Add reference implementation example

[nabuskey]

Adds an example for the cnoe ref implementation. Related to #142

[cmoulliard]

Question: As the goal of this project = idpbuilder is to help the developers when they create/design an IDP platform, will the backstage app installed with the example include the needed "plugins" able to show the following views: argocd, keycloak, etc ?

[cmoulliard]

Can you please link the issue #142 to this PR's description ?

[cmoulliard]

Can you also add a prerequisite section as I suspect that we need:

• kubectl installed + kube OIDC login plugin (?),
• idpbuilder version 0.x (the x should be defined ;-))
• An account on Amazon and S3 bucket,

[nimakaviani]

also do we need something to put in there with regards to system specs? or at least memory requirements. my 16G core i7 cant handle it well.

[cmoulliard]

Can we please add also cert manager ?

[nabuskey]

Question: As the goal of this project = idpbuilder is to help the developers when they create/design an IDP platform, will the backstage app installed with the example include the needed "plugins" able to show the following views: argocd, keycloak, etc ?

Yeah plugins are baked in with the image. Source is available here: https://github.com/cnoe-io/backstage-app

Can you please link the issue #142 to this PR's description ?

I mentioned it in the description but this issue is a bit different so I won't close the issue.

Can we please add also cert manager?

I left it out because it's heavy as-is, in terms of resource utilization.

[nimakaviani]

looks great. some minor comments from me

[nimakaviani]

also do we need something to put in there with regards to system specs? or at least memory requirements. my 16G core i7 cant handle it well.

[nimakaviani]

if someone doesnt want Spark for example, is it as easy as removing the manifests for it? or is there extra configuration in other components that they need to tweak?

[nabuskey]

also do we need something to put in there with regards to system specs? or at least memory requirements. my 16G core i7 cant handle it well.

That's actually concerning. On my Ubuntu machine it consumes about 5GB memory. How much resources are you allocating to Docker Desktop VM?

if someone doesnt want Spark for example, is it as easy as removing the manifests for it? or is there extra configuration in other components that they need to tweak?

yea just need to remove the argocd app spec

[cmoulliard]

Why do you use Apache Spark as example ? AFAIK, there is no backstage plugin, so what could be the added value to propose it as example ?
Remark: Should we instead propose as example a microservice such as Spring Boot, Quarkus, Nodejs or combination ?

[nimakaviani]

can we link to the location in the git repo where this workflow can be found

[nimakaviani]

what do you think about splitting the example applications into a separate folder, so we have one folder for a vanilla reference implementation, and another to deploy the example apps. doing something like the following in the readme:

idpbuilder create --package-dir examples/ref-implementation --package-dir examples/sample-apps

[nabuskey]

I would rather just have one command to deploy everything.

[cmoulliard]

I think that we should dissociate the process to install the reference implementation (= components A + B + C etc) from the step to install an example top of the reference platform. Why ? As the goal of the tool is to provision a cluster, than such implementation should be used for different purposes, to allow the users to deploy also their own examples, or examples defined in a lab project, etc

[nimakaviani]

yeah +1 on what Charles said above.

[nimakaviani]

I think we should have a note in the README that both user1 and user2 get the same password and how maybe that can be tweaked

[nabuskey]

updated documentation

[cmoulliard]

Why do you use Apache Spark as example ? AFAIK, there is no backstage plugin, so what could be the added value to propose it as example ?
Remark: Should we instead propose as example a microservice such as Spring Boot, Quarkus, Nodejs or combination ?

[cmoulliard]

I think that we should dissociate the process to install the reference implementation (= components A + B + C etc) from the step to install an example top of the reference platform. Why ? As the goal of the tool is to provision a cluster, than such implementation should be used for different purposes, to allow the users to deploy also their own examples, or examples defined in a lab project, etc

[cmoulliard]

Why is the backstage secret created here within keycloak stuffs ? Such a step should be included within the backstage folder and documented to let the users to figure out how they could expand/override their app-config.yaml ;-)

[nabuskey]

Why do you use Apache Spark as example ? AFAIK, there is no backstage plugin, so what could be the added value to propose it as example ?
Remark: Should we instead propose as example a microservice such as Spring Boot, Quarkus, Nodejs or combination ?

We do have a pugin for the Spark operator. This was included in the original reference implementation and thus it's included here. The purpose of it is to show that IDP does not necessary be for applications only.

I think that we should dissociate the process to install the reference implementation (= components A + B + C etc) from the step to install an example top of the reference platform. Why ? As the goal of the tool is to provision a cluster, than such implementation should be used for different purposes, to allow the users to deploy also their own examples, or examples defined in a lab project, etc

I think we need a guide to show this part, but not in this PR. The primary goal of this PR is to showcase what you can build with idpbuilder, even complicated stuff like this. If we want to create a guide for developing Backstage stuff, it should be separate.

Why is the backstage secret created here within keycloak stuffs ? Such a step should be included within the backstage folder and documented to let the users to figure out how they could expand/override their app-config.yaml ;-)

These are for SSO configuration stuff. Keycloak client secrets are generated by Keycloak upon creation of a client. We need a way to export this to client applications (backstage and argo workflows). We could include this in Backstage stuff but it becomes a bit of a mess because we now need to do the same for other apps like argocd and argo workflows.

[cmoulliard]

As many of the backstage examples rely on scaffolding a project (spring boot, nodejs, quarkus, etc) on github, how will it be possible for a user to provide its GitHub Personal Access Token which is needed to configure such app-config.yaml field ?

integrations:
  github:
    - host: github.com
      token: <MY_GITHUB_PAT>

[nabuskey]

As many of the backstage examples rely on scaffolding a project (spring boot, nodejs, quarkus, etc) on github, how will it be possible for a user to provide its GitHub Personal Access Token which is needed to configure such app-config.yaml field ?

GitHub integration stuff is left out intentionally. It's hard to automate and I did not want to make users worry about external stuff. I wanted everything to stay local. If they want integrations with external stuff like GitHub and AWS, they can look at the Terraform version.

What I wanted to enable for this was to show how you can bring up a solution with just one command.

[csantanapr]

@nabuskey
tried this example, and hit a problem with argo workflows that server crashed.
I think this happens because keycloak took a while to come up, backstage had issues also but was eventually came up, argo workflows server doesn't work even with multiple restarts

k logs -n argo argo-server-6d8dbf6b99-2jdqh

time="2024-02-15T04:54:15.010Z" level=info msg="not enabling pprof debug endpoints"
time="2024-02-15T04:54:15.011Z" level=info authModes="[client sso]" baseHRef=/ managedNamespace= namespace=argo secure=false ssoNamespace=argo
time="2024-02-15T04:54:15.011Z" level=warning msg="You are running in insecure mode. Learn how to enable transport layer security: https://argo-workflows.readthedocs.io/en/release-3.5/tls/"
Error: 502 Bad Gateway: <html>
<head><title>502 Bad Gateway</title></head>
<body>
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx</center>
</body>
</html>

Usage:
  argo server [flags]

Examples:

[csantanapr]

deleting the argo-server pod, made it work with the new pod

[csantanapr]

problems with keycloak got fix by the latest update to the image to 22.0.3 🙌

[csantanapr]

@nabuskey
hitting a problem in Argo Sync with Backstage stays in an endless sync
The Kubernetes API could not find backstage.io/Location for requested resource backstage/basic-example-templates. Make sure the "Location" CRD is installed on the destination cluster.
Getting error

[csantanapr]

nope, it looks like using keycloak 22.0.3 still has problems, container in crashloopback, logs:

Updating the configuration and installing your custom providers, if any. Please wait.
/opt/keycloak/bin/kc.sh: line 132:    19 Killed                  'java' -Dkc.config.build-and-exit=true -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Dfile.encoding=UTF-8 -Dsun.stdout.encoding=UTF-8 -Dsun.err.encoding=UTF-8 -Dstdout.encoding=UTF-8 -Dstderr.encoding=UTF-8 -XX:+ExitOnOutOfMemoryError -Djava.security.egd=file:/dev/urandom -XX:+UseParallelGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.base/java.security=ALL-UNNAMED -Dkc.home.dir='/opt/keycloak/bin/..' -Djboss.server.config.dir='/opt/keycloak/bin/../conf' -Djava.util.logging.manager=org.jboss.logmanager.LogManager -Dquarkus-log-max-startup-records=10000 -cp '/opt/keycloak/bin/../lib/quarkus-run.jar' io.quarkus.bootstrap.runner.QuarkusEntryPoint --profile=dev start-dev

[csantanapr]

Suggested change

	In the next screen, type `demo` for the name field, then click create.
	In the next screen, type `demo` for the name field, then click Review, then Create.