chore: Add Preview Envrionments to Connectors (#1617)

.ci/preview-environments/argo/c8sm.yml

@@ -0,0 +1,29 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  labels:
+    product-context: "c8sm"
+spec:
+  destination:
+    name: camunda-ci
+  ignoreDifferences:
+  - jsonPointers:
+    - /data/tls.crt
+    - /data/tls.key
+    - /metadata/annotations/replicator.v1.mittwald.de~1replicated-from-version
+    kind: Secret
+    name: "*-wildcard-certificate-tls"
+  project: connectors-previews
+  source:
+    helm:
+      parameters: []
+    path: .ci/preview-environments/charts/c8sm
+    repoURL: https://github.com/camunda/connectors.git
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+    - CreateNamespace=true
+    - RespectIgnoreDifferences=true

.ci/preview-environments/charts/c8sm/Chart.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: v2
+name: preview-environments
+appVersion: dev
+description: A Helm chart to deploy a C8 Connectors preview environment to the Camunda-CI cluster managed by the Infrastructure team.
+icon: https://console.cloud.camunda.io/favicon.ico
+type: application
+# Chart version; expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+dependencies:
+- name: infra-preview-environments-ingress
+  repository: oci://registry.camunda.cloud/library
+  version: 1.3.0
+- name: camunda-platform
+  # @camunda-cloud references https://helm.camunda.io repository configured as camunda-cloud in Argo CD
+  repository: https://helm.camunda.io
+  version: 8.3.4

.ci/preview-environments/charts/c8sm/templates/_helpers.tpl

@@ -0,0 +1,15 @@
+
+{{ define "commonLabels" -}}
+{{- toYaml .Values.global.labels -}}
+{{ end }}
+
+{{- define "commonAnnotations" -}}
+camunda.cloud/created-by: "{{ .Values.global.preview.git.repoUrl }}/blob/{{ .Values.global.preview.git.branch }}/.ci/{{ .Template.Name }}"
+{{- if .Values.global.annotations }}
+{{ toYaml .Values.global.annotations -}}
+{{- end }}
+{{- end }}
+
+{{- define "ingress.domain" -}}
+{{- printf "%s.%s" .Release.Name .Values.global.preview.ingress.domain | trimPrefix "connectors-" -}}
+{{- end -}}

.ci/preview-environments/charts/c8sm/templates/certificate.yml

@@ -0,0 +1,24 @@
+# Replicate the wildcard certificate from the main connectors namespace
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "camundaPlatform.fullname" (index .Subcharts "camunda-platform") }}-wildcard-certificate-tls
+  labels:
+    {{- include "commonLabels" $ | nindent 4 }}
+  annotations:
+    {{- include "commonAnnotations" $ | nindent 4 }}
+    replicator.v1.mittwald.de/replicate-from: connectors/connectors-wildcard-certificate-tls
+    # The following overwrites an "internal" annotation (one that the user
+    # should not interfere with as it is not documented in the README at
+    # https://github.com/mittwald/kubernetes-replicator/). We do this anyways to
+    # force replicator-tool to replicate the contents of this secret again.
+    # This is necessary as we have to set empty default data fields to create a
+    # valid `type: kubernetes.io/tls` secret but this will purge the previously
+    # replicated contents.
+    replicator.v1.mittwald.de/replicated-from-version: "0"
+    argocd.argoproj.io/sync-wave: "-3"
+type: kubernetes.io/tls
+data:
+  tls.key: ""
+  tls.crt: ""

.ci/preview-environments/charts/c8sm/templates/ingress.yml

@@ -0,0 +1,70 @@
+# We connot use .Values.global.ingress.annotations to include "infrapreviewenvironmentsingress.annotations" due
+# to the "toYaml" function used before "tpl". A similar custom ingress must be used instead.
+# https://github.com/camunda/camunda-platform-helm/blob/1814ba5e3ad4c012288dcaf7b0f8a3ceff860b4e/charts/camunda-platform/templates/camunda/ingress.yaml#L9
+---
+{{- $camundaPlatform := deepCopy (index .Subcharts "camunda-platform") -}}
+{{- $_ := set .Values "camundaPlatform" (deepCopy (index .Values "camunda-platform")) -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "camundaPlatform.fullname" $camundaPlatform }}
+  labels:
+    {{- include "commonLabels" $ | nindent 4 }}
+  annotations: 
+    {{- include "commonAnnotations" $ | nindent 4 }}
+    {{- include "infrapreviewenvironmentsingress.annotations" $ | nindent 4 -}}
+    ingress.kubernetes.io/rewrite-target: "/"
+    nginx.ingress.kubernetes.io/app-root: {{ .Values.camundaPlatform.webModeler.contextPath }}
+    nginx.ingress.kubernetes.io/proxy-buffer-size: 16k
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: {{ include "ingress.domain" $ | quote }}
+    http:
+      paths:
+      - backend:
+          service:
+            name: {{ include "identity.keycloak.service" $camundaPlatform.Subcharts.identity }}
+            port:
+              number: {{ include "identity.keycloak.port" $camundaPlatform.Subcharts.identity }}
+        path: {{ include "identity.keycloak.contextPath" $camundaPlatform.Subcharts.identity }}
+        pathType: Prefix
+      - backend:
+          service:
+            name: {{ template "identity.fullname" $camundaPlatform.Subcharts.identity }}
+            port:
+              number: {{ .Values.camundaPlatform.identity.service.port }}
+        path: {{ .Values.camundaPlatform.identity.contextPath }}
+        pathType: Prefix
+      - backend:
+          service:
+            name: {{ template "operate.fullname" $camundaPlatform }}
+            port:
+              number: {{ .Values.camundaPlatform.operate.service.port }}
+        path: {{ .Values.camundaPlatform.operate.contextPath }}
+        pathType: Prefix
+      - backend:
+          service:
+            name: {{ template "webModeler.webapp.fullname" $camundaPlatform }}
+            port:
+              number: {{ .Values.camundaPlatform.webModeler.webapp.service.port }}
+        path: {{ .Values.camundaPlatform.webModeler.contextPath }}
+        pathType: Prefix
+      - backend:
+          service:
+            name: {{ template "webModeler.websockets.fullname" $camundaPlatform }}
+            port:
+              number:  {{ .Values.camundaPlatform.webModeler.websockets.service.port }}
+        path: {{ template "webModeler.websocketContextPath" $camundaPlatform }}
+        pathType: Prefix
+      - backend:
+          service:
+            name: {{ template "connectors.fullname" $camundaPlatform }}
+            port:
+              number: {{ .Values.camundaPlatform.connectors.service.serverPort }}
+        path: {{ .Values.camundaPlatform.connectors.contextPath }}
+        pathType: Prefix
+  tls:
+  - hosts:
+    - {{ include "ingress.domain" $ | quote }}
+    secretName: {{ include "camundaPlatform.fullname" $camundaPlatform }}-wildcard-certificate-tls

.ci/preview-environments/charts/c8sm/templates/ns.yml

@@ -0,0 +1,8 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ .Release.Name }}
+  annotations: {{ include "commonAnnotations" $ | nindent 4 }}
+    argocd.argoproj.io/sync-wave: "-5"
+  labels: {{ include "commonLabels" $ | nindent 4 }}

.ci/preview-environments/charts/c8sm/templates/secrets.yml

@@ -0,0 +1,26 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: registry-camunda-cloud
+  labels: {{ include "commonLabels" $ | nindent 4 }}
+  annotations: {{ include "commonAnnotations" $ | nindent 4 }}
+spec:
+  refreshInterval: "5m"
+
+  secretStoreRef:
+    name: connectors-vault-backend
+    kind: ClusterSecretStore
+
+  target:
+    template:
+      type: kubernetes.io/dockerconfigjson
+      metadata:
+        annotations:
+          managed-by: external-secrets
+
+  data:
+  - secretKey: .dockerconfigjson
+    remoteRef:
+      key: secret/data/products/connectors/ci/common
+      property: REGISTRY_CAMUNDA_CLOUD_DOCKERCONFIGJSON

.ci/preview-environments/charts/c8sm/templates/service.yml

@@ -0,0 +1,28 @@
+# Fixed service names for Zeebe Gateway and Keycloak to be used in Web Modeler
+# to easily configure the cluster endpoint (with Camunda identity-based authentication)
+---
+{{- $camundaPlatform := index .Subcharts "camunda-platform" -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: zeebe
+  labels:
+    {{- include "commonLabels" $ | nindent 4 }}
+  annotations: 
+    {{- include "commonAnnotations" $ | nindent 4 }}
+spec:
+  type: ExternalName
+  externalName: {{ include "zeebe.names.gateway" $camundaPlatform }}.{{ .Release.Namespace }}.svc.cluster.local
+---
+{{- $identityKeyCloak := $camundaPlatform.Subcharts.identity.Subcharts.keycloak -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: keycloak
+  labels:
+    {{- include "commonLabels" $ | nindent 4 }}
+  annotations: 
+    {{- include "commonAnnotations" $ | nindent 4 }}
+spec:
+  type: ExternalName
+  externalName: {{ template "common.names.fullname" $identityKeyCloak }}.{{ .Release.Namespace }}.svc.cluster.local