Merge pull request #34 from defenseunicorns/refactor

.github/workflows/tag-and-release.yaml

@@ -26,7 +26,7 @@ jobs:
     name: Publish package
     strategy:
       matrix:
-        flavor: [registry1]
+        flavor: [upstream, registry1]
 
     permissions:
       contents: read

.github/workflows/test.yaml

@@ -38,7 +38,7 @@ jobs:
     timeout-minutes: 25
     strategy:
       matrix:
-        flavor: [registry1]
+        flavor: [upstream, registry1]
         type: [install, upgrade]
 
     steps:

.pre-commit-config.yaml

@@ -22,7 +22,8 @@ repos:
       - id: check-yaml
         exclude: |
           (?x)^(
-            charts/raw/templates/resources.yaml
+            chart/templates/uds-package.yaml|
+            chart/templates/postgres-secret.yaml
           )$
         args:
           - "--allow-multiple-documents"

CODEOWNERS

@@ -1 +1,2 @@
-* @defenseunicorns/uds
+# This repository is owned by the Defense Unicorns UDS-Marketplace Team
+/* @defenseunicorns/uds-marketplace

README.md

@@ -1,4 +1,4 @@
-# 🚚 UDS Confluence Zarf Package
+# 🏪 UDS Confluence Zarf Package
 
 [![Latest Release](https://img.shields.io/github/v/release/defenseunicorns/uds-package-confluence)](https://github.com/defenseunicorns/uds-package-confluence/releases)
 [![Build Status](https://img.shields.io/github/actions/workflow/status/defenseunicorns/uds-package-confluence/tag-and-release.yaml)](https://github.com/defenseunicorns/uds-package-confluence/actions/workflows/tag-and-release.yaml)

bundle/uds-bundle.yaml

@@ -22,7 +22,7 @@ packages:
               description: "Configure postgres using CRs via the uds-postgres-config chart"
               path: postgresql
 
-  - name: dev-secrets
+  - name: dev-wait
     path: ../
     ref: 0.1.0
 
@@ -31,3 +31,9 @@ packages:
     # x-release-please-start-version
     ref: 1.20.0-uds.2
     # x-release-please-end
+    overrides:
+      confluence:
+        confluence:
+          values:
+            - path: database.credentials.secretName
+              value: confluence.confluence.pg-cluster.credentials.postgresql.acid.zalan.do

bundle/uds-config.yaml

@@ -1,7 +1,9 @@
+shared:
+  CONFLUENCE_DB_USERNAME: "confluence.confluence"
+
 variables:
   confluence:
     confluence_db_endpoint: "pg-cluster.postgres.svc.cluster.local"
-    CONFLUENCE_DB_USERNAME: "confluence.confluence"
   postgres-operator:
     postgresql:
       enabled: true  # Set to false to not create the PostgreSQL resource

chart/templates/postgres-secret.yaml

@@ -0,0 +1,11 @@
+{{- if ne .Values.postgres.password "" }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: confluence-postgres
+  namespace: {{ .Release.Namespace }}
+type: kubernetes.io/opaque
+stringData:
+  username: {{ .Values.postgres.username }}
+  password: {{ .Values.postgres.password }}
+{{- end }}

chart/templates/uds-package.yaml

@@ -4,17 +4,43 @@ metadata:
   name: confluence
   namespace: {{ .Release.Namespace }}
 spec:
-  {{- if .Values.sso }}
+  {{- if .Values.sso.enabled }}
   sso:
     - name: Confluence Login
-      clientId: uds-package-confluence
+    {{- if eq .Values.sso.protocol "saml" }}
+      clientId: uds-package-confluence-saml
+      protocol: saml
+
       redirectUris:
         - "https://confluence.{{ .Values.domain }}/plugins/servlet/oidc/callback"
+
+      defaultClientScopes:
+        - "mapper-saml-email-email"
+        - "mapper-saml-firstname-first_name"
+        - "mapper-saml-lastname-last_name"
+        - "mapper-saml-grouplist-groups"
+        - "mapper-saml-username-name"
+    {{- else if eq .Values.sso.protocol "openid_connect"  }}
+      clientId: uds-package-confluence-openid-connect
+      protocol: openid-connect
+
+      redirectUris:
+        - "https://confluence.{{ .Values.domain }}/plugins/servlet/oidc/callback"
+    {{- end }}
   {{- end }}
+
+  monitor:
+    - selector:
+        app.kubernetes.io/name: confluence
+      targetPort: 9999
+      portName: jmx
+      path: /metrics
+      description: Metrics
+
   network:
     expose:
       - service: confluence
-        podLabels:
+        selector:
           app.kubernetes.io/name: confluence
         gateway: tenant
         host: confluence
@@ -23,18 +49,51 @@ spec:
     allow:
       - direction: Ingress
         remoteGenerated: IntraNamespace
+
       - direction: Egress
         remoteGenerated: IntraNamespace
+
       - direction: Egress
-        podLabels:
+        remoteNamespace: keycloak
+        remoteSelector:
+          app.kubernetes.io/name: keycloak
+        selector:
           app.kubernetes.io/name: confluence
-        port: 443
-        description: "SSO"
+        port: 8080
+        description: "SSO Internal"
+
       - direction: Egress
-        # todo: this is over permissive, need to scope it down
-        remoteGenerated: KubeAPI
-      # Todo: wide open for hitting in-cluster or external postgres
+        remoteGenerated: Anywhere
+        selector:
+          app.kubernetes.io/name: confluence
+        port: 443
+        description: "SSO External"
+
       - direction: Egress
-        podLabels:
+        selector:
           app.kubernetes.io/name: confluence
+        {{- if .Values.postgres.internal }}
+        remoteNamespace: {{ .Values.postgres.namespace | quote }}
+        remoteSelector:
+          {{ .Values.postgres.selector | toYaml | nindent 10 }}
+        port: {{ .Values.postgres.port }}
+        {{- else }}
         remoteGenerated: Anywhere
+        {{- end }}
+        description: "Confluence Postgres"
+
+      # Custom rules for unanticipated scenarios
+      {{- range .Values.custom }}
+      - direction: {{ .direction }}
+        selector:
+          {{ .selector | toYaml | nindent 10 }}
+        {{- if not .remoteGenerated }}
+        remoteNamespace: {{ .remoteNamespace }}
+        remoteSelector:
+          {{ .remoteSelector | toYaml | nindent 10 }}
+        port: {{ .port }}
+        {{- else }}
+        remoteGenerated: {{ .remoteGenerated }}
+        {{- end }}
+        description: {{ .description }}
+      {{- end }}

chart/values.yaml

@@ -1,2 +1,33 @@
 domain: "###ZARF_VAR_DOMAIN###"
-sso: true
+
+postgres:
+  # Set to false to use external postgres
+  internal: true
+  selector:
+    cluster-name: pg-cluster
+  username: confluence
+  password: ""
+  namespace: postgres
+  port: 5432
+
+sso:
+  enabled: true
+  # Options: "saml", "openid_connect"
+  protocol: "saml"
+
+# custom:
+#    # Notice no `remoteGenerated` field here on custom internal rule
+#   - direction: Ingress
+#     selector:
+#       app: jenkins
+#     remoteNamespace: jenkins
+#     remoteSelector:
+#       app: jenkins
+#     port: 8180
+#     description: "Ingress from Jenkins"
+#   # No `remoteNamespace`, `remoteSelector`, or `port` fields on rule to `remoteGenerated`
+#   - direction: Egress
+#     selector:
+#       app: webservice
+#     remoteGenerated: Anywhere
+#     description: "Egress from Mattermost"

common/zarf.yaml

@@ -15,8 +15,20 @@ components:
       # renovate: datasource=helm
       - name: confluence
         namespace: confluence
-        url: https://repo1.dso.mil/big-bang/product/community/confluence.git
-        version: "1.20.1-bb.3"
-        gitPath: chart
+        url: https://atlassian.github.io/data-center-helm-charts
+        version: "1.20.0"
         repoName: confluence
         releaseName: confluence
+        valuesFiles:
+          - ../values/common-values.yaml
+    actions:
+      onDeploy:
+        after:
+          - description: Validate Confluence Package
+            maxTotalSeconds: 300
+            wait:
+              cluster:
+                kind: Packages
+                name: confluence
+                namespace: confluence
+                condition: "'{.status.phase}'=Ready"

docs/DEVELOPMENT_MAINTENANCE.md

@@ -1,39 +1,22 @@
-# UDS Capability Confluence
+# UDS Confluence Package
 
-## How to upgrade this capability
+This package is pulling in the [upstream confluence chart](https://github.com/atlassian/data-center-helm-charts/tree/main/src/main/charts/confluence)
 
-This package is pulling in the [bigbang confluence chart](https://repo1.dso.mil/big-bang/product/community/confluence)
+## How to upgrade this package
 
-The [confluence-flux-values.yaml](../confluence-flux-values.yaml) file contains values used when creating the flux resources for this capability. This includes the version of the chart and the base values used for this capability.
+To upgrade:
 
-To upgrade
 1) Point `application.ref.tag` to the updated version of the chart.
-1) Update any base values if necessary.
-1) Update the `confluence` component in the [zarf.yaml](../zarf.yaml) file to pull in the correct images needed for the updated version of the chart.
+2) Update any base values if necessary.
+3) Update the `confluence` component in the [zarf.yaml](../zarf.yaml) file to pull in the correct images needed for the updated version of the chart.
 
-## How to test this capability on your own cluster
+## How to test this package on your own cluster
 
-1) With docker running and while connected to an aws account.
-2) Set these env variables.
-```bash
-export REPO_URL=https://github.com/defenseunicorns/uds-capability-confluence.git
-export GIT_BRANCH=<REPLACE_ME>
-export REGISTRY1_USERNAME=<REPLACE_ME>
-export REGISTRY1_PASSWORD=<REPLACE_ME>
-export AWS_AVAILABILITY_ZONE=a
-```
-
- 3) At the root of this repository, you can run `make test`. This will provision an ec2 instance, build and deploy all dependencies and packages, and run an e2e test to insure the capability is deploying successfully, available and ready.
-
-You can also follow the bread crumbs of the Makefile to manually create the cluster as well as build and deploy all the necessary packages.
-
-## How to manually trigger e2e tests in a github PR
-
-This project uses [slash command dispatch](https://github.com/peter-evans/slash-command-dispatch). To use this, add a comment in your PR that says `/test all`. This will trigger the e2e tests for this repo.
-
-## Auto e2e tests
-
-This project will automatically run e2e tests on pushes to `main`
+1) Have a cluster running that has [UDS-Core](https://github.com/defenseunicorns/uds-core) and you have access to it
+2) Clone this repo to your local machine
+3) Migrate to the cloned repo
+4) Using `uds-cli` run the `dev` task in the repo. The task will build the current configuration in the repo and then deploy it to the cluster
+    - Example command: `uds run dev --set FLAVOR=<your-desired-flavor-here>`
 
 ## Creating Releases
 
@@ -56,6 +39,6 @@ When changes are merged to the `main` branch, the Release Please will evaluate a
 > TIP: Merging a PR should be done via a branch **"Squash and merge"**; this means that the commit message seen on this PR merge is what Release Please will use to determine a version bump.
 
 When the auto generated Release Please PR is merged the following steps will automatically happen.
+
 1) A new release will be created and tagged
-1) An e2e test will be triggered
-1) If e2e passes, a new capability artifact will be published to the OCI registry
+2) New artifact(s) will be published to the OCI registry

src/wait/zarf.yaml

@@ -0,0 +1,19 @@
+kind: ZarfPackageConfig
+metadata:
+  name: dev-wait
+  description: "Wait for database to be ready to accept connections"
+  version: 0.1.0
+
+components:
+  - name: wait-for-database
+    required: true
+    actions:
+      onDeploy:
+        after:
+          - wait:
+              cluster:
+                kind: postgresql
+                name: pg-cluster
+                condition: "'{.status.PostgresClusterStatus}'=Running"
+                namespace: postgres
+          - cmd: sleep 10s

tasks.yaml

@@ -16,6 +16,13 @@ tasks:
       - task: setup:k3d-test-cluster
       - task: deploy:test-bundle
 
+  - name: default-full
+    description: Create K3D Cluster with UDS-Core + Confluence
+    actions:
+      - task: create-test-bundle
+      - task: setup:k3d-full-cluster
+      - task: deploy:test-bundle
+
   - name: create-package
     description: Create UDS Confluence Package, No dependencies included
     actions:
@@ -44,7 +51,7 @@ tasks:
     actions:
       - task: setup:k3d-test-cluster
 
-  - name: local-all
+  - name: dev
     description: Create then deploy local confluence bundle
     actions:
       - task: create-test-bundle

tasks/dependencies.yaml

@@ -1,12 +1,12 @@
 tasks:
   - name: create
-    description: Create the Dev-Secrets Dependency Zarf Package
+    description: Create the Dependency Zarf Packages
     inputs:
       options:
         description: For setting create time variables and flags
       architecture:
         description: The architecture of the package to create
         default: ${UDS_ARCH}
     actions:
-      - cmd: ./uds zarf package create src/dev-secrets/ --confirm --no-progress --architecture=${{ .inputs.architecture }} --skip-sbom ${{ .inputs.options }}
+      - cmd: ./uds zarf package create src/wait/ --confirm --no-progress --architecture=${{ .inputs.architecture }} --skip-sbom ${{ .inputs.options }}
       - cmd: ./uds zarf package create src/namespace/ --confirm --no-progress --architecture=${{ .inputs.architecture }} --skip-sbom ${{ .inputs.options }}