From 29a3fb88f41ff06d0c050065d0d5a092abeb8b27 Mon Sep 17 00:00:00 2001 From: Matthew Jones Date: Wed, 13 Jul 2022 18:31:44 -0400 Subject: [PATCH] Fixes #243 - Add initial kustomize templates for this project --- .gitignore | 1 + kustomize/README.md | 42 +++++++++++++++ kustomize/base/build.yaml | 29 +++++++++++ kustomize/base/kustomization.yaml | 19 +++++++ kustomize/base/openshift-buildconfig.json | 52 +++++++++++++++++++ .../base/openshift-deploymentconfig.json | 43 +++++++++++++++ kustomize/base/openshift-route.json | 31 +++++++++++ kustomize/base/web-autoscaler.yaml | 11 ++++ kustomize/base/web-deployment.yaml | 46 ++++++++++++++++ kustomize/base/web-ingress.yaml | 20 +++++++ kustomize/base/web-service.yaml | 11 ++++ kustomize/overlays/dev/kustomization.yaml | 13 +++++ kustomize/overlays/test/build.yaml | 3 ++ kustomize/overlays/test/deployment.yaml | 12 +++++ kustomize/overlays/test/hostname.yaml | 6 +++ kustomize/overlays/test/kustomization.yaml | 30 +++++++++++ 16 files changed, 369 insertions(+) create mode 100644 kustomize/README.md create mode 100644 kustomize/base/build.yaml create mode 100644 kustomize/base/kustomization.yaml create mode 100644 kustomize/base/openshift-buildconfig.json create mode 100644 kustomize/base/openshift-deploymentconfig.json create mode 100644 kustomize/base/openshift-route.json create mode 100644 kustomize/base/web-autoscaler.yaml create mode 100644 kustomize/base/web-deployment.yaml create mode 100644 kustomize/base/web-ingress.yaml create mode 100644 kustomize/base/web-service.yaml create mode 100644 kustomize/overlays/dev/kustomization.yaml create mode 100644 kustomize/overlays/test/build.yaml create mode 100644 kustomize/overlays/test/deployment.yaml create mode 100644 kustomize/overlays/test/hostname.yaml create mode 100644 kustomize/overlays/test/kustomization.yaml diff --git a/.gitignore b/.gitignore index 514c6bf6..726272a7 100644 --- a/.gitignore +++ b/.gitignore @@ -4,6 +4,7 @@ webpack-stats.json # MySQL data files .data ngrok.yml +**/secrets # Temp files *.swp diff --git a/kustomize/README.md b/kustomize/README.md new file mode 100644 index 00000000..c8b5534e --- /dev/null +++ b/kustomize/README.md @@ -0,0 +1,42 @@ +# OpenShift configuration with Kustomize + +Resource configuration and secret consumption for OpenShift projects are managed +using [`kustomize`](https://kubectl.docs.kubernetes.io/guides/introduction/kustomize/). + +## Setup + +1. Populate `service/secrets/*`. + + Sensitive values and files are located in the + [Office Hours Secrets](https://www.dropbox.com/sh/n1igrgdsm4rt4uf/AAAXLbZOT7tpVk8XZEQj5E0ca?dl=0) + Dropbox folder. Merge the `base` and `overlays` directories with their equivalents in the `service` + directory in your local repository. + +2. Install `kustomize`. + + You can install Kustomize using the command from the + [website](https://kubectl.docs.kubernetes.io/installation/kustomize/binaries/), + and adding version 3.8.5 (what is supported for now) as an argument. + ``` + curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash -s 3.8.5 + ``` + +## Updating a project + +1. Login and select the desired project using `oc`. + ``` + oc login ... + oc project canvas-app-explorer-dev + ``` + +2. Fron the `service` directory, use `kustomize build` on an overlay directory +and pipe the result to `oc apply`. + ``` + kustomize build overlays/dev | oc apply -f - --validate + ``` + +To make changes to a project's ingress (e.g. updating certificates), +you may need to first delete the ingress before running `kustomize build`. +``` +oc delete ingress some-ingress-name +``` diff --git a/kustomize/base/build.yaml b/kustomize/base/build.yaml new file mode 100644 index 00000000..cf23813d --- /dev/null +++ b/kustomize/base/build.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: BuildConfig +metadata: + name: web +spec: + output: + to: + kind: DockerImage + name: docker-registry.default.svc:5000/canvas-app-explorer-dev/canvas-app-explorer:latest + runPolicy: Serial + source: + git: + uri: https://github.com/tl-its-umich-edu/canvas-app-explorer.git + ref: "main" + type: Git + strategy: + type: Docker + dockerStrategy: + dockerfilePath: dockerfiles/Dockerfile.openshift + noCache: true + forcePull: true + triggers: + - type: "GitHub" + github: + secretReference: + name: github + nodeSelector: {} +status: + lastVersion: 0 diff --git a/kustomize/base/kustomization.yaml b/kustomize/base/kustomization.yaml new file mode 100644 index 00000000..86589410 --- /dev/null +++ b/kustomize/base/kustomization.yaml @@ -0,0 +1,19 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +commonLabels: + org: umich +resources: +- web-autoscaler.yaml +- web-deployment.yaml +- web-service.yaml +# - web-ingress.yaml +- build.yaml +commonLabels: + project: canvas-app-explorer +namePrefix: canvas-app-explorer- +configMapGenerator: +- name: canvas-app-explorer +crds: # Use CRDs to support OpenShift resource kinds +- openshift-buildconfig.json +- openshift-deploymentconfig.json +- openshift-route.json \ No newline at end of file diff --git a/kustomize/base/openshift-buildconfig.json b/kustomize/base/openshift-buildconfig.json new file mode 100644 index 00000000..932db16a --- /dev/null +++ b/kustomize/base/openshift-buildconfig.json @@ -0,0 +1,52 @@ +{ + "github.com/adnovum/kustomize-openshift/dc.openshift.io.v1.BuildConfig": { + "Schema": { + "description": "This is a fake CRD description to make kustomize fix OpenShift DeploymentConfig resources. See: https://github.com/adnovum/kustomize-openshift", + "properties": { + "apiVersion": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "metadata": { + "$ref": "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta" + }, + "spec": { + "$ref": "github.com/adnovum/kustomize-openshift/dc.openshift.io.v1.BuildConfigSpec" + } + } + } + }, + "github.com/adnovum/kustomize-openshift/dc.openshift.io.v1.BuildConfigSpec": { + "Schema": { + "properties": { + "source/sourceSecret": { + "x-kubernetes-object-ref-api-version": "v1", + "x-kubernetes-object-ref-kind": "Secret", + "x-kubernetes-object-ref-name-key": "name" + }, + "source/secrets/secret": { + "x-kubernetes-object-ref-api-version": "v1", + "x-kubernetes-object-ref-kind": "Secret", + "x-kubernetes-object-ref-name-key": "name" + }, + "triggers/gitlab/secretReference": { + "x-kubernetes-object-ref-api-version": "v1", + "x-kubernetes-object-ref-kind": "Secret", + "x-kubernetes-object-ref-name-key": "name" + }, + "triggers/github/secretReference": { + "x-kubernetes-object-ref-api-version": "v1", + "x-kubernetes-object-ref-kind": "Secret", + "x-kubernetes-object-ref-name-key": "name" + }, + "triggers/generic/secretReference": { + "x-kubernetes-object-ref-api-version": "v1", + "x-kubernetes-object-ref-kind": "Secret", + "x-kubernetes-object-ref-name-key": "name" + } + } + } + } +} diff --git a/kustomize/base/openshift-deploymentconfig.json b/kustomize/base/openshift-deploymentconfig.json new file mode 100644 index 00000000..51fa8205 --- /dev/null +++ b/kustomize/base/openshift-deploymentconfig.json @@ -0,0 +1,43 @@ +{ + "github.com/adnovum/kustomize-openshift/dc.openshift.io.v1.DeploymentConfig": { + "Schema": { + "description": "This is a fake CRD description to make kustomize fix OpenShift DeploymentConfig resources. See: https://github.com/adnovum/kustomize-openshift", + "properties": { + "apiVersion": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "metadata": { + "$ref": "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta" + }, + "spec": { + "$ref": "github.com/adnovum/kustomize-openshift/dc.openshift.io.v1.DeploymentConfigSpec" + } + } + } + }, + "github.com/adnovum/kustomize-openshift/dc.openshift.io.v1.DeploymentConfigSpec": { + "Schema": { + "properties": { + "template/metadata": { + "$ref": "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta" + }, + "template/spec/volumes/configMap": { + "x-kubernetes-object-ref-api-version": "v1", + "x-kubernetes-object-ref-kind": "ConfigMap" + }, + "template/spec/containers/envFrom/configMapRef": { + "x-kubernetes-object-ref-api-version": "v1", + "x-kubernetes-object-ref-kind": "ConfigMap" + }, + "template/spec/containers/envFrom/secretRef": { + "x-kubernetes-object-ref-api-version": "v1", + "x-kubernetes-object-ref-kind": "Secret", + "x-kubernetes-object-ref-name-key": "name" + } + } + } + } +} \ No newline at end of file diff --git a/kustomize/base/openshift-route.json b/kustomize/base/openshift-route.json new file mode 100644 index 00000000..70b462ce --- /dev/null +++ b/kustomize/base/openshift-route.json @@ -0,0 +1,31 @@ +{ + "github.com/adnovum/kustomize-openshift/route.openshift.io.v1.Route": { + "Schema": { + "description": "This is a fake CRD description to make kustomize fix OpenShift route resources. See: https://github.com/adnovum/kustomize-openshift", + "properties": { + "apiVersion": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "metadata": { + "$ref": "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta" + }, + "spec": { + "$ref": "github.com/adnovum/kustomize-openshift/route.openshift.io.v1.RouteSpec" + } + } + } + }, + "github.com/adnovum/kustomize-openshift/route.openshift.io.v1.RouteSpec": { + "Schema": { + "properties": { + "to": { + "x-kubernetes-object-ref-api-version": "v1", + "x-kubernetes-object-ref-kind": "Service" + } + } + } + } +} diff --git a/kustomize/base/web-autoscaler.yaml b/kustomize/base/web-autoscaler.yaml new file mode 100644 index 00000000..70eae702 --- /dev/null +++ b/kustomize/base/web-autoscaler.yaml @@ -0,0 +1,11 @@ +apiVersion: autoscaling/v1 +kind: HorizontalPodAutoscaler +metadata: + name: web +spec: + scaleTargetRef: + apiVersion: v1 + kind: DeploymentConfig + name: canvas-app-explorer-web-dev + minReplicas: 1 + maxReplicas: 1 \ No newline at end of file diff --git a/kustomize/base/web-deployment.yaml b/kustomize/base/web-deployment.yaml new file mode 100644 index 00000000..fe7353e9 --- /dev/null +++ b/kustomize/base/web-deployment.yaml @@ -0,0 +1,46 @@ +apiVersion: v1 +kind: DeploymentConfig +metadata: + name: web + labels: + app: web +spec: + replicas: 1 + selector: + app: web + org: umich + project: canvas-app-explorer + variant: dev + strategy: + type: Recreate + template: + metadata: + labels: + app: web + org: umich + project: canvas-app-explorer + variant: dev + spec: + containers: + - name: web + image: docker-registry.default.svc:5000/canvas-app-explorer-dev/canvas-app-explorer:latest + ports: + - containerPort: 5000 + protocol: TCP + envFrom: + - configMapRef: + name: canvas-app-explorer + resources: + limits: + cpu: "1" + memory: 4Gi + triggers: + - type: "ImageChange" + imageChangeParams: + automatic: true + from: + kind: "ImageStreamTag" + name: "canvas-app-explorer:latest" + namespace: "canvas-app-explorer-dev" + containerNames: + - "web" \ No newline at end of file diff --git a/kustomize/base/web-ingress.yaml b/kustomize/base/web-ingress.yaml new file mode 100644 index 00000000..3838e5d8 --- /dev/null +++ b/kustomize/base/web-ingress.yaml @@ -0,0 +1,20 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: web + labels: + app: web +spec: + rules: + - host: dev-canvas-app-explorer-dev.webplatformsunpublished.umich.edu + http: + paths: + - path: / + backend: + serviceName: web + servicePort: 5000 + tls: + - hosts: + - dev-canvas-app-explorer-dev.webplatformsunpublished.umich.edu + secret: + optional: true \ No newline at end of file diff --git a/kustomize/base/web-service.yaml b/kustomize/base/web-service.yaml new file mode 100644 index 00000000..e759f51c --- /dev/null +++ b/kustomize/base/web-service.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Service +metadata: + name: web +spec: + selector: + app: web + ports: + - port: 5000 + targetPort: 5000 + protocol: TCP \ No newline at end of file diff --git a/kustomize/overlays/dev/kustomization.yaml b/kustomize/overlays/dev/kustomization.yaml new file mode 100644 index 00000000..81941f48 --- /dev/null +++ b/kustomize/overlays/dev/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +commonLabels: + variant: dev + org: umich +nameSuffix: -dev +bases: +- ../../base +configMapGenerator: + - name: canvas-app-explorer + behavior: replace + envs: + - secrets/configmap-dev.properties \ No newline at end of file diff --git a/kustomize/overlays/test/build.yaml b/kustomize/overlays/test/build.yaml new file mode 100644 index 00000000..e7dbb951 --- /dev/null +++ b/kustomize/overlays/test/build.yaml @@ -0,0 +1,3 @@ +- op: replace + path: /spec/output/to/name + value: docker-registry.default.svc:5000/canvas-app-explorer-test/canvas-app-explorer:latest \ No newline at end of file diff --git a/kustomize/overlays/test/deployment.yaml b/kustomize/overlays/test/deployment.yaml new file mode 100644 index 00000000..afcfecf0 --- /dev/null +++ b/kustomize/overlays/test/deployment.yaml @@ -0,0 +1,12 @@ +- op: replace + path: /spec/template/spec/containers/0/image + value: docker-registry.default.svc:5000/canvas-app-explorer-test/canvas-app-explorer:latest +- op: replace + path: /spec/selector/variant + value: test +- op: replace + path: /spec/template/metadata/labels/variant + value: test +- op: replace + path: /spec/triggers/0/imageChangeParams/from/namespace + value: canvas-app-explorer-test \ No newline at end of file diff --git a/kustomize/overlays/test/hostname.yaml b/kustomize/overlays/test/hostname.yaml new file mode 100644 index 00000000..0e05b2b1 --- /dev/null +++ b/kustomize/overlays/test/hostname.yaml @@ -0,0 +1,6 @@ +- op: add + path: /spec/rules/0/host + value: test-canvas-app-explorer-test.webplatformsunpublished.umich.edu +- op: replace + path: /spec/tls/0/hosts/0 + value: test-canvas-app-explorer-test.webplatformsunpublished.umich.edu \ No newline at end of file diff --git a/kustomize/overlays/test/kustomization.yaml b/kustomize/overlays/test/kustomization.yaml new file mode 100644 index 00000000..c3c57337 --- /dev/null +++ b/kustomize/overlays/test/kustomization.yaml @@ -0,0 +1,30 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +commonLabels: + variant: test + org: umich +nameSuffix: -test +bases: +- ../../base +patchesJson6902: +#- target: +# group: extensions +# version: v1beta1 +# kind: Ingress +# name: web +# path: hostname.yaml +- target: + version: v1 + kind: DeploymentConfig + name: web + path: deployment.yaml +- target: + version: v1 + kind: BuildConfig + name: web + path: build.yaml +configMapGenerator: + - name: canvas-app-explorer + behavior: replace + envs: + - secrets/configmap-test.properties \ No newline at end of file