-
Notifications
You must be signed in to change notification settings - Fork 18
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added the Helm chart for the Secrets Manager operator (#123)
* Added the Helm chart for the Secrets Manager operator * Some formatting changes requested by GitHub * Adding end-of-file carriage return suggested by GitHub * Removing the schema definition from the schema itself to match what we have in the other chart * Fixing an issue with the identity URL override * README and CRD description updates. * Updating to use GHCR * Adding optional image pull secrets * Adding missing properties to the values schema * Adding sm-operator to the build. Differentiating the versioning workflows for multiple charts. * Fixing sed statement for appVersion lookup * Adding the operator README to the root readme. Updating the .helmignore to include any test files and the README * Adding Dev Container for testing purposes. * Locking down affinity to only the architectures we currently support. These are the only ones we have static binaries for. * First attempt to allow tests with the Helm chart * Adding conditional in self-install test * Adding SM-operator tests * Testing the auth token secret creation * Adding workflow to production environment * Testing secret creation * Moving the test file to the workflows directory * Checking logs and adding sleep * Adding tail so I can see the logs * Trying without the quotes on the auth secret for now * Testing auth token length * Fixing auth token env variable setting * Adding some further tests * Adding a small wait * Fixing inverted logic * Improving logging layout * Adding newlines requested by GitHub * Apply suggestions from code review Co-authored-by: Vince Grassia <[email protected]> * Adding exectue permissions to postCreateCommand.sh * Including a small testing message around Docker Desktop/DevContainers * Fixing capitalization in values.yaml * Manually bumping the version to 0.1.0 * Removing the image pull secret from the test files. * Fixing linter error for trailing spaces * Fixing the tag on the test values file --------- Co-authored-by: Vince Grassia <[email protected]>
- Loading branch information
Showing
29 changed files
with
1,377 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
// For format details, see https://aka.ms/devcontainer.json. For config options, see the | ||
// README at: https://github.com/devcontainers/templates/tree/main/src/kubernetes-helm | ||
{ | ||
"name": "Bitwarden - Helm Charts Dev", | ||
// Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile | ||
"image": "mcr.microsoft.com/devcontainers/base:bookworm", | ||
"runArgs": ["--network=host"], // needed for kind | ||
"postCreateCommand": "sudo .devcontainer/common/postCreateCommand.sh", | ||
"customizations": { | ||
"vscode": { | ||
"extensions": [ | ||
"technosophos.vscode-helm", | ||
"Tim-Koehler.helm-intellisense", | ||
"ms-kubernetes-tools.vscode-kubernetes-tools", | ||
"ms-azuretools.vscode-docker" | ||
], | ||
"settings": {} | ||
} | ||
}, | ||
"features": { | ||
"ghcr.io/devcontainers/features/docker-outside-of-docker:1": { | ||
"runArgs": [ | ||
"--privileged" | ||
] | ||
}, | ||
"ghcr.io/meaningful-ooo/devcontainer-features/fish:1": { | ||
"fisher": true | ||
}, | ||
"ghcr.io/devcontainers-contrib/features/kind:1": {} | ||
}, | ||
// "initializeCommand": "cd .devcontainer && bash ensure-mount-sources", | ||
"mounts": [ | ||
"source=/var/run/docker.sock,target=/var/run/docker.sock,type=bind" | ||
], | ||
// Use 'forwardPorts' to make a list of ports inside the container available locally. | ||
// "forwardPorts": [], | ||
// Use 'postCreateCommand' to run commands after the container is created. | ||
// "postCreateCommand": "kubectl version", | ||
// Configure tool-specific properties. | ||
// "customizations": {}, | ||
// Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root. | ||
"remoteUser": "root" // needed for kind: https://github.com/kubernetes-sigs/kind/issues/3196#issuecomment-1537260166 | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
kind: Cluster | ||
apiVersion: kind.x-k8s.io/v1alpha4 | ||
nodes: | ||
- role: control-plane | ||
kubeadmConfigPatches: | ||
- | | ||
kind: InitConfiguration | ||
nodeRegistration: | ||
kubeletExtraArgs: | ||
node-labels: "ingress-ready=true" | ||
extraPortMappings: | ||
- containerPort: 80 | ||
hostPort: 80 | ||
protocol: TCP | ||
- containerPort: 443 | ||
hostPort: 443 | ||
protocol: TCP |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
#!/usr/bin/env bash | ||
apt-get update | ||
apt-get install -y kubernetes-client # kubectl | ||
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash | ||
kind delete cluster --name helm-charts && kind create cluster --name helm-charts --config .devcontainer/common/kind-config.yaml | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
* text=auto eol=lf | ||
*.{cmd,[cC][mM][dD]} text eol=crlf | ||
*.{bat,[bB][aA][tT]} text eol=crlf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
apiVersion: k8s.bitwarden.com/v1 | ||
kind: BitwardenSecret | ||
metadata: | ||
labels: | ||
app.kubernetes.io/name: bitwardensecret | ||
app.kubernetes.io/instance: bitwardensecret-sample | ||
app.kubernetes.io/part-of: sm-operator | ||
name: bitwardensecret-sample | ||
spec: | ||
organizationId: "5a30c3dd-d7b9-4d32-8764-b06800c9e6ff" | ||
secretName: bw-sample-secret | ||
authToken: | ||
secretName: bw-auth-token | ||
secretKey: token |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,112 @@ | ||
--- | ||
name: Update Versions - SM Operator | ||
|
||
on: | ||
workflow_dispatch: | ||
|
||
env: | ||
_BRANCH: main | ||
|
||
jobs: | ||
setup: | ||
name: Setup | ||
runs-on: ubuntu-22.04 | ||
outputs: | ||
operator_version: ${{ steps.operator-update.outputs.version }} | ||
operator_version_update: ${{ steps.operator-update.outputs.update }} | ||
steps: | ||
- name: Checkout Branch | ||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | ||
with: | ||
ref: ${{ env._BRANCH }} | ||
|
||
- name: Get Latest Operator Version | ||
id: get-operator-version | ||
run: | | ||
image="sm-operator" | ||
json=$(curl -s "https://registry.hub.docker.com/v2/repositories/bitwarden/$image/tags/") | ||
digest=$(echo $json |jq '."results"[] | select(.name=="latest")["digest"]') | ||
latestTag=$(echo $json | jq --argjson DIGEST $digest '."results"[] | select(.digest==$DIGEST) | select(.name != "latest")["name"]' | head -n 1) | ||
echo "Operator Image ($latestTag)..." | ||
echo "version=$latestTag" >> $GITHUB_OUTPUT | ||
- name: Check if operator needs updating | ||
id: operator-update | ||
env: | ||
LATEST_OPERATOR_VERSION: ${{ steps.get-operator-version.outputs.version }} | ||
run: | | ||
OPERATOR_VERSION=$(sed -nE 's/^appVersion:\s+([^\s]+)/\1/p' Chart.yaml) | ||
echo "Operator Version: $OPERATOR_VERSION" | ||
echo "Latest Operator Version: $LATEST_OPERATOR_VERSION" | ||
if [ "$OPERATOR_VERSION" != "$LATEST_OPERATOR_VERSION" ]; then | ||
echo "Needs Operator update!" | ||
echo "update=1" >> $GITHUB_OUTPUT | ||
else | ||
echo "update=0" >> $GITHUB_OUTPUT | ||
fi | ||
working-directory: charts/sm-operator | ||
|
||
update-versions: | ||
name: "Update Versions" | ||
if: needs.setup.outputs.operator_version_update == 1 | ||
runs-on: ubuntu-22.04 | ||
needs: setup | ||
permissions: | ||
contents: write | ||
pull-requests: write | ||
steps: | ||
- name: Checkout Branch | ||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | ||
with: | ||
ref: ${{ env._BRANCH }} | ||
|
||
- name: Create Update Versions Branch | ||
run: | | ||
PR_BRANCH=update-versions-$GITHUB_RUN_ID | ||
echo "PR_BRANCH=$PR_BRANCH" >> $GITHUB_ENV | ||
git switch -c $PR_BRANCH | ||
git push -u origin $PR_BRANCH | ||
- name: Checkout Update Versions Branch | ||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | ||
with: | ||
ref: ${{ env.PR_BRANCH }} | ||
|
||
- name: Update Chart appVersion | ||
env: | ||
VERSION: ${{ needs.setup.outputs.operator_version }} | ||
run: "sed -i -e 's/appVersion:.*/appVersion: '$VERSION'/' Chart.yaml" | ||
working-directory: charts/sm-operator | ||
|
||
- name: Commit updated files | ||
run: | | ||
git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com" | ||
git config --local user.name "github-actions[bot]" | ||
git commit -m "Updated operator version" -a | ||
- name: Push changes | ||
run: git push -u origin $PR_BRANCH | ||
|
||
- name: Create Update Versions PR | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
BASE_BRANCH: ${{ github.ref_name }} | ||
TITLE: "Update operator version" | ||
run: | | ||
gh pr create --title "$TITLE" \ | ||
--base "$BASE_BRANCH" \ | ||
--head "$PR_BRANCH" \ | ||
--label "automated pr" \ | ||
--body " | ||
## Type of change | ||
- [ ] Bug fix | ||
- [ ] New feature development | ||
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc) | ||
- [ ] Build/deploy pipeline (DevOps) | ||
- [X] Other | ||
## Objective | ||
Automated version update to appVersion in charts/sm-operator/Chart.yaml" |
2 changes: 1 addition & 1 deletion
2
.github/workflows/version-bump.yml → .github/workflows/version-bump-self-host.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,5 @@ | ||
--- | ||
name: Version Bump | ||
name: Version Bump - Self Host | ||
|
||
on: | ||
workflow_dispatch: | ||
|
Oops, something went wrong.