diff --git a/.github/service-labeler.yaml b/.github/service-labeler.yaml index 850a8a98f5..90ff1836f1 100644 --- a/.github/service-labeler.yaml +++ b/.github/service-labeler.yaml @@ -46,6 +46,10 @@ services/gatekeeper: - changed-files: - any-glob-to-any-file: - services/gatekeeper/** +services/gateway-api-crds: +- changed-files: + - any-glob-to-any-file: + - services/gateway-api-crds/** services/git-operator: - changed-files: - any-glob-to-any-file: diff --git a/apptests/appscenarios/traefik.go b/apptests/appscenarios/traefik.go index 4d30f56ca5..5f3b50eb0f 100644 --- a/apptests/appscenarios/traefik.go +++ b/apptests/appscenarios/traefik.go @@ -3,17 +3,11 @@ package appscenarios import ( "context" "fmt" + "os" "path/filepath" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/util/retry" - controllerruntime "sigs.k8s.io/controller-runtime" - ctrlClient "sigs.k8s.io/controller-runtime/pkg/client" - - fluxhelmv2beta2 "github.com/fluxcd/helm-controller/api/v2beta2" "github.com/mesosphere/kommander-applications/apptests/constants" "github.com/mesosphere/kommander-applications/apptests/environment" - "github.com/mesosphere/kommander-applications/apptests/flux" ) type traefik struct { @@ -58,14 +52,6 @@ func (t traefik) install(ctx context.Context, env *environment.Env, appPath stri if err != nil { return err } - // apply the rest of kustomizations - err = env.ApplyKustomizations(ctx, appPath, map[string]string{ - "releaseNamespace": kommanderNamespace, - "workspaceNamespace": kommanderNamespace, - }) - if err != nil { - return err - } traefikCMName := "traefik-overrides" err = t.applyTraefikOverrideCM(ctx, env, traefikCMName) @@ -73,36 +59,49 @@ func (t traefik) install(ctx context.Context, env *environment.Env, appPath stri return err } - hr := &fluxhelmv2beta2.HelmRelease{ - TypeMeta: metav1.TypeMeta{ - Kind: fluxhelmv2beta2.HelmReleaseKind, - APIVersion: fluxhelmv2beta2.GroupVersion.Version, - }, - ObjectMeta: metav1.ObjectMeta{ - Name: constants.Traefik, - Namespace: kommanderNamespace, - }, - } + // apply the rest of kustomizations + traefikDir := filepath.Join(appPath, "traefik") + if _, err := os.Stat(traefikDir); !os.IsNotExist(err) { + // Find the correct versioned path for gateway-api-crds + gatewayCRDsPath, err := absolutePathTo("gateway-api-crds") // Ensure the correct version is used + if err != nil { + return fmt.Errorf("failed to get path for gateway-api-crds: %w", err) + } + + // Apply defaults for gateway-api-crds + err = env.ApplyKustomizations(ctx, filepath.Join(gatewayCRDsPath, "/defaults"), map[string]string{ + "releaseNamespace": kommanderNamespace, + }) + if err != nil { + return fmt.Errorf("failed to apply defaults for gateway-api-crds: %w", err) + } - genericClient, err := ctrlClient.New(env.K8sClient.Config(), ctrlClient.Options{ - Scheme: flux.NewScheme(), - }) - if err != nil { - return fmt.Errorf("could not create the generic client: %w", err) + // Install gateway-api-crds + err = env.ApplyKustomizations(ctx, gatewayCRDsPath, map[string]string{ + "releaseNamespace": kommanderNamespace, + }) + if err != nil { + return fmt.Errorf("failed to apply gateway-api CRDs: %w", err) + } + + // If the traefik directory exists, apply both `crds` and `traefik` subdirectories + for _, dir := range []string{"crds", "traefik"} { + subDir := filepath.Join(appPath, dir) + err := env.ApplyKustomizations(ctx, subDir, map[string]string{ + "releaseNamespace": kommanderNamespace, + "workspaceNamespace": kommanderNamespace, + }) + if err != nil { + return err + } + } } - err = retry.RetryOnConflict(retry.DefaultRetry, func() error { - _, err = controllerruntime.CreateOrUpdate(ctx, genericClient, hr, func() error { - hr.Spec.ValuesFrom = append(hr.Spec.ValuesFrom, fluxhelmv2beta2.ValuesReference{ - Kind: "ConfigMap", - Name: traefikCMName, - }) - return nil - }) - return err + // If the `traefik` directory doesn't exist, apply the default (root) kustomizations + return env.ApplyKustomizations(ctx, appPath, map[string]string{ + "releaseNamespace": kommanderNamespace, + "workspaceNamespace": kommanderNamespace, }) - - return err } func (t traefik) applyTraefikOverrideCM(ctx context.Context, env *environment.Env, cmName string) error { diff --git a/apptests/appscenarios/traefik_test.go b/apptests/appscenarios/traefik_test.go index fb9e35820f..e643205aaa 100644 --- a/apptests/appscenarios/traefik_test.go +++ b/apptests/appscenarios/traefik_test.go @@ -15,6 +15,8 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/net" + "k8s.io/client-go/util/retry" + controllerruntime "sigs.k8s.io/controller-runtime" ctrlClient "sigs.k8s.io/controller-runtime/pkg/client" fluxhelmv2beta2 "github.com/fluxcd/helm-controller/api/v2beta2" @@ -202,12 +204,27 @@ var _ = Describe("Traefik Tests", Label("traefik"), func() { Expect(cl.Delete(ctx, dashboardIngress)).To(Succeed()) }) + By("triggering a HelmRelease reconciliation", func() { + Expect( + retry.RetryOnConflict(retry.DefaultRetry, func() error { + _, err = controllerruntime.CreateOrUpdate(ctx, k8sClient, hr, func() error { + if hr.Annotations == nil { + hr.Annotations = map[string]string{} + } + hr.Annotations["reconcile.fluxcd.io/requestedAt"] = time.Now().Format(time.RFC3339) + return nil + }) + return err + }), + ).To(Succeed()) + }) + // Check the status of the HelmReleases By("waiting for HR to get upgraded") Eventually(func() (*fluxhelmv2beta2.HelmRelease, error) { err := k8sClient.Get(ctx, ctrlClient.ObjectKeyFromObject(hr), hr) return hr, err - }, "30s", pollInterval).Should(And( + }, "1m", pollInterval).Should(And( HaveField("Status.ObservedGeneration", BeNumerically(">", existingGeneration)), HaveField("Status.Conditions", ContainElement(And( HaveField("Type", Equal(apimeta.ReadyCondition)), diff --git a/services/gateway-api-crds/1.2.0/defaults/cm.yaml b/services/gateway-api-crds/1.2.0/defaults/cm.yaml new file mode 100644 index 0000000000..90e3ebb115 --- /dev/null +++ b/services/gateway-api-crds/1.2.0/defaults/cm.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: gateway-api-1.2.0-d2iq-defaults + namespace: ${releaseNamespace} +data: + values.yaml: | + # values.yaml content to enable only Gateway API CRDs installation + gatewayAPI: true + traefik: false + hub: false + deleteOnUninstall: false diff --git a/services/gateway-api-crds/1.2.0/defaults/kustomization.yaml b/services/gateway-api-crds/1.2.0/defaults/kustomization.yaml new file mode 100644 index 0000000000..77c753a51a --- /dev/null +++ b/services/gateway-api-crds/1.2.0/defaults/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - cm.yaml diff --git a/services/gateway-api-crds/1.2.0/gateway-api-crds.yaml b/services/gateway-api-crds/1.2.0/gateway-api-crds.yaml new file mode 100644 index 0000000000..b529f5bd43 --- /dev/null +++ b/services/gateway-api-crds/1.2.0/gateway-api-crds.yaml @@ -0,0 +1,18 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: gateway-api-crds + namespace: ${releaseNamespace} +spec: + interval: 6h + chart: + spec: + chart: traefik-crds + version: "1.2.0" # Use the appropriate version for Traefik CRDs + sourceRef: + kind: HelmRepository + name: helm.traefik.io-traefik + namespace: kommander-flux + valuesFrom: + - kind: ConfigMap + name: gateway-api-1.2.0-d2iq-defaults diff --git a/services/gateway-api-crds/1.2.0/kustomization.yaml b/services/gateway-api-crds/1.2.0/kustomization.yaml new file mode 100644 index 0000000000..8212a7ae54 --- /dev/null +++ b/services/gateway-api-crds/1.2.0/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - gateway-api-crds.yaml diff --git a/services/gateway-api-crds/metadata.yaml b/services/gateway-api-crds/metadata.yaml new file mode 100644 index 0000000000..10396d06d8 --- /dev/null +++ b/services/gateway-api-crds/metadata.yaml @@ -0,0 +1,9 @@ +type: internal +scope: + - workspace +licensing: + - Starter + - Pro + - Ultimate + - Essential + - Enterprise diff --git a/services/kommander/0.14.0/defaults/cm.yaml b/services/kommander/0.14.0/defaults/cm.yaml index 9cea0a8005..d298545d1e 100644 --- a/services/kommander/0.14.0/defaults/cm.yaml +++ b/services/kommander/0.14.0/defaults/cm.yaml @@ -113,6 +113,7 @@ data: prerequisites: defaultApps: - "reloader" + - "gateway-api-crds" - "traefik" - "kubernetes-dashboard" - "kubecost" diff --git a/services/traefik/34.1.0/crds.yaml b/services/traefik/34.1.0/crds.yaml new file mode 100644 index 0000000000..d989126a9c --- /dev/null +++ b/services/traefik/34.1.0/crds.yaml @@ -0,0 +1,23 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: traefik-crd-helmrelease + namespace: ${releaseNamespace} +spec: + force: false + prune: true + wait: true + interval: 6h + retryInterval: 1m + path: ./services/traefik/34.1.0/crds + sourceRef: + kind: GitRepository + name: management + namespace: kommander-flux + timeout: 1m + postBuild: + substitute: + releaseNamespace: ${releaseNamespace} + substituteFrom: + - kind: ConfigMap + name: substitution-vars diff --git a/services/traefik/34.1.0/crds/crds.yaml b/services/traefik/34.1.0/crds/crds.yaml new file mode 100644 index 0000000000..84635b964b --- /dev/null +++ b/services/traefik/34.1.0/crds/crds.yaml @@ -0,0 +1,18 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: traefik-crds + namespace: ${releaseNamespace} +spec: + interval: 6h + chart: + spec: + chart: traefik-crds + version: "1.2.0" # Use the appropriate version for Traefik CRDs + sourceRef: + kind: HelmRepository + name: helm.traefik.io-traefik + namespace: kommander-flux + valuesFrom: + - kind: ConfigMap + name: traefik-crd-1.2.0-d2iq-defaults diff --git a/services/traefik/34.1.0/crds/kustomization.yaml b/services/traefik/34.1.0/crds/kustomization.yaml new file mode 100644 index 0000000000..2ed3b35154 --- /dev/null +++ b/services/traefik/34.1.0/crds/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - crds.yaml diff --git a/services/traefik/34.1.0/crds/list-images-values.yaml b/services/traefik/34.1.0/crds/list-images-values.yaml new file mode 100644 index 0000000000..bbd0d7c3d4 --- /dev/null +++ b/services/traefik/34.1.0/crds/list-images-values.yaml @@ -0,0 +1,4 @@ +gatewayAPI: false +traefik: true +hub: false +deleteOnUninstall: false diff --git a/services/traefik/34.1.0/defaults/crds.yaml b/services/traefik/34.1.0/defaults/crds.yaml new file mode 100644 index 0000000000..1b40eec55d --- /dev/null +++ b/services/traefik/34.1.0/defaults/crds.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: traefik-crd-1.2.0-d2iq-defaults + namespace: ${releaseNamespace} +data: + values.yaml: | + # values.yaml content to enable only Gateway API CRDs installation + gatewayAPI: false + traefik: true + hub: false + deleteOnUninstall: false diff --git a/services/traefik/34.1.0/defaults/kustomization.yaml b/services/traefik/34.1.0/defaults/kustomization.yaml index 77c753a51a..d2044222a8 100644 --- a/services/traefik/34.1.0/defaults/kustomization.yaml +++ b/services/traefik/34.1.0/defaults/kustomization.yaml @@ -1,4 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - cm.yaml + - traefik.yaml + - crds.yaml diff --git a/services/traefik/34.1.0/defaults/cm.yaml b/services/traefik/34.1.0/defaults/traefik.yaml similarity index 100% rename from services/traefik/34.1.0/defaults/cm.yaml rename to services/traefik/34.1.0/defaults/traefik.yaml diff --git a/services/traefik/34.1.0/kustomization.yaml b/services/traefik/34.1.0/kustomization.yaml index bbadcfc876..081a3ec780 100644 --- a/services/traefik/34.1.0/kustomization.yaml +++ b/services/traefik/34.1.0/kustomization.yaml @@ -3,3 +3,4 @@ kind: Kustomization resources: - traefik.yaml - grafana-dashboards + - crds.yaml diff --git a/services/traefik/34.1.0/traefik.yaml b/services/traefik/34.1.0/traefik.yaml index f78788a26e..1388a415ac 100644 --- a/services/traefik/34.1.0/traefik.yaml +++ b/services/traefik/34.1.0/traefik.yaml @@ -1,161 +1,23 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta2 -kind: HelmRelease +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization metadata: - name: traefik + name: traefik-helmrelease namespace: ${releaseNamespace} spec: - chart: - spec: - chart: traefik - sourceRef: - kind: HelmRepository - name: helm.traefik.io-traefik - namespace: kommander-flux - version: 34.1.0 - interval: 15s - install: - crds: CreateReplace - remediation: - retries: 30 - upgrade: - crds: CreateReplace - remediation: - retries: 30 - timeout: 5m0s - releaseName: kommander-traefik - valuesFrom: - - kind: ConfigMap - name: traefik-34.1.0-d2iq-defaults - - kind: ConfigMap - name: traefik-overrides - optional: true ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: traefik-app-dashboard-info - namespace: ${releaseNamespace} - labels: - "kommander.d2iq.io/application": "traefik" -data: - name: "Traefik" - dashboardLink: "/dkp/traefik/dashboard/" - docsLink: "https://doc.traefik.io/traefik/v3.3" - # Check https://artifacthub.io/packages/helm/traefik/traefik for app version - version: "3.3.2" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: d2iq-traefik-certmanager-init - namespace: ${releaseNamespace} -rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - '*' - - apiGroups: - - cert-manager.io - resources: - - certificates - verbs: - - '*' - - apiGroups: - - traefik.containo.us - - traefik.io - resources: - - tlsstores - - middlewares - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: d2iq-traefik-certmanager-init - namespace: ${releaseNamespace} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: d2iq-traefik-certmanager-init -subjects: - - kind: ServiceAccount - name: kommander-traefik - namespace: ${releaseNamespace} ---- -apiVersion: v1 -kind: Service -metadata: - name: kommander-traefik-dashboard - namespace: ${releaseNamespace} -spec: - ports: - - name: dashboard-http - port: 80 - protocol: TCP - targetPort: 9000 - selector: - app: traefik - app.kubernetes.io/instance: kommander-traefik - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - name: kommander-traefik-prometheus - namespace: ${releaseNamespace} - labels: - servicemonitor.kommander.mesosphere.io/path: metrics -spec: - ports: - - name: metrics - port: 9100 - protocol: TCP - targetPort: metrics - selector: - app: traefik - app.kubernetes.io/instance: kommander-traefik - type: ClusterIP ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: dkp-traefik-view -rules: - - nonResourceURLs: - - /dkp/traefik - - /dkp/traefik/* - verbs: - - get - - head ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: dkp-traefik-edit -rules: - - nonResourceURLs: - - /dkp/traefik - - /dkp/traefik/* - verbs: - - get - - head - - post - - put ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: dkp-traefik-admin -rules: - - nonResourceURLs: - - /dkp/traefik - - /dkp/traefik/* - verbs: - - get - - head - - post - - put - - delete + force: false + prune: true + wait: true + interval: 6h + retryInterval: 1m + path: ./services/traefik/34.1.0/traefik + sourceRef: + kind: GitRepository + name: management + namespace: kommander-flux + timeout: 1m + postBuild: + substitute: + releaseNamespace: ${releaseNamespace} + substituteFrom: + - kind: ConfigMap + name: substitution-vars diff --git a/services/traefik/34.1.0/traefik/kustomization.yaml b/services/traefik/34.1.0/traefik/kustomization.yaml new file mode 100644 index 0000000000..b216b363ee --- /dev/null +++ b/services/traefik/34.1.0/traefik/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - traefik.yaml diff --git a/services/traefik/34.1.0/traefik/traefik.yaml b/services/traefik/34.1.0/traefik/traefik.yaml new file mode 100644 index 0000000000..30927c6d08 --- /dev/null +++ b/services/traefik/34.1.0/traefik/traefik.yaml @@ -0,0 +1,164 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta2 +kind: HelmRelease +metadata: + name: traefik + namespace: ${releaseNamespace} +spec: + dependsOn: + - name: traefik-crds + namespace: ${releaseNamespace} + chart: + spec: + chart: traefik + sourceRef: + kind: HelmRepository + name: helm.traefik.io-traefik + namespace: kommander-flux + version: 34.1.0 + interval: 15s + install: + crds: Skip + remediation: + retries: 30 + upgrade: + crds: Skip + remediation: + retries: 30 + timeout: 5m0s + releaseName: kommander-traefik + valuesFrom: + - kind: ConfigMap + name: traefik-34.1.0-d2iq-defaults + - kind: ConfigMap + name: traefik-overrides + optional: true +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: traefik-app-dashboard-info + namespace: ${releaseNamespace} + labels: + "kommander.d2iq.io/application": "traefik" +data: + name: "Traefik" + dashboardLink: "/dkp/traefik/dashboard/" + docsLink: "https://doc.traefik.io/traefik/v3.3" + # Check https://artifacthub.io/packages/helm/traefik/traefik for app version + version: "3.3.2" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: d2iq-traefik-certmanager-init + namespace: ${releaseNamespace} +rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' + - apiGroups: + - cert-manager.io + resources: + - certificates + verbs: + - '*' + - apiGroups: + - traefik.containo.us + - traefik.io + resources: + - tlsstores + - middlewares + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: d2iq-traefik-certmanager-init + namespace: ${releaseNamespace} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: d2iq-traefik-certmanager-init +subjects: + - kind: ServiceAccount + name: kommander-traefik + namespace: ${releaseNamespace} +--- +apiVersion: v1 +kind: Service +metadata: + name: kommander-traefik-dashboard + namespace: ${releaseNamespace} +spec: + ports: + - name: dashboard-http + port: 80 + protocol: TCP + targetPort: 9000 + selector: + app: traefik + app.kubernetes.io/instance: kommander-traefik + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + name: kommander-traefik-prometheus + namespace: ${releaseNamespace} + labels: + servicemonitor.kommander.mesosphere.io/path: metrics +spec: + ports: + - name: metrics + port: 9100 + protocol: TCP + targetPort: metrics + selector: + app: traefik + app.kubernetes.io/instance: kommander-traefik + type: ClusterIP +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: dkp-traefik-view +rules: + - nonResourceURLs: + - /dkp/traefik + - /dkp/traefik/* + verbs: + - get + - head +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: dkp-traefik-edit +rules: + - nonResourceURLs: + - /dkp/traefik + - /dkp/traefik/* + verbs: + - get + - head + - post + - put +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: dkp-traefik-admin +rules: + - nonResourceURLs: + - /dkp/traefik + - /dkp/traefik/* + verbs: + - get + - head + - post + - put + - delete