Change to go full knative with the operator

Signed-off-by: gabriel-farache <[email protected]>

.gitignore

@@ -1 +1,2 @@
-*.tgz
+*.tgz
+.idea

charts/move2kube/templates/00-knative-resources.yaml

@@ -7,41 +7,6 @@ data:
     Host *
         StrictHostKeyChecking no
 ---
-apiVersion: eventing.knative.dev/v1
-kind: Trigger
-metadata:
-  name: error-trigger-{{ .Values.workflow.name }}
-spec:
-  broker: {{ .Values.brokerName }}
-  filter:
-    attributes:
-      type: error
-  subscriber:
-    ref:
-      apiVersion: v1
-      kind: Service
-      name: {{ .Values.workflow.name }}
----
-apiVersion: eventing.knative.dev/v1
-kind: Trigger
-metadata:
-  name: transformation-saved-trigger-{{ .Values.workflow.name }}
-spec:
-  broker: {{ .Values.brokerName }}
-  filter:
-    attributes:
-      type: transformation_saved
-  subscriber:
-    ref:
-      apiVersion: v1
-      kind: Service
-      name: {{ .Values.workflow.name }}
----
-apiVersion: eventing.knative.dev/v1
-kind: Broker
-metadata:
-  name: {{ .Values.brokerName }}
----
 apiVersion: serving.knative.dev/v1
 kind: Service
 metadata:
@@ -57,7 +22,6 @@ spec:
           securityContext:
             runAsUser: 0
             allowPrivilegeEscalation: true
-          securityContext:
           command: [ "sh", "-c", "cp /tmp/.ssh/id_rsa /etc/pre-install/. && chown 185 /etc/pre-install/id_rsa" ]
           volumeMounts:
             - name: ssh-priv-key

charts/move2kube/values.yaml

@@ -1,6 +1,5 @@
 sshSecretName: sshkeys # name of the secret holding the ssh keys that will be used by move2kube resources
-brokerName: m2k-default # name of the broker used by Knative eventing resources
-brokerURL: http://broker-ingress.knative-eventing.svc.cluster.local/sonataflow-infra/m2k-default
+brokerName: "" # name of the broker used by Knative eventing resources
 workflow:
   name: m2k # name of the workflow
   move2kubeURL: https://move2kube-route-sonataflow-infra.apps.cluster-8xfw.redhatworkshops.io # URL for move2kube instance

docs/main/move2kube/README.md

@@ -70,8 +70,9 @@ We need to use `initContainers` and `securityContext` in our Knative services to
 ```
 #### For move2kube instance
 Also, `move2kube` instance runs as root so we need to allow the `default` service account to use `runAsUser`:
+To know which scc is to be set to the default service account and apply it, run:
 ```console
-oc -n ${TARGET_NS} adm policy add-scc-to-user anyuid -z default
+oc -n ${TARGET_NS} adm policy add-scc-to-user $(oc -n ${TARGET_NS} get deployments m2k-save-transformation-func-v1-deployment -oyaml | oc adm policy scc-subject-review --no-headers  -o yaml --filename - | yq -r .status.allowedBy.name) -z default
 ```
 
 Create the secret that holds the ssh keys:
@@ -136,14 +137,14 @@ Note that the modification of the secret does not currently restart the pod, the
 
 Note that when you run the `helm upgrade` command, the values of the secret are reseted.
 
-#### Set `M2K_ROUTE`, `K_SINK` and `BACKSTAGE_NOTIFICATIONS_URL` for the Sonataflow CR
+#### Set `M2K_ROUTE` and `BACKSTAGE_NOTIFICATIONS_URL` for the Sonataflow CR
 
 The value for `BACKSTAGE_NOTIFICATIONS_URL` in the command below is using the current default value, if the name of the backstage deployment or its namespace does not match, please update the value with the correct value from your cluster.
 
-Run the following to set `K_SINK`, `MOVE2KUBE_URL` and `BACKSTAGE_NOTIFICATIONS_URL`environment variable in the workflow:
+Run the following to set `MOVE2KUBE_URL` and `BACKSTAGE_NOTIFICATIONS_URL`environment variable in the workflow:
 ```console
 BACKSTAGE_NOTIFICATIONS_URL=http://backstage-backstage.rhdh-operator
 BROKER_URL=$(oc -n ${TARGET_NS} get broker -o yaml | yq -r .items[0].status.address.url)
-oc -n ${TARGET_NS} patch sonataflow m2k --type merge -p '{"spec": { "podTemplate": { "container": { "env": [{"name": "BACKSTAGE_NOTIFICATIONS_URL",  "value": "'${BACKSTAGE_NOTIFICATIONS_URL}'"},{"name": "K_SINK", "value": "'${BROKER_URL}'"}, {"name": "MOVE2KUBE_URL", "value": "https://'${M2K_ROUTE}'"}]}}}}'
+oc -n ${TARGET_NS} patch sonataflow m2k --type merge -p '{"spec": { "podTemplate": { "container": { "env": [{"name": "BACKSTAGE_NOTIFICATIONS_URL",  "value": "'${BACKSTAGE_NOTIFICATIONS_URL}'"},{"name": "MOVE2KUBE_URL", "value": "https://'${M2K_ROUTE}'"}]}}}}'
 ```
 

docs/main/move2kube/install_m2k.sh

@@ -7,13 +7,14 @@ else
   echo "Deploying on k8s cluster"
 fi
 
+
 if [[ -z "${PRIV_ID_RSA_PATH}" ]]; then
-  echo 'PRIV_ID_RSA_PATH env variable must be set to the path of the private id_rsa file to use. I.e: ${HOME}/.ssh/id_rsa'
+  echo 'PRIV_ID_RSA_PATH env variable must be set to the path of the private id_rsa file to use; e.g: ${HOME}/.ssh/id_rsa'
   exit -1
 fi
 
 if [[ -z "${PUB_ID_RSA_PATH}" ]]; then
-  echo 'PUB_ID_RSA_PATH env variable must be set to the path of the public id_rsa file to use. I.e: ${HOME}/.ssh/id_rsa'
+  echo 'PUB_ID_RSA_PATH env variable must be set to the path of the public id_rsa file to use; e.g: ${HOME}/.ssh/id_rsa'
   exit -1
 fi
 
@@ -22,6 +23,11 @@ if [[ -z "${TARGET_NS}" ]]; then
   exit -1
 fi
 
+if [[ -z "${BROKER_NAME}" ]]; then
+  echo "BROKER_NAME env variable must be set to the name of the broker; e.g: kafka-broker. It supposes the broker is in the same ${TARGET_NS} namespace"
+  exit -1
+fi
+
 if [[ ! -z "${K8S_INSTALL}" ]]; then
   echo "Running on k8s, adapting the script"
 fi
@@ -35,17 +41,21 @@ fi
 M2K_INSTANCE_NS=move2kube
 WORKFLOW_NAME=m2k
 
+"${CLUSTER_CLIENT}" create ns ${M2K_INSTANCE_NS} 2> /dev/null|| echo "${M2K_INSTANCE_NS} namespace exists"
+
 "${CLUSTER_CLIENT}" patch configmap/config-features \
     -n knative-serving \
     --type merge \
     -p '{"data":{"kubernetes.podspec-init-containers": "enabled", "kubernetes.podspec-securitycontext": "enabled"}}'
 "${CLUSTER_CLIENT}" -n ${TARGET_NS} create secret generic sshkeys --from-file=id_rsa=${PRIV_ID_RSA_PATH} --from-file=id_rsa.pub=${PUB_ID_RSA_PATH}
-helm install move2kube ${M2K_HELM_REPO} -n ${TARGET_NS} --set instance.namespace=${M2K_INSTANCE_NS}
+helm install move2kube ${M2K_HELM_REPO} -n ${TARGET_NS} --set instance.namespace=${M2K_INSTANCE_NS} --set brokerName=${BROKER_NAME}
 if [ $? -ne 0 ]; then
   echo "move2kube chart already installed, run  helm delete move2kube -n ${TARGET_NS} to remove it"
   exit 1
 fi
 
+sleep 5
+
 if [[ -z "${K8S_INSTALL}" ]]; then
   "${CLUSTER_CLIENT}" -n ${TARGET_NS} adm policy add-scc-to-user $("${CLUSTER_CLIENT}" -n ${TARGET_NS} get deployments m2k-save-transformation-func-v1-deployment -oyaml | "${CLUSTER_CLIENT}" adm policy scc-subject-review --no-headers  -o yaml --filename - | yq -r .status.allowedBy.name) -z default
   "${CLUSTER_CLIENT}" -n ${M2K_INSTANCE_NS} adm policy add-scc-to-user $("${CLUSTER_CLIENT}" -n ${M2K_INSTANCE_NS} get deployments move2kube -oyaml | "${CLUSTER_CLIENT}" adm policy scc-subject-review --no-headers  -o yaml --filename - | yq -r .status.allowedBy.name) -z default
@@ -62,7 +72,7 @@ else
 fi
 
 "${CLUSTER_CLIENT}" -n ${TARGET_NS} delete ksvc m2k-save-transformation-func 
-helm upgrade move2kube ${M2K_HELM_REPO} -n ${TARGET_NS} --set workflow.move2kubeURL=${M2K_ROUTE}
+helm upgrade move2kube ${M2K_HELM_REPO} -n ${TARGET_NS} --set workflow.move2kubeURL=${M2K_ROUTE} --set brokerName=${BROKER_NAME}
 
 if [[ ! -z "${K8S_INSTALL}" ]]; then
   "${CLUSTER_CLIENT}" -n ${TARGET_NS} patch secret "${WORKFLOW_NAME}-creds" --type merge -p '{"data": { "NOTIFICATIONS_BEARER_TOKEN": "'$("${CLUSTER_CLIENT}" get secret orchestrator-auth -o jsonpath={.data.backend-secret})'"}}'
@@ -71,10 +81,6 @@ else
   "${CLUSTER_CLIENT}" -n ${TARGET_NS} patch secret "${WORKFLOW_NAME}-creds" --type merge -p '{"data": { "NOTIFICATIONS_BEARER_TOKEN": "'$("${CLUSTER_CLIENT}" get secrets -n rhdh-operator backstage-backend-auth-secret -o go-template='{{ .data.BACKEND_SECRET  }}')'"}}'
   BACKSTAGE_NOTIFICATIONS_URL=http://backstage-backstage.rhdh-operator
 fi
-BROKER_URL=$("${CLUSTER_CLIENT}" -n ${TARGET_NS} get broker -o yaml | yq -r .items[0].status.address.url)
-"${CLUSTER_CLIENT}" -n ${TARGET_NS} patch sonataflow m2k --type merge -p '{"spec": { "podTemplate": { "container": { "env": [{"name": "BACKSTAGE_NOTIFICATIONS_URL",  "value": "'${BACKSTAGE_NOTIFICATIONS_URL}'"},{"name": "K_SINK", "value": "'${BROKER_URL}'"}, {"name": "MOVE2KUBE_URL", "value": "'${M2K_ROUTE}'"}]}}}}'
+"${CLUSTER_CLIENT}" -n ${TARGET_NS} patch sonataflow m2k --type merge -p '{"spec": { "podTemplate": { "container": { "env": [{"name": "BACKSTAGE_NOTIFICATIONS_URL",  "value": "'${BACKSTAGE_NOTIFICATIONS_URL}'"},{"name": "MOVE2KUBE_URL", "value": "'${M2K_ROUTE}'"}]}}}}'
 "${CLUSTER_CLIENT}" -n ${TARGET_NS} scale deploy m2k --replicas=0
-"${CLUSTER_CLIENT}" -n ${TARGET_NS} get pods
-"${CLUSTER_CLIENT}" -n ${TARGET_NS} describe pods -l app="${WORKFLOW_NAME}"
 "${CLUSTER_CLIENT}" -n ${TARGET_NS} wait --for=condition=Ready=true pods -l app="${WORKFLOW_NAME}" --timeout=2m
-"${CLUSTER_CLIENT}" -n ${TARGET_NS} describe pods -l app="${WORKFLOW_NAME}"