Features 11017 and 11018: setup of mgmt cluster and git repo
This change incorporates the changes to setup a mgmt cluster for
cloud-native operations in OSM following a GitOps model, which includes
the setup of an internal git repository.
Change-Id: If828d18ad64d852a9a89ec9ba7c2d3a96d281565
Signed-off-by: garciadeblas <gerardo.garciadeblas@telefonica.com>
diff --git a/installers/mgmt-cluster/mgmt-operators-and-crds/add-operators-and-crds.sh b/installers/mgmt-cluster/mgmt-operators-and-crds/add-operators-and-crds.sh
new file mode 100755
index 0000000..2ee36aa
--- /dev/null
+++ b/installers/mgmt-cluster/mgmt-operators-and-crds/add-operators-and-crds.sh
@@ -0,0 +1,52 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+set -e -o pipefail
+
+export HERE=$(dirname "$(readlink --canonicalize "$BASH_SOURCE")")
+source "${HERE}/library/functions.sh"
+source "${HERE}/library/trap.sh"
+
+
+# Input values
+export PROJECT_DIR="$1"
+export PROFILE_NAME="$2"
+
+# Reference folders
+export ADDON_CTRL_DIR="${PROJECT_DIR}/infra-controller-profiles/${PROFILE_NAME}"
+export ADDON_CONFIG_DIR="${PROJECT_DIR}/infra-config-profiles/${PROFILE_NAME}"
+
+# Add the CrossPlane controller
+PACKAGE="${SW_CATALOGS_REPO_DIR}/infra-controllers/crossplane/controller"
+cp "${PACKAGE}/templates"/* "${ADDON_CTRL_DIR}/"
+
+# Add the CrossPlane providers
+## Azure providers
+PACKAGE="${SW_CATALOGS_REPO_DIR}/infra-controllers/crossplane/providers/azure"
+cp "${PACKAGE}/templates"/* "${ADDON_CTRL_DIR}/"
+
+## GCP providers
+PACKAGE="${SW_CATALOGS_REPO_DIR}/infra-controllers/crossplane/providers/gcp"
+cp "${PACKAGE}/templates"/* "${ADDON_CTRL_DIR}/"
+
+## AWS providers
+PACKAGE="${SW_CATALOGS_REPO_DIR}/infra-controllers/crossplane/providers/aws"
+cp "${PACKAGE}/templates"/* "${ADDON_CTRL_DIR}/"
+
+# Add the Argo WorkFlows controller
+PACKAGE="${SW_CATALOGS_REPO_DIR}/infra-controllers/argo-workflows"
+cp "${PACKAGE}/templates"/* "${ADDON_CTRL_DIR}/"
diff --git a/installers/mgmt-cluster/mgmt-operators-and-crds/configure-workflows.sh b/installers/mgmt-cluster/mgmt-operators-and-crds/configure-workflows.sh
new file mode 100755
index 0000000..8948560
--- /dev/null
+++ b/installers/mgmt-cluster/mgmt-operators-and-crds/configure-workflows.sh
@@ -0,0 +1,95 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+set -e -o pipefail
+
+export HERE=$(dirname "$(readlink --canonicalize "$BASH_SOURCE")")
+source "${HERE}/library/functions.sh"
+source "${HERE}/library/trap.sh"
+
+
+# Input values
+export PROJECT_DIR="$1"
+export PROFILE_NAME="$2"
+export PUBLIC_KEY="$3"
+
+
+# Helper functions to clone secret from one namespace to other
+function clone_secret_to_new_ns_stdout() {
+ local SECRET_NAME="$1"
+ local SOURCE_NS="$2"
+ local DESTINATION_NS="$3"
+
+ kubectl get secret "${SECRET_NAME}" -n "${SOURCE_NS}" -o yaml | \
+ yq 'del(.metadata.uid) | del(.metadata.resourceVersion) | del(.metadata.creationTimestamp)' | \
+ yq ".metadata.namespace = \"${DESTINATION_NS}\""
+}
+
+# Helper function to encrypt secrets from stdin
+function encrypt_secret_from_stdin() {
+ local PUBLIC_KEY="$1"
+
+ # Save secret manifest to temporary file
+ local TMPFILE=$(mktemp /tmp/secret.XXXXXXXXXX.yaml) || exit 1
+ cat > "${TMPFILE}"
+
+ # Encrypt
+ sops \
+ --age=${PUBLIC_KEY} \
+ --encrypt \
+ --encrypted-regex '^(data|stringData)$' \
+ --in-place "${TMPFILE}"
+
+ # Outputs the result and removes the temporary file
+ cat "${TMPFILE}" && rm -f "${TMPFILE}"
+}
+
+
+# Reference folder for addon configs
+export ADDON_CONFIG_DIR="${PROJECT_DIR}/infra-config-profiles/${PROFILE_NAME}"
+
+# KSU folder for workflows
+export RESOURCES_DIR="${ADDON_CONFIG_DIR}/osm-workflows"
+mkdir -p "${RESOURCES_DIR}"
+
+# Create namespace for OSM workflows
+WORKFLOWS_NS=osm-workflows
+kubectl create ns ${WORKFLOWS_NS} \
+ -o yaml \
+ --dry-run=client \
+ > "${RESOURCES_DIR}/namespace.yaml"
+
+# Copy secrets for Git repos from `flux-system` to `osm-workflows` namespace
+clone_secret_to_new_ns_stdout \
+ fleet-repo \
+ flux-system \
+ "${WORKFLOWS_NS}" | \
+encrypt_secret_from_stdin \
+ "${PUBLIC_KEY}" \
+> "${RESOURCES_DIR}/secret-fleet-repo.yaml"
+
+clone_secret_to_new_ns_stdout \
+ sw-catalogs \
+ flux-system \
+ "${WORKFLOWS_NS}" | \
+encrypt_secret_from_stdin \
+ "${PUBLIC_KEY}" \
+> "${RESOURCES_DIR}/secret-sw-catalogs.yaml"
+
+# Add appropriate configurations and workflow templates for Argo WorkFlows into the namespace
+PACKAGE="${SW_CATALOGS_REPO_DIR}/infra-configs/osm-workflows"
+cp -r "${PACKAGE}/templates"/* "${RESOURCES_DIR}/"
diff --git a/installers/mgmt-cluster/mgmt-operators-and-crds/library/functions.sh b/installers/mgmt-cluster/mgmt-operators-and-crds/library/functions.sh
new file mode 100755
index 0000000..638a1d2
--- /dev/null
+++ b/installers/mgmt-cluster/mgmt-operators-and-crds/library/functions.sh
@@ -0,0 +1,91 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+BLUE='\033[0;34m'
+CYAN='\033[0;36m'
+RESET='\033[0m'
+
+# Colored messages (blue is the default)
+# Examples:
+# m "hello world"
+# m "hello world" "$GREEN"
+function m() {
+ local COLOR=${2:-$BLUE}
+ echo -e "$COLOR$1$RESET"
+}
+
+function copy_function() {
+ local ORIG_FUNC=$(declare -f $1)
+ local NEWNAME_FUNC="$2${ORIG_FUNC#$1}"
+ eval "$NEWNAME_FUNC"
+}
+
+function replace_text() {
+ local FILE=$1
+ local START=$2
+ local END=$3
+ local NEW=$4
+ local T=$(mktemp)
+ head -n $((START-1)) "$FILE" > "$T"
+ echo "$NEW" >> "$T"
+ tail -n +$((END+1)) "$FILE" >> "$T"
+ mv "$T" "$FILE"
+}
+
+function insert_text() {
+ local FILE=$1
+ local START=$2
+ local NEW=$3
+ local T=$(mktemp)
+ head -n $((START-1)) "$FILE" > "$T"
+ echo "$NEW" >> "$T"
+ tail -n +$START "$FILE" >> "$T"
+ mv "$T" "$FILE"
+}
+
+function remove_text() {
+ local FILE=$1
+ local START=$2
+ local END=$3
+ local T=$(mktemp)
+ head -n $((START-1)) "$FILE" > "$T"
+ tail -n +$((END+1)) "$FILE" >> "$T"
+ mv "$T" "$FILE"
+}
+
+function envsubst_cp() {
+ local FROM_FILE=$1
+ local TO_FILE=$2
+ mkdir --parents "$(dirname "$TO_FILE")"
+ cat "$FROM_FILE" | envsubst > "$TO_FILE"
+}
+
+function envsubst_dir() {
+ local FROM_DIR=$1
+ local TO_DIR=$2
+ rm --recursive --force "$TO_DIR"
+ mkdir --parents "$TO_DIR"
+ pushd "$FROM_DIR" > /dev/null
+ local F
+ find . -type f | while read F; do
+ envsubst_cp "$F" "$TO_DIR/$F"
+ done
+ popd > /dev/null
+}
diff --git a/installers/mgmt-cluster/mgmt-operators-and-crds/library/trap.sh b/installers/mgmt-cluster/mgmt-operators-and-crds/library/trap.sh
new file mode 100755
index 0000000..2a1156d
--- /dev/null
+++ b/installers/mgmt-cluster/mgmt-operators-and-crds/library/trap.sh
@@ -0,0 +1,48 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+function goodbye() {
+ local DURATION=$(date --date=@$(( "$(date +%s)" - "$TRAP_START_TIME" )) --utc +%T)
+ local CODE=$1
+ cd "$TRAP_DIR"
+ if [ "$CODE" == 0 ]; then
+ m "$(realpath --relative-to="$HERE" "$0") succeeded! $DURATION" "$GREEN"
+ elif [ "$CODE" == abort ]; then
+ m "Aborted $(realpath --relative-to="$HERE" "$0")! $DURATION" "$RED"
+ else
+ m "Oh no! $(realpath --relative-to="$HERE" "$0") failed! $DURATION" "$RED"
+ fi
+}
+
+function trap_EXIT() {
+ local ERR=$?
+ goodbye "$ERR"
+ exit "$ERR"
+}
+
+function trap_INT() {
+ goodbye abort
+ trap - EXIT
+ exit 1
+}
+
+TRAP_DIR=$PWD
+TRAP_START_TIME=$(date +%s)
+
+trap trap_INT INT
+
+trap trap_EXIT EXIT