feat(KFLUXDP-140): Prepare all Konflux components to integrate with S…

…ealights
redhat-appstudio · Jan 28, 2025 · 1e56f46 · 1e56f46
1 parent ac2654f
commit 1e56f46
Show file tree

Hide file tree

Showing 10 changed files with 112 additions and 1 deletion.
diff --git a/components/build-service/development/sealights-token-patch.yaml b/components/build-service/development/sealights-token-patch.yaml
@@ -0,0 +1,15 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: build-service-controller-manager
+spec:
+  template:
+    spec:
+      containers:
+      - name: manager
+        env:
+          - name: SEALIGHTS_TOKEN
+            valueFrom:
+              secretKeyRef:
+                name: sealights-token
+                key: token
diff --git a/components/image-controller/development/kustomization.yaml b/components/image-controller/development/kustomization.yaml
@@ -19,3 +19,9 @@ patches:
       kind: Deployment
       name: controller-manager
     path: logs-in-console-format-cmd-arg-patch.yaml
+  - target:
+      group: apps
+      version: v1
+      kind: Deployment
+      name: controller-manager
+    path: sealights-token-patch.yaml
diff --git a/components/image-controller/development/sealights-token-patch.yaml b/components/image-controller/development/sealights-token-patch.yaml
@@ -0,0 +1,15 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+spec:
+  template:
+    spec:
+      containers:
+      - name: manager
+        env:
+          - name: SEALIGHTS_TOKEN
+            valueFrom:
+              secretKeyRef:
+                name: sealights-token
+                key: token
diff --git a/components/integration/development/kustomization.yaml b/components/integration/development/kustomization.yaml
@@ -30,6 +30,11 @@ patches:
     target:
       kind: CronJob
       name: snapshot-garbage-collector
-
+  - target:
+      group: apps
+      version: v1
+      kind: Deployment
+      name: integration-service-controller-manager
+    path: sealights-token-patch.yaml
 components:
   - ../rh-certs
diff --git a/components/integration/development/sealights-token-patch.yaml b/components/integration/development/sealights-token-patch.yaml
@@ -0,0 +1,15 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: integration-service-controller-manager
+spec:
+  template:
+    spec:
+      containers:
+      - name: manager
+        env:
+          - name: SEALIGHTS_TOKEN
+            valueFrom:
+              secretKeyRef:
+                name: sealights-token
+                key: token
diff --git a/components/release/development/kustomization.yaml b/components/release/development/kustomization.yaml
@@ -11,3 +11,11 @@ images:
     newTag: c49d620f5ec5ddb90ae996fc7d5e05bf1474c985
 
 namespace: release-service
+
+patches:
+  - target:
+      group: apps
+      version: v1
+      kind: Deployment
+      name: controller-manager
+    path: sealights-token-patch.yaml
diff --git a/components/release/development/sealights-token-patch.yaml b/components/release/development/sealights-token-patch.yaml
@@ -0,0 +1,15 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: release-service-controller-manager
+spec:
+  template:
+    spec:
+      containers:
+      - name: manager
+        env:
+          - name: SEALIGHTS_TOKEN
+            valueFrom:
+              secretKeyRef:
+                name: sealights-token
+                key: token
diff --git a/hack/bootstrap-host-cluster.sh b/hack/bootstrap-host-cluster.sh
@@ -6,6 +6,7 @@ main() {
     load_global_vars
     "${ROOT}/secret-creator/quality-dashboard/create-quality-dashboard-secrets.sh"
     "${ROOT}/secret-creator/create-ci-helper-app-secret.sh"
+    "${ROOT}/secret-creator/create-sealights-secrets.sh"
 }
 
 load_global_vars() {

diff --git a/hack/preview.sh b/hack/preview.sh
@@ -191,6 +191,7 @@ sed -i.bak "s/rekor-server.enterprise-contract-service.svc/$rekor_server/" $ROOT
 [ -n "${BUILD_SERVICE_IMAGE_TAG}" ] && yq -i e "(.images.[] | select(.name==\"quay.io/konflux-ci/build-service\")) |=.newTag=\"${BUILD_SERVICE_IMAGE_TAG}\"" $ROOT/components/build-service/development/kustomization.yaml
 [ -n "${BUILD_SERVICE_IMAGE_TAG_EXPIRATION}" ] && yq -i e "(.spec.template.spec.containers[].env[] | select(.name==\"IMAGE_TAG_ON_PR_EXPIRATION\") | .value) |= \"${BUILD_SERVICE_IMAGE_TAG_EXPIRATION}\"" $ROOT/components/build-service/development/image-expiration-patch.yaml
 [[ -n "${BUILD_SERVICE_PR_OWNER}" && "${BUILD_SERVICE_PR_SHA}" ]] && yq -i e "(.resources[] | select(. ==\"*github.com/konflux-ci/build-service*\")) |= \"https://github.com/${BUILD_SERVICE_PR_OWNER}/build-service/config/default?ref=${BUILD_SERVICE_PR_SHA}\"" $ROOT/components/build-service/development/kustomization.yaml
+
 [ -n "${HAS_IMAGE_REPO}" ] && yq -i e "(.images.[] | select(.name==\"quay.io/redhat-appstudio/application-service\")) |=.newName=\"${HAS_IMAGE_REPO}\"" $ROOT/components/has/base/kustomization.yaml
 [ -n "${HAS_IMAGE_TAG}" ] && yq -i e "(.images.[] | select(.name==\"quay.io/redhat-appstudio/application-service\")) |=.newTag=\"${HAS_IMAGE_TAG}\"" $ROOT/components/has/base/kustomization.yaml
 [[ -n "${HAS_PR_OWNER}" && "${HAS_PR_SHA}" ]] && yq -i e "(.resources[] | select(. ==\"*github.com/redhat-appstudio/application-service*\")) |= \"https://github.com/${HAS_PR_OWNER}/application-service/config/default?ref=${HAS_PR_SHA}\"" $ROOT/components/has/base/kustomization.yaml

diff --git a/hack/secret-creator/create-sealights-secrets.sh b/hack/secret-creator/create-sealights-secrets.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+set -eo pipefail
+
+NAMESPACES=(
+  "image-controller"
+  "integration-service"
+  "release-service"
+  "build-service"
+)
+
+SEALIGHTS_TOKEN=${SEALIGHTS_TOKEN:-""}
+
+for namespace in "${NAMESPACES[@]}"; do
+  # Create the namespace if it doesn't exist
+  if ! kubectl get namespace "$namespace" >/dev/null 2>&1; then
+    echo "[WARN] Namespace '$namespace' does not exist. Creating it..."
+    kubectl create namespace "$namespace"
+  fi
+
+  if kubectl get secret sealights-token -n "$namespace" >/dev/null 2>&1; then
+    echo "[INFO] Updating existing secret 'sealights-token' in namespace '$namespace'."
+    kubectl delete secret sealights-token -n "$namespace"
+  fi
+
+  kubectl create secret generic sealights-token \
+    --from-literal=token="$SEALIGHTS_TOKEN" \
+    -n "$namespace"
+
+  echo "[INFO] Secret 'sealights-token' has been created/updated in namespace '$namespace'."
+done