Merge pull request #347 from openinfradev/stack_creation

feature. add policy for creating stack

deploy_apps/tks-lma-federation-wftpl.yaml

@@ -28,7 +28,7 @@ spec:
     - name: console_url
       value: "https://tks-console-dev.taco-cat.xyz"
     - name: alert_tks
-      value: "https://tks-api-dev.taco-cat.xyz/system-api/1.0/alerts"
+      value: "https://tks-api-dev.taco-cat.xyz/system-api/1.0/system-notifications"
     - name: alert_slack
       value: "https://hooks.slack.com/services/fixme"
     ##########################

deploy_apps/tks-primary-cluster.yaml

@@ -383,6 +383,8 @@ spec:
 
           cd -
         done
+
+        ls
         yq -i e  ".global.tksIamRoles=[${iamRoles}]" ${primary_cluster}/${primary_cluster}/lma/site-values.yaml
 
         git config --global user.name "tks"

tks-cli/tks-cli.yaml

@@ -12,7 +12,7 @@ spec:
   - name: login-tks-api
     container:
       name: login-tks-api
-      image: harbor.taco-cat.xyz/tks/tks-e2e-test:v3.1.4
+      image: harbor.taco-cat.xyz/tks/tks-e2e-test:v3.2.0
       envFrom:
       - secretRef:
           name: "tks-api-secret"       
@@ -31,7 +31,7 @@ spec:
       - name: description
     container:
       name: create-organization
-      image: harbor.taco-cat.xyz/tks/tks-e2e-test:v3.1.4
+      image: harbor.taco-cat.xyz/tks/tks-e2e-test:v3.2.0
       envFrom:
       - secretRef:
           name: "tks-api-secret"       
@@ -93,7 +93,7 @@ spec:
       - name: cluster_endpoint
     container:
       name: create-usercluster
-      image: harbor.taco-cat.xyz/tks/tks-e2e-test:v3.1.4
+      image: harbor.taco-cat.xyz/tks/tks-e2e-test:v3.2.0
       envFrom:
       - secretRef:
           name: "tks-api-secret"       
@@ -162,7 +162,7 @@ spec:
       - name: organization_id
     container:
       name: install-usercluster
-      image: harbor.taco-cat.xyz/tks/tks-e2e-test:v3.1.4
+      image: harbor.taco-cat.xyz/tks/tks-e2e-test:v3.2.0
       envFrom:
       - secretRef:
           name: "tks-api-secret"       
@@ -215,7 +215,7 @@ spec:
       - name: cluster_id
     container:
       name: delete-usercluster
-      image: harbor.taco-cat.xyz/tks/tks-e2e-test:v3.1.4
+      image: harbor.taco-cat.xyz/tks/tks-e2e-test:v3.2.0
       envFrom:
       - secretRef:
           name: "tks-api-secret"       
@@ -258,7 +258,7 @@ spec:
       - name: description
     container:
       name: create-appgroup
-      image: harbor.taco-cat.xyz/tks/tks-e2e-test:v3.1.4
+      image: harbor.taco-cat.xyz/tks/tks-e2e-test:v3.2.0
       envFrom:
       - secretRef:
           name: "tks-api-secret"       
@@ -308,7 +308,7 @@ spec:
       - name: appgroup_id
     container:
       name: delete-appgroup
-      image: harbor.taco-cat.xyz/tks/tks-e2e-test:v3.1.4
+      image: harbor.taco-cat.xyz/tks/tks-e2e-test:v3.2.0
       envFrom:
       - secretRef:
           name: "tks-api-secret"       
@@ -348,7 +348,7 @@ spec:
       - name: name
     container:
       name: get-appgroup-id
-      image: harbor.taco-cat.xyz/tks/tks-e2e-test:v3.1.4
+      image: harbor.taco-cat.xyz/tks/tks-e2e-test:v3.2.0
       envFrom:
       - secretRef:
           name: "tks-api-secret"       

tks-cluster/aws-cluster-autoscaler-iam.yaml

@@ -141,8 +141,8 @@ spec:
 
         eksctl delete iamserviceaccount --cluster $CLUSTER_ID --name cluster-autoscaler --namespace kube-system
 
-        oidc_id=$(aws eks describe-cluster --name $CLUSTER_ID --query "cluster.identity.oidc.issuer" --output text | cut -d '/' -f 5)
-        aws iam delete-open-id-connect-provider --open-id-connect-provider-arn arn:aws:iam::$AWS_ACCOUNT_ID:$oidc_id
+        oidc_id=$(aws eks describe-cluster --name $CLUSTER_ID --query "cluster.identity.oidc.issuer" --output text | cut -d '/' -f3-5)
+        aws iam delete-open-id-connect-provider --open-id-connect-provider-arn arn:aws:iam::$AWS_ACCOUNT_ID:oidc-provider/$oidc_id
 
         aws iam detach-role-policy --role-name cluster-autoscaler-$CLUSTER_ID --policy-arn arn:aws:iam::$AWS_ACCOUNT_ID:policy/cluster-autoscaler-$CLUSTER_ID
         aws iam delete-role --role-name cluster-autoscaler-$CLUSTER_ID

tks-cluster/create-usercluster-wftpl.yaml

@@ -30,7 +30,7 @@ spec:
       - name: base_repo_branch
         value: "main"
       - name: keycloak_url
-        value: 'https://keycloak.yourdomain.org/auth'
+        value: "https://keycloak.yourdomain.org/auth"
 
   volumes:
     - name: kubeconfig-adm
@@ -399,10 +399,10 @@ spec:
               template: deploy
             arguments:
               parameters:
-              - name: cluster_id
-                value: '{{workflow.parameters.cluster_id}}'
-              - name: appname
-                value: 'policy-resources'
+                - name: cluster_id
+                  value: "{{workflow.parameters.cluster_id}}"
+                - name: appname
+                  value: "policy-resources"
             # when: "{{steps.get-clusters-in-contract.outputs.parameters.primary_cluster}} != '' && {{workflow.parameters.cluster_id}} != {{steps.get-clusters-in-contract.outputs.parameters.primary_cluster}}"
 
     #######################
@@ -676,7 +676,7 @@ spec:
             case $INFRA_PROVIDER in
               aws)
                 # check whether admin cluster is managed or not
-                kcp_count=$(kubectl get kcp -n default $CLUSTER | grep -v NAME | wc -l)
+                kcp_count=$(kubectl get kcp -n default $CLUSTER-control-plane | grep -v NAME | wc -l)
                 awsmcp_count=$(kubectl get awsmcp -n default $CLUSTER | grep -v NAME | wc -l)
 
                 if [ $kcp_count = 1 ]; then # Self-managed control plane cluster
@@ -724,4 +724,3 @@ spec:
             kubectl --kubeconfig kubeconfig_temp apply -f https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/master/client/config/crd/snapshot.storage.k8s.io_volumesnapshotclasses.yaml -n kube-system
             kubectl --kubeconfig kubeconfig_temp apply -f https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/master/client/config/crd/snapshot.storage.k8s.io_volumesnapshotcontents.yaml -n kube-system
             kubectl --kubeconfig kubeconfig_temp apply -f https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/master/client/config/crd/snapshot.storage.k8s.io_volumesnapshots.yaml -n kube-system
-

tks-stack/tks-stack-create.yaml

@@ -31,6 +31,8 @@ spec:
       value: develop
     - name: cluster_endpoint
       value: ""
+    - name: policy_ids
+      value: ""
 
   templates:
   - name: main
@@ -64,6 +66,8 @@ spec:
             value: "{{workflow.parameters.cloud_service}}"
           - name: cluster_endpoint
             value: "{{workflow.parameters.cluster_endpoint}}"
+          - name: policy_ids
+            value: "{{workflow.parameters.policy_ids}}"
 
     - - name: call-create-appgroup-for-LMA
         templateRef:

tks_info/get-tks-stack-template-wftpl.yaml

@@ -58,7 +58,7 @@ spec:
             return resJson['user']['token']
 
 
-        res = requests.get(TKS_API_URL+"/api/1.0/stack-templates/" + STACK_TEMPLATE_ID, headers={"Authorization": "Bearer " + getToken(), "Content-Type" : "application/json"} )
+        res = requests.get(TKS_API_URL+"/api/1.0/admin/stack-templates/" + STACK_TEMPLATE_ID, headers={"Authorization": "Bearer " + getToken(), "Content-Type" : "application/json"} )
         if res.status_code != 200 :
             sys.exit('Failed to get stackTemplate')
 

tks_info/tks-check-node.yaml

@@ -58,7 +58,7 @@ spec:
             return resJson['user']['token']
 
 
-        res = requests.get(TKS_API_URL+"/api/1.0/stack-templates/" + STACK_TEMPLATE_ID, headers={"Authorization": "Bearer " + getToken(), "Content-Type" : "application/json"} )
+        res = requests.get(TKS_API_URL+"/api/1.0/admin/stack-templates/" + STACK_TEMPLATE_ID, headers={"Authorization": "Bearer " + getToken(), "Content-Type" : "application/json"} )
         if res.status_code != 200 :
             sys.exit('Failed to get stackTemplate')