Add workshop installing Contour into virtual cluster.

README.md

@@ -20,6 +20,10 @@ Workshops included are:
   automatic creation of a virtual cluster with full admin access to the cluster
   using `helm` resources.
 
+* [lab-contour-vcluster](workshops/lab-contour-vcluster) - A workshop
+  demonstrating installation of Contour ingress controller into a virtual
+  cluster rather than using underlying cluster ingress.
+
 * [lab-shared-vcluster](workshops/lab-shared-vcluster) - A workshop
   demonstrating creation of a shared virtual cluster for the whole workshop
   environment, with workshops users getting access to only a single namespace in

resources/trainingportal.yaml

@@ -34,6 +34,11 @@ spec:
     overtime: 10m
     deadline: 60m
     orphaned: 5m
+  - name: lab-contour-vcluster
+    expires: 40m
+    overtime: 10m
+    deadline: 60m
+    orphaned: 5m
   - name: lab-shared-vcluster
     expires: 40m
     overtime: 10m

workshops/lab-contour-vcluster/README.md

@@ -0,0 +1,5 @@
+Contour vcluster
+================
+
+A workshop demonstrating installation of Contour ingress controller into a
+virtual cluster rather than using underlying cluster ingress.

workshops/lab-contour-vcluster/resources/workshop.yaml

@@ -0,0 +1,222 @@
+---
+apiVersion: training.educates.dev/v1beta1
+kind: Workshop
+metadata:
+  name: "lab-contour-vcluster"
+spec:
+  title: "Test of Contour with a virtual cluster"
+  description: "Test of installing Contour into a virtual cluster."
+  publish:
+    image: $(image_repository)/labs-vcluster-testing/lab-contour-vcluster-files:$(workshop_version)
+    files:
+    - directory:
+        path: workshop
+      path: workshop
+    - directory:
+        path: ../../packages
+      path: packages
+  workshop:
+    files:
+    - image:
+        url: $(image_repository)/labs-vcluster-testing/lab-contour-vcluster-files:$(workshop_version)
+      includePaths:
+      - workshop/**
+  session:
+    namespaces:
+      budget: x-large
+      security:
+        policy: baseline
+        token:
+          enabled: false
+    applications:
+      terminal:
+        enabled: true
+        layout: split
+      editor:
+        enabled: true
+      console:
+        enabled: true
+        vendor: octant
+        octant:
+          version: latest
+      vcluster:
+        enabled: false
+    volumes:
+    - name: admin-credentials-config
+      secret:
+        secretName: $(session_name)-kubeconfig
+    volumeMounts:
+    - name: admin-credentials-config
+      mountPath: /opt/kubeconfig
+    objects:
+    - apiVersion: v1
+      kind: Secret
+      metadata:
+        name: $(session_name)-contour-vcluster-values
+        namespace: $(workshop_namespace)
+      stringData:
+        values.yaml: |
+          vcluster:
+            image: rancher/k3s:v1.25.3-k3s1
+          syncer:
+            extraArgs:
+            - --tls-san=contour-vcluster.$(session_namespace).svc.$(cluster_domain)
+            - --out-kube-config-server=https://contour-vcluster.$(session_namespace).svc.$(cluster_domain)
+          mapServices:
+            fromVirtual:
+            - from: projectcontour/contour-envoy
+              to: contour-envoy
+          init:
+            manifests: |-
+              apiVersion: v1
+              kind: Namespace
+              metadata:
+                name: projectcontour
+              ---
+              # The helmTemplate support in App for kapp-controller appears to
+              # be buggy and requires namespace the same name as that holding
+              # the App in the local cluster to exist in the target cluster when
+              # using kubeconfig.
+              apiVersion: v1
+              kind: Namespace
+              metadata:
+                name: $(session_namespace)
+    - apiVersion: kappctrl.k14s.io/v1alpha1
+      kind: App
+      metadata:
+        name: $(session_name)-contour-vcluster-package
+        namespace: $(workshop_namespace)
+      spec:
+        serviceAccountName: kapp-installer
+        syncPeriod: 720h
+        noopDelete: true
+        fetch:
+        - helmChart:
+            name: vcluster
+            repository:
+              url: https://charts.loft.sh
+        template:
+        - helmTemplate:
+            name: contour-vcluster
+            namespace: $(session_namespace)
+            valuesFrom:
+            - secretRef:
+                name: $(session_name)-contour-vcluster-values
+        - ytt:
+            inline:
+              paths:
+                overlays.yaml: |
+                  #@ load("@ytt:data", "data")
+                  #@ load("@ytt:overlay", "overlay")
+                  #@overlay/match by=overlay.all, expects="1+"
+                  ---
+                  metadata:
+                    #@overlay/match missing_ok=True
+                    ownerReferences:
+                      - apiVersion: training.educates.dev/v1beta1
+                        kind: WorkshopSession
+                        blockOwnerDeletion: true
+                        controller: true
+                        name: $(session_name)
+                        uid: $(workshop_session_uid)
+        deploy:
+        - kapp:
+            rawOptions:
+            - --app-changes-max-to-keep=5
+    - apiVersion: v1
+      kind: Secret
+      metadata:
+        name: contour-values
+      stringData:
+        values.yaml: |
+          envoy:
+            service:
+              type: ClusterIP
+              externalTrafficPolicy: null
+            useHostPort: false
+    - apiVersion: kappctrl.k14s.io/v1alpha1
+      kind: App
+      metadata:
+        name: contour-package
+      spec:
+        noopDelete: true
+        syncPeriod: 24h
+        cluster:
+          namespace: default
+          kubeconfigSecretRef:
+            name: vc-contour-vcluster
+            key: config
+        fetch:
+        - helmChart:
+            name: contour
+            repository:
+              url: https://charts.bitnami.com/bitnami
+        template:
+        - helmTemplate:
+            name: contour
+            namespace: projectcontour
+            valuesFrom:
+            - secretRef:
+                name: contour-values
+        deploy:
+        - kapp:
+            rawOptions:
+            - --app-changes-max-to-keep=5
+    - apiVersion: networking.k8s.io/v1
+      kind: Ingress
+      metadata:
+        name: contour
+        annotations:
+          "nginx.ingress.kubernetes.io/proxy-send-timeout": "3600"
+          "nginx.ingress.kubernetes.io/proxy-read-timeout": "3600"
+          "projectcontour.io/websocket-routes": "/"
+          "projectcontour.io/response-timeout": "3600s"
+      spec:
+        rules:
+        - host: "*.$(session_name).$(ingress_domain)"
+          http:
+            paths:
+            - path: /
+              pathType: Prefix
+              backend:
+                  service:
+                      name: contour-envoy
+                      port:
+                        number: 80
+    - apiVersion: secrets.educates.dev/v1beta1
+      kind: SecretCopier
+      metadata:
+        name: $(session_name)-kubeconfig
+      spec:
+        rules:
+        - sourceSecret:
+            name: vc-contour-vcluster
+            namespace: $(session_namespace)
+          targetNamespaces:
+            nameSelector:
+              matchNames:
+              - $(workshop_namespace)
+          targetSecret:
+            name: $(session_name)-kubeconfig
+  environment:
+    assets:
+      files:
+      - image:
+          url: $(image_repository)/labs-vcluster-testing/lab-contour-vcluster-files:$(workshop_version) 
+    objects:
+    - apiVersion: v1
+      kind: ServiceAccount
+      metadata:
+        name: kapp-installer
+    - apiVersion: rbac.authorization.k8s.io/v1
+      kind: ClusterRoleBinding
+      metadata:
+        name: kapp-installer-$(workshop_namespace)
+      roleRef:
+        apiGroup: rbac.authorization.k8s.io
+        kind: ClusterRole
+        name: cluster-admin
+      subjects:
+        - kind: ServiceAccount
+          name: kapp-installer
+          namespace: $(workshop_namespace)

workshops/lab-contour-vcluster/workshop/content/00-workshop-overview.md

@@ -0,0 +1,15 @@
+---
+title: Workshop Overview
+---
+
+```terminal:execute
+command: helm install --set ingress.enabled=true --set ingress.hostname=apache.{{< param session_name >}}.{{< param ingress_domain >}} httpd oci://registry-1.docker.io/bitnamicharts/apache
+```
+
+```terminal:execute
+command: kubectl rollout status deployment/httpd-apache
+```
+
+```terminal:execute
+command: curl http://apache.{{< param session_name >}}.{{< param ingress_domain >}}
+```

workshops/lab-contour-vcluster/workshop/content/01-workshop-instructions.md

@@ -0,0 +1,5 @@
+---
+title: Workshop Instructions
+---
+
+This is the first page of the workshop instructions, create as many separate pages as you need to. If necessary pages can be located in sub directories to provided grouping.

workshops/lab-contour-vcluster/workshop/content/99-workshop-summary.md

@@ -0,0 +1,5 @@
+---
+title: Workshop Summary
+---
+
+This is the last page of the workshop. Include in this page a summary of the workshop and any links to resources relevant to the workshop. This ensures anyone doing the workshop has material they can research later to learn more.