feat: macrochart (#540)

* feat: mgmt macrochart

* feat: k3d

* fix: k3d mongodb arm64

* feat: api image for test

* fix: format

* feat: k3d gitlab

* feat: aws

* feat: digital ocean

* feat: wait kubefirst-api

* fix: disable ipv6

* feat: kubefirst-api session token test

* feat: vultr

* feat: clean up

* feat: arch validation

* feat: console arm

* fix: formatting

* fix: formatting

* fix: k3d gitlab arm64

* test: chart name

* test: in cluster test

* chore: update chart

* chore: update chart

* chore: update chart

* chore: update chart

* chore: update chart

* chore: update chart

* chore: update chart

* chore: update chart

* chore: civo update chart

* chore: cluster role binding

* chore: cluster role binding

* chore: update chart

* feat: cluster-admin role

* feat: cluster-admin role

* feat: cluster role binding k3d gitlab

* feat: civo

* feat: civo cluster role binding

* feat: aws cluster role binding

* feat: prepare for release

* chore: rollback test

* chore: rollback hardcoded image

* feat: telemetry env vars

* fix: template

* fix: template

* feat: telemetry env values

aws-github/cluster-types/mgmt/clusterrolebinding.yaml

@@ -71,4 +71,19 @@ subjects:
 roleRef:
   kind: ClusterRole
   name: argo-view
+  apiGroup: rbac.authorization.k8s.io
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: kubefirst-api-clusterrole
+  annotations:
+    argocd.argoproj.io/sync-wave: '0'
+subjects:
+  - kind: ServiceAccount
+    name: kubefirst-kubefirst-api
+    namespace: kubefirst
+roleRef:
+  kind: ClusterRole
+  name: cluster-admin
   apiGroup: rbac.authorization.k8s.io

aws-github/cluster-types/mgmt/components/kubefirst/console.yaml

@@ -1,72 +1,54 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: kubefirst-console
+  name: kubefirst
   namespace: argocd
   annotations:
-    argocd.argoproj.io/sync-wave: "10"
+    argocd.argoproj.io/sync-wave: '10'
 spec:
   project: default
   source:
-    repoURL: https://kubefirst.github.io/charts
-    targetRevision: 2.1.9
-    chart: console
+    repoURL: https://charts.kubefirst.com
+    targetRevision: 2.2.11
+    chart: kubefirst
     helm:
       values: |-
-        env:
-          ARGO_CD_URL:
-            value: "<ARGOCD_INGRESS_URL>"
-          ARGO_WORKFLOWS_URL:
-            value: "<ARGO_WORKFLOWS_INGRESS_URL>"
-          ATLANTIS_URL:
-            value: "<ATLANTIS_INGRESS_URL>"
-          CLOUD:
-            value: "<CLOUD_PROVIDER>"
-          CLUSTER_ID:
-            value: "<CLUSTER_ID>"
-          CLUSTER_TYPE:
-            value: "<CLUSTER_TYPE>"
-          DOMAIN_NAME:
-            value: "<DOMAIN_NAME>"
-          GIT_PROVIDER:
-            value: "<GIT_PROVIDER>"
-          GITHUB_OWNER:
-            value: "<GITHUB_OWNER>"
-          KUBEFIRST_VERSION:
-            value: "<KUBEFIRST_VERSION>"
-          KUBEFIRST_TEAM:
-            value: "<KUBEFIRST_TEAM>"
-          METAPHOR_DEVELOPMENT_URL:
-            value: "<METAPHOR_DEVELOPMENT_INGRESS_URL>"
-          METAPHOR_STAGING_URL:
-            value: "<METAPHOR_STAGING_INGRESS_URL>"
-          METAPHOR_PRODUCTION_URL:
-            value: "<METAPHOR_PRODUCTION_INGRESS_URL>"
-          USE_TELEMETRY:
-            value: "<USE_TELEMETRY>"
-          VAULT_URL:
-            value: "<VAULT_INGRESS_URL>"
-        ingress:
-          enabled: true
-          annotations:
-            kubernetes.io/ingress.class: nginx
-            cert-manager.io/cluster-issuer: "letsencrypt-prod"
-            # nginx.ingress.kubernetes.io/auth-signin: "https://vouch.<DOMAIN_NAME>/login?url=$scheme://$http_host$request_uri&vouch-failcount=$auth_resp_failcount&X-Vouch-Token=$auth_resp_jwt&error=$auth_resp_err"
-            # nginx.ingress.kubernetes.io/auth-url: https://vouch.<DOMAIN_NAME>/validate
-            # nginx.ingress.kubernetes.io/auth-response-headers: X-Vouch-User
-            # nginx.ingress.kubernetes.io/auth-snippet: |
-            #   auth_request_set $auth_resp_jwt $upstream_http_x_vouch_jwt;
-            #   auth_request_set $auth_resp_err $upstream_http_x_vouch_err;
-            #   auth_request_set $auth_resp_failcount $upstream_http_x_vouch_failcount;
-          hosts:
-            - host: kubefirst.<DOMAIN_NAME>
-              paths:
-                - path: /
-                  pathType: ImplementationSpecific
-          tls:
-            - secretName: kubefirst-tls
-              hosts:
-                - kubefirst.<DOMAIN_NAME>
+        global:
+            kubefirstVersion: "<KUBEFIRST_VERSION>"
+        kubefirst-api:
+          initContainer:
+            enabled: "'true'"
+          clusterId: "<CLUSTER_ID>"
+          clusterType: "<CLUSTER_TYPE>"
+          useTelemetry: "'<USE_TELEMETRY>'"
+          kubefirstTeam: "'<KUBEFIRST_TEAM>'"
+          installMethod: "helm"
+          env:
+            - name: IN_CLUSTER
+              value: "'true'"
+        console:
+          isClusterZero: "'false'"
+          ingress:
+            enabled: "true"
+            annotations:
+              kubernetes.io/ingress.class: "nginx"
+              cert-manager.io/cluster-issuer: "letsencrypt-prod"
+              # nginx.ingress.kubernetes.io/auth-signin: "https://vouch.<DOMAIN_NAME>/login?url=$scheme://$http_host$request_uri&vouch-failcount=$auth_resp_failcount&X-Vouch-Token=$auth_resp_jwt&error=$auth_resp_err"
+              # nginx.ingress.kubernetes.io/auth-url: https://vouch.<DOMAIN_NAME>/validate
+              # nginx.ingress.kubernetes.io/auth-response-headers: X-Vouch-User
+              # nginx.ingress.kubernetes.io/auth-snippet: |
+              #   auth_request_set $auth_resp_jwt $upstream_http_x_vouch_jwt;
+              #   auth_request_set $auth_resp_err $upstream_http_x_vouch_err;
+              #   auth_request_set $auth_resp_failcount $upstream_http_x_vouch_failcount;
+            hosts:
+              - host: kubefirst.<DOMAIN_NAME>
+                paths:
+                  - path: /
+                    pathType: Prefix
+            tls:
+              - secretName: kubefirst-tls
+                hosts:
+                  - kubefirst.<DOMAIN_NAME>
   destination:
     server: https://kubernetes.default.svc
     namespace: kubefirst

aws-gitlab/cluster-types/mgmt/clusterrolebinding.yaml

@@ -71,4 +71,19 @@ subjects:
 roleRef:
   kind: ClusterRole
   name: argo-view
-  apiGroup: rbac.authorization.k8s.io
+  apiGroup: rbac.authorization.k8s.io
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: kubefirst-api-clusterrole
+  annotations:
+    argocd.argoproj.io/sync-wave: '0'
+subjects:
+  - kind: ServiceAccount
+    name: kubefirst-kubefirst-api
+    namespace: kubefirst
+roleRef:
+  kind: ClusterRole
+  name: cluster-admin
+  apiGroup: rbac.authorization.k8s.io

aws-gitlab/cluster-types/mgmt/components/kubefirst/console.yaml

@@ -1,72 +1,54 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: kubefirst-console
+  name: kubefirst
   namespace: argocd
   annotations:
     argocd.argoproj.io/sync-wave: '10'
 spec:
   project: default
   source:
-    repoURL: https://kubefirst.github.io/charts
-    targetRevision: 2.1.9
-    chart: console
+    repoURL: https://charts.kubefirst.com
+    targetRevision: 2.2.11
+    chart: kubefirst
     helm:
       values: |-
-        env:
-          ARGO_CD_URL:
-            value: "<ARGOCD_INGRESS_URL>"
-          ARGO_WORKFLOWS_URL:
-            value: "<ARGO_WORKFLOWS_INGRESS_URL>"
-          ATLANTIS_URL:
-            value: "<ATLANTIS_INGRESS_URL>"
-          CLOUD:
-            value: "<CLOUD_PROVIDER>"
-          CLUSTER_ID:
-            value: "<CLUSTER_ID>"
-          CLUSTER_TYPE:
-            value: "<CLUSTER_TYPE>"
-          DOMAIN_NAME:
-            value: "<DOMAIN_NAME>"
-          GIT_PROVIDER:
-            value: "<GIT_PROVIDER>"
-          GITLAB_OWNER:
-            value: "<GITLAB_OWNER>"
-          KUBEFIRST_VERSION:
-            value: "<KUBEFIRST_VERSION>"
-          KUBEFIRST_TEAM:
-            value: "<KUBEFIRST_TEAM>"
-          METAPHOR_DEVELOPMENT_URL:
-            value: "<METAPHOR_DEVELOPMENT_INGRESS_URL>"
-          METAPHOR_STAGING_URL:
-            value: "<METAPHOR_STAGING_INGRESS_URL>"
-          METAPHOR_PRODUCTION_URL:
-            value: "<METAPHOR_PRODUCTION_INGRESS_URL>"
-          USE_TELEMETRY:
-            value: "<USE_TELEMETRY>"
-          VAULT_URL:
-            value: "<VAULT_INGRESS_URL>"
-        ingress:
-          enabled: true
-          annotations:
-            kubernetes.io/ingress.class: nginx
-            cert-manager.io/cluster-issuer: "letsencrypt-prod"
-            # nginx.ingress.kubernetes.io/auth-signin: "https://vouch.<DOMAIN_NAME>/login?url=$scheme://$http_host$request_uri&vouch-failcount=$auth_resp_failcount&X-Vouch-Token=$auth_resp_jwt&error=$auth_resp_err"
-            # nginx.ingress.kubernetes.io/auth-url: https://vouch.<DOMAIN_NAME>/validate
-            # nginx.ingress.kubernetes.io/auth-response-headers: X-Vouch-User
-            # nginx.ingress.kubernetes.io/auth-snippet: |
-            #   auth_request_set $auth_resp_jwt $upstream_http_x_vouch_jwt;
-            #   auth_request_set $auth_resp_err $upstream_http_x_vouch_err;
-            #   auth_request_set $auth_resp_failcount $upstream_http_x_vouch_failcount;
-          hosts:
-            - host: kubefirst.<DOMAIN_NAME>
-              paths:
-                - path: /
-                  pathType: ImplementationSpecific
-          tls:
-            - secretName: kubefirst-tls
-              hosts:
-                - kubefirst.<DOMAIN_NAME>
+        global:
+            kubefirstVersion: "<KUBEFIRST_VERSION>"
+        kubefirst-api:
+          initContainer:
+            enabled: "'true'"
+          clusterId: "<CLUSTER_ID>"
+          clusterType: "<CLUSTER_TYPE>"
+          useTelemetry: "'<USE_TELEMETRY>'"
+          kubefirstTeam: "'<KUBEFIRST_TEAM>'"
+          installMethod: "helm"
+          env:
+            - name: IN_CLUSTER
+              value: "'true'"
+        console:
+          isClusterZero: "'false'"
+          ingress:
+            enabled: "true"
+            annotations:
+              kubernetes.io/ingress.class: "nginx"
+              cert-manager.io/cluster-issuer: "letsencrypt-prod"
+              # nginx.ingress.kubernetes.io/auth-signin: "https://vouch.<DOMAIN_NAME>/login?url=$scheme://$http_host$request_uri&vouch-failcount=$auth_resp_failcount&X-Vouch-Token=$auth_resp_jwt&error=$auth_resp_err"
+              # nginx.ingress.kubernetes.io/auth-url: https://vouch.<DOMAIN_NAME>/validate
+              # nginx.ingress.kubernetes.io/auth-response-headers: X-Vouch-User
+              # nginx.ingress.kubernetes.io/auth-snippet: |
+              #   auth_request_set $auth_resp_jwt $upstream_http_x_vouch_jwt;
+              #   auth_request_set $auth_resp_err $upstream_http_x_vouch_err;
+              #   auth_request_set $auth_resp_failcount $upstream_http_x_vouch_failcount;
+            hosts:
+              - host: kubefirst.<DOMAIN_NAME>
+                paths:
+                  - path: /
+                    pathType: Prefix
+            tls:
+              - secretName: kubefirst-tls
+                hosts:
+                  - kubefirst.<DOMAIN_NAME>
   destination:
     server: https://kubernetes.default.svc
     namespace: kubefirst

civo-github/cluster-types/mgmt/clusterrolebinding.yaml

@@ -72,3 +72,19 @@ roleRef:
   kind: ClusterRole
   name: argo-view
   apiGroup: rbac.authorization.k8s.io
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: kubefirst-api-clusterrole
+  annotations:
+    argocd.argoproj.io/sync-wave: '0'
+subjects:
+  - kind: ServiceAccount
+    name: kubefirst-kubefirst-api
+    namespace: kubefirst
+roleRef:
+  kind: ClusterRole
+  name: cluster-admin
+  apiGroup: rbac.authorization.k8s.io
+