Samples for SUSE Exchange Paris January 2023 (#14)

* Improve cow-demo doc with image registry and code

* Add outscale chart (empty)

* Move config in rancher chart

* Dump version of cow-demo chart

* Fix typo in README in helm search repo command

* Update on gitlab and sonarqube charts

* Add nats, consul empty charts

* Add comment in rabbitmq chart

* Add SUSE Exchange Paris 2023 samples

* Update metallb

* Update Jenkins values

* Complete Longhorn documentation & update to 1.4.0 (dump version to 1.1.0)

* Update dep lock for Longhorn 1.4.0

README.md

@@ -17,18 +17,21 @@ Helm charts to ease the deployment of containers on Kubernetes clusters and get
   * [E Corp Demo](charts/ecorp-demo/README.md) 🗸
   * [WordPress](charts/wordpress/README.md) 🗸
 * Backing services
+  * [Consul](charts/consul/README.md)
   * [Kafka](charts/kafka/README.md)
   * [Keycloak](charts/keycloak/README.md) 🗸
   * [MariaDB](charts/mariadb/README.md) 🗸
   * [memcached](charts/memcached/README.md)
   * [MongoDB](charts/mongodb/README.md)
   * [MQTT](charts/mqtt/README.md)
+  * [NATS](charts/nats/README.md)
   * [PostgreSQL](charts/postgresql/README.md)
   * [RabbitMQ](charts/rabbitmq/README.md) 🗸
   * [Redis](charts/redis/README.md)
 * Cloud providers
   * [Azure Storage](charts/azure-storage/README.md) 🗸
   * [Let's Encrypt](charts/letsencrypt/README.md) 🗸
+  * [Outscale](charts/outscale/README.md)
 * Kube add-ons
   * [ArgoCD](charts/argo-cd/README.md) 🗸
   * [Argo Rollouts](charts/argo-rollouts/README.md)
@@ -72,6 +75,10 @@ Helm charts to ease the deployment of containers on Kubernetes clusters and get
 
 Limitation: [Helm Chart Releaser](https://github.com/helm/chart-releaser) doesn't support multiple chart directories ou multiple levels so all charts must be in `charts` repository
 
+## Samples
+
+* [SUSE Exchange Paris 2023](samples/suse-exchange-paris-2023/README.md)
+
 ## Usage
 
 ### From Helm CLI
@@ -81,7 +88,7 @@ Limitation: [Helm Chart Releaser](https://github.com/helm/chart-releaser) doesn'
 helm repo add devpro https://devpro.github.io/helm-charts
 
 # searches for a specific package from the command line
-helm repo search <package_name>
+helm search repo -l <package_name>
 
 # installs a package
 helm install <package_name>
@@ -146,7 +153,7 @@ helm:
 
 ```bash
 # runs Docker image (with workaround described at https://github.com/helm/chart-testing/issues/464)
-sudo docker run -it --workdir=/data --volume $(pwd):/data quay.io/helmpack/chart-testing:v3.7.1 /bin/sh -c "git config --global --add safe.directory /data ; ./scripts/add_helm_repo.sh ; ct lint --target-branch main"
+sudo docker run --rm -it --workdir=/data --volume $(pwd):/data quay.io/helmpack/chart-testing:v3.7.1 /bin/sh -c "git config --global --add safe.directory /data ; ./scripts/add_helm_repo.sh ; ct lint --target-branch main"
 ```
 
 ## References

charts/consul/README.md

@@ -0,0 +1,3 @@
+# Consul
+
+[Consul on Kubernetes](https://github.com/hashicorp/consul-k8s)

charts/cow-demo/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: cow-demo
 description: Helm chart for Cow Demo Application
 type: application
-version: 0.1.1
+version: 0.1.2
 appVersion: "1.0.0"
 maintainers:
   - name: devpro

charts/cow-demo/README.md

@@ -1,6 +1,6 @@
-# Cow app demo
+# Cow demo application Helm chart
 
-Helm chart to deploy cow demonstration application
+Helm chart to deploy cow demonstration application.
 
 ## How to check chart
 
@@ -37,7 +37,12 @@ kubectl get Secrets,Issuers,ClusterIssuers,Certificates,CertificateRequests,Orde
 helm delete cow-demo -n demo
 ```
 
-## References
+## How to get application source code and image
 
-* [David-VTUK/fleet-cow-demo](https://github.com/David-VTUK/fleet-cow-demo)
-* [oskapt/rancher-demo](https://github.com/oskapt/rancher-demo)
+### AMD64
+
+* [monachus/rancher-demo](https://hub.docker.com/r/monachus/rancher-demo) ([code](https://github.com/oskapt/rancher-demo))
+
+### ARM64
+
+* [bashofmann/rancher-demo](https://hub.docker.com/r/bashofmann/rancher-demo) ([code](https://github.com/bashofmann/rancher-demo))

charts/gitlab-runner/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: gitlab-runner
 description: Helm chart for managing GitLab Runner
 type: application
-version: "0.1.0"
+version: "0.1.1"
 appVersion: "15.6.1"
 dependencies:
   - name: gitlab-runner

charts/gitlab-runner/README.md

@@ -51,4 +51,6 @@ helm uninstall gitlab-runner-ubuntu-docker -n supply-chain
 
 ## How to investigate
 
-TODO
+### Known limitations
+
+* This Helm chart doesn't work with replicas different to 1 so multiple Helm releases from the same chart is needed

charts/gitlab-runner/values.yaml

@@ -2,7 +2,6 @@
 # https://archives.docs.gitlab.com/14.8/ee/ci/docker/using_docker_build.html#use-the-kubernetes-executor-with-docker-in-docker
 # https://stackoverflow.com/questions/69239098/not-able-to-execute-gitlab-runner-in-kubernetes-cluster-cannot-create-resource
 gitlab-runner:
-  replicas: 1
   runners:
     config: |
       [[runners]]

charts/jenkins/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: jenkins
 description: Helm chart for managing Jenkins
 type: application
-version: "0.1.0"
+version: "0.1.1"
 appVersion: "2.375.1"
 dependencies:
   - name: jenkins

charts/jenkins/values.yaml

@@ -8,8 +8,8 @@ jenkins:
       passwordKey: jenkins-admin-password
     resources:
       requests:
-        cpu: "50m"
-        memory: "256Mi"
+        cpu: "300m"
+        memory: "512Mi"
       limits:
         cpu: "500m"
         memory: "2048Mi"

charts/longhorn/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: longhorn
   repository: https://charts.longhorn.io
-  version: 1.3.2
-digest: sha256:671e2851a39fc1a5e2c9deafc912fcf8bc9bdab1823d6bf17db5c71acc5d1595
-generated: "2022-12-28T11:30:09.42573831+01:00"
+  version: 1.4.0
+digest: sha256:4abc00d1764a60266eea7090736cb20dc9eb041f1a7cd96b0526e251e5d7747a
+generated: "2023-02-23T10:01:55.955641707+01:00"

charts/longhorn/Chart.yaml

@@ -2,11 +2,11 @@ apiVersion: v2
 name: longhorn
 description: Helm chart for managing Longhorn
 type: application
-version: "0.1.0"
-appVersion: "1.3.2"
+version: "0.1.1"
+appVersion: "1.4.0"
 dependencies:
   - name: longhorn
-    version: 1.3.2
+    version: 1.4.0
     repository: https://charts.longhorn.io
 maintainers:
   - name: devpro

charts/longhorn/README.md

@@ -1,7 +1,9 @@
 # Longhorn Helm chart
 
-This Helm chart will install [Longhorn](https://longhorn.io/) ([docs](https://longhorn.io/docs/1.3.1/), [GitHub](https://github.com/longhorn/longhorn))
-and is based from the [official Helm chart](https://longhorn.io/docs/1.3.1/deploy/install/install-with-helm/) ([code](https://github.com/longhorn/charts)).
+This Helm chart will install [Longhorn](https://longhorn.io/) ([docs](https://longhorn.io/docs/), [GitHub](https://github.com/longhorn/longhorn))
+and is based from the [official Helm chart](https://longhorn.io/docs/1.4.0/deploy/install/install-with-helm/) ([code](https://github.com/longhorn/charts)).
+
+Know more about Longhorn: [devpro.github.io](https://devpro.github.io/rancher-ecosystem/docs/longhorn.html)
 
 ## How to create or update the chart
 
@@ -21,30 +23,63 @@ helm dependency update
 
 ## How to deploy manually
 
+### Sample with NGINX Ingress Controller and UI secured by password
+
 ```bash
 # checks the Kubernetes objects generated from the chart
 helm template longhorn . -f values.yaml \
-  --namespace longhorn > temp.yaml
+  --namespace longhorn-system > temp.yaml
 
-# (optional) creates secret to access the UI (see https://longhorn.io/docs/1.3.1/deploy/accessing-the-ui/longhorn-ingress/)
+# secure the access to the UI (see https://longhorn.io/docs/1.4.0/deploy/accessing-the-ui/longhorn-ingress/)
+USER=<USERNAME_HERE>; PASSWORD=<PASSWORD_HERE>; echo "${USER}:$(openssl passwd -stdin -apr1 <<< ${PASSWORD})" >> auth
+kubectl -n longhorn-system create secret generic basic-auth --from-file=auth
+
+# retrieves public IP
+NGINX_PUBLIC_IP=`kubectl get service -n ingress-nginx ingress-nginx-controller --output jsonpath='{.status.loadBalancer.ingress[0].ip}'`
 
 # applies the manifest (add "--debug > output.yaml" in case of issue)
 helm upgrade --install longhorn . -f values.yaml --create-namespace \
-  --namespace longhorn
-
-# checks everything is ok
-kubectl get pod -n longhorn
+  --set longhorn.ingress.enabled=true \
+  --set longhorn.ingress.ingressClassName=nginx \
+  --set longhorn.ingress.host=longhorn.${NGINX_PUBLIC_IP}.sslip.io \
+  --set longhorn.ingress.tls=true \
+  --set 'longhorn.ingress.annotations.cert-manager\.io/cluster-issuer=letsencrypt-prod' \
+  --set 'longhorn.ingress.annotations.nginx\.ingress\.kubernetes\.io/auth-type=basic' \
+  --set 'longhorn.ingress.annotations.nginx\.ingress\.kubernetes\.io/ssl-redirect="false"' \
+  --set 'longhorn.ingress.annotations.nginx\.ingress\.kubernetes\.io/auth-secret=basic-auth' \
+  --set 'longhorn.ingress.annotations.nginx\.ingress\.kubernetes\.io/auth-realm="Authentication Required "' \
+  --set 'longhorn.ingress.annotations.nginx\.ingress\.kubernetes\.io/proxy-body-size=10000m' \
+  --namespace longhorn-system
+
+# looks at the installation (all pods should be running at the end)
+kubectl get pod -n longhorn-system --watch
+
+# checks the storage class
+kubectl get sc longhorn
 
 # if needed, deletes the chart
-helm uninstall longhorn -n longhorn
+helm uninstall longhorn -n longhorn-system
 ```
 
 ## How to start once the application is running
 
-TODO
+- Open Longhorn dashboard (UI) on "https://longhorn.${NGINX_PUBLIC_IP}.sslip.io/"
 
-## How to investigate
+- Use Longhorn for MariaDB storage (we'll use [devpro/helm-charts](https://github.com/devpro/helm-charts/blob/main/charts/mariadb/README.md))
 
-### Known issues
+```bash
+# installs MariaDB
+helm upgrade --install mariadb devpro/mariadb --create-namespace \
+  --set mariadb.global.storageClass=longhorn \
+  --namespace mariadb-system
+
+# checks the pod (state should be Running)
+kubectl get pod -n mariadb-system
 
-TODO
+# checks the persistent volume and claims (status should be Bound)
+kubectl get pvc,pv -n mariadb-system
+
+# cleans-up resources
+helm delete mariadb -n mariadb-system
+kubectl delete persistentvolumeclaim/data-mariadb-0 -n mariadb-system
+```

charts/metallb/README.md

@@ -1,3 +1,3 @@
 # MetalLB
 
-[metallb.org](https://metallb.org/)
+[metallb.org](https://metallb.org/), [cheatsheet](https://everyday-cheatsheets.docs.devpro.fr/build/containers-and-cloud-native/kubernetes/metallb)

charts/nats/README.md

@@ -0,0 +1,3 @@
+# NATS
+
+[nats.io](https://nats.io/)

charts/outscale/README.md

@@ -0,0 +1 @@
+# Outscale Cloud Helm chart

charts/rabbitmq/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: rabbitmq
 description: Helm chart for managing RabbitMQ
 type: application
-version: "0.1.0"
+version: "0.1.1"
 appVersion: "3.11.5"
 dependencies:
   - name: rabbitmq

charts/rabbitmq/README.md

@@ -40,6 +40,20 @@ kubectl exec rabbitmq-0 -n=rabbitmq -- rabbitmq-diagnostics cluster_status
 helm uninstall rabbitmq -n rabbitmq
 ```
 
+## How to configure
+
+### Examples
+
+* Set a specific username and set ah hard coded password
+
+```yaml
+rabbitmq:
+  auth:
+    username: myyser
+    password: "myp@ass0rd"
+    securePassword: false
+```
+
 ## How to start once the application is running
 
 ### Rabbit Management
@@ -58,9 +72,3 @@ kubectl port-forward svc/rabbitmq 15672:15672 -n rabbitmq
 
 # manual: open http://127.0.0.1:15672/ (and login with "user" as username and the password retrieved before)
 ```
-
-## How to investigate
-
-### Known issues
-
-TODO

charts/rabbitmq/values.yaml

@@ -1,6 +1,7 @@
 # https://github.com/bitnami/charts/blob/main/bitnami/rabbitmq/values.yaml
 rabbitmq:
   replicaCount: 1
+  # network policy is mandatory to enable calls from another namespace
   networkPolicy:
     enabled: true
     allowExternal: false

charts/rancher/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: rancher
 description: Helm chart for managing Rancher
 type: application
-version: "0.1.0"
+version: "0.1.1"
 appVersion: "2.7.0"
 dependencies:
   - name: rancher

charts/rancher/README.md

@@ -36,6 +36,10 @@ helm template rancher . -f values.yaml \
 # applies the manifest (add "--debug > output.yaml" in case of issue)
 helm upgrade --install rancher . -f values.yaml --create-namespace \
   --set rancher.hostname=rancher.${NGINX_PUBLIC_IP}.sslip.io \
+  --set 'rancher.ingress.extraAnnotations.cert-manager\.io/cluster-issuer=letsencrypt-prod' \
+  --set rancher.ingress.ingressClassName=nginx \
+  --set rancher.ingress.tls.source=secret \
+  --set rancher.ingress.tls.secretName=rancher-tls \
   --namespace cattle-system
 
 # checks everything is ok

charts/rancher/values.yaml

@@ -1,10 +1,3 @@
 # https://github.com/rancher/rancher/blob/release/v2.7/chart/values.yaml
 rancher:
-  ingress:
-    extraAnnotations:
-      cert-manager.io/cluster-issuer: letsencrypt-prod
-    ingressClassName: nginx
-    tls:
-      source: secret
-      secretName: rancher-tls
   replicas: 2

charts/sonarqube/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: sonarqube
 description: Helm chart for managing SonarQube
 type: application
-version: "0.1.1"
+version: "0.1.2"
 appVersion: "9.7.1"
 dependencies:
   - name: sonarqube

charts/sonarqube/README.md

@@ -49,6 +49,16 @@ helm uninstall sonarqube -n supply-chain
 * checks existings resources
 
 ```bash
-kubectl get all -n harbor
-kubectl get Issuers,ClusterIssuers,Certificates,CertificateRequests,Orders,Challenges -n harbor
+kubectl get all -n supply-chain
+kubectl get Issuers,ClusterIssuers,Certificates,CertificateRequests,Orders,Challenges -n supply-chain
 ```
+
+## How to start
+
+* Go to SonarQube URL
+* "My Account" > "Security" > "Tokens"
+  * Generate Global Analysis Token
+* "How do you want to create your project?" > "From GitLab"
+  * Configuration name: "GitLab on-prem"
+  * GitLab API URL: "https://gitlab.${NGINX_PUBLIC_IP}.sslip.io/api/v4"
+  * Personal Access Token: (to be created in GitLab, "User Settings" > "Access Tokens" > "api" scope)

samples/suse-exchange-paris-2023/README.md

@@ -0,0 +1,8 @@
+# SUSE Exchange Paris 2023 samples
+
+This folder provide samples used in the DevOps/container presentation done at SUSE Exchange Paris 2023 event.
+
+## Content
+
+* `fleet/repo-content`: GitOps powered by Rancher fleet
+* `fleet/repo-definitions`: GitRepos YAML definitions

samples/suse-exchange-paris-2023/fleet/repo-content/above-crds/README.md

@@ -0,0 +1,7 @@
+# Above CRDs
+
+## How to update
+
+```bash
+wget -O cert-manager.crds.yaml https://github.com/cert-manager/cert-manager/releases/download/v1.10.0/cert-manager.crds.yaml
+```