diff --git a/Makefile b/Makefile index 04a4fd3..7d93fc9 100644 --- a/Makefile +++ b/Makefile @@ -71,9 +71,11 @@ fmt: clean: rm -f $(BUILD_DIR)/bin/khelm + rm -f $(BUILD_DIR)/bin/khelm-static clean-all: rm -rf $(BUILD_DIR) + find . -name charts -type d -exec rm -rf {} \; check: gofmt vet golint gosec ## Runs all linters diff --git a/README.md b/README.md index 2d9e868..2ff4509 100644 --- a/README.md +++ b/README.md @@ -81,6 +81,8 @@ Kpt can also be leveraged to pull charts from other git repositories into your o If necessary the chart output can be transformed using kustomize. This can be done by declaring the khelm and a kustomize function orderly within a file and specifying the chart output kustomization as input for the kustomize function as shown in the [cert-manager example](example/kpt/cert-manager). +A more complex example that uses a Helm chart directly from another git repository can be found [here](example/kpt/linkerd): +The linkerd chart is managed locally as kpt dependency and transformed into a static manifest with all Secrets generated by cert-manager. ### kustomize exec plugin diff --git a/e2e/kpt-linkerd-test.sh b/e2e/kpt-linkerd-test.sh index 8c4c261..d2eb3e3 100755 --- a/e2e/kpt-linkerd-test.sh +++ b/e2e/kpt-linkerd-test.sh @@ -14,7 +14,7 @@ rm -f "$GENERATED_FILE" ( set -ex - make -C "$EXAMPLE_DIR/kpt/linkerd" update generate + make -C "$EXAMPLE_DIR/kpt/linkerd" update manifest [ -f "$GENERATED_FILE" ] grep -Eq ' name: linkerd-config-tpl$' "$GENERATED_FILE" || (echo 'FAIL: output does not contain linkerd-config-tpl' >&2; false) diff --git a/example/kpt/linkerd/Makefile b/example/kpt/linkerd/Makefile index 4da2e90..751fc33 100644 --- a/example/kpt/linkerd/Makefile +++ b/example/kpt/linkerd/Makefile @@ -1,6 +1,6 @@ -all: generate +all: manifest -generate: +manifest: kpt fn run --as-current-user --mount "type=bind,src=`pwd`,dst=/source,rw=true" manifests update: @@ -13,6 +13,3 @@ deploy: undeploy: kpt live destroy manifests/static - -install-cert-manager: - kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.1.0/cert-manager.yaml diff --git a/example/kpt/linkerd/README.md b/example/kpt/linkerd/README.md new file mode 100644 index 0000000..ed8bbf8 --- /dev/null +++ b/example/kpt/linkerd/README.md @@ -0,0 +1,12 @@ +# example: static linkerd manifest + +This example project includes the [linkerd2](https://github.com/linkerd/linkerd2) charts as kpt dependency and converts them to a static manifest which does not contain any `Secrets` but [cert-manager](https://cert-manager.io) `Certificates` instead. The transformations are specified within `manifests/helm-kustomize-pipeline.yaml`. + +However currently the static manifest is not functional since linkerd does not allow to specify the `-identity-trust-anchors-pem` option as environment variable that could be loaded from a Secret (see the related [linkerd issue](https://github.com/linkerd/linkerd2/issues/3843)). + +## Workflow + +1) Update dependencies: `make update` +2) Generate the static manifest: `make manifest` +3) Commit the changes (including generated manifests) if any +4) Within a CD pipeline deploy the manifest: `make deploy` or rather `kpt live apply manifests/static` (the latter requires cert-manager to be installed beforehand)