ROX-31352: Move fleetshard-sync to a dedicated chart

.github/workflows/aws-integration.yaml

@@ -17,7 +17,6 @@ on:
       - 'docs/**'
       - 'pkg/api/openapi/docs/**'
       - 'pkg/api/openapi/.openapi-generator-ignore'
-      - 'dp-terraform/**'
       - 'deploy/**'
       - '.design-proposals/**'
 
@@ -35,7 +34,6 @@ on:
       - 'docs/**'
       - 'pkg/api/openapi/docs/**'
       - 'pkg/api/openapi/.openapi-generator-ignore'
-      - 'dp-terraform/**'
       - 'deploy/**'
       - '.design-proposals/**'
 

.github/workflows/multicluster-e2e.yaml

@@ -12,6 +12,7 @@ on:
       - 'scripts/lib/**'
       - 'internal/central/pkg/handlers/admin_central.go'
       - 'internal/central/pkg/services/central.go'
+      - 'deploy/charts/fleetshard-sync/**'
 
   pull_request:
     types: [opened, synchronize, reopened, ready_for_review]
@@ -23,6 +24,7 @@ on:
       - 'scripts/lib/**'
       - 'internal/central/pkg/handlers/admin_central.go'
       - 'internal/central/pkg/services/central.go'
+      - 'deploy/charts/fleetshard-sync/**'
 
 # Cancel previous runs
 # see: https://docs.github.com/en/actions/how-tos/write-workflows/choose-when-workflows-run/control-workflow-concurrency

.openshift-ci/e2e-runtime/Dockerfile

@@ -34,6 +34,11 @@ RUN curl -L --retry 10 --silent --show-error --fail -o "/usr/local/bin/ocm" \
     "https://github.com/openshift-online/ocm-cli/releases/download/v${OCM_VERSION}/ocm-linux-amd64" && \
     chmod +x /usr/local/bin/ocm
 
+RUN curl -L --retry 10 --silent --show-error --fail -o /usr/local/bin/helm \
+    "https://mirror.openshift.com/pub/openshift-v4/clients/helm/latest/helm-linux-amd64" && \
+    chmod +x /usr/local/bin/helm && \
+    helm version
+
 RUN mkdir /src $GOPATH
 WORKDIR /src
 

Makefile

@@ -256,7 +256,7 @@ verify: check-gopath openapi/validate
 		./fleetshard/... \
 		./probe/... \
 		./emailsender/... \
-		./dp-terraform/test/... \
+		./deploy/test/... \
 		./fleetshard-operator/...
 .PHONY: verify
 
@@ -342,12 +342,12 @@ test/integration/central: $(GOTESTSUM_BIN)
 				./internal/central/test/integration/...
 .PHONY: test/integration/central
 
-test/dp-terraform: $(GOTESTSUM_BIN)
+test/deploy: $(GOTESTSUM_BIN)
 	$(GOTESTSUM_BIN) --format $(GOTESTSUM_FORMAT) -- -p 1 -ldflags -s -v -timeout $(TEST_TIMEOUT) -count=1 $(TESTFLAGS) \
-				./dp-terraform/test/...
-.PHONY: test/dp-terraform
+				./deploy/test...
+.PHONY: test/deploy
 
-test/integration: test/integration/central test/dp-terraform
+test/integration: test/integration/central test/deploy
 .PHONY: test/integration
 
 # remove OSD cluster after running tests against real OCM
@@ -905,6 +905,25 @@ deploy/emailsender:
 .PHONY: deploy/emailsender
 
 undeploy/emailsender:
-	@helm uninstall -n "$(NAMESPACE)" emailsender
-	@kubectl delete -n "$(NAMESPACE)" -f "dev/env/manifests/emailsender-db"
+	@helm uninstall -n "$(NAMESPACE)" emailsender --ignore-not-found
+	@kubectl delete -n "$(NAMESPACE)" -f "dev/env/manifests/emailsender-db" --ignore-not-found=true
 .PHONY: undeploy/emailsender
+
+deploy/fleetshard-sync: FLEET_MANAGER_IMAGE?="$(IMAGE_NAME):$(image_tag)"
+deploy/fleetshard-sync: ARGOCD_TENANT_APP_TARGET_REVISION?="HEAD"
+deploy/fleetshard-sync: ARGOCD_NAMESPACE?="openshift-gitops"
+deploy/fleetshard-sync: MANAGED_DB_ENABLED?="false"
+deploy/fleetshard-sync:
+	@helm upgrade --install -n "$(NAMESPACE)" fleetshard-sync "deploy/charts/fleetshard-sync" \
+		--values "dev/env/values/fleetshard-sync/values.yaml" \
+		--set image.ref="$(FLEET_MANAGER_IMAGE)" \
+		--set gitops.tenantDefaultAppSourceTargetRevision="$(ARGOCD_TENANT_APP_TARGET_REVISION)" \
+		--set argoCdNamespace="$(ARGOCD_NAMESPACE)" \
+		--set managedDB.enabled="$(MANAGED_DB_ENABLED)" \
+		--set managedDB.subnetGroup="$(MANAGED_DB_SUBNET_GROUP)" \
+		--set managedDB.securityGroup="$(MANAGED_DB_SECURITY_GROUP)"
+.PHONY: deploy/fleetshard-sync
+
+undeploy/fleetshard-sync:
+	@helm uninstall -n "$(NAMESPACE)" fleetshard-sync --ignore-not-found
+.PHONY: undeploy/fleetshard-sync

README.md

@@ -12,9 +12,9 @@ ACS fleet-manager repository for the ACS managed service.
 ├── cmd                 -- cmd entry points
 ├── config              -- various fleet-manager configurations
 ├── dashboards          -- grafana dashboards
+├── deploy              -- helm charts for application deployment
 ├── docs                -- documentation
 ├── docker              -- docker images
-├── dp-terraform        -- terraforming scripts for data-plane clusters
 ├── e2e                 -- e2e tests
 ├── fleetshard          -- source code for fleetshard-synchronizer
 ├── internal            -- internal source code

dp-terraform/helm/rhacs-terraform/Chart.yaml → deploy/charts/fleetshard-sync/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
-name: rhacs-terraform
-description: "Chart to terraform data plane OSD clusters"
+name: fleetshard-sync
+description: Chart to deploy fleetshard-sync component to RHACS dataplane clusters
 
 # A chart can be either an 'application' or a 'library' chart.
 #
@@ -15,13 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: "0.5.0"
+version: 0.1.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.5.0"
-
-# List of sub-charts and other dependencies
-dependencies: []
+appVersion: "0.1.0"

dp-terraform/helm/rhacs-terraform/templates/fleetshard-sync.yaml → deploy/charts/fleetshard-sync/templates/deployment.yaml

@@ -15,103 +15,103 @@ spec:
   template:
     metadata:
       annotations:
-        rhacs.redhat.com/cluster-name: {{ .Values.fleetshardSync.clusterName | quote }}
-        rhacs.redhat.com/environment: {{ .Values.fleetshardSync.environment | quote }}
+        rhacs.redhat.com/cluster-name: {{ .Values.clusterName | quote }}
+        rhacs.redhat.com/environment: {{ .Values.environment | quote }}
       labels:
         app: fleetshard-sync
     spec:
-      {{- with .Values.fleetshardSync.affinity }}
+      {{- with .Values.affinity }}
       affinity:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.fleetshardSync.tolerations }}
+      {{- with .Values.tolerations }}
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.fleetshardSync.nodeSelector }}
+      {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       serviceAccountName: fleetshard-sync
       containers:
       - name: fleetshard-sync
-        {{- with .Values.fleetshardSync.image }}
+        {{- with .Values.image }}
         {{- if .ref }}
         image: "{{ .ref }}"
         {{- else }}
-        image: "{{ .repo }}:{{ .tag | default $.Values.global.image.tag }}"
+        image: "{{ .repo }}:{{ .tag }}"
         {{- end }}
         {{- end }}
         imagePullPolicy: IfNotPresent
         command:
         - /usr/local/bin/fleetshard-sync
         env:
         - name: OCM_TOKEN
-          value: {{ .Values.fleetshardSync.ocmToken }}
+          value: {{ .Values.ocmToken }}
         - name: FLEET_MANAGER_ENDPOINT
-          value: {{ .Values.fleetshardSync.fleetManagerEndpoint }}
+          value: {{ .Values.fleetManagerEndpoint }}
         - name: CLUSTER_ID
-          value: {{ .Values.fleetshardSync.clusterId }}
+          value: {{ .Values.clusterId }}
         - name: CLUSTER_NAME
-          value: {{ .Values.fleetshardSync.clusterName }}
+          value: {{ .Values.clusterName }}
         - name: ENVIRONMENT
-          value: {{ .Values.fleetshardSync.environment }}
+          value: {{ .Values.environment }}
         - name: CREATE_AUTH_PROVIDER
-          value: "{{ .Values.fleetshardSync.createAuthProvider }}"
+          value: "{{ .Values.createAuthProvider }}"
         - name: AUTH_TYPE
-          value: {{ .Values.fleetshardSync.authType }}
-        {{- if eq "STATIC_TOKEN" .Values.fleetshardSync.authType }}
+          value: {{ .Values.authType }}
+        {{- if eq "STATIC_TOKEN" .Values.authType }}
         - name: STATIC_TOKEN
-          value: {{ .Values.fleetshardSync.staticToken }}
+          value: {{ .Values.staticToken }}
         {{- end }}
         - name: AUDIT_LOG_ENABLED
-          value: {{ .Values.fleetshardSync.auditLogs.enabled | quote }}
+          value: {{ .Values.auditLogs.enabled | quote }}
         - name: AUDIT_LOG_SKIP_TLS_VERIFY
-          value: {{ .Values.fleetshardSync.auditLogs.skipTLSVerify | quote }}
+          value: {{ .Values.auditLogs.skipTLSVerify | quote }}
         - name: MANAGED_DB_ENABLED
-          value: {{ .Values.fleetshardSync.managedDB.enabled | quote }}
-        {{- if eq .Values.fleetshardSync.managedDB.enabled true }}
+          value: {{ .Values.managedDB.enabled | quote }}
+        {{- if eq .Values.managedDB.enabled true }}
         - name: MANAGED_DB_SUBNET_GROUP
-          value: {{ required "fleetshardSync.managedDB.subnetGroup is required when fleetshardSync.managedDB.enabled = true" .Values.fleetshardSync.managedDB.subnetGroup }}
+          value: {{ required "managedDB.subnetGroup is required when managedDB.enabled = true" .Values.managedDB.subnetGroup }}
         - name: MANAGED_DB_SECURITY_GROUP
-          value: {{ required "fleetshardSync.managedDB.securityGroup is required when fleetshardSync.managedDB.enabled = true" .Values.fleetshardSync.managedDB.securityGroup }}
+          value: {{ required "managedDB.securityGroup is required when managedDB.enabled = true" .Values.managedDB.securityGroup }}
         - name: MANAGED_DB_PERFORMANCE_INSIGHTS
-          value: {{ .Values.fleetshardSync.managedDB.performanceInsights | quote }}
+          value: {{ .Values.managedDB.performanceInsights | quote }}
         - name: MANAGED_DB_ENGINE_VERSION
-          value: {{ .Values.fleetshardSync.managedDB.engineVersion | quote }}
+          value: {{ .Values.managedDB.engineVersion | quote }}
         - name: MANAGED_DB_AUTO_VERSION_UPGRADE
-          value: {{ .Values.fleetshardSync.managedDB.autoVersionUpgrade | quote }}
+          value: {{ .Values.managedDB.autoVersionUpgrade | quote }}
         - name: MANAGED_DB_BACKUP_RETENTION_PERIOD
-          value: {{ .Values.fleetshardSync.managedDB.backupRetentionPeriod }}
+          value: {{ .Values.managedDB.backupRetentionPeriod }}
         - name: MANAGED_DB_CLUSTER_PARAMETER_GROUP
-          value: {{ .Values.fleetshardSync.managedDB.clusterParameterGroup | quote }}
+          value: {{ .Values.managedDB.clusterParameterGroup | quote }}
         - name: MANAGED_DB_MIN_CAPACITY_ACU
-          value: {{ .Values.fleetshardSync.managedDB.minCapacityACU }}
+          value: {{ .Values.managedDB.minCapacityACU }}
         - name: MANAGED_DB_MAX_CAPACITY_ACU
-          value: {{ .Values.fleetshardSync.managedDB.maxCapacityACU }}
-        {{- range $i, $tag := .Values.fleetshardSync.managedDB.sharedTags }}
+          value: {{ .Values.managedDB.maxCapacityACU }}
+        {{- range $i, $tag := .Values.managedDB.sharedTags }}
         - name: MANAGED_DB_TAGS_{{ $i }}_KEY
           value: {{ $tag.key | quote }}
         - name: MANAGED_DB_TAGS_{{ $i }}_VALUE
           value: {{ $tag.value | quote }}
         {{- end }}
         - name: SECRET_ENCRYPTION_TYPE
-          value: {{ .Values.fleetshardSync.secretEncryption.type | quote }}
+          value: {{ .Values.secretEncryption.type | quote }}
         - name: SECRET_ENCRYPTION_KEY_ID
-          value: {{ .Values.fleetshardSync.secretEncryption.keyID | quote }}
+          value: {{ .Values.secretEncryption.keyID | quote }}
         {{- end }}
         - name: AWS_REGION
-          value: {{ .Values.fleetshardSync.aws.region }}
+          value: {{ .Values.aws.region }}
         - name: AWS_ROLE_ARN
-          value: {{ .Values.fleetshardSync.aws.roleArn | quote }}
+          value: {{ .Values.aws.roleArn | quote }}
         - name: TELEMETRY_STORAGE_ENDPOINT
-          value: {{ .Values.fleetshardSync.telemetry.storage.endpoint | quote }}
+          value: {{ .Values.telemetry.storage.endpoint | quote }}
         - name: TELEMETRY_STORAGE_KEY
           valueFrom:
             secretKeyRef:
               name: fleetshard-sync
               key: "telemetry-storage-key"
-        {{- if .Values.fleetshardSync.aws.enableTokenAuth }}
+        {{- if .Values.aws.enableTokenAuth }}
         - name: AWS_WEB_IDENTITY_TOKEN_FILE
           value: "/var/run/secrets/tokens/aws-token"
         {{- else }}
@@ -127,47 +127,47 @@ spec:
               key: "aws-secret-access-key"
         {{- end }}
         - name: RHACS_GITOPS_ENABLED
-          value: {{ .Values.fleetshardSync.gitops.enabled | quote }}
+          value: {{ .Values.gitops.enabled | quote }}
         - name: RHACS_TARGETED_OPERATOR_UPGRADES
-          value: {{ .Values.fleetshardSync.targetedOperatorUpgrades.enabled | quote }}
+          value: {{ .Values.targetedOperatorUpgrades.enabled | quote }}
         - name: RHACS_ADDON_AUTO_UPGRADE
-          value: {{ .Values.fleetshardSync.addonAutoUpgradeEnabled | quote }}
+          value: {{ .Values.addonAutoUpgradeEnabled | quote }}
         - name: FLEETSHARD_ADDON_NAME
-          value: {{ .Values.fleetshardSync.addonName | quote }}
-        {{- if eq "SERVICE_ACCOUNT_TOKEN" .Values.fleetshardSync.authType }}
+          value: {{ .Values.addonName | quote }}
+        {{- if eq "SERVICE_ACCOUNT_TOKEN" .Values.authType }}
         - name: FLEET_MANAGER_TOKEN_FILE
           value: "/var/run/secrets/tokens/fleet-manager-token"
         {{- end }}
-        {{- if .Values.fleetshardSync.tenantImagePullSecret.name }}
+        {{- if .Values.tenantImagePullSecret.name }}
         - name: TENANT_IMAGE_PULL_SECRET
           valueFrom:
             secretKeyRef:
-              name: {{ .Values.fleetshardSync.tenantImagePullSecret.name | quote }}
-              key: {{ .Values.fleetshardSync.tenantImagePullSecret.key | quote }}
+              name: {{ .Values.tenantImagePullSecret.name | quote }}
+              key: {{ .Values.tenantImagePullSecret.key | quote }}
         {{- end }}
         - name: RHACS_PRINT_CENTRAL_UPDATE_DIFF
-          value: {{ .Values.fleetshardSync.printCentralUpdateDiff | quote }}
+          value: {{ .Values.printCentralUpdateDiff | quote }}
         - name: ARGOCD_NAMESPACE
-          value: {{ .Values.fleetshardSync.argoCdNamespace | quote }}
-        {{- if .Values.fleetshardSync.gitops.tenantDefaultAppSourceRepoUrl }}
+          value: {{ .Values.argoCdNamespace | quote }}
+        {{- if .Values.gitops.tenantDefaultAppSourceRepoUrl }}
         - name: TENANT_DEFAULT_ARGOCD_APP_SOURCE_REPO_URL
-          value: {{ .Values.fleetshardSync.gitops.tenantDefaultAppSourceRepoUrl | quote }}
+          value: {{ .Values.gitops.tenantDefaultAppSourceRepoUrl | quote }}
         {{- end }}
-        {{- if .Values.fleetshardSync.gitops.tenantDefaultAppSourceTargetRevision }}
+        {{- if .Values.gitops.tenantDefaultAppSourceTargetRevision }}
         - name: TENANT_DEFAULT_ARGOCD_APP_SOURCE_TARGET_REVISION
-          value: {{ .Values.fleetshardSync.gitops.tenantDefaultAppSourceTargetRevision | quote }}
+          value: {{ .Values.gitops.tenantDefaultAppSourceTargetRevision | quote }}
         {{- end }}
-        {{- if .Values.fleetshardSync.gitops.tenantDefaultAppSourcePath }}
+        {{- if .Values.gitops.tenantDefaultAppSourcePath }}
         - name: TENANT_DEFAULT_ARGOCD_APP_SOURCE_PATH
-          value: {{ .Values.fleetshardSync.gitops.tenantDefaultAppSourcePath | quote }}
+          value: {{ .Values.gitops.tenantDefaultAppSourcePath | quote }}
         {{- end }}
         volumeMounts:
           - mountPath: /var/run/secrets/tokens
             name: tokens
         ports:
         - name: monitoring
           containerPort: 8080
-        {{- with .Values.fleetshardSync.resources }}
+        {{- with .Values.resources }}
         resources: {{- toYaml . | nindent 10 }}
         {{- end }}
       volumes:
@@ -178,7 +178,7 @@ spec:
                   path: aws-token
                   audience: sts.amazonaws.com
                   expirationSeconds: 3600
-              {{- if eq "SERVICE_ACCOUNT_TOKEN" .Values.fleetshardSync.authType }}
+              {{- if eq "SERVICE_ACCOUNT_TOKEN" .Values.authType }}
               - serviceAccountToken:
                   path: fleet-manager-token
                   audience: acs-fleet-manager-private-api

dp-terraform/helm/rhacs-terraform/templates/fleetshard-sync-secret.yaml → deploy/charts/fleetshard-sync/templates/secret.yaml

@@ -1,12 +1,12 @@
-{{- if and (.Capabilities.APIVersions.Has "external-secrets.io/v1beta1") .Values.global.createExternalSecrets }}
+{{- if and (.Capabilities.APIVersions.Has "external-secrets.io/v1beta1") .Values.createExternalSecrets }}
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
   name: fleetshard-sync-ext-secret
   namespace: {{ .Release.Namespace }}
 spec:
   secretStoreRef:
-    name: {{ .Values.global.secretStore.aws.secretsManagerSecretStoreName }}
+    name: {{ .Values.secretStore.aws.secretsManagerSecretStoreName }}
     kind: ClusterSecretStore
   target:
     name: fleetshard-sync
@@ -16,7 +16,7 @@ spec:
       remoteRef:
         key: "fleetshard-sync"
         property: "telemetry_storage_key"
-    {{- if not .Values.fleetshardSync.aws.enableTokenAuth }}
+    {{- if not .Values.aws.enableTokenAuth }}
     - secretKey: aws-access-key-id # pragma: allowlist secret
       remoteRef:
         key: "fleetshard-sync"
@@ -26,7 +26,7 @@ spec:
         key: "fleetshard-sync"
         property: "aws_secret_access_key"
     {{- end }}
-{{- with .Values.fleetshardSync.tenantImagePullSecret }}
+{{- with .Values.tenantImagePullSecret }}
 {{- if and .create .name }}
 ---
 apiVersion: external-secrets.io/v1beta1
@@ -36,7 +36,7 @@ metadata:
   namespace: {{ $.Release.Namespace }}
 spec:
   secretStoreRef:
-    name: {{ $.Values.global.secretStore.aws.secretsManagerSecretStoreName }}
+    name: {{ $.Values.secretStore.aws.secretsManagerSecretStoreName }}
     kind: ClusterSecretStore
   target:
     name: {{ .name }}