Set project ID

porch/config/deploy/3-porch-server.yaml

@@ -47,11 +47,10 @@ spec:
           imagePullPolicy: Always
           resources:
             requests:
-              memory: "64Mi"
+              memory: "256Mi"
               cpu: "250m"
             limits:
-              memory: "128Mi"
-              cpu: "1000m"
+              memory: "512Mi"
           volumeMounts:
             - mountPath: /cache
               name: cache-volume

porch/config/samples/apps/hello-server/Dockerfile

@@ -0,0 +1,29 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM golang:1.17-bullseye as builder
+
+WORKDIR /src
+COPY go.mod go.sum ./
+
+WORKDIR /src
+COPY *.go .
+
+RUN CGO_ENABLED=0 go build -o /hello-server -v .
+
+FROM gcr.io/distroless/static
+WORKDIR /
+COPY --from=builder /hello-server /hello-server
+
+ENTRYPOINT ["/hello-server"]

porch/config/samples/apps/hello-server/Makefile

@@ -0,0 +1,27 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# GCP project to use for development
+GCP_PROJECT_ID ?= $(shell gcloud config get-value project)
+IMAGE_TAG ?= latest
+IMAGE_REPO ?= gcr.io/$(GCP_PROJECT_ID)
+IMAGE_NAME ?= hello-server
+
+.PHONY: push-image
+push-image:
+	docker buildx build --push --tag $(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) .
+
+.PHONY: build-image
+build-image:
+	docker buildx build --load --tag $(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) .

porch/config/samples/apps/hello-server/go.mod

@@ -0,0 +1,3 @@
+module github.com/GoogleContainerTools/kpt/porch/config/samples/apps/hello
+
+go 1.17

porch/config/samples/apps/hello-server/k8s/Kptfile

@@ -0,0 +1,13 @@
+apiVersion: kpt.dev/v1
+kind: Kptfile
+metadata:
+  name: hello-server
+info:
+  emails:
+    - kpt-team@google.com
+  description: This is an example package.
+# pipeline:
+#   validators:
+#     - image: gcr.io/kpt-fn/kubeval:v0.1
+#       configMap:
+#         strict: "true"

porch/config/samples/apps/hello-server/k8s/deployment.yaml

@@ -0,0 +1,32 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: hello-server
+  namespace: hello-server
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: hello-server
+  template:
+    metadata:
+      labels:
+        app: hello-server
+    spec:
+      containers:
+        - name: hello-server
+          image: "gcr.io/example-google-project-id/hello-server:latest"

porch/config/samples/apps/hello-server/k8s/ns.yaml

@@ -0,0 +1,18 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: hello-server

porch/config/samples/apps/hello-server/k8s/svc.yaml

@@ -0,0 +1,27 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: hello-server
+  namespace: hello-server
+spec:
+  type: LoadBalancer
+  selector:
+    app: hello-server
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080

porch/config/samples/apps/hello-server/main.go

@@ -0,0 +1,31 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"os"
+)
+
+func main() {
+	if err := run(context.Background()); err != nil {
+		fmt.Fprintf(os.Stderr, "%v\n", err)
+		os.Exit(1)
+	}
+}
+
+func run(ctx context.Context) error {
+	http.HandleFunc("/", HelloHandler)
+
+	listen := ":8080"
+	if err := http.ListenAndServe(listen, nil); err != nil {
+		return fmt.Errorf("error listening on %q: %w", listen, err)
+	}
+
+	// This is documented not to happen
+	return fmt.Errorf("error:: ListenAndServe returned nil error")
+}
+
+func HelloHandler(w http.ResponseWriter, r *http.Request) {
+	fmt.Fprintf(w, "Hello world\n")
+}

porch/config/samples/create-deployment-package.sh

@@ -21,9 +21,9 @@ apiVersion: porch.kpt.dev/v1alpha1
 kind: PackageRevision
 metadata:
   namespace: default
-  name: "deployment:myfirstnginx:v1"
+  name: "deployment:helloserver:v1"
 spec:
-  packageName: myfirstnginx
+  packageName: helloserver
   revision: v1
   repository: deployment
   tasks:
@@ -32,12 +32,19 @@ spec:
       upstreamRef:
         type: git
         git:
-          repo: https://github.com/GoogleContainerTools/kpt
-          ref: v0.7
-          directory: package-examples/nginx
+          repo: https://github.com/justinsb/kpt
+          ref: main_integration
+          directory: porch/config/samples/apps/hello-server/k8s
 EOF
 
-kubectl get packagerevision -n default deployment:myfirstnginx:v1 -oyaml
+kubectl get packagerevision -n default deployment:helloserver:v1 -oyaml
 
-kubectl get packagerevisionresources -n default deployment:myfirstnginx:v1 -oyaml
+kubectl get packagerevisionresources -n default deployment:helloserver:v1 -oyaml
 
+# Update the package in-place
+GCP_PROJECT_ID=$(gcloud config get-value project)
+kubectl get packagerevisionresources -n default deployment:helloserver:v1 -oyaml | \
+  sed -e s/example-google-project-id/${GCP_PROJECT_ID}/g | \
+  kubectl replace -f -
+
+kubectl get packagerevisionresources -n default deployment:helloserver:v1 -oyaml

porch/config/samples/packages/domain/folder.yaml

@@ -0,0 +1,9 @@
+apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
+kind: Folder
+metadata:
+  name: environments
+  namespace: config-control
+spec:
+  #displayName: environments
+  organizationRef:
+    external: "TODO"

porch/config/samples/packages/environment/config-control/Kptfile

@@ -0,0 +1,11 @@
+apiVersion: kpt.dev/v1
+kind: Kptfile
+metadata:
+  name: config-control
+info:
+  description: sample description
+pipeline:
+  mutators:
+  - image: gcr.io/kpt-fn-demo/set-project-id:v0.1-justin
+    configMap:
+      projectID: project-id

porch/config/samples/packages/environment/config-control/kcc.yaml

@@ -0,0 +1,41 @@
+apiVersion: iam.cnrm.cloud.google.com/v1beta1
+kind: IAMServiceAccount
+metadata:
+  name: cc-robot-project-id
+  namespace: config-control
+  annotations:
+    cnrm.cloud.google.com/project-id: project-id
+    cnrm.cloud.google.com/blueprint: 'kpt-fn'
+spec:
+  displayName: ConfigConnector ServiceAccount for namespace project-id
+  resourceID: cc-robot
+---
+apiVersion: iam.cnrm.cloud.google.com/v1beta1
+kind: IAMPolicyMember
+metadata:
+  name: cc-robot-workloadidentity-project-id
+  namespace: config-control
+spec:
+  member: serviceAccount:parent-project-id.svc.id.goog[cnrm-system/cnrm-controller-manager-project-id]
+  role: roles/iam.workloadIdentityUser
+  resourceRef:
+    apiVersion: iam.cnrm.cloud.google.com/v1beta1
+    kind: IAMServiceAccount
+    name: cc-robot-project-id
+---
+apiVersion: iam.cnrm.cloud.google.com/v1beta1
+kind: IAMPolicyMember
+metadata:
+  name: cc-robot-project-id
+  namespace: config-control
+spec:
+  memberFrom:
+    serviceAccountRef:
+      # Updating this field should not rely on set-project-id, it should
+      # use name reference to match this field to serviceAccount.
+      name: cc-robot-project-id
+  role: roles/owner
+  resourceRef:
+    apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
+    kind: Project
+    external: project-id

porch/config/samples/packages/environment/config-control/project.yaml

@@ -0,0 +1,25 @@
+apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
+kind: Folder
+metadata:
+  name: dev
+  namespace: config-control
+spec:
+  folderRef:
+    name: environments
+
+# ---
+# 
+# # We need to enable some services so we can enable other services
+# # TODO: unclear if it is cloudresourcemanager or serviceusage or both
+# apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
+# kind: Service
+# metadata:
+#   annotations:
+#     cnrm.cloud.google.com/deletion-policy: "abandon"
+#     cnrm.cloud.google.com/disable-dependent-services: "false"
+#   name: project-id-cloudresourcemanager
+#   namespace: config-control
+# spec:
+#   resourceID: cloudresourcemanager.googleapis.com
+#   projectRef:
+#     name: project-id

porch/config/samples/packages/environment/config-control/rbac.yaml

@@ -0,0 +1,13 @@
+apiVersion: iam.cnrm.cloud.google.com/v1beta1
+kind: IAMPolicyMember
+metadata:
+  name: project-id-dev-admins
+  namespace: config-control
+spec:
+  # TODO: Replace with group?
+  member: user:justinsb@google.com
+  role: roles/editor
+  resourceRef:
+    apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
+    kind: Project
+    external: project-id

porch/config/samples/packages/environment/project-specific/Kptfile

@@ -0,0 +1,14 @@
+apiVersion: kpt.dev/v1
+kind: Kptfile
+metadata:
+  name: project-specific
+info:
+  description: sample description
+pipeline:
+  mutators:
+  - image: gcr.io/kpt-fn-demo/set-project-id:v0.1-justin
+    configMap:
+      projectID: project-id
+  - image: gcr.io/kpt-fn/set-namespace:v0.2
+    configMap:
+      namespace: project-id

porch/config/samples/packages/environment/project-specific/kcc.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: project-id
+  annotations:
+    cnrm.cloud.google.com/project-id: project-id
+---
+apiVersion: core.cnrm.cloud.google.com/v1beta1
+kind: ConfigConnectorContext
+metadata:
+  name: configconnectorcontext.core.cnrm.cloud.google.com
+  namespace: project-id
+spec:
+  googleServiceAccount: cc-robot@project-id.iam.gserviceaccount.com

porch/controllers/remoterootsync/config/samples/hack-self-apply.yaml

@@ -25,5 +25,5 @@ spec:
     name: loopback! # TODO: This is a hack used during development, remove once we are more end-to-end enabled.
   template:
     oci:
-      #repository: us-west1-docker.pkg.dev/example-google-project-id/deployment/myfirstnginx:v1
-      repository: us-west1-docker.pkg.dev/example-google-project-id/packages/porch:v0.0.1
+      #repository: us-west1-docker.pkg.dev/example-google-project-id/packages/porch:v0.0.1
+      repository: us-west1-docker.pkg.dev/example-google-project-id/deployment/helloserver:v1