30 add dev tools to quickstart (#35)

* Test of only qs and default test (#32) (#33)

* Test of only qs and default test

Signed-off-by: rich_ehrhardt <[email protected]>

* Added test for qs and portworx

Signed-off-by: rich_ehrhardt <[email protected]>

* Changed strategy to max-parallel of 1

Signed-off-by: rich_ehrhardt <[email protected]>

* Added openshift gitops

Signed-off-by: rich_ehrhardt <[email protected]>

* Added dev tools BOM

Signed-off-by: rich_ehrhardt <[email protected]>

* Github workflow change for gitops BOMs

Signed-off-by: rich_ehrhardt <[email protected]>

* Added dependency for default storage

Signed-off-by: rich_ehrhardt <[email protected]>

* Added parallelism limit to dev-tools

Signed-off-by: rich_ehrhardt <[email protected]>

.github/workflows/verify-pr.yaml

@@ -20,5 +20,5 @@ jobs:
       ACME_EMAIL_SECRET: ${{ secrets.ACME_EMAIL_SECRET }}
       TESTING: ${{ secrets.TESTING }}
       PX_SPEC: ${{ secrets.PX_SPEC }}
-      # GITOPS_USERNAME: ${{ secrets.GITOPS_USERNAME }}
-      # GITOPS_TOKEN: ${{ secrets.GITOPS_TOKEN }}
+      GITOPS_USERNAME: ${{ secrets.GITOPS_USERNAME }}
+      GITOPS_TOKEN: ${{ secrets.GITOPS_TOKEN }}

.github/workflows/verify-schedule.yaml

@@ -20,8 +20,8 @@ jobs:
       ACME_EMAIL_SECRET: ${{ secrets.ACME_EMAIL_SECRET }}
       TESTING: ${{ secrets.TESTING }}
       PX_SPEC: ${{ secrets.PX_SPEC }}
-      # GITOPS_USERNAME: ${{ secrets.GITOPS_USERNAME }}
-      # GITOPS_TOKEN: ${{ secrets.GITOPS_TOKEN }}
+      GITOPS_USERNAME: ${{ secrets.GITOPS_USERNAME }}
+      GITOPS_TOKEN: ${{ secrets.GITOPS_TOKEN }}
 
 
   notify:

.github/workflows/verify-workflow.yaml

@@ -24,10 +24,10 @@ on:
         required: true
       PX_SPEC:
         required: true
-      #GITOPS_USERNAME:
-      #  required: true
-      #GITOPS_TOKEN:
-      #  required: true
+      GITOPS_USERNAME:
+        required: true
+      GITOPS_TOKEN:
+        required: true
 
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
@@ -61,8 +61,8 @@ jobs:
       TF_VAR_acme_registration_email: ${{ secrets.ACME_EMAIL_SECRET }}
       TF_VAR_testing: ${{ secrets.TESTING }}
       TF_VAR_portworx_spec: ${{ secrets.PX_SPEC }}
-      # TF_VAR_gitops_repo_username: ${{ secrets.GITOPS_USERNAME }}
-      # TF_VAR_gitops_repo_token: ${{ secrets.GITOPS_TOKEN }}
+      TF_VAR_gitops_repo_username: ${{ secrets.GITOPS_USERNAME }}
+      TF_VAR_gitops_repo_token: ${{ secrets.GITOPS_TOKEN }}
 
     outputs:
       status: ${{ job.status }}

.github/workflows/verify.yaml

@@ -19,8 +19,8 @@ jobs:
       ACME_EMAIL_SECRET: ${{ secrets.ACME_EMAIL_SECRET }}
       TESTING: ${{ secrets.TESTING }}
       PX_SPEC: ${{ secrets.PX_SPEC }}
-      # GITOPS_USERNAME: ${{ secrets.GITOPS_USERNAME }}
-      # GITOPS_TOKEN: ${{ secrets.GITOPS_TOKEN }}
+      GITOPS_USERNAME: ${{ secrets.GITOPS_USERNAME }}
+      GITOPS_TOKEN: ${{ secrets.GITOPS_TOKEN }}
 
   release:
     needs: [verify]

1-quickstart/200-openshift-gitops/apply.sh

@@ -0,0 +1,74 @@
+#!/usr/bin/env bash
+
+SCRIPT_DIR=$(cd $(dirname $0); pwd -P)
+
+VARIABLES_FILE="${1}"
+if [[ -z "${VARIABLES_FILE}" ]]; then
+  VARIABLES_FILE="${SCRIPT_DIR}/variables.yaml"
+fi
+
+YQ=$(command -v yq4 || command -v yq)
+if [[ -z "${YQ}" ]] || [[ $(${YQ} --version | sed -E "s/.*version ([34]).*/\1/g") == "3" ]]; then
+  echo "yq v4 is required"
+  exit 1
+fi
+
+if [[ -f "${SCRIPT_DIR}/terraform/terraform.tfvars" ]]; then
+  cp "${SCRIPT_DIR}/terraform/terraform.tfvars" "${SCRIPT_DIR}/terraform/terraform.tfvars.backup"
+  rm "${SCRIPT_DIR}/terraform/terraform.tfvars"
+fi
+
+if [[ ! -f "${VARIABLES_FILE}" ]]; then
+  echo "Variables can be provided in a yaml file passed as the first argument"
+  echo ""
+fi
+
+TMP_VARIABLES_FILE="${VARIABLES_FILE}.tmp"
+
+echo "variables: []" > ${TMP_VARIABLES_FILE}
+
+cat "${SCRIPT_DIR}/bom.yaml" | ${YQ} e '.spec.variables[] | .name' - | while read name; do
+  default_value=$(cat "${SCRIPT_DIR}/bom.yaml" | NAME="${name}" ${YQ} e '.spec.variables[] | select(.name == env(NAME)) | .defaultValue // ""' -)
+  sensitive=$(cat "${SCRIPT_DIR}/bom.yaml" | NAME="${name}" ${YQ} e '.spec.variables[] | select(.name == env(NAME)) | .sensitive // false' -)
+  description=$(cat "${SCRIPT_DIR}/bom.yaml" | NAME="${name}" ${YQ} e '.spec.variables[] | select(.name == env(NAME)) | .description // ""' -)
+
+  variable_name="TF_VAR_${name}"
+
+  environment_variable=$(env | grep "${variable_name}" | sed -E 's/.*="(.*)".*/\1/g')
+  value="${environment_variable}"
+  if [[ -f "${VARIABLES_FILE}" ]]; then
+    value=$(cat "${VARIABLES_FILE}" | NAME="${name}" ${YQ} e '.variables[] | select(.name == env(NAME)) | .value // ""' -)
+    if [[ -z "${value}" ]]; then
+      value="${environment_variable}"
+    fi
+  fi
+
+  while [[ -z "${value}" ]]; do
+    echo "Provide a value for '${name}':"
+    if [[ -n "${description}" ]]; then
+      echo "  ${description}"
+    fi
+    sensitive_flag=""
+    if [[ "${sensitive}" == "true" ]]; then
+      sensitive_flag="-s"
+    fi
+    default_prompt=""
+    if [[ -n "${default_value}" ]]; then
+      default_prompt="(${default_value}) "
+    fi
+    read -u 1 ${sensitive_flag} -p "> ${default_prompt}" value
+    value=${value:-$default_value}
+  done
+
+  echo "${name} = \"${value}\"" >> "${SCRIPT_DIR}/terraform/terraform.tfvars"
+  if [[ "${sensitive}" != "true" ]]; then
+    NAME="${name}" VALUE="${value}" ${YQ} e -i -P '.variables += [{"name": env(NAME), "value": env(VALUE)}]' "${TMP_VARIABLES_FILE}"
+  fi
+done
+
+cp "${TMP_VARIABLES_FILE}" "${VARIABLES_FILE}"
+rm "${TMP_VARIABLES_FILE}"
+
+cd ${SCRIPT_DIR}/terraform
+terraform init
+terraform apply

1-quickstart/200-openshift-gitops/bom.yaml

@@ -0,0 +1,86 @@
+apiVersion: cloud.ibm.com/v1alpha1
+kind: BillOfMaterial
+metadata:
+  name: 200-openshift-gitops
+  labels:
+    type: software
+    code: '200'
+  annotations:
+    displayName: OpenShift GitOps Bootstrap
+    description: >-
+      Provisions OpenShift GitOps (ArgoCD) into an existing cluster and
+      bootstraps it to a gitops repository
+spec:
+  modules:
+    - name: gitops-repo
+      alias: gitops_repo
+      version: v1.19.4
+    - name: argocd-bootstrap
+      alias: argocd-bootstrap
+      version: v1.12.0
+      variables:
+        - name: create_webhook
+          value: true
+        - name: prefix
+          value: maximo
+    - name: gitops-cluster-config
+      alias: gitops-cluster-config
+      version: v1.0.0
+    - name: gitops-console-link-job
+      alias: gitops-console-link-job
+      version: v1.4.6
+    - name: gitops-namespace
+      alias: toolkit_namespace
+      version: v1.11.2
+      default: true
+      variables:
+        - name: name
+          value: toolkit
+    - name: ocp-login
+      alias: cluster
+      version: v1.3.1
+    - name: olm
+      alias: olm
+      version: v1.3.2
+    - name: sealed-secret-cert
+      alias: sealed-secret-cert
+      version: v1.0.1
+  variables:
+    - name: gitops_repo_host
+      type: string
+      description: The host for the git repository.
+      defaultValue: ''
+    - name: gitops_repo_org
+      type: string
+      description: The org/group where the git repository exists/will be provisioned.
+      defaultValue: ''
+    - name: gitops_repo_project
+      type: string
+      description: >-
+        The project that will be used for the git repo. (Primarily used for
+        Azure DevOps repos)
+      defaultValue: ''
+    - name: gitops_repo_username
+      type: string
+      description: The username of the user with access to the repository
+      defaultValue: ''
+    - name: gitops_repo_token
+      type: string
+      description: The personal access token used to access the repository
+      defaultValue: ''
+      sensitive: true
+    - name: gitops_repo_repo
+      type: string
+      description: >-
+        The short name of the repository (i.e. the part after the org/group
+        name)
+    - name: gitops-cluster-config_banner_text
+      type: string
+      description: The text that will appear in the top banner in the cluster
+    - name: server_url
+      type: string
+      description: The url for the OpenShift api
+    - name: cluster_login_token
+      type: string
+      description: Token used for authentication
+      sensitive: true

1-quickstart/200-openshift-gitops/dependencies.dot

@@ -0,0 +1,22 @@
+digraph {
+    rankdir="BT"
+    "gitops_repo (gitops-repo)" -> "sealed-secret-cert (sealed-secret-cert)"
+"gitops_repo (gitops-repo)"
+"sealed-secret-cert (sealed-secret-cert)"
+"argocd-bootstrap (argocd-bootstrap)" -> "cluster (ocp-login)"
+"argocd-bootstrap (argocd-bootstrap)" -> "olm (olm)"
+"argocd-bootstrap (argocd-bootstrap)" -> "gitops_repo (gitops-repo)"
+"argocd-bootstrap (argocd-bootstrap)" -> "sealed-secret-cert (sealed-secret-cert)"
+"argocd-bootstrap (argocd-bootstrap)"
+"cluster (ocp-login)"
+"olm (olm)" -> "cluster (ocp-login)"
+"olm (olm)"
+"gitops-cluster-config (gitops-cluster-config)" -> "gitops_repo (gitops-repo)"
+"gitops-cluster-config (gitops-cluster-config)" -> "toolkit_namespace (gitops-namespace)"
+"gitops-cluster-config (gitops-cluster-config)"
+"toolkit_namespace (gitops-namespace)" -> "gitops_repo (gitops-repo)"
+"toolkit_namespace (gitops-namespace)"
+"gitops-console-link-job (gitops-console-link-job)" -> "gitops_repo (gitops-repo)"
+"gitops-console-link-job (gitops-console-link-job)" -> "toolkit_namespace (gitops-namespace)"
+"gitops-console-link-job (gitops-console-link-job)"
+  }

1-quickstart/200-openshift-gitops/destroy.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+SCRIPT_DIR=$(cd $(dirname $0); pwd -P)
+
+cd "${SCRIPT_DIR}/terraform"
+terraform init
+terraform destroy -auto-approve

1-quickstart/200-openshift-gitops/terraform/200-openshift-gitops.auto.tfvars

@@ -0,0 +1,27 @@
+## gitops_repo_host: The host for the git repository.
+#gitops_repo_host=""
+
+## gitops_repo_org: The org/group where the git repository exists/will be provisioned.
+#gitops_repo_org=""
+
+## gitops_repo_project: The project that will be used for the git repo. (Primarily used for Azure DevOps repos)
+#gitops_repo_project=""
+
+## gitops_repo_username: The username of the user with access to the repository
+#gitops_repo_username=""
+
+## gitops_repo_token: The personal access token used to access the repository
+#gitops_repo_token=""
+
+## gitops_repo_repo: The short name of the repository (i.e. the part after the org/group name)
+#gitops_repo_repo=""
+
+## gitops-cluster-config_banner_text: The text that will appear in the top banner in the cluster
+#gitops-cluster-config_banner_text=""
+
+## server_url: The url for the OpenShift api
+#server_url=""
+
+## cluster_login_token: Token used for authentication
+#cluster_login_token=""
+

1-quickstart/200-openshift-gitops/terraform/docs/argocd-bootstrap.md

@@ -0,0 +1,52 @@
+# ArgoCD Bootstrap module
+
+Module that provisions the OpenShift CI/CD tools (ArgoCD, Tekton, and Kube Seal) in the target cluster and bootstraps the ArgoCD environment with a GitOps repository. This module assumes that a direct connection to the cluster is availble in order to deploy the services and configure the ArgoCD instance.
+
+## Software dependencies
+
+The module depends on the following software components:
+
+### Command-line tools
+
+- terraform - v14
+
+### Terraform providers
+
+None
+
+## Module dependencies
+
+This module makes use of the output from other modules:
+
+- Cluster
+    - github.com/cloud-native-toolkit/terraform-ibm-container-platform
+    - github.com/cloud-native-toolkit/terraform-ibm-ocp-vpc
+    - github.com/cloud-native-toolkit/terraform-k8s-ocp-cluster
+    - github.com/cloud-native-toolkit/terraform-ocp-login
+- OLM 
+    - github.com/cloud-native-toolkit/terraform-k8s-olm
+- GitOps 
+    - github.com/cloud-native-toolkit/terraform-tools-gitops
+- Sealed Secret Cert 
+    - github.com/cloud-native-toolkit/terraform-util-sealed-secret-cert
+
+## Example usage
+
+```hcl-terraform
+module "argocd-bootsrap" {
+  source = "github.com/cloud-native-toolkit/terraform-tools-argocd-bootstrap.git"
+
+  cluster_type        = module.dev_cluster.platform.type_code
+  ingress_subdomain   = module.dev_cluster.platform.ingress
+  cluster_config_file = module.dev_cluster.config_file_path
+  olm_namespace       = module.dev_software_olm.olm_namespace
+  operator_namespace  = module.dev_software_olm.target_namespace
+  gitops_repo_url     = module.gitops.config_repo_url
+  git_username        = module.gitops.config_username
+  git_token           = module.gitops.config_token
+  bootstrap_path      = module.gitops.bootstrap_path
+  sealed_secret_cert  = module.cert.cert
+  sealed_secret_private_key = module.cert.private_key
+}
+```
+

1-quickstart/200-openshift-gitops/terraform/docs/gitops-cluster-config.md

@@ -0,0 +1,39 @@
+# Cluster config gitops module
+
+Module to populate a gitops repository with base configuration of the Red Hat OpenShift cluster (notification banner, help menus, etc).
+
+## Software dependencies
+
+The module depends on the following software components:
+
+### Command-line tools
+
+- terraform - v14
+- kubectl
+
+### Terraform providers
+
+None
+
+## Module dependencies
+
+This module makes use of the output from other modules:
+
+- Gitops - github.com/cloud-native-toolkit/terraform-tools-gitops.git
+- Namespace - github.com/cloud-native-toolkit/terraform-gitops-namespace.git
+
+## Example usage
+
+```hcl-terraform
+module "cluster-config" {
+  source = "github.com/cloud-native-toolkit/terraform-gitops-cluster-config.git"
+
+  gitops_config = module.gitops.gitops_config
+  git_credentials = module.gitops.git_credentials
+  server_name = module.gitops.server_name
+  namespace = module.gitops_namespace.name
+  kubeseal_cert = module.argocd-bootstrap.sealed_secrets_cert
+  banner_text = var.banner_text
+}
+```
+