From 9ee8c1237c66d9d2664f8d1d6700b6013c3760b9 Mon Sep 17 00:00:00 2001 From: Gerard Nguyen Date: Mon, 10 Mar 2025 11:42:24 +1100 Subject: [PATCH 1/3] done --- applications/fake-services/Makefile | 3 ++ applications/fake-services/app/Chart.lock | 6 +-- applications/fake-services/app/Chart.yaml | 2 +- .../app/templates/certificate.yaml | 21 +++++++++++ .../app/templates/cluster-issuer.yaml | 14 +++++++ .../fake-services/app/templates/ingress.yaml | 9 ++++- applications/fake-services/app/values.yaml | 10 +++-- .../fake-services/replicated/k8s-app.yaml | 2 +- .../fake-services/replicated/kots-app.yaml | 5 ++- .../fake-services/replicated/kots-chart.yaml | 10 +++++ .../fake-services/replicated/kots-config.yaml | 11 +++++- .../fake-services/replicated/kots-ec.yaml | 9 ++++- .../replicated/kots-preflight.yaml | 37 +++++++++++++++++++ .../replicated/kots-sample-config-values.yaml | 2 + 14 files changed, 128 insertions(+), 13 deletions(-) create mode 100644 applications/fake-services/app/templates/certificate.yaml create mode 100644 applications/fake-services/app/templates/cluster-issuer.yaml create mode 100644 applications/fake-services/replicated/kots-preflight.yaml diff --git a/applications/fake-services/Makefile b/applications/fake-services/Makefile index aa6734a6..e9dbb64c 100644 --- a/applications/fake-services/Makefile +++ b/applications/fake-services/Makefile @@ -23,6 +23,9 @@ helm-install-dry-run: helm-template: helm template $(REPLICATED_APP) $(CHART_DIR) +helm-template-with-values: + yq '.spec.values' replicated/kots-sample-config-values.yaml | helm template $(REPLICATED_APP) --values - $(CHART_DIR) + helm-install: helm install $(REPLICATED_APP) --debug --wait $(CHART_DIR) diff --git a/applications/fake-services/app/Chart.lock b/applications/fake-services/app/Chart.lock index 13568257..bdcd88e7 100644 --- a/applications/fake-services/app/Chart.lock +++ b/applications/fake-services/app/Chart.lock @@ -4,6 +4,6 @@ dependencies: version: 4.11.3 - name: replicated repository: oci://registry.replicated.com/library - version: 1.0.0-beta.31 -digest: sha256:c349fc2fe99276ed430877ef2a0cf0e05150cd27f6e4eae2d7bfe47733f64846 -generated: "2025-02-04T08:53:26.530341+11:00" + version: 1.1.1 +digest: sha256:6dd6d2b307511c54683f36157c6763aa55b9913b2717972e55feb6ef007797a0 +generated: "2025-03-05T13:09:57.471411+11:00" diff --git a/applications/fake-services/app/Chart.yaml b/applications/fake-services/app/Chart.yaml index 636e5592..9114f8f5 100644 --- a/applications/fake-services/app/Chart.yaml +++ b/applications/fake-services/app/Chart.yaml @@ -26,4 +26,4 @@ dependencies: condition: ingress-nginx.enabled - name: replicated repository: oci://registry.replicated.com/library - version: 1.0.0-beta.31 + version: 1.1.1 diff --git a/applications/fake-services/app/templates/certificate.yaml b/applications/fake-services/app/templates/certificate.yaml new file mode 100644 index 00000000..ec4bd55a --- /dev/null +++ b/applications/fake-services/app/templates/certificate.yaml @@ -0,0 +1,21 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ include "fake-service.name" . }}-cert +spec: + secretName: {{ include "fake-service.name" . }}-tls + duration: 2160h # 90 days + renewBefore: 360h # 15 days + subject: + organizations: + - Replicated + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + dnsNames: + - {{ .Values.ingress.host }} + issuerRef: + name: letsencrypt + kind: ClusterIssuer + group: cert-manager.io \ No newline at end of file diff --git a/applications/fake-services/app/templates/cluster-issuer.yaml b/applications/fake-services/app/templates/cluster-issuer.yaml new file mode 100644 index 00000000..219c8e1a --- /dev/null +++ b/applications/fake-services/app/templates/cluster-issuer.yaml @@ -0,0 +1,14 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + email: gerard@replicated.com + privateKeySecretRef: + name: letsencrypt-account-key + solvers: + - http01: + ingress: + class: nginx diff --git a/applications/fake-services/app/templates/ingress.yaml b/applications/fake-services/app/templates/ingress.yaml index 57b97646..c6e13fb3 100644 --- a/applications/fake-services/app/templates/ingress.yaml +++ b/applications/fake-services/app/templates/ingress.yaml @@ -2,10 +2,17 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ include "fake-service.name" . }}-ingress + annotations: + cert-manager.io/cluster-issuer: "letsencrypt" spec: ingressClassName: nginx + tls: + - hosts: + - {{ .Values.ingress.host }} + secretName: {{ include "fake-service.name" . }}-tls rules: - - http: + - host: {{ .Values.ingress.host }} + http: paths: - path: / pathType: Prefix diff --git a/applications/fake-services/app/values.yaml b/applications/fake-services/app/values.yaml index 6aa2c29c..c44d0e4a 100644 --- a/applications/fake-services/app/values.yaml +++ b/applications/fake-services/app/values.yaml @@ -7,14 +7,14 @@ image: frontend: name: "frontend" - message: "Hello from frontend!" + message: "New frontend update! This is the way!" serverType: "http" logLevel: "debug" port: 9090 backend: name: "backend" - message: "Hello from backend!" + message: "New backend update" serverType: "http" logLevel: "debug" port: 9091 @@ -40,7 +40,8 @@ ingress-nginx: service: type: NodePort nodePorts: - http: 30080 + http: 80 + https: 443 ingressClassResource: default: true @@ -54,3 +55,6 @@ rqliteui: cert-manager: enabled: true + +ingress: + host: gerard-vm.testcluster.net \ No newline at end of file diff --git a/applications/fake-services/replicated/k8s-app.yaml b/applications/fake-services/replicated/k8s-app.yaml index 861b3a7f..ac0365f1 100644 --- a/applications/fake-services/replicated/k8s-app.yaml +++ b/applications/fake-services/replicated/k8s-app.yaml @@ -7,4 +7,4 @@ spec: descriptor: links: - description: Open App - url: https://repl{{ ConfigOption "hostname" }}:30080 + url: https://repl{{ ConfigOption "hostname" }} diff --git a/applications/fake-services/replicated/kots-app.yaml b/applications/fake-services/replicated/kots-app.yaml index 6622b940..9beeaea2 100644 --- a/applications/fake-services/replicated/kots-app.yaml +++ b/applications/fake-services/replicated/kots-app.yaml @@ -6,7 +6,8 @@ spec: title: Fake Services icon: https://www.shareicon.net/data/256x256/2016/05/16/766096_zoo_512x512.png statusInformers: - - deployment/frontend + - '{{repl if ConfigOptionEquals "frontend_informer_enabled" "yessss"}}deployment/frontend{{repl end}}' - deployment/backend additionalImages: - - curlimages/curl:latest \ No newline at end of file + - curlimages/curl:latest + allowRollback: true diff --git a/applications/fake-services/replicated/kots-chart.yaml b/applications/fake-services/replicated/kots-chart.yaml index a6fa7e73..251b540c 100644 --- a/applications/fake-services/replicated/kots-chart.yaml +++ b/applications/fake-services/replicated/kots-chart.yaml @@ -36,9 +36,19 @@ spec: image: registry: '{{repl HasLocalRegistry | ternary LocalRegistryHost "quirkyquokka.dev" }}' image: '{{repl HasLocalRegistry | ternary LocalRegistryNamespace "proxy/gerard-helm-fake-service/429114214526.dkr.ecr.ap-southeast-2.amazonaws.com/gerard" }}/kube-webhook-certgen' + service: + type: NodePort + nodePorts: + http: "80" + https: "443" rqliteui: image: registry: '{{repl HasLocalRegistry | ternary LocalRegistryHost "quirkyquokka.dev" }}' repository: '{{repl HasLocalRegistry | ternary LocalRegistryNamespace "proxy/gerard-helm-fake-service/429114214526.dkr.ecr.ap-southeast-2.amazonaws.com/gerard" }}/rqman' imagePullSecrets: - name: "{{repl ImagePullSecretName }}" + ingress: + host: '{{repl ConfigOption "hostname" }}' + replicated: + podLabels: + message: thisistheway \ No newline at end of file diff --git a/applications/fake-services/replicated/kots-config.yaml b/applications/fake-services/replicated/kots-config.yaml index fa566b00..5c8de388 100644 --- a/applications/fake-services/replicated/kots-config.yaml +++ b/applications/fake-services/replicated/kots-config.yaml @@ -11,7 +11,7 @@ spec: - name: hostname title: Hostname type: text - required: false + required: true - name: password title: Password type: password @@ -20,6 +20,15 @@ spec: title: Frontend settings description: Frontend settings items: + - name: frontend_informer_enabled + type: radio + title: Frontend Informer Enabled + default: noooo + items: + - name: noooo + title: Noooo + - name: yessss + title: Yessss - name: frontend_name title: Service Name type: text diff --git a/applications/fake-services/replicated/kots-ec.yaml b/applications/fake-services/replicated/kots-ec.yaml index 39dbb14c..810075dd 100644 --- a/applications/fake-services/replicated/kots-ec.yaml +++ b/applications/fake-services/replicated/kots-ec.yaml @@ -1,7 +1,7 @@ apiVersion: embeddedcluster.replicated.com/v1beta1 kind: Config spec: - version: 2.0.0+k8s-1.30 + version: 2.1.2+k8s-1.30 roles: controller: name: management @@ -11,3 +11,10 @@ spec: - name: app labels: app: "true" + unsupportedOverrides: + k0s: | + config: + spec: + api: + extraArgs: + service-node-port-range: 80-32767 diff --git a/applications/fake-services/replicated/kots-preflight.yaml b/applications/fake-services/replicated/kots-preflight.yaml new file mode 100644 index 00000000..718291ac --- /dev/null +++ b/applications/fake-services/replicated/kots-preflight.yaml @@ -0,0 +1,37 @@ +apiVersion: troubleshoot.sh/v1beta2 +kind: Preflight +metadata: + name: preflight +spec: + analyzers: + - clusterVersion: + outcomes: + - fail: + when: "< 1.16.0" + message: The application requires at least Kubernetes 1.16.0, and recommends 1.18.0. + uri: https://kubernetes.io + - warn: + when: "< 1.18.0" + message: Your cluster meets the minimum version of Kubernetes, but we recommend you update to 1.18.0 or later. + uri: https://kubernetes.io + - pass: + message: Your cluster meets the recommended and required versions of Kubernetes. + - distribution: + outcomes: + - pass: + when: "== gke" + message: GKE is a supported platform + - pass: + when: "== aks" + message: AKS is a supported platform + - pass: + when: "== eks" + message: EKS is a supported platform + - fail: + when: "== docker-desktop" + message: This application does not support Docker Desktop + - fail: + when: "== microk8s" + message: This application does not support Microk8s + - warn: + message: The Kubernetes platform is not validated, but there are no known compatibility issues. diff --git a/applications/fake-services/replicated/kots-sample-config-values.yaml b/applications/fake-services/replicated/kots-sample-config-values.yaml index 0149aeb7..3519e418 100644 --- a/applications/fake-services/replicated/kots-sample-config-values.yaml +++ b/applications/fake-services/replicated/kots-sample-config-values.yaml @@ -10,3 +10,5 @@ spec: value: Payment frontend_name: value: Checkout + hostname: + value: gerard-vm.testcluster.net From 6d1db581ef6e10f3f7d67a8105fe10b42ec4cac2 Mon Sep 17 00:00:00 2001 From: Gerard Nguyen Date: Wed, 12 Mar 2025 15:59:13 +1100 Subject: [PATCH 2/3] code review --- .../fake-services/replicated/kots-config.yaml | 11 +---------- .../fake-services/replicated/kots-preflight.yaml | 3 +++ 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/applications/fake-services/replicated/kots-config.yaml b/applications/fake-services/replicated/kots-config.yaml index 5c8de388..fa566b00 100644 --- a/applications/fake-services/replicated/kots-config.yaml +++ b/applications/fake-services/replicated/kots-config.yaml @@ -11,7 +11,7 @@ spec: - name: hostname title: Hostname type: text - required: true + required: false - name: password title: Password type: password @@ -20,15 +20,6 @@ spec: title: Frontend settings description: Frontend settings items: - - name: frontend_informer_enabled - type: radio - title: Frontend Informer Enabled - default: noooo - items: - - name: noooo - title: Noooo - - name: yessss - title: Yessss - name: frontend_name title: Service Name type: text diff --git a/applications/fake-services/replicated/kots-preflight.yaml b/applications/fake-services/replicated/kots-preflight.yaml index 718291ac..d4b2781b 100644 --- a/applications/fake-services/replicated/kots-preflight.yaml +++ b/applications/fake-services/replicated/kots-preflight.yaml @@ -27,6 +27,9 @@ spec: - pass: when: "== eks" message: EKS is a supported platform + - pass: + when: "== k0s" + message: K0s is a supported platform - fail: when: "== docker-desktop" message: This application does not support Docker Desktop From 3b7a38b1e29719c061acb67fc8be50968bf93869 Mon Sep 17 00:00:00 2001 From: Gerard Nguyen Date: Wed, 12 Mar 2025 16:00:00 +1100 Subject: [PATCH 3/3] code review --- applications/fake-services/replicated/kots-app.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/applications/fake-services/replicated/kots-app.yaml b/applications/fake-services/replicated/kots-app.yaml index 9beeaea2..6622b940 100644 --- a/applications/fake-services/replicated/kots-app.yaml +++ b/applications/fake-services/replicated/kots-app.yaml @@ -6,8 +6,7 @@ spec: title: Fake Services icon: https://www.shareicon.net/data/256x256/2016/05/16/766096_zoo_512x512.png statusInformers: - - '{{repl if ConfigOptionEquals "frontend_informer_enabled" "yessss"}}deployment/frontend{{repl end}}' + - deployment/frontend - deployment/backend additionalImages: - - curlimages/curl:latest - allowRollback: true + - curlimages/curl:latest \ No newline at end of file