diff --git a/README.rst b/README.rst index 0d0e7d0..ab7f0b1 100644 --- a/README.rst +++ b/README.rst @@ -1,10 +1,10 @@ # StarlingX/Cert-Manager-Armada-App ## Introduction -[Cert-Manager](https://cert-manager.io/) is Kubernetes native application that facilities certificate management. This repository deploys Cert-Manager as a platform-managed application using Armada Helm Charts for the StarlingX project. +[Cert-Manager](https://cert-manager.io/) is Kubernetes native application that facilities certificate management. This repository deploys Cert-Manager as a platform-managed application using FluxCD Helm Charts for the StarlingX project. ## Build -The build tools available as indepdendent repositories under the StarlingX project are necessary to build this Armada chart. +The build tools available as independent repositories under the StarlingX project are necessary to build this application. See [StarlingX Build Guide](https://docs.starlingx.io/developer_resources/build_guide.html) for more details. diff --git a/centos_pkg_dirs b/centos_pkg_dirs index 61aee84..005a34c 100644 --- a/centos_pkg_dirs +++ b/centos_pkg_dirs @@ -1,3 +1,2 @@ -cert-manager-helm stx-cert-manager-helm python-k8sapp-cert-manager \ No newline at end of file diff --git a/cert-manager-helm/Readme.rst b/cert-manager-helm/Readme.rst deleted file mode 100644 index 9874587..0000000 --- a/cert-manager-helm/Readme.rst +++ /dev/null @@ -1,10 +0,0 @@ -This repo is for -https://github.com/jetstack/cert-manager/ - -Changes to this repo are needed for StarlingX and those changes are -not yet merged. -Rather than clone and diverge the repo, the repo is extracted at a particular -git SHA, and patches are applied on top. - -As those patches are merged, the SHA can be updated and -the local patches removed. diff --git a/cert-manager-helm/centos/build_srpm.data b/cert-manager-helm/centos/build_srpm.data deleted file mode 100644 index 6fc3cbc..0000000 --- a/cert-manager-helm/centos/build_srpm.data +++ /dev/null @@ -1,16 +0,0 @@ -TAR_NAME=helm-charts-certmanager - -# Armada version -SHA=1d6ecc9cf8d841782acb5f3d3c28467c24c5fd18 -VERSION=1.0.0 -ARMADA_TAR="$TAR_NAME-$SHA.tar.gz" - -# FluxCD version -CM_VERSION=1.7.1 -FLUXCD_TAR="$TAR_NAME-$CM_VERSION.tar.gz" - -COPY_LIST="${CGCS_BASE}/downloads/$ARMADA_TAR ${CGCS_BASE}/downloads/$FLUXCD_TAR $PKG_BASE/files/* " - -OPT_DEP_LIST="$STX_BASE/cert-manager-armada-app/stx-cert-manager-helm" - -TIS_PATCH_VER=PKG_GITREVCOUNT diff --git a/cert-manager-helm/centos/cert-manager-helm.spec b/cert-manager-helm/centos/cert-manager-helm.spec deleted file mode 100644 index a1b2206..0000000 --- a/cert-manager-helm/centos/cert-manager-helm.spec +++ /dev/null @@ -1,65 +0,0 @@ -# Build variables -%global helm_folder /usr/lib/helm - -%global sha 1d6ecc9cf8d841782acb5f3d3c28467c24c5fd18 - -Summary: Cert-Manager helm charts -Name: cert-manager-helm -Version: 1.0 -Release: %{tis_patch_ver}%{?_tis_dist} -License: Apache-2.0 -Group: base -Packager: Wind River -URL: https://cert-manager.io/docs/installation/kubernetes/ - -Source0: helm-charts-certmanager-%{sha}.tar.gz -Source1: repositories.yaml -Source2: index.yaml -Source3: Makefile - -BuildArch: noarch - -Patch01: 0001-Patch-for-acmesolver.patch - -BuildRequires: helm -BuildRequires: chartmuseum - -%description -StarlingX Cert-Manager Helm Charts - -%prep -%setup -n helm-charts-certmanager - -%patch01 -p1 - -%build -# Host a server for the charts -chartmuseum --debug --port=8879 --context-path='/charts' --storage="local" --storage-local-rootdir="." & -sleep 2 -helm repo add local http://localhost:8879/charts - -# Copy CRD yaml files to templates -cp deploy/crds/*.yaml deploy/charts/cert-manager/templates/ - -# Create the tgz files -cp %{SOURCE3} deploy/charts -cd deploy/charts - -# In Cert-manager release-0.15, 'helm lint' fails -# on templates/BUILD.bazel (with invalid file extension) -# Removing the problem file -rm cert-manager/templates/BUILD.bazel - -make cert-manager -cd - - -# terminate helm server (the last backgrounded task) -kill %1 - -%install -install -d -m 755 ${RPM_BUILD_ROOT}%{helm_folder} -install -p -D -m 755 deploy/charts/*.tgz ${RPM_BUILD_ROOT}%{helm_folder} - -%files -%defattr(-,root,root,-) -%{helm_folder}/* diff --git a/cert-manager-helm/debian/deb_folder/cert-manager-helm.install b/cert-manager-helm/debian/deb_folder/cert-manager-helm.install deleted file mode 100644 index 8a0c6de..0000000 --- a/cert-manager-helm/debian/deb_folder/cert-manager-helm.install +++ /dev/null @@ -1 +0,0 @@ -usr/lib/helm/* diff --git a/cert-manager-helm/debian/deb_folder/changelog b/cert-manager-helm/debian/deb_folder/changelog deleted file mode 100644 index 0177c9c..0000000 --- a/cert-manager-helm/debian/deb_folder/changelog +++ /dev/null @@ -1,5 +0,0 @@ -cert-manager-helm (1.0-1) unstable; urgency=medium - - * Initial release. - - -- Tracey Bogue Mon, 25 Oct 2021 15:14:42 +0000 diff --git a/cert-manager-helm/debian/deb_folder/control b/cert-manager-helm/debian/deb_folder/control deleted file mode 100644 index a471b1b..0000000 --- a/cert-manager-helm/debian/deb_folder/control +++ /dev/null @@ -1,18 +0,0 @@ -Source: cert-manager-helm -Section: libs -Priority: optional -Maintainer: StarlingX Developers -Build-Depends: debhelper-compat (= 13), - chartmuseum, - helm, - procps -Standards-Version: 4.5.1 -Homepage: https://www.starlingx.io - -Package: cert-manager-helm -Section: libs -Architecture: any -Depends: ${misc:Depends} -Description: StarlingX Cert Manager Helm Charts - This package contains certificate manager helm charts for the certificate - manager application. diff --git a/cert-manager-helm/debian/deb_folder/copyright b/cert-manager-helm/debian/deb_folder/copyright deleted file mode 100644 index 73dd1be..0000000 --- a/cert-manager-helm/debian/deb_folder/copyright +++ /dev/null @@ -1,41 +0,0 @@ -Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -Upstream-Name: cert-manager-helm -Source: https://opendev.org/starlingx/cert-manager-armada-app/ - -Files: * -Copyright: (c) 2013-2021 Wind River Systems, Inc -License: Apache-2 - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - . - https://www.apache.org/licenses/LICENSE-2.0 - . - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - . - On Debian-based systems the full text of the Apache version 2.0 license - can be found in `/usr/share/common-licenses/Apache-2.0'. - -# If you want to use GPL v2 or later for the /debian/* files use -# the following clauses, or change it to suit. Delete these two lines -Files: debian/* -Copyright: 2021 Wind River Systems, Inc -License: Apache-2 - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - . - https://www.apache.org/licenses/LICENSE-2.0 - . - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - . - On Debian-based systems the full text of the Apache version 2.0 license - can be found in `/usr/share/common-licenses/Apache-2.0'. diff --git a/cert-manager-helm/debian/deb_folder/rules b/cert-manager-helm/debian/deb_folder/rules deleted file mode 100755 index e65f714..0000000 --- a/cert-manager-helm/debian/deb_folder/rules +++ /dev/null @@ -1,43 +0,0 @@ -#!/usr/bin/make -f -# export DH_VERBOSE = 1 - -export ROOT = debian/tmp -export CHART_FOLDER = $(ROOT)/usr/lib/helm -export CERT_MGR_PKG="helm-charts-certmanager-1d6ecc9cf8d841782acb5f3d3c28467c24c5fd18.tar.gz" - -%: - dh $@ - -override_dh_auto_build: - tar xzf $(CERT_MGR_PKG) - # Move the extracted helm chart files to the top level build directory. - # Remove the helm-charts-certmanager Makefile first so it doesn't overwrite - # our Makefile. - rm helm-charts-certmanager/Makefile - mv helm-charts-certmanager/* . - # Apply the daemonset tolerations patch. - patch -p1 < 0001-Patch-for-acmesolver.patch - # Host a server for the helm charts. - chartmuseum --debug --port=8879 --context-path='/charts' --storage="local" \ - --storage-local-rootdir="." & - sleep 2 - helm repo add local http://localhost:8879/charts - # Copy CRD yaml files to templates. - cp deploy/crds/*.yaml deploy/charts/cert-manager/templates/ - # Set up chart build files. - cp Makefile deploy/charts - # In Cert-manager release-0.15, 'helm lint' fails - # on templates/BUILD.bazel (with invalid file extension). - # Remove the problem file. - rm deploy/charts/cert-manager/templates/BUILD.bazel - # Create the TGZ file. - cd deploy/charts && make cert-manager - # Terminate the helm chart server. - pkill chartmuseum - -override_dh_auto_install: - # Install the app tar file. - install -d -m 755 $(CHART_FOLDER) - install -p -D -m 755 deploy/charts/*.tgz $(CHART_FOLDER) - -override_dh_auto_test: diff --git a/cert-manager-helm/debian/deb_folder/source/format b/cert-manager-helm/debian/deb_folder/source/format deleted file mode 100644 index 163aaf8..0000000 --- a/cert-manager-helm/debian/deb_folder/source/format +++ /dev/null @@ -1 +0,0 @@ -3.0 (quilt) diff --git a/cert-manager-helm/debian/meta_data.yaml b/cert-manager-helm/debian/meta_data.yaml deleted file mode 100644 index d35a696..0000000 --- a/cert-manager-helm/debian/meta_data.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -debname: cert-manager-helm -debver: 1.0-1 -src_path: files -dl_files: - helm-charts-certmanager-1d6ecc9cf8d841782acb5f3d3c28467c24c5fd18.tar.gz: - topdir: helm-charts-certmanager - url: https://github.com/jetstack/cert-manager/archive/1d6ecc9cf8d841782acb5f3d3c28467c24c5fd18.tar.gz - md5sum: 1df383cda8832bc4aff400646eef76f1 -revision: - dist: $STX_DIST - PKG_GITREVCOUNT: true diff --git a/cert-manager-helm/files/0001-Patch-for-acmesolver.patch b/cert-manager-helm/files/0001-Patch-for-acmesolver.patch deleted file mode 100644 index 69e407e..0000000 --- a/cert-manager-helm/files/0001-Patch-for-acmesolver.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 9f02b5315638eaa5e1a261672c30169f5977adb8 Mon Sep 17 00:00:00 2001 -From: Sabeel Ansari -Date: Mon, 25 May 2020 10:14:33 -0400 -Subject: [PATCH] Patch for acmesolver - ---- - deploy/charts/cert-manager/templates/deployment.yaml | 1 + - deploy/charts/cert-manager/values.yaml | 8 ++++++++ - 2 files changed, 9 insertions(+) - -diff --git a/deploy/charts/cert-manager/templates/deployment.yaml b/deploy/charts/cert-manager/templates/deployment.yaml -index f4bda18..85177c6 100644 ---- a/deploy/charts/cert-manager/templates/deployment.yaml -+++ b/deploy/charts/cert-manager/templates/deployment.yaml -@@ -85,6 +85,7 @@ spec: - - --cluster-resource-namespace=$(POD_NAMESPACE) - {{- end }} - - --leader-election-namespace={{ .Values.global.leaderElection.namespace }} -+ - --acme-http01-solver-image={{ .Values.acmesolver.image.repository }}:{{ default .Chart.AppVersion .Values.acmesolver.image.tag }} - {{- if .Values.extraArgs }} - {{ toYaml .Values.extraArgs | indent 10 }} - {{- end }} -diff --git a/deploy/charts/cert-manager/values.yaml b/deploy/charts/cert-manager/values.yaml -index 40c8e59..9a3c7f8 100644 ---- a/deploy/charts/cert-manager/values.yaml -+++ b/deploy/charts/cert-manager/values.yaml -@@ -259,3 +259,11 @@ cainjector: - # name: "" - # Optional additional annotations to add to the controller's ServiceAccount - # annotations: {} -+ -+acmesolver: -+ -+ image: -+ repository: quay.io/jetstack/cert-manager-acmesolver -+ # Override the image tag to deploy by setting this variable. -+ # If no value is set, the chart's appVersion will be used. -+ # tag: canary --- -1.8.3.1 - diff --git a/cert-manager-helm/files/Makefile b/cert-manager-helm/files/Makefile deleted file mode 100644 index 08b83ae..0000000 --- a/cert-manager-helm/files/Makefile +++ /dev/null @@ -1,43 +0,0 @@ -# -# Copyright 2017 The Openstack-Helm Authors. -# -# Copyright (c) 2020 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# It's necessary to set this because some environments don't link sh -> bash. -SHELL := /bin/bash -TASK := build - -EXCLUDES := helm-toolkit doc tests tools logs tmp -CHARTS := helm-toolkit $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.))) - -.PHONY: $(EXCLUDES) $(CHARTS) - -all: $(CHARTS) - -$(CHARTS): - @if [ -d $@ ]; then \ - echo; \ - echo "===== Processing [$@] chart ====="; \ - make $(TASK)-$@; \ - fi - -init-%: - if [ -f $*/Makefile ]; then make -C $*; fi - if [ -f $*/requirements.yaml ]; then helm dep up $*; fi - -lint-%: init-% - if [ -d $* ]; then helm lint $*; fi - -build-%: lint-% - if [ -d $* ]; then helm package $*; fi - -clean: - @echo "Clean all build artifacts" - rm -f */templates/_partials.tpl */templates/_globals.tpl - rm -f *tgz */charts/*tgz */requirements.lock - rm -rf */charts */tmpcharts - -%: - @: diff --git a/cert-manager-helm/files/index.yaml b/cert-manager-helm/files/index.yaml deleted file mode 100644 index 166dfef..0000000 --- a/cert-manager-helm/files/index.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -apiVersion: v1 -entries: {} -generated: 2019-01-07T12:33:46.098166523-06:00 diff --git a/cert-manager-helm/files/repositories.yaml b/cert-manager-helm/files/repositories.yaml deleted file mode 100644 index 7fbaebd..0000000 --- a/cert-manager-helm/files/repositories.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -apiVersion: v1 -generated: 2019-01-02T15:19:36.215111369-06:00 -repositories: - - caFile: "" - cache: /builddir/.helm/repository/cache/local-index.yaml - certFile: "" - keyFile: "" - name: local - password: "" - url: http://127.0.0.1:8879/charts - username: "" diff --git a/debian_pkg_dirs b/debian_pkg_dirs index 5b31c3c..4a8d68c 100644 --- a/debian_pkg_dirs +++ b/debian_pkg_dirs @@ -1,3 +1,2 @@ -cert-manager-helm python-k8sapp-cert-manager stx-cert-manager-helm \ No newline at end of file diff --git a/stx-cert-manager-helm/centos/build_srpm.data b/stx-cert-manager-helm/centos/build_srpm.data index c54e032..23273eb 100644 --- a/stx-cert-manager-helm/centos/build_srpm.data +++ b/stx-cert-manager-helm/centos/build_srpm.data @@ -7,15 +7,10 @@ TIS_PATCH_VER=GITREVCOUNT TAR_NAME=helm-charts-certmanager -# Armada version -SHA=1d6ecc9cf8d841782acb5f3d3c28467c24c5fd18 -ARMADA_TAR="$TAR_NAME-$SHA.tar.gz" - -# FluxCD version CM_VERSION=1.7.1 -FLUXCD_TAR="$TAR_NAME-$CM_VERSION.tar.gz" +TARBALL="$TAR_NAME-$CM_VERSION.tar.gz" -COPY_LIST="${CGCS_BASE}/downloads/$ARMADA_TAR ${CGCS_BASE}/downloads/$FLUXCD_TAR $PKG_BASE/$SRC_DIR/files/* $PKG_BASE/$SRC_DIR/manifests/* $PKG_BASE/$SRC_DIR/fluxcd-manifests/*" +COPY_LIST="${CGCS_BASE}/downloads/$TARBALL $PKG_BASE/$SRC_DIR/files/* $PKG_BASE/$SRC_DIR/fluxcd-manifests/*" COPY_LIST_TO_TAR="\ $STX_BASE/helm-charts/psp-rolebinding/psp-rolebinding/helm-charts \ @@ -23,5 +18,4 @@ COPY_LIST_TO_TAR="\ OPT_DEP_LIST="\ $STX_BASE/cert-manager-armada-app/python-k8sapp-cert-manager \ - $STX_BASE/cert-manager-armada-app/cert-manager-helm \ " diff --git a/stx-cert-manager-helm/centos/stx-cert-manager-helm.spec b/stx-cert-manager-helm/centos/stx-cert-manager-helm.spec index c9c8b93..09795fe 100644 --- a/stx-cert-manager-helm/centos/stx-cert-manager-helm.spec +++ b/stx-cert-manager-helm/centos/stx-cert-manager-helm.spec @@ -8,10 +8,9 @@ # Build variables %global helm_folder /usr/lib/helm -%global fluxcd_cm_version 1.7.1 +%global cm_version 1.7.1 Summary: StarlingX Cert-Manager Application FluxCD Helm Charts -#StarlingX Cert-Manager Armada Helm Charts Name: stx-cert-manager-helm Version: 1.0 Release: %{tis_patch_ver}%{?_tis_dist} @@ -22,16 +21,13 @@ URL: unknown Source0: helm-charts-certmanager-%{version}.tar.gz Source1: Makefile - -# fluxcd specific source items -Source4: 0001-Patch-for-acmesolver-and-chartyaml-cm-v1.7.1.patch -Source5: helm-charts-certmanager-%{fluxcd_cm_version}.tar.gz +Source2: 0001-Patch-for-acmesolver-and-chartyaml-cm-v1.7.1.patch +Source3: helm-charts-certmanager-%{cm_version}.tar.gz BuildArch: noarch BuildRequires: helm BuildRequires: chartmuseum -BuildRequires: cert-manager-helm BuildRequires: python-k8sapp-cert-manager BuildRequires: python-k8sapp-cert-manager-wheels @@ -47,54 +43,55 @@ chartmuseum --debug --port=8879 --context-path='/charts' --storage="local" --sto sleep 2 helm repo add local http://localhost:8879/charts -# Make the charts. These produce a tgz file +# Make psp-rolebinding chart. These produce a tgz file cd helm-charts make psp-rolebinding cd - -# set up fluxcd tar source +# Extract the cert-manager chart cd %{_builddir} rm -rf fluxcd /usr/bin/mkdir -p fluxcd cd fluxcd -/usr/bin/tar xfv /builddir/build/SOURCES/helm-charts-certmanager-%{fluxcd_cm_version}.tar.gz +/usr/bin/tar xfv %{SOURCE3} +# Apply patches with our modifications cd %{_builddir}/fluxcd/helm-charts -cp %{SOURCE4} . -patch -p1 < %{SOURCE4} -rm -f deploy/charts/cert-manager/templates/deployment.yaml.orig +cp %{SOURCE2} . +patch -p1 < %{SOURCE2} # Copy CRD yaml files to templates cp deploy/crds/*.yaml deploy/charts/cert-manager/templates/ -# Create the tgz files -cp %{SOURCE1} deploy/charts +# Copy Makefile cd deploy/charts +cp %{SOURCE1} . -# In Cert-manager release, 'helm lint' fails -# on templates/BUILD.bazel (with invalid file extension) -# Removing the problem file +# Remove files causing lint error from cert-manager release rm cert-manager/templates/BUILD.bazel +rm cert-manager/templates/deployment.yaml.orig +# Make the updated cert-manager helm-chart make cert-manager -mv *.tgz %{app_name}-fluxcd-%{version}-%{tis_patch_ver}.tgz +mv *.tgz %{app_name}-%{version}-%{tis_patch_ver}.tgz cd - -# terminate helm server (the last backgrounded task) +# Terminate helm server (the last background task) kill %1 # Create a chart tarball compliant with sysinv kube-app.py %define app_staging %{_builddir}/staging -%define app_tarball_fluxcd %{app_name}-%{version}-%{tis_patch_ver}.tgz +%define app_tarball %{app_name}-%{version}-%{tis_patch_ver}.tgz -# Setup staging +# Setup the staging directory cd %{_builddir}/helm-charts-certmanager-%{version} mkdir -p %{app_staging} cp files/metadata.yaml %{app_staging} -cp manifests/*.yaml %{app_staging} mkdir -p %{app_staging}/charts -cp helm-charts/*.tgz %{app_staging}/charts -cp %{helm_folder}/cert*.tgz %{app_staging}/charts +cp %{_builddir}/fluxcd/helm-charts/deploy/charts/*.tgz %{app_staging}/charts +cp %{_builddir}/helm-charts-certmanager-%{version}/helm-charts/psp*.tgz %{app_staging}/charts +cp -Rv fluxcd-manifests %{app_staging}/ + cd %{app_staging} # Populate metadata @@ -106,27 +103,18 @@ sed -i 's/@HELM_REPO@/%{helm_repo}/g' %{app_staging}/metadata.yaml mkdir -p %{app_staging}/plugins cp /plugins/%{app_name}/*.whl %{app_staging}/plugins -# package fluxcd -rm -f %{app_staging}/certmanager-manifest.yaml -rm -f %{app_staging}/charts/*.tgz -cp %{_builddir}/fluxcd/helm-charts/deploy/charts/*.tgz %{app_staging}/charts -cp %{_builddir}/helm-charts-certmanager-%{version}/helm-charts/psp*.tgz %{app_staging}/charts - -cd %{_builddir}/helm-charts-certmanager-%{version} -cp -Rv fluxcd-manifests %{app_staging}/ - +# Generate checksum file and package the tarball cd - - find . -type f ! -name '*.md5' -print0 | xargs -0 md5sum > checksum.md5 -tar -zcf %{_builddir}/%{app_tarball_fluxcd} -C %{app_staging}/ . +tar -zcf %{_builddir}/%{app_tarball} -C %{app_staging}/ . # Cleanup staging rm -fr %{app_staging} %install install -d -m 755 %{buildroot}/%{app_folder} -install -p -D -m 755 %{_builddir}/%{app_tarball_fluxcd} %{buildroot}/%{app_folder} +install -p -D -m 755 %{_builddir}/%{app_tarball} %{buildroot}/%{app_folder} %files %defattr(-,root,root,-) -%{app_folder}/%{app_tarball_fluxcd} +%{app_folder}/%{app_tarball} diff --git a/stx-cert-manager-helm/debian/deb_folder/control b/stx-cert-manager-helm/debian/deb_folder/control index c8486a1..09572a1 100644 --- a/stx-cert-manager-helm/debian/deb_folder/control +++ b/stx-cert-manager-helm/debian/deb_folder/control @@ -16,6 +16,6 @@ Package: stx-cert-manager-helm Section: libs Architecture: any Depends: ${misc:Depends} -Description: StarlingX Cert-Manager Armada/FluxCD Helm Charts - This package contains Armada/FluxCD helm charts for the certificate manager +Description: StarlingX Cert-Manager FluxCD Helm Charts + This package contains FluxCD helm charts for the certificate manager application. diff --git a/stx-cert-manager-helm/debian/deb_folder/rules b/stx-cert-manager-helm/debian/deb_folder/rules index cf5fdea..aa6afc0 100755 --- a/stx-cert-manager-helm/debian/deb_folder/rules +++ b/stx-cert-manager-helm/debian/deb_folder/rules @@ -10,12 +10,11 @@ export MINOR_PATCH = $(shell echo $(DEB_VERSION) | cut -f 2 -d '.') export APP_NAME = cert-manager export APP_VERSION = $(MAJOR).$(MINOR_PATCH) -export APP_TARBALL_ARMADA = $(APP_NAME)-armada-$(APP_VERSION).tgz -export APP_TARBALL_FLUXCD = $(APP_NAME)-$(APP_VERSION).tgz +export APP_TARBALL = $(APP_NAME)-$(APP_VERSION).tgz export HELM_REPO = stx-platform export STAGING = staging -export FLUXCD_CM_VERSION = 1.7.1 +export CM_VERSION = 1.7.1 export PATCH_1 = 0001-Patch-for-acmesolver-and-chartyaml-cm-v1.7.1.patch %: @@ -27,39 +26,16 @@ override_dh_auto_build: sleep 2 helm repo add local http://localhost:8879/charts - # Create the TGZ file. + # Make psp-rolebinding chart. Create the TGZ file. cd helm-charts && $(MAKE) psp-rolebinding - # Terminate the helm chart server. - pkill chartmuseum - # Setup the staging directory. - mkdir -p $(STAGING) - cp files/metadata.yaml $(STAGING) - cp manifests/*.yaml $(STAGING) - mkdir -p $(STAGING)/charts - cp helm-charts/*.tgz $(STAGING)/charts - cp /usr/lib/helm/cert*.tgz $(STAGING)/charts - - # Populate metadata. - sed -i 's/@APP_NAME@/$(APP_NAME)/g' $(STAGING)/metadata.yaml - sed -i 's/@APP_VERSION@/$(APP_VERSION)/g' $(STAGING)/metadata.yaml - sed -i 's/@HELM_REPO@/$(HELM_REPO)/g' $(STAGING)/metadata.yaml - - # Copy the plugins: installed in the buildroot - mkdir -p $(STAGING)/plugins - cp /plugins/$(APP_NAME)/*.whl $(STAGING)/plugins - - # Create the app package for armada. - cd $(STAGING) && find . -type f ! -name '*.md5' -print0 | xargs -0 md5sum > checksum.md5 - tar cfz $(APP_TARBALL_ARMADA) -C $(STAGING)/ . - - # Prepare fluxcd resources fluxcd app. + # Extract the cert-manager chart rm -rf fluxcd mkdir -p fluxcd # Extract the upstream source - tar -C fluxcd -xf helm-charts-certmanager-$(FLUXCD_CM_VERSION).tar.gz + tar -C fluxcd -xf helm-charts-certmanager-$(CM_VERSION).tar.gz - # Apply patch to acmesolver deployment object and Chart.yaml + # Apply patches with our modifications cp files/$(PATCH_1) fluxcd/helm-charts cd fluxcd/helm-charts ; \ patch -p1 < $(PATCH_1) ; \ @@ -72,20 +48,31 @@ override_dh_auto_build: # Make the updated cert-manager helm-chart cp files/Makefile fluxcd/helm-charts/deploy/charts cd fluxcd/helm-charts/deploy/charts && $(MAKE) cert-manager - cd fluxcd/helm-charts/deploy/charts && mv *.tgz $(APP_TARBALL_FLUXCD) + cd fluxcd/helm-charts/deploy/charts && mv *.tgz $(APP_TARBALL) - # Remove armada leftovers in staging - rm -f $(STAGING)/certmanager-manifest.yaml - rm -f $(STAGING)/charts/*cert*.tgz + # Terminate the helm chart server. + pkill chartmuseum - # Copy resources to staging - cp fluxcd/helm-charts/deploy/charts/*.tgz $(STAGING)/charts + # Setup the staging directory. + mkdir -p $(STAGING) + cp files/metadata.yaml $(STAGING) + mkdir -p $(STAGING)/charts + cp helm-charts/psp*.tgz $(STAGING)/charts + cp fluxcd/helm-charts/deploy/charts/cert*.tgz $(STAGING)/charts cp -R fluxcd-manifests/ $(STAGING)/ - # calculate checksum of all files in staging for the fluxcd app + # Populate metadata. + sed -i 's/@APP_NAME@/$(APP_NAME)/g' $(STAGING)/metadata.yaml + sed -i 's/@APP_VERSION@/$(APP_VERSION)/g' $(STAGING)/metadata.yaml + sed -i 's/@HELM_REPO@/$(HELM_REPO)/g' $(STAGING)/metadata.yaml + + # Copy the plugins: installed in the buildroot + mkdir -p $(STAGING)/plugins + cp /plugins/$(APP_NAME)/*.whl $(STAGING)/plugins + + # Generate checksum file and package the tarball cd $(STAGING) && find . -type f ! -name '*.md5' -print0 | xargs -0 md5sum > checksum.md5 - # package fluxcd app - tar -zcf $(APP_TARBALL_FLUXCD) -C $(STAGING)/ . + tar -zcf $(APP_TARBALL) -C $(STAGING)/ . # Cleanup staging rm -rf $(STAGING) @@ -93,8 +80,7 @@ override_dh_auto_build: override_dh_auto_install: # Install the app tar file. install -d -m 755 $(APP_FOLDER) - install -p -D -m 755 $(APP_TARBALL_ARMADA) $(APP_FOLDER) - install -p -D -m 755 $(APP_TARBALL_FLUXCD) $(APP_FOLDER) + install -p -D -m 755 $(APP_TARBALL) $(APP_FOLDER) override_dh_auto_test: diff --git a/stx-cert-manager-helm/debian/meta_data.yaml b/stx-cert-manager-helm/debian/meta_data.yaml index 7050de4..68ac793 100644 --- a/stx-cert-manager-helm/debian/meta_data.yaml +++ b/stx-cert-manager-helm/debian/meta_data.yaml @@ -6,7 +6,6 @@ src_files: - ${MY_REPO}/stx/helm-charts/psp-rolebinding/psp-rolebinding/helm-charts - stx-cert-manager-helm/files - stx-cert-manager-helm/helm-charts - - stx-cert-manager-helm/manifests - stx-cert-manager-helm/fluxcd-manifests dl_files: helm-charts-certmanager-1.7.1.tar.gz: diff --git a/stx-cert-manager-helm/stx-cert-manager-helm/files/repositories.yaml b/stx-cert-manager-helm/stx-cert-manager-helm/files/repositories.yaml deleted file mode 100644 index e613b63..0000000 --- a/stx-cert-manager-helm/stx-cert-manager-helm/files/repositories.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -generated: 2019-01-02T15:19:36.215111369-06:00 -repositories: -- caFile: "" - cache: /builddir/.helm/repository/cache/local-index.yaml - certFile: "" - keyFile: "" - name: local - password: "" - url: http://127.0.0.1:8879/charts - username: "" - diff --git a/stx-cert-manager-helm/stx-cert-manager-helm/manifests/certmanager-manifest.yaml b/stx-cert-manager-helm/stx-cert-manager-helm/manifests/certmanager-manifest.yaml deleted file mode 100644 index 59a32bb..0000000 --- a/stx-cert-manager-helm/stx-cert-manager-helm/manifests/certmanager-manifest.yaml +++ /dev/null @@ -1,166 +0,0 @@ ---- -schema: armada/Chart/v1 -metadata: - schema: metadata/Document/v1 - name: cert-manager-psp-rolebinding -data: - chart_name: psp-rolebinding - release: cert-manager-psp-rolebinding - namespace: cert-manager - values: - rolebindingNamespace: cert-manager - serviceAccount: cert-manager - source: - location: http://172.17.0.1:8080/helm_charts/stx-platform/psp-rolebinding-0.1.0.tgz - subpath: psp-rolebinding - type: tar - reference: master - upgrade: - no_hooks: false - pre: - delete: - - labels: - release_group: cert-manager-psp-rolebinding - type: job - wait: - labels: - release_group: cert-manager-psp-rolebinding - resources: [] - timeout: 1800 - dependencies: [] ---- -schema: armada/Chart/v1 -metadata: - schema: metadata/Document/v1 - name: cert-manager -data: - chart_name: cert-manager - release: cert-manager - namespace: cert-manager - wait: - timeout: 1800 - labels: - app: cert-manager - install: - no_hooks: false - upgrade: - no_hooks: false - pre: - delete: - - type: job - labels: - app: cert-manager - values: - global: - imagePullSecrets: [{"name": "default-registry-key"}] - installCRDs: true - replicaCount: 1 - image: - repository: quay.io/jetstack/cert-manager-controller - tag: v0.15.0 - nodeSelector: - node-role.kubernetes.io/master: "" - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - cert-manager - topologyKey: kubernetes.io/hostname - tolerations: - - key: "node-role.kubernetes.io/master" - operator: "Exists" - effect: "NoSchedule" - strategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - extraArgs: - - --enable-certificate-owner-ref=true - webhook: - replicaCount: 1 - serviceName: "cm-cert-manager-webhook" - image: - repository: quay.io/jetstack/cert-manager-webhook - tag: v0.15.0 - nodeSelector: - node-role.kubernetes.io/master: "" - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - webhook - topologyKey: kubernetes.io/hostname - tolerations: - - key: "node-role.kubernetes.io/master" - operator: "Exists" - effect: "NoSchedule" - strategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - cainjector: - replicaCount: 1 - image: - repository: quay.io/jetstack/cert-manager-cainjector - tag: v0.15.0 - nodeSelector: - node-role.kubernetes.io/master: "" - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - cainjector - topologyKey: kubernetes.io/hostname - tolerations: - - key: "node-role.kubernetes.io/master" - operator: "Exists" - effect: "NoSchedule" - strategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - acmesolver: - image: - repository: quay.io/jetstack/cert-manager-acmesolver - tag: v0.15.0 - source: - type: tar - location: http://172.17.0.1/helm_charts/stx-platform/cert-manager-v0.1.0.tgz - subpath: cert-manager - reference: master - dependencies: [] ---- -schema: armada/ChartGroup/v1 -metadata: - schema: metadata/Document/v1 - name: cert-manager -data: - description: "StarlingX Cert-Manager" - sequenced: true - chart_group: - - cert-manager - - cert-manager-psp-rolebinding ---- -schema: armada/Manifest/v1 -metadata: - schema: metadata/Document/v1 - name: cert-manager-manifest -data: - release_prefix: cm - chart_groups: - - cert-manager