core/oc-k8s
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fully working oc-k8s

Browse Source
This commit is contained in:
mr
2026-02-05 08:43:21 +01:00
parent 5acf96919c
commit 7fb81e9829
16 changed files with 253 additions and 163 deletions
Download Patch File Download Diff File Expand all files Collapse all files

187
README.md
View File

@@ -27,77 +27,158 @@ sudo chmod +x /usr/bin/oc-k8s
# Generate values (optionnal)
Go on ./cmd or `cp ./cmd/oc-k8s /usr/local/bin`
Use command :
```
oc-k8s create values [release] [env_file (optionnal)]
```
`oc-k8s create values -r [release] -n [namespace] -c [env_file (optionnal)]`
or
```
./oc-k8s.sh create values [release] [env_file (optionnal)]
```
`./oc-k8s create values -r [release] -n [namespace] -c [env_file (optionnal)]`
Map in a env file, any Variable you wish to override and give the path.
## Resume for a first start
```
oc-k8s start
```
### Do Forget on first run on Terminal
sudo sysctl fs.inotify.max_user_watches=524288
sudo sysctl fs.inotify.max_user_instances=512
### RUN
Look after `oc-k8s help` for details on oc-k8s command.
Use command :
`oc-k8s start -n [namespace] -r [release] -f [folder] -b [branch] -t [target] -p [port] -P [portTLS] -build [true|false]`
or
```
./oc-k8s.sh start
```
To stop :
```
oc-k8s stop
```
or
```
./oc-k8s.sh start
```
## Fire up a kind cluster
`./oc-k8s start -n [namespace] -r [release] -f [folder] -b [branch] -t [target] -p [port] -P [portTLS] -build [true|false]`
WARNING APACHE & NGINX ARE NOT RUNNING:
- `sudo /etc/init.d/apache2 stop`
- `sudo nginx -s stop`
Execute following script to create a single node development k8s cluster
### COMMAND LOOKUP
```
oc-k8s create cluster
```
or
```
./oc-k8s.sh create cluster
```
Main commands: oc-k8s <action>
install - Install opencloud dependancies [arch] [version]
start - Start opencloud k8s
stop - Stop opencloud k8s
Usage:
oc-k8s install -a [arch] -v [version]
arch - Arch of OS (required)
kind_version - version of kind (required)
oc-k8s start -n [namespace] -r [release] -f [folder] -b [branch] -t [target] -p [port] -P [portTLS] -build [true|false]
folder - Helm config folder (required, default: .)
release - environnement selected (default: dev)
namespace - namespace selected (default: dev)
branch - Git branch to build (default: main)
target - make target (default: all)
build - build mode (default: true)
oc-k8s stop -n [namespace] -r [release] -f [folder]
folder - Helm config folder (required, default: .)
release - environnement selected (default: dev)
namespace - namespace selected (default: dev)
It will create a *opencloud* docker container running kubernetes services.
Cluster commands: oc-k8s <action> cluster [options]
create - Create a new kind cluster
delete - Delete the kind cluster
help - Show this help message
## Build everything
Usage:
oc-k8s create cluster -f [env_folder] -r [release]
env_folder - Helm config folder (default: .)
release - Release values name (default: dev)
oc-k8s delete cluster -f [env_folder] -r [release]
env_folder - Helm config folder (default: .)
release - Release values name (default: dev)
oc-k8s help cluster
You need to build and publish all the opencloud microservices images in the kind cluster before deploying the Helm package.
Service commands: oc-k8s <action> services
create - Build all opencloud services
help - Show this help message
Proceed as following:
Usage:
oc-k8s create services -f [env_folder] -r [release] -b [branch] -t [target] -build [true|false]
env_folder - Helm config folder (required, default: .)
release - Release values name (required, default: dev)
branch - Git branch to build (default: main)
target - make target (default: all)
build - build mode (default: true)
oc-k8s help services
```
oc-k8s build services [branch(default:mail)] [target(default:all)]
```
or
```
./oc-k8s.sh build services [branch(default:mail)] [target(default:all)]
```
Helm commands: oc-k8s <action> helm
install - Install Helm
create - Install a helm release for the given environment (default: dev)
delete - Uninstall a helm release for the given environment (default: dev)
help - Show this help message
## Deploy the opencloud chart
Usage:
oc-k8s install helm
oc-k8s create helm -n [namespace] -r [release] -f [folder]
folder - Helm config folder (required, default: .)
release - environnement selected (default: dev)
namespace - namespace selected (default: dev)
oc-k8s upgrade helm -n [namespace] -r [release] -f [folder]
folder - Helm config folder (required, default: .)
release - environnement selected (default: dev)
namespace - namespace selected (default: dev)
oc-k8s delete helm -n [namespace] -r [release] -f [folder]
folder - Helm config folder (required, default: .)
release - environnement selected (default: dev)
namespace - namespace selected (default: dev)
oc-k8sh help helm
```
oc-k8s create helm [env(default:dev)]
```
or
```
./oc-k8s.sh create helm [env(default:dev)]
```
Values commands: oc-k8s <action> values
create - Create a new values release yaml
help - Show this help message
Feel free to modify/create a new opencloud/dev-values.yaml. Provided setup should work out of the box, but is not suitable for production usage.
Usage:
oc-k8s create values -r [release] -f [env_folder] -c [env_file]
release - Release values name (required)
env_folder - Helm config folder (optionnal, default: .)
env_file - env to map (optionnal)
oc-k8s help values
K3S commands: oc-k8s <action> k3s
install - Install k3s
create - Create a new cluster
help - Show this help message
Usage:
oc-k8s install k3s
oc-k8s create k3s
oc-k8s help values
Kind commands: oc-k8s <action> kind
install - Install kind
help - Show this help message
Usage:
oc-k8s install kind -a [arch] -v [version]
arch - Arch of OS (required, default: amd64)
kind_version - version of kind (optionnal)
oc-k8s help values
DB commands: oc-k8s <action> db [options]
create - Add datas in db
replace - Replace datas in db
delete - Delete datas in db
help - Show this help message
Usage:
oc-k8s create db --d [db_name] -r [release] -n [namespace] -f [folder]
folder - Datas folder files path (required)
release - Release values name (default: dev)
namespace - Namespace values name (default: dev)
db_name - db name (default: opencloud)
folder - Helm config folder (required, default: .)
oc-k8s upgrade db -d [db_name] -r [release] -n [namespace] -f [folder]
folder - Datas folder files path (required)
release - Release values name (default: dev)
namespace - Namespace values name (default: dev)
db_name - db name (default: opencloud)
oc-k8s delete db -d [db_name] -r [release] -n [namespace] -f [folder]
release - Release values name (default: dev)
namespace - Namespace values name (default: dev)
db_name - db name (default: opencloud)
folder - Helm config folder (required, default: .)
oc-k8s help db
```
## Hostname settings

6
cmd/main.go
View File

@@ -65,6 +65,8 @@ func action() error {
mUsr := flag.String("m", "admin", "Mongo user")
mPwd := flag.String("M", "admin", "Mongo password")
build := flag.Bool("build", true, "build mode")
if len(os.Args) > 2 && slices.Contains([]string{"start", "help", "stop"}, os.Args[1]) {
flag.CommandLine.Parse(os.Args[2:])
} else if len(os.Args) > 3 {
@@ -76,7 +78,7 @@ func action() error {
action := os.Args[1]
switch action {
case "start":
internal.Start(*folder, *release, *namespace, *branch, *target)
internal.Start(*folder, *release, *namespace, *branch, *target, *build)
case "stop":
internal.Stop(*folder, *release, *namespace)
case "extract":
@@ -135,7 +137,7 @@ func action() error {
case "db":
return internal.Create_DB(folder, *release, *namespace, *dbName, *mUsr, *mPwd)
case "services":
return internal.Create_Service(*folder, *release, *branch, *target)
return internal.Create_Service(*folder, *release, *branch, *target, *build)
case "values":
return internal.Create_Values(folder, release, confFile)
default:

BIN
cmd/oc-k8s
View File

Binary file not shown.

54
cmd/test-values.yaml Executable file → Normal file
View File

@@ -2,7 +2,7 @@ env: test # For storage class provisioning
clusterName: opencloud
hostNetwork: true
host: beta.opencloud.com
hostPort: 80
hostPort: 9500
registryHost: oc
scheme: http
@@ -74,7 +74,7 @@ nats:
# if you already created the claim, set existingClaim:
existingClaim: nats-pvc
# storageClassName: local-path or standard (use the SC in your cluster)
storageClassName: ""
storageClassName: standard
size: 50Gi
# name is the volume name used in volumeMounts; keep it simple
name: nats-jetstream
@@ -96,9 +96,9 @@ openldap:
LDAP_BACKEND: "mdb"
LDAP_TLS: "false"
LDAP_TLS_ENFORCE: "false"
LDAP_REMOVE_CONFIG_AFTER_SETUP: "false"
adminPassword: "{SSHA}HMWJO7XCw80he2lqMf0PHzvvF14p6aLE"
configPassword: "{SSHA}gr70yyCvtQo2zKe5OkvMkbkLRHUsVqOI"
LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
adminPassword: admin
configPassword: configadmin
phpldapadmin:
enabled: false
persistence:
@@ -112,9 +112,9 @@ openldap:
enabled: false
externalLDAP:
enabled: false
url: ${OC_LDAP_EXTERNAL_ENDPOINT}
bindDN: cn=admin,dc=opencloud,dc=com
bindPassword: "{SSHA}HMWJO7XCw80he2lqMf0PHzvvF14p6aLE"
url: 389
bindDN: uid=admin,dc=opencloud,dc=com
bindPassword: admin
customLdifFiles:
01-schema.ldif: |-
dn: ou=groups,dc=opencloud,dc=com
@@ -175,8 +175,8 @@ openldap:
cn: Admin
sn: Istrator
uid: admin
userPassword: "{SSHA}HMWJO7XCw80he2lqMf0PHzvvF14p6aLE"
mail: admin@example.com
userPassword: {SSHA}HMWJO7XCw80he2lqMf0PHzvvF14p6aLE
mail: morgane.roques@irt-saintexupery.com
ou: users
dn: ou=AppRoles,dc=opencloud,dc=com
@@ -184,10 +184,10 @@ openldap:
ou: AppRoles
description: AppRoles
dn: ou=App1,ou=AppRoles,dc=opencloud,dc=com
dn: ou=Opencloud,ou=AppRoles,dc=opencloud,dc=com
objectClass: organizationalunit
ou: App1
description: App1
ou: Opencloud
description: Opencloud
prometheus:
enabled: true
@@ -339,7 +339,7 @@ loki:
enabled: false # Deactivate loki auto provisioning, rely on existing PVC
accessMode: ReadWriteOnce
size: 1Gi
storageClassName: "standard"
storageClassName: standard
create: false
claimName: loki-pvc
@@ -419,16 +419,17 @@ argo-workflows:
ocAuth:
enabled: true
enableTraefikProxyIntegration: true
image: "oc/oc-auth:0.0.1"
image: oc/oc-auth:0.0.1
authType: hydra
keto:
adminRole: admin
hydra:
openCloudOauth2ClientSecretName: oc-oauth2-client-secret
openCloudOauth2ClientSecretName: opencloud-oauth2-client-secret
ldap:
bindDn: cn=admin,ou=users,dc=opencloud,dc=com
bindDn: cn=admin,dc=opencloud,dc=com
binPwd: admin
baseDn: dc=opencloud,dc=com
userBaseDn: ou=users,dc=opencloud,dc=com
roleBaseDn: ou=AppRoles,dc=opencloud,dc=com
resources:
limits:
@@ -447,7 +448,7 @@ ocAuth:
ocFront:
enabled: true
enableTraefikProxyIntegration: true
image: "oc/oc-front:0.0.1"
image: oc/oc-front:0.0.1
resources:
limits:
cpu: 128m
@@ -465,7 +466,7 @@ ocFront:
ocWorkspace:
enabled: true
enableTraefikProxyIntegration: true
image: "oc/oc-workspace:0.0.1"
image: oc/oc-workspace:0.0.1
resources:
limits:
cpu: 128m
@@ -484,7 +485,7 @@ ocWorkspace:
ocShared:
enabled: true
enableTraefikProxyIntegration: true
image: "oc/oc-shared:0.0.1"
image: oc/oc-shared:0.0.1
resources:
limits:
cpu: 128m
@@ -502,7 +503,7 @@ ocShared:
ocWorkflow:
enabled: true
enableTraefikProxyIntegration: true
image: "oc/oc-workflow:0.0.1"
image: oc/oc-workflow:0.0.1
resources:
limits:
cpu: 128m
@@ -520,7 +521,7 @@ ocWorkflow:
ocCatalog:
enabled: true
enableTraefikProxyIntegration: true
image: "oc/oc-catalog:0.0.1"
image: oc/oc-catalog:0.0.1
resources:
limits:
cpu: 128m
@@ -538,7 +539,7 @@ ocCatalog:
ocPeer:
enabled: true
enableTraefikProxyIntegration: true
image: "oc/oc-peer:0.0.1"
image: oc/oc-peer:0.0.1
resources:
limits:
cpu: 128m
@@ -556,7 +557,7 @@ ocPeer:
ocDatacenter:
enabled: true
enableTraefikProxyIntegration: true
image: "oc/oc-datacenter:0.0.1"
image: oc/oc-datacenter:0.0.1
resources:
limits:
cpu: 128m
@@ -574,7 +575,7 @@ ocDatacenter:
ocSchedulerd:
enabled: true
enableTraefikProxyIntegration: true
image: "oc/oc-schedulerd:0.0.1"
image: oc/oc-schedulerd:0.0.1
resources:
limits:
cpu: 128m
@@ -592,7 +593,7 @@ ocSchedulerd:
ocScheduler:
enabled: true
enableTraefikProxyIntegration: true
image: "oc/oc-scheduler:0.0.1"
image: oc/oc-scheduler:0.0.1
resources:
limits:
cpu: 128m
@@ -621,7 +622,6 @@ docker-registry-ui:
claimName: docker-registry-pvc
persistence:
create: false
storageClassName: standard
existingClaim: docker-registry-pvc
accessMode: ReadWriteOnce
storage: 5Gi

27
internal/cluster.go
View File

@@ -30,14 +30,12 @@ func Delete_Cluster(folder string, release string) error {
if b, err := os.ReadFile(folder + "/" + release + "-values.yaml"); err == nil {
clusterName, _ = utils.Extract(string(b), "clusterName")
}
utils.Exec("kind delete cluster --name " + clusterName)
utils.Exec("yes | sudo cp -rf /etc/rancher/k3s/k3s.yaml ~/.kube/config")
return utils.Exec("chmod 600 ~/.kube/config")
utils.Exec("export KUBECONFIG=~/.kube/config")
return utils.Exec("kind delete cluster --name " + clusterName)
}
func Install_Cluster() error {
utils.Exec("yes | sudo cp -rf /etc/rancher/k3s/k3s.yaml ~/.kube/config")
utils.Exec("chmod 700 /home/mr/.kube")
utils.Exec("sudo cp -rf /etc/rancher/k3s/k3s.yaml ~/.kube/config")
return utils.Exec("chmod 600 ~/.kube/config")
}
@@ -51,8 +49,6 @@ func Create_Cluster(folder string, release string) error {
port, _ = utils.Extract(string(b), "hostPort")
}
utils.Exec("sudo fuser -k -TERM " + port + "/tcp")
utils.Exec("yes | sudo cp -rf /etc/rancher/k3s/k3s.yaml ~/.kube/config")
containerPort := "30950"
if scheme == "https" {
containerPort = "30951"
@@ -73,12 +69,7 @@ nodes:
- containerPort: ` + containerPort + `
hostPort: ` + port + `
protocol: TCP
`
utils.Exec(`docker exec -it oc-control-plane bash -c 'mkdir -p /etc/containerd && cat <<EOF >/etc/containerd/config.toml
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."localhost:5000"]
endpoint = ["http://dev-docker-registry-ui-registry-server.opencloud.svc.cluster.local:5000"]
EOF
containerd config restart'`)
`
cmd := exec.Command("kind", "create", "cluster", "--name", clusterName, "--wait", "0", "--config=-")
cmd.Stdin = bytes.NewBufferString(kindConfig)
cmd.Stdout = os.Stdout
@@ -88,17 +79,25 @@ containerd config restart'`)
fmt.Println(err)
return err
}
utils.Exec(`docker exec -it oc-control-plane bash -c 'mkdir -p /etc/containerd && cat <<EOF >/etc/containerd/config.toml
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."localhost:5000"]
endpoint = ["http://dev-docker-registry-ui-registry-server.opencloud.svc.cluster.local:5000"]
EOF
containerd config restart'`)
fmt.Println("[WARNING] New cluster should be merged into your current config !")
if err := utils.Exec("KUBECONFIG=~/.kube/config:/tmp/kind-" + clusterName + ".kubeconfig kubectl config view --flatten --merge --minify > /tmp/merged-kubeconfig.yaml"); err != nil {
return err
}
if err := utils.Exec("cp -f /tmp/merged-kubeconfig.yaml ~/.kube/config"); err != nil {
return err
}
if err := utils.Exec("export KUBECONFIG=~/.kube/config"); err != nil {
return err
}
if err := utils.Exec("kubectl config get-contexts"); err != nil {
return err
}

2
internal/db.go
View File

@@ -71,11 +71,9 @@ func Create_DB(filePath *string, release string, namespace string, dbName string
}
for _, fileName := range getFileNames(*filePath) {
fmt.Println("ADD file " + fileName + " in collection")
fmt.Println("kubectl cp -n " + namespace + " " + *filePath + "/" + fileName + " \"" + podName + ":/tmp/" + fileName + "\"")
if err := utils.Exec("kubectl cp -n " + namespace + " " + *filePath + "/" + fileName + " \"" + podName + ":/tmp/" + fileName + "\""); err != nil {
return err
}
fmt.Println("kubectl exec -n " + namespace + " " + podName + " -- mongoimport --db " + dbName + " --collection " + strings.ReplaceAll(fileName, ".json", "") + " --file /tmp/" + fileName + " --jsonArray -u " + adminUsr + " -p " + adminPsw +" --authenticationDatabase admin")
if err := utils.Exec("kubectl exec -n " + namespace + " " + podName + " -- mongoimport --db " + dbName + " --collection " + strings.ReplaceAll(fileName, ".json", "") + " --file /tmp/" + fileName + " --jsonArray -u " + adminUsr + " -p " + adminPsw +" --authenticationDatabase admin"); err != nil {
return err
}

7
internal/func.go
View File

@@ -21,12 +21,13 @@ Usage:
oc-k8s install -a [arch] -v [version]
arch - Arch of OS (required)
kind_version - version of kind (required)
oc-k8s start -n [namespace] -r [release] -f [folder] -b [branch] -t [target] -p [port] -P [portTLS]
oc-k8s start -n [namespace] -r [release] -f [folder] -b [branch] -t [target] -p [port] -P [portTLS] -build [true|false]
folder - Helm config folder (required, default: .)
release - environnement selected (default: dev)
namespace - namespace selected (default: dev)
branch - Git branch to build (default: main)
target - make target (default: all)
build - build mode (default: true)
oc-k8s stop -n [namespace] -r [release] -f [folder]
folder - Helm config folder (required, default: .)
release - environnement selected (default: dev)
@@ -40,7 +41,7 @@ Usage:
Help_DB()
}
func Start(folder string, release string, namespace string, branch string, target string) error {
func Start(folder string, release string, namespace string, branch string, target string, build bool) error {
Stop(folder, release, namespace)
if err := Create_K3S(); err != nil {
return err
@@ -48,7 +49,7 @@ func Start(folder string, release string, namespace string, branch string, targe
if err := Create_Cluster(folder, release); err != nil {
return err
}
if err := Create_Service(folder, release, branch, target); err != nil {
if err := Create_Service(folder, release, branch, target, build); err != nil {
return err
}
if err := Create_Helm(folder, release, namespace); err != nil {

19
internal/helm.go
View File

@@ -51,6 +51,7 @@ func Create_Helm(folder string, release string, namespace string) error {
return err
}
ExtractTrees("assets", tmp)
defer os.RemoveAll(tmp)
host := "beta.opencloud.com"
if b, err := os.ReadFile(folder + "/" + release + "-values.yaml"); err == nil {
@@ -68,25 +69,21 @@ func Create_Helm(folder string, release string, namespace string) error {
if err := utils.Exec("helm dependency build " + tmp); err != nil {
return err
}
utils.Exec("sudo ulimit -n 1000000")
utils.Exec("helm repo add jetstack https://charts.jetstack.io")
utils.Exec("helm repo update")
utils.Exec("kubectl apply -f https://github.com/cert-manager/cert-manager/releases/latest/download/cert-manager.crds.yaml")
utils.Exec("helm repo add jetstack https://charts.jetstack.io")
utils.Exec("helm repo update")
utils.Exec("helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.14.0")
utils.Exec("helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.14.0")
utils.Exec("helm install admiralty oci://public.ecr.aws/admiralty/admiralty --namespace admiralty --create-namespace --version 0.17.0 --wait")
utils.Exec("helm repo add argo https://argoproj.github.io/argo-helm")
utils.Exec("helm repo update")
utils.Exec("helm install argo-workflows argo/argo-workflows --namespace argo --create-namespace")
utils.Exec("helm repo add jetstack https://charts.jetstack.io")
utils.Exec("helm repo add argo https://argoproj.github.io/argo-helm")
utils.Exec("helm repo update")
if err := utils.Exec("helm upgrade --install " + release + " " + tmp + " -n " + namespace + " --create-namespace -f " + folder + "/" + release + "-values.yaml --debug"); err != nil {
return err
}
utils.Exec("sudo rm -rf " + tmp)
utils.Exec("sudo sed -i.bak \"\n/[[:space:]]" + host + "$/d\" /etc/hosts")
utils.Exec("echo \"\n127.0.0.1 " + host + "\" | sudo tee -a /etc/hosts > /dev/null")
@@ -99,8 +96,8 @@ func Upgrade_Helm(folder string, release string, namespace string) error {
fmt.Println(err)
return err
}
defer os.RemoveAll(tmp)
ExtractTrees("assets", tmp)
defer os.RemoveAll(tmp)
Delete_Cluster(folder, release)

2
internal/k3s.go
View File

@@ -34,7 +34,7 @@ func Install_K3S() error {
}
func Create_K3S() error {
utils.Exec("yes | sudo cp -rf /etc/rancher/k3s/k3s.yaml ~/.kube/config")
utils.Exec("sudo cp -rf /etc/rancher/k3s/k3s.yaml ~/.kube/config")
utils.Exec("chmod 700 /home/mr/.kube")
return utils.Exec("chmod 600 ~/.kube/config")
}

20
internal/services.go
View File

@@ -20,6 +20,8 @@ var REPOS = []string{
"oc-workspace",
}
var officialRegistry = "opencloudregistry"
func Help_Service() {
fmt.Println(`
Service commands: oc-k8s <action> services
@@ -27,15 +29,25 @@ Service commands: oc-k8s <action> services
help - Show this help message
Usage:
oc-k8s create services -f [env_folder] -r [release] -b [branch] -t [target]
oc-k8s create services -f [env_folder] -r [release] -b [branch] -t [target] -build [true|false]
env_folder - Helm config folder (required, default: .)
release - Release values name (required, default: dev)
branch - Git branch to build (default: main)
target - make target (default: all)
build - build mode (default: true)
oc-k8s help services `)
}
func Create_Service(folder string, release string, branch string, target string) error {
func Create_Service(folder string, release string, branch string, target string, build bool) error {
if build {
return buildService(folder, release, branch, target)
}
utils.Exec("sed -i -e 's/: oc/: " + officialRegistry + "/g' " + folder + "/" + release + "-values.yaml")
return nil
}
func buildService(folder string, release string, branch string, target string) error {
utils.Exec("sed -i -e 's/" + officialRegistry + "/oc/g' " + folder + "/" + release + "-values.yaml")
scheme := "http"
hostname := "beta.opencloud.com"
clusterName := "opencloud"
@@ -62,7 +74,7 @@ func Create_Service(folder string, release string, branch string, target string)
}
}
fmt.Println("Repository '" + repo + "' now exists. Pulling latest changes...")
utils.Exec("cd " + repo + " && git checkout " + branch + " && git pull")
utils.Exec("cd " + repo + " && git pull") // " && git checkout " + branch +
fmt.Println("Build '" + repo + "'...")
if err := utils.Exec("cd " + repo + " && export CLUSTER_NAME=" + clusterName + " && export HOST=" + scheme + "://" + hostname + ":" + pport + " && export KUBERNETES_SERVICE_HOST=" + host + " && export KUBERNETES_SERVICE_PORT=" + port + " && export KUBE_CA=" + ca + " && export KUBE_CERT=" + cert + " && export KUBE_DATA=" + key + " && make " + target); err != nil {
fmt.Println("ERR", err)
@@ -72,3 +84,5 @@ func Create_Service(folder string, release string, branch string, target string)
}
return nil
}
// opencloudregistry.hub.docker.com

12
utils/assets/templates/oc-catalog/deployment.yaml
View File

@@ -15,11 +15,6 @@ spec:
labels:
app: oc-catalog
spec:
volumes:
- name: oc-pem
secret:
secretName: oc-peer-pem
optional: true
{{- if or (eq .Values.env "prod") (eq .Values.env "staging") }}
imagePullSecrets:
- name: regcred
@@ -31,6 +26,9 @@ spec:
- configMapRef:
name: opencloud-config
ports:
- containerPort: 4002
name: libp2p
protocol: TCP
- name: http
containerPort: 8080
protocol: TCP
@@ -47,8 +45,4 @@ spec:
port: 8080
initialDelaySeconds: 10
periodSeconds: 30
volumeMounts:
- name: oc-pem
mountPath: /app/pem
readOnly: true
{{- end }}

3
utils/assets/templates/oc-catalog/service.yaml
View File

@@ -7,6 +7,9 @@ metadata:
app: oc-catalog-svc
spec:
ports:
- port: 4002
targetPort: 4002
name: libp2p
- name: http
port: 8080
protocol: TCP

12
utils/assets/templates/oc-peer/deployment.yaml
View File

@@ -19,21 +19,12 @@ spec:
imagePullSecrets:
- name: regcred
{{- end }}
volumes:
- name: oc-pem
secret:
secretName: oc-peer-pem
optional: true
containers:
- image: "{{ .Values.ocPeer.image }}"
name: oc-peer
envFrom:
- configMapRef:
name: opencloud-config
volumeMounts:
- name: oc-pem
mountPath: /app/pem
readOnly: true
livenessProbe:
httpGet:
path: /oc/version
@@ -41,6 +32,9 @@ spec:
initialDelaySeconds: 10
periodSeconds: 30
ports:
- containerPort: 4001
name: libp2p
protocol: TCP
- name: http
containerPort: 8080
protocol: TCP

3
utils/assets/templates/oc-peer/service.yaml
View File

@@ -7,6 +7,9 @@ metadata:
app: oc-peer-svc
spec:
ports:
- port: 4001
targetPort: 4001
name: libp2p
- name: http
port: 8080
protocol: TCP

8
utils/assets/templates/openCloudConf.yaml
View File

@@ -3,10 +3,13 @@ kind: ConfigMap
metadata:
name: opencloud-config
data:
OC_NAME: "{{ .Values.host }}"
OC_HOSTNAME: "{{ .Values.scheme }}://{{ .Values.host }}:{{ .Values.hostPort }}"
OC_NAMESPACE: "{{ .Release.Namespace }}"
OC_ADMIN_ROLE: "{{ .Values.ocAuth.keto.adminRole }}"
OC_PUBLIC_KEY_PATH: "/keys/public/public.pem"
OC_PRIVATE_KEY_PATH: "/keys/private/private.pem"
OC_PSK_PATH: "/etc/psk/psk"
OC_PUBLIC_KEY_PATH: "/etc/keys/public.pem"
OC_PRIVATE_KEY_PATH: "/etc/keys/private.pem"
OC_OAUTH2_CLIENT_SECRET_NAME: "{{ .Values.ocAuth.hydra.openCloudOauth2ClientSecretName }}"
OC_AUTH: "{{ .Values.ocAuth.authType }}"
OC_AUTH_CONNECTOR_HOST: "{{ .Release.Name }}-hydra-admin.{{ .Release.Namespace }}"
@@ -21,6 +24,7 @@ data:
OC_LDAP_BINDDN: "{{ index .Values.ocAuth.ldap.bindDn }}"
OC_LDAP_BINDPW: "{{ index .Values.ocAuth.ldap.binPwd }}"
OC_LDAP_BASEDN: "{{ index .Values.ocAuth.ldap.baseDn }}"
OC_LDAP_USER_BASEDN: "{{ index .Values.ocAuth.ldap.userBaseDn }}"
OC_LDAP_ROLE_BASEDN: "{{ index .Values.ocAuth.ldap.roleBaseDn }}"
OC_MONGO_URL: "mongodb://{{ index .Values.mongodb.auth.rootUser }}:{{ index .Values.mongodb.auth.rootPassword }}@{{ .Release.Name }}-mongodb.{{ .Release.Namespace }}:27017/{{ index .Values.mongodb.auth.databases 0 }}"
OC_MONGO_DATABASE: "{{ index .Values.mongodb.auth.databases 0 }}"

54
utils/assets/values.yaml.template
View File

@@ -74,7 +74,7 @@ nats:
# if you already created the claim, set existingClaim:
existingClaim: nats-pvc
# storageClassName: local-path or standard (use the SC in your cluster)
storageClassName: ${OC_NATS_STORAGE:-""}
storageClassName: ${OC_NATS_STORAGE:-standard}
size: ${OC_NATS_SIZE:-50Gi}
# name is the volume name used in volumeMounts; keep it simple
name: nats-jetstream
@@ -96,9 +96,9 @@ openldap:
LDAP_BACKEND: "mdb"
LDAP_TLS: "${OC_LDAP_TLS:-false}"
LDAP_TLS_ENFORCE: "${OC_LDAP_TLS:-false}"
LDAP_REMOVE_CONFIG_AFTER_SETUP: "false"
adminPassword: "{SSHA}${OC_LDAP_ADMIN_PWD:-HMWJO7XCw80he2lqMf0PHzvvF14p6aLE}"
configPassword: "{SSHA}${OC_LDAP_CONFIG_PWD:-gr70yyCvtQo2zKe5OkvMkbkLRHUsVqOI}"
LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
adminPassword: ${OC_LDAP_ADMIN_PWD:-admin}
configPassword: ${OC_LDAP_CONFIG_PWD:-configadmin}
phpldapadmin:
enabled: false
persistence:
@@ -112,9 +112,9 @@ openldap:
enabled: false
externalLDAP:
enabled: ${OC_LDAP_EXTERNAL:-false}
url: ${OC_LDAP_EXTERNAL_ENDPOINT}
bindDN: ${OC_LDAP_EXTERNAL_DN:-cn=admin,dc=opencloud,dc=com}
bindPassword: "{SSHA}${OC_LDAP_EXTERNAL_PWD:-HMWJO7XCw80he2lqMf0PHzvvF14p6aLE}"
url: ${OC_LDAP_EXTERNAL_ENDPOINT:-389}
bindDN: ${OC_LDAP_EXTERNAL_DN:-uid=admin,dc=opencloud,dc=com}
bindPassword: ${OC_LDAP_EXTERNAL_PWD:-admin}
customLdifFiles:
01-schema.ldif: |-
dn: ou=${OC_LDAP_GROUPS_OU:-groups},${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com}
@@ -175,8 +175,8 @@ openldap:
cn: Admin
sn: Istrator
uid: ${OC_LDAP_ADMIN_USER:-admin}
userPassword: "{SSHA}${OC_LDAP_ADMIN_PWD:-HMWJO7XCw80he2lqMf0PHzvvF14p6aLE}"
mail: admin@example.com
userPassword: {SSHA}${OC_LDAP_ADMIN_PWD:-HMWJO7XCw80he2lqMf0PHzvvF14p6aLE}
mail: ${OC_LDAP_ADMIN_MAIL:-morgane.roques@irt-saintexupery.com}
ou: ${OC_LDAP_USERS_OU:-users}
dn: ou=AppRoles,${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com}
@@ -184,10 +184,10 @@ openldap:
ou: AppRoles
description: AppRoles
dn: ou=App1,ou=AppRoles,${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com}
dn: ou=${OC_LDAP_ORGANISATION:-Opencloud},ou=AppRoles,${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com}
objectClass: organizationalunit
ou: App1
description: App1
ou: ${OC_LDAP_ORGANISATION:-Opencloud}
description: ${OC_LDAP_ORGANISATION:-Opencloud}
prometheus:
enabled: ${OC_PROMETHEUS_ENABLED:-true}
@@ -300,7 +300,7 @@ loki:
commonConfig:
replication_factor: 1
storage:
storageClassName: standard
storageClassName: ${OC_LOKI_STORAGE:-standard}
type: filesystem
filesystem:
chunks_directory: /var/loki/chunks
@@ -339,7 +339,7 @@ loki:
enabled: false # Deactivate loki auto provisioning, rely on existing PVC
accessMode: ReadWriteOnce
size: ${OC_LOKI_SIZE:-1Gi}
storageClassName: ${OC_LOKI_STORAGE:-"standard"}
storageClassName: ${OC_LOKI_STORAGE:-standard}
create: false
claimName: ${OC_LOKI_PVC:-loki-pvc}
@@ -419,16 +419,17 @@ argo-workflows:
ocAuth:
enabled: ${OC_AUTH_ENABLED:-true}
enableTraefikProxyIntegration: true
image: "${REGISTRY_HOST:-oc}/${OC_AUTH_IMAGE:-oc-auth:0.0.1}"
image: ${REGISTRY_HOST:-oc}/oc-auth:${OC_AUTH_IMAGE_VERSION:-0.0.1}
authType: hydra
keto:
adminRole: admin
hydra:
openCloudOauth2ClientSecretName: oc-oauth2-client-secret
openCloudOauth2ClientSecretName: opencloud-oauth2-client-secret
ldap:
bindDn: ${OC_LDAP_MNGT_ADMIN_DN:-cn=admin,ou=users,dc=opencloud,dc=com}
bindDn: ${OC_LDAP_MNGT_ADMIN_DN:-cn=admin,dc=opencloud,dc=com}
binPwd: ${OC_LDAP_ADMIN_PWD:-admin}
baseDn: ${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com}
userBaseDn: ${OC_LDAP_USER_DN:-ou=users,dc=opencloud,dc=com}
roleBaseDn: ${OC_LDAP_ROLE_DN:-ou=AppRoles,dc=opencloud,dc=com}
resources:
limits:
@@ -447,7 +448,7 @@ ocAuth:
ocFront:
enabled: ${OC_FRONT_ENABLED:-true}
enableTraefikProxyIntegration: true
image: "${REGISTRY_HOST:-oc}/${OC_FRONT_IMAGE:-oc-front:0.0.1}"
image: ${REGISTRY_HOST:-oc}/oc-front:${OC_FRONT_IMAGE_VERSION:-0.0.1}
resources:
limits:
cpu: ${OC_FRONT_LIMITS_CPU:-128m}
@@ -465,7 +466,7 @@ ocFront:
ocWorkspace:
enabled: ${OC_WORKSPACE_ENABLED:-true}
enableTraefikProxyIntegration: true
image: "${REGISTRY_HOST:-oc}/${OC_WORKSPACE_IMAGE:-oc-workspace:0.0.1}"
image: ${REGISTRY_HOST:-oc}/oc-workspace:${OC_WORKSPACE_IMAGE_VERSION:-0.0.1}
resources:
limits:
cpu: ${OC_WORKSPACE_LIMITS_CPU:-128m}
@@ -484,7 +485,7 @@ ocWorkspace:
ocShared:
enabled: ${OC_SHARED_ENABLED:-true}
enableTraefikProxyIntegration: true
image: "${REGISTRY_HOST:-oc}/${OC_SHARED_IMAGE:-oc-shared:0.0.1}"
image: ${REGISTRY_HOST:-oc}/oc-shared:${OC_SHARED_IMAGE_VERSION:-0.0.1}
resources:
limits:
cpu: ${OC_SHARED_LIMITS_CPU:-128m}
@@ -502,7 +503,7 @@ ocShared:
ocWorkflow:
enabled: ${OC_WORKFLOW_ENABLED:-true}
enableTraefikProxyIntegration: true
image: "${REGISTRY_HOST:-oc}/${OC_WORKFLOW_IMAGE:-oc-workflow:0.0.1}"
image: ${REGISTRY_HOST:-oc}/oc-workflow:${OC_WORKFLOW_IMAGE_VERSION:-0.0.1}
resources:
limits:
cpu: ${OC_WORKFLOW_LIMITS_CPU:-128m}
@@ -520,7 +521,7 @@ ocWorkflow:
ocCatalog:
enabled: ${OC_CATALOG_ENABLED:-true}
enableTraefikProxyIntegration: true
image: "${REGISTRY_HOST:-oc}/${OC_CATALOG_IMAGE:-oc-catalog:0.0.1}"
image: ${REGISTRY_HOST:-oc}/oc-catalog:${OC_CATALOG_IMAGE_VERSION:-0.0.1}
resources:
limits:
cpu: ${OC_CATALOG_LIMITS_CPU:-128m}
@@ -538,7 +539,7 @@ ocCatalog:
ocPeer:
enabled: ${OC_PEER_ENABLED:-true}
enableTraefikProxyIntegration: true
image: "${REGISTRY_HOST:-oc}/${OC_PEER_IMAGE:-oc-peer:0.0.1}"
image: ${REGISTRY_HOST:-oc}/oc-peer:${OC_PEER_IMAGE_VERSION:-0.0.1}
resources:
limits:
cpu: ${OC_PEER_LIMITS_CPU:-128m}
@@ -556,7 +557,7 @@ ocPeer:
ocDatacenter:
enabled: ${OC_DATACENTER_ENABLED:-true}
enableTraefikProxyIntegration: true
image: "${REGISTRY_HOST:-oc}/${OC_DATACENTER_IMAGE:-oc-datacenter:0.0.1}"
image: ${REGISTRY_HOST:-oc}/oc-datacenter:${OC_DATACENTER_IMAGE_VERSION:-0.0.1}
resources:
limits:
cpu: ${OC_DATACENTER_LIMITS_CPU:-128m}
@@ -574,7 +575,7 @@ ocDatacenter:
ocSchedulerd:
enabled: ${OC_SCHEDULERD_ENABLED:-true}
enableTraefikProxyIntegration: true
image: "${REGISTRY_HOST:-oc}/${OC_SCHEDULERD_IMAGE:-oc-schedulerd:0.0.1}"
image: ${REGISTRY_HOST:-oc}/oc-schedulerd:${OC_SCHEDULERD_IMAGE_VERSION:-0.0.1}
resources:
limits:
cpu: ${OC_SCHEDULERD_LIMITS_CPU:-128m}
@@ -592,7 +593,7 @@ ocSchedulerd:
ocScheduler:
enabled: ${OC_SCHEDULER_ENABLED:-true}
enableTraefikProxyIntegration: true
image: "${REGISTRY_HOST:-oc}/${OC_SCHEDULER_IMAGE:-oc-scheduler:0.0.1}"
image: ${REGISTRY_HOST:-oc}/oc-scheduler:${OC_SCHEDULER_IMAGE_VERSION:-0.0.1}
resources:
limits:
cpu: ${OC_SCHEDULER_LIMITS_CPU:-128m}
@@ -621,7 +622,6 @@ docker-registry-ui:
claimName: docker-registry-pvc
persistence:
create: false
storageClassName: standard
existingClaim: docker-registry-pvc
accessMode: ReadWriteOnce
storage: ${OC_DOCKER_REGISTRY_SIZE:-5Gi}