Merge pull request #16 from SUSE/develop

Merge PR #13, #14 and #15

.github/workflows/ci.yml

@@ -63,6 +63,7 @@ jobs:
       - name: Add dependency Helm chart repositories
         run: |
           helm repo add bitnami https://charts.bitnami.com/bitnami
+          helm repo add nfs-ganesha-server-and-external-provisioner https://kubernetes-sigs.github.io/nfs-ganesha-server-and-external-provisioner/
           helm repo update
       - name: Install Python
         uses: actions/setup-python@v5

.github/workflows/pkg.yml

@@ -48,6 +48,7 @@ jobs:
       - name: Add dependency Helm chart repositories
         run: |
           helm repo add bitnami https://charts.bitnami.com/bitnami
+          helm repo add nfs-ganesha-server-and-external-provisioner https://kubernetes-sigs.github.io/nfs-ganesha-server-and-external-provisioner/
           helm repo update
       - name: Host charts repository on GitHub Pages
         uses: helm/chart-releaser-action@v1.6.0

charts/README.md

@@ -6,6 +6,7 @@
 * [Game 2048](game-2048/README.md)
 * [Let's Encrypt](letsencrypt/README.md)
 * [NFS-Ganesha](nfs-ganesha/README.md)
+* [NFS Server Provisioner](nfs-server-provisioner/README.md)
 * [Rancher Cluster Template](rancher-cluster-templates/README.md)
 * [WordPress](wordpress/README.md)
 
@@ -22,6 +23,6 @@ helm template <releasename> . -f values.yaml -f values_mine.yaml --namespace dem
 
 # installs a chart from local source
 helm upgrade --install <releasename> . -f values.yaml \
-# --debug > output.yaml \
---create-namespace --namespace nfs-ganesha
+  # --debug > output.yaml \
+  --create-namespace --namespace nfs-ganesha
 ```

charts/nfs-server-provisioner/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: nfs-server-provisioner
+  repository: https://kubernetes-sigs.github.io/nfs-ganesha-server-and-external-provisioner/
+  version: 1.8.0
+digest: sha256:17d02ec93947c92806da70bda22b675ce7001873b0a68cb908b9714256704503
+generated: "2024-09-19T16:06:10.718178856+02:00"

charts/nfs-server-provisioner/Chart.yaml

@@ -0,0 +1,14 @@
+apiVersion: v2
+name: nfs-server-provisioner
+description: Helm chart for managing WordPress
+type: application
+version: 0.1.0
+appVersion: "4.0.8"
+dependencies:
+  - name: nfs-server-provisioner
+    version: 1.8.0
+    repository: https://kubernetes-sigs.github.io/nfs-ganesha-server-and-external-provisioner/
+home: https://github.com/SUSE/lab-setup/tree/main/charts/nfs-server-provisioner
+maintainers:
+  - name: devpro
+    email: bertrand.thomas@suse.com

charts/nfs-server-provisioner/README.md

@@ -0,0 +1,46 @@
+# NFS server provisioner
+
+This Helm chart will install [NFS Server Provisioner](https://github.com/kubernetes-sigs/nfs-ganesha-server-and-external-provisioner) in a Kubernetes cluster.
+
+## Quick start
+
+Install the application with the default settings:
+
+```bash
+# adds the repo
+helm repo add suse-lab-setup https://opensource.suse.com/lab-setup
+helm repo update
+
+# installs the chart
+helm upgrade --install nfs-server-provisioner suse-lab-setup/nfs-server-provisioner --namespace nfs-provisioner --create-namespace
+```
+
+Look at [values.yaml](values.yaml) for the configuration.
+
+Clean-up:
+
+```bash
+helm delete nfs-server-provisioner
+kubectl delete ns nfs-provisioner
+```
+
+## Upstream version update
+
+- Look for the available versions:
+
+```bash
+# adds bitnami helm chart repository
+helm repo add nfs-ganesha-server-and-external-provisioner https://kubernetes-sigs.github.io/nfs-ganesha-server-and-external-provisioner/
+helm repo update
+
+# lists available charts
+helm search repo nfs-server-provisioner
+```
+
+- Update [Chart.yaml](Chart.yaml)
+
+- Update Chart.lock file:
+
+```bash
+helm dependency update
+```

charts/nfs-server-provisioner/values.yaml

@@ -0,0 +1,7 @@
+# refers to https://github.com/kubernetes-sigs/nfs-ganesha-server-and-external-provisioner/blob/master/charts/nfs-server-provisioner/values.yaml
+nfs-server-provisioner:
+  storageClass:
+    defaultClass: true
+    mountOptions:
+      - vers=3
+      - nolock

charts/wordpress/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: wordpress
   repository: https://charts.bitnami.com/bitnami
-  version: 19.2.5
-digest: sha256:9ecd8b6020982dfb58440e219ed45aadb2856be4c8719b94b364f85fc079e557
-generated: "2024-09-04T14:30:06.1580989+02:00"
+  version: 23.1.15
+digest: sha256:75e86638c376cf1a29ffe65dd2d723e30201f21964d90b39d35a73f40c3f3e7e
+generated: "2024-09-19T16:23:42.643837319+02:00"

charts/wordpress/Chart.yaml

@@ -2,11 +2,11 @@ apiVersion: v2
 name: wordpress
 description: Helm chart for managing WordPress
 type: application
-version: 0.1.1
-appVersion: "6.4.3"
+version: 0.1.2
+appVersion: "6.6.2"
 dependencies:
   - name: wordpress
-    version: 19.2.5
+    version: 23.1.15
     repository: https://charts.bitnami.com/bitnami
 home: https://github.com/SUSE/lab-setup/tree/main/charts/wordpress
 maintainers:

charts/wordpress/README.md

@@ -36,7 +36,7 @@ wordpress:
   global:
     storageClass: azureblob-fuse
   wordpressUsername: myuser
-  wordpressBlogName: "My Wordpress!"
+  wordpressBlogName: "My WordPress!"
   existingSecret: wordpress-credentials
   ingress:
     enabled: true

scripts/README.md

@@ -3,23 +3,33 @@
 ## Bash functions
 
 Name                                           | Source
------------------------------------------------|---------------------------------------------------------------------------------------------
-`k3s_copy_kubeconfig`                          | [scripts/k3s/cluster-lifecycle.sh](scripts/k3s/cluster-lifecycle.sh)
-`k3s_create_cluster`                           | [scripts/k3s/cluster-lifecycle.sh](scripts/k3s/cluster-lifecycle.sh)
-`k8s_create_letsencryptclusterissuer`          | [scripts/kubernetes/certificate-management.sh](scripts/kubernetes/certificate-management.sh)
-`k8s_install_certmanager`                      | [scripts/kubernetes/certificate-management.sh](scripts/kubernetes/certificate-management.sh)
-`k8s_wait_fornodesandpods`                     | [scripts/kubernetes/cluster-status.sh](scripts/kubernetes/cluster-status.sh)
-`rancher_create_apikey`                        | [scripts/rancher/user-actions.sh](scripts/rancher/user-actions.sh)
-`rancher_create_customcluster`                 | [scripts/rancher/cluster-actions.sh](scripts/rancher/cluster-actions.sh)
-`rancher_first_login`                          | [scripts/rancher/manager-lifecycle.sh](scripts/rancher/manager-lifecycle.sh)
-`rancher_get_clusterid`                        | [scripts/rancher/cluster-actions.sh](scripts/rancher/cluster-actions.sh)
-`rancher_get_clusterregistrationcommand`       | [scripts/rancher/cluster-actions.sh](scripts/rancher/cluster-actions.sh)
-`rancher_install_withcertmanagerclusterissuer` | [scripts/rancher/manager-lifecycle.sh](scripts/rancher/manager-lifecycle.sh)
-`rancher_list_clusters`                        | [scripts/rancher/cluster-actions.sh](scripts/rancher/cluster-actions.sh)
-`rancher_login_withpassword`                   | [scripts/rancher/user-actions.sh](scripts/rancher/user-actions.sh)
-`rancher_update_password`                      | [scripts/rancher/user-actions.sh](scripts/rancher/user-actions.sh)
-`rancher_update_serverurl`                     | [scripts/rancher/manager-settings.sh](scripts/rancher/manager-settings.sh)
-`rancher_wait_capiready`                       | [scripts/rancher/manager-lifecycle.sh](scripts/rancher/manager-lifecycle.sh)
+-----------------------------------------------|-----------------------------------------------------------------------------
+`k3s_copy_kubeconfig`                          | [k3s/cluster_lifecycle.sh](k3s/cluster_lifecycle.sh)
+`k3s_create_cluster`                           | [k3s/cluster_lifecycle.sh](k3s/cluster_lifecycle.sh)
+`k8s_create_letsencryptclusterissuer`          | [kubernetes/certificate_management.sh](kubernetes/certificate_management.sh)
+`k8s_install_certmanager`                      | [kubernetes/certificate_management.sh](kubernetes/certificate_management.sh)
+`k8s_wait_fornodesandpods`                     | [kubernetes/cluster_status.sh](kubernetes/cluster_status.sh)
+`keycloak_login`                               | [authentication/keycloak.sh](authentication/keycloak.sh)
+`keycloak_create_user`                         | [authentication/keycloak.sh](authentication/keycloak.sh)
+`keycloak_delete_user`                         | [authentication/keycloak.sh](authentication/keycloak.sh)
+`observability_check_stackpack`                | [observability/stackpack.sh](observability/stackpack.sh)
+`observability_create_ingestion_api_key`       | [observability/api_key.sh](observability/api_key.sh)
+`observability_delete_ingestion_api_key`       | [observability/api_key.sh](observability/api_key.sh)
+`observability_delete_stackpack`               | [observability/stackpack.sh](observability/stackpack.sh)
+`observability_get_component_snapshot`         | [observability/stql.sh](observability/stql.sh)
+`observability_get_component_state`            | [observability/stql.sh](observability/stql.sh)
+`observability_install_cli`                    | [observability/cli.sh](observability/cli.sh)
+`rancher_create_apikey`                        | [rancher/user_actions.sh](rancher/user_actions.sh)
+`rancher_create_customcluster`                 | [rancher/cluster_actions.sh](rancher/cluster_actions.sh)
+`rancher_first_login`                          | [rancher/manager_lifecycle.sh](rancher/manager_lifecycle.sh)
+`rancher_get_clusterid`                        | [rancher/cluster_actions.sh](rancher/cluster_actions.sh)
+`rancher_get_clusterregistrationcommand`       | [rancher/cluster_actions.sh](rancher/cluster_actions.sh)
+`rancher_install_withcertmanagerclusterissuer` | [rancher/manager_lifecycle.sh](rancher/manager_lifecycle.sh)
+`rancher_list_clusters`                        | [rancher/cluster_actions.sh](rancher/cluster_actions.sh)
+`rancher_login_withpassword`                   | [rancher/user_actions.sh](rancher/user_actions.sh)
+`rancher_update_password`                      | [rancher/user_actions.sh](rancher/user_actions.sh)
+`rancher_update_serverurl`                     | [rancher/manager_settings.sh](rancher/manager_settings.sh)
+`rancher_wait_capiready`                       | [rancher/manager_lifecycle.sh](rancher/manager_lifecycle.sh)
 
 ## Concrete examples
 

scripts/authentication/keycloak.sh

@@ -0,0 +1,103 @@
+#!/bin/bash
+
+#######################################
+# Login to Keycloak and get an access token
+# Globals:
+#  SSO_ACCESS_TOKEN
+# Arguments:
+#   kc_url (Keycloak)
+#   kc_realm (Keycloak)
+#   kc_client_id (Keycloak)
+#   kc_client_secret (Keycloak)
+#   kc_username (Keycloak)
+#   kc_password (Keycloak)
+# Examples:
+#   keycloak_login https://sso.suse.com instruqt suse xxxxxx admin password
+#######################################
+keycloak_login() {
+    local kc_url=$1
+    local kc_realm=$2
+    local kc_client_id=$3
+    local kc_client_secret=$4
+    local kc_username=$5
+    local kc_password=$6
+
+    local response
+    response=$(curl -s -X POST "$kc_url/realms/$kc_realm/protocol/openid-connect/token" \
+        -H 'Content-Type: application/x-www-form-urlencoded' \
+        --data-urlencode "client_id=$kc_client_id" \
+        --data-urlencode "client_secret=$kc_client_secret" \
+        --data-urlencode "username=$kc_username" \
+        --data-urlencode "password=$kc_password" \
+        --data-urlencode 'grant_type=password')
+
+    echo $response | jq -r .access_token
+}
+
+#######################################
+# Create a user in Keycloak
+# Arguments:
+#   kc_url (Keycloak)
+#   kc_realm (Keycloak)
+#   kc_access_token (Keycloak)
+#   username
+#   password
+# Examples:
+#   keycloak_create_user https://sso.suse.com instruqt $SSO_ACCESS_TOKEN user password group
+#######################################
+keycloak_create_user() {
+  local kc_url=$1
+  local kc_realm=$2
+  local kc_access_token=$3
+  local username=$4
+  local password=$5
+  local group=$6
+
+  local user_request
+  user_request=$(cat <<EOF
+  {
+    "username": "$username",
+    "enabled": true,
+    "emailVerified": true,
+    "requiredActions": [],
+    "email": "$username@instruqt.suse.io",
+    "groups": ["$group"],
+    "credentials": [
+      {
+        "type": "password",
+        "value": "$password"
+      }
+    ]
+  }
+EOF
+  )
+
+  curl -s -X POST "$kc_url/admin/realms/$kc_realm/users" \
+    -H "Authorization: Bearer $kc_access_token" \
+    -H 'Content-Type: application/json' \
+    --data-binary "$user_request"
+}
+
+#######################################
+# Delete a user in Keycloak
+# Arguments:
+#   kc_url (Keycloak)
+#   kc_realm (Keycloak)
+#   kc_access_token (Keycloak)
+#   username
+# Examples:
+#   keycloak_delete_user https://sso.suse.com instruqt $SSO_ACCESS_TOKEN user
+#######################################
+keycloak_delete_user() {
+  local kc_url=$1
+  local kc_realm=$2
+  local kc_access_token=$3
+  local username=$4
+
+  local user_id
+  user_id=$(curl -s -X GET "$kc_url/admin/realms/$kc_realm/users?username=$username" \
+    -H "Authorization: Bearer $kc_access_token" | jq -r .[0].id)
+
+  curl -s -X DELETE "$kc_url/admin/realms/$kc_realm/users/$user_id" \
+    -H "Authorization: Bearer $kc_access_token"
+}

scripts/observability/api_key.sh

@@ -0,0 +1,49 @@
+#!/bin/bash
+
+#######################################
+# Create an Ingestion API key for SUSE Observability
+# Output:
+#   The ingestion API key
+# Arguments:
+#   url (SUSE Observability)
+#   service_token (SUSE Observability)
+#   cluster_name
+# Examples:
+#   observability_create_ingestion_api_key https://obs.suse.com/ xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx demo
+#######################################
+observability_create_ingestion_api_key() {
+  local url=$1
+  local service_token=$2
+  local cluster_name=$3
+
+  local resp
+  resp=$(/usr/local/bin/sts ingestion-api-key create --name $cluster_name -o json --url $url --service-token $service_token)
+
+  echo $resp | jq -r '."ingestion-api-key".apiKey'
+}
+
+#######################################
+# Delete an Ingestion API key for SUSE Observability
+# Arguments:
+#   url (SUSE Observability)
+#   service_token (SUSE Observability)
+#   cluster_name
+# Examples:
+#   observability_delete_ingestion_api_key https://obs.suse.com/ xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx demo
+#######################################
+observability_delete_ingestion_api_key() {
+  local url=$1
+  local service_token=$2
+  local cluster_name=$3
+
+  local keys key_id
+
+  keys=$(/usr/local/bin/sts ingestion-api-key list -o json --url $url --service-token $service_token)
+  key_id=$(echo $keys | jq -r '."ingestion-api-keys"[] | select(.name == "'$cluster_name'") | .id')
+  if [ -n "$key_id" ]; then
+    /usr/local/bin/sts ingestion-api-key delete --id $key_id --url $url --service-token $service_token
+    echo ">>> Ingestion API key for cluster '${cluster_name}' deleted"
+  else
+    echo ">>> Ingestion API key for cluster '${cluster_name}' not found"
+  fi
+}

scripts/observability/cli.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+#######################################
+# Install the SUSE Observability CLI
+#######################################
+observability_install_cli() {
+  if ! [ -x "$(command -v sts)" ]; then
+    curl -o- https://dl.stackstate.com/stackstate-cli/install.sh | STS_CLI_LOCATION=/usr/local/bin bash
+  else
+    echo ">>> sts CLI already installed"
+  fi
+}