diff --git a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/00-remove-toplevel-values.yaml b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/00-remove-toplevel-values.yaml new file mode 100644 index 00000000..c64d2fda --- /dev/null +++ b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/00-remove-toplevel-values.yaml @@ -0,0 +1,48 @@ +#@ load("@ytt:data", "data") +#@ load("@ytt:overlay", "overlay") + +#@overlay/remove +debug: + +#@overlay/remove +localKindCluster: +#@overlay/remove +localDNSResolver: + +#@overlay/remove +clusterInfrastructure: + +#@overlay/remove +imageRegistry: +#@overlay/remove +version: +#@overlay/remove +imageVersions: +#@overlay/remove +clusterRuntime: +#@overlay/remove +clusterIngress: +#@overlay/remove +sessionCookies: +#@overlay/remove +clusterStorage: +#@overlay/remove +clusterSecrets: +#@overlay/remove +clusterSecurity: +#@overlay/remove +workshopSecurity: +#@overlay/remove +trainingPortal: +#@overlay/remove +dockerDaemon: +#@overlay/remove +clusterNetwork: +#@overlay/remove +workshopAnalytics: +#@overlay/remove +websiteStyling: +#@overlay/remove +imagePuller: +#@overlay/remove +lookupService: diff --git a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/10-default-settings-for-provider.yaml b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/10-default-settings-for-provider.yaml new file mode 100644 index 00000000..ace3616f --- /dev/null +++ b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/10-default-settings-for-provider.yaml @@ -0,0 +1,34 @@ +#@ load("@ytt:data", "data") +#@ load("@ytt:overlay", "overlay") +#@ load("functions.star", "isClusterPackageEnableByDefault") +#@ load("functions.star", "isClusterPackageExplicitDisabled") + +#! This file contains default values for the custom infrastructure provider. +#! These are the values that will be set if not overridden by the user. + +#@overlay/match-child-defaults missing_ok=True +#@overlay/replace +clusterPackages: + contour: + enabled: #@ isClusterPackageEnableByDefault("contour") + settings: {} + cert-manager: + enabled: #@ isClusterPackageEnableByDefault("cert-manager") + settings: {} + external-dns: + enabled: #@ isClusterPackageEnableByDefault("external-dns") + settings: {} + certs: + enabled: #@ isClusterPackageEnableByDefault("certs") + settings: {} + kyverno: + enabled: #@ isClusterPackageEnableByDefault("kyverno") + settings: {} + kapp-controller: + enabled: #@ isClusterPackageEnableByDefault("kapp-controller") + settings: {} + educates: + enabled: #@ isClusterPackageEnableByDefault("educates") + settings: + clusterSecurity: + policyEngine: security-context-constraints diff --git a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/50-packages-enablement.yaml b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/50-packages-enablement.yaml new file mode 100644 index 00000000..8d4b7d34 --- /dev/null +++ b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/50-packages-enablement.yaml @@ -0,0 +1,10 @@ +#@ load("@ytt:data", "data") +#@ load("@ytt:overlay", "overlay") + +#! This enables packages based on the user input + +#@overlay/match-child-defaults missing_ok=True +clusterPackages: + kyverno: + #@ if/end hasattr(data.values, "clusterPackages") and hasattr(data.values.clusterPackages, "kyverno") and hasattr(data.values.clusterPackages.kyverno, "enabled"): + enabled: #@ data.values.clusterPackages.kyverno.enabled \ No newline at end of file diff --git a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/80-copy-educates-config.yaml b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/80-copy-educates-config.yaml new file mode 100644 index 00000000..1afda1ac --- /dev/null +++ b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/80-copy-educates-config.yaml @@ -0,0 +1,10 @@ +#@ load("@ytt:data", "data") +#@ load("@ytt:overlay", "overlay") +#@ load("educates.lib.yaml", "copy_all_educates_values") + +#! This copies user provided values for the custom infrastructure provider. + +#@overlay/match-child-defaults missing_ok=True +clusterPackages: + educates: + settings: #@ copy_all_educates_values() diff --git a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/99-remove-settings-disabled.yaml b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/99-remove-settings-disabled.yaml new file mode 100644 index 00000000..25b8297c --- /dev/null +++ b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/99-remove-settings-disabled.yaml @@ -0,0 +1,36 @@ +#@ load("@ytt:data", "data") +#@ load("@ytt:overlay", "overlay") +#@ load("functions.star", "isClusterPackageExplicitDisabled") + +#! This removes settings for disabled packages + +#@overlay/match-child-defaults missing_ok=True +clusterPackages: + contour: + #@ if/end isClusterPackageExplicitDisabled("contour"): + #@overlay/replace + settings: {} + cert-manager: + #@ if/end isClusterPackageExplicitDisabled("cert-manager"): + #@overlay/replace + settings: {} + external-dns: + #@ if/end isClusterPackageExplicitDisabled("external-dns"): + #@overlay/replace + settings: {} + certs: + #@ if/end isClusterPackageExplicitDisabled("certs"): + #@overlay/replace + settings: {} + kyverno: + #@ if/end isClusterPackageExplicitDisabled("kyverno"): + #@overlay/replace + settings: {} + kapp-controller: + #@ if/end isClusterPackageExplicitDisabled("kapp-controller"): + #@overlay/replace + settings: {} + #! educates: + #! #@ if/end isClusterPackageExplicitDisabled("educates"): + #! #@overlay/replace + #! settings: {} diff --git a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/README.md b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/README.md new file mode 100644 index 00000000..03738962 --- /dev/null +++ b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/README.md @@ -0,0 +1,4 @@ +# openshift +By default, only kyverno and educates will be installed +We only allow to enabling/disabling kyverno +We copy all educates main config to the clusterPackage diff --git a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/defaults.star b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/defaults.star new file mode 100644 index 00000000..e0e22857 --- /dev/null +++ b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/defaults.star @@ -0,0 +1,6 @@ +load("@ytt:data", "data") + +enabledByDefaultPackagesList = [ + "kyverno", + "educates" +] \ No newline at end of file diff --git a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/educates.lib.yaml b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/educates.lib.yaml new file mode 100644 index 00000000..8979d592 --- /dev/null +++ b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/educates.lib.yaml @@ -0,0 +1,174 @@ +#@ load("@ytt:data", "data") + +#@ def copy_all_educates_values(): + +#@ if/end hasattr(data.values, "imageRegistry") and data.values.imageRegistry != None: +imageRegistry: + #@ if/end hasattr(data.values.imageRegistry, "namespace") and data.values.imageRegistry.namespace != None: + namespace: #@ data.values.imageRegistry.namespace + #@ if/end hasattr(data.values.imageRegistry, "host") and data.values.imageRegistry.host != None: + host: #@ data.values.imageRegistry.host +#@ if/end hasattr(data.values, "version") and data.values.version != None: +version: #@ data.values.version +#@ if/end hasattr(data.values, "imageVersions") and data.values.imageVersions != None: +imageVersions: #@ data.values.imageVersions +#@ if/end hasattr(data.values, "clusterRuntime") and data.values.clusterRuntime != None: +clusterRuntime: #@ data.values.clusterRuntime +#@ if/end hasattr(data.values, "clusterIngress") and data.values.clusterIngress != None: +clusterIngress: + #@ if/end hasattr(data.values.clusterIngress, "domain") and data.values.clusterIngress.domain != None: + domain: #@ data.values.clusterIngress.domain + #@ if/end hasattr(data.values.clusterIngress, "class") and data.values.clusterIngress["class"] != None: + class: #@ data.values.clusterIngress["class"] + #@ if/end hasattr(data.values.clusterIngress, "protocol") and data.values.clusterIngress.protocol != None: + protocol: #@ data.values.clusterIngress.protocol + #@ if/end hasattr(data.values.clusterIngress, "tlsCertificate") and data.values.clusterIngress.tlsCertificate != None: + tlsCertificate: + #@ if/end hasattr(data.values.clusterIngress.tlsCertificate, "tls.crt") and data.values.clusterIngress.tlsCertificate["tls.crt"] != None: + tls.crt: #@ data.values.clusterIngress.tlsCertificate["tls.crt"] + #@ if/end hasattr(data.values.clusterIngress.tlsCertificate, "tls.key") and data.values.clusterIngress.tlsCertificate["tls.key"] != None: + tls.key: #@ data.values.clusterIngress.tlsCertificate["tls.key"] + #! TODO: Customize certs name reference in eks + #! projectcontour/wildcard + #@ if/end hasattr(data.values.clusterIngress, "tlsCertificateRef") and data.values.clusterIngress.tlsCertificateRef != None: + tlsCertificateRef: + namespace: #@ (hasattr(data.values.clusterIngress.tlsCertificateRef, "namespace") and data.values.clusterIngress.tlsCertificateRef.namespace != None) and data.values.clusterIngress.tlsCertificateRef.namespace or "projectcontour" + #@ if/end hasattr(data.values.clusterIngress.tlsCertificateRef, "name") and data.values.clusterIngress.tlsCertificateRef.name != None: + name: #@ data.values.clusterIngress.tlsCertificateRef.name + #@ if/end hasattr(data.values.clusterIngress, "caCertificate") and data.values.clusterIngress.caCertificate != None: + caCertificate: #@ data.values.clusterIngress.caCertificate + #@ if/end hasattr(data.values.clusterIngress, "caCertificateRef") and data.values.clusterIngress.caCertificateRef != None: + caCertificateRef: + #@ if/end hasattr(data.values.clusterIngress.caCertificateRef, "namespace") and data.values.clusterIngress.caCertificateRef.namespace != None: + namespace: #@ data.values.clusterIngress.caCertificateRef.namespace + #@ if/end hasattr(data.values.clusterIngress.caCertificateRef, "name") and data.values.clusterIngress.caCertificateRef.name != None: + name: #@ data.values.clusterIngress.caCertificateRef.name + #@ if/end hasattr(data.values.clusterIngress, "caNodeInjector") and data.values.clusterIngress.caNodeInjector != None: + caNodeInjector: #@ data.values.clusterIngress.caNodeInjector +#@ if/end hasattr(data.values, "sessionCookies") and data.values.sessionCookies != None: +sessionCookies: #@ data.values.sessionCookies +#@ if/end hasattr(data.values, "clusterStorage") and data.values.clusterStorage != None: +clusterStorage: + #@ if/end hasattr(data.values.clusterStorage, "class") and data.values.clusterStorage["class"] != None: + class: #@ data.values.clusterStorage["class"] + #@ if/end hasattr(data.values.clusterStorage, "user") and data.values.clusterStorage.user != None: + user: #@ data.values.clusterStorage.user + #@ if/end hasattr(data.values.clusterStorage, "group") and data.values.clusterStorage.group != None: + group: #@ data.values.clusterStorage.group +#@ if/end hasattr(data.values, "clusterSecrets") and data.values.clusterSecrets != None: +clusterSecrets: #@ data.values.clusterSecrets +#! Should not allow cluster security policy engine default to be overridden as must be set to security-context-constraints +#! #@ if/end hasattr(data.values, "clusterSecurity") and data.values.clusterSecurity != None: +#! clusterSecurity: #@ data.values.clusterSecurity +#@ if/end hasattr(data.values, "workshopSecurity") and data.values.workshopSecurity != None: +workshopSecurity: #@ data.values.workshopSecurity +#@ if/end hasattr(data.values, "trainingPortal") and data.values.trainingPortal != None: +trainingPortal: + #@ if/end hasattr(data.values.trainingPortal, "credentials") and data.values.trainingPortal.credentials != None: + credentials: + #@ if/end hasattr(data.values.trainingPortal.credentials, "admin") and data.values.trainingPortal.credentials.admin != None: + admin: + #@ if/end hasattr(data.values.trainingPortal.credentials.admin, "username") and data.values.trainingPortal.credentials.admin.username != None: + username: #@ data.values.trainingPortal.credentials.admin.username + #@ if/end hasattr(data.values.trainingPortal.credentials.admin, "password") and data.values.trainingPortal.credentials.admin.password != None: + password: #@ data.values.trainingPortal.credentials.admin.password + #@ if/end hasattr(data.values.trainingPortal.credentials, "robot") and data.values.trainingPortal.credentials.admin != None: + robot: + #@ if/end hasattr(data.values.trainingPortal.credentials.robot, "username") and data.values.trainingPortal.credentials.robot.username != None: + username: #@ data.values.trainingPortal.credentials.robot.username + #@ if/end hasattr(data.values.trainingPortal.credentials.robot, "password") and data.values.trainingPortal.credentials.robot.password != None: + password: #@ data.values.trainingPortal.credentials.robot.password + #@ if/end hasattr(data.values.trainingPortal, "clients") and data.values.trainingPortal.clients != None: + clients: + #@ if/end hasattr(data.values.trainingPortal.clients, "robot") and data.values.trainingPortal.clients.robot != None: + robot: + #@ if/end hasattr(data.values.trainingPortal.clients.robot, "id") and data.values.trainingPortal.clients.robot.id != None: + id: #@ data.values.trainingPortal.clients.robot.id + #@ if/end hasattr(data.values.trainingPortal.clients.robot, "secret") and data.values.trainingPortal.clients.robot.secret != None: + secret: #@ data.values.trainingPortal.clients.robot.secret +#@ if/end hasattr(data.values, "dockerDaemon") and data.values.dockerDaemon != None: +dockerDaemon: + #@ if/end hasattr(data.values.dockerDaemon, "networkMTU") and data.values.dockerDaemon.networkMTU != None: + networkMTU: #@ data.values.dockerDaemon.networkMTU + #@ if/end hasattr(data.values.dockerDaemon, "proxyCache") and data.values.dockerDaemon.proxyCache != None: + proxyCache: + #@ if/end hasattr(data.values.dockerDaemon.proxyCache, "remoteURL") and data.values.dockerDaemon.proxyCache.remoteURL != None: + remoteURL: #@ data.values.dockerDaemon.proxyCache.remoteURL + #@ if/end hasattr(data.values.dockerDaemon.proxyCache, "username") and data.values.dockerDaemon.proxyCache.username != None: + username: #@ data.values.dockerDaemon.proxyCache.username + #@ if/end hasattr(data.values.dockerDaemon.proxyCache, "password") and data.values.dockerDaemon.proxyCache.password != None: + password: #@ data.values.dockerDaemon.proxyCache.password +#@ if/end hasattr(data.values, "clusterNetwork") and data.values.clusterNetwork != None: +clusterNetwork: #@ data.values.clusterNetwork +#@ if/end hasattr(data.values, "workshopAnalytics") and data.values.workshopAnalytics != None: +workshopAnalytics: + #@ if/end hasattr(data.values.workshopAnalytics, "google") and data.values.workshopAnalytics.google != None: + google: + #@ if/end hasattr(data.values.workshopAnalytics.google, "trackingId") and data.values.workshopAnalytics.google.trackingId != None: + trackingId: #@ data.values.workshopAnalytics.google.trackingId + #@ if/end hasattr(data.values.workshopAnalytics, "clarity") and data.values.workshopAnalytics.clarity != None: + clarity: + #@ if/end hasattr(data.values.workshopAnalytics.clarity, "trackingId") and data.values.workshopAnalytics.clarity.trackingId != None: + trackingId: #@ data.values.workshopAnalytics.clarity.trackingId + #@ if/end hasattr(data.values.workshopAnalytics, "amplitude") and data.values.workshopAnalytics.amplitude != None: + amplitude: + #@ if/end hasattr(data.values.workshopAnalytics.amplitude, "trackingId") and data.values.workshopAnalytics.amplitude.trackingId != None: + trackingId: #@ data.values.workshopAnalytics.amplitude.trackingId + #@ if/end hasattr(data.values.workshopAnalytics, "webhook") and data.values.workshopAnalytics.webhook != None: + webhook: + #@ if/end hasattr(data.values.workshopAnalytics.webhook, "url") and data.values.workshopAnalytics.webhook.url != None: + url: #@ data.values.workshopAnalytics.webhook.url +#@ if/end hasattr(data.values, "websiteStyling") and data.values.websiteStyling != None: +websiteStyling: + #@ if/end hasattr(data.values.websiteStyling, "workshopDashboard") and data.values.websiteStyling.workshopDashboard != None: + workshopDashboard: + #@ if/end hasattr(data.values.websiteStyling.workshopDashboard, "html") and data.values.websiteStyling.workshopDashboard.html != None: + html: #@ data.values.websiteStyling.workshopDashboard.html + #@ if/end hasattr(data.values.websiteStyling.workshopDashboard, "script") and data.values.websiteStyling.workshopDashboard.script != None: + script: #@ data.values.websiteStyling.workshopDashboard.script + #@ if/end hasattr(data.values.websiteStyling.workshopDashboard, "style") and data.values.websiteStyling.workshopDashboard.style != None: + style: #@ data.values.websiteStyling.workshopDashboard.style + #@ if/end hasattr(data.values.websiteStyling, "workshopInstructions") and data.values.websiteStyling.workshopInstructions != None: + workshopInstructions: + #@ if/end hasattr(data.values.websiteStyling.workshopInstructions, "html") and data.values.websiteStyling.workshopInstructions.html != None: + html: #@ data.values.websiteStyling.workshopInstructions.html + #@ if/end hasattr(data.values.websiteStyling.workshopInstructions, "script") and data.values.websiteStyling.workshopInstructions.script != None: + script: #@ data.values.websiteStyling.workshopInstructions.script + #@ if/end hasattr(data.values.websiteStyling.workshopInstructions, "style") and data.values.websiteStyling.workshopInstructions.style != None: + style: #@ data.values.websiteStyling.workshopInstructions.style + #@ if/end hasattr(data.values.websiteStyling, "workshopStarted") and data.values.websiteStyling.workshopStarted != None: + workshopStarted: + #@ if/end hasattr(data.values.websiteStyling.workshopStarted, "html") and data.values.websiteStyling.workshopStarted.html != None: + html: #@ data.values.websiteStyling.workshopStarted.html + #@ if/end hasattr(data.values.websiteStyling, "workshopFinished") and data.values.websiteStyling.workshopFinished != None: + workshopFinished: + #@ if/end hasattr(data.values.websiteStyling.workshopFinished, "html") and data.values.websiteStyling.workshopFinished.html != None: + html: #@ data.values.websiteStyling.workshopFinished.html + #@ if/end hasattr(data.values.websiteStyling, "trainingPortal") and data.values.websiteStyling.trainingPortal != None: + trainingPortal: + #@ if/end hasattr(data.values.websiteStyling.trainingPortal, "html") and data.values.websiteStyling.trainingPortal.html != None: + html: #@ data.values.websiteStyling.trainingPortal.html + #@ if/end hasattr(data.values.websiteStyling.trainingPortal, "script") and data.values.websiteStyling.trainingPortal.script != None: + script: #@ data.values.websiteStyling.trainingPortal.script + #@ if/end hasattr(data.values.websiteStyling.trainingPortal, "style") and data.values.websiteStyling.trainingPortal.style != None: + style: #@ data.values.websiteStyling.trainingPortal.style + #@ if/end hasattr(data.values.websiteStyling, "defaultTheme") and data.values.websiteStyling.defaultTheme != None: + defaultTheme: #@ data.values.websiteStyling.defaultTheme + #@ if/end hasattr(data.values.websiteStyling, "themeDataRefs") and data.values.websiteStyling.themeDataRefs != None: + themeDataRefs: #@ data.values.websiteStyling.themeDataRefs + #@ if/end hasattr(data.values.websiteStyling, "frameAncestors") and data.values.websiteStyling.frameAncestors != None: + frameAncestors: #@ data.values.websiteStyling.frameAncestors +#@ if/end hasattr(data.values, "imagePuller") and data.values.imagePuller != None: +imagePuller: + enabled: #@ data.values.imagePuller.enabled + #@ if hasattr(data.values.imagePuller, "prePullImages") and data.values.imagePuller.prePullImages != None: + #@overlay/replace + prePullImages: #@ data.values.imagePuller.prePullImages + #@ end +#@ if/end hasattr(data.values, "lookupService") and data.values.lookupService != None: +lookupService: + #@ if/end hasattr(data.values.lookupService, "enabled") and data.values.lookupService.enabled != None: + enabled: #@ data.values.lookupService.enabled + #@ if/end hasattr(data.values.lookupService, "ingressPrefix") and data.values.lookupService.ingressPrefix != None: + ingressPrefix: #@ data.values.lookupService.ingressPrefix +#@ end diff --git a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/functions.star b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/functions.star new file mode 100644 index 00000000..6a078759 --- /dev/null +++ b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/infrastructure/openshift/functions.star @@ -0,0 +1,18 @@ +load("@ytt:data", "data") +load("defaults.star", "enabledByDefaultPackagesList") + +def isClusterPackageEnableByDefault(package): + return package in enabledByDefaultPackagesList +end + +def isClusterPackageEnabled(package): + if hasattr(data.values, "clusterPackages") and hasattr(data.values.clusterPackages, package) and hasattr(data.values.clusterPackages[package], "enabled"): + return data.values.clusterPackages[package].enabled + else: + return package in enabledByDefaultPackagesList + end +end + +def isClusterPackageExplicitDisabled(package): + return not isClusterPackageEnabled(package) +end \ No newline at end of file diff --git a/carvel-packages/installer/bundle/config/ytt/values-schema.yaml b/carvel-packages/installer/bundle/config/ytt/values-schema.yaml index fecc03ed..c4adc802 100644 --- a/carvel-packages/installer/bundle/config/ytt/values-schema.yaml +++ b/carvel-packages/installer/bundle/config/ytt/values-schema.yaml @@ -53,7 +53,7 @@ clusterPackages: clusterInfrastructure: #! NOT IMPLEMENTED: "azure", "gke-autopilot" #! TODO: Implement validators. e.g. when kind is selected, clusterIngress.domain is required. - #@schema/validation one_of=["eks", "gke", "kind", "custom", "vcluster", "generic", "minikube"] + #@schema/validation one_of=["eks", "gke", "kind", "custom", "vcluster", "generic", "minikube", "openshift"] provider: "custom" #@schema/nullable #@schema/validation not_null=True, when=lambda _, ctx: ctx.root["clusterInfrastructure"]["provider"] == "eks" diff --git a/client-programs/pkg/config/installationconfig.go b/client-programs/pkg/config/installationconfig.go index bab12ae5..fc66b4ca 100644 --- a/client-programs/pkg/config/installationconfig.go +++ b/client-programs/pkg/config/installationconfig.go @@ -474,9 +474,9 @@ func PrintConfigToStdout(config *InstallationConfig) error { func ValidateProvider(provider string) error { switch provider { - case "eks", "kind", "gke", "custom", "vcluster", "generic", "minikube": + case "eks", "kind", "gke", "custom", "vcluster", "generic", "minikube", "openshift": return nil default: - return errors.New("Invalid ClusterInsfrastructure Provider. Valid values are (eks, gke, kind, custom, vcluster, generic, minikube)") + return errors.New("Invalid ClusterInsfrastructure Provider. Valid values are (eks, gke, kind, custom, vcluster, generic, minikube, openshift)") } } diff --git a/project-docs/installation-guides/infrastructure-providers.md b/project-docs/installation-guides/infrastructure-providers.md index db06faa3..d65ab4ef 100644 --- a/project-docs/installation-guides/infrastructure-providers.md +++ b/project-docs/installation-guides/infrastructure-providers.md @@ -97,53 +97,11 @@ If you do not want to use Contour as the ingress controller, but use the Nginx i Installation to OpenShift ------------------------- -We are not currently providing a pre-canned configuration for installing Educates in OpenShift. We are working on including configuration for OpenShift, but believe the following configuration should work in the interim. +Installation is supported on a local Kubernetes cluster created using [OpenShift](https://docs.openshift.com). This is indicated by setting `provider` to `openshift`. -```yaml -# Specify the infrastructure provider hosting the Kubernetes cluster. -# We are using "custom" and providing the configuration ourselves. - -clusterInfrastructure: - provider: custom - -# Specify the ingress domain to be used to access the workshops hosted by -# the Educates installation. - -clusterIngress: - domain: educates-local-dev.test - -# Specify component packages to be installed for this configuration. - -clusterPackages: - # Disable installation of Contour as using OpenShift standard ingress - # controller. - - contour: - enabled: false - - # Enable installation of Kyverno for workshop security policy enforcement. - - kyverno: - enabled: true - - # Ensure that Educates training platform is installed. - - educates: - enabled: true - -# Configure cluster security policy enforcement to be done using OpenShift -# security context constraints. - -clusterSecurity: - policyEngine: security-context-constraints - -# Configure workshop security policy enforcement to be done using Kyverno. - -workshopSecurity: - rulesEngine: kyverno -``` +The components which will be installed are the Educates training platform, and Kyverno for workshop security policy enforcement. -The standard OpenShift ingress controller will be used. +OpenShift security context constraints (SCC) will be used for cluster security policies. For ingress, the native OpenShift ingress controller will be used. Installation to a vCluster -------------------------- diff --git a/project-docs/installation-guides/installation-instructions.md b/project-docs/installation-guides/installation-instructions.md index dd1bad9e..7ded3d79 100644 --- a/project-docs/installation-guides/installation-instructions.md +++ b/project-docs/installation-guides/installation-instructions.md @@ -27,6 +27,8 @@ Support is currently provided for the following infrastructure providers. * `eks` - Amazon Elastic Kubernetes Service (EKS) * `gke` - Google Kubernetes Engine (GKE) * `kind` - Kubernetes in Docker (Kind) +* `minikube` - Minikube +* `openshift` - OpenShift (RedHat) * `vcluster` - Virtual Kubernetes Cluster (Loft) Although using a pre-canned configuration, you can still provide customizations on top to modify what is installed and how. diff --git a/project-docs/release-notes/version-3.0.1.md b/project-docs/release-notes/version-3.0.1.md index 5eaf9bb3..80b8ff3f 100644 --- a/project-docs/release-notes/version-3.0.1.md +++ b/project-docs/release-notes/version-3.0.1.md @@ -15,6 +15,10 @@ New Features install Contour as the ingress controller, but can be disabled if using the nginx ingress controller provided by Minikube. +* Added opinionated installer configuration for OpenShift. Will use the native + OpenShift ingress controller. Will force use of security context constraints + (SCC) for cluster security policy engine. + Features Changed ----------------