k8s: Provide tools and checker for deploy templates

This change introduces a few related changes: - replace the templates in deploy/* with templates generated using the helm charts - provide a script that can be used to regenerate the templates - add a job that can be used to verify that the generated templates are consistent with the helm chart - add roles access so that operator sub-installer has correct permissions After this, our helm chart and the generated templates should stay in sync with each other and will be bound by the underlying test. Change-Id: Ib77c70382fdbb251073f8696a9a99bce88798278
2022-12-01 13:13:31 -08:00 · 2022-12-01 13:13:31 -08:00 · 6227159cb4
parent 938a4751f4
commit 6227159cb4
6 changed files with 104 additions and 24 deletions
--- a/.zuul.yaml
+++ b/.zuul.yaml
@ -121,6 +121,17 @@
      helm_charts: [helm/zuul-operator]
      helm_version: 3.10.1

+- job:
+    description: Verify generated templates
+    name: zuul-operator-templates
+    files:
+      - helm/.*
+      - deploy/.*
+    vars:
+      helm_version: 3.10.1
+    pre-run: playbooks/templates/pre.yaml
+    run: playbooks/templates/run.yaml
+
 - project:
    check:
      jobs:
@ -128,6 +139,7 @@
        - zuul-nox-docs
        - zuul-operator-helm-lint
        - zuul-operator-build-image
+        - zuul-operator-templates
        - zuul-operator-functional-k8s-template:
            dependencies: zuul-operator-build-image
        - zuul-operator-functional-k8s-helm:
@ -138,6 +150,7 @@
        - zuul-nox-docs
        - zuul-operator-helm-lint
        - zuul-operator-upload-image
+        - zuul-operator-templates
        - zuul-operator-functional-k8s-template:
            dependencies: zuul-operator-upload-image
        - zuul-operator-functional-k8s-helm:
--- a/deploy/operator-cluster-admin.yaml
+++ b/deploy/operator-cluster-admin.yaml
@ -2,15 +2,19 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: zuul-operator
+  name: my-zuul-operator
+  labels:
+    app.kubernetes.io/name: zuul-operator
+    app.kubernetes.io/instance: my
+    app.kubernetes.io/version: "8.0.0"
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: zuul-operator
+  name: my-zuul-operator
 subjects:
 - kind: ServiceAccount
-  name: zuul-operator
+  name: my-zuul-operator
  namespace: default
 roleRef:
  kind: ClusterRole
@ -20,22 +24,28 @@ roleRef:
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: zuul-operator
+  name: my-zuul-operator
+  labels:
+    app.kubernetes.io/name: zuul-operator
+    app.kubernetes.io/instance: my
+    app.kubernetes.io/version: "8.0.0"
 spec:
  replicas: 1
  selector:
    matchLabels:
-      name: zuul-operator
+      app.kubernetes.io/name: zuul-operator
+      app.kubernetes.io/instance: my
  template:
    metadata:
      labels:
-        name: zuul-operator
+        app.kubernetes.io/name: zuul-operator
+        app.kubernetes.io/instance: my
    spec:
-      serviceAccountName: zuul-operator
+      serviceAccountName: my-zuul-operator
      containers:
-        - name: operator
-          image: "docker.io/zuul/zuul-operator"
-          imagePullPolicy: "IfNotPresent"
+        - name: zuul-operator
+          image: "docker.io/zuul/zuul-operator:latest"
+          imagePullPolicy: IfNotPresent
          env:
            - name: ZUUL_IMAGE_VERSION
-              value: latest
+              value: "latest"
--- a/deploy/operator.yaml
+++ b/deploy/operator.yaml
@ -2,12 +2,16 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: zuul-operator
+  name: my-zuul-operator
+  labels:
+    app.kubernetes.io/name: zuul-operator
+    app.kubernetes.io/instance: my
+    app.kubernetes.io/version: "8.0.0"
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: zuul-operator
+  name: my-zuul-operator
 rules:
 - apiGroups:
  - ""
@ -134,35 +138,41 @@ rules:
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: zuul-operator
+  name: my-zuul-operator
 subjects:
 - kind: ServiceAccount
-  name: zuul-operator
+  name: my-zuul-operator
  namespace: default
 roleRef:
  kind: ClusterRole
-  name: zuul-operator
+  name: my-zuul-operator
  apiGroup: rbac.authorization.k8s.io
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: zuul-operator
+  name: my-zuul-operator
+  labels:
+    app.kubernetes.io/name: zuul-operator
+    app.kubernetes.io/instance: my
+    app.kubernetes.io/version: "8.0.0"
 spec:
  replicas: 1
  selector:
    matchLabels:
-      name: zuul-operator
+      app.kubernetes.io/name: zuul-operator
+      app.kubernetes.io/instance: my
  template:
    metadata:
      labels:
-        name: zuul-operator
+        app.kubernetes.io/name: zuul-operator
+        app.kubernetes.io/instance: my
    spec:
-      serviceAccountName: zuul-operator
+      serviceAccountName: my-zuul-operator
      containers:
-        - name: operator
-          image: "docker.io/zuul/zuul-operator"
-          imagePullPolicy: "IfNotPresent"
+        - name: zuul-operator
+          image: "docker.io/zuul/zuul-operator:latest"
+          imagePullPolicy: IfNotPresent
          env:
            - name: ZUUL_IMAGE_VERSION
-              value: latest
+              value: "latest"
--- a/playbooks/templates/pre.yaml
+++ b/playbooks/templates/pre.yaml
@ -0,0 +1,3 @@
+- hosts: all
+  roles:
+    - role: ensure-helm
--- a/playbooks/templates/run.yaml
+++ b/playbooks/templates/run.yaml
@ -0,0 +1,18 @@
+- hosts: all
+  tasks:
+    - name: Regenerate Templates
+      command: "tools/templates.sh"
+      args:
+        chdir: "{{ zuul.project.src_dir }}"
+
+    - name: Diff Against Baseline
+      command: "git diff"
+      args:
+        chdir: "{{ zuul.project.src_dir }}"
+      register: template_diff_result
+      failed_when: template_diff_result.stdout != ""
+
+    - name: Check diff output
+      fail:
+        msg: "Regenerated template is different: {{ template_diff_result.stdout }}"
+      when: template_diff_result.stdout != ""
--- a/tools/templates.sh
+++ b/tools/templates.sh
@ -0,0 +1,26 @@
+#!/bin/bash
+
+helm template --set-string image.tag=latest \
+     --set-string zuulImageVersion=latest \
+     --set-string serviceAccount.clusterAdmin=true \
+     --set-string cert-manager.operatorManaged=true \
+     --set-string pxc-operator.operatorManaged=true \
+     --namespace default \
+     my helm/zuul-operator \
+    | grep -v 'helm.sh/chart' \
+    | grep -v 'Helm' \
+    | grep -v '# Source:' \
+	   > deploy/operator-cluster-admin.yaml
+
+helm template --set-string image.tag=latest \
+     --set-string zuulImageVersion=latest \
+     --set-string cert-manager.operatorManaged=true \
+     --set-string pxc-operator.operatorManaged=true\
+     --namespace default \
+     my helm/zuul-operator \
+    | grep -v 'helm.sh/chart' \
+    | grep -v 'Helm' \
+    | grep -v '# Source:' \
+	   > deploy/operator.yaml
+
+cp helm/zuul-operator/crds/010-Crd-zuul.yaml deploy/crds/zuul-ci_v1alpha2_zuul_crd.yaml