Support web console image for cluster up

Author: spadgett

install/origin-web-console/console-config.yaml

@@ -0,0 +1,21 @@
+kind: AssetConfig
+apiVersion: v1
+extensionDevelopment: false
+extensionProperties: null
+extensionScripts: null
+extensionStylesheets: null
+extensions: null
+loggingPublicURL: ""
+logoutURL: ""
+masterPublicURL: https://127.0.0.1:8443
+metricsPublicURL: ""
+publicURL: https://127.0.0.1:8443/console/
+servingInfo:
+  bindAddress: 0.0.0.0:8443
+  bindNetwork: tcp4
+  certFile: /var/serving-cert/tls.crt
+  clientCA: ""
+  keyFile: /var/serving-cert/tls.key
+  maxRequestsInFlight: 0
+  namedCertificates: null
+  requestTimeoutSeconds: 0

install/origin-web-console/console-template.yaml

@@ -0,0 +1,121 @@
+apiVersion: template.openshift.io/v1
+kind: Template
+metadata:
+  name: openshift-web-console
+  annotations:
+    openshift.io/display-name: OpenShift Web Console
+    description: The server for the OpenShift web console.
+    iconClass: icon-openshift
+    tags: openshift,infra
+    openshift.io/documentation-url: https://github.com/openshift/origin-web-console-server
+    openshift.io/support-url: https://access.redhat.com
+    openshift.io/provider-display-name: Red Hat, Inc.
+parameters:
+- name: IMAGE
+  value: openshift/origin-web-console:latest
+- name: NAMESPACE
+  # This namespace cannot be changed. Only `openshift-web-console` is supported.
+  value: openshift-web-console
+- name: LOGLEVEL
+  value: "0"
+- name: API_SERVER_CONFIG
+- name: NODE_SELECTOR
+  value: "{}"
+- name: REPLICA_COUNT
+  value: "1"
+objects:
+
+# to create the web console server
+- apiVersion: apps/v1beta1
+  kind: Deployment
+  metadata:
+    namespace: ${NAMESPACE}
+    name: webconsole
+    labels:
+      app: openshift-web-console
+      webconsole: "true"
+  spec:
+    replicas: "${{REPLICA_COUNT}}"
+    strategy:
+      type: Recreate
+    template:
+      metadata:
+        name: webconsole
+        labels:
+          webconsole: "true"
+      spec:
+        serviceAccountName: webconsole
+        containers:
+        - name: webconsole
+          image: ${IMAGE}
+          imagePullPolicy: IfNotPresent
+          command:
+          - "/usr/bin/origin-web-console"
+          - "--audit-log-path=-"
+          - "-v=${LOGLEVEL}"
+          - "--config=/var/webconsole-config/webconsole-config.yaml"
+          ports:
+          - containerPort: 8443
+          volumeMounts:
+          - mountPath: /var/serving-cert
+            name: serving-cert
+          - mountPath: /var/webconsole-config
+            name: webconsole-config
+          readinessProbe:
+            httpGet:
+              path: /healthz
+              port: 8443
+              scheme: HTTPS
+          livenessProbe:
+            httpGet:
+              path: /
+              port: 8443
+              scheme: HTTPS
+        nodeSelector: "${{NODE_SELECTOR}}"
+        volumes:
+        - name: serving-cert
+          secret:
+            defaultMode: 400
+            secretName: webconsole-serving-cert
+        - name: webconsole-config
+          configMap:
+            defaultMode: 440
+            name: webconsole-config
+
+# to create the config for the web console
+- apiVersion: v1
+  kind: ConfigMap
+  metadata:
+    namespace: ${NAMESPACE}
+    name: webconsole-config
+    labels:
+      app: openshift-web-console
+  data:
+    webconsole-config.yaml: ${API_SERVER_CONFIG}
+
+# to be able to assign powers to the process
+- apiVersion: v1
+  kind: ServiceAccount
+  metadata:
+    namespace: ${NAMESPACE}
+    name: webconsole
+    labels:
+      app: openshift-web-console
+
+# to be able to expose web console inside the cluster
+- apiVersion: v1
+  kind: Service
+  metadata:
+    namespace: ${NAMESPACE}
+    name: webconsole
+    labels:
+      app: openshift-web-console
+    annotations:
+      service.alpha.openshift.io/serving-cert-secret-name: webconsole-serving-cert
+  spec:
+    selector:
+      webconsole: "true"
+    ports:
+    - name: https
+      port: 443
+      targetPort: 8443

pkg/oc/bootstrap/bindata.go

@@ -849,6 +849,7 @@ func (h *Helper) updateConfig(configDir string, opt *StartOptions) error {
 		}
 		cfg.AssetConfig.ExtensionScripts = append(cfg.AssetConfig.ExtensionScripts, serviceCatalogExtensionPath)
 
+		// TODO: remove when we can detect this is enabled in origin-web-console-server
 		extension := "window.OPENSHIFT_CONSTANTS.TEMPLATE_SERVICE_BROKER_ENABLED = true;\n"
 		extensionPath := filepath.Join(configDir, "master", "servicecatalog-extension.js")
 		err = ioutil.WriteFile(extensionPath, []byte(extension), 0644)

pkg/oc/bootstrap/docker/openshift/helper.go

@@ -0,0 +1,106 @@
+package openshift
+
+import (
+	"fmt"
+	"time"
+
+	"gopkg.in/yaml.v2"
+
+	"github.com/golang/glog"
+
+	kapierrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/wait"
+	kapi "k8s.io/kubernetes/pkg/apis/core"
+
+	"github.com/openshift/origin/pkg/cmd/util/variable"
+	"github.com/openshift/origin/pkg/oc/bootstrap"
+	"github.com/openshift/origin/pkg/oc/bootstrap/docker/errors"
+	"github.com/openshift/origin/pkg/oc/cli/util/clientcmd"
+)
+
+const (
+	consoleNamespace             = "openshift-web-console"
+	consoleAPIServerTemplateName = "openshift-web-console"
+	consoleAssetConfigFile       = "install/origin-web-console/console-config.yaml"
+)
+
+// InstallWebConsole installs the web console server into the openshift-web-console namespace and waits for it to become ready
+func (h *Helper) InstallWebConsole(f *clientcmd.Factory, imageFormat string, serverLogLevel int, publicURL string, masterURL string, loggingURL string, metricsURL string) error {
+	kubeClient, err := f.ClientSet()
+	if err != nil {
+		return errors.NewError("cannot obtain API clients").WithCause(err).WithDetails(h.OriginLog())
+	}
+	templateClient, err := f.OpenshiftInternalTemplateClient()
+	if err != nil {
+		return err
+	}
+
+	// create the namespace if needed.  This is a reserved namespace, so you can't do it with the create project request
+	if _, err := kubeClient.Core().Namespaces().Create(&kapi.Namespace{ObjectMeta: metav1.ObjectMeta{Name: consoleNamespace}}); err != nil && !kapierrors.IsAlreadyExists(err) {
+		return errors.NewError("cannot create web console project").WithCause(err)
+	}
+
+	// read in the asset config YAML file like the installer
+	assetConfigYaml, err := bootstrap.Asset(consoleAssetConfigFile)
+	if err != nil {
+		return errors.NewError("cannot read web console asset config file").WithCause(err)
+	}
+
+	// prase the YAML to edit
+	var assetConfig map[string]interface{}
+	if err := yaml.Unmarshal(assetConfigYaml, &assetConfig); err != nil {
+		return errors.NewError("cannot parse web console asset config as YAML").WithCause(err)
+	}
+
+	// update asset config values
+	assetConfig["publicURL"] = publicURL
+	assetConfig["masterPublicURL"] = masterURL
+	if len(loggingURL) > 0 {
+		assetConfig["loggingPublicURL"] = loggingURL
+	}
+	if len(metricsURL) > 0 {
+		assetConfig["metricsPublicURL"] = metricsURL
+	}
+
+	// serialize it back out as a string to use as a template parameter
+	updatedAssetConfig, err := yaml.Marshal(assetConfig)
+	if err != nil {
+		return errors.NewError("cannot serialize web console asset config").WithCause(err)
+	}
+
+	imageTemplate := variable.NewDefaultImageTemplate()
+	imageTemplate.Format = imageFormat
+	imageTemplate.Latest = false
+
+	params := map[string]string{
+		"API_SERVER_CONFIG": string(updatedAssetConfig),
+		"IMAGE":             imageTemplate.ExpandOrDie("web-console"),
+		"LOGLEVEL":          fmt.Sprint(serverLogLevel),
+		"NAMESPACE":         consoleNamespace,
+	}
+	glog.V(2).Infof("instantiating web console template with parameters %v", params)
+
+	// instantiate the web console template
+	if err = instantiateTemplate(templateClient.Template(), f, OpenshiftInfraNamespace, consoleAPIServerTemplateName, consoleNamespace, params, true); err != nil {
+		return errors.NewError("cannot instantiate web console template").WithCause(err)
+	}
+
+	// wait for the apiserver endpoint to become available
+	err = wait.Poll(1*time.Second, 10*time.Minute, func() (bool, error) {
+		glog.V(2).Infof("polling for web console server availability")
+		ds, err := kubeClient.Extensions().Deployments(consoleNamespace).Get("webconsole", metav1.GetOptions{})
+		if err != nil {
+			return false, err
+		}
+		if ds.Status.ReadyReplicas > 0 {
+			return true, nil
+		}
+		return false, nil
+	})
+	if err != nil {
+		return errors.NewError(fmt.Sprintf("failed to start the web console server: %v", err))
+	}
+
+	return nil
+}

pkg/oc/bootstrap/docker/openshift/webconsole.go

@@ -114,23 +114,24 @@ var (
 		"jenkins pipeline persistent": "examples/jenkins/jenkins-persistent-template.json",
 		"sample pipeline":             "examples/jenkins/pipeline/samplepipeline.yaml",
 	}
-	// internalTemplateLocations are templates that will be registered in an internal namespace
-	// when the service catalog is requested.  These templates are compatible with both vN and vN-1
-	// clusters.  If they are not, they should be moved into the internalCurrent and internalPrevious maps.
+	// internalTemplateLocations are templates that will be registered in an internal namespace. These
+	// templates are compatible with both vN and vN-1 clusters.  If they are not, they should be moved
+	// into the internalCurrent and internalPrevious maps.
 	internalTemplateLocations = map[string]string{
 		"service catalog":                      "examples/service-catalog/service-catalog.yaml",
 		"template service broker rbac":         "install/templateservicebroker/rbac-template.yaml",
 		"template service broker registration": "install/service-catalog-broker-resources/template-service-broker-registration.yaml",
 	}
-	// internalCurrentTemplateLocations are templates that will be registered in an internal namespace
-	// when the service catalog is requested.  These templates are for the current version of openshift
-	// (vN), for when the client version matches the cluster version.
+	// internalCurrentTemplateLocations are templates that will be registered in an internal namespace.
+	// These templates are for the current version of openshift (vN), for when the client version matches
+	// the cluster version.
 	internalCurrentTemplateLocations = map[string]string{
+		"web console server template":       "install/origin-web-console/console-template.yaml",
 		"template service broker apiserver": "install/templateservicebroker/apiserver-template.yaml",
 	}
-	// internalPreviousTemplateLocations are templates that will be registered in an internal namespace
-	// when the service catalog is requested, these templates are for the previous version of openshift
-	// (vN-1) to provide N-1 support for older clusters from a newer client.
+	// internalPreviousTemplateLocations are templates that will be registered in an internal namespace.
+	// These templates are for the previous version of openshift (vN-1) to provide N-1 support for older
+	// clusters from a newer client.
 	internalPreviousTemplateLocations = map[string]string{
 		"template service broker apiserver": "install/templateservicebroker/previous/apiserver-template.yaml",
 	}
@@ -148,6 +149,7 @@ var (
 
 	openshiftVersion36 = semver.MustParse("3.6.0")
 	openshiftVersion37 = semver.MustParse("3.7.0")
+	openshiftVersion39 = semver.MustParse("3.9.0")
 )
 
 // NewCmdUp creates a command that starts OpenShift on Docker with reasonable defaults
@@ -424,9 +426,15 @@ func (c *ClientStartConfig) Complete(f *osclientcmd.Factory, cmd *cobra.Command)
 	// Import templates
 	c.addTask(conditionalTask("Importing templates", c.ImportTemplates, c.ShouldInitializeData))
 
-	// Import catalog templates
+	// Import internal templates
 	c.addTask(conditionalTask("Importing internal templates", c.ImportInternalTemplates, c.ShouldInitializeData))
 
+	// Install the web console
+	c.addTask(conditionalTask("Installing web console", c.InstallWebConsole, func() bool {
+		serverVersion, _ := c.OpenShiftHelper().ServerVersion()
+		return clusterVersionIsCurrent(serverVersion) && c.ShouldInitializeData()
+	}))
+
 	// Import logging templates
 	c.addTask(conditionalTask("Importing logging templates", c.ImportLoggingTemplates, func() bool {
 		return c.ShouldInstallLogging && c.ShouldInitializeData()
@@ -976,6 +984,33 @@ func (c *ClientStartConfig) InstallRouter(out io.Writer) error {
 	return c.OpenShiftHelper().InstallRouter(kubeClient, f, c.LocalConfigDir, c.imageFormat(), c.ServerIP, c.PortForwarding, out, os.Stderr)
 }
 
+// InstallWebConsole installs the OpenShift web console on the server
+func (c *ClientStartConfig) InstallWebConsole(out io.Writer) error {
+	f, err := c.Factory()
+	if err != nil {
+		return err
+	}
+
+	masterURL := c.OpenShiftHelper().Master(c.ServerIP)
+	if len(c.PublicHostname) > 0 {
+		masterURL = fmt.Sprintf("https://%s:8443", c.PublicHostname)
+	}
+
+	publicURL := fmt.Sprintf("%s/console/", masterURL)
+
+	metricsURL := ""
+	if c.ShouldInstallMetrics {
+		metricsURL = fmt.Sprintf("https://%s/hawkular/metrics", openshift.MetricsHost(c.RoutingSuffix, c.ServerIP))
+	}
+
+	loggingURL := ""
+	if c.ShouldInstallLogging {
+		loggingURL = fmt.Sprintf("https://%s", openshift.LoggingHost(c.RoutingSuffix, c.ServerIP))
+	}
+
+	return c.OpenShiftHelper().InstallWebConsole(f, c.imageFormat(), c.ServerLogLevel, publicURL, masterURL, loggingURL, metricsURL)
+}
+
 // ImportImageStreams imports default image streams into the server
 // TODO: Use streams compiled into oc
 func (c *ClientStartConfig) ImportImageStreams(out io.Writer) error {
@@ -1044,7 +1079,7 @@ func useAnsible(v semver.Version) bool {
 // brought up matches the client binary being used.  This needs to
 // be updated each release.
 func clusterVersionIsCurrent(v semver.Version) bool {
-	return v.GT(openshiftVersion37)
+	return v.GTE(openshiftVersion39)
 }
 
 // InstallLogging will start the installation of logging components

pkg/oc/bootstrap/docker/up.go

@@ -62,6 +62,13 @@ function os::test::extended::clusterup::skip_persistent_volumes () {
     os::cmd::expect_success_and_text "oc get pv | wc -l" "0"
 }
 
+function os::test::extended::clusterup::verify_console () {
+    os::cmd::expect_success "oc login -u system:admin"
+    os::cmd::expect_success_and_text "oc get svc -n openshift-web-console" "webconsole"
+    os::cmd::try_until_text "oc get endpoints webconsole -o jsonpath='{ .subsets[*].ports[?(@.name==\"https\")].port }' -n openshift-web-console" "8443" $(( 10*minute )) 1
+    os::cmd::expect_success "oc login -u developer"
+}
+
 function os::test::extended::clusterup::verify_metrics () {
     os::cmd::expect_success "oc login -u system:admin"
     os::cmd::expect_success_and_text "oc get pods -n openshift-infra" "metrics-deployer"
@@ -202,6 +209,13 @@ function os::test::extended::clusterup::numerichostname () {
     os::cmd::expect_success_and_text "docker exec origin cat /var/lib/origin/openshift.local.config/master/master-config.yaml" "masterPublicURL.*127\.0\.0\.1"
 }
 
+# Tests installation of console components
+function os::test::extended::clusterup::console () {
+    arg=$@
+    os::cmd::expect_success "oc cluster up $arg"
+    os::test::extended::clusterup::verify_console
+}
+
 # Tests installation of metrics components
 function os::test::extended::clusterup::metrics () {
     os::test::extended::clusterup::standard_test --metrics ${@}
@@ -260,12 +274,15 @@ readonly default_tests=(
     "portinuse"
     "svcaccess"
     "persistentvolumes"
+    "console"
 
 # logging+metrics team needs to fix/enable these tests.
 #    "metrics"
 #    "logging"
 )
 
+ORIGIN_COMMIT=${ORIGIN_COMMIT:-latest}
+
 # run each test with each of these set of additional args.  Primarily
 # intended to run the tests against different cluster versions.
 readonly extra_args=(
@@ -288,8 +305,6 @@ readonly extra_args=(
 )
 tests=("${1:-"${default_tests[@]}"}")
 
-ORIGIN_COMMIT=${ORIGIN_COMMIT:-latest}
-
 # re-tag the latest service catalog image w/ the origin commit because we didn't
 # build it locally, so we need a tag that aligns with the other images we're going to test here.
 docker pull openshift/origin-service-catalog:latest
@@ -301,16 +316,30 @@ echo "Running cluster up tests using tag $ORIGIN_COMMIT"
 docker pull openshift/origin-docker-registry:latest
 docker tag openshift/origin-docker-registry:latest openshift/origin-docker-registry:${ORIGIN_COMMIT}
 
+# Tag the web console image with the same tag as the other origin images
+docker pull openshift/origin-web-console:latest
+docker tag openshift/origin-web-console:latest openshift/origin-web-console:${ORIGIN_COMMIT}
+
 # Ensure that KUBECONFIG is not set
 unset KUBECONFIG
 for test in "${tests[@]}"; do
-  for extra_arg in "${extra_args[@]}"; do
-	cleanup_func=$("os::test::extended::clusterup::cleanup_func" "${test}")
-	# trap "${cleanup_func}; os::test::extended::clusterup::junit_cleanup" EXIT
-    os::test::extended::clusterup::run_test "${test}" "${extra_arg}"
-    # trap - EXIT
-	${cleanup_func}
-  done
+    # Special case the console tests, which only run in the current release.
+    # N-1 tests for the console should be enabled next release.
+    if [ "$test" == "console" ]; then
+        cleanup_func=$("os::test::extended::clusterup::cleanup_func" "${test}")
+        # trap "${cleanup_func}; os::test::extended::clusterup::junit_cleanup" EXIT
+        os::test::extended::clusterup::run_test "${test}" "--loglevel=2 --version=${ORIGIN_COMMIT}"
+        # trap - EXIT
+        ${cleanup_func}
+    else
+        for extra_arg in "${extra_args[@]}"; do
+            cleanup_func=$("os::test::extended::clusterup::cleanup_func" "${test}")
+            # trap "${cleanup_func}; os::test::extended::clusterup::junit_cleanup" EXIT
+            os::test::extended::clusterup::run_test "${test}" "${extra_arg}"
+            # trap - EXIT
+            ${cleanup_func}
+        done
+    fi
 done
 
 # os::test::extended::clusterup::junit_cleanup