From 3a9a25019bcf9ded44f0d9214fd0f015876f6340 Mon Sep 17 00:00:00 2001 From: Scott Andrews Date: Tue, 20 Jul 2021 15:11:22 -0400 Subject: [PATCH 1/3] Release Carvel Packages Switch CI to build and test Carvel imgpkg bundles rather than pushing snapshot builds to a public registry. This allows anyone to to run the full CI sequence anonymously, until the final publish step which requires credentials. It also means that the acceptances tests are running against a common artifact that is built once. There are three release artifacts now: - `service-bindings-{version}.yaml` `kubectl apply -f`'able config with publicly hosted image - `service-bindings-bundle-{version}.tar` an airgap-ready imgpkg bundle containing the release config, runtime images which can be relocated into a private image registry and samples - `service-bindings-package-{version}.yaml` a Carvel Package that can be consumed by kapp-controller. The imgpkg bundle references by the package is hosted in a public registry Signed-off-by: Scott Andrews --- .github/workflows/ci.yaml | 179 +++++++++++++++--- .gitignore | 1 + VERSION | 2 +- .../main.go | 0 config/carvel/package.yaml | 19 ++ config/manager.yaml | 2 +- 6 files changed, 171 insertions(+), 32 deletions(-) rename cmd/{labs-service-bindings-manager => manager}/main.go (100%) create mode 100644 config/carvel/package.yaml diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 17095131..8f43e3ee 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -27,25 +27,37 @@ jobs: stage: needs: test - if: github.event_name == 'push' && startsWith(github.repository, 'vmware-labs/') runs-on: ubuntu-latest + env: + REGISTRY_NAME: registry.local + REGISTRY_PORT: 80 + KO_DOCKER_REPO: registry.local/service-bindings + BUNDLE: registry.local/service-bindings/bundle steps: - uses: actions/checkout@v2.3.4 - uses: actions/setup-go@v2.1.3 with: go-version: 1.15.x + - uses: vmware-tanzu/carvel-setup-action@v1 - name: Install ko run: | cd $(mktemp -d -t ko.XXXX) curl -sL https://github.com/google/ko/releases/download/v0.8.1/ko_0.8.1_Linux_x86_64.tar.gz | tar -xz sudo mv ./ko /usr/local/bin cd - - - name: Docker login + - name: Setup local registry run: | - echo "$DOCKERHUB_PASSWORD" | docker login --username $DOCKERHUB_USERNAME --password-stdin - env: - DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} - DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }} + set -o errexit + set -o nounset + set -o pipefail + + # Run a registry. + docker run \ + -d --restart=always -p "127.0.0.1:${REGISTRY_PORT}:5000" --name local-registry \ + registry:2 + + # Make the $REGISTRY_NAME -> 127.0.0.1 + echo "127.0.0.1 $REGISTRY_NAME" | sudo tee -a /etc/hosts - name: Stage run: | set -o errexit @@ -57,18 +69,31 @@ jobs: readonly git_timestamp=$(TZ=UTC git show --quiet --date='format-local:%Y%m%d%H%M%S' --format="%cd") readonly slug=${version}-${git_timestamp}-${git_sha:0:16} - ko resolve -t ${slug} -B -f config | sed -e "s|bindings.labs.vmware.com/release: devel|bindings.labs.vmware.com/release: ${slug}|" > service-bindings.yaml - env: - KO_DOCKER_REPO: docker.io/vmware + mkdir -p bundle/.imgpkg + cp LICENSE "bundle/LICENSE" + cp NOTICE "bundle/NOTICE" + cp VERSION "bundle/VERSION" + cp -r samples "bundle/samples" + + echo "##[group]Build Service Bindings" + ko resolve -t ${slug} -B -f config \ + | sed -e "s|bindings.labs.vmware.com/release: devel|bindings.labs.vmware.com/release: ${slug}|" \ + > "bundle/service-bindings.yaml" + kbld -f "bundle/service-bindings.yaml" --imgpkg-lock-output "bundle/.imgpkg/images.yml" + echo "##[endgroup]" + + echo "##[group]Create bundle" + imgpkg push -f "bundle" -b "${BUNDLE}" + imgpkg copy -b "${BUNDLE}" --to-tar bundle/service-bindings-bundle.tar + echo "##[endgroup]" - name: Upload Service Bindings build uses: actions/upload-artifact@v2.2.4 with: - name: service-bindings.yaml - path: service-bindings.yaml + name: service-bindings-bundle.tar + path: bundle/service-bindings-bundle.tar acceptance: needs: stage - if: "!( cancelled() || failure() )" runs-on: ubuntu-latest strategy: matrix: @@ -77,37 +102,77 @@ jobs: - 1.19.7 - 1.20.2 fail-fast: false + env: + REGISTRY_PORT: 5000 + BUNDLE: localhost:5000/service-bindings/bundle steps: - uses: actions/checkout@v2.3.4 + - uses: vmware-tanzu/carvel-setup-action@v1 - name: Install kind run: | - curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.11.1/kind-linux-amd64 + cd $(mktemp -d -t kind.XXXX) + curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.11.1/kind-$(go env GOHOSTOS)-$(go env GOHOSTARCH) chmod +x ./kind sudo mv ./kind /usr/local/bin - - uses: vmware-tanzu/carvel-setup-action@v1 - - name: Create cluster - run: kind create cluster --wait 5m --image kindest/node:v${{ matrix.k8s }} + cd - + - name: Setup local registry + run: | + set -o errexit + set -o nounset + set -o pipefail + + # Run a registry. + docker run \ + -d --restart=always -p "127.0.0.1:${REGISTRY_PORT}:5000" --name local-registry \ + registry:2 + - name: Create Cluster + run: | + set -o errexit + set -o nounset + set -o pipefail + + # create a cluster with the local registry enabled in containerd + cat < service-bindings.yaml - cat service-bindings.yaml | grep -oh 'ko.local[^\w]*' | xargs -L 1 kind load docker-image - - name: Deploy Service Bindings - run: kapp deploy -a service-bindings -f service-bindings.yaml -y + kapp deploy -a service-bindings -y \ + -f <(kbld -f bundle/service-bindings.yaml -f bundle/.imgpkg/images.yml) - name: Deploy Spring Petclinic run: | set -o errexit @@ -167,6 +232,20 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2.3.4 + - uses: vmware-tanzu/carvel-setup-action@v1 + - name: Install crane + run: | + cd $(mktemp -d -t kind.XXXX) + curl -L https://github.com/google/go-containerregistry/releases/download/v0.5.1/go-containerregistry_Linux_x86_64.tar.gz | tar -xz + chmod +x ./crane + sudo mv ./crane /usr/local/bin + cd - + - name: Docker login + run: | + echo "$DOCKERHUB_PASSWORD" | docker login --username $DOCKERHUB_USERNAME --password-stdin + env: + DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} + DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }} - name: Get release version id: get-version run: | @@ -183,8 +262,48 @@ jobs: - name: Download staged Service Bindings build uses: actions/download-artifact@v2.0.10 with: - name: service-bindings.yaml - - name: Upload Service Bindings release + name: service-bindings-bundle.tar + - name: Relocate bundle to public registry + run: | + set -o errexit + set -o nounset + set -o pipefail + + version="${{ steps.get-version.outputs.version }}" + repo="vmware/labs-service-bindings-manager" + repo_tag="${repo}:${version}" + + imgpkg copy --tar service-bindings-bundle.tar --to-repo "${repo}" + crane tag "${repo}" "${version}" + repo_digest="${repo_tag}@$(crane digest "${repo_tag}")" + + mkdir -p bundle + imgpkg pull -b "${repo_digest}" -o bundle + kbld -f bundle/service-bindings.yaml -f bundle/.imgpkg/images.yml > service-bindings.yaml + + cat config/carvel/package.yaml \ + | sed -e "s|\${version}|${{ steps.get-version.outputs.version }}|" \ + | sed -e "s|\${image}|${repo_digest}|" \ + > "service-bindings-package.yaml" + - name: Upload Service Bindings release bundle + uses: actions/upload-release-asset@v1.0.2 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps + asset_path: service-bindings-bundle.tar + asset_name: service-bindings-bundle-${{ steps.get-version.outputs.version }}.tar + asset_content_type: application/x-yaml + - name: Upload Service Bindings package yaml + uses: actions/upload-release-asset@v1.0.2 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps + asset_path: service-bindings-package.yaml + asset_name: service-bindings-package-${{ steps.get-version.outputs.version }}.yaml + asset_content_type: application/x-yaml + - name: Upload Service Bindings release yaml uses: actions/upload-release-asset@v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.gitignore b/.gitignore index 8db48dee..b5b07623 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ service-bindings*.yaml +/bundle diff --git a/VERSION b/VERSION index 11ca5016..263819d3 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.3.1-snapshot \ No newline at end of file +0.4.0-snapshot \ No newline at end of file diff --git a/cmd/labs-service-bindings-manager/main.go b/cmd/manager/main.go similarity index 100% rename from cmd/labs-service-bindings-manager/main.go rename to cmd/manager/main.go diff --git a/config/carvel/package.yaml b/config/carvel/package.yaml new file mode 100644 index 00000000..4524e282 --- /dev/null +++ b/config/carvel/package.yaml @@ -0,0 +1,19 @@ +apiVersion: data.packaging.carvel.dev/v1alpha1 +kind: Package +metadata: + name: service-bindings.labs.vmware.com.${version} +spec: + refName: service-bindings.labs.vmware.com + version: ${version} + template: + spec: + fetch: + - imgpkgBundle: + image: ${image} + template: + - kbld: + paths: + - service-bindings.yaml + - .imgpkg/images.yml + deploy: + - kapp: {} diff --git a/config/manager.yaml b/config/manager.yaml index afd181e3..4f3f5f0e 100644 --- a/config/manager.yaml +++ b/config/manager.yaml @@ -30,7 +30,7 @@ spec: - name: manager # This is the Go import path for the binary that is containerized # and substituted here. - image: ko://github.com/vmware-labs/service-bindings/cmd/labs-service-bindings-manager + image: ko://github.com/vmware-labs/service-bindings/cmd/manager resources: requests: cpu: 100m From 5cdd1d12d15eda842317260085dcd8777b9680ff Mon Sep 17 00:00:00 2001 From: Scott Andrews Date: Wed, 21 Jul 2021 13:28:16 -0400 Subject: [PATCH 2/3] Use kapp-controller in acceptances tests Signed-off-by: Scott Andrews --- .github/workflows/ci.yaml | 73 ++++++++++++++----- config/carvel/package-install.yaml | 110 +++++++++++++++++++++++++++++ config/carvel/package.yaml | 3 + 3 files changed, 170 insertions(+), 16 deletions(-) create mode 100644 config/carvel/package-install.yaml diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 8f43e3ee..fdbcee54 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -103,8 +103,9 @@ jobs: - 1.20.2 fail-fast: false env: + REGISTRY_NAME: registry.local REGISTRY_PORT: 5000 - BUNDLE: localhost:5000/service-bindings/bundle + BUNDLE: registry.local:5000/service-bindings/bundle steps: - uses: actions/checkout@v2.3.4 - uses: vmware-tanzu/carvel-setup-action@v1 @@ -123,8 +124,11 @@ jobs: # Run a registry. docker run \ - -d --restart=always -p "127.0.0.1:${REGISTRY_PORT}:5000" --name local-registry \ + -d --restart=always -p "${REGISTRY_PORT}:5000" --name local-registry \ registry:2 + + # Make the $REGISTRY_NAME -> local-registry + echo "$(hostname -I | cut -d' ' -f1) $REGISTRY_NAME" | sudo tee -a /etc/hosts - name: Create Cluster run: | set -o errexit @@ -137,8 +141,11 @@ jobs: apiVersion: kind.x-k8s.io/v1alpha4 containerdConfigPatches: - |- - [plugins."io.containerd.grpc.v1.cri".registry.mirrors."localhost:${REGISTRY_PORT}"] + [plugins."io.containerd.grpc.v1.cri".registry.mirrors."${REGISTRY_NAME}:${REGISTRY_PORT}"] endpoint = ["http://local-registry:${REGISTRY_PORT}"] + nodes: + - role: control-plane + image: kindest/node:v${{ matrix.k8s }} EOF # connect the registry to the cluster network @@ -161,18 +168,40 @@ jobs: uses: actions/download-artifact@v2.0.10 with: name: service-bindings-bundle.tar - - name: Deploy Service Bindings + - name: Install kapp-controller + run: | + set -o errexit + set -o nounset + set -o pipefail + + kapp deploy -a kapp-controller -y -f https://github.com/vmware-tanzu/carvel-kapp-controller/releases/latest/download/release.yml + - name: Deploy Service Bindings Package run: | set -o errexit set -o nounset set -o pipefail imgpkg copy --tar service-bindings-bundle.tar --to-repo "${BUNDLE}" - mkdir -p bundle - imgpkg pull -b "${BUNDLE}" -o bundle + kapp deploy -a service-bindings-package -y \ + -f <( \ + cat config/carvel/package.yaml \ + | sed -e "s|\${version}|$(cat VERSION)|" \ + | sed -e "s|\${image}|${BUNDLE}|" \ + ) + - name: Deploy Service Bindings + run: | + set -o errexit + set -o nounset + set -o pipefail kapp deploy -a service-bindings -y \ - -f <(kbld -f bundle/service-bindings.yaml -f bundle/.imgpkg/images.yml) + -f <( \ + cat config/carvel/package-install.yaml \ + | sed -e "s|\${version}|$(cat VERSION)|" \ + | sed -e "s|\${namespace}|default|" \ + | sed -e "s|\${service_account}|service-binding-kc|" \ + | sed -e "s|\${role}|service-binding-kc|" \ + ) - name: Deploy Spring Petclinic run: | set -o errexit @@ -184,6 +213,21 @@ jobs: kapp deploy -a spring-petclinic -f samples/spring-petclinic/application.yaml -y - name: Collect diagnostics run: | + echo "##[group]Describe nodes" + kubectl describe nodes + echo "##[endgroup]" + echo "##[group]Describe pods" + kubectl describe pods + echo "##[endgroup]" + echo "##[group]All resources" + kubectl get all,secrets --all-namespaces + echo "##[endgroup]" + echo "##[group]Packages" + kubectl get package -A -oyaml + echo "##[endgroup]" + echo "##[group]Package Installs" + kubectl get packageinstall -A -oyaml + echo "##[endgroup]" echo "##[group]Service Binding manager logs" kubectl logs -n service-bindings -l app=manager -c manager --tail 1000 echo "##[endgroup]" @@ -199,15 +243,6 @@ jobs: echo "##[group]MySQL logs" kubectl logs -l app=spring-petclinic-db -c mysql --tail 1000 echo "##[endgroup]" - echo "##[group]All resources" - kubectl get all,secrets --all-namespaces - echo "##[endgroup]" - echo "##[group]Describe pods" - kubectl describe pods - echo "##[endgroup]" - echo "##[group]Describe nodes" - kubectl describe nodes - echo "##[endgroup]" if: always() continue-on-error: true - name: Cleanup Spring Petclinic @@ -222,6 +257,12 @@ jobs: - name: Cleanup Service Bindings run: kapp delete -a service-bindings -y if: always() + - name: Cleanup Service Bindings Package + run: kapp delete -a service-bindings-package -y + if: always() + - name: Cleanup kapp-controller + run: kapp delete -a kapp-controller -y + if: always() - name: Cleanup cluster run: kind delete cluster if: always() diff --git a/config/carvel/package-install.yaml b/config/carvel/package-install.yaml new file mode 100644 index 00000000..b907dafc --- /dev/null +++ b/config/carvel/package-install.yaml @@ -0,0 +1,110 @@ +# Copyright 2021 VMware, Inc. +# SPDX-License-Identifier: Apache-2.0 + +--- +apiVersion: packaging.carvel.dev/v1alpha1 +kind: PackageInstall +metadata: + namespace: ${namespace} + name: service-bindings + annotations: + kapp.k14s.io/change-group: service-bindings.labs.vmware.com/install + kapp.k14s.io/change-rule: "upsert after upserting service-bindings.labs.vmware.com/install-rbac" +spec: + serviceAccountName: ${service_account} + packageRef: + refName: service-bindings.labs.vmware.com + versionSelection: + constraints: ${version} + prereleases: {} + +--- +apiVersion: kapp.k14s.io/v1alpha1 +kind: Config +minimumRequiredVersion: 0.29.0 +waitRules: +- supportsObservedGeneration: true + conditionMatchers: + - type: ReconcileFailed + status: "True" + failure: true + - type: ReconcileSucceeded + status: "True" + success: true + resourceMatchers: + - apiVersionKindMatcher: + apiVersion: packaging.carvel.dev/v1alpha1 + kind: PackageInstall + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: ${namespace} + name: ${service_account} + annotations: + kapp.k14s.io/change-group: service-bindings.labs.vmware.com/install-rbac + kapp.k14s.io/change-rule: "delete after deleting service-bindings.labs.vmware.com/install" + +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: ${role} + annotations: + kapp.k14s.io/change-group: service-bindings.labs.vmware.com/install-rbac + kapp.k14s.io/change-rule: "delete after deleting service-bindings.labs.vmware.com/install" +rules: + - apiGroups: + - "" + resources: + - configmaps + - namespaces + - secrets + - serviceaccounts + - services + verbs: + - "*" + - apiGroups: + - apps + resources: + - deployments + verbs: + - "*" + - apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - "*" + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - "*" + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + verbs: + - "*" + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ${role}-${namespace}-${service_account} + annotations: + kapp.k14s.io/change-group: service-bindings.labs.vmware.com/install-rbac + kapp.k14s.io/change-rule: "delete after deleting service-bindings.labs.vmware.com/install" +subjects: + - kind: ServiceAccount + name: ${service_account} + namespace: ${namespace} +roleRef: + kind: ClusterRole + name: ${role} + apiGroup: rbac.authorization.k8s.io diff --git a/config/carvel/package.yaml b/config/carvel/package.yaml index 4524e282..a1cf4ae4 100644 --- a/config/carvel/package.yaml +++ b/config/carvel/package.yaml @@ -1,3 +1,6 @@ +# Copyright 2021 VMware, Inc. +# SPDX-License-Identifier: Apache-2.0 + apiVersion: data.packaging.carvel.dev/v1alpha1 kind: Package metadata: From c9a28932bfbb5642b7a3c3722966b19926a185d2 Mon Sep 17 00:00:00 2001 From: Scott Andrews Date: Fri, 23 Jul 2021 11:51:14 -0400 Subject: [PATCH 3/3] replace sed with ytt Signed-off-by: Scott Andrews --- .github/workflows/ci.yaml | 36 ++++++++++++---------- config/carvel/package-install.values.yaml | 14 +++++++++ config/carvel/package-install.yaml | 34 +++++++++++--------- config/carvel/package.values.yaml | 8 +++++ config/carvel/package.yaml | 15 +++++---- config/carvel/release-version.overlay.yaml | 19 ++++++++++++ config/manager.yaml | 2 -- hack/boilerplate/boilerplate.yaml.txt | 2 ++ 8 files changed, 91 insertions(+), 39 deletions(-) create mode 100644 config/carvel/package-install.values.yaml create mode 100644 config/carvel/package.values.yaml create mode 100644 config/carvel/release-version.overlay.yaml create mode 100644 hack/boilerplate/boilerplate.yaml.txt diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index fdbcee54..0bae8fbc 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -76,10 +76,12 @@ jobs: cp -r samples "bundle/samples" echo "##[group]Build Service Bindings" + cp hack/boilerplate/boilerplate.yaml.txt bundle/service-bindings.yaml ko resolve -t ${slug} -B -f config \ - | sed -e "s|bindings.labs.vmware.com/release: devel|bindings.labs.vmware.com/release: ${slug}|" \ - > "bundle/service-bindings.yaml" - kbld -f "bundle/service-bindings.yaml" --imgpkg-lock-output "bundle/.imgpkg/images.yml" + | ytt -f - -f config/carvel/release-version.overlay.yaml \ + --data-value version=${slug} \ + >> bundle/service-bindings.yaml + kbld -f bundle/service-bindings.yaml --imgpkg-lock-output bundle/.imgpkg/images.yml echo "##[endgroup]" echo "##[group]Create bundle" @@ -184,9 +186,9 @@ jobs: imgpkg copy --tar service-bindings-bundle.tar --to-repo "${BUNDLE}" kapp deploy -a service-bindings-package -y \ -f <( \ - cat config/carvel/package.yaml \ - | sed -e "s|\${version}|$(cat VERSION)|" \ - | sed -e "s|\${image}|${BUNDLE}|" \ + ytt -f config/carvel/package.yaml -f config/carvel/package.values.yaml \ + --data-value version=$(cat VERSION) \ + --data-value image=${BUNDLE} \ ) - name: Deploy Service Bindings run: | @@ -196,11 +198,9 @@ jobs: kapp deploy -a service-bindings -y \ -f <( \ - cat config/carvel/package-install.yaml \ - | sed -e "s|\${version}|$(cat VERSION)|" \ - | sed -e "s|\${namespace}|default|" \ - | sed -e "s|\${service_account}|service-binding-kc|" \ - | sed -e "s|\${role}|service-binding-kc|" \ + ytt -f config/carvel/package-install.yaml -f config/carvel/package-install.values.yaml \ + --data-value package_constraints=$(cat VERSION) \ + --data-value-yaml 'package_prerelease={}' \ ) - name: Deploy Spring Petclinic run: | @@ -320,12 +320,16 @@ jobs: mkdir -p bundle imgpkg pull -b "${repo_digest}" -o bundle - kbld -f bundle/service-bindings.yaml -f bundle/.imgpkg/images.yml > service-bindings.yaml - cat config/carvel/package.yaml \ - | sed -e "s|\${version}|${{ steps.get-version.outputs.version }}|" \ - | sed -e "s|\${image}|${repo_digest}|" \ - > "service-bindings-package.yaml" + cp hack/boilerplate/boilerplate.yaml.txt service-bindings.yaml + kbld -f bundle/service-bindings.yaml -f bundle/.imgpkg/images.yml \ + >> service-bindings.yaml + + cp hack/boilerplate/boilerplate.yaml.txt service-bindings-package.yaml + ytt -f config/carvel/package.yaml -f config/carvel/package.values.yaml \ + --data-value version=${version} \ + --data-value image=${repo_digest} \ + >> service-bindings-package.yaml - name: Upload Service Bindings release bundle uses: actions/upload-release-asset@v1.0.2 env: diff --git a/config/carvel/package-install.values.yaml b/config/carvel/package-install.values.yaml new file mode 100644 index 00000000..fd717449 --- /dev/null +++ b/config/carvel/package-install.values.yaml @@ -0,0 +1,14 @@ +#! Copyright 2021 VMware, Inc. +#! SPDX-License-Identifier: Apache-2.0 + +#@ load("@ytt:data", "data") + +#@data/values +--- +namespace: default +name: service-bindings +package_name: service-bindings.labs.vmware.com +package_prerelease: null +service_account_name: service-binding-kc +cluster_role_name: service-binding-kc +cluster_role_binding_name: service-binding-kc diff --git a/config/carvel/package-install.yaml b/config/carvel/package-install.yaml index b907dafc..0b03fa5a 100644 --- a/config/carvel/package-install.yaml +++ b/config/carvel/package-install.yaml @@ -1,22 +1,26 @@ -# Copyright 2021 VMware, Inc. -# SPDX-License-Identifier: Apache-2.0 +#! Copyright 2021 VMware, Inc. +#! SPDX-License-Identifier: Apache-2.0 + +#@ load("@ytt:data", "data") --- apiVersion: packaging.carvel.dev/v1alpha1 kind: PackageInstall metadata: - namespace: ${namespace} - name: service-bindings + namespace: #@ data.values.namespace + name: #@ data.values.name annotations: kapp.k14s.io/change-group: service-bindings.labs.vmware.com/install kapp.k14s.io/change-rule: "upsert after upserting service-bindings.labs.vmware.com/install-rbac" spec: - serviceAccountName: ${service_account} + serviceAccountName: #@ data.values.service_account_name packageRef: - refName: service-bindings.labs.vmware.com + refName: #@ data.values.package_name versionSelection: - constraints: ${version} - prereleases: {} + constraints: #@ data.values.package_constraints + #@ if data.values.package_prerelease != None: + prereleases: #@ data.values.package_prerelease + #@ end --- apiVersion: kapp.k14s.io/v1alpha1 @@ -40,8 +44,8 @@ waitRules: apiVersion: v1 kind: ServiceAccount metadata: - namespace: ${namespace} - name: ${service_account} + namespace: #@ data.values.namespace + name: #@ data.values.service_account_name annotations: kapp.k14s.io/change-group: service-bindings.labs.vmware.com/install-rbac kapp.k14s.io/change-rule: "delete after deleting service-bindings.labs.vmware.com/install" @@ -50,7 +54,7 @@ metadata: kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: ${role} + name: #@ data.values.cluster_role_name annotations: kapp.k14s.io/change-group: service-bindings.labs.vmware.com/install-rbac kapp.k14s.io/change-rule: "delete after deleting service-bindings.labs.vmware.com/install" @@ -96,15 +100,15 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: ${role}-${namespace}-${service_account} + name: #@ data.values.cluster_role_binding_name annotations: kapp.k14s.io/change-group: service-bindings.labs.vmware.com/install-rbac kapp.k14s.io/change-rule: "delete after deleting service-bindings.labs.vmware.com/install" subjects: - kind: ServiceAccount - name: ${service_account} - namespace: ${namespace} + name: #@ data.values.service_account_name + namespace: #@ data.values.namespace roleRef: kind: ClusterRole - name: ${role} + name: #@ data.values.cluster_role_name apiGroup: rbac.authorization.k8s.io diff --git a/config/carvel/package.values.yaml b/config/carvel/package.values.yaml new file mode 100644 index 00000000..bb574b9b --- /dev/null +++ b/config/carvel/package.values.yaml @@ -0,0 +1,8 @@ +#! Copyright 2021 VMware, Inc. +#! SPDX-License-Identifier: Apache-2.0 + +#@ load("@ytt:data", "data") + +#@data/values +--- +name: service-bindings.labs.vmware.com diff --git a/config/carvel/package.yaml b/config/carvel/package.yaml index a1cf4ae4..d76583fe 100644 --- a/config/carvel/package.yaml +++ b/config/carvel/package.yaml @@ -1,18 +1,21 @@ -# Copyright 2021 VMware, Inc. -# SPDX-License-Identifier: Apache-2.0 +#! Copyright 2021 VMware, Inc. +#! SPDX-License-Identifier: Apache-2.0 +#@ load("@ytt:data", "data") + +--- apiVersion: data.packaging.carvel.dev/v1alpha1 kind: Package metadata: - name: service-bindings.labs.vmware.com.${version} + name: #@ data.values.name + '.' + data.values.version spec: - refName: service-bindings.labs.vmware.com - version: ${version} + refName: #@ data.values.name + version: #@ data.values.version template: spec: fetch: - imgpkgBundle: - image: ${image} + image: #@ data.values.image template: - kbld: paths: diff --git a/config/carvel/release-version.overlay.yaml b/config/carvel/release-version.overlay.yaml new file mode 100644 index 00000000..52b5f4c6 --- /dev/null +++ b/config/carvel/release-version.overlay.yaml @@ -0,0 +1,19 @@ +#! Copyright 2021 VMware, Inc. +#! SPDX-License-Identifier: Apache-2.0 + +#@ load("@ytt:data", "data") +#@ load("@ytt:overlay", "overlay") + +#@overlay/match by=overlay.subset({"metadata":{"labels":{"bindings.labs.vmware.com/release":"devel"}}}),expects="1+" +--- +metadata: + labels: + bindings.labs.vmware.com/release: #@ data.values.version + +#@overlay/match by=overlay.subset({"spec":{"template":{"metadata":{"labels":{"bindings.labs.vmware.com/release":"devel"}}}}}),expects="1+" +--- +spec: + template: + metadata: + labels: + bindings.labs.vmware.com/release: #@ data.values.version diff --git a/config/manager.yaml b/config/manager.yaml index 4f3f5f0e..5b08117f 100644 --- a/config/manager.yaml +++ b/config/manager.yaml @@ -17,8 +17,6 @@ spec: role: manager template: metadata: - annotations: - sidecar.istio.io/inject: "false" labels: app: manager role: manager diff --git a/hack/boilerplate/boilerplate.yaml.txt b/hack/boilerplate/boilerplate.yaml.txt new file mode 100644 index 00000000..50c00758 --- /dev/null +++ b/hack/boilerplate/boilerplate.yaml.txt @@ -0,0 +1,2 @@ +# Copyright 2021 VMware, Inc. +# SPDX-License-Identifier: Apache-2.0