diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index a451e93..709a14f 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -15,8 +15,11 @@ jobs: steps: - name: Checkout uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - name: Setup Flux + - name: Setup Flux CLI uses: fluxcd/flux2/action@4a15fa6a023259353ef750acf1c98fe88407d4d0 #v2.7.2 + - name: Setup Flux Operator CLI + uses: controlplaneio-fluxcd/flux-operator/actions/setup@ee1939211d37e56f71e56c4a951a07a385bd5492 #v0.33.0 - run: make up - run: make sync + - run: make ls - run: make down diff --git a/Makefile b/Makefile index bd94d55..4fea282 100644 --- a/Makefile +++ b/Makefile @@ -8,8 +8,8 @@ # - Docker # - Kind # - Kubectl -# - Helm # - Flux CLI +# - Flux Operator CLI SHELL = /usr/bin/env bash -o pipefail .SHELLFLAGS = -ec @@ -28,9 +28,9 @@ down: cluster-down ## Delete the local cluster and registry .PHONY: sync sync: flux-push flux-sync ## Build, push and reconcile the local manifests with the cluster -.PHONY: help -help: ## Display this help. - @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) +.PHONY: ls +ls: ## List all deployed resources + flux-operator -n flux-system tree ks flux-system ##@ Cluster @@ -76,3 +76,7 @@ GOBIN=$(LOCALBIN) go install $${package} ;\ mv "$$(echo "$(1)" | sed "s/-$(3)$$//")" $(1) ;\ } endef + +.PHONY: help +help: ## Display this help. + @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) diff --git a/README.md b/README.md index 963445a..d352879 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,6 @@ The following tools are required: - [Docker](https://docs.docker.com/get-docker/) - [Kubernetes KIND](https://kind.sigs.k8s.io/docs/user/quick-start/) - [Kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) -- [Helm](https://helm.sh/docs/intro/install/) - [Flux CLI](https://fluxcd.io/docs/installation/) - [Flux Operator CLI](https://fluxcd.control-plane.io/operator/cli/) @@ -54,7 +53,7 @@ The `make up` command performs the following steps: To list all deployed resources, run: ```shell -flux-operator -n flux-system tree ks flux-system +make ls ``` ### Sync changes diff --git a/kubernetes/clusters/local/apps.yaml b/kubernetes/clusters/local/apps.yaml index f5472aa..3658c1a 100644 --- a/kubernetes/clusters/local/apps.yaml +++ b/kubernetes/clusters/local/apps.yaml @@ -64,4 +64,4 @@ spec: healthCheckExprs: - apiVersion: fluxcd.controlplane.io/v1 kind: ResourceSet - current: status.conditions.filter(e, e.type == 'Ready').all(e, e.status == 'True') + current: status.conditions.filter(c, c.type == 'Ready').all(c, c.status == 'True' && c.observedGeneration == metadata.generation) diff --git a/kubernetes/clusters/local/infra.yaml b/kubernetes/clusters/local/infra.yaml index 73f4a6c..b2d9d75 100644 --- a/kubernetes/clusters/local/infra.yaml +++ b/kubernetes/clusters/local/infra.yaml @@ -40,4 +40,4 @@ spec: healthCheckExprs: - apiVersion: fluxcd.controlplane.io/v1 kind: ResourceSet - current: status.conditions.filter(e, e.type == 'Ready').all(e, e.status == 'True') + current: status.conditions.filter(c, c.type == 'Ready').all(c, c.status == 'True' && c.observedGeneration == metadata.generation) diff --git a/kubernetes/clusters/local/instance.yaml b/kubernetes/clusters/local/instance.yaml new file mode 100644 index 0000000..c1cf427 --- /dev/null +++ b/kubernetes/clusters/local/instance.yaml @@ -0,0 +1,35 @@ +apiVersion: fluxcd.controlplane.io/v1 +kind: FluxInstance +metadata: + name: flux + namespace: flux-system +spec: + distribution: + version: "2.x" + registry: "ghcr.io/fluxcd" + artifact: "oci://ghcr.io/controlplaneio-fluxcd/flux-operator-manifests:latest" + components: + - source-controller + - kustomize-controller + - helm-controller + - notification-controller + - source-watcher + cluster: + type: kubernetes + size: medium + multitenant: false + networkPolicy: true + domain: "cluster.local" + sync: + kind: OCIRepository + url: "oci://flux-registry:5000/flux-cluster-sync" + ref: "local" + path: "./" + kustomize: + patches: + - patch: | + - op: add + path: /spec/insecure + value: true + target: + kind: OCIRepository diff --git a/kubernetes/infra/cluster-issuers.yaml b/kubernetes/infra/cluster-issuers.yaml deleted file mode 100644 index c861b09..0000000 --- a/kubernetes/infra/cluster-issuers.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: fluxcd.controlplane.io/v1 -kind: ResourceSet -metadata: - name: cluster-issuers - namespace: flux-system -spec: - wait: true - dependsOn: - - apiVersion: fluxcd.controlplane.io/v1 - kind: ResourceSet - name: cert-manager - namespace: flux-system - ready: true - readyExpr: "status.conditions.filter(e, e.type == 'Ready').all(e, e.status == 'True')" - commonMetadata: - labels: - toolkit.fluxcd.io/tenant: platform-team - resources: - - apiVersion: cert-manager.io/v1 - kind: ClusterIssuer - metadata: - name: self-signed - spec: - selfSigned: { } diff --git a/kubernetes/infra/flux-operator.yaml b/kubernetes/infra/flux-operator.yaml deleted file mode 100644 index a0a5cf7..0000000 --- a/kubernetes/infra/flux-operator.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: fluxcd.controlplane.io/v1 -kind: ResourceSet -metadata: - name: flux-operator - namespace: flux-system -spec: - wait: true - inputs: - - interval: "1h" # check for updates every hour - version: "*" # upgrade to latest stable version - commonMetadata: - labels: - toolkit.fluxcd.io/tenant: platform-team - resources: - - apiVersion: source.toolkit.fluxcd.io/v1 - kind: OCIRepository - metadata: - name: << inputs.provider.name >> - namespace: << inputs.provider.namespace >> - spec: - interval: << inputs.interval | quote >> - url: oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator - layerSelector: - mediaType: "application/vnd.cncf.helm.chart.content.v1.tar+gzip" - operation: copy - ref: - semver: << inputs.version | quote >> - - apiVersion: helm.toolkit.fluxcd.io/v2 - kind: HelmRelease - metadata: - name: << inputs.provider.name >> - namespace: << inputs.provider.namespace >> - spec: - interval: 12h - releaseName: << inputs.provider.name >> - serviceAccountName: << inputs.provider.name >> - chartRef: - kind: OCIRepository - name: << inputs.provider.name >> diff --git a/kubernetes/infra/metrics-server.yaml b/kubernetes/infra/metrics-server.yaml index e641020..7be30e2 100644 --- a/kubernetes/infra/metrics-server.yaml +++ b/kubernetes/infra/metrics-server.yaml @@ -5,6 +5,12 @@ metadata: namespace: flux-system spec: wait: true + dependsOn: + - apiVersion: fluxcd.controlplane.io/v1 + kind: ResourceSet + name: cert-manager + namespace: flux-system + ready: true inputs: - interval: "1h" # check for updates every hour version: "*" # upgrade to latest stable version @@ -50,5 +56,9 @@ spec: kind: OCIRepository name: << inputs.provider.name >> values: + apiService: + insecureSkipTLSVerify: false + tls: + type: cert-manager args: - --kubelet-insecure-tls diff --git a/scripts/flux-push.sh b/scripts/flux-push.sh index 753098b..7d8da0b 100755 --- a/scripts/flux-push.sh +++ b/scripts/flux-push.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -# Copyright 2024 Stefan Prodan +# Copyright 2025 Stefan Prodan # SPDX-License-Identifier: AGPL-3.0 set -o errexit @@ -12,6 +12,8 @@ registry='localhost:5050' diff_push() { artifact_name=$1 artifact_path=$2 + diff_exit_code=0 + push_exit_code=0 flux diff artifact oci://${artifact_name} \ --path="${artifact_path}" &>/dev/null || diff_exit_code=$? @@ -20,7 +22,7 @@ diff_push() { flux_output=$(flux push artifact oci://${artifact_name} \ --path="${artifact_path}" \ --source="$(git config --get remote.origin.url)" \ - --revision="$(git rev-parse HEAD)" 2>&1) || exit_code=$? + --revision="$(git rev-parse HEAD)" 2>&1) || push_exit_code=$? oci_url=$(echo ${flux_output} | tail -n1 | awk '/to/{print $NF}') else @@ -28,7 +30,7 @@ diff_push() { return fi - if [[ ${exit_code} -ne 0 ]]; then + if [[ ${push_exit_code} -ne 0 ]]; then echo ${flux_output} exit 1 fi diff --git a/scripts/flux-up.sh b/scripts/flux-up.sh index ff701c0..cb61857 100755 --- a/scripts/flux-up.sh +++ b/scripts/flux-up.sh @@ -1,66 +1,20 @@ #!/usr/bin/env bash -# Copyright 2024 Stefan Prodan +# Copyright 2025 Stefan Prodan # SPDX-License-Identifier: AGPL-3.0 set -o errexit -cluster_name="${CLUSTER_NAME:=flux}" -registry="${cluster_name}-registry:5000" - -install_flux_operator() { -helm -n flux-system upgrade --install flux-operator oci://ghcr.io/controlplaneio-fluxcd/charts/flux-operator --create-namespace --wait -} - -install_flux_instance() { -cat </dev/null || true)" != 'true' ]; then echo "starting Docker registry on localhost:${reg_localhost_port}" docker run -d --restart=always -p "127.0.0.1:${reg_localhost_port}:${reg_cluster_port}" \ - --name "${reg_name}" registry:2 + --name "${reg_name}" registry:3 fi # Create a cluster with the local registry enabled