Using oc instead kubectl / fixing image permissions

Signed-off-by: Ricardo Zanini <[email protected]>

Makefile

@@ -1,6 +1,39 @@
-# build the app
-# go build -o bin
-# download kogito-cli
-# download kubectl
-# build the image
-# podman build --tag quay.io/m88i/kogito-sw-backend:latest -f image/Dockerfile .
+SHELL := /bin/bash
+
+KOGITO_VERSION ?= 0.17.0
+KUBECTL_VERSION ?= 1.19.0
+OKD_VERSION ?= 4.5.0-0.okd-2020-10-15-235428
+
+all: build-image
+
+build:
+	go build -o bin/kogito-sw-backend
+
+kubectl:
+ifeq (,$(wildcard bin/kubectl))
+	curl -LO "https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl"
+	chmod +x ./kubectl
+	mv ./kubectl bin/kubectl
+endif
+
+oc:
+ifeq (,$(wildcard bin/oc))
+	curl -LO "https://github.com/openshift/okd/releases/download/4.5.0-0.okd-2020-10-15-235428/openshift-client-linux-${OKD_VERSION}.tar.gz"
+	tar -xvzf "openshift-client-linux-${OKD_VERSION}.tar.gz"
+	mv ./oc bin/oc
+	rm -rf "openshift-client-linux-${OKD_VERSION}.tar.gz"
+endif
+
+kogito:
+ifeq (,$(wildcard bin/kogito))
+	curl -LO "https://github.com/kiegroup/kogito-cloud-operator/releases/download/v${KOGITO_VERSION}/kogito-cli-${KOGITO_VERSION}-linux-amd64.tar.gz"
+	tar -xvzf "kogito-cli-${KOGITO_VERSION}-linux-amd64.tar.gz"
+	mv ./kogito bin/kogito
+	rm -rf "kogito-cli-${KOGITO_VERSION}-linux-amd64.tar.gz"
+endif
+
+build-image: build oc kogito
+	podman build --tag quay.io/m88i/kogito-sw-backend:latest -f image/Dockerfile .
+
+push:
+	podman push quay.io/m88i/kogito-sw-backend:latest

README.md

@@ -1,4 +1,24 @@
-# Kogito Serverless Workflow Online Backend
+# OpenShift Clients
 
-This is a proof-of-concept for a backend to support deploying Serverless Workflow definitions
-into an OpenShift cluster.
+The OpenShift client `oc` simplifies working with Kubernetes and OpenShift
+clusters, offering a number of advantages over `kubectl` such as easy login,
+kube config file management, and access to developer tools. The `kubectl`
+binary is included alongside for when strict Kubernetes compliance is necessary.
+
+To learn more about OpenShift, visit [docs.openshift.com](https://docs.openshift.com)
+and select the version of OpenShift you are using.
+
+## Installing the tools
+
+After extracting this archive, move the `oc` and `kubectl` binaries
+to a location on your PATH such as `/usr/local/bin`. Then run:
+
+    oc login [API_URL]
+
+to start a session against an OpenShift cluster. After login, run `oc` and
+`oc help` to learn more about how to get started with OpenShift.
+
+## License
+
+OpenShift is licensed under the Apache Public License 2.0. The source code for this
+program is [located on github](https://github.com/openshift/origin).

deploy.go

@@ -27,7 +27,7 @@ const (
 func deploy(workflow model.Workflow, workflowFile []byte) error {
 	namespace := os.Getenv(envKeyNamespace)
 	projectTemplate := regularProjectTemplatePath
-	if err := execCmd("kogito", "use-project", namespace); err != nil {
+	if err := execCmd("oc", "project", namespace); err != nil {
 		log.Error("Failed to set namespace", err)
 		return err
 	}
@@ -51,7 +51,7 @@ func deploy(workflow model.Workflow, workflowFile []byte) error {
 
 func deployEventsInfra(namespace string) error {
 	// apply the knative broker
-	if err := execCmd("kubectl", "apply", "-f", getDataPath()+knativeResourcesPath, "-n", namespace); err != nil {
+	if err := execCmd("oc", "apply", "-f", getDataPath()+knativeResourcesPath, "-n", namespace); err != nil {
 		log.Error("Failed create Knative Eventing broker", err)
 		return err
 	}

image/Dockerfile

@@ -3,19 +3,23 @@ FROM registry.access.redhat.com/ubi8/ubi-minimal
 LABEL maintainer="[email protected]"
 LABEL io.openshift.expose-services="9000:http"
 
+ENV HOME=/home/kogito
+
 RUN microdnf update &&\
     microdnf install shadow-utils &&\
     microdnf clean all
 
-RUN adduser -ms /bin/bash -d /home/kogito -u 1001 kogito
-
-USER kogito
-WORKDIR /home/kogito
+RUN adduser -ms /sbin/nologin -d /home/kogito -g 0 -r -u 1001 kogito && mkdir /home/kogito/.kube
 
 COPY bin/kogito-sw-backend /usr/local/bin/kogito-sw-backend
-#COPY bin/kogito /usr/local/bin
-#COPY bin/kubectl /usr/local/bin
-COPY --chown=kogito:kogito image/data/* /home/kogito/data
+COPY bin/kogito /usr/local/bin
+COPY bin/oc /usr/local/bin
+COPY image/data /home/kogito/data
+
+RUN chgrp -R 0 /home/kogito && chmod -R g+rwX /home/kogito
+
+USER 1001
+WORKDIR /home/kogito
 
 EXPOSE 9000
 

openshift/kogito-sw-backend.yaml

@@ -63,11 +63,11 @@ spec:
     type: Recreate
   selector:
     matchLabels:
-      name: kogito-sw-backend
+      app: kogito-sw-backend
   template:
     metadata:
       labels:
-        name: kogito-sw-backend
+        app: kogito-sw-backend
     spec:
       serviceAccountName: kogito-sw-backend
       containers:
@@ -85,6 +85,18 @@ spec:
             - name: http
               containerPort: 9000
               protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /live
+              port: 9000
+            initialDelaySeconds: 3
+            periodSeconds: 3
+          readinessProbe:
+            httpGet:
+              path: /ready
+              port: 9000
+              initialDelaySeconds: 3
+              periodSeconds: 3
 ---
 kind: Service
 apiVersion: v1

server.go

@@ -79,7 +79,7 @@ func handleReady(writer http.ResponseWriter, request *http.Request) *serverError
 		return newServerError("Environment variable "+envKeyNamespace+" not defined", nil)
 	}
 	// verify kubectl
-	if err := execCmd("kubectl", "version"); err != nil {
+	if err := execCmd("oc", "version"); err != nil {
 		return newServerError("Failed to run kubectl", err)
 	}
 	// verify kogito

testdata/jsongreet.sw.json

@@ -0,0 +1,80 @@
+{
+  "id": "jsongreet",
+  "version": "1.0",
+  "name": "Greeting workflow",
+  "description": "JSON based greeting workflow",
+  "functions": [
+    {
+      "name": "greetFunction",
+      "type": "sysout"
+    }
+  ],
+  "states": [
+    {
+      "name": "ChooseOnLanguage",
+      "type": "switch",
+      "start": {
+        "kind": "default"
+      },
+      "dataConditions": [
+        {
+          "path": "$.language",
+          "value": "English",
+          "operator": "equals",
+          "transition": {
+            "nextState": "GreetInEnglish"
+          }
+        },
+        {
+          "path": "$.language",
+          "value": "Spanish",
+          "operator": "equals",
+          "transition": {
+            "nextState": "GreetInSpanish"
+          }
+        }
+      ],
+      "default": {
+        "nextState": "GreetInEnglish"
+      }
+    },
+    {
+      "name": "GreetInEnglish",
+      "type": "inject",
+      "data": {
+        "greeting": "Hello from JSON Workflow, "
+      },
+      "transition": {
+        "nextState": "GreetPerson"
+      }
+    },
+    {
+      "name": "GreetInSpanish",
+      "type": "inject",
+      "data": {
+        "greeting": "Saludos desde JSON Workflow, "
+      },
+      "transition": {
+        "nextState": "GreetPerson"
+      }
+    },
+    {
+      "name": "GreetPerson",
+      "type": "operation",
+      "actions": [
+        {
+          "name": "greetAction",
+          "functionRef": {
+            "refName": "greetFunction",
+            "parameters": {
+              "message": "$.greeting $.name"
+            }
+          }
+        }
+      ],
+      "end": {
+        "kind": "terminate"
+      }
+    }
+  ]
+}