Public fork of production configs

Only slightly cleaned up:
- Expanded README.md to give greater context
- Redacted a few slack tokens that were lazily inlined
- Additional intro comments on a few files

In particular, all the ugly TODOs and embarrassing warts are still
here.  Enjoy :)

Jenkinsfile

@@ -0,0 +1,57 @@
+#!groovy
+
+node('docker') {
+  def testEnv
+  stage('Build') {
+    checkout scm
+
+    testEnv = docker.build('jsonnettest',
+                           "--build-arg=http_proxy=${env.http_proxy} tests")
+  }
+
+  stage('Test') {
+    parallel(fmt: {
+               testEnv.inside {
+                 sh 'tests/test_fmt.sh'
+               }
+             },
+             generated: {
+               testEnv.inside {
+                 sh 'tests/test_generated.sh'
+               }
+             },
+             validate: {
+               withKubeApi(testEnv) {
+                 sh 'KUBERNETES_SERVICE_PORT=443 tests/test_valid.sh'
+               }
+             },
+             prometheus: {
+               docker.image('prom/prometheus:v1.4.1').inside {
+                 sh 'tests/test_prom_rules.sh'
+               }
+             },
+      )
+  }
+
+  if (env.BRANCH_NAME == "master") {
+    stage('Deploy') {
+      withKubeApi(testEnv) {
+        // I don't understand why KUBERNETES_SERVICE_PORT doesn't
+        // survive withEnv, but I swear it "disappears".
+        sh 'KUBERNETES_SERVICE_PORT=443 tools/deploy.sh one.k8s.dev.bitnami.net'
+      }
+    }
+  }
+}
+
+def withKubeApi(img, c) {
+  def tokenDir = '/var/run/secrets/kubernetes.io/serviceaccount'
+  img.inside("-v ${tokenDir}:${tokenDir}") {
+    // kubectl writes things to $HOME/.kube - more than just $KUBECONFIG :(
+    withEnv(["HOME=${env.WORKSPACE}",
+             'KUBERNETES_SERVICE_HOST=kubernetes.default.svc.cluster.local',
+             'KUBERNETES_SERVICE_PORT=443']) {
+      c()
+    }
+  }
+}

Makefile

@@ -0,0 +1,38 @@
+# Provides 'build' and 'test' targets.  Uses docker.
+
+UID := $(shell id -u)
+GID := $(shell id -g)
+
+# Eg: if you need sudo, run with DOCKER_PREFIX=sudo
+DOCKER_PREFIX =
+
+DOCKER = $(DOCKER_PREFIX) docker
+DOCKER_BUILD = $(DOCKER) build --build-arg http_proxy=$(http_proxy)
+DOCKER_RUN = $(DOCKER) run --rm --network=host -u $(UID):$(GID) \
+ -v $(CURDIR):$(CURDIR) -w $(CURDIR) \
+ -v $(HOME)/.kube/config:/kubeconfig \
+ -v $(HOME)/.kube/cache:/home/user/.kube/cache \
+ -e TERM=$(TERM) -e KUBECONFIG=/kubeconfig
+
+TESTS = test-fmt test-generated test-valid test-prom_rules
+
+all: build
+
+docker-kube-manifests: tests/Dockerfile
+# --build-arg breaks docker caching, so fake it ourselves
+	if [ -z "$(shell $(DOCKER) images -q kube-manifests)" ]; then \
+	  $(DOCKER_BUILD) -t kube-manifests tests; \
+	fi
+
+build: docker-kube-manifests
+	$(DOCKER_RUN) kube-manifests tools/rebuild.sh
+
+test-%: tests/test_%.sh docker-kube-manifests
+	$(DOCKER_RUN) kube-manifests $<
+
+test-prom_rules: tests/test_prom_rules.sh
+	$(DOCKER_RUN) --entrypoint /bin/sh prom/prometheus $<
+
+test: $(TESTS)
+
+.PHONY: all build test docker-kube-manifests

README.md

@@ -0,0 +1,94 @@
+# Bitnami kube-manifests
+
+A collection of misc kubernetes configs for various jobs, as used in
+Bitnami's production clusters.  This is probably not useful directly
+for anyone else, but we hope it serves as a non-demo example of "real"
+Kubernetes configuration.
+
+Most of the code comments and instructions below are intended for
+Bitnami employees making changes to our production clusters.
+
+Uses [jsonnet](http://jsonnet.org/) and
+[kubectl](https://kubernetes.io/docs/user-guide/prereqs/) command line
+tools.  See `Makefile` for a docker container with these installed.
+
+
+## Cheat Sheet
+```
+# Rebuild generated json (from jsonnet).
+# Any modified files should be included in your git commit.
+make build
+
+# Run test-suite
+make test
+
+# Create resources
+./tools/kubecfg.sh squid.jsonnet create
+# Update resources
+./tools/kubecfg.sh squid.jsonnet update
+
+# Same thing directly for whatever reason
+jsonnet -J lib squid.jsonnet | kubectl replace -f -
+# .. or using the generated json
+kubectl replace -R -f generated/one.k8s.dev.bitnami.net/squid
+```
+
+## Workflow
+
+- Usual github pull-request workflow: Fork the github repo, clone
+  locally and make your desired change to the jsonnet files using your
+  favourite editor.
+
+- Run `make` to regenerate the JSON.  *Add the generated files to your
+  commit*.  You (and your reviewer) can use these to confirm that your
+  jsonnet change does what you expect.
+
+- If you need to iterate interactively, you can push your change
+  to our `dev` cluster using
+  `./tools/kubecfg.sh one.k8s.dev.bitnami.net/foo.jsonnet update`. Try
+  to clean up after yourself.
+
+- When ready, push to personal github fork and create a pull request
+  in the usual github way.
+
+- Our jenkins instance will run `tests/test_*.sh` and report
+  success/failure on the pull-request.
+
+- After jenkins success and appropriate reviewer approval, merge the
+  pull request into the `master` branch.
+
+- Jenkins will now automatically run `./tools/deploy.sh` against each
+  cluster.
+
+## Tests
+
+`./tests/test_*.sh` will be run against the codebase before merge.
+
+Note that `tests/test_generated.sh` asserts that `generated/` is up to
+date, effectively requiring every substantive jsonnet change to run
+`tools/rebuild.sh`.
+
+## Directory Layout
+
+The interesting bit is these directories:
+
+```
+├── common
+│   └── config
+├── one.k8s.dev.bitnami.net
+│   └── config
+├── one.k8s.int.bitnami.net
+│   └── config
+└── one.k8s.web.bitnami.net
+    └── config
+```
+
+Most of the configuration is in per-component files in `common/`.
+These files are then assembled and "specialised" in per-cluster files
+below each of the cluster-named directories.  There is a similar
+`foo/config/` directory stack used in a similar way for non-Kubernetes
+config files (mostly prometheus at the moment).
+
+The jsonnet files rely heavily on `lib/kube.libsonnet`, which contains
+jsonnet black-magic to help construct objects that conform to the
+regular Kubernetes (JSON/YAML) API schema.