diff --git a/.gitignore b/.gitignore index 0683651..3760c0f 100644 --- a/.gitignore +++ b/.gitignore @@ -19,3 +19,5 @@ /_public # Additional entries +/.kind +/.work diff --git a/Makefile b/Makefile index 0646f90..c5077cd 100644 --- a/Makefile +++ b/Makefile @@ -12,6 +12,7 @@ SHELL := bash .SUFFIXES: include Makefile.vars.mk +include kind/kind.mk .PHONY: help help: ## Show this help @@ -87,6 +88,14 @@ lint_kubent_all: $(test_instances) ## Lint deprecated Kubernetes API versions fo $(test_instances): $(MAKE) $(recursive_target) -e instance=$(basename $(@F)) +.PHONY: install +install: export KUBECONFIG = $(KIND_KUBECONFIG) +install: kind-setup .compile ## Install operator in a local cluster and install Prometheus Operator using the *-bundle.yaml file in the Prometheus Operator GitHub repository + kubectl create ns syn-crossplane + kubectl create -f https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/master/bundle.yaml + kubectl apply -f kind/prometheus-operator-cluster-role-binding.yaml + kubectl apply -R -n syn-crossplane -f compiled/crossplane/crossplane + .PHONY: clean clean: ## Clean the project rm -rf .cache compiled dependencies vendor helmcharts jsonnetfile*.json || true diff --git a/Makefile.vars.mk b/Makefile.vars.mk index f7e4ccf..9ae1b5d 100644 --- a/Makefile.vars.mk +++ b/Makefile.vars.mk @@ -7,6 +7,16 @@ # The component name is hard-coded from the template COMPONENT_NAME ?= crossplane +PROJECT_ROOT_DIR = . +PROJECT_NAME ?= crossplane +PROJECT_OWNER ?= projectsyn + +## BUILD:go +BIN_FILENAME ?= $(PROJECT_NAME) +go_bin ?= $(PWD)/.work/bin +$(go_bin): + @mkdir -p $@ + git_dir ?= $(shell git rev-parse --git-common-dir) compiled_path ?= compiled/$(COMPONENT_NAME)/$(COMPONENT_NAME) root_volume ?= -v "$${PWD}:/$(COMPONENT_NAME)" @@ -52,9 +62,17 @@ JB_CMD ?= $(DOCKER_CMD) $(DOCKER_ARGS) --entrypoint /usr/local/bin/jb do GOLDEN_FILES ?= $(shell find tests/golden/$(instance) -type f) KUBENT_FILES ?= $(shell echo "$(GOLDEN_FILES)" | sed 's/ /,/g') -KUBENT_ARGS ?= -c=false --helm2=false --helm3=false -e +KUBENT_ARGS ?= -c=false --helm3=false -e KUBENT_IMAGE ?= ghcr.io/doitintl/kube-no-trouble:latest KUBENT_DOCKER ?= $(DOCKER_CMD) $(DOCKER_ARGS) $(root_volume) --entrypoint=/app/kubent $(KUBENT_IMAGE) instance ?= defaults test_instances = tests/defaults.yml tests/defaults-with-provider.yml tests/openshift4.yml tests/openshift4-with-provider.yml + +## KIND setup (local testing) + +# https://hub.docker.com/r/kindest/node/tags +KIND_NODE_VERSION ?= v1.24.0 +KIND_IMAGE ?= docker.io/kindest/node:$(KIND_NODE_VERSION) +KIND_KUBECONFIG ?= $(kind_dir)/kind-kubeconfig-$(KIND_NODE_VERSION) +KIND_CLUSTER ?= $(PROJECT_NAME)-$(KIND_NODE_VERSION) diff --git a/README.md b/README.md index 8a8fb73..7261323 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,14 @@ Run the `make docs-serve` command in the root of the project, and then browse to After writing the documentation, please use the `make docs-vale` command and correct any warnings raised by the tool. +## Local installation for testing purposes + +`make install` allows you to install the operator in a local (kind) cluster. + +The target installs the component Crossplane in a local cluster. This component uses [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator#quickstart). + +Note: the namespace in the ClusterRoleBinding needs to be updated as we're deploying in a namespace other than the default namespace, that's why we have `kind/prometheus-operator-cluster-role-binding.yaml` + ## Contributing and license This library is licensed under [BSD-3-Clause](LICENSE). diff --git a/class/crossplane.yml b/class/crossplane.yml index 4879c24..0476db3 100644 --- a/class/crossplane.yml +++ b/class/crossplane.yml @@ -23,11 +23,6 @@ parameters: name: ${_instance} namespace: ${crossplane:namespace} output_path: crossplane/01_helmchart - - input_type: jsonnet - input_paths: - - crossplane/component/upgrade.jsonnet - output_type: yaml - output_path: crossplane/02_upgrade commodore: postprocess: filters: diff --git a/class/defaults.yml b/class/defaults.yml index d9d3427..6670baa 100644 --- a/class/defaults.yml +++ b/class/defaults.yml @@ -45,3 +45,5 @@ parameters: enabled: ${crossplane:monitoring:enabled} webhooks: enabled: true + rbacManager: + managementPolicy: Basic diff --git a/component/upgrade.jsonnet b/component/upgrade.jsonnet deleted file mode 100644 index 41695df..0000000 --- a/component/upgrade.jsonnet +++ /dev/null @@ -1,116 +0,0 @@ -local kap = import 'lib/kapitan.libjsonnet'; -local kube = import 'lib/kube.libjsonnet'; -local inv = kap.inventory(); -local params = inv.parameters.crossplane; - -local crds = [ - 'compositeresourcedefinitions.apiextensions.crossplane.io', - 'providerrevisions.pkg.crossplane.io', - 'configurationrevisions.pkg.crossplane.io', - 'controllerconfigs.pkg.crossplane.io', - 'configurations.pkg.crossplane.io', - 'locks.pkg.crossplane.io', - 'compositions.apiextensions.crossplane.io', - 'providers.pkg.crossplane.io', -]; - -local upgradeScript = importstr './upgrade/patch.sh'; - -local name = 'crossplane-crd-upgrade'; - -local role = kube.ClusterRole(name) { - metadata+: { - namespace: params.namespace, - annotations+: { - 'argocd.argoproj.io/hook': 'PreSync', - 'argocd.argoproj.io/hook-delete-policy': 'HookSucceeded', - }, - }, - rules: [ - { - apiGroups: [ 'apiextensions.k8s.io' ], - resources: [ 'customresourcedefinitions' ], - verbs: [ 'get', 'patch' ], - }, - { - apiGroups: [ 'pkg.crossplane.io' ], - resources: [ 'locks' ], - verbs: [ 'get', 'patch', 'list' ], - }, - { - apiGroups: [ 'pkg.crossplane.io' ], - resources: [ 'providers' ], - verbs: [ 'get', 'patch', 'list' ], - }, - { - apiGroups: [ 'pkg.crossplane.io' ], - resources: [ 'configurations' ], - verbs: [ 'get', 'patch', 'list' ], - }, - ], -}; - -local serviceAccount = kube.ServiceAccount(name) { - metadata+: { - namespace: params.namespace, - annotations+: { - 'argocd.argoproj.io/hook': 'PreSync', - 'argocd.argoproj.io/hook-delete-policy': 'HookSucceeded', - }, - }, -}; - -local roleBinding = kube.ClusterRoleBinding(name) { - metadata+: { - namespace: params.namespace, - annotations+: { - 'argocd.argoproj.io/hook': 'PreSync', - 'argocd.argoproj.io/hook-delete-policy': 'HookSucceeded', - }, - }, - subjects_: [ serviceAccount ], - roleRef_: role, -}; - -local job = kube.Job(name) { - metadata+: { - namespace: params.namespace, - annotations+: { - 'argocd.argoproj.io/hook': 'PreSync', - 'argocd.argoproj.io/hook-delete-policy': 'HookSucceeded', - }, - }, - spec+: { - template+: { - spec+: { - serviceAccountName: serviceAccount.metadata.name, - containers_+: { - patch_crds: kube.Container(name) { - image: '%s/%s:%s' % [ params.images.kubectl.registry, params.images.kubectl.image, params.images.kubectl.tag ], - command: [ 'sh' ], - args: [ '-eu', '-c', upgradeScript ], - env: [ - { name: 'CRDS_TO_PATCH', value: std.join(' ', crds) }, - { name: 'HOME', value: '/upgrade' }, - ], - volumeMounts: [ - { name: 'upgrade', mountPath: '/upgrade' }, - ], - }, - }, - volumes+: [ - { name: 'upgrade', emptyDir: {} }, - ], - }, - }, - }, -}; - -{ - '00_upgrade': [ - role, - serviceAccount, - roleBinding, - job, - ], -} diff --git a/component/upgrade/patch.sh b/component/upgrade/patch.sh deleted file mode 100644 index ccab728..0000000 --- a/component/upgrade/patch.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash -set -e - -#Patch CRDS so that ArgoCD does not delete them during upgrade -for crd in $CRDS_TO_PATCH; do - if ! kubectl get crd "${crd}" >/dev/null 2>&1; then - echo >&2 "WARNING: Skipping '${crd}': not found." - continue - fi - - #Remove ArgoCD managed-by label from the CRD - kubectl label crd "${crd}" argocd.argoproj.io/instance- -done - -#Locks are not managed anymore in the helm chart therefore remove them from ArgoCD sync cycle -for lock in $(kubectl get locks -o name); do - #Remove ArgoCD managed-by label from the Lock - kubectl label "$lock" argocd.argoproj.io/instance- -done - -#Patch providers so that ArgoCD does not delete them during upgrade -for provider in $(kubectl get providers -o name); do - #Annotate ArgoCD sync-options - kubectl annotate "$provider" --overwrite argocd.argoproj.io/sync-options=Prune=false -done - -#Patch configurations so that ArgoCD does not delete them during upgrade -for configuration in $(kubectl get configurations -o name); do - #Annotate ArgoCD sync-options - kubectl annotate "$configuration" --overwrite argocd.argoproj.io/sync-options=Prune=false -done diff --git a/docs/modules/ROOT/pages/how-tos/upgrade-1.1.1-1.7.x.adoc b/docs/modules/ROOT/pages/how-tos/upgrade-1.2.x-and-subsequet.adoc similarity index 73% rename from docs/modules/ROOT/pages/how-tos/upgrade-1.1.1-1.7.x.adoc rename to docs/modules/ROOT/pages/how-tos/upgrade-1.2.x-and-subsequet.adoc index f0597c3..9075251 100644 --- a/docs/modules/ROOT/pages/how-tos/upgrade-1.1.1-1.7.x.adoc +++ b/docs/modules/ROOT/pages/how-tos/upgrade-1.2.x-and-subsequet.adoc @@ -1,6 +1,6 @@ -= Upgrade from v1.x to v2.x += Upgrading to v1.2.x and Subsequent Versions -This guide describes the steps to perform an upgrade of the component from version v1.x to v2.x +This guide describes the steps to perform an upgrade of the component from version v1.x to v1.2.x and subsequent versions. == Step-by-step guide @@ -13,4 +13,6 @@ An automated PreSync Hook during migration will ensure that CRDs aren't deleted. All CRDs are expected to use api version _v1_ (stored version) while on component version _1.1.1_ with exception to Locks and ControllerConfig. The Lock object is no longer managed by the HelmChart in Crossplane 1.7 therefore it will be ignored during migration by ArgoCD. ControllerConfig CRD hasn't received any updates. - ==== +==== + +For more information, please refer to https://docs.crossplane.io/v1.10/guides/upgrading-to-v1.x/#upgrading-to-v12x-and-subsequent-versions diff --git a/docs/modules/ROOT/pages/index.adoc b/docs/modules/ROOT/pages/index.adoc index d4ec49d..d336fbf 100644 --- a/docs/modules/ROOT/pages/index.adoc +++ b/docs/modules/ROOT/pages/index.adoc @@ -1,5 +1,13 @@ = Crossplane +[discrete] +== Introduction + crossplane is a Commodore component to manage Crossplane. See the xref:references/parameters.adoc[parameters] reference for further details. + +[discrete] +== Documentation + +How-to guides:: _Problem-oriented_: step-by-step guides to achieve a goal. diff --git a/docs/modules/ROOT/partials/nav.adoc b/docs/modules/ROOT/partials/nav.adoc index 08f9283..e3a5679 100644 --- a/docs/modules/ROOT/partials/nav.adoc +++ b/docs/modules/ROOT/partials/nav.adoc @@ -1,2 +1,5 @@ * xref:index.adoc[Home] * xref:references/parameters.adoc[Parameters] + +.How To +* xref:how-tos/upgrade-1.2.x-and-subsequet.adoc[Upgrade version] diff --git a/kind/config.yaml b/kind/config.yaml new file mode 100644 index 0000000..d56f81d --- /dev/null +++ b/kind/config.yaml @@ -0,0 +1,21 @@ +kind: Cluster +apiVersion: kind.x-k8s.io/v1alpha4 +nodes: + - role: control-plane + kubeadmConfigPatches: + - | + kind: InitConfiguration + nodeRegistration: + kubeletExtraArgs: + node-labels: "ingress-ready=true" + extraPortMappings: + - containerPort: 80 + hostPort: 8081 + protocol: TCP + - containerPort: 443 + hostPort: 8443 + protocol: TCP + # registry can't be sensibly exposed via Ingress under 127.0.0.0.nip.io host with subpath + - containerPort: 30500 + hostPort: 5000 + protocol: TCP diff --git a/kind/kind.mk b/kind/kind.mk new file mode 100644 index 0000000..c801d83 --- /dev/null +++ b/kind/kind.mk @@ -0,0 +1,50 @@ +kind_dir ?= $(PWD)/.kind +kind_bin = $(go_bin)/kind + +# Prepare kind binary +$(kind_bin): export GOOS = $(shell go env GOOS) +$(kind_bin): export GOARCH = $(shell go env GOARCH) +$(kind_bin): export GOBIN = $(go_bin) +$(kind_bin): | $(go_bin) + go install sigs.k8s.io/kind@latest + +.PHONY: kind +kind: export KUBECONFIG = $(KIND_KUBECONFIG) +kind: kind-setup-ingress kind-load-image ## All-in-one kind target + +.PHONY: kind-setup +kind-setup: export KUBECONFIG = $(KIND_KUBECONFIG) +kind-setup: $(KIND_KUBECONFIG) ## Creates the kind cluster + +.PHONY: kind-setup-ingress +kind-setup-ingress: export KUBECONFIG = $(KIND_KUBECONFIG) +kind-setup-ingress: kind-setup ## Install NGINX as ingress controller onto kind cluster (localhost:8081) + kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml + +.PHONY: kind-load-image +# We fix the arch to linux/amd64 since kind runs in amd64 even on Mac/arm. +kind-load-image: export GOOS = linux +kind-load-image: export GOARCH = amd64 +kind-load-image: kind-setup build-docker ## Load the container image onto kind cluster + @$(kind_bin) load docker-image --name $(KIND_CLUSTER) $(CONTAINER_IMG) + +.PHONY: kind-clean +kind-clean: export KUBECONFIG = $(KIND_KUBECONFIG) +kind-clean: delete-samples +kind-clean: ## Removes the kind Cluster + @$(kind_bin) delete cluster --name $(KIND_CLUSTER) || true + rm -rf $(kind_dir) $(kind_bin) + +$(KIND_KUBECONFIG): export KUBECONFIG = $(KIND_KUBECONFIG) +$(KIND_KUBECONFIG): $(kind_bin) + $(kind_bin) create cluster \ + --name $(KIND_CLUSTER) \ + --image $(KIND_IMAGE) \ + --config kind/config.yaml + @kubectl version + @kubectl cluster-info + @kubectl config use-context kind-$(KIND_CLUSTER) + @echo ======= + @echo "Setup finished. To interact with the local dev cluster, set the KUBECONFIG environment variable as follows:" + @echo "export KUBECONFIG=$$(realpath "$(KIND_KUBECONFIG)")" + @echo ======= diff --git a/kind/prometheus-operator-cluster-role-binding.yaml b/kind/prometheus-operator-cluster-role-binding.yaml new file mode 100644 index 0000000..ca71d7f --- /dev/null +++ b/kind/prometheus-operator-cluster-role-binding.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/name: prometheus-operator + app.kubernetes.io/version: 0.62.0 + name: prometheus-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: prometheus-operator +subjects: + - kind: ServiceAccount + name: prometheus-operator + namespace: syn-crossplane diff --git a/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-deployment.yaml b/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-deployment.yaml index f67c252..83bd9e8 100644 --- a/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-deployment.yaml +++ b/tests/golden/defaults-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-deployment.yaml @@ -41,7 +41,7 @@ spec: - args: - rbac - start - - --manage=All + - --manage=Basic - --provider-clusterrole=crossplane:allowed-provider-permissions env: - name: LEADER_ELECTION diff --git a/tests/golden/defaults-with-provider/crossplane/crossplane/02_upgrade/00_upgrade.yaml b/tests/golden/defaults-with-provider/crossplane/crossplane/02_upgrade/00_upgrade.yaml deleted file mode 100644 index af64f34..0000000 --- a/tests/golden/defaults-with-provider/crossplane/crossplane/02_upgrade/00_upgrade.yaml +++ /dev/null @@ -1,138 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - argocd.argoproj.io/hook: PreSync - argocd.argoproj.io/hook-delete-policy: HookSucceeded - labels: - name: crossplane-crd-upgrade - name: crossplane-crd-upgrade - namespace: syn-crossplane -rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - patch - - apiGroups: - - pkg.crossplane.io - resources: - - locks - verbs: - - get - - patch - - list - - apiGroups: - - pkg.crossplane.io - resources: - - providers - verbs: - - get - - patch - - list - - apiGroups: - - pkg.crossplane.io - resources: - - configurations - verbs: - - get - - patch - - list ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: - argocd.argoproj.io/hook: PreSync - argocd.argoproj.io/hook-delete-policy: HookSucceeded - labels: - name: crossplane-crd-upgrade - name: crossplane-crd-upgrade - namespace: syn-crossplane ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - argocd.argoproj.io/hook: PreSync - argocd.argoproj.io/hook-delete-policy: HookSucceeded - labels: - name: crossplane-crd-upgrade - name: crossplane-crd-upgrade - namespace: syn-crossplane -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: crossplane-crd-upgrade -subjects: - - kind: ServiceAccount - name: crossplane-crd-upgrade - namespace: syn-crossplane ---- -apiVersion: batch/v1 -kind: Job -metadata: - annotations: - argocd.argoproj.io/hook: PreSync - argocd.argoproj.io/hook-delete-policy: HookSucceeded - labels: - name: crossplane-crd-upgrade - name: crossplane-crd-upgrade - namespace: syn-crossplane -spec: - completions: 1 - parallelism: 1 - template: - metadata: - labels: - name: crossplane-crd-upgrade - spec: - containers: - - args: - - -eu - - -c - - "#!/bin/bash\nset -e\n\n#Patch CRDS so that ArgoCD does not delete them\ - \ during upgrade\nfor crd in $CRDS_TO_PATCH; do\n\tif ! kubectl get\ - \ crd \"${crd}\" >/dev/null 2>&1; then\n\t\techo >&2 \"WARNING: Skipping\ - \ '${crd}': not found.\"\n\t\tcontinue\n\tfi\n\n\t#Remove ArgoCD managed-by\ - \ label from the CRD\n\tkubectl label crd \"${crd}\" argocd.argoproj.io/instance-\n\ - done\n\n#Locks are not managed anymore in the helm chart therefore remove\ - \ them from ArgoCD sync cycle\nfor lock in $(kubectl get locks -o name);\ - \ do\n\t#Remove ArgoCD managed-by label from the Lock\n\tkubectl label\ - \ \"$lock\" argocd.argoproj.io/instance-\ndone\n\n#Patch providers so\ - \ that ArgoCD does not delete them during upgrade\nfor provider in $(kubectl\ - \ get providers -o name); do\n\t#Annotate ArgoCD sync-options\n\tkubectl\ - \ annotate \"$provider\" --overwrite argocd.argoproj.io/sync-options=Prune=false\n\ - done\n\n#Patch configurations so that ArgoCD does not delete them during\ - \ upgrade\nfor configuration in $(kubectl get configurations -o name);\ - \ do\n\t#Annotate ArgoCD sync-options\n\tkubectl annotate \"$configuration\"\ - \ --overwrite argocd.argoproj.io/sync-options=Prune=false\ndone\n" - command: - - sh - env: - - name: CRDS_TO_PATCH - value: compositeresourcedefinitions.apiextensions.crossplane.io providerrevisions.pkg.crossplane.io - configurationrevisions.pkg.crossplane.io controllerconfigs.pkg.crossplane.io - configurations.pkg.crossplane.io locks.pkg.crossplane.io compositions.apiextensions.crossplane.io - providers.pkg.crossplane.io - - name: HOME - value: /upgrade - image: docker.io/bitnami/kubectl:1.25.4 - imagePullPolicy: IfNotPresent - name: crossplane-crd-upgrade - ports: [] - stdin: false - tty: false - volumeMounts: - - mountPath: /upgrade - name: upgrade - imagePullSecrets: [] - initContainers: [] - restartPolicy: OnFailure - serviceAccountName: crossplane-crd-upgrade - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: {} - name: upgrade diff --git a/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-deployment.yaml b/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-deployment.yaml index f67c252..83bd9e8 100644 --- a/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-deployment.yaml +++ b/tests/golden/defaults/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-deployment.yaml @@ -41,7 +41,7 @@ spec: - args: - rbac - start - - --manage=All + - --manage=Basic - --provider-clusterrole=crossplane:allowed-provider-permissions env: - name: LEADER_ELECTION diff --git a/tests/golden/defaults/crossplane/crossplane/02_upgrade/00_upgrade.yaml b/tests/golden/defaults/crossplane/crossplane/02_upgrade/00_upgrade.yaml deleted file mode 100644 index af64f34..0000000 --- a/tests/golden/defaults/crossplane/crossplane/02_upgrade/00_upgrade.yaml +++ /dev/null @@ -1,138 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - argocd.argoproj.io/hook: PreSync - argocd.argoproj.io/hook-delete-policy: HookSucceeded - labels: - name: crossplane-crd-upgrade - name: crossplane-crd-upgrade - namespace: syn-crossplane -rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - patch - - apiGroups: - - pkg.crossplane.io - resources: - - locks - verbs: - - get - - patch - - list - - apiGroups: - - pkg.crossplane.io - resources: - - providers - verbs: - - get - - patch - - list - - apiGroups: - - pkg.crossplane.io - resources: - - configurations - verbs: - - get - - patch - - list ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: - argocd.argoproj.io/hook: PreSync - argocd.argoproj.io/hook-delete-policy: HookSucceeded - labels: - name: crossplane-crd-upgrade - name: crossplane-crd-upgrade - namespace: syn-crossplane ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - argocd.argoproj.io/hook: PreSync - argocd.argoproj.io/hook-delete-policy: HookSucceeded - labels: - name: crossplane-crd-upgrade - name: crossplane-crd-upgrade - namespace: syn-crossplane -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: crossplane-crd-upgrade -subjects: - - kind: ServiceAccount - name: crossplane-crd-upgrade - namespace: syn-crossplane ---- -apiVersion: batch/v1 -kind: Job -metadata: - annotations: - argocd.argoproj.io/hook: PreSync - argocd.argoproj.io/hook-delete-policy: HookSucceeded - labels: - name: crossplane-crd-upgrade - name: crossplane-crd-upgrade - namespace: syn-crossplane -spec: - completions: 1 - parallelism: 1 - template: - metadata: - labels: - name: crossplane-crd-upgrade - spec: - containers: - - args: - - -eu - - -c - - "#!/bin/bash\nset -e\n\n#Patch CRDS so that ArgoCD does not delete them\ - \ during upgrade\nfor crd in $CRDS_TO_PATCH; do\n\tif ! kubectl get\ - \ crd \"${crd}\" >/dev/null 2>&1; then\n\t\techo >&2 \"WARNING: Skipping\ - \ '${crd}': not found.\"\n\t\tcontinue\n\tfi\n\n\t#Remove ArgoCD managed-by\ - \ label from the CRD\n\tkubectl label crd \"${crd}\" argocd.argoproj.io/instance-\n\ - done\n\n#Locks are not managed anymore in the helm chart therefore remove\ - \ them from ArgoCD sync cycle\nfor lock in $(kubectl get locks -o name);\ - \ do\n\t#Remove ArgoCD managed-by label from the Lock\n\tkubectl label\ - \ \"$lock\" argocd.argoproj.io/instance-\ndone\n\n#Patch providers so\ - \ that ArgoCD does not delete them during upgrade\nfor provider in $(kubectl\ - \ get providers -o name); do\n\t#Annotate ArgoCD sync-options\n\tkubectl\ - \ annotate \"$provider\" --overwrite argocd.argoproj.io/sync-options=Prune=false\n\ - done\n\n#Patch configurations so that ArgoCD does not delete them during\ - \ upgrade\nfor configuration in $(kubectl get configurations -o name);\ - \ do\n\t#Annotate ArgoCD sync-options\n\tkubectl annotate \"$configuration\"\ - \ --overwrite argocd.argoproj.io/sync-options=Prune=false\ndone\n" - command: - - sh - env: - - name: CRDS_TO_PATCH - value: compositeresourcedefinitions.apiextensions.crossplane.io providerrevisions.pkg.crossplane.io - configurationrevisions.pkg.crossplane.io controllerconfigs.pkg.crossplane.io - configurations.pkg.crossplane.io locks.pkg.crossplane.io compositions.apiextensions.crossplane.io - providers.pkg.crossplane.io - - name: HOME - value: /upgrade - image: docker.io/bitnami/kubectl:1.25.4 - imagePullPolicy: IfNotPresent - name: crossplane-crd-upgrade - ports: [] - stdin: false - tty: false - volumeMounts: - - mountPath: /upgrade - name: upgrade - imagePullSecrets: [] - initContainers: [] - restartPolicy: OnFailure - serviceAccountName: crossplane-crd-upgrade - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: {} - name: upgrade diff --git a/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-deployment.yaml b/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-deployment.yaml index 1456d6f..797855b 100644 --- a/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-deployment.yaml +++ b/tests/golden/openshift4-with-provider/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-deployment.yaml @@ -41,7 +41,7 @@ spec: - args: - rbac - start - - --manage=All + - --manage=Basic - --provider-clusterrole=crossplane:allowed-provider-permissions env: - name: LEADER_ELECTION diff --git a/tests/golden/openshift4-with-provider/crossplane/crossplane/02_upgrade/00_upgrade.yaml b/tests/golden/openshift4-with-provider/crossplane/crossplane/02_upgrade/00_upgrade.yaml deleted file mode 100644 index af64f34..0000000 --- a/tests/golden/openshift4-with-provider/crossplane/crossplane/02_upgrade/00_upgrade.yaml +++ /dev/null @@ -1,138 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - argocd.argoproj.io/hook: PreSync - argocd.argoproj.io/hook-delete-policy: HookSucceeded - labels: - name: crossplane-crd-upgrade - name: crossplane-crd-upgrade - namespace: syn-crossplane -rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - patch - - apiGroups: - - pkg.crossplane.io - resources: - - locks - verbs: - - get - - patch - - list - - apiGroups: - - pkg.crossplane.io - resources: - - providers - verbs: - - get - - patch - - list - - apiGroups: - - pkg.crossplane.io - resources: - - configurations - verbs: - - get - - patch - - list ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: - argocd.argoproj.io/hook: PreSync - argocd.argoproj.io/hook-delete-policy: HookSucceeded - labels: - name: crossplane-crd-upgrade - name: crossplane-crd-upgrade - namespace: syn-crossplane ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - argocd.argoproj.io/hook: PreSync - argocd.argoproj.io/hook-delete-policy: HookSucceeded - labels: - name: crossplane-crd-upgrade - name: crossplane-crd-upgrade - namespace: syn-crossplane -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: crossplane-crd-upgrade -subjects: - - kind: ServiceAccount - name: crossplane-crd-upgrade - namespace: syn-crossplane ---- -apiVersion: batch/v1 -kind: Job -metadata: - annotations: - argocd.argoproj.io/hook: PreSync - argocd.argoproj.io/hook-delete-policy: HookSucceeded - labels: - name: crossplane-crd-upgrade - name: crossplane-crd-upgrade - namespace: syn-crossplane -spec: - completions: 1 - parallelism: 1 - template: - metadata: - labels: - name: crossplane-crd-upgrade - spec: - containers: - - args: - - -eu - - -c - - "#!/bin/bash\nset -e\n\n#Patch CRDS so that ArgoCD does not delete them\ - \ during upgrade\nfor crd in $CRDS_TO_PATCH; do\n\tif ! kubectl get\ - \ crd \"${crd}\" >/dev/null 2>&1; then\n\t\techo >&2 \"WARNING: Skipping\ - \ '${crd}': not found.\"\n\t\tcontinue\n\tfi\n\n\t#Remove ArgoCD managed-by\ - \ label from the CRD\n\tkubectl label crd \"${crd}\" argocd.argoproj.io/instance-\n\ - done\n\n#Locks are not managed anymore in the helm chart therefore remove\ - \ them from ArgoCD sync cycle\nfor lock in $(kubectl get locks -o name);\ - \ do\n\t#Remove ArgoCD managed-by label from the Lock\n\tkubectl label\ - \ \"$lock\" argocd.argoproj.io/instance-\ndone\n\n#Patch providers so\ - \ that ArgoCD does not delete them during upgrade\nfor provider in $(kubectl\ - \ get providers -o name); do\n\t#Annotate ArgoCD sync-options\n\tkubectl\ - \ annotate \"$provider\" --overwrite argocd.argoproj.io/sync-options=Prune=false\n\ - done\n\n#Patch configurations so that ArgoCD does not delete them during\ - \ upgrade\nfor configuration in $(kubectl get configurations -o name);\ - \ do\n\t#Annotate ArgoCD sync-options\n\tkubectl annotate \"$configuration\"\ - \ --overwrite argocd.argoproj.io/sync-options=Prune=false\ndone\n" - command: - - sh - env: - - name: CRDS_TO_PATCH - value: compositeresourcedefinitions.apiextensions.crossplane.io providerrevisions.pkg.crossplane.io - configurationrevisions.pkg.crossplane.io controllerconfigs.pkg.crossplane.io - configurations.pkg.crossplane.io locks.pkg.crossplane.io compositions.apiextensions.crossplane.io - providers.pkg.crossplane.io - - name: HOME - value: /upgrade - image: docker.io/bitnami/kubectl:1.25.4 - imagePullPolicy: IfNotPresent - name: crossplane-crd-upgrade - ports: [] - stdin: false - tty: false - volumeMounts: - - mountPath: /upgrade - name: upgrade - imagePullSecrets: [] - initContainers: [] - restartPolicy: OnFailure - serviceAccountName: crossplane-crd-upgrade - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: {} - name: upgrade diff --git a/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-deployment.yaml b/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-deployment.yaml index 1456d6f..797855b 100644 --- a/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-deployment.yaml +++ b/tests/golden/openshift4/crossplane/crossplane/01_helmchart/crossplane/templates/rbac-manager-deployment.yaml @@ -41,7 +41,7 @@ spec: - args: - rbac - start - - --manage=All + - --manage=Basic - --provider-clusterrole=crossplane:allowed-provider-permissions env: - name: LEADER_ELECTION diff --git a/tests/golden/openshift4/crossplane/crossplane/02_upgrade/00_upgrade.yaml b/tests/golden/openshift4/crossplane/crossplane/02_upgrade/00_upgrade.yaml deleted file mode 100644 index af64f34..0000000 --- a/tests/golden/openshift4/crossplane/crossplane/02_upgrade/00_upgrade.yaml +++ /dev/null @@ -1,138 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - argocd.argoproj.io/hook: PreSync - argocd.argoproj.io/hook-delete-policy: HookSucceeded - labels: - name: crossplane-crd-upgrade - name: crossplane-crd-upgrade - namespace: syn-crossplane -rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - patch - - apiGroups: - - pkg.crossplane.io - resources: - - locks - verbs: - - get - - patch - - list - - apiGroups: - - pkg.crossplane.io - resources: - - providers - verbs: - - get - - patch - - list - - apiGroups: - - pkg.crossplane.io - resources: - - configurations - verbs: - - get - - patch - - list ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - annotations: - argocd.argoproj.io/hook: PreSync - argocd.argoproj.io/hook-delete-policy: HookSucceeded - labels: - name: crossplane-crd-upgrade - name: crossplane-crd-upgrade - namespace: syn-crossplane ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - annotations: - argocd.argoproj.io/hook: PreSync - argocd.argoproj.io/hook-delete-policy: HookSucceeded - labels: - name: crossplane-crd-upgrade - name: crossplane-crd-upgrade - namespace: syn-crossplane -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: crossplane-crd-upgrade -subjects: - - kind: ServiceAccount - name: crossplane-crd-upgrade - namespace: syn-crossplane ---- -apiVersion: batch/v1 -kind: Job -metadata: - annotations: - argocd.argoproj.io/hook: PreSync - argocd.argoproj.io/hook-delete-policy: HookSucceeded - labels: - name: crossplane-crd-upgrade - name: crossplane-crd-upgrade - namespace: syn-crossplane -spec: - completions: 1 - parallelism: 1 - template: - metadata: - labels: - name: crossplane-crd-upgrade - spec: - containers: - - args: - - -eu - - -c - - "#!/bin/bash\nset -e\n\n#Patch CRDS so that ArgoCD does not delete them\ - \ during upgrade\nfor crd in $CRDS_TO_PATCH; do\n\tif ! kubectl get\ - \ crd \"${crd}\" >/dev/null 2>&1; then\n\t\techo >&2 \"WARNING: Skipping\ - \ '${crd}': not found.\"\n\t\tcontinue\n\tfi\n\n\t#Remove ArgoCD managed-by\ - \ label from the CRD\n\tkubectl label crd \"${crd}\" argocd.argoproj.io/instance-\n\ - done\n\n#Locks are not managed anymore in the helm chart therefore remove\ - \ them from ArgoCD sync cycle\nfor lock in $(kubectl get locks -o name);\ - \ do\n\t#Remove ArgoCD managed-by label from the Lock\n\tkubectl label\ - \ \"$lock\" argocd.argoproj.io/instance-\ndone\n\n#Patch providers so\ - \ that ArgoCD does not delete them during upgrade\nfor provider in $(kubectl\ - \ get providers -o name); do\n\t#Annotate ArgoCD sync-options\n\tkubectl\ - \ annotate \"$provider\" --overwrite argocd.argoproj.io/sync-options=Prune=false\n\ - done\n\n#Patch configurations so that ArgoCD does not delete them during\ - \ upgrade\nfor configuration in $(kubectl get configurations -o name);\ - \ do\n\t#Annotate ArgoCD sync-options\n\tkubectl annotate \"$configuration\"\ - \ --overwrite argocd.argoproj.io/sync-options=Prune=false\ndone\n" - command: - - sh - env: - - name: CRDS_TO_PATCH - value: compositeresourcedefinitions.apiextensions.crossplane.io providerrevisions.pkg.crossplane.io - configurationrevisions.pkg.crossplane.io controllerconfigs.pkg.crossplane.io - configurations.pkg.crossplane.io locks.pkg.crossplane.io compositions.apiextensions.crossplane.io - providers.pkg.crossplane.io - - name: HOME - value: /upgrade - image: docker.io/bitnami/kubectl:1.25.4 - imagePullPolicy: IfNotPresent - name: crossplane-crd-upgrade - ports: [] - stdin: false - tty: false - volumeMounts: - - mountPath: /upgrade - name: upgrade - imagePullSecrets: [] - initContainers: [] - restartPolicy: OnFailure - serviceAccountName: crossplane-crd-upgrade - terminationGracePeriodSeconds: 30 - volumes: - - emptyDir: {} - name: upgrade