First few exercises added (#1)

The following exercises to get familiar with Airlock Microgateway have been added:

* Getting started
* Protecting a backend service
* OpenAPI
* Deny rules

Author: dieti80

.scripts/cleanup.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+set -euo pipefail
+
+echo ""
+echo "-------------------------------------------------"
+echo "| cleaning up ..."
+echo "-------------------------------------------------"
+echo ""
+kubectl delete all,ingress,configmap,secrets -l purpose=microgateway-tutorial --wait=true

.scripts/display_info.sh

@@ -0,0 +1,58 @@
+#!/bin/bash
+set -euo pipefail
+
+echo ""
+echo "-------------------------------------------------"
+echo "| displaying deployment state ..."
+echo "-------------------------------------------------"
+echo ""
+kubectl get all
+
+echo ""
+echo "-------------------------------------------------"
+echo "| describing pods ..."
+echo "-------------------------------------------------"
+echo ""
+kubectl describe pod -l purpose=microgateway-tutorial
+
+echo ""
+echo "-------------------------------------------------"
+echo "| displaying configmaps (configuration) ..."
+echo "-------------------------------------------------"
+echo ""
+kubectl describe configmap -l purpose=microgateway-tutorial
+
+echo ""
+echo "-------------------------------------------------"
+echo "| displaying microgateway secrets ..."
+echo "-------------------------------------------------"
+echo ""
+kubectl describe secret -l purpose=microgateway-tutorial
+
+echo ""
+echo "-------------------------------------------------"
+echo "| displaying microgateway service ..."
+echo "-------------------------------------------------"
+echo ""
+kubectl describe service -l purpose=microgateway-tutorial
+
+echo ""
+echo "-------------------------------------------------"
+echo "| displaying ingress ..."
+echo "-------------------------------------------------"
+echo ""
+kubectl describe ingress -l purpose=microgateway-tutorial
+
+echo ""
+echo "-------------------------------------------------"
+echo "| displaying microgateway configbuilder log ..."
+echo "-------------------------------------------------"
+echo ""
+kubectl logs -l purpose=microgateway-tutorial -l app=microgateway -c configbuilder
+
+echo ""
+echo "-------------------------------------------------"
+echo "| displaying logs for all pods ..."
+echo "-------------------------------------------------"
+echo ""
+kubectl logs -l purpose=microgateway-tutorial

.scripts/run.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+
+display_usage() {
+        echo "Usage: $0 tutorial_dir"
+        echo "tutorial_dir: Tutorial to run. Should point to an Exercise or Solution folder of an exercise."
+        echo "Example: $0 getting-started/solution"
+        }
+
+if [ -n "$1" ]; then
+        TUTORIAL_DIR=$1
+else
+        echo "Please provide a tutorial directory..."
+        display_usage
+        exit 1
+fi
+
+.scripts/run_tutorial.sh $TUTORIAL_DIR
+
+EXITCODE=$?
+if [ $EXITCODE -ne 0 ]; then
+
+  .scripts/display_info.sh 
+  echo ""
+  echo "**************************************************"
+  echo "* Deployment NOK                                 *"
+  echo "**************************************************"
+  echo ""
+  exit $EXITCODE
+fi
+
+echo ""
+echo "**************************************************"
+echo "* Deployment OK                                  *"
+echo "**************************************************"
+echo ""

.scripts/run_tutorial.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+set -euo pipefail
+
+display_usage() {
+        echo "Usage: $0 tutorial_dir"
+        echo "tutorial_dir: Tutorial to run. Should point to an Exercise or Solution folder of an exercise."
+        echo "Example: $0 Getting_used_to_DSL/Excercise"
+        }
+
+if [ -n "$1" ]; then
+        TUTORIAL_DIR=$1
+else
+        echo "Please provide a tutorial directory..."
+        display_usage
+        exit 1
+fi
+
+.scripts/cleanup.sh
+
+echo ""
+echo "-------------------------------------------------"
+echo "| deploying tutorial ..."
+echo "-------------------------------------------------"
+echo ""
+kubectl apply -k $TUTORIAL_DIR
+kubectl wait --for=condition=ready --timeout=120s pod -l purpose=microgateway-tutorial
+
+echo ""
+echo "-------------------------------------------------"
+echo "| verifying tutorial ..."
+echo "-------------------------------------------------"
+echo ""
+sleep 1
+.scripts/verify.sh $TUTORIAL_DIR

.scripts/verify.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+
+display_usage() {
+        echo "Usage: $0 tutorial_dir\n"
+        echo "tutorial_dir: Tutorial to verify. Should point to an Exercise or Solution folder of an exercise."
+        echo "Example: $0 getting-started/solution"
+        }
+
+if [ -n "$1" ]; then
+        TUTORIAL_DIR=$1
+else
+        echo "Please provide a tutorial directory..."
+        display_usage
+        exit 1
+fi
+
+mgw_status="$(kubectl get pod -l app=microgateway --no-headers -o custom-columns=":status.phase")"
+
+if [[ $mgw_status == Running ]]; then
+    echo "OK: Microgateway is running"
+else
+    echo "NOK: Microgateway is not running: $mgw_status"
+    exit 1
+fi
+
+if [[ -f "${TUTORIAL_DIR}/../.scripts/verify.sh" ]]; then
+    ${TUTORIAL_DIR}/../.scripts/verify.sh
+fi

.templates/echoserver/deployment.yaml

@@ -0,0 +1,26 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: echoserver
+  labels:
+    app: echoserver
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: echoserver
+  template:
+    metadata:
+      labels:
+        app: echoserver
+    spec:
+      imagePullSecrets:
+        - name: dockerregcred
+      containers:
+        - name: echoserver
+          image: k8s.gcr.io/echoserver:1.10
+          imagePullPolicy: IfNotPresent
+          ports:
+            - name: http
+              containerPort: 8080

.templates/echoserver/kustomization.yaml

@@ -0,0 +1,10 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - deployment.yaml
+  - service.yaml
+
+commonLabels:
+  purpose: microgateway-tutorial

.templates/echoserver/service.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: echoserver
+  labels:
+    app: echoserver
+spec:
+  selector:
+    app: echoserver
+  ports:
+    - name: http
+      port: 8080
+      targetPort: http

.templates/ingress/ingress.yaml

@@ -0,0 +1,23 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ingress-microgateway-default
+  labels:
+    app: microgateway
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/backend-protocol: https
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/proxy-ssl-verify: "false"
+spec:
+  rules:
+    - http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: microgateway
+                port:
+                  name: https

.templates/ingress/kustomization.yaml

@@ -0,0 +1,9 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ingress.yaml
+
+commonLabels:
+  purpose: microgateway-tutorial

.templates/jwt-secrets/kustomization.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+commonLabels:
+  purpose: microgateway-tutorial
+
+secretGenerator:
+  - name: jwt-secrets
+    literals:
+      - JWT_DECRYPTION_KEY=c3VwZXJsb25ndGV4dHRoYXRpc3VzZWRmb3Jqd3R0b2tlbgo=
+      - JWT_AUTH_CODE=superlongtextthatisusedforjwttoken

.templates/mariadb/config/my.cnf

@@ -0,0 +1,25 @@
+[mysqld]
+skip-name-resolve
+explicit_defaults_for_timestamp
+basedir=/opt/bitnami/mariadb
+plugin_dir=/opt/bitnami/mariadb/plugin
+port=3306
+socket=/opt/bitnami/mariadb/tmp/mysql.sock
+tmpdir=/opt/bitnami/mariadb/tmp
+max_allowed_packet=16M
+bind-address=0.0.0.0
+pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid
+log-error=/opt/bitnami/mariadb/logs/mysqld.log
+character-set-server=UTF8
+collation-server=utf8_general_ci
+
+[client]
+port=3306
+socket=/opt/bitnami/mariadb/tmp/mysql.sock
+default-character-set=UTF8
+plugin_dir=/opt/bitnami/mariadb/plugin
+
+[manager]
+port=3306
+socket=/opt/bitnami/mariadb/tmp/mysql.sock
+pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid

.templates/mariadb/kustomization.yaml

@@ -0,0 +1,22 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - statefulset.yaml
+  - service.yaml
+  - serviceaccount.yaml
+
+commonLabels:
+  purpose: microgateway-tutorial
+
+configMapGenerator:
+  - name: mariadb
+    files:
+      - config/my.cnf
+
+secretGenerator:
+  - name: mariadb
+    literals:
+      - mariadb-root-password=secretpassword
+      - mariadb-password=TF9SkeLInU

.templates/mariadb/service.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: mariadb
+  labels:
+    app: mariadb
+spec:
+  selector:
+    app: mariadb
+  ports:
+    - name: mysql
+      port: 3306
+      protocol: TCP
+      targetPort: mysql
+      nodePort: null
+  type: ClusterIP

.templates/mariadb/serviceaccount.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: mariadb
+  labels:
+    app: mariadb