From 77f60f88820e508ad0619fce96b66f2748d4bcdd Mon Sep 17 00:00:00 2001 From: Joao Pereira Date: Fri, 14 Apr 2023 15:16:27 -0500 Subject: [PATCH 1/4] Add kbld asciinema Signed-off-by: Joao Pereira --- asciinema/.gitignore | 1 + asciinema/README.md | 10 +- asciinema/kapp-controller/README.md | 31 +++ .../packageinstall/packageinstall.yml | 0 .../packageinstall/rbac.yml | 0 .../packagerepository.yml | 0 asciinema/{ => kapp-controller}/scenario.sh | 0 asciinema/kbld/Readme.md | 30 +++ asciinema/kbld/orchestrate-build.yml | 32 +++ asciinema/kbld/scenario.sh | 39 ++++ asciinema/kbld/simple-app/.gitignore | 12 ++ asciinema/kbld/simple-app/Dockerfile | 9 + asciinema/kbld/simple-app/LICENSE | 201 ++++++++++++++++++ asciinema/kbld/simple-app/README.md | 3 + asciinema/kbld/simple-app/app.go | 28 +++ asciinema/kbld/simple-app/go.mod | 3 + asciinema/kbld/tag-resolution.yml | 16 ++ asciinema/record.sh | 19 +- 18 files changed, 426 insertions(+), 8 deletions(-) create mode 100644 asciinema/.gitignore create mode 100644 asciinema/kapp-controller/README.md rename asciinema/{ => kapp-controller}/packageinstall/packageinstall.yml (100%) rename asciinema/{ => kapp-controller}/packageinstall/rbac.yml (100%) rename asciinema/{ => kapp-controller}/packagerepository.yml (100%) rename asciinema/{ => kapp-controller}/scenario.sh (100%) create mode 100644 asciinema/kbld/Readme.md create mode 100644 asciinema/kbld/orchestrate-build.yml create mode 100755 asciinema/kbld/scenario.sh create mode 100644 asciinema/kbld/simple-app/.gitignore create mode 100644 asciinema/kbld/simple-app/Dockerfile create mode 100644 asciinema/kbld/simple-app/LICENSE create mode 100644 asciinema/kbld/simple-app/README.md create mode 100644 asciinema/kbld/simple-app/app.go create mode 100644 asciinema/kbld/simple-app/go.mod create mode 100644 asciinema/kbld/tag-resolution.yml mode change 100644 => 100755 asciinema/record.sh diff --git a/asciinema/.gitignore b/asciinema/.gitignore new file mode 100644 index 000000000..b472c2197 --- /dev/null +++ b/asciinema/.gitignore @@ -0,0 +1 @@ +demo.cast diff --git a/asciinema/README.md b/asciinema/README.md index 0f47e391b..39b8079c3 100644 --- a/asciinema/README.md +++ b/asciinema/README.md @@ -1,16 +1,14 @@ # asciinema demos This folder contains assets that are used to maintain asciinema demos for Carvel tools. -Currently, there is only one [demo for kapp-controller](https://asciinema.org/a/hhZwxyDcXEGiPD9RDHTb3e9QL). - -The demo is all captured in a script called scenario.sh. In order to record an update to -this video, you will need the following: +Uploaded demos to asciinema: +- [demo for kapp-controller](https://asciinema.org/a/hhZwxyDcXEGiPD9RDHTb3e9QL). * Install asciinema: https://asciinema.org/docs/installation * Create an asciinema account: https://asciinema.org/login/new * Install pv: https://linux.die.net/man/1/pv -* Access to a Kubernetes cluster with kapp-controller installed: https://carvel.dev/kapp-controller/docs/latest/install/ -* kapp should be installed: https://carvel.dev/#whole-suite + + To record a new video, run the following script: diff --git a/asciinema/kapp-controller/README.md b/asciinema/kapp-controller/README.md new file mode 100644 index 000000000..708263cba --- /dev/null +++ b/asciinema/kapp-controller/README.md @@ -0,0 +1,31 @@ +# kapp-controller asciinema demo + +Uploaded [demo for kapp-controller](https://asciinema.org/a/hhZwxyDcXEGiPD9RDHTb3e9QL). + +The demo is all captured in a script called scenario.sh. In order to record an update to +this video, you will need the following: + +* Install asciinema: https://asciinema.org/docs/installation +* Create an asciinema account: https://asciinema.org/login/new +* Install pv: https://linux.die.net/man/1/pv +* Access to a Kubernetes cluster with kapp-controller installed: https://carvel.dev/kapp-controller/docs/latest/install/ +* kapp should be installed: https://carvel.dev/#whole-suite + +To record a new video, run the following script: + +``` +./record.sh +``` + +The result of this will be a `.cast` file named `demo.cast`. + +This can be uploaded to the asciinema website so others can view it by doing the following: + +``` +# Authenticate to your asciinema account +asciinmea auth +#Upload the .cast file +asciinema upload demo.cast +``` + +After the video is uploaded, you should receive a url to the demo from scenario.sh that you can share. diff --git a/asciinema/packageinstall/packageinstall.yml b/asciinema/kapp-controller/packageinstall/packageinstall.yml similarity index 100% rename from asciinema/packageinstall/packageinstall.yml rename to asciinema/kapp-controller/packageinstall/packageinstall.yml diff --git a/asciinema/packageinstall/rbac.yml b/asciinema/kapp-controller/packageinstall/rbac.yml similarity index 100% rename from asciinema/packageinstall/rbac.yml rename to asciinema/kapp-controller/packageinstall/rbac.yml diff --git a/asciinema/packagerepository.yml b/asciinema/kapp-controller/packagerepository.yml similarity index 100% rename from asciinema/packagerepository.yml rename to asciinema/kapp-controller/packagerepository.yml diff --git a/asciinema/scenario.sh b/asciinema/kapp-controller/scenario.sh similarity index 100% rename from asciinema/scenario.sh rename to asciinema/kapp-controller/scenario.sh diff --git a/asciinema/kbld/Readme.md b/asciinema/kbld/Readme.md new file mode 100644 index 000000000..e333db940 --- /dev/null +++ b/asciinema/kbld/Readme.md @@ -0,0 +1,30 @@ +# kbld asciinema demo + + +The demo is all captured in a script called scenario.sh. In order to record an update to +this video, you will need the following: + +* Install asciinema: https://asciinema.org/docs/installation +* Create an asciinema account: https://asciinema.org/login/new +* Install pv: https://linux.die.net/man/1/pv +* kbld should be installed: https://carvel.dev/#whole-suite +* pack should be installed: https://buildpacks.io/docs/tools/pack/ + +To record a new video, run the following script: + +``` +./record.sh +``` + +The result of this will be a `.cast` file named `demo.cast`. + +This can be uploaded to the asciinema website so others can view it by doing the following: + +``` +# Authenticate to your asciinema account +asciinmea auth +#Upload the .cast file +asciinema upload demo.cast +``` + +After the video is uploaded, you should receive a url to the demo from scenario.sh that you can share. diff --git a/asciinema/kbld/orchestrate-build.yml b/asciinema/kbld/orchestrate-build.yml new file mode 100644 index 000000000..71b4a1f05 --- /dev/null +++ b/asciinema/kbld/orchestrate-build.yml @@ -0,0 +1,32 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kbld-simple-app-build-local +spec: + selector: + matchLabels: + app: kbld-simple-app-build-local + template: + metadata: + labels: + app: kbld-simple-app-build-local + spec: + containers: + - name: my-app-docker + image: simple-app-with-docker + - name: my-app-pack + image: simple-app-with-pack +--- +apiVersion: kbld.k14s.io/v1alpha1 +kind: Config +sources: +- image: simple-app-with-docker + path: simple-app + docker: + pull: true + noCache: true +- image: simple-app-with-pack + path: simple-app + pack: + build: + builder: paketobuildpacks/builder:base diff --git a/asciinema/kbld/scenario.sh b/asciinema/kbld/scenario.sh new file mode 100755 index 000000000..28a5a4712 --- /dev/null +++ b/asciinema/kbld/scenario.sh @@ -0,0 +1,39 @@ +clear + +echo "kbld has 2 main features" | pv -qL 12 +echo " 1 - resolves tags to SHAs of all images present in the input yaml" | pv -qL 12 +echo " 2 - orchestrates the build of images and updates the input yaml accordingly" | pv -qL 12 + +echo "# Example of resolution of tags given the follow yaml" | pv -qL 12 +echo "cat tag-resolution.yml" | pv -qL 12 +cat tag-resolution.yml +echo '' +echo '' +sleep 2 +echo "kbld will resolve nginx image to the correct SHA" | pv -qL 12 +echo "kbld -f tag-resolution.yml" | pv -qL 12 +kbld -f tag-resolution.yml +echo '' +echo '' +sleep 2 + +echo "In the output you can see that nginx was replaced by the full reference of the nginx image." | pv -qL 12 +echo "This is very important to make sure we know what is the image that is being used in our pods" | pv -qL 12 + +echo "# Example of building images using the following yaml" | pv -qL 12 +echo "cat orchestrate-build.yml" | pv -qL 12 +cat orchestrate-build.yml +echo '' +echo '' +sleep 2 + +echo "kbld will build the image called simple-app-with-docker with docker buildx" | pv -qL 12 +echo "and will build the image called simple-app-with-pack with pack \(buildpacks.io\)" | pv -qL 12 + +echo "kbld -f orchestrate-build.yml" | pv -qL 12 +kbld -f orchestrate-build.yml +echo '' +echo '' + +echo "kbld supports building using bazel, docker buildx, ko, buildkit CLI for kubectl and pack" | pv -qL 12 +sleep 5 \ No newline at end of file diff --git a/asciinema/kbld/simple-app/.gitignore b/asciinema/kbld/simple-app/.gitignore new file mode 100644 index 000000000..f1c181ec9 --- /dev/null +++ b/asciinema/kbld/simple-app/.gitignore @@ -0,0 +1,12 @@ +# Binaries for programs and plugins +*.exe +*.exe~ +*.dll +*.so +*.dylib + +# Test binary, build with `go test -c` +*.test + +# Output of the go coverage tool, specifically when used with LiteIDE +*.out diff --git a/asciinema/kbld/simple-app/Dockerfile b/asciinema/kbld/simple-app/Dockerfile new file mode 100644 index 000000000..636372326 --- /dev/null +++ b/asciinema/kbld/simple-app/Dockerfile @@ -0,0 +1,9 @@ +FROM golang:1.10.1 AS build-env +WORKDIR /go/src/github.com/mchmarny/simple-app/ +COPY . . +RUN CGO_ENABLED=0 GOOS=linux go build -v -o app + +FROM scratch +COPY --from=build-env /go/src/github.com/mchmarny/simple-app/app . +EXPOSE 8080 +ENTRYPOINT ["/app"] diff --git a/asciinema/kbld/simple-app/LICENSE b/asciinema/kbld/simple-app/LICENSE new file mode 100644 index 000000000..261eeb9e9 --- /dev/null +++ b/asciinema/kbld/simple-app/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/asciinema/kbld/simple-app/README.md b/asciinema/kbld/simple-app/README.md new file mode 100644 index 000000000..f7b2a350e --- /dev/null +++ b/asciinema/kbld/simple-app/README.md @@ -0,0 +1,3 @@ +# simple-app +One always need a simple app +Cloned from https://github.com/cppforlife/simple-app diff --git a/asciinema/kbld/simple-app/app.go b/asciinema/kbld/simple-app/app.go new file mode 100644 index 000000000..03c0cf1c9 --- /dev/null +++ b/asciinema/kbld/simple-app/app.go @@ -0,0 +1,28 @@ +// Copyright 2020 VMware, Inc. +// SPDX-License-Identifier: Apache-2.0 + +package main + +import ( + "flag" + "fmt" + "log" + "net/http" + "os" +) + +func handler(w http.ResponseWriter, r *http.Request) { + log.Print("Simple app runningzzz...") + msg := os.Getenv("SIMPLE_MSG") + if msg == "" { + msg = ":( SIMPLE_MSG variable not defined" + } + fmt.Fprintf(w, "

%s

", msg) +} + +func main() { + flag.Parse() + log.Print("Simple app server started...") + http.HandleFunc("/", handler) + http.ListenAndServe(":8080", nil) +} diff --git a/asciinema/kbld/simple-app/go.mod b/asciinema/kbld/simple-app/go.mod new file mode 100644 index 000000000..7269dde37 --- /dev/null +++ b/asciinema/kbld/simple-app/go.mod @@ -0,0 +1,3 @@ +module simple-app + +go 1.19 diff --git a/asciinema/kbld/tag-resolution.yml b/asciinema/kbld/tag-resolution.yml new file mode 100644 index 000000000..f54aef80f --- /dev/null +++ b/asciinema/kbld/tag-resolution.yml @@ -0,0 +1,16 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kbld-nginx +spec: + selector: + matchLabels: + app: kbld-nginx + template: + metadata: + labels: + app: kbld-nginx + spec: + containers: + - name: my-app + image: nginx diff --git a/asciinema/record.sh b/asciinema/record.sh old mode 100644 new mode 100755 index 20d4e849e..49a042b87 --- a/asciinema/record.sh +++ b/asciinema/record.sh @@ -1,2 +1,17 @@ -rm -f demo.cast -asciinema rec demo.cast -c "./scenario.sh" +echo "Going to start recording all demos" + +#echo "kapp-controller demo" +#./kapp-controller/record.sh +# +#echo "kbld demo" +#./kbld/record.sh + +array=( kapp-controller kbld ) +for i in "${array[@]}" +do + echo "$i demo" + pushd "$i" || exit + rm -f demo.cast + asciinema rec demo.cast -c "./scenario.sh" + popd || exit +done From 076f3d57f384f2005e1e763f74d64f83445ee834 Mon Sep 17 00:00:00 2001 From: Joao Pereira Date: Fri, 14 Apr 2023 16:43:24 -0500 Subject: [PATCH 2/4] Add secretgen asciinema Signed-off-by: Joao Pereira --- .DS_Store | Bin 6148 -> 0 bytes asciinema/.gitignore | 1 + asciinema/README.md | 20 +++- asciinema/kapp-controller/rollback.sh | 2 + asciinema/record.sh | 14 +-- asciinema/secretgen-controller/README.md | 30 ++++++ .../secretgen-controller/export-secrets.yml | 35 +++++++ .../secretgen-controller/generate-secrets.yml | 11 +++ asciinema/secretgen-controller/rollback.sh | 4 + asciinema/secretgen-controller/scenario.sh | 92 ++++++++++++++++++ 10 files changed, 200 insertions(+), 9 deletions(-) delete mode 100644 .DS_Store create mode 100755 asciinema/kapp-controller/rollback.sh create mode 100644 asciinema/secretgen-controller/README.md create mode 100644 asciinema/secretgen-controller/export-secrets.yml create mode 100644 asciinema/secretgen-controller/generate-secrets.yml create mode 100755 asciinema/secretgen-controller/rollback.sh create mode 100755 asciinema/secretgen-controller/scenario.sh diff --git a/.DS_Store b/.DS_Store deleted file mode 100644 index db52623151d660ff90ccb95ec1d75775e97c8e7a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6148 zcmeHK%}T>S5Z<-XrW7Fug&r5Y7Ob{Z#7l_v1&ruHr6we3FlI}WnnNk%tS{t~_&m<+ zZp31}ir5+0{pNQ!`$6`HF~+@FbikOy7_*@va#U6bx>traOfn+JF~TyRgsBX{elxMZ z4*2aB%UQw-7JvQzaFQl@(d)hQjfSww*|TVtm)pAY)Ot{5Ek7hN$wKJ0-$ z94r?K4tPn6Uu>aCEEsTcm?HiJ 0 )) ; then + array=( "$@" ) +else + array=( kapp-controller kbld secretgen-controller) +fi -array=( kapp-controller kbld ) for i in "${array[@]}" do echo "$i demo" pushd "$i" || exit rm -f demo.cast asciinema rec demo.cast -c "./scenario.sh" + if [[ -f "rollback.sh" ]]; then + ./rollback.sh + fi popd || exit done diff --git a/asciinema/secretgen-controller/README.md b/asciinema/secretgen-controller/README.md new file mode 100644 index 000000000..2324b0e67 --- /dev/null +++ b/asciinema/secretgen-controller/README.md @@ -0,0 +1,30 @@ +# secretgen-controller asciinema demo + +The demo is all captured in a script called scenario.sh. In order to record an update to +this video, you will need the following: + +* Install asciinema: https://asciinema.org/docs/installation +* Create an asciinema account: https://asciinema.org/login/new +* Install pv: https://linux.die.net/man/1/pv +* kapp should be installed: https://carvel.dev/#whole-suite +* Access to a Kubernetes cluster with secretgen-controller installed using + `kapp deploy -a sg -f https://github.com/carvel-dev/secretgen-controller/releases/latest/download/release.yml -c -y` + +To record a new video, run the following script: + +``` +./record.sh +``` + +The result of this will be a `.cast` file named `demo.cast`. + +This can be uploaded to the asciinema website so others can view it by doing the following: + +``` +# Authenticate to your asciinema account +asciinmea auth +#Upload the .cast file +asciinema upload demo.cast +``` + +After the video is uploaded, you should receive a url to the demo from scenario.sh that you can share. diff --git a/asciinema/secretgen-controller/export-secrets.yml b/asciinema/secretgen-controller/export-secrets.yml new file mode 100644 index 000000000..88531a690 --- /dev/null +++ b/asciinema/secretgen-controller/export-secrets.yml @@ -0,0 +1,35 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: user1 +--- +apiVersion: v1 +kind: Namespace +metadata: + name: user2 +--- +apiVersion: v1 +kind: Namespace +metadata: + name: user3 + +#! export registry creds to all namespaces +--- +apiVersion: secretgen.carvel.dev/v1alpha1 +kind: SecretExport +metadata: + name: registry1-creds + namespace: user1 +spec: + toNamespaces: + - user2 + - user3 +--- +apiVersion: v1 +kind: Secret +metadata: + name: registry1-creds + namespace: user1 +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: eyJhdXRocyI6eyJyZWdpc3RyeTEiOnsiYXV0aCI6ImRYTmxjakU2Y0dGemN6RT0iLCJwYXNzd29yZCI6InBhc3MxIiwidXNlcm5hbWUiOiJ1c2VyMSJ9fX0= diff --git a/asciinema/secretgen-controller/generate-secrets.yml b/asciinema/secretgen-controller/generate-secrets.yml new file mode 100644 index 000000000..a5a1f0296 --- /dev/null +++ b/asciinema/secretgen-controller/generate-secrets.yml @@ -0,0 +1,11 @@ +--- +apiVersion: secretgen.k14s.io/v1alpha1 +kind: Password +metadata: + name: complex-password +spec: + length: 27 + digits: 2 + uppercaseLetters: 4 + lowercaseLetters: 10 + symbols: 3 diff --git a/asciinema/secretgen-controller/rollback.sh b/asciinema/secretgen-controller/rollback.sh new file mode 100755 index 000000000..f7a79ab0a --- /dev/null +++ b/asciinema/secretgen-controller/rollback.sh @@ -0,0 +1,4 @@ +kapp delete -a copy-secrets -y +kapp delete -a import-secret -y +kapp delete -a secret -y +kapp delete -a secret-as-pull-secret -y diff --git a/asciinema/secretgen-controller/scenario.sh b/asciinema/secretgen-controller/scenario.sh new file mode 100755 index 000000000..583a60135 --- /dev/null +++ b/asciinema/secretgen-controller/scenario.sh @@ -0,0 +1,92 @@ +clear +echo "# secretgen-controller enables the user to specify what secrets need to be on cluster (generated or not)." | pv -qL 12 +echo " - supports generating certificates, passwords, RSA keys and SSH keys" | pv -qL 12 +echo " - supports exporting and importing secrets across namespaces" | pv -qL 12 +echo " - exporting/importing registry secrets across namespaces" | pv -qL 12 +echo " - supports generating secrets from data residing in other Kubernetes resources" | pv -qL 12 +sleep 5 +clear +echo "How to create a complex secret" | pv -qL 12 + +echo "Using the following YAML" | pv -qL 12 +cat generate-secrets.yml + +echo '' +echo "Apply it to the cluster using: kapp deploy -a secret -f generate-secrets.yml" | pv -qL 12 +kapp deploy -a secret -f generate-secrets.yml -y + +echo "The secret complex-password is created" | pv -qL 12 +kubectl get secret complex-password -oyaml + +sleep 5 + +clear + +echo "How to copy a secret between namespaces" | pv -qL 12 +echo "cat secret-to-export.yml" | pv -qL 12 +echo "--- +apiVersion: secretgen.carvel.dev/v1alpha1 +kind: SecretExport +metadata: + name: registry1-creds + namespace: user1 +spec: + toNamespaces: + - user2 + - user3 +" +sleep 2 +echo "kapp deploy -a copy-secrets -f export-secrets.yml -y" | pv -qL 12 +kapp deploy -a copy-secrets -f export-secrets.yml -y + +echo '' +echo "We can import the secret to another namespace" | pv -qL 12 +pullSecret=$(echo "--- +apiVersion: secretgen.carvel.dev/v1alpha1 +kind: SecretImport +metadata: + name: registry1-creds + namespace: user3 +spec: + fromNamespace: user1 +") + +echo "cat import-secret.yml +$pullSecret" +sleep 2 + +echo "kapp deploy -a import-secrets -f import-secrets.yml -y" | pv -qL 12 +echo "$pullSecret"| kapp deploy -a import-secret -f- -y + +sleep 5 +echo "kubectl get secret -n user3 registry1-creds -oyaml" +kubectl get secret -n user3 registry1-creds -oyaml +sleep 5 + +clear + +echo '' +echo "We can import the secret as a pull-secret" | pv -qL 12 +pullSecret=$(echo "--- +apiVersion: v1 +kind: Secret +metadata: + name: default-registry-creds + namespace: user2 + annotations: + secretgen.carvel.dev/image-pull-secret: \"\" +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: \"e30K\"") + +echo "cat pull-secret.yml +$pullSecret" +sleep 2 + +echo "kapp deploy -a copy-secrets -f export-secrets.yml -y" | pv -qL 12 +echo "$pullSecret"| kapp deploy -a secret-as-pull-secret -f- -y + +sleep 5 +echo "kubectl get secret -n user2 default-registry-creds -oyaml" | pv -qL 12 +kubectl get secret -n user2 default-registry-creds -oyaml +sleep 5 From 62309076a46a93420810d2fc26565a6498eaaae1 Mon Sep 17 00:00:00 2001 From: Joao Pereira Date: Fri, 14 Apr 2023 17:03:51 -0500 Subject: [PATCH 3/4] Remove output from kapp commands Signed-off-by: Joao Pereira --- asciinema/secretgen-controller/scenario.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/asciinema/secretgen-controller/scenario.sh b/asciinema/secretgen-controller/scenario.sh index 583a60135..cf3ec8235 100755 --- a/asciinema/secretgen-controller/scenario.sh +++ b/asciinema/secretgen-controller/scenario.sh @@ -13,7 +13,7 @@ cat generate-secrets.yml echo '' echo "Apply it to the cluster using: kapp deploy -a secret -f generate-secrets.yml" | pv -qL 12 -kapp deploy -a secret -f generate-secrets.yml -y +kapp deploy -a secret -f generate-secrets.yml -y | cat > /dev/null echo "The secret complex-password is created" | pv -qL 12 kubectl get secret complex-password -oyaml @@ -37,7 +37,7 @@ spec: " sleep 2 echo "kapp deploy -a copy-secrets -f export-secrets.yml -y" | pv -qL 12 -kapp deploy -a copy-secrets -f export-secrets.yml -y +kapp deploy -a copy-secrets -f export-secrets.yml -y | cat > /dev/null echo '' echo "We can import the secret to another namespace" | pv -qL 12 @@ -56,10 +56,10 @@ $pullSecret" sleep 2 echo "kapp deploy -a import-secrets -f import-secrets.yml -y" | pv -qL 12 -echo "$pullSecret"| kapp deploy -a import-secret -f- -y +echo "$pullSecret"| kapp deploy -a import-secret -f- -y | cat > /dev/null sleep 5 -echo "kubectl get secret -n user3 registry1-creds -oyaml" +echo "kubectl get secret -n user3 registry1-creds -oyaml" | pv -qL 12 kubectl get secret -n user3 registry1-creds -oyaml sleep 5 @@ -84,7 +84,7 @@ $pullSecret" sleep 2 echo "kapp deploy -a copy-secrets -f export-secrets.yml -y" | pv -qL 12 -echo "$pullSecret"| kapp deploy -a secret-as-pull-secret -f- -y +echo "$pullSecret"| kapp deploy -a secret-as-pull-secret -f- -y | cat > /dev/null sleep 5 echo "kubectl get secret -n user2 default-registry-creds -oyaml" | pv -qL 12 From 4ee9415704b37399ac5983baedc9239b453915b3 Mon Sep 17 00:00:00 2001 From: Joao Pereira Date: Tue, 18 Apr 2023 09:51:50 -0500 Subject: [PATCH 4/4] Add .DS_Store to gitignore file Signed-off-by: Joao Pereira --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 485dee64b..090a1f02d 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ .idea +.DS_Store