diff --git a/doc/src/developer.md b/doc/src/developer.md index bcc609b1d..4d781af44 100644 --- a/doc/src/developer.md +++ b/doc/src/developer.md @@ -68,6 +68,13 @@ skaffold deploy -a build.artifacts skaffold verify -a build.artifacts ``` +The skaffold config is split into 2 modules: `keystone` and `infra` allowing +quicker redeployment of keystone only without touching the +keycloak/dex/selenium and co (`skaffold deploy -a build.artifacts -m +keystone`). This is required to workaround a "feature" of skaffold attaching +tracking labels to all resources created from local manifests (including helm +files). + ## OpenStackClient (OSC) Deploying Keystone in the Kubernetes makes it also possible to verify the @@ -79,7 +86,6 @@ reachable may differ. As described above corresponding names should be added into the `/etc/hosts` file. ```yaml - clouds: keystone-skaff: auth: diff --git a/skaffold.yaml b/skaffold.yaml index a5b415f22..695e0e758 100644 --- a/skaffold.yaml +++ b/skaffold.yaml @@ -3,9 +3,58 @@ # # Requirements: # * local registry running at `localhost:5000` when `local` profile is used # +# # Modules: +# +# * `infra` - peripheral components: spire, certmanager, keycloak, dex, etc +# * `keystone` - Keystone +# # # Usage # # `skaffold run --cleanup=false -p local --default-repo localhost:5000 +# +# * (re)deploy only keystone: `skaffold deploy -m keystone` +# * delete only keystone resource: `skaffold delete -m keystone` +# +apiVersion: skaffold/v4beta13 +kind: Config +metadata: + name: infra +manifests: + kustomize: + paths: + - tools/k8s/tests/keycloak + - tools/k8s/tests/dex + rawYaml: + - tools/k8s/tests/selenium.yaml +deploy: + statusCheck: true + statusCheckDeadlineSeconds: 300 + tolerateFailuresUntilDeadline: true + helm: + releases: + - name: cloudnative-pg + repo: https://cloudnative-pg.github.io/charts + remoteChart: cloudnative-pg + createNamespace: true + namespace: cnpg + - name: cert-manager + repo: https://charts.jetstack.io + remoteChart: cert-manager + version: 1.20.2 + createNamespace: true + namespace: cert-manager + setValues: + crds.enabled: true + - name: spire-crds + repo: https://spiffe.github.io/helm-charts-hardened + remoteChart: spire-crds + namespace: spire + createNamespace: true + - name: spire + repo: https://spiffe.github.io/helm-charts-hardened + remoteChart: spire + namespace: spire +--- apiVersion: skaffold/v4beta13 kind: Config metadata: @@ -49,11 +98,8 @@ manifests: kustomize: paths: - tools/k8s/keystone/overlays/dev - - tools/k8s/tests/keycloak - - tools/k8s/tests/dex rawYaml: - tools/k8s/tests/k8s-auth-test-sa.yaml - - tools/k8s/tests/selenium.yaml - tools/k8s/tests/cluster-issuer.yaml - tools/k8s/tests/keystone-ca.yaml - tools/k8s/tests/keystone-peer-cert.yaml @@ -65,34 +111,14 @@ deploy: flags: apply: ["--wait"] hooks: + before: + - host: + # Delete keystone-bootstrap job before apply to avoid immutable job error + command: ["kubectl", "delete", "job", "keystone-bootstrap", "--ignore-not-found", "--wait", "--timeout=30s"] after: - host: # This command will block Skaffold until the bootstrap job hits 'Completed' command: ["kubectl", "wait", "--for=condition=complete", "job/keystone-bootstrap", "--timeout=180s"] - helm: - releases: - - name: cloudnative-pg - repo: https://cloudnative-pg.github.io/charts - remoteChart: cloudnative-pg - createNamespace: true - namespace: cnpg - - name: cert-manager - repo: https://charts.jetstack.io - remoteChart: cert-manager - version: 1.20.2 - createNamespace: true - namespace: cert-manager - setValues: - crds.enabled: true - - name: spire-crds - repo: https://spiffe.github.io/helm-charts-hardened - remoteChart: spire-crds - namespace: spire - createNamespace: true - - name: spire - repo: https://spiffe.github.io/helm-charts-hardened - remoteChart: spire - namespace: spire verify: - name: "api-test-v3"