Move flux to core package and avoid Helm installation (#61)

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

packages/core/fluxcd/Makefile

@@ -0,0 +1,13 @@
+NAMESPACE=cozy-fluxcd
+NAME=fluxcd
+
+API_VERSIONS_FLAGS=$(addprefix -a ,$(shell kubectl api-versions))
+
+show:
+	helm template -n $(NAMESPACE) $(NAME) . --no-hooks --dry-run=server $(API_VERSIONS_FLAGS)
+
+apply:
+	helm template -n $(NAMESPACE) $(NAME) . --no-hooks --dry-run=server $(API_VERSIONS_FLAGS) | kubectl apply -n $(NAMESPACE) -f-
+
+diff:
+	helm template -n $(NAMESPACE) $(NAME) . --no-hooks --dry-run=server $(API_VERSIONS_FLAGS) | kubectl diff -n $(NAMESPACE) -f-

packages/core/installer/Makefile

@@ -1,4 +1,4 @@
-NAMESPACE=cozy-installer
+NAMESPACE=cozy-system
 NAME=installer
 PUSH := 1
 LOAD := 0

packages/core/platform/Makefile

@@ -13,7 +13,7 @@ namespaces-show:
 	helm template -n $(NAMESPACE) $(NAME) . --dry-run=server $(API_VERSIONS_FLAGS) -s templates/namespaces.yaml
 
 namespaces-apply:
-	helm template -n $(NAMESPACE) $(NAME) . --dry-run=server $(API_VERSIONS_FLAGS) -s templates/namespaces.yaml | kubectl apply -f-
+	helm template -n $(NAMESPACE) $(NAME) . --dry-run=server $(API_VERSIONS_FLAGS) -s templates/namespaces.yaml | kubectl apply -n $(NAMESPACE) -f-
 
 diff:
 	helm template -n $(NAMESPACE) $(NAME) . --dry-run=server $(API_VERSIONS_FLAGS) | kubectl diff -f-

packages/core/platform/bundles/full-distro.yaml

@@ -20,12 +20,6 @@ releases:
       ipv4NativeRoutingCIDR: "{{ index $cozyConfig.data "ipv4-pod-cidr" }}"
       autoDirectNodeRoutes: true
 
-- name: fluxcd
-  releaseName: fluxcd
-  chart: cozy-fluxcd
-  namespace: cozy-fluxcd
-  dependsOn: [cilium]
-
 - name: cert-manager
   releaseName: cert-manager
   chart: cozy-cert-manager

packages/core/platform/bundles/full-paas.yaml

@@ -24,12 +24,6 @@ releases:
         SVC_CIDR: "{{ index $cozyConfig.data "ipv4-svc-cidr" }}"
         JOIN_CIDR: "{{ index $cozyConfig.data "ipv4-join-cidr" }}"
 
-- name: fluxcd
-  releaseName: fluxcd
-  chart: cozy-fluxcd
-  namespace: cozy-fluxcd
-  dependsOn: [cilium,kubeovn]
-
 - name: cert-manager
   releaseName: cert-manager
   chart: cozy-cert-manager

packages/core/platform/bundles/hosted-distro.yaml

@@ -1,12 +1,6 @@
 {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
 
 releases:
-- name: fluxcd
-  releaseName: fluxcd
-  chart: cozy-fluxcd
-  namespace: cozy-fluxcd
-  dependsOn: []
-
 - name: cert-manager
   releaseName: cert-manager
   chart: cozy-cert-manager

packages/core/platform/bundles/hosted-paas.yaml

@@ -1,12 +1,6 @@
 {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
 
 releases:
-- name: fluxcd
-  releaseName: fluxcd
-  chart: cozy-fluxcd
-  namespace: cozy-fluxcd
-  dependsOn: []
-
 - name: cert-manager
   releaseName: cert-manager
   chart: cozy-cert-manager

packages/core/platform/templates/namespaces.yaml

@@ -14,6 +14,8 @@
 {{- end }}
 {{- end }}
 
+{{- $_ := set $namespaces "cozy-fluxcd" false }}
+
 {{- range $namespace, $privileged := $namespaces }}
 ---
 apiVersion: v1

packages/system/fluxcd/Makefile

@@ -1,23 +0,0 @@
-NAMESPACE=cozy-fluxcd
-NAME=fluxcd
-
-show:
-	helm template --dry-run=server -n $(NAMESPACE) $(NAME) .
-
-apply:
-	helm upgrade -i -n $(NAMESPACE) $(NAME) .
-
-apply-crds:
-	helm template -n $(NAMESPACE) $(NAME) . $(addprefix -s ,$(wildcard charts/flux2/templates/*.crds.yaml)) | kubectl apply -f -
-	kubectl annotate $$(kubectl get crd -o name | grep '\.fluxcd\.io$$') meta.helm.sh/release-namespace=$(NAMESPACE) meta.helm.sh/release-name=$(NAME)
-	kubectl label $$(kubectl get crd -o name | grep '\.fluxcd\.io$$') app.kubernetes.io/managed-by=Helm
-
-diff-crds:
-	helm template -n $(NAMESPACE) $(NAME) . $(addprefix -s ,$(wildcard charts/flux2/templates/*.crds.yaml)) | kubectl apply -f -
-
-diff:
-	helm diff upgrade --allow-unreleased --normalize-manifests -n $(NAMESPACE) $(NAME) .
-
-update:
-	rm -rf charts
-	helm pull oci://ghcr.io/fluxcd-community/charts/flux2 --untar --untardir charts

scripts/installer.sh

@@ -27,7 +27,6 @@ install_basic_charts() {
   if [ "$bundle" = "full-paas" ]; then
     make -C packages/system/kubeovn apply
   fi
-  make -C packages/system/fluxcd apply
 }
 
 cd "$(dirname "$0")/.."
@@ -38,10 +37,8 @@ run_migrations
 # Install namespaces
 make -C packages/core/platform namespaces-apply
 
-# Install fluxcd CRDs
-if ! flux_is_ok; then
-  make -C packages/system/fluxcd apply-crds
-fi
+# Install fluxcd
+make -C packages/core/fluxcd apply
 
 # Reconcile Helm repositories
 kubectl annotate helmrepositories.source.toolkit.fluxcd.io -A -l cozystack.io/repository reconcile.fluxcd.io/requestedAt=$(date +"%Y-%m-%dT%H:%M:%SZ") --overwrite

scripts/migrations/1

@@ -1,8 +1,18 @@
 #!/bin/sh
+# Migration 1 --> 2
 
+# Fix mariadb-operator secrets
 if kubectl get -n cozy-mariadb-operator secret/mariadb-operator-webhook-cert; then
   kubectl annotate -n cozy-mariadb-operator secret/mariadb-operator-webhook-cert meta.helm.sh/release-namespace=cozy-mariadb-operator meta.helm.sh/release-name=mariadb-operator
   kubectl label -n cozy-mariadb-operator secret/mariadb-operator-webhook-cert app.kubernetes.io/managed-by=Helm
 fi
 
+# Gratefully remove fluxcd release and keep resources
+if kubectl get hr -n cozy-fluxcd cozy-fluxcd 2>/dev/null; then
+  kubectl patch hr -n cozy-fluxcd cozy-fluxcd  -p '{"spec": {"suspend": true}, "metadata": {"finalizers": null}}' --type=merge
+  kubectl delete hr -n cozy-fluxcd cozy-fluxcd
+fi
+kubectl delete secret -n cozy-fluxcd -l name=fluxcd
+
+# Write version to cozystack-version config
 kubectl create configmap -n cozy-system cozystack-version --from-literal=version=2 --dry-run=client -o yaml | kubectl apply -f-