From 621ef9b11616280e11cac042e640e61f01faf1e8 Mon Sep 17 00:00:00 2001 From: "Benjamin A. Petersen" Date: Thu, 21 Sep 2023 12:12:11 -0400 Subject: [PATCH] minor notes about image building --- .../build_and_deploy_for_integration_tests.sh | 2 +- deploy_carvel/noop.sh | 53 +++++++++++++++++++ deploy_carvel/supervisor/build.yaml | 1 + deploy_carvel/supervisor/config/build.yaml | 8 +++ ...-package-rbac-concierge-concierge-rbac.yml | 37 +++++++++++++ ...ackage-rbac-supervisor-supervisor-rbac.yml | 37 +++++++++++++ .../supervisor-pkginstall.yml | 35 ++++++++++++ 7 files changed, 172 insertions(+), 1 deletion(-) create mode 100755 deploy_carvel/noop.sh create mode 100644 deploy_carvel/supervisor/config/build.yaml create mode 100644 deploy_carvel/temp_actual_deploy_resources/pinniped-package-rbac-concierge-concierge-rbac.yml create mode 100644 deploy_carvel/temp_actual_deploy_resources/pinniped-package-rbac-supervisor-supervisor-rbac.yml create mode 100644 deploy_carvel/temp_actual_deploy_resources/supervisor-pkginstall.yml diff --git a/deploy_carvel/build_and_deploy_for_integration_tests.sh b/deploy_carvel/build_and_deploy_for_integration_tests.sh index c527e842..24fa88c5 100755 --- a/deploy_carvel/build_and_deploy_for_integration_tests.sh +++ b/deploy_carvel/build_and_deploy_for_integration_tests.sh @@ -57,7 +57,7 @@ KAPP_CONTROLLER_GLOBAL_NAMESPACE="kapp-controller-packaging-global" # since we ran prepare-for-integration-test.sh # and it does the "kind load" on the # pinniped image -registry="pinniped.local" +registry="pinniped.local" # Hack, but not what we really want: getpinniped/pinniped-server:latest repo="test/build" registry_repo="$registry/$repo" diff --git a/deploy_carvel/noop.sh b/deploy_carvel/noop.sh new file mode 100755 index 00000000..cb2a3d95 --- /dev/null +++ b/deploy_carvel/noop.sh @@ -0,0 +1,53 @@ +#!/usr/bin/env bash + +# +# This script is intended to be used with: +# - $repo_root/hack/prepare-for-integration-test.sh --alternate-deploy $(pwd)/deploy_carvel/hack/log-args.sh +# and originated with the following: +# - https://github.com/jvanzyl/pinniped-charts/blob/main/alternate-deploy-helm +# along with this PR to pinniped: +# - https://github.com/vmware-tanzu/pinniped/pull/1028 +set -euo pipefail + +# +# Helper functions +# +function log_note() { + GREEN='\033[0;32m' + NC='\033[0m' + if [[ ${COLORTERM:-unknown} =~ ^(truecolor|24bit)$ ]]; then + echo -e "${GREEN}$*${NC}" + else + echo "$*" + fi +} + +function log_error() { + RED='\033[0;31m' + NC='\033[0m' + if [[ ${COLORTERM:-unknown} =~ ^(truecolor|24bit)$ ]]; then + echo -e "🙁${RED} Error: $* ${NC}" + else + echo ":( Error: $*" + fi +} + +function check_dependency() { + if ! command -v "$1" >/dev/null; then + log_error "Missing dependency..." + log_error "$2" + exit 1 + fi +} + +# two vars will be received by this script: +# Received: local-user-authenticator +# Received: D00A4537-80F1-4AF2-A3B3-5F20BDBB9AEB +app=${1} +# tag is fed in from the prepare-for-integration-tests.sh script, just uuidgen to identify a +# specific docker build of the pinniped-server image. +tag=${2} +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +log_note "noop.sh >>> script dir: ${SCRIPT_DIR}" +log_note "noop.sh >>> app: ${app} tag: ${tag}" +# nothing else, this is a test. diff --git a/deploy_carvel/supervisor/build.yaml b/deploy_carvel/supervisor/build.yaml index 1d049bc3..8b21c10b 100644 --- a/deploy_carvel/supervisor/build.yaml +++ b/deploy_carvel/supervisor/build.yaml @@ -6,6 +6,7 @@ minimumRequiredVersion: 0.31.0 #! minimum version of kbld. We probably don't ne overrides: #! TODO: in the pinniped yamls, this is provided by values.yaml, not declared in the deployment. #! we should assess if we want to leave it there or move it to this form of configuration. +#! TODO: would also need to make docker.io work??? - image: projects.registry.vmware.com/pinniped/pinniped-server newImage: #@ data.values.image_repo diff --git a/deploy_carvel/supervisor/config/build.yaml b/deploy_carvel/supervisor/config/build.yaml new file mode 100644 index 00000000..d318fc71 --- /dev/null +++ b/deploy_carvel/supervisor/config/build.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: kbld.k14s.io/v1alpha1 +kind: Config +sources: +- image: docker.io/dkalinin/k8s-simple-app + path: . +- image: projects.registry.vmware.com/pinniped/pinniped-server + path: . diff --git a/deploy_carvel/temp_actual_deploy_resources/pinniped-package-rbac-concierge-concierge-rbac.yml b/deploy_carvel/temp_actual_deploy_resources/pinniped-package-rbac-concierge-concierge-rbac.yml new file mode 100644 index 00000000..01519e56 --- /dev/null +++ b/deploy_carvel/temp_actual_deploy_resources/pinniped-package-rbac-concierge-concierge-rbac.yml @@ -0,0 +1,37 @@ +# --- +# apiVersion: v1 +# kind: Namespace +# metadata: +# name: "concierge-ns" <--- "supervisor-ns" will cause other package install errors. +--- +# ServiceAccount details from the file linked above +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "pinniped-package-rbac-concierge-sa-superadmin-dangerous" + # namespace: "concierge-ns" + namespace: default # --> sticking to default for everything for now. +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: "pinniped-package-rbac-concierge-role-superadmin-dangerous" +rules: +- apiGroups: ["*"] + resources: ["*"] + verbs: ["*"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: "pinniped-package-rbac-concierge-role-binding-superadmin-dangerous" +subjects: +- kind: ServiceAccount + name: "pinniped-package-rbac-concierge-sa-superadmin-dangerous" + # namespace: "concierge-ns" + namespace: default # --> sticking to default for everything for now. +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: "pinniped-package-rbac-concierge-role-superadmin-dangerous" + diff --git a/deploy_carvel/temp_actual_deploy_resources/pinniped-package-rbac-supervisor-supervisor-rbac.yml b/deploy_carvel/temp_actual_deploy_resources/pinniped-package-rbac-supervisor-supervisor-rbac.yml new file mode 100644 index 00000000..cd6b419f --- /dev/null +++ b/deploy_carvel/temp_actual_deploy_resources/pinniped-package-rbac-supervisor-supervisor-rbac.yml @@ -0,0 +1,37 @@ +# --- +# apiVersion: v1 +# kind: Namespace +# metadata: +# name: "supervisor-ns" <--- "supervisor-ns" will cause other package install errors. +--- +# ServiceAccount details from the file linked above +apiVersion: v1 +kind: ServiceAccount +metadata: + name: "pinniped-package-rbac-supervisor-sa-superadmin-dangerous" + # namespace: "supervisor-ns" + namespace: default # --> sticking to default for everything for now. +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: "pinniped-package-rbac-supervisor-role-superadmin-dangerous" +rules: +- apiGroups: ["*"] + resources: ["*"] + verbs: ["*"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: "pinniped-package-rbac-supervisor-role-binding-superadmin-dangerous" +subjects: +- kind: ServiceAccount + name: "pinniped-package-rbac-supervisor-sa-superadmin-dangerous" + # namespace: "supervisor-ns" + namespace: default # --> sticking to default for everything for now. +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: "pinniped-package-rbac-supervisor-role-superadmin-dangerous" + diff --git a/deploy_carvel/temp_actual_deploy_resources/supervisor-pkginstall.yml b/deploy_carvel/temp_actual_deploy_resources/supervisor-pkginstall.yml new file mode 100644 index 00000000..f9561084 --- /dev/null +++ b/deploy_carvel/temp_actual_deploy_resources/supervisor-pkginstall.yml @@ -0,0 +1,35 @@ +--- +apiVersion: packaging.carvel.dev/v1alpha1 +kind: PackageInstall +metadata: + # name, does not have to be versioned, versionSelection.constraints below will handle + name: "supervisor-package-install" + # namespace: "supervisor-ns" + namespace: default # --> sticking to default for everything for now. +spec: + serviceAccountName: "pinniped-package-rbac-supervisor-sa-superadmin-dangerous" + packageRef: + refName: "supervisor.pinniped.dev" + versionSelection: + constraints: "0.25.0" + values: + - secretRef: + name: "supervisor-package-install-secret" +--- +apiVersion: v1 +kind: Secret +metadata: + name: "supervisor-package-install-secret" +stringData: + values.yml: | + --- + app_name: pinniped-supervisor + namespace: supervisor + api_group_suffix: pinniped.dev + image_repo: pinniped.local/test/build + image_tag: 24753D27-6217-4E65-B508-71CB1DAF70D3 + log_level: debug + + service_https_nodeport_port: 443 + service_https_nodeport_nodeport: 31243 + service_https_clusterip_port: 443