Update dependencies to support Kubernetes 1.28

.github/ISSUE_TEMPLATE/bug-report.md

@@ -24,3 +24,4 @@ assignees: ''
 * Kubernetes version (execute `kubectl version`):
 * kctrl version (execute `kctrl version`):
 * kapp-controller version (execute `kubectl get deployment -n kapp-controller kapp-controller -o yaml` and the annotation is `kbld.k14s.io/images`):
+* package version (execute `kctrl package installed get -i engineering-platform -n <namespace>`):

.github/workflows/release.yml

@@ -18,6 +18,6 @@ jobs:
       registry-server: ghcr.io
       registry-username: ${{ github.actor }}
       image: ${{ github.repository }}
-      version: 0.10.0
+      version: 0.11.0
     secrets:
       pull-request-token: ${{ secrets.GH_ORG_PAT }}

.github/workflows/test.yml

@@ -14,7 +14,7 @@ jobs:
     name: Integration Tests
     strategy:
       matrix:
-        k8s_version: [v1.25, v1.26, v1.27]
+        k8s_version: [v1.26, v1.27, v1.28]
     permissions:
       contents: read
     uses: kadras-io/github-reusable-workflows/.github/workflows/carvel-package-test-integration.yml@main

.gitignore

@@ -4,6 +4,7 @@ repo/
 schema-openapi.yml
 
 ### KUTTL ###
+test/e2e/
 test/integration/kubeconfig
 test/integration/kuttl-artifacts
 kubeconfig

Makefile

@@ -1,4 +1,4 @@
-K8S_VERSION=v1.27
+K8S_VERSION=v1.28
 
 # Build package configuration
 build: package
@@ -12,8 +12,29 @@ prepare: test/setup
 
 # Inner development loop
 dev: package
+	kubectl config set-context --current --namespace=tests
 	cd package && kctrl dev -f package-resources.yml --local -y
 
+# Install e2e with 'standalone' profile
+e2e-standalone: package
+	kubectl config set-context --current --namespace=tests
+	cd package && ytt -f ../test/e2e/standalone -f package-resources.yml | kctrl dev -f- --local -y
+
+# Install e2e with 'dev' profile
+e2e-dev: package
+	kubectl config set-context --current --namespace=tests
+	cd package && ytt -f ../test/e2e/dev -f package-resources.yml | kctrl dev -f- --local -y
+
+# Install e2e with 'build' profile
+e2e-build: package
+	kubectl config set-context --current --namespace=tests
+	cd package && ytt -f ../test/e2e/build -f package-resources.yml | kctrl dev -f- --local -y
+
+# Install e2e with 'run' profile
+e2e-run: package
+	kubectl config set-context --current --namespace=tests
+	cd package && ytt -f ../test/e2e/run -f package-resources.yml | kctrl dev -f- --local -y
+
 # Clean development environment
 clean:
 	cd package && kctrl dev -f package-resources.yml --local -y --delete 

README.md

@@ -12,7 +12,7 @@ A curated set of Carvel packages to build an engineering platform supporting app
 
 ### Prerequisites
 
-* Kubernetes 1.25+
+* Kubernetes 1.26+
 * Carvel [`kctrl`](https://carvel.dev/kapp-controller/docs/latest/install/#installing-kapp-controller-cli-kctrl) CLI.
 * Carvel [kapp-controller](https://carvel.dev/kapp-controller) deployed in your Kubernetes cluster. You can install it with Carvel [`kapp`](https://carvel.dev/kapp/docs/latest/install) (recommended choice) or `kubectl`.
 
@@ -77,7 +77,7 @@ The Engineering Platform package can be customized via a `values.yml` file.
     platform:
       profile: run
     ingress:
-      domain: thomasvitale.com
+      domain: platform.kadras.io
   ```
 
 Reference the `values.yml` file from the `kctrl` command when installing or upgrading the package.
@@ -98,7 +98,7 @@ The Engineering Platform package has the following configurable properties.
 
 | Config | Default | Description |
 |-------|-------------------|-------------|
-| `platform.profile` | `run` | The platform profile to install. Options: `full`, `dev`, `build`, `run`. |
+| `platform.profile` | `run` | The platform profile to install. Options: `standalone`, `dev`, `build`, `run`. |
 | `platform.supply_chain` | `basic` | The type of supply chain to deploy. Options: `basic`, `advanced`. |
 | `platform.namespace` | `kadras-packages` | The namespace where to install the platform. |
 | `platform.excluded_packages` | `[]` | A list of packages to exclude from being installed. |
@@ -110,12 +110,12 @@ The Engineering Platform package has the following configurable properties.
 | `platform.ingress.issuer.email` | `""` | The email address that Let's Encrypt will use to send info on expiring certificates or other issues. Required when the type is `letsencrypt_staging` or `letsencrypt`. |
 | `platform.oci_registry.server` | `""` | The server of the OCI Registry where the platform will publish OCI images. Example: "ghcr.io". |
 | `platform.oci_registry.repository` | `""` | The repository in the OCI Registry where the platform will publish OCI images. Example: "my-org". |
-| `platform.oci_registry.secret.name` | `""` | The name of the Secret holding the credentials to access the OCI registry. The credentials should provide read-only access to the OCI registry except when installing the platform with one of these profiles: `full`, `dev`, `build`. |
+| `platform.oci_registry.secret.name` | `""` | The name of the Secret holding the credentials to access the OCI registry. The credentials should provide read-only access to the OCI registry except when installing the platform with one of these profiles: `standalone`, `dev`, `build`. |
 | `platform.oci_registry.secret.namespace` | `kadras-packages` | The namespace of the Secret holding the credentials to access the OCI registry. |
 | `platform.cosign.secret.name` | `""` | The name of the Secret holding the Cosign key pair. |
 | `platform.cosign.secret.namespace` | `kadras-packages` | The namespace of the Secret holding the Cosign key pair. |
 | `platform.git.server` | `https://github.com` | The server hosting the Git repositories used by the plaform. |
-| `platform.git.secret.name` | `""` | The name of the Secret holding the credentials to access the Git server. The credentials should provide read-only access to the Git server except when installing the platform with one of these profiles: `full`, `build`. |
+| `platform.git.secret.name` | `""` | The name of the Secret holding the credentials to access the Git server. The credentials should provide read-only access to the Git server except when installing the platform with one of these profiles: `standalone`, `build`. |
 | `platform.git.secret.namespace` | `kadras-packages` | The namespace of the Secret holding the credentials to access the Git server. |
 
 Each Kadras package included in the platform can be configured independently.

docs/install.md

@@ -2,7 +2,7 @@
 
 ## 1. Prerequisites
 
-* Kubernetes 1.25+
+* Kubernetes 1.26+
 * Carvel [`kctrl`](https://carvel.dev/kapp-controller/docs/latest/install/#installing-kapp-controller-cli-kctrl) CLI.
 * Sigstore [`cosign`](https://docs.sigstore.dev/cosign/installation/) CLI.
 * Carvel [kapp-controller](https://carvel.dev/kapp-controller) deployed in your Kubernetes cluster. You can install it with Carvel [`kapp`](https://carvel.dev/kapp/docs/latest/install) (recommended choice) or `kubectl`.
@@ -22,7 +22,7 @@ Add the Kadras repository to make all the platform packages available to the clu
     -n kadras-packages --create-namespace
   ```
 
-You can check the full list of available packages as follows.
+You can check the standalone list of available packages as follows.
 
   ```shell
   kctrl package available list -n kadras-packages 

docs/workload.md

@@ -4,5 +4,5 @@
   carto apps workload create band-service \
     --git-repo https://github.com/ThomasVitale/band-service \
     --git-branch main \
-    --label "apps.kadras.io/workload-type=web" 
+    --label "app.kadras.io/workload-type=web" 
   ```

package/config/components/buildpacks-catalog.yml

@@ -3,7 +3,7 @@
 #@ load("@ytt:yaml", "yaml")
 #@ load("/helpers.star", "is_any_profile_enabled", "is_package_enabled", "profiles")
 
-#@ if is_package_enabled("buildpacks-catalog") and is_any_profile_enabled([profiles.full, profiles.dev, profiles.build]):
+#@ if is_package_enabled("buildpacks-catalog") and is_any_profile_enabled([profiles.standalone, profiles.dev, profiles.build]):
 
 #@ def compute_package_values():
 #@   values = struct.decode(data.values.buildpacks.catalog)
@@ -34,7 +34,7 @@ spec:
   packageRef:
     refName: buildpacks-catalog.packages.kadras.io
     versionSelection:
-      constraints: 0.9.1
+      constraints: 0.9.2
       prereleases: {}
   values:
   - secretRef:

package/config/components/cartographer-blueprints.yml

@@ -3,7 +3,7 @@
 #@ load("@ytt:yaml", "yaml")
 #@ load("/helpers.star", "is_any_profile_enabled", "is_package_enabled", "profiles")
 
-#@ if is_package_enabled("cartographer-blueprints") and is_any_profile_enabled([profiles.full, profiles.dev, profiles.build, profiles.run]):
+#@ if is_package_enabled("cartographer-blueprints") and is_any_profile_enabled([profiles.standalone, profiles.dev, profiles.build]):
 
 #@ def compute_package_values():
 #@   return data.values.cartographer.blueprints
@@ -26,7 +26,7 @@ spec:
   packageRef:
     refName: cartographer-blueprints.packages.kadras.io
     versionSelection:
-      constraints: 0.6.1
+      constraints: 0.7.4
       prereleases: {}
   values:
   - secretRef:

package/config/components/cartographer-supply-chains.yml

@@ -3,7 +3,7 @@
 #@ load("@ytt:yaml", "yaml")
 #@ load("/helpers.star", "is_any_profile_enabled", "is_package_enabled", "profiles")
 
-#@ if is_package_enabled("cartographer-supply-chains") and is_any_profile_enabled([profiles.full, profiles.dev, profiles.build]):
+#@ if is_package_enabled("cartographer-supply-chains") and is_any_profile_enabled([profiles.standalone, profiles.dev, profiles.build]):
 
 #@ def compute_package_values():
 #@   values = struct.decode(data.values.cartographer.supply_chains)
@@ -55,7 +55,7 @@ spec:
   packageRef:
     refName: cartographer-supply-chains.packages.kadras.io
     versionSelection:
-      constraints: 0.6.0
+      constraints: 0.7.2
       prereleases: {}
   values:
   - secretRef:

package/config/components/cartographer.yml

@@ -3,7 +3,7 @@
 #@ load("@ytt:yaml", "yaml")
 #@ load("/helpers.star", "is_any_profile_enabled", "is_package_enabled", "profiles")
 
-#@ if is_package_enabled("cartographer") and is_any_profile_enabled([profiles.full, profiles.dev, profiles.build, profiles.run]):
+#@ if is_package_enabled("cartographer") and is_any_profile_enabled([profiles.standalone, profiles.dev, profiles.build]):
 
 #@ def compute_package_values():
 #@   values = struct.decode(data.values.cartographer.core)
@@ -13,14 +13,6 @@
 #@     values["ca_cert_data"] = values["ca_cert_data"] + data.values.platform.ca_cert_data
 #@   end
 #@
-#@   #! Disable Cartographer Conventions based on profile
-#@   if is_any_profile_enabled([profiles.run]):
-#@     if not hasattr(data.values.cartographer.core, "optional_components") or not data.values.cartographer.core.optional_components or not hasattr(data.values.cartographer.core.optional_components, "cartographer_conventions") or not data.values.cartographer.core.optional_components.cartographer_conventions:
-#@       values["optional_components"] = {}
-#@       values["optional_components"]["cartographer_conventions"] = "false"
-#@     end
-#@   end 
-#@
 #@   return struct.encode(values)
 #@ end
 

package/config/components/cert-manager.yml

@@ -23,7 +23,7 @@ spec:
   packageRef:
     refName: cert-manager.packages.kadras.io
     versionSelection:
-      constraints: 1.12.3
+      constraints: 1.12.4+kadras.1
       prereleases: {}
   values:
     - secretRef:

package/config/components/contour.yml

@@ -37,7 +37,7 @@ spec:
   packageRef:
     refName: contour.packages.kadras.io
     versionSelection:
-      constraints: 1.25.2
+      constraints: 1.26.0
   values:
     - secretRef:
         name: contour-values

package/config/components/flux.yml

@@ -6,7 +6,17 @@
 #@ if is_package_enabled("flux"):
 
 #@ def compute_package_values():
-#@   return data.values.flux
+#@   values = struct.decode(data.values.flux)
+#@
+#@   #! Disable Kustomize Controller based on profile
+#@   if is_any_profile_enabled([profiles.dev]):
+#@     if not hasattr(data.values.flux, "optional_components") or not data.values.flux.optional_components or not hasattr(data.values.flux.optional_components, "kustomize_controller") or not data.values.flux.optional_components.kustomize_controller:
+#@       values["optional_components"] = {}
+#@       values["optional_components"]["kustomize_controller"] = False
+#@     end
+#@   end 
+#@
+#@   return struct.encode(values)
 #@ end
 
 ---
@@ -23,7 +33,7 @@ spec:
   packageRef:
     refName: flux.packages.kadras.io
     versionSelection:
-      constraints: 2.1.0+kadras.1
+      constraints: 2.1.0+kadras.2
   values:
     - secretRef:
         name: flux-values

package/config/components/knative-serving.yml

@@ -3,7 +3,7 @@
 #@ load("@ytt:yaml", "yaml")
 #@ load("/helpers.star", "get_issuer_name", "is_any_profile_enabled", "is_package_enabled", "profiles")
 
-#@ if is_package_enabled("knative-serving") and is_any_profile_enabled([profiles.full, profiles.dev, profiles.run]):
+#@ if is_package_enabled("knative-serving") and is_any_profile_enabled([profiles.standalone, profiles.dev, profiles.run]):
 
 #@ def compute_package_values():
 #@   values = struct.decode(data.values.knative.serving)

package/config/components/kpack.yml

@@ -3,7 +3,7 @@
 #@ load("@ytt:yaml", "yaml")
 #@ load("/helpers.star", "is_any_profile_enabled", "is_package_enabled", "profiles")
 
-#@ if is_package_enabled("kpack") and is_any_profile_enabled([profiles.full, profiles.dev, profiles.build]):
+#@ if is_package_enabled("kpack") and is_any_profile_enabled([profiles.standalone, profiles.dev, profiles.build]):
 
 #@ def compute_package_values():
 #@   values = {
@@ -54,7 +54,7 @@ spec:
   packageRef:
     refName: kpack.packages.kadras.io
     versionSelection:
-      constraints: 0.11.2+kadras.1
+      constraints: 0.12.0
       prereleases: {}
   values:
   - secretRef:

package/config/components/rbac-configurer.yml

@@ -0,0 +1,40 @@
+#@ load("@ytt:data", "data")
+#@ load("@ytt:struct", "struct")
+#@ load("@ytt:yaml", "yaml")
+#@ load("/helpers.star", "is_any_profile_enabled", "is_package_enabled", "profiles")
+
+#@ if is_package_enabled("rbac-configurer"):
+
+#@ def compute_package_values():
+#@   return data.values.metrics_server
+#@ end
+
+---
+apiVersion: packaging.carvel.dev/v1alpha1
+kind: PackageInstall
+metadata:
+  name: rbac-configurer
+  namespace: #@ data.values.platform.namespace
+  annotations:
+    kapp.k14s.io/change-group: rbac-configurer
+    kapp.k14s.io/change-rule.service-account: delete before deleting serviceaccount
+spec:
+  serviceAccountName: kadras-install-sa
+  packageRef:
+    refName: rbac-configurer.packages.kadras.io
+    versionSelection:
+      constraints: 0.2.1
+      prereleases: {}
+  values:
+  - secretRef:
+      name: rbac-configurer-values
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: rbac-configurer-values
+  namespace: #@ data.values.platform.namespace
+stringData:
+  values.yaml: #@ yaml.encode(compute_package_values())
+
+#@ end

package/config/components/secretgen-controller.yml

@@ -23,7 +23,7 @@ spec:
   packageRef:
     refName: secretgen-controller.packages.kadras.io
     versionSelection:
-      constraints: 0.14.8
+      constraints: 0.14.10
       prereleases: {}
   values:
   - secretRef: