Cailey/artifactory/argo

apps/artifactory/artifactory-ha/templates/artifactory-image-stream.yaml

@@ -0,0 +1,18 @@
+kind: ImageStream
+apiVersion: image.openshift.io/v1
+metadata:
+  name: artifactory-pro
+  namespace: devops-artifactory
+spec:
+  lookupPolicy:
+    local: false
+  tags:
+    - name: 7.7.3
+      annotations: null
+      from:
+        kind: DockerImage
+        name: 'registry.connect.redhat.com/jfrog/artifactory-pro:7.7.3'
+      generation: 1
+      importPolicy: {}
+      referencePolicy:
+        type: Source

apps/artifactory/artifactory-operator/oc-push-image.sh

@@ -0,0 +1,73 @@
+#!/bin/bash
+
+OCTOOLSBIN=$(dirname $0)
+
+# =================================================================================================================
+# Usage:
+# -----------------------------------------------------------------------------------------------------------------
+usage() {
+  cat <<-EOF
+  A helper script to push images to an OpenShift docker registry.
+
+  Usage: ${0} [ -h -x -r <OpenShiftRegistryAddress>] -i <ImageName> -n <OpenShiftProjectNamespace> ]
+
+  OPTIONS:
+  ========
+    -i The name of the image to push.
+    -n The namespace of the OpenShift project.
+       For example devex-von-tools
+    -r Optional.  The address of the OpenShift docker registry,
+       such as your local registry, for example 172.30.1.1:5000.
+       Defaults to docker-registry.lab.pathfinder.gov.bc.ca
+    -t The tag name for the image.
+
+    -h prints the usage for the script
+    -x run the script in debug mode to see what's happening
+
+EOF
+exit
+}
+
+# -----------------------------------------------------------------------------------------------------------------
+# Initialization:
+# -----------------------------------------------------------------------------------------------------------------
+while getopts i:n:r:t:hx FLAG; do
+  case $FLAG in
+    i ) export DOCKER_IMAGE=$OPTARG ;;
+    n ) export OPENSHIFT_NAMESPACE=$OPTARG ;;
+    r ) export OPENSHIFT_REGISTRY_ADDRESS=$OPTARG ;;
+    t ) export OPENSHIFT_IMAGE_TAG=$OPTARG ;;
+    x ) export DEBUG=1 ;;
+    h ) usage ;;
+    \? ) #unrecognized option - show help
+      echo -e \\n"Invalid script option: -${OPTARG}"\\n
+      usage
+      ;;
+  esac
+done
+
+# Shift the parameters in case there any more to be used
+shift $((OPTIND-1))
+# echo Remaining arguments: $@
+
+if [ ! -z "${DEBUG}" ]; then
+  set -x
+fi
+
+if [ -z "${DOCKER_IMAGE}" ] || [ -z "${OPENSHIFT_NAMESPACE}" ] || [ -z "${OPENSHIFT_IMAGE_TAG}" ]; then
+  echo -e \\n"Missing parameters - name of Docker Image, OpenShift Namespace, Image Tag"\\n
+  usage
+fi
+
+if [ -z "${OPENSHIFT_REGISTRY_ADDRESS}" ]; then
+  OPENSHIFT_REGISTRY_ADDRESS=docker-registry.lab.pathfinder.gov.bc.ca
+fi
+
+OPENSHIFT_IMAGE_SNIPPET=${DOCKER_IMAGE#*/}
+OPENSHIFT_IMAGESTREAM_PATH=${OPENSHIFT_REGISTRY_ADDRESS}/${OPENSHIFT_NAMESPACE}/${OPENSHIFT_IMAGE_SNIPPET}
+# =================================================================================================================
+
+#docker tag ${DOCKER_IMAGE} ${OPENSHIFT_IMAGESTREAM_PATH}
+docker login ${OPENSHIFT_REGISTRY_ADDRESS} -u $(oc whoami) -p $(oc whoami -t)
+#docker push ${OPENSHIFT_IMAGESTREAM_PATH}
+make docker-build docker-push IMG=${OPENSHIFT_IMAGESTREAM_PATH}:${OPENSHIFT_IMAGE_TAG}

apps/artifactory/pipeline/README.md

@@ -0,0 +1,58 @@
+## Installing Argo
+
+This assumes that the CRDs have already been created (they have been in KLAB and Silver). Argo Workflows should be installed on the namespace scale.
+
+Start by updating the parameters in the `install.param` file. 
+Both parameters are used primarily to build the URL for the route to the argo UI, like this: `APP_NAME-argo.apps.CLUSTER.devops.gov.bc.ca`.
+To that end, make sure your cluster is either `klab` or `silver` (or whatever additional clusters are available) and that your app-name is unique on that cluster (I recommend using your unique namespace name).
+Do not include any periods, slashes, spaces or other characters inappropriate for a URL. 
+
+Perform the installion like this: 
+`oc process -f install.yaml --param-file=install.param | oc apply -n [NAMESPACE] -f -`
+
+This will produce a number of new objects relating to argo in your namespace. 
+Of particular note is the route, which allows you to access the UI.
+You may find that using the link directs you to a blank white page. If so, add `/workflows` to the end of the url and try again.
+This should help you to successfully enter the UI so that you can start using Argo.
+
+## Using Argo
+
+The documentation here will be fairly limited, and is largely dedicated to documenting specific quirks of this particular installation. 
+You are expected to use Argo's documentation to learn how to use workflows, which can be found at https://argoproj.github.io/argo/workflow-concepts/. 
+
+### serviceAccountName
+
+Typically, when the workflow doesn't specify a service account, Argo will just use default. 
+However, the default service account is not granted the required privileges when the above installation is used.
+Instead, we create a new service account called `workflow-creator` which is then granted the appropriate privileges instead.
+This means that you must specify `workflow.spec.serviceAccountName` as `workflow-creator` explicitly in your workflow.
+The following is an example of how to do this:
+
+```json
+{
+  "metadata": {
+    "name": "wonderful-bear",
+    "namespace": "devops-artifactory"
+  },
+  "spec": {
+    "serviceAccountName": "workflow-creator",
+    "entrypoint": "argosay",
+    "templates": [
+      {
+        "name": "argosay",
+        "container": {
+          "name": "main",
+          "image": "argoproj/argosay:v2",
+          "command": [
+            "/argosay"
+          ],
+          "args": [
+            "echo",
+            "hello argo!"
+          ]
+        }
+      }
+    ]
+  }
+}
+```

apps/artifactory/pipeline/artifactory-pipeline.yaml

@@ -0,0 +1,142 @@
+metadata:
+  generateName: artifactory-pipeline-
+  namespace: devops-artifactory
+spec:
+  serviceAccountName: workflow-creator
+  entrypoint: main
+  container:
+    - resources:
+        limits:
+          cpu: 100m
+          memory: 512Mi
+        requests:
+          cpu: 50m
+          memory: 256Mi
+  volumeClaimTemplates:
+    - metadata:
+        name: work
+      spec:
+        storageClassName: "netapp-block-standard"
+        accessModes: [ "ReadWriteOnce" ]
+        resources:
+          requests:
+            storage: 64Mi
+
+  templates:
+
+    - name: main
+      steps:
+        - - name: clone
+            template: clone
+            arguments:
+              parameters:
+                - name: repo
+                  value: "https://github.com/BCDevOps/developer-experience"
+                - name: branch
+                  value: "cailey/artifactory/argo"
+        - - name: create-artifactory-is
+            template: create-artifactory-is
+        - - name: build-operator
+            template: build-operator
+
+    - name: clone
+      inputs:
+        parameters:
+          - name: repo
+          - name: branch
+      container:
+        resources:
+          limits:
+            cpu: 100m
+            memory: 512Mi
+          requests:
+            cpu: 50m
+            memory: 256Mi
+        volumeMounts:
+          - mountPath: /mnt/vol
+            name: work
+        image: alpine/git:v2.26.2
+        workingDir: /mnt/vol
+        args:
+          - clone
+          - --depth
+          - "1"
+          - --branch
+          - "{{inputs.parameters.branch}}"
+          - --single-branch
+          - "{{inputs.parameters.repo}}"
+          - .
+
+    - name: create-artifactory-is
+      container:
+        resources:
+          limits:
+            cpu: 100m
+            memory: 512Mi
+          requests:
+            cpu: 50m
+            memory: 256Mi
+        image: openshift/origin-cli:latest
+        command: [sh, -c]
+        args: ['oc apply -f /mnt/vol/apps/artifactory/artifactory-ha/templates/artifactory-image-stream.yaml']
+        volumeMounts:
+          - name: work
+            mountPath: /mnt/vol
+
+    - name: build-operator
+      container:
+        resources:
+          limits:
+            cpu: 100m
+            memory: 512Mi
+          requests:
+            cpu: 50m
+            memory: 256Mi
+        volumeMounts:
+          - name: work
+            mountPath: /mnt/vol
+        image: docker:19.03.13
+        command: [sh, -c]
+        args: ["until docker ps; do sleep 3; done; cd /mnt/vol/apps/artifactory/artifactory-operator/; ./oc-push-image.sh"]
+        env:
+          - name: DOCKER_HOST
+            value: localhost
+      sidecars:
+        - name: dind
+          image: docker:19.03.14-dind-rootless
+          env:
+            - name: DOCKER_TLS_CERTDIR
+              value: ""
+#          securityContext:
+#            privileged: true
+          mirrorVolumeMounts: true
+
+
+
+
+#      container:
+#        resources:
+#          limits:
+#            cpu: 100m
+#            memory: 512Mi
+#          requests:
+#            cpu: 50m
+#            memory: 256Mi
+#        image: docker:latest
+#        command: [sh, -c]
+#        args: ['bash /mnt/vol/apps/artifactory/artifactory-operator/oc-push-image.sh']
+##        args: ['exec /mnt/vol/apps/artifactory/artifactory-operator/oc-push-image.sh -i artifactory-operator -n devops-artifactory -r image-registry.apps.klab.devops.gov.bc.ca -t v1-1.0.0-test']
+##        command: ["/mnt/vol/apps/artifactory/artifactory-operator/oc-push-image.sh"]
+##        args:
+##          - -i
+##          - artifactory-operator
+##          - -n
+##          - devops-artifactory
+##          - -r
+##          - image-registry.apps.klab.devops.gov.bc.ca
+##          - -t
+##          - v1-1.0.0-test
+#        volumeMounts:
+#          - name: work
+#            mountPath: /mnt/vol
+

apps/artifactory/pipeline/install.param

@@ -0,0 +1,2 @@
+APP_NAME=artifactory
+CLUSTER=klab