refactor carvel packaing scripts

hack/lib/carvel_packages/README.md

@@ -1,10 +0,0 @@
-# Deployment via Carvel Packages
-
-The Carvel Package deployment method can be exercised via the following invocation:
-
-```bash
-PINNIPED_USE_LOCAL_KIND_REGISTRY=1 ./hack/prepare-for-integration-tests.sh \
-  --clean \
-  --alternate-deploy ./hack/noop.sh \
-  --post-install ./hack/build-carvel-packages.sh
-```

hack/lib/carvel_packages/build.sh

@@ -1,21 +1,16 @@
 #!/usr/bin/env bash
 
-# Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
+# Copyright 2023 the Pinniped contributors. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
 #
 # This script can be used in conjunction with prepare-for-integration-tests.sh.
 # When invoked with the PINNIPED_USE_LOCAL_KIND_REGISTRY environment variable set to a non-empty value,
-# the integration tests script will create a local docker registry and configure kind to use the registry
-# and will build the Pinniped binary and container image.
-# This script will then create Carvel Packages for supervisor,concierge and local-user-authenticator.
+# the prepare-for-integration-tests.sh script will create a local docker registry and configure kind to use the registry.
+# This script will build the Pinniped binary and container image.
+# This script will then create Carvel Packages for supervisor, concierge, and local-user-authenticator.
 # It will also create a Carvel PackageRepository.
-# The PackageRepository will be installed on the kind cluster, then PackageInstall resources
-# will be created to deploy an instance of each of the packages on the cluster.
-# Once this script has completed, Pinniped can be interacted with as if it had been deployed in the usual way,
-# for example by running tests or by preparing supervisor for manual interactions:
-#  source /tmp/integration-test-env && go test -v -race -count 1 -timeout 0 ./test/integration -run  /TestE2EFullIntegration_Browser
-#  hack/prepare-supervisor-on-kind.sh --oidc
+# The PackageRepository will be installed on the kind cluster.
 #
 # Example usage:
 #   PINNIPED_USE_LOCAL_KIND_REGISTRY=1 ./hack/prepare-for-integration-tests.sh --clean --pre-install ./hack/lib/carvel_packages/build.sh --alternate-deploy ./hack/lib/carvel_packages/deploy.sh
@@ -53,15 +48,17 @@ function check_dependency() {
   fi
 }
 
-# this script is best invoked from the root directory
-# it is designed to be passed as --pre-install flag to hack/prepare-for-integration-tests.sh
+# This script is best invoked from the root directory.
+# It is designed to be passed as --pre-install flag to hack/prepare-for-integration-tests.sh.
 hack_lib_path="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
 cd "${hack_lib_path}/../../" || exit 1
 
-# arguments provided to scripts called by hack/prepare-for-integration-tests.sh
-# - app: unimportant, but always first
-# - tag: uuidgen in hack/prepare-for-integration-tests.sh
-#        if this script is run standalone, then auto-fill with a unique value
+# Check for dependencies
+check_dependency kbld "Please install kbld. e.g. 'brew tap vmware-tanzu/carvel && brew install kbld' for MacOS"
+check_dependency imgpkg "Please install imgpkg. e.g. 'brew tap vmware-tanzu/carvel && brew install imgpkg' for MacOS"
+check_dependency vendir "Please install vendir. e.g. 'brew tap vmware-tanzu/carvel && brew install vendir' for MacOS"
+
+# Expected arguments.
 app=${1:-"app-argument-not-provided"}
 tag=${2:-"tag-argument-not-provided"}
 registry=${3:-"registry-argument-not-provided"}
@@ -77,10 +74,8 @@ if [[ "${PINNIPED_USE_LOCAL_KIND_REGISTRY:-}" == "" ]]; then
   exit 1
 fi
 
-
 pinniped_package_version="${tag}" # ie, "0.25.0"
 registry_repo="$registry/$repo"
-registry_repo_tag="${registry_repo}:${tag}"
 
 api_group_suffix="pinniped.dev"
 
@@ -91,15 +86,13 @@ package_repo_prefix="${registry_repo}/package" # + $resource_name + ":" + $tag
 package_repository_repo="pinniped-package-repository"
 package_repository_repo_tag="${registry_repo}/${package_repository_repo}:${tag}"
 
-
-dest_dir="deploy_carvel"
 carvel_package_src="hack/lib/carvel_packages"
-template_src_dir="${carvel_package_src}/tpl"
-
+template_src_dir="${carvel_package_src}/templates"
 
+dest_dir="deploy_carvel_tmp"
 # clean the root carvel package directory
 rm -rf "${dest_dir}"
-mkdir "${dest_dir}"
+mkdir -p "${dest_dir}"
 
 # Generate the OpenAPI v3 Schema files, imgpkg images.yml files
 declare -a packages_to_build=("local-user-authenticator" "pinniped-concierge" "pinniped-supervisor")
@@ -110,7 +103,6 @@ do
 
   # sources
   resource_package_template_source_dir="${template_src_dir}/${resource_name}"
-  resource_ytt_config_file_source_dir="deploy/${resource_name}" # copy from original ytt templates
   # destinations
   resource_destination_dir="${dest_dir}/${resource_name}"
   resource_config_destination_dir="${resource_destination_dir}/config"
@@ -143,8 +135,8 @@ do
   imgpkg push --bundle "${package_repo_tag}" --file "${resource_destination_dir}"
 
   log_note "Generating PackageRepository Package entry for ${resource_name}"
-  # publish package versions to package repository
-  packages_dir="deploy_carvel/package_repository/packages/"
+  # Publish package versions to package repository.
+  packages_dir="${dest_dir}/package_repository/packages/"
   package_repository_dir="${packages_dir}/${resource_qualified_name}"
   mkdir -p "${packages_dir}"
   rm -rf "${package_repository_dir}"
@@ -160,11 +152,11 @@ do
 done
 
 log_note "Generating .imgpkg/images.yml for  Pinniped PackageRepository bundle..."
-mkdir -p "deploy_carvel/package_repository/.imgpkg"
-kbld --file "deploy_carvel/package_repository/packages/" --imgpkg-lock-output "deploy_carvel/package_repository/.imgpkg/images.yml"
+mkdir -p "${dest_dir}/package_repository/.imgpkg"
+kbld --file "${dest_dir}/package_repository/packages/" --imgpkg-lock-output "${dest_dir}/package_repository/.imgpkg/images.yml"
 
 log_note "Pushing Pinniped PackageRepository bundle.... "
-imgpkg push --bundle "${package_repository_repo_tag}" --file "deploy_carvel/package_repository"
+imgpkg push --bundle "${package_repository_repo_tag}" --file "${dest_dir}/package_repository"
 
 # manually validate the package bundle by pulling it from the registry and examining its contents:
 # imgpkg pull --bundle "${package_repository_repo_tag}" --output "/tmp/${package_repository_repo_tag}"

hack/lib/carvel_packages/deploy.sh

@@ -1,21 +1,13 @@
 #!/usr/bin/env bash
 
-# Copyright 2020-2023 the Pinniped contributors. All Rights Reserved.
+# Copyright 2023 the Pinniped contributors. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
 #
 # This script can be used in conjunction with prepare-for-integration-tests.sh.
 # When invoked with the PINNIPED_USE_LOCAL_KIND_REGISTRY environment variable set to a non-empty value,
-# the integration tests script will create a local docker registry and configure kind to use the registry
-# and will build the Pinniped binary and container image.
-# This script will then create Carvel Packages for supervisor,concierge and local-user-authenticator.
-# It will also create a Carvel PackageRepository.
-# The PackageRepository will be installed on the kind cluster, then PackageInstall resources
-# will be created to deploy an instance of each of the packages on the cluster.
-# Once this script has completed, Pinniped can be interacted with as if it had been deployed in the usual way,
-# for example by running tests or by preparing supervisor for manual interactions:
-#  source /tmp/integration-test-env && go test -v -race -count 1 -timeout 0 ./test/integration -run  /TestE2EFullIntegration_Browser
-#  hack/prepare-supervisor-on-kind.sh --oidc
+# the prepare-for-integration-tests.sh script will create a local docker registry and configure kind to use the registry.
+# This script will deploy the Carvel Packages for supervisor, concierge, or local-user-authenticator.
 #
 # Example usage:
 #   PINNIPED_USE_LOCAL_KIND_REGISTRY=1 ./hack/prepare-for-integration-tests.sh --clean --pre-install ./hack/lib/carvel_packages/build.sh --alternate-deploy ./hack/lib/carvel_packages/deploy.sh
@@ -53,15 +45,12 @@ function check_dependency() {
   fi
 }
 
-# this script is best invoked from the root directory
-# it is designed to be passed as --pre-install flag to hack/prepare-for-integration-tests.sh
+# This script is best invoked from the root directory.
+# It is designed to be passed as --alternate-deploy flag to hack/prepare-for-integration-tests.sh.
 hack_lib_path="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
 cd "$hack_lib_path/../../" || exit 1
 
-# arguments provided to scripts called by hack/prepare-for-integration-tests.sh
-# - app: unimportant, but always first
-# - tag: uuidgen in hack/prepare-for-integration-tests.sh
-#        if this script is run standalone, then auto-fill with a unique value
+# Expected arguments.
 app=${1:-"app-argument-not-provided"}
 tag=${2:-"tag-argument-not-provided"}
 registry=${3:-"registry-argument-not-provided"}
@@ -80,35 +69,28 @@ if [[ "${PINNIPED_USE_LOCAL_KIND_REGISTRY:-}" == "" ]]; then
   exit 1
 fi
 
-
 pinniped_package_version="${tag}" # ie, "0.25.0"
-
 registry_repo="$registry/$repo"
-registry_repo_tag="${registry_repo}:${tag}"
-
-api_group_suffix="pinniped.dev"
-
-# Package prefix for concierge, supervisor, local-user-authenticator
-package_repo_prefix="${registry_repo}/package" # + $resource_name + ":" + $tag
 
 # Pinniped Package repository
 package_repository_repo="pinniped-package-repository"
 package_repository_repo_tag="${registry_repo}/${package_repository_repo}:${tag}"
 
+# Use the same directory as build.sh.
+dest_dir="deploy_carvel_tmp"
 
-# deploy kapp-controller onto kind cluster
+# Deploy kapp-controller onto kind cluster.
 log_note "Installing kapp-controller on cluster..."
 KAPP_CONTROLLER_GLOBAL_NAMESPACE="kapp-controller-packaging-global"
 kapp deploy --app kapp-controller --file "https://github.com/vmware-tanzu/carvel-kapp-controller/releases/latest/download/release.yml" -y
 
-# ensure this directory exists though this script will run several times
-mkdir -p "deploy_carvel/install"
+# Ensure this directory exists though this script will run several times.
+mkdir -p "${dest_dir}/install"
 
 log_note "Deploying Pinniped PackageRepository..."
 pinniped_package_repository_name="pinniped-package-repository"
-pinniped_package_repository_file="deploy_carvel/install/packagerepository.${pinniped_package_version}.yml"
-echo -n "" > "${pinniped_package_repository_file}"
-cat <<EOT >> "${pinniped_package_repository_file}"
+pinniped_package_repository_file="${dest_dir}/install/packagerepository.${pinniped_package_version}.yml"
+cat <<EOT > "${pinniped_package_repository_file}"
 ---
 apiVersion: packaging.carvel.dev/v1alpha1
 kind: PackageRepository
@@ -124,20 +106,18 @@ EOT
 kapp deploy --app "${pinniped_package_repository_name}" --file "${pinniped_package_repository_file}" -y
 kapp inspect --app "${pinniped_package_repository_name}" --tree
 
-
 resource_name="${app}"
 
 log_note "Creating RBAC for ${resource_name} PackageInstall..."
 
 namespace="${resource_name}-install-ns"
 pinniped_package_rbac_prefix="pinniped-package-rbac-${resource_name}"
-pinniped_package_rbac_file="deploy_carvel/install/${pinniped_package_rbac_prefix}-${resource_name}-rbac.yml"
-echo -n "" > "${pinniped_package_rbac_file}"
-# NOTE: this script is for development purposes running on a local kind cluster.
+pinniped_package_rbac_file="${dest_dir}/install/${pinniped_package_rbac_prefix}-${resource_name}-rbac.yml"
+# NOTE: This script is for development purposes running on a local kind cluster.
 # For any other use case, the generated artifacts should be properly reviewed.
 # For example, the RBAC generated here should be adjusted to conform to the
 # principle of LEAST privilege.
-cat <<EOF >> "${pinniped_package_rbac_file}"
+cat <<EOF > "${pinniped_package_rbac_file}"
 ---
 apiVersion: v1
 kind: Namespace
@@ -176,12 +156,11 @@ EOF
 
 kapp deploy --app "${pinniped_package_rbac_prefix}" --file "${pinniped_package_rbac_file}" -y
 
-
 log_note "Creating ${resource_name} PackageInstall..."
 NAMESPACE="${resource_name}-install-ns"
 PINNIPED_PACKAGE_RBAC_PREFIX="pinniped-package-rbac-${resource_name}"
 RESOURCE_PACKAGE_VERSION="${resource_name}.pinniped.dev"
-PACKAGE_INSTALL_FILE_NAME="deploy_carvel/install/${resource_name}-pkginstall.yml"
+PACKAGE_INSTALL_FILE_NAME="${dest_dir}/install/${resource_name}-pkginstall.yml"
 SECRET_NAME="${resource_name}-package-install-secret"
 
 log_note "Generating ${PACKAGE_INSTALL_FILE_NAME}..."
@@ -211,7 +190,6 @@ KAPP_CONTROLLER_APP_NAME="${resource_name}-pkginstall"
 log_note "Deploying ${KAPP_CONTROLLER_APP_NAME}..."
 kapp deploy --app "${KAPP_CONTROLLER_APP_NAME}" --file "${PACKAGE_INSTALL_FILE_NAME}" -y
 
-
 log_note "Verifying PackageInstall resources..."
 kubectl get PackageInstall -A | grep pinniped
 kubectl get secret -A | grep pinniped

hack/lib/carvel_packages/tpl/.gitignore

@@ -1,12 +0,0 @@
-# package_repository/packages/{pkg}/ contains specific SHAs of images
-# we are using 0.0.0- to indicate dev versions of images
-*0.0.0*
-
-# installation artifacts will be generated here
-deploy/
-
-# images.yml files contain specific SHAs of images
-concierge/.imgpkg/images.yml
-supervisor/.imgpkg/images.yml
-local-user-authenticator/.imgpkg/images.yml
-package_repository/.imgpkg/images.yml

hack/lib/kind-config/kind-registry-overlay.yaml

@@ -2,7 +2,7 @@
 #! SPDX-License-Identifier: Apache-2.0
 
 #@ load("@ytt:overlay", "overlay")
-#@overlay/match by=overlay.all
+#@overlay/match by=overlay.subset({"kind": "Cluster"}), expects=1
 ---
 #@overlay/match missing_ok=True
 containerdConfigPatches: