Merge pull request #1 from anguslees/master

Bash away at travis config until it passes
vmware-tanzu · Oct 27, 2017 · 9916fe8 · 9916fe8
2 parents 554e3eb + 376d524
commit 9916fe8
Show file tree

Hide file tree

Showing 13 changed files with 199 additions and 29 deletions.
diff --git a/.gitmodules b/.gitmodules
@@ -0,0 +1,9 @@
+[submodule "kubeless"]
+	path = vendor/kubeless
+	url = https://github.com/bitnami/kubeless.git
+[submodule "kubecfg"]
+	path = vendor/kubecfg
+	url = https://github.com/ksonnet/kubecfg.git
+[submodule "ksonnet-lib"]
+	path = vendor/ksonnet-lib
+	url = https://github.com/ksonnet/ksonnet-lib.git
diff --git a/.travis.yml b/.travis.yml
@@ -22,7 +22,7 @@ install:
     fi
   - |
     if ! which kubectl; then
-      wget https://storage.googleapis.com/kubernetes-release/release/$INT_KVERS/bin/$(go env GOOS)/$(go env GOARCH)/kubectl
+      wget https://storage.googleapis.com/kubernetes-release/release/$KVERS/bin/$(go env GOOS)/$(go env GOARCH)/kubectl
       install -m 755 kubectl $GOPATH/bin/kubectl
     fi
   - |
@@ -31,23 +31,22 @@ install:
       install -m 755 kubecfg $GOPATH/bin/kubecfg
     fi
   - mkdir -p $HOME/.kube && touch $HOME/.kube/config
-  - git clone --depth=1 https://github.com/ksonnet/ksonnet-lib.git
-  - wget https://github.com/ksonnet/kubecfg/blob/v0.5.0/lib/kubecfg.libsonnet
-  - export KUBECFG_JPATH=$PWD/ksonnet-lib:$PWD
   - >-
     sudo -E $GOPATH/bin/minikube start --vm-driver=none
     --kubernetes-version $KVERS
     $MK_ARGS
+  - export KUBECFG_JPATH=$PWD/lib:$PWD/vendor/kubecfg/lib:$PWD/vendor/ksonnet-lib
   - |
     minikube update-context
     minikube status
-    kubectl version
+    while ! kubectl version; do sleep 1; done
 
 script:
   # FIXME(gus): `validate` fails on CRDs, because the server doens't
   # publish a schema :(  The following `kubeapps up` will verify that the
   # server accepts them.
-  - kubecfg validate -v kubeapps.jsonnet || :
+  - >-
+    kubecfg validate -v kubeapps.jsonnet || :
   - ./kubeapps.sh up
   # FIXME: Do some sort of test here
   # (perhaps just "did all the pods become Ready?")

diff --git a/README.md b/README.md
@@ -4,27 +4,16 @@ TODO: vendor some of this, or otherwise reduce the external
 dependencies.
 
 ```
+# NB: need submodules
+d=kubeapps-manifest
+git clone --recurse-submodules https://github.com/kubeapps/manifest $d
+
 # Install kubecfg somewhere in $PATH
 # NB: v0.5.0, not master
 wget -O $HOME/bin/kubecfg https://github.com/ksonnet/kubecfg/releases/download/v0.5.0/kubecfg-linux-amd64
 chmod +x $HOME/bin/kubecfg
 
-# Install kubecfg jsonnet lib somewhere
-kubecfglib_dir=$PWD
-wget https://raw.githubusercontent.com/ksonnet/kubecfg/master/lib/kubecfg.libsonnet
-
-# Install ksonnet-lib somewhere
-ksonnetlib_dir=$PWD/ksonnet-lib
-git clone github.com/ksonnet/ksonnet-lib.git $ksonnetlib_dir
-
-# Doesn't have to be here, but kubeapps' `kubeless.jsonnet` lazily
-# assumes this structure.  Complain if you want something else.
-cd $GOPATH/src
-git clone github.com/kubeless/kubeless.git github.com/kubeless/kubeless
-git clone github.com/kubeapps/manifest.git github.com/kubeapps/manifest
-
-kubeapps=$GOPATH/src/github.com/kubeapps/manifest
-export KUBECFG_JPATH=$kubeapps/lib:$ksonnetlib_dir:$kubecfglib_dir
+export KUBECFG_JPATH=$d/lib:$d/vendor/kubecfg/lib:$d/ksonnet-lib
 
 # Make sure your ~/.kube/config points to a working cluster
 # If required: minikube start

diff --git a/kubeapps.sh b/kubeapps.sh
@@ -11,7 +11,11 @@ case "$1" in
         exec kubecfg update -v --gc-tag=$GCTAG kubeapps.jsonnet
         ;;
     down)
-        exec kubecfg delete -v --gc-tag=$GCTAG kubeapps.jsonnet
+        # This assumes kubeapps.jsonnet is in sync with what's
+        # currently running.
+        # FIXME(gus): add support for deletion using the garbage
+        # collection mechanism.
+        exec kubecfg delete -v kubeapps.jsonnet
         ;;
     *)
         echo "Unknown subcommand: $1" >&2

diff --git a/kubeless.jsonnet b/kubeless.jsonnet
@@ -1,8 +1,6 @@
 local kube = import "kube.libsonnet";
 
-// Should probably copy/inline this, but for now just assume that
-// kubeless is checked out somewhere nearby
-local kubeless = import "../../kubeless/kubeless/kubeless-rbac.jsonnet";
+local kubeless = import "vendor/kubeless/kubeless-rbac.jsonnet";
 
 kubeless {
   ns: kube.Namespace("kubeless"),

diff --git a/sealed-secrets.jsonnet b/sealed-secrets.jsonnet
@@ -1,7 +1,13 @@
-local controller = import "../../bitnami/sealed-secrets/controller.jsonnet";
+local kubecfg = import "kubecfg.libsonnet";
+
+// sealed-secrets/controller.jsonnet isn't designed to be used outside
+// the sealed-secrets build, so we just use the built YAML files here :(
+
+local controller = kubecfg.parseYaml(importstr "sealedsecret-controller.yaml");
 
 // For <k8s 1.7, we want to use TPRs:
-//local crd = import "../../bitnami/sealed-secrets/sealedsecret-tpr.jsonnet";
-local crd = import "../../bitnami/sealed-secrets/sealedsecret-crd.jsonnet";
+//local crd = kubecfg.parseYaml(importstr "sealedsecret-tpr.yaml");
+local crd = kubecfg.parseYaml(importstr "sealedsecret-crd.yaml");
 
+// NB: this expression is an array, because YAML
 controller + crd
diff --git a/sealedsecret-controller.yaml b/sealedsecret-controller.yaml
@@ -0,0 +1,122 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: sealed-secrets-controller
+  namespace: kube-system
+---
+apiVersion: apps/v1beta1
+kind: Deployment
+metadata:
+  name: sealed-secrets-controller
+  namespace: kube-system
+spec:
+  template:
+    metadata:
+      labels:
+        name: sealed-secrets-controller
+    spec:
+      containers:
+      - command:
+        - controller
+        image: quay.io/bitnami/sealed-secrets-controller:v0.5.1
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8080
+        name: sealed-secrets-controller
+        ports:
+        - containerPort: 8080
+          name: http
+        readinessProbe:
+          httpGet:
+            path: /healthz
+            port: 8080
+        securityContext:
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          runAsUser: 1001
+      serviceAccountName: sealed-secrets-controller
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: sealed-secrets-controller
+  namespace: kube-system
+spec:
+  ports:
+  - port: 8080
+  selector:
+    name: sealed-secrets-controller
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+  name: sealed-secrets-controller
+  namespace: kube-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: sealed-secrets-key-admin
+subjects:
+- apiGroup: ""
+  kind: ServiceAccount
+  name: sealed-secrets-controller
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: Role
+metadata:
+  name: sealed-secrets-key-admin
+  namespace: kube-system
+rules:
+- apiGroups:
+  - ""
+  resourceNames:
+  - sealed-secrets-key
+  resources:
+  - secrets
+  verbs:
+  - get
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: sealed-secrets-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: secrets-unsealer
+subjects:
+- apiGroup: ""
+  kind: ServiceAccount
+  name: sealed-secrets-controller
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  name: secrets-unsealer
+rules:
+- apiGroups:
+  - bitnami.com
+  resources:
+  - sealedsecrets
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+  - update
+  - delete
diff --git a/sealedsecret-crd.yaml b/sealedsecret-crd.yaml
@@ -0,0 +1,26 @@
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: sealedsecrets.bitnami.com
+spec:
+  group: bitnami.com
+  names:
+    kind: SealedSecret
+    listKind: SealedSecretList
+    plural: sealedsecrets
+    singular: sealedsecret
+  scope: Namespaced
+  validation:
+    openAPIV3Schema:
+      $schema: http://json-schema.org/draft-04/schema#
+      description: A sealed (encrypted) Secret
+      properties:
+        spec:
+          properties:
+            data:
+              pattern: ^[^A-Za-z0-9+/=]*$
+              type: string
+          type: object
+      type: object
+  version: v1alpha1
diff --git a/sealedsecret-tpr.yaml b/sealedsecret-tpr.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: extensions/v1beta1
+description: A sealed (encrypted) Secret
+kind: ThirdPartyResource
+metadata:
+  name: sealed-secret.bitnami.com
+versions:
+- name: v1alpha1
diff --git a/vendor/README.md b/vendor/README.md
@@ -0,0 +1,6 @@
+# Vendored submodules
+
+Added with (eg):
+```
+git submodule add --name ksonnet-lib -- https://github.com/ksonnet/ksonnet-lib.git vendor/ksonnet-lib
+```
diff --git a/vendor/ksonnet-lib b/vendor/ksonnet-lib
diff --git a/vendor/kubecfg b/vendor/kubecfg
diff --git a/vendor/kubeless b/vendor/kubeless