From a426011560e4a3f1e04cd38c4c07d1e18c68690e Mon Sep 17 00:00:00 2001 From: Clint Yoshimura Date: Mon, 14 Aug 2023 08:02:38 -1000 Subject: [PATCH] Move all global helm values to top-level - Global is a historic leftover from when we had subcharts so the values in global should be at the top-level instead [#2650] Co-authored-by: Matt Royal --- INSTALL.EKS.md | 12 +- INSTALL.kind.md | 4 +- INSTALL.md | 18 +-- README.helm.md | 25 ++-- api/Makefile | 2 +- helm/korifi/api/configmap.yaml | 26 ++-- helm/korifi/api/deployment.yaml | 8 +- helm/korifi/api/ingress-cert.yaml | 2 +- helm/korifi/api/rbac.yaml | 6 +- helm/korifi/api/role.yaml | 2 +- helm/korifi/api/service.yaml | 2 +- helm/korifi/controllers/configmap.yaml | 20 +-- helm/korifi/controllers/deployment.yaml | 2 +- helm/korifi/controllers/ingress-cert.yaml | 6 +- .../controllers/post-install-app-domain.yaml | 4 +- helm/korifi/controllers/rbac.yaml | 4 +- helm/korifi/controllers/service.yaml | 2 +- helm/korifi/job-task-runner/runner-rbac.yaml | 2 +- .../kpack-image-builder/cluster-builder.yaml | 2 +- .../post-install-builderinfo.yaml | 2 +- .../pre-delete-builderinfo.yaml | 2 +- .../kpack-image-builder/service-account.yaml | 18 +-- .../post-install-runnerinfo.yaml | 2 +- .../statefulset-runner/runner-rbac.yaml | 2 +- helm/korifi/templates/_helpers.yaml | 6 +- helm/korifi/templates/admin-user.yaml | 2 +- helm/korifi/values.schema.json | 131 ++++++++---------- helm/korifi/values.yaml | 29 ++-- scripts/assets/values-template.yaml | 8 +- scripts/deploy-on-kind.sh | 4 +- 30 files changed, 171 insertions(+), 184 deletions(-) diff --git a/INSTALL.EKS.md b/INSTALL.EKS.md index 5d5b5a67f..a714f6e33 100644 --- a/INSTALL.EKS.md +++ b/INSTALL.EKS.md @@ -256,14 +256,14 @@ Use the following Helm command to install Korifi: ```sh helm install korifi https://github.com/cloudfoundry/korifi/releases/download/v/korifi-.tgz \ --namespace="$KORIFI_NAMESPACE" \ - --set=global.generateIngressCertificates=true \ - --set=global.rootNamespace="${ROOT_NAMESPACE}" \ + --set=generateIngressCertificates=true \ + --set=rootNamespace="${ROOT_NAMESPACE}" \ --set=adminUserName="${ADMIN_USERNAME}" \ --set=api.apiServer.url="api.${BASE_DOMAIN}" \ - --set=global.defaultAppDomainName="apps.${BASE_DOMAIN}" \ - --set=global.containerRepositoryPrefix="${ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${CLUSTER_NAME}/" \ - --set=global.containerRegistrySecrets={} \ - --set=global.eksContainerRegistryRoleARN="${ECR_ROLE_ARN}" \ + --set=defaultAppDomainName="apps.${BASE_DOMAIN}" \ + --set=containerRepositoryPrefix="${ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${CLUSTER_NAME}/" \ + --set=containerRegistrySecrets={} \ + --set=eksContainerRegistryRoleARN="${ECR_ROLE_ARN}" \ --set=kpackImageBuilder.builderRepository="${KPACK_BUILDER_REPO}" \ --wait ``` diff --git a/INSTALL.kind.md b/INSTALL.kind.md index 5943dad5b..ee9f642bf 100644 --- a/INSTALL.kind.md +++ b/INSTALL.kind.md @@ -64,9 +64,9 @@ No changes here, follow the [common instructions](./INSTALL.md#install-korifi). If using DockerHub as recommended above, set the following values: - `kpackImageBuilder.builderRepository`: `index.docker.io//kpack-builder`; -- `global.containerRepositoryPrefix`: `index.docker.io//`; +- `containerRepositoryPrefix`: `index.docker.io//`; -Remember to set `global.generateIngressCertificates` to `true` if you want to use self-signed TLS certificates. +Remember to set `generateIngressCertificates` to `true` if you want to use self-signed TLS certificates. If `$KORIFI_NAMESPACE` doesn't exist yet, you can add the `--create-namespace` flag to the `helm` invocation. diff --git a/INSTALL.md b/INSTALL.md index ca4de1c05..b6a5fbeb7 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -123,9 +123,9 @@ Make sure the value of `--docker-server` is a valid [URI authority](https://data ### TLS certificates -Self-signed TLS certificates are generated automatically by the installation if `global.generateIngressCertificates` has been set to `true`. +Self-signed TLS certificates are generated automatically by the installation if `generateIngressCertificates` has been set to `true`. -If you want to generate certificates yourself, you should not set the `global.generateIngressCertificates` value, and instead provide your certificates to Korifi by creating two TLS secrets in `$KORIFI_NAMESPACE`: +If you want to generate certificates yourself, you should not set the `generateIngressCertificates` value, and instead provide your certificates to Korifi by creating two TLS secrets in `$KORIFI_NAMESPACE`: 1. `korifi-api-ingress-cert`; 1. `korifi-workloads-ingress-cert`. @@ -139,7 +139,7 @@ kubectl --namespace "$KORIFI_NAMESPACE" create secret generic ``` -You can then specify the `` using the `global.containerRegistryCACertSecret`. +You can then specify the `` using the `containerRegistryCACertSecret`. > **Warning** > Kpack does not support self-signed/internal CA configuration out of the box (see [pivotal/kpack#207](https://github.com/pivotal/kpack/issues/207)). @@ -156,17 +156,17 @@ For example: ```sh helm install korifi https://github.com/cloudfoundry/korifi/releases/download/v/korifi-.tgz \ --namespace="$KORIFI_NAMESPACE" \ - --set=global.generateIngressCertificates=true \ - --set=global.rootNamespace="$ROOT_NAMESPACE" \ + --set=generateIngressCertificates=true \ + --set=rootNamespace="$ROOT_NAMESPACE" \ --set=adminUserName="$ADMIN_USERNAME" \ --set=api.apiServer.url="api.$BASE_DOMAIN" \ - --set=global.defaultAppDomainName="apps.$BASE_DOMAIN" \ - --set=global.containerRepositoryPrefix=europe-docker.pkg.dev/my-project/korifi/ \ + --set=defaultAppDomainName="apps.$BASE_DOMAIN" \ + --set=containerRepositoryPrefix=europe-docker.pkg.dev/my-project/korifi/ \ --set=kpackImageBuilder.builderRepository=europe-docker.pkg.dev/my-project/korifi/kpack-builder \ --wait ``` -`global.containerRepositoryPrefix` is used to determine the container repository for the package and droplet images produced by Korifi. +`containerRepositoryPrefix` is used to determine the container repository for the package and droplet images produced by Korifi. In particular, the app GUID and image type (`packages` or `droplets`) are appended to form the name of the repository. For example: @@ -200,7 +200,7 @@ Make sure your ingress targets a service with name `korifi-api-svc` and port `44 Create DNS entries for the Korifi API and for the apps running on Korifi. They should match the Helm values used to [deploy Korifi](#deploy-korifi): - The Korifi API entry should match the `api.apiServer.url` value. In our example, that would be `api.korifi.example.org`. -- The apps entry should be a wildcard matching the `global.defaultAppDomainName` value. In our example, `*.apps.korifi.example.org`. +- The apps entry should be a wildcard matching the `defaultAppDomainName` value. In our example, `*.apps.korifi.example.org`. The DNS entries should point to the load balancer endpoint created by Contour when installed. To discover your endpoint, run: diff --git a/README.helm.md b/README.helm.md index ee3feebc1..f332ddd85 100644 --- a/README.helm.md +++ b/README.helm.md @@ -9,19 +9,6 @@ See [_Customizing the Chart Before Installing_](https://helm.sh/docs/intro/using Here are all the values that can be set for the chart: -- `global`: Global values that are shared between Korifi and its subcharts. - - `containerRegistrySecret` (_String_): Deprecated in favor of containerRegistrySecrets. - - `containerRegistrySecrets` (_Array_): List of `Secret` names to use when pushing or pulling from package, droplet and kpack builder repositories. Required if eksContainerRegistryRoleARN not set. Ignored if eksContainerRegistryRoleARN is set. - - `containerRepositoryPrefix` (_String_): The prefix of the container repository where package and droplet images will be pushed. This is suffixed with the app GUID and `-packages` or `-droplets`. For example, a value of `index.docker.io/korifi/` will result in `index.docker.io/korifi/-packages` and `index.docker.io/korifi/-droplets` being pushed. - - `debug` (_Boolean_): Enables remote debugging with [Delve](https://github.com/go-delve/delve). - - `defaultAppDomainName` (_String_): Base domain name for application URLs. - - `eksContainerRegistryRoleARN` (_String_): Amazon Resource Name (ARN) of the IAM role to use to access the ECR registry from an EKS deployed Korifi. Required if containerRegistrySecret not set. - - `generateIngressCertificates` (_Boolean_): Use `cert-manager` to generate self-signed certificates for the API and app endpoints. - - `logLevel` (_String_): Sets level of logging for api and controllers components. Can be 'info' or 'debug'. - - `reconcilers`: - - `app` (_String_): ID of the workload runner to set on all `AppWorkload` objects. Defaults to `statefulset-runner`. - - `build` (_String_): ID of the image builder to set on all `BuildWorkload` objects. Defaults to `kpack-image-builder`. - - `rootNamespace` (_String_): Root of the Cloud Foundry namespace hierarchy. - `adminUserName` (_String_): Name of the admin user that will be bound to the Cloud Foundry Admin role. - `api`: - `apiServer`: @@ -51,6 +38,9 @@ Here are all the values that can be set for the chart: - `cpu` (_String_): CPU request. - `memory` (_String_): Memory request. - `userCertificateExpirationWarningDuration` (_String_): Issue a warning if the user certificate provided for login has a long expiry. See [`time.ParseDuration`](https://pkg.go.dev/time#ParseDuration) for details on the format. +- `containerRegistrySecret` (_String_): Deprecated in favor of containerRegistrySecrets. +- `containerRegistrySecrets` (_Array_): List of `Secret` names to use when pushing or pulling from package, droplet and kpack builder repositories. Required if eksContainerRegistryRoleARN not set. Ignored if eksContainerRegistryRoleARN is set. +- `containerRepositoryPrefix` (_String_): The prefix of the container repository where package and droplet images will be pushed. This is suffixed with the app GUID and `-packages` or `-droplets`. For example, a value of `index.docker.io/korifi/` will result in `index.docker.io/korifi/-packages` and `index.docker.io/korifi/-droplets` being pushed. - `contourRouter`: - `include` (_Boolean_): Deploy the `contour-router` component. - `controllers`: @@ -72,6 +62,10 @@ Here are all the values that can be set for the chart: - `memory` (_String_): Memory request. - `taskTTL` (_String_): How long before the `CFTask` object is deleted after the task has completed. See [`time.ParseDuration`](https://pkg.go.dev/time#ParseDuration) for details on the format, an additional `d` suffix for days is supported. - `workloadsTLSSecret` (_String_): TLS secret used when setting up an app routes. +- `debug` (_Boolean_): Enables remote debugging with [Delve](https://github.com/go-delve/delve). +- `defaultAppDomainName` (_String_): Base domain name for application URLs. +- `eksContainerRegistryRoleARN` (_String_): Amazon Resource Name (ARN) of the IAM role to use to access the ECR registry from an EKS deployed Korifi. Required if containerRegistrySecret not set. +- `generateIngressCertificates` (_Boolean_): Use `cert-manager` to generate self-signed certificates for the API and app endpoints. - `helm`: - `hooksImage` (_String_): Image for the helm hooks containing kubectl - `jobTaskRunner`: @@ -101,6 +95,11 @@ Here are all the values that can be set for the chart: - `requests`: Resource requests. - `cpu` (_String_): CPU request. - `memory` (_String_): Memory request. +- `logLevel` (_String_): Sets level of logging for api and controllers components. Can be 'info' or 'debug'. +- `reconcilers`: + - `app` (_String_): ID of the workload runner to set on all `AppWorkload` objects. Defaults to `statefulset-runner`. + - `build` (_String_): ID of the image builder to set on all `BuildWorkload` objects. Defaults to `kpack-image-builder`. +- `rootNamespace` (_String_): Root of the Cloud Foundry namespace hierarchy. - `stagingRequirements`: - `buildCacheMB` (_Integer_): Persistent disk in MB for caching staging artifacts across builds. - `diskMB` (_Integer_): Ephemeral Disk request in MB for staging apps. diff --git a/api/Makefile b/api/Makefile index 3c087018e..22162b88b 100644 --- a/api/Makefile +++ b/api/Makefile @@ -42,7 +42,7 @@ manifests: install-controller-gen install-yq output:rbac:artifacts:config=../helm/korifi/api \ rbac:roleName=korifi-api-system-role - $(YQ) -i 'with(.metadata | select(.namespace == "ROOT_NAMESPACE"); .namespace="{{ .Values.global.rootNamespace }}")' ../helm/korifi/api/role.yaml + $(YQ) -i 'with(.metadata | select(.namespace == "ROOT_NAMESPACE"); .namespace="{{ .Values.rootNamespace }}")' ../helm/korifi/api/role.yaml test: install-ginkgo ../scripts/run-tests.sh --skip-package=test diff --git a/helm/korifi/api/configmap.yaml b/helm/korifi/api/configmap.yaml index 6c2abf56b..10d005829 100644 --- a/helm/korifi/api/configmap.yaml +++ b/helm/korifi/api/configmap.yaml @@ -12,35 +12,35 @@ data: readTimeout: {{ .Values.api.apiServer.timeouts.read }} readHeaderTimeout: {{ .Values.api.apiServer.timeouts.readHeader }} writeTimeout: {{ .Values.api.apiServer.timeouts.write }} - rootNamespace: {{ .Values.global.rootNamespace }} - builderName: {{ .Values.global.reconcilers.build }} - runnerName: {{ .Values.global.reconcilers.run }} + rootNamespace: {{ .Values.rootNamespace }} + builderName: {{ .Values.reconcilers.build }} + runnerName: {{ .Values.reconcilers.run }} defaultLifecycleConfig: type: {{ .Values.api.lifecycle.type }} stack: {{ .Values.api.lifecycle.stack }} stagingMemoryMB: {{ .Values.stagingRequirements.memoryMB }} - containerRepositoryPrefix: {{ .Values.global.containerRepositoryPrefix | quote }} - {{- if not .Values.global.eksContainerRegistryRoleARN }} - {{- if .Values.global.containerRegistrySecrets }} + containerRepositoryPrefix: {{ .Values.containerRepositoryPrefix | quote }} + {{- if not .Values.eksContainerRegistryRoleARN }} + {{- if .Values.containerRegistrySecrets }} packageRegistrySecretNames: - {{- range .Values.global.containerRegistrySecrets }} + {{- range .Values.containerRegistrySecrets }} - {{ . | quote }} {{- end }} - {{- else if .Values.global.containerRegistrySecret }} + {{- else if .Values.containerRegistrySecret }} packageRegistrySecretNames: - - {{ .Values.global.containerRegistrySecret | quote }} + - {{ .Values.containerRegistrySecret | quote }} {{- else }} - {{ required "global.containerRegistrySecrets is required when global.eksContainerRegistryRoleARN is not set" .Values.global.containerRegistrySecrets }} + {{ required "containerRegistrySecrets is required when eksContainerRegistryRoleARN is not set" .Values.containerRegistrySecrets }} {{- end }} {{- end }} - defaultDomainName: {{ .Values.global.defaultAppDomainName }} + defaultDomainName: {{ .Values.defaultAppDomainName }} userCertificateExpirationWarningDuration: {{ .Values.api.userCertificateExpirationWarningDuration }} {{- if .Values.api.authProxy }} authProxyHost: {{ .Values.api.authProxy.host | quote }} authProxyCACert: {{ .Values.api.authProxy.caCert | quote }} {{- end }} - logLevel: {{ .Values.global.logLevel }} - {{- if .Values.global.eksContainerRegistryRoleARN }} + logLevel: {{ .Values.logLevel }} + {{- if .Values.eksContainerRegistryRoleARN }} containerRegistryType: "ECR" {{- end }} role_mappings_config.yaml: | diff --git a/helm/korifi/api/deployment.yaml b/helm/korifi/api/deployment.yaml index fcf5fb33e..501a69a8f 100644 --- a/helm/korifi/api/deployment.yaml +++ b/helm/korifi/api/deployment.yaml @@ -24,7 +24,7 @@ spec: - name: TLSCONFIG value: /etc/korifi-tls-config image: {{ .Values.api.image }} -{{- if .Values.global.debug }} +{{- if .Values.debug }} command: - "/dlv" args: @@ -49,7 +49,7 @@ spec: - mountPath: /etc/korifi-tls-config name: korifi-tls-config readOnly: true -{{- if .Values.global.containerRegistryCACertSecret }} +{{- if .Values.containerRegistryCACertSecret }} - mountPath: /etc/ssl/certs/registry-ca.crt name: korifi-registry-ca-cert subPath: ca.crt @@ -64,8 +64,8 @@ spec: - name: korifi-tls-config secret: secretName: korifi-api-internal-cert -{{- if .Values.global.containerRegistryCACertSecret }} +{{- if .Values.containerRegistryCACertSecret }} - name: korifi-registry-ca-cert secret: - secretName: {{ .Values.global.containerRegistryCACertSecret }} + secretName: {{ .Values.containerRegistryCACertSecret }} {{- end }} diff --git a/helm/korifi/api/ingress-cert.yaml b/helm/korifi/api/ingress-cert.yaml index 549cd30c8..ca6e1188b 100644 --- a/helm/korifi/api/ingress-cert.yaml +++ b/helm/korifi/api/ingress-cert.yaml @@ -1,4 +1,4 @@ -{{- if .Values.global.generateIngressCertificates }} +{{- if .Values.generateIngressCertificates }} apiVersion: cert-manager.io/v1 kind: Certificate metadata: diff --git a/helm/korifi/api/rbac.yaml b/helm/korifi/api/rbac.yaml index 9e8ee6916..9fed56afe 100644 --- a/helm/korifi/api/rbac.yaml +++ b/helm/korifi/api/rbac.yaml @@ -3,9 +3,9 @@ kind: ServiceAccount metadata: name: korifi-api-system-serviceaccount namespace: {{ .Release.Namespace }} - {{- if .Values.global.eksContainerRegistryRoleARN }} + {{- if .Values.eksContainerRegistryRoleARN }} annotations: - eks.amazonaws.com/role-arn: {{ .Values.global.eksContainerRegistryRoleARN }} + eks.amazonaws.com/role-arn: {{ .Values.eksContainerRegistryRoleARN }} {{- end }} --- @@ -27,7 +27,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: korifi-api-system-rolebinding - namespace: {{ .Values.global.rootNamespace }} + namespace: {{ .Values.rootNamespace }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role diff --git a/helm/korifi/api/role.yaml b/helm/korifi/api/role.yaml index 9ac09a70d..f54ca6897 100644 --- a/helm/korifi/api/role.yaml +++ b/helm/korifi/api/role.yaml @@ -52,7 +52,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: korifi-api-system-role - namespace: '{{ .Values.global.rootNamespace }}' + namespace: '{{ .Values.rootNamespace }}' rules: - apiGroups: - "" diff --git a/helm/korifi/api/service.yaml b/helm/korifi/api/service.yaml index ce4dad55e..3402e6c01 100644 --- a/helm/korifi/api/service.yaml +++ b/helm/korifi/api/service.yaml @@ -18,7 +18,7 @@ spec: type: ClusterIP --- -{{- if .Values.global.debug }} +{{- if .Values.debug }} apiVersion: v1 kind: Service metadata: diff --git a/helm/korifi/controllers/configmap.yaml b/helm/korifi/controllers/configmap.yaml index 97c7312ba..9c2029859 100644 --- a/helm/korifi/controllers/configmap.yaml +++ b/helm/korifi/controllers/configmap.yaml @@ -9,21 +9,21 @@ data: includeJobTaskRunner: {{ .Values.jobTaskRunner.include }} includeStatefulsetRunner: {{ .Values.statefulsetRunner.include }} includeContourRouter: {{ .Values.contourRouter.include }} - builderName: {{ .Values.global.reconcilers.build }} - runnerName: {{ .Values.global.reconcilers.run }} + builderName: {{ .Values.reconcilers.build }} + runnerName: {{ .Values.reconcilers.run }} cfProcessDefaults: memoryMB: {{ .Values.controllers.processDefaults.memoryMB }} diskQuotaMB: {{ .Values.controllers.processDefaults.diskQuotaMB }} - cfRootNamespace: {{ .Values.global.rootNamespace }} - {{- if not .Values.global.eksContainerRegistryRoleARN }} - {{- if .Values.global.containerRegistrySecrets }} + cfRootNamespace: {{ .Values.rootNamespace }} + {{- if not .Values.eksContainerRegistryRoleARN }} + {{- if .Values.containerRegistrySecrets }} containerRegistrySecretNames: - {{- range .Values.global.containerRegistrySecrets }} + {{- range .Values.containerRegistrySecrets }} - {{ . | quote }} {{- end }} {{- else }} containerRegistrySecretNames: - - {{ .Values.global.containerRegistrySecret | quote }} + - {{ .Values.containerRegistrySecret | quote }} {{- end }} {{- end }} taskTTL: {{ .Values.controllers.taskTTL }} @@ -40,17 +40,17 @@ data: {{- end }} maxRetainedPackagesPerApp: {{ .Values.controllers.maxRetainedPackagesPerApp }} maxRetainedBuildsPerApp: {{ .Values.controllers.maxRetainedBuildsPerApp }} - logLevel: {{ .Values.global.logLevel }} + logLevel: {{ .Values.logLevel }} {{- if .Values.kpackImageBuilder.include }} clusterBuilderName: {{ .Values.kpackImageBuilder.clusterBuilderName | default "cf-kpack-cluster-builder" }} builderReadinessTimeout: {{ required "builderReadinessTimeout is required" .Values.kpackImageBuilder.builderReadinessTimeout }} - containerRepositoryPrefix: {{ .Values.global.containerRepositoryPrefix | quote }} + containerRepositoryPrefix: {{ .Values.containerRepositoryPrefix | quote }} builderServiceAccount: kpack-service-account cfStagingResources: buildCacheMB: {{ .Values.stagingRequirements.buildCacheMB }} diskMB: {{ .Values.stagingRequirements.diskMB }} memoryMB: {{ .Values.stagingRequirements.memoryMB }} - {{- if .Values.global.eksContainerRegistryRoleARN }} + {{- if .Values.eksContainerRegistryRoleARN }} containerRegistryType: "ECR" {{- end }} {{- end }} diff --git a/helm/korifi/controllers/deployment.yaml b/helm/korifi/controllers/deployment.yaml index 71c122acb..05c7dfb16 100644 --- a/helm/korifi/controllers/deployment.yaml +++ b/helm/korifi/controllers/deployment.yaml @@ -27,7 +27,7 @@ spec: - name: CONTROLLERSCONFIG value: /etc/korifi-controllers-config image: {{ .Values.controllers.image }} -{{- if .Values.global.debug }} +{{- if .Values.debug }} command: - "/dlv" args: diff --git a/helm/korifi/controllers/ingress-cert.yaml b/helm/korifi/controllers/ingress-cert.yaml index 0595430f5..9d4ed4373 100644 --- a/helm/korifi/controllers/ingress-cert.yaml +++ b/helm/korifi/controllers/ingress-cert.yaml @@ -1,13 +1,13 @@ -{{- if .Values.global.generateIngressCertificates }} +{{- if .Values.generateIngressCertificates }} apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: korifi-workloads-ingress-cert namespace: {{ .Release.Namespace }} spec: - commonName: \*.{{ .Values.global.defaultAppDomainName }} + commonName: \*.{{ .Values.defaultAppDomainName }} dnsNames: - - \*.{{ .Values.global.defaultAppDomainName }} + - \*.{{ .Values.defaultAppDomainName }} issuerRef: kind: Issuer name: selfsigned-issuer diff --git a/helm/korifi/controllers/post-install-app-domain.yaml b/helm/korifi/controllers/post-install-app-domain.yaml index cbbe1bb17..7a169507c 100644 --- a/helm/korifi/controllers/post-install-app-domain.yaml +++ b/helm/korifi/controllers/post-install-app-domain.yaml @@ -42,11 +42,11 @@ spec: - sh - -c - | - cat <-packages` and `index.docker.io/korifi/-droplets` being pushed.", + "type": "string", + "pattern": "^[a-z0-9]+([._-][a-z0-9]+)*(:[0-9]+)?(/[a-z0-9]+([._-][a-z0-9]+)*)*/?$" + }, + "containerRegistrySecret": { + "deprecated": true, + "description": "Deprecated in favor of containerRegistrySecrets.", + "type": "string" + }, + "containerRegistrySecrets": { + "description": "List of `Secret` names to use when pushing or pulling from package, droplet and kpack builder repositories. Required if eksContainerRegistryRoleARN not set. Ignored if eksContainerRegistryRoleARN is set.", + "type": "array", + "items": { + "type": "string" + } + }, + "eksContainerRegistryRoleARN": { + "description": "Amazon Resource Name (ARN) of the IAM role to use to access the ECR registry from an EKS deployed Korifi. Required if containerRegistrySecret not set.", + "type": "string" + }, + "reconcilers": { + "type": "object", + "properties": { + "build": { + "description": "ID of the image builder to set on all `BuildWorkload` objects. Defaults to `kpack-image-builder`.", + "type": "string" + }, + "app": { + "description": "ID of the workload runner to set on all `AppWorkload` objects. Defaults to `statefulset-runner`.", + "type": "string" + } + }, + "required": ["build", "run"] + }, "stagingRequirements": { "type": "object", "properties": { @@ -23,75 +79,6 @@ }, "required": ["memoryMB", "diskMB", "buildCacheMB"] }, - "global": { - "description": "Global values that are shared between Korifi and its subcharts.", - "properties": { - "rootNamespace": { - "description": "Root of the Cloud Foundry namespace hierarchy.", - "type": "string" - }, - "debug": { - "description": "Enables remote debugging with [Delve](https://github.com/go-delve/delve).", - "type": "boolean" - }, - "logLevel": { - "description": "Sets level of logging for api and controllers components. Can be 'info' or 'debug'.", - "type": "string", - "enum": ["info", "debug"] - }, - "defaultAppDomainName": { - "description": "Base domain name for application URLs.", - "type": "string" - }, - "generateIngressCertificates": { - "description": "Use `cert-manager` to generate self-signed certificates for the API and app endpoints.", - "type": "boolean" - }, - "containerRepositoryPrefix": { - "description": "The prefix of the container repository where package and droplet images will be pushed. This is suffixed with the app GUID and `-packages` or `-droplets`. For example, a value of `index.docker.io/korifi/` will result in `index.docker.io/korifi/-packages` and `index.docker.io/korifi/-droplets` being pushed.", - "type": "string", - "pattern": "^[a-z0-9]+([._-][a-z0-9]+)*(:[0-9]+)?(/[a-z0-9]+([._-][a-z0-9]+)*)*/?$" - }, - "containerRegistrySecret": { - "deprecated": true, - "description": "Deprecated in favor of containerRegistrySecrets.", - "type": "string" - }, - "containerRegistrySecrets": { - "description": "List of `Secret` names to use when pushing or pulling from package, droplet and kpack builder repositories. Required if eksContainerRegistryRoleARN not set. Ignored if eksContainerRegistryRoleARN is set.", - "type": "array", - "items": { - "type": "string" - } - }, - "eksContainerRegistryRoleARN": { - "description": "Amazon Resource Name (ARN) of the IAM role to use to access the ECR registry from an EKS deployed Korifi. Required if containerRegistrySecret not set.", - "type": "string" - }, - "reconcilers": { - "type": "object", - "properties": { - "build": { - "description": "ID of the image builder to set on all `BuildWorkload` objects. Defaults to `kpack-image-builder`.", - "type": "string" - }, - "app": { - "description": "ID of the workload runner to set on all `AppWorkload` objects. Defaults to `statefulset-runner`.", - "type": "string" - } - }, - "required": ["build", "run"] - } - }, - "required": [ - "containerRepositoryPrefix", - "defaultAppDomainName", - "logLevel", - "reconcilers", - "rootNamespace" - ], - "type": "object" - }, "api": { "properties": { "include": { @@ -514,8 +501,12 @@ } }, "required": [ - "global", "adminUserName", + "containerRepositoryPrefix", + "defaultAppDomainName", + "logLevel", + "reconcilers", + "rootNamespace", "stagingRequirements", "api", "controllers", diff --git a/helm/korifi/values.yaml b/helm/korifi/values.yaml index d8f4485b5..9e585b029 100644 --- a/helm/korifi/values.yaml +++ b/helm/korifi/values.yaml @@ -1,19 +1,18 @@ -global: - rootNamespace: cf - debug: false - logLevel: info - defaultAppDomainName: - generateIngressCertificates: false - containerRegistrySecrets: - - image-registry-credentials - eksContainerRegistryRoleARN: "" - containerRegistryCACertSecret: - - reconcilers: - build: kpack-image-builder - run: statefulset-runner - adminUserName: +rootNamespace: cf +debug: false +logLevel: info +defaultAppDomainName: +generateIngressCertificates: false +containerRegistrySecrets: +- image-registry-credentials +eksContainerRegistryRoleARN: "" +containerRegistryCACertSecret: + +reconcilers: + build: kpack-image-builder + run: statefulset-runner + stagingRequirements: memoryMB: 0 diskMB: 0 diff --git a/scripts/assets/values-template.yaml b/scripts/assets/values-template.yaml index 885e3b551..95e387079 100644 --- a/scripts/assets/values-template.yaml +++ b/scripts/assets/values-template.yaml @@ -1,12 +1,10 @@ adminUserName: cf-admin +defaultAppDomainName: apps-127-0-0-1.nip.io +generateIngressCertificates: true +logLevel: debug stagingRequirements: buildCacheMB: 1024 -global: - defaultAppDomainName: apps-127-0-0-1.nip.io - generateIngressCertificates: true - logLevel: debug - api: apiServer: url: localhost diff --git a/scripts/deploy-on-kind.sh b/scripts/deploy-on-kind.sh index 0bb28523b..e84847caf 100755 --- a/scripts/deploy-on-kind.sh +++ b/scripts/deploy-on-kind.sh @@ -164,8 +164,8 @@ function deploy_korifi() { helm upgrade --install korifi helm/korifi \ --namespace korifi \ --values=scripts/assets/values.yaml \ - --set=global.debug="$DEBUG" \ - --set=global.containerRepositoryPrefix="$REPOSITORY_PREFIX" \ + --set=debug="$DEBUG" \ + --set=containerRepositoryPrefix="$REPOSITORY_PREFIX" \ --set=kpackImageBuilder.builderRepository="$KPACK_BUILDER_REPOSITORY" \ --wait }