Merge pull request #9 from SUSE/develop

Merge PR #2 and #8
SUSE · Sep 9, 2024 · 460038c · 460038c
2 parents de8bbc9 + 9eff022
commit 460038c
Show file tree

Hide file tree

Showing 12 changed files with 205 additions and 174 deletions.
diff --git a/.github/workflows/pkg.yml b/.github/workflows/pkg.yml
@@ -2,7 +2,8 @@ name: PKG
 
 on:
   push:
-    branches: [ "main" ]
+    branches:
+      - "main"
   workflow_dispatch:
 
 permissions:
@@ -29,6 +30,7 @@ jobs:
             cow-demo: src/cow-demo/**
             rancher-helloworld: src/rancher-helloworld/**
   build:
+    if: ${{ github.ref_name == 'main' }}
     runs-on: ubuntu-latest
     steps:
       - name: Check-out the repository
@@ -76,8 +78,9 @@ jobs:
     environment:
       name: github-pages
       url: ${{ steps.deployment.outputs.page_url }}
-    runs-on: ubuntu-latest
     needs: build
+    if: ${{ github.ref_name == 'main' }}
+    runs-on: ubuntu-latest
     steps:
       - name: Deploy to GitHub Pages
         id: deployment
@@ -89,27 +92,32 @@ jobs:
       matrix:
         app: ${{ fromJSON(needs.changes.outputs.apps) }}
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
     steps:
-      - name: Checkout source code
+      - name: Checkout repository
         uses: actions/checkout@v4
       - name: Login to container registry
         uses: docker/login-action@v3
         with:
-          registry: ${{ env.CONTAINER_REGITRY_DOMAIN }}
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          registry: ${{ env.CONTAINER_REGISTRY_DOMAIN }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
       - name: Build container image
         run: |
           cd src/${{ matrix.app }}
-          docker build . --tag $IMAGE_FOLDER/${{ matrix.app }}:${{ env.IMAGE_TAG }}
+          docker build . --tag ${{ env.CONTAINER_REGISTRY_DOMAIN }}/${{ env.IMAGE_FOLDER }}/${{ matrix.app }}:${{ env.IMAGE_TAG }}
       - name: Push image to container registry
-        run: docker push $IMAGE_FOLDER/${{ matrix.app }}:${{ env.IMAGE_TAG }}
+        run: docker push ${{ env.CONTAINER_REGISTRY_DOMAIN }}/${{ env.IMAGE_FOLDER }}/${{ matrix.app }}:${{ env.IMAGE_TAG }}
       - name: Push latest tag to container registry
         if: ${{ github.ref_name == 'main' }}
         run: |
-          docker tag $IMAGE_FOLDER/${{ matrix.app }}:${{ env.IMAGE_TAG }} $IMAGE_FOLDER/${{ matrix.app }}:latest
-          docker push $IMAGE_FOLDER/${{ matrix.app }}:latest
+          docker tag ${{ env.CONTAINER_REGISTRY_DOMAIN }}/${{ env.IMAGE_FOLDER }}/${{ matrix.app }}:${{ env.IMAGE_TAG }} ${{ env.CONTAINER_REGISTRY_DOMAIN }}/${{ env.IMAGE_FOLDER }}/${{ matrix.app }}:latest
+          docker push ${{ env.CONTAINER_REGISTRY_DOMAIN }}/${{ env.IMAGE_FOLDER }}/${{ matrix.app }}:latest
     env:
-      CONTAINER_REGITRY_DOMAIN: docker.io
-      IMAGE_FOLDER: ${{ vars.DOCKERHUB_NAMESPACE }}
+      CONTAINER_REGISTRY_DOMAIN: ghcr.io
+      IMAGE_FOLDER: suse
       IMAGE_TAG: 1.0.${GITHUB_RUN_ID}
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -1,11 +1,45 @@
 # Contribution guide
 
-## Code lifecycle
+## Code lifecycle management
 
-This git repository follows the Gitflow pattern, so make sure to follow the convention.
+### Gitflow
 
-For instance, create a branch `feature/my-change-title` from `develop`, once good enough to be shared and reviewed create a Pull Request targetting `develop`.
+This git repository follows the Gitflow pattern, so make sure to follow the convention:
+
+- clone the repository (if not already done)
+- make sure you are up-to-date with git pull command
+- create a branch `feature/my-change-title` from `develop`
+- commit your changes on this feature branch and send them with the git push command
+- once the changes are good enough for a review/discussion, create a Pull Request (PR) targetting `develop`
+- make sure the checks are all green
+- once the PR is validated it will be merged to `develop` (with a squash commit) and the feature branch deleted
+
+Maintainers will regularly create a Pull Request (merge commit) from `develop` (latest quality) to `main` (production/stable).
+
+### CI/CD
+
+Continuous Integration and Continuous Delivery are automated through CI/CD pipelines running as GitHub actions.
+
+The source of the pipeline-as-code are in the `.github/workflows` folder:
+
+- [`ci.yml`](.github/workflows/ci.yml)
+- [`pkg.yml`](.github/workflows/pkg.yml)
 
 ## Code convention
 
 For bash/shell script files, follow the conventions from [Google Style Guide](https://google.github.io/styleguide/shellguide.html).
+
+The quality will be checked by the CI pipeline.
+
+## Troubleshooting
+
+### Container image creation
+
+Here is how to build and push an image to the registry:
+
+```bash
+docker login -u $CONTAINER_REGISTRY_USER -p $CONTAINER_REGISTRY_PASSWD ghcr.io
+cd src/cow-demo
+docker build . -t ghcr.io/suse/cow-demo:1.0.0
+docker push ghcr.io/suse/cow-demo:1.0.0
+```
diff --git a/README.md b/README.md
@@ -2,7 +2,7 @@
 
 [![CI](https://github.com/SUSE/lab-setup/actions/workflows/ci.yml/badge.svg?branch=develop)](https://github.com/SUSE/lab-setup/actions/workflows/ci.yml)
 
-Welcome! You'll find in this repository some open-source material to setup a lab environment.
+Welcome! You'll find in this repository everything needed to setup a lab environment from open-source components.
 
 It is used internally at SUSE but is open to everyone. Feel free to [contribute](CONTRIBUTING.md) and share feedback!
 
@@ -43,3 +43,15 @@ helm upgrade --install cow-demo suse-lab-setup/cow-demo --namespace demo
 ```
 
 Browse the [catalog of Helm charts](charts/README.md).
+
+### Container images
+
+Use the container images we provide for our demonstrations, for instance:
+
+```bash
+docker run --rm -p 8080:8080 ghcr.io/suse/cow-demo:1.0.10773428519
+```
+
+Open the [web application](http://localhost:8080/) and enjoy the live display!
+
+Browse the [catalog of applications](src/README.md).
diff --git a/scripts/rancher/cluster-actions.sh b/scripts/rancher/cluster-actions.sh
@@ -3,169 +3,116 @@
 
 #######################################
 # List clusters managed by Rancher
-# Arguments:
-#   Rancher URL
-#   token
 # Examples:
-#   rancher_list_clusters rancher.random_string.geek xxxxx
+#   rancher_list_clusters
 #######################################
 rancher_list_clusters() {
-  local rancherUrl=$1
-  local token=$2
-
   echo "Listing clusters registered in Rancher..."
-  curl -s -k "$rancherUrl/v3/clusters" -H "Authorization: Bearer $token" | jq .
+  kubectl get clusters.provisioning.cattle.io --all-namespaces -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}'
 }
 
 #######################################
 # Create downstream custom cluster in Rancher
 # Globals:
 #   CLUSTER_ID
 # Arguments:
-#   Rancher URL
-#   token
 #   name
 #   version (Kubernetes)
 # Examples:
-#   rancher_create_customcluster rancher.random_string.geek xxxxx demo 'v1.27.16+rke2r1'
+#   rancher_create_customcluster demo 'v1.27.16+rke2r1'
 #######################################
 rancher_create_customcluster() {
-  local rancherUrl=$1
-  local token=$2
-  local name=$3
-  local version=$4
+  local name=$1
+  local version=$2
 
   echo "Creating downstream cluster in Rancher..."
-  CLUSTER_CONFIG=$(cat <<EOF
-{
-  "type": "provisioning.cattle.io.cluster",
-  "metadata": {
-    "namespace": "fleet-default",
-    "name": "$name"
-  },
-  "spec": {
-    "rkeConfig": {
-      "chartValues": {
-        "rke2-calico": {}
-      },
-      "upgradeStrategy": {
-        "controlPlaneConcurrency": "1",
-        "controlPlaneDrainOptions": {
-          "deleteEmptyDirData": true,
-          "disableEviction": false,
-          "enabled": false,
-          "force": false,
-          "gracePeriod": -1,
-          "ignoreDaemonSets": true,
-          "skipWaitForDeleteTimeoutSeconds": 0,
-          "timeout": 120
-        },
-        "workerConcurrency": "1",
-        "workerDrainOptions": {
-          "deleteEmptyDirData": true,
-          "disableEviction": false,
-          "enabled": false,
-          "force": false,
-          "gracePeriod": -1,
-          "ignoreDaemonSets": true,
-          "skipWaitForDeleteTimeoutSeconds": 0,
-          "timeout": 120
-        }
-      },
-      "machineGlobalConfig": {
-        "cni": "calico",
-        "disable-kube-proxy": false,
-        "etcd-expose-metrics": false
-      },
-      "machineSelectorConfig": [
-        {
-          "config": {
-            "protect-kernel-defaults": false
-          }
-        }
-      ],
-      "etcd": {
-        "disableSnapshots": false,
-        "s3": null,
-        "snapshotRetention": 5,
-        "snapshotScheduleCron": "0 */5 * * *"
-      },
-      "registries": {
-        "configs": {},
-        "mirrors": {}
-      },
-      "machinePools": []
-    },
-    "machineSelectorConfig": [
-      {
-        "config": {}
-      }
-    ],
-    "kubernetesVersion": "$version",
-    "defaultPodSecurityAdmissionConfigurationTemplateName": "",
-    "localClusterAuthEndpoint": {
-      "enabled": false,
-      "caCerts": "",
-      "fqdn": ""
-    }
-  }
-}
+  cat <<EOF | kubectl apply -f -
+apiVersion: provisioning.cattle.io/v1
+kind: Cluster
+metadata:
+  name: "$name"
+  namespace: fleet-default
+spec:
+  kubernetesVersion: "$version"
+  localClusterAuthEndpoint: {}
+  rkeConfig:
+    chartValues:
+      rke2-calico: {}
+    dataDirectories: {}
+    etcd:
+      snapshotRetention: 5
+      snapshotScheduleCron: 0 */5 * * *
+    machineGlobalConfig:
+      cni: calico
+      disable-kube-proxy: false
+      etcd-expose-metrics: false
+    machinePoolDefaults: {}
+    machineSelectorConfig:
+      - config:
+          protect-kernel-defaults: false
+    registries: {}
+    upgradeStrategy:
+      controlPlaneConcurrency: '1'
+      controlPlaneDrainOptions:
+        deleteEmptyDirData: true
+        disableEviction: false
+        enabled: false
+        force: false
+        gracePeriod: -1
+        ignoreDaemonSets: true
+        ignoreErrors: false
+        postDrainHooks: null
+        preDrainHooks: null
+        skipWaitForDeleteTimeoutSeconds: 0
+        timeout: 120
+      workerConcurrency: '1'
+      workerDrainOptions:
+        deleteEmptyDirData: true
+        disableEviction: false
+        enabled: false
+        force: false
+        gracePeriod: -1
+        ignoreDaemonSets: true
+        ignoreErrors: false
+        postDrainHooks: null
+        preDrainHooks: null
+        skipWaitForDeleteTimeoutSeconds: 0
+        timeout: 120
 EOF
-  )
 
-  CLUSTER_CREATION_RESPONSE=$(curl -s -k -H "Authorization: Bearer $token" \
-    -H 'Content-Type: application/json' \
-    -X POST \
-    -d "$CLUSTER_CONFIG" \
-    "$rancherUrl/v1/provisioning.cattle.io.clusters")
-  echo "DEBUG CLUSTER_CREATION_RESPONSE=${CLUSTER_CREATION_RESPONSE}"
   sleep 10
 
-  rancher_get_clusterid $rancherUrl $token $name
-  echo "DEBUG CLUSTER_ID=${CLUSTER_ID}"
+  rancher_get_clusterid $name
 }
 
 #######################################
 # Get cluster ID from its name
 # Globals:
 #   CLUSTER_ID
 # Arguments:
-#   Rancher URL
-#   token
 #   name
 # Examples:
-#   rancher_get_clusterid rancher.random_string.geek xxxxx demo
+#   rancher_get_clusterid demo
 #######################################
 rancher_get_clusterid() {
-  local rancherUrl=$1
-  local token=$2
-  local name=$3
+  local name=$1
 
-  CLUSTER_ID=$(curl -s ${rancherUrl}/v3/clusters?name=${name} \
-    -H 'content-type: application/json' \
-    -H "Authorization: Bearer ${token}" \
-    | jq -r .data[0].id)
+  CLUSTER_ID=$(kubectl get cluster.provisioning.cattle.io -n fleet-default -o=jsonpath="{range .items[?(@.metadata.name==\"${name}\")]}{.status.clusterName}{end}")
+  echo "DEBUG CLUSTER_ID=${CLUSTER_ID}"
 }
 
 #######################################
 # Get cluster registration command line from Rancher
 # Globals:
 #   REGISTRATION_COMMAND
 # Arguments:
-#   Rancher URL
-#   token
 #   cluster ID
 # Examples:
-#   rancher_get_clusterregistrationcommand rancher.random_string.geek xxxxx 42
+#   rancher_get_clusterregistrationcommand 42
 #######################################
 rancher_get_clusterregistrationcommand() {
-  local rancherUrl=$1
-  local token=$2
-  local id=$3
-
-  CLUSTER_REGISTRATION_RESPONSE=$(curl -s -k -H "Authorization: Bearer $token" "${rancherUrl}/v3/clusters/$id/clusterRegistrationTokens")
-  echo "DEBUG CLUSTER_REGISTRATION_RESPONSE=${CLUSTER_REGISTRATION_RESPONSE}"
+  local id=$1
 
-  REGISTRATION_COMMAND=$(echo $CLUSTER_REGISTRATION_RESPONSE | jq -r '.data[0].nodeCommand')
+  REGISTRATION_COMMAND=$(kubectl get clusterregistrationtoken.management.cattle.io -n $id -o=jsonpath='{.items[*].status.nodeCommand}')
   echo "DEBUG REGISTRATION_COMMAND=${REGISTRATION_COMMAND}"
 }
diff --git a/scripts/rancher/manager-lifecycle.sh b/scripts/rancher/manager-lifecycle.sh
@@ -54,7 +54,7 @@ rancher_first_login() {
   rancher_login_withpassword $rancherUrl 'admin' $BOOTSTRAP_PASSWORD
   echo "DEBUG LOGIN_TOKEN=${LOGIN_TOKEN}"
   rancher_update_password $rancherUrl $LOGIN_TOKEN $BOOTSTRAP_PASSWORD $newPassword
-  rancher_update_serverurl $rancherUrl $LOGIN_TOKEN
+  rancher_update_serverurl $rancherUrl
 }
 
 #######################################