Merge pull request #86 from projectsyn/feat/additional-root-apps

Generate config map `additional-root-apps`

.cruft.json

@@ -7,11 +7,11 @@
       "name": "Steward",
       "slug": "steward",
       "parameter_key": "steward",
-      "test_cases": "defaults",
+      "test_cases": "defaults syn-teams",
       "add_lib": "n",
       "add_pp": "n",
       "add_golden": "y",
-      "add_matrix": "n",
+      "add_matrix": "y",
       "add_go_unit": "n",
       "automerge_patch": "y",
       "automerge_patch_v0": "n",

.github/workflows/test.yaml

@@ -29,6 +29,11 @@ jobs:
           args: 'check'
   test:
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        instance:
+          - defaults
+          - syn-teams
     defaults:
       run:
         working-directory: ${{ env.COMPONENT_NAME }}
@@ -37,9 +42,14 @@ jobs:
         with:
           path: ${{ env.COMPONENT_NAME }}
       - name: Compile component
-        run: make test
+        run: make test -e instance=${{ matrix.instance }}
   golden:
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        instance:
+          - defaults
+          - syn-teams
     defaults:
       run:
         working-directory: ${{ env.COMPONENT_NAME }}
@@ -48,4 +58,4 @@ jobs:
         with:
           path: ${{ env.COMPONENT_NAME }}
       - name: Golden diff
-        run: make golden-diff
+        run: make golden-diff -e instance=${{ matrix.instance }}

.gitignore

@@ -19,3 +19,4 @@
 /_public
 
 # Additional entries
+jsonnetfile.json

Makefile

@@ -69,6 +69,22 @@ golden-diff: commodore_args += -f tests/$(instance).yml
 golden-diff: clean .compile ## Diff compile output against the reference version. Review output and run `make gen-golden golden-diff` if this target fails.
 	@git diff --exit-code --minimal --no-index -- tests/golden/$(instance) compiled/
 
+.PHONY: golden-diff-all
+golden-diff-all: recursive_target=golden-diff
+golden-diff-all: $(test_instances) ## Run golden-diff for all instances. Note: this doesn't work when running make with multiple parallel jobs (-j != 1).
+
+.PHONY: gen-golden-all
+gen-golden-all: recursive_target=gen-golden
+gen-golden-all: $(test_instances) ## Run gen-golden for all instances. Note: this doesn't work when running make with multiple parallel jobs (-j != 1).
+
+.PHONY: lint_kubent_all
+lint_kubent_all: recursive_target=lint_kubent
+lint_kubent_all: $(test_instances) ## Lint deprecated Kubernetes API versions for all golden test instances. Will exit on first error. Note: this doesn't work when running make with multiple parallel jobs (-j != 1).
+
+.PHONY: $(test_instances)
+$(test_instances):
+	$(MAKE) $(recursive_target) -e instance=$(basename $(@F))
+
 .PHONY: clean
 clean: ## Clean the project
 	rm -rf .cache compiled dependencies vendor helmcharts jsonnetfile*.json || true

Makefile.vars.mk

@@ -56,3 +56,4 @@ KUBENT_IMAGE    ?= ghcr.io/doitintl/kube-no-trouble:latest
 KUBENT_DOCKER   ?= $(DOCKER_CMD) $(DOCKER_ARGS) $(root_volume) --entrypoint=/app/kubent $(KUBENT_IMAGE)
 
 instance ?= defaults
+test_instances = tests/defaults.yml tests/syn-teams.yml

component/main.jsonnet

@@ -2,6 +2,8 @@
 local com = import 'lib/commodore.libjsonnet';
 local kap = import 'lib/kapitan.libjsonnet';
 local kube = import 'lib/kube.libjsonnet';
+local syn_teams = import 'syn/syn-teams.libsonnet';
+
 local inv = kap.inventory();
 // The hiera parameters for the component
 local params = inv.parameters.steward;
@@ -86,9 +88,24 @@ local additionalFacts = kube.ConfigMap('additional-facts') {
   ),
 };
 
+local additionalRootApps =
+  kube.ConfigMap('additional-root-apps') {
+    metadata+: {
+      namespace: params.namespace,
+      labels: {
+        'app.kubernetes.io/name': 'steward',
+        'app.kubernetes.io/managed-by': 'syn',
+      },
+    },
+    data: {
+      teams: std.manifestJsonMinified(syn_teams.teams()),
+    },
+  };
+
 {
   '01_rbac': [ cluster_role, service_account, cluster_role_binding ],
   '05_secret': secret,
   '10_deployment': deployment,
   '20_additional_facts': additionalFacts,
+  '20_additional_root_apps': additionalRootApps,
 }

jsonnetfile.jsonnet

@@ -0,0 +1,16 @@
+{
+  version: 1,
+  dependencies: [
+    {
+      source: {
+        git: {
+          remote: 'https://github.com/projectsyn/jsonnet-libs',
+          subdir: '',
+        },
+      },
+      version: 'main',
+      name: 'syn',
+    },
+  ],
+  legacyImports: true,
+}

renovate.json

@@ -13,7 +13,7 @@
   "separateMinorPatch": true,
   "postUpgradeTasks": {
     "commands": [
-      "make gen-golden"
+      "make gen-golden-all"
     ],
     "fileFilters": [
       "tests/golden/**"

tests/golden/defaults/steward/steward/20_additional_root_apps.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+data:
+  teams: '[]'
+kind: ConfigMap
+metadata:
+  annotations: {}
+  labels:
+    app.kubernetes.io/managed-by: syn
+    app.kubernetes.io/name: steward
+  name: additional-root-apps
+  namespace: syn

tests/golden/syn-teams/steward/steward/01_rbac.yaml

@@ -0,0 +1,43 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  annotations: {}
+  labels:
+    name: syn-admin
+  name: syn-admin
+rules:
+  - apiGroups:
+      - '*'
+    resources:
+      - '*'
+    verbs:
+      - '*'
+  - nonResourceURLs:
+      - '*'
+    verbs:
+      - '*'
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  annotations: {}
+  labels:
+    name: steward
+  name: steward
+  namespace: syn
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  annotations: {}
+  labels:
+    name: syn-steward
+  name: syn-steward
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: syn-admin
+subjects:
+  - kind: ServiceAccount
+    name: steward
+    namespace: syn

tests/golden/syn-teams/steward/steward/05_secret.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+data:
+  token: ''
+kind: Secret
+metadata:
+  annotations: {}
+  labels:
+    name: steward
+  name: steward
+  namespace: syn
+stringData:
+  token: t-silent-test-1234/c-green-test-1234/steward/token
+type: Opaque

tests/golden/syn-teams/steward/steward/10_deployment.yaml

@@ -0,0 +1,70 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations: {}
+  labels:
+    app.kubernetes.io/managed-by: syn
+    app.kubernetes.io/name: steward
+  name: steward
+  namespace: syn
+spec:
+  minReadySeconds: 30
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app.kubernetes.io/managed-by: syn
+      app.kubernetes.io/name: steward
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      annotations: {}
+      labels:
+        app.kubernetes.io/managed-by: syn
+        app.kubernetes.io/name: steward
+    spec:
+      containers:
+        - args: []
+          env:
+            - name: STEWARD_API
+              value: https://api.syn.vshn.net/
+            - name: STEWARD_ARGO_IMAGE
+              value: quay.io/argoproj/argocd:v2.13.3@sha256:42a488667bc07b70b16a672f632a5d3f484a262ae5f66b5d161c5be2d905db2f
+            - name: STEWARD_CLUSTER_ID
+              value: c-green-test-1234
+            - name: STEWARD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+            - name: STEWARD_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  key: token
+                  name: steward
+          image: docker.io/projectsyn/steward:v0.11.1@sha256:dba13cfdfdf6c1db4ed7bbef109d44ab1d6b16fa70e1835c33b97b9ae64b1af9
+          imagePullPolicy: Always
+          name: steward
+          ports: []
+          resources:
+            limits:
+              cpu: 200m
+              memory: 64Mi
+            requests:
+              cpu: 100m
+              memory: 32Mi
+          securityContext:
+            runAsNonRoot: true
+          stdin: false
+          tty: false
+          volumeMounts: []
+      imagePullSecrets: []
+      initContainers: []
+      priorityClassName: system-cluster-critical
+      serviceAccountName: steward
+      terminationGracePeriodSeconds: 30
+      volumes: []

tests/golden/syn-teams/steward/steward/20_additional_facts.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+data: {}
+kind: ConfigMap
+metadata:
+  annotations: {}
+  labels:
+    app.kubernetes.io/managed-by: syn
+    app.kubernetes.io/name: steward
+  name: additional-facts
+  namespace: syn

tests/golden/syn-teams/steward/steward/20_additional_root_apps.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+data:
+  teams: '["cool-glade","shy-thunder"]'
+kind: ConfigMap
+metadata:
+  annotations: {}
+  labels:
+    app.kubernetes.io/managed-by: syn
+    app.kubernetes.io/name: steward
+  name: additional-root-apps
+  namespace: syn

tests/syn-teams.yml

@@ -0,0 +1,26 @@
+applications:
+  - argocd
+  - metallb
+  - cert-manager
+  - keycloak as keycloak-dev
+  - keycloak as keycloak-prod
+  - steward
+
+parameters:
+  syn:
+    owner: sparkling-sound
+    teams:
+      cool-glade:
+        instances:
+          - keycloak-dev
+          - keycloak-prod
+      purple-smoke:
+        instances:
+          - ~rook-ceph
+      shy-thunder:
+        instances:
+          - cert-manager
+          - metallb
+      sparkling-sound:
+        instances:
+          - argocd