Skip to content

Commit

Permalink
feature: add flux install for ocm controller (#512)
Browse files Browse the repository at this point in the history 
Closes #510
  • Loading branch information
@Skarlso
Skarlso authored Sep 24, 2024
1 parent 71503e5 commit 1707e8e
Show file tree
Hide file tree
Showing 21 changed files with 220 additions and 13 deletions.
7 changes: 7 additions & 0 deletions deploy/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,3 +15,10 @@ helm upgrade -i --wait --create-namespace -n ocm-system ocm-controller \

The project is using plain Helm Values files for configuration options.
Check out the default values for the chart [here](https://raw.githubusercontent.com/open-component-model/ocm-controller/main/ocm-controller/values.yaml).

## Flux Install

We can also use Flux to install ocm-controller and all of its prerequisites
which are the certificates and cert-manager.

To see how it's done, take a look at the script under [flux/script.sh](./flux/script.sh).
33 changes: 33 additions & 0 deletions deploy/flux/cert-manager/cert-manager.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: cert-manager
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
name: cert-manager
namespace: cert-manager
spec:
interval: 24h
url: https://charts.jetstack.io
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: cert-manager
namespace: cert-manager
spec:
interval: 30m
chart:
spec:
chart: cert-manager
version: "1.x"
sourceRef:
kind: HelmRepository
name: cert-manager
namespace: cert-manager
interval: 12h
values:
installCRDs: true
4 changes: 4 additions & 0 deletions deploy/flux/cert-manager/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cert-manager.yaml
42 changes: 42 additions & 0 deletions deploy/flux/config/cluster_issuer.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: ocm-bootstrap-issuer
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: ocm-bootstrap-certificate
namespace: cert-manager
spec:
# this is discouraged but required by ios
commonName: cert-manager-ocm-tls
isCA: true
secretName: ocm-registry-tls-certs
subject:
organizations:
- ocm.software
dnsNames:
- registry.ocm-system.svc.cluster.local
- localhost
ipAddresses:
- 127.0.0.1
- ::1
privateKey:
algorithm: RSA
encoding: PKCS8
size: 2048
issuerRef:
name: ocm-bootstrap-issuer
kind: ClusterIssuer
group: cert-manager.io
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: ocm-certificate-issuer
spec:
ca:
secretName: ocm-registry-tls-certs
4 changes: 4 additions & 0 deletions deploy/flux/config/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cluster_issuer.yaml
50 changes: 50 additions & 0 deletions deploy/flux/infra/controller_kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: ocm-controllers
namespace: flux-system
spec:
interval: 1h
retryInterval: 10m
timeout: 15m
sourceRef:
kind: GitRepository
name: flux-system
path: ./deploy/flux/ocm-controller
prune: true
wait: true
dependsOn:
- name: cert-manager-config
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cert-manager
namespace: flux-system
spec:
interval: 1h
retryInterval: 10m
timeout: 15m
sourceRef:
kind: GitRepository
name: flux-system
path: ./deploy/flux/cert-manager
prune: true
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: cert-manager-config
namespace: flux-system
spec:
dependsOn:
- name: cert-manager
interval: 1h
retryInterval: 10m
timeout: 15m
sourceRef:
kind: GitRepository
name: flux-system
path: ./deploy/flux/config
prune: true
24 changes: 24 additions & 0 deletions deploy/flux/ocm-controller/controller.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: OCIRepository
metadata:
name: ocm-controller
namespace: flux-system
spec:
interval: 15m
url: oci://ghcr.io/open-component-model/helm/ocm-controller
ref:
semver: "v0.24.1"
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: ocm-controller
namespace: flux-system
spec:
interval: 30m
chartRef:
kind: OCIRepository
name: ocm-controller
install:
createNamespace: true
targetNamespace: ocm-system
6 changes: 6 additions & 0 deletions deploy/flux/ocm-controller/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- controller.yaml
- ocm-system_certificate.yaml
4 changes: 4 additions & 0 deletions deploy/flux/ocm-controller/namespace.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: ocm-system
21 changes: 21 additions & 0 deletions deploy/flux/ocm-controller/ocm-system_certificate.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: ocm-registry-tls-certs
namespace: ocm-system
spec:
secretName: ocm-registry-tls-certs
dnsNames:
- registry.ocm-system.svc.cluster.local
- localhost
ipAddresses:
- 127.0.0.1
- ::1
privateKey:
algorithm: RSA
encoding: PKCS8
size: 2048
issuerRef:
name: ocm-certificate-issuer
kind: ClusterIssuer
group: cert-manager.io
14 changes: 14 additions & 0 deletions deploy/flux/script.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
#!/usr/bin/env bash

# setup flux cluster reconilication

flux create source git flux-system \
--url=https://github.com/open-component-model/ocm-controller \
--branch=${BRANCH} \
--username=${GITHUB_USER} \
--password=${GITHUB_TOKEN} \
--ignore-paths="clusters/**/flux-system/"

flux create kustomization flux-system \
--source=flux-system \
--path=./deploy/flux/infra
2 changes: 1 addition & 1 deletion deploy/templates/deployment_manager.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: ocm-controller
namespace: {{ .Values.global.namespace }}
namespace: {{ .Release.Namespace }}
labels:
control-plane: controller
app: ocm-controller
Expand Down
2 changes: 1 addition & 1 deletion deploy/templates/deployment_registry.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: registry
namespace: {{ .Values.global.namespace }}
namespace: {{ .Release.Namespace }}
labels:
app: registry
spec:
Expand Down
2 changes: 1 addition & 1 deletion deploy/templates/leader_election_role.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ocm-leader-election-role
namespace: {{ .Values.global.namespace }}
namespace: {{ .Release.Namespace }}
rules:
- apiGroups:
- ""
Expand Down
5 changes: 3 additions & 2 deletions deploy/templates/leader_election_role_binding.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,13 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ocm-leader-election-rolebinding
namespace: {{ .Values.global.namespace }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ocm-leader-election-role
subjects:
- kind: ServiceAccount
name: ocm-controller
namespace: {{ .Values.global.namespace }}
namespace: {{ .Release.Namespace }}

2 changes: 1 addition & 1 deletion deploy/templates/monitor.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ metadata:
app.kubernetes.io/part-of: ocm-controller
app.kubernetes.io/managed-by: helm
name: ocm-controller-metrics-monitor
namespace: {{ .Values.global.namespace }}
namespace: {{ .Release.Namespace }}
spec:
endpoints:
- path: /metrics
Expand Down
2 changes: 1 addition & 1 deletion deploy/templates/role_binding.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,4 +9,4 @@ roleRef:
subjects:
- kind: ServiceAccount
name: ocm-controller
namespace: {{ .Values.global.namespace }}
namespace: {{ .Release.Namespace }}
2 changes: 1 addition & 1 deletion deploy/templates/service_account.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: ocm-controller
namespace: {{ .Values.global.namespace }}
namespace: {{ .Release.Namespace }}
2 changes: 1 addition & 1 deletion deploy/templates/service_monitoring.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ metadata:
app.kubernetes.io/created-by: ocm-controller
app.kubernetes.io/part-of: ocm-controller
app.kubernetes.io/managed-by: kustomize
namespace: {{ .Values.global.namespace }}
namespace: {{ .Release.Namespace }}
spec:
ports:
- port: 8080
Expand Down
2 changes: 1 addition & 1 deletion deploy/templates/service_registry.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v1
kind: Service
metadata:
name: registry
namespace: {{ .Values.global.namespace }}
namespace: {{ .Release.Namespace }}
spec:
selector:
app: registry
Expand Down
3 changes: 0 additions & 3 deletions deploy/values.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,5 @@
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global:
namespace: ocm-system

registry:
address: registry.ocm-system.svc.cluster.local:5000
tls:
Expand Down

0 comments on commit 1707e8e

Please sign in to comment.