Integrate Backstage with Rancher Manager by nwmacd

Description

Backstage (backstage.io) is an open-source, CNCF project that allows you to create your own developer portal. There are many plugins for Backstage.

This could be a great compliment to Rancher Manager.

Goals

Learn and experiment with Backstage and look at how this could be integrated with Rancher Manager. Goal is to have some kind of integration completed in this Hack week.

Progress

Screen shot of home page at the end of Hackweek:

Day One

• Got Backstage running locally, understanding configuration with HTTPs.
• Got Backstage embedded in an IFRAME inside of Rancher
• Added content into the software catalog (see: https://backstage.io/docs/features/techdocs/getting-started/)
• Understood more about the entity model

Day Two

• Connected Backstage to the Rancher local cluster and configured the Kubernetes plugin.
• Created Rancher theme to make the light theme more consistent with Rancher

Days Three and Day Four

• Created two backend plugins for Backstage:

  1. Catalog Entity Provider - this imports users from Rancher into Backstage
  2. Auth Provider - uses the proxied sign-in pattern to check the Rancher session cookie, to user that to authenticate the user with Rancher and then log them into Backstage by connecting this to the imported User entity from the catalog entity provider plugin.

• With this in place, you can single-sign-on between Rancher and Backstage when it is deployed within Rancher. Note this is only when running locally for development at present

Day Five

• Start to build out a production deployment for all of the above
• Made some progress, but hit issues with the authentication and proxying when running proxied within Rancher, which needs further investigation

---

kubectl clone: Seamlessly Clone Kubernetes Resources Across Multiple Rancher Clusters and Projects by dpunia

Description

kubectl clone is a kubectl plugin that empowers users to clone Kubernetes resources across multiple clusters and projects managed by Rancher. It simplifies the process of duplicating resources from one cluster to another or within different namespaces and projects, with optional on-the-fly modifications. This tool enhances multi-cluster resource management, making it invaluable for environments where Rancher orchestrates numerous Kubernetes clusters.

Goals

1. Seamless Multi-Cluster Cloning
   • Clone Kubernetes resources across clusters/projects with one command.
   • Simplifies management, reduces operational effort.

Resources

1. Rancher & Kubernetes Docs

   • Rancher API, Cluster Management, Kubernetes client libraries.

2. Development Tools

   • Kubectl plugin docs, Go programming resources.

Building and Installing the Plugin

1. Set Environment Variables: Export the Rancher URL and API token:

• export RANCHER_URL="https://rancher.example.com"
• export RANCHER_TOKEN="token-xxxxx:xxxxxxxxxxxxxxxxxxxx"

1. Build the Plugin: Compile the Go program:

• go build -o kubectl-clone ./pkg/

1. Install the Plugin: Move the executable to a directory in your PATH:

• mv kubectl-clone /usr/local/bin/

Ensure the file is executable:

• chmod +x /usr/local/bin/kubectl-clone

1. Verify the Plugin Installation: Test the plugin by running:

• kubectl clone --help

You should see the usage information for the kubectl-clone plugin.

Usage Examples

1. Clone a Deployment from One Cluster to Another:

• kubectl clone --source-cluster c-abc123 --type deployment --name nginx-deployment --target-cluster c-def456 --new-name nginx-deployment-clone

1. Clone a Service into Another Namespace and Modify Labels:

---

Setup Kanidm as OIDC provider on Kubernetes by jkuzilek

Description

I am planning to upgrade my homelab Kubernetes cluster to the next level and need an OIDC provider for my services, including K8s itself.

Goals

• Successfully configure and deploy Kanidm on homelab cluster
• Integrate with K8s auth
• Integrate with other services (Envoy Gateway, Container Registry, future deployment of Forgejo?)

Resources

• https://kanidm.github.io/kanidm/stable/

---

Multi-pod, autoscalable Elixir application in Kubernetes using K8s resources by socon

Description

Elixir / Erlang use their own solutions to create clusters that work together. Kubernetes provide its own orchestration. Due to the nature of the BEAM, it looks a very promising technology for applications that run in Kubernetes and requite to be always on, specifically if they are created as web pages using Phoenix.

Goals

• Investigate and provide solutions that work in Phoenix LiveView using Kubernetes resources, so a multi-pod application can be used
• Provide an end to end example that creates and deploy a container from source code.

Resources

https://github.com/dwyl/phoenix-liveview-counter-tutorial https://github.com/propedeutica/elixir-k8s-counter

---

Learn enough Golang and hack on CoreDNS by jkuzilek

Description

I'm implementing a split-horizon DNS for my home Kubernetes cluster to be able to access my internal (and external) services over the local network through public domains. I managed to make a PoC with the k8s_gateway plugin for CoreDNS. However, I soon found out it responds with IPs for all Gateways assigned to HTTPRoutes, publishing public IPs as well as the internal Loadbalancer ones.

To remedy this issue, a simple filtering mechanism has to be implemented.

Goals

• Learn an acceptable amount of Golang
• Implement GatewayClass (and IngressClass) filtering for k8s_gateway
• Deploy on homelab cluster
• Profit?

Resources

• https://github.com/ori-edge/k8s_gateway/issues/36
• https://github.com/coredns/coredns/issues/2465#issuecomment-593910983

EDIT: Feature mostly complete. An unfinished PR lies here. Successfully tested working on homelab cluster.

---

New KDE Plasma notification app/applet by apappas

Description

My memory is terrible so I depend a lot on notifications to carry me through the workday. As a plasma user I am ok with the current applet, but I don't love it. It is too small for the centrality it has in my day. Also I dislike how you can not go back to notifications you have dismissed

Goals

Develop a plasma app that * must gather notifications without disrupting the existing notification app * must offer the ablity to refer to dismissed/archived/seen notification up to some defined point in the past * must allow deletion of notifications

---

Build Edge Image Builder ISO with SUSE Manager by mweiss2

Description

With SUSE Manager, we can build OS Images using KIWI and container images. As we have Edge Image Builder, we want to see if it is possible to use SUSE Manager to build/customize OS Images by integrating Edge Image Builder as well.

Goals

To make the process easier for customers, a single-build pipeline that automatically adds the combustion and artifact files from the EIB process is desirable.

• Kiwi and EIB need to come from a Git Repository.
• Kiwi and EIB need to be running as containers.
• Configuration options for the images used for Kiwi and EIB build.
• X86 and ARM64 Support.
• SUSE Manager 4.3 and 5.X Support.
• SLES 15 SP6 / SL Micro 6.0 and SL Micro 6.1 Support.

Outcome

• Change the Kiwi build process to use Podman with the Kiwi image registry.suse.com/bci/kiwi:10.1.10
• Change the Edge Image Builder to produce a combustion-only ISO
• Extract the contents and write them to a dedicated /OEM partition integrated via Kiwi into the ISO Kiwi creates.

Sources and PRs

• https://github.com/Martin-Weiss/kiwi-image-micro-gpu-60
• https://github.com/suse-edge/edge-image-builder/pull/618
• https://github.com/uyuni-project/uyuni/pull/9507

---

Testing and adding GNU/Linux distributions on Uyuni by juliogonzalezgil

Join the Gitter channel! https://gitter.im/uyuni-project/hackweek

Uyuni is a configuration and infrastructure management tool that saves you time and headaches when you have to manage and update tens, hundreds or even thousands of machines. It also manages configuration, can run audits, build image containers, monitor and much more!

Currently there are a few distributions that are completely untested on Uyuni or SUSE Manager (AFAIK) or just not tested since a long time, and could be interesting knowing how hard would be working with them and, if possible, fix whatever is broken.

For newcomers, the easiest distributions are those based on DEB or RPM packages. Distributions with other package formats are doable, but will require adapting the Python and Java code to be able to sync and analyze such packages (and if salt does not support those packages, it will need changes as well). So if you want a distribution with other packages, make sure you are comfortable handling such changes.

No developer experience? No worries! We had non-developers contributors in the past, and we are ready to help as long as you are willing to learn. If you don't want to code at all, you can also help us preparing the documentation after someone else has the initial code ready, or you could also help with testing :-)

The idea is testing Salt and Salt-ssh clients, but NOT traditional clients, which are deprecated.

To consider that a distribution has basic support, we should cover at least (points 3-6 are to be tested for both salt minions and salt ssh minions):

1. Reposync (this will require using spacewalk-common-channels and adding channels to the .ini file)
2. Onboarding (salt minion from UI, salt minion from bootstrap scritp, and salt-ssh minion) (this will probably require adding OS to the bootstrap repository creator)
3. Package management (install, remove, update...)
4. Patching
5. Applying any basic salt state (including a formula)
6. Salt remote commands
7. Bonus point: Java part for product identification, and monitoring enablement
8. Bonus point: sumaform enablement (https://github.com/uyuni-project/sumaform)
9. Bonus point: Documentation (https://github.com/uyuni-project/uyuni-docs)
10. Bonus point: testsuite enablement (https://github.com/uyuni-project/uyuni/tree/master/testsuite)

If something is breaking: we can try to fix it, but the main idea is research how supported it is right now. Beyond that it's up to each project member how much to hack :-)

• If you don't have knowledge about some of the steps: ask the team
• If you still don't know what to do: switch to another distribution and keep testing.

This card is for EVERYONE, not just developers. Seriously! We had people from other teams helping that were not developers, and added support for Debian and new SUSE Linux Enterprise and openSUSE Leap versions :-)

Pending

FUSS

FUSS is a complete GNU/Linux solution (server, client and desktop/standalone) based on Debian for managing an educational network.

https://fuss.bz.it/

Seems to be a Debian 12 derivative, so adding it could be quite easy.

• [W] Reposync (this will require using spacewalk-common-channels and adding channels to the .ini file)
• [W] Onboarding (salt minion from UI, salt minion from bootstrap script, and salt-ssh minion) (this will probably require adding OS to the bootstrap repository creator) --> Working for all 3 options (salt minion UI, salt minion bootstrap script and salt-ssh minion from the UI).
• [W] Package management (install, remove, update...) --> Installing a new package works, needs to test the rest.
• [I] Patching (if patch information is available, could require writing some code to parse it, but IIRC we have support for Ubuntu already). No patches detected. Do we support patches for Debian at all?
• [W] Applying any basic salt state (including a formula)
• [W] Salt remote commands
• [ ] Bonus point: Java part for product identification, and monitoring enablement

---

Saline (state deployment control and monitoring tool for SUSE Manager/Uyuni) by vizhestkov

Project Description

Saline is an addition for salt used in SUSE Manager/Uyuni aimed to provide better control and visibility for states deploymend in the large scale environments.

In current state the published version can be used only as a Prometheus exporter and missing some of the key features implemented in PoC (not published). Now it can provide metrics related to salt events and state apply process on the minions. But there is no control on this process implemented yet.

Continue with implementation of the missing features and improve the existing implementation:

• authentication (need to decide how it should be/or not related to salt auth)

• web service providing the control of states deployment

Goal for this Hackweek

• Implement missing key features

• Implement the tool for state deployment control with CLI

Resources

https://github.com/openSUSE/saline

---

Improve Development Environment on Uyuni by mbussolotto

Description

Currently create a dev environment on Uyuni might be complicated. The steps are:

• add the correct repo
• download packages
• configure your IDE (checkstyle, format rules, sonarlint....)
• setup debug environment
• ...

The current doc can be improved: some information are hard to be find out, some others are completely missing.

Dev Container might solve this situation.

Goals

Uyuni development in no time:

• using VSCode:
  • setting.json should contains all settings (for all languages in Uyuni, with all checkstyle rules etc...)
  • dev container should contains all dependencies
  • setup debug environment
• implement a GitHub Workspace solution
• re-write documentation

Lots of pieces are already implemented: we need to connect them in a consistent solution.

Resources

• https://github.com/uyuni-project/uyuni/wiki

---

Create SUSE Manager users from ldap/ad groups by mbrookhuis

Description

This tool is used to create users in SUSE Manager Server based on LDAP/AD groups. For each LDAP/AD group a role within SUSE Manager Server is defined. Also, the tool will check if existing users still have the role they should have, and, if not, it will be corrected. The same for if a user is disabled, it will be enabled again. If a users is not present in the LDAP/AD groups anymore, it will be disabled or deleted, depending on the configuration.

The code is written for Python 3.6 (the default with SLES15.x), but will also work with newer versions. And works against SUSE Manger 4.3 and 5.x

Goals

Create a python and/or golang utility that will manage users in SUSE Manager based on LDAP/AD group-membership. In a configuration file is defined which roles the members of a group will get.

Table of contents

• Installation
• Usage

Installation

To install this project, perform the following steps:

• Be sure that python 3.6 is installed and also the module python3-PyYAML. Also the ldap3 module is needed:

bash zypper in python3 python3-PyYAML pip install yaml

• On the server or PC, where it should run, create a directory. On linux, e.g. /opt/sm-ldap-users

• Copy all the file to this directory.

• Edit the configsm.yaml. All parameters should be entered. Tip: for the ldap information, the best would be to use the same as for SSSD.

• Be sure that the file sm-ldap-users.py is executable. It would be good to change the owner to root:root and only root can read and execute:

bash chmod 600 * chmod 700 sm-ldap-users.py chown root:root *

Usage

This is very simple. Once the configsm.yaml contains the correct information, executing the following will do the magic:

bash /sm-ldap-users.py

repository link

https://github.com/mbrookhuis/sm-ldap-users

---