Add OCP deployment examples

Signed-off-by: Yaacov Zamir <[email protected]>
kubev2v · Oct 30, 2023 · a5fb4df · a5fb4df
1 parent 7e1e5e2
commit a5fb4df
Show file tree

Hide file tree

Showing 3 changed files with 104 additions and 6 deletions.
diff --git a/ci/README.md b/ci/README.md
@@ -1,12 +1,24 @@
 # Deployment Guide for getpublickey Server in Kubernetes
 
-When interacting with a Kubernetes cluster within the `konveyor-forklift` namespace:
+## Deploying the Server on Openshift cluster:
 
-> [!NOTE]
-> Note for **OpenShift** Users: When using **OpenShift**, the deployment automatically relies on **OpenShift**'s native certification. Therefore, manual deployment of the issuer and certificate, as described for vanilla Kubernetes, might not be necessary, skip the certification sections and go to [Deploying the Server](#deploying-the-server).
+Deploy the getpublickey server pod and its associated service using `openshift-mtv` namespace on **Openshift** cluster:
+
+```bash
+# deploy - deploy the service on openshift-mtv namespace
+kubectl apply -f https://raw.githubusercontent.com/kubev2v/getpublickey/main/ci/deployment.ocp.yaml
+
+# optional - patch console plugin proxy
+kubectl patch consoleplugin forklift-console-plugin \
+    --patch-file https://raw.githubusercontent.com/kubev2v/getpublickey/main/ci/consoleplugin.patch.yaml \
+    --type=merge
+```
+
+## Deploying the Server on Vanilla Kubernetes:
 
+Deploy `getpublickey` service on a Kubernetes cluster within the `konveyor-forklift` namespace:
 
-## Setting up the Issuer (Cert-Manager) for Vanilla Kubernetes:
+### Setting up the Certificate Issuer (Cert-Manager):
 
 On a vanilla Kubernetes cluster, we utilize [cert-manager](https://cert-manager.io/docs/installation/kubernetes/) to manage certificates. If you haven't already, you'll first need to [install cert-manager](https://cert-manager.io/docs/installation/kubernetes/). Once installed, you can proceed to deploy the self-signed issuer:
 
@@ -27,19 +39,20 @@ This action will establish an issuer named forklift-issuer. To verify its presen
 kubectl get issuer -n konveyor-forklift
 ```
 
-## Generating Certificates:
+### Generating Certificates:
 
 Next, apply the certificate configuration to generate a secret named getpublickey-serving-cert:
 
 ```bash
 kubectl apply -f https://raw.githubusercontent.com/kubev2v/getpublickey/main/ci/certificate.yaml
 ```
 
-## Deploying the Server:
+### Deploying the Server:
 
 Finally, deploy the getpublickey server pod and its associated service, which will utilize the getpublickey-serving-cert secret:
 
 ```bash
+# deploy - deploy the service on konveyor-forklift namespace
 kubectl apply -f https://raw.githubusercontent.com/kubev2v/getpublickey/main/ci/deployment.yaml
 ```
 

diff --git a/ci/consoleplugin.patch.yaml b/ci/consoleplugin.patch.yaml
@@ -0,0 +1,26 @@
+spec:
+  proxy:
+  - alias: getpublickey
+    authorization: UserToken
+    endpoint:
+      service:
+        name: getpublickey
+        namespace: openshift-mtv
+        port: 8443
+      type: Service
+  - alias: forklift-inventory
+    authorization: UserToken
+    endpoint:
+      service:
+        name: forklift-inventory
+        namespace: openshift-mtv
+        port: 8443
+      type: Service
+  - alias: forklift-must-gather-api
+    authorization: UserToken
+    endpoint:
+      service:
+        name: forklift-must-gather-api
+        namespace: openshift-mtv
+        port: 8444
+      type: Service
diff --git a/ci/deployment.ocp.yaml b/ci/deployment.ocp.yaml
@@ -0,0 +1,59 @@
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: getpublickey
+  namespace: openshift-mtv
+  labels:
+    app: getpublickey
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: getpublickey
+  template:
+    metadata:
+      labels:
+        app: getpublickey
+    spec:
+      volumes:
+        - name: getpublickey-serving-cert
+          secret:
+            secretName: getpublickey-serving-cert
+      containers:
+        - name: getpublickey
+          image: quay.io/kubev2v/getpublickey:latest
+          volumeMounts:
+            - name: getpublickey-serving-cert
+              mountPath: /var/run/secrets/getpublickey-serving-cert
+          ports:
+            - containerPort: 8443
+              protocol: TCP
+          imagePullPolicy: Always
+          command:
+            - python
+            - getpublickey.py
+          args:
+            - "--tls-key"
+            - "/var/run/secrets/getpublickey-serving-cert/tls.key"
+            - "--tls-crt"
+            - "/var/run/secrets/getpublickey-serving-cert/tls.crt"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    service.beta.openshift.io/serving-cert-secret-name: getpublickey-serving-cert
+  name: getpublickey
+  namespace: openshift-mtv
+  labels:
+    app: getpublickey
+spec:
+  ports:
+    - name: 8443-tcp
+      protocol: TCP
+      port: 8443
+      targetPort: 8443
+  selector:
+    app: getpublickey
+  type: ClusterIP
+  sessionAffinity: None