Skip to content

Commit 07bb907

Browse files
authored
Phase 1 improvements (#2)
* Add support for building scripts as an image externally Signed-off-by: Patrick Knight <pknight@redhat.com> * Fix EOL and add some more owners Signed-off-by: Patrick Knight <pknight@redhat.com> * Test build and push Signed-off-by: Patrick Knight <pknight@redhat.com> * Remove build and push from PR Signed-off-by: Patrick Knight <pknight@redhat.com> * Fix issue with additional \ in oc and helm script Signed-off-by: Patrick Knight <pknight@redhat.com> * Allow for multi-stage and writable cache in Dockerfile Signed-off-by: Patrick Knight <pknight@redhat.com> * Fix file names in kustomization file Signed-off-by: Patrick Knight <pknight@redhat.com> * Update stage one to use Quay instead of Red Hat registry Signed-off-by: Patrick Knight <pknight@redhat.com> --------- Signed-off-by: Patrick Knight <pknight@redhat.com>
1 parent 6beedf1 commit 07bb907

19 files changed

Lines changed: 905 additions & 15 deletions

.dockerignore

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
# Secrets and local configuration
2+
.env
3+
*.local.yaml
4+
auth/cluster-secrets/*.yaml
5+
6+
# Git
7+
.git
8+
.gitignore
9+
10+
# IDE
11+
.vscode
12+
.idea
13+
*.swp
14+
15+
# Documentation
16+
docs/
17+
18+
# Temporary files
19+
*.tmp
20+
temp.txt
21+
22+
# Deployment manifests (not needed inside the container)
23+
deploy/
24+
25+
# GitHub files
26+
.github/

.github/CODEOWNERS

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
# Default owners for all files
2+
3+
- @PatAKnight
4+
- @djanickova
5+
- @lholmquist

.github/workflows/build-image.yaml

Lines changed: 69 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,69 @@
1+
name: Build and Push Container Image
2+
3+
on:
4+
push:
5+
branches:
6+
- main
7+
# Uncomment below to add version branches later:
8+
# - 'release-*'
9+
# - 'v[0-9]+.[0-9]+'
10+
tags:
11+
- 'v*' # Also build on version tags (v1.0.0, etc.)
12+
pull_request:
13+
branches:
14+
- main
15+
16+
env:
17+
REGISTRY: ghcr.io
18+
IMAGE_NAME: ${{ github.repository }}
19+
20+
jobs:
21+
build:
22+
runs-on: ubuntu-latest
23+
permissions:
24+
contents: read
25+
packages: write
26+
27+
steps:
28+
- name: Checkout repository
29+
uses: actions/checkout@v4
30+
31+
- name: Set up Docker Buildx
32+
uses: docker/setup-buildx-action@v3
33+
34+
- name: Log in to Container Registry
35+
# Only login when pushing (not on PRs)
36+
if: github.event_name != 'pull_request'
37+
uses: docker/login-action@v3
38+
with:
39+
registry: ${{ env.REGISTRY }}
40+
username: ${{ github.actor }}
41+
password: ${{ secrets.GITHUB_TOKEN }}
42+
43+
- name: Extract metadata (tags, labels)
44+
id: meta
45+
uses: docker/metadata-action@v5
46+
with:
47+
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
48+
tags: |
49+
# Set 'latest' tag for main branch
50+
type=raw,value=latest,enable={{is_default_branch}}
51+
# Use branch name as tag
52+
type=ref,event=branch
53+
# Use tag name for version tags (v1.0.0 -> 1.0.0)
54+
type=semver,pattern={{version}}
55+
type=semver,pattern={{major}}.{{minor}}
56+
# Use short SHA for all builds
57+
type=sha,prefix=
58+
59+
- name: Build and push image
60+
uses: docker/build-push-action@v5
61+
with:
62+
context: .
63+
# Only push on main branch or tags, NOT on PRs
64+
push: ${{ github.event_name != 'pull_request' }}
65+
# push: true
66+
tags: ${{ steps.meta.outputs.tags }}
67+
labels: ${{ steps.meta.outputs.labels }}
68+
cache-from: type=gha
69+
cache-to: type=gha,mode=max

Dockerfile

Lines changed: 35 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,45 @@
1+
# Stage 1: Get oc binary from OpenShift image
2+
FROM quay.io/openshift/origin-cli:latest AS oc-source
3+
4+
# Stage 2: Main application image
15
FROM --platform=linux/amd64 fedora:41
26

7+
# OCI Labels
8+
LABEL org.opencontainers.image.source="https://github.com/PatAKnight/rhdh-testbed"
9+
LABEL org.opencontainers.image.description="RHDH Testbed - Quick deployment tools for Red Hat Developer Hub"
10+
LABEL org.opencontainers.image.licenses="Apache-2.0"
11+
12+
# Copy oc binary from the official image
13+
COPY --from=oc-source /usr/bin/oc /usr/local/bin/oc
14+
315
RUN dnf install -y coreutils sed grep findutils gettext jq curl helm \
4-
&& curl -s https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-client-linux.tar.gz \
5-
| tar -xz -C /usr/local/bin oc \
616
&& chmod +x /usr/local/bin/oc \
7-
&& dnf clean all
17+
&& dnf clean all \
18+
&& rm -rf /var/cache/dnf
819

920
WORKDIR /app
1021

1122
COPY . /app
1223

13-
RUN chmod +x /app/start.sh
24+
RUN chmod +x /app/start.sh /app/teardown.sh /app/scripts/*.sh
25+
26+
# Support running as non-root (required for OpenShift restricted SCC)
27+
RUN chown -R 1001:0 /app && chmod -R g=u /app
28+
29+
# Create writable directories for helm and oc caches
30+
RUN mkdir -p /app/.cache /app/.config /app/.local/share/helm && \
31+
chown -R 1001:0 /app/.cache /app/.config /app/.local && \
32+
chmod -R g=u /app/.cache /app/.config /app/.local
33+
34+
# Set environment variables for helm and oc to use writable cache locations
35+
ENV HOME=/app \
36+
XDG_CACHE_HOME=/app/.cache \
37+
XDG_CONFIG_HOME=/app/.config \
38+
XDG_DATA_HOME=/app/.local/share
39+
40+
USER 1001
1441

15-
ENTRYPOINT ["bash", "/app/start.sh"]
42+
# Default to start.sh, but allow override
43+
# Use: docker run <image> bash /app/teardown.sh
44+
ENTRYPOINT ["bash"]
45+
CMD ["/app/start.sh"]

README.md

Lines changed: 199 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,19 @@
22

33
A collection of resources and scripts to quickly deploy an RHDH instance in Kubernetes, preloaded with useful plugins, example entities, and third-party integrations for rapid testing and development.
44

5+
## Table of Contents
6+
7+
## Table of Contents
8+
9+
- [Background and Purpose](#background-and-purpose)
10+
- [Outline of this project](#outline-of-this-project)
11+
- [Running the Scripts](#running-the-scripts)
12+
- [Option 1: Local Installation](#option-1-local-installation)
13+
- [Option 2: Run with Docker](#option-2-run-with-docker)
14+
- [Option 3: Deploy as Kubernetes Job](#option-3-deploy-as-kubernetes-job)
15+
- [Next Steps](#next-steps)
16+
- [General notes](#general-notes)
17+
518
## Background and Purpose
619

720
These scripts were created out of a need to quickly spin up an RHDH instance preconfigured for testing. The goal is to streamline the process of deploying Red Hat Developer Hub with preconfigured plugins and supporting resources, making it easy for team members, especially those working on plugins, to verify changes, report bugs, and explore features in a real environment. It also serves as a practical example of how RHDH and its plugins can be integrated and showcased.
@@ -70,12 +83,15 @@ More details about this directory and how to populate it are provided in the plu
7083

7184
## Running the Scripts
7285

73-
You have two options to run these scripts:
86+
There are three ways to run the testbed scripts, depending on your environment and preferences:
7487

75-
1. **Locally** - Install dependencies (`oc`, `helm`) and run directly
76-
2. **Docker** - Use containerized environment (especially useful for macOS users)
88+
| Method | Best For | Requirements |
89+
| ------------------ | ------------------------------------------------------- | ------------------------------ |
90+
| **Local** | Development, quick iterations, full control | `oc`, `helm` installed locally |
91+
| **Docker Compose** | macOS users, isolated environment, no local tool setup | Docker Desktop |
92+
| **Kubernetes Job** | CI/CD pipelines, fully automated, no local tools needed | Cluster access only |
7793

78-
## First Steps (Local Installation)
94+
### Option 1: Local Installation
7995

8096
These scripts are designed to work out-of-the-box with minimal setup. In fact, it's recommended that you start with the default setup to better understand how everything fits together. You can always customize and extend things later.
8197

@@ -125,7 +141,7 @@ Step 6. Access your RHDH instance:
125141

126142
You'll now have a clean, working instance of RHDH that's ready to be enhanced in the next steps
127143

128-
## Alternative: Run with Docker
144+
## Option 2: Run with Docker
129145

130146
If you prefer containerized execution, use this instead of the local installation above:
131147

@@ -143,6 +159,184 @@ docker compose up rhdh-start
143159
docker compose up rhdh-teardown
144160
```
145161

162+
## Option 3: Deploy as Kubernetes Job
163+
164+
For fully automated, hands-off deployment directly on your cluster without any local tooling requirements, you can deploy the testbed as a Kubernetes Job.
165+
166+
### Prerequisites
167+
168+
- Access to an OpenShift cluster with `cluster-admin` or equivalent permissions
169+
- `oc` or `kubectl` CLI (only needed to apply the manifests)
170+
171+
### Using the Pre-built Image
172+
173+
A pre-built container image is available at `ghcr.io/PatAKnight/rhdh-testbed:latest`.
174+
175+
**Step 1.** Create the deployment namespace:
176+
177+
`oc new-project rhdh-testbed`
178+
179+
**Step 2a.** Configure the deployment by editing `deploy/configmap.yaml`:
180+
181+
Key ConfigMap values:
182+
183+
| Variable | Description | Default |
184+
| ---------------- | ------------------------------------- | ---------- |
185+
| NAMESPACE | Namespace where RHDH will be deployed | rhdh |
186+
| RELEASE_NAME | Helm release name | backstage |
187+
| K8S_CLUSTER_NAME | Name for you cluster in RHDH | my-cluster |
188+
| SIGN_IN_PAGE | Authentication method (guest or oidc) | guest |
189+
| ENABLE_KEYCLOAK | Deploy Keycloak for SSO | false |
190+
| ENABLE_TEKTON | Deploy OpenShift Pipelines | false |
191+
| ENABLE_OCM | Deploy Advanced Cluster Management | false |
192+
193+
**Step 2b.** Create your secret file using `deploy/secret-template.yaml` as an example:
194+
195+
```bash
196+
# Step 2b: Create and apply your secret
197+
cp deploy/secret-template.yaml deploy/secret.local.yaml
198+
199+
# Edit with your values THEN APPLY
200+
oc apply -f deploy/secret.local.yaml -n rhdh-testbed
201+
```
202+
203+
**Step 3.** Apply the deployment resources:
204+
205+
```bash
206+
# Apply ServiceAccount, ClusterRole, ClusterRoleBinding, ConfigMap, and Secret
207+
oc apply -k deploy/
208+
209+
# Start the setup job
210+
oc apply -f deploy/job.yaml
211+
```
212+
213+
**Optional Step** Monitor the deployment:
214+
215+
```bash
216+
# Watch the job status
217+
oc get jobs -n rhdh-testbed -w
218+
219+
#View logs
220+
oc logs -f job/rhdh-testbed-setup -n rhdh-testbed
221+
```
222+
223+
**Step 4.** Access your RHDH instance:
224+
225+
Once the job completes, the RHDH route URL will be displayed in the logs.
226+
227+
### Teardown
228+
229+
To clean up the RHDH deployment
230+
231+
```bash
232+
# Delete the setup job first
233+
oc delete job rhdh-testbed-setup -n rhdh-testbed
234+
235+
# Run the teardown job
236+
oc apply -f deploy/teardown-job.yaml
237+
238+
# Option: Watch teardown progress
239+
oc logs -f job/rhdh-testbed-teardown -n rhdh-testbed
240+
```
241+
242+
### Building Your Own Image
243+
244+
If you want to customize the scripts or use your own container registry:
245+
246+
**Step 1.** Build the image:
247+
248+
`docker build -t your-registry/rhdh-testbed:latest .`
249+
250+
**Step 2.** Push to your registry:
251+
252+
`docker push your-registry/rhdh-testbed:latest`
253+
254+
**Step 3.** Update the job manifests to user your image:
255+
256+
```yaml
257+
# Edit deploy/job.yaml and deploy/teardown-job.yaml
258+
# Change the image reference:
259+
# image: ghcr.io/pataknight/rhdh-testbed:latest
260+
# To:
261+
# image: your-registry/rhdh-testbed:latest
262+
```
263+
264+
Alternatively, use kustomize to override the image:
265+
266+
```bash
267+
cd deploy
268+
kustomize edit set image ghcr.io/pataknight/rhdh-testbed:latest=your-registry/rhdh-testbed:v1.0.0
269+
oc apply -k .
270+
```
271+
272+
### Building the Image In-Cluster (Optional)
273+
274+
If you prefer to build the image directly in OpenShift instead of using the pre-built image from ghcr.io:
275+
276+
**Step 1.** Create the namespace and apply the BuildConfig:
277+
278+
```bash
279+
oc new-project rhdh-testbed
280+
oc apply -f deploy/build-config.yaml
281+
```
282+
283+
**Step 2.** Start the build and wait for completion:
284+
285+
`oc start-build rhdh-testbed -n rhdh-testbed --follow`
286+
287+
**Step 3.** Apply the remaining resources and use the internal registry job:
288+
289+
```bash
290+
oc apply -k deploy/
291+
oc apply -f deploy/job-internal-registry.yaml
292+
```
293+
294+
### Teardown
295+
296+
To clean up the RHDH deployment
297+
298+
```bash
299+
# Delete the setup job first
300+
oc delete job rhdh-testbed-setup -n rhdh-testbed
301+
302+
# Run the teardown job
303+
oc apply -f deploy/teardown-job-internal-registry.yaml
304+
305+
# Option: Watch teardown progress
306+
oc logs -f job/rhdh-testbed-teardown -n rhdh-testbed
307+
```
308+
309+
\*\*Benefits of building in-cluster:
310+
311+
- No external registry access required
312+
- Full visibility into build process and logs
313+
- Easy to customize by forking the repo and updating the BuildConfig git URL
314+
- Image stays within your cluster's trust boundary
315+
316+
**To use you own fork:**
317+
318+
Edit `deploy/buildconfig.yaml` and change the git URI:
319+
320+
```yaml
321+
spec:
322+
source:
323+
git:
324+
uri: https://github.com/YOUR-USERNAME/rhdh-testbed.git
325+
ref: main # or your branch
326+
```
327+
328+
### Security Considerations
329+
330+
The Kubernetes Job requires elevated permissions to:
331+
332+
- Create namespaces and projects
333+
- Install Operators via OLM
334+
- Create ClusterRoles and ClusterRoleBindings
335+
- Deploy various workloads and CRDs
336+
337+
**This tool is designed for disposable, non-production clusters.** The included ClusterRole grants broad permissions necessary for the automation. Always review `deploy/cluster-role.yaml` before applying.
338+
The Job uses a dedicated ServiceAccount (`rhdh-testbed-runner`) that is scoped to only what's necessary for the deployment automation.
339+
146340
## Next Steps
147341

148342
So, you now have a running RHDH (Red Hat Developer Hub) instance, great! But this base setup is just the foundation. To transform it into a useful demo or testing environment, here are some next steps to take:

0 commit comments

Comments
 (0)