From 7447516e8aa5becc1871fc3729d97ea6ebd2bfd9 Mon Sep 17 00:00:00 2001 From: machih Date: Sat, 9 Dec 2023 21:27:11 +0900 Subject: [PATCH] Add tap toolkit 1.7.1 --- .../1.7.1/app-sso/overlay.yaml | 122 +++++++++++ .../1.7.1/base.yaml | 66 ++++++ .../tanzu-gemfire/dynamic-cluster-role.yaml | 41 ++++ .../1.7.1/tanzu-gemfire/overlay.yaml | 191 ++++++++++++++++++ ...s.caching.tanzu.japan.com.composition.yaml | 129 ++++++++++++ ...eclusters.caching.tanzu.japan.com.xrd.yaml | 28 +++ .../1.7.1/tanzu-postgres/overlay.yaml | 156 ++++++++++++++ .../tanzu-rabbitmq/dynamic-cluster-role.yaml | 41 ++++ .../1.7.1/tanzu-rabbitmq/overlay.yaml | 151 ++++++++++++++ ...messaging.tanzu.japan.com.composition.yaml | 143 +++++++++++++ ...lusters.messaging.tanzu.japan.com.xrd.yaml | 43 ++++ .../1.7.1/values.yaml | 82 ++++++++ .../1.7.1.yaml | 18 +- 13 files changed, 1202 insertions(+), 9 deletions(-) create mode 100644 manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/app-sso/overlay.yaml create mode 100644 manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/base.yaml create mode 100644 manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-gemfire/dynamic-cluster-role.yaml create mode 100644 manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-gemfire/overlay.yaml create mode 100644 manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-gemfire/xgemfireclusters.caching.tanzu.japan.com.composition.yaml create mode 100644 manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-gemfire/xgemfireclusters.caching.tanzu.japan.com.xrd.yaml create mode 100644 manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-postgres/overlay.yaml create mode 100644 manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-rabbitmq/dynamic-cluster-role.yaml create mode 100644 manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-rabbitmq/overlay.yaml create mode 100644 manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-rabbitmq/xrabbitmqclusters.messaging.tanzu.japan.com.composition.yaml create mode 100644 manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-rabbitmq/xrabbitmqclusters.messaging.tanzu.japan.com.xrd.yaml create mode 100644 manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/values.yaml diff --git a/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/app-sso/overlay.yaml b/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/app-sso/overlay.yaml new file mode 100644 index 0000000..ce04682 --- /dev/null +++ b/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/app-sso/overlay.yaml @@ -0,0 +1,122 @@ +#@ load("@ytt:data", "data") +#@ load("@ytt:overlay", "overlay") + + +#@ if data.values.sso.tls.enabled: +#@ http_prefix = "https://authserver." +#@ else: +#@ http_prefix = "http://authserver." +#@ end +--- +apiVersion: sso.apps.tanzu.vmware.com/v1alpha1 +kind: AuthServer +metadata: + name: basic-authserver + namespace: service-instances + labels: + name: basic-authserver + annotations: + sso.apps.tanzu.vmware.com/allow-client-namespaces: "service-instances" + #@ if not data.values.sso.tls.enabled: + sso.apps.tanzu.vmware.com/allow-unsafe-issuer-uri: "" + #@ end + #@ if data.values.sso.testuser_enabled: + sso.apps.tanzu.vmware.com/allow-unsafe-identity-provider: "" + #@ end +spec: + replicas: 1 + tokenSignature: + signAndVerifyKeyRef: + name: "authserver-signing-key" + identityProviders: + #@ if data.values.sso.testuser_enabled: + #@overlay/match by="name", missing_ok=True + - name: "internal" + internalUnsafe: + users: + - username: "user" + password: "{bcrypt}$2a$10$201z9o/tHlocFsHFTo0plukh03ApBYe4dRiXcqeyRQH6CNNtS8jWK" + #@ end + #@ for sso_provider in data.values.sso.providers: + #@overlay/match by="name", missing_ok=True + - #@ sso_provider + #@ end + tls: +#@ if not data.values.sso.tls.enabled: + deactivated: true +#@ else: + secretRef: + name: #@ data.values.sso.tls.certname + +#@ if data.values.sso.tls.certnamespace != "": +--- +apiVersion: secretgen.carvel.dev/v1alpha1 +kind: SecretExport +metadata: + name: #@ data.values.sso.tls.certname + namespace: #@ data.values.sso.tls.certnamespace +spec: + toNamespace: service-instances +--- +apiVersion: secretgen.carvel.dev/v1alpha1 +kind: SecretImport +metadata: + name: #@ data.values.sso.tls.certname + namespace: service-instances +spec: + fromNamespace: #@ data.values.sso.tls.certnamespace +#@ end +#@ end +--- +apiVersion: secretgen.k14s.io/v1alpha1 +kind: RSAKey +metadata: + name: authserver-signing-key + namespace: service-instances +spec: + secretTemplate: + type: Opaque + stringData: + key.pem: $(privateKey) + pub.pem: $(publicKey) +--- +apiVersion: sso.apps.tanzu.vmware.com/v1alpha1 +kind: ClientRegistration +metadata: + name: basic-client-registration + namespace: service-instances +spec: + authServerSelector: + matchLabels: + name: basic-authserver + redirectURIs: #@ data.values.sso.redirect_urls + requireUserConsent: false + clientAuthenticationMethod: client_secret_basic + authorizationGrantTypes: + - client_credentials + - authorization_code + scopes: + - name: "openid" +--- +apiVersion: services.apps.tanzu.vmware.com/v1alpha1 +kind: ClusterInstanceClass +metadata: + name: appsso +spec: + description: + short: It's a SSO service! + pool: + group: sso.apps.tanzu.vmware.com + kind: ClientRegistration +--- +apiVersion: services.apps.tanzu.vmware.com/v1alpha1 +kind: ResourceClaimPolicy +metadata: + name: appsso-cross-namespace + namespace: service-instances +spec: + consumingNamespaces: + - '*' + subject: + group: sso.apps.tanzu.vmware.com + kind: ClientRegistration diff --git a/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/base.yaml b/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/base.yaml new file mode 100644 index 0000000..0eb61e5 --- /dev/null +++ b/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/base.yaml @@ -0,0 +1,66 @@ +--- +apiVersion: services.apps.tanzu.vmware.com/v1alpha1 +kind: ClusterInstanceClass +metadata: + name: secrets +spec: + description: + short: It's a set of Secrets! + pool: + kind: Secret + labelSelector: + matchLabels: + claimable: "true" +--- +apiVersion: services.apps.tanzu.vmware.com/v1alpha1 +kind: ResourceClaimPolicy +metadata: + name: secrets-cross-namespace + namespace: service-instances +spec: + consumingNamespaces: + - '*' + subject: + kind: Secret + group: "" +--- +apiVersion: v1 +kind: Namespace +metadata: + name: service-instances + labels: + pod-security.kubernetes.io/audit: privileged +--- +apiVersion: v1 +kind: Secret +metadata: + name: tap-registry + namespace: service-instances + annotations: + secretgen.carvel.dev/image-pull-secret: "" +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: e30K +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: default + namespace: service-instances + annotations: + kapp.k14s.io/create-strategy: fallback-on-update +secrets: + - name: tap-registry +imagePullSecrets: + - name: tap-registry +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: resource-claims-secret + labels: + servicebinding.io/controller: "true" +rules: +- apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] diff --git a/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-gemfire/dynamic-cluster-role.yaml b/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-gemfire/dynamic-cluster-role.yaml new file mode 100644 index 0000000..141ce7d --- /dev/null +++ b/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-gemfire/dynamic-cluster-role.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: services.apps.tanzu.vmware.com/v1alpha1 +kind: ClusterInstanceClass +metadata: + name: dynamic-gemfire +spec: + description: + short: On-demand Gemfire clusters! + provisioner: + crossplane: + compositeResourceDefinition: xgemfireclusters.caching.tanzu.japan.com +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: gemcluster-read-writer + labels: + services.tanzu.vmware.com/aggregate-to-provider-kubernetes: "true" +rules: +- apiGroups: + - gemfire.vmware.com + resources: + - gemfireclusters + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: app-operator-claim-class-tanzu-japan-gemfire + labels: + apps.tanzu.vmware.com/aggregate-to-app-operator-cluster-access: "true" +rules: +- apiGroups: + - services.apps.tanzu.vmware.com + resources: + - clusterinstanceclasses + resourceNames: + - dynamic-gemfire + verbs: + - claim diff --git a/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-gemfire/overlay.yaml b/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-gemfire/overlay.yaml new file mode 100644 index 0000000..420f462 --- /dev/null +++ b/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-gemfire/overlay.yaml @@ -0,0 +1,191 @@ +#@ load("@ytt:data", "data") +#@ load("@ytt:overlay", "overlay") + +#@ if data.values.gemfire.enabled: +#@ if data.values.gemfire.package.install: +apiVersion: v1 +kind: Namespace +metadata: + name: gemfire-install + labels: + pod-security.kubernetes.io/audit: privileged +--- +apiVersion: v1 +kind: Secret +metadata: + name: tap-registry + namespace: gemfire-install + annotations: + secretgen.carvel.dev/image-pull-secret: "" +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: e30K +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kapp-sa + namespace: gemfire-install +secrets: + - name: tap-registry +imagePullSecrets: + - name: tap-registry +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: gemfire-kapp-role-binding + namespace: gemfire-install +subjects: +- kind: ServiceAccount + name: kapp-sa + namespace: gemfire-install +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +--- +apiVersion: kappctrl.k14s.io/v1alpha1 +kind: App +metadata: + name: gemfire + namespace: gemfire-install +spec: + serviceAccountName: kapp-sa + fetch: + - imgpkgBundle: + image: #@ data.values.gemfire.package.repo + ":" + data.values.gemfire.package.version + secretRef: + name: tap-registry + path: gemfire/ + template: + - ytt: + ignoreUnknownComments: true + paths: + - gemfire/operator.yaml + - gemfire/certificates.yaml + - gemfire/functions.lib.yml + inline: + paths: + base.yaml: | + --- + apiVersion: v1 + kind: Namespace + metadata: + name: gemfire-system + --- + apiVersion: v1 + kind: Secret + metadata: + name: reg-secret + namespace: gemfire-system + annotations: + secretgen.carvel.dev/image-pull-secret: "" + type: kubernetes.io/dockerconfigjson + data: + .dockerconfigjson: e30K + values-update.yaml: | + #@data/values + --- + namespace: gemfire-system + name: gemfire-operator + certManagerNamespace: "" + cpu: "" + memory: "" + imagePullSecretName: "reg-secret" + tlsSecretName: "" + registry: + server: "" + username: "" + password: "" + deploy: + - kapp: {} +#@ end +--- +apiVersion: services.apps.tanzu.vmware.com/v1alpha1 +kind: ClusterInstanceClass +metadata: + name: gemfire +spec: + description: + short: It's a Gemfire cluster ! + pool: + kind: Secret + labelSelector: + matchLabels: + gemfire: "true" +--- +apiVersion: v1 +kind: Secret +metadata: + name: image-pull-secret + namespace: service-instances + annotations: + secretgen.carvel.dev/image-pull-secret: "" +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: e30K +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: gemfireclusters.gemfire.vmware.com + annotations: + kapp.k14s.io/exists: "" + kapp.k14s.io/change-group: "tkcrd" +spec: + group: gemfire.vmware.com + versions: + - name: v1 + names: + kind: GemFireCluster + scope: Namespaced +#@ count = data.values.gemfire.count + 1 +#@ for j in range(1,count): +--- +apiVersion: gemfire.vmware.com/v1 +kind: GemFireCluster +metadata: + name: #@ "gemfire-redis" + str(j) + namespace: service-instances + annotations: + kapp.k14s.io/change-rule: "upsert after upserting tkcrd" +spec: + image: #@ data.values.gemfire.image.repo + ":" + data.values.gemfire.image.version + antiAffinityPolicy: None + security: + tls: {} + metrics: + emission: Default + locators: + replicas: 1 + resources: + requests: + memory: 1Gi + servers: + replicas: 1 + resources: + memory: 1Gi + libraries: + - name: gemfire-for-redis-apps + container: + image: #@ data.values.gemfire.redis_adapter.repo + ":" + data.values.gemfire.redis_adapter.version + path: "/gemfire-for-redis-apps/*" + imagePullSecretRef: + name: image-pull-secret + overrides: + jvmOptions: ["-Dgemfire-for-redis-enabled=true"] +--- +apiVersion: v1 +kind: Secret +metadata: + name: #@ "gemfire-redis" + str(j) + namespace: service-instances + labels: + gemfire: "true" +type: servicebinding.io/redis +stringData: + type: redis + cluster.nodes: #@ "gemfire-redis" + str(j) + "-server-0.gemfire-redis" + str(j) + "-server.service-instances:6379" +#@ end +#@ end diff --git a/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-gemfire/xgemfireclusters.caching.tanzu.japan.com.composition.yaml b/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-gemfire/xgemfireclusters.caching.tanzu.japan.com.composition.yaml new file mode 100644 index 0000000..61e924c --- /dev/null +++ b/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-gemfire/xgemfireclusters.caching.tanzu.japan.com.composition.yaml @@ -0,0 +1,129 @@ +#@ load("@ytt:data", "data") + +apiVersion: apiextensions.crossplane.io/v1 +kind: Composition +metadata: + name: xgemfireclusters.caching.tanzu.japan.com +spec: + compositeTypeRef: + apiVersion: caching.tanzu.japan.com/v1alpha1 + kind: XGemfireCluster + resources: + - name: gemfire-redis + base: + apiVersion: kubernetes.crossplane.io/v1alpha1 + kind: Object + spec: + forProvider: + manifest: + apiVersion: gemfire.vmware.com/v1 + kind: GemFireCluster + metadata: + namespace: service-instances + spec: + image: #@ data.values.gemfire.image.repo + ":" + data.values.gemfire.image.version + antiAffinityPolicy: None + security: + tls: {} + metrics: + emission: Default + locators: + replicas: 1 + resources: + requests: + memory: 1Gi + servers: + replicas: 1 + resources: + memory: 1Gi + libraries: + - name: gemfire-for-redis-apps + container: + image: #@ data.values.gemfire.redis_adapter.repo + ":" + data.values.gemfire.redis_adapter.version + path: "/gemfire-for-redis-apps/*" + imagePullSecretRef: + name: image-pull-secret + overrides: + jvmOptions: ["-Dgemfire-for-redis-enabled=true"] + patches: + - fromFieldPath: metadata.name + toFieldPath: spec.forProvider.manifest.metadata.name + type: FromCompositeFieldPath + - type: ToCompositeFieldPath + fromFieldPath: spec.forProvider.manifest.metadata.name + toFieldPath: status.clusterName + readinessChecks: + - type: MatchString + fieldPath: status.atProvider.manifest.status.servers + matchString: "1/1" + - name: secret-redis + base: + apiVersion: kubernetes.crossplane.io/v1alpha1 + kind: Object + spec: + forProvider: + manifest: + apiVersion: v1 + kind: Secret + metadata: + namespace: service-instances + type: servicebinding.io/redis + stringData: + type: redis + connectionDetails: + - apiVersion: v1 + kind: Secret + namespace: service-instances + fieldPath: data.type + toConnectionSecretKey: type + - apiVersion: v1 + kind: Secret + namespace: service-instances + fieldPath: data[cluster.nodes] + toConnectionSecretKey: "cluster.nodes" + writeConnectionSecretToRef: + namespace: service-instances + connectionDetails: + - fromConnectionSecretKey: type + - fromConnectionSecretKey: cluster.nodes + patches: + - fromFieldPath: status.clusterName + toFieldPath: spec.forProvider.manifest.stringData[cluster.nodes] + transforms: + - string: + fmt: '%[1]s-server-0.%[1]s-server.service-instances:6379' + type: Format + type: string + type: FromCompositeFieldPath + - fromFieldPath: metadata.name + toFieldPath: spec.forProvider.manifest.metadata.name + transforms: + - string: + fmt: '%s-gemfire-redis' + type: Format + type: string + type: FromCompositeFieldPath + - fromFieldPath: metadata.name + toFieldPath: spec.writeConnectionSecretToRef.name + transforms: + - string: + fmt: '%s-gemfired-redis' + type: Format + type: string + type: FromCompositeFieldPath + - fromFieldPath: metadata.name + toFieldPath: spec.connectionDetails[0].name + transforms: + - string: + fmt: '%s-gemfire-redis' + type: Format + type: string + type: FromCompositeFieldPath + - fromFieldPath: metadata.name + toFieldPath: spec.connectionDetails[1].name + transforms: + - string: + fmt: '%s-gemfire-redis' + type: Format + type: string + type: FromCompositeFieldPath diff --git a/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-gemfire/xgemfireclusters.caching.tanzu.japan.com.xrd.yaml b/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-gemfire/xgemfireclusters.caching.tanzu.japan.com.xrd.yaml new file mode 100644 index 0000000..cc0a6d8 --- /dev/null +++ b/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-gemfire/xgemfireclusters.caching.tanzu.japan.com.xrd.yaml @@ -0,0 +1,28 @@ +apiVersion: apiextensions.crossplane.io/v1 +kind: CompositeResourceDefinition +metadata: + name: xgemfireclusters.caching.tanzu.japan.com +spec: + connectionSecretKeys: + - type + - cluster.nodes + group: caching.tanzu.japan.com + names: + kind: XGemfireCluster + plural: xgemfireclusters + versions: + - name: v1alpha1 + referenceable: true + served: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + status: + type: object + properties: + clusterName: + description: Cluster Name + type: string diff --git a/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-postgres/overlay.yaml b/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-postgres/overlay.yaml new file mode 100644 index 0000000..67a374a --- /dev/null +++ b/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-postgres/overlay.yaml @@ -0,0 +1,156 @@ +#@ load("@ytt:data", "data") +#@ load("@ytt:overlay", "overlay") + + +#@ if data.values.postgres.enabled: +#@ if data.values.postgres.package.install: +apiVersion: v1 +kind: Namespace +metadata: + name: postgres-install +--- +apiVersion: v1 +kind: Secret +metadata: + name: tap-registry + namespace: postgres-install + annotations: + secretgen.carvel.dev/image-pull-secret: "" +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: e30K +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kapp-sa + namespace: postgres-install +secrets: + - name: tap-registry +imagePullSecrets: + - name: tap-registry +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: postgres-kapp-role-binding + namespace: postgres-install +subjects: +- kind: ServiceAccount + name: kapp-sa + namespace: postgres-install +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +--- +apiVersion: packaging.carvel.dev/v1alpha1 +kind: PackageRepository +metadata: + name: tds-pack + namespace: postgres-install + annotations: + kapp.k14s.io/change-group: "pkgr" +spec: + fetch: + imgpkgBundle: + image: #@ data.values.postgres.package.repo + ":" + data.values.postgres.package.version +--- +apiVersion: packaging.carvel.dev/v1alpha1 +kind: PackageInstall +metadata: + name: postgres + namespace: postgres-install +spec: + serviceAccountName: kapp-sa + packageRef: + refName: postgres-operator.sql.tanzu.vmware.com + versionSelection: + constraints: #@ data.values.postgres.package.operator_version + values: + - secretRef: + name: change-default-reg-secret +--- +apiVersion: v1 +kind: Secret +metadata: + name: change-default-reg-secret + namespace: postgres-install +stringData: + change-default-reg-secret.yml: | + #@data/values-schema + --- + dockerRegistrySecretName: tap-registry +#@ end +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: resource-claims-postgres + labels: + resourceclaims.services.apps.tanzu.vmware.com/controller: "true" +rules: +- apiGroups: ["sql.tanzu.vmware.com"] + resources: ["postgres"] + verbs: ["get", "list", "watch", "update"] +--- +apiVersion: services.apps.tanzu.vmware.com/v1alpha1 +kind: ClusterInstanceClass +metadata: + name: postgres +spec: + description: + short: It's a Postgres cluster! + pool: + group: sql.tanzu.vmware.com + kind: Postgres +--- +apiVersion: services.apps.tanzu.vmware.com/v1alpha1 +kind: ResourceClaimPolicy +metadata: + name: postgrescluster-cross-namespace + namespace: service-instances +spec: + consumingNamespaces: + - '*' + subject: + group: sql.tanzu.vmware.com + kind: Postgres +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: postgres.sql.tanzu.vmware.com + annotations: + kapp.k14s.io/exists: "" + kapp.k14s.io/change-group: "tkcrd" +spec: + group: sql.tanzu.vmware.com + versions: + - name: v1 + names: + kind: Postgres + scope: Namespaced +#@ count = data.values.postgres.count + 1 +#@ for j in range(1,count): +--- +apiVersion: sql.tanzu.vmware.com/v1 +kind: Postgres +metadata: + name: #@ "postgres-1" + str(j) + namespace: service-instances + annotations: + kapp.k14s.io/change-rule: "upsert after upserting tkcrd" +spec: + memory: 400Mi + cpu: "0.4" + storageSize: 10G + storageClassName: #@ data.values.postgres.storage_class + monitorStorageClassName: #@ data.values.postgres.storage_class + postgresVersion: + name: #@ data.values.postgres.instance_version + highAvailability: + enabled: false +#@ end +#@ end + diff --git a/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-rabbitmq/dynamic-cluster-role.yaml b/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-rabbitmq/dynamic-cluster-role.yaml new file mode 100644 index 0000000..8535f69 --- /dev/null +++ b/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-rabbitmq/dynamic-cluster-role.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: services.apps.tanzu.vmware.com/v1alpha1 +kind: ClusterInstanceClass +metadata: + name: dynamic-rabbitmq +spec: + description: + short: On-demand RabbitMQ clusters! + provisioner: + crossplane: + compositeResourceDefinition: xrabbitmqclusters.messaging.tanzu.japan.com +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: rmqcluster-read-writer + labels: + services.tanzu.vmware.com/aggregate-to-provider-kubernetes: "true" +rules: +- apiGroups: + - rabbitmq.com + resources: + - rabbitmqclusters + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: app-operator-claim-class-bigcorp-rabbitmq + labels: + apps.tanzu.vmware.com/aggregate-to-app-operator-cluster-access: "true" +rules: +- apiGroups: + - services.apps.tanzu.vmware.com + resources: + - clusterinstanceclasses + resourceNames: + - dynamic-rabbitmq + verbs: + - claim diff --git a/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-rabbitmq/overlay.yaml b/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-rabbitmq/overlay.yaml new file mode 100644 index 0000000..996de04 --- /dev/null +++ b/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-rabbitmq/overlay.yaml @@ -0,0 +1,151 @@ +#@ load("@ytt:data", "data") +#@ load("@ytt:overlay", "overlay") + + +#@ if data.values.rabbitmq.enabled: +#@ if data.values.rabbitmq.package.install: +apiVersion: v1 +kind: Namespace +metadata: + name: rabbitmq-install + labels: + pod-security.kubernetes.io/audit: privileged +--- +apiVersion: v1 +kind: Secret +metadata: + name: tap-registry + namespace: rabbitmq-install + annotations: + secretgen.carvel.dev/image-pull-secret: "" +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: e30K +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kapp-sa + namespace: rabbitmq-install +secrets: + - name: tap-registry +imagePullSecrets: + - name: tap-registry +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: rabbit-kapp-role-binding + namespace: rabbitmq-install +subjects: +- kind: ServiceAccount + name: kapp-sa + namespace: rabbitmq-install +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +--- +apiVersion: packaging.carvel.dev/v1alpha1 +kind: PackageRepository +metadata: + generation: 2 + name: tmq-pack + namespace: rabbitmq-install + annotations: + kapp.k14s.io/change-group: "pkgr" +spec: + fetch: + imgpkgBundle: + image: #@ data.values.rabbitmq.package.repo + ":" + data.values.rabbitmq.package.version +--- +apiVersion: packaging.carvel.dev/v1alpha1 +kind: PackageInstall +metadata: + name: rabbitmq + namespace: rabbitmq-install +spec: + serviceAccountName: kapp-sa + packageRef: + refName: rabbitmq.tanzu.vmware.com + versionSelection: + constraints: #@ data.values.rabbitmq.package.operator_version +#@ end +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: resource-claims-rmq + labels: + servicebinding.io/controller: "true" +rules: +- apiGroups: ["rabbitmq.com"] + resources: ["rabbitmqclusters"] + verbs: ["get", "list", "watch"] +--- +apiVersion: services.apps.tanzu.vmware.com/v1alpha1 +kind: ClusterInstanceClass +metadata: + name: rabbitmq +spec: + description: + short: It's a RabbitMQ cluster! + pool: + group: rabbitmq.com + kind: RabbitmqCluster +--- +apiVersion: services.apps.tanzu.vmware.com/v1alpha1 +kind: ResourceClaimPolicy +metadata: + name: rabbitmqcluster-cross-namespace + namespace: service-instances +spec: + consumingNamespaces: + - '*' + subject: + group: rabbitmq.com + kind: RabbitmqCluster +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: rabbitmqclusters.rabbitmq.com + annotations: + kapp.k14s.io/exists: "" + kapp.k14s.io/change-group: "tkcrd" +spec: + group: rabbitmq.com + versions: + - name: v1beta1 + names: + kind: RabbitmqCluster + scope: Namespaced +#@ count = data.values.rabbitmq.count + 1 +#@ for j in range(1,count): +--- +apiVersion: rabbitmq.com/v1beta1 +kind: RabbitmqCluster +metadata: + name: #@ "rmq-" + str(j) + namespace: service-instances + annotations: + kapp.k14s.io/change-rule: "upsert after upserting tkcrd" +spec: + imagePullSecrets: + - name: tap-registry + resources: + limits: + cpu: 500m + memory: 1Gi + requests: + cpu: 250m + memory: 250Mi + rabbitmq: + additionalPlugins: + - rabbitmq_shovel + - rabbitmq_shovel_management + - rabbitmq_management + - rabbitmq_prometheus + - rabbitmq_peer_discovery_k8s +#@ end +#@ end diff --git a/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-rabbitmq/xrabbitmqclusters.messaging.tanzu.japan.com.composition.yaml b/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-rabbitmq/xrabbitmqclusters.messaging.tanzu.japan.com.composition.yaml new file mode 100644 index 0000000..241717c --- /dev/null +++ b/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-rabbitmq/xrabbitmqclusters.messaging.tanzu.japan.com.composition.yaml @@ -0,0 +1,143 @@ +apiVersion: apiextensions.crossplane.io/v1 +kind: Composition +metadata: + name: xrabbitmqclusters.messaging.tanzu.japan.com +spec: + compositeTypeRef: + apiVersion: messaging.tanzu.japan.com/v1alpha1 + kind: XRabbitmqCluster + resources: + - base: + apiVersion: kubernetes.crossplane.io/v1alpha1 + kind: Object + spec: + forProvider: + manifest: + apiVersion: rabbitmq.com/v1beta1 + kind: RabbitmqCluster + metadata: + namespace: service-instances + spec: + resources: + limits: + cpu: 500m + memory: 1Gi + requests: + cpu: 250m + memory: 250Mi + imagePullSecrets: + - name: tap-registry + rabbitmq: + additionalPlugins: + - rabbitmq_shovel + - rabbitmq_shovel_management + - rabbitmq_management + - rabbitmq_prometheus + - rabbitmq_peer_discovery_k8s + connectionDetails: + - apiVersion: v1 + kind: Secret + namespace: service-instances + fieldPath: data.provider + toConnectionSecretKey: provider + - apiVersion: v1 + kind: Secret + namespace: service-instances + fieldPath: data.type + toConnectionSecretKey: type + - apiVersion: v1 + kind: Secret + namespace: service-instances + fieldPath: data.host + toConnectionSecretKey: host + - apiVersion: v1 + kind: Secret + namespace: service-instances + fieldPath: data.port + toConnectionSecretKey: port + - apiVersion: v1 + kind: Secret + namespace: service-instances + fieldPath: data.username + toConnectionSecretKey: username + - apiVersion: v1 + kind: Secret + namespace: service-instances + fieldPath: data.password + toConnectionSecretKey: password + writeConnectionSecretToRef: + namespace: service-instances + connectionDetails: + - fromConnectionSecretKey: provider + - fromConnectionSecretKey: type + - fromConnectionSecretKey: host + - fromConnectionSecretKey: port + - fromConnectionSecretKey: username + - fromConnectionSecretKey: password + patches: + - fromFieldPath: metadata.name + toFieldPath: spec.forProvider.manifest.metadata.name + type: FromCompositeFieldPath + - fromFieldPath: spec.service.type + toFieldPath: spec.forProvider.manifest.spec.service.type + type: FromCompositeFieldPath + - fromFieldPath: metadata.name + toFieldPath: spec.writeConnectionSecretToRef.name + transforms: + - string: + fmt: '%s-rmq' + type: Format + type: string + type: FromCompositeFieldPath + - fromFieldPath: metadata.name + toFieldPath: spec.connectionDetails[0].name + transforms: + - string: + fmt: '%s-default-user' + type: Format + type: string + type: FromCompositeFieldPath + - fromFieldPath: metadata.name + toFieldPath: spec.connectionDetails[1].name + transforms: + - string: + fmt: '%s-default-user' + type: Format + type: string + type: FromCompositeFieldPath + - fromFieldPath: metadata.name + toFieldPath: spec.connectionDetails[2].name + transforms: + - string: + fmt: '%s-default-user' + type: Format + type: string + type: FromCompositeFieldPath + - fromFieldPath: metadata.name + toFieldPath: spec.connectionDetails[3].name + transforms: + - string: + fmt: '%s-default-user' + type: Format + type: string + type: FromCompositeFieldPath + - fromFieldPath: metadata.name + toFieldPath: spec.connectionDetails[4].name + transforms: + - string: + fmt: '%s-default-user' + type: Format + type: string + type: FromCompositeFieldPath + - fromFieldPath: metadata.name + toFieldPath: spec.connectionDetails[5].name + transforms: + - string: + fmt: '%s-default-user' + type: Format + type: string + type: FromCompositeFieldPath + readinessChecks: + - type: MatchString + fieldPath: status.atProvider.manifest.status.conditions[1].status # ClusterAvailable + matchString: "True" diff --git a/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-rabbitmq/xrabbitmqclusters.messaging.tanzu.japan.com.xrd.yaml b/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-rabbitmq/xrabbitmqclusters.messaging.tanzu.japan.com.xrd.yaml new file mode 100644 index 0000000..e82b5c0 --- /dev/null +++ b/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/tanzu-rabbitmq/xrabbitmqclusters.messaging.tanzu.japan.com.xrd.yaml @@ -0,0 +1,43 @@ +apiVersion: apiextensions.crossplane.io/v1 +kind: CompositeResourceDefinition +metadata: + name: xrabbitmqclusters.messaging.tanzu.japan.com +spec: + connectionSecretKeys: + - host + - password + - port + - provider + - type + - username + group: messaging.tanzu.japan.com + names: + kind: XRabbitmqCluster + plural: xrabbitmqclusters + versions: + - name: v1alpha1 + referenceable: true + served: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + properties: + service: + default: + type: ClusterIP + description: The desired state of the Kubernetes Service to create + for the cluster. + properties: + type: + default: ClusterIP + description: 'Type of Service to create for the cluster. Must + be one of: ClusterIP, LoadBalancer, NodePort. For more info + see https://pkg.go.dev/k8s.io/api/core/v1#ServiceType' + enum: + - ClusterIP + - LoadBalancer + - NodePort + type: string + type: object diff --git a/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/values.yaml b/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/values.yaml new file mode 100644 index 0000000..29a6855 --- /dev/null +++ b/manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1/values.yaml @@ -0,0 +1,82 @@ +#@data/values-schema +--- +#@schema/desc "Rabbitmq starter" +rabbitmq: + #@schema/desc "Enable starter" + enabled: true + #@schema/desc "package installation" + package: + #@schema/desc "install via carvel" + install: true + #@schema/desc "install repo" + repo: registry.tanzu.vmware.com/p-rabbitmq-for-kubernetes/tanzu-rabbitmq-package-repo + #@schema/desc "install version" + version: 1.5.2 + #@schema/desc "operator version" + operator_version: 1.5.2 + #@schema/desc "instance count" + count: 0 + +#@schema/desc "Postgres starter" +postgres: + #@schema/desc "Enable starter" + enabled: true + #@schema/desc "package installation" + package: + #@schema/desc "install via carvel" + install: true + #@schema/desc "install repo" + repo: registry.tanzu.vmware.com/packages-for-vmware-tanzu-data-services/tds-packages + #@schema/desc "install version" + version: 1.9.1 + #@schema/desc "operator version" + operator_version: 2.2.1 + #@schema/desc "instance count" + count: 1 + #@schema/desc "storage class" + storage_class: default + #@schema/desc "instance version" + instance_version: postgres-14 + +#@schema/desc "Gemfire starter" +gemfire: + #@schema/desc "Enable starter" + enabled: true + #@schema/desc "package installation" + package: + #@schema/desc "install via carvel" + install: true + #@schema/desc "install repo" + repo: registry.tanzu.vmware.com/tanzu-gemfire-for-kubernetes/gemfire-for-kubernetes-carvel-bundle + #@schema/desc "install version" + version: 2.3.0 + #@schema/desc "instance count" + count: 1 + #@schema/desc "gemfire image" + image: + repo: registry.tanzu.vmware.com/pivotal-gemfire/vmware-gemfire + version: 9.15.9 + #@schema/desc "redis adapter image" + redis_adapter: + repo: registry.tanzu.vmware.com/tanzu-gemfire-for-redis-apps/gemfire-for-redis-apps + version: 1.1.0 + +#@schema/desc "AppSSO starter" +sso: + #@schema/desc "tls setting" + tls: + #@schema/desc "enable (recommended to true)" + enabled: false + #@schema/desc "cert name" + certname: cnrs-default-tls + #@schema/desc "cert namespace" + certnamespace: tanzu-system-ingress + #@schema/desc "Enable test users" + testuser_enabled: true + #@schema/desc "Providers" + #@schema/type any=True + providers: [] + #@schema/desc "Redirect URLs" + redirect_urls: + - https://example.com + diff --git a/packages/tap-toolkit-starter.tanzu.japan.com/1.7.1.yaml b/packages/tap-toolkit-starter.tanzu.japan.com/1.7.1.yaml index 28d486b..c5ffb69 100644 --- a/packages/tap-toolkit-starter.tanzu.japan.com/1.7.1.yaml +++ b/packages/tap-toolkit-starter.tanzu.japan.com/1.7.1.yaml @@ -1,10 +1,10 @@ apiVersion: data.packaging.carvel.dev/v1alpha1 kind: Package metadata: - name: tap-toolkit-starter.tanzu.japan.com.1.6.1 + name: tap-toolkit-starter.tanzu.japan.com.1.7.1 spec: refName: tap-toolkit-starter.tanzu.japan.com - version: 1.6.1 + version: 1.7.1 valuesSchema: openAPIv3: title: tap-toolkit-starter.tanzu-jp values schema @@ -34,11 +34,11 @@ spec: version: type: string description: install version - default: 1.5.0 + default: 1.5.2 operator_version: type: string description: operator version - default: 1.5.0 + default: 1.5.2 count: type: integer description: instance count @@ -68,11 +68,11 @@ spec: version: type: string description: install version - default: 1.8.0 + default: 1.9.1 operator_version: type: string description: operator version - default: 2.1.0 + default: 2.2.1 count: type: integer description: instance count @@ -110,7 +110,7 @@ spec: version: type: string description: install version - default: 2.2.0 + default: 2.3.0 count: type: integer description: instance count @@ -125,7 +125,7 @@ spec: default: registry.tanzu.vmware.com/pivotal-gemfire/vmware-gemfire version: type: string - default: 9.15.4 + default: 9.15.9 redis_adapter: type: object additionalProperties: false @@ -180,7 +180,7 @@ spec: - git: url: https://github.com/mhoshi-vm/tap-carvel ref: origin/pkgr - subPath: manifests/tap-toolkit-starter.tanzu.japan.com/1.6.1 + subPath: manifests/tap-toolkit-starter.tanzu.japan.com/1.7.1 template: - ytt: {} deploy: