From 1f69c3a2d21cc90d5dc60c67564da3bb37a28480 Mon Sep 17 00:00:00 2001
From: Andrew Azores <aazores@redhat.com>
Date: Fri, 20 Dec 2024 15:34:39 -0500
Subject: [PATCH] sample app config makefile recipe

---
 Makefile                                      |  31 ++---
 config/samples/sample-app-agent-injected.yaml | 122 ++++++++++++++++++
 config/samples/sample-app-agent.yaml          |   5 +-
 3 files changed, 139 insertions(+), 19 deletions(-)
 create mode 100644 config/samples/sample-app-agent-injected.yaml

diff --git a/Makefile b/Makefile
index 8fe563537..03eb6bb9a 100644
--- a/Makefile
+++ b/Makefile
@@ -400,25 +400,13 @@ ifneq ($(origin SAMPLE_APP_NAMESPACE), undefined)
 SAMPLE_APP_FLAGS += -n $(SAMPLE_APP_NAMESPACE)
 endif
 
-.PHONY: sample_app
-sample_app: undeploy_sample_app ## Deploy sample app.
-	$(CLUSTER_CLIENT) apply $(SAMPLE_APP_FLAGS) -f config/samples/sample-app.yaml
-
 .PHONY: undeploy_sample_app
 undeploy_sample_app: ## Undeploy sample app.
 	- $(CLUSTER_CLIENT) delete $(SAMPLE_APP_FLAGS) --ignore-not-found=$(ignore-not-found) -f config/samples/sample-app.yaml
 
-.PHONY: sample_app_agent
-sample_app_agent: undeploy_sample_app_agent ## Deploy sample app with Cryostat Agent.
-	@if [ -z "${AUTH_TOKEN}" ]; then \
-		if [ "${CLUSTER_CLIENT}" = "oc" ]; then\
-			AUTH_TOKEN=`oc whoami -t`; \
-		else \
-			echo "'AUTH_TOKEN' must be specified."; \
-			exit 1; \
-		fi; \
-	fi; \
-	$(CLUSTER_CLIENT) apply $(SAMPLE_APP_FLAGS) -f config/samples/sample-app-agent.yaml; \
+.PHONY: sample_app
+sample_app: undeploy_sample_app ## Deploy sample app.
+	$(CLUSTER_CLIENT) apply $(SAMPLE_APP_FLAGS) -f config/samples/sample-app.yaml
 
 .PHONY: undeploy_sample_app_agent_proxy
 undeploy_sample_app_agent_proxy: ## Undeploy sample app with Cryostat Agent configured for TLS client auth on nginx proxy.
@@ -441,6 +429,19 @@ sample_app_agent_proxy: undeploy_sample_app_agent_proxy ## Deploy sample app wit
 undeploy_sample_app_agent: ## Undeploy sample app with Cryostat Agent.
 	- $(CLUSTER_CLIENT) delete $(SAMPLE_APP_FLAGS) --ignore-not-found=$(ignore-not-found) -f config/samples/sample-app-agent.yaml
 
+.PHONY: sample_app_agent
+sample_app_agent: undeploy_sample_app_agent ## Deploy sample app with Cryostat Agent.
+	$(CLUSTER_CLIENT) apply $(SAMPLE_APP_FLAGS) -f config/samples/sample-app-agent.yaml
+
+.PHONY: undeploy_sample_app_agent_injected
+undeploy_sample_app_agent_injected: ## Undeploy sample app with Cryostat Agent deployed by Operator injection.
+	- $(CLUSTER_CLIENT) delete $(SAMPLE_APP_FLAGS) --ignore-not-found=$(ignore-not-found) -f config/samples/sample-app-agent-injected.yaml
+
+.PHONY: sample_app_agent_injected
+sample_app_agent_injected: undeploy_sample_app_agent_injected ## Deploy sample app with Cryostat Agent deployed by Operator injection.
+	$(CLUSTER_CLIENT) apply $(SAMPLE_APP_FLAGS) -f config/samples/sample-app-agent-injected.yaml
+	$(CLUSTER_CLIENT) patch --type=merge -p "{\"spec\":{\"template\":{\"metadata\":{\"labels\":{\"cryostat.io/namespace\":\"${DEPLOY_NAMESPACE}\"}}}}}" deployment/quarkus-cryostat-agent
+
 .PHONY: cert_manager
 cert_manager: remove_cert_manager ## Install cert manager.
 	$(CLUSTER_CLIENT) create --validate=false -f $(CERT_MANAGER_MANIFEST)
diff --git a/config/samples/sample-app-agent-injected.yaml b/config/samples/sample-app-agent-injected.yaml
new file mode 100644
index 000000000..66c91107b
--- /dev/null
+++ b/config/samples/sample-app-agent-injected.yaml
@@ -0,0 +1,122 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: quarkus-cryostat-agent
+  name: quarkus-cryostat-agent
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: quarkus-cryostat-agent
+  template:
+    metadata:
+      labels:
+        app: quarkus-cryostat-agent
+        cryostat.io/name: cryostat-sample
+        cryostat.io/namespace: cryostat-operator-system
+    spec:
+      serviceAccountName: quarkus-cryostat-agent-serviceaccount
+      containers:
+      - env:
+        - name: CRYOSTAT_AGENT_APP_NAME
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.name
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        - name: CRYOSTAT_AGENT_API_WRITES_ENABLED
+          value: "true"
+        - name: CRYOSTAT_AGENT_BASEURI
+          value: https://cryostat-sample.$(NAMESPACE).svc:4180
+        - name: POD_IP
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: status.podIP
+        - name: CRYOSTAT_AGENT_CALLBACK
+          value: http://$(POD_IP):9977
+        - name: JAVA_OPTS_APPEND
+          value: |-
+            -Dquarkus.http.host=0.0.0.0
+            -Djava.util.logging.manager=org.jboss.logmanager.LogManager
+            -Dio.cryostat.agent.shaded.org.slf4j.simpleLogger.defaultLogLevel=debug
+        image: quay.io/redhat-java-monitoring/quarkus-cryostat-agent:latest
+        imagePullPolicy: Always
+        name: quarkus-cryostat-agent
+        ports:
+        - containerPort: 10010
+          protocol: TCP
+        resources:
+          limits:
+            cpu: 500m
+            memory: 256Mi
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+        volumeMounts:
+        - mountPath: /var/run/secrets/myapp/ca.crt
+          name: truststore
+          subPath: ca.crt
+      restartPolicy: Always
+      securityContext:
+        runAsNonRoot: true
+      volumes:
+      - name: truststore
+        secret:
+          secretName: cryostat-sample-tls
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: quarkus-cryostat-agent
+  name: quarkus-cryostat-agent
+spec:
+  selector:
+    app: quarkus-cryostat-agent
+  ports:
+  - name: agent-http
+    port: 9977
+    protocol: TCP
+    targetPort: 9977
+  - name: app-http
+    port: 10010
+    protocol: TCP
+    targetPort: 10010
+---
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: quarkus-cryostat-agent-serviceaccount
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: quarkus-cryostat-agent-role
+rules:
+- apiGroups:
+  - ""
+  verbs:
+  - create
+  resources:
+  - pods/exec
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: quarkus-cryostat-agent-role-binding
+subjects:
+- kind: ServiceAccount
+  name: quarkus-cryostat-agent-serviceaccount
+roleRef:
+  kind: Role
+  name: quarkus-cryostat-agent-role
+  apiGroup: rbac.authorization.k8s.io
diff --git a/config/samples/sample-app-agent.yaml b/config/samples/sample-app-agent.yaml
index 5e6d0efde..620f0bead 100644
--- a/config/samples/sample-app-agent.yaml
+++ b/config/samples/sample-app-agent.yaml
@@ -60,12 +60,9 @@ spec:
         - containerPort: 9097
           protocol: TCP
         resources:
-          requests:
-            cpu: 200m
-            memory: 96Mi
           limits:
             cpu: 500m
-            memory: 192Mi
+            memory: 256Mi
         securityContext:
           allowPrivilegeEscalation: false
           capabilities: