diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2cc447a..992c19b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,6 +18,6 @@ jobs: registry-server: ghcr.io registry-username: ${{ github.actor }} image: ${{ github.repository }} - version: 0.8.0 + version: 0.9.0 secrets: pull-request-token: ${{ secrets.GH_ORG_PAT }} diff --git a/README.md b/README.md index c044a05..43c130f 100644 --- a/README.md +++ b/README.md @@ -74,8 +74,12 @@ Documentation, tutorials and examples for this package are available in the [doc The Engineering Platform package can be customized via a `values.yml` file. ```yaml - excluded_blueprints: - - "config-template" + platform: + ingress: + domain: thomasvitale.com + oci_registry: + server: ghcr.io + repository: thomasvitale ``` Reference the `values.yml` file from the `kctrl` command when installing or upgrading the package. @@ -96,23 +100,41 @@ The Engineering Platform package has the following configurable properties. | Config | Default | Description | |-------|-------------------|-------------| -| `packages.namespace` | `""` | The namespace where to install the platform. | -| `packages.exclusions` | `[]` | A list of packages to exclude from being installed. | +| `platform.namespace` | `kadras-packages` | The namespace where to install the platform. | +| `platform.excluded_packages` | `[]` | A list of packages to exclude from being installed. | +| `platform.ca_cert_data` | `""` | PEM-encoded certificate data to trust TLS connections with a custom CA. | +| `platform.ingress.domain.issuer.type` | `private` | The type of ClusterIssuer the platform will use to enable TLS communications. Options: `private`, `letsencrypt_staging`, `letsencrypt`, `custom`. | +| `platform.ingress.domain.issuer.name` | `""` | A reference to a custom ClusterIssuer previously created on the cluster where the platform will be installed. Required when the type is `custom`. | +| `platform.oci_registry.server` | `""` | The server of the OCI Registry where the platform will publish and consume OCI images. | +| `platform.oci_registry.repository` | `""` | The repository in the OCI Registry where the platform will publish and consume OCI images. | +| `platform.oci_registry.credentials.username` | `""` | Username to access the OCI registry. Note: Use `_json_key` for GCR. | +| `platform.oci_registry.credentials.password` | `""` | Token to access the OCI registry. Note: Use contents of service account key json for GCR. | +| `platform.oci_registry.secret.name` | `supply-chain-registry-credentials` | The name of the Secret holding the credentials to access the OCI registry. | +| `platform.oci_registry.secret.namespace` | `kadras-packages` | The namespace of the Secret holding the credentials to access the OCI registry. | +| `platform.cosign.secret.name` | `supply-chain-cosign-key-pair` | The name of the Secret holding the Cosign key pair. | +| `platform.cosign.secret.namespace` | `kadras-packages` | The namespace of the Secret holding the Cosign key pair. | + +Each Kadras package included in the platform can be configured independently. + +| Config | Default | Description | +|-------|-------------------|-------------| | `buildpacks.catalog` | `{}` | Configuration for the Buildpacks Catalog package. | | `buildpacks.kpack` | `{}` | Configuration for the Kpack package. | +| `cartographer.core` | `{}` | Configuration for the Cartographer Core package including Cartographer and Cartographer Conventions. | | `cartographer.blueprints` | `{}` | Configuration for the Cartographer Blueprints package. | | `cartographer.delivery` | `{}` | Configuration for the Cartographer Delivery package. | | `cartographer.supply_chains` | `{}` | Configuration for the Cartographer Supply Chains package. | -| `cert_manager` | `{}` | Configuration for the Cert Manager package. | +| `cert_manager.core` | `{}` | Configuration for the Cert Manager package. | +| `cert_manager.issuers` | `{}` | Configuration for the Cert Manager Issuers package. | | `contour` | `{}` | Configuration for the Contour package. | | `conventions.spring_boot` | `{}` | Configuration for the Spring Boot Conventions package. | | `flux.source_controller` | `{}` | Configuration for the FluxCD Source Controller package. | | `knative.serving` | `{}` | Configuration for the Knative Serving package. | | `metrics_server` | `{}` | Configuration for the Metrics Server package. | -| `namespace_setup` | `{}` | Configuration for the Namespace Setup package. | | `secretgen_controller` | `{}` | Configuration for the Secretgen Controller package. | | `tekton.catalog` | `{}` | Configuration for the Tekton Catalog package. | | `tekton.pipelines` | `{}` | Configuration for the Tekton Pipelines package. | +| `workspace_provisioner` | `{}` | Configuration for the Workspace Provisioner package. | diff --git a/docs/install.md b/docs/install.md new file mode 100644 index 0000000..a64ff46 --- /dev/null +++ b/docs/install.md @@ -0,0 +1,116 @@ +# Install the Kadras Engineering Platform + +## 1. Prerequisites + +* Kubernetes 1.24+ +* Carvel [`kctrl`](https://carvel.dev/kapp-controller/docs/latest/install/#installing-kapp-controller-cli-kctrl) CLI. +* Sigstore [`cosign`](https://docs.sigstore.dev/cosign/installation/) CLI. +* Carvel [kapp-controller](https://carvel.dev/kapp-controller) deployed in your Kubernetes cluster. You can install it with Carvel [`kapp`](https://carvel.dev/kapp/docs/latest/install) (recommended choice) or `kubectl`. + + ```shell + kapp deploy -a kapp-controller -y \ + -f https://github.com/carvel-dev/kapp-controller/releases/latest/download/release.yml + ``` + +## 2. Add the Kadras Repository + +Add the Kadras repository to make all Kadras packages available to the cluster. + + ```shell + kubectl create namespace kadras-packages + kctrl package repository add -r kadras-packages \ + --url ghcr.io/kadras-io/kadras-packages \ + -n kadras-packages + ``` + +You can check the full list of available packages as follows. + + ```shell + kctrl package available list -n kadras-packages + ``` + +## 3. Create Secret for OCI Registry + +First, create a Secret with the credentials to access your container registry in read/write mode. It will be used by the platform to publish and consume OCI artifacts. + + ```shell + export SUPPLY_CHAIN_REGISTRY_HOSTNAME= + export SUPPLY_CHAIN_REGISTRY_USERNAME= + export SUPPLY_CHAIN_REGISTRY_TOKEN= + ``` + +* `` is the server hosting the OCI registry. For example, `ghcr.io`, `gcr.io`, `quay.io`, `index.docker.io`. +* `` is the username to access the OCI registry. Use `_json_key` if the hostname is `gcr.io`. +* `` is a token with read/write permissions to access the OCI registry. Use the contents of the service account key json if the hostname is `gcr.io`. + + ```shell + kubectl create secret docker-registry supply-chain-registry-credentials \ + --docker-server="${SUPPLY_CHAIN_REGISTRY_HOSTNAME}" \ + --docker-username="${SUPPLY_CHAIN_REGISTRY_USERNAME}" \ + --docker-password="${SUPPLY_CHAIN_REGISTRY_TOKEN}" \ + --namespace=kadras-packages + ``` + +## 4. Create Secret for Cosign + +Next, use Cosign to generate a key-pair that will be used by the platform to sign and verify OCI artifacts. + + ```shell + cosign generate-key-pair k8s://kadras-packages/supply-chain-cosign-key-pair + ``` + +The previous command will create a cosign.pub file in the current directory. That's the public key you can use the verify OCI artifacts built and signed by the platform. + +## 5. Configure the Platform + +The installation of the Kadras Engineering Platform can be configured via YAML. Create a `values.yml` file with any configuration you need for the platform. The following is a minimal configuration example. + +```yaml +platform: + ingress: + domain: + + oci_registry: + server: + repository: + +workspace_provisioner: + namespaces: + - name: default + git: + credentials: + username: + password: +``` + +* `` is the base domain name the platform will use to configure the Ingress controller. It must be a valid DNS name. For example, `lab.thomasvitale.com`. +* `` is the server of the OCI registry where the platform will publish and consume OCI images. It must be the same used in step 3 when creating a Secret with the OCI registry credentials. For example, `ghcr.io`, `gcr.io`, `quay.io`, `index.docker.io`. +* `` is the repository in the OCI registry where the platform will publish and consume OCI images. It must be the same used in step 3 when creating a Secret with the OCI registry credentials. For example, it might be your username or organization name depending on which OCI server you're using. +* `` is your username to access your Git repositories on GitHub. It's not needed if you won't use the GitOps workflows offered by the platform and only use public Git repositories. +* `` is a token with read/write permissions to access your Git repositories on GitHub. It's not needed if you won't use the GitOps workflows offered by the platform and only use public Git repositories. + +## 6. Install the Platform + +Reference the `values.yml` file you created in the previous step and install the Kadras Engineering Platform. + + ```shell + kctrl package install -i engineering-platform \ + -p engineering-platform.packages.kadras.io \ + -v ${VERSION} \ + -n kadras-packages \ + --values-file values.yml + ``` + +You can find the `${VERSION}` value by retrieving the list of package versions available in the Kadras package repository installed on your cluster. + + ```shell + kctrl package available list -p engineering-platform.packages.kadras.io -n kadras-packages + ``` + +## 7. Verify the Installation + +Verify that all the platform components have been installed and properly reconciled. + + ```shell + kctrl package installed list -n kadras-packages + ``` diff --git a/docs/verify-release.md b/docs/verify-release.md index bb8cfa1..653188a 100644 --- a/docs/verify-release.md +++ b/docs/verify-release.md @@ -1,4 +1,4 @@ -# Verifying the Tekton Pipelines Package Release +# Verifying the Package Release This package is published as an OCI artifact, signed with Sigstore [Cosign](https://docs.sigstore.dev/cosign/overview), and associated with a [SLSA Provenance](https://slsa.dev/provenance) attestation. diff --git a/package/config/buildpacks-catalog.yml b/package/config/buildpacks-catalog.yml index 0d0aeea..81a1554 100644 --- a/package/config/buildpacks-catalog.yml +++ b/package/config/buildpacks-catalog.yml @@ -1,25 +1,41 @@ #@ load("@ytt:data", "data") +#@ load("@ytt:struct", "struct") #@ load("@ytt:yaml", "yaml") #@ load("/helpers.star", "is_package_enabled") #@ if is_package_enabled("buildpacks-catalog"): +#@ def build_package_values(): +#@ values = { +#@ "kp_default_repository": {} +#@ } +#@ +#@ if data.values.buildpacks.catalog: +#@ values.update(struct.decode(data.values.buildpacks.catalog)) +#@ end +#@ if data.values.platform.oci_registry.server and data.values.platform.oci_registry.repository and (not hasattr(data.values.buildpacks.catalog, "kp_default_repository") or not hasattr(data.values.buildpacks.catalog.kp_default_repository, "name") or not data.values.buildpacks.catalog.kp_default_repository.name): +#@ values["kp_default_repository"]["name"] = data.values.platform.oci_registry.server.rstrip("/") + "/" + data.values.platform.oci_registry.repository.rstrip("/") + "/buildpacks" +#@ end +#@ +#@ return struct.encode(values) +#@ end + --- apiVersion: packaging.carvel.dev/v1alpha1 kind: PackageInstall metadata: name: buildpacks-catalog - namespace: #@ data.values.packages.namespace + namespace: #@ data.values.platform.namespace annotations: kapp.k14s.io/change-group: buildpacks-catalog - kapp.k14s.io/change-rule.buildpacks-catalog: upsert after upserting kpack + kapp.k14s.io/change-rule.kpack: upsert after upserting kpack kapp.k14s.io/change-rule.service-account: delete before deleting serviceaccount spec: serviceAccountName: kadras-install-sa packageRef: refName: buildpacks-catalog.packages.kadras.io versionSelection: - constraints: 0.6.0 + constraints: 0.6.1 prereleases: {} values: - secretRef: @@ -29,8 +45,8 @@ apiVersion: v1 kind: Secret metadata: name: buildpacks-catalog-values - namespace: #@ data.values.packages.namespace + namespace: #@ data.values.platform.namespace stringData: - values.yaml: #@ yaml.encode(data.values.buildpacks.catalog) + values.yaml: #@ yaml.encode(build_package_values()) #@ end diff --git a/package/config/cartographer-blueprints.yml b/package/config/cartographer-blueprints.yml index 9ed3df4..d5b8c3d 100644 --- a/package/config/cartographer-blueprints.yml +++ b/package/config/cartographer-blueprints.yml @@ -1,15 +1,26 @@ #@ load("@ytt:data", "data") +#@ load("@ytt:struct", "struct") #@ load("@ytt:yaml", "yaml") #@ load("/helpers.star", "is_package_enabled") #@ if is_package_enabled("cartographer-blueprints"): +#@ def build_package_values(): +#@ values = {} +#@ +#@ if data.values.cartographer.blueprints: +#@ values.update(struct.decode(data.values.cartographer.blueprints)) +#@ end +#@ +#@ return struct.encode(values) +#@ end + --- apiVersion: packaging.carvel.dev/v1alpha1 kind: PackageInstall metadata: name: cartographer-blueprints - namespace: #@ data.values.packages.namespace + namespace: #@ data.values.platform.namespace annotations: kapp.k14s.io/change-group: cartographer-blueprints kapp.k14s.io/change-rule.cartographer: upsert after upserting cartographer @@ -21,7 +32,7 @@ spec: packageRef: refName: cartographer-blueprints.packages.kadras.io versionSelection: - constraints: 0.5.0 + constraints: 0.5.1 prereleases: {} values: - secretRef: @@ -31,8 +42,8 @@ apiVersion: v1 kind: Secret metadata: name: cartographer-blueprints-values - namespace: #@ data.values.packages.namespace + namespace: #@ data.values.platform.namespace stringData: - values.yaml: #@ yaml.encode(data.values.cartographer.blueprints) + values.yaml: #@ yaml.encode(build_package_values()) #@ end diff --git a/package/config/cartographer-delivery.yml b/package/config/cartographer-delivery.yml index dcdd7a9..623b9c7 100644 --- a/package/config/cartographer-delivery.yml +++ b/package/config/cartographer-delivery.yml @@ -1,15 +1,26 @@ #@ load("@ytt:data", "data") +#@ load("@ytt:struct", "struct") #@ load("@ytt:yaml", "yaml") #@ load("/helpers.star", "is_package_enabled") #@ if is_package_enabled("cartographer-delivery"): +#@ def build_package_values(): +#@ values = {} +#@ +#@ if data.values.cartographer.delivery: +#@ values.update(struct.decode(data.values.cartographer.delivery)) +#@ end +#@ +#@ return struct.encode(values) +#@ end + --- apiVersion: packaging.carvel.dev/v1alpha1 kind: PackageInstall metadata: name: cartographer-delivery - namespace: #@ data.values.packages.namespace + namespace: #@ data.values.platform.namespace annotations: kapp.k14s.io/change-group: cartographer-delivery kapp.k14s.io/change-rule.cartographer: upsert after upserting cartographer @@ -20,7 +31,7 @@ spec: packageRef: refName: cartographer-delivery.packages.kadras.io versionSelection: - constraints: 0.4.0 + constraints: 0.4.1 prereleases: {} values: - secretRef: @@ -30,8 +41,8 @@ apiVersion: v1 kind: Secret metadata: name: cartographer-delivery-values - namespace: #@ data.values.packages.namespace + namespace: #@ data.values.platform.namespace stringData: - values.yaml: #@ yaml.encode(data.values.cartographer.delivery) + values.yaml: #@ yaml.encode(build_package_values()) #@ end diff --git a/package/config/cartographer-supply-chains.yml b/package/config/cartographer-supply-chains.yml index 9896b96..f024011 100644 --- a/package/config/cartographer-supply-chains.yml +++ b/package/config/cartographer-supply-chains.yml @@ -1,15 +1,32 @@ #@ load("@ytt:data", "data") +#@ load("@ytt:struct", "struct") #@ load("@ytt:yaml", "yaml") #@ load("/helpers.star", "is_package_enabled") #@ if is_package_enabled("cartographer-supply-chains"): +#@ def build_package_values(): +#@ values = { +#@ "registry": {} +#@ } +#@ +#@ if data.values.cartographer.supply_chains: +#@ values.update(struct.decode(data.values.cartographer.supply_chains)) +#@ end +#@ if data.values.platform.oci_registry.server and data.values.platform.oci_registry.repository and (not hasattr(data.values.cartographer.supply_chains, "registry") or not hasattr(data.values.cartographer.supply_chains.registry, "server") or not hasattr(data.values.cartographer.supply_chains.registry, "repository") or not data.values.cartographer.supply_chains.registry.server or not data.values.cartographer.supply_chains.registry.repository): +#@ values["registry"]["server"] = data.values.platform.oci_registry.server.rstrip("/") +#@ values["registry"]["repository"] = data.values.platform.oci_registry.repository.rstrip("/") + "/workloads" +#@ end +#@ +#@ return struct.encode(values) +#@ end + --- apiVersion: packaging.carvel.dev/v1alpha1 kind: PackageInstall metadata: name: cartographer-supply-chains - namespace: #@ data.values.packages.namespace + namespace: #@ data.values.platform.namespace annotations: kapp.k14s.io/change-group: cartographer-supply-chains kapp.k14s.io/change-rule.cartographer: upsert after upserting cartographer @@ -20,7 +37,7 @@ spec: packageRef: refName: cartographer-supply-chains.packages.kadras.io versionSelection: - constraints: 0.5.0 + constraints: 0.5.1 prereleases: {} values: - secretRef: @@ -30,8 +47,8 @@ apiVersion: v1 kind: Secret metadata: name: cartographer-supply-chains-values - namespace: #@ data.values.packages.namespace + namespace: #@ data.values.platform.namespace stringData: - values.yaml: #@ yaml.encode(data.values.cartographer.supply_chains) + values.yaml: #@ yaml.encode(build_package_values()) #@ end diff --git a/package/config/cartographer.yml b/package/config/cartographer.yml index 886b342..6f5ed49 100644 --- a/package/config/cartographer.yml +++ b/package/config/cartographer.yml @@ -1,14 +1,31 @@ #@ load("@ytt:data", "data") +#@ load("@ytt:struct", "struct") +#@ load("@ytt:yaml", "yaml") #@ load("/helpers.star", "is_package_enabled") #@ if is_package_enabled("cartographer"): +#@ def build_package_values(): +#@ values = { +#@ "ca_cert_data": "" +#@ } +#@ +#@ if data.values.cartographer.core: +#@ values.update(struct.decode(data.values.cartographer.core)) +#@ end +#@ if data.values.platform.ca_cert_data and (not hasattr(data.values.cartographer.core, "ca_cert_data") or not data.values.cartographer.core.ca_cert_data): +#@ values["ca_cert_data"] = data.values.platform.ca_cert_data +#@ end +#@ +#@ return struct.encode(values) +#@ end + --- apiVersion: packaging.carvel.dev/v1alpha1 kind: PackageInstall metadata: name: cartographer - namespace: #@ data.values.packages.namespace + namespace: #@ data.values.platform.namespace annotations: kapp.k14s.io/change-group: cartographer kapp.k14s.io/change-rule.cert-manager: upsert after upserting cert-manager @@ -18,7 +35,18 @@ spec: packageRef: refName: cartographer.packages.kadras.io versionSelection: - constraints: 0.7.1 + constraints: 0.7.1+tap.1 prereleases: {} + values: + - secretRef: + name: cartographer-values +--- +apiVersion: v1 +kind: Secret +metadata: + name: cartographer-values + namespace: #@ data.values.platform.namespace +stringData: + values.yaml: #@ yaml.encode(build_package_values()) #@ end \ No newline at end of file diff --git a/package/config/cert-manager-issuers.yml b/package/config/cert-manager-issuers.yml new file mode 100644 index 0000000..4531dbb --- /dev/null +++ b/package/config/cert-manager-issuers.yml @@ -0,0 +1,65 @@ +#@ load("@ytt:data", "data") +#@ load("@ytt:struct", "struct") +#@ load("@ytt:yaml", "yaml") +#@ load("/helpers.star", "is_package_enabled") + +#@ if is_package_enabled("cert-manager-issuers"): + +#@ def is_letsencrypt_issuer(issuer): +#@ return issuer.type == "letsencrypt_staging" or issuer.type == "letsencrypt" +#@ end + +#@ def is_letsencrypt_staging(issuer): +#@ if issuer.type == "letsencrypt_staging": +#@ return True +#@ else: +#@ return False +#@ end +#@ end + +#@ def build_package_values(): +#@ values = { +#@ "letsencrypt": {} +#@ } +#@ +#@ if data.values.cert_manager.issuers: +#@ values.update(struct.decode(data.values.cert_manager.issuers)) +#@ end +#@ if data.values.platform.ingress.issuer and is_letsencrypt_issuer(data.values.platform.ingress.issuer) and (not hasattr(data.values.cert_manager.issuers, "letsencrypt") or not hasattr(data.values.cert_manager.issuers.letsencrypt, "include") or not data.values.cert_manager.issuers.letsencrypt.include): +#@ values["letsencrypt"]["include"] = True +#@ values["letsencrypt"]["staging"] = is_letsencrypt_staging(data.values.platform.ingress.issuer) +#@ end +#@ +#@ return struct.encode(values) +#@ end + +--- +apiVersion: packaging.carvel.dev/v1alpha1 +kind: PackageInstall +metadata: + name: cert-manager-issuers + namespace: #@ data.values.platform.namespace + annotations: + kapp.k14s.io/change-group: cert-manager-issuers + kapp.k14s.io/change-rule.cert-manager: upsert after upserting cert-manager + kapp.k14s.io/change-rule.serviceaccount: delete before deleting serviceaccount +spec: + serviceAccountName: kadras-install-sa + packageRef: + refName: cert-manager-issuers.packages.kadras.io + versionSelection: + constraints: 0.1.0 + prereleases: {} + values: + - secretRef: + name: cert-manager-issuers-values +--- +apiVersion: v1 +kind: Secret +metadata: + name: cert-manager-issuers-values + namespace: #@ data.values.platform.namespace +stringData: + values.yaml: #@ yaml.encode(build_package_values()) + +#@ end \ No newline at end of file diff --git a/package/config/cert-manager.yml b/package/config/cert-manager.yml index a6dcd48..46f8116 100644 --- a/package/config/cert-manager.yml +++ b/package/config/cert-manager.yml @@ -1,15 +1,26 @@ #@ load("@ytt:data", "data") +#@ load("@ytt:struct", "struct") #@ load("@ytt:yaml", "yaml") #@ load("/helpers.star", "is_package_enabled") #@ if is_package_enabled("cert-manager"): +#@ def build_package_values(): +#@ values = {} +#@ +#@ if data.values.cert_manager.core: +#@ values.update(struct.decode(data.values.cert_manager.core)) +#@ end +#@ +#@ return struct.encode(values) +#@ end + --- apiVersion: packaging.carvel.dev/v1alpha1 kind: PackageInstall metadata: name: cert-manager - namespace: #@ data.values.packages.namespace + namespace: #@ data.values.platform.namespace annotations: kapp.k14s.io/change-group: cert-manager kapp.k14s.io/change-rule.serviceaccount: delete before deleting serviceaccount @@ -18,7 +29,7 @@ spec: packageRef: refName: cert-manager.packages.kadras.io versionSelection: - constraints: 1.11.0+kadras.2 + constraints: 1.11.1+kadras.1 prereleases: {} values: - secretRef: @@ -28,8 +39,8 @@ apiVersion: v1 kind: Secret metadata: name: cert-manager-values - namespace: #@ data.values.packages.namespace + namespace: #@ data.values.platform.namespace stringData: - values.yaml: #@ yaml.encode(data.values.cert_manager) + values.yaml: #@ yaml.encode(build_package_values()) #@ end \ No newline at end of file diff --git a/package/config/contour.yml b/package/config/contour.yml index 71f78b0..656afe4 100644 --- a/package/config/contour.yml +++ b/package/config/contour.yml @@ -1,15 +1,31 @@ #@ load("@ytt:data", "data") +#@ load("@ytt:struct", "struct") #@ load("@ytt:yaml", "yaml") #@ load("/helpers.star", "is_package_enabled") #@ if is_package_enabled("contour"): +#@ def build_package_values(): +#@ values = { +#@ "certificates": {} +#@ } +#@ +#@ if data.values.contour: +#@ values.update(struct.decode(data.values.contour)) +#@ end +#@ if is_package_enabled("cert-manager") and (not hasattr(data.values.contour, "certificates") or not hasattr(data.values.contour.certificates, "useCertManager")): +#@ values["certificates"]["useCertManager"] = True +#@ end +#@ +#@ return struct.encode(values) +#@ end + --- apiVersion: packaging.carvel.dev/v1alpha1 kind: PackageInstall metadata: name: contour - namespace: #@ data.values.packages.namespace + namespace: #@ data.values.platform.namespace annotations: kapp.k14s.io/change-group: contour kapp.k14s.io/change-rule.cert-manager: upsert after upserting cert-manager @@ -19,7 +35,7 @@ spec: packageRef: refName: contour.packages.kadras.io versionSelection: - constraints: 1.24.2 + constraints: 1.24.3+kadras.2 values: - secretRef: name: contour-values @@ -28,8 +44,8 @@ apiVersion: v1 kind: Secret metadata: name: contour-values - namespace: #@ data.values.packages.namespace + namespace: #@ data.values.platform.namespace stringData: - values.yaml: #@ yaml.encode(data.values.contour) + values.yaml: #@ yaml.encode(build_package_values()) #@ end \ No newline at end of file diff --git a/package/config/fluxcd-source.controller.yml b/package/config/fluxcd-source.controller.yml index be63aa5..a6f35ad 100644 --- a/package/config/fluxcd-source.controller.yml +++ b/package/config/fluxcd-source.controller.yml @@ -1,15 +1,26 @@ #@ load("@ytt:data", "data") +#@ load("@ytt:struct", "struct") #@ load("@ytt:yaml", "yaml") #@ load("/helpers.star", "is_package_enabled") #@ if is_package_enabled("fluxcd-source-controller"): +#@ def build_package_values(): +#@ values = {} +#@ +#@ if data.values.flux.source_controller: +#@ values.update(struct.decode(data.values.flux.source_controller)) +#@ end +#@ +#@ return struct.encode(values) +#@ end + --- apiVersion: packaging.carvel.dev/v1alpha1 kind: PackageInstall metadata: name: fluxcd-source-controller - namespace: #@ data.values.packages.namespace + namespace: #@ data.values.platform.namespace annotations: kapp.k14s.io/change-group: fluxcd kapp.k14s.io/change-rule.serviceaccount: delete before deleting serviceaccount @@ -18,7 +29,7 @@ spec: packageRef: refName: fluxcd-source-controller.packages.kadras.io versionSelection: - constraints: 0.36.0 + constraints: 0.36.1 values: - secretRef: name: fluxcd-source-controller-values @@ -27,8 +38,8 @@ apiVersion: v1 kind: Secret metadata: name: fluxcd-source-controller-values - namespace: #@ data.values.packages.namespace + namespace: #@ data.values.platform.namespace stringData: - values.yaml: #@ yaml.encode(data.values.flux.source_controller) + values.yaml: #@ yaml.encode(build_package_values()) #@ end diff --git a/package/config/helpers.star b/package/config/helpers.star index 888d067..c6b5af5 100644 --- a/package/config/helpers.star +++ b/package/config/helpers.star @@ -1,5 +1,17 @@ load("@ytt:data", "data") def is_package_enabled(name): - return (name not in data.values.packages.excluded) + return (name not in data.values.platform.excluded_packages) +end + +def get_issuer_name(issuer): + if issuer.type == "private": + return "kadras-ca-issuer" + elif issuer.type == "letsencrypt_staging": + return "letsencrypt-staging-http01-issuer" + elif issuer.type == "letsencrypt": + return "letsencrypt-http01-issuer" + elif issuer.type == "custom": + return issuer.name + end end diff --git a/package/config/knative-serving.yml b/package/config/knative-serving.yml index f7b2597..81b971f 100644 --- a/package/config/knative-serving.yml +++ b/package/config/knative-serving.yml @@ -1,17 +1,42 @@ #@ load("@ytt:data", "data") +#@ load("@ytt:struct", "struct") #@ load("@ytt:yaml", "yaml") -#@ load("/helpers.star", "is_package_enabled") +#@ load("/helpers.star", "is_package_enabled", "get_issuer_name") #@ if is_package_enabled("knative-serving"): +#@ def build_package_values(): +#@ values = { +#@ "ca_cert_data": "", +#@ "domain_name": "", +#@ "ingress_issuer": "" +#@ } +#@ +#@ if data.values.knative.serving: +#@ values.update(struct.decode(data.values.knative.serving)) +#@ end +#@ if data.values.platform.ca_cert_data and (not hasattr(data.values.knative.serving, "ca_cert_data") or not data.values.knative.serving.ca_cert_data): +#@ values["ca_cert_data"] = data.values.platform.ca_cert_data +#@ end +#@ if data.values.platform.ingress.domain and (not hasattr(data.values.knative.serving, "domain_name") or not data.values.knative.serving.domain_name): +#@ values["domain_name"] = data.values.platform.ingress.domain +#@ end +#@ if data.values.platform.ingress.issuer and (not hasattr(data.values.knative.serving, "ingress_issuer") or not data.values.knative.serving.ingress_issuer): +#@ values["ingress_issuer"] = get_issuer_name(data.values.platform.ingress.issuer) +#@ end +#@ +#@ return struct.encode(values) +#@ end + --- apiVersion: packaging.carvel.dev/v1alpha1 kind: PackageInstall metadata: name: knative-serving - namespace: #@ data.values.packages.namespace + namespace: #@ data.values.platform.namespace annotations: kapp.k14s.io/change-group: knative-serving + kapp.k14s.io/change-rule.cert-manager-issuers: upsert after upserting cert-manager-issuers kapp.k14s.io/change-rule.contour: upsert after upserting contour kapp.k14s.io/change-rule.serviceaccount: delete before deleting serviceaccount spec: @@ -19,7 +44,7 @@ spec: packageRef: refName: knative-serving.packages.kadras.io versionSelection: - constraints: 1.9.2+kadras.1 + constraints: 1.9.3+kadras.2 values: - secretRef: name: knative-serving-values @@ -28,8 +53,8 @@ apiVersion: v1 kind: Secret metadata: name: knative-serving-values - namespace: #@ data.values.packages.namespace + namespace: #@ data.values.platform.namespace stringData: - values.yaml: #@ yaml.encode(data.values.knative.serving) + values.yaml: #@ yaml.encode(build_package_values()) #@ end \ No newline at end of file diff --git a/package/config/kpack.yml b/package/config/kpack.yml index e55d6c5..b4519b8 100644 --- a/package/config/kpack.yml +++ b/package/config/kpack.yml @@ -1,24 +1,63 @@ #@ load("@ytt:data", "data") +#@ load("@ytt:struct", "struct") #@ load("@ytt:yaml", "yaml") #@ load("/helpers.star", "is_package_enabled") #@ if is_package_enabled("kpack"): +#@ def build_package_values(): +#@ values = { +#@ "ca_cert_data": "", +#@ "kp_default_repository": {} +#@ } +#@ +#@ if data.values.buildpacks.kpack: +#@ values.update(struct.decode(data.values.buildpacks.kpack)) +#@ end +#@ if data.values.platform.ca_cert_data and (not hasattr(data.values.buildpacks.kpack, "ca_cert_data") or not data.values.buildpacks.kpack.ca_cert_data): +#@ values["ca_cert_data"] = data.values.platform.ca_cert_data +#@ end +#@ if data.values.platform.oci_registry.server and data.values.platform.oci_registry.repository and (not hasattr(data.values.buildpacks.kpack, "kp_default_repository") or not hasattr(data.values.buildpacks.kpack.kp_default_repository, "name") or not data.values.buildpacks.kpack.kp_default_repository.name): +#@ values["kp_default_repository"]["name"] = data.values.platform.oci_registry.server.rstrip("/") + "/" + data.values.platform.oci_registry.repository.rstrip("/") + "/buildpacks" +#@ end +#@ if hasattr(data.values.platform.oci_registry.credentials, "username") and hasattr(data.values.platform.oci_registry.credentials, "password") and data.values.platform.oci_registry.credentials.username and data.values.platform.oci_registry.credentials.password: +#@ if not hasattr(data.values.buildpacks.kpack, "kp_default_repository") or not hasattr(data.values.buildpacks.kpack.kp_default_repository, "credentials") or not hasattr(data.values.buildpacks.kpack.kp_default_repository.credentials, "username") or not hasattr(data.values.buildpacks.kpack.kp_default_repository.credentials, "password") or not data.values.buildpacks.kpack.kp_default_repository.credentials.username or not data.values.buildpacks.kpack.kp_default_repository.credentials.password: +#@ if not hasattr(data.values.buildpacks.kpack, "kp_default_repository") or not hasattr(data.values.buildpacks.kpack.kp_default_repository, "secret") or not hasattr(data.values.buildpacks.kpack.kp_default_repository.secret, "name") or not hasattr(data.values.buildpacks.kpack.kp_default_repository.secret, "namespace") or not data.values.buildpacks.kpack.kp_default_repository.secret.name or not data.values.buildpacks.kpack.kp_default_repository.secret.namespace: +#@ values["kp_default_repository"]["credentials"] = {} +#@ values["kp_default_repository"]["credentials"]["username"] = data.values.platform.oci_registry.credentials.username +#@ values["kp_default_repository"]["credentials"]["password"] = data.values.platform.oci_registry.credentials.password +#@ end +#@ end +#@ end +#@ if data.values.platform.oci_registry.secret.name and data.values.platform.oci_registry.secret.namespace: +#@ if not hasattr(data.values.buildpacks.kpack, "kp_default_repository") or not hasattr(data.values.buildpacks.kpack.kp_default_repository, "credentials") or not hasattr(data.values.buildpacks.kpack.kp_default_repository.credentials, "username") or not hasattr(data.values.buildpacks.kpack.kp_default_repository.credentials, "password") or not data.values.buildpacks.kpack.kp_default_repository.credentials.username or not data.values.buildpacks.kpack.kp_default_repository.credentials.password: +#@ if not hasattr(data.values.buildpacks.kpack, "kp_default_repository") or not hasattr(data.values.buildpacks.kpack.kp_default_repository, "secret") or not hasattr(data.values.buildpacks.kpack.kp_default_repository.secret, "name") or not hasattr(data.values.buildpacks.kpack.kp_default_repository.secret, "namespace") or not data.values.buildpacks.kpack.kp_default_repository.secret.name or not data.values.buildpacks.kpack.kp_default_repository.secret.namespace: +#@ values["kp_default_repository"]["secret"] = {} +#@ values["kp_default_repository"]["secret"]["name"] = data.values.platform.oci_registry.secret.name +#@ values["kp_default_repository"]["secret"]["namespace"] = data.values.platform.oci_registry.secret.namespace +#@ end +#@ end +#@ end +#@ +#@ return struct.encode(values) +#@ end + --- apiVersion: packaging.carvel.dev/v1alpha1 kind: PackageInstall metadata: name: kpack - namespace: #@ data.values.packages.namespace + namespace: #@ data.values.platform.namespace annotations: kapp.k14s.io/change-group: kpack + kapp.k14s.io/change-rule.workspace-provisioner: upsert after upserting workspace-provisioner kapp.k14s.io/change-rule.service-account: delete before deleting serviceaccount spec: serviceAccountName: kadras-install-sa packageRef: refName: kpack.packages.kadras.io versionSelection: - constraints: 0.10.1 + constraints: 0.10.1+kadras.1 prereleases: {} values: - secretRef: @@ -28,8 +67,8 @@ apiVersion: v1 kind: Secret metadata: name: kpack-values - namespace: #@ data.values.packages.namespace + namespace: #@ data.values.platform.namespace stringData: - values.yaml: #@ yaml.encode(data.values.buildpacks.kpack) + values.yaml: #@ yaml.encode(build_package_values()) #@ end diff --git a/package/config/metrics-server.yml b/package/config/metrics-server.yml index 8ecfaf6..a676d9f 100644 --- a/package/config/metrics-server.yml +++ b/package/config/metrics-server.yml @@ -1,15 +1,26 @@ #@ load("@ytt:data", "data") +#@ load("@ytt:struct", "struct") #@ load("@ytt:yaml", "yaml") #@ load("/helpers.star", "is_package_enabled") #@ if is_package_enabled("metrics-server"): +#@ def build_package_values(): +#@ values = {} +#@ +#@ if data.values.metrics_server: +#@ values.update(struct.decode(data.values.metrics_server)) +#@ end +#@ +#@ return struct.encode(values) +#@ end + --- apiVersion: packaging.carvel.dev/v1alpha1 kind: PackageInstall metadata: name: metrics-server - namespace: #@ data.values.packages.namespace + namespace: #@ data.values.platform.namespace annotations: kapp.k14s.io/change-group: metrics-server kapp.k14s.io/change-rule.service-account: delete before deleting serviceaccount @@ -18,7 +29,7 @@ spec: packageRef: refName: metrics-server.packages.kadras.io versionSelection: - constraints: 0.6.2+kadras.2 + constraints: 0.6.3 prereleases: {} values: - secretRef: @@ -28,8 +39,8 @@ apiVersion: v1 kind: Secret metadata: name: metrics-server-values - namespace: #@ data.values.packages.namespace + namespace: #@ data.values.platform.namespace stringData: - values.yaml: #@ yaml.encode(data.values.metrics_server) + values.yaml: #@ yaml.encode(build_package_values()) #@ end diff --git a/package/config/namespace-setup.yml b/package/config/namespace-setup.yml deleted file mode 100644 index 92a2393..0000000 --- a/package/config/namespace-setup.yml +++ /dev/null @@ -1,37 +0,0 @@ -#@ load("@ytt:data", "data") -#@ load("@ytt:yaml", "yaml") -#@ load("/helpers.star", "is_package_enabled") - -#@ if is_package_enabled("namespace-setup"): - ---- -apiVersion: packaging.carvel.dev/v1alpha1 -kind: PackageInstall -metadata: - name: namespace-setup - namespace: #@ data.values.packages.namespace - annotations: - kapp.k14s.io/change-group: namespace-setup - kapp.k14s.io/change-rule.cartographer-blueprints: upsert after upserting cartographer-blueprints - kapp.k14s.io/change-rule.cert-manager: upsert after upserting cert-manager - kapp.k14s.io/change-rule.secretgen-controller: upsert after upserting secretgen-controller - kapp.k14s.io/change-rule.serviceaccount: delete before deleting serviceaccount -spec: - serviceAccountName: kadras-install-sa - packageRef: - refName: namespace-setup.packages.kadras.io - versionSelection: - constraints: 0.2.1 - values: - - secretRef: - name: namespace-setup-values ---- -apiVersion: v1 -kind: Secret -metadata: - name: namespace-setup-values - namespace: #@ data.values.packages.namespace -stringData: - values.yaml: #@ yaml.encode(data.values.namespace_setup) - -#@ end diff --git a/package/config/rbac.yml b/package/config/rbac.yml index ff7d16e..b4dfcb1 100644 --- a/package/config/rbac.yml +++ b/package/config/rbac.yml @@ -28,12 +28,12 @@ roleRef: subjects: - kind: ServiceAccount name: kadras-install-sa - namespace: #@ data.values.packages.namespace + namespace: #@ data.values.platform.namespace --- apiVersion: v1 kind: ServiceAccount metadata: name: kadras-install-sa - namespace: #@ data.values.packages.namespace + namespace: #@ data.values.platform.namespace annotations: kapp.k14s.io/change-group: serviceaccount diff --git a/package/config/secretgen-controller.yml b/package/config/secretgen-controller.yml index 7869b23..6a0f660 100644 --- a/package/config/secretgen-controller.yml +++ b/package/config/secretgen-controller.yml @@ -1,15 +1,26 @@ #@ load("@ytt:data", "data") +#@ load("@ytt:struct", "struct") #@ load("@ytt:yaml", "yaml") #@ load("/helpers.star", "is_package_enabled") #@ if is_package_enabled("secretgen-controller"): +#@ def build_package_values(): +#@ values = {} +#@ +#@ if data.values.secretgen_controller: +#@ values.update(struct.decode(data.values.secretgen_controller)) +#@ end +#@ +#@ return struct.encode(values) +#@ end + --- apiVersion: packaging.carvel.dev/v1alpha1 kind: PackageInstall metadata: name: secretgen-controller - namespace: #@ data.values.packages.namespace + namespace: #@ data.values.platform.namespace annotations: kapp.k14s.io/change-group: secretgen-controller kapp.k14s.io/change-rule.service-account: delete before deleting serviceaccount @@ -28,8 +39,8 @@ apiVersion: v1 kind: Secret metadata: name: secretgen-controller-values - namespace: #@ data.values.packages.namespace + namespace: #@ data.values.platform.namespace stringData: - values.yaml: #@ yaml.encode(data.values.secretgen_controller) + values.yaml: #@ yaml.encode(build_package_values()) #@ end diff --git a/package/config/spring-boot-conventions.yml b/package/config/spring-boot-conventions.yml index 5a9d112..def1e5f 100644 --- a/package/config/spring-boot-conventions.yml +++ b/package/config/spring-boot-conventions.yml @@ -1,15 +1,26 @@ #@ load("@ytt:data", "data") +#@ load("@ytt:struct", "struct") #@ load("@ytt:yaml", "yaml") #@ load("/helpers.star", "is_package_enabled") #@ if is_package_enabled("spring-boot-conventions"): +#@ def build_package_values(): +#@ values = {} +#@ +#@ if data.values.conventions.spring_boot: +#@ values.update(struct.decode(data.values.conventions.spring_boot)) +#@ end +#@ +#@ return struct.encode(values) +#@ end + --- apiVersion: packaging.carvel.dev/v1alpha1 kind: PackageInstall metadata: name: spring-boot-conventions - namespace: #@ data.values.packages.namespace + namespace: #@ data.values.platform.namespace annotations: kapp.k14s.io/change-group: spring-boot-conventions kapp.k14s.io/change-rule.spring-boot-conventions: upsert after upserting cartographer @@ -19,7 +30,7 @@ spec: packageRef: refName: spring-boot-conventions.packages.kadras.io versionSelection: - constraints: 0.2.0 + constraints: 0.2.1 values: - secretRef: name: spring-boot-conventions-values @@ -28,8 +39,8 @@ apiVersion: v1 kind: Secret metadata: name: spring-boot-conventions-values - namespace: #@ data.values.packages.namespace + namespace: #@ data.values.platform.namespace stringData: - values.yaml: #@ yaml.encode(data.values.conventions.spring_boot) + values.yaml: #@ yaml.encode(build_package_values()) #@ end \ No newline at end of file diff --git a/package/config/tekton-catalog.yml b/package/config/tekton-catalog.yml index 8032a00..cff5cde 100644 --- a/package/config/tekton-catalog.yml +++ b/package/config/tekton-catalog.yml @@ -1,15 +1,26 @@ #@ load("@ytt:data", "data") +#@ load("@ytt:struct", "struct") #@ load("@ytt:yaml", "yaml") #@ load("/helpers.star", "is_package_enabled") #@ if is_package_enabled("tekton-catalog"): +#@ def build_package_values(): +#@ values = {} +#@ +#@ if data.values.tekton.catalog: +#@ values.update(struct.decode(data.values.tekton.catalog)) +#@ end +#@ +#@ return struct.encode(values) +#@ end + --- apiVersion: packaging.carvel.dev/v1alpha1 kind: PackageInstall metadata: name: tekton-catalog - namespace: #@ data.values.packages.namespace + namespace: #@ data.values.platform.namespace annotations: kapp.k14s.io/change-group: tekton-catalog kapp.k14s.io/change-rule.tekton-pipelines: upsert after upserting tekton-pipelines @@ -19,7 +30,7 @@ spec: packageRef: refName: tekton-catalog.packages.kadras.io versionSelection: - constraints: 0.1.0 + constraints: 0.1.1 prereleases: {} values: - secretRef: @@ -29,8 +40,8 @@ apiVersion: v1 kind: Secret metadata: name: tekton-catalog-values - namespace: #@ data.values.packages.namespace + namespace: #@ data.values.platform.namespace stringData: - values.yaml: #@ yaml.encode(data.values.tekton.catalog) + values.yaml: #@ yaml.encode(build_package_values()) #@ end diff --git a/package/config/tekton-pipelines.yml b/package/config/tekton-pipelines.yml index 2ddea69..a164b5e 100644 --- a/package/config/tekton-pipelines.yml +++ b/package/config/tekton-pipelines.yml @@ -1,15 +1,31 @@ #@ load("@ytt:data", "data") +#@ load("@ytt:struct", "struct") #@ load("@ytt:yaml", "yaml") #@ load("/helpers.star", "is_package_enabled") #@ if is_package_enabled("tekton-pipelines"): +#@ def build_package_values(): +#@ values = { +#@ "ca_cert_data": "" +#@ } +#@ +#@ if data.values.tekton.pipelines: +#@ values.update(struct.decode(data.values.tekton.pipelines)) +#@ end +#@ if data.values.platform.ca_cert_data and (not hasattr(data.values.tekton.pipelines, "ca_cert_data") or not data.values.tekton.pipelines.ca_cert_data): +#@ values["ca_cert_data"] = data.values.platform.ca_cert_data +#@ end +#@ +#@ return struct.encode(values) +#@ end + --- apiVersion: packaging.carvel.dev/v1alpha1 kind: PackageInstall metadata: name: tekton-pipelines - namespace: #@ data.values.packages.namespace + namespace: #@ data.values.platform.namespace annotations: kapp.k14s.io/change-group: tekton-pipelines kapp.k14s.io/change-rule.service-account: delete before deleting serviceaccount @@ -18,7 +34,7 @@ spec: packageRef: refName: tekton-pipelines.packages.kadras.io versionSelection: - constraints: 0.46.0+kadras.1 + constraints: 0.46.0+kadras.2 prereleases: {} values: - secretRef: @@ -28,8 +44,8 @@ apiVersion: v1 kind: Secret metadata: name: tekton-pipelines-values - namespace: #@ data.values.packages.namespace + namespace: #@ data.values.platform.namespace stringData: - values.yaml: #@ yaml.encode(data.values.tekton.pipelines) + values.yaml: #@ yaml.encode(build_package_values()) #@ end diff --git a/package/config/values-schema.yml b/package/config/values-schema.yml index e787d2c..849afeb 100644 --- a/package/config/values-schema.yml +++ b/package/config/values-schema.yml @@ -3,13 +3,61 @@ --- #@schema/desc "Configuration for the platform packages." -packages: +platform: #@schema/desc "The namespace where to install the platform." - namespace: "" + namespace: kadras-packages #@schema/desc "A list of packages to exclude from being installed." - excluded: + excluded_packages: - "" + #@schema/desc "PEM-encoded certificate data to trust TLS connections with a custom CA." + ca_cert_data: "" + + #@schema/desc "Setting for the Ingress controller that the platform will use." + ingress: + #@schema/desc "The base domain name the platform will use to configure the Ingress controller. It must be a valid DNS name." + domain: "" + #@schema/desc "A reference to the ClusterIssuer the platform will use to enable TLS communications." + issuer: + #@schema/desc "The type of ClusterIssuer the platform will use to enable TLS communications. Options: `private`, `letsencrypt_staging`, `letsencrypt`, `custom`." + #@schema/validation one_of=["private", "letsencrypt_staging", "letsencrypt", "custom"] + type: private + #@schema/desc "A reference to a custom ClusterIssuer previously created on the cluster where the platform will be installed. Required when the type is `custom`." + #@schema/validation when=lambda _, ctx: ctx.parent["type"] == "custom" + name: "" + + #@schema/desc "Settings for the OCI registry that the platform will use." + #@schema/validation one_not_null=["credentials", "secret"] + oci_registry: + #@schema/desc "The server of the OCI Registry where the platform will publish and consume OCI images." + #@schema/examples ("GitHub Container Registry", "ghcr.io") + server: "" + #@schema/desc "The repository in the OCI Registry where the platform will publish and consume OCI images." + #@schema/examples ("Repository on GitHub Container Registry", "my-org") + repository: "" + #@schema/desc "Credentials to access the OCI registry." + #@schema/nullable + credentials: + #@schema/desc "Username to access the OCI registry. Note: Use `_json_key` for GCR." + username: "" + #@schema/desc "Token to access the OCI registry. Note: Use contents of service account key json for GCR." + password: "" + #@schema/desc "Configuration for the Secret holding the credentials to access the OCI registry." + secret: + #@schema/desc "The name of the Secret holding the credentials to access the OCI registry." + name: supply-chain-registry-credentials + #@schema/desc "The namespace of the Secret holding the credentials to access the OCI registry." + namespace: kadras-packages + + #@schema/desc "Settings for Cosign, used for signing and verifying OCI artifacts." + cosign: + #@schema/desc "Configuration for the Secret holding the Cosign key pair." + secret: + #@schema/desc "The name of the Secret holding the Cosign key pair." + name: supply-chain-cosign-key-pair + #@schema/desc "The namespace of the Secret holding the Cosign key pair." + namespace: kadras-packages + #@schema/desc "Configuration for Buildpacks related packages." buildpacks: #@schema/desc "Configuration for the Buildpacks Catalog package." @@ -21,6 +69,9 @@ buildpacks: #@schema/desc "Configuration for Cartographer related packages." cartographer: + #@schema/desc "Configuration for the Cartographer Core package including Cartographer and Cartographer Conventions." + #@schema/type any=True + core: {} #@schema/desc "Configuration for the Cartographer Blueprints package." #@schema/type any=True blueprints: {} @@ -31,9 +82,14 @@ cartographer: #@schema/type any=True supply_chains: {} -#@schema/desc "Configuration for the Cert Manager package." -#@schema/type any=True -cert_manager: {} +#@schema/desc "Configuration for the Cert Manager related packages." +cert_manager: + #@schema/desc "Configuration for the Cert Manager package." + #@schema/type any=True + core: {} + #@schema/desc "Configuration for the Cert Manager Issuers package." + #@schema/type any=True + issuers: {} #@schema/desc "Configuration for the Contour package." #@schema/type any=True @@ -61,10 +117,6 @@ knative: #@schema/type any=True metrics_server: {} -#@schema/desc "Configuration for the Namespace Setup package." -#@schema/type any=True -namespace_setup: {} - #@schema/desc "Configuration for the Secretgen Controller package." #@schema/type any=True secretgen_controller: {} @@ -77,3 +129,7 @@ tekton: #@schema/desc "Configuration for the Tekton Pipelines package." #@schema/type any=True pipelines: {} + +#@schema/desc "Configuration for the Workspace Provisioner package." +#@schema/type any=True +workspace_provisioner: {} diff --git a/package/config/workspace-provisioner.yml b/package/config/workspace-provisioner.yml new file mode 100644 index 0000000..594ab08 --- /dev/null +++ b/package/config/workspace-provisioner.yml @@ -0,0 +1,61 @@ +#@ load("@ytt:data", "data") +#@ load("@ytt:struct", "struct") +#@ load("@ytt:yaml", "yaml") +#@ load("/helpers.star", "is_package_enabled") + +#@ if is_package_enabled("workspace-provisioner"): + +#@ def build_package_values(): +#@ values = { +#@ "oci_registry": { +#@ "secret": {} +#@ }, +#@ "cosign": { +#@ "secret": {} +#@ } +#@ } +#@ +#@ if data.values.workspace_provisioner: +#@ values.update(struct.decode(data.values.workspace_provisioner)) +#@ end +#@ if data.values.platform.oci_registry.secret.name and data.values.platform.oci_registry.secret.namespace and (not hasattr(data.values.workspace_provisioner, "oci_registry") or not hasattr(data.values.workspace_provisioner.oci_registry, "secret") or not hasattr(data.values.workspace_provisioner.oci_registry.secret, "name") or not hasattr(data.values.workspace_provisioner.oci_registry.secret, "namespace") or not data.values.workspace_provisioner.oci_registry.secret.name or not data.values.workspace_provisioner.oci_registry.secret.namespace): +#@ values["oci_registry"]["secret"]["name"] = data.values.platform.oci_registry.secret.name +#@ values["oci_registry"]["secret"]["namespace"] = data.values.platform.oci_registry.secret.namespace +#@ end +#@ if data.values.platform.cosign.secret.name and data.values.platform.cosign.secret.namespace and (not hasattr(data.values.workspace_provisioner, "cosign") or not hasattr(data.values.workspace_provisioner.cosign, "secret") or not hasattr(data.values.workspace_provisioner.cosign.secret, "name") or not hasattr(data.values.workspace_provisioner.cosign.secret, "namespace") or not data.values.workspace_provisioner.cosign.secret.name or not data.values.workspace_provisioner.cosign.secret.namespace): +#@ values["cosign"]["secret"]["name"] = data.values.platform.cosign.secret.name +#@ values["cosign"]["secret"]["namespace"] = data.values.platform.cosign.secret.namespace +#@ end +#@ +#@ return struct.encode(values) +#@ end + +--- +apiVersion: packaging.carvel.dev/v1alpha1 +kind: PackageInstall +metadata: + name: workspace-provisioner + namespace: #@ data.values.platform.namespace + annotations: + kapp.k14s.io/change-group: workspace-provisioner + kapp.k14s.io/change-rule.secretgen-controller: upsert after upserting secretgen-controller + kapp.k14s.io/change-rule.serviceaccount: delete before deleting serviceaccount +spec: + serviceAccountName: kadras-install-sa + packageRef: + refName: workspace-provisioner.packages.kadras.io + versionSelection: + constraints: 0.1.1 + values: + - secretRef: + name: workspace-provisioner-values +--- +apiVersion: v1 +kind: Secret +metadata: + name: workspace-provisioner-values + namespace: #@ data.values.platform.namespace +stringData: + values.yaml: #@ yaml.encode(build_package_values()) + +#@ end diff --git a/package/package-build.yml b/package/package-build.yml index d1ed444..7002d2f 100644 --- a/package/package-build.yml +++ b/package/package-build.yml @@ -19,7 +19,7 @@ spec: - kbld: {} export: - imgpkgBundle: - image: ghcr.io/kadras-io/kadras-engineering-platform + image: ghcr.io/kadras-io/engineering-platform useKbldImagesLock: true includePaths: - config diff --git a/test/setup/kind/v1.24/kind-config.yml b/test/setup/kind/v1.24/kind-config.yml index c8b4d22..580e675 100644 --- a/test/setup/kind/v1.24/kind-config.yml +++ b/test/setup/kind/v1.24/kind-config.yml @@ -3,6 +3,6 @@ kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 nodes: - role: control-plane - image: kindest/node:v1.24.7 + image: kindest/node:v1.24.12 - role: worker - image: kindest/node:v1.24.7 + image: kindest/node:v1.24.12 diff --git a/test/setup/kind/v1.25/kind-config.yml b/test/setup/kind/v1.25/kind-config.yml index 030c05e..18a17bd 100644 --- a/test/setup/kind/v1.25/kind-config.yml +++ b/test/setup/kind/v1.25/kind-config.yml @@ -3,6 +3,6 @@ kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 nodes: - role: control-plane - image: kindest/node:v1.25.3 + image: kindest/node:v1.25.8 - role: worker - image: kindest/node:v1.25.3 + image: kindest/node:v1.25.8 diff --git a/test/setup/kind/v1.26/kind-config.yml b/test/setup/kind/v1.26/kind-config.yml index 0774507..254a0ab 100644 --- a/test/setup/kind/v1.26/kind-config.yml +++ b/test/setup/kind/v1.26/kind-config.yml @@ -3,6 +3,6 @@ kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 nodes: - role: control-plane - image: kindest/node:v1.26.2 + image: kindest/node:v1.26.3 - role: worker - image: kindest/node:v1.26.2 + image: kindest/node:v1.26.3