Skip to content

Commit

Permalink
Change to go full knative with the operator
Browse files Browse the repository at this point in the history
Signed-off-by: gabriel-farache <[email protected]>
  • Loading branch information
gabriel-farache committed Nov 14, 2024
1 parent 1039c0b commit 352289f
Show file tree
Hide file tree
Showing 4 changed files with 7 additions and 44 deletions.
36 changes: 0 additions & 36 deletions charts/move2kube/templates/00-knative-resources.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,41 +7,6 @@ data:
Host *
StrictHostKeyChecking no
---
apiVersion: eventing.knative.dev/v1
kind: Trigger
metadata:
name: error-trigger-{{ .Values.workflow.name }}
spec:
broker: {{ .Values.brokerName }}
filter:
attributes:
type: error
subscriber:
ref:
apiVersion: v1
kind: Service
name: {{ .Values.workflow.name }}
---
apiVersion: eventing.knative.dev/v1
kind: Trigger
metadata:
name: transformation-saved-trigger-{{ .Values.workflow.name }}
spec:
broker: {{ .Values.brokerName }}
filter:
attributes:
type: transformation_saved
subscriber:
ref:
apiVersion: v1
kind: Service
name: {{ .Values.workflow.name }}
---
apiVersion: eventing.knative.dev/v1
kind: Broker
metadata:
name: {{ .Values.brokerName }}
---
apiVersion: serving.knative.dev/v1
kind: Service
metadata:
Expand All @@ -57,7 +22,6 @@ spec:
securityContext:
runAsUser: 0
allowPrivilegeEscalation: true
securityContext:
command: [ "sh", "-c", "cp /tmp/.ssh/id_rsa /etc/pre-install/. && chown 185 /etc/pre-install/id_rsa" ]
volumeMounts:
- name: ssh-priv-key
Expand Down
3 changes: 1 addition & 2 deletions charts/move2kube/values.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
sshSecretName: sshkeys # name of the secret holding the ssh keys that will be used by move2kube resources
brokerName: m2k-default # name of the broker used by Knative eventing resources
brokerURL: http://broker-ingress.knative-eventing.svc.cluster.local/sonataflow-infra/m2k-default
brokerName: "" # name of the broker used by Knative eventing resources
workflow:
name: m2k # name of the workflow
move2kubeURL: https://move2kube-route-sonataflow-infra.apps.cluster-8xfw.redhatworkshops.io # URL for move2kube instance
Expand Down
9 changes: 5 additions & 4 deletions docs/main/move2kube/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -70,8 +70,9 @@ We need to use `initContainers` and `securityContext` in our Knative services to
```
#### For move2kube instance
Also, `move2kube` instance runs as root so we need to allow the `default` service account to use `runAsUser`:
To know which scc is to be set to the default service account and apply it, run:
```console
oc -n ${TARGET_NS} adm policy add-scc-to-user anyuid -z default
oc -n ${TARGET_NS} adm policy add-scc-to-user $(oc -n ${TARGET_NS} get deployments m2k-save-transformation-func-v1-deployment -oyaml | "oc adm policy scc-subject-review --no-headers -o yaml --filename - | yq -r .status.allowedBy.name) -z default
```

Create the secret that holds the ssh keys:
Expand Down Expand Up @@ -136,14 +137,14 @@ Note that the modification of the secret does not currently restart the pod, the

Note that when you run the `helm upgrade` command, the values of the secret are reseted.

#### Set `M2K_ROUTE`, `K_SINK` and `BACKSTAGE_NOTIFICATIONS_URL` for the Sonataflow CR
#### Set `M2K_ROUTE` and `BACKSTAGE_NOTIFICATIONS_URL` for the Sonataflow CR

The value for `BACKSTAGE_NOTIFICATIONS_URL` in the command below is using the current default value, if the name of the backstage deployment or its namespace does not match, please update the value with the correct value from your cluster.

Run the following to set `K_SINK`, `MOVE2KUBE_URL` and `BACKSTAGE_NOTIFICATIONS_URL`environment variable in the workflow:
Run the following to set `MOVE2KUBE_URL` and `BACKSTAGE_NOTIFICATIONS_URL`environment variable in the workflow:
```console
BACKSTAGE_NOTIFICATIONS_URL=http://backstage-backstage.rhdh-operator
BROKER_URL=$(oc -n ${TARGET_NS} get broker -o yaml | yq -r .items[0].status.address.url)
oc -n ${TARGET_NS} patch sonataflow m2k --type merge -p '{"spec": { "podTemplate": { "container": { "env": [{"name": "BACKSTAGE_NOTIFICATIONS_URL", "value": "'${BACKSTAGE_NOTIFICATIONS_URL}'"},{"name": "K_SINK", "value": "'${BROKER_URL}'"}, {"name": "MOVE2KUBE_URL", "value": "https://'${M2K_ROUTE}'"}]}}}}'
oc -n ${TARGET_NS} patch sonataflow m2k --type merge -p '{"spec": { "podTemplate": { "container": { "env": [{"name": "BACKSTAGE_NOTIFICATIONS_URL", "value": "'${BACKSTAGE_NOTIFICATIONS_URL}'"},{"name": "MOVE2KUBE_URL", "value": "https://'${M2K_ROUTE}'"}]}}}}'
```

3 changes: 1 addition & 2 deletions docs/main/move2kube/install_m2k.sh
Original file line number Diff line number Diff line change
Expand Up @@ -71,8 +71,7 @@ else
"${CLUSTER_CLIENT}" -n ${TARGET_NS} patch secret "${WORKFLOW_NAME}-creds" --type merge -p '{"data": { "NOTIFICATIONS_BEARER_TOKEN": "'$("${CLUSTER_CLIENT}" get secrets -n rhdh-operator backstage-backend-auth-secret -o go-template='{{ .data.BACKEND_SECRET }}')'"}}'
BACKSTAGE_NOTIFICATIONS_URL=http://backstage-backstage.rhdh-operator
fi
BROKER_URL=$("${CLUSTER_CLIENT}" -n ${TARGET_NS} get broker -o yaml | yq -r .items[0].status.address.url)
"${CLUSTER_CLIENT}" -n ${TARGET_NS} patch sonataflow m2k --type merge -p '{"spec": { "podTemplate": { "container": { "env": [{"name": "BACKSTAGE_NOTIFICATIONS_URL", "value": "'${BACKSTAGE_NOTIFICATIONS_URL}'"},{"name": "K_SINK", "value": "'${BROKER_URL}'"}, {"name": "MOVE2KUBE_URL", "value": "'${M2K_ROUTE}'"}]}}}}'
"${CLUSTER_CLIENT}" -n ${TARGET_NS} patch sonataflow m2k --type merge -p '{"spec": { "podTemplate": { "container": { "env": [{"name": "BACKSTAGE_NOTIFICATIONS_URL", "value": "'${BACKSTAGE_NOTIFICATIONS_URL}'"},{"name": "MOVE2KUBE_URL", "value": "'${M2K_ROUTE}'"}]}}}}'
"${CLUSTER_CLIENT}" -n ${TARGET_NS} scale deploy m2k --replicas=0
"${CLUSTER_CLIENT}" -n ${TARGET_NS} get pods
"${CLUSTER_CLIENT}" -n ${TARGET_NS} describe pods -l app="${WORKFLOW_NAME}"
Expand Down

0 comments on commit 352289f

Please sign in to comment.