IBM hosts a number of developer charts on the ibmcom
repository that can be used by the developer community. This repository contains multiple subscriptions that can be deployed to one or more managed clusters by using a subscription custom resource definition. This repository provides you with a guide for building a foundation for deploying the hosted developer charts by using channels and subscriptions.
This repository provides you with the YAML content to create and use the following channels and subscriptions:
-
Two channels and namespaces:
- A
secrets
channel that uses thevault
namespace. You can use this channel to store and apply secrets and configurations for the different developer edition charts. - An
ibmcom
channel that uses theibmcom
namespace. This channel represents the public IBM Helm repository.
- A
-
One
developer-editions
namespace:- This namespace is used to hold subscriptions, placement rules, and application resources
-
Two placement rules that search for managed clusters:
- The
dev-placementrule
rule targets managed clusters with the labelenvironment: Dev
- The
production-placementrule
rule targets managed clusters with the labelenvironment: Production
- The
-
One application resource:
- This resource associates subscriptions and placement rules by using a labelSelector on
purpose: developer-editions
.
- This resource associates subscriptions and placement rules by using a labelSelector on
To set up the channels, run the following commands:
kubectl apply -f ./channels/1-secret-vault-channel.yaml
kubectl apply -f ./channels/2-ibmcom-helm-channel.yaml
Namespaces:
vault
developer-editions
ibmcom
Channels:
- A channel that is called
secrets
. - A channel that is called
ibmcom
.
Application:
- A
developer-editions
application to group alldeveloper-editions
subscriptions and placement rules together.
Placement rules:
dev-placementrule
production-placementrule
A subscription monitors the Helm repository for new versions of a chart. If no chart is deployed or if a new version of a deployed chart is found, the chart or the new version of the chart is deployed.
The mq-adv-server-dev
chart requires two resources to be deployed. One is the resource that initiates the Helm install, the other is a secret that contains the password to be configured for the IBM MQ Administrators.
kubectl apply -f ./subscriptions/3-mqadvanced-subscription.yaml
Deployable:
- An
mq-secret-dev
deployable is created in thevault/secret
channel. This deployable contains a Kubernetes secret that has the IBM MQ Administrators password set in base64.
Subscriptions:
- An
mq-advanced-server-secret-dev
subscription that delivers the Kubernetes secret that is inside themq-secret-dev
deployable to the managed clusters that match the associated placement rule. - An
mq-advanced-server-dev
subscription that propagates to the managed clusters defined in the placement rule, and then deploys themq-adv-server-dev
Helm chart. This subscription also contains Helmvalues
overrides for the chart.
- When the subscription is created on the hub cluster with a placement rule, the placement rule is evaluated. All managed clusters that match the placement rule get propagated a copy of the subscription.
- Each propagated subscription on the managed cluster completes a different action
- The
type: Namespace
subscription subscribes thevalut
namespace on the hub cluster and delivers the Kubernetes secret (IBM MQ Administrator password) by finding the deployable resource in that namespace and extracting thespec.template
. - The
type: HelmRepo
subscription subscribes to the Helm repository path that was specified in the channel. The subscription identifies the correct Helm release and version in the source repository, and then creates aHelmRelease
resource on the managed cluster. TheHelmRelease
resource then deploys the Helm release by communicating with Tiller.
- The
Within the developer-editions
namespace, run the following command on the managed clusters to grant the default service account privileged
permission so that the chart can deploy:
oc adm policy add-scc-to-user privileged system:serviceaccount:developer-editions:default