From 6a847aaec7d679b7937f82afe5c7f153691c895a Mon Sep 17 00:00:00 2001 From: "Benjamin A. Petersen" Date: Wed, 13 Sep 2023 12:57:43 -0400 Subject: [PATCH] backup prepare-for-integration-tests.sh hacks, not sure this is all correct --- deploy_carvel/build.sh | 100 +++++++--- deploy_carvel/deploy-packages.sh | 17 +- .../package-repository/.imgpkg/images.yml | 18 -- .../concierge.pinniped.dev/0.25.0.yml | 182 ------------------ .../concierge.pinniped.dev/metadata.yml | 10 - .../supervisor.pinniped.dev/metadata.yml | 10 - .../schema-openapi.yaml} | 36 +--- .../supervisor-pkginstall.yml | 2 +- hack/prepare-supervisor-on-kind.sh | 5 + 9 files changed, 92 insertions(+), 288 deletions(-) delete mode 100644 deploy_carvel/package-repository/.imgpkg/images.yml delete mode 100644 deploy_carvel/package-repository/packages/concierge.pinniped.dev/0.25.0.yml delete mode 100644 deploy_carvel/package-repository/packages/concierge.pinniped.dev/metadata.yml delete mode 100644 deploy_carvel/package-repository/packages/supervisor.pinniped.dev/metadata.yml rename deploy_carvel/{package-repository/packages/supervisor.pinniped.dev/0.25.0.yml => supervisor/schema-openapi.yaml} (93%) diff --git a/deploy_carvel/build.sh b/deploy_carvel/build.sh index a4815784..818abb3f 100755 --- a/deploy_carvel/build.sh +++ b/deploy_carvel/build.sh @@ -36,25 +36,38 @@ function check_dependency() { fi } -app="${1:-undefined}" -tag="${2:-undefined}" -SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) -log_note "log-args.sh >>> script dir: ${SCRIPT_DIR}" -log_note "log-args.sh >>> app: ${app} tag: ${tag}" -exit 1 -# Build the PackageRepository and Package resources -# - container images -# - yaml files -# Deploy the container images to a registry -# No need for a running cluster +# NOTES: +# - on images +# prepare-for-integration-tests.sh simply creates images with a "docker build" call. +# then it loads them into the kind cluster via kind load docker-image .... +# nothing fancy here. +# so, in this script, we ought be able to do the same, build images and imgpkg bundles +# and push or load them into a kind cluster. + +# ./prepare-for-integration-tests.sh will pass each of these. +# optionally could be user defined. +# app is currently ignored, tag is necessary. +app="${1:-undefined}" +tag="${2:-$(uuidgen)}" # always a new tag to force K8s to reload the image on redeploy + +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) + + +# TODO: final resting place for these images (PackageRepository, Packge) will need to be in the same plate as our regular images: +# https://github.com/vmware-tanzu/pinniped/releases/tag/v0.25.0 # -# TODO: final resting place for these images (PackageRepository, Packge) will need to -# be in the same plate as our regular images: -# - https://github.com/vmware-tanzu/pinniped/releases/tag/v0.25.0 -# namely docker.io/getpinniped/ and projects.registry.vmware.com/pinniped/ -# -PACKAGE_REPO_HOST="benjaminapetersen/pinniped-package-repo" +# from prepare-for-integration-tests.sh +# registry="pinniped.local" +# repo="test/build" +registry="docker.io/benjaminapetersen" # docker.io default +repo="pinniped-package-repo" +registry_repo="$registry/$repo" +tag=$(uuidgen) # always a new tag to force K8s to reload the image on redeploy +# can't use this straight from prepare-for-integration-tests.sh as we build several images in this file +# registry_repo_tag="${registry_repo}:${tag}" + +PACKAGE_REPO_HOST="${registry_repo}" # TODO: this variable is currently a little quirky as our values.yaml files do NOT pin pinniped to a specific # hard-coded version. Rather, Pinniped's values.yaml allows for a passed-in version. PINNIPED_PACKAGE_VERSION="0.25.0" @@ -80,48 +93,66 @@ declare -a arr=("supervisor" "concierge") for resource_name in "${arr[@]}" do log_note "Generating for ${resource_name}..." + RESOURCE_DIR="${SCRIPT_DIR}/${resource_name}" + CONFIG_DIR="${RESOURCE_DIR}/config" + VALUES_FILE="${CONFIG_DIR}/values.yaml" + IMGPKG_IMAGES_FILE="${RESOURCE_DIR}/.imgpkg/images.yml" + SCHEMA_OPENAPI_FILE="${RESOURCE_DIR}/schema-openapi.yaml" - log_note "Generating ${resource_name} imgpkg lock file... ${resource_name}/.imgpkg/images.yaml" - kbld --file "./${resource_name}/config/" --imgpkg-lock-output "./${resource_name}/.imgpkg/images.yml" + log_note "Generating ${resource_name} imgpkg lock file... ${IMGPKG_IMAGES_FILE}" + kbld --file "${CONFIG_DIR}" --imgpkg-lock-output "${IMGPKG_IMAGES_FILE}" # generate a schema in each package directory - log_note "Generating ${resource_name} OpenAPIv3 Schema... ./${resource_name}/schema-openapi.yaml" + log_note "Generating ${resource_name} OpenAPIv3 Schema... ${SCHEMA_OPENAPI_FILE}" ytt \ - --file "${resource_name}/config/values.yaml" \ - --data-values-schema-inspect --output openapi-v3 > "${resource_name}/schema-openapi.yml" + --file "${VALUES_FILE}" \ + --data-values-schema-inspect --output openapi-v3 > "${SCHEMA_OPENAPI_FILE}" # TODO: this is not the pattern we want. # final resting place should be with our primary Pinniped image at: # - projects.registry.vmware.com/pinniped/pinniped-server:v0.25.0 VMware Harbor # - docker.io/getpinniped/pinniped-server:v0.25.0 DockerHub package_push_repo_location="${PACKAGE_REPO_HOST}-package-${resource_name}:${PINNIPED_PACKAGE_VERSION}" + package_repo_pull_location="" log_note "Pushing ${resource_name} package image: ${package_push_repo_location} ..." - imgpkg push --bundle "${package_push_repo_location}" --file "./${resource_name}" + + # need to push and then pull in order to kind load it later + # imgpkg does not support a "build it locally and keep the image in your docker registry" + imgpkg push --bundle "${package_push_repo_location}" --file "${RESOURCE_DIR}" + docker pull "${package_push_repo_location}" + # TODO: + # - match prepare-for-integration-tests.sh + # - do we want this in this script, or do we want to split things apart into several scripts? + log_note "Loading Package image ${resource_name} into kind from repo ${package_push_repo_location}..." + kind load docker-image "${package_push_repo_location}" --name "${resource_name}" resource_package_version="${resource_name}.pinniped.dev" + PACKAGE_REPO_PACKGE_FILE="${RSOURCE_DIR}/${PACKAGE_REPOSITORY_DIR}/packages/${resource_package_version}/${PINNIPED_PACKAGE_VERSION}.yml" log_note "Generating ${resource_name} PackageRepository yaml..." - log_note "generating ./${PACKAGE_REPOSITORY_DIR}/packages/${resource_package_version}/${PINNIPED_PACKAGE_VERSION}.yml" + log_note "generating ${PACKAGE_REPO_PACKGE_FILE}" ytt \ --file "${resource_name}/package-template.yml" \ --data-value-file openapi="$(pwd)/${resource_name}/schema-openapi.yml" \ --data-value package_version="${PINNIPED_PACKAGE_VERSION}" \ - --data-value package_image_repo="${package_push_repo_location}" > "${PACKAGE_REPOSITORY_DIR}/packages/${resource_package_version}/${PINNIPED_PACKAGE_VERSION}.yml" + --data-value package_image_repo="${package_push_repo_location}" > "${PACKAGE_REPO_PACKGE_FILE}" - log_note "generating ./${PACKAGE_REPOSITORY_DIR}/packages/${resource_package_version}/metadata.yml" + PACKAGE_METADATA_FILE="${RSOURCE_DIR}/${PACKAGE_REPOSITORY_DIR}/packages/${resource_package_version}/metadata.yml" + log_note "generating ${PACKAGE_METADATA_FILE}" ytt \ --file "${resource_name}/metadata.yml" \ --data-value-file openapi="$(pwd)/${resource_name}/schema-openapi.yml" \ --data-value package_version="${PINNIPED_PACKAGE_VERSION}" \ - --data-value package_image_repo="${package_push_repo_location}" > "${PACKAGE_REPOSITORY_DIR}/packages/${resource_package_version}/metadata.yml" - + --data-value package_image_repo="${package_push_repo_location}" > "${PACKAGE_METADATA_FILE}" done + log_note "Generating Pinniped PackageRepository..." -log_note "Generating ./${PACKAGE_REPOSITORY_DIR}/.imgpkg/images.yml" -kbld --file "./${PACKAGE_REPOSITORY_DIR}/packages/" --imgpkg-lock-output "${PACKAGE_REPOSITORY_DIR}/.imgpkg/images.yml" +log_note "Generating ${RESOURCE_DIR}/${PACKAGE_REPOSITORY_DIR}/.imgpkg/images.yml" +kbld --file "${RESOURCE_DIR}/${PACKAGE_REPOSITORY_DIR}/packages/" --imgpkg-lock-output "${PACKAGE_REPOSITORY_DIR}/.imgpkg/images.yml" package_repository_push_repo_location="${PACKAGE_REPO_HOST}:${PINNIPED_PACKAGE_VERSION}" log_note "Pushing Pinniped package repository image: ${PACKAGE_REPO_HOST}:${PINNIPED_PACKAGE_VERSION}..." imgpkg push --bundle "${package_repository_push_repo_location}" --file "./${PACKAGE_REPOSITORY_DIR}" +docker pull "${package_repository_push_repo_location}" # handy for a quick debug # log_note "Validating imgpkg package bundle contents..." @@ -132,6 +163,15 @@ imgpkg push --bundle "${package_repository_push_repo_location}" --file "./${PACK log_note "Generating PackageRepository yaml file..." PINNIPED_PACKGE_REPOSITORY_NAME="pinniped-package-repository" PINNIPED_PACKGE_REPOSITORY_FILE="packagerepository.${PINNIPED_PACKAGE_VERSION}.yml" + + +# TODO: +# - match prepare-for-integration-tests.sh +# - do we want this in this script, or do we want to split things apart into several scripts? +log_note "Loading PackageRepository PINNIPED_PACKGE_REPOSITORY_NAME into kind from repo ${package_repository_push_repo_location}..." +kind load docker-image "${package_repository_push_repo_location}" --name "${PINNIPED_PACKGE_REPOSITORY_NAME}" + + echo -n "" > "${PINNIPED_PACKGE_REPOSITORY_FILE}" cat <> "${PINNIPED_PACKGE_REPOSITORY_FILE}" diff --git a/deploy_carvel/deploy-packages.sh b/deploy_carvel/deploy-packages.sh index f2488afc..18bb5f69 100755 --- a/deploy_carvel/deploy-packages.sh +++ b/deploy_carvel/deploy-packages.sh @@ -54,7 +54,7 @@ function check_dependency() { # Does not configure Pinniped # app="${1:-undefined}" -tag="${2:-undefined}" +tag="${2:-$(uuidgen)}" # always a new tag to force K8s to reload the image on redeploy SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) log_note "log-args.sh >>> script dir: ${SCRIPT_DIR} 🦄 🦄 🦄 🦄 🦄 🦄 🦄 🦄" log_note "log-args.sh >>> app: ${app} tag: ${tag} 🦄 🦄 🦄 🦄 🦄 🦄 🦄 🦄" @@ -66,7 +66,6 @@ api_group_suffix="pinniped.dev" # same default as in the values.yaml ytt file registry="pinniped.local" repo="test/build" registry_repo="$registry/$repo" -tag=$(uuidgen) # always a new tag to force K8s to reload the image on redeploy @@ -123,12 +122,12 @@ kapp inspect \ -log_note "Generating RBAC for use with pinniped PackageInstall..." # TODO: obviously a mega-role that can do everything is not good. we need to scope this down to appropriate things. declare -a arr=("supervisor" "concierge") for resource_name in "${arr[@]}" do + log_note "Generating RBAC for use with ${resource_name} PackageInstall..." # we want the install-ns to not be "default" # it should be a unique namespace # but it should also not be in kapp-controllers global namespace @@ -186,7 +185,7 @@ EOF kapp deploy --app "${PINNIPED_PACKAGE_RBAC_PREFIX}" --file "${PINNIPED_PACKAGE_RBAC_FILE_PATH}" -y done - +# IF SUPERVISOR ........ if [ "${app}" = "pinniped-supervisor" ]; then resource_name="supervisor" @@ -207,7 +206,7 @@ if [ "${app}" = "pinniped-supervisor" ]; then PACKAGE_INSTALL_FILE_NAME="./${PACKAGE_INSTALL_DIR}/${resource_name}-pkginstall.yml" PACKAGE_INSTALL_FILE_PATH="${SCRIPT_DIR}/${PACKAGE_INSTALL_FILE_NAME}" SECRET_NAME="${resource_name}-package-install-secret" - log_note "Deploying PackageInstall resources for ${resource_name}..." + log_note "🦄${resource_name}🦄: Creating PackageInstall resources for ${resource_name}..." # generate an install file to use cat > "${PACKAGE_INSTALL_FILE_PATH}" << EOF --- @@ -250,11 +249,12 @@ EOF # custom_labels: $supervisor_custom_labels KAPP_CONTROLLER_APP_NAME="${resource_name}-pkginstall" - log_note "deploying ${KAPP_CONTROLLER_APP_NAME}..." + log_note "🦄${resource_name}🦄: Deploying ${KAPP_CONTROLLER_APP_NAME}..." kapp deploy --yes --app "$supervisor_app_name" --diff-changes --file "${PACKAGE_INSTALL_FILE_PATH}" kubectl apply --dry-run=client -f "${PACKAGE_INSTALL_FILE_PATH}" # Validate manifest schema. fi +# IF CONCIERGE ........ if [ "${app}" = "pinniped-concierge" ]; then resource_name="concierge" @@ -276,7 +276,7 @@ if [ "${app}" = "pinniped-concierge" ]; then PACKAGE_INSTALL_FILE_NAME="./${PACKAGE_INSTALL_DIR}/${resource_name}-pkginstall.yml" PACKAGE_INSTALL_FILE_PATH="${SCRIPT_DIR}/${PACKAGE_INSTALL_FILE_NAME}" SECRET_NAME="${resource_name}-package-install-secret" - log_note "Deploying PackageInstall resources for ${resource_name}..." + log_note "🦄${resource_name}🦄: Creating PackageInstall resources for ${resource_name}..." # concierge version cat > "${PACKAGE_INSTALL_FILE_PATH}" << EOF --- @@ -313,9 +313,8 @@ stringData: image_tag: $tag discovery_url: $discovery_url EOF - KAPP_CONTROLLER_APP_NAME="${resource_name}-pkginstall" - log_note "deploying ${KAPP_CONTROLLER_APP_NAME}..." + log_note "🦄${resource_name}🦄: Deploying ${KAPP_CONTROLLER_APP_NAME}..." # kapp deploy --app "${KAPP_CONTROLLER_APP_NAME}" --file "${PACKAGE_INSTALL_FILE_PATH}" -y kapp deploy --yes --app "$concierge_app_name" --diff-changes --file "${PACKAGE_INSTALL_FILE_PATH}" kubectl apply --dry-run=client -f "${PACKAGE_INSTALL_FILE_PATH}" # Validate manifest schema. diff --git a/deploy_carvel/package-repository/.imgpkg/images.yml b/deploy_carvel/package-repository/.imgpkg/images.yml deleted file mode 100644 index f7bb42c8..00000000 --- a/deploy_carvel/package-repository/.imgpkg/images.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -apiVersion: imgpkg.carvel.dev/v1alpha1 -images: -- annotations: - kbld.carvel.dev/id: benjaminapetersen/pinniped-package-repo-package-concierge:0.25.0 - kbld.carvel.dev/origins: | - - resolved: - tag: 0.25.0 - url: benjaminapetersen/pinniped-package-repo-package-concierge:0.25.0 - image: index.docker.io/benjaminapetersen/pinniped-package-repo-package-concierge@sha256:bcf825330cf8946b4c9a7a0cc7a774748dd519c4fe1c22a076b64dc9f369c59c -- annotations: - kbld.carvel.dev/id: benjaminapetersen/pinniped-package-repo-package-supervisor:0.25.0 - kbld.carvel.dev/origins: | - - resolved: - tag: 0.25.0 - url: benjaminapetersen/pinniped-package-repo-package-supervisor:0.25.0 - image: index.docker.io/benjaminapetersen/pinniped-package-repo-package-supervisor@sha256:53b9a52d499492d372688198e0cf9c9598835047ec67684f908f512f8a28fc96 -kind: ImagesLock diff --git a/deploy_carvel/package-repository/packages/concierge.pinniped.dev/0.25.0.yml b/deploy_carvel/package-repository/packages/concierge.pinniped.dev/0.25.0.yml deleted file mode 100644 index 05cab1ac..00000000 --- a/deploy_carvel/package-repository/packages/concierge.pinniped.dev/0.25.0.yml +++ /dev/null @@ -1,182 +0,0 @@ -apiVersion: data.packaging.carvel.dev/v1alpha1 -kind: Package -metadata: - name: concierge.pinniped.dev.0.25.0 -spec: - refName: concierge.pinniped.dev - version: 0.25.0 - releaseNotes: | - Initial release of the pinniped concierge package, TODO: AUTOMATE THIS?? - valuesSchema: - openAPIv3: - type: object - additionalProperties: false - properties: - app_name: - type: string - description: Namespace of pinniped-concierge - default: pinniped-concierge - namespace: - type: string - description: Creates a new namespace statically in yaml with the given name and installs the app into that namespace. - default: pinniped-concierge - into_namespace: - type: string - nullable: true - description: 'Overrides namespace. This is actually confusingly worded. TODO: CAN WE REWRITE THIS ONE???' - default: null - custom_labels: - type: object - additionalProperties: false - description: 'All resources created statically by yaml at install-time and all resources created dynamically by controllers at runtime will be labelled with `app: $app_name` and also with the labels specified here.' - properties: {} - replicas: - type: integer - default: 2 - image_repo: - type: string - description: Specify either an image_digest or an image_tag. If both are given, only image_digest will be used. - default: projects.registry.vmware.com/pinniped/pinniped-server - image_digest: - type: string - nullable: true - description: Specify either an image_digest or an image_tag. If both are given, only image_digest will be used. - default: null - image_tag: - type: string - description: Specify either an image_digest or an image_tag. If both are given, only image_digest will be used. - default: latest - package_image_repo: - type: string - nullable: true - default: null - package_image_digest: - type: string - nullable: true - default: null - package_image_tag: - type: string - nullable: true - default: null - package_version: - type: string - nullable: true - default: null - kube_cert_agent_image: - type: string - description: Optionally specify a different image for the "kube-cert-agent" pod which is scheduled on the control plane. This image needs only to include `sleep` and `cat` binaries. By default, the same image specified for image_repo/image_digest/image_tag will be re-used. - default: projects.registry.vmware.com/pinniped/pinniped-server - image_pull_dockerconfigjson: - type: object - additionalProperties: false - nullable: true - description: Specifies a secret to be used when pulling the above `image_repo` container image. Can be used when the image_repo is a private registry. - properties: - auths: - type: object - additionalProperties: false - properties: - https://registry.example.com: - type: object - additionalProperties: false - properties: - username: - type: string - default: USERNAME - password: - type: string - default: PASSWORD - auth: - type: string - default: BASE64_ENCODED_USERNAME_COLON_PASSWORD - discovery_url: - type: string - nullable: true - description: Pinniped will try to guess the right K8s API URL for sharing that information with potential clients. This setting allows the guess to be overridden. - default: null - api_serving_certificate_duration_seconds: - type: integer - description: Specify the duration and renewal interval for the API serving certificate. The defaults are set to expire the cert about every 30 days, and to rotate it about every 25 days. - default: 2592000 - api_serving_certificate_renew_before_seconds: - type: integer - default: 2160000 - log_level: - type: string - nullable: true - description: 'Specify the verbosity of logging: info ("nice to know" information), debug (developer information), trace (timing information), or all (kitchen sink). Do not use trace or all on production systems, as credentials may get logged.' - default: null - deprecated_log_format: - type: string - nullable: true - description: 'Specify the format of logging: json (for machine parsable logs) and text (for legacy klog formatted logs). By default, when this value is left unset, logs are formatted in json. This configuration is deprecated and will be removed in a future release at which point logs will always be formatted as json.' - default: null - run_as_user: - type: integer - description: run_as_user specifies the user ID that will own the process, see the Dockerfile for the reasoning behind this choice - default: 65532 - run_as_group: - type: integer - description: run_as_group specifies the group ID that will own the process, see the Dockerfile for the reasoning behind this choice - default: 65532 - api_group_suffix: - type: string - description: Specify the API group suffix for all Pinniped API groups. By default, this is set to pinniped.dev, so Pinniped API groups will look like foo.pinniped.dev, authentication.concierge.pinniped.dev, etc. As an example, if this is set to tuna.io, then Pinniped API groups will look like foo.tuna.io. authentication.concierge.tuna.io, etc. - default: pinniped.dev - impersonation_proxy_spec: - type: object - additionalProperties: false - description: Customize CredentialIssuer.spec.impersonationProxy to change how the concierge handles impersonation. - properties: - mode: - type: string - description: options are "auto", "disabled" or "enabled". - default: auto - external_endpoint: - type: string - description: The endpoint which the client should use to connect to the impersonation proxy. - default: http://example.com - service: - type: object - additionalProperties: false - properties: - type: - type: string - description: Options are "LoadBalancer", "ClusterIP" and "None". - default: LoadBalancer - annotations: - type: object - additionalProperties: false - description: The annotations that should be set on the ClusterIP or LoadBalancer Service. - properties: - service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: - type: string - default: "4000" - load_balancer_ip: - type: string - description: When mode LoadBalancer is set, this will set the LoadBalancer Service's Spec.LoadBalancerIP. - default: 1.2.3.4 - https_proxy: - type: string - nullable: true - description: Set the standard golang HTTPS_PROXY and NO_PROXY environment variables on the Concierge containers. These will be used when the Concierge makes backend-to-backend calls to authenticators using HTTPS, e.g. when the Concierge fetches discovery documents, JWKS keys, and POSTs to token webhooks. The Concierge never makes insecure HTTP calls, so there is no reason to set HTTP_PROXY. - default: null - no_proxy: - type: string - description: NO_PROXY environment variable. do not proxy Kubernetes endpoints - default: $(KUBERNETES_SERVICE_HOST),169.254.169.254,127.0.0.1,localhost,.svc,.cluster.local - template: - spec: - fetch: - - imgpkgBundle: - image: benjaminapetersen/pinniped-package-repo-package-concierge:0.25.0 - template: - - ytt: - paths: - - config/ - - kbld: - paths: - - .imgpkg/images.yml - - '-' - deploy: - - kapp: {} diff --git a/deploy_carvel/package-repository/packages/concierge.pinniped.dev/metadata.yml b/deploy_carvel/package-repository/packages/concierge.pinniped.dev/metadata.yml deleted file mode 100644 index 693d3dd2..00000000 --- a/deploy_carvel/package-repository/packages/concierge.pinniped.dev/metadata.yml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: data.packaging.carvel.dev/v1alpha1 -kind: PackageMetadata -metadata: - name: concierge.pinniped.dev -spec: - displayName: Pinniped Concierge - longDescription: Pinniped concierge enables consistent login across Kubernetes clusters on public cloud providers such as AKS, EKS and GKE - shortDescription: Pinniped concierge enables consistent login across public clouds - categories: - - auth diff --git a/deploy_carvel/package-repository/packages/supervisor.pinniped.dev/metadata.yml b/deploy_carvel/package-repository/packages/supervisor.pinniped.dev/metadata.yml deleted file mode 100644 index 9b4be984..00000000 --- a/deploy_carvel/package-repository/packages/supervisor.pinniped.dev/metadata.yml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: data.packaging.carvel.dev/v1alpha1 -kind: PackageMetadata -metadata: - name: supervisor.pinniped.dev -spec: - displayName: Pinniped Supervisor - longDescription: Pinniped supervisor allows seamless login across one or many Kubernetes clusters including AKS, EKS and GKE - shortDescription: Pinniped supervisor provides login capabilities - categories: - - auth diff --git a/deploy_carvel/package-repository/packages/supervisor.pinniped.dev/0.25.0.yml b/deploy_carvel/supervisor/schema-openapi.yaml similarity index 93% rename from deploy_carvel/package-repository/packages/supervisor.pinniped.dev/0.25.0.yml rename to deploy_carvel/supervisor/schema-openapi.yaml index 7a4bb9e4..bb60a2b3 100644 --- a/deploy_carvel/package-repository/packages/supervisor.pinniped.dev/0.25.0.yml +++ b/deploy_carvel/supervisor/schema-openapi.yaml @@ -1,16 +1,11 @@ -apiVersion: data.packaging.carvel.dev/v1alpha1 -kind: Package -metadata: - name: supervisor.pinniped.dev.0.25.0 -spec: - refName: supervisor.pinniped.dev - version: 0.25.0 - releaseNotes: | - Initial release of the pinniped supervisor package - licenses: - - Apache-2.0 - valuesSchema: - openAPIv3: +openapi: 3.0.0 +info: + version: 0.1.0 + title: Schema for data values, generated by ytt +paths: {} +components: + schemas: + dataValues: type: object additionalProperties: false properties: @@ -183,18 +178,3 @@ spec: type: boolean description: Optionally override the validation on the endpoints.http value which checks that only loopback interfaces are used. default: false - template: - spec: - fetch: - - imgpkgBundle: - image: benjaminapetersen/pinniped-package-repo-package-supervisor:0.25.0 - template: - - ytt: - paths: - - config/ - - kbld: - paths: - - .imgpkg/images.yml - - '-' - deploy: - - kapp: {} diff --git a/deploy_carvel/temp_actual_deploy_resources/supervisor-pkginstall.yml b/deploy_carvel/temp_actual_deploy_resources/supervisor-pkginstall.yml index 84f2d751..6634e1cc 100644 --- a/deploy_carvel/temp_actual_deploy_resources/supervisor-pkginstall.yml +++ b/deploy_carvel/temp_actual_deploy_resources/supervisor-pkginstall.yml @@ -27,7 +27,7 @@ stringData: namespace: supervisor api_group_suffix: pinniped.dev image_repo: pinniped.local/test/build - image_tag: 879CCF7A-2F00-4355-80A6-76C713116D93 + image_tag: 9EA78F67-5129-45B4-96E1-597073E864F9 log_level: debug service_https_nodeport_port: 443 diff --git a/hack/prepare-supervisor-on-kind.sh b/hack/prepare-supervisor-on-kind.sh index a56e5970..726b5027 100755 --- a/hack/prepare-supervisor-on-kind.sh +++ b/hack/prepare-supervisor-on-kind.sh @@ -137,6 +137,11 @@ sleep 5 # Test that the federation domain is working before we proceed. echo "Fetching FederationDomain discovery info..." +echo "proxy: ${PINNIPED_TEST_PROXY}" +echo "cacert: ${root_ca_crt_path}" +echo "issuer: ${issuer}" +echo "curl via:" +echo "https_proxy='$PINNIPED_TEST_PROXY' curl -fLsS --cacert '$root_ca_crt_path' '$issuer/.well-known/openid-configuration' | jq ." https_proxy="$PINNIPED_TEST_PROXY" curl -fLsS --cacert "$root_ca_crt_path" "$issuer/.well-known/openid-configuration" | jq . if [[ "$use_oidc_upstream" == "yes" ]]; then