How to install packages KC and SGC through kapp-controller

# How to install packages KC and SGC through kapp-controller ## Install package kapp-controller through kapp-controller **Two clusters:** 1. Local (minikube) -> where you will deploy KC1 who will be responsible to deploy package of KC2 and will deploy package, package install of KC2 2. remote (GKE) -> where exactly the resource of KC2 will get deployed by KC1 **Steps:** 1. Deploy RBAC on minikube: `kapp deploy -a rbac -f https://raw.githubusercontent.com/carvel-dev/kapp-controller/develop/examples/rbac/cluster-admin.yml -y` 2. Deploy KC1 on minikube: `kapp deploy -a kc -f https://github.com/carvel-dev/kapp-controller/releases/latest/download/release.yml -y` 3. Now create a secret which will have creds to connect with remote cluster and the same secret will be used by package-install of KC2: `kubectl apply -f <your-secret-yaml>` Cluster info filled in below secret file you can get from `~/.kube/config` on your system ``` $ cat secret.yaml apiVersion: v1 kind: Secret metadata: name: kc-pkg-secret namespace: default type: Opaque stringData: value: | apiVersion: v1 kind: Config preferences: {} clusters: - cluster: certificate-authority-data: <can be found in ~/.kube/config> server: https://34.133.63.242 name: gke_cf-k8s-lifecycle-tooling-klt_us-central1-c_cluster-kt contexts: - context: cluster: gke_cf-k8s-lifecycle-tooling-klt_us-central1-c_cluster-kt user: gke_cf-k8s-lifecycle-tooling-klt_us-central1-c_cluster-kt name: gke_cf-k8s-lifecycle-tooling-klt_us-central1-c_cluster-kt current-context: gke_cf-k8s-lifecycle-tooling-klt_us-central1-c_cluster-kt users: - name: gke_cf-k8s-lifecycle-tooling-klt_us-central1-c_cluster-kt user: token: <token> ``` Note: token get updated daily. So you have to update secret daily with new token value. **Token you can generate by:** `gcloud auth print-access-token <your email>` 4. Deploy package.yaml of KC2 in minikube: `kubectl apply -f <path to your package.yaml>` ``` $ cat package.yaml apiVersion: data.packaging.carvel.dev/v1alpha1 kind: Package metadata: creationTimestamp: null name: kapp-controller.carvel.dev.0.45.0 spec: licenses: - Apache 2.0 refName: kapp-controller.carvel.dev releasedAt: "2023-03-10T15:15:04Z" template: spec: deploy: - kapp: {} fetch: - imgpkgBundle: image: index.docker.io/ktanushree/kc-bundle@sha256:6a3947d1502ac0d03cc66b7c54692f21c2a0397355af8b65bd2a766a68d3df57 template: - ytt: paths: - config - kbld: paths: - '-' - .imgpkg/images.yml valuesSchema: openAPIv3: additionalProperties: false properties: apiPort: default: 10350 description: API port type: integer concurrency: default: 4 description: Concurrency of kapp-controller deployment type: integer config: additionalProperties: false description: Controller Configuration Spec properties: appDefaultSyncPeriod: default: "" description: Time duration value used as a default for App CR's spec.syncPeriod. Minimum is 30s. type: string appMinimumSyncPeriod: default: "" description: Time duration value to force a minimum for App CR's spec.syncPeriod. Minimum is 30s. type: string caCerts: default: "" description: A cert chain of trusted ca certs. These will be added to the system-wide cert pool of trusted ca's. Default is empty type: string dangerousSkipTLSVerify: default: "" description: A comma delimited list of hostnames for which kapp controller should skip TLS verification. Default is empty type: string httpProxy: default: "" description: The url/ip of a proxy for kapp controller to use when making network requests. Default is empty type: string httpsProxy: default: "" description: The url/ip of a tls capable proxy for kapp controller to use when making network requests. Default is empty type: string kappDeployRawOptions: default: "" description: JSON encoded array of kapp deploy rawOptions that are applied to all App CRs. type: string noProxy: default: "" description: A comma delimited list of domain names which kapp controller should bypass the proxy for when making requests. Default is empty type: string type: object coreDNSIP: default: "" description: The coreDNSIP will be injected into /etc/resolv.conf of kapp-controller pod type: string createNamespace: default: true description: Whether to create namespace specified for kapp-controller type: boolean createPackagingNamespace: default: true description: Whether to create the global packaging namespace for kapp-controller type: boolean daemonset: additionalProperties: false description: Configuration for daemonsets properties: updateStrategy: default: "" description: Update strategy of daemonset, empty uses default strategy type: string type: object dangerousEnablePprof: default: false description: Whether to enable pprofiling for kapp-controller type: boolean deployment: additionalProperties: false description: Configuration for deployments properties: rollingUpdate: additionalProperties: false description: Rolling update strategy. Applied only if RollingUpdate is used as updateStrategy properties: maxSurge: default: 0 description: The maxSurge of rollingUpdate. Applied only if RollingUpdate is used as updateStrategy type: integer maxUnavailable: default: 1 description: The maxUnavailable of rollingUpdate. Applied only if RollingUpdate is used as updateStrategy type: integer type: object updateStrategy: default: "" description: Update strategy of deployments, empty uses default strategy type: string type: object enableApiPriorityAndFairness: default: true description: Whether to enable api priority and fairness type: boolean hostNetwork: default: false description: HostNetwork of kapp-controller deployment. type: boolean metricsBindAddress: default: "" description: Address for metrics server. type: string namespace: default: kapp-controller description: The namespace in which to deploy kapp-controller type: string nodeSelector: default: null description: NodeSelector configuration applied to all the deployments nullable: true packagingGlobalNamespace: default: kapp-controller-packaging-global description: The global packaging namespace for kapp-controller type: string priorityClassName: default: "" description: PriorityClassName of kapp-controller deployment. type: string tlsCipherSuites: default: "" description: Comma separated list of cipher suites - empty for language defaults type: string tolerations: default: [] description: Toleration of kapp-controller deployment. items: default: "" type: string type: array type: object version: 0.45.0 ``` 5. Deploy package-install of KC2 into minikube: `kubectl apply -f <path to package-instal.yaml>` ``` apiVersion: packaging.carvel.dev/v1alpha1 kind: PackageInstall metadata: name: pkg-demo namespace: default spec: packageRef: refName: kapp-controller.carvel.dev versionSelection: constraints: 0.45.0 cluster: # specifies namespace in destination cluster (optional) namespace: default # specifies secret containing kubeconfig (required) kubeconfigSecretRef: # specifies secret name within app's namespace (required) name: kc-pkg-secret ``` Note: Package-install will read remote cluster's cred from secret `kc-pkg-secret` to connect with remote cluster (where all resources of KC2 will get deploy). ## Install package Secretgen-controller through kapp-controller: Need only one cluster. **Steps:** 1. Deploy RBAC on minikube: `kapp deploy -a rbac -f https://raw.githubusercontent.com/carvel-dev/kapp-controller/develop/examples/rbac/cluster-admin.yml -y` 2. Deploy KC on minikube: `kapp deploy -a kc -f https://github.com/carvel-dev/kapp-controller/releases/latest/download/release.yml -y` 3. kubectl create ns sg 4. kapp deploy -a sg -f </path to package.yml> -f -f </path to package-metadata.yml> -n sg -y ``` $cat package.yml apiVersion: data.packaging.carvel.dev/v1alpha1 kind: Package metadata: creationTimestamp: null name: secretgen-controller.carvel.dev.0.14.2 spec: licenses: - Apache 2.0 refName: secretgen-controller.carvel.dev releasedAt: "2023-03-09T08:21:37Z" template: spec: deploy: - kapp: {} fetch: - imgpkgBundle: image: index.docker.io/ktanushree/sgc-bundle@sha256:2ad6dca5a96ac317c01b05d2e62c3c45370888a75f9ba2b7ab946bc53bb38634 template: - ytt: paths: - config/package-bundle/config - kbld: paths: - '-' - .imgpkg/images.yml valuesSchema: openAPIv3: additionalProperties: false properties: create_namespace: default: true description: Whether to create namespace specified for secretgen-controller type: boolean deployment: additionalProperties: false description: Configuration for secretgen-controller deployment properties: nodeSelector: default: null description: NodeSelector configuration applied to all the deployments nullable: true rollingUpdate: additionalProperties: false properties: maxSurge: default: 0 description: The maxSurge of rollingUpdate. Applied only if RollingUpdate is used as updateStrategy type: integer maxUnavailable: default: 1 description: The maxUnavailable of rollingUpdate. Applied only if RollingUpdate is used as updateStrategy type: integer type: object updateStrategy: default: "" description: Update strategy of deployments, empty uses default strategy type: string type: object namespace: default: secretgen-controller description: The namespace in which to deploy secretgen-controller type: string type: object version: 0.14.2 ``` ``` $cat package-metadata.yaml apiVersion: data.packaging.carvel.dev/v1alpha1 kind: PackageMetadata metadata: creationTimestamp: null name: secretgen-controller.carvel.dev spec: categories: - package management displayName: secretgen-controller longDescription: Provide CRDs to specify what secrets need to be on cluster (generated or not). maintainers: - name: Carvel team (see www.carvel.dev for team members) providerName: carvel.dev shortDescription: Secret generation and sharing ``` 5. kctrl pkg install -p secretgen-controller.carvel.dev -i scg --version ${constraintVersion:1} -n sg