From afe8064d3625cf68c4618db7a07950fc1c701ea1 Mon Sep 17 00:00:00 2001 From: Wayne Starr Date: Mon, 16 Sep 2024 15:47:30 -0600 Subject: [PATCH 1/5] feat: allow service ports to be overridden in test bundles --- bundles/k3d-slim-dev/uds-bundle.yaml | 18 ++++++++++++++++++ bundles/k3d-standard/uds-bundle.yaml | 18 ++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/bundles/k3d-slim-dev/uds-bundle.yaml b/bundles/k3d-slim-dev/uds-bundle.yaml index 98e9ed010..921f373c2 100644 --- a/bundles/k3d-slim-dev/uds-bundle.yaml +++ b/bundles/k3d-slim-dev/uds-bundle.yaml @@ -55,6 +55,24 @@ packages: - name: TENANT_TLS_KEY description: "The TLS key for the tenant gateway (must be base64 encoded)" path: tls.key + gateway: + variables: + - name: TENANT_SERVICE_PORTS + description: "The ports that are exposed from the tenant gateway LoadBalancer (useful for non-HTTP(S) traffic)" + path: "service.ports" + default: + - name: status-port + port: 15021 + protocol: TCP + targetPort: 15021 + - name: http2 + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 keycloak: keycloak: variables: diff --git a/bundles/k3d-standard/uds-bundle.yaml b/bundles/k3d-standard/uds-bundle.yaml index 62f6fa77b..721a7fb41 100644 --- a/bundles/k3d-standard/uds-bundle.yaml +++ b/bundles/k3d-standard/uds-bundle.yaml @@ -94,6 +94,24 @@ packages: - name: TENANT_TLS_KEY description: "The TLS key for the tenant gateway (must be base64 encoded)" path: tls.key + gateway: + variables: + - name: TENANT_SERVICE_PORTS + description: "The ports that are exposed from the tenant gateway LoadBalancer (useful for non-HTTP(S) traffic)" + path: "service.ports" + default: + - name: status-port + port: 15021 + protocol: TCP + targetPort: 15021 + - name: http2 + port: 80 + protocol: TCP + targetPort: 80 + - name: https + port: 443 + protocol: TCP + targetPort: 443 keycloak: keycloak: variables: From 63e93a7add68e2bac01193c59846812878a15451 Mon Sep 17 00:00:00 2001 From: Wayne Starr Date: Mon, 16 Sep 2024 15:50:53 -0600 Subject: [PATCH 2/5] update docs --- bundles/k3d-standard/README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bundles/k3d-standard/README.md b/bundles/k3d-standard/README.md index efc2f2eea..265a3c1ae 100644 --- a/bundles/k3d-standard/README.md +++ b/bundles/k3d-standard/README.md @@ -43,6 +43,9 @@ This bundle is used for demonstration, development, and testing of UDS Core. In | `TENANT_TLS_CERT` | The TLS cert for the tenant gateway (must be base64 encoded) | tls.cert | | `TENANT_TLS_KEY` | The TLS key for the tenant gateway (must be base64 encoded) | tls.key | +##### istio-tenant-gateway (gateway) +| `TENANT_SERVICE_PORTS` | The ports that are exposed from the tenant gateway LoadBalancer (useful for non-HTTP(S) traffic) | service.ports | + ## Override Examples: From 18760c52c771bcc05f3a76b884e8dbc7c27d8820 Mon Sep 17 00:00:00 2001 From: Wayne Starr Date: Mon, 16 Sep 2024 15:56:56 -0600 Subject: [PATCH 3/5] correct docs --- bundles/k3d-slim-dev/README.md | 42 +++++++++++++++++++++++++++++++++- bundles/k3d-standard/README.md | 13 +++++++++++ 2 files changed, 54 insertions(+), 1 deletion(-) diff --git a/bundles/k3d-slim-dev/README.md b/bundles/k3d-slim-dev/README.md index 453816ca2..574540218 100644 --- a/bundles/k3d-slim-dev/README.md +++ b/bundles/k3d-slim-dev/README.md @@ -14,7 +14,47 @@ The k3d uds-dev-stack provides: - [MetalLB](https://metallb.universe.tf/) - Provides type: LoadBalancer for cluster resources and Istio Gateways - [HAProxy](https://www.haproxy.org/) - Utilizes k3d host port mapping to bind ports 80 and 443, facilitating local FQDN-based routing through ACLs to MetalLB load balancer backends for Istio Gateways serving *.uds.dev, keycloak.uds.dev, and *.admin.uds.dev. -## Configuration +## Available Overrides +### Package: uds-k3d +##### uds-dev-stack (minio) +| Variable | Description | Path | +|----------|-------------|------| +| `BUCKETS` | Set Minio Buckets | buckets | +| `SVCACCTS` | Minio Service Accounts | svcaccts | +| `USERS` | Minio Users | users | +| `POLICIES` | Minio policies | policies | + + +### Package: core + +##### istio-admin-gateway (uds-istio-config) +| Variable | Description | Path | +|----------|-------------|------| +| `ADMIN_TLS_CERT` | The TLS cert for the admin gateway (must be base64 encoded) | tls.cert | +| `ADMIN_TLS_KEY` | The TLS key for the admin gateway (must be base64 encoded) | tls.key | + +##### istio-tenant-gateway (uds-istio-config) +| Variable | Description | Path | +|----------|-------------|------| +| `TENANT_TLS_CERT` | The TLS cert for the tenant gateway (must be base64 encoded) | tls.cert | +| `TENANT_TLS_KEY` | The TLS key for the tenant gateway (must be base64 encoded) | tls.key | + +##### istio-tenant-gateway (gateway) +| Variable | Description | Path | +|----------|-------------|------| +| `TENANT_SERVICE_PORTS` | The ports that are exposed from the tenant gateway LoadBalancer (useful for non-HTTP(S) traffic) | service.ports | + +##### keycloak (keycloak) +| Variable | Description | Path | +|----------|-------------|------| +| `INSECURE_ADMIN_PASSWORD_GENERATION` | Generate an insecure admin password for dev/test | `insecureAdminPasswordGeneration.enabled` | +| `KEYCLOAK_HA` | Enable Keycloak HA | `autoscaling.enabled` | +| `KEYCLOAK_PG_USERNAME` | Keycloak Postgres username | `postgresql.username` | +| `KEYCLOAK_PG_PASSWORD` | Keycloak Postgres password | `postgresql.password` | +| `KEYCLOAK_PG_DATABASE` | Keycloak Postgres database | `postgresql.database` | +| `KEYCLOAK_PG_HOST` | Keycloak Postgres host | `postgresql.host` | +| `KEYCLOAK_DEVMODE` | Enables Keycloak dev mode | `devMode` | + ### Minio diff --git a/bundles/k3d-standard/README.md b/bundles/k3d-standard/README.md index 265a3c1ae..866378a5b 100644 --- a/bundles/k3d-standard/README.md +++ b/bundles/k3d-standard/README.md @@ -44,8 +44,21 @@ This bundle is used for demonstration, development, and testing of UDS Core. In | `TENANT_TLS_KEY` | The TLS key for the tenant gateway (must be base64 encoded) | tls.key | ##### istio-tenant-gateway (gateway) +| Variable | Description | Path | +|----------|-------------|------| | `TENANT_SERVICE_PORTS` | The ports that are exposed from the tenant gateway LoadBalancer (useful for non-HTTP(S) traffic) | service.ports | +##### keycloak (keycloak) +| Variable | Description | Path | +|----------|-------------|------| +| `INSECURE_ADMIN_PASSWORD_GENERATION` | Generate an insecure admin password for dev/test | `insecureAdminPasswordGeneration.enabled` | +| `KEYCLOAK_HA` | Enable Keycloak HA | `autoscaling.enabled` | +| `KEYCLOAK_PG_USERNAME` | Keycloak Postgres username | `postgresql.username` | +| `KEYCLOAK_PG_PASSWORD` | Keycloak Postgres password | `postgresql.password` | +| `KEYCLOAK_PG_DATABASE` | Keycloak Postgres database | `postgresql.database` | +| `KEYCLOAK_PG_HOST` | Keycloak Postgres host | `postgresql.host` | +| `KEYCLOAK_DEVMODE` | Enables Keycloak dev mode | `devMode` | + ## Override Examples: From 129a93f80b5330097b03cbcb7713cb53fff219a6 Mon Sep 17 00:00:00 2001 From: Wayne Starr Date: Mon, 16 Sep 2024 15:58:29 -0600 Subject: [PATCH 4/5] normalize docs --- bundles/k3d-slim-dev/README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/bundles/k3d-slim-dev/README.md b/bundles/k3d-slim-dev/README.md index 574540218..e56b0a279 100644 --- a/bundles/k3d-slim-dev/README.md +++ b/bundles/k3d-slim-dev/README.md @@ -56,7 +56,9 @@ The k3d uds-dev-stack provides: | `KEYCLOAK_DEVMODE` | Enables Keycloak dev mode | `devMode` | -### Minio +## Override Examples: + +### Minio Customization You can customize the Minio setup at deploy time via your ```uds-config.yaml```. From 7704de614d211fc3c75093f0e1e06da03d84937b Mon Sep 17 00:00:00 2001 From: Wayne Starr Date: Tue, 17 Sep 2024 10:15:43 -0600 Subject: [PATCH 5/5] remove default --- bundles/k3d-slim-dev/uds-bundle.yaml | 13 ------------- bundles/k3d-standard/uds-bundle.yaml | 13 ------------- 2 files changed, 26 deletions(-) diff --git a/bundles/k3d-slim-dev/uds-bundle.yaml b/bundles/k3d-slim-dev/uds-bundle.yaml index 921f373c2..10ac3f9f5 100644 --- a/bundles/k3d-slim-dev/uds-bundle.yaml +++ b/bundles/k3d-slim-dev/uds-bundle.yaml @@ -60,19 +60,6 @@ packages: - name: TENANT_SERVICE_PORTS description: "The ports that are exposed from the tenant gateway LoadBalancer (useful for non-HTTP(S) traffic)" path: "service.ports" - default: - - name: status-port - port: 15021 - protocol: TCP - targetPort: 15021 - - name: http2 - port: 80 - protocol: TCP - targetPort: 80 - - name: https - port: 443 - protocol: TCP - targetPort: 443 keycloak: keycloak: variables: diff --git a/bundles/k3d-standard/uds-bundle.yaml b/bundles/k3d-standard/uds-bundle.yaml index 721a7fb41..bc6445118 100644 --- a/bundles/k3d-standard/uds-bundle.yaml +++ b/bundles/k3d-standard/uds-bundle.yaml @@ -99,19 +99,6 @@ packages: - name: TENANT_SERVICE_PORTS description: "The ports that are exposed from the tenant gateway LoadBalancer (useful for non-HTTP(S) traffic)" path: "service.ports" - default: - - name: status-port - port: 15021 - protocol: TCP - targetPort: 15021 - - name: http2 - port: 80 - protocol: TCP - targetPort: 80 - - name: https - port: 443 - protocol: TCP - targetPort: 443 keycloak: keycloak: variables: