You will get the details of the OpenShift environment from your team facilitator. After gaining the access, please login to your OpenShift cluster and start the tasks.
✅ Operator Installation
| Operator | Channel |
|---|---|
latest |
|
latest |
|
stable |
|
* |
🥸 HINT: please follow the https://github.com/bitnami-labs/sealed-secrets#installation[instructions] to install sealed-secrets controller in `kube-system` namespace via Helm Chart.
👻 BONUS TASK: consider different ways to install operators on OpenShift, and explain the different methods to the facilitator to get the points.
✅ Grant cluster-admin to OpenShift GitOps application controller service account
✅ Deploy reloader Helm Chart
Follow the command:
helm repo add stakater https://stakater.github.io/stakater-charts
helm repo update
helm install reloader stakater/reloader -n reloader --set reloader.isOpenshift=true --set reloader.deployment.securityContext.runAsUser=null --create-namespace-
Fork the Git repo: https://github.com/StinkyBenji/quinoa-wind-turbine-manifests
-
And fork the Git repo: https://github.com/StinkyBenji/quinoa-wind-turbine
-
After you forked the repo, please run:
git clone <your-forked-repos>
-
Use
skopeo copyto mirror the container image to your own quay registry:
skopeo copy docker://quay.io/stbenji/quinoa-wind-turbine docker://quay.io/<your-account>/quinoa-wind-turbine
-
Create the namespace: quinoa-wind-turbine
-
The following steps will be executed in the same namespace
-
Go to the cloned quinoa-wind-turbine-manifests repo directory on your local machine
-
(provided that you are logged in to OpenShift on your local as well)
-
Use the following command to create the deployment secret:
helm template helm -n quinoa-wind-turbine --set disableSecretsDeployment=false -s templates/env/secret.yaml | kubeseal -n quinoa-wind-turbine - > config/sealedsecret.yaml oc apply -f config/sealedsecret.yaml
-
Create the argocd application using the wind-turbine-app-tmpl.yaml
-
Once you are sure that all the components of the application is running smoothly, use the following command to get the route of the racing car game:
echo "The dashboard link: https://$(oc get route quinoa-wind-turbine -o jsonpath='{.spec.host}{"\n"}' -n quinoa-wind-turbine)/dashboard"
echo "The game link: https://$(oc get route quinoa-wind-turbine -o jsonpath='{.spec.host}{"\n"}' -n quinoa-wind-turbine)"
-
Open a web browser to access the dashboard link to start the game
-
Use your mobile to access the game link to play the game
-
Create a fine-grained personal access token (one token is enough for one team)
-
Give the following permissions to your token:
Name |
Access |
Administration |
Read Only |
Metadata |
Read Only |
Content |
Read and Write |
Commit Statuses |
Read and Write |
Webhooks |
Read and Write |
-
Ideally, set repository access to only select repositories, and select the repositories that you just forked
-
Go to your cloned
quinoa-wind-turbine-manifestsrepo folder -
Update the 0-github-secret-tmpl.yaml to create a secret named
git-user-pass -
Update the 0-quay-secret-tmpl.yaml to create a secret named
quay-push-secret -
Link both secret to
pipelineservice account🥸 HINT: *oc secret link*
-
Go to the foked quinoa-wind-turbine repo on GitHub and create a webhook in your GitHub repository
-
Go to Repository → Settings → Webhooks → Add webhook
-
Payload URL:
echo "http://$(oc get route el-wind-turbine -o jsonpath='{.spec.host}{"\n"}' -n quinoa-wind-turbine)"
-
Content type:
application/json -
You can ignore the secret field
-
Just push event is enough
-
Create the webhook
-
Create a robot account
-
Once the robot account is ready, click on the account and copy/download the Kubernetes Secret credentials
-
Add the robot account to the image repository and give it Write permission
-
Go to your cloned
quinoa-wind-turbinerepo folder -
Change
constin thesrc/main/webui/src/Config.jse.g. `export const ENABLE_SHAKING = true; -
Commit and push the change
-
Observe the
pipelinerunsin the namespace -
Observe the Argo CD application rollout
-
Reload the game when the application is ready
-
If you can explain the underlying architecture of the application deployment workflow, you know what you are gonna get 😏