Adding an app

tip

See Run Kubitus for details on how to run the below kubitus-* commands.

create app repo

Prerequisites

• Credentials with sufficient privileges to push to GitLabracadabra configuration repository.

  For example, a project access token with role Developper and scope write_repository

The following command creates the csi-driver-smb app repo with description CSI Driver SMB, using token glpat-redacted:

KUBITUS_GITLAB_PASSWORD="glpat-redacted-gitlabracadabra-config" \
  kubitus-create-gitlab-projects \
    --author-name "$(git config user.name)" \
    --author-email "$(git config user.email)" \
    "csi-driver-smb: CSI Driver SMB"

tip

You can create several applications at once with "app1: desc1" "app2: desc2".

scaffold app

info

Prerequisites:

• The app repo is created (the merge request created in the previous step is merged and the pipeline on the main branch is finished)
• Credentials with sufficient privileges to push to app repository. For example, a project access token with role Maintainer and scope write_repository
• Crane from google/go-containerregistry must be installed (included in image)
• helm-docs must be installed (included in image)

The following command scaffold or re-scaffold the csi-driver-smb app from the last chart in https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts:

KUBITUS_GITLAB_PASSWORD="glpat-redacted-myapp" \
  kubitus-scaffold-app \
    --author-name "$(git config user.name)" \
    --author-email "$(git config user.email)" \
    --chart-repo https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts \
    --chart-version "" \
    csi-driver-smb

tip

When --chart-version is empty, the latest chart version is used.

The above command will do the following (in a temporary directory):

• Clone the app repo (in apps group)
• Create a README.md
• Push it to main branch if repository is empty
• create .gitignore
• create .gitlab-ci.yml pointing to latest common tag
• create renovate.json, keeping local configuration
• download and extract the subchart
  • run helm repo add
  • without --chart-version, use helm repo show chart to get latest chart version
  • run helm pull to download the chart
  • run tar xzf to extract the chart
• create Chart.yaml
• create values.yaml, values.schema.json and templates, keeping existing extra configuration. This creates:
  • namespaces
  • config maps
  • secrets
  • sealed secrets
  This step also extracts images from subchart values, and inject them into the chart, with a comment for renovate. The following patterns are supported:
  • repository, tag
  • registry, repository, tag
  • registry, repository, tag, sha
  • registry, repository, tag, digest
• run helm-docs
• create images.list and image-repositories.list, containing resp. all images with and without digest
• commit and push to kubitus-scaffold-app branch, and create a merge request

tip

The logic to extract images in kubitus-helm-ci is different. You may need to fix the CI by adding commits to the merge request.

root-app repo

Clone the root-app repo:

# cd  .../apps
git clone "https://gitlab.com/kubitus-project/apps/root-app.git"
cd root-app

Add the app in appDefaults:

commit 1234567890123456789012345678901234567890
Author: Mathieu Parent <mathieu.parent@example.org>
Date:   Mon Aug 12 15:08:20 2024 +0200

    feat: new app my-app

diff --git a/charts/root-app/values.yaml b/charts/root-app/values.yaml
index 1234567..7654321 100644
--- a/charts/root-app/values.yaml
+++ b/charts/root-app/values.yaml
@@ -108,6 +108,14 @@ appDefaults:
       kind: AppProject
     - group: argoproj.io
       kind: Application
+  # renovate: app
+  my-app:
+    targetRevision: v1.0.0
+    extraClusterResourceWhitelist:
+    - group: rbac.authorization.k8s.io
+      kind: ClusterRoleBinding
+    - group: rbac.authorization.k8s.io
+      kind: ClusterRole
   external-dns:
     extraClusterResourceWhitelist:
     - group: apiextensions.k8s.io
@@ -121,6 +132,8 @@ appDefaults:
 appInstances:
   root-app:
     enabled: 'true'
+  my-app:
+    enabled: 'false'
   external-dns:
     enabled: 'false'

👍 Tip: You can get the list of needed resource kinds with:

(
  cd "../$app"
  helm template charts/*/ | grep -P '^(kind|apiVersion): '
)

⚠️ Do not re-declare already declared resources.

clusters repo

In you clusters repository, you can enable the app in one cluster with:

--- a/apps/root-app/cluster-mgmt2/values-default.yaml
+++ b/apps/root-app/cluster-mgmt2/values-default.yaml
@@ -27,10 +27,12 @@ clusters:


 clusterOverrides:
   cluster-staging:
     hello-world/instance1:
       enabled: 'true'
     hello-world/instance2:
       enabled: 'true'
     external-dns:
       enabled: 'true'
+    csi-driver-smb:
+      enabled: 'true'

Improvements

Consider configuring the following:

• Network policies
• Resources limits + requests
• ServiceMonitor
• Alerts using PrometheusRules
• Ingresses
• OpenIDConnect / OAuth2