From b082a2f3050dd73c1bb0b9343232c34c84d551b8 Mon Sep 17 00:00:00 2001 From: raghuramopsmx <> Date: Fri, 16 Apr 2021 12:10:58 +0530 Subject: [PATCH] LCM using s3 --- .../configmap/halyard-init-script.yaml | 35 ++++++++++++------- .../templates/statefulsets/halyard.yaml | 30 +++++++++++++--- .../secrets/opsmx-gitops-secret.yaml | 7 ++++ charts/oes/values.yaml | 3 ++ 4 files changed, 59 insertions(+), 16 deletions(-) diff --git a/charts/oes/charts/spinnaker/templates/configmap/halyard-init-script.yaml b/charts/oes/charts/spinnaker/templates/configmap/halyard-init-script.yaml index b8328a2c..e89b6d39 100755 --- a/charts/oes/charts/spinnaker/templates/configmap/halyard-init-script.yaml +++ b/charts/oes/charts/spinnaker/templates/configmap/halyard-init-script.yaml @@ -8,43 +8,37 @@ data: init.sh: | {{- if not .Values.gitopsHalyard.enabled }} #!/bin/bash - # Override Halyard daemon's listen address cp /opt/halyard/config/* /tmp/config printf 'server.address: 0.0.0.0\n' > /tmp/config/halyard-local.yml - # Use Redis deployed via the dependent Helm chart rm -rf /tmp/spinnaker/.hal/default/service-settings mkdir -p /tmp/spinnaker/.hal/default/service-settings cp /tmp/service-settings/* /tmp/spinnaker/.hal/default/service-settings/ - rm -rf /tmp/spinnaker/.hal/default/profiles mkdir -p /tmp/spinnaker/.hal/default/profiles cp /tmp/additionalProfileConfigMaps/* /tmp/spinnaker/.hal/default/profiles/ - rm -rf /tmp/spinnaker/.hal/.boms - {{- if .Values.halyard.bom }} mkdir -p /tmp/spinnaker/.hal/.boms/bom cp /tmp/halyard-bom/* /tmp/spinnaker/.hal/.boms/bom {{- end }} - {{- if .Values.halyard.serviceConfigs }} for filename in /tmp/service-configs/*; do basename=$(basename -- "$filename") fname="${basename#*_}" servicename="${basename%%_*}" - mkdir -p "/tmp/spinnaker/.hal/.boms/$servicename" cp "$filename" "/tmp/spinnaker/.hal/.boms/$servicename/$fname" done {{- end }} - {{- if hasKey .Values.halyard "additionalInitScript" }} # additionalInitScript {{ tpl .Values.halyard.additionalInitScript $ | indent 4 }} {{- end }} - {{- else }} + {{- end }} + + {{- if and (.Values.gitopsHalyard.enabled) (eq .Values.gitopsHalyard.repo.type "git") }} #!/bin/bash -x rm -rf /tmp/spinnaker/.hal git clone $GIT_CLONE_PARAM /tmp/spinnaker/test @@ -54,9 +48,6 @@ data: GIT_TOKEN=`echo $GIT_TOKEN | sed 's/ *$//g'` DYNAMIC_ACCOUNTS_REPO=`echo $DYNAMIC_ACCOUNTS_REPO | sed 's/ *$//g'` sed -i s/SPINNAKER_NAMESPACE/${SPINNAKER_NAMESPACE}/ /tmp/spinnaker/.hal/config - {{- if .Values.gitopsHalyard.mTLS.enabled }} - sed -i s/SPINNAKER_NAMESPACE/${SPINNAKER_NAMESPACE}/g /tmp/spinnaker/.hal/default/service-settings/* - {{- end }} sed -i s/RELEASE_NAME/{{ .Release.Name }}/g /tmp/spinnaker/.hal/config sed -i s/GIT_USER/${GIT_USER}/g /tmp/spinnaker/.hal/default/profiles/spinnakerconfig.yml sed -i s/GIT_TOKEN/${GIT_TOKEN}/g /tmp/spinnaker/.hal/default/profiles/spinnakerconfig.yml @@ -70,3 +61,23 @@ data: cp /tmp/spinnaker/.hal/halyard.yaml /tmp/config fi {{- end }} + {{- if and (.Values.gitopsHalyard.enabled) (eq .Values.gitopsHalyard.repo.type "s3") }} + #!/bin/bash -x + rm -rf /tmp/spinnaker/.hal + AWS_ACCESS_KEY_ID=$S3_ACCESSKEY AWS_SECRET_ACCESS_KEY=$S3_SECRETKEY aws s3 cp s3://$S3_BUCKET/config /tmp/spinnaker/.hal/config + AWS_ACCESS_KEY_ID=$S3_ACCESSKEY AWS_SECRET_ACCESS_KEY=$S3_SECRETKEY aws s3 cp s3://$S3_BUCKET/default/ /tmp/spinnaker/.hal/default --recursive + AWS_ACCESS_KEY_ID=$S3_ACCESSKEY AWS_SECRET_ACCESS_KEY=$S3_SECRETKEY aws s3 cp s3://$S3_BUCKET/halyard.yaml /tmp/spinnaker/.hal/halyard.yaml + sed -i s/SPINNAKER_NAMESPACE/${SPINNAKER_NAMESPACE}/ /tmp/spinnaker/.hal/config + sed -i s/RELEASE_NAME/{{ .Release.Name }}/g /tmp/spinnaker/.hal/config + sed -i s/RELEASE_NAME/{{ .Release.Name }}/g /tmp/spinnaker/.hal/default/service-settings/redis.yml + if [ -f /tmp/spinnaker/.hal/default/profiles/fiat-local.yml ]; then + sed -i s/RELEASE_NAME/{{ .Release.Name }}/g /tmp/spinnaker/.hal/default/profiles/fiat-local.yml + fi + printf 'server.address: 0.0.0.0\n' > /tmp/config/halyard-local.yml + if [ -f /tmp/spinnaker/.hal/halyard.yaml ]; then + cp /tmp/spinnaker/.hal/halyard.yaml /tmp/config + fi + {{- end }} + {{- if .Values.gitopsHalyard.mTLS.enabled }} + sed -i s/SPINNAKER_NAMESPACE/${SPINNAKER_NAMESPACE}/g /tmp/spinnaker/.hal/default/service-settings/* + {{- end }} diff --git a/charts/oes/charts/spinnaker/templates/statefulsets/halyard.yaml b/charts/oes/charts/spinnaker/templates/statefulsets/halyard.yaml index fb6591c7..3d325159 100755 --- a/charts/oes/charts/spinnaker/templates/statefulsets/halyard.yaml +++ b/charts/oes/charts/spinnaker/templates/statefulsets/halyard.yaml @@ -40,7 +40,7 @@ spec: initContainers: - name: "create-halyard-local" {{- if .Values.gitopsHalyard.enabled }} - image: alpine/git:v2.26.2 + image: quay.io/opsmxpublic/awsgit:v1 {{- else }} image: {{ .Values.halyard.image.repository }}:{{ .Values.halyard.image.tag }} {{- end }} @@ -51,7 +51,7 @@ spec: - bash {{- end }} - /tmp/initscript/init.sh - {{- if .Values.gitopsHalyard.enabled }} + {{- if and (.Values.gitopsHalyard.enabled) (eq .Values.gitopsHalyard.repo.type "git") }} env: - name: SPINNAKER_NAMESPACE valueFrom: @@ -78,6 +78,28 @@ spec: name: {{ .Values.gitopsHalyard.secretName }} key: dynamicaccountsgituri {{- end }} + {{- if and (.Values.gitopsHalyard.enabled) (eq .Values.gitopsHalyard.repo.type "s3") }} + env: + - name: SPINNAKER_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: S3_ACCESSKEY + valueFrom: + secretKeyRef: + name: {{ .Values.gitopsHalyard.secretName }} + key: s3accesskey + - name: S3_SECRETKEY + valueFrom: + secretKeyRef: + name: {{ .Values.gitopsHalyard.secretName }} + key: s3secretkey + - name: S3_BUCKET + valueFrom: + secretKeyRef: + name: {{ .Values.gitopsHalyard.secretName }} + key: s3bucket + {{- end }} volumeMounts: - name: halyard-config mountPath: /tmp/config @@ -106,7 +128,7 @@ spec: env: {{ toYaml .Values.halyard.env | indent 8 }} {{- end }} - {{- if .Values.gitopsHalyard.enabled }} + {{- if and (.Values.gitopsHalyard.enabled) (eq .Values.gitopsHalyard.repo.type "git") }} - name: "halyardconfig-update" command: - sh @@ -175,7 +197,7 @@ spec: configMap: name: {{ template "spinnaker.fullname" . }}-halyard-overrideurl {{- end }} - {{- if .Values.gitopsHalyard.enabled }} + {{- if and (.Values.gitopsHalyard.enabled) (eq .Values.gitopsHalyard.repo.type "git") }} - name: secret-decoder configMap: name: {{ template "spinnaker.fullname" . }}-spin-secret-decoder diff --git a/charts/oes/templates/secrets/opsmx-gitops-secret.yaml b/charts/oes/templates/secrets/opsmx-gitops-secret.yaml index 5b570c6d..fbc45bfc 100644 --- a/charts/oes/templates/secrets/opsmx-gitops-secret.yaml +++ b/charts/oes/templates/secrets/opsmx-gitops-secret.yaml @@ -3,12 +3,19 @@ apiVersion: v1 stringData: # Repo uri to fetch halyard configuration + {{- if (eq .Values.spinnaker.gitopsHalyard.repo.type "git") }} gitcloneparam: https://{{ .Values.spinnaker.gitopsHalyard.repo.username }}:{{ .Values.spinnaker.gitopsHalyard.repo.token }}@github.com/{{ .Values.spinnaker.gitopsHalyard.repo.organization }}/{{ .Values.spinnaker.gitopsHalyard.repo.repository }}.git # Repo details to fetch dynamic configuration dynamicaccountsgituri: https://github.com/{{ .Values.spinnaker.gitopsHalyard.repo.organization }}/{{ .Values.spinnaker.gitopsHalyard.repo.dynamicAccRepository }}.git gituser: {{ .Values.spinnaker.gitopsHalyard.repo.username }} gittoken: {{ .Values.spinnaker.gitopsHalyard.repo.token }} + {{- end }} + {{- if (eq .Values.spinnaker.gitopsHalyard.repo.type "s3") }} + s3accesskey: {{ .Values.spinnaker.gitopsHalyard.repo.s3accesskey }} + s3secretkey: {{ .Values.spinnaker.gitopsHalyard.repo.s3secretkey }} + s3bucket: {{ .Values.spinnaker.gitopsHalyard.repo.s3bucket }} + {{- end }} kind: Secret metadata: name: {{ .Values.spinnaker.gitopsHalyard.secretName }} diff --git a/charts/oes/values.yaml b/charts/oes/values.yaml index 98b93893..fce3f285 100644 --- a/charts/oes/values.yaml +++ b/charts/oes/values.yaml @@ -983,6 +983,9 @@ spinnaker: halConfigPath: gitops-haldir/ username: token: + s3accesskey: + s3secretkey: + s3bucket: secretName: opsmx-gitops-auth # Max time(in secs) that an init container of halyard should wait # to fetch External Load Balancer IP of spin-deck and spin-gate