diff --git a/Makefile b/Makefile deleted file mode 100644 index f676fba9..00000000 --- a/Makefile +++ /dev/null @@ -1,18 +0,0 @@ -REPO_ROOT := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) - -kind-up kind-down: export CLUSTER_NAME = ocm-gear-local -kind-up kind-update: export KUBECONFIG = $(REPO_ROOT)/local-setup/kind/kubeconfig -kind-up kind-update: export PATH_CLUSTER_CHART = $(REPO_ROOT)/local-setup/kind/cluster - -kind-up: $(KIND) $(KUBECTL) $(HELM) $(OCM) - ./local-setup/kind/kind-up.sh \ - --cluster-name $(CLUSTER_NAME) \ - --path-cluster-chart $(PATH_CLUSTER_CHART) \ - --repo-root $(REPO_ROOT) -kind-update: $(KIND) $(KUBECTL) $(HELM) $(OCM) - ./local-setup/kind/kind-update.sh \ - --path-cluster-chart $(PATH_CLUSTER_CHART) \ - --repo-root $(REPO_ROOT) -kind-down: $(KIND) - ./local-setup/kind/kind-down.sh \ - --cluster-name $(CLUSTER_NAME) diff --git a/README.md b/README.md index 3cafdcd4..2f41e624 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ for a step-by-step description on how to setup the Delivery-Service (and an exte ## Getting Started using Kind If you wish to deploy the Open Delivery Gear (Delivery-Service, Delivery-Dashboard, Delivery-DB, Extensions) in a local Kubernetes cluster using Kind, please refer to -[this guide](https://github.com/open-component-model/odg-core/blob/master/local-setup/local-setup.md). +[this guide](https://github.com/open-component-model/open-delivery-gear/tree/main/local-setup). # REST-API-Documentation diff --git a/docs/local_setup.rst b/docs/local_setup.rst index d713c29e..4c43411b 100644 --- a/docs/local_setup.rst +++ b/docs/local_setup.rst @@ -10,7 +10,7 @@ In order to start with the set-up first clone the `ODG core repository `_ + `_ guide instead. Prerequisites diff --git a/local-setup/kind/cluster/Chart.yaml b/local-setup/kind/cluster/Chart.yaml deleted file mode 100644 index 428bac20..00000000 --- a/local-setup/kind/cluster/Chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v2 -name: kind -description: A helm chart for a kind cluster -type: application -version: 0.1.0 -appVersion: 0.1.0 diff --git a/local-setup/kind/cluster/delivery-db-pv/pv.yaml b/local-setup/kind/cluster/delivery-db-pv/pv.yaml deleted file mode 100644 index 8f5e5db1..00000000 --- a/local-setup/kind/cluster/delivery-db-pv/pv.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: pv-delivery-db-0 -spec: - accessModes: - - ReadWriteOnce - capacity: - storage: 8Gi - hostPath: - path: /var/delivery-db - type: DirectoryOrCreate - persistentVolumeReclaimPolicy: Delete - storageClassName: standard - volumeMode: Filesystem diff --git a/local-setup/kind/cluster/delivery-db-pv/pvc.yaml b/local-setup/kind/cluster/delivery-db-pv/pvc.yaml deleted file mode 100644 index da691d15..00000000 --- a/local-setup/kind/cluster/delivery-db-pv/pvc.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: pvc-delivery-db-0 -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 8Gi - storageClassName: standard - volumeMode: Filesystem diff --git a/local-setup/kind/cluster/templates/_extra_mounts.tpl b/local-setup/kind/cluster/templates/_extra_mounts.tpl deleted file mode 100644 index 0c09a87e..00000000 --- a/local-setup/kind/cluster/templates/_extra_mounts.tpl +++ /dev/null @@ -1,4 +0,0 @@ -{{- define "extraMounts.delivery-db" -}} -- hostPath: /var/delivery-db - containerPath: /var/delivery-db # has to match the spec.hostPath.path in the persistent volume -{{- end -}} diff --git a/local-setup/kind/cluster/templates/_extra_port_mappings.tpl b/local-setup/kind/cluster/templates/_extra_port_mappings.tpl deleted file mode 100644 index b9c85323..00000000 --- a/local-setup/kind/cluster/templates/_extra_port_mappings.tpl +++ /dev/null @@ -1,4 +0,0 @@ -{{- define "extraPortMappings.delivery-dashboard" -}} -- containerPort: 80 - hostPort: 80 -{{- end -}} diff --git a/local-setup/kind/cluster/templates/_kubeadm_config_patches.tpl b/local-setup/kind/cluster/templates/_kubeadm_config_patches.tpl deleted file mode 100644 index f60410a6..00000000 --- a/local-setup/kind/cluster/templates/_kubeadm_config_patches.tpl +++ /dev/null @@ -1,13 +0,0 @@ -{{- define "kubeadmConfigPatches" -}} -- | - kind: InitConfiguration - nodeRegistration: - kubeletExtraArgs: - node-labels: "ingress-ready=true" -- | - apiVersion: kubelet.config.k8s.io/v1beta1 - kind: KubeletConfiguration - serializeImagePulls: false # allow multiple image pulls at at time - registryPullQPS: 10 - registryBurst: 20 -{{- end -}} diff --git a/local-setup/kind/cluster/templates/cluster.yaml b/local-setup/kind/cluster/templates/cluster.yaml deleted file mode 100644 index 178cc053..00000000 --- a/local-setup/kind/cluster/templates/cluster.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: kind.x-k8s.io/v1alpha4 -kind: Cluster -nodes: -- role: control-plane - image: {{ .Values.image }} - extraPortMappings: -{{ include "extraPortMappings.delivery-dashboard" . | indent 2 }} - kubeadmConfigPatches: -{{ include "kubeadmConfigPatches" . | indent 2 }} - -{{- range $i, $e := until (.Values.workers | int) }} -- role: worker - image: {{ $.Values.image }} - extraMounts: -{{ include "extraMounts.delivery-db" $ | indent 2 }} - kubeadmConfigPatches: -{{ include "kubeadmConfigPatches" . | indent 2 }} -{{- end }} diff --git a/local-setup/kind/cluster/values-bootstrapping.yaml b/local-setup/kind/cluster/values-bootstrapping.yaml deleted file mode 100644 index 6c26eeb8..00000000 --- a/local-setup/kind/cluster/values-bootstrapping.yaml +++ /dev/null @@ -1,211 +0,0 @@ -extensions_cfg: - defaults: - delivery_dashboard_url: http://localhost - delivery_service_url: http://delivery-service.delivery.svc.cluster.local:8080 - access_manager: - enabled: True - artefact_enumerator: - components: - - component_name: ocm.software/ocm-gear - - component_name: ocm.software/ocmcli - backlog_controller: - enabled: True - bdba: - enabled: False # disable in default because of missing BDBA credentials - mappings: - - prefix: '' - group_id: -1 - cache_manager: - prefill_function_caches: - components: - - component_name: ocm.software/ocm-gear - - component_name: ocm.software/ocmcli - clamav: - enabled: False # disable in default because of high memory - mappings: - - prefix: '' - crypto: - enabled: False # disable in default because of high memory - mappings: - - prefix: '' - standards: - - name: FIPS - version: 140-3 - ref: - path: odg/crypto_defaults.yaml - - name: NCS - version: '1.0' - ref: - path: odg/crypto_defaults.yaml - libraries: - - ref: - path: odg/crypto_defaults.yaml - delivery_db_backup: - enabled: False # disable in default because of missing `component_name` and `ocm_repo_url` - component_name: '' - ocm_repo_url: '' - backup_retention_count: 1 - ghas: - enabled: False - odg_operator: - enabled: False - osid: - enabled: False # disable in default because of high memory - responsibles: - enabled: True - sast: - enabled: True - issue_replicator: - enabled: False # disable in default because of missing `github_repository` - mappings: - - prefix: '' - github_repository: '' - -findings: - - type: finding/vulnerability - issues: - enable_assignees: false - categorisations: &gardener_default - cfg_name: gardener - ref: - path: odg/defaults.yaml - rescoring_ruleset: - <<: *gardener_default - - type: finding/license - issues: - enable_assignees: false - categorisations: - <<: *gardener_default - - type: finding/malware - issues: - enable_assignees: false - categorisations: - <<: *gardener_default - - type: finding/osid - issues: - enable_assignees: false - categorisations: - <<: *gardener_default - - type: finding/sast - issues: - enable_assignees: false - categorisations: - <<: *gardener_default - default_scope: single - -ocm_repo_mappings: - - type: virtual - name: - selectors: - - version_filter_overwrite: semver_releases - - repository: ghcr.io/open-component-model/ocm - prefixes: ocm.software/ocmcli - - repository: europe-docker.pkg.dev/gardener-project/releases - - repository: europe-docker.pkg.dev/gardener-project/snapshots - -features_cfg: - specialComponents: - - id: f7e84fdb-69fe-4837-b1c2-58cf4e58e5c7 - name: ocm.software/ocm-gear - displayName: OCM Gear - type: OCM Gear - version: greatest - icon: home - dependencies: [] - - id: 8ca887cf-0d09-4f28-bc88-727aa3e30a26 - name: ocm.software/ocmcli - displayName: OCM Cli - type: OCM Core - version: greatest - icon: home - dependencies: [] - sprints: - sprint_name_pattern: '%y%S%C' - meta: - offsets: - - name: release_decision - display_name: Release Decision - offset_days: -1 - -addressbook: - - name: My name - email: my-name@my-domain.com - github: - public: my-github-username - -github_mappings: - - name: public - api_url: https://api.github.com - -profiles: - - name: default - finding_types: - - finding/crypto - - finding/diki - - finding/falco - - finding/kyverno - - finding/ghas - - finding/inventory - - finding/license - - finding/malware - - finding/osid - - finding/sast - - finding/vulnerability - special_component_ids: - - f7e84fdb-69fe-4837-b1c2-58cf4e58e5c7 - - 8ca887cf-0d09-4f28-bc88-727aa3e30a26 - -secrets: - # bdba: - # local: - # api_url: ... - # token: ... - # group_ids: - # - ... - delivery-db: - local: - username: postgres - password: password-123 - github: - github_com: - api_url: https://api.github.com - http_url: https://github.com - repo_urls: ['.*'] - username: ... - auth_token: ... - oauth-cfg: - local: - client_id: ... - client_secret: ... - api_url: https://api.github.com - type: github - name: GitHub - role_bindings: - - roles: - - admin - subjects: - - type: github-org - name: ... - - type: github-team - name: ... - - type: github-user - name: ... - oci-registry: - local: - image_reference_prefixes: - - europe-docker.pkg.dev/gardener-project - privileges: readonly - username: ... - password: ... - signing-cfg: - local: - id: '0' - algorithm: RS256 - private_key: | - -----BEGIN RSA PRIVATE KEY----- - ... - -----END RSA PRIVATE KEY----- - public_key: | - -----BEGIN PUBLIC KEY----- - ... - -----END PUBLIC KEY----- diff --git a/local-setup/kind/cluster/values-delivery-dashboard.yaml b/local-setup/kind/cluster/values-delivery-dashboard.yaml deleted file mode 100644 index e11d21a8..00000000 --- a/local-setup/kind/cluster/values-delivery-dashboard.yaml +++ /dev/null @@ -1,4 +0,0 @@ -host: localhost - -envVars: - REACT_APP_DELIVERY_SERVICE_API_URL: http://localhost:5000 diff --git a/local-setup/kind/cluster/values-delivery-db.yaml b/local-setup/kind/cluster/values-delivery-db.yaml deleted file mode 100644 index 2b9cbc8d..00000000 --- a/local-setup/kind/cluster/values-delivery-db.yaml +++ /dev/null @@ -1,40 +0,0 @@ -fullnameOverride: delivery-db - -auth: - existingSecret: delivery-db-password - -image: - registry: europe-docker.pkg.dev/gardener-project/releases - repository: odg/postgres - tag: 16.8.0 - -global: - security: - allowInsecureImages: True -# data-dir overwrite required to use official postgres images with bitnami provided helmcharts -# see: https://github.com/bitnami/charts/tree/1765929fa8cf37819309ff975ebf0a8dfcf7824d/bitnami/postgresql#deploy-chart-using-docker-official-postgresql-image -postgresqlDataDir: /data/pgdata -primary: - persistence: - mountPath: /data/ - containerSecurityContext: - # this is an intermediate workaround to restore behaviour from previously used helmchart version 10.12.4 - # see: https://github.com/bitnami/charts/tree/main/bitnami/postgresql#to-1500 - # if true, postgres cannot create lock files (at least on alpine-based image) - # "could not create lock file "/var/run/postgresql/.s.PGSQL.5432.lock": Read-only file system" - # - # TODO: make root filesystem read-only again and rather use config means to overwrite lock-file path - readOnlyRootFilesystem: false - resources: - requests: - cpu: 250m - memory: 256Mi - -# configuration of custom persistent volume claim (pvc) required to ensure a stable pvc name across -# cluster re-creations (-> this allows using a stable host file mount on the host) -persistence: - existingClaim: pvc-delivery-db-0 - -# required for the delivery-db pod to have write access to the custom pvc -volumePermissions: - enabled: true diff --git a/local-setup/kind/cluster/values-delivery-service.yaml b/local-setup/kind/cluster/values-delivery-service.yaml deleted file mode 100644 index 7ac47ebf..00000000 --- a/local-setup/kind/cluster/values-delivery-service.yaml +++ /dev/null @@ -1 +0,0 @@ -host: delivery-service diff --git a/local-setup/kind/cluster/values-extensions.yaml b/local-setup/kind/cluster/values-extensions.yaml deleted file mode 100644 index b7bb8052..00000000 --- a/local-setup/kind/cluster/values-extensions.yaml +++ /dev/null @@ -1,28 +0,0 @@ -access-manager: - enabled: True -artefact-enumerator: - enabled: True -backlog-controller: - enabled: True -bdba: - enabled: False -cache-manager: - enabled: True -clamav: - enabled: False -crypto: - enabled: False -delivery-db-backup: - enabled: False -ghas: - enabled: False -issue-replicator: - enabled: False -odg-operator: - enabled: False -osid: - enabled: True -responsibles: - enabled: True -sast: - enabled: True diff --git a/local-setup/kind/cluster/values.yaml b/local-setup/kind/cluster/values.yaml deleted file mode 100644 index d0683bcd..00000000 --- a/local-setup/kind/cluster/values.yaml +++ /dev/null @@ -1,3 +0,0 @@ -image: kindest/node:v1.33.1 - -workers: 1 diff --git a/local-setup/kind/kind-down.sh b/local-setup/kind/kind-down.sh deleted file mode 100755 index e1db4388..00000000 --- a/local-setup/kind/kind-down.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -CLUSTER_NAME="" - -parse_flags() { - while test $# -gt 0; do - case "$1" in - --cluster-name) - shift; CLUSTER_NAME="$1" - ;; - esac - - shift - done -} - -parse_flags "$@" - -kind delete cluster \ - --name "$CLUSTER_NAME" diff --git a/local-setup/kind/kind-up.sh b/local-setup/kind/kind-up.sh deleted file mode 100755 index 5f7e53d4..00000000 --- a/local-setup/kind/kind-up.sh +++ /dev/null @@ -1,85 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -CLUSTER_NAME="" -CHART="" -REPO_ROOT="" - -parse_flags() { - while test $# -gt 0; do - case "$1" in - --cluster-name) - shift; CLUSTER_NAME="$1" - ;; - --path-cluster-chart) - shift; CHART="$1" - ;; - --repo-root) - shift; REPO_ROOT="$1" - ;; - esac - - shift - done -} - -parse_flags "$@" - -kind create cluster \ - --name "$CLUSTER_NAME" \ - --config <(helm template $CHART) - -NAMESPACE="${NAMESPACE:-delivery}" - -kubectl create ns $NAMESPACE -kubectl config set-context --current --namespace=$NAMESPACE - -OCM_GEAR_COMPONENT_REF="europe-docker.pkg.dev/gardener-project/releases//ocm.software/ocm-gear" -OCM_GEAR_VERSION="${OCM_GEAR_VERSION:-$(ocm show versions ${OCM_GEAR_COMPONENT_REF} | tail -1)}" -COMPONENT_DESCRIPTORS=$(ocm get cv ${OCM_GEAR_COMPONENT_REF}:${OCM_GEAR_VERSION} -o yaml -r) -echo "Installing OCM-Gear with version $OCM_GEAR_VERSION" - -BOOTSTRAPPING_CHART=$(echo "${COMPONENT_DESCRIPTORS}" | yq eval '.component.resources.[] | select(.name == "bootstrapping" and .type | test("helmChart")) | .access.imageReference') -DELIVERY_SERVICE_CHART=$(echo "${COMPONENT_DESCRIPTORS}" | yq eval '.component.resources.[] | select(.name == "delivery-service" and .type | test("helmChart")) | .access.imageReference') -DELIVERY_DASHBOARD_CHART=$(echo "${COMPONENT_DESCRIPTORS}" | yq eval '.component.resources.[] | select(.name == "delivery-dashboard" and .type | test("helmChart")) | .access.imageReference') -EXTENSIONS_CHART=$(echo "${COMPONENT_DESCRIPTORS}" | yq eval '.component.resources.[] | select(.name == "extensions" and .type | test("helmChart")) | .access.imageReference') -DELIVERY_DATABASE_CHART=$(echo "${COMPONENT_DESCRIPTORS}" | yq eval '.component.resources.[] | select(.name == "postgresql" and .type | test("helmChart")) | .access.imageReference') - -echo ">>> Installing bootstrapping chart from ${BOOTSTRAPPING_CHART}" -helm upgrade -i bootstrapping oci://${BOOTSTRAPPING_CHART%:*} \ - --namespace ${NAMESPACE} \ - --version ${BOOTSTRAPPING_CHART#*:} \ - --values ${CHART}/values-bootstrapping.yaml - -echo ">>> Installing delivery-database from ${DELIVERY_DATABASE_CHART}" -# First, install custom pv and pvc to allow re-usage of host's filesystem mount -kubectl apply -f "${CHART}/delivery-db-pv" --namespace $NAMESPACE -helm upgrade -i delivery-db oci://${DELIVERY_DATABASE_CHART%:*} \ - --namespace $NAMESPACE \ - --version ${DELIVERY_DATABASE_CHART#*:} \ - --values ${CHART}/values-delivery-db.yaml - -echo ">>> Installing delivery-service from ${DELIVERY_SERVICE_CHART}" -helm upgrade -i delivery-service oci://${DELIVERY_SERVICE_CHART%:*} \ - --namespace $NAMESPACE \ - --version ${DELIVERY_SERVICE_CHART#*:} \ - --values ${CHART}/values-delivery-service.yaml -echo "Waiting for delivery-service to become ready, this can take up to 3 minutes..." -kubectl rollout status deployment delivery-service \ - --namespace $NAMESPACE \ - --timeout=180s - -echo ">>> Installing delivery-dashboard from ${DELIVERY_DASHBOARD_CHART}" -helm upgrade -i delivery-dashboard oci://${DELIVERY_DASHBOARD_CHART%:*} \ - --namespace $NAMESPACE \ - --version ${DELIVERY_DASHBOARD_CHART#*:} \ - --values ${CHART}/values-delivery-dashboard.yaml - -echo ">>> Installing extensions from ${EXTENSIONS_CHART}" -helm upgrade -i extensions oci://${EXTENSIONS_CHART%:*} \ - --namespace $NAMESPACE \ - --version ${EXTENSIONS_CHART#*:} \ - --values ${CHART}/values-extensions.yaml - -kubectl port-forward service/delivery-service 5000:8080 > /dev/null & diff --git a/local-setup/kind/kind-update.sh b/local-setup/kind/kind-update.sh deleted file mode 100755 index 973da79c..00000000 --- a/local-setup/kind/kind-update.sh +++ /dev/null @@ -1,79 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -CHART="" -REPO_ROOT="" - -parse_flags() { - while test $# -gt 0; do - case "$1" in - --path-cluster-chart) - shift; CHART="$1" - ;; - --repo-root) - shift; REPO_ROOT="$1" - ;; - esac - - shift - done -} - -parse_flags "$@" - -NAMESPACE="${NAMESPACE:-delivery}" - -OCM_GEAR_COMPONENT_REF="europe-docker.pkg.dev/gardener-project/releases//ocm.software/ocm-gear" -OCM_GEAR_VERSION="${OCM_GEAR_VERSION:-$(ocm show versions ${OCM_GEAR_COMPONENT_REF} | tail -1)}" -COMPONENT_DESCRIPTORS=$(ocm get cv ${OCM_GEAR_COMPONENT_REF}:${OCM_GEAR_VERSION} -o yaml -r) -echo "Installing OCM-Gear with version $OCM_GEAR_VERSION" - -BOOTSTRAPPING_CHART=$(echo "${COMPONENT_DESCRIPTORS}" | yq eval '.component.resources.[] | select(.name == "bootstrapping" and .type | test("helmChart")) | .access.imageReference') -DELIVERY_SERVICE_CHART=$(echo "${COMPONENT_DESCRIPTORS}" | yq eval '.component.resources.[] | select(.name == "delivery-service" and .type | test("helmChart")) | .access.imageReference') -DELIVERY_DASHBOARD_CHART=$(echo "${COMPONENT_DESCRIPTORS}" | yq eval '.component.resources.[] | select(.name == "delivery-dashboard" and .type | test("helmChart")) | .access.imageReference') -EXTENSIONS_CHART=$(echo "${COMPONENT_DESCRIPTORS}" | yq eval '.component.resources.[] | select(.name == "extensions" and .type | test("helmChart")) | .access.imageReference') -DELIVERY_DATABASE_CHART=$(echo "${COMPONENT_DESCRIPTORS}" | yq eval '.component.resources.[] | select(.name == "postgresql" and .type | test("helmChart")) | .access.imageReference') - -kubectl config set-context --current --namespace=$NAMESPACE - -echo ">>> Installing bootstrapping chart from ${BOOTSTRAPPING_CHART}" -helm upgrade -i bootstrapping oci://${BOOTSTRAPPING_CHART%:*} \ - --namespace ${NAMESPACE} \ - --version ${BOOTSTRAPPING_CHART#*:} \ - --values ${CHART}/values-bootstrapping.yaml - -echo ">>> Installing delivery-database from ${DELIVERY_DATABASE_CHART}" -# First, install custom pv and pvc to allow re-usage of host's filesystem mount -kubectl apply -f "${CHART}/delivery-db-pv" --namespace $NAMESPACE -helm upgrade -i delivery-db oci://${DELIVERY_DATABASE_CHART%:*} \ - --namespace $NAMESPACE \ - --version ${DELIVERY_DATABASE_CHART#*:} \ - --values ${CHART}/values-delivery-db.yaml - -echo ">>> Installing delivery-service from ${DELIVERY_SERVICE_CHART}" -helm upgrade -i delivery-service oci://${DELIVERY_SERVICE_CHART%:*} \ - --namespace $NAMESPACE \ - --version ${DELIVERY_SERVICE_CHART#*:} \ - --values ${CHART}/values-delivery-service.yaml -kubectl rollout restart deployment delivery-service # required to use updated configuration -echo "Waiting for delivery-service to become ready, this can take up to 3 minutes..." -kubectl rollout status deployment delivery-service \ - --namespace $NAMESPACE \ - --timeout=180s - -echo ">>> Installing delivery-dashboard from ${DELIVERY_DASHBOARD_CHART}" -helm upgrade -i delivery-dashboard oci://${DELIVERY_DASHBOARD_CHART%:*} \ - --namespace $NAMESPACE \ - --version ${DELIVERY_DASHBOARD_CHART#*:} \ - --values ${CHART}/values-delivery-dashboard.yaml - -echo ">>> Installing extensions from ${EXTENSIONS_CHART}" -helm upgrade -i extensions oci://${EXTENSIONS_CHART%:*} \ - --namespace $NAMESPACE \ - --version ${EXTENSIONS_CHART#*:} \ - --values ${CHART}/values-extensions.yaml - -# port-forward to the new delivery-service pods -lsof -i tcp:5000 | grep kubectl | awk 'NR!=1 {print $2}' | xargs kill -kubectl port-forward service/delivery-service 5000:8080 > /dev/null & diff --git a/local-setup/local-setup.md b/local-setup/local-setup.md deleted file mode 100644 index a60c5a6a..00000000 --- a/local-setup/local-setup.md +++ /dev/null @@ -1,137 +0,0 @@ -# Deploying the OCM-Gear locally - -This guide will help you deploy a custom OCM-Gear on your local machine using -[kind](https://kind.sigs.k8s.io/). If you encounter any problems, please feel -free to [open an issue](https://github.com/open-component-model/delivery-service/issues/new?assignees=&labels=kind%2Fenhancement&projects=&template=enhancement_request.md) -so that we can improve this process or documentation. - -## Prerequisites -To get started, you first of all need to install the required toolchain: -- [kubectl](https://kubernetes.io/docs/tasks/tools) -- [kind](https://kind.sigs.k8s.io/docs/user/quick-start/#installation) -- [helm](https://helm.sh/docs/intro/install) -- [ocm cli](https://github.com/open-component-model/ocm-cli) (only required if -no specific version is set using the environment variable `OCM_GEAR_VERSION`) - -## Configuration -To customize the OCM-Gear according to your needs, you have to adjust the -value files [here](https://github.com/open-component-model/delivery-service/tree/master/local-setup/kind/cluster). -There are already reasonable defaults set for most entries, however, following -entries must still be provided: -- GitHub credentials to ensure repository access under `.secrets.github` -[here](https://github.com/open-component-model/delivery-service/blob/master/local-setup/kind/cluster/values-bootstrapping.yaml) -- OCI registry credentials to access desired component descriptors and resources under `secrets.oci-registry` -[here](https://github.com/open-component-model/delivery-service/blob/master/local-setup/kind/cluster/values-bootstrapping.yaml) -- GitHub App credentials to allow OAuth - (1) Go to your GitHub organization's settings - (2) Developer settings -> GitHub Apps -> New GitHub App - (3) Fill in the form ("Callback URL" -> `http://localhost`, "Request user - authorization (OAuth) during installation" -> `True`, other checkboxes -> `False`) - (4) Fill in `client_id`, `client_secret` and desired `role_bindings` under `secrets.oauth-cfg` - [here](https://github.com/open-component-model/delivery-service/blob/master/local-setup/kind/cluster/values-bootstrapping.yaml) - (5) Generate a RSA key pair and store it under `secrets.signing-cfg` - [here](https://github.com/open-component-model/delivery-service/blob/master/local-setup/kind/cluster/values-bootstrapping.yaml) - -> `ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key && openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub` - -## Start-Up -To create a local Kubernetes cluster and deploy the OCM-Gear, you have to run -`make kind-up`. If you want to deploy a specific version of the OCM-Gear, you -have to set the enviroment variable `OCM_GEAR_VERSION`. Otherwise, the ocm cli -is used to retrieve the greatest version. Upon execution, this command will -create `/local-setup/kind/kubeconfig` which can be used to interact -with the OCM-Gear cluster. Also, it will forward the delivery-service to -`http://localhost:5000`. - -## Configuration Update -To update the OCM-Gear deployment in case your local configuration has changed, -just run the `make kind-update` command. This will upgrade the existing helm -charts and re-apply your configuration settings without the need to re-create -your kind cluster. - -## Termination -If you wish to stop the OCM-Gear and delete the kind cluster, you have to run -`make kind-down`. However, this will _not_ delete the delivery-db storage since -it is permanently stored on the host machine. To also clear the delivery-db -storage, you have to delete the `/var/delivery-db` directory. - -## Extensions -OCM-Gear extensions can be dynamically added to your installation. However, some -extensions require the presence of another extension or extra configuration to -work properly. The basic configuration of the extensions is done via `extensions_cfg` -in [`values-bootstrapping.yaml`](https://github.com/open-component-model/delivery-service/blob/master/local-setup/kind/cluster/values-bootstrapping.yaml) -as well as the enablement in [`values-extensions.yaml`](https://github.com/open-component-model/delivery-service/blob/master/local-setup/kind/cluster/values-extensions.yaml). - -### Access Manager -> Requires: - - -To set up the access manager, you just need to set the `access-manager.enabled` flag -and add configuration (if desired) via `extensions_cfg.access_manager`. - -### Artefact Enumerator -> Requires: - - -To set up the artefact enumerator, you need to set the -`artefact-enumerator.enabled` flag. Also, you'll need to add extra configuration -via `extensions_cfg.artefactEnumerator`. Basically, this is to specify which OCM -components should be processed by the other OCM-Gear extensions in a regular manner. - -### Backlog Controller -> Requires: - - -To set up the backlog controller, you just need to set the -`backlog-controller.enabled` flag. That's it. - -### BDBA -> Requires: Artefact Enumerator, Backlog Controller - -To set up the BDBA scanner, you first of all need to add correspondig BDBA -credentials under `secrets.bdba` [here](https://github.com/open-component-model/delivery-service/blob/master/local-setup/kind/cluster/values-bootstrapping.yaml). -Then, you'll have to specify the configuration via `extensions_cfg.bdba` and set -the `bdba.enabled` flag. - -### Cache Manager -> Requires: - - -To set up the cache manager, you just need to set the `cache-manager.enabled` flag -and add configuration (if desired) via `extensions_cfg.cache_manager`. - -### ClamAV -> Requires: Artefact Enumerator, Backlog Controller - -To set up the ClamAV scanner, you need to set the `clamav.enabled` flag and add -configuration (if desired) via `extensions_cfg.clamav`. - -### Delivery-DB Backup -> Requires: - - -To enable the delivery-db backup extension, you have to set the -`delivery-db-backup.enabled` flag and add configuration via -`extensions_cfg.delivery_db_backup`. You have to make sure you have provided OCI -registry credentials provided via the OCI registry secrets which have write -permissions to the OCI registry the backup component should be published to. - -### GitHub Issues -> Requires: Artefact Enumerator, Backlog Controller - -To set up the GitHub issues extension, you need to add the configuration via -`extensions_cfg.issue_replicator`. Also, you have to make sure you have provided -GitHub credentials via the GitHub secrets which have write permissions to the -repositories specified under `extensions_cfg.issue_replicator.mappings.[].github_repository`. - -### SAST -> Requires: Artefact Enumerator, Backlog Controller - -To set up the SAST scanner, you need to set the `sast.enabled` flag and add -configuration (if desired) via `extensions_cfg.sast`. - -### Responsibles -> Requires: Artefact Enumerator, Backlog Controller - -To set up the responsibles extension, you have to set the `responsibles.enabled` flag -and add configuration (if desired) via `extensions_cfg.responsibles`. - -### GHAS -> Requires: - - -To set up the GitHub Advanced Security secret scanner, you need to set the `ghas.enabled` flag and add -configuration (if desired) via `extensions_cfg.ghas`.