saving full work

.devcontainer/Containerfile

@@ -1,5 +1,7 @@
 FROM registry.access.redhat.com/ubi9/nodejs-22:9.5-1730543890
 
+WORKDIR /opt/app-root/src
+
 ARG USERNAME=default
 ARG NPM_GLOBAL=/usr/local/share/npm-global
 
@@ -10,13 +12,40 @@ USER root
 
 RUN umask 0002 
 
+# install zsh and oh-my-zsh
+RUN dnf install -y zsh && \
+    bash -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
+
 RUN groupadd npm && \
     usermod -a -G npm ${USERNAME} && \
     bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) && \
     chown -R ${USERNAME}:npm /usr/local/ && \
     mkdir -p /opt/app-root/src/.npm && chown -R ${USERNAME}:npm /opt/app-root/src/ && \
-    dnf install -y vim
+    dnf install -y vim jq
+
+# install kubectl
+ADD install-kubectl.sh /tmp
+RUN /tmp/install-kubectl.sh; \
+    rm /tmp/install-kubectl.sh
+
+# install kubseal
+ADD install-kubeseal.sh /tmp
+RUN /tmp/install-kubeseal.sh; \
+    rm /tmp/install-kubeseal.sh
+
+# install docker as a dependency of kind
+# only need the CLI and runtime, binding to host docker socket for access to host docker context
+RUN dnf -y install dnf-plugins-core; \
+    dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo; \
+    dnf install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+
+# install kind
+ADD install-kind.sh /tmp
+RUN /tmp/install-kind.sh; \
+    rm /tmp/install-kind.sh
 
+# symlink oc because cannot install stable stream without RH auth
+RUN ln -sf /usr/local/bin/kubectl /usr/local/bin/oc 
 
 USER default
 

.devcontainer/devcontainer.json

@@ -11,16 +11,20 @@
         "dbaeumer.vscode-eslint",
         "esbenp.prettier-vscode",
         "DavidAnson.vscode-markdownlint",
-        "ms-vscode-remote.remote-containers"
+        "ms-vscode-remote.remote-containers",
+        "foxundermoon.shell-format",
+        "timonwong.shellcheck"
       ],
       "settings": {
-        "terminal.integrated.shell.linux": "/bin/bash"
+        "terminal.integrated.shell.linux": "/bin/zsh"
       }
     }
   },
-  "forwardPorts": [3000],
+  "forwardPorts": [3000, 6443],
   "mounts": [
-    "type=bind,source=${localWorkspaceFolder}/.env,target=/workspace/ui/.env,consistency=cached"
+    "type=bind,source=${localWorkspaceFolder}/.env,target=/workspace/ui/.env,consistency=cached",
+    "source=${env:HOME}/.kube,target=/opt/app-root/src/.kube,type=bind,consistency=cached",
+    "source=/var/run/docker.sock,target=/var/run/docker.sock,type=bind"
   ],
   "runArgs": ["-p", "3000:3000"]
 }

.devcontainer/install-kind.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+# -*- indent-tabs-mode: nil; tab-width: 2; sh-indentation: 2; -*-
+
+# Install the kind binary
+
+[ $(uname -m) = x86_64 ] && curl -Lo /tmp/kind https://kind.sigs.k8s.io/dl/v0.25.0/kind-linux-amd64
+[ $(uname -m) = aarch64 ] && curl -Lo /tmp/kind https://kind.sigs.k8s.io/dl/v0.25.0/kind-linux-arm64
+chmod +x /tmp/kind
+mv /tmp/kind /usr/local/bin/kind
+kind completion zsh > ~/.oh-my-zsh/cache/completions/_kind

.devcontainer/install-kubectl.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+# -*- indent-tabs-mode: nil; tab-width: 2; sh-indentation: 2; -*-
+
+# Install the  kubectl binary
+
+ARCH=$(uname -m)
+if [ "$ARCH" == "x86_64" ] || [ "$ARCH" == "amd64" ]; then
+    ARCH="amd64"
+elif [ "$ARCH" == "aarch64" ] || [ "$ARCH" == "arm64" ]; then
+    ARCH="arm64"
+else
+    echo "Unsupported architecture: $ARCH"
+    exit 1
+fi
+
+KUBECTL_VERSION=$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)
+echo "Installing kubectl version $KUBECTL_VERSION for $ARCH..."
+curl -LO "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${ARCH}/kubectl"
+chmod +x kubectl
+mv kubectl /usr/local/bin/
+kubectl completion zsh > $ZSH/cache/completions/_kubectl
+
+curl -sLO https://access.cdn.redhat.com/content/origin/files/sha256/99/99f0ecb5477ed1a038e7279252971b4c5d50fa9a877f78610b7d4e4ee02e0589/openshift-client-linux-amd64-rhel9-4.17.6.tar.gz

.devcontainer/install-kubeseal.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+# -*- indent-tabs-mode: nil; tab-width: 2; sh-indentation: 2; -*-
+
+# Install the kubeseal binary
+
+set -x
+set -e
+set -o pipefail
+
+# Determine architecture
+ARCH=$(uname -m)
+if [ "$ARCH" == "x86_64" ] || [ "$ARCH" == "amd64" ]; then
+    ARCH="amd64"
+elif [ "$ARCH" == "aarch64" ] || [ "$ARCH" == "arm64" ]; then
+    ARCH="arm64"
+else
+    echo "Unsupported architecture: $ARCH"
+    exit 1
+fi
+
+KUBESEAL_VERSION=$(curl -s https://api.github.com/repos/bitnami-labs/sealed-secrets/tags | jq -r '.[0].name' | cut -c 2-)
+if [ -z "$KUBESEAL_VERSION" ]; then
+    echo "Failed to fetch the latest KUBESEAL_VERSION"
+    exit 1
+fi
+
+curl -OL "https://github.com/bitnami-labs/sealed-secrets/releases/download/v${KUBESEAL_VERSION}/kubeseal-${KUBESEAL_VERSION}-linux-${ARCH}.tar.gz"
+tar -xvzf kubeseal-${KUBESEAL_VERSION}-linux-${ARCH}.tar.gz kubeseal
+install -m 755 kubeseal /usr/local/bin/kubeseal
+kubeseal completion zsh > ~/.oh-my-zsh/cache/completions/_kubeseal

Makefile

@@ -20,7 +20,8 @@ ILAB_KUBE_CONTEXT?=kind-instructlab-ui
 ILAB_KUBE_NAMESPACE?=instructlab
 ILAB_KUBE_CLUSTER_NAME?=instructlab-ui
 CONTAINER_ENGINE?=docker
-DEVCONTAINER_BINARY_EXISTS ?= $(shell command -v devcontainer)
+DEVCONTAINER_BINARY_EXISTS?=$(shell command -v devcontainer)
+DEVCONTAINER_DEFAULT_SHELL?=zsh
 TAG=$(shell git rev-parse HEAD)
 ##@ Development - Helper commands for development
 .PHONY: md-lint
@@ -111,9 +112,20 @@ check-kubectl:
 		exit 1 ; \
 	fi
 
+.PHONY: check-kubeseal
+check-kubeseal:
+	$(CMD_PREFIX) if [ -z "$(shell which kubeseal)" ]; then \
+		echo "Please install kubeseal" ; \
+		echo "https://github.com/bitnami-labs/sealed-secrets?tab=readme-ov-file#kubeseal" ; \
+		exit 1 ; \
+	fi
+
 .PHONY: load-images
 load-images: ## Load images onto Kind cluster
+	$(CMD_PREFIX) docker pull ghcr.io/instructlab/ui/ui:main
 	$(CMD_PREFIX) kind load --name $(ILAB_KUBE_CLUSTER_NAME) docker-image ghcr.io/instructlab/ui/ui:main
+	$(CMD_PREFIX) docker pull registry.redhat.io/rhel9/postgresql-15:9.5-1733127512
+	$(CMD_PREFIX) kind load --name $(ILAB_KUBE_CLUSTER_NAME) docker-image registry.redhat.io/rhel9/postgresql-15:9.5-1733127512
 
 .PHONY: stop-dev-kind
 stop-dev-kind: check-kind ## Stop the Kind cluster to destroy the development environment
@@ -130,8 +142,8 @@ wait-for-readiness: # Wait for operators to be ready
 	$(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) -n ingress-nginx rollout restart deployment ingress-nginx-controller
 	$(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) -n ingress-nginx rollout status deployment ingress-nginx-controller --timeout=10m
 
-.PHONY: deploy
-deploy: wait-for-readiness ## Deploy a InstructLab UI development stack onto a kubernetes cluster
+.PHONY: deploy-kind
+deploy-kind: wait-for-readiness ## Deploy a InstructLab UI development stack onto a kubernetes cluster
 	$(CMD_PREFIX) if [ ! -f .env ]; then \
 		echo "Please create a .env file in the root of the project." ; \
 		exit 1 ; \
@@ -140,20 +152,42 @@ deploy: wait-for-readiness ## Deploy a InstructLab UI development stack onto a k
 	$(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) apply -k ./deploy/k8s/overlays/kind
 	$(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) wait --for=condition=Ready pods -n $(ILAB_KUBE_NAMESPACE) --all -l app.kubernetes.io/part-of=ui --timeout=15m
 
-.PHONY: redeploy
-redeploy: ui-image load-images ## Redeploy the InstructLab UI stack onto a kubernetes cluster
+.PHONY: redeploy-kind
+redeploy-kind: ui-image load-images ## Redeploy the InstructLab UI stack onto a kubernetes cluster
 	$(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) -n $(ILAB_KUBE_NAMESPACE) rollout restart deploy/ui
 	$(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) -n $(ILAB_KUBE_NAMESPACE) rollout restart deploy/pathservice
 
-.PHONY: undeploy
-undeploy: ## Undeploy the InstructLab UI stack from a kubernetes cluster
+.PHONY: undeploy-kind
+undeploy-kind: ## Undeploy the InstructLab UI stack from a kubernetes cluster
 	$(CMD_PREFIX) if [ -f ./deploy/k8s/overlays/kind/.env ]; then \
 		rm ./deploy/k8s/overlays/kind/.env ; \
 	fi
 	$(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) delete namespace $(ILAB_KUBE_NAMESPACE)
 
+.PHONY: deploy-umami-kind
+deploy-umami-kind: wait-for-readiness load-images
+	$(CMD_PREFIX) if [ ! -f .env ]; then \
+		echo "Please create a .env file in the root of the project." ; \
+		exit 1 ; \
+	fi
+	$(CMD_PREFIX) bash -c "source .env && \
+		deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh KIND $(UMAMI_KUBE_NAMESPACE)"
+
+	$(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) create namespace $(UMAMI_KUBE_NAMESPACE) --dry-run=client -o yaml | kubectl apply -f -
+	$(CMD_PREFIX) kubectl create -f ./deploy/k8s/overlays/kind/umami/umami-secret.yaml
+	$(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) apply -k ./deploy/k8s/overlays/kind/umami
+
+	$(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) wait --for=condition=Ready pods -n $(UMAMI_KUBE_NAMESPACE) --all -l app.kubernetes.io/part-of=umami --timeout=15m
+	$(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) port-forward -n $(UMAMI_KUBE_NAMESPACE) service/umami 3001:3001
+
+.PHONY: undeploy-umami-kind
+undeploy-umami-kind:
+	$(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) scale --replicas=0 deployment/umami -n $(UMAMI_KUBE_NAMESPACE)
+	$(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) delete -f ./deploy/k8s/overlays/kind/umami/umami-secret.yaml
+	$(CMD_PREFIX) kubectl --context=$(ILAB_KUBE_CONTEXT) delete -k ./deploy/k8s/overlays/kind/umami
+
 .PHONY: start-dev-kind ## Run the development environment on Kind cluster
-start-dev-kind: setup-kind deploy ## Setup a Kind cluster and deploy InstructLab UI on it
+start-dev-kind: setup-kind load-images deploy-kind ## Setup a Kind cluster and deploy InstructLab UI on it
 
 ##@ OpenShift - UI prod and qa deployment on OpenShift
 .PHONY: deploy-qa-openshift
@@ -162,7 +196,6 @@ deploy-qa-openshift: ## Deploy QA stack of the InstructLab UI on OpenShift
 		echo "Please create a .env file in the root of the project." ; \
 		exit 1 ; \
 	fi
-
 	$(CMD_PREFIX) yes | cp -rf .env ./deploy/k8s/overlays/openshift/qa/.env
 	$(CMD_PREFIX) oc apply -k ./deploy/k8s/overlays/openshift/qa
 	$(CMD_PREFIX) oc wait --for=condition=Ready pods -n $(ILAB_KUBE_NAMESPACE) --all -l app.kubernetes.io/part-of=ui --timeout=15m
@@ -172,14 +205,33 @@ redeploy-qa-openshift: ## Redeploy QA stack of the InstructLab UI on OpenShift
 	$(CMD_PREFIX) oc -n $(ILAB_KUBE_NAMESPACE) rollout restart deploy/ui
 	$(CMD_PREFIX) oc -n $(ILAB_KUBE_NAMESPACE) rollout restart deploy/pathservice
 
-
 .PHONY: undeploy-qa-openshift
 undeploy-qa-openshift: ## Undeploy QA stack of the InstructLab UI on OpenShift
 	$(CMD_PREFIX) oc delete -k ./deploy/k8s/overlays/openshift/qa
 	$(CMD_PREFIX) if [ -f ./deploy/k8s/overlays/openshift/qa/.env ]; then \
 		rm ./deploy/k8s/overlays/openshift/qa/.env ; \
 	fi
 
+.PHONY: deploy-umami-qa-openshift
+deploy-umami-qa-openshift:
+	$(CMD_PREFIX) if [ ! -f .env ]; then \
+		echo "Please create a .env file in the root of the project." ; \
+		exit 1 ; \
+	fi
+	$(CMD_PREFIX) source .env && \
+		deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh OPENSHIFT $(UMAMI_KUBE_NAMESPACE)
+	$(CMD_PREFIX) oc create namespace $(UMAMI_KUBE_NAMESPACE) --dry-run=client -o yaml | oc apply -f -
+	$(CMD_PREFIX) oc apply -f ./deploy/k8s/overlays/openshift/umami/umami-secret.yaml
+
+	$(CMD_PREFIX) oc apply -k ./deploy/k8s/overlays/openshift/umami
+	$(CMD_PREFIX) oc wait --for=condition=Ready pods -n $(UMAMI_KUBE_NAMESPACE) --all -l app.kubernetes.io/part-of=umami --timeout=15m
+
+.PHONY: undeploy-umami-qa-openshift
+undeploy-umami-qa-openshift:
+	$(CMD_PREFIX) oc scale --replicas=0 deployment/umami -n $(UMAMI_KUBE_NAMESPACE)
+	$(CMD_PREFIX) oc delete -f ./deploy/k8s/overlays/openshift/umami/umami-secret.yaml
+	$(CMD_PREFIX) oc delete -k ./deploy/k8s/overlays/openshift/umami
+
 .PHONY: deploy-prod-openshift
 deploy-prod-openshift: ## Deploy production stack of the InstructLab UI on OpenShift
 	$(CMD_PREFIX) if [ ! -f .env ]; then \
@@ -204,6 +256,28 @@ undeploy-prod-openshift: ## Undeploy production stack of the InstructLab UI on O
 		rm ./deploy/k8s/overlays/openshift/prod/.env ; \
 	fi
 
+.PHONY: deploy-umami-prod-openshift
+deploy-umami-prod-openshift: check-kubeseal
+	$(CMD_PREFIX) if [ ! -f .env ]; then \
+		echo "Please create a .env file in the root of the project." ; \
+		exit 1 ; \
+	fi
+	$(CMD_PREFIX) source .env && \
+		deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh "OPENSHIFT" $(UMAMI_KUBE_NAMESPACE)
+	$(CMD_PREFIX) cat deploy/k8s/overlays/openshift/umami/umami-secret.yaml | kubeseal \
+		--controller-name=sealed-secrets-controller \
+		--controller-namespace=kube-system \
+		--format yaml > ./deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml
+	$(CMD_PREFIX) oc create namespace $(UMAMI_KUBE_NAMESPACE) --dry-run=client -o yaml | oc apply -f -
+	$(CMD_PREFIX) oc apply -f deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml
+	$(CMD_PREFIX) oc apply -k deploy/k8s/overlays/openshift/umami
+
+.PHONY: undeploy-umami-prod-openshift
+undeploy-umami-prod-openshift:
+	$(CMD_PREFIX) oc scale --replicas=0 deployment/umami -n $(UMAMI_KUBE_NAMESPACE)
+	$(CMD_PREFIX) oc delete -f ./deploy/k8s/overlays/openshift/umami/umami-secret.sealedsecret.yaml
+	$(CMD_PREFIX) oc delete -k ./deploy/k8s/overlays/openshift/umami
+
 .PHONY: check-dev-container-installed
 check-dev-container-installed:
 	@if [ -z "${DEVCONTAINER_BINARY_EXISTS}" ]; then \
@@ -224,7 +298,7 @@ start-dev-container:
 .PHONY: enter-dev-container
 enter-dev-container:
 	$(MAKE) check-dev-container-installed
-	devcontainer exec --workspace-folder=./ --docker-path=${CONTAINER_ENGINE} bash
+	devcontainer exec --workspace-folder=./ --docker-path=${CONTAINER_ENGINE} ${DEVCONTAINER_DEFAULT_SHELL}
 
 .PHONY: cycle-dev-container
 cycle-dev-container:

deploy/k8s/base/umami/deploy-umami-openshift-env-secret-conversion.sh

@@ -0,0 +1,60 @@
+#!/bin/bash
+# -*- indent-tabs-mode: nil; tab-width: 2; sh-indentation: 2; -*-
+
+# Helper script to filter out `.env`` values related to umami deployment, and generate the secret manifest from that
+
+source .env
+
+if [ "$#" -ne 2 ]; then
+    echo "USAGE: $0 TARGET NAMESPACE
+      TARGET:     The deployment target. Options: [\"OPENSHIFT\", \"KIND\"]
+      NAMESPACE:  The namespace where you want to deploy the umami-secret." 1>&2
+    exit 1
+fi
+
+TARGET="$1"
+NAMESPACE="$2"
+
+
+if [ "${TARGET}" == "OPENSHIFT" ]; then
+  UMAMI_SECRET_FILE_PATH="deploy/k8s/overlays/openshift/umami/umami-secret.yaml"
+elif [ "${TARGET}" == "KIND" ]; then
+  UMAMI_SECRET_FILE_PATH="deploy/k8s/overlays/kind/umami/umami-secret.yaml"
+else
+  echo "Error, \$TARGET ${TARGET} not recongnized.
+    TARGET options: [\"OPENSHIFT\", \"KIND\"]"
+  exit 1
+fi
+
+required_vars=("DATABASE_TYPE" "POSTGRESQL_DATABASE" "POSTGRESQL_USER" "POSTGRESQL_PASSWORD" "UMAMI_APP_SECRET" "DATABASE_URL")
+
+missing_vars=()
+
+for var in "${required_vars[@]}"; do
+  if [[ -z "${!var}" ]]; then
+    missing_vars+=("$var")
+  fi
+done
+
+if [[ ${#missing_vars[@]} -gt 0 ]]; then
+  echo "The following environment variables are missing:"
+  for var in "${missing_vars[@]}"; do
+    echo "  - $var"
+  done
+  echo "Please add these variables to your .env file."
+  exit 1
+fi
+
+# Note: `.env` value  UMAMI_APP_SECRET is re-routed to APP_SECRET intentionally
+kubectl create secret generic umami-secret \
+  --from-literal DATABASE_TYPE=${DATABASE_TYPE} \
+  --from-literal POSTGRESQL_DATABASE=${POSTGRESQL_DATABASE} \
+  --from-literal POSTGRESQL_USER=${POSTGRESQL_USER} \
+  --from-literal POSTGRESQL_PASSWORD=${POSTGRESQL_PASSWORD} \
+  --from-literal APP_SECRET=${UMAMI_APP_SECRET} \
+  --from-literal DATABASE_URL=${DATABASE_URL} \
+  --namespace ${NAMESPACE} \
+  --dry-run=client \
+  -o yaml > ${UMAMI_SECRET_FILE_PATH}
+
+echo "Secret manifest has been created: ${UMAMI_SECRET_FILE_PATH}."

deploy/k8s/overlays/kind/kind.yaml

@@ -24,3 +24,5 @@ nodes:
     image: kindest/node:v1.30.0
   - role: worker
     image: kindest/node:v1.30.0
+networking:
+  apiServerPort: 6443

deploy/k8s/overlays/kind/umami/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: umami
+resources:
+  - ../../../base/umami
+  - umami-ingress.yaml