diff --git a/Makefile b/Makefile index 0a86848f..71e9c101 100644 --- a/Makefile +++ b/Makefile @@ -99,9 +99,7 @@ helm-test: kind helm-test-exec: ct helm-controller-version ko-build-all $(MAKE) e2e-load-image CLUSTER_NAME=capsule-charts IMAGE=$(CAPSULE_IMG) VERSION=v0.0.0 @$(KUBECTL) create ns capsule-system || true - @$(KUBECTL) apply --force-conflicts --server-side=true -f https://github.com/grafana/grafana-operator/releases/download/v5.18.0/crds.yaml - @$(KUBECTL) apply --force-conflicts --server-side=true -f https://github.com/cert-manager/cert-manager/releases/download/v1.9.1/cert-manager.crds.yaml - @$(KUBECTL) apply --force-conflicts --server-side=true -f https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.58.0/bundle.yaml + $(MAKE) dev-install-deps @$(CT) install --config $(SRC_ROOT)/.github/configs/ct.yaml --namespace=capsule-system --all --debug # Setup development env @@ -113,12 +111,27 @@ dev-build: kind dev-destroy: kind $(KIND) delete cluster --name capsule +dev-install-deps: dev-setup-fluxcd dev-setup-cert-manager dev-install-gw-api-crds dev-install-grafana-operator-crds dev-install-prometheus-crds wait-for-helmreleases + API_GW := none API_GW_VERSION := v1.3.0 API_GW_LOOKUP := kubernetes-sigs/gateway-api -dev-install-deps: +dev-install-gw-api-crds: @$(KUBECTL) apply --force-conflicts --server-side=true -f https://github.com/$(API_GW_LOOKUP)/releases/download/$(API_GW_VERSION)/standard-install.yaml +GRAFANA := none +GRAFANA_VERSION := v5.18.0 +GRAFANA_LOOKUP := grafana/grafana-operator +dev-install-grafana-operator-crds: + @$(KUBECTL) apply --force-conflicts --server-side=true -f https://github.com/grafana/grafana-operator/releases/download/$(GRAFANA_VERSION)/crds.yaml + +PROMETHEUS := none +PROMETHEUS_VERSION := v0.58.0 +PROMETHEUS_LOOKUP := prometheus-operator/prometheus-operator +dev-install-prometheus-crds: + @$(KUBECTL) apply --force-conflicts --server-side=true -f https://github.com/prometheus-operator/prometheus-operator/releases/download/$(PROMETHEUS_VERSION)/bundle.yaml + + # Usage: # LAPTOP_HOST_IP= make dev-setup # For example: @@ -191,9 +204,13 @@ dev-setup-argocd: dev-setup-fluxcd @printf " \033[1mkubectl get secret -n argocd argocd-initial-admin-secret -o jsonpath='{.data.password}' | base64 -d\033[0m\n\n" @printf " \033[1mkubectl port-forward svc/argocd-server 9091:80 -n argocd\033[0m\n\n" +dev-setup-cert-manager: + @$(KUBECTL) kustomize --load-restrictor='LoadRestrictionsNone' hack/distro/cert-manager | envsubst | kubectl apply -f - + dev-setup-fluxcd: @$(KUBECTL) kustomize --load-restrictor='LoadRestrictionsNone' hack/distro/fluxcd | envsubst | kubectl apply -f - + # Here to setup the current capsule version # Intended to test updates to new version dev-setup-capsule: dev-setup-fluxcd @@ -307,6 +324,7 @@ e2e-install: ko-build-all --install \ --namespace capsule-system \ --create-namespace \ + --set 'replicaCount=2'\ --set 'manager.image.pullPolicy=Never' \ --set 'manager.resources=null'\ --set "manager.image.tag=$(VERSION)" \ diff --git a/charts/capsule/README.md b/charts/capsule/README.md index 72cbb533..6f3f763e 100644 --- a/charts/capsule/README.md +++ b/charts/capsule/README.md @@ -67,7 +67,7 @@ The following Values have changed key or Value: |-----|------|---------|-------------| | affinity | object | `{}` | Set affinity rules for the Capsule pod | | certManager.additionalSANS | list | `[]` | Specify additional SANS to add to the certificate | -| certManager.generateCertificates | bool | `false` | Specifies whether capsule webhooks certificates should be generated using cert-manager | +| certManager.generateCertificates | bool | `true` | Specifies whether capsule webhooks certificates should be generated using cert-manager | | customAnnotations | object | `{}` | Additional annotations which will be added to all resources created by Capsule helm chart | | customLabels | object | `{}` | Additional labels which will be added to all resources created by Capsule helm chart | | extraManifests | list | `[]` | Array of additional resources to be created alongside Capsule helm chart | @@ -89,8 +89,8 @@ The following Values have changed key or Value: | serviceAccount.annotations | object | `{}` | Annotations to add to the service account. | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created. | | serviceAccount.name | string | `""` | The name of the service account to use. If not set and `serviceAccount.create=true`, a name is generated using the fullname template | -| tls.create | bool | `true` | When cert-manager is disabled, Capsule will generate the TLS certificate for webhook and CRDs conversion. | -| tls.enableController | bool | `true` | Start the Capsule controller that injects the CA into mutating and validating webhooks, and CRD as well. | +| tls.create | bool | `false` | When cert-manager is disabled, Capsule will generate the TLS certificate for webhook and CRDs conversion. | +| tls.enableController | bool | `false` | Start the Capsule controller that injects the CA into mutating and validating webhooks, and CRD as well. | | tls.name | string | `""` | Override name of the Capsule TLS Secret name when externally managed. | | tolerations | list | `[]` | Set list of tolerations for the Capsule pod | | topologySpreadConstraints | list | `[]` | Set topology spread constraints for the Capsule pod | diff --git a/charts/capsule/ci/ha-values.yaml b/charts/capsule/ci/ha-values.yaml new file mode 100644 index 00000000..abc7300c --- /dev/null +++ b/charts/capsule/ci/ha-values.yaml @@ -0,0 +1,4 @@ +replicaCount: 2 +manager: + extraArgs: + - "--enable-leader-election=true" diff --git a/charts/capsule/values.yaml b/charts/capsule/values.yaml index ce22c5a7..a0076b5d 100644 --- a/charts/capsule/values.yaml +++ b/charts/capsule/values.yaml @@ -83,9 +83,9 @@ crds: # Secret Options tls: # -- Start the Capsule controller that injects the CA into mutating and validating webhooks, and CRD as well. - enableController: true + enableController: false # -- When cert-manager is disabled, Capsule will generate the TLS certificate for webhook and CRDs conversion. - create: true + create: false # -- Override name of the Capsule TLS Secret name when externally managed. name: "" @@ -320,7 +320,7 @@ serviceAccount: certManager: # -- Specifies whether capsule webhooks certificates should be generated using cert-manager - generateCertificates: false + generateCertificates: true # -- Specify additional SANS to add to the certificate additionalSANS: [] # -- Additional labels which will be added to all resources created by Capsule helm chart diff --git a/hack/distro/cert-manager/kustomization.yaml b/hack/distro/cert-manager/kustomization.yaml new file mode 100644 index 00000000..7fcbf108 --- /dev/null +++ b/hack/distro/cert-manager/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - release.flux.yaml diff --git a/hack/distro/cert-manager/release.flux.yaml b/hack/distro/cert-manager/release.flux.yaml new file mode 100644 index 00000000..c480e9b0 --- /dev/null +++ b/hack/distro/cert-manager/release.flux.yaml @@ -0,0 +1,42 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: cert-manager + namespace: flux-system +spec: + serviceAccountName: kustomize-controller + interval: 15s + timeout: 10m + targetNamespace: cert-manager + releaseName: "cert-manager" + chart: + spec: + chart: cert-manager + version: "1.19.2" + sourceRef: + kind: HelmRepository + name: cert-manager + interval: 24h + install: + createNamespace: true + remediation: + retries: -1 + upgrade: + remediation: + remediateLastFailure: true + retries: -1 + driftDetection: + mode: enabled + values: + crds: + enabled: true +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: cert-manager + namespace: flux-system +spec: + interval: 24h0m0s + url: https://charts.jetstack.io