Merge pull request DOME-Marketplace#29 from DOME-Marketplace/env_dev

Dev/Integration Environment Setup

.github/workflows/apply-applications-dev.yaml

@@ -0,0 +1,28 @@
+name: Deploy to the dev environment
+
+on:
+ push:
+ branches:
+ - 'main'
+
+jobs:
+
+ deploy:
+
+ runs-on: ubuntu-latest
+ steps:
+
+ - name: Git checkout
+ uses: actions/checkout@v1
+
+ - uses: tale/kubectl-action@v1
+ with:
+ base64-kube-config: ${{ secrets.KUBE_CONFIG_DEV }}
+
+ - name: Deploy dev applications
+ run: |
+ cd applications_dev
+ # apply all apps in the apps folder
+ find . -name '*.yaml' -exec kubectl apply -f {} \;
+ # label them for better filter machanism 
+ find . -name '*.yaml' -exec kubectl label deployed-by=fiware-gitops-ci --overwrite -f {} \;

.gitignore

@@ -0,0 +1,3 @@
+*-plain-secret.yaml
+webhook-tsl-sec.yaml
+accounts

README.md

@@ -240,6 +240,29 @@ In order to deploy a new application, follow the steps:
 4. Add your application to the [/applications](./applications/) folder.
 5. Create a PR and wait for it to be merged. The application will be automatically deployed afterwards.
 
+For a detailed guide on how to deploy a new application, you can refer to the [Integration Guide](./doc/INTEGRATION.md)
+
+### [CLUSTER ADMIN] Generate service account for teams
+
+To enable teams wishing to integrate their applications into DOME to create the necessary secrets and monitor application resources, they must be granted access to the cluster. To do this, a service account must be created for each team. The provided service account will have write permissions on secrets and sealed secrets, and read-only access to all other Kubernetes resources, limited to the application namespace. 
+
+To generate the service account and necessary roles, execute the following script:
+
+**Windows PowerShell**
+
+```shell
+.\scripts\GenerateAccount.ps1 -templatePath .\scripts\templates -outputPath .\accounts -namespace <namespace> -server <cluster server url>
+```
+
+**Shell**
+
+```shell
+# chmod +x ./scripts/GenerateAccount.sh
+./scripts/GenerateAccount.sh ./scripts/templates ./accounts <namespace> <server url>
+```
+
+Once executed, the script will create the resources defined in [scripts/templates](./scripts/templates) on the cluster. Additionally, the manifest files of the created resources will be available in the directory ```accounts/<namespace>```. Specifically, the file at ```accounts/<namespace>/config/kube-config.yaml``` will contain the Kubernetes configuration which must be provided to the team to allow them to connect to the cluster.
+
 ## Blue-Green Deployments
 
 In order to reduce the resource-usage and the number of deployments to maintain, the cluster supports [Blue-Green Deployments](https://www.redhat.com/en/topics/devops/what-is-blue-green-deployment).

applications_dev/argocd.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: argocd
+ namespace: argocd
+ labels:
+ purpose: infra
+spec:
+ destination:
+ namespace: argocd
+ server: https://kubernetes.default.svc
+ project: default
+ source:
+ path: ionos_dev/argocd
+ repoURL: https://github.com/DOME-Marketplace/dome-gitops
+ targetRevision: HEAD
+ syncPolicy:
+ automated:
+ prune: true
+ selfHeal: true

applications_dev/cert-manager.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: cert-manager
+ namespace: argocd 
+ labels:
+ purpose: infra
+spec:
+ destination:
+ namespace: cert-manager
+ server: https://kubernetes.default.svc
+ project: default
+ source:
+ path: ionos_dev/cert-manager
+ repoURL: https://github.com/DOME-Marketplace/dome-gitops
+ targetRevision: HEAD
+ syncPolicy:
+ automated:
+ prune: true
+ selfHeal: true

applications_dev/dome-trust.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: dome-trust
+ namespace: argocd
+ labels:
+ purpose: trust-anchor
+spec:
+ destination:
+ namespace: dome-trust
+ server: https://kubernetes.default.svc
+ project: default
+ source:
+ path: applications_dev/dome-trust
+ repoURL: https://github.com/DOME-Marketplace/dome-gitops
+ targetRevision: HEAD
+ syncPolicy:
+ automated:
+ prune: true
+ selfHeal: true

applications_dev/dome-trust/credentials-config-service-trust.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: credentials-config-service-trust
+ namespace: argocd
+ labels:
+ purpose: trust-anchor
+spec:
+ destination:
+ namespace: dome-trust
+ server: https://kubernetes.default.svc
+ project: default
+ source:
+ path: ionos_dev/dome-trust/credentials-config-service
+ repoURL: https://github.com/DOME-Marketplace/dome-gitops
+ targetRevision: HEAD
+ syncPolicy:
+ automated:
+ prune: true
+ selfHeal: true

applications_dev/dome-trust/keyrock-trust.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: keyrock-trust
+ namespace: argocd
+ labels:
+ purpose: trust-anchor
+spec:
+ destination:
+ namespace: dome-trust
+ server: https://kubernetes.default.svc
+ project: default
+ source:
+ path: ionos_dev/dome-trust/keyrock
+ repoURL: https://github.com/DOME-Marketplace/dome-gitops
+ targetRevision: HEAD
+ syncPolicy:
+ automated:
+ prune: true
+ selfHeal: true

applications_dev/dome-trust/kong-trust.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: kong-trust
+ namespace: argocd
+ labels:
+ purpose: trust-anchor
+spec:
+ destination:
+ namespace: dome-trust
+ server: https://kubernetes.default.svc
+ project: default
+ source:
+ path: ionos_dev/dome-trust/kong
+ repoURL: https://github.com/DOME-Marketplace/dome-gitops
+ targetRevision: HEAD
+ syncPolicy:
+ automated:
+ prune: true
+ selfHeal: true

applications_dev/dome-trust/mongodb-trust.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: mongodb-trust
+ namespace: argocd
+ labels:
+ purpose: trust-anchor
+spec:
+ destination:
+ namespace: dome-trust
+ server: https://kubernetes.default.svc
+ project: default
+ source:
+ path: ionos_dev/dome-trust/mongodb
+ repoURL: https://github.com/DOME-Marketplace/dome-gitops
+ targetRevision: HEAD
+ syncPolicy:
+ automated:
+ prune: true
+ selfHeal: true

applications_dev/dome-trust/mysql-trust.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: mysql-trust
+ namespace: argocd
+ labels:
+ purpose: trust-anchor
+spec:
+ destination:
+ namespace: dome-trust
+ server: https://kubernetes.default.svc
+ project: default
+ source:
+ path: ionos_dev/dome-trust/mysql
+ repoURL: https://github.com/DOME-Marketplace/dome-gitops
+ targetRevision: HEAD
+ syncPolicy:
+ automated:
+ prune: true
+ selfHeal: true

applications_dev/dome-trust/orion-ld-trust.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: orion-ld-trust
+ namespace: argocd
+ labels:
+ purpose: trust-anchor
+spec:
+ destination:
+ namespace: dome-trust
+ server: https://kubernetes.default.svc
+ project: default
+ source:
+ path: ionos_dev/dome-trust/orion-ld
+ repoURL: https://github.com/DOME-Marketplace/dome-gitops
+ targetRevision: HEAD
+ syncPolicy:
+ automated:
+ prune: true
+ selfHeal: true

applications_dev/dome-trust/pdp-trust.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: pdp-trust
+ namespace: argocd
+ labels:
+ purpose: trust-anchor
+spec:
+ destination:
+ namespace: dome-trust
+ server: https://kubernetes.default.svc
+ project: default
+ source:
+ path: ionos_dev/dome-trust/pdp
+ repoURL: https://github.com/DOME-Marketplace/dome-gitops
+ targetRevision: HEAD
+ syncPolicy:
+ automated:
+ prune: true
+ selfHeal: true

applications_dev/dome-trust/portal-trust.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: portal-trust
+ namespace: argocd
+ labels:
+ purpose: trust-anchor
+spec:
+ destination:
+ namespace: dome-trust
+ server: https://kubernetes.default.svc
+ project: default
+ source:
+ path: ionos_dev/dome-trust/portal
+ repoURL: https://github.com/DOME-Marketplace/dome-gitops
+ targetRevision: HEAD
+ syncPolicy:
+ automated:
+ prune: true
+ selfHeal: true

applications_dev/dome-trust/trusted-issuers-list-trust.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: trusted-issuers-list-trust
+ namespace: argocd
+ labels:
+ purpose: trust-anchor
+spec:
+ destination:
+ namespace: dome-trust
+ server: https://kubernetes.default.svc
+ project: default
+ source:
+ path: ionos_dev/dome-trust/trusted-issuers-list
+ repoURL: https://github.com/DOME-Marketplace/dome-gitops
+ targetRevision: HEAD
+ syncPolicy:
+ automated:
+ prune: true
+ selfHeal: true

applications_dev/dome-trust/trusted-issuers-registry-trust.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: trusted-issuers-registry-trust
+ namespace: argocd
+ labels:
+ purpose: trust-anchor
+spec:
+ destination:
+ namespace: dome-trust
+ server: https://kubernetes.default.svc
+ project: default
+ source:
+ path: ionos_dev/dome-trust/trusted-issuers-registry
+ repoURL: https://github.com/DOME-Marketplace/dome-gitops
+ targetRevision: HEAD
+ syncPolicy:
+ automated:
+ prune: true
+ selfHeal: true

applications_dev/dome-trust/verifier-trust.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: verifier-trust
+ namespace: argocd
+ labels:
+ purpose: trust-anchor
+spec:
+ destination:
+ namespace: dome-trust
+ server: https://kubernetes.default.svc
+ project: default
+ source:
+ path: ionos_dev/dome-trust/verifier
+ repoURL: https://github.com/DOME-Marketplace/dome-gitops
+ targetRevision: HEAD
+ syncPolicy:
+ automated:
+ prune: true
+ selfHeal: true

applications_dev/dome-trust/waltid-trust.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: walt-id-trust
+ namespace: argocd
+ labels:
+ purpose: trust-anchor
+spec:
+ destination:
+ namespace: dome-trust
+ server: https://kubernetes.default.svc
+ project: default
+ source:
+ path: ionos_dev/dome-trust/vcwaltid
+ repoURL: https://github.com/DOME-Marketplace/dome-gitops
+ targetRevision: HEAD
+ syncPolicy:
+ automated:
+ prune: true
+ selfHeal: true