AllardDCS/kubernetes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
allard
2025-11-23 18:58:51 +01:00
commit 376a944abc
1553 changed files with 314731 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

166
dev/tekton/examples/example-bank/scripts/createappid.sh Executable file
View File

@@ -0,0 +1,166 @@
# Check if ibmcloud is in user's account
ibmcloud_accountname=$(ibmcloud target --output json | jq -j '.account.name')
## check if account is in quicklabs (labs.cognitiveclass.ai) or workshop clusters account in DEG
if [ "$ibmcloud_accountname" = "QuickLabs - IBM Skills Network" ]; then
echo "\n"
echo "WARNING: You're logged in as ${ibmcloud_accountname}"
echo "Please log in again using -- ibmcloud login -u YOUR_IBM_CLOUD_EMAIL"
echo "and run this script again"
exit 1
elif [ "$ibmcloud_accountname" = "DEGCloud DEGCloud's Account" ]; then
echo "\n"
echo "WARNING: You're logged in as ${ibmcloud_accountname}"
echo "Please log in again using -- ibmcloud login -u YOUR_IBM_CLOUD_EMAIL"
echo "and run this script again"
exit 1
fi
# end check
RG=$(ibmcloud resource groups --default | grep -i ^default | awk '{print $1}')
ibmcloud target -g $RG
ibmcloud resource service-instance appid-example-bank
if [ "$?" -ne "0" ]; then
ibmcloud resource service-instance-create appid-example-bank appid lite us-south
fi
ibmcloud resource service-key appid-example-bank-credentials
if [ "$?" -ne "0" ]; then
ibmcloud resource service-key-create appid-example-bank-credentials Writer --instance-name appid-example-bank
fi
credentials=$(ibmcloud resource service-key appid-example-bank-credentials)
mgmturl=$(echo "$credentials" | awk '/managementUrl/{ print $2 }')
apikey=$(echo "$credentials" | awk '/apikey/{ print $2 }')
iamtoken=$(ibmcloud iam oauth-tokens | awk '/IAM/{ print $3" "$4 }')
printf "\nSetting cloud directory options\n"
response=$(curl -X PUT -w "\n%{http_code}" \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H "Authorization: $iamtoken" \
-d '{
"isActive":true,
"config":
{
"selfServiceEnabled":true,
"interactions":
{
"identityConfirmation":
{
"accessMode":"OFF",
"methods": ["email"]
},
"welcomeEnabled":true,
"resetPasswordEnabled":true,
"resetPasswordNotificationEnable":true
},
"signupEnabled":true,
"identityField":"userName"
}
}' \
"${mgmturl}/config/idps/cloud_directory")
echo $response
code=$(echo "${response}" | tail -n1)
[ "$code" -ne "200" ] && printf "\nFAILED to set cloud directory options\n" && exit 1
printf "\nCreating application\n"
response=$(curl -X POST -w "\n%{http_code}" \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H "Authorization: $iamtoken" \
-d '{"name": "mobile-simulator", "type": "regularwebapp"}' \
"${mgmturl}/applications")
echo $response
code=$(echo "${response}" | tail -n1)
[ "$code" -ne "200" ] && printf "\nFAILED to create application\n" && exit 1
clientid=$(echo "${response}" | head -n1 | jq -j '.clientId')
printf "\nDefining admin scope\n"
response=$(curl -X PUT -w "\n%{http_code}" \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H "Authorization: $iamtoken" \
-d '{"scopes": ["admin"]}' \
"${mgmturl}/applications/$clientid/scopes")
echo $response
code=$(echo "${response}" | tail -n1)
[ "$code" -ne "200" ] && printf "\nFAILED to define admin scope\n" && exit 1
printf "\nDefining admin role\n"
response=$(curl -X POST -w "\n%{http_code}" \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H "Authorization: $iamtoken" \
-d '{"name": "admin",
"access": [ {"application_id": "'$clientid'", "scopes": [ "admin" ]} ]
}' \
"${mgmturl}/roles")
echo $response
code=$(echo "${response}" | tail -n1)
[ "$code" -ne "201" ] && printf "\nFAILED to define admin role\n" && exit 1
roleid=$(echo "${response}" | head -n1 | jq -j '.id')
printf "\nDefining admin user in cloud directory\n"
response=$(curl -X POST -w "\n%{http_code}" \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H "Authorization: $iamtoken" \
-d '{"emails": [
{"value": "bankadmin@yopmail.com","primary": true}
],
"userName": "bankadmin",
"password": "password"
}' \
"${mgmturl}/cloud_directory/sign_up?shouldCreateProfile=true")
echo $response
code=$(echo "${response}" | tail -n1)
[ "$code" -ne "201" ] && printf "\nFAILED to define admin user in cloud directory\n" && exit 1
printf "\nGetting admin user profile\n"
response=$(curl -X GET -w "\n%{http_code}" \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H "Authorization: $iamtoken" \
"${mgmturl}/users?email=bankadmin@yopmail.com&dataScope=index")
echo $response
code=$(echo "${response}" | tail -n1)
[ "$code" -ne "200" ] && printf "\nFAILED to get admin user profile\n" && exit 1
userid=$(echo "${response}" | head -n1 | jq -j '.users[0].id')
printf "\nAdding admin role to admin user\n"
response=$(curl -X PUT -w "\n%{http_code}" \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H "Authorization: $iamtoken" \
-d '{"roles": { "ids": ["'$roleid'"]}}' \
"${mgmturl}/users/$userid/roles")
echo $response
code=$(echo "${response}" | tail -n1)
[ "$code" -ne "200" ] && printf "\nFAILED to add admin role to admin user\n" && exit 1
printf "\nApp ID instance created and configured"
printf "\nManagement server: $mgmturl"
printf "\nApi key: $apikey"
printf "\n"

51
dev/tekton/examples/example-bank/scripts/createsecrets.sh Executable file
View File

@@ -0,0 +1,51 @@
MGMTEP=$1
APIKEY=$2
response=$(curl -k -v -X POST -w "\n%{http_code}" \
-H "Content-Type: application/x-www-form-urlencoded" \
-H "Accept: application/json" \
--data-urlencode "grant_type=urn:ibm:params:oauth:grant-type:apikey" \
--data-urlencode "apikey=$APIKEY" \
"https://iam.cloud.ibm.com/identity/token")
echo $response
code=$(echo "${response}" | tail -n1)
[ "$code" -ne "200" ] && exit 1
accesstoken=$(echo "${response}" | head -n1 | jq -j '.access_token')
response=$(curl -v -X GET -w "\n%{http_code}" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $accesstoken" \
$MGMTEP/applications)
echo $response
code=$(echo "${response}" | tail -n1)
[ "$code" -ne "200" ] && exit 1
tenantid=$(echo "${response}"| head -n1 | jq -j '.applications[0].tenantId')
clientid=$(echo "${response}"| head -n1 | jq -j '.applications[0].clientId')
secret=$(echo "${response}"| head -n1 | jq -j '.applications[0].secret')
oauthserverurl=$(echo "${response}"| head -n1 | jq -j '.applications[0].oAuthServerUrl')
appidhost=$(echo "${oauthserverurl}" | awk -F/ '{print $3}')
oc create secret generic bank-oidc-secret --from-literal=OIDC_JWKENDPOINTURL=$oauthserverurl/publickeys --from-literal=OIDC_ISSUERIDENTIFIER=$oauthserverurl --from-literal=OIDC_AUDIENCES=$clientid
oc create secret generic bank-appid-secret --from-literal=APPID_TENANTID=$tenantid --from-literal=APPID_SERVICE_URL=https://$appidhost
oc create secret generic bank-iam-secret --from-literal=IAM_APIKEY=$APIKEY --from-literal=IAM_SERVICE_URL=https://iam.cloud.ibm.com/identity/token
oc create secret generic mobile-simulator-secrets \
--from-literal=APP_ID_IAM_APIKEY=$APIKEY \
--from-literal=APP_ID_MANAGEMENT_URL=$MGMTEP \
--from-literal=APP_ID_CLIENT_ID=$clientid \
--from-literal=APP_ID_CLIENT_SECRET=$secret \
--from-literal=APP_ID_TOKEN_URL=$oauthserverurl \
--from-literal=PROXY_USER_MICROSERVICE=user-service:9080 \
--from-literal=PROXY_TRANSACTION_MICROSERVICE=transaction-service:9080
oc create secret generic bank-oidc-adminuser --from-literal=APP_ID_ADMIN_USER=bankadmin --from-literal=APP_ID_ADMIN_PASSWORD=password
oc create secret generic bank-db-secret --from-literal=DB_SERVERNAME=creditdb --from-literal=DB_PORTNUMBER=5432 --from-literal=DB_DATABASENAME=example --from-literal=DB_USER=postgres --from-literal=DB_PASSWORD=postgres

20
dev/tekton/examples/example-bank/scripts/creditdb.yaml Executable file
View File

@@ -0,0 +1,20 @@
apiVersion: postgresql.dev4devs.com/v1alpha1
kind: Database
metadata:
generation: 1
name: creditdb
namespace: example-bank
spec:
databaseCpu: 30m
databaseCpuLimit: 60m
databaseMemoryLimit: 512Mi
databaseMemoryRequest: 128Mi
databaseName: example
databaseNameKeyEnvVar: POSTGRESQL_DATABASE
databasePassword: postgres
databasePasswordKeyEnvVar: POSTGRESQL_PASSWORD
databaseStorageRequest: 1Gi
databaseUser: postgres
databaseUserKeyEnvVar: POSTGRESQL_USER
image: centos/postgresql-96-centos7
size: 1

48
dev/tekton/examples/example-bank/scripts/deleteresources.sh Executable file
View File

@@ -0,0 +1,48 @@
#!/bin/bash -x
# Delete resources before removing namespace
oc delete all --all -n example-bank
sleep 2
## begin delete openshift serverless
# delete knative-serving component
oc delete knativeservings.operator.knative.dev knative-serving -n knative-serving
oc delete namespace knative-serving
oc delete knativeeventings.operator.knative.dev knative-eventing -n knative-eventing
oc delete namespace knative-eventing
# delete subscription and clusterserviceversion of openshift serverless operator
oc delete subscription serverless-operator -n openshift-operators
oc delete csv $(oc get csv -n openshift-operators -o=jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}' | grep serverless-operator) -n openshift-operators
## end of delete openshift serverless
# Service mesh cleanup
oc delete smcp --all -n istio-system
oc delete smmr --all -n istio-system
oc delete validatingwebhookconfiguration/openshift-operators.servicemesh-resources.maistra.io
oc delete mutatingwebhookconfigurations/openshift-operators.servicemesh-resources.maistra.io
oc delete -n openshift-operators daemonset/istio-node
oc delete clusterrole/istio-admin clusterrole/istio-cni clusterrolebinding/istio-cni
oc delete subs --all --all-namespaces
oc get crds -o name | grep '.*\.istio\.io' | xargs -r -n 1 oc delete
oc get crds -o name | grep '.*\.maistra\.io' | xargs -r -n 1 oc delete
oc get crds -o name | grep '.*\.kiali\.io' | xargs -r -n 1 oc delete
oc delete all --all -n istio-system
sleep 2
## Delete projects
oc delete project example-bank
oc delete project istio-system
## Delete jaeger,elasticsearch,kialia,servicemesh operators
oc delete csv -n openshift-operators $(oc get csv -n openshift-operators -o=jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}' | grep 'elasticsearch-operator\|jaeger-operator\|kiali-operator\|servicemeshoperator')

9
dev/tekton/examples/example-bank/scripts/deploy-db.sh Executable file
View File

@@ -0,0 +1,9 @@
#!/bin/sh
echo "Deploying PostgreSQL 1/3"
kubectl apply -f pg_csv.yaml -f pg_sub.yaml -f pg_operatorgroup.yaml
echo "Deploying PostgreSQL 2/3"
sleep 5
kubectl apply -f pg_deploy.yaml
echo "Deploying PostgreSQL 2/3"
sleep 3
kubectl apply -f creditdb.yaml

48
dev/tekton/examples/example-bank/scripts/installServerlessOperator.sh Executable file
View File

@@ -0,0 +1,48 @@
echo "Creating OpenShift Serverless operator"
cat <<EOF | oc apply -f -
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: serverless-operator
namespace: openshift-operators
spec:
channel: "4.5"
name: serverless-operator
source: redhat-operators
sourceNamespace: openshift-marketplace
EOF
sleep 5
echo "Creating Knative Serving component"
oc create namespace knative-serving
cat <<EOF | oc apply -f -
apiVersion: operator.knative.dev/v1alpha1
kind: KnativeServing
metadata:
name: knative-serving
namespace: knative-serving
EOF
# sleep 3
# oc get knativeserving.operator.knative.dev/knative-serving -n knative-serving --template='{{range .status.conditions}}{{printf "%s=%s\n" .type .status}}{{end}}'
# echo "."
# echo "."
# echo "######################################################"
# echo "Execute this command to check Knative Serving status: "
# echo "oc get knativeserving.operator.knative.dev/knative-serving -n knative-serving --template='{{range .status.conditions}}{{printf \"%s=%s\\\n\" .type .status}}{{end}}'"
# echo "######################################################"
# echo "When the status of everything is TRUE, you can now deploy Knative Services"
sleep 5
echo "##################"
echo "Waiting for Knative Serving to be up"
while [ $(oc get knativeserving.operator.knative.dev/knative-serving -n knative-serving --template='{{range .status.conditions}}{{printf "%s=%s\n" .type .status}}{{end}}' | grep -c True) -ne 4 ]; do
echo "##################"
echo "Status: "
oc get knativeserving.operator.knative.dev/knative-serving -n knative-serving --template='{{range .status.conditions}}{{printf "%s=%s\n" .type .status}}{{end}}'
echo "##################"
echo "Waiting for Knative Serving to be up"
sleep 5
done
echo "OpenShift Serverless with Knative Serving is ready to be used!"

72
dev/tekton/examples/example-bank/scripts/mapAppIDtoSecrets.sh Executable file
View File

@@ -0,0 +1,72 @@
# Check if ibmcloud is in user's account
ibmcloud_accountname=$(ibmcloud target --output json | jq -j '.account.name')
## check if account is in quicklabs (labs.cognitiveclass.ai) or workshop clusters account in DEG
if [ "$ibmcloud_accountname" = "QuickLabs - IBM Skills Network" ]; then
echo "\n"
echo "WARNING: You're logged in as ${ibmcloud_accountname}"
echo "Please log in again using -- ibmcloud login -u YOUR_IBM_CLOUD_EMAIL"
echo "and run this script again"
exit 1
elif [ "$ibmcloud_accountname" = "DEGCloud DEGCloud's Account" ]; then
echo "\n"
echo "WARNING: You're logged in as ${ibmcloud_accountname}"
echo "Please log in again using -- ibmcloud login -u YOUR_IBM_CLOUD_EMAIL"
echo "and run this script again"
exit 1
fi
# end check
# Grabs appid-example-bank instance and gets api key and management url from appid-example-bank-credentials
credentials=$(ibmcloud resource service-keys --instance-name appid-example-bank --output JSON | jq -c '[ .[] | select( .name | contains("appid-example-bank-credentials")) ]' | jq -j '.[0].credentials')
APIKEY=$(echo "${credentials}" | jq -j '.apikey')
MGMTEP=$(echo "${credentials}" | jq -j '.managementUrl')
echo $APIKEY
echo $MGMTEP
response=$(curl -k -v -X POST -w "\n%{http_code}" \
-H "Content-Type: application/x-www-form-urlencoded" \
-H "Accept: application/json" \
--data-urlencode "grant_type=urn:ibm:params:oauth:grant-type:apikey" \
--data-urlencode "apikey=$APIKEY" \
"https://iam.cloud.ibm.com/identity/token")
echo $response
code=$(echo "${response}" | tail -n1)
[ "$code" -ne "200" ] && exit 1
accesstoken=$(echo "${response}" | head -n1 | jq -j '.access_token')
response=$(curl -v -X GET -w "\n%{http_code}" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $accesstoken" \
$MGMTEP/applications)
echo $response
code=$(echo "${response}" | tail -n1)
[ "$code" -ne "200" ] && exit 1
tenantid=$(echo "${response}"| head -n1 | jq -j '.applications[0].tenantId')
clientid=$(echo "${response}"| head -n1 | jq -j '.applications[0].clientId')
secret=$(echo "${response}"| head -n1 | jq -j '.applications[0].secret')
oauthserverurl=$(echo "${response}"| head -n1 | jq -j '.applications[0].oAuthServerUrl')
appidhost=$(echo "${oauthserverurl}" | awk -F/ '{print $3}')
# Creates secret from application credentials
oc create secret generic bank-oidc-secret --from-literal=OIDC_JWKENDPOINTURL=$oauthserverurl/publickeys --from-literal=OIDC_ISSUERIDENTIFIER=$oauthserverurl --from-literal=OIDC_AUDIENCES=$clientid
oc create secret generic bank-appid-secret --from-literal=APPID_TENANTID=$tenantid --from-literal=APPID_SERVICE_URL=https://$appidhost
oc create secret generic bank-iam-secret --from-literal=IAM_APIKEY=$APIKEY --from-literal=IAM_SERVICE_URL=https://iam.cloud.ibm.com/identity/token
oc create secret generic mobile-simulator-secrets \
--from-literal=APP_ID_IAM_APIKEY=$APIKEY \
--from-literal=APP_ID_MANAGEMENT_URL=$MGMTEP \
--from-literal=APP_ID_CLIENT_ID=$clientid \
--from-literal=APP_ID_CLIENT_SECRET=$secret \
--from-literal=APP_ID_TOKEN_URL=$oauthserverurl \
--from-literal=PROXY_USER_MICROSERVICE=user-service:9080 \
--from-literal=PROXY_TRANSACTION_MICROSERVICE=transaction-service:9080

687
dev/tekton/examples/example-bank/scripts/pg_csv.yaml Executable file
View File

File diff suppressed because one or more lines are too long

117
dev/tekton/examples/example-bank/scripts/pg_deploy.yaml Executable file
View File

@@ -0,0 +1,117 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "1"
generation: 2
labels:
olm.owner: postgresql-operator.v0.1.1
olm.owner.kind: ClusterServiceVersion
olm.owner.namespace: example-bank
name: postgresql-operator
namespace: example-bank
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
name: postgresql-operator
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
annotations:
alm-examples: |-
[
{
"apiVersion": "postgresql.dev4devs.com/v1alpha1",
"kind": "Database",
"metadata": {
"name": "database"
},
"spec": {
"databaseCpu": "30m",
"databaseCpuLimit": "60m",
"databaseMemoryLimit": "512Mi",
"databaseMemoryRequest": "128Mi",
"databaseName": "example",
"databaseNameKeyEnvVar": "POSTGRESQL_DATABASE",
"databasePassword": "postgres",
"databasePasswordKeyEnvVar": "POSTGRESQL_PASSWORD",
"databaseStorageRequest": "1Gi",
"databaseUser": "postgres",
"databaseUserKeyEnvVar": "POSTGRESQL_USER",
"image": "centos/postgresql-96-centos7",
"size": 1
}
},
{
"apiVersion": "postgresql.dev4devs.com/v1alpha1",
"kind": "Backup",
"metadata": {
"name": "backup"
},
"spec": {
"awsAccessKeyId": "example-awsAccessKeyId",
"awsS3BucketName": "example-awsS3BucketName",
"awsSecretAccessKey": "example-awsSecretAccessKey",
"schedule": "0 0 * * *"
}
}
]
capabilities: Full Lifecycle
categories: Database
certified: "false"
containerImage: quay.io/dev4devs-com/postgresql-operator:0.1.1
createdAt: "2019-09-08T08:00:00Z"
description: Operator in Go developed using the Operator Framework to package,
install, configure and manage a PostgreSQL database. This project includes
backup feature.
olm.operatorGroup: example-bank-rgc7j
olm.operatorNamespace: example-bank
olm.targetNamespaces: example-bank
repository: https://github.com/dev4devs-com/postgresql-operator
support: Dev4Devs, Inc
creationTimestamp: null
labels:
name: postgresql-operator
spec:
containers:
- command:
- postgresql-operator
env:
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.annotations['olm.targetNamespaces']
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: OPERATOR_NAME
value: postgresql-operator
image: quay.io/dev4devs-com/postgresql-operator:0.1.1
imagePullPolicy: Always
name: postgresql-operator
resources:
limits:
cpu: 60m
memory: 128Mi
requests:
cpu: 30m
memory: 64Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: postgresql-operator
serviceAccountName: postgresql-operator
terminationGracePeriodSeconds: 30

12
dev/tekton/examples/example-bank/scripts/pg_operatorgroup.yaml Executable file
View File

@@ -0,0 +1,12 @@
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
annotations:
olm.providedAPIs: Backup.v1alpha1.postgresql.dev4devs.com,Database.v1alpha1.postgresql.dev4devs.com
generateName: example-bank-
generation: 1
name: example-bank-rgc7j
namespace: example-bank
spec:
targetNamespaces:
- example-bank

12
dev/tekton/examples/example-bank/scripts/pg_sub.yaml Executable file
View File

@@ -0,0 +1,12 @@
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: postgresql-operator-dev4devs-com
namespace: example-bank
spec:
channel: alpha
installPlanApproval: Automatic
name: postgresql-operator-dev4devs-com
source: community-operators
sourceNamespace: openshift-marketplace
startingCSV: postgresql-operator.v0.1.1