Merge pull request #582 from GrahamDumpleton/openshift-installer-support

OpenShift installer support.
educates · Sep 21, 2024 · 477c393 · 477c393
2 parents f22d994 + 89dfa42
commit 477c393
Show file tree

Hide file tree

Showing 14 changed files with 352 additions and 48 deletions.
diff --git a/...taller/bundle/config/ytt/_ytt_lib/infrastructure/openshift/00-remove-toplevel-values.yaml b/...taller/bundle/config/ytt/_ytt_lib/infrastructure/openshift/00-remove-toplevel-values.yaml
@@ -0,0 +1,48 @@
+#@ load("@ytt:data", "data")
+#@ load("@ytt:overlay", "overlay")
+
+#@overlay/remove
+debug:
+
+#@overlay/remove
+localKindCluster:
+#@overlay/remove
+localDNSResolver:
+
+#@overlay/remove
+clusterInfrastructure:
+
+#@overlay/remove
+imageRegistry:
+#@overlay/remove
+version:
+#@overlay/remove
+imageVersions:
+#@overlay/remove
+clusterRuntime:
+#@overlay/remove
+clusterIngress:
+#@overlay/remove
+sessionCookies:
+#@overlay/remove
+clusterStorage:
+#@overlay/remove
+clusterSecrets:
+#@overlay/remove
+clusterSecurity:
+#@overlay/remove
+workshopSecurity:
+#@overlay/remove
+trainingPortal:
+#@overlay/remove
+dockerDaemon:
+#@overlay/remove
+clusterNetwork:
+#@overlay/remove
+workshopAnalytics:
+#@overlay/remove
+websiteStyling:
+#@overlay/remove
+imagePuller:
+#@overlay/remove
+lookupService:
diff --git a/...bundle/config/ytt/_ytt_lib/infrastructure/openshift/10-default-settings-for-provider.yaml b/...bundle/config/ytt/_ytt_lib/infrastructure/openshift/10-default-settings-for-provider.yaml
@@ -0,0 +1,34 @@
+#@ load("@ytt:data", "data")
+#@ load("@ytt:overlay", "overlay")
+#@ load("functions.star", "isClusterPackageEnableByDefault")
+#@ load("functions.star", "isClusterPackageExplicitDisabled")
+
+#! This file contains default values for the custom infrastructure provider.
+#! These are the values that will be set if not overridden by the user.
+
+#@overlay/match-child-defaults missing_ok=True
+#@overlay/replace
+clusterPackages:
+  contour:
+    enabled: #@ isClusterPackageEnableByDefault("contour")
+    settings: {}
+  cert-manager:
+    enabled: #@ isClusterPackageEnableByDefault("cert-manager")
+    settings: {}
+  external-dns:
+    enabled: #@ isClusterPackageEnableByDefault("external-dns")
+    settings: {}
+  certs:
+    enabled: #@ isClusterPackageEnableByDefault("certs")
+    settings: {}
+  kyverno:
+    enabled: #@ isClusterPackageEnableByDefault("kyverno")
+    settings: {}
+  kapp-controller:
+    enabled: #@ isClusterPackageEnableByDefault("kapp-controller")
+    settings: {}
+  educates:
+    enabled: #@ isClusterPackageEnableByDefault("educates")
+    settings:
+      clusterSecurity:
+        policyEngine: security-context-constraints
diff --git a/...installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/50-packages-enablement.yaml b/...installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/50-packages-enablement.yaml
@@ -0,0 +1,10 @@
+#@ load("@ytt:data", "data")
+#@ load("@ytt:overlay", "overlay")
+
+#! This enables packages based on the user input
+
+#@overlay/match-child-defaults missing_ok=True
+clusterPackages:
+  kyverno:
+    #@ if/end hasattr(data.values, "clusterPackages") and hasattr(data.values.clusterPackages, "kyverno") and hasattr(data.values.clusterPackages.kyverno, "enabled"):
+    enabled: #@ data.values.clusterPackages.kyverno.enabled
diff --git a/...nstaller/bundle/config/ytt/_ytt_lib/infrastructure/openshift/80-copy-educates-config.yaml b/...nstaller/bundle/config/ytt/_ytt_lib/infrastructure/openshift/80-copy-educates-config.yaml
@@ -0,0 +1,10 @@
+#@ load("@ytt:data", "data")
+#@ load("@ytt:overlay", "overlay")
+#@ load("educates.lib.yaml", "copy_all_educates_values")
+
+#! This copies user provided values for the custom infrastructure provider.
+
+#@overlay/match-child-defaults missing_ok=True
+clusterPackages:
+  educates:
+    settings: #@ copy_all_educates_values()
diff --git a/...ller/bundle/config/ytt/_ytt_lib/infrastructure/openshift/99-remove-settings-disabled.yaml b/...ller/bundle/config/ytt/_ytt_lib/infrastructure/openshift/99-remove-settings-disabled.yaml
@@ -0,0 +1,36 @@
+#@ load("@ytt:data", "data")
+#@ load("@ytt:overlay", "overlay")
+#@ load("functions.star", "isClusterPackageExplicitDisabled")
+
+#! This removes settings for disabled packages
+
+#@overlay/match-child-defaults missing_ok=True
+clusterPackages:
+  contour:
+    #@ if/end isClusterPackageExplicitDisabled("contour"):
+    #@overlay/replace
+    settings: {}
+  cert-manager:
+    #@ if/end isClusterPackageExplicitDisabled("cert-manager"):
+    #@overlay/replace
+    settings: {}
+  external-dns:
+    #@ if/end isClusterPackageExplicitDisabled("external-dns"):
+    #@overlay/replace
+    settings: {}
+  certs:
+    #@ if/end isClusterPackageExplicitDisabled("certs"):
+    #@overlay/replace
+    settings: {}
+  kyverno:
+    #@ if/end isClusterPackageExplicitDisabled("kyverno"):
+    #@overlay/replace
+    settings: {}
+  kapp-controller:
+    #@ if/end isClusterPackageExplicitDisabled("kapp-controller"):
+    #@overlay/replace
+    settings: {}
+  #! educates:
+  #!   #@ if/end isClusterPackageExplicitDisabled("educates"):
+  #!   #@overlay/replace
+  #!   settings: {}
diff --git a/...ackages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/README.md b/...ackages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/README.md
@@ -0,0 +1,4 @@
+# openshift
+By default, only kyverno and educates will be installed
+We only allow to enabling/disabling kyverno
+We copy all educates main config to the clusterPackage
diff --git a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/defaults.star b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/defaults.star
@@ -0,0 +1,6 @@
+load("@ytt:data", "data")
+
+enabledByDefaultPackagesList = [
+    "kyverno",
+    "educates"
+]
diff --git a/...-packages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/educates.lib.yaml b/...-packages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/educates.lib.yaml
@@ -0,0 +1,174 @@
+#@ load("@ytt:data", "data")
+
+#@ def copy_all_educates_values():
+
+#@ if/end hasattr(data.values, "imageRegistry") and data.values.imageRegistry != None:
+imageRegistry:
+  #@ if/end hasattr(data.values.imageRegistry, "namespace") and data.values.imageRegistry.namespace != None:
+  namespace: #@ data.values.imageRegistry.namespace
+  #@ if/end hasattr(data.values.imageRegistry, "host") and data.values.imageRegistry.host != None:
+  host: #@ data.values.imageRegistry.host
+#@ if/end hasattr(data.values, "version") and data.values.version != None:
+version: #@ data.values.version
+#@ if/end hasattr(data.values, "imageVersions") and data.values.imageVersions != None:
+imageVersions: #@ data.values.imageVersions
+#@ if/end hasattr(data.values, "clusterRuntime") and data.values.clusterRuntime != None:
+clusterRuntime: #@ data.values.clusterRuntime
+#@ if/end hasattr(data.values, "clusterIngress") and data.values.clusterIngress != None:
+clusterIngress:
+  #@ if/end hasattr(data.values.clusterIngress, "domain") and data.values.clusterIngress.domain != None:
+  domain: #@ data.values.clusterIngress.domain
+  #@ if/end hasattr(data.values.clusterIngress, "class") and data.values.clusterIngress["class"] != None:
+  class: #@ data.values.clusterIngress["class"]
+  #@ if/end hasattr(data.values.clusterIngress, "protocol") and data.values.clusterIngress.protocol != None:
+  protocol: #@ data.values.clusterIngress.protocol
+  #@ if/end hasattr(data.values.clusterIngress, "tlsCertificate") and data.values.clusterIngress.tlsCertificate != None:
+  tlsCertificate:
+    #@ if/end hasattr(data.values.clusterIngress.tlsCertificate, "tls.crt") and data.values.clusterIngress.tlsCertificate["tls.crt"] != None:
+    tls.crt: #@ data.values.clusterIngress.tlsCertificate["tls.crt"]
+    #@ if/end hasattr(data.values.clusterIngress.tlsCertificate, "tls.key") and data.values.clusterIngress.tlsCertificate["tls.key"] != None:
+    tls.key: #@ data.values.clusterIngress.tlsCertificate["tls.key"]
+  #! TODO: Customize certs name reference in eks
+  #! projectcontour/wildcard
+  #@ if/end hasattr(data.values.clusterIngress, "tlsCertificateRef") and data.values.clusterIngress.tlsCertificateRef != None:
+  tlsCertificateRef:
+    namespace: #@ (hasattr(data.values.clusterIngress.tlsCertificateRef, "namespace") and data.values.clusterIngress.tlsCertificateRef.namespace != None) and data.values.clusterIngress.tlsCertificateRef.namespace or "projectcontour"
+    #@ if/end hasattr(data.values.clusterIngress.tlsCertificateRef, "name") and data.values.clusterIngress.tlsCertificateRef.name != None:
+    name: #@ data.values.clusterIngress.tlsCertificateRef.name
+  #@ if/end hasattr(data.values.clusterIngress, "caCertificate") and data.values.clusterIngress.caCertificate != None:
+  caCertificate: #@ data.values.clusterIngress.caCertificate
+  #@ if/end hasattr(data.values.clusterIngress, "caCertificateRef") and data.values.clusterIngress.caCertificateRef != None:
+  caCertificateRef:
+    #@ if/end hasattr(data.values.clusterIngress.caCertificateRef, "namespace") and data.values.clusterIngress.caCertificateRef.namespace != None:
+    namespace: #@ data.values.clusterIngress.caCertificateRef.namespace
+    #@ if/end hasattr(data.values.clusterIngress.caCertificateRef, "name") and data.values.clusterIngress.caCertificateRef.name != None:
+    name: #@ data.values.clusterIngress.caCertificateRef.name
+  #@ if/end hasattr(data.values.clusterIngress, "caNodeInjector") and data.values.clusterIngress.caNodeInjector != None:
+  caNodeInjector: #@ data.values.clusterIngress.caNodeInjector
+#@ if/end hasattr(data.values, "sessionCookies") and data.values.sessionCookies != None:
+sessionCookies: #@ data.values.sessionCookies
+#@ if/end hasattr(data.values, "clusterStorage") and data.values.clusterStorage != None:
+clusterStorage:
+  #@ if/end hasattr(data.values.clusterStorage, "class") and data.values.clusterStorage["class"] != None:
+  class: #@ data.values.clusterStorage["class"]
+  #@ if/end hasattr(data.values.clusterStorage, "user") and data.values.clusterStorage.user != None:
+  user: #@ data.values.clusterStorage.user
+  #@ if/end hasattr(data.values.clusterStorage, "group") and data.values.clusterStorage.group != None:
+  group: #@ data.values.clusterStorage.group
+#@ if/end hasattr(data.values, "clusterSecrets") and data.values.clusterSecrets != None:
+clusterSecrets: #@ data.values.clusterSecrets
+#! Should not allow cluster security policy engine default to be overridden as must be set to security-context-constraints
+#! #@ if/end hasattr(data.values, "clusterSecurity") and data.values.clusterSecurity != None:
+#! clusterSecurity: #@ data.values.clusterSecurity
+#@ if/end hasattr(data.values, "workshopSecurity") and data.values.workshopSecurity != None:
+workshopSecurity: #@ data.values.workshopSecurity
+#@ if/end hasattr(data.values, "trainingPortal") and data.values.trainingPortal != None:
+trainingPortal:
+  #@ if/end hasattr(data.values.trainingPortal, "credentials") and data.values.trainingPortal.credentials != None:
+  credentials:
+    #@ if/end hasattr(data.values.trainingPortal.credentials, "admin") and data.values.trainingPortal.credentials.admin != None:
+    admin:
+      #@ if/end hasattr(data.values.trainingPortal.credentials.admin, "username") and data.values.trainingPortal.credentials.admin.username != None:
+      username: #@ data.values.trainingPortal.credentials.admin.username
+      #@ if/end hasattr(data.values.trainingPortal.credentials.admin, "password") and data.values.trainingPortal.credentials.admin.password != None:
+      password: #@ data.values.trainingPortal.credentials.admin.password
+    #@ if/end hasattr(data.values.trainingPortal.credentials, "robot") and data.values.trainingPortal.credentials.admin != None:
+    robot:
+      #@ if/end hasattr(data.values.trainingPortal.credentials.robot, "username") and data.values.trainingPortal.credentials.robot.username != None:
+      username: #@ data.values.trainingPortal.credentials.robot.username
+      #@ if/end hasattr(data.values.trainingPortal.credentials.robot, "password") and data.values.trainingPortal.credentials.robot.password != None:
+      password: #@ data.values.trainingPortal.credentials.robot.password
+  #@ if/end hasattr(data.values.trainingPortal, "clients") and data.values.trainingPortal.clients != None:
+  clients:
+    #@ if/end hasattr(data.values.trainingPortal.clients, "robot") and data.values.trainingPortal.clients.robot != None:
+    robot:
+      #@ if/end hasattr(data.values.trainingPortal.clients.robot, "id") and data.values.trainingPortal.clients.robot.id != None:
+      id: #@ data.values.trainingPortal.clients.robot.id
+      #@ if/end hasattr(data.values.trainingPortal.clients.robot, "secret") and data.values.trainingPortal.clients.robot.secret != None:
+      secret: #@ data.values.trainingPortal.clients.robot.secret
+#@ if/end hasattr(data.values, "dockerDaemon") and data.values.dockerDaemon != None:
+dockerDaemon:
+  #@ if/end hasattr(data.values.dockerDaemon, "networkMTU") and data.values.dockerDaemon.networkMTU != None:
+  networkMTU: #@ data.values.dockerDaemon.networkMTU
+  #@ if/end hasattr(data.values.dockerDaemon, "proxyCache") and data.values.dockerDaemon.proxyCache != None:
+  proxyCache:
+    #@ if/end hasattr(data.values.dockerDaemon.proxyCache, "remoteURL") and data.values.dockerDaemon.proxyCache.remoteURL != None:
+    remoteURL: #@ data.values.dockerDaemon.proxyCache.remoteURL
+    #@ if/end hasattr(data.values.dockerDaemon.proxyCache, "username") and data.values.dockerDaemon.proxyCache.username != None:
+    username: #@ data.values.dockerDaemon.proxyCache.username
+    #@ if/end hasattr(data.values.dockerDaemon.proxyCache, "password") and data.values.dockerDaemon.proxyCache.password != None:
+    password: #@ data.values.dockerDaemon.proxyCache.password
+#@ if/end hasattr(data.values, "clusterNetwork") and data.values.clusterNetwork != None:
+clusterNetwork: #@ data.values.clusterNetwork
+#@ if/end hasattr(data.values, "workshopAnalytics") and data.values.workshopAnalytics != None:
+workshopAnalytics:
+  #@ if/end hasattr(data.values.workshopAnalytics, "google") and data.values.workshopAnalytics.google != None:
+  google:
+    #@ if/end hasattr(data.values.workshopAnalytics.google, "trackingId") and data.values.workshopAnalytics.google.trackingId != None:
+    trackingId: #@ data.values.workshopAnalytics.google.trackingId
+  #@ if/end hasattr(data.values.workshopAnalytics, "clarity") and data.values.workshopAnalytics.clarity != None:
+  clarity:
+    #@ if/end hasattr(data.values.workshopAnalytics.clarity, "trackingId") and data.values.workshopAnalytics.clarity.trackingId != None:
+    trackingId: #@ data.values.workshopAnalytics.clarity.trackingId
+  #@ if/end hasattr(data.values.workshopAnalytics, "amplitude") and data.values.workshopAnalytics.amplitude != None:
+  amplitude:
+    #@ if/end hasattr(data.values.workshopAnalytics.amplitude, "trackingId") and data.values.workshopAnalytics.amplitude.trackingId != None:
+    trackingId: #@ data.values.workshopAnalytics.amplitude.trackingId
+  #@ if/end hasattr(data.values.workshopAnalytics, "webhook") and data.values.workshopAnalytics.webhook != None:
+  webhook:
+    #@ if/end hasattr(data.values.workshopAnalytics.webhook, "url") and data.values.workshopAnalytics.webhook.url != None:
+    url: #@ data.values.workshopAnalytics.webhook.url
+#@ if/end hasattr(data.values, "websiteStyling") and data.values.websiteStyling != None:
+websiteStyling:
+  #@ if/end hasattr(data.values.websiteStyling, "workshopDashboard") and data.values.websiteStyling.workshopDashboard != None:
+  workshopDashboard:
+    #@ if/end hasattr(data.values.websiteStyling.workshopDashboard, "html") and data.values.websiteStyling.workshopDashboard.html != None:
+    html: #@ data.values.websiteStyling.workshopDashboard.html
+    #@ if/end hasattr(data.values.websiteStyling.workshopDashboard, "script") and data.values.websiteStyling.workshopDashboard.script != None:
+    script: #@ data.values.websiteStyling.workshopDashboard.script
+    #@ if/end hasattr(data.values.websiteStyling.workshopDashboard, "style") and data.values.websiteStyling.workshopDashboard.style != None:
+    style: #@ data.values.websiteStyling.workshopDashboard.style
+  #@ if/end hasattr(data.values.websiteStyling, "workshopInstructions") and data.values.websiteStyling.workshopInstructions != None:
+  workshopInstructions:
+    #@ if/end hasattr(data.values.websiteStyling.workshopInstructions, "html") and data.values.websiteStyling.workshopInstructions.html != None:
+    html: #@ data.values.websiteStyling.workshopInstructions.html
+    #@ if/end hasattr(data.values.websiteStyling.workshopInstructions, "script") and data.values.websiteStyling.workshopInstructions.script != None:
+    script: #@ data.values.websiteStyling.workshopInstructions.script
+    #@ if/end hasattr(data.values.websiteStyling.workshopInstructions, "style") and data.values.websiteStyling.workshopInstructions.style != None:
+    style: #@ data.values.websiteStyling.workshopInstructions.style
+  #@ if/end hasattr(data.values.websiteStyling, "workshopStarted") and data.values.websiteStyling.workshopStarted != None:
+  workshopStarted:
+    #@ if/end hasattr(data.values.websiteStyling.workshopStarted, "html") and data.values.websiteStyling.workshopStarted.html != None:
+    html: #@ data.values.websiteStyling.workshopStarted.html
+  #@ if/end hasattr(data.values.websiteStyling, "workshopFinished") and data.values.websiteStyling.workshopFinished != None:
+  workshopFinished:
+    #@ if/end hasattr(data.values.websiteStyling.workshopFinished, "html") and data.values.websiteStyling.workshopFinished.html != None:
+    html: #@ data.values.websiteStyling.workshopFinished.html
+  #@ if/end hasattr(data.values.websiteStyling, "trainingPortal") and data.values.websiteStyling.trainingPortal != None:
+  trainingPortal:
+    #@ if/end hasattr(data.values.websiteStyling.trainingPortal, "html") and data.values.websiteStyling.trainingPortal.html != None:
+    html: #@ data.values.websiteStyling.trainingPortal.html
+    #@ if/end hasattr(data.values.websiteStyling.trainingPortal, "script") and data.values.websiteStyling.trainingPortal.script != None:
+    script: #@ data.values.websiteStyling.trainingPortal.script
+    #@ if/end hasattr(data.values.websiteStyling.trainingPortal, "style") and data.values.websiteStyling.trainingPortal.style != None:
+    style: #@ data.values.websiteStyling.trainingPortal.style
+  #@ if/end hasattr(data.values.websiteStyling, "defaultTheme") and data.values.websiteStyling.defaultTheme != None:
+  defaultTheme: #@ data.values.websiteStyling.defaultTheme
+  #@ if/end hasattr(data.values.websiteStyling, "themeDataRefs") and data.values.websiteStyling.themeDataRefs != None:
+  themeDataRefs: #@ data.values.websiteStyling.themeDataRefs
+  #@ if/end hasattr(data.values.websiteStyling, "frameAncestors") and data.values.websiteStyling.frameAncestors != None:
+  frameAncestors: #@ data.values.websiteStyling.frameAncestors
+#@ if/end hasattr(data.values, "imagePuller") and data.values.imagePuller != None:
+imagePuller: 
+  enabled: #@ data.values.imagePuller.enabled
+  #@ if hasattr(data.values.imagePuller, "prePullImages") and data.values.imagePuller.prePullImages != None:
+  #@overlay/replace
+  prePullImages: #@ data.values.imagePuller.prePullImages
+  #@ end
+#@ if/end hasattr(data.values, "lookupService") and data.values.lookupService != None:
+lookupService:
+  #@ if/end hasattr(data.values.lookupService, "enabled") and data.values.lookupService.enabled != None:
+  enabled: #@ data.values.lookupService.enabled
+  #@ if/end hasattr(data.values.lookupService, "ingressPrefix") and data.values.lookupService.ingressPrefix != None:
+  ingressPrefix: #@ data.values.lookupService.ingressPrefix
+#@ end
diff --git a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/functions.star b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/functions.star
@@ -0,0 +1,18 @@
+load("@ytt:data", "data")
+load("defaults.star", "enabledByDefaultPackagesList")
+
+def isClusterPackageEnableByDefault(package):
+  return package in enabledByDefaultPackagesList
+end
+
+def isClusterPackageEnabled(package):
+  if hasattr(data.values, "clusterPackages") and hasattr(data.values.clusterPackages, package) and hasattr(data.values.clusterPackages[package], "enabled"):
+    return data.values.clusterPackages[package].enabled
+  else:
+    return package in enabledByDefaultPackagesList
+  end
+end
+
+def isClusterPackageExplicitDisabled(package):
+  return not isClusterPackageEnabled(package)
+end
diff --git a/carvel-packages/installer/bundle/config/ytt/values-schema.yaml b/carvel-packages/installer/bundle/config/ytt/values-schema.yaml
@@ -53,7 +53,7 @@ clusterPackages:
 clusterInfrastructure:
   #! NOT IMPLEMENTED: "azure", "gke-autopilot"
   #! TODO: Implement validators. e.g. when kind is selected, clusterIngress.domain is required.
-  #@schema/validation one_of=["eks", "gke", "kind", "custom", "vcluster", "generic", "minikube"]
+  #@schema/validation one_of=["eks", "gke", "kind", "custom", "vcluster", "generic", "minikube", "openshift"]
   provider: "custom"
   #@schema/nullable
   #@schema/validation not_null=True, when=lambda _, ctx: ctx.root["clusterInfrastructure"]["provider"] == "eks"

diff --git a/client-programs/pkg/config/installationconfig.go b/client-programs/pkg/config/installationconfig.go
@@ -474,9 +474,9 @@ func PrintConfigToStdout(config *InstallationConfig) error {
 
 func ValidateProvider(provider string) error {
 	switch provider {
-	case "eks", "kind", "gke", "custom", "vcluster", "generic", "minikube":
+	case "eks", "kind", "gke", "custom", "vcluster", "generic", "minikube", "openshift":
 		return nil
 	default:
-		return errors.New("Invalid ClusterInsfrastructure Provider. Valid values are (eks, gke, kind, custom, vcluster, generic, minikube)")
+		return errors.New("Invalid ClusterInsfrastructure Provider. Valid values are (eks, gke, kind, custom, vcluster, generic, minikube, openshift)")
 	}
 }