[PCP-7243] update recipes for TP 1.3 (#11)

* [PCP-7243] update recipes for TP 1.3

* upgrade to 1.3.337

charts/provisioner-config-local/Chart.yaml

@@ -8,7 +8,7 @@ apiVersion: v2
 name: provisioner-config-local
 description: Platform Provisioner local config
 type: application
-version: "1.0.35"
+version: "1.0.38"
 appVersion: "2.0.0"
 home: https://github.com/TIBCOSoftware/tp-helm-charts
 maintainers:

charts/provisioner-config-local/config/pp-deploy-cp-core-on-prem.yaml

@@ -20,7 +20,7 @@ options:
   guiType: input
   reference: "meta.guiEnv.GUI_GITHUB_TOKEN"
   description: |
-    The GitHub token to access the dev helm charts. For public helm chart you don't need to set this.
+    (optional) The GitHub token to access the dev helm charts. For public helm chart you don't need to set this.
 - name: "GUI_CP_CHART_REPO"
   type: string
   guiType: input
@@ -37,7 +37,8 @@ options:
   type: string
   guiType: input
   reference: "meta.guiEnv.GUI_DP_CHART_REPO_TOKEN"
-  description: "The helm chart registry password to deploy DP"
+  description: |
+    (optional)  The helm chart registry password to deploy DP
 - name: "GUI_CP_ADMIN_EMAIL"
   type: string
   guiType: input
@@ -52,7 +53,8 @@ options:
   type: string
   guiType: input
   reference: "meta.guiEnv.GUI_CP_CONTAINER_REGISTRY"
-  description: "The container registry to deploy CP"
+  description: |
+    The container registry to deploy CP. csgprdusw2reposaas.jfrog.io for master node. csgprduswrepoedge.jfrog.io for edge node
 - name: "GUI_CP_CONTAINER_REGISTRY_USERNAME"
   type: string
   guiType: input
@@ -67,27 +69,28 @@ options:
   type: string
   guiType: input
   reference: "meta.guiEnv.GUI_CP_CONTAINER_REGISTRY_REPOSITORY"
-  description: "The container registry repository to deploy CP"
+  description: |
+    The container registry repository to deploy CP. tibco-platform-docker-prod for production. tibco-platform-docker-dev for development
 - name: "GUI_TP_TLS_CERT"
   type: string
   guiType: input
   reference: "meta.guiEnv.GUI_TP_TLS_CERT"
-  description: "base64 encoding of validate certificate for the domain. You can get it from <a href='https://provisioner.cic2.tibcocloud.com/pipelines/generic-runner?title=certificate-localhost-dp' target='_blank'>Platform Provisioner</a>"
+  description: "base64 encoding of validate certificate for the domain."
 - name: "GUI_TP_TLS_KEY"
   type: string
   guiType: input
   reference: "meta.guiEnv.GUI_TP_TLS_KEY"
-  description: "base64 encoding of validate certificate for the domain You can get it from <a href='https://provisioner.cic2.tibcocloud.com/pipelines/generic-runner?title=certificate-localhost-dp' target='_blank'>Platform Provisioner</a>"
+  description: "base64 encoding of validate certificate for the domain."
 - name: "GUI_CP_PLATFORM_BOOTSTRAP_VERSION"
   type: string
   guiType: input
   reference: "meta.guiEnv.GUI_CP_PLATFORM_BOOTSTRAP_VERSION"
-  description: "The version of CP platform bootstrap. TP 1.2 GA release version is: 1.2.23. use ^1.0.0 for latest"
+  description: "The version of CP platform bootstrap. TP 1.3 GA release version is: 1.3.36. Use ^1.0.0 for latest"
 - name: "GUI_CP_PLATFORM_BASE_VERSION"
   type: string
   guiType: input
   reference: "meta.guiEnv.GUI_CP_PLATFORM_BASE_VERSION"
-  description: "The version of CP platform base. TP 1.2 GA release version is: 1.2.140. use ^1.0.0 for latest"
+  description: "The version of CP platform base. TP 1.3 GA release version is: 1.3.337. Use ^1.0.0 for latest"
 - name: "GUI_CP_STORAGE_CLASS"
   type: string
   guiType: input

charts/provisioner-config-local/recipes/pp-deploy-cp-core-on-prem.yaml

@@ -28,8 +28,8 @@ meta:
     GUI_TP_TLS_CERT: ""
     GUI_TP_TLS_KEY: ""
     # version
-    GUI_CP_PLATFORM_BOOTSTRAP_VERSION: 1.2.23
-    GUI_CP_PLATFORM_BASE_VERSION: 1.2.140
+    GUI_CP_PLATFORM_BOOTSTRAP_VERSION: 1.3.36
+    GUI_CP_PLATFORM_BASE_VERSION: 1.3.337
     # storage
     GUI_CP_STORAGE_CLASS: standard
     GUI_CP_STORAGE_CREATE_PV: false
@@ -65,8 +65,8 @@ meta:
     CP_CONTAINER_REGISTRY_PASSWORD: "${GUI_CP_CONTAINER_REGISTRY_PASSWORD}"
     CP_CONTAINER_REGISTRY_REPOSITORY: ${GUI_CP_CONTAINER_REGISTRY_REPOSITORY:-"tibco-platform-docker-prod"}
     # node
-    CP_NODE_CIDR: 10.180.0.0/16
-    CP_POD_CIDR: 10.180.0.0/16
+    CP_NODE_CIDR: ${GUI_TP_CLUSTER_CIDR:-"10.180.0.0/16"}
+    CP_POD_CIDR: ${GUI_TP_CLUSTER_CIDR:-"10.180.0.0/16"}
     CP_ADMIN_EMAIL: ${GUI_CP_ADMIN_EMAIL:-"cp-test@gmail.com"}
     # third party
     CP_EXT_NAMESPACE: tibco-ext
@@ -87,7 +87,7 @@ meta:
     CP_IDM_CP_ENCRYPTION_SECRET: ${GUI_CP_IDM_CP_ENCRYPTION_SECRET:-"dummy-encryption-secret"}
     # CP ingress
     CP_INGRESS_CLASSNAME: ${GUI_CP_INGRESS_CLASSNAME:-nginx} # the ingress for CP
-    CP_SKIP_BOOTSTRAP_INGRESS: false # set to false will create ingress for router and hybrid-prox
+    CP_SKIP_BOOTSTRAP_INGRESS: false # set to false will create ingress for router and hybrid-proxy
     CP_ALB_CERTIFICATE_ARN: "" # AWS ACM certificate ARN for ALB
     CP_NLB_CERTIFICATE_ARN: "" # AWS ACM certificate ARN for NLB
     TP_TLS_CERT: "" # if provided; will create secret tp-certificate with tls.crt and tls.key and create ingress
@@ -96,8 +96,8 @@ meta:
     TP_GENERATE_CERTIFICATE_NAME: tp-certificate-${CP_INSTANCE_ID}
     TP_CERTIFICATE_CLUSTER_ISSUER: ${GUI_TP_CERTIFICATE_CLUSTER_ISSUER:-"tp-prod"} # the cluster issuer for tp-certificate
     # CP version
-    CP_PLATFORM_BOOTSTRAP_VERSION: ${GUI_CP_PLATFORM_BOOTSTRAP_VERSION:-1.2.23} # 1.2 GA release. use ^1.0.0 for latest
-    CP_PLATFORM_BASE_VERSION: ${GUI_CP_PLATFORM_BASE_VERSION:-1.2.140} # 1.2 GA release. use ^1.0.0 for latest
+    CP_PLATFORM_BOOTSTRAP_VERSION: ${GUI_CP_PLATFORM_BOOTSTRAP_VERSION:-1.3.36} # 1.3 GA release. use ^1.0.0 for latest
+    CP_PLATFORM_BASE_VERSION: ${GUI_CP_PLATFORM_BASE_VERSION:-1.3.337} # 1.3 GA release. use ^1.0.0 for latest
     # flow control
     CP_CREATE_NAMESPACE: true
     CP_INSTALL_MAILDEV: true
@@ -512,7 +512,7 @@ helmCharts:
                     pathType: Prefix
                     backend:
                       service:
-                        name: hybrid-proxy
+                        name: hybrid-proxy  # CP_PROVIDER must set to local to create this service
                         port:
                           number: 105
         EOF

charts/provisioner-config-local/recipes/tp-base-on-prem-https.yaml

@@ -14,15 +14,15 @@ apiVersion: v1
 kind: helm-install
 meta:
   guiEnv:
-      note: "deploy-tp-base-on-prem-cert"
-      GUI_TP_DNS_DOMAIN: localhost.dataplanes.pro
-      GUI_TP_TLS_CERT: ""
-      GUI_TP_TLS_KEY: ""
-      GUI_TP_INSTALL_NGINX_INGRESS: true
-      GUI_TP_INGRESS_SERVICE_TYPE: ClusterIP
-      GUI_TP_STORAGE_CLASS: standard
-      GUI_TP_INSTALL_POSTGRES: true
-      GUI_PIPELINE_LOG_DEBUG: false
+    note: "deploy-tp-base-on-prem-cert"
+    GUI_TP_DNS_DOMAIN: localhost.dataplanes.pro
+    GUI_TP_TLS_CERT: ""
+    GUI_TP_TLS_KEY: ""
+    GUI_TP_INSTALL_NGINX_INGRESS: true
+    GUI_TP_INGRESS_SERVICE_TYPE: ClusterIP
+    GUI_TP_STORAGE_CLASS: standard
+    GUI_TP_INSTALL_POSTGRES: true
+    GUI_PIPELINE_LOG_DEBUG: false
   globalEnvVariable:
     REPLACE_RECIPE: true
     PIPELINE_LOG_DEBUG: false
@@ -56,7 +56,7 @@ meta:
 helmCharts:
 - condition: ${TP_INSTALL_CERT_MANAGER}
   name: cert-manager
-  version: v1.13.2 # release: https://github.com/cert-manager/cert-manager/releases
+  version: v1.15.3 # release: https://github.com/cert-manager/cert-manager/releases
   repo:
     helm:
       url: https://charts.jetstack.io
@@ -78,7 +78,7 @@ helmCharts:
     createNamespace: true
 - condition: ${TP_INSTALL_METRICS_SERVER}
   name: metrics-server
-  version: "3.12.0"
+  version: "3.12.1"
   repo:
     helm:
       url: https://kubernetes-sigs.github.io/metrics-server/
@@ -104,7 +104,7 @@ helmCharts:
 - condition: ${TP_INSTALL_TRAEFIK_INGRESS}
   name: traefik
   namespace: ${TP_INGRESS_NAMESPACE}
-  version: "26.1.0"
+  version: "31.1.0"
   repo:
     helm:
       url: https://traefik.github.io/charts
@@ -163,7 +163,7 @@ helmCharts:
 - condition: ${TP_INSTALL_NGINX_INGRESS}
   name: ingress-nginx
   namespace: ${TP_INGRESS_NAMESPACE}
-  version: 4.10.0 # release: https://github.com/kubernetes/ingress-nginx/releases
+  version: 4.11.2 # release: https://github.com/kubernetes/ingress-nginx/releases
   repo:
     helm:
       url: https://kubernetes.github.io/ingress-nginx

charts/provisioner-config-local/recipes/tp-base-on-prem.yaml

@@ -50,7 +50,7 @@ meta:
 helmCharts:
 - condition: ${TP_INSTALL_CERT_MANAGER}
   name: cert-manager
-  version: v1.13.2 # release: https://github.com/cert-manager/cert-manager/releases
+  version: v1.15.3 # release: https://github.com/cert-manager/cert-manager/releases
   repo:
     helm:
       url: https://charts.jetstack.io
@@ -72,7 +72,7 @@ helmCharts:
     createNamespace: true
 - condition: ${TP_INSTALL_METRICS_SERVER}
   name: metrics-server
-  version: "3.12.0"
+  version: "3.12.1"
   repo:
     helm:
       url: https://kubernetes-sigs.github.io/metrics-server/
@@ -98,7 +98,7 @@ helmCharts:
 - condition: ${TP_INSTALL_NGINX_INGRESS}
   name: ingress-nginx
   namespace: ${TP_INGRESS_NAMESPACE}
-  version: 4.10.0 # release: https://github.com/kubernetes/ingress-nginx/releases
+  version: 4.11.2 # release: https://github.com/kubernetes/ingress-nginx/releases
   repo:
     helm:
       url: https://kubernetes.github.io/ingress-nginx

docs/recipes/controlplane/tp-cp.yaml

@@ -17,6 +17,8 @@ meta:
     GITHUB_USER_NAME: ${GUI_GITHUB_USER_NAME:-"cp-test"}
     CP_CHART_REPO: ${GUI_CP_CHART_REPO:-"https://tibcosoftware.github.io/tp-helm-charts"} # TIBCO Platform public repo
     DP_CHART_REPO: ${GUI_DP_CHART_REPO:-"https://tibcosoftware.github.io/tp-helm-charts"} # The repo that Data Plane will use
+    DP_CHART_REPO_TOKEN: ${GUI_DP_CHART_REPO_TOKEN:-""}
+    DP_CHART_REPO_USER_NAME: ${GUI_DP_CHART_REPO_USER_NAME:-"cp-test"}
     # env
     CP_INSTANCE_ID: ${GUI_CP_INSTANCE_ID:-"cp1"}
     CP_PROVIDER: ${GUI_CP_PROVIDER:-local} # deployment target. Example: aws, azure, local.
@@ -35,6 +37,7 @@ meta:
     CP_CONTAINER_REGISTRY: ${GUI_CP_CONTAINER_REGISTRY:-"csgprduswrepoedge.jfrog.io"}
     CP_CONTAINER_REGISTRY_USERNAME: "${GUI_CP_CONTAINER_REGISTRY_USERNAME}"
     CP_CONTAINER_REGISTRY_PASSWORD: "${GUI_CP_CONTAINER_REGISTRY_PASSWORD}"
+    CP_CONTAINER_REGISTRY_REPOSITORY: ${GUI_CP_CONTAINER_REGISTRY_REPOSITORY:-"tibco-platform-docker-prod"}
     # node
     CP_NODE_CIDR: ${GUI_TP_CLUSTER_CIDR:-"10.180.0.0/16"}
     CP_POD_CIDR: ${GUI_TP_CLUSTER_CIDR:-"10.180.0.0/16"}
@@ -67,8 +70,8 @@ meta:
     TP_GENERATE_CERTIFICATE_NAME: tp-certificate-${CP_INSTANCE_ID}
     TP_CERTIFICATE_CLUSTER_ISSUER: ${GUI_TP_CERTIFICATE_CLUSTER_ISSUER:-"tp-prod"} # the cluster issuer for tp-certificate
     # CP version
-    CP_PLATFORM_BOOTSTRAP_VERSION: ${GUI_CP_PLATFORM_BOOTSTRAP_VERSION:-1.2.23} # 1.2 GA release. use ^1.0.0 for latest
-    CP_PLATFORM_BASE_VERSION: ${CP_PLATFORM_BASE_VERSION:-1.2.140} # 1.2 GA release. use ^1.0.0 for latest
+    CP_PLATFORM_BOOTSTRAP_VERSION: ${GUI_CP_PLATFORM_BOOTSTRAP_VERSION:-1.3.36} # 1.3 GA release. use ^1.0.0 for latest
+    CP_PLATFORM_BASE_VERSION: ${GUI_CP_PLATFORM_BASE_VERSION:-1.3.337} # 1.3 GA release. use ^1.0.0 for latest
     # flow control
     CP_CREATE_NAMESPACE: true
     CP_INSTALL_MAILDEV: true
@@ -354,8 +357,8 @@ helmCharts:
             - alias: default
               conf:
                 auth:
-                  password: ${GITHUB_TOKEN}
-                  username: ${GITHUB_USER_NAME}
+                  password: ${DP_CHART_REPO_TOKEN}
+                  username: ${DP_CHART_REPO_USER_NAME}
                 repoUrl: ${DP_CHART_REPO}
               default: true
               type: chart-museum
@@ -402,9 +405,10 @@ helmCharts:
             fluentbit:
               enabled: false
           containerRegistry:
-            password: "${CP_CONTAINER_REGISTRY_PASSWORD}"
             url: ${CP_CONTAINER_REGISTRY}
+            password: "${CP_CONTAINER_REGISTRY_PASSWORD}"
             username: "${CP_CONTAINER_REGISTRY_USERNAME}"
+            repository: "${CP_CONTAINER_REGISTRY_REPOSITORY}"
           controlPlaneInstanceId: ${CP_INSTANCE_ID}
           enableLogging: true
           serviceAccount: ${CP_INSTANCE_ID}-sa
@@ -558,6 +562,7 @@ helmCharts:
             PRODUCTION_PATH: "" # TODO PCP-5070
           deleteDBOnUninstall: "${CP_DB_DELETE_ON_UNINSTALL}"
         external:
+          helmRepo: ${GUI_CP_CHART_REPO}
           db_host: ${CP_DB_HOST}
           db_name: ${CP_DB_NAME}
           db_password: ${CP_DB_PASSWORD}
@@ -581,7 +586,6 @@ helmCharts:
           enableLogging: false
           environment: ${CP_ENVIRONMENT}
           IDENTITY_MANAGEMENT_JWT_KEY_STORE_PASSWORD: "${CP_IDM_IDENTITY_MANAGEMENT_JWT_KEY_STORE_PASSWORD}"
-          REGION_SECRET: "${CP_IDM_REGION_SECRET}"
           SENDGRID_SERVICE_API_KEY: "${CP_IDM_SENDGRID_SERVICE_API_KEY}" # for email service
           CP_ENCRYPTION_SECRET: "${CP_IDM_CP_ENCRYPTION_SECRET}"
       tp-cp-integration:

docs/recipes/k8s/cloud/eks.md

@@ -39,7 +39,7 @@ meta:
 
 ## Deploy TIBCO Control Plane on EKS
 
-Make sure that your kubeconfig can connect to the target EKS cluster. Then we can install CP on minikube with the following command:
+Make sure that your kubeconfig can connect to the target EKS cluster. Then we can install CP on EKS with the following command:
 
 ```bash
 export ACCOUNT=""

docs/recipes/k8s/on-prem/README.md

@@ -1,4 +1,31 @@
 ## Introduction
 
-This documents the steps to create on-prem Kubernetes cluster and deploy TIBCO Platform on top of it. 
+This documents the steps to create on-prem Kubernetes cluster and deploy TIBCO Platform on top of it. This document will use headless mode to run the Platform Provisioner. 
+We do have a Platform Provisioner UI which will open source soon. The UI will help to set the environment variables for the recipe.
 
+## Basic information and assumptions
+
+### Domain
+For the on-perm use case, we create a domain `*.localhost.dataplanes.pro` which point to `0.0.0.0` and use it as the domain for the TIBCO Platform.
+
+### Environment variables
+In the recipe the section `meta.guiEnv` is used to set environment variables for the recipe. The environment variables starts with `GUI_`. It is designed to work with Platform Provisioner UI.
+For the headless mode; we can re-use the environment variables with the prefix `GUI_` to set the environment variables in the recipe.
+
+### Pipeline and recipe
+Platform Provisioner uses the Tekton pipeline to run the recipe. The script `platform-provisioner-pipelinerun.sh` will schedule a Tekton Pipelinerun to run the recipe.
+You can use the Tekton dashboard to monitor the progress.
+
+### Notes for VM
+
+Kubernetes only works on linux. So for Mac and Windows we always need to use VM. Ideally we should use official VM technology:
+* Mac: Apple's [Virtualization framework](https://developer.apple.com/documentation/hypervisor)
+* Windows: Microsoft's [Hyper-V](https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/quick-start/enable-hyper-v) with [WSL2](https://learn.microsoft.com/en-us/windows/wsl/install)
+
+Third party tools like multipass, virtualbox are not recommended. 
+
+For Mac, we suggest to use minikube with docker desktop. For Windows, we suggest to use kubernetes on docker desktop to get the best performance.
+
+> [!Note]
+> MicroK8s use mulitpass which is using QEMU on Mac. For Apple Silicon chip or new macOS like Sequoia; the multipass might not work properly. 
+> We don't recommend to use MicroK8s on Mac.