PGO uses plain yaml and kustomize as the recommended installation
method. Holos supports upstream by adding a new PlainFiles component
kind, which simply copies files into place and lets kustomize handle the
generation of the api objects.
Cue is responsible for very little in this kind of component, basically
allowing overlay resources if needed and deferring everything else to
the holos cli.
The holos cli in turn is responsible for executing kubectl kustomize
build on the input directory to produce the rendered output, then writes
the rendered output into place.
The resource names for the arc controller are too long:
❯ k get pods -n arc-systems
NAME READY STATUS RESTARTS AGE
gha-runner-scale-set-controller-gha-rs-controller-6bdf45bd6jx5n 1/1 Running 0 59m
Solve the problem by allowing components to set the release name to
`gha-rs-controller` which requires an additional field from the cue code
to differentiate from the chart name.
More than one Holos package needs to execute commands, so pull out the
runCmd from builder and move it to the util package.
This commits adds the following to the util package:
* util.RunCmd func
* util.runResult struct
Multiple holos components rely on kustomize to modify the output of the
upstream helm chart, for example patching a Deployment to inject the
istio sidecar.
The new holos cue based component system did not support running
kustomize after helm template. This patch adds the kustomize execution
if two fields are defined in the helm chart kind of cue output.
The API spec is pretty loose in this patch but I'm proceeding for
expedience and to inform the final API with more use cases as more
components are migrated to cue.
Straight-forward helm install with no customization.
This patch also adds a "Skip" output kind which allows intermediate cue
files in the tree to signal holos to skip over the instance. This
enables constraints to be added at intermediate layers without build
errors.
Add the recommended labels mapping to holos stage, project, and
component names. Project will eventually be renamed to "collection" or
something.
Example:
app.kubernetes.io/part-of: prod
app.kubernetes.io/name: secrets
app.kubernetes.io/component: validate
app.kubernetes.io/instance: prod-secrets-validate
Also sort the api objects produced from cue so the output of the `holos
render` command is stable for git commits.
This patch changes the interface between CUE and Holos to remove the
content field and replace it with an api object map. The map is a
`map[string]map[string]string` with the rendered yaml as the value of a
kind/name nesting.
This structure enables better error messages, cue disjunction errors
indicate the type and the name of the resource instead of just the list
index number.
This patch adds the ceph-csi-rbd helm chart component to the metal
cluster type. The purpose is to enable PersistentVolumeClaims on ois
metal clusters.
Cloud clusters like GKE and EKS are expected to skip rendering the metal
type.
Helm values are handled with CUE. The ceph secret is managed as an
ExternalSecret resource, appended to the rendered output by cue and the
holos cli.
Use:
❯ holos render --cluster-name=k2 ~/workspace/holos-run/holos/docs/examples/platforms/reference/clusters/metal/...
2:45PM INF render.go:40 rendered prod-metal-ceph version=0.47.0 status=ok action=rendered name=prod-metal-ceph
In helm mode, cue is responsible for producing the values.yaml file.
Holos is responsible for taking the values produced by cue and providing
them to helm to produce rendered kubernetes api objects.
This patch adds intermediate data structures to hold the output from
cue: the helm values, the flux kustomization, and the helm charts to
provide the helm values to.
Holos takes this information and orchestrates running helm template to
render the api objects and write them to the file system for git ops.
Make the log messages clear and readable, for example:
holos render --log-format=json --log-level=debug \
--cluster-name core2 ./docs/examples/platforms/reference/projects/secrets/components/namespaces/ \
2> >(jq -r '"\(.source.file):\(.source.line)\t" + .msg')
The msg field is intended to have an imperative verb, ideally in the
past tense, followed by an actionable noun. Past tense indicates
success where as the "could not foo: "+err error form indicates an
attempt to do something that failed.
config.go:91 finalized config from flags
builder.go:115 cue export --out yaml ./platforms/reference/projects/secrets/components/namespaces
builder.go:85 wrote deploy/clusters/core2/components/prod-secrets-namespaces/prod-secrets-namespaces.gen.yaml
render.go:30 rendered prod-secrets-namespaces
Write the result of the cue evaluation to a cluster specific path for
git ops. The written file works with kubectl apply -f and a future
change will add the flux Kustomization and ArgoCD Application resources
to manage the same api objects using a gitops method.
holos render --cluster-name core2 ./docs/examples/platforms/reference/projects/secrets/components/namespaces/
Content seems more appropriate of a field name, and it makes sense since
we are likely to output other formats than yaml, probably json too. We
need to discriminate on content type, so also add a contentType field.
Semantics are meant to be the same has the http content type header, but
simple.
This patch minimally wires up a basic cue based component to produce
rendered api objects on standard output.
```bash
(cd docs/examples && holos build ./platforms/reference/projects/secrets/components/namespaces)
```
```yaml
metadata:
name: external-secrets
labels:
kubernetes.io/metadata.name: external-secrets
kind: Namespace
apiVersion: v1
```
Leaf directories can output different kinds of things:
1. Platform specification. A list of components to manage.
2. Kubernetes API Objects suitable for kubectl apply -f- and friends.
3. Helm values to provide to a helm chart to render API objects.
This patch adds an output schema and a kind discriminator so the holos
cli can figure out what type of output it's working with. This makes it
possible to have a single `holos build <directory>` command that does
the right thing.
