Merge pull request #306 from kube-tarian/feature/vault-role-crossplane

adding vault-role for corssplane provider

capten/agent/pkg/agent/agent.go

@@ -40,10 +40,9 @@ func NewAgent(log logging.Logger, cfg *config.SericeConfig) (*Agent, error) {
  }
 
  agent := &Agent{
- tc: tc,
- as: as,
- log: log,
- createPr: cfg.CreatePR,
+ tc: tc,
+ as: as,
+ log: log,
  }
  return agent, nil
 }

capten/agent/pkg/config/config.go

@@ -9,7 +9,6 @@ type SericeConfig struct {
  Port int `envconfig:"PORT" default:"9091"`
  Mode string `envconfig:"MODE" default:"production"`
  AuthEnabled bool `envconfig:"AUTH_ENABLED" default:"false"`
- CreatePR bool `envconfig:"CREATE_PR" default:"false"`
 }
 
 func GetServiceConfig() (*SericeConfig, error) {

capten/config-worker/pkg/activities/config.go

@@ -19,7 +19,6 @@ type Config struct {
  GitCloneDir string `envconfig:"GIT_CLONE_DIR" default:"/gitCloneDir"`
  TektonPluginConfig string `envconfig:"TEKTON_PLUGIN_CONFIG_FILE" default:"/tekton_plugin_config.json"`
  CrossPlanePluginConfig string `envconfig:"CROSSPLANE_PLUGIN_CONFIG_FILE" default:"/crossplane_plugin_config.json"`
- CreatePr bool `envconfig:"CREATE_PR" default:"false"`
 }
 
 func GetConfig() (*Config, error) {

capten/config-worker/pkg/activities/constants.go

@@ -17,13 +17,13 @@ spec:
  metadata:
  annotations:
  vault.hashicorp.com/agent-inject: "true"
- vault.hashicorp.com/role: "crossplane-providers"
+ vault.hashicorp.com/role: "vault-role-crossplane"
  vault.hashicorp.com/agent-inject-secret-creds.txt: "%s"
  vault.hashicorp.com/agent-inject-template-creds.txt: |
  {{- with secret "%s" -}}
  [default]
- aws_access_key_id="{{ .access_key }}"
- aws_secret_access_key="{{ .secret_key }}"
+ aws_access_key_id="{{ .Data.data.accessKey }}"
+ aws_secret_access_key="{{ .Data.data.secretKey }}"
  {{- end -}}
 ---
 apiVersion: pkg.crossplane.io/v1

charts/kad/Chart.yaml

@@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.9
+version: 0.2.10
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.19.0"
+appVersion: "1.20.0"

charts/kad/templates/agent-deployment.yaml

@@ -77,8 +77,6 @@ spec:
  value: {{ .Values.cassandra.keyspace }}
  - name: CASSANDRA_SECRET_NAME
  value: {{ .Values.cassandra.secretName }}
- - name: CREATE_PR
- value: {{ .Values.service.createPr }}
  resources:
  {{- toYaml .Values.resources | nindent 12 }}
  {{- with .Values.nodeSelector }}

charts/kad/templates/config-worker-deployment.yaml

@@ -35,14 +35,12 @@ spec:
  emptyDir: {}
  - name: config-volume
  configMap:
- name: plugin-config-map
+ name: capten-plugins-config
  items:
  - key: TEKTON_PLUGIN_CONFIG
  path: {{ .Values.configWorker.tektonPluginConfigFile }}
  - key: CROSSPLANE_PLUGIN_CONFIG
  path: {{ .Values.configWorker.crossplanePluginConfigFile }}
- - key: CROSSPLANE_PROVIDER_CONFIG
- path: {{ .Values.configworker.crossplaneProviderPluginConfigFile }}
  containers:
  - name: {{ .Chart.Name }}-config-worker
  securityContext:
@@ -55,7 +53,7 @@ spec:
  protocol: TCP
  volumeMounts:
  - name: git-clone-dir
- mountPath: {{ .Values.configWorkerGitCloneDir }}
+ mountPath: {{ .Values.configWorker.configWorkerGitCloneDir }}
  - name: config-volume
  mountPath: {{ .Values.configWorker.pluginConfigDir }}
  env:
@@ -68,7 +66,7 @@ spec:
  - name: VAULT_ADDR
  value: {{ .Values.vault.address }}
  - name: GIT_CLONE_DIR
- value: {{ .Values.configWorkerGitCloneDir }}
+ value: {{ .Values.configWorker.configWorkerGitCloneDir }}
  - name: VAULT_ROLE
  value: {{ .Values.vault.role }}
  - name: CASSANDRA_SERVICE_URL

charts/kad/templates/configmap-crossplane-vault-role.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: vault-role-crossplane
+data:
+ roleName: {{ .Values.crossplane.vaultRole }}
+ policyNames: {{ .Values.crossplane.vaultPolicyNames }}
+ servieAccounts: "*"
+ servieAccountNameSpaces: {{ .Values.crossplane.namespace }}

charts/kad/templates/plugin-config-map.yaml → charts/kad/templates/configmap-plugins.yaml

@@ -1,15 +1,15 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
- name: plugin-config-map
+ name: capten-plugins-config
  labels:
  {{- include "kad.labels" . | nindent 4 }}
  app.kubernetes.io/component: config-worker
 data:
  TEKTON_PLUGIN_CONFIG: |
 {{- $fileName := .Values.configWorker.tektonPluginConfigFile }}
 {{ .Files.Get $fileName | indent 4 }}
-CROSSPLANE_PLUGIN_CONFIG: |
+ CROSSPLANE_PLUGIN_CONFIG: |
 {{- $fileName := .Values.configWorker.crossplanePluginConfigFile }}
 {{ .Files.Get $fileName | indent 4 }}
 

charts/kad/values.yaml

@@ -41,7 +41,6 @@ env:
 service:
  type: ClusterIP
  port: 8080
- createPr: "true"
 
 vault:
  address: http://vault:8200
@@ -68,6 +67,11 @@ extraEnv:
  - name: AUTH_ENABLED
  value: false
 
+crossplane:
+ vaultRole: "vault-role-crossplane"
+ vaultPolicyNames: "vault-policy-generic-cred-admin"
+ namespace: "crossplane-system"
+
 ingress:
  enabled: false
  className: ""
@@ -111,12 +115,12 @@ tolerations: []
 
 affinity: {}
 
-configWorkerGitCloneDir: "/gitCloneDir"
 configWorker:
+ configWorkerGitCloneDir: "/gitCloneDir"
  pluginConfigDir: "/configs"
  tektonPluginConfigFile: "tekton_plugin_config.json"
  crossplanePluginConfigFile: "crossplane_plugin_config.json"
-# TODO: attributes to be added
+
 temporal:
  external: true
  temporalServiceURL: temporal-frontend