tested and verified version on CRC

2021-12-23 12:18:44 +01:00 · 2021-12-23 12:18:44 +01:00 · 4018212304
commit 4018212304
parent 833e09fced
2 changed files with 54 additions and 17 deletions
--- a/platformQuickStarts/helm/Readme.md
+++ b/platformQuickStarts/helm/Readme.md
@ -1,21 +1,43 @@
-# Helm chart deployment on K8s clusters
+# Helm chart deployment on OpenShift K8S clusters

-## install on local Docker Desktop with Kubernetes
+This helm chart can be used on a OpenShift Code Ready Container environment or an OpenShift Cloud Container environment.

-### ClusterIP
+With the OpenShift CRC (Code Ready Container) cluster you run an entire environment on your local machine. (> 4 vCPU, >8GB mem)

-    helm install "mytest" ./webgoat
-    helm install "mytest" --debug ./webgoat 
-    export POD_NAME=$(kubectl get pods --namespace default -l "app.kubernetes.io/name=webgoat,app.kubernetes.io/instance=mytest" -o jsonpath="{.items[0].metadata.name}")
-    export CONTAINER_PORT=$(kubectl get pod --namespace default $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
-    echo $CONTAINER_PORT
-    kubectl --namespace default port-forward $POD_NAME 8080:$CONTAINER_PORT
-    echo $POD_NAME
+See the Red Hat documentation for general understanding of OpenShift. Make sure helm is installed as well.
+## CRC commands

-### uninstall 
+    crc config set cpus 6
+    crc config set memory 12288
+    crc setup
+    crc start
+    eval $(crc oc-env)
+    oc login -u developer https://api.crc.testing:6443
+    oc new-project demo-project

-    helm uninstall "mytest"
+The example without modification uses *demo-project* as the project/namespace for installing WebGoat and WebWolf.

-## install NodePort

-    helm install "mytest" --debug ./webgoat --set service.type=NodePort
+## Helm install this example on your local Code Ready Container environment
+
+    helm install goat1 ./webgoat
+
+## uninstall 
+
+    helm uninstall goat1
+
+The URL on a Code Ready Container is build from router name + namespace + default extension .apps-crc.testing:
+
+ [https://webgoat-1-goat-demo-project.apps-crc.testing/WebGoat](https://webgoat-1-goat-demo-project.apps-crc.testing/WebGoat)
+ [http://webwolf-1-wolf-demo-project.apps-crc.testing/WebWolf](http://webwolf-1-wolf-demo-project.apps-crc.testing/WebWolf)
+
+## Explanation
+
+deployment.yaml contains two K8S deployment elements. Both use the same Persistent Volume Claim and use the same Volume mapping. 
+They both use the same image but with other entrypoint and command arguments. The java.io.dir is also mapped to this persistent volume mapping. The number of pods is 1 for both WebGoat and WebWolf. WebGoat uses the WEBWOLF_HOST parameter to know where the external address of WebWolf is defined. WebWolf uses WEBGOAT_HOST to define the internal service address to WebGoat for connecting to the HSQL database
+
+persistent-storage-claim.yaml contains the OpenShift K8S extension for requestig a volume with Read-Write access that will survive any pod replacements.
+
+service.yaml defines the service ports for both WebGoat and WebWolf
+
+route-goat defines an https endpoint toward the 8080 port. route-wolf defines an http port towards the 9090 port.
--- a/platformQuickStarts/helm/webgoat/templates/deployment.yaml
+++ b/platformQuickStarts/helm/webgoat/templates/deployment.yaml
@ -47,8 +47,19 @@ spec:
          image: {{ .Values.webgoat_server.image }}
          command:
            - 'java'
-          args: ["-Duser.home=/home/webgoat","-Dfile.encoding=UTF-8","-jar","/home/webgoat/webgoat.jar","--server.address=0.0.0.0"]
-          #  - '--add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.base/java.util=ALL-UNNAMED --add-opens java.base/java.lang.reflect=ALL-UNNAMED --add-opens java.base/java.text=ALL-UNNAMED --add-opens java.desktop/java.beans=ALL-UNNAMED --add-opens java.desktop/java.awt.font=ALL-UNNAMED --add-opens java.base/sun.nio.ch=ALL-UNNAMED --add-opens java.base/java.io=ALL-UNNAMED -Duser.home=/home/webgoat -Dfile.encoding=UTF-8 -jar /home/webgoat/webgoat.jar --server.address=0.0.0.0'
+          args: ["-Duser.home=/home/webgoat",
+                 "--add-opens","java.base/java.lang=ALL-UNNAMED",
+                 "--add-opens","java.base/java.util=ALL-UNNAMED",
+                 "--add-opens","java.base/java.lang.reflect=ALL-UNNAMED",
+                 "--add-opens","java.base/java.text=ALL-UNNAMED",
+                 "--add-opens","java.desktop/java.beans=ALL-UNNAMED",
+                 "--add-opens","java.desktop/java.awt.font=ALL-UNNAMED",
+                 "--add-opens","java.base/sun.nio.ch=ALL-UNNAMED",
+                 "--add-opens","java.base/java.io=ALL-UNNAMED",
+                 "-Djava.io.tmpdir=/home/webgoat/.webgoat-8.2.3-SNAPSHOT",
+                 "-Dfile.encoding=UTF-8",
+                 "-jar","/home/webgoat/webgoat.jar",
+                 "--server.address=0.0.0.0"]
          imagePullPolicy: Always
          volumeMounts:
            - name: webgoat-volume-1
@ -121,7 +132,11 @@ spec:
          image: {{ .Values.webwolf_server.image }}
          command:
            - 'java'
-          args: ["-Duser.home=/home/webgoat","-Dfile.encoding=UTF-8","-jar","/home/webgoat/webwolf.jar","--server.address=0.0.0.0"]
+          args: ["-Duser.home=/home/webgoat",
+                "-Djava.io.tmpdir=/home/webgoat/.webgoat-8.2.3-SNAPSHOT",
+                "-Dfile.encoding=UTF-8",
+                "-jar","/home/webgoat/webwolf.jar",
+                "--server.address=0.0.0.0"]
          imagePullPolicy: Always
          volumeMounts:
            - name: webgoat-volume-1