Add FluxCD version of the Portieris app

Add new manifest files to the Portieris app to enable FluxCD support. The new spec will now generate 2 rpms: - the original one that contains the armada manifest yaml - a new one that contains the new FluxCD yaml TEST PLAN: - build, ISO image includes in progress fluxcd commits - verify the armada app version of Portieris - verify the fluxcd app version of Portieris - test case for both includes asserting that Portieris is effective at enforcing an example policy The following are soft dependancies (dependancies for fluxcd), the commit has no depends unless fluxcd is enabled: - application framework for fluxcd - https://review.opendev.org/c/starlingx/ansible-playbooks/+/828592 Story: 2009138 Task: 44619 Change-Id: Ie88de7506d411b63349012b4c2e1b48be9dfc2a9 Signed-off-by: Michel Thebeau <Michel.Thebeau@windriver.com>
2022-02-25 12:59:38 -05:00 · 2022-02-25 12:59:38 -05:00 · add76dfffb
commit add76dfffb
parent 653fb1e519
18 changed files with 318 additions and 13 deletions
--- a/centos_iso_image.inc
+++ b/centos_iso_image.inc
@ -1 +1,2 @@
 stx-portieris-helm
+stx-portieris-helm-fluxcd
--- a/stx-portieris-helm/centos/stx-portieris-helm.spec
+++ b/stx-portieris-helm/centos/stx-portieris-helm.spec
@ -19,6 +19,10 @@ URL: unknown

 Source0: %{name}-%{version}.tar.gz

+# psp-rolebinding source from stx/helm-charts/psp-rolebinding
+# plugins source from stx/portieris-armada-app/python-k8sapp-portieris
+# portieris-certs sources is in SRC_DIR already
+
 BuildArch: noarch

 BuildRequires: helm
@ -30,6 +34,14 @@ BuildRequires: python-k8sapp-portieris-wheels
 %description
 StarlingX Portieris Armada Helm Charts

+%package fluxcd
+Summary: StarlingX Portieris Application FluxCD Helm Charts
+Group: base
+License: Apache-2.0
+
+%description fluxcd
+StarlingX Portieris Application FluxCD Helm Charts
+
 %prep
 %setup

@ -43,7 +55,12 @@ helm repo add local http://localhost:8879/charts
 cd helm-charts
 helm lint portieris-certs
 helm package portieris-certs
+
+# psp-rolebinding source is copied by the function of build_srpm.data
+# COPY_LIST_TO_TAR
 make psp-rolebinding
+
+# switch back to source root
 cd -

 # terminate helm server (the last backgrounded task)
@ -51,37 +68,64 @@ kill %1

 # Create a chart tarball compliant with sysinv kube-app.py
 %define app_staging %{_builddir}/staging
-%define app_tarball %{app_name}-%{version}-%{tis_patch_ver}.tgz
+%define app_tarball_armada %{app_name}-%{version}-%{tis_patch_ver}.tgz
+%define app_tarball_fluxcd %{app_name}-fluxcd-%{version}-%{tis_patch_ver}.tgz

 # Setup staging
 mkdir -p %{app_staging}
 cp files/metadata.yaml %{app_staging}
-cp manifests/*.yaml %{app_staging}
+cp manifests/manifest.yaml %{app_staging}
 mkdir -p %{app_staging}/charts
-cp helm-charts/*.tgz %{app_staging}/charts
-cp %{helm_folder}/portieris*.tgz %{app_staging}/charts
-cd %{app_staging}

-# Populate metadata
-sed -i 's/@APP_NAME@/%{app_name}/g' %{app_staging}/metadata.yaml
-sed -i 's/@APP_VERSION@/%{version}-%{tis_patch_ver}/g' %{app_staging}/metadata.yaml
-sed -i 's/@HELM_REPO@/%{helm_repo}/g' %{app_staging}/metadata.yaml
+# copy portieris-certs, psp-rolebinding charts
+cp helm-charts/*.tgz %{app_staging}/charts
+
+# copy portieris-helm chart
+cp %{helm_folder}/portieris*.tgz %{app_staging}/charts

 # Copy the plugins: installed in the buildroot
 mkdir -p %{app_staging}/plugins
 cp /plugins/%{app_name}/*.whl %{app_staging}/plugins

-# package it up
+# Populate metadata
+cd %{app_staging}
+sed -i 's/@APP_NAME@/%{app_name}/g' %{app_staging}/metadata.yaml
+sed -i 's/@APP_VERSION@/%{version}-%{tis_patch_ver}/g' %{app_staging}/metadata.yaml
+sed -i 's/@HELM_REPO@/%{helm_repo}/g' %{app_staging}/metadata.yaml
+
+# calculate checksum of all files in app_staging
 find . -type f ! -name '*.md5' -print0 | xargs -0 md5sum > checksum.md5
-tar -zcf %{_builddir}/%{app_tarball} -C %{app_staging}/ .
+tar -zcf %{_builddir}/%{app_tarball_armada} -C %{app_staging}/ .
+
+# switch back to source root
+cd -
+
+# Prepare app_staging for fluxcd package
+rm -f %{app_staging}/manifest.yaml
+
+cp -R fluxcd-manifests %{app_staging}/
+
+# calculate checksum of all files in app_staging
+cd %{app_staging}
+find . -type f ! -name '*.md5' -print0 | xargs -0 md5sum > checksum.md5
+# package fluxcd app
+tar -zcf %{_builddir}/%{app_tarball_fluxcd} -C %{app_staging}/ .
+
+# switch back to source root
+cd -

 # Cleanup staging
 rm -fr %{app_staging}

 %install
 install -d -m 755 %{buildroot}/%{app_folder}
-install -p -D -m 755 %{_builddir}/%{app_tarball} %{buildroot}/%{app_folder}
+install -p -D -m 755 %{_builddir}/%{app_tarball_armada} %{buildroot}/%{app_folder}
+install -p -D -m 755 %{_builddir}/%{app_tarball_fluxcd} %{buildroot}/%{app_folder}

 %files
 %defattr(-,root,root,-)
-%{app_folder}/*
+%{app_folder}/%{app_tarball_armada}
+
+%files fluxcd
+%defattr(-,root,root,-)
+%{app_folder}/%{app_tarball_fluxcd}
--- a/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/base/helmrepository.yaml
+++ b/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/base/helmrepository.yaml
@ -0,0 +1,13 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: HelmRepository
+metadata:
+  name: stx-platform
+spec:
+  url: http://192.168.206.1:8080/helm_charts/stx-platform
+  interval: 60m
--- a/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/base/kustomization.yaml
+++ b/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/base/kustomization.yaml
@ -0,0 +1,8 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+resources:
+  - helmrepository.yaml
--- a/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/base/namespace.yaml
+++ b/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/base/namespace.yaml
@ -0,0 +1,10 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: portieris
--- a/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/kustomization.yaml
+++ b/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/kustomization.yaml
@ -0,0 +1,14 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: portieris
+resources:
+  - base
+  - portieris-certs
+  - portieris
+  - portieris-psp-rolebinding
--- a/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris-certs/helmrelease.yaml
+++ b/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris-certs/helmrelease.yaml
@ -0,0 +1,36 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
+kind: HelmRelease
+metadata:
+  name: portieris-certs
+  labels:
+    chart_group: portieris-charts
+spec:
+  releaseName: portieris-portieris-certs
+  chart:
+    spec:
+      chart: portieris-certs
+      version: 0.1.0
+      sourceRef:
+        kind: HelmRepository
+        name: stx-platform
+  interval: 5m
+  timeout: 30m
+  test:
+    enable: false
+  install:
+    disableHooks: false
+  upgrade:
+    disableHooks: false
+  valuesFrom:
+    - kind: Secret
+      name: portieris-certs-static-overrides
+      valuesKey: portieris-certs-static-overrides.yaml
+    - kind: Secret
+      name: portieris-certs-system-overrides
+      valuesKey: portieris-certs-system-overrides.yaml
--- a/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris-certs/kustomization.yaml
+++ b/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris-certs/kustomization.yaml
@ -0,0 +1,18 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+namespace: portieris
+resources:
+  - helmrelease.yaml
+secretGenerator:
+  - name: portieris-certs-static-overrides
+    files:
+      - portieris-certs-static-overrides.yaml
+  - name: portieris-certs-system-overrides
+    files:
+      - portieris-certs-system-overrides.yaml
+generatorOptions:
+  disableNameSuffixHash: true
--- a/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris-certs/portieris-certs-static-overrides.yaml
+++ b/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris-certs/portieris-certs-static-overrides.yaml
@ -0,0 +1,7 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+caCert: ""
--- a/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris-certs/portieris-certs-system-overrides.yaml
+++ b/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris-certs/portieris-certs-system-overrides.yaml
@ -0,0 +1,6 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
--- a/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris-psp-rolebinding/helmrelease.yaml
+++ b/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris-psp-rolebinding/helmrelease.yaml
@ -0,0 +1,36 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
+kind: HelmRelease
+metadata:
+  name: portieris-psp-rolebinding
+  labels:
+    chart_group: portieris-charts
+spec:
+  releaseName: portieris-portieris-psp-rolebinding
+  chart:
+    spec:
+      chart: psp-rolebinding
+      version: 0.1.0
+      sourceRef:
+        kind: HelmRepository
+        name: stx-platform
+  interval: 5m
+  timeout: 30m
+  test:
+    enable: false
+  install:
+    disableHooks: false
+  upgrade:
+    disableHooks: false
+  valuesFrom:
+    - kind: Secret
+      name: portieris-psp-rolebinding-static-overrides
+      valuesKey: portieris-psp-rolebinding-static-overrides.yaml
+    - kind: Secret
+      name: portieris-psp-rolebinding-system-overrides
+      valuesKey: portieris-psp-rolebinding-system-overrides.yaml
--- a/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris-psp-rolebinding/kustomization.yaml
+++ b/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris-psp-rolebinding/kustomization.yaml
@ -0,0 +1,18 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+namespace: portieris
+resources:
+  - helmrelease.yaml
+secretGenerator:
+  - name: portieris-psp-rolebinding-static-overrides
+    files:
+      - portieris-psp-rolebinding-static-overrides.yaml
+  - name: portieris-psp-rolebinding-system-overrides
+    files:
+      - portieris-psp-rolebinding-system-overrides.yaml
+generatorOptions:
+  disableNameSuffixHash: true
--- a/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris-psp-rolebinding/portieris-psp-rolebinding-static-overrides.yaml
+++ b/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris-psp-rolebinding/portieris-psp-rolebinding-static-overrides.yaml
@ -0,0 +1,8 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+rolebindingNamespace: portieris
+serviceAccount: portieris
--- a/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris-psp-rolebinding/portieris-psp-rolebinding-system-overrides.yaml
+++ b/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris-psp-rolebinding/portieris-psp-rolebinding-system-overrides.yaml
@ -0,0 +1,6 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
--- a/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris/helmrelease.yaml
+++ b/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris/helmrelease.yaml
@ -0,0 +1,36 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
+kind: HelmRelease
+metadata:
+  name: portieris
+  labels:
+    chart_group: portieris-charts
+spec:
+  releaseName: portieris-portieris
+  chart:
+    spec:
+      chart: portieris
+      version: 0.7.0
+      sourceRef:
+        kind: HelmRepository
+        name: stx-platform
+  interval: 5m
+  timeout: 30m
+  test:
+    enable: false
+  install:
+    disableHooks: false
+  upgrade:
+    disableHooks: false
+  valuesFrom:
+    - kind: Secret
+      name: portieris-static-overrides
+      valuesKey: portieris-static-overrides.yaml
+    - kind: Secret
+      name: portieris-system-overrides
+      valuesKey: portieris-system-overrides.yaml
--- a/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris/kustomization.yaml
+++ b/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris/kustomization.yaml
@ -0,0 +1,18 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+namespace: portieris
+resources:
+  - helmrelease.yaml
+secretGenerator:
+  - name: portieris-static-overrides
+    files:
+      - portieris-static-overrides.yaml
+  - name: portieris-system-overrides
+    files:
+      - portieris-system-overrides.yaml
+generatorOptions:
+  disableNameSuffixHash: true
--- a/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris/portieris-static-overrides.yaml
+++ b/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris/portieris-static-overrides.yaml
@ -0,0 +1,20 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+replicaCount: 3
+namespace: portieris
+images:
+  tags:
+    portieris: docker.io/starlingx/portieris:stx.5.0-v0.7.0
+image:
+  host: registry.local:9001/docker.io/starlingx
+  image: portieris
+  tags: stx.5.0-v0.7.0
+  tag: stx.5.0-v0.7.0
+IBMContainerService: false
+SkipSecretCreation: true
+UseCertManager: true
+
--- a/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris/portieris-system-overrides.yaml
+++ b/stx-portieris-helm/stx-portieris-helm/fluxcd-manifests/portieris/portieris-system-overrides.yaml
@ -0,0 +1,6 @@
+#
+# Copyright (c) 2022 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+