feat: add prototypes in the init command

internal/myks/assets/prototypes/argocd/app-data.ytt.yaml

@@ -0,0 +1,5 @@
+#@data/values-schema
+---
+#@overlay/match-child-defaults missing_ok=True
+application:
+  namespace: argocd

internal/myks/assets/prototypes/argocd/vendir/base.ytt.yaml

@@ -0,0 +1,14 @@
+#@ load("@ytt:data", "data")
+---
+apiVersion: vendir.k14s.io/v1alpha1
+kind: Config
+directories:
+  - path: ytt/argocd
+    contents:
+      - path: .
+        git:
+          url: #@ data.values.git.url
+          ref: #@ data.values.git.version
+        includePaths:
+          - manifests/ha/install.yaml
+        newRootPath: manifests/ha

internal/myks/assets/prototypes/argocd/vendir/vendir-data.ytt.yaml

@@ -0,0 +1,8 @@
+#@data/values-schema
+---
+git:
+  #! WARNING: The order of the keys (alphabetical) is important for renovate.
+  #!          When changed, renovate won't be able to detect the new version.
+  #! renovate: datasource=git-tags
+  url: https://github.com/argoproj/argo-cd
+  version: v2.7.3

internal/myks/assets/prototypes/argocd/ytt/argocd-vault-plugin.ytt.yaml

@@ -0,0 +1,109 @@
+#@ load("@ytt:data", "data")
+#@ load("@ytt:overlay", "overlay")
+#@ load("@ytt:yaml", "yaml")
+
+#@ cm = "cmp-plugin"
+#@ sa = "argocd-repo-server"
+#@ gcp_sa = data.values.application.gcpServiceAccountEmail
+
+
+#! Modify existing argocd-repo-server service account to use workload identity.
+#@overlay/match by=overlay.subset({"kind": "ServiceAccount", "metadata": {"name": sa}})
+---
+#@overlay/match-child-defaults missing_ok=True
+metadata:
+  annotations:
+    iam.gke.io/gcp-service-account: #@ gcp_sa
+
+#! The following overlay is used to add the argocd-vault-plugin to ArgoCD.
+#! It is done by patching the argocd-repo-server deployment in the following way:
+#!   1. Mount cmp-plugin configmap, which contains the argocd-vault-plugin configuration.
+#!   2. Add the argocd-vault-plugin container, which will run the argocd-vault-plugin binary.
+#!      Additional volumes are mounted to make it work with ArgoCD.
+#!   3. Add the download-tools initContainer to download the argocd-vault-plugin binary,
+#!      which is shared with the argocd-vault-plugin container via the download-tools emptyDir volume.
+#@overlay/match by=overlay.subset({"kind": "Deployment", "metadata": {"name": "argocd-repo-server"}})
+---
+#@overlay/match-child-defaults missing_ok=True
+spec:
+  template:
+    spec:
+      serviceAccountName: #@ sa
+      nodeSelector:
+        iam.gke.io/gke-metadata-server-enabled: "true"
+      volumes:
+        - name: cmp-plugin
+          configMap:
+            name: #@ cm
+        - name: custom-tools
+          emptyDir: {}
+        - name: cmp-tmp
+          emptyDir: {}
+      initContainers:
+        - name: download-tools
+          image: registry.access.redhat.com/ubi8
+          env:
+            - name: AVP_VERSION
+              value: 1.14.0
+          command: [sh, -c]
+          args:
+            - '
+              curl https://github.com/argoproj-labs/argocd-vault-plugin/releases/download/v$(AVP_VERSION)/argocd-vault-plugin_$(AVP_VERSION)_linux_amd64
+                --location
+                --output /custom-tools/argocd-vault-plugin
+              && chmod 0755 /custom-tools/argocd-vault-plugin'
+          volumeMounts:
+            - name: custom-tools
+              mountPath: /custom-tools
+      containers:
+        - name: argocd-vault-plugin
+          command: [/var/run/argocd/argocd-cmp-server]
+          image: registry.access.redhat.com/ubi8
+          securityContext:
+            runAsNonRoot: true
+            runAsUser: 999
+          volumeMounts:
+            - name: var-files
+              mountPath: /var/run/argocd
+            - name: plugins
+              mountPath: /home/argocd/cmp-server/plugins
+            - name: cmp-tmp
+              mountPath: /tmp
+
+            #! Register plugins into sidecar
+            - name: cmp-plugin
+              mountPath: /home/argocd/cmp-server/config/plugin.yaml
+              subPath: avp.yaml
+
+            #! Important: Mount tools into $PATH
+            - name: custom-tools
+              mountPath: /usr/local/bin/argocd-vault-plugin
+              subPath: argocd-vault-plugin
+
+#@ def avp_plugin_config():
+apiVersion: argoproj.io/v1alpha1
+kind: ConfigManagementPlugin
+metadata:
+  name: argocd-vault-plugin
+spec:
+  version: v1.0.0
+  generate:
+    command: ['bash', '-c']
+    args:
+      - |-
+        export AVP_TYPE=gcpsecretmanager
+        find . \
+          -regextype egrep \
+          -iregex '.*\.(yaml|yml)' \
+          -printf '---\n' \
+          -exec cat {} \; \
+        | argocd-vault-plugin generate -
+#@ end
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: #@ cm
+data:
+  avp.yaml: #@ yaml.encode(avp_plugin_config())

internal/myks/assets/prototypes/argocd/ytt/ns.ytt.yaml

@@ -0,0 +1,16 @@
+#@ load("@ytt:data", "data")
+#@ load("@ytt:overlay", "overlay")
+
+#@ ns = data.values.application.namespace
+
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: #@ ns
+
+#@overlay/match by=overlay.all, expects="1+"
+---
+metadata:
+  #@overlay/match missing_ok=True
+  namespace: #@ ns

internal/myks/assets/prototypes/httpbingo/vendir/base.ytt.yaml

@@ -0,0 +1,13 @@
+#@ load("@ytt:data", "data")
+---
+apiVersion: vendir.k14s.io/v1alpha1
+kind: Config
+directories:
+  - path: #@ "charts/" + data.values.chart.name
+    contents:
+      - path: .
+        helmChart:
+          name: #@ data.values.chart.name
+          version: #@ data.values.chart.version
+          repository:
+            url: #@ data.values.chart.url

internal/myks/assets/prototypes/httpbingo/vendir/vendir-data.ytt.yaml

@@ -0,0 +1,10 @@
+#@data/values-schema
+---
+chart:
+  #! WARNING: The order of the keys (alphabetical) is important for renovate.
+  #!          When changed, renovate won't be able to detect the new version.
+  #!          See renovate.json for more details.
+  #! renovate: datasource=helm
+  name: httpbingo
+  url: https://estahn.github.io/charts
+  version: 0.1.1

internal/myks/globe.go

@@ -1,7 +1,7 @@
 package myks
 
 import (
-	_ "embed"
+	"embed"
 	"fmt"
 	"io"
 	"io/fs"
@@ -15,6 +15,9 @@ import (
 //go:embed assets/env-data.ytt.yaml
 var dataSchema []byte
 
+//go:embed assets/prototypes
+var prototypesFs embed.FS
+
 // Define the main structure
 type Globe struct {
 	/// Globe configuration
@@ -138,7 +141,17 @@ func (g *Globe) SyncAndRender() error {
 
 // Bootstrap creates the initial directory structure and files
 func (g *Globe) Bootstrap() error {
-	return g.createBaseFileStructure()
+	log.Info().Msg("Creating base file structure")
+	if err := g.createBaseFileStructure(); err != nil {
+		return err
+	}
+
+	log.Info().Msg("Creating sample prototypes")
+	if err := g.createSamplePrototypes(); err != nil {
+		return err
+	}
+
+	return nil
 }
 
 func (g *Globe) createBaseFileStructure() error {
@@ -147,13 +160,12 @@ func (g *Globe) createBaseFileStructure() error {
 	renderedDir := filepath.Join(g.RootDir, g.RenderedDir)
 	dataSchemaFile := filepath.Join(envDir, g.EnvironmentDataFileName)
 
-	log.Debug().
-		Str("environments directory", envDir).
-		Str("prototypes directory", protoDir).
-		Str("rendered directory", renderedDir).
-		Str("data schema file", dataSchemaFile).
-		Msg("Creating base file structure")
+	log.Debug().Str("environments directory", envDir).Msg("")
+	log.Debug().Str("prototypes directory", protoDir).Msg("")
+	log.Debug().Str("rendered directory", renderedDir).Msg("")
+	log.Debug().Str("data schema file", dataSchemaFile).Msg("")
 
+	// TODO: interactively ask for confirmation and overwrite without checking
 	notCleanErr := fmt.Errorf("Target directory is not clean, aborting")
 
 	if _, err := os.Stat(envDir); err == nil {
@@ -187,6 +199,11 @@ func (g *Globe) createBaseFileStructure() error {
 	return nil
 }
 
+func (g *Globe) createSamplePrototypes() error {
+	protoDir := filepath.Join(g.RootDir, g.PrototypesDir)
+	return copyFileSystemToPath(prototypesFs, "assets/prototypes", protoDir)
+}
+
 func (g *Globe) collectEnvironments(searchPaths []string) {
 	if len(searchPaths) == 0 {
 		searchPaths = []string{g.EnvironmentBaseDir}

internal/myks/util.go

@@ -4,7 +4,10 @@ import (
 	"bytes"
 	"fmt"
 	"io"
+	"io/fs"
+	"os"
 	"os/exec"
+	"path/filepath"
 	"reflect"
 
 	"github.com/rs/zerolog/log"
@@ -101,3 +104,61 @@ func processItemsInParallel(collection interface{}, fn func(interface{}) error)
 
 	return err
 }
+
+func copyFileSystemToPath(source fs.FS, sourcePath string, destinationPath string) error {
+	err := fs.WalkDir(source, sourcePath, func(path string, d fs.DirEntry, err error) error {
+		if err != nil {
+			return err
+		}
+
+		// Skip the root directory
+		if path == sourcePath {
+			return nil
+		}
+
+		// Construct the corresponding destination path
+		relPath, err := filepath.Rel(sourcePath, path)
+		if err != nil {
+			// This should never happen
+			return err
+		}
+		destination := filepath.Join(destinationPath, relPath)
+
+		log.Trace().
+			Str("source", path).
+			Str("destination", destination).
+			Bool("isDir", d.IsDir()).
+			Msg("Copying file")
+
+		if d.IsDir() {
+			// Create the destination directory
+			if err := os.MkdirAll(destination, 0o755); err != nil {
+				return err
+			}
+		} else {
+			// Open the source file
+			srcFile, err := source.Open(path)
+			if err != nil {
+				return err
+			}
+			defer srcFile.Close()
+
+			// Create the destination file
+			dstFile, err := os.Create(destination)
+			if err != nil {
+				return err
+			}
+			defer dstFile.Close()
+
+			// Copy the contents of the source file to the destination file
+			_, err = io.Copy(dstFile, srcFile)
+			if err != nil {
+				return err
+			}
+		}
+
+		return nil
+	})
+
+	return err
+}