diff --git a/charts/move2kube/templates/00-knative-resources.yaml b/charts/move2kube/templates/00-knative-resources.yaml index d9feb16b..b8991a5f 100644 --- a/charts/move2kube/templates/00-knative-resources.yaml +++ b/charts/move2kube/templates/00-knative-resources.yaml @@ -7,41 +7,6 @@ data: Host * StrictHostKeyChecking no --- -apiVersion: eventing.knative.dev/v1 -kind: Trigger -metadata: - name: error-trigger-{{ .Values.workflow.name }} -spec: - broker: {{ .Values.brokerName }} - filter: - attributes: - type: error - subscriber: - ref: - apiVersion: v1 - kind: Service - name: {{ .Values.workflow.name }} ---- -apiVersion: eventing.knative.dev/v1 -kind: Trigger -metadata: - name: transformation-saved-trigger-{{ .Values.workflow.name }} -spec: - broker: {{ .Values.brokerName }} - filter: - attributes: - type: transformation_saved - subscriber: - ref: - apiVersion: v1 - kind: Service - name: {{ .Values.workflow.name }} ---- -apiVersion: eventing.knative.dev/v1 -kind: Broker -metadata: - name: {{ .Values.brokerName }} ---- apiVersion: serving.knative.dev/v1 kind: Service metadata: @@ -57,7 +22,6 @@ spec: securityContext: runAsUser: 0 allowPrivilegeEscalation: true - securityContext: command: [ "sh", "-c", "cp /tmp/.ssh/id_rsa /etc/pre-install/. && chown 185 /etc/pre-install/id_rsa" ] volumeMounts: - name: ssh-priv-key diff --git a/charts/move2kube/values.yaml b/charts/move2kube/values.yaml index e37212f0..2398d304 100644 --- a/charts/move2kube/values.yaml +++ b/charts/move2kube/values.yaml @@ -1,6 +1,5 @@ sshSecretName: sshkeys # name of the secret holding the ssh keys that will be used by move2kube resources -brokerName: m2k-default # name of the broker used by Knative eventing resources -brokerURL: http://broker-ingress.knative-eventing.svc.cluster.local/sonataflow-infra/m2k-default +brokerName: "" # name of the broker used by Knative eventing resources workflow: name: m2k # name of the workflow move2kubeURL: https://move2kube-route-sonataflow-infra.apps.cluster-8xfw.redhatworkshops.io # URL for move2kube instance diff --git a/docs/main/move2kube/README.md b/docs/main/move2kube/README.md index b4219789..738f3235 100644 --- a/docs/main/move2kube/README.md +++ b/docs/main/move2kube/README.md @@ -70,8 +70,9 @@ We need to use `initContainers` and `securityContext` in our Knative services to ``` #### For move2kube instance Also, `move2kube` instance runs as root so we need to allow the `default` service account to use `runAsUser`: +To know which scc is to be set to the default service account and apply it, run: ```console -oc -n ${TARGET_NS} adm policy add-scc-to-user anyuid -z default +oc -n ${TARGET_NS} adm policy add-scc-to-user $(oc -n ${TARGET_NS} get deployments m2k-save-transformation-func-v1-deployment -oyaml | "oc adm policy scc-subject-review --no-headers -o yaml --filename - | yq -r .status.allowedBy.name) -z default ``` Create the secret that holds the ssh keys: @@ -136,14 +137,14 @@ Note that the modification of the secret does not currently restart the pod, the Note that when you run the `helm upgrade` command, the values of the secret are reseted. -#### Set `M2K_ROUTE`, `K_SINK` and `BACKSTAGE_NOTIFICATIONS_URL` for the Sonataflow CR +#### Set `M2K_ROUTE` and `BACKSTAGE_NOTIFICATIONS_URL` for the Sonataflow CR The value for `BACKSTAGE_NOTIFICATIONS_URL` in the command below is using the current default value, if the name of the backstage deployment or its namespace does not match, please update the value with the correct value from your cluster. -Run the following to set `K_SINK`, `MOVE2KUBE_URL` and `BACKSTAGE_NOTIFICATIONS_URL`environment variable in the workflow: +Run the following to set `MOVE2KUBE_URL` and `BACKSTAGE_NOTIFICATIONS_URL`environment variable in the workflow: ```console BACKSTAGE_NOTIFICATIONS_URL=http://backstage-backstage.rhdh-operator BROKER_URL=$(oc -n ${TARGET_NS} get broker -o yaml | yq -r .items[0].status.address.url) -oc -n ${TARGET_NS} patch sonataflow m2k --type merge -p '{"spec": { "podTemplate": { "container": { "env": [{"name": "BACKSTAGE_NOTIFICATIONS_URL", "value": "'${BACKSTAGE_NOTIFICATIONS_URL}'"},{"name": "K_SINK", "value": "'${BROKER_URL}'"}, {"name": "MOVE2KUBE_URL", "value": "https://'${M2K_ROUTE}'"}]}}}}' +oc -n ${TARGET_NS} patch sonataflow m2k --type merge -p '{"spec": { "podTemplate": { "container": { "env": [{"name": "BACKSTAGE_NOTIFICATIONS_URL", "value": "'${BACKSTAGE_NOTIFICATIONS_URL}'"},{"name": "MOVE2KUBE_URL", "value": "https://'${M2K_ROUTE}'"}]}}}}' ``` diff --git a/docs/main/move2kube/install_m2k.sh b/docs/main/move2kube/install_m2k.sh index c31f8a00..761d1710 100755 --- a/docs/main/move2kube/install_m2k.sh +++ b/docs/main/move2kube/install_m2k.sh @@ -71,8 +71,7 @@ else "${CLUSTER_CLIENT}" -n ${TARGET_NS} patch secret "${WORKFLOW_NAME}-creds" --type merge -p '{"data": { "NOTIFICATIONS_BEARER_TOKEN": "'$("${CLUSTER_CLIENT}" get secrets -n rhdh-operator backstage-backend-auth-secret -o go-template='{{ .data.BACKEND_SECRET }}')'"}}' BACKSTAGE_NOTIFICATIONS_URL=http://backstage-backstage.rhdh-operator fi -BROKER_URL=$("${CLUSTER_CLIENT}" -n ${TARGET_NS} get broker -o yaml | yq -r .items[0].status.address.url) -"${CLUSTER_CLIENT}" -n ${TARGET_NS} patch sonataflow m2k --type merge -p '{"spec": { "podTemplate": { "container": { "env": [{"name": "BACKSTAGE_NOTIFICATIONS_URL", "value": "'${BACKSTAGE_NOTIFICATIONS_URL}'"},{"name": "K_SINK", "value": "'${BROKER_URL}'"}, {"name": "MOVE2KUBE_URL", "value": "'${M2K_ROUTE}'"}]}}}}' +"${CLUSTER_CLIENT}" -n ${TARGET_NS} patch sonataflow m2k --type merge -p '{"spec": { "podTemplate": { "container": { "env": [{"name": "BACKSTAGE_NOTIFICATIONS_URL", "value": "'${BACKSTAGE_NOTIFICATIONS_URL}'"},{"name": "MOVE2KUBE_URL", "value": "'${M2K_ROUTE}'"}]}}}}' "${CLUSTER_CLIENT}" -n ${TARGET_NS} scale deploy m2k --replicas=0 "${CLUSTER_CLIENT}" -n ${TARGET_NS} get pods "${CLUSTER_CLIENT}" -n ${TARGET_NS} describe pods -l app="${WORKFLOW_NAME}"