Istio sample update (#76)

* Automation: Model-Registry-Isito-Deployment with ODH
This commit merges a script that will deploy Model-Registry with ODH then runs a rest api to conclude the script.
It intended for use with Openshift-CI.

Signed-off-by: tonyxrmdavidson <[email protected]>

* Revert to original script.
This commit reverts the script to deply basic model-registry back to it's original. Changes here are needed.

Signed-off-by: tonyxrmdavidson <[email protected]>

* Revert to original file
This commit reverts to the original file format as specifying opendatahub version is not required

Signed-off-by: tonyxrmdavidson <[email protected]>

* Creating specific rest script for tls
This commit introduces istio-tls- rest.sh script which is specific to the istio-tls deployment
It adds the certs/ to gitignore
It makes changes to the oci-model-registry-istio-tls-deploy.sh script to point to the correct rest.sh

Signed-off-by: tonyxrmdavidson <[email protected]>

* Update to gitactions
This commit is to allow the PR to pass the codcov tests

Signed-off-by: tonyxrmdavidson <[email protected]>

---------

Signed-off-by: tonyxrmdavidson <[email protected]>

.gitignore

@@ -40,3 +40,6 @@ __pycache__
 # Protoc files
 include/
 readme.txt
+
+# do not send certs
+certs/

openshift-ci/resources/model-registry-DSCInitialization.yaml

@@ -14,3 +14,20 @@ metadata:
   name: default-dsci
 spec:
   applicationsNamespace: opendatahub
+  devFlags:
+    logmode: production
+  monitoring:
+    managementState: Managed
+    namespace: opendatahub
+  serviceMesh:
+    auth:
+      audiences:
+      - https://kubernetes.default.svc
+    controlPlane:
+      metricsCollection: Istio
+      name: data-science-smcp
+      namespace: istio-system
+    managementState: Managed
+  trustedCABundle:
+    customCABundle: ""
+    managementState: Managed

openshift-ci/resources/opendatahub-subscription.yaml

@@ -7,4 +7,5 @@ spec:
   channel: fast
   name: opendatahub-operator
   source: community-operators
-  sourceNamespace: openshift-marketplace
+  sourceNamespace: openshift-marketplace
+

openshift-ci/resources/samples/authorino-subscription.yaml

@@ -0,0 +1,10 @@
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: authorino-operator
+  namespace: openshift-operators
+spec:
+  channel: stable
+  name: authorino-operator
+  source: community-operators
+  sourceNamespace: openshift-marketplace

openshift-ci/resources/samples/istio/components/authconfig-labels.yaml

@@ -0,0 +1,4 @@
+- op: replace
+  path: /spec/istio/authConfigLabels
+  value:
+    security.opendatahub.io/authorization-group: default

openshift-ci/resources/samples/istio/components/istio.env

@@ -0,0 +1,5 @@
+AUTH_PROVIDER=opendatahub-auth-provider
+ISTIO_INGRESS=ingressgateway
+DOMAIN=apps.rk415.apicurio.integration-qe.com
+REST_CREDENTIAL_NAME=modelregistry-sample-rest-credential
+GRPC_CREDENTIAL_NAME=modelregistry-sample-grpc-credential

openshift-ci/resources/samples/istio/components/istio_modelregistry.yaml

@@ -0,0 +1,15 @@
+apiVersion: modelregistry.opendatahub.io/v1alpha1
+kind: ModelRegistry
+metadata:
+  name: modelregistry-sample
+spec:
+  istio:
+    authProvider: AUTH_PROVIDER
+    authConfigLabels: {}
+    gateway:
+      domain: DOMAIN
+      istioIngress: ISTIO_INGRESS
+      rest:
+        gatewayRoute: enabled
+      grpc:
+        gatewayRoute: enabled

openshift-ci/resources/samples/istio/components/kustomization.yaml

@@ -0,0 +1,26 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+
+# Istio config patch
+patches:
+  - path: istio_modelregistry.yaml
+  - target:
+      group: modelregistry.opendatahub.io
+      version: v1alpha1
+      kind: ModelRegistry
+      name: modelregistry-sample
+    path: authconfig-labels.yaml
+
+# Config map and replacements to use istio.env for cluster specific config
+configMapGenerator:
+  - envs:
+      - istio.env
+    files:
+      - authconfig-labels.yaml
+    name: modelregistry-sample-environment
+generatorOptions:
+  disableNameSuffixHash: true
+replacements:
+  - path: replacements.yaml
+
+#+kubebuilder:scaffold:manifestskustomizesamples

openshift-ci/resources/samples/istio/components/replacements.yaml

@@ -0,0 +1,32 @@
+# replacements from configmap using istio.env for cluster specific config
+- source:
+    kind: ConfigMap
+    name: modelregistry-sample-environment
+    fieldPath: data.AUTH_PROVIDER
+  targets:
+    - select:
+        apiVersion: modelregistry.opendatahub.io/v1alpha1
+        kind: ModelRegistry
+        name: modelregistry-sample
+      fieldPaths:
+        - spec.istio.authProvider
+- source:
+    kind: ConfigMap
+    name: modelregistry-sample-environment
+    fieldPath: data.DOMAIN
+  targets:
+    - select:
+        kind: ModelRegistry
+        name: modelregistry-sample
+      fieldPaths:
+        - spec.istio.gateway.domain
+- source:
+    kind: ConfigMap
+    name: modelregistry-sample-environment
+    fieldPath: data.ISTIO_INGRESS
+  targets:
+    - select:
+        kind: ModelRegistry
+        name: modelregistry-sample
+      fieldPaths:
+        - spec.istio.gateway.istioIngress

openshift-ci/resources/samples/istio/components/tls/istio_tls_modelregistry.yaml

@@ -0,0 +1,13 @@
+apiVersion: modelregistry.opendatahub.io/v1alpha1
+kind: ModelRegistry
+metadata:
+  name: modelregistry-sample
+spec:
+  istio:
+    gateway:
+      rest:
+        tls:
+          credentialName: REST_CREDENTIAL_NAME
+      grpc:
+        tls:
+          credentialName: GRPC_CREDENTIAL_NAME

openshift-ci/resources/samples/istio/components/tls/kustomization.yaml

@@ -0,0 +1,12 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+## Append samples of your project ##
+
+# Istio tls config patch
+patches:
+  - path: istio_tls_modelregistry.yaml
+
+replacements:
+  - path: tls-replacements.yaml
+
+#+kubebuilder:scaffold:manifestskustomizesamples

openshift-ci/resources/samples/istio/components/tls/tls-replacements.yaml

@@ -0,0 +1,21 @@
+# replacements from configmap using istio.env for cluster specific config
+- source:
+    kind: ConfigMap
+    name: modelregistry-sample-environment
+    fieldPath: data.REST_CREDENTIAL_NAME
+  targets:
+    - select:
+        kind: ModelRegistry
+        name: modelregistry-sample
+      fieldPaths:
+        - spec.istio.gateway.rest.tls.credentialName
+- source:
+    kind: ConfigMap
+    name: modelregistry-sample-environment
+    fieldPath: data.GRPC_CREDENTIAL_NAME
+  targets:
+    - select:
+        kind: ModelRegistry
+        name: modelregistry-sample
+      fieldPaths:
+        - spec.istio.gateway.grpc.tls.credentialName

openshift-ci/resources/samples/istio/mysql-tls/kustomization.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+## Append samples of your project ##
+resources:
+  - ../mysql
+
+components:
+  - ../components/tls
+
+#+kubebuilder:scaffold:manifestskustomizesamples

openshift-ci/resources/samples/istio/mysql/kustomization.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+## Append samples of your project ##
+resources:
+- ../../mysql
+
+components:
+- ../components
+
+#+kubebuilder:scaffold:manifestskustomizesamples

openshift-ci/resources/samples/istio/postgres-tls/kustomization.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+## Append samples of your project ##
+resources:
+  - ../postgres
+
+components:
+  - ../components/tls
+
+#+kubebuilder:scaffold:manifestskustomizesamples

openshift-ci/resources/samples/istio/postgres/kustomization.yaml

@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+## Append samples of your project ##
+resources:
+  - ../../postgres
+
+components:
+  - ../components
+
+#+kubebuilder:scaffold:manifestskustomizesamples

openshift-ci/resources/samples/mysql/kustomization.yaml

@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+## Append samples of your project ##
+resources:
+- mysql-db.yaml
+- modelregistry_v1alpha1_modelregistry.yaml
+#+kubebuilder:scaffold:manifestskustomizesamples

openshift-ci/resources/samples/mysql/modelregistry_v1alpha1_modelregistry.yaml

@@ -0,0 +1,24 @@
+apiVersion: modelregistry.opendatahub.io/v1alpha1
+kind: ModelRegistry
+metadata:
+  labels:
+    app.kubernetes.io/name: modelregistry
+    app.kubernetes.io/instance: modelregistry-sample
+    app.kubernetes.io/part-of: model-registry-operator
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/created-by: model-registry-operator
+  name: modelregistry-sample
+spec:
+  # TODO(user): Add fields here
+  grpc:
+    port: 9090
+  rest:
+    port: 8080
+    serviceRoute: disabled
+  mysql:
+    host: model-registry-db
+    database: model_registry
+    username: mlmduser
+    passwordSecret:
+      name: model-registry-db
+      key: database-password

openshift-ci/resources/samples/mysql/mysql-db.yaml

@@ -0,0 +1,126 @@
+apiVersion: v1
+items:
+- apiVersion: v1
+  kind: Service
+  metadata:
+    annotations:
+      template.openshift.io/expose-uri: mysql://{.spec.clusterIP}:{.spec.ports[?(.name==\mysql\)].port}
+    name: model-registry-db
+  spec:
+    ports:
+    - name: mysql
+      nodePort: 0
+      port: 3306
+      protocol: TCP
+      appProtocol: tcp
+      targetPort: 3306
+    selector:
+      name: model-registry-db
+    sessionAffinity: None
+    type: ClusterIP
+- apiVersion: v1
+  kind: PersistentVolumeClaim
+  metadata:
+    name: model-registry-db
+  spec:
+    accessModes:
+    - ReadWriteOnce
+    resources:
+      requests:
+        storage: 5Gi
+- apiVersion: apps/v1
+  kind: Deployment
+  metadata:
+    annotations:
+      template.alpha.openshift.io/wait-for-ready: "true"
+    name: model-registry-db
+  spec:
+    replicas: 1
+    revisionHistoryLimit: 0
+    selector:
+      matchLabels:
+        name: model-registry-db
+    strategy:
+      type: Recreate
+    template:
+      metadata:
+        labels:
+          name: model-registry-db
+          sidecar.istio.io/inject: "false"
+      spec:
+        containers:
+        - env:
+          - name: MYSQL_USER
+            valueFrom:
+              secretKeyRef:
+                key: database-user
+                name: model-registry-db
+          - name: MYSQL_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                key: database-password
+                name: model-registry-db
+          - name: MYSQL_ROOT_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                key: database-password
+                name: model-registry-db
+          - name: MYSQL_DATABASE
+            valueFrom:
+              secretKeyRef:
+                key: database-name
+                name: model-registry-db
+          args:
+            - --datadir
+            - /var/lib/mysql/datadir
+            - --default-authentication-plugin=mysql_native_password
+          image: mysql:8.3.0
+          imagePullPolicy: IfNotPresent
+          livenessProbe:
+            exec:
+              command:
+                - /bin/bash
+                - -c
+                - mysqladmin -u${MYSQL_USER} -p${MYSQL_ROOT_PASSWORD} ping
+            initialDelaySeconds: 15
+            periodSeconds: 10
+            timeoutSeconds: 5
+          name: mysql
+          ports:
+          - containerPort: 3306
+            protocol: TCP
+          readinessProbe:
+            exec:
+              command:
+              - /bin/bash
+              - -c
+              - mysql -D ${MYSQL_DATABASE} -u${MYSQL_USER} -p${MYSQL_ROOT_PASSWORD} -e 'SELECT 1'
+            initialDelaySeconds: 10
+            timeoutSeconds: 5
+          securityContext:
+            capabilities: {}
+            privileged: false
+          terminationMessagePath: /dev/termination-log
+          volumeMounts:
+          - mountPath: /var/lib/mysql
+            name: model-registry-db-data
+        dnsPolicy: ClusterFirst
+        restartPolicy: Always
+        volumes:
+        - name: model-registry-db-data
+          persistentVolumeClaim:
+            claimName: model-registry-db
+- apiVersion: v1
+  kind: Secret
+  metadata:
+    annotations:
+      template.openshift.io/expose-database_name: '{.data[''database-name'']}'
+      template.openshift.io/expose-password: '{.data[''database-password'']}'
+      template.openshift.io/expose-username: '{.data[''database-user'']}'
+    name: model-registry-db
+  stringData:
+    database-name: "model_registry"
+    database-password: "TheBlurstOfTimes"
+    database-user: "mlmduser"
+kind: List
+metadata: {}

openshift-ci/resources/samples/postgres/kustomization.yaml

@@ -0,0 +1,5 @@
+## Append samples of your project ##
+resources:
+- postgres-db.yaml
+- modelregistry_v1alpha1_modelregistry.yaml
+#+kubebuilder:scaffold:manifestskustomizesamples