Merge pull request #550 from GrahamDumpleton/2.7.x-backport-lookup-se…

…rvice-fixes Backport changes needed to support lookup service monitoring.
educates · Aug 15, 2024 · 6593cee · 6593cee
2 parents 07abdc9 + 7f6656a
commit 6593cee
Show file tree

Hide file tree

Showing 19 changed files with 403 additions and 37 deletions.
diff --git a/Makefile b/Makefile
@@ -261,8 +261,8 @@ clean-project-docs:
 	rm -rf project-docs/_build
 
 deploy-workshop:
-	kubectl apply -f https://github.com/vmware-tanzu-labs/lab-k8s-fundamentals/releases/download/5.0/workshop.yaml
-	kubectl apply -f https://github.com/vmware-tanzu-labs/lab-k8s-fundamentals/releases/download/5.0/trainingportal.yaml
+	kubectl apply -f https://github.com/educates/lab-k8s-fundamentals/releases/download/7.4/workshop.yaml
+	kubectl apply -f https://github.com/educates/lab-k8s-fundamentals/releases/download/7.4/trainingportal.yaml
 	STATUS=1; ATTEMPTS=0; ROLLOUT_STATUS_CMD="kubectl rollout status deployment/training-portal -n lab-k8s-fundamentals-ui"; until [ $$STATUS -eq 0 ] || $$ROLLOUT_STATUS_CMD || [ $$ATTEMPTS -eq 5 ]; do sleep 5; $$ROLLOUT_STATUS_CMD; STATUS=$$?; ATTEMPTS=$$((ATTEMPTS + 1)); done
 
 delete-workshop:

diff --git a/...ckages/training-platform/bundle/config/11-session-manager/01-crds-workshopallocation.yaml b/...ckages/training-platform/bundle/config/11-session-manager/01-crds-workshopallocation.yaml
@@ -40,9 +40,12 @@ spec:
                   type: object
                   required:
                   - name
+                  - user
                   properties:
                     name:
                       type: string
+                    user:
+                      type: string
             status:
               type: object
               x-kubernetes-preserve-unknown-fields: true

diff --git a/...kages/training-platform/bundle/config/11-session-manager/01-crds-workshopenvironment.yaml b/...kages/training-platform/bundle/config/11-session-manager/01-crds-workshopenvironment.yaml
@@ -154,6 +154,12 @@ spec:
                       type: string
                     namespace:
                       type: string
+                    capacity:
+                      type: integer
+                    initial:
+                      type: integer
+                    reserved:
+                      type: integer
                     secrets:
                       type: object
                       properties:

diff --git a/...-packages/training-platform/bundle/config/11-session-manager/01-crds-workshopsession.yaml b/...-packages/training-platform/bundle/config/11-session-manager/01-crds-workshopsession.yaml
@@ -151,6 +151,8 @@ spec:
                           properties:
                             enabled:
                               type: boolean
+                    user:
+                      type: string
       additionalPrinterColumns:
       - name: URL
         type: string

diff --git a/carvel-packages/training-platform/bundle/config/12-lookup-service/clusterrolebindings.yaml b/carvel-packages/training-platform/bundle/config/12-lookup-service/clusterrolebindings.yaml
@@ -0,0 +1,13 @@
+#! Cluster role bindings for the remote access.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: educates-remote-access
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: educates-remote-access
+subjects:
+- kind: ServiceAccount
+  name: remote-access
+  namespace: educates
diff --git a/carvel-packages/training-platform/bundle/config/12-lookup-service/clusterroles.yaml b/carvel-packages/training-platform/bundle/config/12-lookup-service/clusterroles.yaml
@@ -0,0 +1,18 @@
+#! Cluster role for the remote access clients.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: educates-remote-access
+rules:
+  - apiGroups:
+      - training.educates.dev
+    resources:
+      - trainingportals
+      - workshopenvironments
+      - workshopsessions
+      - workshopallocations
+      - workshops
+    verbs:
+      - get
+      - list
+      - watch
diff --git a/carvel-packages/training-platform/bundle/config/12-lookup-service/secrets.yaml b/carvel-packages/training-platform/bundle/config/12-lookup-service/secrets.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: remote-access-token
+  namespace: educates
+  annotations:
+    kubernetes.io/service-account.name: remote-access
+    kapp.k14s.io/change-rule: "upsert after upserting educates/sa-with-separate-token-secret"
+type: kubernetes.io/service-account-token
diff --git a/carvel-packages/training-platform/bundle/config/12-lookup-service/serviceaccounts.yaml b/carvel-packages/training-platform/bundle/config/12-lookup-service/serviceaccounts.yaml
@@ -0,0 +1,8 @@
+#! ServiceAccount for remote access clients.
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: remote-access
+  namespace: educates
+  annotations:
+    kapp.k14s.io/change-group: "educates/sa-with-separate-token-secret"
diff --git a/project-docs/index.rst b/project-docs/index.rst
@@ -85,6 +85,7 @@ Educates
   :maxdepth: 2
   :caption: Release Notes:
 
+  release-notes/version-2.7.3
   release-notes/version-2.7.2
   release-notes/version-2.7.1
   release-notes/version-2.7.0

diff --git a/project-docs/release-notes/version-2.7.3.md b/project-docs/release-notes/version-2.7.3.md
@@ -0,0 +1,18 @@
+Version 2.7.3
+=============
+
+Upcoming Changes
+----------------
+
+For details on significant changes in future versions, including feature
+deprecations and removals which may necessitate updates to existing workshops,
+see [Upcoming changes](upcoming-changes).
+
+Backported Changes
+------------------
+
+* Range of changes backported from 3.0.0 in order to support monitoring of
+  Educates 2.7.3 clusters using the new lookup service included with 3.0.0. It
+  is believed this should cause no noticeable changes or incompatabilities. If
+  you have no need for the lookup service, there is no need to upgrade to
+  Educates 2.7.3 from 2.7.2.
diff --git a/session-manager/handlers/trainingportal.py b/session-manager/handlers/trainingportal.py
@@ -86,6 +86,8 @@ def training_portal_create(name, uid, body, spec, status, patch, runtime, retry,
     # Calculate name for the portal namespace.
 
     portal_name = name
+    portal_uid = uid
+
     portal_namespace = f"{portal_name}-ui"
 
     # Calculate access details for the portal. The hostname used to access the
@@ -388,6 +390,7 @@ def training_portal_create(name, uid, body, spec, status, patch, runtime, retry,
             "labels": {
                 f"training.{OPERATOR_API_GROUP}/component": "portal",
                 f"training.{OPERATOR_API_GROUP}/portal.name": portal_name,
+                f"training.{OPERATOR_API_GROUP}/portal.uid": portal_uid,
                 f"training.{OPERATOR_API_GROUP}/policy.engine": CLUSTER_SECURITY_POLICY_ENGINE,
                 f"training.{OPERATOR_API_GROUP}/policy.name": "baseline",
             },
@@ -444,6 +447,7 @@ def training_portal_create(name, uid, body, spec, status, patch, runtime, retry,
                 "labels": {
                     f"training.{OPERATOR_API_GROUP}/component": "portal",
                     f"training.{OPERATOR_API_GROUP}/portal.name": portal_name,
+                    f"training.{OPERATOR_API_GROUP}/portal.uid": portal_uid,
                 },
             },
             "roleRef": {
@@ -472,6 +476,7 @@ def training_portal_create(name, uid, body, spec, status, patch, runtime, retry,
                 "labels": {
                     f"training.{OPERATOR_API_GROUP}/component": "portal",
                     f"training.{OPERATOR_API_GROUP}/portal.name": portal_name,
+                    f"training.{OPERATOR_API_GROUP}/portal.uid": portal_uid,
                 },
             },
             "roleRef": {
@@ -530,6 +535,7 @@ def training_portal_create(name, uid, body, spec, status, patch, runtime, retry,
             "labels": {
                 f"training.{OPERATOR_API_GROUP}/component": "portal",
                 f"training.{OPERATOR_API_GROUP}/portal.name": portal_name,
+                f"training.{OPERATOR_API_GROUP}/portal.uid": portal_uid,
             },
         },
     }
@@ -544,6 +550,7 @@ def training_portal_create(name, uid, body, spec, status, patch, runtime, retry,
             "labels": {
                 f"training.{OPERATOR_API_GROUP}/component": "portal",
                 f"training.{OPERATOR_API_GROUP}/portal.name": portal_name,
+                f"training.{OPERATOR_API_GROUP}/portal.uid": portal_uid,
             },
         },
         "type": "kubernetes.io/service-account-token",
@@ -557,6 +564,7 @@ def training_portal_create(name, uid, body, spec, status, patch, runtime, retry,
             "labels": {
                 f"training.{OPERATOR_API_GROUP}/component": "portal",
                 f"training.{OPERATOR_API_GROUP}/portal.name": portal_name,
+                f"training.{OPERATOR_API_GROUP}/portal.uid": portal_uid,
             },
         },
         "roleRef": {
@@ -584,6 +592,7 @@ def training_portal_create(name, uid, body, spec, status, patch, runtime, retry,
             "labels": {
                 f"training.{OPERATOR_API_GROUP}/component": "portal",
                 f"training.{OPERATOR_API_GROUP}/portal.name": portal_name,
+                f"training.{OPERATOR_API_GROUP}/portal.uid": portal_uid,
             },
         },
         "spec": {
@@ -604,6 +613,7 @@ def training_portal_create(name, uid, body, spec, status, patch, runtime, retry,
             "labels": {
                 f"training.{OPERATOR_API_GROUP}/component": "portal",
                 f"training.{OPERATOR_API_GROUP}/portal.name": portal_name,
+                f"training.{OPERATOR_API_GROUP}/portal.uid": portal_uid,
             },
         },
         "data": {
@@ -620,6 +630,7 @@ def training_portal_create(name, uid, body, spec, status, patch, runtime, retry,
             "labels": {
                 f"training.{OPERATOR_API_GROUP}/component": "portal",
                 f"training.{OPERATOR_API_GROUP}/portal.name": portal_name,
+                f"training.{OPERATOR_API_GROUP}/portal.uid": portal_uid,
                 f"training.{OPERATOR_API_GROUP}/portal.services.dashboard": "true",
             },
         },
@@ -633,6 +644,7 @@ def training_portal_create(name, uid, body, spec, status, patch, runtime, retry,
                         "deployment": "training-portal",
                         f"training.{OPERATOR_API_GROUP}/component": "portal",
                         f"training.{OPERATOR_API_GROUP}/portal.name": portal_name,
+                        f"training.{OPERATOR_API_GROUP}/portal.uid": portal_uid,
                         f"training.{OPERATOR_API_GROUP}/portal.services.dashboard": "true",
                     },
                 },
@@ -850,6 +862,7 @@ def training_portal_create(name, uid, body, spec, status, patch, runtime, retry,
             "labels": {
                 f"training.{OPERATOR_API_GROUP}/component": "portal",
                 f"training.{OPERATOR_API_GROUP}/portal.name": portal_name,
+                f"training.{OPERATOR_API_GROUP}/portal.uid": portal_uid,
             },
         },
         "spec": {
@@ -868,6 +881,7 @@ def training_portal_create(name, uid, body, spec, status, patch, runtime, retry,
             "labels": {
                 f"training.{OPERATOR_API_GROUP}/component": "portal",
                 f"training.{OPERATOR_API_GROUP}/portal.name": portal_name,
+                f"training.{OPERATOR_API_GROUP}/portal.uid": portal_uid,
             },
             "annotations": {},
         },
@@ -936,6 +950,7 @@ def training_portal_create(name, uid, body, spec, status, patch, runtime, retry,
                         "labels": {
                             f"training.{OPERATOR_API_GROUP}/component": "portal",
                             f"training.{OPERATOR_API_GROUP}/portal.name": portal_name,
+                            f"training.{OPERATOR_API_GROUP}/portal.uid": portal_uid,
                         },
                     },
                     "spec": {
@@ -969,6 +984,7 @@ def training_portal_create(name, uid, body, spec, status, patch, runtime, retry,
                     "labels": {
                         f"training.{OPERATOR_API_GROUP}/component": "portal",
                         f"training.{OPERATOR_API_GROUP}/portal.name": portal_name,
+                        f"training.{OPERATOR_API_GROUP}/portal.uid": portal_uid,
                     },
                 },
                 "spec": {
@@ -997,6 +1013,7 @@ def training_portal_create(name, uid, body, spec, status, patch, runtime, retry,
             "labels": {
                 f"training.{OPERATOR_API_GROUP}/component": "portal",
                 f"training.{OPERATOR_API_GROUP}/portal.name": portal_name,
+                f"training.{OPERATOR_API_GROUP}/portal.uid": portal_uid,
             },
         },
         "spec": {

diff --git a/session-manager/handlers/workshopallocation.py b/session-manager/handlers/workshopallocation.py
@@ -146,8 +146,16 @@ def workshop_allocation_create(
     portal_name = meta.get("labels", {}).get(
         f"training.{OPERATOR_API_GROUP}/portal.name", ""
     )
+    portal_uid = meta.get("labels", {}).get(
+        f"training.{OPERATOR_API_GROUP}/portal.uid", ""
+    )
 
     environment_name = spec["environment"]["name"]
+
+    environment_uid = meta.get("labels", {}).get(
+        f"training.{OPERATOR_API_GROUP}/environment.uid", ""
+    )
+
     workshop_namespace = environment_name
 
     session_name = spec["session"]["name"]
@@ -447,7 +455,9 @@ def workshop_allocation_create(
                 f"training.{OPERATOR_API_GROUP}/component.group": "objects",
                 f"training.{OPERATOR_API_GROUP}/workshop.name": workshop_name,
                 f"training.{OPERATOR_API_GROUP}/portal.name": portal_name,
+                f"training.{OPERATOR_API_GROUP}/portal.uid": portal_uid,
                 f"training.{OPERATOR_API_GROUP}/environment.name": environment_name,
+                f"training.{OPERATOR_API_GROUP}/environment.uid": environment_uid,
                 f"training.{OPERATOR_API_GROUP}/session.name": session_name,
                 f"training.{OPERATOR_API_GROUP}/session.objects": "true",
             }