Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deploy policies as an app #6

Merged
merged 22 commits into from
Mar 31, 2021
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
Add structure and CI for app packaging
stone-z committed Mar 25, 2021
commit ac4a77191e07d92af6b85ce503f51954c679f852
120 changes: 120 additions & 0 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,120 @@

version: 2.1

orbs:
architect: giantswarm/architect@2.4.2

jobs:
build:
docker:
- image: quay.io/giantswarm/architect
steps:
- checkout
- run:
name: Install kustomize
command: |
CGO_ENABLED=0 go install sigs.k8s.io/kustomize/kustomize/v3
# - run:
# name: Install releaseNotesURLTransformer kustomize plugin
# command: |
# CGO_ENABLED=0 go get github.com/giantswarm/kustomize-plugin-releasenotesurlannotationtransformer@v0.2.0
# mkdir -p "$PLUGIN_PATH"
# cp /go/bin/kustomize-plugin-releasenotesurlannotationtransformer "$PLUGIN_PATH/releaseNotesURLAnnotationTransformer"
# environment:
# PLUGIN_PATH: "./kustomize/plugin/giantswarm.io/v1/releasenotesurlannotationtransformer"
- run:
name: Kustomize helm charts
command: |
export XDG_CONFIG_HOME=$(pwd)
for i in aws azure common kvm vmware; do mkdir -p helm/policies-$i/templates; kustomize build --enable_alpha_plugins ./$i > helm/policies-$i/templates/policies.yaml; done
- persist_to_workspace:
root: .
paths:
- helm
# validate:
# docker:
# - image: quay.io/giantswarm/architect
# steps:
# - checkout
# - run:
# name: Validate policies
# command: CGO_ENABLED=0 go test ./...

workflows:
workflow:
jobs:
- validate
- build
# KVM
- architect/push-to-app-catalog:
name: push-policies-kvm-to-policies-catalog
app_catalog: policies-test-catalog
app_catalog_test: policies-test-catalog
attach_workspace: true
chart: policies-kvm
explicit_allow_chart_name_mismatch: true
on_tag: false
requires:
- build
- validate
# - architect/push-to-app-collection:
# name: push-policies-to-kvm-app-collection
# app_catalog: policies
# app_name: policies-kvm
# app_collection_repo: kvm-app-collection
# requires:
# - push-policies-kvm-to-policies-catalog
# filters:
# # Trigger the job on merge to master.
# branches:
# only: master
# AWS
- architect/push-to-app-catalog:
name: push-policies-aws-to-policies-catalog
app_catalog: policies-test-catalog
app_catalog_test: policies-test-catalog
attach_workspace: true
chart: policies-aws
explicit_allow_chart_name_mismatch: true
on_tag: false
requires:
- build
- validate
- push-policies-kvm-to-policies-catalog
# - architect/push-to-app-collection:
# name: push-policies-to-aws-app-collection
# app_catalog: policies
# app_name: policies-aws
# app_collection_repo: aws-app-collection
# requires:
# - push-policies-aws-to-policies-catalog
# # - push-policies-to-kvm-app-collection
# filters:
# # Trigger the job on merge to master.
# branches:
# only: master
# Azure
- architect/push-to-app-catalog:
name: push-policies-azure-to-policies-catalog
app_catalog: policies-test-catalog
app_catalog_test: policies-test-catalog
attach_workspace: true
chart: policies-azure
explicit_allow_chart_name_mismatch: true
on_tag: false
requires:
- build
- validate
- push-policies-aws-to-policies-catalog
# - architect/push-to-app-collection:
# name: push-policies-to-azure-app-collection
# app_catalog: policies
# app_name: policies-azure
# app_collection_repo: azure-app-collection
# requires:
# - push-policies-azure-to-policies-catalog
# # - push-policies-to-aws-app-collection
# filters:
# # Trigger the job on merge to master.
# branches:
# only: master
File renamed without changes.
File renamed without changes.
File renamed without changes.
4 changes: 4 additions & 0 deletions aws/CAPI/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
resources:
- AWSCluster.yaml
- AWSMachine.yaml
- AWSMachineTemplate.yaml
2 changes: 2 additions & 0 deletions aws/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
resources:
- CAPI
File renamed without changes.
File renamed without changes.
File renamed without changes.
4 changes: 4 additions & 0 deletions azure/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
resources:
- AzureCluster.yaml
- AzureMachine.yaml
- AzureMachineDeployment.yaml
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
7 changes: 7 additions & 0 deletions common/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
resources:
- Cluster.yaml
- ClusterResourceSet.yaml
- ClusterResourceSetBinding.yaml
- KubeadmConfig.yaml
- KubeadmConfigTemplate.yaml
- KubeadmControlplane.yaml
6 changes: 6 additions & 0 deletions helm/policies-aws/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
apiVersion: v1
name: policies-aws
version: [[ .Version ]]
appVersion: master
description: Giant Swarm policies for aws.
home: https://github.com/giantswarm/clusterpolicies
Empty file added helm/policies-aws/values.yaml
Empty file.
6 changes: 6 additions & 0 deletions helm/policies-azure/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
apiVersion: v1
name: policies-azure
version: [[ .Version ]]
appVersion: master
description: Giant Swarm policies for azure.
home: https://github.com/giantswarm/clusterpolicies
Empty file.
6 changes: 6 additions & 0 deletions helm/policies-common/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
apiVersion: v1
name: policies-common
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to prefix everything with policies? Especially for folders it seems redundant as the repo is already called clusterpolicies

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In places where the name is actually used I think it will make more sense. Like with opsctl it would currently be opsctl deploy -i <whatever> policies-kvm. I tried to keep this similar to the releases structure

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I understand that - but the folders in releases also don't have a prefix. Maybe I am missing something.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The folders for the actual helm charts do https://github.com/giantswarm/releases/tree/master/helm

The outer folders are kustomized in, which we can't do with ClusterPolicy CRs because it alphabetizes things and re-quotes strings which break kyverno

version: [[ .Version ]]
appVersion: master
description: Giant Swarm policies for all clusters.
home: https://github.com/giantswarm/clusterpolicies
Empty file.
6 changes: 6 additions & 0 deletions helm/policies-kvm/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
apiVersion: v1
name: policies-kvm
version: [[ .Version ]]
appVersion: master
description: Giant Swarm policies for kvm.
home: https://github.com/giantswarm/clusterpolicies
Empty file added helm/policies-kvm/values.yaml
Empty file.
6 changes: 6 additions & 0 deletions helm/policies-vmware/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
apiVersion: v1
name: policies-vmware
version: [[ .Version ]]
appVersion: master
description: Giant Swarm policies for vmware.
home: https://github.com/giantswarm/clusterpolicies
Empty file.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
5 changes: 5 additions & 0 deletions vmware/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
resources:
- VSphereCluster.yaml
- VSphereMachine.yaml
- VSphereMachineTemplate.yaml
- VSphereVM.yaml