Brett Tofel bentito

where the namespace I will run metering in is btofel:

oc new-app -n btofel -e MYSQL_USER=mysql -e MYSQL_PASSWORD=password -e MYSQL_DATABASE=hive_metastore -e MYSQL_ROOT_PASSWORD=password  mysql:5.7

Build Code Ready Containers - With OKD This Page Is A Work In Progress

Stay tuned for full instructions

One time setup

dnf -y module install virt
dnf -y install jq golang-bin gcc-c++ golang make zip wget git bash-completion libguestfs-tools virt-install

From PR operator-framework/operator-registry#748 build this version of OPM then :

opm index prune --from-index registry.redhat.io/redhat/redhat-operator-index:v4.10 -c docker --packages cluster-logging

(will need to docker login redhat registry) then: docker push the pared down index, for ex:

AWS STS pod Identity Steps

oc login -u kubeadmin -p zXqDV-wqxpa-YTV7N-hNpgV https://api.crc.testing:6443
oc get -n openshift-kube-apiserver cm -o json bound-sa-token-signing-certs | jq -r '.data["service-account-001.pub"]' > sa-signer-pkcs8.pub
bin/self-hosted-darwin -key "sa-signer-pkcs8.pub" | jq '.keys += [.keys[0]] | .keys[1].kid = ""' > "keys.json"
aws s3 mb s3://btofel-sts-test --profile redhat-openshift-dev
aws s3 cp keys.json s3://btofel-sts-test --profile redhat-openshift-dev --acl public-read
cp ~/hold_code/discovery.json . 
vi discovery.json (verify it has bucket URL params to match above)
aws s3 cp discovery.json s3://btofel-sts-test/.well-known/openid-configuration --profile redhat-openshift-dev --acl public-read

To enable faster dev process with OpenShift Local (CRC) where you can push dev images to the local internal registry included with OpenShift and pull those same images internally in the cluster you need to follow these steps:

Push images to OpenShift Local's image registry, must be labeled like:

REGISTRY=$(oc get route/default-route -n openshift-image-registry -o=jsonpath='{.spec.host}'); \
IMAGE_PUSH=$($REGISTRY/openshift/pod-identity-webhook:0.4) \

or simpler and actually working:

cd ~/workspace/sa-key-rotation
cd jwks
go run jwks.go ../../aws-pod-identity-webhook/sa-signer-pkcs8.pub ../../cloud-credential-operator/new/serviceaccount-signer.public
cat keys.json
S3_BUCKET_NAME=btofel-sts-test &&  aws s3 cp keys.json s3://${S3_BUCKET_NAME} --profile redhat-openshift-dev --acl public-read
PRIVKEY=`base64 -i ../cloud-credential-operator/new/serviceaccount-signer.private`
PUBKEY=`base64 -i ../cloud-credential-operator/new/serviceaccount-signer.public`
oc patch secret next-bound-service-account-signing-key -n openshift-kube-apiserver-operator --type=json -p '[{"op":"replace","path":"/data/service-account.key","value":"'"$PRIVKEY"'"},{"op":"replace","path":"/data/service-account.pub","value":"'"$PUBKEY"'"}]'

	│ Exception in thread "main" 2020-10-13T17:23:10.464510059Z java.lang.NoSuchMethodError: com.google.common.base.Preconditions.checkArgument(ZLjava/lang/String;Ljava/lang/Object;)V2020-10-13T17:23:10.464518738Z │
	│ at org.apache.hadoop.conf.Configuration.set(Configuration.java:1382)2020-10-13T17:23:10.464616395Z │
	│ at org.apache.hadoop.conf.Configuration.set(Configuration.java:1363)2020-10-13T17:23:10.464630106Z │
	│ at org.apache.hadoop.mapred.JobConf.setJar(JobConf.java:536)2020-10-13T17:23:10.464669465Z │
	│ at org.apache.hadoop.mapred.JobConf.setJarByClass(JobConf.java:554)

	# Requires
	# OPM, operator-sdk v1.8.0 or higher
	# grpcurl, podman or docker, skopeo

	import os
	import json
	import sqlite3
	import subprocess

	CONTAINER_TOOL = "docker"