diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 17095131..0bae8fbc 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -27,25 +27,37 @@ jobs: stage: needs: test - if: github.event_name == 'push' && startsWith(github.repository, 'vmware-labs/') runs-on: ubuntu-latest + env: + REGISTRY_NAME: registry.local + REGISTRY_PORT: 80 + KO_DOCKER_REPO: registry.local/service-bindings + BUNDLE: registry.local/service-bindings/bundle steps: - uses: actions/checkout@v2.3.4 - uses: actions/setup-go@v2.1.3 with: go-version: 1.15.x + - uses: vmware-tanzu/carvel-setup-action@v1 - name: Install ko run: | cd $(mktemp -d -t ko.XXXX) curl -sL https://github.com/google/ko/releases/download/v0.8.1/ko_0.8.1_Linux_x86_64.tar.gz | tar -xz sudo mv ./ko /usr/local/bin cd - - - name: Docker login + - name: Setup local registry run: | - echo "$DOCKERHUB_PASSWORD" | docker login --username $DOCKERHUB_USERNAME --password-stdin - env: - DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} - DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }} + set -o errexit + set -o nounset + set -o pipefail + + # Run a registry. + docker run \ + -d --restart=always -p "127.0.0.1:${REGISTRY_PORT}:5000" --name local-registry \ + registry:2 + + # Make the $REGISTRY_NAME -> 127.0.0.1 + echo "127.0.0.1 $REGISTRY_NAME" | sudo tee -a /etc/hosts - name: Stage run: | set -o errexit @@ -57,18 +69,33 @@ jobs: readonly git_timestamp=$(TZ=UTC git show --quiet --date='format-local:%Y%m%d%H%M%S' --format="%cd") readonly slug=${version}-${git_timestamp}-${git_sha:0:16} - ko resolve -t ${slug} -B -f config | sed -e "s|bindings.labs.vmware.com/release: devel|bindings.labs.vmware.com/release: ${slug}|" > service-bindings.yaml - env: - KO_DOCKER_REPO: docker.io/vmware + mkdir -p bundle/.imgpkg + cp LICENSE "bundle/LICENSE" + cp NOTICE "bundle/NOTICE" + cp VERSION "bundle/VERSION" + cp -r samples "bundle/samples" + + echo "##[group]Build Service Bindings" + cp hack/boilerplate/boilerplate.yaml.txt bundle/service-bindings.yaml + ko resolve -t ${slug} -B -f config \ + | ytt -f - -f config/carvel/release-version.overlay.yaml \ + --data-value version=${slug} \ + >> bundle/service-bindings.yaml + kbld -f bundle/service-bindings.yaml --imgpkg-lock-output bundle/.imgpkg/images.yml + echo "##[endgroup]" + + echo "##[group]Create bundle" + imgpkg push -f "bundle" -b "${BUNDLE}" + imgpkg copy -b "${BUNDLE}" --to-tar bundle/service-bindings-bundle.tar + echo "##[endgroup]" - name: Upload Service Bindings build uses: actions/upload-artifact@v2.2.4 with: - name: service-bindings.yaml - path: service-bindings.yaml + name: service-bindings-bundle.tar + path: bundle/service-bindings-bundle.tar acceptance: needs: stage - if: "!( cancelled() || failure() )" runs-on: ubuntu-latest strategy: matrix: @@ -77,37 +104,104 @@ jobs: - 1.19.7 - 1.20.2 fail-fast: false + env: + REGISTRY_NAME: registry.local + REGISTRY_PORT: 5000 + BUNDLE: registry.local:5000/service-bindings/bundle steps: - uses: actions/checkout@v2.3.4 + - uses: vmware-tanzu/carvel-setup-action@v1 - name: Install kind run: | - curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.11.1/kind-linux-amd64 + cd $(mktemp -d -t kind.XXXX) + curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.11.1/kind-$(go env GOHOSTOS)-$(go env GOHOSTARCH) chmod +x ./kind sudo mv ./kind /usr/local/bin - - uses: vmware-tanzu/carvel-setup-action@v1 - - name: Create cluster - run: kind create cluster --wait 5m --image kindest/node:v${{ matrix.k8s }} + cd - + - name: Setup local registry + run: | + set -o errexit + set -o nounset + set -o pipefail + + # Run a registry. + docker run \ + -d --restart=always -p "${REGISTRY_PORT}:5000" --name local-registry \ + registry:2 + + # Make the $REGISTRY_NAME -> local-registry + echo "$(hostname -I | cut -d' ' -f1) $REGISTRY_NAME" | sudo tee -a /etc/hosts + - name: Create Cluster + run: | + set -o errexit + set -o nounset + set -o pipefail + + # create a cluster with the local registry enabled in containerd + cat < service-bindings.yaml - cat service-bindings.yaml | grep -oh 'ko.local[^\w]*' | xargs -L 1 kind load docker-image + imgpkg copy --tar service-bindings-bundle.tar --to-repo "${BUNDLE}" + kapp deploy -a service-bindings-package -y \ + -f <( \ + ytt -f config/carvel/package.yaml -f config/carvel/package.values.yaml \ + --data-value version=$(cat VERSION) \ + --data-value image=${BUNDLE} \ + ) - name: Deploy Service Bindings - run: kapp deploy -a service-bindings -f service-bindings.yaml -y + run: | + set -o errexit + set -o nounset + set -o pipefail + + kapp deploy -a service-bindings -y \ + -f <( \ + ytt -f config/carvel/package-install.yaml -f config/carvel/package-install.values.yaml \ + --data-value package_constraints=$(cat VERSION) \ + --data-value-yaml 'package_prerelease={}' \ + ) - name: Deploy Spring Petclinic run: | set -o errexit @@ -119,6 +213,21 @@ jobs: kapp deploy -a spring-petclinic -f samples/spring-petclinic/application.yaml -y - name: Collect diagnostics run: | + echo "##[group]Describe nodes" + kubectl describe nodes + echo "##[endgroup]" + echo "##[group]Describe pods" + kubectl describe pods + echo "##[endgroup]" + echo "##[group]All resources" + kubectl get all,secrets --all-namespaces + echo "##[endgroup]" + echo "##[group]Packages" + kubectl get package -A -oyaml + echo "##[endgroup]" + echo "##[group]Package Installs" + kubectl get packageinstall -A -oyaml + echo "##[endgroup]" echo "##[group]Service Binding manager logs" kubectl logs -n service-bindings -l app=manager -c manager --tail 1000 echo "##[endgroup]" @@ -134,15 +243,6 @@ jobs: echo "##[group]MySQL logs" kubectl logs -l app=spring-petclinic-db -c mysql --tail 1000 echo "##[endgroup]" - echo "##[group]All resources" - kubectl get all,secrets --all-namespaces - echo "##[endgroup]" - echo "##[group]Describe pods" - kubectl describe pods - echo "##[endgroup]" - echo "##[group]Describe nodes" - kubectl describe nodes - echo "##[endgroup]" if: always() continue-on-error: true - name: Cleanup Spring Petclinic @@ -157,6 +257,12 @@ jobs: - name: Cleanup Service Bindings run: kapp delete -a service-bindings -y if: always() + - name: Cleanup Service Bindings Package + run: kapp delete -a service-bindings-package -y + if: always() + - name: Cleanup kapp-controller + run: kapp delete -a kapp-controller -y + if: always() - name: Cleanup cluster run: kind delete cluster if: always() @@ -167,6 +273,20 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2.3.4 + - uses: vmware-tanzu/carvel-setup-action@v1 + - name: Install crane + run: | + cd $(mktemp -d -t kind.XXXX) + curl -L https://github.com/google/go-containerregistry/releases/download/v0.5.1/go-containerregistry_Linux_x86_64.tar.gz | tar -xz + chmod +x ./crane + sudo mv ./crane /usr/local/bin + cd - + - name: Docker login + run: | + echo "$DOCKERHUB_PASSWORD" | docker login --username $DOCKERHUB_USERNAME --password-stdin + env: + DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} + DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }} - name: Get release version id: get-version run: | @@ -183,8 +303,52 @@ jobs: - name: Download staged Service Bindings build uses: actions/download-artifact@v2.0.10 with: - name: service-bindings.yaml - - name: Upload Service Bindings release + name: service-bindings-bundle.tar + - name: Relocate bundle to public registry + run: | + set -o errexit + set -o nounset + set -o pipefail + + version="${{ steps.get-version.outputs.version }}" + repo="vmware/labs-service-bindings-manager" + repo_tag="${repo}:${version}" + + imgpkg copy --tar service-bindings-bundle.tar --to-repo "${repo}" + crane tag "${repo}" "${version}" + repo_digest="${repo_tag}@$(crane digest "${repo_tag}")" + + mkdir -p bundle + imgpkg pull -b "${repo_digest}" -o bundle + + cp hack/boilerplate/boilerplate.yaml.txt service-bindings.yaml + kbld -f bundle/service-bindings.yaml -f bundle/.imgpkg/images.yml \ + >> service-bindings.yaml + + cp hack/boilerplate/boilerplate.yaml.txt service-bindings-package.yaml + ytt -f config/carvel/package.yaml -f config/carvel/package.values.yaml \ + --data-value version=${version} \ + --data-value image=${repo_digest} \ + >> service-bindings-package.yaml + - name: Upload Service Bindings release bundle + uses: actions/upload-release-asset@v1.0.2 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps + asset_path: service-bindings-bundle.tar + asset_name: service-bindings-bundle-${{ steps.get-version.outputs.version }}.tar + asset_content_type: application/x-yaml + - name: Upload Service Bindings package yaml + uses: actions/upload-release-asset@v1.0.2 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps + asset_path: service-bindings-package.yaml + asset_name: service-bindings-package-${{ steps.get-version.outputs.version }}.yaml + asset_content_type: application/x-yaml + - name: Upload Service Bindings release yaml uses: actions/upload-release-asset@v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.gitignore b/.gitignore index 8db48dee..b5b07623 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ service-bindings*.yaml +/bundle diff --git a/VERSION b/VERSION index 11ca5016..263819d3 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.3.1-snapshot \ No newline at end of file +0.4.0-snapshot \ No newline at end of file diff --git a/cmd/labs-service-bindings-manager/main.go b/cmd/manager/main.go similarity index 100% rename from cmd/labs-service-bindings-manager/main.go rename to cmd/manager/main.go diff --git a/config/carvel/package-install.values.yaml b/config/carvel/package-install.values.yaml new file mode 100644 index 00000000..fd717449 --- /dev/null +++ b/config/carvel/package-install.values.yaml @@ -0,0 +1,14 @@ +#! Copyright 2021 VMware, Inc. +#! SPDX-License-Identifier: Apache-2.0 + +#@ load("@ytt:data", "data") + +#@data/values +--- +namespace: default +name: service-bindings +package_name: service-bindings.labs.vmware.com +package_prerelease: null +service_account_name: service-binding-kc +cluster_role_name: service-binding-kc +cluster_role_binding_name: service-binding-kc diff --git a/config/carvel/package-install.yaml b/config/carvel/package-install.yaml new file mode 100644 index 00000000..0b03fa5a --- /dev/null +++ b/config/carvel/package-install.yaml @@ -0,0 +1,114 @@ +#! Copyright 2021 VMware, Inc. +#! SPDX-License-Identifier: Apache-2.0 + +#@ load("@ytt:data", "data") + +--- +apiVersion: packaging.carvel.dev/v1alpha1 +kind: PackageInstall +metadata: + namespace: #@ data.values.namespace + name: #@ data.values.name + annotations: + kapp.k14s.io/change-group: service-bindings.labs.vmware.com/install + kapp.k14s.io/change-rule: "upsert after upserting service-bindings.labs.vmware.com/install-rbac" +spec: + serviceAccountName: #@ data.values.service_account_name + packageRef: + refName: #@ data.values.package_name + versionSelection: + constraints: #@ data.values.package_constraints + #@ if data.values.package_prerelease != None: + prereleases: #@ data.values.package_prerelease + #@ end + +--- +apiVersion: kapp.k14s.io/v1alpha1 +kind: Config +minimumRequiredVersion: 0.29.0 +waitRules: +- supportsObservedGeneration: true + conditionMatchers: + - type: ReconcileFailed + status: "True" + failure: true + - type: ReconcileSucceeded + status: "True" + success: true + resourceMatchers: + - apiVersionKindMatcher: + apiVersion: packaging.carvel.dev/v1alpha1 + kind: PackageInstall + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: #@ data.values.namespace + name: #@ data.values.service_account_name + annotations: + kapp.k14s.io/change-group: service-bindings.labs.vmware.com/install-rbac + kapp.k14s.io/change-rule: "delete after deleting service-bindings.labs.vmware.com/install" + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: #@ data.values.cluster_role_name + annotations: + kapp.k14s.io/change-group: service-bindings.labs.vmware.com/install-rbac + kapp.k14s.io/change-rule: "delete after deleting service-bindings.labs.vmware.com/install" +rules: + - apiGroups: + - "" + resources: + - configmaps + - namespaces + - secrets + - serviceaccounts + - services + verbs: + - "*" + - apiGroups: + - apps + resources: + - deployments + verbs: + - "*" + - apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - "*" + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - "*" + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + verbs: + - "*" + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: #@ data.values.cluster_role_binding_name + annotations: + kapp.k14s.io/change-group: service-bindings.labs.vmware.com/install-rbac + kapp.k14s.io/change-rule: "delete after deleting service-bindings.labs.vmware.com/install" +subjects: + - kind: ServiceAccount + name: #@ data.values.service_account_name + namespace: #@ data.values.namespace +roleRef: + kind: ClusterRole + name: #@ data.values.cluster_role_name + apiGroup: rbac.authorization.k8s.io diff --git a/config/carvel/package.values.yaml b/config/carvel/package.values.yaml new file mode 100644 index 00000000..bb574b9b --- /dev/null +++ b/config/carvel/package.values.yaml @@ -0,0 +1,8 @@ +#! Copyright 2021 VMware, Inc. +#! SPDX-License-Identifier: Apache-2.0 + +#@ load("@ytt:data", "data") + +#@data/values +--- +name: service-bindings.labs.vmware.com diff --git a/config/carvel/package.yaml b/config/carvel/package.yaml new file mode 100644 index 00000000..d76583fe --- /dev/null +++ b/config/carvel/package.yaml @@ -0,0 +1,25 @@ +#! Copyright 2021 VMware, Inc. +#! SPDX-License-Identifier: Apache-2.0 + +#@ load("@ytt:data", "data") + +--- +apiVersion: data.packaging.carvel.dev/v1alpha1 +kind: Package +metadata: + name: #@ data.values.name + '.' + data.values.version +spec: + refName: #@ data.values.name + version: #@ data.values.version + template: + spec: + fetch: + - imgpkgBundle: + image: #@ data.values.image + template: + - kbld: + paths: + - service-bindings.yaml + - .imgpkg/images.yml + deploy: + - kapp: {} diff --git a/config/carvel/release-version.overlay.yaml b/config/carvel/release-version.overlay.yaml new file mode 100644 index 00000000..52b5f4c6 --- /dev/null +++ b/config/carvel/release-version.overlay.yaml @@ -0,0 +1,19 @@ +#! Copyright 2021 VMware, Inc. +#! SPDX-License-Identifier: Apache-2.0 + +#@ load("@ytt:data", "data") +#@ load("@ytt:overlay", "overlay") + +#@overlay/match by=overlay.subset({"metadata":{"labels":{"bindings.labs.vmware.com/release":"devel"}}}),expects="1+" +--- +metadata: + labels: + bindings.labs.vmware.com/release: #@ data.values.version + +#@overlay/match by=overlay.subset({"spec":{"template":{"metadata":{"labels":{"bindings.labs.vmware.com/release":"devel"}}}}}),expects="1+" +--- +spec: + template: + metadata: + labels: + bindings.labs.vmware.com/release: #@ data.values.version diff --git a/config/manager.yaml b/config/manager.yaml index afd181e3..5b08117f 100644 --- a/config/manager.yaml +++ b/config/manager.yaml @@ -17,8 +17,6 @@ spec: role: manager template: metadata: - annotations: - sidecar.istio.io/inject: "false" labels: app: manager role: manager @@ -30,7 +28,7 @@ spec: - name: manager # This is the Go import path for the binary that is containerized # and substituted here. - image: ko://github.com/vmware-labs/service-bindings/cmd/labs-service-bindings-manager + image: ko://github.com/vmware-labs/service-bindings/cmd/manager resources: requests: cpu: 100m diff --git a/hack/boilerplate/boilerplate.yaml.txt b/hack/boilerplate/boilerplate.yaml.txt new file mode 100644 index 00000000..50c00758 --- /dev/null +++ b/hack/boilerplate/boilerplate.yaml.txt @@ -0,0 +1,2 @@ +# Copyright 2021 VMware, Inc. +# SPDX-License-Identifier: Apache-2.0