Integrate Carvel package for cluster essentials consisting of Contour…

… and Kyverno.
educates · Jun 7, 2022 · 4fa7a22 · 4fa7a22
1 parent 13530b6
commit 4fa7a22
Show file tree

Hide file tree

Showing 27 changed files with 14,247 additions and 37 deletions.
diff --git a/.github/workflows/build-and-publish-images.yaml b/.github/workflows/build-and-publish-images.yaml
@@ -36,7 +36,7 @@ jobs:
         uses: docker/metadata-action@v3
         with:
           images: |
-            ghcr.io/${{github.repository_owner}}/educates-${{ matrix.image }}
+            ghcr.io/${{github.repository_owner}}/educates-${{matrix.image}}
           tags: |
             type=ref,event=branch
             type=semver,pattern={{version}}
@@ -46,15 +46,15 @@ jobs:
       - name: Login to GitHub container registry
         uses: docker/login-action@v1
         with:
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+          username: ${{github.actor}}
+          password: ${{secrets.GITHUB_TOKEN}}
           registry: ghcr.io
 
-      - name: Build and push ${{ matrix.image }} image
+      - name: Build and push ${{matrix.image}} image
         uses: docker/build-push-action@v2
         with:
-          context: ${{ matrix.image }}
-          tags: ${{ steps.meta.outputs.tags }}
+          context: ${{matrix.image}}
+          tags: ${{steps.meta.outputs.tags}}
           push: true
 
   publish-workshop-base-image:
@@ -72,9 +72,9 @@ jobs:
         uses: actions/cache@v2
         with:
           path: /tmp/.buildx-cache
-          key: ${{ runner.os }}-buildx-base-environment-${{ github.sha }}
+          key: ${{runner.os}}-buildx-base-environment-${{github.sha}}
           restore-keys: |
-            ${{ runner.os }}-buildx-base-environment-
+            ${{runner.os}}-buildx-base-environment-
 
       - name: Generate container image metadata
         id: meta
@@ -91,15 +91,15 @@ jobs:
       - name: Login to GitHub container registry
         uses: docker/login-action@v1
         with:
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+          username: ${{github.actor}}
+          password: ${{secrets.GITHUB_TOKEN}}
           registry: ghcr.io
 
       - name: Build and push base-environment image
         uses: docker/build-push-action@v2
         with:
           context: workshop-images/base-environment
-          tags: ${{ steps.meta.outputs.tags }}
+          tags: ${{steps.meta.outputs.tags}}
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache-new
           push: true
@@ -139,16 +139,16 @@ jobs:
         uses: actions/cache@v2
         with:
           path: /tmp/.buildx-cache
-          key: ${{ runner.os }}-buildx-${{ matrix.image }}-${{ github.sha }}
+          key: ${{runner.os}}-buildx-${{matrix.image}}-${{github.sha}}
           restore-keys: |
-            ${{ runner.os }}-buildx-${{ matrix.image }}-
+            ${{runner.os}}-buildx-${{matrix.image}}-
 
       - name: Generate container image metadata
         id: meta
         uses: docker/metadata-action@v3
         with:
           images: |
-            ghcr.io/${{github.repository_owner}}/educates-${{ matrix.image }}
+            ghcr.io/${{github.repository_owner}}/educates-${{matrix.image}}
           tags: |
             type=ref,event=branch
             type=semver,pattern={{version}}
@@ -158,21 +158,21 @@ jobs:
       - name: Login to GitHub container registry
         uses: docker/login-action@v1
         with:
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+          username: ${{github.actor}}
+          password: ${{secrets.GITHUB_TOKEN}}
           registry: ghcr.io
 
-      - name: Build and push ${{ matrix.image }} image
+      - name: Build and push ${{matrix.image}} image
         uses: docker/build-push-action@v2
         with:
-          context: workshop-images/${{ matrix.image }}
+          context: workshop-images/${{matrix.image}}
           build-args: |
             IMAGE_REPOSITORY=ghcr.io/${{github.repository_owner}}
             BASE_IMAGE_NAME=educates-base-environment
-            PACKAGE_VERSION=${{ env.REPOSITORY_SHA_TAG }}
+            PACKAGE_VERSION=${{env.REPOSITORY_SHA_TAG}}
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache-new
-          tags: ${{ steps.meta.outputs.tags }}
+          tags: ${{steps.meta.outputs.tags}}
           push: true
 
       - name: Save Docker cache
@@ -181,7 +181,7 @@ jobs:
           mv /tmp/.buildx-cache-new /tmp/.buildx-cache
           du -ks /tmp/.buildx-cache
 
-  publish-carvel-bundle:
+  publish-carvel-bundles:
     name: Bundle
     runs-on: ubuntu-latest
     needs:
@@ -202,7 +202,29 @@ jobs:
           echo "REPOSITORY_TAG=${GITHUB_REF##*/}" >>${GITHUB_ENV}
           echo "REPOSITORY_SHA_TAG=sha-${GITHUB_SHA::7}" >>${GITHUB_ENV}
 
-      - name: Publish bundle
+      - name: Publish educates-cluster-essentials bundle
+        shell: bash
+        run: |
+          ytt -f carvel-packages/cluster-essentials/bundle/config | kbld -f - \
+            --imgpkg-lock-output carvel-packages/cluster-essentials/bundle/.imgpkg/images.yml
+          imgpkg push \
+            -b ghcr.io/${{github.repository_owner}}/educates-cluster-essentials:${{env.REPOSITORY_TAG}} \
+            -f carvel-packages/cluster-essentials/bundle \
+            --registry-username=${{github.actor}} \
+            --registry-password=${{secrets.GITHUB_TOKEN}}
+          ytt -f carvel-packages/cluster-essentials/config/package.yaml \
+            -f carvel-packages/training-platform/config/schema.yaml \
+            -v version=${{env.REPOSITORY_TAG}} \
+            -v imageRegistry.host=ghcr.io \
+            -v imageRegistry.namespace=${{github.repository_owner}} > educates-cluster-essentials.yaml
+
+      - name: Save educates-cluster-essentials.yaml
+        uses: actions/upload-artifact@v3
+        with:
+          name: educates-cluster-essentials.yaml
+          path: educates-cluster-essentials.yaml
+
+      - name: Publish educates-training-platform bundle
         shell: bash
         run: |
           ytt -f carvel-packages/training-platform/config/images.yaml \
@@ -222,26 +244,31 @@ jobs:
             -f carvel-packages/training-platform/config/schema.yaml \
             -v version=${{env.REPOSITORY_TAG}} \
             -v imageRegistry.host=ghcr.io \
-            -v imageRegistry.namespace=${{github.repository_owner}} > package.yaml
+            -v imageRegistry.namespace=${{github.repository_owner}} > educates-training-platform.yaml
 
-      - name: Save package.yaml
+      - name: Save educates-training-platform.yaml
         uses: actions/upload-artifact@v3
         with:
-          name: package.yaml
-          path: package.yaml
+          name: educates-training-platform.yaml
+          path: educates-training-platform.yaml
 
   release-carvel-packages:
     name: Release
     runs-on: ubuntu-latest
     if: startsWith(github.ref, 'refs/tags/')
     needs:
-      - publish-carvel-bundle
+      - publish-carvel-bundles
 
     steps:
-      - name: Restore package.yaml
+      - name: Restore educates-cluster-essentials.yaml
+        uses: actions/download-artifact@v3
+        with:
+          name: educates-cluster-essentials.yaml
+
+      - name: Restore educates-training-platform.yaml
         uses: actions/download-artifact@v3
         with:
-          name: package.yaml
+          name: educates-training-platform.yaml
 
       - name: Calculate variables
         shell: bash
@@ -252,19 +279,29 @@ jobs:
         id: create_release
         uses: actions/create-release@v1
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
         with:
           tag_name: ${{env.REPOSITORY_TAG}}
-          release_name: "educates-training-platform:${{env.REPOSITORY_TAG}}"
+          release_name: "educates:${{env.REPOSITORY_TAG}}"
           draft: false
           prerelease: false
 
-      - name: Upload app.yaml
+      - name: Upload educates-cluster-essentials.yaml
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+        with:
+          upload_url: ${{steps.create_release.outputs.upload_url}}
+          asset_path: educates-cluster-essentials.yaml
+          asset_name: educates-cluster-essentials-${{env.REPOSITORY_TAG}}.yaml
+          asset_content_type: text/yaml
+
+      - name: Upload educates-training-platform.yaml
         uses: actions/upload-release-asset@v1
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
         with:
-          upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: package.yaml
-          asset_name: educates-${{ env.REPOSITORY_TAG }}.yaml
+          upload_url: ${{steps.create_release.outputs.upload_url}}
+          asset_path: educates-training-platform.yaml
+          asset_name: educates-training-platform-${{env.REPOSITORY_TAG}}.yaml
           asset_content_type: text/yaml
diff --git a/Makefile b/Makefile
@@ -82,6 +82,41 @@ build-secrets-manager:
 push-secrets-manager: build-secrets-manager
 	docker push $(IMAGE_REPOSITORY)/educates-secrets-manager:$(PACKAGE_VERSION)
 
+verify-cluster-essentials-config:
+ifneq ("$(wildcard testing/values.yaml)","")
+	@ytt --file carvel-packages/cluster-essentials/bundle/config --data-values-file testing/values.yaml
+else
+	@ytt --file carvel-packages/cluster-essentials/bundle/config
+endif
+
+push-cluster-essentials-bundle:
+	ytt -f carvel-packages/cluster-essentials/bundle/config | kbld -f - --imgpkg-lock-output carvel-packages/cluster-essentials/bundle/.imgpkg/images.yml
+	imgpkg push -b $(IMAGE_REPOSITORY)/educates-cluster-essentials:$(RELEASE_VERSION) -f carvel-packages/cluster-essentials/bundle
+	mkdir -p testing
+	ytt -f carvel-packages/cluster-essentials/config/package.yaml -f carvel-packages/cluster-essentials/config/schema.yaml -v imageRegistry.host=$(IMAGE_REPOSITORY) -v version=$(RELEASE_VERSION) > testing/educates-cluster-essentials.yaml
+
+deploy-cluster-essentials:
+ifneq ("$(wildcard testing/values.yaml)","")
+	ytt --file carvel-packages/cluster-essentials/bundle/config --data-values-file testing/values.yaml | kapp deploy -a educates-cluster-essentials -f - -y
+else
+	ytt --file carvel-packages/cluster-essentials/bundle/config | kapp deploy -a educates-cluster-essentials -f - -y
+endif
+
+delete-cluster-essentials:
+	kapp delete -a educates-cluster-essentials -y
+
+deploy-cluster-essentials-bundle:
+	kubectl apply -f carvel-packages/cluster-essentials/config/metadata.yaml
+	kubectl apply -f testing/educates-cluster-essentials.yaml
+ifneq ("$(wildcard testing/values.yaml)","")
+	kctrl package install --package-install educates-cluster-essentials --package cluster-essentials.educates.dev --version $(RELEASE_VERSION) --values-file testing/values.yaml
+else
+	kctrl package install --package-install educates-cluster-essentials --package cluster-essentials.educates.dev --version $(RELEASE_VERSION)
+endif
+
+delete-cluster-essentials-bundle:
+	kctrl package installed delete --package-install educates-cluster-essentials -y
+
 verify-training-platform-config:
 ifneq ("$(wildcard testing/values.yaml)","")
 	@ytt --file carvel-packages/training-platform/bundle/config --data-values-file testing/values.yaml

diff --git a/carvel-packages/cluster-essentials/bundle/.imgpkg/bundle.yml b/carvel-packages/cluster-essentials/bundle/.imgpkg/bundle.yml
@@ -0,0 +1,10 @@
+---
+apiVersion: imgpkg.carvel.dev/v1alpha1
+kind: Bundle
+metadata:
+  name: educates-cluster-essentials
+authors:
+- name: Graham Dumpleton
+  email: [email protected]
+websites:
+- url: github.com/vmware-tanzu-labs/educates-cluster-essentials
diff --git a/carvel-packages/cluster-essentials/bundle/.imgpkg/images.yml b/carvel-packages/cluster-essentials/bundle/.imgpkg/images.yml
@@ -0,0 +1,32 @@
+---
+apiVersion: imgpkg.carvel.dev/v1alpha1
+images:
+- annotations:
+    kbld.carvel.dev/id: docker.io/envoyproxy/envoy:v1.21.1
+    kbld.carvel.dev/origins: |
+      - resolved:
+          tag: v1.21.1
+          url: docker.io/envoyproxy/envoy:v1.21.1
+  image: index.docker.io/envoyproxy/envoy@sha256:e9ad4cde73ffb01402c4e3fb6ce1a764d9e84650230135b88495f30904a378fc
+- annotations:
+    kbld.carvel.dev/id: ghcr.io/kyverno/kyverno:v1.6.2
+    kbld.carvel.dev/origins: |
+      - resolved:
+          tag: v1.6.2
+          url: ghcr.io/kyverno/kyverno:v1.6.2
+  image: ghcr.io/kyverno/kyverno@sha256:7aca776923bc2b51ababa0e46a449735844f21f30d7bf4dd2b7af3b75bbf97e1
+- annotations:
+    kbld.carvel.dev/id: ghcr.io/kyverno/kyvernopre:v1.6.2
+    kbld.carvel.dev/origins: |
+      - resolved:
+          tag: v1.6.2
+          url: ghcr.io/kyverno/kyvernopre:v1.6.2
+  image: ghcr.io/kyverno/kyvernopre@sha256:9210369113c14788b4394722c4e0afab15058f5a1db18e5f4c39da52c9dc8685
+- annotations:
+    kbld.carvel.dev/id: ghcr.io/projectcontour/contour:v1.20.1
+    kbld.carvel.dev/origins: |
+      - resolved:
+          tag: v1.20.1
+          url: ghcr.io/projectcontour/contour:v1.20.1
+  image: ghcr.io/projectcontour/contour@sha256:6e6c6cbe03eba0df8987da4cac2712845f66c496185383d8768f19b40be26125
+kind: ImagesLock