diff --git a/Makefile b/Makefile index f57298f5b..308173547 100644 --- a/Makefile +++ b/Makefile @@ -99,7 +99,7 @@ local-setup-kind: kind ## Setup kind clusters for multi cluster traffic controll ./hack/local-setup-kind.sh .PHONY: local-setup-mgc -local-setup-mgc: kustomize helm yq dev-tls istioctl operator-sdk clusteradm subctl ## Setup multi cluster traffic controller locally onto kind clusters. +local-setup-mgc: kustomize helm yq operator-sdk clusteradm ## Setup multi cluster traffic controller locally onto kind clusters. ./hack/local-setup-mgc.sh .PHONY: local-cleanup @@ -119,29 +119,6 @@ ifndef ignore-not-found ignore-not-found = false endif - -.PHONY: deploy-sample-applicationset -deploy-sample-applicationset: - kubectl apply -f ./samples/argocd-applicationset/echo-applicationset.yaml - .PHONY: thanos-manifests thanos-manifests: ./hack/thanos/thanos_build.sh ./hack/thanos/thanos.jsonnet ./hack/thanos/thanos_build.sh - -DEV_TLS_DIR = config/webhook-setup/control/tls -DEV_TLS_CRT ?= $(DEV_TLS_DIR)/tls.crt -DEV_TLS_KEY ?= $(DEV_TLS_DIR)/tls.key - -.PHONY: dev-tls -dev-tls: $(DEV_TLS_CRT) ## Generate dev tls webhook cert if necessary. -$(DEV_TLS_CRT): - openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $(DEV_TLS_KEY) -out $(DEV_TLS_CRT) -subj "/C=IE/O=Red Hat Ltd/OU=HCG/CN=webhook.172.31.0.2.nip.io" -addext "subjectAltName = DNS:webhook.172.31.0.2.nip.io" - -.PHONY: clear-dev-tls -clear-dev-tls: - -rm -f $(DEV_TLS_CRT) - -rm -f $(DEV_TLS_KEY) - -.PHONY: skupper-setup -skupper-setup: - ./hack/skupper/skupper-setup.sh \ No newline at end of file diff --git a/README.md b/README.md index 3cee9d8d0..d04278eba 100644 --- a/README.md +++ b/README.md @@ -12,17 +12,12 @@ Key Features: - Health checks to detect and take remedial action against unhealthy endpoints - Cloud DNS provider integrations (AWS route 53) with new ones being added (google DNS) - When deploying the multicluster gateway controller using the make targets, the following will be created: * Kind cluster(s) * Gateway API CRDs in the control plane cluster * Ingress controller * Cert manager -* ArgoCD instance -* K8s Dashboard * LetsEncrypt certs - - ## Prerequisites: * AWS or GCP @@ -71,28 +66,7 @@ When deploying the multicluster gateway controller using the make targets, the f make build-gateway-controller run-gateway-controller ``` -## 3. Running the agent in the cluster: -1. Build the agent image and load it into the workload cluster - ```sh - kubectl config use-context kind-mgc-workload-1 - make kind-load-agent - ``` - -1. Deploy the agent to the workload cluster - ```sh - make deploy-agent - ``` - -## 4. Running the agent locally -1. Target the workload cluster you wish to run on: -```sh -export KUBECONFIG=./tmp/kubeconfigs/mgc-workload-1.kubeconfig -``` -1. Run the agent locally: -```sh -make build-agent run-agent -``` -## 5. Clean up local environment +## 3. Clean up local environment In any terminal window target control plane cluster by: ```bash kubectl config use-context kind-mgc-control-plane @@ -121,4 +95,3 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. - diff --git a/config/argocd/.gitignore b/config/argocd/.gitignore deleted file mode 100644 index ebf1d3dce..000000000 --- a/config/argocd/.gitignore +++ /dev/null @@ -1 +0,0 @@ -charts diff --git a/config/argocd/ingress-argocd-server.yaml b/config/argocd/ingress-argocd-server.yaml deleted file mode 100644 index f5e93a911..000000000 --- a/config/argocd/ingress-argocd-server.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: ingress-argocd-server - namespace: argocd - annotations: - kubernetes.io/ingress.allow-http: "false" - nginx.ingress.kubernetes.io/ssl-passthrough: "true" - nginx.ingress.kubernetes.io/secure-backends: "true" -spec: - rules: - - host: argocd.127.0.0.1.nip.io - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: mgc-argocd-server - port: - number: 80 - - host: argocd.172.31.0.2.nip.io - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: mgc-argocd-server - port: - number: 80 diff --git a/config/argocd/kustomization.yaml b/config/argocd/kustomization.yaml deleted file mode 100644 index 342c2f3e6..000000000 --- a/config/argocd/kustomization.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -namespace: argocd - -resources: - - namespace.yaml - - ingress-argocd-server.yaml -helmCharts: - - name: argo-cd - repo: https://argoproj.github.io/argo-helm - version: v5.16.9 - releaseName: mgc - namespace: argocd diff --git a/config/argocd/namespace.yaml b/config/argocd/namespace.yaml deleted file mode 100644 index a040f2ba5..000000000 --- a/config/argocd/namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: argocd diff --git a/config/dashboard/kustomization.yaml b/config/dashboard/kustomization.yaml deleted file mode 100644 index 91025323d..000000000 --- a/config/dashboard/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -namespace: kubernetes-dashboard - -resources: -- rbac.yaml -- service_account.yaml diff --git a/config/dashboard/rbac.yaml b/config/dashboard/rbac.yaml deleted file mode 100644 index 23c11905b..000000000 --- a/config/dashboard/rbac.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: admin-user -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: -- kind: ServiceAccount - name: admin-user - namespace: kubernetes-dashboard \ No newline at end of file diff --git a/config/dashboard/service_account.yaml b/config/dashboard/service_account.yaml deleted file mode 100644 index 08b849ad4..000000000 --- a/config/dashboard/service_account.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: admin-user ---- -apiVersion: v1 -kind: Secret -metadata: - name: admin-user-token - annotations: - kubernetes.io/service-account.name: admin-user -type: kubernetes.io/service-account-token \ No newline at end of file diff --git a/config/external-dns/.gitignore b/config/external-dns/.gitignore deleted file mode 100644 index ebf1d3dce..000000000 --- a/config/external-dns/.gitignore +++ /dev/null @@ -1 +0,0 @@ -charts diff --git a/config/external-dns/kustomization.yaml b/config/external-dns/kustomization.yaml deleted file mode 100644 index f2a5e5c0e..000000000 --- a/config/external-dns/kustomization.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: external-dns -resources: - - namespace.yaml -helmCharts: - - name: external-dns - repo: https://charts.bitnami.com/bitnami - version: 6.12.1 - releaseName: mgc - namespace: external-dns - valuesInline: - provider: aws - aws: - zoneType: public - sources: - - crd - logLevel: debug - # annotationFilter: type=global - crd: - create: true - policy: sync - registry: txt - txtPrefix: mgc- diff --git a/config/external-dns/namespace.yaml b/config/external-dns/namespace.yaml deleted file mode 100644 index d18e962c6..000000000 --- a/config/external-dns/namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: external-dns diff --git a/config/kuadrant/redis/kustomization.yaml b/config/kuadrant/redis/kustomization.yaml deleted file mode 100644 index 3b01aa4ec..000000000 --- a/config/kuadrant/redis/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -resources: -- namespace.yaml -- redis-pod.yaml -- service.yaml \ No newline at end of file diff --git a/config/kuadrant/redis/limitador/kustomization.yaml b/config/kuadrant/redis/limitador/kustomization.yaml deleted file mode 100644 index 13b4107b9..000000000 --- a/config/kuadrant/redis/limitador/kustomization.yaml +++ /dev/null @@ -1,9 +0,0 @@ -resources: -- limitador.yaml -secretGenerator: - - name: redisconfig - namespace: kuadrant-system - literals: - - URL=redis://172.31.0.3:30611 - options: - disableNameSuffixHash: true \ No newline at end of file diff --git a/config/kuadrant/redis/limitador/limitador.yaml b/config/kuadrant/redis/limitador/limitador.yaml deleted file mode 100644 index b73c5887a..000000000 --- a/config/kuadrant/redis/limitador/limitador.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: limitador.kuadrant.io/v1alpha1 -kind: Limitador -metadata: - name: limitador - namespace: kuadrant-system -spec: - storage: - redis: - configSecretRef: - name: redisconfig - namespace: kuadrant-system diff --git a/config/kuadrant/redis/namespace.yaml b/config/kuadrant/redis/namespace.yaml deleted file mode 100644 index 7b5a5b558..000000000 --- a/config/kuadrant/redis/namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: redis diff --git a/config/kuadrant/redis/redis-pod.yaml b/config/kuadrant/redis/redis-pod.yaml deleted file mode 100644 index 216615b39..000000000 --- a/config/kuadrant/redis/redis-pod.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: redis - namespace: redis - labels: - app: redis -spec: - selector: - matchLabels: - app: redis - template: - metadata: - labels: - app: redis - spec: - containers: - - name: redis - image: redis diff --git a/config/kuadrant/redis/service.yaml b/config/kuadrant/redis/service.yaml deleted file mode 100644 index a0148e937..000000000 --- a/config/kuadrant/redis/service.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: redis - namespace: redis -spec: - selector: - app: redis - type: NodePort - ports: - - port: 6379 - nodePort: 30611 \ No newline at end of file diff --git a/config/local-setup/issuer/issuer.yaml b/config/local-setup/issuer/issuer.yaml deleted file mode 100644 index fdd2cb5bc..000000000 --- a/config/local-setup/issuer/issuer.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: glbc-ca -spec: - selfSigned: {} diff --git a/config/local-setup/issuer/kustomization.yaml b/config/local-setup/issuer/kustomization.yaml deleted file mode 100644 index 7a9676a44..000000000 --- a/config/local-setup/issuer/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: -- ./issuer.yaml \ No newline at end of file diff --git a/config/ocm/cluster-role-binding.yaml b/config/ocm/cluster-role-binding.yaml deleted file mode 100644 index d23706539..000000000 --- a/config/ocm/cluster-role-binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kuadrant-addon -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kuadrant-addon -subjects: - - kind: ServiceAccount - name: kuadrant-addon-sa - namespace: ocm-addon-manager \ No newline at end of file diff --git a/config/ocm/cluster-role.yaml b/config/ocm/cluster-role.yaml deleted file mode 100644 index 601671766..000000000 --- a/config/ocm/cluster-role.yaml +++ /dev/null @@ -1,47 +0,0 @@ - kind: ClusterRole - apiVersion: rbac.authorization.k8s.io/v1 - metadata: - name: kuadrant-addon - rules: - - apiGroups: [""] - resources: ["configmaps", "events"] - verbs: ["get", "list", "watch", "create", "update", "delete", "deletecollection", "patch"] - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["get", "list", "watch", "create", "update", "patch"] - - apiGroups: ["rbac.authorization.k8s.io"] - resources: ["roles", "rolebindings"] - verbs: ["get", "list", "watch", "create", "update", "delete"] - - apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["get", "create"] - - apiGroups: ["certificates.k8s.io"] - resources: ["certificatesigningrequests", "certificatesigningrequests/approval"] - verbs: ["get", "list", "watch", "create", "update"] - - apiGroups: ["certificates.k8s.io"] - resources: ["signers"] - verbs: ["approve"] - - apiGroups: ["cluster.open-cluster-management.io"] - resources: ["managedclusters"] - verbs: ["get", "list", "watch", "update"] - - apiGroups: ["work.open-cluster-management.io"] - resources: ["manifestworks"] - verbs: ["create", "update", "get", "list", "watch", "delete", "deletecollection", "patch"] - - apiGroups: ["addon.open-cluster-management.io"] - resources: ["managedclusteraddons/finalizers"] - verbs: ["update"] - - apiGroups: [ "addon.open-cluster-management.io" ] - resources: [ "clustermanagementaddons/finalizers" ] - verbs: [ "update" ] - - apiGroups: ["addon.open-cluster-management.io"] - resources: ["clustermanagementaddons"] - verbs: ["get", "list", "watch"] - - apiGroups: ["addon.open-cluster-management.io"] - resources: ["managedclusteraddons"] - verbs: ["get", "list", "watch", "create", "update", "delete"] - - apiGroups: ["addon.open-cluster-management.io"] - resources: ["managedclusteraddons/status"] - verbs: ["update", "patch"] - - apiGroups: ["kuadrant.io/v1beta1"] - resources: ["kuadrant"] - verbs: ["get", "list", "watch", "create", "update"] \ No newline at end of file diff --git a/config/ocm/deployment.yaml b/config/ocm/deployment.yaml deleted file mode 100644 index 47dbbdadc..000000000 --- a/config/ocm/deployment.yaml +++ /dev/null @@ -1,23 +0,0 @@ -kind: Deployment -apiVersion: apps/v1 -metadata: - name: kuadrant-addon-controller - namespace: ocm-addon-manager - labels: - app: kuadrant-addon-controller -spec: - replicas: 1 - selector: - matchLabels: - app: kuadrant-addon-controller - template: - metadata: - labels: - app: kuadrant-addon-controller - spec: - serviceAccountName: kuadrant-addon-sa - containers: - - name: kuadrant-addon-controller - image: ocm:v1.0.0 - imagePullPolicy: IfNotPresent - \ No newline at end of file diff --git a/config/ocm/namespace.yaml b/config/ocm/namespace.yaml deleted file mode 100644 index 5f4013523..000000000 --- a/config/ocm/namespace.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: ocm-addon-manager -spec: {} \ No newline at end of file diff --git a/config/ocm/service-account.yaml b/config/ocm/service-account.yaml deleted file mode 100644 index 1d70ae550..000000000 --- a/config/ocm/service-account.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kuadrant-addon-sa - namespace: ocm-addon-manager \ No newline at end of file diff --git a/config/quick-start/control-cluster/kustomization.yaml b/config/quick-start/control-cluster/kustomization.yaml index 4fe5671fa..a83d21ded 100644 --- a/config/quick-start/control-cluster/kustomization.yaml +++ b/config/quick-start/control-cluster/kustomization.yaml @@ -20,4 +20,4 @@ patchesStrategicMerge: metadata: name: mgc-cert-manager-webhook namespace: cert-manager - $patch: delete \ No newline at end of file + $patch: delete diff --git a/config/samples/secret.yaml b/config/samples/secret.yaml deleted file mode 100644 index 24c4f2dfb..000000000 --- a/config/samples/secret.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - labels: - argocd.argoproj.io/secret-type: cluster - name: cluster1 -stringData: - name: cluster1 - server: https://127.0.0.1:64094 - config: | - { - "tlsClientConfig": { - "insecure": true, - "caData": "", - "certData": "", - "keyData": "" - } - } \ No newline at end of file diff --git a/config/webhook-setup/control/tls/tls.crt b/config/webhook-setup/control/tls/tls.crt deleted file mode 100644 index f6fc28a4a..000000000 --- a/config/webhook-setup/control/tls/tls.crt +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDsTCCApmgAwIBAgIUTt2HREb9h1o4ZmwlJqTr5AfjtuIwDQYJKoZIhvcNAQEL -BQAwVTELMAkGA1UEBhMCSUUxFDASBgNVBAoMC1JlZCBIYXQgTHRkMQwwCgYDVQQL -DANIQ0cxIjAgBgNVBAMMGXdlYmhvb2suMTcyLjMyLjAuMi5uaXAuaW8wHhcNMjMw -MjE2MTYyNjE5WhcNMjQwMjE2MTYyNjE5WjBVMQswCQYDVQQGEwJJRTEUMBIGA1UE -CgwLUmVkIEhhdCBMdGQxDDAKBgNVBAsMA0hDRzEiMCAGA1UEAwwZd2ViaG9vay4x -NzIuMzIuMC4yLm5pcC5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -ALGREFtU2Olb6ipcUC34KFS2+aNvhtwwpcZUKZe53GAemtgzYx4WhJ/e4q0iHc8f -iKIavpqoNiXgEKI8TwpErtD4NFor9jZ1C02al10zBPGCjYMVphG0AnphVy6hlYh6 -ppWF443YYB2Ijnijp9qzlHxxLOHDZb86mHv/cT8CpVMzXp0QBX2+jO6sw58Ykpr3 -HWjhKXjOP6VzR6mYopGlkuXRlHGZqXakQGW5DcY9rMEyQx6ASFo2bvDPzCbaKLai -B7LqapY57J6H+YlsmLju+sjULLM8YljA+q+nHRIi0z/E4NiyZkeuuOnGoYMcr1z+ -RWk8Xp7IA2zXe4QVD+R9gscCAwEAAaN5MHcwHQYDVR0OBBYEFEHFGXHojk2mUs6i -UUwMabSuOapIMB8GA1UdIwQYMBaAFEHFGXHojk2mUs6iUUwMabSuOapIMA8GA1Ud -EwEB/wQFMAMBAf8wJAYDVR0RBB0wG4IZd2ViaG9vay4xNzIuMzIuMC4yLm5pcC5p -bzANBgkqhkiG9w0BAQsFAAOCAQEAg7K1BX7vIFvDi1hFje831NoJerBdOfR5Up9c -SoidL+U2qiPtl69I1MOhTwjnBNY+v91AwMKVH7TarPPWC3GXnLBLj2eMAFpuul/r -mpay65s5GJRITZkw1U3de+fSihHJxJklYdZNbisKmemDFcg+7v4fBePVpiU0p53v -o3E5K28TgCUeKVWG7j42d4ibMH7oM+NnWBy9W4S66TBTnYsU0mwEnnGYIKR0BIyl -qcBbH3VKgKCmbk+zG8K04KaBxfkOHN/HIbQ3074hhnDWpDzJU/E8T9EIWiwKuwON -cQItEmu3967oXjw6F4YHUj7oYyZkjSWLISG9fv/O7Rzg6fLILw== ------END CERTIFICATE----- diff --git a/config/webhook-setup/control/tls/tls.key b/config/webhook-setup/control/tls/tls.key deleted file mode 100644 index ea0672f54..000000000 --- a/config/webhook-setup/control/tls/tls.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCxkRBbVNjpW+oq -XFAt+ChUtvmjb4bcMKXGVCmXudxgHprYM2MeFoSf3uKtIh3PH4iiGr6aqDYl4BCi -PE8KRK7Q+DRaK/Y2dQtNmpddMwTxgo2DFaYRtAJ6YVcuoZWIeqaVheON2GAdiI54 -o6fas5R8cSzhw2W/Oph7/3E/AqVTM16dEAV9vozurMOfGJKa9x1o4Sl4zj+lc0ep -mKKRpZLl0ZRxmal2pEBluQ3GPazBMkMegEhaNm7wz8wm2ii2ogey6mqWOeyeh/mJ -bJi47vrI1CyzPGJYwPqvpx0SItM/xODYsmZHrrjpxqGDHK9c/kVpPF6eyANs13uE -FQ/kfYLHAgMBAAECggEAVhZkDTuSHHVNDrOJxfe5qfS6DDROeGN3g7ObJK3d+5Xq -8aXcSKKXMyEu2cygEiKSLjF0NmwWMH+04MsHcQ2CidrEGvGUYauWSs4H044gN+zZ -KfPte0jAKNAXogqCAlSgff6XJ9Z/JuJlXHTPtPb6puiB34TJyBAjDH74Sxm/yJlg -lIGgL+NzeUKgPFrRha0Ggw3qvyIik9wAChd6ogziVN1kXnPgObxZ31gQpKJWyRYK -SMGWQH9Rbw2aDo7nPXCL4JfAa6amANEMhSodue1bSLHhaMX/qkfeJPcPvuzt2ZCO -pYEFdvdfEWDejagqxBu2LswiF4iOXk6aVhqouEGQmQKBgQDJcjAvCoRuwKfbpMMt -BU/X4bbSbpILwoqEYfK4v1FavCy23SQjzG/7wBMImBsIu6jt0PRny4eNYAuYL6y+ -MRz/kR5bIWadd1YcGG1gLC46qoUpgSq1nBJu3mTVTRNOqGujk7xOswtyLty1joIs -5bSbUQCrSTukW08Ol4DJMiUduQKBgQDhp16ytYHOcRGnBKqRk3UddbG9bqzPXvZx -yEQuBzP+AlHjayHx9FceMoWq1tRZ6N724E1bzQ9hdbPbwYKGLK9Ah7SVA7RFs9Z9 -1sjJ2pyCHHAmc6+sb8oPv6LzbtQwErHDpN3lqMw86icSMaVWwiZaJxqbb4j66qyR -cvJBN/PkfwKBgHjz/QZhtD6joqX4+c+wXs5qklErXrl855qxDQHsrbZjQh3SDf8I -ozxviX4hhinqM3YHfphL1moGfy+zgG76IkU5JxbkqS5nFubrq9CQ9nj3JdlT2wcM -XO0Az15bVvplmauv6uL+EiNPC+pfVL4MdjLDojk2UX9P69oBEay8VRjRAoGAK/SM -T8dnd60ywRP5nc3ZfFmWu825P9PBsbxO+6BPkmUlSmVuAVGVPr6cpwCd8L2Z4QEk -UIOLQXLKDD6PjE9b+/fzRyunjARR/cU+64L4BahAeF0ElVRZSeQMe9rU3mBl3DRb -PQc6cYsy/SpKiLHdAqanWivJxQa9gr+fTPD3Q0UCgYBcuP9rxYH1tdddHO+P00ry -OH1CA8+E2ERG/yuTikwtcxwMhh2P/vq70ururuS3aY1Imz5ZK/+MK0nzMyip2Qfg -LWCl5SqDCu8EIqz/VDLENSH4fN49abWsX+Gwx7a3WDWKDky85vcttRnCE+XGNOOE -SuczhKKvnu4JWPSyHZIhgg== ------END PRIVATE KEY----- diff --git a/docs/experimental/skupper-poc-2-gateways-resiliency-walkthrough.md b/docs/experimental/skupper-poc-2-gateways-resiliency-walkthrough.md deleted file mode 100644 index 0f887853e..000000000 --- a/docs/experimental/skupper-poc-2-gateways-resiliency-walkthrough.md +++ /dev/null @@ -1,100 +0,0 @@ -# Skupper proof of concept: 2 clusters & gateways, resiliency walkthrough - -## Introduction - -This walkthrough shows how Skupper can be used to provide service resiliency -across 2 clusters. Each cluster is running a Gateway with a HttpRoute in front -of an application Service. By leveraging Skupper, the application Service can be -exposed (using the skupper cli) from either cluster. If the Service is -unavailable on the local cluster, it will be routed to another cluster that has -exposed that Service. This can be very useful in a situation where directing -traffic to a specific Gateway via other means (like DNS) may take some time -to take effect. - -![arch](../images/skupper/skupper-poc-2-gateways-resiliency-walkthrough.png) - -## Video Demo - - - -## Requirements - -* Local environment has been set up with a hub and spoke cluster, as per the [Multicluster Gateways Walkthrough](../how-to/multicluster-gateways-walkthrough.md). - * The example multi-cluster Gateway has been deployed to both clusters - * The example echo HttpRoute, Service and Deployment have been deployed to both clusters in the `default` namespace, and the `MGC_SUB_DOMAIN` env var set in your terminal -* [Skupper CLI](https://skupper.io/docs/cli/index.html#installing-cli) has been installed. - -## Skupper Setup - -Continuing on from the previous walkthrough, in first terminal, `T1`, install -Skupper on the hub & spoke clusters using the following command: - -```bash -make skupper-setup -``` - -In `T1` expose the Service in the `default` namespace: - -```bash -skupper expose deployment/echo --port 8080 -``` - -Do the same in the workload cluster `T2`: - -```bash -skupper expose deployment/echo --port 8080 -``` - -Verify the application route can be hit, -taking note of the pod name in the response: - -```bash -curl -k https://$MGC_SUB_DOMAIN -Request served by -``` - -Locate the pod that is currently serving requests. It is either in the hub or -spoke cluster. There goal is to scale down the deployment to 0 replicas. -Check in both `T1` and `T2`: - -```bash -kubectl get po -n default | grep echo -``` - -Run this command to scale down the deployment in the right cluster: - -```bash -kubectl scale deployment echo --replicas=0 -n default -``` - -Verify the application route can still be hit, -and the pod name matches the one that has *not* been scaled down. - -```bash -curl -k https://$MGC_SUB_DOMAIN -``` - -You can also force resolve the DNS result to alternate between the 2 Gateway -clusters to verify requests get routed across the Skupper network. - -```bash -curl -k --resolve $MGC_SUB_DOMAIN:443:172.31.200.2 https://$MGC_SUB_DOMAIN -curl -k --resolve $MGC_SUB_DOMAIN:443:172.31.201.2 https://$MGC_SUB_DOMAIN -``` - -## Known Issues - -If you get an error response `no healthy upstream` from curl, there may be a -problem with the skupper network or link. Check back on the output from earlier -commands for any indication of problems setting up the network or link. The -skupper router & service controller logs can be checked in the `default` -namespace in both clusters. - -You may see an error like below when running the `make skupper-setup` cmd. -``` -Error: Failed to create token: Policy validation error: Timed out trying to communicate with the API: context deadline exceeded -``` -This may be a timing issue or a platform specific problem. Either way, you can -try install a different version of the skupper CLI. This problem was seen on at -least 1 setup when using skupper v1.4.2, but didn't happen when dropped back to -1.3.0. diff --git a/docs/experimental/submariner-poc-2-gateways-resiliency-walkthrough.md b/docs/experimental/submariner-poc-2-gateways-resiliency-walkthrough.md deleted file mode 100644 index eeb5fe3aa..000000000 --- a/docs/experimental/submariner-poc-2-gateways-resiliency-walkthrough.md +++ /dev/null @@ -1,436 +0,0 @@ -# Submariner proof of concept 2 clusters & gateways resiliency walkthrough - -## Introduction - -This walkthrough shows how submariner can be used to provide service resiliency across 2 clusters. -Each cluster is running a Gateway with a HttpRoute in front of an application Service. -By leveraging Submariner (and the Multi Cluster Services API), the application Service can be exported (via a ServiceExport resource) from either cluster, -and imported (via a ServiceImport resource) to either cluster. -This provides a clusterset hostname for the service in either cluster e.g. echo.default.svc.clusterset.local -The HttpRoute has a backendRef to a Service that points to this hostname. -If the Service is unavailable on the local cluster, it will be routed to another cluster that has exported that Service. - -## Requirements - -* Local development environment has been set up as per the main README i.e. local env files have been created with AWS credentials & a zone - ->**Note:** :exclamation: this walkthrough will setup a zone in your AWS account and make changes to it for DNS purposes - ->**Note:** :exclamation: `replace.this` is a placeholder that you will need to replace with your own domain - -## Installation and Setup - -For this walkthrough, we're going to use multiple terminal sessions/windows, all using `multicluster-gateway-controller` as the `pwd`. - -Open three windows, which we'll refer to throughout this walkthrough as: - -* `T1` (Hub Cluster) -* `T2` (Where we'll run our controller locally) -* `T3` (Workloads cluster) - -To setup a local instance with submariner, in `T1`, create kind clusters by: - -```bash -make local-setup-kind MGC_WORKLOAD_CLUSTERS_COUNT=1 -``` -And deploy onto them by running: -```bash -make local-setup-mgc OCM_SINGLE=true SUBMARINER=true MGC_WORKLOAD_CLUSTERS_COUNT=1 -``` - -In the hub cluster (`T1`) we are going to label the control plane managed cluster as an Ingress cluster: - -```bash -kubectl label managedcluster kind-mgc-control-plane ingress-cluster=true -kubectl label managedcluster kind-mgc-workload-1 ingress-cluster=true -``` - -Next, in `T1`, create the ManagedClusterSet that uses the ingress label to select clusters: - -```bash -kubectl apply -f - <**Note:** :exclamation: this walkthrough will setup a zone in your AWS account and make changes to it for DNS purposes - ->**Note:** :exclamation: `replace.this` is a placeholder that you will need to replace with your own domain - -## Installation and Setup - -For this walkthrough, we're going to use multiple terminal sessions/windows, all using `multicluster-gateway-controller` as the `pwd`. - -Open three windows, which we'll refer to throughout this walkthrough as: - -* `T1` (Hub Cluster) -* `T2` (Where we'll run our controller locally) -* `T3` (Workload cluster 1) -* `T4` (Workload cluster 2) - -To setup a local instance with submariner, in `T1`, create kind clusters: - -```bash -make local-setup-kind MGC_WORKLOAD_CLUSTERS_COUNT=2 -``` -And deploy onto the using: -```bash -make local-setup-mgc OCM_SINGLE=true SUBMARINER=true MGC_WORKLOAD_CLUSTERS_COUNT=2 -``` - -In the hub cluster (`T1`) we are going to label the control plane managed cluster as an Ingress cluster: - -```bash -kubectl label managedcluster kind-mgc-control-plane ingress-cluster=true -``` - -Next, in `T1`, create the ManagedClusterSet that uses the ingress label to select clusters: - -```bash -kubectl apply -f - <- - { - "tlsClientConfig": - { - "insecure": true, - "caData": "${caData}", - "certData": "${certData}", - "keyData": "${keyData}" - } - } - name: ${targetClusterName} - server: ${server} -type: Opaque -EOF - -} - -makeSecretForCluster() { - local clusterName=$1 - local targetClusterName=$2 - local localAccess=$3 - - if [ "$localAccess" != "true" ]; then - internalFlag="--internal" - fi - - local tmpfile=$(mktemp /tmp/kubeconfig-internal.XXXXXX) - ${KIND_BIN} export kubeconfig -q $internalFlag --name ${clusterName} --kubeconfig ${tmpfile} - - makeSecretForKubeconfig $tmpfile kind-$clusterName $targetClusterName - rm -f $tmpfile -} - -setNamespacedName() { - namespace=$1 - name=$2 - cat /dev/stdin | ${YQ_BIN} '.metadata.namespace="'$namespace'"' | ${YQ_BIN} '.metadata.name="'$name'"' -} - -setLabel() { - label=$1 - value=$2 - cat /dev/stdin | ${YQ_BIN} '.metadata.labels."'$label'"="'$value'"' -} - -setConfig() { - expr=$1 - - cp /dev/stdin /tmp/doctmp - config=$(cat /tmp/doctmp | ${YQ_BIN} '.stringData.config') - updatedConfig=$(echo $config | ${YQ_BIN} -P $expr -o=json) - - cat /tmp/doctmp | cfg=$updatedConfig ${YQ_BIN} '.stringData.config=strenv(cfg)' -} diff --git a/hack/.deployUtils b/hack/.deployUtils index 4f97a7952..0c1994349 100644 --- a/hack/.deployUtils +++ b/hack/.deployUtils @@ -53,27 +53,13 @@ deployOLM(){ ${OPERATOR_SDK_BIN} olm install --timeout 10m0s } - deployOCMHub(){ clusterName=${1} - minimal=${2} echo "installing the hub cluster in kind-(${clusterName}) " ${CLUSTERADM_BIN} init --bundle-version='0.11.0' --wait --context kind-${clusterName} echo "PATCHING CLUSTERMANAGER: placement image patch to use amd64 image - See https://kubernetes.slack.com/archives/C01GE7YSUUF/p1685016272443249" kubectl patch clustermanager cluster-manager --type='merge' -p '{"spec":{"placementImagePullSpec":"quay.io/open-cluster-management/placement:v0.11.0-amd64"}}' --context kind-${clusterName} echo "checking if cluster is single or multi" - if [[ -n "${OCM_SINGLE}" ]]; then - deployOCMSpoke ${clusterName} - deployOLM ${KIND_CLUSTER_CONTROL_PLANE} - - if ! [[ -n "${minimal}" ]]; then - deployIstio ${KIND_CLUSTER_CONTROL_PLANE} - fi - fi - if ! [[ -n "${minimal}" ]]; then - echo "Installing Redis in kind-mgc-control-plane" - ${KUSTOMIZE_BIN} build ${REDIS_KUSTOMIZATION_DIR} | kubectl apply -f - - fi } deployOCMSpoke() { @@ -94,24 +80,7 @@ deployOCMSpoke() { done } - - -# local-setup-mgc specific functions LOCAL_SETUP_DIR="$(dirname "${BASH_SOURCE[0]}")" -REDIS_KUSTOMIZATION_DIR=${LOCAL_SETUP_DIR}/../config/kuadrant/redis - -deployMetalLB () { - local METALLB_KUSTOMIZATION_DIR=${LOCAL_SETUP_DIR}/../config/metallb - clusterName=${1} - metalLBSubnet=${2} - - kubectl config use-context kind-${clusterName} - echo "Deploying MetalLB to ${clusterName}" - ${KUSTOMIZE_BIN} build ${METALLB_KUSTOMIZATION_DIR} | kubectl apply -f - - echo "Waiting for deployments to be ready ..." - kubectl -n metallb-system wait --for=condition=ready pod --selector=app=metallb --timeout=600s - configureMetalLB ${clusterName} ${metalLBSubnet} -} deployIngressController () { local INGRESS_NGINX_KUSTOMIZATION_DIR="$2" @@ -126,160 +95,6 @@ deployIngressController () { kubectl -n ingress-nginx wait --timeout=600s --for=condition=Available deployments --all } -deployCertManager() { - local CERT_MANAGER_KUSTOMIZATION_DIR=${LOCAL_SETUP_DIR}/../config/cert-manager - clusterName=${1} - echo "Deploying Cert Manager to (${clusterName})" - - kubectl config use-context kind-${clusterName} - - ${KUSTOMIZE_BIN} build ${CERT_MANAGER_KUSTOMIZATION_DIR} --enable-helm --helm-command ${HELM_BIN} | kubectl apply -f - - echo "Waiting for Cert Manager deployments to be ready..." - kubectl -n cert-manager wait --timeout=300s --for=condition=Available deployments --all - - kubectl delete validatingWebhookConfiguration mgc-cert-manager-webhook - kubectl delete mutatingWebhookConfiguration mgc-cert-manager-webhook -} - -deployExternalDNS() { - local EXTERNAL_DNS_KUSTOMIZATION_DIR=${LOCAL_SETUP_DIR}/../config/external-dns - clusterName=${1} - echo "Deploying ExternalDNS to (${clusterName})" - - kubectl config use-context kind-${clusterName} - - ${KUSTOMIZE_BIN} build ${EXTERNAL_DNS_KUSTOMIZATION_DIR} --enable-helm --helm-command ${HELM_BIN} | kubectl apply -f - - echo "Waiting for External DNS deployments to be ready..." - kubectl -n external-dns wait --timeout=300s --for=condition=Available deployments --all -} - -deployArgoCD() { - local ARGOCD_KUSTOMIZATION_DIR=${LOCAL_SETUP_DIR}/../config/argocd - clusterName=${1} - echo "Deploying ArgoCD to (${clusterName})" - - kubectl config use-context kind-${clusterName} - - ${KUSTOMIZE_BIN} build ${ARGOCD_KUSTOMIZATION_DIR} --enable-helm --helm-command ${HELM_BIN} | kubectl apply -f - - echo "Waiting for ARGOCD deployments to be ready..." - kubectl -n argocd wait --timeout=300s --for=condition=Available deployments --all - - ports=$(docker ps --format '{{json .}}' | jq "select(.Names == \"$clusterName-control-plane\").Ports") - httpsport=$(echo $ports | sed -e 's/.*0.0.0.0\:\(.*\)->443\/tcp.*/\1/') - argoPassword=$(kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d) - nodeIP=$(kubectl get nodes -o json | jq -r ".items[] | select(.metadata.name == \"$clusterName-control-plane\").status | .addresses[] | select(.type == \"InternalIP\").address") - - echo -ne "\n\n\tConnect to ArgoCD UI\n\n" - echo -ne "\t\tLocal URL: https://argocd.127.0.0.1.nip.io:$httpsport\n" - echo -ne "\t\tNode URL : https://argocd.$nodeIP.nip.io\n" - echo -ne "\t\tUser : admin\n" - echo -ne "\t\tPassword : $argoPassword\n\n\n" -} - -deployIstio() { - local ISTIO_KUSTOMIZATION_DIR=${LOCAL_SETUP_DIR}/../config/istio/istio-operator.yaml - clusterName=${1} - echo "Deploying Istio to (${clusterName})" - - kubectl config use-context kind-${clusterName} - ${ISTIOCTL_BIN} operator init - kubectl apply -f ${ISTIO_KUSTOMIZATION_DIR} -} - -installGatewayAPI() { - local GATEWAY_API_KUSTOMIZATION_DIR=${LOCAL_SETUP_DIR}/../config/gateway-api - clusterName=${1} - kubectl config use-context kind-${clusterName} - echo "Installing Gateway API in ${clusterName}" - - ${KUSTOMIZE_BIN} build ${GATEWAY_API_KUSTOMIZATION_DIR} | kubectl apply -f - -} - - -deployRedis(){ - clusterName=${1} - - kubectl config use-context kind-${clusterName} - echo "Installing Redis in kind-${clusterName}" - ${KUSTOMIZE_BIN} build ${REDIS_KUSTOMIZATION_DIR} | kubectl apply -f - -} - -deployDashboard() { - clusterName=${1} - portOffset=${2} - - echo "Deploying Kubernetes Dashboard to (${clusterName})" - - kubectl config use-context kind-${clusterName} - - kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml - ${KUSTOMIZE_BIN} build config/dashboard | kubectl apply -f - - - kubectl wait --timeout=-30s --for=condition=Available deployment kubernetes-dashboard -n kubernetes-dashboard - - token=$(kubectl get secret/admin-user-token -n kubernetes-dashboard -o go-template="{{.data.token | base64decode}}") - - port=$((proxyPort + portOffset)) - - kubectl proxy --context kind-${clusterName} --port ${port} & - proxyPID=$! - echo $proxyPID >> /tmp/dashboard_pids - - echo -ne "\n\n\tAccess Kubernetes Dashboard\n\n" - echo -ne "\t\t\t* The dashboard is available at http://localhost:$port/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/\n" - echo -ne "\t\tAccess the dashboard using the following Bearer Token: $token\n" -} - -deployAgentSecret() { - clusterName=${1} - localAccess=${2:=LOCAL_ACCESS} - if [ $localAccess == "true" ]; then - secretName=control-plane-cluster - else - secretName=control-plane-cluster-internal - fi - echo "Deploying the agent secret to (${clusterName})" - - kubectl config use-context kind-${clusterName} - - kubectl create namespace mgc-system || true - - makeSecretForCluster $KIND_CLUSTER_CONTROL_PLANE $clusterName $localAccess | - setNamespacedName mgc-system ${secretName} | - setLabel argocd.argoproj.io/secret-type cluster | - kubectl apply -f - -} - -initController() { - clusterName=${1} - kubectl config use-context kind-${clusterName} - echo "Initialize local dev setup for the controller on ${clusterName}" -# # Add the mgc CRDs - ${KUSTOMIZE_BIN} build config/local-setup/controller/ | kubectl apply -f - - ${KUSTOMIZE_BIN} build config/local-setup/issuer/ | kubectl apply -f - - ${KUSTOMIZE_BIN} build config/dependencies/kuadrant-operator/ | kubectl apply -f - - if [[ -f "controller-config.env" && -f "gcp-credentials.env" ]]; then - ${KUSTOMIZE_BIN} --reorder none --load-restrictor LoadRestrictionsNone build config/local-setup/controller/gcp | kubectl apply -f - - fi - if [[ -f "controller-config.env" && -f "aws-credentials.env" ]]; then - ${KUSTOMIZE_BIN} --reorder none --load-restrictor LoadRestrictionsNone build config/local-setup/controller/aws | kubectl apply -f - - fi -} - -deploySubmarinerBroker() { - clusterName=${1} - if [[ -n "${SUBMARINER}" ]]; then - ${SUBCTL_BIN} deploy-broker --kubeconfig ${TMP_DIR}/kubeconfigs/external/${clusterName}.kubeconfig - fi -} - -joinSubmarinerBroker() { - clusterName=${1} - if [[ -n "${SUBMARINER}" ]]; then - ${SUBCTL_BIN} join --kubeconfig ${TMP_DIR}/kubeconfigs/external/${clusterName}.kubeconfig broker-info.subm --clusterid ${clusterName} --natt=false --check-broker-certificate=false - fi -} - deployThanos() { local THANOS_KUSTOMIZATION_DIR="$2" if [ -z "$2" ]; then @@ -318,138 +133,32 @@ deployPrometheusForFederation() { fi } -# quickstart-setup specific functions - -setupAWSProvider() { - local namespace="$1" - if [ -z "$1" ]; then - namespace="multi-cluster-gateways" - fi - if [ "$KUADRANT_AWS_ACCESS_KEY_ID" == "" ]; then - echo "KUADRANT_AWS_ACCESS_KEY_ID is not set" - exit 1 - fi - - kubectl apply -f - < ${TMP_DIR}/kubeconfigs/${cluster}.kubeconfig ${KIND_BIN} export kubeconfig --name ${cluster} --kubeconfig ${TMP_DIR}/kubeconfigs/internal/${cluster}.kubeconfig --internal - kindGenExternalKubeconfig } kindSetupMGCClusters() { diff --git a/hack/.quickstartEnv b/hack/.quickstartEnv index 78a2971db..9ee17dced 100644 --- a/hack/.quickstartEnv +++ b/hack/.quickstartEnv @@ -1,3 +1,5 @@ +# shellcheck shell=bash + export TOOLS_IMAGE=quay.io/kuadrant/mgc-tools:latest export TMP_DIR=/tmp/mgc diff --git a/hack/gen-agent-secret.sh b/hack/gen-agent-secret.sh deleted file mode 100755 index cc2ef7131..000000000 --- a/hack/gen-agent-secret.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - -LOCAL_SETUP_DIR="$(dirname "${BASH_SOURCE[0]}")" -source "${LOCAL_SETUP_DIR}"/.binEnv -source "${LOCAL_SETUP_DIR}"/.clusterUtils - -set -e pipefail - -KIND_CLUSTER_PREFIX="mgc-" -KIND_CLUSTER_CONTROL_PLANE="${KIND_CLUSTER_PREFIX}control-plane" - -makeSecretForCluster $KIND_CLUSTER_CONTROL_PLANE $(kubectl config current-context) $LOCAL_ACCESS | -setNamespacedName mgc-system control-plane-cluster | -setLabel argocd.argoproj.io/secret-type cluster > config/agent/secret.yaml - - diff --git a/hack/local-setup-mgc.sh b/hack/local-setup-mgc.sh index 5a05db661..094e1f29b 100755 --- a/hack/local-setup-mgc.sh +++ b/hack/local-setup-mgc.sh @@ -19,65 +19,66 @@ LOCAL_SETUP_DIR="$(dirname "${BASH_SOURCE[0]}")" source "${LOCAL_SETUP_DIR}"/.binEnv source "${LOCAL_SETUP_DIR}"/.setupEnv -source "${LOCAL_SETUP_DIR}"/.clusterUtils -source "${LOCAL_SETUP_DIR}"/.argocdUtils +source "${LOCAL_SETUP_DIR}"/.startUtils source "${LOCAL_SETUP_DIR}"/.cleanupUtils source "${LOCAL_SETUP_DIR}"/.deployUtils export TMP_DIR=./tmp -INGRESS_NGINX_KUSTOMIZATION_DIR=${LOCAL_SETUP_DIR}/../config/ingress-nginx -METALLB_KUSTOMIZATION_DIR=${LOCAL_SETUP_DIR}/../config/metallb -CERT_MANAGER_KUSTOMIZATION_DIR=${LOCAL_SETUP_DIR}/../config/cert-manager -EXTERNAL_DNS_KUSTOMIZATION_DIR=${LOCAL_SETUP_DIR}/../config/external-dns -ARGOCD_KUSTOMIZATION_DIR=${LOCAL_SETUP_DIR}/../config/argocd -ISTIO_KUSTOMIZATION_DIR=${LOCAL_SETUP_DIR}/../config/istio/istio-operator.yaml -GATEWAY_API_KUSTOMIZATION_DIR=${LOCAL_SETUP_DIR}/../config/gateway-api -REDIS_KUSTOMIZATION_DIR=${LOCAL_SETUP_DIR}/../config/kuadrant/redis -THANOS_KUSTOMIZATION_DIR=${LOCAL_SETUP_DIR}/../config/thanos -PROMETHEUS_FOR_FEDERATION_KUSTOMIZATION_DIR=${LOCAL_SETUP_DIR}/../config/prometheus-for-federation +# shellcheck disable=SC2034 +QUICK_START_HUB_KUSTOMIZATION=config/quick-start/control-cluster +# shellcheck disable=SC2034 +QUICK_START_SPOKE_KUSTOMIZATION=config/quick-start/workload-cluster -set -e pipefail - -cleanupMGC +postDeployMGCHub() { + clusterName=${1} + kubectl config use-context kind-${clusterName} -# Deploy the submariner broker to cluster 1 -deploySubmarinerBroker ${KIND_CLUSTER_CONTROL_PLANE} + echo "Running post MGC deployment setup on ${clusterName}" -# Join cluster 1 to the submariner broker -joinSubmarinerBroker ${KIND_CLUSTER_CONTROL_PLANE} + # Bit hacky, but ... delete the MGC deployment we just created so local development can work as normal + kubectl delete deployments/mgc-controller-manager -n multicluster-gateway-controller-system + kubectl wait --for=delete deployments/mgc-controller-manager -n multicluster-gateway-controller-system -deployIstio ${KIND_CLUSTER_CONTROL_PLANE} + ${KUSTOMIZE_BIN} build config/local-setup/controller/ | kubectl apply -f - + if [[ -f "controller-config.env" && -f "gcp-credentials.env" ]]; then + ${KUSTOMIZE_BIN} --reorder none --load-restrictor LoadRestrictionsNone build config/local-setup/controller/gcp | kubectl apply -f - + fi + if [[ -f "controller-config.env" && -f "aws-credentials.env" ]]; then + ${KUSTOMIZE_BIN} --reorder none --load-restrictor LoadRestrictionsNone build config/local-setup/controller/aws | kubectl apply -f - + fi +} -# Install the Gateway API CRDs in the control cluster -installGatewayAPI ${KIND_CLUSTER_CONTROL_PLANE} +set -e pipefail -# Deploy ingress controller -deployIngressController ${KIND_CLUSTER_CONTROL_PLANE} +cleanupMGC -# Deploy cert manager -deployCertManager ${KIND_CLUSTER_CONTROL_PLANE} +# Apply Cluster Configurations to Control cluster -# Deploy argo cd -deployArgoCD ${KIND_CLUSTER_CONTROL_PLANE} +# Deploy OCM hub +deployOCMHub ${KIND_CLUSTER_CONTROL_PLANE} -# Deploy Dashboard -deployDashboard $KIND_CLUSTER_CONTROL_PLANE 0 +# Deploy MGC and its dependencies to a hub cluster +deployMGCHub ${KIND_CLUSTER_CONTROL_PLANE} -# Add the control plane cluster -argocdAddCluster ${KIND_CLUSTER_CONTROL_PLANE} ${KIND_CLUSTER_CONTROL_PLANE} +# Post MGC deployment tasks, adds managedezones, dns providers etc.. +postDeployMGCHub ${KIND_CLUSTER_CONTROL_PLANE} -# Initialize local dev setup for the controller on the control-plane cluster -initController ${KIND_CLUSTER_CONTROL_PLANE} +# Setup Hub as Spoke if using a single kind cluster +if [[ -n "${OCM_SINGLE}" ]]; then + deployOCMSpoke ${KIND_CLUSTER_CONTROL_PLANE} + deployMGCSpoke ${KIND_CLUSTER_CONTROL_PLANE} + configureClusterAsIngress ${KIND_CLUSTER_CONTROL_PLANE} ${KIND_CLUSTER_CONTROL_PLANE} +fi -# Deploy OCM hub -deployOCMHub ${KIND_CLUSTER_CONTROL_PLANE} +# Configure MetalLb +# shellcheck disable=SC2154 +configureMetalLB ${KIND_CLUSTER_CONTROL_PLANE} ${metalLBSubnetStart} -# Deploy Redis -deployRedis ${KIND_CLUSTER_CONTROL_PLANE} +### --- Metrics Start --- ### -# Deploy MetalLb -deployMetalLB ${KIND_CLUSTER_CONTROL_PLANE} ${metalLBSubnetStart} +# Deploy ingress controller +deployIngressController ${KIND_CLUSTER_CONTROL_PLANE} ${INGRESS_NGINX_DIR} # Deploy Prometheus in the hub too deployPrometheusForFederation ${KIND_CLUSTER_CONTROL_PLANE} @@ -85,29 +86,20 @@ deployPrometheusForFederation ${KIND_CLUSTER_CONTROL_PLANE} # Deploy Thanos components in the hub deployThanos ${KIND_CLUSTER_CONTROL_PLANE} -# Deploy to workload clusters if MGC_WORKLOAD_CLUSTERS_COUNT environment variable is set +### --- Metrics End --- ### + +# Configure spoke clusters if MGC_WORKLOAD_CLUSTERS_COUNT environment variable is set if [[ -n "${MGC_WORKLOAD_CLUSTERS_COUNT}" ]]; then for ((i = 1; i <= ${MGC_WORKLOAD_CLUSTERS_COUNT}; i++)); do - joinSubmarinerBroker ${KIND_CLUSTER_WORKLOAD}-${i} - deployIstio ${KIND_CLUSTER_WORKLOAD}-${i} - installGatewayAPI ${KIND_CLUSTER_WORKLOAD}-${i} - deployIngressController ${KIND_CLUSTER_WORKLOAD}-${i} - deployMetalLB ${KIND_CLUSTER_WORKLOAD}-${i} $((${metalLBSubnetStart} + ${i})) - deployOLM ${KIND_CLUSTER_WORKLOAD}-${i} - deployDashboard ${KIND_CLUSTER_WORKLOAD}-${i} ${i} - argocdAddCluster ${KIND_CLUSTER_CONTROL_PLANE} ${KIND_CLUSTER_WORKLOAD}-${i} - deployAgentSecret ${KIND_CLUSTER_WORKLOAD}-${i} "true" - deployAgentSecret ${KIND_CLUSTER_WORKLOAD}-${i} "false" deployOCMSpoke ${KIND_CLUSTER_WORKLOAD}-${i} - deployPrometheusForFederation ${KIND_CLUSTER_WORKLOAD}-${i} + deployMGCSpoke ${KIND_CLUSTER_WORKLOAD}-${i} + configureClusterAsIngress ${KIND_CLUSTER_CONTROL_PLANE} ${KIND_CLUSTER_WORKLOAD}-${i} + deployOLM ${KIND_CLUSTER_WORKLOAD}-${i} configureManagedAddon ${KIND_CLUSTER_CONTROL_PLANE} ${KIND_CLUSTER_WORKLOAD}-${i} + configureMetalLB ${KIND_CLUSTER_WORKLOAD}-${i} $((${metalLBSubnetStart} + ${i})) + deployPrometheusForFederation ${KIND_CLUSTER_WORKLOAD}-${i} done fi # Ensure the current context points to the control plane cluster kubectl config use-context kind-${KIND_CLUSTER_CONTROL_PLANE} - -# Create configmap with gateway parameters for clusters -kubectl create configmap gateway-params \ - --from-file=params=config/samples/gatewayclass_params.json \ - -n multi-cluster-gateways diff --git a/hack/make/dependencies.make b/hack/make/dependencies.make index 7547a729a..e366a2071 100644 --- a/hack/make/dependencies.make +++ b/hack/make/dependencies.make @@ -15,10 +15,8 @@ CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen ENVTEST ?= $(LOCALBIN)/setup-envtest KIND ?= $(LOCALBIN)/kind HELM ?= $(LOCALBIN)/helm -ISTIOCTL ?= $(LOCALBIN)/istioctl OPERATOR_SDK ?= $(LOCALBIN)/operator-sdk CLUSTERADM ?= $(LOCALBIN)/clusteradm -SUBCTL ?= $(LOCALBIN)/subctl GINKGO ?= $(LOCALBIN)/ginkgo YQ ?= $(LOCALBIN)/yq OPENSHIFT_GOIMPORTS ?= $(LOCALBIN)/openshift-goimports @@ -29,15 +27,13 @@ CONTROLLER_TOOLS_VERSION ?= v0.10.0 KIND_VERSION ?= v0.17.0 HELM_VERSION ?= v3.10.0 YQ_VERSION ?= v4.30.8 -ISTIOVERSION ?= 1.20.0 OPERATOR_SDK_VERSION ?= 1.28.0 CLUSTERADM_VERSION ?= 0.6.0 -SUBCTL_VERSION ?= release-0.15 GINKGO_VERSION ?= v2.13.2 OPENSHIFT_GOIMPORTS_VERSION ?= c70783e636f2213cac683f6865d88c5edace3157 .PHONY: dependencies -dependencies: kustomize operator-sdk controller-gen envtest kind helm yq istioctl clusteradm subctl ginkgo +dependencies: kustomize operator-sdk controller-gen envtest kind helm yq clusteradm ginkgo @echo "dependencies installed successfully" @echo "consider running `export PATH=$PATH:$(pwd)/bin` if you haven't already done" @@ -90,24 +86,11 @@ yq: $(YQ) $(YQ): test -s $(YQ) || GOBIN=$(LOCALBIN) go install github.com/mikefarah/yq/v4@$(YQ_VERSION) -.PHONY: istioctl -istioctl: $(ISTIOCTL) -$(ISTIOCTL): - $(eval ISTIO_TMP := $(shell mktemp -d)) - cd $(ISTIO_TMP); curl -sSL https://istio.io/downloadIstio | ISTIO_VERSION=$(ISTIOVERSION) sh - - cp $(ISTIO_TMP)/istio-$(ISTIOVERSION)/bin/istioctl ${ISTIOCTL} - -rm -rf $(ISTIO_TMP) - .PHONY: clusteradm clusteradm: $(CLUSTERADM) $(CLUSTERADM): test -s $(CLUSTERADM)|| curl -sL https://raw.githubusercontent.com/open-cluster-management-io/clusteradm/main/install.sh | INSTALL_DIR=$(LOCALBIN) bash -s -- $(CLUSTERADM_VERSION) -.PHONY: subctl -subctl: $(SUBCTL) -$(SUBCTL): - test -s $(SUBCTL) || curl https://get.submariner.io | DESTDIR=$(LOCALBIN) VERSION=$(SUBCTL_VERSION) bash - .PHONY: ginkgo ginkgo: $(GINKGO) ## Download ginkgo locally if necessary $(GINKGO): diff --git a/hack/ocm/gateway.yaml b/hack/ocm/gateway.yaml deleted file mode 100644 index 246870341..000000000 --- a/hack/ocm/gateway.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: Gateway -metadata: - name: prod-web - namespace: multi-cluster-gateways -spec: - gatewayClassName: kuadrant-multi-cluster-gateway-instance-per-cluster - listeners: - - allowedRoutes: - namespaces: - from: All - name: api - hostname: api.cb.hcpapps.net - port: 80 - protocol: HTTPS \ No newline at end of file diff --git a/hack/ocm/gatewayclass.yaml b/hack/ocm/gatewayclass.yaml deleted file mode 100644 index 632b9b66d..000000000 --- a/hack/ocm/gatewayclass.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: GatewayClass -metadata: - name: kuadrant-multi-cluster-gateway-instance-per-cluster -spec: - controllerName: "kuadrant.io/mgc-gw-controller" \ No newline at end of file diff --git a/hack/ocm/gatewayclusterset.yaml b/hack/ocm/gatewayclusterset.yaml deleted file mode 100644 index ce0612d97..000000000 --- a/hack/ocm/gatewayclusterset.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: cluster.open-cluster-management.io/v1beta2 -kind: ManagedClusterSet -metadata: - name: gateway-clusters -spec: - clusterSelector: - labelSelector: - matchLabels: - ingress-cluster: "true" - selectorType: LabelSelector \ No newline at end of file diff --git a/hack/ocm/httproute.yaml b/hack/ocm/httproute.yaml deleted file mode 100644 index 1f422d175..000000000 --- a/hack/ocm/httproute.yaml +++ /dev/null @@ -1,50 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: my-route -spec: - parentRefs: - - kind: Gateway - name: prod-web - namespace: multi-cluster-gateways - hostnames: - - "api.cb.hcpapps.net" - rules: - - backendRefs: - - name: echo - port: 8080 ---- -apiVersion: v1 -kind: Service -metadata: - name: echo -spec: - ports: - - name: http-port - port: 8080 - targetPort: http-port - protocol: TCP - selector: - app: echo ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: echo -spec: - replicas: 1 - selector: - matchLabels: - app: echo - template: - metadata: - labels: - app: echo - spec: - containers: - - name: echo - image: docker.io/jmalloc/echo-server - ports: - - name: http-port - containerPort: 8080 - protocol: TCP \ No newline at end of file diff --git a/hack/ocm/placement.yaml b/hack/ocm/placement.yaml deleted file mode 100644 index 1b75f02b6..000000000 --- a/hack/ocm/placement.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: cluster.open-cluster-management.io/v1beta1 -kind: Placement -metadata: - name: http-gateway -spec: - numberOfClusters: 1 - clusterSets: - - gateway-clusters \ No newline at end of file diff --git a/hack/quickstart-setup.sh b/hack/quickstart-setup.sh index ef7e17d5a..1d69f7774 100755 --- a/hack/quickstart-setup.sh +++ b/hack/quickstart-setup.sh @@ -42,7 +42,6 @@ if [ -n "$MGC_LOCAL_QUICKSTART_SCRIPTS_MODE" ]; then source /dev/stdin <<< "$(curl -s https://raw.githubusercontent.com/${MGC_ACCOUNT}/multicluster-gateway-controller/${MGC_BRANCH}/hack/.setupEnv)" fi - export OPERATOR_SDK_BIN=$(dockerBinCmd "operator-sdk") export YQ_BIN=$(dockerBinCmd "yq") export CLUSTERADM_BIN=$(dockerBinCmd "clusteradm") @@ -51,17 +50,123 @@ MGC_REPO=${MGC_REPO:="github.com/${MGC_ACCOUNT}/multicluster-gateway-controller. QUICK_START_HUB_KUSTOMIZATION=${MGC_REPO}/config/quick-start/control-cluster QUICK_START_SPOKE_KUSTOMIZATION=${MGC_REPO}/config/quick-start/workload-cluster -set -e pipefail - if [[ "${MGC_BRANCH}" != "main" ]]; then echo "setting MGC_REPO to use branch ${MGC_BRANCH}" QUICK_START_HUB_KUSTOMIZATION=${QUICK_START_HUB_KUSTOMIZATION}?ref=${MGC_BRANCH} QUICK_START_SPOKE_KUSTOMIZATION=${QUICK_START_SPOKE_KUSTOMIZATION}?ref=${MGC_BRANCH} echo "set QUICK_START_HUB_KUSTOMIZATION to ${QUICK_START_HUB_KUSTOMIZATION}" echo "set QUICK_START_SPOKE_KUSTOMIZATION to ${QUICK_START_SPOKE_KUSTOMIZATION}" - fi +setupAWSProvider() { + local namespace="$1" + if [ -z "$1" ]; then + namespace="multi-cluster-gateways" + fi + if [ "$KUADRANT_AWS_ACCESS_KEY_ID" == "" ]; then + echo "KUADRANT_AWS_ACCESS_KEY_ID is not set" + exit 1 + fi + + kubectl apply -f - <