Developer Workshop delivery

.github/workflows/publish-devx-workshop-tanzu-cli-extension-package.yaml

@@ -0,0 +1,68 @@
+name: Publish Devx Workshop Tanzu CLI Extension Package
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - '**'
+    paths:
+      - 'lab-tanzu-platform-developer-experience/extension-packages/tanzu-cli/**'
+
+jobs:
+  publish-tanzu-cli-extension-package:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v3
+
+    - name: Download and install tanzu CLI
+      run: |
+        mkdir -p extension-package/bin
+        tanzu_cli_version=$(grep -oP 'tanzu-cli==\K.*' lab-tanzu-platform-developer-experience/extension-packages/tanzu-cli/requirements.txt)
+        curl -LO https://github.com/vmware-tanzu/tanzu-cli/releases/download/$tanzu_cli_version/tanzu-cli-linux-amd64.tar.gz
+        tar xvzf tanzu-cli-linux-amd64.tar.gz -C extension-package/bin/ --strip-components=1 
+
+        mv extension-package/bin/tanzu-cli-linux_amd64 extension-package/bin/tanzu
+        chmod 755 extension-package/bin/tanzu
+        ./extension-package/bin/tanzu config eula accept
+
+    - name: Install tanzu CLI plugins
+      run: |
+        TANZU_CLI_CEIP_OPT_IN_PROMPT_ANSWER=no ./extension-package/bin/tanzu plugin install --group vmware-tanzucli/essentials
+        TANZU_CLI_CEIP_OPT_IN_PROMPT_ANSWER=no ./extension-package/bin/tanzu plugin install --group vmware-tanzu/platform-engineer
+
+    - name: Collect tanzu CLI files
+      run: |
+        mkdir -p extension-package/.local/share/tanzu-cli
+        cp -r ~/.local/share/tanzu-cli/. extension-package/.local/share/tanzu-cli/
+        mkdir -p extension-package/.config/tanzu
+        cp -r ~/.config/tanzu/. extension-package/.config/tanzu/
+        mkdir -p extension-package/.cache/tanzu
+        cp -r ~/.cache/tanzu/. extension-package/.cache/tanzu/
+
+    - name: Add setup scripts
+      run: |
+        cp -r lab-tanzu-platform-developer-experience/extension-packages/tanzu-cli/setup.d extension-package
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Log in to GitHub Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Build and package container image
+      run: |
+        (cd extension-package && tree -a)
+
+        curl -LO https://github.com/carvel-dev/imgpkg/releases/download/v0.42.1/imgpkg-linux-amd64
+        mv imgpkg-linux-amd64 imgpkg
+        chmod 755 imgpkg
+
+        tanzu_cli_version=$(grep -oP 'tanzu-cli==\K.*' lab-tanzu-platform-developer-experience/extension-packages/tanzu-cli/requirements.txt)
+        LOWER_REPO=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')
+        ./imgpkg push -i ghcr.io/$LOWER_REPO/lab-tanzu-platform-developer-experience-tanzu-cli-extension-package:$tanzu_cli_version -f extension-package/

.gitignore

@@ -1,2 +1,4 @@
-ci/Dockerfile
+.DS_STORE
+.vscode
+private/ci/Dockerfile
 custom-container-task

lab-tanzu-platform-developer-experience/README.md

@@ -1,3 +1,12 @@
 # Tanzu Platform Developer Experience
 
 The workshop covers the developer experience of deploying applications to the Tanzu Platform
+
+## Workshop installation
+Adjust the configuration in [lab-tanzu-platform-developer-experience/resources/workshop-values.yaml](lab-tanzu-platform-developer-experience/resources/workshop-values.yaml) for your Tanzu Platform environment.
+
+For the optional automated TP for Kubernetes Space creation per workshop session, you have to provide an API token with "Organization Member" and "Tanzu Platform for Kubernetes Developer" roles
+
+```
+(cd lab-tanzu-platform-developer-experience/resources/ && ytt -f workshop-template.yaml -f workshop-values.yaml | kubectl apply -f -)
+```

lab-tanzu-platform-developer-experience/TODO

@@ -0,0 +1,3 @@
+- Change workshop tanzu cli package url to current repository after merge and first Github Action workflow run
+- Validate all the instructions
+- Sync up with Jaime and William to make sure our workshop will work properly in their environment

lab-tanzu-platform-developer-experience/carvel-packages/postgres-package/network-policy.yaml

@@ -0,0 +1,24 @@
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: postgres-postgresql
+  labels:
+    app.kubernetes.io/instance: postgres
+    app.kubernetes.io/name: postgresql
+    app.kubernetes.io/version: 16.3.0
+    helm.sh/chart: postgresql-15.5.6
+    app.kubernetes.io/component: primary
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: postgres
+      app.kubernetes.io/name: postgresql
+      app.kubernetes.io/component: primary
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    - ports:
+        - port: 5432

lab-tanzu-platform-developer-experience/carvel-packages/postgres-package/pod-disruption-budget.yaml

@@ -0,0 +1,17 @@
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: postgres-postgresql
+  labels:
+    app.kubernetes.io/instance: postgres
+    app.kubernetes.io/name: postgresql
+    app.kubernetes.io/version: 16.3.0
+    helm.sh/chart: postgresql-15.5.6
+    app.kubernetes.io/component: primary
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: postgres
+      app.kubernetes.io/name: postgresql
+      app.kubernetes.io/component: primary

lab-tanzu-platform-developer-experience/carvel-packages/postgres-package/service-account.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: postgres-postgresql
+  labels:
+    app.kubernetes.io/instance: postgres
+    app.kubernetes.io/name: postgresql
+    app.kubernetes.io/version: 16.3.0
+    helm.sh/chart: postgresql-15.5.6
+automountServiceAccountToken: false

lab-tanzu-platform-developer-experience/carvel-packages/postgres-package/services.yaml

@@ -0,0 +1,51 @@
+#@ load("@ytt:data", "data")
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres-postgresql-hl
+  labels:
+    app.kubernetes.io/instance: postgres
+    app.kubernetes.io/name: postgresql
+    app.kubernetes.io/version: 16.3.0
+    helm.sh/chart: postgresql-15.5.6
+    app.kubernetes.io/component: primary
+  annotations:
+    service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
+spec:
+  type: ClusterIP
+  clusterIP: None
+  publishNotReadyAddresses: true
+  ports:
+    - name: tcp-postgresql
+      port: 5432
+      targetPort: tcp-postgresql
+  selector:
+    app.kubernetes.io/instance: postgres
+    app.kubernetes.io/name: postgresql
+    app.kubernetes.io/component: primary
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres-postgresql
+  labels:
+    app.kubernetes.io/instance: postgres
+    app.kubernetes.io/name: postgresql
+    app.kubernetes.io/version: 16.3.0
+    helm.sh/chart: postgresql-15.5.6
+    app.kubernetes.io/component: primary
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: #@ "postgres-test" + data.values.host_suffix + "." + data.values.ingress_domain
+spec:
+  type: LoadBalancer
+  externalTrafficPolicy: "Cluster"
+  sessionAffinity: None
+  ports:
+    - name: tcp-postgresql
+      port: 5432
+      targetPort: tcp-postgresql
+  selector:
+    app.kubernetes.io/instance: postgres
+    app.kubernetes.io/name: postgresql
+    app.kubernetes.io/component: primary

lab-tanzu-platform-developer-experience/carvel-packages/postgres-package/statefulset.yaml

@@ -0,0 +1,182 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: postgres-postgresql
+  labels:
+    app.kubernetes.io/instance: postgres
+    app.kubernetes.io/name: postgresql
+    app.kubernetes.io/version: 16.3.0
+    helm.sh/chart: postgresql-15.5.6
+    app.kubernetes.io/component: primary
+spec:
+  replicas: 1
+  serviceName: postgres-postgresql-hl
+  updateStrategy:
+    rollingUpdate: {}
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: postgres
+      app.kubernetes.io/name: postgresql
+      app.kubernetes.io/component: primary
+  template:
+    metadata:
+      name: postgres-postgresql
+      labels:
+        app.kubernetes.io/instance: postgres
+        app.kubernetes.io/name: postgresql
+        app.kubernetes.io/version: 16.3.0
+        helm.sh/chart: postgresql-15.5.6
+        app.kubernetes.io/component: primary
+    spec:
+      serviceAccountName: postgres-postgresql
+
+      automountServiceAccountToken: false
+      affinity:
+        podAffinity:
+
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - podAffinityTerm:
+                labelSelector:
+                  matchLabels:
+                    app.kubernetes.io/instance: postgres
+                    app.kubernetes.io/name: postgresql
+                    app.kubernetes.io/component: primary
+                topologyKey: kubernetes.io/hostname
+              weight: 1
+        nodeAffinity:
+
+      securityContext:
+        fsGroup: 1001
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      hostNetwork: false
+      hostIPC: false
+      containers:
+        - name: postgresql
+          image: docker.io/bitnami/postgresql:16.3.0-debian-12-r14
+          imagePullPolicy: "IfNotPresent"
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+              - ALL
+            privileged: false
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
+            runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
+          env:
+            - name: BITNAMI_DEBUG
+              value: "false"
+            - name: POSTGRESQL_PORT_NUMBER
+              value: "5432"
+            - name: POSTGRESQL_VOLUME_DIR
+              value: "/bitnami/postgresql"
+            - name: PGDATA
+              value: "/bitnami/postgresql/data"
+            # Authentication
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: postgres-existing-secret
+                  key: postgres-password
+            # Replication
+            # Initdb
+            # Standby
+            # LDAP
+            - name: POSTGRESQL_ENABLE_LDAP
+              value: "no"
+            # TLS
+            - name: POSTGRESQL_ENABLE_TLS
+              value: "no"
+            # Audit
+            - name: POSTGRESQL_LOG_HOSTNAME
+              value: "false"
+            - name: POSTGRESQL_LOG_CONNECTIONS
+              value: "false"
+            - name: POSTGRESQL_LOG_DISCONNECTIONS
+              value: "false"
+            - name: POSTGRESQL_PGAUDIT_LOG_CATALOG
+              value: "off"
+            # Others
+            - name: POSTGRESQL_CLIENT_MIN_MESSAGES
+              value: "error"
+            - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES
+              value: "pgaudit"
+          ports:
+            - name: tcp-postgresql
+              containerPort: 5432
+          livenessProbe:
+            failureThreshold: 6
+            initialDelaySeconds: 30
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            exec:
+              command:
+                - /bin/sh
+                - -c
+                - exec pg_isready -U "postgres" -h 127.0.0.1 -p 5432
+          readinessProbe:
+            failureThreshold: 6
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            exec:
+              command:
+                - /bin/sh
+                - -c
+                - -e
+                - |
+                  exec pg_isready -U "postgres" -h 127.0.0.1 -p 5432
+                  [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ]
+          resources:
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
+          volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: tmp-dir
+            - name: empty-dir
+              mountPath: /opt/bitnami/postgresql/conf
+              subPath: app-conf-dir
+            - name: empty-dir
+              mountPath: /opt/bitnami/postgresql/tmp
+              subPath: app-tmp-dir
+            - name: dshm
+              mountPath: /dev/shm
+            - name: data
+              mountPath: /bitnami/postgresql
+      volumes:
+        - name: empty-dir
+          emptyDir: {}
+        - name: dshm
+          emptyDir:
+            medium: Memory
+  volumeClaimTemplates:
+    - apiVersion: v1
+      kind: PersistentVolumeClaim
+      metadata:
+        name: data
+      spec:
+        accessModes:
+          - "ReadWriteOnce"
+        resources:
+          requests:
+            storage: "8Gi"
+  persistentVolumeClaimRetentionPolicy:
+    whenDeleted: Delete
+    whenScaled: Retain

lab-tanzu-platform-developer-experience/extension-packages/tanzu-cli/requirements.txt

@@ -0,0 +1 @@
+tanzu-cli==v1.3.0