From efaa4718eca39043b2465766d425a32da834e160 Mon Sep 17 00:00:00 2001 From: Mark Mercado Date: Mon, 28 Mar 2022 17:55:36 -0400 Subject: [PATCH 01/10] Adding Helm functionality --- .github/workflows/helm-release.yaml | 41 +++++++++ .helm/starter/.helmignore | 23 +++++ .helm/starter/Chart.yaml | 6 ++ .helm/starter/values.yaml | 0 Makefile | 137 +++++++++++++++++++++++++++- README.md | 113 +++++++++++++++-------- charts/.gitkeep | 0 7 files changed, 280 insertions(+), 40 deletions(-) create mode 100644 .github/workflows/helm-release.yaml create mode 100644 .helm/starter/.helmignore create mode 100644 .helm/starter/Chart.yaml create mode 100644 .helm/starter/values.yaml create mode 100644 charts/.gitkeep diff --git a/.github/workflows/helm-release.yaml b/.github/workflows/helm-release.yaml new file mode 100644 index 00000000..f303e25f --- /dev/null +++ b/.github/workflows/helm-release.yaml @@ -0,0 +1,41 @@ +name: helm-release + +on: + release: + types: [published] + +jobs: + release: + runs-on: ubuntu-latest + steps: + + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Install Helm + uses: azure/setup-helm@v1 + with: + version: v3.7.1 + + - name: Create Helm chart + run: | + echo VERSION: $VERSION + make helm-chart + env: + VERSION: ${{ github.ref_name }} + + # Reinventing the wheel if/until https://github.com/helm/chart-releaser-action/pull/96 is merged + - name: Release Helm chart + run: | + echo VERSION: $VERSION + make helm-release + env: + VERSION: ${{ github.ref_name }} + CR_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.helm/starter/.helmignore b/.helm/starter/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/.helm/starter/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/.helm/starter/Chart.yaml b/.helm/starter/Chart.yaml new file mode 100644 index 00000000..6563a586 --- /dev/null +++ b/.helm/starter/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +appVersion: 0.1.0 +description: A Helm chart for Kubernetes +name: starter +type: application +version: 0.1.0 diff --git a/.helm/starter/values.yaml b/.helm/starter/values.yaml new file mode 100644 index 00000000..e69de29b diff --git a/Makefile b/Makefile index 15c56411..b1603336 100644 --- a/Makefile +++ b/Makefile @@ -7,6 +7,13 @@ VERSION ?= $(shell git describe --tags) CONTAINER_CMD ?= docker +# GNU vs BSD in-place sed +ifeq ($(shell sed --version 2>/dev/null | grep -q GNU && echo gnu),gnu) + SED_I := sed -i +else + SED_I := sed -i '' +endif + # CHANNELS define the bundle channels used in the bundle. # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable") # To re-generate a bundle for other specific channels without changing the standard setup, you can: @@ -41,6 +48,14 @@ BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION) IMG ?= $(IMAGE_TAG_BASE):$(VERSION) NAMESPACE ?= awx +# Helm variables +CHART_NAME ?= awx-operator +CHART_DESCRIPTION ?= A Helm chart for the AWX Operator +CHART_OWNER ?= ansible +CHART_REPO ?= awx-operator +CHART_BRANCH ?= gh-pages +CHART_INDEX ?= index.yaml + all: docker-build ##@ General @@ -103,7 +118,7 @@ ifeq (,$(shell which kustomize 2>/dev/null)) @{ \ set -e ;\ mkdir -p $(dir $(KUSTOMIZE)) ;\ - curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v3.8.7/kustomize_v3.8.7_$(OS)_$(ARCH).tar.gz | \ + curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v4.5.2/kustomize_v4.5.2_$(OS)_$(ARCH).tar.gz | \ tar xzf - -C bin/ ;\ } else @@ -181,3 +196,123 @@ catalog-build: opm ## Build a catalog image. .PHONY: catalog-push catalog-push: ## Push a catalog image. $(MAKE) docker-push IMG=$(CATALOG_IMG) + +.PHONY: kubectl-slice +KUBECTL_SLICE = $(shell pwd)/bin/kubectl-slice +kubectl-slice: ## Download kubectl-slice locally if necessary. +ifeq (,$(wildcard $(KUBECTL_SLICE))) +ifeq (,$(shell which kubectl-slice 2>/dev/null)) + @{ \ + set -e ;\ + mkdir -p $(dir $(KUBECTL_SLICE)) ;\ + curl -sSLo - https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.1.0/kubectl-slice_1.1.0_$(OS)_$(ARCH).tar.gz | \ + tar xzf - -C bin/ kubectl-slice ;\ + } +else +KUBECTL_SLICE = $(shell which kubectl-slice) +endif +endif + +.PHONY: helm +HELM = $(shell pwd)/bin/helm +helm: ## Download helm locally if necessary. +ifeq (,$(wildcard $(HELM))) +ifeq (,$(shell which helm 2>/dev/null)) + @{ \ + set -e ;\ + mkdir -p $(dir $(HELM)) ;\ + curl -sSLo - https://get.helm.sh/helm-v3.8.0-$(OS)-$(ARCH).tar.gz | \ + tar xzf - -C bin/ $(OS)-$(ARCH)/helm ;\ + mv bin/$(OS)-$(ARCH)/helm bin/helm ;\ + rmdir bin/$(OS)-$(ARCH) ;\ + } +else +HELM = $(shell which helm) +endif +endif + +.PHONY: yq +YQ = $(shell pwd)/bin/yq +yq: ## Download yq locally if necessary. +ifeq (,$(wildcard $(YQ))) +ifeq (,$(shell which yq 2>/dev/null)) + @{ \ + set -e ;\ + mkdir -p $(dir $(HELM)) ;\ + curl -sSLo - https://github.com/mikefarah/yq/releases/download/v4.20.2/yq_$(OS)_$(ARCH).tar.gz | \ + tar xzf - -C bin/ yq_$(OS)_$(ARCH) ;\ + mv bin/yq_$(OS)_$(ARCH) bin/yq ;\ + } +else +YQ = $(shell which yq) +endif +endif + +PHONY: cr +CR = $(shell pwd)/bin/cr +cr: ## Download cr locally if necessary. +ifeq (,$(wildcard $(CR))) +ifeq (,$(shell which cr 2>/dev/null)) + @{ \ + set -e ;\ + mkdir -p $(dir $(CR)) ;\ + curl -sSLo - https://github.com/helm/chart-releaser/releases/download/v1.3.0/chart-releaser_1.3.0_$(OS)_$(ARCH).tar.gz | \ + tar xzf - -C bin/ cr ;\ + } +else +CR = $(shell which cr) +endif +endif + +.PHONY: helm-chart +helm-chart: kustomize helm kubectl-slice yq + @echo "== KUSTOMIZE (image and namespace) ==" + cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} + cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE} + + @echo "== HELM ==" + cd charts && \ + $(HELM) create awx-operator --starter $(shell pwd)/.helm/starter ;\ + $(YQ) -i '.version = "$(VERSION)"' $(CHART_NAME)/Chart.yaml ;\ + $(YQ) -i '.appVersion = "$(VERSION)" | .appVersion style="double"' $(CHART_NAME)/Chart.yaml ;\ + $(YQ) -i '.description = "$(CHART_DESCRIPTION)"' $(CHART_NAME)/Chart.yaml ;\ + + @cat charts/$(CHART_NAME)/Chart.yaml + + @echo "== KUSTOMIZE (annotation) ==" + cd config/manager && $(KUSTOMIZE) edit set annotation helm.sh/chart:$(CHART_NAME)-$(VERSION) + cd config/default && $(KUSTOMIZE) edit set annotation helm.sh/chart:$(CHART_NAME)-$(VERSION) + + @echo "== SLICE ==" + $(KUSTOMIZE) build config/default | \ + $(KUBECTL_SLICE) --input-file=- \ + --output-dir=charts/$(CHART_NAME)/templates \ + --sort-by-kind + @echo "Helm Chart $(VERSION)" > charts/$(CHART_NAME)/templates/NOTES.txt + +.PHONY: helm-release +helm-release: cr helm-chart + $(CR) version + @echo "== CHART RELEASER (package) ==" + $(CR) package ./charts/awx-operator + @echo "== CHART RELEASER (upload) ==" + $(CR) upload \ + --owner "$(CHART_OWNER)" \ + --git-repo "$(CHART_REPO)" \ + --token "$(CR_TOKEN)" \ + --skip-existing + + @echo "== CHART RELEASER (httpsorigin) ==" + git remote add httpsorigin "https://github.com/$(CHART_OWNER)/$(CHART_REPO).git" + git fetch --all + + @echo "== CHART RELEASER (index) ==" + $(CR) index \ + --owner "$(CHART_OWNER)" \ + --git-repo "$(CHART_REPO)" \ + --token "$(CR_TOKEN)" \ + --pages-branch "$(CHART_BRANCH)" \ + --index-path "./charts/$(CHART_INDEX)" \ + --charts-repo "https://$(CHART_OWNER).github.io/$(CHART_REPO)/$(CHART_INDEX)" \ + --remote httpsorigin \ + --push diff --git a/README.md b/README.md index 19ec170f..1c7d0e2a 100644 --- a/README.md +++ b/README.md @@ -8,46 +8,51 @@ An [Ansible AWX](https://github.com/ansible/awx) operator for Kubernetes built w -- [AWX Operator](#awx-operator) -- [Table of Contents](#table-of-contents) - - [Purpose](#purpose) - - [Usage](#usage) - - [Creating a minikube cluster for testing](#creating-a-minikube-cluster-for-testing) - - [Basic Install](#basic-install) - - [Admin user account configuration](#admin-user-account-configuration) - - [Network and TLS Configuration](#network-and-tls-configuration) - - [Service Type](#service-type) - - [Ingress Type](#ingress-type) - - [Database Configuration](#database-configuration) - - [External PostgreSQL Service](#external-postgresql-service) - - [Migrating data from an old AWX instance](#migrating-data-from-an-old-awx-instance) - - [Managed PostgreSQL Service](#managed-postgresql-service) - - [Advanced Configuration](#advanced-configuration) - - [Deploying a specific version of AWX](#deploying-a-specific-version-of-awx) - - [Redis container capabilities](#redis-container-capabilities) - - [Privileged Tasks](#privileged-tasks) - - [Containers Resource Requirements](#containers-resource-requirements) - - [Assigning AWX pods to specific nodes](#assigning-awx-pods-to-specific-nodes) - - [Trusting a Custom Certificate Authority](#trusting-a-custom-certificate-authority) - - [Enabling LDAP Integration at AWX bootstrap](#enabling-ldap-integration-at-awx-bootstrap) - - [Persisting Projects Directory](#persisting-projects-directory) - - [Custom Volume and Volume Mount Options](#custom-volume-and-volume-mount-options) - - [Default execution environments from private registries](#default-execution-environments-from-private-registries) - - [Control plane ee from private registry](#control-plane-ee-from-private-registry) - - [Exporting Environment Variables to Containers](#exporting-environment-variables-to-containers) - - [Extra Settings](#extra-settings) - - [Service Account](#service-account) - - [Uninstall](#uninstall) - - [Upgrading](#upgrading) - - [v0.14.0](#v0140) - - [Cluster-scope to Namespace-scope considerations](#cluster-scope-to-namespace-scope-considerations) - - [Project is now based on v1.x of the operator-sdk project](#project-is-now-based-on-v1x-of-the-operator-sdk-project) - - [Steps to upgrade](#steps-to-upgrade) - - [Contributing](#contributing) - - [Release Process](#release-process) - - [Author](#author) +* [AWX Operator](#awx-operator) +* [Table of Contents](#table-of-contents) + * [Purpose](#purpose) + * [Usage](#usage) + * [Creating a minikube cluster for testing](#creating-a-minikube-cluster-for-testing) + * [Basic Install](#basic-install) + * [Helm Install on existing cluster](#helm-install-on-existing-cluster) + * [Admin user account configuration](#admin-user-account-configuration) + * [Network and TLS Configuration](#network-and-tls-configuration) + * [Service Type](#service-type) + * [Ingress Type](#ingress-type) + * [Database Configuration](#database-configuration) + * [External PostgreSQL Service](#external-postgresql-service) + * [Migrating data from an old AWX instance](#migrating-data-from-an-old-awx-instance) + * [Managed PostgreSQL Service](#managed-postgresql-service) + * [Advanced Configuration](#advanced-configuration) + * [Deploying a specific version of AWX](#deploying-a-specific-version-of-awx) + * [Redis container capabilities](#redis-container-capabilities) + * [Privileged Tasks](#privileged-tasks) + * [Containers Resource Requirements](#containers-resource-requirements) + * [Priority Classes](#priority-classes) + * [Assigning AWX pods to specific nodes](#assigning-awx-pods-to-specific-nodes) + * [Trusting a Custom Certificate Authority](#trusting-a-custom-certificate-authority) + * [Enabling LDAP Integration at AWX bootstrap](#enabling-ldap-integration-at-awx-bootstrap) + * [Persisting Projects Directory](#persisting-projects-directory) + * [Custom Volume and Volume Mount Options](#custom-volume-and-volume-mount-options) + * [Default execution environments from private registries](#default-execution-environments-from-private-registries) + * [Control plane ee from private registry](#control-plane-ee-from-private-registry) + * [Exporting Environment Variables to Containers](#exporting-environment-variables-to-containers) + * [CSRF Cookie Secure Setting](#csrf-cookie-secure-setting) + * [Session Cookie Secure Setting](#session-cookie-secure-setting) + * [Extra Settings](#extra-settings) + * [Service Account](#service-account) + * [Uninstall](#uninstall) + * [Upgrading](#upgrading) + * [v0.14.0](#v0140) + * [Cluster-scope to Namespace-scope considerations](#cluster-scope-to-namespace-scope-considerations) + * [Project is now based on v1.x of the operator-sdk project](#project-is-now-based-on-v1x-of-the-operator-sdk-project) + * [Steps to upgrade](#steps-to-upgrade) + * [Contributing](#contributing) + * [Release Process](#release-process) + * [Author](#author) + ## Purpose @@ -237,6 +242,34 @@ You just completed the most basic install of an AWX instance via this operator. For an example using the Nginx Controller in Minukube, don't miss our [demo video](https://asciinema.org/a/416946). +### Helm Install on existing cluster + +For those that wish to use [Helm](https://helm.sh/) to install the awx-operator to an existing K8s cluster: + +```bash +$ helm repo add awx-operator https://ansible.github.io/awx-operator/ +"awx-operator" has been added to your repositories + +$ helm repo update +Hang tight while we grab the latest from your chart repositories... +...Successfully got an update from the "awx-operator" chart repository +Update Complete. ⎈Happy Helming!⎈ + +$ helm search repo awx-operator +NAME CHART VERSION APP VERSION DESCRIPTION +awx-operator/awx-operator 0.17.1 0.17.1 A Helm chart for the AWX Operator + +$ helm install my-awx-operator awx-operator/awx-operator +NAME: my-awx-operator +LAST DEPLOYED: Thu Feb 17 22:09:05 2022 +NAMESPACE: default +STATUS: deployed +REVISION: 1 +TEST SUITE: None +NOTES: +Helm Chart 0.17.1 +``` + ### Admin user account configuration There are three variables that are customizable for the admin user account creation. @@ -591,7 +624,7 @@ spec: The AWX and Postgres pods can be assigned a custom PriorityClass to rank their importance compared to other pods in your cluster, which determines which pods get evicted first if resources are running low. First, [create your PriorityClass](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass) if needed. -Then set the name of your priority class to the control plane and postgres pods as shown below. +Then set the name of your priority class to the control plane and postgres pods as shown below. ```yaml --- @@ -1053,6 +1086,8 @@ If you need to do an independent release of the operator, you can run the [Stage After the draft release is created, publish it and the [Promote AWX Operator image](https://github.com/ansible/awx-operator/blob/devel/.github/workflows/promote.yaml) will run, publishing the image to Quay. +The [Helm release](https://github.com/ansible/awx-operator/blob/devel/.github/workflows/helm-release.yaml) workflow will create and publish a release for every tag. + ## Author This operator was originally built in 2019 by [Jeff Geerling](https://www.jeffgeerling.com) and is now maintained by the Ansible Team diff --git a/charts/.gitkeep b/charts/.gitkeep new file mode 100644 index 00000000..e69de29b From 0de966153d4961c937f6026aba55f53343f4aea7 Mon Sep 17 00:00:00 2001 From: Mark Mercado Date: Mon, 28 Mar 2022 18:25:18 -0400 Subject: [PATCH 02/10] Fix kubectl-slice for amd64 --- Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index b1603336..efe88e71 100644 --- a/Makefile +++ b/Makefile @@ -199,13 +199,14 @@ catalog-push: ## Push a catalog image. .PHONY: kubectl-slice KUBECTL_SLICE = $(shell pwd)/bin/kubectl-slice +KUBECTL_SLICE_ARCH := $(shell uname -m | sed -e 's/amd64/x86_64/' -e 's/aarch64/arm64/') kubectl-slice: ## Download kubectl-slice locally if necessary. ifeq (,$(wildcard $(KUBECTL_SLICE))) ifeq (,$(shell which kubectl-slice 2>/dev/null)) @{ \ set -e ;\ mkdir -p $(dir $(KUBECTL_SLICE)) ;\ - curl -sSLo - https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.1.0/kubectl-slice_1.1.0_$(OS)_$(ARCH).tar.gz | \ + curl -sSLo - https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.1.0/kubectl-slice_1.1.0_$(OS)_$(KUBECTL_SLICE_ARCH).tar.gz | \ tar xzf - -C bin/ kubectl-slice ;\ } else From 9380686395ac7364962ac4f86ab80dc8c00dbaa8 Mon Sep 17 00:00:00 2001 From: Mark Mercado Date: Thu, 31 Mar 2022 20:22:46 -0400 Subject: [PATCH 03/10] Handle amd64 versus x86_64 --- Makefile | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/Makefile b/Makefile index efe88e71..31941e46 100644 --- a/Makefile +++ b/Makefile @@ -108,7 +108,8 @@ undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/confi $(KUSTOMIZE) build config/default | kubectl delete -f - OS := $(shell uname -s | tr '[:upper:]' '[:lower:]') -ARCH := $(shell uname -m | sed -e 's/x86_64/amd64/' -e 's/aarch64/arm64/') +ARCHA := $(shell uname -m | sed -e 's/x86_64/amd64/' -e 's/aarch64/arm64/') +ARCHX := $(shell uname -m | sed -e 's/amd64/x86_64/' -e 's/aarch64/arm64/') .PHONY: kustomize KUSTOMIZE = $(shell pwd)/bin/kustomize @@ -118,7 +119,7 @@ ifeq (,$(shell which kustomize 2>/dev/null)) @{ \ set -e ;\ mkdir -p $(dir $(KUSTOMIZE)) ;\ - curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v4.5.2/kustomize_v4.5.2_$(OS)_$(ARCH).tar.gz | \ + curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v4.5.2/kustomize_v4.5.2_$(OS)_$(ARCHA).tar.gz | \ tar xzf - -C bin/ ;\ } else @@ -134,7 +135,7 @@ ifeq (,$(shell which ansible-operator 2>/dev/null)) @{ \ set -e ;\ mkdir -p $(dir $(ANSIBLE_OPERATOR)) ;\ - curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.12.0/ansible-operator_$(OS)_$(ARCH) ;\ + curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.12.0/ansible-operator_$(OS)_$(ARCHA) ;\ chmod +x $(ANSIBLE_OPERATOR) ;\ } else @@ -165,7 +166,7 @@ ifeq (,$(shell which opm 2>/dev/null)) @{ \ set -e ;\ mkdir -p $(dir $(OPM)) ;\ - curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.15.1/$(OS)-$(ARCH)-opm ;\ + curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.15.1/$(OS)-$(ARCHA)-opm ;\ chmod +x $(OPM) ;\ } else @@ -199,14 +200,13 @@ catalog-push: ## Push a catalog image. .PHONY: kubectl-slice KUBECTL_SLICE = $(shell pwd)/bin/kubectl-slice -KUBECTL_SLICE_ARCH := $(shell uname -m | sed -e 's/amd64/x86_64/' -e 's/aarch64/arm64/') kubectl-slice: ## Download kubectl-slice locally if necessary. ifeq (,$(wildcard $(KUBECTL_SLICE))) ifeq (,$(shell which kubectl-slice 2>/dev/null)) @{ \ set -e ;\ mkdir -p $(dir $(KUBECTL_SLICE)) ;\ - curl -sSLo - https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.1.0/kubectl-slice_1.1.0_$(OS)_$(KUBECTL_SLICE_ARCH).tar.gz | \ + curl -sSLo - https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.1.0/kubectl-slice_1.1.0_$(OS)_$(ARCHX).tar.gz | \ tar xzf - -C bin/ kubectl-slice ;\ } else @@ -222,10 +222,10 @@ ifeq (,$(shell which helm 2>/dev/null)) @{ \ set -e ;\ mkdir -p $(dir $(HELM)) ;\ - curl -sSLo - https://get.helm.sh/helm-v3.8.0-$(OS)-$(ARCH).tar.gz | \ - tar xzf - -C bin/ $(OS)-$(ARCH)/helm ;\ - mv bin/$(OS)-$(ARCH)/helm bin/helm ;\ - rmdir bin/$(OS)-$(ARCH) ;\ + curl -sSLo - https://get.helm.sh/helm-v3.8.0-$(OS)-$(ARCHA).tar.gz | \ + tar xzf - -C bin/ $(OS)-$(ARCHA)/helm ;\ + mv bin/$(OS)-$(ARCHA)/helm bin/helm ;\ + rmdir bin/$(OS)-$(ARCHA) ;\ } else HELM = $(shell which helm) @@ -240,9 +240,9 @@ ifeq (,$(shell which yq 2>/dev/null)) @{ \ set -e ;\ mkdir -p $(dir $(HELM)) ;\ - curl -sSLo - https://github.com/mikefarah/yq/releases/download/v4.20.2/yq_$(OS)_$(ARCH).tar.gz | \ - tar xzf - -C bin/ yq_$(OS)_$(ARCH) ;\ - mv bin/yq_$(OS)_$(ARCH) bin/yq ;\ + curl -sSLo - https://github.com/mikefarah/yq/releases/download/v4.20.2/yq_$(OS)_$(ARCHA).tar.gz | \ + tar xzf - -C bin/ yq_$(OS)_$(ARCHA) ;\ + mv bin/yq_$(OS)_$(ARCHA) bin/yq ;\ } else YQ = $(shell which yq) @@ -257,7 +257,7 @@ ifeq (,$(shell which cr 2>/dev/null)) @{ \ set -e ;\ mkdir -p $(dir $(CR)) ;\ - curl -sSLo - https://github.com/helm/chart-releaser/releases/download/v1.3.0/chart-releaser_1.3.0_$(OS)_$(ARCH).tar.gz | \ + curl -sSLo - https://github.com/helm/chart-releaser/releases/download/v1.3.0/chart-releaser_1.3.0_$(OS)_$(ARCHA).tar.gz | \ tar xzf - -C bin/ cr ;\ } else From 5b7baa106dcd5ff4c088fe851c8993c3b55ed358 Mon Sep 17 00:00:00 2001 From: Mark Mercado Date: Thu, 31 Mar 2022 20:23:31 -0400 Subject: [PATCH 04/10] Adding CI for "make helm-chart" --- .github/workflows/helm-test.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .github/workflows/helm-test.yaml diff --git a/.github/workflows/helm-test.yaml b/.github/workflows/helm-test.yaml new file mode 100644 index 00000000..d31d0d90 --- /dev/null +++ b/.github/workflows/helm-test.yaml @@ -0,0 +1,22 @@ +name: helm-test + +on: + pull_request: + branches: [devel] + + push: + branches: [devel] + +jobs: + test: + runs-on: ubuntu-18.04 + steps: + + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Test make helm-chart + run: | + make helm-chart From 7f7226044509871810a5f1ca039bafbe98a9eb49 Mon Sep 17 00:00:00 2001 From: Mark Mercado Date: Wed, 6 Apr 2022 18:25:01 -0400 Subject: [PATCH 05/10] Adding document-start markers --- .github/workflows/helm-release.yaml | 1 + .github/workflows/helm-test.yaml | 1 + .helm/starter/Chart.yaml | 1 + 3 files changed, 3 insertions(+) diff --git a/.github/workflows/helm-release.yaml b/.github/workflows/helm-release.yaml index f303e25f..0d68ff57 100644 --- a/.github/workflows/helm-release.yaml +++ b/.github/workflows/helm-release.yaml @@ -1,3 +1,4 @@ +--- name: helm-release on: diff --git a/.github/workflows/helm-test.yaml b/.github/workflows/helm-test.yaml index d31d0d90..1890a1ae 100644 --- a/.github/workflows/helm-test.yaml +++ b/.github/workflows/helm-test.yaml @@ -1,3 +1,4 @@ +--- name: helm-test on: diff --git a/.helm/starter/Chart.yaml b/.helm/starter/Chart.yaml index 6563a586..efc98d55 100644 --- a/.helm/starter/Chart.yaml +++ b/.helm/starter/Chart.yaml @@ -1,3 +1,4 @@ +--- apiVersion: v2 appVersion: 0.1.0 description: A Helm chart for Kubernetes From beba6a900d08395395cb112844c3dfa80ac9c1ae Mon Sep 17 00:00:00 2001 From: Mark Mercado Date: Fri, 8 Apr 2022 16:43:59 -0400 Subject: [PATCH 06/10] Update kustomize build args for v4+ --- molecule/default/kustomize.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/molecule/default/kustomize.yml b/molecule/default/kustomize.yml index f3d888c2..75183ccf 100644 --- a/molecule/default/kustomize.yml +++ b/molecule/default/kustomize.yml @@ -1,7 +1,7 @@ --- - name: Build kustomize testing overlay # load_restrictor must be set to none so we can load patch files from the default overlay - command: '{{ kustomize }} build --load_restrictor none .' + command: '{{ kustomize }} build --load-restrictor LoadRestrictionsNone .' args: chdir: '{{ config_dir }}/testing' register: resources From 6cbc6a723472d1c1df12cbf0cf489862e01a193e Mon Sep 17 00:00:00 2001 From: Mark Mercado Date: Mon, 25 Apr 2022 20:58:54 -0400 Subject: [PATCH 07/10] Set CHART_OWNER as ${{ github.repository_owner }} --- .github/workflows/helm-release.yaml | 1 + Makefile | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/helm-release.yaml b/.github/workflows/helm-release.yaml index 0d68ff57..5b60ea95 100644 --- a/.github/workflows/helm-release.yaml +++ b/.github/workflows/helm-release.yaml @@ -40,3 +40,4 @@ jobs: env: VERSION: ${{ github.ref_name }} CR_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_REPO_OWNER: ${{ github.repository_owner }} diff --git a/Makefile b/Makefile index 31941e46..bacb5f4f 100644 --- a/Makefile +++ b/Makefile @@ -51,7 +51,7 @@ NAMESPACE ?= awx # Helm variables CHART_NAME ?= awx-operator CHART_DESCRIPTION ?= A Helm chart for the AWX Operator -CHART_OWNER ?= ansible +CHART_OWNER ?= $(GH_REPO_OWNER) CHART_REPO ?= awx-operator CHART_BRANCH ?= gh-pages CHART_INDEX ?= index.yaml From b7e5f235adea5de475365bb48b8c6a4540446d84 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Fri, 29 Apr 2022 08:39:10 -0400 Subject: [PATCH 08/10] Fix yq target Without this I was seeing: $ make yq tar: yq_linux_amd64: Not found in archive tar: Exiting with failure status due to previous errors make: *** [Makefile:240: yq] Error 2 --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index bacb5f4f..20cf623a 100644 --- a/Makefile +++ b/Makefile @@ -241,7 +241,7 @@ ifeq (,$(shell which yq 2>/dev/null)) set -e ;\ mkdir -p $(dir $(HELM)) ;\ curl -sSLo - https://github.com/mikefarah/yq/releases/download/v4.20.2/yq_$(OS)_$(ARCHA).tar.gz | \ - tar xzf - -C bin/ yq_$(OS)_$(ARCHA) ;\ + tar xzf - -C bin/ ;\ mv bin/yq_$(OS)_$(ARCHA) bin/yq ;\ } else From 191be7bf3c6691dd65967b45ecbddef9d35b0716 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Mon, 2 May 2022 12:30:57 -0400 Subject: [PATCH 09/10] Run test helm install in CI --- .github/workflows/ci.yaml | 29 +++++++++++++++++++++++++++-- .github/workflows/helm-test.yaml | 23 ----------------------- 2 files changed, 27 insertions(+), 25 deletions(-) delete mode 100644 .github/workflows/helm-test.yaml diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 17c888e6..2b151845 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -10,9 +10,9 @@ on: branches: [devel] jobs: - pull_request: + molecule: runs-on: ubuntu-18.04 - name: pull_request + name: molecule env: DOCKER_API_VERSION: "1.38" steps: @@ -39,3 +39,28 @@ jobs: sudo rm -f $(which kustomize) make kustomize KUSTOMIZE_PATH=$(readlink -f bin/kustomize) molecule test -s kind + helm: + runs-on: ubuntu-18.04 + name: helm + steps: + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Create k8s Kind Cluster + uses: helm/kind-action@v1.2.0 + + - name: Build operator image and load into kind + run: | + IMG=awx-operator-ci make docker-build + kind load docker-image --name chart-testing awx-operator-ci + + - name: Patch pull policy for tests + run: | + kustomize edit add patch --path ../testing/pull_policy/Never.yaml + working-directory: config/default + + - name: Build and install helm chart + run: | + IMG=awx-operator-ci make helm-chart + helm install --wait my-awx-operator ./charts/awx-operator diff --git a/.github/workflows/helm-test.yaml b/.github/workflows/helm-test.yaml deleted file mode 100644 index 1890a1ae..00000000 --- a/.github/workflows/helm-test.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -name: helm-test - -on: - pull_request: - branches: [devel] - - push: - branches: [devel] - -jobs: - test: - runs-on: ubuntu-18.04 - steps: - - - name: Checkout - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - - name: Test make helm-chart - run: | - make helm-chart From 46586bd7b67f3addf50dd3439d35ad98c7660068 Mon Sep 17 00:00:00 2001 From: Shane McDonald Date: Mon, 2 May 2022 12:35:39 -0400 Subject: [PATCH 10/10] Rework helm release process This was mostly me working around a limitation in chart-releaser where it does not allow for uploading a chart to an existing release. --- .github/workflows/helm-release.yaml | 43 -------------------------- .github/workflows/promote.yaml | 15 +++++++++ .gitignore | 2 ++ Makefile | 26 ++++++++-------- README.md | 5 +-- ansible/helm-release.yml | 47 +++++++++++++++++++++++++++++ charts/.gitkeep | 0 7 files changed, 81 insertions(+), 57 deletions(-) delete mode 100644 .github/workflows/helm-release.yaml create mode 100644 ansible/helm-release.yml delete mode 100644 charts/.gitkeep diff --git a/.github/workflows/helm-release.yaml b/.github/workflows/helm-release.yaml deleted file mode 100644 index 5b60ea95..00000000 --- a/.github/workflows/helm-release.yaml +++ /dev/null @@ -1,43 +0,0 @@ ---- -name: helm-release - -on: - release: - types: [published] - -jobs: - release: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - - name: Configure Git - run: | - git config user.name "$GITHUB_ACTOR" - git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - - - name: Install Helm - uses: azure/setup-helm@v1 - with: - version: v3.7.1 - - - name: Create Helm chart - run: | - echo VERSION: $VERSION - make helm-chart - env: - VERSION: ${{ github.ref_name }} - - # Reinventing the wheel if/until https://github.com/helm/chart-releaser-action/pull/96 is merged - - name: Release Helm chart - run: | - echo VERSION: $VERSION - make helm-release - env: - VERSION: ${{ github.ref_name }} - CR_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GH_REPO_OWNER: ${{ github.repository_owner }} diff --git a/.github/workflows/promote.yaml b/.github/workflows/promote.yaml index 68d88bfa..09036e17 100644 --- a/.github/workflows/promote.yaml +++ b/.github/workflows/promote.yaml @@ -8,6 +8,8 @@ jobs: promote: runs-on: ubuntu-latest steps: + - uses: actions/checkout@v2 + - name: Log in to GHCR run: | echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin @@ -23,3 +25,16 @@ jobs: docker tag ghcr.io/${{ github.repository }}:${{ github.event.release.tag_name }} quay.io/${{ github.repository }}:latest docker push quay.io/${{ github.repository }}:${{ github.event.release.tag_name }} docker push quay.io/${{ github.repository }}:latest + + - name: Configure git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Release Helm chart + run: | + ansible-playbook ansible/helm-release.yml -v \ + -e operator_image=quay.io/${{ github.repository }} \ + -e chart_owner=${{ github.repository_owner }} \ + -e tag=${{ github.event.release.tag_name }} \ + -e gh_token=${{ secrets.GITHUB_TOKEN }} diff --git a/.gitignore b/.gitignore index d154a6f2..a0e23105 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,5 @@ /bundle /bundle_tmp* /bundle.Dockerfile +/charts +/.cr-release-packages diff --git a/Makefile b/Makefile index 20cf623a..7cfdf95b 100644 --- a/Makefile +++ b/Makefile @@ -265,8 +265,11 @@ CR = $(shell which cr) endif endif +charts: + mkdir -p $@ + .PHONY: helm-chart -helm-chart: kustomize helm kubectl-slice yq +helm-chart: kustomize helm kubectl-slice yq charts @echo "== KUSTOMIZE (image and namespace) ==" cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} cd config/default && $(KUSTOMIZE) edit set namespace ${NAMESPACE} @@ -285,27 +288,25 @@ helm-chart: kustomize helm kubectl-slice yq cd config/default && $(KUSTOMIZE) edit set annotation helm.sh/chart:$(CHART_NAME)-$(VERSION) @echo "== SLICE ==" - $(KUSTOMIZE) build config/default | \ + $(KUSTOMIZE) build --load-restrictor LoadRestrictionsNone config/default | \ $(KUBECTL_SLICE) --input-file=- \ --output-dir=charts/$(CHART_NAME)/templates \ --sort-by-kind @echo "Helm Chart $(VERSION)" > charts/$(CHART_NAME)/templates/NOTES.txt -.PHONY: helm-release -helm-release: cr helm-chart - $(CR) version + +.PHONY: helm-package +helm-package: cr helm-chart @echo "== CHART RELEASER (package) ==" $(CR) package ./charts/awx-operator - @echo "== CHART RELEASER (upload) ==" - $(CR) upload \ - --owner "$(CHART_OWNER)" \ - --git-repo "$(CHART_REPO)" \ - --token "$(CR_TOKEN)" \ - --skip-existing +# The actual release happens in ansible/helm-release.yml +# until https://github.com/helm/chart-releaser/issues/122 happens +.PHONY: helm-index +helm-index: cr helm-chart @echo "== CHART RELEASER (httpsorigin) ==" git remote add httpsorigin "https://github.com/$(CHART_OWNER)/$(CHART_REPO).git" - git fetch --all + git fetch httpsorigin @echo "== CHART RELEASER (index) ==" $(CR) index \ @@ -316,4 +317,5 @@ helm-release: cr helm-chart --index-path "./charts/$(CHART_INDEX)" \ --charts-repo "https://$(CHART_OWNER).github.io/$(CHART_REPO)/$(CHART_INDEX)" \ --remote httpsorigin \ + --release-name-template="{{ .Version }}" \ --push diff --git a/README.md b/README.md index 1c7d0e2a..27b20de7 100644 --- a/README.md +++ b/README.md @@ -1084,9 +1084,10 @@ The first step is to create a draft release. Typically this will happen in the [ If you need to do an independent release of the operator, you can run the [Stage Release](https://github.com/ansible/awx-operator/blob/devel/.github/workflows/stage.yml) in the awx-operator repo. Both of these workflows will run smoke tests, so there is no need to do this manually. -After the draft release is created, publish it and the [Promote AWX Operator image](https://github.com/ansible/awx-operator/blob/devel/.github/workflows/promote.yaml) will run, publishing the image to Quay. +After the draft release is created, publish it and the [Promote AWX Operator image](https://github.com/ansible/awx-operator/blob/devel/.github/workflows/promote.yaml) will run, which will: -The [Helm release](https://github.com/ansible/awx-operator/blob/devel/.github/workflows/helm-release.yaml) workflow will create and publish a release for every tag. +- Publish image to Quay +- Release Helm chart ## Author diff --git a/ansible/helm-release.yml b/ansible/helm-release.yml new file mode 100644 index 00000000..7fca49d0 --- /dev/null +++ b/ansible/helm-release.yml @@ -0,0 +1,47 @@ +--- +- hosts: localhost + vars: + chart_repo: awx-operator + tasks: + - name: Look up release + uri: + url: "https://api.github.com/repos/{{ chart_owner }}/{{ chart_repo }}/releases/tags/{{ tag }}" + register: release + ignore_errors: yes + + - fail: + msg: | + Release must exist before running this playbook + when: release is not success + + - name: Build and package helm chart + command: | + make helm-chart helm-package + environment: + VERSION: "{{ tag }}" + IMAGE_TAG_BASE: "{{ operator_image }}" + args: + chdir: "{{ playbook_dir }}/../" + + # Move to chart releaser after https://github.com/helm/chart-releaser/issues/122 exists + - name: Upload helm chart + uri: + url: "https://uploads.github.com/repos/{{ chart_owner }}/{{ chart_repo }}/releases/{{ release.json.id }}/assets?name=awx-operator-{{ tag }}.tgz" + src: "{{ playbook_dir }}/../.cr-release-packages/awx-operator-{{ tag }}.tgz" + headers: + Authorization: "token {{ gh_token }}" + Content-Type: "application/octet-stream" + status_code: + - 200 + - 201 + register: asset_upload + changed_when: asset_upload.json.state == "uploaded" + + - name: Publish helm index + command: | + make helm-index + environment: + CHART_OWNER: "{{ chart_owner }}" + CR_TOKEN: "{{ gh_token }}" + args: + chdir: "{{ playbook_dir }}/../" diff --git a/charts/.gitkeep b/charts/.gitkeep deleted file mode 100644 index e69de29b..00000000