Merge changes from topic "istanbul-support"
* changes:
[ANSIBLE] Add ghcr.io to simulated hosts list
[DOC] Update changelog
[ANSIBLE] Setup cmctl autocompletion
[ANSIBLE] Install cmctl utility
[BUILD] Add download link for cmctl utility to binaries list
[ANSIBLE] Add cert-manager provisioning playbook
[BUILD] Fetch artifacts required by cert-manager
[ANSIBLE] Add cert-manager role
[MOLECULE] Add prepare-cert-manager role
[DOC] Update changelog
[MOLECULE] Upgrade Helm3 release to 3.6.3 in test scenarios
[BUILD] Upgrade Helm to 3.6.3
diff --git a/ansible/cert_manager.yml b/ansible/cert_manager.yml
new file mode 100644
index 0000000..19588cd
--- /dev/null
+++ b/ansible/cert_manager.yml
@@ -0,0 +1,5 @@
+---
+- name: Provision cert-manager into Kubernetes cluster
+ hosts: infrastructure
+ roles:
+ - cert-manager
diff --git a/ansible/group_vars/infrastructure.yml b/ansible/group_vars/infrastructure.yml
index 17113b3..015aebd 100755
--- a/ansible/group_vars/infrastructure.yml
+++ b/ansible/group_vars/infrastructure.yml
@@ -15,6 +15,7 @@
- quay.io
- registry-1.docker.io
- registry.hub.docker.com
+ - ghcr.io
all_simulated_hosts:
"{{ simulated_hosts.http + simulated_hosts.nexus }}"
populate_nexus: false
@@ -29,3 +30,4 @@
chartmuseum_server_image: chartmuseum/chartmuseum
kube_prometheus_stack_enabled: false
kube_prometheus_stack_version: 18.0.4
+cert_manager_version: 1.5.4
diff --git a/ansible/roles/cert-manager/.yamllint b/ansible/roles/cert-manager/.yamllint
new file mode 100644
index 0000000..c5ae64b
--- /dev/null
+++ b/ansible/roles/cert-manager/.yamllint
@@ -0,0 +1,12 @@
+---
+extends: default
+
+rules:
+ braces:
+ max-spaces-inside: 1
+ level: error
+ brackets:
+ max-spaces-inside: 1
+ level: error
+ line-length: disable
+ truthy: disable
diff --git a/ansible/roles/cert-manager/README.md b/ansible/roles/cert-manager/README.md
new file mode 100644
index 0000000..8327d62
--- /dev/null
+++ b/ansible/roles/cert-manager/README.md
@@ -0,0 +1,24 @@
+Cert-manager provisioning role
+==============================
+
+Deploys cert-manager (https://cert-manager.io/) onto Kubernetes cluster into its own, separate namespace.
+
+Requirements
+------------
+
+cert-manager tgz package is expected to exists in ``app_data_path/downloads`` directory prior to running this role.
+
+Role Variables
+--------------
+
+- cert\_manager\_version (group\_vars) - version string of cert-manager to deploy (a.b.c)
+- cert\_manager.k8s\_namespace (role's defaults) - namespace name to install cert-manager into
+- cert\_manager.helm\_release\_name (role's defaults) - Helm release name for the chart
+- cert\_manager.helm\_timeout (role's defaults) - helm install timeout
+- cert\_manager.helm\_values\_file (role's defaults) - dst path for the yaml file containing cert-manager helm values
+- cert\_manager.helm\_values (role's defaults) - dict of helm values for the cert-manager chart
+
+Dependencies
+------------
+
+Ansible's community.kubernetes.helm module is required to play this role.
diff --git a/ansible/roles/cert-manager/defaults/main.yml b/ansible/roles/cert-manager/defaults/main.yml
new file mode 100644
index 0000000..81a66f4
--- /dev/null
+++ b/ansible/roles/cert-manager/defaults/main.yml
@@ -0,0 +1,11 @@
+---
+cert_manager:
+ k8s_namespace: cert-manager
+ helm_release_name: cert-manager
+ helm_timeout: "240s"
+ helm_values_file: "{{ app_data_path }}/cert_manager.yaml"
+ helm_values:
+ installCRDs: true
+cmctl_bin_dir: /usr/local/bin
+completion_dir: /etc/bash_completion.d
+completion_package: bash-completion
diff --git a/ansible/roles/cert-manager/molecule/default/converge.yml b/ansible/roles/cert-manager/molecule/default/converge.yml
new file mode 100644
index 0000000..3af18a7
--- /dev/null
+++ b/ansible/roles/cert-manager/molecule/default/converge.yml
@@ -0,0 +1,10 @@
+---
+- name: Converge
+ hosts: all
+ pre_tasks:
+ - name: Include infrastructure group variables
+ include_vars: ../../../../group_vars/infrastructure.yml
+ tasks:
+ - name: "Include cert-manager"
+ include_role:
+ name: "cert-manager"
diff --git a/ansible/roles/cert-manager/molecule/default/molecule.yml b/ansible/roles/cert-manager/molecule/default/molecule.yml
new file mode 100644
index 0000000..b7074f4
--- /dev/null
+++ b/ansible/roles/cert-manager/molecule/default/molecule.yml
@@ -0,0 +1,27 @@
+---
+dependency:
+ name: galaxy
+driver:
+ name: docker
+lint: |
+ set -e
+ yamllint .
+ ansible-lint .
+ flake8
+platforms:
+ - name: infrastructure-cert-manager
+ image: centos:7
+ groups:
+ - infrastructure
+provisioner:
+ name: ansible
+ env:
+ ANSIBLE_ROLES_PATH: ../../../../test/roles
+ ANSIBLE_LIBRARY: ../../../../library
+ inventory:
+ group_vars:
+ all:
+ app_name: onap
+ app_data_path: "/opt/{{ app_name }}"
+verifier:
+ name: testinfra
diff --git a/ansible/roles/cert-manager/molecule/default/prepare.yml b/ansible/roles/cert-manager/molecule/default/prepare.yml
new file mode 100644
index 0000000..580e7bf
--- /dev/null
+++ b/ansible/roles/cert-manager/molecule/default/prepare.yml
@@ -0,0 +1,12 @@
+---
+- name: Prepare infra container to play cert-manager role
+ hosts: all
+ pre_tasks:
+ - name: Include infrastructure group variables
+ include_vars: ../../../../group_vars/infrastructure.yml
+ - name: Include test scenario variables
+ include_vars: vars.yml
+ tasks:
+ - name: "Include prepare-cert-manager role"
+ include_role:
+ name: "prepare-cert-manager"
diff --git a/ansible/roles/cert-manager/molecule/default/vars.yml b/ansible/roles/cert-manager/molecule/default/vars.yml
new file mode 100644
index 0000000..1233452
--- /dev/null
+++ b/ansible/roles/cert-manager/molecule/default/vars.yml
@@ -0,0 +1,2 @@
+---
+cmctl_version: 1.6.1
diff --git a/ansible/roles/cert-manager/tasks/main.yml b/ansible/roles/cert-manager/tasks/main.yml
new file mode 100644
index 0000000..7706365
--- /dev/null
+++ b/ansible/roles/cert-manager/tasks/main.yml
@@ -0,0 +1,53 @@
+---
+- name: Check {{ cert_manager.helm_release_name }} helm package exists
+ stat:
+ path: "{{ app_data_path }}/downloads/cert-manager-v{{ cert_manager_version }}.tgz"
+ register: cert_manager_package_stat
+ failed_when: not cert_manager_package_stat.stat.exists
+
+- name: Generate helm values file
+ copy:
+ dest: "{{ cert_manager.helm_values_file }}"
+ content: "{{ cert_manager.helm_values | to_nice_yaml }}"
+
+- name: "Install Helm release {{ cert_manager.helm_release_name }}"
+ community.kubernetes.helm:
+ release_name: "{{ cert_manager.helm_release_name }}"
+ release_namespace: "{{ cert_manager.k8s_namespace }}"
+ create_namespace: True
+ chart_ref: "{{ app_data_path }}/downloads/cert-manager-v{{ cert_manager_version }}.tgz"
+ values_files: "{{ cert_manager.helm_values_file }}"
+ wait: True
+ wait_timeout: "{{ cert_manager.helm_timeout }}"
+ tags: molecule-notest
+
+- name: Install cmctl
+ unarchive:
+ src: "{{ app_data_path }}/downloads/cmctl-linux-amd64.tar.gz"
+ dest: "{{ cmctl_bin_dir }}"
+ extra_opts:
+ - 'cmctl'
+ remote_src: true
+ mode: 0755
+
+- name: Install completion for the bash shell
+ package:
+ name: "{{ completion_package }}"
+ state: present
+
+- name: Generate shell autocompletion code for cmctl
+ command: cmctl completion bash
+ register: cmctl_completion
+ changed_when: false
+
+- name: Ensure bash completion dir exists
+ file:
+ path: "{{ completion_dir }}"
+ state: directory
+ mode: 0755
+
+- name: Install bash autocompletion code for cmctl
+ copy:
+ content: "{{ cmctl_completion.stdout }}"
+ dest: "{{ completion_dir }}/cmctl"
+ mode: 0644
diff --git a/ansible/roles/helm/molecule/helm3/vars.yml b/ansible/roles/helm/molecule/helm3/vars.yml
index 50e076c..9420370 100644
--- a/ansible/roles/helm/molecule/helm3/vars.yml
+++ b/ansible/roles/helm/molecule/helm3/vars.yml
@@ -1,2 +1,2 @@
---
-helm_version: v3.5.2
+helm_version: v3.6.3
diff --git a/ansible/site.yml b/ansible/site.yml
index 3f08ec6..5308abf 100644
--- a/ansible/site.yml
+++ b/ansible/site.yml
@@ -19,4 +19,5 @@
- import_playbook: nfs.yml
- import_playbook: kube_prometheus.yml
when: kube_prometheus_stack_enabled
+- import_playbook: cert_manager.yml
- import_playbook: application.yml
diff --git a/ansible/test/play-rke/molecule/helm3/vars.yml b/ansible/test/play-rke/molecule/helm3/vars.yml
index 0b05df8..b3f6361 100644
--- a/ansible/test/play-rke/molecule/helm3/vars.yml
+++ b/ansible/test/play-rke/molecule/helm3/vars.yml
@@ -2,4 +2,4 @@
app_name: moleculeapp
app_data_path: "/opt/{{ app_name }}"
cluster_config_dir: "/opt/{{ app_name }}/cluster"
-helm_version: v3.5.2
+helm_version: v3.6.3
diff --git a/ansible/test/roles/prepare-cert-manager/tasks/main.yml b/ansible/test/roles/prepare-cert-manager/tasks/main.yml
new file mode 100644
index 0000000..1802f1b
--- /dev/null
+++ b/ansible/test/roles/prepare-cert-manager/tasks/main.yml
@@ -0,0 +1,16 @@
+---
+- name: "Ensure {{ app_data_path }}/downloads directory exists"
+ file:
+ path: "{{ app_data_path }}/downloads"
+ recurse: true
+ state: directory
+
+- name: "Download cert-manager-v{{ cert_manager_version }}.tgz"
+ get_url:
+ url: "https://charts.jetstack.io/charts/cert-manager-v{{ cert_manager_version }}.tgz"
+ dest: "{{ app_data_path }}/downloads"
+
+- name: "Download cmctl binary"
+ get_url:
+ url: "https://github.com/jetstack/cert-manager/releases/download/v{{ cmctl_version }}/cmctl-linux-amd64.tar.gz"
+ dest: "{{ app_data_path }}/downloads"
diff --git a/build/data_lists/infra_bin_utils.list b/build/data_lists/infra_bin_utils.list
index 446427c..bfb011a 100644
--- a/build/data_lists/infra_bin_utils.list
+++ b/build/data_lists/infra_bin_utils.list
@@ -1,6 +1,7 @@
https://dl.k8s.io/release/v1.19.14/bin/linux/amd64/kubectl
https://get.helm.sh/helm-v2.16.6-linux-amd64.tar.gz
-https://get.helm.sh/helm-v3.3.4-linux-amd64.tar.gz
-https://get.helm.sh/helm-v3.5.2-linux-amd64.tar.gz
+https://get.helm.sh/helm-v3.6.3-linux-amd64.tar.gz
https://github.com/chartmuseum/helm-push/releases/download/v0.9.0/helm-push_0.9.0_linux_amd64.tar.gz
https://github.com/rancher/rke/releases/download/v1.3.0/rke_linux-amd64
+https://charts.jetstack.io/charts/cert-manager-v1.5.4.tgz
+https://github.com/jetstack/cert-manager/releases/download/v1.6.1/cmctl-linux-amd64.tar.gz
diff --git a/build/data_lists/k8s_docker_images.list b/build/data_lists/k8s_docker_images.list
index a8e9764..276c1d2 100644
--- a/build/data_lists/k8s_docker_images.list
+++ b/build/data_lists/k8s_docker_images.list
@@ -1,3 +1,7 @@
gcr.io/kubernetes-helm/tiller:v2.16.6
kubernetesui/dashboard:v2.3.1
kubernetesui/metrics-scraper:v1.0.6
+quay.io/jetstack/cert-manager-cainjector:v1.5.4
+quay.io/jetstack/cert-manager-controller:v1.5.4
+quay.io/jetstack/cert-manager-webhook:v1.5.4
+quay.io/jetstack/cert-manager-ctl:v1.5.4
diff --git a/build/package.py b/build/package.py
index a87f5a1..f0afcfc 100755
--- a/build/package.py
+++ b/build/package.py
@@ -247,7 +247,9 @@
'**/helm-*-linux-amd64.tar.gz',
'**/kubectl',
'**/helm-push_*_linux_amd64.tar.gz',
- '**/kube-prometheus-stack-*.tgz']
+ '**/kube-prometheus-stack-*.tgz',
+ '**/cert-manager-*.tgz',
+ '**/cmctl-linux-amd64.tar.gz']
for pattern in bin_pattern_list:
for bin_file in glob.glob(os.path.join('.', pattern), recursive=True):
diff --git a/docs/CHANGELOG.rst b/docs/CHANGELOG.rst
index 4090707..586b051 100644
--- a/docs/CHANGELOG.rst
+++ b/docs/CHANGELOG.rst
@@ -3,6 +3,18 @@
-----
+2021-11-16
+----------
+
+- Added support for provisioning the cert-manager (https://cert-manager.io/)
+- Added cmctl CLI management utility for cert-manager
+
+2021-10-27
+----------
+
+- Upgraded Helm release to 3.6.3
+
+
2021-09-30
----------