Fixes #243 - Add initial kustomize templates for this project

.dockerignore

@@ -1,5 +1,6 @@
 # Secrets
 **/*.env*
+**/secret
 
 # Node dev
 **/node_modules/

.gitignore

@@ -4,6 +4,7 @@ webpack-stats.json
 # MySQL data files
 .data
 ngrok.yml
+**/secret
 
 # Temp files
 *.swp

kustomize/README.md

@@ -0,0 +1,44 @@
+# OpenShift configuration with Kustomize
+
+Resource configuration and secret consumption for OpenShift projects are managed
+using [`kustomize`](https://kubectl.docs.kubernetes.io/guides/introduction/kustomize/).
+
+## Setup
+
+1. Populate secrets.
+
+ Sensitive values and files are located in Dropbox in the 
+ `TL Security files -> Canvas App Explorer -> secrets`
+ Dropbox folder. Merge the `base` and `overlays` directories with their equivalents in the `service`
+ directory in your local repository.
+
+2. Install `kustomize`.
+
+ You can install Kustomize using the command from the
+ [website](https://kubectl.docs.kubernetes.io/installation/kustomize/binaries/),
+ and adding version 4.5.5 (what is supported for now) as an argument.
+ ```
+ curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash -s 4.5.5`
+ ```
+
+ This will download the binary to the local directory. Ideally you'd move this somewhere on your path.
+
+## Updating a project
+
+1. Login and select the desired project using `oc`.
+ ```
+ oc login ...
+ oc project canvas-app-explorer-dev
+ ```
+
+2. Fron the `service` directory, use `kustomize build` on an overlay directory 
+and pipe the result to `oc apply`.
+ ```
+ kustomize build overlays/dev | oc apply -f - --validate
+ ```
+
+To make changes to a project's ingress (e.g. updating certificates),
+you may need to first delete the ingress before running `kustomize build`.
+```
+oc delete ingress some-ingress-name
+```

kustomize/base/build.yaml

@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: BuildConfig
+metadata:
+ name: web
+spec:
+ output:
+ to:
+ kind: DockerImage
+ name: docker-registry.default.svc:5000/canvas-app-explorer-dev/canvas-app-explorer:latest
+ runPolicy: Serial
+ source:
+ git:
+ uri: https://github.com/tl-its-umich-edu/canvas-app-explorer.git
+ ref: "main"
+ type: Git
+ strategy:
+ type: Docker
+ dockerStrategy:
+ dockerfilePath: dockerfiles/Dockerfile.openshift
+ noCache: true
+ forcePull: true
+ triggers:
+ - type: "GitHub"
+ github:
+ secretReference:
+ name: github
+ nodeSelector: {}
+status:
+ lastVersion: 0

kustomize/base/kustomization.yaml

@@ -0,0 +1,18 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+commonLabels:
+ org: umich
+ project: canvas-app-explorer
+resources:
+- web-autoscaler.yaml
+- web-deployment.yaml
+- web-service.yaml
+# - web-ingress.yaml
+- build.yaml
+namePrefix: canvas-app-explorer-
+configMapGenerator:
+- name: canvas-app-explorer
+crds: # Use CRDs to support OpenShift resource kinds
+- openshift-buildconfig.json
+- openshift-deploymentconfig.json
+- openshift-route.json

kustomize/base/openshift-buildconfig.json

@@ -0,0 +1,52 @@
+{
+ "github.com/adnovum/kustomize-openshift/dc.openshift.io.v1.BuildConfig": {
+ "Schema": {
+ "description": "This is a fake CRD description to make kustomize fix OpenShift DeploymentConfig resources. See: https://github.com/adnovum/kustomize-openshift",
+ "properties": {
+ "apiVersion": {
+ "type": "string"
+ },
+ "kind": {
+ "type": "string"
+ },
+ "metadata": {
+ "$ref": "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"
+ },
+ "spec": {
+ "$ref": "github.com/adnovum/kustomize-openshift/dc.openshift.io.v1.BuildConfigSpec"
+ }
+ }
+ }
+ },
+ "github.com/adnovum/kustomize-openshift/dc.openshift.io.v1.BuildConfigSpec": {
+ "Schema": {
+ "properties": {
+ "source/sourceSecret": {
+ "x-kubernetes-object-ref-api-version": "v1",
+ "x-kubernetes-object-ref-kind": "Secret",
+ "x-kubernetes-object-ref-name-key": "name"
+ },
+ "source/secrets/secret": {
+ "x-kubernetes-object-ref-api-version": "v1",
+ "x-kubernetes-object-ref-kind": "Secret",
+ "x-kubernetes-object-ref-name-key": "name"
+ },
+ "triggers/gitlab/secretReference": {
+ "x-kubernetes-object-ref-api-version": "v1",
+ "x-kubernetes-object-ref-kind": "Secret",
+ "x-kubernetes-object-ref-name-key": "name"
+ },
+ "triggers/github/secretReference": {
+ "x-kubernetes-object-ref-api-version": "v1",
+ "x-kubernetes-object-ref-kind": "Secret",
+ "x-kubernetes-object-ref-name-key": "name"
+ },
+ "triggers/generic/secretReference": {
+ "x-kubernetes-object-ref-api-version": "v1",
+ "x-kubernetes-object-ref-kind": "Secret",
+ "x-kubernetes-object-ref-name-key": "name"
+ }
+ }
+ }
+ }
+}

kustomize/base/openshift-deploymentconfig.json

@@ -0,0 +1,43 @@
+{
+ "github.com/adnovum/kustomize-openshift/dc.openshift.io.v1.DeploymentConfig": {
+ "Schema": {
+ "description": "This is a fake CRD description to make kustomize fix OpenShift DeploymentConfig resources. See: https://github.com/adnovum/kustomize-openshift",
+ "properties": {
+ "apiVersion": {
+ "type": "string"
+ },
+ "kind": {
+ "type": "string"
+ },
+ "metadata": {
+ "$ref": "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"
+ },
+ "spec": {
+ "$ref": "github.com/adnovum/kustomize-openshift/dc.openshift.io.v1.DeploymentConfigSpec"
+ }
+ }
+ }
+ },
+ "github.com/adnovum/kustomize-openshift/dc.openshift.io.v1.DeploymentConfigSpec": {
+ "Schema": {
+ "properties": {
+ "template/metadata": {
+ "$ref": "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"
+ },
+ "template/spec/volumes/configMap": {
+ "x-kubernetes-object-ref-api-version": "v1",
+ "x-kubernetes-object-ref-kind": "ConfigMap"
+ },
+ "template/spec/containers/envFrom/configMapRef": {
+ "x-kubernetes-object-ref-api-version": "v1",
+ "x-kubernetes-object-ref-kind": "ConfigMap"
+ },
+ "template/spec/containers/envFrom/secretRef": {
+ "x-kubernetes-object-ref-api-version": "v1",
+ "x-kubernetes-object-ref-kind": "Secret",
+ "x-kubernetes-object-ref-name-key": "name"
+ }
+ }
+ }
+ }
+}

kustomize/base/openshift-route.json

@@ -0,0 +1,31 @@
+{
+ "github.com/adnovum/kustomize-openshift/route.openshift.io.v1.Route": {
+ "Schema": {
+ "description": "This is a fake CRD description to make kustomize fix OpenShift route resources. See: https://github.com/adnovum/kustomize-openshift",
+ "properties": {
+ "apiVersion": {
+ "type": "string"
+ },
+ "kind": {
+ "type": "string"
+ },
+ "metadata": {
+ "$ref": "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"
+ },
+ "spec": {
+ "$ref": "github.com/adnovum/kustomize-openshift/route.openshift.io.v1.RouteSpec"
+ }
+ }
+ }
+ },
+ "github.com/adnovum/kustomize-openshift/route.openshift.io.v1.RouteSpec": {
+ "Schema": {
+ "properties": {
+ "to": {
+ "x-kubernetes-object-ref-api-version": "v1",
+ "x-kubernetes-object-ref-kind": "Service"
+ }
+ }
+ }
+ }
+}

kustomize/base/web-autoscaler.yaml

@@ -0,0 +1,11 @@
+apiVersion: autoscaling/v1
+kind: HorizontalPodAutoscaler
+metadata:
+ name: web
+spec:
+ scaleTargetRef:
+ apiVersion: v1
+ kind: DeploymentConfig
+ name: canvas-app-explorer-web-dev
+ minReplicas: 1
+ maxReplicas: 1 

kustomize/base/web-deployment.yaml

@@ -0,0 +1,46 @@
+apiVersion: v1
+kind: DeploymentConfig
+metadata:
+ name: web
+ labels:
+ app: web
+spec:
+ replicas: 1
+ selector:
+ app: web
+ org: umich
+ project: canvas-app-explorer
+ variant: dev
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app: web
+ org: umich
+ project: canvas-app-explorer
+ variant: dev
+ spec:
+ containers:
+ - name: web
+ image: docker-registry.default.svc:5000/canvas-app-explorer-dev/canvas-app-explorer:latest
+ ports:
+ - containerPort: 5000
+ protocol: TCP
+ envFrom:
+ - configMapRef:
+ name: canvas-app-explorer
+ resources:
+ limits:
+ cpu: "1"
+ memory: 4Gi
+ triggers:
+ - type: "ImageChange"
+ imageChangeParams:
+ automatic: true
+ from:
+ kind: "ImageStreamTag"
+ name: "canvas-app-explorer:latest"
+ namespace: "canvas-app-explorer-dev"
+ containerNames:
+ - "web"

kustomize/base/web-ingress.yaml

@@ -0,0 +1,20 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ name: web
+ labels:
+ app: web
+spec:
+ rules:
+ - host: dev-canvas-app-explorer-dev.webplatformsunpublished.umich.edu 
+ http:
+ paths:
+ - path: /
+ backend:
+ serviceName: web
+ servicePort: 5000
+ tls:
+ - hosts:
+ - dev-canvas-app-explorer-dev.webplatformsunpublished.umich.edu
+ secret:
+ optional: true

kustomize/base/web-service.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: web
+spec:
+ selector:
+ app: web
+ ports:
+ - port: 5000
+ targetPort: 5000
+ protocol: TCP

kustomize/overlays/dev/kustomization.yaml

@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+commonLabels:
+ variant: dev
+ org: umich
+nameSuffix: -dev
+bases:
+- ../../base
+configMapGenerator:
+ - name: canvas-app-explorer
+ behavior: replace
+ envs:
+ - secret/configmap-dev.properties

kustomize/overlays/prod/build.yaml

@@ -0,0 +1,3 @@
+- op: replace
+ path: /spec/output/to/name
+ value: docker-registry.default.svc:5000/canvas-app-explorer-test/canvas-app-explorer:latest

kustomize/overlays/prod/deployment.yaml

@@ -0,0 +1,11 @@
+- op: replace
+ path: /spec/template/spec/containers/0/image
+ value: docker-registry.default.svc:5000/canvas-app-explorer-test/canvas-app-explorer:latest
+- op: replace
+ path: /spec/selector/variant
+ value: prod
+- op: replace
+ path: /spec/template/metadata/labels/variant
+ value: prod
+- op: remove
+ path: /spec/triggers

kustomize/overlays/prod/hostname.yaml

@@ -0,0 +1,6 @@
+- op: add
+ path: /spec/rules/0/host
+ value: cae.tl.it.umich.edu
+- op: replace
+ path: /spec/tls/0/hosts/0
+ value: cae.tl.it.umich.edu