Add example workshop using helm to deploy admin cluster.

educates · Aug 16, 2023 · c16e6c9 · c16e6c9
1 parent 74b2b92
commit c16e6c9
Show file tree

Hide file tree

Showing 8 changed files with 188 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -9,6 +9,9 @@ Workshops included are:
   demonstrating creation of a virtual cluster per workshop session using the
   builtin support provided by Educates.
 
+* [lab-admin-vcluster](workshops/lab-admin-vcluster) - A workshop demonstrating
+  creation of a virtual cluster with full admin access to the cluster.
+
 * [lab-shared-vcluster](workshops/lab-shared-vcluster) - A workshop
   demonstrating creation of a shared virtual cluster for the whole environment,
   with workshops users getting access to only a single namespace in the virtual

diff --git a/resources/trainingportal.yaml b/resources/trainingportal.yaml
@@ -19,6 +19,11 @@ spec:
     overtime: 10m
     deadline: 60m
     orphaned: 5m
+  - name: lab-admin-vcluster
+    expires: 40m
+    overtime: 10m
+    deadline: 60m
+    orphaned: 5m
   - name: lab-shared-vcluster
     expires: 40m
     overtime: 10m

diff --git a/workshops/lab-admin-vcluster/README.md b/workshops/lab-admin-vcluster/README.md
@@ -0,0 +1,7 @@
+Admin vcluster
+==============
+
+This workshop demonstrates the creation of a virtual cluster providing full
+admin access. Rather than using the builtin feature of Educates to do this, a
+Helm chart deployment is used, with it being deployed using the `App` resource
+of `kapp-controller`.
diff --git a/workshops/lab-admin-vcluster/resources/workshop.yaml b/workshops/lab-admin-vcluster/resources/workshop.yaml
@@ -0,0 +1,139 @@
+#@ load("@ytt:data", "data")
+
+#@ imageCaching = getattr(data.values, "imageCaching", True)
+
+---
+apiVersion: training.educates.dev/v1beta1
+kind: Workshop
+metadata:
+  name: "lab-admin-vcluster"
+spec:
+  title: "Test of admin virtual cluster"
+  description: "Test of shared virtual cluster providing full admin access."
+  publish:
+    image: $(image_repository)/labs-vcluster-testing/lab-admin-vcluster-files:$(workshop_version)
+    files:
+    - directory:
+        path: workshop
+      path: workshop
+    - directory:
+        path: ../../packages
+      path: packages
+  workshop:
+    files:
+    #@ if imageCaching:
+    - http:
+        url: http://$(assets_repository)/.tgz
+      includePaths:
+      - workshop/**
+    #@ else:
+    - image:
+        url: $(image_repository)/labs-vcluster-testing/lab-admin-vcluster-files:$(workshop_version)
+      includePaths:
+      - workshop/**
+    #@ end
+  session:
+    namespaces:
+      budget: large
+      security:
+        policy: baseline
+        token:
+          enabled: false
+    applications:
+      terminal:
+        enabled: true
+        layout: split
+      editor:
+        enabled: true
+      console:
+        enabled: true
+        vendor: octant
+        octant:
+          version: latest
+      vcluster:
+        enabled: false
+    volumes:
+    - name: admin-credentials-config
+      secret:
+        secretName: $(session_name)-kubeconfig
+    - name: session-credentials-config
+      emptyDir: {}
+    volumeMounts:
+    - name: admin-credentials-config
+      mountPath: /opt/kubeconfig
+    objects:
+    - apiVersion: v1
+      kind: Secret
+      metadata:
+        name: $(session_name)-admin-vcluster-values
+        namespace: $(workshop_namespace)
+      stringData:
+        values.yaml: |
+          vcluster:
+            image: rancher/k3s:v1.25.3-k3s1
+          syncer:
+            extraArgs:
+            - --tls-san=admin-vcluster.$(session_namespace).svc.$(cluster_domain)
+            - --out-kube-config-server=https://admin-vcluster.$(session_namespace).svc.$(cluster_domain)
+    - apiVersion: kappctrl.k14s.io/v1alpha1
+      kind: App
+      metadata:
+        name: $(session_name)-admin-vcluster-package
+        namespace: $(workshop_namespace)
+      spec:
+        serviceAccountName: kapp-installer
+        syncPeriod: 720h
+        noopDelete: true
+        fetch:
+        - helmChart:
+            name: vcluster
+            repository:
+              url: https://charts.loft.sh
+        template:
+        - helmTemplate:
+            name: admin-vcluster
+            namespace: $(session_namespace)
+            valuesFrom:
+            - secretRef:
+                name: $(session_name)-admin-vcluster-values
+        deploy:
+        - kapp:
+            rawOptions:
+            - --app-changes-max-to-keep=5
+    - apiVersion: secrets.educates.dev/v1beta1
+      kind: SecretCopier
+      metadata:
+        name: $(session_name)-kubeconfig
+      spec:
+        rules:
+        - sourceSecret:
+            name: vc-admin-vcluster
+            namespace: $(session_namespace)
+          targetNamespaces:
+            nameSelector:
+              matchNames:
+              - $(workshop_namespace)
+          targetSecret:
+            name: $(session_name)-kubeconfig
+  environment:
+    assets:
+      files:
+      - image:
+          url: $(image_repository)/labs-vcluster-testing/lab-admin-vcluster-files:$(workshop_version) 
+    objects:
+    - apiVersion: v1
+      kind: ServiceAccount
+      metadata:
+        name: kapp-installer
+    - apiVersion: rbac.authorization.k8s.io/v1
+      kind: ClusterRoleBinding
+      metadata:
+        name: kapp-installer-$(workshop_namespace)
+      roleRef:
+        apiGroup: rbac.authorization.k8s.io
+        kind: ClusterRole
+        name: cluster-admin
+      subjects:
+        - kind: ServiceAccount
+          name: kapp-installer
+          namespace: $(workshop_namespace)
diff --git a/workshops/lab-admin-vcluster/workshop/config.yaml b/workshops/lab-admin-vcluster/workshop/config.yaml
@@ -0,0 +1,31 @@
+# pathways:
+#   default: workshop
+#
+#   paths:
+#     workshop:
+#       title: "Workshop"
+#
+#       steps:
+#       - 00-workshop-overview
+#       - 01-workshop-instructions
+#       - 99-workshop-summary
+#
+#       params:
+#       - name: NAME
+#         value: undefined
+#         aliases:
+#         - ALIAS
+
+# modules:
+# - name: 00-workshop-overview
+#   title: Workshop Overview
+# - name: 01-workshop-instructions
+#   title: Workshop Instructions
+# - name: 99-workshop-summary
+#   title: Workshop Summary
+
+# params:
+# - name: NAME
+#   value: undefined
+#   aliases:
+#   - ALIAS
diff --git a/workshops/lab-admin-vcluster/workshop/content/00-workshop-overview.md b/workshops/lab-admin-vcluster/workshop/content/00-workshop-overview.md
@@ -0,0 +1 @@
+This is the initial landing page for your workshop. Include in this page a description of what your workshop is about.
diff --git a/workshops/lab-admin-vcluster/workshop/content/01-workshop-instructions.md b/workshops/lab-admin-vcluster/workshop/content/01-workshop-instructions.md
@@ -0,0 +1 @@
+This is the first page of the workshop instructions, create as many separate pages as you need to. If necessary pages can be located in sub directories to provided grouping.
diff --git a/workshops/lab-admin-vcluster/workshop/content/99-workshop-summary.md b/workshops/lab-admin-vcluster/workshop/content/99-workshop-summary.md
@@ -0,0 +1 @@
+This is the last page of the workshop. Include in this page a summary of the workshop and any links to resources relevant to the workshop. This ensures anyone doing the workshop has material they can research later to learn more.
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		This is the initial landing page for your workshop. Include in this page a description of what your workshop is about.
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		This is the first page of the workshop instructions, create as many separate pages as you need to. If necessary pages can be located in sub directories to provided grouping.
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		This is the last page of the workshop. Include in this page a summary of the workshop and any links to resources relevant to the workshop. This ensures anyone doing the workshop has material they can research later to learn more.