Skip to content

Commit

Permalink
Merge pull request #12 from Tanzu-Solutions-Engineering/educates-plat…
Browse files Browse the repository at this point in the history 
…form-engineer

Educates platform engineering workshop
  • Loading branch information
@timosalm
timosalm authored Aug 14, 2024
2 parents bd68e96 + 94280ff commit b8ef1fc
Show file tree
Hide file tree
Showing 51 changed files with 1,238 additions and 0 deletions.
43 changes: 43 additions & 0 deletions .github/workflows/publish-platform-engineer-workshop-image.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
name: Publish Platform Engineer Workshop Image

on:
workflow_dispatch:
push:
branches:
- '**'
paths:
- 'lab-platform-engineer/educates/Dockerfile'

env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}/lab-platform-engineer-image

jobs:
publish-tanzu-cli-extension-package:
runs-on: ubuntu-latest

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}

- name: Build and push Docker image
id: push
uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
with:
context: lab-platform-engineer/educates/
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
1 change: 1 addition & 0 deletions lab-platform-engineer/educates/.dockerignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
*
48 changes: 48 additions & 0 deletions lab-platform-engineer/educates/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
FROM ghcr.io/vmware-tanzu-labs/educates-base-environment

USER root

# Tanzu CLI
RUN echo $' \n\
[tanzu-cli] \n\
name=Tanzu CLI \n\
baseurl=https://storage.googleapis.com/tanzu-cli-os-packages/rpm/tanzu-cli \n\
enabled=1 \n\
gpgcheck=1 \n\
repo_gpgcheck=1 \n\
gpgkey=https://packages.vmware.com/tools/keys/VMWARE-PACKAGING-GPG-RSA-KEY.pub ' >> /etc/yum.repos.d/tanzu-cli.repo
RUN yum install -y tanzu-cli
RUN yes | tanzu plugin install --group vmware-tanzucli/essentials
RUN yes | tanzu plugin install --group vmware-tanzu/platform-engineer

# Install krew
RUN \
( \
set -x; cd "$(mktemp -d)" && \
OS="$(uname | tr '[:upper:]' '[:lower:]')" && \
ARCH="$(uname -m | sed -e 's/x86_64/amd64/' -e 's/\(arm\)\(64\)\?.*/\1\2/' -e 's/aarch64$/arm64/')" && \
KREW="krew-${OS}_${ARCH}" && \
curl -fsSLO "https://github.com/kubernetes-sigs/krew/releases/latest/download/${KREW}.tar.gz" && \
tar zxvf "${KREW}.tar.gz" && \
./"${KREW}" install krew \
)
RUN echo "export PATH=\"${KREW_ROOT:-$HOME/.krew}/bin:$PATH\"" >> ${HOME}/.bashrc
ENV PATH="${KREW_ROOT:-$HOME/.krew}/bin:$PATH"
RUN kubectl krew install ctx
RUN kubectl krew install ns
RUN kubectl krew install konfig
RUN kubectl krew install eksporter
RUN chmod 775 -R $HOME/.krew

# vcluster CLI
RUN curl -L -o vcluster "https://github.com/loft-sh/vcluster/releases/download/v0.20.0-beta.9/vcluster-linux-amd64" && chmod +x vcluster && mkdir -p $HOME/bin/ && mv vcluster $HOME/bin/


# Utilities
RUN yum install ruby -y

COPY --chown=1001:0 . /home/eduk8s/

RUN fix-permissions /home/eduk8s

USER 1001
3 changes: 3 additions & 0 deletions lab-platform-engineer/educates/TODO
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
- Ingress setup of Kubernetes API without HTTPProxy (see 01-vcluster-setup.sh)
- UI Flow
- Add Cluster cordon, drain and disruption flows
6 changes: 6 additions & 0 deletions lab-platform-engineer/educates/resources/workshop-values.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
#@data/values
---
tanzu_platform:
org:
id: sa-tanzu-platform
name: 77aee83b-308f-4c8e-b9c4-3f7a6f19ba75
205 changes: 205 additions & 0 deletions lab-platform-engineer/educates/resources/workshop.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,205 @@
#@ load("@ytt:data", "data")
---
apiVersion: training.educates.dev/v1beta1
kind: Workshop
metadata:
name: lab-tanzu-platform-platform-engineer
spec:
title: "Tanzu Platform for Platform Engineers"
description: "The workshop covers the fundamentals of Tanzu Platform for Platform Engineers."
publish:
image: "$(image_repository)/lab-tanzu-platform-lab-platform-engineer-files:$(workshop_version)"
workshop:
files:
- git:
ref: origin/educates-platform-engineer
url: https://github.com/Tanzu-Solutions-Engineering/tanzu-platform-workshop
includePaths:
- /lab-platform-engineer/educates/workshop/**
- /lab-platform-engineer/educates/exercises/**
- /lab-platform-engineer/educates/README.md
newRootPath: /lab-platform-engineer/educates
path: .
image: ghcr.io/timosalm/tanzu-platform-workshop/lab-platform-engineer-image:educates-platform-engineer
session:
applications:
console:
enabled: false
docker:
enabled: true
editor:
enabled: true
registry:
enabled: true
terminal:
enabled: true
layout: split
namespaces:
budget: custom
security:
policy: baseline
env:
- name: PUBLIC_REGISTRY_HOST
value: public-registry-$(session_name).$(ingress_domain)
- name: TANZU_CLI_CLOUD_SERVICES_ORGANIZATION_ID
value: #@ data.values.tanzu_platform.org.id
- name: TANZU_CLI_CLOUD_SERVICES_ORGANIZATION_NAME
value: #@ data.values.tanzu_platform.org.name
ingresses:
- name: public-registry
host: $(session_name)-registry
port: 5000
protocol: http
headers:
- name: Authorization
value: "Basic REGISTRY_BASIC_AUTH_CREDENTIALS"
authentication:
type: none
volumes:
- name: admin-credentials-config
secret:
secretName: $(session_name)-kubeconfig
volumeMounts:
- name: admin-credentials-config
mountPath: /opt/kubeconfig
objects:
- apiVersion: v1
kind: Secret
metadata:
name: $(session_name)-vcluster-values
namespace: $(workshop_namespace)
stringData:
values.yaml: |
syncer:
extraArgs:
- --tls-san=vcluster-$(session_namespace).$(ingress_domain)
- --out-kube-config-server=https://vcluster-$(session_namespace).$(ingress_domain)
sync:
ingresses:
enabled: true
- apiVersion: kappctrl.k14s.io/v1alpha1
kind: App
metadata:
name: $(session_name)-vcluster-package
namespace: $(workshop_namespace)
spec:
serviceAccountName: $(service_account)
syncPeriod: 720h
noopDelete: true
fetch:
- helmChart:
name: vcluster
repository:
url: https://charts.loft.sh
template:
- helmTemplate:
name: vcluster
namespace: $(session_namespace)
valuesFrom:
- secretRef:
name: $(session_name)-vcluster-values
- ytt:
inline:
paths:
overlays.yaml: |
#@ load("@ytt:data", "data")
#@ load("@ytt:overlay", "overlay")
#@overlay/match by=overlay.all, expects="1+"
---
metadata:
#@overlay/match missing_ok=True
ownerReferences:
- apiVersion: training.educates.dev/v1beta1
kind: WorkshopSession
blockOwnerDeletion: true
controller: true
name: $(session_name)
uid: $(workshop_session_uid)
deploy:
- kapp:
rawOptions:
- --app-changes-max-to-keep=5
- apiVersion: projectcontour.io/v1
kind: HTTPProxy
metadata:
name: vcluster-$(session_namespace)
namespace: $(session_namespace)
spec:
virtualhost:
fqdn: vcluster-$(session_namespace).$(ingress_domain)
tls:
passthrough: true
tcpproxy:
services:
- name: vcluster
port: 443
- apiVersion: secrets.educates.dev/v1beta1
kind: SecretCopier
metadata:
name: $(session_name)-kubeconfig
spec:
rules:
- sourceSecret:
name: vc-vcluster
namespace: $(session_namespace)
targetNamespaces:
nameSelector:
matchNames:
- $(workshop_namespace)
targetSecret:
name: $(session_name)-kubeconfig
- apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: $(session_namespace)-session
namespace: $(session_namespace)
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: $(session_namespace)-session-rb
namespace: $(session_namespace)
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: $(session_namespace)-session
subjects:
- kind: ServiceAccount
name: $(service_account)
namespace: $(workshop_namespace)
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: $(session_name)-vcluster-deployer
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- '*'
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterroles
- clusterrolebindings
verbs:
- '*'
- apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: $(session_name)-vcluster-deployer-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: $(session_name)-vcluster-deployer
subjects:
- kind: ServiceAccount
name: $(service_account)
namespace: $(workshop_namespace)
25 changes: 25 additions & 0 deletions lab-platform-engineer/educates/workshop/config.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
pathways:
default: workshop

paths:
workshop:
title: "Workshop"

steps:
- 01-workshop-overview
- 02-login-to-tp4k8s
- 03-tp-concepts
- 04-cluster-group-capabilities
- 05-attach-cluster
- 06-availability-targets
- 07-profiles
- 08-spaces
- 09-sample-app
- 10-cleanup
- 99-workshop-summary
params:
- name: TANZU_CLI_CLOUD_SERVICES_ORGANIZATION_ID
value: undefined
- name: TANZU_CLI_CLOUD_SERVICES_ORGANIZATION_NAME
value: undefined

7 changes: 7 additions & 0 deletions lab-platform-engineer/educates/workshop/content/01-workshop-overview/index.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
title: Workshop Overview
---

Tanzu Platform for Kubernetes enables **platform engineers** to build and manage application development environments at scale.

This interactive workshop aims to give you an overview of how to set up application environments in the Tanzu Platform for Kubernetes.
Loading

0 comments on commit b8ef1fc

Please sign in to comment.