diff --git a/.markdownlintignore b/.markdownlintignore new file mode 100644 index 0000000..3f52ef6 --- /dev/null +++ b/.markdownlintignore @@ -0,0 +1,3 @@ +# Ignore v1 documentation (legacy content with pre-existing lint issues) +content/en/docs/v1/** +content/en/blog/** diff --git a/content/en/docs/_index.md b/content/en/docs/_index.md index 688aef1..6237f22 100755 --- a/content/en/docs/_index.md +++ b/content/en/docs/_index.md @@ -6,4 +6,3 @@ weight: 20 --- This section is the project documentation for IPCEI-CIS Developer Framework. - diff --git a/content/en/docs/decisions/0001-pipeline-tools.md b/content/en/docs/decisions/0001-pipeline-tools.md index 04dd838..6b039e9 100644 --- a/content/en/docs/decisions/0001-pipeline-tools.md +++ b/content/en/docs/decisions/0001-pipeline-tools.md @@ -38,13 +38,13 @@ TBD ### Argo Workflows + Events -**Pro** +#### Pro * integration with ArgoCD * ability to trigger additional workflows based on events. * level of maturity and community support. -**Con** +#### Con * Ability to self-host runners? * way how composition for pipelines works (based on Kubernetes CRDs) @@ -57,53 +57,53 @@ TBD ### Argo Workflows + Events + Additional Composition tool -**Pro** +#### Pro * Composability can be offloaded to another tool -**Con** +#### Con * All cons of the previous option (except composability) * Additional complexity by adding another tool ### Forgejo Actions -**Pro** +#### Pro * tight integration with GitHub Actions providing a familiar interface for developers and a vast catalog of actions to choose from * ability to compose pipelines without relying on another tool * Self-hosting of runners possible * every component can have its own repository and use different tools (e.g. written in go, bash, python etc.) -**Con** +#### Con * level of maturity - will require additional investments to provide a production-grade system ### Forgejo Actions + Additional Tool -**Pro** +#### Pro * may be possible to use GitHub actions alongside another tool -**Con** +#### Con * additional complexity by adding another tool ### Shuttle -**Pro** +#### Pro * Possibility to clearly define interfaces for pipeline steps * Relatively simple -**Con** +#### Con * basically backed by only one company * **centralized templates**, so no mechanism for composing pipelines from multiple repositories ### Dagger -**Pro** +#### Pro * Pipeline as code * if it runs it should run anywhere and produce the "same" / somewhat stable results @@ -112,13 +112,13 @@ TBD * additional tooling, like trivy, is added to a build pipeline with low effort due to containers and existing plugin/wrappers * you can create complex test environments similar to test containers and docker compose -**Con** +#### Con * relies heavily containers, which might not be available some environments (due to policy etc), it also has an effect on reproducibility and verifiability * as a dev you need to properly understand containers * dagger engine has to run privileged locally and/or in the cloud which might be a blocker or at least a big pain in the ... -**Suggestion Patrick** +#### Suggestion Patrick * dagger is a heavy weight and might not be as productive in a dev workflow as it seems (setup lsp etc) * it might be too opinionated to force on teams, especially since it is not near mainstream enough, community might be too small diff --git a/content/en/docs/v1/solution/tools/Crossplane/provider-kind/_index.md b/content/en/docs/v1/solution/tools/Crossplane/provider-kind/_index.md index 7370f44..cf3a0a2 100644 --- a/content/en/docs/v1/solution/tools/Crossplane/provider-kind/_index.md +++ b/content/en/docs/v1/solution/tools/Crossplane/provider-kind/_index.md @@ -116,38 +116,38 @@ The kind config is provided as the field `kindConfig` in each `KindCluster` mani apiVersion: container.kind.crossplane.io/v1alpha1 kind: KindCluster metadata: - name: example-kind-cluster + name: example-kind-cluster spec: - forProvider: - kindConfig: | - kind: Cluster - apiVersion: kind.x-k8s.io/v1alpha4 - nodes: - - role: control-plane - kubeadmConfigPatches: - - | - kind: InitConfiguration - nodeRegistration: - kubeletExtraArgs: - node-labels: "ingress-ready=true" - extraPortMappings: - - containerPort: 80 - hostPort: 80 - protocol: TCP - - containerPort: 443 - hostPort: 443 - protocol: TCP - containerdConfigPatches: - - |- - [plugins."io.containerd.grpc.v1.cri".registry.mirrors."gitea.cnoe.localtest.me:443"] - endpoint = ["https://gitea.cnoe.localtest.me"] - [plugins."io.containerd.grpc.v1.cri".registry.configs."gitea.cnoe.localtest.me".tls] - insecure_skip_verify = true - providerConfigRef: - name: kind-provider-config - writeConnectionSecretToRef: - namespace: default - name: kind-connection-secret + forProvider: + kindConfig: | + kind: Cluster + apiVersion: kind.x-k8s.io/v1alpha4 + nodes: + - role: control-plane + kubeadmConfigPatches: + - | + kind: InitConfiguration + nodeRegistration: + kubeletExtraArgs: + node-labels: "ingress-ready=true" + extraPortMappings: + - containerPort: 80 + hostPort: 80 + protocol: TCP + - containerPort: 443 + hostPort: 443 + protocol: TCP + containerdConfigPatches: + - |- + [plugins."io.containerd.grpc.v1.cri".registry.mirrors."gitea.cnoe.localtest.me:443"] + endpoint = ["https://gitea.cnoe.localtest.me"] + [plugins."io.containerd.grpc.v1.cri".registry.configs."gitea.cnoe.localtest.me".tls] + insecure_skip_verify = true + providerConfigRef: + name: kind-provider-config + writeConnectionSecretToRef: + namespace: default + name: kind-connection-secret ``` After the kind cluster has been created, it's kube config is stored in a kubernetes secret `kind-connection-secret` which `writeConnectionSecretToRef` references. @@ -237,14 +237,14 @@ When this informations has been recieved by the kindserver SDk in form of a JSON creating of the cluster. That is done by returning the following structure from inside the observe function: ``` - return managed.ExternalObservation{ - ResourceExists: true, - ResourceUpToDate: true, - ConnectionDetails: managed.ConnectionDetails{ - xpv1.ResourceCredentialsSecretEndpointKey: []byte(clusterInfo.Endpoint), - xpv1.ResourceCredentialsSecretKubeconfigKey: []byte(clusterInfo.KubeConfig), - }, - }, nil + return managed.ExternalObservation{ + ResourceExists: true, + ResourceUpToDate: true, + ConnectionDetails: managed.ConnectionDetails{ + xpv1.ResourceCredentialsSecretEndpointKey: []byte(clusterInfo.Endpoint), + xpv1.ResourceCredentialsSecretKubeconfigKey: []byte(clusterInfo.KubeConfig), + }, + }, nil ``` Note that the managed.ConnectionDetails will automatically write the API server endpoint and it's kube config to the kubernetes @@ -253,15 +253,15 @@ secret which `writeConnectionSecretToRef`of `KindCluster` points to. It also set the availability flag before returning, that will mark the `KindCluster` as ready: ``` - cr.Status.SetConditions(xpv1.Available()) + cr.Status.SetConditions(xpv1.Available()) ``` Before returning, it will also set the informations which are transfered into fields of `kindCluster` which can be retrieved by a `kubectl get`, the `kubernetesVersion` and the `internalIP` fields: ``` - cr.Status.AtProvider.KubernetesVersion = clusterInfo.K8sVersion - cr.Status.AtProvider.InternalIP = clusterInfo.NodeIp + cr.Status.AtProvider.KubernetesVersion = clusterInfo.K8sVersion + cr.Status.AtProvider.InternalIP = clusterInfo.NodeIp ``` Now the `KindCluster` is setup completly and when it's data is retrieved by `kubectl get`, all data is available and it's readiness @@ -323,17 +323,17 @@ Patch the Makefile: ``` dev: $(KIND) $(KUBECTL) - @$(INFO) Creating kind cluster -+ @$(KIND) delete cluster --name=$(PROJECT_NAME)-dev - @$(KIND) create cluster --name=$(PROJECT_NAME)-dev - @$(KUBECTL) cluster-info --context kind-$(PROJECT_NAME)-dev -- @$(INFO) Installing Crossplane CRDs -- @$(KUBECTL) apply --server-side -k https://github.com/crossplane/crossplane//cluster?ref=master -+ @$(INFO) Installing Crossplane -+ @helm install crossplane --namespace crossplane-system --create-namespace crossplane-stable/crossplane --wait - @$(INFO) Installing Provider Template CRDs - @$(KUBECTL) apply -R -f package/crds - @$(INFO) Starting Provider Template controllers + @$(INFO) Creating kind cluster ++ @$(KIND) delete cluster --name=$(PROJECT_NAME)-dev + @$(KIND) create cluster --name=$(PROJECT_NAME)-dev + @$(KUBECTL) cluster-info --context kind-$(PROJECT_NAME)-dev +- @$(INFO) Installing Crossplane CRDs +- @$(KUBECTL) apply --server-side -k https://github.com/crossplane/crossplane//cluster?ref=master ++ @$(INFO) Installing Crossplane ++ @helm install crossplane --namespace crossplane-system --create-namespace crossplane-stable/crossplane --wait + @$(INFO) Installing Provider Template CRDs + @$(KUBECTL) apply -R -f package/crds + @$(INFO) Starting Provider Template controllers ``` Generate, build and execute the new provider-kind: @@ -679,18 +679,18 @@ namespace/crossplane-system configured secret/example-provider-secret created providerconfig.kind.crossplane.io/example-provider-config created 14:49:50 [ .. ] Starting Provider Kind controllers -2024-11-12T14:49:54+01:00 INFO controller-runtime.metrics Starting metrics server -2024-11-12T14:49:54+01:00 INFO Starting EventSource {"controller": "providerconfig/providerconfig.kind.crossplane.io", "controllerGroup": "kind.crossplane.io", "controllerKind": "ProviderConfig", "source": "kind source: *v1alpha1.ProviderConfig"} -2024-11-12T14:49:54+01:00 INFO Starting EventSource {"controller": "providerconfig/providerconfig.kind.crossplane.io", "controllerGroup": "kind.crossplane.io", "controllerKind": "ProviderConfig", "source": "kind source: *v1alpha1.ProviderConfigUsage"} -2024-11-12T14:49:54+01:00 INFO Starting Controller {"controller": "providerconfig/providerconfig.kind.crossplane.io", "controllerGroup": "kind.crossplane.io", "controllerKind": "ProviderConfig"} -2024-11-12T14:49:54+01:00 INFO Starting EventSource {"controller": "managed/kindcluster.container.kind.crossplane.io", "controllerGroup": "container.kind.crossplane.io", "controllerKind": "KindCluster", "source": "kind source: *v1alpha1.KindCluster"} -2024-11-12T14:49:54+01:00 INFO Starting Controller {"controller": "managed/kindcluster.container.kind.crossplane.io", "controllerGroup": "container.kind.crossplane.io", "controllerKind": "KindCluster"} -2024-11-12T14:49:54+01:00 INFO controller-runtime.metrics Serving metrics server {"bindAddress": ":8080", "secure": false} -2024-11-12T14:49:54+01:00 INFO Starting workers {"controller": "providerconfig/providerconfig.kind.crossplane.io", "controllerGroup": "kind.crossplane.io", "controllerKind": "ProviderConfig", "worker count": 10} -2024-11-12T14:49:54+01:00 DEBUG provider-kind Reconciling {"controller": "providerconfig/providerconfig.kind.crossplane.io", "request": {"name":"example-provider-config"}} -2024-11-12T14:49:54+01:00 INFO Starting workers {"controller": "managed/kindcluster.container.kind.crossplane.io", "controllerGroup": "container.kind.crossplane.io", "controllerKind": "KindCluster", "worker count": 10} -2024-11-12T14:49:54+01:00 INFO KubeAPIWarningLogger metadata.finalizers: "in-use.crossplane.io": prefer a domain-qualified finalizer name to avoid accidental conflicts with other finalizer writers -2024-11-12T14:49:54+01:00 DEBUG provider-kind Reconciling {"controller": "providerconfig/providerconfig.kind.crossplane.io", "request": {"name":"example-provider-config"}} +2024-11-12T14:49:54+01:00 INFO controller-runtime.metrics Starting metrics server +2024-11-12T14:49:54+01:00 INFO Starting EventSource {"controller": "providerconfig/providerconfig.kind.crossplane.io", "controllerGroup": "kind.crossplane.io", "controllerKind": "ProviderConfig", "source": "kind source: *v1alpha1.ProviderConfig"} +2024-11-12T14:49:54+01:00 INFO Starting EventSource {"controller": "providerconfig/providerconfig.kind.crossplane.io", "controllerGroup": "kind.crossplane.io", "controllerKind": "ProviderConfig", "source": "kind source: *v1alpha1.ProviderConfigUsage"} +2024-11-12T14:49:54+01:00 INFO Starting Controller {"controller": "providerconfig/providerconfig.kind.crossplane.io", "controllerGroup": "kind.crossplane.io", "controllerKind": "ProviderConfig"} +2024-11-12T14:49:54+01:00 INFO Starting EventSource {"controller": "managed/kindcluster.container.kind.crossplane.io", "controllerGroup": "container.kind.crossplane.io", "controllerKind": "KindCluster", "source": "kind source: *v1alpha1.KindCluster"} +2024-11-12T14:49:54+01:00 INFO Starting Controller {"controller": "managed/kindcluster.container.kind.crossplane.io", "controllerGroup": "container.kind.crossplane.io", "controllerKind": "KindCluster"} +2024-11-12T14:49:54+01:00 INFO controller-runtime.metrics Serving metrics server {"bindAddress": ":8080", "secure": false} +2024-11-12T14:49:54+01:00 INFO Starting workers {"controller": "providerconfig/providerconfig.kind.crossplane.io", "controllerGroup": "kind.crossplane.io", "controllerKind": "ProviderConfig", "worker count": 10} +2024-11-12T14:49:54+01:00 DEBUG provider-kind Reconciling {"controller": "providerconfig/providerconfig.kind.crossplane.io", "request": {"name":"example-provider-config"}} +2024-11-12T14:49:54+01:00 INFO Starting workers {"controller": "managed/kindcluster.container.kind.crossplane.io", "controllerGroup": "container.kind.crossplane.io", "controllerKind": "KindCluster", "worker count": 10} +2024-11-12T14:49:54+01:00 INFO KubeAPIWarningLogger metadata.finalizers: "in-use.crossplane.io": prefer a domain-qualified finalizer name to avoid accidental conflicts with other finalizer writers +2024-11-12T14:49:54+01:00 DEBUG provider-kind Reconciling {"controller": "providerconfig/providerconfig.kind.crossplane.io", "request": {"name":"example-provider-config"}} ``` @@ -700,7 +700,7 @@ see kindserver/README.md When kindserver is started: -``` +```bash cd examples/composition_deprecated kubectl apply -f definition.yaml kubectl apply -f composition.yaml @@ -709,13 +709,13 @@ kubectl apply -f cluster.yaml List the created elements, wait until the new cluster is created, then switch back to the primary cluster: -``` +```bash kubectl config use-context kind-provider-kind-dev ``` Show edfbuilder compositions: -``` +```bash kubectl get edfbuilders NAME SYNCED READY COMPOSITION AGE kindcluster True True edfbuilders.edfbuilder.crossplane.io 4m45s @@ -723,7 +723,7 @@ kindcluster True True edfbuilders.edfbuilder.crossplane.io 4m45s Show kind clusters: -``` +```bash kubectl get kindclusters NAME READY SYNCED EXTERNAL-NAME INTERNALIP VERSION AGE kindcluster-wlxrt True True kindcluster-wlxrt 192.168.199.19 v1.31.0 5m12s @@ -731,7 +731,7 @@ kindcluster-wlxrt True True kindcluster-wlxrt 192.168.199.19 v1.31. Show helm deployments: -``` +```bash kubectl get releases NAME CHART VERSION SYNCED READY STATE REVISION DESCRIPTION AGE kindcluster-29dgf ingress-nginx 4.11.3 True True deployed 1 Install complete 5m32s @@ -741,7 +741,7 @@ kindcluster-x8x9k argo-cd 7.6.12 True True deployed 1 Show kubernetes objects: -``` +```bash kubectl get objects NAME KIND PROVIDERCONFIG SYNCED READY AGE kindcluster-8tbv8 ConfigMap kindcluster True True 5m50s diff --git a/content/en/docs/v1/solution/tools/kyverno integration/_index.md b/content/en/docs/v1/solution/tools/kyverno integration/_index.md index d9aab2e..072d54c 100644 --- a/content/en/docs/v1/solution/tools/kyverno integration/_index.md +++ b/content/en/docs/v1/solution/tools/kyverno integration/_index.md @@ -19,6 +19,7 @@ Kyverno simplifies governance and compliance in Kubernetes environments by autom ## Prerequisites Same as for idpbuilder installation + * Docker Engine * Go * kubectl @@ -30,7 +31,7 @@ Same as for idpbuilder installation For building idpbuilder the source code needs to be downloaded and compiled: -``` +```bash git clone https://github.com/cnoe-io/idpbuilder.git cd idpbuilder go build @@ -40,7 +41,7 @@ go build To start the idpbuilder with kyverno integration execute the following command: -``` +```bash idpbuilder create --use-path-routing -p https://github.com/cnoe-io/stacks//ref-implementation -p https://github.com/cnoe-io/stacks//kyverno-integration ```