Demo Application ============================= Access to the OpenShift cluster running ACM is required Configuration ------------- If you wish to use the resources above to deploy an application that resides on a private git/gitlab repository, the following environment variables must be configured: Application Config ~~~~~~~~~~~~~~~~~~ - APP_NAME: the application’s name - GIT_PATHNAME: the URL to the git repository (used by the channel resource), e.g.: ``GIT_PATHNAME='https://gitlab.com/i4q/LRT'`` - GIT_PATH: the filepath to the relevant root directory inside the git repository set in $GIT_PATHNAME - GIT_BRANCH: the git branch to pull from Access Config ~~~~~~~~~~~~~ - BASE64_USER : your user encoded in base64, e.g.: ``BASE64_USER=$(echo -n "YOUR_USER_NAME" | base64)`` - BASE64_ACCESS_TOKEN : your access token that provides at-least READ permission for the private repo/org **Note:** ~~~~~~~~~ If your application must pull container images from private repositories then a deployment-level/service-account level docker-configuration access secret must be deployed, and referenced in deployment/service-account E.g., if a container in your deployment in ``$NAMESPACE`` namespace must pull from a private gitlab repository, then: 1. Its container must reference: :: imagePullSecrets: - name: {{ $SECRET_NAME }} 1. Access authentication secret must be deployed: :: kubectl create secret docker-registry $SECRET_NAME --docker-server=registry.gitlab.com --docker-username=$GITLAB_USER --docker-password=$GITLAB_READ_TOKEN -n $NAMESPACE --dry-run=client -o yaml | kubectl apply -f - Resources --------- The resources in this directory deploy an application that is composed of: - Namespace: The namespaces in which the resources will reside: :: apiVersion: v1 kind: Namespace metadata: name: $APP_NAME --- apiVersion: v1 kind: Namespace metadata: name: ggitlabcom-$APP_NAME - Channel: An openshift resource that specifies connection information to a git repo / other repo sources The name formatting follows that used when deploying an application through the ACM UI :: apiVersion: apps.open-cluster-management.io/v1 kind: Channel metadata: annotations: apps.open-cluster-management.io/reconcile-rate: medium name: ggitlabcom-$APP_NAME namespace: ggitlabcom-$APP_NAME spec: type: Git pathname: $GIT_PATHNAME secretRef: name: ggitlabcom-$APP_NAME-auth - Application: :: apiVersion: app.k8s.io/v1beta1 kind: Application metadata: name: $APP_NAME namespace: $APP_NAME spec: componentKinds: group: apps.open-cluster-management.io kind: Subscription descriptor: {} selector: matchExpressions: key: app operator: In values: $APP_NAME - Private Repository Authentication Secret: A secret that holds username and token for accessing a private repository to pull **git-resources** from :: apiVersion: v1 kind: Secret metadata: name: ggitlabcom-$APP_NAME-auth namespace: ggitlabcom-$APP_NAME data: user: $BASE64_USER accessToken: $BASE64_ACCESS_TOKEN - Subscription: The resource that instructs openshift controllers to watch and sync the specified repository :: apiVersion: apps.open-cluster-management.io/v1 kind: Subscription metadata: annotations: apps.open-cluster-management.io/git-branch: $GIT_BRANCH apps.open-cluster-management.io/git-path: $GIT_PATH apps.open-cluster-management.io/reconcile-option: merge labels: app: $APP_NAME name: $APP_NAME-subscription-1 namespace: $APP_NAME spec: channel: ggitlabcom-$APP_NAME/ggitlabcom-$APP_NAME placement: placementRef: kind: PlacementRule name: $APP_NAME-placement-1 - Placement: The resource that specifies how to select which managed-cluster should deploy the application :: apiVersion: apps.open-cluster-management.io/v1 kind: PlacementRule metadata: labels: app: $APP_NAME name: $APP_NAME-placement-1 namespace: $APP_NAME spec: clusterSelector: matchLabels: 'env': 'lrt' In this case, the application will be deployed on managed-cluster that have the label ``env=lrt``