Skip to content

Latest commit

 

History

History
132 lines (90 loc) · 4.97 KB

dev_install.adoc

File metadata and controls

132 lines (90 loc) · 4.97 KB

Dev Sandbox Development Install

This document describes how to install Dev Sandbox in a development environment.

Prereqs

OpenShift Cluster

Ensure you have access to an OpenShift 4.6+ cluster with cluster admin privileges and log in using oc login

Required Tools

Install the required tools.

Authentication

Configure authentication for the cluster using one of the following options:

Option #1: Contact a member of the Dev Sandbox Team for instructions on how to configure the cluster to use our internal Dev SSO.
Option #2: Configure your own Keycloak server and set up authentication on the OpenShift cluster: https://docs.openshift.com/container-platform/4.6/authentication/configuring-internal-oauth.html

Install

Remove Self Provisioner Role

It is strongly recommended to remove the self-provisioner role to disallow users from creating their own namespaces. This is because the Dev Sandbox is designed to create/manage namespaces for users automatically. It creates these namespaces based on predefined templates that also define resource limits so only these namespaces should be accessible to Dev Sandbox users.

Run the following commands:

oc patch clusterrolebinding.rbac self-provisioners -p '{"subjects": null, "metadata": {"annotations":{"rbac.authorization.kubernetes.io/autoupdate": "false"}}}'
oc adm policy remove-cluster-role-from-group self-provisioner system:authenticated:oauth

Install Dev Sandbox

Clone this repository
git clone [email protected]:codeready-toolchain/toolchain-e2e.git

This repository provides you multiple Makefile targets that you can use - it depends on which version of Dev Sandbox operators you want to install.

Note
If the cluster is an OSD cluster, then set the variable IS_OSD=true when running any of the Makefile targets (for example: make appstudio-dev-deploy-latest IS_OSD=true).
Important
Make note of the Registration Service URL that is printed at the end of the target execution.

Latest greatest Dev Sandbox

Run the following to install the latest greatest Sandbox operators in dev mode:

make dev-deploy-latest

Latest greatest Dev Sandbox for AppStudio

Run the following to install the latest greatest Sandbox operators in dev mode for AppStudio environment:

make appstudio-dev-deploy-latest

Local version

If you want to install a local version of any of the Sandbox operators in dev mode then:

  1. Configure your quay account for dev deployment

  2. Run any from the following commands:

# To deploy local versions of all repositories:
make dev-deploy-e2e-local

# To deploy local version only of the host-operator repo:
make dev-deploy-e2e-host-local

# To deploy local version only of the member-operator repo:
make dev-deploy-e2e-member-local

# To deploy local version only of the registration-service repo:
make dev-deploy-e2e-registration-local

ToolchainStatus

  1. Run oc get toolchainstatus -n toolchain-host-operator and ensure the Ready status is True

    NAME               MURS   READY   LAST UPDATED
    toolchain-status   0      True    2021-03-24T22:39:36Z
  2. Open the Registration Service URL in a browser and sign up for an account.

  3. Wait for the message "Your OpenShift Developer Sandbox account is waiting for approval"

114627893 01845d00 9c84 11eb 848e 0f85a1b3c01f

Approve The User

Manual Approval

Manual approval means each usersignup must be approved by editing the usersignup resource for a particular user.

  1. Run the following command to get the name of the usersignup resource:
    oc get usersignup

    The name should be a UUID eg. 66e54c45-9868-4a25-81ca-d56b600c8491

  2. Approve the usersignup

    oc patch usersignup -p '{"spec":{"states":["approved"]}}' --type=merge <usersignup name> -n <host operator namespace>

Automatic Approval

Automatic approval means enabling automatic approval in the Dev Sandbox configuration. Users will be automatically approved and provisioned without admin intervention.

  1. Enable automatic approval

    oc patch ToolchainConfig -p '{"spec":{"host":{"automaticApproval":{"enabled":true}}}}' --type=merge config -n <host operator namespace>

Using the Sandbox

After approval the registration service will display a link to start using the Sandbox. The link will go to the user’s Dev Console, but first, a login page will appear with two options.:

Option #1: kube:admin
Option #2: The authentication method configured in the Authentication step

114628295 a141eb00 9c84 11eb 8be3 45f013e19378

Select option 2 and log in using the same account used from the [Register/Login via the Registration Service] step.

After logging in a user will have access to only the namespaces created for them.

Cleanup

Remove Only Users and Their Namespaces

Run make clean-users

Run make clean-e2e-resources