diff --git a/.vscode/settings.json b/.vscode/settings.json index 267c74bb..e881f5b6 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -3,5 +3,6 @@ "files.trimTrailingWhitespace": true, "python.formatting.provider": "autopep8", "python.linting.enabled": true, - "python.linting.flake8Enabled": true + "python.linting.flake8Enabled": true, + "esbonio.sphinx.confDir": "" } \ No newline at end of file diff --git a/docs/source/roles/fabric-console.rst b/docs/source/roles/fabric-console.rst new file mode 100644 index 00000000..d682cb3a --- /dev/null +++ b/docs/source/roles/fabric-console.rst @@ -0,0 +1,289 @@ +.. +.. SPDX-License-Identifier: Apache-2.0 +.. + +:github_url: https://github.com/IBM-Blockchain/ansible-collection/edit/main/docs/source/roles/console.rst + + +fabric-console -- Deploy the Fabric Operations Console into Kubernetes or Red Hat OpenShift +=========================================================================================== + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- + +This role allows you to quickly deploy the `Hyperledger Fabric Operations Console `_ + +This role works with both Kubernetes clusters and Red Hat OpenShift clusters, running on x86-64. + +Ingress Controllers +------------------- + +This role does not install an ingress controller; for the opensource Fabric Operations Console and Fabric operator +you must configure a suitable ingress controller. Please read the `tutorial <../tutorial/install-fabric-operator-console.rst>`_. + +Beta Notes +---------- + +This role is currently in BETA + +Currently only the k8s target and x86-64 architectures supported; OpenShift and arm64 should follow later. +It is not expected that s390x will be supported + +Parameters +---------- + + state + ``absent`` - All components for the console will be stopped and removed, if they exist. + + ``present`` - All components for the console will be created if they do not exist, or will be updated if their current configuration does not match the expected configuration. + + | **Type**: str + | **Default**: ``present`` + + target (required) + ``k8s`` - Deploy the console into a Kubernetes cluster. + + ``openshift`` - Deploy the console into a Red Hat OpenShift cluster. + + | **Type**: str + + arch (required) + ``amd64`` - Specify this if the architecture of the cluster is amd64. + + | **Type**: str + + namespace + The name of the Kubernetes namespace to deploy the console to. The namespace will be created if it does not exist. + + Only required when *target* is ``k8s``. + + | **Type**: str + + project + The name of the Red Hat OpenShift project to deploy the console to. The project will be created if it does not exist. + + Only required when *target* is ``openshift``. + + | **Type**: str + + image_pull_secret + The name of the image pull secret. The image pull secret will be used to pull all Fabric Operations Console images from the specified image registry. + + | **Type**: str + | **Default value**: ``docker-key-secret`` + + image_registry + The image registry to pull images from. The image registry must contain the Fabric Operations Console images. + + The default image registry, ``cp.icr.io``, is the standard IBM Entitlement Registry. + + You only need to specify an alternative image registry if you are behind a firewall and cannot access the standard IBM Entitlement Registry. + + | **Type**: str + | **Default value**: ``cp.icr.io`` + + image_registry_username + The username for authenticating to the image registry. + + The default image registry username, ``cp``, is the username for the standard IBM Entitlement Registry. + + You only need to specify an alternative image registry username if you are using an alternative image registry. + + | **Type**: str + | **Default value**: ``cp`` + + image_registry_email (required) + The email address for authenticating to the image registry. + + If you are using the default image registry, this is the email address you use to log in to the My IBM dashboard. + + | **Type**: str + + image_registry_password (required) + The password for authenticating to the image registry. + + If you are using the default image registry, this is the entitlement key that you can obtain from the My IBM dashboard. + + | **Type**: str + + image_repository + The image repository on the image registry to pull images from. + + The default image repository, ``cp``, is the image repository for the standard IBM Entitlement Registry. + + You only need to specify an alternative image repository if you are using an alternative image registry. + + | **Type**: str + | **Default value**: ``cp`` + + cluster_role + The name of the cluster role. + + By default, the cluster role has the same name as the specified Kubernetes namespace or Red Hat OpenShift project. + + | **Type**: str + + cluster_role_binding + The name of the cluster role binding. + + By default, the cluster role binding has the same name as the specified Kubernetes namespace or Red Hat OpenShift project. + + | **Type**: str + + pod_security_policy + The name of the pod security policy. + + By default, the pod security policy has the same name as the specified Kubernetes namespace or Red Hat OpenShift project. + + Only required when *target* is ``k8s``. + + | **Type**: str + + role_binding + The name of the role binding. + + By default, the role binding has the same name as the specified Kubernetes namespace or Red Hat OpenShift project. + + Only required when *target* is ``k8s``. + + | **Type**: str + + security_context_constraints + The name of the security context constraints. + + By default, the security context contraints have the same name as the specified Kubernetes namespace or Red Hat OpenShift project. + + Only required when *target* is ``openshift``. + + | **Type**: str + + service_account + The name of the service account to use. + + | **Type**: str + | **Default value**: ``default`` + + operator + The name of the operator. + + | **Type**: str + | **Default value**: ``ibp-operator`` + + console + The name of the console. + + | **Type**: str + | **Default value**: ``ibp-console`` + + console_domain (required) + The DNS domain for the console. + + This DNS domain will be used as the base DNS domain for the console, as well as any certificate authorities, peers, and ordering services created using the console. + + | **Type**: str + + console_email (required) + The email address of the default console user. + + | **Type**: str + + console_default_password (required) + The default password for all console users, including the default console user. + + | **Type**: str + + console_storage_class + The storage class to use for the console. + + | **Type**: str + | **Default value**: ``default`` + + console_storage_size + The storage size to use for the console. + + | **Type**: str + | **Default value**: ``10Gi`` + + console_tls_secret + The TLS secret name to use for the console. + + If specified this secret must already exist in the specified Kubernetes namespace or Red Hat OpenShift project and must contain the TLS certificate and private key that the console will use. + + If not specified the console will generate it's own self-signed certificates. + + | **Type**: str + + product_version + The version of Fabric Operations Console to use. + + | **Type**: str + | **Default value**: ``2.5.1`` + + operator_version + The version of the Fabric Operations Console operator to use. + + The image tag used for the Fabric Operations Console operator is *product_version*-*operator_version*-*arch*, for example ``2.5.1-20210222-amd64``. + + | **Type**: str + | **Default value**: ``20210222`` + + zones + The list of Kubernetes zones that this console can deploy components into. + + If you do not specify a list of Kubernetes zones, and multiple Kubernetes zones are available, then a random Kubernetes zone will be selected for you when you attempt to create any components. + + See the Kubernetes documentation for more information: https://kubernetes.io/docs/setup/best-practices/multiple-zones/ + + | **Type**: list + | **Elements**: str + + wait_timeout + The timeout, in seconds, to wait until the console is available. + + | **Type**: int + | **Default value**: ``60`` + +Examples +-------- + +.. code-block:: yaml+jinja + + # console-install.yml playbook + --- + - name: Deploy Fabric Operations Console + hosts: localhost + vars_files: + - vars.yml + vars: + state: present + wait_timeout: 3600 + roles: + - ibm.blockchain_platform.fabric_console + + + # yars.yml + --- + # The type of K8S cluster this is using + target: k8s + arch: amd64 + + # k8s namespace for the operator and console + namespace: fabricinfra + + # Console name/domain + console_name: hlf-console + console_domain: localho.st + + # default configuration for the console + # password reset will be required on first login + console_email: admin + console_default_password: password + + # different k8s clusters will be shipped with differently named default storage providers + # or none at all. KIND for example has one called 'standard' + console_storage_class: standard \ No newline at end of file diff --git a/docs/source/roles/fabric-operator-crds.rst b/docs/source/roles/fabric-operator-crds.rst new file mode 100644 index 00000000..7167b8aa --- /dev/null +++ b/docs/source/roles/fabric-operator-crds.rst @@ -0,0 +1,217 @@ +.. +.. SPDX-License-Identifier: Apache-2.0 +.. + +:github_url: https://github.com/IBM-Blockchain/ansible-collection/edit/main/docs/source/roles/crds.rst + + +fabric-operator-crds -- Deploy the Fabric Operator and custom resource definitions into Kubernetes or Red Hat OpenShift +======================================================================================================================= + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- + +This role allows you to quickly deploy the Fabric Operator and custom resource definitions. + +This role works with both Kubernetes clusters and Red Hat OpenShift clusters, running on either x86-64 + +Ingress Controllers +------------------- + +This role does not install an ingress controller; for the opensource Fabric Operations Console and Fabric operator +you must configure a suitable ingress controller. Please read the `tutorial <../tutorial/install-fabric-operator-console.rst>`_. + +Beta Notes +---------- + +This role is currently in BETA + +Currently only the k8s target and x86-64 architectures supported; OpenShift and arm64 should follow later. +It is not expected that s390x will be supported + +Parameters +---------- + + state + ``absent`` - All components for the custom resource definitions will be stopped and removed, if they exist. + + ``present`` - All components for the custom resource definitions will be created if they do not exist, or will be updated if their current configuration does not match the expected configuration. + + | **Type**: str + | **Default**: ``present`` + + target (required) + ``k8s`` - Deploy the custom resource definitions into a Kubernetes cluster. + + ``openshift`` - Deploy the custom resource definitions into a Red Hat OpenShift cluster. + + | **Type**: str + + arch (required) + ``amd64`` - Specify this if the architecture of the cluster is amd64. + + | **Type**: str + + namespace + The name of the Kubernetes namespace to deploy the custom resource definitions to. The namespace will be created if it does not exist. + + Only required when *target* is ``k8s``. + + | **Type**: str + + project + The name of the Red Hat OpenShift project to deploy the custom resource definitions to. The project will be created if it does not exist. + + Only required when *target* is ``openshift``. + + | **Type**: str + + image_pull_secret + The name of the image pull secret. The image pull secret will be used to pull all IBM Blockchain Platform images from the specified image registry. + + | **Type**: str + | **Default value**: ``docker-key-secret`` + + image_registry + The image registry to pull images from. The image registry must contain the IBM Blockchain Platform images. + + The default image registry, ``cp.icr.io``, is the standard IBM Entitlement Registry. + + You only need to specify an alternative image registry if you are behind a firewall and cannot access the standard IBM Entitlement Registry. + + | **Type**: str + | **Default value**: ``cp.icr.io`` + + image_registry_username + The username for authenticating to the image registry. + + The default image registry username, ``cp``, is the username for the standard IBM Entitlement Registry. + + You only need to specify an alternative image registry username if you are using an alternative image registry. + + | **Type**: str + | **Default value**: ``cp`` + + image_registry_email (required) + The email address for authenticating to the image registry. + + If you are using the default image registry, this is the email address you use to log in to the My IBM dashboard. + + | **Type**: str + + image_registry_password (required) + The password for authenticating to the image registry. + + If you are using the default image registry, this is the entitlement key that you can obtain from the My IBM dashboard. + + | **Type**: str + + image_repository + The image repository on the image registry to pull images from. + + The default image repository, ``cp``, is the image repository for the standard IBM Entitlement Registry. + + You only need to specify an alternative image repository if you are using an alternative image registry. + + | **Type**: str + | **Default value**: ``cp`` + + role + The name of the role. + + By default, the role has the same name as the specified Kubernetes namespace or Red Hat OpenShift project. + + | **Type**: str + + role_binding + The name of the role binding. + + By default, the role binding has the same name as the specified Kubernetes namespace or Red Hat OpenShift project. + + | **Type**: str + + security_context_constraints + The name of the security context constraints. + + By default, the security context contraints have the same name as the specified Kubernetes namespace or Red Hat OpenShift project. + + Only required when *target* is ``openshift``. + + | **Type**: str + + service_account + The name of the service account to use. + + | **Type**: str + | **Default value**: ``default`` + + webhook + The name of the webhook. + + | **Type**: str + | **Default value**: ``ibp-webhook`` + + product_version + The version of IBM Blockchain Platform to use. + + | **Type**: str + | **Default value**: ``2.5.1`` + + webhook_version + The version of the IBM Blockchain Platform operator to use. + + The image tag used for the IB1001 Blockchain Platform webhook is *product_version*-*webhook_version*-*arch*, for example ``2.5.1-20210222-amd64``. + + | **Type**: str + | **Default value**: ``20210222`` + + wait_timeout + The timeout, in seconds, to wait until the custom resource defintions are available. + + | **Type**: int + | **Default value**: ``60`` + +Examples +-------- + +.. code-block:: yaml+jinja + + # operation-install.yml playbook + --- + - name: Deploy Opensource custom resource definitions and operator + hosts: localhost + vars_files: + - vars.yml + vars: + state: present + wait_timeout: 3600 + roles: + - ibm.blockchain_platform.fabric_operator_crds + + + # yars.yml + --- + # The type of K8S cluster this is using + target: k8s + arch: amd64 + + # k8s namespace for the operator and console + namespace: fabricinfra + + # Console name/domain + console_name: hlf-console + console_domain: localho.st + + # default configuration for the console + # password reset will be required on first login + console_email: admin + console_default_password: password + + # different k8s clusters will be shipped with differently named default storage providers + # or none at all. KIND for example has one called 'standard' + console_storage_class: standard \ No newline at end of file diff --git a/docs/source/tutorials/installing-fabric-operator-console.rst b/docs/source/tutorials/installing-fabric-operator-console.rst new file mode 100644 index 00000000..321b962e --- /dev/null +++ b/docs/source/tutorials/installing-fabric-operator-console.rst @@ -0,0 +1,176 @@ +.. +.. SPDX-License-Identifier: Apache-2.0 +.. + +.. _open_console_operator_tutorial: + +Installing the Fabric Operations Console and Operator +===================================================== + +This tutorial will demonstrate how to use the Fabric Operations Console and Fabric Operator roles to automate the installation of the IBM Support for Hyperledger Fabric software s Kubernetes cluster + +This tutorial uses the Ansible roles `fabric-operator-crds <../roles/fabric-operator-crds.html>`_ and `fabric-console <../roles/fabric-console.html>`_ to install the Fabric Operations Console and Fabric Operator software. If you wish to customize the installation process, then you should review the documentation for these roles. + +Before you start +---------------- + +Ensure that you have installed all of the pre-requisite software described in `Installation <../installation.html>`_. + + +If you have a Kubernetes cluster, you must have the Kubernetes CLI (``kubectl``) installed and configured to use your Kubernetes cluster. Verify that it is working by running the following command: + + :: + + kubectl get nodes + + +The Ansible collection will attempt to automatically create both of the namespaces or projects it needs for you. If you do not have permissions to create a namespace or project, then ask your administrator to create them for you. + +Ingress Controllers. You must have a ingress controlled installed for the console and operator to route traffic. Note that other software installed by roles in this collection will handle this; the Fabric Operations Console and Fabric Operator will **not** do this for you. + +Examples are given below of setting up such ingress controllers, primarily from a development perspective. These should be considered examples, for more details refer to you kubernetes administrator, and the Fabric Operations Console and Fabric Operator documentation. + + +Creating the playbook +--------------------- + +Versions of the files shown here are in the github repo under the `examples/opensource-stack` directory + +Create a new Ansible playbook file called `install-ofs.yml`. Copy the following content + + .. highlight:: yaml + + :: + + --- + - name: Deploy Opensource custom resource definitions and operator + hosts: localhost + vars_files: + - vars.yml + vars: + state: present + wait_timeout: 3600 + roles: + - ibm.blockchain_platform.fabric_operator_crds + + - name: Deploy Fabric Operations Console + hosts: localhost + vars_files: + - vars.yml + vars: + state: present + wait_timeout: 3600 + roles: + - ibm.blockchain_platform.fabric_console + + +KIND Ingress configuration +-------------------------- + +This configuration works well with the KIND cluster; KIND works well in development as it runs the whole +Kubernetes inside a docker container. The playbook is below; this file and templates are in the `examples/opensource-stack` directory + + + :: + + --- + - name: Setup ingress for KIND for use with Fabric Operator/Console + hosts: localhost + tasks: + - name: Create kubernetes resources for the ingress + k8s: + definition: "{{ lookup('kubernetes.core.kustomize', dir='templates/ingress') }}" + register: resultingress + + - name: Wait for the ingress + command: kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=2m + changed_when: false + + # Override the cluster DNS with a local override to refer pods to the HOST interface + # when connecting to ingress. + - name: Need the cluster ip address + k8s_info: + api_version: v1 + kind: service + namespace: ingress-nginx + name: "ingress-nginx-controller" + register: ingress_info + + - name: Applying CoreDNS overrides for ingress domain + vars: + clusterip: "{{ ingress_info.resources[0].spec.clusterIP }}" + k8s: + state: present + namespace: kube-system + resource_definition: "{{ lookup('template','templates/coredns/coredns.yaml.j2') }}" + apply: yes + + - name: Rollout the CoreDNS + shell: | + kubectl -n kube-system rollout restart deployment/coredns + kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=2m + changed_when: false + + +Running the playbook +-------------------- + +Create a `vars.yml` file as follows: + + :: + + # The type of K8S cluster this is using + target: k8s + arch: amd64 + + # k8s namespace for the operator and console + namespace: fabricinfra + + # Console name/domain + console_name: hlf-console + console_domain: localho.st + + # default configuration for the console + # password reset will be required on first login + console_email: admin + console_default_password: password + + # different k8s clusters will be shipped with differently named default storage providers + # or none at all. KIND for example has one called 'standard' + console_storage_class: standard + +Please note the `console_domain` for KIND should be `localho.st` +The `console_storage_class` needs to be changed to match a storage class in the cluster. (`standard` for KIND) + +Run the Ansible playbook file you created in the previous step by running the following command: + + :: + ansible-playbook install-ofs.yml + +The Ansible playbook will take some time to run. As the playbook runs, it will output information on the tasks being executed. + +At the end of the output, you should see text similar to the following: + + .. highlight:: none + + :: + + TASK [console : Wait for console to start] *********************************************************************** + ok: [localhost] + + TASK [console : Print console URL] ******************************************************************************* + ok: [localhost] => { + "msg": "Hyperledger Fabric console available at https://my-namespace-ibp-console-console.apps.my-openshift-cluster.example.org" + } + + TASK [console : Delete console] ********************************************************************************** + skipping: [localhost] + + PLAY RECAP ******************************************************************************************************* + localhost : ok=19 changed=4 unreachable=0 failed=0 skipped=13 rescued=0 ignored=0 + +Ensure that no errors are reported in the output. Ensure that the failure count in the final ``PLAY RECAP`` section is 0. + +The URL of the console is displayed as part of the output for the ``Print console URL`` task. When you access this URL, you can log in with the email and default password that you specified in your Ansible playbook. + +You have now finished installing the Hyperledger Fabric software. diff --git a/examples/opensource-stack/02-console-install.yml b/examples/opensource-stack/02-console-install.yml index 2ce54667..6c14bce9 100644 --- a/examples/opensource-stack/02-console-install.yml +++ b/examples/opensource-stack/02-console-install.yml @@ -2,7 +2,7 @@ # SPDX-License-Identifier: Apache-2.0 # --- -- name: Deploy Opensource Console +- name: Deploy Fabric Operations Console hosts: localhost vars_files: - vars.yml diff --git a/examples/opensource-stack/90-KIND-ingress.yml b/examples/opensource-stack/90-KIND-ingress.yml new file mode 100644 index 00000000..257c742c --- /dev/null +++ b/examples/opensource-stack/90-KIND-ingress.yml @@ -0,0 +1,37 @@ +--- +- name: Setup ingress for KIND for use with Fabric Operator/Console + hosts: localhost + tasks: + - name: Create kubernetes resources for the ingress + k8s: + definition: "{{ lookup('kubernetes.core.kustomize', dir='templates/ingress') }}" + register: resultingress + + - name: Wait for the ingress + command: kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=2m + changed_when: false + + # Override the cluster DNS with a local override to refer pods to the HOST interface + # when connecting to ingress. + - name: Need the cluster ip address + k8s_info: + api_version: v1 + kind: service + namespace: ingress-nginx + name: "ingress-nginx-controller" + register: ingress_info + + - name: Applying CoreDNS overrides for ingress domain + vars: + clusterip: "{{ ingress_info.resources[0].spec.clusterIP }}" + k8s: + state: present + namespace: kube-system + resource_definition: "{{ lookup('template','templates/coredns/coredns.yaml.j2') }}" + apply: yes + + - name: Rollout the CoreDNS + shell: | + kubectl -n kube-system rollout restart deployment/coredns + kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=2m + changed_when: false diff --git a/roles/fabric_operator_crds/templates/kind/coredns/coredns.yaml.j2 b/examples/opensource-stack/templates/coredns/coredns.yaml.j2 similarity index 100% rename from roles/fabric_operator_crds/templates/kind/coredns/coredns.yaml.j2 rename to examples/opensource-stack/templates/coredns/coredns.yaml.j2 diff --git a/roles/fabric_operator_crds/templates/kind/ingress/ingress-nginx-controller.yaml b/examples/opensource-stack/templates/ingress/ingress-nginx-controller.yaml similarity index 93% rename from roles/fabric_operator_crds/templates/kind/ingress/ingress-nginx-controller.yaml rename to examples/opensource-stack/templates/ingress/ingress-nginx-controller.yaml index 37e5d1a2..72b7feed 100644 --- a/roles/fabric_operator_crds/templates/kind/ingress/ingress-nginx-controller.yaml +++ b/examples/opensource-stack/templates/ingress/ingress-nginx-controller.yaml @@ -28,6 +28,7 @@ spec: - name: controller args: - /nginx-ingress-controller + - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller - --election-id=ingress-controller-leader - --controller-class=k8s.io/ingress-nginx - --ingress-class=nginx @@ -35,6 +36,4 @@ spec: - --validating-webhook=:8443 - --validating-webhook-certificate=/usr/local/certificates/cert - --validating-webhook-key=/usr/local/certificates/key - - --watch-ingress-without-class=true - - --publish-status-address=localhost - --enable-ssl-passthrough diff --git a/roles/fabric_operator_crds/templates/kind/ingress/kustomization.yaml b/examples/opensource-stack/templates/ingress/kustomization.yaml similarity index 69% rename from roles/fabric_operator_crds/templates/kind/ingress/kustomization.yaml rename to examples/opensource-stack/templates/ingress/kustomization.yaml index 6635f17a..6d57058b 100644 --- a/roles/fabric_operator_crds/templates/kind/ingress/kustomization.yaml +++ b/examples/opensource-stack/templates/ingress/kustomization.yaml @@ -15,12 +15,23 @@ # See the License for the specific language governing permissions and # limitations under the License. # ---- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - https://github.com/kubernetes/ingress-nginx.git/deploy/static/provider/kind?ref=controller-v1.1.2 + - https://github.com/kubernetes/ingress-nginx.git/deploy/static/provider/cloud?ref=controller-v1.1.2 patchesStrategicMerge: - ingress-nginx-controller.yaml + +# Remove the port `appProtocol` attribute as this is not accepted by all cloud providers +patchesJson6902: + - target: + kind: Service + name: ingress-nginx-controller + version: v1 + patch: |- + - op: remove + path: "/spec/ports/0/appProtocol" + - op: remove + path: "/spec/ports/1/appProtocol" diff --git a/examples/opensource-stack/vars.yml b/examples/opensource-stack/vars.yml index ac8b7aee..9986e2a3 100644 --- a/examples/opensource-stack/vars.yml +++ b/examples/opensource-stack/vars.yml @@ -3,7 +3,7 @@ # --- # The type of K8S cluster this is using -target: kind +target: k8s arch: amd64 # k8s namespace for the operator and console diff --git a/roles/fabric_console/tasks/create.yml b/roles/fabric_console/tasks/create.yml index 469f89c2..2df6cafa 100644 --- a/roles/fabric_console/tasks/create.yml +++ b/roles/fabric_console/tasks/create.yml @@ -4,8 +4,8 @@ --- - name: Fail if architecture not specified fail: - msg: arch not specified or is not one of "amd64" or "s390x" - when: not arch is defined or not arch in ("amd64", "s390x") + msg: arch not specified or is not one of "amd64" + when: not arch is defined or not arch in ("amd64") - name: Fail if console domain not specified fail: diff --git a/roles/fabric_console/tasks/kind/create.yml b/roles/fabric_console/tasks/k8s/create.yml similarity index 91% rename from roles/fabric_console/tasks/kind/create.yml rename to roles/fabric_console/tasks/k8s/create.yml index 662fa37c..2ff30dc2 100644 --- a/roles/fabric_console/tasks/kind/create.yml +++ b/roles/fabric_console/tasks/k8s/create.yml @@ -56,4 +56,4 @@ - name: Print console URL debug: - msg: IBM Blockchain Platform console available at {{ create_console }} + msg: IBM Blockchain Platform console available at "https://{{ namespace }}-{{ console_name }}-console.{{ console_domain }}" diff --git a/roles/fabric_console/tasks/kind/delete.yml b/roles/fabric_console/tasks/k8s/delete.yml similarity index 100% rename from roles/fabric_console/tasks/kind/delete.yml rename to roles/fabric_console/tasks/k8s/delete.yml diff --git a/roles/fabric_console/tasks/main.yml b/roles/fabric_console/tasks/main.yml index 05524467..5b714bb3 100644 --- a/roles/fabric_console/tasks/main.yml +++ b/roles/fabric_console/tasks/main.yml @@ -4,8 +4,8 @@ --- - name: Fail if target not specified fail: - msg: target not specified or is not one of "k8s" or "openshift" or "kind" - when: not target is defined or not target in ("k8s", "openshift","kind") + msg: target not specified or is not one of "k8s" + when: not target is defined or not target in ("k8s") - name: Create console include_tasks: "create.yml" diff --git a/roles/fabric_console/templates/k8s/hlf-operations-console.yaml.j2 b/roles/fabric_console/templates/k8s/hlf-operations-console.yaml.j2 index 3ca305c7..74076787 100644 --- a/roles/fabric_console/templates/k8s/hlf-operations-console.yaml.j2 +++ b/roles/fabric_console/templates/k8s/hlf-operations-console.yaml.j2 @@ -29,10 +29,10 @@ spec: couchdbTag: "{{couchdb_image_label}}" peerImage: ghcr.io/hyperledgendary/k8s-fabric-peer peerTag: v0.6.0 -{%+ if console_versions is defined %} +{# {%+ if console_versions is defined %} versions: {{ console_versions | to_nice_yaml(indent=2, width=1024) | indent(4, false) }} -{% endif %} +{% endif %} #} networkinfo: domain: "{{console_domain}}" storage: diff --git a/roles/fabric_operator_crds/tasks/create.yml b/roles/fabric_operator_crds/tasks/create.yml index 1b6ad3b9..d8c8e4d5 100644 --- a/roles/fabric_operator_crds/tasks/create.yml +++ b/roles/fabric_operator_crds/tasks/create.yml @@ -4,8 +4,8 @@ --- - name: Fail if architecture not specified fail: - msg: arch not specified or is not one of "amd64" or "s390x" - when: not arch is defined or not arch in ("amd64", "s390x") + msg: arch not specified or is not one of "amd64" + when: not arch is defined or not arch in ("amd64") - name: Create custom resource definitions include_tasks: "{{ target }}/create.yml" diff --git a/roles/fabric_operator_crds/tasks/kind/create.yml b/roles/fabric_operator_crds/tasks/k8s/create.yml similarity index 53% rename from roles/fabric_operator_crds/tasks/kind/create.yml rename to roles/fabric_operator_crds/tasks/k8s/create.yml index 9c23f8f5..2e5edd83 100644 --- a/roles/fabric_operator_crds/tasks/kind/create.yml +++ b/roles/fabric_operator_crds/tasks/k8s/create.yml @@ -7,43 +7,6 @@ definition: "{{ lookup('kubernetes.core.kustomize',dir=role_path+'/templates/'+target+'/crd') }}" register: resultcrds -- name: Create kubernetes resources for the ingress - k8s: - definition: "{{ lookup('kubernetes.core.kustomize', dir=role_path+'/templates/'+target+'/ingress') }}" - register: resultingress - -- name: Wait for the ingress - command: kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=2m - changed_when: false - -# Override the cluster DNS with a local override to refer pods to the HOST interface -# when connecting to ingress. -- name: Need the cluster ip address - k8s_info: - api_version: v1 - kind: service - namespace: ingress-nginx - name: "ingress-nginx-controller" - register: ingress_info - -- name: Applying CoreDNS overrides for ingress domain - vars: - clusterip: "{{ ingress_info.resources[0].spec.clusterIP }}" - k8s: - state: present - namespace: kube-system - resource_definition: "{{ lookup('template','templates/'+target+'/coredns/coredns.yaml.j2') }}" - apply: yes - -- name: Rollout the CoreDNS - shell: | - kubectl -n kube-system rollout restart deployment/coredns - kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=2m - changed_when: false - -# END of KIND specifics - -# Time to deploy the operator # Create the namespace for the operator - name: Fail if namespace not specified fail: diff --git a/roles/fabric_operator_crds/tasks/kind/delete.yml b/roles/fabric_operator_crds/tasks/k8s/delete.yml similarity index 100% rename from roles/fabric_operator_crds/tasks/kind/delete.yml rename to roles/fabric_operator_crds/tasks/k8s/delete.yml diff --git a/roles/fabric_operator_crds/tasks/main.yml b/roles/fabric_operator_crds/tasks/main.yml index 5a0894cb..298d6143 100644 --- a/roles/fabric_operator_crds/tasks/main.yml +++ b/roles/fabric_operator_crds/tasks/main.yml @@ -4,8 +4,8 @@ --- - name: Fail if target not specified fail: - msg: target not specified or is not one of "kind" - when: not target is defined or not target in ("kind") + msg: target not specified or is not one of "k8s" + when: not target is defined or not target in ("k8s") - name: Create custom resource definitions include_tasks: "create.yml" diff --git a/roles/fabric_operator_crds/templates/k8s/coredns/coredns.yaml.j2 b/roles/fabric_operator_crds/templates/k8s/coredns/coredns.yaml.j2 new file mode 100644 index 00000000..59065d96 --- /dev/null +++ b/roles/fabric_operator_crds/templates/k8s/coredns/coredns.yaml.j2 @@ -0,0 +1,33 @@ +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: coredns + namespace: kube-system +data: + Corefile: | + .:53 { + errors + health { + lameduck 5s + } + rewrite name regex (.*)\.localho\.st host.ingress.internal + hosts { + {{ clusterip }} host.ingress.internal + fallthrough + } + ready + kubernetes cluster.local in-addr.arpa ip6.arpa { + pods insecure + fallthrough in-addr.arpa ip6.arpa + ttl 30 + } + prometheus :9153 + forward . /etc/resolv.conf { + max_concurrent 1000 + } + cache 30 + loop + reload + loadbalance + } \ No newline at end of file diff --git a/roles/fabric_operator_crds/templates/kind/crd/bases/another/path/.openapi-generator-ignore b/roles/fabric_operator_crds/templates/k8s/crd/bases/another/path/.openapi-generator-ignore similarity index 100% rename from roles/fabric_operator_crds/templates/kind/crd/bases/another/path/.openapi-generator-ignore rename to roles/fabric_operator_crds/templates/k8s/crd/bases/another/path/.openapi-generator-ignore diff --git a/roles/fabric_operator_crds/templates/kind/crd/bases/another/path/.openapi-generator/FILES b/roles/fabric_operator_crds/templates/k8s/crd/bases/another/path/.openapi-generator/FILES similarity index 100% rename from roles/fabric_operator_crds/templates/kind/crd/bases/another/path/.openapi-generator/FILES rename to roles/fabric_operator_crds/templates/k8s/crd/bases/another/path/.openapi-generator/FILES diff --git a/roles/fabric_operator_crds/templates/kind/crd/bases/another/path/.openapi-generator/VERSION b/roles/fabric_operator_crds/templates/k8s/crd/bases/another/path/.openapi-generator/VERSION similarity index 100% rename from roles/fabric_operator_crds/templates/kind/crd/bases/another/path/.openapi-generator/VERSION rename to roles/fabric_operator_crds/templates/k8s/crd/bases/another/path/.openapi-generator/VERSION diff --git a/roles/fabric_operator_crds/templates/kind/crd/bases/another/path/index.html b/roles/fabric_operator_crds/templates/k8s/crd/bases/another/path/index.html similarity index 100% rename from roles/fabric_operator_crds/templates/kind/crd/bases/another/path/index.html rename to roles/fabric_operator_crds/templates/k8s/crd/bases/another/path/index.html diff --git a/roles/fabric_operator_crds/templates/kind/crd/bases/ibp.com_ibpcas.yaml b/roles/fabric_operator_crds/templates/k8s/crd/bases/ibp.com_ibpcas.yaml similarity index 100% rename from roles/fabric_operator_crds/templates/kind/crd/bases/ibp.com_ibpcas.yaml rename to roles/fabric_operator_crds/templates/k8s/crd/bases/ibp.com_ibpcas.yaml diff --git a/roles/fabric_operator_crds/templates/kind/crd/bases/ibp.com_ibpconsoles.yaml b/roles/fabric_operator_crds/templates/k8s/crd/bases/ibp.com_ibpconsoles.yaml similarity index 100% rename from roles/fabric_operator_crds/templates/kind/crd/bases/ibp.com_ibpconsoles.yaml rename to roles/fabric_operator_crds/templates/k8s/crd/bases/ibp.com_ibpconsoles.yaml diff --git a/roles/fabric_operator_crds/templates/kind/crd/bases/ibp.com_ibporderers.yaml b/roles/fabric_operator_crds/templates/k8s/crd/bases/ibp.com_ibporderers.yaml similarity index 100% rename from roles/fabric_operator_crds/templates/kind/crd/bases/ibp.com_ibporderers.yaml rename to roles/fabric_operator_crds/templates/k8s/crd/bases/ibp.com_ibporderers.yaml diff --git a/roles/fabric_operator_crds/templates/kind/crd/bases/ibp.com_ibppeers.yaml b/roles/fabric_operator_crds/templates/k8s/crd/bases/ibp.com_ibppeers.yaml similarity index 100% rename from roles/fabric_operator_crds/templates/kind/crd/bases/ibp.com_ibppeers.yaml rename to roles/fabric_operator_crds/templates/k8s/crd/bases/ibp.com_ibppeers.yaml diff --git a/roles/fabric_operator_crds/templates/kind/crd/docs/.openapi-generator-ignore b/roles/fabric_operator_crds/templates/k8s/crd/docs/.openapi-generator-ignore similarity index 100% rename from roles/fabric_operator_crds/templates/kind/crd/docs/.openapi-generator-ignore rename to roles/fabric_operator_crds/templates/k8s/crd/docs/.openapi-generator-ignore diff --git a/roles/fabric_operator_crds/templates/kind/crd/docs/.openapi-generator/FILES b/roles/fabric_operator_crds/templates/k8s/crd/docs/.openapi-generator/FILES similarity index 100% rename from roles/fabric_operator_crds/templates/kind/crd/docs/.openapi-generator/FILES rename to roles/fabric_operator_crds/templates/k8s/crd/docs/.openapi-generator/FILES diff --git a/roles/fabric_operator_crds/templates/kind/crd/docs/.openapi-generator/VERSION b/roles/fabric_operator_crds/templates/k8s/crd/docs/.openapi-generator/VERSION similarity index 100% rename from roles/fabric_operator_crds/templates/kind/crd/docs/.openapi-generator/VERSION rename to roles/fabric_operator_crds/templates/k8s/crd/docs/.openapi-generator/VERSION diff --git a/roles/fabric_operator_crds/templates/kind/crd/docs/index.html b/roles/fabric_operator_crds/templates/k8s/crd/docs/index.html similarity index 100% rename from roles/fabric_operator_crds/templates/kind/crd/docs/index.html rename to roles/fabric_operator_crds/templates/k8s/crd/docs/index.html diff --git a/roles/fabric_operator_crds/templates/kind/crd/kustomization.yaml b/roles/fabric_operator_crds/templates/k8s/crd/kustomization.yaml similarity index 100% rename from roles/fabric_operator_crds/templates/kind/crd/kustomization.yaml rename to roles/fabric_operator_crds/templates/k8s/crd/kustomization.yaml diff --git a/roles/fabric_operator_crds/templates/kind/crd/kustomizeconfig.yaml b/roles/fabric_operator_crds/templates/k8s/crd/kustomizeconfig.yaml similarity index 100% rename from roles/fabric_operator_crds/templates/kind/crd/kustomizeconfig.yaml rename to roles/fabric_operator_crds/templates/k8s/crd/kustomizeconfig.yaml diff --git a/roles/fabric_operator_crds/templates/kind/crd/patches/cainjection_in_ibpcas.yaml b/roles/fabric_operator_crds/templates/k8s/crd/patches/cainjection_in_ibpcas.yaml similarity index 100% rename from roles/fabric_operator_crds/templates/kind/crd/patches/cainjection_in_ibpcas.yaml rename to roles/fabric_operator_crds/templates/k8s/crd/patches/cainjection_in_ibpcas.yaml diff --git a/roles/fabric_operator_crds/templates/kind/crd/patches/cainjection_in_ibpconsoles.yaml b/roles/fabric_operator_crds/templates/k8s/crd/patches/cainjection_in_ibpconsoles.yaml similarity index 100% rename from roles/fabric_operator_crds/templates/kind/crd/patches/cainjection_in_ibpconsoles.yaml rename to roles/fabric_operator_crds/templates/k8s/crd/patches/cainjection_in_ibpconsoles.yaml diff --git a/roles/fabric_operator_crds/templates/kind/crd/patches/cainjection_in_ibporderers.yaml b/roles/fabric_operator_crds/templates/k8s/crd/patches/cainjection_in_ibporderers.yaml similarity index 100% rename from roles/fabric_operator_crds/templates/kind/crd/patches/cainjection_in_ibporderers.yaml rename to roles/fabric_operator_crds/templates/k8s/crd/patches/cainjection_in_ibporderers.yaml diff --git a/roles/fabric_operator_crds/templates/kind/crd/patches/cainjection_in_ibppeers.yaml b/roles/fabric_operator_crds/templates/k8s/crd/patches/cainjection_in_ibppeers.yaml similarity index 100% rename from roles/fabric_operator_crds/templates/kind/crd/patches/cainjection_in_ibppeers.yaml rename to roles/fabric_operator_crds/templates/k8s/crd/patches/cainjection_in_ibppeers.yaml diff --git a/roles/fabric_operator_crds/templates/kind/crd/patches/webhook_in_ibpcas.yaml b/roles/fabric_operator_crds/templates/k8s/crd/patches/webhook_in_ibpcas.yaml similarity index 100% rename from roles/fabric_operator_crds/templates/kind/crd/patches/webhook_in_ibpcas.yaml rename to roles/fabric_operator_crds/templates/k8s/crd/patches/webhook_in_ibpcas.yaml diff --git a/roles/fabric_operator_crds/templates/kind/crd/patches/webhook_in_ibpconsoles.yaml b/roles/fabric_operator_crds/templates/k8s/crd/patches/webhook_in_ibpconsoles.yaml similarity index 100% rename from roles/fabric_operator_crds/templates/kind/crd/patches/webhook_in_ibpconsoles.yaml rename to roles/fabric_operator_crds/templates/k8s/crd/patches/webhook_in_ibpconsoles.yaml diff --git a/roles/fabric_operator_crds/templates/kind/crd/patches/webhook_in_ibporderers.yaml b/roles/fabric_operator_crds/templates/k8s/crd/patches/webhook_in_ibporderers.yaml similarity index 100% rename from roles/fabric_operator_crds/templates/kind/crd/patches/webhook_in_ibporderers.yaml rename to roles/fabric_operator_crds/templates/k8s/crd/patches/webhook_in_ibporderers.yaml diff --git a/roles/fabric_operator_crds/templates/kind/crd/patches/webhook_in_ibppeers.yaml b/roles/fabric_operator_crds/templates/k8s/crd/patches/webhook_in_ibppeers.yaml similarity index 100% rename from roles/fabric_operator_crds/templates/kind/crd/patches/webhook_in_ibppeers.yaml rename to roles/fabric_operator_crds/templates/k8s/crd/patches/webhook_in_ibppeers.yaml diff --git a/roles/fabric_operator_crds/templates/k8s/ingress/ingress-nginx-controller.yaml b/roles/fabric_operator_crds/templates/k8s/ingress/ingress-nginx-controller.yaml new file mode 100644 index 00000000..72b7feed --- /dev/null +++ b/roles/fabric_operator_crds/templates/k8s/ingress/ingress-nginx-controller.yaml @@ -0,0 +1,39 @@ +# +# Copyright contributors to the Hyperledger Fabric Operator project +# +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: ingress-nginx + name: ingress-nginx-controller +spec: + template: + spec: + containers: + - name: controller + args: + - /nginx-ingress-controller + - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller + - --election-id=ingress-controller-leader + - --controller-class=k8s.io/ingress-nginx + - --ingress-class=nginx + - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller + - --validating-webhook=:8443 + - --validating-webhook-certificate=/usr/local/certificates/cert + - --validating-webhook-key=/usr/local/certificates/key + - --enable-ssl-passthrough diff --git a/roles/fabric_operator_crds/templates/k8s/ingress/kustomization.yaml b/roles/fabric_operator_crds/templates/k8s/ingress/kustomization.yaml new file mode 100644 index 00000000..6d57058b --- /dev/null +++ b/roles/fabric_operator_crds/templates/k8s/ingress/kustomization.yaml @@ -0,0 +1,37 @@ +# +# Copyright contributors to the Hyperledger Fabric Operator project +# +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - https://github.com/kubernetes/ingress-nginx.git/deploy/static/provider/cloud?ref=controller-v1.1.2 + +patchesStrategicMerge: + - ingress-nginx-controller.yaml + +# Remove the port `appProtocol` attribute as this is not accepted by all cloud providers +patchesJson6902: + - target: + kind: Service + name: ingress-nginx-controller + version: v1 + patch: |- + - op: remove + path: "/spec/ports/0/appProtocol" + - op: remove + path: "/spec/ports/1/appProtocol" diff --git a/roles/fabric_operator_crds/templates/kind/manager/hlf-operator-manager.yaml.j2 b/roles/fabric_operator_crds/templates/k8s/manager/hlf-operator-manager.yaml.j2 similarity index 100% rename from roles/fabric_operator_crds/templates/kind/manager/hlf-operator-manager.yaml.j2 rename to roles/fabric_operator_crds/templates/k8s/manager/hlf-operator-manager.yaml.j2 diff --git a/roles/fabric_operator_crds/templates/kind/rbac/hlf-operator-clusterrole.yaml b/roles/fabric_operator_crds/templates/k8s/rbac/hlf-operator-clusterrole.yaml similarity index 100% rename from roles/fabric_operator_crds/templates/kind/rbac/hlf-operator-clusterrole.yaml rename to roles/fabric_operator_crds/templates/k8s/rbac/hlf-operator-clusterrole.yaml diff --git a/roles/fabric_operator_crds/templates/kind/rbac/hlf-operator-clusterrolebinding.yaml.j2 b/roles/fabric_operator_crds/templates/k8s/rbac/hlf-operator-clusterrolebinding.yaml.j2 similarity index 100% rename from roles/fabric_operator_crds/templates/kind/rbac/hlf-operator-clusterrolebinding.yaml.j2 rename to roles/fabric_operator_crds/templates/k8s/rbac/hlf-operator-clusterrolebinding.yaml.j2 diff --git a/roles/fabric_operator_crds/templates/kind/rbac/hlf-operator-serviceaccount.yaml b/roles/fabric_operator_crds/templates/k8s/rbac/hlf-operator-serviceaccount.yaml similarity index 100% rename from roles/fabric_operator_crds/templates/kind/rbac/hlf-operator-serviceaccount.yaml rename to roles/fabric_operator_crds/templates/k8s/rbac/hlf-operator-serviceaccount.yaml diff --git a/roles/fabric_operator_crds/templates/kind/rbac/hlf-psp.yaml b/roles/fabric_operator_crds/templates/k8s/rbac/hlf-psp.yaml similarity index 100% rename from roles/fabric_operator_crds/templates/kind/rbac/hlf-psp.yaml rename to roles/fabric_operator_crds/templates/k8s/rbac/hlf-psp.yaml