From 52a5557cc4210ff942d04261b1466f2e896da564 Mon Sep 17 00:00:00 2001 From: Lucas Rodriguez Date: Wed, 4 Oct 2023 23:34:32 -0500 Subject: [PATCH] Remove local zarf-agent package --- packages/zarf-agent/manifests/deployment.yaml | 64 ------ packages/zarf-agent/manifests/secret.yaml | 9 - packages/zarf-agent/manifests/service.yaml | 11 -- packages/zarf-agent/manifests/webhook.yaml | 182 ------------------ packages/zarf-agent/zarf.yaml | 43 ----- 5 files changed, 309 deletions(-) delete mode 100644 packages/zarf-agent/manifests/deployment.yaml delete mode 100644 packages/zarf-agent/manifests/secret.yaml delete mode 100644 packages/zarf-agent/manifests/service.yaml delete mode 100644 packages/zarf-agent/manifests/webhook.yaml delete mode 100644 packages/zarf-agent/zarf.yaml diff --git a/packages/zarf-agent/manifests/deployment.yaml b/packages/zarf-agent/manifests/deployment.yaml deleted file mode 100644 index 2d4767b..0000000 --- a/packages/zarf-agent/manifests/deployment.yaml +++ /dev/null @@ -1,64 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: agent-hook - namespace: zarf - labels: - app: agent-hook -spec: - replicas: 2 - selector: - matchLabels: - app: agent-hook - template: - metadata: - labels: - app: agent-hook - # Don't mutate this pod, that would be sad times - zarf.dev/agent: ignore - spec: - imagePullSecrets: - - name: private-registry - priorityClassName: system-node-critical - containers: - - name: server - image: "###ZARF_REGISTRY###/###ZARF_CONST_AGENT_IMAGE###:###ZARF_CONST_AGENT_IMAGE_TAG###" - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: 8443 - scheme: HTTPS - ports: - - containerPort: 8443 - resources: - requests: - memory: "32Mi" - cpu: "100m" - limits: - memory: "128Mi" - cpu: "500m" - volumeMounts: - - name: tls-certs - mountPath: /etc/certs - readOnly: true - - name: zarf-state - mountPath: /etc/zarf-state - readOnly: true - # Required for OpenShift to mount k9s vendored directories - - name: config - mountPath: /.config - - name: xdg - mountPath: /etc/xdg - volumes: - - name: tls-certs - secret: - secretName: agent-hook-tls - - name: zarf-state - secret: - secretName: zarf-state - # Required for OpenShift to mount k9s vendored directories - - name: config - emptyDir: {} - - name: xdg - emptyDir: {} diff --git a/packages/zarf-agent/manifests/secret.yaml b/packages/zarf-agent/manifests/secret.yaml deleted file mode 100644 index d3fbb9d..0000000 --- a/packages/zarf-agent/manifests/secret.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: agent-hook-tls - namespace: zarf -type: kubernetes.io/tls -data: - tls.crt: "###ZARF_AGENT_CRT###" - tls.key: "###ZARF_AGENT_KEY###" diff --git a/packages/zarf-agent/manifests/service.yaml b/packages/zarf-agent/manifests/service.yaml deleted file mode 100644 index 2b9240b..0000000 --- a/packages/zarf-agent/manifests/service.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: agent-hook - namespace: zarf -spec: - selector: - app: agent-hook - ports: - - port: 443 - targetPort: 8443 diff --git a/packages/zarf-agent/manifests/webhook.yaml b/packages/zarf-agent/manifests/webhook.yaml deleted file mode 100644 index 136590c..0000000 --- a/packages/zarf-agent/manifests/webhook.yaml +++ /dev/null @@ -1,182 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: zarf -webhooks: - - name: agent-pod.zarf.dev - namespaceSelector: - matchExpressions: - - key: "kubernetes.io/metadata.name" - operator: NotIn - values: - # Ensure we don't mess with kube-system - - "kube-system" - # Allow ignoring whole namespaces - - key: zarf.dev/agent - operator: NotIn - values: - - "skip" - - "ignore" - objectSelector: - matchExpressions: - # Always ignore specific resources if requested by annotation/label - - key: zarf.dev/agent - operator: NotIn - values: - - "skip" - - "ignore" - # Ignore K3s Klipper - - key: svccontroller.k3s.cattle.io/svcname - operator: DoesNotExist - clientConfig: - service: - name: agent-hook - namespace: zarf - path: "/mutate/pod" - caBundle: "###ZARF_AGENT_CA###" - rules: - - operations: - - "CREATE" - - "UPDATE" - apiGroups: - - "" - apiVersions: - - "v1" - resources: - - "pods" - admissionReviewVersions: - - "v1" - - "v1beta1" - sideEffects: None - - name: agent-flux-gitrepo.zarf.dev - namespaceSelector: - matchExpressions: - # Ensure we don't mess with kube-system - - key: "kubernetes.io/metadata.name" - operator: NotIn - values: - - "kube-system" - # Allow ignoring whole namespaces - - key: zarf.dev/agent - operator: NotIn - values: - - "skip" - - "ignore" - objectSelector: - matchExpressions: - # Always ignore specific resources if requested by annotation/label - - key: zarf.dev/agent - operator: NotIn - values: - - "skip" - - "ignore" - clientConfig: - service: - name: agent-hook - namespace: zarf - path: "/mutate/flux-gitrepository" - caBundle: "###ZARF_AGENT_CA###" - rules: - - operations: - - "CREATE" - - "UPDATE" - apiGroups: - - "source.toolkit.fluxcd.io" - apiVersions: - - "v1beta1" - - "v1beta2" - - "v1" - resources: - - "gitrepositories" - admissionReviewVersions: - - "v1" - - "v1beta1" - sideEffects: None - - name: agent-argocd-application.zarf.dev - namespaceSelector: - matchExpressions: - # Ensure we don't mess with kube-system - - key: "kubernetes.io/metadata.name" - operator: NotIn - values: - - "kube-system" - # Allow ignoring whole namespaces - - key: zarf.dev/agent - operator: NotIn - values: - - "skip" - - "ignore" - objectSelector: - matchExpressions: - # Always ignore specific resources if requested by annotation/label - - key: zarf.dev/agent - operator: NotIn - values: - - "skip" - - "ignore" - clientConfig: - service: - name: agent-hook - namespace: zarf - path: "/mutate/argocd-application" - caBundle: "###ZARF_AGENT_CA###" - rules: - - operations: - - "CREATE" - - "UPDATE" - apiGroups: - - "argoproj.io" - apiVersions: - - "v1alpha1" - resources: - - "applications" - admissionReviewVersions: - - "v1" - - "v1beta1" - sideEffects: None - - name: agent-argocd-repository.zarf.dev - namespaceSelector: - matchExpressions: - # Ensure we don't mess with kube-system - - key: "kubernetes.io/metadata.name" - operator: NotIn - values: - - "kube-system" - # Allow ignoring whole namespaces - - key: zarf.dev/agent - operator: NotIn - values: - - "skip" - - "ignore" - objectSelector: - matchExpressions: - # Always ignore specific resources if requested by annotation/label - - key: zarf.dev/agent - operator: NotIn - values: - - "skip" - - "ignore" - - key: argocd.argoproj.io/secret-type - operator: In - values: - - repository - clientConfig: - service: - name: agent-hook - namespace: zarf - path: "/mutate/argocd-repository" - caBundle: "###ZARF_AGENT_CA###" - rules: - - operations: - - "CREATE" - - "UPDATE" - apiGroups: - - "" - apiVersions: - - "v1" - resources: - - "secrets" - admissionReviewVersions: - - "v1" - - "v1beta1" - sideEffects: None diff --git a/packages/zarf-agent/zarf.yaml b/packages/zarf-agent/zarf.yaml deleted file mode 100644 index 1718109..0000000 --- a/packages/zarf-agent/zarf.yaml +++ /dev/null @@ -1,43 +0,0 @@ -kind: ZarfPackageConfig -metadata: - name: init-package-zarf-agent - description: Install the zarf agent mutating webhook on a new cluster - -constants: - - name: AGENT_IMAGE - value: "###ZARF_PKG_TMPL_AGENT_IMAGE###" - - name: AGENT_IMAGE_TAG - value: "###ZARF_PKG_TMPL_AGENT_IMAGE_TAG###" - -components: - - name: zarf-agent - description: | - A Kubernetes mutating webhook to enable automated URL rewriting for container - images and git repository references in Kubernetes manifests. This prevents - the need to manually update URLs from their original sources to the Zarf-managed - docker registry and git server. - required: true - images: - - "###ZARF_PKG_TMPL_AGENT_IMAGE_DOMAIN######ZARF_PKG_TMPL_AGENT_IMAGE###:###ZARF_PKG_TMPL_AGENT_IMAGE_TAG###" - manifests: - - name: zarf-agent - namespace: zarf - files: - - manifests/service.yaml - - manifests/secret.yaml - - manifests/deployment.yaml - - manifests/webhook.yaml - actions: - onCreate: - before: - - cmd: "make init-package-local-agent AGENT_IMAGE_TAG=\"###ZARF_PKG_TMPL_AGENT_IMAGE_TAG###\" ARCH=\"###ZARF_PKG_ARCH###\"" - dir: ../.. - description: Build the local agent image (if 'AGENT_IMAGE_TAG' was specified as 'local') - onDeploy: - after: - - wait: - cluster: - kind: pod - namespace: zarf - name: app=agent-hook - condition: Ready