From 1f5a9a9fa972738f5bdd2840b301d748afded1e8 Mon Sep 17 00:00:00 2001 From: Tom Chauveau Date: Wed, 22 Sep 2021 19:03:58 +0200 Subject: [PATCH 1/4] kubernetes #Resources definition now support secret kubeconfig Signed-off-by: Tom Chauveau --- stdlib/kubernetes/kubernetes.cue | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/stdlib/kubernetes/kubernetes.cue b/stdlib/kubernetes/kubernetes.cue index 3c1699d2..5f29af9b 100644 --- a/stdlib/kubernetes/kubernetes.cue +++ b/stdlib/kubernetes/kubernetes.cue @@ -65,7 +65,7 @@ import ( version: dagger.#Input & {*"v1.19.9" | string} // Kube config file - kubeconfig: dagger.#Input & {string} + kubeconfig: dagger.#Input & {string | dagger.#Secret} #code: #""" kubectl create namespace "$KUBE_NAMESPACE" > /dev/null 2>&1 || true @@ -89,11 +89,15 @@ import ( dest: "/entrypoint.sh" content: #code }, - op.#WriteFile & { - dest: "/kubeconfig" - content: kubeconfig - mode: 0o600 + + if (kubeconfig & string) != _|_ { + op.#WriteFile & { + dest: "/kubeconfig" + content: kubeconfig + mode: 0o600 + }, }, + if manifest != null { op.#WriteFile & { dest: "/source" @@ -120,6 +124,9 @@ import ( if manifest == null && source != null { mount: "/source": from: source } + if (kubeconfig & dagger.#Secret) != _|_ { + mount: "/kubeconfig": secret: kubeconfig + } }, ] } From 56083ed3d0e77aeee4f5f54e6ce30f2c08acfbcc Mon Sep 17 00:00:00 2001 From: Tom Chauveau Date: Wed, 22 Sep 2021 19:11:23 +0200 Subject: [PATCH 2/4] helm #Chart definition now support secret kubeconfig Signed-off-by: Tom Chauveau --- stdlib/kubernetes/helm/helm.cue | 41 +++++++++++++++++++-------------- 1 file changed, 24 insertions(+), 17 deletions(-) diff --git a/stdlib/kubernetes/helm/helm.cue b/stdlib/kubernetes/helm/helm.cue index bf0bca88..a35d9122 100644 --- a/stdlib/kubernetes/helm/helm.cue +++ b/stdlib/kubernetes/helm/helm.cue @@ -13,47 +13,47 @@ import ( #Chart: { // Helm deployment name - name: string @dagger(input) + name: dagger.#Input & {string} // Helm chart to install from source - chartSource?: dagger.#Artifact @dagger(input) + chartSource: *null | dagger.#Artifact // Helm chart to install from repository - chart?: string @dagger(input) + chart: dagger.#Input & {*null | string} // Helm chart repository - repository?: string @dagger(input) + repository: dagger.#Input & {string} // Helm values (either a YAML string or a Cue structure) - values?: string @dagger(input) + values: dagger.#Input & {string} // Kubernetes Namespace to deploy to - namespace: string @dagger(input) + namespace: dagger.#Input & {string} // Helm action to apply - action: *"installOrUpgrade" | "install" | "upgrade" @dagger(input) + action: dagger.#Input & {*"installOrUpgrade" | "install" | "upgrade"} // time to wait for any individual Kubernetes operation (like Jobs for hooks) - timeout: string | *"5m" @dagger(input) + timeout: dagger.#Input & {string | *"5m"} // if set, will wait until all Pods, PVCs, Services, and minimum number of // Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state // before marking the release as successful. // It will wait for as long as timeout - wait: *true | bool @dagger(input) + wait: dagger.#Input & {*true | bool} // if set, installation process purges chart on fail. // The wait option will be set automatically if atomic is used - atomic: *true | bool @dagger(input) + atomic: dagger.#Input & {*true | bool} // Kube config file - kubeconfig: string @dagger(input) + kubeconfig: dagger.#Input & {string | dagger.#Secret} // Helm version - version: *"3.5.2" | string @dagger(input) + version: dagger.#Input & {*"3.5.2" | string} // Kubectl version - kubectlVersion: *"v1.19.9" | string @dagger(input) + kubectlVersion: dagger.#Input & {*"v1.19.9" | string} #up: [ op.#Load & { @@ -86,11 +86,15 @@ import ( dest: "/entrypoint.sh" content: #code }, - op.#WriteFile & { - dest: "/kubeconfig" - content: kubeconfig - mode: 0o600 + + if (kubeconfig & string) != _|_ { + op.#WriteFile & { + dest: "/kubeconfig" + content: kubeconfig + mode: 0o600 + } }, + if chart != _|_ { op.#WriteFile & { dest: "/helm/chart" @@ -130,6 +134,9 @@ import ( if chartSource != _|_ && chart == _|_ { "/helm/chart": from: chartSource } + if (kubeconfig & dagger.#Secret) != _|_ { + "/kubeconfig": secret: kubeconfig + } } }, ] From 7991991a3c02bf3eb64b301760dce2fd1b027285 Mon Sep 17 00:00:00 2001 From: Tom Chauveau Date: Wed, 22 Sep 2021 19:11:35 +0200 Subject: [PATCH 3/4] Update documentation Signed-off-by: Tom Chauveau --- docs/reference/kubernetes/README.md | 2 +- docs/reference/kubernetes/helm.md | 5 ++++- stdlib/kubernetes/helm/helm.cue | 12 ++++++------ stdlib/kubernetes/helm/tests/helm.cue | 4 ++-- stdlib/kubernetes/kubernetes.cue | 2 +- 5 files changed, 14 insertions(+), 11 deletions(-) diff --git a/docs/reference/kubernetes/README.md b/docs/reference/kubernetes/README.md index d2f71aa4..0e702977 100644 --- a/docs/reference/kubernetes/README.md +++ b/docs/reference/kubernetes/README.md @@ -37,7 +37,7 @@ Apply Kubernetes resources |*url* | `*null \| string` |Kubernetes manifest url to deploy remote configuration | |*namespace* | `*"default" \| string` |Kubernetes Namespace to deploy to | |*version* | `*"v1.19.9" \| string` |Version of kubectl client | -|*kubeconfig* | `string` |Kube config file | +|*kubeconfig* | `dagger.#Secret` |Kube config file | ### kubernetes.#Resources Outputs diff --git a/docs/reference/kubernetes/helm.md b/docs/reference/kubernetes/helm.md index 39c6c010..f17e5e56 100644 --- a/docs/reference/kubernetes/helm.md +++ b/docs/reference/kubernetes/helm.md @@ -19,12 +19,15 @@ Install a Helm chart | Name | Type | Description | | ------------- |:-------------: |:-------------: | |*name* | `string` |Helm deployment name | +|*chart* | `*null \| string` |Helm chart to install from repository | +|*repository* | `*null \| string` |Helm chart repository | +|*values* | `*null \| string` |Helm values (either a YAML string or a Cue structure) | |*namespace* | `string` |Kubernetes Namespace to deploy to | |*action* | `*"installOrUpgrade" \| "install" \| "upgrade"` |Helm action to apply | |*timeout* | `*"5m" \| string` |time to wait for any individual Kubernetes operation (like Jobs for hooks) | |*wait* | `*true \| bool` |if set, will wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. It will wait for as long as timeout | |*atomic* | `*true \| bool` |if set, installation process purges chart on fail. The wait option will be set automatically if atomic is used | -|*kubeconfig* | `string` |Kube config file | +|*kubeconfig* | `dagger.#Secret` |Kube config file | |*version* | `*"3.5.2" \| string` |Helm version | |*kubectlVersion* | `*"v1.19.9" \| string` |Kubectl version | diff --git a/stdlib/kubernetes/helm/helm.cue b/stdlib/kubernetes/helm/helm.cue index a35d9122..8c0a9beb 100644 --- a/stdlib/kubernetes/helm/helm.cue +++ b/stdlib/kubernetes/helm/helm.cue @@ -22,10 +22,10 @@ import ( chart: dagger.#Input & {*null | string} // Helm chart repository - repository: dagger.#Input & {string} + repository: dagger.#Input & {*null | string} // Helm values (either a YAML string or a Cue structure) - values: dagger.#Input & {string} + values: dagger.#Input & {*null | string} // Kubernetes Namespace to deploy to namespace: dagger.#Input & {string} @@ -95,13 +95,13 @@ import ( } }, - if chart != _|_ { + if chart != null { op.#WriteFile & { dest: "/helm/chart" content: chart } }, - if (values & string) != _|_ { + if values != null { op.#WriteFile & { dest: "/helm/values.yaml" content: values @@ -121,7 +121,7 @@ import ( KUBECONFIG: "/kubeconfig" KUBE_NAMESPACE: namespace - if repository != _|_ { + if repository != null { HELM_REPO: repository } HELM_NAME: name @@ -131,7 +131,7 @@ import ( HELM_ATOMIC: strconv.FormatBool(atomic) } mount: { - if chartSource != _|_ && chart == _|_ { + if chartSource != null && chart == null { "/helm/chart": from: chartSource } if (kubeconfig & dagger.#Secret) != _|_ { diff --git a/stdlib/kubernetes/helm/tests/helm.cue b/stdlib/kubernetes/helm/tests/helm.cue index b72dc007..a1d5b916 100644 --- a/stdlib/kubernetes/helm/tests/helm.cue +++ b/stdlib/kubernetes/helm/tests/helm.cue @@ -7,9 +7,9 @@ import ( // We assume that a kinD cluster is running locally // To deploy a local KinD cluster, follow this link : https://kind.sigs.k8s.io/docs/user/quick-start/ -TestKubeconfig: string @dagger(input) +TestKubeconfig: dagger.#Input & {string} -TestChartSource: dagger.#Artifact @dagger(input) +TestChartSource: dagger.#Input & {dagger.#Artifact} // Deploy user local chart TestHelmSimpleChart: { diff --git a/stdlib/kubernetes/kubernetes.cue b/stdlib/kubernetes/kubernetes.cue index 5f29af9b..a5874558 100644 --- a/stdlib/kubernetes/kubernetes.cue +++ b/stdlib/kubernetes/kubernetes.cue @@ -95,7 +95,7 @@ import ( dest: "/kubeconfig" content: kubeconfig mode: 0o600 - }, + } }, if manifest != null { From 016e3764f1ae61455d8cbfd05c1493970e980d2b Mon Sep 17 00:00:00 2001 From: Tom Chauveau Date: Wed, 22 Sep 2021 21:38:40 +0200 Subject: [PATCH 4/4] Update Github PAT for CI Signed-off-by: Tom Chauveau --- stdlib/.dagger/env/git-commit/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/stdlib/.dagger/env/git-commit/values.yaml b/stdlib/.dagger/env/git-commit/values.yaml index b68716d0..fe5b6069 100644 --- a/stdlib/.dagger/env/git-commit/values.yaml +++ b/stdlib/.dagger/env/git-commit/values.yaml @@ -3,7 +3,7 @@ plan: name: git-commit inputs: TestAuthToken: - secret: ENC[AES256_GCM,data:OB4CfijwCnsvmvVhbV9BNlkhmuWtv1hu/nd7+E8+5tCBcXLbwOaMYQ==,iv:6+U+r/mmO07moQoitAr8Fm7bdTErJ5Ij3J21xIbEqIg=,tag:gmWLMFrVU+5l2O2pvb4Rug==,type:str] + secret: ENC[AES256_GCM,data:LiafjwWyVhTLpUEk8DXRN7xqWx7jcSH7yIZrTCkLV4P/yJeYu9G1rg==,iv:U0yksHX9AtVsHXZV08kmxa7IgVV6W+UltDfSYczsiP0=,tag:fTz9Bjq1mbE6ZX4ii7O7wg==,type:str] sops: kms: [] gcp_kms: [] @@ -19,8 +19,8 @@ sops: M3RnUDF5QlhhZUV4NHF5ZWhkcHVrNmcKUJIummOk3FX1Bert7gaMtbMpbosIf/d3 HBATJRng4VNmcSimSh14pDRxyW0NdIPA+oL4tidwLVbQQv/74+IGKg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2021-09-02T10:18:20Z" - mac: ENC[AES256_GCM,data:RoWci1iCDYMxmK5BIoB822G6U9bcffOGIxMkvY560N8qxjItEb/Syvboa9MOjzDUhNPwxpaUIklzra0sy3u57iRBVZPfJ8tH9WKSQYeQv0ObtBXLAOVv1o8VJQbAd0WFNzZ7K0SSP8hUKQieDRvvIOlCFlNzJs6atrY9q/GEj4o=,iv:MOWALgh400eQSateXVDKY1Xrq/HFaVN+B0yoJxD4X4o=,tag:L0Bz7tD6gUOr9LsPPA4Plw==,type:str] + lastmodified: "2021-09-22T19:38:08Z" + mac: ENC[AES256_GCM,data:AL3/BLYy8fCfkwqZsEc3m5tW5VIM17nS9KbL+ww3rnvxzr+mtzrRDxEZZhzQ5b/JR8VW3v+veSX1yFEWpMs1EK/SXuvIZYRTe0JdBGBs+l4Rn5CWeflQ5gJKsTGv2OYaQ46/mVucDlia0CX+W+Skn9591fzkopTE4sGJYAEnUR0=,iv:lJ+d/4CmH5ElP470OaDiDTloYoS0NXzDIosCYZqi+fk=,tag:DqXqsEAcuLSFAfZiSbWxcg==,type:str] pgp: [] encrypted_suffix: secret version: 3.7.1