demoReorgToEaseTesting

demos/ldap/README.md

@@ -0,0 +1,281 @@
+[base]: ../docs/glossary.md#base
+[gitops]: ../docs/glossary.md#gitops
+[kustomization]: ../docs/glossary.md#kustomization
+[overlay]: ../docs/glossary.md#overlay
+[overlays]: ../docs/glossary.md#overlay
+[variant]: ../docs/glossary.md#variant
+[variants]: ../docs/glossary.md#variant
+
+# Demo: LDAP with variants
+
+Steps:
+
+ 1. Clone an existing configuration as a [base].
+ 1. Customize it.
+ 1. Create two different [overlays] (_staging_ and _production_)
+    from the customized base.
+ 1. Run kustomize and kubectl to deploy staging and production.
+
+First define a place to work:
+
+<!-- @makeWorkplace @test -->
+```
+DEMO_HOME=$(mktemp -d)
+```
+
+Alternatively, use
+
+> ```
+> DEMO_HOME=~/ldap
+> ```
+
+## Establish the base
+
+To use [overlays] to create [variants], we must
+first establish a common [base].
+
+To keep this document shorter, the base resources are
+off in a supplemental data directory rather than
+declared here as HERE documents.  Download them:
+
+<!-- @downloadBase @test -->
+```
+BASE=$DEMO_HOME/base
+mkdir -p $BASE
+
+CONTENT="https://raw.githubusercontent.com\
+/kubernetes-sigs/kustomize\
+/master/demos/ldap"
+
+curl -s -o "$BASE/#1" "$CONTENT/base\
+/{deployment.yaml,kustomization.yaml,service.yaml,env.startup.txt}"
+```
+
+Look at the directory:
+
+<!-- @runTree @test -->
+```
+tree $DEMO_HOME
+```
+
+Expect something like:
+
+> ```
+> /tmp/tmp.IyYQQlHaJP
+> └── base
+>     ├── deployment.yaml
+>     ├── env.startup.txt
+>     ├── kustomization.yaml
+>     └── service.yaml
+> ```
+
+
+One could immediately apply these resources to a
+cluster:
+
+> ```
+> kubectl apply -f $DEMO_HOME/base
+> ```
+
+to instantiate the _ldap_ service.  `kubectl`
+would only recognize the resource files.
+
+### The Base Kustomization
+
+The `base` directory has a [kustomization] file:
+
+<!-- @showKustomization @test -->
+```
+more $BASE/kustomization.yaml
+```
+
+Optionally, run `kustomize` on the base to emit
+customized resources to `stdout`:
+
+<!-- @buildBase @test -->
+```
+kustomize build $BASE
+```
+
+### Customize the base
+
+A first customization step could be to set the name prefix to all resources:
+
+<!-- @namePrefix @test -->
+```
+cd $BASE
+kustomize edit set nameprefix "my-"
+```
+
+See the effect:
+<!-- @checkNameprefix @test -->
+```
+kustomize build $BASE | grep -C 3 "my-"
+```
+
+## Create Overlays
+
+Create a _staging_ and _production_ [overlay]:
+
+ * _Staging_ adds a configMap.
+ * _Production_ has a higher replica count and a persistent disk.
+ * [variants] will differ from each other.
+
+<!-- @overlayDirectories @test -->
+```
+OVERLAYS=$DEMO_HOME/overlays
+mkdir -p $OVERLAYS/staging
+mkdir -p $OVERLAYS/production
+```
+
+#### Staging Kustomization
+
+Download the staging customization and patch.
+
+<!-- @downloadStagingKustomization @test -->
+```
+curl -s -o "$OVERLAYS/staging/#1" "$CONTENT/overlays/staging\
+/{config.env,deployment.yaml,kustomization.yaml}"
+```
+
+The staging customization adds a configMap.
+> ```cat $OVERLAYS/staging/kustomization.yaml
+> (...truncated)
+> configMapGenerator:
+>   - name: env-config
+>     files:
+>       - config.env
+> ```
+as well as 2 replica
+> ```cat $OVERLAYS/staging/deployment.yaml
+> apiVersion: apps/v1beta2
+> kind: Deployment
+> metadata:
+>   name: ldap
+> spec:
+>   replicas: 2
+> ```
+
+#### Production Kustomization
+
+Download the production customization and patch.
+<!-- @downloadProductionKustomization @test -->
+```
+curl -s -o "$OVERLAYS/production/#1" "$CONTENT/overlays/production\
+/{deployment.yaml,kustomization.yaml}"
+```
+
+The production customization adds 6 replica as well as a consistent disk.
+> ```cat $OVERLAYS/production/deployment.yaml
+> apiVersion: apps/v1beta2
+> kind: Deployment
+> metadata:
+>   name: ldap
+> spec:
+>   replicas: 6
+>   template:
+>     spec:
+>       volumes:
+>         - name: ldap-data
+>           emptyDir: null
+>           gcePersistentDisk:
+>             pdName: ldap-persistent-storage
+> ```
+
+## Compare overlays
+
+
+`DEMO_HOME` now contains:
+
+ - a _base_ directory - a slightly customized clone
+   of the original configuration, and
+
+ - an _overlays_ directory, containing the kustomizations
+   and patches required to create distinct _staging_
+   and _production_ [variants] in a cluster.
+
+Review the directory structure and differences:
+
+<!-- @listFiles @test -->
+```
+tree $DEMO_HOME
+```
+
+Expecting something like:
+
+> ```
+> /tmp/tmp.IyYQQlHaJP1
+> ├── base
+> │   ├── deployment.yaml
+> │   ├── env.startup.txt
+> │   ├── kustomization.yaml
+> │   └── service.yaml
+> └── overlays
+>     ├── production
+>     │   ├── deployment.yaml
+>     │   └── kustomization.yaml
+>     └── staging
+>         ├── config.env
+>         ├── deployment.yaml
+>         └── kustomization.yaml
+> ```
+
+Compare the output directly
+to see how _staging_ and _production_ differ:
+
+<!-- @compareOutput -->
+```
+diff \
+  <(kustomize build $OVERLAYS/staging) \
+  <(kustomize build $OVERLAYS/production) |\
+  more
+```
+
+The difference output should look something like
+
+> ```diff
+> (...truncated)
+> <   name: staging-my-ldap-configmap-kftftt474h
+> ---
+> >   name: production-my-ldap-configmap-k27f7hkg4f
+> 85c75
+> <   name: staging-my-ldap-service
+> ---
+> >   name: production-my-ldap-service
+> 97c87
+> <   name: staging-my-ldap
+> ---
+> >   name: production-my-ldap
+> 99c89
+> <   replicas: 2
+> ---
+> >   replicas: 6
+> (...truncated)
+> ```
+
+
+## Deploy
+
+The individual resource sets are:
+
+<!-- @buildStaging @test -->
+```
+kustomize build $OVERLAYS/staging
+```
+
+<!-- @buildProduction @test -->
+```
+kustomize build $OVERLAYS/production
+```
+
+To deploy, pipe the above commands to kubectl apply:
+
+> ```
+> kustomize build $OVERLAYS/staging |\
+>     kubectl apply -f -
+> ```
+
+> ```
+> kustomize build $OVERLAYS/production |\
+>    kubectl apply -f -
+> ```

demos/ldap/base/deployment.yaml

@@ -0,0 +1,46 @@
+apiVersion: apps/v1beta2
+kind: Deployment
+metadata:
+  name: ldap
+  labels:
+    app: ldap
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: ldap
+  template:
+    metadata:
+      labels:
+        app: ldap
+    spec:
+      containers:
+        - name: ldap
+          image: osixia/openldap:1.1.11
+          args: ["--copy-service"]
+          volumeMounts:
+            - name: ldap-data
+              mountPath: /var/lib/ldap
+            - name: ldap-config
+              mountPath: /etc/ldap/slapd.d
+            - name: ldap-certs
+              mountPath: /container/service/slapd/assets/certs
+            - name: configmap-volume
+              mountPath: /container/environment/01-custom
+            - name: container-run
+              mountPath: /container/run
+          ports:
+            - containerPort: 389
+              name: openldap
+      volumes:
+        - name: ldap-data
+          emptyDir: {}
+        - name: ldap-config
+          emptyDir: {}
+        - name: ldap-certs
+          emptyDir: {}
+        - name: "configmap-volume"
+          configMap:
+            name: "ldap-configmap"
+        - name: container-run
+          emptyDir: {}

demos/ldap/base/env.startup.txt

@@ -0,0 +1,61 @@
+# This is the default image startup configuration file
+# this file define environment variables used during the container **first start** in **startup files**.
+
+# This file is deleted right after startup files are processed for the first time,
+# after that all these values will not be available in the container environment.
+# This helps to keep your container configuration secret.
+# more information : https://github.com/osixia/docker-light-baseimage
+
+# Required and used for new ldap server only
+LDAP_ORGANISATION: Example Inc.
+LDAP_DOMAIN: example.org
+LDAP_BASE_DN: #if empty automatically set from LDAP_DOMAIN
+
+LDAP_ADMIN_PASSWORD: admin
+LDAP_CONFIG_PASSWORD: config
+
+LDAP_READONLY_USER: false
+LDAP_READONLY_USER_USERNAME: readonly
+LDAP_READONLY_USER_PASSWORD: readonly
+
+LDAP_RFC2307BIS_SCHEMA: false
+
+# Backend
+LDAP_BACKEND: hdb
+
+# Tls
+LDAP_TLS: true
+LDAP_TLS_CRT_FILENAME: ldap.crt
+LDAP_TLS_KEY_FILENAME: ldap.key
+LDAP_TLS_CA_CRT_FILENAME: ca.crt
+
+LDAP_TLS_ENFORCE: false
+LDAP_TLS_CIPHER_SUITE: SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC
+LDAP_TLS_VERIFY_CLIENT: demand
+
+# Replication
+LDAP_REPLICATION: false
+# variables $LDAP_BASE_DN, $LDAP_ADMIN_PASSWORD, $LDAP_CONFIG_PASSWORD
+# are automaticaly replaced at run time
+
+# if you want to add replication to an existing ldap
+# adapt LDAP_REPLICATION_CONFIG_SYNCPROV and LDAP_REPLICATION_DB_SYNCPROV to your configuration
+# avoid using $LDAP_BASE_DN, $LDAP_ADMIN_PASSWORD and $LDAP_CONFIG_PASSWORD variables
+LDAP_REPLICATION_CONFIG_SYNCPROV: binddn="cn=admin,cn=config" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical
+LDAP_REPLICATION_DB_SYNCPROV: binddn="cn=admin,$LDAP_BASE_DN" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase="$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical
+LDAP_REPLICATION_HOSTS:
+  - ldap://ldap.example.org # The order must be the same on all ldap servers
+  - ldap://ldap2.example.org
+
+
+# Do not change the ldap config
+# - If set to true with an existing database, config will remain unchanged. Image tls and replication config will not be run.
+#   The container can be started with LDAP_ADMIN_PASSWORD and LDAP_CONFIG_PASSWORD empty or filled with fake data.
+# - If set to true when bootstrapping a new database, bootstap ldif and schema will not be added and tls and replication config will not be run.
+KEEP_EXISTING_CONFIG: false
+
+# Remove config after setup
+LDAP_REMOVE_CONFIG_AFTER_SETUP: true
+
+# ssl-helper environment variables prefix
+LDAP_SSL_HELPER_PREFIX: ldap # ssl-helper first search config from LDAP_SSL_HELPER_* variables, before SSL_HELPER_* variables.

demos/ldap/base/kustomization.yaml

@@ -0,0 +1,7 @@
+resources:
+- deployment.yaml
+- service.yaml
+configMapGenerator:
+- name: ldap-configmap
+  files:
+    - env.startup.txt

demos/ldap/base/service.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: ldap
+  name: ldap-service
+spec:
+  ports:
+    - port: 389
+  selector:
+    app: ldap

demos/ldap/integration_test.sh

@@ -0,0 +1,102 @@
+#!/bin/bash
+# Copyright 2018 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# ----------------------------------------------------
+#
+# This script tests the ldap kustomization demo
+# against a real cluster.
+#
+# - deploy a ldap server by the output of kustomize
+# - add a user
+# - query a user
+# - delete a user
+#
+# This script is a test that (passes|fails) if exit
+# code is (0|1).
+
+set -x
+
+function exit_with {
+  local msg=$1
+  echo >&2 ${msg}
+  exit 1
+}
+
+# make sure kustomize and kubectl are available
+command -v kustomize >/dev/null 2>&1 || \
+  { exit_with "Require kustomize but it's not installed.  Aborting."; }
+command -v kubectl >/dev/null 2>&1 || \
+  { exit_with "Require kubectl but it's not installed.  Aborting."; }
+
+# set namespace to default
+kubectl config set-context $(kubectl config current-context) --namespace=default
+
+echo Kustomizing \"$1\"
+ls $1
+kustomize build $1 > generatedResources.yaml
+[[ $? -eq 0 ]] || { exit_with "Failed to kustomize build"; }
+cat generatedResources.yaml
+kubectl apply -f generatedResources.yaml
+[[ $? -eq 0 ]] || { exit_with "Failed to run kubectl apply"; }
+sleep 20
+
+# get the pod and namespace
+pod=$(kubectl get pods -l app=ldap  -o jsonpath='{.items[0].metadata.name}')
+namespace=$(kubectl get pods -l app=ldap  -o jsonpath='{.items[0].metadata.namespace}')
+container="ldap"
+[[ -z ${pod} ]] && { exit_with "Pod is not started successfully"; }
+[[ -z ${namespace} ]] && { exit_with "Couldn't get namespace for Pod ${pod}"; }
+
+# create a user ldif file locally
+ldiffile="user.ldif"
+cat <<EOF >$ldiffile
+dn: cn=The Postmaster,dc=example,dc=org
+objectClass: organizationalRole
+cn: The Postmaster
+EOF
+[[ -f ${ldiffile} ]] || { exit_with "Failed to create ldif file locally"; }
+
+# add a user
+pod_ldiffile="/tmp/user.ldif"
+kubectl cp $ldiffile  ${namespace}/${pod}:${pod_ldiffile} || \
+  { exit_with "Failed to copy ldif file to Pod ${pod}"; }
+
+kubectl exec ${pod} -c ${container} -- \
+  ldapadd -x -H ldap://localhost -D "cn=admin,dc=example,dc=org" -w admin \
+  -f ${pod_ldiffile} || { exit_with "Failed to add a user"; }
+
+# query the added user
+r=$(kubectl exec ${pod} -c ${container} -- \
+  ldapsearch -x -H ldap://localhost -b dc=example,dc=org \
+  -D "cn=admin,dc=example,dc=org" -w admin)
+
+user_count=$(echo ${r} | grep "cn: The Postmaster" | wc -l)
+[[ ${user_count} -eq 0 ]] && { exit_with "Couldn't find the new added user"; }
+
+# delete the added user
+kubectl exec ${pod} -c ${container} -- \
+  ldapdelete -v -x -H ldap://localhost "cn=The Postmaster,dc=example,dc=org" \
+  -D "cn=admin,dc=example,dc=org" -w admin || \
+  {  exit_with "Failed to delete the user"; }
+
+r=$(kubectl exec ${pod} -c ${container} -- \
+  ldapsearch -x -H ldap://localhost -b dc=example,dc=org \
+  -D "cn=admin,dc=example,dc=org" -w admin)
+user_count=$(echo ${r} | grep "cn: The Postmaster" | wc -l)
+[[ ${user_count} -ne 0 ]] && { exit_with "The user hasn't been deleted."; }
+
+# kubectl delete
+kubectl delete -f generatedResources.yaml
+rm $ldiffile

demos/ldap/overlays/production/deployment.yaml

@@ -0,0 +1,13 @@
+apiVersion: apps/v1beta2
+kind: Deployment
+metadata:
+  name: ldap
+spec:
+  replicas: 6
+  template:
+    spec:
+      volumes:
+        - name: ldap-data
+          emptyDir: null
+          gcePersistentDisk:
+            pdName: ldap-persistent-storage

demos/ldap/overlays/production/kustomization.yaml

@@ -0,0 +1,5 @@
+bases:
+  - ../../base
+patches:
+  - deployment.yaml
+namePrefix: production-

demos/ldap/overlays/staging/config.env

@@ -0,0 +1,2 @@
+DB_USERNAME=admin
+DB_PASSWORD=somepw

demos/ldap/overlays/staging/deployment.yaml

@@ -0,0 +1,7 @@
+
+apiVersion: apps/v1beta2
+kind: Deployment
+metadata:
+  name: ldap
+spec:
+  replicas: 2

demos/ldap/overlays/staging/kustomization.yaml

@@ -0,0 +1,9 @@
+bases:
+  - ../../base
+patches:
+  - deployment.yaml
+nameprefix: staging-
+configMapGenerator:
+  - name: env-config
+    files:
+      - config.env