[DONT MERGE] Added ability for third party rendering in BB
Summary
This is an exploration on how to simplify the addition of BigBang third party packages ontop of BigBang. This is an early piece to encourage the conversation around the API and UX for teams running bigbang, and not as a fully tested/functional implementation of the capability and all edge cases.
Problem statement:
- Passing of data from Bigbang into Third party chart (e.g. image pull secrets)
- simplify layout of gitops repos, and consolidate into BigBang values
- consistency of deployments of third party with best practices of BigBang
The off.yaml file is as follows and disables all internal BB packages
❯ cat dev/off.yaml
kiali:
enabled: false
jaeger:
enabled: false
fluentbit:
enabled: false
istio:
enabled: false
istiooperator:
enabled: false
logging:
enabled: false
eckoperator:
enabled: false
clusterAuditor:
enabled: false
monitoring:
enabled: false
twistlock:
enabled: false
gatekeeper:
enabled: falseThird Party Deployment of Certmanager and PodInfo:
thirdparty:
certmanager:
dependsOn:
- istio
- monitoring
helmrepo:
url: https://charts.jetstack.io
chart: cert-manager
version: 'v1.2.0'
podinfo:
dependsOn:
- certmanager
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/podinfo.git
path: "./chart"
branch: master
values:
# pass through to the podinfo chart
foo: barWould deploy the following objects:
❯ helm template -f ../dev/off.yaml -f ../dev/credentials.yaml -f thidparty.yaml --namespace=bigbang .
---
# Source: bigbang/templates/thirdparty/namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/name: certmanager
app.kubernetes.io/component: "thirdparty"
app.kubernetes.io/instance: "RELEASE-NAME"
app.kubernetes.io/version: "1.14.0"
app.kubernetes.io/part-of: "bigbang"
app.kubernetes.io/managed-by: "flux"
# What should we do here, and how should it be configurable?
istio-injection: enabled
# What should we do here, and how should it be configurable?
name: certmanager
---
# Source: bigbang/templates/thirdparty/namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
labels:
app.kubernetes.io/name: podinfo
app.kubernetes.io/component: "thirdparty"
app.kubernetes.io/instance: "RELEASE-NAME"
app.kubernetes.io/version: "1.14.0"
app.kubernetes.io/part-of: "bigbang"
app.kubernetes.io/managed-by: "flux"
# What should we do here, and how should it be configurable?
istio-injection: enabled
# What should we do here, and how should it be configurable?
name: podinfo
---
# Source: bigbang/templates/thirdparty/imagepullsecret.yaml
apiVersion: v1
kind: Secret
metadata:
name: private-registry
namespace: certmanager
labels:
app.kubernetes.io/name: certmanager
app.kubernetes.io/component: "thirdparty"
app.kubernetes.io/instance: "RELEASE-NAME"
app.kubernetes.io/version: "1.14.0"
app.kubernetes.io/part-of: "bigbang"
app.kubernetes.io/managed-by: "flux"
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: ZG9udCBsb29rIGF0IG1lCg==
---
# Source: bigbang/templates/thirdparty/imagepullsecret.yaml
apiVersion: v1
kind: Secret
metadata:
name: private-registry
namespace: podinfo
labels:
app.kubernetes.io/name: podinfo
app.kubernetes.io/component: "thirdparty"
app.kubernetes.io/instance: "RELEASE-NAME"
app.kubernetes.io/version: "1.14.0"
app.kubernetes.io/part-of: "bigbang"
app.kubernetes.io/managed-by: "flux"
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson:ZG9udCBsb29rIGF0IG1lCg==
---
# Source: bigbang/templates/thirdparty/values.yaml
apiVersion: v1
kind: Secret
metadata:
name: RELEASE-NAME-certmanager-values
namespace: bigbang
type: generic
stringData:
common: |
defaults:
|-
hostname: bigbang.dev
istio:
enabled: false
monitoring:
enabled: false
networkPolicies:
enabled: true
overlays: |
null
---
# Source: bigbang/templates/thirdparty/values.yaml
apiVersion: v1
kind: Secret
metadata:
name: RELEASE-NAME-podinfo-values
namespace: bigbang
type: generic
stringData:
common: |
defaults:
|-
hostname: bigbang.dev
istio:
enabled: false
monitoring:
enabled: false
networkPolicies:
enabled: true
overlays: |
foo: bar
---
# Source: bigbang/templates/thirdparty/gitrepository.yaml
---
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: GitRepository
metadata:
name: podinfo
namespace: bigbang
labels:
app.kubernetes.io/name: podinfo
app.kubernetes.io/component: "thirdparty"
app.kubernetes.io/instance: "RELEASE-NAME"
app.kubernetes.io/version: "1.14.0"
app.kubernetes.io/part-of: "bigbang"
app.kubernetes.io/managed-by: "flux"
spec:
interval: 2m
url: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/podinfo.git
ref:
branch: "master"
ignore: |
# exclude file extensions
/**/*.md
/**/*.txt
/**/*.sh
---
# Source: bigbang/templates/thirdparty/thidparty-helmrelease.yaml
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: certmanager
namespace: bigbang
labels:
app.kubernetes.io/name: certmanager
app.kubernetes.io/component: "thirdparty"
app.kubernetes.io/instance: "RELEASE-NAME"
app.kubernetes.io/version: "1.14.0"
app.kubernetes.io/part-of: "bigbang"
app.kubernetes.io/managed-by: "flux"
spec:
releaseName: certmanager
targetNamespace: certmanager
chart:
spec:
chart: cert-manager
version: v1.2.0
interval: 2m
sourceRef:
kind: HelmRepository
name: certmanager
namespace: bigbang
install:
remediation:
retries: 3
interval: 2m
rollback:
cleanupOnFail: true
timeout: 10m
test:
enable: false
timeout: 10m
upgrade:
cleanupOnFail: true
remediation:
remediateLastFailure: true
retries: 3
valuesFrom:
- name: RELEASE-NAME-certmanager-values
kind: Secret
valuesKey: "common"
- name: RELEASE-NAME-certmanager-values
kind: Secret
valuesKey: "defaults"
- name: RELEASE-NAME-certmanager-values
kind: Secret
valuesKey: "overlays"
dependsOn:
- name: istio
namespace: bigbang
- name: monitoring
namespace: bigbang
---
# Source: bigbang/templates/thirdparty/thidparty-helmrelease.yaml
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: podinfo
namespace: bigbang
labels:
app.kubernetes.io/name: podinfo
app.kubernetes.io/component: "thirdparty"
app.kubernetes.io/instance: "RELEASE-NAME"
app.kubernetes.io/version: "1.14.0"
app.kubernetes.io/part-of: "bigbang"
app.kubernetes.io/managed-by: "flux"
spec:
releaseName: podinfo
targetNamespace: podinfo
chart:
spec:
chart: ./chart
interval: 2m
sourceRef:
kind: GitRepository
name: podinfo
namespace: bigbang
install:
remediation:
retries: 3
interval: 2m
rollback:
cleanupOnFail: true
timeout: 10m
test:
enable: false
timeout: 10m
upgrade:
cleanupOnFail: true
remediation:
remediateLastFailure: true
retries: 3
valuesFrom:
- name: RELEASE-NAME-podinfo-values
kind: Secret
valuesKey: "common"
- name: RELEASE-NAME-podinfo-values
kind: Secret
valuesKey: "defaults"
- name: RELEASE-NAME-podinfo-values
kind: Secret
valuesKey: "overlays"
dependsOn:
- name: certmanager
namespace: bigbang
---
# Source: bigbang/templates/thirdparty/helmrepo.yaml
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: HelmRepository
metadata:
name: certmanager
namespace: bigbang
labels:
app.kubernetes.io/name: certmanager
app.kubernetes.io/component: "thirdparty"
app.kubernetes.io/instance: "RELEASE-NAME"
app.kubernetes.io/version: "1.14.0"
app.kubernetes.io/part-of: "bigbang"
app.kubernetes.io/managed-by: "flux"
spec:
interval: 2m
url: https://charts.jetstack.io
/cc @ablanchardEdited by runyontr