Skip to content

Commit

Permalink
Squashed commit of the following:
Browse files Browse the repository at this point in the history 
This PR upgrades to Flux-Operator 0.6 released this morning, also includes:

* #170
which is an aggregate PR, so #171 #172 etc. I think this PR now basically subsumes #170 and can replace it.

I have at least 80% confidence there are no errors in this PR. It also restores the networkPolicy default and the deleted cozy-dashboard network policy, which we will see fixed (restored to install NetworkPolicy resources by default) in the next `flux-operator` release.

Ref: controlplaneio-fluxcd/flux-operator#52
  • Loading branch information
@kvaps
kvaps committed Jun 24, 2024
1 parent b8e5309 commit e0b6d4f
Show file tree
Hide file tree
Showing 13 changed files with 345 additions and 16 deletions.
1 change: 0 additions & 1 deletion packages/core/fluxcd/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,5 +17,4 @@ diff:
update:
rm -rf charts
helm pull oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator --untar --untardir charts
patch -p1 --no-backup-if-mismatch < patches/hostNetwork.diff
patch -p1 --no-backup-if-mismatch < patches/kubernetesEnvs.diff
4 changes: 2 additions & 2 deletions packages/core/fluxcd/charts/flux-operator/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ annotations:
- name: Upstream Project
url: https://github.com/controlplaneio-fluxcd/flux-operator
apiVersion: v2
appVersion: v0.4.0
appVersion: v0.6.0
description: 'A Helm chart for deploying the Flux Operator. '
home: https://github.com/controlplaneio-fluxcd
icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/flux/icon/color/flux-icon-color.png
Expand All @@ -27,4 +27,4 @@ sources:
- https://github.com/controlplaneio-fluxcd/flux-operator
- https://github.com/controlplaneio-fluxcd/charts
type: application
version: 0.4.0
version: 0.6.0
9 changes: 5 additions & 4 deletions packages/core/fluxcd/charts/flux-operator/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# flux-operator

![Version: 0.4.0](https://img.shields.io/badge/Version-0.4.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.4.0](https://img.shields.io/badge/AppVersion-v0.4.0-informational?style=flat-square)
![Version: 0.6.0](https://img.shields.io/badge/Version-0.6.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.6.0](https://img.shields.io/badge/AppVersion-v0.6.0-informational?style=flat-square)

The [Flux Operator](https://github.com/controlplaneio-fluxcd) provides a declarative API
for the installation and upgrade of CNCF [Flux](https://fluxcd.io) and the
Expand Down Expand Up @@ -35,19 +35,20 @@ see the Flux Operator [documentation](https://fluxcd.control-plane.io/operator/)
| affinity | object | `{"nodeAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":{"nodeSelectorTerms":[{"matchExpressions":[{"key":"kubernetes.io/os","operator":"In","values":["linux"]}]}]}}}` | Pod affinity and anti-affinity settings. |
| commonAnnotations | object | `{}` | Common annotations to add to all deployed objects including pods. |
| commonLabels | object | `{}` | Common labels to add to all deployed objects including pods. |
| extraEnvs | list | `[]` | Container extra environment variables. |
| fullnameOverride | string | `""` | |
| hostNetwork | bool | `false` | If `true`, start flux-operator in hostNetwork mode. |
| hostNetwork | bool | `false` | If `true`, the container ports (`8080` and `8081`) are exposed on the host network. |
| image | object | `{"pullSecrets":[],"repository":"ghcr.io/controlplaneio-fluxcd/flux-operator","tag":""}` | Container image settings. The image tag defaults to the chart appVersion. |
| installCRDs | bool | `true` | Install and upgrade the custom resource definitions. |
| livenessProbe | object | `{"httpGet":{"path":"/healthz","port":8081},"initialDelaySeconds":15,"periodSeconds":20}` | Container liveness probe settings. |
| marketplace | object | `{"account":"","license":""}` | Marketplace settings. |
| marketplace | object | `{"account":"","license":"","type":""}` | Marketplace settings. |
| nameOverride | string | `""` | |
| podSecurityContext | object | `{}` | Pod security context settings. |
| priorityClassName | string | `""` | Pod priority class name. Recommended value is system-cluster-critical. |
| readinessProbe | object | `{"httpGet":{"path":"/readyz","port":8081},"initialDelaySeconds":5,"periodSeconds":10}` | Container readiness probe settings. |
| resources | object | `{"limits":{"cpu":"1000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"64Mi"}}` | Container resources requests and limits settings. |
| securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"seccompProfile":{"type":"RuntimeDefault"}}` | Container security context settings. The default is compliant with the pod security restricted profile. |
| serviceAccount | object | `{"automount":true,"name":""}` | Pod service account settings. The name of the service account defaults to the release name. |
| serviceAccount | object | `{"automount":true,"create":true,"name":""}` | Pod service account settings. The name of the service account defaults to the release name. |
| tolerations | list | `[]` | Pod tolerations settings. |

## Source Code
Expand Down
284 changes: 284 additions & 0 deletions packages/core/fluxcd/charts/flux-operator/templates/crds.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,13 @@ spec:
description: Distribution specifies the version and container registry
to pull images from.
properties:
artifact:
description: |-
Artifact is the URL to the OCI artifact containing
the latest Kubernetes manifests for the distribution,
e.g. 'oci://ghcr.io/controlplaneio-fluxcd/flux-operator-manifests:latest'.
pattern: ^oci://.*$
type: string
imagePullSecret:
description: |-
ImagePullSecret is the name of the Kubernetes secret
Expand Down Expand Up @@ -417,4 +424,281 @@ spec:
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.15.0
helm.sh/resource-policy: keep
labels:
app.kubernetes.io/instance: '{{ .Release.Name }}'
app.kubernetes.io/managed-by: '{{ .Release.Service }}'
app.kubernetes.io/name: '{{ .Chart.Name }}'
app.kubernetes.io/version: '{{ .Chart.AppVersion }}'
helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
name: fluxreports.fluxcd.controlplane.io
spec:
group: fluxcd.controlplane.io
names:
kind: FluxReport
listKind: FluxReportList
plural: fluxreports
singular: fluxreport
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.distribution.entitlement
name: Entitlement
priority: 10
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .status.conditions[?(@.type=="Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].message
name: Status
type: string
- jsonPath: .status.conditions[?(@.type=="Ready")].lastTransitionTime
name: LastUpdated
type: string
name: v1
schema:
openAPIV3Schema:
description: FluxReport is the Schema for the fluxreports API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: FluxReportSpec defines the observed state of a Flux installation.
properties:
components:
description: ComponentsStatus is the status of the Flux controller
deployments.
items:
description: FluxComponentStatus defines the observed state of a
Flux component.
properties:
image:
description: Image is the container image of the Flux component.
type: string
name:
description: Name is the name of the Flux component.
type: string
ready:
description: Ready is the readiness status of the Flux component.
type: boolean
status:
description: |-
Status is a human-readable message indicating details
about the Flux component observed state.
type: string
required:
- image
- name
- ready
- status
type: object
type: array
distribution:
description: Distribution is the version information of the Flux installation.
properties:
entitlement:
description: Entitlement is the entitlement verification status.
type: string
managedBy:
description: ManagedBy is the name of the operator managing the
Flux instance.
type: string
status:
description: |-
Status is a human-readable message indicating details
about the distribution observed state.
type: string
version:
description: Version is the version of the Flux instance.
type: string
required:
- entitlement
- status
type: object
reconcilers:
description: |-
ReconcilersStatus is the list of Flux reconcilers and
their statistics grouped by API kind.
items:
description: FluxReconcilerStatus defines the observed state of
a Flux reconciler.
properties:
apiVersion:
description: APIVersion is the API version of the Flux resource.
type: string
kind:
description: Kind is the kind of the Flux resource.
type: string
stats:
description: Stats is the reconcile statics of the Flux resource
kind.
properties:
failing:
description: |-
Failing is the number of reconciled
resources in the Failing state.
type: integer
running:
description: |-
Running is the number of reconciled
resources in the Running state.
type: integer
suspended:
description: |-
Suspended is the number of reconciled
resources in the Suspended state.
type: integer
totalSize:
description: TotalSize is the total size of the artifacts
in storage.
type: string
required:
- failing
- running
- suspended
type: object
required:
- apiVersion
- kind
type: object
type: array
sync:
description: |-
SyncStatus is the status of the cluster sync
Source and Kustomization resources.
properties:
id:
description: ID is the identifier of the sync.
type: string
path:
description: Path is the kustomize path of the sync.
type: string
ready:
description: Ready is the readiness status of the sync.
type: boolean
source:
description: Source is the URL of the source repository.
type: string
status:
description: |-
Status is a human-readable message indicating details
about the sync observed state.
type: string
required:
- id
- ready
- status
type: object
required:
- distribution
type: object
status:
description: FluxReportStatus defines the readiness of a FluxReport.
properties:
conditions:
description: Conditions contains the readiness conditions of the object.
items:
description: "Condition contains details for one aspect of the current
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
lastHandledReconcileAt:
description: |-
LastHandledReconcileAt holds the value of the most recent
reconcile request value, so a change of the annotation value
can be detected.
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
{{- end }}
9 changes: 8 additions & 1 deletion packages/core/fluxcd/charts/flux-operator/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "flux-operator.fullname" . }}
serviceAccountName: {{ include "flux-operator.serviceAccountName" . }}
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
Expand All @@ -50,6 +50,10 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- with .Values.marketplace.type }}
- name: MARKETPLACE_TYPE
value: {{ . }}
{{- end }}
{{- with .Values.marketplace.account }}
- name: MARKETPLACE_ACCOUNT
value: {{ . }}
Expand All @@ -58,6 +62,9 @@ spec:
- name: MARKETPLACE_LICENSE
value: {{ . }}
{{- end }}
{{- if .Values.extraEnvs }}
{{- toYaml .Values.extraEnvs | nindent 12 }}
{{- end }}
{{- include "cozy.kubernetes_envs" . | nindent 12 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
Expand Down
2 changes: 2 additions & 0 deletions packages/core/fluxcd/charts/flux-operator/templates/serviceaccount.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
Expand All @@ -13,3 +14,4 @@ metadata:
{{- toYaml . | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
{{- end }}
Loading

0 comments on commit e0b6d4f

Please sign in to comment.