Required templates and scripts for the monitoring lab (#35)

calculator-monolith/kubefiles/application-template.yml

@@ -0,0 +1,64 @@
+apiVersion: v1
+kind: Template
+metadata:
+  name: calculator-template
+  annotations:
+    description: "Quarkus Calculator"
+objects:
+  - kind: Deployment
+    apiVersion: apps/v1
+    metadata:
+      name: calculator
+    spec:
+      selector:
+        matchLabels:
+          app: calculator
+      replicas: 1
+      template:
+        metadata:
+          labels:
+            app: calculator
+        spec:
+          containers:
+            - name: calculator
+              image: quay.io/${QUAY_USER_OR_GROUP}/${QUAY_REPOSITORY}:${APP_IMAGE_TAG}
+              imagePullPolicy: Always
+              ports:
+                - containerPort: 8080
+  - kind: Service
+    apiVersion: v1
+    metadata:
+      labels:
+        app: calculator
+      name: calculator
+    spec:
+      ports:
+        - port: 8080
+          protocol: TCP
+          targetPort: 8080
+      selector:
+        app: calculator
+  - kind: Route
+    apiVersion: route.openshift.io/v1
+    metadata:
+      name: calculator
+      labels:
+        app: calculator
+    spec:
+      to:
+        kind: Service
+        name: calculator
+      port:
+        targetPort: 8080
+
+parameters:
+  - name: QUAY_USER_OR_GROUP
+    description: "Quay User/Group"
+    required: true
+  - name: QUAY_REPOSITORY
+    description: "Image repository"
+    required: true
+  - name: APP_IMAGE_TAG
+    description: "Image Tag"
+    required: false
+    value: "latest"

calculator-monolith/kubefiles/security-scan-template.yml

@@ -0,0 +1,44 @@
+apiVersion: v1
+kind: Template
+metadata:
+  name: calculator-security-scan-template
+  annotations:
+    description: "Calculator - Security Scan Template"
+objects:
+  - kind: Job
+    apiVersion: batch/v1
+    metadata:
+      name: ${APP_NAME}-trivy
+    spec:
+      backoffLimit: 0
+      template:
+        metadata:
+          name: ${APP_NAME}-trivy
+        spec:
+          containers:
+            - name: ${APP_NAME}-trivy
+              image: quay.io/${QUAY_USER}/${QUAY_REPOSITORY}
+              env:
+              command: [ "/bin/sh" ]
+              args:
+                - -c
+                - >-
+                  cd /tmp &&
+                  curl -sL https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_RELEASE}/trivy_${TRIVY_RELEASE}_Linux-64bit.tar.gz -o - | tar -zxf - &&
+                  ./trivy fs --cache-dir /tmp/.cache --exit-code 1 --severity HIGH,CRITICAL --no-progress --ignore-unfixed /
+          restartPolicy: Never
+
+parameters:
+  - name: QUAY_USER
+    description: "Quay User"
+    required: true
+  - name: QUAY_REPOSITORY
+    description: "Quay Repository"
+    required: true
+  - name: APP_NAME
+    description: "Application Name"
+    required: true
+  - name: TRIVY_RELEASE
+    description: "Trivy Release Version"
+    required: false
+    value: "0.14.0"

calculator-monolith/scripts/build-and-push-image.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+while getopts u:p:b:r: flag
+do
+    case "${flag}" in
+        u) quay_user=${OPTARG};;
+        p) quay_password=${OPTARG};;
+        b) build_number=${OPTARG};;
+	      r) quay_repo=${OPTARG};;
+    esac
+done
+
+./mvnw package -DskipTests \
+  -Dquarkus.container-image.build=true \
+  -Dquarkus.container-image.registry=quay.io \
+  -Dquarkus.container-image.group="${quay_user}" \
+  -Dquarkus.container-image.name="${quay_repo}" \
+  -Dquarkus.container-image.username="${quay_user}" \
+  -Dquarkus.container-image.password="${quay_password}" \
+  -Dquarkus.container-image.tag="1.0.0-${build_number}" \
+  -Dquarkus.container-image.additional-tags="latest" \
+  -Dquarkus.container-image.push=true

calculator-monolith/scripts/check-job-state.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+oc wait --for=condition=ContainersReady \
+  --timeout=60s pod --selector job-name=${1} -n ${2}
+
+oc logs --pod-running-timeout=120s -f "jobs/${1}" -n "${2}" && \
+podState=$(oc get pods --selector=job-name="${1}" -n "${2}" \
+  --output=jsonpath='{.items[0].status.containerStatuses[0].state.terminated.exitCode}')
+
+if [ "${podState}" -eq 0 ]
+then
+  exit 0
+fi
+
+exit 1

calculator-monolith/scripts/include-container-extensions.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+./mvnw quarkus:add-extension \
+  -Dextensions="kubernetes,container-image-jib"

calculator-monolith/scripts/redeploy.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+while getopts d:n: flag
+do
+    case "${flag}" in
+        d) deployment_name=${OPTARG};;
+        n) namespace=${OPTARG};;
+    esac
+done
+
+oc patch "deployment/${deployment_name}" \
+  -n "${namespace}" \
+  -p "{\"spec\": {\"template\": {\"metadata\": { \"labels\": {  \"redeploy\": \"$(date +%s)\" }}}}}"

tools/email-service.yml

@@ -0,0 +1,58 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: email
+spec:
+  selector:
+    matchLabels:
+      app: email
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: email
+    spec:
+      containers:
+        - name: email
+          image: quay.io/redhattraining/maildev-mirror:latest
+          imagePullPolicy: Always
+          command: ["bin/maildev"]
+          args: ["--web", "8080", "--smtp", "1025", "--verbose"]
+          ports:
+            - containerPort: 1025
+              protocol: TCP
+            - containerPort: 8080
+              protocol: TCP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: email
+  name: email
+spec:
+  ports:
+    - port: 8080
+      name: web
+      protocol: TCP
+      targetPort: 8080
+    - port: 25
+      name: smtp
+      protocol: TCP
+      targetPort: 1025
+  selector:
+    app: email
+---
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: email
+  labels:
+    app: email
+spec:
+  to:
+    kind: Service
+    name: email
+  port:
+    targetPort: 8080
+