🦠 ocp 4.11 deploy 🦠

codereadyworkspaces/tl500-devfile-v2.yaml

@@ -0,0 +1,116 @@
+schemaVersion: 2.1.0
+metadata:
+  name: tl500
+attributes:
+  che-theia.eclipse.org/sidecar-policy: USE_DEV_CONTAINER
+  controller.devfile.io/devworkspace-config:
+    name: devworkspace-config
+    namespace: tl500-workspaces
+  controller.devfile.io/storage-type: per-workspace
+  metadata-name-field: generateName
+  metadata-name-original-value: tl500-
+projects:
+  - attributes:
+      source-origin: branch
+    clonePath: tech-exercise
+    git:
+      checkoutFrom:
+        revision: main
+      remotes:
+        origin: 'https://github.com/rht-labs/tech-exercise'
+    name: tech-exercise
+components:
+  - container:
+      args:
+        - /bin/sh
+        - '-c'
+        - sleep infinity
+      endpoints:
+        - attributes:
+            discoverable: 'true'
+            protocol: http
+            public: 'true'
+          exposure: public
+          name: ide-8080
+          protocol: http
+          targetPort: 8080
+        - attributes:
+            discoverable: 'true'
+            protocol: http
+            public: 'true'
+          exposure: public
+          name: ide-9000
+          protocol: http
+          targetPort: 9000
+        - attributes:
+            discoverable: 'true'
+            protocol: http
+            public: 'true'
+          exposure: public
+          name: ide-3000
+          protocol: http
+          targetPort: 3000
+        - attributes:
+            discoverable: 'true'
+            protocol: http
+            public: 'true'
+          exposure: public
+          name: ide-4200
+          protocol: http
+          targetPort: 4200
+        - attributes:
+            protocol: http
+          exposure: public
+          name: ide-4444
+          protocol: http
+          targetPort: 4444
+        - attributes:
+            discoverable: 'true'
+            protocol: http
+            public: 'true'
+          exposure: public
+          name: ide-8081
+          protocol: http
+          targetPort: 8081
+        - attributes:
+            discoverable: 'true'
+            protocol: http
+            public: 'true'
+          exposure: public
+          name: ide-8082
+          protocol: http
+          targetPort: 8082
+        - attributes:
+            discoverable: 'true'
+            protocol: http
+            public: 'true'
+          exposure: public
+          name: ide-8083
+          protocol: http
+          targetPort: 8083
+        - attributes:
+            discoverable: 'true'
+            protocol: http
+            public: 'true'
+          exposure: public
+          name: ide-8084
+          protocol: http
+          targetPort: 8084
+      image: 'quay.io/rht-labs/stack-tl500:3.0.16'
+      memoryLimit: 2Gi
+      mountSources: true
+      sourceMapping: /projects
+      volumeMounts:
+        - name: projects
+          path: /projects
+        - name: config
+          path: /home/developer/.config
+        - name: npm
+          path: /home/developer/.npm
+    name: stack-tl500
+  - name: projects
+    volume: {}
+  - name: config
+    volume: {}
+  - name: npm
+    volume: {}

tooling/README.md

@@ -2,7 +2,7 @@
 
 This directory contains the necessary charts used in order to deploy a TL500 Tech Stack against an OCP 4.X cluster. This assumes that the cluster has valid certificates.
 
-🐞 Please ensure your cluster is the latest Z release - 4.9.z or 4.10.z release. We test against these. 🐞
+🐞 Please ensure your cluster is the latest Z release - 4.10.z or 4.11.z release. We test against these. 🐞
 
 This chart is capable of deploying the following:
 
@@ -30,22 +30,38 @@ When specifying a chart version, make sure to use the same version for both char
 
 1. Install TL500 Base
 
+For 4.10.z OpenShift:
+
 ```bash
 helm repo add enablement-framework https://rht-labs.com/enablement-framework 
 helm repo update
 helm search repo enablement-framework
 helm install tl500-base enablement-framework/tl500-base --version XYZ --namespace tl500 --create-namespace --timeout=15m
 ```
 
+When deploying to OpenShift 4.11.z+ there are some breaking changes in newer OpenShift versions, specifically around DevSpaces operator. Use the newer values file:
+
+```bash
+helm install tl500-base enablement-framework/tl500-base -f tl500-base/values-v4.11.yaml --version XYZ --namespace tl500 --create-namespace --timeout=15m
+```
+
 2. Install TL500 Course Content
 
+For 4.10.z OpenShift:
+
 ```bash
 helm repo add enablement-framework https://rht-labs.com/enablement-framework 
 helm repo update
 helm search repo enablement-framework
 helm install tl500-course-content enablement-framework/tl500-course-content --version XYZ --namespace tl500 --create-namespace --timeout=15m
 ```
 
+When deploying to OpenShift 4.11.z+ there are some breaking changes in newer OpenShift versions, specifically around DevSpaces operator. Use the newer values file:
+
+```bash
+helm install  tl500-course-content enablement-framework/tl500-course-content -f tl500-base/values-v4.11.yaml --version XYZ --namespace tl500 --create-namespace --timeout=15m
+```
+
 ## Using the helm chart source code
 
 1. Get the source code

tooling/charts/tl500-base/Chart.yaml

@@ -13,15 +13,15 @@ maintainers:
   - name: springdo
 dependencies:
   - name: sealed-secrets
-    version: "2.1.6"
+    version: "2.6.1"
     repository: https://bitnami-labs.github.io/sealed-secrets
     condition: sealed-secrets.enabled
   - name: stackrox-chart
     version: "0.0.6"
     repository: https://redhat-cop.github.io/helm-charts
     condition: stackrox-chart.enabled
   - name: gitops-operator
-    version: "0.4.2"
+    version: "0.4.3"
     repository: https://redhat-cop.github.io/helm-charts
     condition: gitops-operator.enabled
   - name: tl500-teamsters

tooling/charts/tl500-base/values-v4.11.yaml

@@ -0,0 +1,16 @@
+# OpenShift 411 override values
+
+operators:
+  codeready-workspaces: # undefine
+
+  devspaces:
+    enabled: true
+    namespace: openshift-operators
+    subscription:
+      channel: stable
+      approval: Automatic
+      operatorName: devspaces
+      sourceName: redhat-operators
+      sourceNamespace: openshift-marketplace
+    operatorgroup:
+      create: false

tooling/charts/tl500-base/values.yaml

@@ -97,6 +97,8 @@ gitlab:
     - name: "postgresql"
       tag_name: "latest"
       stream_uri: "registry.redhat.io/rhscl/postgresql-96-rhel7"
+# a body of CA certificate that Gitlab should be using goes in here. Body needs to be Base64!
+#  cacert:
   ldap:
 #    port: "389"
 #    base: "dc=CORP,dc=EXAMPLE,dc=COM"

tooling/charts/tl500-course-content/templates/crw/ca-configmap.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.crw }}
 {{- if .Values.crw.gitCustomCA }}
 ---
 apiVersion: v1
@@ -11,3 +12,4 @@ metadata:
 data:
   ca.crt: {{ .Values.crw.gitCustomCA | indent 4 }}
 {{- end }}
+{{- end }}

tooling/charts/tl500-course-content/templates/crw/crw.yaml

@@ -37,4 +37,4 @@ spec:
     pvcStrategy: per-workspace
     pvcClaimSize: 2Gi
     preCreateSubPaths: true
-{{- end }}
+{{- end }}

tooling/charts/tl500-course-content/templates/crw/crwv2.yaml

@@ -0,0 +1,28 @@
+{{- if .Values.crwv2 }}
+apiVersion: org.eclipse.che/v2
+kind: CheCluster
+metadata:
+  annotations:
+    "helm.sh/hook": post-install,post-upgrade
+    "helm.sh/hook-weight": "25"
+  name: {{ .Values.crwv2.name | default "codeready-workspaces" | quote }}
+  namespace: {{ .Values.crwv2.namespace | default "tl500-workspaces" | quote }}
+spec:
+  components:
+    database:
+      externalDb: false
+    metrics:
+      enable: false
+    cheServer:
+      debug: false
+      logLevel: INFO
+      extraProperties: {{ toYaml .Values.crwv2.properties | nindent 8 | default "" }}
+  devEnvironments:
+    runningLimit: 1
+    secondsOfRunBeforeIdling: {{ .Values.crwv2.secondsOfRunBeforeIdling | default "-1" | quote }}
+    defaultNamespace:
+      template: <username>-devspaces
+    secondsOfInactivityBeforeIdling:  {{ .Values.crwv2.secondsOfInactivityBeforeIdling | default "-1" | quote }}
+    storage:
+      pvcStrategy: per-user
+{{- end }}

tooling/charts/tl500-course-content/templates/stackrox/configure-stackrox-job.yaml

@@ -38,6 +38,12 @@ spec:
               # wait for sericeaccount
               echo "waiting for tl500 pipline service account ..."
               while test 0 == $(oc -n tl500 get sa/pipeline -o name 2>/dev/null | wc -l); do sleep 5; done
+              # support newer installation where token not generated automatically
+              oc serviceaccounts get-token pipeline -n tl500
+              if [ $? != 0 ]; then
+                echo '{"apiVersion":"v1","kind":"Secret","metadata":{"name":"pipeline-token","namespace":"tl500","annotations": {"kubernetes.io/service-account.name":"pipeline"}},"type":"kubernetes.io/service-account-token"}' | oc -n tl500 apply -f- 
+                oc -n tl500 secret link pipeline pipeline-token
+              fi
               TOKEN=$(oc serviceaccounts get-token pipeline -n tl500)
               RET=$(curl -sk -u "admin:${ROX_ADMIN_PASSWD}" "https://$ROX_ENDPOINT/v1/imageintegrations" -d "{\"id\": \"\",\"name\": \"tl500\",\"categories\": [\"REGISTRY\"],\"docker\": {\"endpoint\": \"https://image-registry.openshift-image-registry.svc:5000\",\"username\": \"\",\"password\": \"${TOKEN}\",\"insecure\": true},\"autogenerated\": false,\"clusterId\": \"\",\"clusters\": [],\"skipTestIntegration\": false,\"type\": \"docker\" }" | jq .error)
               if [[ ${RET} != "null" && ! -z ${RET} ]]; then

tooling/charts/tl500-course-content/values-v4.11.yaml

@@ -0,0 +1,12 @@
+# OpenShift 411 extra values
+
+crw: # undefine v1
+
+crwv2:
+  namespace: tl500-workspaces
+  name: "codeready-workspaces"
+  secondsOfRunBeforeIdling: "-1"
+  secondsOfInactivityBeforeIdling: "-1"
+  properties:
+    CHE_LIMITS_USER_WORKSPACES_COUNT: "2"
+    CHE_WORKSPACE_DEFAULT__MEMORY__LIMIT__MB: "3072"

tooling/charts/tl500-course-content/values.yaml

@@ -32,7 +32,6 @@ logging:
 
   kibana: {}
 
-
 crw:
   namespace: tl500-workspaces
   name: "codeready-workspaces"