{"id":18291168,"url":"https://github.com/rhecosystemappeng/tetrate-discovery","last_synced_at":"2025-04-05T10:30:57.619Z","repository":{"id":49526230,"uuid":"517742225","full_name":"RHEcosystemAppEng/tetrate-discovery","owner":"RHEcosystemAppEng","description":null,"archived":false,"fork":false,"pushed_at":"2022-09-26T20:17:47.000Z","size":156,"stargazers_count":1,"open_issues_count":0,"forks_count":5,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-03-21T02:51:17.903Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RHEcosystemAppEng.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-07-25T16:33:27.000Z","updated_at":"2022-09-21T13:59:29.000Z","dependencies_parsed_at":"2023-01-18T23:15:46.350Z","dependency_job_id":null,"html_url":"https://github.com/RHEcosystemAppEng/tetrate-discovery","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RHEcosystemAppEng%2Ftetrate-discovery","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RHEcosystemAppEng%2Ftetrate-discovery/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RHEcosystemAppEng%2Ftetrate-discovery/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RHEcosystemAppEng%2Ftetrate-discovery/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RHEcosystemAppEng","download_url":"https://codeload.github.com/RHEcosystemAppEng/tetrate-discovery/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247324504,"owners_count":20920659,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-05T14:13:24.882Z","updated_at":"2025-04-05T10:30:57.118Z","avatar_url":"https://github.com/RHEcosystemAppEng.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# TSB Install via Scripts\n\n\n- [Sync Images](#sync-images)\n- [Prereqs](#prereqs)\n- [Management Plane](#management-plane)\n- [Control Plane](#control-plane)\n- [Validate](#validate)\n- [Clean Up](#clean-up)\n\n## Sync Images\n\n- IGNORE THIS, continue to prereqs!! - \n\nThe first step of using TSB is syncing the images to your own personal image repository. These step is already done for Red Hat's work with Tetrate. _You can skip this step._\n\n- Make sure `demo-scripts/deployment/00-download.sh` has your repo under `REPO` on line 3.\n\nRun script to pull images and push to your personal image repo:\n\n```bash\n./demo-scripts/deployment/00-download.sh coreos\n```\n\n## Prereqs\n\nConfigure credentials and prepare scripts to run   \n\n- Copy the `bash` section of `credentials.md` to `~/credentials.env` and ensure `APIUSER` and `APIKEY` are adjusted according to the credentials given by Tetrate. `OC_PASSWORDS` should be the OpenShift kubeadmin passwords.\n\nConfigure `demo-scripts/variables/coreos.env`\n\nWe are running TSB on a single cluster for now, therefore the `OC_PASSWORDS`, `CLUSTER_LIST` will have on element in the array, leave the second array element as is to preserve the structure of the files.\n\n- line 11 should be the Clusters names according to the ingress, obtained by (this must be precise):\n   -  `kubectl get ingresses.config/cluster --template='{{.spec.domain}}' | sed 's/apps.//g' | cut -f1 -d\".\"`\n- line 15 is the DNS_DOMAIN, obtained by (this must be precise): \n   -  `kubectl get ingresses.config/cluster --template='{{.spec.domain}}' | sed 's/apps.//g' | cut -f2-4 -d\".\"`\n- line 24 should be the OCP kubeadmin passwords in an array. (again, only the first element)\n\nDownload and install [tctl](https://docs.tetrate.io/service-bridge/1.5.x/en-us/reference/cli/guide/index#installation), make sure you are installing `1.5.0` so that the images that have been pushed work correctly.\n\n## Management Plane\n\nDeploy Management Plane: \n\n```bash\n./demo-scripts/deployment/01-deploy-management-plane.sh coreos\n```\n\n- line 12 of `demo-scripts/deployment/01-deploy-management-plane.sh` shows the images are being pulled from my personal repository, this is okay, **keep this**.\n\nAt the end of the running this script, you will see an output similar to the following:\n\n```bash\n==========================\nTSB UI Access\n--------------------------\n\nhttps://tsb.apps.gcp-mgmt1-cwylie.fsi-env2.rhecoeng.com\n\nCredentials are admin/Tetrate1\n```\n\n- Go to the URL in the browser and see **Your connection is not private** warning\n- click on the background of the webpage\n- type \"thisisunsafe\"\n- sign in with admin and Tetrate1\n\n\n\n## Control Plane\n\nGenerate the script to deploy the control plane: \n\n```bash\n ./demo-scripts/deployment/02a-manual-deploy-cp.sh coreos 0\n```\n\nThe output after running the above script will show:\n\n```bash\nExamine file /tmp/command-xxxx.sh and apply commands accordingly\n```\n\nTo deploy the actual manifests on the CP, run the shell script\n\n```bash\nbash /tmp/command-xxxx.sh\n```\n\nWatch the logs of the TSB Operator while the control plane installs, there will be errors at first and the operator will restart, keep watching:\n\n```bash\nkubectl logs -n istio-system -l name=tsb-operator -f\n```\n\nIf you get a cert-manager error, (which you will):\n\n```bash \n2022-09-01T18:42:17.635024Z     error   controller.controlplane-controller      Reconciler error        {\"name\": \"controlplane\", \"namespace\": \"istio-system\", \"error\": \"cert-manager already installed but not owned by tsb operator. Try setting managed: EXTERNAL\"}\n```\n\nPatch  the control plane operator to set the cert-manager as externally managed (in a new tab while the script continues to run):\n\n```bash\nkubectl -n istio-system patch controlplanes.install.tetrate.io controlplane --type='json' -p='[{\"op\": \"add\", \"path\": \"/spec/components/internalCertProvider/certManager\", \"value\": {\"managed\": \"EXTERNAL\"}}]'\n```\n\nAfter the script runs you should be fully installed.\n\n\n## Validate\n\n- Go to the UI\n- on the left side, under \"Tenant\", click \"Dashboard\"\n- click \"SELECT CLUSTER-NAMESPACES\"\n- under tenant, select \"partner-validation-tenant\", namespace \"bookinfo\", select the box\n- click select\n\nYou should see:\n\n![ui](ui.png)\n\n## Clean Up\n\nData Planes take care of deploying ingress gateways, step one is to delete all the `IngressGateways`:\n\n```bash\nkubectl delete ingressgateways.install.tetrate.io \\\n    --all --all-namespaces\n```\n\nTo gracefully remove the `istio-operator` deployment, scale and delete remaining objects in the data plane operator namespace:\n\n```bash\nkubectl -n istio-gateway scale deployment \\\n    tsb-operator-data-plane --replicas=0\nkubectl -n istio-gateway delete \\\n    istiooperators.install.istio.io --all\nkubectl -n istio-gateway delete deployment --all\n```\n\nClean up the validation and mutation webhooks for the data planes:\n\n```bash\nkubectl delete \\\n    validatingwebhookconfigurations.admissionregistration.k8s.io \\\n    tsb-operator-data-plane-egress \\\n    tsb-operator-data-plane-ingress \\\n    tsb-operator-data-plane-tier1\nkubectl delete \\\n    mutatingwebhookconfigurations.admissionregistration.k8s.io \\\n    tsb-operator-data-plane-egress \\\n    tsb-operator-data-plane-ingress \\\n    tsb-operator-data-plane-tier1\n```\n\nDelete IstioOperator for the control planes:\n\n```bash\nkubectl delete controlplanes.install.tetrate.io --all --all-namespaces\n```\n\nClean up the validation and mutation webhooks for the control planes:\n\n```bash\nkubectl delete \\\n    validatingwebhookconfigurations.admissionregistration.k8s.io \\\n    tsb-operator-control-plane\nkubectl delete \\\n    mutatingwebhookconfigurations.admissionregistration.k8s.io \\\n    tsb-operator-control-plane\nkubectl delete \\\n    validatingwebhookconfigurations.admissionregistration.k8s.io \\\n    xcp-edge-istio-system\n```\n\nDelete the deployments in the control plane:\n\n```bash\nkubectl  delete deploy -n istio-system --all --force \n```\n\nDelete the Cluster \n\n```bash\ntctl delete cluster tetrate\n```\n\nDelete the Tenant\n\n```bash\ntctl delete tenant partner-validation-tenant\n```\n\n\nClean up cluster-scoped resources: (TODO)\n\n```bash\nkubectl delete clusterrole xcp-operator-edge\nkubectl delete clusterrolebinding xcp-operator-edge\n```\n\nClean up management plane cr: \n\n```bash\nkubectl -n tsb delete managementplanes.install.tetrate.io --all\n```\n\nClean up management plane operator:\n\n```bash\nkubectl -n tsb delete deployment tsb-operator-management-plane\n```\n\nClean up the validation and mutation webhooks for the management plane:\n\n```bash\nkubectl delete \\\n    validatingwebhookconfigurations.admissionregistration.k8s.io \\\n    tsb-operator-management-plane\nkubectl delete \\\n    mutatingwebhookconfigurations.admissionregistration.k8s.io \\\n    tsb-operator-management-plane\nkubectl delete \\\n    validatingwebhookconfigurations.admissionregistration.k8s.io \\\n    xcp-central-tsb\nkubectl delete \\\n    mutatingwebhookconfigurations.admissionregistration.k8s.io \\\n    xcp-central-tsb\n```\n\nClean up the control plane CRDs:\n\n```bash\nkubectl delete crd \\\n    clusters.xcp.tetrate.io \\\n    controlplanes.install.tetrate.io \\\n    edgexcps.install.xcp.tetrate.io \\\n    egressgateways.gateway.xcp.tetrate.io \\\n    egressgateways.install.tetrate.io \\\n    gatewaygroups.gateway.xcp.tetrate.io \\\n    globalsettings.xcp.tetrate.io \\\n    ingressgateways.gateway.xcp.tetrate.io \\\n    ingressgateways.install.tetrate.io \\\n    securitygroups.security.xcp.tetrate.io \\\n    securitysettings.security.xcp.tetrate.io \\\n    servicedefinitions.registry.tetrate.io \\\n    serviceroutes.traffic.xcp.tetrate.io \\\n    tier1gateways.gateway.xcp.tetrate.io \\\n    tier1gateways.install.tetrate.io \\\n    trafficgroups.traffic.xcp.tetrate.io \\\n    trafficsettings.traffic.xcp.tetrate.io \\\n    workspaces.xcp.tetrate.io \\\n    workspacesettings.xcp.tetrate.io \\\n    --ignore-not-found\n```\n\nClean up the management plane CRDs:\n\n```bash\nkubectl delete crd \\\n    centralxcps.install.xcp.tetrate.io \\\n    clusters.xcp.tetrate.io \\\n    egressgateways.gateway.xcp.tetrate.io \\\n    egressgateways.install.tetrate.io \\\n    gatewaygroups.gateway.xcp.tetrate.io \\\n    globalsettings.xcp.tetrate.io \\\n    ingressgateways.gateway.xcp.tetrate.io \\\n    ingressgateways.install.tetrate.io \\\n    managementplanes.install.tetrate.io \\\n    securitygroups.security.xcp.tetrate.io \\\n    securitysettings.security.xcp.tetrate.io \\\n    servicedefinitions.registry.tetrate.io \\\n    serviceroutes.traffic.xcp.tetrate.io \\\n    tier1gateways.gateway.xcp.tetrate.io \\\n    tier1gateways.install.tetrate.io \\\n    trafficgroups.traffic.xcp.tetrate.io \\\n    trafficsettings.traffic.xcp.tetrate.io \\\n    workspaces.xcp.tetrate.io \\\n    workspacesettings.xcp.tetrate.io\n```\n\n\nClean up the application namespace:\n\n```bash\n# Kubernetes Resources\nkubectl delete deploy,rolebinding,role --all --force --grace-period=0 -n bookinfo\n\n# Secondary Kubernetes Resources\nkubectl delete endpointslice,ep,svc,sa,secret,podmetrics,cm,hpa,poddisruptionbudget,po -n bookinfo --all --force --grace-period=0 -n bookinfo\n```\n\n\nClean up the Data Plane:\n\n```bash\n# Secondary Kubernetes Resources\nkubectl delete po,cm,secret,svc,ep,lease,endpointslice,podmetrics,job,cronjob --all --force --grace-period=0 -n istio-gateway\n```\n\nClean up the Control Plane:\n\n```bash\n# TSB Resources \u0026 manually remove finalizer from istiooperator\n# xcp-edge-internal edge-validation\nkubectl delete lease,controlplane,gatewaygroup,istiooperator,edgexcp,workspace,edgedirectory --all -n istio-system\n\n# Network Resource\nkubectl delete net-attach-def --all -n istio-system\n\n# Istio Resources\nkubectl delete dr,envoyfilter --all -n istio-system\n\n# Cert Manager resource\nkubectl delete issuer,certificaterequests,certificates --all -n istio-system\n\n# Kubernetes Resources\nkubectl delete deploy --all -n istio-system\n\n# Secondary Kubernetes Resources\nkubectl delete po,svc,ep,sa,hpa,rolebinding,role,hpa,endpointslice,podmetrics,poddisruptionbudget,job,cronjob --force --grace-period=0 --all -n istio-system\n\n```\n\nClean Up the Management Plane:\n\n```bash\n# TSB resources\nkubectl delete cluster,workspace,gatewaygroup,ingressgateway,tier1gateway,managementplane,centralxcp --all -n tsb\n\n# Cert Manager resource\nkubectl delete issuer,certificaterequests,certificates --all -n tsb\n\n# Kubernetes Resources\nkubectl delete deploy,netpol --all -n tsb\n\n# Secondary Kubernetes Resources\nkubectl delete po,cm,ep,pvc,route,svc,rolebinding,role,svc,sa,job,secret,cronjob,podmetrics --force --grace-period=0 --all -n tsb\n```\n\nClean Up the xcp-multicluster namespace:\n\n```bash\n# Istio Resources\nkubectl delete dr,se --all -n xcp-multicluster\n\n# Kubernetes Resources\nkubectl delete cm,secret,sa,role,rolebinding,po,job,cronjob --force --grace-period=0  --all -n xcp-multicluster\n```\n\n\nClean Up the Cert-Manager namespace:\n\n```bash\n# Cert-manager Resources\nkubectl delete clusterissuer --all\n\n# Kubernetes Resources\nkubectl delete deploy,ep,endpointslice,podmetrics --all  -n cert-manager\n\n# Secondary Kubernetes Resources\nkubectl delete cm,secret,sa,role,rolebinding,po,job,cronjob --all --force --grace-period=0 -n cert-manager\n```\n\n\nClean Up cluster scoped resources:\n\n```bash\nkubectl get clusterrole | grep tsb | awk '{print $1}' | xargs kubectl delete clusterrole  \n\nkubectl get clusterrole | grep istio | awk '{print $1}' | xargs kubectl delete clusterrole  \n\nkubectl get clusterrole | grep cert-manager | awk '{print $1}' | xargs kubectl delete clusterrole \n\nkubectl get clusterrolebinding | grep tsb | awk '{print $1}' | xargs kubectl delete clusterrolebinding  \n\nkubectl get clusterrolebinding | grep istio | awk '{print $1}' | xargs kubectl delete clusterrolebinding  \n\nkubectl get clusterrolebinding | grep cert-manager | awk '{print $1}' | xargs kubectl delete clusterrolebinding\n```\n\nClean Up the CRDS:\n\n```bash\n# Tetrate CRDs\nkubectl get crd | grep tetrate | awk '{print $1}' | xargs kubectl delete crd\n\n# Cert-manager CRDs\nkubectl get crd | grep cert-manager | awk '{print $1}' | xargs kubectl delete crd\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frhecosystemappeng%2Ftetrate-discovery","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frhecosystemappeng%2Ftetrate-discovery","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frhecosystemappeng%2Ftetrate-discovery/lists"}