Skip to content

Commit

Permalink
competing getting started
Browse files Browse the repository at this point in the history
Signed-off-by: Soule BA <[email protected]>
  • Loading branch information
souleb committed Sep 20, 2023
1 parent 627b7a2 commit 9620c69
Showing 1 changed file with 87 additions and 27 deletions.
114 changes: 87 additions & 27 deletions content/en/mpas/getting_started.md
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,19 @@ and `ocm-system` namespaces. You can use [syncing-secrets-across-namespaces](htt
The [podinfo application](https://github.com/stefanprodan/podinfo) has been packaged
as an ocm component and can be retrieved from [Github](ghcr.io/open-component-model/podinfo).

<!--TODO: Surface the SA from the podinfo app into values.yaml, in order to use imagePullSecrets
generated by a Target.
serviceAccount:
# Specifies whether a service account should be created
enabled: false
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
# List of image pull secrets if pulling from private registries
imagePullSecrets: []
-->

<!--TODO: Add project creation command
```bash
Expand Down Expand Up @@ -191,16 +204,17 @@ git add --all && git commit -m "Add podinfo project" && git push
This will create in the cluster a `namespace` for the project, a `service account`, and RBAC.
It will also create a GitHub repository for the project, and configure `Flux` to manage the project's resources.
3. Clone the project repository
3. Add the needed secrets to the namespace
`Flux` is used to deploy all workloads in a gitOps way. In order for flux to access the internal
registry, we have to provide the certificate to use `https`.
```bash
git clone https://github.com/$GITHUB_USER/mpas-podinfo-application
cd mpas-podinfo-application
kubectl get secret ocm-registry-tls-certs --namespace=mpas-system -o yaml | sed 's/namespace:
.*/namespace: mpas-podinfo-application/' | kubectl apply -f -
```
4. Add the podinfo component subscription
we need a secret in the project namespace that will be used to retrieve the component from the registry:
We also need a secret in the project namespace that will be used to communicate with github:
```bash
kubectl create secret generic \
Expand All @@ -212,6 +226,35 @@ kubectl create secret generic \
**Note** The credentials shall have access to github packages.
As part of step 2, a `service account` was created for the project. We will use this service account
to provide the necessary permissions to pull from the `ghcr` registry.
First create a secret containing the credentials for the service account:
```bash
kubectl create secret docker-registry github-registry-key --docker-server=ghcr.io \
--docker-username=$GITHUB_USER --docker-password=$GITHUB_TOKEN \
--docker-email=<MY_EMAIL> -n mpas-podinfo-application
```
Then, patch the service account to use the secret:
```bash
kubectl patch serviceaccount mpas-podinfo-application -p '{"imagePullSecrets": [{"name": "github-registry-key"}]}' \
-n mpas-podinfo-application
```
4. Clone the project repository
```bash
git clone https://github.com/$GITHUB_USER/mpas-podinfo-application
cd mpas-podinfo-application
```
5. Add the podinfo component subscription
Create a file under `./subscriptions/` that will contains the subscription declaration.
```bash
cat <<EOF >> ./subscriptions/podinfo.yaml
apiVersion: delivery.ocm.software/v1alpha1
Expand Down Expand Up @@ -245,10 +288,15 @@ git add --all && git commit -m "Add podinfo subscription" && git push
This will replicate the product referenced by the `ComponentSubscription` `spec.component` field from
defined registry in the `spec.source.url` to the `spec.destination.url` registry.
5. Add a target for the podinfo application
6. Add a target for the podinfo application
The target will define where the application will be installed
<!-- TODO:
The target must create the namespace with the desired service account.
We should leverage ESO to make sure that the needed imagePullSecret is attached to it.
--->
```bash
cat <<EOF >> ./targets/podinfo.yaml
apiVersion: mpas.ocm.software/v1alpha1
Expand All @@ -273,7 +321,7 @@ git add --all && git commit -m "Add a target for podinfo" && git push
`Flux` will detect the changes and apply the target to the cluster.
6. Deploy the podinfo application
7. Deploy the podinfo application
In order to deploy the podinfo application, we need to create a `ProductDeploymentGenerator` resource:
Expand All @@ -293,25 +341,6 @@ spec:
EOF
```
As part of step 2, a `service account` was created for the project. We will use this service account
to provide the necessary permissions to the `ProductDeploymentGenerator` to pull
the podinfo component from the registry.
First create a secret containing the credentials for the service account:
```bash
kubectl create secret docker-registry github-registry-key --docker-server=ghcr.io \
--docker-username=$GITHUB_USER --docker-password=$GITHUB_TOKEN \
--docker-email=<MY_EMAIL> -n mpas-podinfo-application
```
Then, patch the service account to use the secret:
```bash
kubectl patch serviceaccount mpas-podinfo-application -p '{"imagePullSecrets": [{"name": "github-registry-key"}]}' \
-n mpas-podinfo-application
```
Then, apply the `ProductDeploymentGenerator` to the project in a gitOps fashion:
```bash
Expand All @@ -332,3 +361,34 @@ contains values that should used to configure the different resources that are p
the product to be deployed. There is a check that should pass before merging the pull request.
Once the pull request is merged, `Flux` will detect the changes and deploy the application to the cluster.
After a moment the `ProductDeployment` should be deployed successfully.
It is possible to verify with the command:
```bash
k describe productDeployment -n mpas-podinfo-application
```
The result should something like:
```bash
Name: podinfo
Namespace: mpas-podinfo-application
Labels: kustomize.toolkit.fluxcd.io/name=mpas-podinfo-application-products
kustomize.toolkit.fluxcd.io/namespace=mpas-system
API Version: mpas.ocm.software/v1alpha1
Kind: ProductDeployment
Metadata:
...
Status:
Conditions:
Last Transition Time: 2023-09-14T10:14:41Z
Message: Reconciliation success
Observed Generation: 1
Reason: Succeeded
Status: True
Type: Ready
Observed Generation: 1
```
You should then have the application deployed in the `podinfo` namespace.

0 comments on commit 9620c69

Please sign in to comment.