split up build.sh and deploy.sh - revised

This commit is contained in:
Benjamin A. Petersen 2023-09-01 16:06:04 -04:00
parent ead2b3ce08
commit 3a71252167
No known key found for this signature in database
GPG Key ID: EF6EF83523A4BE46
2 changed files with 186 additions and 45 deletions

View File

@ -1,6 +1,5 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# https://gist.github.com/mohanpedala/1e2ff5661761d3abd0385e8223e16425
set -e # immediately exit set -e # immediately exit
set -u # error if variables undefined set -u # error if variables undefined
set -o pipefail # prevent masking errors in a pipeline set -o pipefail # prevent masking errors in a pipeline
@ -37,21 +36,19 @@ function check_dependency() {
fi fi
} }
app="${1:-undefined}"
tag="${2:-undefined}"
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
log_note "log-args.sh >>> script dir: ${SCRIPT_DIR}"
log_note "log-args.sh >>> app: ${app} tag: ${tag}"
exit 1
# Build the PackageRepository and Package resources
log_note "Deploying kapp-controller on kind cluster..." # - container images
kapp deploy --app kapp-controller --file https://github.com/vmware-tanzu/carvel-kapp-controller/releases/latest/download/release.yml -y # - yaml files
kubectl get customresourcedefinitions # Deploy the container images to a registry
# Global kapp-controller-namespace: # No need for a running cluster
# -packaging-global-namespace=kapp-controller-packaging-global #
# kapp-controller resources like PackageRepository and Package are namepaced.
# However, this namespace, provided via flag to kapp-controller in the yaml above,
# defines a "global" namespace. That is, resources installed in this namespace
# can be installed in every namespace as kapp will always pay attention to its
# pseudo-global namespace.
KAPP_CONTROLLER_GLOBAL_NAMESPACE="kapp-controller-packaging-global"
# TODO: final resting place for these images (PackageRepository, Packge) will need to # TODO: final resting place for these images (PackageRepository, Packge) will need to
# be in the same plate as our regular images: # be in the same plate as our regular images:
# - https://github.com/vmware-tanzu/pinniped/releases/tag/v0.25.0 # - https://github.com/vmware-tanzu/pinniped/releases/tag/v0.25.0

View File

@ -9,7 +9,65 @@
# It will also output instructions on how to run the integration. # It will also output instructions on how to run the integration.
# #
set -euo pipefail set -e # immediately exit
set -u # error if variables undefined
set -o pipefail # prevent masking errors in a pipeline
# set -x # print all executed commands to terminal
#
# Helper functions
#
function log_note() {
GREEN='\033[0;32m'
NC='\033[0m'
if [[ ${COLORTERM:-unknown} =~ ^(truecolor|24bit)$ ]]; then
echo -e "${GREEN}$*${NC}"
else
echo "$*"
fi
}
function log_error() {
RED='\033[0;31m'
NC='\033[0m'
if [[ ${COLORTERM:-unknown} =~ ^(truecolor|24bit)$ ]]; then
echo -e "🙁${RED} Error: $* ${NC}"
else
echo ":( Error: $*"
fi
}
function check_dependency() {
if ! command -v "$1" >/dev/null; then
log_error "Missing dependency..."
log_error "$2"
exit 1
fi
}
# Deploy the PackageRepository and Package resources
# Requires a running kind cluster
# Does not configure Pinniped
#
app="${1:-undefined}"
tag="${2:-undefined}"
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
log_note "log-args.sh >>> script dir: ${SCRIPT_DIR} 🦄 🦄 🦄 🦄 🦄 🦄 🦄 🦄"
log_note "log-args.sh >>> app: ${app} tag: ${tag} 🦄 🦄 🦄 🦄 🦄 🦄 🦄 🦄"
log_note "Deploying kapp-controller on kind cluster..."
kapp deploy --app kapp-controller --file https://github.com/vmware-tanzu/carvel-kapp-controller/releases/latest/download/release.yml -y
kubectl get customresourcedefinitions
# Global kapp-controller-namespace:
# -packaging-global-namespace=kapp-controller-packaging-global
# kapp-controller resources like PackageRepository and Package are namepaced.
# However, this namespace, provided via flag to kapp-controller in the yaml above,
# defines a "global" namespace. That is, resources installed in this namespace
# can be installed in every namespace as kapp will always pay attention to its
# pseudo-global namespace.
KAPP_CONTROLLER_GLOBAL_NAMESPACE="kapp-controller-packaging-global"
# deploy the Carvel packages for Pinniped & Supervisor. # deploy the Carvel packages for Pinniped & Supervisor.
@ -21,16 +79,32 @@ set -euo pipefail
# need a directory for our yamls for deployment # need a directory for our yamls for deployment
echo "" log_note "Clean previous PackageInstalls in order to create new ones..."
PACKAGE_INSTALL_DIR="temp_actual_deploy_resources" PACKAGE_INSTALL_DIR="temp_actual_deploy_resources"
rm -rf "./${PACKAGE_INSTALL_DIR}" rm -rf "${SCRIPT_DIR}/${PACKAGE_INSTALL_DIR}"
mkdir "./${PACKAGE_INSTALL_DIR}" mkdir "${SCRIPT_DIR}/${PACKAGE_INSTALL_DIR}"
# this is built via the build.sh script
# build.sh must be run first.
# TODO: since the ytt values.yaml takes in a version="x.y.z"
# for Pinniped, our packages are currently not meaningfully versioned.
# this is one of the questions we must answer, do we deviate in the
# "./deploy_carvel" directory by hard-coding this version in the packages?
log_note "Deploying Pinniped PackageRepository on kind cluster..." log_note "Deploying Pinniped PackageRepository on kind cluster..."
PINNIPED_PACKAGE_VERSION="0.25.0"
PINNIPED_PACKGE_REPOSITORY_NAME="pinniped-package-repository"
PINNIPED_PACKGE_REPOSITORY_FILE_NAME="packagerepository.${PINNIPED_PACKAGE_VERSION}.yml"
PINNIPED_PACKGE_REPOSITORY_FILE_PATH="${SCRIPT_DIR}/${PINNIPED_PACKGE_REPOSITORY_FILE_NAME}"
# Now, gotta make this work. It'll be interesting if we can... # Now, gotta make this work. It'll be interesting if we can...
kapp deploy --app "${PINNIPED_PACKGE_REPOSITORY_NAME}" --file "${PINNIPED_PACKGE_REPOSITORY_FILE}" -y kapp deploy \
kapp inspect --app "${PINNIPED_PACKGE_REPOSITORY_NAME}" --tree --namespace "${KAPP_CONTROLLER_GLOBAL_NAMESPACE}" \
--app "${PINNIPED_PACKGE_REPOSITORY_NAME}" \
--file "${PINNIPED_PACKGE_REPOSITORY_FILE_PATH}" -y
kapp inspect \
--namespace "${KAPP_CONTROLLER_GLOBAL_NAMESPACE}" \
--app "${PINNIPED_PACKGE_REPOSITORY_NAME}" \
--tree
@ -41,26 +115,34 @@ log_note "Generating RBAC for use with pinniped PackageInstall..."
declare -a arr=("supervisor" "concierge") declare -a arr=("supervisor" "concierge")
for resource_name in "${arr[@]}" for resource_name in "${arr[@]}"
do do
# we want the install-ns to not be "default"
NAMESPACE="${resource_name}-ns" # it should be a unique namespace
# but it should also not be in kapp-controllers global namespace
# nor should it be in any Pinniped resource namespace
# - PackageRepository,Package = global kapp-controller namespace
# - PackageInstall,RBAC = *-install namespace
# - App = (supervisor, concierge) generated via ytt namespace
INSTALL_NAMESPACE="${resource_name}-install-ns"
PINNIPED_PACKAGE_RBAC_PREFIX="pinniped-package-rbac-${resource_name}" PINNIPED_PACKAGE_RBAC_PREFIX="pinniped-package-rbac-${resource_name}"
PINNIPED_PACKAGE_RBAC_FILE="./${PACKAGE_INSTALL_DIR}/${PINNIPED_PACKAGE_RBAC_PREFIX}-${resource_name}-rbac.yml" PINNIPED_PACKAGE_RBAC_FILE_NAME="${PINNIPED_PACKAGE_RBAC_PREFIX}-${resource_name}-rbac.yml"
PINNIPED_PACKAGE_RBAC_FILE_PATH="${SCRIPT_DIR}/${PACKAGE_INSTALL_DIR}/${PINNIPED_PACKAGE_RBAC_FILE_NAME}"
echo -n "" > "${PINNIPED_PACKAGE_RBAC_FILE}" # empty and regenerate
cat <<EOF >> "${PINNIPED_PACKAGE_RBAC_FILE}" echo -n "" > "${PINNIPED_PACKAGE_RBAC_FILE_PATH}"
# --- cat <<EOF >> "${PINNIPED_PACKAGE_RBAC_FILE_PATH}"
# apiVersion: v1 ---
# kind: Namespace apiVersion: v1
# metadata: kind: Namespace
# name: "${NAMESPACE}" <--- "supervisor-ns" will cause other package install errors. metadata:
name: "${INSTALL_NAMESPACE}"
--- ---
# ServiceAccount details from the file linked above # ServiceAccount details from the file linked above
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: "${PINNIPED_PACKAGE_RBAC_PREFIX}-sa-superadmin-dangerous" name: "${PINNIPED_PACKAGE_RBAC_PREFIX}-sa-superadmin-dangerous"
# namespace: "${NAMESPACE}" namespace: "${INSTALL_NAMESPACE}"
namespace: default # --> sticking to default for everything for now. # namespace: default # --> sticking to default for everything for now.
--- ---
kind: ClusterRole kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
@ -78,8 +160,8 @@ metadata:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: "${PINNIPED_PACKAGE_RBAC_PREFIX}-sa-superadmin-dangerous" name: "${PINNIPED_PACKAGE_RBAC_PREFIX}-sa-superadmin-dangerous"
# namespace: "${NAMESPACE}" namespace: "${INSTALL_NAMESPACE}"
namespace: default # --> sticking to default for everything for now. # namespace: default # --> sticking to default for everything for now.
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
@ -87,7 +169,7 @@ roleRef:
EOF EOF
kapp deploy --app "${PINNIPED_PACKAGE_RBAC_PREFIX}" --file "${PINNIPED_PACKAGE_RBAC_FILE}" -y kapp deploy --app "${PINNIPED_PACKAGE_RBAC_PREFIX}" --file "${PINNIPED_PACKAGE_RBAC_FILE_PATH}" -y
done done
@ -95,21 +177,22 @@ done
log_note "Deploying PackageInstall resources for pinniped supervisor and concierge packages..." log_note "Deploying PackageInstall resources for pinniped supervisor and concierge packages..."
for resource_name in "${arr[@]}" for resource_name in "${arr[@]}"
do do
RESOURCE_NAMESPACE="${resource_name}" # to match the hack/prepare-for-integration-tests.sh file
NAMESPACE="${resource_name}-ns" INSTALL_NAME="${resource_name}-install"
INSTALL_NAMESPACE="${INSTALL_NAME}-ns"
PINNIPED_PACKAGE_RBAC_PREFIX="pinniped-package-rbac-${resource_name}" PINNIPED_PACKAGE_RBAC_PREFIX="pinniped-package-rbac-${resource_name}"
RESOURCE_PACKGE_VERSION="${resource_name}.pinniped.dev" RESOURCE_PACKGE_VERSION="${resource_name}.pinniped.dev"
PACKAGE_INSTALL_FILE_NAME="./${PACKAGE_INSTALL_DIR}/${resource_name}-pkginstall.yml" PACKAGE_INSTALL_FILE_NAME="./${PACKAGE_INSTALL_DIR}/${resource_name}-pkginstall.yml"
PACKAGE_INSTALL_FILE_PATH="${SCRIPT_DIR}/${PACKAGE_INSTALL_FILE_NAME}"
SECRET_NAME="${resource_name}-package-install-secret" SECRET_NAME="${resource_name}-package-install-secret"
cat > "${PACKAGE_INSTALL_FILE_NAME}" << EOF cat > "${PACKAGE_INSTALL_FILE_PATH}" << EOF
--- ---
apiVersion: packaging.carvel.dev/v1alpha1 apiVersion: packaging.carvel.dev/v1alpha1
kind: PackageInstall kind: PackageInstall
metadata: metadata:
# name, does not have to be versioned, versionSelection.constraints below will handle # name, does not have to be versioned, versionSelection.constraints below will handle
name: "${resource_name}-package-install" name: ${INSTALL_NAME}
# namespace: "${NAMESPACE}" namespace: ${INSTALL_NAMESPACE}
namespace: default # --> sticking to default for everything for now.
spec: spec:
serviceAccountName: "${PINNIPED_PACKAGE_RBAC_PREFIX}-sa-superadmin-dangerous" serviceAccountName: "${PINNIPED_PACKAGE_RBAC_PREFIX}-sa-superadmin-dangerous"
packageRef: packageRef:
@ -124,16 +207,77 @@ apiVersion: v1
kind: Secret kind: Secret
metadata: metadata:
name: "${SECRET_NAME}" name: "${SECRET_NAME}"
namespace: ${INSTALL_NAMESPACE}
stringData: stringData:
values.yml: | values.yml: |
--- ---
namespace: "${NAMESPACE}" namespace: "${RESOURCE_NAMESPACE}"
app_name: "${resource_name}-app-awesomeness" app_name: "${resource_name}-app-installed-via-package"
replicas: 3 replicas: 3
EOF EOF
KAPP_CONTROLLER_APP_NAME="${resource_name}-pkginstall" KAPP_CONTROLLER_APP_NAME="${resource_name}-pkginstall"
log_note "deploying ${KAPP_CONTROLLER_APP_NAME}..." log_note "deploying ${KAPP_CONTROLLER_APP_NAME}..."
kapp deploy --app "${KAPP_CONTROLLER_APP_NAME}" --file "${PACKAGE_INSTALL_FILE_NAME}" -y kapp deploy --app "${KAPP_CONTROLLER_APP_NAME}" --file "${PACKAGE_INSTALL_FILE_PATH}" -y
done done
log_note "Available Packages:"
kubectl get pkgr -A && kubectl get pkg -A && kubectl get pkgi -A
log_note "Pinniped Supervisor Package Deployed"
log_note "Pinniped Concierge Package Deployed"
kubectl get namespace -A | grep pinniped
kubectl get deploy -n supervisor
kubectl get deploy -n concierge
# TODO:
# - change the namespace to whatever it is in ./hack/prepare-for-integration-tests.sh
# - make a script that can work for $alternate-deploy
# - then run ./hack/prepare-supervisor-on-kind.sh and make sure it works
#
#
#log_note "verifying PackageInstall resources..."
#kubectl get PackageInstall -A | grep pinniped
#kubectl get secret -A | grep pinniped
#
#log_note "listing all package resources (PackageRepository, Package, PackageInstall)..."
#kubectl get pkgi && kubectl get pkgr && kubectl get pkg
#
#log_note "listing all kapp cli apps..."
## list again what is installed so we can ensure we have everything
#kapp ls --all-namespaces
#
## these are fundamentally different than what kapp cli understands, unfortunately.
## the term "app" is overloaded in Carvel and can mean two different things, based on
## the use of kapp cli and kapp-controller on cluster
#log_note "listing all kapp-controller apps..."
#kubectl get app --all-namespaces
#
## TODO:
## update the deployment.yaml and remove the deployment-HACKED.yaml files
## both are probably hacked a bit, so delete them and just get fresh from the ./deploy directory
## then make sure REAL PINNIPED actually deploys.
#
#
## In the end we should have:
## docker pull benjaminapetersen/pinniped-package-repo:latest
## docker pull benjaminapetersen/pinniped-package-repo-package-supervisor:0.25.0
## docker pull benjaminapetersen/pinniped-package-repo-package-concierge:0.25.0
#
## log_note "verifying RBAC resources created (namespace, serviceaccount, clusterrole, clusterrolebinding)..."
## kubectl get ns -A | grep pinniped
## kubectl get sa -A | grep pinniped
## kubectl get ClusterRole -A | grep pinniped
## kubectl get clusterrolebinding -A | grep pinniped
#
#
## stuff
#kubectl get PackageRepository -A
#kubectl get Package -A
#kubectl get PackageInstall -A