split up build.sh and deploy.sh
This commit is contained in:
parent
e8d3b388a7
commit
65ad596463
@ -6,119 +6,111 @@ set -u # error if variables undefined
|
|||||||
set -o pipefail # prevent masking errors in a pipeline
|
set -o pipefail # prevent masking errors in a pipeline
|
||||||
# set -x # print all executed commands to terminal
|
# set -x # print all executed commands to terminal
|
||||||
|
|
||||||
|
#
|
||||||
RED='\033[0;31m'
|
# Helper functions
|
||||||
|
#
|
||||||
|
function log_note() {
|
||||||
GREEN='\033[0;32m'
|
GREEN='\033[0;32m'
|
||||||
YELLOW='\033[1;33m'
|
NC='\033[0m'
|
||||||
BLUE='\033[0;34m'
|
if [[ ${COLORTERM:-unknown} =~ ^(truecolor|24bit)$ ]]; then
|
||||||
DEFAULT='\033[0m'
|
echo -e "${GREEN}$*${NC}"
|
||||||
|
else
|
||||||
echo_yellow() {
|
echo "$*"
|
||||||
echo -e "${YELLOW}>> $@${DEFAULT}\n"
|
fi
|
||||||
# printf "${GREEN}$@${DEFAULT}"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
echo_green() {
|
function log_error() {
|
||||||
echo -e "${GREEN}>> $@${DEFAULT}\n"
|
RED='\033[0;31m'
|
||||||
# printf "${BLUE}$@${DEFAULT}"
|
NC='\033[0m'
|
||||||
}
|
if [[ ${COLORTERM:-unknown} =~ ^(truecolor|24bit)$ ]]; then
|
||||||
echo_red() {
|
echo -e "🙁${RED} Error: $* ${NC}"
|
||||||
echo -e "${RED}>> $@${DEFAULT}\n"
|
else
|
||||||
# printf "${BLUE}$@${DEFAULT}"
|
echo ":( Error: $*"
|
||||||
}
|
fi
|
||||||
echo_blue() {
|
|
||||||
echo -e "${BLUE}>> $@${DEFAULT}\n"
|
|
||||||
# printf "${BLUE}$@${DEFAULT}"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# got a cluster?
|
function check_dependency() {
|
||||||
echo_yellow "Verify you have a functional kind cluster, otherwise this will fail....."
|
if ! command -v "$1" >/dev/null; then
|
||||||
# ./kind-with-registry.sh
|
log_error "Missing dependency..."
|
||||||
# got kapp-controller bits?
|
log_error "$2"
|
||||||
kubectl get customresourcedefinitions
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
log_note "Deploying kapp-controller on kind cluster..."
|
||||||
kapp deploy --app kapp-controller --file https://github.com/vmware-tanzu/carvel-kapp-controller/releases/latest/download/release.yml -y
|
kapp deploy --app kapp-controller --file https://github.com/vmware-tanzu/carvel-kapp-controller/releases/latest/download/release.yml -y
|
||||||
kubectl get customresourcedefinitions
|
kubectl get customresourcedefinitions
|
||||||
|
# Global kapp-controller-namespace:
|
||||||
# this argument is given to kapp-controller by default
|
|
||||||
# in the above deployment manfiest:
|
|
||||||
# -packaging-global-namespace=kapp-controller-packaging-global
|
# -packaging-global-namespace=kapp-controller-packaging-global
|
||||||
# which means, PackageRepos and Packages ought be installed in this
|
# kapp-controller resources like PackageRepository and Package are namepaced.
|
||||||
# namespace to be globally available by default, since
|
# However, this namespace, provided via flag to kapp-controller in the yaml above,
|
||||||
# PackageRepos and Packages are namespaced resources.
|
# defines a "global" namespace. That is, resources installed in this namespace
|
||||||
|
# can be installed in every namespace as kapp will always pay attention to its
|
||||||
|
# pseudo-global namespace.
|
||||||
KAPP_CONTROLLER_GLOBAL_NAMESPACE="kapp-controller-packaging-global"
|
KAPP_CONTROLLER_GLOBAL_NAMESPACE="kapp-controller-packaging-global"
|
||||||
|
|
||||||
# TODO: since I removed the deployments there is not much in the ./imgpkg/images.yaml output
|
|
||||||
#
|
|
||||||
# build images found in these directories.
|
|
||||||
# make use of build.yaml files to specify how builds should work,
|
|
||||||
# if we need it to be done.
|
|
||||||
# kbld --file ./concierge/config --imgpkg-lock-output ./concierge/.imgpkg/images.yml
|
|
||||||
|
|
||||||
# this is used in the package-template.yml file for declaring where the package will live.
|
# TODO: final resting place for these images (PackageRepository, Packge) will need to
|
||||||
# we need to know where these package images should live :)
|
# be in the same plate as our regular images:
|
||||||
# REPO_HOST="1.2.3.4.fake.repo.host:5000"
|
# - https://github.com/vmware-tanzu/pinniped/releases/tag/v0.25.0
|
||||||
# PACKAGE_REPO_HOST="projects.registry.vmware.com/pinniped/pinniped-server"
|
# namely docker.io/getpinniped/ and projects.registry.vmware.com/pinniped/
|
||||||
# PACKAGE_REPO_HOST="docker.io/benjaminapetersen/pinniped-package-repo"
|
#
|
||||||
PACKAGE_REPO_HOST="benjaminapetersen/pinniped-package-repo"
|
PACKAGE_REPO_HOST="benjaminapetersen/pinniped-package-repo"
|
||||||
|
# TODO: this variable is currently a little quirky as our values.yaml files do NOT pin pinniped to a specific
|
||||||
|
# hard-coded version. Rather, Pinniped's values.yaml allows for a passed-in version.
|
||||||
PINNIPED_PACKAGE_VERSION="0.25.0"
|
PINNIPED_PACKAGE_VERSION="0.25.0"
|
||||||
|
|
||||||
# TODO: cp ./deploy/supervisor.... into ./deploy_carvel/supervisor/config...
|
# TODO: should we copy these directories:
|
||||||
# TODO: cp ./deploy/concierge.... into ./deploy_carvel/concierge/config...
|
# - ../deploy/supervisor/config/*
|
||||||
# -- we should copy this over, yeah?
|
# - ../deploy/concierge/config/*
|
||||||
# NOTE: I did make changes to values.yaml to turn it into a values schema....
|
# rather than duplicating the files?
|
||||||
|
# in this exercise, I have transformed the values.yaml into a "values schema" so this would have to be
|
||||||
|
# migrated up. There are some incompatibilities here, in that a values schema assesses the type of value
|
||||||
|
# by the default. currently many of the values have no actual default.
|
||||||
|
|
||||||
echo ""
|
log_note "Cleaning ./package-repository to generate new..."
|
||||||
echo_yellow "cleaning ./package-repository..."
|
|
||||||
PACKAGE_REPOSITORY_DIR="package-repository"
|
PACKAGE_REPOSITORY_DIR="package-repository"
|
||||||
rm -rf "./${PACKAGE_REPOSITORY_DIR}"
|
rm -rf "./${PACKAGE_REPOSITORY_DIR}"
|
||||||
mkdir -p "./${PACKAGE_REPOSITORY_DIR}/.imgpkg"
|
mkdir -p "./${PACKAGE_REPOSITORY_DIR}/.imgpkg"
|
||||||
mkdir -p "./${PACKAGE_REPOSITORY_DIR}/packages/concierge.pinniped.dev"
|
mkdir -p "./${PACKAGE_REPOSITORY_DIR}/packages/concierge.pinniped.dev"
|
||||||
mkdir -p "./${PACKAGE_REPOSITORY_DIR}/packages/supervisor.pinniped.dev"
|
mkdir -p "./${PACKAGE_REPOSITORY_DIR}/packages/supervisor.pinniped.dev"
|
||||||
|
|
||||||
PACKAGE_INSTALL_DIR="temp_actual_deploy_resources"
|
|
||||||
rm -rf "./${PACKAGE_INSTALL_DIR}"
|
|
||||||
mkdir "./${PACKAGE_INSTALL_DIR}"
|
|
||||||
|
|
||||||
## TODO:
|
log_note "Generating PackageRepository and Packages for Pinniped version ${PINNIPED_PACKAGE_VERSION}"
|
||||||
## "${resource_name}/deployment.yml" vs "${resource_name}/deployment-HACKED.yml"
|
|
||||||
## the real one has images.
|
|
||||||
## - CURRENTLY the deployment.yaml files don't work, there is some error with pushing images.
|
|
||||||
## come back to this later?
|
|
||||||
declare -a arr=("supervisor" "concierge")
|
declare -a arr=("supervisor" "concierge")
|
||||||
for resource_name in "${arr[@]}"
|
for resource_name in "${arr[@]}"
|
||||||
do
|
do
|
||||||
echo ""
|
log_note "Generating for ${resource_name}..."
|
||||||
echo_yellow "handling ${resource_name}..."
|
|
||||||
|
|
||||||
# just simple templating
|
log_note "Generating ${resource_name} imgpkg lock file... ${resource_name}/.imgpkg/images.yaml"
|
||||||
echo_yellow "generating ${resource_name}/.imgpkg/images.yaml"
|
|
||||||
# there are bits for image substitution in some of the ytt commands
|
|
||||||
kbld --file "./${resource_name}/config/" --imgpkg-lock-output "./${resource_name}/.imgpkg/images.yml"
|
kbld --file "./${resource_name}/config/" --imgpkg-lock-output "./${resource_name}/.imgpkg/images.yml"
|
||||||
|
|
||||||
# generate a schema in each package directory
|
# generate a schema in each package directory
|
||||||
echo_yellow "generating ./${resource_name}/schema-openapi.yaml"
|
log_note "Generating ${resource_name} OpenAPIv3 Schema... ./${resource_name}/schema-openapi.yaml"
|
||||||
ytt \
|
ytt \
|
||||||
--file "${resource_name}/config/values.yaml" \
|
--file "${resource_name}/config/values.yaml" \
|
||||||
--data-values-schema-inspect --output openapi-v3 > "${resource_name}/schema-openapi.yml"
|
--data-values-schema-inspect --output openapi-v3 > "${resource_name}/schema-openapi.yml"
|
||||||
|
|
||||||
# TODO:
|
# TODO: this is not the pattern we want.
|
||||||
# push each package to the repository
|
# final resting place should be with our primary Pinniped image at:
|
||||||
# note that I am hacking at this pattern to just get them to my dockerhub
|
# - projects.registry.vmware.com/pinniped/pinniped-server:v0.25.0 VMware Harbor
|
||||||
# this may or may not be the pattern we want when we push to a formal repository location
|
# - docker.io/getpinniped/pinniped-server:v0.25.0 DockerHub
|
||||||
# package_push_repo_location="${PACKAGE_REPO_HOST}/packages/${resource_name}:${PINNIPED_PACKAGE_VERSION}"
|
|
||||||
package_push_repo_location="${PACKAGE_REPO_HOST}-package-${resource_name}:${PINNIPED_PACKAGE_VERSION}"
|
package_push_repo_location="${PACKAGE_REPO_HOST}-package-${resource_name}:${PINNIPED_PACKAGE_VERSION}"
|
||||||
echo_yellow "pushing package image: ${package_push_repo_location} ..."
|
log_note "Pushing ${resource_name} package image: ${package_push_repo_location} ..."
|
||||||
imgpkg push --bundle "${package_push_repo_location}" --file "./${resource_name}"
|
imgpkg push --bundle "${package_push_repo_location}" --file "./${resource_name}"
|
||||||
|
|
||||||
resource_package_version="${resource_name}.pinniped.dev"
|
resource_package_version="${resource_name}.pinniped.dev"
|
||||||
echo_yellow "generating ./${PACKAGE_REPOSITORY_DIR}/packages/${resource_package_version}/${PINNIPED_PACKAGE_VERSION}.yml"
|
log_note "Generating ${resource_name} PackageRepository yaml..."
|
||||||
|
log_note "generating ./${PACKAGE_REPOSITORY_DIR}/packages/${resource_package_version}/${PINNIPED_PACKAGE_VERSION}.yml"
|
||||||
ytt \
|
ytt \
|
||||||
--file "${resource_name}/package-template.yml" \
|
--file "${resource_name}/package-template.yml" \
|
||||||
--data-value-file openapi="$(pwd)/${resource_name}/schema-openapi.yml" \
|
--data-value-file openapi="$(pwd)/${resource_name}/schema-openapi.yml" \
|
||||||
--data-value package_version="${PINNIPED_PACKAGE_VERSION}" \
|
--data-value package_version="${PINNIPED_PACKAGE_VERSION}" \
|
||||||
--data-value package_image_repo="${package_push_repo_location}" > "${PACKAGE_REPOSITORY_DIR}/packages/${resource_package_version}/${PINNIPED_PACKAGE_VERSION}.yml"
|
--data-value package_image_repo="${package_push_repo_location}" > "${PACKAGE_REPOSITORY_DIR}/packages/${resource_package_version}/${PINNIPED_PACKAGE_VERSION}.yml"
|
||||||
|
|
||||||
echo_yellow "generating ./${PACKAGE_REPOSITORY_DIR}/packages/${resource_package_version}/metadata.yml"
|
log_note "generating ./${PACKAGE_REPOSITORY_DIR}/packages/${resource_package_version}/metadata.yml"
|
||||||
ytt \
|
ytt \
|
||||||
--file "${resource_name}/metadata.yml" \
|
--file "${resource_name}/metadata.yml" \
|
||||||
--data-value-file openapi="$(pwd)/${resource_name}/schema-openapi.yml" \
|
--data-value-file openapi="$(pwd)/${resource_name}/schema-openapi.yml" \
|
||||||
@ -127,18 +119,20 @@ do
|
|||||||
|
|
||||||
done
|
done
|
||||||
|
|
||||||
echo_yellow "generating ./${PACKAGE_REPOSITORY_DIR}/.imgpkg/images.yml"
|
log_note "Generating Pinniped PackageRepository..."
|
||||||
|
log_note "Generating ./${PACKAGE_REPOSITORY_DIR}/.imgpkg/images.yml"
|
||||||
kbld --file "./${PACKAGE_REPOSITORY_DIR}/packages/" --imgpkg-lock-output "${PACKAGE_REPOSITORY_DIR}/.imgpkg/images.yml"
|
kbld --file "./${PACKAGE_REPOSITORY_DIR}/packages/" --imgpkg-lock-output "${PACKAGE_REPOSITORY_DIR}/.imgpkg/images.yml"
|
||||||
package_repository_push_repo_location="${PACKAGE_REPO_HOST}:${PINNIPED_PACKAGE_VERSION}"
|
package_repository_push_repo_location="${PACKAGE_REPO_HOST}:${PINNIPED_PACKAGE_VERSION}"
|
||||||
echo_yellow "pushing package repository image: ${PACKAGE_REPO_HOST}:${PINNIPED_PACKAGE_VERSION}..."
|
log_note "Pushing Pinniped package repository image: ${PACKAGE_REPO_HOST}:${PINNIPED_PACKAGE_VERSION}..."
|
||||||
imgpkg push --bundle "${package_repository_push_repo_location}" --file "./${PACKAGE_REPOSITORY_DIR}"
|
imgpkg push --bundle "${package_repository_push_repo_location}" --file "./${PACKAGE_REPOSITORY_DIR}"
|
||||||
|
|
||||||
echo_yellow "validating imgpkg package bundle contents..."
|
# handy for a quick debug
|
||||||
imgpkg pull --bundle "${PACKAGE_REPO_HOST}:${PINNIPED_PACKAGE_VERSION}" --output "/tmp/${PACKAGE_REPO_HOST}:${PINNIPED_PACKAGE_VERSION}"
|
# log_note "Validating imgpkg package bundle contents..."
|
||||||
ls -la "/tmp/${PACKAGE_REPO_HOST}:${PINNIPED_PACKAGE_VERSION}"
|
# imgpkg pull --bundle "${PACKAGE_REPO_HOST}:${PINNIPED_PACKAGE_VERSION}" --output "/tmp/${PACKAGE_REPO_HOST}:${PINNIPED_PACKAGE_VERSION}"
|
||||||
|
# ls -la "/tmp/${PACKAGE_REPO_HOST}:${PINNIPED_PACKAGE_VERSION}"
|
||||||
|
|
||||||
|
|
||||||
echo_yellow "deploying PackageRepository..."
|
log_note "Generating PackageRepository yaml file..."
|
||||||
PINNIPED_PACKGE_REPOSITORY_NAME="pinniped-package-repository"
|
PINNIPED_PACKGE_REPOSITORY_NAME="pinniped-package-repository"
|
||||||
PINNIPED_PACKGE_REPOSITORY_FILE="packagerepository.${PINNIPED_PACKAGE_VERSION}.yml"
|
PINNIPED_PACKGE_REPOSITORY_FILE="packagerepository.${PINNIPED_PACKAGE_VERSION}.yml"
|
||||||
echo -n "" > "${PINNIPED_PACKGE_REPOSITORY_FILE}"
|
echo -n "" > "${PINNIPED_PACKGE_REPOSITORY_FILE}"
|
||||||
@ -155,163 +149,5 @@ spec:
|
|||||||
image: "${PACKAGE_REPO_HOST}:${PINNIPED_PACKAGE_VERSION}"
|
image: "${PACKAGE_REPO_HOST}:${PINNIPED_PACKAGE_VERSION}"
|
||||||
EOT
|
EOT
|
||||||
|
|
||||||
|
log_note "To deploy the PackageRepository, run 'kapp deploy --app pinniped-repo --file ${PINNIPED_PACKGE_REPOSITORY_FILE}'"
|
||||||
# Now, gotta make this work. It'll be interesting if we can...
|
log_note "Or use the sibling deploy.sh script"
|
||||||
kapp deploy --app "${PINNIPED_PACKGE_REPOSITORY_NAME}" --file "${PINNIPED_PACKGE_REPOSITORY_FILE}" -y
|
|
||||||
kapp inspect --app "${PINNIPED_PACKGE_REPOSITORY_NAME}" --tree
|
|
||||||
|
|
||||||
sleep 2 # TODO: remove
|
|
||||||
|
|
||||||
# this is just a note to break this up, probably should use a separate ./deploy_stuff.sh file.
|
|
||||||
# at this point, we are "consumers".
|
|
||||||
# above we are packaging.
|
|
||||||
# this would be separated out into another script or potentially
|
|
||||||
# be on the user to craft (though we should likely provide something)
|
|
||||||
echo_green "Package Installation...."
|
|
||||||
|
|
||||||
echo_yellow "deploying RBAC for use with pinniped PackageInstall..."
|
|
||||||
|
|
||||||
# TODO: obviously a mega-role that can do everything is not good. we need to scope this down to appropriate things.
|
|
||||||
declare -a arr=("supervisor" "concierge")
|
|
||||||
for resource_name in "${arr[@]}"
|
|
||||||
do
|
|
||||||
|
|
||||||
NAMESPACE="${resource_name}-ns"
|
|
||||||
PINNIPED_PACKAGE_RBAC_PREFIX="pinniped-package-rbac-${resource_name}"
|
|
||||||
PINNIPED_PACKAGE_RBAC_FILE="./${PACKAGE_INSTALL_DIR}/${PINNIPED_PACKAGE_RBAC_PREFIX}-${resource_name}-rbac.yml"
|
|
||||||
|
|
||||||
echo -n "" > "${PINNIPED_PACKAGE_RBAC_FILE}"
|
|
||||||
cat <<EOF >> "${PINNIPED_PACKAGE_RBAC_FILE}"
|
|
||||||
# ---
|
|
||||||
# apiVersion: v1
|
|
||||||
# kind: Namespace
|
|
||||||
# metadata:
|
|
||||||
# name: "${NAMESPACE}" <--- "supervisor-ns" will cause other package install errors.
|
|
||||||
---
|
|
||||||
# ServiceAccount details from the file linked above
|
|
||||||
apiVersion: v1
|
|
||||||
kind: ServiceAccount
|
|
||||||
metadata:
|
|
||||||
name: "${PINNIPED_PACKAGE_RBAC_PREFIX}-sa-superadmin-dangerous"
|
|
||||||
# namespace: "${NAMESPACE}"
|
|
||||||
namespace: default # --> sticking to default for everything for now.
|
|
||||||
---
|
|
||||||
kind: ClusterRole
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
metadata:
|
|
||||||
name: "${PINNIPED_PACKAGE_RBAC_PREFIX}-role-superadmin-dangerous"
|
|
||||||
rules:
|
|
||||||
- apiGroups: ["*"]
|
|
||||||
resources: ["*"]
|
|
||||||
verbs: ["*"]
|
|
||||||
---
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
metadata:
|
|
||||||
name: "${PINNIPED_PACKAGE_RBAC_PREFIX}-role-binding-superadmin-dangerous"
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: "${PINNIPED_PACKAGE_RBAC_PREFIX}-sa-superadmin-dangerous"
|
|
||||||
# namespace: "${NAMESPACE}"
|
|
||||||
namespace: default # --> sticking to default for everything for now.
|
|
||||||
roleRef:
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: ClusterRole
|
|
||||||
name: "${PINNIPED_PACKAGE_RBAC_PREFIX}-role-superadmin-dangerous"
|
|
||||||
|
|
||||||
EOF
|
|
||||||
|
|
||||||
kapp deploy --app "${PINNIPED_PACKAGE_RBAC_PREFIX}" --file "${PINNIPED_PACKAGE_RBAC_FILE}" -y
|
|
||||||
done
|
|
||||||
|
|
||||||
|
|
||||||
#PINNIPED_PACKAGE_RBAC_FILE="./${PACKAGE_INSTALL_DIR}/${PINNIPED_PACKAGE_RBAC_PREFIX}-rbac.yml"
|
|
||||||
## TODO: obviously a mega-role that can do everything is not good.
|
|
||||||
#echo -n "" > "${PINNIPED_PACKAGE_RBAC_FILE}"
|
|
||||||
#cat <<EOF >> "${PINNIPED_PACKAGE_RBAC_FILE}"
|
|
||||||
#
|
|
||||||
echo_yellow "deploying PackageInstall resources for pinniped supervisor and concierge packages..."
|
|
||||||
for resource_name in "${arr[@]}"
|
|
||||||
do
|
|
||||||
|
|
||||||
NAMESPACE="${resource_name}-ns"
|
|
||||||
PINNIPED_PACKAGE_RBAC_PREFIX="pinniped-package-rbac-${resource_name}"
|
|
||||||
RESOURCE_PACKGE_VERSION="${resource_name}.pinniped.dev"
|
|
||||||
PACKAGE_INSTALL_FILE_NAME="./${PACKAGE_INSTALL_DIR}/${resource_name}-pkginstall.yml"
|
|
||||||
SECRET_NAME="${resource_name}-package-install-secret"
|
|
||||||
cat > "${PACKAGE_INSTALL_FILE_NAME}" << EOF
|
|
||||||
---
|
|
||||||
apiVersion: packaging.carvel.dev/v1alpha1
|
|
||||||
kind: PackageInstall
|
|
||||||
metadata:
|
|
||||||
# name, does not have to be versioned, versionSelection.constraints below will handle
|
|
||||||
name: "${resource_name}-package-install"
|
|
||||||
# namespace: "${NAMESPACE}"
|
|
||||||
namespace: default # --> sticking to default for everything for now.
|
|
||||||
spec:
|
|
||||||
serviceAccountName: "${PINNIPED_PACKAGE_RBAC_PREFIX}-sa-superadmin-dangerous"
|
|
||||||
packageRef:
|
|
||||||
refName: "${RESOURCE_PACKGE_VERSION}"
|
|
||||||
versionSelection:
|
|
||||||
constraints: "${PINNIPED_PACKAGE_VERSION}"
|
|
||||||
values:
|
|
||||||
- secretRef:
|
|
||||||
name: "${SECRET_NAME}"
|
|
||||||
---
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: "${SECRET_NAME}"
|
|
||||||
stringData:
|
|
||||||
values.yml: |
|
|
||||||
---
|
|
||||||
namespace: "${NAMESPACE}"
|
|
||||||
app_name: "${resource_name}-app-awesomeness"
|
|
||||||
replicas: 3
|
|
||||||
EOF
|
|
||||||
|
|
||||||
KAPP_CONTROLLER_APP_NAME="${resource_name}-pkginstall"
|
|
||||||
echo_yellow "deploying ${KAPP_CONTROLLER_APP_NAME}..."
|
|
||||||
kapp deploy --app "${KAPP_CONTROLLER_APP_NAME}" --file "${PACKAGE_INSTALL_FILE_NAME}" -y
|
|
||||||
|
|
||||||
done
|
|
||||||
|
|
||||||
echo_yellow "verifying PackageInstall resources..."
|
|
||||||
kubectl get PackageInstall -A | grep pinniped
|
|
||||||
kubectl get secret -A | grep pinniped
|
|
||||||
|
|
||||||
echo_yellow "listing all package resources (PackageRepository, Package, PackageInstall)..."
|
|
||||||
kubectl get pkgi && kubectl get pkgr && kubectl get pkg
|
|
||||||
|
|
||||||
echo_yellow "listing all kapp cli apps..."
|
|
||||||
# list again what is installed so we can ensure we have everything
|
|
||||||
kapp ls --all-namespaces
|
|
||||||
|
|
||||||
# these are fundamentally different than what kapp cli understands, unfortunately.
|
|
||||||
# the term "app" is overloaded in Carvel and can mean two different things, based on
|
|
||||||
# the use of kapp cli and kapp-controller on cluster
|
|
||||||
echo_yellow "listing all kapp-controller apps..."
|
|
||||||
kubectl get app --all-namespaces
|
|
||||||
|
|
||||||
# TODO:
|
|
||||||
# update the deployment.yaml and remove the deployment-HACKED.yaml files
|
|
||||||
# both are probably hacked a bit, so delete them and just get fresh from the ./deploy directory
|
|
||||||
# then make sure REAL PINNIPED actually deploys.
|
|
||||||
|
|
||||||
|
|
||||||
# In the end we should have:
|
|
||||||
# docker pull benjaminapetersen/pinniped-package-repo:latest
|
|
||||||
# docker pull benjaminapetersen/pinniped-package-repo-package-supervisor:0.25.0
|
|
||||||
# docker pull benjaminapetersen/pinniped-package-repo-package-concierge:0.25.0
|
|
||||||
|
|
||||||
# echo_yellow "verifying RBAC resources created (namespace, serviceaccount, clusterrole, clusterrolebinding)..."
|
|
||||||
# kubectl get ns -A | grep pinniped
|
|
||||||
# kubectl get sa -A | grep pinniped
|
|
||||||
# kubectl get ClusterRole -A | grep pinniped
|
|
||||||
# kubectl get clusterrolebinding -A | grep pinniped
|
|
||||||
|
|
||||||
|
|
||||||
# stuff
|
|
||||||
kubectl get PackageRepository -A
|
|
||||||
kubectl get Package -A
|
|
||||||
kubectl get PackageInstall -A
|
|
||||||
|
139
deploy_carvel/deploy.sh
Executable file
139
deploy_carvel/deploy.sh
Executable file
@ -0,0 +1,139 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
# Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
|
||||||
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
#
|
||||||
|
# This script can be used to prepare a kind cluster and deploy the app.
|
||||||
|
# You can call this script again to redeploy the app.
|
||||||
|
# It will also output instructions on how to run the integration.
|
||||||
|
#
|
||||||
|
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
|
||||||
|
# deploy the Carvel packages for Pinniped & Supervisor.
|
||||||
|
# - Deploy the PackageRepository
|
||||||
|
# - Create PackageInstalls for Supervisor, Concierge
|
||||||
|
# - deploy these
|
||||||
|
# - then after, run hack/prepare-supervisor-on-kind.sh
|
||||||
|
# - ideally this configures the Supervisor
|
||||||
|
|
||||||
|
|
||||||
|
# need a directory for our yamls for deployment
|
||||||
|
echo ""
|
||||||
|
PACKAGE_INSTALL_DIR="temp_actual_deploy_resources"
|
||||||
|
rm -rf "./${PACKAGE_INSTALL_DIR}"
|
||||||
|
mkdir "./${PACKAGE_INSTALL_DIR}"
|
||||||
|
|
||||||
|
|
||||||
|
log_note "Deploying Pinniped PackageRepository on kind cluster..."
|
||||||
|
# Now, gotta make this work. It'll be interesting if we can...
|
||||||
|
kapp deploy --app "${PINNIPED_PACKGE_REPOSITORY_NAME}" --file "${PINNIPED_PACKGE_REPOSITORY_FILE}" -y
|
||||||
|
kapp inspect --app "${PINNIPED_PACKGE_REPOSITORY_NAME}" --tree
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
log_note "Generating RBAC for use with pinniped PackageInstall..."
|
||||||
|
|
||||||
|
# TODO: obviously a mega-role that can do everything is not good. we need to scope this down to appropriate things.
|
||||||
|
declare -a arr=("supervisor" "concierge")
|
||||||
|
for resource_name in "${arr[@]}"
|
||||||
|
do
|
||||||
|
|
||||||
|
NAMESPACE="${resource_name}-ns"
|
||||||
|
PINNIPED_PACKAGE_RBAC_PREFIX="pinniped-package-rbac-${resource_name}"
|
||||||
|
PINNIPED_PACKAGE_RBAC_FILE="./${PACKAGE_INSTALL_DIR}/${PINNIPED_PACKAGE_RBAC_PREFIX}-${resource_name}-rbac.yml"
|
||||||
|
|
||||||
|
echo -n "" > "${PINNIPED_PACKAGE_RBAC_FILE}"
|
||||||
|
cat <<EOF >> "${PINNIPED_PACKAGE_RBAC_FILE}"
|
||||||
|
# ---
|
||||||
|
# apiVersion: v1
|
||||||
|
# kind: Namespace
|
||||||
|
# metadata:
|
||||||
|
# name: "${NAMESPACE}" <--- "supervisor-ns" will cause other package install errors.
|
||||||
|
---
|
||||||
|
# ServiceAccount details from the file linked above
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: "${PINNIPED_PACKAGE_RBAC_PREFIX}-sa-superadmin-dangerous"
|
||||||
|
# namespace: "${NAMESPACE}"
|
||||||
|
namespace: default # --> sticking to default for everything for now.
|
||||||
|
---
|
||||||
|
kind: ClusterRole
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
metadata:
|
||||||
|
name: "${PINNIPED_PACKAGE_RBAC_PREFIX}-role-superadmin-dangerous"
|
||||||
|
rules:
|
||||||
|
- apiGroups: ["*"]
|
||||||
|
resources: ["*"]
|
||||||
|
verbs: ["*"]
|
||||||
|
---
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
metadata:
|
||||||
|
name: "${PINNIPED_PACKAGE_RBAC_PREFIX}-role-binding-superadmin-dangerous"
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: "${PINNIPED_PACKAGE_RBAC_PREFIX}-sa-superadmin-dangerous"
|
||||||
|
# namespace: "${NAMESPACE}"
|
||||||
|
namespace: default # --> sticking to default for everything for now.
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: "${PINNIPED_PACKAGE_RBAC_PREFIX}-role-superadmin-dangerous"
|
||||||
|
|
||||||
|
EOF
|
||||||
|
|
||||||
|
kapp deploy --app "${PINNIPED_PACKAGE_RBAC_PREFIX}" --file "${PINNIPED_PACKAGE_RBAC_FILE}" -y
|
||||||
|
done
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
log_note "Deploying PackageInstall resources for pinniped supervisor and concierge packages..."
|
||||||
|
for resource_name in "${arr[@]}"
|
||||||
|
do
|
||||||
|
|
||||||
|
NAMESPACE="${resource_name}-ns"
|
||||||
|
PINNIPED_PACKAGE_RBAC_PREFIX="pinniped-package-rbac-${resource_name}"
|
||||||
|
RESOURCE_PACKGE_VERSION="${resource_name}.pinniped.dev"
|
||||||
|
PACKAGE_INSTALL_FILE_NAME="./${PACKAGE_INSTALL_DIR}/${resource_name}-pkginstall.yml"
|
||||||
|
SECRET_NAME="${resource_name}-package-install-secret"
|
||||||
|
cat > "${PACKAGE_INSTALL_FILE_NAME}" << EOF
|
||||||
|
---
|
||||||
|
apiVersion: packaging.carvel.dev/v1alpha1
|
||||||
|
kind: PackageInstall
|
||||||
|
metadata:
|
||||||
|
# name, does not have to be versioned, versionSelection.constraints below will handle
|
||||||
|
name: "${resource_name}-package-install"
|
||||||
|
# namespace: "${NAMESPACE}"
|
||||||
|
namespace: default # --> sticking to default for everything for now.
|
||||||
|
spec:
|
||||||
|
serviceAccountName: "${PINNIPED_PACKAGE_RBAC_PREFIX}-sa-superadmin-dangerous"
|
||||||
|
packageRef:
|
||||||
|
refName: "${RESOURCE_PACKGE_VERSION}"
|
||||||
|
versionSelection:
|
||||||
|
constraints: "${PINNIPED_PACKAGE_VERSION}"
|
||||||
|
values:
|
||||||
|
- secretRef:
|
||||||
|
name: "${SECRET_NAME}"
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: "${SECRET_NAME}"
|
||||||
|
stringData:
|
||||||
|
values.yml: |
|
||||||
|
---
|
||||||
|
namespace: "${NAMESPACE}"
|
||||||
|
app_name: "${resource_name}-app-awesomeness"
|
||||||
|
replicas: 3
|
||||||
|
EOF
|
||||||
|
|
||||||
|
KAPP_CONTROLLER_APP_NAME="${resource_name}-pkginstall"
|
||||||
|
log_note "deploying ${KAPP_CONTROLLER_APP_NAME}..."
|
||||||
|
kapp deploy --app "${KAPP_CONTROLLER_APP_NAME}" --file "${PACKAGE_INSTALL_FILE_NAME}" -y
|
||||||
|
|
||||||
|
done
|
@ -14,5 +14,5 @@ images:
|
|||||||
- resolved:
|
- resolved:
|
||||||
tag: 0.25.0
|
tag: 0.25.0
|
||||||
url: benjaminapetersen/pinniped-package-repo-package-supervisor:0.25.0
|
url: benjaminapetersen/pinniped-package-repo-package-supervisor:0.25.0
|
||||||
image: index.docker.io/benjaminapetersen/pinniped-package-repo-package-supervisor@sha256:12577787d82b4f565be28c65c229c87dd8ac9890d0f44a690725fdb4ac7f4082
|
image: index.docker.io/benjaminapetersen/pinniped-package-repo-package-supervisor@sha256:53b9a52d499492d372688198e0cf9c9598835047ec67684f908f512f8a28fc96
|
||||||
kind: ImagesLock
|
kind: ImagesLock
|
||||||
|
@ -40,7 +40,7 @@ package_image_repo: docker.io/benjaminapetersen/some-pinniped-supervisor-package
|
|||||||
#@schema/nullable
|
#@schema/nullable
|
||||||
package_image_digest: sha256:123456
|
package_image_digest: sha256:123456
|
||||||
#@schema/nullable
|
#@schema/nullable
|
||||||
package_image_tag: latest
|
package_image_tag: latest #! TODO; so since we allow the deployment to pass in the image tag, not sure the value in versions of packages?
|
||||||
#! prob should not be nullable
|
#! prob should not be nullable
|
||||||
#@schema/nullable
|
#@schema/nullable
|
||||||
package_version: 1.2.3
|
package_version: 1.2.3
|
||||||
|
Loading…
Reference in New Issue
Block a user