forked from openshift-instruqt/instruqt
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
testing ingress settings openshift-instruqt#150
- Loading branch information
Showing
4 changed files
with
249 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,128 @@ | ||
--- | ||
slug: playground | ||
id: a0kxymmzcjab | ||
type: challenge | ||
title: OpenShift Playground | ||
notes: | ||
- type: text | ||
contents: | | ||
## Goal | ||
Explore Ingress enhancements to OpenShift version 4.11. | ||
## Concepts | ||
* OpenShift Web Console | ||
* `oc` command line tool | ||
* OpenShift Projects and Applications | ||
* Ingress setup | ||
## Use case | ||
You control an OpenShift cluster for one hour. You can deploy your own container image, or set up a pipeline to build your application from source, then monitor it with Prometheus as it runs. Use an Operator to deploy and manage a database backend for your web app. | ||
This OpenShift cluster will self-destruct in one hour. | ||
tabs: | ||
- title: Terminal 1 | ||
type: terminal | ||
hostname: crc | ||
- title: Web Console | ||
type: website | ||
url: https://console-openshift-console.crc-lgph7-master-0.crc.${_SANDBOX_ID}.instruqt.io | ||
new_window: true | ||
- title: Visual Editor | ||
type: code | ||
hostname: crc | ||
path: /root | ||
difficulty: basic | ||
timelimit: 3600 | ||
--- | ||
# Ingress customizations | ||
|
||
## Generate a new SSL cert | ||
|
||
Is this step needed? Should we use one issued by instruqt? | ||
``` | ||
openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout /tmp/instruqt.key -out /tmp/instruqt.crt -subj "/CN=${HOSTNAME}.crc.${INSTRUQT_PARTICIPANT_ID}.instruqt.io" -addext "subjectAltName=DNS:apps.${HOSTNAME}.crc.${INSTRUQT_PARTICIPANT_ID}.instruqt.io,DNS:*.apps.${HOSTNAME}.crc.${INSTRUQT_PARTICIPANT_ID}.instruqt.io,DNS:api.${HOSTNAME}.crc.${INSTRUQT_PARTICIPANT_ID}.instruqt.io" | ||
``` | ||
|
||
## Store the new cert as a secret: | ||
|
||
``` | ||
oc create secret tls instruqt-secret --cert=/tmp/instruqt.crt --key=/tmp/instruqt.key -n openshift-config | ||
``` | ||
|
||
## Patch the ingress: | ||
|
||
Generate an ingress patch file: | ||
``` | ||
cat <<EOF > /tmp/ingress-patch.yaml | ||
spec: | ||
appsDomain: apps.$HOSTNAME.crc.$INSTRUQT_PARTICIPANT_ID.instruqt.io | ||
componentRoutes: | ||
- hostname: console-openshift-console.apps.$HOSTNAME.crc.$INSTRUQT_PARTICIPANT_ID.instruqt.io | ||
name: console | ||
namespace: openshift-console | ||
servingCertKeyPairSecret: | ||
name: instruqt-secret | ||
- hostname: oauth-openshift.apps.$HOSTNAME.crc.$INSTRUQT_PARTICIPANT_ID.instruqt.io | ||
name: oauth-openshift | ||
namespace: openshift-authentication | ||
servingCertKeyPairSecret: | ||
name: instruqt-secret | ||
EOF | ||
``` | ||
|
||
Apply the ingress patch: | ||
``` | ||
oc patch ingresses.config.openshift.io cluster --type=merge --patch-file=/tmp/ingress-patch.yaml | ||
``` | ||
|
||
Patch the API URL: | ||
``` | ||
oc patch apiserver cluster --type=merge -p "{\"spec\":{\"servingCerts\": {\"namedCertificates\":[{\"names\":[\"api.${HOSTNAME}.crc.${INSTRUQT_PARTICIPANT_ID}.instruqt.io\"],\"servingCertificate\": {\"name\": \"instruqt-secret\"}}]}}}" | ||
``` | ||
|
||
Log in via the new API url: | ||
``` | ||
oc login -u admin -p admin api.${HOSTNAME}.crc.${INSTRUQT_PARTICIPANT_ID}.instruqt.io:6443 | ||
``` | ||
|
||
Patch the default route: | ||
``` | ||
oc patch -p "{\"spec\": {\"host\": \"default-route-openshift-image-registry.${HOSTNAME}.crc.${INSTRUQT_PARTICIPANT_ID}.instruqt.io\"}}" route default-route -n openshift-image-registry --type=merge | ||
``` | ||
|
||
## Test your work: | ||
|
||
1. Try logging in via the web console by clicking on the Web Console tab | ||
|
||
2. Try logging in via the command line: | ||
|
||
``` | ||
oc login -u developer -p developer api.${HOSTNAME}.crc.${INSTRUQT_PARTICIPANT_ID}.instruqt.io:6443 | ||
``` | ||
|
||
3. Test ingress settings for the default application routes: | ||
|
||
``` | ||
oc new-project demo | ||
oc new-app ruby~https://github.com/sclorg/ruby-ex.git | ||
oc expose svc/ruby-ex | ||
oc get route | ||
``` | ||
|
||
Check the build status: | ||
``` | ||
oc get builds | ||
``` | ||
|
||
Check to make sure the newly built app returns status "200 OK": | ||
``` | ||
curl -Ik $(oc get route | head -n 2 | tail -n 1 | awk '{print $2}') | ||
``` | ||
|
||
Is the app being served from the new ingress routes? | ||
``` | ||
oc get route | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
version: "3" | ||
virtualmachines: | ||
- name: crc | ||
image: rhd-devx-instruqt/openshift-4-11-7-lgph7 | ||
machine_type: n1-highmem-4 | ||
allow_external_ingress: | ||
- http | ||
- https | ||
- high-ports |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
slug: 411-short-init | ||
id: ebbrvpfihpnz | ||
title: 411-short-init | ||
description: | | ||
## Goal | ||
Explore OpenShift version 4.11. | ||
## Concepts | ||
* OpenShift Web Console | ||
* `oc` command line tool | ||
* OpenShift Projects and Applications | ||
* Your applications on OpenShift | ||
## Use case | ||
You control an OpenShift cluster for one hour. You can deploy your own container image, or set up a pipeline to build your application from source, then monitor it with Prometheus as it runs. Use an Operator to deploy and manage a database backend for your web app. | ||
This OpenShift cluster will self-destruct in one hour. | ||
icon: https://logodix.com/logo/1910931.png | ||
level: beginner | ||
tags: | ||
- openshift | ||
owner: openshift | ||
developers: | ||
- ryanj@redhat.com | ||
private: true | ||
published: false | ||
checksum: "12428612654956853831" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
#!/bin/bash | ||
set -x | ||
|
||
# setup vars | ||
export TERM=xterm-color | ||
export KUBECONFIG=/opt/kubeconfig | ||
echo "export TERM=xterm-color" >> /root/.bashrc | ||
echo "export KUBECONFIG=/opt/kubeconfig" >> /root/.bashrc | ||
echo "export HOME=/root" >> /root/.bashrc | ||
|
||
ENS4IP=$(ip -4 -o addr show ens4 | awk '{print $4}' | cut -d "/" -f 1) | ||
|
||
# set hostname | ||
#INSTRUQT_HOSTNAME=$(curl -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/attributes/hostname) | ||
|
||
# Don't do this below causes issues later on, i believe. | ||
# hostnamectl set-hostname $HOSTNAME | ||
|
||
eval $(curl -H "Metadata-Flavor: Google" http://metadata.google.internal/computeMetadata/v1/instance/attributes/startup-script | grep INSTRUQT_PARTICIPANT_ID) | ||
|
||
# dnsmasq config for crc-dnsmasq.service | ||
cat << EOF > /var/srv/dnsmasq.conf | ||
user=root | ||
port= 53 | ||
bind-interfaces | ||
expand-hosts | ||
log-queries | ||
local=/crc.testing/ | ||
domain=crc.testing | ||
address=/apps-crc.testing/$ENS4IP | ||
address=/api.crc.testing/$ENS4IP | ||
address=/api-int.crc.testing/$ENS4IP | ||
address=/$HOSTNAME.crc.testing/192.168.126.11 | ||
EOF | ||
|
||
sed -i '/^search.*/a nameserver 10.88.0.8' /etc/resolv.conf | ||
|
||
# start openshift | ||
systemctl start crc-dnsmasq.service | ||
systemctl start kubelet | ||
|
||
echo "### Boostrap START ###" | ||
echo $(date) | ||
|
||
until oc get pods -A 2>/dev/null 1>&2; do | ||
echo "Waiting for pods to start.."; | ||
sleep 5; | ||
done | ||
|
||
#Ingress | ||
|
||
#openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout /tmp/instruqt.key -out /tmp/instruqt.crt -subj "/CN=${HOSTNAME}.crc.${INSTRUQT_PARTICIPANT_ID}.instruqt.io" -addext "subjectAltName=DNS:apps.${HOSTNAME}.crc.${INSTRUQT_PARTICIPANT_ID}.instruqt.io,DNS:*.apps.${HOSTNAME}.crc.${INSTRUQT_PARTICIPANT_ID}.instruqt.io,DNS:api.${HOSTNAME}.crc.${INSTRUQT_PARTICIPANT_ID}.instruqt.io" | ||
# | ||
#oc create secret tls instruqt-secret --cert=/tmp/instruqt.crt --key=/tmp/instruqt.key -n openshift-config | ||
# | ||
#cat <<EOF > /tmp/ingress-patch.yaml | ||
#spec: | ||
# appsDomain: apps.$HOSTNAME.crc.$INSTRUQT_PARTICIPANT_ID.instruqt.io | ||
# componentRoutes: | ||
# - hostname: console-openshift-console.apps.$HOSTNAME.crc.$INSTRUQT_PARTICIPANT_ID.instruqt.io | ||
# name: console | ||
# namespace: openshift-console | ||
# servingCertKeyPairSecret: | ||
# name: instruqt-secret | ||
# - hostname: oauth-openshift.apps.$HOSTNAME.crc.$INSTRUQT_PARTICIPANT_ID.instruqt.io | ||
# name: oauth-openshift | ||
# namespace: openshift-authentication | ||
# servingCertKeyPairSecret: | ||
# name: instruqt-secret | ||
#EOF | ||
# | ||
#oc patch ingresses.config.openshift.io cluster --type=merge --patch-file=/tmp/ingress-patch.yaml | ||
# | ||
#oc patch apiserver cluster --type=merge -p '{"spec":{"servingCerts": {"namedCertificates":[{"names":["api.${HOSTNAME}.crc.${INSTRUQT_PARTICIPANT_ID}.instruqt.io"],"servingCertificate": {"name": "instruqt-secret"}}]}}}' | ||
# | ||
#oc login -u admin -p admin api.$HOSTNAME.crc.$INSTRUQT_PARTICIPANT_ID.instruqt.io:6443 | ||
# | ||
#oc patch -p "{\"spec\": {\"host\": \"default-route-openshift-image-registry.${HOSTNAME}.crc.${INSTRUQT_PARTICIPANT_ID}.instruqt.io\"}}" route default-route -n openshift-image-registry --type=merge | ||
|
||
echo "### Boostrap END ###" | ||
echo $(date) | ||
|