Merge pull request #200 from cloudogu/feature/airgapped-helm-charts

feature helm charts for airgapped gop

Author: yannickchristhomas

argocd/argocd/projects/cluster-resources.ftl.yaml

@@ -15,14 +15,19 @@ spec:
       server: https://kubernetes.default.svc
   sourceRepos:
   - ${scmm.baseUrl}/repo/${namePrefix}argocd/cluster-resources
-  - https://codecentric.github.io/helm-charts
-  - https://charts.external-secrets.io
-  - https://helm.releases.hashicorp.com
-  - https://kubernetes.github.io/ingress-nginx
+
 <#if mirrorRepos>
   - ${scmm.baseUrl}/repo/3rd-party-dependencies/kube-prometheus-stack
+  - ${scmm.baseUrl}/repo/3rd-party-dependencies/mailhog
+  - ${scmm.baseUrl}/repo/3rd-party-dependencies/ingress-nginx
+  - ${scmm.baseUrl}/repo/3rd-party-dependencies/external-secrets
+  - ${scmm.baseUrl}/repo/3rd-party-dependencies/vault
 <#else>
   - https://prometheus-community.github.io/helm-charts
+  - https://codecentric.github.io/helm-charts
+  - https://kubernetes.github.io/ingress-nginx
+  - https://helm.releases.hashicorp.com
+  - https://charts.external-secrets.io
 </#if>
 
   # allow to only see application resources from the specified namespace

scripts/downloadHelmCharts.sh

@@ -1,8 +1,7 @@
 #!/usr/bin/env bash
 set -o errexit -o nounset -o pipefail
 
-#charts=( 'monitoring' 'externalSecrets' 'vault' 'mailhog' 'ingressNginx' )
-charts=( 'monitoring' )
+charts=( 'monitoring' 'externalSecrets' 'vault' 'mailhog' 'ingressNginx')
 APPLICATION_CONFIGURATOR_GROOVY="${1:-src/main/groovy/com/cloudogu/gitops/config/ApplicationConfigurator.groovy}"
 
 tmpRepoFile="$(mktemp)"
@@ -17,7 +16,7 @@ for chart in "${charts[@]}"; do
   chart=$(echo "$chartDetails" | grep -oP "chart\s*:\s*'\K[^']+") 
   version=$(echo "$chartDetails" | grep -oP "version\s*:\s*'\K[^']+")
 
-  helm repo add "$chart" "$repo" --repository-config="${tmpRepoFile}" 
+  helm repo add "$chart" "$repo" --repository-config="${tmpRepoFile}"
   helm pull --untar --untardir ./charts "$chart/$chart" --version "$version" --repository-config="${tmpRepoFile}"
   # Note that keeping charts as tgx would need only 1/10 of storage
   # But untaring them in groovy would need additional libraries.

src/main/groovy/com/cloudogu/gitops/features/ExternalSecretsOperator.groovy

@@ -3,32 +3,42 @@ package com.cloudogu.gitops.features
 import com.cloudogu.gitops.Feature
 import com.cloudogu.gitops.config.Configuration
 import com.cloudogu.gitops.features.deployment.DeploymentStrategy
+import com.cloudogu.gitops.utils.AirGappedUtils
 import com.cloudogu.gitops.utils.DockerImageParser
 import com.cloudogu.gitops.utils.FileSystemUtils
+import com.cloudogu.gitops.utils.K8sClient
 import com.cloudogu.gitops.utils.MapUtils
 import com.cloudogu.gitops.utils.TemplatingEngine
 import groovy.util.logging.Slf4j
 import groovy.yaml.YamlSlurper
 import io.micronaut.core.annotation.Order
 import jakarta.inject.Singleton
 
+import java.nio.file.Path
+
 @Slf4j
 @Singleton
 @Order(400)
 class ExternalSecretsOperator extends Feature {
     private Map config
     private FileSystemUtils fileSystemUtils
     private DeploymentStrategy deployer
+    private K8sClient k8sClient
+    private AirGappedUtils airGappedUtils
     static final String HELM_VALUES_PATH = 'applications/cluster-resources/secrets/external-secrets/values.ftl.yaml'
 
     ExternalSecretsOperator(
             Configuration config,
             FileSystemUtils fileSystemUtils,
-            DeploymentStrategy deployer
+            DeploymentStrategy deployer,
+            K8sClient k8sClient,
+            AirGappedUtils airGappedUtils
     ) {
         this.deployer = deployer
         this.config = config.getConfig()
         this.fileSystemUtils = fileSystemUtils
+        this.k8sClient = k8sClient
+        this.airGappedUtils = airGappedUtils
     }
 
     @Override
@@ -82,14 +92,41 @@ class ExternalSecretsOperator extends Feature {
         def tmpHelmValues = fileSystemUtils.createTempFile()
         fileSystemUtils.writeYaml(helmValuesYaml, tmpHelmValues.toFile())
 
-        deployer.deployFeature(
+        if (config.application['mirrorRepos']) {
+            log.debug("Mirroring repos: Deploying externalSecretsOperator from local git repo")
+
+            def repoNamespaceAndName = airGappedUtils.mirrorHelmRepoToGit(config['features']['secrets']['externalSecrets']['helm'] as Map)
+
+            String externalSecretsVersion =
+                    new YamlSlurper().parse(Path.of("${config.application['localHelmChartFolder']}/${helmConfig['chart']}",
+                            'Chart.yaml'))['version']
+
+            deployer.deployFeature(
+                    "${scmmUri}/repo/${repoNamespaceAndName}",
+                    "external-secrets",
+                    '.',
+                    externalSecretsVersion,
+                    'secrets',
+                    'external-secrets',
+                    tmpHelmValues, DeploymentStrategy.RepoType.GIT
+            )
+        } else {
+            deployer.deployFeature(
                 helmConfig['repoURL'] as String,
                 "externalsecretsoperator",
                 helmConfig['chart'] as String,
                 helmConfig['version'] as String,
                 'secrets',
                 'external-secrets',
                 tmpHelmValues
-        )
+            )
+        }
+    }
+    private URI getScmmUri() {
+        if (config.scmm['internal']) {
+            new URI('http://scmm-scm-manager.default.svc.cluster.local/scm')
+        } else {
+            new URI("${config.scmm['url']}/scm")
+        }
     }
 }

src/main/groovy/com/cloudogu/gitops/features/IngressNginx.groovy

@@ -3,32 +3,43 @@ package com.cloudogu.gitops.features
 import com.cloudogu.gitops.Feature
 import com.cloudogu.gitops.config.Configuration
 import com.cloudogu.gitops.features.deployment.DeploymentStrategy
+import com.cloudogu.gitops.utils.AirGappedUtils
 import com.cloudogu.gitops.utils.FileSystemUtils
+import com.cloudogu.gitops.utils.K8sClient
 import com.cloudogu.gitops.utils.MapUtils
 import com.cloudogu.gitops.utils.TemplatingEngine
 import groovy.util.logging.Slf4j
 import groovy.yaml.YamlSlurper
 import io.micronaut.core.annotation.Order
 import jakarta.inject.Singleton
 
+import java.nio.file.Path
+
 @Slf4j
 @Singleton
 @Order(150)
 class IngressNginx extends Feature {
+
     static final String HELM_VALUES_PATH = "applications/cluster-resources/ingress-nginx-helm-values.ftl.yaml"
 
     private Map config
     private FileSystemUtils fileSystemUtils
     private DeploymentStrategy deployer
+    private AirGappedUtils airGappedUtils
+    private K8sClient k8sClient
 
     IngressNginx(
             Configuration config,
             FileSystemUtils fileSystemUtils,
-            DeploymentStrategy deployer
+            DeploymentStrategy deployer,
+            K8sClient k8sClient,
+            AirGappedUtils airGappedUtils
     ) {
         this.deployer = deployer
         this.config = config.getConfig()
         this.fileSystemUtils = fileSystemUtils
+        this.k8sClient = k8sClient
+        this.airGappedUtils = airGappedUtils
     }
 
     @Override
@@ -38,15 +49,15 @@ class IngressNginx extends Feature {
 
     @Override
     void enable() {
-        
+
         def templatedMap = new YamlSlurper().parseText(
                 new TemplatingEngine().template(new File(HELM_VALUES_PATH),
                     [
                             podResources: config.application['podResources'],
                     ])) as Map
 
         def valuesFromConfig = config['features']['ingressNginx']['helm']['values'] as Map
-        
+
         def mergedMap = MapUtils.deepMerge(valuesFromConfig, templatedMap)
 
         def tmpHelmValues = fileSystemUtils.createTempFile()
@@ -58,14 +69,40 @@ class IngressNginx extends Feature {
 
         def helmConfig = config['features']['ingressNginx']['helm']
 
-        deployer.deployFeature(
-                helmConfig['repoURL'] as String,
-                'ingress-nginx',
-                helmConfig['chart'] as String,
-                helmConfig['version'] as String,
-                'ingress-nginx',
-                'ingress-nginx',
-                tmpHelmValues)
+        if (config.application['mirrorRepos']) {
+            log.debug("Mirroring repos: Deploying IngressNginx from local git repo")
 
+            def repoNamespaceAndName = airGappedUtils.mirrorHelmRepoToGit(config['features']['ingressNginx']['helm'] as Map)
+
+            String ingressNginxVersion =
+                    new YamlSlurper().parse(Path.of("${config.application['localHelmChartFolder']}/${helmConfig['chart']}",
+                            'Chart.yaml'))['version']
+
+            deployer.deployFeature(
+                    "${scmmUri}/repo/${repoNamespaceAndName}",
+                    'ingress-nginx',
+                    '.',
+                    ingressNginxVersion,
+                    'ingress-nginx',
+                    'ingress-nginx',
+                    tmpHelmValues, DeploymentStrategy.RepoType.GIT)
+        } else {
+            deployer.deployFeature(
+                    helmConfig['repoURL'] as String,
+                    'ingress-nginx',
+                    helmConfig['chart'] as String,
+                    helmConfig['version'] as String,
+                    'ingress-nginx',
+                    'ingress-nginx',
+                    tmpHelmValues
+            )
+        }
+    }
+    private URI getScmmUri() {
+        if (config.scmm['internal']) {
+            new URI('http://scmm-scm-manager.default.svc.cluster.local/scm')
+        } else {
+            new URI("${config.scmm['url']}/scm")
+        }
     }
 }

src/main/groovy/com/cloudogu/gitops/features/Mailhog.groovy

@@ -3,13 +3,18 @@ package com.cloudogu.gitops.features
 import com.cloudogu.gitops.Feature
 import com.cloudogu.gitops.config.Configuration
 import com.cloudogu.gitops.features.deployment.DeploymentStrategy
+import com.cloudogu.gitops.utils.AirGappedUtils
 import com.cloudogu.gitops.utils.FileSystemUtils
+import com.cloudogu.gitops.utils.K8sClient
 import com.cloudogu.gitops.utils.TemplatingEngine
 import groovy.util.logging.Slf4j
+import groovy.yaml.YamlSlurper
 import io.micronaut.core.annotation.Order
 import jakarta.inject.Singleton
 import org.springframework.security.crypto.bcrypt.BCrypt
 
+import java.nio.file.Path
+
 @Slf4j
 @Singleton
 @Order(200)
@@ -22,19 +27,26 @@ class Mailhog extends Feature {
     private String password
     private FileSystemUtils fileSystemUtils
     private DeploymentStrategy deployer
+    private AirGappedUtils airGappedUtils
+    private K8sClient k8sClient
 
     Mailhog(
             Configuration config,
             FileSystemUtils fileSystemUtils,
-            DeploymentStrategy deployer
+            DeploymentStrategy deployer,
+            K8sClient k8sClient,
+            AirGappedUtils airGappedUtils
     ) {
         this.deployer = deployer
         this.config = config.getConfig()
         this.username = this.config.application["username"]
         this.password = this.config.application["password"]
+        this.k8sClient = k8sClient
         this.fileSystemUtils = fileSystemUtils
+        this.airGappedUtils = airGappedUtils
     }
 
+
     @Override
     boolean isEnabled() {
         return config.features['mail']['mailhog']
@@ -44,25 +56,53 @@ class Mailhog extends Feature {
     void enable() {
         String bcryptMailhogPassword = BCrypt.hashpw(password, BCrypt.gensalt(4))
         def tmpHelmValues = new TemplatingEngine().replaceTemplate(fileSystemUtils.copyToTempDir(HELM_VALUES_PATH).toFile(), [
-                mail: [
+                mail         : [
                         // Note that passing the URL object here leads to problems in Graal Native image, see Git history
                         host: config.features['mail']['mailhogUrl'] ? new URL(config.features['mail']['mailhogUrl'] as String).host : "",
                 ],
-                image: config['features']['mail']['helm']['image'] as String,
-                isRemote: config.application['remote'],
-                username: username,
+                image        : config['features']['mail']['helm']['image'] as String,
+                isRemote     : config.application['remote'],
+                username     : username,
                 passwordCrypt: bcryptMailhogPassword,
                 podResources: config.application['podResources'],
         ]).toPath()
 
         def helmConfig = config['features']['mail']['helm']
-        deployer.deployFeature(
-                helmConfig['repoURL'] as String,
-                'mailhog',
-                helmConfig['chart'] as String,
-                helmConfig['version'] as String,
-                'monitoring',
-                'mailhog',
-                tmpHelmValues)
+
+        if (config.application['mirrorRepos']) {
+            log.debug("Mirroring repos: Deploying mailhog from local git repo")
+
+            def repoNamespaceAndName = airGappedUtils.mirrorHelmRepoToGit(config['features']['mail']['helm'] as Map)
+
+            String mailhogVersion =
+                    new YamlSlurper().parse(Path.of("${config.application['localHelmChartFolder']}/${helmConfig['chart']}",
+                            'Chart.yaml'))['version']
+
+            deployer.deployFeature(
+                    "${scmmUri}/repo/${repoNamespaceAndName}",
+                    'mailhog',
+                    '.',
+                    mailhogVersion,
+                    'monitoring',
+                    'mailhog',
+                    tmpHelmValues, DeploymentStrategy.RepoType.GIT)
+        } else {
+            deployer.deployFeature(
+                    helmConfig['repoURL'] as String,
+                    'mailhog',
+                    helmConfig['chart'] as String,
+                    helmConfig['version'] as String,
+                    'monitoring',
+                    'mailhog',
+                    tmpHelmValues)
+        }
+    }
+
+    private URI getScmmUri() {
+        if (config.scmm['internal']) {
+            new URI('http://scmm-scm-manager.default.svc.cluster.local/scm')
+        } else {
+            new URI("${config.scmm['url']}/scm")
+        }
     }
 }

src/main/groovy/com/cloudogu/gitops/features/PrometheusStack.groovy

@@ -3,6 +3,7 @@ package com.cloudogu.gitops.features
 import com.cloudogu.gitops.Feature
 import com.cloudogu.gitops.config.Configuration
 import com.cloudogu.gitops.features.deployment.DeploymentStrategy
+import com.cloudogu.gitops.utils.AirGappedUtils
 import com.cloudogu.gitops.utils.*
 import groovy.util.logging.Slf4j
 import groovy.yaml.YamlSlurper
@@ -121,6 +122,7 @@ class PrometheusStack extends Feature {
         def helmConfig = config['features']['monitoring']['helm']
         setCustomImages(helmConfig, helmValuesYaml)
 
+        fileSystemUtils.writeYaml(helmValuesYaml, tmpHelmValues.toFile())
 
         if (config.application['mirrorRepos']) {
             log.debug("Mirroring repos: Deploying prometheus from local git repo")
@@ -140,8 +142,7 @@ class PrometheusStack extends Feature {
                     'kube-prometheus-stack',
                     tmpHelmValues, RepoType.GIT)
         } else {
-            fileSystemUtils.writeYaml(helmValuesYaml, tmpHelmValues.toFile())
-    
+
             deployer.deployFeature(
                     helmConfig['repoURL'] as String,
                     'prometheusstack',