Use kustomize for installing gitsrv with GPG

Also, remove parameterization of secret names (in order to simplify things). We always used the same secret names anyways.
fluxcd · Nov 6, 2019 · cf9fba5 · cf9fba5
1 parent 33f5120
commit cf9fba5
Show file tree

Hide file tree

Showing 13 changed files with 43 additions and 97 deletions.
diff --git a/test/e2e/12_sync.bats b/test/e2e/12_sync.bats
@@ -10,7 +10,7 @@ clone_dir=""
 function setup() {
   kubectl create namespace "$FLUX_NAMESPACE"
   # Install flux and the git server, allowing external access
-  install_git_srv flux-git-deploy git_srv_result
+  install_git_srv git_srv_result
   # shellcheck disable=SC2154
   export GIT_SSH_COMMAND="${git_srv_result[0]}"
   # Teardown the created port-forward to gitsrv and restore Git settings.

diff --git a/test/e2e/13_sync_gc.bats b/test/e2e/13_sync_gc.bats
@@ -8,7 +8,7 @@ load lib/defer
 function setup() {
   kubectl create namespace "$FLUX_NAMESPACE"
   # Install flux and the git server, allowing external access
-  install_git_srv flux-git-deploy git_srv_result
+  install_git_srv git_srv_result
   # shellcheck disable=SC2154
   export GIT_SSH_COMMAND="${git_srv_result[0]}"
   # Teardown the created port-forward to gitsrv.

diff --git a/test/e2e/20_commit_signing.bats b/test/e2e/20_commit_signing.bats
@@ -10,7 +10,7 @@ function setup() {
   kubectl create namespace "${FLUX_NAMESPACE}" &> /dev/null
 
   # Install the git server, allowing external access
-  install_git_srv flux-git-deploy git_srv_result
+  install_git_srv git_srv_result
   # shellcheck disable=SC2154
   export GIT_SSH_COMMAND="${git_srv_result[0]}"
   # Teardown the created port-forward to gitsrv.

diff --git a/test/e2e/20_commit_verification.bats b/test/e2e/20_commit_verification.bats
@@ -24,7 +24,7 @@ function setup() {
 
   # Install the git server with signed init commit,
   # allowing external access
-  install_git_srv flux-git-deploy git_srv_result true
+  install_git_srv git_srv_result 20_gpg/gitsrv
 
   # Install Flux with the GPG key, and commit verification enabled
   install_flux_gpg "$gpg_key" true
@@ -78,7 +78,7 @@ function setup() {
   create_secret_from_gpg_key "$gpg_key"
 
   # Install the git server with _unsigned_ init commit
-  install_git_srv flux-git-deploy "" false
+  install_git_srv
 
   # Install Flux with the GPG key, and commit verification enabled
   install_flux_gpg "$gpg_key" true

diff --git a/test/e2e/fixtures/gitsrv-gpg.yaml b/test/e2e/fixtures/gitsrv-gpg.yaml
diff --git a/test/e2e/fixtures/kustom/13_sync_gc/kustomization.yaml b/test/e2e/fixtures/kustom/13_sync_gc/kustomization.yaml
@@ -1,5 +1,5 @@
 bases:
-- "../base"
+- "../base/flux"
 patchesJson6902:
 ## this patch is for test-specific patches; supply a filename to
 ## install_flux_with_fluxctl and it will use that rather than the

diff --git a/test/e2e/fixtures/kustom/20_gpg/gitsrv/gpg_patch.yaml b/test/e2e/fixtures/kustom/20_gpg/gitsrv/gpg_patch.yaml
@@ -0,0 +1,16 @@
+- op: add
+  path: /spec/template/spec/containers/0/env/-
+  value:
+    name: GPG_KEYFILE
+    value: /git-server/gpg/flux.asc
+- op: add
+  path: /spec/template/spec/containers/0/volumeMounts/-
+  value:
+    mountPath: /git-server/gpg
+    name: git-gpg-keys
+- op: add
+  path: /spec/template/spec/volumes/-
+  value:
+    name: git-gpg-keys
+    secret:
+      secretName: flux-gpg-signing-key
diff --git a/test/e2e/fixtures/kustom/20_gpg/gitsrv/kustomization.yaml b/test/e2e/fixtures/kustom/20_gpg/gitsrv/kustomization.yaml
@@ -0,0 +1,9 @@
+resources:
+- "../../base/gitsrv"
+patchesJson6902:
+- target:
+    group: apps
+    version: v1
+    kind: Deployment
+    name: gitsrv
+  path: gpg_patch.yaml
diff --git a/test/e2e/fixtures/kustom/base/e2e_patch.yaml → .../fixtures/kustom/base/flux/e2e_patch.yaml b/test/e2e/fixtures/kustom/base/e2e_patch.yaml → .../fixtures/kustom/base/flux/e2e_patch.yaml
diff --git a/...e/fixtures/kustom/base/kustomization.yaml → ...tures/kustom/base/flux/kustomization.yaml b/...e/fixtures/kustom/base/kustomization.yaml → ...tures/kustom/base/flux/kustomization.yaml
diff --git a/test/e2e/fixtures/gitsrv.yaml → ...e/fixtures/kustom/base/gitsrv/gitsrv.yaml b/test/e2e/fixtures/gitsrv.yaml → ...e/fixtures/kustom/base/gitsrv/gitsrv.yaml
@@ -35,7 +35,7 @@ spec:
       volumes:
       - name: flux-git-deploy
         secret:
-          secretName: $GIT_SECRET_NAME
+          secretName: flux-git-deploy
       - name: git-server-data
         emptyDir: {}
 ---

diff --git a/test/e2e/fixtures/kustom/base/gitsrv/kustomization.yaml b/test/e2e/fixtures/kustom/base/gitsrv/kustomization.yaml
@@ -0,0 +1,2 @@
+resources:
+- gitsrv.yaml
diff --git a/test/e2e/lib/install.bash b/test/e2e/lib/install.bash
@@ -51,24 +51,18 @@ function uninstall_flux_with_helm() {
 fluxctl_install_cmd="fluxctl install --git-url=ssh://git@gitsrv/git-server/repos/cluster.git --git-email=foo"
 
 function install_flux_with_fluxctl() {
+  kustomization_dir=${1:-base/flux}
   local kustomtmp
   kustomtmp="$(mktemp -d)"
   defer "rm -rf \"${kustomtmp}\""
-  mkdir "${kustomtmp}/base"
+  mkdir -p "${kustomtmp}/base/flux"
   # This generates the base manifests, which we'll then patch with a kustomization
-  echo ">>> writing base configuration to ${kustomtmp}/base" >&3
-  $fluxctl_install_cmd --namespace "${FLUX_NAMESPACE}" -o "${kustomtmp}/base/"
+  echo ">>> writing base configuration to ${kustomtmp}/base/flux" >&3
+  $fluxctl_install_cmd --namespace "${FLUX_NAMESPACE}" -o "${kustomtmp}/base/flux"
   # Everything goes into one directory, but not everything is
   # necessarily used by the kustomization
   cp -R "${E2E_DIR}"/fixtures/kustom/* "${kustomtmp}/"
-  local kustomization
-  kustomization="base"
-  if [ -n "$1" ]; then
-    # use the kustomization given instead; ../base will still be
-    # there to be used as a base
-    kustomization="$1"
-  fi
-  kubectl apply -k "${kustomtmp}/${kustomization}" >&3
+  kubectl apply -k "${kustomtmp}/${kustomization_dir}" >&3
   kubectl -n "${FLUX_NAMESPACE}" rollout status -w --timeout=30s deployment/flux
   # Add the known hosts file manually (it's much easier than editing the manifests to add a volume)
   local flux_podname
@@ -121,33 +115,21 @@ function uninstall_flux_gpg() {
 }
 
 function install_git_srv() {
-  local git_secret_name=${1:-flux-git-deploy}
-  local external_access_result_var=${2}
-  local gpg_enable=${3:-false}
-  local gpg_secret_name=${4:-flux-gpg-signing-key}
+  local external_access_result_var=${1}
+  local kustomization_dir=${2:-base/gitsrv}
   local gen_dir
   gen_dir=$(mktemp -d)
 
   ssh-keygen -t rsa -N "" -f "$gen_dir/id_rsa"
   defer rm -rf "$gen_dir"
-  kubectl create secret generic "$git_secret_name" \
+  kubectl create secret generic flux-git-deploy \
     --namespace="${FLUX_NAMESPACE}" \
     --from-file="${FIXTURES_DIR}/known_hosts" \
     --from-file="$gen_dir/id_rsa" \
     --from-file=identity="$gen_dir/id_rsa" \
     --from-file="$gen_dir/id_rsa.pub"
 
-  local template="${E2E_DIR}/fixtures/gitsrv.yaml"
-  if [ "$gpg_enable" == "true" ]; then
-    template="${E2E_DIR}/fixtures/gitsrv-gpg.yaml"
-  fi
-
-  (
-    export GIT_SECRET_NAME=$git_secret_name
-    export GPG_SECRET_NAME=$gpg_secret_name
-
-    envsubst < "$template" | kubectl apply -n "${FLUX_NAMESPACE}" -f - >&3
-  )
+  kubectl apply -n "${FLUX_NAMESPACE}" -k "${E2E_DIR}/fixtures/kustom/${kustomization_dir}" >&3
 
   # Wait for the git server to be ready
   kubectl -n "${FLUX_NAMESPACE}" rollout status deployment/gitsrv