airship/charts
Code Issues Proposed changes
charts/tools/deployment/vagrant/Vagrantfile
Dustin Specker ff0eaeb1c8 feat: enable development pipeline to pass behind proxy with TLS 
This is a squashed commit, keeping messages intact for history.

- feat(charts/development-pipeline): work behind corporate proxy

dockerd sidecar works behind proxy with cert. Proxy is only needed on
the sidecar to pull public images. The cert is mounted via a host path
so that the proxy may be trusted.

- fix(standard-container/roles): remove installing Helm push plugin

The standard-container Dockerfile already installs the Helm push plugin,
so no reason to try to install it in multiple ansible roles.

I suspect this was originally done because someone tried to use `helm
push` in the ansible role, but Helm couldn't find even though it was
installed in the image. But tekton defines a the HOME env var if you
describe the pod in a cluster. So if we just define HELM_DATA_HOME to
the location where the push plugin is installed we can remove having to
install it in the ansible roles.

- feat(standard-container/roles): use image.image_from for docker build

Change-Id: Ibc3c5f400978cb98d2d2a37b737b56125f4c2aa7
2021-03-10 15:09:11 +00:00

60 lines
2.3 KiB
Ruby
Raw Blame History

# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
config.vm.box = "generic/ubuntu2004"
if Vagrant.has_plugin?("vagrant-proxyconf")
config.proxy.http = ENV["HTTP_PROXY"]
config.proxy.https = ENV["HTTPS_PROXY"]
if ENV["NO_PROXY"].nil?
config.proxy.no_proxy = "localhost,127.0.0.1,10.96.0.0/12,192.168.49.0/24,192.168.99.0/24,10.0.2.15,10.244.0.0/16,172.28.0.0/30,.minikube.internal,.svc,.svc.cluster.local,jarvis.local"
else
config.proxy.no_proxy = ENV["NO_PROXY"]
end
end
config.vm.synced_folder "../../../", "/airship_charts"
if ENV["INTERNAL_CERTS_DIR"]
# for guest OS to trust proxy itself
config.vm.synced_folder ENV["INTERNAL_CERTS_DIR"], "/usr/local/share/ca-certificates/internal-certs/"
# for containerd/docker to trust proxy when pulling images within kubernetes cluster
config.vm.synced_folder ENV["INTERNAL_CERTS_DIR"], "/etc/containerd/cert.d/"
# for use by ubuntu-base , trivy, jarvis-system chart, and development-pipeline to trust proxy
# most will mount this path directly, but others copy files from it
# standard-container and 5G projects will use the ubuntu-base image as their base to get these certs
config.vm.synced_folder ENV["INTERNAL_CERTS_DIR"], "/airship_charts/tools/gate/jarvis/ubuntu-base/internal-certs/"
end
config.vm.network "private_network", ip: "192.168.56.10"
config.vm.provider "libvirt" do |libvirt|
libvirt.cpus = 4
libvirt.memory = 8192
end
config.vm.provider "virtualbox" do |vb|
vb.gui = false
vb.cpus = 4
vb.memory = 8192
end
config.vm.provision "shell", privileged: false, env: {"PRIVATE_NS" => ENV["PRIVATE_NS"]}, inline: <<-SHELL
set -ex
cd /airship_charts/
./tools/gate/jarvis/010-pre-setup.sh
./tools/gate/jarvis/050-setup-development-ca.sh
./tools/gate/jarvis/100-deploy-k8s.sh
./tools/gate/jarvis/150-deploy-kyverno.sh
./tools/gate/jarvis/200-deploy-support.sh
./tools/gate/jarvis/300-deploy-loki.sh
./tools/gate/jarvis/400-deploy-harbor.sh
./tools/gate/jarvis/500-deploy-gerrit.sh
./tools/gate/jarvis/600-deploy-tekton.sh
./tools/gate/jarvis/650-temporary-setup.sh
./tools/gate/jarvis/700-deploy-jarvis-system.sh
./tools/gate/jarvis/800-deploy-jarvis-projects.sh
SHELL
end
View Git Blame Copy Permalink