diff --git a/CHANGELOG.md b/CHANGELOG.md index ee6b19d..3d8e6d4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [v0.15.0] - 2023-12-08 +### Added +- [#49] Patch-template for mirroring this component and its images into airgapped environments. +### Changed +- [#50] Remove kustomize and hold the operator yaml files in a single helm chart. + ## [v0.14.4] - 2023-10-24 ### Changed - [#46] Update cesapp-lib to 0.12.2 diff --git a/Dockerfile b/Dockerfile index 1d02c6a..eeb2925 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,7 +31,7 @@ RUN make compile-generic FROM gcr.io/distroless/static:nonroot LABEL maintainer="hello@cloudogu.com" \ NAME="k8s-service-discovery" \ - VERSION="0.14.4" + VERSION="0.15.0" WORKDIR / diff --git a/Jenkinsfile b/Jenkinsfile index 241d7ff..9f850f7 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,6 +1,6 @@ #!groovy -@Library(['github.com/cloudogu/ces-build-lib@1.67.0']) +@Library(['github.com/cloudogu/ces-build-lib@1.68.0']) import com.cloudogu.ces.cesbuildlib.* // Creating necessary git objects @@ -21,6 +21,8 @@ repositoryName = "k8s-service-discovery" project = "github.com/${repositoryOwner}/${repositoryName}" registry = "registry.cloudogu.com" registry_namespace = "k8s" +helmTargetDir = "target/k8s" +helmChartDir = "${helmTargetDir}/helm" // Configuration of branches productionReleaseBranch = "main" @@ -61,14 +63,14 @@ node('docker') { } stage('Generate k8s Resources') { - make 'create-temporary-release-resources' - archiveArtifacts 'target/make/k8s/*.yaml' + make 'helm-generate' + archiveArtifacts "${helmTargetDir}/**/*" } - } - stage("Lint k8s Resources") { - stageLintK8SResources() - } + stage("Lint helm") { + make 'helm-lint' + } + } stage('SonarQube') { stageStaticAnalysisSonarQube() @@ -81,26 +83,23 @@ node('docker') { k3d.startK3d() } - def imageName String controllerVersion = makefile.getVersion() + def imageName = "" stage('Build & Push Image') { - imageName=k3d.buildAndPushToLocalRegistry("cloudogu/${repositoryName}", controllerVersion) + imageName = k3d.buildAndPushToLocalRegistry("cloudogu/${repositoryName}", controllerVersion) } - GString sourceDeploymentYaml="target/make/k8s/${repositoryName}_${controllerVersion}.yaml" - GString sourceDeploymentYamlWithNamespace="target/make/k8s/${repositoryName}_${controllerVersion}_namespaced.yaml" - stage('Update development resources') { - sh "cat ${sourceDeploymentYaml} | sed \"s/{{ .Namespace }}/default/\" > ${sourceDeploymentYamlWithNamespace}" - docker.image('mikefarah/yq:4.22.1') + def repository = imageName.substring(0, imageName.lastIndexOf(":")) + docker.image("golang:${goVersion}") .mountJenkinsUser() .inside("--volume ${WORKSPACE}:/workdir -w /workdir") { - sh "yq -i '(select(.kind == \"Deployment\").spec.template.spec.containers[]|select(.name == \"manager\")).image=\"${imageName}\"' ${sourceDeploymentYamlWithNamespace}" + sh "STAGE=development IMAGE_DEV=${repository} make helm-values-replace-image-repo" } } stage('Deploy Manager') { - k3d.kubectl("apply -f ${sourceDeploymentYamlWithNamespace}") + k3d.helm("install ${repositoryName} ${helmChartDir}") } stage('Wait for Ready Rollout') { @@ -108,6 +107,9 @@ node('docker') { } stageAutomaticRelease() + } catch(Exception e) { + k3d.collectAndArchiveLogs() + throw e as java.lang.Throwable } finally { stage('Remove k3d cluster') { k3d.deleteK3d() @@ -125,17 +127,6 @@ void gitWithCredentials(String command) { } } -void stageLintK8SResources() { - String kubevalImage = "cytopia/kubeval:0.13" - - docker - .image(kubevalImage) - .inside("-v ${WORKSPACE}/target/make/k8s:/data -t --entrypoint=") - { - sh "kubeval /data/${repositoryName}_${makefile.getVersion()}.yaml --ignore-missing-schemas" - } -} - void stageStaticAnalysisReviewDog() { def commitSha = sh(returnStdout: true, script: 'git rev-parse HEAD').trim() @@ -190,30 +181,31 @@ void stageAutomaticRelease() { } } - stage('Finish Release') { - gitflow.finishRelease(releaseVersion, productionReleaseBranch) - } - - stage('Push to Registry') { - GString targetOperatorResourceYaml = "target/make/k8s/${repositoryName}_${controllerVersion}.yaml" - - DoguRegistry registry = new DoguRegistry(this) - registry.pushK8sYaml(targetOperatorResourceYaml, repositoryName, "k8s", "${controllerVersion}") + stage('Sign Release') { + gpg.createSignature() } stage('Push Helm chart to Harbor') { new Docker(this) - .image("golang:${goVersion}") - .mountJenkinsUser() - .inside("--volume ${WORKSPACE}:/go/src/${project} -w /go/src/${project}") - { - make 'helm-package-release' - - withCredentials([usernamePassword(credentialsId: 'harborhelmchartpush', usernameVariable: 'HARBOR_USERNAME', passwordVariable: 'HARBOR_PASSWORD')]) { - sh ".bin/helm registry login ${registry} --username '${HARBOR_USERNAME}' --password '${HARBOR_PASSWORD}'" - sh ".bin/helm push target/make/k8s/helm/${repositoryName}-${controllerVersion}.tgz oci://${registry}/${registry_namespace}/" + .image("golang:${goVersion}") + .mountJenkinsUser() + .inside("--volume ${WORKSPACE}:/go/src/${project} -w /go/src/${project}") + { + // Package operator-chart + make 'helm-package' + archiveArtifacts "${helmTargetDir}/**/*" + + // Push charts + withCredentials([usernamePassword(credentialsId: 'harborhelmchartpush', usernameVariable: 'HARBOR_USERNAME', passwordVariable: 'HARBOR_PASSWORD')]) { + sh ".bin/helm registry login ${registry} --username '${HARBOR_USERNAME}' --password '${HARBOR_PASSWORD}'" + + sh ".bin/helm push ${helmChartDir}/${repositoryName}-${controllerVersion}.tgz oci://${registry}/${registry_namespace}/" + } } - } + } + + stage('Finish Release') { + gitflow.finishRelease(releaseVersion, productionReleaseBranch) } stage('Add Github-Release') { diff --git a/Makefile b/Makefile index 8c77e45..5271094 100644 --- a/Makefile +++ b/Makefile @@ -1,12 +1,10 @@ # Set these to the desired values ARTIFACT_ID=k8s-service-discovery -VERSION=0.14.4 +VERSION=0.15.0 -## Image URL to use all building/pushing image targets -IMAGE_DEV=${K3CES_REGISTRY_URL_PREFIX}/${ARTIFACT_ID}:${VERSION} IMAGE=cloudogu/${ARTIFACT_ID}:${VERSION} GOTAG?=1.21 -MAKEFILES_VERSION=8.7.3 +MAKEFILES_VERSION=9.0.1 LINT_VERSION?=v1.52.1 ADDITIONAL_CLEAN=dist-clean @@ -29,41 +27,53 @@ include build/make/digital-signature.mk include build/make/mocks.mk K8S_RUN_PRE_TARGETS=setup-etcd-port-forward -PRE_COMPILE=generate -K8S_PRE_GENERATE_TARGETS=k8s-create-temporary-resource generate-warp-config generate-menu-json template-dev-only-image-pull-policy + +K8S_COMPONENT_SOURCE_VALUES = ${HELM_SOURCE_DIR}/values.yaml +K8S_COMPONENT_TARGET_VALUES = ${HELM_TARGET_DIR}/values.yaml +PRE_COMPILE=generate-deepcopy +HELM_PRE_APPLY_TARGETS=template-stage template-log-level template-image-pull-policy +HELM_PRE_GENERATE_TARGETS = helm-values-update-image-version +HELM_POST_GENERATE_TARGETS = helm-values-replace-image-repo +CHECK_VAR_TARGETS=check-all-vars +IMAGE_IMPORT_TARGET=image-import include build/make/k8s-controller.mk +.PHONY: helm-values-update-image-version +helm-values-update-image-version: $(BINARY_YQ) + @echo "Updating the image version in source values.yaml to ${VERSION}..." + @$(BINARY_YQ) -i e ".manager.image.tag = \"${VERSION}\"" ${K8S_COMPONENT_SOURCE_VALUES} + +.PHONY: helm-values-replace-image-repo +helm-values-replace-image-repo: $(BINARY_YQ) + @if [[ ${STAGE} != "production" ]]; then \ + echo "Setting dev image repo in target values.yaml!" ;\ + $(BINARY_YQ) -i e ".manager.image.repository=\"${IMAGE_DEV}\"" "${K8S_COMPONENT_TARGET_VALUES}" ;\ + fi -.PHONY: manifests -manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. - @echo "Generate manifests..." - @$(CONTROLLER_GEN) rbac:roleName=manager-role webhook paths="./..." +.PHONY: template-stage +template-stage: $(BINARY_YQ) + @if [[ ${STAGE} != "production" ]]; then \ + echo "Setting STAGE env in deployment to ${STAGE}!" ;\ + $(BINARY_YQ) -i e ".manager.env.stage=\"${STAGE}\"" ${K8S_COMPONENT_TARGET_VALUES} ;\ + fi -.PHONY: generate -generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. - @echo "Auto-generate deepcopy functions..." - @$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..." +.PHONY: template-log-level +template-log-level: ${BINARY_YQ} + @if [[ ${STAGE} != "production" ]]; then \ + echo "Setting LOG_LEVEL env in deployment to ${LOG_LEVEL}!" ; \ + $(BINARY_YQ) -i e ".manager.env.logLevel=\"${LOG_LEVEL}\"" "${K8S_COMPONENT_TARGET_VALUES}" ; \ + fi + +.PHONY: template-image-pull-policy +template-image-pull-policy: $(BINARY_YQ) + @if [[ ${STAGE} != "production" ]]; then \ + echo "Setting pull policy to always!" ; \ + $(BINARY_YQ) -i e ".manager.imagePullPolicy=\"Always\"" "${K8S_COMPONENT_TARGET_VALUES}" ; \ + fi ## Local Development .PHONY: setup-etcd-port-forward setup-etcd-port-forward: kubectl port-forward etcd-0 4001:2379 & - -.PHONY: generate-warp-config -generate-warp-config: - @echo "---" >> $(K8S_RESOURCE_TEMP_YAML) - @cat $(K8S_WARP_CONFIG_RESOURCE_YAML) >> $(K8S_RESOURCE_TEMP_YAML) - -.PHONY: generate-menu-json -generate-menu-json: - @echo "---" >> $(K8S_RESOURCE_TEMP_YAML) - @cat $(K8S_WARP_MENU_JSON_YAML) >> $(K8S_RESOURCE_TEMP_YAML) - -create-temporary-release-resources: $(K8S_PRE_GENERATE_TARGETS) - -.PHONY: template-dev-only-image-pull-policy -template-dev-only-image-pull-policy: $(BINARY_YQ) - @echo "Setting pull policy to always!" - @$(BINARY_YQ) -i e "(select(.kind == \"Deployment\").spec.template.spec.containers[]|select(.image == \"*$(ARTIFACT_ID)*\").imagePullPolicy)=\"Always\"" $(K8S_RESOURCE_TEMP_YAML) diff --git a/build/make/k8s-component.mk b/build/make/k8s-component.mk index adfab29..9d29183 100644 --- a/build/make/k8s-component.mk +++ b/build/make/k8s-component.mk @@ -1,68 +1,84 @@ -DEV_VERSION?=${VERSION}-dev -## Image URL to use all building/pushing image targets -IMAGE_DEV?=${K3CES_REGISTRY_URL_PREFIX}/${ARTIFACT_ID}:${DEV_VERSION} +COMPONENT_DEV_VERSION?=${VERSION}-dev -include $(WORKDIR)/build/make/k8s.mk +include ${BUILD_DIR}/make/k8s.mk -BINARY_HELM = $(UTILITY_BIN_PATH)/helm -BINARY_HELM_VERSION?=v3.13.0 BINARY_HELM_ADDITIONAL_PUSH_ARGS?=--plain-http BINARY_HELM_ADDITIONAL_PACK_ARGS?= BINARY_HELM_ADDITIONAL_UNINST_ARGS?= BINARY_HELM_ADDITIONAL_UPGR_ARGS?= -K8S_HELM_TARGET ?= $(K8S_RESOURCE_TEMP_FOLDER)/helm -K8S_HELM_RESSOURCES ?= k8s/helm -K8S_HELM_RELEASE_TGZ=${K8S_HELM_TARGET}/${ARTIFACT_ID}-${VERSION}.tgz -K8S_HELM_DEV_RELEASE_TGZ=${K8S_HELM_TARGET}/${ARTIFACT_ID}-${DEV_VERSION}.tgz -K8S_HELM_ARTIFACT_NAMESPACE?=k8s +HELM_TARGET_DIR ?= $(K8S_RESOURCE_TEMP_FOLDER)/helm +HELM_SOURCE_DIR ?= k8s/helm +HELM_RELEASE_TGZ=${HELM_TARGET_DIR}/${ARTIFACT_ID}-${VERSION}.tgz +HELM_DEV_RELEASE_TGZ=${HELM_TARGET_DIR}/${ARTIFACT_ID}-${COMPONENT_DEV_VERSION}.tgz +HELM_ARTIFACT_NAMESPACE?=k8s K8S_RESOURCE_COMPONENT ?= "${K8S_RESOURCE_TEMP_FOLDER}/component-${ARTIFACT_ID}-${VERSION}.yaml" -K8S_RESOURCE_COMPONENT_CR_TEMPLATE_YAML ?= $(WORKDIR)/build/make/k8s-component.tpl +K8S_RESOURCE_COMPONENT_CR_TEMPLATE_YAML ?= $(BUILD_DIR)/make/k8s-component.tpl +# HELM_PRE_GENERATE_TARGETS allows to execute targets that affect Helm source files AND Helm target files. +HELM_PRE_GENERATE_TARGETS ?= +# HELM_POST_GENERATE_TARGETS allows to execute targets that only affect Helm target files. +HELM_POST_GENERATE_TARGETS ?= +HELM_PRE_APPLY_TARGETS ?= +COMPONENT_PRE_APPLY_TARGETS ?= + +# This can be used by components with own images to build and push to the dev registry. +# These components should override this variable with `image-import`. +IMAGE_IMPORT_TARGET?= ##@ K8s - Helm general .PHONY: helm-init-chart helm-init-chart: ${BINARY_HELM} ## Creates a Chart.yaml-template with zero values - @echo "Initialize ${K8S_HELM_RESSOURCES}/Chart.yaml..." - @mkdir -p ${K8S_HELM_RESSOURCES}/tmp/ - @${BINARY_HELM} create ${K8S_HELM_RESSOURCES}/tmp/${ARTIFACT_ID} - @cp ${K8S_HELM_RESSOURCES}/tmp/${ARTIFACT_ID}/Chart.yaml ${K8S_HELM_RESSOURCES}/ - @rm -dr ${K8S_HELM_RESSOURCES}/tmp - @sed -i 's/appVersion: ".*"/appVersion: "0.0.0-replaceme"/' ${K8S_HELM_RESSOURCES}/Chart.yaml - @sed -i 's/version: .*/version: 0.0.0-replaceme/' ${K8S_HELM_RESSOURCES}/Chart.yaml - -.PHONY: helm-generate-chart -helm-generate-chart: k8s-generate ${K8S_HELM_TARGET}/Chart.yaml ## Generates the final helm chart. - -.PHONY: ${K8S_HELM_TARGET}/Chart.yaml -${K8S_HELM_TARGET}/Chart.yaml: $(K8S_RESOURCE_TEMP_FOLDER) k8s-generate helm-update-dependencies - @echo "Generate helm chart..." - @rm -drf ${K8S_HELM_TARGET} # delete folder, so the chart is newly created. - @mkdir -p ${K8S_HELM_TARGET}/templates - @cp $(K8S_RESOURCE_TEMP_YAML) ${K8S_HELM_TARGET}/templates - @${BINARY_YQ} 'select(document_index != (select(.kind == "CustomResourceDefinition") | document_index))' $(K8S_RESOURCE_TEMP_YAML) > ${K8S_HELM_TARGET}/templates/$(ARTIFACT_ID)_$(VERSION).yaml # select all documents without the CRD - @sed -i "s/'{{ .Namespace }}'/'{{ .Release.Namespace }}'/" ${K8S_HELM_TARGET}/templates/$(ARTIFACT_ID)_$(VERSION).yaml - @cp -r ${K8S_HELM_RESSOURCES}/** ${K8S_HELM_TARGET} + @echo "Initialize ${HELM_SOURCE_DIR}/Chart.yaml..." + @mkdir -p ${HELM_SOURCE_DIR}/tmp/ + @${BINARY_HELM} create ${HELM_SOURCE_DIR}/tmp/${ARTIFACT_ID} + @cp ${HELM_SOURCE_DIR}/tmp/${ARTIFACT_ID}/Chart.yaml ${HELM_SOURCE_DIR}/ + @rm -dr ${HELM_SOURCE_DIR}/tmp + @sed -i 's/appVersion: ".*"/appVersion: "0.0.0-replaceme"/' ${HELM_SOURCE_DIR}/Chart.yaml + @sed -i 's/version: .*/version: 0.0.0-replaceme/' ${HELM_SOURCE_DIR}/Chart.yaml + +.PHONY: helm-generate +helm-generate: ${HELM_TARGET_DIR}/Chart.yaml ${HELM_POST_GENERATE_TARGETS} ## Generates the final helm chart. + +# this is phony because of it is easier this way than the makefile-single-run way +.PHONY: ${HELM_TARGET_DIR}/Chart.yaml +${HELM_TARGET_DIR}/Chart.yaml: $(K8S_RESOURCE_TEMP_FOLDER) validate-chart ${HELM_PRE_GENERATE_TARGETS} copy-helm-files + @echo "Generate Helm chart..." @if [[ ${STAGE} == "development" ]]; then \ - sed -i 's/appVersion: "0.0.0-replaceme"/appVersion: '$(DEV_VERSION)'/' ${K8S_HELM_TARGET}/Chart.yaml; \ - sed -i 's/version: 0.0.0-replaceme/version: '$(DEV_VERSION)'/' ${K8S_HELM_TARGET}/Chart.yaml; \ + sed -i 's/appVersion: "0.0.0-replaceme"/appVersion: '$(COMPONENT_DEV_VERSION)'/' ${HELM_TARGET_DIR}/Chart.yaml; \ + sed -i 's/version: 0.0.0-replaceme/version: '$(COMPONENT_DEV_VERSION)'/' ${HELM_TARGET_DIR}/Chart.yaml; \ else \ - sed -i 's/appVersion: "0.0.0-replaceme"/appVersion: "${VERSION}"/' ${K8S_HELM_TARGET}/Chart.yaml; \ - sed -i 's/version: 0.0.0-replaceme/version: ${VERSION}/' ${K8S_HELM_TARGET}/Chart.yaml; \ + sed -i 's/appVersion: "0.0.0-replaceme"/appVersion: "${VERSION}"/' ${HELM_TARGET_DIR}/Chart.yaml; \ + sed -i 's/version: 0.0.0-replaceme/version: ${VERSION}/' ${HELM_TARGET_DIR}/Chart.yaml; \ fi -##@ K8s - Helm dev targets +.PHONY: copy-helm-files +copy-helm-files: + @echo "Copying Helm files..." + @rm -drf ${HELM_TARGET_DIR} # delete folder, so the chart is newly created. + @mkdir -p ${HELM_TARGET_DIR}/templates + @cp -r ${HELM_SOURCE_DIR}/** ${HELM_TARGET_DIR} + +.PHONY: validate-chart +validate-chart: + @if [ ! -f ${HELM_SOURCE_DIR}/Chart.yaml ] ; then \ + echo "Could not find source Helm chart under \$${HELM_SOURCE_DIR}/Chart.yaml" ; \ + exit 22 ; \ + fi -.PHONY: helm-generate -helm-generate: helm-generate-chart ## Generates the final helm chart with dev-urls. +.PHONY: helm-update-dependencies +helm-update-dependencies: ${BINARY_HELM} ## Update Helm chart dependencies + @$(BINARY_HELM) dependency update "${HELM_SOURCE_DIR}" + +##@ K8s - Helm dev targets .PHONY: helm-apply -helm-apply: ${BINARY_HELM} check-k8s-namespace-env-var $(PRE_APPLY_TARGETS) helm-generate $(K8S_POST_GENERATE_TARGETS) ## Generates and installs the helm chart. +helm-apply: ${BINARY_HELM} check-k8s-namespace-env-var ${IMAGE_IMPORT_TARGET} helm-generate ${HELM_PRE_APPLY_TARGETS} ## Generates and installs the Helm chart. @echo "Apply generated helm chart" - @${BINARY_HELM} upgrade -i ${ARTIFACT_ID} ${K8S_HELM_TARGET} ${BINARY_HELM_ADDITIONAL_UPGR_ARGS} --namespace ${NAMESPACE} + @${BINARY_HELM} upgrade -i ${ARTIFACT_ID} ${HELM_TARGET_DIR} ${BINARY_HELM_ADDITIONAL_UPGR_ARGS} --namespace ${NAMESPACE} .PHONY: helm-delete -helm-delete: ${BINARY_HELM} check-k8s-namespace-env-var ## Uninstalls the current helm chart. +helm-delete: ${BINARY_HELM} check-k8s-namespace-env-var ## Uninstalls the current Helm chart. @echo "Uninstall helm chart" @${BINARY_HELM} uninstall ${ARTIFACT_ID} --namespace=${NAMESPACE} ${BINARY_HELM_ADDITIONAL_UNINST_ARGS} || true @@ -70,59 +86,58 @@ helm-delete: ${BINARY_HELM} check-k8s-namespace-env-var ## Uninstalls the curren helm-reinstall: helm-delete helm-apply ## Uninstalls the current helm chart and reinstalls it. .PHONY: helm-chart-import -helm-chart-import: check-all-vars check-k8s-artifact-id helm-generate-chart helm-package-release ## Imports the currently available chart into the cluster-local registry. +helm-chart-import: ${CHECK_VAR_TARGETS} helm-generate helm-package ${IMAGE_IMPORT_TARGET} ## Imports the currently available chart into the cluster-local registry. @if [[ ${STAGE} == "development" ]]; then \ - echo "Import ${K8S_HELM_DEV_RELEASE_TGZ} into K8s cluster ${K3CES_REGISTRY_URL_PREFIX}..."; \ - ${BINARY_HELM} push ${K8S_HELM_DEV_RELEASE_TGZ} oci://${K3CES_REGISTRY_URL_PREFIX}/${K8S_HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \ + echo "Import ${HELM_DEV_RELEASE_TGZ} into K8s cluster ${K3CES_REGISTRY_URL_PREFIX}..."; \ + ${BINARY_HELM} push ${HELM_DEV_RELEASE_TGZ} oci://${K3CES_REGISTRY_URL_PREFIX}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \ else \ - echo "Import ${K8S_HELM_RELEASE_TGZ} into K8s cluster ${K3CES_REGISTRY_URL_PREFIX}..."; \ - ${BINARY_HELM} push ${K8S_HELM_RELEASE_TGZ} oci://${K3CES_REGISTRY_URL_PREFIX}/${K8S_HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \ + echo "Import ${HELM_RELEASE_TGZ} into K8s cluster ${K3CES_REGISTRY_URL_PREFIX}..."; \ + ${BINARY_HELM} push ${HELM_RELEASE_TGZ} oci://${K3CES_REGISTRY_URL_PREFIX}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \ fi @echo "Done." ##@ K8s - Helm release targets .PHONY: helm-generate-release -helm-generate-release: ${K8S_HELM_TARGET}/templates/$(ARTIFACT_ID)_$(VERSION).yaml ## Generates the final helm chart with release urls. +helm-generate-release: update-urls ## Generates the final helm chart with release URLs. -${K8S_HELM_TARGET}/templates/$(ARTIFACT_ID)_$(VERSION).yaml: $(K8S_PRE_GENERATE_TARGETS) ${K8S_HELM_TARGET}/Chart.yaml - @sed -i "s/'{{ .Namespace }}'/'{{ .Release.Namespace }}'/" ${K8S_HELM_TARGET}/templates/$(ARTIFACT_ID)_$(VERSION).yaml -.PHONY: helm-package-release -helm-package-release: ${BINARY_HELM} helm-delete-existing-tgz ${K8S_HELM_RELEASE_TGZ} ## Generates and packages the helm chart with release urls. +.PHONY: helm-package +helm-package: helm-delete-existing-tgz ${HELM_RELEASE_TGZ} ## Generates and packages the helm chart with release URLs. + +${HELM_RELEASE_TGZ}: ${BINARY_HELM} ${HELM_TARGET_DIR}/Chart.yaml ${HELM_POST_GENERATE_TARGETS} ## Generates and packages the helm chart with release URLs. + @echo "Package generated helm chart" + @if [[ ${STAGE} == "development" ]]; then \ + echo "WARNING: You are using a development environment" ; \ + fi + @${BINARY_HELM} package ${HELM_TARGET_DIR} -d ${HELM_TARGET_DIR} ${BINARY_HELM_ADDITIONAL_PACK_ARGS} .PHONY: helm-delete-existing-tgz -helm-delete-existing-tgz: ## Remove an existing Helm package. -# remove - @rm -f ${K8S_HELM_RELEASE_TGZ}* +helm-delete-existing-tgz: ## Remove an existing Helm package from the target directory. + @echo "Delete ${HELM_RELEASE_TGZ}*" + @rm -f ${HELM_RELEASE_TGZ}* -${K8S_HELM_RELEASE_TGZ}: ${BINARY_HELM} ${K8S_HELM_TARGET}/templates/$(ARTIFACT_ID)_$(VERSION).yaml helm-generate-chart $(K8S_POST_GENERATE_TARGETS) ## Generates and packages the helm chart with release urls. - @echo "Package generated helm chart" - @${BINARY_HELM} package ${K8S_HELM_TARGET} -d ${K8S_HELM_TARGET} ${BINARY_HELM_ADDITIONAL_PACK_ARGS} +##@ K8s - Helm lint targets -${BINARY_HELM}: $(UTILITY_BIN_PATH) ## Download helm locally if necessary. - $(call go-get-tool,$(BINARY_HELM),helm.sh/helm/v3/cmd/helm@${BINARY_HELM_VERSION}) +.PHONY: helm-lint +helm-lint: $(BINARY_HELM) helm-generate + @$(BINARY_HELM) lint "${HELM_TARGET_DIR}" ##@ K8s - Component dev targets .PHONY: component-generate -component-generate: ${K8S_RESOURCE_TEMP_FOLDER} ${BINARY_YQ} ## Generate the component yaml resource. - @echo "Generating temporary K8s component resource: $'{K8S_RESOURCE_COMPONENT}" - @cp "${K8S_RESOURCE_COMPONENT_CR_TEMPLATE_YAML}" "${K8S_RESOURCE_COMPONENT}" - @$(BINARY_YQ) -i ".metadata.name = \"$(ARTIFACT_ID)\"" "${K8S_RESOURCE_COMPONENT}" - @$(BINARY_YQ) -i ".spec.namespace = \"$(K8S_HELM_ARTIFACT_NAMESPACE)\"" "${K8S_RESOURCE_COMPONENT}" - @$(BINARY_YQ) -i ".spec.name = \"$(ARTIFACT_ID)\"" "${K8S_RESOURCE_COMPONENT}" +component-generate: ${K8S_RESOURCE_COMPONENT_CR_TEMPLATE_YAML} ${COMPONENT_POST_GENERATE_TARGETS} ## Generate the component yaml resource. + +${K8S_RESOURCE_COMPONENT_CR_TEMPLATE_YAML}: ${K8S_RESOURCE_TEMP_FOLDER} + @echo "Generating temporary K8s component resource: ${K8S_RESOURCE_COMPONENT}" @if [[ ${STAGE} == "development" ]]; then \ - $(BINARY_YQ) -i ".spec.version = \"$(DEV_VERSION)\"" "${K8S_RESOURCE_COMPONENT}"; \ + sed "s|NAMESPACE|$(HELM_ARTIFACT_NAMESPACE)|g" "${K8S_RESOURCE_COMPONENT_CR_TEMPLATE_YAML}" | sed "s|NAME|$(ARTIFACT_ID)|g" | sed "s|VERSION|$(COMPONENT_DEV_VERSION)|g" > "${K8S_RESOURCE_COMPONENT}"; \ else \ - $(BINARY_YQ) -i ".spec.version = \"$(VERSION)\"" "${K8S_RESOURCE_COMPONENT}"; \ - fi - @if [[ -n "${COMPONENT_DEPLOY_NAMESPACE}" ]]; then \ - $(BINARY_YQ) -i ".spec.deployNamespace = \"$(COMPONENT_DEPLOY_NAMESPACE)\"" "${K8S_RESOURCE_COMPONENT}"; \ + sed "s|NAMESPACE|$(HELM_ARTIFACT_NAMESPACE)|g" "${K8S_RESOURCE_COMPONENT_CR_TEMPLATE_YAML}" | sed "s|NAME|$(ARTIFACT_ID)|g" | sed "s|VERSION|$(VERSION)|g" > "${K8S_RESOURCE_COMPONENT}"; \ fi .PHONY: component-apply -component-apply: check-k8s-namespace-env-var $(PRE_APPLY_TARGETS) helm-generate helm-chart-import component-generate $(K8S_POST_GENERATE_TARGETS) ## Applies the component yaml resource to the actual defined context. +component-apply: check-k8s-namespace-env-var ${COMPONENT_PRE_APPLY_TARGETS} ${IMAGE_IMPORT_TARGET} helm-generate helm-chart-import component-generate ## Applies the component yaml resource to the actual defined context. @kubectl apply -f "${K8S_RESOURCE_COMPONENT}" --namespace="${NAMESPACE}" @echo "Done." @@ -133,10 +148,3 @@ component-delete: check-k8s-namespace-env-var component-generate $(K8S_POST_GENE .PHONY: component-reinstall component-reinstall: component-delete component-apply ## Reinstalls the component yaml resource from the actual defined context. - -.PHONY: helm-update-dependencies -helm-update-dependencies: ${BINARY_HELM} - @$(BINARY_HELM) dependency update "${K8S_HELM_RESSOURCES}" - -.PHONY: install-helm -install-helm: ${BINARY_HELM} \ No newline at end of file diff --git a/build/make/k8s-controller.mk b/build/make/k8s-controller.mk index ea4334a..ea3d457 100644 --- a/build/make/k8s-controller.mk +++ b/build/make/k8s-controller.mk @@ -1,21 +1,6 @@ -# This script can be used to build and deploy kubernetes controllers. It is required to implement the controller -# specific targets `manifests` and `generate`: -# -# Examples: -# -#.PHONY: manifests -#manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects. -# @echo "Generate manifests..." -# @$(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases -# -#.PHONY: generate -#generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations. -# @echo "Auto-generate deepcopy functions..." -# @$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..." - # This script requires the k8s.mk script -include $(WORKDIR)/build/make/k8s-component.mk -include $(WORKDIR)/build/make/k8s-crd.mk +include ${BUILD_DIR}/make/k8s-component.mk +include ${BUILD_DIR}/make/k8s-crd.mk ## Variables @@ -50,7 +35,7 @@ build-controller: ${SRC} compile ## Builds the controller Go binary. # Allows to perform tasks before locally running the controller K8S_RUN_PRE_TARGETS ?= .PHONY: run -run: manifests generate $(K8S_RUN_PRE_TARGETS) ## Run a controller from your host. +run: generate-deepcopy $(K8S_RUN_PRE_TARGETS) ## Run a controller from your host. go run -ldflags "-X main.Version=$(VERSION)" ./main.go ##@ K8s - Integration test with envtest @@ -59,33 +44,13 @@ $(K8S_INTEGRATION_TEST_DIR): @mkdir -p $@ .PHONY: k8s-integration-test -k8s-integration-test: $(K8S_INTEGRATION_TEST_DIR) manifests generate envtest ## Run k8s integration tests. +k8s-integration-test: $(K8S_INTEGRATION_TEST_DIR) ${ENVTEST} ## Run k8s integration tests. @echo "Running K8s integration tests..." @KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test -tags=k8s_integration ./... -coverprofile ${K8S_INTEGRATION_TEST_DIR}/report-k8s-integration.out -##@ K8s - Controller Resource - -# The pre generation script creates a K8s resource yaml containing generated manager yaml. -.PHONY: k8s-create-temporary-resource - k8s-create-temporary-resource: $(K8S_RESOURCE_TEMP_FOLDER) manifests kustomize - @echo "Generating temporary k8s resources $(K8S_RESOURCE_TEMP_YAML)..." - cd $(WORKDIR)/config/manager && $(KUSTOMIZE) edit set image controller=$(IMAGE) - $(KUSTOMIZE) build config/default > $(K8S_RESOURCE_TEMP_YAML) - @echo "Done." - -##@ K8s - Download Kubernetes Utility Tools - -CONTROLLER_GEN = $(UTILITY_BIN_PATH)/controller-gen -.PHONY: controller-gen -controller-gen: ## Download controller-gen locally if necessary. - $(call go-get-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen@v0.13.0) - -KUSTOMIZE = $(UTILITY_BIN_PATH)/kustomize -.PHONY: kustomize -kustomize: ## Download kustomize locally if necessary. - $(call go-get-tool,$(KUSTOMIZE),sigs.k8s.io/kustomize/kustomize/v4@v4.5.7) +##@ Controller specific targets -ENVTEST = $(UTILITY_BIN_PATH)/setup-envtest -.PHONY: envtest -envtest: ## Download envtest-setup locally if necessary. - $(call go-get-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest@latest) \ No newline at end of file +.PHONY: generate-deepcopy +generate-deepcopy: ${CONTROLLER_GEN} ## Generate code containing DeepCopy* method implementations. + @echo "Auto-generate deepcopy functions..." + @$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..." diff --git a/build/make/k8s-crd.mk b/build/make/k8s-crd.mk index 639a941..4cbcd88 100644 --- a/build/make/k8s-crd.mk +++ b/build/make/k8s-crd.mk @@ -1,78 +1,115 @@ -ARTIFACT_CRD_ID=$(ARTIFACT_ID)-crd -DEV_CRD_VERSION?=${VERSION}-dev -K8S_HELM_CRD_TARGET ?= $(K8S_RESOURCE_TEMP_FOLDER)/helm-crd -K8S_HELM_CRD_RESSOURCES ?= k8s/helm-crd -K8S_HELM_CRD_RELEASE_TGZ=${K8S_HELM_CRD_TARGET}/${ARTIFACT_CRD_ID}-${VERSION}.tgz -K8S_HELM_CRD_DEV_RELEASE_TGZ=${K8S_HELM_CRD_TARGET}/${ARTIFACT_CRD_ID}-${DEV_CRD_VERSION}.tgz +ARTIFACT_CRD_ID = $(ARTIFACT_ID)-crd +DEV_CRD_VERSION ?= ${VERSION}-dev +HELM_CRD_SOURCE_DIR ?= ${WORKDIR}/k8s/helm-crd +HELM_CRD_TARGET_DIR ?= $(K8S_RESOURCE_TEMP_FOLDER)/helm-crd +HELM_CRD_RELEASE_TGZ = ${HELM_CRD_TARGET_DIR}/${ARTIFACT_CRD_ID}-${VERSION}.tgz +HELM_CRD_DEV_RELEASE_TGZ = ${HELM_CRD_TARGET_DIR}/${ARTIFACT_CRD_ID}-${DEV_CRD_VERSION}.tgz K8S_RESOURCE_CRD_COMPONENT ?= "${K8S_RESOURCE_TEMP_FOLDER}/component-${ARTIFACT_CRD_ID}-${VERSION}.yaml" -K8S_RESOURCE_COMPONENT_CR_TEMPLATE_YAML ?= $(WORKDIR)/build/make/k8s-component.tpl +K8S_RESOURCE_COMPONENT_CR_TEMPLATE_YAML ?= $(BUILD_DIR)/make/k8s-component.tpl +# CRD_POST_MANIFEST_TARGETS can be used to post-process CRD YAMLs after their creation. +CRD_POST_MANIFEST_TARGETS ?= crd-add-labels + +# This can be used by external components to prevent generate and copy controller manifests by overriding with an empty value. +CRD_HELM_MANIFEST_TARGET?=manifests ##@ K8s - CRD targets -.PHONY: crd-helm-generate-chart ## Generates the helm crd-chart -crd-helm-generate-chart: ${BINARY_YQ} $(K8S_RESOURCE_TEMP_FOLDER) k8s-generate - @echo "Generate helm crd-chart..." - @rm -drf ${K8S_HELM_CRD_TARGET} # delete folder, so the chart is newly created. - @mkdir -p ${K8S_HELM_CRD_TARGET}/templates - @cp -r ${K8S_HELM_CRD_RESSOURCES}/** ${K8S_HELM_CRD_TARGET} - @${BINARY_YQ} 'select(.kind == "CustomResourceDefinition")' $(K8S_RESOURCE_TEMP_YAML) > ${K8S_HELM_CRD_TARGET}/templates/$(ARTIFACT_CRD_ID)_$(VERSION).yaml - @sed -i 's/name: artifact-crd-replaceme/name: ${ARTIFACT_CRD_ID}/' ${K8S_HELM_CRD_TARGET}/Chart.yaml +.PHONY: manifests +manifests: ${CONTROLLER_GEN} manifests-run ${CRD_POST_MANIFEST_TARGETS} ## Generate CustomResourceDefinition YAMLs. + +.PHONY: manifests-run +manifests-run: + @echo "Generate manifests..." + @$(CONTROLLER_GEN) crd paths="./..." output:crd:artifacts:config=${HELM_CRD_SOURCE_DIR}/templates + +.PHONY: crd-add-labels +crd-add-labels: $(BINARY_YQ) + @echo "Adding labels to CRD..." + @for file in ${HELM_CRD_SOURCE_DIR}/templates/*.yaml ; do \ + $(BINARY_YQ) -i e ".metadata.labels.app = \"ces\"" $${file} ;\ + $(BINARY_YQ) -i e ".metadata.labels.\"app.kubernetes.io/name\" = \"${ARTIFACT_ID}\"" $${file} ;\ + done + +.PHONY: crd-helm-generate ## Generates the Helm CRD chart +crd-helm-generate: ${CRD_HELM_MANIFEST_TARGET} validate-crd-chart ${HELM_CRD_TARGET_DIR}/Chart.yaml ${K8S_POST_CRD_HELM_GENERATE_TARGETS} + +# this is phony because of it is easier this way than the makefile-single-run way +.PHONY: ${HELM_CRD_TARGET_DIR}/Chart.yaml +${HELM_CRD_TARGET_DIR}/Chart.yaml: ${K8S_RESOURCE_TEMP_FOLDER} + @echo "Copying Helm CRD files..." + @rm -drf ${HELM_CRD_TARGET_DIR}/templates + @mkdir -p ${HELM_CRD_TARGET_DIR}/templates + @cp -r ${HELM_CRD_SOURCE_DIR}/** ${HELM_CRD_TARGET_DIR} + + @echo "Generate Helm CRD chart..." + @sed -i 's/name: artifact-crd-replaceme/name: ${ARTIFACT_CRD_ID}/' ${HELM_CRD_TARGET_DIR}/Chart.yaml @if [[ ${STAGE} == "development" ]]; then \ - sed -i 's/appVersion: "0.0.0-replaceme"/appVersion: "${DEV_CRD_VERSION}"/' ${K8S_HELM_CRD_TARGET}/Chart.yaml; \ - sed -i 's/version: 0.0.0-replaceme/version: ${DEV_CRD_VERSION}/' ${K8S_HELM_CRD_TARGET}/Chart.yaml; \ + sed -i 's/appVersion: "0.0.0-replaceme"/appVersion: "${DEV_CRD_VERSION}"/' ${HELM_CRD_TARGET_DIR}/Chart.yaml; \ + sed -i 's/version: 0.0.0-replaceme/version: ${DEV_CRD_VERSION}/' ${HELM_CRD_TARGET_DIR}/Chart.yaml; \ else \ - sed -i 's/appVersion: "0.0.0-replaceme"/appVersion: "${VERSION}"/' ${K8S_HELM_CRD_TARGET}/Chart.yaml; \ - sed -i 's/version: 0.0.0-replaceme/version: ${VERSION}/' ${K8S_HELM_CRD_TARGET}/Chart.yaml; \ + sed -i 's/appVersion: "0.0.0-replaceme"/appVersion: "${VERSION}"/' ${HELM_CRD_TARGET_DIR}/Chart.yaml; \ + sed -i 's/version: 0.0.0-replaceme/version: ${VERSION}/' ${HELM_CRD_TARGET_DIR}/Chart.yaml; \ fi +.PHONY: validate-crd-chart +validate-crd-chart: + @if [ ! -f ${HELM_CRD_SOURCE_DIR}/Chart.yaml ] ; then \ + echo "Could not find CRD source Helm chart under \$${HELM_CRD_SOURCE_DIR}/Chart.yaml" ; \ + exit 23 ; \ + fi + .PHONY: crd-helm-apply -crd-helm-apply: ${BINARY_HELM} check-k8s-namespace-env-var crd-helm-generate-chart $(K8S_POST_GENERATE_TARGETS) ## Generates and installs the helm crd-chart. - @echo "Apply generated helm crd-chart" - @${BINARY_HELM} upgrade -i ${ARTIFACT_CRD_ID} ${K8S_HELM_CRD_TARGET} ${BINARY_HELM_ADDITIONAL_UPGR_ARGS} --namespace ${NAMESPACE} +crd-helm-apply: ${BINARY_HELM} check-k8s-namespace-env-var crd-helm-generate ## Generates and installs the Helm CRD chart. + @echo "Apply generated Helm CRD chart" + @${BINARY_HELM} upgrade -i ${ARTIFACT_CRD_ID} ${HELM_CRD_TARGET_DIR} ${BINARY_HELM_ADDITIONAL_UPGR_ARGS} --namespace ${NAMESPACE} .PHONY: crd-helm-delete -crd-helm-delete: ${BINARY_HELM} check-k8s-namespace-env-var ## Uninstalls the current helm crd-chart. - @echo "Uninstall helm crd-chart" +crd-helm-delete: ${BINARY_HELM} check-k8s-namespace-env-var ## Uninstalls the current Helm CRD chart. + @echo "Uninstall Helm CRD chart" @${BINARY_HELM} uninstall ${ARTIFACT_CRD_ID} --namespace=${NAMESPACE} ${BINARY_HELM_ADDITIONAL_UNINST_ARGS} || true .PHONY: crd-helm-package -crd-helm-package: ${BINARY_HELM} crd-helm-delete-existing-tgz ${K8S_HELM_CRD_RELEASE_TGZ} ## Generates and packages the helm crd-chart. +crd-helm-package: crd-helm-delete-existing-tgz ${HELM_CRD_RELEASE_TGZ} ## Generates and packages the Helm CRD chart. .PHONY: crd-helm-delete-existing-tgz -crd-helm-delete-existing-tgz: ## Remove an existing Helm crd-package. - @rm -f ${K8S_HELM_CRD_RELEASE_TGZ}* +crd-helm-delete-existing-tgz: ## Remove an existing Helm CRD package. + @rm -f ${HELM_CRD_RELEASE_TGZ}* -${K8S_HELM_CRD_RELEASE_TGZ}: ${BINARY_HELM} crd-helm-generate-chart $(K8S_POST_GENERATE_TARGETS) ## Generates and packages the helm crd-chart. +${HELM_CRD_RELEASE_TGZ}: ${BINARY_HELM} crd-helm-generate ## Generates and packages the Helm CRD chart. @echo "Package generated helm crd-chart" - @${BINARY_HELM} package ${K8S_HELM_CRD_TARGET} -d ${K8S_HELM_CRD_TARGET} ${BINARY_HELM_ADDITIONAL_PACK_ARGS} + @${BINARY_HELM} package ${HELM_CRD_TARGET_DIR} -d ${HELM_CRD_TARGET_DIR} ${BINARY_HELM_ADDITIONAL_PACK_ARGS} .PHONY: crd-helm-chart-import -crd-helm-chart-import: check-all-vars check-k8s-artifact-id crd-helm-generate-chart crd-helm-package ## Imports the currently available crd-chart into the cluster-local registry. +crd-helm-chart-import: ${CHECK_VAR_TARGETS} check-k8s-artifact-id crd-helm-generate crd-helm-package ## Imports the currently available Helm CRD chart into the cluster-local registry. @if [[ ${STAGE} == "development" ]]; then \ - echo "Import ${K8S_HELM_CRD_DEV_RELEASE_TGZ} into K8s cluster ${K3CES_REGISTRY_URL_PREFIX}..."; \ - ${BINARY_HELM} push ${K8S_HELM_CRD_DEV_RELEASE_TGZ} oci://${K3CES_REGISTRY_URL_PREFIX}/${K8S_HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \ + echo "Import ${HELM_CRD_DEV_RELEASE_TGZ} into K8s cluster ${K3CES_REGISTRY_URL_PREFIX}..."; \ + ${BINARY_HELM} push ${HELM_CRD_DEV_RELEASE_TGZ} oci://${K3CES_REGISTRY_URL_PREFIX}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \ else \ - echo "Import ${K8S_HELM_CRD_RELEASE_TGZ} into K8s cluster ${K3CES_REGISTRY_URL_PREFIX}..."; \ - ${BINARY_HELM} push ${K8S_HELM_CRD_RELEASE_TGZ} oci://${K3CES_REGISTRY_URL_PREFIX}/${K8S_HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \ + echo "Import ${HELM_CRD_RELEASE_TGZ} into K8s cluster ${K3CES_REGISTRY_URL_PREFIX}..."; \ + ${BINARY_HELM} push ${HELM_CRD_RELEASE_TGZ} oci://${K3CES_REGISTRY_URL_PREFIX}/${HELM_ARTIFACT_NAMESPACE} ${BINARY_HELM_ADDITIONAL_PUSH_ARGS}; \ fi @echo "Done." +.PHONY: crd-helm-lint +crd-helm-lint: $(BINARY_HELM) crd-helm-generate + @$(BINARY_HELM) lint "${HELM_CRD_TARGET_DIR}" + .PHONY: crd-component-generate -crd-component-generate: ${K8S_RESOURCE_TEMP_FOLDER} ## Generate the crd-component yaml resource. +crd-component-generate: ${K8S_RESOURCE_TEMP_FOLDER} ## Generate the CRD component YAML resource. @echo "Generating temporary K8s crd-component resource: ${K8S_RESOURCE_CRD_COMPONENT}" @if [[ ${STAGE} == "development" ]]; then \ - sed "s|NAMESPACE|$(K8S_HELM_ARTIFACT_NAMESPACE)|g" "${K8S_RESOURCE_COMPONENT_CR_TEMPLATE_YAML}" | sed "s|NAME|$(ARTIFACT_CRD_ID)|g" | sed "s|VERSION|$(DEV_CRD_VERSION)|g" > "${K8S_RESOURCE_CRD_COMPONENT}"; \ + sed "s|NAMESPACE|$(HELM_ARTIFACT_NAMESPACE)|g" "${K8S_RESOURCE_COMPONENT_CR_TEMPLATE_YAML}" | sed "s|NAME|$(ARTIFACT_CRD_ID)|g" | sed "s|VERSION|$(DEV_CRD_VERSION)|g" > "${K8S_RESOURCE_CRD_COMPONENT}"; \ else \ - sed "s|NAMESPACE|$(K8S_HELM_ARTIFACT_NAMESPACE)|g" "${K8S_RESOURCE_COMPONENT_CR_TEMPLATE_YAML}" | sed "s|NAME|$(ARTIFACT_CRD_ID)|g" | sed "s|VERSION|$(VERSION)|g" > "${K8S_RESOURCE_CRD_COMPONENT}"; \ + sed "s|NAMESPACE|$(HELM_ARTIFACT_NAMESPACE)|g" "${K8S_RESOURCE_COMPONENT_CR_TEMPLATE_YAML}" | sed "s|NAME|$(ARTIFACT_CRD_ID)|g" | sed "s|VERSION|$(VERSION)|g" > "${K8S_RESOURCE_CRD_COMPONENT}"; \ fi .PHONY: crd-component-apply -crd-component-apply: check-k8s-namespace-env-var crd-helm-chart-import crd-component-generate $(K8S_POST_GENERATE_TARGETS) ## Applies the crd-component yaml resource to the actual defined context. +crd-component-apply: check-k8s-namespace-env-var crd-helm-chart-import crd-component-generate ## Applies the CRD component YAML resource to the actual defined context. @kubectl apply -f "${K8S_RESOURCE_CRD_COMPONENT}" --namespace="${NAMESPACE}" @echo "Done." .PHONY: crd-component-delete -crd-component-delete: check-k8s-namespace-env-var crd-component-generate $(K8S_POST_GENERATE_TARGETS) ## Deletes the crd-component yaml resource from the actual defined context. +crd-component-delete: check-k8s-namespace-env-var crd-component-generate ## Deletes the CRD component YAML resource from the actual defined context. @kubectl delete -f "${K8S_RESOURCE_CRD_COMPONENT}" --namespace="${NAMESPACE}" || true @echo "Done." diff --git a/build/make/k8s-dogu.mk b/build/make/k8s-dogu.mk index c498dcd..9c244a3 100644 --- a/build/make/k8s-dogu.mk +++ b/build/make/k8s-dogu.mk @@ -1,7 +1,7 @@ # Variables # Path to the dogu json of the dogu -DOGU_JSON_FILE=$(WORKDIR)/dogu.json -DOGU_JSON_DEV_FILE=${TARGET_DIR}/dogu.json +DOGU_JSON_FILE=${WORKDIR}/dogu.json +DOGU_JSON_DEV_FILE=${WORKDIR}/${TARGET_DIR}/dogu.json # Name of the dogu is extracted from the dogu.json ARTIFACT_ID=$(shell $(BINARY_YQ) -e ".Name" $(DOGU_JSON_FILE) | sed "s|.*/||g") # Namespace of the dogu is extracted from the dogu.json @@ -13,27 +13,32 @@ IMAGE=$(shell $(BINARY_YQ) -e ".Image" $(DOGU_JSON_FILE)):$(VERSION) IMAGE_DEV_WITHOUT_TAG=$(shell $(BINARY_YQ) -e ".Image" $(DOGU_JSON_FILE) | sed "s|registry\.cloudogu\.com\(.\+\)|${K3CES_REGISTRY_URL_PREFIX}\1|g") IMAGE_DEV=${IMAGE_DEV_WITHOUT_TAG}:${VERSION} -include $(WORKDIR)/build/make/k8s.mk +include $(BUILD_DIR)/make/k8s.mk ##@ K8s - EcoSystem .PHONY: build -build: image-import install-dogu-descriptor k8s-apply ## Builds a new version of the dogu and deploys it into the K8s-EcoSystem. +build: image-import install-dogu-descriptor create-dogu-resource apply-dogu-resource ## Builds a new version of the dogu and deploys it into the K8s-EcoSystem. ##@ K8s - Dogu - Resource # The additional k8s yaml files K8S_RESOURCE_PRODUCTIVE_FOLDER ?= $(WORKDIR)/k8s K8S_RESOURCE_PRODUCTIVE_YAML ?= $(K8S_RESOURCE_PRODUCTIVE_FOLDER)/$(ARTIFACT_ID).yaml -K8S_RESOURCE_DOGU_CR_TEMPLATE_YAML ?= $(WORKDIR)/build/make/k8s-dogu.tpl +K8S_RESOURCE_DOGU_CR_TEMPLATE_YAML ?= $(BUILD_DIR)/make/k8s-dogu.tpl +K8S_RESOURCE_DOGU ?= $(K8S_RESOURCE_TEMP_FOLDER)/$(ARTIFACT_ID).yaml # The pre generation script creates a k8s resource yaml containing the dogu crd and the content from the k8s folder. -.PHONY: k8s-create-temporary-resource - k8s-create-temporary-resource: ${BINARY_YQ} $(K8S_RESOURCE_TEMP_FOLDER) - @echo "Generating temporary K8s resources $(K8S_RESOURCE_TEMP_YAML)..." - @rm -f $(K8S_RESOURCE_TEMP_YAML) - @sed "s|NAMESPACE|$(ARTIFACT_NAMESPACE)|g" $(K8S_RESOURCE_DOGU_CR_TEMPLATE_YAML) | sed "s|NAME|$(ARTIFACT_ID)|g" | sed "s|VERSION|$(VERSION)|g" >> $(K8S_RESOURCE_TEMP_YAML) +.PHONY: create-dogu-resource +create-dogu-resource: ${BINARY_YQ} $(K8S_RESOURCE_TEMP_FOLDER) + @echo "Generating temporary K8s resources $(K8S_RESOURCE_DOGU)..." + @rm -f $(K8S_RESOURCE_DOGU) + @sed "s|NAMESPACE|$(ARTIFACT_NAMESPACE)|g" $(K8S_RESOURCE_DOGU_CR_TEMPLATE_YAML) | sed "s|NAME|$(ARTIFACT_ID)|g" | sed "s|VERSION|$(VERSION)|g" >> $(K8S_RESOURCE_DOGU) @echo "Done." +.PHONY: apply-dogu-resource +apply-dogu-resource: + @kubectl apply -f "$(K8S_RESOURCE_DOGU)" + ##@ K8s - Dogu .PHONY: install-dogu-descriptor diff --git a/build/make/k8s.mk b/build/make/k8s.mk index 5a6abe8..0f9fe02 100644 --- a/build/make/k8s.mk +++ b/build/make/k8s.mk @@ -6,13 +6,18 @@ endif ## Variables +BINARY_YQ = $(UTILITY_BIN_PATH)/yq +BINARY_YQ_4_VERSION?=v4.40.3 +BINARY_HELM = $(UTILITY_BIN_PATH)/helm +BINARY_HELM_VERSION?=v3.13.0 +CONTROLLER_GEN = $(UTILITY_BIN_PATH)/controller-gen +CONTROLLER_GEN_VERSION?=v0.13.0 + # Setting SHELL to bash allows bash commands to be executed by recipes. # Options are set to exit when a recipe line exits non-zero or a piped command fails. SHELL = /usr/bin/env bash -o pipefail .SHELLFLAGS = -ec -BINARY_YQ = $(UTILITY_BIN_PATH)/yq - # The productive tag of the image IMAGE ?= @@ -22,18 +27,28 @@ STAGE?=production K3S_CLUSTER_FQDN?=k3ces.local K3S_LOCAL_REGISTRY_PORT?=30099 K3CES_REGISTRY_URL_PREFIX="${K3S_CLUSTER_FQDN}:${K3S_LOCAL_REGISTRY_PORT}" +## Image URL to use all building/pushing image targets +IMAGE_DEV?=${K3CES_REGISTRY_URL_PREFIX}/${ARTIFACT_ID} +IMAGE_DEV_VERSION=${IMAGE_DEV}:${VERSION} # Variables for the temporary yaml files. These are used as template to generate a development resource containing # the current namespace and the dev image. -K8S_RESOURCE_TEMP_FOLDER ?= $(TARGET_DIR)/make/k8s -K8S_RESOURCE_TEMP_YAML ?= $(K8S_RESOURCE_TEMP_FOLDER)/$(ARTIFACT_ID)_$(VERSION).yaml +K8S_RESOURCE_TEMP_FOLDER ?= $(TARGET_DIR)/k8s -PRE_APPLY_TARGETS ?= check-k8s-image-env-var image-import +# This can be used by components with own images to check if all image env var are set. +# These components should override this variable with `check-all-vars`. +CHECK_VAR_TARGETS?=check-all-vars-without-image ##@ K8s - Variables .PHONY: check-all-vars -check-all-vars: check-k8s-artifact-id check-etc-hosts check-insecure-cluster-registry check-k8s-namespace-env-var ## Conduct a sanity check against selected build artefacts or local environment +check-all-vars: check-all-vars-without-image check-all-image-vars ## Conduct a sanity check against selected build artefacts or local environment + +.PHONY: check-all-image-vars +check-all-image-vars: check-k8s-image-env-var check-k8s-image-dev-var check-etc-hosts check-insecure-cluster-registry + +.PHONY: check-all-vars-without-image +check-all-vars-without-image: check-k8s-artifact-id check-k8s-namespace-env-var .PHONY: check-k8s-namespace-env-var check-k8s-namespace-env-var: @@ -62,32 +77,6 @@ check-insecure-cluster-registry: ${K8S_RESOURCE_TEMP_FOLDER}: @mkdir -p $@ -.PHONY: k8s-delete -k8s-delete: k8s-generate $(K8S_POST_GENERATE_TARGETS) ## Deletes all dogu related resources from the K8s cluster. - @echo "Delete old dogu resources..." - @kubectl delete -f $(K8S_RESOURCE_TEMP_YAML) --wait=false --ignore-not-found=true --namespace=${NAMESPACE} - -# The additional targets executed after the generate target, executed before each apply and delete. The generate target -# produces a temporary yaml. This yaml is accessible via K8S_RESOURCE_TEMP_YAML an can be changed before the apply/delete. -K8S_POST_GENERATE_TARGETS ?= -# The additional targets executed before the generate target, executed before each apply and delete. -K8S_PRE_GENERATE_TARGETS ?= k8s-create-temporary-resource - -.PHONY: k8s-generate -k8s-generate: ${BINARY_YQ} $(K8S_RESOURCE_TEMP_FOLDER) $(K8S_PRE_GENERATE_TARGETS) ## Generates the final resource yaml. - @echo "Applying general transformations..." - @if [[ ${STAGE} == "development" ]]; then \ - $(BINARY_YQ) -i e "(select(.kind == \"Deployment\").spec.template.spec.containers[]|select(.image == \"*$(ARTIFACT_ID)*\").image)=\"$(IMAGE_DEV)\"" $(K8S_RESOURCE_TEMP_YAML); \ - else \ - $(BINARY_YQ) -i e "(select(.kind == \"Deployment\").spec.template.spec.containers[]|select(.image == \"*$(ARTIFACT_ID)*\").image)=\"$(IMAGE)\"" $(K8S_RESOURCE_TEMP_YAML); \ - fi - @echo "Done." - -.PHONY: k8s-apply -k8s-apply: k8s-generate $(PRE_APPLY_TARGETS) $(K8S_POST_GENERATE_TARGETS) ## Applies all generated K8s resources to the current cluster and namespace. - @echo "Apply generated K8s resources..." - @sed -i "s/'{{ .Namespace }}'/$(NAMESPACE)/" $(K8S_RESOURCE_TEMP_YAML) - @kubectl apply -f $(K8S_RESOURCE_TEMP_YAML) --namespace=${NAMESPACE} ##@ K8s - Docker @@ -98,8 +87,8 @@ docker-build: check-k8s-image-env-var ## Builds the docker image of the K8s app. .PHONY: docker-dev-tag docker-dev-tag: check-k8s-image-dev-var docker-build ## Tags a Docker image for local K3ces deployment. - @echo "Tagging image with dev tag $(IMAGE_DEV)..." - @DOCKER_BUILDKIT=1 docker tag ${IMAGE} $(IMAGE_DEV) + @echo "Tagging image with dev tag $(IMAGE_DEV_VERSION)..." + @DOCKER_BUILDKIT=1 docker tag ${IMAGE} $(IMAGE_DEV_VERSION) .PHONY: check-k8s-image-dev-var check-k8s-image-dev-var: @@ -110,8 +99,8 @@ endif .PHONY: image-import image-import: check-all-vars check-k8s-artifact-id docker-dev-tag ## Imports the currently available image into the cluster-local registry. - @echo "Import $(IMAGE_DEV) into K8s cluster ${K3S_CLUSTER_FQDN}..." - @docker push $(IMAGE_DEV) + @echo "Import $(IMAGE_DEV_VERSION) into K8s cluster ${K3S_CLUSTER_FQDN}..." + @docker push $(IMAGE_DEV_VERSION) @echo "Done." ## Functions @@ -129,8 +118,31 @@ __check_defined = \ $(if $(value $1),, \ $(error Undefined $1$(if $2, ($2)))) +##@ K8s - Download Utilities + .PHONY: install-yq ## Installs the yq YAML editor. install-yq: ${BINARY_YQ} -${BINARY_YQ}: $(UTILITY_BIN_PATH) ## Download yq locally if necessary. - $(call go-get-tool,$(BINARY_YQ),github.com/mikefarah/yq/v4@v4.25.1) +${BINARY_YQ}: $(UTILITY_BIN_PATH) + $(call go-get-tool,$(BINARY_YQ),github.com/mikefarah/yq/v4@${BINARY_YQ_4_VERSION}) + +##@ K8s - Download Kubernetes Utilities + +.PHONY: install-helm ## Download helm locally if necessary. +install-helm: ${BINARY_HELM} + +${BINARY_HELM}: $(UTILITY_BIN_PATH) + $(call go-get-tool,$(BINARY_HELM),helm.sh/helm/v3/cmd/helm@${BINARY_HELM_VERSION}) + +.PHONY: controller-gen +controller-gen: ${CONTROLLER_GEN} ## Download controller-gen locally if necessary. + +${CONTROLLER_GEN}: + $(call go-get-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen@${CONTROLLER_GEN_VERSION}) + +ENVTEST = $(UTILITY_BIN_PATH)/setup-envtest +.PHONY: envtest +envtest: ${ENVTEST} ## Download envtest-setup locally if necessary. + +${ENVTEST}: + $(call go-get-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest@latest) \ No newline at end of file diff --git a/build/make/mocks.mk b/build/make/mocks.mk index 9e61b46..e313369 100644 --- a/build/make/mocks.mk +++ b/build/make/mocks.mk @@ -8,7 +8,7 @@ ${MOCKERY_BIN}: ${UTILITY_BIN_PATH} $(call go-get-tool,$(MOCKERY_BIN),github.com/vektra/mockery/v2@$(MOCKERY_VERSION)) ${MOCKERY_YAML}: - @cp ${WORKDIR}/build/make/mockery.yaml ${WORKDIR}/.mockery.yaml + @cp ${BUILD_DIR}/make/mockery.yaml ${WORKDIR}/.mockery.yaml .PHONY: mocks mocks: ${MOCKERY_BIN} ${MOCKERY_YAML} ## This target is used to generate mocks for all interfaces in a project. diff --git a/build/make/release.mk b/build/make/release.mk index 8fbc00f..328f7ba 100644 --- a/build/make/release.mk +++ b/build/make/release.mk @@ -6,6 +6,10 @@ dogu-release: ## Start a dogu release build/make/release.sh dogu +.PHONY: node-release +node-release: ## Start a node package release + build/make/release.sh node-pkg + .PHONY: go-release go-release: ## Start a go tool release build/make/release.sh go-tool diff --git a/build/make/yarn.mk b/build/make/yarn.mk index 12792b4..6ff7de9 100644 --- a/build/make/yarn.mk +++ b/build/make/yarn.mk @@ -5,14 +5,6 @@ YARN_LOCK=$(WORKDIR)/yarn.lock .PHONY: yarn-install yarn-install: $(YARN_TARGET) ## Execute yarn install -ifeq ($(ENVIRONMENT), ci) - -$(YARN_TARGET): $(YARN_LOCK) - @echo "Yarn install on CI server" - @yarn install - -else - $(YARN_TARGET): $(YARN_LOCK) $(PASSWD) @echo "Executing yarn..." @docker run --rm \ @@ -24,4 +16,24 @@ $(YARN_TARGET): $(YARN_LOCK) $(PASSWD) yarn install @touch $@ -endif +.PHONY yarn-publish-ci: +yarn-publish-ci: ## Execute yarn publish with '--non-interactive' flag to suppress the version prompt + @echo "Executing yarn publish..." + @docker run --rm \ + -u "$(UID_NR):$(GID_NR)" \ + -v $(PASSWD):/etc/passwd:ro \ + -v $(WORKDIR):$(WORKDIR) \ + -w $(WORKDIR) \ + node:$(NODE_VERSION) \ + yarn publish --non-interactive + +.PHONY yarn-publish: ## Execute yarn publish +yarn-publish: $(YARN_BUILD_TARGET) + @echo "Executing yarn publish..." + @docker run --rm \ + -u "$(UID_NR):$(GID_NR)" \ + -v $(PASSWD):/etc/passwd:ro \ + -v $(WORKDIR):$(WORKDIR) \ + -w $(WORKDIR) \ + node:$(NODE_VERSION) \ + yarn publish diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml deleted file mode 100644 index 017b71d..0000000 --- a/config/default/kustomization.yaml +++ /dev/null @@ -1,70 +0,0 @@ -# Value of this field is prepended to the -# names of all resources, e.g. a deployment named -# "wordpress" becomes "alices-wordpress". -# Note that it should also match with the prefix (text before '-') of the namespace -# field above. -namePrefix: k8s-service-discovery- - -# Labels to add to all resources and selectors. -commonLabels: - app: ces - app.kubernetes.io/name: k8s-service-discovery - -bases: -- ../rbac -- ../manager -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -#- ../webhook -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. -#- ../certmanager -# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. -#- ../prometheus - -patchesStrategicMerge: -# Protect the /metrics endpoint by putting it behind auth. -# If you want your controller-manager to expose the /metrics -# endpoint w/o any authn/z, please comment the following line. -- manager_auth_proxy_patch.yaml - -# Mount the controller config file for loading manager configurations -# through a ComponentConfig type -#- manager_config_patch.yaml - -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -#- manager_webhook_patch.yaml - -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. -# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. -# 'CERTMANAGER' needs to be enabled to use ca injection -#- webhookcainjection_patch.yaml - -# the following config is for teaching kustomize how to do var substitution -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. -#- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR -# objref: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# name: serving-cert # this name should match the one in certificate.yaml -# fieldref: -# fieldpath: metadata.namespace -#- name: CERTIFICATE_NAME -# objref: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# name: serving-cert # this name should match the one in certificate.yaml -#- name: SERVICE_NAMESPACE # namespace of the service -# objref: -# kind: Service -# version: v1 -# name: webhook-service -# fieldref: -# fieldpath: metadata.namespace -#- name: SERVICE_NAME -# objref: -# kind: Service -# version: v1 -# name: webhook-service diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml deleted file mode 100644 index f5bfe59..0000000 --- a/config/default/manager_auth_proxy_patch.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# This patch inject a sidecar container which is a HTTP proxy for the -# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - labels: - app: ces - app.kubernetes.io/name: k8s-service-discovery -spec: - template: - spec: - containers: - - name: kube-rbac-proxy - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.1 - args: - - "--secure-listen-address=0.0.0.0:8443" - - "--upstream=http://127.0.0.1:8080/" - - "--v=0" - ports: - - containerPort: 8443 - protocol: TCP - name: https - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 5m - memory: 64Mi - - name: manager - args: - - "--health-probe-bind-address=:8081" - - "--metrics-bind-address=127.0.0.1:8080" - - "--leader-elect" diff --git a/config/default/manager_config_patch.yaml b/config/default/manager_config_patch.yaml deleted file mode 100644 index 1e2ff11..0000000 --- a/config/default/manager_config_patch.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - labels: - app: ces - app.kubernetes.io/name: k8s-service-discovery -spec: - template: - spec: - containers: - - name: manager - args: - - "--config=controller_manager_config.yaml" - volumeMounts: - - name: manager-config - mountPath: /controller_manager_config.yaml - subPath: controller_manager_config.yaml - volumes: - - name: manager-config - configMap: - name: manager-config \ No newline at end of file diff --git a/config/manager/controller_manager_config.yaml b/config/manager/controller_manager_config.yaml deleted file mode 100644 index 813f9de..0000000 --- a/config/manager/controller_manager_config.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 -kind: ControllerManagerConfig -health: - healthProbeBindAddress: :8081 -metrics: - bindAddress: 127.0.0.1:8080 -webhook: - port: 9443 -leaderElection: - leaderElect: true - resourceName: 92a787f2.cloudogu.com diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml deleted file mode 100644 index 8e6ae80..0000000 --- a/config/manager/kustomization.yaml +++ /dev/null @@ -1,14 +0,0 @@ -resources: - - manager.yaml -generatorOptions: - disableNameSuffixHash: true -configMapGenerator: - - files: - - controller_manager_config.yaml - name: manager-config -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -images: - - name: controller - newName: cloudogu/k8s-service-discovery - newTag: 0.14.4 diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml deleted file mode 100644 index 425b0ca..0000000 --- a/config/manager/manager.yaml +++ /dev/null @@ -1,63 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - labels: - app: ces - app.kubernetes.io/name: k8s-service-discovery - control-plane: controller-manager -spec: - selector: - matchLabels: - control-plane: controller-manager - replicas: 1 - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: manager - labels: - app: ces - app.kubernetes.io/name: k8s-service-discovery - control-plane: controller-manager - spec: - securityContext: - runAsNonRoot: true - containers: - - command: - - /manager - args: - - --leader-elect - image: controller:latest - env: - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LOG_LEVEL - value: DEBUG - name: manager - securityContext: - allowPrivilegeEscalation: false - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - # TODO(user): Configure the resources accordingly based on the project requirements. - # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 10m - memory: 64Mi - serviceAccountName: controller-manager - terminationGracePeriodSeconds: 10 diff --git a/config/prometheus/kustomization.yaml b/config/prometheus/kustomization.yaml deleted file mode 100644 index ed13716..0000000 --- a/config/prometheus/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: -- monitor.yaml diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml deleted file mode 100644 index aeab9d8..0000000 --- a/config/prometheus/monitor.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# Prometheus Monitor Service (Metrics) -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - app: ces - app.kubernetes.io/name: k8s-service-discovery - control-plane: controller-manager - name: controller-manager-metrics-monitor -spec: - endpoints: - - path: /metrics - port: https - scheme: https - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - tlsConfig: - insecureSkipVerify: true - selector: - matchLabels: - control-plane: controller-manager diff --git a/config/rbac/auth_proxy_role.yaml b/config/rbac/auth_proxy_role.yaml deleted file mode 100644 index cb9ab7b..0000000 --- a/config/rbac/auth_proxy_role.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: proxy-role - labels: - app: ces - app.kubernetes.io/name: k8s-service-discovery -rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create diff --git a/config/rbac/auth_proxy_role_binding.yaml b/config/rbac/auth_proxy_role_binding.yaml deleted file mode 100644 index 29c989a..0000000 --- a/config/rbac/auth_proxy_role_binding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: proxy-rolebinding - labels: - app: ces - app.kubernetes.io/name: k8s-service-discovery -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: proxy-role -subjects: -- kind: ServiceAccount - name: controller-manager diff --git a/config/rbac/auth_proxy_service.yaml b/config/rbac/auth_proxy_service.yaml deleted file mode 100644 index 4e7ca67..0000000 --- a/config/rbac/auth_proxy_service.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app: ces - app.kubernetes.io/name: k8s-service-discovery - control-plane: controller-manager - name: controller-manager-metrics-service -spec: - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https - selector: - control-plane: controller-manager diff --git a/config/rbac/cluster_role.yaml b/config/rbac/cluster_role.yaml deleted file mode 100644 index 20854d2..0000000 --- a/config/rbac/cluster_role.yaml +++ /dev/null @@ -1,19 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: manager-role - labels: - app: ces - app.kubernetes.io/name: k8s-service-discovery -rules: - # We need to check whether the ingress class for the ingress objects exists. If not, we need to create it. - - apiGroups: - - "*" - resources: - - ingressclasses - verbs: - - get - - create - - list - - watch \ No newline at end of file diff --git a/config/rbac/cluster_role_binding.yaml b/config/rbac/cluster_role_binding.yaml deleted file mode 100644 index a5ab4cd..0000000 --- a/config/rbac/cluster_role_binding.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: manager-clusterrolebinding - labels: - app: ces - app.kubernetes.io/name: k8s-service-discovery -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: manager-role -subjects: -- kind: ServiceAccount - name: k8s-service-discovery-controller-manager - namespace: "{{ .Namespace }}" \ No newline at end of file diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml deleted file mode 100644 index a625ac8..0000000 --- a/config/rbac/kustomization.yaml +++ /dev/null @@ -1,19 +0,0 @@ -resources: -# All RBAC will be applied under this service account in -# the deployment namespace. You may comment out this resource -# if your manager will use a service account that exists at -# runtime. Be sure to update RoleBinding and ClusterRoleBinding -# subjects if changing service account names. -- service_account.yaml -- role.yaml -- role_binding.yaml -- cluster_role.yaml -- cluster_role_binding.yaml -- leader_election_role.yaml -- leader_election_role_binding.yaml -# Comment the following 4 lines if you want to disable -# the auth proxy (https://github.com/brancz/kube-rbac-proxy) -# which protects your /metrics endpoint. -- auth_proxy_service.yaml -- auth_proxy_role.yaml -- auth_proxy_role_binding.yaml diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml deleted file mode 100644 index 67c77b0..0000000 --- a/config/rbac/leader_election_role.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# permissions to do leader election. -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: leader-election-role - labels: - app: ces - app.kubernetes.io/name: k8s-service-discovery -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml deleted file mode 100644 index bc07142..0000000 --- a/config/rbac/leader_election_role_binding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: leader-election-rolebinding - labels: - app: ces - app.kubernetes.io/name: k8s-service-discovery -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: leader-election-role -subjects: -- kind: ServiceAccount - name: controller-manager diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml deleted file mode 100644 index 0cae8df..0000000 --- a/config/rbac/role.yaml +++ /dev/null @@ -1,64 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: manager-role - labels: - app: ces - app.kubernetes.io/name: k8s-service-discovery -rules: - - apiGroups: - - "*" - resources: - - ingresses - verbs: - - create - - get - - list - - watch - - delete - - update - - apiGroups: - - "*" - resources: - - pods - verbs: - - list - - watch - - get - - delete - - apiGroups: - - "*" - resources: - - deployments - verbs: - - list - - watch - - get - - apiGroups: - - "*" - resources: - - services - verbs: - - list - - watch - - get -# update is necessary for rewriting exposed services to be blocked during maintenance mode - - update - - apiGroups: - - "*" - resources: - - secrets - verbs: - - list - - watch - - get - - create - - update - - apiGroups: - - "k8s.cloudogu.com" - resources: - - dogus - verbs: - - watch - - list diff --git a/config/rbac/role_binding.yaml b/config/rbac/role_binding.yaml deleted file mode 100644 index 74b94e3..0000000 --- a/config/rbac/role_binding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: manager-rolebinding - labels: - app: ces - app.kubernetes.io/name: k8s-service-discovery -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: manager-role -subjects: -- kind: ServiceAccount - name: controller-manager diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml deleted file mode 100644 index 9746f1a..0000000 --- a/config/rbac/service_account.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: controller-manager - labels: - app: ces - app.kubernetes.io/name: k8s-service-discovery diff --git a/controllers/config/config.go b/controllers/config/config.go index 6e218f7..400488e 100644 --- a/controllers/config/config.go +++ b/controllers/config/config.go @@ -11,11 +11,11 @@ import ( ) const ( - warpConfigMap = "k8s-ces-warp-config" - MenuConfigMap = "k8s-ces-menu-json" - EnvVarStage = "STAGE" - StageDevelopment = "development" - DevConfigPath = "k8s/dev-resources/k8s-ces-warp-config.yaml" + warpConfigMap = "k8s-ces-warp-config" + MenuConfigMap = "k8s-ces-menu-json" + EnvVarStage = "STAGE" + StageLocal = "local" + DevConfigPath = "k8s/dev-resources/k8s-ces-warp-config.yaml" ) // Order can be used to modify ordering via configuration @@ -46,7 +46,7 @@ type SupportSource struct { // ReadConfiguration reads the service discovery configuration. Either from file in development mode with environment // variable stage=development or from the cluster state func ReadConfiguration(ctx context.Context, client client.Client, namespace string) (*Configuration, error) { - if os.Getenv(EnvVarStage) == StageDevelopment { + if os.Getenv(EnvVarStage) == StageLocal { return readWarpConfigFromFile(DevConfigPath) } return readWarpConfigFromCluster(ctx, client, namespace) diff --git a/controllers/config/config_test.go b/controllers/config/config_test.go index b710697..97037ce 100644 --- a/controllers/config/config_test.go +++ b/controllers/config/config_test.go @@ -36,7 +36,7 @@ func TestReadConfiguration(t *testing.T) { t.Run("read from file", func(t *testing.T) { // given client := fake.NewClientBuilder().Build() - err := os.Setenv("STAGE", "development") + err := os.Setenv("STAGE", "local") require.NoError(t, err) defer func() { err := os.Unsetenv("STAGE") diff --git a/k8s/helm/.helmignore b/k8s/helm/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/k8s/helm/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/k8s/helm/component-patch-tpl.yaml b/k8s/helm/component-patch-tpl.yaml new file mode 100644 index 0000000..e464b4f --- /dev/null +++ b/k8s/helm/component-patch-tpl.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +values: + images: + serviceDiscovery: cloudogu/k8s-service-discovery:0.15.0 + kubeRbacProxy: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.1 +patches: + values.yaml: + additionalImages: + kubeRbacProxy: + image: + repository: "{{ registryFrom .images.kubeRbacProxy }}/{{ repositoryFrom .images.kubeRbacProxy }}" + tag: "{{ tagFrom .images.kubeRbacProxy }}" + manager: + image: + repository: "{{ registryFrom .images.serviceDiscovery }}/{{ repositoryFrom .images.serviceDiscovery }}" + tag: "{{ tagFrom .images.serviceDiscovery }}" diff --git a/k8s/helm/templates/_helpers.tpl b/k8s/helm/templates/_helpers.tpl new file mode 100644 index 0000000..ec02c51 --- /dev/null +++ b/k8s/helm/templates/_helpers.tpl @@ -0,0 +1,24 @@ +{{/* Chart basics +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec) starting from +Kubernetes 1.4+. +*/}} +{{- define "k8s-service-discovery.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + + +{{/* All-in-one labels */}} +{{- define "k8s-service-discovery.labels" -}} +app: ces +helm.sh/chart: {{- printf " %s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{ include "k8s-service-discovery.selectorLabels" . }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* Selector labels */}} +{{- define "k8s-service-discovery.selectorLabels" -}} +app.kubernetes.io/name: {{ include "k8s-service-discovery.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/k8s/helm/templates/ces-menu-json.yaml b/k8s/helm/templates/ces-menu-json.yaml new file mode 100644 index 0000000..9b235e1 --- /dev/null +++ b/k8s/helm/templates/ces-menu-json.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: k8s-ces-menu-json + labels: + {{- include "k8s-service-discovery.labels" . | nindent 4 }} +data: + menu.json: |- + [ + + ] \ No newline at end of file diff --git a/k8s/helm/templates/ces-warp-config.yaml b/k8s/helm/templates/ces-warp-config.yaml new file mode 100644 index 0000000..ea21a6e --- /dev/null +++ b/k8s/helm/templates/ces-warp-config.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: k8s-ces-warp-config + labels: + {{- include "k8s-service-discovery.labels" . | nindent 4 }} +data: + warp: {{ .Values.cesWarpConfig.warp | quote }} \ No newline at end of file diff --git a/k8s/helm/templates/deployment.yaml b/k8s/helm/templates/deployment.yaml new file mode 100644 index 0000000..cdfcd75 --- /dev/null +++ b/k8s/helm/templates/deployment.yaml @@ -0,0 +1,75 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "k8s-service-discovery.name" . }}-controller-manager + labels: + control-plane: controller-manager + {{- include "k8s-service-discovery.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.manager.replicas }} + selector: + matchLabels: + control-plane: controller-manager + {{- include "k8s-service-discovery.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + control-plane: controller-manager + {{- include "k8s-service-discovery.selectorLabels" . | nindent 8 }} + annotations: + kubectl.kubernetes.io/default-container: manager + spec: + containers: + - args: + - --secure-listen-address=0.0.0.0:8443 + - --upstream=http://127.0.0.1:8080/ + - --v=0 + image: {{ .Values.kubeRbacProxy.image.repository }}:{{ .Values.kubeRbacProxy.image.tag }} + name: kube-rbac-proxy + ports: + - containerPort: 8443 + name: https + protocol: TCP + resources: {{- toYaml .Values.kubeRbacProxy.resources | nindent 10 }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + - args: + - --health-probe-bind-address=:8081 + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect + command: + - /manager + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LOG_LEVEL + value: {{ .Values.manager.env.logLevel | default "info" }} + - name: STAGE + value: {{ .Values.manager.env.stage | default "production" }} + image: {{ .Values.manager.image.repository }}:{{ .Values.manager.image.tag }} + imagePullPolicy: {{ .Values.manager.imagePullPolicy | default "IfNotPresent" }} + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: {{- toYaml .Values.manager.resources | nindent 10 }} + securityContext: + allowPrivilegeEscalation: false + securityContext: + runAsNonRoot: true + serviceAccountName: {{ include "k8s-service-discovery.name" . }}-controller-manager + terminationGracePeriodSeconds: 10 \ No newline at end of file diff --git a/k8s/helm/templates/leader-election-rbac.yaml b/k8s/helm/templates/leader-election-rbac.yaml new file mode 100644 index 0000000..3498bd1 --- /dev/null +++ b/k8s/helm/templates/leader-election-rbac.yaml @@ -0,0 +1,53 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "k8s-service-discovery.name" . }}-leader-election-role + labels: + {{- include "k8s-service-discovery.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "k8s-service-discovery.name" . }}-leader-election-rolebinding + labels: + {{- include "k8s-service-discovery.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: '{{ include "k8s-service-discovery.name" . }}-leader-election-role' +subjects: +- kind: ServiceAccount + name: '{{ include "k8s-service-discovery.name" . }}-controller-manager' + namespace: '{{ .Release.Namespace }}' \ No newline at end of file diff --git a/k8s/helm/templates/manager-config.yaml b/k8s/helm/templates/manager-config.yaml new file mode 100644 index 0000000..0b1291d --- /dev/null +++ b/k8s/helm/templates/manager-config.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "k8s-service-discovery.name" . }}-manager-config + labels: + {{- include "k8s-service-discovery.labels" . | nindent 4 }} +data: + controller_manager_config.yaml: | + apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 + health: + healthProbeBindAddress: ":8081" + kind: ControllerManagerConfig + leaderElection: + leaderElect: true + resourceName: 92a787f2.cloudogu.com + metrics: + bindAddress: 127.0.0.1:8080 + webhook: + port: 9443 \ No newline at end of file diff --git a/k8s/helm/templates/metrics-service.yaml b/k8s/helm/templates/metrics-service.yaml new file mode 100644 index 0000000..9b214ba --- /dev/null +++ b/k8s/helm/templates/metrics-service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "k8s-service-discovery.name" . }}-controller-manager-metrics-service + labels: + control-plane: controller-manager + {{- include "k8s-service-discovery.labels" . | nindent 4 }} +spec: + type: ClusterIP + selector: + control-plane: controller-manager + {{- include "k8s-service-discovery.selectorLabels" . | nindent 4 }} + ports: + - name: https + port: 8443 + protocol: TCP + targetPort: https \ No newline at end of file diff --git a/k8s/helm/templates/proxy-rbac.yaml b/k8s/helm/templates/proxy-rbac.yaml new file mode 100644 index 0000000..9703eff --- /dev/null +++ b/k8s/helm/templates/proxy-rbac.yaml @@ -0,0 +1,34 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "k8s-service-discovery.name" . }}-proxy-role + labels: + {{- include "k8s-service-discovery.labels" . | nindent 4 }} +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "k8s-service-discovery.name" . }}-proxy-rolebinding + labels: + {{- include "k8s-service-discovery.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: '{{ include "k8s-service-discovery.name" . }}-proxy-role' +subjects: +- kind: ServiceAccount + name: '{{ include "k8s-service-discovery.name" . }}-controller-manager' + namespace: '{{ .Release.Namespace }}' \ No newline at end of file diff --git a/k8s/helm/templates/rbac.yaml b/k8s/helm/templates/rbac.yaml new file mode 100644 index 0000000..136f6f1 --- /dev/null +++ b/k8s/helm/templates/rbac.yaml @@ -0,0 +1,108 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "k8s-service-discovery.name" . }}-manager-clusterrolebinding + labels: + {{- include "k8s-service-discovery.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: '{{ include "k8s-service-discovery.name" . }}-manager-role' +subjects: +- kind: ServiceAccount + name: '{{ include "k8s-service-discovery.name" . }}-controller-manager' + namespace: '{{ .Release.Namespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "k8s-service-discovery.name" . }}-manager-role + labels: + {{- include "k8s-service-discovery.labels" . | nindent 4 }} +rules: + - apiGroups: + - '*' + resources: + - ingresses + verbs: + - create + - get + - list + - watch + - delete + - update + - apiGroups: + - '*' + resources: + - pods + verbs: + - list + - watch + - get + - delete + - apiGroups: + - '*' + resources: + - deployments + verbs: + - list + - watch + - get + - apiGroups: + - '*' + resources: + - services + verbs: + - list + - watch + - get + - update + - apiGroups: + - '*' + resources: + - secrets + verbs: + - list + - watch + - get + - create + - update + - apiGroups: + - k8s.cloudogu.com + resources: + - dogus + verbs: + - watch + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "k8s-service-discovery.name" . }}-manager-role + labels: + {{- include "k8s-service-discovery.labels" . | nindent 4 }} +rules: + - apiGroups: + - '*' + resources: + - ingressclasses + verbs: + - get + - create + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "k8s-service-discovery.name" . }}-manager-rolebinding + labels: + {{- include "k8s-service-discovery.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: '{{ include "k8s-service-discovery.name" . }}-manager-role' +subjects: + - kind: ServiceAccount + name: '{{ include "k8s-service-discovery.name" . }}-controller-manager' + namespace: '{{ .Release.Namespace }}' \ No newline at end of file diff --git a/k8s/helm/templates/serviceaccount.yaml b/k8s/helm/templates/serviceaccount.yaml new file mode 100644 index 0000000..e9cee34 --- /dev/null +++ b/k8s/helm/templates/serviceaccount.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "k8s-service-discovery.name" . }}-controller-manager + labels: + {{- include "k8s-service-discovery.labels" . | nindent 4 }} diff --git a/k8s/helm/values.yaml b/k8s/helm/values.yaml new file mode 100644 index 0000000..6c2b645 --- /dev/null +++ b/k8s/helm/values.yaml @@ -0,0 +1,50 @@ +cesWarpConfig: + warp: | + sources: + - path: /dogu + type: dogus + tag: warp + - path: /config/nginx/externals + type: externals + - path: /config/_global/disabled_warpmenu_support_entries + type: disabled_support_entries + target: /var/www/html/warp/menu.json + order: + Development Apps: 100 + support: + - identifier: docsCloudoguComUrl + external: true + href: https://docs.cloudogu.com/ + - identifier: aboutCloudoguToken + external: false + href: /info/about + - identifier: myCloudogu + external: true + href: https://my.cloudogu.com/ +kubeRbacProxy: + image: + repository: gcr.io/kubebuilder/kube-rbac-proxy + tag: v0.14.1 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi +manager: + image: + repository: cloudogu/k8s-service-discovery + tag: 0.15.0 + env: + logLevel: info + stage: production + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + replicas: 1 + imagePullPolicy: IfNotPresent diff --git a/release_args.sh b/release_args.sh index 206e777..f0c96d3 100644 --- a/release_args.sh +++ b/release_args.sh @@ -6,15 +6,16 @@ set -o pipefail # this function will be sourced from release.sh and be called from release_functions.sh update_versions_modify_files() { newReleaseVersion="${1}" - kustomizationYAML=config/manager/kustomization.yaml + valuesYAML=k8s/helm/values.yaml + componentPatchTplYAML=k8s/helm/component-patch-tpl.yaml - yq "with(.images[] | select(.name == \"controller\") ; .newTag = \"${newReleaseVersion}\")" "${kustomizationYAML}" \ - > tmpfile \ - && mv tmpfile "${kustomizationYAML}" + yq -i ".manager.image.tag = \"${newReleaseVersion}\"" "${valuesYAML}" + yq -i ".values.images.serviceDiscovery |= sub(\":(([0-9]+)\.([0-9]+)\.([0-9]+)((?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))|(?:\+[0-9A-Za-z-]+))?)\", \":${newReleaseVersion}\")" "${componentPatchTplYAML}" } update_versions_stage_modified_files() { - kustomizationYAML=config/manager/kustomization.yaml + valuesYAML=k8s/helm/values.yaml + componentPatchTplYAML=k8s/helm/component-patch-tpl.yaml - git add "${kustomizationYAML}" + git add "${valuesYAML}" "${componentPatchTplYAML}" }