Merge pull request #41 from vmware-tanzu-labs/develop

v1.4.4

Makefile

@@ -5,9 +5,9 @@
 
 # image build vars
 IMAGE ?= projects.registry.vmware.com/rpk/rpk
-IMAGE_VERSION ?= v1.4.3
+IMAGE_VERSION ?= v1.4.4
 IMAGE_BASE ?= projects.registry.vmware.com/rpk/rpk-base
-IMAGE_BASE_VERSION ?= v1.4.0
+IMAGE_BASE_VERSION ?= v1.4.1
 
 # rpk vars
 INVENTORY ?= `pwd`/build/inventory.yaml

requirements.txt

@@ -1,5 +1,5 @@
 # base version of ansible
-ansible==2.9.9
+ansible==2.9.10
 
 # required for k8s ansible module
 openshift==0.11.1

roles/common/manifest-file-with-wait/tasks/main.yaml

@@ -6,6 +6,9 @@
     src:  "{{ manifest_template }}"
     dest: "{{ manifest_staging_dir }}/{{ manifest_template.split('.j2') | first | basename }}"
     mode: "0440"
+    # allow for different templating strings
+    variable_start_string: "{{ manifest_variable_start_string | default(omit) }}"
+    variable_end_string:   "{{ manifest_variable_end_string | default(omit) }}"
   changed_when: false
 
 - name: "ensure {{ manifest_description | lower }} is present"

roles/common/manifest-file/tasks/main.yaml

@@ -6,6 +6,9 @@
     src:  "{{ manifest_template }}"
     dest: "{{ manifest_staging_dir }}/{{ manifest_template.split('.j2') | first | basename }}"
     mode: "0440"
+    # allow for different templating strings
+    variable_start_string: "{{ manifest_variable_start_string | default(omit) }}"
+    variable_end_string:   "{{ manifest_variable_end_string | default(omit) }}"
   changed_when: false
 
 - name: "ensure {{ manifest_description | lower }} is present"

roles/components/core/admission-control/templates/gatekeeper-app.yaml.j2

@@ -45,7 +45,7 @@ spec:
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.name
-          image: {{ tanzu_admission_control.gatekeeper.image }}:{{ tanzu_admission_control.gatekeeper.image_tag }}
+          image: "{{ tanzu_admission_control.gatekeeper.image }}:{{ tanzu_admission_control.gatekeeper.image_tag }}"
           imagePullPolicy: Always
           livenessProbe:
             httpGet:
@@ -124,7 +124,7 @@ spec:
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.name
-          image: {{ tanzu_admission_control.gatekeeper.image }}:{{ tanzu_admission_control.gatekeeper.image_tag }}
+          image: "{{ tanzu_admission_control.gatekeeper.image }}:{{ tanzu_admission_control.gatekeeper.image_tag }}"
           imagePullPolicy: Always
           livenessProbe:
             httpGet:

roles/components/core/admission-control/templates/mutator-app.yaml.j2

@@ -21,7 +21,7 @@ spec:
     spec:
       containers:
         - name: sac
-          image: {{ tanzu_admission_control.mutator.image }}:{{ tanzu_admission_control.mutator.image_tag }}
+          image: "{{ tanzu_admission_control.mutator.image }}:{{ tanzu_admission_control.mutator.image_tag }}"
           resources: {{ tanzu_admission_control.mutator.resources | default(tanzu_admission_control.default_resources) }}
           securityContext:
             runAsUser: 65532

roles/components/core/application-stack/templates/app/department/department-deployment.yaml.j2

@@ -36,7 +36,7 @@ spec:
         runAsUser: 1001
       containers:
         - name: department
-          image: {{ tanzu_app_stack.department.remote_image }}:{{ tanzu_app_stack.department.remote_image_tag }}
+          image: "{{ tanzu_app_stack.department.remote_image }}:{{ tanzu_app_stack.department.remote_image_tag }}"
           imagePullPolicy: Always
           ports:
             - containerPort: 8080

roles/components/core/application-stack/templates/app/employee/employee-deployment.yaml.j2

@@ -36,7 +36,7 @@ spec:
         runAsUser: 1001
       containers:
         - name: employee
-          image: {{ tanzu_app_stack.employee.remote_image }}:{{ tanzu_app_stack.employee.remote_image_tag }}
+          image: "{{ tanzu_app_stack.employee.remote_image }}:{{ tanzu_app_stack.employee.remote_image_tag }}"
           imagePullPolicy: Always
           ports:
             - containerPort: 8080

roles/components/core/application-stack/templates/app/gateway/gateway-deployment.yaml.j2

@@ -23,7 +23,7 @@ spec:
         runAsUser: 1001
       containers:
       - name: gateway
-        image: {{ tanzu_app_stack.gateway.remote_image }}:{{ tanzu_app_stack.gateway.remote_image_tag }}
+        image: "{{ tanzu_app_stack.gateway.remote_image }}:{{ tanzu_app_stack.gateway.remote_image_tag }}"
         imagePullPolicy: Always
         ports:
           - containerPort: 8080

roles/components/core/application-stack/templates/app/organization/organization-deployment.yaml.j2

@@ -36,7 +36,7 @@ spec:
         runAsUser: 1001
       containers:
       - name: organization
-        image: {{ tanzu_app_stack.organization.remote_image }}:{{ tanzu_app_stack.organization.remote_image_tag }}
+        image: "{{ tanzu_app_stack.organization.remote_image }}:{{ tanzu_app_stack.organization.remote_image_tag }}"
         imagePullPolicy: Always
         ports:
           - containerPort: 8080

roles/components/core/application-stack/templates/db/mongodb-deployment.yaml.j2

@@ -23,7 +23,7 @@ spec:
         runAsUser: 999
       containers:
       - name: mongodb
-        image: {{ tanzu_app_stack.mongodb.image }}:{{ tanzu_app_stack.mongodb.image_tag }}
+        image: "{{ tanzu_app_stack.mongodb.image }}:{{ tanzu_app_stack.mongodb.image_tag }}"
         ports:
         - containerPort: 27017
         env:

roles/components/core/container-registry/templates/harbor-api.yaml.j2

@@ -28,7 +28,7 @@ spec:
         fsGroup: 10000
       containers:
         - name: core
-          image: {{ tanzu_container_registry.core.image }}:{{ tanzu_container_registry.base_image_tag }}
+          image: "{{ tanzu_container_registry.core.image }}:{{ tanzu_container_registry.base_image_tag }}"
           imagePullPolicy: IfNotPresent
           livenessProbe:
             httpGet:

roles/components/core/container-registry/templates/harbor-app.yaml.j2

@@ -30,7 +30,7 @@ spec:
         fsGroup: 10000
       containers:
         - name: chartmuseum
-          image: {{ tanzu_container_registry.chartmuseum.image }}:{{ tanzu_container_registry.base_image_tag }}
+          image: "{{ tanzu_container_registry.chartmuseum.image }}:{{ tanzu_container_registry.base_image_tag }}"
           imagePullPolicy: IfNotPresent
           livenessProbe:
             httpGet:
@@ -112,7 +112,7 @@ spec:
         fsGroup: 10000
       containers:
         - name: clair
-          image: {{ tanzu_container_registry.clair.image }}:{{ tanzu_container_registry.base_image_tag }}
+          image: "{{ tanzu_container_registry.clair.image }}:{{ tanzu_container_registry.base_image_tag }}"
           imagePullPolicy: IfNotPresent
           livenessProbe:
             httpGet:
@@ -144,7 +144,7 @@ spec:
               mountPath: /etc/harbor/ssl/clair
           resources: {{ tanzu_container_registry.clair.resources }}
         - name: adapter
-          image: {{ tanzu_container_registry.clair.adapter.image }}:{{ tanzu_container_registry.base_image_tag }}
+          image: "{{ tanzu_container_registry.clair.adapter.image }}:{{ tanzu_container_registry.base_image_tag }}"
           imagePullPolicy: IfNotPresent
           livenessProbe:
             httpGet:
@@ -245,7 +245,7 @@ spec:
         fsGroup: 10000
       containers:
         - name: jobservice
-          image: {{ tanzu_container_registry.jobservice.image }}:{{ tanzu_container_registry.base_image_tag }}
+          image: "{{ tanzu_container_registry.jobservice.image }}:{{ tanzu_container_registry.base_image_tag }}"
           imagePullPolicy: IfNotPresent
           livenessProbe:
             httpGet:
@@ -348,13 +348,13 @@ spec:
         fsGroup: 10000
       containers:
         - name: notary-server
-          image: {{ tanzu_container_registry.notary.server.image }}:{{ tanzu_container_registry.base_image_tag }}
+          image: "{{ tanzu_container_registry.notary.server.image }}:{{ tanzu_container_registry.base_image_tag }}"
           imagePullPolicy: IfNotPresent
           env:
             - name: MIGRATIONS_PATH
               value: migrations/server/postgresql
             - name: DB_URL
-              value: postgres://{{ tanzu_container_registry.postgres.username }}:{{ tanzu_container_registry.postgres.password }}@{{ tanzu_container_registry.postgres.resource_name }}:5432/notaryserver?sslmode=disable
+              value: "postgres://{{ tanzu_container_registry.postgres.username }}:{{ tanzu_container_registry.postgres.password }}@{{ tanzu_container_registry.postgres.resource_name }}:5432/notaryserver?sslmode=disable"
           volumeMounts:
             - name: config
               mountPath: /etc/notary/server-config.postgres.json
@@ -401,13 +401,13 @@ spec:
         fsGroup: 10000
       containers:
       - name: notary-signer
-        image: {{ tanzu_container_registry.notary.signer.image }}:{{ tanzu_container_registry.base_image_tag }}
+        image: "{{ tanzu_container_registry.notary.signer.image }}:{{ tanzu_container_registry.base_image_tag }}"
         imagePullPolicy: IfNotPresent
         env:
           - name: MIGRATIONS_PATH
             value: migrations/signer/postgresql
           - name: DB_URL
-            value: postgres://{{ tanzu_container_registry.postgres.username }}:{{ tanzu_container_registry.postgres.password }}@{{ tanzu_container_registry.postgres.resource_name }}:5432/notarysigner?sslmode=disable
+            value: "postgres://{{ tanzu_container_registry.postgres.username }}:{{ tanzu_container_registry.postgres.password }}@{{ tanzu_container_registry.postgres.resource_name }}:5432/notarysigner?sslmode=disable"
           - name: NOTARY_SIGNER_DEFAULTALIAS
             value: defaultalias
         volumeMounts:
@@ -487,7 +487,7 @@ spec:
         fsGroup: 10000
       containers:
         - name: registry
-          image: {{ tanzu_container_registry.registry.image }}:{{ tanzu_container_registry.base_image_tag }}
+          image: "{{ tanzu_container_registry.registry.image }}:{{ tanzu_container_registry.base_image_tag }}"
           imagePullPolicy: IfNotPresent
           livenessProbe:
             httpGet:
@@ -536,7 +536,7 @@ spec:
               mountPath: /etc/harbor/ssl/registry
           resources: {{ tanzu_container_registry.registry.resources | default(tanzu_container_registry.default_resources) }}
         - name: registryctl
-          image: {{ tanzu_container_registry.registry.registryctl.image }}:{{ tanzu_container_registry.base_image_tag }}
+          image: "{{ tanzu_container_registry.registry.registryctl.image }}:{{ tanzu_container_registry.base_image_tag }}"
           imagePullPolicy: IfNotPresent
           livenessProbe:
             httpGet:
@@ -661,7 +661,7 @@ spec:
       automountServiceAccountToken: false
       containers:
         - name: trivy
-          image: {{ tanzu_container_registry.trivy.image }}:{{ tanzu_container_registry.base_image_tag }}
+          image: "{{ tanzu_container_registry.trivy.image }}:{{ tanzu_container_registry.base_image_tag }}"
           imagePullPolicy: IfNotPresent
           securityContext:
             privileged: false

roles/components/core/container-registry/templates/harbor-persistence.yaml.j2

@@ -29,7 +29,7 @@ spec:
         fsGroup: 999
       containers:
         - name: redis
-          image: {{ tanzu_container_registry.redis.image }}:{{ tanzu_container_registry.base_image_tag }}
+          image: "{{ tanzu_container_registry.redis.image }}:{{ tanzu_container_registry.base_image_tag }}"
           imagePullPolicy: IfNotPresent
           livenessProbe:
             tcpSocket:
@@ -101,7 +101,7 @@ spec:
         - name: "change-permission-of-directory"
           securityContext:
             runAsUser: 0
-          image: {{ tanzu_container_registry.postgres.image }}:{{ tanzu_container_registry.base_image_tag }}
+          image: "{{ tanzu_container_registry.postgres.image }}:{{ tanzu_container_registry.base_image_tag }}"
           imagePullPolicy: IfNotPresent
           command: ["/bin/sh"]
           args: ["-c", "chown -R postgres:postgres /var/lib/postgresql/data"]
@@ -110,7 +110,7 @@ spec:
               mountPath: /var/lib/postgresql/data
               subPath:
         - name: "remove-lost-found"
-          image: {{ tanzu_container_registry.postgres.image }}:{{ tanzu_container_registry.base_image_tag }}
+          image: "{{ tanzu_container_registry.postgres.image }}:{{ tanzu_container_registry.base_image_tag }}"
           imagePullPolicy: IfNotPresent
           command: ["rm", "-Rf", "/var/lib/postgresql/data/lost+found"]
           volumeMounts:
@@ -119,7 +119,7 @@ spec:
               subPath:
       containers:
         - name: database
-          image: {{ tanzu_container_registry.postgres.image }}:{{ tanzu_container_registry.base_image_tag }}
+          image: "{{ tanzu_container_registry.postgres.image }}:{{ tanzu_container_registry.base_image_tag }}"
           imagePullPolicy: IfNotPresent
           livenessProbe:
             exec:

roles/components/core/container-registry/templates/harbor-web.yaml.j2

@@ -26,7 +26,7 @@ spec:
     spec:
       containers:
         - name: portal
-          image: {{ tanzu_container_registry.portal.image }}:{{ tanzu_container_registry.base_image_tag }}
+          image: "{{ tanzu_container_registry.portal.image }}:{{ tanzu_container_registry.base_image_tag }}"
           imagePullPolicy: IfNotPresent
           livenessProbe:
             httpGet:

roles/components/core/identity/templates/app-dex.yaml.j2

@@ -154,7 +154,7 @@ spec:
         - /usr/local/bin/dex
         - serve
         - /etc/dex/cfg/config.yaml
-        image: {{ tanzu_identity.dex.image }}:{{ tanzu_identity.dex.image_tag }}
+        image: "{{ tanzu_identity.dex.image }}:{{ tanzu_identity.dex.image_tag }}"
         imagePullPolicy: IfNotPresent
         name: dex
         ports:

roles/components/core/identity/templates/app-gangway.yaml.j2

@@ -83,7 +83,7 @@ spec:
         runAsGroup: 65534
       containers:
       - name: gangway
-        image: {{ tanzu_identity.gangway.image }}:{{ tanzu_identity.gangway.image_tag }}
+        image: "{{ tanzu_identity.gangway.image }}:{{ tanzu_identity.gangway.image_tag }}"
         imagePullPolicy: IfNotPresent
         command:
         - gangway

roles/components/core/identity/templates/app-ldap.yaml.j2

@@ -50,7 +50,7 @@ spec:
       serviceAccountName: ldap
       containers:
         - name: ldap
-          image: {{ tanzu_identity.ldap.image }}:{{ tanzu_identity.ldap.image_tag }}
+          image: "{{ tanzu_identity.ldap.image }}:{{ tanzu_identity.ldap.image_tag }}"
           imagePullPolicy: IfNotPresent
           args: ["--copy-service"]
           env:

roles/components/core/ingress/tasks/external-dns-internal.yaml

@@ -1,18 +1,20 @@
 # Copyright 2006-2021 VMware, Inc.
 # SPDX-License-Identifier: MIT
 ---
+- name: "ensure internal external-dns provider config map is deployed"
+  include_role:
+    name: "common/manifest-file-with-wait"
+  vars:
+    manifest_description:           "bind config map"
+    manifest_template:              "config-bind.yaml.j2"
+    manifest_staging_dir:           "{{ tanzu_ingress.staging_dir }}"
+    manifest_variable_start_string: "<<"
+    manifest_variable_end_string:   ">>"
+
 - name: "ensure internal external-dns provider manifests are deployed"
   include_role:
     name: "common/manifest-file-with-wait"
   vars:
-    manifest_description: "{{ manifest.description }}"
-    manifest_template:    "{{ manifest.template }}"
-    manifest_staging_dir: "{{ tanzu_ingress.staging_dir }}"
-  with_items:
-    - description: "bind config"
-      template:    "config-bind.yaml.j2"
-    - description: "external-dns internal provider"
-      template:    "app-external-dns-internal.yaml.j2"
-  loop_control:
-    loop_var: "manifest"
-    label:    "{{ manifest.template }}"
+    manifest_description:           "external-dns internal provider"
+    manifest_template:              "app-external-dns-internal.yaml.j2"
+    manifest_staging_dir:           "{{ tanzu_ingress.staging_dir }}"

roles/components/core/ingress/templates/app-contour.yaml.j2

@@ -49,7 +49,7 @@ spec:
         - --contour-key-file=/certs/tls.key
         - --config-path=/config/contour.yaml
         command: ["contour"]
-        image: {{ tanzu_ingress.contour.image }}:{{ tanzu_ingress.contour.image_tag }}
+        image: "{{ tanzu_ingress.contour.image }}:{{ tanzu_ingress.contour.image_tag }}"
         imagePullPolicy: IfNotPresent
         resources: {{ tanzu_ingress.contour.resources | default(tanzu_ingress.default_resources) }}
         name: contour

roles/components/core/ingress/templates/app-envoy.yaml.j2

@@ -35,7 +35,7 @@ spec:
         args:
           - envoy
           - shutdown-manager
-        image: {{ tanzu_ingress.contour.image }}:{{ tanzu_ingress.contour.image_tag }}
+        image: "{{ tanzu_ingress.contour.image }}:{{ tanzu_ingress.contour.image_tag }}"
         imagePullPolicy: IfNotPresent
         resources: {{ tanzu_ingress.envoy.resources | default(tanzu_ingress.default_resources) }}
         lifecycle:
@@ -59,7 +59,7 @@ spec:
         - --log-level info
         command:
         - envoy
-        image: {{ tanzu_ingress.envoy.image }}:{{ tanzu_ingress.envoy.image_tag }}
+        image: "{{ tanzu_ingress.envoy.image }}:{{ tanzu_ingress.envoy.image_tag }}"
         imagePullPolicy: IfNotPresent
         resources: {{ tanzu_ingress.envoy.resources | default(tanzu_ingress.default_resources) }}
         name: envoy
@@ -109,7 +109,7 @@ spec:
         - --envoy-key-file=/certs/tls.key
         command:
         - contour
-        image: {{ tanzu_ingress.contour.image }}:{{ tanzu_ingress.contour.image_tag }}
+        image: "{{ tanzu_ingress.contour.image }}:{{ tanzu_ingress.contour.image_tag }}"
         imagePullPolicy: IfNotPresent
         resources: {{ tanzu_ingress.contour.resources | default(tanzu_ingress.default_resources) }}
         name: envoy-initconfig