k8s: Provide tools and checker for deploy templates
This change introduces a few related changes: - replace the templates in deploy/* with templates generated using the helm charts - provide a script that can be used to regenerate the templates - add a job that can be used to verify that the generated templates are consistent with the helm chart - add roles access so that operator sub-installer has correct permissions After this, our helm chart and the generated templates should stay in sync with each other and will be bound by the underlying test. Change-Id: Ib77c70382fdbb251073f8696a9a99bce88798278
This commit is contained in:
parent
938a4751f4
commit
6227159cb4
13
.zuul.yaml
13
.zuul.yaml
|
@ -121,6 +121,17 @@
|
|||
helm_charts: [helm/zuul-operator]
|
||||
helm_version: 3.10.1
|
||||
|
||||
- job:
|
||||
description: Verify generated templates
|
||||
name: zuul-operator-templates
|
||||
files:
|
||||
- helm/.*
|
||||
- deploy/.*
|
||||
vars:
|
||||
helm_version: 3.10.1
|
||||
pre-run: playbooks/templates/pre.yaml
|
||||
run: playbooks/templates/run.yaml
|
||||
|
||||
- project:
|
||||
check:
|
||||
jobs:
|
||||
|
@ -128,6 +139,7 @@
|
|||
- zuul-nox-docs
|
||||
- zuul-operator-helm-lint
|
||||
- zuul-operator-build-image
|
||||
- zuul-operator-templates
|
||||
- zuul-operator-functional-k8s-template:
|
||||
dependencies: zuul-operator-build-image
|
||||
- zuul-operator-functional-k8s-helm:
|
||||
|
@ -138,6 +150,7 @@
|
|||
- zuul-nox-docs
|
||||
- zuul-operator-helm-lint
|
||||
- zuul-operator-upload-image
|
||||
- zuul-operator-templates
|
||||
- zuul-operator-functional-k8s-template:
|
||||
dependencies: zuul-operator-upload-image
|
||||
- zuul-operator-functional-k8s-helm:
|
||||
|
|
|
@ -2,15 +2,19 @@
|
|||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: zuul-operator
|
||||
name: my-zuul-operator
|
||||
labels:
|
||||
app.kubernetes.io/name: zuul-operator
|
||||
app.kubernetes.io/instance: my
|
||||
app.kubernetes.io/version: "8.0.0"
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: zuul-operator
|
||||
name: my-zuul-operator
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: zuul-operator
|
||||
name: my-zuul-operator
|
||||
namespace: default
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
|
@ -20,22 +24,28 @@ roleRef:
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: zuul-operator
|
||||
name: my-zuul-operator
|
||||
labels:
|
||||
app.kubernetes.io/name: zuul-operator
|
||||
app.kubernetes.io/instance: my
|
||||
app.kubernetes.io/version: "8.0.0"
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
name: zuul-operator
|
||||
app.kubernetes.io/name: zuul-operator
|
||||
app.kubernetes.io/instance: my
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
name: zuul-operator
|
||||
app.kubernetes.io/name: zuul-operator
|
||||
app.kubernetes.io/instance: my
|
||||
spec:
|
||||
serviceAccountName: zuul-operator
|
||||
serviceAccountName: my-zuul-operator
|
||||
containers:
|
||||
- name: operator
|
||||
image: "docker.io/zuul/zuul-operator"
|
||||
imagePullPolicy: "IfNotPresent"
|
||||
- name: zuul-operator
|
||||
image: "docker.io/zuul/zuul-operator:latest"
|
||||
imagePullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: ZUUL_IMAGE_VERSION
|
||||
value: latest
|
||||
value: "latest"
|
||||
|
|
|
@ -2,12 +2,16 @@
|
|||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: zuul-operator
|
||||
name: my-zuul-operator
|
||||
labels:
|
||||
app.kubernetes.io/name: zuul-operator
|
||||
app.kubernetes.io/instance: my
|
||||
app.kubernetes.io/version: "8.0.0"
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: zuul-operator
|
||||
name: my-zuul-operator
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
|
@ -134,35 +138,41 @@ rules:
|
|||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: zuul-operator
|
||||
name: my-zuul-operator
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: zuul-operator
|
||||
name: my-zuul-operator
|
||||
namespace: default
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: zuul-operator
|
||||
name: my-zuul-operator
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: zuul-operator
|
||||
name: my-zuul-operator
|
||||
labels:
|
||||
app.kubernetes.io/name: zuul-operator
|
||||
app.kubernetes.io/instance: my
|
||||
app.kubernetes.io/version: "8.0.0"
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
name: zuul-operator
|
||||
app.kubernetes.io/name: zuul-operator
|
||||
app.kubernetes.io/instance: my
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
name: zuul-operator
|
||||
app.kubernetes.io/name: zuul-operator
|
||||
app.kubernetes.io/instance: my
|
||||
spec:
|
||||
serviceAccountName: zuul-operator
|
||||
serviceAccountName: my-zuul-operator
|
||||
containers:
|
||||
- name: operator
|
||||
image: "docker.io/zuul/zuul-operator"
|
||||
imagePullPolicy: "IfNotPresent"
|
||||
- name: zuul-operator
|
||||
image: "docker.io/zuul/zuul-operator:latest"
|
||||
imagePullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: ZUUL_IMAGE_VERSION
|
||||
value: latest
|
||||
value: "latest"
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
- hosts: all
|
||||
roles:
|
||||
- role: ensure-helm
|
|
@ -0,0 +1,18 @@
|
|||
- hosts: all
|
||||
tasks:
|
||||
- name: Regenerate Templates
|
||||
command: "tools/templates.sh"
|
||||
args:
|
||||
chdir: "{{ zuul.project.src_dir }}"
|
||||
|
||||
- name: Diff Against Baseline
|
||||
command: "git diff"
|
||||
args:
|
||||
chdir: "{{ zuul.project.src_dir }}"
|
||||
register: template_diff_result
|
||||
failed_when: template_diff_result.stdout != ""
|
||||
|
||||
- name: Check diff output
|
||||
fail:
|
||||
msg: "Regenerated template is different: {{ template_diff_result.stdout }}"
|
||||
when: template_diff_result.stdout != ""
|
|
@ -0,0 +1,26 @@
|
|||
#!/bin/bash
|
||||
|
||||
helm template --set-string image.tag=latest \
|
||||
--set-string zuulImageVersion=latest \
|
||||
--set-string serviceAccount.clusterAdmin=true \
|
||||
--set-string cert-manager.operatorManaged=true \
|
||||
--set-string pxc-operator.operatorManaged=true \
|
||||
--namespace default \
|
||||
my helm/zuul-operator \
|
||||
| grep -v 'helm.sh/chart' \
|
||||
| grep -v 'Helm' \
|
||||
| grep -v '# Source:' \
|
||||
> deploy/operator-cluster-admin.yaml
|
||||
|
||||
helm template --set-string image.tag=latest \
|
||||
--set-string zuulImageVersion=latest \
|
||||
--set-string cert-manager.operatorManaged=true \
|
||||
--set-string pxc-operator.operatorManaged=true\
|
||||
--namespace default \
|
||||
my helm/zuul-operator \
|
||||
| grep -v 'helm.sh/chart' \
|
||||
| grep -v 'Helm' \
|
||||
| grep -v '# Source:' \
|
||||
> deploy/operator.yaml
|
||||
|
||||
cp helm/zuul-operator/crds/010-Crd-zuul.yaml deploy/crds/zuul-ci_v1alpha2_zuul_crd.yaml
|
Loading…
Reference in New Issue