From c58faad901b3b332fe623b6f8c65a1b101bdd1f2 Mon Sep 17 00:00:00 2001 From: Radius CI Bot Date: Thu, 28 Mar 2024 21:11:54 +0000 Subject: [PATCH 1/9] Update docs for v0.32.0 --- docs/config.toml | 8 ++++---- docs/layouts/partials/hooks/body-end.html | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/config.toml b/docs/config.toml index 3d641afa6..975da9ba5 100644 --- a/docs/config.toml +++ b/docs/config.toml @@ -1,4 +1,4 @@ -baseURL = "https://edge.docs.radapp.io/" +baseURL = "https://docs.radapp.io/" languageCode = "en-us" title = "Radius Docs" theme = "docsy" @@ -67,9 +67,9 @@ tag = "tags" [params] copyright = "Radius" -version = "edge" +version = "v0.32" tag_version = "latest" -chart_version = "0.26.0" +chart_version = "0.32.0" # Algolia Search algolia_docsearch = true @@ -77,7 +77,7 @@ algolia_docsearch = true # GitHub Information github_repo = "https://github.com/radius-project/docs" github_subdir = "docs" -github_branch = "edge" +github_branch = "v0.32" github_project_repo = "https://github.com/radius-project/radius" # Versioning diff --git a/docs/layouts/partials/hooks/body-end.html b/docs/layouts/partials/hooks/body-end.html index 3f4109e18..f640ff308 100644 --- a/docs/layouts/partials/hooks/body-end.html +++ b/docs/layouts/partials/hooks/body-end.html @@ -5,7 +5,7 @@ container: '#docsearch', appId: 'ED67NSVSZS', apiKey: '21e2920c3a9c29b98cbc382694413f29', - indexName: 'radapp-dev-edge', + indexName: 'radapp-dev', }); {{ end }} From c34b012caa18b34121d61c14e0dc51575ff0423e Mon Sep 17 00:00:00 2001 From: Aaron Crawfis Date: Thu, 28 Mar 2024 16:15:15 -0700 Subject: [PATCH 2/9] Update environment logic (#1097) Signed-off-by: Aaron Crawfis --- .github/workflows/website.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/website.yaml b/.github/workflows/website.yaml index e44841216..befc329d2 100644 --- a/.github/workflows/website.yaml +++ b/.github/workflows/website.yaml @@ -119,8 +119,8 @@ jobs: needs: ['build'] runs-on: ubuntu-latest environment: - # If a PR into edge, use 'edge'. If a PR into anywhere else, use 'latest'. If a push, use the branch name. - name: ${{ github.event_name == 'pull_request' && (github.base_ref == 'edge' && 'edge' || 'latest') || github.ref_name }} + # If a PR or push into edge, use 'edge'. If a PR or push into anywhere else, use 'latest'. + name: ${{ github.event_name == 'pull_request' && (github.base_ref == 'edge' && 'edge' || 'latest') || (github.ref_name == 'edge' && 'edge' || 'latest') }} # If a push to edge, use the edge URL. If a push to anywhere else, use the latest URL. If a PR, blank. url: ${{ github.event_name == 'pull_request' && '' || (github.ref_name == 'edge' && 'https://edge.docs.radapp.io' || 'https://docs.radapp.io') }} steps: From 78acb76ccceb9148765165f0f9e54173cdf57bab Mon Sep 17 00:00:00 2001 From: Nick Beenham <1985327+superbeeny@users.noreply.github.com> Date: Fri, 5 Apr 2024 18:26:27 -0400 Subject: [PATCH 3/9] Superbeeny/adding podspec secrets (#1100) * Adding example on how to access secrets and add them to the container environment Signed-off-by: Nick Beenham <1985327+superbeeny@users.noreply.github.com> * Adding code tabs where the commands differ between linux/windows Signed-off-by: Nick Beenham <1985327+superbeeny@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Will <28876888+willtsai@users.noreply.github.com> Signed-off-by: Nick Beenham <1985327+superbeeny@users.noreply.github.com> * Updates requested from PR review Signed-off-by: Nick Beenham <1985327+superbeeny@users.noreply.github.com> * nit: add a new line for spacing aesthetics Signed-off-by: Will <28876888+willtsai@users.noreply.github.com> --------- Signed-off-by: Nick Beenham <1985327+superbeeny@users.noreply.github.com> Signed-off-by: Will <28876888+willtsai@users.noreply.github.com> Co-authored-by: Will <28876888+willtsai@users.noreply.github.com> --- .../kubernetes/how-to-access-secrets/index.md | 149 ++++++++++++++++++ .../snippets/secrets-container.bicep | 26 +++ .../snippets/secrets-patch.bicep | 62 ++++++++ 3 files changed, 237 insertions(+) create mode 100644 docs/content/guides/author-apps/kubernetes/how-to-access-secrets/index.md create mode 100644 docs/content/guides/author-apps/kubernetes/how-to-access-secrets/snippets/secrets-container.bicep create mode 100644 docs/content/guides/author-apps/kubernetes/how-to-access-secrets/snippets/secrets-patch.bicep diff --git a/docs/content/guides/author-apps/kubernetes/how-to-access-secrets/index.md b/docs/content/guides/author-apps/kubernetes/how-to-access-secrets/index.md new file mode 100644 index 000000000..f23a86ad1 --- /dev/null +++ b/docs/content/guides/author-apps/kubernetes/how-to-access-secrets/index.md @@ -0,0 +1,149 @@ +--- +type: docs +title: "How-To: Access Kubernetes secrets using PodSpec" +linkTitle: "Secrets using PodSpec" +description: "Learn how to patch Kubernetes secrets into the container environment using PodSpec definitions" +weight: 300 +slug: 'secrets-podspec' +categories: "How-To" +tags: ["containers","Kubernetes", "secrets"] +--- + +This how-to guide will provide an overview of how to: + +- Patch existing Kubernetes secrets using [PodSpec](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodSpec) definitions and provide them to the environment of a container. + +## Prerequisites + +- [rad CLI]({{< ref getting-started >}}) +- [Radius initialized with `rad init`]({{< ref howto-environment >}}) +- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) + +## Step 1: Define a container + +Begin by creating a file named `app.bicep` with a Radius [container]({{< ref "guides/author-apps/containers" >}}): + +{{< rad file="snippets/secrets-container.bicep" embed=true >}} + +## Step 2: Deploy the app and container + +Run this command to deploy the app and container: + +```bash +rad run ./app.bicep -a demo +``` + +Once the deployment completes successfully, you should see the following confirmation message along with some system logs: + +``` +Building app.bicep... +Deploying template 'app.bicep' for application 'demo' and environment 'dev' from workspace 'dev'... + +Deployment In Progress... + +.. demo Applications.Core/containers +Completed demo Applications.Core/applications + +Deployment Complete + +Resources: + demo Applications.Core/applications + demo Applications.Core/containers + +Starting log stream... + ++ demo-7d94db59f6-ps6cf › demo +demo-7d94db59f6-ps6cf demo No APPLICATIONINSIGHTS_CONNECTION_STRING found, skipping Azure Monitor setup +demo-7d94db59f6-ps6cf demo Using in-memory store: no connection string found +demo-7d94db59f6-ps6cf demo Server is running at http://localhost:3000 +dashboard-7f7db87c5-7d2jf dashboard [port-forward] connected from localhost:7007 -> ::7007 +demo-7d94db59f6-ps6cf demo [port-forward] connected from localhost:3000 -> ::3000 +``` + +Verify the pod is running: + +```bash +kubectl get pods -n dev-demo +``` +You should see the following output in your console: +``` +NAME READY STATUS RESTARTS AGE +demo-7d94db59f6-k7dfb 1/1 Running 0 62s +``` + +## Step 3: Create a secret + +Create a secret in your Kubernetes cluster using the following command: + +```bash +kubectl create secret generic my-secret --from-literal=secret-key=secret-value -n dev-demo +``` + +Verify the secret is created: + +```bash +kubectl get secrets -n dev-demo +``` + +## Step 4: Patch the secret + +Patch the secret into the container by adding the following `runtimes` block to the `container` resource in your `app.bicep` file: + +{{< rad file="snippets/secrets-patch.bicep" embed=true markdownConfig="{linenos=table,hl_lines=[\"25-60\"]}" >}} + +## Step 5: Redeploy the app and container + +Redeploy and run your app: + +```bash +rad app deploy demo +``` + +Once the deployment completes successfully, you should see the environment variable in the container. + +To validate this, first get the pod name: + +```bash +kubectl get pods -n dev-demo +``` + +You should see the following output in your console, with the pod name: +``` +NAME READY STATUS RESTARTS AGE +demo-d64cc4d6d-xjnjz 1/1 Running 0 62s +``` + +Then, exec into the pod and check the environment variable (substitute the pod name with the one you got from the previous command): + +{{< tabs "macOS/Linux/WSL" "Windows" >}} + +{{% codetab %}} + +```bash +kubectl -n dev-demo exec demo-d64cc4d6d-xjnjz -- env | grep MY_SECRET +``` + +{{% /codetab %}} + +{{% codetab %}} + +```powershell +kubectl -n dev-demo exec demo-d64cc4d6d-xjnjz -- env | findstr MY_SECRET +``` + +{{% /codetab %}} + +{{< /tabs >}} + +## Cleanup + +Run the following command to [delete]({{< ref "guides/deploy-apps/howto-delete" >}}) your app and container: + +```bash +rad app delete demo +``` + +## Further reading + +- [Kubernetes in Radius containers]({{< ref "guides/author-apps/containers/overview#kubernetes" >}}) +- [PodSpec in Radius containers]({{< ref "reference/resource-schema/core-schema/container-schema#runtimes" >}}) \ No newline at end of file diff --git a/docs/content/guides/author-apps/kubernetes/how-to-access-secrets/snippets/secrets-container.bicep b/docs/content/guides/author-apps/kubernetes/how-to-access-secrets/snippets/secrets-container.bicep new file mode 100644 index 000000000..cf50f3d4b --- /dev/null +++ b/docs/content/guides/author-apps/kubernetes/how-to-access-secrets/snippets/secrets-container.bicep @@ -0,0 +1,26 @@ +import radius as radius + +@description('Specifies the environment for resources.') +param environment string + +resource app 'Applications.Core/applications@2023-10-01-preview' = { + name: 'demo' + properties: { + environment: environment + } +} + +resource demo 'Applications.Core/containers@2023-10-01-preview' = { + name: 'demo' + properties: { + application: app.id + container: { + image: 'ghcr.io/radius-project/samples/demo:latest' + ports: { + web: { + containerPort: 3000 + } + } + } + } +} diff --git a/docs/content/guides/author-apps/kubernetes/how-to-access-secrets/snippets/secrets-patch.bicep b/docs/content/guides/author-apps/kubernetes/how-to-access-secrets/snippets/secrets-patch.bicep new file mode 100644 index 000000000..f832dcfca --- /dev/null +++ b/docs/content/guides/author-apps/kubernetes/how-to-access-secrets/snippets/secrets-patch.bicep @@ -0,0 +1,62 @@ +import radius as radius + +@description('Specifies the environment for resources.') +param environment string + +resource app 'Applications.Core/applications@2023-10-01-preview' = { + name: 'demo' + properties: { + environment: environment + } +} + +resource demo 'Applications.Core/containers@2023-10-01-preview' = { + name: 'demo' + properties: { + application: app.id + container: { + image: 'ghcr.io/radius-project/samples/demo:latest' + ports: { + web: { + containerPort: 3000 + } + } + } + runtimes: { + kubernetes: { + pod: { + volumes: [ { + name: 'secrets-vol' + secret: { + secretName: 'my-secret' + } + } + ] + containers: [ + { + name: 'demo' + volumeMounts: [ { + name: 'secrets-vol' + readOnly: true + mountPath: '/etc/secrets-vol' + } + ] + env: [ + { + name: 'MY_SECRET' + valueFrom: { + secretKeyRef: { + name: 'my-secret' + key: 'secret-key' + } + } + } + ] + } + ] + hostNetwork: true + } + } + } + } +} From ec9f228bd3a07c95bbdcde913bef38d589d65a43 Mon Sep 17 00:00:00 2001 From: Reshma Abdul Rahim <61033581+Reshrahim@users.noreply.github.com> Date: Tue, 9 Apr 2024 13:03:17 -0400 Subject: [PATCH 4/9] Make env configurable (#1102) Signed-off-by: Reshma Abdul Rahim Co-authored-by: Will <28876888+willtsai@users.noreply.github.com> --- docs/content/tutorials/helm/index.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/docs/content/tutorials/helm/index.md b/docs/content/tutorials/helm/index.md index cf6bf170d..69dae21ec 100644 --- a/docs/content/tutorials/helm/index.md +++ b/docs/content/tutorials/helm/index.md @@ -192,11 +192,12 @@ From here you will go through a series of steps to incrementally add more Radius # Add the following two lines annotations: radapp.io/enabled: 'true' + radapp.io/environment: '{{ .Values.environment }}' spec: ... ``` - Adding the `radapp.io/enabled: 'true'` annotation enables Radius for the deployment. + Adding the `radapp.io/enabled: 'true'` annotation enables Radius for the deployment. The `radapp.io/environment` annotation is optional and is used to set the environment for the application. If not specified, Radius will use the default environment. 1. Save the file after you have made the edits and deploy the application again using Helm. Since the namespace and secret have already been created, we only need to run the `helm` command. @@ -246,6 +247,7 @@ From here you will go through a series of steps to incrementally add more Radius ```bash rad app graph -a demo -g default-demo ``` + where `-a demo` specifies the application name and `-g default-demo` specifies the resource group name. [Resource groups]({{< ref "guides/operations/groups/overview" >}}) are a way to organize resources in Radius. The output should look like this: @@ -311,6 +313,7 @@ In this step you will: name: db namespace: {{ .Release.Namespace }} spec: + environment: '{{ .Values.environment }}' type: Applications.Datastores/redisCaches secretName: redis-secret ``` @@ -462,6 +465,7 @@ Make sure the `app.yaml` file from `./demo/Chart/templates/app.yaml` is open in namespace: {{ .Release.Namespace }} annotations: radapp.io/enabled: 'true' + radapp.io/environment: '{{ .Values.environment }}' radapp.io/connection-redis: 'db' spec: ... @@ -488,6 +492,7 @@ Make sure the `app.yaml` file from `./demo/Chart/templates/app.yaml` is open in namespace: {{ .Release.Namespace }} annotations: radapp.io/enabled: 'true' + radapp.io/environment: '{{ .Values.environment }}' radapp.io/connection-redis: 'db' spec: selector: @@ -510,6 +515,7 @@ Make sure the `app.yaml` file from `./demo/Chart/templates/app.yaml` is open in name: db namespace: {{ .Release.Namespace }} spec: + environment: '{{ .Values.environment }}' type: Applications.Datastores/redisCaches ``` From 0bbfbd67d18b68c0e3373c84411fca41d53539fd Mon Sep 17 00:00:00 2001 From: Loek Duys Date: Fri, 19 Apr 2024 15:58:17 +0200 Subject: [PATCH 5/9] fix(bug): Update index.md (#1113) * fix(bug): Update index.md Fixed a bug in the cleanup script. The command `rad app delete demo -y` results in this output: `Application 'demo' does not exist or has already been deleted.` The command should be: `rad app delete -y` The output will be: `Application first-app deleted` Signed-off-by: Loek Duys * Update docs/content/getting-started/index.md Signed-off-by: Reshma Abdul Rahim <61033581+Reshrahim@users.noreply.github.com> --------- Signed-off-by: Loek Duys Signed-off-by: Reshma Abdul Rahim <61033581+Reshrahim@users.noreply.github.com> Co-authored-by: Reshma Abdul Rahim <61033581+Reshrahim@users.noreply.github.com> --- docs/content/getting-started/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/getting-started/index.md b/docs/content/getting-started/index.md index 818b1c6d0..eacfdae70 100644 --- a/docs/content/getting-started/index.md +++ b/docs/content/getting-started/index.md @@ -190,7 +190,7 @@ Resources: To delete your app, run the [rad app delete]({{< ref rad_application_delete >}}) command to cleanup the app and its resources, including the Recipe resources: ```bash -rad app delete demo -y +rad app delete first-app -y ``` ## Next steps From cbed8f11520027e3e5f1637515ea9903b56da87b Mon Sep 17 00:00:00 2001 From: Dan Moseley Date: Fri, 19 Apr 2024 07:32:23 -0700 Subject: [PATCH 6/9] Fix broken link in faq (#1112) * fix broken link in index.md Signed-off-by: Dan Moseley * Update index.md Signed-off-by: Dan Moseley * Update docs/content/concepts/faq/index.md Signed-off-by: Reshma Abdul Rahim <61033581+Reshrahim@users.noreply.github.com> --------- Signed-off-by: Dan Moseley Signed-off-by: Reshma Abdul Rahim <61033581+Reshrahim@users.noreply.github.com> Co-authored-by: Reshma Abdul Rahim <61033581+Reshrahim@users.noreply.github.com> --- docs/content/concepts/faq/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/concepts/faq/index.md b/docs/content/concepts/faq/index.md index 31e064f32..20d83a04a 100644 --- a/docs/content/concepts/faq/index.md +++ b/docs/content/concepts/faq/index.md @@ -14,7 +14,7 @@ Currently yes. Although Radius is architected to run on any platform, today Kube ### Can I incrementally adopt, or "try out" Radius? -Yes. The easiest way to add Radius to an existing application is through [Radius annotations](#TODO). Simply add the annotations to your existing Helm chart or Kubernetes YAML and you can use the Radius app graph, connections, and Recipes. [Try the tutorial](#TODO) to learn more. +Yes. The easiest way to add Radius to an existing application is through [Radius annotations]({{< ref "/tutorials/tutorial-add-radius#step-3-add-radius-to-the-guestbook-application" >}}). Simply add the annotations to your existing Helm chart or Kubernetes YAML and you can use the Radius app graph, connections, and Recipes. [Try the tutorial]({{< ref "/tutorials/tutorial-add-radius" >}}) to learn more. ### Do I have to self-host Radius? Is there a managed service for Radius? From 909467081ca158968a37ef42bade3f1cce536222 Mon Sep 17 00:00:00 2001 From: Will Tsai <28876888+willtsai@users.noreply.github.com> Date: Wed, 24 Apr 2024 12:04:46 -0700 Subject: [PATCH 7/9] update gh to ado sync workflow to use service principals Signed-off-by: Will Tsai <28876888+willtsai@users.noreply.github.com> --- .github/workflows/issues.yml | 46 ++++++++++++++++++++++++++---------- 1 file changed, 34 insertions(+), 12 deletions(-) diff --git a/.github/workflows/issues.yml b/.github/workflows/issues.yml index fed222313..e4a5b680b 100644 --- a/.github/workflows/issues.yml +++ b/.github/workflows/issues.yml @@ -1,27 +1,49 @@ -name: Issues Automation +name: Sync issue to Azure DevOps work item on: issues: - types: [opened, edited, deleted, closed, reopened, labeled, unlabeled, assigned] + types: + [opened, edited, deleted, closed, reopened, labeled, unlabeled, assigned] concurrency: group: issue-${{ github.event.issue.number }} cancel-in-progress: false +# Extra permissions needed to login with Entra ID service principal via federated identity +permissions: + id-token: write + issues: write + jobs: ado: - name: Sync issue to Azure DevOps runs-on: ubuntu-latest + environment: + name: issues steps: - - uses: danhellem/github-actions-issue-to-work-item@v2.1 + # Auth using Azure Service Principals was added as a part of v2.3 + # reference: https://github.com/danhellem/github-actions-issue-to-work-item/pull/143 + - name: Login to Azure + uses: azure/login@v2 + with: + client-id: ${{ vars.AZURE_SP_DEVOPS_SYNC_CLIENT_ID }} + tenant-id: ${{ vars.AZURE_SP_DEVOPS_SYNC_TENANT_ID }} + allow-no-subscriptions: true + - name: Get Azure DevOps token + id: get_ado_token + run: + # The resource ID for Azure DevOps is always 499b84ac-1321-427f-aa17-267ca6975798 + # https://learn.microsoft.com/azure/devops/integrate/get-started/authentication/service-principal-managed-identity + echo "ADO_TOKEN=$(az account get-access-token --resource 499b84ac-1321-427f-aa17-267ca6975798 --query "accessToken" --output tsv)" >> $GITHUB_ENV + - name: Sync issue to Azure DevOps + uses: danhellem/github-actions-issue-to-work-item@v2.3 env: - ado_token: "${{ secrets.ADO_AOCTO_BOT_TOKEN }}" - github_token: "${{ secrets.GH_RAD_CI_BOT_PAT }}" - ado_organization: "azure-octo" - ado_project: "Incubations" + ado_token: ${{ env.ADO_TOKEN }} + github_token: '${{ secrets.GH_RAD_CI_BOT_PAT }}' + ado_organization: 'azure-octo' + ado_project: 'Incubations' ado_area_path: "Incubations\\Radius" ado_iteration_path: "Incubations\\Radius" - ado_new_state: "New" - ado_active_state: "Active" - ado_close_state: "Closed" - ado_wit: "GitHub Issue" + ado_new_state: 'New' + ado_active_state: 'Active' + ado_close_state: 'Closed' + ado_wit: 'GitHub Issue' From d4f712d04184f219763ded0095a0f0ec6356b75f Mon Sep 17 00:00:00 2001 From: Will <28876888+willtsai@users.noreply.github.com> Date: Wed, 24 Apr 2024 12:23:36 -0700 Subject: [PATCH 8/9] add Connections crosslinks to Existing app tutorial (#1103) * add Connections crosslinks to Existing app tutorial Signed-off-by: Will Tsai <28876888+willtsai@users.noreply.github.com> * add more crosslinks Signed-off-by: Will Tsai <28876888+willtsai@users.noreply.github.com> --------- Signed-off-by: Will Tsai <28876888+willtsai@users.noreply.github.com> --- docs/content/tutorials/tutorial-add-radius/index.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/content/tutorials/tutorial-add-radius/index.md b/docs/content/tutorials/tutorial-add-radius/index.md index 6f5a3bd12..7c8a09f0c 100644 --- a/docs/content/tutorials/tutorial-add-radius/index.md +++ b/docs/content/tutorials/tutorial-add-radius/index.md @@ -321,4 +321,5 @@ This output shows that Radius has detected the three container resources in the - To learn more about authoring Radius applications, visit the [Authoring applications guide]({{< ref "guides/author-apps" >}}) - To learn more about deploying applications using Radius, visit the [Deploying applications guide]({{< ref "guides/deploy-apps" >}}) +- To learn more about using the [Radius Connections]({{< ref "guides/author-apps/containers/overview#connections" >}}) annotations to connect your containers and resources, visit the [Radius Helm tutorial]({{< ref "tutorials/helm#step-6-add-connection" >}}) - To learn more about Radius Recipes, visit the [Recipes guide]({{< ref "guides/recipes" >}}) From 62cb9f7e28366bbc64643c9fe572d43517cda756 Mon Sep 17 00:00:00 2001 From: Will <28876888+willtsai@users.noreply.github.com> Date: Thu, 25 Apr 2024 14:38:02 -0700 Subject: [PATCH 9/9] Update config.toml Signed-off-by: Will <28876888+willtsai@users.noreply.github.com> --- docs/config.toml | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/config.toml b/docs/config.toml index 3baf75fa9..160396e0e 100644 --- a/docs/config.toml +++ b/docs/config.toml @@ -67,7 +67,6 @@ tag = "tags" [params] copyright = "Radius" - version = "v0.33" tag_version = "latest" chart_version = "0.33.0"