feat(flux): add flux-implementation (#2)

haarchri · web-flow · commit b4d00cedf7a4 · 2023-11-03T15:44:06.000+01:00
* feat(flux): add flux-implementation

Signed-off-by: Christopher Haar &lt;christopher.haar@upbound.io&gt;

* style(comment): add comment for empty result patch

Signed-off-by: Christopher Haar &lt;christopher.haar@upbound.io&gt;

---------

Signed-off-by: Christopher Haar &lt;christopher.haar@upbound.io&gt;
diff --git a/Makefile b/Makefile
@@ -19,7 +19,7 @@ UPTEST_VERSION = v0.6.1
 # ====================================================================================
 # Setup XPKG
 XPKG_DIR = $(shell pwd)
-XPKG_IGNORE = .github/workflows/*.yaml,.github/workflows/*.yml,examples/*.yaml,.work/uptest-datasource.yaml
+XPKG_IGNORE = .github/workflows/*.yaml,.github/workflows/*.yml,examples/*.yaml,.work/uptest-datasource.yaml,test/provider/*.yaml
 XPKG_REG_ORGS ?= xpkg.upbound.io/upbound
 # NOTE(hasheddan): skip promoting on xpkg.upbound.io as channel tags are
 # inferred.
@@ -59,17 +59,11 @@ build.init: $(UP)
 # End to End Testing
 
 # This target requires the following environment variables to be set:
-# - UPTEST_CLOUD_CREDENTIALS, cloud credentials for the provider being tested, e.g. export UPTEST_CLOUD_CREDENTIALS=$(cat ~/.aws/credentials)
-# - To ensure the proper functioning of the end-to-end test resource pre-deletion hook, it is crucial to arrange your resources appropriately.
-#   You can check the basic implementation here: https://github.com/upbound/uptest/blob/main/internal/templates/01-delete.yaml.tmpl.
-# - UPTEST_DATASOURCE_PATH (optional), see https://github.com/upbound/uptest#injecting-dynamic-values-and-datasource
 uptest: $(UPTEST) $(KUBECTL) $(KUTTL)
 	@$(INFO) running automated tests
-	@KUBECTL=$(KUBECTL) KUTTL=$(KUTTL) $(UPTEST) e2e examples/flux-xr.yaml,examples/eks-xr.yaml --data-source="${UPTEST_DATASOURCE_PATH}" --setup-script=test/setup.sh --default-timeout=2400 || $(FAIL)
+	@KUBECTL=$(KUBECTL) KUTTL=$(KUTTL) $(UPTEST) e2e examples/flux-xr.yaml --setup-script=test/setup.sh --default-timeout=2400 || $(FAIL)
 	@$(OK) running automated tests
 
-# This target requires the following environment variables to be set:
-# - UPTEST_CLOUD_CREDENTIALS, cloud credentials for the provider being tested, e.g. export UPTEST_CLOUD_CREDENTIALS=$(cat ~/.aws/credentials)
 e2e: build controlplane.up local.xpkg.deploy.configuration.$(PROJECT_NAME) uptest
 
 .PHONY: uptest e2e
diff --git a/apis/composition.yaml b/apis/composition.yaml
@@ -0,0 +1,108 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: Composition
+metadata:
+  name: xflux.gitops.platform.upbound.io
+  labels:
+    type: gitops
+spec:
+  writeConnectionSecretsToNamespace: upbound-system
+  compositeTypeRef:
+    apiVersion: gitops.platform.upbound.io/v1alpha1
+    kind: XFlux
+  patchSets:
+    - name: Common
+      patches:
+        - type: FromCompositeFieldPath
+          fromFieldPath: metadata.labels
+          toFieldPath: metadata.labels
+        - type: FromCompositeFieldPath
+          fromFieldPath: metadata.annotations
+          toFieldPath: metadata.annotations
+        - type: FromCompositeFieldPath
+          fromFieldPath: spec.parameters.providerConfigName
+          toFieldPath: spec.providerConfigRef.name
+        - type: FromCompositeFieldPath
+          fromFieldPath: spec.parameters.deletionPolicy
+          toFieldPath: spec.deletionPolicy
+  resources:
+    - name: releaseFlux
+      base:
+        apiVersion: helm.crossplane.io/v1beta1
+        kind: Release
+        spec:
+          forProvider:
+            namespace: flux-system
+            chart:
+              name: flux2
+            values:
+              imageAutomationController:
+                create: false
+              imageReflectionController:
+                create: false
+      patches:
+        - type: PatchSet
+          patchSetName: Common
+        - fromFieldPath: spec.parameters.operators.flux.version
+          toFieldPath: spec.forProvider.chart.version
+        - type: CombineFromComposite
+          combine:
+            variables:
+              - fromFieldPath: spec.parameters.operators.flux.version
+            strategy: string
+            string:
+              fmt: https://github.com/fluxcd-community/helm-charts/releases/download/flux2-%[1]s/flux2-%[1]s.tgz
+          toFieldPath: spec.forProvider.chart.url
+
+    - name: syncFlux
+      base:
+        apiVersion: helm.crossplane.io/v1beta1
+        kind: Release
+        spec:
+          forProvider:
+            namespace: flux-system
+            chart:
+              name: flux2-sync
+              repository: https://fluxcd-community.github.io/helm-charts
+            values:
+              gitRepository:
+                spec:
+                  gitImplementation: go-git
+              kustomization:
+                spec:
+                  sourceRef:
+                    kind: GitRepository
+      patches:
+        - type: PatchSet
+          patchSetName: Common
+        - fromFieldPath: spec.parameters.operators.flux-sync.version
+          toFieldPath: spec.forProvider.chart.version
+        - fromFieldPath: spec.parameters.providerConfigName
+          toFieldPath: metadata.annotations[crossplane.io/external-name]
+        - fromFieldPath: spec.parameters.source.git.timeout
+          toFieldPath: spec.forProvider.values.gitRepository.spec.timeout
+        - fromFieldPath: spec.parameters.source.git.interval
+          toFieldPath: spec.forProvider.values.gitRepository.spec.interval
+        - fromFieldPath: spec.parameters.source.git.interval
+          toFieldPath: spec.forProvider.values.kustomization.spec.interval
+        - fromFieldPath: spec.parameters.source.git.ref.name
+          toFieldPath: spec.forProvider.values.gitRepository.spec.ref.name
+        - fromFieldPath: spec.parameters.source.git.url
+          toFieldPath: spec.forProvider.values.gitRepository.spec.url
+        - fromFieldPath: spec.parameters.source.git.path
+          toFieldPath: spec.forProvider.values.kustomization.spec.path
+        - fromFieldPath: spec.parameters.kubeConfigSecretRef.name
+          toFieldPath: spec.forProvider.values.kustomization.spec.kubeConfig.secretRef.name
+        - fromFieldPath: spec.parameters.kubeConfigSecretRef.key
+          toFieldPath: spec.forProvider.values.kustomization.spec.kubeConfig.secretRef.key
+        # the sync helm-chart defines ref.branch master per default in values
+        # https://github.com/fluxcd-community/helm-charts/blob/flux2-sync-1.7.2/charts/flux2-sync/values.yaml#L46
+        # we want to use ref.name because server-side-apply is an issue when using ref.tag or ref.branch switch 
+        - fromFieldPath: spec.parameters.providerConfigName
+          toFieldPath: spec.forProvider.values.gitRepository.spec.ref.branch
+          transforms:
+            - type: match
+              match:
+                patterns:
+                  - type: regexp
+                    regexp: '.*'
+                    result: ''
diff --git a/apis/definition.yaml b/apis/definition.yaml
@@ -0,0 +1,126 @@
+apiVersion: apiextensions.crossplane.io/v1
+kind: CompositeResourceDefinition
+metadata:
+  name: xflux.gitops.platform.upbound.io
+spec:
+  group: gitops.platform.upbound.io
+  names:
+    kind: XFlux
+    plural: xflux
+  versions:
+    - name: v1alpha1
+      served: true
+      referenceable: true
+      schema:
+        openAPIV3Schema:
+          type: object
+          properties:
+            spec:
+              type: object
+              properties:
+                parameters:
+                  type: object
+                  description: Flux configuration parameters.
+                  properties:
+                    providerConfigName:
+                      type: string
+                      description: Crossplane ProviderConfig to use for provisioning this resources
+                    deletionPolicy:
+                      description: Delete the external resources when the Claim/XR is deleted. Defaults to Delete
+                      enum:
+                        - Delete
+                        - Orphan
+                      type: string
+                      default: Delete
+                    kubeConfigSecretRef:
+                      description: The KubeConfig for reconciling the Kustomization on a
+                        remote cluster.
+                      type: object
+                      properties:
+                        name:
+                          description: Name of the Secret
+                          type: string
+                        key:
+                          description: Key in the Secret
+                          type: string
+                          default: kubeconfig
+                    operators:
+                      description: Configuration for operators.
+                      type: object
+                      default:
+                        flux:
+                          version: "2.10.6"
+                        flux-sync:
+                          version: "1.7.2"
+                      properties:
+                        flux:
+                          description: Configuration for the Flux GitOps operator.
+                          type: object
+                          properties:
+                            version:
+                              description: flux helm-chart version to run.
+                              type: string
+                              default: "2.10.6"
+                          required:
+                            - version
+                        flux-sync:
+                          description: Configuration for the Flux Sync Helm-Chart.
+                          type: object
+                          properties:
+                            version:
+                              description: flux sync helm-chart version to run.
+                              type: string
+                              default: "1.7.2"
+                          required:
+                            - version
+                    source:
+                      type: object
+                      properties:
+                        git:
+                          type: object
+                          properties:
+                            interval:
+                              default: "5m0s"
+                              description: Interval at which the GitRepository URL is checked for
+                                updates. This interval is approximate and may be subject to jitter
+                                to ensure efficient use of resources.
+                              pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
+                              type: string
+                            timeout:
+                              default: "60s"
+                              description: Timeout for Git operations like cloning, defaults to
+                                60s.
+                              pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$
+                              type: string
+                            url:
+                              description: URL specifies the Git repository URL, it can be an HTTP/S
+                                or SSH address.
+                              pattern: ^(http|https|ssh)://.*$
+                              type: string
+                            path:
+                              type: string
+                              default: "/"
+                            ref:
+                              description: Reference specifies the Git reference to resolve and 
+                                monitor for changes.
+                              type: object
+                              properties:
+                                name:
+                                  description: "Name of the reference to check out; takes precedence
+                                    over Branch, Tag and SemVer. \n It must be a valid Git reference:
+                                    https://git-scm.com/docs/git-check-ref-format#_description Examples:
+                                    \"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\",
+                                    \"refs/merge-requests/1/head\""
+                                  type: string
+                          required:
+                            - interval
+                            - timeout
+                            - url
+                            - path
+                            - ref
+                      required:
+                        - git
+                  required:
+                    - providerConfigName
+                    - deletionPolicy
+                    - source
diff --git a/crossplane.yaml b/crossplane.yaml
@@ -0,0 +1,20 @@
+apiVersion: meta.pkg.crossplane.io/v1alpha1
+kind: Configuration
+metadata:
+  name: configuration-gitops-flux
+  annotations:
+    meta.crossplane.io/maintainer: Upbound <support@upbound.io>
+    meta.crossplane.io/source: github.com/upbound/configuration-gitops-flux
+    meta.crossplane.io/license: Apache-2.0
+    meta.crossplane.io/description: |
+      This Crossplane configuration is a starting point to use gitops in your own internal cloud.
+    meta.crossplane.io/readme: |
+      This Crossplane configuration is a starting point to use gitops in your own internal cloud.
+      To learn more checkout the [GitHub repo](https://github.com/upbound/configuration-gitops-flux/)
+      that you can copy and customize to meet the exact needs of your organization!
+spec:
+  crossplane:
+    version: ">=v1.13.2-0"
+  dependsOn:
+    - provider: xpkg.upbound.io/crossplane-contrib/provider-helm
+      version: ">=v0.15.0"
diff --git a/examples/flux-xr.yaml b/examples/flux-xr.yaml
@@ -0,0 +1,16 @@
+apiVersion: gitops.platform.upbound.io/v1alpha1
+kind: XFlux
+metadata:
+  name: configuration-gitops-flux
+spec:
+  parameters:
+    providerConfigName: configuration-gitops-flux
+    source:
+      git:
+        url: https://github.com/upbound/platform-ref-aws/
+        ref:
+          # refs/heads/main
+          # refs/tags/v0.1.0
+          # refs/pull/420/head
+          # refs/merge-requests/1/head
+          name: refs/heads/main
diff --git a/test/provider/providerconfigs.yaml b/test/provider/providerconfigs.yaml
@@ -0,0 +1,7 @@
+apiVersion: helm.crossplane.io/v1beta1
+kind: ProviderConfig
+metadata:
+  name: configuration-gitops-flux
+spec:
+  credentials:
+    source: InjectedIdentity
diff --git a/test/setup.sh b/test/setup.sh
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+set -aeuo pipefail
+
+echo "Running setup.sh"
+CROSSPLANE_NAMESPACE="upbound-system"
+SCRIPT_DIR=$( cd -- $( dirname -- "${BASH_SOURCE[0]}" ) &> /dev/null && pwd )
+
+echo "Waiting until all configurations are healthy/installed..."
+"${KUBECTL}" wait configuration.pkg --all --for=condition=Healthy --timeout 5m
+"${KUBECTL}" wait configuration.pkg --all --for=condition=Installed --timeout 5m
+
+echo "Waiting until all installed provider packages are healthy..."
+"${KUBECTL}" wait provider.pkg --all --for condition=Healthy --timeout 5m
+
+echo "Waiting for all pods to come online..."
+"${KUBECTL}" -n upbound-system wait --for=condition=Available deployment --all --timeout=5m
+
+echo "Waiting for all XRDs to be established..."
+"${KUBECTL}" wait xrd --all --for condition=Established
+
+echo "Installing providerconfigs"
+"${KUBECTL}" apply -f ${SCRIPT_DIR}/provider/providerconfigs.yaml
+echo "Installed providerconfigs"
+
+echo "Adding provider-helm Service Account permissions"
+SA=$("${KUBECTL}" -n ${CROSSPLANE_NAMESPACE} get sa -o name|grep provider-helm | sed -e "s|serviceaccount\/|${CROSSPLANE_NAMESPACE}:|g")
+"${KUBECTL}" create clusterrolebinding provider-helm-admin-binding --clusterrole cluster-admin --serviceaccount="${SA}"
+echo "Added provider-helm Service Account permissions"
