diff --git a/README.md b/README.md index 25e124c..4a8f2e3 100644 --- a/README.md +++ b/README.md @@ -27,77 +27,158 @@ sudo chmod +x /usr/bin/oc-k8s # Generate values (optionnal) +Go on ./cmd or `cp ./cmd/oc-k8s /usr/local/bin` + Use command : -``` -oc-k8s create values [release] [env_file (optionnal)] -``` +`oc-k8s create values -r [release] -n [namespace] -c [env_file (optionnal)]` or -``` -./oc-k8s.sh create values [release] [env_file (optionnal)] -``` +`./oc-k8s create values -r [release] -n [namespace] -c [env_file (optionnal)]` Map in a env file, any Variable you wish to override and give the path. ## Resume for a first start -``` -oc-k8s start -``` + +### Do Forget on first run on Terminal +sudo sysctl fs.inotify.max_user_watches=524288 +sudo sysctl fs.inotify.max_user_instances=512 + +### RUN + +Look after `oc-k8s help` for details on oc-k8s command. + +Use command : +`oc-k8s start -n [namespace] -r [release] -f [folder] -b [branch] -t [target] -p [port] -P [portTLS] -build [true|false]` or -``` -./oc-k8s.sh start -``` -To stop : -``` -oc-k8s stop -``` -or -``` -./oc-k8s.sh start -``` -## Fire up a kind cluster +`./oc-k8s start -n [namespace] -r [release] -f [folder] -b [branch] -t [target] -p [port] -P [portTLS] -build [true|false]` -WARNING APACHE & NGINX ARE NOT RUNNING: -- `sudo /etc/init.d/apache2 stop` -- `sudo nginx -s stop` - - -Execute following script to create a single node development k8s cluster +### COMMAND LOOKUP ``` -oc-k8s create cluster -``` -or -``` -./oc-k8s.sh create cluster -``` +Main commands: oc-k8s + install - Install opencloud dependancies [arch] [version] + start - Start opencloud k8s + stop - Stop opencloud k8s +Usage: + oc-k8s install -a [arch] -v [version] + arch - Arch of OS (required) + kind_version - version of kind (required) + oc-k8s start -n [namespace] -r [release] -f [folder] -b [branch] -t [target] -p [port] -P [portTLS] -build [true|false] + folder - Helm config folder (required, default: .) + release - environnement selected (default: dev) + namespace - namespace selected (default: dev) + branch - Git branch to build (default: main) + target - make target (default: all) + build - build mode (default: true) + oc-k8s stop -n [namespace] -r [release] -f [folder] + folder - Helm config folder (required, default: .) + release - environnement selected (default: dev) + namespace - namespace selected (default: dev) -It will create a *opencloud* docker container running kubernetes services. +Cluster commands: oc-k8s cluster [options] + create - Create a new kind cluster + delete - Delete the kind cluster + help - Show this help message -## Build everything +Usage: + oc-k8s create cluster -f [env_folder] -r [release] + env_folder - Helm config folder (default: .) + release - Release values name (default: dev) + oc-k8s delete cluster -f [env_folder] -r [release] + env_folder - Helm config folder (default: .) + release - Release values name (default: dev) + oc-k8s help cluster -You need to build and publish all the opencloud microservices images in the kind cluster before deploying the Helm package. +Service commands: oc-k8s services + create - Build all opencloud services + help - Show this help message -Proceed as following: +Usage: + oc-k8s create services -f [env_folder] -r [release] -b [branch] -t [target] -build [true|false] + env_folder - Helm config folder (required, default: .) + release - Release values name (required, default: dev) + branch - Git branch to build (default: main) + target - make target (default: all) + build - build mode (default: true) + oc-k8s help services -``` -oc-k8s build services [branch(default:mail)] [target(default:all)] -``` -or -``` -./oc-k8s.sh build services [branch(default:mail)] [target(default:all)] -``` +Helm commands: oc-k8s helm + install - Install Helm + create - Install a helm release for the given environment (default: dev) + delete - Uninstall a helm release for the given environment (default: dev) + help - Show this help message -## Deploy the opencloud chart +Usage: + oc-k8s install helm + oc-k8s create helm -n [namespace] -r [release] -f [folder] + folder - Helm config folder (required, default: .) + release - environnement selected (default: dev) + namespace - namespace selected (default: dev) + oc-k8s upgrade helm -n [namespace] -r [release] -f [folder] + folder - Helm config folder (required, default: .) + release - environnement selected (default: dev) + namespace - namespace selected (default: dev) + oc-k8s delete helm -n [namespace] -r [release] -f [folder] + folder - Helm config folder (required, default: .) + release - environnement selected (default: dev) + namespace - namespace selected (default: dev) + oc-k8sh help helm -``` -oc-k8s create helm [env(default:dev)] -``` -or -``` -./oc-k8s.sh create helm [env(default:dev)] -``` +Values commands: oc-k8s values + create - Create a new values release yaml + help - Show this help message -Feel free to modify/create a new opencloud/dev-values.yaml. Provided setup should work out of the box, but is not suitable for production usage. +Usage: + oc-k8s create values -r [release] -f [env_folder] -c [env_file] + release - Release values name (required) + env_folder - Helm config folder (optionnal, default: .) + env_file - env to map (optionnal) + oc-k8s help values + +K3S commands: oc-k8s k3s + install - Install k3s + create - Create a new cluster + help - Show this help message + +Usage: + oc-k8s install k3s + oc-k8s create k3s + oc-k8s help values + +Kind commands: oc-k8s kind + install - Install kind + help - Show this help message + +Usage: + oc-k8s install kind -a [arch] -v [version] + arch - Arch of OS (required, default: amd64) + kind_version - version of kind (optionnal) + oc-k8s help values + +DB commands: oc-k8s db [options] + create - Add datas in db + replace - Replace datas in db + delete - Delete datas in db + help - Show this help message + +Usage: + oc-k8s create db --d [db_name] -r [release] -n [namespace] -f [folder] + folder - Datas folder files path (required) + release - Release values name (default: dev) + namespace - Namespace values name (default: dev) + db_name - db name (default: opencloud) + folder - Helm config folder (required, default: .) + oc-k8s upgrade db -d [db_name] -r [release] -n [namespace] -f [folder] + folder - Datas folder files path (required) + release - Release values name (default: dev) + namespace - Namespace values name (default: dev) + db_name - db name (default: opencloud) + oc-k8s delete db -d [db_name] -r [release] -n [namespace] -f [folder] + release - Release values name (default: dev) + namespace - Namespace values name (default: dev) + db_name - db name (default: opencloud) + folder - Helm config folder (required, default: .) + oc-k8s help db +``` ## Hostname settings diff --git a/cmd/main.go b/cmd/main.go index bc938cc..ce95c1e 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -65,6 +65,8 @@ func action() error { mUsr := flag.String("m", "admin", "Mongo user") mPwd := flag.String("M", "admin", "Mongo password") + build := flag.Bool("build", true, "build mode") + if len(os.Args) > 2 && slices.Contains([]string{"start", "help", "stop"}, os.Args[1]) { flag.CommandLine.Parse(os.Args[2:]) } else if len(os.Args) > 3 { @@ -76,7 +78,7 @@ func action() error { action := os.Args[1] switch action { case "start": - internal.Start(*folder, *release, *namespace, *branch, *target) + internal.Start(*folder, *release, *namespace, *branch, *target, *build) case "stop": internal.Stop(*folder, *release, *namespace) case "extract": @@ -135,7 +137,7 @@ func action() error { case "db": return internal.Create_DB(folder, *release, *namespace, *dbName, *mUsr, *mPwd) case "services": - return internal.Create_Service(*folder, *release, *branch, *target) + return internal.Create_Service(*folder, *release, *branch, *target, *build) case "values": return internal.Create_Values(folder, release, confFile) default: diff --git a/cmd/oc-k8s b/cmd/oc-k8s index 40dae85..37b6344 100755 Binary files a/cmd/oc-k8s and b/cmd/oc-k8s differ diff --git a/cmd/test-values.yaml b/cmd/test-values.yaml old mode 100755 new mode 100644 index c96c9d5..e76f317 --- a/cmd/test-values.yaml +++ b/cmd/test-values.yaml @@ -2,7 +2,7 @@ env: test # For storage class provisioning clusterName: opencloud hostNetwork: true host: beta.opencloud.com -hostPort: 80 +hostPort: 9500 registryHost: oc scheme: http @@ -74,7 +74,7 @@ nats: # if you already created the claim, set existingClaim: existingClaim: nats-pvc # storageClassName: local-path or standard (use the SC in your cluster) - storageClassName: "" + storageClassName: standard size: 50Gi # name is the volume name used in volumeMounts; keep it simple name: nats-jetstream @@ -96,9 +96,9 @@ openldap: LDAP_BACKEND: "mdb" LDAP_TLS: "false" LDAP_TLS_ENFORCE: "false" - LDAP_REMOVE_CONFIG_AFTER_SETUP: "false" - adminPassword: "{SSHA}HMWJO7XCw80he2lqMf0PHzvvF14p6aLE" - configPassword: "{SSHA}gr70yyCvtQo2zKe5OkvMkbkLRHUsVqOI" + LDAP_REMOVE_CONFIG_AFTER_SETUP: "true" + adminPassword: admin + configPassword: configadmin phpldapadmin: enabled: false persistence: @@ -112,9 +112,9 @@ openldap: enabled: false externalLDAP: enabled: false - url: ${OC_LDAP_EXTERNAL_ENDPOINT} - bindDN: cn=admin,dc=opencloud,dc=com - bindPassword: "{SSHA}HMWJO7XCw80he2lqMf0PHzvvF14p6aLE" + url: 389 + bindDN: uid=admin,dc=opencloud,dc=com + bindPassword: admin customLdifFiles: 01-schema.ldif: |- dn: ou=groups,dc=opencloud,dc=com @@ -175,8 +175,8 @@ openldap: cn: Admin sn: Istrator uid: admin - userPassword: "{SSHA}HMWJO7XCw80he2lqMf0PHzvvF14p6aLE" - mail: admin@example.com + userPassword: {SSHA}HMWJO7XCw80he2lqMf0PHzvvF14p6aLE + mail: morgane.roques@irt-saintexupery.com ou: users dn: ou=AppRoles,dc=opencloud,dc=com @@ -184,10 +184,10 @@ openldap: ou: AppRoles description: AppRoles - dn: ou=App1,ou=AppRoles,dc=opencloud,dc=com + dn: ou=Opencloud,ou=AppRoles,dc=opencloud,dc=com objectClass: organizationalunit - ou: App1 - description: App1 + ou: Opencloud + description: Opencloud prometheus: enabled: true @@ -339,7 +339,7 @@ loki: enabled: false # Deactivate loki auto provisioning, rely on existing PVC accessMode: ReadWriteOnce size: 1Gi - storageClassName: "standard" + storageClassName: standard create: false claimName: loki-pvc @@ -419,16 +419,17 @@ argo-workflows: ocAuth: enabled: true enableTraefikProxyIntegration: true - image: "oc/oc-auth:0.0.1" + image: oc/oc-auth:0.0.1 authType: hydra keto: adminRole: admin hydra: - openCloudOauth2ClientSecretName: oc-oauth2-client-secret + openCloudOauth2ClientSecretName: opencloud-oauth2-client-secret ldap: - bindDn: cn=admin,ou=users,dc=opencloud,dc=com + bindDn: cn=admin,dc=opencloud,dc=com binPwd: admin baseDn: dc=opencloud,dc=com + userBaseDn: ou=users,dc=opencloud,dc=com roleBaseDn: ou=AppRoles,dc=opencloud,dc=com resources: limits: @@ -447,7 +448,7 @@ ocAuth: ocFront: enabled: true enableTraefikProxyIntegration: true - image: "oc/oc-front:0.0.1" + image: oc/oc-front:0.0.1 resources: limits: cpu: 128m @@ -465,7 +466,7 @@ ocFront: ocWorkspace: enabled: true enableTraefikProxyIntegration: true - image: "oc/oc-workspace:0.0.1" + image: oc/oc-workspace:0.0.1 resources: limits: cpu: 128m @@ -484,7 +485,7 @@ ocWorkspace: ocShared: enabled: true enableTraefikProxyIntegration: true - image: "oc/oc-shared:0.0.1" + image: oc/oc-shared:0.0.1 resources: limits: cpu: 128m @@ -502,7 +503,7 @@ ocShared: ocWorkflow: enabled: true enableTraefikProxyIntegration: true - image: "oc/oc-workflow:0.0.1" + image: oc/oc-workflow:0.0.1 resources: limits: cpu: 128m @@ -520,7 +521,7 @@ ocWorkflow: ocCatalog: enabled: true enableTraefikProxyIntegration: true - image: "oc/oc-catalog:0.0.1" + image: oc/oc-catalog:0.0.1 resources: limits: cpu: 128m @@ -538,7 +539,7 @@ ocCatalog: ocPeer: enabled: true enableTraefikProxyIntegration: true - image: "oc/oc-peer:0.0.1" + image: oc/oc-peer:0.0.1 resources: limits: cpu: 128m @@ -556,7 +557,7 @@ ocPeer: ocDatacenter: enabled: true enableTraefikProxyIntegration: true - image: "oc/oc-datacenter:0.0.1" + image: oc/oc-datacenter:0.0.1 resources: limits: cpu: 128m @@ -574,7 +575,7 @@ ocDatacenter: ocSchedulerd: enabled: true enableTraefikProxyIntegration: true - image: "oc/oc-schedulerd:0.0.1" + image: oc/oc-schedulerd:0.0.1 resources: limits: cpu: 128m @@ -592,7 +593,7 @@ ocSchedulerd: ocScheduler: enabled: true enableTraefikProxyIntegration: true - image: "oc/oc-scheduler:0.0.1" + image: oc/oc-scheduler:0.0.1 resources: limits: cpu: 128m @@ -621,7 +622,6 @@ docker-registry-ui: claimName: docker-registry-pvc persistence: create: false - storageClassName: standard existingClaim: docker-registry-pvc accessMode: ReadWriteOnce storage: 5Gi diff --git a/internal/cluster.go b/internal/cluster.go index c1e1e69..3358c75 100644 --- a/internal/cluster.go +++ b/internal/cluster.go @@ -30,14 +30,12 @@ func Delete_Cluster(folder string, release string) error { if b, err := os.ReadFile(folder + "/" + release + "-values.yaml"); err == nil { clusterName, _ = utils.Extract(string(b), "clusterName") } - utils.Exec("kind delete cluster --name " + clusterName) - utils.Exec("yes | sudo cp -rf /etc/rancher/k3s/k3s.yaml ~/.kube/config") - return utils.Exec("chmod 600 ~/.kube/config") + utils.Exec("export KUBECONFIG=~/.kube/config") + return utils.Exec("kind delete cluster --name " + clusterName) } func Install_Cluster() error { - utils.Exec("yes | sudo cp -rf /etc/rancher/k3s/k3s.yaml ~/.kube/config") - utils.Exec("chmod 700 /home/mr/.kube") + utils.Exec("sudo cp -rf /etc/rancher/k3s/k3s.yaml ~/.kube/config") return utils.Exec("chmod 600 ~/.kube/config") } @@ -51,8 +49,6 @@ func Create_Cluster(folder string, release string) error { port, _ = utils.Extract(string(b), "hostPort") } utils.Exec("sudo fuser -k -TERM " + port + "/tcp") - utils.Exec("yes | sudo cp -rf /etc/rancher/k3s/k3s.yaml ~/.kube/config") - containerPort := "30950" if scheme == "https" { containerPort = "30951" @@ -73,12 +69,7 @@ nodes: - containerPort: ` + containerPort + ` hostPort: ` + port + ` protocol: TCP -` - utils.Exec(`docker exec -it oc-control-plane bash -c 'mkdir -p /etc/containerd && cat </etc/containerd/config.toml -[plugins."io.containerd.grpc.v1.cri".registry.mirrors."localhost:5000"] - endpoint = ["http://dev-docker-registry-ui-registry-server.opencloud.svc.cluster.local:5000"] -EOF -containerd config restart'`) +` cmd := exec.Command("kind", "create", "cluster", "--name", clusterName, "--wait", "0", "--config=-") cmd.Stdin = bytes.NewBufferString(kindConfig) cmd.Stdout = os.Stdout @@ -88,17 +79,25 @@ containerd config restart'`) fmt.Println(err) return err } + utils.Exec(`docker exec -it oc-control-plane bash -c 'mkdir -p /etc/containerd && cat </etc/containerd/config.toml +[plugins."io.containerd.grpc.v1.cri".registry.mirrors."localhost:5000"] + endpoint = ["http://dev-docker-registry-ui-registry-server.opencloud.svc.cluster.local:5000"] +EOF +containerd config restart'`) fmt.Println("[WARNING] New cluster should be merged into your current config !") if err := utils.Exec("KUBECONFIG=~/.kube/config:/tmp/kind-" + clusterName + ".kubeconfig kubectl config view --flatten --merge --minify > /tmp/merged-kubeconfig.yaml"); err != nil { return err } - if err := utils.Exec("cp -f /tmp/merged-kubeconfig.yaml ~/.kube/config"); err != nil { return err } + if err := utils.Exec("export KUBECONFIG=~/.kube/config"); err != nil { + return err + } + if err := utils.Exec("kubectl config get-contexts"); err != nil { return err } diff --git a/internal/db.go b/internal/db.go index a46ee4c..3c4569c 100644 --- a/internal/db.go +++ b/internal/db.go @@ -71,11 +71,9 @@ func Create_DB(filePath *string, release string, namespace string, dbName string } for _, fileName := range getFileNames(*filePath) { fmt.Println("ADD file " + fileName + " in collection") - fmt.Println("kubectl cp -n " + namespace + " " + *filePath + "/" + fileName + " \"" + podName + ":/tmp/" + fileName + "\"") if err := utils.Exec("kubectl cp -n " + namespace + " " + *filePath + "/" + fileName + " \"" + podName + ":/tmp/" + fileName + "\""); err != nil { return err } - fmt.Println("kubectl exec -n " + namespace + " " + podName + " -- mongoimport --db " + dbName + " --collection " + strings.ReplaceAll(fileName, ".json", "") + " --file /tmp/" + fileName + " --jsonArray -u " + adminUsr + " -p " + adminPsw +" --authenticationDatabase admin") if err := utils.Exec("kubectl exec -n " + namespace + " " + podName + " -- mongoimport --db " + dbName + " --collection " + strings.ReplaceAll(fileName, ".json", "") + " --file /tmp/" + fileName + " --jsonArray -u " + adminUsr + " -p " + adminPsw +" --authenticationDatabase admin"); err != nil { return err } diff --git a/internal/func.go b/internal/func.go index 0e378ee..9b2bac8 100644 --- a/internal/func.go +++ b/internal/func.go @@ -21,12 +21,13 @@ Usage: oc-k8s install -a [arch] -v [version] arch - Arch of OS (required) kind_version - version of kind (required) - oc-k8s start -n [namespace] -r [release] -f [folder] -b [branch] -t [target] -p [port] -P [portTLS] + oc-k8s start -n [namespace] -r [release] -f [folder] -b [branch] -t [target] -p [port] -P [portTLS] -build [true|false] folder - Helm config folder (required, default: .) release - environnement selected (default: dev) namespace - namespace selected (default: dev) branch - Git branch to build (default: main) target - make target (default: all) + build - build mode (default: true) oc-k8s stop -n [namespace] -r [release] -f [folder] folder - Helm config folder (required, default: .) release - environnement selected (default: dev) @@ -40,7 +41,7 @@ Usage: Help_DB() } -func Start(folder string, release string, namespace string, branch string, target string) error { +func Start(folder string, release string, namespace string, branch string, target string, build bool) error { Stop(folder, release, namespace) if err := Create_K3S(); err != nil { return err @@ -48,7 +49,7 @@ func Start(folder string, release string, namespace string, branch string, targe if err := Create_Cluster(folder, release); err != nil { return err } - if err := Create_Service(folder, release, branch, target); err != nil { + if err := Create_Service(folder, release, branch, target, build); err != nil { return err } if err := Create_Helm(folder, release, namespace); err != nil { diff --git a/internal/helm.go b/internal/helm.go index 121a65c..5268832 100644 --- a/internal/helm.go +++ b/internal/helm.go @@ -51,6 +51,7 @@ func Create_Helm(folder string, release string, namespace string) error { return err } ExtractTrees("assets", tmp) + defer os.RemoveAll(tmp) host := "beta.opencloud.com" if b, err := os.ReadFile(folder + "/" + release + "-values.yaml"); err == nil { @@ -68,25 +69,21 @@ func Create_Helm(folder string, release string, namespace string) error { if err := utils.Exec("helm dependency build " + tmp); err != nil { return err } - utils.Exec("sudo ulimit -n 1000000") - - utils.Exec("helm repo add jetstack https://charts.jetstack.io") - utils.Exec("helm repo update") utils.Exec("kubectl apply -f https://github.com/cert-manager/cert-manager/releases/latest/download/cert-manager.crds.yaml") - utils.Exec("helm repo add jetstack https://charts.jetstack.io") - utils.Exec("helm repo update") - utils.Exec("helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.14.0") + utils.Exec("helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.14.0") utils.Exec("helm install admiralty oci://public.ecr.aws/admiralty/admiralty --namespace admiralty --create-namespace --version 0.17.0 --wait") - utils.Exec("helm repo add argo https://argoproj.github.io/argo-helm") - utils.Exec("helm repo update") utils.Exec("helm install argo-workflows argo/argo-workflows --namespace argo --create-namespace") + utils.Exec("helm repo add jetstack https://charts.jetstack.io") + utils.Exec("helm repo add argo https://argoproj.github.io/argo-helm") + + utils.Exec("helm repo update") + if err := utils.Exec("helm upgrade --install " + release + " " + tmp + " -n " + namespace + " --create-namespace -f " + folder + "/" + release + "-values.yaml --debug"); err != nil { return err } - utils.Exec("sudo rm -rf " + tmp) utils.Exec("sudo sed -i.bak \"\n/[[:space:]]" + host + "$/d\" /etc/hosts") utils.Exec("echo \"\n127.0.0.1 " + host + "\" | sudo tee -a /etc/hosts > /dev/null") @@ -99,8 +96,8 @@ func Upgrade_Helm(folder string, release string, namespace string) error { fmt.Println(err) return err } - defer os.RemoveAll(tmp) ExtractTrees("assets", tmp) + defer os.RemoveAll(tmp) Delete_Cluster(folder, release) diff --git a/internal/k3s.go b/internal/k3s.go index 2e29d6e..78778a6 100644 --- a/internal/k3s.go +++ b/internal/k3s.go @@ -34,7 +34,7 @@ func Install_K3S() error { } func Create_K3S() error { - utils.Exec("yes | sudo cp -rf /etc/rancher/k3s/k3s.yaml ~/.kube/config") + utils.Exec("sudo cp -rf /etc/rancher/k3s/k3s.yaml ~/.kube/config") utils.Exec("chmod 700 /home/mr/.kube") return utils.Exec("chmod 600 ~/.kube/config") } diff --git a/internal/services.go b/internal/services.go index 4682251..10d67a7 100644 --- a/internal/services.go +++ b/internal/services.go @@ -20,6 +20,8 @@ var REPOS = []string{ "oc-workspace", } +var officialRegistry = "opencloudregistry" + func Help_Service() { fmt.Println(` Service commands: oc-k8s services @@ -27,15 +29,25 @@ Service commands: oc-k8s services help - Show this help message Usage: - oc-k8s create services -f [env_folder] -r [release] -b [branch] -t [target] + oc-k8s create services -f [env_folder] -r [release] -b [branch] -t [target] -build [true|false] env_folder - Helm config folder (required, default: .) release - Release values name (required, default: dev) branch - Git branch to build (default: main) target - make target (default: all) + build - build mode (default: true) oc-k8s help services `) } -func Create_Service(folder string, release string, branch string, target string) error { +func Create_Service(folder string, release string, branch string, target string, build bool) error { + if build { + return buildService(folder, release, branch, target) + } + utils.Exec("sed -i -e 's/: oc/: " + officialRegistry + "/g' " + folder + "/" + release + "-values.yaml") + return nil +} + +func buildService(folder string, release string, branch string, target string) error { + utils.Exec("sed -i -e 's/" + officialRegistry + "/oc/g' " + folder + "/" + release + "-values.yaml") scheme := "http" hostname := "beta.opencloud.com" clusterName := "opencloud" @@ -62,7 +74,7 @@ func Create_Service(folder string, release string, branch string, target string) } } fmt.Println("Repository '" + repo + "' now exists. Pulling latest changes...") - utils.Exec("cd " + repo + " && git checkout " + branch + " && git pull") + utils.Exec("cd " + repo + " && git pull") // " && git checkout " + branch + fmt.Println("Build '" + repo + "'...") if err := utils.Exec("cd " + repo + " && export CLUSTER_NAME=" + clusterName + " && export HOST=" + scheme + "://" + hostname + ":" + pport + " && export KUBERNETES_SERVICE_HOST=" + host + " && export KUBERNETES_SERVICE_PORT=" + port + " && export KUBE_CA=" + ca + " && export KUBE_CERT=" + cert + " && export KUBE_DATA=" + key + " && make " + target); err != nil { fmt.Println("ERR", err) @@ -72,3 +84,5 @@ func Create_Service(folder string, release string, branch string, target string) } return nil } + +// opencloudregistry.hub.docker.com diff --git a/utils/assets/templates/oc-catalog/deployment.yaml b/utils/assets/templates/oc-catalog/deployment.yaml index 052cf07..ef99c65 100644 --- a/utils/assets/templates/oc-catalog/deployment.yaml +++ b/utils/assets/templates/oc-catalog/deployment.yaml @@ -15,11 +15,6 @@ spec: labels: app: oc-catalog spec: - volumes: - - name: oc-pem - secret: - secretName: oc-peer-pem - optional: true {{- if or (eq .Values.env "prod") (eq .Values.env "staging") }} imagePullSecrets: - name: regcred @@ -31,6 +26,9 @@ spec: - configMapRef: name: opencloud-config ports: + - containerPort: 4002 + name: libp2p + protocol: TCP - name: http containerPort: 8080 protocol: TCP @@ -47,8 +45,4 @@ spec: port: 8080 initialDelaySeconds: 10 periodSeconds: 30 - volumeMounts: - - name: oc-pem - mountPath: /app/pem - readOnly: true {{- end }} \ No newline at end of file diff --git a/utils/assets/templates/oc-catalog/service.yaml b/utils/assets/templates/oc-catalog/service.yaml index 3a8dc4d..feedf2b 100644 --- a/utils/assets/templates/oc-catalog/service.yaml +++ b/utils/assets/templates/oc-catalog/service.yaml @@ -7,6 +7,9 @@ metadata: app: oc-catalog-svc spec: ports: + - port: 4002 + targetPort: 4002 + name: libp2p - name: http port: 8080 protocol: TCP diff --git a/utils/assets/templates/oc-peer/deployment.yaml b/utils/assets/templates/oc-peer/deployment.yaml index a412190..7594b2f 100644 --- a/utils/assets/templates/oc-peer/deployment.yaml +++ b/utils/assets/templates/oc-peer/deployment.yaml @@ -19,21 +19,12 @@ spec: imagePullSecrets: - name: regcred {{- end }} - volumes: - - name: oc-pem - secret: - secretName: oc-peer-pem - optional: true containers: - image: "{{ .Values.ocPeer.image }}" name: oc-peer envFrom: - configMapRef: name: opencloud-config - volumeMounts: - - name: oc-pem - mountPath: /app/pem - readOnly: true livenessProbe: httpGet: path: /oc/version @@ -41,6 +32,9 @@ spec: initialDelaySeconds: 10 periodSeconds: 30 ports: + - containerPort: 4001 + name: libp2p + protocol: TCP - name: http containerPort: 8080 protocol: TCP diff --git a/utils/assets/templates/oc-peer/service.yaml b/utils/assets/templates/oc-peer/service.yaml index ef85005..8bc99b5 100644 --- a/utils/assets/templates/oc-peer/service.yaml +++ b/utils/assets/templates/oc-peer/service.yaml @@ -7,6 +7,9 @@ metadata: app: oc-peer-svc spec: ports: + - port: 4001 + targetPort: 4001 + name: libp2p - name: http port: 8080 protocol: TCP diff --git a/utils/assets/templates/openCloudConf.yaml b/utils/assets/templates/openCloudConf.yaml index 0a5963e..491adf6 100644 --- a/utils/assets/templates/openCloudConf.yaml +++ b/utils/assets/templates/openCloudConf.yaml @@ -3,10 +3,13 @@ kind: ConfigMap metadata: name: opencloud-config data: + OC_NAME: "{{ .Values.host }}" + OC_HOSTNAME: "{{ .Values.scheme }}://{{ .Values.host }}:{{ .Values.hostPort }}" OC_NAMESPACE: "{{ .Release.Namespace }}" OC_ADMIN_ROLE: "{{ .Values.ocAuth.keto.adminRole }}" - OC_PUBLIC_KEY_PATH: "/keys/public/public.pem" - OC_PRIVATE_KEY_PATH: "/keys/private/private.pem" + OC_PSK_PATH: "/etc/psk/psk" + OC_PUBLIC_KEY_PATH: "/etc/keys/public.pem" + OC_PRIVATE_KEY_PATH: "/etc/keys/private.pem" OC_OAUTH2_CLIENT_SECRET_NAME: "{{ .Values.ocAuth.hydra.openCloudOauth2ClientSecretName }}" OC_AUTH: "{{ .Values.ocAuth.authType }}" OC_AUTH_CONNECTOR_HOST: "{{ .Release.Name }}-hydra-admin.{{ .Release.Namespace }}" @@ -21,6 +24,7 @@ data: OC_LDAP_BINDDN: "{{ index .Values.ocAuth.ldap.bindDn }}" OC_LDAP_BINDPW: "{{ index .Values.ocAuth.ldap.binPwd }}" OC_LDAP_BASEDN: "{{ index .Values.ocAuth.ldap.baseDn }}" + OC_LDAP_USER_BASEDN: "{{ index .Values.ocAuth.ldap.userBaseDn }}" OC_LDAP_ROLE_BASEDN: "{{ index .Values.ocAuth.ldap.roleBaseDn }}" OC_MONGO_URL: "mongodb://{{ index .Values.mongodb.auth.rootUser }}:{{ index .Values.mongodb.auth.rootPassword }}@{{ .Release.Name }}-mongodb.{{ .Release.Namespace }}:27017/{{ index .Values.mongodb.auth.databases 0 }}" OC_MONGO_DATABASE: "{{ index .Values.mongodb.auth.databases 0 }}" diff --git a/utils/assets/values.yaml.template b/utils/assets/values.yaml.template index 0896269..5d26318 100644 --- a/utils/assets/values.yaml.template +++ b/utils/assets/values.yaml.template @@ -74,7 +74,7 @@ nats: # if you already created the claim, set existingClaim: existingClaim: nats-pvc # storageClassName: local-path or standard (use the SC in your cluster) - storageClassName: ${OC_NATS_STORAGE:-""} + storageClassName: ${OC_NATS_STORAGE:-standard} size: ${OC_NATS_SIZE:-50Gi} # name is the volume name used in volumeMounts; keep it simple name: nats-jetstream @@ -96,9 +96,9 @@ openldap: LDAP_BACKEND: "mdb" LDAP_TLS: "${OC_LDAP_TLS:-false}" LDAP_TLS_ENFORCE: "${OC_LDAP_TLS:-false}" - LDAP_REMOVE_CONFIG_AFTER_SETUP: "false" - adminPassword: "{SSHA}${OC_LDAP_ADMIN_PWD:-HMWJO7XCw80he2lqMf0PHzvvF14p6aLE}" - configPassword: "{SSHA}${OC_LDAP_CONFIG_PWD:-gr70yyCvtQo2zKe5OkvMkbkLRHUsVqOI}" + LDAP_REMOVE_CONFIG_AFTER_SETUP: "true" + adminPassword: ${OC_LDAP_ADMIN_PWD:-admin} + configPassword: ${OC_LDAP_CONFIG_PWD:-configadmin} phpldapadmin: enabled: false persistence: @@ -112,9 +112,9 @@ openldap: enabled: false externalLDAP: enabled: ${OC_LDAP_EXTERNAL:-false} - url: ${OC_LDAP_EXTERNAL_ENDPOINT} - bindDN: ${OC_LDAP_EXTERNAL_DN:-cn=admin,dc=opencloud,dc=com} - bindPassword: "{SSHA}${OC_LDAP_EXTERNAL_PWD:-HMWJO7XCw80he2lqMf0PHzvvF14p6aLE}" + url: ${OC_LDAP_EXTERNAL_ENDPOINT:-389} + bindDN: ${OC_LDAP_EXTERNAL_DN:-uid=admin,dc=opencloud,dc=com} + bindPassword: ${OC_LDAP_EXTERNAL_PWD:-admin} customLdifFiles: 01-schema.ldif: |- dn: ou=${OC_LDAP_GROUPS_OU:-groups},${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com} @@ -175,8 +175,8 @@ openldap: cn: Admin sn: Istrator uid: ${OC_LDAP_ADMIN_USER:-admin} - userPassword: "{SSHA}${OC_LDAP_ADMIN_PWD:-HMWJO7XCw80he2lqMf0PHzvvF14p6aLE}" - mail: admin@example.com + userPassword: {SSHA}${OC_LDAP_ADMIN_PWD:-HMWJO7XCw80he2lqMf0PHzvvF14p6aLE} + mail: ${OC_LDAP_ADMIN_MAIL:-morgane.roques@irt-saintexupery.com} ou: ${OC_LDAP_USERS_OU:-users} dn: ou=AppRoles,${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com} @@ -184,10 +184,10 @@ openldap: ou: AppRoles description: AppRoles - dn: ou=App1,ou=AppRoles,${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com} + dn: ou=${OC_LDAP_ORGANISATION:-Opencloud},ou=AppRoles,${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com} objectClass: organizationalunit - ou: App1 - description: App1 + ou: ${OC_LDAP_ORGANISATION:-Opencloud} + description: ${OC_LDAP_ORGANISATION:-Opencloud} prometheus: enabled: ${OC_PROMETHEUS_ENABLED:-true} @@ -300,7 +300,7 @@ loki: commonConfig: replication_factor: 1 storage: - storageClassName: standard + storageClassName: ${OC_LOKI_STORAGE:-standard} type: filesystem filesystem: chunks_directory: /var/loki/chunks @@ -339,7 +339,7 @@ loki: enabled: false # Deactivate loki auto provisioning, rely on existing PVC accessMode: ReadWriteOnce size: ${OC_LOKI_SIZE:-1Gi} - storageClassName: ${OC_LOKI_STORAGE:-"standard"} + storageClassName: ${OC_LOKI_STORAGE:-standard} create: false claimName: ${OC_LOKI_PVC:-loki-pvc} @@ -419,16 +419,17 @@ argo-workflows: ocAuth: enabled: ${OC_AUTH_ENABLED:-true} enableTraefikProxyIntegration: true - image: "${REGISTRY_HOST:-oc}/${OC_AUTH_IMAGE:-oc-auth:0.0.1}" + image: ${REGISTRY_HOST:-oc}/oc-auth:${OC_AUTH_IMAGE_VERSION:-0.0.1} authType: hydra keto: adminRole: admin hydra: - openCloudOauth2ClientSecretName: oc-oauth2-client-secret + openCloudOauth2ClientSecretName: opencloud-oauth2-client-secret ldap: - bindDn: ${OC_LDAP_MNGT_ADMIN_DN:-cn=admin,ou=users,dc=opencloud,dc=com} + bindDn: ${OC_LDAP_MNGT_ADMIN_DN:-cn=admin,dc=opencloud,dc=com} binPwd: ${OC_LDAP_ADMIN_PWD:-admin} baseDn: ${OC_LDAP_MNGT_DN:-dc=opencloud,dc=com} + userBaseDn: ${OC_LDAP_USER_DN:-ou=users,dc=opencloud,dc=com} roleBaseDn: ${OC_LDAP_ROLE_DN:-ou=AppRoles,dc=opencloud,dc=com} resources: limits: @@ -447,7 +448,7 @@ ocAuth: ocFront: enabled: ${OC_FRONT_ENABLED:-true} enableTraefikProxyIntegration: true - image: "${REGISTRY_HOST:-oc}/${OC_FRONT_IMAGE:-oc-front:0.0.1}" + image: ${REGISTRY_HOST:-oc}/oc-front:${OC_FRONT_IMAGE_VERSION:-0.0.1} resources: limits: cpu: ${OC_FRONT_LIMITS_CPU:-128m} @@ -465,7 +466,7 @@ ocFront: ocWorkspace: enabled: ${OC_WORKSPACE_ENABLED:-true} enableTraefikProxyIntegration: true - image: "${REGISTRY_HOST:-oc}/${OC_WORKSPACE_IMAGE:-oc-workspace:0.0.1}" + image: ${REGISTRY_HOST:-oc}/oc-workspace:${OC_WORKSPACE_IMAGE_VERSION:-0.0.1} resources: limits: cpu: ${OC_WORKSPACE_LIMITS_CPU:-128m} @@ -484,7 +485,7 @@ ocWorkspace: ocShared: enabled: ${OC_SHARED_ENABLED:-true} enableTraefikProxyIntegration: true - image: "${REGISTRY_HOST:-oc}/${OC_SHARED_IMAGE:-oc-shared:0.0.1}" + image: ${REGISTRY_HOST:-oc}/oc-shared:${OC_SHARED_IMAGE_VERSION:-0.0.1} resources: limits: cpu: ${OC_SHARED_LIMITS_CPU:-128m} @@ -502,7 +503,7 @@ ocShared: ocWorkflow: enabled: ${OC_WORKFLOW_ENABLED:-true} enableTraefikProxyIntegration: true - image: "${REGISTRY_HOST:-oc}/${OC_WORKFLOW_IMAGE:-oc-workflow:0.0.1}" + image: ${REGISTRY_HOST:-oc}/oc-workflow:${OC_WORKFLOW_IMAGE_VERSION:-0.0.1} resources: limits: cpu: ${OC_WORKFLOW_LIMITS_CPU:-128m} @@ -520,7 +521,7 @@ ocWorkflow: ocCatalog: enabled: ${OC_CATALOG_ENABLED:-true} enableTraefikProxyIntegration: true - image: "${REGISTRY_HOST:-oc}/${OC_CATALOG_IMAGE:-oc-catalog:0.0.1}" + image: ${REGISTRY_HOST:-oc}/oc-catalog:${OC_CATALOG_IMAGE_VERSION:-0.0.1} resources: limits: cpu: ${OC_CATALOG_LIMITS_CPU:-128m} @@ -538,7 +539,7 @@ ocCatalog: ocPeer: enabled: ${OC_PEER_ENABLED:-true} enableTraefikProxyIntegration: true - image: "${REGISTRY_HOST:-oc}/${OC_PEER_IMAGE:-oc-peer:0.0.1}" + image: ${REGISTRY_HOST:-oc}/oc-peer:${OC_PEER_IMAGE_VERSION:-0.0.1} resources: limits: cpu: ${OC_PEER_LIMITS_CPU:-128m} @@ -556,7 +557,7 @@ ocPeer: ocDatacenter: enabled: ${OC_DATACENTER_ENABLED:-true} enableTraefikProxyIntegration: true - image: "${REGISTRY_HOST:-oc}/${OC_DATACENTER_IMAGE:-oc-datacenter:0.0.1}" + image: ${REGISTRY_HOST:-oc}/oc-datacenter:${OC_DATACENTER_IMAGE_VERSION:-0.0.1} resources: limits: cpu: ${OC_DATACENTER_LIMITS_CPU:-128m} @@ -574,7 +575,7 @@ ocDatacenter: ocSchedulerd: enabled: ${OC_SCHEDULERD_ENABLED:-true} enableTraefikProxyIntegration: true - image: "${REGISTRY_HOST:-oc}/${OC_SCHEDULERD_IMAGE:-oc-schedulerd:0.0.1}" + image: ${REGISTRY_HOST:-oc}/oc-schedulerd:${OC_SCHEDULERD_IMAGE_VERSION:-0.0.1} resources: limits: cpu: ${OC_SCHEDULERD_LIMITS_CPU:-128m} @@ -592,7 +593,7 @@ ocSchedulerd: ocScheduler: enabled: ${OC_SCHEDULER_ENABLED:-true} enableTraefikProxyIntegration: true - image: "${REGISTRY_HOST:-oc}/${OC_SCHEDULER_IMAGE:-oc-scheduler:0.0.1}" + image: ${REGISTRY_HOST:-oc}/oc-scheduler:${OC_SCHEDULER_IMAGE_VERSION:-0.0.1} resources: limits: cpu: ${OC_SCHEDULER_LIMITS_CPU:-128m} @@ -621,7 +622,6 @@ docker-registry-ui: claimName: docker-registry-pvc persistence: create: false - storageClassName: standard existingClaim: docker-registry-pvc accessMode: ReadWriteOnce storage: ${OC_DOCKER_REGISTRY_SIZE:-5Gi}