From 25b09d362c8ee53725481bfde21d0a2877ba96a8 Mon Sep 17 00:00:00 2001
From: Matt Conway <matt@conwaysplace.com>
Date: Thu, 16 Sep 2021 12:13:31 -0400
Subject: [PATCH] add example for using kubetruth to generate CRDs that control
 kubetruth

---
 examples/inception/README.md                  | 110 ++++++++++++++++++
 examples/inception/nosecret.tmpl.yaml         |   9 ++
 .../inception/values-parameter-driven.yaml    |  65 +++++++++++
 .../inception/values-template-driven.yaml     |  27 +++++
 4 files changed, 211 insertions(+)
 create mode 100644 examples/inception/README.md
 create mode 100644 examples/inception/nosecret.tmpl.yaml
 create mode 100644 examples/inception/values-parameter-driven.yaml
 create mode 100644 examples/inception/values-template-driven.yaml

diff --git a/examples/inception/README.md b/examples/inception/README.md
new file mode 100644
index 0000000..aa25c01
--- /dev/null
+++ b/examples/inception/README.md
@@ -0,0 +1,110 @@
+# Using kubetruth to deploy
+
+This example uses kubetruth to configure kubetruth by creating kubetruth
+ProjectMapping CRDs from the CloudTruth project named kubetruth.
+
+It provides 2 variants:
+
+* `values-parameter-driven.yaml`:
+  The CloudTruth parameters are organized according to their dot-notated keys to
+  simulate a hash of the attributes for the CRD and then a CRD yaml is created
+  and applied for each grouping.  For example with CloudTruth parameters like the following:
+    ```
+    foo.project_selector: ^foo$
+    foo.skip: true
+    bar.project_selector: ^bar$
+    bar.resource_templates.secret: ""
+    ```
+  kubetruth will create a CRD named foo, that skips processing for the project named foo, and
+  another CRD named bar that prevents generation of the default secret resource by
+  setting its template to empty
+* `values-template-driven.yaml`:
+  Each CloudTruth template is treated as a complete CRD yaml and applied verbatim
+
+## Setup CloudTruth Credentials
+
+Login to CloudTruth, and create an api key, then add it to your environment
+
+```
+export CLOUDTRUTH_API_KEY=your_api_key
+```
+
+## Setup a project to configure the deploy
+
+```
+cloudtruth projects set kubetruth
+```
+
+## (Optional) Setup [minikube](https://minikube.sigs.k8s.io/docs/start/) to test locally
+```
+minikube start
+```
+
+## Setup kubetruth to apply a deployment resource for that project
+
+To try the parameter driven variant, install kubetruth with the following settings:
+```
+helm install --values examples/inception/values-parameter-driven.yaml --set appSettings.apiKey=$CLOUDTRUTH_API_KEY kubetruth cloudtruth/kubetruth
+```
+
+OR to try the template driven variant variant, install kubetruth like:
+```
+helm install --values examples/inception/values-template-driven.yaml --set appSettings.apiKey=$CLOUDTRUTH_API_KEY kubetruth cloudtruth/kubetruth
+```
+
+## Check kubetruth is up
+
+```
+kubectl describe deployment kubetruth
+kubectl logs deployment/kubetruth
+```
+
+## Add a project that we can affect with a CRD
+
+```
+cloudtruth projects set nosecret
+cloudtruth --project nosecret parameter set --value myval aParam
+cloudtruth --project nosecret parameter set --secret true --value sekret aSecret
+```
+
+Note that no resources get generated for it yet since our root selector was set to skip all:
+```
+kubectl describe configmap nosecret
+kubectl describe secret nosecret
+```
+
+## Create and verify a parameter-driven CRD
+
+If you installed kubetruth using the parameter driven variant of this example,
+create some CloudTruth parameters to be interpreted as a CRD:
+```
+cloudtruth --project kubetruth parameter set --value "^nosecret$" nosecret.project_selector 
+cloudtruth --project kubetruth parameter set --value "" nosecret.resource_templates.secret
+cloudtruth --project kubetruth parameter set --value "false" nosecret.skip # we skipped globally in the root, so need to undo it
+```
+
+Note that a ConfigMap gets generated, but a Secret does not:
+```
+kubectl describe configmap nosecret 
+kubectl describe secret nosecret
+```
+
+Re-enable Secret generation:
+```
+cloudtruth --project kubetruth parameter delete nosecret.resource_templates.secret
+```
+
+Note that a Secret is now being generated:
+```
+kubectl describe secret nosecret # a Secret resource should now be generated
+```
+
+## Create and verify a template-driven CRD
+
+If you installed kubetruth using the template driven variant of this example, create a CloudTruth template to be written as the CRD:
+
+```
+cloudtruth --project kubetruth template set --body examples/inception/nosecret.tmpl.yaml nosecret
+```
+
+Similar steps can be followed to verify the behavior like one does in the parameter driven variant
diff --git a/examples/inception/nosecret.tmpl.yaml b/examples/inception/nosecret.tmpl.yaml
new file mode 100644
index 0000000..3be1276
--- /dev/null
+++ b/examples/inception/nosecret.tmpl.yaml
@@ -0,0 +1,9 @@
+apiVersion: kubetruth.cloudtruth.com/v1
+kind: ProjectMapping
+metadata:
+  name: nosecret
+spec:
+  skip: false
+  project_selector: "^nosecret$"
+  resource_templates:
+    secret: ""
diff --git a/examples/inception/values-parameter-driven.yaml b/examples/inception/values-parameter-driven.yaml
new file mode 100644
index 0000000..33f39f9
--- /dev/null
+++ b/examples/inception/values-parameter-driven.yaml
@@ -0,0 +1,65 @@
+# Setup the kubetruth CRD to ignore all projects except for the one named deploytest
+# For the deploytest project, get the resource template from the cloudtruth template named deployment
+projectMappings:
+
+  # Define the root project mapping, skipping all projects except for the
+  # example we care about
+  root:
+    scope: "root"
+    environment: default
+    skip: true
+
+  # Define an override ProjectMapping to create kubetruth CRDs from the
+  # CloudTruth project named kubetruth
+  kubetruth:
+    scope: "override"
+    skip: false
+    project_selector: "^kubetruth$"
+    resource_templates:
+      # Disable default templates for this project as they aren't needed
+      configmap: ""
+      secret: ""
+
+      crds: |
+        {%- if parameters.size > 0 %} {{ parameters | nindent: "five" }}
+
+        {%- comment %}
+          Use the inflate filter to convert parameters to a structured form
+          based on a dot delimiter.  The namespace can be specified with a slash
+          in the first part of the key, e.g.
+          myoverride.project_selector # uses default/installed namespace
+          mynamespace/myoverride.project_selector # uses mynamespace
+        {%- endcomment %}
+
+        {%- assign inflated_params = parameters | inflate %}
+        {%- for crd in inflated_params %}
+
+        {%- assign name_parts = crd[0] | split: "/" %}
+        {%- assign name = name_parts | last %}
+
+        apiVersion: kubetruth.cloudtruth.com/v1
+        kind: ProjectMapping
+        metadata:
+          name: "{{ name }}"
+          {%- if name_parts.size > 1 %}
+          namespace: "{{ name_parts | first }}"
+          {%- endif %}
+        spec:
+          {% if crd[1] contains "scope" %}scope: "{{ crd[1].scope }}"{% endif %}
+          {% if crd[1] contains "environment" %}environment: "{{ crd[1].environment }}"{% endif %}
+          {% if crd[1] contains "project_selector" %}project_selector: "{{ crd[1].project_selector }}"{% endif %}
+          {% if crd[1] contains "key_selector" %}key_selector: "{{ crd[1].key_selector }}"{% endif %}
+          {% if crd[1] contains "skip" %}skip: {{ crd[1].skip }}{% endif %}
+          {% if crd[1] contains "included_projects" %}included_projects: {{ crd[1].included_projects }}{% endif %}
+          {% if crd[1] contains "context" %}
+          context:
+            {{ crd[1].context | to_yaml: no_header: true | nindent: 4 }}
+          {% endif %}
+          {% if crd[1] contains "resource_templates" %}
+          resource_templates:
+            {{ crd[1].resource_templates | to_yaml: no_header: true | nindent: 4 }}
+          {% endif %}
+
+        {% unless forloop.last %}---{% endunless %}
+        {%- endfor %}
+        {%- endif %}
diff --git a/examples/inception/values-template-driven.yaml b/examples/inception/values-template-driven.yaml
new file mode 100644
index 0000000..5492ba8
--- /dev/null
+++ b/examples/inception/values-template-driven.yaml
@@ -0,0 +1,27 @@
+# Setup the kubetruth CRD to ignore all projects except for the one named deploytest
+# For the deploytest project, get the resource template from the cloudtruth template named deployment
+projectMappings:
+
+  # Define the root project mapping, skipping all projects except for the
+  # example we care about
+  root:
+    scope: "root"
+    environment: default
+    skip: true
+
+  # Define an override ProjectMapping to create kubetruth CRDs from the
+  # CloudTruth project named kubetruth
+  kubetruth:
+    scope: "override"
+    skip: false
+    project_selector: "^kubetruth$"
+    resource_templates:
+      # Disable default templates for this project as they aren't needed
+      configmap: ""
+      secret: ""
+
+      crds: |
+        {%- for template in templates.names %}
+        {{ templates[template] }}
+        {% unless forloop.last %}---{% endunless %}
+        {%- endfor %}