From b01a5e5550dcabea4c97beba4c053109a5543e19 Mon Sep 17 00:00:00 2001 From: Mike Hepburn Date: Sat, 27 Aug 2022 14:20:30 +1000 Subject: [PATCH 01/23] =?UTF-8?q?=F0=9F=A6=A0=20ocp=204.11=20deploy=20?= =?UTF-8?q?=F0=9F=A6=A0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- tooling/charts/tl500-base/Chart.yaml | 4 ++-- tooling/charts/tl500-base/values.yaml | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/tooling/charts/tl500-base/Chart.yaml b/tooling/charts/tl500-base/Chart.yaml index f2768c5..2c4676e 100644 --- a/tooling/charts/tl500-base/Chart.yaml +++ b/tooling/charts/tl500-base/Chart.yaml @@ -13,7 +13,7 @@ maintainers: - name: springdo dependencies: - name: sealed-secrets - version: "2.1.6" + version: "2.6.1" repository: https://bitnami-labs.github.io/sealed-secrets condition: sealed-secrets.enabled - name: stackrox-chart @@ -21,7 +21,7 @@ dependencies: repository: https://redhat-cop.github.io/helm-charts condition: stackrox-chart.enabled - name: gitops-operator - version: "0.4.2" + version: "0.4.3" repository: https://redhat-cop.github.io/helm-charts condition: gitops-operator.enabled - name: tl500-teamsters diff --git a/tooling/charts/tl500-base/values.yaml b/tooling/charts/tl500-base/values.yaml index f5c683d..f4751c9 100644 --- a/tooling/charts/tl500-base/values.yaml +++ b/tooling/charts/tl500-base/values.yaml @@ -17,17 +17,17 @@ namespaces: - name: tl500-shared operators: - codeready-workspaces: + devspaces: enabled: true - namespace: tl500-workspaces + namespace: openshift-operators subscription: - channel: latest + channel: stable approval: Automatic - operatorName: codeready-workspaces + operatorName: devspaces sourceName: redhat-operators sourceNamespace: openshift-marketplace operatorgroup: - create: true + create: false openshift-pipelines-operator-rh: enabled: true From c544a4707e8539914f47a08c28c3681032ecdd6a Mon Sep 17 00:00:00 2001 From: Mike Hepburn Date: Mon, 7 Nov 2022 09:52:06 +1000 Subject: [PATCH 02/23] =?UTF-8?q?=F0=9F=A4=A1=20devfile=20v2.1.0=20?= =?UTF-8?q?=F0=9F=A4=A1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- codereadyworkspaces/tl500-devfile.yaml | 205 +++++++++++++++---------- 1 file changed, 125 insertions(+), 80 deletions(-) diff --git a/codereadyworkspaces/tl500-devfile.yaml b/codereadyworkspaces/tl500-devfile.yaml index e8428b0..cc68ccf 100644 --- a/codereadyworkspaces/tl500-devfile.yaml +++ b/codereadyworkspaces/tl500-devfile.yaml @@ -1,94 +1,139 @@ -apiVersion: 1.0.0 +schemaVersion: 2.1.0 metadata: name: tl500 - generateName: tl500- + namespace: user1-devspaces +attributes: + .che/che-editor.yaml: | + id: eclipse/che-theia/latest + .che/che-theia-plugins.yaml: | + - id: eclipse/che-machine-exec-plugin/latest + override: + sidecar: + name: exec-plugin + - id: redhat/vscode-yaml/latest + override: + sidecar: + name: vscode-yaml + - id: vscode/typescript-language-features/latest + override: + sidecar: + name: typescript-language-features + .vscode/extensions.json: |- + { + "recommendations": [ + "eclipse/che-machine-exec-plugin", + "redhat/vscode-yaml", + "vscode/typescript-language-features" + ] + } + controller.devfile.io/devworkspace-config: + name: devworkspace-config + namespace: tl500-workspaces + controller.devfile.io/storage-type: per-workspace + metadata-name-field: generateName + metadata-name-original-value: tl500- projects: - - name: tech-exercise + - attributes: + source-origin: branch clonePath: tech-exercise - source: - type: git - location: 'https://github.com/rht-labs/tech-exercise' - branch: 'main' + git: + checkoutFrom: + revision: main + remotes: + origin: 'https://github.com/rht-labs/tech-exercise' + name: tech-exercise components: - - type: cheEditor - alias: theia-editor - id: eclipse/che-theia/latest - memoryLimit: 2Gi - - alias: exec-plugin - type: chePlugin - id: eclipse/che-machine-exec-plugin/latest - - alias: node-debug2 - type: chePlugin - id: ms-vscode/node-debug2/latest - - alias: vscode-yaml - type: chePlugin - id: redhat/vscode-yaml/latest - - alias: typescript-language-features - type: chePlugin - id: vscode/typescript-language-features/latest - - type: dockerimage - alias: stack-tl500 - image: quay.io/rht-labs/stack-tl500:3.0.16 - memoryLimit: 2Gi - mountSources: true - args: ['/bin/sh', '-c', 'sleep infinity'] - volumes: - - name: projects - containerPath: /projects - - name: config - containerPath: /home/developer/.config - - name: npm - containerPath: /home/developer/.npm - endpoints: - - name: ide-8080 - port: 8080 - attributes: - discoverable: "true" - public: "true" + - container: + args: + - /bin/sh + - '-c' + - sleep infinity + endpoints: + - attributes: + discoverable: 'true' + protocol: http + public: 'true' + exposure: public + name: ide-8080 protocol: http - - name: ide-9000 - port: 9000 - attributes: - discoverable: "true" - public: "true" + targetPort: 8080 + - attributes: + discoverable: 'true' + protocol: http + public: 'true' + exposure: public + name: ide-9000 protocol: http - - name: ide-3000 - port: 3000 - attributes: - discoverable: "true" - public: "true" + targetPort: 9000 + - attributes: + discoverable: 'true' + protocol: http + public: 'true' + exposure: public + name: ide-3000 protocol: http - - name: ide-4200 - port: 4200 - attributes: - discoverable: "true" - public: "true" + targetPort: 3000 + - attributes: + discoverable: 'true' + protocol: http + public: 'true' + exposure: public + name: ide-4200 protocol: http - - name: ide-4444 - port: 4444 - attributes: + targetPort: 4200 + - attributes: + protocol: http + exposure: public + name: ide-4444 protocol: http - - name: ide-8081 - port: 8081 - attributes: - discoverable: "true" - public: "true" + targetPort: 4444 + - attributes: + discoverable: 'true' + protocol: http + public: 'true' + exposure: public + name: ide-8081 protocol: http - - name: ide-8082 - port: 8082 - attributes: - discoverable: "true" - public: "true" + targetPort: 8081 + - attributes: + discoverable: 'true' + protocol: http + public: 'true' + exposure: public + name: ide-8082 protocol: http - - name: ide-8083 - port: 8083 - attributes: - discoverable: "true" - public: "true" + targetPort: 8082 + - attributes: + discoverable: 'true' + protocol: http + public: 'true' + exposure: public + name: ide-8083 protocol: http - - name: ide-8084 - port: 8084 - attributes: - discoverable: "true" - public: "true" + targetPort: 8083 + - attributes: + discoverable: 'true' + protocol: http + public: 'true' + exposure: public + name: ide-8084 protocol: http + targetPort: 8084 + image: 'quay.io/rht-labs/stack-tl500:3.0.16' + memoryLimit: 2Gi + mountSources: true + sourceMapping: /projects + volumeMounts: + - name: projects + path: /projects + - name: config + path: /home/developer/.config + - name: npm + path: /home/developer/.npm + name: stack-tl500 + - name: projects + volume: {} + - name: config + volume: {} + - name: npm + volume: {} From f227ec15ba2f75255c83fb12a44c453972699f57 Mon Sep 17 00:00:00 2001 From: Mike Hepburn Date: Mon, 7 Nov 2022 10:18:59 +1000 Subject: [PATCH 03/23] =?UTF-8?q?=F0=9F=A4=A1=20devfile=20v2.1.0=20?= =?UTF-8?q?=F0=9F=A4=A1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- codereadyworkspaces/tl500-devfile.yaml | 31 -------------------------- 1 file changed, 31 deletions(-) diff --git a/codereadyworkspaces/tl500-devfile.yaml b/codereadyworkspaces/tl500-devfile.yaml index cc68ccf..aea52be 100644 --- a/codereadyworkspaces/tl500-devfile.yaml +++ b/codereadyworkspaces/tl500-devfile.yaml @@ -1,37 +1,6 @@ schemaVersion: 2.1.0 metadata: name: tl500 - namespace: user1-devspaces -attributes: - .che/che-editor.yaml: | - id: eclipse/che-theia/latest - .che/che-theia-plugins.yaml: | - - id: eclipse/che-machine-exec-plugin/latest - override: - sidecar: - name: exec-plugin - - id: redhat/vscode-yaml/latest - override: - sidecar: - name: vscode-yaml - - id: vscode/typescript-language-features/latest - override: - sidecar: - name: typescript-language-features - .vscode/extensions.json: |- - { - "recommendations": [ - "eclipse/che-machine-exec-plugin", - "redhat/vscode-yaml", - "vscode/typescript-language-features" - ] - } - controller.devfile.io/devworkspace-config: - name: devworkspace-config - namespace: tl500-workspaces - controller.devfile.io/storage-type: per-workspace - metadata-name-field: generateName - metadata-name-original-value: tl500- projects: - attributes: source-origin: branch From 9609aea0850d84d93cb04ae8fd23ec0e286c3f83 Mon Sep 17 00:00:00 2001 From: Mike Hepburn Date: Mon, 7 Nov 2022 11:13:00 +1000 Subject: [PATCH 04/23] =?UTF-8?q?=F0=9F=99=80=204.11=20values=20file=20?= =?UTF-8?q?=F0=9F=99=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- tooling/charts/tl500-base/values-v4.11.yaml | 138 ++++++++++++++++++++ tooling/charts/tl500-base/values.yaml | 12 +- 2 files changed, 145 insertions(+), 5 deletions(-) create mode 100644 tooling/charts/tl500-base/values-v4.11.yaml diff --git a/tooling/charts/tl500-base/values-v4.11.yaml b/tooling/charts/tl500-base/values-v4.11.yaml new file mode 100644 index 0000000..f4751c9 --- /dev/null +++ b/tooling/charts/tl500-base/values-v4.11.yaml @@ -0,0 +1,138 @@ +# Default values for tl500 +gitlab_app_name: "gitlab-ce" + +# Create a helper to create a prefix if one isn't provided? Would help if we moved to shared clusters +prefix: "" + +# Group name in LDAP / IdM (FreeIPA) for attendees. +group_name: student + +# Namespace where IDM runs, in case is deployed in OCP. Otherwise leave it empty or blank. +ipa_namespace: ipa + +namespaces: + - name: tl500-workspaces + - name: tl500-tech-exercise + - name: tl500-gitlab + - name: tl500-shared + +operators: + devspaces: + enabled: true + namespace: openshift-operators + subscription: + channel: stable + approval: Automatic + operatorName: devspaces + sourceName: redhat-operators + sourceNamespace: openshift-marketplace + operatorgroup: + create: false + + openshift-pipelines-operator-rh: + enabled: true + namespace: openshift-operators + subscription: + channel: latest + approval: Automatic + operatorName: openshift-pipelines-operator-rh + sourceName: redhat-operators + sourceNamespace: openshift-marketplace + operatorgroup: + create: false + + elasticsearch-operator: + enabled: true + namespace: openshift-operators + subscription: + channel: stable-5.3 + approval: Automatic + operatorName: elasticsearch-operator + sourceName: redhat-operators + sourceNamespace: openshift-marketplace + operatorgroup: + create: false + + cluster-logging-operator: + enabled: true + namespace: openshift-logging + subscription: + channel: stable-5.3 + approval: Automatic + operatorName: cluster-logging + sourceName: redhat-operators + sourceNamespace: openshift-marketplace + operatorgroup: + create: true + + cert-utils-operator: + enabled: true + namespace: openshift-operators + subscription: + channel: alpha + approval: Automatic + operatorName: cert-utils-operator + sourceName: community-operators + sourceNamespace: openshift-marketplace + operatorgroup: + create: false + +logging: + # Might be needed with clusters that have an infra plane + # nodeSelector: + # key: node-role.kubernetes.io/infra + # value: '' + namespace: openshift-logging + +gitlab: + namespace: tl500-gitlab + root_password: 7aydhn160bOrrsGEbnd172rE + imagestreams: + - name: "gitlab-ce" + tag_name: "gitlab-12.8.7" + stream_uri: "gitlab/gitlab-ce:12.8.7-ce.0" + - name: "gitlab-ce-redis" + tag_name: "5.0.4" + stream_uri: "redis:5.0.4-alpine" + - name: "postgresql" + tag_name: "latest" + stream_uri: "registry.redhat.io/rhscl/postgresql-96-rhel7" + ldap: +# port: "389" +# base: "dc=CORP,dc=EXAMPLE,dc=COM" +# uri: "MY-LDAP.example.corp.com" +# user_filter: "" +# validate_certs: "false" +# bind_dn: uid=ldap-admin,cn=users,cn=accounts,dc=CORP,dc=EXAMPLE,dc=COM +# password: password + secret_name: ldap-bind-password + +sealed-secrets: + # Disabled by default + enabled: true + nameOverride: sealed-secrets + fullnameOverride: sealed-secrets + namespace: tl500-shared + # Dont touch the security context values, deployment will fail in OpenShift otherwise. + podSecurityContext: + enabled: false + containerSecurityContext: + enabled: false + commandArgs: + - "--update-status=true" + +userworkloadmonitoring: true + +stackrox-chart: + enabled: true + stackrox: + clusterName: tl500 + namespace: stackrox + +gitops-operator: + enabled: true + namespaces: [] + ignoreHelmHooks: false + +tl500-teamsters: + enabled: true \ No newline at end of file diff --git a/tooling/charts/tl500-base/values.yaml b/tooling/charts/tl500-base/values.yaml index f4751c9..36cbe88 100644 --- a/tooling/charts/tl500-base/values.yaml +++ b/tooling/charts/tl500-base/values.yaml @@ -17,17 +17,17 @@ namespaces: - name: tl500-shared operators: - devspaces: + codeready-workspaces: enabled: true - namespace: openshift-operators + namespace: tl500-workspaces subscription: - channel: stable + channel: latest approval: Automatic - operatorName: devspaces + operatorName: codeready-workspaces sourceName: redhat-operators sourceNamespace: openshift-marketplace operatorgroup: - create: false + create: true openshift-pipelines-operator-rh: enabled: true @@ -97,6 +97,8 @@ gitlab: - name: "postgresql" tag_name: "latest" stream_uri: "registry.redhat.io/rhscl/postgresql-96-rhel7" +# a body of CA certificate that Gitlab should be using goes in here. Body needs to be Base64! +# cacert: ldap: # port: "389" # base: "dc=CORP,dc=EXAMPLE,dc=COM" From a32cc4d505154c8210b56f347b85702709b7db27 Mon Sep 17 00:00:00 2001 From: Mike Hepburn Date: Mon, 7 Nov 2022 12:22:51 +1000 Subject: [PATCH 05/23] =?UTF-8?q?=F0=9F=99=80=204.11=20values=20file=20?= =?UTF-8?q?=F0=9F=99=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- codereadyworkspaces/tl500-devfile.yaml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/codereadyworkspaces/tl500-devfile.yaml b/codereadyworkspaces/tl500-devfile.yaml index aea52be..11cf41d 100644 --- a/codereadyworkspaces/tl500-devfile.yaml +++ b/codereadyworkspaces/tl500-devfile.yaml @@ -1,6 +1,15 @@ schemaVersion: 2.1.0 metadata: name: tl500 + namespace: user1-devspaces +attributes: + che-theia.eclipse.org/sidecar-policy: USE_DEV_CONTAINER + controller.devfile.io/devworkspace-config: + name: devworkspace-config + namespace: tl500-workspaces + controller.devfile.io/storage-type: per-workspace + metadata-name-field: generateName + metadata-name-original-value: tl500- projects: - attributes: source-origin: branch @@ -88,7 +97,6 @@ components: name: ide-8084 protocol: http targetPort: 8084 - image: 'quay.io/rht-labs/stack-tl500:3.0.16' memoryLimit: 2Gi mountSources: true sourceMapping: /projects From 5793b67ca4db3a9eb7815cb2804a907f0b02bcac Mon Sep 17 00:00:00 2001 From: Mike Hepburn Date: Mon, 7 Nov 2022 12:24:13 +1000 Subject: [PATCH 06/23] =?UTF-8?q?=F0=9F=99=80=204.11=20values=20file=20?= =?UTF-8?q?=F0=9F=99=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- codereadyworkspaces/tl500-devfile.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/codereadyworkspaces/tl500-devfile.yaml b/codereadyworkspaces/tl500-devfile.yaml index 11cf41d..9df5f90 100644 --- a/codereadyworkspaces/tl500-devfile.yaml +++ b/codereadyworkspaces/tl500-devfile.yaml @@ -97,6 +97,7 @@ components: name: ide-8084 protocol: http targetPort: 8084 + image: 'quay.io/rht-labs/stack-tl500:3.0.16' memoryLimit: 2Gi mountSources: true sourceMapping: /projects From ad0d896b987c120caf3735b4ac6f3a2d7877ce6d Mon Sep 17 00:00:00 2001 From: Mike Hepburn Date: Mon, 7 Nov 2022 12:37:02 +1000 Subject: [PATCH 07/23] =?UTF-8?q?=F0=9F=99=80=20devfile=20v2=20values=20fi?= =?UTF-8?q?le=20=F0=9F=99=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- codereadyworkspaces/tl500-devfile-v2.yaml | 116 ++++++++++++++ codereadyworkspaces/tl500-devfile.yaml | 185 ++++++++++------------ 2 files changed, 197 insertions(+), 104 deletions(-) create mode 100644 codereadyworkspaces/tl500-devfile-v2.yaml diff --git a/codereadyworkspaces/tl500-devfile-v2.yaml b/codereadyworkspaces/tl500-devfile-v2.yaml new file mode 100644 index 0000000..3918354 --- /dev/null +++ b/codereadyworkspaces/tl500-devfile-v2.yaml @@ -0,0 +1,116 @@ +schemaVersion: 2.1.0 +metadata: + name: tl500 +attributes: + che-theia.eclipse.org/sidecar-policy: USE_DEV_CONTAINER + controller.devfile.io/devworkspace-config: + name: devworkspace-config + namespace: tl500-workspaces + controller.devfile.io/storage-type: per-workspace + metadata-name-field: generateName + metadata-name-original-value: tl500- +projects: + - attributes: + source-origin: branch + clonePath: tech-exercise + git: + checkoutFrom: + revision: main + remotes: + origin: 'https://github.com/rht-labs/tech-exercise' + name: tech-exercise +components: + - container: + args: + - /bin/sh + - '-c' + - sleep infinity + endpoints: + - attributes: + discoverable: 'true' + protocol: http + public: 'true' + exposure: public + name: ide-8080 + protocol: http + targetPort: 8080 + - attributes: + discoverable: 'true' + protocol: http + public: 'true' + exposure: public + name: ide-9000 + protocol: http + targetPort: 9000 + - attributes: + discoverable: 'true' + protocol: http + public: 'true' + exposure: public + name: ide-3000 + protocol: http + targetPort: 3000 + - attributes: + discoverable: 'true' + protocol: http + public: 'true' + exposure: public + name: ide-4200 + protocol: http + targetPort: 4200 + - attributes: + protocol: http + exposure: public + name: ide-4444 + protocol: http + targetPort: 4444 + - attributes: + discoverable: 'true' + protocol: http + public: 'true' + exposure: public + name: ide-8081 + protocol: http + targetPort: 8081 + - attributes: + discoverable: 'true' + protocol: http + public: 'true' + exposure: public + name: ide-8082 + protocol: http + targetPort: 8082 + - attributes: + discoverable: 'true' + protocol: http + public: 'true' + exposure: public + name: ide-8083 + protocol: http + targetPort: 8083 + - attributes: + discoverable: 'true' + protocol: http + public: 'true' + exposure: public + name: ide-8084 + protocol: http + targetPort: 8084 + image: 'quay.io/rht-labs/stack-tl500:3.0.16' + memoryLimit: 2Gi + mountSources: true + sourceMapping: /projects + volumeMounts: + - name: projects + path: /projects + - name: config + path: /home/developer/.config + - name: npm + path: /home/developer/.npm + name: stack-tl500 + - name: projects + volume: {} + - name: config + volume: {} + - name: npm + volume: {} diff --git a/codereadyworkspaces/tl500-devfile.yaml b/codereadyworkspaces/tl500-devfile.yaml index 9df5f90..ee5b2cf 100644 --- a/codereadyworkspaces/tl500-devfile.yaml +++ b/codereadyworkspaces/tl500-devfile.yaml @@ -1,117 +1,94 @@ -schemaVersion: 2.1.0 +apiVersion: 1.0.0 metadata: name: tl500 - namespace: user1-devspaces -attributes: - che-theia.eclipse.org/sidecar-policy: USE_DEV_CONTAINER - controller.devfile.io/devworkspace-config: - name: devworkspace-config - namespace: tl500-workspaces - controller.devfile.io/storage-type: per-workspace - metadata-name-field: generateName - metadata-name-original-value: tl500- + generateName: tl500- projects: - - attributes: - source-origin: branch + - name: tech-exercise clonePath: tech-exercise - git: - checkoutFrom: - revision: main - remotes: - origin: 'https://github.com/rht-labs/tech-exercise' - name: tech-exercise + source: + type: git + location: 'https://github.com/rht-labs/tech-exercise' + branch: 'main' components: - - container: - args: - - /bin/sh - - '-c' - - sleep infinity - endpoints: - - attributes: - discoverable: 'true' - protocol: http - public: 'true' - exposure: public - name: ide-8080 + - type: cheEditor + alias: theia-editor + id: eclipse/che-theia/latest + memoryLimit: 2Gi + - alias: exec-plugin + type: chePlugin + id: eclipse/che-machine-exec-plugin/latest + - alias: node-debug2 + type: chePlugin + id: ms-vscode/node-debug2/latest + - alias: vscode-yaml + type: chePlugin + id: redhat/vscode-yaml/latest + - alias: typescript-language-features + type: chePlugin + id: vscode/typescript-language-features/latest + - type: dockerimage + alias: stack-tl500 + image: quay.io/rht-labs/stack-tl500:3.0.16 + memoryLimit: 2Gi + mountSources: true + args: ['/bin/sh', '-c', 'sleep infinity'] + volumes: + - name: projects + containerPath: /projects + - name: config + containerPath: /home/developer/.config + - name: npm + containerPath: /home/developer/.npm + endpoints: + - name: ide-8080 + port: 8080 + attributes: + discoverable: "true" + public: "true" protocol: http - targetPort: 8080 - - attributes: - discoverable: 'true' - protocol: http - public: 'true' - exposure: public - name: ide-9000 + - name: ide-9000 + port: 9000 + attributes: + discoverable: "true" + public: "true" protocol: http - targetPort: 9000 - - attributes: - discoverable: 'true' - protocol: http - public: 'true' - exposure: public - name: ide-3000 + - name: ide-3000 + port: 3000 + attributes: + discoverable: "true" + public: "true" protocol: http - targetPort: 3000 - - attributes: - discoverable: 'true' - protocol: http - public: 'true' - exposure: public - name: ide-4200 + - name: ide-4200 + port: 4200 + attributes: + discoverable: "true" + public: "true" protocol: http - targetPort: 4200 - - attributes: - protocol: http - exposure: public - name: ide-4444 + - name: ide-4444 + port: 4444 + attributes: protocol: http - targetPort: 4444 - - attributes: - discoverable: 'true' - protocol: http - public: 'true' - exposure: public - name: ide-8081 + - name: ide-8081 + port: 8081 + attributes: + discoverable: "true" + public: "true" protocol: http - targetPort: 8081 - - attributes: - discoverable: 'true' - protocol: http - public: 'true' - exposure: public - name: ide-8082 + - name: ide-8082 + port: 8082 + attributes: + discoverable: "true" + public: "true" protocol: http - targetPort: 8082 - - attributes: - discoverable: 'true' - protocol: http - public: 'true' - exposure: public - name: ide-8083 + - name: ide-8083 + port: 8083 + attributes: + discoverable: "true" + public: "true" protocol: http - targetPort: 8083 - - attributes: - discoverable: 'true' - protocol: http - public: 'true' - exposure: public - name: ide-8084 - protocol: http - targetPort: 8084 - image: 'quay.io/rht-labs/stack-tl500:3.0.16' - memoryLimit: 2Gi - mountSources: true - sourceMapping: /projects - volumeMounts: - - name: projects - path: /projects - - name: config - path: /home/developer/.config - - name: npm - path: /home/developer/.npm - name: stack-tl500 - - name: projects - volume: {} - - name: config - volume: {} - - name: npm - volume: {} + - name: ide-8084 + port: 8084 + attributes: + discoverable: "true" + public: "true" + protocol: http \ No newline at end of file From 8c3f56d242f61e5677afbd3131e66829c1eaac61 Mon Sep 17 00:00:00 2001 From: Mike Hepburn Date: Mon, 7 Nov 2022 13:14:44 +1000 Subject: [PATCH 08/23] =?UTF-8?q?=F0=9F=A4=8D=20docs=204.11=20=F0=9F=A4=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- tooling/README.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/tooling/README.md b/tooling/README.md index 145a757..b706b3c 100644 --- a/tooling/README.md +++ b/tooling/README.md @@ -2,7 +2,7 @@ This directory contains the necessary charts used in order to deploy a TL500 Tech Stack against an OCP 4.X cluster. This assumes that the cluster has valid certificates. -🐞 Please ensure your cluster is the latest Z release - 4.9.z or 4.10.z release. We test against these. 🐞 +🐞 Please ensure your cluster is the latest Z release - 4.10.z or 4.11.z release. We test against these. 🐞 This chart is capable of deploying the following: @@ -30,6 +30,8 @@ When specifying a chart version, make sure to use the same version for both char 1. Install TL500 Base +For 4.10.z OpenShift: + ```bash helm repo add enablement-framework https://rht-labs.com/enablement-framework helm repo update @@ -37,6 +39,12 @@ helm search repo enablement-framework helm install tl500-base enablement-framework/tl500-base --version XYZ --namespace tl500 --create-namespace --timeout=15m ``` +When deploying to OpenShift 4.11.z+ there are some breaking changes in newer OpenShift versions, specifically around DevSpaces operator. Use the newer values file: + +```bash +helm install tl500-base enablement-framework/tl500-base -f tl500-base/values-v4.11.yaml --version XYZ --namespace tl500 --create-namespace --timeout=15m +``` + 2. Install TL500 Course Content ```bash From 1ef7910069c47af0195a19ef7a5897711ac8a198 Mon Sep 17 00:00:00 2001 From: Mike Hepburn Date: Mon, 7 Nov 2022 13:44:13 +1000 Subject: [PATCH 09/23] =?UTF-8?q?=F0=9F=92=94=204.11=20stackrox=20service?= =?UTF-8?q?=20account=20token=20needed=20=F0=9F=92=94?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../templates/stackrox/configure-stackrox-job.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tooling/charts/tl500-course-content/templates/stackrox/configure-stackrox-job.yaml b/tooling/charts/tl500-course-content/templates/stackrox/configure-stackrox-job.yaml index 8989cc6..c0faeca 100644 --- a/tooling/charts/tl500-course-content/templates/stackrox/configure-stackrox-job.yaml +++ b/tooling/charts/tl500-course-content/templates/stackrox/configure-stackrox-job.yaml @@ -38,6 +38,12 @@ spec: # wait for sericeaccount echo "waiting for tl500 pipline service account ..." while test 0 == $(oc -n tl500 get sa/pipeline -o name 2>/dev/null | wc -l); do sleep 5; done + # support newer installation where token not generated automatically + oc serviceaccounts get-token pipeline -n tl500 + if [ $? != 0 ]; then + echo '{"apiVersion":"v1","kind":"Secret","metadata":{"name":"pipeline-token","namespace":"tl500","annotations": {"kubernetes.io/service-account.name":"pipeline"}},"type":"kubernetes.io/service-account-token"}' | oc -n tl500 apply -f- + oc -n tl500 secret link pipeline pipeline-token + fi TOKEN=$(oc serviceaccounts get-token pipeline -n tl500) RET=$(curl -sk -u "admin:${ROX_ADMIN_PASSWD}" "https://$ROX_ENDPOINT/v1/imageintegrations" -d "{\"id\": \"\",\"name\": \"tl500\",\"categories\": [\"REGISTRY\"],\"docker\": {\"endpoint\": \"https://image-registry.openshift-image-registry.svc:5000\",\"username\": \"\",\"password\": \"${TOKEN}\",\"insecure\": true},\"autogenerated\": false,\"clusterId\": \"\",\"clusters\": [],\"skipTestIntegration\": false,\"type\": \"docker\" }" | jq .error) if [[ ${RET} != "null" && ! -z ${RET} ]]; then From 3e0bb4f58a4361b8dcde8a44f14ebcbf7e8c2aa4 Mon Sep 17 00:00:00 2001 From: Mike Hepburn Date: Thu, 10 Nov 2022 08:20:59 +1000 Subject: [PATCH 10/23] =?UTF-8?q?=F0=9F=99=80=20devfile=20v2=20values=20fi?= =?UTF-8?q?le=20=F0=9F=99=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- codereadyworkspaces/tl500-devfile.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codereadyworkspaces/tl500-devfile.yaml b/codereadyworkspaces/tl500-devfile.yaml index ee5b2cf..e8428b0 100644 --- a/codereadyworkspaces/tl500-devfile.yaml +++ b/codereadyworkspaces/tl500-devfile.yaml @@ -91,4 +91,4 @@ components: attributes: discoverable: "true" public: "true" - protocol: http \ No newline at end of file + protocol: http From 247e1c01e138bebde71b6df3e071b394fe7a1ab1 Mon Sep 17 00:00:00 2001 From: Mike Hepburn Date: Sat, 12 Nov 2022 09:28:22 +1000 Subject: [PATCH 11/23] =?UTF-8?q?=F0=9F=99=80=20devfile=20v2=20values=20fi?= =?UTF-8?q?le=20=F0=9F=99=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../templates/crw/crw.yaml | 40 ++++++++----------- 1 file changed, 17 insertions(+), 23 deletions(-) diff --git a/tooling/charts/tl500-course-content/templates/crw/crw.yaml b/tooling/charts/tl500-course-content/templates/crw/crw.yaml index 0161f6c..123c546 100644 --- a/tooling/charts/tl500-course-content/templates/crw/crw.yaml +++ b/tooling/charts/tl500-course-content/templates/crw/crw.yaml @@ -1,5 +1,5 @@ {{- if .Values.crw }} -apiVersion: org.eclipse.che/v1 +apiVersion: org.eclipse.che/v2 kind: CheCluster metadata: annotations: @@ -8,24 +8,15 @@ metadata: name: {{ .Values.crw.name | default "codeready-workspaces" | quote }} namespace: {{ .Values.crw.namespace | default "tl500-workspaces" | quote }} spec: - server: - cheImageTag: {{ .Values.crw.cheImageTag | default "" | quote }} - cheFlavor: {{ .Values.crw.cheFlavor | default "codeready" | quote }} - devfileRegistryImage: {{ .Values.crw.devRegImage | default "" | quote }} - pluginRegistryImage: {{ .Values.crw.pluginRegImage | default "" | quote }} - tlsSupport: {{ .Values.crw.tlsSupport | default false }} - selfSignedCert: {{ .Values.crw.selfSignedCert | default false }} -{{- if .Values.crw.gitCustomCA }} - gitSelfSignedCert: true -{{- end }} - customCheProperties: {{ toYaml .Values.crw.properties | nindent 6 | default "" }} - database: - externalDb: false - chePostgresHostName: '' - chePostgresPort: '' - chePostgresUser: '' - chePostgresPassword: '' - chePostgresDb: '' + components: + database: + externalDb: false + metrics: + enable: false + cheServer: + debug: false + logLevel: INFO + extraProperties: {{ toYaml .Values.crw.properties | nindent 8 | default "" }} auth: openShiftoAuth: true identityProviderImage: '' @@ -33,8 +24,11 @@ spec: identityProviderURL: '' identityProviderRealm: '' identityProviderClientId: '' - storage: - pvcStrategy: per-workspace - pvcClaimSize: 2Gi - preCreateSubPaths: true + devEnvironments: + secondsOfRunBeforeIdling: -1 + defaultNamespace: + template: -devspaces + secondsOfInactivityBeforeIdling: -1 + storage: + pvcStrategy: per-user {{- end }} From c5d5e746de1dbf29c366fa163f3b10bae3888d48 Mon Sep 17 00:00:00 2001 From: Mike Hepburn Date: Sat, 12 Nov 2022 09:29:42 +1000 Subject: [PATCH 12/23] =?UTF-8?q?=F0=9F=99=80=20devfile=20v2=20values=20fi?= =?UTF-8?q?le=20=F0=9F=99=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- tooling/charts/tl500-course-content/templates/crw/crw.yaml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/tooling/charts/tl500-course-content/templates/crw/crw.yaml b/tooling/charts/tl500-course-content/templates/crw/crw.yaml index 123c546..591cd57 100644 --- a/tooling/charts/tl500-course-content/templates/crw/crw.yaml +++ b/tooling/charts/tl500-course-content/templates/crw/crw.yaml @@ -17,13 +17,6 @@ spec: debug: false logLevel: INFO extraProperties: {{ toYaml .Values.crw.properties | nindent 8 | default "" }} - auth: - openShiftoAuth: true - identityProviderImage: '' - externalIdentityProvider: false - identityProviderURL: '' - identityProviderRealm: '' - identityProviderClientId: '' devEnvironments: secondsOfRunBeforeIdling: -1 defaultNamespace: From 1e03aa6ef52b0fab097f2b9848fd2c0147191b24 Mon Sep 17 00:00:00 2001 From: Mike Hepburn Date: Sat, 12 Nov 2022 10:22:01 +1000 Subject: [PATCH 13/23] =?UTF-8?q?=F0=9F=99=80=20devfile=20v2=20values=20fi?= =?UTF-8?q?le=20=F0=9F=99=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- tooling/charts/tl500-course-content/templates/crw/crw.yaml | 5 +++-- tooling/charts/tl500-course-content/values.yaml | 6 ++---- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/tooling/charts/tl500-course-content/templates/crw/crw.yaml b/tooling/charts/tl500-course-content/templates/crw/crw.yaml index 591cd57..1e73d91 100644 --- a/tooling/charts/tl500-course-content/templates/crw/crw.yaml +++ b/tooling/charts/tl500-course-content/templates/crw/crw.yaml @@ -18,10 +18,11 @@ spec: logLevel: INFO extraProperties: {{ toYaml .Values.crw.properties | nindent 8 | default "" }} devEnvironments: - secondsOfRunBeforeIdling: -1 + runningLimit: 1 + secondsOfRunBeforeIdling: {{ .Values.crw.secondsOfRunBeforeIdling | default "-1" | quote }} defaultNamespace: template: -devspaces - secondsOfInactivityBeforeIdling: -1 + secondsOfInactivityBeforeIdling: {{ .Values.crw.secondsOfInactivityBeforeIdling | default "-1" | quote }} storage: pvcStrategy: per-user {{- end }} diff --git a/tooling/charts/tl500-course-content/values.yaml b/tooling/charts/tl500-course-content/values.yaml index 8b2a839..520884b 100644 --- a/tooling/charts/tl500-course-content/values.yaml +++ b/tooling/charts/tl500-course-content/values.yaml @@ -43,13 +43,11 @@ crw: # your CA certificate goes here # -----END CERTIFICATE----- tlsSupport: true + secondsOfRunBeforeIdling: "-1" + secondsOfInactivityBeforeIdling: "-1" properties: CHE_LIMITS_USER_WORKSPACES_COUNT: "2" - CHE_LIMITS_USER_WORKSPACES_RUN_COUNT: "1" - CHE_WORKSPACE_SIDECAR_IMAGE__PULL__POLICY: "Always" - CHE_DOCKER_ALWAYS__PULL__IMAGE: "true" CHE_WORKSPACE_DEFAULT__MEMORY__LIMIT__MB: "3072" - CHE_LIMITS_WORKSPACE_IDLE_TIMEOUT: "-1" # Tech-exercises deployment to engagement environment # Deployment done only if `docs:` is uncommented From 35e6865e54edd1b0762fc0b505dfb09091a6f839 Mon Sep 17 00:00:00 2001 From: Mike Hepburn Date: Sat, 12 Nov 2022 10:29:25 +1000 Subject: [PATCH 14/23] =?UTF-8?q?=F0=9F=99=80=20devfile=20v2=20values=20fi?= =?UTF-8?q?le=20=F0=9F=99=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../templates/crw/crw.yaml | 48 ++++++++------ .../templates/crw/crwv2.yaml | 28 +++++++++ .../tl500-course-content/values-v411.yaml | 62 +++++++++++++++++++ .../charts/tl500-course-content/values.yaml | 9 +-- 4 files changed, 121 insertions(+), 26 deletions(-) create mode 100644 tooling/charts/tl500-course-content/templates/crw/crwv2.yaml create mode 100644 tooling/charts/tl500-course-content/values-v411.yaml diff --git a/tooling/charts/tl500-course-content/templates/crw/crw.yaml b/tooling/charts/tl500-course-content/templates/crw/crw.yaml index 1e73d91..2b5a92f 100644 --- a/tooling/charts/tl500-course-content/templates/crw/crw.yaml +++ b/tooling/charts/tl500-course-content/templates/crw/crw.yaml @@ -1,5 +1,5 @@ {{- if .Values.crw }} -apiVersion: org.eclipse.che/v2 +apiVersion: org.eclipse.che/v1 kind: CheCluster metadata: annotations: @@ -8,21 +8,33 @@ metadata: name: {{ .Values.crw.name | default "codeready-workspaces" | quote }} namespace: {{ .Values.crw.namespace | default "tl500-workspaces" | quote }} spec: - components: - database: - externalDb: false - metrics: - enable: false - cheServer: - debug: false - logLevel: INFO - extraProperties: {{ toYaml .Values.crw.properties | nindent 8 | default "" }} - devEnvironments: - runningLimit: 1 - secondsOfRunBeforeIdling: {{ .Values.crw.secondsOfRunBeforeIdling | default "-1" | quote }} - defaultNamespace: - template: -devspaces - secondsOfInactivityBeforeIdling: {{ .Values.crw.secondsOfInactivityBeforeIdling | default "-1" | quote }} - storage: - pvcStrategy: per-user + server: + cheImageTag: {{ .Values.crw.cheImageTag | default "" | quote }} + cheFlavor: {{ .Values.crw.cheFlavor | default "codeready" | quote }} + devfileRegistryImage: {{ .Values.crw.devRegImage | default "" | quote }} + pluginRegistryImage: {{ .Values.crw.pluginRegImage | default "" | quote }} + tlsSupport: {{ .Values.crw.tlsSupport | default false }} + selfSignedCert: {{ .Values.crw.selfSignedCert | default false }} +{{- if .Values.crw.gitCustomCA }} + gitSelfSignedCert: true {{- end }} + customCheProperties: {{ toYaml .Values.crw.properties | nindent 6 | default "" }} + database: + externalDb: false + chePostgresHostName: '' + chePostgresPort: '' + chePostgresUser: '' + chePostgresPassword: '' + chePostgresDb: '' + auth: + openShiftoAuth: true + identityProviderImage: '' + externalIdentityProvider: false + identityProviderURL: '' + identityProviderRealm: '' + identityProviderClientId: '' + storage: + pvcStrategy: per-workspace + pvcClaimSize: 2Gi + preCreateSubPaths: true +{{- end }} \ No newline at end of file diff --git a/tooling/charts/tl500-course-content/templates/crw/crwv2.yaml b/tooling/charts/tl500-course-content/templates/crw/crwv2.yaml new file mode 100644 index 0000000..01f9e09 --- /dev/null +++ b/tooling/charts/tl500-course-content/templates/crw/crwv2.yaml @@ -0,0 +1,28 @@ +{{- if .Values.crwv2 }} +apiVersion: org.eclipse.che/v2 +kind: CheCluster +metadata: + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "25" + name: {{ .Values.crw.name | default "codeready-workspaces" | quote }} + namespace: {{ .Values.crw.namespace | default "tl500-workspaces" | quote }} +spec: + components: + database: + externalDb: false + metrics: + enable: false + cheServer: + debug: false + logLevel: INFO + extraProperties: {{ toYaml .Values.crw.properties | nindent 8 | default "" }} + devEnvironments: + runningLimit: 1 + secondsOfRunBeforeIdling: {{ .Values.crw.secondsOfRunBeforeIdling | default "-1" | quote }} + defaultNamespace: + template: -devspaces + secondsOfInactivityBeforeIdling: {{ .Values.crw.secondsOfInactivityBeforeIdling | default "-1" | quote }} + storage: + pvcStrategy: per-user +{{- end }} diff --git a/tooling/charts/tl500-course-content/values-v411.yaml b/tooling/charts/tl500-course-content/values-v411.yaml new file mode 100644 index 0000000..cc2ba4f --- /dev/null +++ b/tooling/charts/tl500-course-content/values-v411.yaml @@ -0,0 +1,62 @@ +# Create a helper to create a prefix if one isn't provided? Would help if we moved to shared clusters +prefix: "" + +# Group name in LDAP / IdM (FreeIPA) for attendees +group_name: student + +logging: + # Might be needed with clusters that have an infra plane + # nodeSelector: + # key: node-role.kubernetes.io/infra + # value: '' + namespace: openshift-logging + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/infra + operator: Exists + + elasticsearch: + requests: + cpu: 250m + memory: 512Mi + limits: + cpu: 4000m + memory: 16Gi + storage: + # size: 200G + # class: gp2 + nodeCount: 1 + retentionPolicy: + application: 7d + redundancyPolicy: ZeroRedundancy + + kibana: {} + + +crwv2: + namespace: tl500-workspaces + name: "codeready-workspaces" + secondsOfRunBeforeIdling: "-1" + secondsOfInactivityBeforeIdling: "-1" + properties: + CHE_LIMITS_USER_WORKSPACES_COUNT: "2" + CHE_WORKSPACE_DEFAULT__MEMORY__LIMIT__MB: "3072" + +# Tech-exercises deployment to engagement environment +# Deployment done only if `docs:` is uncommented +#docs: +# name: tl500-docs +# namespace: tl500-tech-exercise +# image: quay.io/rht-labs/tl500-tech-exercise:v1.0.2 +# config: +# configMapName: tl500-docs-config +# configFileContent: | +# { +# "devfile": "https://raw.githubusercontent.com/rht-labs/enablement-framework/main/codereadyworkspaces/tl500-devfile.yaml" +# } + +stackrox-chart: + enabled: true + stackrox: + clusterName: tl500 + namespace: stackrox diff --git a/tooling/charts/tl500-course-content/values.yaml b/tooling/charts/tl500-course-content/values.yaml index 520884b..cc2ba4f 100644 --- a/tooling/charts/tl500-course-content/values.yaml +++ b/tooling/charts/tl500-course-content/values.yaml @@ -33,16 +33,9 @@ logging: kibana: {} -crw: +crwv2: namespace: tl500-workspaces name: "codeready-workspaces" -# devRegImage: "quay.io/rht-labs/devfileregistry:test" -# selfSignedCert: false -# gitCustomCA: | -# -----BEGIN CERTIFICATE----- -# your CA certificate goes here -# -----END CERTIFICATE----- - tlsSupport: true secondsOfRunBeforeIdling: "-1" secondsOfInactivityBeforeIdling: "-1" properties: From 133a8da8c6553a6d0470d809993b41032eeb9c54 Mon Sep 17 00:00:00 2001 From: Mike Hepburn Date: Sat, 12 Nov 2022 10:34:06 +1000 Subject: [PATCH 15/23] =?UTF-8?q?=F0=9F=99=80=20devfile=20v2=20values=20fi?= =?UTF-8?q?le=20=F0=9F=99=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../templates/crw/ca-configmap.yaml | 2 ++ .../templates/crw/crwv2.yaml | 10 +++++----- tooling/charts/tl500-course-content/values.yaml | 16 ++++++++++++---- 3 files changed, 19 insertions(+), 9 deletions(-) diff --git a/tooling/charts/tl500-course-content/templates/crw/ca-configmap.yaml b/tooling/charts/tl500-course-content/templates/crw/ca-configmap.yaml index d2e9cfd..2ee1aab 100644 --- a/tooling/charts/tl500-course-content/templates/crw/ca-configmap.yaml +++ b/tooling/charts/tl500-course-content/templates/crw/ca-configmap.yaml @@ -1,3 +1,4 @@ +{{- if .Values.crw }} {{- if .Values.crw.gitCustomCA }} --- apiVersion: v1 @@ -11,3 +12,4 @@ metadata: data: ca.crt: {{ .Values.crw.gitCustomCA | indent 4 }} {{- end }} +{{- end }} diff --git a/tooling/charts/tl500-course-content/templates/crw/crwv2.yaml b/tooling/charts/tl500-course-content/templates/crw/crwv2.yaml index 01f9e09..1ed460b 100644 --- a/tooling/charts/tl500-course-content/templates/crw/crwv2.yaml +++ b/tooling/charts/tl500-course-content/templates/crw/crwv2.yaml @@ -5,8 +5,8 @@ metadata: annotations: "helm.sh/hook": post-install,post-upgrade "helm.sh/hook-weight": "25" - name: {{ .Values.crw.name | default "codeready-workspaces" | quote }} - namespace: {{ .Values.crw.namespace | default "tl500-workspaces" | quote }} + name: {{ .Values.crwv2.name | default "codeready-workspaces" | quote }} + namespace: {{ .Values.crwv2.namespace | default "tl500-workspaces" | quote }} spec: components: database: @@ -16,13 +16,13 @@ spec: cheServer: debug: false logLevel: INFO - extraProperties: {{ toYaml .Values.crw.properties | nindent 8 | default "" }} + extraProperties: {{ toYaml .Values.crwv2.properties | nindent 8 | default "" }} devEnvironments: runningLimit: 1 - secondsOfRunBeforeIdling: {{ .Values.crw.secondsOfRunBeforeIdling | default "-1" | quote }} + secondsOfRunBeforeIdling: {{ .Values.crwv2.secondsOfRunBeforeIdling | default "-1" | quote }} defaultNamespace: template: -devspaces - secondsOfInactivityBeforeIdling: {{ .Values.crw.secondsOfInactivityBeforeIdling | default "-1" | quote }} + secondsOfInactivityBeforeIdling: {{ .Values.crwv2.secondsOfInactivityBeforeIdling | default "-1" | quote }} storage: pvcStrategy: per-user {{- end }} diff --git a/tooling/charts/tl500-course-content/values.yaml b/tooling/charts/tl500-course-content/values.yaml index cc2ba4f..7a46a1f 100644 --- a/tooling/charts/tl500-course-content/values.yaml +++ b/tooling/charts/tl500-course-content/values.yaml @@ -32,15 +32,23 @@ logging: kibana: {} - -crwv2: +crw: namespace: tl500-workspaces name: "codeready-workspaces" - secondsOfRunBeforeIdling: "-1" - secondsOfInactivityBeforeIdling: "-1" +# devRegImage: "quay.io/rht-labs/devfileregistry:test" +# selfSignedCert: false +# gitCustomCA: | +# -----BEGIN CERTIFICATE----- +# your CA certificate goes here +# -----END CERTIFICATE----- + tlsSupport: true properties: CHE_LIMITS_USER_WORKSPACES_COUNT: "2" + CHE_LIMITS_USER_WORKSPACES_RUN_COUNT: "1" + CHE_WORKSPACE_SIDECAR_IMAGE__PULL__POLICY: "Always" + CHE_DOCKER_ALWAYS__PULL__IMAGE: "true" CHE_WORKSPACE_DEFAULT__MEMORY__LIMIT__MB: "3072" + CHE_LIMITS_WORKSPACE_IDLE_TIMEOUT: "-1" # Tech-exercises deployment to engagement environment # Deployment done only if `docs:` is uncommented From 3188d8173f01531a98e6edf3b88691126e29aefe Mon Sep 17 00:00:00 2001 From: Mike Hepburn Date: Sat, 12 Nov 2022 10:37:55 +1000 Subject: [PATCH 16/23] =?UTF-8?q?=F0=9F=99=80=20devfile=20v2=20values=20fi?= =?UTF-8?q?le=20=F0=9F=99=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- tooling/charts/tl500-course-content/values-v411.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/tooling/charts/tl500-course-content/values-v411.yaml b/tooling/charts/tl500-course-content/values-v411.yaml index cc2ba4f..e858560 100644 --- a/tooling/charts/tl500-course-content/values-v411.yaml +++ b/tooling/charts/tl500-course-content/values-v411.yaml @@ -32,6 +32,7 @@ logging: kibana: {} +crw: # undefine v1 crwv2: namespace: tl500-workspaces From a811f6449446c1fff3779b096aed124ef67c51ed Mon Sep 17 00:00:00 2001 From: Mike Hepburn Date: Sat, 12 Nov 2022 10:38:44 +1000 Subject: [PATCH 17/23] =?UTF-8?q?=F0=9F=99=80=20devfile=20v2=20values=20fi?= =?UTF-8?q?le=20=F0=9F=99=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../tl500-course-content/values-v411.yaml | 53 +------------------ 1 file changed, 1 insertion(+), 52 deletions(-) diff --git a/tooling/charts/tl500-course-content/values-v411.yaml b/tooling/charts/tl500-course-content/values-v411.yaml index e858560..c988f90 100644 --- a/tooling/charts/tl500-course-content/values-v411.yaml +++ b/tooling/charts/tl500-course-content/values-v411.yaml @@ -1,36 +1,4 @@ -# Create a helper to create a prefix if one isn't provided? Would help if we moved to shared clusters -prefix: "" - -# Group name in LDAP / IdM (FreeIPA) for attendees -group_name: student - -logging: - # Might be needed with clusters that have an infra plane - # nodeSelector: - # key: node-role.kubernetes.io/infra - # value: '' - namespace: openshift-logging - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/infra - operator: Exists - - elasticsearch: - requests: - cpu: 250m - memory: 512Mi - limits: - cpu: 4000m - memory: 16Gi - storage: - # size: 200G - # class: gp2 - nodeCount: 1 - retentionPolicy: - application: 7d - redundancyPolicy: ZeroRedundancy - - kibana: {} +# OpenShift 411 extra values crw: # undefine v1 @@ -42,22 +10,3 @@ crwv2: properties: CHE_LIMITS_USER_WORKSPACES_COUNT: "2" CHE_WORKSPACE_DEFAULT__MEMORY__LIMIT__MB: "3072" - -# Tech-exercises deployment to engagement environment -# Deployment done only if `docs:` is uncommented -#docs: -# name: tl500-docs -# namespace: tl500-tech-exercise -# image: quay.io/rht-labs/tl500-tech-exercise:v1.0.2 -# config: -# configMapName: tl500-docs-config -# configFileContent: | -# { -# "devfile": "https://raw.githubusercontent.com/rht-labs/enablement-framework/main/codereadyworkspaces/tl500-devfile.yaml" -# } - -stackrox-chart: - enabled: true - stackrox: - clusterName: tl500 - namespace: stackrox From 1d9576d621f03243d1eb7f3b0c74078af7311d8c Mon Sep 17 00:00:00 2001 From: Mike Hepburn Date: Sat, 12 Nov 2022 10:42:36 +1000 Subject: [PATCH 18/23] =?UTF-8?q?=F0=9F=99=80=20devfile=20v2=20values=20fi?= =?UTF-8?q?le=20=F0=9F=99=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- tooling/charts/tl500-base/values-v4.11.yaml | 78 +------------------ .../{values-v411.yaml => values-v4.11.yaml} | 0 2 files changed, 1 insertion(+), 77 deletions(-) rename tooling/charts/tl500-course-content/{values-v411.yaml => values-v4.11.yaml} (100%) diff --git a/tooling/charts/tl500-base/values-v4.11.yaml b/tooling/charts/tl500-base/values-v4.11.yaml index f4751c9..59423cf 100644 --- a/tooling/charts/tl500-base/values-v4.11.yaml +++ b/tooling/charts/tl500-base/values-v4.11.yaml @@ -1,20 +1,4 @@ -# Default values for tl500 -gitlab_app_name: "gitlab-ce" - -# Create a helper to create a prefix if one isn't provided? Would help if we moved to shared clusters -prefix: "" - -# Group name in LDAP / IdM (FreeIPA) for attendees. -group_name: student - -# Namespace where IDM runs, in case is deployed in OCP. Otherwise leave it empty or blank. -ipa_namespace: ipa - -namespaces: - - name: tl500-workspaces - - name: tl500-tech-exercise - - name: tl500-gitlab - - name: tl500-shared +# OpenShift 411 override values operators: devspaces: @@ -76,63 +60,3 @@ operators: sourceNamespace: openshift-marketplace operatorgroup: create: false - -logging: - # Might be needed with clusters that have an infra plane - # nodeSelector: - # key: node-role.kubernetes.io/infra - # value: '' - namespace: openshift-logging - -gitlab: - namespace: tl500-gitlab - root_password: 7aydhn160bOrrsGEbnd172rE - imagestreams: - - name: "gitlab-ce" - tag_name: "gitlab-12.8.7" - stream_uri: "gitlab/gitlab-ce:12.8.7-ce.0" - - name: "gitlab-ce-redis" - tag_name: "5.0.4" - stream_uri: "redis:5.0.4-alpine" - - name: "postgresql" - tag_name: "latest" - stream_uri: "registry.redhat.io/rhscl/postgresql-96-rhel7" - ldap: -# port: "389" -# base: "dc=CORP,dc=EXAMPLE,dc=COM" -# uri: "MY-LDAP.example.corp.com" -# user_filter: "" -# validate_certs: "false" -# bind_dn: uid=ldap-admin,cn=users,cn=accounts,dc=CORP,dc=EXAMPLE,dc=COM -# password: password - secret_name: ldap-bind-password - -sealed-secrets: - # Disabled by default - enabled: true - nameOverride: sealed-secrets - fullnameOverride: sealed-secrets - namespace: tl500-shared - # Dont touch the security context values, deployment will fail in OpenShift otherwise. - podSecurityContext: - enabled: false - containerSecurityContext: - enabled: false - commandArgs: - - "--update-status=true" - -userworkloadmonitoring: true - -stackrox-chart: - enabled: true - stackrox: - clusterName: tl500 - namespace: stackrox - -gitops-operator: - enabled: true - namespaces: [] - ignoreHelmHooks: false - -tl500-teamsters: - enabled: true \ No newline at end of file diff --git a/tooling/charts/tl500-course-content/values-v411.yaml b/tooling/charts/tl500-course-content/values-v4.11.yaml similarity index 100% rename from tooling/charts/tl500-course-content/values-v411.yaml rename to tooling/charts/tl500-course-content/values-v4.11.yaml From 8c263b11b24eb80ab55a8a2be06c984d5da5c2ef Mon Sep 17 00:00:00 2001 From: Mike Hepburn Date: Sat, 12 Nov 2022 10:44:09 +1000 Subject: [PATCH 19/23] =?UTF-8?q?=F0=9F=99=80=20devfile=20v2=20values=20fi?= =?UTF-8?q?le=20=F0=9F=99=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../templates/gitlab/deployments.yaml | 297 ------------------ tooling/charts/tl500-base/values-v4.11.yaml | 50 +-- 2 files changed, 2 insertions(+), 345 deletions(-) delete mode 100644 tooling/charts/tl500-base/templates/gitlab/deployments.yaml diff --git a/tooling/charts/tl500-base/templates/gitlab/deployments.yaml b/tooling/charts/tl500-base/templates/gitlab/deployments.yaml deleted file mode 100644 index 86937c0..0000000 --- a/tooling/charts/tl500-base/templates/gitlab/deployments.yaml +++ /dev/null @@ -1,297 +0,0 @@ -{{- if .Values.gitlab -}} -{{ $db_user := include "gitlab.postgres.user" . }} -{{ $db_pass := include "gitlab.postgres.password" . }} -{{ $db_admin_pass := include "gitlab.postgres.admin_password" . }} ---- -kind: DeploymentConfig -apiVersion: apps.openshift.io/v1 -metadata: - name: "{{ $.Values.gitlab_app_name }}" - namespace: "{{ $.Values.gitlab.namespace }}" - labels: - app: "{{ $.Values.gitlab_app_name }}" -spec: - strategy: - type: Recreate - triggers: - - type: ConfigChange - - type: ImageChange - imageChangeParams: - automatic: true - containerNames: - - gitlab-ce - from: - kind: ImageStreamTag - name: "{{ $.Values.gitlab_app_name }}:gitlab-12.8.7" - replicas: 1 - test: false - selector: - app: "{{ $.Values.gitlab_app_name }}" - deploymentconfig: "{{ $.Values.gitlab_app_name }}" - template: - metadata: - labels: - app: "{{ $.Values.gitlab_app_name }}" - deploymentconfig: "{{ $.Values.gitlab_app_name }}" - spec: - volumes: - - name: gitlab-ce-volume-1 - persistentVolumeClaim: - claimName: "{{ $.Values.gitlab_app_name }}-etc" - - name: gitlab-ce-volume-2 - persistentVolumeClaim: - claimName: "{{ $.Values.gitlab_app_name }}-data" -# - name: gitlab-certificates -# secret: -# defaultMode: 420 -# items: -# - key: "gitlab.crt" -# path: "gitlab.crt" -# - key: "gitlab.key" -# path: "gitlab.key" -# secretName: gitlab-certs - containers: - - name: gitlab-ce - image: gitlab-ce - ports: - - containerPort: 22 - protocol: TCP - - containerPort: 80 - protocol: TCP - env: - - name: GITLAB_OMNIBUS_CONFIG - value: - root_pass='{{ $.Values.gitlab.root_password | default "kJ4e9qLkm4pOhQnbn7nE" }}'; - external_url "https://{{ $.Values.gitlab_app_name }}.{{ include "tl500.app_domain" . }}"; - nginx['listen_port']=80; - nginx['listen_https']=false; - gitlab_rails['initial_root_password']=root_pass; - gitlab_rails['gitlab_port']=80; - letsencrypt['enable'] = false; - postgresql['enable']=false; - gitlab_rails['db_host'] = '{{ $.Values.gitlab_app_name }}-postgresql'; - gitlab_rails['db_password']='{{ $db_pass }}'; - gitlab_rails['db_username']='{{ $db_user }}'; - gitlab_rails['db_database']='{{ .Values.gitlab.db_name | default "gitlabhq_production" }}'; - redis['enable'] = false; - gitlab_rails['redis_host']='{{ $.Values.gitlab_app_name }}-redis'; - unicorn['worker_processes'] = {{ .Values.gitlab.uni_workers | default 2 }}; - manage_accounts['enable'] = true; - manage_storage_directories['manage_etc'] = false; - gitlab_shell['auth_file'] = '/gitlab-data/ssh/authorized_keys'; - git_data_dirs({ 'default' => { 'path' => '/gitlab-data/git-data' } }); - gitlab_rails['shared_path'] = '/gitlab-data/shared'; - gitlab_rails['uploads_directory'] = '/gitlab-data/uploads'; - gitlab_ci['builds_directory'] = '/gitlab-data/builds'; - prometheus_monitoring['enable'] = false; - gitlab_rails['rack_attack_git_basic_auth'] = { 'enabled' => false, }; - gitlab_rails['ldap_enabled'] = true; - gitlab_rails['ldap_servers'] = { 'main' => { 'label' => '{{ .Values.gitlab.label | default "LDAP" }}', 'host' => '{{ include "gitlab.ldap.uri" . }}', 'port' => '{{ include "gitlab.ldap.port" . }}', 'uid' => 'uid', 'bind_dn' => '{{ include "gitlab.ldap.bind_dn" . }}', 'password' => '{{ include "gitlab.ldap.bind_password" . }}', 'encryption' => '{{ include "gitlab.ldap.encryption" . }}', 'verify_certificates' => {{ .Values.gitlab.ldap.validate_certs | default false }}, 'allow_username_or_email_login' => true, 'block_auto_created_users' => false, 'active_directory' => false, 'base' => '{{ include "gitlab.ldap.base" . }}', 'user_filter' => '{{ include "gitlab.ldap.user_filter" . | default "" }}', 'attributes' => { 'username' => ['uid'], 'email' => ['mail'], 'name' => 'displayName' } } }; - gitlab_rails['gitlab_signup_enabled'] = false; - resources: - limits: - cpu: '2' - memory: 6Gi - requests: - cpu: 500m - memory: 1Gi - volumeMounts: - - name: gitlab-ce-volume-1 - mountPath: "/etc/gitlab" - - name: gitlab-ce-volume-2 - mountPath: "/gitlab-data" -# - name: gitlab-certificates -# mountPath: /etc/gitlab-ssl - livenessProbe: - httpGet: - path: "/help" - port: 80 - scheme: HTTP - initialDelaySeconds: 120 - timeoutSeconds: 1 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - readinessProbe: - httpGet: - path: "/help" - port: 80 - scheme: HTTP - initialDelaySeconds: 20 - timeoutSeconds: 1 - periodSeconds: 10 - successThreshold: 1 - failureThreshold: 3 - terminationMessagePath: "/dev/termination-log" - imagePullPolicy: IfNotPresent - restartPolicy: Always - terminationGracePeriodSeconds: 30 - dnsPolicy: ClusterFirst - serviceAccount: "{{ $.Values.gitlab_app_name }}-user" ---- -kind: DeploymentConfig -apiVersion: apps.openshift.io/v1 -metadata: - name: "{{ $.Values.gitlab_app_name }}-redis" - namespace: "{{ $.Values.gitlab.namespace }}" - labels: - app: "{{ $.Values.gitlab_app_name }}" -spec: - strategy: - type: Recreate - recreateParams: {} - resources: {} - triggers: - - type: ConfigChange - - type: ImageChange - imageChangeParams: - automatic: true - containerNames: - - gitlab-ce-redis - from: - kind: ImageStreamTag - name: "{{ $.Values.gitlab_app_name }}-redis:5.0.4" - replicas: 1 - test: false - selector: - app: "{{ $.Values.gitlab_app_name }}" - deploymentconfig: "{{ $.Values.gitlab_app_name }}-redis" - template: - metadata: - labels: - app: "{{ $.Values.gitlab_app_name }}" - deploymentconfig: "{{ $.Values.gitlab_app_name }}-redis" - spec: - volumes: - - name: gitlab-ce-volume-4 - persistentVolumeClaim: - claimName: "{{ $.Values.gitlab_app_name }}-redis-data" - containers: - - name: gitlab-ce-redis - image: gitlab-ce-redis - command: - - "/bin/sh" - - "-ec" - args: - - exec redis-server - ports: - - containerPort: 6379 - protocol: TCP - resources: - limits: - cpu: '1' - memory: 512Mi - requests: - cpu: 100m - memory: 300Mi - volumeMounts: - - name: gitlab-ce-volume-4 - mountPath: "/data" - terminationMessagePath: "/dev/termination-log" - imagePullPolicy: IfNotPresent - restartPolicy: Always - terminationGracePeriodSeconds: 30 - dnsPolicy: ClusterFirst ---- -kind: DeploymentConfig -apiVersion: apps.openshift.io/v1 -metadata: - name: "{{ $.Values.gitlab_app_name }}-postgresql" - namespace: "{{ $.Values.gitlab.namespace }}" - labels: - app: "{{ $.Values.gitlab_app_name }}" -spec: - strategy: - type: Recreate - recreateParams: - post: - failurePolicy: Abort - execNewPod: - containerName: gitlab-ce-postgresql - command: - - "/usr/bin/scl" - - enable - - rh-postgresql96 - - export PGPASSWORD='{{ $db_admin_pass }}'; psql -h '{{ $.Values.gitlab_app_name }}-postgresql' - -U postgres -d {{ .Values.gitlab.db_name | default "gitlabhq_production" }} -c 'CREATE EXTENSION IF NOT EXISTS - pg_trgm;' - env: - - name: HOME - value: "/var/lib/pgsql" - - name: PGDATA - value: "/var/lib/pgsql/data/userdata" - - name: CONTAINER_SCRIPTS_PATH - value: "/usr/share/container-scripts/postgresql" - resources: {} - triggers: - - type: ConfigChange - - type: ImageChange - imageChangeParams: - automatic: true - containerNames: - - gitlab-ce-postgresql - from: - kind: ImageStreamTag - name: postgresql:latest - namespace: {{ .Values.gitlab.namespace }} - replicas: 1 - test: false - selector: - app: "{{ $.Values.gitlab_app_name }}" - deploymentconfig: "{{ $.Values.gitlab_app_name }}-postgresql" - template: - metadata: - labels: - app: "{{ $.Values.gitlab_app_name }}" - deploymentconfig: "{{ $.Values.gitlab_app_name }}-postgresql" - spec: - volumes: - - name: gitlab-ce-volume-3 - persistentVolumeClaim: - claimName: "{{ $.Values.gitlab_app_name }}-postgresql" - containers: - - name: gitlab-ce-postgresql - image: gitlab-ce-postgresql - ports: - - containerPort: 5432 - protocol: TCP - readinessProbe: - timeoutSeconds: 1 - initialDelaySeconds: 5 - exec: - command: - - "/bin/sh" - - "-i" - - "-c" - - psql -h 127.0.0.1 -U $POSTGRESQL_USER -q -d $POSTGRESQL_DATABASE -c - 'SELECT 1' - livenessProbe: - timeoutSeconds: 1 - initialDelaySeconds: 30 - tcpSocket: - port: 5432 - env: - - name: POSTGRESQL_USER - value: "{{ $db_user }}" - - name: POSTGRESQL_PASSWORD - value: "{{ $db_pass }}" - - name: POSTGRESQL_DATABASE - value: "{{ .Values.gitlab.db_name | default "gitlabhq_production" }}" - - name: POSTGRESQL_ADMIN_PASSWORD - value: "{{ $db_admin_pass }}" - resources: - limits: - cpu: '1' - memory: 1024Mi - requests: - cpu: 300m - memory: 300Mi - volumeMounts: - - name: gitlab-ce-volume-3 - mountPath: "/var/lib/pgsql/data" - terminationMessagePath: "/dev/termination-log" - imagePullPolicy: IfNotPresent - restartPolicy: Always - terminationGracePeriodSeconds: 30 - dnsPolicy: ClusterFirst -{{- end -}} diff --git a/tooling/charts/tl500-base/values-v4.11.yaml b/tooling/charts/tl500-base/values-v4.11.yaml index 59423cf..f961447 100644 --- a/tooling/charts/tl500-base/values-v4.11.yaml +++ b/tooling/charts/tl500-base/values-v4.11.yaml @@ -1,6 +1,8 @@ # OpenShift 411 override values operators: + codeready-workspaces: # undefine + devspaces: enabled: true namespace: openshift-operators @@ -12,51 +14,3 @@ operators: sourceNamespace: openshift-marketplace operatorgroup: create: false - - openshift-pipelines-operator-rh: - enabled: true - namespace: openshift-operators - subscription: - channel: latest - approval: Automatic - operatorName: openshift-pipelines-operator-rh - sourceName: redhat-operators - sourceNamespace: openshift-marketplace - operatorgroup: - create: false - - elasticsearch-operator: - enabled: true - namespace: openshift-operators - subscription: - channel: stable-5.3 - approval: Automatic - operatorName: elasticsearch-operator - sourceName: redhat-operators - sourceNamespace: openshift-marketplace - operatorgroup: - create: false - - cluster-logging-operator: - enabled: true - namespace: openshift-logging - subscription: - channel: stable-5.3 - approval: Automatic - operatorName: cluster-logging - sourceName: redhat-operators - sourceNamespace: openshift-marketplace - operatorgroup: - create: true - - cert-utils-operator: - enabled: true - namespace: openshift-operators - subscription: - channel: alpha - approval: Automatic - operatorName: cert-utils-operator - sourceName: community-operators - sourceNamespace: openshift-marketplace - operatorgroup: - create: false From 54d91655d3bdc3bbe158174a4a15e27329403d38 Mon Sep 17 00:00:00 2001 From: Mike Hepburn Date: Sat, 12 Nov 2022 10:47:43 +1000 Subject: [PATCH 20/23] =?UTF-8?q?=F0=9F=99=80=20devfile=20v2=20values=20fi?= =?UTF-8?q?le=20=F0=9F=99=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- tooling/README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tooling/README.md b/tooling/README.md index b706b3c..563de83 100644 --- a/tooling/README.md +++ b/tooling/README.md @@ -54,6 +54,12 @@ helm search repo enablement-framework helm install tl500-course-content enablement-framework/tl500-course-content --version XYZ --namespace tl500 --create-namespace --timeout=15m ``` +When deploying to OpenShift 4.11.z+ there are some breaking changes in newer OpenShift versions, specifically around DevSpaces operator. Use the newer values file: + +```bash +helm install tl500-course-content enablement-framework/tl500-course-content -f tl500-base/values-v4.11.yaml --version XYZ --namespace tl500 --create-namespace --timeout=15m +``` + ## Using the helm chart source code 1. Get the source code From 58a81cf57c51ea0dec62681aaadc40208cfbda46 Mon Sep 17 00:00:00 2001 From: Mike Hepburn Date: Mon, 14 Nov 2022 08:17:13 +1000 Subject: [PATCH 21/23] =?UTF-8?q?=F0=9F=99=80=20devfile=20v2=20values=20fi?= =?UTF-8?q?le=20=F0=9F=99=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- tooling/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tooling/README.md b/tooling/README.md index 563de83..bf761a1 100644 --- a/tooling/README.md +++ b/tooling/README.md @@ -47,6 +47,8 @@ helm install tl500-base enablement-framework/tl500-base -f tl500-base/values-v4. 2. Install TL500 Course Content +For 4.10.z OpenShift: + ```bash helm repo add enablement-framework https://rht-labs.com/enablement-framework helm repo update From 74952e912d47cf736fdd0c9ac693aea1fc142b8a Mon Sep 17 00:00:00 2001 From: Mike Hepburn Date: Tue, 15 Nov 2022 06:47:25 +1000 Subject: [PATCH 22/23] =?UTF-8?q?=F0=9F=99=80=20reverted=20=F0=9F=99=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../templates/gitlab/deployments.yaml | 299 ++++++++++++++++++ 1 file changed, 299 insertions(+) create mode 100644 tooling/charts/tl500-base/templates/gitlab/deployments.yaml diff --git a/tooling/charts/tl500-base/templates/gitlab/deployments.yaml b/tooling/charts/tl500-base/templates/gitlab/deployments.yaml new file mode 100644 index 0000000..c223a79 --- /dev/null +++ b/tooling/charts/tl500-base/templates/gitlab/deployments.yaml @@ -0,0 +1,299 @@ +{{- if .Values.gitlab -}} +{{ $db_user := include "gitlab.postgres.user" . }} +{{ $db_pass := include "gitlab.postgres.password" . }} +{{ $db_admin_pass := include "gitlab.postgres.admin_password" . }} +--- +kind: DeploymentConfig +apiVersion: apps.openshift.io/v1 +metadata: + name: "{{ $.Values.gitlab_app_name }}" + namespace: "{{ $.Values.gitlab.namespace }}" + labels: + app: "{{ $.Values.gitlab_app_name }}" +spec: + strategy: + type: Recreate + triggers: + - type: ConfigChange + - type: ImageChange + imageChangeParams: + automatic: true + containerNames: + - gitlab-ce + from: + kind: ImageStreamTag + name: "{{ $.Values.gitlab_app_name }}:gitlab-12.8.7" + replicas: 1 + test: false + selector: + app: "{{ $.Values.gitlab_app_name }}" + deploymentconfig: "{{ $.Values.gitlab_app_name }}" + template: + metadata: + labels: + app: "{{ $.Values.gitlab_app_name }}" + deploymentconfig: "{{ $.Values.gitlab_app_name }}" + spec: + volumes: + - name: gitlab-ce-volume-1 + persistentVolumeClaim: + claimName: "{{ $.Values.gitlab_app_name }}-etc" + - name: gitlab-ce-volume-2 + persistentVolumeClaim: + claimName: "{{ $.Values.gitlab_app_name }}-data" +{{- if .Values.gitlab.cacert }} + - name: gitlab-ca + secret: + defaultMode: 420 + items: + - key: "ca-cert.crt" + path: "ca-cert.crt" + secretName: gitlab-ca +{{- end }} + containers: + - name: gitlab-ce + image: gitlab-ce + ports: + - containerPort: 22 + protocol: TCP + - containerPort: 80 + protocol: TCP + env: + - name: GITLAB_OMNIBUS_CONFIG + value: + root_pass='{{ $.Values.gitlab.root_password | default "kJ4e9qLkm4pOhQnbn7nE" }}'; + external_url "https://{{ $.Values.gitlab_app_name }}.{{ include "tl500.app_domain" . }}"; + nginx['listen_port']=80; + nginx['listen_https']=false; + gitlab_rails['initial_root_password']=root_pass; + gitlab_rails['gitlab_port']=80; + letsencrypt['enable'] = false; + postgresql['enable']=false; + gitlab_rails['db_host'] = '{{ $.Values.gitlab_app_name }}-postgresql'; + gitlab_rails['db_password']='{{ $db_pass }}'; + gitlab_rails['db_username']='{{ $db_user }}'; + gitlab_rails['db_database']='{{ .Values.gitlab.db_name | default "gitlabhq_production" }}'; + redis['enable'] = false; + gitlab_rails['redis_host']='{{ $.Values.gitlab_app_name }}-redis'; + unicorn['worker_processes'] = {{ .Values.gitlab.uni_workers | default 2 }}; + manage_accounts['enable'] = true; + manage_storage_directories['manage_etc'] = false; + gitlab_shell['auth_file'] = '/gitlab-data/ssh/authorized_keys'; + git_data_dirs({ 'default' => { 'path' => '/gitlab-data/git-data' } }); + gitlab_rails['shared_path'] = '/gitlab-data/shared'; + gitlab_rails['uploads_directory'] = '/gitlab-data/uploads'; + gitlab_ci['builds_directory'] = '/gitlab-data/builds'; + prometheus_monitoring['enable'] = false; + gitlab_rails['rack_attack_git_basic_auth'] = { 'enabled' => false, }; + gitlab_rails['ldap_enabled'] = true; + gitlab_rails['ldap_servers'] = { 'main' => { 'label' => '{{ .Values.gitlab.label | default "LDAP" }}', 'host' => '{{ include "gitlab.ldap.uri" . }}', 'port' => '{{ include "gitlab.ldap.port" . }}', 'uid' => 'uid', 'bind_dn' => '{{ include "gitlab.ldap.bind_dn" . }}', 'password' => '{{ include "gitlab.ldap.bind_password" . }}', 'encryption' => '{{ include "gitlab.ldap.encryption" . }}', 'verify_certificates' => {{ .Values.gitlab.ldap.validate_certs | default false }}, 'allow_username_or_email_login' => true, 'block_auto_created_users' => false, 'active_directory' => false, 'base' => '{{ include "gitlab.ldap.base" . }}', 'user_filter' => '{{ include "gitlab.ldap.user_filter" . | default "" }}', 'attributes' => { 'username' => ['uid'], 'email' => ['mail'], 'name' => 'displayName' } } }; + gitlab_rails['gitlab_signup_enabled'] = false; + resources: + limits: + cpu: '2' + memory: 6Gi + requests: + cpu: 500m + memory: 1Gi + volumeMounts: + - name: gitlab-ce-volume-1 + mountPath: "/etc/gitlab" + - name: gitlab-ce-volume-2 + mountPath: "/gitlab-data" +{{- if .Values.gitlab.cacert }} + - name: gitlab-ca + mountPath: /etc/gitlab-ssl +{{- end }} + livenessProbe: + httpGet: + path: "/help" + port: 80 + scheme: HTTP + initialDelaySeconds: 120 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: "/help" + port: 80 + scheme: HTTP + initialDelaySeconds: 20 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + terminationMessagePath: "/dev/termination-log" + imagePullPolicy: IfNotPresent + restartPolicy: Always + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirst + serviceAccount: "{{ $.Values.gitlab_app_name }}-user" +--- +kind: DeploymentConfig +apiVersion: apps.openshift.io/v1 +metadata: + name: "{{ $.Values.gitlab_app_name }}-redis" + namespace: "{{ $.Values.gitlab.namespace }}" + labels: + app: "{{ $.Values.gitlab_app_name }}" +spec: + strategy: + type: Recreate + recreateParams: {} + resources: {} + triggers: + - type: ConfigChange + - type: ImageChange + imageChangeParams: + automatic: true + containerNames: + - gitlab-ce-redis + from: + kind: ImageStreamTag + name: "{{ $.Values.gitlab_app_name }}-redis:5.0.4" + replicas: 1 + test: false + selector: + app: "{{ $.Values.gitlab_app_name }}" + deploymentconfig: "{{ $.Values.gitlab_app_name }}-redis" + template: + metadata: + labels: + app: "{{ $.Values.gitlab_app_name }}" + deploymentconfig: "{{ $.Values.gitlab_app_name }}-redis" + spec: + volumes: + - name: gitlab-ce-volume-4 + persistentVolumeClaim: + claimName: "{{ $.Values.gitlab_app_name }}-redis-data" + containers: + - name: gitlab-ce-redis + image: gitlab-ce-redis + command: + - "/bin/sh" + - "-ec" + args: + - exec redis-server + ports: + - containerPort: 6379 + protocol: TCP + resources: + limits: + cpu: '1' + memory: 512Mi + requests: + cpu: 100m + memory: 300Mi + volumeMounts: + - name: gitlab-ce-volume-4 + mountPath: "/data" + terminationMessagePath: "/dev/termination-log" + imagePullPolicy: IfNotPresent + restartPolicy: Always + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirst +--- +kind: DeploymentConfig +apiVersion: apps.openshift.io/v1 +metadata: + name: "{{ $.Values.gitlab_app_name }}-postgresql" + namespace: "{{ $.Values.gitlab.namespace }}" + labels: + app: "{{ $.Values.gitlab_app_name }}" +spec: + strategy: + type: Recreate + recreateParams: + post: + failurePolicy: Abort + execNewPod: + containerName: gitlab-ce-postgresql + command: + - "/usr/bin/scl" + - enable + - rh-postgresql96 + - export PGPASSWORD='{{ $db_admin_pass }}'; psql -h '{{ $.Values.gitlab_app_name }}-postgresql' + -U postgres -d {{ .Values.gitlab.db_name | default "gitlabhq_production" }} -c 'CREATE EXTENSION IF NOT EXISTS + pg_trgm;' + env: + - name: HOME + value: "/var/lib/pgsql" + - name: PGDATA + value: "/var/lib/pgsql/data/userdata" + - name: CONTAINER_SCRIPTS_PATH + value: "/usr/share/container-scripts/postgresql" + resources: {} + triggers: + - type: ConfigChange + - type: ImageChange + imageChangeParams: + automatic: true + containerNames: + - gitlab-ce-postgresql + from: + kind: ImageStreamTag + name: postgresql:latest + namespace: {{ .Values.gitlab.namespace }} + replicas: 1 + test: false + selector: + app: "{{ $.Values.gitlab_app_name }}" + deploymentconfig: "{{ $.Values.gitlab_app_name }}-postgresql" + template: + metadata: + labels: + app: "{{ $.Values.gitlab_app_name }}" + deploymentconfig: "{{ $.Values.gitlab_app_name }}-postgresql" + spec: + volumes: + - name: gitlab-ce-volume-3 + persistentVolumeClaim: + claimName: "{{ $.Values.gitlab_app_name }}-postgresql" + containers: + - name: gitlab-ce-postgresql + image: gitlab-ce-postgresql + ports: + - containerPort: 5432 + protocol: TCP + readinessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 5 + exec: + command: + - "/bin/sh" + - "-i" + - "-c" + - psql -h 127.0.0.1 -U $POSTGRESQL_USER -q -d $POSTGRESQL_DATABASE -c + 'SELECT 1' + livenessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 30 + tcpSocket: + port: 5432 + env: + - name: POSTGRESQL_USER + value: "{{ $db_user }}" + - name: POSTGRESQL_PASSWORD + value: "{{ $db_pass }}" + - name: POSTGRESQL_DATABASE + value: "{{ .Values.gitlab.db_name | default "gitlabhq_production" }}" + - name: POSTGRESQL_ADMIN_PASSWORD + value: "{{ $db_admin_pass }}" + resources: + limits: + cpu: '1' + memory: 1024Mi + requests: + cpu: 300m + memory: 300Mi + volumeMounts: + - name: gitlab-ce-volume-3 + mountPath: "/var/lib/pgsql/data" + terminationMessagePath: "/dev/termination-log" + imagePullPolicy: IfNotPresent + restartPolicy: Always + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirst +{{- end -}} \ No newline at end of file From a668f9d4b27c55207e75c3490fb54609d0908c6c Mon Sep 17 00:00:00 2001 From: Mike Hepburn Date: Tue, 15 Nov 2022 06:49:50 +1000 Subject: [PATCH 23/23] =?UTF-8?q?=F0=9F=99=80=20reverted=20=F0=9F=99=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../templates/gitlab/deployments.yaml | 26 +++++++++---------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/tooling/charts/tl500-base/templates/gitlab/deployments.yaml b/tooling/charts/tl500-base/templates/gitlab/deployments.yaml index c223a79..86937c0 100644 --- a/tooling/charts/tl500-base/templates/gitlab/deployments.yaml +++ b/tooling/charts/tl500-base/templates/gitlab/deployments.yaml @@ -41,15 +41,15 @@ spec: - name: gitlab-ce-volume-2 persistentVolumeClaim: claimName: "{{ $.Values.gitlab_app_name }}-data" -{{- if .Values.gitlab.cacert }} - - name: gitlab-ca - secret: - defaultMode: 420 - items: - - key: "ca-cert.crt" - path: "ca-cert.crt" - secretName: gitlab-ca -{{- end }} +# - name: gitlab-certificates +# secret: +# defaultMode: 420 +# items: +# - key: "gitlab.crt" +# path: "gitlab.crt" +# - key: "gitlab.key" +# path: "gitlab.key" +# secretName: gitlab-certs containers: - name: gitlab-ce image: gitlab-ce @@ -100,10 +100,8 @@ spec: mountPath: "/etc/gitlab" - name: gitlab-ce-volume-2 mountPath: "/gitlab-data" -{{- if .Values.gitlab.cacert }} - - name: gitlab-ca - mountPath: /etc/gitlab-ssl -{{- end }} +# - name: gitlab-certificates +# mountPath: /etc/gitlab-ssl livenessProbe: httpGet: path: "/help" @@ -296,4 +294,4 @@ spec: restartPolicy: Always terminationGracePeriodSeconds: 30 dnsPolicy: ClusterFirst -{{- end -}} \ No newline at end of file +{{- end -}}