diff --git a/.gitignore b/.gitignore index e1af925..e69de29 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +0,0 @@ -**/config/* diff --git a/Taskfile.yml b/Taskfile.yml index 3a218f9..b2bf94c 100644 --- a/Taskfile.yml +++ b/Taskfile.yml @@ -83,8 +83,8 @@ tasks: - | flux install --export \ --components-extra="image-reflector-controller,image-automation-controller" \ - > gotk-components.yaml - dir: ./templates/fluxcd/resources + > components.yaml + dir: ./templates/fluxcd/templates/resources pull: desc: Pulls the resources from the gitops-template ocm. diff --git a/VERSION b/VERSION index 15a7000..7df503e 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -v0.0.3-dev \ No newline at end of file +v0.0.4 diff --git a/docs/Templating.md b/docs/Templating.md index 368cb79..4064533 100644 --- a/docs/Templating.md +++ b/docs/Templating.md @@ -26,27 +26,51 @@ platformClusterKubeconfigSecretName: "platform-kubeconfig" resources files: ```yaml +# The information for the git repo git: - repoUrl: "" # The url to the github gitops repository - mainBranch: "" # The main branch of the gitops repository (most of the time, set it to 'main') + repoUrl: "" + mainBranch: "" + +# Image pull secrets to be added to all deployments +imagePullSecrets: [] + # - name: my-registry-secret + +# Image replacement variables +# You can either specify a prefix which is put in front of xxx-controller or directly specify the images +images: + prefix: "ghcr.io/openmcp-project/fluxcd" + sourceController: + image: "ghcr.io/fluxcd/source-controller" + tag: "latest" # optional + digest: "" # optional + notificationController: + image: "ghcr.io/fluxcd/notification-controller" + kustomizeController: + image: "ghcr.io/fluxcd/kustomize-controller" + helmController: + image: "ghcr.io/fluxcd/helm-controller" + imageReflectorController: + image: "ghcr.io/fluxcd/image-reflector-controller" + imageAutomationController: + image: "ghcr.io/fluxcd/image-automation-controller" ``` When rendering the `overlays` files, the following values are used: ```yaml -fluxCDResourcesPath: "" # The path were the fluxcd resources are lying relative to the overlays -gitRepoEnvBranch: "" # The branch for this environment to look at -envPathFluxSystem: "" # The path were the env overlays are located at from the root of the git repo +# Path from the overlays folder to the resources folder of fluxcd (e.g. ../../../resources/fluxcd) +fluxCDResourcesPath: "" +# Path to the env fluxCD folder (e.g. envs/%ENV%/fluxcd) +fluxCDEnvPath: "" +# branch of the env (e.g. dev) +gitRepoEnvBranch: "" ``` ### OpenMCP ```yaml -openMCPResourcesPath: "" # The path were the fluxcd resources are lying relative to the overlays +openMCPResourcesPath: "" # The path were the fluxcd resources are lying relative to the overlays (e.g. ../../../resources/openmcp) openMCPOperator: image: "" # the image of the openmcp operator to use tag: "" # the tag of the image of the openmcp operator you want to use for deployment - -onboardingClusterKubeconfigSecretName: "" # the secret name for the onboarding cluster; must be located in the openmcp-system namespace -platformClusterKubeconfigSecretName: "" # the secret name for the platform cluster; must be located in the openmcp-system namespace ``` diff --git a/templates/fluxcd/templates/overlays/gotk-sync-kustomization.yaml b/templates/fluxcd/templates/overlays/flux-kustomization.yaml similarity index 76% rename from templates/fluxcd/templates/overlays/gotk-sync-kustomization.yaml rename to templates/fluxcd/templates/overlays/flux-kustomization.yaml index e929f24..2487be1 100644 --- a/templates/fluxcd/templates/overlays/gotk-sync-kustomization.yaml +++ b/templates/fluxcd/templates/overlays/flux-kustomization.yaml @@ -5,4 +5,4 @@ metadata: name: flux-system namespace: flux-system spec: - path: {{ .Values.envPathFluxSystem }} + path: {{ .Values.fluxCDEnvPath }} diff --git a/templates/fluxcd/templates/overlays/gotk-sync-gitrepo.yaml b/templates/fluxcd/templates/overlays/gitrepo.yaml similarity index 100% rename from templates/fluxcd/templates/overlays/gotk-sync-gitrepo.yaml rename to templates/fluxcd/templates/overlays/gitrepo.yaml diff --git a/templates/fluxcd/templates/overlays/kustomization.yaml b/templates/fluxcd/templates/overlays/kustomization.yaml index fe778d8..fd66ec8 100644 --- a/templates/fluxcd/templates/overlays/kustomization.yaml +++ b/templates/fluxcd/templates/overlays/kustomization.yaml @@ -3,5 +3,5 @@ kind: Kustomization resources: - {{ .Values.fluxCDResourcesPath }} patches: -- path: gotk-sync-gitrepo.yaml -- path: gotk-sync-kustomization.yaml +- path: gitrepo.yaml +- path: flux-kustomization.yaml diff --git a/templates/fluxcd/templates/resources/gotk-components.yaml b/templates/fluxcd/templates/resources/components.yaml similarity index 99% rename from templates/fluxcd/templates/resources/gotk-components.yaml rename to templates/fluxcd/templates/resources/components.yaml index abe9bea..a9cfa04 100644 --- a/templates/fluxcd/templates/resources/gotk-components.yaml +++ b/templates/fluxcd/templates/resources/components.yaml @@ -5344,8 +5344,6 @@ spec: name: data - mountPath: /tmp name: tmp - imagePullSecrets: - - name: \{\{ .Values.imagePullSecret }} nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical @@ -7242,8 +7240,6 @@ spec: volumeMounts: - mountPath: /tmp name: temp - imagePullSecrets: - - name: \{\{ .Values.imagePullSecret }} nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical @@ -11046,8 +11042,6 @@ spec: volumeMounts: - mountPath: /tmp name: temp - imagePullSecrets: - - name: \{\{ .Values.imagePullSecret }} nodeSelector: kubernetes.io/os: linux priorityClassName: system-cluster-critical @@ -13027,8 +13021,6 @@ spec: volumeMounts: - mountPath: /tmp name: temp - imagePullSecrets: - - name: \{\{ .Values.imagePullSecret }} nodeSelector: kubernetes.io/os: linux securityContext: @@ -14139,8 +14131,6 @@ spec: name: temp - mountPath: /data name: data - imagePullSecrets: - - name: \{\{ .Values.imagePullSecret }} nodeSelector: kubernetes.io/os: linux securityContext: @@ -14974,8 +14964,6 @@ spec: volumeMounts: - mountPath: /tmp name: temp - imagePullSecrets: - - name: \{\{ .Values.imagePullSecret }} nodeSelector: kubernetes.io/os: linux securityContext: diff --git a/templates/fluxcd/templates/resources/gotk-sync.yaml b/templates/fluxcd/templates/resources/flux-kustomization.yaml similarity index 52% rename from templates/fluxcd/templates/resources/gotk-sync.yaml rename to templates/fluxcd/templates/resources/flux-kustomization.yaml index 120b9ff..7743a3c 100644 --- a/templates/fluxcd/templates/resources/gotk-sync.yaml +++ b/templates/fluxcd/templates/resources/flux-kustomization.yaml @@ -1,17 +1,3 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: GitRepository -metadata: - name: environments - namespace: flux-system -spec: - interval: 5m - url: {{ .Values.git.repoUrl }} - ref: - branch: {{ .Values.git.mainBranch }} - secretRef: - name: git ---- apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/templates/fluxcd/templates/resources/gitrepo.yaml b/templates/fluxcd/templates/resources/gitrepo.yaml new file mode 100644 index 0000000..2b4897d --- /dev/null +++ b/templates/fluxcd/templates/resources/gitrepo.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: GitRepository +metadata: + name: environments + namespace: flux-system +spec: + interval: 5m + url: {{ .Values.git.repoUrl }} + ref: + branch: {{ .Values.git.mainBranch }} + secretRef: + name: git diff --git a/templates/fluxcd/templates/resources/kustomization.yaml b/templates/fluxcd/templates/resources/kustomization.yaml index d299340..b6288c7 100644 --- a/templates/fluxcd/templates/resources/kustomization.yaml +++ b/templates/fluxcd/templates/resources/kustomization.yaml @@ -1,8 +1,41 @@ --- +{{- $prefix := .Values.images.prefix }} +{{- $images := dict + "source-controller" .Values.images.sourceController + "notification-controller" .Values.images.notificationController + "kustomize-controller" .Values.images.kustomizeController + "helm-controller" .Values.images.helmController + "image-reflector-controller" .Values.images.imageReflectorController + "image-automation-controller" .Values.images.imageAutomationController +}} resources: - - gotk-components.yaml - - gotk-sync.yaml + - components.yaml + - gitrepo.yaml + - flux-kustomization.yaml images: - - name: ghcr.io/fluxcd/source-controller - newName: {{ .Values.sourceControllerImage }} - - name: ghcr.io/fluxcd/notification-controller +{{- range $name, $cfg := $images }} + - name: ghcr.io/fluxcd/{{ $name }} + newName: {{ if $cfg }}{{ $cfg.image }}{{- else if $prefix }}{{ $prefix }}/{{ $name }}{{- else }}ghcr.io/fluxcd/{{ $name }}{{- end }} + {{- if and $cfg $cfg.tag }} + newTag: {{ $cfg.tag }} + {{- end }} + {{- if and $cfg $cfg.digest }} + digest: {{ $cfg.digest }} + {{- end }} +{{- end }} + +{{- if .Values.imagePullSecrets }} +patches: + - target: + kind: Deployment + patch: | + apiVersion: apps/v1 + kind: Deployment + metadata: + name: this_value_is_ignored + spec: + template: + spec: + imagePullSecrets: + {{ toYaml .Values.imagePullSecrets | indent 8 }} +{{- end }} diff --git a/templates/fluxcd/values.yaml b/templates/fluxcd/values.yaml index d7a3896..e67583e 100644 --- a/templates/fluxcd/values.yaml +++ b/templates/fluxcd/values.yaml @@ -1,8 +1,35 @@ +# Path from the overlays folder to the resources folder of fluxcd (e.g. ../../../resources/fluxcd) +fluxCDResourcesPath: "../resources" +# Path to the env fluxCD folder (e.g. envs/%ENV%/fluxcd) +fluxCDEnvPath: "" +# branch of the env (e.g. dev) +gitRepoEnvBranch: "" + +# The information for the git repo git: repoUrl: "" mainBranch: "" -# maybe like this -envs: - - git: - branch: "" +# Image pull secrets to be added to all deployments +imagePullSecrets: [] + # - name: my-registry-secret + +# Image replacement variables +# You can either specify a prefix which is put in front of xxx-controller or directly specify the images +images: + prefix: "ghcr.io/fluxcd" + # prefix: "ghcr.io/openmcp-project/fluxcd" +# sourceController: +# image: "ghcr.io/fluxcd/source-controller" +# tag: "latest" # optional +# digest: "" # optional +# notificationController: +# image: "ghcr.io/fluxcd/notification-controller" +# kustomizeController: +# image: "ghcr.io/fluxcd/kustomize-controller" +# helmController: +# image: "ghcr.io/fluxcd/helm-controller" +# imageReflectorController: +# image: "ghcr.io/fluxcd/image-reflector-controller" +# imageAutomationController: +# image: "ghcr.io/fluxcd/image-automation-controller" diff --git a/templates/kind/clusterprovider.yaml b/templates/kind/clusterprovider.yaml deleted file mode 100644 index 26b3ce8..0000000 --- a/templates/kind/clusterprovider.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: openmcp.cloud/v1alpha1 -kind: ClusterProvider -metadata: - name: kind -spec: - image: "ghcr.io/openmcp-project/images/cluster-provider-kind:v0.0.7" diff --git a/templates/kind/deployment.yaml b/templates/kind/deployment.yaml deleted file mode 100644 index 6530327..0000000 --- a/templates/kind/deployment.yaml +++ /dev/null @@ -1,66 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: cp-kind - name: cp-kind - namespace: openmcp-system -spec: - replicas: 1 - selector: - matchLabels: - app: cp-kind - template: - metadata: - labels: - app: cp-kind - spec: - serviceAccountName: cp-kind-sa - containers: - - name: cp-kind - image: ghcr.io/openmcp-project/images/cluster-provider-kind:v0.0.7 - args: - - run - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 1000m - memory: 1024Mi - volumeMounts: - - mountPath: /var/run/docker.sock - name: docker - volumes: - - name: docker - hostPath: - path: /var/run/host-docker.sock - type: Socket ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: cp-kind-sa - namespace: openmcp-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: cp-kind-clusterrole -rules: - - apiGroups: ["clusters.openmcp.cloud"] - resources: ["*"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: cp-kind-clusterrolebinding -subjects: - - kind: ServiceAccount - name: cp-kind-sa - namespace: openmcp-system -roleRef: - kind: ClusterRole - name: cp-kind-clusterrole - apiGroup: rbac.authorization.k8s.io diff --git a/templates/kind/kind-cluster-config.yaml b/templates/kind/kind-cluster-config.yaml deleted file mode 100644 index 3bcdfea..0000000 --- a/templates/kind/kind-cluster-config.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kind.x-k8s.io/v1alpha4 -kind: Cluster -nodes: - - role: control-plane - extraMounts: - - hostPath: /var/run/docker.sock - containerPath: /var/run/host-docker.sock diff --git a/templates/openmcp/Chart.yaml b/templates/openmcp/Chart.yaml index edaad28..83b2ab4 100644 --- a/templates/openmcp/Chart.yaml +++ b/templates/openmcp/Chart.yaml @@ -1,3 +1,4 @@ +--- apiVersion: v2 name: gitops-templates-openmcp description: GitOps Template for deploying openmcp diff --git a/templates/openmcp/templates/overlays/config/openmcp-operator-config.yaml b/templates/openmcp/templates/overlays/config/openmcp-operator-config.yaml new file mode 100644 index 0000000..0b8e2f4 --- /dev/null +++ b/templates/openmcp/templates/overlays/config/openmcp-operator-config.yaml @@ -0,0 +1 @@ +# please fill this out diff --git a/templates/openmcp/templates/overlays/kustomization.yaml b/templates/openmcp/templates/overlays/kustomization.yaml index facfb8d..b913d42 100644 --- a/templates/openmcp/templates/overlays/kustomization.yaml +++ b/templates/openmcp/templates/overlays/kustomization.yaml @@ -6,6 +6,9 @@ images: - name: newName: {{.Values.openmcpOperator.image }} newTag: {{.Values.openmcpOperator.tag | default "latest"}} + {{- if .Values.openmcpOperator.digest }} + digest: {{ .Values.openmcpOperator.digest }} + {{- end }} secretGenerator: - name: openmcp-operator-config namespace: openmcp-system diff --git a/templates/openmcp/templates/resources/deployment.yaml b/templates/openmcp/templates/resources/deployment.yaml index 3f0b448..638c5e5 100644 --- a/templates/openmcp/templates/resources/deployment.yaml +++ b/templates/openmcp/templates/resources/deployment.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -21,54 +22,22 @@ spec: args: - init - --environment=default - {{- if .Values.onboardingClusterKubeconfigSecretName }} - - --onboarding-cluster=/etc/secret/onboarding-cluster-kubeconfig/kubeconfig - {{- end }} - {{- if .Values.platformClusterKubeconfigSecretName }} - - --platform-cluster=/etc/secret/platform-cluster-kubeconfig/kubeconfig - {{- end }} - --config=/etc/secret/openmcp-operator-config/config volumeMounts: - mountPath: /etc/secret/openmcp-operator-config name: openmcp-operator-config readOnly: true - {{- if .Values.onboardingClusterKubeconfigSecretName }} - - mountPath: /etc/secret/onboarding-cluster-kubeconfig - name: onboarding-cluster-kubeconfig - readOnly: true - {{- end }} - {{- if .Values.platformClusterKubeconfigSecretName }} - - mountPath: /etc/secret/platform-cluster-kubeconfig - name: platform-cluster-kubeconfig - readOnly: true - {{- end }} containers: - name: openmcp-operator image: :latest args: - run - --environment=default - {{- if .Values.onboardingClusterKubeconfigSecretName }} - - --onboarding-cluster=/etc/secret/onboarding-cluster-kubeconfig/kubeconfig - {{- end }} - {{- if .Values.platformClusterKubeconfigSecretName }} - - --platform-cluster=/etc/secret/platform-cluster-kubeconfig/kubeconfig - {{- end }} - --config=/etc/secret/openmcp-operator-config/config volumeMounts: - mountPath: /etc/secret/openmcp-operator-config name: openmcp-operator-config readOnly: true - {{- if .Values.onboardingClusterKubeconfigSecretName }} - - mountPath: /etc/secret/onboarding-cluster-kubeconfig - name: onboarding-cluster-kubeconfig - readOnly: true - {{- end }} - {{- if .Values.platformClusterKubeconfigSecretName }} - - mountPath: /etc/secret/platform-cluster-kubeconfig - name: platform-cluster-kubeconfig - readOnly: true - {{- end }} resources: requests: cpu: 100m @@ -81,15 +50,3 @@ spec: secret: defaultMode: 420 secretName: openmcp-operator-config - {{- if .Values.onboardingClusterKubeconfigSecretName }} - - name: onboarding-cluster-kubeconfig - secret: - defaultMode: 420 - secretName: {{.Values.onboardingClusterKubeconfigSecretName}} - {{- end }} - {{- if .Values.platformClusterKubeconfigSecretName }} - - name: platform-cluster-kubeconfig - secret: - defaultMode: 420 - secretName: {{.Values.platformClusterKubeconfigSecretName}} - {{- end }} diff --git a/templates/openmcp/templates/resources/kustomization.yaml b/templates/openmcp/templates/resources/kustomization.yaml index ad6b3f5..a918015 100644 --- a/templates/openmcp/templates/resources/kustomization.yaml +++ b/templates/openmcp/templates/resources/kustomization.yaml @@ -1,3 +1,4 @@ +--- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: diff --git a/templates/openmcp/templates/resources/namespace.yaml b/templates/openmcp/templates/resources/namespace.yaml index 6a792be..5f45d0e 100644 --- a/templates/openmcp/templates/resources/namespace.yaml +++ b/templates/openmcp/templates/resources/namespace.yaml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: Namespace metadata: diff --git a/templates/openmcp/values.yaml b/templates/openmcp/values.yaml index 14c8609..1988d53 100644 --- a/templates/openmcp/values.yaml +++ b/templates/openmcp/values.yaml @@ -1,3 +1,4 @@ +--- openmcpOperator: image: ghcr.io/openmcp-project/images/openmcp-operator tag: v0.9.1 diff --git a/templates/usage/platformservice.yaml b/templates/usage/platformservice.yaml deleted file mode 100644 index 5922dad..0000000 --- a/templates/usage/platformservice.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: openmcp.cloud/v1alpha1 -kind: PlatformService -metadata: - name: usage-operator -spec: - image: "ghcr.io/openmcp-project/images/usage-operator:v0.0.11" - imagePullSecrets: []