├── .editorconfig
├── .github
└── workflows
│ ├── backend-action.yml
│ └── frontend-action.yml
├── .gitignore
├── .project
├── .settings
├── org.eclipse.core.resources.prefs
└── org.eclipse.m2e.core.prefs
├── .vscode
└── settings.json
├── README.adoc
├── cluster
├── .dockerignore
├── .env
├── Dockerfile
├── Makefile
├── env
│ ├── HELP.md
│ ├── cmdline
│ └── passwords
├── inventory
│ ├── host_vars
│ │ └── cloud-vars.example
│ └── hosts.example
└── project
│ ├── ansible.cfg
│ ├── bin
│ └── .gitkeep
│ ├── playbook.yml
│ ├── requirements.txt
│ ├── requirements.yml
│ └── roles
│ └── hybrid_cloud_demo
│ ├── defaults
│ └── main.yml
│ ├── files
│ └── argocd
│ │ ├── app_core.yaml
│ │ ├── app_knative_backend.yaml
│ │ ├── app_knative_frontend.yaml
│ │ ├── app_pipelines.yaml
│ │ ├── app_rbac.yaml
│ │ ├── app_repositories.yaml
│ │ ├── app_skupper.yaml
│ │ ├── app_van.yaml
│ │ ├── app_vanilla_backend.yaml
│ │ ├── app_vanilla_frontend.yaml
│ │ ├── backend_app_pipelines.yaml
│ │ ├── frontend_app_pipelines.yaml
│ │ └── project_hybrid_cloud.yaml
│ └── tasks
│ ├── argocd_app_status.yml
│ ├── argocd_apps.yml
│ ├── main.yml
│ └── tektoncd_add_tasks.yml
├── k8s
├── core
│ ├── kustomization.yaml
│ └── namespace.yaml
├── pipelines
│ ├── backend
│ │ ├── backend-github-triggerbindings.yaml
│ │ ├── backend-ksvc-trigger-template.yaml
│ │ ├── hcdb-github-webhook.yaml
│ │ └── kustomization.yaml
│ ├── frontend
│ │ ├── frontend-github-triggerbindings.yaml
│ │ ├── frontend-svc-trigger-template.yaml
│ │ ├── hcdf-github-webhook.yaml
│ │ └── kustomization.yaml
│ ├── image-updater.yaml
│ ├── ksvc-deploy.yaml
│ ├── kustomization.yaml
│ ├── nexus.yaml
│ ├── openshift-cli-deploy-task.yaml
│ ├── pvcs.yaml
│ ├── settings.xml
│ └── svc-deploy.yaml
├── rbac
│ ├── hybrid-cloud-demo.yaml
│ ├── kustomization.yaml
│ ├── skupper-site-controller.yaml
│ ├── tekton-triggers-admin.yaml
│ └── tekton-triggers-webhook.yaml
├── skupper
│ ├── aws
│ │ └── kustomization.yaml
│ ├── azr
│ │ └── kustomization.yaml
│ ├── base
│ │ ├── controller.yaml
│ │ └── kustomization.yaml
│ └── gcp
│ │ └── kustomization.yaml
└── van
│ ├── kustomization.yaml
│ └── site-token.yaml
└── provision.sh
/.editorconfig:
--------------------------------------------------------------------------------
1 | root = true
2 |
3 | [*]
4 | indent_style = space
5 | indent_size = 2
6 | charset = utf-8
7 | trim_trailing_whitespace = false
8 | insert_final_newline = false
9 |
10 | [Makefile]
11 | indent_style = tab
--------------------------------------------------------------------------------
/.github/workflows/backend-action.yml:
--------------------------------------------------------------------------------
1 | name: backend
2 |
3 | on:
4 | push:
5 | branches:
6 | - master
7 | paths:
8 | - backend/**
9 | - .github/workflows/backend-action.yml
10 |
11 | jobs:
12 | build:
13 | runs-on: ubuntu-18.04
14 | steps:
15 | - name: Setup Java JDK
16 | uses: actions/setup-java@v1.3.0
17 | with:
18 | java-version: 11
19 | - name: Checkout project
20 | uses: actions/checkout@v2
21 | - name: Maven Build
22 | run: cd backend && ./mvnw package
23 |
--------------------------------------------------------------------------------
/.github/workflows/frontend-action.yml:
--------------------------------------------------------------------------------
1 | name: frontend
2 |
3 | on:
4 | push:
5 | branches:
6 | - master
7 | paths:
8 | - backend/**
9 | - .github/workflows/frontend-action.yml
10 |
11 | jobs:
12 | build:
13 | runs-on: ubuntu-18.04
14 | steps:
15 | - name: Setup Java JDK
16 | uses: actions/setup-java@v1.3.0
17 | with:
18 | java-version: 11
19 | - name: Checkout project
20 | uses: actions/checkout@v2
21 | - name: Maven Build
22 | run: cd frontend && ./mvnw package
23 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | target
2 | *.class
3 | token.yaml
4 | env/envvars
5 | env/extravars
6 | env/extravars.*
7 | !env/extravars.example
8 | project/keys
9 | !project/keys/README.md
10 | project/.ansible
11 | out/**
12 | !out/.gitkeep
13 | artifacts/**
14 | !artifacts/.gitkeep
15 | **/inventory/hostsdocs.old
16 | **/inventory/hosts.yml
17 | .cache
18 | cluster/inventory/hosts
19 | !cluster/inventory/hosts/hosts.example
20 | cluster/inventory/host_vars/*
21 | !cluster/inventory/host_vars/cloud-vars.example
22 | !hosts.yaml.example
23 | !cluster/project/playbook.yml
24 | **/.kube/*
25 | **/.ansible
26 | cluster/project/bin/*
27 | cluster/project/.argocd/*
28 | !cluster/project/bin/.gitkeep
29 | **/*.log
30 | **/.workshopper/**
--------------------------------------------------------------------------------
/.project:
--------------------------------------------------------------------------------
1 |
2 |
3 | hybrid-cloud-demo
4 |
5 |
6 |
7 |
8 |
9 | org.eclipse.m2e.core.maven2Builder
10 |
11 |
12 |
13 |
14 |
15 | org.eclipse.m2e.core.maven2Nature
16 |
17 |
18 |
--------------------------------------------------------------------------------
/.settings/org.eclipse.core.resources.prefs:
--------------------------------------------------------------------------------
1 | eclipse.preferences.version=1
2 | encoding/=UTF-8
3 |
--------------------------------------------------------------------------------
/.settings/org.eclipse.m2e.core.prefs:
--------------------------------------------------------------------------------
1 | activeProfiles=
2 | eclipse.preferences.version=1
3 | resolveWorkspaceProjects=true
4 | version=1
5 |
--------------------------------------------------------------------------------
/.vscode/settings.json:
--------------------------------------------------------------------------------
1 | {
2 | "json.schemas": [],
3 | "files.associations": {
4 | "**/Dockerfile.*": "dockerfile",
5 | "**/*.yml": "ansible"
6 | },
7 | "files.exclude": {
8 | "**/.git": true,
9 | "**/.svn": true,
10 | "**/.hg": true,
11 | "**/CVS": true,
12 | "**/.DS_Store": true,
13 | "**/.ansible": true
14 | },
15 | "files.watcherExclude": {
16 | "**/.git/objects/**": true,
17 | "**/.git/subtree-cache/**": true,
18 | "**/node_modules/**": true,
19 | "**/.hg/store/**": true,
20 | "**/.ansible": true
21 | },
22 | "java.configuration.updateBuildConfiguration": "automatic",
23 | "java.format.settings.url": "https://raw.githubusercontent.com/google/styleguide/gh-pages/eclipse-java-google-style.xml",
24 | "java.format.settings.profile": "GoogleStyle",
25 | "[java]": {
26 | "editor.defaultFormatter": "redhat.java",
27 | "editor.suggest.snippetsPreventQuickSuggestions": false
28 | }
29 | }
--------------------------------------------------------------------------------
/README.adoc:
--------------------------------------------------------------------------------
1 | = Hybrid Cloud
2 | :experimental:
3 | :cloud-1: gcp
4 | :cloud-1-weight: 0
5 | :cloud-2: azr
6 | :cloud-2-weight: 15
7 | :cloud-3: aws
8 | :cloud-3-weight: 20
9 |
10 | image:https://img.shields.io/badge/OpenShift-v4.5.x-red?style=for-the-badge[link=https://try.openshift.com]
11 | image:https://img.shields.io/badge/OpenShift%20Serverless-v1.10-red?style=for-the-badge[link=
12 | https://www.openshift.com/learn/topics/serverless]
13 | image:https://img.shields.io/badge/skupper-v0.3.0-red?style=for-the-badge[link=
14 | https://skupper.io]
15 |
16 | == Download Sources
17 |
18 | Lets use the following variables to refer to the source repositories :
19 |
20 | - *$HYBRID_CLOUD_HOME* -- https://github.com/redhat-developer-demos/hybrid-cloud-serverless
21 | - *$BACKEND_APP_HOME* -- https://github.com/redhat-developer-demos/hybrid-cloud-app-backend
22 | - *$FRONTEND_APP_HOME* -- https://github.com/redhat-developer-demos/hybrid-cloud-app-frontend
23 |
24 |
25 | [source,bash]
26 | ----
27 | git clone https://github.com/redhat-developer-demos/hybrid-cloud-serverless
28 | export HYBRID_CLOUD_HOME=`pwd`/hybrid-cloud-serverless
29 | git clone https://github.com/redhat-developer-demos/hybrid-cloud-app-backend
30 | export BACKEND_APP_HOME=`pwd`/hybrid-cloud-app-backend
31 | git clone https://github.com/redhat-developer-demos/hybrid-cloud-app-frontend
32 | export FRONTEND_APP_HOME=`pwd`/hybrid-cloud-app-frontend
33 | ----
34 |
35 | == Prerequisites
36 |
37 | * https://try.openshift.com[OpenShift4] cluster on three clouds with following components installed:
38 | ** https://www.openshift.com/learn/topics/serverless[OpenShift Serverless]
39 |
40 | * https://skupper.io/releases/index.html[skupper]
41 |
42 | * https://mikefarah.gitbook.io/yq/[yq]
43 |
44 | Let us call the OpenShift Clusters as *Cloud-1(`{cloud-1}`)*, *Cloud-2(`{cloud-2}`)* and *Cloud-3(`{cloud-3}`)*.
45 |
46 | The following table shows the cloud and what components gets installed on each of them:
47 |
48 | .Clouds and Components
49 | [cols="<2,^1,^1,^1", options="header"]
50 | |===
51 | | Component | Cloud-1 | Cloud-2 | Cloud-3
52 | | Cloud Provider | {cloud-1} | {cloud-2} | {cloud-3}
53 | | Backend | ✓ | ✓ | ✓
54 | | Frontend | ✓ | ❌ | ❌
55 | | Generate Site Token(`token.yaml`) | ✓ | ❌ | ❌
56 | | Weight | 0 | 15 | 20
57 | |===
58 |
59 | [NOTE]
60 | ====
61 | * You can use any cloud provider for any OpenShift4 supported cloud, the gcp/aws/azr is used in this example.
62 | * *Weight* controls how many requests that cloud can handle before skupper bursts them out to other clouds
63 | ====
64 |
65 | Before the `backend` or `frontend` applications are deployed, execute the following on *each cloud*:
66 |
67 | [source,bash]
68 | ----
69 | cd $HYBRID_CLOUD_HOME
70 | oc apply -k k8s/core
71 | oc project hybrid-cloud-demo
72 | oc apply -k k8s/rbac
73 | ----
74 |
75 | === Cloud-1
76 |
77 | === Add Image Streams
78 |
79 | [source,bash]
80 | ----
81 | oc import-image hybrid-cloud-backend --confirm --all --from quay.io/rhdevelopers/hybrid-cloud-demo-backend
82 | # set local lookup policy
83 | oc set image-lookup hybrid-cloud-backend
84 | oc import-image hybrid-cloud-frontend --confirm --all --from quay.io/rhdevelopers/hybrid-cloud-demo-frontend
85 | # set local lookup policy
86 | oc set image-lookup hybrid-cloud-frontend
87 | ----
88 |
89 | [source,bash,subs="macros+,attributes+"]
90 | ----
91 | oc apply -k k8s/skupper/{cloud-1}
92 | ----
93 |
94 | === Cloud-2
95 |
96 | === Add Image Streams
97 |
98 | [source,bash,subs="macros+,attributes+"]
99 | ----
100 | oc import-image hybrid-cloud-backend --confirm --all --from quay.io/rhdevelopers/hybrid-cloud-demo-backend
101 | # set local lookup policy
102 | oc set image-lookup hybrid-cloud-backend
103 | ----
104 |
105 | [source,bash,subs="macros+,attributes+"]
106 | ----
107 | oc apply -k k8s/skupper/{cloud-2}
108 | ----
109 |
110 | === Cloud-3
111 |
112 | === Add Image Streams
113 |
114 | [source,bash,subs="macros+,attributes+"]
115 | ----
116 | oc import-image hybrid-cloud-backend --confirm --all --from quay.io/rhdevelopers/hybrid-cloud-demo-backend
117 | # set local lookup policy
118 | oc set image-lookup hybrid-cloud-backend
119 | ----
120 |
121 | [source,bash,subs="macros+,attributes+"]
122 | ----
123 | oc apply -k k8s/skupper/{cloud-3}
124 | ----
125 |
126 | Run the following commands on *Cloud-1*, *Cloud-2* and *Cloud-3* to wait for skupper deployments to be ready:
127 |
128 | [source,bash,subs="macros+,attributes+"]
129 | ----
130 | oc rollout status deployment skupper-site-controller
131 | oc rollout status deployment skupper-router
132 | oc rollout status deployment skupper-service-controller
133 | ----
134 |
135 | == Backend Deployment
136 |
137 | On all clouds *Cloud-1*, *Cloud-2* and *Cloud-3*, run the following commands to deploy `Knative` backend:
138 |
139 | Deploy backend application(Knative):
140 |
141 | [source,bash,subs="macros+,attributes+"]
142 | ----
143 | cd $BACKEND_APP_HOME
144 | oc apply -k k8s/knative
145 | ----
146 |
147 | Run the following command to check the status:
148 |
149 | [source,bash,subs="macros+,attributes+"]
150 | ----
151 | oc get pods,svc,ksvc
152 | ----
153 |
154 | A successful deployments of `core`,`rbac`,`skupper` and `backend` components, should show an output like:
155 |
156 | [source,text]
157 | ----
158 | NAME READY STATUS RESTARTS AGE
159 | pod/hybrid-cloud-backend-p948k-deployment-b49c9569b-ggv8z 2/2 Running 0 26s
160 | pod/skupper-router-56c4544bbc-dhckt 3/3 Running 0 43m
161 | pod/skupper-service-controller-5bcf486799-v2hl2 2/2 Running 0 43m
162 | pod/skupper-site-controller-5cf967f858-z2dx8 1/1 Running 0 43m
163 |
164 | NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
165 | service/hybrid-cloud-backend ExternalName kourier-internal.knative-serving-ingress.svc.cluster.local 21s
166 | service/hybrid-cloud-backend-p948k ClusterIP 172.30.223.229 80/TCP 26s
167 | service/hybrid-cloud-backend-p948k-private ClusterIP 172.30.140.107 80/TCP,9090/TCP,9091/TCP,8022/TCP 26s
168 | service/hybrid-cloud-backend-skupper LoadBalancer 172.30.1.23 80:31554/TCP 29s
169 | service/skupper-controller ClusterIP 172.30.119.15 443/TCP 43m
170 | service/skupper-internal ClusterIP 172.30.205.136 55671/TCP,45671/TCP 43m
171 | service/skupper-messaging ClusterIP 172.30.14.214 5671/TCP 43m
172 | service/skupper-router-console ClusterIP 172.30.72.116 443/TCP 43m
173 |
174 | NAME URL LATESTCREATED LATESTREADY READY REASON
175 | service.serving.knative.dev/hybrid-cloud-backend http://hybrid-cloud-backend.hybrid-cloud-demo.svc.cluster.local hybrid-cloud-backend-p948k hybrid-cloud-backend-p948k True
176 | ----
177 |
178 | == Connecting Clouds
179 |
180 | On *Cloud-1*, run the following command to create `site-token` secret:
181 |
182 | [source,bash]
183 | ----
184 | cd $HYBRID_CLOUD_HOME
185 | oc apply -k k8s/van
186 | ----
187 |
188 | The `site-token` seceret will be used to connect clouds *Cloud-2* and *Cloud-3* to *Cloud-1* forming a _Virtual Application Network(VAN)_.
189 |
190 | Run the following command to export the `site-token` secret:
191 |
192 | [source,bash]
193 | ----
194 | oc get secret -n hybrid-cloud-demo site-token -o yaml > $HYBRID_CLOUD_HOME/token.yaml
195 | ----
196 |
197 | To connect *Cloud-2* and *Cloud-3* with *Cloud-1*, run the following command on *Cloud-2* and *Cloud-3*:
198 |
199 | === Cloud-2
200 |
201 | Make sure the *Cloud-2* starts to spill over after *4* requests in queue:
202 |
203 | [source,bash,subs="macros+,attributes+"]
204 | ----
205 | yq w $HYBRID_CLOUD_HOME/token.yaml 'metadata.annotations[skupper.io/cost]' --tag '!!str' {cloud-2-weight} | oc create -n hybrid-cloud-demo -f -
206 | ----
207 |
208 | === Cloud-3
209 |
210 | Make sure the *Cloud-3* starts to spill over after *2* requests in queue:
211 |
212 | [source,bash,subs="macros+,attributes+"]
213 | ----
214 | yq w $HYBRID_CLOUD_HOME/token.yaml 'metadata.annotations[skupper.io/cost]' --tag '!!str' {cloud-3-weight} | oc create -n hybrid-cloud-demo -f -
215 | ----
216 |
217 | A successfull connection can be verified using the following commands, on *Cloud-1*:
218 |
219 | [source,bash,subs="macros+,attributes+"]
220 | ----
221 | export SKUPPER_POD=$(oc get pods --selector=application=skupper-router -ojsonpath='{.items[0].metadata.name}')
222 | kubectl exec -it $SKUPPER_POD -- qdmanage query --type node
223 | ----
224 |
225 | The command should show an output as shown below:
226 |
227 | [source,json,subs="macros+,attributes+"]
228 | ----
229 | [
230 | {
231 | "index": 0,
232 | "nextHop": "(self)",
233 | "name": "router.node/hybrid-cloud-gcp-skupper-router-7b9fcf9575-knrsd",
234 | "validOrigins": [],
235 | "linkState": [
236 | "hybrid-cloud-azr-skupper-router-675cb597fc-75g2x",
237 | "hybrid-cloud-aws-skupper-router-5946d4544f-mgswf"
238 | ],
239 | "instance": 1599839762,
240 | "identity": "router.node/hybrid-cloud-gcp-skupper-router-7b9fcf9575-knrsd",
241 | "protocolVersion": 1,
242 | "lastTopoChange": 1599840055,
243 | "type": "org.apache.qpid.dispatch.router.node",
244 | "id": "hybrid-cloud-gcp-skupper-router-7b9fcf9575-knrsd",
245 | "address": "amqp:/_topo/0/hybrid-cloud-gcp-skupper-router-7b9fcf9575-knrsd"
246 | },
247 | {
248 | "routerLink": 0,
249 | "name": "router.node/hybrid-cloud-aws-skupper-router-5946d4544f-mgswf",
250 | "index": 1,
251 | "validOrigins": [
252 | "hybrid-cloud-azr-skupper-router-675cb597fc-75g2x"
253 | ],
254 | "protocolVersion": 1,
255 | "linkState": [
256 | "hybrid-cloud-gcp-skupper-router-7b9fcf9575-knrsd"
257 | ],
258 | "instance": 1599840049,
259 | "cost": {cloud-2-weight},
260 | "address": "amqp:/_topo/0/hybrid-cloud-aws-skupper-router-5946d4544f-mgswf",
261 | "type": "org.apache.qpid.dispatch.router.node",
262 | "id": "hybrid-cloud-aws-skupper-router-5946d4544f-mgswf",
263 | "identity": "router.node/hybrid-cloud-aws-skupper-router-5946d4544f-mgswf"
264 | },
265 | {
266 | "routerLink": 1,
267 | "name": "router.node/hybrid-cloud-azr-skupper-router-675cb597fc-75g2x",
268 | "index": 2,
269 | "validOrigins": [
270 | "hybrid-cloud-aws-skupper-router-5946d4544f-mgswf"
271 | ],
272 | "protocolVersion": 1,
273 | "linkState": [
274 | "hybrid-cloud-gcp-skupper-router-7b9fcf9575-knrsd"
275 | ],
276 | "instance": 1599840051,
277 | "cost": {cloud-3-weight},
278 | "address": "amqp:/_topo/0/hybrid-cloud-azr-skupper-router-675cb597fc-75g2x",
279 | "type": "org.apache.qpid.dispatch.router.node",
280 | "id": "hybrid-cloud-azr-skupper-router-675cb597fc-75g2x",
281 | "identity": "router.node/hybrid-cloud-azr-skupper-router-675cb597fc-75g2x"
282 | }
283 | ]
284 | ----
285 |
286 | == Verify Status
287 |
288 | === Cloud-1
289 |
290 | Running `skupper status` on the clouds should show the following output:
291 |
292 | [source,text]
293 | ----
294 | Skupper is enabled for namespace '"hybrid-cloud-demo" in interior mode'. It is connected to 2 other sites. It has 1 exposed service.
295 | ----
296 |
297 | === Cloud-2
298 |
299 | Running `skupper status` on the clouds should show the following output:
300 |
301 | [source,text]
302 | ----
303 | Skupper is enabled for namespace '"hybrid-cloud-demo" in interior mode'. It is connected to 2 other sites (1 indirectly). It has 1 exposed service.
304 | ----
305 |
306 | === Cloud-3
307 |
308 | Running `skupper status` on the clouds should show the following output:
309 |
310 | [source,text]
311 | ----
312 | Skupper is enabled for namespace '"hybrid-cloud-demo" in interior mode'. It is connected to 2 other sites (1 indirectly). It has 1 exposed service.
313 | ----
314 |
315 | [NOTE]
316 | ====
317 | Since *Cloud-1* is where we generated the `site-token` secret to connect to other sites, makes it directly connected to other clouds *Cloud-2* and *Cloud-3*. For other clouds you will see one direct to *Cloud-1* and one indirect connection to other cloud.
318 | ====
319 |
320 | == Verify Exposed Services
321 |
322 | You can verify that, in *all* connected clouds running the following command `skupper list-exposed` shows the following output:
323 |
324 | When `Knative` backend was deployed:
325 |
326 | [source,bash]
327 | ----
328 | Services exposed through Skupper:
329 | hybrid-cloud-backend-skupper (http port 80) with targets
330 | => hybrid-cloud-backend.hybrid-cloud-demo name=hybrid-cloud-backend.hybrid-cloud-demo
331 | ----
332 |
333 | When standard Kubernetes (vanilla) backend was deployed:
334 |
335 | [source,bash]
336 | ----
337 | Services exposed through Skupper:
338 | hybrid-cloud-backend (http port 80) with targets
339 | => hybrid-cloud-backend.hybrid-cloud-demo name=hybrid-cloud-backend.hybrid-cloud-demo
340 | ----
341 |
342 | == Frontend Deployment
343 |
344 | On *Cloud-1* deploy the *frontend* by running the following command:
345 |
346 | [source,bash]
347 | ----
348 | cd $FRONTEND_APP_HOME
349 | oc apply -k k8s/knative
350 | ----
351 |
352 | Get the URL to access the frontend application:
353 |
354 | [source,bash]
355 | ----
356 | export API_URL=http://$(oc get route -n hybrid-cloud-demo hybrid-cloud-frontend -ojsonpath='{.spec.host}')
357 | ----
358 |
359 | == Burst Testing
360 |
361 | It is possible to verify the brust without user input using the following https://github.com/rakyll/hey[hey] scripts:
362 |
363 | === Cloud-1 burst to Cloud-2
364 |
365 | In order to burst from Cloud-1 to Cloud-2, you need to send atleast `{cloud-2-weight}` requests to the API:
366 |
367 | [source,bash,subs="macros+,attributes+"]
368 | ----
369 | hey -z 2s -c 20 -m POST -d '{"text": "1+2","uppercase": false,"reverse": false}' -H "Content-Type: application/json" $API_URL/api/send-request
370 | ----
371 |
372 | === Cloud-1 burst to Cloud-2 burst to Cloud-3
373 |
374 | In order to burst from Cloud-1 to Cloud-2, you need to send atleast `{cloud-2-weight} + {cloud-3-weight} = 35` requests to the API:
375 |
376 | [source,bash,subs="macros+,attributes+"]
377 | ----
378 | hey -z 2s -c 35 -m POST -d '{"text": "1+2+3","uppercase": false,"reverse": false}' -H "Content-Type: application/json" $API_URL/api/send-request
379 | ----
380 |
--------------------------------------------------------------------------------
/cluster/.dockerignore:
--------------------------------------------------------------------------------
1 | *
2 | !project/requirements.txt
3 | !project/requirements.yml
--------------------------------------------------------------------------------
/cluster/.env:
--------------------------------------------------------------------------------
1 | #Put any environment variables that need to be available inside runner container
2 |
--------------------------------------------------------------------------------
/cluster/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM docker.io/ansible/ansible-runner
2 |
3 | ADD project/requirements.txt /runner/project/requirements.txt
4 | ADD project/requirements.yml /runner/project/requirements.yml
5 |
6 | RUN dnf -y install git \
7 | && pip3 install --user -r /runner/project/requirements.txt \
8 | && ansible-galaxy role install -r /runner/project/requirements.yml \
9 | && ansible-galaxy collection install -r /runner/project/requirements.yml \
10 | && dnf -y clean all
11 |
12 | ENTRYPOINT ["entrypoint"]
13 |
14 | CMD ["ansible-runner","run","-p","playbook.yml","/runner"]
--------------------------------------------------------------------------------
/cluster/Makefile:
--------------------------------------------------------------------------------
1 | ENV_FILE := .env
2 | include ${ENV_FILE}
3 | export $(shell sed 's/=.*//' ${ENV_FILE})
4 | CURRENT_DIR = $(shell pwd)
5 | ANSIBLE_RUNNER_IMAGE := example/ansible-runner
6 |
7 | .PHONY: build
8 | build:
9 | @docker build --no-cache -t example/ansible-runner .
10 |
11 | .PHONY: run
12 | run:
13 | @docker run -it \
14 | -v $(CURRENT_DIR)/project:/runner/project:z \
15 | -v $(CURRENT_DIR)/.workshopper:/runner/.workshopper:z \
16 | -v $(CURRENT_DIR)/project/bin:/runner/project/bin:z \
17 | -v $(CURRENT_DIR)/project/.argocd:/runner/.argocd:z \
18 | -v $(CURRENT_DIR)/inventory:/runner/inventory:z \
19 | -v $(CURRENT_DIR)/env:/runner/env:z \
20 | --env-file $(CURRENT_DIR)/.env \
21 | $(ANSIBLE_RUNNER_IMAGE)
22 |
23 |
24 |
--------------------------------------------------------------------------------
/cluster/env/HELP.md:
--------------------------------------------------------------------------------
1 | # env
2 |
3 | ## extravars
4 |
5 | Before using this extravars, Copy the file `extravars.exampl`e to `extavars`.
6 |
7 | To know more on what files allowed in this directory, refer to [Ansible Runner modules](https://ansible-runner.readthedocs.io/en/latest/intro.html#modules).
8 |
--------------------------------------------------------------------------------
/cluster/env/cmdline:
--------------------------------------------------------------------------------
1 | --skip-tags tektoncd
--------------------------------------------------------------------------------
/cluster/env/passwords:
--------------------------------------------------------------------------------
1 | ---
2 | '^Provide the full path to KUBECONFIG:$': /runner/inventory/gcp.kubeconfig
3 | '^Enter the OpenShift target cloud e.g. gcp, aws, azr:$': gcp
4 | '^OpenShift Admin 'ocpadmin' Password:$": ma6$shMellow
5 | '^Default User Password:$': password
--------------------------------------------------------------------------------
/cluster/inventory/host_vars/cloud-vars.example:
--------------------------------------------------------------------------------
1 | # DONT CHANGE THIS
2 | ansible_host: localhost
3 |
4 | #The OpenShift API Server
5 | api_server:
6 |
7 | #The OpenShift Admin User to use for installing operators
8 | # When doing for first time usually kubeadmin
9 | openshift_admin_user:
10 |
11 | #The OpenShift Admin User password, when doing for first time
12 | #this is usually kubeadmin password
13 | openshift_admin_password:
14 |
15 | #The OpenShift Cloud Profile azr, aws, gcp or ibm
16 | cloud_profile:
17 |
18 | #If creating extra admin user the password to use
19 | ocpadmin_password: adminPa55word!
20 |
21 | #If creating extra users,the user default password
22 | user_password: pa55word!
23 |
24 | #####################
25 | ### Hybrid Cloud Application Configuration
26 | #####################
27 | #type of backend application knative or vanilla
28 | backend_type: knative
29 |
30 | #The application components that cloud will be tagged to
31 | #backend and frontend:
32 | #tiers: ["frontend","backend]
33 | #only backend:
34 | #tiers: ["backend"]
35 | tiers: ["backend"]
36 |
37 | #The Cloud where Skupper Site token will be created
38 | #possible values yes or no
39 | create_site_token: no
--------------------------------------------------------------------------------
/cluster/inventory/hosts.example:
--------------------------------------------------------------------------------
1 | ;Google Cloud
2 | gcp
3 | ;AWS
4 | ;aws
5 | ;Azure
6 | ;azr
7 | ;IBM Cloud
8 | ;ibm
9 |
--------------------------------------------------------------------------------
/cluster/project/ansible.cfg:
--------------------------------------------------------------------------------
1 | [defaults]
2 | inventory_ignore_extensions = .kubeconfig, .md, .example
3 | log_path = /runner/project/ansible.log
--------------------------------------------------------------------------------
/cluster/project/bin/.gitkeep:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/redhat-developer-demos/hybrid-cloud-serverless/c8c681be44e6551ed50bd089cace28c2206dc780/cluster/project/bin/.gitkeep
--------------------------------------------------------------------------------
/cluster/project/playbook.yml:
--------------------------------------------------------------------------------
1 | # - name: Test
2 | # hosts: gcp
3 | # connection: local
4 |
5 | # vars:
6 | # ansible_python_interpreter: '{{ ansible_playbook_python }}'
7 |
8 | # tasks:
9 |
10 | # - debug: msg="deploy knative backend"
11 | # when: "'backend' in tiers and 'knative' in backend_type|lower"
12 |
13 | # - debug: msg="deploy vanilla backend"
14 | # when: "'backend' in tiers and 'knative' not in backend_type|lower"
15 |
16 | # - debug: msg="deploy frontend"
17 | # when: "'frontend' in tiers"
18 |
19 | # - fail:
20 | # msg: "Test over"
21 |
22 | - name: "Hybrid Cloud Demo::Prepare for Play"
23 | hosts: all
24 | connection: local
25 |
26 | vars:
27 | ansible_python_interpreter: '{{ ansible_playbook_python }}'
28 | verify_certs: False
29 |
30 | pre_tasks:
31 | - name: OpenShift LogIn
32 | community.kubernetes.k8s_auth:
33 | host: "{{ api_server }}"
34 | username: "{{ openshift_admin_user }}"
35 | password: "{{ openshift_admin_password }}"
36 | validate_certs: "{{ verify_certs }}"
37 | register: k8s_auth_results
38 |
39 | - name: Set OpenShift Auth Key
40 | set_fact:
41 | k8s_auth_api_key: "{{ k8s_auth_results.k8s_auth.api_key }}"
42 |
43 | - name: "Hybrid Cloud Demo::Configure, Setup and Deploy"
44 | hosts: all
45 | connection: local
46 |
47 | vars:
48 | ansible_python_interpreter: '{{ ansible_playbook_python }}'
49 | verify_certs: False
50 | install_operators: True
51 | ocp_version: 4.5.6
52 | download_clients: False
53 | deploy_serverless: True
54 | deploy_pipelines: True
55 | deploy_argocd: True
56 | argocd_namespace: argocd
57 | argocd_manifests_dir: argocd
58 | # The name of the Argo CD CR - default from kameshsampath.openshift_app_spices is argocd-openshift-oauth
59 | argocd_cr_name: argocd-openshift-oauth
60 | htpasswdidp_name: htpasswdidp
61 | users:
62 | create: True
63 | start: 0
64 | end: 0
65 | prefix: user
66 |
67 | environment:
68 | - K8S_AUTH_HOST: "{{ api_server }}"
69 | - K8S_AUTH_VERIFY_SSL: "{{ verify_certs | default(no) }}"
70 | - K8S_AUTH_API_KEY: "{{ k8s_auth_api_key }}"
71 |
72 | roles:
73 | - role: kameshsampath.openshift_app_spices
74 | when: install_operators
75 | - role: hybrid_cloud_demo
76 |
77 | post_tasks:
78 | - name: OpenShift Logout (revoke access token)
79 | when: k8s_auth_results.k8s_auth.api_key is defined
80 | k8s_auth:
81 | state: absent
82 | host: "{{ api_server }}"
83 | validate_certs: "{{ verify_certs }}"
84 | api_key: "{{ k8s_auth_results.k8s_auth.api_key }}"
85 |
--------------------------------------------------------------------------------
/cluster/project/requirements.txt:
--------------------------------------------------------------------------------
1 | ansible==2.9.10
2 | cachetools==4.1.1
3 | certifi==2020.6.20
4 | cffi==1.14.0
5 | chardet==3.0.4
6 | cryptography==2.9.2
7 | google-auth==1.19.0
8 | idna==2.10
9 | Jinja2==2.11.2
10 | jmespath==0.10.0
11 | kubernetes==11.0.0
12 | MarkupSafe==1.1.1
13 | oauthlib==3.1.0
14 | openshift==0.11.2
15 | passlib==1.7.2
16 | pyasn1==0.4.8
17 | pyasn1-modules==0.2.8
18 | pycparser==2.20
19 | python-dateutil==2.8.1
20 | python-string-utils==1.0.0
21 | PyYAML==5.3.1
22 | requests==2.24.0
23 | requests-oauthlib==1.3.0
24 | rsa==4.6
25 | ruamel.yaml==0.16.10
26 | ruamel.yaml.clib==0.2.0
27 | six==1.15.0
28 | urllib3==1.25.9
29 | websocket-client==0.57.0
30 |
--------------------------------------------------------------------------------
/cluster/project/requirements.yml:
--------------------------------------------------------------------------------
1 | roles:
2 | - name: kameshsampath.openshift_app_spices
3 | src: https://github.com/kameshsampath/ansible-role-openshift-spices
4 | version: master
5 |
6 | collections:
7 | - name: community.kubernetes
8 | version: ">=1.0.0"
9 |
--------------------------------------------------------------------------------
/cluster/project/roles/hybrid_cloud_demo/defaults/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | argocd_namespace: argocd
3 | argocd_version: v1.6.2
4 |
5 | hybrid_cloud_git_repositories:
6 | - https://github.com/redhat-developer-demos/hybrid-cloud
7 | - https://github.com/redhat-developer-demos/hybrid-cloud-app-frontend
8 | - https://github.com/redhat-developer-demos/hybrid-cloud-app-backend
9 |
10 |
11 | # OpenShift Pipelines TP 1.1
12 | tektoncd_pipelines_version: v0.14.3
13 | tektoncd_triggers_version: v0.6.1
14 |
15 | tasks_dir: /tmp/tektoncd/tasks
16 |
17 | cluster_tasks:
18 | - name: buildah
19 | manifest_url: "https://raw.githubusercontent.com/tektoncd/catalog/master/task/buildah/0.1/buildah.yaml"
20 | - name: maven
21 | manifest_url: "https://raw.githubusercontent.com/tektoncd/catalog/master/task/maven/0.1/maven.yaml"
22 | - name: kn
23 | manifest_url: "https://raw.githubusercontent.com/tektoncd/catalog/master/task/kn/0.1/kn.yaml"
24 | - name: git-clone
25 | manifest_url: "https://raw.githubusercontent.com/tektoncd/catalog/master/task/git-clone/0.1/git-clone.yaml"
26 | - name: openshift-client
27 | manifest_url: "https://raw.githubusercontent.com/tektoncd/catalog/master/task/openshift-client/0.1/openshift-client.yaml"
28 |
29 |
--------------------------------------------------------------------------------
/cluster/project/roles/hybrid_cloud_demo/files/argocd/app_core.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: hybrid-cloud-core
5 | spec:
6 | destination:
7 | namespace: hybrid-cloud-demo
8 | server: "https://kubernetes.default.svc"
9 | source:
10 | path: k8s/core
11 | repoURL: "https://github.com/redhat-developer-demos/hybrid-cloud"
12 | targetRevision: master
13 | project: hybrid-cloud
14 | syncPolicy:
15 | automated:
16 | prune: true
17 | selfHeal: true
18 |
--------------------------------------------------------------------------------
/cluster/project/roles/hybrid_cloud_demo/files/argocd/app_knative_backend.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: hybrid-cloud-backend-knative
5 | spec:
6 | destination:
7 | namespace: hybrid-cloud-demo
8 | server: "https://kubernetes.default.svc"
9 | source:
10 | path: k8s/knative
11 | repoURL: "https://github.com/redhat-developer-demos/hybrid-cloud-app-backend"
12 | targetRevision: master
13 | project: hybrid-cloud
14 | syncPolicy:
15 | automated:
16 | prune: false
17 | selfHeal: false
18 |
--------------------------------------------------------------------------------
/cluster/project/roles/hybrid_cloud_demo/files/argocd/app_knative_frontend.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: hybrid-cloud-frontend-knative
5 | spec:
6 | destination:
7 | namespace: hybrid-cloud-demo
8 | server: "https://kubernetes.default.svc"
9 | source:
10 | path: k8s/knative
11 | repoURL: "https://github.com/redhat-developer-demos/hybrid-cloud-app-frontend"
12 | targetRevision: master
13 | project: hybrid-cloud
14 | syncPolicy:
15 | automated:
16 | prune: false
17 | selfHeal: false
18 |
--------------------------------------------------------------------------------
/cluster/project/roles/hybrid_cloud_demo/files/argocd/app_pipelines.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: hybrid-cloud-pipelines
5 | spec:
6 | destination:
7 | namespace: hybrid-cloud-demo
8 | server: "https://kubernetes.default.svc"
9 | source:
10 | path: k8s/pipelines
11 | repoURL: "http://github.com/redhat-developer-demos/hybrid-cloud"
12 | targetRevision: master
13 | project: hybrid-cloud
14 | syncPolicy:
15 | automated:
16 | prune: false
17 | selfHeal: false
18 |
--------------------------------------------------------------------------------
/cluster/project/roles/hybrid_cloud_demo/files/argocd/app_rbac.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: hybrid-cloud-rbac
5 | spec:
6 | destination:
7 | namespace: hybrid-cloud-demo
8 | server: "https://kubernetes.default.svc"
9 | source:
10 | path: k8s/rbac
11 | repoURL: "https://github.com/redhat-developer-demos/hybrid-cloud"
12 | targetRevision: master
13 | project: hybrid-cloud
14 | syncPolicy:
15 | automated:
16 | prune: false
17 | selfHeal: false
18 |
--------------------------------------------------------------------------------
/cluster/project/roles/hybrid_cloud_demo/files/argocd/app_repositories.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ConfigMap
3 | metadata:
4 | name: argocd-cm
5 | namespace: argocd
6 | labels:
7 | app.kubernetes.io/name: argocd-cm
8 | app.kubernetes.io/part-of: argocd
9 | data:
10 | repositories: |
11 | - url: https://github.com/redhat-developer-demos/hybrid-cloud
12 | - url: https://github.com/redhat-developer-demos/hybrid-cloud-app-frontend
13 | - url: https://github.com/redhat-developer-demos/hybrid-cloud-app-backend
14 |
--------------------------------------------------------------------------------
/cluster/project/roles/hybrid_cloud_demo/files/argocd/app_skupper.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: hybrid-cloud-skupper
5 | spec:
6 | destination:
7 | namespace: hybrid-cloud-demo
8 | server: "https://kubernetes.default.svc"
9 | source:
10 | path: k8s/skupper
11 | repoURL: "https://github.com/redhat-developer-demos/hybrid-cloud"
12 | targetRevision: master
13 | kustomize:
14 | images:
15 | - "quay.io/skupper/site-controller:0.3"
16 | project: hybrid-cloud
17 | syncPolicy:
18 | automated:
19 | prune: true
20 | selfHeal: true
21 |
--------------------------------------------------------------------------------
/cluster/project/roles/hybrid_cloud_demo/files/argocd/app_van.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: hybrid-cloud-van
5 | spec:
6 | destination:
7 | namespace: hybrid-cloud-demo
8 | server: "https://kubernetes.default.svc"
9 | source:
10 | path: k8s/van
11 | repoURL: "https://github.com/redhat-developer-demos/hybrid-cloud"
12 | targetRevision: master
13 | project: hybrid-cloud
14 | syncPolicy:
15 | automated:
16 | prune: true
17 | selfHeal: true
18 |
--------------------------------------------------------------------------------
/cluster/project/roles/hybrid_cloud_demo/files/argocd/app_vanilla_backend.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: hybrid-cloud-backend-vanilla
5 | spec:
6 | destination:
7 | namespace: hybrid-cloud-demo
8 | server: "https://kubernetes.default.svc"
9 | source:
10 | path: k8s/vanilla
11 | repoURL: "https://github.com/redhat-developer-demos/hybrid-cloud-app-backend"
12 | targetRevision: master
13 | project: hybrid-cloud
14 | syncPolicy:
15 | automated:
16 | prune: false
17 | selfHeal: false
18 |
--------------------------------------------------------------------------------
/cluster/project/roles/hybrid_cloud_demo/files/argocd/app_vanilla_frontend.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: hybrid-cloud-frontend-vanilla
5 | spec:
6 | destination:
7 | namespace: hybrid-cloud-demo
8 | server: "https://kubernetes.default.svc"
9 | source:
10 | path: k8s/vanilla
11 | repoURL: "https://github.com/redhat-developer-demos/hybrid-cloud-app-frontend"
12 | targetRevision: master
13 | project: hybrid-cloud
14 | syncPolicy:
15 | automated:
16 | prune: false
17 | selfHeal: false
18 |
--------------------------------------------------------------------------------
/cluster/project/roles/hybrid_cloud_demo/files/argocd/backend_app_pipelines.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: backend-app-pipelines
5 | spec:
6 | destination:
7 | namespace: hybrid-cloud-demo
8 | server: "https://kubernetes.default.svc"
9 | source:
10 | path: k8s/pipelines/backend
11 | repoURL: "http://github.com/redhat-developer-demos/hybrid-cloud"
12 | targetRevision: master
13 | project: hybrid-cloud
14 | syncPolicy:
15 | automated:
16 | prune: false
17 | selfHeal: false
18 |
--------------------------------------------------------------------------------
/cluster/project/roles/hybrid_cloud_demo/files/argocd/frontend_app_pipelines.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: Application
3 | metadata:
4 | name: frontend-app-pipelines
5 | spec:
6 | destination:
7 | namespace: hybrid-cloud-demo
8 | server: "https://kubernetes.default.svc"
9 | source:
10 | path: k8s/pipelines/frontend
11 | repoURL: "http://github.com/redhat-developer-demos/hybrid-cloud"
12 | targetRevision: master
13 | project: hybrid-cloud
14 | syncPolicy:
15 | automated:
16 | prune: false
17 | selfHeal: false
18 |
--------------------------------------------------------------------------------
/cluster/project/roles/hybrid_cloud_demo/files/argocd/project_hybrid_cloud.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: argoproj.io/v1alpha1
2 | kind: AppProject
3 | metadata:
4 | name: hybrid-cloud
5 | labels:
6 | app.kubernetes.io/part-of: argocd
7 | spec:
8 | clusterResourceWhitelist:
9 | - group: ""
10 | kind: Namespace
11 | - group: rbac.authorization.k8s.io
12 | kind: "*"
13 | description: Hybrid Cloud Demo
14 | destinations:
15 | - namespace: hybrid-cloud-demo
16 | server: https://kubernetes.default.svc
17 | namespaceResourceWhitelist:
18 | - group: serving.knative.dev
19 | kind: "*"
20 | - group: ""
21 | kind: PersistentVolumeClaim
22 | - group: ""
23 | kind: Namespace
24 | - group: tekton.dev
25 | kind: "*"
26 | - group: triggers.tekton.dev
27 | kind: "*"
28 | - group: ""
29 | kind: Service
30 | - group: apps
31 | kind: Deployment
32 | - group: ""
33 | kind: ConfigMap
34 | - group: ""
35 | kind: Secret
36 | - group: rbac.authorization.k8s.io
37 | kind: "*"
38 | - group: ""
39 | kind: ServiceAccount
40 | orphanedResources:
41 | warn: false
42 | sourceRepos:
43 | - https://github.com/redhat-developer-demos/hybrid-cloud
44 | - https://github.com/redhat-developer-demos/hybrid-cloud-app-frontend
45 | - https://github.com/redhat-developer-demos/hybrid-cloud-app-backend
46 |
--------------------------------------------------------------------------------
/cluster/project/roles/hybrid_cloud_demo/tasks/argocd_app_status.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: "Wait Argo CD App::{{argocd_app_name}} to be Sync and Healthy"
3 | community.kubernetes.k8s_info:
4 | api_version: argoproj.io/v1alpha1
5 | kind: Application
6 | namespace: "{{ argocd_namespace }}"
7 | name: "{{ argocd_app_name }}"
8 | register: argocd_app
9 | retries: 60
10 | delay: 10
11 | until: argocd_app.resources[0].status and argocd_app.resources[0].status.health.status == 'Healthy' and argocd_app.resources[0].status.sync.status == 'Synced'
--------------------------------------------------------------------------------
/cluster/project/roles/hybrid_cloud_demo/tasks/argocd_apps.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Add Privileges to Argocd Controller Service Account
3 | community.kubernetes.k8s:
4 | state: present
5 | namespace: "{{ argocd_namespace }}"
6 | definition: |-
7 | apiVersion: rbac.authorization.k8s.io/v1
8 | kind: ClusterRoleBinding
9 | metadata:
10 | name: cluster-admin-argocd-application-controller
11 | roleRef:
12 | apiGroup: rbac.authorization.k8s.io
13 | kind: ClusterRole
14 | name: cluster-admin
15 | subjects:
16 | - kind: ServiceAccount
17 | name: argocd-application-controller
18 | namespace: argocd
19 |
20 | - name: Get ArgoCD Server Route
21 | community.kubernetes.k8s_info:
22 | kind: Route
23 | api_version: route.openshift.io/v1
24 | name: "{{ argocd_cr_name }}-server"
25 | namespace: "{{ argocd_namespace }}"
26 | register: argocd_ingress
27 |
28 | - name: Get ArgoCD Server Address
29 | set_fact:
30 | argocd_server: "{{ argocd_ingress.resources[0].spec.host }}"
31 |
32 | - debug: msg="Using ArgoCD Server {{ argocd_server}}"
33 |
34 | - name: ArgoCD::Add Hybrid Cloud Repositories
35 | community.kubernetes.k8s:
36 | state: present
37 | namespace: "{{ argocd_namespace }}"
38 | definition: "{{ item | from_yaml }}"
39 | wait: yes
40 | with_file:
41 | - argocd/app_repositories.yaml
42 | loop_control:
43 | label: "hybrid-cloud-repositories"
44 |
45 | - name: ArgoCD::Create hybrid-cloud project
46 | community.kubernetes.k8s:
47 | state: present
48 | namespace: "{{ argocd_namespace }}"
49 | definition: "{{ item | from_yaml }}"
50 | wait: yes
51 | with_file:
52 | - argocd/project_hybrid_cloud.yaml
53 | loop_control:
54 | label: "project-hybrid-cloud"
55 |
56 | - name: Create ArgoCD App::core
57 | community.kubernetes.k8s:
58 | state: present
59 | namespace: "{{ argocd_namespace }}"
60 | definition: "{{ item | from_yaml }}"
61 | wait: yes
62 | with_file:
63 | - argocd/app_core.yaml
64 | loop_control:
65 | label: "hybrid-cloud-core"
66 |
67 | - include_tasks: argocd_app_status.yml
68 | vars:
69 | argocd_app_name: hybrid-cloud-core
70 |
71 | - name: Create ArgoCD App::RBAC
72 | community.kubernetes.k8s:
73 | state: present
74 | namespace: "{{ argocd_namespace }}"
75 | definition: "{{ item | from_yaml }}"
76 | wait: yes
77 | with_file:
78 | - argocd/app_rbac.yaml
79 | loop_control:
80 | label: "hybrid-cloud-rbac"
81 |
82 | - include_tasks: argocd_app_status.yml
83 | vars:
84 | argocd_app_name: hybrid-cloud-rbac
85 |
86 | - name: Create ArgoCD App::Skupper
87 | community.kubernetes.k8s:
88 | state: present
89 | namespace: "{{ argocd_namespace }}"
90 | definition: "{{ item | from_yaml }}"
91 | wait: yes
92 | with_file:
93 | - argocd/app_skupper.yaml
94 | loop_control:
95 | label: "hybrid-cloud-skupper"
96 |
97 | - include_tasks: argocd_app_status.yml
98 | vars:
99 | argocd_app_name: hybrid-cloud-rbac
100 |
101 | - name: Create ArgoCD App::Backend
102 | community.kubernetes.k8s:
103 | state: present
104 | namespace: "{{ argocd_namespace }}"
105 | definition: "{{ item | from_yaml }}"
106 | wait: yes
107 | when: "'backend' in tiers"
108 | with_file:
109 | - "argocd/app_{{ backend_type|lower }}_backend.yaml"
110 | loop_control:
111 | label: "hybrid-cloud-{{ backend_type|lower }}-backend"
112 |
113 | - include_tasks: argocd_app_status.yml
114 | vars:
115 | argocd_app_name: "hybrid-cloud-backend-{{ backend_type|lower }}"
116 |
117 | - name: Create ArgoCD App::Frontend
118 | community.kubernetes.k8s:
119 | state: present
120 | namespace: "{{ argocd_namespace }}"
121 | definition: "{{ item | from_yaml }}"
122 | wait: yes
123 | when: "'frontend' in tiers"
124 | with_file:
125 | - "argocd/app_{{ backend_type|lower }}_frontend.yaml"
126 | loop_control:
127 | label: "hybrid-cloud-{{ backend_type|lower }}-frontend"
128 |
129 | - include_tasks: argocd_app_status.yml
130 | vars:
131 | argocd_app_name: "hybrid-cloud-frontend-{{ backend_type|lower }}"
132 | when: "'frontend' in tiers"
133 |
134 | - name: Create ArgoCD App::Skupper VAN
135 | community.kubernetes.k8s:
136 | state: present
137 | namespace: "{{ argocd_namespace }}"
138 | definition: "{{ item | from_yaml }}"
139 | wait: yes
140 | when: create_site_token | bool
141 | with_file:
142 | - "argocd/app_van.yaml"
143 | loop_control:
144 | label: "hybrid-cloud-van"
145 |
146 | - include_tasks: argocd_app_status.yml
147 | vars:
148 | argocd_app_name: "hybrid-cloud-van"
149 | when: create_site_token | bool
--------------------------------------------------------------------------------
/cluster/project/roles/hybrid_cloud_demo/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | # - debug: var=ansible_env.K8S_AUTH_API_KEY
4 |
5 | - include_tasks: tektoncd_add_tasks.yml
6 | tags:
7 | - tektoncd
8 |
9 |
10 | - include_tasks: argocd_apps.yml
11 | tags:
12 | - argocd
13 |
14 | # TODO #5 retrieve token from cloud-1 and create in all other clouds
--------------------------------------------------------------------------------
/cluster/project/roles/hybrid_cloud_demo/tasks/tektoncd_add_tasks.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Create Manifests Dir
3 | file:
4 | path: "{{ tasks_dir }}"
5 | state: directory
6 |
7 | - name: Download Task manifests
8 | get_url:
9 | url: "{{ item.manifest_url }}"
10 | dest: "{{ [tasks_dir,item.name] | join('/') }}.yaml"
11 | mode: "666"
12 | with_items: "{{ cluster_tasks }}"
13 |
14 | - name: Convert Task to Cluster Tasks
15 | replace:
16 | path: "{{ [tasks_dir,item.name] | join('/') }}.yaml"
17 | regexp: '(^kind:\s*)Task$'
18 | replace: '\1ClusterTask'
19 | backup: yes
20 | with_items: "{{ cluster_tasks }}"
21 |
22 | - name: Deploy Cluster Tasks
23 | community.kubernetes.k8s:
24 | state: present
25 | src: "{{ [tasks_dir,item.name] | join('/') }}.yaml"
26 | with_items: "{{ cluster_tasks }}"
27 |
--------------------------------------------------------------------------------
/k8s/core/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 |
4 | # Adds namespace to all resources.
5 | namespace: hybrid-cloud-demo
6 |
7 | # Adds hybrid-cloud-demo label to all resources.
8 | commonLabels:
9 | app.kubernetes.io/part-of: hybrid-cloud-demo
10 |
11 | resources:
12 | - namespace.yaml
13 |
--------------------------------------------------------------------------------
/k8s/core/namespace.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | name: hybrid-cloud-demo
5 | spec: {}
6 |
--------------------------------------------------------------------------------
/k8s/pipelines/backend/backend-github-triggerbindings.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: triggers.tekton.dev/v1alpha1
3 | kind: TriggerBinding
4 | metadata:
5 | name: hcdb-triggerbinding
6 | spec:
7 | params:
8 | - name: gitrevision
9 | value: $(body.head_commit.id)
10 | - name: gitrepositoryurl
11 | value: $(body.repository.url)
12 |
--------------------------------------------------------------------------------
/k8s/pipelines/backend/backend-ksvc-trigger-template.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: triggers.tekton.dev/v1alpha1
3 | kind: TriggerTemplate
4 | metadata:
5 | name: backend-ksvc-trigger-template
6 | spec:
7 | params:
8 | - name: gitrevision
9 | description: The git revision
10 | default: staging
11 | - name: gitrepositoryurl
12 | description: The git repository url
13 | resourcetemplates:
14 | - apiVersion: tekton.dev/v1beta1
15 | kind: PipelineRun
16 | metadata:
17 | generateName: backend-ksvc-deploy-run-
18 | annotations:
19 | argocd.argoproj.io/hook: PreSync
20 | labels:
21 | tekton.dev/pipeline: ksvc-deploy
22 | spec:
23 | params:
24 | - name: APP_NAME
25 | value: hybrid-cloud-backend
26 | - name: GITHUB_REPO_URL
27 | value: $(params.gitrepositoryurl)
28 | - name: GITHUB_REPO_REVISION
29 | value: $(params.gitrevision)
30 | pipelineRef:
31 | name: ksvc-deploy
32 | serviceAccountName: hybrid-cloud-demo-sa
33 | workspaces:
34 | - name: source
35 | persistentVolumeClaim:
36 | claimName: hybrid-cloud-demo-sources
37 | - configMap:
38 | name: maven-settings
39 | name: maven-settings
40 |
--------------------------------------------------------------------------------
/k8s/pipelines/backend/hcdb-github-webhook.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: triggers.tekton.dev/v1alpha1
3 | kind: EventListener
4 | metadata:
5 | name: hcdb-github-webhook
6 | labels:
7 | app: github
8 | spec:
9 | serviceAccountName: pipeline
10 | triggers:
11 | - name: hcdb-github-webhook
12 | bindings:
13 | - name: hcdb-triggerbinding
14 | template:
15 | name: backend-ksvc-trigger-template
16 | ---
17 | apiVersion: route.openshift.io/v1
18 | kind: Route
19 | metadata:
20 | name: hcdb-github-webhook
21 | labels:
22 | app.kubernetes.io/managed-by: EventListener
23 | app.kubernetes.io/part-of: Triggers
24 | eventlistener: hcdb-github-webhook
25 | spec:
26 | port:
27 | targetPort: 8080
28 | to:
29 | kind: "Service"
30 | name: el-hcdb-github-webhook
31 | weight: 100
32 | tls:
33 | termination: edge
34 |
--------------------------------------------------------------------------------
/k8s/pipelines/backend/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 |
4 | # Adds namespace to all resources.
5 | namespace: hybrid-cloud-demo
6 |
7 | # Adds hybrid-cloud-demo label to all resources.
8 | commonLabels:
9 | app.kubernetes.io/part-of: hybrid-cloud-demo
10 |
11 | resources:
12 | - backend-ksvc-trigger-template.yaml
13 | - hcdb-github-webhook.yaml
14 | - backend-github-triggerbindings.yaml
15 |
--------------------------------------------------------------------------------
/k8s/pipelines/frontend/frontend-github-triggerbindings.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: triggers.tekton.dev/v1alpha1
3 | kind: TriggerBinding
4 | metadata:
5 | name: hcdf-triggerbinding
6 | spec:
7 | params:
8 | - name: gitrevision
9 | value: $(body.head_commit.id)
10 | - name: gitrepositoryurl
11 | value: $(body.repository.url)
12 |
--------------------------------------------------------------------------------
/k8s/pipelines/frontend/frontend-svc-trigger-template.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: triggers.tekton.dev/v1alpha1
3 | kind: TriggerTemplate
4 | metadata:
5 | name: frontend-svc-trigger-template
6 | spec:
7 | params:
8 | - name: gitrevision
9 | description: The git revision
10 | default: staging
11 | - name: gitrepositoryurl
12 | description: The git repository url
13 | resourcetemplates:
14 | - apiVersion: tekton.dev/v1beta1
15 | kind: PipelineRun
16 | metadata:
17 | generateName: frontend-svc-deploy-run-
18 | namespace: hybrid-cloud-demo
19 | spec:
20 | params:
21 | - name: APP_NAME
22 | value: hybrid-cloud-frontend
23 | - name: BACKEND_SERVICE_URL
24 | value: http://hybrid-cloud-backend-skupper:8080
25 | - name: SERVICE_NAMESPACE
26 | value: hybrid-cloud-demo
27 | - name: GITHUB_REPO_URL
28 | value: $(params.gitrepositoryurl)
29 | - name: GITHUB_REPO_REVISION
30 | value: $(params.gitrevision)
31 | pipelineRef:
32 | name: svc-deploy
33 | serviceAccountName: hybrid-cloud-demo-sa
34 | workspaces:
35 | - name: source
36 | persistentVolumeClaim:
37 | claimName: hybrid-cloud-demo-sources
38 | - configMap:
39 | name: maven-settings
40 | name: maven-settings
41 |
--------------------------------------------------------------------------------
/k8s/pipelines/frontend/hcdf-github-webhook.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: triggers.tekton.dev/v1alpha1
3 | kind: EventListener
4 | metadata:
5 | name: hcdf-github-webhook
6 | labels:
7 | app: github
8 | spec:
9 | serviceAccountName: pipeline
10 | triggers:
11 | - name: hcdf-github-webhook
12 | bindings:
13 | - name: hcdf-triggerbinding
14 | template:
15 | name: frontend-svc-trigger-template
16 | ---
17 | apiVersion: route.openshift.io/v1
18 | kind: Route
19 | metadata:
20 | name: hcdf-github-webhook
21 | labels:
22 | app.kubernetes.io/managed-by: EventListener
23 | app.kubernetes.io/part-of: Triggers
24 | eventlistener: hcdf-github-webhook
25 | spec:
26 | port:
27 | targetPort: 8080
28 | to:
29 | kind: "Service"
30 | name: el-hcdf-github-webhook
31 | weight: 100
32 | tls:
33 | termination: edge
34 |
--------------------------------------------------------------------------------
/k8s/pipelines/frontend/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 |
4 | # Adds namespace to all resources.
5 | namespace: hybrid-cloud-demo
6 |
7 | # Adds hybrid-cloud-demo label to all resources.
8 | commonLabels:
9 | app.kubernetes.io/part-of: hybrid-cloud-demo
10 |
11 | resources:
12 | - frontend-svc-trigger-template.yaml
13 | - hcdf-github-webhook.yaml
14 | - frontend-github-triggerbindings.yaml
15 |
--------------------------------------------------------------------------------
/k8s/pipelines/image-updater.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: tekton.dev/v1beta1
3 | kind: Task
4 | metadata:
5 | name: image-updater
6 | spec:
7 | params:
8 | - name: driver
9 | type: string
10 | description: The driver to use for connecting, 'gitlab' or 'github'.
11 | - name: api-endpoint
12 | type: string
13 | description: >
14 | Required for private GitLab and Github installations
15 | e.g. https://gitlab.example.com leave blank otherwise.
16 | default: ""
17 | - name: file-path
18 | type: string
19 | description: Path within the source-repo to update
20 | - name: image-repo
21 | type: string
22 | description: Image repo e.g. org/repo that is being updated
23 | - name: new-image-url
24 | type: string
25 | description: Image URL to populate file with e.g. myorg/my-image:c2b4eff
26 | - name: source-branch
27 | type: string
28 | description: Branch to fetch for updating
29 | default: main
30 | - name: source-repo
31 | type: string
32 | description: Git repository to update e.g. org/repo
33 | - name: branch-generate-name
34 | type: string
35 | description: >
36 | Prefix for naming automatically generated branch, if empty, this will
37 | update source-branch
38 | - name: update-key
39 | type: string
40 | description: >
41 | JSON path within the file-path to update
42 | e.g. spec.template.spec.containers.0.image
43 | - name: insecure
44 | type: string
45 | description: Allow insecure server connections when using SSL
46 | default: "false"
47 | steps:
48 | - name: update-image
49 | image: bigkevmcd/image-updater:latest
50 | args:
51 | - "update"
52 | - "--driver=$(params.driver)"
53 | - "--file-path=$(params.file-path)"
54 | - "--image-repo=$(params.image-repo)"
55 | - "--new-image-url=$(params.new-image-url)"
56 | - "--source-branch=$(params.source-branch)"
57 | - "--source-repo=$(params.source-repo)"
58 | - "--update-key=$(params.update-key)"
59 | - "--branch-generate-name=$(params.branch-generate-name)"
60 | - "--api-endpoint=$(params.api-endpoint)"
61 | - "--insecure=$(params.insecure)"
62 | env:
63 | - name: AUTH_TOKEN
64 | valueFrom:
65 | secretKeyRef:
66 | name: image-updater-secret
67 | key: token
68 |
--------------------------------------------------------------------------------
/k8s/pipelines/ksvc-deploy.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: tekton.dev/v1beta1
2 | kind: Pipeline
3 | metadata:
4 | name: ksvc-deploy
5 | labels:
6 | pipeline.openshift.io/runtime: java
7 | pipeline.openshift.io/type: knative
8 | spec:
9 | description: >-
10 | The Pipline to build and deploy the Hybrid Cloud Demo Java App https://github.com/redhat-developer-demos/hybrid-cloud as Knative Service.
11 | params:
12 | - name: GITHUB_REPO_URL
13 | description: >-
14 | The GitHub Repo of the Java Application
15 | default: https://github.com/redhat-developer-demos/hybrid-cloud
16 | - name: GITHUB_REPO_REVISION
17 | description: >-
18 | The GitHub revision to use
19 | default: knative
20 | - name: IMAGE_NAME
21 | description: >-
22 | The fully qualified image name e.g example.com/tekton-tutorial/helloworld
23 | default: image-registry.openshift-imageregistry.svc:5000/hybrid-cloud-demo/hybrid-cloud-demo
24 | workspaces:
25 | - name: source
26 | - name: maven-settings
27 | tasks:
28 | - name: clone-sources
29 | taskRef:
30 | name: git-clone
31 | kind: ClusterTask
32 | params:
33 | - name: url
34 | value: $(params.GITHUB_REPO_URL)
35 | - name: revision
36 | value: $(params.GITHUB_REPO_REVISION)
37 | # just to do a fresh clone, as we already have the directory cloned
38 | # to reuse it we can exlude this step
39 | - name: deleteExisting
40 | value: "true"
41 | workspaces:
42 | - name: output
43 | workspace: source
44 | - name: maven-test
45 | taskRef:
46 | name: maven
47 | kind: ClusterTask
48 | runAfter:
49 | - clone-sources
50 | params:
51 | - name: GOALS
52 | value: ["-B", "clean", "test"]
53 | workspaces:
54 | - name: maven-settings
55 | workspace: maven-settings
56 | - name: source
57 | workspace: source
58 | - name: maven-package
59 | taskRef:
60 | name: maven
61 | kind: ClusterTask
62 | runAfter:
63 | - maven-test
64 | params:
65 | - name: GOALS
66 | value: ["-B", "-DskipTests", "clean", "package"]
67 | workspaces:
68 | - name: maven-settings
69 | workspace: maven-settings
70 | - name: source
71 | workspace: source
72 | - name: buildah-build-push
73 | taskRef:
74 | name: buildah
75 | kind: ClusterTask
76 | runAfter:
77 | - maven-package
78 | params:
79 | - name: CONTEXT
80 | value: "$(params.SERVICE_TIER)"
81 | - name: DOCKERFILE
82 | value: "$(params.SERVICE_TIER)/Dockerfile"
83 | - name: IMAGE
84 | value: "$(params.IMAGE_NAME)-$(params.SERVICE_TIER)"
85 | # since pushing to internal registry we skip TLS verify
86 | - name: TLSVERIFY
87 | value: "false"
88 | workspaces:
89 | - name: source
90 | workspace: source
91 | - name: create-pr
92 | taskRef:
93 | name: image-updater
94 | runAfter:
95 | - buildah-build-push
96 | # TODO ideally some integration tests should come here
97 | params:
98 | - name: driver
99 | value: "github"
100 | - name: file-path
101 | value: "k8s/knative/service.yaml"
102 | - name: image-repo
103 | value: $(params.APP_IMAGE_NAME)
104 | - name: new-image-url
105 | value: "$(params.IMAGE_NAME)-$(params.SERVICE_TIER)@$(tasks.buildah-build-push.results.IMAGE_DIGEST)"
106 | - name: source-branch
107 | value: "knative"
108 | - name: source-repo
109 | value: gogs/hybrid-cloud
110 | - name: update-key
111 | value: "spec.template.spec.containers.0.image"
112 | - name: insecure
113 | value: "true"
114 | - name: branch-generate-name
115 | value: "ci-"
116 |
--------------------------------------------------------------------------------
/k8s/pipelines/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 |
4 | # Adds namespace to all resources.
5 | namespace: hybrid-cloud-demo
6 |
7 | # Adds hybrid-cloud-demo label to all resources.
8 | commonLabels:
9 | app.kubernetes.io/part-of: hybrid-cloud-demo
10 |
11 | generatorOptions:
12 | disableNameSuffixHash: true
13 |
14 | configMapGenerator:
15 | - name: maven-settings
16 | behavior: create
17 | files:
18 | - settings.xml
19 |
20 | resources:
21 | - nexus.yaml
22 | - pvcs.yaml
23 | - openshift-cli-deploy-task.yaml
24 | - ksvc-deploy.yaml
25 | - svc-deploy.yaml
26 | - image-updater.yaml
27 |
--------------------------------------------------------------------------------
/k8s/pipelines/nexus.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: nexus
5 | spec:
6 | type: NodePort
7 | selector:
8 | app: nexus
9 | ports:
10 | - port: 8081
11 | targetPort: 8081-tcp
12 | ---
13 | apiVersion: apps/v1
14 | kind: Deployment
15 | metadata:
16 | name: nexus
17 | spec:
18 | selector:
19 | matchLabels:
20 | app: nexus
21 | template:
22 | metadata:
23 | labels:
24 | app: nexus
25 | spec:
26 | containers:
27 | - name: nexus
28 | image: docker.io/sonatype/nexus3
29 | ports:
30 | - containerPort: 8081
31 | name: 8081-tcp
32 | livenessProbe:
33 | httpGet:
34 | path: /
35 | port: 8081-tcp
36 | readinessProbe:
37 | exec:
38 | command:
39 | - cat
40 | - /nexus-data/karaf.pid
41 | # nexus has lots of init to do first time so lets give
42 | # more time for that to happen
43 | startupProbe:
44 | httpGet:
45 | path: /
46 | port: 8081-tcp
47 | failureThreshold: 18
48 | periodSeconds: 10
49 | volumeMounts:
50 | - name: nexus-data
51 | mountPath: /nexus-data
52 | volumes:
53 | - name: nexus-data
54 | emptyDir: {}
55 |
--------------------------------------------------------------------------------
/k8s/pipelines/openshift-cli-deploy-task.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: tekton.dev/v1beta1
2 | kind: Task
3 | metadata:
4 | name: openshift-cli-deploy
5 | spec:
6 | description: >-
7 | Runs openshift client. The task can use tools like yq/jq for extra processing of the Kubernetes manifests.
8 | workspaces:
9 | - name: source
10 | params:
11 | - name: SCRIPT
12 | description: The OpenShift script to run
13 | default: "oc --help"
14 | steps:
15 | - name: oc
16 | image: quay.io/rhdevelopers/origin-cli-yq-jq
17 | script: $(params.SCRIPT)
18 |
--------------------------------------------------------------------------------
/k8s/pipelines/pvcs.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolumeClaim
3 | metadata:
4 | name: hybrid-cloud-demo-sources
5 | spec:
6 | accessModes:
7 | - ReadWriteOnce
8 | volumeMode: Filesystem
9 | resources:
10 | requests:
11 | storage: 1Gi
12 |
--------------------------------------------------------------------------------
/k8s/pipelines/settings.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | nexus-snapshots
6 | admin
7 | admin123
8 |
9 |
10 | nexus-releases
11 | admin
12 | admin123
13 |
14 |
15 |
16 |
17 | nexus
18 | *
19 | http://nexus:8081/repository/maven-public/
20 |
21 |
22 |
23 |
24 | nexus
25 |
26 |
27 |
28 |
29 | central
30 | http://central
31 |
32 | true
33 |
34 |
35 | true
36 |
37 |
38 |
39 |
40 |
41 | central
42 | http://central
43 |
44 | true
45 |
46 |
47 | true
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 | nexus
56 |
57 |
58 |
--------------------------------------------------------------------------------
/k8s/pipelines/svc-deploy.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: tekton.dev/v1beta1
2 | kind: Pipeline
3 | metadata:
4 | name: svc-deploy
5 | labels:
6 | pipeline.openshift.io/runtime: java
7 | spec:
8 | description: >-
9 | The Pipline to build and deploy the Hybrid Cloud Demo Java App https://github.com/redhat-developer-demos/hybrid-cloud as a Kubernetes Service.
10 | params:
11 | - name: GITHUB_REPO_URL
12 | description: >-
13 | The GitHub Repo of the Java Application
14 | default: https://github.com/redhat-developer-demos/hybrid-cloud
15 | - name: GITHUB_REPO_REVISION
16 | description: >-
17 | The GitHub revision to use
18 | default: knative
19 | - name: IMAGE_NAME
20 | description: >-
21 | The fully qualified image name e.g example.com/tekton-tutorial/helloworld
22 | default: image-registry.openshift-imageregistry.svc:5000/hybrid-cloud-demo/hybrid-cloud-demo
23 | - name: APP_NAME
24 | description: >-
25 | The Service Name
26 | - name: SERVICE_NAMESPACE
27 | description: >-
28 | The Service Namespace
29 | default: hybrid-cloud-demo
30 | workspaces:
31 | - name: source
32 | - name: maven-settings
33 | tasks:
34 | - name: clone-sources
35 | taskRef:
36 | name: git-clone
37 | kind: ClusterTask
38 | params:
39 | - name: url
40 | value: $(params.GITHUB_REPO_URL)
41 | - name: revision
42 | value: $(params.GITHUB_REPO_REVISION)
43 | # just to do a fresh clone, as we already have the directory cloned
44 | # to reuse it we can exlude this step
45 | - name: deleteExisting
46 | value: "true"
47 | workspaces:
48 | - name: output
49 | workspace: source
50 | - name: maven-test
51 | taskRef:
52 | name: maven
53 | kind: ClusterTask
54 | runAfter:
55 | - clone-sources
56 | params:
57 | - name: GOALS
58 | value: ["-B", "clean", "test"]
59 | workspaces:
60 | - name: maven-settings
61 | workspace: maven-settings
62 | - name: source
63 | workspace: source
64 | - name: maven-package
65 | taskRef:
66 | name: maven
67 | kind: ClusterTask
68 | runAfter:
69 | - maven-test
70 | params:
71 | - name: GOALS
72 | value: ["-B", "-DskipTests", "clean", "package"]
73 | workspaces:
74 | - name: maven-settings
75 | workspace: maven-settings
76 | - name: source
77 | workspace: source
78 |
79 | - name: buildah-build-push
80 | taskRef:
81 | name: buildah
82 | kind: ClusterTask
83 | runAfter:
84 | - maven-package
85 | params:
86 | - name: CONTEXT
87 | value: "$(params.SERVICE_TIER)"
88 | - name: DOCKERFILE
89 | value: "$(params.SERVICE_TIER)/Dockerfile"
90 | - name: IMAGE
91 | value: "$(params.IMAGE_NAME)-$(params.SERVICE_TIER)"
92 | # since pushing to internal registry we skip TLS verify
93 | - name: TLSVERIFY
94 | value: "false"
95 | workspaces:
96 | - name: source
97 | workspace: source
98 |
99 | - name: create-pr
100 | taskRef:
101 | name: image-updater
102 | runAfter:
103 | - buildah-build-push
104 | # TODO ideally some integration tests should come here
105 | params:
106 | - name: driver
107 | value: "github"
108 | - name: file-path
109 | value: "k8s/vanilla/deployment.yaml"
110 | - name: image-repo
111 | value: $(params.APP_IMAGE_NAME)
112 | - name: new-image-url
113 | value: "$(params.IMAGE_NAME)-$(params.SERVICE_TIER)@$(tasks.buildah-build-push.results.IMAGE_DIGEST)"
114 | - name: source-branch
115 | value: "knative"
116 | - name: source-repo
117 | value: gogs/hybrid-cloud
118 | - name: update-key
119 | value: "spec.template.spec.containers.0.image"
120 | - name: insecure
121 | value: "true"
122 | - name: branch-generate-name
123 | value: "ci-"
124 |
125 | - name: skupper-site-token
126 | runAfter:
127 | - buildah-build-push
128 | workspaces:
129 | - name: source
130 | workspace: source
131 | taskRef:
132 | name: openshift-cli-deploy
133 | params:
134 | - name: SCRIPT
135 | value: |
136 | #!/usr/bin/env bash
137 |
138 | # if its frontend create the skupper token, ideally we can create from # any site
139 | if ! oc get secret -n "$(params.SERVICE_NAMESPACE)" site-token &>/dev/null && [ "$(params.SERVICE_TIER)" == "frontend" ]
140 | then
141 | oc create secret generic -n "$(params.SERVICE_NAMESPACE)" site-token
142 | oc label secret/site-token skupper.io/type=connection-token-request
143 | fi
144 |
--------------------------------------------------------------------------------
/k8s/rbac/hybrid-cloud-demo.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ServiceAccount
3 | metadata:
4 | name: hybrid-cloud-demo-sa
5 | namespace: default
6 | ---
7 | kind: ClusterRole
8 | apiVersion: rbac.authorization.k8s.io/v1
9 | metadata:
10 | name: hybrid-cloud-demo-deployer
11 | rules:
12 | - apiGroups: [""]
13 | resources: ["namespaces", "deployment", "service", "configmaps", "secrets"]
14 | verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
15 | - apiGroups: ["serving.knative.dev"]
16 | resources: ["services", "revisions", "routes"]
17 | verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
18 | ---
19 | apiVersion: rbac.authorization.k8s.io/v1beta1
20 | kind: ClusterRoleBinding
21 | metadata:
22 | name: hybrid-cloud-demo-deployer-binding
23 | subjects:
24 | - kind: ServiceAccount
25 | name: hybrid-cloud-demo-sa
26 | namespace: default
27 | roleRef:
28 | kind: ClusterRole
29 | name: hybrid-cloud-demo-deployer
30 | apiGroup: rbac.authorization.k8s.io
31 | ---
32 | apiVersion: rbac.authorization.k8s.io/v1beta1
33 | kind: RoleBinding
34 | metadata:
35 | name: hybrid-cloud-demo-deployer-editor
36 | subjects:
37 | - kind: ServiceAccount
38 | name: hybrid-cloud-demo-sa
39 | namespace: default
40 | roleRef:
41 | kind: ClusterRole
42 | name: edit
43 | apiGroup: rbac.authorization.k8s.io
44 | # ---
45 | # apiVersion: rbac.authorization.k8s.io/v1
46 | # kind: RoleBinding
47 | # metadata:
48 | # name: tekton-triggers-createwebhook-binding
49 | # roleRef:
50 | # kind: Role
51 | # name: tekton-triggers-createwebhook
52 | # apiGroup: rbac.authorization.k8s.io
53 | # subjects:
54 | # - kind: ServiceAccount
55 | # name: hybrid-cloud-demo-sa
56 | # namespace: default
57 | # ---
58 | # apiVersion: rbac.authorization.k8s.io/v1
59 | # kind: RoleBinding
60 | # metadata:
61 | # name: tekton-triggers-admin-binding
62 | # roleRef:
63 | # kind: Role
64 | # name: tekton-triggers-admin
65 | # apiGroup: rbac.authorization.k8s.io
66 | # subjects:
67 | # - kind: ServiceAccount
68 | # name: hybrid-cloud-demo-sa
69 | # namespace: default
70 |
--------------------------------------------------------------------------------
/k8s/rbac/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 |
4 | # Adds namespace to all resources.
5 | namespace: hybrid-cloud-demo
6 |
7 | # Adds hybrid-cloud-demo label to all resources.
8 | commonLabels:
9 | app.kubernetes.io/part-of: hybrid-cloud-demo
10 |
11 | resources:
12 | - hybrid-cloud-demo.yaml
13 | - skupper-site-controller.yaml
14 | # - tekton-triggers-admin.yaml
15 | # - tekton-triggers-admin.yaml
16 |
--------------------------------------------------------------------------------
/k8s/rbac/skupper-site-controller.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: ServiceAccount
4 | metadata:
5 | name: skupper-site-controller
6 | namespace: default
7 | labels:
8 | application: skupper-site-controller
9 | ---
10 | apiVersion: rbac.authorization.k8s.io/v1
11 | kind: ClusterRole
12 | metadata:
13 | labels:
14 | application: skupper-site-controller
15 | name: skupper-site-controller-cr
16 | rules:
17 | - apiGroups:
18 | - ""
19 | resources:
20 | - configmaps
21 | verbs:
22 | - get
23 | - list
24 | ---
25 | apiVersion: rbac.authorization.k8s.io/v1
26 | kind: Role
27 | metadata:
28 | labels:
29 | application: skupper-site-controller
30 | name: skupper-site-controller
31 | namespace: default
32 | rules:
33 | - apiGroups:
34 | - ""
35 | resources:
36 | - configmaps
37 | - pods
38 | - pods/exec
39 | - services
40 | - secrets
41 | - serviceaccounts
42 | verbs:
43 | - get
44 | - list
45 | - watch
46 | - create
47 | - update
48 | - delete
49 | - apiGroups:
50 | - apps
51 | resources:
52 | - deployments
53 | - statefulsets
54 | verbs:
55 | - get
56 | - list
57 | - watch
58 | - create
59 | - update
60 | - delete
61 | - apiGroups:
62 | - route.openshift.io
63 | resources:
64 | - routes
65 | verbs:
66 | - get
67 | - list
68 | - watch
69 | - create
70 | - delete
71 | - apiGroups:
72 | - rbac.authorization.k8s.io
73 | resources:
74 | - rolebindings
75 | - roles
76 | verbs:
77 | - get
78 | - list
79 | - watch
80 | - create
81 | - delete
82 | ---
83 | apiVersion: rbac.authorization.k8s.io/v1
84 | kind: RoleBinding
85 | metadata:
86 | labels:
87 | application: skupper-site-controller
88 | name: skupper-site-controller
89 | namespace: default
90 | subjects:
91 | - kind: ServiceAccount
92 | name: skupper-site-controller
93 | roleRef:
94 | apiGroup: rbac.authorization.k8s.io
95 | kind: Role
96 | name: skupper-site-controller
97 | ---
98 | apiVersion: rbac.authorization.k8s.io/v1
99 | kind: ClusterRoleBinding
100 | metadata:
101 | labels:
102 | application: skupper-site-controller
103 | name: skupper-site-controller-crb
104 | subjects:
105 | - kind: ServiceAccount
106 | name: skupper-site-controller
107 | namespace: default
108 | roleRef:
109 | apiGroup: rbac.authorization.k8s.io
110 | kind: ClusterRole
111 | name: skupper-site-controller-cr
112 |
--------------------------------------------------------------------------------
/k8s/rbac/tekton-triggers-admin.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | kind: Role
3 | apiVersion: rbac.authorization.k8s.io/v1
4 | metadata:
5 | name: tekton-triggers-admin
6 | rules:
7 | - apiGroups:
8 | - triggers.tekton.dev
9 | resources:
10 | - eventlisteners
11 | - triggerbindings
12 | - triggertemplates
13 | verbs:
14 | - get
15 | - apiGroups:
16 | - tekton.dev
17 | resources:
18 | - pipelineruns
19 | - pipelineresources
20 | verbs:
21 | - create
22 | - apiGroups:
23 | - ''
24 | resources:
25 | - configmaps
26 | verbs:
27 | - get
28 | - list
29 | - watch
30 |
--------------------------------------------------------------------------------
/k8s/rbac/tekton-triggers-webhook.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | kind: Role
3 | apiVersion: rbac.authorization.k8s.io/v1
4 | metadata:
5 | name: tekton-triggers-createwebhook
6 | rules:
7 | - apiGroups:
8 | - ""
9 | resources:
10 | - secrets
11 | verbs:
12 | - get
13 | - list
14 | - create
15 | - update
16 | - delete
17 | - apiGroups:
18 | - triggers.tekton.dev
19 | resources:
20 | - eventlisteners
21 | verbs:
22 | - get
23 | - list
24 | - create
25 | - update
26 | - delete
27 | - apiGroups:
28 | - extensions
29 | resources:
30 | - ingresses
31 | verbs:
32 | - create
33 | - get
34 | - list
35 | - delete
36 | - update
37 |
--------------------------------------------------------------------------------
/k8s/skupper/aws/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 |
4 | generatorOptions:
5 | disableNameSuffixHash: true
6 |
7 | configMapGenerator:
8 | - name: skupper-site
9 | behavior: create
10 | literals:
11 | - cluster-local="false"
12 | - console="true"
13 | - console-authentication="openshift"
14 | - console-password="bugs"
15 | - console-user="bunny"
16 | - edge="false"
17 | - name=hybrid-cloud-aws
18 | - router-console="true"
19 | - service-controller="true"
20 | - service-sync="true"
21 | bases:
22 | - ../base
23 |
--------------------------------------------------------------------------------
/k8s/skupper/azr/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 |
4 | generatorOptions:
5 | disableNameSuffixHash: true
6 |
7 | configMapGenerator:
8 | - name: skupper-site
9 | behavior: create
10 | literals:
11 | - cluster-local="false"
12 | - console="true"
13 | - console-authentication="openshift"
14 | - console-password="bugs"
15 | - console-user="bunny"
16 | - edge="false"
17 | - name=hybrid-cloud-azr
18 | - router-console="true"
19 | - service-controller="true"
20 | - service-sync="true"
21 | bases:
22 | - ../base
23 |
--------------------------------------------------------------------------------
/k8s/skupper/base/controller.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: apps/v1
3 | kind: Deployment
4 | metadata:
5 | name: skupper-site-controller
6 | labels:
7 | app.kubernetes.io/part-of: skupper
8 | spec:
9 | replicas: 1
10 | selector:
11 | matchLabels:
12 | application: skupper-site-controller
13 | template:
14 | metadata:
15 | labels:
16 | application: skupper-site-controller
17 | spec:
18 | serviceAccountName: skupper-site-controller
19 | containers:
20 | - name: site-controller
21 | image: quay.io/gordons/site-controller:0.3.2
22 | env:
23 | - name: WATCH_NAMESPACE
24 | valueFrom:
25 | fieldRef:
26 | fieldPath: metadata.namespace
27 | - name: SKUPPER_SERVICE_CONTROLLER_IMAGE
28 | value: quay.io/skupper/service-controller:0.3
29 |
--------------------------------------------------------------------------------
/k8s/skupper/base/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 |
4 | # Adds namespace to all resources.
5 | namespace: hybrid-cloud-demo
6 |
7 | # Adds hybrid-cloud-demo label to all resources.
8 | commonLabels:
9 | app.kubernetes.io/part-of: hybrid-cloud-demo
10 |
11 | resources:
12 | - controller.yaml
13 |
--------------------------------------------------------------------------------
/k8s/skupper/gcp/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 |
4 | generatorOptions:
5 | disableNameSuffixHash: true
6 |
7 | configMapGenerator:
8 | - name: skupper-site
9 | behavior: create
10 | literals:
11 | - cluster-local="false"
12 | - console="true"
13 | - console-authentication="openshift"
14 | - console-password="bugs"
15 | - console-user="bunny"
16 | - edge="false"
17 | - name=hybrid-cloud-gcp
18 | - router-console="true"
19 | - service-controller="true"
20 | - service-sync="true"
21 | bases:
22 | - ../base
23 |
--------------------------------------------------------------------------------
/k8s/van/kustomization.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: kustomize.config.k8s.io/v1beta1
2 | kind: Kustomization
3 |
4 | # Adds namespace to all resources.
5 | namespace: hybrid-cloud-demo
6 |
7 | # Adds hybrid-cloud-demo label to all resources.
8 | commonLabels:
9 | app.kubernetes.io/part-of: hybrid-cloud-demo
10 |
11 | resources:
12 | - site-token.yaml
13 |
--------------------------------------------------------------------------------
/k8s/van/site-token.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | apiVersion: v1
3 | kind: Secret
4 | metadata:
5 | # only allow 5 outstanding requests, before spillover
6 | # annotations:
7 | # skupper.io/cost: "5"
8 | labels:
9 | skupper.io/type: connection-token-request
10 | name: site-token
11 |
--------------------------------------------------------------------------------
/provision.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | set -e
4 |
5 | _CURR_DIR="$( cd "$(dirname "$0")" ; pwd -P )"
6 | # _K8S_AUTH_KUBECONFIG=$1
7 |
8 | # if [ -z "$_K8S_AUTH_KUBECONFIG" ];
9 | # then
10 | # echo "Please specify the KUBECONFIG to use";
11 | # exit 1;
12 | # fi
13 |
14 | docker run -it \
15 | -v "${_CURR_DIR}/env":/runner/env:Z \
16 | -v "${_CURR_DIR}/project":/runner/project:Z \
17 | -v "${_CURR_DIR}/inventory":/runner/inventory:Z \
18 | quay.io/rhdevelopers/ansible-runner-extras /runner/project/run.sh
--------------------------------------------------------------------------------