- /dev/null +++ b/manifests/function/flux/source-controller/replacements/env-vars.yaml @@ -0,0 +1,38 @@ +# These rules inject env vars into the source-controller function. +apiVersion: airshipit.org/v1alpha1 +kind: ReplacementTransformer +metadata: + name: source-controller-env-vars-replacements + annotations: + config.kubernetes.io/function: |- + container: + image: quay.io/airshipit/replacement-transformer:dev +replacements: +# Replace the proxy vars +- source: + objref: + name: env-vars-catalogue + fieldref: env.HTTP_PROXY + target: + objref: + kind: Deployment + name: source-controller + fieldrefs: ["spec.template.spec.containers[name=manager].env[name=http_proxy].value%REPLACEMENT_HTTP_PROXY%"] +- source: + objref: + name: env-vars-catalogue + fieldref: env.HTTPS_PROXY + target: + objref: + kind: Deployment + name: source-controller + fieldrefs: ["spec.template.spec.containers[name=manager].env[name=https_proxy].value%REPLACEMENT_HTTPS_PROXY%"] +- source: + objref: + name: env-vars-catalogue + fieldref: env.NO_PROXY + target: + objref: + kind: Deployment + name: source-controller + fieldrefs: ["spec.template.spec.containers[name=manager].env[name=no_proxy].value%REPLACEMENT_NO_PROXY%"] diff --git a/manifests/function/flux/source-controller/replacements/kustomization.yaml b/manifests/function/flux/source-controller/replacements/kustomization.yaml new file mode 100644 index 000000000..640f52430 --- /dev/null +++ b/manifests/function/flux/source-controller/replacements/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - env-vars.yaml + - versions.yaml diff --git a/manifests/function/flux/source-controller/replacements/versions.yaml b/manifests/function/flux/source-controller/replacements/versions.yaml new file mode 100644 index 000000000..6538bd604 --- /dev/null +++ b/manifests/function/flux/source-controller/replacements/versions.yaml @@ -0,0 +1,20 @@ +apiVersion: airshipit.org/v1alpha1 +kind: ReplacementTransformer +metadata: + name: source-controller-versions-replacements + annotations: + config.kubernetes.io/function: |- + container: + image: quay.io/airshipit/replacement-transformer:dev +replacements: +- source: + objref: + kind: VariableCatalogue + name: versions-airshipctl + fieldref: images.flux.source_controller.manager + target: + objref: + kind: Deployment + name: source-controller + fieldrefs: ["spec.template.spec.containers[name=manager].image"] + diff --git a/manifests/site/test-site/target/initinfra/kustomization.yaml b/manifests/site/test-site/target/initinfra/kustomization.yaml index 7d2bf3955..5bdab6d5a 100644 --- a/manifests/site/test-site/target/initinfra/kustomization.yaml +++ b/manifests/site/test-site/target/initinfra/kustomization.yaml @@ -1,7 +1,7 @@ resources: - ../../../../function/baremetal-operator - ../../../../function/clusterctl - - ../../../../function/helm-operator + - ../../../../composite/flux-helm - ../../../../composite/infra - ../catalogues @@ -11,4 +11,5 @@ commonLabels: transformers: - ../../../../composite/infra/replacements - ../../../../function/baremetal-operator/replacements - - ../../../../function/helm-operator/replacements + - ../../../../function/flux/source-controller/replacements + - ../../../../function/flux/helm-controller/replacements diff --git a/manifests/site/test-site/target/workload/kustomization.yaml b/manifests/site/test-site/target/workload/kustomization.yaml index 54b0ca97d..52f306d8b 100644 --- a/manifests/site/test-site/target/workload/kustomization.yaml +++ b/manifests/site/test-site/target/workload/kustomization.yaml @@ -1,2 +1,5 @@ resources: + - ../../../../function/airshipctl-base-catalogues - ../../../../type/gating/target/workload +transformers: + - ../../../../type/gating/target/workload/ingress/replacements \ No newline at end of file diff --git a/manifests/type/gating/target/workload/ingress/helmrelease.yaml b/manifests/type/gating/target/workload/ingress/helmrelease.yaml index 843769e04..0905feff2 100644 --- a/manifests/type/gating/target/workload/ingress/helmrelease.yaml +++ b/manifests/type/gating/target/workload/ingress/helmrelease.yaml @@ -1,15 +1,16 @@ ---- -apiVersion: "helm.fluxcd.io/v1" +apiVersion: "helm.toolkit.fluxcd.io/v2beta1" kind: HelmRelease metadata: name: ingress spec: - wait: true - timeout: 600 - # This chart doesn't have any helm tests, but this still runs a noop - # helm test flow, to ensure we can do this. - test: - enable: true + chart: + spec: + chart: ingress-nginx + version: 3.5.1 + sourceRef: + kind: HelmRepository + name: ingress-nginx + interval: 1m values: defaultBackend: enabled: true @@ -24,7 +25,9 @@ spec: tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule - chart: - repository: https://kubernetes.github.io/ingress-nginx - name: ingress-nginx - version: 3.5.1 + # This chart doesn't have any helm tests, but this still runs a noop + # helm test flow, to ensure we can do this. + test: + enable: true + interval: 5m + timeout: 10m diff --git a/manifests/type/gating/target/workload/ingress/helmrepository.yaml b/manifests/type/gating/target/workload/ingress/helmrepository.yaml new file mode 100644 index 000000000..71baee4aa --- /dev/null +++ b/manifests/type/gating/target/workload/ingress/helmrepository.yaml @@ -0,0 +1,7 @@ +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: HelmRepository +metadata: + name: ingress-nginx +spec: + url: https://kubernetes.github.io/ingress-nginx + interval: 10m diff --git a/manifests/type/gating/target/workload/ingress/kustomization.yaml b/manifests/type/gating/target/workload/ingress/kustomization.yaml index 72552518f..a7803c57e 100644 --- a/manifests/type/gating/target/workload/ingress/kustomization.yaml +++ b/manifests/type/gating/target/workload/ingress/kustomization.yaml @@ -1,4 +1,5 @@ resources: - namespace.yaml + - helmrepository.yaml - helmrelease.yaml namespace: ingress diff --git a/manifests/type/gating/target/workload/ingress/replacements/kustomization.yaml b/manifests/type/gating/target/workload/ingress/replacements/kustomization.yaml new file mode 100644 index 000000000..1d43ee154 --- /dev/null +++ b/manifests/type/gating/target/workload/ingress/replacements/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - versions.yaml diff --git a/manifests/type/gating/target/workload/ingress/replacements/versions.yaml b/manifests/type/gating/target/workload/ingress/replacements/versions.yaml new file mode 100644 index 000000000..d117be849 --- /dev/null +++ b/manifests/type/gating/target/workload/ingress/replacements/versions.yaml @@ -0,0 +1,39 @@ +apiVersion: airshipit.org/v1alpha1 +kind: ReplacementTransformer +metadata: + name: gating-ingress-versions-replacements + annotations: + config.kubernetes.io/function: |- + container: + image: quay.io/airshipit/replacement-transformer:dev +replacements: +- source: + objref: + kind: VariableCatalogue + name: versions-airshipctl + fieldref: helm_repositories.ingress-nginx.url + target: + objref: + kind: HelmRepository + name: ingress-nginx + fieldrefs: ["spec.url"] +- source: + objref: + kind: VariableCatalogue + name: versions-airshipctl + fieldref: charts.ingress-nginx.chart + target: + objref: + kind: HelmRelease + name: ingress + fieldrefs: ["spec.chart.spec.chart"] +- source: + objref: + kind: VariableCatalogue + name: versions-airshipctl + fieldref: charts.ingress-nginx.version + target: + objref: + kind: HelmRelease + name: ingress + fieldrefs: ["spec.chart.spec.version"] diff --git a/tools/deployment/35_deploy_workload.sh b/tools/deployment/35_deploy_workload.sh index 734868308..6a30a5acb 100755 --- a/tools/deployment/35_deploy_workload.sh +++ b/tools/deployment/35_deploy_workload.sh @@ -22,12 +22,7 @@ export TARGET_IP=${TARGET_IP:-"10.23.25.102"} export TARGET_PORT=${TARGET_PORT:-"30000"} echo "Deploy workload" -airshipctl phase run workload-target --debug - -# TODO: Remove this after migrating to HelmRelease v2 (helm-controller) which -# supports a Ready status condition, which `airshipctl phase run` above will consume. -echo "Waiting $TIMEOUT for HelmReleases to become ready." -kubectl --timeout $TIMEOUT --kubeconfig $KUBECONFIG --context $KUBECONFIG_TARGET_CONTEXT wait hr --for condition=released --all --all-namespaces +airshipctl phase run workload-target --debug echo "Ensure we can reach ingress controller default backend" if [ "404" != "$(curl --head --write-out '%{http_code}' --silent --output /dev/null $TARGET_IP:$TARGET_PORT/should-404)" ]; then