From 3418bcf89526c72fc53954cee87cbe5aa82709f2 Mon Sep 17 00:00:00 2001 From: Dustin Scott Date: Fri, 21 May 2021 18:07:09 -0500 Subject: [PATCH] First Merge with Pipeline (#14) * fix nested components * Ci pipeline (#11) * testing github actions * adding build dir * testing linting * make ansible-lint strict * fix logic for ansible lint for strict enforcement * fixed linting * unit testing * unit testing * unit testing * testing unit test * testing unit test * testing unit test * testing unit test * testing * testing * testing * testing * testing * testing * only run on file changes * only run on file changes * testing * test * test * test * test * test * test * test * test * test * test * test * test * testing * testing * ignore security distribution in unit test * final push * fixed pathing for istio/vault * added stub e2e workflows * added v7wk8s stub --- .github/action-unit-test/action.yaml | 60 +++++ .github/workflows/dco.yaml | 19 +- .github/workflows/e2e-test.yaml | 98 +++++++++ .github/workflows/license.yaml | 16 +- .github/workflows/lint.yaml | 54 ++--- .github/workflows/unit-test.yaml | 206 ++++++++++++++++++ .gitignore | 2 +- build/.keep | 0 ci/clusters/kind-cluster-config-unit.yaml | 37 ++++ ci/clusters/kind-cluster-unit.yaml | 11 +- ci/scripts/lint-ansible.sh | 15 +- examples/kind/config.yaml | 8 +- .../tls-certificate/tasks/wildcard.yaml | 2 +- .../autoscaling/pre-flight/tasks/main.yaml | 1 + .../core/ingress/common/defaults/main.yaml | 1 + roles/components/core/security/README.md | 2 +- .../core/security/common/defaults/main.yaml | 2 +- .../components/core/security/tasks/main.yaml | 2 +- .../service-mesh/istio/common/vars/main.yaml | 2 +- .../core/workload-tenancy/README.md | 5 +- .../workload-tenancy/demo/tasks/main.yaml | 2 +- .../pre-flight/tasks/main.yaml | 1 + 22 files changed, 479 insertions(+), 67 deletions(-) create mode 100644 .github/action-unit-test/action.yaml create mode 100644 .github/workflows/e2e-test.yaml create mode 100644 .github/workflows/unit-test.yaml create mode 100644 build/.keep create mode 100644 ci/clusters/kind-cluster-config-unit.yaml diff --git a/.github/action-unit-test/action.yaml b/.github/action-unit-test/action.yaml new file mode 100644 index 0000000..30e1633 --- /dev/null +++ b/.github/action-unit-test/action.yaml @@ -0,0 +1,60 @@ +--- +name: "Common Unit Test Action" +description: "Common Unit Test Action" + +inputs: + component: + description: "RPK Component to Test" + required: true + +runs: + using: "composite" + steps: + - name: "Setup KIND Unit Test Environment" + shell: "bash" + run: | + # setup kind + if [ -z $(which kind) ]; then + echo "kind executable not found...installing" + curl https://github.com/kubernetes-sigs/kind/releases/download/${KIND_VERSION}/kind-linux-amd64 -o /usr/local/bin/kind -L + chmod +x /usr/local/bin/kind + else + echo "found kind executable at $(which kind)...not installing" + fi + + # setup kubectl + if [ -z $(which kubectl) ]; then + curl -LO https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl + chmod +x /usr/local/bin/kubectl + else + echo "found kubectl executable at $(which kubectl)...not installing" + fi + env: + KIND_VERSION: "v0.10.0" + KUBECTL_VERSION: "v1.20.0" + + - name: "Setup KIND Cluster" + shell: "bash" + run: "make setup.kind && make setup.kind.network" + env: + KIND_INVENTORY: "ci/clusters/kind-cluster-unit.yaml" + KIND_BASE_CONFIG: "ci/clusters/kind-cluster-config-unit.yaml" + KIND_CLUSTER: "rpk-kind" + + - name: "Test Deployment" + shell: "bash" + run: ROLE=${RPK_COMPONENT} make deploy.test.role + env: + RPK_COMPONENT: ${{ inputs.component }} + + - name: "Test Demo" + shell: "bash" + run: ROLE=${RPK_COMPONENT} make demo.test.role + env: + RPK_COMPONENT: ${{ inputs.component }} + + - name: "Test Clean" + shell: "bash" + run: ROLE=${RPK_COMPONENT} make clean.test.role + env: + RPK_COMPONENT: ${{ inputs.component }} diff --git a/.github/workflows/dco.yaml b/.github/workflows/dco.yaml index 864cb42..6187274 100644 --- a/.github/workflows/dco.yaml +++ b/.github/workflows/dco.yaml @@ -1,18 +1,19 @@ --- -name: DCO Check -on: [pull_request] +name: "Commit Check" +on: + - "pull_request" jobs: check-commits: - runs-on: ubuntu-latest - name: Check Commits + runs-on: "ubuntu-latest" + name: "Check Commits" steps: - - name: Get PR Commits - id: 'get-pr-commits' - uses: tim-actions/get-pr-commits@master + - name: "Get PR Commits" + id: "get-pr-commits" + uses: "tim-actions/get-pr-commits@master" with: token: ${{ secrets.GITHUB_TOKEN }} - - name: DCO Check - uses: tim-actions/dco@master + - name: "DCO Check" + uses: "tim-actions/dco@master" with: commits: ${{ steps.get-pr-commits.outputs.commits }} diff --git a/.github/workflows/e2e-test.yaml b/.github/workflows/e2e-test.yaml new file mode 100644 index 0000000..a6f9caa --- /dev/null +++ b/.github/workflows/e2e-test.yaml @@ -0,0 +1,98 @@ +--- +name: "End-to-End Test" +on: + pull_request: + branches: + - master +jobs: + + detect-file-changes: + name: "Detect File Changes" + runs-on: "ubuntu-latest" + steps: + - name: "Checkout Code" + uses: "actions/checkout@v2" + with: + fetch-depth: 2 + - name: "Detect File Changes" + uses: "tj-actions/changed-files@v6.2" + id: "changed-files" + - name: List all modified files + run: | + for file in "${{ steps.changed-files.outputs.all_changed_files }}"; do + echo "$file was modified" + done + outputs: + changed-files: ${{ steps.changed-files.outputs.all_changed_files }} + + e2e-test-aws: + name: "E2E AWS" + runs-on: "ubuntu-latest" + needs: "detect-file-changes" + steps: + - name: "Checkout Code" + uses: "actions/checkout@v2" + - run: "echo 'placeholder for aws e2e testing'" + if: | + contains(needs.detect-file-changes.outputs.changed-files, 'roles/common') || + contains(needs.detect-file-changes.outputs.changed-files, 'roles/components') || + contains(needs.detect-file-changes.outputs.changed-files, 'lib/') || + contains(needs.detect-file-changes.outputs.changed-files, 'bin/') || + contains(needs.detect-file-changes.outputs.changed-files, 'profiles/') || + contains(needs.detect-file-changes.outputs.changed-files, 'Dockerfile') || + contains(needs.detect-file-changes.outputs.changed-files, 'Makefile') || + contains(needs.detect-file-changes.outputs.changed-files, 'site.yaml') + + e2e-test-azure: + name: "E2E Azure" + runs-on: "ubuntu-latest" + needs: "detect-file-changes" + steps: + - name: "Checkout Code" + uses: "actions/checkout@v2" + - run: "echo 'placeholder for azure e2e testing'" + if: | + contains(needs.detect-file-changes.outputs.changed-files, 'roles/common') || + contains(needs.detect-file-changes.outputs.changed-files, 'roles/components') || + contains(needs.detect-file-changes.outputs.changed-files, 'lib/') || + contains(needs.detect-file-changes.outputs.changed-files, 'bin/') || + contains(needs.detect-file-changes.outputs.changed-files, 'profiles/') || + contains(needs.detect-file-changes.outputs.changed-files, 'Dockerfile') || + contains(needs.detect-file-changes.outputs.changed-files, 'Makefile') || + contains(needs.detect-file-changes.outputs.changed-files, 'site.yaml') + + e2e-test-vmware: + name: "E2E VMware" + runs-on: "ubuntu-latest" + needs: "detect-file-changes" + steps: + - name: "Checkout Code" + uses: "actions/checkout@v2" + - run: "echo 'placeholder for vmware e2e testing'" + if: | + contains(needs.detect-file-changes.outputs.changed-files, 'roles/common') || + contains(needs.detect-file-changes.outputs.changed-files, 'roles/components') || + contains(needs.detect-file-changes.outputs.changed-files, 'lib/') || + contains(needs.detect-file-changes.outputs.changed-files, 'bin/') || + contains(needs.detect-file-changes.outputs.changed-files, 'profiles/') || + contains(needs.detect-file-changes.outputs.changed-files, 'Dockerfile') || + contains(needs.detect-file-changes.outputs.changed-files, 'Makefile') || + contains(needs.detect-file-changes.outputs.changed-files, 'site.yaml') + + e2e-test-v7wk8s: + name: "E2E TKGs (v7wk8s)" + runs-on: "ubuntu-latest" + needs: "detect-file-changes" + steps: + - name: "Checkout Code" + uses: "actions/checkout@v2" + - run: "echo 'placeholder for tkgs e2e testing'" + if: | + contains(needs.detect-file-changes.outputs.changed-files, 'roles/common') || + contains(needs.detect-file-changes.outputs.changed-files, 'roles/components') || + contains(needs.detect-file-changes.outputs.changed-files, 'lib/') || + contains(needs.detect-file-changes.outputs.changed-files, 'bin/') || + contains(needs.detect-file-changes.outputs.changed-files, 'profiles/') || + contains(needs.detect-file-changes.outputs.changed-files, 'Dockerfile') || + contains(needs.detect-file-changes.outputs.changed-files, 'Makefile') || + contains(needs.detect-file-changes.outputs.changed-files, 'site.yaml') diff --git a/.github/workflows/license.yaml b/.github/workflows/license.yaml index 71feb1a..26ec4f7 100644 --- a/.github/workflows/license.yaml +++ b/.github/workflows/license.yaml @@ -1,13 +1,13 @@ --- -name: Check License Lines +name: "License Check" on: - - push - - pull_request + - "push" + - "pull_request" jobs: check-license-lines: - runs-on: ubuntu-latest - name: Check License Lines + runs-on: "ubuntu-latest" + name: "Check License Lines" steps: - - uses: actions/checkout@master - - name: Check License Lines - uses: kt3k/license_checker@v1.0.6 + - uses: "actions/checkout@master" + - name: "Check License Lines" + uses: "kt3k/license_checker@v1.0.6" diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index b69410c..2b4e031 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -1,46 +1,38 @@ --- -name: Lint Project +name: "Lint" on: - - push - - pull_request + - "push" + - "pull_request" jobs: lint-dirs: - name: Lint Directories - runs-on: ubuntu-latest - container: - image: projects.registry.vmware.com/rpk/rpk-base:v1.4.0 + name: "Lint Directories" + runs-on: "ubuntu-latest" steps: - - name: Checkout Code - uses: actions/checkout@master - - run: make lint.dirs + - name: "Checkout Code" + uses: "actions/checkout@master" + - run: "make lint.dirs" lint-files: - name: Lint Files - runs-on: ubuntu-latest - container: - image: projects.registry.vmware.com/rpk/rpk-base:v1.4.0 + name: "Lint Files" + runs-on: "ubuntu-latest" steps: - - name: Checkout Code - uses: actions/checkout@master - - run: make lint.files + - name: "Checkout Code" + uses: "actions/checkout@master" + - run: "make lint.files" lint-ansible: - name: Lint Ansible - runs-on: ubuntu-latest - container: - image: projects.registry.vmware.com/rpk/rpk-base:v1.4.0 + name: "Lint Ansible" + runs-on: "ubuntu-latest" steps: - - name: Checkout Code - uses: actions/checkout@master - - run: make lint.ansible + - name: "Checkout Code" + uses: "actions/checkout@master" + - run: "make lint.ansible" lint-yaml: - name: Lint YAML - runs-on: ubuntu-latest - container: - image: projects.registry.vmware.com/rpk/rpk-base:v1.4.0 + name: "Lint YAML" + runs-on: "ubuntu-latest" steps: - - name: Checkout Code - uses: actions/checkout@master - - run: make lint.yaml + - name: "Checkout Code" + uses: "actions/checkout@master" + - run: "make lint.yaml" diff --git a/.github/workflows/unit-test.yaml b/.github/workflows/unit-test.yaml new file mode 100644 index 0000000..d7b1b23 --- /dev/null +++ b/.github/workflows/unit-test.yaml @@ -0,0 +1,206 @@ +--- +name: "Unit Test" +on: + pull_request: + branches: + - develop +jobs: + + detect-file-changes: + name: "Detect File Changes" + runs-on: "ubuntu-latest" + steps: + - name: "Checkout Code" + uses: "actions/checkout@v2" + with: + fetch-depth: 2 + - name: "Detect File Changes" + uses: "tj-actions/changed-files@v6.2" + id: "changed-files" + - name: List all modified files + run: | + for file in "${{ steps.changed-files.outputs.all_changed_files }}"; do + echo "$file was modified" + done + outputs: + changed-files: ${{ steps.changed-files.outputs.all_changed_files }} + + unit-test-admission-control: + name: "Unit Test Admission Control" + runs-on: "ubuntu-latest" + needs: "detect-file-changes" + steps: + - name: "Checkout Code" + uses: "actions/checkout@v2" + - uses: "./.github/action-unit-test" + if: "contains(needs.detect-file-changes.outputs.changed-files, 'roles/components/core/admission-control')" + with: + component: "admission-control" + + unit-test-application-pipeline: + name: "Unit Test Application Pipeline" + runs-on: "ubuntu-latest" + needs: "detect-file-changes" + steps: + - name: "Checkout Code" + uses: "actions/checkout@v2" + - uses: "./.github/action-unit-test" + if: "contains(needs.detect-file-changes.outputs.changed-files, 'roles/components/core/application-pipeline')" + with: + component: "application-pipeline" + + unit-test-application-stack: + name: "Unit Test Application Stack" + runs-on: "ubuntu-latest" + needs: "detect-file-changes" + steps: + - name: "Checkout Code" + uses: "actions/checkout@v2" + - uses: "./.github/action-unit-test" + if: "contains(needs.detect-file-changes.outputs.changed-files, 'roles/components/core/application-stack')" + with: + component: "application-stack" + + unit-test-autoscaling: + name: "Unit Test Autoscaling" + runs-on: "ubuntu-latest" + needs: "detect-file-changes" + steps: + - name: "Checkout Code" + uses: "actions/checkout@v2" + - uses: "./.github/action-unit-test" + if: "contains(needs.detect-file-changes.outputs.changed-files, 'roles/components/core/autoscaling')" + with: + component: "autoscaling" + + unit-test-container-registry: + name: "Unit Test Container Registry" + runs-on: "ubuntu-latest" + needs: "detect-file-changes" + steps: + - name: "Checkout Code" + uses: "actions/checkout@v2" + - uses: "./.github/action-unit-test" + if: "contains(needs.detect-file-changes.outputs.changed-files, 'roles/components/core/container-registry')" + with: + component: "container-registry" + + unit-test-identity: + name: "Unit Test Identity" + runs-on: "ubuntu-latest" + needs: "detect-file-changes" + steps: + - name: "Checkout Code" + uses: "actions/checkout@v2" + - uses: "./.github/action-unit-test" + if: "contains(needs.detect-file-changes.outputs.changed-files, 'roles/components/core/identity')" + with: + component: "identity" + + unit-test-ingress: + name: "Unit Test Ingress" + runs-on: "ubuntu-latest" + needs: "detect-file-changes" + steps: + - name: "Checkout Code" + uses: "actions/checkout@v2" + - uses: "./.github/action-unit-test" + if: "contains(needs.detect-file-changes.outputs.changed-files, 'roles/components/core/ingress')" + with: + component: "ingress" + + unit-test-logging: + name: "Unit Test Logging" + runs-on: "ubuntu-latest" + needs: "detect-file-changes" + steps: + - name: "Checkout Code" + uses: "actions/checkout@v2" + - uses: "./.github/action-unit-test" + if: "contains(needs.detect-file-changes.outputs.changed-files, 'roles/components/core/logging')" + with: + component: "logging" + + unit-test-monitoring: + name: "Unit Test Monitoring" + runs-on: "ubuntu-latest" + needs: "detect-file-changes" + steps: + - name: "Checkout Code" + uses: "actions/checkout@v2" + - uses: "./.github/action-unit-test" + if: "contains(needs.detect-file-changes.outputs.changed-files, 'roles/components/core/monitoring')" + with: + component: "monitoring" + + unit-test-networking: + name: "Unit Test Networking" + runs-on: "ubuntu-latest" + needs: "detect-file-changes" + steps: + - name: "Checkout Code" + uses: "actions/checkout@v2" + - uses: "./.github/action-unit-test" + if: "contains(needs.detect-file-changes.outputs.changed-files, 'roles/components/core/networking')" + with: + component: "networking" + + unit-test-secret-management: + name: "Unit Test Secret Management" + runs-on: "ubuntu-latest" + needs: "detect-file-changes" + steps: + - name: "Checkout Code" + uses: "actions/checkout@v2" + - uses: "./.github/action-unit-test" + if: "contains(needs.detect-file-changes.outputs.changed-files, 'roles/components/core/secret-management/hashicorp-vault')" + with: + component: "secret-management/hashicorp-vault" + + unit-test-security: + name: "Unit Test Security" + runs-on: "ubuntu-latest" + needs: "detect-file-changes" + steps: + - name: "Checkout Code" + uses: "actions/checkout@v2" + - uses: "./.github/action-unit-test" + if: "contains(needs.detect-file-changes.outputs.changed-files, 'roles/components/core/security')" + with: + component: "security" + + unit-test-service-mesh: + name: "Unit Test Service Mesh" + runs-on: "ubuntu-latest" + needs: "detect-file-changes" + steps: + - name: "Checkout Code" + uses: "actions/checkout@v2" + - uses: "./.github/action-unit-test" + if: "contains(needs.detect-file-changes.outputs.changed-files, 'roles/components/core/service-mesh/istio')" + with: + component: "service-mesh/istio" + + unit-test-storage: + name: "Unit Test Storage" + runs-on: "ubuntu-latest" + needs: "detect-file-changes" + steps: + - name: "Checkout Code" + uses: "actions/checkout@v2" + - uses: "./.github/action-unit-test" + if: "contains(needs.detect-file-changes.outputs.changed-files, 'roles/components/core/storage')" + with: + component: "storage" + + unit-test-workload-tenancy: + name: "Unit Test Workload Tenancy" + runs-on: "ubuntu-latest" + needs: "detect-file-changes" + steps: + - name: "Checkout Code" + uses: "actions/checkout@v2" + - uses: "./.github/action-unit-test" + if: "contains(needs.detect-file-changes.outputs.changed-files, 'roles/components/core/workload-tenancy')" + with: + component: "workload-tenancy" diff --git a/.gitignore b/.gitignore index fa4aa89..0b20e84 100644 --- a/.gitignore +++ b/.gitignore @@ -16,7 +16,7 @@ modules/external/ .DS_Store # ignore inventories built from makefile -build/ +build/inventory.yaml # ignore custom local settings .vscode/settings.json diff --git a/build/.keep b/build/.keep new file mode 100644 index 0000000..e69de29 diff --git a/ci/clusters/kind-cluster-config-unit.yaml b/ci/clusters/kind-cluster-config-unit.yaml new file mode 100644 index 0000000..7f32e60 --- /dev/null +++ b/ci/clusters/kind-cluster-config-unit.yaml @@ -0,0 +1,37 @@ +# Copyright 2006-2021 VMware, Inc. +# SPDX-License-Identifier: MIT +--- +kind: Cluster +apiVersion: kind.x-k8s.io/v1alpha4 +kubeadmConfigPatches: + - | + apiVersion: kubeadm.k8s.io/v1beta2 + kind: ClusterConfiguration + networking: + disableDefaultCNI: true + podSubnet: 192.168.0.0/16 + metadata: + name: config + apiServer: + extraArgs: + "enable-admission-plugins": "NamespaceLifecycle,LimitRanger,ServiceAccount,TaintNodesByCondition,Priority,DefaultTolerationSeconds,DefaultStorageClass,PersistentVolumeClaimResize,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota" +networking: + apiServerAddress: 127.0.0.1 +nodes: + - role: worker + image: kindest/node:v1.19.1 + extraPortMappings: + - containerPort: 80 + hostPort: 80 + protocol: TCP + listenAddress: "0.0.0.0" + - containerPort: 443 + hostPort: 443 + protocol: TCP + listenAddress: "0.0.0.0" + - role: worker + image: kindest/node:v1.19.1 + - role: worker + image: kindest/node:v1.19.1 + - role: control-plane + image: kindest/node:v1.19.1 diff --git a/ci/clusters/kind-cluster-unit.yaml b/ci/clusters/kind-cluster-unit.yaml index 9ec474f..9cefade 100644 --- a/ci/clusters/kind-cluster-unit.yaml +++ b/ci/clusters/kind-cluster-unit.yaml @@ -16,6 +16,7 @@ all: tanzu_application_catalog_password: "" tanzu_application_catalog_api_token: "" tanzu_default_tls_provider: "ca" + children: kind_clusters: vars: @@ -23,11 +24,15 @@ all: tanzu_networking_ipip_mode: "Always" tanzu_admission_control_enabled: false tanzu_dashboard_enabled: false - tanzu_dns_provider: "none" + tanzu_dns_provider: "xip.io" + # TODO: this always fails in KIND; skip when unit testing + tanzu_security: + actions: + update_k8s_ca: false hosts: kind_tanzu_cluster1: - tanzu_kubectl_context: "kind-{{ lookup('env', 'CI_BUILD_ID') }}" - tanzu_cluster_name: "kind-{{ lookup('env', 'CI_BUILD_ID') }}" + tanzu_kubectl_context: "kind-rpk-kind" + tanzu_cluster_name: "kind-rpk" tanzu_ingress_domain: "127.0.0.1.xip.io" ingress_ip: "127.0.0.1" tanzu_mission_control_cluster_group: "rpk-clusters" diff --git a/ci/scripts/lint-ansible.sh b/ci/scripts/lint-ansible.sh index 1c05457..89fc184 100755 --- a/ci/scripts/lint-ansible.sh +++ b/ci/scripts/lint-ansible.sh @@ -2,12 +2,21 @@ # Copyright 2006-2021 VMware, Inc. # SPDX-License-Identifier: MIT +# set the exit code and adjust if there are failures +EXIT_CODE=0 +BASE_PLAYBOOK_LIST="site.yaml" + echo 'linting ansible using ansible-lint rules at .ansible-lint' # lint each role independently -for ROLE in `find roles/ -mindepth 1 -maxdepth 2 -type d`; do +for ROLE in $BASE_PLAYBOOK_LIST `find roles/ -mindepth 1 -maxdepth 2 -type d`; do ansible-lint "${ROLE}/" -vvvvvvvvvvvvvv -R -r ./.ansible-lint-rules + RC=$? + if [ $RC -ne 0 ]; then + EXIT_CODE=$RC + fi done -# lint the top-level playbook -ansible-lint site.yaml -vvvvvvvvvvvvvv -R -r ./.ansible-lint-rules +echo "exiting with code: ${EXIT_CODE}" + +exit ${EXIT_CODE} diff --git a/examples/kind/config.yaml b/examples/kind/config.yaml index 6cf2d3e..a31101a 100644 --- a/examples/kind/config.yaml +++ b/examples/kind/config.yaml @@ -20,7 +20,7 @@ networking: apiServerAddress: 127.0.0.1 nodes: - role: worker - image: harbor-repo.vmware.com/rpk/kind:v1.19.1 + image: projects.registry.vmware.com/rpk/kind:v1.19.1 extraPortMappings: - containerPort: 80 hostPort: 80 @@ -31,8 +31,8 @@ nodes: protocol: TCP listenAddress: "0.0.0.0" - role: worker - image: harbor-repo.vmware.com/rpk/kind:v1.19.1 + image: projects.registry.vmware.com/rpk/kind:v1.19.1 - role: worker - image: harbor-repo.vmware.com/rpk/kind:v1.19.1 + image: projects.registry.vmware.com/rpk/kind:v1.19.1 - role: control-plane - image: harbor-repo.vmware.com/rpk/kind:v1.19.1 + image: projects.registry.vmware.com/rpk/kind:v1.19.1 diff --git a/roles/common/tls-certificate/tasks/wildcard.yaml b/roles/common/tls-certificate/tasks/wildcard.yaml index 01fdece..064fdb8 100644 --- a/roles/common/tls-certificate/tasks/wildcard.yaml +++ b/roles/common/tls-certificate/tasks/wildcard.yaml @@ -1,7 +1,7 @@ # Copyright 2006-2021 VMware, Inc. # SPDX-License-Identifier: MIT --- -- name: "ensure wildcard TLS secret exists {{ namespace }}/{{ secret }}" +- name: "ensure wildcard tls secret exists {{ namespace }}/{{ secret }}" import_role: name: "common/manifest-file" vars: diff --git a/roles/components/core/autoscaling/pre-flight/tasks/main.yaml b/roles/components/core/autoscaling/pre-flight/tasks/main.yaml index bb28e7a..5dc7a4c 100644 --- a/roles/components/core/autoscaling/pre-flight/tasks/main.yaml +++ b/roles/components/core/autoscaling/pre-flight/tasks/main.yaml @@ -1,2 +1,3 @@ # Copyright 2006-2021 VMware, Inc. # SPDX-License-Identifier: MIT +--- diff --git a/roles/components/core/ingress/common/defaults/main.yaml b/roles/components/core/ingress/common/defaults/main.yaml index dc8d2c1..8cf490d 100644 --- a/roles/components/core/ingress/common/defaults/main.yaml +++ b/roles/components/core/ingress/common/defaults/main.yaml @@ -78,6 +78,7 @@ tanzu_ingress: resource_name: "external-dns" provider: "{{ tanzu_dns_provider | default('internal') }}" supported_providers: + - "xip.io" - "internal" - "route53" - "azure" diff --git a/roles/components/core/security/README.md b/roles/components/core/security/README.md index ee99d99..972973a 100644 --- a/roles/components/core/security/README.md +++ b/roles/components/core/security/README.md @@ -27,7 +27,7 @@ The following sizing requirements must be met for this role to operate properly. | tanzu_security.namespace | Namespace for security components | "tanzu-security" | string | yes | | tanzu_security.staging_dir | Local directory to write the staging manfiests to | "{{ rpk_staging_dir }}/{{ tanzu_security.namespace }}" | string | yes | | tanzu_security.tls_providers | Providers to configure for creating CA Certs ("ca", "letsencrypt-stage", "letsencrypt-prod", "wildcard") | "ca" | string | yes | -| tanzu_security.default_resources | Default resource allocation. | Varies. See `common/vars/main.yaml` | dict | yes | +| tanzu_security.default_resources | Default resource allocation. | Varies. See `common/defaults/main.yaml` | dict | yes | | tanzu_security.tls_root_ca_cert | Certificate for self signed root CA | "" | string | no | | tanzu_security.tls_root_ca_key | Key for self signed root CA | "" | string | no | | tanzu_security.actions.update_k8s_ca | Instructs RPK to update the Kube Nodes trusted CAs with the CA cert and reload Containerd | "true" | boolean | yes | diff --git a/roles/components/core/security/common/defaults/main.yaml b/roles/components/core/security/common/defaults/main.yaml index 3631f2a..43ae144 100644 --- a/roles/components/core/security/common/defaults/main.yaml +++ b/roles/components/core/security/common/defaults/main.yaml @@ -56,7 +56,7 @@ tanzu_security: actions: # `update_k8s_ca` should be set to false in production as it relies on a - # changing the underlying hosts with some host_vars tricks For production you + # changing the underlying hosts with some host_vars tricks. For production you # should either use letsencrypt-prod or a self provided CA cert/key pair of # which you have already uploaded the ca-cert to your kube cluster and trust it. update_k8s_ca: true diff --git a/roles/components/core/security/tasks/main.yaml b/roles/components/core/security/tasks/main.yaml index c914a04..5fb0204 100644 --- a/roles/components/core/security/tasks/main.yaml +++ b/roles/components/core/security/tasks/main.yaml @@ -56,7 +56,7 @@ - self - "{{ tanzu_security.tls_providers }}" -- name: "ensure ca cert secret exist" +- name: "ensure ca cert secret exists" import_role: name: "common/manifest-file" vars: diff --git a/roles/components/core/service-mesh/istio/common/vars/main.yaml b/roles/components/core/service-mesh/istio/common/vars/main.yaml index 1c98213..05959bf 100644 --- a/roles/components/core/service-mesh/istio/common/vars/main.yaml +++ b/roles/components/core/service-mesh/istio/common/vars/main.yaml @@ -1,7 +1,7 @@ # Copyright 2006-2021 VMware, Inc. # SPDX-License-Identifier: MIT --- -# NOTE: Istio uses 2 namespaces in order to properly manage the lifecycle of +# NOTE: istio uses 2 namespaces in order to properly manage the lifecycle of # both the operator and istio control-plane separately # Setting the namespaces to the same value can cause resources to hang on deletion tanzu_mesh: diff --git a/roles/components/core/workload-tenancy/README.md b/roles/components/core/workload-tenancy/README.md index 9cfe075..b80a0fb 100644 --- a/roles/components/core/workload-tenancy/README.md +++ b/roles/components/core/workload-tenancy/README.md @@ -29,8 +29,8 @@ do not need to be explicitly specified. | tanzu_workload_tenancy.namespace_operator.service_account | Service account used to run the namespace-operator | "namespace-operator" | string | yes | | tanzu_workload_tenancy.namespace_operator.clusterrole | Cluster Role used by service account which runs the namespace-operator | "namespace-operator-clusterrole" | string | yes | | tanzu_workload_tenancy.namespace_operator.clusterrolebinding | Cluster Role Binding used by service account/role which runs the namespace-operator | "namespace-operator-clusterrolebinding" | string | yes | -| tanzu_workload_tenancy.namespace_operator.image | namespace-operator image | "scottd018/namespace-operator" | string | yes | -| tanzu_workload_tenancy.namespace_operator.image_tag | namespace-operator image tag | "v0.0.1beta" | string | yes | +| tanzu_workload_tenancy.namespace_operator.image | namespace-operator image | "projects.registry.vmware.com/rpk/namespace-operator" | string | yes | +| tanzu_workload_tenancy.namespace_operator.image_tag | namespace-operator image tag | "v1.2.10" | string | yes | | tanzu_workload_tenancy.namespace_operator.replicas | namespace-operator replica count | 2 | integer | yes | | tanzu_workload_tenancy.namespace_operator.resources | Normal Kubernetes resource construct defining resource requirements | See `common/vars/main.yaml` | dict | yes | @@ -85,6 +85,7 @@ assets as follows: See docs/VALIDATION.md for further info regarding validation tests. + ## Demonstrating Once the role has run successfully, you should be able to demonstrate the role. This demo simply diff --git a/roles/components/core/workload-tenancy/demo/tasks/main.yaml b/roles/components/core/workload-tenancy/demo/tasks/main.yaml index c62b9fe..d525cbd 100644 --- a/roles/components/core/workload-tenancy/demo/tasks/main.yaml +++ b/roles/components/core/workload-tenancy/demo/tasks/main.yaml @@ -93,7 +93,7 @@ - "Namespace CRD can be viewed by: kubectl get tanzunamespace -n {{ tanzu_workload_tenancy.demo_namespace }}" - "LimitRange created by Namespace CRD can be viewed by: kubectl get limitrange -n {{ tanzu_workload_tenancy.demo_namespace }}" - "ResourceQuota created by Namespace CRD can be viewed by: kubectl get resourcequota -n {{ tanzu_workload_tenancy.demo_namespace }}" - - "Pod which inherited from LimitRange can be viewed by: kubectl describe pod defaults-from-limit-range -n {{ tanzu_workload_tenancy.demo_namespace }}" + - "Pod which inherited resources from LimitRange can be viewed by: kubectl describe pod defaults-from-limit-range -n {{ tanzu_workload_tenancy.demo_namespace }}" - "Pod which exceeds LimitRange CPU limits had message: {{ exceed_cpu_pod.msg }}" - "Pod which exceeds LimitRange Memory limits had message: {{ exceed_mem_pod.msg }}" verbosity: 0 diff --git a/roles/components/core/workload-tenancy/pre-flight/tasks/main.yaml b/roles/components/core/workload-tenancy/pre-flight/tasks/main.yaml index bb28e7a..5dc7a4c 100644 --- a/roles/components/core/workload-tenancy/pre-flight/tasks/main.yaml +++ b/roles/components/core/workload-tenancy/pre-flight/tasks/main.yaml @@ -1,2 +1,3 @@ # Copyright 2006-2021 VMware, Inc. # SPDX-License-Identifier: MIT +---