diff --git a/.gitignore b/.gitignore
index f891a108d5f1c5c162c4969262101dbea32819d5..b7ffa54af779ca9f6b49a0a4cfd906973d6aa48e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,6 @@
*.tgz
*.xpkg
-local
+*local*
argopw
argowftoken
diff --git a/build_package.sh b/build_package.sh
index 08c2d26523097f24594eb33765b87be12ea36460..8487c26c1ce22690f3c3f5091cf053461cdab108 100644
--- a/build_package.sh
+++ b/build_package.sh
@@ -1,4 +1,4 @@
# Builds the crossplane configuration package image and pushes it to EC gitlab
-# VERSION=v0.3.9
+# VERSION=v0.3.10
crossplane xpkg build -f package/ -e package/examples/ -o configuration-${VERSION}.xpkg --verbose
crossplane xpkg push code.europa.eu:4567/simpl/simpl-open/development/infrastructure/infrastructure-crossplane/configuration:${VERSION} -f configuration-${VERSION}.xpkg --domain https://code.europa.eu
\ No newline at end of file
diff --git a/charts/.helmignore b/charts/.helmignore
index 3573acb04099d39694b8691457fb2b9c443c5151..1535abfe9f8a7c764b1c9bcfc7e9fdd5a326287f 100644
--- a/charts/.helmignore
+++ b/charts/.helmignore
@@ -1 +1,2 @@
-values.env.yaml
\ No newline at end of file
+values.env.yaml
+dependencies
\ No newline at end of file
diff --git a/charts/dependencies/templates/secret.yaml b/charts/dependencies/templates/secret.yaml
index 85708a5a996cf986bf05aeec19d886d2721e605f..855724c7b6b9561418491430390926b467d82dce 100644
--- a/charts/dependencies/templates/secret.yaml
+++ b/charts/dependencies/templates/secret.yaml
@@ -6,4 +6,3 @@ type: Opaque
data:
username: {{ .Values.secrets.gitea.username | b64enc }}
password: {{ .Values.secrets.gitea.password | b64enc }}
- email: {{ .Values.secrets.gitea.email | b64enc }}
diff --git a/charts/dependencies/values.env.yaml b/charts/dependencies/values.env.yaml
index 150bb3985dd4690eca0d5e1c49506c22faa05a4c..dc88b06d866c39c000abe88f0c5a1b5de2427a4a 100644
--- a/charts/dependencies/values.env.yaml
+++ b/charts/dependencies/values.env.yaml
@@ -10,4 +10,3 @@ secrets:
gitea:
username: #GITEA_USERNAME
password: #GITEA_PASSWORD
- email: #GITEA_EMAIL
diff --git a/charts/dependencies/values.yaml b/charts/dependencies/values.yaml
index e218c4867c56b6959b6a7322c33d687e651179d8..4ed09b9e8147a9365df743fd543c199448af7cb0 100644
--- a/charts/dependencies/values.yaml
+++ b/charts/dependencies/values.yaml
@@ -1,7 +1,7 @@
crossplane:
configuration:
packages:
- - code.europa.eu:4567/simpl/simpl-open/development/infrastructure/infrastructure-crossplane/configuration:v0.3.9
+ - code.europa.eu:4567/simpl/simpl-open/development/infrastructure/infrastructure-crossplane/configuration:v0.3.10
gitea:
service:
diff --git a/charts/templates/claim-manager.yaml b/charts/templates/argo/claim-manager.yaml
similarity index 100%
rename from charts/templates/claim-manager.yaml
rename to charts/templates/argo/claim-manager.yaml
diff --git a/charts/templates/cli.yaml b/charts/templates/cli.yaml
deleted file mode 100644
index dab3b7759ecfbb9a7ec2c011ff2c91b5d918a790..0000000000000000000000000000000000000000
--- a/charts/templates/cli.yaml
+++ /dev/null
@@ -1,187 +0,0 @@
-{{- if .Values.cliEnabled }}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: cli
- namespace: {{ .Release.Namespace }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: cli
- namespace: {{ .Release.Namespace }}
-rules:
- - apiGroups:
- - coordination.k8s.io
- resources:
- - leases
- verbs:
- - create
- - get
- - update
- - apiGroups:
- - ""
- resources:
- - pods
- - pods/exec
- verbs:
- - create
- - get
- - list
- - watch
- - update
- - patch
- - delete
- - apiGroups:
- - ""
- resources:
- - configmaps
- verbs:
- - get
- - watch
- - list
- - apiGroups:
- - ""
- resources:
- - persistentvolumeclaims
- - persistentvolumeclaims/finalizers
- verbs:
- - create
- - update
- - delete
- - get
- - apiGroups:
- - argoproj.io
- resources:
- - workflows
- - workflows/finalizers
- - workflowtasksets
- - workflowtasksets/finalizers
- - workflowartifactgctasks
- verbs:
- - get
- - list
- - watch
- - update
- - patch
- - delete
- - create
- - apiGroups:
- - argoproj.io
- resources:
- - workflowtemplates
- - workflowtemplates/finalizers
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - argoproj.io
- resources:
- - workflowtaskresults
- verbs:
- - list
- - watch
- - deletecollection
- - apiGroups:
- - ""
- resources:
- - serviceaccounts
- verbs:
- - get
- - list
- - apiGroups:
- - ""
- resources:
- - secrets
- verbs:
- - get
- - apiGroups:
- - argoproj.io
- resources:
- - cronworkflows
- - cronworkflows/finalizers
- verbs:
- - get
- - list
- - watch
- - update
- - patch
- - delete
- - apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
- - patch
- - apiGroups:
- - "policy"
- resources:
- - poddisruptionbudgets
- verbs:
- - create
- - get
- - delete
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: cli
- namespace: {{ .Release.Namespace }}
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: cli
-subjects:
-- kind: ServiceAccount
- name: cli
- namespace: {{ .Release.Namespace }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: operate-workflow-role
- namespace: {{ .Release.Namespace }}
-rules:
- - apiGroups:
- - argoproj.io
- verbs:
- - "*"
- resources:
- - workflows
- - workflowtemplates
- - cronworkflows
- - clusterworkflowtemplates
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: operate-workflow-role-binding
- namespace: {{ .Release.Namespace }}
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: operate-workflow-role
-subjects:
- - kind: ServiceAccount
- name: {{ .Values.workflowOperatorSA }}
- namespace: {{ .Release.Namespace }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- namespace: {{ .Release.Namespace }}
- name: cli.service-account-token
- annotations:
- kubernetes.io/service-account.name: cli
-type: kubernetes.io/service-account-token
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: argocli.service-account-token
- annotations:
- kubernetes.io/service-account.name: argocli
-type: kubernetes.io/service-account-token
-{{- end }}
\ No newline at end of file
diff --git a/charts/templates/crossplane/provider-ionos-config.yaml b/charts/templates/crossplane/provider-ionos-config.yaml
index 9a8d01159d8fc167403803186846acacb5a85524..52c688539867f61171fb01be6bb7f861dfb25fa0 100644
--- a/charts/templates/crossplane/provider-ionos-config.yaml
+++ b/charts/templates/crossplane/provider-ionos-config.yaml
@@ -1,7 +1,7 @@
apiVersion: ionoscloud.crossplane.io/v1alpha1
kind: ProviderConfig
metadata:
- name: example
+ name: {{ .Release.Namespace }}-ionos-pc
spec:
credentials:
source: Secret
diff --git a/charts/templates/events/decommission/sensor.yaml b/charts/templates/events/decommission/sensor.yaml
index 50c4ef26ac0df71fa2cac37af9bf9356afdb7920..4337278ad3e439e475ea397c35189f3774156988 100644
--- a/charts/templates/events/decommission/sensor.yaml
+++ b/charts/templates/events/decommission/sensor.yaml
@@ -6,7 +6,7 @@ metadata:
spec:
eventBusName: provisioner-eventbus
template:
- serviceAccountName: {{ .Values.workflowOperatorSA }}
+ serviceAccountName: provisioner-events
dependencies:
- name: message
eventSourceName: decommission
@@ -30,12 +30,12 @@ spec:
volumes:
- name: repos
emptyDir: {}
- serviceAccountName: cli
+ serviceAccountName: provisioner-workflows
entrypoint: main
workflowMetadata:
labels:
track-workflow: "true"
- workflow-type: {{ .Values.kafkaConfig.decommissioningRequestsTopicName }}
+ workflow-type: {{ .Values.kafkaDecommissioningRequestsTopicName }}
labelsFrom:
scriptTriggerId:
expression: workflow.parameters.scriptTriggerId
diff --git a/charts/templates/events/decommission/source.yaml b/charts/templates/events/decommission/source.yaml
index f6f3b56a502d946b68210fcf3b8ae8f647e8d82e..82958092a268c8a993c448161587c18b7a673afb 100644
--- a/charts/templates/events/decommission/source.yaml
+++ b/charts/templates/events/decommission/source.yaml
@@ -8,12 +8,12 @@ spec:
kafka:
decommissionRequest:
url: {{ .Values.kafkaEndpoint }}
- topic: {{ .Values.kafkaConfig.decommissioningRequestsTopicName }}
+ topic: {{ .Values.kafkaDecommissioningRequestsTopicName }}
jsonBody: false
partition: "0"
- {{- if .Values.kafkaConfig.authEnable }}
+ {{- if .Values.kafkaAuthEnable }}
sasl:
- mechanism: {{ .Values.kafkaConfig.authMechanism }}
+ mechanism: {{ .Values.kafkaAuthMechanism }}
userSecret:
name: kafka-secret
key: username
diff --git a/charts/templates/events/decommission/status-sensor.yaml b/charts/templates/events/decommission/status-sensor.yaml
index 4877e07aab23c71b49496a650a4ebd5597312d4b..f6d2f9e208ed1a3cb8c1ce6d196194afa3e8c3b3 100644
--- a/charts/templates/events/decommission/status-sensor.yaml
+++ b/charts/templates/events/decommission/status-sensor.yaml
@@ -14,10 +14,10 @@ spec:
name: kafka
kafka:
url: {{ .Values.kafkaEndpoint }}
- topic: {{ .Values.kafkaConfig.decommissioningResponsesTopicName }}
- {{- if .Values.kafkaConfig.authEnable }}
+ topic: {{ .Values.kafkaDecommissioningResponsesTopicName }}
+ {{- if .Values.kafkaAuthEnable }}
sasl:
- mechanism: {{ .Values.kafkaConfig.authMechanism }}
+ mechanism: {{ .Values.kafkaAuthMechanism }}
userSecret:
name: kafka-secret
key: username
diff --git a/charts/templates/events/decommission/status-source.yaml b/charts/templates/events/decommission/status-source.yaml
index cd136e742856549e1ae621f277114cc4e1da9e35..97bd1b9e08e81b5920a0cb34a8138807c113b452 100644
--- a/charts/templates/events/decommission/status-source.yaml
+++ b/charts/templates/events/decommission/status-source.yaml
@@ -6,7 +6,7 @@ metadata:
spec:
eventBusName: provisioner-eventbus
template:
- serviceAccountName: {{ .Values.applicationStatusViewerSA }}
+ serviceAccountName: provisioner-events
resource:
decommissionStatus:
namespace: {{ .Release.Namespace }}
diff --git a/charts/templates/events/provision/gitops-status-sensor.yaml b/charts/templates/events/provision/gitops-status-sensor.yaml
index 0646ca815cdf7e0e468753121b373ce8b63a26a7..8f49d7fcebc6b0ee6f9e03949a1aa40fb98da458 100644
--- a/charts/templates/events/provision/gitops-status-sensor.yaml
+++ b/charts/templates/events/provision/gitops-status-sensor.yaml
@@ -14,11 +14,11 @@ spec:
name: kafka
kafka:
url: {{ .Values.kafkaEndpoint }}
- topic: {{ .Values.kafkaConfig.provisioningResponsesTopicName }}
+ topic: {{ .Values.kafkaProvisioningResponsesTopicName }}
partition: 0
- {{- if .Values.kafkaConfig.authEnable }}
+ {{- if .Values.kafkaAuthEnable }}
sasl:
- mechanism: {{ .Values.kafkaConfig.authMechanism }}
+ mechanism: {{ .Values.kafkaAuthMechanism }}
userSecret:
name: kafka-secret
key: username
diff --git a/charts/templates/events/provision/gitops-status-source.yaml b/charts/templates/events/provision/gitops-status-source.yaml
index c1b0fe4580714f683cac5d68b60bcfc396469d75..d664ad586e0e341f1e0d5deb594c43ae2e7f936c 100644
--- a/charts/templates/events/provision/gitops-status-source.yaml
+++ b/charts/templates/events/provision/gitops-status-source.yaml
@@ -6,7 +6,7 @@ metadata:
spec:
eventBusName: provisioner-eventbus
template:
- serviceAccountName: {{ .Values.workflowOperatorSA }}
+ serviceAccountName: provisioner-events
resource:
provisionGitops:
namespace: {{ .Release.Namespace }}
diff --git a/charts/templates/events/provision/sensor.yaml b/charts/templates/events/provision/sensor.yaml
index 6437c985d778a7cefac2945b7a4129922d8e476e..f2ed9fe0231d5111ecabab1e46a615f4caae860d 100644
--- a/charts/templates/events/provision/sensor.yaml
+++ b/charts/templates/events/provision/sensor.yaml
@@ -6,7 +6,7 @@ metadata:
spec:
eventBusName: provisioner-eventbus
template:
- serviceAccountName: {{ .Values.workflowOperatorSA }}
+ serviceAccountName: provisioner-events
dependencies:
- name: message
eventSourceName: provision
@@ -30,7 +30,7 @@ spec:
volumes:
- name: repos
emptyDir: {}
- serviceAccountName: cli
+ serviceAccountName: provisioner-workflows
entrypoint: main
workflowMetadata:
labels:
diff --git a/charts/templates/events/provision/source.yaml b/charts/templates/events/provision/source.yaml
index ba39bbfb6ab568dcd0ac6b34d07a00fe9a5183e1..7daf933ac7d60ee6c6c223fd06ed94f1d252f94c 100644
--- a/charts/templates/events/provision/source.yaml
+++ b/charts/templates/events/provision/source.yaml
@@ -8,12 +8,12 @@ spec:
kafka:
provisionRequest:
url: {{ .Values.kafkaEndpoint }}
- topic: {{ .Values.kafkaConfig.authMechanism.provisioningRequestsTopicName }}
+ topic: {{ .Values.kafkaProvisioningRequestsTopicName }}
jsonBody: false
partition: "0"
- {{- if .Values.kafkaConfig.authEnable }}
+ {{- if .Values.kafkaAuthEnable }}
sasl:
- mechanism: {{ .Values.kafkaConfig.authMechanism }}
+ mechanism: {{ .Values.kafkaAuthMechanism }}
userSecret:
name: kafka-secret
key: username
diff --git a/charts/templates/events/provision/status-sensor.yaml b/charts/templates/events/provision/status-sensor.yaml
index 086347df0a6155838eeef0e7a4e71491ba54f525..ca327a63145d7faf2d887b148b85c52082ee98f8 100644
--- a/charts/templates/events/provision/status-sensor.yaml
+++ b/charts/templates/events/provision/status-sensor.yaml
@@ -6,13 +6,16 @@ metadata:
spec:
eventBusName: provisioner-eventbus
template:
- serviceAccountName: {{ .Values.workflowOperatorSA }}
+ serviceAccountName: provisioner-events
dependencies:
- name: message
eventSourceName: provision-status
eventName: provisionStatus
triggers:
- - template:
+ - rateLimit:
+ unit: Second
+ requestsPerUnit: 1
+ template:
name: argo-workflow-trigger
argoWorkflow:
operation: submit
@@ -27,7 +30,7 @@ spec:
podGC:
strategy: OnPodCompletion
deleteDelayDuration: 120s
- serviceAccountName: cli
+ serviceAccountName: provisioner-workflows
entrypoint: main
workflowMetadata:
arguments:
@@ -205,10 +208,10 @@ spec:
parameters:
- name: payload
script:
- {{- if .Values.kafkaConfig.authEnable }}
+ {{- if .Values.kafkaAuthEnable }}
env:
- name: MECHANISM
- value: {{ .Values.kafkaConfig.authMechanism }}
+ value: {{ .Values.kafkaAuthMechanism }}
- name: USERNAME
valueFrom:
secretKeyRef:
@@ -222,12 +225,12 @@ spec:
{{- end }}
image: confluentinc/cp-kafkacat:7.1.14
command: [sh]
- {{- if .Values.kafkaConfig.authEnable }}
+ {{- if .Values.kafkaAuthEnable }}
source: |
- echo {{`{{inputs.parameters.payload}}`}} | kafkacat -P -b {{ .Values.kafkaEndpoint }} -X security.protocol=SASL_PLAINTEXT -X sasl.username="$USERNAME" -X sasl.password="$PASSWORD" -X sasl.mechanism="$MECHANISM" -t {{ .Values.kafkaConfig.provisioningResponsesTopicName }} -J
+ echo {{`{{inputs.parameters.payload}}`}} | kafkacat -P -b {{ .Values.kafkaEndpoint }} -X security.protocol=SASL_PLAINTEXT -X sasl.username="$USERNAME" -X sasl.password="$PASSWORD" -X sasl.mechanism="$MECHANISM" -t {{ .Values.kafkaProvisioningResponsesTopicName }} -J
{{- else }}
source: |
- echo {{`{{inputs.parameters.payload}}`}} | kafkacat -P -b {{ .Values.kafkaEndpoint }} -t {{ .Values.kafkaConfig.provisioningResponsesTopicName }} -J
+ echo {{`{{inputs.parameters.payload}}`}} | kafkacat -P -b {{ .Values.kafkaEndpoint }} -t {{ .Values.kafkaProvisioningResponsesTopicName }} -J
{{- end }}
parameters:
@@ -235,6 +238,3 @@ spec:
dependencyName: message
dataKey: body
dest: spec.arguments.parameters.0.value
- retryStrategy:
- steps: 2
- duration: 30s
\ No newline at end of file
diff --git a/charts/templates/events/provision/status-source.yaml b/charts/templates/events/provision/status-source.yaml
index f47ede78a87c20140743e8c974e1620aadf712c7..d5eceaccd0209866a3c6ee2d3302570c264a67e8 100644
--- a/charts/templates/events/provision/status-source.yaml
+++ b/charts/templates/events/provision/status-source.yaml
@@ -6,7 +6,7 @@ metadata:
spec:
eventBusName: provisioner-eventbus
template:
- serviceAccountName: {{ .Values.applicationStatusViewerSA }}
+ serviceAccountName: provisioner-events
resource:
provisionStatus:
namespace: {{ .Release.Namespace }}
diff --git a/charts/templates/job.yaml b/charts/templates/job.yaml
index e36ed8a85c3f874f1884b5e46eb194bdc1e64e86..67aee8b030491c09c9dc6c07bec878925911a62e 100644
--- a/charts/templates/job.yaml
+++ b/charts/templates/job.yaml
@@ -3,8 +3,10 @@ apiVersion: batch/v1
kind: Job
metadata:
name: gitea-setup-job
+ annotations:
+ "helm.sh/hook": post-install
spec:
- backoffLimit: 12
+ backoffLimit: 24
ttlSecondsAfterFinished: 600
template:
spec:
diff --git a/charts/templates/rbac/cli.yaml b/charts/templates/rbac/cli.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..671d4a37bcfc8b4984bf8da30defc58b6de0c554
--- /dev/null
+++ b/charts/templates/rbac/cli.yaml
@@ -0,0 +1,70 @@
+{{- if .Values.cliEnabled }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: cli
+ namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: cli
+ namespace: {{ .Release.Namespace }}
+rules:
+ - apiGroups:
+ - argoproj.io
+ resources:
+ - workflows
+ - workflows/finalizers
+ - workflowtasksets
+ - workflowtasksets/finalizers
+ - workflowartifactgctasks
+ verbs:
+ - get
+ - list
+ - watch
+ - update
+ - patch
+ - delete
+ - create
+ - apiGroups:
+ - argoproj.io
+ resources:
+ - workflowtemplates
+ - workflowtemplates/finalizers
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - argoproj.io
+ resources:
+ - workflowtaskresults
+ verbs:
+ - list
+ - watch
+ - deletecollection
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: cli
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: cli
+subjects:
+- kind: ServiceAccount
+ name: cli
+ namespace: {{ .Release.Namespace }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ namespace: {{ .Release.Namespace }}
+ name: cli.service-account-token
+ annotations:
+ kubernetes.io/service-account.name: cli
+type: kubernetes.io/service-account-token
+{{- end }}
\ No newline at end of file
diff --git a/charts/templates/rbac.yaml b/charts/templates/rbac/rbac.yaml
similarity index 52%
rename from charts/templates/rbac.yaml
rename to charts/templates/rbac/rbac.yaml
index 850b5065b1eb1b1d97725a385b93884f3cb31a5f..4983929c365c929858f6c8fea7b78f12f8b9ca88 100644
--- a/charts/templates/rbac.yaml
+++ b/charts/templates/rbac/rbac.yaml
@@ -23,6 +23,36 @@ rules:
- argoproj.io
resources:
- applications
+ verbs:
+ - patch
+ - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: view-workflow
+ namespace: {{ .Release.Namespace }}
+rules:
+ - apiGroups:
+ - argoproj.io
+ resources:
+ - workflows
+ - workflowtaskresults
+ verbs:
+ - list
+ - get
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: patch-workflow
+ namespace: {{ .Release.Namespace }}
+rules:
+ - apiGroups:
+ - argoproj.io
+ resources:
+ - workflows
- workflowtaskresults
verbs:
- patch
@@ -39,13 +69,10 @@ roleRef:
name: view-application
subjects:
- kind: ServiceAccount
- name: claim-application-status
+ name: provisioner-events
namespace: {{ .Release.Namespace }}
- kind: ServiceAccount
- name: operate-workflow
- namespace: {{ .Release.Namespace }}
-- kind: ServiceAccount
- name: cli
+ name: provisioner-workflows
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
@@ -59,21 +86,49 @@ roleRef:
name: patch-application
subjects:
- kind: ServiceAccount
- name: cli
+ name: provisioner-workflows
+ namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: view-workflow
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: patch-workflow
+subjects:
+- kind: ServiceAccount
+ name: provisioner-events
+ namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: patch-workflow
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: patch-workflow
+subjects:
+- kind: ServiceAccount
+ name: provisioner-workflows
+ namespace: {{ .Release.Namespace }}
+- kind: ServiceAccount
+ name: provisioner-events
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
- name: view-composite-status-events
+ name: {{ .Release.Namespace }}-view-crossplane
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: crossplane-view
subjects:
- kind: ServiceAccount
- name: composite-status
- namespace: {{ .Release.Namespace }}
- - kind: ServiceAccount
- name: cli
+ name: provisioner-workflows
namespace: {{ .Release.Namespace }}
\ No newline at end of file
diff --git a/charts/templates/service-account.yaml b/charts/templates/rbac/service-account.yaml
similarity index 65%
rename from charts/templates/service-account.yaml
rename to charts/templates/rbac/service-account.yaml
index f70a04a34d5ec16b40a7fd9ea99286615e373121..4ed8ee5fc70bbe82a8a1fe8736a6a554eb2fba58 100644
--- a/charts/templates/service-account.yaml
+++ b/charts/templates/rbac/service-account.yaml
@@ -1,11 +1,11 @@
apiVersion: v1
kind: ServiceAccount
metadata:
- name: {{ .Values.workflowOperatorSA }}
+ name: provisioner-events
namespace: {{ .Release.Namespace }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
- name: {{ .Values.applicationStatusViewerSA }}
+ name: provisioner-workflows
namespace: {{ .Release.Namespace }}
diff --git a/charts/values.env.yaml b/charts/values.env.yaml
index 18c05dad2308a34dd2ef81b27a0bb52e3728b313..15e24077467d1c9b9a689ebd2c1a3cb9426dd183 100644
--- a/charts/values.env.yaml
+++ b/charts/values.env.yaml
@@ -1,4 +1,5 @@
kafkaEndpoint: #KAFKA_ENDPOINT
+giteaUrl: #GITEA_URL
secrets:
ionos:
@@ -9,4 +10,3 @@ secrets:
gitea:
username: #GITEA_USERNAME
password: #GITEA_PASSWORD
- email: #GITEA_EMAIL
diff --git a/charts/values.yaml b/charts/values.yaml
index 2137dcfe5e39f3f75c2d065d731250a72c27778b..3f651f5576e20982b6573ec34e0b33fb0a9790d7 100644
--- a/charts/values.yaml
+++ b/charts/values.yaml
@@ -1,17 +1,12 @@
dependenciesReleaseName: provisioner-dependencies
dependenciesNamespace: infrastructure
-applicationStatusViewerSA: claim-application-status
-workflowOperatorSA: operate-workflow
-
-cliEnabled: true
-
-provisionWorkflowImage: code.europa.eu:4567/simpl/simpl-open/development/infrastructure/infrastructure-crossplane/to-provision-workflow:v0.2.1
-
-kafkaConfig:
- authEnable: true
- authMechanism: PLAIN
- provisioningRequestsTopicName: to-provision
- provisioningResponsesTopicName: provisioned
- decommissioningRequestsTopicName: to-decommission
- decommissioningResponsesTopicName: decommissioned
+cliEnabled: false
+provisionWorkflowImage: code.europa.eu:4567/simpl/simpl-open/development/infrastructure/infrastructure-crossplane/to-provision-workflow:v0.3.0
+
+kafkaAuthEnable: true
+kafkaAuthMechanism: PLAIN
+kafkaProvisioningRequestsTopicName: to-provision
+kafkaProvisioningResponsesTopicName: provisioned
+kafkaDecommissioningRequestsTopicName: to-decommission
+kafkaDecommissioningResponsesTopicName: decommissioned
diff --git a/package/apis/demo/definition.yaml b/package/apis/demo/definition.yaml
index bb15d9a4c63c4e7e6de3981f95f37e211615b6c7..3c30cd0d874f2215ec1935650b5e00825eaac0d3 100644
--- a/package/apis/demo/definition.yaml
+++ b/package/apis/demo/definition.yaml
@@ -48,6 +48,8 @@ spec:
enum: [INTEL_ICELAKE, AMD_EPYC]
cloudConfig:
type: string
+ providerConfig:
+ type: string
required:
- datacenterName
- datacenterLocation
@@ -55,6 +57,7 @@ spec:
- cores
- ram
- cpuFamily
+ - providerConfig
required:
- parameters
status:
diff --git a/package/apis/demo/ionos.yaml b/package/apis/demo/ionos.yaml
index 32540260409e43b07acdde5f517bf0ec3e494bd5..840bfa7d90eea4a8320a1e0c071ecfa5ac138351 100644
--- a/package/apis/demo/ionos.yaml
+++ b/package/apis/demo/ionos.yaml
@@ -25,6 +25,9 @@ spec:
providerConfigRef:
name: example
patches:
+ - type: FromCompositeFieldPath
+ fromFieldPath: spec.parameters.providerConfig
+ toFieldPath: spec.providerConfigRef.name
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.datacenterLocation
toFieldPath: spec.forProvider.location
@@ -67,6 +70,9 @@ spec:
- type: string
string:
fmt: "%s_1"
+ - type: FromCompositeFieldPath
+ fromFieldPath: spec.parameters.providerConfig
+ toFieldPath: spec.providerConfigRef.name
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.cores
toFieldPath: spec.forProvider.cores
@@ -99,6 +105,9 @@ spec:
providerConfigRef:
name: example
patches:
+ - type: FromCompositeFieldPath
+ fromFieldPath: spec.parameters.providerConfig
+ toFieldPath: spec.providerConfigRef.name
- type: FromCompositeFieldPath
fromFieldPath: spec.resourceRefs[0].name
toFieldPath: spec.forProvider.datacenterConfig.datacenterIdRef.name
@@ -117,6 +126,9 @@ spec:
providerConfigRef:
name: example
patches:
+ - type: FromCompositeFieldPath
+ fromFieldPath: spec.parameters.providerConfig
+ toFieldPath: spec.providerConfigRef.name
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.datacenterLocation
toFieldPath: spec.forProvider.location
@@ -149,6 +161,9 @@ spec:
providerConfigRef:
name: example
patches:
+ - type: FromCompositeFieldPath
+ fromFieldPath: spec.parameters.providerConfig
+ toFieldPath: spec.providerConfigRef.name
- type: FromCompositeFieldPath
fromFieldPath: spec.resourceRefs[0].name
toFieldPath: spec.forProvider.datacenterConfig.datacenterIdRef.name
@@ -184,6 +199,9 @@ spec:
providerConfigRef:
name: example
patches:
+ - type: FromCompositeFieldPath
+ fromFieldPath: spec.parameters.providerConfig
+ toFieldPath: spec.providerConfigRef.name
- type: FromCompositeFieldPath
fromFieldPath: spec.resourceRefs[0].name
toFieldPath: spec.forProvider.datacenterConfig.datacenterIdRef.name
diff --git a/setup.sh b/setup.sh
index 2bd1c148d4465b5692ba92cde2de07af8f3d5d4f..4066f51982cda6e8817af51c75c11d06acd86f5c 100644
--- a/setup.sh
+++ b/setup.sh
@@ -1,16 +1,16 @@
+# For setting up locally
NS=infrastructure
kubectl create namespace $NS
kubectl create -n $NS secret docker-registry "ec-pull-secret" --docker-server="code.europa.eu:4567" --docker-username="$EC_USERNAME" --docker-password="$EC_PASSWORD"
-kubectl create -n $NS secret generic gitea-secret --from-literal=username=gitops_test --from-literal=password=test1234
-kubectl create -n $NS secret generic kafka-secret --from-literal=username=demo --from-literal=password=demo-password
-kubectl create -n $NS secret generic ionos-provider --from-literal=credentials="{\"token\":\"${IONOS_TOKEN}\"}"
-helm install provisioner-dependencies -n $NS charts/dependencies
-sleep 60
-helm install provisioner-resources -n $NS charts/resources
+helm install dependencies -n $NS charts/dependencies -f charts/dependencies/values.yaml -f charts/dependencies/values.local.yaml
+sleep 100
+helm install resources -n $NS charts -f charts/values.yaml -f charts/values.local.yaml
# Use when installing locally to get access tokens and forward service ports
-echo "Bearer $(kubectl get -n $NS secret cli.service-account-token -o=jsonpath='{.data.token}' | base64 --decode)" > argowftoken
-kubectl get -n $NS secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d > argopw
-# kubectl port-forward -n $NS svc/argocd-server 8888:443
-# kubectl port-forward -n $NS svc/argowf-argo-workflows-server 8777:2746
-# kubectl port-forward -n $NS svc/gitea-http 8333:3000
\ No newline at end of file
+# echo "Bearer $(kubectl get -n $NS secret cli.service-account-token -o=jsonpath='{.data.token}' | base64 --decode)" > argowftoken
+kubectl get -n infrastructure secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d > argopw
+
+# Port Forwarding to access UIs of each component
+# kubectl port-forward svc/dependencies-argocd-server 8888:443 -n infrastructure
+# kubectl port-forward svc/dependencies-argowf-argo-workflows-server 8777:2746 -n infrastructure
+# kubectl port-forward svc/dependencies-gitea-http 8333:3000 -n infrastructure
diff --git a/workflow-images/to-provision/main.py b/workflow-images/to-provision/main.py
index a5db1f6cc29bb3d892aceaa2a2914b357d803e42..f3af6fe7b7f39b2488f4427ca1778cbdb49fdad5 100644
--- a/workflow-images/to-provision/main.py
+++ b/workflow-images/to-provision/main.py
@@ -13,6 +13,33 @@ CLAIM_KIND_REF_LABEL = "reference-kind"
KIND_REF_PLACEHOLDER = "KIND"
UUID_PLACEHOLDER = "UUID"
+PROVIDER = 'ionos'
+
+##TODO add all metadata in this way
+def insert_claim_metadata(claim, uuid):
+ as_dict = {}
+ try:
+ as_dict = yaml.safe_load(claim)
+ except Exception as e:
+ msg = f"claim metadata: cannot deserialize manifest: claim {uuid}"
+ write_termination_log(msg)
+ sys.exit(104)
+ try:
+ namespace = as_dict["metadata"]["namespace"]
+ as_dict["spec"]["parameters"]["providerConfig"] = f"{namespace}-{PROVIDER}-pc"
+ except KeyError:
+ msg = f"claim metadata: missing required fields: claim {uuid} "
+ write_termination_log(msg)
+ sys.exit(104)
+ try:
+ claim = yaml.safe_dump(as_dict)
+ except Exception as e:
+ msg = f"claim metadata: cannot serialize manifest: claim {uuid} "
+ write_termination_log(msg)
+ sys.exit(104)
+
+ return claim
+
def write_termination_log(msg, echo_stdout=True):
if echo_stdout:
print(msg)
@@ -51,6 +78,7 @@ except Exception as e:
sys.exit(103)
with open(script_path, mode="w", encoding="utf-8") as claim_file:
+ script_content = insert_claim_metadata(script_content, UUID)
claim_file.write(script_content)
print(f"\n---[claim {UUID} created]---\n")
@@ -64,7 +92,7 @@ with open(APPLICATION_TEMPLATE_PATH, mode="r", encoding="utf-8") as template_fil
except Exception as e:
msg = f"Cannot retrieve claim kind reference label from manifest"
write_termination_log(msg)
- sys.exit(104)
+ sys.exit(105)
application_content = template.format(**{UUID_PLACEHOLDER:UUID,KIND_REF_PLACEHOLDER:reference_kind})
with open(application_path, mode="w", encoding="utf-8") as application_file: