Avoid hardcoded images (janus-idp#187)

* remove hardcoded images * fix image * Update examples/janus-cr-with-app-configs.yaml Co-authored-by: Armel Soro <armel@rm3l.org> * change lookup * Update config/manager/default-config/db-statefulset.yaml Co-authored-by: Armel Soro <armel@rm3l.org> * Update config/manager/default-config/deployment.yaml Co-authored-by: Armel Soro <armel@rm3l.org> * change lookup * change lookup * Update config/manager/default-config/deployment.yaml Co-authored-by: Armel Soro <armel@rm3l.org> * add generated files * fix image --------- Co-authored-by: Armel Soro <armel@rm3l.org>
gazarenkov · Mar 17, 2024 · 84d7218 · 84d7218
1 parent 61e8283
commit 84d7218
Show file tree

Hide file tree

Showing 12 changed files with 501 additions and 130 deletions.
diff --git a/api/v1alpha1/backstage_types.go b/api/v1alpha1/backstage_types.go
@@ -16,40 +16,27 @@ package v1alpha1
 
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/utils/pointer"
 )
 
-type BackstageConditionReason string
-
-type BackstageConditionType string
-
+// Constants for status conditions
 const (
-	BackstageConditionTypeDeployed BackstageConditionType = "Deployed"
-
-	BackstageConditionReasonDeployed   BackstageConditionReason = "Deployed"
-	BackstageConditionReasonFailed     BackstageConditionReason = "DeployFailed"
-	BackstageConditionReasonInProgress BackstageConditionReason = "DeployInProgress"
+	// TODO: RuntimeConditionRunning string = "RuntimeRunning"
+	ConditionDeployed string = "Deployed"
+	DeployOK          string = "DeployOK"
+	DeployFailed      string = "DeployFailed"
+	DeployInProgress  string = "DeployInProgress"
 )
 
 // BackstageSpec defines the desired state of Backstage
 type BackstageSpec struct {
 	// Configuration for Backstage. Optional.
 	Application *Application `json:"application,omitempty"`
 
-	// Raw Runtime RuntimeObjects configuration. For Advanced scenarios.
-	//RawConfig string `json:"rawConfig,omitempty"`
-
-	RawRuntimeConfig *RuntimeConfig `json:"rawRuntimeConfig,omitempty"`
+	// Raw Runtime Objects configuration. For Advanced scenarios.
+	RawRuntimeConfig RuntimeConfig `json:"rawRuntimeConfig,omitempty"`
 
 	// Configuration for database access. Optional.
-	Database *Database `json:"database,omitempty"`
-}
-
-type RuntimeConfig struct {
-	// Name of ConfigMap containing Backstage runtime objects configuration
-	BackstageConfigName string `json:"backstageConfig,omitempty"`
-	// Name of ConfigMap containing LocalDb (PostgreSQL) runtime objects configuration
-	LocalDbConfigName string `json:"localDbConfig,omitempty"`
+	Database Database `json:"database,omitempty"`
 }
 
 type Database struct {
@@ -58,8 +45,8 @@ type Database struct {
 	//+kubebuilder:default=true
 	EnableLocalDb *bool `json:"enableLocalDb,omitempty"`
 
-	// Name of the secret for database authentication. Required for external database access.
-	// Optional for a local database (EnableLocalDb=true) and if absent a secret will be auto generated.
+	// Name of the secret for database authentication. Optional.
+	// For a local database deployment (EnableLocalDb=true), a secret will be auto generated if it does not exist.
 	// The secret shall include information used for the database access.
 	// An example for PostgreSQL DB access:
 	// "POSTGRES_PASSWORD": "rl4s3Fh4ng3M4"
@@ -111,7 +98,7 @@ type Application struct {
 
 	// Image Pull Secrets to use in all containers (including Init Containers)
 	// +optional
-	ImagePullSecrets []string `json:"imagePullSecrets,omitempty"`
+	ImagePullSecrets *[]string `json:"imagePullSecrets,omitempty"`
 
 	// Route configuration. Used for OpenShift only.
 	Route *Route `json:"route,omitempty"`
@@ -190,6 +177,13 @@ type Env struct {
 	Value string `json:"value"`
 }
 
+type RuntimeConfig struct {
+	// Name of ConfigMap containing Backstage runtime objects configuration
+	BackstageConfigName string `json:"backstageConfig,omitempty"`
+	// Name of ConfigMap containing LocalDb (P|ostgreSQL) runtime objects configuration
+	LocalDbConfigName string `json:"localDbConfig,omitempty"`
+}
+
 // BackstageStatus defines the observed state of Backstage
 type BackstageStatus struct {
 	// Conditions is the list of conditions describing the state of the runtime
@@ -274,29 +268,3 @@ type TLS struct {
 func init() {
 	SchemeBuilder.Register(&Backstage{}, &BackstageList{})
 }
-
-func (s *BackstageSpec) IsLocalDbEnabled() bool {
-	if s.Database == nil {
-		return true
-	}
-	return pointer.BoolDeref(s.Database.EnableLocalDb, true)
-}
-
-func (s *BackstageSpec) IsRouteEnabled() bool {
-	if s.Application == nil || s.Application.Route == nil {
-		return false
-	}
-	return pointer.BoolDeref(s.Application.Route.Enabled, true)
-}
-
-func (s *BackstageSpec) IsRouteEmpty() bool {
-	route := s.Application.Route
-	if route.Host != "" && route.Subdomain != "" && route.TLS != nil && *route.TLS != (TLS{}) {
-		return true
-	}
-	return false
-}
-
-func (s *BackstageSpec) IsAuthSecretSpecified() bool {
-	return s.Database != nil && s.Database.AuthSecretName != ""
-}
diff --git a/bundle/manifests/backstage-default-config_v1_configmap.yaml b/bundle/manifests/backstage-default-config_v1_configmap.yaml
@@ -1,34 +1,28 @@
 apiVersion: v1
 data:
-  app-config.yaml: |-
+  backend-auth-configmap.yaml: |
     apiVersion: v1
     kind: ConfigMap
     metadata:
-      name: my-backstage-config-cm1 # placeholder for <bs>-default-appconfig
+      name: # placeholder for '<cr-name>-backend-auth'
     data:
-      default.app-config.yaml: |
+      "app-config.backend-auth.default.yaml": |
         backend:
-          database:
-            connection:
-              password: ${POSTGRES_PASSWORD}
-              user: ${POSTGRES_USER}
           auth:
             keys:
               # This is a default value, which you should change by providing your own app-config
               - secret: "pl4s3Ch4ng3M3"
-  db-secret.yaml: |-
+  db-secret.yaml: |
     apiVersion: v1
     kind: Secret
     metadata:
-      name: postgres-secrets # will be replaced
-      namespace: backstage
-    type: Opaque
+      name: # placeholder for 'backstage-psql-secret-<cr-name>'
     stringData:
-      POSTGRES_PASSWORD: #wrgd5688 #admin123 # leave it empty to make it autogenerated
-      POSTGRES_PORT: "5432"
-      POSTGRES_USER: postgres
-      POSTGRESQL_ADMIN_PASSWORD: admin123
-      POSTGRES_HOST: bs1-db-service    #placeholder <crname>-db-service
+      "POSTGRES_PASSWORD": "rl4s3Fh4ng3M4" # default value, change to your own value
+      "POSTGRES_PORT": "5432"
+      "POSTGRES_USER": "postgres"
+      "POSTGRESQL_ADMIN_PASSWORD": "rl4s3Fh4ng3M4" # default value, change to your own value
+      "POSTGRES_HOST": "" # set to your Postgres DB host. If the local DB is deployed, set to 'backstage-psql-<cr-name>'
   db-service-hl.yaml: |
     apiVersion: v1
     kind: Service
@@ -50,7 +44,7 @@ data:
         janus-idp.io/app:  backstage-psql-cr1 # placeholder for 'backstage-psql-<cr-name>'
       ports:
         - port: 5432
-  db-statefulset.yaml: |-
+  db-statefulset.yaml: |
     apiVersion: apps/v1
     kind: StatefulSet
     metadata:
@@ -68,9 +62,13 @@ data:
             janus-idp.io/app: backstage-psql-cr1 # placeholder for 'backstage-psql-<cr-name>'
           name: backstage-db-cr1 # placeholder for 'backstage-psql-<cr-name>'
         spec:
-          persistentVolumeClaimRetentionPolicy:
-            whenDeleted: Retain
-            whenScaled: Retain
+          automountServiceAccountToken: false
+          ## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/
+          ## The optional .spec.persistentVolumeClaimRetentionPolicy field controls if and how PVCs are deleted during the lifecycle of a StatefulSet.
+          ## You must enable the StatefulSetAutoDeletePVC feature gate on the API server and the controller manager to use this field.
+    #      persistentVolumeClaimRetentionPolicy:
+    #        whenDeleted: Retain
+    #        whenScaled: Retain
           containers:
             - env:
                 - name: POSTGRESQL_PORT_NUMBER
@@ -80,10 +78,10 @@ data:
                 - name: PGDATA
                   value: /var/lib/pgsql/data/userdata
               envFrom:
-    #            - secretRef:
-    #                name: <POSTGRESQL_SECRET>  # will be replaced with 'backstage-psql-secrets-<cr-name>'
-    #          image: quay.io/fedora/postgresql-15:latest
-              image: <RELATED_IMAGE_postgresql> # will be replaced with the actual image
+                - secretRef:
+                    name: <POSTGRESQL_SECRET>  # will be replaced with 'backstage-psql-secrets-<cr-name>'
+              # image will be replaced by the value of the `RELATED_IMAGE_postgresql` env var, if set
+              image: quay.io/fedora/postgresql-15:latest
               imagePullPolicy: IfNotPresent
               securityContext:
                 runAsNonRoot: true
@@ -127,7 +125,9 @@ data:
                   cpu: 250m
                   memory: 256Mi
                 limits:
+                  cpu: 250m
                   memory: 1024Mi
+                  ephemeral-storage: 20Mi
               volumeMounts:
                 - mountPath: /dev/shm
                   name: dshm
@@ -171,7 +171,7 @@ data:
           labels:
             janus-idp.io/app:  # placeholder for 'backstage-<cr-name>'
         spec:
-          #      serviceAccountName: default
+          automountServiceAccountToken: false
           volumes:
             - ephemeral:
                 volumeClaimTemplate:
@@ -187,13 +187,6 @@ data:
                 defaultMode: 420
                 optional: true
                 secretName: dynamic-plugins-npmrc
-            - name: dynamic-plugins-conf
-              configMap:
-                name: default-dynamic-plugins
-                optional: true
-                items:
-                  - key: dynamic-plugins.yaml
-                    path: dynamic-plugins.yaml
 
           initContainers:
             - command:
@@ -202,7 +195,8 @@ data:
               env:
                 - name: NPM_CONFIG_USERCONFIG
                   value: /opt/app-root/src/.npmrc.dynamic-plugins
-              image: <RELATED_IMAGE_backstage> # will be replaced with the actual image quay.io/janus-idp/backstage-showcase:next
+              # image will be replaced by the value of the `RELATED_IMAGE_backstage` env var, if set
+              image: quay.io/janus-idp/backstage-showcase:latest
               imagePullPolicy: IfNotPresent
               name: install-dynamic-plugins
               volumeMounts:
@@ -212,15 +206,16 @@ data:
                   name: dynamic-plugins-npmrc
                   readOnly: true
                   subPath: .npmrc
-                - mountPath: /opt/app-root/src/dynamic-plugins.yaml
-                  subPath: dynamic-plugins.yaml
-                  name: dynamic-plugins-conf
-                  readOnly: true
               workingDir: /opt/app-root/src
-
+              resources:
+                limits:
+                  cpu: 1000m
+                  memory: 2.5Gi
+                  ephemeral-storage: 5Gi
           containers:
             - name: backstage-backend
-              image: <RELATED_IMAGE_backstage> # will be replaced with the actual image quay.io/janus-idp/backstage-showcase:next
+              # image will be replaced by the value of the `RELATED_IMAGE_backstage` env var, if set
+              image: quay.io/janus-idp/backstage-showcase:latest
               imagePullPolicy: IfNotPresent
               args:
                 - "--config"
@@ -251,14 +246,24 @@ data:
               env:
                 - name: APP_CONFIG_backend_listen_port
                   value: "7007"
+              envFrom:
+                - secretRef:
+                    name: <POSTGRESQL_SECRET>  # will be replaced with 'backstage-psql-secrets-<cr-name>'
+              #            - secretRef:
+              #                name: backstage-secrets
               volumeMounts:
                 - mountPath: /opt/app-root/src/dynamic-plugins-root
                   name: dynamic-plugins-root
-  dynamic-plugins.yaml: |-
+              resources:
+                limits:
+                  cpu: 1000m
+                  memory: 2.5Gi
+                  ephemeral-storage: 5Gi
+  dynamic-plugins-configmap.yaml: |-
     apiVersion: v1
     kind: ConfigMap
     metadata:
-      name: default-dynamic-plugins #  must be the same as (deployment.yaml).spec.template.spec.volumes.name.dynamic-plugins-conf.configMap.name
+      name: # placeholder for '<cr-name>-dynamic-plugins'
     data:
       "dynamic-plugins.yaml": |
         includes:
@@ -279,15 +284,6 @@ data:
       to:
         kind: Service
         name:  # placeholder for 'backstage-<cr-name>'
-  secret-envs.yaml: |
-    apiVersion: v1
-    kind: Secret
-    metadata:
-      name: backend-auth-secret
-    stringData:
-      # generated with the command below (from https://janus-idp.io/docs/auth/service-to-service-auth/#setup):
-      # node -p 'require("crypto").randomBytes(24).toString("base64")'
-      BACKEND_SECRET: "R2FxRVNrcmwzYzhhN3l0V1VRcnQ3L1pLT09WaVhDNUEK" # notsecret
   service.yaml: |-
     apiVersion: v1
     kind: Service

diff --git a/bundle/manifests/backstage-operator.clusterserviceversion.yaml b/bundle/manifests/backstage-operator.clusterserviceversion.yaml
@@ -21,7 +21,7 @@ metadata:
         }
       ]
     capabilities: Seamless Upgrades
-    createdAt: "2024-01-29T20:18:14Z"
+    createdAt: "2024-02-13T07:11:47Z"
     operatorframework.io/suggested-namespace: backstage-system
     operators.operatorframework.io/builder: operator-sdk-v1.33.0
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
@@ -185,6 +185,7 @@ spec:
                         operator: In
                         values:
                         - linux
+              automountServiceAccountToken: true
               containers:
               - args:
                 - --secure-listen-address=0.0.0.0:8443
@@ -219,7 +220,7 @@ spec:
                 - name: RELATED_IMAGE_postgresql
                   value: quay.io/fedora/postgresql-15:latest
                 - name: RELATED_IMAGE_backstage
-                  value: quay.io/janus-idp/backstage-showcase:next
+                  value: quay.io/janus-idp/backstage-showcase:latest
                 image: quay.io/janus-idp/operator:0.0.1
                 livenessProbe:
                   httpGet:
@@ -237,6 +238,7 @@ spec:
                 resources:
                   limits:
                     cpu: 500m
+                    ephemeral-storage: 20Mi
                     memory: 128Mi
                   requests:
                     cpu: 10m
@@ -322,6 +324,6 @@ spec:
   relatedImages:
   - image: quay.io/fedora/postgresql-15:latest
     name: postgresql
-  - image: quay.io/janus-idp/backstage-showcase:next
+  - image: quay.io/janus-idp/backstage-showcase:latest
     name: backstage
   version: 0.0.1
diff --git a/config/manager/default-config/db-statefulset.yaml b/config/manager/default-config/db-statefulset.yaml
@@ -33,7 +33,8 @@ spec:
           envFrom:
             - secretRef:
                 name: <POSTGRESQL_SECRET>  # will be replaced with 'backstage-psql-secrets-<cr-name>'
-          image: <RELATED_IMAGE_postgresql> # will be replaced with the actual image
+          # image will be replaced by the value of the `RELATED_IMAGE_postgresql` env var, if set
+          image: quay.io/fedora/postgresql-15:latest
           imagePullPolicy: IfNotPresent
           securityContext:
             runAsNonRoot: true

diff --git a/config/manager/default-config/deployment.yaml b/config/manager/default-config/deployment.yaml
@@ -36,7 +36,8 @@ spec:
           env:
             - name: NPM_CONFIG_USERCONFIG
               value: /opt/app-root/src/.npmrc.dynamic-plugins
-          image: <RELATED_IMAGE_backstage> # will be replaced with the actual image quay.io/janus-idp/backstage-showcase:next
+          # image will be replaced by the value of the `RELATED_IMAGE_backstage` env var, if set
+          image: quay.io/janus-idp/backstage-showcase:latest
           imagePullPolicy: IfNotPresent
           name: install-dynamic-plugins
           volumeMounts:
@@ -54,7 +55,8 @@ spec:
               ephemeral-storage: 5Gi
       containers:
         - name: backstage-backend
-          image: <RELATED_IMAGE_backstage> # will be replaced with the actual image quay.io/janus-idp/backstage-showcase:next
+          # image will be replaced by the value of the `RELATED_IMAGE_backstage` env var, if set
+          image: quay.io/janus-idp/backstage-showcase:latest
           imagePullPolicy: IfNotPresent
           args:
             - "--config"

diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -76,7 +76,7 @@ spec:
         - name: RELATED_IMAGE_postgresql
           value: quay.io/fedora/postgresql-15:latest
         - name: RELATED_IMAGE_backstage
-          value: quay.io/janus-idp/backstage-showcase:next
+          value: quay.io/janus-idp/backstage-showcase:latest
         image: controller:latest
         name: manager
         securityContext: