diff --git a/Makefile b/Makefile index 70baeedc2..70738dca4 100644 --- a/Makefile +++ b/Makefile @@ -355,13 +355,18 @@ cert-manager: kustomize -$(KUSTOMIZE) build config/samples/cert-manager | kubectl apply -f - .PHONY: flux -flux: kustomize +flux: kustomize registry -$(KUSTOMIZE) build config/samples/flux | kubectl apply -f - .PHONY: license license: docker run --rm -v $(shell pwd):/github/workspace $(IMG_LICENSE_EYE) -c .github/licenserc.yaml header fix +.PHONY: registry +registry: kustomize + kubectl create namespace flux-system --dry-run=client -o yaml | kubectl apply -f - + -$(KUSTOMIZE) build config/samples/registry | kubectl apply -f - + .PHONY: show-e2e-logs show-e2e-logs: @for f in $(E2E_RESULT_DIR)/greenhouse-$(SCENARIO)-*.txt; do \ diff --git a/config/samples/flux/kustomization.yaml b/config/samples/flux/kustomization.yaml index a6904cc29..8a6d30236 100644 --- a/config/samples/flux/kustomization.yaml +++ b/config/samples/flux/kustomization.yaml @@ -31,6 +31,27 @@ patches: matchLabels: app.kubernetes.io/name: greenhouse + - target: + kind: Deployment + name: source-controller + patch: | + - op: add + path: /spec/template/spec/volumes/- + value: + name: registry-ca + secret: + secretName: local-registry-tls-certs + items: + - key: ca.crt + path: ca-certificates.crt + - op: add + path: /spec/template/spec/containers/0/volumeMounts/- + value: + name: registry-ca + mountPath: /etc/ssl/certs/ca-certificates.crt + subPath: ca-certificates.crt + readOnly: true + # do not apply image-reflector-controller and image-automation-controller - target: kind: Deployment @@ -42,7 +63,7 @@ patches: - target: kind: Deployment - name: (image-reflector-controller|image-automation-controller) + name: (image-automation-controller|image-reflector-controller) patch: | apiVersion: apps/v1 kind: Deployment diff --git a/config/samples/registry/deployment/deployment.yaml b/config/samples/registry/deployment/deployment.yaml new file mode 100644 index 000000000..88c31d1d4 --- /dev/null +++ b/config/samples/registry/deployment/deployment.yaml @@ -0,0 +1,94 @@ +# SPDX-FileCopyrightText: 2025 SAP SE or an SAP affiliate company and Greenhouse contributors +# SPDX-License-Identifier: Apache-2.0 + +--- +apiVersion: v1 +kind: Service +metadata: + name: registry + namespace: flux-system +spec: + selector: + app: registry + ports: + - name: registry + port: 5000 + targetPort: 5000 + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: registry + namespace: flux-system + labels: + app: registry +spec: + replicas: 1 + selector: + matchLabels: + app: registry + template: + metadata: + labels: + app: registry + spec: + enableServiceLinks: true + containers: + - name: registry + image: "registry:3" + imagePullPolicy: IfNotPresent + ports: + - containerPort: 5000 + env: + - name: REGISTRY_STORAGE_DELETE_ENABLED + value: "true" + - name: REGISTRY_HTTP_TLS_CERTIFICATE + value: /certs/cert.pem + - name: REGISTRY_HTTP_TLS_KEY + value: /certs/key.pem + - name: REGISTRY_LOG_LEVEL + value: info + - name: OTEL_TRACES_EXPORTER + value: none + volumeMounts: + - mountPath: /certs + name: local-registry-tls-certs + readinessProbe: + httpGet: + path: /v2/ + port: 5000 + scheme: HTTPS + initialDelaySeconds: 10 + timeoutSeconds: 2 + periodSeconds: 25 + failureThreshold: 3 + livenessProbe: + httpGet: + path: /v2/ + port: 5000 + scheme: HTTPS + initialDelaySeconds: 15 + timeoutSeconds: 2 + periodSeconds: 25 + failureThreshold: 3 + resources: + limits: + memory: 1024Mi + requests: + cpu: 200m + memory: 512Mi + volumes: + - name: registry + emptyDir: {} + - name: local-registry-tls-certs + secret: + items: + - key: tls.crt + path: cert.pem + - key: tls.key + path: key.pem + - key: ca.crt + path: ca.pem + secretName: local-registry-tls-certs \ No newline at end of file diff --git a/config/samples/registry/deployment/kustomization.yaml b/config/samples/registry/deployment/kustomization.yaml new file mode 100644 index 000000000..1a636445f --- /dev/null +++ b/config/samples/registry/deployment/kustomization.yaml @@ -0,0 +1,9 @@ +# SPDX-FileCopyrightText: 2025 SAP SE or an SAP affiliate company and Greenhouse contributors +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - deployment.yaml + - registry-tls.yaml \ No newline at end of file diff --git a/config/samples/registry/deployment/registry-tls.yaml b/config/samples/registry/deployment/registry-tls.yaml new file mode 100644 index 000000000..1d6bb096d --- /dev/null +++ b/config/samples/registry/deployment/registry-tls.yaml @@ -0,0 +1,73 @@ +# SPDX-FileCopyrightText: 2025 SAP SE or an SAP affiliate company and Greenhouse contributors +# SPDX-License-Identifier: Apache-2.0 + +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: local-registry-certificate + namespace: cert-manager +spec: + commonName: cert-manager-registry-tls + isCA: true + secretName: local-registry-tls-certs + subject: + organizations: + - greenhouse + dnsNames: + - registry.flux-system.svc.cluster.local + - localhost + ipAddresses: + - 127.0.0.1 + - ::1 + privateKey: + algorithm: RSA + encoding: PKCS8 + size: 2048 + issuerRef: + name: local-registry-issuer + kind: ClusterIssuer + group: cert-manager.io + +--- + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: local-registry-tls-certs + namespace: flux-system +spec: + secretName: local-registry-tls-certs + dnsNames: + - registry.flux-system.svc.cluster.local + - localhost + ipAddresses: + - 127.0.0.1 + - ::1 + privateKey: + algorithm: RSA + encoding: PKCS8 + size: 2048 + issuerRef: + name: registry-certificate-issuer + kind: ClusterIssuer + group: cert-manager.io + +--- + +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: local-registry-issuer +spec: + selfSigned: {} + +--- + +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: registry-certificate-issuer +spec: + ca: + secretName: local-registry-tls-certs diff --git a/config/samples/registry/kustomization.yaml b/config/samples/registry/kustomization.yaml new file mode 100644 index 000000000..3bfd32cfe --- /dev/null +++ b/config/samples/registry/kustomization.yaml @@ -0,0 +1,8 @@ +# SPDX-FileCopyrightText: 2025 SAP SE or an SAP affiliate company and Greenhouse contributors +# SPDX-License-Identifier: Apache-2.0 + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ./deployment \ No newline at end of file diff --git a/internal/flux/utils.go b/internal/flux/utils.go index bcb26f78b..4f1b9a1eb 100644 --- a/internal/flux/utils.go +++ b/internal/flux/utils.go @@ -15,6 +15,7 @@ import ( const ( HelmRepositoryDefaultNamespace = "greenhouse" // TODO: make this configurable via args or env var + localHelmRepositoryName = "registry-local" ) const ( @@ -44,6 +45,10 @@ func ChartURLToName(repositoryURL string) (repositoryName string) { } } + if strings.Contains(repositoryName, "svc.cluster.local") { + return localHelmRepositoryName + } + repositoryName = strings.ReplaceAll(repositoryName, ".", "-") repositoryName = strings.ReplaceAll(repositoryName, "/", "-") return