From 869db6716b27d2a65a448cd46d00e165c6380f61 Mon Sep 17 00:00:00 2001 From: Graham Dumpleton Date: Tue, 27 Aug 2024 10:52:31 +1000 Subject: [PATCH 1/3] Add docs about adding labels to training portals. --- project-docs/custom-resources/training-portal.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/project-docs/custom-resources/training-portal.md b/project-docs/custom-resources/training-portal.md index 3e10bc47..44a8034d 100644 --- a/project-docs/custom-resources/training-portal.md +++ b/project-docs/custom-resources/training-portal.md @@ -182,6 +182,19 @@ spec: When a name conflict occurs, the value of this label will override any value specified in the workshop default section, or the workshop definition. +Labels for the training portal +------------------------------ + +As well as being able to provide additional labels for individual workshops, it is also possible to add labels to the training portal. These labels are distinct from labels added to metadata for Kubernetes resources and are specific to Educates. They can be used by a lookup service to identify the purpose of training portals. + +```yaml +spec: + portal: + labels: + - name: environment + value: staging +``` + Setting caps on individual users -------------------------------- From 083964d7d6452412b6c82263aee8c49c53d206eb Mon Sep 17 00:00:00 2001 From: Graham Dumpleton Date: Tue, 27 Aug 2024 11:01:46 +1000 Subject: [PATCH 2/3] Always install remote access token for lookup service use. --- .../_ytt_lib/packages/educates/08-lookup.yaml | 2 ++ .../clusterrolebindings.yaml | 13 +++++++++ .../lookup-service-token/clusterroles.yaml | 26 +++++++++++++++++ .../secrets.yaml | 0 .../lookup-service-token/serviceaccounts.yaml | 8 ++++++ .../upstream/clusterrolebindings.yaml | 15 ---------- .../lookup-service/upstream/clusterroles.yaml | 28 ------------------- .../upstream/serviceaccounts.yaml | 10 ------- 8 files changed, 49 insertions(+), 53 deletions(-) create mode 100644 carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service-token/clusterrolebindings.yaml create mode 100644 carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service-token/clusterroles.yaml rename carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/{lookup-service/upstream => lookup-service-token}/secrets.yaml (100%) create mode 100644 carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service-token/serviceaccounts.yaml diff --git a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/08-lookup.yaml b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/08-lookup.yaml index ded93d49..e8004990 100644 --- a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/08-lookup.yaml +++ b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/08-lookup.yaml @@ -31,3 +31,5 @@ workshopBaseImagePullPolicy: #@ workshop_base_image_pull_policy #@ if data.values.lookupService.enabled: --- #@ template.replace(library.get("lookup-service").with_data_values(lookup_service_values(), plain=True).eval()) #@ end + +--- #@ template.replace(library.get("lookup-service-token").with_data_values({}, plain=True).eval()) diff --git a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service-token/clusterrolebindings.yaml b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service-token/clusterrolebindings.yaml new file mode 100644 index 00000000..05f2f3f1 --- /dev/null +++ b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service-token/clusterrolebindings.yaml @@ -0,0 +1,13 @@ +#! Cluster role bindings for the remote access. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: educates-remote-access +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: educates-remote-access +subjects: +- kind: ServiceAccount + name: remote-access + namespace: educates diff --git a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service-token/clusterroles.yaml b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service-token/clusterroles.yaml new file mode 100644 index 00000000..b945fded --- /dev/null +++ b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service-token/clusterroles.yaml @@ -0,0 +1,26 @@ +#! Cluster role for the remote access clients. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: educates-remote-access +rules: + - apiGroups: + - training.educates.dev + resources: + - trainingportals + - workshopenvironments + - workshopsessions + - workshopallocations + - workshops + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch diff --git a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service/upstream/secrets.yaml b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service-token/secrets.yaml similarity index 100% rename from carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service/upstream/secrets.yaml rename to carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service-token/secrets.yaml diff --git a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service-token/serviceaccounts.yaml b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service-token/serviceaccounts.yaml new file mode 100644 index 00000000..b31894cb --- /dev/null +++ b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service-token/serviceaccounts.yaml @@ -0,0 +1,8 @@ +#! ServiceAccount for remote access clients. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: remote-access + namespace: educates + annotations: + kapp.k14s.io/change-group: "educates/sa-with-separate-token-secret" diff --git a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service/upstream/clusterrolebindings.yaml b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service/upstream/clusterrolebindings.yaml index 103ac292..9a710104 100644 --- a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service/upstream/clusterrolebindings.yaml +++ b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service/upstream/clusterrolebindings.yaml @@ -1,4 +1,3 @@ ---- #! Cluster role bindings for the lookup service. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -12,17 +11,3 @@ subjects: - kind: ServiceAccount name: lookup-service namespace: educates ---- -#! Cluster role bindings for the remote access. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: educates-remote-access -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: educates-remote-access -subjects: -- kind: ServiceAccount - name: remote-access - namespace: educates diff --git a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service/upstream/clusterroles.yaml b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service/upstream/clusterroles.yaml index 861315fb..c4ddc10b 100644 --- a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service/upstream/clusterroles.yaml +++ b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service/upstream/clusterroles.yaml @@ -1,4 +1,3 @@ ---- #! Cluster role for the lookup service application. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -73,30 +72,3 @@ rules: - get - list - watch ---- -#! Cluster role for the remote access clients. -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: educates-remote-access -rules: - - apiGroups: - - training.educates.dev - resources: - - trainingportals - - workshopenvironments - - workshopsessions - - workshopallocations - - workshops - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - customresourcedefinitions - verbs: - - get - - list - - watch diff --git a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service/upstream/serviceaccounts.yaml b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service/upstream/serviceaccounts.yaml index 13226d24..807d973e 100644 --- a/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service/upstream/serviceaccounts.yaml +++ b/carvel-packages/installer/bundle/config/ytt/_ytt_lib/packages/educates/_ytt_lib/lookup-service/upstream/serviceaccounts.yaml @@ -1,16 +1,6 @@ ---- #! ServiceAccount to run the lookup service application. apiVersion: v1 kind: ServiceAccount metadata: name: lookup-service namespace: educates ---- -#! ServiceAccount for remote access clients. -apiVersion: v1 -kind: ServiceAccount -metadata: - name: remote-access - namespace: educates - annotations: - kapp.k14s.io/change-group: "educates/sa-with-separate-token-secret" From ef75992559209545f6cf90eb2c63ff03c232eacb Mon Sep 17 00:00:00 2001 From: Graham Dumpleton Date: Tue, 27 Aug 2024 14:54:44 +1000 Subject: [PATCH 3/3] Add reference in release notes to new lookup service. --- project-docs/release-notes/version-3.0.0.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/project-docs/release-notes/version-3.0.0.md b/project-docs/release-notes/version-3.0.0.md index 3bf90747..6bb66e8a 100644 --- a/project-docs/release-notes/version-3.0.0.md +++ b/project-docs/release-notes/version-3.0.0.md @@ -41,6 +41,12 @@ New Features of the existing workshop session by looking up via the REST API, sessions which are active for the user. +* An initial version of a new lookup service has been integrated which provide + a REST API for request workshop sessions which can sit in front of multiple + training portals, on the same cluster or across multiple clusters. We are + still fine tuning this so documentation isn't yet available, buf if interested + then ask about it on the Educates community Slack channel. + Features Changed ----------------