From 60af15f3f44efa640180764e34c6c4ca05712b63 Mon Sep 17 00:00:00 2001 From: Eric Malm Date: Thu, 17 Nov 2022 17:48:58 -0800 Subject: [PATCH 1/2] Update TAS Adapter installation to v1.0.0 --- tas-adapter/admin/role-binding.yaml | 17 -------- .../exported-secret.yaml | 40 +++++++++++++++++++ tas-adapter/install.sh | 18 ++++----- tas-adapter/tas-adapter-values.yaml | 8 +++- tas-adapter/values-example.yaml | 3 +- 5 files changed, 57 insertions(+), 29 deletions(-) delete mode 100644 tas-adapter/admin/role-binding.yaml create mode 100644 tas-adapter/app-registry-credentials/exported-secret.yaml diff --git a/tas-adapter/admin/role-binding.yaml b/tas-adapter/admin/role-binding.yaml deleted file mode 100644 index 78a0508..0000000 --- a/tas-adapter/admin/role-binding.yaml +++ /dev/null @@ -1,17 +0,0 @@ -#@ load("@ytt:data", "data") ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - annotations: - cloudfoundry.org/propagate-cf-role: "true" - name: cf-admin - namespace: cf -subjects: -- kind: User - name: #@ data.values.admin.username - apiGroup: rbac.authorization.k8s.io -roleRef: - kind: ClusterRole - name: korifi-controllers-admin - apiGroup: rbac.authorization.k8s.io diff --git a/tas-adapter/app-registry-credentials/exported-secret.yaml b/tas-adapter/app-registry-credentials/exported-secret.yaml new file mode 100644 index 0000000..17b6117 --- /dev/null +++ b/tas-adapter/app-registry-credentials/exported-secret.yaml @@ -0,0 +1,40 @@ +#@ load("@ytt:assert", "assert") +#@ load("@ytt:base64", "base64") +#@ load("@ytt:data", "data") +#@ load("@ytt:json", "json") + +#@ def app_registry_secret_name(): +#@ return data.values.container_registry.secret_name or assert.fail("missing container_registry.secret_name") +#@ end + +#@ def app_registry_username(): +#@ return data.values.container_registry.username or assert.fail("missing container_registry.username") +#@ end + +#@ def app_registry_password(): +#@ return data.values.container_registry.password or assert.fail("missing container_registry.password") +#@ end + +#@ def app_registry_hostname(): +#@ return data.values.container_registry.hostname or assert.fail("missing container_registry.hostname") +#@ end + +--- +apiVersion: v1 +kind: Secret +metadata: + name: #@ app_registry_secret_name() + namespace: tap-install +type: kubernetes.io/dockerconfigjson +data: + #@ docker_auth = base64.encode("{}:{}".format(app_registry_username(), app_registry_password())) + #@ docker_creds = {"username": app_registry_username(), "password": app_registry_password(), "auth": docker_auth} + .dockerconfigjson: #@ base64.encode(json.encode({"auths": {app_registry_hostname(): docker_creds}})) +--- +apiVersion: secretgen.carvel.dev/v1alpha1 +kind: SecretExport +metadata: + name: #@ app_registry_secret_name() + namespace: tap-install +spec: + toNamespace: cf diff --git a/tas-adapter/install.sh b/tas-adapter/install.sh index 53e8de3..380bf6f 100755 --- a/tas-adapter/install.sh +++ b/tas-adapter/install.sh @@ -13,11 +13,19 @@ mkdir -p "${generated_dir}" values_file_default="${script_dir}/values.yaml" values_file=${VALUES_FILE:-$values_file_default} -TAS_ADAPTER_PACKAGE_VERSION=0.9.0 +TAS_ADAPTER_PACKAGE_VERSION=1.0.0 TAS_ADAPTER_REPO_VERSION="${TAS_ADAPTER_PACKAGE_VERSION}" ytt -f "${script_dir}/tas-adapter-values.yaml" -f "${values_file}" --ignore-unknown-comments > "${generated_dir}/tas-adapter-values.yaml" +kapp deploy \ + --app tas-adapter-app-registry-credentials \ + --namespace tap-install \ + --file <(\ + ytt --ignore-unknown-comments -f "${values_file}" -f "${script_dir}/app-registry-credentials" \ + ) \ + --yes + kapp deploy \ --app tas-adapter-certificates \ --namespace tap-install \ @@ -37,11 +45,3 @@ tanzu package install tas-adapter \ --package-name application-service-adapter.tanzu.vmware.com \ --version "${TAS_ADAPTER_PACKAGE_VERSION}" \ --values-file "${generated_dir}/tas-adapter-values.yaml" - -kapp deploy \ - --app tas-adapter-cf-admin \ - --namespace tap-install \ - --file <(\ - ytt --ignore-unknown-comments -f "${values_file}" -f "${script_dir}/admin" \ - ) \ - --yes diff --git a/tas-adapter/tas-adapter-values.yaml b/tas-adapter/tas-adapter-values.yaml index 4b6134b..7b28791 100755 --- a/tas-adapter/tas-adapter-values.yaml +++ b/tas-adapter/tas-adapter-values.yaml @@ -1,6 +1,9 @@ #@ load("@ytt:data", "data") --- ceip_policy_disclosed: true +admin: + users: + - #@ data.values.admin.username api_ingress: fqdn: #@ "api-tas-adapter.{}".format(data.values.ingress.domain) tls: @@ -13,9 +16,10 @@ app_ingress: namespace: #@ data.values.ingress.contour_tls_namespace app_registry: credentials: - username: #@ data.values.container_registry.username - password: #@ data.values.container_registry.password + namespace: tap-install + secret_name: #@ data.values.container_registry.secret_name hostname: #@ data.values.container_registry.hostname path: droplets: #@ "{}/{}/droplets".format(data.values.container_registry.hostname,data.values.container_registry.project) packages: #@ "{}/{}/packages".format(data.values.container_registry.hostname,data.values.container_registry.project) +kpack_clusterbuilder_name: full diff --git a/tas-adapter/values-example.yaml b/tas-adapter/values-example.yaml index e2e7b59..37c5468 100644 --- a/tas-adapter/values-example.yaml +++ b/tas-adapter/values-example.yaml @@ -8,9 +8,10 @@ ingress: contour_tls_namespace: tanzu-system-ingress contour_tls_secret: contour-tls-delegation-cert container_registry: + secret_name: tas-adapter-app-registry-credentials hostname: harbor.example.com project: tas-adapter username: admin password: admin: - username: user@example.com # Note: this is the name in the output of `cf curl /whoami`; see https://docs.vmware.com/en/Application-Service-Adapter-for-VMware-Tanzu-Application-Platform/0.5/tas-adapter/GUID-getting-started.html#assign-admin-user + username: user@example.com # Note: this is the name in the output of `cf curl /whoami`; see https://docs.vmware.com/en/Application-Service-Adapter-for-VMware-Tanzu-Application-Platform/1.0/tas-adapter/GUID-install.html#log-in-with-a-system-admin-user From 40d3ffe5a200e64668cd83164c2757ee1737360e Mon Sep 17 00:00:00 2001 From: Eric Malm Date: Wed, 4 Jan 2023 09:46:27 -0800 Subject: [PATCH 2/2] Update TAS Adapter version to 1.0.1 --- tas-adapter/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tas-adapter/install.sh b/tas-adapter/install.sh index 380bf6f..147ae72 100755 --- a/tas-adapter/install.sh +++ b/tas-adapter/install.sh @@ -13,7 +13,7 @@ mkdir -p "${generated_dir}" values_file_default="${script_dir}/values.yaml" values_file=${VALUES_FILE:-$values_file_default} -TAS_ADAPTER_PACKAGE_VERSION=1.0.0 +TAS_ADAPTER_PACKAGE_VERSION=1.0.1 TAS_ADAPTER_REPO_VERSION="${TAS_ADAPTER_PACKAGE_VERSION}" ytt -f "${script_dir}/tas-adapter-values.yaml" -f "${values_file}" --ignore-unknown-comments > "${generated_dir}/tas-adapter-values.yaml"