diff --git a/deploy/README.md b/deploy/concierge/README.md similarity index 86% rename from deploy/README.md rename to deploy/concierge/README.md index 9f5cb13d..aecbeb0e 100644 --- a/deploy/README.md +++ b/deploy/concierge/README.md @@ -4,7 +4,7 @@ If you would like to try Pinniped, but you don't have a compatible identity provider, you can use Pinniped's test identity provider. -See [deploy-local-user-authenticator/README.md](../deploy-local-user-authenticator/README.md) +See [deploy/local-user-authenticator/README.md](../../deploy/local-user-authenticator/README.md) for details. ## Installing the Latest Version with Default Options @@ -26,14 +26,14 @@ kubectl apply -f https://github.com/vmware-tanzu/pinniped/releases/download/v0.2 ## Installing with Custom Options Creating your own deployment YAML file requires `ytt` from [Carvel](https://carvel.dev/) to template the YAML files -in the [deploy](../deploy) directory. +in the `deploy/concierge` directory. Either [install `ytt`](https://get-ytt.io/) or use the [container image from Dockerhub](https://hub.docker.com/r/k14s/image/tags). 1. `git clone` this repo and `git checkout` the release version tag of the release that you would like to deploy. -1. The configuration options are in [deploy/values.yml](values.yaml). +1. The configuration options are in [deploy/concierge/values.yml](values.yaml). Fill in the values in that file, or override those values using additional `ytt` command-line options in the command below. Use the release version tag as the `image_tag` value. -2. In a terminal, cd to this `deploy` directory +2. In a terminal, cd to this `deploy/concierge` directory 3. To generate the final YAML files, run `ytt --file .` 4. Deploy the generated YAML using your preferred deployment tool, such as `kubectl` or [`kapp`](https://get-kapp.io/). For example: `ytt --file . | kapp deploy --yes --app pinniped --diff-changes --file -` diff --git a/deploy/config.pinniped.dev_credentialissuerconfigs.yaml b/deploy/concierge/config.pinniped.dev_credentialissuerconfigs.yaml similarity index 100% rename from deploy/config.pinniped.dev_credentialissuerconfigs.yaml rename to deploy/concierge/config.pinniped.dev_credentialissuerconfigs.yaml diff --git a/deploy/deployment.yaml b/deploy/concierge/deployment.yaml similarity index 100% rename from deploy/deployment.yaml rename to deploy/concierge/deployment.yaml diff --git a/deploy/idp.pinniped.dev_webhookidentityproviders.yaml b/deploy/concierge/idp.pinniped.dev_webhookidentityproviders.yaml similarity index 100% rename from deploy/idp.pinniped.dev_webhookidentityproviders.yaml rename to deploy/concierge/idp.pinniped.dev_webhookidentityproviders.yaml diff --git a/deploy/rbac.yaml b/deploy/concierge/rbac.yaml similarity index 100% rename from deploy/rbac.yaml rename to deploy/concierge/rbac.yaml diff --git a/deploy/values.yaml b/deploy/concierge/values.yaml similarity index 100% rename from deploy/values.yaml rename to deploy/concierge/values.yaml diff --git a/deploy-local-user-authenticator/README.md b/deploy/local-user-authenticator/README.md similarity index 96% rename from deploy-local-user-authenticator/README.md rename to deploy/local-user-authenticator/README.md index d1d2f404..44334af9 100644 --- a/deploy-local-user-authenticator/README.md +++ b/deploy/local-user-authenticator/README.md @@ -31,14 +31,14 @@ kubectl apply -f https://github.com/vmware-tanzu/pinniped/releases/download/v0.2 ## Installing with Custom Options Creating your own deployment YAML file requires `ytt` from [Carvel](https://carvel.dev/) to template the YAML files -in the [deploy-local-user-authenticator](../deploy-local-user-authenticator) directory. +in the `deploy/local-user-authenticator` directory. Either [install `ytt`](https://get-ytt.io/) or use the [container image from Dockerhub](https://hub.docker.com/r/k14s/image/tags). 1. `git clone` this repo and `git checkout` the release version tag of the release that you would like to deploy. -1. The configuration options are in [deploy-local-user-authenticator/values.yml](values.yaml). +1. The configuration options are in [deploy/local-user-authenticator/values.yml](values.yaml). Fill in the values in that file, or override those values using additional `ytt` command-line options in the command below. Use the release version tag as the `image_tag` value. -2. In a terminal, cd to this `deploy-local-user-authenticator` directory +2. In a terminal, cd to this `deploy/local-user-authenticator` directory 3. To generate the final YAML files, run `ytt --file .` 4. Deploy the generated YAML using your preferred deployment tool, such as `kubectl` or [`kapp`](https://get-kapp.io/). For example: `ytt --file . | kapp deploy --yes --app local-user-authenticator --diff-changes --file -` @@ -79,7 +79,7 @@ kubectl get secret local-user-authenticator-tls-serving-certificate --namespace When installing Pinniped on the same cluster, configure local-user-authenticator as an Identity Provider for Pinniped using the webhook URL `https://local-user-authenticator.local-user-authenticator.svc/authenticate` -along with the CA bundle fetched by the above command. See [doc/demo.md](../doc/demo.md) for an example. +along with the CA bundle fetched by the above command. See [doc/demo.md](../../doc/demo.md) for an example. ## Optional: Manually Testing the Webhook Endpoint After Installing diff --git a/deploy-local-user-authenticator/deployment.yaml b/deploy/local-user-authenticator/deployment.yaml similarity index 100% rename from deploy-local-user-authenticator/deployment.yaml rename to deploy/local-user-authenticator/deployment.yaml diff --git a/deploy-local-user-authenticator/rbac.yaml b/deploy/local-user-authenticator/rbac.yaml similarity index 100% rename from deploy-local-user-authenticator/rbac.yaml rename to deploy/local-user-authenticator/rbac.yaml diff --git a/deploy-local-user-authenticator/values.yaml b/deploy/local-user-authenticator/values.yaml similarity index 100% rename from deploy-local-user-authenticator/values.yaml rename to deploy/local-user-authenticator/values.yaml diff --git a/deploy-supervisor/README.md b/deploy/supervisor/README.md similarity index 90% rename from deploy-supervisor/README.md rename to deploy/supervisor/README.md index 0a1c3106..7920b6cb 100644 --- a/deploy-supervisor/README.md +++ b/deploy/supervisor/README.md @@ -24,14 +24,14 @@ kubectl apply -f https://github.com/vmware-tanzu/pinniped/releases/download/v0.3 ## Installing with Custom Options Creating your own deployment YAML file requires `ytt` from [Carvel](https://carvel.dev/) to template the YAML files -in the [deploy-supervisor](../deploy-supervisor) directory. +in the `deploy/supervisor` directory. Either [install `ytt`](https://get-ytt.io/) or use the [container image from Dockerhub](https://hub.docker.com/r/k14s/image/tags). 1. `git clone` this repo and `git checkout` the release version tag of the release that you would like to deploy. -1. The configuration options are in [deploy-supervisor/values.yml](values.yaml). +1. The configuration options are in [deploy/supervisor/values.yml](values.yaml). Fill in the values in that file, or override those values using additional `ytt` command-line options in the command below. Use the release version tag as the `image_tag` value. -2. In a terminal, cd to this `deploy-supervisor` directory +2. In a terminal, cd to this `deploy/supervisor` directory 3. To generate the final YAML files, run `ytt --file .` 4. Deploy the generated YAML using your preferred deployment tool, such as `kubectl` or [`kapp`](https://get-kapp.io/). For example: `ytt --file . | kapp deploy --yes --app pinniped-supervisor --diff-changes --file -` diff --git a/deploy/config.pinniped.dev_oidcproviderconfigs.yaml b/deploy/supervisor/config.pinniped.dev_oidcproviderconfigs.yaml similarity index 100% rename from deploy/config.pinniped.dev_oidcproviderconfigs.yaml rename to deploy/supervisor/config.pinniped.dev_oidcproviderconfigs.yaml diff --git a/deploy-supervisor/deployment.yaml b/deploy/supervisor/deployment.yaml similarity index 100% rename from deploy-supervisor/deployment.yaml rename to deploy/supervisor/deployment.yaml diff --git a/deploy-supervisor/rbac.yaml b/deploy/supervisor/rbac.yaml similarity index 100% rename from deploy-supervisor/rbac.yaml rename to deploy/supervisor/rbac.yaml diff --git a/deploy-supervisor/values.yaml b/deploy/supervisor/values.yaml similarity index 100% rename from deploy-supervisor/values.yaml rename to deploy/supervisor/values.yaml diff --git a/doc/demo.md b/doc/demo.md index 52d9e766..6318988c 100644 --- a/doc/demo.md +++ b/doc/demo.md @@ -11,7 +11,7 @@ Don't have an identity provider of a type supported by Pinniped handy? No problem, there is a demo identity provider available. Start by installing local-user-authenticator on the same cluster where you would like to try Pinniped - by following the directions in [deploy-local-user-authenticator/README.md](../deploy-local-user-authenticator/README.md). + by following the directions in [deploy/local-user-authenticator/README.md](../deploy/local-user-authenticator/README.md). See below for an example of deploying this on kind. 1. A kubeconfig where the current context points to the cluster and has admin-like @@ -22,7 +22,7 @@ Installing and trying Pinniped on any cluster will consist of the following general steps. See the next section below for a more specific example of installing onto a local kind cluster, including the exact commands to use for that case. -1. Install Pinniped. See [deploy/README.md](../deploy/README.md). +1. Install Pinniped. See [deploy/concierge/README.md](../deploy/concierge/README.md). 1. Download the Pinniped CLI from [Pinniped's github Releases page](https://github.com/vmware-tanzu/pinniped/releases/latest). 1. Generate a kubeconfig using the Pinniped CLI. Run `pinniped get-kubeconfig --help` for more information. 1. Run `kubectl` commands using the generated kubeconfig. Pinniped will automatically be used for authentication during those commands. @@ -38,9 +38,9 @@ as the identity provider.
-
@@ -88,7 +88,7 @@ as the identity provider. The `install-local-user-authenticator.yaml` file includes the default deployment options. If you would prefer to customize the available options, please - see [deploy-local-user-authenticator/README.md](../deploy-local-user-authenticator/README.md) + see [deploy/local-user-authenticator/README.md](../deploy/local-user-authenticator/README.md) for instructions on how to deploy using `ytt`. 1. Create a test user named `pinny-the-seal` in the local-user-authenticator identity provider. @@ -115,7 +115,7 @@ as the identity provider. ``` The `install-pinniped.yaml` file includes the default deployment options. - If you would prefer to customize the available options, please see [deploy/README.md](../deploy/README.md) + If you would prefer to customize the available options, please see [deploy/concierge/README.md](../deploy/concierge/README.md) for instructions on how to deploy using `ytt`. 1. Create a `WebhookIdentityProvider` object to configure Pinniped to authenticate using local-user-authenticator. diff --git a/hack/lib/tilt/Tiltfile b/hack/lib/tilt/Tiltfile index 0a7372ef..16b77077 100644 --- a/hack/lib/tilt/Tiltfile +++ b/hack/lib/tilt/Tiltfile @@ -26,7 +26,7 @@ docker_build_with_restart('image/local-user-auth', '.', # Render the local-user-authenticator installation manifest using ytt. k8s_yaml(local([ 'ytt', - '--file', '../../../deploy-local-user-authenticator', + '--file', '../../../deploy/local-user-authenticator', '--data-value', 'image_repo=image/local-user-auth', '--data-value', 'image_tag=tilt-dev', ])) @@ -54,7 +54,7 @@ docker_build_with_restart('image/pinniped', '.', # Render the Pinniped server installation manifest using ytt. k8s_yaml(local([ 'sh', '-c', - 'ytt --file ../../../deploy ' + + 'ytt --file ../../../deploy/concierge ' + '--data-value namespace=integration ' + '--data-value image_repo=image/pinniped ' + '--data-value image_tag=tilt-dev ' + diff --git a/hack/prepare-for-integration-tests.sh b/hack/prepare-for-integration-tests.sh index 7985140a..0e2cd87f 100755 --- a/hack/prepare-for-integration-tests.sh +++ b/hack/prepare-for-integration-tests.sh @@ -164,7 +164,7 @@ if ! tilt_mode; then # # Deploy local-user-authenticator # - pushd deploy-local-user-authenticator >/dev/null + pushd deploy/local-user-authenticator >/dev/null log_note "Deploying the local-user-authenticator app to the cluster..." ytt --file . \ @@ -203,7 +203,7 @@ kubectl create secret generic "$test_username" \ supervisor_app_name="pinniped-supervisor" supervisor_namespace="pinniped-supervisor" -pushd deploy-supervisor >/dev/null +pushd deploy/supervisor >/dev/null log_note "Deploying the Pinniped Supervisor app to the cluster..." ytt --file . \ @@ -246,7 +246,7 @@ if ! tilt_mode; then # # Deploy Pinniped # - pushd deploy >/dev/null + pushd deploy/concierge >/dev/null log_note "Deploying the Pinniped app to the cluster..." ytt --file . \ diff --git a/hack/update.sh b/hack/update.sh index e6df6b94..98593f03 100755 --- a/hack/update.sh +++ b/hack/update.sh @@ -7,6 +7,20 @@ set -euo pipefail ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd )" +# Generate code. xargs "$ROOT/hack/lib/update-codegen.sh" < "${ROOT}/hack/lib/kube-versions.txt" -cp "$ROOT/generated/1.19/crds/"*.yaml "$ROOT/deploy/" + +# Copy each CRD yaml to the app which should cause it to be installed. +cp "$ROOT"/generated/1.19/crds/*oidcproviderconfigs.yaml "$ROOT/deploy/supervisor" +cp "$ROOT"/generated/1.19/crds/*credentialissuerconfigs.yaml "$ROOT/deploy/concierge" +cp "$ROOT"/generated/1.19/crds/*webhookidentityproviders.yaml "$ROOT/deploy/concierge" + +# Make sure we didn't miss any new CRDs. +crdCount=$(find "$ROOT"/generated/1.19/crds/ -maxdepth 1 -type f -name '*.yaml' | wc -l | tr -d ' ') +if [[ "$crdCount" != "3" ]]; then + echo "Looks like you added a new CRD. Please update this update.sh script to decide where to copy it and then run it again." + exit 1 +fi + +# Tidy. "$ROOT/hack/module.sh" tidy