testing ingress settings openshift-instruqt#150

ryanj · Oct 14, 2022 · 3ab4460 · 3ab4460
1 parent a37fe22
commit 3ab4460
Show file tree

Hide file tree

Showing 4 changed files with 249 additions and 0 deletions.
diff --git a/playgrounds/411-short-init/01-playground/assignment.md b/playgrounds/411-short-init/01-playground/assignment.md
@@ -0,0 +1,128 @@
+---
+slug: playground
+id: a0kxymmzcjab
+type: challenge
+title: OpenShift Playground
+notes:
+- type: text
+  contents: |
+    ## Goal
+
+    Explore Ingress enhancements to OpenShift version 4.11.
+
+    ## Concepts
+
+    * OpenShift Web Console
+    * `oc` command line tool
+    * OpenShift Projects and Applications
+    * Ingress setup
+
+    ## Use case
+
+    You control an OpenShift cluster for one hour. You can deploy your own container image, or set up a pipeline to build your application from source, then monitor it with Prometheus as it runs. Use an Operator to deploy and manage a database backend for your web app.
+
+    This OpenShift cluster will self-destruct in one hour.
+tabs:
+- title: Terminal 1
+  type: terminal
+  hostname: crc
+- title: Web Console
+  type: website
+  url: https://console-openshift-console.crc-lgph7-master-0.crc.${_SANDBOX_ID}.instruqt.io
+  new_window: true
+- title: Visual Editor
+  type: code
+  hostname: crc
+  path: /root
+difficulty: basic
+timelimit: 3600
+---
+# Ingress customizations
+
+## Generate a new SSL cert
+
+Is this step needed?  Should we use one issued by instruqt?
+```
+openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout /tmp/instruqt.key -out /tmp/instruqt.crt -subj "/CN=${HOSTNAME}.crc.${INSTRUQT_PARTICIPANT_ID}.instruqt.io" -addext "subjectAltName=DNS:apps.${HOSTNAME}.crc.${INSTRUQT_PARTICIPANT_ID}.instruqt.io,DNS:*.apps.${HOSTNAME}.crc.${INSTRUQT_PARTICIPANT_ID}.instruqt.io,DNS:api.${HOSTNAME}.crc.${INSTRUQT_PARTICIPANT_ID}.instruqt.io"
+```
+
+## Store the new cert as a secret:
+
+```
+oc create secret tls instruqt-secret --cert=/tmp/instruqt.crt --key=/tmp/instruqt.key -n openshift-config
+```
+
+## Patch the ingress:
+
+Generate an ingress patch file:
+```
+cat <<EOF > /tmp/ingress-patch.yaml
+spec:
+  appsDomain: apps.$HOSTNAME.crc.$INSTRUQT_PARTICIPANT_ID.instruqt.io
+  componentRoutes:
+  - hostname: console-openshift-console.apps.$HOSTNAME.crc.$INSTRUQT_PARTICIPANT_ID.instruqt.io
+    name: console
+    namespace: openshift-console
+    servingCertKeyPairSecret:
+      name: instruqt-secret
+  - hostname: oauth-openshift.apps.$HOSTNAME.crc.$INSTRUQT_PARTICIPANT_ID.instruqt.io
+    name: oauth-openshift
+    namespace: openshift-authentication
+    servingCertKeyPairSecret:
+      name: instruqt-secret
+EOF
+```
+
+Apply the ingress patch:
+```
+oc patch ingresses.config.openshift.io cluster --type=merge --patch-file=/tmp/ingress-patch.yaml
+```
+
+Patch the API URL:
+```
+oc patch apiserver cluster --type=merge -p "{\"spec\":{\"servingCerts\": {\"namedCertificates\":[{\"names\":[\"api.${HOSTNAME}.crc.${INSTRUQT_PARTICIPANT_ID}.instruqt.io\"],\"servingCertificate\": {\"name\": \"instruqt-secret\"}}]}}}"
+```
+
+Log in via the new API url:
+```
+oc login -u admin -p admin api.${HOSTNAME}.crc.${INSTRUQT_PARTICIPANT_ID}.instruqt.io:6443
+```
+
+Patch the default route:
+```
+oc patch -p "{\"spec\": {\"host\": \"default-route-openshift-image-registry.${HOSTNAME}.crc.${INSTRUQT_PARTICIPANT_ID}.instruqt.io\"}}" route default-route -n openshift-image-registry --type=merge
+```
+
+## Test your work:
+
+1. Try logging in via the web console by clicking on the Web Console tab
+
+2. Try logging in via the command line:
+
+```
+oc login -u developer -p developer api.${HOSTNAME}.crc.${INSTRUQT_PARTICIPANT_ID}.instruqt.io:6443
+```
+
+3. Test ingress settings for the default application routes:
+
+```
+oc new-project demo
+oc new-app ruby~https://github.com/sclorg/ruby-ex.git
+oc expose svc/ruby-ex
+oc get route
+```
+
+Check the build status:
+```
+oc get builds
+```
+
+Check to make sure the newly built app returns status "200 OK":
+```
+curl -Ik $(oc get route | head -n 2 | tail -n 1 | awk '{print $2}')
+```
+
+Is the app being served from the new ingress routes?
+```
+oc get route
+```
diff --git a/playgrounds/411-short-init/config.yml b/playgrounds/411-short-init/config.yml
@@ -0,0 +1,9 @@
+version: "3"
+virtualmachines:
+- name: crc
+  image: rhd-devx-instruqt/openshift-4-11-7-lgph7
+  machine_type: n1-highmem-4
+  allow_external_ingress:
+  - http
+  - https
+  - high-ports
diff --git a/playgrounds/411-short-init/track.yml b/playgrounds/411-short-init/track.yml
@@ -0,0 +1,30 @@
+slug: 411-short-init
+id: ebbrvpfihpnz
+title: 411-short-init
+description: |
+  ## Goal
+
+  Explore OpenShift version 4.11.
+
+  ## Concepts
+
+  * OpenShift Web Console
+  * `oc` command line tool
+  * OpenShift Projects and Applications
+  * Your applications on OpenShift
+
+  ## Use case
+
+  You control an OpenShift cluster for one hour. You can deploy your own container image, or set up a pipeline to build your application from source, then monitor it with Prometheus as it runs. Use an Operator to deploy and manage a database backend for your web app.
+
+  This OpenShift cluster will self-destruct in one hour.
+icon: https://logodix.com/logo/1910931.png
+level: beginner
+tags:
+- openshift
+owner: openshift
+developers:
+- ryanj@redhat.com
+private: true
+published: false
+checksum: "12428612654956853831"
diff --git a/playgrounds/411-short-init/track_scripts/setup-crc b/playgrounds/411-short-init/track_scripts/setup-crc
@@ -0,0 +1,82 @@
+#!/bin/bash
+set -x
+
+# setup vars
+export TERM=xterm-color
+export KUBECONFIG=/opt/kubeconfig
+echo "export TERM=xterm-color" >> /root/.bashrc
+echo "export KUBECONFIG=/opt/kubeconfig" >> /root/.bashrc
+echo "export HOME=/root" >> /root/.bashrc
+
+ENS4IP=$(ip -4 -o addr show ens4 | awk '{print $4}' | cut -d "/" -f 1)
+
+# set hostname
+#INSTRUQT_HOSTNAME=$(curl -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/attributes/hostname)
+
+# Don't do this below causes issues later on, i believe.
+# hostnamectl set-hostname $HOSTNAME
+
+eval $(curl -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/attributes/startup-script | grep INSTRUQT_PARTICIPANT_ID)
+
+# dnsmasq config for crc-dnsmasq.service
+cat << EOF > /var/srv/dnsmasq.conf
+user=root
+port= 53
+bind-interfaces
+expand-hosts
+log-queries
+local=/crc.testing/
+domain=crc.testing
+address=/apps-crc.testing/$ENS4IP
+address=/api.crc.testing/$ENS4IP
+address=/api-int.crc.testing/$ENS4IP
+address=/$HOSTNAME.crc.testing/192.168.126.11
+EOF
+
+sed -i '/^search.*/a nameserver 10.88.0.8' /etc/resolv.conf
+
+# start openshift
+systemctl start crc-dnsmasq.service
+systemctl start kubelet
+
+echo "### Boostrap START ###"
+echo $(date)
+
+until oc get pods -A 2>/dev/null 1>&2; do 
+  echo "Waiting for pods to start..";
+  sleep 5;
+done
+
+#Ingress
+
+#openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout /tmp/instruqt.key -out /tmp/instruqt.crt -subj "/CN=${HOSTNAME}.crc.${INSTRUQT_PARTICIPANT_ID}.instruqt.io" -addext "subjectAltName=DNS:apps.${HOSTNAME}.crc.${INSTRUQT_PARTICIPANT_ID}.instruqt.io,DNS:*.apps.${HOSTNAME}.crc.${INSTRUQT_PARTICIPANT_ID}.instruqt.io,DNS:api.${HOSTNAME}.crc.${INSTRUQT_PARTICIPANT_ID}.instruqt.io"
+#
+#oc create secret tls instruqt-secret --cert=/tmp/instruqt.crt --key=/tmp/instruqt.key -n openshift-config
+#
+#cat <<EOF > /tmp/ingress-patch.yaml
+#spec:
+#  appsDomain: apps.$HOSTNAME.crc.$INSTRUQT_PARTICIPANT_ID.instruqt.io
+#  componentRoutes:
+#  - hostname: console-openshift-console.apps.$HOSTNAME.crc.$INSTRUQT_PARTICIPANT_ID.instruqt.io
+#    name: console
+#    namespace: openshift-console
+#    servingCertKeyPairSecret:
+#      name: instruqt-secret
+#  - hostname: oauth-openshift.apps.$HOSTNAME.crc.$INSTRUQT_PARTICIPANT_ID.instruqt.io
+#    name: oauth-openshift
+#    namespace: openshift-authentication
+#    servingCertKeyPairSecret:
+#      name: instruqt-secret
+#EOF
+#
+#oc patch ingresses.config.openshift.io cluster --type=merge --patch-file=/tmp/ingress-patch.yaml
+#
+#oc patch apiserver cluster --type=merge -p "{\"spec\":{\"servingCerts\": {\"namedCertificates\":[{\"names\":[\"api.${HOSTNAME}.crc.${INSTRUQT_PARTICIPANT_ID}.instruqt.io\"],\"servingCertificate\": {\"name\": \"instruqt-secret\"}}]}}}"
+#
+#oc login -u admin -p admin api.$HOSTNAME.crc.$INSTRUQT_PARTICIPANT_ID.instruqt.io:6443
+#
+#oc patch -p "{\"spec\": {\"host\": \"default-route-openshift-image-registry.${HOSTNAME}.crc.${INSTRUQT_PARTICIPANT_ID}.instruqt.io\"}}" route default-route -n openshift-image-registry --type=merge
+
+echo "### Boostrap END ###"
+echo $(date)
+