diff --git a/Makefile b/Makefile index 6986b6ee..cd353239 100644 --- a/Makefile +++ b/Makefile @@ -159,7 +159,7 @@ deploy-exporters: cli .PHONY: lint-helm lint-helm: - helm lint deploy/helm/jumpstarter --set jumpstarter-controller.controllerSecret=abcd --set jumpstarter-controller.routerSecret=abcd + helm lint deploy/helm/jumpstarter .PHONY: undeploy @@ -215,10 +215,6 @@ grpcurl: $(GRPCURL) ## Download grpcurl locally if necessary. $(GRPCURL): $(LOCALBIN) $(call go-install-tool,$(GRPCURL),github.com/fullstorydev/grpcurl/cmd/grpcurl,$(GRPCURL_VERSION)) -.PHONY: helm-lint -helm-lint: - helm lint ./deploy/helm/jumpstarter/ - .PHONY: kind kind: $(KIND) $(KIND): $(LOCALBIN) diff --git a/deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-secret.yaml b/deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-secret.yaml deleted file mode 100644 index 0a3d22e4..00000000 --- a/deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/controller-secret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: jumpstarter-controller-secret - namespace: {{ default .Release.Namespace .Values.namespace }} -type: Opaque -data: - {{- if .Values.controllerSecret }} - key: {{ .Values.controllerSecret | b64enc }} - {{- else -}} - {{- if .Release.IsInstall }} - key: {{ randAlphaNum 32 | b64enc }} - {{ else }} - key: {{ (lookup "v1" "Secret" (default .Release.Namespace .Values.namespace) "jumpstarter-controller-secret").data.key }} - {{ end }} - {{- end }} diff --git a/deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-secret.yaml b/deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-secret.yaml deleted file mode 100644 index c2373e5a..00000000 --- a/deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/router-secret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: jumpstarter-router-secret - namespace: {{ default .Release.Namespace .Values.namespace }} -type: Opaque -data: - {{- if .Values.routerSecret }} - key: {{ .Values.routerSecret | b64enc }} - {{- else -}} - {{- if .Release.IsInstall }} - key: {{ randAlphaNum 32 | b64enc }} - {{ else }} - key: {{ (lookup "v1" "Secret" (default .Release.Namespace .Values.namespace) "jumpstarter-router-secret").data.key }} - {{ end }} - {{- end }} diff --git a/deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/secrets-job.yaml b/deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/secrets-job.yaml new file mode 100644 index 00000000..a860ee58 --- /dev/null +++ b/deploy/helm/jumpstarter/charts/jumpstarter-controller/templates/secrets-job.yaml @@ -0,0 +1,30 @@ +{{- $namespace := default .Release.Namespace .Values.namespace }} +apiVersion: batch/v1 +kind: Job +metadata: + labels: + control-plane: controller-manager + app.kubernetes.io/name: jumpstarter-controller + name: jumpstarter-secrets + namespace: {{ $namespace }} +spec: + template: + metadata: + name: jumpstarter-secrets + spec: + serviceAccountName: controller-manager + containers: + - name: jumpstarter-secrets + image: quay.io/openshift/origin-cli + command: + - /bin/sh + - -c + - | + set -e + {{- range $name := tuple "jumpstarter-router-secret" "jumpstarter-controller-secret" }} + if ! oc get secret {{ $name }} -n {{ $namespace }} >/dev/null 2>&1; then + oc create secret generic {{ $name }} -n={{ $namespace }} \ + --from-literal=key="$(openssl rand -hex 32)" + fi + {{- end }} + restartPolicy: Never diff --git a/deploy/helm/jumpstarter/charts/jumpstarter-controller/values.yaml b/deploy/helm/jumpstarter/charts/jumpstarter-controller/values.yaml index 68aed6ac..0d3cf574 100644 --- a/deploy/helm/jumpstarter/charts/jumpstarter-controller/values.yaml +++ b/deploy/helm/jumpstarter/charts/jumpstarter-controller/values.yaml @@ -1,8 +1,6 @@ namespace: "" -routerSecret: "" - grpc: hostname: "" routerHostname: "" diff --git a/deploy/helm/jumpstarter/values.yaml b/deploy/helm/jumpstarter/values.yaml index 37d7899d..6b90c60c 100644 --- a/deploy/helm/jumpstarter/values.yaml +++ b/deploy/helm/jumpstarter/values.yaml @@ -29,12 +29,6 @@ global: ## @param jumpstarter-controller.tag Tag for the controller image. ## @param jumpstarter-controller.imagePullPolicy Image pull policy for the controller. -## @param jumpstarter-controller.controllerSecret Secret used to sign tokens for the controller. -## If not set, a random secret will be generated. -## Please fill in to deploy from ArgoCD or the secret will be regenerated for each sync. -## @param jumpstarter-controller.routerSecret Secret used to sign tokens for the router. -## If not set, a random secret will be generated. -## Please fill in to deploy from ArgoCD or the secret will be regenerated for each sync. ## @param jumpstarter-controller.namespace Namespace where the controller will be deployed, defaults to global.namespace. ## @param jumpstarter-controller.authenticationConfig Configuration for OIDC authentication, see https://kubernetes.io/docs/reference/access-authn-authz/authentication/#using-authentication-configuration for documentation @@ -71,8 +65,6 @@ jumpstarter-controller: imagePullPolicy: IfNotPresent namespace: "" - controllerSecret: "" - routerSecret: "" authenticationConfig: | apiVersion: jumpstarter.dev/v1alpha1 diff --git a/hack/deploy_with_helm.sh b/hack/deploy_with_helm.sh index a90c693d..f8b0a821 100755 --- a/hack/deploy_with_helm.sh +++ b/hack/deploy_with_helm.sh @@ -107,13 +107,13 @@ kubectl config set-context --current --namespace=jumpstarter-lab echo -e "${GREEN}Waiting for grpc endpoints to be ready:${NC}" for ep in ${GRPC_ENDPOINT} ${GRPC_ROUTER_ENDPOINT}; do - RETRIES=30 + RETRIES=60 echo -e "${GREEN} * Checking ${ep} ... ${NC}" while ! ${GRPCURL} -insecure ${ep} list; do sleep 2 RETRIES=$((RETRIES-1)) if [ ${RETRIES} -eq 0 ]; then - echo -e "${GREEN} * ${ep} not ready after 60s, exiting ... ${NC}" + echo -e "${GREEN} * ${ep} not ready after 120s, exiting ... ${NC}" exit 1 fi done