Merge pull request #118 from JoshVanL/update-demo-components

jetstack-bot · web-flow · commit 1d1bfa8a0dad · 2020-01-08T10:36:19.000Z
Update demo components
diff --git a/demo/Makefile b/demo/Makefile
@@ -13,16 +13,18 @@ EXT_VARS := --tla-str cloud=$(CLOUD)
 UNAME_S := $(shell uname -s)
 ifeq ($(UNAME_S),Linux)
 	SHASUM := sha256sum -c
-	KUBECFG_URL := https://github.com/ksonnet/kubecfg/releases/download/v0.9.1/kubecfg-linux-amd64
-	KUBECFG_HASH := c972b52893794ccd49adfc9d7b69e2d388c0c91c4837e194de7cdf0d67b2baf8
+	KUBECFG_URL := https://github.com/ksonnet/kubecfg/releases/download/v0.14.0/kubecfg-linux-amd64
+	KUBECFG_HASH := bb1455ec70f93d6f0fd344becec2f1617837a879e8363272d3216bf44c04cb2c
+	JSONNET_URL := https://github.com/google/jsonnet/releases/download/v0.14.0/jsonnet-bin-v0.14.0-linux.tar.gz
+	JSONNET_HASH := 30ba7b243ddb24231882ae3aa1930e76b6050bb76b5ccd0d97410b21fb784039
 endif
 ifeq ($(UNAME_S),Darwin)
 	SHASUM := shasum -a 256 -c
-	KUBECFG_URL := https://github.com/ksonnet/kubecfg/releases/download/v0.9.1/kubecfg-darwin-amd64
-	KUBECFG_HASH := 9b6772abc3e2da5add51aa57a2944f77f4c05be49df56087056837aa640fb9c9
+	KUBECFG_URL := https://github.com/ksonnet/kubecfg/releases/download/v0.14.0/kubecfg-darwin-amd64
+	KUBECFG_HASH := d448ae2888a28692a20d5ddb29ddae0574f74327611bd5b933092312f8c18fcf
+	JSONNET_URL := https://github.com/google/jsonnet/releases/download/v0.14.0/jsonnet-bin-v0.14.0-osx.tar.gz
+	JSONNET_HASH := e056c7305e8f86c0e2441085d5cdfd29b219ef09d8daae54e9f6d2647dd18d3e
 endif
-JSONNET_URL := https://github.com/google/jsonnet/archive/v0.12.1.tar.gz
-JSONNET_HASH := 257c6de988f746cc90486d9d0fbd49826832b7a2f0dbdb60a515cc8a2596c950
 
 export KUBECONFIG
 
@@ -63,27 +65,27 @@ manifests_validate: depend manifests/$(CLOUD)-config.json ## Use kubecfg to vali
 
 .PHONY: manifests_validate
 jsonnet_fmt: depend ## validate formatting of jsonnet files
-	$(BINDIR)/jsonnet fmt --test $(shell find manifests/components/. manifests/main.jsonnet -name "*.jsonnet")
+	$(BINDIR)/jsonnetfmt --test $(shell find manifests/components/. manifests/main.jsonnet -name "*.jsonnet")
 
 .PHONY: manifests_destroy
 manifests_destroy: depend manifests/$(CLOUD)-config.json ## Use kubecfg to delete manifests
 	$(BINDIR)/kubecfg $(EXT_VARS) show config.jsonnet | kubectl delete -f - --ignore-not-found
 
 .PHONY: manifests_backup_certificates
-manifests_backup_certificates:
-	kubectl get secrets --all-namespaces -l certmanager.k8s.io/certificate-name -o yaml > .backup-certificates-$(CLOUD).yaml.tmp
+manifests_backup_certificates: ## backup tls secrets
+	kubectl get -n auth -o yaml $(shell kubectl get secrets -n auth -oname) > .backup-certificates-$(CLOUD).yaml.tmp
 	mv .backup-certificates-$(CLOUD).yaml.tmp .backup-certificates-$(CLOUD).yaml
 
 .PHONY: manifests_restore_certificates
-manifests_restore_certificates:
+manifests_restore_certificates: ## restore tls secrets
 	kubectl create ns auth --dry-run -o yaml | kubectl apply -f -
 	kubectl apply -f .backup-certificates-$(CLOUD).yaml
 
 .PHONY: verify
 verify: jsonnet_fmt ## verify code and vendor
 
 .PHONY: depend
-depend: $(BINDIR)/kubecfg $(BINDIR)/jsonnet
+depend: $(BINDIR)/kubecfg $(BINDIR)/jsonnet $(BINDIR)/jsonnetfmt
 
 .PHONY: clean
 clean: ## clean up created files
@@ -99,7 +101,4 @@ $(BINDIR)/jsonnet:
 	mkdir -p $(BINDIR)
 	curl -sL -o $@.tar.gz $(JSONNET_URL)
 	echo "$(JSONNET_HASH)  $@.tar.gz" | $(SHASUM)
-	cd $(BINDIR) && tar xf jsonnet.tar.gz && rm jsonnet.tar.gz
-	make -C $(BINDIR)/jsonnet-0.12.1
-	mv $(BINDIR)/jsonnet-0.12.1/jsonnet $(BINDIR)/jsonnet
-	rm -rf $(BINDIR)/jsonnet-0.12.1
+	cd $(BINDIR) && tar xvf jsonnet.tar.gz && rm jsonnet.tar.gz
diff --git a/demo/infrastructure/digitalocean/providers.tf b/demo/infrastructure/digitalocean/providers.tf
@@ -5,7 +5,7 @@ variable "digitalocean_region" {
 }
 
 variable "cluster_version" {
-  default = "1.15.5-do.0"
+  default = "1.16.2-do.1"
 }
 
 module "cluster" {
diff --git a/demo/infrastructure/modules/amazon-cluster/cluster.tf b/demo/infrastructure/modules/amazon-cluster/cluster.tf
@@ -83,8 +83,7 @@ module "vpc" {
 }
 
 module "eks" {
-  #source       = "terraform-aws-modules/eks/aws"
-  source       = "git@github.com:terraform-aws-modules/terraform-aws-eks.git?ref=6c3e4ec510f658f53508623a6192df064e7a4786"
+  source       = "terraform-aws-modules/eks/aws"
   cluster_name = "${local.cluster_name}"
   subnets      = "${module.vpc.private_subnets}"
 
diff --git a/demo/manifests/components/cert-manager.jsonnet b/demo/manifests/components/cert-manager.jsonnet
@@ -1,8 +1,6 @@
 local kube = import '../vendor/kube-prod-runtime/lib/kube.libsonnet';
 local cert_manager_manifests = import './cert-manager/cert-manager.json';
 
-local CERT_MANAGER_IMAGE = '';
-
 {
   ca_secret_name:: 'ca-key-pair',
 
@@ -38,13 +36,13 @@ local CERT_MANAGER_IMAGE = '';
   // Letsencrypt environment (defaults to the production one)
   letsencrypt_environment:: 'prod',
 
-  Issuer(name):: kube._Object('certmanager.k8s.io/v1alpha1', 'Issuer', name) {
+  Issuer(name):: kube._Object('cert-manager.io/v1alpha2', 'Issuer', name) {
   },
 
-  ClusterIssuer(name):: kube._Object('certmanager.k8s.io/v1alpha1', 'ClusterIssuer', name) {
+  ClusterIssuer(name):: kube._Object('cert-manager.io/v1alpha2', 'ClusterIssuer', name) {
   },
 
-  certCRD: kube.CustomResourceDefinition('certmanager.k8s.io', 'v1alpha1', 'Certificate') {
+  certCRD: kube.CustomResourceDefinition('cert-manager.io', 'v1alpha2', 'Certificate') {
     spec+: { names+: { shortNames+: ['cert', 'certs'] } },
   },
 
diff --git a/demo/manifests/components/cert-manager/cert-manager.json b/demo/manifests/components/cert-manager/cert-manager.json
diff --git a/demo/manifests/components/kube-oidc-proxy.jsonnet b/demo/manifests/components/kube-oidc-proxy.jsonnet
@@ -58,8 +58,8 @@ local READINESS_PORT = 8080;
       },
       {
         apiGroups: ['authentication.k8s.io'],
-        resources: ['userextras/scopes'],
-        verbs: ['impersonate'],
+        resources: ['userextras/scopes', 'tokenreviews'],
+        verbs: ['impersonate', 'create'],
       },
     ],
   },
@@ -117,6 +117,7 @@ local READINESS_PORT = 8080;
                 '--oidc-groups-claim=' + $.config.oidc.groupsClaim,
                 '--oidc-client-id=$(OIDC_CLIENT_ID)',
                 '--oidc-issuer-url=$(OIDC_ISSUER_URL)',
+                '--token-passthrough',
               ] + if std.objectHas($.config.oidc, 'caFile') then
                 ['--oidc-ca-file=' + $.config.oidc.caFile]
               else
diff --git a/demo/manifests/main.jsonnet b/demo/manifests/main.jsonnet
@@ -67,7 +67,8 @@ local apply_ca_issuer(ca_crt, ca_key, obj) =
     {};
 
 local apply_google_secret(cert_manager) =
-  if std.objectHas(cert_manager, 'service_account_credentials') then
+  if std.objectHas(cert_manager, 'service_account_credentials') &&
+     std.objectHas(cert_manager, 'metadata') then
     kube.Secret(cert_manager.p + 'clouddns-google-credentials') + cert_manager.metadata {
       data_+: {
         'credentials.json': cert_manager.service_account_credentials,
diff --git a/hack/boilerplate/boilerplate.py b/hack/boilerplate/boilerplate.py
@@ -142,6 +142,7 @@ def file_extension(filename):
     "hack",
     "pkg/mocks",
     "bin",
+    "demo/infrastructure",
 ]
 
 

Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,7 @@ variable "digitalocean_region" {`
`5`	`5`	`}`
`6`	`6`
`7`	`7`	`variable "cluster_version" {`
`8`		`- default = "1.15.5-do.0"`
	`8`	`+ default = "1.16.2-do.1"`
`9`	`9`	`}`
`10`	`10`
`11`	`11`	`module "cluster" {`
Original file line number	Diff line number	Diff line change
`@@ -83,8 +83,7 @@ module "vpc" {`
`83`	`83`	`}`
`84`	`84`
`85`	`85`	`module "eks" {`
`86`		`- #source = "terraform-aws-modules/eks/aws"`
`87`		`- source = "[email protected]:terraform-aws-modules/terraform-aws-eks.git?ref=6c3e4ec510f658f53508623a6192df064e7a4786"`
	`86`	`+ source = "terraform-aws-modules/eks/aws"`
`88`	`87`	`cluster_name = "${local.cluster_name}"`
`89`	`88`	`subnets = "${module.vpc.private_subnets}"`
`90`	`89`
Original file line number	Diff line number	Diff line change
`@@ -142,6 +142,7 @@ def file_extension(filename):`
`142`	`142`	`"hack",`
`143`	`143`	`"pkg/mocks",`
`144`	`144`	`"bin",`
	`145`	`+ "demo/infrastructure",`
`145`	`146`	`]`
`146`	`147`
`147`	`148`