diff --git a/.media/image02.png b/.media/image02.png new file mode 100644 index 0000000000000000000000000000000000000000..1bee7bf9e12ac90097f6363a69fff28ef7fc0c25 Binary files /dev/null and b/.media/image02.png differ diff --git a/.media/image03.png b/.media/image03.png new file mode 100644 index 0000000000000000000000000000000000000000..870ba052cc8f64fd1b084896ce84c244abbe0f46 Binary files /dev/null and b/.media/image03.png differ diff --git a/.media/image04.png b/.media/image04.png new file mode 100644 index 0000000000000000000000000000000000000000..6b87911c14b5b35a619f74d94dc19e7d13189c77 Binary files /dev/null and b/.media/image04.png differ diff --git a/.media/image05.png b/.media/image05.png new file mode 100644 index 0000000000000000000000000000000000000000..9b6b64a005c78e7a1ed53ef08a3effdb4034e040 Binary files /dev/null and b/.media/image05.png differ diff --git a/.media/image06.png b/.media/image06.png new file mode 100644 index 0000000000000000000000000000000000000000..f2a5e2d7250125142c0f9d73d1892f30a05fa175 Binary files /dev/null and b/.media/image06.png differ diff --git a/.media/image07.png b/.media/image07.png new file mode 100644 index 0000000000000000000000000000000000000000..6396a3a9a7f7c051954e138d7849bed481d1f7cf Binary files /dev/null and b/.media/image07.png differ diff --git a/.media/image08.png b/.media/image08.png new file mode 100644 index 0000000000000000000000000000000000000000..7b9c00842c553563d233b4623870c949c1e78aed Binary files /dev/null and b/.media/image08.png differ diff --git a/component_integration.md b/component_integration.md index 3ead2c845b4e7f5f93f2af1ef207f24fc7cfc6fe..231db3fedf2caa3a301b8dec79fecdbb63db3f84 100644 --- a/component_integration.md +++ b/component_integration.md @@ -12,6 +12,25 @@ In the following sections we will explain how to create the merge request with t ## Table of contents +- [Merge request initialisation](#merge-request-initialisation) + - [From an issue](#from-an-issue) + - [From a branch](#from-a-branch) + - [From a branch after adding the component](#from-a-branch-after-adding-the-component) +- [(Optional) Download the branch and add the component](#optional-download-the-branch-and-add-the-component) +- [Create the component folder](#create-the-component-folder) + - [Add the component manifests files](#add-the-component-manifests-files) + - [ConfigMaps](#configmaps) + - [Secrets](#secrets) +- [Extend the Kustomization file](#extend-the-kustomization-file) + - [Kustomize resources](#kustomize-resources) + - [Kustomize configMapGenerator](#kustomize-configmapgenerator) + - [Kustomize secretGenerator](#kustomize-secretgenerator) +- [Kustomize check configuration](#kustomize-check-configuration) +- [Testing the kustomize](#testing-the-kustomize) + - [Getting the kubeconfig](#getting-the-kubeconfig) +- [Submit the merge request](#submit-the-merge-request) + + ## Merge request initialisation There are many ways to create a merge request in Gitlab. In this section we will explain some of them. @@ -83,7 +102,9 @@ It is recommended to create Configmaps using the `kustomize` tool. The contents ### Secrets -The Secrets will be created using the `kustomize` tool. The files to be used for the secrets generation should be **NOT** be stored in the repository. Therefore, the files with the secrets should be added as excluded files in the `.gitignore` file. +The Secrets will be created using the `kustomize` tool. The files to be used for the secrets generation should be **NOT** be stored in the repository. The secrets should be added in the component folder in a folder named `.secrets`. The secrets will be excluded from the repository because `.gitignore` file contains the `.secrets/` folder. + + ## Extend the Kustomization file @@ -110,11 +131,11 @@ The secrets will be added during the CI/CD pipeline execution. The secrets that Latter, during the CI/CD pipeline execution, the secrets will be added to the root of the repository by the k8s-pre-apply.sh. This script takes the secrets from the temporary folder and adds them to the root of the repository. In summary the steps to add a secret are: -- Create the secret file in the root of the repository, to verify the kustomize configuration. The secret file should avoid characters not allowed in environment variables names such as `-` or `.`. +- Create the secret file in the component folder, to verify the kustomize configuration. - Add configuration in the kustomization.yaml file to include the secret file. - Check the kustomize configuration. -- Add the secret CI/CD setup at the end of the k8s-pre-apply.sh file -- Request a mantainer to create the secret in the Gitlab CI/CD variables. +- Add the secret CI/CD setup at the end of the k8s-pre-apply.sh file. +- Request a gitlab project [owner or maintainer](https://git.code.tecnalia.com/emerald/private/devops/caas-framework/-/project_members) to create the secret in the Gitlab CI/CD variables. example of the secret file creation and kustomize configuration: @@ -125,15 +146,15 @@ REDIS_SERVICE=redis_service EOF echo "add amoe_redis_secrets configuration in the kustomization.yaml file" echo <<EOF -- name: amoe-redis-secrets +- name: amoe-redis options: disableNameSuffixHash: true envs: - - amoe_redis_secrets + - .secrets/amoe_redis EOF vi kustomization.yaml kustomize build . -echo 'copy_from_cicd_variables "amoe_redis_secrets"' >> k8s-pre-apply.sh +echo 'copy_from_cicd_variables "amoe_redis_secrets" "amoe/.secrets/amoe_redis"' >> k8s-pre-apply.sh ``` Once the secret is in the Gitlab CI/CD variables, the k8s-pre-apply.sh script will add the secret to the root of the repository. @@ -144,4 +165,51 @@ The Kustomize tool allows you to check the configuration of the Kustomization fi ```bash kustomize build . -``` \ No newline at end of file +``` + +## Testing the kustomize + +The next step is to test the kustomize configuration. The `kustomize` tool has a command to test the configuration of the Kustomization file. The command is: + +```bash +kubectl config use-context local +kustomize build . | kubectl apply -f - +``` + +### Getting the kubeconfig + +To get the kubeconfig login into kubernetes https://k8so.emerald.digital.tecnalia.dev/ and download the kubeconfig. **Be aware that the kubeconfig is valid for one month**. + + + + +The kubeconfig should be stored in the `~/.kube/config` file. + +```bash +cat << EOF > ~/.kube/config +<content of the kubeconfig file> +EOF +``` + + +```bash +kubectl config get-contexts +kubectl config use-context local +``` + +The above is valid for one kubernetes cluster. If you have more than one kubernetes cluster, you can store the kubeconfig in different files and use the `KUBECONFIG` environment variable to select the kubeconfig file. + +### Access the kubernetes cluster + +The kubernetes cluster includes a rancher server that allows you to access the kubernetes cluster. The rancher server is available at https://k8so.emerald.digital.tecnalia.dev/. + + + + +There you can access the kubernetes cluster and check the deployment of the component. + + + +## Submit the merge request + +You can submit as much commit as you need to the branch. Once the component is ready for review, you can change the status of the merge request to **ready for review**. The project maintainers will review the merge request and if it is accepted they will add a final commit for semantic versioning and it will be merged into the main branch. diff --git a/keycloak_integration.md b/keycloak_integration.md index d725aad17acdc256f525af8127044f326ab01519..d2edf5fb6d354530a872b4dae3c13bcded37ffe9 100644 --- a/keycloak_integration.md +++ b/keycloak_integration.md @@ -114,4 +114,3 @@ spec: ``` and possibly to define the `AMOE_PASSWORD` in the ci/cd variables of the Gitlab project. -