Updated to Kubernetes 1.24+ and latest Project Syn tools

Adrian Kosmaczewski · Adrian Kosmaczewski · commit 724f7c516a88 · 2023-05-31T15:39:20.000+02:00
diff --git a/0_requirements.sh b/0_requirements.sh
@@ -20,12 +20,12 @@ echo "Podman $PODMAN_VERSION"
 MINIKUBE_VERSION=$(minikube version | grep version)
 echo "$MINIKUBE_VERSION"
 
+KIND_VERSION=$(kind version)
+echo "$KIND_VERSION"
+
 K3D_VERSION=$(k3d version | grep version -m 1)
 echo "$K3D_VERSION"
 
-VSCODE_PATH=$(which code)
-echo "Visual Studio Code: $VSCODE_PATH"
-
 CURL_PATH=$(which curl)
 echo "curl: $CURL_PATH"
 
diff --git a/1_lieutenant_on_minikube.sh b/1_lieutenant_on_minikube.sh
@@ -8,6 +8,10 @@ check_variable "GITLAB_TOKEN" "$GITLAB_TOKEN"
 check_variable "GITLAB_ENDPOINT" "$GITLAB_ENDPOINT"
 check_variable "GITLAB_USERNAME" "$GITLAB_USERNAME"
 
+# Lieutenant Operator and API versions
+LIEUTENANT_OPERATOR_VERSION=v1.5.0
+LIEUTENANT_API_VERSION=v0.11.0
+
 # Minikube must be running
 minikube start --disk-size 60g --cpus 4
 check_minikube
@@ -16,21 +20,22 @@ echo "===> Creating namespace"
 kubectl create namespace lieutenant
 
 echo "===> CRDs (global scope)"
-kubectl apply -k "github.com/projectsyn/lieutenant-operator/config/crd?ref=v1.3.0"
+kubectl apply -k "github.com/projectsyn/lieutenant-operator/config/crd?ref=$LIEUTENANT_OPERATOR_VERSION"
 
 echo "===> Operator deployment"
-kubectl -n lieutenant apply -k "github.com/projectsyn/lieutenant-operator/config/samples/deployment?ref=v1.3.0"
+kubectl -n lieutenant apply -k "github.com/projectsyn/lieutenant-operator/config/samples/deployment?ref=$LIEUTENANT_OPERATOR_VERSION"
 
 echo "===> Operator configuration"
 kubectl -n lieutenant set env deployment/lieutenant-operator -c lieutenant-operator \
     DEFAULT_DELETION_POLICY=Delete \
     DEFAULT_GLOBAL_GIT_REPO_URL=https://github.com/projectsyn/getting-started-commodore-defaults \
     LIEUTENANT_DELETE_PROTECTION=false \
-    SKIP_VAULT_SETUP=true
+    SKIP_VAULT_SETUP=true \
+    LIEUTENANT_CREATE_SERVICEACCOUNT_TOKEN_SECRET=true
 
 # tag::demo[]
 echo "===> API deployment"
-kubectl -n lieutenant apply -k "github.com/projectsyn/lieutenant-api/deploy?ref=v0.9.1"
+kubectl -n lieutenant apply -k "github.com/projectsyn/lieutenant-api/deploy?ref=$LIEUTENANT_API_VERSION"
 
 echo "===> API configuration"
 kubectl -n lieutenant set env deployment/lieutenant-api -c lieutenant-api \
@@ -54,14 +59,14 @@ wait_for_lieutenant "$LIEUTENANT_URL/healthz"
 echo "===> Prepare Lieutenant Operator access to GitLab"
 kubectl -n lieutenant create secret generic gitlab-com \
   --from-literal=endpoint="https://${GITLAB_ENDPOINT}" \
-  --from-literal=hostKeys="$(ssh-keyscan $GITLAB_ENDPOINT)" \
+  --from-literal=hostKeys="$(ssh-keyscan "$GITLAB_ENDPOINT")" \
   --from-literal=token="$GITLAB_TOKEN"
 
 echo "===> Prepare Lieutenant API Authentication and Authorization"
 kubectl -n lieutenant apply -f lib/auth.yaml
 
 echo "===> Create Lieutenant Objects: Tenant and Cluster"
-LIEUTENANT_TOKEN=$(kubectl -n lieutenant get secret "$(kubectl -n lieutenant get sa api-access-synkickstart -o go-template='{{(index .secrets 0).name}}')" -o go-template='{{.data.token | base64decode}}')
+LIEUTENANT_TOKEN=$(kubectl -n lieutenant get secret token-secret -o go-template='{{.data.token | base64decode}}')
 LIEUTENANT_AUTH="Authorization: Bearer ${LIEUTENANT_TOKEN}"
 
 echo "===> Create a Lieutenant Tenant via the API"
diff --git a/2_commodore_on_minikube.sh b/2_commodore_on_minikube.sh
@@ -10,6 +10,8 @@ check_variable "GITHUB_USERNAME" "$GITHUB_USERNAME"
 
 check_minikube
 
+COMMODORE_VERSION=v1.16.0
+
 echo "===> Find Lieutenant URL"
 LIEUTENANT_URL=$(curl http://localhost:4040/api/tunnels --silent | jq -r '.["tunnels"][0]["public_url"]')
 check_variable "LIEUTENANT_URL" "$LIEUTENANT_URL"
@@ -19,15 +21,15 @@ CLUSTER_ID=$(kubectl --context minikube -n lieutenant get cluster | grep c- | aw
 check_variable "CLUSTER_ID" "$CLUSTER_ID"
 
 echo "===> Find Lieutenant Token"
-LIEUTENANT_TOKEN=$(kubectl --context minikube -n lieutenant get secret "$(kubectl -n lieutenant get sa api-access-synkickstart -o go-template='{{(index .secrets 0).name}}')" -o go-template='{{.data.token | base64decode}}')
+LIEUTENANT_TOKEN=$(kubectl --context minikube -n lieutenant get secret token-secret -o go-template='{{.data.token | base64decode}}')
 
 echo "===> Kickstart Commodore"
 echo "===> IMPORTANT: When prompted enter your SSH key password"
 kubectl -n lieutenant run commodore-shell \
-  --image=docker.io/projectsyn/commodore:v1.3.2 \
+  --image=docker.io/projectsyn/commodore:$COMMODORE_VERSION \
   --env=COMMODORE_API_URL="$LIEUTENANT_URL" \
   --env=COMMODORE_API_TOKEN="$LIEUTENANT_TOKEN" \
-  --env=SSH_PRIVATE_KEY="$(cat ${COMMODORE_SSH_PRIVATE_KEY})" \
+  --env=SSH_PRIVATE_KEY="$(cat "${COMMODORE_SSH_PRIVATE_KEY}")" \
   --env=CLUSTER_ID="$CLUSTER_ID" \
   --env=GITLAB_ENDPOINT="$GITLAB_ENDPOINT" \
   --tty --stdin --restart=Never --rm --wait \
diff --git a/3_steward_on_minikube.sh b/3_steward_on_minikube.sh
@@ -15,7 +15,7 @@ LIEUTENANT_URL=$(curl http://localhost:4040/api/tunnels --silent | jq -r '.["tun
 check_variable "LIEUTENANT_URL" "$LIEUTENANT_URL"
 
 echo "===> Find Lieutenant API token"
-LIEUTENANT_TOKEN=$(kubectl --context minikube -n lieutenant get secret "$(kubectl --context minikube -n lieutenant get sa api-access-synkickstart -o go-template='{{(index .secrets 0).name}}')" -o go-template='{{.data.token | base64decode}}')
+LIEUTENANT_TOKEN=$(kubectl --context minikube -n lieutenant get secret token-secret -o go-template='{{.data.token | base64decode}}')
 check_variable "LIEUTENANT_TOKEN" "$LIEUTENANT_TOKEN"
 LIEUTENANT_AUTH="Authorization: Bearer $LIEUTENANT_TOKEN"
 
diff --git a/4_synthesize_on_k3s.sh b/4_synthesize_on_k3s.sh
@@ -9,13 +9,17 @@ check_variable "GITLAB_ENDPOINT" "$GITLAB_ENDPOINT"
 check_variable "GITLAB_USERNAME" "$GITLAB_USERNAME"
 check_variable "COMMODORE_SSH_PRIVATE_KEY" "$COMMODORE_SSH_PRIVATE_KEY"
 
+# Commodore version
+COMMODORE_VERSION=v1.16.0
+
 LIEUTENANT_URL=$(curl http://localhost:4040/api/tunnels --silent | jq -r '.["tunnels"][0]["public_url"]')
 check_variable "LIEUTENANT_URL" "$LIEUTENANT_URL"
 
 TENANT_ID=$(kubectl --context minikube --namespace lieutenant get tenant | grep t- | awk 'NR==1{print $1}')
 check_variable "TENANT_ID" "$TENANT_ID"
 
-LIEUTENANT_TOKEN=$(kubectl --context minikube --namespace lieutenant get secret "$(kubectl --context minikube --namespace lieutenant get sa api-access-synkickstart -o go-template='{{(index .secrets 0).name}}')" -o go-template='{{.data.token | base64decode}}')
+echo "===> Find Lieutenant Token"
+LIEUTENANT_TOKEN=$(kubectl --context minikube -n lieutenant get secret token-secret -o go-template='{{.data.token | base64decode}}')
 check_variable "LIEUTENANT_TOKEN" "$LIEUTENANT_TOKEN"
 
 # Launch K3s
@@ -33,10 +37,10 @@ check_variable "CLUSTER_ID" "$CLUSTER_ID"
 echo "===> Kickstart Commodore"
 echo "===> IMPORTANT: When prompted enter your SSH key password"
 kubectl --context minikube -n lieutenant run commodore-shell \
-  --image=docker.io/projectsyn/commodore:v1.3.2 \
+  --image=docker.io/projectsyn/commodore:$COMMODORE_VERSION \
   --env=COMMODORE_API_URL="$LIEUTENANT_URL" \
   --env=COMMODORE_API_TOKEN="$LIEUTENANT_TOKEN" \
-  --env=SSH_PRIVATE_KEY="$(cat ${COMMODORE_SSH_PRIVATE_KEY})" \
+  --env=SSH_PRIVATE_KEY="$(cat "${COMMODORE_SSH_PRIVATE_KEY}")" \
   --env=CLUSTER_ID="$CLUSTER_ID" \
   --env=GITLAB_ENDPOINT="$GITLAB_ENDPOINT" \
   --tty --stdin --restart=Never --rm --wait \
diff --git a/4_synthesize_on_kind.sh b/4_synthesize_on_kind.sh
@@ -8,13 +8,16 @@ check_variable "GITLAB_ENDPOINT" "$GITLAB_ENDPOINT"
 check_variable "GITLAB_USERNAME" "$GITLAB_USERNAME"
 check_variable "COMMODORE_SSH_PRIVATE_KEY" "$COMMODORE_SSH_PRIVATE_KEY"
 
+# Commodore version
+COMMODORE_VERSION=v1.16.0
+
 LIEUTENANT_URL=$(curl http://localhost:4040/api/tunnels --silent | jq -r '.["tunnels"][0]["public_url"]')
 check_variable "LIEUTENANT_URL" "$LIEUTENANT_URL"
 
 TENANT_ID=$(kubectl --context minikube --namespace lieutenant get tenant | grep t- | awk 'NR==1{print $1}')
 check_variable "TENANT_ID" "$TENANT_ID"
 
-LIEUTENANT_TOKEN=$(kubectl --context minikube --namespace lieutenant get secret "$(kubectl --context minikube --namespace lieutenant get sa api-access-synkickstart -o go-template='{{(index .secrets 0).name}}')" -o go-template='{{.data.token | base64decode}}')
+LIEUTENANT_TOKEN=$(kubectl --context minikube -n lieutenant get secret token-secret -o go-template='{{.data.token | base64decode}}')
 check_variable "LIEUTENANT_TOKEN" "$LIEUTENANT_TOKEN"
 
 # Launch kind
@@ -29,10 +32,10 @@ check_variable "CLUSTER_ID" "$CLUSTER_ID"
 echo "===> Kickstart Commodore"
 echo "===> IMPORTANT: When prompted enter your SSH key password"
 kubectl --context minikube -n lieutenant run commodore-shell \
-  --image=docker.io/projectsyn/commodore:v1.3.2 \
+  --image=docker.io/projectsyn/commodore:$COMMODORE_VERSION \
   --env=COMMODORE_API_URL="$LIEUTENANT_URL" \
   --env=COMMODORE_API_TOKEN="$LIEUTENANT_TOKEN" \
-  --env=SSH_PRIVATE_KEY="$(cat ${COMMODORE_SSH_PRIVATE_KEY})" \
+  --env=SSH_PRIVATE_KEY="$(cat "${COMMODORE_SSH_PRIVATE_KEY}")" \
   --env=CLUSTER_ID="$CLUSTER_ID" \
   --env=GITLAB_ENDPOINT="$GITLAB_ENDPOINT" \
   --tty --stdin --restart=Never --rm --wait \
diff --git a/4_synthesize_on_microk8s.sh b/4_synthesize_on_microk8s.sh
diff --git a/5_delete.sh b/5_delete.sh
@@ -9,6 +9,7 @@ TENANT_ID=$(kubectl --context minikube -n lieutenant get tenant | grep t- | awk
 check_variable "TENANT_ID" "$TENANT_ID"
 
 echo "===> Removing all clusters"
+# shellcheck disable=SC2207
 CLUSTERS=($(kubectl --context minikube -n lieutenant get cluster -o jsonpath="{$.items[*].metadata.name}"))
 for CLUSTER in "${CLUSTERS[@]}"; do
     kubectl --context minikube -n lieutenant delete cluster "$CLUSTER"
@@ -22,7 +23,5 @@ sleep 20
 
 minikube delete
 k3d cluster delete projectsyn
-# kind delete cluster --name projectsyn
-# sudo microk8s reset
-# sudo microk8s stop
+kind delete cluster --name projectsyn
 killall ngrok
diff --git a/README.adoc b/README.adoc
@@ -12,6 +12,12 @@ The instructions of the tutorial guide the user to the creation and deployment o
 
 The `0_requirements.sh` script shows the current versions of all required software.
 
+=== Podman instead of Docker
+
+If you do not have Docker installed or would prefer to use https://podman.io/[Podman], https://kind.sigs.k8s.io/[kind] is 100% compatible with Podman and has been successfully tested with this tutorial.
+
+At the time of the last update of this document, k3d 5.5 is not compatible with Podman, https://k3d.io/v5.5.1/usage/advanced/podman/[despite what the documentation says].
+
 == Build PDF
 
 Use the `make pdf` command to create a PDF file out of the source Asciidoc file in the `build` folder. This operation requires Docker.
diff --git a/lib/auth.yaml b/lib/auth.yaml
@@ -34,3 +34,11 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: api-access-synkickstart
+---
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/service-account-token
+metadata:
+  name: token-secret
+  annotations:
+    kubernetes.io/service-account.name: api-access-synkickstart
diff --git a/lib/functions.sh b/lib/functions.sh
@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 
 check_variable () {
-    if [ -z $2 ]; then
+    if [ -z "$2" ]; then
         echo "===> ERROR: $1 variable not set"
         exit 1
     fi
