Portefaix label v0.14.0 (#689)

* Add: manage release label

Signed-off-by: Nicolas Lamirault <[email protected]>

* Add: v0.14.0 label

Signed-off-by: Nicolas Lamirault <[email protected]>

* Update: clean

Signed-off-by: Nicolas Lamirault <[email protected]>

* Fix: Linkerd-viz kustomizaton

Signed-off-by: Nicolas Lamirault <[email protected]>

* Add: kubeconform into Docker Github action

Signed-off-by: Nicolas Lamirault <[email protected]>

* Add: migrate to kubeconform

Signed-off-by: Nicolas Lamirault <[email protected]>

* Add: release goal

Signed-off-by: Nicolas Lamirault <[email protected]>

* Fix: Grafana for Staging

Signed-off-by: Nicolas Lamirault <[email protected]>

.github/actions/tools/entrypoint.sh

@@ -5,33 +5,35 @@ set -eu
 YQ_VERSION="v4.6.1"
 KUSTOMIZE_VERSION="3.9.2"
 KUBEVAL_VERSION="0.15.0"
+KUBECONFORM_VERSION="v0.4.7"
 OPA_VERSION="v0.28.0"
+CONFTEST_VERSION="0.25.0"
+
 
 mkdir -p $GITHUB_WORKSPACE/bin
 cd $GITHUB_WORKSPACE/bin
 
 curl -sL https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64 -o yq
-
 chmod +x $GITHUB_WORKSPACE/bin/yq
 
 kustomize_url=https://github.com/kubernetes-sigs/kustomize/releases/download && \
 curl -sL ${kustomize_url}/kustomize%2Fv${KUSTOMIZE_VERSION}/kustomize_v${KUSTOMIZE_VERSION}_linux_amd64.tar.gz | \
 tar xz
-
 chmod +x $GITHUB_WORKSPACE/bin/kustomize
 
 curl -sL https://github.com/instrumenta/kubeval/releases/download/${KUBEVAL_VERSION}/kubeval-linux-amd64.tar.gz | \
 tar xz
-
 chmod +x $GITHUB_WORKSPACE/bin/kubeval
 
-curl -sL https://github.com/open-policy-agent/opa/releases/download/${OPA_VERSION}/opa_linux_amd64 -o opa
+curl -sL https://github.com/yannh/kubeconform/releases/download/${KUBECONFORM_VERSION}/kubeconform-linux-amd64.tar.gz | \
+tar xz
+chmod +x $GITHUB_WORKSPACE/bin/kubeconform
 
+curl -sL https://github.com/open-policy-agent/opa/releases/download/${OPA_VERSION}/opa_linux_amd64 -o opa
 chmod +x $GITHUB_WORKSPACE/bin/opa
 
-curl -sL https://github.com/open-policy-agent/conftest/releases/download/v0.25.0/conftest_0.25.0_Linux_x86_64.tar.gz | \
+curl -sL https://github.com/open-policy-agent/conftest/releases/download/v${CONFTEST_VERSION}/conftest_${CONFTEST_VERSION}_Linux_x86_64.tar.gz | \
 tar xz
-
 chmod +x $GITHUB_WORKSPACE/bin/conftest
 
 echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH

Makefile

@@ -295,3 +295,8 @@ sops-decrypt: guard-FILE ## Decrypt
 .PHONY: gitops-bootstrap
 gitops-bootstrap: guard-ENV guard-CLOUD guard-BRANCH kubernetes-check-context ## Bootstrap Flux v2
 	./hack/scripts/bootstrap.sh clusters/$(CLOUD)/$(ENV) $(BRANCH)
+
+.PHONY: release-prepare
+release-prepare: guard-VERSION ## Update release label
+	./hack/scripts/portefaix-labels.sh kubernetes $(VERSION)
+	./hack/scripts/validate.sh clusters kubernetes

hack/scripts/portefaix-labels.sh

@@ -33,8 +33,12 @@ version=$2
 
 IFS="
 "
-for file in $(grep ${label} ${manifests}/*); do
-    filename=$(echo ${file} | awk -F":" '{ print $1 }')
-    echo -e "${INFO_COLOR}Update file: ${filename}${NO_COLOR}"
-    sed -i "s#${label}:.*#${label}: ${version}#g" ${filename}
+
+for k8s_file in $(find ${manifests} -name "*.yaml" ); do
+    # echo ${k8s_file}
+    for file in $(grep ${label} ${k8s_file}); do
+        # echo "${k8s_file}: ${file}"
+        echo -e "${INFO_COLOR}Update file: ${NO_COLOR}${k8s_file}"
+        sed -i "s#${label}:.*#${label}: ${version}#g" ${k8s_file}
+    done
 done

hack/scripts/validate.sh

@@ -40,10 +40,6 @@ manifests=$1
 clusters=$2
 [ -z "${clusters}" ] && echo -e "${ERROR_COLOR}Clusters not satisfied${NO_COLOR}" && exit 1
 
-echo -e "${INFO_COLOR} - Downloading Flux OpenAPI schemas${NO_COLOR}"
-mkdir -p /tmp/flux-crd-schemas/master-standalone-strict
-curl -sL https://github.com/fluxcd/flux2/releases/latest/download/crd-schemas.tar.gz | tar zxf - -C /tmp/flux-crd-schemas/master-standalone-strict
-
 # mirror kustomize-controller build options
 # kustomize_flags="--enable_kyaml=false --allow_id_changes=false --load_restrictor=LoadRestrictionsNone"
 kustomize_flags=""
@@ -60,30 +56,16 @@ find ${clusters} -type f -name '*.yaml' -print0 | while IFS= read -r -d $'\0' fi
     yq e 'true' "$file" > /dev/null
 done
 
-# echo -e "${INFO_COLOR} - Validating Kubernetes definitions${NO_COLOR}"
-# find ${clusters} -type f -name '*.yaml' -maxdepth 1 -print0 | while IFS= read -r -d $'\0' file;
-#   do
-#     kubeval ${file} --strict --ignore-missing-schemas --additional-schema-locations=file:///tmp/flux-crd-schemas
-#     if [[ ${PIPESTATUS[0]} != 0 ]]; then
-#       exit 1
-#     fi
-# done
-
-# echo -e "${INFO_COLOR} - Validating kustomize base${NO_COLOR}"
-# find ${clusters}/base -type f -name $kustomize_config -print0 | while IFS= read -r -d $'\0' file;
-#   do
-#     echo -e "${INFO_COLOR} - Validating kustomization ${file/%$kustomize_config}${NO_COLOR}"
-#     kustomize build "${file/%$kustomize_config}" $kustomize_flags | kubeval --ignore-missing-schemas --strict --additional-schema-locations=file:///tmp/flux-crd-schemas
-#     if [[ ${PIPESTATUS[0]} != 0 ]]; then
-#       exit 1
-#     fi
-# done
+echo -e "${INFO_COLOR} - Downloading Flux OpenAPI schemas${NO_COLOR}"
+mkdir -p /tmp/flux-crd-schemas/master-standalone-strict
+curl -sL https://github.com/fluxcd/flux2/releases/latest/download/crd-schemas.tar.gz | tar zxf - -C /tmp/flux-crd-schemas/master-standalone-strict
 
 echo -e "${INFO_COLOR} - Validating kustomize overlays${NO_COLOR}"
 find ${clusters}/overlays -type f -name $kustomize_config -print0 | while IFS= read -r -d $'\0' file;
 do
   echo -e "${INFO_COLOR} - Validating kustomization ${file/%$kustomize_config}${NO_COLOR}"
-  kustomize build "${file/%$kustomize_config}" $kustomize_flags | kubeval --ignore-missing-schemas --additional-schema-locations=file:///tmp/flux-crd-schemas
+  # kustomize build "${file/%$kustomize_config}" $kustomize_flags | kubeval --ignore-missing-schemas --additional-schema-locations=file:///tmp/flux-crd-schemas
+  kustomize build "${file/%$kustomize_config}" $kustomize_flags | kubeconform --ignore-missing-schemas --schema-location=file:///tmp/flux-crd-schemas
   if [[ ${PIPESTATUS[0]} != 0 ]]; then
     exit 1
   fi

kubernetes/base/dns/external-dns/external-dns.yaml

@@ -33,7 +33,7 @@ spec:
   targetNamespace: dns
   values:
     podLabels:
-      portefaix.xyz/version: v0.11.0
+      portefaix.xyz/version: v0.14.0
     metrics:
       enabled: true
       serviceMonitor:

kubernetes/base/litmus/kubernetes-chaos/kubernetes-chaos.yaml

@@ -46,4 +46,4 @@ spec:
     cleanupOnFail: true
   values:
     customLabels:
-      portefaix.xyz/version: v0.13.0
+      portefaix.xyz/version: v0.14.0

kubernetes/base/litmus/litmus-chaos/litmus-chaos.yaml

@@ -46,7 +46,7 @@ spec:
     cleanupOnFail: true
   values:
     customLabels:
-      portefaix.xyz/version: v0.13.0
+      portefaix.xyz/version: v0.14.0
     # operator:
     #   image:
     #     repository: litmuschaos/chaos-operator

kubernetes/base/logging/vector/vector.yaml

@@ -33,7 +33,7 @@ spec:
   targetNamespace: logging
   values:
     podAnnotations:
-      portefaix.xyz/version: v0.11.0
+      portefaix.xyz/version: v0.14.0
 
     serviceAccount:
       create: true

kubernetes/base/monitoring/grafana/grafana-mixin.yaml

@@ -47,4 +47,4 @@ spec:
   timeout: 10m
   values:
     additionalLabels:
-      portefaix.xyz/version: v0.13.0
+      portefaix.xyz/version: v0.14.0

kubernetes/base/monitoring/grafana/grafana.yaml

@@ -49,7 +49,7 @@ spec:
   values:
 
     extraLabels:
-      portefaix.xyz/version: v0.13.0
+      portefaix.xyz/version: v0.14.0
 
     # image:
     #   repository: grafana/grafana

kubernetes/base/monitoring/kube-prometheus-stack/kube-prometheus-stack.yaml

@@ -51,7 +51,7 @@ spec:
   timeout: 20m
   values:
     commonLabels:
-      portefaix.xyz/version: v0.13.0
+      portefaix.xyz/version: v0.14.0
     defaultRules:
       runbookUrl: "https://github.com/portefaix/portefaix/tree/master/runbook.md#"
 
@@ -179,4 +179,4 @@ spec:
     nodeExporter:
       enabled: true
       podLabels:
-        portefaix.xyz/version: v0.13.0
+        portefaix.xyz/version: v0.14.0

kubernetes/base/monitoring/kube-prometheus-stack/kube-state-metrics-mixin.yaml

@@ -47,4 +47,4 @@ spec:
   timeout: 10m
   values:
     additionalLabels:
-      portefaix.xyz/version: v0.13.0
+      portefaix.xyz/version: v0.14.0

kubernetes/base/monitoring/kube-prometheus-stack/prometheus-mixin.yaml

@@ -47,4 +47,4 @@ spec:
   timeout: 10m
   values:
     additionalLabels:
-      portefaix.xyz/version: v0.13.0
+      portefaix.xyz/version: v0.14.0

kubernetes/base/monitoring/kube-prometheus-stack/prometheus-operator-mixin.yaml

@@ -47,4 +47,4 @@ spec:
   timeout: 10m
   values:
     additionalLabels:
-      portefaix.xyz/version: v0.13.0
+      portefaix.xyz/version: v0.14.0

kubernetes/base/networking/speedtest/speedtest.yaml

@@ -47,7 +47,7 @@ spec:
   timeout: 10m
   values:
     additionalLabels:
-      portefaix.xyz/version: v0.11.0
+      portefaix.xyz/version: v0.14.0
 
     additionalAnnotations:
       a8r.io/description: Prometheus exporter that runs speedtest and exposes results

kubernetes/base/storage/nfs/nfs.yaml

@@ -33,7 +33,7 @@ spec:
   targetNamespace: storage
   values:
     labels:
-      portefaix.xyz/version: v0.11.0
+      portefaix.xyz/version: v0.14.0
 
     # nfs:
     #   server: xx.xx.xx.xx

kubernetes/overlays/kind/local/linkerd/linkerd-viz/linkerd-viz.yaml

@@ -18,7 +18,7 @@ apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
   name: linkerd-viz
-  namespace: linkerd
+  namespace: linkerd-viz
 spec:
   values:
     dashboard:

kubernetes/overlays/staging/monitoring/grafana/kustomization.yaml

@@ -16,6 +16,6 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- ../../../../../base/monitoring/grafana
+- ../../../../base/monitoring/grafana
 patchesStrategicMerge:
 - grafana.yaml