minor notes about image building

2023-09-21 12:12:11 -04:00 · 2023-09-21 12:12:11 -04:00 · 621ef9b116
commit 621ef9b116
parent 33adca878c
7 changed files with 172 additions and 1 deletions
--- a/deploy_carvel/build_and_deploy_for_integration_tests.sh
+++ b/deploy_carvel/build_and_deploy_for_integration_tests.sh
@ -57,7 +57,7 @@ KAPP_CONTROLLER_GLOBAL_NAMESPACE="kapp-controller-packaging-global"
 # since we ran prepare-for-integration-test.sh
 # and it does the "kind load" on the
 # pinniped image
-registry="pinniped.local"
+registry="pinniped.local" # Hack, but not what we really want: getpinniped/pinniped-server:latest
 repo="test/build"
 registry_repo="$registry/$repo"

--- a/deploy_carvel/noop.sh
+++ b/deploy_carvel/noop.sh
@ -0,0 +1,53 @@
+#!/usr/bin/env bash
+
+#
+# This script is intended to be used with:
+# - $repo_root/hack/prepare-for-integration-test.sh --alternate-deploy $(pwd)/deploy_carvel/hack/log-args.sh
+# and originated with the following:
+# - https://github.com/jvanzyl/pinniped-charts/blob/main/alternate-deploy-helm
+# along with this PR to pinniped:
+# - https://github.com/vmware-tanzu/pinniped/pull/1028
+set -euo pipefail
+
+#
+# Helper functions
+#
+function log_note() {
+  GREEN='\033[0;32m'
+  NC='\033[0m'
+  if [[ ${COLORTERM:-unknown} =~ ^(truecolor|24bit)$ ]]; then
+    echo -e "${GREEN}$*${NC}"
+  else
+    echo "$*"
+  fi
+}
+
+function log_error() {
+  RED='\033[0;31m'
+  NC='\033[0m'
+  if [[ ${COLORTERM:-unknown} =~ ^(truecolor|24bit)$ ]]; then
+    echo -e "🙁${RED} Error: $* ${NC}"
+  else
+    echo ":( Error: $*"
+  fi
+}
+
+function check_dependency() {
+  if ! command -v "$1" >/dev/null; then
+    log_error "Missing dependency..."
+    log_error "$2"
+    exit 1
+  fi
+}
+
+# two vars will be received by this script:
+# Received: local-user-authenticator
+# Received: D00A4537-80F1-4AF2-A3B3-5F20BDBB9AEB
+app=${1}
+# tag is fed in from the prepare-for-integration-tests.sh script, just uuidgen to identify a
+# specific docker build of the pinniped-server image.
+tag=${2}
+SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+log_note "noop.sh >>> script dir: ${SCRIPT_DIR}"
+log_note "noop.sh >>> app: ${app} tag: ${tag}"
+# nothing else, this is a test.
--- a/deploy_carvel/supervisor/build.yaml
+++ b/deploy_carvel/supervisor/build.yaml
@ -6,6 +6,7 @@ minimumRequiredVersion: 0.31.0 #! minimum version of kbld.  We probably don't ne
 overrides:
 #! TODO: in the pinniped yamls, this is provided by values.yaml, not declared in the deployment.
 #!   we should assess if we want to leave it there or move it to this form of configuration.
+#! TODO: would also need to make docker.io work???
 - image: projects.registry.vmware.com/pinniped/pinniped-server
  newImage: #@ data.values.image_repo

--- a/deploy_carvel/supervisor/config/build.yaml
+++ b/deploy_carvel/supervisor/config/build.yaml
@ -0,0 +1,8 @@
+---
+apiVersion: kbld.k14s.io/v1alpha1
+kind: Config
+sources:
+- image: docker.io/dkalinin/k8s-simple-app
+  path: .
+- image: projects.registry.vmware.com/pinniped/pinniped-server
+  path: .
--- a/deploy_carvel/temp_actual_deploy_resources/pinniped-package-rbac-concierge-concierge-rbac.yml
+++ b/deploy_carvel/temp_actual_deploy_resources/pinniped-package-rbac-concierge-concierge-rbac.yml
@ -0,0 +1,37 @@
+# ---
+# apiVersion: v1
+# kind: Namespace
+# metadata:
+#  name: "concierge-ns" <--- "supervisor-ns" will cause other package install errors.
+---
+# ServiceAccount details from the file linked above
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: "pinniped-package-rbac-concierge-sa-superadmin-dangerous"
+  # namespace: "concierge-ns"
+  namespace: default # --> sticking to default for everything for now.
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: "pinniped-package-rbac-concierge-role-superadmin-dangerous"
+rules:
+- apiGroups: ["*"]
+  resources: ["*"]
+  verbs: ["*"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: "pinniped-package-rbac-concierge-role-binding-superadmin-dangerous"
+subjects:
+- kind: ServiceAccount
+  name: "pinniped-package-rbac-concierge-sa-superadmin-dangerous"
+  # namespace: "concierge-ns"
+  namespace: default # --> sticking to default for everything for now.
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: "pinniped-package-rbac-concierge-role-superadmin-dangerous"
+
--- a/deploy_carvel/temp_actual_deploy_resources/pinniped-package-rbac-supervisor-supervisor-rbac.yml
+++ b/deploy_carvel/temp_actual_deploy_resources/pinniped-package-rbac-supervisor-supervisor-rbac.yml
@ -0,0 +1,37 @@
+# ---
+# apiVersion: v1
+# kind: Namespace
+# metadata:
+#  name: "supervisor-ns" <--- "supervisor-ns" will cause other package install errors.
+---
+# ServiceAccount details from the file linked above
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: "pinniped-package-rbac-supervisor-sa-superadmin-dangerous"
+  # namespace: "supervisor-ns"
+  namespace: default # --> sticking to default for everything for now.
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: "pinniped-package-rbac-supervisor-role-superadmin-dangerous"
+rules:
+- apiGroups: ["*"]
+  resources: ["*"]
+  verbs: ["*"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: "pinniped-package-rbac-supervisor-role-binding-superadmin-dangerous"
+subjects:
+- kind: ServiceAccount
+  name: "pinniped-package-rbac-supervisor-sa-superadmin-dangerous"
+  # namespace: "supervisor-ns"
+  namespace: default # --> sticking to default for everything for now.
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: "pinniped-package-rbac-supervisor-role-superadmin-dangerous"
+
--- a/deploy_carvel/temp_actual_deploy_resources/supervisor-pkginstall.yml
+++ b/deploy_carvel/temp_actual_deploy_resources/supervisor-pkginstall.yml
@ -0,0 +1,35 @@
+---
+apiVersion: packaging.carvel.dev/v1alpha1
+kind: PackageInstall
+metadata:
+    # name, does not have to be versioned, versionSelection.constraints below will handle
+    name: "supervisor-package-install"
+    # namespace: "supervisor-ns"
+    namespace: default # --> sticking to default for everything for now.
+spec:
+  serviceAccountName: "pinniped-package-rbac-supervisor-sa-superadmin-dangerous"
+  packageRef:
+    refName: "supervisor.pinniped.dev"
+    versionSelection:
+      constraints: "0.25.0"
+  values:
+  - secretRef:
+      name: "supervisor-package-install-secret"
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "supervisor-package-install-secret"
+stringData:
+  values.yml: |
+    ---
+    app_name: pinniped-supervisor
+    namespace: supervisor
+    api_group_suffix: pinniped.dev
+    image_repo: pinniped.local/test/build
+    image_tag: 24753D27-6217-4E65-B508-71CB1DAF70D3
+    log_level: debug
+
+    service_https_nodeport_port: 443
+    service_https_nodeport_nodeport: 31243
+    service_https_clusterip_port: 443