From fc40697dab6941c7440621d1151ac22ce299efad Mon Sep 17 00:00:00 2001 From: "Giau. Tran Minh" <12751435+giautm@users.noreply.github.com> Date: Tue, 6 Feb 2024 12:05:30 +0700 Subject: [PATCH 1/7] docker: allow bundle atlas with given version (#139) --- .github/workflows/push-images.yaml | 10 +++++++++- Dockerfile | 18 +++++++++++------- 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/.github/workflows/push-images.yaml b/.github/workflows/push-images.yaml index 29974408..93632d0c 100644 --- a/.github/workflows/push-images.yaml +++ b/.github/workflows/push-images.yaml @@ -36,6 +36,12 @@ jobs: with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Fetch Atlas version + id: atlas + run: | + # All distributions are built from the same version + # so we only need to fetch it once. + echo "version=$(curl -s https://release.ariga.io/atlas/atlas-linux-amd64-latest.version)" >> $GITHUB_OUTPUT - name: Docker meta id: meta uses: docker/metadata-action@v4 @@ -46,6 +52,7 @@ jobs: type=ref,event=branch type=semver,pattern={{version}} labels: | + io.ariga.atlas.version=${{ steps.atlas.outputs.version }} org.opencontainers.image.title=atlas-operator org.opencontainers.image.description=Atlas Operator org.opencontainers.image.url=https://atlasgo.io @@ -56,6 +63,7 @@ jobs: with: context: . build-args: | + ATLAS_VERSION=${{ steps.atlas.outputs.version }} OPERATOR_VERSION=v${{ steps.meta.outputs.version }} file: ./Dockerfile platforms: linux/amd64,linux/arm64 @@ -73,4 +81,4 @@ jobs: - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v2 with: - sarif_file: 'trivy-results.sarif' \ No newline at end of file + sarif_file: 'trivy-results.sarif' diff --git a/Dockerfile b/Dockerfile index e7c492e8..7ca08192 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,7 +14,7 @@ # limitations under the License. # Build the manager binary -FROM golang:1.21.5-alpine as builder +FROM golang:1.21.6-alpine3.19 as builder ARG TARGETOS ARG TARGETARCH ARG OPERATOR_VERSION @@ -37,16 +37,20 @@ COPY internal/ internal/ RUN --mount=type=cache,target=/go/pkg/mod \ --mount=type=cache,target=/root/.cache/go-build \ - CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build \ - -ldflags "-X 'main.version=${OPERATOR_VERSION}'" \ - -a -o manager main.go + GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} CGO_ENABLED=0 \ + go build -ldflags "-X 'main.version=${OPERATOR_VERSION}'" \ + -o manager -a main.go -FROM arigaio/atlas:latest-alpine as atlas +FROM alpine:3.19 as atlas +RUN apk add --no-cache curl +ARG ATLAS_VERSION=latest +ENV ATLAS_VERSION=${ATLAS_VERSION} +RUN curl -sSf https://atlasgo.sh | sh -FROM alpine:3.19.0 +FROM alpine:3.19 WORKDIR / COPY --from=builder /workspace/manager . -COPY --from=atlas /atlas . +COPY --from=atlas /usr/local/bin/atlas . RUN chmod +x /atlas ENV ATLAS_NO_UPDATE_NOTIFIER=1 ENV ATLAS_KUBERNETES_OPERATOR=1 From acece1c087b66731e93ed65664fb9bf40e78e9e4 Mon Sep 17 00:00:00 2001 From: "Dat. Ba Dao" Date: Tue, 6 Feb 2024 14:20:56 +0700 Subject: [PATCH 2/7] charts: allow setting env (#138) --- .github/workflows/push-chart.yaml | 15 +++++++++-- README.md | 20 ++++++++++++++ .../atlas-operator/templates/deployment.yaml | 3 +++ charts/atlas-operator/values.yaml | 16 ++++++++++- config/integration/env/configmap.yaml | 20 ++++++++++++++ config/integration/env/kustomization.yaml | 19 +++++++++++++ config/integration/env/secret.yaml | 21 +++++++++++++++ config/integration/env/values.yaml | 27 +++++++++++++++++++ 8 files changed, 138 insertions(+), 3 deletions(-) create mode 100644 config/integration/env/configmap.yaml create mode 100644 config/integration/env/kustomization.yaml create mode 100644 config/integration/env/secret.yaml create mode 100644 config/integration/env/values.yaml diff --git a/.github/workflows/push-chart.yaml b/.github/workflows/push-chart.yaml index 6e4a3aec..6cfafb9f 100644 --- a/.github/workflows/push-chart.yaml +++ b/.github/workflows/push-chart.yaml @@ -30,10 +30,11 @@ jobs: - name: start minikube id: minikube uses: medyagh/setup-minikube@master - - uses: azure/setup-helm@v1 + - uses: azure/setup-helm@v3 - name: install atlas-operator run: | - helm install atlas-operator charts/atlas-operator --wait --set image.pullPolicy=Always + helm install atlas-operator charts/atlas-operator --wait \ + --set image.pullPolicy=Always - name: apply test resources run: | kubectl apply -k config/integration @@ -46,6 +47,16 @@ jobs: kubectl describe deployments exit 1 fi + - name: test env vars + run: | + kubectl apply -k config/integration/env + helm upgrade atlas-operator charts/atlas-operator -f ./config/integration/env/values.yaml --wait + # Find the operator pod + OPERATOR=$(kubectl get pods -o jsonpath='{.items[0].metadata.name}') + # Extract the env from the operator pod + kubectl exec $OPERATOR -- env | grep NORMAL_ENV + kubectl exec $OPERATOR -- env | grep CONFIGMAP_REF_ENV + kubectl exec $OPERATOR -- env | grep SECRET_REF_ENV helm-push: name: Push to ghcr.io needs: [helm-test] diff --git a/README.md b/README.md index 8aeb0fac..24fada47 100644 --- a/README.md +++ b/README.md @@ -63,6 +63,26 @@ To configure the operator, you can set the following values in the `values.yaml` - `prewarmDevDB`: The Operator always keeps devdb resources around to speed up the migration process. Set this to `false` to disable this feature. +- `extraEnvs`: Used to set environment variables for the operator + +```yaml + extraEnvs: [] + # extraEnvs: + # - name: FOO + # value: "foo" + # - name: BAR + # valueFrom: + # secretKeyRef: + # key: BAR + # name: secret-resource + # - name: BAZ + # valueFrom: + # configMapKeyRef: + # key: BAZ + # name: configmap-resource + +``` + ### Getting started In this example, we will create a MySQL database and apply a schema to it. After installing the diff --git a/charts/atlas-operator/templates/deployment.yaml b/charts/atlas-operator/templates/deployment.yaml index 2f14f588..f41fda12 100644 --- a/charts/atlas-operator/templates/deployment.yaml +++ b/charts/atlas-operator/templates/deployment.yaml @@ -48,6 +48,9 @@ spec: env: - name: PREWARM_DEVDB value: "{{ .Values.prewarmDevDB }}" + {{- with .Values.extraEnvs }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/atlas-operator/values.yaml b/charts/atlas-operator/values.yaml index 38ae71bf..f5098de3 100644 --- a/charts/atlas-operator/values.yaml +++ b/charts/atlas-operator/values.yaml @@ -43,4 +43,18 @@ affinity: {} # By default, the operator will recreate devdb pods after migration # Set this to true to keep the devdb pods around. -prewarmDevDB: true \ No newline at end of file +prewarmDevDB: true + +# -- Additional environment variables to set +extraEnvs: [] +# extraEnvs: +# - name: FOO +# valueFrom: +# secretKeyRef: +# key: FOO +# name: secret-resource +# - name: BAR +# valueFrom: +# configMapKeyRef: +# key: BAR +# name: config-map-resource \ No newline at end of file diff --git a/config/integration/env/configmap.yaml b/config/integration/env/configmap.yaml new file mode 100644 index 00000000..00649dab --- /dev/null +++ b/config/integration/env/configmap.yaml @@ -0,0 +1,20 @@ +# Copyright 2024 The Atlas Operator Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +kind: ConfigMap +apiVersion: v1 +metadata: + name: "operator-env-configmap" +data: + CONFIGMAP_REF_ENV: "value" \ No newline at end of file diff --git a/config/integration/env/kustomization.yaml b/config/integration/env/kustomization.yaml new file mode 100644 index 00000000..c80d4836 --- /dev/null +++ b/config/integration/env/kustomization.yaml @@ -0,0 +1,19 @@ +# Copyright 2023 The Atlas Operator Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +## Append samples you want in your CSV to this file as resources ## +resources: + - configmap.yaml + - secret.yaml +#+kubebuilder:scaffold:manifestskustomizesamples diff --git a/config/integration/env/secret.yaml b/config/integration/env/secret.yaml new file mode 100644 index 00000000..667dc73d --- /dev/null +++ b/config/integration/env/secret.yaml @@ -0,0 +1,21 @@ +# Copyright 2024 The Atlas Operator Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: "operator-env-secret" +type: Opaque +data: + SECRET_REF_ENV: "dmFsdWU=" \ No newline at end of file diff --git a/config/integration/env/values.yaml b/config/integration/env/values.yaml new file mode 100644 index 00000000..dbab8f2c --- /dev/null +++ b/config/integration/env/values.yaml @@ -0,0 +1,27 @@ +# Copyright 2024 The Atlas Operator Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +extraEnvs: + - name: NORMAL_ENV + value: "value" + - name: SECRET_REF_ENV + valueFrom: + secretKeyRef: + key: SECRET_REF_ENV + name: operator-env-secret + - name: CONFIGMAP_REF_ENV + valueFrom: + configMapKeyRef: + key: CONFIGMAP_REF_ENV + name: operator-env-configmap \ No newline at end of file From ae339581a11f40e70bd628ef261ea81e8a89dc4b Mon Sep 17 00:00:00 2001 From: "Dat. Ba Dao" Date: Tue, 6 Feb 2024 14:52:31 +0700 Subject: [PATCH 3/7] charts: bump version 0.4.0 (#140) --- charts/atlas-operator/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/atlas-operator/Chart.yaml b/charts/atlas-operator/Chart.yaml index 27cb3669..e6e9168c 100644 --- a/charts/atlas-operator/Chart.yaml +++ b/charts/atlas-operator/Chart.yaml @@ -2,5 +2,5 @@ apiVersion: v2 name: atlas-operator description: The Atlas Kubernetes Operator type: application -version: 0.3.9 -appVersion: 0.3.9 +version: 0.4.0 +appVersion: 0.4.0 From b31b1d30152bc44a90268ac589d7cafc19da154f Mon Sep 17 00:00:00 2001 From: Rotem Tamir Date: Tue, 13 Feb 2024 14:38:23 +0200 Subject: [PATCH 4/7] charts: options to provide volumes and mounts (#143) --- README.md | 23 +++++++++++++++++++ .../atlas-operator/templates/deployment.yaml | 8 +++++++ charts/atlas-operator/values.yaml | 15 +++++++++++- 3 files changed, 45 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 24fada47..a1ffb543 100644 --- a/README.md +++ b/README.md @@ -80,7 +80,30 @@ To configure the operator, you can set the following values in the `values.yaml` # configMapKeyRef: # key: BAZ # name: configmap-resource +``` + +- `extraVolumes`: Used to mount additional volumes to the operator +```yaml + extraVolumes: [] + # extraVolumes: + # - name: my-volume + # secret: + # secretName: my-secret + # - name: my-volume + # configMap: + # name: my-configmap +``` + +- `extraVolumeMounts`: Used to mount additional volumes to the operator + +```yaml + extraVolumeMounts: [] + # extraVolumeMounts: + # - name: my-volume + # mountPath: /path/to/mount + # - name: my-volume + # mountPath: /path/to/mount ``` ### Getting started diff --git a/charts/atlas-operator/templates/deployment.yaml b/charts/atlas-operator/templates/deployment.yaml index f41fda12..f12e2316 100644 --- a/charts/atlas-operator/templates/deployment.yaml +++ b/charts/atlas-operator/templates/deployment.yaml @@ -25,6 +25,10 @@ spec: kubectl.kubernetes.io/default-container: manager {{- end }} spec: + {{- with .Values.extraVolumes }} + volumes: + {{- toYaml . | nindent 6 }} + {{- end }} containers: - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} @@ -51,6 +55,10 @@ spec: {{- with .Values.extraEnvs }} {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.extraVolumeMounts }} + volumeMounts: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/atlas-operator/values.yaml b/charts/atlas-operator/values.yaml index f5098de3..8229380c 100644 --- a/charts/atlas-operator/values.yaml +++ b/charts/atlas-operator/values.yaml @@ -57,4 +57,17 @@ extraEnvs: [] # valueFrom: # configMapKeyRef: # key: BAR -# name: config-map-resource \ No newline at end of file +# name: config-map-resource + +extraVolumes: [] +# extraVolumes: +# - name: extra-volume +# secret: +# secretName: extra-volume-secret + +extraVolumeMounts: [] +# extraVolumeMounts: +# - name: extra-volume +# mountPath: /extra-volume +# readOnly: true + From fe97c2f8179333a632c264c44fb336fb8fb1b6ae Mon Sep 17 00:00:00 2001 From: Rotem Tamir Date: Tue, 13 Feb 2024 15:00:50 +0200 Subject: [PATCH 5/7] charts: bump 0.4.1 (#144) --- charts/atlas-operator/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/atlas-operator/Chart.yaml b/charts/atlas-operator/Chart.yaml index e6e9168c..97608c5b 100644 --- a/charts/atlas-operator/Chart.yaml +++ b/charts/atlas-operator/Chart.yaml @@ -2,5 +2,5 @@ apiVersion: v2 name: atlas-operator description: The Atlas Kubernetes Operator type: application -version: 0.4.0 -appVersion: 0.4.0 +version: 0.4.1 +appVersion: 0.4.1 From 678ca5ebfaeb8891dbf92ed2e9283ee7ba1e9f20 Mon Sep 17 00:00:00 2001 From: "Giau. Tran Minh" <12751435+giautm@users.noreply.github.com> Date: Sat, 9 Mar 2024 14:27:02 +0700 Subject: [PATCH 6/7] charts: support `labels` on pod/service account for Azure AD (#154) --- charts/atlas-operator/templates/deployment.yaml | 7 +++++-- charts/atlas-operator/templates/serviceaccount.yaml | 3 +++ charts/atlas-operator/values.yaml | 3 +++ 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/charts/atlas-operator/templates/deployment.yaml b/charts/atlas-operator/templates/deployment.yaml index f12e2316..b964666b 100644 --- a/charts/atlas-operator/templates/deployment.yaml +++ b/charts/atlas-operator/templates/deployment.yaml @@ -19,6 +19,9 @@ spec: labels: control-plane: controller-manager {{- include "atlas-operator.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.podAnnotations }} annotations: {{- toYaml . | nindent 8 }} @@ -46,9 +49,9 @@ spec: initialDelaySeconds: 5 periodSeconds: 10 resources: - {{- toYaml .Values.resources | nindent 12 }} + {{- toYaml .Values.resources | nindent 10 }} securityContext: - {{- toYaml .Values.containerSecurityContext | nindent 12 }} + {{- toYaml .Values.containerSecurityContext | nindent 10 }} env: - name: PREWARM_DEVDB value: "{{ .Values.prewarmDevDB }}" diff --git a/charts/atlas-operator/templates/serviceaccount.yaml b/charts/atlas-operator/templates/serviceaccount.yaml index 902f40a0..c3c5ab27 100644 --- a/charts/atlas-operator/templates/serviceaccount.yaml +++ b/charts/atlas-operator/templates/serviceaccount.yaml @@ -7,6 +7,9 @@ metadata: app.kubernetes.io/component: rbac app.kubernetes.io/created-by: atlas-operator app.kubernetes.io/part-of: atlas-operator + {{- with .Values.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- include "atlas-operator.labels" . | nindent 4 }} {{- with .Values.serviceAccount.annotations }} annotations: diff --git a/charts/atlas-operator/values.yaml b/charts/atlas-operator/values.yaml index 8229380c..6960b238 100644 --- a/charts/atlas-operator/values.yaml +++ b/charts/atlas-operator/values.yaml @@ -19,10 +19,13 @@ fullnameOverride: "" serviceAccount: create: true annotations: {} + labels: {} name: "" podAnnotations: {} +podLabels: {} + podSecurityContext: runAsNonRoot: true From f528ae3120e879dbe96df7b6b6d68b2d63d4cfd6 Mon Sep 17 00:00:00 2001 From: "Giau. Tran Minh" Date: Sun, 10 Mar 2024 11:07:12 +0700 Subject: [PATCH 7/7] chore: bump chart versions --- charts/atlas-operator/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/atlas-operator/Chart.yaml b/charts/atlas-operator/Chart.yaml index 97608c5b..703fed2a 100644 --- a/charts/atlas-operator/Chart.yaml +++ b/charts/atlas-operator/Chart.yaml @@ -2,5 +2,5 @@ apiVersion: v2 name: atlas-operator description: The Atlas Kubernetes Operator type: application -version: 0.4.1 -appVersion: 0.4.1 +version: 0.4.2 +appVersion: 0.4.2