Merge branches 'w/132.0/improvement/add-crl-operator' and 'q/w/4692/131.0/improvement/add-crl-operator' into tmp/octopus/q/132.0

Author: bert-e

.devcontainer/Dockerfile

@@ -111,3 +111,10 @@ RUN curl --fail -L -o /tmp/skopeo.tar.gz https://github.com/containers/skopeo/ar
     sudo mv bin/skopeo /usr/local/bin/ && \
     cd && \
     rm -rf /tmp/skopeo.tar.gz /tmp/skopeo-${SKOPEO_VERSION}
+
+# Install kustomize
+ARG KUSTOMIZE_VERSION=5.7.1
+
+RUN curl --fail -L -o /tmp/kustomize.tar.gz https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv${KUSTOMIZE_VERSION}/kustomize_v${KUSTOMIZE_VERSION}_linux_amd64.tar.gz && \
+    sudo tar -xzf /tmp/kustomize.tar.gz -C /usr/local/bin/ kustomize && \
+    rm -rf /tmp/kustomize.tar.gz

.pylint-dict

@@ -19,6 +19,8 @@ cp
 checksum
 checksums
 containerd
+CRL
+crl
 dataset
 de
 debuild
@@ -37,6 +39,7 @@ getitem
 globals
 gofmt
 Kube
+kustomize
 html
 init
 io
@@ -52,6 +55,7 @@ metadata
 mkdir
 mkisofs
 mypy
+namespace
 nginx
 observability
 pdf

CHANGELOG.md

@@ -12,6 +12,12 @@
 
 ## Release 131.0.2 (in development)
 
+### Enhancements
+
+- Install [crl-operator](https://github.com/scality/crl-operator) version
+  [v1.0.0](https://github.com/scality/crl-operator/releases/tag/v1.0.0) by default
+  (PR[#4692](https://github.com/scality/metalk8s/pull/4692))
+
 ## Release 131.0.1
 
 ## Release 131.0.0

buildchain/buildchain/codegen.py

@@ -5,30 +5,16 @@
 
 
 import shlex
-from typing import Callable, Iterator, Tuple
+from typing import Callable, Iterator, Tuple, Dict
 
 import doit  # type: ignore
 
 from buildchain import constants
+from buildchain import targets
 from buildchain import types
 from buildchain import utils
 
 
-def get_task_information() -> types.TaskDict:
-    """Retrieve all the task information from codegen"""
-    result: types.TaskDict = {
-        "actions": [],
-        "task_dep": [],
-        "file_dep": [],
-    }
-    for task_fun in CODEGEN:
-        task = task_fun()
-        for key, value in result.items():
-            value.extend(task.get(key, []))
-
-    return result
-
-
 def task_codegen() -> Iterator[types.TaskDict]:
     """Run the code generation tools."""
     for create_codegen_task in CODEGEN:
@@ -333,6 +319,65 @@ def codegen_chart_cert_manager() -> types.TaskDict:
     }
 
 
+def task_get_codegen_kustomize_crl_operator() -> types.TaskDict:
+    """Generate the kustomize manifests output for the CRL Operator."""
+    kustomize_dir = constants.ROOT / "kustomizes/crl-operator"
+
+    cmd = f"kustomize build {kustomize_dir}"
+
+    return {
+        "doc": task_get_codegen_kustomize_crl_operator.__doc__,
+        "actions": [doit.action.CmdAction(cmd, cwd=constants.ROOT, save_out="stdout")],
+        "file_dep": list(utils.git_ls(kustomize_dir)),
+        "task_dep": ["check_for:kustomize"],
+    }
+
+
+def task_transform_codegen_kustomize_crl_operator() -> types.TaskDict:
+    """Transform the kustomize manifests output for the CRL Operator."""
+
+    def _transform(stdout: str) -> Dict[str, str]:
+        """Transform the kustomize output."""
+        # Note: We have to replace the namespace 'crl-operator-system' by
+        # 'metalk8s-certs' as kustomize does not allow easily to patch every
+        # occurrence in "custom resources fields" like Certificate dnsNames.
+        return {
+            "output": stdout.strip().replace("crl-operator-system", "metalk8s-certs")
+        }
+
+    return {
+        "doc": task_transform_codegen_kustomize_crl_operator.__doc__,
+        "actions": [_transform],
+        "task_dep": ["get_codegen_kustomize_crl_operator"],
+        "getargs": {
+            "stdout": ("get_codegen_kustomize_crl_operator", "stdout"),
+        },
+    }
+
+
+def codegen_kustomize_crl_operator() -> types.TaskDict:
+    """Generate the SLS file for the CRL Operator."""
+    target_sls = constants.ROOT / "salt/metalk8s/addons/crl-operator/deployed/chart.sls"
+    template_file = constants.ROOT / "kustomizes/template.sls.in"
+
+    tpl_task = targets.TemplateFile(
+        task_name="kustomize_crl-operator",
+        source=template_file,
+        destination=target_sls,
+    )
+    tpl_task_dict = tpl_task.task
+    tpl_task_dict.update(
+        {
+            "title": utils.title_with_subtask_name("CODEGEN"),
+            "task_dep": ["transform_codegen_kustomize_crl_operator"],
+            "getargs": {
+                "Manifests": ("transform_codegen_kustomize_crl_operator", "output"),
+            },
+        }
+    )
+    return tpl_task_dict
+
+
 # List of available code generation tasks.
 CODEGEN: Tuple[Callable[[], types.TaskDict], ...] = (
     codegen_storage_operator,
@@ -345,6 +390,7 @@ def codegen_chart_cert_manager() -> types.TaskDict:
     codegen_chart_prometheus_adapter,
     codegen_chart_thanos,
     codegen_chart_cert_manager,
+    codegen_kustomize_crl_operator,
 )
 
 

buildchain/buildchain/config.py

@@ -65,6 +65,7 @@ class ExtCommand(enum.Enum):
     SKOPEO = os.getenv("SKOPEO_BIN", "skopeo")
     TOX = os.getenv("TOX_BIN", "tox")
     VAGRANT = os.getenv("VAGRANT_BIN", "vagrant")
+    KUSTOMIZE = os.getenv("KUSTOMIZE_BIN", "kustomize")
 
     @property
     def command_name(self) -> str:

buildchain/buildchain/image.py

@@ -219,6 +219,7 @@ def _local_image(name: str, **kwargs: Any) -> targets.LocalImage:
     ],
     constants.SCALITY_REPOSITORY: [
         "ui-operator",
+        "crl-operator",
     ],
 }
 

buildchain/buildchain/lint.py

@@ -41,7 +41,6 @@
 from buildchain import constants
 from buildchain import types
 from buildchain import utils
-from buildchain import codegen
 
 
 def task_lint() -> Iterator[types.TaskDict]:
@@ -195,16 +194,13 @@ def lint_codegen() -> types.TaskDict:
     git_diff = [config.ExtCommand.GIT.value, "diff"]
     base = subprocess.check_output(git_diff)
 
-    task = codegen.get_task_information()
-    task["actions"].append(lambda: check_diff_codegen(base))
-    task.update(
-        {
-            "name": "codegen",
-            "title": utils.title_with_subtask_name("LINT"),
-            "doc": lint_codegen.__doc__,
-        }
-    )
-    return task
+    return {
+        "name": "codegen",
+        "title": utils.title_with_subtask_name("LINT"),
+        "doc": lint_codegen.__doc__,
+        "actions": [lambda: check_diff_codegen(base)],
+        "task_dep": ["codegen"],
+    }
 
 
 # }}}

buildchain/buildchain/salt_tree.py

@@ -292,6 +292,8 @@ def _download_ui_operator_crds() -> str:
     Path("salt/metalk8s/addons/cert-manager/deployed/chart.sls"),
     Path("salt/metalk8s/addons/cert-manager/deployed/init.sls"),
     Path("salt/metalk8s/addons/cert-manager/deployed/namespace.sls"),
+    Path("salt/metalk8s/addons/crl-operator/deployed/chart.sls"),
+    Path("salt/metalk8s/addons/crl-operator/deployed/init.sls"),
     Path("salt/metalk8s/addons/dex/ca/init.sls"),
     Path("salt/metalk8s/addons/dex/ca/installed.sls"),
     Path("salt/metalk8s/addons/dex/ca/advertised.sls"),

buildchain/buildchain/targets/template.py

@@ -6,7 +6,7 @@
 
 import shutil
 import string
-from typing import Any, Dict
+from typing import Any, Dict, Optional
 from pathlib import Path
 
 from buildchain import types
@@ -28,7 +28,11 @@ class TemplateFile(base.AtomicTarget):
     """Create a new file from a template file."""
 
     def __init__(
-        self, source: Path, destination: Path, context: Dict[str, Any], **kwargs: Any
+        self,
+        source: Path,
+        destination: Path,
+        context: Optional[Dict[str, Any]] = None,
+        **kwargs: Any,
     ):
         """Configure a template rendering task.
 
@@ -46,7 +50,7 @@ def __init__(
         super().__init__(**kwargs)
         self._src = source
         self._dst = destination
-        self._ctx = context
+        self._ctx = context or {}
 
     @property
     def task(self) -> types.TaskDict:
@@ -60,10 +64,10 @@ def task(self) -> types.TaskDict:
         )
         return task
 
-    def _run(self) -> None:
+    def _run(self, **extra_ctx: Any) -> None:
         """Render the template."""
         template = self._src.read_text(encoding="utf-8")
-        rendered = CustomTemplate(template).substitute(**self._ctx)
+        rendered = CustomTemplate(template).substitute(**self._ctx, **extra_ctx)
         self._dst.write_text(rendered, encoding="utf-8")
         # Preserve the permission bits.
         shutil.copymode(self._src, self._dst)

buildchain/buildchain/versions.py

@@ -302,6 +302,11 @@ def _version_prefix(version: str, prefix: str = "v") -> str:
         version=_version_prefix(CERT_MANAGER_VERSION),
         digest="sha256:a076f72f33a22dfd3a23727f1e1a069817819406b39e5b0fd9cb97d3338cb8d8",
     ),
+    Image(
+        name="crl-operator",
+        version="v1.0.0",
+        digest="sha256:86b4198036c1f83f1d9363a1e2ae78015482ca4fe60cd706939b8730c179ac8a",
+    ),
 )
 
 CONTAINER_IMAGES_MAP = {image.name: image for image in CONTAINER_IMAGES}