This project has been developed for demonstration purposes only.
It is intended to show how to manage a Carvel package and its repository using GitHub workflows and VMware Image Builder service. The registry will contain a single package: simple-app, which defines a very simple service.
For its development, the steps and examples of the Carvel Packaging tutorial have been followed.
This project consists of 2 components:
- simple-app: with the package information
- repository: with the repository data
Note: As container registry we are using GitHub Container Registry. For workflows to be able to push images to the registry, it's required that workflows have access. Keep in mind that to give access it is necessary to create the package by hand first.
After making any changes in simple-app and before committing it, it is necessary to execute [./bundle/prepare-version.sh]
$ ./bundle/prepare-version.sh 1.0.0This script will do the following:
- Record the images used with
kbld, in order to have immutable images references - Generate an OpenApI schema from the value.yaml file, which defines how to configure the package
- Generate the Package CRD, which will include the OpenAPI schema.
Once the package is prepared, the commit can be done. This will launch a workflow that will use a VIB pipeline. to pack, verify, and publish the package easily and efficiently:
- Pack simple-app
- Provision of a cluster on GKE
- Deploy simple-app in the new cluster
- Perform resilience tests, creating and deleting pods.
- Generate a Trivy report to discover vulnerabilities.
- Undeploy simple-app
- Unprovision the cluster
- If all went ok, publish the package to the OCI registry
After publish the package will be launched the second job of the workflow:
- Copy the package CR to repository renames as the version.
- Record which package bundles are used with
kbld. - Commit repository changes
- Push the repository bundle to the OCI registry
- Create the PackageRepository CR
- Create a new Release in GitHub
- Upload the PackageRepository as a release asset
- Install kapp-controller dependencies
- Install kapp-controller
- Install the generated repository
$ kubectl apply -f https://github.com/javierfreire/carvel-repository-example/releases/latest/download/package_repository_cr.yml
- Now, you can list the package metadatas and the packages
$ kubectl get packagemetadatas $ kubectl get packages
- Create an installation
$ cat > pkginstall.yml << EOF --- apiVersion: packaging.carvel.dev/v1alpha1 kind: PackageInstall metadata: name: pkg-demo spec: serviceAccountName: default-ns-sa packageRef: refName: simple-app.corp.org versionSelection: constraints: 1.0.0 EOF
- Create default service account
$ kapp deploy -a default-ns-rbac -f https://raw.githubusercontent.com/vmware-tanzu/carvel-kapp-controller/develop/examples/rbac/default-ns.yml -y
- Install package
$ kapp deploy -a pkg-demo -f pkginstall.yml -y