feat: initial commit

Author: johanneswuerbach

.gitattributes

@@ -0,0 +1,2 @@
+# Auto detect text files and perform LF normalization
+* text=auto

.github/workflows/ci.yaml

@@ -0,0 +1,41 @@
+name: ci
+on:
+  push:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup Humanitec CLI
+        uses: humanitec/setup-cli-action@v1
+        with:
+          version: "0.21.1"
+      - name: Setup tflit
+        uses: terraform-linters/setup-tflint@v4
+        with:
+          tflint_version: v0.49.0
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - run: make lint
+      - env:
+          HUMANITEC_TOKEN: ${{ secrets.HUMANITEC_TOKEN }}
+          HUMANITEC_ORG: ${{ secrets.HUMANITEC_ORG }}
+        run: |
+          # Simulate a humctl login
+          yq e -n '.token = "'"${HUMANITEC_ORG}"'"' > ~/.humctl
+          make test
+
+  # publish on main
+  publish:
+    runs-on: ubuntu-latest
+    needs: test
+    if: github.ref == 'refs/heads/main'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - run: make publish

.gitignore

@@ -0,0 +1,3 @@
+kube/*
+setup/terraform/.terraform*
+setup/terraform/terraform.tfstate*

0_install.sh

@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+set -eo pipefail
+
+mkdir -p ./kube
+
+if [ ! -f ./kube/config.yaml ]; then
+  kind create cluster -n 5min-idp --kubeconfig ./kube/config.yaml --config ./setup/kind/cluster.yaml
+fi
+
+# used by humanitec-agent to reach the cluster
+kind export kubeconfig --internal  -n 5min-idp --kubeconfig ./kube/config-internal.yaml
+# used by docker to reach the cluster
+cp ./kube/config.yaml ./kube/config-docker.yaml
+kubeconfig_docker=$(pwd)/kube/config-docker.yaml
+yq '.clusters[0].cluster.server |= sub("127.0.0.1"; "docker.for.mac.localhost")' -i "$kubeconfig_docker"
+yq '.clusters[0].cluster.insecure-skip-tls-verify |= true' -i "$kubeconfig_docker"
+yq 'del(.clusters[0].cluster.certificate-authority-data)' -i "$kubeconfig_docker"
+
+humctl_token=$(yq .token /root/.humctl)
+
+export HUMANITEC_TOKEN=$humctl_token
+export TF_VAR_humanitec_org=$HUMANITEC_ORG
+export TF_VAR_kubeconfig=$kubeconfig_docker
+
+terraform -chdir=setup/terraform init -upgrade
+terraform -chdir=setup/terraform apply -auto-approve
+
+echo ""
+echo ">>>> Everything prepared, ready to deploy application."

1_demo.sh

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -eo pipefail
+
+if ! humctl get application 5min-idp; then
+  humctl create application 5min-idp
+fi
+
+humctl score deploy --app 5min-idp --env development -f ./score.yaml

2_cleanup.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+set -eo pipefail
+
+humctl_token=$(yq .token /root/.humctl)
+kubeconfig_docker=$(pwd)/kube/config-docker.yaml
+
+export HUMANITEC_TOKEN=$humctl_token
+export TF_VAR_humanitec_org=$HUMANITEC_ORG
+export TF_VAR_kubeconfig=$kubeconfig_docker
+
+
+if humctl get application 5min-idp; then
+  humctl delete application 5min-idp
+fi
+
+terraform -chdir=setup/terraform destroy -auto-approve
+
+kind delete cluster -n 5min-idp
+
+rm -rf ./kube

Dockerfile

@@ -0,0 +1,54 @@
+FROM alpine:3.19
+
+LABEL org.opencontainers.image.source https://github.com/johanneswuerbach/5min-idp
+
+RUN apk add --no-cache \
+  bash curl git jq bash-completion docker-cli && \
+  mkdir -p /etc/bash_completion.d
+
+# inject the target architecture (https://docs.docker.com/reference/dockerfile/#automatic-platform-args-in-the-global-scope)
+ARG TARGETARCH
+
+# install kubectl
+RUN curl -fsSL "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/$TARGETARCH/kubectl" > /tmp/kubectl && \
+  install -o root -g root -m 0755 /tmp/kubectl /usr/local/bin/kubectl && \
+  kubectl completion bash > /etc/bash_completion.d/kubectl && \
+  rm /tmp/kubectl
+
+# install helm (https://github.com/helm/helm/releases)
+RUN mkdir /tmp/helm && \
+  curl -fsSL https://get.helm.sh/helm-v3.14.4-linux-${TARGETARCH}.tar.gz > /tmp/helm/helm.tar.gz && \
+  tar -zxvf /tmp/helm/helm.tar.gz -C /tmp/helm && \
+  install -o root -g root -m 0755 /tmp/helm/linux-${TARGETARCH}/helm /usr/local/bin/helm && \
+  helm completion bash > /etc/bash_completion.d/helm && \
+  rm -rf /tmp/helm
+
+# install kind https://kind.sigs.k8s.io/docs/user/quick-start/#installing-from-release-binaries
+RUN curl -fsSL https://kind.sigs.k8s.io/dl/v0.22.0/kind-linux-${TARGETARCH} > /tmp/kind && \
+  install -o root -g root -m 0755 /tmp/kind /usr/local/bin/kind && \
+  rm /tmp/kind
+
+# install terraform (https://github.com/hashicorp/terraform/releases)
+RUN mkdir /tmp/terraform && \
+  curl -fsSL https://releases.hashicorp.com/terraform/1.8.1/terraform_1.8.1_linux_${TARGETARCH}.zip > /tmp/terraform/terraform.zip && \
+  unzip /tmp/terraform/terraform.zip -d /tmp/terraform && \
+  install -o root -g root -m 0755 /tmp/terraform/terraform /usr/local/bin/terraform && \
+  rm -rf /tmp/terraform
+
+# install yq
+RUN  curl -fsSL https://github.com/mikefarah/yq/releases/latest/download/yq_linux_${TARGETARCH} > /tmp/yq && \
+  install -o root -g root -m 0755 /tmp/yq /usr/local/bin/yq && \
+  yq shell-completion bash > /etc/bash_completion.d/yq && \
+  rm /tmp/yq
+
+# install humctl (https://github.com/humanitec/cli/releases)
+RUN mkdir /tmp/humctl && \
+  curl -fsSL https://github.com/humanitec/cli/releases/download/v0.21.0/cli_0.21.0_linux_${TARGETARCH}.tar.gz > /tmp/humctl/humctl.tar.gz && \
+  tar -zxvf /tmp/humctl/humctl.tar.gz -C /tmp/humctl && \
+  install -o root -g root -m 0755 /tmp/humctl/humctl /usr/local/bin/humctl && \
+  humctl completion bash > /etc/bash_completion.d/humctl && \
+  rm -rf /tmp/humctl
+
+WORKDIR /app
+
+ENTRYPOINT ["/bin/bash"]

Makefile

@@ -0,0 +1,35 @@
+IMG_TAG ?= latest
+IMG ?= ghcr.io/humanitec/5min-idp:$(IMG_TAG)
+PLATFORM ?= linux/amd64,linux/arm64
+
+# Build the 5min-idp image
+build:
+	docker buildx build --platform $(PLATFORM) -t $(IMG) .
+	# Ideally we could remove the next step, but docker on GHA doesn't support
+	# loading multi-platform builds yet
+	docker buildx build -t $(IMG) --load .
+
+# Check the 5min-idp image
+check-image:
+	docker run --rm -v $(PWD):/app $(IMG) ./image/check.sh
+
+# Push the 5min-idp image
+push:
+	docker buildx build --platform $(PLATFORM) -t $(IMG) --push .
+
+# Initialize tflint
+lint-init:
+	tflint --init
+
+# Lint terraform directory
+lint: lint-init
+	tflint --config ../.tflint.hcl --chdir=./setup/terraform
+
+# Test the 5min-idp
+test: build check-image
+	docker run --rm -it -h=5min-idp \
+    -e HUMANITEC_ORG \
+    -v $(PWD):/app \
+    -v $(HOME)/.humctl:/root/.humctl \
+    -v /var/run/docker.sock:/var/run/docker.sock \
+    $(IMG) ./image/test.sh

README.md

@@ -0,0 +1,38 @@
+# 5min-idp - Quick Humanitec Demo
+
+Your Humanitec Demo Environment in less than 3 minutes.
+
+Required:
+
+* [humctl](https://developer.humanitec.com/platform-orchestrator/cli/)
+* docker
+
+## Usage
+
+### Configure
+
+```bash
+humctl login
+export HUMANITEC_ORG=MY_ORG
+```
+
+### Run
+
+* Start the toolbox
+
+  ```bash
+  docker run --rm -it -h=5min-idp --pull=always \
+    -e HUMANITEC_ORG \
+    -v $(PWD):/app \
+    -v $HOME/.humctl:/root/.humctl \
+    -v /var/run/docker.sock:/var/run/docker.sock \
+    ghcr.io/humanitec/5min-idp
+  ```
+
+* Use it!
+
+  ```bash
+  ./0_install.sh # install & connect a local cluster powered by kind
+  ./1_demo.sh # deploy your 1st score workload
+  ./2_cleanup.sh # cleanup everything
+  ```

image/check.sh

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -exo pipefail
+
+kubectl version --client
+helm version
+kind version
+terraform version
+humctl version

image/test.sh

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+set -exo pipefail
+
+./0_install.sh
+./1_demo.sh
+./2_cleanup.sh

score.yaml

@@ -0,0 +1,32 @@
+# Based on https://github.com/score-spec/sample-score-app
+
+apiVersion: score.dev/v1b1
+metadata:
+  name: hello-world
+service:
+  ports:
+    www:
+      port: 8080
+      targetPort: 3000
+containers:
+  hello-world:
+    image: ghcr.io/score-spec/sample-score-app:main
+    variables:
+      PORT: "3000"
+      MESSAGE: "Hello, World!"
+      DB_DATABASE: ${resources.db.name}
+      DB_USER: ${resources.db.username}
+      DB_PASSWORD: ${resources.db.password}
+      DB_HOST: ${resources.db.host}
+      DB_PORT: ${resources.db.port}
+resources:
+  dns:
+    type: dns
+  route:
+    type: route
+    params:
+      host: ${resources.dns.host}
+      path: /
+      port: 8080
+  db:
+    type: postgres

setup/.tflint.hcl

@@ -0,0 +1,4 @@
+plugin "terraform" {
+  enabled = true
+  preset  = "recommended"
+}

setup/kind/cluster.yaml

@@ -0,0 +1,10 @@
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+name: 5min-idp
+nodes:
+- role: control-plane
+  extraPortMappings:
+  - containerPort: 30080
+    hostPort: 30080
+    listenAddress: "0.0.0.0"
+    protocol: TCP

setup/terraform/idp-base.tf

@@ -0,0 +1,60 @@
+# Configure k8s namespace naming
+
+resource "humanitec_resource_definition" "k8s_namespace" {
+  driver_type = "humanitec/echo"
+  id          = "default-namespace"
+  name        = "default-namespace"
+  type        = "k8s-namespace"
+
+  driver_inputs = {
+    values_string = jsonencode({
+      "namespace" = "$${context.app.id}-$${context.env.id}"
+    })
+  }
+}
+
+resource "humanitec_resource_definition_criteria" "k8s_namespace" {
+  resource_definition_id = humanitec_resource_definition.k8s_namespace.id
+}
+
+# Configure DNS for localhost
+
+resource "humanitec_resource_definition" "localhost_dns" {
+  id          = "localhost-dns"
+  name        = "localhost-dns"
+  type        = "dns"
+  driver_type = "humanitec/dns-wildcard"
+
+  driver_inputs = {
+    values_string = jsonencode({
+      "domain"   = "localhost"
+      "template" = "$${context.app.id}-{{ randAlphaNum 4 | lower}}"
+    })
+  }
+
+  provision = {
+    ingress = {
+      match_dependents = false
+      is_dependent     = false
+    }
+  }
+}
+
+resource "humanitec_resource_definition_criteria" "localhost_dns" {
+  resource_definition_id = humanitec_resource_definition.localhost_dns.id
+}
+
+# Provide postgres resource
+
+module "postgres_basic" {
+  # Not pinned as we don't have a release yet
+  # tflint-ignore: terraform_module_pinned_source
+  source = "github.com/humanitec-architecture/resource-packs-in-cluster//humanitec-resource-defs/postgres/basic"
+  prefix = "5min-idp-"
+}
+
+resource "humanitec_resource_definition_criteria" "postgres_basic" {
+  resource_definition_id = module.postgres_basic.id
+  class                  = "default"
+  force_delete           = true
+}