feat(demo): Update automated demo to work on OpenShift

Signed-off-by: Kalya Subramanian <kasubra@microsoft.com>
openservicemesh · Mar 12, 2021 · 1032cf8 · 1032cf8
1 parent 4facc0d
commit 1032cf8
Show file tree

Hide file tree

Showing 29 changed files with 103 additions and 65 deletions.
diff --git a/.env.example b/.env.example
@@ -163,6 +163,10 @@ export BOOKWAREHOUSE_NAMESPACE=bookwarehouse
 ### optional: Name of the Vault role dedicated to OSM
 #export VAULT_ROLE=openservicemesh
 
+### optional: Whether to configure the demo to run on an OpenShift cluster
+# Default: false
+#export DEPLOY_ON_OPENSHIFT=false
+
 # See ./demo/deploy-vault.sh script on an example of how to deploy Hashicorp Vault
 # to your Kubernetes cluster.
 #--------------------------------------------------------------------------------
diff --git a/DESIGN.md b/DESIGN.md
@@ -137,8 +137,8 @@ metadata:
     app: bookstore
 spec:
   ports:
-  - port: 80
-    targetPort: 80
+  - port: 14001
+    targetPort: 14001
     name: web-port
   selector:
     app: bookstore

diff --git a/demo/README.md b/demo/README.md
@@ -14,10 +14,10 @@
 
 ## Prerequisites
 1. Clone this repo on your workstation
-2. Setup `.env` environment variable file
+1. Setup `.env` environment variable file
    - From the root of the repository run `make .env`
    - It is already listed in `.gitignore` so that anything you put in it would not accidentally leak into a public git repo. Refer to `.env.example` in the root of this repo for the mandatory and optional environment variables.
-2. Provision access to a Kubernetes cluster. Any certified conformant Kubernetes cluster (version 1.15 or higher) can be used. Here are a couple of options:
+1. Provision access to a Kubernetes cluster. Any certified conformant Kubernetes cluster (version 1.15 or higher) can be used. Here are a couple of options:
 	- **Option 1:** Local [kind](https://kind.sigs.k8s.io/) cluster
 	    - [Install kind](https://kind.sigs.k8s.io/docs/user/quick-start/#installation)
 	       - `brew install kind` on macOS
@@ -26,6 +26,13 @@
 
     We will use images from [Docker Hub](https://hub.docker.com/r/openservicemesh/osm-controller). Ensure you can pull these containers using: `docker pull openservicemesh/osm-controller`
 
+### OpenShift
+
+If you are running the demo on an OpenShift cluster, there are additional prerequisites. 
+
+1. Set `DEPLOY_ON_OPENSHIFT=true` in your `.env` file.
+1. Install the [oc CLI](https://docs.openshift.com/container-platform/4.7/cli_reference/openshift_cli/getting-started-cli.html).
+
 ## Run the Demo
 From the root of this repository execute:
 ```shell

diff --git a/demo/cmd/bookbuyer/bookbuyer.go b/demo/cmd/bookbuyer/bookbuyer.go
@@ -28,7 +28,7 @@ var (
 	booksBoughtV1     int64
 	booksBoughtV2     int64
 	log               = logger.NewPretty(participantName)
-	port              = flag.Int("port", 80, "port on which this app is listening for incoming HTTP")
+	port              = flag.Int("port", 14001, "port on which this app is listening for incoming HTTP")
 	path              = flag.String("path", ".", "path to the HTML template")
 	numConnectionsStr = utils.GetEnv("CI_CLIENT_CONCURRENT_CONNECTIONS", "1")
 )

diff --git a/demo/cmd/bookstore/bookstore.go b/demo/cmd/bookstore/bookstore.go
@@ -23,7 +23,7 @@ var (
 	booksSold int64 = 0
 	log             = logger.NewPretty("bookstore")
 	identity        = flag.String("ident", "unidentified", "the identity of the container where this demo app is running (VM, K8s, etc)")
-	port            = flag.Int("port", 80, "port on which this app is listening for incoming HTTP")
+	port            = flag.Int("port", 14001, "port on which this app is listening for incoming HTTP")
 	path            = flag.String("path", ".", "path to the HTML template")
 )
 

diff --git a/demo/cmd/bookthief/bookthief.go b/demo/cmd/bookthief/bookthief.go
@@ -25,7 +25,7 @@ var (
 	booksStolenV1 int64
 	booksStolenV2 int64
 	log           = logger.NewPretty(participantName)
-	port          = flag.Int("port", 80, "port on which this app is listening for incoming HTTP")
+	port          = flag.Int("port", 14001, "port on which this app is listening for incoming HTTP")
 	path          = flag.String("path", ".", "path to the HTML template")
 )
 

diff --git a/demo/cmd/bookwarehouse/bookwarehouse.go b/demo/cmd/bookwarehouse/bookwarehouse.go
@@ -16,7 +16,7 @@ import (
 var (
 	log        = logger.NewPretty("bookwarehouse")
 	identity   = flag.String("ident", "unidentified", "the identity of the container where this demo app is running (VM, K8s, etc)")
-	port       = flag.Int("port", 80, "port on which this app is listening for incoming HTTP")
+	port       = flag.Int("port", 14001, "port on which this app is listening for incoming HTTP")
 	totalBooks = 0
 )
 

diff --git a/demo/cmd/common/books.go b/demo/cmd/common/books.go
@@ -19,7 +19,10 @@ const (
 	RestockWarehouseURL = "restock-books"
 
 	// bookstorePort is the bookstore service's port
-	bookstorePort = 80
+	bookstorePort = 14001
+
+	// bookwarehousePort is the bookwarehouse service's port
+	bookwarehousePort = 14001
 
 	httpPrefix = "http://"
 
@@ -38,8 +41,8 @@ var (
 	warehouseServiceName                   = "bookwarehouse"
 	bookwarehouseNamespace                 = os.Getenv(BookwarehouseNamespaceEnvVar)
 
-	bookstoreService = fmt.Sprintf("%s.%s:%d", bookstoreServiceName, bookstoreNamespace, bookstorePort) // FQDN
-	warehouseService = fmt.Sprintf("%s.%s", warehouseServiceName, bookwarehouseNamespace)               // FQDN
+	bookstoreService = fmt.Sprintf("%s.%s:%d", bookstoreServiceName, bookstoreNamespace, bookstorePort)         // FQDN
+	warehouseService = fmt.Sprintf("%s.%s:%d", warehouseServiceName, bookwarehouseNamespace, bookwarehousePort) // FQDN
 	booksBought      = fmt.Sprintf("http://%s/books-bought", bookstoreService)
 	buyBook          = fmt.Sprintf("http://%s/buy-a-book/new", bookstoreService)
 	chargeAccountURL = fmt.Sprintf("http://%s/%s", warehouseService, RestockWarehouseURL)

diff --git a/demo/deploy-bookbuyer.sh b/demo/deploy-bookbuyer.sh
@@ -9,6 +9,7 @@ CI_MAX_ITERATIONS_THRESHOLD="${CI_MAX_ITERATIONS_THRESHOLD:-0}"
 CI_CLIENT_CONCURRENT_CONNECTIONS="${CI_CLIENT_CONCURRENT_CONNECTIONS:-1}"
 ENABLE_EGRESS="${ENABLE_EGRESS:-false}"
 CI_SLEEP_BETWEEN_REQUESTS_SECONDS="${CI_SLEEP_BETWEEN_REQUESTS_SECONDS:-1}"
+DEPLOY_ON_OPENSHIFT="${DEPLOY_ON_OPENSHIFT:-false}"
 
 kubectl delete deployment bookbuyer -n "$BOOKBUYER_NAMESPACE"  --ignore-not-found
 
@@ -21,6 +22,11 @@ metadata:
   namespace: $BOOKBUYER_NAMESPACE
 EOF
 
+if [ "$DEPLOY_ON_OPENSHIFT" = true ] ; then
+    oc adm policy add-scc-to-user privileged -z bookbuyer -n "$BOOKBUYER_NAMESPACE"
+    oc secrets link bookbuyer "$CTR_REGISTRY_CREDS_NAME" --for=pull -n "$BOOKBUYER_NAMESPACE"
+fi
+
 echo -e "Deploy BookBuyer Deployment"
 kubectl apply -f - <<EOF
 apiVersion: apps/v1

diff --git a/demo/deploy-bookstore-with-same-sa.sh b/demo/deploy-bookstore-with-same-sa.sh
@@ -21,7 +21,7 @@ metadata:
     app: bookstore
 spec:
   ports:
-  - port: 80
+  - port: 14001
     name: bookstore-port
   selector:
     app: bookstore
@@ -47,7 +47,7 @@ metadata:
     app: $SVC
 spec:
   ports:
-  - port: 80
+  - port: 14001
     name: bookstore-port
 
   selector:
@@ -79,10 +79,10 @@ spec:
           imagePullPolicy: Always
           name: $SVC
           ports:
-            - containerPort: 80
+            - containerPort: 14001
               name: web
           command: ["/bookstore"]
-          args: ["--path", "./", "--port", "80"]
+          args: ["--path", "./", "--port", "14001"]
           env:
             - name: IDENTITY
               value: ${SVC}
@@ -94,7 +94,7 @@ spec:
           livenessProbe:
             httpGet:
               path: /liveness
-              port: 80
+              port: 14001
             initialDelaySeconds: 3
             periodSeconds: 3
 
@@ -104,15 +104,15 @@ spec:
             failureThreshold: 10
             httpGet:
               path: /readiness
-              port: 80
+              port: 14001
               scheme: HTTP
 
           # OSM's mutating webhook will rewrite this startup probe to /osm-startup-probe and
           # Envoy will have a dedicated listener on port 15903 for this startup probe
           startupProbe:
             httpGet:
               path: /startup
-              port: 80
+              port: 14001
             failureThreshold: 30
             periodSeconds: 5
 

diff --git a/demo/deploy-bookstore.sh b/demo/deploy-bookstore.sh
@@ -6,6 +6,7 @@ set -aueo pipefail
 source .env
 VERSION=${1:-v1}
 SVC="bookstore-$VERSION"
+DEPLOY_ON_OPENSHIFT="${DEPLOY_ON_OPENSHIFT:-false}"
 
 kubectl delete deployment "$SVC" -n "$BOOKSTORE_NAMESPACE"  --ignore-not-found
 
@@ -21,7 +22,7 @@ metadata:
     app: bookstore
 spec:
   ports:
-  - port: 80
+  - port: 14001
     name: bookstore-port
   selector:
     app: bookstore
@@ -36,6 +37,11 @@ metadata:
   namespace: $BOOKSTORE_NAMESPACE
 EOF
 
+if [ "$DEPLOY_ON_OPENSHIFT" = true ] ; then
+    oc adm policy add-scc-to-user privileged -z "$SVC" -n "$BOOKSTORE_NAMESPACE"
+    oc secrets link "$SVC" "$CTR_REGISTRY_CREDS_NAME" --for=pull -n "$BOOKSTORE_NAMESPACE"
+fi
+
 echo -e "Deploy $SVC Service"
 kubectl apply -f - <<EOF
 apiVersion: v1
@@ -47,7 +53,7 @@ metadata:
     app: $SVC
 spec:
   ports:
-  - port: 80
+  - port: 14001
     name: bookstore-port
 
   selector:
@@ -79,10 +85,10 @@ spec:
           imagePullPolicy: Always
           name: $SVC
           ports:
-            - containerPort: 80
+            - containerPort: 14001
               name: web
           command: ["/bookstore"]
-          args: ["--path", "./", "--port", "80"]
+          args: ["--path", "./", "--port", "14001"]
           env:
             - name: IDENTITY
               value: ${SVC}
@@ -94,7 +100,7 @@ spec:
           livenessProbe:
             httpGet:
               path: /liveness
-              port: 80
+              port: 14001
             initialDelaySeconds: 3
             periodSeconds: 3
 
@@ -104,15 +110,15 @@ spec:
             failureThreshold: 10
             httpGet:
               path: /readiness
-              port: 80
+              port: 14001
               scheme: HTTP
 
           # OSM's mutating webhook will rewrite this startup probe to /osm-startup-probe and
           # Envoy will have a dedicated listener on port 15903 for this startup probe
           startupProbe:
             httpGet:
               path: /startup
-              port: 80
+              port: 14001
             failureThreshold: 30
             periodSeconds: 5
 

diff --git a/demo/deploy-bookthief.sh b/demo/deploy-bookthief.sh
@@ -11,6 +11,7 @@ CI_MAX_ITERATIONS_THRESHOLD="${CI_MAX_ITERATIONS_THRESHOLD:-0}"
 CI_CLIENT_CONCURRENT_CONNECTIONS="${CI_CLIENT_CONCURRENT_CONNECTIONS:-1}"
 ENABLE_EGRESS="${ENABLE_EGRESS:-false}"
 CI_SLEEP_BETWEEN_REQUESTS_SECONDS="${CI_SLEEP_BETWEEN_REQUESTS_SECONDS:-1}"
+DEPLOY_ON_OPENSHIFT="${DEPLOY_ON_OPENSHIFT:-false}"
 
 kubectl delete deployment bookthief -n "$BOOKTHIEF_NAMESPACE"  --ignore-not-found
 
@@ -21,9 +22,14 @@ kind: ServiceAccount
 metadata:
   name: bookthief
   namespace: $BOOKTHIEF_NAMESPACE
+EOF
 
----
+if [ "$DEPLOY_ON_OPENSHIFT" = true ] ; then
+    oc adm policy add-scc-to-user privileged -z bookthief -n "$BOOKTHIEF_NAMESPACE"
+    oc secrets link bookthief "$CTR_REGISTRY_CREDS_NAME" --for=pull -n "$BOOKTHIEF_NAMESPACE"
+fi
 
+kubectl apply -f - <<EOF
 apiVersion: v1
 kind: Service
 metadata:

diff --git a/demo/deploy-bookwarehouse.sh b/demo/deploy-bookwarehouse.sh
@@ -4,6 +4,7 @@ set -aueo pipefail
 
 # shellcheck disable=SC1091
 source .env
+DEPLOY_ON_OPENSHIFT="${DEPLOY_ON_OPENSHIFT:-false}"
 
 kubectl delete deployment bookwarehouse -n "$BOOKWAREHOUSE_NAMESPACE"  --ignore-not-found
 
@@ -16,6 +17,11 @@ metadata:
   namespace: $BOOKWAREHOUSE_NAMESPACE
 EOF
 
+if [ "$DEPLOY_ON_OPENSHIFT" = true ] ; then
+    oc adm policy add-scc-to-user privileged -z bookwarehouse -n "$BOOKWAREHOUSE_NAMESPACE"
+    oc secrets link bookwarehouse "$CTR_REGISTRY_CREDS_NAME" --for=pull -n "$BOOKWAREHOUSE_NAMESPACE"
+fi
+
 echo -e "Deploy Bookwarehouse Service"
 kubectl apply -f - <<EOF
 apiVersion: v1
@@ -27,7 +33,7 @@ metadata:
     app: bookwarehouse
 spec:
   ports:
-  - port: 80
+  - port: 14001
     name: bookwarehouse-port
 
   selector:

diff --git a/demo/ingress/deploy-ingress-agic.sh b/demo/ingress/deploy-ingress-agic.sh
@@ -34,20 +34,20 @@ spec:
       - path: /
         backend:
           serviceName: bookstore-v1
-          servicePort: 80
+          servicePort: 14001
 
   - host: "v2.${INGRESS_HOSTNAME}"
     http:
       paths:
       - path: /
         backend:
           serviceName: bookstore-v2
-          servicePort: 80
+          servicePort: 14001
 
   - http:
       paths:
       - path: /
         backend:
           serviceName: bookstore-v1
-          servicePort: 80
+          servicePort: 14001
 EOF
diff --git a/demo/ingress/deploy-ingress-nginx-with-host.sh b/demo/ingress/deploy-ingress-nginx-with-host.sh
@@ -29,5 +29,5 @@ spec:
       - path: /books-bought
         backend:
           serviceName: bookstore-v1
-          servicePort: 80
+          servicePort: 14001
 EOF
diff --git a/demo/ingress/deploy-ingress-nginx.sh b/demo/ingress/deploy-ingress-nginx.sh
@@ -29,5 +29,5 @@ spec:
       - path: /books-bought
         backend:
           serviceName: bookstore-v1
-          servicePort: 80
+          servicePort: 14001
 EOF
diff --git a/demo/join-namespaces.sh b/demo/join-namespaces.sh
@@ -38,9 +38,9 @@ metadata:
 spec:
   ports:
   - name: bookstore-port
-    port: 80
+    port: 14001
     protocol: TCP
-    targetPort: 80
+    targetPort: 14001
   selector:
     app: bookstore
 EOF

diff --git a/demo/unjoin-namespaces.sh b/demo/unjoin-namespaces.sh
@@ -41,7 +41,7 @@ metadata:
 
 spec:
   ports:
-  - port: 80
+  - port: 14001
     name: bookstore-port
 
   selector:

diff --git a/docs/content/docs/design_concepts/components_desc.md b/docs/content/docs/design_concepts/components_desc.md
@@ -72,8 +72,8 @@ metadata:
     app: bookstore
 spec:
   ports:
-    - port: 80
-      targetPort: 80
+    - port: 14001
+      targetPort: 14001
       name: web-port
   selector:
     app: bookstore