Merge pull request #25 from vmware-tanzu-labs/develop

v1.4.1

Author: scottd018

Makefile

@@ -5,7 +5,7 @@
 
 # image build vars
 IMAGE ?= projects.registry.vmware.com/rpk/rpk
-IMAGE_VERSION ?= v1.4.0
+IMAGE_VERSION ?= v1.4.1
 IMAGE_BASE ?= projects.registry.vmware.com/rpk/rpk-base
 IMAGE_BASE_VERSION ?= v1.4.0
 

docs/CONTRIBUTING.md

@@ -13,6 +13,7 @@ The following is a set of guidelines for contributing to RPK.
     - [Developer Workflow](#developer-workflow)
     - [Development Environment](#development-environment)
       - [Development Environment Prerequisites](#development-environment-prerequisites)
+      - [Setup Git](#setup-git)
       - [Developing with a Docker Image](#developing-with-a-docker-image)
       - [Developing with a Local Environment](#developing-with-a-local-environment)
   - [Ansible](#ansible)
@@ -55,7 +56,7 @@ contributions to RPK should align with the ideals and practices that are found t
 
 For more information about RPK and it's relation to TDC, view the following links:
 
-* [Overview](./OVERVIEW.md)
+* [Overview](../README.md)
 * [Architecture](./ARCHITECTURE.md)
 
 ## Git
@@ -66,17 +67,19 @@ The following outlines the simple developer workflow that we use for RPK.
 
 1. Contributor discovers a bug or has an idea for a new feature or an improvement to the existing processes.
 2. Contributor opens an issue.
-3. Contributor applies the `In Progress` label to the issue and assigns himself/herself to the issue.
+3. Contributor assigns himself/herself to the issue.
 4. Contributor creates a fork in GitHub to their personal GitHub account.
 5. Contributor clones the RPK repo from their fork (e.g. `git clone [email protected]/<GITHUB_ID>/reference-platform-kubernetes.git`).  See [Development Environment](#development-environment) for information on environment setup.
 6. Working in the new fork on the local development workstation, the contributor modifies the code needed to address the opened and approved issue.
-7. Contributor commits and pushes the changes to their fork (`e.g. git add*; git commit -a -m 'Fixes #1, my commit message'; git push --set-upstream origin my-cool-new-feature`)
-8. Contributor opens a merge request in GitHub and fills out the appropriate information in the Merge Request.
-9. A CI pipeline is kicked off.  See [PIPELINE.md](PIPELINE.md) for more details.
+7. Contributor commits and pushes the changes to their fork (`e.g. git add*; git commit -a -m -s 'Fixes #1, my commit message'; git push --set-upstream origin my-cool-new-feature`)
+   1. We do require signed commits as per [DCO](#developer-certificate-of-origin).  Here is the process to follow to setup your workstation: https://docs.github.com/en/github/authenticating-to-github/managing-commit-signature-verification/signing-commits
+8. Contributor opens a merge request **into the develop branch** in GitHub and fills out the appropriate information in the Merge Request.
+9.  A CI pipeline is kicked off.  See [PIPELINE.md](PIPELINE.md) for more details.
    1. **NOTE:** failed CI pipeline runs will not be merged.
    2. **NOTE:** please keep commits to their individual modules (e.g. `container-registry`, or `storage`) as this helps unit test the independent modules.
 10. If additional changes are requested, steps 7-8 can be repeated until the branch is approved for merge by the maintainers.
 11. Once the request approved, your code is merged!
+12. When a new release is cut, code is merged code is merged from **develop > master**.
 
 ### Development Environment
 
@@ -92,6 +95,11 @@ The following outlines the simple developer workflow that we use for RPK.
   * [KIND](providers/kind.md#set-variables)
   * [VMware](providers/vmware.md#set-variables)
 
+#### Setup Git
+
+As per [DCO](#developer-certificate-of-origin), we require signed commits **with a 'commit signed off by ...' message**.  See
+https://docs.github.com/en/github/authenticating-to-github/managing-commit-signature-verification/signing-commits for more details on setup.
+
 #### Developing with a Docker Image
 
 Ansible requires several python dependencies in order to run RPK.  Often times, this

roles/common/namespace/clean/tasks/clean.yaml

@@ -1,55 +1,27 @@
 # Copyright 2006-2021 VMware, Inc.
 # SPDX-License-Identifier: MIT
 ---
-- name: "get the namespace-operator pod"
-  k8s_info:
-    kind:      "Pod"
-    namespace: "{{ tanzu_workload_tenancy.namespace }}"
-    context:   "{{ tanzu_kubectl_context }}"
-    label_selectors:
-      - "app.kubernetes.io/name = {{ tanzu_workload_tenancy.namespace_operator.app_name }}"
-  register: _namespace_operator_status
-  when: _namespace_operator_status is not defined
-
 - name: "get the tanzu namespace custom resource definition"
   k8s_info:
     kind:        "CustomResourceDefinition"
     context:     "{{ tanzu_kubectl_context }}"
     api_version: "apiextensions.k8s.io/v1"
     name:        "tanzunamespaces.tenancy.platform.cnr.vmware.com"
-  register: _namespace_crd_status
-  when: _namespace_crd_status is not defined
+  register: _tns_crd_status
 
-- when:
-    - (_namespace_operator_status.resources | default([]) | length) > 0
-    - (_namespace_crd_status.resources | default([]) | length) > 0
-  block:
-    - name: "ensure the tanzu namespace resource is removed"
-      k8s:
-        state:       "absent"
-        context:     "{{ tanzu_kubectl_context }}"
-        kind:        "TanzuNamespace"
-        name:        "{{ namespace }}"
-        api_version: "tenancy.platform.cnr.vmware.com/v1alpha1"
-      register: _tns_status
-      until:    not _tns_status.failed
-      retries:  50
-      delay:    2
-
-- when:
-    - (_namespace_operator_status.resources | default([]) | length) == 0
-    - (_namespace_crd_status.resources | default([]) | length) == 0
-  block:
-    - name: "ensure the namespace no longer exists"
-      k8s:
-        state:   "absent"
-        context: "{{ tanzu_kubectl_context }}"
-        kind:    "Namespace"
-        name:    "{{ namespace }}"
-      register: _ns_status
-      until:    not _ns_status.failed
-      retries:  50
-      delay:    2
+- name: "ensure the tanzu namespace resource is removed"
+  k8s:
+    state:       "absent"
+    context:     "{{ tanzu_kubectl_context }}"
+    kind:        "TanzuNamespace"
+    name:        "{{ namespace }}"
+    api_version: "tenancy.platform.cnr.vmware.com/v1alpha1"
+  register: _tns_status
+  until:    not _tns_status.failed
+  retries:  50
+  delay:    2
+  when:
+    - (_tns_crd_status.resources | default([]) | length) > 0
 
 - name: "ensure the namespace no longer exists"
   k8s:

roles/components/core/identity/common/defaults/main.yaml

@@ -8,9 +8,11 @@ tanzu_identity:
 
   # ldap
   ldap:
-    image:     "projects.registry.vmware.com/rpk/openldap"
-    image_tag: "1.2.2"
-    base_dn:   "dc={{ tanzu_ingress_domain.split('.') | join(',dc=') }}"
+    image:          "projects.registry.vmware.com/rpk/openldap"
+    image_tag:      "1.2.2"
+    base_dn:        "dc={{ tanzu_ingress_domain.split('.') | join(',dc=') }}"
+    admin_user:     "rpk-admin"
+    admin_password: "tanzu"
     resources:
       requests:
         cpu:    "50m"

roles/components/core/identity/demo/tasks/main.yaml

@@ -25,20 +25,13 @@
     validate_certs: false
   when: tanzu_provider != 'kind'
 
-- name: "write rbac definition file"
-  template:
-    src:  "rbac.yaml.j2"
-    dest: "{{ tanzu_identity.staging_dir }}/rbac.yaml"
-    mode: "0400"
-  changed_when: false
-
-- name: "ensure rbac exists"
-  k8s:
-    state:        "present"
-    context:      "{{ tanzu_kubectl_context }}"
-    src:          "{{ tanzu_identity.staging_dir }}/rbac.yaml"
-    wait:         true
-    wait_timeout: "300"
+- name: "ensure demo ldap config exists"
+  import_role:
+    name: "common/manifest-file"
+  vars:
+    manifest_description: "demo ldap config"
+    manifest_template:    "ldap-config-demo.yaml.j2"
+    manifest_staging_dir: "{{ tanzu_identity.staging_dir }}"
 
 - name: "you may obtain your kubectl files with the following information"
   debug:

roles/components/core/identity/demo/templates/rbac.yaml.j2 renamed to roles/components/core/identity/demo/templates/ldap-config-demo.yaml.j2

@@ -1,2 +1,27 @@
 # Copyright 2006-2021 VMware, Inc.
 # SPDX-License-Identifier: MIT
+---
+#
+# DNS
+#
+- name: "get the ingress ip"
+  import_role:
+    name: "common/ingress-ip"
+
+- name: "ensure dns resolvability for identity module"
+  include_role:
+    name: "common/etc-hosts"
+  vars:
+    ip:   "{{ ingress_ip }}"
+    fqdn: "{{ item }}"
+  with_items:
+    - "{{ tanzu_identity.dex.dns }}"
+    - "{{ tanzu_identity.gangway.dns }}"
+
+#
+# RETRIEVE CLUSTER INFO
+#
+- name: "retrieve cluster info"
+  import_role:
+    name: "common/cluster-info"
+  when: tanzu_apiserver_url is not defined

roles/components/core/identity/pre-flight/tasks/main.yaml

@@ -18,31 +18,6 @@
     namespace_template_file: "tanzu-namespace.yaml.j2"
     namespace_file:          "{{ tanzu_identity.staging_dir }}/tanzu-namespace.yaml"
 
-#
-# DNS
-#
-- name: "get the ingress ip"
-  import_role:
-    name: "common/ingress-ip"
-
-- name: "ensure dns resolvability for identity module"
-  include_role:
-    name: "common/etc-hosts"
-  vars:
-    ip:   "{{ ingress_ip }}"
-    fqdn: "{{ item }}"
-  with_items:
-    - "{{ tanzu_identity.dex.dns }}"
-    - "{{ tanzu_identity.gangway.dns }}"
-
-#
-# RETRIEVE CLUSTER INFO
-#
-- name: "retrieve cluster info"
-  import_role:
-    name: "common/cluster-info"
-  when: tanzu_apiserver_url is not defined
-
 #
 # LDAP
 #
@@ -52,7 +27,14 @@
   vars:
     manifest_description: "ldap pod security policy"
     manifest_template:    "psp-ldap.yaml.j2"
-    manifest_file:        "psp-ldap.yaml"
+    manifest_staging_dir: "{{ tanzu_identity.staging_dir }}"
+
+- name: "ensure ldap config exists"
+  import_role:
+    name: "common/manifest-file-with-wait"
+  vars:
+    manifest_description: "ldap config"
+    manifest_template:    "config-ldap.yaml.j2"
     manifest_staging_dir: "{{ tanzu_identity.staging_dir }}"
 
 - name: "ensure ldap exists"
@@ -61,7 +43,6 @@
   vars:
     manifest_description: "ldap"
     manifest_template:    "app-ldap.yaml.j2"
-    manifest_file:        "app-ldap.yaml"
     manifest_staging_dir: "{{ tanzu_identity.staging_dir }}"
 
 #
@@ -83,9 +64,16 @@
   import_role:
     name: "common/manifest-file-with-wait"
   vars:
-    manifest_description: "dex"
+    manifest_description: "dex ingress"
     manifest_template:    "app-dex.yaml.j2"
-    manifest_file:        "app-dex.yaml"
+    manifest_staging_dir: "{{ tanzu_identity.staging_dir }}"
+
+- name: "ensure dex ingress exists"
+  import_role:
+    name: "common/manifest-file-with-wait"
+  vars:
+    manifest_description: "dex"
+    manifest_template:    "ingress-dex.yaml.j2"
     manifest_staging_dir: "{{ tanzu_identity.staging_dir }}"
 
 #
@@ -109,7 +97,14 @@
   vars:
     manifest_description: "gangway"
     manifest_template:    "app-gangway.yaml.j2"
-    manifest_file:        "app-gangway.yaml"
+    manifest_staging_dir: "{{ tanzu_identity.staging_dir }}"
+
+- name: "ensure gangway ingress exists"
+  import_role:
+    name: "common/manifest-file-with-wait"
+  vars:
+    manifest_description: "gangway ingress"
+    manifest_template:    "ingress-gangway.yaml.j2"
     manifest_staging_dir: "{{ tanzu_identity.staging_dir }}"
 
 #
@@ -121,7 +116,6 @@
   vars:
     manifest_description: "psp for reconfiguring kube api server jobs"
     manifest_template:    "psp-for-job-kube-apiserver.yaml.j2"
-    manifest_file:        "psp-for-job-kube-apiserver.yaml"
     manifest_staging_dir: "{{ tanzu_security.staging_dir }}"
 
 - name: "fetch the control plane nodes"

roles/components/core/identity/tasks/main.yaml

@@ -22,27 +22,6 @@ spec:
   selector:
     app.kubernetes.io/name: dex
 ---
-kind: Ingress
-apiVersion: extensions/v1beta1
-metadata:
-  name: dex
-  namespace: "{{ tanzu_identity.namespace }}"
-  annotations:
-    external-dns.alpha.kubernetes.io/target: "{{ tanzu_ingress.dns }}"
-spec:
-  rules:
-  - host: "{{ tanzu_identity.dex.dns }}"
-    http:
-      paths:
-      - path: /
-        backend:
-          serviceName: dex
-          servicePort: 80
-  tls:
-  - hosts:
-    - "{{ tanzu_identity.dex.dns }}"
-    secretName: dex-cert-tls
----
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -131,7 +110,7 @@ rules:
   resources:
   - customresourcedefinitions
   verbs:
-  - create
+  - '*'
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRoleBinding

roles/components/core/identity/templates/app-dex.yaml.j2

@@ -18,27 +18,6 @@ spec:
   selector:
     app.kubernetes.io/name: gangway
 ---
-apiVersion: networking.k8s.io/v1beta1
-kind: Ingress
-metadata:
-  name: gangway
-  namespace: "{{ tanzu_identity.namespace }}"
-  annotations:
-    external-dns.alpha.kubernetes.io/target: "{{ tanzu_ingress.dns }}"
-spec:
-  rules:
-  - host: "{{ tanzu_identity.gangway.dns }}"
-    http:
-      paths:
-      - path: /
-        backend:
-          serviceName: gangway
-          servicePort: 80
-  tls:
-  - hosts:
-    - "{{ tanzu_identity.gangway.dns }}"
-    secretName: gangway-cert-tls
----
 apiVersion: v1
 kind: ConfigMap
 metadata: