3 01 Home

Angel Nunez Mencias edited this page 2024-12-31 17:09:27 +00:00

Table of Contents

• Welcome to our Openshift user guide wiki
• About Git Ops
• Our Flux Setup
• Usefull Links
• How to
• SSL and DNS
• Bring your own certificate and domain
• Use Predefined Domain
• Storage
• Request a Object Storage
• Request a PV

Welcome to our Openshift user guide wiki

About Git Ops

This repository is already fully configured to work in a GitOps Way (https://www.gitops.tech/#what-is-gitops). We use FluxCD has our GitOps Tools. We highly recommand to take advantage of that setup to deploy your application however it's not mandatory and you can use another way to ship them.

All example above is taking tenant-tpl as a our 'Tenant name'

Our Flux Setup

Repository Overview

.
├── echo-server
│   ├── app
│   │   └── helmrelease.yaml
│   └── ks.yaml
├── kustomization.yaml
├── README.md
├── repos
│   ├── helm
│   │   └── bjw-s.yaml
│   └── ks.yaml
├── scripts
│   └── rewrap-secrets.sh
└── vars
    ├── ks.yaml
    └── tenant-tpl
        ├── cluster-settings.yaml
        └── README.md

Flux Organisation

$ flux get all -n tenant-tpl

flowchart TD
    A["<b>Git Repository: tenant-repos</b>"]:::gitRepo

    subgraph Kustomization
        B["<b style='color: orange;'>kustomization/tenant-apps</b>"]:::mainEntry
    end

    F["<b style='color: teal;'>helmrepository/bjw-s</b>"]:::helmRepo
    G["<b style='color: violet;'>helmchart/tenant-tpl-echo-server</b>"]:::helmChart
    H["<b style='color: tomato;'>helmrelease/echo-server</b>"]:::helmRelease

    I["<b style='color: lightcoral;'>kustomization/echo-server</b>"]:::echoServer
    J["<b style='color: lightgreen;'>kustomization/repos-sync</b>"]:::reposSync
    K["<b style='color: lightblue;'>kustomization/vars</b>"]:::vars

    A --> B
    B --> C["<b style='color: lightblue;'>vars/ks.yaml</b>"]
    B --> D["<b style='color: lightgreen;'>repos/ks.yaml</b>"]
    B --> E["<b style='color: lightcoral;'>echo-server/ks.yaml</b>"]
    E --> I
    D --> J
    C --> K
    I --> H
    J --> F
    K --> G

    classDef gitRepo fill:#d1e7dd,stroke:#0f5132,stroke-width:2px;
    classDef mainEntry fill:#fff3cd,stroke:#856404,stroke-width:2px;
    classDef helmRepo fill:#d1ecf1,stroke:#0c5460,stroke-width:2px;
    classDef helmChart fill:#ede7f6,stroke:#4a148c,stroke-width:2px;
    classDef helmRelease fill:#f8d7da,stroke:#721c24,stroke-width:2px;
    classDef echoServer fill:#ffe6e6,stroke:#cc0000,stroke-width:2px;
    classDef reposSync fill:#d4edda,stroke:#155724,stroke-width:2px;
    classDef vars fill:#d1ecf1,stroke:#0c5460,stroke-width:2px;

tenant-apps Is the main entry point and is not defined within your git Repository but while we are creating the tenant for you.

kustomization/echo-server This is example application. While it's just an example it already does quite a lot such as.

• Deploying an application using the bjw-s helm chart.
• Exposing the application to the internet using a SSL certificate.
• Requesting persistent storage

./echo-server/app/helmrelease.yaml

This is a very good example to begin with and we will refer to it very much.

kustomization/repos-sync If you ever need to import a helm repository in your namespace this is the right place. You'll find an already working example with the bjw-s repository imported.

kustomization/vars

Here we are defining our applications secret or variables. Please refers to vars

Usefull Links

• flux kustomization
• bjw-s template helmchart

How to

• Environments
  • Variables
  • Secret
    • Encryption
• Storage
  • Persistent Storage
  • Object Storage
  • Database
    • PostgreSQL
    • MongoDB
• Exposing your application
  • SSL
  • Certificate
  • Domain

SSL and DNS

Bring your own certificate and domain

You can add the cert-manager.io/cluster-issuer: nginx-production annotation to your ingress/route to generate a letsencrypt certificate for your domain. You also need to specify the secretName in the tls section of the ingress.

Please notice that you need to ensure your domain DNS is resolving to the cluster ingress/route public ip. This can be done with a CNAME record pointing to:

• dummy.pub.<cluster_name>.kvant.cloud for Kubernetes Ingress
• dummy.app.<cluster_name>.kvant.cloud for Openshift Route

Example for Ingress:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    # add an annotation indicating the issuer to use.
    cert-manager.io/cluster-issuer: nginx-production # < set up on all kvant clusters
  name: myIngress
  namespace: myIngress
spec:
  className: external
  rules:
  - host: example.com
    http:
      paths:
      - pathType: Prefix
        path: /
        backend:
          service:
            name: myservice
            port:
              number: 80
  tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
  - hosts:
    - example.com
    secretName: myingress-cert # < cert-manager will store the created certificate in this secret.

Use Predefined Domain

You can spawn any application using your namespace associated Domain. ${TENANT_DOMAIN}

Storage

We are providing two type of storage. Object Storage and Volumes.

Request a Object Storage

apiVersion: objectbucket.io/v1alpha1
kind: ObjectBucketClaim
metadata:
  name: <CLAIM-NAME>
spec:
  generateBucketName: <YOUR-BUCKET-NAME>
  storageClassName: openshift-storage.noobaa.io

Request a PV

In the data section of your helmrelease.

data:
  enabled: true
  type: persistentVolumeClaim
  accessMode: ReadWriteOnce
  size: 1Gi