Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge PR #13, #14 and #15 #16

Merged
merged 3 commits into from
Sep 20, 2024
+386 −26
Merged

Merge PR #13, #14 and #15 #16

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
8abd214
Observability related functions (#13)
hierynomus Sep 17, 2024
b7b8b5c
2 Small fixes for the observability scripts (#14)
hierynomus Sep 18, 2024
dbb236f
Add NFS Server Provisioner Helm chart & upgrade WordPress from upstre…
devpro Sep 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
@@ -63,6 +63,7 @@ jobs:
- name: Add dependency Helm chart repositories
run: |
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add nfs-ganesha-server-and-external-provisioner https://kubernetes-sigs.github.io/nfs-ganesha-server-and-external-provisioner/
helm repo update
- name: Install Python
uses: actions/setup-python@v5
1 change: 1 addition & 0 deletions .github/workflows/pkg.yml
View file
Original file line number Diff line number Diff line change
@@ -48,6 +48,7 @@ jobs:
- name: Add dependency Helm chart repositories
run: |
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add nfs-ganesha-server-and-external-provisioner https://kubernetes-sigs.github.io/nfs-ganesha-server-and-external-provisioner/
helm repo update
- name: Host charts repository on GitHub Pages
uses: helm/chart-releaser-action@v1.6.0
5 changes: 3 additions & 2 deletions charts/README.md
View file
Original file line number Diff line number Diff line change
@@ -6,6 +6,7 @@
* [Game 2048](game-2048/README.md)
* [Let's Encrypt](letsencrypt/README.md)
* [NFS-Ganesha](nfs-ganesha/README.md)
* [NFS Server Provisioner](nfs-server-provisioner/README.md)
* [Rancher Cluster Template](rancher-cluster-templates/README.md)
* [WordPress](wordpress/README.md)

@@ -22,6 +23,6 @@ helm template <releasename> . -f values.yaml -f values_mine.yaml --namespace dem

# installs a chart from local source
helm upgrade --install <releasename> . -f values.yaml \
# --debug > output.yaml \
--create-namespace --namespace nfs-ganesha
# --debug > output.yaml \
--create-namespace --namespace nfs-ganesha
```
6 changes: 6 additions & 0 deletions charts/nfs-server-provisioner/Chart.lock
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
dependencies:
- name: nfs-server-provisioner
repository: https://kubernetes-sigs.github.io/nfs-ganesha-server-and-external-provisioner/
version: 1.8.0
digest: sha256:17d02ec93947c92806da70bda22b675ce7001873b0a68cb908b9714256704503
generated: "2024-09-19T16:06:10.718178856+02:00"
14 changes: 14 additions & 0 deletions charts/nfs-server-provisioner/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
apiVersion: v2
name: nfs-server-provisioner
description: Helm chart for managing WordPress
type: application
version: 0.1.0
appVersion: "4.0.8"
dependencies:
- name: nfs-server-provisioner
version: 1.8.0
repository: https://kubernetes-sigs.github.io/nfs-ganesha-server-and-external-provisioner/
home: https://github.com/SUSE/lab-setup/tree/main/charts/nfs-server-provisioner
maintainers:
- name: devpro
email: bertrand.thomas@suse.com
46 changes: 46 additions & 0 deletions charts/nfs-server-provisioner/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
# NFS server provisioner

This Helm chart will install [NFS Server Provisioner](https://github.com/kubernetes-sigs/nfs-ganesha-server-and-external-provisioner) in a Kubernetes cluster.

## Quick start

Install the application with the default settings:

```bash
# adds the repo
helm repo add suse-lab-setup https://opensource.suse.com/lab-setup
helm repo update

# installs the chart
helm upgrade --install nfs-server-provisioner suse-lab-setup/nfs-server-provisioner --namespace nfs-provisioner --create-namespace
```

Look at [values.yaml](values.yaml) for the configuration.

Clean-up:

```bash
helm delete nfs-server-provisioner
kubectl delete ns nfs-provisioner
```

## Upstream version update

- Look for the available versions:

```bash
# adds bitnami helm chart repository
helm repo add nfs-ganesha-server-and-external-provisioner https://kubernetes-sigs.github.io/nfs-ganesha-server-and-external-provisioner/
helm repo update

# lists available charts
helm search repo nfs-server-provisioner
```

- Update [Chart.yaml](Chart.yaml)

- Update Chart.lock file:

```bash
helm dependency update
```
7 changes: 7 additions & 0 deletions charts/nfs-server-provisioner/values.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# refers to https://github.com/kubernetes-sigs/nfs-ganesha-server-and-external-provisioner/blob/master/charts/nfs-server-provisioner/values.yaml
nfs-server-provisioner:
storageClass:
defaultClass: true
mountOptions:
- vers=3
- nolock
6 changes: 3 additions & 3 deletions charts/wordpress/Chart.lock
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
dependencies:
- name: wordpress
repository: https://charts.bitnami.com/bitnami
version: 19.2.5
digest: sha256:9ecd8b6020982dfb58440e219ed45aadb2856be4c8719b94b364f85fc079e557
generated: "2024-09-04T14:30:06.1580989+02:00"
version: 23.1.15
digest: sha256:75e86638c376cf1a29ffe65dd2d723e30201f21964d90b39d35a73f40c3f3e7e
generated: "2024-09-19T16:23:42.643837319+02:00"
6 changes: 3 additions & 3 deletions charts/wordpress/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -2,11 +2,11 @@ apiVersion: v2
name: wordpress
description: Helm chart for managing WordPress
type: application
version: 0.1.1
appVersion: "6.4.3"
version: 0.1.2
appVersion: "6.6.2"
dependencies:
- name: wordpress
version: 19.2.5
version: 23.1.15
repository: https://charts.bitnami.com/bitnami
home: https://github.com/SUSE/lab-setup/tree/main/charts/wordpress
maintainers:
2 changes: 1 addition & 1 deletion charts/wordpress/README.md
View file
Original file line number Diff line number Diff line change
@@ -36,7 +36,7 @@ wordpress:
global:
storageClass: azureblob-fuse
wordpressUsername: myuser
wordpressBlogName: "My Wordpress!"
wordpressBlogName: "My WordPress!"
existingSecret: wordpress-credentials
ingress:
enabled: true
44 changes: 27 additions & 17 deletions scripts/README.md
View file
Original file line number Diff line number Diff line change
@@ -3,23 +3,33 @@
## Bash functions

Name | Source
-----------------------------------------------|---------------------------------------------------------------------------------------------
`k3s_copy_kubeconfig` | [scripts/k3s/cluster-lifecycle.sh](scripts/k3s/cluster-lifecycle.sh)
`k3s_create_cluster` | [scripts/k3s/cluster-lifecycle.sh](scripts/k3s/cluster-lifecycle.sh)
`k8s_create_letsencryptclusterissuer` | [scripts/kubernetes/certificate-management.sh](scripts/kubernetes/certificate-management.sh)
`k8s_install_certmanager` | [scripts/kubernetes/certificate-management.sh](scripts/kubernetes/certificate-management.sh)
`k8s_wait_fornodesandpods` | [scripts/kubernetes/cluster-status.sh](scripts/kubernetes/cluster-status.sh)
`rancher_create_apikey` | [scripts/rancher/user-actions.sh](scripts/rancher/user-actions.sh)
`rancher_create_customcluster` | [scripts/rancher/cluster-actions.sh](scripts/rancher/cluster-actions.sh)
`rancher_first_login` | [scripts/rancher/manager-lifecycle.sh](scripts/rancher/manager-lifecycle.sh)
`rancher_get_clusterid` | [scripts/rancher/cluster-actions.sh](scripts/rancher/cluster-actions.sh)
`rancher_get_clusterregistrationcommand` | [scripts/rancher/cluster-actions.sh](scripts/rancher/cluster-actions.sh)
`rancher_install_withcertmanagerclusterissuer` | [scripts/rancher/manager-lifecycle.sh](scripts/rancher/manager-lifecycle.sh)
`rancher_list_clusters` | [scripts/rancher/cluster-actions.sh](scripts/rancher/cluster-actions.sh)
`rancher_login_withpassword` | [scripts/rancher/user-actions.sh](scripts/rancher/user-actions.sh)
`rancher_update_password` | [scripts/rancher/user-actions.sh](scripts/rancher/user-actions.sh)
`rancher_update_serverurl` | [scripts/rancher/manager-settings.sh](scripts/rancher/manager-settings.sh)
`rancher_wait_capiready` | [scripts/rancher/manager-lifecycle.sh](scripts/rancher/manager-lifecycle.sh)
-----------------------------------------------|-----------------------------------------------------------------------------
`k3s_copy_kubeconfig` | [k3s/cluster_lifecycle.sh](k3s/cluster_lifecycle.sh)
`k3s_create_cluster` | [k3s/cluster_lifecycle.sh](k3s/cluster_lifecycle.sh)
`k8s_create_letsencryptclusterissuer` | [kubernetes/certificate_management.sh](kubernetes/certificate_management.sh)
`k8s_install_certmanager` | [kubernetes/certificate_management.sh](kubernetes/certificate_management.sh)
`k8s_wait_fornodesandpods` | [kubernetes/cluster_status.sh](kubernetes/cluster_status.sh)
`keycloak_login` | [authentication/keycloak.sh](authentication/keycloak.sh)
`keycloak_create_user` | [authentication/keycloak.sh](authentication/keycloak.sh)
`keycloak_delete_user` | [authentication/keycloak.sh](authentication/keycloak.sh)
`observability_check_stackpack` | [observability/stackpack.sh](observability/stackpack.sh)
`observability_create_ingestion_api_key` | [observability/api_key.sh](observability/api_key.sh)
`observability_delete_ingestion_api_key` | [observability/api_key.sh](observability/api_key.sh)
`observability_delete_stackpack` | [observability/stackpack.sh](observability/stackpack.sh)
`observability_get_component_snapshot` | [observability/stql.sh](observability/stql.sh)
`observability_get_component_state` | [observability/stql.sh](observability/stql.sh)
`observability_install_cli` | [observability/cli.sh](observability/cli.sh)
`rancher_create_apikey` | [rancher/user_actions.sh](rancher/user_actions.sh)
`rancher_create_customcluster` | [rancher/cluster_actions.sh](rancher/cluster_actions.sh)
`rancher_first_login` | [rancher/manager_lifecycle.sh](rancher/manager_lifecycle.sh)
`rancher_get_clusterid` | [rancher/cluster_actions.sh](rancher/cluster_actions.sh)
`rancher_get_clusterregistrationcommand` | [rancher/cluster_actions.sh](rancher/cluster_actions.sh)
`rancher_install_withcertmanagerclusterissuer` | [rancher/manager_lifecycle.sh](rancher/manager_lifecycle.sh)
`rancher_list_clusters` | [rancher/cluster_actions.sh](rancher/cluster_actions.sh)
`rancher_login_withpassword` | [rancher/user_actions.sh](rancher/user_actions.sh)
`rancher_update_password` | [rancher/user_actions.sh](rancher/user_actions.sh)
`rancher_update_serverurl` | [rancher/manager_settings.sh](rancher/manager_settings.sh)
`rancher_wait_capiready` | [rancher/manager_lifecycle.sh](rancher/manager_lifecycle.sh)

## Concrete examples

103 changes: 103 additions & 0 deletions scripts/authentication/keycloak.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,103 @@
#!/bin/bash

#######################################
# Login to Keycloak and get an access token
# Globals:
# SSO_ACCESS_TOKEN
# Arguments:
# kc_url (Keycloak)
# kc_realm (Keycloak)
# kc_client_id (Keycloak)
# kc_client_secret (Keycloak)
# kc_username (Keycloak)
# kc_password (Keycloak)
# Examples:
# keycloak_login https://sso.suse.com instruqt suse xxxxxx admin password
#######################################
keycloak_login() {
local kc_url=$1
local kc_realm=$2
local kc_client_id=$3
local kc_client_secret=$4
local kc_username=$5
local kc_password=$6

local response
response=$(curl -s -X POST "$kc_url/realms/$kc_realm/protocol/openid-connect/token" \
-H 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode "client_id=$kc_client_id" \
--data-urlencode "client_secret=$kc_client_secret" \
--data-urlencode "username=$kc_username" \
--data-urlencode "password=$kc_password" \
--data-urlencode 'grant_type=password')

echo $response | jq -r .access_token
}

#######################################
# Create a user in Keycloak
# Arguments:
# kc_url (Keycloak)
# kc_realm (Keycloak)
# kc_access_token (Keycloak)
# username
# password
# Examples:
# keycloak_create_user https://sso.suse.com instruqt $SSO_ACCESS_TOKEN user password group
#######################################
keycloak_create_user() {
local kc_url=$1
local kc_realm=$2
local kc_access_token=$3
local username=$4
local password=$5
local group=$6

local user_request
user_request=$(cat <<EOF
{
"username": "$username",
"enabled": true,
"emailVerified": true,
"requiredActions": [],
"email": "$username@instruqt.suse.io",
"groups": ["$group"],
"credentials": [
{
"type": "password",
"value": "$password"
}
]
}
EOF
)

curl -s -X POST "$kc_url/admin/realms/$kc_realm/users" \
-H "Authorization: Bearer $kc_access_token" \
-H 'Content-Type: application/json' \
--data-binary "$user_request"
}

#######################################
# Delete a user in Keycloak
# Arguments:
# kc_url (Keycloak)
# kc_realm (Keycloak)
# kc_access_token (Keycloak)
# username
# Examples:
# keycloak_delete_user https://sso.suse.com instruqt $SSO_ACCESS_TOKEN user
#######################################
keycloak_delete_user() {
local kc_url=$1
local kc_realm=$2
local kc_access_token=$3
local username=$4

local user_id
user_id=$(curl -s -X GET "$kc_url/admin/realms/$kc_realm/users?username=$username" \
-H "Authorization: Bearer $kc_access_token" | jq -r .[0].id)

curl -s -X DELETE "$kc_url/admin/realms/$kc_realm/users/$user_id" \
-H "Authorization: Bearer $kc_access_token"
}
0 scripts/k3s/cluster-lifecycle.sh → scripts/k3s/cluster_lifecycle.sh
View file
File renamed without changes.
0 scripts/kubernetes/certificate-management.sh → scripts/kubernetes/certificate_management.sh
View file
File renamed without changes.
0 scripts/kubernetes/cluster-status.sh → scripts/kubernetes/cluster_status.sh
View file
File renamed without changes.
49 changes: 49 additions & 0 deletions scripts/observability/api_key.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
#!/bin/bash

#######################################
# Create an Ingestion API key for SUSE Observability
# Output:
# The ingestion API key
# Arguments:
# url (SUSE Observability)
# service_token (SUSE Observability)
# cluster_name
# Examples:
# observability_create_ingestion_api_key https://obs.suse.com/ xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx demo
#######################################
observability_create_ingestion_api_key() {
local url=$1
local service_token=$2
local cluster_name=$3

local resp
resp=$(/usr/local/bin/sts ingestion-api-key create --name $cluster_name -o json --url $url --service-token $service_token)

echo $resp | jq -r '."ingestion-api-key".apiKey'
}

#######################################
# Delete an Ingestion API key for SUSE Observability
# Arguments:
# url (SUSE Observability)
# service_token (SUSE Observability)
# cluster_name
# Examples:
# observability_delete_ingestion_api_key https://obs.suse.com/ xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx demo
#######################################
observability_delete_ingestion_api_key() {
local url=$1
local service_token=$2
local cluster_name=$3

local keys key_id

keys=$(/usr/local/bin/sts ingestion-api-key list -o json --url $url --service-token $service_token)
key_id=$(echo $keys | jq -r '."ingestion-api-keys"[] | select(.name == "'$cluster_name'") | .id')
if [ -n "$key_id" ]; then
/usr/local/bin/sts ingestion-api-key delete --id $key_id --url $url --service-token $service_token
echo ">>> Ingestion API key for cluster '${cluster_name}' deleted"
else
echo ">>> Ingestion API key for cluster '${cluster_name}' not found"
fi
}
12 changes: 12 additions & 0 deletions scripts/observability/cli.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
#!/bin/bash

#######################################
# Install the SUSE Observability CLI
#######################################
observability_install_cli() {
if ! [ -x "$(command -v sts)" ]; then
curl -o- https://dl.stackstate.com/stackstate-cli/install.sh | STS_CLI_LOCATION=/usr/local/bin bash
else
echo ">>> sts CLI already installed"
fi
}
49 changes: 49 additions & 0 deletions scripts/observability/stackpack.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
#!/bin/bash

#######################################
# Delete a StackPack instance from SUSE Observability
# Arguments:
# url (SUSE Observability)
# service_token (SUSE Observability)
# cluster_name
# Examples:
# observability_delete_stackpack https://obs.suse.com/ xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx demo
#######################################
observability_delete_stackpack() {
local url=$1
local service_token=$2
local cluster_name=$3

local stackpacks stackpack_id
stackpacks=$(/usr/local/bin/sts stackpack list-instances --name kubernetes-v2 -o json --url $url --service-token $service_token)
stackpack_id=$(echo $stackpacks | jq -r '.instances[] | select(.config.kubernetes_cluster_name == "'$cluster_name'") | .id')
if [ -n "$stackpack_id" ]; then
/usr/local/bin/sts stackpack uninstall --id $stackpack_id --url $url --service-token $service_token --name kubernetes-v2
echo ">>> StackPack for cluster '${cluster_name}' deleted"
else
echo ">>> StackPack for cluster '${cluster_name}' not found"
fi
}

#######################################
# Check if a StackPack instance exists in SUSE Observability
# Arguments:
# url (SUSE Observability)
# service_token (SUSE Observability)
# cluster_name
# Returns:
# `true` if the StackPack instance exists, `false` otherwise
# Examples:
# observability_check_stackpack https://obs.suse.com/ xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx demo
#######################################
observability_check_stackpack() {
local url=$1
local service_token=$2
local cluster_name=$3

local stackpacks stackpack_id
stackpacks=$(/usr/local/bin/sts stackpack list-instances --name kubernetes-v2 -o json --url $url --service-token $service_token)
stackpack_id=$(echo $stackpacks | jq -r '.instances[] | select(.config.kubernetes_cluster_name == "'$cluster_name'") | .id')
[[ -n "$stackpack_id" ]]
return
}
61 changes: 61 additions & 0 deletions scripts/observability/stql.sh
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
#!/bin/bash

#######################################
# Get the state of a component in SUSE Observability
# Arguments:
# url (SUSE Observability)
# service_token (SUSE Observability)
# stql
# Output:
# "CRITICAL", "DEVIATING", "UNKNOWN" or "CLEAR"
# Examples:
# observability_get_component_state https://obs.suse.com/ xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx "lobel = \"cluster-name:$DOWNSTREAM_CLUSTER_NAME\" AND ..."
#######################################
observability_get_component_state() {
local url=$1
local service_token=$2
local stql=$3

local component
component=$(observability_get_component_snapshot $url $service_token "$stql")
echo $component | jq -r '.viewSnapshotResponse.components[0].state.healthState'
}

#######################################
# Query the snapshot of a component in SUSE Observability
# Arguments:
# url (SUSE Observability)
# service_token (SUSE Observability)
# stql
# Output:
# JSON viewSnapshotResponse
# Examples:
# observability_get_component_snapshot https://obs.suse.com/ xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx "lobel = \"cluster-name:$DOWNSTREAM_CLUSTER_NAME\" AND ..."
#######################################
observability_get_component_snapshot() {
local url=$1
local service_token=$2
local stql=$3

local req
req=$(cat <<EOF
{
"queryVersion": "1.0",
"metadata": {
"groupingEnabled": false,
"showIndirectRelations": false,
"minGroupSize": 10,
"groupedByLayer": false,
"groupedByDomain": false,
"groupedByRelation": false,
"autoGrouping": false,
"connectedComponents": false,
"neighboringComponents": false,
"showFullComponent": false
}
}
EOF
)
req=$(echo $req | jq --arg stql "$stql" '.query = "\($stql)"')
curl -s -k -H "Authorization: ApiKey $service_token" -H "Content-Type: application/json" -X POST -d "$req" $url/api/snapshot
}
0 scripts/rancher/cluster-actions.sh → scripts/rancher/cluster_actions.sh
View file
File renamed without changes.
0 scripts/rancher/manager-lifecycle.sh → scripts/rancher/manager_lifecycle.sh
View file
File renamed without changes.
0 scripts/rancher/manager-settings.sh → scripts/rancher/manager_settings.sh
View file
File renamed without changes.
0 scripts/rancher/user-actions.sh → scripts/rancher/user_actions.sh
View file
File renamed without changes.