Externalize KRM function versions

Relates-To: #524
Signed-off-by: Sean Eagan <seaneagan1@gmail.com>
Change-Id: I7e811835ae1e5ab2cab65c398c53126f3a632405

docs/source/plugins.md

@@ -220,7 +220,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |
       container:
-        image: quay.io/airshipit/templater:v2
+        image: localhost/templater
 values:
   hosts:
   - macAddress: 00:aa:bb:cc:dd

krm-functions/replacement-transformer/local-resource/example-use.yaml

@@ -17,7 +17,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |-
       container:
-        image: quay.io/airshipit/replacement-transformer:v2
+        image: localhost/replacement-transformer
   name: k8scontrol-versions-replacements
 replacements:
 # Replace the Kubernetes version in the KubeadmControlPlane

krm-functions/templater/local-resource/example-use.yaml

@@ -15,7 +15,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |
       container:
-        image: quay.io/airshipit/templater:v2
+        image: localhost/templater
 values:
   hosts:
   - macAddress: 00:aa:bb:cc:dd

krm-functions/toolbox/README.md

@@ -30,7 +30,7 @@ The toolbox image has pre-installed `sh` shell,`kubectl` and `calicoctl`.
             airshipit.org/deploy-k8s: "false"
         spec:
           type: krm
-          image: quay.io/airshipit/toolbox:latest
+          image: localhost/toolbox
           hostNetwork: true
           envVars
             MY_ENV # airshipctl will populate this value from your current env, you can pass credentials like this

manifests/function/airshipctl-base-catalogues/env-vars-template.yaml

@@ -7,7 +7,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |-
       container:
-        image: quay.io/airshipit/templater:v2
+        image: localhost/templater
         envs:
           - HTTP_PROXY
           - HTTPS_PROXY

manifests/function/baremetal-operator/replacements/ironic-env-vars.yaml

@@ -6,7 +6,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |-
       container:
-        image: quay.io/airshipit/replacement-transformer:v2
+        image: localhost/replacement-transformer
 replacements:
 # Replace the proxy vars
 - source:

manifests/function/baremetal-operator/replacements/networking.yaml

@@ -6,7 +6,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |-
       container:
-        image: quay.io/airshipit/replacement-transformer:v2
+        image: localhost/replacement-transformer
 replacements:
 # Replace the pod & service networks
 - source:

manifests/function/baremetal-operator/replacements/versions.yaml

@@ -7,7 +7,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |-
       container:
-        image: quay.io/airshipit/replacement-transformer:v2
+        image: localhost/replacement-transformer
 replacements:
 # Container versions for the ironic Deployment
 - source:

manifests/function/bootstrap/replacements/remotedirect-vars.yaml

@@ -5,7 +5,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |-
       container:
-        image: quay.io/airshipit/replacement-transformer:v2
+        image: localhost/replacement-transformer
 replacements:
 - source:
     objref:

manifests/function/bootstrap/template.yaml

@@ -5,7 +5,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |
       container:
-        image: quay.io/airshipit/templater:v2
+        image: localhost/templater
         envs:
         - AIRSHIPCTL_EPHEMERAL_ISO_URL
 template: |

manifests/function/clusterctl/replacements/versions.yaml

@@ -6,7 +6,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |-
       container:
-        image: quay.io/airshipit/replacement-transformer:v2
+        image: localhost/replacement-transformer
 replacements:
 # Replace capm3 versions
 - source:

manifests/function/cni/tigera-operator/replacements/versions.yaml

@@ -5,7 +5,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |-
       container:
-        image: quay.io/airshipit/replacement-transformer:v2
+        image: localhost/replacement-transformer
 replacements:
 - source:
     objref:

manifests/function/ephemeral/replacements/ephemeral-env-vars.yaml

@@ -6,7 +6,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |-
       container:
-        image: quay.io/airshipit/replacement-transformer:v2
+        image: localhost/replacement-transformer
 replacements:
 # Replace the proxy vars
 - source:

manifests/function/ephemeral/replacements/generated-secrets.yaml

@@ -5,7 +5,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |-
       container:
-        image: quay.io/airshipit/replacement-transformer:v2
+        image: localhost/replacement-transformer
 replacements:
 - source:
     objref:

manifests/function/ephemeral/replacements/networking.yaml

@@ -6,7 +6,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |-
       container:
-        image: quay.io/airshipit/replacement-transformer:v2
+        image: localhost/replacement-transformer
 replacements:
 # Substring-replace the ephemeral control plane's info
 - source:

manifests/function/flux/helm-controller/replacements/versions.yaml

@@ -5,7 +5,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |-
       container:
-        image: quay.io/airshipit/replacement-transformer:v2
+        image: localhost/replacement-transformer
 replacements:
 - source:
     objref:

manifests/function/flux/source-controller/replacements/env-vars.yaml

@@ -6,7 +6,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |-
       container:
-        image: quay.io/airshipit/replacement-transformer:v2
+        image: localhost/replacement-transformer
 replacements:
 # Replace the proxy vars
 - source:

manifests/function/flux/source-controller/replacements/versions.yaml

@@ -5,7 +5,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |-
       container:
-        image: quay.io/airshipit/replacement-transformer:v2
+        image: localhost/replacement-transformer
 replacements:
 - source:
     objref:

manifests/function/generate-secrets-example/README.md

@@ -101,7 +101,7 @@ metadata:
 kustomizeSinkOutputDir: "target/encrypted/results/generated"
 spec:
   container:
-    image: quay.io/airshipit/templater:v2
+    image: localhost/templater
 config: |
   foo: bar
 ```

manifests/function/generate-secrets-example/secret-generation.yaml

@@ -5,7 +5,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |
       container:
-        image: quay.io/airshipit/templater:v2
+        image: localhost/templater
 values:
   clusterCa:
     cn: "Kubernetes API"

manifests/function/hardwareprofile-example/replacements/hosts.yaml

@@ -8,7 +8,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |-
       container:
-        image: quay.io/airshipit/replacement-transformer:v2
+        image: localhost/replacement-transformer
 replacements:
 - source:
     objref:

manifests/function/helm-chart-collator/replacements/versions.yaml

@@ -5,7 +5,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |-
       container:
-        image: quay.io/airshipit/replacement-transformer:v2
+        image: localhost/replacement-transformer
 replacements:
 - source:
     objref:

manifests/function/helm-operator/replacements/helm-operator-env-vars.yaml

@@ -6,7 +6,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |-
       container:
-        image: quay.io/airshipit/replacement-transformer:v2
+        image: localhost/replacement-transformer
 replacements:
 # Replace the proxy vars
 - source:

manifests/function/helm-operator/replacements/versions.yaml

@@ -5,7 +5,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |-
       container:
-        image: quay.io/airshipit/replacement-transformer:v2
+        image: localhost/replacement-transformer
 replacements:
 - source:
     objref:

manifests/function/hostgenerator-m3/hosttemplate.yaml

@@ -5,7 +5,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |-
       container:
-        image: quay.io/airshipit/templater:v2
+        image: localhost/templater
 
 values:
   # hosts:

manifests/function/hostgenerator-m3/replacements/hosts.yaml

@@ -7,7 +7,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |-
       container:
-        image: quay.io/airshipit/replacement-transformer:v2
+        image: localhost/replacement-transformer
 replacements:
 - source:
     objref:

manifests/function/hwcc/replacements/versions.yaml

@@ -5,7 +5,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |-
       container:
-        image: quay.io/airshipit/replacement-transformer:v2
+        image: localhost/replacement-transformer
 replacements:
 - source:
     objref:

manifests/function/k8scontrol/replacements/cluster.yaml

@@ -5,7 +5,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |-
       container:
-        image: quay.io/airshipit/replacement-transformer:v2
+        image: localhost/replacement-transformer
 replacements:
 - source:
     objref:

manifests/function/k8scontrol/replacements/generated-secrets.yaml

@@ -6,7 +6,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |-
       container:
-        image: quay.io/airshipit/replacement-transformer:v2
+        image: localhost/replacement-transformer
 replacements:
 - source:
     objref:

manifests/function/k8scontrol/replacements/k8scontrol-env-vars.yaml

@@ -6,7 +6,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |-
       container:
-        image: quay.io/airshipit/replacement-transformer:v2
+        image: localhost/replacement-transformer
 replacements:
 # Replace the proxy vars
 - source:

manifests/function/k8scontrol/replacements/networking.yaml

@@ -11,7 +11,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |-
       container:
-        image: quay.io/airshipit/replacement-transformer:v2
+        image: localhost/replacement-transformer
 replacements:
 # Replace the pod & service networks
 - source:

manifests/function/k8scontrol/replacements/versions.yaml

@@ -6,7 +6,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |-
       container:
-        image: quay.io/airshipit/replacement-transformer:v2
+        image: localhost/replacement-transformer
 replacements:
 # Replace the Kubernetes version in the KubeadmControlPlane
 - source:

manifests/function/validator/template.yaml

@@ -5,7 +5,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |
       container:
-        image: quay.io/airshipit/templater:v2
+        image: localhost/templater
         envs:
         - AIRSHIPCTL_CURRENT_PHASE
         - AIRSHIPCTL_CURRENT_PLAN

manifests/function/workers-capm3/replacements/generated-secrets.yaml

@@ -6,7 +6,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |-
       container:
-        image: quay.io/airshipit/replacement-transformer:v2
+        image: localhost/replacement-transformer
 replacements:
 - source:
     objref:

manifests/function/workers-capm3/replacements/workers-env-vars.yaml

@@ -6,7 +6,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |-
       container:
-        image: quay.io/airshipit/replacement-transformer:v2
+        image: localhost/replacement-transformer
 replacements:
 # Replace the proxy vars
 - source:

manifests/phases/executors.yaml

@@ -209,7 +209,7 @@ metadata:
     airshipit.org/deploy-k8s: "false"
 spec:
   type: krm
-  image: quay.io/airshipit/cloud-init:v2
+  image: localhost/cloud-init
   mounts:
     - type: bind
       src: /srv/images
@@ -282,7 +282,7 @@ metadata:
     airshipit.org/deploy-k8s: "false"
 spec:
   type: krm
-  image: quay.io/airshipit/toolbox:latest
+  image: localhost/toolbox
   hostNetwork: true
 configRef:
   kind: ConfigMap
@@ -297,7 +297,7 @@ metadata:
     airshipit.org/deploy-k8s: "false"
 spec:
   type: krm
-  image: quay.io/airshipit/toolbox:latest
+  image: localhost/toolbox
   hostNetwork: true
 configRef:
   kind: ConfigMap
@@ -312,7 +312,7 @@ metadata:
     airshipit.org/deploy-k8s: "false"
 spec:
   type: krm
-  image: quay.io/airshipit/toolbox:latest
+  image: localhost/toolbox
   hostNetwork: true
 configRef:
   kind: ConfigMap
@@ -327,7 +327,7 @@ metadata:
     airshipit.org/deploy-k8s: "false"
 spec:
   type: krm
-  image: quay.io/airshipit/toolbox:latest
+  image: localhost/toolbox
   hostNetwork: true
 configRef:
   kind: ConfigMap
@@ -342,7 +342,7 @@ metadata:
     airshipit.org/deploy-k8s: "false"
 spec:
   type: krm
-  image: quay.io/airshipit/toolbox:latest
+  image: localhost/toolbox
   hostNetwork: true
 configRef:
   kind: ConfigMap
@@ -357,7 +357,7 @@ metadata:
     airshipit.org/deploy-k8s: "false"
 spec:
   type: krm
-  image: quay.io/airshipit/toolbox:latest
+  image: localhost/toolbox
   hostNetwork: true
 configRef:
   kind: ConfigMap
@@ -372,7 +372,7 @@ metadata:
     airshipit.org/deploy-k8s: "false"
 spec:
   type: krm
-  image: quay.io/airshipit/kubeval-validator:latest
+  image: localhost/kubeval-validator
   envVars:
     - VALIDATOR_PREVENT_CLEANUP # Validator won't cleanup its working directory after finish
     - VALIDATOR_PLAN_VALIDATION # Validator will not use phase-specific settings for validation
@@ -397,7 +397,7 @@ kind: GenericContainer
 metadata:
   name: kubectl-pause-bmh
 spec:
-  image: quay.io/airshipit/toolbox:latest
+  image: localhost/toolbox
   hostNetwork: true
   envVars:
   - RESOURCE_GROUP_FILTER=metal3.io
@@ -413,7 +413,7 @@ kind: GenericContainer
 metadata:
   name: kubectl-wait-cluster
 spec:
-  image: quay.io/airshipit/toolbox:latest
+  image: localhost/toolbox
   hostNetwork: true
   envVars:
     - RESOURCE_GROUP_FILTER=cluster.x-k8s.io

manifests/site/test-site/kubeconfig/update-target.yaml

@@ -5,7 +5,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |-
       container:
-        image: quay.io/airshipit/replacement-transformer:v2
+        image: localhost/replacement-transformer
 replacements:
 - source:
     objref:

manifests/type/gating/target/decrypt-secrets/configurable-decryption.yaml

@@ -5,7 +5,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |
       container:
-        image: quay.io/airshipit/templater:v2
+        image: localhost/templater
         envs:
         - TOLERATE_DECRYPTION_FAILURES
         - DEBUG_SOPS_GPG

manifests/type/gating/target/generator/secret-template.yaml

@@ -5,7 +5,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |
       container:
-        image: quay.io/airshipit/templater:v2
+        image: localhost/templater
 values:
   sshKeyGen:
     encBit: 4096

manifests/type/gating/target/workload/ingress/replacements/versions.yaml

@@ -5,7 +5,7 @@ metadata:
   annotations:
     config.kubernetes.io/function: |-
       container:
-        image: quay.io/airshipit/replacement-transformer:v2
+        image: localhost/replacement-transformer
 replacements:
 - source:
     objref:

tools/deployment/21_systemwide_executable.sh

@@ -35,3 +35,31 @@ else
   echo "Airshipctl version"
   airshipctl version
 fi
+
+# Outside of releases, the airshipctl/treasuremap manifests reference krm functions via
+# local-only image tags, specifically `localhost/<function name>`, so that we can
+# set them externally in a single place (below parameters/logic), rather than maintaining
+# explicit versions directly in the manifests. By default, these parameters
+# reference the krm functions built above via `make images`, so that treasuremap
+# and other downstream consumers can easily use the krm function versions matching
+# the version of airshipctl that they are installing via this script.
+export AIRSHIP_KRM_FUNCTION_REPO=${AIRSHIP_KRM_FUNCTION_REPO:-"quay.io/airshipit"}
+export AIRSHIP_KRM_FUNCTION_TAG=${AIRSHIP_KRM_FUNCTION_TAG:-"latest"}
+export SOPS_KRM_FUNCTION=${SOPS_KRM_FUNCTION:-"gcr.io/kpt-fn-contrib/sops:v0.1.0"}
+
+echo "Resolve krm function versions"
+
+set_krm_function () {
+  if [[ "$(docker images -q "$2" 2> /dev/null)" == "" ]]; then
+    docker pull "$2"
+  fi
+  docker tag "$2" "localhost/$1"
+}
+
+for FUNC in $(cd krm-functions; echo */ | tr -d /)
+do
+  IMG="${AIRSHIP_KRM_FUNCTION_REPO}/${FUNC}:${AIRSHIP_KRM_FUNCTION_TAG}"
+  set_krm_function "$FUNC" "$IMG"
+done
+
+set_krm_function "sops" "$SOPS_KRM_FUNCTION"

tools/deployment/update-krm-images

@@ -21,17 +21,23 @@ set -xe
 
 export MANIFEST_DIR=${MANIFEST_DIR:-"$(pwd)"}
 
-export OLD_REPLACEMENT_TRANSFORMER=${OLD_REPLACEMENT_TRANSFORMER:-"quay.io/airshipit/replacement-transformer:v2"}
-export OLD_TEMPLATER=${OLD_TEMPLATER:-"quay.io/airshipit/templater:v2"}
-export OLD_CLOUD_INIT=${OLD_CLOUD_INIT:-"quay.io/airshipit/cloud-init:v2"}
+export OLD_REPLACEMENT_TRANSFORMER=${OLD_REPLACEMENT_TRANSFORMER:-"localhost/replacement-transformer"}
+export OLD_TEMPLATER=${OLD_TEMPLATER:-"localhost/templater"}
+export OLD_CLOUD_INIT=${OLD_CLOUD_INIT:-"localhost/cloud-init"}
+export OLD_TOOLBOX=${OLD_TOOLBOX:-"localhost/toolbox"}
+export OLD_KUBEVAL_VALIDATOR=${OLD_KUBEVAL_VALIDATOR:-"localhost/kubeval-validator"}
 export OLD_SOPS=${OLD_SOPS:-"gcr.io/kpt-fn-contrib/sops:v0.1.0"}
 
 export NEW_REPLACEMENT_TRANSFORMER=${NEW_REPLACEMENT_TRANSFORMER:-$OLD_REPLACEMENT_TRANSFORMER}
 export NEW_TEMPLATER=${NEW_TEMPLATER:-$OLD_TEMPLATER}
 export NEW_CLOUD_INIT=${NEW_CLOUD_INIT:-$OLD_CLOUD_INIT}
+export NEW_TOOLBOX=${NEW_TOOLBOX:-$OLD_TOOLBOX}
+export NEW_KUBEVAL_VALIDATOR=${NEW_KUBEVAL_VALIDATOR:-$OLD_KUBEVAL_VALIDATOR}
 export NEW_SOPS=${NEW_SOPS:-$OLD_SOPS}
 
 find "$MANIFEST_DIR" -type f -exec sed -i -e "s#$OLD_REPLACEMENT_TRANSFORMER#$NEW_REPLACEMENT_TRANSFORMER#g" {} \;
 find "$MANIFEST_DIR" -type f -exec sed -i -e "s#$OLD_TEMPLATER#$NEW_TEMPLATER#g" {} \;
 find "$MANIFEST_DIR" -type f -exec sed -i -e "s#$OLD_CLOUD_INIT#$NEW_CLOUD_INIT#g" {} \;
+find "$MANIFEST_DIR" -type f -exec sed -i -e "s#$OLD_TOOLBOX#$NEW_TOOLBOX#g" {} \;
+find "$MANIFEST_DIR" -type f -exec sed -i -e "s#$OLD_KUBEVAL_VALIDATOR#$NEW_KUBEVAL_VALIDATOR#g" {} \;
 find "$MANIFEST_DIR" -type f -exec sed -i -e "s#$OLD_SOPS#$NEW_SOPS#g" {} \;