Merge pull request #52 from ibuildthecloud/master

Rework install and bootstrap

charts/fleet-agent/Chart.yaml

@@ -0,0 +1,10 @@
+apiVersion: v2
+name: fleet-agent
+description: Fleet Manager Agent - GitOps at Scale
+version: 0.0.0
+appVersion: 0.0.0
+icon: https://charts.rancher.io/assets/logos/fleet.svg
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/namespace: fleet-system
+  catalog.cattle.io/release-name: fleet-agent

charts/fleet-agent/custom-values.yaml

@@ -0,0 +1,16 @@
+apiServerCA: |-
+  -----BEGIN CERTIFICATE-----
+  MIIBVzCB/qADAgECAgEAMAoGCCqGSM49BAMCMCMxITAfBgNVBAMMGGszcy1zZXJ2
+  ZXItY2FAMTU5ODAzMDYyMzAeFw0yMDA4MjExNzIzNDNaFw0zMDA4MTkxNzIzNDNa
+  MCMxITAfBgNVBAMMGGszcy1zZXJ2ZXItY2FAMTU5ODAzMDYyMzBZMBMGByqGSM49
+  AgEGCCqGSM49AwEHA0IABDHKZIafRCXRq+tRowJ5yR8LCg8Cc/mh8VorTG4focTG
+  luOjmaaiYjFGz0Ck4JPffrW0TZrvKDIX+3rBDtk+tmWjIzAhMA4GA1UdDwEB/wQE
+  AwICpDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0gAMEUCIAjPm+V9iBNn
+  ywca9cR/AFIavdlRrUjai/dY2mRcYhs9AiEA1pWWyqcT7ACX9v0KmVsOi/EKLxMJ
+  QT33NgiIfaNsdcM=
+  -----END CERTIFICATE-----
+apiServerURL: https://172.17.0.1:6443
+clusterNamespace: fleet-local
+token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjVRdHRIejdaUk5TLW1HSmJRejFMVFRZaV9mMzQwdmEyVWNUaGNVMllHZTQifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJmbGVldC1sb2NhbCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJpbXBvcnQtdG9rZW4tbG9jYWwtNmU1YmM4Y2EtY2U1Mi00OGQyLTk4MDktMTJjY2U4MjAwOTFkLXRvNTlnOXQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiaW1wb3J0LXRva2VuLWxvY2FsLTZlNWJjOGNhLWNlNTItNDhkMi05ODA5LTEyY2NlODIwMDkxZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjNlY2I3M2VhLWEzZDYtNGQxYi04NGUzLThlNTAyNjBmNGMxNSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpmbGVldC1sb2NhbDppbXBvcnQtdG9rZW4tbG9jYWwtNmU1YmM4Y2EtY2U1Mi00OGQyLTk4MDktMTJjY2U4MjAwOTFkIn0.UqtXqt7X9bTagPwSPXbuSvzb-aKUAA2A4IpROuL7eCGMMkezuf67jXg1pDasXDa5X_8IOeD3ge1L9X5x07BPuf49k9YaOLvnxxLq1fIt_YARiXylF_wdu3qx2GXQau0ewvF4c0ufyYdLMlPnNkz0WEkaRHi9gb6sBcokpBgwsuAS7kWDXGYEAcm0hhgsZmdGVWCdqltAfPfegY_BlrJCcuncnIEsXlyCuDBcSpEUJ76DPLK5CojfhTK27ijiEHr7LZnnLioxiV4CV4fpiyZCEonWfNlQle23fPQ67U4ThXoJl87Nc6A7muYg0K0yM6ANx2F_jWCPz65FIgxR7sBOyA
+labels:
+  foo: bar

charts/fleet-agent/templates/configmap.yaml

@@ -0,0 +1,11 @@
+{{if .Values.labels }}
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: fleet-agent
+data:
+  config: |-
+    {
+      "labels":{{toJson .Values.labels}}
+    }
+{{end}}

charts/fleet-agent/templates/deployment.yaml

@@ -0,0 +1,22 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: fleet-agent
+spec:
+  selector:
+    matchLabels:
+      app: fleet-agent
+  template:
+    metadata:
+      labels:
+        app: fleet-agent
+    spec:
+      containers:
+      - env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        image: {{.Values.image.repository}}:{{.Values.image.tag}}
+        name: fleet-agent
+      serviceAccountName: fleet-agent

charts/fleet-agent/templates/rbac.yaml

@@ -0,0 +1,25 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: fleet-agent-system-fleet-agent-role
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - '*'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: fleet-agent-system-fleet-agent-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: fleet-agent-system-fleet-agent-role
+subjects:
+- kind: ServiceAccount
+  name: fleet-agent
+  namespace: {{.Release.Namespace}}

charts/fleet-agent/templates/secret.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+data:
+  clusterNamespace: "{{b64enc .Values.clusterNamespace}}"
+  token: "{{b64enc .Values.token}}"
+  apiServerURL: "{{b64enc .Values.apiServerURL}}"
+  apiServerCA: "{{b64enc .Values.apiServerCA}}"
+kind: Secret
+metadata:
+  name: fleet-agent-bootstrap

chart/templates/serviceaccount.yaml → charts/fleet-agent/templates/serviceaccount.yaml

@@ -1,4 +1,4 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: fleet-controller
+  name: fleet-agent

charts/fleet-agent/templates/validate.yaml

@@ -0,0 +1,7 @@
+{{if ne .Release.Namespace .Values.internal.systemNamespace }}
+{{ fail "This chart must be installed in the namespace fleet-system as the release name fleet-agent" }}
+{{end}}
+
+{{if ne .Release.Name .Values.internal.managedReleaseName }}
+{{ fail "This chart must be installed in the namespace fleet-system as the release name fleet-agent" }}
+{{end}}

charts/fleet-agent/values.yaml

@@ -0,0 +1,23 @@
+image:
+  repository: rancher/fleet-agent
+  tag: dev
+
+# The public URL of the Kubernetes API server running the Fleet Manager must be set here
+# Example: https://example.com:6443
+apiServerURL: ""
+
+# The the pem encoded value of the CA of the Kubernetes API server running the Fleet Manager.
+# If left empty it is assumed this Kubernetes API TLS is signed by a well known CA.
+apiServerCA: ""
+
+# The cluster registration value
+token: ""
+
+# Labels to add to the cluster upon registration only. They are not added after the fact.
+#labels:
+#  foo: bar
+
+# Please do not change the below setting unless you really know what you are doing
+internal:
+  systemNamespace: fleet-system
+  managedReleaseName: fleet-agent

charts/fleet-crd/Chart.yaml

@@ -0,0 +1,12 @@
+apiVersion: v2
+name: fleet-crd
+description: Fleet Manager CustomResourceDefinitions
+version: 0.0.0
+appVersion: 0.0.0
+icon: https://charts.rancher.io/assets/logos/fleet.svg
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "false"
+  catalog.cattle.io/namespace: fleet-system
+  catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1
+  catalog.cattle.io/release-name: fleet-crd

charts/fleet/Chart.yaml

@@ -0,0 +1,12 @@
+apiVersion: v2
+name: fleet
+description: Fleet Manager - GitOps at Scale
+version: 0.0.0
+appVersion: 0.0.0
+icon: https://charts.rancher.io/assets/logos/fleet.svg
+annotations:
+  catalog.cattle.io/auto-install-gvr: clusters.fleet.cattle.io/v1alpha1
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/experimental: "true"
+  catalog.cattle.io/namespace: fleet-system
+  catalog.cattle.io/release-name: fleet

chart/charts/gitjob/Chart.yaml → charts/fleet/charts/gitjob/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: 0.0.1-rc3
+appVersion: 0.0.1-rc4
 description: Controller that run jobs based on git events
 name: gitjob
-version: 0.0.1-rc3
+version: 0.0.1-rc4

chart/charts/gitjob/crds/crds.yaml → charts/fleet/charts/gitjob/crds/crds.yaml

@@ -3167,8 +3167,20 @@ spec:
             event:
               nullable: true
               type: string
-            initialized:
-              type: boolean
+            hookId:
+              nullable: true
+              type: string
+            jobStatus:
+              nullable: true
+              type: string
+            lastExecutedCommit:
+              nullable: true
+              type: string
+            observedGeneration:
+              type: integer
+            secretToken:
+              nullable: true
+              type: string
           type: object
       type: object
   version: v1

chart/charts/gitjob/values.yaml → charts/fleet/charts/gitjob/values.yaml

@@ -1,3 +1,3 @@
 image:
   repository: rancher/gitjob
-  tag: v0.0.1-rc3
+  tag: v0.0.1-rc4

chart/templates/configmap.yaml → charts/fleet/templates/configmap.yaml

@@ -8,7 +8,7 @@ data:
       "agentImage": "{{.Values.agentImage.repository}}:{{.Values.agentImage.tag}}",
       "agentImagePullPolicy": "{{ .Values.agentImage.imagePullPolicy }}",
       "apiServerURL": "{{.Values.apiServerURL}}",
-      "apiServerCA": "{{.Values.apiServerCA}}",
+      "apiServerCA": "{{b64enc .Values.apiServerCA}}",
       "bootstrap": {
         "dirs": "{{.Values.bootstrap.dirs}}",
         "repo": "{{.Values.bootstrap.repo}}",

chart/templates/rbac.yaml → charts/fleet/templates/rbac.yaml

@@ -1,7 +1,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: fleet-system-fleet-controller-role
+  name: fleet-controller
 rules:
 - apiGroups:
   - gitjob.cattle.io
@@ -50,11 +50,11 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: fleet-system-fleet-controller-role-binding
+  name: fleet-controller
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: fleet-system-fleet-controller-role
+  name: fleet-controller
 subjects:
 - kind: ServiceAccount
   name: fleet-controller
@@ -64,7 +64,7 @@ subjects:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name: fleet-system-fleet-controller-role
+  name: fleet-controller
 rules:
 - apiGroups:
   - ""
@@ -77,12 +77,37 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: fleet-system-fleet-controller-role-binding
+  name: fleet-controller
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: fleet-system-fleet-controller-role
+  name: fleet-controller
 subjects:
 - kind: ServiceAccount
   name: fleet-controller
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: fleet-controller-bootstrap
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: fleet-controller-bootstrap
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: fleet-controller-bootstrap
+subjects:
+- kind: ServiceAccount
+  name: fleet-controller-bootstrap
   namespace: {{.Release.Namespace}}

charts/fleet/templates/serviceaccount.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: fleet-controller
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: fleet-controller-bootstrap

charts/fleet/values.yaml

@@ -0,0 +1,26 @@
+image:
+  repository: ibuildthecloud/fleet
+  tag: dev
+  imagePullPolicy: Always
+
+agentImage:
+  repository: ibuildthecloud/fleet-agent
+  tag: dev
+  imagePullPolicy: Always
+
+# For cluster registration the public URL of the Kubernetes API server must be set here
+# Example: https://example.com:6443
+apiServerURL: ""
+
+# For cluster auto registration the pem encoded value of the CA of the Kubernetes API server must be set here
+# If left empty it is assumed this Kubernetes API TLS is signed by a well known CA.
+apiServerCA: ""
+
+githubURLPrefix: https://github.com
+webhookReceiverURL: ""
+bootstrap:
+  repo: ""
+  secret: ""
+  branch: master
+  dirs: ""
+  namespace: fleet-local

generate.go

@@ -1,5 +1,5 @@
 //go:generate go run pkg/codegen/cleanup/main.go
 //go:generate go run pkg/codegen/main.go
-//go:generate go run main.go install manager --crds-only -o ./chart/crds/crds.yaml
+//go:generate go run ./pkg/codegen crds ./build/charts/fleet-crd/templates/crds.yaml
 
 package main

go.mod

@@ -11,18 +11,18 @@ require (
 	github.com/cheggaaa/pb v1.0.27
 	github.com/hashicorp/go-getter v1.4.1
 	github.com/pkg/errors v0.9.1
-	github.com/rancher/gitjob v0.0.1-rc3.0.20200820235336-38f81e7b4b99
-	github.com/rancher/lasso v0.0.0-20200807231317-fff0364fb3f6
-	github.com/rancher/wrangler v0.6.2-0.20200815035759-cd3dc18ad392
+	github.com/rancher/gitjob v0.0.1-rc4
+	github.com/rancher/lasso v0.0.0-20200820172840-0e4cc0ef5cb0
+	github.com/rancher/wrangler v0.6.2-0.20200822010948-6d667521af49
 	github.com/rancher/wrangler-cli v0.0.0-20200815040857-81c48cf8ab43
 	github.com/sirupsen/logrus v1.6.0
 	github.com/spf13/cobra v1.0.0
 	golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a
 	helm.sh/helm/v3 v3.0.0
-	k8s.io/api v0.18.4
-	k8s.io/apimachinery v0.18.4
+	k8s.io/api v0.18.8
+	k8s.io/apimachinery v0.18.8
 	k8s.io/cli-runtime v0.18.4
-	k8s.io/client-go v0.18.4
+	k8s.io/client-go v0.18.8
 	rsc.io/letsencrypt v0.0.3 // indirect
 	sigs.k8s.io/kustomize/api v0.3.3-0.20200328155553-20184e9835c7
 	sigs.k8s.io/kustomize/kstatus v0.0.2