From ec9bf188acbb2bba108c88cf274e729051b9ee88 Mon Sep 17 00:00:00 2001
From: mhoshi-vm <machi.hoshino@broadcom.com>
Date: Mon, 20 Jan 2025 23:02:11 +0900
Subject: [PATCH] Add tpk8s capabilities

---
 .../10.0.0/secret_pass.yaml                   |  75 +++++++++
 .../10.0.0/service_binding_role.yaml          |  21 +++
 .../10.0.0/tanzu-gemfire/overlay.yaml         |  85 +++++++++++
 .../10.0.0/tanzu-postgres/overlay.yaml        |  86 +++++++++++
 .../10.0.0/tanzu-rabbitmq/overlay.yaml        |  89 +++++++++++
 .../10.0.0/values.yaml                        |  52 +++++++
 .../10.0.0.yaml                               | 144 ++++++++++++++++++
 .../metadata.yaml                             |  11 ++
 8 files changed, 563 insertions(+)
 create mode 100644 manifests/tpk8s-toolkit-capabilities.tanzu.japan.com/10.0.0/secret_pass.yaml
 create mode 100644 manifests/tpk8s-toolkit-capabilities.tanzu.japan.com/10.0.0/service_binding_role.yaml
 create mode 100644 manifests/tpk8s-toolkit-capabilities.tanzu.japan.com/10.0.0/tanzu-gemfire/overlay.yaml
 create mode 100644 manifests/tpk8s-toolkit-capabilities.tanzu.japan.com/10.0.0/tanzu-postgres/overlay.yaml
 create mode 100644 manifests/tpk8s-toolkit-capabilities.tanzu.japan.com/10.0.0/tanzu-rabbitmq/overlay.yaml
 create mode 100644 manifests/tpk8s-toolkit-capabilities.tanzu.japan.com/10.0.0/values.yaml
 create mode 100644 packages/tpk8s-toolkit-capabilites.tanzu.japan.com/10.0.0.yaml
 create mode 100644 packages/tpk8s-toolkit-capabilites.tanzu.japan.com/metadata.yaml

diff --git a/manifests/tpk8s-toolkit-capabilities.tanzu.japan.com/10.0.0/secret_pass.yaml b/manifests/tpk8s-toolkit-capabilities.tanzu.japan.com/10.0.0/secret_pass.yaml
new file mode 100644
index 0000000..f54bcf5
--- /dev/null
+++ b/manifests/tpk8s-toolkit-capabilities.tanzu.japan.com/10.0.0/secret_pass.yaml
@@ -0,0 +1,75 @@
+#@ load("@ytt:data", "data")
+#@ load("@ytt:overlay", "overlay")
+#@ load("@ytt:base64", "base64")
+#@ load("@ytt:json", "json")
+
+
+#@ def dockerhub_config_fragment(user, password):
+username: #@ user
+password: #@ password
+#@ end
+
+#@ def dockerhub_config(url, user, password):
+#@ docker_config = { url.partition("/")[0] : dockerhub_config_fragment(user, password)}
+auths: #@ docker_config
+#@ end
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: rabbitmq-repo-secret
+type: kubernetes.io/dockerconfigjson
+#@ repo = data.values.rabbitmq.package.repo
+data:
+  #@ url = repo.url
+  #@ user = repo.user
+  #@ password = repo.password
+  .dockerconfigjson: #@ base64.encode(json.encode(dockerhub_config(url, user, password)))
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: postgres-repo-secret
+type: kubernetes.io/dockerconfigjson
+#@ repo = data.values.postgres.package.repo
+data:
+  #@ url = repo.url
+  #@ user = repo.user
+  #@ password = repo.password
+  .dockerconfigjson: #@ base64.encode(json.encode(dockerhub_config(url, user, password)))
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: gemfire-repo-secret
+type: kubernetes.io/dockerconfigjson
+#@ repo = data.values.gemfire.package.repo
+data:
+  #@ url = repo.url
+  #@ user = repo.user
+  #@ password = repo.password
+  .dockerconfigjson: #@ base64.encode(json.encode(dockerhub_config(url, user, password)))
+---
+apiVersion: secretgen.carvel.dev/v1alpha1
+kind: SecretExport
+metadata:
+  name: postgres-repo-secret
+spec:
+  toNamespaces:
+   - "*"
+---
+apiVersion: secretgen.carvel.dev/v1alpha1
+kind: SecretExport
+metadata:
+  name: rabbitmq-repo-secret
+spec:
+  toNamespaces:
+    - "*"
+---
+apiVersion: secretgen.carvel.dev/v1alpha1
+kind: SecretExport
+metadata:
+  name: gemfire-repo-secret
+spec:
+  toNamespaces:
+    - "*"
\ No newline at end of file
diff --git a/manifests/tpk8s-toolkit-capabilities.tanzu.japan.com/10.0.0/service_binding_role.yaml b/manifests/tpk8s-toolkit-capabilities.tanzu.japan.com/10.0.0/service_binding_role.yaml
new file mode 100644
index 0000000..35ce8b2
--- /dev/null
+++ b/manifests/tpk8s-toolkit-capabilities.tanzu.japan.com/10.0.0/service_binding_role.yaml
@@ -0,0 +1,21 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: resource-claims-rmq
+  labels:
+    servicebinding.io/controller: "true"
+rules:
+  - apiGroups: ["rabbitmq.com"]
+    resources: ["rabbitmqclusters"]
+    verbs: ["get", "list", "watch", "update"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: resource-claims-postgres
+  labels:
+    resourceclaims.services.apps.tanzu.vmware.com/controller: "true"
+rules:
+  - apiGroups: ["sql.tanzu.vmware.com"]
+    resources: ["postgres"]
+    verbs: ["get", "list", "watch", "update"]
\ No newline at end of file
diff --git a/manifests/tpk8s-toolkit-capabilities.tanzu.japan.com/10.0.0/tanzu-gemfire/overlay.yaml b/manifests/tpk8s-toolkit-capabilities.tanzu.japan.com/10.0.0/tanzu-gemfire/overlay.yaml
new file mode 100644
index 0000000..311a4f6
--- /dev/null
+++ b/manifests/tpk8s-toolkit-capabilities.tanzu.japan.com/10.0.0/tanzu-gemfire/overlay.yaml
@@ -0,0 +1,85 @@
+#@ load("@ytt:data", "data")
+#@ load("@ytt:overlay", "overlay")
+
+#@ if data.values.gemfire.package.install:
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: gemfire-install
+  labels:
+    pod-security.kubernetes.io/enforce: baseline
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: tap-registry
+  namespace: gemfire-install
+  annotations:
+    secretgen.carvel.dev/image-pull-secret: ""
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: e30K
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kapp-sa
+  namespace: gemfire-install
+secrets:
+  - name: tap-registry
+imagePullSecrets:
+  - name: tap-registry
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: gemfire-kapp-role-binding
+  namespace: gemfire-install
+subjects:
+- kind: ServiceAccount
+  name: kapp-sa
+  namespace: gemfire-install
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+---
+apiVersion: kappctrl.k14s.io/v1alpha1
+kind: App
+metadata:
+  name: gemfire
+  namespace: gemfire-install
+spec:
+  serviceAccountName: kapp-sa
+  fetch:
+  - imgpkgBundle:
+      image:  #@ data.values.gemfire.package.repo.url + ":" + data.values.gemfire.package.version
+      secretRef:
+        name: tap-registry
+    path: gemfire/
+  template:
+  - ytt:
+      ignoreUnknownComments: true
+      paths:
+      - gemfire/operator.yaml
+      - gemfire/certificates.yaml
+      - gemfire/functions.lib.yml
+      inline:
+        paths:
+          values-update.yaml: |
+            #@data/values
+            ---
+            namespace: gemfire-install
+            name: gemfire-operator
+            certManagerNamespace: ""
+            cpu: ""
+            memory: ""
+            imagePullSecretName: "tap-registry"
+            tlsSecretName: ""
+            registry:
+              server: ""
+              username: ""
+              password: ""
+  deploy:
+    - kapp: {}
+#@ end
diff --git a/manifests/tpk8s-toolkit-capabilities.tanzu.japan.com/10.0.0/tanzu-postgres/overlay.yaml b/manifests/tpk8s-toolkit-capabilities.tanzu.japan.com/10.0.0/tanzu-postgres/overlay.yaml
new file mode 100644
index 0000000..dd03f24
--- /dev/null
+++ b/manifests/tpk8s-toolkit-capabilities.tanzu.japan.com/10.0.0/tanzu-postgres/overlay.yaml
@@ -0,0 +1,86 @@
+#@ load("@ytt:data", "data")
+#@ load("@ytt:overlay", "overlay")
+
+#@ if data.values.postgres.package.install:
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    pod-security.kubernetes.io/enforce: baseline
+  name: postgres-install
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: tap-registry
+  namespace: postgres-install
+  annotations:
+    secretgen.carvel.dev/image-pull-secret: ""
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: e30K
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kapp-sa
+  namespace: postgres-install
+secrets:
+  - name: tap-registry
+imagePullSecrets:
+  - name: tap-registry
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: postgres-kapp-role-binding
+  namespace: postgres-install
+subjects:
+- kind: ServiceAccount
+  name: kapp-sa
+  namespace: postgres-install
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+---
+apiVersion: packaging.carvel.dev/v1alpha1
+kind: PackageRepository
+metadata:
+  name: tds-pack
+  namespace: postgres-install
+  annotations:
+    kapp.k14s.io/change-group: "pkgr"
+spec:
+  fetch:
+    imgpkgBundle:
+      image: #@ data.values.postgres.package.repo.url + ":" + data.values.postgres.package.version
+---
+apiVersion: packaging.carvel.dev/v1alpha1
+kind: PackageInstall
+metadata:
+  name: postgres
+  namespace: postgres-install
+spec:
+  serviceAccountName: kapp-sa
+  packageRef:
+    refName: postgres-operator.sql.tanzu.vmware.com
+    versionSelection:
+      constraints: #@ data.values.postgres.package.operator_version
+  values:
+  - secretRef:
+      name: change-default-reg-secret
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: change-default-reg-secret
+  namespace: postgres-install
+stringData:
+  change-default-reg-secret.yml: |
+    #@data/values-schema
+    ---    
+    dockerRegistrySecretName: tap-registry
+#@ end
+
+
diff --git a/manifests/tpk8s-toolkit-capabilities.tanzu.japan.com/10.0.0/tanzu-rabbitmq/overlay.yaml b/manifests/tpk8s-toolkit-capabilities.tanzu.japan.com/10.0.0/tanzu-rabbitmq/overlay.yaml
new file mode 100644
index 0000000..934d0b9
--- /dev/null
+++ b/manifests/tpk8s-toolkit-capabilities.tanzu.japan.com/10.0.0/tanzu-rabbitmq/overlay.yaml
@@ -0,0 +1,89 @@
+#@ load("@ytt:data", "data")
+#@ load("@ytt:overlay", "overlay")
+
+#@ if data.values.rabbitmq.package.install:
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: rabbitmq-install
+  labels:
+    pod-security.kubernetes.io/enforce: baseline
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: tap-registry
+  namespace: rabbitmq-install
+  annotations:
+    secretgen.carvel.dev/image-pull-secret: ""
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: e30K
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kapp-sa
+  namespace: rabbitmq-install
+secrets:
+  - name: tap-registry
+imagePullSecrets:
+  - name: tap-registry
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: rabbit-kapp-role-binding
+  namespace: rabbitmq-install
+subjects:
+- kind: ServiceAccount
+  name: kapp-sa
+  namespace: rabbitmq-install
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+---
+apiVersion: packaging.carvel.dev/v1alpha1
+kind: PackageRepository
+metadata:
+  generation: 2
+  name: tmq-pack
+  namespace: rabbitmq-install
+  annotations:
+    kapp.k14s.io/change-group: "pkgr"
+spec:
+  fetch:
+    imgpkgBundle:
+      image: #@ data.values.rabbitmq.package.repo.url + ":" + data.values.rabbitmq.package.version
+---
+apiVersion: packaging.carvel.dev/v1alpha1
+kind: PackageInstall
+metadata:
+  name: rabbitmq
+  namespace: rabbitmq-install
+  annotations:
+    ext.packaging.carvel.dev/ytt-paths-from-secret-name.0: "namespace-overlay"
+spec:
+  serviceAccountName: kapp-sa 
+  packageRef:
+    refName: rabbitmq.tanzu.vmware.com
+    versionSelection:
+      constraints: #@ data.values.rabbitmq.package.operator_version
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: namespace-overlay
+  namespace: rabbitmq-install
+stringData:
+  overlay.yaml: |
+    #@ load("@ytt:overlay", "overlay")
+    
+    #@overlay/match by=overlay.subset({"kind":"Namespace", "metadata": {"name": "rabbitmq-system"}}), expects="0+"
+    ---
+    metadata:
+      labels:
+        #@overlay/match missing_ok=True
+        pod-security.kubernetes.io/enforce: baseline
+#@ end
\ No newline at end of file
diff --git a/manifests/tpk8s-toolkit-capabilities.tanzu.japan.com/10.0.0/values.yaml b/manifests/tpk8s-toolkit-capabilities.tanzu.japan.com/10.0.0/values.yaml
new file mode 100644
index 0000000..297ce2c
--- /dev/null
+++ b/manifests/tpk8s-toolkit-capabilities.tanzu.japan.com/10.0.0/values.yaml
@@ -0,0 +1,52 @@
+#@data/values-schema
+---
+#@schema/desc "Rabbitmq starter"
+rabbitmq:
+  #@schema/desc "package installation"
+  package:
+    #@schema/desc "install via carvel"
+    install: true
+    #@schema/desc "install repo"
+    repo:
+      url: rabbitmq-kubernetes.packages.broadcom.com/tanzu-rabbitmq-package-repo
+      user: ""
+      password: ""
+    #@schema/desc "install version"
+    version: 4.0.5
+    #@schema/desc "operator version"
+    operator_version: 4.0.5
+
+#@schema/desc "Postgres starter"
+postgres:
+  #@schema/desc "package installation"
+  package:
+    #@schema/desc "install via carvel"
+    install: true
+    #@schema/desc "install repo"
+    repo:
+      url: tanzu-sql-postgres.packages.broadcom.com/tds-packages
+      user: ""
+      password: ""
+    #@schema/desc "install version"
+    version: 1.14.0
+    #@schema/desc "operator version"
+    operator_version: 3.0.0
+
+#@schema/desc "Gemfire starter"
+gemfire:
+  #@schema/desc "package installation"
+  package:
+    #@schema/desc "install via carvel"
+    install: true
+    #@schema/desc "install repo"
+    repo:
+      url: registry.packages.broadcom.com/tanzu-gemfire-for-kubernetes/gemfire-for-kubernetes-carvel-bundle
+      user: ""
+      password: ""
+    #@schema/desc "install repo password"
+    repo_password: ""
+    #@schema/desc "install version"
+    version: 2.4.0
+
+
+
diff --git a/packages/tpk8s-toolkit-capabilites.tanzu.japan.com/10.0.0.yaml b/packages/tpk8s-toolkit-capabilites.tanzu.japan.com/10.0.0.yaml
new file mode 100644
index 0000000..0df07f7
--- /dev/null
+++ b/packages/tpk8s-toolkit-capabilites.tanzu.japan.com/10.0.0.yaml
@@ -0,0 +1,144 @@
+apiVersion: data.packaging.carvel.dev/v1alpha1
+kind: Package
+metadata:
+  annotations:
+    capability.tanzu.vmware.com/provides: |
+      [{ "name": "tpk8s-toolkit-capabilites.tanzu.japan.com",
+         "displayName": "TPk8s Toolkit",
+         "vendor": "VMware Tanzu",
+         "description": "Allows using Tanzu Posrgres, RabbitMQ, Gemfire for k8s",
+         "tags":["Services & Data Services"],
+         "groupVersionKinds": [
+            { "apiVersion": "sql.tanzu.vmware.com/v1", "kind": "Postgres" },
+            { "apiVersion": "gemfire.vmware.com/v1", "kind": "GemFireCluster" },
+            { "apiVersion": "rabbitmq.com/v1beta1", "kind": "RabbitmqCluster" },
+          ]
+       }
+      ]
+  name: tpk8s-toolkit-capabilities.tanzu.japan.com.10.0.0
+spec:
+  refName: tpk8s-toolkit-capabilities.tanzu.japan.com
+  version: 10.0.0
+  valuesSchema:
+    openAPIv3:
+      title: tpk8s-toolikt.tanzu-jp values schema
+      properties:
+        rabbitmq:
+          type: object
+          additionalProperties: false
+          description: Rabbitmq starter
+          properties:
+            package:
+              type: object
+              additionalProperties: false
+              description: package installation
+              properties:
+                install:
+                  type: boolean
+                  description: install via carvel
+                  default: true
+                repo:
+                  type: object
+                  additionalProperties: false
+                  description: install repo
+                  properties:
+                    url:
+                      type: string
+                      default: rabbitmq-kubernetes.packages.broadcom.com/tanzu-rabbitmq-package-repo
+                    user:
+                      type: string
+                      default: ""
+                    password:
+                      type: string
+                      default: ""
+                version:
+                  type: string
+                  description: install version
+                  default: 4.0.5
+                operator_version:
+                  type: string
+                  description: operator version
+                  default: 4.0.5
+        postgres:
+          type: object
+          additionalProperties: false
+          description: Postgres starter
+          properties:
+            package:
+              type: object
+              additionalProperties: false
+              description: package installation
+              properties:
+                install:
+                  type: boolean
+                  description: install via carvel
+                  default: true
+                repo:
+                  type: object
+                  additionalProperties: false
+                  description: install repo
+                  properties:
+                    url:
+                      type: string
+                      default: tanzu-sql-postgres.packages.broadcom.com/tds-packages
+                    user:
+                      type: string
+                      default: ""
+                    password:
+                      type: string
+                      default: ""
+                version:
+                  type: string
+                  description: install version
+                  default: 1.14.0
+                operator_version:
+                  type: string
+                  description: operator version
+                  default: 3.0.0
+        gemfire:
+          type: object
+          additionalProperties: false
+          description: Gemfire starter
+          properties:
+            package:
+              type: object
+              additionalProperties: false
+              description: package installation
+              properties:
+                install:
+                  type: boolean
+                  description: install via carvel
+                  default: true
+                repo:
+                  type: object
+                  additionalProperties: false
+                  description: install repo
+                  properties:
+                    url:
+                      type: string
+                      default: registry.packages.broadcom.com/tanzu-gemfire-for-kubernetes/gemfire-for-kubernetes-carvel-bundle
+                    user:
+                      type: string
+                      default: ""
+                    password:
+                      type: string
+                      default: ""
+                repo_password:
+                  type: string
+                  description: install repo password
+                  default: ""
+                version:
+                  type: string
+                  description: install version
+                  default: 2.4.0
+  template:
+    spec:
+      fetch:
+      - git:
+          url: https://github.com/mhoshi-vm/tap-carvel
+          ref: origin/pkgr
+          subPath: manifests/tpk8s-toolkit-capabilities.tanzu.japan.com/10.0.0
+      template:
+      - ytt: {}
+      deploy:
+      - kapp: {}
diff --git a/packages/tpk8s-toolkit-capabilites.tanzu.japan.com/metadata.yaml b/packages/tpk8s-toolkit-capabilites.tanzu.japan.com/metadata.yaml
new file mode 100644
index 0000000..c5010e6
--- /dev/null
+++ b/packages/tpk8s-toolkit-capabilites.tanzu.japan.com/metadata.yaml
@@ -0,0 +1,11 @@
+apiVersion: data.packaging.carvel.dev/v1alpha1
+kind: PackageMetadata
+metadata:
+  name: tpk8s-toolkit-capabilities.tanzu.japan.com
+spec:
+  displayName: "TP Toolkit Capabilites (Unofficial)"
+  shortDescription: "TP Toolkit Capabilites (Unofficial)"
+  supportDescription: "https://carvel.dev/"
+  providerName: "Broadcom"
+  maintainers:
+  - name: "Machi Hoshino"