Switch to ABS, bump architect-orb and remove PSP support (#1183)

.abs/main.yaml

@@ -0,0 +1,8 @@
+replace-app-version-with-git: true
+replace-chart-version-with-git: true
+generate-metadata: true
+chart-dir: ./helm/chart-operator
+destination: ./build
+
+# CI overwrites this, check .circleci/config.yaml
+catalog-base-url: https://giantswarm.github.io/default-catalog/

.circleci/config.yml

@@ -1,6 +1,6 @@
 version: 2.1
 orbs:
-  architect: giantswarm/architect@5.9.0
+  architect: giantswarm/architect@5.11.1
 
 workflows:
   build:
@@ -28,6 +28,7 @@ workflows:
             - master
     - architect/push-to-app-catalog:
         context: architect
+        executor: app-build-suite
         name: push-to-cp-app-catalog
         app_catalog: control-plane-catalog
         app_catalog_test: control-plane-test-catalog
@@ -44,6 +45,7 @@ workflows:
             - master
     - architect/push-to-app-catalog:
         context: architect
+        executor: app-build-suite
         name: push-to-default-app-catalog
         app_catalog: default-catalog
         app_catalog_test: default-test-catalog

CHANGELOG.md

@@ -7,6 +7,21 @@ and this project's packages adheres to [Semantic Versioning](http://semver.org/s
 
 ## [Unreleased]
 
+### Removed
+
+- Removed PSP support and thus support for pre v1.25 Kubernetes clusters.
+    - Removed `.global.podSecurityStandards.enforced` Helm value.
+- Removed `.project.branch` and `project.commit` Helm values.
+
+### Changed
+
+- Bump `architect-orb` to `v5.11.1`.
+- Updated build pipeline to use `app-build-suite`.
+    - Changed value for `application.giantswarm.io/branch` label to point to `.Chart.AppVersion` instead as ABS does not support mangling the templates anymore.
+    - Changed value for `application.giantswarm.io/commit` label to point to `.Chart.AppVersion` instead as ABS does not support mangling the templates anymore.
+- Defaulted `.image.tag` to be an empty string and default that to `.Chart.AppVersion` in the deployment.
+- Bumped `test-app` version to `v1.0.0` in integration tests.
+
 ## [3.3.0] - 2024-07-18
 
 ### Added

helm/chart-operator/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 name: chart-operator
-version: [[ .Version ]]
-appVersion: [[ .AppVersion ]]
+version: 3.3.1-dev
+appVersion: 3.3.1-dev
 home: https://github.com/giantswarm/chart-operator
 description: A Helm chart for the chart-operator
 icon: https://s.giantswarm.io/app-icons/giantswarm/1/dark.svg

helm/chart-operator/templates/_helpers.tpl

@@ -19,10 +19,11 @@ Common labels
 {{- define "chart-operator.labels" -}}
 {{ include "chart-operator.selectorLabels" . }}
 app: {{ include "chart-operator.name" . | quote }}
-application.giantswarm.io/branch: {{ .Values.project.branch | replace "#" "-" | replace "/" "-" | replace "." "-" | trunc 63 | trimSuffix "-" | quote }}
-application.giantswarm.io/commit: {{ .Values.project.commit | quote }}
+application.giantswarm.io/branch: {{ .Chart.AppVersion | replace "#" "-" | replace "/" "-" | replace "." "-" | trunc 63 | trimSuffix "-" | quote }}
+application.giantswarm.io/commit: {{ .Chart.AppVersion | quote }}
 app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+application.giantswarm.io/team: {{ index .Chart.Annotations "application.giantswarm.io/team" | quote }}
 helm.sh/chart: {{ include "chart-operator.chart" . | quote }}
 {{- end -}}
 
@@ -37,3 +38,14 @@ app.kubernetes.io/instance: {{ .Release.Name | quote }}
 {{- define "resource.vpa.enabled" -}}
 {{- if and (.Capabilities.APIVersions.Has "autoscaling.k8s.io/v1") (.Values.verticalPodAutoscaler.enabled) }}true{{ else }}false{{ end }}
 {{- end -}}
+
+{{/*
+Define image tag.
+*/}}
+{{- define "image.tag" -}}
+{{- if .Values.image.tag }}
+{{- .Values.image.tag }}
+{{- else }}
+{{- .Chart.AppVersion }}
+{{- end }}
+{{- end }}

helm/chart-operator/templates/deployment.yaml

@@ -102,11 +102,18 @@ spec:
           value: "5"
       initContainers:
       - name: wait-for-quay
-        image: "{{ .Values.image.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}"
+        image: "{{ .Values.image.registry }}/{{ .Values.image.name }}:{{ include "image.tag" . }}"
         command:
         - sh
         - -c
         - until dig {{ .Values.image.registry }}. {{ range (splitList "," .Values.externalDNSIP) }}@{{ . }} {{ end }}; do echo waiting for {{ .Values.image.registry }}; sleep 2; done;
+        resources:
+          requests:
+            cpu: 100m
+            memory: 128Mi
+          limits:
+            cpu: 200m
+            memory: 256Mi
         securityContext:
           runAsUser: {{ .Values.pod.user.id }}
           runAsGroup: {{ .Values.pod.group.id }}
@@ -140,9 +147,9 @@ spec:
         {{- end }}
         {{- end }}
         {{- if .Values.isManagementCluster }}
-        image: "{{ .Values.registry.domain }}/{{ .Values.image.name }}:{{ .Values.image.tag }}"
+        image: "{{ .Values.registry.domain }}/{{ .Values.image.name }}:{{ include "image.tag" . }}"
         {{- else }}
-        image: "{{ .Values.image.registry }}/{{ .Values.image.name }}:{{ .Values.image.tag }}"
+        image: "{{ .Values.image.registry }}/{{ .Values.image.name }}:{{ include "image.tag" . }}"
         {{- end }}
         volumeMounts:
         {{- if .Values.volumes.tmp.enabled }}

helm/chart-operator/values.schema.json

@@ -97,19 +97,6 @@
         "externalDNSIP": {
             "type": "string"
         },
-        "global": {
-            "type": "object",
-            "properties": {
-                "podSecurityStandards": {
-                    "type": "object",
-                    "properties": {
-                        "enforced": {
-                            "type": "boolean"
-                        }
-                    }
-                }
-            }
-        },
         "helm": {
             "type": "object",
             "properties": {
@@ -219,17 +206,6 @@
                 }
             }
         },
-        "project": {
-            "type": "object",
-            "properties": {
-                "branch": {
-                    "type": "string"
-                },
-                "commit": {
-                    "type": "string"
-                }
-            }
-        },
         "proxy": {
             "type": "object",
             "properties": {

helm/chart-operator/values.yaml

@@ -54,7 +54,7 @@ helm:
 image:
   registry: gsoci.azurecr.io
   name: "giantswarm/chart-operator"
-  tag: "[[ .Version ]]"
+  tag: ""
 
 controller:
   resyncPeriod: "5m"
@@ -70,10 +70,6 @@ pod:
   port: 8000
   replicas: 1
 
-project:
-  branch: "[[ .Branch ]]"
-  commit: "[[ .SHA ]]"
-
 # set the HTTP_PROXY, HTTPS_PROXY and NO_PROXY variable
 proxy:
   noProxy: ""
@@ -139,7 +135,3 @@ securityContext:
 kyvernoPolicyExceptions:
   enabled: true
   namespace: giantswarm
-
-global:
-  podSecurityStandards:
-    enforced: false

integration/test/chart/basic/basic_test.go

@@ -146,8 +146,8 @@ func TestChartLifecycle(t *testing.T) {
 						Namespace: key.Namespace(),
 					},
 				},
-				TarballURL: "https://giantswarm.github.io/default-catalog/test-app-0.1.0.tgz",
-				Version:    "0.1.0",
+				TarballURL: "https://giantswarm.github.io/default-catalog/test-app-1.0.0.tgz",
+				Version:    "1.0.0",
 			},
 		}
 		err = config.K8sClients.CtrlClient().Create(ctx, cr)
@@ -208,8 +208,8 @@ func TestChartLifecycle(t *testing.T) {
 			t.Fatalf("expected %#v got %#v", nil, err)
 		}
 
-		cr.Spec.TarballURL = "https://giantswarm.github.io/default-catalog/test-app-0.1.1.tgz"
-		cr.Spec.Version = "0.1.1"
+		cr.Spec.TarballURL = "https://giantswarm.github.io/default-catalog/test-app-1.0.0.tgz"
+		cr.Spec.Version = "1.0.0"
 
 		err = config.K8sClients.CtrlClient().Update(ctx, &cr)
 		if err != nil {
@@ -220,7 +220,7 @@ func TestChartLifecycle(t *testing.T) {
 
 		config.Logger.Debugf(ctx, "checking release %#q is updated", key.TestAppReleaseName())
 
-		err = config.Release.WaitForChartVersion(ctx, key.Namespace(), key.TestAppReleaseName(), "0.1.1")
+		err = config.Release.WaitForChartVersion(ctx, key.Namespace(), key.TestAppReleaseName(), "1.0.0")
 		if err != nil {
 			t.Fatalf("expected %#v got %#v", nil, err)
 		}