add multi cluster example

multi-cluster-spring-boot/README.md

@@ -17,7 +17,7 @@ In order to run this pipeline, you will need:
   * In this document, we will refer to the first cluster as *_Dev_* and the second as *_Prod_*.
 * Ansible installed on your machine
 
-## Automated Quickstart
+## Automated Quickstart for image mirror
 
 This quickstart can be deployed quickly using Ansible. Here are the steps.
 
@@ -28,7 +28,55 @@ This quickstart can be deployed quickly using Ansible. Here are the steps.
     ```
     $ oc login <prod cluster>
     ...
-    $ ansible-playbook -i ./applier/inventory-prod/ galaxy/openshift-applier/playbooks/openshift-cluster-seed.yml
+    $ ansible-playbook -i image-mirror-example/.applier/inventory-prod/ galaxy/openshift-applier/playbooks/openshift-cluster-seed.yml
+    ```
+5. One of the things that was created by ansible is a `ServiceAccount` that will be used for promoting your app from _Dev_ to _Prod_. We'll need to extract its credentials so that our pipeline can use that account.
+    ```
+    $ TOKEN=$(oc serviceaccounts get-token docker-registry-prod -n multicluster-spring-boot-prod)
+    ```
+    The Ansible automation for your _Dev_ cluster will expect a parameters file to be created at `./applier/params/prod-credentials`. It should look something like this:
+    ```
+    $ echo "TOKEN=${TOKEN}
+    SECRET_NAME=prod-credentials" > image-mirror-example/.applier/params/prod-credentials
+    ```
+6. We need to create the the *prod-api-credentials* param file so our pipeline will be able to verify a successful deployment to production.
+    ```
+    $ echo "TOKEN=${TOKEN}
+    API_URL=<API_URL>
+    REGISTRY_URL=<REGISTRY URL>
+    SECRET_NAME=prod-cluster-credentials" > image-mirror-example/.applier/params/prod-cluster-credentials
+    ```
+6. Now, Log into your _Dev_ cluster, and instantiate the pre-pipeline configuration.
+    ```
+    $ oc login <dev cluster>
+    ...
+    $ ansible-playbook -i image-mirror-example/.applier/inventory-pre-dev/ galaxy/openshift-applier/playbooks/openshift-cluster-seed.yml
+    ```
+7. Now the service account for the dev cluster docker registry has been created. We'll need to extract it's credentials so that our pipeline can authenticate to the dev cluster docker registry.
+    ```
+    $ TOKEN=$(oc serviceaccounts get-token docker-registry-dev -n multicluster-spring-boot-stage)
+    $ echo "TOKEN=${TOKEN}
+      SECRET_NAME=nonprod-credentials" > image-mirror-example/.applier/params/nonprod-credentials
+    ```
+8. Now, we will instantiate the pipeline and all configuration in the non-production cluster.
+   ```
+   $ ansible-playbook -i image-mirror-example/.applier/inventory-dev/ galaxy/openshift-applier/playbooks/openshift-cluster-seed.yml
+   ```
+
+At this point you should have 3 projects deployed (`multicluster-spring-boot-dev`, `multicluster-spring-boot-stage`, and `multicluster-spring-boot-prod`) with our [Spring Rest](https://github.com/redhat-cop/spring-rest) demo application deployed to all 3.
+
+## Automated Quickstart for skopeo
+
+This quickstart can be deployed quickly using Ansible. Here are the steps.
+
+1. Clone [this repo](https://github.com/redhat-cop/container-pipelines)
+2. `cd container-pipelines/multi-cluster-spring-boot`
+3. Run `ansible-galaxy install -r requirements.yml --roles-path=galaxy`
+4. Log into your _Prod_ OpenShift cluster, and run the following command.
+    ```
+    $ oc login <prod cluster>
+    ...
+    $ ansible-playbook -i skopeo-example/.applier/inventory-prod/ galaxy/openshift-applier/playbooks/openshift-cluster-seed.yml
     ```
 5. One of the things that was created by ansible is a `ServiceAccount` that will be used for promoting your app from _Dev_ to _Prod_. We'll need to extract its credentials so that our pipeline can use that account.
     ```
@@ -39,13 +87,13 @@ This quickstart can be deployed quickly using Ansible. Here are the steps.
     $ echo "TOKEN=${TOKEN}
     API_URL=https://master.example.com
     REGISTRY_URL=docker-registry-default.apps.example.com
-    " > ./applier/params/prod-credentials
+    " > skopeo-example/.applier/params/prod-credentials
     ```
 6. Now, Log into your _Dev_ cluster, and instantiate the pipeline.
     ```
     $ oc login <dev cluster>
     ...
-    $ ansible-playbook -i ./applier/inventory-dev/ galaxy/openshift-applier/playbooks/openshift-cluster-seed.yml
+    $ ansible-playbook -i skopeo-example/.applier/inventory-dev/ galaxy/openshift-applier/playbooks/openshift-cluster-seed.yml
     ```
 
 At this point you should have 3 projects deployed (`multicluster-spring-boot-dev`, `multicluster-spring-boot-stage`, and `multicluster-spring-boot-prod`) with our [Spring Rest](https://github.com/redhat-cop/spring-rest) demo application deployed to all 3.

multi-cluster-spring-boot/image-mirror-example/.applier/inventory-dev/group_vars/seed-hosts.yml

@@ -0,0 +1,30 @@
+openshift_cluster_content:
+- object: deployments
+  content:
+  - name: "deploy jenkins"
+    template: "openshift//jenkins-ephemeral"
+    params: "{{ inventory_dir }}/../params/jenkins"
+    namespace: multicluster-spring-boot-dev
+  - name: "create prod cluster credential"
+    template: "{{ inventory_dir }}/../templates/cluster-secret.yml"
+    params: "{{ inventory_dir }}/../params/prod-cluster-credentials"
+    namespace: multicluster-spring-boot-dev
+  - name: "create image mirror nonprod secret"
+    template: "{{ inventory_dir }}/../templates/image-mirror-secret.yml"
+    params: "{{ inventory_dir }}/../params/nonprod-credentials"
+    namespace: multicluster-spring-boot-dev
+  - name: "create image mirror prod secret"
+    template: "{{ inventory_dir }}/../templates/image-mirror-secret.yml"
+    params: "{{ inventory_dir }}/../params/prod-credentials"
+    namespace: multicluster-spring-boot-dev
+  - name: "deploy dev environment"
+    template: "{{ inventory_dir }}/../templates/deployment.yml"
+    params: "{{ inventory_dir }}/../params/deployment-dev"
+  - name: "deply stage environment"
+    template: "{{ inventory_dir }}/../templates/deployment.yml"
+    params: "{{ inventory_dir }}/../params/deployment-stage"
+- object: builds
+  content:
+  - name: "deploy build pipeline to dev"
+    template: "{{ inventory_dir }}/../templates/build.yml"
+    params: "{{ inventory_dir }}/../params/build-dev"

multi-cluster-spring-boot/image-mirror-example/.applier/inventory-pre-dev/group_vars/seed-hosts.yml

@@ -0,0 +1,11 @@
+openshift_cluster_content:
+- object: projects
+  content:
+  - name: "create environments"
+    file: "{{ inventory_dir }}/../projects/projects.yml"
+    file_action: create
+- object: deployments
+  content:
+  - name: "create image mirror service account"
+    template: "{{ inventory_dir }}/../templates/image-mirror-sa.yml"
+    params: "{{ inventory_dir }}/../params/registry-sa-nonprod-cluster"

multi-cluster-spring-boot/image-mirror-example/.applier/inventory-prod/group_vars/seed-hosts.yml

@@ -0,0 +1,15 @@
+openshift_cluster_content:
+- object: projects
+  content:
+  - name: "create environments"
+    file: "{{ inventory_dir }}/../projects/projects-prod.yml"
+    file_action: create
+  - name: "create prod cluster credential"
+    template: "{{ inventory_dir }}/../templates/image-mirror-sa.yml"
+    params: "{{ inventory_dir }}/../params/registry-sa-prod-cluster"
+    namespace: multicluster-spring-boot-prod
+- object: deployments
+  content:
+  - name: "deply prod environment"
+    template: "{{ inventory_dir }}/../templates/deployment.yml"
+    params: "{{ inventory_dir }}/../params/deployment-prod"

multi-cluster-spring-boot/image-mirror-example/.applier/inventory-prod/hosts

@@ -0,0 +1,2 @@
+[seed-hosts]
+localhost ansible_connection=local

multi-cluster-spring-boot/image-mirror-example/.applier/params/build-dev

@@ -0,0 +1,9 @@
+APPLICATION_NAME=spring-rest
+NAMESPACE=multicluster-spring-boot-dev
+PIPELINE_REPOSITORY_URL=https://github.com/Gl4di4torRr/container-pipelines.git
+PIPELINE_REPOSITORY_REF=multi-cluster-image-mirror
+PIPELINE_REPOSITORY_CONTEXT_DIR=multi-cluster-spring-boot/image-mirror-example
+SRC_API_URL=<SRC_API_URL>
+DEST_API_URL=<DEST_API_URL>
+SRC_REGISTRY=<SRC_REGISTRY>
+DEST_REGISTRY=<DEST_REGISTRY>

multi-cluster-spring-boot/image-mirror-example/.applier/params/deployment-prod

@@ -0,0 +1,5 @@
+APPLICATION_NAME=spring-rest
+NAMESPACE=multicluster-spring-boot-prod
+SA_NAMESPACE=multicluster-spring-boot-stage
+READINESS_RESPONSE=status.:.UP
+READINESS_PATH=/health

multi-cluster-spring-boot/image-mirror-example/.applier/params/nonprod-credentials

@@ -0,0 +1,2 @@
+TOKEN=<TOKEN>
+SECRET_NAME=nonprod-credentials

multi-cluster-spring-boot/image-mirror-example/.applier/params/prod-cluster-credentials

@@ -0,0 +1,4 @@
+TOKEN=<TOKEN>
+API_URL=<API-URL>
+REGISTRY_URL=<REGISTRY-URL>
+SECRET_NAME=prod-cluster-credentials

multi-cluster-spring-boot/image-mirror-example/.applier/params/prod-credentials

@@ -0,0 +1,2 @@
+TOKEN=<TOKEN>
+SECRET_NAME=prod-credentials

multi-cluster-spring-boot/image-mirror-example/.applier/params/registry-sa-nonprod-cluster

@@ -0,0 +1,2 @@
+NAMESPACE=multicluster-spring-boot-stage
+SA_NAME=docker-registry-dev

multi-cluster-spring-boot/image-mirror-example/.applier/params/registry-sa-prod-cluster

@@ -0,0 +1,2 @@
+NAMESPACE=multicluster-spring-boot-prod
+SA_NAME=docker-registry-prod

multi-cluster-spring-boot/image-mirror-example/.applier/templates/build.yml

@@ -0,0 +1,142 @@
+apiVersion: v1
+kind: Template
+labels:
+  template: generic-java-jenkins-pipeline
+metadata:
+  annotations:
+    description: Application template for JWS applications built using a Jenkins Pipeline
+    iconClass: icon-tomcat
+    tags: tomcat,tomcat8,java,jboss,xpaas,jenkins-ci
+    version: 1.2.0
+  name: generic-java-jenkins-pipeline
+objects:
+- apiVersion: v1
+  kind: BuildConfig
+  metadata:
+    labels:
+      application: ${APPLICATION_NAME}
+      app: ${APPLICATION_NAME}
+      build: ${APPLICATION_NAME}
+    name: "${APPLICATION_NAME}"
+    namespace: "${NAMESPACE}"
+  spec:
+    output:
+      to:
+        kind: ImageStreamTag
+        name: "${APPLICATION_NAME}:latest"
+    postCommit: {}
+    resources: {}
+    runPolicy: Serial
+    source:
+      binary: {}
+      type: Binary
+    strategy:
+      sourceStrategy:
+        from:
+          kind: ImageStreamTag
+          name: ${IMAGE_STREAM_TAG_NAME}
+          namespace: ${IMAGE_STREAM_NAMESPACE}
+      type: Source
+- kind: "BuildConfig"
+  apiVersion: "v1"
+  metadata:
+    labels:
+      application: ${APPLICATION_NAME}
+    name: "${APPLICATION_NAME}-pipeline"
+    namespace: "${NAMESPACE}"
+  spec:
+    source:
+      type: Git
+      git:
+        uri: ${PIPELINE_REPOSITORY_URL}
+        ref: ${PIPELINE_REPOSITORY_REF}
+      contextDir: ${PIPELINE_REPOSITORY_CONTEXT_DIR}
+    triggers:
+    - type: "GitHub"
+      github:
+        secret: ${GITHUB_WEBHOOK_SECRET}
+    - type: "ConfigChange"
+    strategy:
+      type: "JenkinsPipeline"
+      jenkinsPipelineStrategy:
+        jenkinsfilePath: ${PIPELINE_SCRIPT}
+        env:
+        - name: SOURCE_CODE_URL
+          value: ${SOURCE_CODE_URL}
+        - name: SOURCE_CODE_BRANCH
+          value: ${SOURCE_CODE_BRANCH}
+        - name: SKIP_TLS
+          value: "true"
+        - name: SRC_REGISTRY
+          value: ${SRC_REGISTRY}
+        - name: DEST_REGISTRY
+          value: ${DEST_REGISTRY}
+        - name: SRC_API_URL
+          value: ${SRC_API_URL}
+        - name: DEST_API_URL
+          value: ${DEST_API_URL}
+parameters:
+- description: The name for the application.
+  name: APPLICATION_NAME
+  required: true
+  value: basic-spring
+- description: The namespace to deploy into
+  name: NAMESPACE
+  required: true
+- description: Git source URI for application
+  name: PIPELINE_REPOSITORY_URL
+  required: true
+  value: https://github.com/redhat-cop/container-pipelines.git
+- description: Git branch/tag reference
+  name: PIPELINE_REPOSITORY_REF
+  value: "master"
+- description: Path within Git project to build; empty for root project directory.
+  name: PIPELINE_REPOSITORY_CONTEXT_DIR
+  value:
+- description: Path within Git project pointing to the pipeline run script
+  name: PIPELINE_SCRIPT
+  value: Jenkinsfile
+- description: Git source URI for application
+  name: SOURCE_CODE_URL
+  required: true
+  value: https://github.com/redhat-cop/spring-rest.git
+- description: Git branch/tag reference
+  name: SOURCE_CODE_REF
+  value: "master"
+- description: GitHub trigger secret
+  from: '[a-zA-Z0-9]{8}'
+  generate: expression
+  name: GITHUB_WEBHOOK_SECRET
+  required: true
+- description: Generic build trigger secret
+  from: '[a-zA-Z0-9]{8}'
+  generate: expression
+  name: GENERIC_WEBHOOK_SECRET
+  required: true
+- description: Namespace in which the ImageStreams for Red Hat Middleware images are
+    installed. These ImageStreams are normally installed in the openshift namespace.
+    You should only need to modify this if you've installed the ImageStreams in a
+    different namespace/project.
+  name: IMAGE_STREAM_NAMESPACE
+  required: true
+  value: openshift
+- description: Image stream tag for the image you'd like to use to build the application
+  name: IMAGE_STREAM_TAG_NAME
+  required: true
+  value: redhat-openjdk18-openshift:1.1
+- description: The source docker registry used for image mirror
+  name: SRC_REGISTRY
+  required: true
+- description: The destination docker registry used for image mirror
+  name: DEST_REGISTRY
+  required: true
+- description: Set source code branch
+  name: SOURCE_CODE_BRANCH
+  required: true
+  value: master
+- description: The source docker registry used for the docker registry url
+  name: SRC_API_URL
+  required: true
+- description: The destination docker registry used for the docker registry url
+  name: DEST_API_URL
+  required: true

multi-cluster-spring-boot/image-mirror-example/.applier/templates/image-mirror-sa.yml

@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: Template
+metadata:
+  annotations:
+    description: template for image mirror service account
+objects:
+- apiVersion: v1
+  kind: ServiceAccount
+  metadata:
+    name: ${SA_NAME}
+    namespace: ${NAMESPACE}
+- apiVersion: v1
+  groupNames: null
+  kind: RoleBinding
+  metadata:
+    creationTimestamp: null
+    name: edit
+    namespace: ${NAMESPACE}
+  roleRef:
+    name: edit
+  subjects:
+  - kind: ServiceAccount
+    name: ${SA_NAME}
+    namespace: ${NAMESPACE}
+  userNames:
+  - system:serviceaccount:${NAMESPACE}:${SA_NAME}
+parameters:
+- description: The namespace to deploy into
+  name: NAMESPACE
+  required: true
+- description: The service account name
+  name: SA_NAME
+  required: true

multi-cluster-spring-boot/image-mirror-example/.applier/templates/image-mirror-secret.yml

@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: Template
+labels:
+  template: image-mirror-secret
+metadata:
+  annotations:
+    description: Cluster Credential Secret
+    tags: secret
+    version: 1.0.0
+  name: image-mirror-secret
+objects:
+- apiVersion: v1
+  stringData:
+    username: generic
+    password: "${TOKEN}"
+  data:
+  kind: Secret
+  metadata:
+    name: ${SECRET_NAME}
+    labels:
+      credential.sync.jenkins.openshift.io: 'true'
+  type: kubernetes.io/basic-auth
+parameters:
+- description: The name for the application.
+  name: SECRET_NAME
+  required: true
+- description: Service Account Token
+  name: TOKEN
+  required: true

multi-cluster-spring-boot/image-mirror-example/.gitignore

@@ -0,0 +1 @@
+galaxy/