From a5fb4dfa5faee32afb1d5ad8b550c18912afc486 Mon Sep 17 00:00:00 2001
From: Yaacov Zamir <kobi.zamir@gmail.com>
Date: Mon, 30 Oct 2023 14:12:53 +0200
Subject: [PATCH] Add OCP deployment examples

Signed-off-by: Yaacov Zamir <kobi.zamir@gmail.com>
---
 ci/README.md                | 25 ++++++++++++----
 ci/consoleplugin.patch.yaml | 26 ++++++++++++++++
 ci/deployment.ocp.yaml      | 59 +++++++++++++++++++++++++++++++++++++
 3 files changed, 104 insertions(+), 6 deletions(-)
 create mode 100644 ci/consoleplugin.patch.yaml
 create mode 100644 ci/deployment.ocp.yaml

diff --git a/ci/README.md b/ci/README.md
index 5cdfed4..894f525 100644
--- a/ci/README.md
+++ b/ci/README.md
@@ -1,12 +1,24 @@
 # Deployment Guide for getpublickey Server in Kubernetes
 
-When interacting with a Kubernetes cluster within the `konveyor-forklift` namespace:
+## Deploying the Server on Openshift cluster:
 
-> [!NOTE]
-> Note for **OpenShift** Users: When using **OpenShift**, the deployment automatically relies on **OpenShift**'s native certification. Therefore, manual deployment of the issuer and certificate, as described for vanilla Kubernetes, might not be necessary, skip the certification sections and go to [Deploying the Server](#deploying-the-server).
+Deploy the getpublickey server pod and its associated service using `openshift-mtv` namespace on **Openshift** cluster:
+
+```bash
+# deploy - deploy the service on openshift-mtv namespace
+kubectl apply -f https://raw.githubusercontent.com/kubev2v/getpublickey/main/ci/deployment.ocp.yaml
+
+# optional - patch console plugin proxy
+kubectl patch consoleplugin forklift-console-plugin \
+    --patch-file https://raw.githubusercontent.com/kubev2v/getpublickey/main/ci/consoleplugin.patch.yaml \
+    --type=merge
+```
+
+## Deploying the Server on Vanilla Kubernetes:
 
+Deploy `getpublickey` service on a Kubernetes cluster within the `konveyor-forklift` namespace:
 
-## Setting up the Issuer (Cert-Manager) for Vanilla Kubernetes:
+### Setting up the Certificate Issuer (Cert-Manager):
 
 On a vanilla Kubernetes cluster, we utilize [cert-manager](https://cert-manager.io/docs/installation/kubernetes/) to manage certificates. If you haven't already, you'll first need to [install cert-manager](https://cert-manager.io/docs/installation/kubernetes/). Once installed, you can proceed to deploy the self-signed issuer:
 
@@ -27,7 +39,7 @@ This action will establish an issuer named forklift-issuer. To verify its presen
 kubectl get issuer -n konveyor-forklift
 ```
 
-## Generating Certificates:
+### Generating Certificates:
 
 Next, apply the certificate configuration to generate a secret named getpublickey-serving-cert:
 
@@ -35,11 +47,12 @@ Next, apply the certificate configuration to generate a secret named getpublicke
 kubectl apply -f https://raw.githubusercontent.com/kubev2v/getpublickey/main/ci/certificate.yaml
 ```
 
-## Deploying the Server:
+### Deploying the Server:
 
 Finally, deploy the getpublickey server pod and its associated service, which will utilize the getpublickey-serving-cert secret:
 
 ```bash
+# deploy - deploy the service on konveyor-forklift namespace
 kubectl apply -f https://raw.githubusercontent.com/kubev2v/getpublickey/main/ci/deployment.yaml
 ```
 
diff --git a/ci/consoleplugin.patch.yaml b/ci/consoleplugin.patch.yaml
new file mode 100644
index 0000000..91375f2
--- /dev/null
+++ b/ci/consoleplugin.patch.yaml
@@ -0,0 +1,26 @@
+spec:
+  proxy:
+  - alias: getpublickey
+    authorization: UserToken
+    endpoint:
+      service:
+        name: getpublickey
+        namespace: openshift-mtv
+        port: 8443
+      type: Service
+  - alias: forklift-inventory
+    authorization: UserToken
+    endpoint:
+      service:
+        name: forklift-inventory
+        namespace: openshift-mtv
+        port: 8443
+      type: Service
+  - alias: forklift-must-gather-api
+    authorization: UserToken
+    endpoint:
+      service:
+        name: forklift-must-gather-api
+        namespace: openshift-mtv
+        port: 8444
+      type: Service
\ No newline at end of file
diff --git a/ci/deployment.ocp.yaml b/ci/deployment.ocp.yaml
new file mode 100644
index 0000000..db8adb6
--- /dev/null
+++ b/ci/deployment.ocp.yaml
@@ -0,0 +1,59 @@
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: getpublickey
+  namespace: openshift-mtv
+  labels:
+    app: getpublickey
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: getpublickey
+  template:
+    metadata:
+      labels:
+        app: getpublickey
+    spec:
+      volumes:
+        - name: getpublickey-serving-cert
+          secret:
+            secretName: getpublickey-serving-cert
+      containers:
+        - name: getpublickey
+          image: quay.io/kubev2v/getpublickey:latest
+          volumeMounts:
+            - name: getpublickey-serving-cert
+              mountPath: /var/run/secrets/getpublickey-serving-cert
+          ports:
+            - containerPort: 8443
+              protocol: TCP
+          imagePullPolicy: Always
+          command:
+            - python
+            - getpublickey.py
+          args:
+            - "--tls-key"
+            - "/var/run/secrets/getpublickey-serving-cert/tls.key"
+            - "--tls-crt"
+            - "/var/run/secrets/getpublickey-serving-cert/tls.crt"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    service.beta.openshift.io/serving-cert-secret-name: getpublickey-serving-cert
+  name: getpublickey
+  namespace: openshift-mtv
+  labels:
+    app: getpublickey
+spec:
+  ports:
+    - name: 8443-tcp
+      protocol: TCP
+      port: 8443
+      targetPort: 8443
+  selector:
+    app: getpublickey
+  type: ClusterIP
+  sessionAffinity: None
\ No newline at end of file