From dce443d71cd9546bc6b58559bc3562fee0b1c266 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 30 Jan 2019 17:47:09 -0800 Subject: [PATCH 001/331] Fix typo --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index fca82ba..93d8eef 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,4 +1,4 @@ jobs: include: - stage: build - script: ./container/build ipmitool + script: ./containers/build ipmitool From 42802e66e5568008d183b66d7d49fc2192655af0 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 30 Jan 2019 17:51:01 -0800 Subject: [PATCH 002/331] Work in the right directory --- containers/build | 2 ++ 1 file changed, 2 insertions(+) diff --git a/containers/build b/containers/build index adf4f21..37472b0 100755 --- a/containers/build +++ b/containers/build @@ -1,3 +1,5 @@ #!/bin/bash CONTAINER="$1" +pushd $(dirname "$0") docker build -t pnnl-miscscripts/$CONTAINER:latest $CONTAINER +popd From 045e64cb3dd2f34b211a94088d61610e80e7814b Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 31 Jan 2019 07:23:54 -0800 Subject: [PATCH 003/331] Use hubbuildtools --- containers/build | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/containers/build b/containers/build index 37472b0..aeccbf7 100755 --- a/containers/build +++ b/containers/build @@ -1,5 +1,16 @@ #!/bin/bash CONTAINER="$1" -pushd $(dirname "$0") -docker build -t pnnl-miscscripts/$CONTAINER:latest $CONTAINER +pushd $(dirname "$0")/"$CONTAINER" + +[ ! -d hubbuildtools ] && git clone https://github.com/kfox1111/hubbuildtools + +export AUTO_PREFIX=apk-version +export AUTO_PREFIX_PACKAGE=ipmitool +export NEW_BUILD=x +export IMAGE_NAME=pnnlmiscscripts/ipmitool:latest +export DOCKER_TAG=latest +export DOCKER_REPO=pnnlmiscscripts/ipmitool + +bash -x hubbuildtools/hubhookhelpers/build + popd From a7aba38a2077badf5cb1d331730cba71d780922e Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 31 Jan 2019 07:29:26 -0800 Subject: [PATCH 004/331] Trun off debugging. show loaded images --- containers/build | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/containers/build b/containers/build index aeccbf7..59ac25b 100755 --- a/containers/build +++ b/containers/build @@ -11,6 +11,8 @@ export IMAGE_NAME=pnnlmiscscripts/ipmitool:latest export DOCKER_TAG=latest export DOCKER_REPO=pnnlmiscscripts/ipmitool -bash -x hubbuildtools/hubhookhelpers/build +hubbuildtools/hubhookhelpers/build + +docker images popd From 0f9db548904fefd30e09cf54204a47a821c4b3cf Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 31 Jan 2019 07:34:15 -0800 Subject: [PATCH 005/331] Fetch the revision --- containers/build | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/containers/build b/containers/build index 59ac25b..c75d11d 100755 --- a/containers/build +++ b/containers/build @@ -13,6 +13,11 @@ export DOCKER_REPO=pnnlmiscscripts/ipmitool hubbuildtools/hubhookhelpers/build + +REVISION=$(hubbuildtools/fetchlocalrevision.sh "$IMAGE_NAME") + +docker tag "$IMAGE_NAME" "$DOCKER_REPO:$REVISION" + docker images popd From dd95e8b70139c515626857bb82bb9d3beff74ed0 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 31 Jan 2019 08:55:03 -0800 Subject: [PATCH 006/331] Push to the hub if built. --- .travis.yml | 8 ++++++-- containers/build | 13 +++++++++++++ 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 93d8eef..c0cb4ba 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,4 +1,8 @@ jobs: include: - - stage: build - script: ./containers/build ipmitool + - stage: build + script: ./containers/build ipmitool +env: + matrix: + - secure: U5KTbwJ4mk5R6LQmCIeXUYJahoPsnn9IjU+zYL8Wo60bYUL0KWItmfrfbWQL09g365B61qgmx2OeJOgZ27oS4rKi+BFw3OqVvbBypZm7UCwml4uKRVA5BTMNnCYDL5o5N4Q+uFbBvdiw1TM+NjgHd2E4F32FeJWRp5teGlXK0fzzPQS7Vpv4ZvGlAyKGlozg0nzhq2XygtNyDsMFY0760WBjpeXkijvjcwD+/W+bGvISTRD4VTV8/+bRIGcWoat3CmYEumsqoT2Vj3/onWh/NWDWUeyJ9FHgLdRypcWf9XDKjFxa2bV5yqguxU7HOaGS4qWDsKF1DDRGne3HCRvzPrwS71j5tT3t+9B6XwXC9RVjjVcv3IFWUZwn1Sr1lwxiyteRDbE8j+1S7AXwsfHQc4mViM/sux/56ydJ6llm1ktnfyM+F0khdJpLU4RJTcLia9FaI+XZ61CIC1G+KhWrCpe0u+NWIVwSJL7wJHkzeYY7a671JSk9cGBl6NeJBdYv7DCuhxn5nqOv54eyqNlXM6u9WaIPweAg7sJy0wU/D2eND+3TtZ9o3qosWNNZ5lwPSKu6JCmzdIBliXwnf5PYl9jXr1QefJdDCAoXSq6MLErMznLTWAnmGQqEYc2UKKbOYned2GtFLGbOgSuoXl04EAlXo9wutIfIiTptutqxa10= + - secure: vpOauVLGBtEKoMV8k/1FKYI5xAiZYXx9WkYX9QnmPtuEHuOXiED8/vuyKj45tnTPWIjymNXlsU719x0zx6RTHXCDULTU4J8jU8iXUJibj3/mDRdIo5LI3HGIKN9KdBCfMonlSl5IHJKgNwUGjyDnagimdbCkNYbykEwjxG1CHVyWDzeSfEXNVGqmXZXtw5vYRfHyYt93LD4kgcF6+zEKV2XSkgfwkp8fIdiSDE52o+9O4jlFfpfmK0QRppUzYLIpo+YwhieoASfRLwyXtjjA7YnlbOsgGk42WqmIYZEAsEBONlAZ5xwVGJ+LY9qBfb3NDj4WBT0bSC2c6oxgOdQr69RUmd//z1hZfbO2HGl6HY6//14xll8OXexbw9SQB/N3oTaSP0g+F8ts0L8CsQ2m930KYV8XKxkiVBGoLkRjGGgzJnPcwjWD1hkm3lKDRc9p1viVVusDqMSLhi7d8IlmZ0P1p6XLEbkjqFp/LdLfGIFqpa5XR9BB/Q0cfxh1wiAP8syUbKAF6B/UzIJuHRtMTEPoLOK8X1Go4dRngtbnZ3RCf3S3GEYRNAE4N80O4YZBa0dRmvxaIThGh2xL0teBnPTQrdQte1ZZGxCJ9pbE8qZfNJm3+CWFb57gg3CfIIAEAbRlcWVyrls4BZ9qjmpidhmucn9FzAQLgfXxJi7C4xk= diff --git a/containers/build b/containers/build index c75d11d..941ecc0 100755 --- a/containers/build +++ b/containers/build @@ -12,7 +12,15 @@ export DOCKER_TAG=latest export DOCKER_REPO=pnnlmiscscripts/ipmitool hubbuildtools/hubhookhelpers/build +RES=$? +if [ $RES -eq 1 ]; then + echo Nothing changed. Skipping. + exit 0 +else + echo Something went wrong. Failing. + exit $RES +fi REVISION=$(hubbuildtools/fetchlocalrevision.sh "$IMAGE_NAME") @@ -20,4 +28,9 @@ docker tag "$IMAGE_NAME" "$DOCKER_REPO:$REVISION" docker images +echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin + +docker push "$DOCKER_REPO:$REVISION" +docker push "$IMAGE_NAME" + popd From 6288b8538b794a33da47d8ba78987f93536c2453 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 31 Jan 2019 09:01:22 -0800 Subject: [PATCH 007/331] Set language. Make variables global --- .travis.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index c0cb4ba..f2559a4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,8 +1,9 @@ jobs: include: - stage: build + language: shell script: ./containers/build ipmitool env: - matrix: + global: - secure: U5KTbwJ4mk5R6LQmCIeXUYJahoPsnn9IjU+zYL8Wo60bYUL0KWItmfrfbWQL09g365B61qgmx2OeJOgZ27oS4rKi+BFw3OqVvbBypZm7UCwml4uKRVA5BTMNnCYDL5o5N4Q+uFbBvdiw1TM+NjgHd2E4F32FeJWRp5teGlXK0fzzPQS7Vpv4ZvGlAyKGlozg0nzhq2XygtNyDsMFY0760WBjpeXkijvjcwD+/W+bGvISTRD4VTV8/+bRIGcWoat3CmYEumsqoT2Vj3/onWh/NWDWUeyJ9FHgLdRypcWf9XDKjFxa2bV5yqguxU7HOaGS4qWDsKF1DDRGne3HCRvzPrwS71j5tT3t+9B6XwXC9RVjjVcv3IFWUZwn1Sr1lwxiyteRDbE8j+1S7AXwsfHQc4mViM/sux/56ydJ6llm1ktnfyM+F0khdJpLU4RJTcLia9FaI+XZ61CIC1G+KhWrCpe0u+NWIVwSJL7wJHkzeYY7a671JSk9cGBl6NeJBdYv7DCuhxn5nqOv54eyqNlXM6u9WaIPweAg7sJy0wU/D2eND+3TtZ9o3qosWNNZ5lwPSKu6JCmzdIBliXwnf5PYl9jXr1QefJdDCAoXSq6MLErMznLTWAnmGQqEYc2UKKbOYned2GtFLGbOgSuoXl04EAlXo9wutIfIiTptutqxa10= - secure: vpOauVLGBtEKoMV8k/1FKYI5xAiZYXx9WkYX9QnmPtuEHuOXiED8/vuyKj45tnTPWIjymNXlsU719x0zx6RTHXCDULTU4J8jU8iXUJibj3/mDRdIo5LI3HGIKN9KdBCfMonlSl5IHJKgNwUGjyDnagimdbCkNYbykEwjxG1CHVyWDzeSfEXNVGqmXZXtw5vYRfHyYt93LD4kgcF6+zEKV2XSkgfwkp8fIdiSDE52o+9O4jlFfpfmK0QRppUzYLIpo+YwhieoASfRLwyXtjjA7YnlbOsgGk42WqmIYZEAsEBONlAZ5xwVGJ+LY9qBfb3NDj4WBT0bSC2c6oxgOdQr69RUmd//z1hZfbO2HGl6HY6//14xll8OXexbw9SQB/N3oTaSP0g+F8ts0L8CsQ2m930KYV8XKxkiVBGoLkRjGGgzJnPcwjWD1hkm3lKDRc9p1viVVusDqMSLhi7d8IlmZ0P1p6XLEbkjqFp/LdLfGIFqpa5XR9BB/Q0cfxh1wiAP8syUbKAF6B/UzIJuHRtMTEPoLOK8X1Go4dRngtbnZ3RCf3S3GEYRNAE4N80O4YZBa0dRmvxaIThGh2xL0teBnPTQrdQte1ZZGxCJ9pbE8qZfNJm3+CWFb57gg3CfIIAEAbRlcWVyrls4BZ9qjmpidhmucn9FzAQLgfXxJi7C4xk= From d023a32f52b17c526cc2186ce5fe12a5cff64e71 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 31 Jan 2019 09:08:19 -0800 Subject: [PATCH 008/331] Dont bail on success. --- containers/build | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/containers/build b/containers/build index 941ecc0..42eb3f0 100755 --- a/containers/build +++ b/containers/build @@ -17,7 +17,8 @@ RES=$? if [ $RES -eq 1 ]; then echo Nothing changed. Skipping. exit 0 -else +fi +if [ $RES != 0 ]; then echo Something went wrong. Failing. exit $RES fi From b8436200f5b235d5e21f7d8881abd4b0cdc180d4 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 31 Jan 2019 09:12:28 -0800 Subject: [PATCH 009/331] Remove newbuild. --- containers/build | 1 - 1 file changed, 1 deletion(-) diff --git a/containers/build b/containers/build index 42eb3f0..3198a65 100755 --- a/containers/build +++ b/containers/build @@ -6,7 +6,6 @@ pushd $(dirname "$0")/"$CONTAINER" export AUTO_PREFIX=apk-version export AUTO_PREFIX_PACKAGE=ipmitool -export NEW_BUILD=x export IMAGE_NAME=pnnlmiscscripts/ipmitool:latest export DOCKER_TAG=latest export DOCKER_REPO=pnnlmiscscripts/ipmitool From bbef626dc286679a2ec5570dbe78fbe9f29327b8 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 31 Jan 2019 10:01:28 -0800 Subject: [PATCH 010/331] Add second container. dhcpd --- .travis.yml | 3 +++ containers/build | 13 +++++++------ containers/dhcpd/Dockerfile | 5 +++++ containers/dhcpd/buildenv | 4 ++++ containers/ipmitool/buildenv | 2 ++ 5 files changed, 21 insertions(+), 6 deletions(-) create mode 100644 containers/dhcpd/Dockerfile create mode 100644 containers/dhcpd/buildenv create mode 100644 containers/ipmitool/buildenv diff --git a/.travis.yml b/.travis.yml index f2559a4..a3bce4c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,6 +3,9 @@ jobs: - stage: build language: shell script: ./containers/build ipmitool + - stage: build + language: shell + script: ./containers/build dhcpd env: global: - secure: U5KTbwJ4mk5R6LQmCIeXUYJahoPsnn9IjU+zYL8Wo60bYUL0KWItmfrfbWQL09g365B61qgmx2OeJOgZ27oS4rKi+BFw3OqVvbBypZm7UCwml4uKRVA5BTMNnCYDL5o5N4Q+uFbBvdiw1TM+NjgHd2E4F32FeJWRp5teGlXK0fzzPQS7Vpv4ZvGlAyKGlozg0nzhq2XygtNyDsMFY0760WBjpeXkijvjcwD+/W+bGvISTRD4VTV8/+bRIGcWoat3CmYEumsqoT2Vj3/onWh/NWDWUeyJ9FHgLdRypcWf9XDKjFxa2bV5yqguxU7HOaGS4qWDsKF1DDRGne3HCRvzPrwS71j5tT3t+9B6XwXC9RVjjVcv3IFWUZwn1Sr1lwxiyteRDbE8j+1S7AXwsfHQc4mViM/sux/56ydJ6llm1ktnfyM+F0khdJpLU4RJTcLia9FaI+XZ61CIC1G+KhWrCpe0u+NWIVwSJL7wJHkzeYY7a671JSk9cGBl6NeJBdYv7DCuhxn5nqOv54eyqNlXM6u9WaIPweAg7sJy0wU/D2eND+3TtZ9o3qosWNNZ5lwPSKu6JCmzdIBliXwnf5PYl9jXr1QefJdDCAoXSq6MLErMznLTWAnmGQqEYc2UKKbOYned2GtFLGbOgSuoXl04EAlXo9wutIfIiTptutqxa10= diff --git a/containers/build b/containers/build index 3198a65..2b4b16f 100755 --- a/containers/build +++ b/containers/build @@ -4,11 +4,14 @@ pushd $(dirname "$0")/"$CONTAINER" [ ! -d hubbuildtools ] && git clone https://github.com/kfox1111/hubbuildtools -export AUTO_PREFIX=apk-version -export AUTO_PREFIX_PACKAGE=ipmitool -export IMAGE_NAME=pnnlmiscscripts/ipmitool:latest +export DOCKER_REPO=pnnlmiscscripts/"$CONTAINER" export DOCKER_TAG=latest -export DOCKER_REPO=pnnlmiscscripts/ipmitool + +[ -f "$CONTAINER"/buildenv ] . "$CONTAINER"/buildenv + +if [ "x$IMAGE_NAME" == "x" ]; then + export IMAGE_NAME="${DOCKER_REPO}:${DOCKER_TAG}" +fi hubbuildtools/hubhookhelpers/build RES=$? @@ -26,8 +29,6 @@ REVISION=$(hubbuildtools/fetchlocalrevision.sh "$IMAGE_NAME") docker tag "$IMAGE_NAME" "$DOCKER_REPO:$REVISION" -docker images - echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin docker push "$DOCKER_REPO:$REVISION" diff --git a/containers/dhcpd/Dockerfile b/containers/dhcpd/Dockerfile new file mode 100644 index 0000000..e8b8991 --- /dev/null +++ b/containers/dhcpd/Dockerfile @@ -0,0 +1,5 @@ +FROM alpine:3.9 +MAINTAINER Kevin Fox + +RUN \ + apk add --no-cache --update dhcpd diff --git a/containers/dhcpd/buildenv b/containers/dhcpd/buildenv new file mode 100644 index 0000000..6ec64e1 --- /dev/null +++ b/containers/dhcpd/buildenv @@ -0,0 +1,4 @@ +export NEW_BUILD=y +export AUTO_PREFIX=apk-version +export AUTO_PREFIX_PACKAGE=dhcp + diff --git a/containers/ipmitool/buildenv b/containers/ipmitool/buildenv new file mode 100644 index 0000000..6198118 --- /dev/null +++ b/containers/ipmitool/buildenv @@ -0,0 +1,2 @@ +export AUTO_PREFIX=apk-version +export AUTO_PREFIX_PACKAGE=ipmitool From 1552f67ae7ed09d8ad2ad161b565ac24430fca89 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 31 Jan 2019 10:07:06 -0800 Subject: [PATCH 011/331] Use the right package. --- containers/dhcpd/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/dhcpd/Dockerfile b/containers/dhcpd/Dockerfile index e8b8991..cc1afc3 100644 --- a/containers/dhcpd/Dockerfile +++ b/containers/dhcpd/Dockerfile @@ -2,4 +2,4 @@ FROM alpine:3.9 MAINTAINER Kevin Fox RUN \ - apk add --no-cache --update dhcpd + apk add --no-cache --update dhcp From 176fdef0b064e30dc7f30eb61ecf576abe7c2a8a Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 31 Jan 2019 10:18:11 -0800 Subject: [PATCH 012/331] Fix missing && --- .travis.yml | 2 ++ containers/build | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index a3bce4c..e60d81f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,9 +2,11 @@ jobs: include: - stage: build language: shell + name: "Build ipmitool container" script: ./containers/build ipmitool - stage: build language: shell + name: "Build dhcpd container" script: ./containers/build dhcpd env: global: diff --git a/containers/build b/containers/build index 2b4b16f..cde13f8 100755 --- a/containers/build +++ b/containers/build @@ -7,7 +7,7 @@ pushd $(dirname "$0")/"$CONTAINER" export DOCKER_REPO=pnnlmiscscripts/"$CONTAINER" export DOCKER_TAG=latest -[ -f "$CONTAINER"/buildenv ] . "$CONTAINER"/buildenv +[ -f "$CONTAINER"/buildenv ] && . "$CONTAINER"/buildenv if [ "x$IMAGE_NAME" == "x" ]; then export IMAGE_NAME="${DOCKER_REPO}:${DOCKER_TAG}" From 374de610d0524999b4a5a8b027278357be400b46 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 31 Jan 2019 10:21:42 -0800 Subject: [PATCH 013/331] Look in the right place --- containers/build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/build b/containers/build index cde13f8..9391a3e 100755 --- a/containers/build +++ b/containers/build @@ -7,7 +7,7 @@ pushd $(dirname "$0")/"$CONTAINER" export DOCKER_REPO=pnnlmiscscripts/"$CONTAINER" export DOCKER_TAG=latest -[ -f "$CONTAINER"/buildenv ] && . "$CONTAINER"/buildenv +[ -f buildenv ] && . buildenv if [ "x$IMAGE_NAME" == "x" ]; then export IMAGE_NAME="${DOCKER_REPO}:${DOCKER_TAG}" From c7519fb4139288b67bf0177a5ee6364cf27ea624 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 31 Jan 2019 10:24:38 -0800 Subject: [PATCH 014/331] Remove new build flag. --- containers/dhcpd/buildenv | 2 -- 1 file changed, 2 deletions(-) diff --git a/containers/dhcpd/buildenv b/containers/dhcpd/buildenv index 6ec64e1..f44e6ee 100644 --- a/containers/dhcpd/buildenv +++ b/containers/dhcpd/buildenv @@ -1,4 +1,2 @@ -export NEW_BUILD=y export AUTO_PREFIX=apk-version export AUTO_PREFIX_PACKAGE=dhcp - From 4407ee9ed9c0dc0460f0a3149223c2bb69d75b92 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sat, 2 Feb 2019 09:31:08 -0800 Subject: [PATCH 015/331] Build library charts to go along with the images. --- .travis.yml | 9 +++- charts/image-library-charts/build | 77 ++++++++++++++++++++++++++++ charts/image-library-charts/buildall | 45 ++++++++++++++++ 3 files changed, 129 insertions(+), 2 deletions(-) create mode 100755 charts/image-library-charts/build create mode 100755 charts/image-library-charts/buildall diff --git a/.travis.yml b/.travis.yml index e60d81f..6fed94f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,13 +2,18 @@ jobs: include: - stage: build language: shell - name: "Build ipmitool container" + name: Build ipmitool container script: ./containers/build ipmitool - stage: build language: shell - name: "Build dhcpd container" + name: Build dhcpd container script: ./containers/build dhcpd + - stage: build-image-library-charts + language: shell + name: Build image library charts + script: ./charts/image-library-charts/buildall env: global: - secure: U5KTbwJ4mk5R6LQmCIeXUYJahoPsnn9IjU+zYL8Wo60bYUL0KWItmfrfbWQL09g365B61qgmx2OeJOgZ27oS4rKi+BFw3OqVvbBypZm7UCwml4uKRVA5BTMNnCYDL5o5N4Q+uFbBvdiw1TM+NjgHd2E4F32FeJWRp5teGlXK0fzzPQS7Vpv4ZvGlAyKGlozg0nzhq2XygtNyDsMFY0760WBjpeXkijvjcwD+/W+bGvISTRD4VTV8/+bRIGcWoat3CmYEumsqoT2Vj3/onWh/NWDWUeyJ9FHgLdRypcWf9XDKjFxa2bV5yqguxU7HOaGS4qWDsKF1DDRGne3HCRvzPrwS71j5tT3t+9B6XwXC9RVjjVcv3IFWUZwn1Sr1lwxiyteRDbE8j+1S7AXwsfHQc4mViM/sux/56ydJ6llm1ktnfyM+F0khdJpLU4RJTcLia9FaI+XZ61CIC1G+KhWrCpe0u+NWIVwSJL7wJHkzeYY7a671JSk9cGBl6NeJBdYv7DCuhxn5nqOv54eyqNlXM6u9WaIPweAg7sJy0wU/D2eND+3TtZ9o3qosWNNZ5lwPSKu6JCmzdIBliXwnf5PYl9jXr1QefJdDCAoXSq6MLErMznLTWAnmGQqEYc2UKKbOYned2GtFLGbOgSuoXl04EAlXo9wutIfIiTptutqxa10= - secure: vpOauVLGBtEKoMV8k/1FKYI5xAiZYXx9WkYX9QnmPtuEHuOXiED8/vuyKj45tnTPWIjymNXlsU719x0zx6RTHXCDULTU4J8jU8iXUJibj3/mDRdIo5LI3HGIKN9KdBCfMonlSl5IHJKgNwUGjyDnagimdbCkNYbykEwjxG1CHVyWDzeSfEXNVGqmXZXtw5vYRfHyYt93LD4kgcF6+zEKV2XSkgfwkp8fIdiSDE52o+9O4jlFfpfmK0QRppUzYLIpo+YwhieoASfRLwyXtjjA7YnlbOsgGk42WqmIYZEAsEBONlAZ5xwVGJ+LY9qBfb3NDj4WBT0bSC2c6oxgOdQr69RUmd//z1hZfbO2HGl6HY6//14xll8OXexbw9SQB/N3oTaSP0g+F8ts0L8CsQ2m930KYV8XKxkiVBGoLkRjGGgzJnPcwjWD1hkm3lKDRc9p1viVVusDqMSLhi7d8IlmZ0P1p6XLEbkjqFp/LdLfGIFqpa5XR9BB/Q0cfxh1wiAP8syUbKAF6B/UzIJuHRtMTEPoLOK8X1Go4dRngtbnZ3RCf3S3GEYRNAE4N80O4YZBa0dRmvxaIThGh2xL0teBnPTQrdQte1ZZGxCJ9pbE8qZfNJm3+CWFb57gg3CfIIAEAbRlcWVyrls4BZ9qjmpidhmucn9FzAQLgfXxJi7C4xk= + - secure: Btw0mJYvC0Mju/VwRg1U9uVT/ivPviSiJs0FyqovDXquW/a5h3A1o9zQAxDN0zzLpiJsrzswLbbAHUjJ3BMT3iZtuzSTrJQMrs4WKMofZdQd6ynLClEyYju+N5jffa5rD6gfdg8JnRr4QyTsjFiZsmexPd855eRzZxG0LfCeV58XzICVwoe+RawRFN1MXu0N8lOMjnfFx7FWciSNhSQ4B4gh/PJ/zd2XK/jGISL8ZNoESTxhL1408yeQy3p37kOluW/t9CDu1GIgE2PrVK4UNb8d0ZZIsHcz57DqTdxA5kf3PDP8OBfWOlnYE3PGQH4cGB2y221HQ2L39jPHpZSunrPJ2vqzHjYAVCb/ldH37YTKqgAkcButHvO43KPeo+nj/V/dc7leKXgbLMf5DnRqjrjjeYJay7831Ga9HcIe4QzvltEFOEd81DM/C32eT/reKYA2P1xSiJRMC8FzDb3bh/oFFsA/HHiyAGRtuQ6+uvXCQIXzTFBpYncNmyJP15+TUdwNq8s6Jzi5R94HL2AvQg6Q2lOieVFatPiFbxUEmbCUq46SckQ5ezE1MjXFsXeD0Wg1nENrf0MK1i2UcDhzp6CVm/3H9KiFh4U6yQF8r++uvFgcpv9/c15+JOwGQKyD6HbQ0psDRUikH/Yyax1Du6JahGqzZ2D4GVsgXjqNv2w= diff --git a/charts/image-library-charts/build b/charts/image-library-charts/build new file mode 100755 index 0000000..fa5b25a --- /dev/null +++ b/charts/image-library-charts/build @@ -0,0 +1,77 @@ +#!/bin/bash + +CONTAINER="$1" + +if [ "x$REVISION" == "x" ]; then + echo REVISION is not set. + exit -1 +fi + +mkdir -p $(dirname "$0")/"$CONTAINER" + +pushd $(dirname "$0")/"$CONTAINER" + + +export DOCKER_TAG=latest +export CPREFIX="pnnlmiscscripts" + +[ -f buildenv ] && . ../../../containers/"$CONTAINER"/buildenv + +if [ "x$IMAGE_NAME" == "x" ]; then + export IMAGE_NAME="${DOCKER_REPO}:${DOCKER_TAG}" +fi + +cat > Chart.yaml < templates/_helpers.tpl < get_helm.sh + chmod 700 get_helm.sh + ./get_helm.sh +fi + +cd image-library-charts + +mkdir -p tags + +CHANGE=0 +for CONTAINER in ipmitool dhcpd; do + REVISION=$(../hubbuildtools/hubcurlrevision.sh "pnnlmiscscripts/$CONTAINER" "latest") + echo $REVISION + FOUND=0 + if [ -f "tags/$CONTAINER-latest" ]; then + if [ "x$REVISION" == "x$(cat tags/$CONTAINER-latest)" ]; then + FOUND=1 + echo $CONTAINER already built. + fi + fi + if [ $FOUND -eq 0 ]; then + CHANGE=1 + echo $CONTAINER building... + ../build "$CONTAINER" + echo "$REVISION" > "tags/$CONTAINER-latest" + fi +done +if [ $CHANGE -eq 1 ]; then + pushd docs + helm repo index . + popd + git add --all :/ && git commit -m "Update repo" + git push https://pnnlmiscscriptsci:"$GITHUB_LIBRARY_CHARTS_TOKEN"@github.com/pnnl-miscscripts/image-library-charts +fi From 1e7f48876545f37d699e0a23b1251bbdc822a283 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sun, 3 Feb 2019 18:01:00 -0800 Subject: [PATCH 016/331] Add Console chart. --- charts/charts/console/Chart.yaml | 10 +++ charts/charts/console/README.md | 47 ++++++++++++ charts/charts/console/requirements.yaml | 4 + charts/charts/console/templates/NOTES.txt | 12 +++ charts/charts/console/templates/_helpers.tpl | 32 ++++++++ .../charts/console/templates/deployment.yaml | 73 +++++++++++++++++++ charts/charts/console/values.yaml | 36 +++++++++ 7 files changed, 214 insertions(+) create mode 100644 charts/charts/console/Chart.yaml create mode 100644 charts/charts/console/README.md create mode 100644 charts/charts/console/requirements.yaml create mode 100644 charts/charts/console/templates/NOTES.txt create mode 100644 charts/charts/console/templates/_helpers.tpl create mode 100644 charts/charts/console/templates/deployment.yaml create mode 100644 charts/charts/console/values.yaml diff --git a/charts/charts/console/Chart.yaml b/charts/charts/console/Chart.yaml new file mode 100644 index 0000000..3b7ecdc --- /dev/null +++ b/charts/charts/console/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +appVersion: "1.0.0" +version: 1.0.0 +description: Console access from Kubernetes. Adds IPMI Support. +name: console +keywords: +- console +- ipmi +sources: +- https://github.com/pnnl-miscscripts/miscscripts diff --git a/charts/charts/console/README.md b/charts/charts/console/README.md new file mode 100644 index 0000000..af5398e --- /dev/null +++ b/charts/charts/console/README.md @@ -0,0 +1,47 @@ +# Console + +The Console chart spawns a pod per console you have in your cluster. + +Currently, the only driver is ipmitool. + + +## Install Chart + +To install the Chart into your Kubernetes cluster : + +```bash +helm install --namespace "console" --name "console" pnnl-miscscripts/console +``` + +After installation succeeds, you can get a status of Chart + +```bash +helm status "console" +``` + +If you want to delete your Chart, use this command: + +```bash +helm delete --purge "console" +``` + +### Console configuration + +Add your hosts to the host list like: +```yaml +hosts: +- host: p1 + ip: 192.168.1.20 + secret: ipmi +- host: p2 + ip: 192.168.1.21 + secret: ipmi +``` + +Where host is the name for the host. Ip is the ipmi bmc's ip or hostname. Secret is a Kubernetes secret in the same namespace with key username = ipmi username and password = ipmi password. + +For example, to create a secret named ipmi that can be used with this chart: +```bash +kubectl create secret generic ipmi --namespace console --from-literal=username=ADMIN --from-literal=password=ADMIN +``` + diff --git a/charts/charts/console/requirements.yaml b/charts/charts/console/requirements.yaml new file mode 100644 index 0000000..aa97633 --- /dev/null +++ b/charts/charts/console/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: +- name: ipmitool + version: 1.0.0 + repository: https://pnnl-miscscripts.github.io/image-library-charts/ diff --git a/charts/charts/console/templates/NOTES.txt b/charts/charts/console/templates/NOTES.txt new file mode 100644 index 0000000..6886406 --- /dev/null +++ b/charts/charts/console/templates/NOTES.txt @@ -0,0 +1,12 @@ +Load a script onto your client to attach to the console by pasting this into a terminal: + +cat > console.sh < diff --git a/charts/charts/console/templates/_helpers.tpl b/charts/charts/console/templates/_helpers.tpl new file mode 100644 index 0000000..1ae4af7 --- /dev/null +++ b/charts/charts/console/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "console.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "console.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "console.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/charts/console/templates/deployment.yaml b/charts/charts/console/templates/deployment.yaml new file mode 100644 index 0000000..389688f --- /dev/null +++ b/charts/charts/console/templates/deployment.yaml @@ -0,0 +1,73 @@ +{{- $global := . }} +{{- range .Values.hosts }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .host }}-{{ template "console.fullname" $global }} + labels: + app: {{ template "console.name" $global }} + chart: {{ template "console.chart" $global }} + release: {{ $global.Release.Name }} + heritage: {{ $global.Release.Service }} + host: {{ .host }} + driver: ipmitool +spec: + replicas: 1 + selector: + matchLabels: + app: {{ template "console.name" $global }} + release: {{ $global.Release.Name }} + host: {{ .host }} + template: + metadata: + labels: + app: {{ template "console.name" $global }} + release: {{ $global.Release.Name }} + host: {{ .host }} + driver: ipmitool + spec: + hostNetwork: true + containers: + - name: main + image: {{ dict "dot" $global "section" $global.Values.ipmitool | include "pnnlmiscscripts.ipmitool.image" }} + imagePullPolicy: {{ $global.Values.ipmitool.pullPolicy }} + env: + - name: IPMI_USER + valueFrom: + secretKeyRef: + name: {{ .secret }} + key: username + - name: IPMI_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .secret }} + key: password + - name: IPMI_HOST + value: {{ .ip }} + stdin: true + tty: true + command: + - /bin/sh + - -cex + - | + mkdir -p /usr/local/sbin/ + echo IyEvYmluL3NoCg== | base64 -d > /usr/local/sbin/ipmitool + echo 'exec /usr/sbin/ipmitool -H "$IPMI_HOST" -U "$IPMI_USER" -E -I lanplus "$@"' >> /usr/local/sbin/ipmitool + chmod +x /usr/local/sbin/ipmitool + /usr/local/sbin/ipmitool sol activate + resources: +{{ toYaml $global.Values.resources | indent 12 }} + {{- with $global.Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with $global.Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with $global.Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} +{{- end }} diff --git a/charts/charts/console/values.yaml b/charts/charts/console/values.yaml new file mode 100644 index 0000000..a7d86f8 --- /dev/null +++ b/charts/charts/console/values.yaml @@ -0,0 +1,36 @@ +# Default values for console. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +ipmitool: + server: + prefix: + repo: + tag: + pullPolicy: IfNotPresent + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] +#- key: node-role.kubernetes.io/master +# operator: Exists +# effect: NoSchedule + +affinity: {} + +hosts: [] +#- host: +# ip: +# secret: From 217a78f2077d74ef2d4f3ea348c256ee7b6845c4 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 4 Feb 2019 07:52:09 -0800 Subject: [PATCH 017/331] Add start of a build script --- charts/charts/buildall | 26 ++++++++++++++++++++++++++ charts/charts/console/.helmignore | 22 ++++++++++++++++++++++ charts/charts/console/Chart.yaml | 2 +- 3 files changed, 49 insertions(+), 1 deletion(-) create mode 100755 charts/charts/buildall create mode 100644 charts/charts/console/.helmignore diff --git a/charts/charts/buildall b/charts/charts/buildall new file mode 100755 index 0000000..2c5cd99 --- /dev/null +++ b/charts/charts/buildall @@ -0,0 +1,26 @@ +#!/bin/bash +set -e + +pushd $(dirname "$0") + +[ ! -d charts ] && git clone https://github.com/pnnl-miscscripts/charts +[ ! -d hubbuildtools ] && git clone https://github.com/kfox1111/hubbuildtools + +if [ "x$TRAVIS" != "x" ]; then + curl https://raw.githubusercontent.com/helm/helm/master/scripts/get > get_helm.sh + chmod 700 get_helm.sh + ./get_helm.sh +fi + +mkdir -p charts/docs + +helm repo add pnnl-miscscripts-image-library-charts https://pnnl-miscscripts.github.io/image-library-charts/ +helm repo update +for CHART in console; do + pushd "$CHART" + helm dep up --skip-refresh + echo $CHART + popd +done + +popd diff --git a/charts/charts/console/.helmignore b/charts/charts/console/.helmignore new file mode 100644 index 0000000..a34320a --- /dev/null +++ b/charts/charts/console/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +fingerprint diff --git a/charts/charts/console/Chart.yaml b/charts/charts/console/Chart.yaml index 3b7ecdc..7f3ff5e 100644 --- a/charts/charts/console/Chart.yaml +++ b/charts/charts/console/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: "1.0.0" +appVersion: 1.0.0 version: 1.0.0 description: Console access from Kubernetes. Adds IPMI Support. name: console From b93cbbc005b6ef5483fc8d606638fb2bfd2882f2 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 4 Feb 2019 08:00:20 -0800 Subject: [PATCH 018/331] Add more of buildall --- charts/charts/buildall | 41 ++++++++++++++++++++++++++++++- charts/charts/console/.helmignore | 1 - 2 files changed, 40 insertions(+), 2 deletions(-) diff --git a/charts/charts/buildall b/charts/charts/buildall index 2c5cd99..abeb958 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -13,14 +13,53 @@ if [ "x$TRAVIS" != "x" ]; then fi mkdir -p charts/docs +mkdir -p charts/tags helm repo add pnnl-miscscripts-image-library-charts https://pnnl-miscscripts.github.io/image-library-charts/ helm repo update + +CHANGE=0 for CHART in console; do pushd "$CHART" helm dep up --skip-refresh - echo $CHART + FINGERPRINT=$((echo main + cat Chart.yaml | sort | awk '{if(/^(appVersion|version|name):/){print $2}}' | sed 'N;N; s/\([^\n]*\)\n\([^\n]*\)\n\([^n]*\)/\2 \3 \1/g' + echo deps + ls charts | sort | while read line; do + helm inspect charts/$line | sort | awk '{if(/^(appVersion|version|name):/){print $2}}' | sed 'N;N; s/\([^\n]*\)\n\([^\n]*\)\n\([^n]*\)/\2 \3 \1/g' + done) | bzip2 -c | base64 | tr '\n' '=' | sed 's/=//g') + VERSION=$(cat Chart.yaml | awk '{if(/^version:/){print $2}}') + popd + echo Version: $VERSION + echo Fingerprint: $FINGERPRINT + pushd charts + FOUND=0 + if [ -f "tags/$CHART-$VERSION" ]; then + if [ "x$FINGERPRINT" == "x$(cat tags/$CHART-$VERSION)" ]; then + FOUND=1 + echo $CHART already built. + fi + fi + if [ $FOUND -eq 0 ]; then + CHANGE=1 + echo $CHART building... + echo FIXME update version + pushd docs/ + helm package ../../$CHART + popd + echo "$FINGERPRINT" > "tags/$CHART-$VERSION" + fi popd done +pushd charts +if [ $CHANGE -eq 1 ]; then + pushd docs + helm repo index . + popd + #git add --all :/ && git commit -m "Update repo" + #git push https://pnnlmiscscriptsci:"$GITHUB_LIBRARY_CHARTS_TOKEN"@github.com/pnnl-miscscripts/charts +fi +popd + popd diff --git a/charts/charts/console/.helmignore b/charts/charts/console/.helmignore index a34320a..f0c1319 100644 --- a/charts/charts/console/.helmignore +++ b/charts/charts/console/.helmignore @@ -19,4 +19,3 @@ .project .idea/ *.tmproj -fingerprint From 3051292e9f6463cefdc0b15f74a65508015063cf Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 4 Feb 2019 12:49:43 -0800 Subject: [PATCH 019/331] Add debug-toolbox container --- .travis.yml | 4 ++++ containers/debug-toolbox/Dockerfile | 23 +++++++++++++++++++++++ containers/debug-toolbox/buildenv | 2 ++ 3 files changed, 29 insertions(+) create mode 100644 containers/debug-toolbox/Dockerfile create mode 100644 containers/debug-toolbox/buildenv diff --git a/.travis.yml b/.travis.yml index 6fed94f..7b9b740 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,6 +8,10 @@ jobs: language: shell name: Build dhcpd container script: ./containers/build dhcpd + - stage: build + language: shell + name: Build debug-toolbox container + script: ./containers/build debug-toolbox - stage: build-image-library-charts language: shell name: Build image library charts diff --git a/containers/debug-toolbox/Dockerfile b/containers/debug-toolbox/Dockerfile new file mode 100644 index 0000000..7cb76e4 --- /dev/null +++ b/containers/debug-toolbox/Dockerfile @@ -0,0 +1,23 @@ +FROM alpine:3.9 + +RUN \ + apk add --no-cache \ + tcpdump \ + strace \ + iperf3 \ + bind-tools \ + git \ + ltrace \ + iptraf-ng \ + wget \ + curl \ + netcat-openbsd \ + openldap-clients \ + nmap \ + iftop \ + bash \ + iptables \ + conntrack-tools \ + procps \ + iotop \ + ipvsadm diff --git a/containers/debug-toolbox/buildenv b/containers/debug-toolbox/buildenv new file mode 100644 index 0000000..fd56248 --- /dev/null +++ b/containers/debug-toolbox/buildenv @@ -0,0 +1,2 @@ +export NEW_BUILD=1 +export PREFIX=1.0.0 From 5805cd7fa358f488b235154bdbfc9e27731b6eb2 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 4 Feb 2019 12:53:40 -0800 Subject: [PATCH 020/331] Remove new package flag --- containers/debug-toolbox/buildenv | 1 - 1 file changed, 1 deletion(-) diff --git a/containers/debug-toolbox/buildenv b/containers/debug-toolbox/buildenv index fd56248..80651d6 100644 --- a/containers/debug-toolbox/buildenv +++ b/containers/debug-toolbox/buildenv @@ -1,2 +1 @@ -export NEW_BUILD=1 export PREFIX=1.0.0 From 3c7d5325910588979e13e4072c7f4be11b2c91c5 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 4 Feb 2019 13:01:30 -0800 Subject: [PATCH 021/331] Add a couple of debug tools. --- bin/debug-host-pod | 68 ++++++++++++++++++++++++++++++++++++++++++++ bin/debug-normal-pod | 56 ++++++++++++++++++++++++++++++++++++ 2 files changed, 124 insertions(+) create mode 100755 bin/debug-host-pod create mode 100755 bin/debug-normal-pod diff --git a/bin/debug-host-pod b/bin/debug-host-pod new file mode 100755 index 0000000..972f6c6 --- /dev/null +++ b/bin/debug-host-pod @@ -0,0 +1,68 @@ +#!/bin/bash + +SERVICEACCOUNT=${SERVICEACCOUNT:-default} + +if [ "x$1" == "x" ]; then + echo "Usage: $0 " + exit -1 +fi + +echo Attaching debug container to hostname "$1" + +SHORT=$(echo $1 | tr '.' '-') + +cat <" + exit -1 +fi + +echo Attaching debug container to hostname "$1" + +SHORT=$(echo $1 | tr '.' '-') + +cat < Date: Mon, 4 Feb 2019 13:03:00 -0800 Subject: [PATCH 022/331] Build debug toolbox image library chart --- charts/image-library-charts/buildall | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/image-library-charts/buildall b/charts/image-library-charts/buildall index 8bf6b36..48522d4 100755 --- a/charts/image-library-charts/buildall +++ b/charts/image-library-charts/buildall @@ -19,7 +19,7 @@ cd image-library-charts mkdir -p tags CHANGE=0 -for CONTAINER in ipmitool dhcpd; do +for CONTAINER in ipmitool dhcpd debug-toolbox; do REVISION=$(../hubbuildtools/hubcurlrevision.sh "pnnlmiscscripts/$CONTAINER" "latest") echo $REVISION FOUND=0 From 6edccbcf97c7304f76c924eb0ff85adbaaffba85 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 4 Feb 2019 13:05:55 -0800 Subject: [PATCH 023/331] Add a short description and a travis link. --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 2d533f5..6ca3dc9 100644 --- a/README.md +++ b/README.md @@ -1 +1,5 @@ # miscscripts + +[![Build Status](https://travis-ci.org/pnnl-miscscripts/miscscripts.svg?branch=master)](https://travis-ci.org/pnnl-miscscripts/miscscripts) + +This repository houses a bunch of miscellaneous scripts, docker files, helm charts, etc that we have built up over time that could be useful to others. From ebec40f1ba6ba42a2efbca463bc880046f5d7985 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 4 Feb 2019 13:14:54 -0800 Subject: [PATCH 024/331] export revision --- charts/image-library-charts/buildall | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/image-library-charts/buildall b/charts/image-library-charts/buildall index 48522d4..088a3f2 100755 --- a/charts/image-library-charts/buildall +++ b/charts/image-library-charts/buildall @@ -20,8 +20,8 @@ mkdir -p tags CHANGE=0 for CONTAINER in ipmitool dhcpd debug-toolbox; do - REVISION=$(../hubbuildtools/hubcurlrevision.sh "pnnlmiscscripts/$CONTAINER" "latest") - echo $REVISION + export REVISION=$(../hubbuildtools/hubcurlrevision.sh "pnnlmiscscripts/$CONTAINER" "latest") + echo Revision: $REVISION FOUND=0 if [ -f "tags/$CONTAINER-latest" ]; then if [ "x$REVISION" == "x$(cat tags/$CONTAINER-latest)" ]; then From 81196550a73db1281ab4558190af37141076d13e Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 4 Feb 2019 13:18:12 -0800 Subject: [PATCH 025/331] Add email notification --- .travis.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.travis.yml b/.travis.yml index 7b9b740..d837ebd 100644 --- a/.travis.yml +++ b/.travis.yml @@ -21,3 +21,6 @@ env: - secure: U5KTbwJ4mk5R6LQmCIeXUYJahoPsnn9IjU+zYL8Wo60bYUL0KWItmfrfbWQL09g365B61qgmx2OeJOgZ27oS4rKi+BFw3OqVvbBypZm7UCwml4uKRVA5BTMNnCYDL5o5N4Q+uFbBvdiw1TM+NjgHd2E4F32FeJWRp5teGlXK0fzzPQS7Vpv4ZvGlAyKGlozg0nzhq2XygtNyDsMFY0760WBjpeXkijvjcwD+/W+bGvISTRD4VTV8/+bRIGcWoat3CmYEumsqoT2Vj3/onWh/NWDWUeyJ9FHgLdRypcWf9XDKjFxa2bV5yqguxU7HOaGS4qWDsKF1DDRGne3HCRvzPrwS71j5tT3t+9B6XwXC9RVjjVcv3IFWUZwn1Sr1lwxiyteRDbE8j+1S7AXwsfHQc4mViM/sux/56ydJ6llm1ktnfyM+F0khdJpLU4RJTcLia9FaI+XZ61CIC1G+KhWrCpe0u+NWIVwSJL7wJHkzeYY7a671JSk9cGBl6NeJBdYv7DCuhxn5nqOv54eyqNlXM6u9WaIPweAg7sJy0wU/D2eND+3TtZ9o3qosWNNZ5lwPSKu6JCmzdIBliXwnf5PYl9jXr1QefJdDCAoXSq6MLErMznLTWAnmGQqEYc2UKKbOYned2GtFLGbOgSuoXl04EAlXo9wutIfIiTptutqxa10= - secure: vpOauVLGBtEKoMV8k/1FKYI5xAiZYXx9WkYX9QnmPtuEHuOXiED8/vuyKj45tnTPWIjymNXlsU719x0zx6RTHXCDULTU4J8jU8iXUJibj3/mDRdIo5LI3HGIKN9KdBCfMonlSl5IHJKgNwUGjyDnagimdbCkNYbykEwjxG1CHVyWDzeSfEXNVGqmXZXtw5vYRfHyYt93LD4kgcF6+zEKV2XSkgfwkp8fIdiSDE52o+9O4jlFfpfmK0QRppUzYLIpo+YwhieoASfRLwyXtjjA7YnlbOsgGk42WqmIYZEAsEBONlAZ5xwVGJ+LY9qBfb3NDj4WBT0bSC2c6oxgOdQr69RUmd//z1hZfbO2HGl6HY6//14xll8OXexbw9SQB/N3oTaSP0g+F8ts0L8CsQ2m930KYV8XKxkiVBGoLkRjGGgzJnPcwjWD1hkm3lKDRc9p1viVVusDqMSLhi7d8IlmZ0P1p6XLEbkjqFp/LdLfGIFqpa5XR9BB/Q0cfxh1wiAP8syUbKAF6B/UzIJuHRtMTEPoLOK8X1Go4dRngtbnZ3RCf3S3GEYRNAE4N80O4YZBa0dRmvxaIThGh2xL0teBnPTQrdQte1ZZGxCJ9pbE8qZfNJm3+CWFb57gg3CfIIAEAbRlcWVyrls4BZ9qjmpidhmucn9FzAQLgfXxJi7C4xk= - secure: Btw0mJYvC0Mju/VwRg1U9uVT/ivPviSiJs0FyqovDXquW/a5h3A1o9zQAxDN0zzLpiJsrzswLbbAHUjJ3BMT3iZtuzSTrJQMrs4WKMofZdQd6ynLClEyYju+N5jffa5rD6gfdg8JnRr4QyTsjFiZsmexPd855eRzZxG0LfCeV58XzICVwoe+RawRFN1MXu0N8lOMjnfFx7FWciSNhSQ4B4gh/PJ/zd2XK/jGISL8ZNoESTxhL1408yeQy3p37kOluW/t9CDu1GIgE2PrVK4UNb8d0ZZIsHcz57DqTdxA5kf3PDP8OBfWOlnYE3PGQH4cGB2y221HQ2L39jPHpZSunrPJ2vqzHjYAVCb/ldH37YTKqgAkcButHvO43KPeo+nj/V/dc7leKXgbLMf5DnRqjrjjeYJay7831Ga9HcIe4QzvltEFOEd81DM/C32eT/reKYA2P1xSiJRMC8FzDb3bh/oFFsA/HHiyAGRtuQ6+uvXCQIXzTFBpYncNmyJP15+TUdwNq8s6Jzi5R94HL2AvQg6Q2lOieVFatPiFbxUEmbCUq46SckQ5ezE1MjXFsXeD0Wg1nENrf0MK1i2UcDhzp6CVm/3H9KiFh4U6yQF8r++uvFgcpv9/c15+JOwGQKyD6HbQ0psDRUikH/Yyax1Du6JahGqzZ2D4GVsgXjqNv2w= +notifications: + email: + - Kevin.Fox@pnnl.gov From 9a01194aa1d17c93389d61053d0613382c0f3381 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 4 Feb 2019 17:01:36 -0800 Subject: [PATCH 026/331] Job to build chart versions. --- charts/charts/buildall | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/charts/charts/buildall b/charts/charts/buildall index abeb958..8405df8 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -1,4 +1,5 @@ #!/bin/bash + set -e pushd $(dirname "$0") @@ -14,6 +15,7 @@ fi mkdir -p charts/docs mkdir -p charts/tags +mkdir -p charts/vers helm repo add pnnl-miscscripts-image-library-charts https://pnnl-miscscripts.github.io/image-library-charts/ helm repo update @@ -26,7 +28,7 @@ for CHART in console; do cat Chart.yaml | sort | awk '{if(/^(appVersion|version|name):/){print $2}}' | sed 'N;N; s/\([^\n]*\)\n\([^\n]*\)\n\([^n]*\)/\2 \3 \1/g' echo deps ls charts | sort | while read line; do - helm inspect charts/$line | sort | awk '{if(/^(appVersion|version|name):/){print $2}}' | sed 'N;N; s/\([^\n]*\)\n\([^\n]*\)\n\([^n]*\)/\2 \3 \1/g' + helm inspect chart charts/$line | sort | awk '{if(/^(appVersion|version|name):/){print $2}}' | sed 'N;N; s/\([^\n]*\)\n\([^\n]*\)\n\([^n]*\)/\2 \3 \1/g' done) | bzip2 -c | base64 | tr '\n' '=' | sed 's/=//g') VERSION=$(cat Chart.yaml | awk '{if(/^version:/){print $2}}') popd @@ -34,8 +36,8 @@ for CHART in console; do echo Fingerprint: $FINGERPRINT pushd charts FOUND=0 - if [ -f "tags/$CHART-$VERSION" ]; then - if [ "x$FINGERPRINT" == "x$(cat tags/$CHART-$VERSION)" ]; then + if [ -f "tags/$CHART-latest" ]; then + if [ "x$FINGERPRINT" == "x$(cat tags/$CHART-latest)" ]; then FOUND=1 echo $CHART already built. fi @@ -43,11 +45,25 @@ for CHART in console; do if [ $FOUND -eq 0 ]; then CHANGE=1 echo $CHART building... - echo FIXME update version pushd docs/ + NEWVERSION="$VERSION" + if [ -f ../vers/$CHART-latest ]; then + echo Existing package found. Updating version. + OLDVERSION=$(cat ../vers/$CHART-latest) + MAJORVERSION=$(echo $OLDVERSION | awk -F . '{print $1}') + MINORVERSION=$(echo $OLDVERSION | awk -F . '{print $2}') + PATCHVERSION=$(echo $OLDVERSION | awk -F . '{print $3}') + NEWPATCHVERSION=$((PATCHVERSION + 1)) + NEWVERSION="$MAJORVERSION.$MINORVERSION.$NEWPATCHVERSION" + echo Old version: $OLDVERSION + echo New version: $NEWVERSION + sed -i "s/^version: .*/version: $NEWVERSION/" ../../$CHART/Chart.yaml + sed -i "s/^appVersion: .*/appVersion: $NEWVERSION/" ../../$CHART/Chart.yaml + fi helm package ../../$CHART popd - echo "$FINGERPRINT" > "tags/$CHART-$VERSION" + echo "$FINGERPRINT" > "tags/$CHART-latest" + echo "$NEWVERSION" > "vers/$CHART-latest" fi popd done From d7e0f51b3bb8b63e59d78e34d1e3592c5e5aa206 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 4 Feb 2019 17:02:19 -0800 Subject: [PATCH 027/331] Job to build chart versions. --- .travis.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.travis.yml b/.travis.yml index d837ebd..ceee63f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -16,6 +16,10 @@ jobs: language: shell name: Build image library charts script: ./charts/image-library-charts/buildall + - stage: build-charts + language: shell + name: Build charts + script: ./charts/charts/buildall env: global: - secure: U5KTbwJ4mk5R6LQmCIeXUYJahoPsnn9IjU+zYL8Wo60bYUL0KWItmfrfbWQL09g365B61qgmx2OeJOgZ27oS4rKi+BFw3OqVvbBypZm7UCwml4uKRVA5BTMNnCYDL5o5N4Q+uFbBvdiw1TM+NjgHd2E4F32FeJWRp5teGlXK0fzzPQS7Vpv4ZvGlAyKGlozg0nzhq2XygtNyDsMFY0760WBjpeXkijvjcwD+/W+bGvISTRD4VTV8/+bRIGcWoat3CmYEumsqoT2Vj3/onWh/NWDWUeyJ9FHgLdRypcWf9XDKjFxa2bV5yqguxU7HOaGS4qWDsKF1DDRGne3HCRvzPrwS71j5tT3t+9B6XwXC9RVjjVcv3IFWUZwn1Sr1lwxiyteRDbE8j+1S7AXwsfHQc4mViM/sux/56ydJ6llm1ktnfyM+F0khdJpLU4RJTcLia9FaI+XZ61CIC1G+KhWrCpe0u+NWIVwSJL7wJHkzeYY7a671JSk9cGBl6NeJBdYv7DCuhxn5nqOv54eyqNlXM6u9WaIPweAg7sJy0wU/D2eND+3TtZ9o3qosWNNZ5lwPSKu6JCmzdIBliXwnf5PYl9jXr1QefJdDCAoXSq6MLErMznLTWAnmGQqEYc2UKKbOYned2GtFLGbOgSuoXl04EAlXo9wutIfIiTptutqxa10= From c54960e570192e4bd271aec2ab91c36fcd1e23be Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 4 Feb 2019 17:03:58 -0800 Subject: [PATCH 028/331] Actually enable the commit --- charts/charts/buildall | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/charts/buildall b/charts/charts/buildall index 8405df8..6d86c4f 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -73,8 +73,8 @@ if [ $CHANGE -eq 1 ]; then pushd docs helm repo index . popd - #git add --all :/ && git commit -m "Update repo" - #git push https://pnnlmiscscriptsci:"$GITHUB_LIBRARY_CHARTS_TOKEN"@github.com/pnnl-miscscripts/charts + git add --all :/ && git commit -m "Update repo" + git push https://pnnlmiscscriptsci:"$GITHUB_LIBRARY_CHARTS_TOKEN"@github.com/pnnl-miscscripts/charts fi popd From 43c9a2f16dfb3c0ea1e358db8f97fde5faecf9d9 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 4 Feb 2019 17:11:14 -0800 Subject: [PATCH 029/331] Init the helm client --- charts/charts/buildall | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/charts/buildall b/charts/charts/buildall index 6d86c4f..7623088 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -17,6 +17,7 @@ mkdir -p charts/docs mkdir -p charts/tags mkdir -p charts/vers +helm init --client-only helm repo add pnnl-miscscripts-image-library-charts https://pnnl-miscscripts.github.io/image-library-charts/ helm repo update From 7a3e5f9f4ca656c5a1a57cfed399e81997a9e58f Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Tue, 5 Feb 2019 07:59:12 -0800 Subject: [PATCH 030/331] Add an overridable org. --- charts/image-library-charts/Chart.yaml | 5 +++++ charts/image-library-charts/build | 12 +++++++++--- 2 files changed, 14 insertions(+), 3 deletions(-) create mode 100644 charts/image-library-charts/Chart.yaml diff --git a/charts/image-library-charts/Chart.yaml b/charts/image-library-charts/Chart.yaml new file mode 100644 index 0000000..f53d5df --- /dev/null +++ b/charts/image-library-charts/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.8.18-1" +description: A Helm chart for Kubernetes +name: +version: 1.0.0 diff --git a/charts/image-library-charts/build b/charts/image-library-charts/build index fa5b25a..682c8dd 100755 --- a/charts/image-library-charts/build +++ b/charts/image-library-charts/build @@ -26,7 +26,7 @@ apiVersion: v1 appVersion: "$REVISION" description: A Helm chart for Kubernetes name: $CONTAINER -version: 1.0.0 +version: 2.0.0 EOF mkdir -p templates @@ -41,7 +41,13 @@ docker.io {{- define "$CPREFIX.$CONTAINER.prefix" -}} {{- if and (hasKey . "section") (hasKey .section "prefix") .section.prefix -}} -{{ .section.prefix }} +/{{ .section.prefix }} +{{- end -}} +{{- end -}} + +{{- define "$CPREFIX.$CONTAINER.org" -}} +{{- if and (hasKey . "section") (hasKey .section "org") .section.org -}} +{{ .section.org }} {{- else -}} pnnlmiscscripts {{- end -}} @@ -68,7 +74,7 @@ How to use: {{ dict "dot" . "section" .Values.$CONTAINER | include "$CPREFIX.$CONTAINER.image" }} */}} {{- define "$CPREFIX.$CONTAINER.image" -}} -{{- include "$CPREFIX.$CONTAINER.server" . -}}/{{- include "$CPREFIX.$CONTAINER.prefix" . -}}/{{- include "$CPREFIX.$CONTAINER.repo" . -}}:{{- include "$CPREFIX.$CONTAINER.tag" . -}} +{{- include "$CPREFIX.$CONTAINER.server" . -}}{{- include "$CPREFIX.$CONTAINER.prefix" . -}}/{{- include "$CPREFIX.$CONTAINER.org" . -}}/{{- include "$CPREFIX.$CONTAINER.repo" . -}}:{{- include "$CPREFIX.$CONTAINER.tag" . -}} {{- end -}} EOF From 449b3e5ddfce022afa76c3392fd66b930a46421a Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Tue, 5 Feb 2019 08:38:57 -0800 Subject: [PATCH 031/331] Bump tag to match newer chart version --- charts/image-library-charts/buildall | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/image-library-charts/buildall b/charts/image-library-charts/buildall index 088a3f2..d1ba563 100755 --- a/charts/image-library-charts/buildall +++ b/charts/image-library-charts/buildall @@ -24,7 +24,7 @@ for CONTAINER in ipmitool dhcpd debug-toolbox; do echo Revision: $REVISION FOUND=0 if [ -f "tags/$CONTAINER-latest" ]; then - if [ "x$REVISION" == "x$(cat tags/$CONTAINER-latest)" ]; then + if [ "x2 $REVISION" == "x$(cat tags/$CONTAINER-latest)" ]; then FOUND=1 echo $CONTAINER already built. fi @@ -33,7 +33,7 @@ for CONTAINER in ipmitool dhcpd debug-toolbox; do CHANGE=1 echo $CONTAINER building... ../build "$CONTAINER" - echo "$REVISION" > "tags/$CONTAINER-latest" + echo "2 $REVISION" > "tags/$CONTAINER-latest" fi done if [ $CHANGE -eq 1 ]; then From 9e345a97bb111ddf32deaaf4d0e2bb20d45c881c Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Tue, 5 Feb 2019 08:49:47 -0800 Subject: [PATCH 032/331] Bump console version --- charts/charts/console/Chart.yaml | 4 ++-- charts/charts/console/requirements.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/charts/console/Chart.yaml b/charts/charts/console/Chart.yaml index 7f3ff5e..5e27c31 100644 --- a/charts/charts/console/Chart.yaml +++ b/charts/charts/console/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 -appVersion: 1.0.0 -version: 1.0.0 +appVersion: 2.0.0 +version: 2.0.0 description: Console access from Kubernetes. Adds IPMI Support. name: console keywords: diff --git a/charts/charts/console/requirements.yaml b/charts/charts/console/requirements.yaml index aa97633..922bc50 100644 --- a/charts/charts/console/requirements.yaml +++ b/charts/charts/console/requirements.yaml @@ -1,4 +1,4 @@ dependencies: - name: ipmitool - version: 1.0.0 + version: 2.0.0 repository: https://pnnl-miscscripts.github.io/image-library-charts/ From 2cfc097540efa62a198afc32c614c8cb624f466e Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Tue, 5 Feb 2019 09:20:50 -0800 Subject: [PATCH 033/331] Bump back version for now. --- charts/charts/console/Chart.yaml | 4 ++-- charts/charts/console/values.yaml | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/charts/charts/console/Chart.yaml b/charts/charts/console/Chart.yaml index 5e27c31..7f3ff5e 100644 --- a/charts/charts/console/Chart.yaml +++ b/charts/charts/console/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 -appVersion: 2.0.0 -version: 2.0.0 +appVersion: 1.0.0 +version: 1.0.0 description: Console access from Kubernetes. Adds IPMI Support. name: console keywords: diff --git a/charts/charts/console/values.yaml b/charts/charts/console/values.yaml index a7d86f8..d13208d 100644 --- a/charts/charts/console/values.yaml +++ b/charts/charts/console/values.yaml @@ -5,6 +5,7 @@ ipmitool: server: prefix: + org: repo: tag: pullPolicy: IfNotPresent From a68f7e32416f3fbd04888c7d94c24dc2f675533b Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sat, 9 Mar 2019 12:29:34 -0800 Subject: [PATCH 034/331] Add containerd rpm wrapper. --- containers/rpms-containerd/Dockerfile | 32 ++++++++++++++++++ containers/rpms-containerd/buildenv | 3 ++ containers/rpms-containerd/containerd.spec | 38 ++++++++++++++++++++++ 3 files changed, 73 insertions(+) create mode 100644 containers/rpms-containerd/Dockerfile create mode 100644 containers/rpms-containerd/buildenv create mode 100644 containers/rpms-containerd/containerd.spec diff --git a/containers/rpms-containerd/Dockerfile b/containers/rpms-containerd/Dockerfile new file mode 100644 index 0000000..d6edb72 --- /dev/null +++ b/containers/rpms-containerd/Dockerfile @@ -0,0 +1,32 @@ +FROM centos:centos7 +MAINTAINER Kevin Fox + +ENV "VERSION=1.2.4" + +ADD containerd.spec /root/rpmbuild/SOURCES/containerd.spec + +RUN \ + set -x && \ + cd / && \ + yum install -y rpm-build cpio createrepo && \ + mkdir -p rpms/ && \ + curl -o /root/rpmbuild/SOURCES/containerd.tar.gz "https://storage.googleapis.com/cri-containerd-release/cri-containerd-$VERSION.linux-amd64.tar.gz" && \ + sed -i "s/^\(Version:\).*$/\1 $VERSION/" /root/rpmbuild/SOURCES/containerd.spec && \ + cat /root/rpmbuild/SOURCES/containerd.spec && \ + rpmbuild -ba /root/rpmbuild/SOURCES/containerd.spec && \ + mv ~/rpmbuild/RPMS/x86_64/* rpms/ && \ + createrepo rpms && \ + mkdir tmp1 && \ + pushd tmp1 && \ + tar -xvf ~/rpmbuild/SOURCES/containerd.tar.gz && \ + SUM=$(md5sum usr/local/bin/containerd | awk '{print $1}') && \ + popd && \ + mkdir tmp2 && \ + pushd tmp2 && \ + rpm2cpio ../rpms/containerd*.rpm | cpio -idmv && \ + SUM2=$(md5sum usr/local/bin/containerd | awk '{print $1}') && \ + [ "x$SUM" != "x$SUM2" ] && echo "Checksums don't match" && exit -1 || true && \ + popd + +FROM scratch +COPY --from=0 /rpms /data diff --git a/containers/rpms-containerd/buildenv b/containers/rpms-containerd/buildenv new file mode 100644 index 0000000..87483a3 --- /dev/null +++ b/containers/rpms-containerd/buildenv @@ -0,0 +1,3 @@ +export AUTO_PREFIX=rpmrepo-version +export AUTO_PREFIX_PACKAGE=containerd +export NEW_BUILD=1 diff --git a/containers/rpms-containerd/containerd.spec b/containers/rpms-containerd/containerd.spec new file mode 100644 index 0000000..326c617 --- /dev/null +++ b/containers/rpms-containerd/containerd.spec @@ -0,0 +1,38 @@ +%global _enable_debug_package 0 +%global debug_package %{nil} +%global __os_install_post /usr/lib/rpm/brp-compress %{nil} +Summary: ContainerD and friends +Name: containerd +Version: @VERSION@ +Release: 1 +License: APL +Packager: MISCSCRIPTS +Group: Development/Tools +Source: containerd.tar.gz + +%description +%{summary} + +%prep +%setup -c + +%build +echo nothing to build + +%install +mkdir -p %{buildroot} +cp -a etc usr %{buildroot} +ls -l %{buildroot} + +%files +/usr/local/bin/containerd-stress +/usr/local/bin/containerd-shim-runc-v1 +/usr/local/bin/crictl +/usr/local/bin/ctr +/usr/local/bin/critest +/usr/local/bin/containerd +/usr/local/bin/containerd-shim +/usr/local/sbin/runc +/etc/systemd/system/containerd.service +/etc/crictl.yaml + From 8eeeab282fbd539d7b085d144bd766e398731b31 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sat, 9 Mar 2019 12:32:31 -0800 Subject: [PATCH 035/331] Add travis job --- .travis.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.travis.yml b/.travis.yml index ceee63f..c99aa0d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -12,6 +12,10 @@ jobs: language: shell name: Build debug-toolbox container script: ./containers/build debug-toolbox + - stage: build + language: shell + name: Build rpms-containerd container + script: ./containers/build rpms-containerd - stage: build-image-library-charts language: shell name: Build image library charts From b3ec5f991ea3521591cec1ef4406ffcbd6f37f88 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sat, 9 Mar 2019 12:42:25 -0800 Subject: [PATCH 036/331] Fix quoting issue --- containers/rpms-containerd/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/rpms-containerd/Dockerfile b/containers/rpms-containerd/Dockerfile index d6edb72..0cb017e 100644 --- a/containers/rpms-containerd/Dockerfile +++ b/containers/rpms-containerd/Dockerfile @@ -1,7 +1,7 @@ FROM centos:centos7 MAINTAINER Kevin Fox -ENV "VERSION=1.2.4" +ENV VERSION=1.2.4 ADD containerd.spec /root/rpmbuild/SOURCES/containerd.spec From 3913220ca2fa0fe11c27166c3297d750ab669a21 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sat, 9 Mar 2019 14:37:22 -0800 Subject: [PATCH 037/331] First push is done. --- containers/rpms-containerd/buildenv | 1 - 1 file changed, 1 deletion(-) diff --git a/containers/rpms-containerd/buildenv b/containers/rpms-containerd/buildenv index 87483a3..e509a12 100644 --- a/containers/rpms-containerd/buildenv +++ b/containers/rpms-containerd/buildenv @@ -1,3 +1,2 @@ export AUTO_PREFIX=rpmrepo-version export AUTO_PREFIX_PACKAGE=containerd -export NEW_BUILD=1 From 631c27cbcfb36dc8a03fdf765ddfffee27960ec3 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sat, 9 Mar 2019 16:28:20 -0800 Subject: [PATCH 038/331] Add centos7 base --- .travis.yml | 48 +++++++++++++------------ containers/rpms-centos7-base/Dockerfile | 16 +++++++++ containers/rpms-centos7-base/buildenv | 3 ++ 3 files changed, 45 insertions(+), 22 deletions(-) create mode 100644 containers/rpms-centos7-base/Dockerfile create mode 100644 containers/rpms-centos7-base/buildenv diff --git a/.travis.yml b/.travis.yml index c99aa0d..87b8b67 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,29 +1,33 @@ jobs: include: +# - stage: build +# language: shell +# name: Build ipmitool container +# script: ./containers/build ipmitool +# - stage: build +# language: shell +# name: Build dhcpd container +# script: ./containers/build dhcpd +# - stage: build +# language: shell +# name: Build debug-toolbox container +# script: ./containers/build debug-toolbox +# - stage: build +# language: shell +# name: Build rpms-containerd container +# script: ./containers/build rpms-containerd - stage: build language: shell - name: Build ipmitool container - script: ./containers/build ipmitool - - stage: build - language: shell - name: Build dhcpd container - script: ./containers/build dhcpd - - stage: build - language: shell - name: Build debug-toolbox container - script: ./containers/build debug-toolbox - - stage: build - language: shell - name: Build rpms-containerd container - script: ./containers/build rpms-containerd - - stage: build-image-library-charts - language: shell - name: Build image library charts - script: ./charts/image-library-charts/buildall - - stage: build-charts - language: shell - name: Build charts - script: ./charts/charts/buildall + name: Build rpms-centos7-base container + script: ./containers/build rpms-centos7-base +# - stage: build-image-library-charts +# language: shell +# name: Build image library charts +# script: ./charts/image-library-charts/buildall +# - stage: build-charts +# language: shell +# name: Build charts +# script: ./charts/charts/buildall env: global: - secure: U5KTbwJ4mk5R6LQmCIeXUYJahoPsnn9IjU+zYL8Wo60bYUL0KWItmfrfbWQL09g365B61qgmx2OeJOgZ27oS4rKi+BFw3OqVvbBypZm7UCwml4uKRVA5BTMNnCYDL5o5N4Q+uFbBvdiw1TM+NjgHd2E4F32FeJWRp5teGlXK0fzzPQS7Vpv4ZvGlAyKGlozg0nzhq2XygtNyDsMFY0760WBjpeXkijvjcwD+/W+bGvISTRD4VTV8/+bRIGcWoat3CmYEumsqoT2Vj3/onWh/NWDWUeyJ9FHgLdRypcWf9XDKjFxa2bV5yqguxU7HOaGS4qWDsKF1DDRGne3HCRvzPrwS71j5tT3t+9B6XwXC9RVjjVcv3IFWUZwn1Sr1lwxiyteRDbE8j+1S7AXwsfHQc4mViM/sux/56ydJ6llm1ktnfyM+F0khdJpLU4RJTcLia9FaI+XZ61CIC1G+KhWrCpe0u+NWIVwSJL7wJHkzeYY7a671JSk9cGBl6NeJBdYv7DCuhxn5nqOv54eyqNlXM6u9WaIPweAg7sJy0wU/D2eND+3TtZ9o3qosWNNZ5lwPSKu6JCmzdIBliXwnf5PYl9jXr1QefJdDCAoXSq6MLErMznLTWAnmGQqEYc2UKKbOYned2GtFLGbOgSuoXl04EAlXo9wutIfIiTptutqxa10= diff --git a/containers/rpms-centos7-base/Dockerfile b/containers/rpms-centos7-base/Dockerfile new file mode 100644 index 0000000..d5ef43f --- /dev/null +++ b/containers/rpms-centos7-base/Dockerfile @@ -0,0 +1,16 @@ +FROM centos:centos7 +MAINTAINER Kevin Fox + +RUN \ + cd / && \ + set -e && \ + yum install -y createrepo && \ + mkdir -p rpms/ && \ + yumdownloader --resolv --installroot=/tmp/root --releasever=/ \ + --destdir rpms --setopt cachedir=/tmp/cache \ + @Base @Core kernel grub2 docker e2fsprogs container-selinux nspr \ + nss-util openssh-server openssh iptables-services nfs-utils && \ + createrepo rpms + +FROM scratch +COPY --from=0 /rpms /data diff --git a/containers/rpms-centos7-base/buildenv b/containers/rpms-centos7-base/buildenv new file mode 100644 index 0000000..1d20be7 --- /dev/null +++ b/containers/rpms-centos7-base/buildenv @@ -0,0 +1,3 @@ +export AUTO_PREFIX=rpmrepo-version +export AUTO_PREFIX_PACKAGE=centos-base +export NEW_BUILD=1 From 78112e0e20eadfd4217f6f5682ff200675e77c8b Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sat, 9 Mar 2019 16:34:44 -0800 Subject: [PATCH 039/331] Use the right package name --- containers/rpms-centos7-base/buildenv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/rpms-centos7-base/buildenv b/containers/rpms-centos7-base/buildenv index 1d20be7..a2fa77d 100644 --- a/containers/rpms-centos7-base/buildenv +++ b/containers/rpms-centos7-base/buildenv @@ -1,3 +1,3 @@ export AUTO_PREFIX=rpmrepo-version -export AUTO_PREFIX_PACKAGE=centos-base +export AUTO_PREFIX_PACKAGE=centos-release export NEW_BUILD=1 From 4baacf032751b47f3a435c6ab9d11b5102b8383b Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sat, 9 Mar 2019 17:32:03 -0800 Subject: [PATCH 040/331] Filter the tag. --- containers/rpms-centos7-base/buildenv | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/containers/rpms-centos7-base/buildenv b/containers/rpms-centos7-base/buildenv index a2fa77d..0dfc55e 100644 --- a/containers/rpms-centos7-base/buildenv +++ b/containers/rpms-centos7-base/buildenv @@ -1,3 +1,4 @@ -export AUTO_PREFIX=rpmrepo-version +export AUTO_PREFIX=rpmrepo-version-release export AUTO_PREFIX_PACKAGE=centos-release +export AUTO_PREFIX_FILTER='awk -F. '"'"'{print $1 "." $2}'"'" export NEW_BUILD=1 From b3a3c2d538b741e36ba11e50314f9055cdf75105 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sat, 9 Mar 2019 17:40:52 -0800 Subject: [PATCH 041/331] Better filter --- containers/rpms-centos7-base/buildenv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/rpms-centos7-base/buildenv b/containers/rpms-centos7-base/buildenv index 0dfc55e..1f25b8f 100644 --- a/containers/rpms-centos7-base/buildenv +++ b/containers/rpms-centos7-base/buildenv @@ -1,4 +1,4 @@ export AUTO_PREFIX=rpmrepo-version-release export AUTO_PREFIX_PACKAGE=centos-release -export AUTO_PREFIX_FILTER='awk -F. '"'"'{print $1 "." $2}'"'" +export AUTO_PREFIX_FILTER='cut -d . -f 1 | tr '-' .' export NEW_BUILD=1 From 13f3baf5d220ef1254ba9bb62ffa28e3f03f7ecc Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sat, 9 Mar 2019 18:00:47 -0800 Subject: [PATCH 042/331] Remove new flag --- containers/rpms-centos7-base/buildenv | 1 - 1 file changed, 1 deletion(-) diff --git a/containers/rpms-centos7-base/buildenv b/containers/rpms-centos7-base/buildenv index 1f25b8f..0ad171d 100644 --- a/containers/rpms-centos7-base/buildenv +++ b/containers/rpms-centos7-base/buildenv @@ -1,4 +1,3 @@ export AUTO_PREFIX=rpmrepo-version-release export AUTO_PREFIX_PACKAGE=centos-release export AUTO_PREFIX_FILTER='cut -d . -f 1 | tr '-' .' -export NEW_BUILD=1 From 15377c21114d77c636a0997b35be052f1ca1ad38 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sat, 9 Mar 2019 18:06:46 -0800 Subject: [PATCH 043/331] Reenable other jobs --- .travis.yml | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/.travis.yml b/.travis.yml index 87b8b67..888116c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,33 +1,33 @@ jobs: include: -# - stage: build -# language: shell -# name: Build ipmitool container -# script: ./containers/build ipmitool -# - stage: build -# language: shell -# name: Build dhcpd container -# script: ./containers/build dhcpd -# - stage: build -# language: shell -# name: Build debug-toolbox container -# script: ./containers/build debug-toolbox -# - stage: build -# language: shell -# name: Build rpms-containerd container -# script: ./containers/build rpms-containerd + - stage: build + language: shell + name: Build ipmitool container + script: ./containers/build ipmitool + - stage: build + language: shell + name: Build dhcpd container + script: ./containers/build dhcpd + - stage: build + language: shell + name: Build debug-toolbox container + script: ./containers/build debug-toolbox + - stage: build + language: shell + name: Build rpms-containerd container + script: ./containers/build rpms-containerd - stage: build language: shell name: Build rpms-centos7-base container script: ./containers/build rpms-centos7-base -# - stage: build-image-library-charts -# language: shell -# name: Build image library charts -# script: ./charts/image-library-charts/buildall -# - stage: build-charts -# language: shell -# name: Build charts -# script: ./charts/charts/buildall + - stage: build-image-library-charts + language: shell + name: Build image library charts + script: ./charts/image-library-charts/buildall + - stage: build-charts + language: shell + name: Build charts + script: ./charts/charts/buildall env: global: - secure: U5KTbwJ4mk5R6LQmCIeXUYJahoPsnn9IjU+zYL8Wo60bYUL0KWItmfrfbWQL09g365B61qgmx2OeJOgZ27oS4rKi+BFw3OqVvbBypZm7UCwml4uKRVA5BTMNnCYDL5o5N4Q+uFbBvdiw1TM+NjgHd2E4F32FeJWRp5teGlXK0fzzPQS7Vpv4ZvGlAyKGlozg0nzhq2XygtNyDsMFY0760WBjpeXkijvjcwD+/W+bGvISTRD4VTV8/+bRIGcWoat3CmYEumsqoT2Vj3/onWh/NWDWUeyJ9FHgLdRypcWf9XDKjFxa2bV5yqguxU7HOaGS4qWDsKF1DDRGne3HCRvzPrwS71j5tT3t+9B6XwXC9RVjjVcv3IFWUZwn1Sr1lwxiyteRDbE8j+1S7AXwsfHQc4mViM/sux/56ydJ6llm1ktnfyM+F0khdJpLU4RJTcLia9FaI+XZ61CIC1G+KhWrCpe0u+NWIVwSJL7wJHkzeYY7a671JSk9cGBl6NeJBdYv7DCuhxn5nqOv54eyqNlXM6u9WaIPweAg7sJy0wU/D2eND+3TtZ9o3qosWNNZ5lwPSKu6JCmzdIBliXwnf5PYl9jXr1QefJdDCAoXSq6MLErMznLTWAnmGQqEYc2UKKbOYned2GtFLGbOgSuoXl04EAlXo9wutIfIiTptutqxa10= From 5b821b8cc8cc6c365791eba18a385ee27e31f3c2 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 15 Mar 2019 10:00:40 -0700 Subject: [PATCH 044/331] Update containerd version --- containers/rpms-containerd/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/rpms-containerd/Dockerfile b/containers/rpms-containerd/Dockerfile index 0cb017e..5d9ea3c 100644 --- a/containers/rpms-containerd/Dockerfile +++ b/containers/rpms-containerd/Dockerfile @@ -1,7 +1,7 @@ FROM centos:centos7 MAINTAINER Kevin Fox -ENV VERSION=1.2.4 +ENV VERSION=1.2.5 ADD containerd.spec /root/rpmbuild/SOURCES/containerd.spec From cca1cc1681fc0d55a681c10d3a9e279f16c5c1ac Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sat, 30 Mar 2019 15:35:39 -0700 Subject: [PATCH 045/331] Add openvswitch rpms --- .travis.yml | 4 ++++ containers/rpms-openvswitch/Dockerfile | 13 +++++++++++++ containers/rpms-openvswitch/buildenv | 3 +++ 3 files changed, 20 insertions(+) create mode 100644 containers/rpms-openvswitch/Dockerfile create mode 100644 containers/rpms-openvswitch/buildenv diff --git a/.travis.yml b/.travis.yml index 888116c..3553e2f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -20,6 +20,10 @@ jobs: language: shell name: Build rpms-centos7-base container script: ./containers/build rpms-centos7-base + - stage: build + language: shell + name: Build rpms-openvswitch container + script: ./containers/build rpms-openvswitch - stage: build-image-library-charts language: shell name: Build image library charts diff --git a/containers/rpms-openvswitch/Dockerfile b/containers/rpms-openvswitch/Dockerfile new file mode 100644 index 0000000..6eb1762 --- /dev/null +++ b/containers/rpms-openvswitch/Dockerfile @@ -0,0 +1,13 @@ +FROM centos:centos7 +MAINTAINER Kevin Fox + +RUN \ + cd / && \ + set -e && \ + yum install -y createrepo && \ + mkdir -p rpms/ && \ + yum install -y centos-release-openstack-rocky createrepo && \ + yumdownloader --resolv --destdir rpms openvswitch + +FROM scratch +COPY --from=0 /rpms /data diff --git a/containers/rpms-openvswitch/buildenv b/containers/rpms-openvswitch/buildenv new file mode 100644 index 0000000..f22a1f4 --- /dev/null +++ b/containers/rpms-openvswitch/buildenv @@ -0,0 +1,3 @@ +export AUTO_PREFIX=rpmrepo-version +export AUTO_PREFIX_PACKAGE=openvswitch +export NEW_BUILD=1 From 28e5208ee9627de3d8cdb4216fb29b62f13a7a50 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sat, 30 Mar 2019 15:46:40 -0700 Subject: [PATCH 046/331] Add missing createrepo --- containers/rpms-openvswitch/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/containers/rpms-openvswitch/Dockerfile b/containers/rpms-openvswitch/Dockerfile index 6eb1762..2042ea7 100644 --- a/containers/rpms-openvswitch/Dockerfile +++ b/containers/rpms-openvswitch/Dockerfile @@ -7,7 +7,8 @@ RUN \ yum install -y createrepo && \ mkdir -p rpms/ && \ yum install -y centos-release-openstack-rocky createrepo && \ - yumdownloader --resolv --destdir rpms openvswitch + yumdownloader --resolv --destdir rpms openvswitch && \ + createrepo rpms FROM scratch COPY --from=0 /rpms /data From cdc6bef563e7fca8cbe068df0577d58c147182ca Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sat, 30 Mar 2019 15:49:48 -0700 Subject: [PATCH 047/331] Add kubernetes repo --- .travis.yml | 8 ++++++++ containers/build | 1 + containers/rpms-kubernetes/Dockerfile | 20 ++++++++++++++++++++ containers/rpms-kubernetes/buildenv | 4 ++++ containers/rpms-kubernetes/kubernetes.repo | 7 +++++++ containers/rpms-openvswitch/buildenv | 1 - 6 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 containers/rpms-kubernetes/Dockerfile create mode 100644 containers/rpms-kubernetes/buildenv create mode 100644 containers/rpms-kubernetes/kubernetes.repo diff --git a/.travis.yml b/.travis.yml index 3553e2f..dba2ea8 100644 --- a/.travis.yml +++ b/.travis.yml @@ -24,6 +24,14 @@ jobs: language: shell name: Build rpms-openvswitch container script: ./containers/build rpms-openvswitch + - stage: build + language: shell + name: Build rpms-kubernetes container 1.13 + script: ./containers/build rpms-kubernetes 1.13 + - stage: build + language: shell + name: Build rpms-kubernetes container 1.14 + script: ./containers/build rpms-kubernetes 1.14 - stage: build-image-library-charts language: shell name: Build image library charts diff --git a/containers/build b/containers/build index 9391a3e..653321c 100755 --- a/containers/build +++ b/containers/build @@ -1,5 +1,6 @@ #!/bin/bash CONTAINER="$1" +[ "x$2" != "x" ] && export SUBBUILD="$2" pushd $(dirname "$0")/"$CONTAINER" [ ! -d hubbuildtools ] && git clone https://github.com/kfox1111/hubbuildtools diff --git a/containers/rpms-kubernetes/Dockerfile b/containers/rpms-kubernetes/Dockerfile new file mode 100644 index 0000000..8e2eed7 --- /dev/null +++ b/containers/rpms-kubernetes/Dockerfile @@ -0,0 +1,20 @@ +FROM centos:centos7 +ARG BACK=1 +ARG SUBBUILD=1.13 + +ADD kubernetes.repo /etc/yum.repos.d/ +RUN \ + yum install -y createrepo && \ + mkdir -p rpms/ && \ + VERSION=$(yum --showduplicates list kubelet -q | grep -vi packages | grep -vi rc | grep -vi alpha | grep -vi beta | awk '{print $2}' | awk -F. '{print $2}' | sort -nu | tail -n $BACK | head -n 1) && \ + VERSION="$(echo $SUBBUILD | awk -F. '{print $2}')" && \ + SUBVERSION=$(yum --showduplicates list kubelet -q | grep -vi packages | awk '{print $2}' | grep "^1\.$VERSION\."| awk -F. '{print $3}' | awk -F- '{print $1}' | sort -nu | tail -n 1) && \ + REVISION=$(yum --showduplicates list kubelet -q | grep -vi packages | awk '{print $2}' | grep "^1\.$VERSION\.$SUBVERSION-" | awk -F- '{print $2}' | sort -nu | tail -n 1) && \ + FULLVERSION="1.$VERSION.$SUBVERSION-$REVISION" && \ + echo "Picked $FULLVERSION" && \ + mkdir -p rpms/ && \ + yumdownloader --resolv --destdir rpms "kubelet-$FULLVERSION" "kubeadm-$FULLVERSION" "kubectl-$FULLVERSION" && \ + createrepo rpms + +FROM scratch +COPY --from=0 /rpms /data diff --git a/containers/rpms-kubernetes/buildenv b/containers/rpms-kubernetes/buildenv new file mode 100644 index 0000000..2240722 --- /dev/null +++ b/containers/rpms-kubernetes/buildenv @@ -0,0 +1,4 @@ +export AUTO_PREFIX=rpmrepo-version +export AUTO_PREFIX_PACKAGE=kubelet +export DOCKER_TAG=$SUBBUILD +export NEW_BUILD=1 diff --git a/containers/rpms-kubernetes/kubernetes.repo b/containers/rpms-kubernetes/kubernetes.repo new file mode 100644 index 0000000..65eda50 --- /dev/null +++ b/containers/rpms-kubernetes/kubernetes.repo @@ -0,0 +1,7 @@ +[kubernetes] +name=Kubernetes +baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 +enabled=1 +gpgcheck=1 +repo_gpgcheck=1 +gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg diff --git a/containers/rpms-openvswitch/buildenv b/containers/rpms-openvswitch/buildenv index f22a1f4..8d79192 100644 --- a/containers/rpms-openvswitch/buildenv +++ b/containers/rpms-openvswitch/buildenv @@ -1,3 +1,2 @@ export AUTO_PREFIX=rpmrepo-version export AUTO_PREFIX_PACKAGE=openvswitch -export NEW_BUILD=1 From 584a0ad84f8e433b8e0e95aa62b079e7c19f7bc5 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sat, 30 Mar 2019 17:08:30 -0700 Subject: [PATCH 048/331] Remove new build --- containers/rpms-kubernetes/buildenv | 1 - 1 file changed, 1 deletion(-) diff --git a/containers/rpms-kubernetes/buildenv b/containers/rpms-kubernetes/buildenv index 2240722..5ba4137 100644 --- a/containers/rpms-kubernetes/buildenv +++ b/containers/rpms-kubernetes/buildenv @@ -1,4 +1,3 @@ export AUTO_PREFIX=rpmrepo-version export AUTO_PREFIX_PACKAGE=kubelet export DOCKER_TAG=$SUBBUILD -export NEW_BUILD=1 From 385f3dda732a492e6c0416f60559b085a1716427 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sun, 31 Mar 2019 09:52:11 -0700 Subject: [PATCH 049/331] Add anaconda image --- .travis.yml | 4 ++++ containers/anaconda/Dockerfile | 11 +++++++++++ containers/anaconda/buildenv | 3 +++ 3 files changed, 18 insertions(+) create mode 100644 containers/anaconda/Dockerfile create mode 100644 containers/anaconda/buildenv diff --git a/.travis.yml b/.travis.yml index dba2ea8..cb9c6d9 100644 --- a/.travis.yml +++ b/.travis.yml @@ -32,6 +32,10 @@ jobs: language: shell name: Build rpms-kubernetes container 1.14 script: ./containers/build rpms-kubernetes 1.14 + - stage: build + language: shell + name: Build anaconda container + script: ./containers/build anaconda - stage: build-image-library-charts language: shell name: Build image library charts diff --git a/containers/anaconda/Dockerfile b/containers/anaconda/Dockerfile new file mode 100644 index 0000000..4522ec9 --- /dev/null +++ b/containers/anaconda/Dockerfile @@ -0,0 +1,11 @@ +FROM centos:centos7 +RUN \ + mkdir -p /data/LiveOS && \ + curl http://mirror.centos.org/centos-7/7/os/x86_64/CentOS_BuildTag -o /data/CentOS_BuildTag && \ + curl http://mirror.centos.org/centos-7/7/os/x86_64/images/pxeboot/initrd.img -o /data/initrd.img && \ + curl http://mirror.centos.org/centos-7/7/os/x86_64/images/pxeboot/vmlinuz -o /data/vmlinuz && \ + curl http://mirror.centos.org/centos-7/7/os/x86_64/.treeinfo -o /data/.treeinfo && \ + curl http://mirror.centos.org/centos-7/7/os/x86_64/LiveOS/squashfs.img -o /data/LiveOS/squashfs.img + +FROM scratch +COPY --from=0 /data /data diff --git a/containers/anaconda/buildenv b/containers/anaconda/buildenv new file mode 100644 index 0000000..d790218 --- /dev/null +++ b/containers/anaconda/buildenv @@ -0,0 +1,3 @@ +export AUTO_PREFIX=filecontent +export AUTO_PREFIX_FILE=/data/CentOS_BuildTag +export NEW_BUILD=1 From a555ed796648858e251ced9e503ef86a5065ee7e Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sun, 31 Mar 2019 09:56:53 -0700 Subject: [PATCH 050/331] Remove new build --- containers/anaconda/buildenv | 1 - 1 file changed, 1 deletion(-) diff --git a/containers/anaconda/buildenv b/containers/anaconda/buildenv index d790218..669af48 100644 --- a/containers/anaconda/buildenv +++ b/containers/anaconda/buildenv @@ -1,3 +1,2 @@ export AUTO_PREFIX=filecontent export AUTO_PREFIX_FILE=/data/CentOS_BuildTag -export NEW_BUILD=1 From 20a38cd8fd942a9caf51ae8b837d627f2fabf553 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sun, 31 Mar 2019 10:20:20 -0700 Subject: [PATCH 051/331] Add anaconda nginx container --- .travis.yml | 4 ++++ containers/anaconda-nginx/Dockerfile | 5 +++++ containers/anaconda-nginx/buildenv | 5 +++++ 3 files changed, 14 insertions(+) create mode 100644 containers/anaconda-nginx/Dockerfile create mode 100644 containers/anaconda-nginx/buildenv diff --git a/.travis.yml b/.travis.yml index cb9c6d9..00e6b11 100644 --- a/.travis.yml +++ b/.travis.yml @@ -36,6 +36,10 @@ jobs: language: shell name: Build anaconda container script: ./containers/build anaconda + - stage: build-nginx + language: shell + name: Build anaconda+nginx container + script: ./containers/build anaconda-nginx - stage: build-image-library-charts language: shell name: Build image library charts diff --git a/containers/anaconda-nginx/Dockerfile b/containers/anaconda-nginx/Dockerfile new file mode 100644 index 0000000..1e6755f --- /dev/null +++ b/containers/anaconda-nginx/Dockerfile @@ -0,0 +1,5 @@ +FROM nginx:stable-alpine + +FROM pnnlmiscscripts/anaconda:latest +COPY --from=0 / / +RUN echo "server {autoindex off; server_name localhost; location ~ ^/$ {return 200;} location ~ ^.*/$ {return 404;} location / { root /data; default_type application/octet-stream; add_header Content-Disposition 'attachment'; types {}}}" > /etc/nginx/conf.d/default.conf diff --git a/containers/anaconda-nginx/buildenv b/containers/anaconda-nginx/buildenv new file mode 100644 index 0000000..a27ceae --- /dev/null +++ b/containers/anaconda-nginx/buildenv @@ -0,0 +1,5 @@ +export AUTO_PREFIX=filecontent +export AUTO_PREFIX_FILE=/data/CentOS_BuildTag +export DOCKER_REPO=pnnlmiscscripts/anaconda +export DOCKER_TAG=latest-nginx +export NEW_BUILD=1 From 74f5c4d49855237354aa5b3dce41b3c2d84515c4 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sun, 31 Mar 2019 10:29:00 -0700 Subject: [PATCH 052/331] Add suffix to tag --- containers/anaconda-nginx/buildenv | 1 + 1 file changed, 1 insertion(+) diff --git a/containers/anaconda-nginx/buildenv b/containers/anaconda-nginx/buildenv index a27ceae..50b0306 100644 --- a/containers/anaconda-nginx/buildenv +++ b/containers/anaconda-nginx/buildenv @@ -1,5 +1,6 @@ export AUTO_PREFIX=filecontent export AUTO_PREFIX_FILE=/data/CentOS_BuildTag +export AUTO_PREFIX_FILTER='sed "s/^/-nginx/g"' export DOCKER_REPO=pnnlmiscscripts/anaconda export DOCKER_TAG=latest-nginx export NEW_BUILD=1 From 202b6756f15c34edb0ee663582b6dfe4d295176f Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sun, 31 Mar 2019 10:30:09 -0700 Subject: [PATCH 053/331] New build --- containers/anaconda/buildenv | 1 + 1 file changed, 1 insertion(+) diff --git a/containers/anaconda/buildenv b/containers/anaconda/buildenv index 669af48..d790218 100644 --- a/containers/anaconda/buildenv +++ b/containers/anaconda/buildenv @@ -1,2 +1,3 @@ export AUTO_PREFIX=filecontent export AUTO_PREFIX_FILE=/data/CentOS_BuildTag +export NEW_BUILD=1 From f119f69fec79953824d739b19cf4e5a56b3518df Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sun, 31 Mar 2019 10:37:32 -0700 Subject: [PATCH 054/331] Suffix, not prefix --- containers/anaconda-nginx/buildenv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/anaconda-nginx/buildenv b/containers/anaconda-nginx/buildenv index 50b0306..6f364b2 100644 --- a/containers/anaconda-nginx/buildenv +++ b/containers/anaconda-nginx/buildenv @@ -1,6 +1,6 @@ export AUTO_PREFIX=filecontent export AUTO_PREFIX_FILE=/data/CentOS_BuildTag -export AUTO_PREFIX_FILTER='sed "s/^/-nginx/g"' +export AUTO_PREFIX_FILTER='sed "s/$/-nginx/g"' export DOCKER_REPO=pnnlmiscscripts/anaconda export DOCKER_TAG=latest-nginx export NEW_BUILD=1 From e18a83698cbda6e10a45fef46d56ac14f1ecb6d7 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sun, 31 Mar 2019 10:38:18 -0700 Subject: [PATCH 055/331] Remove new build --- containers/anaconda/buildenv | 1 - 1 file changed, 1 deletion(-) diff --git a/containers/anaconda/buildenv b/containers/anaconda/buildenv index d790218..669af48 100644 --- a/containers/anaconda/buildenv +++ b/containers/anaconda/buildenv @@ -1,3 +1,2 @@ export AUTO_PREFIX=filecontent export AUTO_PREFIX_FILE=/data/CentOS_BuildTag -export NEW_BUILD=1 From 0d5b83d2366d3aeb85355892a27df525132d6880 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 5 Apr 2019 09:47:38 -0700 Subject: [PATCH 056/331] Bump docker version. Rename node image. --- .travis.yml | 13 +++++++++++-- .../Dockerfile | 0 .../{rpms-centos7-base => rpms-node-base}/buildenv | 0 3 files changed, 11 insertions(+), 2 deletions(-) rename containers/{rpms-centos7-base => rpms-node-base}/Dockerfile (100%) rename containers/{rpms-centos7-base => rpms-node-base}/buildenv (100%) diff --git a/.travis.yml b/.travis.yml index 00e6b11..39d61a2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,22 +13,31 @@ jobs: name: Build debug-toolbox container script: ./containers/build debug-toolbox - stage: build + before_install: &upgradedocker + - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - + - sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" + - sudo apt-get update + - sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce language: shell name: Build rpms-containerd container script: ./containers/build rpms-containerd - stage: build + before_install: *upgradedocker language: shell - name: Build rpms-centos7-base container - script: ./containers/build rpms-centos7-base + name: Build rpms-node-base container + script: ./containers/build rpms-node-base - stage: build + before_install: *upgradedocker language: shell name: Build rpms-openvswitch container script: ./containers/build rpms-openvswitch - stage: build + before_install: *upgradedocker language: shell name: Build rpms-kubernetes container 1.13 script: ./containers/build rpms-kubernetes 1.13 - stage: build + before_install: *upgradedocker language: shell name: Build rpms-kubernetes container 1.14 script: ./containers/build rpms-kubernetes 1.14 diff --git a/containers/rpms-centos7-base/Dockerfile b/containers/rpms-node-base/Dockerfile similarity index 100% rename from containers/rpms-centos7-base/Dockerfile rename to containers/rpms-node-base/Dockerfile diff --git a/containers/rpms-centos7-base/buildenv b/containers/rpms-node-base/buildenv similarity index 100% rename from containers/rpms-centos7-base/buildenv rename to containers/rpms-node-base/buildenv From 0691e830d25d74f27e521d9cc1cef7d8edc380b0 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 5 Apr 2019 11:41:14 -0700 Subject: [PATCH 057/331] Add initial gpg support. --- .travis.yml | 3 +++ containers/build | 10 ++++++++++ containers/rpmmacros | 3 +++ containers/rpms-containerd/Dockerfile | 13 ++++++++++--- containers/rpms-containerd/buildenv | 2 ++ containers/rpms-kubernetes/buildenv | 1 + containers/rpms-node-base/Dockerfile | 4 +++- containers/rpms-node-base/buildenv | 1 + containers/rpms-openvswitch/buildenv | 1 + rpm.priv.enc | Bin 0 -> 1280 bytes rpm.pub | 20 ++++++++++++++++++++ 11 files changed, 54 insertions(+), 4 deletions(-) create mode 100644 containers/rpmmacros create mode 100644 rpm.priv.enc create mode 100644 rpm.pub diff --git a/.travis.yml b/.travis.yml index 39d61a2..f7555da 100644 --- a/.travis.yml +++ b/.travis.yml @@ -18,6 +18,7 @@ jobs: - sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" - sudo apt-get update - sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce + - openssl aes-256-cbc -K $encrypted_94b98ec18b77_key -iv $encrypted_94b98ec18b77_iv -in rpm.priv.enc -out rpm.priv -d language: shell name: Build rpms-containerd container script: ./containers/build rpms-containerd @@ -62,6 +63,8 @@ env: - secure: U5KTbwJ4mk5R6LQmCIeXUYJahoPsnn9IjU+zYL8Wo60bYUL0KWItmfrfbWQL09g365B61qgmx2OeJOgZ27oS4rKi+BFw3OqVvbBypZm7UCwml4uKRVA5BTMNnCYDL5o5N4Q+uFbBvdiw1TM+NjgHd2E4F32FeJWRp5teGlXK0fzzPQS7Vpv4ZvGlAyKGlozg0nzhq2XygtNyDsMFY0760WBjpeXkijvjcwD+/W+bGvISTRD4VTV8/+bRIGcWoat3CmYEumsqoT2Vj3/onWh/NWDWUeyJ9FHgLdRypcWf9XDKjFxa2bV5yqguxU7HOaGS4qWDsKF1DDRGne3HCRvzPrwS71j5tT3t+9B6XwXC9RVjjVcv3IFWUZwn1Sr1lwxiyteRDbE8j+1S7AXwsfHQc4mViM/sux/56ydJ6llm1ktnfyM+F0khdJpLU4RJTcLia9FaI+XZ61CIC1G+KhWrCpe0u+NWIVwSJL7wJHkzeYY7a671JSk9cGBl6NeJBdYv7DCuhxn5nqOv54eyqNlXM6u9WaIPweAg7sJy0wU/D2eND+3TtZ9o3qosWNNZ5lwPSKu6JCmzdIBliXwnf5PYl9jXr1QefJdDCAoXSq6MLErMznLTWAnmGQqEYc2UKKbOYned2GtFLGbOgSuoXl04EAlXo9wutIfIiTptutqxa10= - secure: vpOauVLGBtEKoMV8k/1FKYI5xAiZYXx9WkYX9QnmPtuEHuOXiED8/vuyKj45tnTPWIjymNXlsU719x0zx6RTHXCDULTU4J8jU8iXUJibj3/mDRdIo5LI3HGIKN9KdBCfMonlSl5IHJKgNwUGjyDnagimdbCkNYbykEwjxG1CHVyWDzeSfEXNVGqmXZXtw5vYRfHyYt93LD4kgcF6+zEKV2XSkgfwkp8fIdiSDE52o+9O4jlFfpfmK0QRppUzYLIpo+YwhieoASfRLwyXtjjA7YnlbOsgGk42WqmIYZEAsEBONlAZ5xwVGJ+LY9qBfb3NDj4WBT0bSC2c6oxgOdQr69RUmd//z1hZfbO2HGl6HY6//14xll8OXexbw9SQB/N3oTaSP0g+F8ts0L8CsQ2m930KYV8XKxkiVBGoLkRjGGgzJnPcwjWD1hkm3lKDRc9p1viVVusDqMSLhi7d8IlmZ0P1p6XLEbkjqFp/LdLfGIFqpa5XR9BB/Q0cfxh1wiAP8syUbKAF6B/UzIJuHRtMTEPoLOK8X1Go4dRngtbnZ3RCf3S3GEYRNAE4N80O4YZBa0dRmvxaIThGh2xL0teBnPTQrdQte1ZZGxCJ9pbE8qZfNJm3+CWFb57gg3CfIIAEAbRlcWVyrls4BZ9qjmpidhmucn9FzAQLgfXxJi7C4xk= - secure: Btw0mJYvC0Mju/VwRg1U9uVT/ivPviSiJs0FyqovDXquW/a5h3A1o9zQAxDN0zzLpiJsrzswLbbAHUjJ3BMT3iZtuzSTrJQMrs4WKMofZdQd6ynLClEyYju+N5jffa5rD6gfdg8JnRr4QyTsjFiZsmexPd855eRzZxG0LfCeV58XzICVwoe+RawRFN1MXu0N8lOMjnfFx7FWciSNhSQ4B4gh/PJ/zd2XK/jGISL8ZNoESTxhL1408yeQy3p37kOluW/t9CDu1GIgE2PrVK4UNb8d0ZZIsHcz57DqTdxA5kf3PDP8OBfWOlnYE3PGQH4cGB2y221HQ2L39jPHpZSunrPJ2vqzHjYAVCb/ldH37YTKqgAkcButHvO43KPeo+nj/V/dc7leKXgbLMf5DnRqjrjjeYJay7831Ga9HcIe4QzvltEFOEd81DM/C32eT/reKYA2P1xSiJRMC8FzDb3bh/oFFsA/HHiyAGRtuQ6+uvXCQIXzTFBpYncNmyJP15+TUdwNq8s6Jzi5R94HL2AvQg6Q2lOieVFatPiFbxUEmbCUq46SckQ5ezE1MjXFsXeD0Wg1nENrf0MK1i2UcDhzp6CVm/3H9KiFh4U6yQF8r++uvFgcpv9/c15+JOwGQKyD6HbQ0psDRUikH/Yyax1Du6JahGqzZ2D4GVsgXjqNv2w= + - secure: uAHTeic5vNb28s7rw9KoYoqVRBP/7b/UXTHZWK042YN4ZCb4aiUwdQiaP5QSbtSfLt2ei89ZULS/HFboWlpzH2ZvsP+PhywUPn1SXVq3b2z9lrm4ba6p1o6p4LRNlNeRfuKvNfZTMmG76HpPeg2Yi3Fy8i+xDH1ezeV/ih0Hpz0Iqvk8dKzrrgWCeEdoT+viyGqEku3hdGApABlKvJ2YXqCwZQixieaxhr7Gdo4jAWB6QAQZEIHBCCDR5kPiQBrkiaO91TaYNaimL5NiES4NCivqKZanl7kByGKj8IP9PjmgQNxBftncscOl+jJ8zJQthOncVPycpbb2NtZvRfHJF8L833cDHgrSDzpLh4chaAAkOvGKLsUqyJoDjriWbP04CFLDN3fpEwSR3w7xGzO50ZCfm8rsckYbD9Ij8QktTNTJ/+DY2wUpmBryuy9S7j5H7MnxrqNt6iC+vxzV9fRl4cnhEHjNUicjcSl7OI5vn/e9qMaOszNzI6B0+kA/zdsmXzBzgD4EnS51Ne3Y7dlMNZmC/EoehO+K91hYjaEnvTAqWKH1N7KDUjwi+yFylsqs/kp3WeDTDHDnjDaQTQTGJnOZqaOahcCrya14knYfAYzHLAkseVF6tG3gx0RNjBbzZ3v4GkQ9Ox4cEsZbXH13EFFGnR4Nh1rgGmWkbVPU6iI= + - secure: vCknjA6iPf6KLVx+bJUC2gIT/upfq1Q2bb0Qslvy7ULeoha8l1p4+Ir3rJyuyDt6I6jdum52gV2PvnuVE9w5K3yW9QUh+2Oy7rumsnKh4WO6ksDxVqaK2sVpiFxvUwvOIGOw/MfP2rhcDm+xk8mf/3xsf9fG7NlPmxy6tYreFURkqpEoaPQxUdaLaFqS9vWLyyNQLTwLhASQZ+9bUIXhwTjobZjMXB5GHxkIi3gsk5aUy5UwXpK47edFhXU7K8pSwpzI+Txf1zjPzzFDzqjATrW4BufZvpTEligSZWm/T5RF55MbGgGF7wA7C4SoTVLSMN1eovNvldSTVByFuDeyqIlYk/PDrVHHDbjHIUms9cRukN5csd3nW9LYYWoXAQr4KVWTLniOnGJqj9R6Dmb+pEbPdpwOfa89dH/zkCbGX2RZQkmIbpqjs5x0Bvqjdf8+Qakode1cWWW24SPDEpQ2A7O1AhGj4eYb6XbeQSRBLK0h9lWG8hfb7jcn0mE2GIVCv7P7gaLaJlZ8ZytjWMES5ON6bBhipf0OnbqVEh0tdMdCXhoI5/5dudtho6JyX6LqXDFFccmRHjmkI/84Fopd22gvikjn3zGdo2fkJGRIbu8roaDhgybhO3fp9Jixh62du7bIkiDiQWRu0qu/OA27xEb37D2IKZGnuO8Zk5pxPow= notifications: email: - Kevin.Fox@pnnl.gov diff --git a/containers/build b/containers/build index 653321c..c03baf6 100755 --- a/containers/build +++ b/containers/build @@ -14,9 +14,19 @@ if [ "x$IMAGE_NAME" == "x" ]; then export IMAGE_NAME="${DOCKER_REPO}:${DOCKER_TAG}" fi +if [ "x$GPGSIGN" != "x" ]; then + [ ! -f rpm.pub ] && cp -a ../../rpm.pub . + [ ! -f rpmmacros ] && cp -a ../rpmmacros . + export GPGKEY=$(pwd)/../../rpm.priv +fi + hubbuildtools/hubhookhelpers/build RES=$? +if [ "x$GPGSIGN" != "x" ]; then +rm -f "$GPGKEY" || true +fi + if [ $RES -eq 1 ]; then echo Nothing changed. Skipping. exit 0 diff --git a/containers/rpmmacros b/containers/rpmmacros new file mode 100644 index 0000000..c41474f --- /dev/null +++ b/containers/rpmmacros @@ -0,0 +1,3 @@ +%_signature gpg +%_gpg_name MISCSCRIPTS Packages +%_gpgbin /usr/bin/gpg diff --git a/containers/rpms-containerd/Dockerfile b/containers/rpms-containerd/Dockerfile index 5d9ea3c..a6e1547 100644 --- a/containers/rpms-containerd/Dockerfile +++ b/containers/rpms-containerd/Dockerfile @@ -1,21 +1,28 @@ +# syntax = docker/dockerfile:1.0-experimental FROM centos:centos7 MAINTAINER Kevin Fox ENV VERSION=1.2.5 ADD containerd.spec /root/rpmbuild/SOURCES/containerd.spec +ADD rpm.pub /rpms/repodata/RPM-GPG-KEY +ADD rpmmacros /root/.rpmmacros -RUN \ +RUN --mount=type=secret,id=gpg \ set -x && \ cd / && \ - yum install -y rpm-build cpio createrepo && \ - mkdir -p rpms/ && \ + yum install -y rpm-build cpio createrepo gnupg2 && \ curl -o /root/rpmbuild/SOURCES/containerd.tar.gz "https://storage.googleapis.com/cri-containerd-release/cri-containerd-$VERSION.linux-amd64.tar.gz" && \ sed -i "s/^\(Version:\).*$/\1 $VERSION/" /root/rpmbuild/SOURCES/containerd.spec && \ cat /root/rpmbuild/SOURCES/containerd.spec && \ rpmbuild -ba /root/rpmbuild/SOURCES/containerd.spec && \ mv ~/rpmbuild/RPMS/x86_64/* rpms/ && \ + gpg --import /run/secrets/gpg && \ + gpg --import /rpms/repodata/RPM-GPG-KEY && \ + rpm --addsign $(find rpms -type f -name '*.rpm') && \ createrepo rpms && \ + gpg --detach-sign --armor rpms/repodata/repomd.xml && \ + rm -rf ~/.gnupg && \ mkdir tmp1 && \ pushd tmp1 && \ tar -xvf ~/rpmbuild/SOURCES/containerd.tar.gz && \ diff --git a/containers/rpms-containerd/buildenv b/containers/rpms-containerd/buildenv index e509a12..074c324 100644 --- a/containers/rpms-containerd/buildenv +++ b/containers/rpms-containerd/buildenv @@ -1,2 +1,4 @@ export AUTO_PREFIX=rpmrepo-version export AUTO_PREFIX_PACKAGE=containerd +export DOCKER_BUILDKIT=1 +export GPGSIGN=1 diff --git a/containers/rpms-kubernetes/buildenv b/containers/rpms-kubernetes/buildenv index 5ba4137..3193165 100644 --- a/containers/rpms-kubernetes/buildenv +++ b/containers/rpms-kubernetes/buildenv @@ -1,3 +1,4 @@ export AUTO_PREFIX=rpmrepo-version export AUTO_PREFIX_PACKAGE=kubelet export DOCKER_TAG=$SUBBUILD +export DOCKER_BUILDKIT=1 diff --git a/containers/rpms-node-base/Dockerfile b/containers/rpms-node-base/Dockerfile index d5ef43f..beac7a4 100644 --- a/containers/rpms-node-base/Dockerfile +++ b/containers/rpms-node-base/Dockerfile @@ -4,13 +4,15 @@ MAINTAINER Kevin Fox RUN \ cd / && \ set -e && \ - yum install -y createrepo && \ + yum install -y createrepo yum-utils && \ mkdir -p rpms/ && \ yumdownloader --resolv --installroot=/tmp/root --releasever=/ \ --destdir rpms --setopt cachedir=/tmp/cache \ @Base @Core kernel grub2 docker e2fsprogs container-selinux nspr \ nss-util openssh-server openssh iptables-services nfs-utils && \ createrepo rpms + reposync --gpgcheck -l --repoid=base --downloadcomps -u > /dev/null && \ + mv base/comps.xml rpms/repodata FROM scratch COPY --from=0 /rpms /data diff --git a/containers/rpms-node-base/buildenv b/containers/rpms-node-base/buildenv index 0ad171d..69446b8 100644 --- a/containers/rpms-node-base/buildenv +++ b/containers/rpms-node-base/buildenv @@ -1,3 +1,4 @@ export AUTO_PREFIX=rpmrepo-version-release export AUTO_PREFIX_PACKAGE=centos-release export AUTO_PREFIX_FILTER='cut -d . -f 1 | tr '-' .' +export DOCKER_BUILDKIT=1 diff --git a/containers/rpms-openvswitch/buildenv b/containers/rpms-openvswitch/buildenv index 8d79192..b5f4b6a 100644 --- a/containers/rpms-openvswitch/buildenv +++ b/containers/rpms-openvswitch/buildenv @@ -1,2 +1,3 @@ export AUTO_PREFIX=rpmrepo-version export AUTO_PREFIX_PACKAGE=openvswitch +export DOCKER_BUILDKIT=1 diff --git a/rpm.priv.enc b/rpm.priv.enc new file mode 100644 index 0000000000000000000000000000000000000000..7b82bb64f7d4db8050f27b5118888191c92bf698 GIT binary patch literal 1280 zcmV+b1^@bPa}N+=5zjLovU{n+JpIKUR9%cReYTebep~1*>V6q28r=!1<*2z>42KSx zF~*uK0*oXosvSCF9dI+h*MPw|-5lP_-H6np&(DxNQsbDpx1+j~-8~ek`gLIZl5#vc zgK55I)!CyoR9H(~{!U_7XA!$+ovjI;XY%u`vbivE|0+|-YYg9t;Mw8Nais8YTZO|E zeDA8w4+9A8s<`F+Yr!(Sk=%C@gDJ(95IUDN>VWw2v_1eFP01`DQ=Kg8txcLZ5KB!- z?&;*LR@PvMBi{AH@btY&-XNNVrA!PP6FY#x5mn8Ylqb9JI$E+;y`Xlwcn(|$>waf? zB;H8JT6y&ber>yA0#_+YP-@>k+h=?xsVlG`4fL5S_yZU#hW=qb>A?mq=~oQ`Y3trI zGZAMYU6!>tlrJMLlA({b=ldcT?Tz>i#kc04wi_ACuXSd}IvGC`Y+%rc8eQM0xrAx& z$BXA91)7x1lZt~rb!>99qd2%x;q}ue@wmcehp;%vknfb9Vgi#iOh@$!Hxf8!mbo0^b>74b3HtFFE03HDKVlM4E1i z2K$xYJy<5)JVfod&eqQ*MCo7TGjr4!lyDevu+q}1uW*~<4~aoyUM%*soivqflTuyZ z)j)4O7u;LH>XMXXmB$xk+#dD;Mg@i_J7TtGWwUQ|2?&kucUEkFePe@gu2L-m^j@~_ zsMML?ipDP~+R-?`ep`dpdQWU)6o^#<$(j43vqzDZJ094~@g(`~&z3@8>9;LG(!RR> zorF<91}-(lOt-`_w0$Oh^X3%mIOsvaeG|~s4-#KdqT*oZNk2J*O$0&E7G-hPNAn-G zZWJldf0jH&W8OP@FQ6waR`B-Nq$QU)^vPR-9-G4Y!HbtsG#Ns}%T?sF=^=PiRKfk5 z-F(!3@*RY&w*@Eaf0w~Zrr#tvLe@20_hzQMF%H?=zX7HbQb@c%Yv+dC!wG6QOp2Ey)iC z;XQzg>YMRwkS9R>D%5FLYwrZMIJNDer1AZFm~LnkH#axuG8K_muMo?QgD?7u{Wj{I zwD^du7|ht!;%ijUYz>}}97{y&+$-OCORaAw2Z;z4F8^wJtCBM^sVd+z96u*FW2iq` zr9y)7pF672%}GNPnnLSlHuY^1Go}V~cC94}gs!=#{wBu~n?IuK-i-AG2ppk=4stHO ziVREBhI!F8bTaDrvlw{~HHl+?PkjQ^kUbi7Cyd0doV(cTW+z`MH+Rx Date: Fri, 5 Apr 2019 11:52:43 -0700 Subject: [PATCH 058/331] Build just released containerd. Travis's instructions for upgrading docker are broken. Try another way. --- .travis.yml | 6 ++---- containers/rpms-containerd/Dockerfile | 2 +- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/.travis.yml b/.travis.yml index f7555da..63de46e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,10 +14,8 @@ jobs: script: ./containers/build debug-toolbox - stage: build before_install: &upgradedocker - - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - - - sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" - - sudo apt-get update - - sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce + - curl -fsSL https://get.docker.com -o get-docker.sh + - sudo sh get-docker.sh - openssl aes-256-cbc -K $encrypted_94b98ec18b77_key -iv $encrypted_94b98ec18b77_iv -in rpm.priv.enc -out rpm.priv -d language: shell name: Build rpms-containerd container diff --git a/containers/rpms-containerd/Dockerfile b/containers/rpms-containerd/Dockerfile index a6e1547..c7da2bd 100644 --- a/containers/rpms-containerd/Dockerfile +++ b/containers/rpms-containerd/Dockerfile @@ -2,7 +2,7 @@ FROM centos:centos7 MAINTAINER Kevin Fox -ENV VERSION=1.2.5 +ENV VERSION=1.2.6 ADD containerd.spec /root/rpmbuild/SOURCES/containerd.spec ADD rpm.pub /rpms/repodata/RPM-GPG-KEY From b42b72ed2363b0cd01d7eea91e71d21a673551e4 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 5 Apr 2019 12:02:17 -0700 Subject: [PATCH 059/331] Switch to xenial --- .travis.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.travis.yml b/.travis.yml index 63de46e..8ee2d32 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,14 +1,17 @@ jobs: include: - stage: build + dist: xenial language: shell name: Build ipmitool container script: ./containers/build ipmitool - stage: build + dist: xenial language: shell name: Build dhcpd container script: ./containers/build dhcpd - stage: build + dist: xenial language: shell name: Build debug-toolbox container script: ./containers/build debug-toolbox @@ -17,16 +20,19 @@ jobs: - curl -fsSL https://get.docker.com -o get-docker.sh - sudo sh get-docker.sh - openssl aes-256-cbc -K $encrypted_94b98ec18b77_key -iv $encrypted_94b98ec18b77_iv -in rpm.priv.enc -out rpm.priv -d + dist: xenial language: shell name: Build rpms-containerd container script: ./containers/build rpms-containerd - stage: build before_install: *upgradedocker + dist: xenial language: shell name: Build rpms-node-base container script: ./containers/build rpms-node-base - stage: build before_install: *upgradedocker + dist: xenial language: shell name: Build rpms-openvswitch container script: ./containers/build rpms-openvswitch @@ -37,22 +43,27 @@ jobs: script: ./containers/build rpms-kubernetes 1.13 - stage: build before_install: *upgradedocker + dist: xenial language: shell name: Build rpms-kubernetes container 1.14 script: ./containers/build rpms-kubernetes 1.14 - stage: build + dist: xenial language: shell name: Build anaconda container script: ./containers/build anaconda - stage: build-nginx + dist: xenial language: shell name: Build anaconda+nginx container script: ./containers/build anaconda-nginx - stage: build-image-library-charts + dist: xenial language: shell name: Build image library charts script: ./charts/image-library-charts/buildall - stage: build-charts + dist: xenial language: shell name: Build charts script: ./charts/charts/buildall From 7df246a9d3f4e7c7c07f05c7e185c4240b32007a Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 5 Apr 2019 12:06:37 -0700 Subject: [PATCH 060/331] Remove docker upgrade. --- .travis.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 8ee2d32..8cc716d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -17,8 +17,6 @@ jobs: script: ./containers/build debug-toolbox - stage: build before_install: &upgradedocker - - curl -fsSL https://get.docker.com -o get-docker.sh - - sudo sh get-docker.sh - openssl aes-256-cbc -K $encrypted_94b98ec18b77_key -iv $encrypted_94b98ec18b77_iv -in rpm.priv.enc -out rpm.priv -d dist: xenial language: shell From 4e9e7921a3bd1cb3a562028a29c796ae5fbe1cb1 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 5 Apr 2019 12:11:31 -0700 Subject: [PATCH 061/331] Docker is too old still. revert to recommended upgrade script. --- .travis.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.travis.yml b/.travis.yml index 8cc716d..0b7de68 100644 --- a/.travis.yml +++ b/.travis.yml @@ -17,6 +17,10 @@ jobs: script: ./containers/build debug-toolbox - stage: build before_install: &upgradedocker + - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - + - sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" + - sudo apt-get update + - sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce - openssl aes-256-cbc -K $encrypted_94b98ec18b77_key -iv $encrypted_94b98ec18b77_iv -in rpm.priv.enc -out rpm.priv -d dist: xenial language: shell From 900e2715c95295800511497740a1f232a76dc81e Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 5 Apr 2019 12:18:37 -0700 Subject: [PATCH 062/331] cri-containerd 1.2.6 is not released yet --- containers/rpms-containerd/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/rpms-containerd/Dockerfile b/containers/rpms-containerd/Dockerfile index c7da2bd..a6e1547 100644 --- a/containers/rpms-containerd/Dockerfile +++ b/containers/rpms-containerd/Dockerfile @@ -2,7 +2,7 @@ FROM centos:centos7 MAINTAINER Kevin Fox -ENV VERSION=1.2.6 +ENV VERSION=1.2.5 ADD containerd.spec /root/rpmbuild/SOURCES/containerd.spec ADD rpm.pub /rpms/repodata/RPM-GPG-KEY From f42abf287b7a337d3d6ee26355a76ebe0ecd5067 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 5 Apr 2019 12:40:16 -0700 Subject: [PATCH 063/331] Debug public key --- containers/rpms-containerd/Dockerfile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/containers/rpms-containerd/Dockerfile b/containers/rpms-containerd/Dockerfile index a6e1547..78df391 100644 --- a/containers/rpms-containerd/Dockerfile +++ b/containers/rpms-containerd/Dockerfile @@ -18,7 +18,10 @@ RUN --mount=type=secret,id=gpg \ rpmbuild -ba /root/rpmbuild/SOURCES/containerd.spec && \ mv ~/rpmbuild/RPMS/x86_64/* rpms/ && \ gpg --import /run/secrets/gpg && \ - gpg --import /rpms/repodata/RPM-GPG-KEY && \ + cat /rpms/repodata/RPM-GPG-KEY > /tmp/pubkey.txt && \ + echo Using public key: && \ + cat /tmp/pubkey.txt && \ + gpg --import /tmp/pubkey.txt && \ rpm --addsign $(find rpms -type f -name '*.rpm') && \ createrepo rpms && \ gpg --detach-sign --armor rpms/repodata/repomd.xml && \ From fd318a1f5514b584318c8bcf0341787a7fe56b06 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 5 Apr 2019 13:00:07 -0700 Subject: [PATCH 064/331] Fix public key formatting --- containers/rpms-containerd/Dockerfile | 5 +---- rpm.pub | 5 ++--- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/containers/rpms-containerd/Dockerfile b/containers/rpms-containerd/Dockerfile index 78df391..a6e1547 100644 --- a/containers/rpms-containerd/Dockerfile +++ b/containers/rpms-containerd/Dockerfile @@ -18,10 +18,7 @@ RUN --mount=type=secret,id=gpg \ rpmbuild -ba /root/rpmbuild/SOURCES/containerd.spec && \ mv ~/rpmbuild/RPMS/x86_64/* rpms/ && \ gpg --import /run/secrets/gpg && \ - cat /rpms/repodata/RPM-GPG-KEY > /tmp/pubkey.txt && \ - echo Using public key: && \ - cat /tmp/pubkey.txt && \ - gpg --import /tmp/pubkey.txt && \ + gpg --import /rpms/repodata/RPM-GPG-KEY && \ rpm --addsign $(find rpms -type f -name '*.rpm') && \ createrepo rpms && \ gpg --detach-sign --armor rpms/repodata/repomd.xml && \ diff --git a/rpm.pub b/rpm.pub index be8db4e..a8e6299 100644 --- a/rpm.pub +++ b/rpm.pub @@ -1,6 +1,5 @@ ------BEGIN PGP ARMORED FILE----- +-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.22 (GNU/Linux) -Comment: Use "gpg --dearmor" for unpacking mQENBFynegoBCAC/rgmquYjaCh9KtQOP7CJu1jtr0VtH5CTZhK4WBrXviDbo4aTO Htxh7brq7NqyGEg1y+3j8y3kN9OsbEvj9hwj26MYWWfkgYKwil6VbNK5n/UpjI9/ @@ -17,4 +16,4 @@ X7ey1V1gtcaavnG2JAwPLI+/jlXs4qLf6IFhohabpDYjF1Yd0z1++HB90vb83xOd rJ8F9RaPU5bvAW2k8Lz17/j+Yys4K0NXJUBHVthaxrzCq9NdHrJqAXWjMkCza7pX aSlL =Ev+I ------END PGP ARMORED FILE----- +-----END PGP PUBLIC KEY BLOCK----- From 148162c88aa7e1b541b15c8b64211c61309af16c Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 5 Apr 2019 13:05:32 -0700 Subject: [PATCH 065/331] add missing package --- containers/rpms-containerd/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/rpms-containerd/Dockerfile b/containers/rpms-containerd/Dockerfile index a6e1547..50dd788 100644 --- a/containers/rpms-containerd/Dockerfile +++ b/containers/rpms-containerd/Dockerfile @@ -11,7 +11,7 @@ ADD rpmmacros /root/.rpmmacros RUN --mount=type=secret,id=gpg \ set -x && \ cd / && \ - yum install -y rpm-build cpio createrepo gnupg2 && \ + yum install -y rpm-build cpio createrepo gnupg2 rpm-sign && \ curl -o /root/rpmbuild/SOURCES/containerd.tar.gz "https://storage.googleapis.com/cri-containerd-release/cri-containerd-$VERSION.linux-amd64.tar.gz" && \ sed -i "s/^\(Version:\).*$/\1 $VERSION/" /root/rpmbuild/SOURCES/containerd.spec && \ cat /root/rpmbuild/SOURCES/containerd.spec && \ From 9d7c616f8223c5cda54b9a9bbcf2d20fb2b62e9c Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 5 Apr 2019 13:14:34 -0700 Subject: [PATCH 066/331] repo can't have a mount. --- containers/rpms-containerd/Dockerfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/containers/rpms-containerd/Dockerfile b/containers/rpms-containerd/Dockerfile index 50dd788..48b5407 100644 --- a/containers/rpms-containerd/Dockerfile +++ b/containers/rpms-containerd/Dockerfile @@ -5,7 +5,7 @@ MAINTAINER Kevin Fox ENV VERSION=1.2.5 ADD containerd.spec /root/rpmbuild/SOURCES/containerd.spec -ADD rpm.pub /rpms/repodata/RPM-GPG-KEY +ADD rpm.pub /root/rpm.pub ADD rpmmacros /root/.rpmmacros RUN --mount=type=secret,id=gpg \ @@ -16,13 +16,15 @@ RUN --mount=type=secret,id=gpg \ sed -i "s/^\(Version:\).*$/\1 $VERSION/" /root/rpmbuild/SOURCES/containerd.spec && \ cat /root/rpmbuild/SOURCES/containerd.spec && \ rpmbuild -ba /root/rpmbuild/SOURCES/containerd.spec && \ + mkdir -p rpms && \ mv ~/rpmbuild/RPMS/x86_64/* rpms/ && \ gpg --import /run/secrets/gpg && \ - gpg --import /rpms/repodata/RPM-GPG-KEY && \ + gpg --import /root/rpm.pub && \ rpm --addsign $(find rpms -type f -name '*.rpm') && \ createrepo rpms && \ gpg --detach-sign --armor rpms/repodata/repomd.xml && \ rm -rf ~/.gnupg && \ + cp /root/rpm.pub /rpms/repodata/RPM-GPG-KEY && \ mkdir tmp1 && \ pushd tmp1 && \ tar -xvf ~/rpmbuild/SOURCES/containerd.tar.gz && \ From fb765c0ff08b4f1dc702b9f6d795ed49ef752282 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 5 Apr 2019 14:50:54 -0700 Subject: [PATCH 067/331] Add signing and kick off real first build --- containers/rpms-node-base/Dockerfile | 17 +++++++++++++---- containers/rpms-node-base/buildenv | 2 ++ 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/containers/rpms-node-base/Dockerfile b/containers/rpms-node-base/Dockerfile index beac7a4..140980f 100644 --- a/containers/rpms-node-base/Dockerfile +++ b/containers/rpms-node-base/Dockerfile @@ -1,18 +1,27 @@ FROM centos:centos7 MAINTAINER Kevin Fox -RUN \ +ADD rpm.pub /root/rpm.pub +ADD rpmmacros /root/.rpmmacros + +RUN --mount=type=secret,id=gpg \ cd / && \ set -e && \ - yum install -y createrepo yum-utils && \ + yum install -y createrepo yum-utils gnupg2 rpm-sign && \ mkdir -p rpms/ && \ yumdownloader --resolv --installroot=/tmp/root --releasever=/ \ --destdir rpms --setopt cachedir=/tmp/cache \ @Base @Core kernel grub2 docker e2fsprogs container-selinux nspr \ nss-util openssh-server openssh iptables-services nfs-utils && \ - createrepo rpms + gpg --import /run/secrets/gpg && \ + gpg --import /root/rpm.pub && \ + rpm --addsign $(find rpms -type f -name '*.rpm') && \ + createrepo -g `pwd`/rpms/repodata/comps.xml rpms && \ reposync --gpgcheck -l --repoid=base --downloadcomps -u > /dev/null && \ - mv base/comps.xml rpms/repodata + mv base/comps.xml rpms/repodata && \ + gpg --detach-sign --armor rpms/repodata/repomd.xml && \ + rm -rf ~/.gnupg && \ + cp /root/rpm.pub /rpms/repodata/RPM-GPG-KEY && \ FROM scratch COPY --from=0 /rpms /data diff --git a/containers/rpms-node-base/buildenv b/containers/rpms-node-base/buildenv index 69446b8..a36c895 100644 --- a/containers/rpms-node-base/buildenv +++ b/containers/rpms-node-base/buildenv @@ -2,3 +2,5 @@ export AUTO_PREFIX=rpmrepo-version-release export AUTO_PREFIX_PACKAGE=centos-release export AUTO_PREFIX_FILTER='cut -d . -f 1 | tr '-' .' export DOCKER_BUILDKIT=1 +export GPGSIGN=1 +export NEW_BUILD=1 From 5098c75abaad8369b2a47104bbbafd74a7c622c3 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 5 Apr 2019 14:55:42 -0700 Subject: [PATCH 068/331] Tag file with right image --- containers/rpms-node-base/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/containers/rpms-node-base/Dockerfile b/containers/rpms-node-base/Dockerfile index 140980f..9f7c464 100644 --- a/containers/rpms-node-base/Dockerfile +++ b/containers/rpms-node-base/Dockerfile @@ -1,3 +1,4 @@ +# syntax = docker/dockerfile:1.0-experimental FROM centos:centos7 MAINTAINER Kevin Fox From 112d8d9d4fa9983b27a51535703522f4c909a613 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 5 Apr 2019 15:00:44 -0700 Subject: [PATCH 069/331] Download comps before using it. --- containers/rpms-node-base/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/rpms-node-base/Dockerfile b/containers/rpms-node-base/Dockerfile index 9f7c464..a8c7388 100644 --- a/containers/rpms-node-base/Dockerfile +++ b/containers/rpms-node-base/Dockerfile @@ -17,9 +17,9 @@ RUN --mount=type=secret,id=gpg \ gpg --import /run/secrets/gpg && \ gpg --import /root/rpm.pub && \ rpm --addsign $(find rpms -type f -name '*.rpm') && \ - createrepo -g `pwd`/rpms/repodata/comps.xml rpms && \ reposync --gpgcheck -l --repoid=base --downloadcomps -u > /dev/null && \ mv base/comps.xml rpms/repodata && \ + createrepo -g `pwd`/rpms/repodata/comps.xml rpms && \ gpg --detach-sign --armor rpms/repodata/repomd.xml && \ rm -rf ~/.gnupg && \ cp /root/rpm.pub /rpms/repodata/RPM-GPG-KEY && \ From e93be29c8ce2299c396f2f745de0cecc91a64173 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 5 Apr 2019 15:07:15 -0700 Subject: [PATCH 070/331] Make missing dir --- containers/rpms-node-base/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/containers/rpms-node-base/Dockerfile b/containers/rpms-node-base/Dockerfile index a8c7388..0557fbd 100644 --- a/containers/rpms-node-base/Dockerfile +++ b/containers/rpms-node-base/Dockerfile @@ -18,6 +18,7 @@ RUN --mount=type=secret,id=gpg \ gpg --import /root/rpm.pub && \ rpm --addsign $(find rpms -type f -name '*.rpm') && \ reposync --gpgcheck -l --repoid=base --downloadcomps -u > /dev/null && \ + mkdir -p rpms/repodata && \ mv base/comps.xml rpms/repodata && \ createrepo -g `pwd`/rpms/repodata/comps.xml rpms && \ gpg --detach-sign --armor rpms/repodata/repomd.xml && \ From 9ea4fbfda6939eb76c6090c4c99fc9a84c5f3484 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 5 Apr 2019 15:10:36 -0700 Subject: [PATCH 071/331] Fix formatting issue --- containers/rpms-node-base/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/rpms-node-base/Dockerfile b/containers/rpms-node-base/Dockerfile index 0557fbd..7ce86e6 100644 --- a/containers/rpms-node-base/Dockerfile +++ b/containers/rpms-node-base/Dockerfile @@ -23,7 +23,7 @@ RUN --mount=type=secret,id=gpg \ createrepo -g `pwd`/rpms/repodata/comps.xml rpms && \ gpg --detach-sign --armor rpms/repodata/repomd.xml && \ rm -rf ~/.gnupg && \ - cp /root/rpm.pub /rpms/repodata/RPM-GPG-KEY && \ + cp /root/rpm.pub /rpms/repodata/RPM-GPG-KEY FROM scratch COPY --from=0 /rpms /data From 460b65ce27965dc2b50678f98fa5206167d9aa31 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 5 Apr 2019 15:38:50 -0700 Subject: [PATCH 072/331] Remove new build flag --- containers/rpms-node-base/buildenv | 1 - 1 file changed, 1 deletion(-) diff --git a/containers/rpms-node-base/buildenv b/containers/rpms-node-base/buildenv index a36c895..81c5be6 100644 --- a/containers/rpms-node-base/buildenv +++ b/containers/rpms-node-base/buildenv @@ -3,4 +3,3 @@ export AUTO_PREFIX_PACKAGE=centos-release export AUTO_PREFIX_FILTER='cut -d . -f 1 | tr '-' .' export DOCKER_BUILDKIT=1 export GPGSIGN=1 -export NEW_BUILD=1 From 746dca26a8f4d26802b809431271fd6e2629ed1d Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 5 Apr 2019 15:51:29 -0700 Subject: [PATCH 073/331] Sign the rest of the rpm repos. --- containers/rpms-kubernetes/Dockerfile | 16 +++++++++++++--- containers/rpms-kubernetes/buildenv | 2 ++ containers/rpms-openvswitch/Dockerfile | 16 +++++++++++++--- containers/rpms-openvswitch/buildenv | 2 ++ 4 files changed, 30 insertions(+), 6 deletions(-) diff --git a/containers/rpms-kubernetes/Dockerfile b/containers/rpms-kubernetes/Dockerfile index 8e2eed7..29cd01c 100644 --- a/containers/rpms-kubernetes/Dockerfile +++ b/containers/rpms-kubernetes/Dockerfile @@ -1,10 +1,14 @@ +# syntax = docker/dockerfile:1.0-experimental FROM centos:centos7 ARG BACK=1 ARG SUBBUILD=1.13 +ADD rpm.pub /root/rpm.pub +ADD rpmmacros /root/.rpmmacros + ADD kubernetes.repo /etc/yum.repos.d/ -RUN \ - yum install -y createrepo && \ +RUN --mount=type=secret,id=gpg \ + yum install -y createrepo gnupg2 rpm-sign && \ mkdir -p rpms/ && \ VERSION=$(yum --showduplicates list kubelet -q | grep -vi packages | grep -vi rc | grep -vi alpha | grep -vi beta | awk '{print $2}' | awk -F. '{print $2}' | sort -nu | tail -n $BACK | head -n 1) && \ VERSION="$(echo $SUBBUILD | awk -F. '{print $2}')" && \ @@ -14,7 +18,13 @@ RUN \ echo "Picked $FULLVERSION" && \ mkdir -p rpms/ && \ yumdownloader --resolv --destdir rpms "kubelet-$FULLVERSION" "kubeadm-$FULLVERSION" "kubectl-$FULLVERSION" && \ - createrepo rpms + gpg --import /run/secrets/gpg && \ + gpg --import /root/rpm.pub && \ + rpm --addsign $(find rpms -type f -name '*.rpm') && \ + createrepo rpms && \ + gpg --detach-sign --armor rpms/repodata/repomd.xml && \ + rm -rf ~/.gnupg && \ + cp /root/rpm.pub /rpms/repodata/RPM-GPG-KEY FROM scratch COPY --from=0 /rpms /data diff --git a/containers/rpms-kubernetes/buildenv b/containers/rpms-kubernetes/buildenv index 3193165..2de49f3 100644 --- a/containers/rpms-kubernetes/buildenv +++ b/containers/rpms-kubernetes/buildenv @@ -2,3 +2,5 @@ export AUTO_PREFIX=rpmrepo-version export AUTO_PREFIX_PACKAGE=kubelet export DOCKER_TAG=$SUBBUILD export DOCKER_BUILDKIT=1 +export GPGSIGN=1 +export NEW_BUILD=1 diff --git a/containers/rpms-openvswitch/Dockerfile b/containers/rpms-openvswitch/Dockerfile index 2042ea7..c2d98bf 100644 --- a/containers/rpms-openvswitch/Dockerfile +++ b/containers/rpms-openvswitch/Dockerfile @@ -1,14 +1,24 @@ +# syntax = docker/dockerfile:1.0-experimental FROM centos:centos7 MAINTAINER Kevin Fox -RUN \ +ADD rpm.pub /root/rpm.pub +ADD rpmmacros /root/.rpmmacros + +RUN --mount=type=secret,id=gpg \ cd / && \ set -e && \ - yum install -y createrepo && \ + yum install -y createrepo createrepo gnupg2 rpm-sign && \ mkdir -p rpms/ && \ yum install -y centos-release-openstack-rocky createrepo && \ yumdownloader --resolv --destdir rpms openvswitch && \ - createrepo rpms + gpg --import /run/secrets/gpg && \ + gpg --import /root/rpm.pub && \ + rpm --addsign $(find rpms -type f -name '*.rpm') && \ + createrepo rpms && \ + gpg --detach-sign --armor rpms/repodata/repomd.xml && \ + rm -rf ~/.gnupg && \ + cp /root/rpm.pub /rpms/repodata/RPM-GPG-KEY FROM scratch COPY --from=0 /rpms /data diff --git a/containers/rpms-openvswitch/buildenv b/containers/rpms-openvswitch/buildenv index b5f4b6a..0b80de5 100644 --- a/containers/rpms-openvswitch/buildenv +++ b/containers/rpms-openvswitch/buildenv @@ -1,3 +1,5 @@ export AUTO_PREFIX=rpmrepo-version export AUTO_PREFIX_PACKAGE=openvswitch export DOCKER_BUILDKIT=1 +export GPGSIGN=1 +export NEW_BUILD=1 From cedc6b796d2bee3cd9bd1fccada473954ab1dda6 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 5 Apr 2019 15:59:53 -0700 Subject: [PATCH 074/331] fix missing dist flag --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index 0b7de68..4fc5674 100644 --- a/.travis.yml +++ b/.travis.yml @@ -40,6 +40,7 @@ jobs: script: ./containers/build rpms-openvswitch - stage: build before_install: *upgradedocker + dist: xenial language: shell name: Build rpms-kubernetes container 1.13 script: ./containers/build rpms-kubernetes 1.13 From da99516e253946ee6d529f9c9c076385903af737 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 5 Apr 2019 16:10:46 -0700 Subject: [PATCH 075/331] Remove extra new builds. Add k8s node image. --- .travis.yml | 6 ++++++ containers/anaconda-nginx/buildenv | 1 - containers/k8s-node-image/Dockerfile | 27 +++++++++++++++++++++++++++ containers/k8s-node-image/buildenv | 5 +++++ containers/rpms-kubernetes/buildenv | 1 - containers/rpms-openvswitch/buildenv | 1 - 6 files changed, 38 insertions(+), 3 deletions(-) create mode 100644 containers/k8s-node-image/Dockerfile create mode 100644 containers/k8s-node-image/buildenv diff --git a/.travis.yml b/.travis.yml index 4fc5674..e38ec26 100644 --- a/.travis.yml +++ b/.travis.yml @@ -55,6 +55,12 @@ jobs: language: shell name: Build anaconda container script: ./containers/build anaconda + - stage: build-full-image + before_install: *upgradedocker + dist: xenial + language: shell + name: Build full k8s node image + script: ./containers/build k8s-node-image - stage: build-nginx dist: xenial language: shell diff --git a/containers/anaconda-nginx/buildenv b/containers/anaconda-nginx/buildenv index 6f364b2..7adaf3b 100644 --- a/containers/anaconda-nginx/buildenv +++ b/containers/anaconda-nginx/buildenv @@ -3,4 +3,3 @@ export AUTO_PREFIX_FILE=/data/CentOS_BuildTag export AUTO_PREFIX_FILTER='sed "s/$/-nginx/g"' export DOCKER_REPO=pnnlmiscscripts/anaconda export DOCKER_TAG=latest-nginx -export NEW_BUILD=1 diff --git a/containers/k8s-node-image/Dockerfile b/containers/k8s-node-image/Dockerfile new file mode 100644 index 0000000..523e925 --- /dev/null +++ b/containers/k8s-node-image/Dockerfile @@ -0,0 +1,27 @@ +# syntax = docker/dockerfile:1.0-experimental +ARG SUBBUILD=1.13 +FROM pnnlmiscscripts/rpms-node-base:latest +FROM pnnlmiscscripts/rpms-containerd:latest +FROM pnnlmiscscripts/rpms-openvswitch:latest +FROM pnnlmiscscripts/rpms-kubernetes:$SUBBUILD + +FROM centos:centos7 +COPY --from=0 /data /data +COPY --from=1 /data /data/containerd +COPY --from=2 /data /data/openvswitch +COPY --from=3 /data /data/kubernetes +ADD rpm.pub /root/rpm.pub +RUN --mount=type=secret,id=gpg \ + yum install -y createrepo yum-utils gnupg2 && \ + createrepo -g /data/repodata/comps.xml /data && \ + gpg --import /run/secrets/gpg && \ + gpg --import /root/rpm.pub && \ + gpg --detach-sign --armor rpms/repodata/repomd.xml && \ + rm -rf ~/.gnupg + +FROM pnnlmiscscripts/rpms-node-base:latest +COPY --from=1 /data /data/containerd +COPY --from=2 /data /data/openvswitch +COPY --from=3 /data /data/kubernetes +COPY --from=4 /data /data + diff --git a/containers/k8s-node-image/buildenv b/containers/k8s-node-image/buildenv new file mode 100644 index 0000000..137156b --- /dev/null +++ b/containers/k8s-node-image/buildenv @@ -0,0 +1,5 @@ +export AUTO_PREFIX=rpmrepo-version +export AUTO_PREFIX_PACKAGE=kubelet +export DOCKER_TAG=$SUBBUILD +export GPGSIGN=1 +export NEW_BUILD=1 diff --git a/containers/rpms-kubernetes/buildenv b/containers/rpms-kubernetes/buildenv index 2de49f3..40b9679 100644 --- a/containers/rpms-kubernetes/buildenv +++ b/containers/rpms-kubernetes/buildenv @@ -3,4 +3,3 @@ export AUTO_PREFIX_PACKAGE=kubelet export DOCKER_TAG=$SUBBUILD export DOCKER_BUILDKIT=1 export GPGSIGN=1 -export NEW_BUILD=1 diff --git a/containers/rpms-openvswitch/buildenv b/containers/rpms-openvswitch/buildenv index 0b80de5..3d4b6ce 100644 --- a/containers/rpms-openvswitch/buildenv +++ b/containers/rpms-openvswitch/buildenv @@ -2,4 +2,3 @@ export AUTO_PREFIX=rpmrepo-version export AUTO_PREFIX_PACKAGE=openvswitch export DOCKER_BUILDKIT=1 export GPGSIGN=1 -export NEW_BUILD=1 From ec9efe6eaeba69cc93c680a4db0262d24a7c41a3 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 5 Apr 2019 16:25:32 -0700 Subject: [PATCH 076/331] Add missing buildkit flag --- containers/k8s-node-image/buildenv | 1 + 1 file changed, 1 insertion(+) diff --git a/containers/k8s-node-image/buildenv b/containers/k8s-node-image/buildenv index 137156b..2de49f3 100644 --- a/containers/k8s-node-image/buildenv +++ b/containers/k8s-node-image/buildenv @@ -1,5 +1,6 @@ export AUTO_PREFIX=rpmrepo-version export AUTO_PREFIX_PACKAGE=kubelet export DOCKER_TAG=$SUBBUILD +export DOCKER_BUILDKIT=1 export GPGSIGN=1 export NEW_BUILD=1 From cd16d93fc7624c22fa683f5a74f52c1dcc8dbe8e Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 5 Apr 2019 16:38:12 -0700 Subject: [PATCH 077/331] Fix missing comps file. Add nginx containers. --- containers/k8s-node-image-nginx/Dockerfile | 6 ++++++ containers/k8s-node-image-nginx/buildenv | 7 +++++++ containers/k8s-node-image/Dockerfile | 2 ++ 3 files changed, 15 insertions(+) create mode 100644 containers/k8s-node-image-nginx/Dockerfile create mode 100644 containers/k8s-node-image-nginx/buildenv diff --git a/containers/k8s-node-image-nginx/Dockerfile b/containers/k8s-node-image-nginx/Dockerfile new file mode 100644 index 0000000..6c4c5cf --- /dev/null +++ b/containers/k8s-node-image-nginx/Dockerfile @@ -0,0 +1,6 @@ +ARG SUBBUILD=1.13 +FROM nginx:stable-alpine + +FROM pnnlmiscscripts/k8s-node-image:$SUBBUILD +COPY --from=0 / / +RUN echo "server {autoindex off; server_name localhost; location ~ ^/$ {return 200;} location ~ ^.*/$ {return 404;} location / { root /data; default_type application/octet-stream; add_header Content-Disposition 'attachment'; types {}}}" > /etc/nginx/conf.d/default.conf diff --git a/containers/k8s-node-image-nginx/buildenv b/containers/k8s-node-image-nginx/buildenv new file mode 100644 index 0000000..fb39ccc --- /dev/null +++ b/containers/k8s-node-image-nginx/buildenv @@ -0,0 +1,7 @@ +export AUTO_PREFIX=rpmrepo-version +export AUTO_PREFIX_PACKAGE=kubelet +export DOCKER_TAG=$SUBBUILD +export AUTO_PREFIX_FILTER='sed "s/$/-nginx/g"' +export DOCKER_REPO=pnnlmiscscripts/k8s-node-image +export DOCKER_TAG=latest-nginx +export NEW_BUILD=1 diff --git a/containers/k8s-node-image/Dockerfile b/containers/k8s-node-image/Dockerfile index 523e925..5abb4c7 100644 --- a/containers/k8s-node-image/Dockerfile +++ b/containers/k8s-node-image/Dockerfile @@ -12,7 +12,9 @@ COPY --from=2 /data /data/openvswitch COPY --from=3 /data /data/kubernetes ADD rpm.pub /root/rpm.pub RUN --mount=type=secret,id=gpg \ + yum install -y epel-release && \ yum install -y createrepo yum-utils gnupg2 && \ + zcat /data/repodata/*comps.xml.gz > /data/repodata/comps.xml && \ createrepo -g /data/repodata/comps.xml /data && \ gpg --import /run/secrets/gpg && \ gpg --import /root/rpm.pub && \ From 78e517791b9762e319d3c0a0f85c1761746c0166 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 5 Apr 2019 16:39:33 -0700 Subject: [PATCH 078/331] And actually git add the travis changes --- .travis.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.travis.yml b/.travis.yml index e38ec26..b4d6bdd 100644 --- a/.travis.yml +++ b/.travis.yml @@ -66,6 +66,11 @@ jobs: language: shell name: Build anaconda+nginx container script: ./containers/build anaconda-nginx + - stage: build-nginx + dist: xenial + language: shell + name: Build k8s-node-image+nginx container + script: ./containers/build k8s-node-image-nginx - stage: build-image-library-charts dist: xenial language: shell From ee9c0de250c4942e6b5453d6c85153e1e3c5394f Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 5 Apr 2019 16:42:11 -0700 Subject: [PATCH 079/331] Fix path --- containers/k8s-node-image/Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/containers/k8s-node-image/Dockerfile b/containers/k8s-node-image/Dockerfile index 5abb4c7..fda8166 100644 --- a/containers/k8s-node-image/Dockerfile +++ b/containers/k8s-node-image/Dockerfile @@ -12,13 +12,12 @@ COPY --from=2 /data /data/openvswitch COPY --from=3 /data /data/kubernetes ADD rpm.pub /root/rpm.pub RUN --mount=type=secret,id=gpg \ - yum install -y epel-release && \ yum install -y createrepo yum-utils gnupg2 && \ zcat /data/repodata/*comps.xml.gz > /data/repodata/comps.xml && \ createrepo -g /data/repodata/comps.xml /data && \ gpg --import /run/secrets/gpg && \ gpg --import /root/rpm.pub && \ - gpg --detach-sign --armor rpms/repodata/repomd.xml && \ + gpg --detach-sign --armor /data/repodata/repomd.xml && \ rm -rf ~/.gnupg FROM pnnlmiscscripts/rpms-node-base:latest From c699ab89d4a1c41bd59dfb765f04c6e88b775379 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 5 Apr 2019 16:56:12 -0700 Subject: [PATCH 080/331] No time to fix k8s image issues today. Disabling for now. --- .travis.yml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/.travis.yml b/.travis.yml index b4d6bdd..95052ad 100644 --- a/.travis.yml +++ b/.travis.yml @@ -55,22 +55,22 @@ jobs: language: shell name: Build anaconda container script: ./containers/build anaconda - - stage: build-full-image - before_install: *upgradedocker - dist: xenial - language: shell - name: Build full k8s node image - script: ./containers/build k8s-node-image +# - stage: build-full-image +# before_install: *upgradedocker +# dist: xenial +# language: shell +# name: Build full k8s node image +# script: ./containers/build k8s-node-image - stage: build-nginx dist: xenial language: shell name: Build anaconda+nginx container script: ./containers/build anaconda-nginx - - stage: build-nginx - dist: xenial - language: shell - name: Build k8s-node-image+nginx container - script: ./containers/build k8s-node-image-nginx +# - stage: build-nginx +# dist: xenial +# language: shell +# name: Build k8s-node-image+nginx container +# script: ./containers/build k8s-node-image-nginx - stage: build-image-library-charts dist: xenial language: shell From f31a1600df91574d64520702d1839f68468fa759 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 8 Apr 2019 09:10:48 -0700 Subject: [PATCH 081/331] Reenable node image --- .travis.yml | 12 ++++++------ containers/k8s-node-image/Dockerfile | 3 ++- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/.travis.yml b/.travis.yml index 95052ad..3155160 100644 --- a/.travis.yml +++ b/.travis.yml @@ -55,12 +55,12 @@ jobs: language: shell name: Build anaconda container script: ./containers/build anaconda -# - stage: build-full-image -# before_install: *upgradedocker -# dist: xenial -# language: shell -# name: Build full k8s node image -# script: ./containers/build k8s-node-image + - stage: build-full-image + before_install: *upgradedocker + dist: xenial + language: shell + name: Build full k8s node image + script: ./containers/build k8s-node-image - stage: build-nginx dist: xenial language: shell diff --git a/containers/k8s-node-image/Dockerfile b/containers/k8s-node-image/Dockerfile index fda8166..b221aaf 100644 --- a/containers/k8s-node-image/Dockerfile +++ b/containers/k8s-node-image/Dockerfile @@ -18,7 +18,8 @@ RUN --mount=type=secret,id=gpg \ gpg --import /run/secrets/gpg && \ gpg --import /root/rpm.pub && \ gpg --detach-sign --armor /data/repodata/repomd.xml && \ - rm -rf ~/.gnupg + rm -rf ~/.gnupg && \ + echo Done building repo. FROM pnnlmiscscripts/rpms-node-base:latest COPY --from=1 /data /data/containerd From f9bfb30b6663a3c7bf06e207d5a7f206ebd419b2 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 8 Apr 2019 09:19:09 -0700 Subject: [PATCH 082/331] Copy only repodata over --- containers/k8s-node-image/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/k8s-node-image/Dockerfile b/containers/k8s-node-image/Dockerfile index b221aaf..4a3b104 100644 --- a/containers/k8s-node-image/Dockerfile +++ b/containers/k8s-node-image/Dockerfile @@ -25,5 +25,5 @@ FROM pnnlmiscscripts/rpms-node-base:latest COPY --from=1 /data /data/containerd COPY --from=2 /data /data/openvswitch COPY --from=3 /data /data/kubernetes -COPY --from=4 /data /data +COPY --from=4 /data/repodata /data/repodata From 9d7a85e2d64c796e52ffc488b497cd83062c4317 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 8 Apr 2019 09:27:30 -0700 Subject: [PATCH 083/331] Add debugging info --- containers/k8s-node-image/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/containers/k8s-node-image/Dockerfile b/containers/k8s-node-image/Dockerfile index 4a3b104..eb9a11f 100644 --- a/containers/k8s-node-image/Dockerfile +++ b/containers/k8s-node-image/Dockerfile @@ -14,6 +14,7 @@ ADD rpm.pub /root/rpm.pub RUN --mount=type=secret,id=gpg \ yum install -y createrepo yum-utils gnupg2 && \ zcat /data/repodata/*comps.xml.gz > /data/repodata/comps.xml && \ + mount && \ createrepo -g /data/repodata/comps.xml /data && \ gpg --import /run/secrets/gpg && \ gpg --import /root/rpm.pub && \ From 4360cd896717d59af90d1ef727cd022efd40320f Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 8 Apr 2019 09:37:41 -0700 Subject: [PATCH 084/331] Try this workaround for repodata issue. --- containers/k8s-node-image/Dockerfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/containers/k8s-node-image/Dockerfile b/containers/k8s-node-image/Dockerfile index eb9a11f..5076589 100644 --- a/containers/k8s-node-image/Dockerfile +++ b/containers/k8s-node-image/Dockerfile @@ -6,7 +6,7 @@ FROM pnnlmiscscripts/rpms-openvswitch:latest FROM pnnlmiscscripts/rpms-kubernetes:$SUBBUILD FROM centos:centos7 -COPY --from=0 /data /data +COPY --from=0 /data /rpmdata COPY --from=1 /data /data/containerd COPY --from=2 /data /data/openvswitch COPY --from=3 /data /data/kubernetes @@ -14,7 +14,9 @@ ADD rpm.pub /root/rpm.pub RUN --mount=type=secret,id=gpg \ yum install -y createrepo yum-utils gnupg2 && \ zcat /data/repodata/*comps.xml.gz > /data/repodata/comps.xml && \ - mount && \ + cp -a /rpmdata/*.rpm /data && \ + mkdir -p /data/repodata && \ + cp -a /rpmdata/repodata/comps.xml /data/repodata/ && \ createrepo -g /data/repodata/comps.xml /data && \ gpg --import /run/secrets/gpg && \ gpg --import /root/rpm.pub && \ From 060943342d2eb9ab022e215c4aff529eba3a0d9d Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 8 Apr 2019 09:42:31 -0700 Subject: [PATCH 085/331] Read from the right place --- containers/k8s-node-image/Dockerfile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/containers/k8s-node-image/Dockerfile b/containers/k8s-node-image/Dockerfile index 5076589..0c42cd0 100644 --- a/containers/k8s-node-image/Dockerfile +++ b/containers/k8s-node-image/Dockerfile @@ -13,10 +13,9 @@ COPY --from=3 /data /data/kubernetes ADD rpm.pub /root/rpm.pub RUN --mount=type=secret,id=gpg \ yum install -y createrepo yum-utils gnupg2 && \ - zcat /data/repodata/*comps.xml.gz > /data/repodata/comps.xml && \ - cp -a /rpmdata/*.rpm /data && \ mkdir -p /data/repodata && \ - cp -a /rpmdata/repodata/comps.xml /data/repodata/ && \ + zcat /rpmdata/repodata/*comps.xml.gz > /data/repodata/comps.xml && \ + cp -a /rpmdata/*.rpm /data && \ createrepo -g /data/repodata/comps.xml /data && \ gpg --import /run/secrets/gpg && \ gpg --import /root/rpm.pub && \ From 5247143e07fee1389448f51767f79c4e78c11e85 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 8 Apr 2019 10:49:38 -0700 Subject: [PATCH 086/331] Add debugging option --- containers/build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/build b/containers/build index c03baf6..88dea0e 100755 --- a/containers/build +++ b/containers/build @@ -20,7 +20,7 @@ if [ "x$GPGSIGN" != "x" ]; then export GPGKEY=$(pwd)/../../rpm.priv fi -hubbuildtools/hubhookhelpers/build +bash -x hubbuildtools/hubhookhelpers/build RES=$? if [ "x$GPGSIGN" != "x" ]; then From 9c0b81205e299ac4841c7b6be996913f0d0113ca Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 8 Apr 2019 11:11:25 -0700 Subject: [PATCH 087/331] Fix missing subbuild --- .travis.yml | 8 ++++---- containers/build | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.travis.yml b/.travis.yml index 3155160..1012129 100644 --- a/.travis.yml +++ b/.travis.yml @@ -59,8 +59,8 @@ jobs: before_install: *upgradedocker dist: xenial language: shell - name: Build full k8s node image - script: ./containers/build k8s-node-image + name: Build full k8s node image 1.14 + script: ./containers/build k8s-node-image 1.14 - stage: build-nginx dist: xenial language: shell @@ -69,8 +69,8 @@ jobs: # - stage: build-nginx # dist: xenial # language: shell -# name: Build k8s-node-image+nginx container -# script: ./containers/build k8s-node-image-nginx +# name: Build k8s-node-image+nginx container 1.14 +# script: ./containers/build k8s-node-image-nginx 1.14 - stage: build-image-library-charts dist: xenial language: shell diff --git a/containers/build b/containers/build index 88dea0e..c03baf6 100755 --- a/containers/build +++ b/containers/build @@ -20,7 +20,7 @@ if [ "x$GPGSIGN" != "x" ]; then export GPGKEY=$(pwd)/../../rpm.priv fi -bash -x hubbuildtools/hubhookhelpers/build +hubbuildtools/hubhookhelpers/build RES=$? if [ "x$GPGSIGN" != "x" ]; then From 89c4ac8bc27d52450a5d92cfea9877ed60dda016 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 8 Apr 2019 11:21:12 -0700 Subject: [PATCH 088/331] Reorder containers for slightly better caching. Bump containerd back up to 1.2.6 now that it is available. --- containers/k8s-node-image/Dockerfile | 2 +- containers/rpms-containerd/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/containers/k8s-node-image/Dockerfile b/containers/k8s-node-image/Dockerfile index 0c42cd0..5de9712 100644 --- a/containers/k8s-node-image/Dockerfile +++ b/containers/k8s-node-image/Dockerfile @@ -24,8 +24,8 @@ RUN --mount=type=secret,id=gpg \ echo Done building repo. FROM pnnlmiscscripts/rpms-node-base:latest -COPY --from=1 /data /data/containerd COPY --from=2 /data /data/openvswitch +COPY --from=1 /data /data/containerd COPY --from=3 /data /data/kubernetes COPY --from=4 /data/repodata /data/repodata diff --git a/containers/rpms-containerd/Dockerfile b/containers/rpms-containerd/Dockerfile index 48b5407..c2ae57e 100644 --- a/containers/rpms-containerd/Dockerfile +++ b/containers/rpms-containerd/Dockerfile @@ -2,7 +2,7 @@ FROM centos:centos7 MAINTAINER Kevin Fox -ENV VERSION=1.2.5 +ENV VERSION=1.2.6 ADD containerd.spec /root/rpmbuild/SOURCES/containerd.spec ADD rpm.pub /root/rpm.pub From 2207feac86f4f6b7cbcefee2722b3b0b7033cc55 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 8 Apr 2019 11:22:05 -0700 Subject: [PATCH 089/331] Build 1.13 image and nginx images --- .travis.yml | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/.travis.yml b/.travis.yml index 1012129..2b28aef 100644 --- a/.travis.yml +++ b/.travis.yml @@ -55,6 +55,12 @@ jobs: language: shell name: Build anaconda container script: ./containers/build anaconda + - stage: build-full-image + before_install: *upgradedocker + dist: xenial + language: shell + name: Build full k8s node image 1.13 + script: ./containers/build k8s-node-image 1.13 - stage: build-full-image before_install: *upgradedocker dist: xenial @@ -66,11 +72,16 @@ jobs: language: shell name: Build anaconda+nginx container script: ./containers/build anaconda-nginx -# - stage: build-nginx -# dist: xenial -# language: shell -# name: Build k8s-node-image+nginx container 1.14 -# script: ./containers/build k8s-node-image-nginx 1.14 + - stage: build-nginx + dist: xenial + language: shell + name: Build k8s-node-image+nginx container 1.13 + script: ./containers/build k8s-node-image-nginx 1.13 + - stage: build-nginx + dist: xenial + language: shell + name: Build k8s-node-image+nginx container 1.14 + script: ./containers/build k8s-node-image-nginx 1.14 - stage: build-image-library-charts dist: xenial language: shell From 558ead5a817888aec8a21ae3c43d864c4f692f80 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 8 Apr 2019 11:29:42 -0700 Subject: [PATCH 090/331] Remove new build from k8s-node-image --- containers/k8s-node-image/buildenv | 1 - 1 file changed, 1 deletion(-) diff --git a/containers/k8s-node-image/buildenv b/containers/k8s-node-image/buildenv index 2de49f3..40b9679 100644 --- a/containers/k8s-node-image/buildenv +++ b/containers/k8s-node-image/buildenv @@ -3,4 +3,3 @@ export AUTO_PREFIX_PACKAGE=kubelet export DOCKER_TAG=$SUBBUILD export DOCKER_BUILDKIT=1 export GPGSIGN=1 -export NEW_BUILD=1 From b58fde413efdedcb7337e29b05b660dc3ae28261 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 8 Apr 2019 11:38:25 -0700 Subject: [PATCH 091/331] Fix latest tag --- containers/k8s-node-image-nginx/buildenv | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/containers/k8s-node-image-nginx/buildenv b/containers/k8s-node-image-nginx/buildenv index fb39ccc..1f3b088 100644 --- a/containers/k8s-node-image-nginx/buildenv +++ b/containers/k8s-node-image-nginx/buildenv @@ -1,7 +1,6 @@ export AUTO_PREFIX=rpmrepo-version export AUTO_PREFIX_PACKAGE=kubelet -export DOCKER_TAG=$SUBBUILD export AUTO_PREFIX_FILTER='sed "s/$/-nginx/g"' export DOCKER_REPO=pnnlmiscscripts/k8s-node-image -export DOCKER_TAG=latest-nginx +export DOCKER_TAG="$SUBBUILD-nginx" export NEW_BUILD=1 From 87b8468691017eb1e9157d3794d3f3a5557a9f8d Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 11 Apr 2019 10:15:17 -0700 Subject: [PATCH 092/331] Remove new build --- containers/k8s-node-image-nginx/buildenv | 1 - 1 file changed, 1 deletion(-) diff --git a/containers/k8s-node-image-nginx/buildenv b/containers/k8s-node-image-nginx/buildenv index 1f3b088..720d1a9 100644 --- a/containers/k8s-node-image-nginx/buildenv +++ b/containers/k8s-node-image-nginx/buildenv @@ -3,4 +3,3 @@ export AUTO_PREFIX_PACKAGE=kubelet export AUTO_PREFIX_FILTER='sed "s/$/-nginx/g"' export DOCKER_REPO=pnnlmiscscripts/k8s-node-image export DOCKER_TAG="$SUBBUILD-nginx" -export NEW_BUILD=1 From b7080032c45b0062947de53004aa134c22504b3b Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 11 Apr 2019 11:53:54 -0700 Subject: [PATCH 093/331] Build image library charts for anaconda-nginx, and k8s-node-image-nginx's --- charts/image-library-charts/build | 33 +++++++++++----- charts/image-library-charts/buildall | 57 ++++++++++++++++++++-------- 2 files changed, 65 insertions(+), 25 deletions(-) diff --git a/charts/image-library-charts/build b/charts/image-library-charts/build index 682c8dd..e782c9a 100755 --- a/charts/image-library-charts/build +++ b/charts/image-library-charts/build @@ -1,6 +1,13 @@ -#!/bin/bash - -CONTAINER="$1" +#!/bin/bash -e + +RAWCONTAINER="$1" +SUBBUILD="$2" +if [ "x$SUBBUILD" == "x" -o "x$SUBBUILD" == "xlatest" ]; then + CONTAINER="$RAWCONTAINER" + SUBBUILD=latest +else + CONTAINER="$RAWCONTAINER-$(echo $SUBBUILD | tr '.' '-')" +fi if [ "x$REVISION" == "x" ]; then echo REVISION is not set. @@ -12,15 +19,20 @@ mkdir -p $(dirname "$0")/"$CONTAINER" pushd $(dirname "$0")/"$CONTAINER" -export DOCKER_TAG=latest +export DOCKER_TAG="$SUBBUILD" export CPREFIX="pnnlmiscscripts" -[ -f buildenv ] && . ../../../containers/"$CONTAINER"/buildenv +[ -f buildenv ] && . ../../../containers/"$RAWCONTAINER"/buildenv if [ "x$IMAGE_NAME" == "x" ]; then export IMAGE_NAME="${DOCKER_REPO}:${DOCKER_TAG}" fi +SUBREPO="$RAWCONTAINER" +if [ "x$DOCKER_REPO" != "x" ]; then + SUBREPO=$(echo "$DOCKER_REPO" | sed "s@$CPREFIX/@@g") +fi + cat > Chart.yaml < /dev/null helm package "../../$CONTAINER" popd diff --git a/charts/image-library-charts/buildall b/charts/image-library-charts/buildall index d1ba563..1cb8ba1 100755 --- a/charts/image-library-charts/buildall +++ b/charts/image-library-charts/buildall @@ -19,23 +19,50 @@ cd image-library-charts mkdir -p tags CHANGE=0 -for CONTAINER in ipmitool dhcpd debug-toolbox; do - export REVISION=$(../hubbuildtools/hubcurlrevision.sh "pnnlmiscscripts/$CONTAINER" "latest") - echo Revision: $REVISION - FOUND=0 - if [ -f "tags/$CONTAINER-latest" ]; then - if [ "x2 $REVISION" == "x$(cat tags/$CONTAINER-latest)" ]; then - FOUND=1 - echo $CONTAINER already built. +for CONTAINER in ipmitool dhcpd debug-toolbox anaconda-nginx k8s-node-image-nginx; do + case "$CONTAINER" in + k8s-node-image-nginx) + SUBBUILDS="1.13 1.14" + ;; + *) + SUBBUILDS="latest" + ;; + esac + for SUBBUILD in $SUBBUILDS; do + unset DOCKER_REPO + export DOCKER_REPO=$( + [ -f ../../../containers/"$CONTAINER"/buildenv ] && . ../../../containers/"$CONTAINER"/buildenv + [ "x$DOCKER_REPO" != "x" ] && echo "$DOCKER_REPO" || \ + echo "pnnlmiscscripts/$CONTAINER" + ) + unset DOCKER_TAG + export DOCKER_TAG=$( + [ -f ../../../containers/"$CONTAINER"/buildenv ] && . ../../../containers/"$CONTAINER"/buildenv + [ "x$DOCKER_TAG" != "x" ] && echo "$DOCKER_TAG" || \ + echo "$SUBBUILD" + ) + export REVISION=$(../hubbuildtools/hubcurlrevision.sh "$DOCKER_REPO" "$DOCKER_TAG") + echo Revision: $REVISION + if [ "$REVISION" == "null" ]; then + echo BAD REVISION + exit 1 fi - fi - if [ $FOUND -eq 0 ]; then - CHANGE=1 - echo $CONTAINER building... - ../build "$CONTAINER" - echo "2 $REVISION" > "tags/$CONTAINER-latest" - fi + FOUND=0 + if [ -f "tags/$CONTAINER-$SUBBUILD" ]; then + if [ "x2 $REVISION" == "x$(cat tags/$CONTAINER-$SUBBUILD)" ]; then + FOUND=1 + echo $CONTAINER $SUBBUILD already built. + fi + fi + if [ $FOUND -eq 0 ]; then + CHANGE=1 + echo $CONTAINER building... + ../build "$CONTAINER" "$SUBBUILD" + echo "2 $REVISION" > "tags/$CONTAINER-$SUBBUILD" + fi + done done +exit 1 if [ $CHANGE -eq 1 ]; then pushd docs helm repo index . From e0e364fe12b9c62905ebb02972576e5ed7ab0384 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 11 Apr 2019 11:58:17 -0700 Subject: [PATCH 094/331] Init helm client --- charts/image-library-charts/buildall | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/image-library-charts/buildall b/charts/image-library-charts/buildall index 1cb8ba1..e2bf8c8 100755 --- a/charts/image-library-charts/buildall +++ b/charts/image-library-charts/buildall @@ -12,6 +12,7 @@ if [ "x$TRAVIS" != "x" ]; then curl https://raw.githubusercontent.com/helm/helm/master/scripts/get > get_helm.sh chmod 700 get_helm.sh ./get_helm.sh + helm init -c fi cd image-library-charts From 6a36faf83badfd160ac2ce15587c5155a66aef64 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 11 Apr 2019 12:02:05 -0700 Subject: [PATCH 095/331] Remove forgotten debug exit --- charts/image-library-charts/buildall | 1 - 1 file changed, 1 deletion(-) diff --git a/charts/image-library-charts/buildall b/charts/image-library-charts/buildall index e2bf8c8..55b791b 100755 --- a/charts/image-library-charts/buildall +++ b/charts/image-library-charts/buildall @@ -63,7 +63,6 @@ for CONTAINER in ipmitool dhcpd debug-toolbox anaconda-nginx k8s-node-image-ngin fi done done -exit 1 if [ $CHANGE -eq 1 ]; then pushd docs helm repo index . From a09161da7df4d1dd0f03fb9d377e42160ee954ab Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sat, 13 Apr 2019 16:45:26 -0700 Subject: [PATCH 096/331] Add initial chart for k8s-node-image --- charts/charts/k8s-node-image/Chart.yaml | 5 ++ .../charts/k8s-node-image/requirements.yaml | 7 ++ .../k8s-node-image/templates/_helpers.tpl | 83 +++++++++++++++++++ .../templates/anaconda-deployment.yaml | 62 ++++++++++++++ .../templates/anaconda-service.yaml | 21 +++++ .../k8s-node-image/templates/ingress.yaml | 59 +++++++++++++ .../templates/k8s-node-deployment.yaml | 62 ++++++++++++++ .../templates/k8s-node-service.yaml | 21 +++++ charts/charts/k8s-node-image/values.yaml | 59 +++++++++++++ 9 files changed, 379 insertions(+) create mode 100644 charts/charts/k8s-node-image/Chart.yaml create mode 100644 charts/charts/k8s-node-image/requirements.yaml create mode 100644 charts/charts/k8s-node-image/templates/_helpers.tpl create mode 100644 charts/charts/k8s-node-image/templates/anaconda-deployment.yaml create mode 100644 charts/charts/k8s-node-image/templates/anaconda-service.yaml create mode 100644 charts/charts/k8s-node-image/templates/ingress.yaml create mode 100644 charts/charts/k8s-node-image/templates/k8s-node-deployment.yaml create mode 100644 charts/charts/k8s-node-image/templates/k8s-node-service.yaml create mode 100644 charts/charts/k8s-node-image/values.yaml diff --git a/charts/charts/k8s-node-image/Chart.yaml b/charts/charts/k8s-node-image/Chart.yaml new file mode 100644 index 0000000..d6e736f --- /dev/null +++ b/charts/charts/k8s-node-image/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for Kubernetes +name: k8s-node-image +version: 0.1.0 diff --git a/charts/charts/k8s-node-image/requirements.yaml b/charts/charts/k8s-node-image/requirements.yaml new file mode 100644 index 0000000..f3cdf12 --- /dev/null +++ b/charts/charts/k8s-node-image/requirements.yaml @@ -0,0 +1,7 @@ +dependencies: +- name: k8s-node-image-nginx-1-14 + version: 2.0.0 + repository: https://pnnl-miscscripts.github.io/image-library-charts/ +- name: anaconda-nginx + version: 2.0.0 + repository: https://pnnl-miscscripts.github.io/image-library-charts/ diff --git a/charts/charts/k8s-node-image/templates/_helpers.tpl b/charts/charts/k8s-node-image/templates/_helpers.tpl new file mode 100644 index 0000000..35ec021 --- /dev/null +++ b/charts/charts/k8s-node-image/templates/_helpers.tpl @@ -0,0 +1,83 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "k8s-node-image.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "k8s-node-image.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "k8s-node-image.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "k8s-node-image.anaconda.fullname" -}} +{{- $f := include "k8s-node-image.fullname" . }} +{{- $f | trunc 59 | trimSuffix "-" -}}-ana +{{- end -}} + +{{- define "k8s-node-image.k8s-node.fullname" -}} +{{- $f := include "k8s-node-image.fullname" . }} +{{- $f | trunc 58 | trimSuffix "-" -}}-node +{{- end -}} + +{{- define "k8s-node-image.ingress.regex" -}} +{{- if gt (len .suffix) 0 }} + {{- if eq .type "d" }} + {{- printf "%s/(%s$|%s/.*)" .prefix .suffix .suffix }} + {{- else }} + {{- printf "%s/(%s$)" .prefix .suffix }} + {{- end }} +{{- else }} + {{- printf "%s/?(.*)$" .prefix }} +{{- end }} +{{- end -}} + +{{- define "k8s-node-image.ingress.noregex" -}} +{{- if gt (len .suffix) 0 }} + {{- printf "%s/%s" .prefix .suffix }} +{{- else }} + {{- printf "%s/" .prefix }} +{{- end }} +{{- end -}} + +{{- define "k8s-node-image.ingress.prefix" -}} +{{- if .Values.ingress.enableVersionPrefix -}} +{{- $tag := dict "dot" . "section" .Values.k8sNode.image | include (printf "%s.tag" .Values.k8sNode.prefix) -}} +{{- printf "%s/%s" .Values.ingress.prefix $tag -}} +{{- else }} +{{- .Values.ingress.prefix -}} +{{- end }} +{{- end }} + +{{/* +takes dot, prefix, suffix, and type. type can be either f or d. +*/}} +{{- define "k8s-node-image.ingress" -}} +{{- if .dot.Values.ingress.regex }} +{{- include "k8s-node-image.ingress.regex" . }} +{{- else }} +{{- include "k8s-node-image.ingress.noregex" . }} +{{- end }} +{{- end -}} + diff --git a/charts/charts/k8s-node-image/templates/anaconda-deployment.yaml b/charts/charts/k8s-node-image/templates/anaconda-deployment.yaml new file mode 100644 index 0000000..b4ecd89 --- /dev/null +++ b/charts/charts/k8s-node-image/templates/anaconda-deployment.yaml @@ -0,0 +1,62 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "k8s-node-image.anaconda.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "k8s-node-image.name" . }} + helm.sh/chart: {{ include "k8s-node-image.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + svc: anaconda +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "k8s-node-image.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + svc: anaconda + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "k8s-node-image.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + svc: anaconda + spec: + containers: + - name: main + command: ["nginx", "-g", "daemon off;"] + image: {{ dict "dot" . "section" (index .Values "anaconda").image | include "pnnlmiscscripts.anaconda-nginx.image" }} + imagePullPolicy: {{ .Values.anaconda.image.pullPolicy }} + ports: + - name: http + containerPort: 80 + protocol: TCP + lifecycle: + preStop: + exec: + command: + - /bin/sh + - -c + - nginx -s quit + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/charts/k8s-node-image/templates/anaconda-service.yaml b/charts/charts/k8s-node-image/templates/anaconda-service.yaml new file mode 100644 index 0000000..491ea71 --- /dev/null +++ b/charts/charts/k8s-node-image/templates/anaconda-service.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "k8s-node-image.anaconda.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "k8s-node-image.name" . }} + helm.sh/chart: {{ include "k8s-node-image.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + svc: anaconda +spec: + type: {{ .Values.anaconda.service.type }} + ports: + - port: {{ .Values.anaconda.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{ include "k8s-node-image.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + svc: anaconda diff --git a/charts/charts/k8s-node-image/templates/ingress.yaml b/charts/charts/k8s-node-image/templates/ingress.yaml new file mode 100644 index 0000000..cdb25df --- /dev/null +++ b/charts/charts/k8s-node-image/templates/ingress.yaml @@ -0,0 +1,59 @@ +{{- if .Values.ingress.enabled -}} +{{- $dot := . }} +{{- $prefix := include "k8s-node-image.ingress.prefix" . }} +{{- $aFullName := include "k8s-node-image.anaconda.fullname" . -}} +{{- $nFullName := include "k8s-node-image.k8s-node.fullname" . -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ include "k8s-node-image.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "k8s-node-image.name" . }} + helm.sh/chart: {{ include "k8s-node-image.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + annotations: +{{- if .Values.ingress.regex }} + nginx.ingress.kubernetes.io/rewrite-target: /$1 +{{- end }} + {{- with .Values.ingress.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ . | quote }} + http: + paths: + - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "" "type" "d" | include "k8s-node-image.ingress" }} + backend: + serviceName: {{ $nFullName }} + servicePort: http + - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "vmlinuz" "type" "f" | include "k8s-node-image.ingress" }} + backend: + serviceName: {{ $aFullName }} + servicePort: http + - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "initrd.img" "type" "f" | include "k8s-node-image.ingress" }} + backend: + serviceName: {{ $aFullName }} + servicePort: http + - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "LiveOS" "type" "d" | include "k8s-node-image.ingress" }} + backend: + serviceName: {{ $aFullName }} + servicePort: http + - path: {{ dict "dot" $dot "prefix" $prefix "suffix" ".treeinfo" "type" "f" | include "k8s-node-image.ingress" }} + backend: + serviceName: {{ $aFullName }} + servicePort: http + {{- end }} +{{- end }} diff --git a/charts/charts/k8s-node-image/templates/k8s-node-deployment.yaml b/charts/charts/k8s-node-image/templates/k8s-node-deployment.yaml new file mode 100644 index 0000000..b86248b --- /dev/null +++ b/charts/charts/k8s-node-image/templates/k8s-node-deployment.yaml @@ -0,0 +1,62 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "k8s-node-image.k8s-node.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "k8s-node-image.name" . }} + helm.sh/chart: {{ include "k8s-node-image.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + svc: k8s-node +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "k8s-node-image.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + svc: k8s-node + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "k8s-node-image.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + svc: k8s-node + spec: + containers: + - name: main + command: ["nginx", "-g", "daemon off;"] + image: {{ dict "dot" . "section" (index .Values "k8sNode").image | include (printf "%s.image" .Values.k8sNode.prefix) }} + imagePullPolicy: {{ .Values.k8sNode.image.pullPolicy }} + ports: + - name: http + containerPort: 80 + protocol: TCP + lifecycle: + preStop: + exec: + command: + - /bin/sh + - -c + - nginx -s quit + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/charts/k8s-node-image/templates/k8s-node-service.yaml b/charts/charts/k8s-node-image/templates/k8s-node-service.yaml new file mode 100644 index 0000000..1b90296 --- /dev/null +++ b/charts/charts/k8s-node-image/templates/k8s-node-service.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "k8s-node-image.k8s-node.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "k8s-node-image.name" . }} + helm.sh/chart: {{ include "k8s-node-image.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + svc: k8s-node +spec: + type: {{ .Values.k8sNode.service.type }} + ports: + - port: {{ .Values.k8sNode.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{ include "k8s-node-image.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + svc: k8s-node diff --git a/charts/charts/k8s-node-image/values.yaml b/charts/charts/k8s-node-image/values.yaml new file mode 100644 index 0000000..adb1a20 --- /dev/null +++ b/charts/charts/k8s-node-image/values.yaml @@ -0,0 +1,59 @@ +# Default values for k8s-node-image. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 2 + +nameOverride: "" +fullnameOverride: "" + +anaconda: + image: + pullPolicy: IfNotPresent + + service: + type: ClusterIP + port: 80 + +k8sNode: + prefix: "pnnlmiscscripts.k8s-node-image-nginx-1-14" + image: + pullPolicy: IfNotPresent + + service: + type: ClusterIP + port: 80 + +ingress: + enabled: true + enableVersionPrefix: true + regex: true + prefix: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - chart-example.local + + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} From f4b713840f271f48e621b263c611dd71bd321b1a Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sun, 14 Apr 2019 13:42:05 -0700 Subject: [PATCH 097/331] Finish up k8s-node-image chart. Add chronyd container. --- .travis.yml | 5 + charts/charts/buildall | 112 +++++++++++------- charts/charts/k8s-node-image/README.md | 35 ++++++ .../charts/k8s-node-image/templates/NOTES.txt | 12 ++ .../k8s-node-image/templates/_helpers.tpl | 26 ++-- .../templates/anaconda-deployment.yaml | 10 +- .../templates/anaconda-service.yaml | 8 +- .../k8s-node-image/templates/ingress.yaml | 31 +++-- .../templates/k8s-node-deployment.yaml | 10 +- .../templates/k8s-node-service.yaml | 8 +- containers/chronyd/Dockerfile | 5 + containers/chronyd/buildenv | 2 + 12 files changed, 180 insertions(+), 84 deletions(-) create mode 100644 charts/charts/k8s-node-image/README.md create mode 100644 charts/charts/k8s-node-image/templates/NOTES.txt create mode 100644 containers/chronyd/Dockerfile create mode 100644 containers/chronyd/buildenv diff --git a/.travis.yml b/.travis.yml index 2b28aef..b45a935 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,6 +10,11 @@ jobs: language: shell name: Build dhcpd container script: ./containers/build dhcpd + - stage: build + dist: xenial + language: shell + name: Build chronyd container + script: ./containers/build chronyd - stage: build dist: xenial language: shell diff --git a/charts/charts/buildall b/charts/charts/buildall index 7623088..b3acd2e 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -11,6 +11,7 @@ if [ "x$TRAVIS" != "x" ]; then curl https://raw.githubusercontent.com/helm/helm/master/scripts/get > get_helm.sh chmod 700 get_helm.sh ./get_helm.sh + helm init -c fi mkdir -p charts/docs @@ -21,52 +22,79 @@ helm init --client-only helm repo add pnnl-miscscripts-image-library-charts https://pnnl-miscscripts.github.io/image-library-charts/ helm repo update -CHANGE=0 -for CHART in console; do - pushd "$CHART" +for ver in 1-13 1-14; do + cp -a k8s-node-image k8s-node-image-$ver + sed -i "s@k8s-node-image-nginx-1-14@k8s-node-image-nginx-$ver@g" k8s-node-image-$ver/requirements.yaml k8s-node-image-$ver/values.yaml + sed -i "s@^name:.*@name: k8s-node-image-$ver@g" k8s-node-image-$ver/Chart.yaml + pushd k8s-node-image-$ver 2>/dev/null helm dep up --skip-refresh - FINGERPRINT=$((echo main - cat Chart.yaml | sort | awk '{if(/^(appVersion|version|name):/){print $2}}' | sed 'N;N; s/\([^\n]*\)\n\([^\n]*\)\n\([^n]*\)/\2 \3 \1/g' - echo deps - ls charts | sort | while read line; do - helm inspect chart charts/$line | sort | awk '{if(/^(appVersion|version|name):/){print $2}}' | sed 'N;N; s/\([^\n]*\)\n\([^\n]*\)\n\([^n]*\)/\2 \3 \1/g' - done) | bzip2 -c | base64 | tr '\n' '=' | sed 's/=//g') - VERSION=$(cat Chart.yaml | awk '{if(/^version:/){print $2}}') - popd - echo Version: $VERSION - echo Fingerprint: $FINGERPRINT - pushd charts - FOUND=0 - if [ -f "tags/$CHART-latest" ]; then - if [ "x$FINGERPRINT" == "x$(cat tags/$CHART-latest)" ]; then - FOUND=1 - echo $CHART already built. + popd 2>/dev/null + APPVER=$(helm inspect chart k8s-node-image-$ver/charts/k8s-node-image-nginx-*.tgz | sort | awk '{if(/^(appVersion):/){print $2}}') + sed -i "s@^appVersion:.*@appVersion: k8s-node-image-$APPVER@g" k8s-node-image-$ver/Chart.yaml +done + +CHANGE=0 +for CHART in console k8s-node-image; do + RAWCHART=$CHART + case "$CHART" in + k8s-node-image) + SUBBUILDS="1-13 1-14" + ;; + *) + SUBBUILDS="latest" + ;; + esac + for SUBBUILD in $SUBBUILDS; do + if [ $SUBBUILD != "latest" ]; then + CHART=$RAWCHART-$SUBBUILD + fi + pushd "$CHART" + helm dep up --skip-refresh + FINGERPRINT=$((echo main + cat Chart.yaml | sort | awk '{if(/^(appVersion|version|name):/){print $2}}' | sed 'N;N; s/\([^\n]*\)\n\([^\n]*\)\n\([^n]*\)/\2 \3 \1/g' + echo deps + ls charts | sort | while read line; do + helm inspect chart charts/$line | sort | awk '{if(/^(appVersion|version|name):/){print $2}}' | sed 'N;N; s/\([^\n]*\)\n\([^\n]*\)\n\([^n]*\)/\2 \3 \1/g' + done) | bzip2 -c | base64 | tr '\n' '=' | sed 's/=//g') + VERSION=$(cat Chart.yaml | awk '{if(/^version:/){print $2}}') + popd + echo Version: $VERSION + echo Fingerprint: $FINGERPRINT + pushd charts + FOUND=0 + if [ -f "tags/$CHART-latest" ]; then + if [ "x$FINGERPRINT" == "x$(cat tags/$CHART-latest)" ]; then + FOUND=1 + echo $CHART already built. + fi fi - fi - if [ $FOUND -eq 0 ]; then - CHANGE=1 - echo $CHART building... - pushd docs/ - NEWVERSION="$VERSION" - if [ -f ../vers/$CHART-latest ]; then - echo Existing package found. Updating version. - OLDVERSION=$(cat ../vers/$CHART-latest) - MAJORVERSION=$(echo $OLDVERSION | awk -F . '{print $1}') - MINORVERSION=$(echo $OLDVERSION | awk -F . '{print $2}') - PATCHVERSION=$(echo $OLDVERSION | awk -F . '{print $3}') - NEWPATCHVERSION=$((PATCHVERSION + 1)) - NEWVERSION="$MAJORVERSION.$MINORVERSION.$NEWPATCHVERSION" - echo Old version: $OLDVERSION - echo New version: $NEWVERSION - sed -i "s/^version: .*/version: $NEWVERSION/" ../../$CHART/Chart.yaml - sed -i "s/^appVersion: .*/appVersion: $NEWVERSION/" ../../$CHART/Chart.yaml + if [ $FOUND -eq 0 ]; then + CHANGE=1 + echo $CHART building... + pushd docs/ + NEWVERSION="$VERSION" + if [ -f ../vers/$CHART-latest ]; then + echo Existing package found. Updating version. + OLDVERSION=$(cat ../vers/$CHART-latest) + MAJORVERSION=$(echo $OLDVERSION | awk -F . '{print $1}') + MINORVERSION=$(echo $OLDVERSION | awk -F . '{print $2}') + PATCHVERSION=$(echo $OLDVERSION | awk -F . '{print $3}') + NEWPATCHVERSION=$((PATCHVERSION + 1)) + NEWVERSION="$MAJORVERSION.$MINORVERSION.$NEWPATCHVERSION" + echo Old version: $OLDVERSION + echo New version: $NEWVERSION + sed -i "s/^version: .*/version: $NEWVERSION/" ../../$CHART/Chart.yaml + if [ "$SUBBUILD" == "latest" ]; then + sed -i "s/^appVersion: .*/appVersion: $NEWVERSION/" ../../$CHART/Chart.yaml + fi + fi + helm package ../../$CHART + popd + echo "$FINGERPRINT" > "tags/$CHART-latest" + echo "$NEWVERSION" > "vers/$CHART-latest" fi - helm package ../../$CHART popd - echo "$FINGERPRINT" > "tags/$CHART-latest" - echo "$NEWVERSION" > "vers/$CHART-latest" - fi - popd + done done pushd charts diff --git a/charts/charts/k8s-node-image/README.md b/charts/charts/k8s-node-image/README.md new file mode 100644 index 0000000..ed51668 --- /dev/null +++ b/charts/charts/k8s-node-image/README.md @@ -0,0 +1,35 @@ +# K8S Node Image + +The k8s-node-image chart provides a a standalone image useful for installing +bare metal nodes that can form a k8s cluster. + +This can be used in conjunction with pixiecore and dhcpd. + +## Dependencies + +This chart requires nginx-ingress 0.22.0 or higher in the default config. To +support older nginx-ingress, set ingress.regex=false. + +For other ingress controllers, you will need to annotate as needed to get +rewriting to happen appropriately for your ingress controller. + +## Install Chart + +To install the Chart into your Kubernetes cluster : + +```bash +helm install --namespace "k8s-node-image" pnnl-miscscripts/k8s-node-image +``` + +After installation succeeds, you can get a status of Chart + +```bash +helm status +``` + +If you want to delete your Chart, use this command: + +```bash +helm delete --purge +``` + diff --git a/charts/charts/k8s-node-image/templates/NOTES.txt b/charts/charts/k8s-node-image/templates/NOTES.txt new file mode 100644 index 0000000..47aa2eb --- /dev/null +++ b/charts/charts/k8s-node-image/templates/NOTES.txt @@ -0,0 +1,12 @@ +{{- $dot := . }} +{{- $prefix := include "pnnlmiscscripts.k8s-node-image-full.ingress.prefix" . }} +Contact information + +{{- range .Values.ingress.hosts }} +Repo: +http://{{ . }}{{ $prefix }} +Kernel: +http://{{ . }}{{ $prefix }}/vmlinuz +Initrd: +http://{{ . }}{{ $prefix }}/initrd.img +{{- end }} diff --git a/charts/charts/k8s-node-image/templates/_helpers.tpl b/charts/charts/k8s-node-image/templates/_helpers.tpl index 35ec021..0120d2c 100644 --- a/charts/charts/k8s-node-image/templates/_helpers.tpl +++ b/charts/charts/k8s-node-image/templates/_helpers.tpl @@ -2,7 +2,7 @@ {{/* Expand the name of the chart. */}} -{{- define "k8s-node-image.name" -}} +{{- define "pnnlmiscscripts.k8s-node-image-full.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} @@ -11,7 +11,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "k8s-node-image.fullname" -}} +{{- define "pnnlmiscscripts.k8s-node-image-full.fullname" -}} {{- if .Values.fullnameOverride -}} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} {{- else -}} @@ -27,21 +27,21 @@ If release name contains chart name it will be used as a full name. {{/* Create chart name and version as used by the chart label. */}} -{{- define "k8s-node-image.chart" -}} +{{- define "pnnlmiscscripts.k8s-node-image-full.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} -{{- define "k8s-node-image.anaconda.fullname" -}} -{{- $f := include "k8s-node-image.fullname" . }} +{{- define "pnnlmiscscripts.k8s-node-image-full.anaconda.fullname" -}} +{{- $f := include "pnnlmiscscripts.k8s-node-image-full.fullname" . }} {{- $f | trunc 59 | trimSuffix "-" -}}-ana {{- end -}} -{{- define "k8s-node-image.k8s-node.fullname" -}} -{{- $f := include "k8s-node-image.fullname" . }} +{{- define "pnnlmiscscripts.k8s-node-image-full.k8s-node.fullname" -}} +{{- $f := include "pnnlmiscscripts.k8s-node-image-full.fullname" . }} {{- $f | trunc 58 | trimSuffix "-" -}}-node {{- end -}} -{{- define "k8s-node-image.ingress.regex" -}} +{{- define "pnnlmiscscripts.k8s-node-image-full.ingress.regex" -}} {{- if gt (len .suffix) 0 }} {{- if eq .type "d" }} {{- printf "%s/(%s$|%s/.*)" .prefix .suffix .suffix }} @@ -53,7 +53,7 @@ Create chart name and version as used by the chart label. {{- end }} {{- end -}} -{{- define "k8s-node-image.ingress.noregex" -}} +{{- define "pnnlmiscscripts.k8s-node-image-full.ingress.noregex" -}} {{- if gt (len .suffix) 0 }} {{- printf "%s/%s" .prefix .suffix }} {{- else }} @@ -61,7 +61,7 @@ Create chart name and version as used by the chart label. {{- end }} {{- end -}} -{{- define "k8s-node-image.ingress.prefix" -}} +{{- define "pnnlmiscscripts.k8s-node-image-full.ingress.prefix" -}} {{- if .Values.ingress.enableVersionPrefix -}} {{- $tag := dict "dot" . "section" .Values.k8sNode.image | include (printf "%s.tag" .Values.k8sNode.prefix) -}} {{- printf "%s/%s" .Values.ingress.prefix $tag -}} @@ -73,11 +73,11 @@ Create chart name and version as used by the chart label. {{/* takes dot, prefix, suffix, and type. type can be either f or d. */}} -{{- define "k8s-node-image.ingress" -}} +{{- define "pnnlmiscscripts.k8s-node-image-full.ingress" -}} {{- if .dot.Values.ingress.regex }} -{{- include "k8s-node-image.ingress.regex" . }} +{{- include "pnnlmiscscripts.k8s-node-image-full.ingress.regex" . }} {{- else }} -{{- include "k8s-node-image.ingress.noregex" . }} +{{- include "pnnlmiscscripts.k8s-node-image-full.ingress.noregex" . }} {{- end }} {{- end -}} diff --git a/charts/charts/k8s-node-image/templates/anaconda-deployment.yaml b/charts/charts/k8s-node-image/templates/anaconda-deployment.yaml index b4ecd89..f97c358 100644 --- a/charts/charts/k8s-node-image/templates/anaconda-deployment.yaml +++ b/charts/charts/k8s-node-image/templates/anaconda-deployment.yaml @@ -1,10 +1,10 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "k8s-node-image.anaconda.fullname" . }} + name: {{ include "pnnlmiscscripts.k8s-node-image-full.anaconda.fullname" . }} labels: - app.kubernetes.io/name: {{ include "k8s-node-image.name" . }} - helm.sh/chart: {{ include "k8s-node-image.chart" . }} + app.kubernetes.io/name: {{ include "pnnlmiscscripts.k8s-node-image-full.name" . }} + helm.sh/chart: {{ include "pnnlmiscscripts.k8s-node-image-full.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} svc: anaconda @@ -12,13 +12,13 @@ spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: - app.kubernetes.io/name: {{ include "k8s-node-image.name" . }} + app.kubernetes.io/name: {{ include "pnnlmiscscripts.k8s-node-image-full.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} svc: anaconda template: metadata: labels: - app.kubernetes.io/name: {{ include "k8s-node-image.name" . }} + app.kubernetes.io/name: {{ include "pnnlmiscscripts.k8s-node-image-full.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} svc: anaconda spec: diff --git a/charts/charts/k8s-node-image/templates/anaconda-service.yaml b/charts/charts/k8s-node-image/templates/anaconda-service.yaml index 491ea71..0091ce8 100644 --- a/charts/charts/k8s-node-image/templates/anaconda-service.yaml +++ b/charts/charts/k8s-node-image/templates/anaconda-service.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "k8s-node-image.anaconda.fullname" . }} + name: {{ include "pnnlmiscscripts.k8s-node-image-full.anaconda.fullname" . }} labels: - app.kubernetes.io/name: {{ include "k8s-node-image.name" . }} - helm.sh/chart: {{ include "k8s-node-image.chart" . }} + app.kubernetes.io/name: {{ include "pnnlmiscscripts.k8s-node-image-full.name" . }} + helm.sh/chart: {{ include "pnnlmiscscripts.k8s-node-image-full.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} svc: anaconda @@ -16,6 +16,6 @@ spec: protocol: TCP name: http selector: - app.kubernetes.io/name: {{ include "k8s-node-image.name" . }} + app.kubernetes.io/name: {{ include "pnnlmiscscripts.k8s-node-image-full.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} svc: anaconda diff --git a/charts/charts/k8s-node-image/templates/ingress.yaml b/charts/charts/k8s-node-image/templates/ingress.yaml index cdb25df..cae9c2e 100644 --- a/charts/charts/k8s-node-image/templates/ingress.yaml +++ b/charts/charts/k8s-node-image/templates/ingress.yaml @@ -1,15 +1,16 @@ {{- if .Values.ingress.enabled -}} {{- $dot := . }} -{{- $prefix := include "k8s-node-image.ingress.prefix" . }} -{{- $aFullName := include "k8s-node-image.anaconda.fullname" . -}} -{{- $nFullName := include "k8s-node-image.k8s-node.fullname" . -}} +{{- $prefix := include "pnnlmiscscripts.k8s-node-image-full.ingress.prefix" . }} +{{- $pxeprefix := printf "%s/images/pxeboot" $prefix }} +{{- $aFullName := include "pnnlmiscscripts.k8s-node-image-full.anaconda.fullname" . -}} +{{- $nFullName := include "pnnlmiscscripts.k8s-node-image-full.k8s-node.fullname" . -}} apiVersion: extensions/v1beta1 kind: Ingress metadata: - name: {{ include "k8s-node-image.fullname" . }} + name: {{ include "pnnlmiscscripts.k8s-node-image-full.fullname" . }} labels: - app.kubernetes.io/name: {{ include "k8s-node-image.name" . }} - helm.sh/chart: {{ include "k8s-node-image.chart" . }} + app.kubernetes.io/name: {{ include "pnnlmiscscripts.k8s-node-image-full.name" . }} + helm.sh/chart: {{ include "pnnlmiscscripts.k8s-node-image-full.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} annotations: @@ -35,23 +36,31 @@ spec: - host: {{ . | quote }} http: paths: - - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "" "type" "d" | include "k8s-node-image.ingress" }} + - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "" "type" "d" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} backend: serviceName: {{ $nFullName }} servicePort: http - - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "vmlinuz" "type" "f" | include "k8s-node-image.ingress" }} + - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "vmlinuz" "type" "f" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} backend: serviceName: {{ $aFullName }} servicePort: http - - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "initrd.img" "type" "f" | include "k8s-node-image.ingress" }} + - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "initrd.img" "type" "f" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} backend: serviceName: {{ $aFullName }} servicePort: http - - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "LiveOS" "type" "d" | include "k8s-node-image.ingress" }} + - path: {{ dict "dot" $dot "prefix" $pxeprefix "suffix" "vmlinuz" "type" "f" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} backend: serviceName: {{ $aFullName }} servicePort: http - - path: {{ dict "dot" $dot "prefix" $prefix "suffix" ".treeinfo" "type" "f" | include "k8s-node-image.ingress" }} + - path: {{ dict "dot" $dot "prefix" $pxeprefix "suffix" "initrd.img" "type" "f" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} + backend: + serviceName: {{ $aFullName }} + servicePort: http + - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "LiveOS" "type" "d" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} + backend: + serviceName: {{ $aFullName }} + servicePort: http + - path: {{ dict "dot" $dot "prefix" $prefix "suffix" ".treeinfo" "type" "f" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} backend: serviceName: {{ $aFullName }} servicePort: http diff --git a/charts/charts/k8s-node-image/templates/k8s-node-deployment.yaml b/charts/charts/k8s-node-image/templates/k8s-node-deployment.yaml index b86248b..e4bcabf 100644 --- a/charts/charts/k8s-node-image/templates/k8s-node-deployment.yaml +++ b/charts/charts/k8s-node-image/templates/k8s-node-deployment.yaml @@ -1,10 +1,10 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "k8s-node-image.k8s-node.fullname" . }} + name: {{ include "pnnlmiscscripts.k8s-node-image-full.k8s-node.fullname" . }} labels: - app.kubernetes.io/name: {{ include "k8s-node-image.name" . }} - helm.sh/chart: {{ include "k8s-node-image.chart" . }} + app.kubernetes.io/name: {{ include "pnnlmiscscripts.k8s-node-image-full.name" . }} + helm.sh/chart: {{ include "pnnlmiscscripts.k8s-node-image-full.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} svc: k8s-node @@ -12,13 +12,13 @@ spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: - app.kubernetes.io/name: {{ include "k8s-node-image.name" . }} + app.kubernetes.io/name: {{ include "pnnlmiscscripts.k8s-node-image-full.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} svc: k8s-node template: metadata: labels: - app.kubernetes.io/name: {{ include "k8s-node-image.name" . }} + app.kubernetes.io/name: {{ include "pnnlmiscscripts.k8s-node-image-full.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} svc: k8s-node spec: diff --git a/charts/charts/k8s-node-image/templates/k8s-node-service.yaml b/charts/charts/k8s-node-image/templates/k8s-node-service.yaml index 1b90296..cd729f4 100644 --- a/charts/charts/k8s-node-image/templates/k8s-node-service.yaml +++ b/charts/charts/k8s-node-image/templates/k8s-node-service.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "k8s-node-image.k8s-node.fullname" . }} + name: {{ include "pnnlmiscscripts.k8s-node-image-full.k8s-node.fullname" . }} labels: - app.kubernetes.io/name: {{ include "k8s-node-image.name" . }} - helm.sh/chart: {{ include "k8s-node-image.chart" . }} + app.kubernetes.io/name: {{ include "pnnlmiscscripts.k8s-node-image-full.name" . }} + helm.sh/chart: {{ include "pnnlmiscscripts.k8s-node-image-full.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} svc: k8s-node @@ -16,6 +16,6 @@ spec: protocol: TCP name: http selector: - app.kubernetes.io/name: {{ include "k8s-node-image.name" . }} + app.kubernetes.io/name: {{ include "pnnlmiscscripts.k8s-node-image-full.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} svc: k8s-node diff --git a/containers/chronyd/Dockerfile b/containers/chronyd/Dockerfile new file mode 100644 index 0000000..42eace4 --- /dev/null +++ b/containers/chronyd/Dockerfile @@ -0,0 +1,5 @@ +FROM alpine:3.9 + +RUN \ + apk add --no-cache --update chrony + diff --git a/containers/chronyd/buildenv b/containers/chronyd/buildenv new file mode 100644 index 0000000..a98defc --- /dev/null +++ b/containers/chronyd/buildenv @@ -0,0 +1,2 @@ +export AUTO_PREFIX=apk-version +export AUTO_PREFIX_PACKAGE=chrony From f29b676bc9ea50f6517b01240a2ef7eca12bb45b Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sun, 14 Apr 2019 15:51:24 -0700 Subject: [PATCH 098/331] Add library chart for chronyd. Main chart for dhcpd. --- charts/charts/buildall | 2 +- charts/charts/dhcpd/Chart.yaml | 8 +++ charts/charts/dhcpd/README.md | 53 +++++++++++++++++ charts/charts/dhcpd/requirements.yaml | 4 ++ charts/charts/dhcpd/templates/_helpers.tpl | 32 +++++++++++ charts/charts/dhcpd/templates/configmap.yaml | 40 +++++++++++++ charts/charts/dhcpd/templates/daemonset.yaml | 60 ++++++++++++++++++++ charts/charts/dhcpd/values.yaml | 37 ++++++++++++ charts/image-library-charts/buildall | 2 +- 9 files changed, 236 insertions(+), 2 deletions(-) create mode 100644 charts/charts/dhcpd/Chart.yaml create mode 100644 charts/charts/dhcpd/README.md create mode 100644 charts/charts/dhcpd/requirements.yaml create mode 100644 charts/charts/dhcpd/templates/_helpers.tpl create mode 100644 charts/charts/dhcpd/templates/configmap.yaml create mode 100644 charts/charts/dhcpd/templates/daemonset.yaml create mode 100644 charts/charts/dhcpd/values.yaml diff --git a/charts/charts/buildall b/charts/charts/buildall index b3acd2e..1fe9217 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -34,7 +34,7 @@ for ver in 1-13 1-14; do done CHANGE=0 -for CHART in console k8s-node-image; do +for CHART in console dhcpd k8s-node-image; do RAWCHART=$CHART case "$CHART" in k8s-node-image) diff --git a/charts/charts/dhcpd/Chart.yaml b/charts/charts/dhcpd/Chart.yaml new file mode 100644 index 0000000..5a96491 --- /dev/null +++ b/charts/charts/dhcpd/Chart.yaml @@ -0,0 +1,8 @@ +name: dhcpd +version: 0.1.0 +description: Super simple dhcp setup +keywords: +- dhcp +- dhcpd +sources: +- https://github.com/pnnl-miscscripts/miscscripts diff --git a/charts/charts/dhcpd/README.md b/charts/charts/dhcpd/README.md new file mode 100644 index 0000000..e53ccf6 --- /dev/null +++ b/charts/charts/dhcpd/README.md @@ -0,0 +1,53 @@ +# DHCPD + +The DHCPD chart launches a simple dhcpd server for your bare metal cluster. + + +## Install Chart + +To install the Chart into your Kubernetes cluster : + +```bash +helm install --namespace "dhcpd" --name "dhcpd" pnnl-miscscripts/dhcpd -f dhcpd-values.yaml +``` + +After installation succeeds, you can get a status of Chart + +```bash +helm status "dhcpd" +``` + +If you want to delete your Chart, use this command: + +```bash +helm delete --purge "dhcpd" +``` + +### DHCPD configuration +Set your interface(s) like: +```yaml +interfaces: ['eth0'] +``` + +Add your subnets to the subnets list like: +```yaml +config: + subnets: + - start: 172.22.0.0 + netmask: 255.255.255.0 +``` + +Setup a group and add your hosts like: +```yaml +config: + groups: + - domainName: example.com + domainNameServers: [172.22.0.1] + routers: [172.22.0.1] + subnetMask: 255.255.255.0 + hosts: + - name: c1 + mac: 00:01:02:aa:bb:cc + ip: 172.22.0.3 +``` + diff --git a/charts/charts/dhcpd/requirements.yaml b/charts/charts/dhcpd/requirements.yaml new file mode 100644 index 0000000..2f9f8d3 --- /dev/null +++ b/charts/charts/dhcpd/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: +- name: dhcpd + version: 2.0.0 + repository: https://pnnl-miscscripts.github.io/image-library-charts/ diff --git a/charts/charts/dhcpd/templates/_helpers.tpl b/charts/charts/dhcpd/templates/_helpers.tpl new file mode 100644 index 0000000..0444c30 --- /dev/null +++ b/charts/charts/dhcpd/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "pnnlmiscscripts.dhcp-full.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "pnnlmiscscripts.dhcp-full.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "pnnlmiscscripts.dhcp-full.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/charts/dhcpd/templates/configmap.yaml b/charts/charts/dhcpd/templates/configmap.yaml new file mode 100644 index 0000000..a34b436 --- /dev/null +++ b/charts/charts/dhcpd/templates/configmap.yaml @@ -0,0 +1,40 @@ +{{- if .Values.config.manage }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "pnnlmiscscripts.dhcp-full.fullname" . }} + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: {{ template "pnnlmiscscripts.dhcp-full.chart" . }} + app: {{ template "pnnlmiscscripts.dhcp-full.name" . }} +data: + dhcpd.conf: | + default-lease-time {{ .Values.config.defaultLeaseTime }}; + max-lease-time {{ .Values.config.maxLeaseTime }}; + + ddns-update-style {{ .Values.config.ddnsUpdateStyle }}; + +{{- range .Values.config.subnets }} + subnet {{ .start }} netmask {{ .netmask }} { +{{- if hasKey . "rangeStart" }} + range {{ .rangeStart }} {{ .rangeEnd }}; +{{- end }} + } +{{- end }} + +{{- range .Values.config.groups }} + group { + option routers {{ join ", " .routers }}; + option domain-name "{{ .domainName }}"; + option domain-name-servers {{ join ", " .domainNameServers }}; + option subnet-mask {{ join ", " .subnetMask }}; +{{- range .hosts }} + host {{ .name }} { + hardware ethernet {{ .mac }}; + fixed-address {{ .ip }}; + } + } +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/charts/dhcpd/templates/daemonset.yaml b/charts/charts/dhcpd/templates/daemonset.yaml new file mode 100644 index 0000000..2a4ef90 --- /dev/null +++ b/charts/charts/dhcpd/templates/daemonset.yaml @@ -0,0 +1,60 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: {{ template "pnnlmiscscripts.dhcp-full.fullname" . }} + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: {{ template "pnnlmiscscripts.dhcp-full.chart" . }} + app: {{ template "pnnlmiscscripts.dhcp-full.name" . }} +spec: + template: + metadata: + labels: + release: {{ .Release.Name | quote }} + app: {{ template "pnnlmiscscripts.dhcp-full.name" . }} + spec: + hostNetwork: true + containers: + - name: main + image: {{ dict "dot" . "section" .Values.dhcpd | include "pnnlmiscscripts.dhcpd.image" }} + imagePullPolicy: {{ .Values.dhcpd.imagePullPolicy }} + securityContext: + capabilities: + add: ["NET_ADMIN"] + command: + - /bin/sh + - -ec + - | + touch /var/lib/dhcp/dhcpd.leases + chown daemon.daemon /var/lib/dhcp/dhcpd.leases + chown daemon.daemon /var/lib/dhcp + chown daemon.daemon /var/run/dhcp + dhcpd -cf /etc/dhcp/dhcpd.conf -d -user daemon -group daemon {{ join " " .Values.interfaces }} + resources: +{{ toYaml .Values.resources | indent 10 }} +#FIXME this and pixiecore block each other.... +# ports: +# - containerPort: 67 +# name: dhcp +# protocol: UDP + volumeMounts: + - name: config + mountPath: /etc/dhcp + volumes: + - name: config + configMap: + name: {{ template "pnnlmiscscripts.dhcp-full.fullname" . }} + + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/charts/dhcpd/values.yaml b/charts/charts/dhcpd/values.yaml new file mode 100644 index 0000000..66820fe --- /dev/null +++ b/charts/charts/dhcpd/values.yaml @@ -0,0 +1,37 @@ +dhcpd: + imagePullPolicy: IfNotPresent + +resources: {} +interfaces: [] + +config: + manage: true + + defaultLeaseTime: 600 + maxLeaseTime: 7200 + ddnsUpdateStyle: none + + subnets: + - start: 172.22.0.0 + netmask: 255.255.255.0 +#FIXME rangeStart/End should not be used until pv support is added. +# rangeStart: 192.168.0.100 +# rangeEnd: 192.168.0.254 + groups: + - domainName: example.com + domainNameServers: [172.22.0.1] + routers: [172.22.0.1] + subnetMask: 255.255.255.0 + hosts: + - name: c1 + mac: 00:01:02:aa:bb:cc + ip: 172.22.0.3 + +nodeSelector: {} + +tolerations: [] +#- key: node-role.kubernetes.io/master +# operator: Exists +# effect: NoSchedule + +affinity: {} diff --git a/charts/image-library-charts/buildall b/charts/image-library-charts/buildall index 55b791b..8168670 100755 --- a/charts/image-library-charts/buildall +++ b/charts/image-library-charts/buildall @@ -20,7 +20,7 @@ cd image-library-charts mkdir -p tags CHANGE=0 -for CONTAINER in ipmitool dhcpd debug-toolbox anaconda-nginx k8s-node-image-nginx; do +for CONTAINER in ipmitool dhcpd chronyd debug-toolbox anaconda-nginx k8s-node-image-nginx; do case "$CONTAINER" in k8s-node-image-nginx) SUBBUILDS="1.13 1.14" From 02a60576e5115d0a9430fbf55ee694702c12ca84 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 1 May 2019 15:47:42 -0700 Subject: [PATCH 099/331] Add iputils version of ping. --- containers/debug-toolbox/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/containers/debug-toolbox/Dockerfile b/containers/debug-toolbox/Dockerfile index 7cb76e4..388a7b2 100644 --- a/containers/debug-toolbox/Dockerfile +++ b/containers/debug-toolbox/Dockerfile @@ -2,6 +2,7 @@ FROM alpine:3.9 RUN \ apk add --no-cache \ + iputils \ tcpdump \ strace \ iperf3 \ From 87976c419a4e76d67e170c3f00aea1b0a9ec9344 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sun, 12 May 2019 15:44:11 -0700 Subject: [PATCH 100/331] Enable default server This allows non virtual hosted servers, enabling easy port forwarding. Signed-off-by: Kevin Fox --- charts/charts/k8s-node-image/Chart.yaml | 2 +- charts/charts/k8s-node-image/templates/NOTES.txt | 9 +++++++++ charts/charts/k8s-node-image/templates/ingress.yaml | 9 +++++++-- charts/charts/k8s-node-image/values.yaml | 4 ++-- 4 files changed, 19 insertions(+), 5 deletions(-) diff --git a/charts/charts/k8s-node-image/Chart.yaml b/charts/charts/k8s-node-image/Chart.yaml index d6e736f..d3770dc 100644 --- a/charts/charts/k8s-node-image/Chart.yaml +++ b/charts/charts/k8s-node-image/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: A Helm chart for Kubernetes name: k8s-node-image -version: 0.1.0 +version: 0.2.0 diff --git a/charts/charts/k8s-node-image/templates/NOTES.txt b/charts/charts/k8s-node-image/templates/NOTES.txt index 47aa2eb..ad29a5a 100644 --- a/charts/charts/k8s-node-image/templates/NOTES.txt +++ b/charts/charts/k8s-node-image/templates/NOTES.txt @@ -3,10 +3,19 @@ Contact information {{- range .Values.ingress.hosts }} +{{- if . }} Repo: http://{{ . }}{{ $prefix }} Kernel: http://{{ . }}{{ $prefix }}/vmlinuz Initrd: http://{{ . }}{{ $prefix }}/initrd.img +{{- else }} +Repo: +http://xx.xx.xx.xx{{ $prefix }} +Kernel: +http://xx.xx.xx.xx{{ $prefix }}/vmlinuz +Initrd: +http://xx.xx.xx.xx{{ $prefix }}/initrd.img +{{- end }} {{- end }} diff --git a/charts/charts/k8s-node-image/templates/ingress.yaml b/charts/charts/k8s-node-image/templates/ingress.yaml index cae9c2e..aa68a56 100644 --- a/charts/charts/k8s-node-image/templates/ingress.yaml +++ b/charts/charts/k8s-node-image/templates/ingress.yaml @@ -16,6 +16,9 @@ metadata: annotations: {{- if .Values.ingress.regex }} nginx.ingress.kubernetes.io/rewrite-target: /$1 +{{- end }} +{{- if eq (len .Values.ingress.tls) 0 }} + nginx.ingress.kubernetes.io/ssl-redirect: "false" {{- end }} {{- with .Values.ingress.annotations }} {{- toYaml . | nindent 4 }} @@ -33,8 +36,7 @@ spec: {{- end }} rules: {{- range .Values.ingress.hosts }} - - host: {{ . | quote }} - http: + - http: paths: - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "" "type" "d" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} backend: @@ -64,5 +66,8 @@ spec: backend: serviceName: {{ $aFullName }} servicePort: http +{{- if . }} + host: {{ . | quote }} +{{- end }} {{- end }} {{- end }} diff --git a/charts/charts/k8s-node-image/values.yaml b/charts/charts/k8s-node-image/values.yaml index adb1a20..4385092 100644 --- a/charts/charts/k8s-node-image/values.yaml +++ b/charts/charts/k8s-node-image/values.yaml @@ -32,8 +32,8 @@ ingress: annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" - hosts: - - chart-example.local + hosts: [null] + #- chart-example.local tls: [] # - secretName: chart-example-tls From 44d00a57c0d2be7ee10cd53cda26391d951cb465 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sun, 12 May 2019 16:28:30 -0700 Subject: [PATCH 101/331] Add authconfig package Add the authconfig package to the node image. Signed-off-by: Kevin Fox --- containers/rpms-node-base/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/containers/rpms-node-base/Dockerfile b/containers/rpms-node-base/Dockerfile index 7ce86e6..488ce91 100644 --- a/containers/rpms-node-base/Dockerfile +++ b/containers/rpms-node-base/Dockerfile @@ -13,7 +13,8 @@ RUN --mount=type=secret,id=gpg \ yumdownloader --resolv --installroot=/tmp/root --releasever=/ \ --destdir rpms --setopt cachedir=/tmp/cache \ @Base @Core kernel grub2 docker e2fsprogs container-selinux nspr \ - nss-util openssh-server openssh iptables-services nfs-utils && \ + nss-util openssh-server openssh iptables-services nfs-utils \ + authconfig && \ gpg --import /run/secrets/gpg && \ gpg --import /root/rpm.pub && \ rpm --addsign $(find rpms -type f -name '*.rpm') && \ From 48767ae784ecdce4e90a6f41955e65374f988f32 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sun, 12 May 2019 16:45:52 -0700 Subject: [PATCH 102/331] Update unchanged to code 42 Signed-off-by: Kevin Fox --- containers/build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/build b/containers/build index c03baf6..89e1d17 100755 --- a/containers/build +++ b/containers/build @@ -27,7 +27,7 @@ if [ "x$GPGSIGN" != "x" ]; then rm -f "$GPGKEY" || true fi -if [ $RES -eq 1 ]; then +if [ $RES -eq 42 ]; then echo Nothing changed. Skipping. exit 0 fi From bfb28056a0214280ee0d1f9c8def91748553afac Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sun, 12 May 2019 16:57:10 -0700 Subject: [PATCH 103/331] Fix travis issue Signed-off-by: Kevin Fox --- containers/build | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/containers/build b/containers/build index 89e1d17..7a51308 100755 --- a/containers/build +++ b/containers/build @@ -20,6 +20,11 @@ if [ "x$GPGSIGN" != "x" ]; then export GPGKEY=$(pwd)/../../rpm.priv fi +#Workaround https://github.com/moby/moby/issues/39120 +if [ "x$DOCKER_BUILDKIT" != "x" ]; then + docker pull docker/dockerfile:1.0-experimental +fi + hubbuildtools/hubhookhelpers/build RES=$? From eef778a59eddfb8d3b1737ef9f009977d4fb7ee0 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sun, 12 May 2019 17:11:19 -0700 Subject: [PATCH 104/331] Work around travis issue Signed-off-by: Kevin Fox --- containers/build | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/containers/build b/containers/build index 7a51308..312bc62 100755 --- a/containers/build +++ b/containers/build @@ -22,7 +22,10 @@ fi #Workaround https://github.com/moby/moby/issues/39120 if [ "x$DOCKER_BUILDKIT" != "x" ]; then - docker pull docker/dockerfile:1.0-experimental + cat /etc/docker/daemon.json + echo '{}' | sudo dd of=/tmp/daemon.json + sudo systemctl restart docker + docker ps -a fi hubbuildtools/hubhookhelpers/build From 42d7c6c500a5579d27501a81600ded388ed3af8a Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sun, 12 May 2019 17:21:07 -0700 Subject: [PATCH 105/331] Get more info from travis Signed-off-by: Kevin Fox --- containers/build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/build b/containers/build index 312bc62..0f9ce85 100755 --- a/containers/build +++ b/containers/build @@ -22,7 +22,7 @@ fi #Workaround https://github.com/moby/moby/issues/39120 if [ "x$DOCKER_BUILDKIT" != "x" ]; then - cat /etc/docker/daemon.json + sudo cat /etc/docker/daemon.json echo '{}' | sudo dd of=/tmp/daemon.json sudo systemctl restart docker docker ps -a From 3edd72a09660273335ac9821f6f5c078f7c7f2e0 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Sun, 12 May 2019 17:25:08 -0700 Subject: [PATCH 106/331] Try to fix travis issue Signed-off-by: Kevin Fox --- containers/build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/build b/containers/build index 0f9ce85..fd37721 100755 --- a/containers/build +++ b/containers/build @@ -23,7 +23,7 @@ fi #Workaround https://github.com/moby/moby/issues/39120 if [ "x$DOCKER_BUILDKIT" != "x" ]; then sudo cat /etc/docker/daemon.json - echo '{}' | sudo dd of=/tmp/daemon.json + echo '{"mtu": 1460}' | sudo dd of=/etc/docker/daemon.json sudo systemctl restart docker docker ps -a fi From b0e8b4c55808c1f1eb9b4735ec9500e3fc1d98cb Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 13 May 2019 13:42:25 -0700 Subject: [PATCH 107/331] Add inotify-tools container Signed-off-by: Kevin Fox --- .travis.yml | 5 +++++ charts/image-library-charts/buildall | 2 +- containers/inotify-tools/Dockerfile | 5 +++++ containers/inotify-tools/buildenv | 2 ++ 4 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 containers/inotify-tools/Dockerfile create mode 100644 containers/inotify-tools/buildenv diff --git a/.travis.yml b/.travis.yml index b45a935..01546d5 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,6 +10,11 @@ jobs: language: shell name: Build dhcpd container script: ./containers/build dhcpd + - stage: build + dist: xenial + language: shell + name: Build inotify-tools container + script: ./containers/build inotify-tools - stage: build dist: xenial language: shell diff --git a/charts/image-library-charts/buildall b/charts/image-library-charts/buildall index 8168670..2c70095 100755 --- a/charts/image-library-charts/buildall +++ b/charts/image-library-charts/buildall @@ -20,7 +20,7 @@ cd image-library-charts mkdir -p tags CHANGE=0 -for CONTAINER in ipmitool dhcpd chronyd debug-toolbox anaconda-nginx k8s-node-image-nginx; do +for CONTAINER in ipmitool dhcpd inotify-tools chronyd debug-toolbox anaconda-nginx k8s-node-image-nginx; do case "$CONTAINER" in k8s-node-image-nginx) SUBBUILDS="1.13 1.14" diff --git a/containers/inotify-tools/Dockerfile b/containers/inotify-tools/Dockerfile new file mode 100644 index 0000000..2139b73 --- /dev/null +++ b/containers/inotify-tools/Dockerfile @@ -0,0 +1,5 @@ +FROM alpine:3.9 +MAINTAINER Kevin Fox + +RUN \ + apk add --no-cache --update inotify-tools diff --git a/containers/inotify-tools/buildenv b/containers/inotify-tools/buildenv new file mode 100644 index 0000000..b6a0799 --- /dev/null +++ b/containers/inotify-tools/buildenv @@ -0,0 +1,2 @@ +export AUTO_PREFIX=apk-version +export AUTO_PREFIX_PACKAGE=inotify-tools From 78104e316e991bdfeb6e17846c8c14b900349096 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Tue, 14 May 2019 17:16:52 -0700 Subject: [PATCH 108/331] Add chronyd Signed-off-by: Kevin Fox --- charts/charts/buildall | 2 +- charts/charts/chronyd/Chart.yaml | 5 ++ charts/charts/chronyd/README.md | 34 +++++++++ charts/charts/chronyd/requirements.yaml | 4 ++ charts/charts/chronyd/templates/_helpers.tpl | 32 +++++++++ .../charts/chronyd/templates/configmap.yaml | 12 ++++ .../charts/chronyd/templates/daemonset.yaml | 70 +++++++++++++++++++ .../charts/chronyd/templates/rolebinding.yaml | 19 +++++ .../chronyd/templates/serviceaccount.yaml | 11 +++ charts/charts/chronyd/values.yaml | 35 ++++++++++ 10 files changed, 223 insertions(+), 1 deletion(-) create mode 100644 charts/charts/chronyd/Chart.yaml create mode 100644 charts/charts/chronyd/README.md create mode 100644 charts/charts/chronyd/requirements.yaml create mode 100644 charts/charts/chronyd/templates/_helpers.tpl create mode 100644 charts/charts/chronyd/templates/configmap.yaml create mode 100644 charts/charts/chronyd/templates/daemonset.yaml create mode 100644 charts/charts/chronyd/templates/rolebinding.yaml create mode 100644 charts/charts/chronyd/templates/serviceaccount.yaml create mode 100644 charts/charts/chronyd/values.yaml diff --git a/charts/charts/buildall b/charts/charts/buildall index 1fe9217..ddbde93 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -34,7 +34,7 @@ for ver in 1-13 1-14; do done CHANGE=0 -for CHART in console dhcpd k8s-node-image; do +for CHART in console chronyd dhcpd k8s-node-image; do RAWCHART=$CHART case "$CHART" in k8s-node-image) diff --git a/charts/charts/chronyd/Chart.yaml b/charts/charts/chronyd/Chart.yaml new file mode 100644 index 0000000..d10ea3c --- /dev/null +++ b/charts/charts/chronyd/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: Chronyd for Kubernetes +name: chronyd +version: 0.3.0 diff --git a/charts/charts/chronyd/README.md b/charts/charts/chronyd/README.md new file mode 100644 index 0000000..1c05369 --- /dev/null +++ b/charts/charts/chronyd/README.md @@ -0,0 +1,34 @@ +# Chronyd + +The chronyd chart launches chronyd on each node of the cluster. + + +## Install Chart + +To install the Chart into your Kubernetes cluster : + +```bash +helm install --namespace "chronyd" --name "chronyd" pnnl-miscscripts/chronyd -f chronyd-values.yaml +``` + +After installation succeeds, you can get a status of Chart + +```bash +helm status "chronyd" +``` + +If you want to delete your Chart, use this command: + +```bash +helm delete --purge "chronyd" +``` + +### Chronyd configuration +Set your chronyd config like: +```yaml +config: | + pool pool.ntp.org iburst maxsources 3 + rtcsync + driftfile /var/lib/chrony/drift +``` + diff --git a/charts/charts/chronyd/requirements.yaml b/charts/charts/chronyd/requirements.yaml new file mode 100644 index 0000000..1b9664f --- /dev/null +++ b/charts/charts/chronyd/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: +- name: chronyd + version: 2.0.0 + repository: https://pnnl-miscscripts.github.io/image-library-charts/ diff --git a/charts/charts/chronyd/templates/_helpers.tpl b/charts/charts/chronyd/templates/_helpers.tpl new file mode 100644 index 0000000..c7b085b --- /dev/null +++ b/charts/charts/chronyd/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "pnnlmiscscripts.chronyd.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "pnnlmiscscripts.chronyd.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "pnnlmiscscripts.chronyd.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/charts/chronyd/templates/configmap.yaml b/charts/charts/chronyd/templates/configmap.yaml new file mode 100644 index 0000000..e60a743 --- /dev/null +++ b/charts/charts/chronyd/templates/configmap.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "pnnlmiscscripts.chronyd.fullname" . }} + labels: + app: {{ template "pnnlmiscscripts.chronyd.name" . }} + chart: {{ template "pnnlmiscscripts.chronyd.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + chrony.conf: | +{{ .Values.config | indent 4 }} diff --git a/charts/charts/chronyd/templates/daemonset.yaml b/charts/charts/chronyd/templates/daemonset.yaml new file mode 100644 index 0000000..83ba8f1 --- /dev/null +++ b/charts/charts/chronyd/templates/daemonset.yaml @@ -0,0 +1,70 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: {{ template "pnnlmiscscripts.chronyd.fullname" . }} + labels: + app: {{ template "pnnlmiscscripts.chronyd.name" . }} + chart: {{ template "pnnlmiscscripts.chronyd.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + updateStrategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ template "pnnlmiscscripts.chronyd.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ template "pnnlmiscscripts.chronyd.name" . }} + release: {{ .Release.Name }} + spec: + containers: + - image: {{ dict "dot" . "section" .Values.image | include "pnnlmiscscripts.chronyd.image" }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + name: main + command: + - /bin/sh + - -xec + - | + [ -f /var/run/chronyd.pid ] && rm -f /var/run/chronyd.pid + /usr/sbin/chronyd -n + securityContext: + privileged: true + volumeMounts: + - mountPath: /var/lib/cronyd + name: state + - mountPath: /etc/chrony/chrony.conf + subPath: chrony.conf + name: config + dnsPolicy: ClusterFirst + hostNetwork: true + hostPID: true + hostIPC: true + restartPolicy: Always + serviceAccountName: {{ template "pnnlmiscscripts.chronyd.fullname" . }} + volumes: + - configMap: + name: {{ template "pnnlmiscscripts.chronyd.fullname" . }} + name: config + - hostPath: + path: /var/lib/chrony + name: state + resources: +{{ toYaml .Values.resources | indent 8 }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} diff --git a/charts/charts/chronyd/templates/rolebinding.yaml b/charts/charts/chronyd/templates/rolebinding.yaml new file mode 100644 index 0000000..4355764 --- /dev/null +++ b/charts/charts/chronyd/templates/rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "pnnlmiscscripts.chronyd.fullname" . }} + labels: + app: {{ template "pnnlmiscscripts.chronyd.name" . }} + chart: {{ template "pnnlmiscscripts.chronyd.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Values.rbac.podSecurityPolicy }} +subjects: +- kind: ServiceAccount + name: {{ template "pnnlmiscscripts.chronyd.fullname" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/charts/chronyd/templates/serviceaccount.yaml b/charts/charts/chronyd/templates/serviceaccount.yaml new file mode 100644 index 0000000..ef2ccf3 --- /dev/null +++ b/charts/charts/chronyd/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if .Values.rbac.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pnnlmiscscripts.chronyd.fullname" . }} + labels: + app: {{ template "pnnlmiscscripts.chronyd.name" . }} + chart: {{ template "pnnlmiscscripts.chronyd.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- end }} diff --git a/charts/charts/chronyd/values.yaml b/charts/charts/chronyd/values.yaml new file mode 100644 index 0000000..2f2713e --- /dev/null +++ b/charts/charts/chronyd/values.yaml @@ -0,0 +1,35 @@ +image: + pullPolicy: IfNotPresent + +rbac: + create: true + podSecurityPolicy: unrestricted-psp + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: +- key: CriticalAddonsOnly + operator: Exists +- operator: Exists +- effect: NoSchedule + key: node-role.kubernetes.io/master + +affinity: {} + +config: | + pool pool.ntp.org iburst maxsources 3 + rtcsync + driftfile /var/lib/chrony/drift + From 82f8e2200100bbb44b78e6ca0ee5c5f9338ae21e Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 17 May 2019 15:40:47 -0700 Subject: [PATCH 109/331] Save library chart metadata into a readable format. Signed-off-by: Kevin Fox --- charts/charts/buildall | 3 +++ charts/image-library-charts/build | 11 +++++++++++ 2 files changed, 14 insertions(+) diff --git a/charts/charts/buildall b/charts/charts/buildall index ddbde93..8eddcac 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -31,6 +31,9 @@ for ver in 1-13 1-14; do popd 2>/dev/null APPVER=$(helm inspect chart k8s-node-image-$ver/charts/k8s-node-image-nginx-*.tgz | sort | awk '{if(/^(appVersion):/){print $2}}') sed -i "s@^appVersion:.*@appVersion: k8s-node-image-$APPVER@g" k8s-node-image-$ver/Chart.yaml + #FIXME + #IMAGETAG=$(tar -zxOf k8s-node-image-$ver/charts/k8s-node-image-nginx-*.tgz k8s-node-image-nginx/files/metadata.json | jq -r .tag ) + #sed IMAGETAG into README.md done CHANGE=0 diff --git a/charts/image-library-charts/build b/charts/image-library-charts/build index e782c9a..3e53e50 100755 --- a/charts/image-library-charts/build +++ b/charts/image-library-charts/build @@ -90,6 +90,17 @@ How to use: {{- end -}} EOF +mkdir -p files +cat > files/metadata.json < /dev/null helm package "../../$CONTAINER" From de22d447e26c506ab07d99bf13168a42b50e3ec2 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 23 May 2019 13:08:15 -0700 Subject: [PATCH 110/331] Add python 2 lint --- .travis.yml | 5 +++++ containers/py2lint/Dockerfile | 6 ++++++ containers/py2lint/buildenv | 2 ++ 3 files changed, 13 insertions(+) create mode 100644 containers/py2lint/Dockerfile create mode 100644 containers/py2lint/buildenv diff --git a/.travis.yml b/.travis.yml index 01546d5..167e4d1 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,5 +1,10 @@ jobs: include: + - stage: build + dist: xenial + language: shell + name: Build py2lint container + script: ./containers/build py2lint - stage: build dist: xenial language: shell diff --git a/containers/py2lint/Dockerfile b/containers/py2lint/Dockerfile new file mode 100644 index 0000000..8991e32 --- /dev/null +++ b/containers/py2lint/Dockerfile @@ -0,0 +1,6 @@ +FROM alpine:3.9 +MAINTAINER Kevin Fox + +RUN \ + apk add --no-cache --update py2-pip && \ + pip install pylint diff --git a/containers/py2lint/buildenv b/containers/py2lint/buildenv new file mode 100644 index 0000000..b1ab701 --- /dev/null +++ b/containers/py2lint/buildenv @@ -0,0 +1,2 @@ +export AUTO_PREFIX=pip-version +export AUTO_PREFIX_PACKAGE=pylint From 392628a35080225e7a58450482b4bbfa39be6271 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Tue, 25 Jun 2019 15:33:35 -0700 Subject: [PATCH 111/331] Add k8s 1.15 --- .travis.yml | 17 +++++++++++++++++ charts/charts/buildall | 2 +- charts/image-library-charts/buildall | 2 +- 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 167e4d1..f606e81 100644 --- a/.travis.yml +++ b/.travis.yml @@ -65,6 +65,12 @@ jobs: language: shell name: Build rpms-kubernetes container 1.14 script: ./containers/build rpms-kubernetes 1.14 + - stage: build + before_install: *upgradedocker + dist: xenial + language: shell + name: Build rpms-kubernetes container 1.15 + script: ./containers/build rpms-kubernetes 1.15 - stage: build dist: xenial language: shell @@ -82,6 +88,12 @@ jobs: language: shell name: Build full k8s node image 1.14 script: ./containers/build k8s-node-image 1.14 + - stage: build-full-image + before_install: *upgradedocker + dist: xenial + language: shell + name: Build full k8s node image 1.15 + script: ./containers/build k8s-node-image 1.15 - stage: build-nginx dist: xenial language: shell @@ -97,6 +109,11 @@ jobs: language: shell name: Build k8s-node-image+nginx container 1.14 script: ./containers/build k8s-node-image-nginx 1.14 + - stage: build-nginx + dist: xenial + language: shell + name: Build k8s-node-image+nginx container 1.15 + script: ./containers/build k8s-node-image-nginx 1.15 - stage: build-image-library-charts dist: xenial language: shell diff --git a/charts/charts/buildall b/charts/charts/buildall index 8eddcac..4278e74 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -22,7 +22,7 @@ helm init --client-only helm repo add pnnl-miscscripts-image-library-charts https://pnnl-miscscripts.github.io/image-library-charts/ helm repo update -for ver in 1-13 1-14; do +for ver in 1-13 1-14 1-15; do cp -a k8s-node-image k8s-node-image-$ver sed -i "s@k8s-node-image-nginx-1-14@k8s-node-image-nginx-$ver@g" k8s-node-image-$ver/requirements.yaml k8s-node-image-$ver/values.yaml sed -i "s@^name:.*@name: k8s-node-image-$ver@g" k8s-node-image-$ver/Chart.yaml diff --git a/charts/image-library-charts/buildall b/charts/image-library-charts/buildall index 2c70095..c79d922 100755 --- a/charts/image-library-charts/buildall +++ b/charts/image-library-charts/buildall @@ -23,7 +23,7 @@ CHANGE=0 for CONTAINER in ipmitool dhcpd inotify-tools chronyd debug-toolbox anaconda-nginx k8s-node-image-nginx; do case "$CONTAINER" in k8s-node-image-nginx) - SUBBUILDS="1.13 1.14" + SUBBUILDS="1.13 1.14 1.15" ;; *) SUBBUILDS="latest" From 857a21adbe930131fefd76d673b545ca3b76294e Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Tue, 9 Jul 2019 13:37:51 -0700 Subject: [PATCH 112/331] Update containerd to 1.2.7. Fail if it finds newer versions to notify maintainers to update. --- containers/rpms-containerd/Dockerfile | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/containers/rpms-containerd/Dockerfile b/containers/rpms-containerd/Dockerfile index c2ae57e..3d8517b 100644 --- a/containers/rpms-containerd/Dockerfile +++ b/containers/rpms-containerd/Dockerfile @@ -2,7 +2,7 @@ FROM centos:centos7 MAINTAINER Kevin Fox -ENV VERSION=1.2.6 +ENV VERSION=1.2.7 ADD containerd.spec /root/rpmbuild/SOURCES/containerd.spec ADD rpm.pub /root/rpm.pub @@ -12,7 +12,11 @@ RUN --mount=type=secret,id=gpg \ set -x && \ cd / && \ yum install -y rpm-build cpio createrepo gnupg2 rpm-sign && \ - curl -o /root/rpmbuild/SOURCES/containerd.tar.gz "https://storage.googleapis.com/cri-containerd-release/cri-containerd-$VERSION.linux-amd64.tar.gz" && \ + NEWVER=$(echo "$VERSION" | awk -F. '{print $1 "." $2 "." $3+1}') && \ + (! curl -f -o /root/rpmbuild/SOURCES/containerd.tar.gz "https://storage.googleapis.com/cri-containerd-release/cri-containerd-$NEWVER.linux-amd64.tar.gz") && \ + NEWVER=$(echo "$VERSION" | awk -F. '{print $1 "." $2+1 ".0"}') && \ + (! curl -f -o /root/rpmbuild/SOURCES/containerd.tar.gz "https://storage.googleapis.com/cri-containerd-release/cri-containerd-$NEWVER.linux-amd64.tar.gz") && \ + curl -f -o /root/rpmbuild/SOURCES/containerd.tar.gz "https://storage.googleapis.com/cri-containerd-release/cri-containerd-$VERSION.linux-amd64.tar.gz" && \ sed -i "s/^\(Version:\).*$/\1 $VERSION/" /root/rpmbuild/SOURCES/containerd.spec && \ cat /root/rpmbuild/SOURCES/containerd.spec && \ rpmbuild -ba /root/rpmbuild/SOURCES/containerd.spec && \ From 290b361c53b7a23760af9761fb511d2634a88364 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 12 Jul 2019 17:54:43 -0700 Subject: [PATCH 113/331] Release k8s 1.15 chart. --- charts/charts/buildall | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/charts/buildall b/charts/charts/buildall index 4278e74..b3b348e 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -41,7 +41,7 @@ for CHART in console chronyd dhcpd k8s-node-image; do RAWCHART=$CHART case "$CHART" in k8s-node-image) - SUBBUILDS="1-13 1-14" + SUBBUILDS="1-13 1-14 1-15" ;; *) SUBBUILDS="latest" From f0612d63e1f01b0b20c4e14f520df0acbf5c5a68 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Tue, 30 Jul 2019 10:36:59 -0700 Subject: [PATCH 114/331] Add pixiecore container --- .travis.yml | 5 +++++ containers/pixiecore/Dockerfile | 9 +++++++++ containers/pixiecore/buildenv | 2 ++ 3 files changed, 16 insertions(+) create mode 100644 containers/pixiecore/Dockerfile create mode 100644 containers/pixiecore/buildenv diff --git a/.travis.yml b/.travis.yml index f606e81..8016cd0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,6 +5,11 @@ jobs: language: shell name: Build py2lint container script: ./containers/build py2lint + - stage: build + dist: xenial + language: shell + name: Build pixiecore container + script: ./containers/build pixiecore - stage: build dist: xenial language: shell diff --git a/containers/pixiecore/Dockerfile b/containers/pixiecore/Dockerfile new file mode 100644 index 0000000..5db53b4 --- /dev/null +++ b/containers/pixiecore/Dockerfile @@ -0,0 +1,9 @@ +FROM golang + +RUN \ + go get go.universe.tf/netboot/cmd/pixiecore + +FROM alpine:3.9 +COPY --from=0 /go/bin/pixiecore /bin/pixiecore +ENTRYPOINT ["/bin/pixiecore"] + diff --git a/containers/pixiecore/buildenv b/containers/pixiecore/buildenv new file mode 100644 index 0000000..4c08975 --- /dev/null +++ b/containers/pixiecore/buildenv @@ -0,0 +1,2 @@ +export PREFIX=1.0.0 +export NEW_BUILD=1 From 0a968c4b46bd2810597fcaf802e620a16e918a1f Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Tue, 30 Jul 2019 10:50:40 -0700 Subject: [PATCH 115/331] Remove new build flag --- containers/pixiecore/buildenv | 1 - 1 file changed, 1 deletion(-) diff --git a/containers/pixiecore/buildenv b/containers/pixiecore/buildenv index 4c08975..80651d6 100644 --- a/containers/pixiecore/buildenv +++ b/containers/pixiecore/buildenv @@ -1,2 +1 @@ export PREFIX=1.0.0 -export NEW_BUILD=1 From 1e00682380fe8aae559b1b27da2efff076db85ff Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 31 Jul 2019 10:57:51 -0700 Subject: [PATCH 116/331] Add pixiecore image library chart --- charts/image-library-charts/buildall | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/image-library-charts/buildall b/charts/image-library-charts/buildall index c79d922..53931cb 100755 --- a/charts/image-library-charts/buildall +++ b/charts/image-library-charts/buildall @@ -20,7 +20,7 @@ cd image-library-charts mkdir -p tags CHANGE=0 -for CONTAINER in ipmitool dhcpd inotify-tools chronyd debug-toolbox anaconda-nginx k8s-node-image-nginx; do +for CONTAINER in ipmitool dhcpd inotify-tools chronyd debug-toolbox anaconda-nginx k8s-node-image-nginx pixiecore; do case "$CONTAINER" in k8s-node-image-nginx) SUBBUILDS="1.13 1.14 1.15" From ff7e35a770d623fe867f2689858afc3ce39cec5b Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 31 Jul 2019 13:41:19 -0700 Subject: [PATCH 117/331] Update pixiecore --- containers/pixiecore/Dockerfile | 2 +- containers/pixiecore/buildenv | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/containers/pixiecore/Dockerfile b/containers/pixiecore/Dockerfile index 5db53b4..7203bc4 100644 --- a/containers/pixiecore/Dockerfile +++ b/containers/pixiecore/Dockerfile @@ -1,7 +1,7 @@ FROM golang RUN \ - go get go.universe.tf/netboot/cmd/pixiecore + CGO_ENABLED=0 go get go.universe.tf/netboot/cmd/pixiecore FROM alpine:3.9 COPY --from=0 /go/bin/pixiecore /bin/pixiecore diff --git a/containers/pixiecore/buildenv b/containers/pixiecore/buildenv index 80651d6..c08389c 100644 --- a/containers/pixiecore/buildenv +++ b/containers/pixiecore/buildenv @@ -1 +1 @@ -export PREFIX=1.0.0 +export PREFIX=1.0.1 From 2f844375dbde9df569c764ef8dbf85b73d4d4531 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 2 Aug 2019 12:57:21 -0700 Subject: [PATCH 118/331] Add tenant namespace chart --- charts/charts/tenant-namespace/Chart.yaml | 5 + charts/charts/tenant-namespace/README.md | 21 ++++ .../charts/tenant-namespace/requirements.yaml | 15 +++ .../tenant-namespace/templates/NOTES.txt | 2 + .../tenant-namespace/templates/_helpers.tpl | 32 ++++++ .../templates/certificate.yaml | 15 +++ .../tenant-namespace/templates/issuer.yaml | 16 +++ .../templates/limitrange.yaml | 12 ++ .../templates/nginx-ingress-role.yaml | 66 +++++++++++ .../templates/nginx-ingress-rolebinding.yaml | 18 +++ .../rbac-admin-group-rolebinding.yaml | 17 +++ .../templates/resourcequota.yaml | 17 +++ .../simple-restricted-networkpolicy.yaml | 49 +++++++++ charts/charts/tenant-namespace/values.yaml | 104 ++++++++++++++++++ 14 files changed, 389 insertions(+) create mode 100644 charts/charts/tenant-namespace/Chart.yaml create mode 100644 charts/charts/tenant-namespace/README.md create mode 100644 charts/charts/tenant-namespace/requirements.yaml create mode 100644 charts/charts/tenant-namespace/templates/NOTES.txt create mode 100644 charts/charts/tenant-namespace/templates/_helpers.tpl create mode 100644 charts/charts/tenant-namespace/templates/certificate.yaml create mode 100644 charts/charts/tenant-namespace/templates/issuer.yaml create mode 100644 charts/charts/tenant-namespace/templates/limitrange.yaml create mode 100644 charts/charts/tenant-namespace/templates/nginx-ingress-role.yaml create mode 100644 charts/charts/tenant-namespace/templates/nginx-ingress-rolebinding.yaml create mode 100644 charts/charts/tenant-namespace/templates/rbac-admin-group-rolebinding.yaml create mode 100644 charts/charts/tenant-namespace/templates/resourcequota.yaml create mode 100644 charts/charts/tenant-namespace/templates/simple-restricted-networkpolicy.yaml create mode 100644 charts/charts/tenant-namespace/values.yaml diff --git a/charts/charts/tenant-namespace/Chart.yaml b/charts/charts/tenant-namespace/Chart.yaml new file mode 100644 index 0000000..3d2ad55 --- /dev/null +++ b/charts/charts/tenant-namespace/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: Chart for setting up a tenants namespace with all the goodies +name: tenant-namespace +version: 0.6.0 diff --git a/charts/charts/tenant-namespace/README.md b/charts/charts/tenant-namespace/README.md new file mode 100644 index 0000000..f274e91 --- /dev/null +++ b/charts/charts/tenant-namespace/README.md @@ -0,0 +1,21 @@ +tenant-namespace is a chart that lets you quickly provision a namespace for a +tenant + +TL;DR; + +First, put whatever cluster specific default values into +mycluster-tenant-namespace-values.yaml + +```console +read -p 'Enter Tenant name: ' tenant +helm install namespace --name $tenant --namespace ${tenant}-admin \ + -f mycluster-tenant-namespace-values.yaml \ + --set magicnamespace.namespace=$tenant \ + --set ingress.controller.scope.namespace=$tenant +``` + +To get the ci secret to put into your ci system, you can do something like: +```console +kubectl get secret -n $tenant $(kubectl get serviceaccount -n $tenant ci -o go-template='{{ (index .secrets 0).name }}') -o go-template='{{ .data.token | base64decode }}{{ printf "\n" }}' +``` + diff --git a/charts/charts/tenant-namespace/requirements.yaml b/charts/charts/tenant-namespace/requirements.yaml new file mode 100644 index 0000000..2b6d647 --- /dev/null +++ b/charts/charts/tenant-namespace/requirements.yaml @@ -0,0 +1,15 @@ +dependencies: +- name: magic-namespace + alias: adminmagicnamespace + version: "0.5.2" + repository: "https://kubernetes-charts.storage.googleapis.com" + condition: adminmagicnamespace.enabled +- name: magic-namespace + alias: magicnamespace + version: "0.5.2" + repository: "https://kubernetes-charts.storage.googleapis.com" +- name: nginx-ingress + alias: ingress + version: "1.7.0" + repository: "https://kubernetes-charts.storage.googleapis.com" + condition: ingress.nginx.enabled diff --git a/charts/charts/tenant-namespace/templates/NOTES.txt b/charts/charts/tenant-namespace/templates/NOTES.txt new file mode 100644 index 0000000..0c834a7 --- /dev/null +++ b/charts/charts/tenant-namespace/templates/NOTES.txt @@ -0,0 +1,2 @@ +Remember to: +kubectl label namespace kube-system name=kube-system diff --git a/charts/charts/tenant-namespace/templates/_helpers.tpl b/charts/charts/tenant-namespace/templates/_helpers.tpl new file mode 100644 index 0000000..2f004af --- /dev/null +++ b/charts/charts/tenant-namespace/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "namespace.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "namespace.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "namespace.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} \ No newline at end of file diff --git a/charts/charts/tenant-namespace/templates/certificate.yaml b/charts/charts/tenant-namespace/templates/certificate.yaml new file mode 100644 index 0000000..af65e84 --- /dev/null +++ b/charts/charts/tenant-namespace/templates/certificate.yaml @@ -0,0 +1,15 @@ +{{- if .Values.letsencrypt.enabled }} +{{- $name := .Values.magicnamespace.namespace }} +apiVersion: certmanager.k8s.io/v1alpha1 +kind: Certificate +metadata: + name: default-tls +spec: + secretName: default-tls + dnsNames: + - {{ $name }}.{{ .Values.subdomain }} + - "*.{{ $name }}.{{ .Values.subdomain }}" + issuerRef: + name: letsencrypt-production + kind: Issuer +{{- end }} diff --git a/charts/charts/tenant-namespace/templates/issuer.yaml b/charts/charts/tenant-namespace/templates/issuer.yaml new file mode 100644 index 0000000..30fa1c4 --- /dev/null +++ b/charts/charts/tenant-namespace/templates/issuer.yaml @@ -0,0 +1,16 @@ +{{- if .Values.letsencrypt.enabled }} +apiVersion: certmanager.k8s.io/v1alpha1 +kind: Issuer +metadata: + name: letsencrypt-production +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + email: {{ .Values.contact }} + + privateKeySecretRef: + name: letsencrypt-production + + solvers: +{{ toYaml .Values.letsencrypt.solvers | indent 6 }} +{{- end }} diff --git a/charts/charts/tenant-namespace/templates/limitrange.yaml b/charts/charts/tenant-namespace/templates/limitrange.yaml new file mode 100644 index 0000000..9421469 --- /dev/null +++ b/charts/charts/tenant-namespace/templates/limitrange.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: LimitRange +metadata: + name: {{ .Release.Name }} + namespace: {{ .Values.magicnamespace.namespace }} + labels: + app: {{ template "namespace.name" . }} + chart: {{ template "namespace.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: +{{ toYaml .Values.limitRange | indent 2 }} diff --git a/charts/charts/tenant-namespace/templates/nginx-ingress-role.yaml b/charts/charts/tenant-namespace/templates/nginx-ingress-role.yaml new file mode 100644 index 0000000..1bae0b9 --- /dev/null +++ b/charts/charts/tenant-namespace/templates/nginx-ingress-role.yaml @@ -0,0 +1,66 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "namespace.fullname" . }} + labels: + app: {{ template "namespace.name" . }} + chart: {{ template "namespace.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + namespace: {{ .Values.magicnamespace.namespace }} +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - configmaps + - pods + - secrets + - endpoints + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - services + verbs: + - get + - list + - update + - watch +- apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - get + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/charts/charts/tenant-namespace/templates/nginx-ingress-rolebinding.yaml b/charts/charts/tenant-namespace/templates/nginx-ingress-rolebinding.yaml new file mode 100644 index 0000000..9cefbfa --- /dev/null +++ b/charts/charts/tenant-namespace/templates/nginx-ingress-rolebinding.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "namespace.fullname" . }} + labels: + app: {{ template "namespace.name" . }} + chart: {{ template "namespace.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + namespace: {{ .Values.magicnamespace.namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "namespace.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ .Release.Name }}-ingress + namespace: {{ .Release.Namespace }} diff --git a/charts/charts/tenant-namespace/templates/rbac-admin-group-rolebinding.yaml b/charts/charts/tenant-namespace/templates/rbac-admin-group-rolebinding.yaml new file mode 100644 index 0000000..ad2c146 --- /dev/null +++ b/charts/charts/tenant-namespace/templates/rbac-admin-group-rolebinding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: rbac-admin-group + namespace: {{ .Values.magicnamespace.namespace }} + labels: + app: {{ template "namespace.name" . }} + chart: {{ template "namespace.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: admin +subjects: +- kind: Group + name: {{ .Values.roleBindings.groupPrefix }}{{ .Values.magicnamespace.namespace }}.admin diff --git a/charts/charts/tenant-namespace/templates/resourcequota.yaml b/charts/charts/tenant-namespace/templates/resourcequota.yaml new file mode 100644 index 0000000..7f7289f --- /dev/null +++ b/charts/charts/tenant-namespace/templates/resourcequota.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ResourceQuota +metadata: + name: {{ .Release.Name }} + namespace: {{ .Values.magicnamespace.namespace }} + labels: + app: {{ template "namespace.name" . }} + chart: {{ template "namespace.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + hard: + pods: {{ .Values.quota.pods }} + requests.cpu: {{ .Values.quota.requests.cpu }} + requests.memory: {{ .Values.quota.requests.memory }} + limits.cpu: {{ .Values.quota.limits.cpu }} + limits.memory: {{ .Values.quota.limits.memory }} \ No newline at end of file diff --git a/charts/charts/tenant-namespace/templates/simple-restricted-networkpolicy.yaml b/charts/charts/tenant-namespace/templates/simple-restricted-networkpolicy.yaml new file mode 100644 index 0000000..28308f4 --- /dev/null +++ b/charts/charts/tenant-namespace/templates/simple-restricted-networkpolicy.yaml @@ -0,0 +1,49 @@ +{{- if and .Values.networkPolicy.enabled (eq .Values.networkPolicy.type "simple-restricted") }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default + namespace: {{ .Values.magicnamespace.namespace }} +spec: + policyTypes: + - Ingress + - Egress + ingress: + - from: +# Allow non pod traffic +{{- range .Values.networkPolicy.ingress.ipBlocks }} + - ipBlock: +{{ toYaml . | indent 8 }} +{{- end }} +# Allow admin namespace to access this namespace + - namespaceSelector: + matchLabels: + name: {{ .Release.Namespace }} + podSelector: {} +# Allow access to the kube-system namespace for service discovery + - namespaceSelector: + matchLabels: + name: kube-system + podSelector: {} +# Allow this namespace to access itself + - podSelector: {} + egress: + - to: +# Allow non pod traffic +{{- range .Values.networkPolicy.ingress.ipBlocks }} + - ipBlock: +{{ toYaml . | indent 8 }} +{{- end }} +# Allow admin namespace to access this namespace + - namespaceSelector: + matchLabels: + name: {{ .Release.Namespace }} + podSelector: {} +# Allow access to the kube-system namespace for service discovery + - namespaceSelector: + matchLabels: + name: kube-system + podSelector: {} +# Allow this namespace to access itself + - podSelector: {} +{{- end }} diff --git a/charts/charts/tenant-namespace/values.yaml b/charts/charts/tenant-namespace/values.yaml new file mode 100644 index 0000000..76f2da8 --- /dev/null +++ b/charts/charts/tenant-namespace/values.yaml @@ -0,0 +1,104 @@ +contact: some@email.addr +subdomain: tenants.subdomain.addr # Tenant foo at foo.tenants.subdomain.addr + +adminmagicnamespace: + enabled: false + #namespace: project-admin + tiller: + image: + tag: v2.11.0 + role: + type: ClusterRole + name: admin + +#NOTE, letsencrypt support isn't fully baked yet. It works, but nginx-ingress +# cant use it yet, as nginx-ingress can't watch two namespaces at once. +letsencrypt: + enabled: false + solvers: [] #List of solvers in a cert-manager issuer + +# Provides tenant namespace isolation. Tested with Canal. At time of release +# Known not to work with Weave except for the unrelased trunk version. +networkPolicy: + enabled: true + type: simple-restricted + ingress: +# These are default settings for kubeadm with canal. + ipBlocks: + - cidr: 0.0.0.0/0 + except: + - 10.244.0.0/16 # Pod network + - 10.96.0.0/12 # Service network + egress: + ipBlocks: + - cidr: 0.0.0.0/0 + except: + - 10.244.0.0/16 # Pod network + - 10.96.0.0/12 # Service network + +magicnamespace: + namespace: project + tiller: + role: + type: ClusterRole + name: admin + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + serviceAccounts: +# Service account users can use to drive via ci. + - ci + roleBindings: + - name: ci-admin + role: + kind: ClusterRole + name: admin + subject: + kind: ServiceAccount + name: ci + +roleBindings: +# Used to manage rbac rules. User's group prefix to use for assigning +# permissions. Group foo.tenantname.admin is role bound to the admin +# role of the tenants namespace. + groupPrefix: foo. + +ingress: + nginx: + enabled: true + controller: + ingressClass: public + extraArgs: {} +# default-ssl-certificate=default/default-tls + scope: + enabled: true + namespace: "" + stats: + enabled: true + metrics: + enabled: true + publishService: + enabled: true + +quota: + pods: 10 + limits: + cpu: 10 + memory: 8Gi + requests: + cpu: 5 + memory: 4Gi + +limitRange: + limits: + - default: + cpu: 1000m + memory: 2Gi + defaultRequest: + cpu: 100m + memory: 256Mi + type: Container From b3245052d86a1e8db5d5b2b4e69a8c6ea210ba02 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 2 Aug 2019 13:36:05 -0700 Subject: [PATCH 119/331] Fix build. --- containers/pixiecore/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/containers/pixiecore/Dockerfile b/containers/pixiecore/Dockerfile index 7203bc4..e8b49d6 100644 --- a/containers/pixiecore/Dockerfile +++ b/containers/pixiecore/Dockerfile @@ -5,5 +5,6 @@ RUN \ FROM alpine:3.9 COPY --from=0 /go/bin/pixiecore /bin/pixiecore +RUN echo 1.0.1 > /.extrafingerprints ENTRYPOINT ["/bin/pixiecore"] From e29510a0634f71643d205c60040877ce1c98f8a2 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 2 Aug 2019 13:59:24 -0700 Subject: [PATCH 120/331] Add pixiecore and tenant-namespace charts --- charts/charts/buildall | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/charts/buildall b/charts/charts/buildall index b3b348e..ffc5cc3 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -37,7 +37,7 @@ for ver in 1-13 1-14 1-15; do done CHANGE=0 -for CHART in console chronyd dhcpd k8s-node-image; do +for CHART in console chronyd dhcpd k8s-node-image tenant-namespace pixiecore; do RAWCHART=$CHART case "$CHART" in k8s-node-image) From e6c5c446e6838c8d0fbe388c8c5dd1a081bd9e21 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 2 Aug 2019 14:12:37 -0700 Subject: [PATCH 121/331] add pixiecore chart --- charts/charts/pixiecore/Chart.yaml | 6 +++ charts/charts/pixiecore/requirements.yaml | 4 ++ .../charts/pixiecore/templates/_helpers.tpl | 32 +++++++++++++++ .../charts/pixiecore/templates/daemonset.yaml | 39 +++++++++++++++++++ charts/charts/pixiecore/values.yaml | 7 ++++ 5 files changed, 88 insertions(+) create mode 100755 charts/charts/pixiecore/Chart.yaml create mode 100644 charts/charts/pixiecore/requirements.yaml create mode 100644 charts/charts/pixiecore/templates/_helpers.tpl create mode 100644 charts/charts/pixiecore/templates/daemonset.yaml create mode 100644 charts/charts/pixiecore/values.yaml diff --git a/charts/charts/pixiecore/Chart.yaml b/charts/charts/pixiecore/Chart.yaml new file mode 100755 index 0000000..36771e7 --- /dev/null +++ b/charts/charts/pixiecore/Chart.yaml @@ -0,0 +1,6 @@ +name: pixiecore +version: 0.0.1 +description: pixiecore +maintainers: +- name: Kevin Fox + email: Kevin.Fox@pnnl.gov diff --git a/charts/charts/pixiecore/requirements.yaml b/charts/charts/pixiecore/requirements.yaml new file mode 100644 index 0000000..7a35eca --- /dev/null +++ b/charts/charts/pixiecore/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: +- name: pixiecore + version: 2.0.0 + repository: https://pnnl-miscscripts.github.io/image-library-charts/ diff --git a/charts/charts/pixiecore/templates/_helpers.tpl b/charts/charts/pixiecore/templates/_helpers.tpl new file mode 100644 index 0000000..88f0a91 --- /dev/null +++ b/charts/charts/pixiecore/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "pnnlmiscscripts.pixiecore-full.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "pnnlmiscscripts.pixiecore-full.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "pnnlmiscscripts.pixiecore-full.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/charts/pixiecore/templates/daemonset.yaml b/charts/charts/pixiecore/templates/daemonset.yaml new file mode 100644 index 0000000..903ffce --- /dev/null +++ b/charts/charts/pixiecore/templates/daemonset.yaml @@ -0,0 +1,39 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: {{ template "pnnlmiscscripts.pixiecore-full.fullname" . }} + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: {{ template "pnnlmiscscripts.pixiecore-full.chart" . }} + app: {{ template "pnnlmiscscripts.pixiecore-full.name" . }} +spec: + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + app: {{ template "pnnlmiscscripts.pixiecore-full.name" . }} + spec: + dnsPolicy: ClusterFirstWithHostNet + hostNetwork: True + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + containers: + - name: main + image: {{ dict "dot" . "section" .Values.pixiecore | include "pnnlmiscscripts.pixiecore.image" }} + imagePullPolicy: {{ .Values.pixiecore.imagePullPolicy }} + securityContext: + capabilities: + add: ["NET_ADMIN"] + args: + - api + - --dhcp-no-bind + - --port + - {{ .Values.port | quote }} +{{- range .Values.extraArgs }} + - {{ . | quote }} +{{- end }} + - {{ .Values.upstreamURL | quote }} + resources: +{{ toYaml .Values.resources | indent 10 }} diff --git a/charts/charts/pixiecore/values.yaml b/charts/charts/pixiecore/values.yaml new file mode 100644 index 0000000..a008b89 --- /dev/null +++ b/charts/charts/pixiecore/values.yaml @@ -0,0 +1,7 @@ +pixiecore: + imagePullPolicy: IfNotPresent +upstreamURL: http://pixiecore +port: 9200 +nodeSelector: {} +extraArgs: [] +#- -l=192.168.0.1 From 9a4d51b94ec24a67c8f4a66b64073cb01d0fff80 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 22 Aug 2019 10:47:34 -0700 Subject: [PATCH 122/331] Bump containerd to 1.2.8 --- containers/rpms-containerd/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/rpms-containerd/Dockerfile b/containers/rpms-containerd/Dockerfile index 3d8517b..bbf8dc6 100644 --- a/containers/rpms-containerd/Dockerfile +++ b/containers/rpms-containerd/Dockerfile @@ -2,7 +2,7 @@ FROM centos:centos7 MAINTAINER Kevin Fox -ENV VERSION=1.2.7 +ENV VERSION=1.2.8 ADD containerd.spec /root/rpmbuild/SOURCES/containerd.spec ADD rpm.pub /root/rpm.pub From 25dfde5398d036ab88c3f357fc7d71fc5000fb9e Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 5 Sep 2019 09:15:08 -0700 Subject: [PATCH 123/331] Add pixiecore-simpleconfig chart. --- charts/charts/buildall | 2 +- .../charts/pixiecore-simpleconfig/.helmignore | 21 +++++++ .../charts/pixiecore-simpleconfig/Chart.yaml | 5 ++ .../charts/pixiecore-simpleconfig/README.md | 27 ++++++++ .../templates/_helpers.tpl | 32 ++++++++++ .../templates/configmap.yaml | 14 +++++ .../templates/deployment.yaml | 63 +++++++++++++++++++ .../templates/ingress.yaml | 21 +++++++ .../templates/service.yaml | 21 +++++++ .../charts/pixiecore-simpleconfig/values.yaml | 51 +++++++++++++++ 10 files changed, 256 insertions(+), 1 deletion(-) create mode 100644 charts/charts/pixiecore-simpleconfig/.helmignore create mode 100644 charts/charts/pixiecore-simpleconfig/Chart.yaml create mode 100644 charts/charts/pixiecore-simpleconfig/README.md create mode 100644 charts/charts/pixiecore-simpleconfig/templates/_helpers.tpl create mode 100644 charts/charts/pixiecore-simpleconfig/templates/configmap.yaml create mode 100644 charts/charts/pixiecore-simpleconfig/templates/deployment.yaml create mode 100644 charts/charts/pixiecore-simpleconfig/templates/ingress.yaml create mode 100644 charts/charts/pixiecore-simpleconfig/templates/service.yaml create mode 100644 charts/charts/pixiecore-simpleconfig/values.yaml diff --git a/charts/charts/buildall b/charts/charts/buildall index ffc5cc3..ca3dcb1 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -37,7 +37,7 @@ for ver in 1-13 1-14 1-15; do done CHANGE=0 -for CHART in console chronyd dhcpd k8s-node-image tenant-namespace pixiecore; do +for CHART in console chronyd dhcpd k8s-node-image tenant-namespace pixiecore pixiecore-simpleconfig; do RAWCHART=$CHART case "$CHART" in k8s-node-image) diff --git a/charts/charts/pixiecore-simpleconfig/.helmignore b/charts/charts/pixiecore-simpleconfig/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/charts/charts/pixiecore-simpleconfig/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/charts/pixiecore-simpleconfig/Chart.yaml b/charts/charts/pixiecore-simpleconfig/Chart.yaml new file mode 100644 index 0000000..837194f --- /dev/null +++ b/charts/charts/pixiecore-simpleconfig/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: Helm chart for simple config of pixiecore +name: pixiecore-simpleconfig +version: 0.1.0 diff --git a/charts/charts/pixiecore-simpleconfig/README.md b/charts/charts/pixiecore-simpleconfig/README.md new file mode 100644 index 0000000..f5274c5 --- /dev/null +++ b/charts/charts/pixiecore-simpleconfig/README.md @@ -0,0 +1,27 @@ +pixiecore-simpleconfig is a chart that lets you quickly setup a backend for pixiecore + +You can put the pixiecore json files directly into config, keyed by mac address. + +For example, to pxe boot 00:11:22:33, use values file: +```yaml +config: + "00:11:22:33": | + { + "kernel": "http://xxx.xxx.xxx.xxx:9090/vmlinuz", + "initrd": ["http://xxx.xxx.xxx.xxx:9090/initrd.img"], + "cmdline": "ks=http://xxx.xxx.xxx.xxx:9091/v1/boot/ks.cfg ksdevice=ens1 console=ttyS1,115200" + } +``` + +Install like: +```console +helm install pnnlmiscscripts/pixiecore-simpleconfig \ + --name pixiecore-simpleconfig \ + --namespace provision \ + -f pixiecore-simpleconfig-values.yaml +``` + +Then point your pixiecore at the pixiecore-simpleconfig. + +The config value gets mapped directly to a configmap, so its possible to put other things in there such as kickstart files if that simplifies your setup. + diff --git a/charts/charts/pixiecore-simpleconfig/templates/_helpers.tpl b/charts/charts/pixiecore-simpleconfig/templates/_helpers.tpl new file mode 100644 index 0000000..c707d3f --- /dev/null +++ b/charts/charts/pixiecore-simpleconfig/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "pnnlmiscscripts.pixiecore.simpleconfig.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "pnnlmiscscripts.pixiecore.simpleconfig.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "pnnlmiscscripts.pixiecore.simpleconfig.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/charts/pixiecore-simpleconfig/templates/configmap.yaml b/charts/charts/pixiecore-simpleconfig/templates/configmap.yaml new file mode 100644 index 0000000..3573bbe --- /dev/null +++ b/charts/charts/pixiecore-simpleconfig/templates/configmap.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "pnnlmiscscripts.pixiecore.simpleconfig.fullname" . }} + labels: + app: {{ template "pnnlmiscscripts.pixiecore.simpleconfig.name" . }} + chart: {{ template "pnnlmiscscripts.pixiecore.simpleconfig.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{- range $key, $value := .Values.config }} + {{ $key | replace ":" "" | quote }}: | +{{ $value | indent 4 }} +{{- end }} diff --git a/charts/charts/pixiecore-simpleconfig/templates/deployment.yaml b/charts/charts/pixiecore-simpleconfig/templates/deployment.yaml new file mode 100644 index 0000000..e8f6fd8 --- /dev/null +++ b/charts/charts/pixiecore-simpleconfig/templates/deployment.yaml @@ -0,0 +1,63 @@ +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: {{ template "pnnlmiscscripts.pixiecore.simpleconfig.fullname" . }} + labels: + app: {{ template "pnnlmiscscripts.pixiecore.simpleconfig.name" . }} + chart: {{ template "pnnlmiscscripts.pixiecore.simpleconfig.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ template "pnnlmiscscripts.pixiecore.simpleconfig.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ template "pnnlmiscscripts.pixiecore.simpleconfig.name" . }} + release: {{ .Release.Name }} + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 80 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: +{{ toYaml .Values.resources | indent 12 }} + volumeMounts: + - name: config + mountPath: /usr/share/nginx/html/v1/boot + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + volumes: + - name: config + configMap: + name: {{ template "pnnlmiscscripts.pixiecore.simpleconfig.fullname" . }} + items: +{{- range $key, $value := .Values.config }} + - key: {{ $key | replace ":" "" | quote }} + path: {{ $key | quote }} +{{- end }} diff --git a/charts/charts/pixiecore-simpleconfig/templates/ingress.yaml b/charts/charts/pixiecore-simpleconfig/templates/ingress.yaml new file mode 100644 index 0000000..38feca6 --- /dev/null +++ b/charts/charts/pixiecore-simpleconfig/templates/ingress.yaml @@ -0,0 +1,21 @@ +{{- if .Values.ingress.enabled -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ include "pnnlmiscscripts.pixiecore.simpleconfig.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "pnnlmiscscripts.pixiecore.simpleconfig.name" . }} + helm.sh/chart: {{ include "pnnlmiscscripts.pixiecore.simpleconfig.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + annotations: +{{- toYaml .Values.ingress.annotations | nindent 4 }} +spec: + rules: + - http: + paths: + - path: {{ .Values.ingress.path }} +{{- if .Values.ingress.host }} + host: {{ .Values.ingress.host | quote }} +{{- end }} +{{- end }} diff --git a/charts/charts/pixiecore-simpleconfig/templates/service.yaml b/charts/charts/pixiecore-simpleconfig/templates/service.yaml new file mode 100644 index 0000000..2c244f4 --- /dev/null +++ b/charts/charts/pixiecore-simpleconfig/templates/service.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.service.name }} + labels: + app: {{ template "pnnlmiscscripts.pixiecore.simpleconfig.name" . }} + chart: {{ template "pnnlmiscscripts.pixiecore.simpleconfig.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + externalIPs: +{{ toYaml .Values.service.externalIPs | indent 4 }} + selector: + app: {{ template "pnnlmiscscripts.pixiecore.simpleconfig.name" . }} + release: {{ .Release.Name }} diff --git a/charts/charts/pixiecore-simpleconfig/values.yaml b/charts/charts/pixiecore-simpleconfig/values.yaml new file mode 100644 index 0000000..75b9ca9 --- /dev/null +++ b/charts/charts/pixiecore-simpleconfig/values.yaml @@ -0,0 +1,51 @@ +# Default values for pixiecore-simpleconfig. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: nginx + tag: stable + pullPolicy: IfNotPresent + +service: + #externalIPs: [] + type: ClusterIP + name: pixiecore + port: 80 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +ingress: + enabled: false + annotations: {} + path: /v1/boot +# host: example.com + +config: {} +# "00:11:22:33": | +# {pixiecore config here} +# For example: +# { +# "kernel": "http://xxx.xxx.xxx.xxx:9090/vmlinuz", +# "initrd": ["http://xxx.xxx.xxx.xxx:9090/initrd.img"], +# "cmdline": "ks=http://xxx.xxx.xxx.xxx:9091/v1/boot/ks.cfg ksdevice=ens1 console=ttyS1,115200" +# } + From c927bdfb97826dffc234574d7d3191f8c216c4b5 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 5 Sep 2019 10:38:46 -0700 Subject: [PATCH 124/331] Fix ingress support in the pixiecore-simpleconfig chart. --- charts/charts/pixiecore-simpleconfig/Chart.yaml | 2 +- charts/charts/pixiecore-simpleconfig/templates/ingress.yaml | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/charts/charts/pixiecore-simpleconfig/Chart.yaml b/charts/charts/pixiecore-simpleconfig/Chart.yaml index 837194f..7ba1afa 100644 --- a/charts/charts/pixiecore-simpleconfig/Chart.yaml +++ b/charts/charts/pixiecore-simpleconfig/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: Helm chart for simple config of pixiecore name: pixiecore-simpleconfig -version: 0.1.0 +version: 0.2.0 diff --git a/charts/charts/pixiecore-simpleconfig/templates/ingress.yaml b/charts/charts/pixiecore-simpleconfig/templates/ingress.yaml index 38feca6..23a1d00 100644 --- a/charts/charts/pixiecore-simpleconfig/templates/ingress.yaml +++ b/charts/charts/pixiecore-simpleconfig/templates/ingress.yaml @@ -15,6 +15,9 @@ spec: - http: paths: - path: {{ .Values.ingress.path }} + backend: + serviceName: {{ .Values.service.name }} + servicePort: http {{- if .Values.ingress.host }} host: {{ .Values.ingress.host | quote }} {{- end }} From 6f9b7cd95dd797f879ff6edd317b2c6c2cb69faa Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 6 Sep 2019 11:22:17 -0700 Subject: [PATCH 125/331] Bump containerd version. --- containers/rpms-containerd/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/rpms-containerd/Dockerfile b/containers/rpms-containerd/Dockerfile index bbf8dc6..e60b2e5 100644 --- a/containers/rpms-containerd/Dockerfile +++ b/containers/rpms-containerd/Dockerfile @@ -2,7 +2,7 @@ FROM centos:centos7 MAINTAINER Kevin Fox -ENV VERSION=1.2.8 +ENV VERSION=1.2.9 ADD containerd.spec /root/rpmbuild/SOURCES/containerd.spec ADD rpm.pub /root/rpm.pub From 00737d91d33cce1a97d1b2a214c4549942730069 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Tue, 17 Sep 2019 10:04:56 -0700 Subject: [PATCH 126/331] Make debug toolbox image andn namespace overridable. Fix scheduling on unready master. Ensure image chart server is overridable. --- bin/debug-host-pod | 18 ++++++++++++++---- bin/debug-normal-pod | 17 +++++++++++++---- charts/image-library-charts/build | 2 +- 3 files changed, 28 insertions(+), 9 deletions(-) diff --git a/bin/debug-host-pod b/bin/debug-host-pod index 972f6c6..8ab4543 100755 --- a/bin/debug-host-pod +++ b/bin/debug-host-pod @@ -1,5 +1,15 @@ #!/bin/bash +DEBUGTOOLBOXIMAGE=${DEBUGTOOLBOXIMAGE:-pnnlmiscscripts/debug-toolbox} + +mykubectl () { +if [ "x$NAMESPACE" != "x" ]; then + kubectl -n "$NAMESPACE" "$@" +else + kubectl "$@" +fi +} + SERVICEACCOUNT=${SERVICEACCOUNT:-default} if [ "x$1" == "x" ]; then @@ -11,7 +21,8 @@ echo Attaching debug container to hostname "$1" SHORT=$(echo $1 | tr '.' '-') -cat < templates/_helpers.tpl < Date: Tue, 17 Sep 2019 11:32:47 -0700 Subject: [PATCH 127/331] Fix dhcpd when using multiple hosts. --- charts/charts/dhcpd/Chart.yaml | 2 +- charts/charts/dhcpd/templates/configmap.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/charts/dhcpd/Chart.yaml b/charts/charts/dhcpd/Chart.yaml index 5a96491..d1d0cd4 100644 --- a/charts/charts/dhcpd/Chart.yaml +++ b/charts/charts/dhcpd/Chart.yaml @@ -1,5 +1,5 @@ name: dhcpd -version: 0.1.0 +version: 0.1.1 description: Super simple dhcp setup keywords: - dhcp diff --git a/charts/charts/dhcpd/templates/configmap.yaml b/charts/charts/dhcpd/templates/configmap.yaml index a34b436..c4c9de1 100644 --- a/charts/charts/dhcpd/templates/configmap.yaml +++ b/charts/charts/dhcpd/templates/configmap.yaml @@ -34,7 +34,7 @@ data: hardware ethernet {{ .mac }}; fixed-address {{ .ip }}; } - } {{- end }} + } {{- end }} {{- end }} From 82427322008ca6656933457cd1c5ac2106eb1746 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Tue, 17 Sep 2019 17:23:24 -0700 Subject: [PATCH 128/331] Update NOTES for alternate namespaces. --- charts/charts/console/templates/NOTES.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/charts/console/templates/NOTES.txt b/charts/charts/console/templates/NOTES.txt index 6886406..084b5e6 100644 --- a/charts/charts/console/templates/NOTES.txt +++ b/charts/charts/console/templates/NOTES.txt @@ -1,8 +1,8 @@ Load a script onto your client to attach to the console by pasting this into a terminal: -cat > console.sh < console.sh <<'EOF' #!/bin/bash -kubectl attach -it $(kubectl get pods -l "host=$1" -o go-template='{{"{{"}}(index .items 0).metadata.name{{"}}"}}') +kubectl attach -it $(kubectl get pods -l "host=$1" -o go-template='{{"{{"}}(index .items 0).metadata.name{{"}}"}}' -n "{{ .Release.Namespace }}") -n "{{ .Release.Namespace }}" EOF chmod +x console.sh From e17748fd89f6f3ea82f28f16fb25872042677a7c Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 19 Sep 2019 10:30:59 -0700 Subject: [PATCH 129/331] Update pixiecore chart to support setting interface or ip directly. --- .../charts/pixiecore/templates/daemonset.yaml | 22 ++++++++++++------- charts/charts/pixiecore/values.yaml | 4 +++- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/charts/charts/pixiecore/templates/daemonset.yaml b/charts/charts/pixiecore/templates/daemonset.yaml index 903ffce..b94c4ad 100644 --- a/charts/charts/pixiecore/templates/daemonset.yaml +++ b/charts/charts/pixiecore/templates/daemonset.yaml @@ -26,14 +26,20 @@ spec: securityContext: capabilities: add: ["NET_ADMIN"] - args: - - api - - --dhcp-no-bind - - --port - - {{ .Values.port | quote }} -{{- range .Values.extraArgs }} - - {{ . | quote }} + command: + - /bin/sh + - -ec + - | +{{- if .Values.listen.interface }} + LISTENARG=-l; + LISTENIP=$(ip a show dev {{ .Values.listen.interface }} | awk '{if($1 == "inet"){print $2}}' | sed 's@/.*@@'); +{{- else if .Values.listen.ip }} + LISTENARG=-l; + LISTENIP={{ .Values.listen.ip }}; +{{- else }} + LISTENARG=""; + LISTENIP=""; {{- end }} - - {{ .Values.upstreamURL | quote }} + exec pixiecore api --dhcp-no-bind $LISTENARG $LISTENIP --port {{ .Values.port | quote }} {{ .Values.extraArgs | join " " }} {{ .Values.upstreamURL | quote }} resources: {{ toYaml .Values.resources | indent 10 }} diff --git a/charts/charts/pixiecore/values.yaml b/charts/charts/pixiecore/values.yaml index a008b89..7a4133d 100644 --- a/charts/charts/pixiecore/values.yaml +++ b/charts/charts/pixiecore/values.yaml @@ -3,5 +3,7 @@ pixiecore: upstreamURL: http://pixiecore port: 9200 nodeSelector: {} +listen: + interface: "" + ip: "" extraArgs: [] -#- -l=192.168.0.1 From 5c30c564331602a5f78e3fa9daddf24e20334954 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 20 Sep 2019 09:17:37 -0700 Subject: [PATCH 130/331] Drop k8s 1.13, add 1.16. Add missing Chart.yaml version bump. --- .travis.yml | 12 ++++++------ charts/charts/buildall | 4 ++-- charts/charts/pixiecore/Chart.yaml | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.travis.yml b/.travis.yml index 8016cd0..f951c51 100644 --- a/.travis.yml +++ b/.travis.yml @@ -62,8 +62,8 @@ jobs: before_install: *upgradedocker dist: xenial language: shell - name: Build rpms-kubernetes container 1.13 - script: ./containers/build rpms-kubernetes 1.13 + name: Build rpms-kubernetes container 1.16 + script: ./containers/build rpms-kubernetes 1.16 - stage: build before_install: *upgradedocker dist: xenial @@ -85,8 +85,8 @@ jobs: before_install: *upgradedocker dist: xenial language: shell - name: Build full k8s node image 1.13 - script: ./containers/build k8s-node-image 1.13 + name: Build full k8s node image 1.16 + script: ./containers/build k8s-node-image 1.16 - stage: build-full-image before_install: *upgradedocker dist: xenial @@ -107,8 +107,8 @@ jobs: - stage: build-nginx dist: xenial language: shell - name: Build k8s-node-image+nginx container 1.13 - script: ./containers/build k8s-node-image-nginx 1.13 + name: Build k8s-node-image+nginx container 1.16 + script: ./containers/build k8s-node-image-nginx 1.16 - stage: build-nginx dist: xenial language: shell diff --git a/charts/charts/buildall b/charts/charts/buildall index ca3dcb1..50a18ec 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -22,7 +22,7 @@ helm init --client-only helm repo add pnnl-miscscripts-image-library-charts https://pnnl-miscscripts.github.io/image-library-charts/ helm repo update -for ver in 1-13 1-14 1-15; do +for ver in 1-14 1-15 1-16; do cp -a k8s-node-image k8s-node-image-$ver sed -i "s@k8s-node-image-nginx-1-14@k8s-node-image-nginx-$ver@g" k8s-node-image-$ver/requirements.yaml k8s-node-image-$ver/values.yaml sed -i "s@^name:.*@name: k8s-node-image-$ver@g" k8s-node-image-$ver/Chart.yaml @@ -41,7 +41,7 @@ for CHART in console chronyd dhcpd k8s-node-image tenant-namespace pixiecore pix RAWCHART=$CHART case "$CHART" in k8s-node-image) - SUBBUILDS="1-13 1-14 1-15" + SUBBUILDS="1-14 1-15 1-16" ;; *) SUBBUILDS="latest" diff --git a/charts/charts/pixiecore/Chart.yaml b/charts/charts/pixiecore/Chart.yaml index 36771e7..a290d1e 100755 --- a/charts/charts/pixiecore/Chart.yaml +++ b/charts/charts/pixiecore/Chart.yaml @@ -1,5 +1,5 @@ name: pixiecore -version: 0.0.1 +version: 0.1.0 description: pixiecore maintainers: - name: Kevin Fox From 6fc7851843f7983052ecab572ac57256d1f80fa6 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 20 Sep 2019 16:05:36 -0700 Subject: [PATCH 131/331] Roll daemonset on configmap change. --- charts/charts/dhcpd/Chart.yaml | 2 +- charts/charts/dhcpd/templates/daemonset.yaml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/charts/dhcpd/Chart.yaml b/charts/charts/dhcpd/Chart.yaml index d1d0cd4..3b81f80 100644 --- a/charts/charts/dhcpd/Chart.yaml +++ b/charts/charts/dhcpd/Chart.yaml @@ -1,5 +1,5 @@ name: dhcpd -version: 0.1.1 +version: 0.2.0 description: Super simple dhcp setup keywords: - dhcp diff --git a/charts/charts/dhcpd/templates/daemonset.yaml b/charts/charts/dhcpd/templates/daemonset.yaml index 2a4ef90..debcc7e 100644 --- a/charts/charts/dhcpd/templates/daemonset.yaml +++ b/charts/charts/dhcpd/templates/daemonset.yaml @@ -13,6 +13,8 @@ spec: labels: release: {{ .Release.Name | quote }} app: {{ template "pnnlmiscscripts.dhcp-full.name" . }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum | quote }} spec: hostNetwork: true containers: From 57449da4ba82e9b8bb6f5eee2b2aac1f592515c4 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 20 Sep 2019 17:28:36 -0700 Subject: [PATCH 132/331] Roll pixiecore-simpleconfig on configmap change. Fix rbac issue with the tenant namespace chart on newer clusters. Upgrade nginx-ingress in the tenant namespace chart. --- charts/charts/pixiecore-simpleconfig/Chart.yaml | 2 +- .../templates/deployment.yaml | 2 ++ charts/charts/tenant-namespace/Chart.yaml | 2 +- charts/charts/tenant-namespace/requirements.yaml | 2 +- .../templates/nginx-ingress-role.yaml | 14 ++++++++++++++ 5 files changed, 19 insertions(+), 3 deletions(-) diff --git a/charts/charts/pixiecore-simpleconfig/Chart.yaml b/charts/charts/pixiecore-simpleconfig/Chart.yaml index 7ba1afa..52d676f 100644 --- a/charts/charts/pixiecore-simpleconfig/Chart.yaml +++ b/charts/charts/pixiecore-simpleconfig/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: Helm chart for simple config of pixiecore name: pixiecore-simpleconfig -version: 0.2.0 +version: 0.3.0 diff --git a/charts/charts/pixiecore-simpleconfig/templates/deployment.yaml b/charts/charts/pixiecore-simpleconfig/templates/deployment.yaml index e8f6fd8..9a69945 100644 --- a/charts/charts/pixiecore-simpleconfig/templates/deployment.yaml +++ b/charts/charts/pixiecore-simpleconfig/templates/deployment.yaml @@ -18,6 +18,8 @@ spec: labels: app: {{ template "pnnlmiscscripts.pixiecore.simpleconfig.name" . }} release: {{ .Release.Name }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum | quote }} spec: containers: - name: {{ .Chart.Name }} diff --git a/charts/charts/tenant-namespace/Chart.yaml b/charts/charts/tenant-namespace/Chart.yaml index 3d2ad55..819405c 100644 --- a/charts/charts/tenant-namespace/Chart.yaml +++ b/charts/charts/tenant-namespace/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: Chart for setting up a tenants namespace with all the goodies name: tenant-namespace -version: 0.6.0 +version: 0.6.1 diff --git a/charts/charts/tenant-namespace/requirements.yaml b/charts/charts/tenant-namespace/requirements.yaml index 2b6d647..c1ef4ca 100644 --- a/charts/charts/tenant-namespace/requirements.yaml +++ b/charts/charts/tenant-namespace/requirements.yaml @@ -10,6 +10,6 @@ dependencies: repository: "https://kubernetes-charts.storage.googleapis.com" - name: nginx-ingress alias: ingress - version: "1.7.0" + version: "1.19.0" repository: "https://kubernetes-charts.storage.googleapis.com" condition: ingress.nginx.enabled diff --git a/charts/charts/tenant-namespace/templates/nginx-ingress-role.yaml b/charts/charts/tenant-namespace/templates/nginx-ingress-role.yaml index 1bae0b9..1bf05f8 100644 --- a/charts/charts/tenant-namespace/templates/nginx-ingress-role.yaml +++ b/charts/charts/tenant-namespace/templates/nginx-ingress-role.yaml @@ -49,6 +49,20 @@ rules: - ingresses/status verbs: - update +- apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update - apiGroups: - "" resources: From 845acc79ada8f35934db60712b64193742b792d8 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 23 Sep 2019 09:01:08 -0700 Subject: [PATCH 133/331] Update image library charts for k8s 1.16. Add missing bump on tenant namespace chart. --- charts/charts/tenant-namespace/Chart.yaml | 2 +- charts/image-library-charts/buildall | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/charts/tenant-namespace/Chart.yaml b/charts/charts/tenant-namespace/Chart.yaml index 819405c..3df5ec9 100644 --- a/charts/charts/tenant-namespace/Chart.yaml +++ b/charts/charts/tenant-namespace/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: Chart for setting up a tenants namespace with all the goodies name: tenant-namespace -version: 0.6.1 +version: 0.7.0 diff --git a/charts/image-library-charts/buildall b/charts/image-library-charts/buildall index 53931cb..89ca755 100755 --- a/charts/image-library-charts/buildall +++ b/charts/image-library-charts/buildall @@ -23,7 +23,7 @@ CHANGE=0 for CONTAINER in ipmitool dhcpd inotify-tools chronyd debug-toolbox anaconda-nginx k8s-node-image-nginx pixiecore; do case "$CONTAINER" in k8s-node-image-nginx) - SUBBUILDS="1.13 1.14 1.15" + SUBBUILDS="1.14 1.15 1.16" ;; *) SUBBUILDS="latest" From cbda1dd3908e75411ca4fcfe33a366b6391cb430 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 23 Sep 2019 13:49:17 -0700 Subject: [PATCH 134/331] Update pixiecore/dhcpd to use newer api. Fix rolling upgrades on dhcpd. --- charts/charts/dhcpd/Chart.yaml | 2 +- charts/charts/dhcpd/templates/daemonset.yaml | 4 +++- charts/charts/pixiecore/Chart.yaml | 2 +- charts/charts/pixiecore/templates/daemonset.yaml | 2 +- 4 files changed, 6 insertions(+), 4 deletions(-) diff --git a/charts/charts/dhcpd/Chart.yaml b/charts/charts/dhcpd/Chart.yaml index 3b81f80..34dde7e 100644 --- a/charts/charts/dhcpd/Chart.yaml +++ b/charts/charts/dhcpd/Chart.yaml @@ -1,5 +1,5 @@ name: dhcpd -version: 0.2.0 +version: 0.3.0 description: Super simple dhcp setup keywords: - dhcp diff --git a/charts/charts/dhcpd/templates/daemonset.yaml b/charts/charts/dhcpd/templates/daemonset.yaml index debcc7e..a1e2866 100644 --- a/charts/charts/dhcpd/templates/daemonset.yaml +++ b/charts/charts/dhcpd/templates/daemonset.yaml @@ -1,4 +1,4 @@ -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: DaemonSet metadata: name: {{ template "pnnlmiscscripts.dhcp-full.fullname" . }} @@ -8,6 +8,8 @@ metadata: chart: {{ template "pnnlmiscscripts.dhcp-full.chart" . }} app: {{ template "pnnlmiscscripts.dhcp-full.name" . }} spec: + updateStrategy: + type: RollingUpdate template: metadata: labels: diff --git a/charts/charts/pixiecore/Chart.yaml b/charts/charts/pixiecore/Chart.yaml index a290d1e..852e507 100755 --- a/charts/charts/pixiecore/Chart.yaml +++ b/charts/charts/pixiecore/Chart.yaml @@ -1,5 +1,5 @@ name: pixiecore -version: 0.1.0 +version: 0.2.0 description: pixiecore maintainers: - name: Kevin Fox diff --git a/charts/charts/pixiecore/templates/daemonset.yaml b/charts/charts/pixiecore/templates/daemonset.yaml index b94c4ad..4a240a8 100644 --- a/charts/charts/pixiecore/templates/daemonset.yaml +++ b/charts/charts/pixiecore/templates/daemonset.yaml @@ -1,4 +1,4 @@ -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: DaemonSet metadata: name: {{ template "pnnlmiscscripts.pixiecore-full.fullname" . }} From 59c368f0e4df6d827b18f5f96084a6c25ee2cc36 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Tue, 24 Sep 2019 12:26:33 -0700 Subject: [PATCH 135/331] Add ipmi.sh and example to console chart. --- charts/charts/console/Chart.yaml | 4 ++-- charts/charts/console/templates/NOTES.txt | 14 ++++++++++++++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/charts/charts/console/Chart.yaml b/charts/charts/console/Chart.yaml index 7f3ff5e..1768c69 100644 --- a/charts/charts/console/Chart.yaml +++ b/charts/charts/console/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 -appVersion: 1.0.0 -version: 1.0.0 +appVersion: 1.0.1 +version: 1.0.1 description: Console access from Kubernetes. Adds IPMI Support. name: console keywords: diff --git a/charts/charts/console/templates/NOTES.txt b/charts/charts/console/templates/NOTES.txt index 084b5e6..dacebb6 100644 --- a/charts/charts/console/templates/NOTES.txt +++ b/charts/charts/console/templates/NOTES.txt @@ -6,7 +6,21 @@ kubectl attach -it $(kubectl get pods -l "host=$1" -o go-template='{{"{{"}}(inde EOF chmod +x console.sh +cat > ipmi.sh <<'EOF' +#!/bin/bash +HOST="$1" +shift +kubectl exec -it $(kubectl get pods -l "host=$HOST" -o go-template='{{(index .items 0).metadata.name}}' -n console) -n console -- ipmitool "$@" +EOF +chmod +x ipmi.sh To use it to get into a console: ./console.sh + +To ipmi manage a machine: + +./ipmi.sh power status +./ipmi.sh chassis bootdev pxe +./ipmi.sh power on +./ipmi.sh power off From 09473c1b0fc7a17e1dcdba2e5401d66aac8c7dc9 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 30 Sep 2019 09:10:13 -0700 Subject: [PATCH 136/331] Bump containerd to 1.2.10 --- containers/rpms-containerd/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/rpms-containerd/Dockerfile b/containers/rpms-containerd/Dockerfile index e60b2e5..4a2f370 100644 --- a/containers/rpms-containerd/Dockerfile +++ b/containers/rpms-containerd/Dockerfile @@ -2,7 +2,7 @@ FROM centos:centos7 MAINTAINER Kevin Fox -ENV VERSION=1.2.9 +ENV VERSION=1.2.10 ADD containerd.spec /root/rpmbuild/SOURCES/containerd.spec ADD rpm.pub /root/rpm.pub From 1a3cf3d74ae4e623e1f9a253ef269e2c6ecae7f6 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 30 Sep 2019 09:33:24 -0700 Subject: [PATCH 137/331] Bump contained to 1.3.0 --- containers/rpms-containerd/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/rpms-containerd/Dockerfile b/containers/rpms-containerd/Dockerfile index 4a2f370..8022168 100644 --- a/containers/rpms-containerd/Dockerfile +++ b/containers/rpms-containerd/Dockerfile @@ -2,7 +2,7 @@ FROM centos:centos7 MAINTAINER Kevin Fox -ENV VERSION=1.2.10 +ENV VERSION=1.3.0 ADD containerd.spec /root/rpmbuild/SOURCES/containerd.spec ADD rpm.pub /root/rpm.pub From 7ec2c6bf37d73c3d312c333d30e660b34dfcbee0 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 30 Sep 2019 09:41:58 -0700 Subject: [PATCH 138/331] Update containerd spec for 1.3.0 --- containers/rpms-containerd/containerd.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/containers/rpms-containerd/containerd.spec b/containers/rpms-containerd/containerd.spec index 326c617..bb9de83 100644 --- a/containers/rpms-containerd/containerd.spec +++ b/containers/rpms-containerd/containerd.spec @@ -27,6 +27,7 @@ ls -l %{buildroot} %files /usr/local/bin/containerd-stress /usr/local/bin/containerd-shim-runc-v1 +/usr/local/bin/containerd-shim-runc-v2 /usr/local/bin/crictl /usr/local/bin/ctr /usr/local/bin/critest From 15387b41a1defae7ab36049a3c7d1e8d1d753fad Mon Sep 17 00:00:00 2001 From: "Evan J. Felix" Date: Thu, 3 Oct 2019 16:50:40 -0700 Subject: [PATCH 139/331] add nginx-app basic chart --- charts/charts/nginx-app/.helmignore | 22 ++++++++ charts/charts/nginx-app/Chart.yaml | 5 ++ charts/charts/nginx-app/DISCLAIMER | 8 +++ charts/charts/nginx-app/LICENSE | 7 +++ charts/charts/nginx-app/README.md | 26 ++++++++++ charts/charts/nginx-app/templates/NOTES.txt | 19 +++++++ .../charts/nginx-app/templates/_helpers.tpl | 32 ++++++++++++ .../nginx-app/templates/deployment.yaml | 51 +++++++++++++++++++ .../charts/nginx-app/templates/ingress.yaml | 38 ++++++++++++++ .../charts/nginx-app/templates/service.yaml | 19 +++++++ charts/charts/nginx-app/values.yaml | 43 ++++++++++++++++ 11 files changed, 270 insertions(+) create mode 100644 charts/charts/nginx-app/.helmignore create mode 100644 charts/charts/nginx-app/Chart.yaml create mode 100644 charts/charts/nginx-app/DISCLAIMER create mode 100644 charts/charts/nginx-app/LICENSE create mode 100644 charts/charts/nginx-app/README.md create mode 100644 charts/charts/nginx-app/templates/NOTES.txt create mode 100644 charts/charts/nginx-app/templates/_helpers.tpl create mode 100644 charts/charts/nginx-app/templates/deployment.yaml create mode 100644 charts/charts/nginx-app/templates/ingress.yaml create mode 100644 charts/charts/nginx-app/templates/service.yaml create mode 100644 charts/charts/nginx-app/values.yaml diff --git a/charts/charts/nginx-app/.helmignore b/charts/charts/nginx-app/.helmignore new file mode 100644 index 0000000..9651f65 --- /dev/null +++ b/charts/charts/nginx-app/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +charts/ diff --git a/charts/charts/nginx-app/Chart.yaml b/charts/charts/nginx-app/Chart.yaml new file mode 100644 index 0000000..34879e4 --- /dev/null +++ b/charts/charts/nginx-app/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Simple Web service Chart +name: nginx-app +version: 0.1.0 diff --git a/charts/charts/nginx-app/DISCLAIMER b/charts/charts/nginx-app/DISCLAIMER new file mode 100644 index 0000000..7be185c --- /dev/null +++ b/charts/charts/nginx-app/DISCLAIMER @@ -0,0 +1,8 @@ +This material was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the United States Department of Energy, nor Battelle, nor any of their employees, nor any jurisdiction or organization that has cooperated in the development of these materials, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness or any information, apparatus, product, software, or process disclosed, or represents that its use would not infringe privately owned rights. +Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or any agency thereof, or Battelle Memorial Institute. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or any agency thereof. +PACIFIC NORTHWEST NATIONAL LABORATORY +operated by +BATTELLE +for the +UNITED STATES DEPARTMENT OF ENERGY +under Contract DE-AC05-76RL01830 \ No newline at end of file diff --git a/charts/charts/nginx-app/LICENSE b/charts/charts/nginx-app/LICENSE new file mode 100644 index 0000000..e085f4d --- /dev/null +++ b/charts/charts/nginx-app/LICENSE @@ -0,0 +1,7 @@ +Copyright © 2019, Battelle Memorial Institute +All rights reserved. +1. Battelle Memorial Institute (hereinafter Battelle) hereby grants permission to any person or entity lawfully obtaining a copy of this software and associated documentation files (hereinafter "the Software") to redistribute and use the Software in source and binary forms, with or without modification. Such person or entity may use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and may permit others to do so, subject to the following conditions: +* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimers. +* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. +* Other than as used herein, neither the name Battelle Memorial Institute or Battelle may be used in any form whatsoever without the express written consent of Battelle. +2. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL BATTELLE OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/charts/charts/nginx-app/README.md b/charts/charts/nginx-app/README.md new file mode 100644 index 0000000..b3ee033 --- /dev/null +++ b/charts/charts/nginx-app/README.md @@ -0,0 +1,26 @@ +# NGINX App chart + +This chart allows you to deploy a simple web application container running nginx, and provides a service and ingress to the application + + +## Install Chart + +To install the Chart into your Kubernetes cluster : + +```bash +helm install --name "mywebapp" pnnl-miscscripts/chronyd --set image.repository=nginx +``` + +After installation succeeds, you can get a status of Chart + +```bash +helm status "mywebapp" +``` + +If you want to delete your Chart, use this command: + +```bash +helm delete --purge "mywebapp" +``` + + diff --git a/charts/charts/nginx-app/templates/NOTES.txt b/charts/charts/nginx-app/templates/NOTES.txt new file mode 100644 index 0000000..4c29ffe --- /dev/null +++ b/charts/charts/nginx-app/templates/NOTES.txt @@ -0,0 +1,19 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "nginx-app.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ template "nginx-app.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "nginx-app.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "nginx-app.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:80 +{{- end }} diff --git a/charts/charts/nginx-app/templates/_helpers.tpl b/charts/charts/nginx-app/templates/_helpers.tpl new file mode 100644 index 0000000..4cea259 --- /dev/null +++ b/charts/charts/nginx-app/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "pnnlmiscscripts.nginx-app.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "pnnlmiscscripts.nginx-app.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "pnnlmiscscripts.nginx-app.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/charts/nginx-app/templates/deployment.yaml b/charts/charts/nginx-app/templates/deployment.yaml new file mode 100644 index 0000000..e506fcf --- /dev/null +++ b/charts/charts/nginx-app/templates/deployment.yaml @@ -0,0 +1,51 @@ +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: {{ template "pnnlmiscscripts.nginx-app.fullname" . }} + labels: + app: {{ template "pnnlmiscscripts.nginx-app.name" . }} + chart: {{ template "pnnlmiscscripts.nginx-app.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ template "pnnlmiscscripts.nginx-app.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ template "pnnlmiscscripts.nginx-app.name" . }} + release: {{ .Release.Name }} + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 80 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: +{{ toYaml .Values.resources | indent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} diff --git a/charts/charts/nginx-app/templates/ingress.yaml b/charts/charts/nginx-app/templates/ingress.yaml new file mode 100644 index 0000000..406c2cf --- /dev/null +++ b/charts/charts/nginx-app/templates/ingress.yaml @@ -0,0 +1,38 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "pnnlmiscscripts.nginx-app.fullname" . -}} +{{- $ingressPath := .Values.ingress.path -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + app: {{ template "pnnlmiscscripts.nginx-app.name" . }} + chart: {{ template "pnnlmiscscripts.nginx-app.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- with .Values.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ . }} + http: + paths: + - path: {{ $ingressPath }} + backend: + serviceName: {{ $fullName }} + servicePort: http + {{- end }} +{{- end }} diff --git a/charts/charts/nginx-app/templates/service.yaml b/charts/charts/nginx-app/templates/service.yaml new file mode 100644 index 0000000..54212e7 --- /dev/null +++ b/charts/charts/nginx-app/templates/service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pnnlmiscscripts.nginx-app.fullname" . }} + labels: + app: {{ template "pnnlmiscscripts.nginx-app.name" . }} + chart: {{ template "pnnlmiscscripts.nginx-app.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + app: {{ template "pnnlmiscscripts.nginx-app.name" . }} + release: {{ .Release.Name }} diff --git a/charts/charts/nginx-app/values.yaml b/charts/charts/nginx-app/values.yaml new file mode 100644 index 0000000..ac3e6e3 --- /dev/null +++ b/charts/charts/nginx-app/values.yaml @@ -0,0 +1,43 @@ +# Default values for nginx-app. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: nginx + tag: latest + pullPolicy: Always + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: true + annotations: + path: / + hosts: + - nginx-app.example.com +# tls: +# - secretName: example-com-tls +# hosts: +# - nginx-app.example.com + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} From 38e214df15444ef844181e6d262ba8ffc72893d6 Mon Sep 17 00:00:00 2001 From: "Evan J. Felix" Date: Fri, 4 Oct 2019 08:45:59 -0700 Subject: [PATCH 140/331] add travis build --- .travis.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.travis.yml b/.travis.yml index f951c51..a248c3d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -30,6 +30,11 @@ jobs: language: shell name: Build chronyd container script: ./containers/build chronyd + - stage: build + dist: xenial + language: shell + name: Build nginx-add container + script: ./containers/build nginix-app - stage: build dist: xenial language: shell From 8dc981dec8c1561dbe29f457d2557086af39cda0 Mon Sep 17 00:00:00 2001 From: Evan Felix Date: Fri, 4 Oct 2019 22:15:56 -0700 Subject: [PATCH 141/331] build a chart, not a container --- .travis.yml | 5 ----- charts/charts/buildall | 2 +- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/.travis.yml b/.travis.yml index a248c3d..f951c51 100644 --- a/.travis.yml +++ b/.travis.yml @@ -30,11 +30,6 @@ jobs: language: shell name: Build chronyd container script: ./containers/build chronyd - - stage: build - dist: xenial - language: shell - name: Build nginx-add container - script: ./containers/build nginix-app - stage: build dist: xenial language: shell diff --git a/charts/charts/buildall b/charts/charts/buildall index 50a18ec..59a2c60 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -37,7 +37,7 @@ for ver in 1-14 1-15 1-16; do done CHANGE=0 -for CHART in console chronyd dhcpd k8s-node-image tenant-namespace pixiecore pixiecore-simpleconfig; do +for CHART in nginx-app console chronyd dhcpd k8s-node-image tenant-namespace pixiecore pixiecore-simpleconfig; do RAWCHART=$CHART case "$CHART" in k8s-node-image) From a81f54dd0365762d08d632dc036a1c2e075049f6 Mon Sep 17 00:00:00 2001 From: Evan Felix Date: Fri, 4 Oct 2019 23:24:47 -0700 Subject: [PATCH 142/331] add nginx annotation to nginx-app --- charts/charts/nginx-app/Chart.yaml | 2 +- charts/charts/nginx-app/values.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/charts/charts/nginx-app/Chart.yaml b/charts/charts/nginx-app/Chart.yaml index 34879e4..443d620 100644 --- a/charts/charts/nginx-app/Chart.yaml +++ b/charts/charts/nginx-app/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: A Simple Web service Chart name: nginx-app -version: 0.1.0 +version: 0.1.1 diff --git a/charts/charts/nginx-app/values.yaml b/charts/charts/nginx-app/values.yaml index ac3e6e3..0e5b1e6 100644 --- a/charts/charts/nginx-app/values.yaml +++ b/charts/charts/nginx-app/values.yaml @@ -16,6 +16,7 @@ service: ingress: enabled: true annotations: + kubernetes.io/ingress.class: nginx path: / hosts: - nginx-app.example.com From 71b1cc8c3b954f006f20c12db16699e967cd5453 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 9 Oct 2019 15:20:51 -0700 Subject: [PATCH 143/331] Work around issue with containerd and deleting containers. --- bin/debug-host-pod | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bin/debug-host-pod b/bin/debug-host-pod index 8ab4543..4b3950b 100755 --- a/bin/debug-host-pod +++ b/bin/debug-host-pod @@ -52,8 +52,10 @@ spec: volumeMounts: - mountPath: /host name: host + mountPropagation: Bidirectional - mountPath: /dev name: dev + mountPropagation: Bidirectional nodeSelector: kubernetes.io/hostname: $1 tolerations: From 4d05bf0cdc1c284edc76c77b2744d3cabef4c683 Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Fri, 15 Nov 2019 13:14:07 -0800 Subject: [PATCH 144/331] Fixed missing podSelector NetworkPolicy requires a podSelector at the root of the spec --- .../templates/simple-restricted-networkpolicy.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/charts/tenant-namespace/templates/simple-restricted-networkpolicy.yaml b/charts/charts/tenant-namespace/templates/simple-restricted-networkpolicy.yaml index 28308f4..a0553ab 100644 --- a/charts/charts/tenant-namespace/templates/simple-restricted-networkpolicy.yaml +++ b/charts/charts/tenant-namespace/templates/simple-restricted-networkpolicy.yaml @@ -5,6 +5,7 @@ metadata: name: default namespace: {{ .Values.magicnamespace.namespace }} spec: + podSelector: {} policyTypes: - Ingress - Egress From 61886efb363f109f54c2f3536877442371bb4cd9 Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Fri, 15 Nov 2019 13:23:50 -0800 Subject: [PATCH 145/331] Updated tenant-namespace chart version --- charts/charts/tenant-namespace/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/charts/tenant-namespace/Chart.yaml b/charts/charts/tenant-namespace/Chart.yaml index 3df5ec9..7ccfbfd 100644 --- a/charts/charts/tenant-namespace/Chart.yaml +++ b/charts/charts/tenant-namespace/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: Chart for setting up a tenants namespace with all the goodies name: tenant-namespace -version: 0.7.0 +version: 0.7.1 From 7a953d4a2ba9a5f244a41a8f2ea962946c0e2f25 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 25 Nov 2019 09:02:26 -0800 Subject: [PATCH 146/331] Bump containerd version --- containers/rpms-containerd/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/rpms-containerd/Dockerfile b/containers/rpms-containerd/Dockerfile index 8022168..86a444f 100644 --- a/containers/rpms-containerd/Dockerfile +++ b/containers/rpms-containerd/Dockerfile @@ -2,7 +2,7 @@ FROM centos:centos7 MAINTAINER Kevin Fox -ENV VERSION=1.3.0 +ENV VERSION=1.3.1 ADD containerd.spec /root/rpmbuild/SOURCES/containerd.spec ADD rpm.pub /root/rpm.pub From abfc1114156e91911b38f80fe3763d55fd318eb0 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 5 Dec 2019 08:33:29 -0800 Subject: [PATCH 147/331] Bump containerd version again. --- containers/rpms-containerd/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/rpms-containerd/Dockerfile b/containers/rpms-containerd/Dockerfile index 86a444f..d36d293 100644 --- a/containers/rpms-containerd/Dockerfile +++ b/containers/rpms-containerd/Dockerfile @@ -2,7 +2,7 @@ FROM centos:centos7 MAINTAINER Kevin Fox -ENV VERSION=1.3.1 +ENV VERSION=1.3.2 ADD containerd.spec /root/rpmbuild/SOURCES/containerd.spec ADD rpm.pub /root/rpm.pub From 26307ecff310c0bff8bd460956e1c49ccdc5079b Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 2 Jan 2020 13:11:58 -0800 Subject: [PATCH 148/331] Add missing selector to dhcpd daemonset. Signed-off-by: Kevin Fox --- charts/charts/dhcpd/templates/daemonset.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/charts/charts/dhcpd/templates/daemonset.yaml b/charts/charts/dhcpd/templates/daemonset.yaml index a1e2866..3ad7bf5 100644 --- a/charts/charts/dhcpd/templates/daemonset.yaml +++ b/charts/charts/dhcpd/templates/daemonset.yaml @@ -8,6 +8,10 @@ metadata: chart: {{ template "pnnlmiscscripts.dhcp-full.chart" . }} app: {{ template "pnnlmiscscripts.dhcp-full.name" . }} spec: + selector: + matchLabels: + release: {{ .Release.Name | quote }} + app: {{ template "pnnlmiscscripts.dhcp-full.name" . }} updateStrategy: type: RollingUpdate template: From 21a44a0524d107a2be33857e4b34cf3aa2445107 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 2 Jan 2020 13:25:51 -0800 Subject: [PATCH 149/331] Bump api's up to support 1.16+ --- charts/charts/chronyd/Chart.yaml | 2 +- charts/charts/chronyd/templates/daemonset.yaml | 2 +- charts/charts/dhcpd/Chart.yaml | 2 +- charts/charts/pixiecore-simpleconfig/Chart.yaml | 2 +- charts/charts/pixiecore-simpleconfig/templates/deployment.yaml | 2 +- charts/charts/pixiecore/Chart.yaml | 2 +- charts/charts/pixiecore/templates/daemonset.yaml | 3 +++ 7 files changed, 9 insertions(+), 6 deletions(-) diff --git a/charts/charts/chronyd/Chart.yaml b/charts/charts/chronyd/Chart.yaml index d10ea3c..6978a0d 100644 --- a/charts/charts/chronyd/Chart.yaml +++ b/charts/charts/chronyd/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: Chronyd for Kubernetes name: chronyd -version: 0.3.0 +version: 0.4.0 diff --git a/charts/charts/chronyd/templates/daemonset.yaml b/charts/charts/chronyd/templates/daemonset.yaml index 83ba8f1..95059cb 100644 --- a/charts/charts/chronyd/templates/daemonset.yaml +++ b/charts/charts/chronyd/templates/daemonset.yaml @@ -1,4 +1,4 @@ -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: DaemonSet metadata: name: {{ template "pnnlmiscscripts.chronyd.fullname" . }} diff --git a/charts/charts/dhcpd/Chart.yaml b/charts/charts/dhcpd/Chart.yaml index 34dde7e..fc972df 100644 --- a/charts/charts/dhcpd/Chart.yaml +++ b/charts/charts/dhcpd/Chart.yaml @@ -1,5 +1,5 @@ name: dhcpd -version: 0.3.0 +version: 0.4.0 description: Super simple dhcp setup keywords: - dhcp diff --git a/charts/charts/pixiecore-simpleconfig/Chart.yaml b/charts/charts/pixiecore-simpleconfig/Chart.yaml index 52d676f..0285793 100644 --- a/charts/charts/pixiecore-simpleconfig/Chart.yaml +++ b/charts/charts/pixiecore-simpleconfig/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: Helm chart for simple config of pixiecore name: pixiecore-simpleconfig -version: 0.3.0 +version: 0.4.0 diff --git a/charts/charts/pixiecore-simpleconfig/templates/deployment.yaml b/charts/charts/pixiecore-simpleconfig/templates/deployment.yaml index 9a69945..68ef207 100644 --- a/charts/charts/pixiecore-simpleconfig/templates/deployment.yaml +++ b/charts/charts/pixiecore-simpleconfig/templates/deployment.yaml @@ -1,4 +1,4 @@ -apiVersion: apps/v1beta2 +apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "pnnlmiscscripts.pixiecore.simpleconfig.fullname" . }} diff --git a/charts/charts/pixiecore/Chart.yaml b/charts/charts/pixiecore/Chart.yaml index 852e507..13239d4 100755 --- a/charts/charts/pixiecore/Chart.yaml +++ b/charts/charts/pixiecore/Chart.yaml @@ -1,5 +1,5 @@ name: pixiecore -version: 0.2.0 +version: 0.3.0 description: pixiecore maintainers: - name: Kevin Fox diff --git a/charts/charts/pixiecore/templates/daemonset.yaml b/charts/charts/pixiecore/templates/daemonset.yaml index 4a240a8..130bae6 100644 --- a/charts/charts/pixiecore/templates/daemonset.yaml +++ b/charts/charts/pixiecore/templates/daemonset.yaml @@ -8,6 +8,9 @@ metadata: chart: {{ template "pnnlmiscscripts.pixiecore-full.chart" . }} app: {{ template "pnnlmiscscripts.pixiecore-full.name" . }} spec: + selector: + matchLabels: + app: {{ template "pnnlmiscscripts.pixiecore-full.name" . }} updateStrategy: type: RollingUpdate template: From 7b9a4209418143f70669d0a31e563c40386fa457 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 2 Jan 2020 14:09:51 -0800 Subject: [PATCH 150/331] Add initial stab at gitlab-runner-operator container. --- .travis.yml | 5 + containers/gitlab-runner-operator/Dockerfile | 17 ++ containers/gitlab-runner-operator/LICENSE | 202 ++++++++++++++++++ containers/gitlab-runner-operator/buildenv | 1 + ...nl.gov_clustergitlabrunnerflavors_crd.yaml | 22 ++ ...iscscripts.pnnl.gov_gitlabrunners_crd.yaml | 22 ++ ..._v1beta1_clustergitlabrunnerflavor_cr.yaml | 6 + ...ipts.pnnl.gov_v1beta1_gitlabrunner_cr.yaml | 12 ++ .../roles/gitlabrunner/README.md | 38 ++++ .../roles/gitlabrunner/defaults/main.yml | 2 + .../roles/gitlabrunner/handlers/main.yml | 2 + .../roles/gitlabrunner/meta/main.yml | 60 ++++++ .../roles/gitlabrunner/tasks/main.yml | 58 +++++ .../roles/gitlabrunner/vars/main.yml | 2 + .../gitlab-runner-operator/watches.yaml | 5 + 15 files changed, 454 insertions(+) create mode 100644 containers/gitlab-runner-operator/Dockerfile create mode 100644 containers/gitlab-runner-operator/LICENSE create mode 100644 containers/gitlab-runner-operator/buildenv create mode 100644 containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_clustergitlabrunnerflavors_crd.yaml create mode 100644 containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_gitlabrunners_crd.yaml create mode 100644 containers/gitlab-runner-operator/examples/miscscripts.pnnl.gov_v1beta1_clustergitlabrunnerflavor_cr.yaml create mode 100644 containers/gitlab-runner-operator/examples/miscscripts.pnnl.gov_v1beta1_gitlabrunner_cr.yaml create mode 100644 containers/gitlab-runner-operator/roles/gitlabrunner/README.md create mode 100644 containers/gitlab-runner-operator/roles/gitlabrunner/defaults/main.yml create mode 100644 containers/gitlab-runner-operator/roles/gitlabrunner/handlers/main.yml create mode 100644 containers/gitlab-runner-operator/roles/gitlabrunner/meta/main.yml create mode 100644 containers/gitlab-runner-operator/roles/gitlabrunner/tasks/main.yml create mode 100644 containers/gitlab-runner-operator/roles/gitlabrunner/vars/main.yml create mode 100644 containers/gitlab-runner-operator/watches.yaml diff --git a/.travis.yml b/.travis.yml index f951c51..1226fa2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,5 +1,10 @@ jobs: include: + - stage: build + dist: xenial + language: shell + name: Build gitlab-runner-operator container + script: ./containers/build gitlab-runner-operator - stage: build dist: xenial language: shell diff --git a/containers/gitlab-runner-operator/Dockerfile b/containers/gitlab-runner-operator/Dockerfile new file mode 100644 index 0000000..4ffa801 --- /dev/null +++ b/containers/gitlab-runner-operator/Dockerfile @@ -0,0 +1,17 @@ +FROM quay.io/operator-framework/ansible-operator:v0.13.0 + +USER 0 + +RUN \ + curl -o /helm.tar.gz https://get.helm.sh/helm-v3.0.2-linux-amd64.tar.gz && \ + tar -zxvf /helm.tar.gz && \ + mv /linux-amd64/helm /usr/bin/helm && \ + rm -f /helm.tar.gz && \ + helm repo add gitlab https://charts.gitlab.io && \ + helm pull gitlab/gitlab-runner --untar + +USER 1001 + +COPY watches.yaml ${HOME}/watches.yaml + +COPY roles/ ${HOME}/roles/ diff --git a/containers/gitlab-runner-operator/LICENSE b/containers/gitlab-runner-operator/LICENSE new file mode 100644 index 0000000..d645695 --- /dev/null +++ b/containers/gitlab-runner-operator/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/containers/gitlab-runner-operator/buildenv b/containers/gitlab-runner-operator/buildenv new file mode 100644 index 0000000..1b87336 --- /dev/null +++ b/containers/gitlab-runner-operator/buildenv @@ -0,0 +1 @@ +export PREFIX=0.1.0 diff --git a/containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_clustergitlabrunnerflavors_crd.yaml b/containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_clustergitlabrunnerflavors_crd.yaml new file mode 100644 index 0000000..3f1d43b --- /dev/null +++ b/containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_clustergitlabrunnerflavors_crd.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: clustergitlabrunnerflavors.miscscripts.pnnl.gov +spec: + group: miscscripts.pnnl.gov + names: + kind: ClusterGitlabRunnerFlavor + listKind: ClusterGitlabRunnerFlavorList + plural: clustergitlabrunnerflavors + singular: clustergitlabrunnerflavor + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + versions: + - name: v1beta1 + served: true + storage: true diff --git a/containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_gitlabrunners_crd.yaml b/containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_gitlabrunners_crd.yaml new file mode 100644 index 0000000..8619abb --- /dev/null +++ b/containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_gitlabrunners_crd.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: gitlabrunners.miscscripts.pnnl.gov +spec: + group: miscscripts.pnnl.gov + names: + kind: GitlabRunner + listKind: GitlabRunnerList + plural: gitlabrunners + singular: gitlabrunner + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + versions: + - name: v1beta1 + served: true + storage: true diff --git a/containers/gitlab-runner-operator/examples/miscscripts.pnnl.gov_v1beta1_clustergitlabrunnerflavor_cr.yaml b/containers/gitlab-runner-operator/examples/miscscripts.pnnl.gov_v1beta1_clustergitlabrunnerflavor_cr.yaml new file mode 100644 index 0000000..dd7e6d1 --- /dev/null +++ b/containers/gitlab-runner-operator/examples/miscscripts.pnnl.gov_v1beta1_clustergitlabrunnerflavor_cr.yaml @@ -0,0 +1,6 @@ +apiVersion: miscscripts.pnnl.gov/v1beta1 +kind: ClusterGitlabRunnerFlavor +metadata: + name: example +spec: + gitlabUrl: http://localhost:8080 diff --git a/containers/gitlab-runner-operator/examples/miscscripts.pnnl.gov_v1beta1_gitlabrunner_cr.yaml b/containers/gitlab-runner-operator/examples/miscscripts.pnnl.gov_v1beta1_gitlabrunner_cr.yaml new file mode 100644 index 0000000..023c4e1 --- /dev/null +++ b/containers/gitlab-runner-operator/examples/miscscripts.pnnl.gov_v1beta1_gitlabrunner_cr.yaml @@ -0,0 +1,12 @@ +apiVersion: miscscripts.pnnl.gov/v1beta1 +kind: GitlabRunner +metadata: + name: example +spec: + flavorRef: + name: example + kind: ClusterGitlabRunnerFlavor + group: miscscripts.pnnl.gov + runners: + tags: foo,bar + secret: example diff --git a/containers/gitlab-runner-operator/roles/gitlabrunner/README.md b/containers/gitlab-runner-operator/roles/gitlabrunner/README.md new file mode 100644 index 0000000..3ebede3 --- /dev/null +++ b/containers/gitlab-runner-operator/roles/gitlabrunner/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +Apache + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/containers/gitlab-runner-operator/roles/gitlabrunner/defaults/main.yml b/containers/gitlab-runner-operator/roles/gitlabrunner/defaults/main.yml new file mode 100644 index 0000000..a6feae0 --- /dev/null +++ b/containers/gitlab-runner-operator/roles/gitlabrunner/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for gitlabrunner diff --git a/containers/gitlab-runner-operator/roles/gitlabrunner/handlers/main.yml b/containers/gitlab-runner-operator/roles/gitlabrunner/handlers/main.yml new file mode 100644 index 0000000..b9adc54 --- /dev/null +++ b/containers/gitlab-runner-operator/roles/gitlabrunner/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for gitlabrunner diff --git a/containers/gitlab-runner-operator/roles/gitlabrunner/meta/main.yml b/containers/gitlab-runner-operator/roles/gitlabrunner/meta/main.yml new file mode 100644 index 0000000..6d87e5b --- /dev/null +++ b/containers/gitlab-runner-operator/roles/gitlabrunner/meta/main.yml @@ -0,0 +1,60 @@ +galaxy_info: + author: your name + description: your description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Some suggested licenses: + # - BSD (default) + # - MIT + # - GPLv2 + # - GPLv3 + # - Apache + # - CC-BY + license: license (GPLv2, CC-BY, etc) + + min_ansible_version: 2.6 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # Optionally specify the branch Galaxy will use when accessing the GitHub + # repo for this role. During role install, if no tags are available, + # Galaxy will use this branch. During import Galaxy will access files on + # this branch. If Travis integration is configured, only notifications for this + # branch will be accepted. Otherwise, in all cases, the repo's default branch + # (usually master) will be used. + #github_branch: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. \ No newline at end of file diff --git a/containers/gitlab-runner-operator/roles/gitlabrunner/tasks/main.yml b/containers/gitlab-runner-operator/roles/gitlabrunner/tasks/main.yml new file mode 100644 index 0000000..ef70722 --- /dev/null +++ b/containers/gitlab-runner-operator/roles/gitlabrunner/tasks/main.yml @@ -0,0 +1,58 @@ +--- +# tasks file for gitlabrunner +- tempfile: + state: file + suffix: .yaml + register: temp_filename + +- block: + - tempfile: + state: file + suffix: .yaml + register: temp_filename2 + + - block: + - copy: + content: "" + dest: "{{ temp_filename2.path }}" + - block: + - set_fact: + flavor: "{{ lookup('k8s', kind='ClusterGitlabRunnerFlavor', api_version='miscscripts.pnnl.gov/v1beta1', resource_name=_miscscripts_pnnl_gov_gitlabrunner_spec.flavorRef.name) }}" + no_log: True + - copy: + content: "{{ flavor.spec | to_yaml }}" + dest: "{{ temp_filename2.path }}" + no_log: True + when: + - _miscscripts_pnnl_gov_gitlabrunner_spec.flavorRef is defined + - _miscscripts_pnnl_gov_gitlabrunner_spec.flavorRef.kind == "ClusterGitlabRunnerFlavor" + - _miscscripts_pnnl_gov_gitlabrunner_spec.flavorRef.group == "miscscripts.pnnl.gov" + - copy: + content: "{{ _miscscripts_pnnl_gov_gitlabrunner_spec | to_yaml }}" + dest: "{{ temp_filename.path }}" + no_log: True + + - shell: "helm template --namespace {{ meta.namespace }} {{ meta.name }} /gitlab-runner/ -f {{ temp_filename2.path }} -f {{ temp_filename.path }}" + register: objs + no_log: True + + - copy: + content: "{{ objs.stdout }}" + dest: "{{ temp_filename.path }}" + no_log: True + + - k8s: + namespace: "{{ meta.namespace }}" + src: "{{ temp_filename.path }}" + state: present + no_log: True + + always: + - file: + path: "{{ temp_filename2.path }}" + state: absent + + always: + - file: + path: "{{ temp_filename.path }}" + state: absent diff --git a/containers/gitlab-runner-operator/roles/gitlabrunner/vars/main.yml b/containers/gitlab-runner-operator/roles/gitlabrunner/vars/main.yml new file mode 100644 index 0000000..93fb64a --- /dev/null +++ b/containers/gitlab-runner-operator/roles/gitlabrunner/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for gitlabrunner diff --git a/containers/gitlab-runner-operator/watches.yaml b/containers/gitlab-runner-operator/watches.yaml new file mode 100644 index 0000000..cfc9971 --- /dev/null +++ b/containers/gitlab-runner-operator/watches.yaml @@ -0,0 +1,5 @@ +--- +- version: v1beta1 + group: miscscripts.pnnl.gov + kind: GitlabRunner + role: /opt/ansible/roles/gitlabrunner From 21ea00f75a7b9d5ec64ec7e81e237bcc2b88c7ca Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 2 Jan 2020 15:49:47 -0800 Subject: [PATCH 151/331] Add helm chart for gitlab-runner-operator --- .../charts/gitlab-runner-operator/Chart.yaml | 21 +++++ .../charts/gitlab-runner-operator/README.md | 71 ++++++++++++++++ .../templates/_helpers.tpl | 63 +++++++++++++++ .../templates/clusterrole.yaml | 15 ++++ .../templates/clusterrolebinding.yaml | 14 ++++ .../templates/deployment.yaml | 77 ++++++++++++++++++ .../templates/role.yaml | 81 +++++++++++++++++++ .../templates/rolebinding.yaml | 24 ++++++ .../templates/serviceaccount.yaml | 8 ++ .../charts/gitlab-runner-operator/values.yaml | 51 ++++++++++++ 10 files changed, 425 insertions(+) create mode 100644 charts/charts/gitlab-runner-operator/Chart.yaml create mode 100644 charts/charts/gitlab-runner-operator/README.md create mode 100644 charts/charts/gitlab-runner-operator/templates/_helpers.tpl create mode 100644 charts/charts/gitlab-runner-operator/templates/clusterrole.yaml create mode 100644 charts/charts/gitlab-runner-operator/templates/clusterrolebinding.yaml create mode 100644 charts/charts/gitlab-runner-operator/templates/deployment.yaml create mode 100644 charts/charts/gitlab-runner-operator/templates/role.yaml create mode 100644 charts/charts/gitlab-runner-operator/templates/rolebinding.yaml create mode 100644 charts/charts/gitlab-runner-operator/templates/serviceaccount.yaml create mode 100644 charts/charts/gitlab-runner-operator/values.yaml diff --git a/charts/charts/gitlab-runner-operator/Chart.yaml b/charts/charts/gitlab-runner-operator/Chart.yaml new file mode 100644 index 0000000..15a1fcb --- /dev/null +++ b/charts/charts/gitlab-runner-operator/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +name: gitlab-runner-operator +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. +appVersion: 0.1.0-1 diff --git a/charts/charts/gitlab-runner-operator/README.md b/charts/charts/gitlab-runner-operator/README.md new file mode 100644 index 0000000..d0ab015 --- /dev/null +++ b/charts/charts/gitlab-runner-operator/README.md @@ -0,0 +1,71 @@ +# gitlab-runner-operator + +The gitlab-runner-operator chart launches an instance of the gitlab-runner-operator allowing you to quickly deploy gitlab-runners in a Kubernetes native way. + + +## Install Chart + +Apply the CRD's if not already done so: +```bash +kubectl apply -f https://raw.githubusercontent.com/pnnl-miscscripts/miscscripts/master/containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_clustergitlabrunnerflavors_crd.yaml +kubectl apply -f https://raw.githubusercontent.com/pnnl-miscscripts/miscscripts/master/containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_gitlabrunners_crd.yaml +``` + +To install the Chart into your Kubernetes cluster (Helm 3 only) : + +```bash +kubectl create namespace gitlab-runner-operator +helm upgrade --install gitlab-runner-operator --namespace "gitlab-runner-operator" pnnl-miscscripts/gitlab-runner-operator +``` + +After installation succeeds, you can get a status of Chart + +```bash +helm status "gitlab-runner-operator" --namespace "gitlab-runner-operator" +``` + +If you want to delete your Chart, use this command: + +```bash +helm delete "gitlab-runner-operator" +``` + +### Usage +You can create a cluster wide gitlab flavor like: +```yaml +apiVersion: miscscripts.pnnl.gov/v1beta1 +kind: ClusterGitlabRunnerFlavor +metadata: + name: example +spec: + gitlabUrl: http://localhost:8080 +``` + +To deploy a runner, you may do so like: +```yaml +apiVersion: miscscripts.pnnl.gov/v1beta1 +kind: GitlabRunner +metadata: + name: example +spec: + flavorRef: + name: example + kind: ClusterGitlabRunnerFlavor + group: miscscripts.pnnl.gov + runners: + tags: foo,bar + secret: example +``` + +When a flavorRef is specified, settings in the flavor are added to the Runner. The Runner config overrides the flavor config. + +The content of the spec in both ClusterGitlabRunnerFlavor and GitlabRunner is values as specified here: +``` +https://gitlab.com/gitlab-org/charts/gitlab-runner/blob/master/values.yaml +``` + +It is highly recommended that you don't include the gitlab runner token in the CR but upload it as its own secret and specify it to the GitlabRunner CR as above. +Upload the secret like: +```bash +kubectl create secret generic example --from-literal=runner-registration-token= --from-literal=runner-token="" +``` diff --git a/charts/charts/gitlab-runner-operator/templates/_helpers.tpl b/charts/charts/gitlab-runner-operator/templates/_helpers.tpl new file mode 100644 index 0000000..267025c --- /dev/null +++ b/charts/charts/gitlab-runner-operator/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "gitlab-runner-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "gitlab-runner-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "gitlab-runner-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "gitlab-runner-operator.labels" -}} +helm.sh/chart: {{ include "gitlab-runner-operator.chart" . }} +{{ include "gitlab-runner-operator.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "gitlab-runner-operator.selectorLabels" -}} +app.kubernetes.io/name: {{ include "gitlab-runner-operator.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "gitlab-runner-operator.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "gitlab-runner-operator.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/charts/charts/gitlab-runner-operator/templates/clusterrole.yaml b/charts/charts/gitlab-runner-operator/templates/clusterrole.yaml new file mode 100644 index 0000000..6b69fdd --- /dev/null +++ b/charts/charts/gitlab-runner-operator/templates/clusterrole.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "gitlab-runner-operator.fullname" . }}-fl + labels: +{{ include "gitlab-runner-operator.labels" . | nindent 4 }} +rules: +- apiGroups: + - miscscripts.pnnl.gov + resources: + - 'clustergitlabrunnerflavors' + verbs: + - get + - list + - watch diff --git a/charts/charts/gitlab-runner-operator/templates/clusterrolebinding.yaml b/charts/charts/gitlab-runner-operator/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..d79603a --- /dev/null +++ b/charts/charts/gitlab-runner-operator/templates/clusterrolebinding.yaml @@ -0,0 +1,14 @@ +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "gitlab-runner-operator.fullname" . }}-fl + labels: +{{ include "gitlab-runner-operator.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ include "gitlab-runner-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ include "gitlab-runner-operator.fullname" . }}-fl + apiGroup: rbac.authorization.k8s.io diff --git a/charts/charts/gitlab-runner-operator/templates/deployment.yaml b/charts/charts/gitlab-runner-operator/templates/deployment.yaml new file mode 100644 index 0000000..1cac348 --- /dev/null +++ b/charts/charts/gitlab-runner-operator/templates/deployment.yaml @@ -0,0 +1,77 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "gitlab-runner-operator.fullname" . }} + labels: + {{- include "gitlab-runner-operator.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "gitlab-runner-operator.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "gitlab-runner-operator.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "gitlab-runner-operator.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: ansible + command: + - /usr/local/bin/ao-logs + - /tmp/ansible-operator/runner + - stdout + image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + volumeMounts: + - mountPath: /tmp/ansible-operator/runner + name: runner + readOnly: true + - name: operator + image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + volumeMounts: + - mountPath: /tmp/ansible-operator/runner + name: runner + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + env: + - name: WATCH_NAMESPACE +{{- if eq .Values.mode "cluster" }} + value: "" +{{- else if eq .Values.mode "cluster" }} + valueFrom: + fieldRef: + fieldPath: metadata.namespace +{{- end }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: "gitlab-runner-operator" + - name: ANSIBLE_GATHERING + value: explicit + volumes: + - name: runner + emptyDir: {} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/charts/gitlab-runner-operator/templates/role.yaml b/charts/charts/gitlab-runner-operator/templates/role.yaml new file mode 100644 index 0000000..6963d7b --- /dev/null +++ b/charts/charts/gitlab-runner-operator/templates/role.yaml @@ -0,0 +1,81 @@ +apiVersion: rbac.authorization.k8s.io/v1 +{{- if eq .Values.mode "cluster" }} +kind: ClusterRole +{{- else if eq .Values.mode "cluster" }} +kind: Role +{{- end }} +metadata: + name: {{ include "gitlab-runner-operator.fullname" . }} + labels: +{{ include "gitlab-runner-operator.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - pods + - services + - services/finalizers + - endpoints + - events + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + - replicasets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - apps + resourceNames: + - gitlab-runner-operator + resources: + - deployments/finalizers + verbs: + - update +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + - deployments + verbs: + - get +- apiGroups: + - miscscripts.pnnl.gov + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/charts/charts/gitlab-runner-operator/templates/rolebinding.yaml b/charts/charts/gitlab-runner-operator/templates/rolebinding.yaml new file mode 100644 index 0000000..b09eb9b --- /dev/null +++ b/charts/charts/gitlab-runner-operator/templates/rolebinding.yaml @@ -0,0 +1,24 @@ +apiVersion: rbac.authorization.k8s.io/v1 +{{- if eq .Values.mode "cluster" }} +kind: ClusterRoleBinding +{{- else if eq .Values.mode "cluster" }} +kind: RoleBinding +{{- end }} +metadata: + name: {{ include "gitlab-runner-operator.fullname" . }} + labels: +{{ include "gitlab-runner-operator.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ include "gitlab-runner-operator.serviceAccountName" . }} +{{- if eq .Values.mode "cluster" }} + namespace: {{ .Release.Namespace }} +{{- end }} +roleRef: +{{- if eq .Values.mode "cluster" }} + kind: ClusterRole +{{- else if eq .Values.mode "cluster" }} + kind: Role +{{- end}} + name: {{ include "gitlab-runner-operator.fullname" . }} + apiGroup: rbac.authorization.k8s.io diff --git a/charts/charts/gitlab-runner-operator/templates/serviceaccount.yaml b/charts/charts/gitlab-runner-operator/templates/serviceaccount.yaml new file mode 100644 index 0000000..ec54a61 --- /dev/null +++ b/charts/charts/gitlab-runner-operator/templates/serviceaccount.yaml @@ -0,0 +1,8 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "gitlab-runner-operator.serviceAccountName" . }} + labels: +{{ include "gitlab-runner-operator.labels" . | nindent 4 }} +{{- end -}} diff --git a/charts/charts/gitlab-runner-operator/values.yaml b/charts/charts/gitlab-runner-operator/values.yaml new file mode 100644 index 0000000..a3f4b9c --- /dev/null +++ b/charts/charts/gitlab-runner-operator/values.yaml @@ -0,0 +1,51 @@ +# Default values for gitlab-runner-operator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +mode: cluster # or namespaced. Note, only cluster is currently been tested. + +replicaCount: 1 + +image: + repository: pnnlmiscscripts/gitlab-runner-operator + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} From 60f29242a87e26d4e06cc070fd30dbb4c1f52118 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 2 Jan 2020 15:51:17 -0800 Subject: [PATCH 152/331] Build chart in travis. --- charts/charts/buildall | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/charts/buildall b/charts/charts/buildall index 59a2c60..010c432 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -37,7 +37,7 @@ for ver in 1-14 1-15 1-16; do done CHANGE=0 -for CHART in nginx-app console chronyd dhcpd k8s-node-image tenant-namespace pixiecore pixiecore-simpleconfig; do +for CHART in nginx-app console chronyd dhcpd k8s-node-image tenant-namespace pixiecore pixiecore-simpleconfig gitlab-runner-operator; do RAWCHART=$CHART case "$CHART" in k8s-node-image) From 52a45f33f55df1969671545187c91e509c8d9ca6 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 3 Jan 2020 08:37:37 -0800 Subject: [PATCH 153/331] Update buildall to use helm 3. Signed-off-by: Kevin Fox --- charts/charts/buildall | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/charts/charts/buildall b/charts/charts/buildall index 010c432..8b15549 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -8,17 +8,16 @@ pushd $(dirname "$0") [ ! -d hubbuildtools ] && git clone https://github.com/kfox1111/hubbuildtools if [ "x$TRAVIS" != "x" ]; then - curl https://raw.githubusercontent.com/helm/helm/master/scripts/get > get_helm.sh + curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 > get_helm.sh chmod 700 get_helm.sh ./get_helm.sh - helm init -c + helm repo add stable https://kubernetes-charts.storage.googleapis.com fi mkdir -p charts/docs mkdir -p charts/tags mkdir -p charts/vers -helm init --client-only helm repo add pnnl-miscscripts-image-library-charts https://pnnl-miscscripts.github.io/image-library-charts/ helm repo update From 164879b782bfd3743a997841a6fd651a6dcb8e0a Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 3 Jan 2020 08:55:11 -0800 Subject: [PATCH 154/331] Add rbac permissions for users to use gitlabrunners Signed-off-by: Kevin Fox --- .../templates/flavor-clusterrole.yaml | 17 ++++++++++++++ .../templates/runner-clusterrole.yaml | 23 +++++++++++++++++++ .../charts/gitlab-runner-operator/values.yaml | 4 ++++ 3 files changed, 44 insertions(+) create mode 100644 charts/charts/gitlab-runner-operator/templates/flavor-clusterrole.yaml create mode 100644 charts/charts/gitlab-runner-operator/templates/runner-clusterrole.yaml diff --git a/charts/charts/gitlab-runner-operator/templates/flavor-clusterrole.yaml b/charts/charts/gitlab-runner-operator/templates/flavor-clusterrole.yaml new file mode 100644 index 0000000..d084711 --- /dev/null +++ b/charts/charts/gitlab-runner-operator/templates/flavor-clusterrole.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: clustergitlabrunnerflavors-edit +rules: +- apiGroups: + - miscscripts.pnnl.gov + resources: + - clustergitlabrunnerflavors + verbs: + - get + - list + - watch + - create + - update + - patch + - delete diff --git a/charts/charts/gitlab-runner-operator/templates/runner-clusterrole.yaml b/charts/charts/gitlab-runner-operator/templates/runner-clusterrole.yaml new file mode 100644 index 0000000..54bd37c --- /dev/null +++ b/charts/charts/gitlab-runner-operator/templates/runner-clusterrole.yaml @@ -0,0 +1,23 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: gitlabrunner-edit + labels: +{{- if .Values.rbac.aggregate }} + # Add these permissions to the "admin" and "edit" default roles. + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +{{- end }} +rules: +- apiGroups: + - miscscripts.pnnl.gov + resources: + - gitlabrunners + verbs: + - get + - list + - watch + - create + - update + - patch + - delete diff --git a/charts/charts/gitlab-runner-operator/values.yaml b/charts/charts/gitlab-runner-operator/values.yaml index a3f4b9c..2f57205 100644 --- a/charts/charts/gitlab-runner-operator/values.yaml +++ b/charts/charts/gitlab-runner-operator/values.yaml @@ -4,6 +4,10 @@ mode: cluster # or namespaced. Note, only cluster is currently been tested. +rbac: + # Allow admin/edit roles to create runners without extra bindings. + aggregate: true + replicaCount: 1 image: From 19e74567bb78ef8829f3254d58f4dea85ea94165 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 17 Jan 2020 14:08:49 -0800 Subject: [PATCH 155/331] gitlab-runner support for unregistering runners when secrets are used. --- .../charts/gitlab-runner-operator/Chart.yaml | 2 +- .../charts/gitlab-runner-operator/README.md | 1 + containers/gitlab-runner-operator/Dockerfile | 13 +++++++-- containers/gitlab-runner-operator/buildenv | 2 +- containers/gitlab-runner-operator/chart.patch | 29 +++++++++++++++++++ ..._v1beta1_clustergitlabrunnerflavor_cr.yaml | 1 + 6 files changed, 43 insertions(+), 5 deletions(-) create mode 100644 containers/gitlab-runner-operator/chart.patch diff --git a/charts/charts/gitlab-runner-operator/Chart.yaml b/charts/charts/gitlab-runner-operator/Chart.yaml index 15a1fcb..530f597 100644 --- a/charts/charts/gitlab-runner-operator/Chart.yaml +++ b/charts/charts/gitlab-runner-operator/Chart.yaml @@ -18,4 +18,4 @@ version: 0.1.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: 0.1.0-1 +appVersion: 0.1.1-1 diff --git a/charts/charts/gitlab-runner-operator/README.md b/charts/charts/gitlab-runner-operator/README.md index d0ab015..876940d 100644 --- a/charts/charts/gitlab-runner-operator/README.md +++ b/charts/charts/gitlab-runner-operator/README.md @@ -39,6 +39,7 @@ metadata: name: example spec: gitlabUrl: http://localhost:8080 + unregisterRunnersWhenSecret: true ``` To deploy a runner, you may do so like: diff --git a/containers/gitlab-runner-operator/Dockerfile b/containers/gitlab-runner-operator/Dockerfile index 4ffa801..a4bc030 100644 --- a/containers/gitlab-runner-operator/Dockerfile +++ b/containers/gitlab-runner-operator/Dockerfile @@ -2,16 +2,23 @@ FROM quay.io/operator-framework/ansible-operator:v0.13.0 USER 0 +COPY chart.patch /chart.patch + RUN \ + yum install -y patch && \ + yum clean all && \ curl -o /helm.tar.gz https://get.helm.sh/helm-v3.0.2-linux-amd64.tar.gz && \ tar -zxvf /helm.tar.gz && \ mv /linux-amd64/helm /usr/bin/helm && \ rm -f /helm.tar.gz && \ helm repo add gitlab https://charts.gitlab.io && \ - helm pull gitlab/gitlab-runner --untar - -USER 1001 + helm pull gitlab/gitlab-runner --untar && \ + cd gitlab-runner && \ + patch -p1 < /chart.patch && \ + yum remove -y patch COPY watches.yaml ${HOME}/watches.yaml COPY roles/ ${HOME}/roles/ + +USER 1001 diff --git a/containers/gitlab-runner-operator/buildenv b/containers/gitlab-runner-operator/buildenv index 1b87336..a5b7004 100644 --- a/containers/gitlab-runner-operator/buildenv +++ b/containers/gitlab-runner-operator/buildenv @@ -1 +1 @@ -export PREFIX=0.1.0 +export PREFIX=0.1.1 diff --git a/containers/gitlab-runner-operator/chart.patch b/containers/gitlab-runner-operator/chart.patch new file mode 100644 index 0000000..5cbda16 --- /dev/null +++ b/containers/gitlab-runner-operator/chart.patch @@ -0,0 +1,29 @@ +diff --git a/templates/deployment.yaml b/templates/deployment.yaml +index b3512a9..8494f76 100644 +--- a/templates/deployment.yaml ++++ b/templates/deployment.yaml +@@ -68,7 +68,7 @@ spec: + - name: {{ include "gitlab-runner.fullname" . }} + image: {{ include "gitlab-runner.image" . }} + imagePullPolicy: {{ default "" .Values.imagePullPolicy | quote }} +- {{- if and .Values.unregisterRunners .Values.runnerRegistrationToken }} ++ {{- if and .Values.unregisterRunners (or .Values.runnerRegistrationToken .Values.unregisterRunnersWhenSecret) }} + lifecycle: + preStop: + exec: +diff --git a/values.yaml b/values.yaml +index 7ece354..a4f77c6 100644 +--- a/values.yaml ++++ b/values.yaml +@@ -37,7 +37,11 @@ imagePullPolicy: IfNotPresent + ## non-existant runners. Un-registering the runner before termination mitigates this issue. + ## ref: https://docs.gitlab.com/runner/commands/README.html#gitlab-runner-unregister + ## ++## This only works when used with runnerRegistrationToken. If using an external secret ++## and want unregistration to work, also specify unregisterRunnersWhenSecret ++## + unregisterRunners: true ++unregisterRunnersWhenSecret: false + + ## When stopping ther runner, give it time to wait for it's jobs to terminate. + ## diff --git a/containers/gitlab-runner-operator/examples/miscscripts.pnnl.gov_v1beta1_clustergitlabrunnerflavor_cr.yaml b/containers/gitlab-runner-operator/examples/miscscripts.pnnl.gov_v1beta1_clustergitlabrunnerflavor_cr.yaml index dd7e6d1..a984a45 100644 --- a/containers/gitlab-runner-operator/examples/miscscripts.pnnl.gov_v1beta1_clustergitlabrunnerflavor_cr.yaml +++ b/containers/gitlab-runner-operator/examples/miscscripts.pnnl.gov_v1beta1_clustergitlabrunnerflavor_cr.yaml @@ -4,3 +4,4 @@ metadata: name: example spec: gitlabUrl: http://localhost:8080 + unregisterRunnersWhenSecret: true From 6dc7103278df15348dc67375fe9225fc2deb338a Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 17 Jan 2020 14:44:33 -0800 Subject: [PATCH 156/331] Fix build of gitlab-runner-operator chart --- charts/charts/buildall | 4 +++- charts/charts/gitlab-runner-operator/Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/charts/charts/buildall b/charts/charts/buildall index 8b15549..ed0ad2a 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -87,7 +87,9 @@ for CHART in nginx-app console chronyd dhcpd k8s-node-image tenant-namespace pix echo New version: $NEWVERSION sed -i "s/^version: .*/version: $NEWVERSION/" ../../$CHART/Chart.yaml if [ "$SUBBUILD" == "latest" ]; then - sed -i "s/^appVersion: .*/appVersion: $NEWVERSION/" ../../$CHART/Chart.yaml + if [ "$CHART" != "gitlab-runner-operator" ]; then + sed -i "s/^appVersion: .*/appVersion: $NEWVERSION/" ../../$CHART/Chart.yaml + fi fi fi helm package ../../$CHART diff --git a/charts/charts/gitlab-runner-operator/Chart.yaml b/charts/charts/gitlab-runner-operator/Chart.yaml index 530f597..3540668 100644 --- a/charts/charts/gitlab-runner-operator/Chart.yaml +++ b/charts/charts/gitlab-runner-operator/Chart.yaml @@ -14,7 +14,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.1.0 +version: 0.1.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. From fe2ebdb717e1abc64ae69c793bfc71538e1d58fe Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 17 Jan 2020 15:17:59 -0800 Subject: [PATCH 157/331] Update fingerprint so it will build. --- containers/gitlab-runner-operator/Dockerfile | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/containers/gitlab-runner-operator/Dockerfile b/containers/gitlab-runner-operator/Dockerfile index a4bc030..7d75d5c 100644 --- a/containers/gitlab-runner-operator/Dockerfile +++ b/containers/gitlab-runner-operator/Dockerfile @@ -3,6 +3,8 @@ FROM quay.io/operator-framework/ansible-operator:v0.13.0 USER 0 COPY chart.patch /chart.patch +COPY watches.yaml ${HOME}/watches.yaml +COPY roles/ ${HOME}/roles/ RUN \ yum install -y patch && \ @@ -15,10 +17,10 @@ RUN \ helm pull gitlab/gitlab-runner --untar && \ cd gitlab-runner && \ patch -p1 < /chart.patch && \ - yum remove -y patch - -COPY watches.yaml ${HOME}/watches.yaml - -COPY roles/ ${HOME}/roles/ + cd .. & \ + yum remove -y patch && \ + cd ${HOME} && \ + find roles/ -type f -exec md5sum {} \; > /.extrafingerprints && \ + md5sum watches.yaml >> /.extrafingerprints USER 1001 From e745414e57a2475605fdc61c6be844f8c7481bb1 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 17 Jan 2020 15:29:42 -0800 Subject: [PATCH 158/331] Fix missing & --- containers/gitlab-runner-operator/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/gitlab-runner-operator/Dockerfile b/containers/gitlab-runner-operator/Dockerfile index 7d75d5c..356da88 100644 --- a/containers/gitlab-runner-operator/Dockerfile +++ b/containers/gitlab-runner-operator/Dockerfile @@ -17,7 +17,7 @@ RUN \ helm pull gitlab/gitlab-runner --untar && \ cd gitlab-runner && \ patch -p1 < /chart.patch && \ - cd .. & \ + cd .. && \ yum remove -y patch && \ cd ${HOME} && \ find roles/ -type f -exec md5sum {} \; > /.extrafingerprints && \ From d3c74bf33ab1844cceb0f592340202a29d5ad9c1 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 30 Jan 2020 09:40:12 -0800 Subject: [PATCH 159/331] Support extra volume mounts in gitlab-runner-operator --- .../charts/gitlab-runner-operator/Chart.yaml | 4 +- containers/gitlab-runner-operator/Dockerfile | 2 + containers/gitlab-runner-operator/buildenv | 2 +- .../gitlab-runner-operator/volume.patch | 74 +++++++++++++++++++ 4 files changed, 79 insertions(+), 3 deletions(-) create mode 100644 containers/gitlab-runner-operator/volume.patch diff --git a/charts/charts/gitlab-runner-operator/Chart.yaml b/charts/charts/gitlab-runner-operator/Chart.yaml index 3540668..7926392 100644 --- a/charts/charts/gitlab-runner-operator/Chart.yaml +++ b/charts/charts/gitlab-runner-operator/Chart.yaml @@ -14,8 +14,8 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.1.1 +version: 0.1.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: 0.1.1-1 +appVersion: 0.1.2-1 diff --git a/containers/gitlab-runner-operator/Dockerfile b/containers/gitlab-runner-operator/Dockerfile index 356da88..227f1c7 100644 --- a/containers/gitlab-runner-operator/Dockerfile +++ b/containers/gitlab-runner-operator/Dockerfile @@ -3,6 +3,7 @@ FROM quay.io/operator-framework/ansible-operator:v0.13.0 USER 0 COPY chart.patch /chart.patch +COPY volume.patch /volume.patch COPY watches.yaml ${HOME}/watches.yaml COPY roles/ ${HOME}/roles/ @@ -17,6 +18,7 @@ RUN \ helm pull gitlab/gitlab-runner --untar && \ cd gitlab-runner && \ patch -p1 < /chart.patch && \ + patch -p1 < /volume.patch && \ cd .. && \ yum remove -y patch && \ cd ${HOME} && \ diff --git a/containers/gitlab-runner-operator/buildenv b/containers/gitlab-runner-operator/buildenv index a5b7004..397c88c 100644 --- a/containers/gitlab-runner-operator/buildenv +++ b/containers/gitlab-runner-operator/buildenv @@ -1 +1 @@ -export PREFIX=0.1.1 +export PREFIX=0.1.2 diff --git a/containers/gitlab-runner-operator/volume.patch b/containers/gitlab-runner-operator/volume.patch new file mode 100644 index 0000000..9418d34 --- /dev/null +++ b/containers/gitlab-runner-operator/volume.patch @@ -0,0 +1,74 @@ +#Origionally from https://gitlab.com/gitlab-org/charts/gitlab-runner/-/merge_requests/191/diffs.patch +#Added extraVolumeMounts for init container too. + +From 2d1c08c08f48fd31ddda05ce3dfe15cf465a4a56 Mon Sep 17 00:00:00 2001 +From: Valdis Rigdon +Date: Mon, 22 Jul 2019 11:22:54 -0400 +Subject: [PATCH] Adds templating for extra containers, volumes, and + volumeMounts + +This gives the chart the ability to run extra containers as part of the +Deployment which can generate files to be shared into the gitlab-runner +container. +--- + templates/deployment.yaml | 9 +++++++++ + values.yaml | 9 +++++++++ + 2 files changed, 18 insertions(+) + +diff --git a/templates/deployment.yaml b/templates/deployment.yaml +index b3512a99..04dedf81 100644 +--- a/templates/deployment.yaml ++++ b/templates/deployment.yaml +@@ -61,6 +61,9 @@ + readOnly: true + mountPath: /home/gitlab-runner/.gitlab-runner/certs/ + {{- end }} ++ {{- if .Values.extraVolumeMounts }} ++{{ toYaml .Values.extraVolumeMounts | indent 8 }} ++ {{- end }} + resources: + {{ toYaml .Values.resources | indent 10 }} + serviceAccountName: {{ if .Values.rbac.create }}{{ include "gitlab-runner.fullname" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }} +@@ -108,6 +108,12 @@ spec: + readOnly: true + mountPath: /home/gitlab-runner/.gitlab-runner/certs/ + {{- end }} ++ {{- if .Values.extraVolumeMounts }} ++{{ toYaml .Values.extraVolumeMounts | indent 8 }} ++ {{- end }} ++ {{- if .Values.extraContainers }} ++{{ toYaml .Values.extraContainers | indent 6 }} ++ {{- end }} + resources: + {{ toYaml .Values.resources | indent 10 }} + volumes: +@@ -147,6 +153,9 @@ spec: + - name: scripts + configMap: + name: {{ include "gitlab-runner.fullname" . }} ++ {{- if .Values.extraVolumes }} ++{{ toYaml .Values.extraVolumes | indent 6 }} ++ {{- end }} + {{- if .Values.affinity }} + affinity: + {{ toYaml .Values.affinity | indent 8 }} +diff --git a/values.yaml b/values.yaml +index 7ece3544..efc2335f 100644 +--- a/values.yaml ++++ b/values.yaml +@@ -363,3 +363,12 @@ podLabels: {} + # pods: + # metricName: gitlab_runner_jobs + # targetAverageValue: 400m ++ ++## extra containers to run ++extraContainers: {} ++ ++## extra volume mounts for the gitlab-runner container ++extraVolumeMounts: {} ++ ++## extra volumes ++extraVolumes: {} +-- +2.24.1 + From c732e1e5d3f37c75f37f79369de9be3ff0088093 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 30 Jan 2020 11:08:23 -0800 Subject: [PATCH 160/331] Add version to fingerprint --- containers/gitlab-runner-operator/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/containers/gitlab-runner-operator/Dockerfile b/containers/gitlab-runner-operator/Dockerfile index 227f1c7..b4f8482 100644 --- a/containers/gitlab-runner-operator/Dockerfile +++ b/containers/gitlab-runner-operator/Dockerfile @@ -23,6 +23,7 @@ RUN \ yum remove -y patch && \ cd ${HOME} && \ find roles/ -type f -exec md5sum {} \; > /.extrafingerprints && \ + echo 0.1.2 >> /.extrafingerprints md5sum watches.yaml >> /.extrafingerprints USER 1001 From b0040f88e43989cc75b3082f0c2fe63e6deed1db Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 30 Jan 2020 11:27:53 -0800 Subject: [PATCH 161/331] Fix adding version to fingerprint --- containers/gitlab-runner-operator/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/gitlab-runner-operator/Dockerfile b/containers/gitlab-runner-operator/Dockerfile index b4f8482..1975c6b 100644 --- a/containers/gitlab-runner-operator/Dockerfile +++ b/containers/gitlab-runner-operator/Dockerfile @@ -23,7 +23,7 @@ RUN \ yum remove -y patch && \ cd ${HOME} && \ find roles/ -type f -exec md5sum {} \; > /.extrafingerprints && \ - echo 0.1.2 >> /.extrafingerprints + echo 0.1.2 >> /.extrafingerprints && \ md5sum watches.yaml >> /.extrafingerprints USER 1001 From b43a9e9028a0041a312458956e7d86abf8ef0f7f Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 10 Feb 2020 09:14:34 -0800 Subject: [PATCH 162/331] Bump up containerd version. Signed-off-by: Kevin Fox --- containers/rpms-containerd/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/rpms-containerd/Dockerfile b/containers/rpms-containerd/Dockerfile index d36d293..7d2c0aa 100644 --- a/containers/rpms-containerd/Dockerfile +++ b/containers/rpms-containerd/Dockerfile @@ -2,7 +2,7 @@ FROM centos:centos7 MAINTAINER Kevin Fox -ENV VERSION=1.3.2 +ENV VERSION=1.3.3 ADD containerd.spec /root/rpmbuild/SOURCES/containerd.spec ADD rpm.pub /root/rpm.pub From 3afa17b21eb241e008f24488e31f7c316b075994 Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Fri, 20 Mar 2020 11:26:53 -0700 Subject: [PATCH 163/331] [tenant-namespace] Added generic extra quota spec --- charts/charts/tenant-namespace/templates/resourcequota.yaml | 5 ++++- charts/charts/tenant-namespace/values.yaml | 5 +++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/charts/charts/tenant-namespace/templates/resourcequota.yaml b/charts/charts/tenant-namespace/templates/resourcequota.yaml index 7f7289f..d1e6767 100644 --- a/charts/charts/tenant-namespace/templates/resourcequota.yaml +++ b/charts/charts/tenant-namespace/templates/resourcequota.yaml @@ -14,4 +14,7 @@ spec: requests.cpu: {{ .Values.quota.requests.cpu }} requests.memory: {{ .Values.quota.requests.memory }} limits.cpu: {{ .Values.quota.limits.cpu }} - limits.memory: {{ .Values.quota.limits.memory }} \ No newline at end of file + limits.memory: {{ .Values.quota.limits.memory }} + {{- range $key, $val := .Values.quota.extraQuota }} + {{ $key }}: {{ $val | quote }} + {{- end }} diff --git a/charts/charts/tenant-namespace/values.yaml b/charts/charts/tenant-namespace/values.yaml index 76f2da8..b4106a8 100644 --- a/charts/charts/tenant-namespace/values.yaml +++ b/charts/charts/tenant-namespace/values.yaml @@ -92,6 +92,11 @@ quota: requests: cpu: 5 memory: 4Gi + extraQuota: +# requests.storage: 5Gi +# persistentvolumeclaims: 5 +# foobar.storageclass.storage.k8s.io/requests.storage: 5Gi +# foobar.storageclass.storage.k8s.io/persistentvolumeclaims: 5 limitRange: limits: From 348352759a68c9ce13e8d889aec5e3d5f8f19bcf Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 20 Mar 2020 12:46:46 -0700 Subject: [PATCH 164/331] Add OperatorGroup to tenant-namespace chart. --- charts/charts/tenant-namespace/Chart.yaml | 2 +- .../tenant-namespace/templates/operatorgroup.yaml | 15 +++++++++++++++ charts/charts/tenant-namespace/values.yaml | 4 ++++ 3 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 charts/charts/tenant-namespace/templates/operatorgroup.yaml diff --git a/charts/charts/tenant-namespace/Chart.yaml b/charts/charts/tenant-namespace/Chart.yaml index 7ccfbfd..fc8ecd9 100644 --- a/charts/charts/tenant-namespace/Chart.yaml +++ b/charts/charts/tenant-namespace/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: Chart for setting up a tenants namespace with all the goodies name: tenant-namespace -version: 0.7.1 +version: 0.7.2 diff --git a/charts/charts/tenant-namespace/templates/operatorgroup.yaml b/charts/charts/tenant-namespace/templates/operatorgroup.yaml new file mode 100644 index 0000000..dc42683 --- /dev/null +++ b/charts/charts/tenant-namespace/templates/operatorgroup.yaml @@ -0,0 +1,15 @@ +{{- if .Values.operatorGroup.enabled }} +apiVersion: operators.coreos.com/v1 +kind: OperatorGroup +metadata: + name: {{ .Values.magicnamespace.namespace }} + namespace: {{ .Values.magicnamespace.namespace }} + labels: + app: {{ template "namespace.name" . }} + chart: {{ template "namespace.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + targetNamespaces: + - {{ .Values.magicnamespace.namespace }} +{{- end }} diff --git a/charts/charts/tenant-namespace/values.yaml b/charts/charts/tenant-namespace/values.yaml index b4106a8..497294e 100644 --- a/charts/charts/tenant-namespace/values.yaml +++ b/charts/charts/tenant-namespace/values.yaml @@ -107,3 +107,7 @@ limitRange: cpu: 100m memory: 256Mi type: Container + +operatorGroup: + enabled: false + From ba3dd10f0de72b460fb981c6217f1ac0e2f20e95 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 30 Mar 2020 17:16:58 -0700 Subject: [PATCH 165/331] Bump up nginx ingress version to 1.34.2. --- charts/charts/tenant-namespace/Chart.yaml | 2 +- charts/charts/tenant-namespace/requirements.yaml | 2 +- charts/charts/tenant-namespace/values.yaml | 2 ++ 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/charts/charts/tenant-namespace/Chart.yaml b/charts/charts/tenant-namespace/Chart.yaml index fc8ecd9..a86ffd0 100644 --- a/charts/charts/tenant-namespace/Chart.yaml +++ b/charts/charts/tenant-namespace/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: Chart for setting up a tenants namespace with all the goodies name: tenant-namespace -version: 0.7.2 +version: 0.7.3 diff --git a/charts/charts/tenant-namespace/requirements.yaml b/charts/charts/tenant-namespace/requirements.yaml index c1ef4ca..73294f3 100644 --- a/charts/charts/tenant-namespace/requirements.yaml +++ b/charts/charts/tenant-namespace/requirements.yaml @@ -10,6 +10,6 @@ dependencies: repository: "https://kubernetes-charts.storage.googleapis.com" - name: nginx-ingress alias: ingress - version: "1.19.0" + version: "1.34.2" repository: "https://kubernetes-charts.storage.googleapis.com" condition: ingress.nginx.enabled diff --git a/charts/charts/tenant-namespace/values.yaml b/charts/charts/tenant-namespace/values.yaml index 497294e..fdfcd3c 100644 --- a/charts/charts/tenant-namespace/values.yaml +++ b/charts/charts/tenant-namespace/values.yaml @@ -71,6 +71,8 @@ ingress: nginx: enabled: true controller: + rbac: + scope: true ingressClass: public extraArgs: {} # default-ssl-certificate=default/default-tls From c3d3bdd3c2bf0220abd4f846e6e18e3208fa2e9f Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 30 Mar 2020 18:06:41 -0700 Subject: [PATCH 166/331] Initial checkin of tenant-namespace-operator --- .travis.yml | 5 + charts/charts/buildall | 2 +- .../tenant-namespace-operator/.helmignore | 22 ++ .../tenant-namespace-operator/Chart.yaml | 21 ++ .../tenant-namespace-operator/README.md | 61 ++++++ .../templates/_helpers.tpl | 63 ++++++ .../templates/clusterrole.yaml | 61 ++++++ .../templates/clusterrolebinding.yaml | 32 +++ .../templates/deployment.yaml | 81 +++++++ .../templates/flavor-clusterrole.yaml | 18 ++ .../templates/role.yaml | 81 +++++++ .../templates/rolebinding.yaml | 24 +++ .../templates/runner-clusterrole.yaml | 23 ++ .../templates/serviceaccount.yaml | 8 + .../tenant-namespace-operator/values.yaml | 55 +++++ .../tenant-namespace-operator/Dockerfile | 23 ++ containers/tenant-namespace-operator/LICENSE | 202 ++++++++++++++++++ containers/tenant-namespace-operator/buildenv | 2 + ...s.pnnl.gov_v1beta1_tenantnamespace_cr.yaml | 12 ++ ....gov_v1beta1_tenantnamespaceflavor_cr.yaml | 5 + .../roles/tenantnamespace/README.md | 38 ++++ .../roles/tenantnamespace/defaults/main.yml | 2 + .../roles/tenantnamespace/handlers/main.yml | 2 + .../roles/tenantnamespace/meta/main.yml | 60 ++++++ .../roles/tenantnamespace/tasks/main.yml | 88 ++++++++ .../roles/tenantnamespace/vars/main.yml | 2 + .../roles/tenantnamespacefin/README.md | 38 ++++ .../tenantnamespacefin/defaults/main.yml | 2 + .../tenantnamespacefin/handlers/main.yml | 2 + .../roles/tenantnamespacefin/meta/main.yml | 60 ++++++ .../roles/tenantnamespacefin/tasks/main.yml | 27 +++ .../roles/tenantnamespacefin/vars/main.yml | 2 + .../tenant-namespace-operator/watches.yaml | 9 + 33 files changed, 1132 insertions(+), 1 deletion(-) create mode 100644 charts/charts/tenant-namespace-operator/.helmignore create mode 100644 charts/charts/tenant-namespace-operator/Chart.yaml create mode 100644 charts/charts/tenant-namespace-operator/README.md create mode 100644 charts/charts/tenant-namespace-operator/templates/_helpers.tpl create mode 100644 charts/charts/tenant-namespace-operator/templates/clusterrole.yaml create mode 100644 charts/charts/tenant-namespace-operator/templates/clusterrolebinding.yaml create mode 100644 charts/charts/tenant-namespace-operator/templates/deployment.yaml create mode 100644 charts/charts/tenant-namespace-operator/templates/flavor-clusterrole.yaml create mode 100644 charts/charts/tenant-namespace-operator/templates/role.yaml create mode 100644 charts/charts/tenant-namespace-operator/templates/rolebinding.yaml create mode 100644 charts/charts/tenant-namespace-operator/templates/runner-clusterrole.yaml create mode 100644 charts/charts/tenant-namespace-operator/templates/serviceaccount.yaml create mode 100644 charts/charts/tenant-namespace-operator/values.yaml create mode 100644 containers/tenant-namespace-operator/Dockerfile create mode 100644 containers/tenant-namespace-operator/LICENSE create mode 100644 containers/tenant-namespace-operator/buildenv create mode 100644 containers/tenant-namespace-operator/examples/miscscripts.pnnl.gov_v1beta1_tenantnamespace_cr.yaml create mode 100644 containers/tenant-namespace-operator/examples/miscscripts.pnnl.gov_v1beta1_tenantnamespaceflavor_cr.yaml create mode 100644 containers/tenant-namespace-operator/roles/tenantnamespace/README.md create mode 100644 containers/tenant-namespace-operator/roles/tenantnamespace/defaults/main.yml create mode 100644 containers/tenant-namespace-operator/roles/tenantnamespace/handlers/main.yml create mode 100644 containers/tenant-namespace-operator/roles/tenantnamespace/meta/main.yml create mode 100644 containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml create mode 100644 containers/tenant-namespace-operator/roles/tenantnamespace/vars/main.yml create mode 100644 containers/tenant-namespace-operator/roles/tenantnamespacefin/README.md create mode 100644 containers/tenant-namespace-operator/roles/tenantnamespacefin/defaults/main.yml create mode 100644 containers/tenant-namespace-operator/roles/tenantnamespacefin/handlers/main.yml create mode 100644 containers/tenant-namespace-operator/roles/tenantnamespacefin/meta/main.yml create mode 100644 containers/tenant-namespace-operator/roles/tenantnamespacefin/tasks/main.yml create mode 100644 containers/tenant-namespace-operator/roles/tenantnamespacefin/vars/main.yml create mode 100644 containers/tenant-namespace-operator/watches.yaml diff --git a/.travis.yml b/.travis.yml index 1226fa2..df93b33 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,6 +5,11 @@ jobs: language: shell name: Build gitlab-runner-operator container script: ./containers/build gitlab-runner-operator + - stage: build + dist: xenial + language: shell + name: Build tenant-namespace-operator container + script: ./containers/build tenant-namespace-operator - stage: build dist: xenial language: shell diff --git a/charts/charts/buildall b/charts/charts/buildall index ed0ad2a..8888b5a 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -36,7 +36,7 @@ for ver in 1-14 1-15 1-16; do done CHANGE=0 -for CHART in nginx-app console chronyd dhcpd k8s-node-image tenant-namespace pixiecore pixiecore-simpleconfig gitlab-runner-operator; do +for CHART in nginx-app console chronyd dhcpd k8s-node-image tenant-namespace pixiecore pixiecore-simpleconfig gitlab-runner-operator tenant-namespace-operator; do RAWCHART=$CHART case "$CHART" in k8s-node-image) diff --git a/charts/charts/tenant-namespace-operator/.helmignore b/charts/charts/tenant-namespace-operator/.helmignore new file mode 100644 index 0000000..50af031 --- /dev/null +++ b/charts/charts/tenant-namespace-operator/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/charts/tenant-namespace-operator/Chart.yaml b/charts/charts/tenant-namespace-operator/Chart.yaml new file mode 100644 index 0000000..f545482 --- /dev/null +++ b/charts/charts/tenant-namespace-operator/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +name: tenant-namespace-operator +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +version: 0.1.2 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. +appVersion: 0.1.2-1 diff --git a/charts/charts/tenant-namespace-operator/README.md b/charts/charts/tenant-namespace-operator/README.md new file mode 100644 index 0000000..b6a2585 --- /dev/null +++ b/charts/charts/tenant-namespace-operator/README.md @@ -0,0 +1,61 @@ +# tenant-namespace-operator + +The tenant-namespace-operator chart launches an instance of the tenant-namespace-operator allowing you to quickly deploy tenant-namespaces in a Kubernetes native way. + + +## Install Chart + +Apply the CRD's if not already done so: +```bash +kubectl apply -f https://raw.githubusercontent.com/pnnl-miscscripts/miscscripts/master/containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespaceflavors_crd.yaml +kubectl apply -f https://raw.githubusercontent.com/pnnl-miscscripts/miscscripts/master/containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespace_crd.yaml +``` + +To install the Chart into your Kubernetes cluster (Helm 3 only) : + +```bash +kubectl create namespace tenant-namespace-operator +helm upgrade --install tenant-namespace-operator --namespace "tenant-namespace-operator" pnnl-miscscripts/tenant-namespace-operator +``` + +After installation succeeds, you can get a status of Chart + +```bash +helm status "tenant-namespace-operator" --namespace "tenant-namespace-operator" +``` + +If you want to delete your Chart, use this command: + +```bash +helm delete "tenant-namespace-operator" +``` + +### Usage +You can create a cluster wide tenantnamespace flavor like: +```yaml +apiVersion: miscscripts.pnnl.gov/v1beta1 +kind: TenantNamespaceFlavor +metadata: + name: example +spec: {} +``` + +To deploy a tenant namespace named example, you may do so like: +```yaml +apiVersion: miscscripts.pnnl.gov/v1beta1 +kind: TenantNamespace +metadata: + name: example +spec: + flavorRef: + name: example + kind: TenantNamespaceFlavor + group: miscscripts.pnnl.gov +``` + +When a flavorRef is specified, settings in the flavor are added to the TenantNamespace. The TenantNamespace config overrides the flavor config. + +The content of the spec in both TenantNamespaceFlavor and TenantNamespace are values as specified here: +``` +https://gitlab.com/gitlab-org/charts/tenant-namespace/blob/master/values.yaml +``` diff --git a/charts/charts/tenant-namespace-operator/templates/_helpers.tpl b/charts/charts/tenant-namespace-operator/templates/_helpers.tpl new file mode 100644 index 0000000..7028968 --- /dev/null +++ b/charts/charts/tenant-namespace-operator/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "tenant-namespace-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "tenant-namespace-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "tenant-namespace-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "tenant-namespace-operator.labels" -}} +helm.sh/chart: {{ include "tenant-namespace-operator.chart" . }} +{{ include "tenant-namespace-operator.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "tenant-namespace-operator.selectorLabels" -}} +app.kubernetes.io/name: {{ include "tenant-namespace-operator.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "tenant-namespace-operator.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "tenant-namespace-operator.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/charts/charts/tenant-namespace-operator/templates/clusterrole.yaml b/charts/charts/tenant-namespace-operator/templates/clusterrole.yaml new file mode 100644 index 0000000..b47b8f8 --- /dev/null +++ b/charts/charts/tenant-namespace-operator/templates/clusterrole.yaml @@ -0,0 +1,61 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "tenant-namespace-operator.fullname" . }}-fl + labels: +{{ include "tenant-namespace-operator.labels" . | nindent 4 }} +rules: +- apiGroups: + - miscscripts.pnnl.gov + resources: + - 'tenantnamespaceflavors' + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - 'namespaces' + - 'resourcequotas' + - 'limitranges' + verbs: + - "*" +- apiGroups: + - rbac.authorization.k8s.io + resources: + - 'rolebindings' + verbs: + - "*" +- apiGroups: + - rbac.authorization.k8s.io + resources: + - 'clusterroles' + - 'clusterrolebindings' + verbs: + - "*" +- apiGroups: + - networking.k8s.io/v1 + resources: + - networkpolicies + verbs: + - "*" +- apiGroups: + - rbac.authorization.k8s.io + resources: + - 'clusterroles' + - 'clusterrolebindings' + verbs: + - "*" +- apiGroups: + - extensions + resources: + - ingresses/status + verbs: + - update +- apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update diff --git a/charts/charts/tenant-namespace-operator/templates/clusterrolebinding.yaml b/charts/charts/tenant-namespace-operator/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..8d3e982 --- /dev/null +++ b/charts/charts/tenant-namespace-operator/templates/clusterrolebinding.yaml @@ -0,0 +1,32 @@ +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "tenant-namespace-operator.fullname" . }}-fl + labels: +{{ include "tenant-namespace-operator.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ include "tenant-namespace-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ include "tenant-namespace-operator.fullname" . }}-fl + apiGroup: rbac.authorization.k8s.io + +--- +#This is needed so that it can give out admin access to things it creates +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "tenant-namespace-operator.fullname" . }}-adm + labels: +{{ include "tenant-namespace-operator.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ include "tenant-namespace-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: admin + apiGroup: rbac.authorization.k8s.io diff --git a/charts/charts/tenant-namespace-operator/templates/deployment.yaml b/charts/charts/tenant-namespace-operator/templates/deployment.yaml new file mode 100644 index 0000000..222f584 --- /dev/null +++ b/charts/charts/tenant-namespace-operator/templates/deployment.yaml @@ -0,0 +1,81 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "tenant-namespace-operator.fullname" . }} + labels: + {{- include "tenant-namespace-operator.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "tenant-namespace-operator.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "tenant-namespace-operator.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "tenant-namespace-operator.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: ansible + command: + - /usr/local/bin/ao-logs + - /tmp/ansible-operator/runner + - stdout + image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + volumeMounts: + - mountPath: /tmp/ansible-operator/runner + name: runner + readOnly: true + - name: operator + image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + volumeMounts: + - mountPath: /tmp/ansible-operator/runner + name: runner + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + env: + - name: WATCH_NAMESPACE +{{- if eq .Values.mode "cluster" }} + value: "" +{{- else if eq .Values.mode "cluster" }} + valueFrom: + fieldRef: + fieldPath: metadata.namespace +{{- end }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: "tenant-namespace-operator" + - name: ANSIBLE_GATHERING + value: explicit + - name: SERVICE_ACCOUNT_NAME + value: {{ include "tenant-namespace-operator.serviceAccountName" . }} + - name: NAMESPACE + value: {{ .Release.Namespace }} + volumes: + - name: runner + emptyDir: {} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/charts/tenant-namespace-operator/templates/flavor-clusterrole.yaml b/charts/charts/tenant-namespace-operator/templates/flavor-clusterrole.yaml new file mode 100644 index 0000000..714b98e --- /dev/null +++ b/charts/charts/tenant-namespace-operator/templates/flavor-clusterrole.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tenantnamespaceflavors-edit +rules: +- apiGroups: + - miscscripts.pnnl.gov + resources: + - tenantnamespaceflavors + verbs: + - get + - list + - watch + - create + - update + - patch + - delete diff --git a/charts/charts/tenant-namespace-operator/templates/role.yaml b/charts/charts/tenant-namespace-operator/templates/role.yaml new file mode 100644 index 0000000..5ef96c5 --- /dev/null +++ b/charts/charts/tenant-namespace-operator/templates/role.yaml @@ -0,0 +1,81 @@ +apiVersion: rbac.authorization.k8s.io/v1 +{{- if eq .Values.mode "cluster" }} +kind: ClusterRole +{{- else if eq .Values.mode "cluster" }} +kind: Role +{{- end }} +metadata: + name: {{ include "tenant-namespace-operator.fullname" . }} + labels: +{{ include "tenant-namespace-operator.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - pods + - services + - services/finalizers + - endpoints + - events + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - deployments + - replicasets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - apps + resourceNames: + - tenant-namespace-operator + resources: + - deployments/finalizers + verbs: + - update +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - apps + resources: + - replicasets + - deployments + verbs: + - get +- apiGroups: + - miscscripts.pnnl.gov + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch diff --git a/charts/charts/tenant-namespace-operator/templates/rolebinding.yaml b/charts/charts/tenant-namespace-operator/templates/rolebinding.yaml new file mode 100644 index 0000000..7abfe2d --- /dev/null +++ b/charts/charts/tenant-namespace-operator/templates/rolebinding.yaml @@ -0,0 +1,24 @@ +apiVersion: rbac.authorization.k8s.io/v1 +{{- if eq .Values.mode "cluster" }} +kind: ClusterRoleBinding +{{- else if eq .Values.mode "cluster" }} +kind: RoleBinding +{{- end }} +metadata: + name: {{ include "tenant-namespace-operator.fullname" . }} + labels: +{{ include "tenant-namespace-operator.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ include "tenant-namespace-operator.serviceAccountName" . }} +{{- if eq .Values.mode "cluster" }} + namespace: {{ .Release.Namespace }} +{{- end }} +roleRef: +{{- if eq .Values.mode "cluster" }} + kind: ClusterRole +{{- else if eq .Values.mode "cluster" }} + kind: Role +{{- end}} + name: {{ include "tenant-namespace-operator.fullname" . }} + apiGroup: rbac.authorization.k8s.io diff --git a/charts/charts/tenant-namespace-operator/templates/runner-clusterrole.yaml b/charts/charts/tenant-namespace-operator/templates/runner-clusterrole.yaml new file mode 100644 index 0000000..761ad3e --- /dev/null +++ b/charts/charts/tenant-namespace-operator/templates/runner-clusterrole.yaml @@ -0,0 +1,23 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tenantnamespace-edit + labels: +{{- if .Values.rbac.aggregate }} + # Add these permissions to the "admin" and "edit" default roles. + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +{{- end }} +rules: +- apiGroups: + - miscscripts.pnnl.gov + resources: + - tenantnamespaces + verbs: + - get + - list + - watch + - create + - update + - patch + - delete diff --git a/charts/charts/tenant-namespace-operator/templates/serviceaccount.yaml b/charts/charts/tenant-namespace-operator/templates/serviceaccount.yaml new file mode 100644 index 0000000..b4785f6 --- /dev/null +++ b/charts/charts/tenant-namespace-operator/templates/serviceaccount.yaml @@ -0,0 +1,8 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "tenant-namespace-operator.serviceAccountName" . }} + labels: +{{ include "tenant-namespace-operator.labels" . | nindent 4 }} +{{- end -}} diff --git a/charts/charts/tenant-namespace-operator/values.yaml b/charts/charts/tenant-namespace-operator/values.yaml new file mode 100644 index 0000000..60408d9 --- /dev/null +++ b/charts/charts/tenant-namespace-operator/values.yaml @@ -0,0 +1,55 @@ +# Default values for tenant-namespace-operator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +mode: cluster # or namespaced. Note, only cluster is currently been tested. + +rbac: + # Allow admin/edit roles to create runners without extra bindings. + aggregate: false + +replicaCount: 1 + +image: + repository: pnnlmiscscripts/tenant-namespace-operator + pullPolicy: IfNotPresent + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/containers/tenant-namespace-operator/Dockerfile b/containers/tenant-namespace-operator/Dockerfile new file mode 100644 index 0000000..e1a32d2 --- /dev/null +++ b/containers/tenant-namespace-operator/Dockerfile @@ -0,0 +1,23 @@ +FROM quay.io/operator-framework/ansible-operator:v0.13.0 + +USER 0 + +COPY watches.yaml ${HOME}/watches.yaml +COPY roles/ ${HOME}/roles/ + +#FIXME forcing ingress newer to work on newer k8s clusters. Fix upstream chart. + +RUN \ + curl -o /helm.tar.gz https://get.helm.sh/helm-v3.1.2-linux-amd64.tar.gz && \ + tar -zxvf /helm.tar.gz && \ + mv /linux-amd64/helm /usr/bin/helm && \ + rm -f /helm.tar.gz && \ + helm repo add pnnl-miscscripts https://pnnl-miscscripts.github.io/charts && \ + helm pull pnnl-miscscripts/tenant-namespace --untar && \ + cd ${HOME} && \ + find roles/ -type f -exec md5sum {} \; > /.extrafingerprints && \ + echo 0.1.2 >> /.extrafingerprints && \ + md5sum watches.yaml >> /.extrafingerprints + +USER 1001 +ENTRYPOINT ["/usr/local/bin/entrypoint", "--inject-owner-ref=false"] diff --git a/containers/tenant-namespace-operator/LICENSE b/containers/tenant-namespace-operator/LICENSE new file mode 100644 index 0000000..d645695 --- /dev/null +++ b/containers/tenant-namespace-operator/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/containers/tenant-namespace-operator/buildenv b/containers/tenant-namespace-operator/buildenv new file mode 100644 index 0000000..92e5b73 --- /dev/null +++ b/containers/tenant-namespace-operator/buildenv @@ -0,0 +1,2 @@ +export PREFIX=0.1.2 +export NEW_BUILD=y diff --git a/containers/tenant-namespace-operator/examples/miscscripts.pnnl.gov_v1beta1_tenantnamespace_cr.yaml b/containers/tenant-namespace-operator/examples/miscscripts.pnnl.gov_v1beta1_tenantnamespace_cr.yaml new file mode 100644 index 0000000..6385134 --- /dev/null +++ b/containers/tenant-namespace-operator/examples/miscscripts.pnnl.gov_v1beta1_tenantnamespace_cr.yaml @@ -0,0 +1,12 @@ +apiVersion: miscscripts.pnnl.gov/v1beta1 +kind: TenantNamespace +metadata: + name: example +spec: + flavorRef: + name: example + kind: TenantNamespaceFlavor + group: miscscripts.pnnl.gov +# ingress: +# nginx: +# enabled: false diff --git a/containers/tenant-namespace-operator/examples/miscscripts.pnnl.gov_v1beta1_tenantnamespaceflavor_cr.yaml b/containers/tenant-namespace-operator/examples/miscscripts.pnnl.gov_v1beta1_tenantnamespaceflavor_cr.yaml new file mode 100644 index 0000000..5c345b0 --- /dev/null +++ b/containers/tenant-namespace-operator/examples/miscscripts.pnnl.gov_v1beta1_tenantnamespaceflavor_cr.yaml @@ -0,0 +1,5 @@ +apiVersion: miscscripts.pnnl.gov/v1beta1 +kind: TenantNamespaceFlavor +metadata: + name: example +spec: {} diff --git a/containers/tenant-namespace-operator/roles/tenantnamespace/README.md b/containers/tenant-namespace-operator/roles/tenantnamespace/README.md new file mode 100644 index 0000000..3ebede3 --- /dev/null +++ b/containers/tenant-namespace-operator/roles/tenantnamespace/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +Apache + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/containers/tenant-namespace-operator/roles/tenantnamespace/defaults/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespace/defaults/main.yml new file mode 100644 index 0000000..e3bc486 --- /dev/null +++ b/containers/tenant-namespace-operator/roles/tenantnamespace/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for tenantnamespace diff --git a/containers/tenant-namespace-operator/roles/tenantnamespace/handlers/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespace/handlers/main.yml new file mode 100644 index 0000000..b9adc54 --- /dev/null +++ b/containers/tenant-namespace-operator/roles/tenantnamespace/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for gitlabrunner diff --git a/containers/tenant-namespace-operator/roles/tenantnamespace/meta/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespace/meta/main.yml new file mode 100644 index 0000000..6d87e5b --- /dev/null +++ b/containers/tenant-namespace-operator/roles/tenantnamespace/meta/main.yml @@ -0,0 +1,60 @@ +galaxy_info: + author: your name + description: your description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Some suggested licenses: + # - BSD (default) + # - MIT + # - GPLv2 + # - GPLv3 + # - Apache + # - CC-BY + license: license (GPLv2, CC-BY, etc) + + min_ansible_version: 2.6 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # Optionally specify the branch Galaxy will use when accessing the GitHub + # repo for this role. During role install, if no tags are available, + # Galaxy will use this branch. During import Galaxy will access files on + # this branch. If Travis integration is configured, only notifications for this + # branch will be accepted. Otherwise, in all cases, the repo's default branch + # (usually master) will be used. + #github_branch: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. \ No newline at end of file diff --git a/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml new file mode 100644 index 0000000..2e948ae --- /dev/null +++ b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml @@ -0,0 +1,88 @@ +--- +# tasks file for tenantnamespace + +- name: Create the k8s admin namespace + k8s: + state: present + definition: + apiVersion: v1 + kind: Namespace + metadata: + name: "{{ meta.name }}-admin" + labels: + name: "{{ meta.name }}-admin" + +- tempfile: + state: file + suffix: .yaml + register: temp_filename + +- name: Block for file removal + block: + - name: Set initial defaults. They be overridden. + set_fact: + merged_values: + magicnamespace: + tiller: + enabled: false + no_log: True + - name: Load in Flavor values if referenced + block: + - name: Fetch referenced flavor + set_fact: + flavor: "{{ lookup('k8s', kind='TenantNamespaceFlavor', api_version='miscscripts.pnnl.gov/v1beta1', resource_name=_miscscripts_pnnl_gov_tenantnamespace_spec.flavorRef.name) }}" + no_log: True + - name: Merge in flavor values + set_fact: + merged_values: "{{ merged_values | combine(flavor.spec, recursive=True) }}" + no_log: True + when: + - _miscscripts_pnnl_gov_tenantnamespace_spec.flavorRef is defined + - _miscscripts_pnnl_gov_tenantnamespace_spec.flavorRef.kind == "TenantNamespaceFlavor" + - _miscscripts_pnnl_gov_tenantnamespace_spec.flavorRef.group == "miscscripts.pnnl.gov" + - name: Set value for forced settings + set_fact: + overrides: + namespace: "{{ meta.name }}" + magicnamespace: + namespace: "{{ meta.name }}" + ingress: + controller: + scope: + namespace: "{{ meta.name }}" + - name: Set values from CR + set_fact: + merged_values: "{{ merged_values | combine(_miscscripts_pnnl_gov_tenantnamespace_spec, recursive=True) }}" + no_log: True + - name: Force namespace settings. Can not be overridden. + set_fact: + merged_values: "{{ merged_values | combine(overrides, recursive=True) }}" + no_log: True + - name: Copy values to temp file + copy: + content: "{{ merged_values | to_yaml }}" + dest: "{{ temp_filename.path }}" + no_log: True + +#FIXME Consider making a service account specifically for this so it can't cross namespaces as far as it can today + - name: Run Helm + shell: "helm upgrade --install --namespace {{ meta.name }}-admin {{ meta.name }} /tenant-namespace/ -f {{ temp_filename.path }}" + register: objs + + always: + - name: Remove temp file + file: + path: "{{ temp_filename.path }}" + state: absent + +- name: Create the k8s user namespace + k8s: + state: present + definition: + apiVersion: v1 + kind: Namespace + metadata: + name: "{{ meta.name }}" + labels: + name: "{{ meta.name }}" + diff --git a/containers/tenant-namespace-operator/roles/tenantnamespace/vars/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespace/vars/main.yml new file mode 100644 index 0000000..b2e5b69 --- /dev/null +++ b/containers/tenant-namespace-operator/roles/tenantnamespace/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for tenantnamespace diff --git a/containers/tenant-namespace-operator/roles/tenantnamespacefin/README.md b/containers/tenant-namespace-operator/roles/tenantnamespacefin/README.md new file mode 100644 index 0000000..3ebede3 --- /dev/null +++ b/containers/tenant-namespace-operator/roles/tenantnamespacefin/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +Apache + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/containers/tenant-namespace-operator/roles/tenantnamespacefin/defaults/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespacefin/defaults/main.yml new file mode 100644 index 0000000..e3bc486 --- /dev/null +++ b/containers/tenant-namespace-operator/roles/tenantnamespacefin/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for tenantnamespace diff --git a/containers/tenant-namespace-operator/roles/tenantnamespacefin/handlers/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespacefin/handlers/main.yml new file mode 100644 index 0000000..b9adc54 --- /dev/null +++ b/containers/tenant-namespace-operator/roles/tenantnamespacefin/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for gitlabrunner diff --git a/containers/tenant-namespace-operator/roles/tenantnamespacefin/meta/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespacefin/meta/main.yml new file mode 100644 index 0000000..6d87e5b --- /dev/null +++ b/containers/tenant-namespace-operator/roles/tenantnamespacefin/meta/main.yml @@ -0,0 +1,60 @@ +galaxy_info: + author: your name + description: your description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Some suggested licenses: + # - BSD (default) + # - MIT + # - GPLv2 + # - GPLv3 + # - Apache + # - CC-BY + license: license (GPLv2, CC-BY, etc) + + min_ansible_version: 2.6 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # Optionally specify the branch Galaxy will use when accessing the GitHub + # repo for this role. During role install, if no tags are available, + # Galaxy will use this branch. During import Galaxy will access files on + # this branch. If Travis integration is configured, only notifications for this + # branch will be accepted. Otherwise, in all cases, the repo's default branch + # (usually master) will be used. + #github_branch: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. \ No newline at end of file diff --git a/containers/tenant-namespace-operator/roles/tenantnamespacefin/tasks/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespacefin/tasks/main.yml new file mode 100644 index 0000000..08c6bb7 --- /dev/null +++ b/containers/tenant-namespace-operator/roles/tenantnamespacefin/tasks/main.yml @@ -0,0 +1,27 @@ +--- +# tasks file for tenantnamespace + +#Check to see release exists. If it doesnt continue on. If it does, delete it. +- shell: "(! helm get values --namespace {{ meta.name }}-admin {{ meta.name }}) || helm delete --namespace {{ meta.name }}-admin {{ meta.name }}" + register: objs + no_log: True + +- name: Delete the k8s user namespace + k8s: + state: present + state: absent + definition: + apiVersion: v1 + kind: Namespace + metadata: + name: "{{ meta.name }}" + +- name: Delete the k8s admin namespace + k8s: + state: absent + definition: + apiVersion: v1 + kind: Namespace + metadata: + name: "{{ meta.name }}-admin" + diff --git a/containers/tenant-namespace-operator/roles/tenantnamespacefin/vars/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespacefin/vars/main.yml new file mode 100644 index 0000000..b2e5b69 --- /dev/null +++ b/containers/tenant-namespace-operator/roles/tenantnamespacefin/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for tenantnamespace diff --git a/containers/tenant-namespace-operator/watches.yaml b/containers/tenant-namespace-operator/watches.yaml new file mode 100644 index 0000000..ab4a6fa --- /dev/null +++ b/containers/tenant-namespace-operator/watches.yaml @@ -0,0 +1,9 @@ +--- +- version: v1beta1 + group: miscscripts.pnnl.gov + kind: TenantNamespace + role: /opt/ansible/roles/tenantnamespace + reconcilePeriod: 0 + finalizer: + name: finalizer.tenantnamespace.miscscripts.pnnl.gov + role: /opt/ansible/roles/tenantnamespacefin From dfc10c7fe891e3d061d4290dc39ce426b169d9cd Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 30 Mar 2020 18:12:32 -0700 Subject: [PATCH 167/331] Its no longer a new build. --- containers/tenant-namespace-operator/buildenv | 1 - 1 file changed, 1 deletion(-) diff --git a/containers/tenant-namespace-operator/buildenv b/containers/tenant-namespace-operator/buildenv index 92e5b73..397c88c 100644 --- a/containers/tenant-namespace-operator/buildenv +++ b/containers/tenant-namespace-operator/buildenv @@ -1,2 +1 @@ export PREFIX=0.1.2 -export NEW_BUILD=y From 8cdcbce357f3d4c29a4798faf9d25d8dae11f691 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Tue, 31 Mar 2020 09:04:24 -0700 Subject: [PATCH 168/331] Add missing crds --- ...s.pnnl.gov_tenantnamespaceflavors_crd.yaml | 22 +++++++++++++++++++ ...scripts.pnnl.gov_tenantnamespaces_crd.yaml | 22 +++++++++++++++++++ 2 files changed, 44 insertions(+) create mode 100644 containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespaceflavors_crd.yaml create mode 100644 containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespaces_crd.yaml diff --git a/containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespaceflavors_crd.yaml b/containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespaceflavors_crd.yaml new file mode 100644 index 0000000..775adf7 --- /dev/null +++ b/containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespaceflavors_crd.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: tenantnamespaceflavors.miscscripts.pnnl.gov +spec: + group: miscscripts.pnnl.gov + names: + kind: TenantNamespaceFlavor + listKind: TenantNamespaceFlavorList + plural: tenantnamespaceflavors + singular: tenantnamespaceflavor + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + versions: + - name: v1beta1 + served: true + storage: true diff --git a/containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespaces_crd.yaml b/containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespaces_crd.yaml new file mode 100644 index 0000000..63f7538 --- /dev/null +++ b/containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespaces_crd.yaml @@ -0,0 +1,22 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: tenantnamespaces.miscscripts.pnnl.gov +spec: + group: miscscripts.pnnl.gov + names: + kind: TenantNamespace + listKind: TenantNamespaceList + plural: tenantnamespaces + singular: tenantnamespace + scope: Cluster + subresources: + status: {} + validation: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true + versions: + - name: v1beta1 + served: true + storage: true From 04ed946044e2c9787f31e24ff1606d4921ac4c8f Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Tue, 31 Mar 2020 11:09:56 -0700 Subject: [PATCH 169/331] [tenant-namespace] Cleaned up values file Fixed location of rbac.scope for ingress Removed stats as it was removed in nginx-ingress chart v1.14.0 Fixed default extraQuota value --- charts/charts/tenant-namespace/values.yaml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/charts/charts/tenant-namespace/values.yaml b/charts/charts/tenant-namespace/values.yaml index fdfcd3c..e3c71c5 100644 --- a/charts/charts/tenant-namespace/values.yaml +++ b/charts/charts/tenant-namespace/values.yaml @@ -71,20 +71,18 @@ ingress: nginx: enabled: true controller: - rbac: - scope: true ingressClass: public extraArgs: {} # default-ssl-certificate=default/default-tls scope: enabled: true namespace: "" - stats: - enabled: true metrics: enabled: true publishService: enabled: true + rbac: + scope: true quota: pods: 10 @@ -94,7 +92,7 @@ quota: requests: cpu: 5 memory: 4Gi - extraQuota: + extraQuota: {} # requests.storage: 5Gi # persistentvolumeclaims: 5 # foobar.storageclass.storage.k8s.io/requests.storage: 5Gi From 663a443da22a0d4a055be95717b4d3e94defe70e Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 1 Apr 2020 10:49:45 -0700 Subject: [PATCH 170/331] Bump version for new chart. --- charts/charts/tenant-namespace/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/charts/tenant-namespace/Chart.yaml b/charts/charts/tenant-namespace/Chart.yaml index a86ffd0..b3d8c52 100644 --- a/charts/charts/tenant-namespace/Chart.yaml +++ b/charts/charts/tenant-namespace/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: Chart for setting up a tenants namespace with all the goodies name: tenant-namespace -version: 0.7.3 +version: 0.7.4 From 5cd9da7292cfd2666610ccb4d43bbeaf0a766b5a Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 1 Apr 2020 11:32:23 -0700 Subject: [PATCH 171/331] Release new tenant-namespace-operator --- charts/charts/tenant-namespace-operator/Chart.yaml | 4 ++-- containers/tenant-namespace-operator/Dockerfile | 2 +- containers/tenant-namespace-operator/buildenv | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/charts/tenant-namespace-operator/Chart.yaml b/charts/charts/tenant-namespace-operator/Chart.yaml index f545482..f2c2b12 100644 --- a/charts/charts/tenant-namespace-operator/Chart.yaml +++ b/charts/charts/tenant-namespace-operator/Chart.yaml @@ -14,8 +14,8 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.1.2 +version: 0.1.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: 0.1.2-1 +appVersion: 0.1.3-1 diff --git a/containers/tenant-namespace-operator/Dockerfile b/containers/tenant-namespace-operator/Dockerfile index e1a32d2..d9450d9 100644 --- a/containers/tenant-namespace-operator/Dockerfile +++ b/containers/tenant-namespace-operator/Dockerfile @@ -16,7 +16,7 @@ RUN \ helm pull pnnl-miscscripts/tenant-namespace --untar && \ cd ${HOME} && \ find roles/ -type f -exec md5sum {} \; > /.extrafingerprints && \ - echo 0.1.2 >> /.extrafingerprints && \ + echo 0.1.3 >> /.extrafingerprints && \ md5sum watches.yaml >> /.extrafingerprints USER 1001 diff --git a/containers/tenant-namespace-operator/buildenv b/containers/tenant-namespace-operator/buildenv index 397c88c..295463b 100644 --- a/containers/tenant-namespace-operator/buildenv +++ b/containers/tenant-namespace-operator/buildenv @@ -1 +1 @@ -export PREFIX=0.1.2 +export PREFIX=0.1.3 From 19e0df834f0c794b89090ec4c0df6aff68dbfaf7 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 1 Apr 2020 12:47:33 -0700 Subject: [PATCH 172/331] Fix install notes. Fix image tag and bump version. --- charts/charts/buildall | 2 +- charts/charts/tenant-namespace-operator/Chart.yaml | 2 +- charts/charts/tenant-namespace-operator/README.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/charts/buildall b/charts/charts/buildall index 8888b5a..74455b6 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -87,7 +87,7 @@ for CHART in nginx-app console chronyd dhcpd k8s-node-image tenant-namespace pix echo New version: $NEWVERSION sed -i "s/^version: .*/version: $NEWVERSION/" ../../$CHART/Chart.yaml if [ "$SUBBUILD" == "latest" ]; then - if [ "$CHART" != "gitlab-runner-operator" ]; then + if [ "$CHART" != "gitlab-runner-operator" -a "$CHART" != "tenant-namespace-operator" ]; then sed -i "s/^appVersion: .*/appVersion: $NEWVERSION/" ../../$CHART/Chart.yaml fi fi diff --git a/charts/charts/tenant-namespace-operator/Chart.yaml b/charts/charts/tenant-namespace-operator/Chart.yaml index f2c2b12..ba63330 100644 --- a/charts/charts/tenant-namespace-operator/Chart.yaml +++ b/charts/charts/tenant-namespace-operator/Chart.yaml @@ -14,7 +14,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.1.3 +version: 0.1.4 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. diff --git a/charts/charts/tenant-namespace-operator/README.md b/charts/charts/tenant-namespace-operator/README.md index b6a2585..a828917 100644 --- a/charts/charts/tenant-namespace-operator/README.md +++ b/charts/charts/tenant-namespace-operator/README.md @@ -8,7 +8,7 @@ The tenant-namespace-operator chart launches an instance of the tenant-namespace Apply the CRD's if not already done so: ```bash kubectl apply -f https://raw.githubusercontent.com/pnnl-miscscripts/miscscripts/master/containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespaceflavors_crd.yaml -kubectl apply -f https://raw.githubusercontent.com/pnnl-miscscripts/miscscripts/master/containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespace_crd.yaml +kubectl apply -f https://raw.githubusercontent.com/pnnl-miscscripts/miscscripts/master/containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespaces_crd.yaml ``` To install the Chart into your Kubernetes cluster (Helm 3 only) : From e989d0e568094751a113e815f863b1e1735b63e3 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 1 Apr 2020 14:10:51 -0700 Subject: [PATCH 173/331] Remove extra state in the finalizer. Add servicemonitor permissions. Bump packaging numbers. --- charts/charts/tenant-namespace-operator/Chart.yaml | 4 ++-- charts/charts/tenant-namespace-operator/templates/role.yaml | 5 +++++ containers/tenant-namespace-operator/Dockerfile | 2 +- containers/tenant-namespace-operator/buildenv | 2 +- .../roles/tenantnamespacefin/tasks/main.yml | 1 - 5 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/charts/tenant-namespace-operator/Chart.yaml b/charts/charts/tenant-namespace-operator/Chart.yaml index ba63330..6b968be 100644 --- a/charts/charts/tenant-namespace-operator/Chart.yaml +++ b/charts/charts/tenant-namespace-operator/Chart.yaml @@ -14,8 +14,8 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.1.4 +version: 0.1.5 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: 0.1.3-1 +appVersion: 0.1.4-1 diff --git a/charts/charts/tenant-namespace-operator/templates/role.yaml b/charts/charts/tenant-namespace-operator/templates/role.yaml index 5ef96c5..47e680c 100644 --- a/charts/charts/tenant-namespace-operator/templates/role.yaml +++ b/charts/charts/tenant-namespace-operator/templates/role.yaml @@ -46,6 +46,11 @@ rules: verbs: - get - create + - list + - delete + - patch + - update + - watch - apiGroups: - apps resourceNames: diff --git a/containers/tenant-namespace-operator/Dockerfile b/containers/tenant-namespace-operator/Dockerfile index d9450d9..a25fdef 100644 --- a/containers/tenant-namespace-operator/Dockerfile +++ b/containers/tenant-namespace-operator/Dockerfile @@ -16,7 +16,7 @@ RUN \ helm pull pnnl-miscscripts/tenant-namespace --untar && \ cd ${HOME} && \ find roles/ -type f -exec md5sum {} \; > /.extrafingerprints && \ - echo 0.1.3 >> /.extrafingerprints && \ + echo 0.1.4 >> /.extrafingerprints && \ md5sum watches.yaml >> /.extrafingerprints USER 1001 diff --git a/containers/tenant-namespace-operator/buildenv b/containers/tenant-namespace-operator/buildenv index 295463b..6bc1fdd 100644 --- a/containers/tenant-namespace-operator/buildenv +++ b/containers/tenant-namespace-operator/buildenv @@ -1 +1 @@ -export PREFIX=0.1.3 +export PREFIX=0.1.4 diff --git a/containers/tenant-namespace-operator/roles/tenantnamespacefin/tasks/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespacefin/tasks/main.yml index 08c6bb7..2f6e18f 100644 --- a/containers/tenant-namespace-operator/roles/tenantnamespacefin/tasks/main.yml +++ b/containers/tenant-namespace-operator/roles/tenantnamespacefin/tasks/main.yml @@ -8,7 +8,6 @@ - name: Delete the k8s user namespace k8s: - state: present state: absent definition: apiVersion: v1 From 8fb29aa6d7ff2c3891acf44a8f7b06f7eb231201 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 1 Apr 2020 16:56:31 -0700 Subject: [PATCH 174/331] Update to operator sdk 0.16. Add back in reconsile loop to fix k8s < 1.17 issue. Helm upgrade only on changes. --- .../charts/tenant-namespace-operator/Chart.yaml | 4 ++-- .../templates/deployment.yaml | 15 ++------------- containers/tenant-namespace-operator/Dockerfile | 11 +++++++++-- containers/tenant-namespace-operator/buildenv | 2 +- .../roles/tenantnamespace/tasks/main.yml | 8 ++++++++ containers/tenant-namespace-operator/watches.yaml | 2 +- 6 files changed, 23 insertions(+), 19 deletions(-) diff --git a/charts/charts/tenant-namespace-operator/Chart.yaml b/charts/charts/tenant-namespace-operator/Chart.yaml index 6b968be..e062c13 100644 --- a/charts/charts/tenant-namespace-operator/Chart.yaml +++ b/charts/charts/tenant-namespace-operator/Chart.yaml @@ -14,8 +14,8 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.1.5 +version: 0.1.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: 0.1.4-1 +appVersion: 0.1.5-1 diff --git a/charts/charts/tenant-namespace-operator/templates/deployment.yaml b/charts/charts/tenant-namespace-operator/templates/deployment.yaml index 222f584..dbb04dc 100644 --- a/charts/charts/tenant-namespace-operator/templates/deployment.yaml +++ b/charts/charts/tenant-namespace-operator/templates/deployment.yaml @@ -22,18 +22,7 @@ spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - - name: ansible - command: - - /usr/local/bin/ao-logs - - /tmp/ansible-operator/runner - - stdout - image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - volumeMounts: - - mountPath: /tmp/ansible-operator/runner - name: runner - readOnly: true - - name: operator + - name: {{ include "tenant-namespace-operator.fullname" . }} image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} volumeMounts: @@ -47,7 +36,7 @@ spec: - name: WATCH_NAMESPACE {{- if eq .Values.mode "cluster" }} value: "" -{{- else if eq .Values.mode "cluster" }} +{{- else if ne .Values.mode "cluster" }} valueFrom: fieldRef: fieldPath: metadata.namespace diff --git a/containers/tenant-namespace-operator/Dockerfile b/containers/tenant-namespace-operator/Dockerfile index a25fdef..2c80dd4 100644 --- a/containers/tenant-namespace-operator/Dockerfile +++ b/containers/tenant-namespace-operator/Dockerfile @@ -1,22 +1,29 @@ -FROM quay.io/operator-framework/ansible-operator:v0.13.0 +FROM quay.io/operator-framework/ansible-operator:v0.16.0 USER 0 COPY watches.yaml ${HOME}/watches.yaml +COPY requirements.yml ${HOME}/requirements.yml COPY roles/ ${HOME}/roles/ #FIXME forcing ingress newer to work on newer k8s clusters. Fix upstream chart. RUN \ + yum clean all && \ + yum install -y git && \ + yum clean all && \ curl -o /helm.tar.gz https://get.helm.sh/helm-v3.1.2-linux-amd64.tar.gz && \ tar -zxvf /helm.tar.gz && \ mv /linux-amd64/helm /usr/bin/helm && \ rm -f /helm.tar.gz && \ + ansible-galaxy collection install -r ${HOME}/requirements.yml && \ + chmod -R ug+rwx ${HOME}/.ansible && \ + helm plugin install https://github.com/databus23/helm-diff --version master && \ helm repo add pnnl-miscscripts https://pnnl-miscscripts.github.io/charts && \ helm pull pnnl-miscscripts/tenant-namespace --untar && \ cd ${HOME} && \ find roles/ -type f -exec md5sum {} \; > /.extrafingerprints && \ - echo 0.1.4 >> /.extrafingerprints && \ + echo 0.1.5 >> /.extrafingerprints && \ md5sum watches.yaml >> /.extrafingerprints USER 1001 diff --git a/containers/tenant-namespace-operator/buildenv b/containers/tenant-namespace-operator/buildenv index 6bc1fdd..cdb41e6 100644 --- a/containers/tenant-namespace-operator/buildenv +++ b/containers/tenant-namespace-operator/buildenv @@ -1 +1 @@ -export PREFIX=0.1.4 +export PREFIX=0.1.5 diff --git a/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml index 2e948ae..0335644 100644 --- a/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml +++ b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml @@ -65,9 +65,17 @@ no_log: True #FIXME Consider making a service account specifically for this so it can't cross namespaces as far as it can today + - name: Check for differeneces + shell: "helm diff upgrade --detailed-exitcode --namespace {{ meta.name }}-admin {{ meta.name }} /tenant-namespace/ -f {{ temp_filename.path }}" + register: differ + ignore_errors: yes + no_log: True + - name: Run Helm shell: "helm upgrade --install --namespace {{ meta.name }}-admin {{ meta.name }} /tenant-namespace/ -f {{ temp_filename.path }}" register: objs + when: + - differ.rc != 0 always: - name: Remove temp file diff --git a/containers/tenant-namespace-operator/watches.yaml b/containers/tenant-namespace-operator/watches.yaml index ab4a6fa..88b92fc 100644 --- a/containers/tenant-namespace-operator/watches.yaml +++ b/containers/tenant-namespace-operator/watches.yaml @@ -3,7 +3,7 @@ group: miscscripts.pnnl.gov kind: TenantNamespace role: /opt/ansible/roles/tenantnamespace - reconcilePeriod: 0 + reconcilePeriod: "60s" finalizer: name: finalizer.tenantnamespace.miscscripts.pnnl.gov role: /opt/ansible/roles/tenantnamespacefin From 00403262a498169b0d8001eca009dd54f4259f52 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 2 Apr 2020 08:19:56 -0700 Subject: [PATCH 175/331] Add missing file --- containers/tenant-namespace-operator/requirements.yml | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 containers/tenant-namespace-operator/requirements.yml diff --git a/containers/tenant-namespace-operator/requirements.yml b/containers/tenant-namespace-operator/requirements.yml new file mode 100644 index 0000000..d2af8e2 --- /dev/null +++ b/containers/tenant-namespace-operator/requirements.yml @@ -0,0 +1,3 @@ +collections: + - community.kubernetes + - operator_sdk.util From 4e246fa4523ed2c1ffd239fc7976a0bc25449a3c Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 8 Apr 2020 16:07:37 -0700 Subject: [PATCH 176/331] Upload initial kubeupdater script --- charts/charts/kubeupdater/.helmignore | 21 ++++ charts/charts/kubeupdater/Chart.yaml | 5 + charts/charts/kubeupdater/bin/kubeupdater | 112 ++++++++++++++++++ .../charts/kubeupdater/templates/_helpers.tpl | 32 +++++ .../kubeupdater/templates/bin-configmap.yaml | 12 ++ .../kubeupdater/templates/daemonset.yaml | 71 +++++++++++ .../templates/kubeupdater-configmap.yaml | 22 ++++ .../templates/kubeupdater-role.yaml | 20 ++++ .../templates/kubeupdater-rolebinding.yaml | 18 +++ charts/charts/kubeupdater/templates/role.yaml | 19 +++ .../kubeupdater/templates/serviceaccount.yaml | 11 ++ charts/charts/kubeupdater/values.yaml | 33 ++++++ 12 files changed, 376 insertions(+) create mode 100644 charts/charts/kubeupdater/.helmignore create mode 100644 charts/charts/kubeupdater/Chart.yaml create mode 100755 charts/charts/kubeupdater/bin/kubeupdater create mode 100644 charts/charts/kubeupdater/templates/_helpers.tpl create mode 100644 charts/charts/kubeupdater/templates/bin-configmap.yaml create mode 100644 charts/charts/kubeupdater/templates/daemonset.yaml create mode 100644 charts/charts/kubeupdater/templates/kubeupdater-configmap.yaml create mode 100644 charts/charts/kubeupdater/templates/kubeupdater-role.yaml create mode 100644 charts/charts/kubeupdater/templates/kubeupdater-rolebinding.yaml create mode 100644 charts/charts/kubeupdater/templates/role.yaml create mode 100644 charts/charts/kubeupdater/templates/serviceaccount.yaml create mode 100644 charts/charts/kubeupdater/values.yaml diff --git a/charts/charts/kubeupdater/.helmignore b/charts/charts/kubeupdater/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/charts/charts/kubeupdater/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/charts/kubeupdater/Chart.yaml b/charts/charts/kubeupdater/Chart.yaml new file mode 100644 index 0000000..6170b98 --- /dev/null +++ b/charts/charts/kubeupdater/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for Kubernetes +name: kubeupdater +version: 0.1.0 diff --git a/charts/charts/kubeupdater/bin/kubeupdater b/charts/charts/kubeupdater/bin/kubeupdater new file mode 100755 index 0000000..4b390ee --- /dev/null +++ b/charts/charts/kubeupdater/bin/kubeupdater @@ -0,0 +1,112 @@ +#!/bin/bash + +flag=$1 + +HOSTNAME=$(hostname) +export KUBECONFIG=/etc/kubernetes/kubelet.conf + +[ -f /etc/sysconfig/kubeupdater ] && . /etc/sysconfig/kubeupdater + +if [ "x$flag" == "x-b" ]; then + kubectl label node $HOSTNAME miscscripts.pnnl.gov/upgrade- +fi + +if [ "x$flag" == "x-u" ]; then + while true; do + UPGRADE=0 + while read upgrade; do + if [ "x$upgrade" == "xtrue" ]; then + UPGRADE=1 + break + fi + done < <(kubectl get nodes $HOSTNAME -ogo-template='{{printf "%s\n" (index .metadata.labels "miscscripts.pnnl.gov/upgrade")}}' --watch) + if [ $UPGRADE -eq 1 ]; then + UPGRADE=0 + echo "Doing upgrade" + systemctl stop kubeupdater-checker + systemctl stop kubelet + yum install kubeadm -y + kubeadm upgrade node + yum upgrade -y + kubectl label node $HOSTNAME miscscripts.pnnl.gov/upgrade-needed- + echo "Done upgrading" + reboot + fi + done + sleep 1 +fi + +if [ "x$flag" == "x-c" ]; then + while true; do + while read line; do + while true; do + kubectl get configmap -n kube-system kubeupdater -o go-template='{{index .data "everything.repo"}}' > /etc/yum.repos.d/everything.repo.new + mv /etc/yum.repos.d/everything.repo.new /etc/yum.repos.d/everything.repo + echo Upgrade checking + yum check-update -y + res=$? + [ $res -eq 0 ] && break + if [ $res -eq 100 ]; then + echo Upgrade found. Informing the orchestrator. + kubectl label node $HOSTNAME miscscripts.pnnl.gov/upgrade-needed=true + break + fi + echo Failed to upgrade check. Retrying in 10 seconds. + sleep 10 + done + done < <(kubectl get configmap -n kube-system kubeupdater --watch -ogo-template='{{printf "\n"}}') + sleep 1 + done +fi + +if [ "x$flag" == "x-i" ]; then + cat > /etc/systemd/system/kubeupdater-checker.service < /etc/systemd/system/kubeupdater-updater.service < /etc/systemd/system/kubeupdater-boot.service < /host/usr/bin/kubeupdater + chmod +x /host/usr/bin/kubeupdater + nsenter -m/proc/1/ns/mnt -- /usr/bin/kubeupdater -i + while true; do sleep 10000; done + name: main + securityContext: + privileged: true + runAsUser: 0 + volumeMounts: + - mountPath: /host + name: host + - mountPath: /config + name: config + serviceAccount: {{ template "kubeupdater.fullname" . }} + hostNetwork: true + hostPID: true + hostIPC: true + volumes: + - hostPath: + path: / + mountPropagation: Bidirectional + name: host + - configMap: + name: {{ template "kubeupdater.fullname" . }} + name: config + resources: +{{ toYaml .Values.resources | indent 8 }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} diff --git a/charts/charts/kubeupdater/templates/kubeupdater-configmap.yaml b/charts/charts/kubeupdater/templates/kubeupdater-configmap.yaml new file mode 100644 index 0000000..3033da7 --- /dev/null +++ b/charts/charts/kubeupdater/templates/kubeupdater-configmap.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: kubeupdater + namespace: kube-system + labels: + app: {{ template "kubeupdater.name" . }} + chart: {{ template "kubeupdater.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + everything.repo: | + [everything] + name=everything + enabled=1 + baseurl={{ .Values.base }}{{ .Values.version }} + gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 + {{ .Values.base }}{{ .Values.version }}/repodata/RPM-GPG-KEY-PNNL-RPMS + {{ .Values.base }}{{ .Values.version }}/repodata/RPM-GPG-KEY-PNNL-REPO + gpgcheck = 1 + repo_gpgcheck = 1 + keepcache = 0 diff --git a/charts/charts/kubeupdater/templates/kubeupdater-role.yaml b/charts/charts/kubeupdater/templates/kubeupdater-role.yaml new file mode 100644 index 0000000..a35ee8e --- /dev/null +++ b/charts/charts/kubeupdater/templates/kubeupdater-role.yaml @@ -0,0 +1,20 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: kubeupdater-node + namespace: kube-system + labels: + app: {{ template "kubeupdater.name" . }} + chart: {{ template "kubeupdater.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +- apiGroups: + - "" + resources: + - configmaps + resourceNames: + - kubeupdater + verbs: + - get + - watch diff --git a/charts/charts/kubeupdater/templates/kubeupdater-rolebinding.yaml b/charts/charts/kubeupdater/templates/kubeupdater-rolebinding.yaml new file mode 100644 index 0000000..1daf640 --- /dev/null +++ b/charts/charts/kubeupdater/templates/kubeupdater-rolebinding.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kubeupdater-node + namespace: kube-system + labels: + app: {{ template "kubeupdater.name" . }} + chart: {{ template "kubeupdater.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: kubeupdater-node +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: system:nodes diff --git a/charts/charts/kubeupdater/templates/role.yaml b/charts/charts/kubeupdater/templates/role.yaml new file mode 100644 index 0000000..d7994d9 --- /dev/null +++ b/charts/charts/kubeupdater/templates/role.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kubeupdater.fullname" . }} + labels: + app: {{ template "kubeupdater.name" . }} + chart: {{ template "kubeupdater.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: unrestricted-psp +subjects: +- kind: ServiceAccount + name: {{ template "kubeupdater.fullname" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} diff --git a/charts/charts/kubeupdater/templates/serviceaccount.yaml b/charts/charts/kubeupdater/templates/serviceaccount.yaml new file mode 100644 index 0000000..d526ff8 --- /dev/null +++ b/charts/charts/kubeupdater/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if .Values.rbac.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: {{ template "kubeupdater.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + name: {{ template "kubeupdater.fullname" . }} +{{- end -}} diff --git a/charts/charts/kubeupdater/values.yaml b/charts/charts/kubeupdater/values.yaml new file mode 100644 index 0000000..e8e87af --- /dev/null +++ b/charts/charts/kubeupdater/values.yaml @@ -0,0 +1,33 @@ +# Default values for kubeupdater. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + + +base: https://changeme/ +version: 1.16.8-nginx-2 + +image: + repository: alpine + tag: 3.11 + pullPolicy: IfNotPresent + +rbac: + create: true + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} From 2bdf5b7af4d5d1eea79fbeab2630b31281dc5ff3 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 13 Apr 2020 08:39:11 -0700 Subject: [PATCH 177/331] Fix resources in chronyd Resources section was in the wrong place in the Chronyd chart. Signed-off-by: Kevin Fox --- charts/charts/chronyd/Chart.yaml | 2 +- charts/charts/chronyd/README.md | 3 ++- charts/charts/chronyd/templates/daemonset.yaml | 4 ++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/charts/charts/chronyd/Chart.yaml b/charts/charts/chronyd/Chart.yaml index 6978a0d..e4abb7f 100644 --- a/charts/charts/chronyd/Chart.yaml +++ b/charts/charts/chronyd/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: Chronyd for Kubernetes name: chronyd -version: 0.4.0 +version: 0.4.1 diff --git a/charts/charts/chronyd/README.md b/charts/charts/chronyd/README.md index 1c05369..3bc1d86 100644 --- a/charts/charts/chronyd/README.md +++ b/charts/charts/chronyd/README.md @@ -8,7 +8,8 @@ The chronyd chart launches chronyd on each node of the cluster. To install the Chart into your Kubernetes cluster : ```bash -helm install --namespace "chronyd" --name "chronyd" pnnl-miscscripts/chronyd -f chronyd-values.yaml +kubectl create namespace chronyd +helm upgrade --install --namespace "chronyd" chronyd pnnl-miscscripts/chronyd -f chronyd-values.yaml ``` After installation succeeds, you can get a status of Chart diff --git a/charts/charts/chronyd/templates/daemonset.yaml b/charts/charts/chronyd/templates/daemonset.yaml index 95059cb..8ab7987 100644 --- a/charts/charts/chronyd/templates/daemonset.yaml +++ b/charts/charts/chronyd/templates/daemonset.yaml @@ -35,6 +35,8 @@ spec: /usr/sbin/chronyd -n securityContext: privileged: true + resources: +{{ toYaml .Values.resources | indent 10 }} volumeMounts: - mountPath: /var/lib/cronyd name: state @@ -54,8 +56,6 @@ spec: - hostPath: path: /var/lib/chrony name: state - resources: -{{ toYaml .Values.resources | indent 8 }} {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} From b9fe61338c70b2cb3ae9a1d1bd08ab8ad8fb4c00 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 16 Apr 2020 09:01:45 -0700 Subject: [PATCH 178/331] Bump containerd to 1.3.4 --- containers/rpms-containerd/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/rpms-containerd/Dockerfile b/containers/rpms-containerd/Dockerfile index 7d2c0aa..afc86b6 100644 --- a/containers/rpms-containerd/Dockerfile +++ b/containers/rpms-containerd/Dockerfile @@ -2,7 +2,7 @@ FROM centos:centos7 MAINTAINER Kevin Fox -ENV VERSION=1.3.3 +ENV VERSION=1.3.4 ADD containerd.spec /root/rpmbuild/SOURCES/containerd.spec ADD rpm.pub /root/rpm.pub From 680998a6b1a58b30c48ad0c0f6417908bfed5270 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 29 Apr 2020 16:51:24 -0700 Subject: [PATCH 179/331] Add operatorgroup permissions to the tenant-namespace-operator --- charts/charts/tenant-namespace-operator/Chart.yaml | 2 +- .../tenant-namespace-operator/templates/clusterrole.yaml | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/charts/charts/tenant-namespace-operator/Chart.yaml b/charts/charts/tenant-namespace-operator/Chart.yaml index e062c13..e901de9 100644 --- a/charts/charts/tenant-namespace-operator/Chart.yaml +++ b/charts/charts/tenant-namespace-operator/Chart.yaml @@ -14,7 +14,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.1.6 +version: 0.1.7 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. diff --git a/charts/charts/tenant-namespace-operator/templates/clusterrole.yaml b/charts/charts/tenant-namespace-operator/templates/clusterrole.yaml index b47b8f8..8db5692 100644 --- a/charts/charts/tenant-namespace-operator/templates/clusterrole.yaml +++ b/charts/charts/tenant-namespace-operator/templates/clusterrole.yaml @@ -59,3 +59,10 @@ rules: - ingresses/status verbs: - update +- apiGroups: + - operators.coreos.com + resources: + - operatorgroups + - subscriptions + verbs: + - "*" From fcedd9124f6b318ebf3874b1335c81abdca691cf Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Mon, 11 May 2020 16:30:41 -0700 Subject: [PATCH 180/331] Switched to helm module in k8s ansible collection Updated to latest community.kubernetes collection Switched to relative paths for watches.yaml for easier development Added symlink for build/Dockerfile for operator-sdk run --local Added collection references to role meta Removed helm-diff plugin since helm module checks values and version for changes Removed temp file in role as helm module accepts python dict Switched to snake case reference to flavor Added label for namespace type --- .../tenant-namespace-operator/Dockerfile | 31 +++-- .../build/Dockerfile | 1 + .../requirements.yml | 5 +- .../roles/tenantnamespace/meta/main.yml | 7 +- .../roles/tenantnamespace/tasks/main.yml | 111 ++++++++---------- .../roles/tenantnamespacefin/meta/main.yml | 7 +- .../roles/tenantnamespacefin/tasks/main.yml | 7 +- .../tenant-namespace-operator/watches.yaml | 4 +- 8 files changed, 82 insertions(+), 91 deletions(-) create mode 120000 containers/tenant-namespace-operator/build/Dockerfile diff --git a/containers/tenant-namespace-operator/Dockerfile b/containers/tenant-namespace-operator/Dockerfile index 2c80dd4..141fa0b 100644 --- a/containers/tenant-namespace-operator/Dockerfile +++ b/containers/tenant-namespace-operator/Dockerfile @@ -1,30 +1,29 @@ -FROM quay.io/operator-framework/ansible-operator:v0.16.0 +FROM quay.io/operator-framework/ansible-operator:v0.17.0 +ARG helm_version=v3.2.0 USER 0 +RUN \ + curl -o helm.tar.gz https://get.helm.sh/helm-${helm_version}-linux-amd64.tar.gz && \ + tar -zxvf helm.tar.gz && \ + mv linux-amd64/helm /usr/local/bin/helm && \ + rm -f helm.tar.gz && \ + rm -rf linux-amd64 && \ + touch /.extrafingerprints && \ + chown ${USER_UID}:0 /.extrafingerprints + +USER 1001 +WORKDIR ${HOME} -COPY watches.yaml ${HOME}/watches.yaml -COPY requirements.yml ${HOME}/requirements.yml +COPY watches.yaml requirements.yml ${HOME}/ COPY roles/ ${HOME}/roles/ #FIXME forcing ingress newer to work on newer k8s clusters. Fix upstream chart. - RUN \ - yum clean all && \ - yum install -y git && \ - yum clean all && \ - curl -o /helm.tar.gz https://get.helm.sh/helm-v3.1.2-linux-amd64.tar.gz && \ - tar -zxvf /helm.tar.gz && \ - mv /linux-amd64/helm /usr/bin/helm && \ - rm -f /helm.tar.gz && \ ansible-galaxy collection install -r ${HOME}/requirements.yml && \ chmod -R ug+rwx ${HOME}/.ansible && \ - helm plugin install https://github.com/databus23/helm-diff --version master && \ - helm repo add pnnl-miscscripts https://pnnl-miscscripts.github.io/charts && \ - helm pull pnnl-miscscripts/tenant-namespace --untar && \ - cd ${HOME} && \ + helm pull --repo https://pnnl-miscscripts.github.io/charts tenant-namespace --untar && \ find roles/ -type f -exec md5sum {} \; > /.extrafingerprints && \ echo 0.1.5 >> /.extrafingerprints && \ md5sum watches.yaml >> /.extrafingerprints -USER 1001 ENTRYPOINT ["/usr/local/bin/entrypoint", "--inject-owner-ref=false"] diff --git a/containers/tenant-namespace-operator/build/Dockerfile b/containers/tenant-namespace-operator/build/Dockerfile new file mode 120000 index 0000000..395595c --- /dev/null +++ b/containers/tenant-namespace-operator/build/Dockerfile @@ -0,0 +1 @@ +../Dockerfile \ No newline at end of file diff --git a/containers/tenant-namespace-operator/requirements.yml b/containers/tenant-namespace-operator/requirements.yml index d2af8e2..3776065 100644 --- a/containers/tenant-namespace-operator/requirements.yml +++ b/containers/tenant-namespace-operator/requirements.yml @@ -1,3 +1,4 @@ collections: - - community.kubernetes - - operator_sdk.util + - name: community.kubernetes + version: ">=0.11.0" + - name: operator_sdk.util diff --git a/containers/tenant-namespace-operator/roles/tenantnamespace/meta/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespace/meta/main.yml index 6d87e5b..0a5603e 100644 --- a/containers/tenant-namespace-operator/roles/tenantnamespace/meta/main.yml +++ b/containers/tenant-namespace-operator/roles/tenantnamespace/meta/main.yml @@ -16,7 +16,7 @@ galaxy_info: # - CC-BY license: license (GPLv2, CC-BY, etc) - min_ansible_version: 2.6 + min_ansible_version: 2.9 # If this a Container Enabled role, provide the minimum Ansible Container version. # min_ansible_container_version: @@ -57,4 +57,7 @@ galaxy_info: dependencies: [] # List your role dependencies here, one per line. Be sure to remove the '[]' above, - # if you add dependencies to this list. \ No newline at end of file + # if you add dependencies to this list. +collections: +- operator_sdk.util +- community.kubernetes diff --git a/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml index 0335644..f1614ff 100644 --- a/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml +++ b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml @@ -11,77 +11,57 @@ name: "{{ meta.name }}-admin" labels: name: "{{ meta.name }}-admin" + miscscripts.pnnl.gov/namespace-type: admin -- tempfile: - state: file - suffix: .yaml - register: temp_filename - -- name: Block for file removal +- name: Set initial defaults. They be overridden. + set_fact: + merged_values: + magicnamespace: + tiller: + enabled: false +- name: Load in Flavor values if referenced block: - - name: Set initial defaults. They be overridden. - set_fact: - merged_values: - magicnamespace: - tiller: - enabled: false - no_log: True - - name: Load in Flavor values if referenced - block: - - name: Fetch referenced flavor - set_fact: - flavor: "{{ lookup('k8s', kind='TenantNamespaceFlavor', api_version='miscscripts.pnnl.gov/v1beta1', resource_name=_miscscripts_pnnl_gov_tenantnamespace_spec.flavorRef.name) }}" - no_log: True - - name: Merge in flavor values - set_fact: - merged_values: "{{ merged_values | combine(flavor.spec, recursive=True) }}" - no_log: True - when: - - _miscscripts_pnnl_gov_tenantnamespace_spec.flavorRef is defined - - _miscscripts_pnnl_gov_tenantnamespace_spec.flavorRef.kind == "TenantNamespaceFlavor" - - _miscscripts_pnnl_gov_tenantnamespace_spec.flavorRef.group == "miscscripts.pnnl.gov" - - name: Set value for forced settings + - name: Fetch referenced flavor + k8s_info: + api_version: miscscripts.pnnl.gov/v1beta1 + kind: TenantNamespaceFlavor + name: "{{ flavor_ref.name }}" + register: flavor + # Failures immediately trigger another reconciliation + failed_when: + - flavor.resources | length == 0 + - name: Merge in flavor values set_fact: - overrides: + merged_values: "{{ merged_values | combine(flavor.resources[0].spec, recursive=True) }}" + when: + - flavor_ref is defined + - flavor_ref.kind == "TenantNamespaceFlavor" + - flavor_ref.group == "miscscripts.pnnl.gov" +- name: Set value for forced settings + set_fact: + overrides: + namespace: "{{ meta.name }}" + magicnamespace: namespace: "{{ meta.name }}" - magicnamespace: - namespace: "{{ meta.name }}" - ingress: - controller: - scope: - namespace: "{{ meta.name }}" - - name: Set values from CR - set_fact: - merged_values: "{{ merged_values | combine(_miscscripts_pnnl_gov_tenantnamespace_spec, recursive=True) }}" - no_log: True - - name: Force namespace settings. Can not be overridden. - set_fact: - merged_values: "{{ merged_values | combine(overrides, recursive=True) }}" - no_log: True - - name: Copy values to temp file - copy: - content: "{{ merged_values | to_yaml }}" - dest: "{{ temp_filename.path }}" - no_log: True + ingress: + controller: + scope: + namespace: "{{ meta.name }}" +- name: Set values from CR + set_fact: + merged_values: "{{ merged_values | combine(_miscscripts_pnnl_gov_tenantnamespace_spec, recursive=True) }}" +- name: Force namespace settings. Can not be overridden. + set_fact: + merged_values: "{{ merged_values | combine(overrides, recursive=True) }}" #FIXME Consider making a service account specifically for this so it can't cross namespaces as far as it can today - - name: Check for differeneces - shell: "helm diff upgrade --detailed-exitcode --namespace {{ meta.name }}-admin {{ meta.name }} /tenant-namespace/ -f {{ temp_filename.path }}" - register: differ - ignore_errors: yes - no_log: True - - - name: Run Helm - shell: "helm upgrade --install --namespace {{ meta.name }}-admin {{ meta.name }} /tenant-namespace/ -f {{ temp_filename.path }}" - register: objs - when: - - differ.rc != 0 - - always: - - name: Remove temp file - file: - path: "{{ temp_filename.path }}" - state: absent +- name: Run Helm + helm: + name: "{{ meta.name }}" + namespace: "{{ meta.name }}-admin" + chart_ref: ${HOME}/tenant-namespace + values: "{{ merged_values }}" + register: objs - name: Create the k8s user namespace k8s: @@ -93,4 +73,5 @@ name: "{{ meta.name }}" labels: name: "{{ meta.name }}" + miscscripts.pnnl.gov/namespace-type: user diff --git a/containers/tenant-namespace-operator/roles/tenantnamespacefin/meta/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespacefin/meta/main.yml index 6d87e5b..0a5603e 100644 --- a/containers/tenant-namespace-operator/roles/tenantnamespacefin/meta/main.yml +++ b/containers/tenant-namespace-operator/roles/tenantnamespacefin/meta/main.yml @@ -16,7 +16,7 @@ galaxy_info: # - CC-BY license: license (GPLv2, CC-BY, etc) - min_ansible_version: 2.6 + min_ansible_version: 2.9 # If this a Container Enabled role, provide the minimum Ansible Container version. # min_ansible_container_version: @@ -57,4 +57,7 @@ galaxy_info: dependencies: [] # List your role dependencies here, one per line. Be sure to remove the '[]' above, - # if you add dependencies to this list. \ No newline at end of file + # if you add dependencies to this list. +collections: +- operator_sdk.util +- community.kubernetes diff --git a/containers/tenant-namespace-operator/roles/tenantnamespacefin/tasks/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespacefin/tasks/main.yml index 2f6e18f..535f3d2 100644 --- a/containers/tenant-namespace-operator/roles/tenantnamespacefin/tasks/main.yml +++ b/containers/tenant-namespace-operator/roles/tenantnamespacefin/tasks/main.yml @@ -2,9 +2,12 @@ # tasks file for tenantnamespace #Check to see release exists. If it doesnt continue on. If it does, delete it. -- shell: "(! helm get values --namespace {{ meta.name }}-admin {{ meta.name }}) || helm delete --namespace {{ meta.name }}-admin {{ meta.name }}" +- name: Delete the helm release + helm: + name: "{{ meta.name }}" + namespace: "{{ meta.name }}-admin" + state: absent register: objs - no_log: True - name: Delete the k8s user namespace k8s: diff --git a/containers/tenant-namespace-operator/watches.yaml b/containers/tenant-namespace-operator/watches.yaml index 88b92fc..26a4dd8 100644 --- a/containers/tenant-namespace-operator/watches.yaml +++ b/containers/tenant-namespace-operator/watches.yaml @@ -2,8 +2,8 @@ - version: v1beta1 group: miscscripts.pnnl.gov kind: TenantNamespace - role: /opt/ansible/roles/tenantnamespace + role: tenantnamespace reconcilePeriod: "60s" finalizer: name: finalizer.tenantnamespace.miscscripts.pnnl.gov - role: /opt/ansible/roles/tenantnamespacefin + role: tenantnamespacefin From 603bf3c7c038030b9a605b41979e3d034764f09f Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Tue, 12 May 2020 15:05:51 -0700 Subject: [PATCH 181/331] Updated versions --- charts/charts/tenant-namespace-operator/Chart.yaml | 4 ++-- containers/tenant-namespace-operator/Dockerfile | 2 +- containers/tenant-namespace-operator/buildenv | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/charts/tenant-namespace-operator/Chart.yaml b/charts/charts/tenant-namespace-operator/Chart.yaml index e901de9..646ab56 100644 --- a/charts/charts/tenant-namespace-operator/Chart.yaml +++ b/charts/charts/tenant-namespace-operator/Chart.yaml @@ -14,8 +14,8 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.1.7 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: 0.1.5-1 +appVersion: 0.1.6-1 diff --git a/containers/tenant-namespace-operator/Dockerfile b/containers/tenant-namespace-operator/Dockerfile index 141fa0b..391f2e0 100644 --- a/containers/tenant-namespace-operator/Dockerfile +++ b/containers/tenant-namespace-operator/Dockerfile @@ -23,7 +23,7 @@ RUN \ chmod -R ug+rwx ${HOME}/.ansible && \ helm pull --repo https://pnnl-miscscripts.github.io/charts tenant-namespace --untar && \ find roles/ -type f -exec md5sum {} \; > /.extrafingerprints && \ - echo 0.1.5 >> /.extrafingerprints && \ + echo 0.1.6 >> /.extrafingerprints && \ md5sum watches.yaml >> /.extrafingerprints ENTRYPOINT ["/usr/local/bin/entrypoint", "--inject-owner-ref=false"] diff --git a/containers/tenant-namespace-operator/buildenv b/containers/tenant-namespace-operator/buildenv index cdb41e6..ca01e3d 100644 --- a/containers/tenant-namespace-operator/buildenv +++ b/containers/tenant-namespace-operator/buildenv @@ -1 +1 @@ -export PREFIX=0.1.5 +export PREFIX=0.1.6 From e7485538313274966b8807392cbcbfd06f3bb6da Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Thu, 21 May 2020 12:17:18 -0700 Subject: [PATCH 182/331] Updated rpms containers Updated containerd build to use spectool for source downloads Updated containerd spec to include integrity checking and systemd macros Updated containerd version checks to use HEAD requests against GCS Added missing package updates for UEFI nodes Added missing libibverbs for Mellanox driver Added psmisc for pstree Updated to OpenStack Train for openvswitch --- containers/rpms-containerd/Dockerfile | 11 ++++++----- containers/rpms-containerd/containerd.spec | 20 ++++++++++++++++++-- containers/rpms-node-base/Dockerfile | 6 +++--- containers/rpms-openvswitch/Dockerfile | 2 +- 4 files changed, 28 insertions(+), 11 deletions(-) diff --git a/containers/rpms-containerd/Dockerfile b/containers/rpms-containerd/Dockerfile index afc86b6..57f7769 100644 --- a/containers/rpms-containerd/Dockerfile +++ b/containers/rpms-containerd/Dockerfile @@ -11,13 +11,14 @@ ADD rpmmacros /root/.rpmmacros RUN --mount=type=secret,id=gpg \ set -x && \ cd / && \ - yum install -y rpm-build cpio createrepo gnupg2 rpm-sign && \ + yum install -y rpmdevtools cpio createrepo gnupg2 rpm-sign && \ + rpmdev-setuptree && \ NEWVER=$(echo "$VERSION" | awk -F. '{print $1 "." $2 "." $3+1}') && \ - (! curl -f -o /root/rpmbuild/SOURCES/containerd.tar.gz "https://storage.googleapis.com/cri-containerd-release/cri-containerd-$NEWVER.linux-amd64.tar.gz") && \ + (! curl -f -I "https://storage.googleapis.com/cri-containerd-release/cri-containerd-$NEWVER.linux-amd64.tar.gz") && \ NEWVER=$(echo "$VERSION" | awk -F. '{print $1 "." $2+1 ".0"}') && \ - (! curl -f -o /root/rpmbuild/SOURCES/containerd.tar.gz "https://storage.googleapis.com/cri-containerd-release/cri-containerd-$NEWVER.linux-amd64.tar.gz") && \ - curl -f -o /root/rpmbuild/SOURCES/containerd.tar.gz "https://storage.googleapis.com/cri-containerd-release/cri-containerd-$VERSION.linux-amd64.tar.gz" && \ + (! curl -f -I "https://storage.googleapis.com/cri-containerd-release/cri-containerd-$NEWVER.linux-amd64.tar.gz") && \ sed -i "s/^\(Version:\).*$/\1 $VERSION/" /root/rpmbuild/SOURCES/containerd.spec && \ + spectool -g -R /root/rpmbuild/SOURCES/containerd.spec && \ cat /root/rpmbuild/SOURCES/containerd.spec && \ rpmbuild -ba /root/rpmbuild/SOURCES/containerd.spec && \ mkdir -p rpms && \ @@ -31,7 +32,7 @@ RUN --mount=type=secret,id=gpg \ cp /root/rpm.pub /rpms/repodata/RPM-GPG-KEY && \ mkdir tmp1 && \ pushd tmp1 && \ - tar -xvf ~/rpmbuild/SOURCES/containerd.tar.gz && \ + tar -xvf ~/rpmbuild/SOURCES/cri-containerd-$VERSION.linux-amd64.tar.gz && \ SUM=$(md5sum usr/local/bin/containerd | awk '{print $1}') && \ popd && \ mkdir tmp2 && \ diff --git a/containers/rpms-containerd/containerd.spec b/containers/rpms-containerd/containerd.spec index bb9de83..580c82a 100644 --- a/containers/rpms-containerd/containerd.spec +++ b/containers/rpms-containerd/containerd.spec @@ -4,16 +4,24 @@ Summary: ContainerD and friends Name: containerd Version: @VERSION@ -Release: 1 +Release: 2 License: APL Packager: MISCSCRIPTS Group: Development/Tools -Source: containerd.tar.gz + +Source0: https://storage.googleapis.com/cri-containerd-release/cri-containerd-%{version}.linux-amd64.tar.gz +Source1: https://storage.googleapis.com/cri-containerd-release/cri-containerd-%{version}.linux-amd64.tar.gz.sha256 + +Requires: container-selinux +%{?systemd_requires} +BuildRequires: systemd +BuildRequires: coreutils %description %{summary} %prep +echo "$(cat %{SOURCE1}) %{SOURCE0}" | sha256sum --check %setup -c %build @@ -37,3 +45,11 @@ ls -l %{buildroot} /etc/systemd/system/containerd.service /etc/crictl.yaml +%post +%systemd_post containerd.service + +%preun +%systemd_preun containerd.service + +%postun +%systemd_postun_with_restart containerd.service diff --git a/containers/rpms-node-base/Dockerfile b/containers/rpms-node-base/Dockerfile index 488ce91..76828be 100644 --- a/containers/rpms-node-base/Dockerfile +++ b/containers/rpms-node-base/Dockerfile @@ -12,9 +12,9 @@ RUN --mount=type=secret,id=gpg \ mkdir -p rpms/ && \ yumdownloader --resolv --installroot=/tmp/root --releasever=/ \ --destdir rpms --setopt cachedir=/tmp/cache \ - @Base @Core kernel grub2 docker e2fsprogs container-selinux nspr \ - nss-util openssh-server openssh iptables-services nfs-utils \ - authconfig && \ + @Base @Core @anaconda-tools grub2-efi-x64 kernel grub2 docker e2fsprogs \ + container-selinux nspr nss-util openssh-server openssh iptables-services \ + nfs-utils authconfig psmisc libibverbs && \ gpg --import /run/secrets/gpg && \ gpg --import /root/rpm.pub && \ rpm --addsign $(find rpms -type f -name '*.rpm') && \ diff --git a/containers/rpms-openvswitch/Dockerfile b/containers/rpms-openvswitch/Dockerfile index c2d98bf..bd0b1aa 100644 --- a/containers/rpms-openvswitch/Dockerfile +++ b/containers/rpms-openvswitch/Dockerfile @@ -10,7 +10,7 @@ RUN --mount=type=secret,id=gpg \ set -e && \ yum install -y createrepo createrepo gnupg2 rpm-sign && \ mkdir -p rpms/ && \ - yum install -y centos-release-openstack-rocky createrepo && \ + yum install -y centos-release-openstack-train createrepo && \ yumdownloader --resolv --destdir rpms openvswitch && \ gpg --import /run/secrets/gpg && \ gpg --import /root/rpm.pub && \ From 496d20caa16ca4a360e3afe74e14fe47cda026fa Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 22 May 2020 16:50:38 -0700 Subject: [PATCH 183/331] Ensure a new fingerprint for anaconda --- containers/anaconda/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/containers/anaconda/Dockerfile b/containers/anaconda/Dockerfile index 4522ec9..20c437a 100644 --- a/containers/anaconda/Dockerfile +++ b/containers/anaconda/Dockerfile @@ -9,3 +9,4 @@ RUN \ FROM scratch COPY --from=0 /data /data +RUN cat > /data/CentOS_BuildTag > /.extrafingerprints From f4631ddd553664a1f3fe084b528fca4b97c9b5e8 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 22 May 2020 16:52:38 -0700 Subject: [PATCH 184/331] Fix kubeupdater --- charts/charts/kubeupdater/Chart.yaml | 2 +- charts/charts/kubeupdater/templates/daemonset.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/charts/kubeupdater/Chart.yaml b/charts/charts/kubeupdater/Chart.yaml index 6170b98..2474107 100644 --- a/charts/charts/kubeupdater/Chart.yaml +++ b/charts/charts/kubeupdater/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: A Helm chart for Kubernetes name: kubeupdater -version: 0.1.0 +version: 0.2.0 diff --git a/charts/charts/kubeupdater/templates/daemonset.yaml b/charts/charts/kubeupdater/templates/daemonset.yaml index fee3c5b..6ed62d9 100644 --- a/charts/charts/kubeupdater/templates/daemonset.yaml +++ b/charts/charts/kubeupdater/templates/daemonset.yaml @@ -41,8 +41,11 @@ spec: volumeMounts: - mountPath: /host name: host + mountPropagation: Bidirectional - mountPath: /config name: config + resources: +{{ toYaml .Values.resources | indent 10 }} serviceAccount: {{ template "kubeupdater.fullname" . }} hostNetwork: true hostPID: true @@ -50,13 +53,10 @@ spec: volumes: - hostPath: path: / - mountPropagation: Bidirectional name: host - configMap: name: {{ template "kubeupdater.fullname" . }} name: config - resources: -{{ toYaml .Values.resources | indent 8 }} {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} From 73ffa8fcf7b78f05e8bee5ff81e7401689afca7e Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 22 May 2020 16:53:44 -0700 Subject: [PATCH 185/331] Fix broken anaconda dockerfile --- containers/anaconda/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/anaconda/Dockerfile b/containers/anaconda/Dockerfile index 20c437a..155fa17 100644 --- a/containers/anaconda/Dockerfile +++ b/containers/anaconda/Dockerfile @@ -9,4 +9,4 @@ RUN \ FROM scratch COPY --from=0 /data /data -RUN cat > /data/CentOS_BuildTag > /.extrafingerprints +RUN cat /data/CentOS_BuildTag > /.extrafingerprints From 32f4fdb543c3b358d920c81789d4c711082099d2 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 22 May 2020 17:11:20 -0700 Subject: [PATCH 186/331] Scratch cant run things --- containers/anaconda/Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/containers/anaconda/Dockerfile b/containers/anaconda/Dockerfile index 155fa17..467c403 100644 --- a/containers/anaconda/Dockerfile +++ b/containers/anaconda/Dockerfile @@ -5,8 +5,9 @@ RUN \ curl http://mirror.centos.org/centos-7/7/os/x86_64/images/pxeboot/initrd.img -o /data/initrd.img && \ curl http://mirror.centos.org/centos-7/7/os/x86_64/images/pxeboot/vmlinuz -o /data/vmlinuz && \ curl http://mirror.centos.org/centos-7/7/os/x86_64/.treeinfo -o /data/.treeinfo && \ - curl http://mirror.centos.org/centos-7/7/os/x86_64/LiveOS/squashfs.img -o /data/LiveOS/squashfs.img + curl http://mirror.centos.org/centos-7/7/os/x86_64/LiveOS/squashfs.img -o /data/LiveOS/squashfs.img && \ + cat /data/CentOS_BuildTag > /.extrafingerprints FROM scratch COPY --from=0 /data /data -RUN cat /data/CentOS_BuildTag > /.extrafingerprints +COPY --from=0 /.extrafingerprints /.extrafingerprints From 1cddd62e9ec6f04e48cdd154d7798c2dc1a2c1fa Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 27 May 2020 15:38:48 -0700 Subject: [PATCH 187/331] Fix kubeupdater to use the right key --- charts/charts/kubeupdater/Chart.yaml | 2 +- charts/charts/kubeupdater/templates/kubeupdater-configmap.yaml | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/charts/charts/kubeupdater/Chart.yaml b/charts/charts/kubeupdater/Chart.yaml index 2474107..d426747 100644 --- a/charts/charts/kubeupdater/Chart.yaml +++ b/charts/charts/kubeupdater/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: A Helm chart for Kubernetes name: kubeupdater -version: 0.2.0 +version: 0.3.0 diff --git a/charts/charts/kubeupdater/templates/kubeupdater-configmap.yaml b/charts/charts/kubeupdater/templates/kubeupdater-configmap.yaml index 3033da7..207c662 100644 --- a/charts/charts/kubeupdater/templates/kubeupdater-configmap.yaml +++ b/charts/charts/kubeupdater/templates/kubeupdater-configmap.yaml @@ -15,8 +15,7 @@ data: enabled=1 baseurl={{ .Values.base }}{{ .Values.version }} gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 - {{ .Values.base }}{{ .Values.version }}/repodata/RPM-GPG-KEY-PNNL-RPMS - {{ .Values.base }}{{ .Values.version }}/repodata/RPM-GPG-KEY-PNNL-REPO + {{ .Values.base }}{{ .Values.version }}/repodata/RPM-GPG-KEY gpgcheck = 1 repo_gpgcheck = 1 keepcache = 0 From 033cc6da7c0eb5e5a79322d40988247b5e3c671a Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Tue, 9 Jun 2020 11:07:33 -0700 Subject: [PATCH 188/331] Add support for custom everything.repo. --- charts/charts/kubeupdater/Chart.yaml | 2 +- .../charts/kubeupdater/templates/kubeupdater-configmap.yaml | 4 ++++ charts/charts/kubeupdater/values.yaml | 3 +++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/charts/charts/kubeupdater/Chart.yaml b/charts/charts/kubeupdater/Chart.yaml index d426747..32a80d3 100644 --- a/charts/charts/kubeupdater/Chart.yaml +++ b/charts/charts/kubeupdater/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: A Helm chart for Kubernetes name: kubeupdater -version: 0.3.0 +version: 0.4.0 diff --git a/charts/charts/kubeupdater/templates/kubeupdater-configmap.yaml b/charts/charts/kubeupdater/templates/kubeupdater-configmap.yaml index 207c662..ebda4d4 100644 --- a/charts/charts/kubeupdater/templates/kubeupdater-configmap.yaml +++ b/charts/charts/kubeupdater/templates/kubeupdater-configmap.yaml @@ -10,6 +10,9 @@ metadata: heritage: {{ .Release.Service }} data: everything.repo: | +{{- if hasKey .Values "rawConfig" }} +{{ .Values.rawConfig | indent 4}} +{{- else }} [everything] name=everything enabled=1 @@ -19,3 +22,4 @@ data: gpgcheck = 1 repo_gpgcheck = 1 keepcache = 0 +{{- end }} diff --git a/charts/charts/kubeupdater/values.yaml b/charts/charts/kubeupdater/values.yaml index e8e87af..542609f 100644 --- a/charts/charts/kubeupdater/values.yaml +++ b/charts/charts/kubeupdater/values.yaml @@ -2,6 +2,9 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. +#rawConfig: | +# [yourrepohere] +# etcetc base: https://changeme/ version: 1.16.8-nginx-2 From d7901206bc88967b2c609a1dbe5f396d49a0d94c Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Tue, 9 Jun 2020 17:09:50 -0700 Subject: [PATCH 189/331] Add container for ipmi-exporter --- .travis.yml | 5 +++++ charts/image-library-charts/buildall | 2 +- containers/ipmi-exporter/Dockerfile | 14 ++++++++++++++ containers/ipmi-exporter/buildenv | 1 + 4 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 containers/ipmi-exporter/Dockerfile create mode 100644 containers/ipmi-exporter/buildenv diff --git a/.travis.yml b/.travis.yml index df93b33..560db19 100644 --- a/.travis.yml +++ b/.travis.yml @@ -25,6 +25,11 @@ jobs: language: shell name: Build ipmitool container script: ./containers/build ipmitool + - stage: build + dist: xenial + language: shell + name: Build ipmi-exporter container + script: ./containers/build ipmi-exporter - stage: build dist: xenial language: shell diff --git a/charts/image-library-charts/buildall b/charts/image-library-charts/buildall index 89ca755..7b1dc9e 100755 --- a/charts/image-library-charts/buildall +++ b/charts/image-library-charts/buildall @@ -20,7 +20,7 @@ cd image-library-charts mkdir -p tags CHANGE=0 -for CONTAINER in ipmitool dhcpd inotify-tools chronyd debug-toolbox anaconda-nginx k8s-node-image-nginx pixiecore; do +for CONTAINER in ipmitool ipmi-exporter dhcpd inotify-tools chronyd debug-toolbox anaconda-nginx k8s-node-image-nginx pixiecore; do case "$CONTAINER" in k8s-node-image-nginx) SUBBUILDS="1.14 1.15 1.16" diff --git a/containers/ipmi-exporter/Dockerfile b/containers/ipmi-exporter/Dockerfile new file mode 100644 index 0000000..655d1e8 --- /dev/null +++ b/containers/ipmi-exporter/Dockerfile @@ -0,0 +1,14 @@ +FROM centos:centos8 +MAINTAINER Kevin Fox + +RUN \ + yum install -y freeipmi && \ + curl -o ipmi_exporter.tgz https://github.com/soundcloud/ipmi_exporter/releases/download/v1.2.0/ipmi_exporter-v1.2.0.linux-amd64.tar.gz -L && \ + tar -xvf ipmi_exporter.tgz && \ + mv ipmi_exporter-v*/ipmi_exporter /usr/bin/ && \ + rm -rf ipmi_exporter-v* && \ + echo 1.2.0 >> /.extrafingerprints && \ + +ENTRYPOINT ["ipmi_exporter"] + +CMD ["--help"] diff --git a/containers/ipmi-exporter/buildenv b/containers/ipmi-exporter/buildenv new file mode 100644 index 0000000..418c6f8 --- /dev/null +++ b/containers/ipmi-exporter/buildenv @@ -0,0 +1 @@ +export PREFIX=1.2.0 From 7c54e2cb351087579134fde266650a4645f02604 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Tue, 9 Jun 2020 17:11:41 -0700 Subject: [PATCH 190/331] Force initial build. --- containers/ipmi-exporter/buildenv | 1 + 1 file changed, 1 insertion(+) diff --git a/containers/ipmi-exporter/buildenv b/containers/ipmi-exporter/buildenv index 418c6f8..73371db 100644 --- a/containers/ipmi-exporter/buildenv +++ b/containers/ipmi-exporter/buildenv @@ -1 +1,2 @@ export PREFIX=1.2.0 +export NEW_BUILD=1 From 3067c803d5e185e17d3449209b9a99e75455cc59 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Tue, 9 Jun 2020 17:32:49 -0700 Subject: [PATCH 191/331] Fix dockerfile --- containers/ipmi-exporter/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/ipmi-exporter/Dockerfile b/containers/ipmi-exporter/Dockerfile index 655d1e8..5907214 100644 --- a/containers/ipmi-exporter/Dockerfile +++ b/containers/ipmi-exporter/Dockerfile @@ -7,7 +7,7 @@ RUN \ tar -xvf ipmi_exporter.tgz && \ mv ipmi_exporter-v*/ipmi_exporter /usr/bin/ && \ rm -rf ipmi_exporter-v* && \ - echo 1.2.0 >> /.extrafingerprints && \ + echo 1.2.0 >> /.extrafingerprints ENTRYPOINT ["ipmi_exporter"] From 9368b2a71014348e44610e6a05e4d9e1cb789799 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Tue, 9 Jun 2020 17:43:09 -0700 Subject: [PATCH 192/331] Remove new build flag --- containers/ipmi-exporter/buildenv | 1 - 1 file changed, 1 deletion(-) diff --git a/containers/ipmi-exporter/buildenv b/containers/ipmi-exporter/buildenv index 73371db..418c6f8 100644 --- a/containers/ipmi-exporter/buildenv +++ b/containers/ipmi-exporter/buildenv @@ -1,2 +1 @@ export PREFIX=1.2.0 -export NEW_BUILD=1 From 2b34f48b21e56c1480d3ee1f32bdd9a9d7461a5a Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 10 Jun 2020 14:07:04 -0700 Subject: [PATCH 193/331] Add and release ipmi-exporter. Release kubeupdater. --- charts/charts/buildall | 4 +- charts/charts/ipmi-exporter/.helmignore | 23 +++++ charts/charts/ipmi-exporter/Chart.yaml | 21 +++++ charts/charts/ipmi-exporter/README.md | 31 +++++++ charts/charts/ipmi-exporter/requirements.yaml | 4 + .../charts/ipmi-exporter/templates/NOTES.txt | 21 +++++ .../ipmi-exporter/templates/_helpers.tpl | 63 ++++++++++++++ .../ipmi-exporter/templates/deployment.yaml | 68 +++++++++++++++ .../ipmi-exporter/templates/ingress.yaml | 41 +++++++++ .../ipmi-exporter/templates/secret.yaml | 8 ++ .../ipmi-exporter/templates/service.yaml | 15 ++++ .../templates/serviceaccount.yaml | 12 +++ charts/charts/ipmi-exporter/values.yaml | 85 +++++++++++++++++++ 13 files changed, 394 insertions(+), 2 deletions(-) create mode 100644 charts/charts/ipmi-exporter/.helmignore create mode 100644 charts/charts/ipmi-exporter/Chart.yaml create mode 100644 charts/charts/ipmi-exporter/README.md create mode 100644 charts/charts/ipmi-exporter/requirements.yaml create mode 100644 charts/charts/ipmi-exporter/templates/NOTES.txt create mode 100644 charts/charts/ipmi-exporter/templates/_helpers.tpl create mode 100644 charts/charts/ipmi-exporter/templates/deployment.yaml create mode 100644 charts/charts/ipmi-exporter/templates/ingress.yaml create mode 100644 charts/charts/ipmi-exporter/templates/secret.yaml create mode 100644 charts/charts/ipmi-exporter/templates/service.yaml create mode 100644 charts/charts/ipmi-exporter/templates/serviceaccount.yaml create mode 100644 charts/charts/ipmi-exporter/values.yaml diff --git a/charts/charts/buildall b/charts/charts/buildall index 74455b6..d7c99d5 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -36,7 +36,7 @@ for ver in 1-14 1-15 1-16; do done CHANGE=0 -for CHART in nginx-app console chronyd dhcpd k8s-node-image tenant-namespace pixiecore pixiecore-simpleconfig gitlab-runner-operator tenant-namespace-operator; do +for CHART in nginx-app console chronyd dhcpd ipmi-exporter kubeupdater k8s-node-image tenant-namespace pixiecore pixiecore-simpleconfig gitlab-runner-operator tenant-namespace-operator; do RAWCHART=$CHART case "$CHART" in k8s-node-image) @@ -87,7 +87,7 @@ for CHART in nginx-app console chronyd dhcpd k8s-node-image tenant-namespace pix echo New version: $NEWVERSION sed -i "s/^version: .*/version: $NEWVERSION/" ../../$CHART/Chart.yaml if [ "$SUBBUILD" == "latest" ]; then - if [ "$CHART" != "gitlab-runner-operator" -a "$CHART" != "tenant-namespace-operator" ]; then + if [ "$CHART" != "gitlab-runner-operator" -a "$CHART" != "tenant-namespace-operator" -a "$CHART" != "kubeupdater" ]; then sed -i "s/^appVersion: .*/appVersion: $NEWVERSION/" ../../$CHART/Chart.yaml fi fi diff --git a/charts/charts/ipmi-exporter/.helmignore b/charts/charts/ipmi-exporter/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/charts/ipmi-exporter/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/charts/ipmi-exporter/Chart.yaml b/charts/charts/ipmi-exporter/Chart.yaml new file mode 100644 index 0000000..0829c15 --- /dev/null +++ b/charts/charts/ipmi-exporter/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +name: ipmi-exporter +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. +appVersion: 0.1.0 diff --git a/charts/charts/ipmi-exporter/README.md b/charts/charts/ipmi-exporter/README.md new file mode 100644 index 0000000..0f7d76a --- /dev/null +++ b/charts/charts/ipmi-exporter/README.md @@ -0,0 +1,31 @@ +# ipmi-exporter chart + +This chart allows you to deploy the ipmi exporter. + +## Install Chart + +To install the Chart into your Kubernetes cluster: + +```bash +helm install --namespace prometheus --name "ipmi-exporter" pnnl-miscscripts/ipmi-exporter" +``` + +After installation succeeds, you can get a status of Chart + +```bash +helm status "ipmi-exporter" +``` + +If you want to delete your Chart, use this command: + +```bash +helm delete "ipmi-expoerter" +``` + +## Configuration +set the value config: with any configuration as described here: +https://github.com/soundcloud/ipmi_exporter#configuration + +An example is provided here: +https://github.com/soundcloud/ipmi_exporter/blob/master/ipmi_remote.yml + diff --git a/charts/charts/ipmi-exporter/requirements.yaml b/charts/charts/ipmi-exporter/requirements.yaml new file mode 100644 index 0000000..70219ae --- /dev/null +++ b/charts/charts/ipmi-exporter/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: +- name: ipmi-exporter + version: 2.0.0 + repository: https://pnnl-miscscripts.github.io/image-library-charts/ diff --git a/charts/charts/ipmi-exporter/templates/NOTES.txt b/charts/charts/ipmi-exporter/templates/NOTES.txt new file mode 100644 index 0000000..f2e0dd2 --- /dev/null +++ b/charts/charts/ipmi-exporter/templates/NOTES.txt @@ -0,0 +1,21 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "pnnlmiscscripts.ipmi-exporter-full.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "pnnlmiscscripts.ipmi-exporter-full.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "pnnlmiscscripts.ipmi-exporter-full.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "pnnlmiscscripts.ipmi-exporter-full.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:9290 +{{- end }} diff --git a/charts/charts/ipmi-exporter/templates/_helpers.tpl b/charts/charts/ipmi-exporter/templates/_helpers.tpl new file mode 100644 index 0000000..8202808 --- /dev/null +++ b/charts/charts/ipmi-exporter/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "pnnlmiscscripts.ipmi-exporter-full.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "pnnlmiscscripts.ipmi-exporter-full.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "pnnlmiscscripts.ipmi-exporter-full.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "pnnlmiscscripts.ipmi-exporter-full.labels" -}} +helm.sh/chart: {{ include "pnnlmiscscripts.ipmi-exporter-full.chart" . }} +{{ include "pnnlmiscscripts.ipmi-exporter-full.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "pnnlmiscscripts.ipmi-exporter-full.selectorLabels" -}} +app.kubernetes.io/name: {{ include "pnnlmiscscripts.ipmi-exporter-full.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "pnnlmiscscripts.ipmi-exporter-full.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "pnnlmiscscripts.ipmi-exporter-full.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/charts/charts/ipmi-exporter/templates/deployment.yaml b/charts/charts/ipmi-exporter/templates/deployment.yaml new file mode 100644 index 0000000..886ffdf --- /dev/null +++ b/charts/charts/ipmi-exporter/templates/deployment.yaml @@ -0,0 +1,68 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "pnnlmiscscripts.ipmi-exporter-full.fullname" . }} + labels: + {{- include "pnnlmiscscripts.ipmi-exporter-full.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "pnnlmiscscripts.ipmi-exporter-full.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum | quote }} + labels: + {{- include "pnnlmiscscripts.ipmi-exporter-full.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "pnnlmiscscripts.ipmi-exporter-full.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: {{ dict "dot" . "section" .Values.ipmiExporter | include "pnnlmiscscripts.ipmi-exporter.image" }} + imagePullPolicy: {{ .Values.ipmiExporter.imagePullPolicy }} + command: + - /usr/bin/ipmi_exporter + - --config.file + - /etc/ipmi-exporter/ipmi.yaml + ports: + - name: http + containerPort: 9290 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - name: config + mountPath: /etc/ipmi-exporter + volumes: + - name: config + secret: + secretName: {{ template "pnnlmiscscripts.ipmi-exporter-full.fullname" . }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/charts/ipmi-exporter/templates/ingress.yaml b/charts/charts/ipmi-exporter/templates/ingress.yaml new file mode 100644 index 0000000..f0c6217 --- /dev/null +++ b/charts/charts/ipmi-exporter/templates/ingress.yaml @@ -0,0 +1,41 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "pnnlmiscscripts.ipmi-exporter-full.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "pnnlmiscscripts.ipmi-exporter-full.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ . }} + backend: + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/charts/ipmi-exporter/templates/secret.yaml b/charts/charts/ipmi-exporter/templates/secret.yaml new file mode 100644 index 0000000..c8beffb --- /dev/null +++ b/charts/charts/ipmi-exporter/templates/secret.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "pnnlmiscscripts.ipmi-exporter-full.fullname" . }} + labels: + {{- include "pnnlmiscscripts.ipmi-exporter-full.labels" . | nindent 4 }} +data: + ipmi.yaml: {{ toYaml .Values.config | b64enc }} diff --git a/charts/charts/ipmi-exporter/templates/service.yaml b/charts/charts/ipmi-exporter/templates/service.yaml new file mode 100644 index 0000000..67db487 --- /dev/null +++ b/charts/charts/ipmi-exporter/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "pnnlmiscscripts.ipmi-exporter-full.fullname" . }} + labels: + {{- include "pnnlmiscscripts.ipmi-exporter-full.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "pnnlmiscscripts.ipmi-exporter-full.selectorLabels" . | nindent 4 }} diff --git a/charts/charts/ipmi-exporter/templates/serviceaccount.yaml b/charts/charts/ipmi-exporter/templates/serviceaccount.yaml new file mode 100644 index 0000000..1b15309 --- /dev/null +++ b/charts/charts/ipmi-exporter/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "pnnlmiscscripts.ipmi-exporter-full.serviceAccountName" . }} + labels: + {{- include "pnnlmiscscripts.ipmi-exporter-full.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/charts/charts/ipmi-exporter/values.yaml b/charts/charts/ipmi-exporter/values.yaml new file mode 100644 index 0000000..7e5a6f6 --- /dev/null +++ b/charts/charts/ipmi-exporter/values.yaml @@ -0,0 +1,85 @@ +# Default values for ipmi-exporter. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +ipmiExporter: + imagePullPolicy: IfNotPresent + +config: + modules: + default: + user: "default_user" + pass: "example_pw" + driver: "LAN_2_0" + privilege: "user" + # The session timeout is in milliseconds. Note that a scrape can take up + # to (session-timeout * #-of-collectors) milliseconds, so set the scrape + # timeout in Prometheus accordingly. + timeout: 10000 + collectors: + - bmc + - ipmi + - chassis + - dcmi + - sel + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: [] + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} From dbc51f870f40004a7a08896687958566e90a1caf Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 12 Jun 2020 12:02:27 -0700 Subject: [PATCH 194/331] Remove k8s 1.14 and add 1.17 and 1.18. --- .travis.yml | 10 ++++++++-- charts/charts/buildall | 4 ++-- charts/image-library-charts/buildall | 2 +- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/.travis.yml b/.travis.yml index 560db19..4e1ca7c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -83,8 +83,14 @@ jobs: before_install: *upgradedocker dist: xenial language: shell - name: Build rpms-kubernetes container 1.14 - script: ./containers/build rpms-kubernetes 1.14 + name: Build rpms-kubernetes container 1.17 + script: ./containers/build rpms-kubernetes 1.17 + - stage: build + before_install: *upgradedocker + dist: xenial + language: shell + name: Build rpms-kubernetes container 1.18 + script: ./containers/build rpms-kubernetes 1.18 - stage: build before_install: *upgradedocker dist: xenial diff --git a/charts/charts/buildall b/charts/charts/buildall index d7c99d5..9de4edd 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -21,7 +21,7 @@ mkdir -p charts/vers helm repo add pnnl-miscscripts-image-library-charts https://pnnl-miscscripts.github.io/image-library-charts/ helm repo update -for ver in 1-14 1-15 1-16; do +for ver in 1-15 1-16 1-17 1-18; do cp -a k8s-node-image k8s-node-image-$ver sed -i "s@k8s-node-image-nginx-1-14@k8s-node-image-nginx-$ver@g" k8s-node-image-$ver/requirements.yaml k8s-node-image-$ver/values.yaml sed -i "s@^name:.*@name: k8s-node-image-$ver@g" k8s-node-image-$ver/Chart.yaml @@ -40,7 +40,7 @@ for CHART in nginx-app console chronyd dhcpd ipmi-exporter kubeupdater k8s-node- RAWCHART=$CHART case "$CHART" in k8s-node-image) - SUBBUILDS="1-14 1-15 1-16" + SUBBUILDS="1-15 1-16 1-17 1-18" ;; *) SUBBUILDS="latest" diff --git a/charts/image-library-charts/buildall b/charts/image-library-charts/buildall index 7b1dc9e..192e2d8 100755 --- a/charts/image-library-charts/buildall +++ b/charts/image-library-charts/buildall @@ -23,7 +23,7 @@ CHANGE=0 for CONTAINER in ipmitool ipmi-exporter dhcpd inotify-tools chronyd debug-toolbox anaconda-nginx k8s-node-image-nginx pixiecore; do case "$CONTAINER" in k8s-node-image-nginx) - SUBBUILDS="1.14 1.15 1.16" + SUBBUILDS="1.15 1.16 1.17 1.18" ;; *) SUBBUILDS="latest" From 84dafafac169745bc450b88f15e2d1a48f40fd47 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 15 Jun 2020 08:51:43 -0700 Subject: [PATCH 195/331] Set new build on k8s-node-image --- containers/k8s-node-image/buildenv | 1 + 1 file changed, 1 insertion(+) diff --git a/containers/k8s-node-image/buildenv b/containers/k8s-node-image/buildenv index 40b9679..2de49f3 100644 --- a/containers/k8s-node-image/buildenv +++ b/containers/k8s-node-image/buildenv @@ -3,3 +3,4 @@ export AUTO_PREFIX_PACKAGE=kubelet export DOCKER_TAG=$SUBBUILD export DOCKER_BUILDKIT=1 export GPGSIGN=1 +export NEW_BUILD=1 From a5f21634a4f52c89c8d5b12d9546359512ee6ebd Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 15 Jun 2020 09:04:03 -0700 Subject: [PATCH 196/331] Add missing containers. --- .travis.yml | 19 +++++++++++++++---- containers/k8s-node-image-nginx/buildenv | 1 + containers/rpms-kubernetes/buildenv | 1 + 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index 4e1ca7c..c54936e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -112,8 +112,14 @@ jobs: before_install: *upgradedocker dist: xenial language: shell - name: Build full k8s node image 1.14 - script: ./containers/build k8s-node-image 1.14 + name: Build full k8s node image 1.17 + script: ./containers/build k8s-node-image 1.17 + - stage: build-full-image + before_install: *upgradedocker + dist: xenial + language: shell + name: Build full k8s node image 1.18 + script: ./containers/build k8s-node-image 1.18 - stage: build-full-image before_install: *upgradedocker dist: xenial @@ -133,8 +139,13 @@ jobs: - stage: build-nginx dist: xenial language: shell - name: Build k8s-node-image+nginx container 1.14 - script: ./containers/build k8s-node-image-nginx 1.14 + name: Build k8s-node-image+nginx container 1.17 + script: ./containers/build k8s-node-image-nginx 1.17 + - stage: build-nginx + dist: xenial + language: shell + name: Build k8s-node-image+nginx container 1.18 + script: ./containers/build k8s-node-image-nginx 1.18 - stage: build-nginx dist: xenial language: shell diff --git a/containers/k8s-node-image-nginx/buildenv b/containers/k8s-node-image-nginx/buildenv index 720d1a9..1f3b088 100644 --- a/containers/k8s-node-image-nginx/buildenv +++ b/containers/k8s-node-image-nginx/buildenv @@ -3,3 +3,4 @@ export AUTO_PREFIX_PACKAGE=kubelet export AUTO_PREFIX_FILTER='sed "s/$/-nginx/g"' export DOCKER_REPO=pnnlmiscscripts/k8s-node-image export DOCKER_TAG="$SUBBUILD-nginx" +export NEW_BUILD=1 diff --git a/containers/rpms-kubernetes/buildenv b/containers/rpms-kubernetes/buildenv index 40b9679..2de49f3 100644 --- a/containers/rpms-kubernetes/buildenv +++ b/containers/rpms-kubernetes/buildenv @@ -3,3 +3,4 @@ export AUTO_PREFIX_PACKAGE=kubelet export DOCKER_TAG=$SUBBUILD export DOCKER_BUILDKIT=1 export GPGSIGN=1 +export NEW_BUILD=1 From 5cbc5e8856650abf6e90cd5e1244ff1b1cf3815f Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 15 Jun 2020 09:40:50 -0700 Subject: [PATCH 197/331] Remove newbuild flag. --- containers/k8s-node-image-nginx/buildenv | 1 - containers/k8s-node-image/buildenv | 1 - containers/rpms-kubernetes/buildenv | 1 - 3 files changed, 3 deletions(-) diff --git a/containers/k8s-node-image-nginx/buildenv b/containers/k8s-node-image-nginx/buildenv index 1f3b088..720d1a9 100644 --- a/containers/k8s-node-image-nginx/buildenv +++ b/containers/k8s-node-image-nginx/buildenv @@ -3,4 +3,3 @@ export AUTO_PREFIX_PACKAGE=kubelet export AUTO_PREFIX_FILTER='sed "s/$/-nginx/g"' export DOCKER_REPO=pnnlmiscscripts/k8s-node-image export DOCKER_TAG="$SUBBUILD-nginx" -export NEW_BUILD=1 diff --git a/containers/k8s-node-image/buildenv b/containers/k8s-node-image/buildenv index 2de49f3..40b9679 100644 --- a/containers/k8s-node-image/buildenv +++ b/containers/k8s-node-image/buildenv @@ -3,4 +3,3 @@ export AUTO_PREFIX_PACKAGE=kubelet export DOCKER_TAG=$SUBBUILD export DOCKER_BUILDKIT=1 export GPGSIGN=1 -export NEW_BUILD=1 diff --git a/containers/rpms-kubernetes/buildenv b/containers/rpms-kubernetes/buildenv index 2de49f3..40b9679 100644 --- a/containers/rpms-kubernetes/buildenv +++ b/containers/rpms-kubernetes/buildenv @@ -3,4 +3,3 @@ export AUTO_PREFIX_PACKAGE=kubelet export DOCKER_TAG=$SUBBUILD export DOCKER_BUILDKIT=1 export GPGSIGN=1 -export NEW_BUILD=1 From 35ab3c03cfeaa5d6eb5cbde1321e6039caeb4f41 Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Tue, 30 Jun 2020 17:27:00 -0700 Subject: [PATCH 198/331] Updated kubeupdater chart Added psp for kubeupdater Switched to label helper from newer helm Switched to service account name generation from newer helm Switched to specific folder instead of host root --- charts/charts/kubeupdater/.helmignore | 2 + .../charts/kubeupdater/templates/_helpers.tpl | 61 ++++++++++++++----- .../kubeupdater/templates/bin-configmap.yaml | 5 +- .../kubeupdater/templates/daemonset.yaml | 50 ++++++++------- .../{kubeupdater-role.yaml => node-role.yaml} | 9 ++- ...rolebinding.yaml => node-rolebinding.yaml} | 11 ++-- charts/charts/kubeupdater/templates/psp.yaml | 32 ++++++++++ ...ter-configmap.yaml => repo-configmap.yaml} | 5 +- charts/charts/kubeupdater/templates/role.yaml | 25 +++----- .../kubeupdater/templates/rolebinding.yaml | 16 +++++ .../kubeupdater/templates/serviceaccount.yaml | 15 ++--- charts/charts/kubeupdater/values.yaml | 16 +++++ 12 files changed, 165 insertions(+), 82 deletions(-) rename charts/charts/kubeupdater/templates/{kubeupdater-role.yaml => node-role.yaml} (53%) rename charts/charts/kubeupdater/templates/{kubeupdater-rolebinding.yaml => node-rolebinding.yaml} (53%) create mode 100644 charts/charts/kubeupdater/templates/psp.yaml rename charts/charts/kubeupdater/templates/{kubeupdater-configmap.yaml => repo-configmap.yaml} (75%) create mode 100644 charts/charts/kubeupdater/templates/rolebinding.yaml diff --git a/charts/charts/kubeupdater/.helmignore b/charts/charts/kubeupdater/.helmignore index f0c1319..0e8a0eb 100644 --- a/charts/charts/kubeupdater/.helmignore +++ b/charts/charts/kubeupdater/.helmignore @@ -14,8 +14,10 @@ *.swp *.bak *.tmp +*.orig *~ # Various IDEs .project .idea/ *.tmproj +.vscode/ diff --git a/charts/charts/kubeupdater/templates/_helpers.tpl b/charts/charts/kubeupdater/templates/_helpers.tpl index 0fce9cc..2f56baf 100644 --- a/charts/charts/kubeupdater/templates/_helpers.tpl +++ b/charts/charts/kubeupdater/templates/_helpers.tpl @@ -3,8 +3,8 @@ Expand the name of the chart. */}} {{- define "kubeupdater.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} {{/* Create a default fully qualified app name. @@ -12,21 +12,52 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this If release name contains chart name it will be used as a full name. */}} {{- define "kubeupdater.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} {{/* Create chart name and version as used by the chart label. */}} {{- define "kubeupdater.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kubeupdater.labels" -}} +helm.sh/chart: {{ include "kubeupdater.chart" . }} +{{ include "kubeupdater.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kubeupdater.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kubeupdater.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "kubeupdater.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "kubeupdater.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/charts/kubeupdater/templates/bin-configmap.yaml b/charts/charts/kubeupdater/templates/bin-configmap.yaml index d71f3ef..085152b 100644 --- a/charts/charts/kubeupdater/templates/bin-configmap.yaml +++ b/charts/charts/kubeupdater/templates/bin-configmap.yaml @@ -3,10 +3,7 @@ kind: ConfigMap metadata: name: {{ template "kubeupdater.fullname" . }} labels: - app: {{ template "kubeupdater.name" . }} - chart: {{ template "kubeupdater.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "kubeupdater.labels" . | nindent 4 }} data: kubeupdater: | {{ .Files.Get "bin/kubeupdater" | indent 4 }} diff --git a/charts/charts/kubeupdater/templates/daemonset.yaml b/charts/charts/kubeupdater/templates/daemonset.yaml index 6ed62d9..df67bf1 100644 --- a/charts/charts/kubeupdater/templates/daemonset.yaml +++ b/charts/charts/kubeupdater/templates/daemonset.yaml @@ -3,10 +3,7 @@ kind: DaemonSet metadata: name: {{ template "kubeupdater.fullname" . }} labels: - app: {{ template "kubeupdater.name" . }} - chart: {{ template "kubeupdater.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "kubeupdater.labels" . | nindent 4 }} spec: updateStrategy: rollingUpdate: @@ -15,14 +12,16 @@ spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: - app: {{ template "kubeupdater.name" . }} - release: {{ .Release.Name }} + {{- include "kubeupdater.selectorLabels" . | nindent 6 }} template: metadata: labels: - app: {{ template "kubeupdater.name" . }} - release: {{ .Release.Name }} + {{- include "kubeupdater.selectorLabels" . | nindent 8 }} spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} containers: - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} @@ -30,8 +29,8 @@ spec: - /bin/sh - -ec - | - cat /config/kubeupdater > /host/usr/bin/kubeupdater - chmod +x /host/usr/bin/kubeupdater + cat /config/kubeupdater > /host-bin/kubeupdater + chmod +x /host-bin/kubeupdater nsenter -m/proc/1/ns/mnt -- /usr/bin/kubeupdater -i while true; do sleep 10000; done name: main @@ -39,33 +38,32 @@ spec: privileged: true runAsUser: 0 volumeMounts: - - mountPath: /host - name: host - mountPropagation: Bidirectional + - mountPath: /host-bin + name: host-bin - mountPath: /config name: config resources: -{{ toYaml .Values.resources | indent 10 }} - serviceAccount: {{ template "kubeupdater.fullname" . }} + {{- toYaml .Values.resources | nindent 10 }} + serviceAccountName: {{ template "kubeupdater.serviceAccountName" . }} hostNetwork: true hostPID: true hostIPC: true volumes: - hostPath: - path: / - name: host + path: /usr/bin + name: host-bin - configMap: name: {{ template "kubeupdater.fullname" . }} name: config - {{- with .Values.nodeSelector }} + {{- with .Values.nodeSelector }} nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.affinity }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.tolerations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} tolerations: -{{ toYaml . | indent 8 }} - {{- end }} + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/charts/kubeupdater/templates/kubeupdater-role.yaml b/charts/charts/kubeupdater/templates/node-role.yaml similarity index 53% rename from charts/charts/kubeupdater/templates/kubeupdater-role.yaml rename to charts/charts/kubeupdater/templates/node-role.yaml index a35ee8e..514872d 100644 --- a/charts/charts/kubeupdater/templates/kubeupdater-role.yaml +++ b/charts/charts/kubeupdater/templates/node-role.yaml @@ -1,13 +1,11 @@ +{{- if .Values.rbac.create }} apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: kubeupdater-node + name: {{ template "kubeupdater.fullname" . }}-node namespace: kube-system labels: - app: {{ template "kubeupdater.name" . }} - chart: {{ template "kubeupdater.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "kubeupdater.labels" . | nindent 4 }} rules: - apiGroups: - "" @@ -18,3 +16,4 @@ rules: verbs: - get - watch +{{- end }} diff --git a/charts/charts/kubeupdater/templates/kubeupdater-rolebinding.yaml b/charts/charts/kubeupdater/templates/node-rolebinding.yaml similarity index 53% rename from charts/charts/kubeupdater/templates/kubeupdater-rolebinding.yaml rename to charts/charts/kubeupdater/templates/node-rolebinding.yaml index 1daf640..65cc764 100644 --- a/charts/charts/kubeupdater/templates/kubeupdater-rolebinding.yaml +++ b/charts/charts/kubeupdater/templates/node-rolebinding.yaml @@ -1,18 +1,17 @@ +{{- if .Values.rbac.create }} apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: kubeupdater-node + name: {{ template "kubeupdater.fullname" . }}-node namespace: kube-system labels: - app: {{ template "kubeupdater.name" . }} - chart: {{ template "kubeupdater.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "kubeupdater.labels" . | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: kubeupdater-node + name: {{ template "kubeupdater.fullname" . }}-node subjects: - apiGroup: rbac.authorization.k8s.io kind: Group name: system:nodes +{{- end }} diff --git a/charts/charts/kubeupdater/templates/psp.yaml b/charts/charts/kubeupdater/templates/psp.yaml new file mode 100644 index 0000000..89cef22 --- /dev/null +++ b/charts/charts/kubeupdater/templates/psp.yaml @@ -0,0 +1,32 @@ +{{- if .Values.podSecurityPolicy.enabled }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "kubeupdater.fullname" . }} + labels: + {{- include "kubeupdater.labels" . | nindent 4 }} + annotations: + seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' +spec: + privileged: true + allowPrivilegeEscalation: true + allowedCapabilities: + - '*' + allowedHostPaths: + - pathPrefix: '/usr/bin' + readOnly: false + volumes: + - 'configMap' + - 'hostPath' + hostNetwork: true + hostIPC: true + hostPID: true + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'RunAsAny' + fsGroup: + rule: 'RunAsAny' +{{- end }} diff --git a/charts/charts/kubeupdater/templates/kubeupdater-configmap.yaml b/charts/charts/kubeupdater/templates/repo-configmap.yaml similarity index 75% rename from charts/charts/kubeupdater/templates/kubeupdater-configmap.yaml rename to charts/charts/kubeupdater/templates/repo-configmap.yaml index ebda4d4..fb636a5 100644 --- a/charts/charts/kubeupdater/templates/kubeupdater-configmap.yaml +++ b/charts/charts/kubeupdater/templates/repo-configmap.yaml @@ -4,10 +4,7 @@ metadata: name: kubeupdater namespace: kube-system labels: - app: {{ template "kubeupdater.name" . }} - chart: {{ template "kubeupdater.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "kubeupdater.labels" . | nindent 4 }} data: everything.repo: | {{- if hasKey .Values "rawConfig" }} diff --git a/charts/charts/kubeupdater/templates/role.yaml b/charts/charts/kubeupdater/templates/role.yaml index d7994d9..0a37818 100644 --- a/charts/charts/kubeupdater/templates/role.yaml +++ b/charts/charts/kubeupdater/templates/role.yaml @@ -1,19 +1,14 @@ -{{- if .Values.rbac.create -}} +{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled }} apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: Role metadata: name: {{ template "kubeupdater.fullname" . }} labels: - app: {{ template "kubeupdater.name" . }} - chart: {{ template "kubeupdater.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: unrestricted-psp -subjects: -- kind: ServiceAccount - name: {{ template "kubeupdater.fullname" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} + {{- include "kubeupdater.labels" . | nindent 4 }} +rules: +- apiGroups: ['policy'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "kubeupdater.fullname" . }} +{{- end }} diff --git a/charts/charts/kubeupdater/templates/rolebinding.yaml b/charts/charts/kubeupdater/templates/rolebinding.yaml new file mode 100644 index 0000000..bdc4bb6 --- /dev/null +++ b/charts/charts/kubeupdater/templates/rolebinding.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kubeupdater.fullname" . }} + labels: + {{- include "kubeupdater.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kubeupdater.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "kubeupdater.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/charts/kubeupdater/templates/serviceaccount.yaml b/charts/charts/kubeupdater/templates/serviceaccount.yaml index d526ff8..885c57c 100644 --- a/charts/charts/kubeupdater/templates/serviceaccount.yaml +++ b/charts/charts/kubeupdater/templates/serviceaccount.yaml @@ -1,11 +1,12 @@ -{{- if .Values.rbac.create -}} +{{- if .Values.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount metadata: + name: {{ template "kubeupdater.serviceAccountName" . }} labels: - app: {{ template "kubeupdater.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "kubeupdater.fullname" . }} -{{- end -}} + {{- include "kubeupdater.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/charts/kubeupdater/values.yaml b/charts/charts/kubeupdater/values.yaml index 542609f..d45a04d 100644 --- a/charts/charts/kubeupdater/values.yaml +++ b/charts/charts/kubeupdater/values.yaml @@ -14,9 +14,25 @@ image: tag: 3.11 pullPolicy: IfNotPresent +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + rbac: create: true +podSecurityPolicy: + enabled: true + resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little From b135f84ed47de202650800727a1ec00a7c370560 Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Tue, 30 Jun 2020 18:00:58 -0700 Subject: [PATCH 199/331] Fixed missing secret volume type --- charts/charts/kubeupdater/templates/psp.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/charts/kubeupdater/templates/psp.yaml b/charts/charts/kubeupdater/templates/psp.yaml index 89cef22..87dbad1 100644 --- a/charts/charts/kubeupdater/templates/psp.yaml +++ b/charts/charts/kubeupdater/templates/psp.yaml @@ -18,6 +18,7 @@ spec: volumes: - 'configMap' - 'hostPath' + - 'secret' hostNetwork: true hostIPC: true hostPID: true From 9a446c0c793ea63a000467a7b8adeaf14d2e15ab Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Wed, 1 Jul 2020 12:20:35 -0700 Subject: [PATCH 200/331] Bumped kubeupdater chart version --- charts/charts/kubeupdater/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/charts/kubeupdater/Chart.yaml b/charts/charts/kubeupdater/Chart.yaml index 32a80d3..d60708b 100644 --- a/charts/charts/kubeupdater/Chart.yaml +++ b/charts/charts/kubeupdater/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: A Helm chart for Kubernetes name: kubeupdater -version: 0.4.0 +version: 0.5.0 From 88a562c5d2e1bec803c52afcd68d7ac107ad8584 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Tue, 7 Jul 2020 13:27:01 -0700 Subject: [PATCH 201/331] Update gitlab-runner-operator Update the operator sdk to 0.16 and rework the operator to work with the newest upstream helm chart. Signed-off-by: Kevin Fox --- .../charts/gitlab-runner-operator/Chart.yaml | 4 +- .../charts/gitlab-runner-operator/README.md | 2 +- .../templates/deployment.yaml | 15 +-- containers/gitlab-runner-operator/Dockerfile | 22 ++-- containers/gitlab-runner-operator/buildenv | 2 +- containers/gitlab-runner-operator/chart.patch | 29 ----- ..._v1beta1_clustergitlabrunnerflavor_cr.yaml | 2 +- .../gitlab-runner-operator/requirements.yml | 3 + .../roles/gitlabrunner/tasks/main.yml | 116 +++++++++++------- 9 files changed, 96 insertions(+), 99 deletions(-) delete mode 100644 containers/gitlab-runner-operator/chart.patch create mode 100644 containers/gitlab-runner-operator/requirements.yml diff --git a/charts/charts/gitlab-runner-operator/Chart.yaml b/charts/charts/gitlab-runner-operator/Chart.yaml index 7926392..7a53f56 100644 --- a/charts/charts/gitlab-runner-operator/Chart.yaml +++ b/charts/charts/gitlab-runner-operator/Chart.yaml @@ -14,8 +14,8 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.1.2 +version: 0.1.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: 0.1.2-1 +appVersion: 0.1.3-1 diff --git a/charts/charts/gitlab-runner-operator/README.md b/charts/charts/gitlab-runner-operator/README.md index 876940d..d4b81fb 100644 --- a/charts/charts/gitlab-runner-operator/README.md +++ b/charts/charts/gitlab-runner-operator/README.md @@ -39,7 +39,7 @@ metadata: name: example spec: gitlabUrl: http://localhost:8080 - unregisterRunnersWhenSecret: true + unregisterRunners: true ``` To deploy a runner, you may do so like: diff --git a/charts/charts/gitlab-runner-operator/templates/deployment.yaml b/charts/charts/gitlab-runner-operator/templates/deployment.yaml index 1cac348..7b1e937 100644 --- a/charts/charts/gitlab-runner-operator/templates/deployment.yaml +++ b/charts/charts/gitlab-runner-operator/templates/deployment.yaml @@ -22,18 +22,7 @@ spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - - name: ansible - command: - - /usr/local/bin/ao-logs - - /tmp/ansible-operator/runner - - stdout - image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - volumeMounts: - - mountPath: /tmp/ansible-operator/runner - name: runner - readOnly: true - - name: operator + - name: main image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} volumeMounts: @@ -47,7 +36,7 @@ spec: - name: WATCH_NAMESPACE {{- if eq .Values.mode "cluster" }} value: "" -{{- else if eq .Values.mode "cluster" }} +{{- else if ne .Values.mode "cluster" }} valueFrom: fieldRef: fieldPath: metadata.namespace diff --git a/containers/gitlab-runner-operator/Dockerfile b/containers/gitlab-runner-operator/Dockerfile index 1975c6b..b5789c6 100644 --- a/containers/gitlab-runner-operator/Dockerfile +++ b/containers/gitlab-runner-operator/Dockerfile @@ -1,29 +1,37 @@ -FROM quay.io/operator-framework/ansible-operator:v0.13.0 +FROM quay.io/operator-framework/ansible-operator:v0.16.0 USER 0 -COPY chart.patch /chart.patch COPY volume.patch /volume.patch COPY watches.yaml ${HOME}/watches.yaml +COPY requirements.yml ${HOME}/requirements.yml COPY roles/ ${HOME}/roles/ RUN \ - yum install -y patch && \ + set -e && \ yum clean all && \ - curl -o /helm.tar.gz https://get.helm.sh/helm-v3.0.2-linux-amd64.tar.gz && \ + yum install -y git patch && \ + yum clean all && \ + curl -o /helm.tar.gz https://get.helm.sh/helm-v3.2.4-linux-amd64.tar.gz && \ tar -zxvf /helm.tar.gz && \ mv /linux-amd64/helm /usr/bin/helm && \ rm -f /helm.tar.gz && \ + ansible-galaxy collection install -r ${HOME}/requirements.yml && \ + chmod -R ug+rwx ${HOME}/.ansible && \ + helm plugin install https://github.com/databus23/helm-diff --version master && \ helm repo add gitlab https://charts.gitlab.io && \ + helm repo update && \ helm pull gitlab/gitlab-runner --untar && \ cd gitlab-runner && \ - patch -p1 < /chart.patch && \ + awk -F: '{if($1 == "version"){print $2}}' Chart.yaml | sed 's/ //g' && \ + echo Applying volume.patch && \ patch -p1 < /volume.patch && \ cd .. && \ - yum remove -y patch && \ + yum remove -y patch git && \ cd ${HOME} && \ find roles/ -type f -exec md5sum {} \; > /.extrafingerprints && \ - echo 0.1.2 >> /.extrafingerprints && \ + echo 0.1.3 >> /.extrafingerprints && \ + awk -F: '{if($1 == "version"){print $2}}' /gitlab-runner/Chart.yaml | sed 's/ //g' >> /.extrafingerprints && \ md5sum watches.yaml >> /.extrafingerprints USER 1001 diff --git a/containers/gitlab-runner-operator/buildenv b/containers/gitlab-runner-operator/buildenv index 397c88c..295463b 100644 --- a/containers/gitlab-runner-operator/buildenv +++ b/containers/gitlab-runner-operator/buildenv @@ -1 +1 @@ -export PREFIX=0.1.2 +export PREFIX=0.1.3 diff --git a/containers/gitlab-runner-operator/chart.patch b/containers/gitlab-runner-operator/chart.patch deleted file mode 100644 index 5cbda16..0000000 --- a/containers/gitlab-runner-operator/chart.patch +++ /dev/null @@ -1,29 +0,0 @@ -diff --git a/templates/deployment.yaml b/templates/deployment.yaml -index b3512a9..8494f76 100644 ---- a/templates/deployment.yaml -+++ b/templates/deployment.yaml -@@ -68,7 +68,7 @@ spec: - - name: {{ include "gitlab-runner.fullname" . }} - image: {{ include "gitlab-runner.image" . }} - imagePullPolicy: {{ default "" .Values.imagePullPolicy | quote }} -- {{- if and .Values.unregisterRunners .Values.runnerRegistrationToken }} -+ {{- if and .Values.unregisterRunners (or .Values.runnerRegistrationToken .Values.unregisterRunnersWhenSecret) }} - lifecycle: - preStop: - exec: -diff --git a/values.yaml b/values.yaml -index 7ece354..a4f77c6 100644 ---- a/values.yaml -+++ b/values.yaml -@@ -37,7 +37,11 @@ imagePullPolicy: IfNotPresent - ## non-existant runners. Un-registering the runner before termination mitigates this issue. - ## ref: https://docs.gitlab.com/runner/commands/README.html#gitlab-runner-unregister - ## -+## This only works when used with runnerRegistrationToken. If using an external secret -+## and want unregistration to work, also specify unregisterRunnersWhenSecret -+## - unregisterRunners: true -+unregisterRunnersWhenSecret: false - - ## When stopping ther runner, give it time to wait for it's jobs to terminate. - ## diff --git a/containers/gitlab-runner-operator/examples/miscscripts.pnnl.gov_v1beta1_clustergitlabrunnerflavor_cr.yaml b/containers/gitlab-runner-operator/examples/miscscripts.pnnl.gov_v1beta1_clustergitlabrunnerflavor_cr.yaml index a984a45..c8080db 100644 --- a/containers/gitlab-runner-operator/examples/miscscripts.pnnl.gov_v1beta1_clustergitlabrunnerflavor_cr.yaml +++ b/containers/gitlab-runner-operator/examples/miscscripts.pnnl.gov_v1beta1_clustergitlabrunnerflavor_cr.yaml @@ -4,4 +4,4 @@ metadata: name: example spec: gitlabUrl: http://localhost:8080 - unregisterRunnersWhenSecret: true + unregisterRunners: true diff --git a/containers/gitlab-runner-operator/requirements.yml b/containers/gitlab-runner-operator/requirements.yml new file mode 100644 index 0000000..d2af8e2 --- /dev/null +++ b/containers/gitlab-runner-operator/requirements.yml @@ -0,0 +1,3 @@ +collections: + - community.kubernetes + - operator_sdk.util diff --git a/containers/gitlab-runner-operator/roles/gitlabrunner/tasks/main.yml b/containers/gitlab-runner-operator/roles/gitlabrunner/tasks/main.yml index ef70722..0fb50f0 100644 --- a/containers/gitlab-runner-operator/roles/gitlabrunner/tasks/main.yml +++ b/containers/gitlab-runner-operator/roles/gitlabrunner/tasks/main.yml @@ -6,51 +6,77 @@ register: temp_filename - block: - - tempfile: - state: file - suffix: .yaml - register: temp_filename2 - - - block: - - copy: - content: "" - dest: "{{ temp_filename2.path }}" - - block: - - set_fact: - flavor: "{{ lookup('k8s', kind='ClusterGitlabRunnerFlavor', api_version='miscscripts.pnnl.gov/v1beta1', resource_name=_miscscripts_pnnl_gov_gitlabrunner_spec.flavorRef.name) }}" - no_log: True - - copy: - content: "{{ flavor.spec | to_yaml }}" - dest: "{{ temp_filename2.path }}" - no_log: True - when: - - _miscscripts_pnnl_gov_gitlabrunner_spec.flavorRef is defined - - _miscscripts_pnnl_gov_gitlabrunner_spec.flavorRef.kind == "ClusterGitlabRunnerFlavor" - - _miscscripts_pnnl_gov_gitlabrunner_spec.flavorRef.group == "miscscripts.pnnl.gov" - - copy: - content: "{{ _miscscripts_pnnl_gov_gitlabrunner_spec | to_yaml }}" - dest: "{{ temp_filename.path }}" - no_log: True - - - shell: "helm template --namespace {{ meta.namespace }} {{ meta.name }} /gitlab-runner/ -f {{ temp_filename2.path }} -f {{ temp_filename.path }}" - register: objs - no_log: True - - - copy: - content: "{{ objs.stdout }}" - dest: "{{ temp_filename.path }}" - no_log: True - - - k8s: - namespace: "{{ meta.namespace }}" - src: "{{ temp_filename.path }}" - state: present - no_log: True - - always: - - file: - path: "{{ temp_filename2.path }}" - state: absent + - name: Set initial defaults. They be overridden. + set_fact: + merged_values: {} + + - name: Load in Flavor values if referenced + block: + - name: Fetch referenced flavor + k8s_info: + api_version: miscscripts.pnnl.gov/v1beta1 + kind: ClusterGitlabRunnerFlavor + name: "{{ flavor_ref.name }}" + register: flavor + # Failures immediately trigger another reconciliation + failed_when: + - flavor.resources | length == 0 + - name: Merge in flavor values + set_fact: + merged_values: "{{ merged_values | combine(flavor.resources[0].spec, recursive=True) }}" + when: + - flavor_ref is defined + - flavor_ref.kind == "ClusterGitlabRunnerFlavor" + - flavor_ref.group == "miscscripts.pnnl.gov" + + - name: Set values from CR + set_fact: + merged_values: "{{ merged_values | combine(_miscscripts_pnnl_gov_gitlabrunner_spec, recursive=True) }}" + + - name: Set value for forced settings + set_fact: + overrides: {} + + - name: Compat setting for older CRD + set_fact: + unregister_overrides: + unregisterRunners: true + + - name: Compat with older CRD + set_fact: + overrides: "{{ overrides | combine(unregister_overrides, recursive=True) }}" + when: + - merged_values.unregisterRunnersWhenSecret is defined + - merged_values.unregisterRunnersWhenSecret == true + + - debug: + msg: unregisterRunnersWhenSecret is defined but deprecated. Please switch to unregisterRunners. + when: + - merged_values.unregisterRunnersWhenSecret is defined + + - name: Force overrides. + set_fact: + merged_values: "{{ merged_values | combine(overrides, recursive=True) }}" + + - copy: + content: "{{ merged_values | to_yaml }}" + dest: "{{ temp_filename.path }}" + no_log: True + + - shell: "helm template --namespace {{ meta.namespace }} {{ meta.name }} /gitlab-runner/ -f {{ temp_filename.path }}" + register: objs + no_log: True + + - copy: + content: "{{ objs.stdout }}" + dest: "{{ temp_filename.path }}" + no_log: True + + - k8s: + namespace: "{{ meta.namespace }}" + src: "{{ temp_filename.path }}" + state: present + no_log: True always: - file: From 3c73fc3e03d5f19977fda9edece5a21eb0ac6e11 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 9 Jul 2020 10:10:36 -0700 Subject: [PATCH 202/331] Initial stab at smartd exporter --- .travis.yml | 5 +++++ charts/image-library-charts/buildall | 2 +- containers/smartctl-exporter/Dockerfile | 18 ++++++++++++++++++ containers/smartctl-exporter/buildenv | 2 ++ .../smartctl-exporter/smartctl_exporter.yaml | 7 +++++++ 5 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 containers/smartctl-exporter/Dockerfile create mode 100644 containers/smartctl-exporter/buildenv create mode 100644 containers/smartctl-exporter/smartctl_exporter.yaml diff --git a/.travis.yml b/.travis.yml index c54936e..65de6a7 100644 --- a/.travis.yml +++ b/.travis.yml @@ -50,6 +50,11 @@ jobs: language: shell name: Build debug-toolbox container script: ./containers/build debug-toolbox + - stage: build + dist: xenial + language: shell + name: Build smartctl-exporter container + script: ./containers/build smartctl-exporter - stage: build before_install: &upgradedocker - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - diff --git a/charts/image-library-charts/buildall b/charts/image-library-charts/buildall index 192e2d8..c498ff4 100755 --- a/charts/image-library-charts/buildall +++ b/charts/image-library-charts/buildall @@ -20,7 +20,7 @@ cd image-library-charts mkdir -p tags CHANGE=0 -for CONTAINER in ipmitool ipmi-exporter dhcpd inotify-tools chronyd debug-toolbox anaconda-nginx k8s-node-image-nginx pixiecore; do +for CONTAINER in ipmitool ipmi-exporter dhcpd inotify-tools chronyd debug-toolbox anaconda-nginx k8s-node-image-nginx pixiecore smartctl-exporter; do case "$CONTAINER" in k8s-node-image-nginx) SUBBUILDS="1.15 1.16 1.17 1.18" diff --git a/containers/smartctl-exporter/Dockerfile b/containers/smartctl-exporter/Dockerfile new file mode 100644 index 0000000..1b0506e --- /dev/null +++ b/containers/smartctl-exporter/Dockerfile @@ -0,0 +1,18 @@ +FROM golang +RUN \ + wget -q -O /tmp/exporter.tar.gz https://github.com/Sheridan/smartctl_exporter/archive/smartctl_exporter_0.5.tar.gz && \ + tar -zxvf /tmp/exporter.tar.gz && \ + cd smartctl* && \ + export CGO_ENABLED=0 && \ + make && \ + make install && \ + mv bin/smartctl* /bin/smartctl_exporter + +FROM alpine +COPY --from=0 /bin/smartctl_exporter /bin/smartctl_exporter +RUN \ + apk add --no-cache --update smartmontools + +COPY smartctl_exporter.yaml /etc/smartctl_exporter.yaml + +CMD ["/bin/smartctl_exporter"] diff --git a/containers/smartctl-exporter/buildenv b/containers/smartctl-exporter/buildenv new file mode 100644 index 0000000..19770c7 --- /dev/null +++ b/containers/smartctl-exporter/buildenv @@ -0,0 +1,2 @@ +export PREFIX=0.5 +NEW_BUILD=1 diff --git a/containers/smartctl-exporter/smartctl_exporter.yaml b/containers/smartctl-exporter/smartctl_exporter.yaml new file mode 100644 index 0000000..e989e24 --- /dev/null +++ b/containers/smartctl-exporter/smartctl_exporter.yaml @@ -0,0 +1,7 @@ +smartctl_exporter: + bind_to: "localhost:9633" + url_path: "/metrics" + smartctl_location: /usr/sbin/smartctl + collect_not_more_than_period: 120s + devices: + - /dev/vda From b5cad15593b61b469106ff48f5a3466405ddac2d Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 9 Jul 2020 11:55:55 -0700 Subject: [PATCH 203/331] Add initial chart for smartctl-exporter. --- charts/charts/buildall | 2 +- charts/charts/smartctl-exporter/Chart.yaml | 5 ++ charts/charts/smartctl-exporter/README.md | 35 ++++++++++ .../smartctl-exporter/requirements.yaml | 4 ++ .../smartctl-exporter/templates/_helpers.tpl | 32 ++++++++++ .../templates/configmap.yaml | 13 ++++ .../templates/daemonset.yaml | 64 +++++++++++++++++++ .../templates/rolebinding.yaml | 19 ++++++ .../templates/serviceaccount.yaml | 11 ++++ charts/charts/smartctl-exporter/values.yaml | 37 +++++++++++ containers/smartctl-exporter/buildenv | 1 - 11 files changed, 221 insertions(+), 2 deletions(-) create mode 100644 charts/charts/smartctl-exporter/Chart.yaml create mode 100644 charts/charts/smartctl-exporter/README.md create mode 100644 charts/charts/smartctl-exporter/requirements.yaml create mode 100644 charts/charts/smartctl-exporter/templates/_helpers.tpl create mode 100644 charts/charts/smartctl-exporter/templates/configmap.yaml create mode 100644 charts/charts/smartctl-exporter/templates/daemonset.yaml create mode 100644 charts/charts/smartctl-exporter/templates/rolebinding.yaml create mode 100644 charts/charts/smartctl-exporter/templates/serviceaccount.yaml create mode 100644 charts/charts/smartctl-exporter/values.yaml diff --git a/charts/charts/buildall b/charts/charts/buildall index 9de4edd..9cc9ee1 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -36,7 +36,7 @@ for ver in 1-15 1-16 1-17 1-18; do done CHANGE=0 -for CHART in nginx-app console chronyd dhcpd ipmi-exporter kubeupdater k8s-node-image tenant-namespace pixiecore pixiecore-simpleconfig gitlab-runner-operator tenant-namespace-operator; do +for CHART in nginx-app console chronyd dhcpd ipmi-exporter kubeupdater k8s-node-image tenant-namespace pixiecore pixiecore-simpleconfig gitlab-runner-operator tenant-namespace-operator smartctl-exporter; do RAWCHART=$CHART case "$CHART" in k8s-node-image) diff --git a/charts/charts/smartctl-exporter/Chart.yaml b/charts/charts/smartctl-exporter/Chart.yaml new file mode 100644 index 0000000..1c4b47b --- /dev/null +++ b/charts/charts/smartctl-exporter/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "0.1.0" +description: SmartCTL Exporter for Kubernetes +name: smartctl-exporter +version: 0.1.0 diff --git a/charts/charts/smartctl-exporter/README.md b/charts/charts/smartctl-exporter/README.md new file mode 100644 index 0000000..3bc1d86 --- /dev/null +++ b/charts/charts/smartctl-exporter/README.md @@ -0,0 +1,35 @@ +# Chronyd + +The chronyd chart launches chronyd on each node of the cluster. + + +## Install Chart + +To install the Chart into your Kubernetes cluster : + +```bash +kubectl create namespace chronyd +helm upgrade --install --namespace "chronyd" chronyd pnnl-miscscripts/chronyd -f chronyd-values.yaml +``` + +After installation succeeds, you can get a status of Chart + +```bash +helm status "chronyd" +``` + +If you want to delete your Chart, use this command: + +```bash +helm delete --purge "chronyd" +``` + +### Chronyd configuration +Set your chronyd config like: +```yaml +config: | + pool pool.ntp.org iburst maxsources 3 + rtcsync + driftfile /var/lib/chrony/drift +``` + diff --git a/charts/charts/smartctl-exporter/requirements.yaml b/charts/charts/smartctl-exporter/requirements.yaml new file mode 100644 index 0000000..21278be --- /dev/null +++ b/charts/charts/smartctl-exporter/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: +- name: smartctl-exporter + version: 2.0.0 + repository: https://pnnl-miscscripts.github.io/image-library-charts/ diff --git a/charts/charts/smartctl-exporter/templates/_helpers.tpl b/charts/charts/smartctl-exporter/templates/_helpers.tpl new file mode 100644 index 0000000..040de78 --- /dev/null +++ b/charts/charts/smartctl-exporter/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "pnnlmiscscripts.smartctl-exporter.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "pnnlmiscscripts.smartctl-exporter.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "pnnlmiscscripts.smartctl-exporter.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/charts/smartctl-exporter/templates/configmap.yaml b/charts/charts/smartctl-exporter/templates/configmap.yaml new file mode 100644 index 0000000..d68bdbb --- /dev/null +++ b/charts/charts/smartctl-exporter/templates/configmap.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" . }} + labels: + app: {{ template "pnnlmiscscripts.smartctl-exporter.name" . }} + chart: {{ template "pnnlmiscscripts.smartctl-exporter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + smartctl_exporter.yaml: | + smartctl_exporter: +{{ toYaml .Values.config | indent 6 }} diff --git a/charts/charts/smartctl-exporter/templates/daemonset.yaml b/charts/charts/smartctl-exporter/templates/daemonset.yaml new file mode 100644 index 0000000..3a1acb8 --- /dev/null +++ b/charts/charts/smartctl-exporter/templates/daemonset.yaml @@ -0,0 +1,64 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" . }} + labels: + app: {{ template "pnnlmiscscripts.smartctl-exporter.name" . }} + chart: {{ template "pnnlmiscscripts.smartctl-exporter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + updateStrategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ template "pnnlmiscscripts.smartctl-exporter.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ template "pnnlmiscscripts.smartctl-exporter.name" . }} + release: {{ .Release.Name }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum | quote }} + spec: + containers: + - image: {{ dict "dot" . "section" .Values.image | include "pnnlmiscscripts.smartctl-exporter.image" }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + name: main + securityContext: + privileged: true + resources: +{{ toYaml .Values.resources | indent 10 }} + volumeMounts: + - mountPath: /hostdev + name: dev + - mountPath: /etc/smartctl_exporter.yaml + subPath: smartctl_exporter.yaml + name: config + dnsPolicy: ClusterFirst + hostNetwork: true + restartPolicy: Always + serviceAccountName: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" . }} + volumes: + - configMap: + name: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" . }} + name: config + - hostPath: + path: /dev + name: dev + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} diff --git a/charts/charts/smartctl-exporter/templates/rolebinding.yaml b/charts/charts/smartctl-exporter/templates/rolebinding.yaml new file mode 100644 index 0000000..7ac5265 --- /dev/null +++ b/charts/charts/smartctl-exporter/templates/rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" . }} + labels: + app: {{ template "pnnlmiscscripts.smartctl-exporter.name" . }} + chart: {{ template "pnnlmiscscripts.smartctl-exporter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Values.rbac.podSecurityPolicy }} +subjects: +- kind: ServiceAccount + name: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/charts/smartctl-exporter/templates/serviceaccount.yaml b/charts/charts/smartctl-exporter/templates/serviceaccount.yaml new file mode 100644 index 0000000..f849d2e --- /dev/null +++ b/charts/charts/smartctl-exporter/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if .Values.rbac.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" . }} + labels: + app: {{ template "pnnlmiscscripts.smartctl-exporter.name" . }} + chart: {{ template "pnnlmiscscripts.smartctl-exporter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- end }} diff --git a/charts/charts/smartctl-exporter/values.yaml b/charts/charts/smartctl-exporter/values.yaml new file mode 100644 index 0000000..62d731f --- /dev/null +++ b/charts/charts/smartctl-exporter/values.yaml @@ -0,0 +1,37 @@ +config: + bind_to: "0.0.0.0:9633" + url_path: "/metrics" + smartctl_location: /usr/sbin/smartctl + collect_not_more_than_period: 120s + devices: + - /dev/sda + +image: + pullPolicy: IfNotPresent + +rbac: + create: true + podSecurityPolicy: unrestricted-psp + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: +- key: CriticalAddonsOnly + operator: Exists +- operator: Exists +- effect: NoSchedule + key: node-role.kubernetes.io/master + +affinity: {} diff --git a/containers/smartctl-exporter/buildenv b/containers/smartctl-exporter/buildenv index 19770c7..80779d7 100644 --- a/containers/smartctl-exporter/buildenv +++ b/containers/smartctl-exporter/buildenv @@ -1,2 +1 @@ export PREFIX=0.5 -NEW_BUILD=1 From d80bf69a51eba34431f6a910e8293978249ab29e Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 9 Jul 2020 14:21:51 -0700 Subject: [PATCH 204/331] Add service monitor. Fix README. --- charts/charts/smartctl-exporter/Chart.yaml | 4 +-- charts/charts/smartctl-exporter/README.md | 24 +++++++------- .../templates/daemonset.yaml | 4 +++ .../smartctl-exporter/templates/service.yaml | 21 +++++++++++++ .../templates/servicemonitor.yaml | 31 +++++++++++++++++++ charts/charts/smartctl-exporter/values.yaml | 12 +++++++ 6 files changed, 82 insertions(+), 14 deletions(-) create mode 100644 charts/charts/smartctl-exporter/templates/service.yaml create mode 100644 charts/charts/smartctl-exporter/templates/servicemonitor.yaml diff --git a/charts/charts/smartctl-exporter/Chart.yaml b/charts/charts/smartctl-exporter/Chart.yaml index 1c4b47b..bcb89ca 100644 --- a/charts/charts/smartctl-exporter/Chart.yaml +++ b/charts/charts/smartctl-exporter/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: "0.1.0" +appVersion: "0.1.1" description: SmartCTL Exporter for Kubernetes name: smartctl-exporter -version: 0.1.0 +version: 0.1.1 diff --git a/charts/charts/smartctl-exporter/README.md b/charts/charts/smartctl-exporter/README.md index 3bc1d86..328fe05 100644 --- a/charts/charts/smartctl-exporter/README.md +++ b/charts/charts/smartctl-exporter/README.md @@ -1,35 +1,35 @@ -# Chronyd +# smartctl-exporter -The chronyd chart launches chronyd on each node of the cluster. +The smartctl-exporter chart launches smartctl-exporter on each node of the cluster. ## Install Chart -To install the Chart into your Kubernetes cluster : +To install the Chart into your Kubernetes cluster: ```bash -kubectl create namespace chronyd -helm upgrade --install --namespace "chronyd" chronyd pnnl-miscscripts/chronyd -f chronyd-values.yaml +kubectl create namespace smartctl-exporter +helm upgrade --install --namespace "smartctl-exporter" smartctl-exporter pnnl-miscscripts/smartctl-exporter -f smartctl-exporter-values.yaml ``` After installation succeeds, you can get a status of Chart ```bash -helm status "chronyd" +helm status "smartctl-exporter" ``` If you want to delete your Chart, use this command: ```bash -helm delete --purge "chronyd" +helm delete "smartctl-exporter" ``` ### Chronyd configuration -Set your chronyd config like: +Set your smartctl-exporter config like: ```yaml -config: | - pool pool.ntp.org iburst maxsources 3 - rtcsync - driftfile /var/lib/chrony/drift +config: + devices: + - /dev/sda + - /dev/sdb ``` diff --git a/charts/charts/smartctl-exporter/templates/daemonset.yaml b/charts/charts/smartctl-exporter/templates/daemonset.yaml index 3a1acb8..845f630 100644 --- a/charts/charts/smartctl-exporter/templates/daemonset.yaml +++ b/charts/charts/smartctl-exporter/templates/daemonset.yaml @@ -31,6 +31,10 @@ spec: name: main securityContext: privileged: true + ports: + - name: http + containerPort: 9633 + protocol: TCP resources: {{ toYaml .Values.resources | indent 10 }} volumeMounts: diff --git a/charts/charts/smartctl-exporter/templates/service.yaml b/charts/charts/smartctl-exporter/templates/service.yaml new file mode 100644 index 0000000..5de666a --- /dev/null +++ b/charts/charts/smartctl-exporter/templates/service.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" . }} + labels: + app: {{ template "pnnlmiscscripts.smartctl-exporter.name" . }} + chart: {{ template "pnnlmiscscripts.smartctl-exporter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + externalIPs: +{{ toYaml .Values.service.externalIPs | indent 4 }} + selector: + app: {{ template "pnnlmiscscripts.smartctl-exporter.name" . }} + release: {{ .Release.Name }} diff --git a/charts/charts/smartctl-exporter/templates/servicemonitor.yaml b/charts/charts/smartctl-exporter/templates/servicemonitor.yaml new file mode 100644 index 0000000..846051c --- /dev/null +++ b/charts/charts/smartctl-exporter/templates/servicemonitor.yaml @@ -0,0 +1,31 @@ +{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" . }} + labels: + app: {{ template "pnnlmiscscripts.smartctl-exporter.name" . }} + chart: {{ template "pnnlmiscscripts.smartctl-exporter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if ne (len .Values.serviceMonitor.extraLabels) 0 }} +{{ toYaml .Values.serviceMonitor.extraLabels | indent 4 }} +{{- end }} +{{- if hasKey .Values.serviceMonitor "namespace" }} + namespace: {{ .Values.serviceMonitor.namespace }} +{{- end }} +spec: + endpoints: + - interval: 60s + path: /metrics + port: http + scheme: http + scrapeTimeout: 30s + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + app: {{ template "pnnlmiscscripts.smartctl-exporter.name" . }} + release: {{ .Release.Name }} +{{- end }} diff --git a/charts/charts/smartctl-exporter/values.yaml b/charts/charts/smartctl-exporter/values.yaml index 62d731f..c6be88d 100644 --- a/charts/charts/smartctl-exporter/values.yaml +++ b/charts/charts/smartctl-exporter/values.yaml @@ -6,6 +6,14 @@ config: devices: - /dev/sda +serviceMonitor: + enabled: false + # Specify namespace to load the monitor if not in the same namespace + # namespace: prometheus-operator + # Add Extra labels if needed. Prometeus operator may need them to find it. + extraLabels: {} + # release: prometheus-operator + image: pullPolicy: IfNotPresent @@ -35,3 +43,7 @@ tolerations: key: node-role.kubernetes.io/master affinity: {} + +service: + type: ClusterIP + port: 80 From 31637afb02fe2a6d6de6204c89ea32739727bb43 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 3 Aug 2020 17:19:10 -0700 Subject: [PATCH 205/331] Add container for curl-jq, initial checkin of grafana misc dashboards. Add support for a gitlab runner CR to the tenant namespace chart. --- .travis.yml | 5 + charts/charts/buildall | 4 +- .../charts/grafana-misc-dashboards/Chart.yaml | 21 + .../grafana-misc-dashboards/files/ipmi.json | 669 +++++++++++ .../files/pvc-usage.json | 167 +++ .../files/utilization.json | 1053 +++++++++++++++++ .../templates/_helpers.tpl | 52 + .../templates/ipmi-configmap.yaml | 19 + .../templates/pvc-usage-configmap.yaml | 19 + .../templates/utilization-configmap.yaml | 19 + .../grafana-misc-dashboards/values.yaml | 17 + charts/charts/tenant-namespace/Chart.yaml | 2 +- .../templates/gitlabrunner.yaml | 14 + charts/charts/tenant-namespace/values.yaml | 4 + containers/curl-jq/Dockerfile | 7 + containers/curl-jq/buildenv | 2 + 16 files changed, 2071 insertions(+), 3 deletions(-) create mode 100644 charts/charts/grafana-misc-dashboards/Chart.yaml create mode 100644 charts/charts/grafana-misc-dashboards/files/ipmi.json create mode 100644 charts/charts/grafana-misc-dashboards/files/pvc-usage.json create mode 100644 charts/charts/grafana-misc-dashboards/files/utilization.json create mode 100644 charts/charts/grafana-misc-dashboards/templates/_helpers.tpl create mode 100644 charts/charts/grafana-misc-dashboards/templates/ipmi-configmap.yaml create mode 100644 charts/charts/grafana-misc-dashboards/templates/pvc-usage-configmap.yaml create mode 100644 charts/charts/grafana-misc-dashboards/templates/utilization-configmap.yaml create mode 100644 charts/charts/grafana-misc-dashboards/values.yaml create mode 100644 charts/charts/tenant-namespace/templates/gitlabrunner.yaml create mode 100644 containers/curl-jq/Dockerfile create mode 100644 containers/curl-jq/buildenv diff --git a/.travis.yml b/.travis.yml index 65de6a7..d4114b8 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,5 +1,10 @@ jobs: include: + - stage: build + dist: xenial + language: shell + name: Build curl-jq container + script: ./containers/build curl-jq - stage: build dist: xenial language: shell diff --git a/charts/charts/buildall b/charts/charts/buildall index 9cc9ee1..9fd27d8 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -36,7 +36,7 @@ for ver in 1-15 1-16 1-17 1-18; do done CHANGE=0 -for CHART in nginx-app console chronyd dhcpd ipmi-exporter kubeupdater k8s-node-image tenant-namespace pixiecore pixiecore-simpleconfig gitlab-runner-operator tenant-namespace-operator smartctl-exporter; do +for CHART in nginx-app console chronyd dhcpd ipmi-exporter kubeupdater k8s-node-image tenant-namespace pixiecore pixiecore-simpleconfig gitlab-runner-operator tenant-namespace-operator smartctl-exporter grafana-misc-dashboards; do RAWCHART=$CHART case "$CHART" in k8s-node-image) @@ -87,7 +87,7 @@ for CHART in nginx-app console chronyd dhcpd ipmi-exporter kubeupdater k8s-node- echo New version: $NEWVERSION sed -i "s/^version: .*/version: $NEWVERSION/" ../../$CHART/Chart.yaml if [ "$SUBBUILD" == "latest" ]; then - if [ "$CHART" != "gitlab-runner-operator" -a "$CHART" != "tenant-namespace-operator" -a "$CHART" != "kubeupdater" ]; then + if [ "$CHART" != "gitlab-runner-operator" -a "$CHART" != "tenant-namespace-operator" -a "$CHART" != "kubeupdater" -a "$CHART" != "grafana-misc-dashboards"]; then sed -i "s/^appVersion: .*/appVersion: $NEWVERSION/" ../../$CHART/Chart.yaml fi fi diff --git a/charts/charts/grafana-misc-dashboards/Chart.yaml b/charts/charts/grafana-misc-dashboards/Chart.yaml new file mode 100644 index 0000000..22759bb --- /dev/null +++ b/charts/charts/grafana-misc-dashboards/Chart.yaml @@ -0,0 +1,21 @@ +apiVersion: v2 +name: grafana-misc-dashboards +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +version: 0.3.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. +appVersion: 0.3.0 diff --git a/charts/charts/grafana-misc-dashboards/files/ipmi.json b/charts/charts/grafana-misc-dashboards/files/ipmi.json new file mode 100644 index 0000000..dcba663 --- /dev/null +++ b/charts/charts/grafana-misc-dashboards/files/ipmi.json @@ -0,0 +1,669 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 26, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "interval": "", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "{__name__=~\"ipmi_.*_state\", type != \"Entity Presence\", name != \"TPM Presence\"} == 2", + "hide": false, + "legendFormat": "{{ instance }} {{ __name__ }}", + "refId": "A" + }, + { + "expr": "{__name__=~\"ipmi_.*_state\", __name__ != \"ipmi_chassis_power_state\"} == 1", + "hide": false, + "legendFormat": "{{ instance }}", + "refId": "B" + }, + { + "expr": "up{job=\"ipmi-exporter\"} < 1", + "legendFormat": "{{ instance }}", + "refId": "C" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "IPMI Problems", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "cacheTimeout": null, + "columns": [], + "datasource": null, + "fontSize": "100%", + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 0 + }, + "id": 10, + "links": [], + "options": {}, + "pageSize": null, + "pluginVersion": "6.5.2", + "showHeader": true, + "sort": { + "col": 0, + "desc": true + }, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "date" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "decimals": 2, + "pattern": "/.*/", + "thresholds": [], + "type": "number", + "unit": "short" + } + ], + "targets": [ + { + "expr": "ipmi_up != 1", + "instant": false, + "legendFormat": "{{ collector }}: {{ instance }}", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Collectors not collecting", + "transform": "timeseries_aggregations", + "type": "table" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fill": 1, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 8 + }, + "hiddenSeries": false, + "id": 12, + "interval": "", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "rate(node_edac_uncorrectable_errors_total[1m])", + "legendFormat": "Uncorrectable: {{ instance }}", + "refId": "A" + }, + { + "expr": "rate(node_edac_correctable_errors_total[1m])", + "legendFormat": "Correctable: {{ instance }}", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory ECC Errors", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 8 + }, + "hiddenSeries": false, + "id": 14, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + {} + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "(ipmi_temperature_celsius * 9/5) + 32", + "hide": false, + "legendFormat": "{{ instance }} - {{ name }}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Temperature", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "fahrenheit", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 16 + }, + "hiddenSeries": false, + "id": 6, + "interval": "", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "/SLOW.*/", + "color": "#C4162A", + "zindex": 3 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "avg without(pod)(ipmi_fan_speed_rpm) > 1500", + "hide": false, + "legendFormat": "{{ instance }} {{ name }}", + "refId": "A" + }, + { + "expr": "avg without(pod)(ipmi_fan_speed_rpm) <= 1500", + "legendFormat": "SLOW {{ instance}} {{name}}", + "refId": "B" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Fan Speeds", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "short", + "label": "RPM", + "logBase": 1, + "max": null, + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 16 + }, + "hiddenSeries": false, + "id": 4, + "interval": "", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "avg without(pod)(ipmi_dcmi_power_consumption_watts)", + "legendFormat": "{{ instance }}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Power in Watts", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "watt", + "label": null, + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 24 + }, + "hiddenSeries": false, + "id": 8, + "interval": "", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "avg without(pod) (ipmi_sel_free_space_bytes)", + "legendFormat": "{{ instance }}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "SEL Log free space", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "decbytes", + "label": "", + "logBase": 1, + "max": null, + "min": "0", + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "schemaVersion": 21, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-24h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Hardware", + "uid": "mlHx1iWGk", + "version": 7 +} diff --git a/charts/charts/grafana-misc-dashboards/files/pvc-usage.json b/charts/charts/grafana-misc-dashboards/files/pvc-usage.json new file mode 100644 index 0000000..47bb7a8 --- /dev/null +++ b/charts/charts/grafana-misc-dashboards/files/pvc-usage.json @@ -0,0 +1,167 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 33, + "iteration": 1595539648117, + "links": [], + "panels": [ + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": null, + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 14, + "w": 24, + "x": 0, + "y": 0 + }, + "hiddenSeries": false, + "id": 2, + "interval": "", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "nullPointMode": "null", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 2, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "((kubelet_volume_stats_capacity_bytes{job=\"kubelet\",metrics_path=\"/metrics\",namespace=\"$namespace\"} - kubelet_volume_stats_available_bytes{job=\"kubelet\",metrics_path=\"/metrics\",namespace=\"$namespace\"})\n / kubelet_volume_stats_capacity_bytes{job=\"kubelet\",metrics_path=\"/metrics\",namespace=\"$namespace\"})", + "legendFormat": "{{ namespace }} - {{ persistentvolumeclaim }}", + "refId": "A" + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Percent of Persistent Volume Used", + "tooltip": { + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "decimals": null, + "format": "percentunit", + "label": null, + "logBase": 1, + "max": "1", + "min": null, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": true + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + } + ], + "refresh": false, + "schemaVersion": 21, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "allValue": null, + "current": { + "text": "default", + "value": "default" + }, + "datasource": "Prometheus", + "definition": "label_values(kubelet_volume_stats_available_bytes, namespace)", + "hide": 0, + "includeAll": false, + "label": "Namespace", + "multi": false, + "name": "namespace", + "options": [], + "query": "label_values(kubelet_volume_stats_available_bytes, namespace)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-7d", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "Kubernetes / Persistent Volume Utilization (Namespace)", + "uid": "CRQi1zVMk", + "version": 2 +} diff --git a/charts/charts/grafana-misc-dashboards/files/utilization.json b/charts/charts/grafana-misc-dashboards/files/utilization.json new file mode 100644 index 0000000..bea91a1 --- /dev/null +++ b/charts/charts/grafana-misc-dashboards/files/utilization.json @@ -0,0 +1,1053 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": 31, + "iteration": 1593558747484, + "links": [], + "panels": [ + { + "cacheTimeout": null, + "columns": [ + { + "text": "Max", + "value": "max" + } + ], + "datasource": null, + "fontSize": "100%", + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 0 + }, + "id": 19, + "interval": "", + "links": [], + "options": {}, + "pageSize": null, + "pluginVersion": "6.5.2", + "showHeader": true, + "sort": { + "col": 0, + "desc": true + }, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "date" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "decimals": 3, + "pattern": "/.*/", + "thresholds": [], + "type": "number", + "unit": "short" + } + ], + "targets": [ + { + "expr": "max(node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}) by (container)", + "legendFormat": "{{ container }}", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "MAX CPU Utilization In Cores", + "transform": "timeseries_aggregations", + "type": "table" + }, + { + "cacheTimeout": null, + "columns": [ + { + "text": "Max", + "value": "max" + } + ], + "datasource": null, + "fontSize": "100%", + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 0 + }, + "id": 21, + "links": [], + "options": {}, + "pageSize": null, + "pluginVersion": "6.5.2", + "showHeader": true, + "sort": { + "col": 0, + "desc": true + }, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "date" + }, + { + "alias": "", + "colorMode": null, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "decimals": 2, + "pattern": "/.*/", + "thresholds": [], + "type": "number", + "unit": "decbytes" + } + ], + "targets": [ + { + "expr": "max(container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}) by (container)", + "legendFormat": "{{container}}", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "MAX Memory Utilization", + "transform": "timeseries_aggregations", + "type": "table" + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 8 + }, + "id": 14, + "panels": [], + "repeat": null, + "title": "CPU Usage", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 9 + }, + "hiddenSeries": false, + "id": 1, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null as zero", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{pod}}", + "legendLink": null, + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "CPU Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 16 + }, + "id": 15, + "panels": [], + "repeat": null, + "title": "CPU Quota", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "columns": [], + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fontSize": "100%", + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 17 + }, + "id": 2, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null as zero", + "options": {}, + "pageSize": null, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "showHeader": true, + "sort": { + "col": 2, + "desc": true + }, + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "CPU Usage", + "colorMode": null, + "colors": [], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests", + "colorMode": null, + "colors": [], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Requests %", + "colorMode": null, + "colors": [], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "CPU Limits", + "colorMode": null, + "colors": [], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [], + "type": "number", + "unit": "short" + }, + { + "alias": "CPU Limits %", + "colorMode": null, + "colors": [], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTooltip": "Drill down", + "linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(\n node_namespace_pod_container:container_cpu_usage_seconds_total:sum_rate{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits_cpu_cores{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "CPU Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 24 + }, + "id": 16, + "panels": [], + "repeat": null, + "title": "Memory Usage", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 0, + "fillGradient": 0, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 25 + }, + "hiddenSeries": false, + "id": 3, + "interval": "", + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null as zero", + "options": { + "dataLinks": [] + }, + "percentage": false, + "pluginVersion": "6.5.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "expr": " container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}", + "format": "time_series", + "hide": false, + "intervalFactor": 2, + "legendFormat": "{{pod}} {{container}}", + "legendLink": null, + "refId": "A", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeRegions": [], + "timeShift": null, + "title": "Memory Usage", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ], + "yaxis": { + "align": false, + "alignLevel": null + } + }, + { + "collapsed": false, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 32 + }, + "id": 17, + "panels": [], + "repeat": null, + "title": "Memory Quota", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "columns": [], + "dashLength": 10, + "dashes": false, + "datasource": "$datasource", + "fill": 1, + "fontSize": "100%", + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 33 + }, + "id": 4, + "legend": { + "avg": false, + "current": false, + "max": false, + "min": false, + "show": true, + "total": false, + "values": false + }, + "lines": true, + "linewidth": 1, + "links": [], + "nullPointMode": "null as zero", + "options": {}, + "pageSize": null, + "percentage": false, + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "showHeader": true, + "sort": { + "col": 0, + "desc": true + }, + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "styles": [ + { + "alias": "Time", + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "pattern": "Time", + "type": "hidden" + }, + { + "alias": "Memory Usage", + "colorMode": null, + "colors": [], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #A", + "thresholds": [], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests", + "colorMode": null, + "colors": [], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #B", + "thresholds": [], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Requests %", + "colorMode": null, + "colors": [], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #C", + "thresholds": [], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Memory Limits", + "colorMode": null, + "colors": [], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #D", + "thresholds": [], + "type": "number", + "unit": "bytes" + }, + { + "alias": "Memory Limits %", + "colorMode": null, + "colors": [], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": false, + "linkTooltip": "Drill down", + "linkUrl": "", + "pattern": "Value #E", + "thresholds": [], + "type": "number", + "unit": "percentunit" + }, + { + "alias": "Pod", + "colorMode": null, + "colors": [], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "link": true, + "linkTooltip": "Drill down", + "linkUrl": "./d/6581e46e4e5c7ba40a07646395ef7b23/k8s-resources-pod?var-datasource=$datasource&var-cluster=$cluster&var-namespace=$namespace&var-pod=$__cell", + "pattern": "pod", + "thresholds": [], + "type": "number", + "unit": "short" + }, + { + "alias": "", + "colorMode": null, + "colors": [], + "dateFormat": "YYYY-MM-DD HH:mm:ss", + "decimals": 2, + "pattern": "/.*/", + "thresholds": [], + "type": "string", + "unit": "short" + } + ], + "targets": [ + { + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "A", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "B", + "step": 10 + }, + { + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_requests_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "C", + "step": 10 + }, + { + "expr": "sum(\n kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "D", + "step": 10 + }, + { + "expr": "sum(\n container_memory_working_set_bytes{cluster=\"$cluster\", namespace=\"$namespace\", container!=\"\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n/sum(\n kube_pod_container_resource_limits_memory_bytes{cluster=\"$cluster\", namespace=\"$namespace\"}\n * on(namespace,pod)\n group_left(workload, workload_type) mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\", workload_type=\"$type\"}\n) by (pod)\n", + "format": "table", + "instant": true, + "intervalFactor": 2, + "legendFormat": "", + "refId": "E", + "step": 10 + } + ], + "thresholds": [], + "timeFrom": null, + "timeShift": null, + "title": "Instantaneous Memory Quota", + "tooltip": { + "shared": false, + "sort": 0, + "value_type": "individual" + }, + "transform": "table", + "type": "table", + "xaxis": { + "buckets": null, + "mode": "time", + "name": null, + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": 0, + "show": true + }, + { + "format": "short", + "label": null, + "logBase": 1, + "max": null, + "min": null, + "show": false + } + ] + } + ], + "refresh": "", + "schemaVersion": 21, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "current": { + "selected": true, + "tags": [], + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "includeAll": false, + "label": null, + "multi": false, + "name": "datasource", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "allValue": null, + "current": { + "isNone": true, + "selected": false, + "text": "None", + "value": "" + }, + "datasource": "$datasource", + "definition": "", + "hide": 2, + "includeAll": false, + "label": "cluster", + "multi": false, + "name": "cluster", + "options": [], + "query": "label_values(kube_pod_info, cluster)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 2, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "tags": [], + "text": "kube-system", + "value": "kube-system" + }, + "datasource": "$datasource", + "definition": "", + "hide": 0, + "includeAll": false, + "label": "namespace", + "multi": false, + "name": "namespace", + "options": [], + "query": "label_values(kube_pod_info{cluster=\"$cluster\"}, namespace)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 2, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "tags": [], + "text": "canal", + "value": "canal" + }, + "datasource": "$datasource", + "definition": "", + "hide": 0, + "includeAll": false, + "label": "workload", + "multi": false, + "name": "workload", + "options": [], + "query": "label_values(mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\"}, workload)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 2, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": { + "text": "daemonset", + "value": "daemonset" + }, + "datasource": "$datasource", + "definition": "", + "hide": 0, + "includeAll": false, + "label": "type", + "multi": false, + "name": "type", + "options": [], + "query": "label_values(mixin_pod_workload{cluster=\"$cluster\", namespace=\"$namespace\", workload=\"$workload\"}, workload_type)", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 2, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "auto": false, + "auto_count": 30, + "auto_min": "10s", + "current": { + "selected": true, + "text": "4h", + "value": "4h" + }, + "datasource": "$datasource", + "hide": 2, + "includeAll": false, + "label": null, + "multi": false, + "name": "interval", + "options": [ + { + "selected": true, + "text": "4h", + "value": "4h" + } + ], + "query": "4h", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tags": [], + "tagsQuery": "", + "type": "interval", + "useTags": false + } + ] + }, + "time": { + "from": "now-3h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Kubernetes / Compute Resources / Utilization (Namespaced)", + "uid": "6LDZmMGMz", + "version": 4 +} diff --git a/charts/charts/grafana-misc-dashboards/templates/_helpers.tpl b/charts/charts/grafana-misc-dashboards/templates/_helpers.tpl new file mode 100644 index 0000000..8b0a6fd --- /dev/null +++ b/charts/charts/grafana-misc-dashboards/templates/_helpers.tpl @@ -0,0 +1,52 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "grafana-misc-dashboards.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "grafana-misc-dashboards.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "grafana-misc-dashboards.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "grafana-misc-dashboards.labels" -}} +helm.sh/chart: {{ include "grafana-misc-dashboards.chart" . }} +{{ include "grafana-misc-dashboards.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "grafana-misc-dashboards.selectorLabels" -}} +app.kubernetes.io/name: {{ include "grafana-misc-dashboards.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/charts/charts/grafana-misc-dashboards/templates/ipmi-configmap.yaml b/charts/charts/grafana-misc-dashboards/templates/ipmi-configmap.yaml new file mode 100644 index 0000000..735bb8d --- /dev/null +++ b/charts/charts/grafana-misc-dashboards/templates/ipmi-configmap.yaml @@ -0,0 +1,19 @@ +{{- if .Values.ipmi.enabled -}} +{{- $fullName := include "grafana-misc-dashboards.fullname" . -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "grafana-misc-dashboards.fullname" . }}-ipmi + labels: + {{- include "grafana-misc-dashboards.labels" . | nindent 4 }} + {{- with .Values.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.extraAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +data: + {{ include "grafana-misc-dashboards.fullname" . }}-ipmi.json: |- + {{- .Files.Get "files/ipmi.json" | nindent 4 }} +{{- end }} diff --git a/charts/charts/grafana-misc-dashboards/templates/pvc-usage-configmap.yaml b/charts/charts/grafana-misc-dashboards/templates/pvc-usage-configmap.yaml new file mode 100644 index 0000000..a1d45b1 --- /dev/null +++ b/charts/charts/grafana-misc-dashboards/templates/pvc-usage-configmap.yaml @@ -0,0 +1,19 @@ +{{- if .Values.pvcUsage.enabled -}} +{{- $fullName := include "grafana-misc-dashboards.fullname" . -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "grafana-misc-dashboards.fullname" . }}-pvc-usage + labels: + {{- include "grafana-misc-dashboards.labels" . | nindent 4 }} + {{- with .Values.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.extraAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +data: + {{ include "grafana-misc-dashboards.fullname" . }}-pvc-usage.json: |- + {{- .Files.Get "files/pvc-usage.json" | nindent 4 }} +{{- end }} diff --git a/charts/charts/grafana-misc-dashboards/templates/utilization-configmap.yaml b/charts/charts/grafana-misc-dashboards/templates/utilization-configmap.yaml new file mode 100644 index 0000000..fb839a9 --- /dev/null +++ b/charts/charts/grafana-misc-dashboards/templates/utilization-configmap.yaml @@ -0,0 +1,19 @@ +{{- if .Values.utilization.enabled -}} +{{- $fullName := include "grafana-misc-dashboards.fullname" . -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "grafana-misc-dashboards.fullname" . }}-utilization + labels: + {{- include "grafana-misc-dashboards.labels" . | nindent 4 }} + {{- with .Values.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.extraAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +data: + {{ include "grafana-misc-dashboards.fullname" . }}-utilization.json: |- + {{- .Files.Get "files/utilization.json" | nindent 4 }} +{{- end }} diff --git a/charts/charts/grafana-misc-dashboards/values.yaml b/charts/charts/grafana-misc-dashboards/values.yaml new file mode 100644 index 0000000..756e2d0 --- /dev/null +++ b/charts/charts/grafana-misc-dashboards/values.yaml @@ -0,0 +1,17 @@ +# Default values for grafana-misc-dashboards. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +utilization: + enabled: false +pvcUsage: + enabled: false +ipmi: + enabled: false + +nameOverride: "" +fullnameOverride: "" + +extraLabels: {} +# grafana_dashboard: "1" +extraAnnotations: {} diff --git a/charts/charts/tenant-namespace/Chart.yaml b/charts/charts/tenant-namespace/Chart.yaml index b3d8c52..6c68a65 100644 --- a/charts/charts/tenant-namespace/Chart.yaml +++ b/charts/charts/tenant-namespace/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: Chart for setting up a tenants namespace with all the goodies name: tenant-namespace -version: 0.7.4 +version: 0.7.5 diff --git a/charts/charts/tenant-namespace/templates/gitlabrunner.yaml b/charts/charts/tenant-namespace/templates/gitlabrunner.yaml new file mode 100644 index 0000000..96cf776 --- /dev/null +++ b/charts/charts/tenant-namespace/templates/gitlabrunner.yaml @@ -0,0 +1,14 @@ +{{- if .Values.gitlabRunner.enabled }} +apiVersion: miscscripts.pnnl.gov/v1beta1 +kind: GitlabRunner +metadata: + name: {{ .Values.gitlabRunner.name }} + namespace: {{ .Values.magicnamespace.namespace }} + labels: + app: {{ template "namespace.name" . }} + chart: {{ template "namespace.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: +{{ toYaml .Values.gitlabRunner.spec | indent 2 }} +{{- end }} diff --git a/charts/charts/tenant-namespace/values.yaml b/charts/charts/tenant-namespace/values.yaml index e3c71c5..e7ee143 100644 --- a/charts/charts/tenant-namespace/values.yaml +++ b/charts/charts/tenant-namespace/values.yaml @@ -111,3 +111,7 @@ limitRange: operatorGroup: enabled: false +gitlabRunner: + enabled: false + name: default + spec: {} diff --git a/containers/curl-jq/Dockerfile b/containers/curl-jq/Dockerfile new file mode 100644 index 0000000..cb789f1 --- /dev/null +++ b/containers/curl-jq/Dockerfile @@ -0,0 +1,7 @@ +FROM alpine:3.12 +MAINTAINER Kevin Fox + +RUN \ + apk add --no-cache --update curl jq bash + +ENTRYPOINT /bin/bash diff --git a/containers/curl-jq/buildenv b/containers/curl-jq/buildenv new file mode 100644 index 0000000..c77c6ad --- /dev/null +++ b/containers/curl-jq/buildenv @@ -0,0 +1,2 @@ +export AUTO_PREFIX=apk-version +export AUTO_PREFIX_PACKAGE=jq From b135793a634c2f5c4b734263f5b9fa793b33c708 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 12 Aug 2020 16:31:39 -0700 Subject: [PATCH 206/331] Add dryrun mode. Add management for gitlabRunner --- .../tenant-namespace-operator/Chart.yaml | 4 +- .../templates/deployment.yaml | 4 + .../tenant-namespace-operator/values.yaml | 3 + .../tenant-namespace-operator/Dockerfile | 2 +- containers/tenant-namespace-operator/buildenv | 2 +- .../roles/tenantnamespace/tasks/main.yml | 74 ++++++++++++++++++- 6 files changed, 82 insertions(+), 7 deletions(-) diff --git a/charts/charts/tenant-namespace-operator/Chart.yaml b/charts/charts/tenant-namespace-operator/Chart.yaml index 646ab56..0934995 100644 --- a/charts/charts/tenant-namespace-operator/Chart.yaml +++ b/charts/charts/tenant-namespace-operator/Chart.yaml @@ -14,8 +14,8 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.1.8 +version: 0.1.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: 0.1.6-1 +appVersion: 0.1.7-1 diff --git a/charts/charts/tenant-namespace-operator/templates/deployment.yaml b/charts/charts/tenant-namespace-operator/templates/deployment.yaml index dbb04dc..c9e0a6a 100644 --- a/charts/charts/tenant-namespace-operator/templates/deployment.yaml +++ b/charts/charts/tenant-namespace-operator/templates/deployment.yaml @@ -53,6 +53,10 @@ spec: value: {{ include "tenant-namespace-operator.serviceAccountName" . }} - name: NAMESPACE value: {{ .Release.Namespace }} +{{- if .Values.dryrun }} + - name: DRYRUN + value: "yes" +{{- end }} volumes: - name: runner emptyDir: {} diff --git a/charts/charts/tenant-namespace-operator/values.yaml b/charts/charts/tenant-namespace-operator/values.yaml index 60408d9..b79e1e1 100644 --- a/charts/charts/tenant-namespace-operator/values.yaml +++ b/charts/charts/tenant-namespace-operator/values.yaml @@ -10,6 +10,9 @@ rbac: replicaCount: 1 +# Set if the operator will only dryrun actions +dryrun: false + image: repository: pnnlmiscscripts/tenant-namespace-operator pullPolicy: IfNotPresent diff --git a/containers/tenant-namespace-operator/Dockerfile b/containers/tenant-namespace-operator/Dockerfile index 391f2e0..044192f 100644 --- a/containers/tenant-namespace-operator/Dockerfile +++ b/containers/tenant-namespace-operator/Dockerfile @@ -23,7 +23,7 @@ RUN \ chmod -R ug+rwx ${HOME}/.ansible && \ helm pull --repo https://pnnl-miscscripts.github.io/charts tenant-namespace --untar && \ find roles/ -type f -exec md5sum {} \; > /.extrafingerprints && \ - echo 0.1.6 >> /.extrafingerprints && \ + echo 0.1.7 >> /.extrafingerprints && \ md5sum watches.yaml >> /.extrafingerprints ENTRYPOINT ["/usr/local/bin/entrypoint", "--inject-owner-ref=false"] diff --git a/containers/tenant-namespace-operator/buildenv b/containers/tenant-namespace-operator/buildenv index ca01e3d..2dd1127 100644 --- a/containers/tenant-namespace-operator/buildenv +++ b/containers/tenant-namespace-operator/buildenv @@ -1 +1 @@ -export PREFIX=0.1.6 +export PREFIX=0.1.7 diff --git a/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml index f1614ff..39fa092 100644 --- a/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml +++ b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml @@ -1,6 +1,10 @@ --- # tasks file for tenantnamespace +- name: Set dryrun value + set_fact: + dryrun: "{{ lookup('env','DRYRUN') | default('False') | bool }}" + - name: Create the k8s admin namespace k8s: state: present @@ -12,6 +16,8 @@ labels: name: "{{ meta.name }}-admin" miscscripts.pnnl.gov/namespace-type: admin + when: + - not dryrun - name: Set initial defaults. They be overridden. set_fact: @@ -19,6 +25,10 @@ magicnamespace: tiller: enabled: false + gitlabRunner: + autoSetNamespaceAndTags: true + spec: + runners: {} - name: Load in Flavor values if referenced block: - name: Fetch referenced flavor @@ -37,6 +47,24 @@ - flavor_ref is defined - flavor_ref.kind == "TenantNamespaceFlavor" - flavor_ref.group == "miscscripts.pnnl.gov" +- name: Set values from CR + set_fact: + merged_values: "{{ merged_values | combine(_miscscripts_pnnl_gov_tenantnamespace_spec, recursive=True) }}" + +- name: Setup gitlabRunner if needed + set_fact: + gitlabrunnerconfig: + gitlabRunner: + spec: + runners: + namespace: "{{ meta.name }}" + tags: "{{ (merged_values.gitlabRunner.spec.runners.tags | default([]) + [meta.name]) | unique | list }}" + when: + - merged_values.gitlabRunner.autoSetNamespaceAndTags +- name: Merge gitlabRunner values + set_fact: + merged_values: "{{ merged_values | combine(gitlabrunnerconfig, recursive=True) }}" + - name: Set value for forced settings set_fact: overrides: @@ -47,9 +75,6 @@ controller: scope: namespace: "{{ meta.name }}" -- name: Set values from CR - set_fact: - merged_values: "{{ merged_values | combine(_miscscripts_pnnl_gov_tenantnamespace_spec, recursive=True) }}" - name: Force namespace settings. Can not be overridden. set_fact: merged_values: "{{ merged_values | combine(overrides, recursive=True) }}" @@ -62,6 +87,47 @@ chart_ref: ${HOME}/tenant-namespace values: "{{ merged_values }}" register: objs + when: + - not dryrun + +- name: Set diff + set_fact: + differ: "" + +- name: Dry Run Helm + block: + - name: Make temp file + tempfile: + state: file + suffix: .yaml + register: temp_filename + - name: Copy values to temp file + copy: + content: "{{ merged_values | to_yaml }}" + dest: "{{ temp_filename.path }}" + no_log: True + - name: Do dry run of helm + shell: "helm diff upgrade --install --detailed-exitcode --namespace {{ meta.name }}-admin {{ meta.name }} ${HOME}/tenant-namespace -f {{ temp_filename.path }}" + register: diffhelm + ignore_errors: yes + no_log: True + - name: Set diff + set_fact: + differ: "{{ diffhelm.stdout }}\n" + - name: Remove temp file + file: + path: "{{ temp_filename.path }}" + state: absent + when: + - dryrun + +- k8s_status: + api_version: miscscripts.pnnl.gov/v1beta1 + kind: TenantNamespace + name: "{{ meta.name }}" + namespace: "{{ meta.namespace }}" + status: + diff: "{{ differ | b64encode }}" - name: Create the k8s user namespace k8s: @@ -74,4 +140,6 @@ labels: name: "{{ meta.name }}" miscscripts.pnnl.gov/namespace-type: user + when: + - not dryrun From 77472e0035efe4e6a1b3a8a082d36135b0ed0ef1 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 12 Aug 2020 17:04:12 -0700 Subject: [PATCH 207/331] Import magic-namespace so it doesn't go away. --- charts/charts/buildall | 4 +- charts/charts/magic-namespace/Chart.yaml | 12 ++ charts/charts/magic-namespace/LICENSE | 202 ++++++++++++++++++ charts/charts/magic-namespace/README.md | 158 ++++++++++++++ .../magic-namespace/templates/NOTES.txt | 26 +++ .../magic-namespace/templates/_helpers.tpl | 43 ++++ .../magic-namespace/templates/namespace.yaml | 9 + .../templates/rolebindings.yaml | 22 ++ .../magic-namespace/templates/secret.yaml | 19 ++ .../templates/serviceaccounts.yaml | 15 ++ .../templates/tiller-deployment.yaml | 118 ++++++++++ .../templates/tiller-rolebinding.yaml | 28 +++ .../templates/tiller-service.yaml | 25 +++ .../templates/tiller-serviceaccount.yaml | 15 ++ charts/charts/magic-namespace/values.yaml | 106 +++++++++ 15 files changed, 800 insertions(+), 2 deletions(-) create mode 100755 charts/charts/magic-namespace/Chart.yaml create mode 100644 charts/charts/magic-namespace/LICENSE create mode 100755 charts/charts/magic-namespace/README.md create mode 100755 charts/charts/magic-namespace/templates/NOTES.txt create mode 100755 charts/charts/magic-namespace/templates/_helpers.tpl create mode 100755 charts/charts/magic-namespace/templates/namespace.yaml create mode 100755 charts/charts/magic-namespace/templates/rolebindings.yaml create mode 100755 charts/charts/magic-namespace/templates/secret.yaml create mode 100755 charts/charts/magic-namespace/templates/serviceaccounts.yaml create mode 100755 charts/charts/magic-namespace/templates/tiller-deployment.yaml create mode 100755 charts/charts/magic-namespace/templates/tiller-rolebinding.yaml create mode 100755 charts/charts/magic-namespace/templates/tiller-service.yaml create mode 100755 charts/charts/magic-namespace/templates/tiller-serviceaccount.yaml create mode 100755 charts/charts/magic-namespace/values.yaml diff --git a/charts/charts/buildall b/charts/charts/buildall index 9fd27d8..1d91776 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -36,7 +36,7 @@ for ver in 1-15 1-16 1-17 1-18; do done CHANGE=0 -for CHART in nginx-app console chronyd dhcpd ipmi-exporter kubeupdater k8s-node-image tenant-namespace pixiecore pixiecore-simpleconfig gitlab-runner-operator tenant-namespace-operator smartctl-exporter grafana-misc-dashboards; do +for CHART in nginx-app console chronyd dhcpd ipmi-exporter kubeupdater k8s-node-image tenant-namespace pixiecore pixiecore-simpleconfig gitlab-runner-operator tenant-namespace-operator smartctl-exporter grafana-misc-dashboards magic-namespace; do RAWCHART=$CHART case "$CHART" in k8s-node-image) @@ -87,7 +87,7 @@ for CHART in nginx-app console chronyd dhcpd ipmi-exporter kubeupdater k8s-node- echo New version: $NEWVERSION sed -i "s/^version: .*/version: $NEWVERSION/" ../../$CHART/Chart.yaml if [ "$SUBBUILD" == "latest" ]; then - if [ "$CHART" != "gitlab-runner-operator" -a "$CHART" != "tenant-namespace-operator" -a "$CHART" != "kubeupdater" -a "$CHART" != "grafana-misc-dashboards"]; then + if [ "$CHART" != "gitlab-runner-operator" -a "$CHART" != "tenant-namespace-operator" -a "$CHART" != "kubeupdater" -a "$CHART" != "grafana-misc-dashboards" -a "$CHART" != "magic-namespace" ]; then sed -i "s/^appVersion: .*/appVersion: $NEWVERSION/" ../../$CHART/Chart.yaml fi fi diff --git a/charts/charts/magic-namespace/Chart.yaml b/charts/charts/magic-namespace/Chart.yaml new file mode 100755 index 0000000..5a1f619 --- /dev/null +++ b/charts/charts/magic-namespace/Chart.yaml @@ -0,0 +1,12 @@ +# Copied from helm stable repo. Maintainer switched. +apiVersion: v1 +appVersion: 2.8.1 +description: Elegantly enables a Tiller per namespace in RBAC-enabled clusters +home: https://github.com/kubernetes/charts/tree/master/stable/magic-namespace +maintainers: +- email: kevin.fox@pnnl.gov + name: kfox1111 +#- email: kent.rancourt@microsoft.com +# name: krancour +name: magic-namespace +version: 0.5.2 diff --git a/charts/charts/magic-namespace/LICENSE b/charts/charts/magic-namespace/LICENSE new file mode 100644 index 0000000..393b7a3 --- /dev/null +++ b/charts/charts/magic-namespace/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright The Helm Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/charts/charts/magic-namespace/README.md b/charts/charts/magic-namespace/README.md new file mode 100755 index 0000000..e3c10b9 --- /dev/null +++ b/charts/charts/magic-namespace/README.md @@ -0,0 +1,158 @@ +# Magic Namespace + +**Magic Namespace** provides an easy, comprehensive option for cluster operators +to manage namespaces and observe good security practices in _multi-tenant, +RBAC-enabled_ Kubernetes clusters. + +## Introduction + +So you've got a multi-tenant cluster? Let's assume your cluster is RBAC-enabled. +If it isn't, _go fix that first_. You're playing with fire. Until you fix that, +you don't need Magic Namespace. Go fix it. We'll wait... + +In a multi-tenant cluster, a cluster operator (someone with full, unrestricted +privileges across the entire cluster), will manage users, groups, service +accounts, roles, and user/group bindings to roles-- all to either permit or +prevent subjects from performing certain actions in different namespaces. + +A common paradigm that has emerged is that _teams_ are given their own namespace +and some degree of latitude to administer that namespace, whilst not being +permitted to perform actions on _other teams'_ namespaces. + +Now bring Helm/Tiller into the equation. In an RBAC-enabled cluster, Tiller is +so often granted the `cluster-admin` role-- which gives it "root" access to the +entire cluster. While such a Tiller may be suitable for use by a cluster +operator, it's _not_ suitable for use by other teams, as it presents them with +an easy avenue for escalating their privileges. + +To compensate for this, a pattern that has emmerged to complement the +namespace-per-team pattern is the _tiller-per-namespace_ pattern. This has been +widely adopted in multi-tenant, RBAC-enabled clusters. Until now, cluster +operators have tended to create their own bespoke scripts for performing all +requisite setup to implement these patterns. + +Magic Namespace takes the pain out of this setup. It offers cluster operators an +easy, comprehensive avenue for using _their_ Tiller to manage namespaces, +service accounts, _other Tillers_, and role bindings for their consituent +teams. Magic Namespace permits cluster operators to manage all of this using +familiar Helm-based workflows. + +## How it Works + +By default, Magic Namespace creates a service account for Tiller in the +designated namespace and binds it to the `admin` role for that namespace. It +also creates a deployment that utilizes this service account. This can be +disabled or configured further, but the default behavior is sensible. In fact, +the defaults _closes_ a variety of known Tiller-based attack vectors. + +Magic Namespace also offers cluster operators to define additional service +accounts and role bindings for use within the namespace. _Typically, it would +be a good idea to define at least one role binding that grants a user or group +administrative privileges in the namespace._ Absent this, the namespace's own +Tiller will function, but no user (other than the cluster operator) will be +capable of interacting with it via Helm. + +## Prerequisites + +- A Kubernetes cluster with RBAC enabled + +## Installing the Chart + +To install the chart to create the `foo` namespace (if it doesn't already exist) +and useful resources (Tiller, service accounts, etc.) within that namespace: + +```bash +$ helm install stable/magic-namespace --name foo --namespace foo +``` + +Typically, you will want to bind at least one user or group to the `admin` role +in this namespace. Here are steps to follow: + +First, make a copy of the default `values.yaml`: + +```bash +$ helm inspect values stable/magic-namespace > ~/my-values.yaml +``` + +Edit `~/my-values.yaml` accordingly. Here is a sample role binding: + +``` +... + +roleBindings: +- name: admin-group-admin + role: + ## Valid values are "Role" or "ClusterRole" + kind: ClusterRole + name: admin + subject: + ## Valid values are "User", "Group", or "ServiceAccount" + kind: Group + name: + +... +``` + +Deploy as follows: + +```bash +$ helm install stable/magic-namespace \ + --name foo \ + --namespace foo \ + --values ~/my-values.yaml +``` + +## Uninstalling the Chart + +Deleting a release of a Magic Namespace will _not_ delete the namespace, +unless you have used the optional ```namespace``` setting. It will +only delete the Tiller, service accounts, role bindings, etc. from that +namespace. This is actually desirable behavior, as anything the team has +deployed within that namespace is likely to be unaffected, though further +deployments to and management of that namespace will not be possible by anyone +other than the cluster operator. + +If you have used the ```namespace``` setting, deleting the release will cleanup +all releases deployed with the tiller in the Magic Namespace, along with the +namespace. If other tillers, such as the one in ```kube-system``` have +deployed charts into the Magic Namespace, they will get orphaned when the namespace is +removed, but they can still be removed with the standard ```helm delete --purge``` command. + +```bash +$ helm delete foo --purge +``` + +## Configuration + +The following table lists the most common, useful, and interesting configuration +parameters of the Magic Namespace chart and their default values. Please +reference the default `values.yaml` to understand further options. + +| Parameter | Description | Default | +|-----------|-------------|---------| +| `tiller.enabled` | Whether to include a Tiller in the namespace | `true` | +| `tiller.replicaCount` | The number of Tiller replicas to run | `1` | +| `tiller.image.repository` | The Docker image to use for Tiller, minus version/label | `gcr.io/kubernetes-helm/tiller` | +| `tiller.image.tag` | The specific version/label of the Docker image used for Tiller | `v2.8.1` | +| `tiller.image.pullPolicy` | The pull policy to utilize when pulling Tiller images from a Docker repsoitory | `IfNotPresent` | +| `tiller.maxHistory` | The maximum number of releases Tiller should remember. A value of `0` is interpreted as no limit. | `0` | +| `tiller.role.type` | Identify the kind of role (`Role` or `ClusterRole`) that will be referenced in the role binding for Tiller's service account. There is seldom any reason to override this. | `ClusterRole` | +| `tiller.role.type` | Identify the name of the `Role` or `ClusterRole` that will be referenced in the role binding for Tiller's service account. There is seldom any reason to override this. | `admin` | +| `tiller.includeService` | This deploys a service resource for Tiller. This is not generally needed. Please understand the security implications of this before overriding the default. | `false` | +| `tiller.onlyListenOnLocalhost` | This prevents Tiller from binding to `0.0.0.0`. This is generally advisable to close known Tiller-based attack vectors. Please understand the security implications of this before overriding the default. | `true` | +| `tiller.storage` | The storage driver for Tiller to use. One of `configmap`, `memory`, or `secret` | `configmap` | +| `tiller.tls.enabled` | Whether to enable TLS encryption between Helm and Tiller. Specify either `tiller.tls.secretName` to mount an existing secret, or `tiller.tls.ca`, `tiller.tls.cert` and `tiller.tls.key` to create a secret from Base64 provided values | `false` | +| `tiller.tls.verify` | Whether to verify a remote Tiller certificate. | `true` | +| `tiller.tls.secretName` | Mount an existing TLS secret into the Tiller container. The secret must include data keys: `ca.crt`, `tls.crt` and `tls.key` | `nil` | +| `tiller.tls.ca` | Base64 encoded string to mount ca.crt into the Tiller container. This value requires `tiller.tls.cert` and `tiller.tls.key` to also be set. | `nil` | +| `tiller.tls.cert` | Base64 encoded string to mount tls.cert into the Tiller container. This value requires `tiller.tls.ca and `tiller.tls.key` to also be set. | `nil` | +| `tiller.tls.key` | Base64 encoded string to mount tls.key into the Tiller container. This value requires `tiller.tls.ca` and `tiller.tls.cert` to also be set. | `nil` | +| `serviceAccounts` | An optional array of names of additional service account to create | `nil` | +| `roleBindings` | An optional array of objects that define role bindings | `nil` | +| `roleBindings[n].role.kind` | Identify the kind of role (`Role` or `ClusterRole`) to be used in the role binding | | +| `roleBindings[n].role.name` | Identify the name of the role to be used in the role binding | | +| `roleBindings[n].subject.kind` | Identify the kind of subject (`User`, `Group`, or `ServiceAccount` ) to be used in the role binding | | +| `roleBindings[n].subject.name` | Identify the name of the subject to be used in the role binding | | +| `namespace` | Specify a namespace to be created and used, overriding the one on the command line | | +| `namespaceAttributes.annotations` | Specify annotations to be attached to the namespace | | +| `namespaceAttributes.lables` | Specify labels to be attached to the namespace | | diff --git a/charts/charts/magic-namespace/templates/NOTES.txt b/charts/charts/magic-namespace/templates/NOTES.txt new file mode 100755 index 0000000..f084e3a --- /dev/null +++ b/charts/charts/magic-namespace/templates/NOTES.txt @@ -0,0 +1,26 @@ + +The namespace "{{ .Release.Namespace }}" has been created if it didn't already exist. + +{{ if or .Values.tiller.enabled .Values.serviceAccounts -}} +The following service accounts have been created in the namespace: +{{ if .Values.tiller.enabled }} + - tiller +{{- end }} +{{- range .Values.serviceAccounts }} + - {{ . }} +{{- end }} +{{ end }} +{{ if or .Values.tiller.enabled .Values.roleBindings -}} +The following role bindings have been created in the namespace: +{{ if .Values.tiller.enabled }} + - ServiceAccount[tiller] --> {{ .Values.tiller.role.kind }}[{{ .Values.tiller.role.name }}] +{{- end }} +{{- range .Values.roleBindings }} + - {{ .subject.kind }}[{{ .subject.name }}] --> {{ .role.kind }}[{{ .role.name }}] +{{- end }} +{{ end }} +{{ if .Values.tiller.enabled -}} +Utilize the Tiller in your new namespace like so: + + $ helm --tiller-namespace {{ .Release.Namespace }} +{{- end }} diff --git a/charts/charts/magic-namespace/templates/_helpers.tpl b/charts/charts/magic-namespace/templates/_helpers.tpl new file mode 100755 index 0000000..db7c4f3 --- /dev/null +++ b/charts/charts/magic-namespace/templates/_helpers.tpl @@ -0,0 +1,43 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "magic-namespace.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "magic-namespace.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "magic-namespace.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Allow a custom secretName to be defined +*/}} +{{- define "magic-namespace.tillerTlsSecret" -}} +{{- if .Values.tiller.tls.secretName -}} +{{- .Values.tiller.tls.secretName }} +{{- else -}} +{{- template "magic-namespace.fullname" . }}-tiller-secret +{{- end -}} +{{- end -}} diff --git a/charts/charts/magic-namespace/templates/namespace.yaml b/charts/charts/magic-namespace/templates/namespace.yaml new file mode 100755 index 0000000..01ba6ab --- /dev/null +++ b/charts/charts/magic-namespace/templates/namespace.yaml @@ -0,0 +1,9 @@ +{{- if hasKey .Values "namespace" }} +apiVersion: v1 +kind: Namespace +metadata: + name: {{ .Values.namespace }} + {{- if hasKey .Values "namespaceAttributes" }} +{{ toYaml .Values.namespaceAttributes | indent 2 }} + {{ end -}} +{{- end }} diff --git a/charts/charts/magic-namespace/templates/rolebindings.yaml b/charts/charts/magic-namespace/templates/rolebindings.yaml new file mode 100755 index 0000000..8e9524a --- /dev/null +++ b/charts/charts/magic-namespace/templates/rolebindings.yaml @@ -0,0 +1,22 @@ +{{- $values := .Values }} +{{- range .Values.roleBindings }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .name }} + {{- if hasKey $values "namespace" }} + namespace: {{ $values.namespace }} + {{- end }} + labels: + chart: {{ template "magic-namespace.chart" $ }} + release: {{ $.Release.Name }} + heritage: {{ $.Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: {{ .role.kind }} + name: {{ .role.name }} +subjects: +- kind: {{ .subject.kind }} + name: {{ .subject.name }} +{{- end }} diff --git a/charts/charts/magic-namespace/templates/secret.yaml b/charts/charts/magic-namespace/templates/secret.yaml new file mode 100755 index 0000000..808f366 --- /dev/null +++ b/charts/charts/magic-namespace/templates/secret.yaml @@ -0,0 +1,19 @@ +{{- if (and (.Values.tiller.tls.enabled) (not .Values.tiller.tls.secretName)) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "magic-namespace.tillerTlsSecret" . }} + {{- if hasKey .Values "namespace" }} + namespace: {{ .Values.namespace }} + {{- end }} + labels: + app: {{ template "magic-namespace.chart" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +type: Opaque +data: + ca.crt: {{ required "You need to populate .Values.tiller.tls.ca with a Base64 encoded CA" .Values.tiller.tls.ca }} + tls.crt: {{ required "You need to populate .Values.tiller.tls.cert with a Base64 encoded cert" .Values.tiller.tls.cert }} + tls.key: {{ required "You need to populate .Values.tiller.tls.key with a Base64 encoded key" .Values.tiller.tls.key}} +{{- end }} diff --git a/charts/charts/magic-namespace/templates/serviceaccounts.yaml b/charts/charts/magic-namespace/templates/serviceaccounts.yaml new file mode 100755 index 0000000..ba6b3e6 --- /dev/null +++ b/charts/charts/magic-namespace/templates/serviceaccounts.yaml @@ -0,0 +1,15 @@ +{{- $values := .Values }} +{{- range .Values.serviceAccounts }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ . }} + {{- if hasKey $values "namespace" }} + namespace: {{ $values.namespace }} + {{- end }} + labels: + chart: {{ template "magic-namespace.chart" $ }} + release: {{ $.Release.Name }} + heritage: {{ $.Release.Service }} +{{- end }} diff --git a/charts/charts/magic-namespace/templates/tiller-deployment.yaml b/charts/charts/magic-namespace/templates/tiller-deployment.yaml new file mode 100755 index 0000000..7002195 --- /dev/null +++ b/charts/charts/magic-namespace/templates/tiller-deployment.yaml @@ -0,0 +1,118 @@ +{{- if .Values.tiller.enabled }} +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: tiller-deploy + {{- if hasKey .Values "namespace" }} + namespace: {{ .Values.namespace }} + {{- end }} + labels: + app: helm + name: tiller + chart: {{ template "magic-namespace.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.tiller.replicaCount }} + selector: + matchLabels: + app: helm + name: tiller + release: {{ .Release.Name }} + template: + metadata: + labels: + app: helm + name: tiller + chart: {{ template "magic-namespace.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + spec: + serviceAccountName: tiller + containers: + - name: tiller + image: "{{ .Values.tiller.image.repository }}:{{ .Values.tiller.image.tag }}" + imagePullPolicy: {{ .Values.tiller.image.pullPolicy }} + env: + - name: TILLER_NAMESPACE + {{- if hasKey .Values "namespace" }} + value: {{ .Values.namespace }} + {{- else }} + value: {{ .Release.Namespace }} + {{- end }} + - name: TILLER_HISTORY_MAX + value: {{ quote .Values.tiller.maxHistory }} + {{- if .Values.tiller.tls.enabled }} + - name: TILLER_TLS_ENABLE + value: "1" + {{- if .Values.tiller.tls.verify }} + - name: TILLER_TLS_VERIFY + value: "1" + {{- end }} + - name: TILLER_TLS_CERTS + value: /etc/certs + {{- end }} + {{- if .Values.tiller.onlyListenOnLocalhost }} + command: + - "/tiller" + {{- if .Values.tiller.storage }} + - --storage={{ .Values.tiller.storage }} + {{- end }} + args: ["--listen=127.0.0.1:44134"] + {{- else }} + ports: + - containerPort: 44134 + name: tiller + protocol: TCP + - containerPort: 44135 + name: http + protocol: TCP + {{- end }} + livenessProbe: + failureThreshold: 3 + httpGet: + path: /liveness + port: 44135 + scheme: HTTP + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readiness + port: 44135 + scheme: HTTP + initialDelaySeconds: 1 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + volumeMounts: + {{- if .Values.tiller.tls.enabled }} + - mountPath: /etc/certs + name: tiller-certs + readOnly: true + {{- end }} + resources: +{{ toYaml .Values.tiller.resources | indent 12 }} + volumes: + {{- if .Values.tiller.tls.enabled }} + - name: tiller-certs + secret: + defaultMode: 0644 + secretName: {{ template "magic-namespace.tillerTlsSecret" . }} + {{- end }} + {{- with .Values.tiller.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tiller.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tiller.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} +{{- end }} diff --git a/charts/charts/magic-namespace/templates/tiller-rolebinding.yaml b/charts/charts/magic-namespace/templates/tiller-rolebinding.yaml new file mode 100755 index 0000000..6fb5971 --- /dev/null +++ b/charts/charts/magic-namespace/templates/tiller-rolebinding.yaml @@ -0,0 +1,28 @@ +{{- if .Values.tiller.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: tiller-{{ .Values.tiller.role.name }} + {{- if hasKey .Values "namespace" }} + namespace: {{ .Values.namespace }} + {{- end }} + labels: + app: helm + name: tiller + chart: {{ template "magic-namespace.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: {{ .Values.tiller.role.type }} + name: {{ .Values.tiller.role.name }} +subjects: +- kind: ServiceAccount + name: tiller + {{- if hasKey .Values "namespace" }} + namespace: {{ .Values.namespace }} + {{- else }} + namespace: {{ .Release.Namespace }} + {{- end }} + +{{- end }} diff --git a/charts/charts/magic-namespace/templates/tiller-service.yaml b/charts/charts/magic-namespace/templates/tiller-service.yaml new file mode 100755 index 0000000..681afb9 --- /dev/null +++ b/charts/charts/magic-namespace/templates/tiller-service.yaml @@ -0,0 +1,25 @@ +{{- if and .Values.tiller.enabled .Values.tiller.includeService }} +apiVersion: v1 +kind: Service +metadata: + name: tiller-deploy + {{- if hasKey .Values "namespace" }} + namespace: {{ .Values.namespace }} + {{- end }} + labels: + app: helm + name: tiller + chart: {{ template "magic-namespace.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: ClusterIP + selector: + app: helm + name: tiller + ports: + - name: tiller + port: 44134 + protocol: TCP + targetPort: tiller +{{- end }} diff --git a/charts/charts/magic-namespace/templates/tiller-serviceaccount.yaml b/charts/charts/magic-namespace/templates/tiller-serviceaccount.yaml new file mode 100755 index 0000000..2361e56 --- /dev/null +++ b/charts/charts/magic-namespace/templates/tiller-serviceaccount.yaml @@ -0,0 +1,15 @@ +{{- if .Values.tiller.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tiller + {{- if hasKey .Values "namespace" }} + namespace: {{ .Values.namespace }} + {{- end }} + labels: + app: helm + name: tiller + chart: {{ template "magic-namespace.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- end }} diff --git a/charts/charts/magic-namespace/values.yaml b/charts/charts/magic-namespace/values.yaml new file mode 100755 index 0000000..04690ae --- /dev/null +++ b/charts/charts/magic-namespace/values.yaml @@ -0,0 +1,106 @@ +## Default values for magic-namespace + +# Uncomment and set to override the namespace that will be created. +# namespace: default + +# Extra namespace attributes +# namespaceAttributes: + # Labels to be added to the namespace definition + # labels: {} + + # Annotations to be added to the namespace definition + # annotations: {} + +tiller: + enabled: true + + replicaCount: 1 + + image: + repository: gcr.io/kubernetes-helm/tiller + tag: v2.8.1 + pullPolicy: IfNotPresent + + maxHistory: 0 + + ## Storage driver to use. One of 'configmap', 'memory', or 'secret' + storage: configmap + + tls: + ## Enable TLS encryption between Helm and Tiller + enabled: false + + ## Verify remote certificate + verify: true + + ## A custom secret to mount instead of specifying Base64 Values below + secretName: "" + + ## Specify a Base64 encoded CA + # ca: "Zm9vCg==" + + ## Specify a Base64 encoded cert + # cert: "Zm9vCg==" + + ## Specify a Base64 encoded private key + # key: "Zm9vCg==" + + ## The following options specify the Role or ClusterRole to assign to the + ## tiller service account. The ClusterRole "admin" is usually pre-defined in + ## RBAC-enabled clusters and will allow administration of a namespace by + ## whatever users or ServiceAccounts are bound to it in that same namespace. + ## THERE IS SELDOM ANY REASON TO OVERRIDE THIS!!! + role: + ## Valid values are "Role" or "ClusterRole" + type: ClusterRole + name: admin + + ## Security options. The default values close known attack vectors. + ## ALTER THESE AT YOUR OWN RISK!!!! + + ## Note that these tight restrictions do NOT impede normal use of Helm. Helm + ## is always usable with any Tiller as long as the Helm user has permission to + ## tunnel into pods in that Tiller's namespace. + ## (Helm does this automatically.) + + ## Specify whether to include a service of type ClusterIP for Tiller + includeService: false + + ## Specify whether Tiller pods should listen to 0.0.0.0 or just localhost + onlyListenOnLocalhost: true + + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + nodeSelector: {} + + tolerations: [] + + affinity: {} + +## Optional additional ServiceAccounts +serviceAccounts: [] +# - some-service-account +# - another-service-account + +## Optional additional RoleBindings. It is a good idea to specify at least one +## to grant administrative permissions to a user or group. +# roleBindings: +# - name: admin-group-admin +# role: +# ## Valid values are "Role" or "ClusterRole" +# kind: ClusterRole +# name: admin +# subject: +# ## Valid values are "User", "Group", or "ServiceAccount" +# kind: Group +# name: From dd12f824cb51f6520ba5a23e374697e235500b43 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 20 Aug 2020 11:41:52 -0700 Subject: [PATCH 208/331] Add missing helm diff plugin back to the tenant-namespace-operator container. Fix when merged values happens. --- charts/charts/tenant-namespace-operator/Chart.yaml | 4 ++-- containers/tenant-namespace-operator/Dockerfile | 6 +++++- containers/tenant-namespace-operator/buildenv | 2 +- .../roles/tenantnamespace/tasks/main.yml | 4 ++-- 4 files changed, 10 insertions(+), 6 deletions(-) diff --git a/charts/charts/tenant-namespace-operator/Chart.yaml b/charts/charts/tenant-namespace-operator/Chart.yaml index 0934995..4b6deb5 100644 --- a/charts/charts/tenant-namespace-operator/Chart.yaml +++ b/charts/charts/tenant-namespace-operator/Chart.yaml @@ -14,8 +14,8 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.1.9 +version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: 0.1.7-1 +appVersion: 0.1.8-1 diff --git a/containers/tenant-namespace-operator/Dockerfile b/containers/tenant-namespace-operator/Dockerfile index 044192f..cd54766 100644 --- a/containers/tenant-namespace-operator/Dockerfile +++ b/containers/tenant-namespace-operator/Dockerfile @@ -3,6 +3,9 @@ FROM quay.io/operator-framework/ansible-operator:v0.17.0 ARG helm_version=v3.2.0 USER 0 RUN \ + yum clean all && \ + yum install -y git && \ + yum clean all && \ curl -o helm.tar.gz https://get.helm.sh/helm-${helm_version}-linux-amd64.tar.gz && \ tar -zxvf helm.tar.gz && \ mv linux-amd64/helm /usr/local/bin/helm && \ @@ -21,9 +24,10 @@ COPY roles/ ${HOME}/roles/ RUN \ ansible-galaxy collection install -r ${HOME}/requirements.yml && \ chmod -R ug+rwx ${HOME}/.ansible && \ + helm plugin install https://github.com/databus23/helm-diff --version master && \ helm pull --repo https://pnnl-miscscripts.github.io/charts tenant-namespace --untar && \ find roles/ -type f -exec md5sum {} \; > /.extrafingerprints && \ - echo 0.1.7 >> /.extrafingerprints && \ + echo 0.1.8 >> /.extrafingerprints && \ md5sum watches.yaml >> /.extrafingerprints ENTRYPOINT ["/usr/local/bin/entrypoint", "--inject-owner-ref=false"] diff --git a/containers/tenant-namespace-operator/buildenv b/containers/tenant-namespace-operator/buildenv index 2dd1127..b4013ae 100644 --- a/containers/tenant-namespace-operator/buildenv +++ b/containers/tenant-namespace-operator/buildenv @@ -1 +1 @@ -export PREFIX=0.1.7 +export PREFIX=0.1.8 diff --git a/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml index 39fa092..9d672db 100644 --- a/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml +++ b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml @@ -59,11 +59,11 @@ runners: namespace: "{{ meta.name }}" tags: "{{ (merged_values.gitlabRunner.spec.runners.tags | default([]) + [meta.name]) | unique | list }}" - when: - - merged_values.gitlabRunner.autoSetNamespaceAndTags - name: Merge gitlabRunner values set_fact: merged_values: "{{ merged_values | combine(gitlabrunnerconfig, recursive=True) }}" + when: + - merged_values.gitlabRunner.autoSetNamespaceAndTags - name: Set value for forced settings set_fact: From c65a8bf04c28622e9857af32081eb05c3461c0ce Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 18 Sep 2020 13:04:17 -0700 Subject: [PATCH 209/331] Let debug pods run on more nodes out of the box. Update api versions. --- bin/debug-host-pod | 4 ++++ bin/debug-normal-pod | 4 ++++ charts/charts/ipmi-exporter/Chart.yaml | 4 ++-- charts/charts/ipmi-exporter/templates/ingress.yaml | 4 +++- charts/charts/ipmi-exporter/values.yaml | 2 +- charts/charts/magic-namespace/Chart.yaml | 2 +- .../charts/magic-namespace/templates/tiller-deployment.yaml | 2 +- charts/charts/nginx-app/Chart.yaml | 2 +- charts/charts/nginx-app/templates/deployment.yaml | 2 +- 9 files changed, 18 insertions(+), 8 deletions(-) diff --git a/bin/debug-host-pod b/bin/debug-host-pod index 4b3950b..a7123a7 100755 --- a/bin/debug-host-pod +++ b/bin/debug-host-pod @@ -69,6 +69,10 @@ spec: - key: node-role.kubernetes.io/master operator: Exists effect: NoSchedule + - operator: Exists + effect: NoSchedule + - operator: Exists + effect: NoExecute volumes: - name: host hostPath: diff --git a/bin/debug-normal-pod b/bin/debug-normal-pod index 7ffa418..f60651d 100755 --- a/bin/debug-normal-pod +++ b/bin/debug-normal-pod @@ -61,5 +61,9 @@ spec: - effect: NoSchedule key: norun value: DoNotSchedulePods + - operator: Exists + effect: NoSchedule + - operator: Exists + effect: NoExecute EOF diff --git a/charts/charts/ipmi-exporter/Chart.yaml b/charts/charts/ipmi-exporter/Chart.yaml index 0829c15..12d75d3 100644 --- a/charts/charts/ipmi-exporter/Chart.yaml +++ b/charts/charts/ipmi-exporter/Chart.yaml @@ -14,8 +14,8 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.1.0 +version: 0.1.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: 0.1.0 +appVersion: 0.1.1 diff --git a/charts/charts/ipmi-exporter/templates/ingress.yaml b/charts/charts/ipmi-exporter/templates/ingress.yaml index f0c6217..74e884a 100644 --- a/charts/charts/ipmi-exporter/templates/ingress.yaml +++ b/charts/charts/ipmi-exporter/templates/ingress.yaml @@ -1,7 +1,9 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "pnnlmiscscripts.ipmi-exporter-full.fullname" . -}} {{- $svcPort := .Values.service.port -}} -{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} apiVersion: networking.k8s.io/v1beta1 {{- else -}} apiVersion: extensions/v1beta1 diff --git a/charts/charts/ipmi-exporter/values.yaml b/charts/charts/ipmi-exporter/values.yaml index 7e5a6f6..2df54da 100644 --- a/charts/charts/ipmi-exporter/values.yaml +++ b/charts/charts/ipmi-exporter/values.yaml @@ -60,7 +60,7 @@ ingress: # kubernetes.io/tls-acme: "true" hosts: - host: chart-example.local - paths: [] + paths: [/] tls: [] # - secretName: chart-example-tls # hosts: diff --git a/charts/charts/magic-namespace/Chart.yaml b/charts/charts/magic-namespace/Chart.yaml index 5a1f619..844d869 100755 --- a/charts/charts/magic-namespace/Chart.yaml +++ b/charts/charts/magic-namespace/Chart.yaml @@ -9,4 +9,4 @@ maintainers: #- email: kent.rancourt@microsoft.com # name: krancour name: magic-namespace -version: 0.5.2 +version: 0.5.3 diff --git a/charts/charts/magic-namespace/templates/tiller-deployment.yaml b/charts/charts/magic-namespace/templates/tiller-deployment.yaml index 7002195..f17da78 100755 --- a/charts/charts/magic-namespace/templates/tiller-deployment.yaml +++ b/charts/charts/magic-namespace/templates/tiller-deployment.yaml @@ -1,5 +1,5 @@ {{- if .Values.tiller.enabled }} -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: name: tiller-deploy diff --git a/charts/charts/nginx-app/Chart.yaml b/charts/charts/nginx-app/Chart.yaml index 443d620..d086bba 100644 --- a/charts/charts/nginx-app/Chart.yaml +++ b/charts/charts/nginx-app/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: A Simple Web service Chart name: nginx-app -version: 0.1.1 +version: 0.1.2 diff --git a/charts/charts/nginx-app/templates/deployment.yaml b/charts/charts/nginx-app/templates/deployment.yaml index e506fcf..17a5549 100644 --- a/charts/charts/nginx-app/templates/deployment.yaml +++ b/charts/charts/nginx-app/templates/deployment.yaml @@ -1,4 +1,4 @@ -apiVersion: apps/v1beta2 +apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "pnnlmiscscripts.nginx-app.fullname" . }} From 41bb68fb7e842600f3fe9782e8cfac36041324c3 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 25 Sep 2020 15:54:33 -0700 Subject: [PATCH 210/331] Add support for disabling quota or limitranges. --- charts/charts/tenant-namespace/Chart.yaml | 2 +- charts/charts/tenant-namespace/templates/limitrange.yaml | 5 ++++- charts/charts/tenant-namespace/templates/resourcequota.yaml | 2 ++ charts/charts/tenant-namespace/values.yaml | 2 ++ 4 files changed, 9 insertions(+), 2 deletions(-) diff --git a/charts/charts/tenant-namespace/Chart.yaml b/charts/charts/tenant-namespace/Chart.yaml index 6c68a65..2ce3122 100644 --- a/charts/charts/tenant-namespace/Chart.yaml +++ b/charts/charts/tenant-namespace/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: Chart for setting up a tenants namespace with all the goodies name: tenant-namespace -version: 0.7.5 +version: 0.7.6 diff --git a/charts/charts/tenant-namespace/templates/limitrange.yaml b/charts/charts/tenant-namespace/templates/limitrange.yaml index 9421469..21a8b15 100644 --- a/charts/charts/tenant-namespace/templates/limitrange.yaml +++ b/charts/charts/tenant-namespace/templates/limitrange.yaml @@ -1,3 +1,4 @@ +{{- if .Values.limitRange.enabled }} apiVersion: v1 kind: LimitRange metadata: @@ -9,4 +10,6 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: -{{ toYaml .Values.limitRange | indent 2 }} + limits: +{{ toYaml .Values.limitRange.limits | indent 4 }} +{{- end }} diff --git a/charts/charts/tenant-namespace/templates/resourcequota.yaml b/charts/charts/tenant-namespace/templates/resourcequota.yaml index d1e6767..a4e2092 100644 --- a/charts/charts/tenant-namespace/templates/resourcequota.yaml +++ b/charts/charts/tenant-namespace/templates/resourcequota.yaml @@ -1,3 +1,4 @@ +{{- if .Values.quota.enabled }} apiVersion: v1 kind: ResourceQuota metadata: @@ -18,3 +19,4 @@ spec: {{- range $key, $val := .Values.quota.extraQuota }} {{ $key }}: {{ $val | quote }} {{- end }} +{{- end }} diff --git a/charts/charts/tenant-namespace/values.yaml b/charts/charts/tenant-namespace/values.yaml index e7ee143..703486f 100644 --- a/charts/charts/tenant-namespace/values.yaml +++ b/charts/charts/tenant-namespace/values.yaml @@ -85,6 +85,7 @@ ingress: scope: true quota: + enabled: true pods: 10 limits: cpu: 10 @@ -99,6 +100,7 @@ quota: # foobar.storageclass.storage.k8s.io/persistentvolumeclaims: 5 limitRange: + enabled: true limits: - default: cpu: 1000m From ce4b8459445e453d6a6669c41b3cb92daf9e0b55 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 29 Oct 2020 07:30:45 -0700 Subject: [PATCH 211/331] Update stable url --- charts/charts/buildall | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/charts/buildall b/charts/charts/buildall index 1d91776..0bd9489 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -11,7 +11,7 @@ if [ "x$TRAVIS" != "x" ]; then curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 > get_helm.sh chmod 700 get_helm.sh ./get_helm.sh - helm repo add stable https://kubernetes-charts.storage.googleapis.com + helm repo add stable https://charts.helm.sh/stable fi mkdir -p charts/docs From 23d8d4ff8e3769b718f831f2fd3270b99639554e Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Wed, 2 Dec 2020 13:30:36 -0800 Subject: [PATCH 212/331] Updated tenant-namespace stable url --- charts/charts/tenant-namespace/requirements.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/charts/tenant-namespace/requirements.yaml b/charts/charts/tenant-namespace/requirements.yaml index 73294f3..fccdd5d 100644 --- a/charts/charts/tenant-namespace/requirements.yaml +++ b/charts/charts/tenant-namespace/requirements.yaml @@ -2,14 +2,14 @@ dependencies: - name: magic-namespace alias: adminmagicnamespace version: "0.5.2" - repository: "https://kubernetes-charts.storage.googleapis.com" + repository: "https://charts.helm.sh/stable" condition: adminmagicnamespace.enabled - name: magic-namespace alias: magicnamespace version: "0.5.2" - repository: "https://kubernetes-charts.storage.googleapis.com" + repository: "https://charts.helm.sh/stable" - name: nginx-ingress alias: ingress version: "1.34.2" - repository: "https://kubernetes-charts.storage.googleapis.com" + repository: "https://charts.helm.sh/stable" condition: ingress.nginx.enabled From 24e0efdae9a2c147b8b63790cd57a35250f82be1 Mon Sep 17 00:00:00 2001 From: Peter L Nordquist Date: Mon, 14 Dec 2020 10:39:00 -0800 Subject: [PATCH 213/331] GitHub Actions Workflow (#19) * Added test GH action * Added more containers * Setup buildx * Try without buildx action * Added signing config * Updated environment * Added proper secret references * Added all other steps from travis * Updated gpg secret usage * Added gpg key removal * Fixed missing Git author * Fixed environment checks for Github * Switched to helm 3 for image-library-charts buildall * Final fixes for workflow Updated cron job to 8AM UTC Added docker credentials Added node image builds for 1.19 and 1.20 Removed node image builds for 1.15 * Added git push token reference * Updated git user to the GitHub actions actor * Fixed issue with chart repo commits Changed to global user info --- .github/workflows/main.yml | 160 +++++++++++++++++++++++++++ charts/charts/buildall | 2 +- charts/image-library-charts/buildall | 6 +- 3 files changed, 164 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/main.yml diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 0000000..d1a25f0 --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,160 @@ +name: Build +on: + schedule: + - cron: '0 8 * * *' + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +jobs: + build: + runs-on: ubuntu-20.04 + env: + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} + GITHUB_LIBRARY_CHARTS_TOKEN: ${{ secrets.GITHUB_LIBRARY_CHARTS_TOKEN }} + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Build curl-jq container + run: ./containers/build curl-jq + - name: Build gitlab-runner-operator container + run: ./containers/build gitlab-runner-operator + - name: Build tenant-namespace-operator container + run: ./containers/build tenant-namespace-operator + - name: Build py2lint container + run: ./containers/build py2lint + - name: Build pixiecore container + run: ./containers/build pixiecore + - name: Build ipmitool container + run: ./containers/build ipmitool + - name: Build ipmi-exporter container + run: ./containers/build ipmi-exporter + - name: Build dhcpd container + run: ./containers/build dhcpd + - name: Build inotify-tools container + run: ./containers/build inotify-tools + - name: Build chronyd container + run: ./containers/build chronyd + - name: Build debug-toolbox container + run: ./containers/build debug-toolbox + - name: Build smartctl-exporter container + run: ./containers/build smartctl-exporter + - name: Build rpms-containerd container + env: + RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} + run: | + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build rpms-containerd + rm -f rpm.priv + - name: Build rpms-node-base container + env: + RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} + run: | + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build rpms-node-base + rm -f rpm.priv + - name: Build rpms-openvswitch container + env: + RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} + run: | + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build rpms-openvswitch + rm -f rpm.priv + - name: Build rpms-kubernetes container 1.16 + env: + RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} + run: | + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build rpms-kubernetes 1.16 + rm -f rpm.priv + - name: Build rpms-kubernetes container 1.17 + env: + RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} + run: | + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build rpms-kubernetes 1.17 + rm -f rpm.priv + - name: Build rpms-kubernetes container 1.18 + env: + RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} + run: | + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build rpms-kubernetes 1.18 + rm -f rpm.priv + - name: Build rpms-kubernetes container 1.19 + env: + RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} + run: | + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build rpms-kubernetes 1.19 + rm -f rpm.priv + - name: Build rpms-kubernetes container 1.20 + env: + RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} + run: | + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build rpms-kubernetes 1.20 + rm -f rpm.priv + - name: Build anaconda container + run: ./containers/build anaconda + + - name: Build full k8s node image 1.16 + env: + RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} + run: | + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build k8s-node-image 1.16 + rm -f rpm.priv + - name: Build full k8s node image 1.17 + env: + RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} + run: | + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build k8s-node-image 1.17 + rm -f rpm.priv + - name: Build full k8s node image 1.18 + env: + RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} + run: | + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build k8s-node-image 1.18 + rm -f rpm.priv + - name: Build full k8s node image 1.19 + env: + RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} + run: | + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build k8s-node-image 1.19 + rm -f rpm.priv + - name: Build full k8s node image 1.20 + env: + RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} + run: | + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build k8s-node-image 1.20 + rm -f rpm.priv + + - name: Build anaconda+nginx container + run: ./containers/build anaconda-nginx + - name: Build k8s-node-image+nginx container 1.16 + run: ./containers/build k8s-node-image-nginx 1.16 + - name: Build k8s-node-image+nginx container 1.17 + run: ./containers/build k8s-node-image-nginx 1.17 + - name: Build k8s-node-image+nginx container 1.18 + run: ./containers/build k8s-node-image-nginx 1.18 + - name: Build k8s-node-image+nginx container 1.19 + run: ./containers/build k8s-node-image-nginx 1.19 + - name: Build k8s-node-image+nginx container 1.20 + run: ./containers/build k8s-node-image-nginx 1.20 + + - name: Configure Git + run: | + git config --global user.name "$GITHUB_ACTOR" + git config --global user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Build image library charts + run: ./charts/image-library-charts/buildall + + - name: Build charts + run: ./charts/charts/buildall diff --git a/charts/charts/buildall b/charts/charts/buildall index 0bd9489..4ae8cde 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -7,7 +7,7 @@ pushd $(dirname "$0") [ ! -d charts ] && git clone https://github.com/pnnl-miscscripts/charts [ ! -d hubbuildtools ] && git clone https://github.com/kfox1111/hubbuildtools -if [ "x$TRAVIS" != "x" ]; then +if [ "x$TRAVIS" != "x" -o "x$GITHUB_ACTION" != "x" ]; then curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 > get_helm.sh chmod 700 get_helm.sh ./get_helm.sh diff --git a/charts/image-library-charts/buildall b/charts/image-library-charts/buildall index c498ff4..ffcd09d 100755 --- a/charts/image-library-charts/buildall +++ b/charts/image-library-charts/buildall @@ -8,11 +8,11 @@ pushd $(dirname "$0") [ ! -d image-library-charts ] && git clone https://github.com/pnnl-miscscripts/image-library-charts [ ! -d hubbuildtools ] && git clone https://github.com/kfox1111/hubbuildtools -if [ "x$TRAVIS" != "x" ]; then - curl https://raw.githubusercontent.com/helm/helm/master/scripts/get > get_helm.sh +if [ "x$TRAVIS" != "x" -o "x$GITHUB_ACTION" != "x" ]; then + curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 > get_helm.sh chmod 700 get_helm.sh ./get_helm.sh - helm init -c + helm repo add stable https://charts.helm.sh/stable fi cd image-library-charts From 5fbd302a3a6d68a4026d382c2192825a19019e4e Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Mon, 14 Dec 2020 11:19:30 -0800 Subject: [PATCH 214/331] Fixed secret reference due to gh rules --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index d1a25f0..263d267 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -12,7 +12,7 @@ jobs: env: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} - GITHUB_LIBRARY_CHARTS_TOKEN: ${{ secrets.GITHUB_LIBRARY_CHARTS_TOKEN }} + GITHUB_LIBRARY_CHARTS_TOKEN: ${{ secrets.GIT_LIBRARY_CHARTS_TOKEN }} steps: - name: Checkout uses: actions/checkout@v2 From 4d109bbfd98031e77a5b27c1ec2c018b442a1e22 Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Mon, 14 Dec 2020 12:09:58 -0800 Subject: [PATCH 215/331] Added missing node-image chart builds --- charts/image-library-charts/buildall | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/image-library-charts/buildall b/charts/image-library-charts/buildall index ffcd09d..3c22930 100755 --- a/charts/image-library-charts/buildall +++ b/charts/image-library-charts/buildall @@ -23,7 +23,7 @@ CHANGE=0 for CONTAINER in ipmitool ipmi-exporter dhcpd inotify-tools chronyd debug-toolbox anaconda-nginx k8s-node-image-nginx pixiecore smartctl-exporter; do case "$CONTAINER" in k8s-node-image-nginx) - SUBBUILDS="1.15 1.16 1.17 1.18" + SUBBUILDS="1.16 1.17 1.18 1.19 1.20" ;; *) SUBBUILDS="latest" From f3fa5ba09d61e8e842740169b73a6aeaa9b920fe Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Mon, 14 Dec 2020 12:10:22 -0800 Subject: [PATCH 216/331] Switched to GH Actions Badge --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6ca3dc9..b7f246d 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ # miscscripts -[![Build Status](https://travis-ci.org/pnnl-miscscripts/miscscripts.svg?branch=master)](https://travis-ci.org/pnnl-miscscripts/miscscripts) +[![Build](https://github.com/pnnl-miscscripts/miscscripts/workflows/Build/badge.svg)](https://github.com/pnnl-miscscripts/miscscripts/actions?query=workflow%3ABuild) This repository houses a bunch of miscellaneous scripts, docker files, helm charts, etc that we have built up over time that could be useful to others. From 9e454f81b3b0cc888e881dc5bdb1d8ba54cbece7 Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Mon, 14 Dec 2020 12:55:48 -0800 Subject: [PATCH 217/331] Fixed another reference to node-image charts --- charts/charts/buildall | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/charts/buildall b/charts/charts/buildall index 4ae8cde..4e3b976 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -21,7 +21,7 @@ mkdir -p charts/vers helm repo add pnnl-miscscripts-image-library-charts https://pnnl-miscscripts.github.io/image-library-charts/ helm repo update -for ver in 1-15 1-16 1-17 1-18; do +for ver in 1-16 1-17 1-18 1-19 1-20; do cp -a k8s-node-image k8s-node-image-$ver sed -i "s@k8s-node-image-nginx-1-14@k8s-node-image-nginx-$ver@g" k8s-node-image-$ver/requirements.yaml k8s-node-image-$ver/values.yaml sed -i "s@^name:.*@name: k8s-node-image-$ver@g" k8s-node-image-$ver/Chart.yaml @@ -40,7 +40,7 @@ for CHART in nginx-app console chronyd dhcpd ipmi-exporter kubeupdater k8s-node- RAWCHART=$CHART case "$CHART" in k8s-node-image) - SUBBUILDS="1-15 1-16 1-17 1-18" + SUBBUILDS="1-16 1-17 1-18 1-19 1-20" ;; *) SUBBUILDS="latest" From b52f25482a599f6f08357a946aa27fc035edc281 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 23 Dec 2020 15:01:12 -0800 Subject: [PATCH 218/331] Update volume patch to match new gitlab-runner chart --- containers/gitlab-runner-operator/volume.patch | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/containers/gitlab-runner-operator/volume.patch b/containers/gitlab-runner-operator/volume.patch index 9418d34..042905a 100644 --- a/containers/gitlab-runner-operator/volume.patch +++ b/containers/gitlab-runner-operator/volume.patch @@ -49,9 +49,9 @@ index b3512a99..04dedf81 100644 + {{- if .Values.extraVolumes }} +{{ toYaml .Values.extraVolumes | indent 6 }} + {{- end }} - {{- if .Values.affinity }} - affinity: - {{ toYaml .Values.affinity | indent 8 }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + {{ toYaml .Values.imagePullSecrets | indent 8 }} diff --git a/values.yaml b/values.yaml index 7ece3544..efc2335f 100644 --- a/values.yaml @@ -71,4 +71,3 @@ index 7ece3544..efc2335f 100644 +extraVolumes: {} -- 2.24.1 - From 4efd2da93f66786555bacbb7da361e68f3f837f5 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 4 Feb 2021 13:32:44 -0800 Subject: [PATCH 219/331] Added load balancer ip tracking to tenant-namespace-operator Updated helm version to prepare for ingress controller upgrade --- .../tenant-namespace-operator/Dockerfile | 2 +- .../roles/tenantnamespace/tasks/main.yml | 66 +++++++++++++++++++ 2 files changed, 67 insertions(+), 1 deletion(-) diff --git a/containers/tenant-namespace-operator/Dockerfile b/containers/tenant-namespace-operator/Dockerfile index cd54766..4e65012 100644 --- a/containers/tenant-namespace-operator/Dockerfile +++ b/containers/tenant-namespace-operator/Dockerfile @@ -1,6 +1,6 @@ FROM quay.io/operator-framework/ansible-operator:v0.17.0 -ARG helm_version=v3.2.0 +ARG helm_version=v3.3.4 USER 0 RUN \ yum clean all && \ diff --git a/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml index 9d672db..21ea669 100644 --- a/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml +++ b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml @@ -19,6 +19,57 @@ when: - not dryrun +- name: Set ingress ip if known + set_fact: + loadBalancerIP: "{{ _miscscripts_pnnl_gov_tenantnamespace.status.loadBalancerIP }}" + when: + - _miscscripts_pnnl_gov_tenantnamespace.status.loadBalancerIP is defined + +- name: Fetch ingress service + k8s_info: + api_version: v1 + kind: Service + name: "{{ meta.name }}-ingress-controller" + namespace: "{{ meta.name }}-admin" + register: ingressService + when: + - _miscscripts_pnnl_gov_tenantnamespace.status.loadBalancerIP is not defined + +- name: Merge in existing ingress ip if exists + block: + - name: Set ingress ip. + set_fact: + loadBalancerIP: "{{ ingressService.resources[0].status.loadBalancer.ingress[0].ip }}" + - k8s_status: + api_version: miscscripts.pnnl.gov/v1beta1 + kind: TenantNamespace + name: "{{ meta.name }}" + namespace: "{{ meta.namespace }}" + status: + loadBalancerIP: "{{ ingressService.resources[0].status.loadBalancer.ingress[0].ip }}" + when: + - _miscscripts_pnnl_gov_tenantnamespace.status.loadBalancerIP is not defined + - merged_values.ingress.controller.service.loadBalancerIP is not defined + - ingressService is defined + - ingressService.resources is defined + - ingressService.resources[0] is defined + - ingressService.resources[0].status is defined + - ingressService.resources[0].status.loadBalancer is defined + - ingressService.resources[0].status.loadBalancer.ingress is defined + - ingressService.resources[0].status.loadBalancer.ingress[0] is defined + - ingressService.resources[0].status.loadBalancer.ingress[0].ip is defined + +- name: Set ingress ip if specified + set_fact: + loadBalancerIP: "{{ _miscscripts_pnnl_gov_tenantnamespace.spec.ingress.controller.service.loadBalancerIP }}" + when: + - loadBalancerIP is not defined + - _miscscripts_pnnl_gov_tenantnamespace.spec.ingress is defined + - _miscscripts_pnnl_gov_tenantnamespace.spec.ingress.controller is defined + - _miscscripts_pnnl_gov_tenantnamespace.spec.ingress.controller.service is defined + - _miscscripts_pnnl_gov_tenantnamespace.spec.ingress.controller.service is defined + - _miscscripts_pnnl_gov_tenantnamespace.spec.ingress.controller.service.loadBalancerIP is defined + - name: Set initial defaults. They be overridden. set_fact: merged_values: @@ -79,6 +130,21 @@ set_fact: merged_values: "{{ merged_values | combine(overrides, recursive=True) }}" +- name: Force loadBalancerIP address setting + set_fact: + loadBalancerIP_overrides: + ingress: + controller: + service: + loadBalancerIP: "{{ loadBalancerIP }}" + when: + - loadBalancerIP is defined +- name: Force loadBalancerIP. Can not be overridden. + set_fact: + merged_values: "{{ merged_values | combine(loadBalancerIP_overrides, recursive=True) }}" + when: + - loadBalancerIP is defined + #FIXME Consider making a service account specifically for this so it can't cross namespaces as far as it can today - name: Run Helm helm: From 4b30f110d8cf49d6b6d76a738aea2da203cde879 Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Thu, 4 Feb 2021 13:35:21 -0800 Subject: [PATCH 220/331] Fixed duplicate when check --- .../roles/tenantnamespace/tasks/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml index 21ea669..7142538 100644 --- a/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml +++ b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml @@ -67,7 +67,6 @@ - _miscscripts_pnnl_gov_tenantnamespace.spec.ingress is defined - _miscscripts_pnnl_gov_tenantnamespace.spec.ingress.controller is defined - _miscscripts_pnnl_gov_tenantnamespace.spec.ingress.controller.service is defined - - _miscscripts_pnnl_gov_tenantnamespace.spec.ingress.controller.service is defined - _miscscripts_pnnl_gov_tenantnamespace.spec.ingress.controller.service.loadBalancerIP is defined - name: Set initial defaults. They be overridden. From a165530737a65d69ed0086ae73de9224e3ae48e0 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 5 Feb 2021 13:42:41 -0800 Subject: [PATCH 221/331] Fixed gitlab tag support in tenant namespace operator Tags are a comma separated string of tags instead of a yaml list --- .../roles/tenantnamespace/tasks/main.yml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml index 7142538..5b47bb2 100644 --- a/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml +++ b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml @@ -108,7 +108,20 @@ spec: runners: namespace: "{{ meta.name }}" - tags: "{{ (merged_values.gitlabRunner.spec.runners.tags | default([]) + [meta.name]) | unique | list }}" + tags: "{{ (merged_values.gitlabRunner.spec.runners.tags.split(',') + [meta.name]) | unique | list | join(",") }}" + when: + - merged_values.gitlabRunner.spec.runners.tags is defined +- name: Setup gitlabRunner if needed + set_fact: + gitlabrunnerconfig: + gitlabRunner: + spec: + runners: + namespace: "{{ meta.name }}" + tags: "{{ meta.name }}" + when: + - merged_values.gitlabRunner.spec.runners.tags is not defined + - name: Merge gitlabRunner values set_fact: merged_values: "{{ merged_values | combine(gitlabrunnerconfig, recursive=True) }}" From 9e03c2b13705c3bea3206c7c150de96e35fcb57b Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Fri, 5 Feb 2021 13:48:32 -0800 Subject: [PATCH 222/331] Fixed usage of double quotes --- .../roles/tenantnamespace/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml index 5b47bb2..0b8fe00 100644 --- a/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml +++ b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml @@ -108,7 +108,7 @@ spec: runners: namespace: "{{ meta.name }}" - tags: "{{ (merged_values.gitlabRunner.spec.runners.tags.split(',') + [meta.name]) | unique | list | join(",") }}" + tags: "{{ (merged_values.gitlabRunner.spec.runners.tags.split(',') + [meta.name]) | unique | list | join(',') }}" when: - merged_values.gitlabRunner.spec.runners.tags is defined - name: Setup gitlabRunner if needed From b7a1fe7bd8a0a8bfc6db148e0698c60b5c5e206f Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 5 Feb 2021 14:12:44 -0800 Subject: [PATCH 223/331] Release 0.1.9 of the tenant-namespace-operator --- charts/charts/tenant-namespace-operator/Chart.yaml | 2 +- containers/tenant-namespace-operator/buildenv | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/charts/tenant-namespace-operator/Chart.yaml b/charts/charts/tenant-namespace-operator/Chart.yaml index 4b6deb5..efe072e 100644 --- a/charts/charts/tenant-namespace-operator/Chart.yaml +++ b/charts/charts/tenant-namespace-operator/Chart.yaml @@ -18,4 +18,4 @@ version: 0.1.10 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: 0.1.8-1 +appVersion: 0.1.9-1 diff --git a/containers/tenant-namespace-operator/buildenv b/containers/tenant-namespace-operator/buildenv index b4013ae..8f0e35b 100644 --- a/containers/tenant-namespace-operator/buildenv +++ b/containers/tenant-namespace-operator/buildenv @@ -1 +1 @@ -export PREFIX=0.1.8 +export PREFIX=0.1.9 From 9d09fb621a91c9d73c4a5c47ad2be5e1ad3609ee Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 5 Feb 2021 14:13:33 -0800 Subject: [PATCH 224/331] Release 0.1.9 of the tenant-namespace-operator --- charts/charts/tenant-namespace-operator/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/charts/tenant-namespace-operator/Chart.yaml b/charts/charts/tenant-namespace-operator/Chart.yaml index efe072e..891cdb3 100644 --- a/charts/charts/tenant-namespace-operator/Chart.yaml +++ b/charts/charts/tenant-namespace-operator/Chart.yaml @@ -14,7 +14,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.1.10 +version: 0.1.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. From a4cb53463dc7d2594d0773637a3aab879517da66 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Tue, 9 Feb 2021 10:34:04 -0800 Subject: [PATCH 225/331] Add some keywords --- charts/charts/gitlab-runner-operator/Chart.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/charts/charts/gitlab-runner-operator/Chart.yaml b/charts/charts/gitlab-runner-operator/Chart.yaml index 7a53f56..f8dd56c 100644 --- a/charts/charts/gitlab-runner-operator/Chart.yaml +++ b/charts/charts/gitlab-runner-operator/Chart.yaml @@ -14,8 +14,14 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.1.3 +version: 0.1.4 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. appVersion: 0.1.3-1 + +keywords: +- gitlab +- gitlab-runner +- runner +- gitlab-runner-operator From fc17c6712d3c236199733ed69fd994852585d86f Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 24 Feb 2021 08:49:50 -0800 Subject: [PATCH 226/331] Disable new smartctl-exporter builds until upstream can fix the issue. --- .github/workflows/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 263d267..14240cd 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -38,8 +38,8 @@ jobs: run: ./containers/build chronyd - name: Build debug-toolbox container run: ./containers/build debug-toolbox - - name: Build smartctl-exporter container - run: ./containers/build smartctl-exporter +# - name: Build smartctl-exporter container +# run: ./containers/build smartctl-exporter - name: Build rpms-containerd container env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} From 1ae3f05d7f019b8cc73e7adb14ab7b1d35cf1492 Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Tue, 23 Feb 2021 17:23:19 -0800 Subject: [PATCH 227/331] Updated ingress dependency for tenant namespace chart Updated tenant namespace chart to v2 Added helm labels from helm 3 Updated cert-manager resources to v1 Locked operator chart version --- charts/charts/tenant-namespace/Chart.yaml | 22 ++++++-- .../charts/tenant-namespace/requirements.yaml | 15 ------ .../tenant-namespace/templates/_helpers.tpl | 50 +++++++++++++------ .../templates/certificate.yaml | 5 +- .../templates/gitlabrunner.yaml | 5 +- .../tenant-namespace/templates/issuer.yaml | 5 +- .../templates/limitrange.yaml | 11 ++-- .../templates/nginx-ingress-role.yaml | 7 +-- .../templates/nginx-ingress-rolebinding.yaml | 7 +-- .../templates/operatorgroup.yaml | 5 +- .../rbac-admin-group-rolebinding.yaml | 5 +- .../templates/resourcequota.yaml | 5 +- .../simple-restricted-networkpolicy.yaml | 2 + charts/charts/tenant-namespace/values.yaml | 4 +- .../tenant-namespace-operator/Dockerfile | 2 +- 15 files changed, 80 insertions(+), 70 deletions(-) delete mode 100644 charts/charts/tenant-namespace/requirements.yaml diff --git a/charts/charts/tenant-namespace/Chart.yaml b/charts/charts/tenant-namespace/Chart.yaml index 2ce3122..9496aec 100644 --- a/charts/charts/tenant-namespace/Chart.yaml +++ b/charts/charts/tenant-namespace/Chart.yaml @@ -1,5 +1,21 @@ -apiVersion: v1 -appVersion: "1.0" +apiVersion: v2 +type: application description: Chart for setting up a tenants namespace with all the goodies name: tenant-namespace -version: 0.7.6 +version: 0.7.7 +appVersion: "1.0" +dependencies: +- name: magic-namespace + alias: adminmagicnamespace + version: "0.5.2" + repository: "https://charts.helm.sh/stable" + condition: adminmagicnamespace.enabled +- name: magic-namespace + alias: magicnamespace + version: "0.5.2" + repository: "https://charts.helm.sh/stable" +- name: ingress-nginx + alias: ingress + version: "3.23.0" + repository: "https://kubernetes.github.io/ingress-nginx" + condition: ingress.nginx.enabled diff --git a/charts/charts/tenant-namespace/requirements.yaml b/charts/charts/tenant-namespace/requirements.yaml deleted file mode 100644 index fccdd5d..0000000 --- a/charts/charts/tenant-namespace/requirements.yaml +++ /dev/null @@ -1,15 +0,0 @@ -dependencies: -- name: magic-namespace - alias: adminmagicnamespace - version: "0.5.2" - repository: "https://charts.helm.sh/stable" - condition: adminmagicnamespace.enabled -- name: magic-namespace - alias: magicnamespace - version: "0.5.2" - repository: "https://charts.helm.sh/stable" -- name: nginx-ingress - alias: ingress - version: "1.34.2" - repository: "https://charts.helm.sh/stable" - condition: ingress.nginx.enabled diff --git a/charts/charts/tenant-namespace/templates/_helpers.tpl b/charts/charts/tenant-namespace/templates/_helpers.tpl index 2f004af..b926275 100644 --- a/charts/charts/tenant-namespace/templates/_helpers.tpl +++ b/charts/charts/tenant-namespace/templates/_helpers.tpl @@ -3,8 +3,8 @@ Expand the name of the chart. */}} {{- define "namespace.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} {{/* Create a default fully qualified app name. @@ -12,21 +12,41 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this If release name contains chart name it will be used as a full name. */}} {{- define "namespace.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} {{/* Create chart name and version as used by the chart label. */}} {{- define "namespace.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} \ No newline at end of file +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "namespace.labels" -}} +helm.sh/chart: {{ include "namespace.chart" . }} +{{ include "namespace.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "namespace.selectorLabels" -}} +app.kubernetes.io/name: {{ include "namespace.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/charts/tenant-namespace/templates/certificate.yaml b/charts/charts/tenant-namespace/templates/certificate.yaml index af65e84..be4430d 100644 --- a/charts/charts/tenant-namespace/templates/certificate.yaml +++ b/charts/charts/tenant-namespace/templates/certificate.yaml @@ -1,9 +1,12 @@ {{- if .Values.letsencrypt.enabled }} {{- $name := .Values.magicnamespace.namespace }} -apiVersion: certmanager.k8s.io/v1alpha1 +apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: default-tls + namespace: {{ .Release.Namespace }} + labels: + {{- include "namespace.labels" . | nindent 4 }} spec: secretName: default-tls dnsNames: diff --git a/charts/charts/tenant-namespace/templates/gitlabrunner.yaml b/charts/charts/tenant-namespace/templates/gitlabrunner.yaml index 96cf776..58723f9 100644 --- a/charts/charts/tenant-namespace/templates/gitlabrunner.yaml +++ b/charts/charts/tenant-namespace/templates/gitlabrunner.yaml @@ -5,10 +5,7 @@ metadata: name: {{ .Values.gitlabRunner.name }} namespace: {{ .Values.magicnamespace.namespace }} labels: - app: {{ template "namespace.name" . }} - chart: {{ template "namespace.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "namespace.labels" . | nindent 4 }} spec: {{ toYaml .Values.gitlabRunner.spec | indent 2 }} {{- end }} diff --git a/charts/charts/tenant-namespace/templates/issuer.yaml b/charts/charts/tenant-namespace/templates/issuer.yaml index 30fa1c4..b4af516 100644 --- a/charts/charts/tenant-namespace/templates/issuer.yaml +++ b/charts/charts/tenant-namespace/templates/issuer.yaml @@ -1,8 +1,11 @@ {{- if .Values.letsencrypt.enabled }} -apiVersion: certmanager.k8s.io/v1alpha1 +apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: letsencrypt-production + namespace: {{ .Release.Namespace }} + labels: + {{- include "namespace.labels" . | nindent 4 }} spec: acme: server: https://acme-v02.api.letsencrypt.org/directory diff --git a/charts/charts/tenant-namespace/templates/limitrange.yaml b/charts/charts/tenant-namespace/templates/limitrange.yaml index 21a8b15..d2bb48d 100644 --- a/charts/charts/tenant-namespace/templates/limitrange.yaml +++ b/charts/charts/tenant-namespace/templates/limitrange.yaml @@ -2,13 +2,10 @@ apiVersion: v1 kind: LimitRange metadata: - name: {{ .Release.Name }} - namespace: {{ .Values.magicnamespace.namespace }} - labels: - app: {{ template "namespace.name" . }} - chart: {{ template "namespace.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + name: {{ .Release.Name }} + namespace: {{ .Values.magicnamespace.namespace }} + labels: + {{- include "namespace.labels" . | nindent 4 }} spec: limits: {{ toYaml .Values.limitRange.limits | indent 4 }} diff --git a/charts/charts/tenant-namespace/templates/nginx-ingress-role.yaml b/charts/charts/tenant-namespace/templates/nginx-ingress-role.yaml index 1bf05f8..50bba90 100644 --- a/charts/charts/tenant-namespace/templates/nginx-ingress-role.yaml +++ b/charts/charts/tenant-namespace/templates/nginx-ingress-role.yaml @@ -2,12 +2,9 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "namespace.fullname" . }} - labels: - app: {{ template "namespace.name" . }} - chart: {{ template "namespace.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} namespace: {{ .Values.magicnamespace.namespace }} + labels: + {{- include "namespace.labels" . | nindent 4 }} rules: - apiGroups: - "" diff --git a/charts/charts/tenant-namespace/templates/nginx-ingress-rolebinding.yaml b/charts/charts/tenant-namespace/templates/nginx-ingress-rolebinding.yaml index 9cefbfa..f7a4a45 100644 --- a/charts/charts/tenant-namespace/templates/nginx-ingress-rolebinding.yaml +++ b/charts/charts/tenant-namespace/templates/nginx-ingress-rolebinding.yaml @@ -2,12 +2,9 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ template "namespace.fullname" . }} - labels: - app: {{ template "namespace.name" . }} - chart: {{ template "namespace.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} namespace: {{ .Values.magicnamespace.namespace }} + labels: + {{- include "namespace.labels" . | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role diff --git a/charts/charts/tenant-namespace/templates/operatorgroup.yaml b/charts/charts/tenant-namespace/templates/operatorgroup.yaml index dc42683..6cb01a2 100644 --- a/charts/charts/tenant-namespace/templates/operatorgroup.yaml +++ b/charts/charts/tenant-namespace/templates/operatorgroup.yaml @@ -5,10 +5,7 @@ metadata: name: {{ .Values.magicnamespace.namespace }} namespace: {{ .Values.magicnamespace.namespace }} labels: - app: {{ template "namespace.name" . }} - chart: {{ template "namespace.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "namespace.labels" . | nindent 4 }} spec: targetNamespaces: - {{ .Values.magicnamespace.namespace }} diff --git a/charts/charts/tenant-namespace/templates/rbac-admin-group-rolebinding.yaml b/charts/charts/tenant-namespace/templates/rbac-admin-group-rolebinding.yaml index ad2c146..40a7089 100644 --- a/charts/charts/tenant-namespace/templates/rbac-admin-group-rolebinding.yaml +++ b/charts/charts/tenant-namespace/templates/rbac-admin-group-rolebinding.yaml @@ -4,10 +4,7 @@ metadata: name: rbac-admin-group namespace: {{ .Values.magicnamespace.namespace }} labels: - app: {{ template "namespace.name" . }} - chart: {{ template "namespace.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "namespace.labels" . | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole diff --git a/charts/charts/tenant-namespace/templates/resourcequota.yaml b/charts/charts/tenant-namespace/templates/resourcequota.yaml index a4e2092..a7e7f20 100644 --- a/charts/charts/tenant-namespace/templates/resourcequota.yaml +++ b/charts/charts/tenant-namespace/templates/resourcequota.yaml @@ -5,10 +5,7 @@ metadata: name: {{ .Release.Name }} namespace: {{ .Values.magicnamespace.namespace }} labels: - app: {{ template "namespace.name" . }} - chart: {{ template "namespace.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + {{- include "namespace.labels" . | nindent 4 }} spec: hard: pods: {{ .Values.quota.pods }} diff --git a/charts/charts/tenant-namespace/templates/simple-restricted-networkpolicy.yaml b/charts/charts/tenant-namespace/templates/simple-restricted-networkpolicy.yaml index a0553ab..dfe8b11 100644 --- a/charts/charts/tenant-namespace/templates/simple-restricted-networkpolicy.yaml +++ b/charts/charts/tenant-namespace/templates/simple-restricted-networkpolicy.yaml @@ -4,6 +4,8 @@ kind: NetworkPolicy metadata: name: default namespace: {{ .Values.magicnamespace.namespace }} + labels: + {{- include "namespace.labels" . | nindent 4 }} spec: podSelector: {} policyTypes: diff --git a/charts/charts/tenant-namespace/values.yaml b/charts/charts/tenant-namespace/values.yaml index 703486f..380e602 100644 --- a/charts/charts/tenant-namespace/values.yaml +++ b/charts/charts/tenant-namespace/values.yaml @@ -73,7 +73,7 @@ ingress: controller: ingressClass: public extraArgs: {} -# default-ssl-certificate=default/default-tls + ## default-ssl-certificate: "/" scope: enabled: true namespace: "" @@ -81,6 +81,8 @@ ingress: enabled: true publishService: enabled: true + admissionWebhooks: + enabled: false rbac: scope: true diff --git a/containers/tenant-namespace-operator/Dockerfile b/containers/tenant-namespace-operator/Dockerfile index 4e65012..3af14df 100644 --- a/containers/tenant-namespace-operator/Dockerfile +++ b/containers/tenant-namespace-operator/Dockerfile @@ -25,7 +25,7 @@ RUN \ ansible-galaxy collection install -r ${HOME}/requirements.yml && \ chmod -R ug+rwx ${HOME}/.ansible && \ helm plugin install https://github.com/databus23/helm-diff --version master && \ - helm pull --repo https://pnnl-miscscripts.github.io/charts tenant-namespace --untar && \ + helm pull --repo https://pnnl-miscscripts.github.io/charts tenant-namespace --version 0.6.7 --untar && \ find roles/ -type f -exec md5sum {} \; > /.extrafingerprints && \ echo 0.1.8 >> /.extrafingerprints && \ md5sum watches.yaml >> /.extrafingerprints From 48d6e86f17154cf3b83969e3085cbd7ae7ab58a1 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 25 Feb 2021 11:17:04 -0800 Subject: [PATCH 228/331] Fix race condition in kubeupdater --- charts/charts/kubeupdater/Chart.yaml | 2 +- charts/charts/kubeupdater/bin/kubeupdater | 13 ++++++++++--- charts/charts/kubeupdater/templates/daemonset.yaml | 2 ++ 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/charts/charts/kubeupdater/Chart.yaml b/charts/charts/kubeupdater/Chart.yaml index d60708b..b8c6df0 100644 --- a/charts/charts/kubeupdater/Chart.yaml +++ b/charts/charts/kubeupdater/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: A Helm chart for Kubernetes name: kubeupdater -version: 0.5.0 +version: 0.6.0 diff --git a/charts/charts/kubeupdater/bin/kubeupdater b/charts/charts/kubeupdater/bin/kubeupdater index 4b390ee..7549a8b 100755 --- a/charts/charts/kubeupdater/bin/kubeupdater +++ b/charts/charts/kubeupdater/bin/kubeupdater @@ -8,7 +8,11 @@ export KUBECONFIG=/etc/kubernetes/kubelet.conf [ -f /etc/sysconfig/kubeupdater ] && . /etc/sysconfig/kubeupdater if [ "x$flag" == "x-b" ]; then - kubectl label node $HOSTNAME miscscripts.pnnl.gov/upgrade- + for x in `seq 1 5`; do + kubectl label node $HOSTNAME miscscripts.pnnl.gov/upgrade- && break + echo Failed to unlabel. Waiting and trying again. + sleep $x + done fi if [ "x$flag" == "x-u" ]; then @@ -76,6 +80,9 @@ EOF cat > /etc/systemd/system/kubeupdater-updater.service < /etc/systemd/system/kubeupdater-boot.service < Date: Thu, 25 Feb 2021 11:46:40 -0800 Subject: [PATCH 229/331] Cleanup containers as we go. --- containers/build | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/containers/build b/containers/build index fd37721..0aff5fc 100755 --- a/containers/build +++ b/containers/build @@ -10,6 +10,14 @@ export DOCKER_TAG=latest [ -f buildenv ] && . buildenv +function cleanup () { + if [ "x$CI" != "x" ]; then + docker rmi "$DOCKER_REPO:$REVISION" + docker rmi "$IMAGE_NAME" + docker image prune -f + fi +} + if [ "x$IMAGE_NAME" == "x" ]; then export IMAGE_NAME="${DOCKER_REPO}:${DOCKER_TAG}" fi @@ -37,6 +45,7 @@ fi if [ $RES -eq 42 ]; then echo Nothing changed. Skipping. + cleanup exit 0 fi if [ $RES != 0 ]; then @@ -53,4 +62,6 @@ echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin docker push "$DOCKER_REPO:$REVISION" docker push "$IMAGE_NAME" +cleanup + popd From 9d140756ace35a7cbd83e504a4fc6418a8da8ab1 Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Thu, 25 Feb 2021 15:16:06 -0800 Subject: [PATCH 230/331] Updated tenant-namespace ingress resources Updated ingress role based on upstream chart Quoted namespace in rolebinding --- .../templates/nginx-ingress-role.yaml | 21 ++++--------------- .../templates/nginx-ingress-rolebinding.yaml | 2 +- 2 files changed, 5 insertions(+), 18 deletions(-) diff --git a/charts/charts/tenant-namespace/templates/nginx-ingress-role.yaml b/charts/charts/tenant-namespace/templates/nginx-ingress-role.yaml index 50bba90..53ee6a1 100644 --- a/charts/charts/tenant-namespace/templates/nginx-ingress-role.yaml +++ b/charts/charts/tenant-namespace/templates/nginx-ingress-role.yaml @@ -30,10 +30,10 @@ rules: verbs: - get - list - - update - watch - apiGroups: - extensions + - "networking.k8s.io" # k8s 1.14+ resources: - ingresses verbs: @@ -42,32 +42,19 @@ rules: - watch - apiGroups: - extensions + - "networking.k8s.io" # k8s 1.14+ resources: - ingresses/status verbs: - update - apiGroups: - - networking.k8s.io + - "networking.k8s.io" # k8s 1.14+ resources: - - ingresses + - ingressclasses verbs: - get - list - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - "" - resources: - - endpoints - verbs: - - create - - get - - update - apiGroups: - "" resources: diff --git a/charts/charts/tenant-namespace/templates/nginx-ingress-rolebinding.yaml b/charts/charts/tenant-namespace/templates/nginx-ingress-rolebinding.yaml index f7a4a45..a353bc7 100644 --- a/charts/charts/tenant-namespace/templates/nginx-ingress-rolebinding.yaml +++ b/charts/charts/tenant-namespace/templates/nginx-ingress-rolebinding.yaml @@ -12,4 +12,4 @@ roleRef: subjects: - kind: ServiceAccount name: {{ .Release.Name }}-ingress - namespace: {{ .Release.Namespace }} + namespace: {{ .Release.Namespace | quote }} From 7ac6d28551dd19e3c92b32de7dd0d1bfb05e3dec Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Fri, 26 Feb 2021 11:30:12 -0800 Subject: [PATCH 231/331] Updated workflow to split out all jobs --- .github/workflows/main.yml | 240 ++++++++++++++++++++++++++++++++++++- 1 file changed, 234 insertions(+), 6 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 14240cd..de23573 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -6,40 +6,100 @@ on: # Allows you to run this workflow manually from the Actions tab workflow_dispatch: +env: + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} + jobs: - build: + buildc-curl-jq: runs-on: ubuntu-20.04 - env: - DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} - DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} - GITHUB_LIBRARY_CHARTS_TOKEN: ${{ secrets.GIT_LIBRARY_CHARTS_TOKEN }} steps: - name: Checkout uses: actions/checkout@v2 - name: Build curl-jq container run: ./containers/build curl-jq + buildc-gitlab-runner-operator: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v2 - name: Build gitlab-runner-operator container run: ./containers/build gitlab-runner-operator + buildc-tenant-namespace-operator: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v2 - name: Build tenant-namespace-operator container run: ./containers/build tenant-namespace-operator + buildc-py2lint: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v2 - name: Build py2lint container run: ./containers/build py2lint + buildc-pixiecore: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v2 - name: Build pixiecore container run: ./containers/build pixiecore + buildc-ipmitool: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v2 - name: Build ipmitool container run: ./containers/build ipmitool + buildc-ipmi-exporter: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v2 - name: Build ipmi-exporter container run: ./containers/build ipmi-exporter + buildc-dhcpd: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v2 - name: Build dhcpd container run: ./containers/build dhcpd + buildc-inotify-tools: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v2 - name: Build inotify-tools container run: ./containers/build inotify-tools + buildc-chronyd: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v2 - name: Build chronyd container run: ./containers/build chronyd + buildc-debug-toolbox: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v2 - name: Build debug-toolbox container run: ./containers/build debug-toolbox +# buildc-smartctl-exporter: +# runs-on: ubuntu-20.04 +# steps: +# - name: Checkout +# uses: actions/checkout@v2 # - name: Build smartctl-exporter container # run: ./containers/build smartctl-exporter + buildc-rpms-containerd: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v2 - name: Build rpms-containerd container env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -47,6 +107,11 @@ jobs: printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-containerd rm -f rpm.priv + buildc-rpms-node-base: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v2 - name: Build rpms-node-base container env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -54,6 +119,11 @@ jobs: printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-node-base rm -f rpm.priv + buildc-rpms-openvswitch: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v2 - name: Build rpms-openvswitch container env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -61,6 +131,11 @@ jobs: printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-openvswitch rm -f rpm.priv + buildc-rpms-k8s-16: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v2 - name: Build rpms-kubernetes container 1.16 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -68,6 +143,11 @@ jobs: printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-kubernetes 1.16 rm -f rpm.priv + buildc-rpms-k8s-17: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v2 - name: Build rpms-kubernetes container 1.17 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -75,6 +155,11 @@ jobs: printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-kubernetes 1.17 rm -f rpm.priv + buildc-rpms-k8s-18: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v2 - name: Build rpms-kubernetes container 1.18 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -82,6 +167,11 @@ jobs: printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-kubernetes 1.18 rm -f rpm.priv + buildc-rpms-k8s-19: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v2 - name: Build rpms-kubernetes container 1.19 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -89,6 +179,11 @@ jobs: printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-kubernetes 1.19 rm -f rpm.priv + buildc-rpms-k8s-20: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v2 - name: Build rpms-kubernetes container 1.20 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -96,9 +191,24 @@ jobs: printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-kubernetes 1.20 rm -f rpm.priv + buildc-anaconda: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v2 - name: Build anaconda container run: ./containers/build anaconda + build-node-image-16: + runs-on: ubuntu-20.04 + needs: + - buildc-rpms-node-base + - buildc-rpms-containerd + - buildc-rpms-openvswitch + - buildc-rpms-k8s-16 + steps: + - name: Checkout + uses: actions/checkout@v2 - name: Build full k8s node image 1.16 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -106,6 +216,16 @@ jobs: printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build k8s-node-image 1.16 rm -f rpm.priv + build-node-image-17: + runs-on: ubuntu-20.04 + needs: + - buildc-rpms-node-base + - buildc-rpms-containerd + - buildc-rpms-openvswitch + - buildc-rpms-k8s-17 + steps: + - name: Checkout + uses: actions/checkout@v2 - name: Build full k8s node image 1.17 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -113,6 +233,16 @@ jobs: printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build k8s-node-image 1.17 rm -f rpm.priv + build-node-image-18: + runs-on: ubuntu-20.04 + needs: + - buildc-rpms-node-base + - buildc-rpms-containerd + - buildc-rpms-openvswitch + - buildc-rpms-k8s-18 + steps: + - name: Checkout + uses: actions/checkout@v2 - name: Build full k8s node image 1.18 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -120,6 +250,16 @@ jobs: printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build k8s-node-image 1.18 rm -f rpm.priv + build-node-image-19: + runs-on: ubuntu-20.04 + needs: + - buildc-rpms-node-base + - buildc-rpms-containerd + - buildc-rpms-openvswitch + - buildc-rpms-k8s-19 + steps: + - name: Checkout + uses: actions/checkout@v2 - name: Build full k8s node image 1.19 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -127,6 +267,16 @@ jobs: printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build k8s-node-image 1.19 rm -f rpm.priv + build-node-image-20: + runs-on: ubuntu-20.04 + needs: + - buildc-rpms-node-base + - buildc-rpms-containerd + - buildc-rpms-openvswitch + - buildc-rpms-k8s-20 + steps: + - name: Checkout + uses: actions/checkout@v2 - name: Build full k8s node image 1.20 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -135,26 +285,104 @@ jobs: ./containers/build k8s-node-image 1.20 rm -f rpm.priv + buildc-anaconda-nginx: + runs-on: ubuntu-20.04 + needs: + - buildc-anaconda + steps: + - name: Checkout + uses: actions/checkout@v2 - name: Build anaconda+nginx container run: ./containers/build anaconda-nginx + build-node-image-16-nginx: + runs-on: ubuntu-20.04 + needs: + - build-node-image-16 + steps: + - name: Checkout + uses: actions/checkout@v2 - name: Build k8s-node-image+nginx container 1.16 run: ./containers/build k8s-node-image-nginx 1.16 + build-node-image-17-nginx: + runs-on: ubuntu-20.04 + needs: + - build-node-image-17 + steps: + - name: Checkout + uses: actions/checkout@v2 - name: Build k8s-node-image+nginx container 1.17 run: ./containers/build k8s-node-image-nginx 1.17 + build-node-image-18-nginx: + runs-on: ubuntu-20.04 + needs: + - build-node-image-18 + steps: + - name: Checkout + uses: actions/checkout@v2 - name: Build k8s-node-image+nginx container 1.18 run: ./containers/build k8s-node-image-nginx 1.18 + build-node-image-19-nginx: + runs-on: ubuntu-20.04 + needs: + - build-node-image-19 + steps: + - name: Checkout + uses: actions/checkout@v2 - name: Build k8s-node-image+nginx container 1.19 run: ./containers/build k8s-node-image-nginx 1.19 + build-node-image-20-nginx: + runs-on: ubuntu-20.04 + needs: + - build-node-image-20 + steps: + - name: Checkout + uses: actions/checkout@v2 - name: Build k8s-node-image+nginx container 1.20 run: ./containers/build k8s-node-image-nginx 1.20 + build-image-library-charts: + runs-on: ubuntu-20.04 + needs: + - buildc-anaconda-nginx + - buildc-chronyd + - buildc-debug-toolbox + - buildc-dhcpd + - buildc-inotify-tools + - buildc-ipmi-exporter + - buildc-ipmitool + - build-node-image-16-nginx + - build-node-image-17-nginx + - build-node-image-18-nginx + - build-node-image-19-nginx + - build-node-image-20-nginx + - buildc-pixiecore +# - buildc-smartctl-exporter + env: + GITHUB_LIBRARY_CHARTS_TOKEN: ${{ secrets.GIT_LIBRARY_CHARTS_TOKEN }} + steps: + - name: Checkout + uses: actions/checkout@v2 - name: Configure Git run: | git config --global user.name "$GITHUB_ACTOR" git config --global user.email "$GITHUB_ACTOR@users.noreply.github.com" - - name: Build image library charts run: ./charts/image-library-charts/buildall + build-charts: + runs-on: ubuntu-20.04 + needs: + - build-image-library-charts + - buildc-gitlab-runner-operator + - buildc-tenant-namespace-operator + env: + GITHUB_LIBRARY_CHARTS_TOKEN: ${{ secrets.GIT_LIBRARY_CHARTS_TOKEN }} + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Configure Git + run: | + git config --global user.name "$GITHUB_ACTOR" + git config --global user.email "$GITHUB_ACTOR@users.noreply.github.com" - name: Build charts run: ./charts/charts/buildall From 141f10fa4b85b0e29bcadb02e5693f53c4915042 Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Mon, 1 Mar 2021 11:06:07 -0800 Subject: [PATCH 232/331] Added missing ingress-nginx repo in build script --- charts/charts/buildall | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/charts/buildall b/charts/charts/buildall index 4e3b976..51cc4c1 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -19,6 +19,7 @@ mkdir -p charts/tags mkdir -p charts/vers helm repo add pnnl-miscscripts-image-library-charts https://pnnl-miscscripts.github.io/image-library-charts/ +helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx helm repo update for ver in 1-16 1-17 1-18 1-19 1-20; do From 79b2f6269fc0658be54036cae3492a6a9f632c14 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 2 Apr 2021 10:43:20 -0700 Subject: [PATCH 233/331] Fix gitlab-runner volume patch --- containers/gitlab-runner-operator/volume.patch | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/containers/gitlab-runner-operator/volume.patch b/containers/gitlab-runner-operator/volume.patch index 042905a..7839448 100644 --- a/containers/gitlab-runner-operator/volume.patch +++ b/containers/gitlab-runner-operator/volume.patch @@ -57,9 +57,9 @@ index 7ece3544..efc2335f 100644 --- a/values.yaml +++ b/values.yaml @@ -363,3 +363,12 @@ podLabels: {} - # pods: - # metricName: gitlab_runner_jobs - # targetAverageValue: 400m + ## See https://gitlab.com/gitlab-org/charts/gitlab-runner/-/blob/master/templates/configmap.yaml + ## for a current list. + configMaps: {} + +## extra containers to run +extraContainers: {} From 9720eb71b6365fbe3de486491c336d77ac89008d Mon Sep 17 00:00:00 2001 From: kfox1111 Date: Mon, 5 Apr 2021 15:39:16 -0700 Subject: [PATCH 234/331] Workaround bad sigs in repo --- containers/rpms-kubernetes/kubernetes.repo | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/rpms-kubernetes/kubernetes.repo b/containers/rpms-kubernetes/kubernetes.repo index 65eda50..eac03e0 100644 --- a/containers/rpms-kubernetes/kubernetes.repo +++ b/containers/rpms-kubernetes/kubernetes.repo @@ -4,4 +4,4 @@ baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=1 repo_gpgcheck=1 -gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg +gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg https://packages.cloud.google.com/yum/doc/apt-key.gpg From 1284392cdb9ab55d0740a76e6064a71f4916a202 Mon Sep 17 00:00:00 2001 From: kfox1111 Date: Mon, 5 Apr 2021 16:56:35 -0700 Subject: [PATCH 235/331] Work around broken issue using google's recommendation --- containers/rpms-kubernetes/kubernetes.repo | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/rpms-kubernetes/kubernetes.repo b/containers/rpms-kubernetes/kubernetes.repo index eac03e0..0a2959c 100644 --- a/containers/rpms-kubernetes/kubernetes.repo +++ b/containers/rpms-kubernetes/kubernetes.repo @@ -3,5 +3,5 @@ name=Kubernetes baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=1 -repo_gpgcheck=1 +repo_gpgcheck=0 # See issue https://github.com/kubernetes/release/issues/1982 gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg https://packages.cloud.google.com/yum/doc/apt-key.gpg From 440ca6d939b2f5dd1f4989a5e96929daa1e7cb0f Mon Sep 17 00:00:00 2001 From: kfox1111 Date: Mon, 5 Apr 2021 17:15:19 -0700 Subject: [PATCH 236/331] Bad comment parser --- containers/rpms-kubernetes/kubernetes.repo | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/containers/rpms-kubernetes/kubernetes.repo b/containers/rpms-kubernetes/kubernetes.repo index 0a2959c..8f754aa 100644 --- a/containers/rpms-kubernetes/kubernetes.repo +++ b/containers/rpms-kubernetes/kubernetes.repo @@ -3,5 +3,6 @@ name=Kubernetes baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 enabled=1 gpgcheck=1 -repo_gpgcheck=0 # See issue https://github.com/kubernetes/release/issues/1982 +# See issue https://github.com/kubernetes/release/issues/1982 +repo_gpgcheck=0 gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg https://packages.cloud.google.com/yum/doc/apt-key.gpg From f8af8e25ad05fc1bac026e73ad550e51bf4fe757 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 7 Apr 2021 13:02:43 -0700 Subject: [PATCH 237/331] Add git container --- .github/workflows/main.yml | 7 +++++++ containers/git/Dockerfile | 10 ++++++++++ containers/git/buildenv | 3 +++ 3 files changed, 20 insertions(+) create mode 100644 containers/git/Dockerfile create mode 100644 containers/git/buildenv diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index de23573..cc83e03 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -11,6 +11,13 @@ env: DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} jobs: + buildc-git: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Build git container + run: ./containers/build git buildc-curl-jq: runs-on: ubuntu-20.04 steps: diff --git a/containers/git/Dockerfile b/containers/git/Dockerfile new file mode 100644 index 0000000..60e089a --- /dev/null +++ b/containers/git/Dockerfile @@ -0,0 +1,10 @@ +FROM alpine:3.13 +MAINTAINER Kevin Fox + +RUN \ + apk add --no-cache --update ca-certificates openssl git && \ + rm -f /etc/apk/repositories + +ENTRYPOINT ["git"] + +CMD ["--help"] diff --git a/containers/git/buildenv b/containers/git/buildenv new file mode 100644 index 0000000..569c776 --- /dev/null +++ b/containers/git/buildenv @@ -0,0 +1,3 @@ +export AUTO_PREFIX=git +export AUTO_PREFIX_PACKAGE=git +export NEW_BUILD=1 From 9f30dfa3c5bea45b5da46544db36a9160c3218b9 Mon Sep 17 00:00:00 2001 From: kfox1111 Date: Wed, 7 Apr 2021 13:16:32 -0700 Subject: [PATCH 238/331] Fix build string --- containers/git/buildenv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/git/buildenv b/containers/git/buildenv index 569c776..768dd55 100644 --- a/containers/git/buildenv +++ b/containers/git/buildenv @@ -1,3 +1,3 @@ -export AUTO_PREFIX=git +export AUTO_PREFIX=apk-version export AUTO_PREFIX_PACKAGE=git export NEW_BUILD=1 From d4d21812b279cdd2548b1168f25e1f65df618047 Mon Sep 17 00:00:00 2001 From: kfox1111 Date: Wed, 7 Apr 2021 13:23:47 -0700 Subject: [PATCH 239/331] No longer a new build --- containers/git/buildenv | 1 - 1 file changed, 1 deletion(-) diff --git a/containers/git/buildenv b/containers/git/buildenv index 768dd55..e895712 100644 --- a/containers/git/buildenv +++ b/containers/git/buildenv @@ -1,3 +1,2 @@ export AUTO_PREFIX=apk-version export AUTO_PREFIX_PACKAGE=git -export NEW_BUILD=1 From 126bf0d7905264a76828f5d5802fadb862f71007 Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Mon, 1 Mar 2021 14:51:30 -0800 Subject: [PATCH 240/331] Updated tenant-namespace-operator for new tenant-namespace Added immutable resource removal Added ingressclasses permissions Bumped versions --- .../tenant-namespace-operator/Chart.yaml | 4 +- .../templates/clusterrole.yaml | 7 +++- .../tenant-namespace-operator/Dockerfile | 4 +- containers/tenant-namespace-operator/buildenv | 2 +- .../roles/tenantnamespace/tasks/main.yml | 40 ++++++++++++++++++- 5 files changed, 48 insertions(+), 9 deletions(-) diff --git a/charts/charts/tenant-namespace-operator/Chart.yaml b/charts/charts/tenant-namespace-operator/Chart.yaml index 891cdb3..9f30784 100644 --- a/charts/charts/tenant-namespace-operator/Chart.yaml +++ b/charts/charts/tenant-namespace-operator/Chart.yaml @@ -14,8 +14,8 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.1.11 +version: 0.1.12 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: 0.1.9-1 +appVersion: 0.1.10-1 diff --git a/charts/charts/tenant-namespace-operator/templates/clusterrole.yaml b/charts/charts/tenant-namespace-operator/templates/clusterrole.yaml index 8db5692..586554b 100644 --- a/charts/charts/tenant-namespace-operator/templates/clusterrole.yaml +++ b/charts/charts/tenant-namespace-operator/templates/clusterrole.yaml @@ -49,6 +49,7 @@ rules: - "*" - apiGroups: - extensions + - "networking.k8s.io" # k8s 1.14+ resources: - ingresses/status verbs: @@ -56,9 +57,11 @@ rules: - apiGroups: - networking.k8s.io resources: - - ingresses/status + - ingressclasses verbs: - - update + - get + - list + - watch - apiGroups: - operators.coreos.com resources: diff --git a/containers/tenant-namespace-operator/Dockerfile b/containers/tenant-namespace-operator/Dockerfile index 3af14df..ade7178 100644 --- a/containers/tenant-namespace-operator/Dockerfile +++ b/containers/tenant-namespace-operator/Dockerfile @@ -25,9 +25,9 @@ RUN \ ansible-galaxy collection install -r ${HOME}/requirements.yml && \ chmod -R ug+rwx ${HOME}/.ansible && \ helm plugin install https://github.com/databus23/helm-diff --version master && \ - helm pull --repo https://pnnl-miscscripts.github.io/charts tenant-namespace --version 0.6.7 --untar && \ + helm pull --repo https://pnnl-miscscripts.github.io/charts tenant-namespace --version 0.6.8 --untar && \ find roles/ -type f -exec md5sum {} \; > /.extrafingerprints && \ - echo 0.1.8 >> /.extrafingerprints && \ + echo 0.1.10 >> /.extrafingerprints && \ md5sum watches.yaml >> /.extrafingerprints ENTRYPOINT ["/usr/local/bin/entrypoint", "--inject-owner-ref=false"] diff --git a/containers/tenant-namespace-operator/buildenv b/containers/tenant-namespace-operator/buildenv index 8f0e35b..8ca1fc8 100644 --- a/containers/tenant-namespace-operator/buildenv +++ b/containers/tenant-namespace-operator/buildenv @@ -1 +1 @@ -export PREFIX=0.1.9 +export PREFIX=0.1.10 diff --git a/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml index 0b8fe00..b243dbe 100644 --- a/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml +++ b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml @@ -32,8 +32,6 @@ name: "{{ meta.name }}-ingress-controller" namespace: "{{ meta.name }}-admin" register: ingressService - when: - - _miscscripts_pnnl_gov_tenantnamespace.status.loadBalancerIP is not defined - name: Merge in existing ingress ip if exists block: @@ -157,6 +155,44 @@ when: - loadBalancerIP is defined +# Delete resources that have selectors that need to be updated +- name: Remove upgrade resources + k8s: + state: absent + api_version: "{{ item.api_version }}" + kind: "{{ item.kind }}" + namespace: "{{ item.namespace }}" + name: "{{ item.name }}" + loop: + - api_version: apps/v1 + kind: Deployment + namespace: "{{ meta.name }}-admin" + name: "{{ meta.name }}-ingress-controller" + - api_version: v1 + kind: Service + namespace: "{{ meta.name }}-admin" + name: "{{ meta.name }}-ingress-controller" + - api_version: v1 + kind: Service + namespace: "{{ meta.name }}-admin" + name: "{{ meta.name }}-ingress-controller-metrics" + - api_version: apps/v1 + kind: Deployment + namespace: "{{ meta.name }}-admin" + name: "{{ meta.name }}-ingress-default-backend" + - api_version: v1 + kind: Service + namespace: "{{ meta.name }}-admin" + name: "{{ meta.name }}-ingress-default-backend" + when: + - not dryrun + - ingressService is defined + - ingressService.resources is defined + - ingressService.resources[0] is defined + - ingressService.resources[0].metadata is defined + - ingressService.resources[0].metadata.labels is defined + - ingressService.resources[0].metadata.labels.chart == "ingress-1.34.2" + #FIXME Consider making a service account specifically for this so it can't cross namespaces as far as it can today - name: Run Helm helm: From d8d6b1db43cce549ee7b511161b5a08d787aa378 Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Wed, 3 Mar 2021 14:00:28 -0800 Subject: [PATCH 241/331] Added upgrade marker for ingress nginx upgrade --- .../roles/tenantnamespace/tasks/main.yml | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml index b243dbe..e31b9fd 100644 --- a/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml +++ b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml @@ -32,6 +32,8 @@ name: "{{ meta.name }}-ingress-controller" namespace: "{{ meta.name }}-admin" register: ingressService + when: _miscscripts_pnnl_gov_tenantnamespace.status.loadBalancerIP is not defined or + _miscscripts_pnnl_gov_tenantnamespace.status.ingressNginxUpgradeComplete is not defined - name: Merge in existing ingress ip if exists block: @@ -191,8 +193,27 @@ - ingressService.resources[0] is defined - ingressService.resources[0].metadata is defined - ingressService.resources[0].metadata.labels is defined + - ingressService.resources[0].metadata.labels.chart is defined - ingressService.resources[0].metadata.labels.chart == "ingress-1.34.2" +- name: Add upgrade status marker + k8s_status: + api_version: miscscripts.pnnl.gov/v1beta1 + kind: TenantNamespace + name: "{{ meta.name }}" + namespace: "{{ meta.namespace }}" + status: + ingressNginxUpgradeComplete: true + when: + - not dryrun + - ingressService is defined + - ingressService.resources is defined + - ingressService.resources[0] is defined + - ingressService.resources[0].metadata is defined + - ingressService.resources[0].metadata.labels is defined + - ingressService.resources[0].metadata.labels["helm.sh/chart"] is defined + - ingressService.resources[0].metadata.labels["helm.sh/chart"] == "ingress-3.23.0" + #FIXME Consider making a service account specifically for this so it can't cross namespaces as far as it can today - name: Run Helm helm: From 6f50fff4b9d36c566dbdb450798196d2e9a0ebba Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Wed, 21 Apr 2021 17:23:43 -0700 Subject: [PATCH 242/331] Refactored ingress IP fetching Moved ingress IP fetching to after the flavor merge block Fixed ingress fetch when condition to account for ingress enabled --- .../roles/tenantnamespace/tasks/main.yml | 105 +++++++++--------- 1 file changed, 55 insertions(+), 50 deletions(-) diff --git a/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml index e31b9fd..8fb9d02 100644 --- a/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml +++ b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml @@ -19,56 +19,6 @@ when: - not dryrun -- name: Set ingress ip if known - set_fact: - loadBalancerIP: "{{ _miscscripts_pnnl_gov_tenantnamespace.status.loadBalancerIP }}" - when: - - _miscscripts_pnnl_gov_tenantnamespace.status.loadBalancerIP is defined - -- name: Fetch ingress service - k8s_info: - api_version: v1 - kind: Service - name: "{{ meta.name }}-ingress-controller" - namespace: "{{ meta.name }}-admin" - register: ingressService - when: _miscscripts_pnnl_gov_tenantnamespace.status.loadBalancerIP is not defined or - _miscscripts_pnnl_gov_tenantnamespace.status.ingressNginxUpgradeComplete is not defined - -- name: Merge in existing ingress ip if exists - block: - - name: Set ingress ip. - set_fact: - loadBalancerIP: "{{ ingressService.resources[0].status.loadBalancer.ingress[0].ip }}" - - k8s_status: - api_version: miscscripts.pnnl.gov/v1beta1 - kind: TenantNamespace - name: "{{ meta.name }}" - namespace: "{{ meta.namespace }}" - status: - loadBalancerIP: "{{ ingressService.resources[0].status.loadBalancer.ingress[0].ip }}" - when: - - _miscscripts_pnnl_gov_tenantnamespace.status.loadBalancerIP is not defined - - merged_values.ingress.controller.service.loadBalancerIP is not defined - - ingressService is defined - - ingressService.resources is defined - - ingressService.resources[0] is defined - - ingressService.resources[0].status is defined - - ingressService.resources[0].status.loadBalancer is defined - - ingressService.resources[0].status.loadBalancer.ingress is defined - - ingressService.resources[0].status.loadBalancer.ingress[0] is defined - - ingressService.resources[0].status.loadBalancer.ingress[0].ip is defined - -- name: Set ingress ip if specified - set_fact: - loadBalancerIP: "{{ _miscscripts_pnnl_gov_tenantnamespace.spec.ingress.controller.service.loadBalancerIP }}" - when: - - loadBalancerIP is not defined - - _miscscripts_pnnl_gov_tenantnamespace.spec.ingress is defined - - _miscscripts_pnnl_gov_tenantnamespace.spec.ingress.controller is defined - - _miscscripts_pnnl_gov_tenantnamespace.spec.ingress.controller.service is defined - - _miscscripts_pnnl_gov_tenantnamespace.spec.ingress.controller.service.loadBalancerIP is defined - - name: Set initial defaults. They be overridden. set_fact: merged_values: @@ -79,6 +29,9 @@ autoSetNamespaceAndTags: true spec: runners: {} + ingress: + nginx: + enabled: true - name: Load in Flavor values if referenced block: - name: Fetch referenced flavor @@ -142,6 +95,58 @@ set_fact: merged_values: "{{ merged_values | combine(overrides, recursive=True) }}" +- name: Set ingress ip if known + set_fact: + loadBalancerIP: "{{ _miscscripts_pnnl_gov_tenantnamespace.status.loadBalancerIP }}" + when: + - _miscscripts_pnnl_gov_tenantnamespace.status.loadBalancerIP is defined + +- name: Fetch ingress service + k8s_info: + api_version: v1 + kind: Service + name: "{{ meta.name }}-ingress-controller" + namespace: "{{ meta.name }}-admin" + register: ingressService + when: > + merged_values.ingress.nginx.enabled and + (_miscscripts_pnnl_gov_tenantnamespace.status.loadBalancerIP is not defined or + _miscscripts_pnnl_gov_tenantnamespace.status.ingressNginxUpgradeComplete is not defined) + +- name: Merge in existing ingress ip if exists + block: + - name: Set ingress ip. + set_fact: + loadBalancerIP: "{{ ingressService.resources[0].status.loadBalancer.ingress[0].ip }}" + - k8s_status: + api_version: miscscripts.pnnl.gov/v1beta1 + kind: TenantNamespace + name: "{{ meta.name }}" + namespace: "{{ meta.namespace }}" + status: + loadBalancerIP: "{{ ingressService.resources[0].status.loadBalancer.ingress[0].ip }}" + when: + - _miscscripts_pnnl_gov_tenantnamespace.status.loadBalancerIP is not defined + - merged_values.ingress.controller.service.loadBalancerIP is not defined + - ingressService is defined + - ingressService.resources is defined + - ingressService.resources[0] is defined + - ingressService.resources[0].status is defined + - ingressService.resources[0].status.loadBalancer is defined + - ingressService.resources[0].status.loadBalancer.ingress is defined + - ingressService.resources[0].status.loadBalancer.ingress[0] is defined + - ingressService.resources[0].status.loadBalancer.ingress[0].ip is defined + +- name: Set ingress ip if specified + set_fact: + loadBalancerIP: "{{ _miscscripts_pnnl_gov_tenantnamespace.spec.ingress.controller.service.loadBalancerIP }}" + when: + - loadBalancerIP is not defined + - _miscscripts_pnnl_gov_tenantnamespace.spec.ingress is defined + - _miscscripts_pnnl_gov_tenantnamespace.spec.ingress.controller is defined + - _miscscripts_pnnl_gov_tenantnamespace.spec.ingress.controller.service is defined + - _miscscripts_pnnl_gov_tenantnamespace.spec.ingress.controller.service.loadBalancerIP is defined + - name: Force loadBalancerIP address setting set_fact: loadBalancerIP_overrides: From 96c88596423aeb47a8543972ccfe3c9ca363de2c Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Fri, 21 May 2021 14:18:41 -0700 Subject: [PATCH 243/331] Added k8s 1.21 image and charts --- .github/workflows/main.yml | 39 ++++++++++++++++++++++++++++ charts/charts/buildall | 4 +-- charts/image-library-charts/buildall | 2 +- 3 files changed, 42 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index cc83e03..6449434 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -198,6 +198,18 @@ jobs: printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-kubernetes 1.20 rm -f rpm.priv + buildc-rpms-k8s-21: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Build rpms-kubernetes container 1.21 + env: + RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} + run: | + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build rpms-kubernetes 1.21 + rm -f rpm.priv buildc-anaconda: runs-on: ubuntu-20.04 steps: @@ -291,6 +303,23 @@ jobs: printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build k8s-node-image 1.20 rm -f rpm.priv + build-node-image-21: + runs-on: ubuntu-20.04 + needs: + - buildc-rpms-node-base + - buildc-rpms-containerd + - buildc-rpms-openvswitch + - buildc-rpms-k8s-21 + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Build full k8s node image 1.21 + env: + RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} + run: | + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build k8s-node-image 1.21 + rm -f rpm.priv buildc-anaconda-nginx: runs-on: ubuntu-20.04 @@ -346,6 +375,15 @@ jobs: uses: actions/checkout@v2 - name: Build k8s-node-image+nginx container 1.20 run: ./containers/build k8s-node-image-nginx 1.20 + build-node-image-21-nginx: + runs-on: ubuntu-20.04 + needs: + - build-node-image-21 + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Build k8s-node-image+nginx container 1.21 + run: ./containers/build k8s-node-image-nginx 1.21 build-image-library-charts: runs-on: ubuntu-20.04 @@ -362,6 +400,7 @@ jobs: - build-node-image-18-nginx - build-node-image-19-nginx - build-node-image-20-nginx + - build-node-image-21-nginx - buildc-pixiecore # - buildc-smartctl-exporter env: diff --git a/charts/charts/buildall b/charts/charts/buildall index 51cc4c1..22e35fc 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -22,7 +22,7 @@ helm repo add pnnl-miscscripts-image-library-charts https://pnnl-miscscripts.git helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx helm repo update -for ver in 1-16 1-17 1-18 1-19 1-20; do +for ver in 1-16 1-17 1-18 1-19 1-20 1-21; do cp -a k8s-node-image k8s-node-image-$ver sed -i "s@k8s-node-image-nginx-1-14@k8s-node-image-nginx-$ver@g" k8s-node-image-$ver/requirements.yaml k8s-node-image-$ver/values.yaml sed -i "s@^name:.*@name: k8s-node-image-$ver@g" k8s-node-image-$ver/Chart.yaml @@ -41,7 +41,7 @@ for CHART in nginx-app console chronyd dhcpd ipmi-exporter kubeupdater k8s-node- RAWCHART=$CHART case "$CHART" in k8s-node-image) - SUBBUILDS="1-16 1-17 1-18 1-19 1-20" + SUBBUILDS="1-16 1-17 1-18 1-19 1-20 1-21" ;; *) SUBBUILDS="latest" diff --git a/charts/image-library-charts/buildall b/charts/image-library-charts/buildall index 3c22930..3503931 100755 --- a/charts/image-library-charts/buildall +++ b/charts/image-library-charts/buildall @@ -23,7 +23,7 @@ CHANGE=0 for CONTAINER in ipmitool ipmi-exporter dhcpd inotify-tools chronyd debug-toolbox anaconda-nginx k8s-node-image-nginx pixiecore smartctl-exporter; do case "$CONTAINER" in k8s-node-image-nginx) - SUBBUILDS="1.16 1.17 1.18 1.19 1.20" + SUBBUILDS="1.16 1.17 1.18 1.19 1.20 1.21" ;; *) SUBBUILDS="latest" From 7411235ae8a54d21817219c8f36c806926065305 Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Mon, 24 May 2021 10:26:17 -0700 Subject: [PATCH 244/331] Removed 1.16 builds --- .github/workflows/main.yml | 38 ---------------------------- charts/charts/buildall | 4 +-- charts/image-library-charts/buildall | 2 +- 3 files changed, 3 insertions(+), 41 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 6449434..ffb02bc 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -138,18 +138,6 @@ jobs: printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-openvswitch rm -f rpm.priv - buildc-rpms-k8s-16: - runs-on: ubuntu-20.04 - steps: - - name: Checkout - uses: actions/checkout@v2 - - name: Build rpms-kubernetes container 1.16 - env: - RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} - run: | - printf "%s" "$RPM_GPG_KEY" > rpm.priv - ./containers/build rpms-kubernetes 1.16 - rm -f rpm.priv buildc-rpms-k8s-17: runs-on: ubuntu-20.04 steps: @@ -218,23 +206,6 @@ jobs: - name: Build anaconda container run: ./containers/build anaconda - build-node-image-16: - runs-on: ubuntu-20.04 - needs: - - buildc-rpms-node-base - - buildc-rpms-containerd - - buildc-rpms-openvswitch - - buildc-rpms-k8s-16 - steps: - - name: Checkout - uses: actions/checkout@v2 - - name: Build full k8s node image 1.16 - env: - RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} - run: | - printf "%s" "$RPM_GPG_KEY" > rpm.priv - ./containers/build k8s-node-image 1.16 - rm -f rpm.priv build-node-image-17: runs-on: ubuntu-20.04 needs: @@ -330,15 +301,6 @@ jobs: uses: actions/checkout@v2 - name: Build anaconda+nginx container run: ./containers/build anaconda-nginx - build-node-image-16-nginx: - runs-on: ubuntu-20.04 - needs: - - build-node-image-16 - steps: - - name: Checkout - uses: actions/checkout@v2 - - name: Build k8s-node-image+nginx container 1.16 - run: ./containers/build k8s-node-image-nginx 1.16 build-node-image-17-nginx: runs-on: ubuntu-20.04 needs: diff --git a/charts/charts/buildall b/charts/charts/buildall index 22e35fc..4076b2b 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -22,7 +22,7 @@ helm repo add pnnl-miscscripts-image-library-charts https://pnnl-miscscripts.git helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx helm repo update -for ver in 1-16 1-17 1-18 1-19 1-20 1-21; do +for ver in 1-17 1-18 1-19 1-20 1-21; do cp -a k8s-node-image k8s-node-image-$ver sed -i "s@k8s-node-image-nginx-1-14@k8s-node-image-nginx-$ver@g" k8s-node-image-$ver/requirements.yaml k8s-node-image-$ver/values.yaml sed -i "s@^name:.*@name: k8s-node-image-$ver@g" k8s-node-image-$ver/Chart.yaml @@ -41,7 +41,7 @@ for CHART in nginx-app console chronyd dhcpd ipmi-exporter kubeupdater k8s-node- RAWCHART=$CHART case "$CHART" in k8s-node-image) - SUBBUILDS="1-16 1-17 1-18 1-19 1-20 1-21" + SUBBUILDS="1-17 1-18 1-19 1-20 1-21" ;; *) SUBBUILDS="latest" diff --git a/charts/image-library-charts/buildall b/charts/image-library-charts/buildall index 3503931..0962fb1 100755 --- a/charts/image-library-charts/buildall +++ b/charts/image-library-charts/buildall @@ -23,7 +23,7 @@ CHANGE=0 for CONTAINER in ipmitool ipmi-exporter dhcpd inotify-tools chronyd debug-toolbox anaconda-nginx k8s-node-image-nginx pixiecore smartctl-exporter; do case "$CONTAINER" in k8s-node-image-nginx) - SUBBUILDS="1.16 1.17 1.18 1.19 1.20 1.21" + SUBBUILDS="1.17 1.18 1.19 1.20 1.21" ;; *) SUBBUILDS="latest" From a63a50c26876182866d189eeb4a9100b1d6f9ea5 Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Mon, 24 May 2021 10:31:06 -0700 Subject: [PATCH 245/331] Removed reference to deleted 1.16 build --- .github/workflows/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index ffb02bc..84fab14 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -357,7 +357,6 @@ jobs: - buildc-inotify-tools - buildc-ipmi-exporter - buildc-ipmitool - - build-node-image-16-nginx - build-node-image-17-nginx - build-node-image-18-nginx - build-node-image-19-nginx From 39c162dda4df463919c15cf60e9cac63c4b178bd Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 28 May 2021 12:06:44 -0700 Subject: [PATCH 246/331] Allow custom upgrade scripts in kubeupdater --- charts/charts/kubeupdater/Chart.yaml | 2 +- charts/charts/kubeupdater/bin/kubeupdater | 3 ++- charts/charts/kubeupdater/templates/bin-configmap.yaml | 9 +++++++++ charts/charts/kubeupdater/values.yaml | 5 +++++ 4 files changed, 17 insertions(+), 2 deletions(-) diff --git a/charts/charts/kubeupdater/Chart.yaml b/charts/charts/kubeupdater/Chart.yaml index b8c6df0..327783c 100644 --- a/charts/charts/kubeupdater/Chart.yaml +++ b/charts/charts/kubeupdater/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: A Helm chart for Kubernetes name: kubeupdater -version: 0.6.0 +version: 0.7.0 diff --git a/charts/charts/kubeupdater/bin/kubeupdater b/charts/charts/kubeupdater/bin/kubeupdater index 7549a8b..887b15d 100755 --- a/charts/charts/kubeupdater/bin/kubeupdater +++ b/charts/charts/kubeupdater/bin/kubeupdater @@ -31,9 +31,10 @@ if [ "x$flag" == "x-u" ]; then systemctl stop kubelet yum install kubeadm -y kubeadm upgrade node + pre_upgrade yum upgrade -y + post_upgrade kubectl label node $HOSTNAME miscscripts.pnnl.gov/upgrade-needed- - echo "Done upgrading" reboot fi done diff --git a/charts/charts/kubeupdater/templates/bin-configmap.yaml b/charts/charts/kubeupdater/templates/bin-configmap.yaml index 085152b..b6daf4d 100644 --- a/charts/charts/kubeupdater/templates/bin-configmap.yaml +++ b/charts/charts/kubeupdater/templates/bin-configmap.yaml @@ -6,4 +6,13 @@ metadata: {{- include "kubeupdater.labels" . | nindent 4 }} data: kubeupdater: | + #!/bin/bash + function pre_upgrade { +{{ .Values.extraPreUpgradeScript | indent 6 }} + } + + function post_upgrade { +{{ .Values.extraPostUpgradeScript | indent 6 }} + } + {{ .Files.Get "bin/kubeupdater" | indent 4 }} diff --git a/charts/charts/kubeupdater/values.yaml b/charts/charts/kubeupdater/values.yaml index d45a04d..c2f1579 100644 --- a/charts/charts/kubeupdater/values.yaml +++ b/charts/charts/kubeupdater/values.yaml @@ -50,3 +50,8 @@ nodeSelector: {} tolerations: [] affinity: {} + +extraPreUpgradeScript: | + echo "About to upgrade everything" +extraPostUpgradeScript: | + echo "Done upgrading" From 13eec99d17d9dbaf5fd0203f682ff6ad414f68b3 Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Fri, 28 May 2021 14:54:15 -0700 Subject: [PATCH 247/331] Updated rpms-containerd to pull package from Docker Updated package name to containerd.io Added Dockerfile from aliases to k8s-node-image --- containers/k8s-node-image/Dockerfile | 26 +++++----- containers/rpms-containerd/Dockerfile | 35 +++----------- containers/rpms-containerd/buildenv | 2 +- containers/rpms-containerd/containerd.spec | 55 ---------------------- containers/rpms-containerd/docker-ce.repo | 6 +++ 5 files changed, 26 insertions(+), 98 deletions(-) delete mode 100644 containers/rpms-containerd/containerd.spec create mode 100644 containers/rpms-containerd/docker-ce.repo diff --git a/containers/k8s-node-image/Dockerfile b/containers/k8s-node-image/Dockerfile index 5de9712..e334074 100644 --- a/containers/k8s-node-image/Dockerfile +++ b/containers/k8s-node-image/Dockerfile @@ -1,15 +1,15 @@ # syntax = docker/dockerfile:1.0-experimental ARG SUBBUILD=1.13 -FROM pnnlmiscscripts/rpms-node-base:latest -FROM pnnlmiscscripts/rpms-containerd:latest -FROM pnnlmiscscripts/rpms-openvswitch:latest -FROM pnnlmiscscripts/rpms-kubernetes:$SUBBUILD +FROM pnnlmiscscripts/rpms-node-base:latest as base +FROM pnnlmiscscripts/rpms-containerd:latest as containerd +FROM pnnlmiscscripts/rpms-openvswitch:latest as openvswitch +FROM pnnlmiscscripts/rpms-kubernetes:$SUBBUILD as kubernetes -FROM centos:centos7 -COPY --from=0 /data /rpmdata -COPY --from=1 /data /data/containerd -COPY --from=2 /data /data/openvswitch -COPY --from=3 /data /data/kubernetes +FROM centos:centos7 as repobuild +COPY --from=base /data /rpmdata +COPY --from=containerd /data /data/containerd +COPY --from=openvswitch /data /data/openvswitch +COPY --from=kubernetes /data /data/kubernetes ADD rpm.pub /root/rpm.pub RUN --mount=type=secret,id=gpg \ yum install -y createrepo yum-utils gnupg2 && \ @@ -24,8 +24,8 @@ RUN --mount=type=secret,id=gpg \ echo Done building repo. FROM pnnlmiscscripts/rpms-node-base:latest -COPY --from=2 /data /data/openvswitch -COPY --from=1 /data /data/containerd -COPY --from=3 /data /data/kubernetes -COPY --from=4 /data/repodata /data/repodata +COPY --from=openvswitch /data /data/openvswitch +COPY --from=containerd /data /data/containerd +COPY --from=kubernetes /data /data/kubernetes +COPY --from=repobuild /data/repodata /data/repodata diff --git a/containers/rpms-containerd/Dockerfile b/containers/rpms-containerd/Dockerfile index 57f7769..96df959 100644 --- a/containers/rpms-containerd/Dockerfile +++ b/containers/rpms-containerd/Dockerfile @@ -1,46 +1,23 @@ # syntax = docker/dockerfile:1.0-experimental FROM centos:centos7 -MAINTAINER Kevin Fox -ENV VERSION=1.3.4 - -ADD containerd.spec /root/rpmbuild/SOURCES/containerd.spec ADD rpm.pub /root/rpm.pub ADD rpmmacros /root/.rpmmacros +ADD docker-ce.repo /etc/yum.repos.d/ RUN --mount=type=secret,id=gpg \ - set -x && \ cd / && \ - yum install -y rpmdevtools cpio createrepo gnupg2 rpm-sign && \ - rpmdev-setuptree && \ - NEWVER=$(echo "$VERSION" | awk -F. '{print $1 "." $2 "." $3+1}') && \ - (! curl -f -I "https://storage.googleapis.com/cri-containerd-release/cri-containerd-$NEWVER.linux-amd64.tar.gz") && \ - NEWVER=$(echo "$VERSION" | awk -F. '{print $1 "." $2+1 ".0"}') && \ - (! curl -f -I "https://storage.googleapis.com/cri-containerd-release/cri-containerd-$NEWVER.linux-amd64.tar.gz") && \ - sed -i "s/^\(Version:\).*$/\1 $VERSION/" /root/rpmbuild/SOURCES/containerd.spec && \ - spectool -g -R /root/rpmbuild/SOURCES/containerd.spec && \ - cat /root/rpmbuild/SOURCES/containerd.spec && \ - rpmbuild -ba /root/rpmbuild/SOURCES/containerd.spec && \ - mkdir -p rpms && \ - mv ~/rpmbuild/RPMS/x86_64/* rpms/ && \ + set -e && \ + yum install -y createrepo gnupg2 rpm-sign && \ + mkdir -p rpms/ && \ + yumdownloader --resolv --destdir rpms containerd.io && \ gpg --import /run/secrets/gpg && \ gpg --import /root/rpm.pub && \ rpm --addsign $(find rpms -type f -name '*.rpm') && \ createrepo rpms && \ gpg --detach-sign --armor rpms/repodata/repomd.xml && \ rm -rf ~/.gnupg && \ - cp /root/rpm.pub /rpms/repodata/RPM-GPG-KEY && \ - mkdir tmp1 && \ - pushd tmp1 && \ - tar -xvf ~/rpmbuild/SOURCES/cri-containerd-$VERSION.linux-amd64.tar.gz && \ - SUM=$(md5sum usr/local/bin/containerd | awk '{print $1}') && \ - popd && \ - mkdir tmp2 && \ - pushd tmp2 && \ - rpm2cpio ../rpms/containerd*.rpm | cpio -idmv && \ - SUM2=$(md5sum usr/local/bin/containerd | awk '{print $1}') && \ - [ "x$SUM" != "x$SUM2" ] && echo "Checksums don't match" && exit -1 || true && \ - popd + cp /root/rpm.pub /rpms/repodata/RPM-GPG-KEY FROM scratch COPY --from=0 /rpms /data diff --git a/containers/rpms-containerd/buildenv b/containers/rpms-containerd/buildenv index 074c324..7db55e9 100644 --- a/containers/rpms-containerd/buildenv +++ b/containers/rpms-containerd/buildenv @@ -1,4 +1,4 @@ export AUTO_PREFIX=rpmrepo-version -export AUTO_PREFIX_PACKAGE=containerd +export AUTO_PREFIX_PACKAGE=containerd.io export DOCKER_BUILDKIT=1 export GPGSIGN=1 diff --git a/containers/rpms-containerd/containerd.spec b/containers/rpms-containerd/containerd.spec deleted file mode 100644 index 580c82a..0000000 --- a/containers/rpms-containerd/containerd.spec +++ /dev/null @@ -1,55 +0,0 @@ -%global _enable_debug_package 0 -%global debug_package %{nil} -%global __os_install_post /usr/lib/rpm/brp-compress %{nil} -Summary: ContainerD and friends -Name: containerd -Version: @VERSION@ -Release: 2 -License: APL -Packager: MISCSCRIPTS -Group: Development/Tools - -Source0: https://storage.googleapis.com/cri-containerd-release/cri-containerd-%{version}.linux-amd64.tar.gz -Source1: https://storage.googleapis.com/cri-containerd-release/cri-containerd-%{version}.linux-amd64.tar.gz.sha256 - -Requires: container-selinux -%{?systemd_requires} -BuildRequires: systemd -BuildRequires: coreutils - -%description -%{summary} - -%prep -echo "$(cat %{SOURCE1}) %{SOURCE0}" | sha256sum --check -%setup -c - -%build -echo nothing to build - -%install -mkdir -p %{buildroot} -cp -a etc usr %{buildroot} -ls -l %{buildroot} - -%files -/usr/local/bin/containerd-stress -/usr/local/bin/containerd-shim-runc-v1 -/usr/local/bin/containerd-shim-runc-v2 -/usr/local/bin/crictl -/usr/local/bin/ctr -/usr/local/bin/critest -/usr/local/bin/containerd -/usr/local/bin/containerd-shim -/usr/local/sbin/runc -/etc/systemd/system/containerd.service -/etc/crictl.yaml - -%post -%systemd_post containerd.service - -%preun -%systemd_preun containerd.service - -%postun -%systemd_postun_with_restart containerd.service diff --git a/containers/rpms-containerd/docker-ce.repo b/containers/rpms-containerd/docker-ce.repo new file mode 100644 index 0000000..2605574 --- /dev/null +++ b/containers/rpms-containerd/docker-ce.repo @@ -0,0 +1,6 @@ +[docker-ce-stable] +name=Docker CE Stable - $basearch +baseurl=https://download.docker.com/linux/centos/$releasever/$basearch/stable +enabled=1 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/centos/gpg From b2a08b39936f34e91628f26c34bea41704692fdf Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Wed, 7 Jul 2021 15:48:26 -0700 Subject: [PATCH 248/331] Updated ingress-nginx chart to 3.34.0 --- charts/charts/tenant-namespace/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/charts/tenant-namespace/Chart.yaml b/charts/charts/tenant-namespace/Chart.yaml index 9496aec..5cd681b 100644 --- a/charts/charts/tenant-namespace/Chart.yaml +++ b/charts/charts/tenant-namespace/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 type: application description: Chart for setting up a tenants namespace with all the goodies name: tenant-namespace -version: 0.7.7 +version: 0.7.8 appVersion: "1.0" dependencies: - name: magic-namespace @@ -16,6 +16,6 @@ dependencies: repository: "https://charts.helm.sh/stable" - name: ingress-nginx alias: ingress - version: "3.23.0" + version: "3.34.0" repository: "https://kubernetes.github.io/ingress-nginx" condition: ingress.nginx.enabled From 7f819ca7ea68e91abb6b10f1e56cda17e56b48f6 Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Wed, 7 Jul 2021 17:14:42 -0700 Subject: [PATCH 249/331] Upgraded tenant-namespace-operator Upgraded tenant-namespace chart version Handled new version of ingress-nginx Added ingress-nginx patch to fix configmap regression Added extra namespace labels and annotations support --- .../tenant-namespace-operator/Chart.yaml | 4 +- .../tenant-namespace-operator/Dockerfile | 11 ++- containers/tenant-namespace-operator/buildenv | 2 +- .../tenant-namespace-operator/configmap.patch | 76 +++++++++++++++++++ .../roles/tenantnamespace/tasks/main.yml | 20 +++-- 5 files changed, 99 insertions(+), 14 deletions(-) create mode 100644 containers/tenant-namespace-operator/configmap.patch diff --git a/charts/charts/tenant-namespace-operator/Chart.yaml b/charts/charts/tenant-namespace-operator/Chart.yaml index 9f30784..e231bc1 100644 --- a/charts/charts/tenant-namespace-operator/Chart.yaml +++ b/charts/charts/tenant-namespace-operator/Chart.yaml @@ -14,8 +14,8 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.1.12 +version: 0.1.13 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: 0.1.10-1 +appVersion: 0.1.11-1 diff --git a/containers/tenant-namespace-operator/Dockerfile b/containers/tenant-namespace-operator/Dockerfile index ade7178..87206f8 100644 --- a/containers/tenant-namespace-operator/Dockerfile +++ b/containers/tenant-namespace-operator/Dockerfile @@ -4,7 +4,7 @@ ARG helm_version=v3.3.4 USER 0 RUN \ yum clean all && \ - yum install -y git && \ + yum install -y git patch && \ yum clean all && \ curl -o helm.tar.gz https://get.helm.sh/helm-${helm_version}-linux-amd64.tar.gz && \ tar -zxvf helm.tar.gz && \ @@ -17,7 +17,7 @@ RUN \ USER 1001 WORKDIR ${HOME} -COPY watches.yaml requirements.yml ${HOME}/ +COPY configmap.patch watches.yaml requirements.yml ${HOME}/ COPY roles/ ${HOME}/roles/ #FIXME forcing ingress newer to work on newer k8s clusters. Fix upstream chart. @@ -25,9 +25,12 @@ RUN \ ansible-galaxy collection install -r ${HOME}/requirements.yml && \ chmod -R ug+rwx ${HOME}/.ansible && \ helm plugin install https://github.com/databus23/helm-diff --version master && \ - helm pull --repo https://pnnl-miscscripts.github.io/charts tenant-namespace --version 0.6.8 --untar && \ + helm pull --repo https://pnnl-miscscripts.github.io/charts tenant-namespace --version 0.6.9 --untar && \ + cd tenant-namespace/charts/ingress-nginx/ && \ + patch -p3 <${HOME}/configmap.patch && \ + cd - && \ find roles/ -type f -exec md5sum {} \; > /.extrafingerprints && \ - echo 0.1.10 >> /.extrafingerprints && \ + echo 0.1.11 >> /.extrafingerprints && \ md5sum watches.yaml >> /.extrafingerprints ENTRYPOINT ["/usr/local/bin/entrypoint", "--inject-owner-ref=false"] diff --git a/containers/tenant-namespace-operator/buildenv b/containers/tenant-namespace-operator/buildenv index 8ca1fc8..6d8f18b 100644 --- a/containers/tenant-namespace-operator/buildenv +++ b/containers/tenant-namespace-operator/buildenv @@ -1 +1 @@ -export PREFIX=0.1.10 +export PREFIX=0.1.11 diff --git a/containers/tenant-namespace-operator/configmap.patch b/containers/tenant-namespace-operator/configmap.patch new file mode 100644 index 0000000..d6620c4 --- /dev/null +++ b/containers/tenant-namespace-operator/configmap.patch @@ -0,0 +1,76 @@ +diff --git a/charts/ingress-nginx/templates/controller-daemonset.yaml b/charts/ingress-nginx/templates/controller-daemonset.yaml +index 991dc4f3653..b20ada1f434 100644 +--- a/charts/ingress-nginx/templates/controller-daemonset.yaml ++++ b/charts/ingress-nginx/templates/controller-daemonset.yaml +@@ -80,15 +80,15 @@ spec: + {{- end }} + - --election-id={{ .Values.controller.electionID }} + - --ingress-class={{ .Values.controller.ingressClass }} +- - --configmap={{ .Release.Namespace }}/{{ include "ingress-nginx.controller.fullname" . }} ++ - --configmap={{ default "$(POD_NAMESPACE)" .Values.controller.configMapNamespace }}/{{ include "ingress-nginx.controller.fullname" . }} + {{- if .Values.tcp }} +- - --tcp-services-configmap={{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-tcp ++ - --tcp-services-configmap={{ default "$(POD_NAMESPACE)" .Values.controller.tcp.configMapNamespace }}/{{ include "ingress-nginx.fullname" . }}-tcp + {{- end }} + {{- if .Values.udp }} +- - --udp-services-configmap={{ .Release.Namespace }}/{{ include "ingress-nginx.fullname" . }}-udp ++ - --udp-services-configmap={{ default "$(POD_NAMESPACE)" .Values.controller.udp.configMapNamespace }}/{{ include "ingress-nginx.fullname" . }}-udp + {{- end }} + {{- if .Values.controller.scope.enabled }} +- - --watch-namespace={{ default .Release.Namespace .Values.controller.scope.namespace }} ++ - --watch-namespace={{ default "$(POD_NAMESPACE)" .Values.controller.scope.namespace }} + {{- end }} + {{- if and .Values.controller.reportNodeInternalIp .Values.controller.hostNetwork }} + - --report-node-internal-ip-address={{ .Values.controller.reportNodeInternalIp }} +diff --git a/charts/ingress-nginx/templates/controller-deployment.yaml b/charts/ingress-nginx/templates/controller-deployment.yaml +index fe3b56a73ce..97dc7251557 100644 +--- a/charts/ingress-nginx/templates/controller-deployment.yaml ++++ b/charts/ingress-nginx/templates/controller-deployment.yaml +@@ -84,12 +84,12 @@ spec: + {{- end }} + - --election-id={{ .Values.controller.electionID }} + - --ingress-class={{ .Values.controller.ingressClass }} +- - --configmap=$(POD_NAMESPACE)/{{ include "ingress-nginx.controller.fullname" . }} ++ - --configmap={{ default "$(POD_NAMESPACE)" .Values.controller.configMapNamespace }}/{{ include "ingress-nginx.controller.fullname" . }} + {{- if .Values.tcp }} +- - --tcp-services-configmap=$(POD_NAMESPACE)/{{ include "ingress-nginx.fullname" . }}-tcp ++ - --tcp-services-configmap={{ default "$(POD_NAMESPACE)" .Values.controller.tcp.configMapNamespace }}/{{ include "ingress-nginx.fullname" . }}-tcp + {{- end }} + {{- if .Values.udp }} +- - --udp-services-configmap=$(POD_NAMESPACE)/{{ include "ingress-nginx.fullname" . }}-udp ++ - --udp-services-configmap={{ default "$(POD_NAMESPACE)" .Values.controller.udp.configMapNamespace }}/{{ include "ingress-nginx.fullname" . }}-udp + {{- end }} + {{- if .Values.controller.scope.enabled }} + - --watch-namespace={{ default "$(POD_NAMESPACE)" .Values.controller.scope.namespace }} +diff --git a/charts/ingress-nginx/values.yaml b/charts/ingress-nginx/values.yaml +index 0f66c48ef47..944d00ab704 100644 +--- a/charts/ingress-nginx/values.yaml ++++ b/charts/ingress-nginx/values.yaml +@@ -109,23 +109,23 @@ controller: + ## + scope: + enabled: false +- namespace: "" # defaults to .Release.Namespace ++ namespace: "" # defaults to $(POD_NAMESPACE) + + ## Allows customization of the configmap / nginx-configmap namespace + ## +- configMapNamespace: "" # defaults to .Release.Namespace ++ configMapNamespace: "" # defaults to $(POD_NAMESPACE) + + ## Allows customization of the tcp-services-configmap + ## + tcp: +- configMapNamespace: "" # defaults to .Release.Namespace ++ configMapNamespace: "" # defaults to $(POD_NAMESPACE) + ## Annotations to be added to the tcp config configmap + annotations: {} + + ## Allows customization of the udp-services-configmap + ## + udp: +- configMapNamespace: "" # defaults to .Release.Namespace ++ configMapNamespace: "" # defaults to $(POD_NAMESPACE) + ## Annotations to be added to the udp config configmap + annotations: {} + \ No newline at end of file diff --git a/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml index 8fb9d02..3fdfcc3 100644 --- a/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml +++ b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml @@ -5,6 +5,10 @@ set_fact: dryrun: "{{ lookup('env','DRYRUN') | default('False') | bool }}" +- name: Set admin labels + set_fact: + adminlabels: "{{ _miscscripts_pnnl_gov_tenantnamespace_spec.extraNamespaceLabels | default({}) | combine({'name': meta.name + '-admin', 'miscscripts.pnnl.gov/namespace-type': 'admin'}, recursive=True) }}" + - name: Create the k8s admin namespace k8s: state: present @@ -13,9 +17,8 @@ kind: Namespace metadata: name: "{{ meta.name }}-admin" - labels: - name: "{{ meta.name }}-admin" - miscscripts.pnnl.gov/namespace-type: admin + labels: "{{ adminlabels }}" + annotations: "{{ _miscscripts_pnnl_gov_tenantnamespace_spec.extraNamespaceAnnotations | default({}) }}" when: - not dryrun @@ -217,7 +220,7 @@ - ingressService.resources[0].metadata is defined - ingressService.resources[0].metadata.labels is defined - ingressService.resources[0].metadata.labels["helm.sh/chart"] is defined - - ingressService.resources[0].metadata.labels["helm.sh/chart"] == "ingress-3.23.0" + - ingressService.resources[0].metadata.labels["helm.sh/chart"] == "ingress-3.34.0" #FIXME Consider making a service account specifically for this so it can't cross namespaces as far as it can today - name: Run Helm @@ -269,6 +272,10 @@ status: diff: "{{ differ | b64encode }}" +- name: Set user labels + set_fact: + userlabels: "{{ _miscscripts_pnnl_gov_tenantnamespace_spec.extraNamespaceLabels | default({}) | combine({'name': meta.name, 'miscscripts.pnnl.gov/namespace-type': 'user'}, recursive=True) }}" + - name: Create the k8s user namespace k8s: state: present @@ -277,9 +284,8 @@ kind: Namespace metadata: name: "{{ meta.name }}" - labels: - name: "{{ meta.name }}" - miscscripts.pnnl.gov/namespace-type: user + labels: "{{ userlabels }}" + annotations: "{{ _miscscripts_pnnl_gov_tenantnamespace_spec.extraNamespaceAnnotations | default({}) }}" when: - not dryrun From 1b91124ce5212d2e0f6622a713f23789ded95ab9 Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Wed, 14 Jul 2021 15:18:55 -0700 Subject: [PATCH 250/331] Fixed tenant-namespace-operator issues Fixed extra space in configmap patch for ingress-nginx Fixed patch command generating .orig files Fixed community.kubernetes version range due to rename --- containers/tenant-namespace-operator/Dockerfile | 2 +- containers/tenant-namespace-operator/configmap.patch | 1 - containers/tenant-namespace-operator/requirements.yml | 2 +- 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/containers/tenant-namespace-operator/Dockerfile b/containers/tenant-namespace-operator/Dockerfile index 87206f8..6df9d87 100644 --- a/containers/tenant-namespace-operator/Dockerfile +++ b/containers/tenant-namespace-operator/Dockerfile @@ -27,7 +27,7 @@ RUN \ helm plugin install https://github.com/databus23/helm-diff --version master && \ helm pull --repo https://pnnl-miscscripts.github.io/charts tenant-namespace --version 0.6.9 --untar && \ cd tenant-namespace/charts/ingress-nginx/ && \ - patch -p3 <${HOME}/configmap.patch && \ + patch -p3 --no-backup-if-mismatch <${HOME}/configmap.patch && \ cd - && \ find roles/ -type f -exec md5sum {} \; > /.extrafingerprints && \ echo 0.1.11 >> /.extrafingerprints && \ diff --git a/containers/tenant-namespace-operator/configmap.patch b/containers/tenant-namespace-operator/configmap.patch index d6620c4..9c11185 100644 --- a/containers/tenant-namespace-operator/configmap.patch +++ b/containers/tenant-namespace-operator/configmap.patch @@ -73,4 +73,3 @@ index 0f66c48ef47..944d00ab704 100644 + configMapNamespace: "" # defaults to $(POD_NAMESPACE) ## Annotations to be added to the udp config configmap annotations: {} - \ No newline at end of file diff --git a/containers/tenant-namespace-operator/requirements.yml b/containers/tenant-namespace-operator/requirements.yml index 3776065..b81fa18 100644 --- a/containers/tenant-namespace-operator/requirements.yml +++ b/containers/tenant-namespace-operator/requirements.yml @@ -1,4 +1,4 @@ collections: - name: community.kubernetes - version: ">=0.11.0" + version: "<2.0.0" - name: operator_sdk.util From db200c1802f15450649a195a66c04d62b89fca97 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 9 Aug 2021 11:39:15 -0700 Subject: [PATCH 251/331] Remove tiller --- charts/charts/magic-namespace/Chart.yaml | 6 +- charts/charts/magic-namespace/README.md | 63 ++-------- .../magic-namespace/templates/secret.yaml | 19 --- .../templates/tiller-deployment.yaml | 118 ------------------ .../templates/tiller-rolebinding.yaml | 28 ----- .../templates/tiller-service.yaml | 25 ---- .../templates/tiller-serviceaccount.yaml | 15 --- charts/charts/tenant-namespace/Chart.yaml | 10 +- 8 files changed, 17 insertions(+), 267 deletions(-) delete mode 100755 charts/charts/magic-namespace/templates/secret.yaml delete mode 100755 charts/charts/magic-namespace/templates/tiller-deployment.yaml delete mode 100755 charts/charts/magic-namespace/templates/tiller-rolebinding.yaml delete mode 100755 charts/charts/magic-namespace/templates/tiller-service.yaml delete mode 100755 charts/charts/magic-namespace/templates/tiller-serviceaccount.yaml diff --git a/charts/charts/magic-namespace/Chart.yaml b/charts/charts/magic-namespace/Chart.yaml index 844d869..41cf298 100755 --- a/charts/charts/magic-namespace/Chart.yaml +++ b/charts/charts/magic-namespace/Chart.yaml @@ -1,7 +1,7 @@ # Copied from helm stable repo. Maintainer switched. apiVersion: v1 -appVersion: 2.8.1 -description: Elegantly enables a Tiller per namespace in RBAC-enabled clusters +appVersion: 2.8.2 +description: Manage resources per namespace using Helm home: https://github.com/kubernetes/charts/tree/master/stable/magic-namespace maintainers: - email: kevin.fox@pnnl.gov @@ -9,4 +9,4 @@ maintainers: #- email: kent.rancourt@microsoft.com # name: krancour name: magic-namespace -version: 0.5.3 +version: 0.5.4 diff --git a/charts/charts/magic-namespace/README.md b/charts/charts/magic-namespace/README.md index e3c10b9..7f62a3d 100755 --- a/charts/charts/magic-namespace/README.md +++ b/charts/charts/magic-namespace/README.md @@ -19,38 +19,17 @@ A common paradigm that has emerged is that _teams_ are given their own namespace and some degree of latitude to administer that namespace, whilst not being permitted to perform actions on _other teams'_ namespaces. -Now bring Helm/Tiller into the equation. In an RBAC-enabled cluster, Tiller is -so often granted the `cluster-admin` role-- which gives it "root" access to the -entire cluster. While such a Tiller may be suitable for use by a cluster -operator, it's _not_ suitable for use by other teams, as it presents them with -an easy avenue for escalating their privileges. - -To compensate for this, a pattern that has emmerged to complement the -namespace-per-team pattern is the _tiller-per-namespace_ pattern. This has been -widely adopted in multi-tenant, RBAC-enabled clusters. Until now, cluster -operators have tended to create their own bespoke scripts for performing all -requisite setup to implement these patterns. - Magic Namespace takes the pain out of this setup. It offers cluster operators an -easy, comprehensive avenue for using _their_ Tiller to manage namespaces, -service accounts, _other Tillers_, and role bindings for their consituent -teams. Magic Namespace permits cluster operators to manage all of this using -familiar Helm-based workflows. +easy, comprehensive avenue for using helm to manage namespaces, service +accounts, and role bindings for their consituent teams. Magic Namespace permits +cluster operators to manage all of this using familiar Helm-based workflows. ## How it Works -By default, Magic Namespace creates a service account for Tiller in the -designated namespace and binds it to the `admin` role for that namespace. It -also creates a deployment that utilizes this service account. This can be -disabled or configured further, but the default behavior is sensible. In fact, -the defaults _closes_ a variety of known Tiller-based attack vectors. - -Magic Namespace also offers cluster operators to define additional service -accounts and role bindings for use within the namespace. _Typically, it would -be a good idea to define at least one role binding that grants a user or group -administrative privileges in the namespace._ Absent this, the namespace's own -Tiller will function, but no user (other than the cluster operator) will be -capable of interacting with it via Helm. +Magic Namespace offers cluster operators to define additional service accounts +and role bindings for use within the namespace. _Typically, it would be a good +idea to define at least one role binding that grants a user or group +administrative privileges in the namespace. ## Prerequisites @@ -106,21 +85,14 @@ $ helm install stable/magic-namespace \ Deleting a release of a Magic Namespace will _not_ delete the namespace, unless you have used the optional ```namespace``` setting. It will -only delete the Tiller, service accounts, role bindings, etc. from that +only delete service accounts, role bindings, etc. from that namespace. This is actually desirable behavior, as anything the team has deployed within that namespace is likely to be unaffected, though further deployments to and management of that namespace will not be possible by anyone other than the cluster operator. If you have used the ```namespace``` setting, deleting the release will cleanup -all releases deployed with the tiller in the Magic Namespace, along with the -namespace. If other tillers, such as the one in ```kube-system``` have -deployed charts into the Magic Namespace, they will get orphaned when the namespace is -removed, but they can still be removed with the standard ```helm delete --purge``` command. - -```bash -$ helm delete foo --purge -``` +the namespace. ## Configuration @@ -130,23 +102,6 @@ reference the default `values.yaml` to understand further options. | Parameter | Description | Default | |-----------|-------------|---------| -| `tiller.enabled` | Whether to include a Tiller in the namespace | `true` | -| `tiller.replicaCount` | The number of Tiller replicas to run | `1` | -| `tiller.image.repository` | The Docker image to use for Tiller, minus version/label | `gcr.io/kubernetes-helm/tiller` | -| `tiller.image.tag` | The specific version/label of the Docker image used for Tiller | `v2.8.1` | -| `tiller.image.pullPolicy` | The pull policy to utilize when pulling Tiller images from a Docker repsoitory | `IfNotPresent` | -| `tiller.maxHistory` | The maximum number of releases Tiller should remember. A value of `0` is interpreted as no limit. | `0` | -| `tiller.role.type` | Identify the kind of role (`Role` or `ClusterRole`) that will be referenced in the role binding for Tiller's service account. There is seldom any reason to override this. | `ClusterRole` | -| `tiller.role.type` | Identify the name of the `Role` or `ClusterRole` that will be referenced in the role binding for Tiller's service account. There is seldom any reason to override this. | `admin` | -| `tiller.includeService` | This deploys a service resource for Tiller. This is not generally needed. Please understand the security implications of this before overriding the default. | `false` | -| `tiller.onlyListenOnLocalhost` | This prevents Tiller from binding to `0.0.0.0`. This is generally advisable to close known Tiller-based attack vectors. Please understand the security implications of this before overriding the default. | `true` | -| `tiller.storage` | The storage driver for Tiller to use. One of `configmap`, `memory`, or `secret` | `configmap` | -| `tiller.tls.enabled` | Whether to enable TLS encryption between Helm and Tiller. Specify either `tiller.tls.secretName` to mount an existing secret, or `tiller.tls.ca`, `tiller.tls.cert` and `tiller.tls.key` to create a secret from Base64 provided values | `false` | -| `tiller.tls.verify` | Whether to verify a remote Tiller certificate. | `true` | -| `tiller.tls.secretName` | Mount an existing TLS secret into the Tiller container. The secret must include data keys: `ca.crt`, `tls.crt` and `tls.key` | `nil` | -| `tiller.tls.ca` | Base64 encoded string to mount ca.crt into the Tiller container. This value requires `tiller.tls.cert` and `tiller.tls.key` to also be set. | `nil` | -| `tiller.tls.cert` | Base64 encoded string to mount tls.cert into the Tiller container. This value requires `tiller.tls.ca and `tiller.tls.key` to also be set. | `nil` | -| `tiller.tls.key` | Base64 encoded string to mount tls.key into the Tiller container. This value requires `tiller.tls.ca` and `tiller.tls.cert` to also be set. | `nil` | | `serviceAccounts` | An optional array of names of additional service account to create | `nil` | | `roleBindings` | An optional array of objects that define role bindings | `nil` | | `roleBindings[n].role.kind` | Identify the kind of role (`Role` or `ClusterRole`) to be used in the role binding | | diff --git a/charts/charts/magic-namespace/templates/secret.yaml b/charts/charts/magic-namespace/templates/secret.yaml deleted file mode 100755 index 808f366..0000000 --- a/charts/charts/magic-namespace/templates/secret.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if (and (.Values.tiller.tls.enabled) (not .Values.tiller.tls.secretName)) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "magic-namespace.tillerTlsSecret" . }} - {{- if hasKey .Values "namespace" }} - namespace: {{ .Values.namespace }} - {{- end }} - labels: - app: {{ template "magic-namespace.chart" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -type: Opaque -data: - ca.crt: {{ required "You need to populate .Values.tiller.tls.ca with a Base64 encoded CA" .Values.tiller.tls.ca }} - tls.crt: {{ required "You need to populate .Values.tiller.tls.cert with a Base64 encoded cert" .Values.tiller.tls.cert }} - tls.key: {{ required "You need to populate .Values.tiller.tls.key with a Base64 encoded key" .Values.tiller.tls.key}} -{{- end }} diff --git a/charts/charts/magic-namespace/templates/tiller-deployment.yaml b/charts/charts/magic-namespace/templates/tiller-deployment.yaml deleted file mode 100755 index f17da78..0000000 --- a/charts/charts/magic-namespace/templates/tiller-deployment.yaml +++ /dev/null @@ -1,118 +0,0 @@ -{{- if .Values.tiller.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: tiller-deploy - {{- if hasKey .Values "namespace" }} - namespace: {{ .Values.namespace }} - {{- end }} - labels: - app: helm - name: tiller - chart: {{ template "magic-namespace.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - replicas: {{ .Values.tiller.replicaCount }} - selector: - matchLabels: - app: helm - name: tiller - release: {{ .Release.Name }} - template: - metadata: - labels: - app: helm - name: tiller - chart: {{ template "magic-namespace.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - spec: - serviceAccountName: tiller - containers: - - name: tiller - image: "{{ .Values.tiller.image.repository }}:{{ .Values.tiller.image.tag }}" - imagePullPolicy: {{ .Values.tiller.image.pullPolicy }} - env: - - name: TILLER_NAMESPACE - {{- if hasKey .Values "namespace" }} - value: {{ .Values.namespace }} - {{- else }} - value: {{ .Release.Namespace }} - {{- end }} - - name: TILLER_HISTORY_MAX - value: {{ quote .Values.tiller.maxHistory }} - {{- if .Values.tiller.tls.enabled }} - - name: TILLER_TLS_ENABLE - value: "1" - {{- if .Values.tiller.tls.verify }} - - name: TILLER_TLS_VERIFY - value: "1" - {{- end }} - - name: TILLER_TLS_CERTS - value: /etc/certs - {{- end }} - {{- if .Values.tiller.onlyListenOnLocalhost }} - command: - - "/tiller" - {{- if .Values.tiller.storage }} - - --storage={{ .Values.tiller.storage }} - {{- end }} - args: ["--listen=127.0.0.1:44134"] - {{- else }} - ports: - - containerPort: 44134 - name: tiller - protocol: TCP - - containerPort: 44135 - name: http - protocol: TCP - {{- end }} - livenessProbe: - failureThreshold: 3 - httpGet: - path: /liveness - port: 44135 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readiness - port: 44135 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - volumeMounts: - {{- if .Values.tiller.tls.enabled }} - - mountPath: /etc/certs - name: tiller-certs - readOnly: true - {{- end }} - resources: -{{ toYaml .Values.tiller.resources | indent 12 }} - volumes: - {{- if .Values.tiller.tls.enabled }} - - name: tiller-certs - secret: - defaultMode: 0644 - secretName: {{ template "magic-namespace.tillerTlsSecret" . }} - {{- end }} - {{- with .Values.tiller.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.tiller.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.tiller.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} -{{- end }} diff --git a/charts/charts/magic-namespace/templates/tiller-rolebinding.yaml b/charts/charts/magic-namespace/templates/tiller-rolebinding.yaml deleted file mode 100755 index 6fb5971..0000000 --- a/charts/charts/magic-namespace/templates/tiller-rolebinding.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.tiller.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: tiller-{{ .Values.tiller.role.name }} - {{- if hasKey .Values "namespace" }} - namespace: {{ .Values.namespace }} - {{- end }} - labels: - app: helm - name: tiller - chart: {{ template "magic-namespace.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: {{ .Values.tiller.role.type }} - name: {{ .Values.tiller.role.name }} -subjects: -- kind: ServiceAccount - name: tiller - {{- if hasKey .Values "namespace" }} - namespace: {{ .Values.namespace }} - {{- else }} - namespace: {{ .Release.Namespace }} - {{- end }} - -{{- end }} diff --git a/charts/charts/magic-namespace/templates/tiller-service.yaml b/charts/charts/magic-namespace/templates/tiller-service.yaml deleted file mode 100755 index 681afb9..0000000 --- a/charts/charts/magic-namespace/templates/tiller-service.yaml +++ /dev/null @@ -1,25 +0,0 @@ -{{- if and .Values.tiller.enabled .Values.tiller.includeService }} -apiVersion: v1 -kind: Service -metadata: - name: tiller-deploy - {{- if hasKey .Values "namespace" }} - namespace: {{ .Values.namespace }} - {{- end }} - labels: - app: helm - name: tiller - chart: {{ template "magic-namespace.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - type: ClusterIP - selector: - app: helm - name: tiller - ports: - - name: tiller - port: 44134 - protocol: TCP - targetPort: tiller -{{- end }} diff --git a/charts/charts/magic-namespace/templates/tiller-serviceaccount.yaml b/charts/charts/magic-namespace/templates/tiller-serviceaccount.yaml deleted file mode 100755 index 2361e56..0000000 --- a/charts/charts/magic-namespace/templates/tiller-serviceaccount.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.tiller.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: tiller - {{- if hasKey .Values "namespace" }} - namespace: {{ .Values.namespace }} - {{- end }} - labels: - app: helm - name: tiller - chart: {{ template "magic-namespace.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- end }} diff --git a/charts/charts/tenant-namespace/Chart.yaml b/charts/charts/tenant-namespace/Chart.yaml index 5cd681b..a49cfc5 100644 --- a/charts/charts/tenant-namespace/Chart.yaml +++ b/charts/charts/tenant-namespace/Chart.yaml @@ -2,18 +2,18 @@ apiVersion: v2 type: application description: Chart for setting up a tenants namespace with all the goodies name: tenant-namespace -version: 0.7.8 +version: 0.7.9 appVersion: "1.0" dependencies: - name: magic-namespace alias: adminmagicnamespace - version: "0.5.2" - repository: "https://charts.helm.sh/stable" + version: "0.5.4" + repository: "https://pnnl-miscscripts.github.io/charts" condition: adminmagicnamespace.enabled - name: magic-namespace alias: magicnamespace - version: "0.5.2" - repository: "https://charts.helm.sh/stable" + version: "0.5.4" + repository: "https://pnnl-miscscripts.github.io/charts" - name: ingress-nginx alias: ingress version: "3.34.0" From af32c29b07cfa4440e5b0b726a79e1f6b6362516 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 11 Aug 2021 16:56:54 -0700 Subject: [PATCH 252/331] Remove extra tiller bits. --- charts/charts/magic-namespace/templates/_helpers.tpl | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/charts/charts/magic-namespace/templates/_helpers.tpl b/charts/charts/magic-namespace/templates/_helpers.tpl index db7c4f3..481470b 100755 --- a/charts/charts/magic-namespace/templates/_helpers.tpl +++ b/charts/charts/magic-namespace/templates/_helpers.tpl @@ -30,14 +30,3 @@ Create chart name and version as used by the chart label. {{- define "magic-namespace.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} - -{{/* -Allow a custom secretName to be defined -*/}} -{{- define "magic-namespace.tillerTlsSecret" -}} -{{- if .Values.tiller.tls.secretName -}} -{{- .Values.tiller.tls.secretName }} -{{- else -}} -{{- template "magic-namespace.fullname" . }}-tiller-secret -{{- end -}} -{{- end -}} From c313360ea37801b8a49a01cea4dacaf8a4d181f6 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 11 Aug 2021 16:57:37 -0700 Subject: [PATCH 253/331] Remove extra tiller bits. --- charts/charts/magic-namespace/values.yaml | 76 ----------------------- 1 file changed, 76 deletions(-) diff --git a/charts/charts/magic-namespace/values.yaml b/charts/charts/magic-namespace/values.yaml index 04690ae..06beaff 100755 --- a/charts/charts/magic-namespace/values.yaml +++ b/charts/charts/magic-namespace/values.yaml @@ -11,82 +11,6 @@ # Annotations to be added to the namespace definition # annotations: {} -tiller: - enabled: true - - replicaCount: 1 - - image: - repository: gcr.io/kubernetes-helm/tiller - tag: v2.8.1 - pullPolicy: IfNotPresent - - maxHistory: 0 - - ## Storage driver to use. One of 'configmap', 'memory', or 'secret' - storage: configmap - - tls: - ## Enable TLS encryption between Helm and Tiller - enabled: false - - ## Verify remote certificate - verify: true - - ## A custom secret to mount instead of specifying Base64 Values below - secretName: "" - - ## Specify a Base64 encoded CA - # ca: "Zm9vCg==" - - ## Specify a Base64 encoded cert - # cert: "Zm9vCg==" - - ## Specify a Base64 encoded private key - # key: "Zm9vCg==" - - ## The following options specify the Role or ClusterRole to assign to the - ## tiller service account. The ClusterRole "admin" is usually pre-defined in - ## RBAC-enabled clusters and will allow administration of a namespace by - ## whatever users or ServiceAccounts are bound to it in that same namespace. - ## THERE IS SELDOM ANY REASON TO OVERRIDE THIS!!! - role: - ## Valid values are "Role" or "ClusterRole" - type: ClusterRole - name: admin - - ## Security options. The default values close known attack vectors. - ## ALTER THESE AT YOUR OWN RISK!!!! - - ## Note that these tight restrictions do NOT impede normal use of Helm. Helm - ## is always usable with any Tiller as long as the Helm user has permission to - ## tunnel into pods in that Tiller's namespace. - ## (Helm does this automatically.) - - ## Specify whether to include a service of type ClusterIP for Tiller - includeService: false - - ## Specify whether Tiller pods should listen to 0.0.0.0 or just localhost - onlyListenOnLocalhost: true - - ## We usually recommend not to specify default resources and to leave this as a conscious - ## choice for the user. This also increases chances charts run on environments with little - ## resources, such as Minikube. If you do want to specify resources, uncomment the following - ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - resources: {} - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - - nodeSelector: {} - - tolerations: [] - - affinity: {} - ## Optional additional ServiceAccounts serviceAccounts: [] # - some-service-account From 824f599586bed20772f0d6dbbd475e3a6729d3b0 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 12 Aug 2021 15:47:21 -0700 Subject: [PATCH 254/331] Remove more tiller --- charts/charts/magic-namespace/templates/NOTES.txt | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/charts/charts/magic-namespace/templates/NOTES.txt b/charts/charts/magic-namespace/templates/NOTES.txt index f084e3a..9fec53c 100755 --- a/charts/charts/magic-namespace/templates/NOTES.txt +++ b/charts/charts/magic-namespace/templates/NOTES.txt @@ -1,26 +1,15 @@ The namespace "{{ .Release.Namespace }}" has been created if it didn't already exist. -{{ if or .Values.tiller.enabled .Values.serviceAccounts -}} +{{ if .Values.serviceAccounts -}} The following service accounts have been created in the namespace: -{{ if .Values.tiller.enabled }} - - tiller -{{- end }} {{- range .Values.serviceAccounts }} - {{ . }} {{- end }} {{ end }} -{{ if or .Values.tiller.enabled .Values.roleBindings -}} +{{ if .Values.roleBindings -}} The following role bindings have been created in the namespace: -{{ if .Values.tiller.enabled }} - - ServiceAccount[tiller] --> {{ .Values.tiller.role.kind }}[{{ .Values.tiller.role.name }}] -{{- end }} {{- range .Values.roleBindings }} - {{ .subject.kind }}[{{ .subject.name }}] --> {{ .role.kind }}[{{ .role.name }}] {{- end }} {{ end }} -{{ if .Values.tiller.enabled -}} -Utilize the Tiller in your new namespace like so: - - $ helm --tiller-namespace {{ .Release.Namespace }} -{{- end }} From e0026ca80c221cc27f333e683768642222c6b8d7 Mon Sep 17 00:00:00 2001 From: kfox1111 Date: Wed, 18 Aug 2021 08:53:07 -0700 Subject: [PATCH 255/331] Disable build of tenant-namespace magic-namespace update needs to happen and can't yet. Disable tenant-namespace-operator so a build can happen. --- charts/charts/buildall | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/charts/buildall b/charts/charts/buildall index 4076b2b..abb3f63 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -37,7 +37,7 @@ for ver in 1-17 1-18 1-19 1-20 1-21; do done CHANGE=0 -for CHART in nginx-app console chronyd dhcpd ipmi-exporter kubeupdater k8s-node-image tenant-namespace pixiecore pixiecore-simpleconfig gitlab-runner-operator tenant-namespace-operator smartctl-exporter grafana-misc-dashboards magic-namespace; do +for CHART in nginx-app console chronyd dhcpd ipmi-exporter kubeupdater k8s-node-image pixiecore pixiecore-simpleconfig gitlab-runner-operator tenant-namespace-operator smartctl-exporter grafana-misc-dashboards magic-namespace; do RAWCHART=$CHART case "$CHART" in k8s-node-image) From e1287960a1ca8c51992f960fde9d64372ba8278c Mon Sep 17 00:00:00 2001 From: kfox1111 Date: Wed, 18 Aug 2021 09:26:42 -0700 Subject: [PATCH 256/331] Reenable tenant-namespace Magic namespace was added to the index. Now we can re-add tenant-namespace. --- charts/charts/buildall | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/charts/buildall b/charts/charts/buildall index abb3f63..4076b2b 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -37,7 +37,7 @@ for ver in 1-17 1-18 1-19 1-20 1-21; do done CHANGE=0 -for CHART in nginx-app console chronyd dhcpd ipmi-exporter kubeupdater k8s-node-image pixiecore pixiecore-simpleconfig gitlab-runner-operator tenant-namespace-operator smartctl-exporter grafana-misc-dashboards magic-namespace; do +for CHART in nginx-app console chronyd dhcpd ipmi-exporter kubeupdater k8s-node-image tenant-namespace pixiecore pixiecore-simpleconfig gitlab-runner-operator tenant-namespace-operator smartctl-exporter grafana-misc-dashboards magic-namespace; do RAWCHART=$CHART case "$CHART" in k8s-node-image) From 25b12004ee8317bd61318d6a8f003f7652887d61 Mon Sep 17 00:00:00 2001 From: kfox1111 Date: Wed, 18 Aug 2021 09:37:45 -0700 Subject: [PATCH 257/331] Add missing repo --- charts/charts/buildall | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/charts/buildall b/charts/charts/buildall index 4076b2b..db56177 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -19,6 +19,7 @@ mkdir -p charts/tags mkdir -p charts/vers helm repo add pnnl-miscscripts-image-library-charts https://pnnl-miscscripts.github.io/image-library-charts/ +helm repo add pnnl-miscscripts https://pnnl-miscscripts.github.io/charts/ helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx helm repo update From 524d66e5772762e5596317a4e80fbbacd640218e Mon Sep 17 00:00:00 2001 From: kfox1111 Date: Wed, 6 Oct 2021 09:10:43 -0700 Subject: [PATCH 258/331] pylint2 is broken and pretty dead. Remove. --- .github/workflows/main.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 84fab14..c2c986a 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -39,13 +39,6 @@ jobs: uses: actions/checkout@v2 - name: Build tenant-namespace-operator container run: ./containers/build tenant-namespace-operator - buildc-py2lint: - runs-on: ubuntu-20.04 - steps: - - name: Checkout - uses: actions/checkout@v2 - - name: Build py2lint container - run: ./containers/build py2lint buildc-pixiecore: runs-on: ubuntu-20.04 steps: From 430582d9059216dd3b2b55ae9f8b2acf879bdf24 Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Tue, 8 Mar 2022 11:36:43 -0800 Subject: [PATCH 259/331] Updated node-image ingress Now supports later ingress api versions --- .../k8s-node-image/templates/ingress.yaml | 98 +++++++++++++++++-- charts/charts/k8s-node-image/values.yaml | 1 + 2 files changed, 92 insertions(+), 7 deletions(-) diff --git a/charts/charts/k8s-node-image/templates/ingress.yaml b/charts/charts/k8s-node-image/templates/ingress.yaml index aa68a56..cc893df 100644 --- a/charts/charts/k8s-node-image/templates/ingress.yaml +++ b/charts/charts/k8s-node-image/templates/ingress.yaml @@ -4,7 +4,18 @@ {{- $pxeprefix := printf "%s/images/pxeboot" $prefix }} {{- $aFullName := include "pnnlmiscscripts.k8s-node-image-full.anaconda.fullname" . -}} {{- $nFullName := include "pnnlmiscscripts.k8s-node-image-full.k8s-node.fullname" . -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} apiVersion: extensions/v1beta1 +{{- end }} kind: Ingress metadata: name: {{ include "pnnlmiscscripts.k8s-node-image-full.fullname" . }} @@ -24,50 +35,123 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: -{{- if .Values.ingress.tls }} + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} tls: - {{- range .Values.ingress.tls }} + {{- range .Values.ingress.tls }} - hosts: {{- range .hosts }} - {{ . | quote }} {{- end }} secretName: {{ .secretName }} + {{- end }} {{- end }} -{{- end }} rules: - {{- range .Values.ingress.hosts }} + {{- range .Values.ingress.hosts }} - http: paths: - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "" "type" "d" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} + {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }} + pathType: Prefix + {{- end }} backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $nFullName }} + port: + name: http + {{- else }} serviceName: {{ $nFullName }} servicePort: http + {{- end }} - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "vmlinuz" "type" "f" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} + {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }} + pathType: Prefix + {{- end }} backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $aFullName }} + port: + name: http + {{- else }} serviceName: {{ $aFullName }} servicePort: http + {{- end }} - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "initrd.img" "type" "f" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} + {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }} + pathType: Prefix + {{- end }} backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $aFullName }} + port: + name: http + {{- else }} serviceName: {{ $aFullName }} servicePort: http + {{- end }} - path: {{ dict "dot" $dot "prefix" $pxeprefix "suffix" "vmlinuz" "type" "f" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} + {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }} + pathType: Prefix + {{- end }} backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $aFullName }} + port: + name: http + {{- else }} serviceName: {{ $aFullName }} servicePort: http + {{- end }} - path: {{ dict "dot" $dot "prefix" $pxeprefix "suffix" "initrd.img" "type" "f" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} + {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }} + pathType: Prefix + {{- end }} backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $aFullName }} + port: + name: http + {{- else }} serviceName: {{ $aFullName }} servicePort: http + {{- end }} - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "LiveOS" "type" "d" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} + {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }} + pathType: Prefix + {{- end }} backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $aFullName }} + port: + name: http + {{- else }} serviceName: {{ $aFullName }} servicePort: http + {{- end }} - path: {{ dict "dot" $dot "prefix" $prefix "suffix" ".treeinfo" "type" "f" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} + {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }} + pathType: Prefix + {{- end }} backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $aFullName }} + port: + name: http + {{- else }} serviceName: {{ $aFullName }} servicePort: http -{{- if . }} + {{- end }} + {{- if . }} host: {{ . | quote }} -{{- end }} - {{- end }} + {{- end }} + {{- end }} {{- end }} diff --git a/charts/charts/k8s-node-image/values.yaml b/charts/charts/k8s-node-image/values.yaml index 4385092..144c6e4 100644 --- a/charts/charts/k8s-node-image/values.yaml +++ b/charts/charts/k8s-node-image/values.yaml @@ -29,6 +29,7 @@ ingress: enableVersionPrefix: true regex: true prefix: "" + # className: "" annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" From 6748ef525c15815ded6e708eacae91192d0795a5 Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Wed, 16 Mar 2022 14:36:22 -0700 Subject: [PATCH 260/331] Fixed ipmi-exporter base image Switched to rockylinux --- containers/ipmi-exporter/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/ipmi-exporter/Dockerfile b/containers/ipmi-exporter/Dockerfile index 5907214..3e17313 100644 --- a/containers/ipmi-exporter/Dockerfile +++ b/containers/ipmi-exporter/Dockerfile @@ -1,4 +1,4 @@ -FROM centos:centos8 +FROM rockylinux:8 MAINTAINER Kevin Fox RUN \ From 92e71fd866fbbdbbed7c307a8e46d8ef1703393e Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Wed, 16 Mar 2022 14:55:26 -0700 Subject: [PATCH 261/331] Switched to go install for pixiecore go get for executables was deprecated in Go 1.17 and removed in Go 1.18 --- containers/pixiecore/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/pixiecore/Dockerfile b/containers/pixiecore/Dockerfile index e8b49d6..aee95e5 100644 --- a/containers/pixiecore/Dockerfile +++ b/containers/pixiecore/Dockerfile @@ -1,7 +1,7 @@ FROM golang RUN \ - CGO_ENABLED=0 go get go.universe.tf/netboot/cmd/pixiecore + CGO_ENABLED=0 go install go.universe.tf/netboot/cmd/pixiecore@latest FROM alpine:3.9 COPY --from=0 /go/bin/pixiecore /bin/pixiecore From a528e79588e49cc3ce422c66fd200d529606b653 Mon Sep 17 00:00:00 2001 From: Peter L Nordquist Date: Thu, 24 Mar 2022 14:36:36 -0700 Subject: [PATCH 262/331] Added dependabot config --- .github/dependabot.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..c52e328 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,10 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + - package-ecosystem: "docker" + directory: "/" + schedule: + interval: "daily" From b6603c35c733aa463459e7472361b5ba12e8b443 Mon Sep 17 00:00:00 2001 From: kfox1111 Date: Thu, 31 Mar 2022 16:00:06 -0700 Subject: [PATCH 263/331] Build a new version of pixiecore with efi ipxe --- containers/pixiecore/Dockerfile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/containers/pixiecore/Dockerfile b/containers/pixiecore/Dockerfile index aee95e5..3337480 100644 --- a/containers/pixiecore/Dockerfile +++ b/containers/pixiecore/Dockerfile @@ -3,8 +3,7 @@ FROM golang RUN \ CGO_ENABLED=0 go install go.universe.tf/netboot/cmd/pixiecore@latest -FROM alpine:3.9 +FROM alpine:3.15 COPY --from=0 /go/bin/pixiecore /bin/pixiecore -RUN echo 1.0.1 > /.extrafingerprints +RUN echo 1.0.2 > /.extrafingerprints && cd / && wget http://boot.ipxe.org/ipxe.efi ENTRYPOINT ["/bin/pixiecore"] - From 24435c94cb1acc4a283d3725992f7b993c86a52b Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 15 Apr 2022 12:08:40 -0700 Subject: [PATCH 264/331] Update pixiecore-simpleconfig for new ingress api. --- charts/charts/pixiecore-simpleconfig/Chart.yaml | 2 +- .../pixiecore-simpleconfig/templates/ingress.yaml | 11 ++++++++--- charts/charts/pixiecore-simpleconfig/values.yaml | 1 + 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/charts/charts/pixiecore-simpleconfig/Chart.yaml b/charts/charts/pixiecore-simpleconfig/Chart.yaml index 0285793..a67ca2c 100644 --- a/charts/charts/pixiecore-simpleconfig/Chart.yaml +++ b/charts/charts/pixiecore-simpleconfig/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: Helm chart for simple config of pixiecore name: pixiecore-simpleconfig -version: 0.4.0 +version: 0.5.0 diff --git a/charts/charts/pixiecore-simpleconfig/templates/ingress.yaml b/charts/charts/pixiecore-simpleconfig/templates/ingress.yaml index 23a1d00..bc00eb7 100644 --- a/charts/charts/pixiecore-simpleconfig/templates/ingress.yaml +++ b/charts/charts/pixiecore-simpleconfig/templates/ingress.yaml @@ -1,5 +1,5 @@ {{- if .Values.ingress.enabled -}} -apiVersion: extensions/v1beta1 +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ include "pnnlmiscscripts.pixiecore.simpleconfig.fullname" . }} @@ -11,13 +11,18 @@ metadata: annotations: {{- toYaml .Values.ingress.annotations | nindent 4 }} spec: + {{- if .Values.ingress.className }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} rules: - http: paths: - path: {{ .Values.ingress.path }} backend: - serviceName: {{ .Values.service.name }} - servicePort: http + service: + name: {{ .Values.service.name }} + port: + name: http {{- if .Values.ingress.host }} host: {{ .Values.ingress.host | quote }} {{- end }} diff --git a/charts/charts/pixiecore-simpleconfig/values.yaml b/charts/charts/pixiecore-simpleconfig/values.yaml index 75b9ca9..17c3d8c 100644 --- a/charts/charts/pixiecore-simpleconfig/values.yaml +++ b/charts/charts/pixiecore-simpleconfig/values.yaml @@ -35,6 +35,7 @@ affinity: {} ingress: enabled: false + #className: "" annotations: {} path: /v1/boot # host: example.com From d69c5d9e91806f8c9ff87ec62bca65e602590ca6 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 15 Apr 2022 12:32:13 -0700 Subject: [PATCH 265/331] Add missing path type. --- charts/charts/pixiecore-simpleconfig/templates/ingress.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/charts/pixiecore-simpleconfig/templates/ingress.yaml b/charts/charts/pixiecore-simpleconfig/templates/ingress.yaml index bc00eb7..b45146f 100644 --- a/charts/charts/pixiecore-simpleconfig/templates/ingress.yaml +++ b/charts/charts/pixiecore-simpleconfig/templates/ingress.yaml @@ -18,6 +18,7 @@ spec: - http: paths: - path: {{ .Values.ingress.path }} + pathType: Prefix backend: service: name: {{ .Values.service.name }} From 5220c0927749d2449c08548f97819b58bf465966 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 15 Apr 2022 12:48:09 -0700 Subject: [PATCH 266/331] Bump chart value. --- charts/charts/pixiecore-simpleconfig/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/charts/pixiecore-simpleconfig/Chart.yaml b/charts/charts/pixiecore-simpleconfig/Chart.yaml index a67ca2c..b2535b3 100644 --- a/charts/charts/pixiecore-simpleconfig/Chart.yaml +++ b/charts/charts/pixiecore-simpleconfig/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: Helm chart for simple config of pixiecore name: pixiecore-simpleconfig -version: 0.5.0 +version: 0.6.0 From 0b8652ddf8103ed32944806a1a525ea210bb4507 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 1 Jun 2022 07:40:08 -0700 Subject: [PATCH 267/331] Add the ability to override reboot with shutdown. --- charts/charts/kubeupdater/Chart.yaml | 2 +- charts/charts/kubeupdater/bin/kubeupdater | 2 +- charts/charts/kubeupdater/templates/bin-configmap.yaml | 4 ++++ charts/charts/kubeupdater/values.yaml | 3 +++ 4 files changed, 9 insertions(+), 2 deletions(-) diff --git a/charts/charts/kubeupdater/Chart.yaml b/charts/charts/kubeupdater/Chart.yaml index 327783c..cd14df9 100644 --- a/charts/charts/kubeupdater/Chart.yaml +++ b/charts/charts/kubeupdater/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: A Helm chart for Kubernetes name: kubeupdater -version: 0.7.0 +version: 0.8.0 diff --git a/charts/charts/kubeupdater/bin/kubeupdater b/charts/charts/kubeupdater/bin/kubeupdater index 887b15d..d09b1bf 100755 --- a/charts/charts/kubeupdater/bin/kubeupdater +++ b/charts/charts/kubeupdater/bin/kubeupdater @@ -35,7 +35,7 @@ if [ "x$flag" == "x-u" ]; then yum upgrade -y post_upgrade kubectl label node $HOSTNAME miscscripts.pnnl.gov/upgrade-needed- - reboot + finish_upgrade fi done sleep 1 diff --git a/charts/charts/kubeupdater/templates/bin-configmap.yaml b/charts/charts/kubeupdater/templates/bin-configmap.yaml index b6daf4d..1f67778 100644 --- a/charts/charts/kubeupdater/templates/bin-configmap.yaml +++ b/charts/charts/kubeupdater/templates/bin-configmap.yaml @@ -15,4 +15,8 @@ data: {{ .Values.extraPostUpgradeScript | indent 6 }} } + function finish_upgrade { +{{ .Values.finishUpgradeScript | indent 6 }} + } + {{ .Files.Get "bin/kubeupdater" | indent 4 }} diff --git a/charts/charts/kubeupdater/values.yaml b/charts/charts/kubeupdater/values.yaml index c2f1579..3e2fd04 100644 --- a/charts/charts/kubeupdater/values.yaml +++ b/charts/charts/kubeupdater/values.yaml @@ -55,3 +55,6 @@ extraPreUpgradeScript: | echo "About to upgrade everything" extraPostUpgradeScript: | echo "Done upgrading" + +finishUpgradeScript: | + reboot From 2395a8341cc5e09ff09ae354e8af5d07d6392b41 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 1 Jun 2022 08:27:28 -0700 Subject: [PATCH 268/331] Fix volume patch --- .../gitlab-runner-operator/volume.patch | 20 ++++++------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/containers/gitlab-runner-operator/volume.patch b/containers/gitlab-runner-operator/volume.patch index 7839448..4ed600a 100644 --- a/containers/gitlab-runner-operator/volume.patch +++ b/containers/gitlab-runner-operator/volume.patch @@ -19,7 +19,7 @@ diff --git a/templates/deployment.yaml b/templates/deployment.yaml index b3512a99..04dedf81 100644 --- a/templates/deployment.yaml +++ b/templates/deployment.yaml -@@ -61,6 +61,9 @@ +@@ -100,8 +100,14 @@ readOnly: true mountPath: /home/gitlab-runner/.gitlab-runner/certs/ {{- end }} @@ -28,22 +28,14 @@ index b3512a99..04dedf81 100644 + {{- end }} resources: {{ toYaml .Values.resources | indent 10 }} - serviceAccountName: {{ if .Values.rbac.create }}{{ include "gitlab-runner.fullname" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }} -@@ -108,6 +108,12 @@ spec: - readOnly: true - mountPath: /home/gitlab-runner/.gitlab-runner/certs/ - {{- end }} -+ {{- if .Values.extraVolumeMounts }} -+{{ toYaml .Values.extraVolumeMounts | indent 8 }} -+ {{- end }} + {{- if .Values.extraContainers }} +{{ toYaml .Values.extraContainers | indent 6 }} -+ {{- end }} - resources: - {{ toYaml .Values.resources | indent 10 }} ++ {{- end }} volumes: -@@ -147,6 +153,9 @@ spec: - - name: scripts + - name: runner-secrets + emptyDir: +@@ -151,6 +157,9 @@ + - name: configmaps configMap: name: {{ include "gitlab-runner.fullname" . }} + {{- if .Values.extraVolumes }} From 94cf1efa5a830ec4ef0391737d3b1613d8b2dd1e Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 1 Jun 2022 09:05:07 -0700 Subject: [PATCH 269/331] Stop building k8s 1.17-19. Add 1.22-24. --- .github/workflows/main.yml | 72 +++++++++++++++++++------------------- charts/charts/buildall | 4 +-- 2 files changed, 38 insertions(+), 38 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index c2c986a..e53ab37 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -131,41 +131,41 @@ jobs: printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-openvswitch rm -f rpm.priv - buildc-rpms-k8s-17: + buildc-rpms-k8s-22: runs-on: ubuntu-20.04 steps: - name: Checkout uses: actions/checkout@v2 - - name: Build rpms-kubernetes container 1.17 + - name: Build rpms-kubernetes container 1.22 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} run: | printf "%s" "$RPM_GPG_KEY" > rpm.priv - ./containers/build rpms-kubernetes 1.17 + ./containers/build rpms-kubernetes 1.22 rm -f rpm.priv - buildc-rpms-k8s-18: + buildc-rpms-k8s-23: runs-on: ubuntu-20.04 steps: - name: Checkout uses: actions/checkout@v2 - - name: Build rpms-kubernetes container 1.18 + - name: Build rpms-kubernetes container 1.23 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} run: | printf "%s" "$RPM_GPG_KEY" > rpm.priv - ./containers/build rpms-kubernetes 1.18 + ./containers/build rpms-kubernetes 1.23 rm -f rpm.priv - buildc-rpms-k8s-19: + buildc-rpms-k8s-24: runs-on: ubuntu-20.04 steps: - name: Checkout uses: actions/checkout@v2 - - name: Build rpms-kubernetes container 1.19 + - name: Build rpms-kubernetes container 1.24 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} run: | printf "%s" "$RPM_GPG_KEY" > rpm.priv - ./containers/build rpms-kubernetes 1.19 + ./containers/build rpms-kubernetes 1.24 rm -f rpm.priv buildc-rpms-k8s-20: runs-on: ubuntu-20.04 @@ -199,56 +199,56 @@ jobs: - name: Build anaconda container run: ./containers/build anaconda - build-node-image-17: + build-node-image-22: runs-on: ubuntu-20.04 needs: - buildc-rpms-node-base - buildc-rpms-containerd - buildc-rpms-openvswitch - - buildc-rpms-k8s-17 + - buildc-rpms-k8s-22 steps: - name: Checkout uses: actions/checkout@v2 - - name: Build full k8s node image 1.17 + - name: Build full k8s node image 1.22 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} run: | printf "%s" "$RPM_GPG_KEY" > rpm.priv - ./containers/build k8s-node-image 1.17 + ./containers/build k8s-node-image 1.22 rm -f rpm.priv - build-node-image-18: + build-node-image-23: runs-on: ubuntu-20.04 needs: - buildc-rpms-node-base - buildc-rpms-containerd - buildc-rpms-openvswitch - - buildc-rpms-k8s-18 + - buildc-rpms-k8s-23 steps: - name: Checkout uses: actions/checkout@v2 - - name: Build full k8s node image 1.18 + - name: Build full k8s node image 1.23 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} run: | printf "%s" "$RPM_GPG_KEY" > rpm.priv - ./containers/build k8s-node-image 1.18 + ./containers/build k8s-node-image 1.23 rm -f rpm.priv - build-node-image-19: + build-node-image-24: runs-on: ubuntu-20.04 needs: - buildc-rpms-node-base - buildc-rpms-containerd - buildc-rpms-openvswitch - - buildc-rpms-k8s-19 + - buildc-rpms-k8s-24 steps: - name: Checkout uses: actions/checkout@v2 - - name: Build full k8s node image 1.19 + - name: Build full k8s node image 1.24 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} run: | printf "%s" "$RPM_GPG_KEY" > rpm.priv - ./containers/build k8s-node-image 1.19 + ./containers/build k8s-node-image 1.24 rm -f rpm.priv build-node-image-20: runs-on: ubuntu-20.04 @@ -294,33 +294,33 @@ jobs: uses: actions/checkout@v2 - name: Build anaconda+nginx container run: ./containers/build anaconda-nginx - build-node-image-17-nginx: + build-node-image-22-nginx: runs-on: ubuntu-20.04 needs: - - build-node-image-17 + - build-node-image-22 steps: - name: Checkout uses: actions/checkout@v2 - - name: Build k8s-node-image+nginx container 1.17 - run: ./containers/build k8s-node-image-nginx 1.17 - build-node-image-18-nginx: + - name: Build k8s-node-image+nginx container 1.22 + run: ./containers/build k8s-node-image-nginx 1.22 + build-node-image-23-nginx: runs-on: ubuntu-20.04 needs: - - build-node-image-18 + - build-node-image-23 steps: - name: Checkout uses: actions/checkout@v2 - - name: Build k8s-node-image+nginx container 1.18 - run: ./containers/build k8s-node-image-nginx 1.18 - build-node-image-19-nginx: + - name: Build k8s-node-image+nginx container 1.23 + run: ./containers/build k8s-node-image-nginx 1.23 + build-node-image-24-nginx: runs-on: ubuntu-20.04 needs: - - build-node-image-19 + - build-node-image-24 steps: - name: Checkout uses: actions/checkout@v2 - - name: Build k8s-node-image+nginx container 1.19 - run: ./containers/build k8s-node-image-nginx 1.19 + - name: Build k8s-node-image+nginx container 1.24 + run: ./containers/build k8s-node-image-nginx 1.24 build-node-image-20-nginx: runs-on: ubuntu-20.04 needs: @@ -350,9 +350,9 @@ jobs: - buildc-inotify-tools - buildc-ipmi-exporter - buildc-ipmitool - - build-node-image-17-nginx - - build-node-image-18-nginx - - build-node-image-19-nginx + - build-node-image-22-nginx + - build-node-image-23-nginx + - build-node-image-24-nginx - build-node-image-20-nginx - build-node-image-21-nginx - buildc-pixiecore diff --git a/charts/charts/buildall b/charts/charts/buildall index db56177..8b61c9f 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -23,7 +23,7 @@ helm repo add pnnl-miscscripts https://pnnl-miscscripts.github.io/charts/ helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx helm repo update -for ver in 1-17 1-18 1-19 1-20 1-21; do +for ver in 1-20 1-21 1-22 1-23 1-24; do cp -a k8s-node-image k8s-node-image-$ver sed -i "s@k8s-node-image-nginx-1-14@k8s-node-image-nginx-$ver@g" k8s-node-image-$ver/requirements.yaml k8s-node-image-$ver/values.yaml sed -i "s@^name:.*@name: k8s-node-image-$ver@g" k8s-node-image-$ver/Chart.yaml @@ -42,7 +42,7 @@ for CHART in nginx-app console chronyd dhcpd ipmi-exporter kubeupdater k8s-node- RAWCHART=$CHART case "$CHART" in k8s-node-image) - SUBBUILDS="1-17 1-18 1-19 1-20 1-21" + SUBBUILDS="1-20 1-21 1-22 1-23 1-24" ;; *) SUBBUILDS="latest" From 1440bf1a98026c968cd76332bf37e07f4133b82e Mon Sep 17 00:00:00 2001 From: Peter L Nordquist Date: Tue, 7 Jun 2022 12:15:03 -0700 Subject: [PATCH 270/331] Fixed missing update for new k8s versions --- charts/image-library-charts/buildall | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/image-library-charts/buildall b/charts/image-library-charts/buildall index 0962fb1..dc8dd49 100755 --- a/charts/image-library-charts/buildall +++ b/charts/image-library-charts/buildall @@ -23,7 +23,7 @@ CHANGE=0 for CONTAINER in ipmitool ipmi-exporter dhcpd inotify-tools chronyd debug-toolbox anaconda-nginx k8s-node-image-nginx pixiecore smartctl-exporter; do case "$CONTAINER" in k8s-node-image-nginx) - SUBBUILDS="1.17 1.18 1.19 1.20 1.21" + SUBBUILDS="1.20 1.21 1.22 1.23 1.24" ;; *) SUBBUILDS="latest" From b5b75f31b565d38b450afd4a347f7584cb314d24 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 15 Jun 2022 17:13:18 -0700 Subject: [PATCH 271/331] Update the ingress controller. Switch to native namespace labels. Signed-off-by: Kevin Fox --- charts/charts/tenant-namespace/Chart.yaml | 4 +-- .../tenant-namespace/templates/NOTES.txt | 29 +++++++++++++++++-- .../ingress-nginx-clusterrolebinding.yaml | 16 ++++++++++ .../simple-restricted-networkpolicy.yaml | 8 ++--- charts/charts/tenant-namespace/values.yaml | 2 ++ 5 files changed, 51 insertions(+), 8 deletions(-) create mode 100644 charts/charts/tenant-namespace/templates/ingress-nginx-clusterrolebinding.yaml diff --git a/charts/charts/tenant-namespace/Chart.yaml b/charts/charts/tenant-namespace/Chart.yaml index a49cfc5..cc8252c 100644 --- a/charts/charts/tenant-namespace/Chart.yaml +++ b/charts/charts/tenant-namespace/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 type: application description: Chart for setting up a tenants namespace with all the goodies name: tenant-namespace -version: 0.7.9 +version: 0.7.10 appVersion: "1.0" dependencies: - name: magic-namespace @@ -16,6 +16,6 @@ dependencies: repository: "https://pnnl-miscscripts.github.io/charts" - name: ingress-nginx alias: ingress - version: "3.34.0" + version: "4.1.4" repository: "https://kubernetes.github.io/ingress-nginx" condition: ingress.nginx.enabled diff --git a/charts/charts/tenant-namespace/templates/NOTES.txt b/charts/charts/tenant-namespace/templates/NOTES.txt index 0c834a7..e290118 100644 --- a/charts/charts/tenant-namespace/templates/NOTES.txt +++ b/charts/charts/tenant-namespace/templates/NOTES.txt @@ -1,2 +1,27 @@ -Remember to: -kubectl label namespace kube-system name=kube-system +{{ $nks := lookup "v1" "Namespace" "" "kube-system" }} +{{ if gt (len $nks) 0 }} +{{ if $nks.metadata.labels }} +{{ if not (index $nks.metadata.labels "kubernetes.io/metadata.name") }} +{{ fail "You must first run: kubectl label namespace kube-system kubernetes.io/metadata.name=kube-system"}} +{{ end }} +{{ end }} +{{ end }} + +{{ $nks := lookup "v1" "Namespace" "" .Values.magicnamespace.namespace }} +{{ if gt (len $nks) 0 }} +{{ if $nks.metadata.labels }} +{{ if not (index $nks.metadata.labels "kubernetes.io/metadata.name") }} +{{ fail (printf "You must first run: kubectl label namespace %s kubernetes.io/metadata.name=%s" .Values.magicnamespace.namespace .Values.magicnamespace.namespace) }} +{{ end }} +{{ end }} +{{ end }} + +{{ if not .Values.ingress.clusterRole }} +You need to ensure there is a ClusterRoleBinding that lets ingress-nginx read ingress classes globally bound to: +``` +subjects: +- kind: ServiceAccount + name: example-ingress + namespace: "example-admin" +``` +{{ end }} diff --git a/charts/charts/tenant-namespace/templates/ingress-nginx-clusterrolebinding.yaml b/charts/charts/tenant-namespace/templates/ingress-nginx-clusterrolebinding.yaml new file mode 100644 index 0000000..24b6b27 --- /dev/null +++ b/charts/charts/tenant-namespace/templates/ingress-nginx-clusterrolebinding.yaml @@ -0,0 +1,16 @@ +{{ if .Values.ingress.nginx.clusterRole }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: pmstn-{{ template "namespace.name" . }}-ic + labels: + {{- include "namespace.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Values.ingress.nginx.clusterRole }} +subjects: +- kind: ServiceAccount + name: {{ .Release.Name }}-ingress + namespace: {{ .Release.Namespace | quote }} +{{ end }} diff --git a/charts/charts/tenant-namespace/templates/simple-restricted-networkpolicy.yaml b/charts/charts/tenant-namespace/templates/simple-restricted-networkpolicy.yaml index dfe8b11..c2402ad 100644 --- a/charts/charts/tenant-namespace/templates/simple-restricted-networkpolicy.yaml +++ b/charts/charts/tenant-namespace/templates/simple-restricted-networkpolicy.yaml @@ -21,12 +21,12 @@ spec: # Allow admin namespace to access this namespace - namespaceSelector: matchLabels: - name: {{ .Release.Namespace }} + kubernetes.io/metadata.name: {{ .Release.Namespace }} podSelector: {} # Allow access to the kube-system namespace for service discovery - namespaceSelector: matchLabels: - name: kube-system + kubernetes.io/metadata.name: kube-system podSelector: {} # Allow this namespace to access itself - podSelector: {} @@ -40,12 +40,12 @@ spec: # Allow admin namespace to access this namespace - namespaceSelector: matchLabels: - name: {{ .Release.Namespace }} + kubernetes.io/metadata.name: {{ .Release.Namespace }} podSelector: {} # Allow access to the kube-system namespace for service discovery - namespaceSelector: matchLabels: - name: kube-system + kubernetes.io/metadata.name: kube-system podSelector: {} # Allow this namespace to access itself - podSelector: {} diff --git a/charts/charts/tenant-namespace/values.yaml b/charts/charts/tenant-namespace/values.yaml index 380e602..cb1be2e 100644 --- a/charts/charts/tenant-namespace/values.yaml +++ b/charts/charts/tenant-namespace/values.yaml @@ -83,6 +83,8 @@ ingress: enabled: true admissionWebhooks: enabled: false + ingressClassResource: + enabled: false rbac: scope: true From 8ec22b770339c644de90b5fc20f345a6057e7e22 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 15 Jun 2022 17:23:45 -0700 Subject: [PATCH 272/331] Fix notes Signed-off-by: Kevin Fox --- charts/charts/tenant-namespace/templates/NOTES.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/charts/tenant-namespace/templates/NOTES.txt b/charts/charts/tenant-namespace/templates/NOTES.txt index e290118..fab3c30 100644 --- a/charts/charts/tenant-namespace/templates/NOTES.txt +++ b/charts/charts/tenant-namespace/templates/NOTES.txt @@ -21,7 +21,7 @@ You need to ensure there is a ClusterRoleBinding that lets ingress-nginx read in ``` subjects: - kind: ServiceAccount - name: example-ingress - namespace: "example-admin" + name: {{ .Release.Name }}-ingress + namespace: {{ .Release.Namespace }} ``` {{ end }} From dd37f6b3404c6cf543df0a45d580de084556e04a Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Thu, 23 Jun 2022 14:15:20 -0700 Subject: [PATCH 273/331] [k8s-node-image] Added PDBs Upgraded to v2 Chart Moved standard labels to helpers Added image pull secrets Added pod annotations --- charts/charts/buildall | 2 +- charts/charts/k8s-node-image/.helmignore | 23 +++++++++++++++ charts/charts/k8s-node-image/Chart.yaml | 10 ++++++- .../charts/k8s-node-image/requirements.yaml | 7 ----- .../k8s-node-image/templates/_helpers.tpl | 19 +++++++++++++ .../templates/anaconda-deployment.yaml | 28 +++++++++++-------- .../templates/anaconda-pdb.yaml | 17 +++++++++++ .../templates/anaconda-service.yaml | 9 ++---- .../k8s-node-image/templates/ingress.yaml | 5 +--- .../templates/k8s-node-deployment.yaml | 28 +++++++++++-------- .../templates/k8s-node-pdb.yaml | 17 +++++++++++ .../templates/k8s-node-service.yaml | 9 ++---- charts/charts/k8s-node-image/values.yaml | 6 ++++ 13 files changed, 131 insertions(+), 49 deletions(-) create mode 100644 charts/charts/k8s-node-image/.helmignore delete mode 100644 charts/charts/k8s-node-image/requirements.yaml create mode 100644 charts/charts/k8s-node-image/templates/anaconda-pdb.yaml create mode 100644 charts/charts/k8s-node-image/templates/k8s-node-pdb.yaml diff --git a/charts/charts/buildall b/charts/charts/buildall index 8b61c9f..6e73f1e 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -25,7 +25,7 @@ helm repo update for ver in 1-20 1-21 1-22 1-23 1-24; do cp -a k8s-node-image k8s-node-image-$ver - sed -i "s@k8s-node-image-nginx-1-14@k8s-node-image-nginx-$ver@g" k8s-node-image-$ver/requirements.yaml k8s-node-image-$ver/values.yaml + sed -i "s@k8s-node-image-nginx-1-14@k8s-node-image-nginx-$ver@g" k8s-node-image-$ver/Chart.yaml k8s-node-image-$ver/values.yaml sed -i "s@^name:.*@name: k8s-node-image-$ver@g" k8s-node-image-$ver/Chart.yaml pushd k8s-node-image-$ver 2>/dev/null helm dep up --skip-refresh diff --git a/charts/charts/k8s-node-image/.helmignore b/charts/charts/k8s-node-image/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/charts/k8s-node-image/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/charts/k8s-node-image/Chart.yaml b/charts/charts/k8s-node-image/Chart.yaml index d3770dc..3c6e2f7 100644 --- a/charts/charts/k8s-node-image/Chart.yaml +++ b/charts/charts/k8s-node-image/Chart.yaml @@ -1,5 +1,13 @@ -apiVersion: v1 +apiVersion: v2 appVersion: "1.0" description: A Helm chart for Kubernetes +type: application name: k8s-node-image version: 0.2.0 +dependencies: +- name: k8s-node-image-nginx-1-14 + version: 2.0.0 + repository: https://pnnl-miscscripts.github.io/image-library-charts/ +- name: anaconda-nginx + version: 2.0.0 + repository: https://pnnl-miscscripts.github.io/image-library-charts/ diff --git a/charts/charts/k8s-node-image/requirements.yaml b/charts/charts/k8s-node-image/requirements.yaml deleted file mode 100644 index f3cdf12..0000000 --- a/charts/charts/k8s-node-image/requirements.yaml +++ /dev/null @@ -1,7 +0,0 @@ -dependencies: -- name: k8s-node-image-nginx-1-14 - version: 2.0.0 - repository: https://pnnl-miscscripts.github.io/image-library-charts/ -- name: anaconda-nginx - version: 2.0.0 - repository: https://pnnl-miscscripts.github.io/image-library-charts/ diff --git a/charts/charts/k8s-node-image/templates/_helpers.tpl b/charts/charts/k8s-node-image/templates/_helpers.tpl index 0120d2c..3287edb 100644 --- a/charts/charts/k8s-node-image/templates/_helpers.tpl +++ b/charts/charts/k8s-node-image/templates/_helpers.tpl @@ -81,3 +81,22 @@ takes dot, prefix, suffix, and type. type can be either f or d. {{- end }} {{- end -}} +{{/* +Common labels +*/}} +{{- define "pnnlmiscscripts.k8s-node-image-full.labels" -}} +helm.sh/chart: {{ include "pnnlmiscscripts.k8s-node-image-full.chart" . }} +{{ include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "pnnlmiscscripts.k8s-node-image-full.selectorLabels" -}} +app.kubernetes.io/name: {{ include "pnnlmiscscripts.k8s-node-image-full.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} \ No newline at end of file diff --git a/charts/charts/k8s-node-image/templates/anaconda-deployment.yaml b/charts/charts/k8s-node-image/templates/anaconda-deployment.yaml index f97c358..5d9daea 100644 --- a/charts/charts/k8s-node-image/templates/anaconda-deployment.yaml +++ b/charts/charts/k8s-node-image/templates/anaconda-deployment.yaml @@ -3,25 +3,29 @@ kind: Deployment metadata: name: {{ include "pnnlmiscscripts.k8s-node-image-full.anaconda.fullname" . }} labels: - app.kubernetes.io/name: {{ include "pnnlmiscscripts.k8s-node-image-full.name" . }} - helm.sh/chart: {{ include "pnnlmiscscripts.k8s-node-image-full.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} + app.kubernetes.io/component: anaconda svc: anaconda spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: - app.kubernetes.io/name: {{ include "pnnlmiscscripts.k8s-node-image-full.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} + {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 6 }} svc: anaconda template: metadata: + {{- with .Values.anaconda.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} labels: - app.kubernetes.io/name: {{ include "pnnlmiscscripts.k8s-node-image-full.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} + {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 8 }} svc: anaconda spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: main command: ["nginx", "-g", "daemon off;"] @@ -52,11 +56,11 @@ spec: nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} + {{- end }} + {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} diff --git a/charts/charts/k8s-node-image/templates/anaconda-pdb.yaml b/charts/charts/k8s-node-image/templates/anaconda-pdb.yaml new file mode 100644 index 0000000..1d898a6 --- /dev/null +++ b/charts/charts/k8s-node-image/templates/anaconda-pdb.yaml @@ -0,0 +1,17 @@ +{{- if (gt (.Values.replicaCount | int) 1) }} +apiVersion: {{ ternary "policy/v1" "policy/v1beta1" (semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version) }} +kind: PodDisruptionBudget +metadata: + labels: + {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} + app.kubernetes.io/component: anaconda + svc: anaconda + name: {{ include "pnnlmiscscripts.k8s-node-image-full.anaconda.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 6 }} + svc: anaconda + minAvailable: {{ .Values.minAvailable }} +{{- end }} \ No newline at end of file diff --git a/charts/charts/k8s-node-image/templates/anaconda-service.yaml b/charts/charts/k8s-node-image/templates/anaconda-service.yaml index 0091ce8..c52e554 100644 --- a/charts/charts/k8s-node-image/templates/anaconda-service.yaml +++ b/charts/charts/k8s-node-image/templates/anaconda-service.yaml @@ -3,10 +3,8 @@ kind: Service metadata: name: {{ include "pnnlmiscscripts.k8s-node-image-full.anaconda.fullname" . }} labels: - app.kubernetes.io/name: {{ include "pnnlmiscscripts.k8s-node-image-full.name" . }} - helm.sh/chart: {{ include "pnnlmiscscripts.k8s-node-image-full.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} + app.kubernetes.io/component: anaconda svc: anaconda spec: type: {{ .Values.anaconda.service.type }} @@ -16,6 +14,5 @@ spec: protocol: TCP name: http selector: - app.kubernetes.io/name: {{ include "pnnlmiscscripts.k8s-node-image-full.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} + {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 4 }} svc: anaconda diff --git a/charts/charts/k8s-node-image/templates/ingress.yaml b/charts/charts/k8s-node-image/templates/ingress.yaml index cc893df..77c7f6c 100644 --- a/charts/charts/k8s-node-image/templates/ingress.yaml +++ b/charts/charts/k8s-node-image/templates/ingress.yaml @@ -20,10 +20,7 @@ kind: Ingress metadata: name: {{ include "pnnlmiscscripts.k8s-node-image-full.fullname" . }} labels: - app.kubernetes.io/name: {{ include "pnnlmiscscripts.k8s-node-image-full.name" . }} - helm.sh/chart: {{ include "pnnlmiscscripts.k8s-node-image-full.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} annotations: {{- if .Values.ingress.regex }} nginx.ingress.kubernetes.io/rewrite-target: /$1 diff --git a/charts/charts/k8s-node-image/templates/k8s-node-deployment.yaml b/charts/charts/k8s-node-image/templates/k8s-node-deployment.yaml index e4bcabf..9fe4ed7 100644 --- a/charts/charts/k8s-node-image/templates/k8s-node-deployment.yaml +++ b/charts/charts/k8s-node-image/templates/k8s-node-deployment.yaml @@ -3,25 +3,29 @@ kind: Deployment metadata: name: {{ include "pnnlmiscscripts.k8s-node-image-full.k8s-node.fullname" . }} labels: - app.kubernetes.io/name: {{ include "pnnlmiscscripts.k8s-node-image-full.name" . }} - helm.sh/chart: {{ include "pnnlmiscscripts.k8s-node-image-full.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} + app.kubernetes.io/component: k8s-node svc: k8s-node spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: - app.kubernetes.io/name: {{ include "pnnlmiscscripts.k8s-node-image-full.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} + {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 6 }} svc: k8s-node template: metadata: + {{- with .Values.k8sNode.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} labels: - app.kubernetes.io/name: {{ include "pnnlmiscscripts.k8s-node-image-full.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} + {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 8 }} svc: k8s-node spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: main command: ["nginx", "-g", "daemon off;"] @@ -52,11 +56,11 @@ spec: nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} + {{- end }} + {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} diff --git a/charts/charts/k8s-node-image/templates/k8s-node-pdb.yaml b/charts/charts/k8s-node-image/templates/k8s-node-pdb.yaml new file mode 100644 index 0000000..8f657ab --- /dev/null +++ b/charts/charts/k8s-node-image/templates/k8s-node-pdb.yaml @@ -0,0 +1,17 @@ +{{- if (gt (.Values.replicaCount | int) 1) }} +apiVersion: {{ ternary "policy/v1" "policy/v1beta1" (semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version) }} +kind: PodDisruptionBudget +metadata: + labels: + {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} + app.kubernetes.io/component: k8s-node + svc: k8s-node + name: {{ include "pnnlmiscscripts.k8s-node-image-full.k8s-node.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 6 }} + svc: k8s-node + minAvailable: {{ .Values.minAvailable }} +{{- end }} \ No newline at end of file diff --git a/charts/charts/k8s-node-image/templates/k8s-node-service.yaml b/charts/charts/k8s-node-image/templates/k8s-node-service.yaml index cd729f4..d9ab405 100644 --- a/charts/charts/k8s-node-image/templates/k8s-node-service.yaml +++ b/charts/charts/k8s-node-image/templates/k8s-node-service.yaml @@ -3,10 +3,8 @@ kind: Service metadata: name: {{ include "pnnlmiscscripts.k8s-node-image-full.k8s-node.fullname" . }} labels: - app.kubernetes.io/name: {{ include "pnnlmiscscripts.k8s-node-image-full.name" . }} - helm.sh/chart: {{ include "pnnlmiscscripts.k8s-node-image-full.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} + app.kubernetes.io/component: k8s-node svc: k8s-node spec: type: {{ .Values.k8sNode.service.type }} @@ -16,6 +14,5 @@ spec: protocol: TCP name: http selector: - app.kubernetes.io/name: {{ include "pnnlmiscscripts.k8s-node-image-full.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} + {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 4 }} svc: k8s-node diff --git a/charts/charts/k8s-node-image/values.yaml b/charts/charts/k8s-node-image/values.yaml index 144c6e4..5d874d9 100644 --- a/charts/charts/k8s-node-image/values.yaml +++ b/charts/charts/k8s-node-image/values.yaml @@ -3,7 +3,9 @@ # Declare variables to be passed into your templates. replicaCount: 2 +minAvailable: 1 +imagePullSecrets: [] nameOverride: "" fullnameOverride: "" @@ -14,6 +16,8 @@ anaconda: service: type: ClusterIP port: 80 + + podAnnotations: {} k8sNode: prefix: "pnnlmiscscripts.k8s-node-image-nginx-1-14" @@ -23,6 +27,8 @@ k8sNode: service: type: ClusterIP port: 80 + + podAnnotations: {} ingress: enabled: true From d8dcfc2c366559f2e2c803425f1daa3b68c26dde Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Thu, 23 Jun 2022 15:39:36 -0700 Subject: [PATCH 274/331] Updated CRDs to apiext/v1 Used operator-sdk v1.22.0 to generate CRD examples --- ...nl.gov_clustergitlabrunnerflavors_crd.yaml | 36 +++++++++++++++---- ...iscscripts.pnnl.gov_gitlabrunners_crd.yaml | 36 +++++++++++++++---- ...s.pnnl.gov_tenantnamespaceflavors_crd.yaml | 36 +++++++++++++++---- ...scripts.pnnl.gov_tenantnamespaces_crd.yaml | 36 +++++++++++++++---- 4 files changed, 116 insertions(+), 28 deletions(-) diff --git a/containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_clustergitlabrunnerflavors_crd.yaml b/containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_clustergitlabrunnerflavors_crd.yaml index 3f1d43b..8bf5c21 100644 --- a/containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_clustergitlabrunnerflavors_crd.yaml +++ b/containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_clustergitlabrunnerflavors_crd.yaml @@ -1,4 +1,5 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +--- +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: clustergitlabrunnerflavors.miscscripts.pnnl.gov @@ -10,13 +11,34 @@ spec: plural: clustergitlabrunnerflavors singular: clustergitlabrunnerflavor scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true versions: - name: v1beta1 + schema: + openAPIV3Schema: + description: ClusterGitlabRunnerFlavor is the Schema for the clustergitlabrunnerflavors API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of ClusterGitlabRunnerFlavor + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of ClusterGitlabRunnerFlavor + type: object + x-kubernetes-preserve-unknown-fields: true + type: object served: true storage: true + subresources: + status: {} diff --git a/containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_gitlabrunners_crd.yaml b/containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_gitlabrunners_crd.yaml index 8619abb..39ea809 100644 --- a/containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_gitlabrunners_crd.yaml +++ b/containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_gitlabrunners_crd.yaml @@ -1,4 +1,5 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +--- +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: gitlabrunners.miscscripts.pnnl.gov @@ -10,13 +11,34 @@ spec: plural: gitlabrunners singular: gitlabrunner scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true versions: - name: v1beta1 + schema: + openAPIV3Schema: + description: GitlabRunner is the Schema for the gitlabrunners API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of GitlabRunner + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of GitlabRunner + type: object + x-kubernetes-preserve-unknown-fields: true + type: object served: true storage: true + subresources: + status: {} diff --git a/containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespaceflavors_crd.yaml b/containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespaceflavors_crd.yaml index 775adf7..e6c912a 100644 --- a/containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespaceflavors_crd.yaml +++ b/containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespaceflavors_crd.yaml @@ -1,4 +1,5 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +--- +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: tenantnamespaceflavors.miscscripts.pnnl.gov @@ -10,13 +11,34 @@ spec: plural: tenantnamespaceflavors singular: tenantnamespaceflavor scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true versions: - name: v1beta1 + schema: + openAPIV3Schema: + description: TenantNamespaceFlavor is the Schema for the tenantnamespaceflavors API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of TenantNamespaceFlavor + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of TenantNamespaceFlavor + type: object + x-kubernetes-preserve-unknown-fields: true + type: object served: true storage: true + subresources: + status: {} diff --git a/containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespaces_crd.yaml b/containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespaces_crd.yaml index 63f7538..de94ed5 100644 --- a/containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespaces_crd.yaml +++ b/containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespaces_crd.yaml @@ -1,4 +1,5 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +--- +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: tenantnamespaces.miscscripts.pnnl.gov @@ -10,13 +11,34 @@ spec: plural: tenantnamespaces singular: tenantnamespace scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true versions: - name: v1beta1 + schema: + openAPIV3Schema: + description: TenantNamespace is the Schema for the tenantnamespaces API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired state of TenantNamespace + type: object + x-kubernetes-preserve-unknown-fields: true + status: + description: Status defines the observed state of TenantNamespace + type: object + x-kubernetes-preserve-unknown-fields: true + type: object served: true storage: true + subresources: + status: {} From 0bce841e80f355445b7e1d9a8003d55a82b84691 Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Thu, 23 Jun 2022 16:16:54 -0700 Subject: [PATCH 275/331] Fixed v1 CRDs Added preserveUnknownFields=false to migrate from apiext/v1beta1 --- .../miscscripts.pnnl.gov_clustergitlabrunnerflavors_crd.yaml | 1 + .../deploy/crds/miscscripts.pnnl.gov_gitlabrunners_crd.yaml | 1 + .../crds/miscscripts.pnnl.gov_tenantnamespaceflavors_crd.yaml | 1 + .../deploy/crds/miscscripts.pnnl.gov_tenantnamespaces_crd.yaml | 1 + 4 files changed, 4 insertions(+) diff --git a/containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_clustergitlabrunnerflavors_crd.yaml b/containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_clustergitlabrunnerflavors_crd.yaml index 8bf5c21..0eed10d 100644 --- a/containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_clustergitlabrunnerflavors_crd.yaml +++ b/containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_clustergitlabrunnerflavors_crd.yaml @@ -11,6 +11,7 @@ spec: plural: clustergitlabrunnerflavors singular: clustergitlabrunnerflavor scope: Cluster + preserveUnknownFields: false versions: - name: v1beta1 schema: diff --git a/containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_gitlabrunners_crd.yaml b/containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_gitlabrunners_crd.yaml index 39ea809..19321ff 100644 --- a/containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_gitlabrunners_crd.yaml +++ b/containers/gitlab-runner-operator/deploy/crds/miscscripts.pnnl.gov_gitlabrunners_crd.yaml @@ -11,6 +11,7 @@ spec: plural: gitlabrunners singular: gitlabrunner scope: Namespaced + preserveUnknownFields: false versions: - name: v1beta1 schema: diff --git a/containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespaceflavors_crd.yaml b/containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespaceflavors_crd.yaml index e6c912a..7cf4630 100644 --- a/containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespaceflavors_crd.yaml +++ b/containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespaceflavors_crd.yaml @@ -11,6 +11,7 @@ spec: plural: tenantnamespaceflavors singular: tenantnamespaceflavor scope: Cluster + preserveUnknownFields: false versions: - name: v1beta1 schema: diff --git a/containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespaces_crd.yaml b/containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespaces_crd.yaml index de94ed5..8330f6f 100644 --- a/containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespaces_crd.yaml +++ b/containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespaces_crd.yaml @@ -11,6 +11,7 @@ spec: plural: tenantnamespaces singular: tenantnamespace scope: Cluster + preserveUnknownFields: false versions: - name: v1beta1 schema: From 3ce1f9635633b71f7b6fdc0111b4178e851c37c2 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 24 Jun 2022 15:46:42 -0700 Subject: [PATCH 276/331] Disable volume patch for gitlab runner as most of the functionality is now upstream. --- containers/gitlab-runner-operator/Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/containers/gitlab-runner-operator/Dockerfile b/containers/gitlab-runner-operator/Dockerfile index b5789c6..47e861c 100644 --- a/containers/gitlab-runner-operator/Dockerfile +++ b/containers/gitlab-runner-operator/Dockerfile @@ -24,13 +24,13 @@ RUN \ helm pull gitlab/gitlab-runner --untar && \ cd gitlab-runner && \ awk -F: '{if($1 == "version"){print $2}}' Chart.yaml | sed 's/ //g' && \ - echo Applying volume.patch && \ - patch -p1 < /volume.patch && \ + echo Skipping volume.patch && \ + echo patch -p1 /volume.patch && \ cd .. && \ yum remove -y patch git && \ cd ${HOME} && \ find roles/ -type f -exec md5sum {} \; > /.extrafingerprints && \ - echo 0.1.3 >> /.extrafingerprints && \ + echo 0.1.4 >> /.extrafingerprints && \ awk -F: '{if($1 == "version"){print $2}}' /gitlab-runner/Chart.yaml | sed 's/ //g' >> /.extrafingerprints && \ md5sum watches.yaml >> /.extrafingerprints From 6f62534db9524e9a206f16b6fd40cf046e771d0f Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 27 Jun 2022 15:32:20 -0700 Subject: [PATCH 277/331] Fix ClusterRoleBinding name to be unique Signed-off-by: Kevin Fox --- charts/charts/tenant-namespace/Chart.yaml | 2 +- .../templates/ingress-nginx-clusterrolebinding.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/charts/tenant-namespace/Chart.yaml b/charts/charts/tenant-namespace/Chart.yaml index cc8252c..9ed3b1d 100644 --- a/charts/charts/tenant-namespace/Chart.yaml +++ b/charts/charts/tenant-namespace/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 type: application description: Chart for setting up a tenants namespace with all the goodies name: tenant-namespace -version: 0.7.10 +version: 0.7.11 appVersion: "1.0" dependencies: - name: magic-namespace diff --git a/charts/charts/tenant-namespace/templates/ingress-nginx-clusterrolebinding.yaml b/charts/charts/tenant-namespace/templates/ingress-nginx-clusterrolebinding.yaml index 24b6b27..2aa6430 100644 --- a/charts/charts/tenant-namespace/templates/ingress-nginx-clusterrolebinding.yaml +++ b/charts/charts/tenant-namespace/templates/ingress-nginx-clusterrolebinding.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: pmstn-{{ template "namespace.name" . }}-ic + name: pmstn-{{ .Values.magicnamespace.namespace }}-ic labels: {{- include "namespace.labels" . | nindent 4 }} roleRef: From 9f9135b8c509ba2b661dc851d1f01d5fe51642f9 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 27 Jun 2022 16:10:11 -0700 Subject: [PATCH 278/331] Upgrade tenant-namespace-operator to use the new version of the tenant-namespace chart Signed-off-by: Kevin Fox --- .../templates/deployment.yaml | 4 +++- .../templates/ic-clusterrole.yaml | 15 +++++++++++++++ .../templates/ingressclass.yaml | 10 ++++++++++ .../charts/tenant-namespace-operator/values.yaml | 4 ++++ containers/tenant-namespace-operator/Dockerfile | 5 ++--- .../roles/tenantnamespace/tasks/main.yml | 2 ++ 6 files changed, 36 insertions(+), 4 deletions(-) create mode 100644 charts/charts/tenant-namespace-operator/templates/ic-clusterrole.yaml create mode 100644 charts/charts/tenant-namespace-operator/templates/ingressclass.yaml diff --git a/charts/charts/tenant-namespace-operator/templates/deployment.yaml b/charts/charts/tenant-namespace-operator/templates/deployment.yaml index c9e0a6a..9719707 100644 --- a/charts/charts/tenant-namespace-operator/templates/deployment.yaml +++ b/charts/charts/tenant-namespace-operator/templates/deployment.yaml @@ -23,7 +23,7 @@ spec: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - name: {{ include "tenant-namespace-operator.fullname" . }} - image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}" + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} volumeMounts: - mountPath: /tmp/ansible-operator/runner @@ -57,6 +57,8 @@ spec: - name: DRYRUN value: "yes" {{- end }} + - name: INGRESS_CLUSTERROLE + value: {{ include "tenant-namespace-operator.fullname" . }}-ic volumes: - name: runner emptyDir: {} diff --git a/charts/charts/tenant-namespace-operator/templates/ic-clusterrole.yaml b/charts/charts/tenant-namespace-operator/templates/ic-clusterrole.yaml new file mode 100644 index 0000000..e280d0b --- /dev/null +++ b/charts/charts/tenant-namespace-operator/templates/ic-clusterrole.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "tenant-namespace-operator.fullname" . }}-ic + labels: +{{ include "tenant-namespace-operator.labels" . | nindent 4 }} +rules: + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - get + - list + - watch diff --git a/charts/charts/tenant-namespace-operator/templates/ingressclass.yaml b/charts/charts/tenant-namespace-operator/templates/ingressclass.yaml new file mode 100644 index 0000000..44458c3 --- /dev/null +++ b/charts/charts/tenant-namespace-operator/templates/ingressclass.yaml @@ -0,0 +1,10 @@ +{{- if .Values.ingressClass.enabled }} +apiVersion: networking.k8s.io/v1 +kind: IngressClass +metadata: + name: {{ .Values.ingressClass.name }} + labels: + {{- include "tenant-namespace-operator.labels" . | nindent 4 }} +spec: + controller: k8s.io/ingress-nginx +{{- end }} diff --git a/charts/charts/tenant-namespace-operator/values.yaml b/charts/charts/tenant-namespace-operator/values.yaml index b79e1e1..3c0637e 100644 --- a/charts/charts/tenant-namespace-operator/values.yaml +++ b/charts/charts/tenant-namespace-operator/values.yaml @@ -56,3 +56,7 @@ nodeSelector: {} tolerations: [] affinity: {} + +ingressClass: + enabled: true + name: nginx diff --git a/containers/tenant-namespace-operator/Dockerfile b/containers/tenant-namespace-operator/Dockerfile index 6df9d87..42a6b2e 100644 --- a/containers/tenant-namespace-operator/Dockerfile +++ b/containers/tenant-namespace-operator/Dockerfile @@ -25,12 +25,11 @@ RUN \ ansible-galaxy collection install -r ${HOME}/requirements.yml && \ chmod -R ug+rwx ${HOME}/.ansible && \ helm plugin install https://github.com/databus23/helm-diff --version master && \ - helm pull --repo https://pnnl-miscscripts.github.io/charts tenant-namespace --version 0.6.9 --untar && \ + helm pull --repo https://pnnl-miscscripts.github.io/charts tenant-namespace --version 0.6.12 --untar && \ cd tenant-namespace/charts/ingress-nginx/ && \ - patch -p3 --no-backup-if-mismatch <${HOME}/configmap.patch && \ cd - && \ find roles/ -type f -exec md5sum {} \; > /.extrafingerprints && \ - echo 0.1.11 >> /.extrafingerprints && \ + echo 0.1.12 >> /.extrafingerprints && \ md5sum watches.yaml >> /.extrafingerprints ENTRYPOINT ["/usr/local/bin/entrypoint", "--inject-owner-ref=false"] diff --git a/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml index 3fdfcc3..a58b193 100644 --- a/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml +++ b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml @@ -91,6 +91,8 @@ magicnamespace: namespace: "{{ meta.name }}" ingress: + nginx: + clusterRole: "{{ lookup('env','INGRESS_CLUSTERROLE') | default('tenant-namespace-operator-ingress-controller') }}" controller: scope: namespace: "{{ meta.name }}" From f308a0e4d59dc55beaf7ee7f0dc326aaa6adc591 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 27 Jun 2022 16:49:18 -0700 Subject: [PATCH 279/331] Bump up versions --- charts/charts/tenant-namespace-operator/Chart.yaml | 2 +- containers/tenant-namespace-operator/buildenv | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/charts/tenant-namespace-operator/Chart.yaml b/charts/charts/tenant-namespace-operator/Chart.yaml index e231bc1..789833e 100644 --- a/charts/charts/tenant-namespace-operator/Chart.yaml +++ b/charts/charts/tenant-namespace-operator/Chart.yaml @@ -18,4 +18,4 @@ version: 0.1.13 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: 0.1.11-1 +appVersion: 0.1.12-1 diff --git a/containers/tenant-namespace-operator/buildenv b/containers/tenant-namespace-operator/buildenv index 6d8f18b..fcd86f9 100644 --- a/containers/tenant-namespace-operator/buildenv +++ b/containers/tenant-namespace-operator/buildenv @@ -1 +1 @@ -export PREFIX=0.1.11 +export PREFIX=0.1.12 From a28db3bd6319267fee0f0c6251b373844150c13a Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 27 Jun 2022 16:50:48 -0700 Subject: [PATCH 280/331] Bump up versions --- charts/charts/tenant-namespace-operator/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/charts/tenant-namespace-operator/Chart.yaml b/charts/charts/tenant-namespace-operator/Chart.yaml index 789833e..8171b87 100644 --- a/charts/charts/tenant-namespace-operator/Chart.yaml +++ b/charts/charts/tenant-namespace-operator/Chart.yaml @@ -14,7 +14,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.1.13 +version: 0.1.14 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. From 2b97abe96c576657aec8f80573c58202da32d809 Mon Sep 17 00:00:00 2001 From: kfox1111 Date: Wed, 29 Jun 2022 16:57:35 -0700 Subject: [PATCH 281/331] Fix ingress class name --- charts/charts/tenant-namespace-operator/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/charts/tenant-namespace-operator/values.yaml b/charts/charts/tenant-namespace-operator/values.yaml index 3c0637e..fd0c5b1 100644 --- a/charts/charts/tenant-namespace-operator/values.yaml +++ b/charts/charts/tenant-namespace-operator/values.yaml @@ -59,4 +59,4 @@ affinity: {} ingressClass: enabled: true - name: nginx + name: public From 7fc3a66ce95fc61ec30f4e93d1f3be53f955117c Mon Sep 17 00:00:00 2001 From: kfox1111 Date: Fri, 5 Aug 2022 07:12:15 -0700 Subject: [PATCH 282/331] Build 0.7 of the smartctl exporter --- containers/smartctl-exporter/Dockerfile | 15 ++++----------- containers/smartctl-exporter/buildenv | 2 +- 2 files changed, 5 insertions(+), 12 deletions(-) diff --git a/containers/smartctl-exporter/Dockerfile b/containers/smartctl-exporter/Dockerfile index 1b0506e..7686266 100644 --- a/containers/smartctl-exporter/Dockerfile +++ b/containers/smartctl-exporter/Dockerfile @@ -1,16 +1,9 @@ -FROM golang -RUN \ - wget -q -O /tmp/exporter.tar.gz https://github.com/Sheridan/smartctl_exporter/archive/smartctl_exporter_0.5.tar.gz && \ - tar -zxvf /tmp/exporter.tar.gz && \ - cd smartctl* && \ - export CGO_ENABLED=0 && \ - make && \ - make install && \ - mv bin/smartctl* /bin/smartctl_exporter - FROM alpine -COPY --from=0 /bin/smartctl_exporter /bin/smartctl_exporter RUN \ + wget -O exporter.tar.gz https://github.com/prometheus-community/smartctl_exporter/releases/download/v0.7.0/smartctl_exporter-0.7.0.linux-amd64.tar.gz && \ + tar -zxvf exporter.tar.gz && \ + mv smartctl_exporter*/smartctl_exporter /bin/ && \ + rm -rf smartctl_exporter* && \ apk add --no-cache --update smartmontools COPY smartctl_exporter.yaml /etc/smartctl_exporter.yaml diff --git a/containers/smartctl-exporter/buildenv b/containers/smartctl-exporter/buildenv index 80779d7..845acfb 100644 --- a/containers/smartctl-exporter/buildenv +++ b/containers/smartctl-exporter/buildenv @@ -1 +1 @@ -export PREFIX=0.5 +export PREFIX=0.7 From bda20ce7d570746d55864a4283d94db4c8c85907 Mon Sep 17 00:00:00 2001 From: kfox1111 Date: Fri, 5 Aug 2022 07:37:13 -0700 Subject: [PATCH 283/331] Add back smartctl exporter builds --- .github/workflows/main.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e53ab37..96044f4 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -88,13 +88,13 @@ jobs: uses: actions/checkout@v2 - name: Build debug-toolbox container run: ./containers/build debug-toolbox -# buildc-smartctl-exporter: -# runs-on: ubuntu-20.04 -# steps: -# - name: Checkout -# uses: actions/checkout@v2 -# - name: Build smartctl-exporter container -# run: ./containers/build smartctl-exporter + buildc-smartctl-exporter: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Build smartctl-exporter container + run: ./containers/build smartctl-exporter buildc-rpms-containerd: runs-on: ubuntu-20.04 steps: From 721fa267fc038fab7a9d3ebf6c8293eb0e7134ca Mon Sep 17 00:00:00 2001 From: kfox1111 Date: Fri, 5 Aug 2022 07:44:52 -0700 Subject: [PATCH 284/331] Stop building k8s 1.20 containers --- .github/workflows/main.yml | 38 -------------------------------------- 1 file changed, 38 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 96044f4..ec0062f 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -167,18 +167,6 @@ jobs: printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-kubernetes 1.24 rm -f rpm.priv - buildc-rpms-k8s-20: - runs-on: ubuntu-20.04 - steps: - - name: Checkout - uses: actions/checkout@v2 - - name: Build rpms-kubernetes container 1.20 - env: - RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} - run: | - printf "%s" "$RPM_GPG_KEY" > rpm.priv - ./containers/build rpms-kubernetes 1.20 - rm -f rpm.priv buildc-rpms-k8s-21: runs-on: ubuntu-20.04 steps: @@ -250,23 +238,6 @@ jobs: printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build k8s-node-image 1.24 rm -f rpm.priv - build-node-image-20: - runs-on: ubuntu-20.04 - needs: - - buildc-rpms-node-base - - buildc-rpms-containerd - - buildc-rpms-openvswitch - - buildc-rpms-k8s-20 - steps: - - name: Checkout - uses: actions/checkout@v2 - - name: Build full k8s node image 1.20 - env: - RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} - run: | - printf "%s" "$RPM_GPG_KEY" > rpm.priv - ./containers/build k8s-node-image 1.20 - rm -f rpm.priv build-node-image-21: runs-on: ubuntu-20.04 needs: @@ -321,15 +292,6 @@ jobs: uses: actions/checkout@v2 - name: Build k8s-node-image+nginx container 1.24 run: ./containers/build k8s-node-image-nginx 1.24 - build-node-image-20-nginx: - runs-on: ubuntu-20.04 - needs: - - build-node-image-20 - steps: - - name: Checkout - uses: actions/checkout@v2 - - name: Build k8s-node-image+nginx container 1.20 - run: ./containers/build k8s-node-image-nginx 1.20 build-node-image-21-nginx: runs-on: ubuntu-20.04 needs: From a6454e6a4ebba0d08fc65c40a9e7ef5afcd208c6 Mon Sep 17 00:00:00 2001 From: kfox1111 Date: Fri, 5 Aug 2022 07:47:36 -0700 Subject: [PATCH 285/331] Disable chart builds of k8s 1.20 too. --- charts/charts/buildall | 4 ++-- charts/image-library-charts/buildall | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/charts/buildall b/charts/charts/buildall index 6e73f1e..62ac09e 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -23,7 +23,7 @@ helm repo add pnnl-miscscripts https://pnnl-miscscripts.github.io/charts/ helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx helm repo update -for ver in 1-20 1-21 1-22 1-23 1-24; do +for ver in 1-21 1-22 1-23 1-24; do cp -a k8s-node-image k8s-node-image-$ver sed -i "s@k8s-node-image-nginx-1-14@k8s-node-image-nginx-$ver@g" k8s-node-image-$ver/Chart.yaml k8s-node-image-$ver/values.yaml sed -i "s@^name:.*@name: k8s-node-image-$ver@g" k8s-node-image-$ver/Chart.yaml @@ -42,7 +42,7 @@ for CHART in nginx-app console chronyd dhcpd ipmi-exporter kubeupdater k8s-node- RAWCHART=$CHART case "$CHART" in k8s-node-image) - SUBBUILDS="1-20 1-21 1-22 1-23 1-24" + SUBBUILDS="1-21 1-22 1-23 1-24" ;; *) SUBBUILDS="latest" diff --git a/charts/image-library-charts/buildall b/charts/image-library-charts/buildall index dc8dd49..60c4fa6 100755 --- a/charts/image-library-charts/buildall +++ b/charts/image-library-charts/buildall @@ -23,7 +23,7 @@ CHANGE=0 for CONTAINER in ipmitool ipmi-exporter dhcpd inotify-tools chronyd debug-toolbox anaconda-nginx k8s-node-image-nginx pixiecore smartctl-exporter; do case "$CONTAINER" in k8s-node-image-nginx) - SUBBUILDS="1.20 1.21 1.22 1.23 1.24" + SUBBUILDS="1.21 1.22 1.23 1.24" ;; *) SUBBUILDS="latest" From 79215d7978a991c52b39d8a50b966b6a84cb4a6f Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 5 Aug 2022 09:56:40 -0700 Subject: [PATCH 286/331] Support multiple configurations of smartctl-exporter in one helm release. --- charts/charts/smartctl-exporter/Chart.yaml | 4 +- .../templates/configmap.yaml | 25 +++++++--- .../templates/daemonset.yaml | 46 +++++++++++-------- charts/charts/smartctl-exporter/values.yaml | 18 ++++++-- 4 files changed, 63 insertions(+), 30 deletions(-) diff --git a/charts/charts/smartctl-exporter/Chart.yaml b/charts/charts/smartctl-exporter/Chart.yaml index bcb89ca..16ce21d 100644 --- a/charts/charts/smartctl-exporter/Chart.yaml +++ b/charts/charts/smartctl-exporter/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: "0.1.1" +appVersion: "0.1.2" description: SmartCTL Exporter for Kubernetes name: smartctl-exporter -version: 0.1.1 +version: 0.1.2 diff --git a/charts/charts/smartctl-exporter/templates/configmap.yaml b/charts/charts/smartctl-exporter/templates/configmap.yaml index d68bdbb..fd5e46f 100644 --- a/charts/charts/smartctl-exporter/templates/configmap.yaml +++ b/charts/charts/smartctl-exporter/templates/configmap.yaml @@ -1,13 +1,26 @@ +{{- if hasKey . "config" }} +{{ toYaml .config }} +{{- else }} + +{{- $global := . }} +{{- $base := dict "config" .Values.config }} +{{- $items := prepend .Values.extraInstances $base }} +{{- range $idx, $item := $items }} +{{- $config := mergeOverwrite $item.config $global.Values.common.config }} +--- apiVersion: v1 kind: ConfigMap metadata: - name: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" . }} + name: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" $global }}-{{ $idx }} labels: - app: {{ template "pnnlmiscscripts.smartctl-exporter.name" . }} - chart: {{ template "pnnlmiscscripts.smartctl-exporter.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + app: {{ template "pnnlmiscscripts.smartctl-exporter.name" $global }} + chart: {{ template "pnnlmiscscripts.smartctl-exporter.chart" $global }} + release: {{ $global.Release.Name }} + heritage: {{ $global.Release.Service }} + idx: i{{ $idx }} data: smartctl_exporter.yaml: | smartctl_exporter: -{{ toYaml .Values.config | indent 6 }} +{{ toYaml $config | indent 6 }} +{{- end }} +{{- end }} diff --git a/charts/charts/smartctl-exporter/templates/daemonset.yaml b/charts/charts/smartctl-exporter/templates/daemonset.yaml index 845f630..c94c068 100644 --- a/charts/charts/smartctl-exporter/templates/daemonset.yaml +++ b/charts/charts/smartctl-exporter/templates/daemonset.yaml @@ -1,33 +1,42 @@ +{{- $global := . }} +{{- $base := dict "resources" .Values.resources "nodeSelector" .Values.nodeSelector "affinity" .Values.affinity "tolerations" .Values.tolerations "config" .Values.config }} +{{- $items := prepend .Values.extraInstances $base }} +{{- range $idx, $item := $items }} +{{- $config := mergeOverwrite $item.config $global.Values.common.config }} +{{- $res := set $item "config" $config }} +--- apiVersion: apps/v1 kind: DaemonSet metadata: - name: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" . }} + name: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" $global }}-{{ $idx }} labels: - app: {{ template "pnnlmiscscripts.smartctl-exporter.name" . }} - chart: {{ template "pnnlmiscscripts.smartctl-exporter.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + app: {{ template "pnnlmiscscripts.smartctl-exporter.name" $global }} + chart: {{ template "pnnlmiscscripts.smartctl-exporter.chart" $global }} + release: {{ $global.Release.Name }} + heritage: {{ $global.Release.Service }} + idx: i{{ $idx }} spec: updateStrategy: rollingUpdate: maxUnavailable: 1 type: RollingUpdate - replicas: {{ .Values.replicaCount }} selector: matchLabels: - app: {{ template "pnnlmiscscripts.smartctl-exporter.name" . }} - release: {{ .Release.Name }} + app: {{ template "pnnlmiscscripts.smartctl-exporter.name" $global }} + release: {{ $global.Release.Name }} + idx: i{{ $idx }} template: metadata: labels: - app: {{ template "pnnlmiscscripts.smartctl-exporter.name" . }} - release: {{ .Release.Name }} + app: {{ template "pnnlmiscscripts.smartctl-exporter.name" $global }} + release: {{ $global.Release.Name }} + idx: i{{ $idx }} annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum | quote }} spec: containers: - - image: {{ dict "dot" . "section" .Values.image | include "pnnlmiscscripts.smartctl-exporter.image" }} - imagePullPolicy: {{ .Values.image.pullPolicy }} + - image: {{ dict "dot" . "section" $global.Values.image | include "pnnlmiscscripts.smartctl-exporter.image" }} + imagePullPolicy: {{ $global.Values.image.pullPolicy }} name: main securityContext: privileged: true @@ -36,7 +45,7 @@ spec: containerPort: 9633 protocol: TCP resources: -{{ toYaml .Values.resources | indent 10 }} +{{ toYaml $item.resources | indent 10 }} volumeMounts: - mountPath: /hostdev name: dev @@ -46,23 +55,24 @@ spec: dnsPolicy: ClusterFirst hostNetwork: true restartPolicy: Always - serviceAccountName: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" . }} + serviceAccountName: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" $global }} volumes: - configMap: - name: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" . }} + name: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" $global }}-{{ $idx }} name: config - hostPath: path: /dev name: dev - {{- with .Values.nodeSelector }} + {{- with $item.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- with $item.affinity }} affinity: {{ toYaml . | indent 8 }} {{- end }} - {{- with .Values.tolerations }} + {{- with $item.tolerations }} tolerations: {{ toYaml . | indent 8 }} {{- end }} +{{- end }} diff --git a/charts/charts/smartctl-exporter/values.yaml b/charts/charts/smartctl-exporter/values.yaml index c6be88d..4d2f1d2 100644 --- a/charts/charts/smartctl-exporter/values.yaml +++ b/charts/charts/smartctl-exporter/values.yaml @@ -1,11 +1,21 @@ config: - bind_to: "0.0.0.0:9633" - url_path: "/metrics" - smartctl_location: /usr/sbin/smartctl - collect_not_more_than_period: 120s devices: - /dev/sda +extraInstances: [] +#- config: +# devices: +# - /dev/nvme0n1 +# nodeSelector: +# type: other + +common: + config: + bind_to: "0.0.0.0:9633" + url_path: "/metrics" + smartctl_location: /usr/sbin/smartctl + collect_not_more_than_period: 120s + serviceMonitor: enabled: false # Specify namespace to load the monitor if not in the same namespace From 3416cc6313eec5c1e4ae728c021eb8651757d1e7 Mon Sep 17 00:00:00 2001 From: kfox1111 Date: Fri, 5 Aug 2022 10:53:18 -0700 Subject: [PATCH 287/331] Fix workflow --- .github/workflows/main.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index ec0062f..b8a658c 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -315,10 +315,9 @@ jobs: - build-node-image-22-nginx - build-node-image-23-nginx - build-node-image-24-nginx - - build-node-image-20-nginx - build-node-image-21-nginx - buildc-pixiecore -# - buildc-smartctl-exporter + - buildc-smartctl-exporter env: GITHUB_LIBRARY_CHARTS_TOKEN: ${{ secrets.GIT_LIBRARY_CHARTS_TOKEN }} steps: From bee8d4184b01a64966ecbad57a267345a6e7f7e1 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 5 Aug 2022 12:49:05 -0700 Subject: [PATCH 288/331] Add some basic monitoring rules. --- charts/charts/smartctl-exporter/Chart.yaml | 4 +-- .../charts/smartctl-exporter/rules/rules.txt | 36 +++++++++++++++++++ .../templates/prometheusrule.yaml | 22 ++++++++++++ charts/charts/smartctl-exporter/values.yaml | 8 +++++ 4 files changed, 68 insertions(+), 2 deletions(-) create mode 100644 charts/charts/smartctl-exporter/rules/rules.txt create mode 100644 charts/charts/smartctl-exporter/templates/prometheusrule.yaml diff --git a/charts/charts/smartctl-exporter/Chart.yaml b/charts/charts/smartctl-exporter/Chart.yaml index 16ce21d..5b08e06 100644 --- a/charts/charts/smartctl-exporter/Chart.yaml +++ b/charts/charts/smartctl-exporter/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: "0.1.2" +appVersion: "0.1.3" description: SmartCTL Exporter for Kubernetes name: smartctl-exporter -version: 0.1.2 +version: 0.1.3 diff --git a/charts/charts/smartctl-exporter/rules/rules.txt b/charts/charts/smartctl-exporter/rules/rules.txt new file mode 100644 index 0000000..faf8905 --- /dev/null +++ b/charts/charts/smartctl-exporter/rules/rules.txt @@ -0,0 +1,36 @@ +rules: +- alert: SmartCTLDeviceMediaErrors + expr: smartctl_device_media_errors != 0 + annotations: + message: Device {{ $labels.device }} on instance {{ $labels.instance }} has media errors + for: 1m + labels: + severity: error +- alert: SmartCTLDeviceCriticalWarning + expr: smartctl_device_critical_warning != 0 + annotations: + message: Device {{ $labels.device }} on instance {{ $labels.instance }} has media errors + for: 1m + labels: + severity: warning +- alert: SmartCTLDeviceAvailableSpareUnderThreadhold + expr: smartctl_device_available_spare_threshold > smartctl_device_available_spare + annotations: + message: Device {{ $labels.device }} on instance {{ $labels.instance }} is under available spare threashold. + for: 1m + labels: + severity: warning +- alert: SmartCTLDeviceStatus + expr: smartctl_device_status != 1 + annotations: + message: Device {{ $labels.device }} on instance {{ $labels.instance }} has a bad status + for: 1m + labels: + severity: error +- alert: SmartCTLDInterfaceSlow + expr: smartctl_device_interface_speed{speed_type="current"} != on(device, instance, namespace, pod) smartctl_device_interface_speed{speed_type="max"} + annotations: + message: Device {{ $labels.device }} on instance {{ $labels.instance }} interface is slower then it should be + for: 1m + labels: + severity: warning diff --git a/charts/charts/smartctl-exporter/templates/prometheusrule.yaml b/charts/charts/smartctl-exporter/templates/prometheusrule.yaml new file mode 100644 index 0000000..7a4f7a0 --- /dev/null +++ b/charts/charts/smartctl-exporter/templates/prometheusrule.yaml @@ -0,0 +1,22 @@ +{{- if .Values.prometheusRules.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" . }}.rules + labels: + app.kubernetes.io/name: {{ include "foobar.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + chart: {{ template "pnnlmiscscripts.smartctl-exporter.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if ne (len .Values.prometheusRules.extraLabels) 0 }} +{{ toYaml .Values.prometheusRules.extraLabels | indent 4 }} +{{- end }} +{{- if hasKey .Values.prometheusRules "namespace" }} + namespace: {{ .Values.prometheusRules.namespace }} +{{- end }} +spec: + groups: + - name: smartctl-exporter.rules +{{ .Files.Get "rules/rules.txt" | indent 4 }} +{{- end }} diff --git a/charts/charts/smartctl-exporter/values.yaml b/charts/charts/smartctl-exporter/values.yaml index 4d2f1d2..0e21deb 100644 --- a/charts/charts/smartctl-exporter/values.yaml +++ b/charts/charts/smartctl-exporter/values.yaml @@ -24,6 +24,14 @@ serviceMonitor: extraLabels: {} # release: prometheus-operator +prometheusRules: + enabled: false + # Specify namespace to load the monitor if not in the same namespace + # namespace: prometheus-operator + # Add Extra labels if needed. Prometeus operator may need them to find it. + extraLabels: {} + # release: prometheus-operator + image: pullPolicy: IfNotPresent From 4e67160730f8d5535a2c53037a8dbe75346cf655 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 5 Aug 2022 17:46:59 -0700 Subject: [PATCH 289/331] Fix prometheusrule --- charts/charts/smartctl-exporter/Chart.yaml | 4 ++-- charts/charts/smartctl-exporter/templates/prometheusrule.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/charts/smartctl-exporter/Chart.yaml b/charts/charts/smartctl-exporter/Chart.yaml index 5b08e06..09dc0a3 100644 --- a/charts/charts/smartctl-exporter/Chart.yaml +++ b/charts/charts/smartctl-exporter/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: "0.1.3" +appVersion: "0.1.4" description: SmartCTL Exporter for Kubernetes name: smartctl-exporter -version: 0.1.3 +version: 0.1.4 diff --git a/charts/charts/smartctl-exporter/templates/prometheusrule.yaml b/charts/charts/smartctl-exporter/templates/prometheusrule.yaml index 7a4f7a0..4143cdc 100644 --- a/charts/charts/smartctl-exporter/templates/prometheusrule.yaml +++ b/charts/charts/smartctl-exporter/templates/prometheusrule.yaml @@ -4,7 +4,7 @@ kind: PrometheusRule metadata: name: {{ template "pnnlmiscscripts.smartctl-exporter.fullname" . }}.rules labels: - app.kubernetes.io/name: {{ include "foobar.name" . }} + app.kubernetes.io/name: {{ include "pnnlmiscscripts.smartctl-exporter.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} chart: {{ template "pnnlmiscscripts.smartctl-exporter.chart" . }} release: {{ .Release.Name }} From 28e10b821184964fae20482efce96f27a48f4ba0 Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Tue, 1 Nov 2022 11:28:07 -0700 Subject: [PATCH 290/331] [gitlab-runner-operator] Updated chart template content from helm 3.10 Added helmignore Added tag override Added pod annotations Added service account annotations --- .../charts/gitlab-runner-operator/.helmignore | 23 +++++++++ .../charts/gitlab-runner-operator/Chart.yaml | 2 +- .../templates/_helpers.tpl | 47 +++++++++---------- .../templates/deployment.yaml | 22 +++++---- .../templates/serviceaccount.yaml | 8 +++- .../charts/gitlab-runner-operator/values.yaml | 8 +++- 6 files changed, 73 insertions(+), 37 deletions(-) create mode 100644 charts/charts/gitlab-runner-operator/.helmignore diff --git a/charts/charts/gitlab-runner-operator/.helmignore b/charts/charts/gitlab-runner-operator/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/charts/gitlab-runner-operator/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/charts/gitlab-runner-operator/Chart.yaml b/charts/charts/gitlab-runner-operator/Chart.yaml index f8dd56c..9d96c7d 100644 --- a/charts/charts/gitlab-runner-operator/Chart.yaml +++ b/charts/charts/gitlab-runner-operator/Chart.yaml @@ -14,7 +14,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.1.4 +version: 0.1.5 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. diff --git a/charts/charts/gitlab-runner-operator/templates/_helpers.tpl b/charts/charts/gitlab-runner-operator/templates/_helpers.tpl index 267025c..1398293 100644 --- a/charts/charts/gitlab-runner-operator/templates/_helpers.tpl +++ b/charts/charts/gitlab-runner-operator/templates/_helpers.tpl @@ -1,10 +1,9 @@ -{{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. */}} {{- define "gitlab-runner-operator.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} {{/* Create a default fully qualified app name. @@ -12,24 +11,24 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this If release name contains chart name it will be used as a full name. */}} {{- define "gitlab-runner-operator.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} {{/* Create chart name and version as used by the chart label. */}} {{- define "gitlab-runner-operator.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} {{/* Common labels @@ -41,7 +40,7 @@ helm.sh/chart: {{ include "gitlab-runner-operator.chart" . }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} +{{- end }} {{/* Selector labels @@ -49,15 +48,15 @@ Selector labels {{- define "gitlab-runner-operator.selectorLabels" -}} app.kubernetes.io/name: {{ include "gitlab-runner-operator.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} +{{- end }} {{/* Create the name of the service account to use */}} {{- define "gitlab-runner-operator.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "gitlab-runner-operator.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "gitlab-runner-operator.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/charts/gitlab-runner-operator/templates/deployment.yaml b/charts/charts/gitlab-runner-operator/templates/deployment.yaml index 7b1e937..4d77ee2 100644 --- a/charts/charts/gitlab-runner-operator/templates/deployment.yaml +++ b/charts/charts/gitlab-runner-operator/templates/deployment.yaml @@ -11,25 +11,29 @@ spec: {{- include "gitlab-runner-operator.selectorLabels" . | nindent 6 }} template: metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} labels: {{- include "gitlab-runner-operator.selectorLabels" . | nindent 8 }} spec: - {{- with .Values.imagePullSecrets }} + {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} serviceAccountName: {{ include "gitlab-runner-operator.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - name: main - image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}" + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} volumeMounts: - mountPath: /tmp/ansible-operator/runner name: runner - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} resources: {{- toYaml .Values.resources | nindent 12 }} env: @@ -56,11 +60,11 @@ spec: nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} + {{- end }} + {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} diff --git a/charts/charts/gitlab-runner-operator/templates/serviceaccount.yaml b/charts/charts/gitlab-runner-operator/templates/serviceaccount.yaml index ec54a61..113c638 100644 --- a/charts/charts/gitlab-runner-operator/templates/serviceaccount.yaml +++ b/charts/charts/gitlab-runner-operator/templates/serviceaccount.yaml @@ -4,5 +4,9 @@ kind: ServiceAccount metadata: name: {{ include "gitlab-runner-operator.serviceAccountName" . }} labels: -{{ include "gitlab-runner-operator.labels" . | nindent 4 }} -{{- end -}} + {{- include "gitlab-runner-operator.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/charts/gitlab-runner-operator/values.yaml b/charts/charts/gitlab-runner-operator/values.yaml index 2f57205..549c0ba 100644 --- a/charts/charts/gitlab-runner-operator/values.yaml +++ b/charts/charts/gitlab-runner-operator/values.yaml @@ -13,6 +13,8 @@ replicaCount: 1 image: repository: pnnlmiscscripts/gitlab-runner-operator pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" imagePullSecrets: [] nameOverride: "" @@ -21,9 +23,13 @@ fullnameOverride: "" serviceAccount: # Specifies whether a service account should be created create: true + # Annotations to add to the service account + annotations: {} # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template - name: + name: "" + +podAnnotations: {} podSecurityContext: {} # fsGroup: 2000 From b9b43c1ef85573a1895327db69cf2fb2466e433e Mon Sep 17 00:00:00 2001 From: kfox1111 Date: Tue, 17 Jan 2023 13:03:14 -0800 Subject: [PATCH 291/331] Add openssl to debug toolbox --- containers/debug-toolbox/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/containers/debug-toolbox/Dockerfile b/containers/debug-toolbox/Dockerfile index 388a7b2..5b428d2 100644 --- a/containers/debug-toolbox/Dockerfile +++ b/containers/debug-toolbox/Dockerfile @@ -21,4 +21,5 @@ RUN \ conntrack-tools \ procps \ iotop \ - ipvsadm + ipvsadm \ + openssl From e071e0e8caaaf850873820c71117ed3831ae1f74 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Oct 2022 04:38:54 +0000 Subject: [PATCH 292/331] Bump actions/checkout from 2 to 3.1.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.1.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2...v3.1.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/main.yml | 62 +++++++++++++++++++------------------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index b8a658c..fa2d182 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -15,91 +15,91 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3.1.0 - name: Build git container run: ./containers/build git buildc-curl-jq: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3.1.0 - name: Build curl-jq container run: ./containers/build curl-jq buildc-gitlab-runner-operator: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3.1.0 - name: Build gitlab-runner-operator container run: ./containers/build gitlab-runner-operator buildc-tenant-namespace-operator: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3.1.0 - name: Build tenant-namespace-operator container run: ./containers/build tenant-namespace-operator buildc-pixiecore: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3.1.0 - name: Build pixiecore container run: ./containers/build pixiecore buildc-ipmitool: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3.1.0 - name: Build ipmitool container run: ./containers/build ipmitool buildc-ipmi-exporter: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3.1.0 - name: Build ipmi-exporter container run: ./containers/build ipmi-exporter buildc-dhcpd: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3.1.0 - name: Build dhcpd container run: ./containers/build dhcpd buildc-inotify-tools: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3.1.0 - name: Build inotify-tools container run: ./containers/build inotify-tools buildc-chronyd: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3.1.0 - name: Build chronyd container run: ./containers/build chronyd buildc-debug-toolbox: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3.1.0 - name: Build debug-toolbox container run: ./containers/build debug-toolbox buildc-smartctl-exporter: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3.1.0 - name: Build smartctl-exporter container run: ./containers/build smartctl-exporter buildc-rpms-containerd: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3.1.0 - name: Build rpms-containerd container env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -111,7 +111,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3.1.0 - name: Build rpms-node-base container env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -123,7 +123,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3.1.0 - name: Build rpms-openvswitch container env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -135,7 +135,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3.1.0 - name: Build rpms-kubernetes container 1.22 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -147,7 +147,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3.1.0 - name: Build rpms-kubernetes container 1.23 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -159,7 +159,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3.1.0 - name: Build rpms-kubernetes container 1.24 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -171,7 +171,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3.1.0 - name: Build rpms-kubernetes container 1.21 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -183,7 +183,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3.1.0 - name: Build anaconda container run: ./containers/build anaconda @@ -196,7 +196,7 @@ jobs: - buildc-rpms-k8s-22 steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3.1.0 - name: Build full k8s node image 1.22 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -213,7 +213,7 @@ jobs: - buildc-rpms-k8s-23 steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3.1.0 - name: Build full k8s node image 1.23 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -230,7 +230,7 @@ jobs: - buildc-rpms-k8s-24 steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3.1.0 - name: Build full k8s node image 1.24 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -247,7 +247,7 @@ jobs: - buildc-rpms-k8s-21 steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3.1.0 - name: Build full k8s node image 1.21 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -262,7 +262,7 @@ jobs: - buildc-anaconda steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3.1.0 - name: Build anaconda+nginx container run: ./containers/build anaconda-nginx build-node-image-22-nginx: @@ -271,7 +271,7 @@ jobs: - build-node-image-22 steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3.1.0 - name: Build k8s-node-image+nginx container 1.22 run: ./containers/build k8s-node-image-nginx 1.22 build-node-image-23-nginx: @@ -280,7 +280,7 @@ jobs: - build-node-image-23 steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3.1.0 - name: Build k8s-node-image+nginx container 1.23 run: ./containers/build k8s-node-image-nginx 1.23 build-node-image-24-nginx: @@ -289,7 +289,7 @@ jobs: - build-node-image-24 steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3.1.0 - name: Build k8s-node-image+nginx container 1.24 run: ./containers/build k8s-node-image-nginx 1.24 build-node-image-21-nginx: @@ -298,7 +298,7 @@ jobs: - build-node-image-21 steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3.1.0 - name: Build k8s-node-image+nginx container 1.21 run: ./containers/build k8s-node-image-nginx 1.21 @@ -322,7 +322,7 @@ jobs: GITHUB_LIBRARY_CHARTS_TOKEN: ${{ secrets.GIT_LIBRARY_CHARTS_TOKEN }} steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3.1.0 - name: Configure Git run: | git config --global user.name "$GITHUB_ACTOR" @@ -340,7 +340,7 @@ jobs: GITHUB_LIBRARY_CHARTS_TOKEN: ${{ secrets.GIT_LIBRARY_CHARTS_TOKEN }} steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3.1.0 - name: Configure Git run: | git config --global user.name "$GITHUB_ACTOR" From a6343ec9253a356e09ee3501c0805e150e264efb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 19 Jan 2023 04:08:02 +0000 Subject: [PATCH 293/331] Bump actions/checkout from 3.1.0 to 3.3.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.1.0 to 3.3.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3.1.0...v3.3.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/main.yml | 62 +++++++++++++++++++------------------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index fa2d182..16e35d3 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -15,91 +15,91 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.3.0 - name: Build git container run: ./containers/build git buildc-curl-jq: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.3.0 - name: Build curl-jq container run: ./containers/build curl-jq buildc-gitlab-runner-operator: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.3.0 - name: Build gitlab-runner-operator container run: ./containers/build gitlab-runner-operator buildc-tenant-namespace-operator: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.3.0 - name: Build tenant-namespace-operator container run: ./containers/build tenant-namespace-operator buildc-pixiecore: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.3.0 - name: Build pixiecore container run: ./containers/build pixiecore buildc-ipmitool: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.3.0 - name: Build ipmitool container run: ./containers/build ipmitool buildc-ipmi-exporter: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.3.0 - name: Build ipmi-exporter container run: ./containers/build ipmi-exporter buildc-dhcpd: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.3.0 - name: Build dhcpd container run: ./containers/build dhcpd buildc-inotify-tools: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.3.0 - name: Build inotify-tools container run: ./containers/build inotify-tools buildc-chronyd: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.3.0 - name: Build chronyd container run: ./containers/build chronyd buildc-debug-toolbox: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.3.0 - name: Build debug-toolbox container run: ./containers/build debug-toolbox buildc-smartctl-exporter: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.3.0 - name: Build smartctl-exporter container run: ./containers/build smartctl-exporter buildc-rpms-containerd: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.3.0 - name: Build rpms-containerd container env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -111,7 +111,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.3.0 - name: Build rpms-node-base container env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -123,7 +123,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.3.0 - name: Build rpms-openvswitch container env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -135,7 +135,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.3.0 - name: Build rpms-kubernetes container 1.22 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -147,7 +147,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.3.0 - name: Build rpms-kubernetes container 1.23 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -159,7 +159,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.3.0 - name: Build rpms-kubernetes container 1.24 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -171,7 +171,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.3.0 - name: Build rpms-kubernetes container 1.21 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -183,7 +183,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.3.0 - name: Build anaconda container run: ./containers/build anaconda @@ -196,7 +196,7 @@ jobs: - buildc-rpms-k8s-22 steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.3.0 - name: Build full k8s node image 1.22 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -213,7 +213,7 @@ jobs: - buildc-rpms-k8s-23 steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.3.0 - name: Build full k8s node image 1.23 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -230,7 +230,7 @@ jobs: - buildc-rpms-k8s-24 steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.3.0 - name: Build full k8s node image 1.24 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -247,7 +247,7 @@ jobs: - buildc-rpms-k8s-21 steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.3.0 - name: Build full k8s node image 1.21 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -262,7 +262,7 @@ jobs: - buildc-anaconda steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.3.0 - name: Build anaconda+nginx container run: ./containers/build anaconda-nginx build-node-image-22-nginx: @@ -271,7 +271,7 @@ jobs: - build-node-image-22 steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.3.0 - name: Build k8s-node-image+nginx container 1.22 run: ./containers/build k8s-node-image-nginx 1.22 build-node-image-23-nginx: @@ -280,7 +280,7 @@ jobs: - build-node-image-23 steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.3.0 - name: Build k8s-node-image+nginx container 1.23 run: ./containers/build k8s-node-image-nginx 1.23 build-node-image-24-nginx: @@ -289,7 +289,7 @@ jobs: - build-node-image-24 steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.3.0 - name: Build k8s-node-image+nginx container 1.24 run: ./containers/build k8s-node-image-nginx 1.24 build-node-image-21-nginx: @@ -298,7 +298,7 @@ jobs: - build-node-image-21 steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.3.0 - name: Build k8s-node-image+nginx container 1.21 run: ./containers/build k8s-node-image-nginx 1.21 @@ -322,7 +322,7 @@ jobs: GITHUB_LIBRARY_CHARTS_TOKEN: ${{ secrets.GIT_LIBRARY_CHARTS_TOKEN }} steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.3.0 - name: Configure Git run: | git config --global user.name "$GITHUB_ACTOR" @@ -340,7 +340,7 @@ jobs: GITHUB_LIBRARY_CHARTS_TOKEN: ${{ secrets.GIT_LIBRARY_CHARTS_TOKEN }} steps: - name: Checkout - uses: actions/checkout@v3.1.0 + uses: actions/checkout@v3.3.0 - name: Configure Git run: | git config --global user.name "$GITHUB_ACTOR" From 8d8a7dea034577c012a2f091ccf1ed4861e4d897 Mon Sep 17 00:00:00 2001 From: kfox1111 Date: Tue, 24 Jan 2023 13:22:16 -0800 Subject: [PATCH 294/331] qemu-guest-agent Make qemu-guest-agent available. --- containers/rpms-node-base/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/rpms-node-base/Dockerfile b/containers/rpms-node-base/Dockerfile index 76828be..617f135 100644 --- a/containers/rpms-node-base/Dockerfile +++ b/containers/rpms-node-base/Dockerfile @@ -14,7 +14,7 @@ RUN --mount=type=secret,id=gpg \ --destdir rpms --setopt cachedir=/tmp/cache \ @Base @Core @anaconda-tools grub2-efi-x64 kernel grub2 docker e2fsprogs \ container-selinux nspr nss-util openssh-server openssh iptables-services \ - nfs-utils authconfig psmisc libibverbs && \ + nfs-utils authconfig psmisc libibverbs qemu-guest-agent && \ gpg --import /run/secrets/gpg && \ gpg --import /root/rpm.pub && \ rpm --addsign $(find rpms -type f -name '*.rpm') && \ From f8471d2de0c3eba55c05202a3a376bf886b20fd2 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Tue, 14 Feb 2023 16:14:35 -0800 Subject: [PATCH 295/331] Initial stab at some rock9 based images --- containers/anaconda-nginx9/Dockerfile | 5 +++ containers/anaconda-nginx9/buildenv | 6 ++++ containers/anaconda9/Dockerfile | 16 +++++++++ containers/anaconda9/buildenv | 3 ++ containers/k8s-node-image-nginx9/Dockerfile | 7 ++++ containers/k8s-node-image-nginx9/buildenv | 6 ++++ containers/k8s-node-image9/Dockerfile | 31 ++++++++++++++++ containers/k8s-node-image9/buildenv | 6 ++++ containers/rpms-containerd9/Dockerfile | 32 +++++++++++++++++ containers/rpms-containerd9/buildenv | 5 +++ containers/rpms-containerd9/docker-ce.repo | 6 ++++ containers/rpms-kubernetes9/Dockerfile | 39 +++++++++++++++++++++ containers/rpms-kubernetes9/buildenv | 6 ++++ containers/rpms-kubernetes9/kubernetes.repo | 8 +++++ containers/rpms-node-base9/Dockerfile | 33 +++++++++++++++++ containers/rpms-node-base9/buildenv | 6 ++++ containers/rpms-openvswitch9/Dockerfile | 33 +++++++++++++++++ containers/rpms-openvswitch9/buildenv | 5 +++ 18 files changed, 253 insertions(+) create mode 100644 containers/anaconda-nginx9/Dockerfile create mode 100644 containers/anaconda-nginx9/buildenv create mode 100644 containers/anaconda9/Dockerfile create mode 100644 containers/anaconda9/buildenv create mode 100644 containers/k8s-node-image-nginx9/Dockerfile create mode 100644 containers/k8s-node-image-nginx9/buildenv create mode 100644 containers/k8s-node-image9/Dockerfile create mode 100644 containers/k8s-node-image9/buildenv create mode 100644 containers/rpms-containerd9/Dockerfile create mode 100644 containers/rpms-containerd9/buildenv create mode 100644 containers/rpms-containerd9/docker-ce.repo create mode 100644 containers/rpms-kubernetes9/Dockerfile create mode 100644 containers/rpms-kubernetes9/buildenv create mode 100644 containers/rpms-kubernetes9/kubernetes.repo create mode 100644 containers/rpms-node-base9/Dockerfile create mode 100644 containers/rpms-node-base9/buildenv create mode 100644 containers/rpms-openvswitch9/Dockerfile create mode 100644 containers/rpms-openvswitch9/buildenv diff --git a/containers/anaconda-nginx9/Dockerfile b/containers/anaconda-nginx9/Dockerfile new file mode 100644 index 0000000..87bde30 --- /dev/null +++ b/containers/anaconda-nginx9/Dockerfile @@ -0,0 +1,5 @@ +FROM nginx:stable-alpine + +FROM pnnlmiscscripts/anaconda9:latest +COPY --from=0 / / +RUN echo "server {autoindex off; server_name localhost; location ~ ^/$ {return 200;} location ~ ^.*/$ {return 404;} location / { root /data; default_type application/octet-stream; add_header Content-Disposition 'attachment'; types {}}}" > /etc/nginx/conf.d/default.conf diff --git a/containers/anaconda-nginx9/buildenv b/containers/anaconda-nginx9/buildenv new file mode 100644 index 0000000..6f364b2 --- /dev/null +++ b/containers/anaconda-nginx9/buildenv @@ -0,0 +1,6 @@ +export AUTO_PREFIX=filecontent +export AUTO_PREFIX_FILE=/data/CentOS_BuildTag +export AUTO_PREFIX_FILTER='sed "s/$/-nginx/g"' +export DOCKER_REPO=pnnlmiscscripts/anaconda +export DOCKER_TAG=latest-nginx +export NEW_BUILD=1 diff --git a/containers/anaconda9/Dockerfile b/containers/anaconda9/Dockerfile new file mode 100644 index 0000000..75d7475 --- /dev/null +++ b/containers/anaconda9/Dockerfile @@ -0,0 +1,16 @@ +FROM rockylinux:9 + +RUN \ + mkdir -p /data/images/pxeboot/ && \ + curl https://dl.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/.treeinfo > /data/.treeinfo && \ + curl https://dl.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/images/pxeboot/vmlinuz -o /data/images/pxeboot/vmlinuz && \ + curl https://dl.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/images/pxeboot/initrd.img -o /data/images/pxeboot/initrd.img && \ + curl https://dl.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/images/efiboot.img -o /data/images/efiboot.img && \ + curl https://dl.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/images/install.img -o /data/images/install.img && \ + curl http://dl.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/LICENSE -o /data/LICENSE && \ + sed -i 's/AppStream,BaseOS/BaseOS/' /data/.treeinfo && \ + md5sum /data/images/pxeboot/vmlinuz /data/images/pxeboot/initrd.img /data/images/efiboot.img /data/images/install.img | base64 > /.extrafingerprints + +FROM scratch +COPY --from=0 /data /data +COPY --from=0 /.extrafingerprints /.extrafingerprints diff --git a/containers/anaconda9/buildenv b/containers/anaconda9/buildenv new file mode 100644 index 0000000..d790218 --- /dev/null +++ b/containers/anaconda9/buildenv @@ -0,0 +1,3 @@ +export AUTO_PREFIX=filecontent +export AUTO_PREFIX_FILE=/data/CentOS_BuildTag +export NEW_BUILD=1 diff --git a/containers/k8s-node-image-nginx9/Dockerfile b/containers/k8s-node-image-nginx9/Dockerfile new file mode 100644 index 0000000..b9efa2f --- /dev/null +++ b/containers/k8s-node-image-nginx9/Dockerfile @@ -0,0 +1,7 @@ +ARG SUBBUILD=1.13 +FROM nginx:stable-alpine + +FROM pnnlmiscscripts/k8s-node-image9:$SUBBUILD +COPY --from=0 / / +RUN echo "server {autoindex off; server_name localhost; location ~ ^/$ {return 200;} location ~ ^.*/$ {return 404;} location / { root /data; default_type application/octet-stream; add_header Content-Disposition 'attachment'; types {}}}" > /etc/nginx/conf.d/default.conf + diff --git a/containers/k8s-node-image-nginx9/buildenv b/containers/k8s-node-image-nginx9/buildenv new file mode 100644 index 0000000..1f3b088 --- /dev/null +++ b/containers/k8s-node-image-nginx9/buildenv @@ -0,0 +1,6 @@ +export AUTO_PREFIX=rpmrepo-version +export AUTO_PREFIX_PACKAGE=kubelet +export AUTO_PREFIX_FILTER='sed "s/$/-nginx/g"' +export DOCKER_REPO=pnnlmiscscripts/k8s-node-image +export DOCKER_TAG="$SUBBUILD-nginx" +export NEW_BUILD=1 diff --git a/containers/k8s-node-image9/Dockerfile b/containers/k8s-node-image9/Dockerfile new file mode 100644 index 0000000..360d51d --- /dev/null +++ b/containers/k8s-node-image9/Dockerfile @@ -0,0 +1,31 @@ +# syntax = docker/dockerfile:1.0-experimental +ARG SUBBUILD=1.13 +FROM pnnlmiscscripts/rpms-node-base9:latest as base +FROM pnnlmiscscripts/rpms-containerd9:latest as containerd +FROM pnnlmiscscripts/rpms-openvswitch9:latest as openvswitch +FROM pnnlmiscscripts/rpms-kubernetes9:$SUBBUILD as kubernetes + +FROM rockylinux:9 as repobuild +COPY --from=base /data /rpmdata +COPY --from=containerd /data /data/containerd +COPY --from=openvswitch /data /data/openvswitch +COPY --from=kubernetes /data /data/kubernetes +ADD rpm.pub /root/rpm.pub +RUN --mount=type=secret,id=gpg \ + yum install -y createrepo yum-utils gnupg2 && \ + mkdir -p /data/repodata && \ + zcat /rpmdata/repodata/*comps.xml.gz > /data/repodata/comps.xml && \ + cp -a /rpmdata/*.rpm /data && \ + createrepo -g /data/repodata/comps.xml /data && \ + gpg --import /run/secrets/gpg && \ + gpg --import /root/rpm.pub && \ + gpg --detach-sign --armor /data/repodata/repomd.xml && \ + rm -rf ~/.gnupg && \ + echo Done building repo. + +FROM pnnlmiscscripts/rpms-node-base9:latest +COPY --from=openvswitch /data /data/openvswitch +COPY --from=containerd /data /data/containerd +COPY --from=kubernetes /data /data/kubernetes +COPY --from=repobuild /data/repodata /data/repodata + diff --git a/containers/k8s-node-image9/buildenv b/containers/k8s-node-image9/buildenv new file mode 100644 index 0000000..2de49f3 --- /dev/null +++ b/containers/k8s-node-image9/buildenv @@ -0,0 +1,6 @@ +export AUTO_PREFIX=rpmrepo-version +export AUTO_PREFIX_PACKAGE=kubelet +export DOCKER_TAG=$SUBBUILD +export DOCKER_BUILDKIT=1 +export GPGSIGN=1 +export NEW_BUILD=1 diff --git a/containers/rpms-containerd9/Dockerfile b/containers/rpms-containerd9/Dockerfile new file mode 100644 index 0000000..ea0a876 --- /dev/null +++ b/containers/rpms-containerd9/Dockerfile @@ -0,0 +1,32 @@ +# syntax = docker/dockerfile:1.0-experimental + +FROM pnnlmiscscripts/rpms-node-base9:latest + +FROM rockylinux:9 + +COPY --from=0 /data /rpms-base + +ADD rpm.pub /root/rpm.pub +ADD rpmmacros /root/.rpmmacros + +ADD docker-ce.repo /etc/yum.repos.d/ +RUN --mount=type=secret,id=gpg \ + cd / && \ + set -e && \ + yum install -y 'dnf-command(download)' createrepo gnupg2 rpm-sign findutils && \ + mkdir -p rpms/ && \ + cd /rpms && \ + cp -a /rpms-base/*.rpm . && \ + dnf download --resolve --destdir /rpms containerd.io && \ + find /rpms-base -maxdepth 1 -type f -name '*.rpm' -printf '%f\n' | while read line; do rm -f $line; done && \ + gpg --import /run/secrets/gpg && \ + gpg --import /root/rpm.pub && \ + rpm --addsign $(find rpms -type f -name '*.rpm') && \ + createrepo /rpms && \ + gpg --detach-sign --armor rpms/repodata/repomd.xml && \ + rm -rf ~/.gnupg && \ + cp /root/rpm.pub /rpms/repodata/RPM-GPG-KEY && \ + ls -l /rpms + +FROM scratch +COPY --from=1 /rpms /data diff --git a/containers/rpms-containerd9/buildenv b/containers/rpms-containerd9/buildenv new file mode 100644 index 0000000..166e99c --- /dev/null +++ b/containers/rpms-containerd9/buildenv @@ -0,0 +1,5 @@ +export AUTO_PREFIX=rpmrepo-version +export AUTO_PREFIX_PACKAGE=containerd.io +export DOCKER_BUILDKIT=1 +export GPGSIGN=1 +export NEW_BUILD=1 diff --git a/containers/rpms-containerd9/docker-ce.repo b/containers/rpms-containerd9/docker-ce.repo new file mode 100644 index 0000000..2605574 --- /dev/null +++ b/containers/rpms-containerd9/docker-ce.repo @@ -0,0 +1,6 @@ +[docker-ce-stable] +name=Docker CE Stable - $basearch +baseurl=https://download.docker.com/linux/centos/$releasever/$basearch/stable +enabled=1 +gpgcheck=1 +gpgkey=https://download.docker.com/linux/centos/gpg diff --git a/containers/rpms-kubernetes9/Dockerfile b/containers/rpms-kubernetes9/Dockerfile new file mode 100644 index 0000000..aee4066 --- /dev/null +++ b/containers/rpms-kubernetes9/Dockerfile @@ -0,0 +1,39 @@ +# syntax = docker/dockerfile:1.0-experimental + +FROM pnnlmiscscripts/rpms-node-base9:latest + +FROM rockylinux:9 +ARG BACK=1 +ARG SUBBUILD=1.13 + +COPY --from=0 /data /rpms-base + +ADD rpm.pub /root/rpm.pub +ADD rpmmacros /root/.rpmmacros + +ADD kubernetes.repo /etc/yum.repos.d/ +RUN --mount=type=secret,id=gpg \ + yum install -y 'dnf-command(download)' createrepo gnupg2 rpm-sign findutils && \ + mkdir -p rpms/ && \ + VERSION=$(yum --showduplicates list kubelet -q | grep -vi packages | grep -vi rc | grep -vi alpha | grep -vi beta | awk '{print $2}' | awk -F. '{print $2}' | sort -nu | tail -n $BACK | head -n 1) && \ + VERSION="$(echo $SUBBUILD | awk -F. '{print $2}')" && \ + SUBVERSION=$(yum --showduplicates list kubelet -q | grep -vi packages | awk '{print $2}' | grep "^1\.$VERSION\."| awk -F. '{print $3}' | awk -F- '{print $1}' | sort -nu | tail -n 1) && \ + REVISION=$(yum --showduplicates list kubelet -q | grep -vi packages | awk '{print $2}' | grep "^1\.$VERSION\.$SUBVERSION-" | awk -F- '{print $2}' | sort -nu | tail -n 1) && \ + FULLVERSION="1.$VERSION.$SUBVERSION-$REVISION" && \ + echo "Picked $FULLVERSION" && \ + mkdir -p rpms/ && \ + cd /rpms && \ + cp -a /rpms-base/*.rpm . && \ + dnf download --resolve --destdir /rpms "kubelet-$FULLVERSION" "kubeadm-$FULLVERSION" "kubectl-$FULLVERSION" && \ + find /rpms-base -maxdepth 1 -type f -name '*.rpm' -printf '%f\n' | while read line; do rm -f $line; done && \ + gpg --import /run/secrets/gpg && \ + gpg --import /root/rpm.pub && \ + rpm --addsign $(find rpms -type f -name '*.rpm') && \ + createrepo /rpms && \ + gpg --detach-sign --armor rpms/repodata/repomd.xml && \ + rm -rf ~/.gnupg && \ + cp /root/rpm.pub /rpms/repodata/RPM-GPG-KEY && \ + ls -l /rpms/ + +FROM scratch +COPY --from=1 /rpms /data diff --git a/containers/rpms-kubernetes9/buildenv b/containers/rpms-kubernetes9/buildenv new file mode 100644 index 0000000..2de49f3 --- /dev/null +++ b/containers/rpms-kubernetes9/buildenv @@ -0,0 +1,6 @@ +export AUTO_PREFIX=rpmrepo-version +export AUTO_PREFIX_PACKAGE=kubelet +export DOCKER_TAG=$SUBBUILD +export DOCKER_BUILDKIT=1 +export GPGSIGN=1 +export NEW_BUILD=1 diff --git a/containers/rpms-kubernetes9/kubernetes.repo b/containers/rpms-kubernetes9/kubernetes.repo new file mode 100644 index 0000000..8f754aa --- /dev/null +++ b/containers/rpms-kubernetes9/kubernetes.repo @@ -0,0 +1,8 @@ +[kubernetes] +name=Kubernetes +baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 +enabled=1 +gpgcheck=1 +# See issue https://github.com/kubernetes/release/issues/1982 +repo_gpgcheck=0 +gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg https://packages.cloud.google.com/yum/doc/apt-key.gpg diff --git a/containers/rpms-node-base9/Dockerfile b/containers/rpms-node-base9/Dockerfile new file mode 100644 index 0000000..6c214ba --- /dev/null +++ b/containers/rpms-node-base9/Dockerfile @@ -0,0 +1,33 @@ +# syntax = docker/dockerfile:1.0-experimental +FROM rockylinux:9 +MAINTAINER Kevin Fox + +ADD rpm.pub /root/rpm.pub +ADD rpmmacros /root/.rpmmacros + +RUN --mount=type=secret,id=gpg \ + cd / && \ + set -e && \ + yum install -y createrepo yum-utils gnupg2 rpm-sign && \ + mkdir -p rpms/ && \ + BASE=$(dnf group info base | grep '^ \w' | awk '{print $1}') && \ + CORE=$(dnf group info core | grep '^ \w' | awk '{print $1}') && \ + ANACONDA_TOOLS=$(dnf group info anaconda-tools | grep '^ \w' | awk '{print $1}') && \ + repotrack --alldeps --resolve --installroot=/tmp/root --releasever=/ \ + --destdir rpms --setopt cachedir=/tmp/cache --downloadonly \ + $BASE $CORE $ANACONDA_TOOLS grub2-efi-x64 kernel grub2 e2fsprogs \ + nspr nss-util openssh-server openssh iptables-services \ + nfs-utils authconfig psmisc libibverbs qemu-guest-agent libsss_sudo && \ + gpg --import /run/secrets/gpg && \ + gpg --import /root/rpm.pub && \ + rpm --addsign $(find rpms -type f -name '*.rpm') && \ + mkdir -p rpms/repodata && \ + curl -o rpms/repodata/comps.xml $(reposync --gpgcheck --repoid=baseos --downloadcomps -u | grep -- -GROUPS.xml) && \ + createrepo -g `pwd`/rpms/repodata/comps.xml rpms && \ + gpg --detach-sign --armor rpms/repodata/repomd.xml && \ + rm -rf ~/.gnupg && \ + cp /root/rpm.pub /rpms/repodata/RPM-GPG-KEY && \ + ls -l /rpms + +FROM scratch +COPY --from=0 /rpms /data diff --git a/containers/rpms-node-base9/buildenv b/containers/rpms-node-base9/buildenv new file mode 100644 index 0000000..176f4a9 --- /dev/null +++ b/containers/rpms-node-base9/buildenv @@ -0,0 +1,6 @@ +export AUTO_PREFIX=rpmrepo-version-release +export AUTO_PREFIX_PACKAGE=rocky-release +export AUTO_PREFIX_FILTER='cut -d . -f 1 | tr '-' .' +export DOCKER_BUILDKIT=1 +export GPGSIGN=1 +export NEW_BUILD=1 diff --git a/containers/rpms-openvswitch9/Dockerfile b/containers/rpms-openvswitch9/Dockerfile new file mode 100644 index 0000000..3befdf0 --- /dev/null +++ b/containers/rpms-openvswitch9/Dockerfile @@ -0,0 +1,33 @@ +# syntax = docker/dockerfile:1.0-experimental + +FROM pnnlmiscscripts/rpms-node-base9:latest + +FROM rockylinux:9 +MAINTAINER Kevin Fox + +COPY --from=0 /data /rpms-base + +ADD rpm.pub /root/rpm.pub +ADD rpmmacros /root/.rpmmacros + +RUN --mount=type=secret,id=gpg \ + cd / && \ + set -e && \ + yum install -y 'dnf-command(download)' createrepo gnupg2 rpm-sign findutils && \ + yum install -y https://repos.fedorapeople.org/repos/openstack/openstack-zed/rdo-release-zed-1.el9s.noarch.rpm && \ + mkdir -p /rpms && \ + cd /rpms && \ + cp -a /rpms-base/*.rpm . && \ + dnf download --resolve --destdir /rpms openvswitch2.17 NetworkManager-ovs && \ + find /rpms-base -maxdepth 1 -type f -name '*.rpm' -printf '%f\n' | while read line; do rm -f $line; done && \ + gpg --import /run/secrets/gpg && \ + gpg --import /root/rpm.pub && \ + rpm --addsign $(find rpms -type f -name '*.rpm') && \ + createrepo /rpms && \ + gpg --detach-sign --armor rpms/repodata/repomd.xml && \ + rm -rf ~/.gnupg && \ + cp /root/rpm.pub /rpms/repodata/RPM-GPG-KEY && \ + ls -l /rpms + +FROM scratch +COPY --from=1 /rpms /data diff --git a/containers/rpms-openvswitch9/buildenv b/containers/rpms-openvswitch9/buildenv new file mode 100644 index 0000000..0b80de5 --- /dev/null +++ b/containers/rpms-openvswitch9/buildenv @@ -0,0 +1,5 @@ +export AUTO_PREFIX=rpmrepo-version +export AUTO_PREFIX_PACKAGE=openvswitch +export DOCKER_BUILDKIT=1 +export GPGSIGN=1 +export NEW_BUILD=1 From 88f2d45dfdcdaf1392b9a2f5a3da825fab84f67e Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 22 Feb 2023 17:21:05 -0800 Subject: [PATCH 296/331] Fix buildenvs Signed-off-by: Kevin Fox --- containers/anaconda-nginx9/buildenv | 2 +- containers/anaconda9/Dockerfile | 2 ++ containers/anaconda9/buildenv | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/containers/anaconda-nginx9/buildenv b/containers/anaconda-nginx9/buildenv index 6f364b2..433043f 100644 --- a/containers/anaconda-nginx9/buildenv +++ b/containers/anaconda-nginx9/buildenv @@ -1,5 +1,5 @@ export AUTO_PREFIX=filecontent -export AUTO_PREFIX_FILE=/data/CentOS_BuildTag +export AUTO_PREFIX_FILE=/data/RockyLinux_BuildTag export AUTO_PREFIX_FILTER='sed "s/$/-nginx/g"' export DOCKER_REPO=pnnlmiscscripts/anaconda export DOCKER_TAG=latest-nginx diff --git a/containers/anaconda9/Dockerfile b/containers/anaconda9/Dockerfile index 75d7475..5362d70 100644 --- a/containers/anaconda9/Dockerfile +++ b/containers/anaconda9/Dockerfile @@ -9,6 +9,8 @@ RUN \ curl https://dl.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/images/install.img -o /data/images/install.img && \ curl http://dl.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/LICENSE -o /data/LICENSE && \ sed -i 's/AppStream,BaseOS/BaseOS/' /data/.treeinfo && \ + curl -s http://download.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/media.repo | grep mediaid | awk -F= '{print $2}' > /data/RockyLinux_BuildTag && \ + cat /data/RockyLinux_BuildTag /.extrafingerprints md5sum /data/images/pxeboot/vmlinuz /data/images/pxeboot/initrd.img /data/images/efiboot.img /data/images/install.img | base64 > /.extrafingerprints FROM scratch diff --git a/containers/anaconda9/buildenv b/containers/anaconda9/buildenv index d790218..3091a87 100644 --- a/containers/anaconda9/buildenv +++ b/containers/anaconda9/buildenv @@ -1,3 +1,3 @@ export AUTO_PREFIX=filecontent -export AUTO_PREFIX_FILE=/data/CentOS_BuildTag +export AUTO_PREFIX_FILE=/data/RockyLinux_BuildTag export NEW_BUILD=1 From d1428f07f4bfcb8017ef1990fe77f3bd16d53e10 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 6 Mar 2023 13:02:48 -0800 Subject: [PATCH 297/331] Build 9 containers. Signed-off-by: Kevin Fox --- .github/workflows/main.yml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 16e35d3..3021978 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -97,6 +97,8 @@ jobs: run: ./containers/build smartctl-exporter buildc-rpms-containerd: runs-on: ubuntu-20.04 + needs: + - buildc-rpms-node-base steps: - name: Checkout uses: actions/checkout@v3.3.0 @@ -106,6 +108,7 @@ jobs: run: | printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-containerd + ./containers/build rpms-containerd9 rm -f rpm.priv buildc-rpms-node-base: runs-on: ubuntu-20.04 @@ -118,9 +121,12 @@ jobs: run: | printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-node-base + ./containers/build rpms-node-base9 rm -f rpm.priv buildc-rpms-openvswitch: runs-on: ubuntu-20.04 + needs: + - buildc-rpms-node-base steps: - name: Checkout uses: actions/checkout@v3.3.0 @@ -130,9 +136,12 @@ jobs: run: | printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-openvswitch + ./containers/build rpms-openvswitch9 rm -f rpm.priv buildc-rpms-k8s-22: runs-on: ubuntu-20.04 + needs: + - buildc-rpms-node-base steps: - name: Checkout uses: actions/checkout@v3.3.0 @@ -142,9 +151,12 @@ jobs: run: | printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-kubernetes 1.22 + ./containers/build rpms-kubernetes9 1.22 rm -f rpm.priv buildc-rpms-k8s-23: runs-on: ubuntu-20.04 + needs: + - buildc-rpms-node-base steps: - name: Checkout uses: actions/checkout@v3.3.0 @@ -154,9 +166,12 @@ jobs: run: | printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-kubernetes 1.23 + ./containers/build rpms-kubernetes9 1.23 rm -f rpm.priv buildc-rpms-k8s-24: runs-on: ubuntu-20.04 + needs: + - buildc-rpms-node-base steps: - name: Checkout uses: actions/checkout@v3.3.0 @@ -166,9 +181,12 @@ jobs: run: | printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-kubernetes 1.24 + ./containers/build rpms-kubernetes9 1.24 rm -f rpm.priv buildc-rpms-k8s-21: runs-on: ubuntu-20.04 + needs: + - buildc-rpms-node-base steps: - name: Checkout uses: actions/checkout@v3.3.0 @@ -178,6 +196,7 @@ jobs: run: | printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-kubernetes 1.21 + ./containers/build rpms-kubernetes9 1.21 rm -f rpm.priv buildc-anaconda: runs-on: ubuntu-20.04 @@ -186,6 +205,7 @@ jobs: uses: actions/checkout@v3.3.0 - name: Build anaconda container run: ./containers/build anaconda + run: ./containers/build anaconda9 build-node-image-22: runs-on: ubuntu-20.04 @@ -203,6 +223,7 @@ jobs: run: | printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build k8s-node-image 1.22 + ./containers/build k8s-node-image9 1.22 rm -f rpm.priv build-node-image-23: runs-on: ubuntu-20.04 @@ -220,6 +241,7 @@ jobs: run: | printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build k8s-node-image 1.23 + ./containers/build k8s-node-image9 1.23 rm -f rpm.priv build-node-image-24: runs-on: ubuntu-20.04 @@ -237,6 +259,7 @@ jobs: run: | printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build k8s-node-image 1.24 + ./containers/build k8s-node-image9 1.24 rm -f rpm.priv build-node-image-21: runs-on: ubuntu-20.04 @@ -254,6 +277,7 @@ jobs: run: | printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build k8s-node-image 1.21 + ./containers/build k8s-node-image9 1.21 rm -f rpm.priv buildc-anaconda-nginx: @@ -265,6 +289,8 @@ jobs: uses: actions/checkout@v3.3.0 - name: Build anaconda+nginx container run: ./containers/build anaconda-nginx + - name: Build anaconda+nginx9 container + run: ./containers/build anaconda-nginx9 build-node-image-22-nginx: runs-on: ubuntu-20.04 needs: @@ -274,6 +300,8 @@ jobs: uses: actions/checkout@v3.3.0 - name: Build k8s-node-image+nginx container 1.22 run: ./containers/build k8s-node-image-nginx 1.22 + - name: Build k8s-node-image+nginx9 container 1.22 + run: ./containers/build k8s-node-image-nginx9 1.22 build-node-image-23-nginx: runs-on: ubuntu-20.04 needs: @@ -283,6 +311,8 @@ jobs: uses: actions/checkout@v3.3.0 - name: Build k8s-node-image+nginx container 1.23 run: ./containers/build k8s-node-image-nginx 1.23 + - name: Build k8s-node-image+nginx9 container 1.23 + run: ./containers/build k8s-node-image-nginx9 1.23 build-node-image-24-nginx: runs-on: ubuntu-20.04 needs: @@ -292,6 +322,8 @@ jobs: uses: actions/checkout@v3.3.0 - name: Build k8s-node-image+nginx container 1.24 run: ./containers/build k8s-node-image-nginx 1.24 + - name: Build k8s-node-image+nginx9 container 1.24 + run: ./containers/build k8s-node-image-nginx9 1.24 build-node-image-21-nginx: runs-on: ubuntu-20.04 needs: @@ -301,6 +333,8 @@ jobs: uses: actions/checkout@v3.3.0 - name: Build k8s-node-image+nginx container 1.21 run: ./containers/build k8s-node-image-nginx 1.21 + - name: Build k8s-node-image+nginx9 container 1.21 + run: ./containers/build k8s-node-image-nginx9 1.21 build-image-library-charts: runs-on: ubuntu-20.04 From 99727a49f17f0f05f251b7194266c280ffae8896 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 6 Mar 2023 13:07:53 -0800 Subject: [PATCH 298/331] Fix yaml Signed-off-by: Kevin Fox --- .github/workflows/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 3021978..a73730d 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -205,6 +205,7 @@ jobs: uses: actions/checkout@v3.3.0 - name: Build anaconda container run: ./containers/build anaconda + - name: Build anaconda9 container run: ./containers/build anaconda9 build-node-image-22: From c83d536817679ec1d97e41cd8705bef5893a2022 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 6 Mar 2023 13:18:35 -0800 Subject: [PATCH 299/331] Fix run quoting Signed-off-by: Kevin Fox --- containers/anaconda9/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/anaconda9/Dockerfile b/containers/anaconda9/Dockerfile index 5362d70..12cc0e4 100644 --- a/containers/anaconda9/Dockerfile +++ b/containers/anaconda9/Dockerfile @@ -10,7 +10,7 @@ RUN \ curl http://dl.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/LICENSE -o /data/LICENSE && \ sed -i 's/AppStream,BaseOS/BaseOS/' /data/.treeinfo && \ curl -s http://download.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/media.repo | grep mediaid | awk -F= '{print $2}' > /data/RockyLinux_BuildTag && \ - cat /data/RockyLinux_BuildTag /.extrafingerprints + cat /data/RockyLinux_BuildTag /.extrafingerprints && \ md5sum /data/images/pxeboot/vmlinuz /data/images/pxeboot/initrd.img /data/images/efiboot.img /data/images/install.img | base64 > /.extrafingerprints FROM scratch From a517240a225d73d35cb3b0a027ff1e42994dda74 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 6 Mar 2023 14:38:27 -0800 Subject: [PATCH 300/331] Make sure keys are available. Signed-off-by: Kevin Fox --- .github/workflows/main.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index a73730d..f0f7c69 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -108,6 +108,7 @@ jobs: run: | printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-containerd + printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-containerd9 rm -f rpm.priv buildc-rpms-node-base: @@ -121,6 +122,7 @@ jobs: run: | printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-node-base + printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-node-base9 rm -f rpm.priv buildc-rpms-openvswitch: @@ -136,6 +138,7 @@ jobs: run: | printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-openvswitch + printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-openvswitch9 rm -f rpm.priv buildc-rpms-k8s-22: @@ -151,6 +154,7 @@ jobs: run: | printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-kubernetes 1.22 + printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-kubernetes9 1.22 rm -f rpm.priv buildc-rpms-k8s-23: @@ -166,6 +170,7 @@ jobs: run: | printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-kubernetes 1.23 + printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-kubernetes9 1.23 rm -f rpm.priv buildc-rpms-k8s-24: @@ -181,6 +186,7 @@ jobs: run: | printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-kubernetes 1.24 + printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-kubernetes9 1.24 rm -f rpm.priv buildc-rpms-k8s-21: @@ -196,6 +202,7 @@ jobs: run: | printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-kubernetes 1.21 + printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-kubernetes9 1.21 rm -f rpm.priv buildc-anaconda: @@ -224,6 +231,7 @@ jobs: run: | printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build k8s-node-image 1.22 + printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build k8s-node-image9 1.22 rm -f rpm.priv build-node-image-23: @@ -242,6 +250,7 @@ jobs: run: | printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build k8s-node-image 1.23 + printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build k8s-node-image9 1.23 rm -f rpm.priv build-node-image-24: @@ -260,6 +269,7 @@ jobs: run: | printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build k8s-node-image 1.24 + printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build k8s-node-image9 1.24 rm -f rpm.priv build-node-image-21: @@ -278,6 +288,7 @@ jobs: run: | printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build k8s-node-image 1.21 + printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build k8s-node-image9 1.21 rm -f rpm.priv From e4618eab40c8ffd43f126110f55f5b5f80183039 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 6 Mar 2023 14:54:01 -0800 Subject: [PATCH 301/331] Fix up some build stuff Signed-off-by: Kevin Fox --- containers/anaconda9/Dockerfile | 3 +-- containers/rpms-containerd9/Dockerfile | 2 +- containers/rpms-kubernetes9/Dockerfile | 2 +- containers/rpms-openvswitch9/Dockerfile | 2 +- 4 files changed, 4 insertions(+), 5 deletions(-) diff --git a/containers/anaconda9/Dockerfile b/containers/anaconda9/Dockerfile index 12cc0e4..e2b513c 100644 --- a/containers/anaconda9/Dockerfile +++ b/containers/anaconda9/Dockerfile @@ -10,8 +10,7 @@ RUN \ curl http://dl.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/LICENSE -o /data/LICENSE && \ sed -i 's/AppStream,BaseOS/BaseOS/' /data/.treeinfo && \ curl -s http://download.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/media.repo | grep mediaid | awk -F= '{print $2}' > /data/RockyLinux_BuildTag && \ - cat /data/RockyLinux_BuildTag /.extrafingerprints && \ - md5sum /data/images/pxeboot/vmlinuz /data/images/pxeboot/initrd.img /data/images/efiboot.img /data/images/install.img | base64 > /.extrafingerprints + cat /data/RockyLinux_BuildTag /.extrafingerprints FROM scratch COPY --from=0 /data /data diff --git a/containers/rpms-containerd9/Dockerfile b/containers/rpms-containerd9/Dockerfile index ea0a876..2f6073e 100644 --- a/containers/rpms-containerd9/Dockerfile +++ b/containers/rpms-containerd9/Dockerfile @@ -21,7 +21,7 @@ RUN --mount=type=secret,id=gpg \ find /rpms-base -maxdepth 1 -type f -name '*.rpm' -printf '%f\n' | while read line; do rm -f $line; done && \ gpg --import /run/secrets/gpg && \ gpg --import /root/rpm.pub && \ - rpm --addsign $(find rpms -type f -name '*.rpm') && \ + rpm --addsign $(find . -type f -name '*.rpm') && \ createrepo /rpms && \ gpg --detach-sign --armor rpms/repodata/repomd.xml && \ rm -rf ~/.gnupg && \ diff --git a/containers/rpms-kubernetes9/Dockerfile b/containers/rpms-kubernetes9/Dockerfile index aee4066..1c0fafd 100644 --- a/containers/rpms-kubernetes9/Dockerfile +++ b/containers/rpms-kubernetes9/Dockerfile @@ -28,7 +28,7 @@ RUN --mount=type=secret,id=gpg \ find /rpms-base -maxdepth 1 -type f -name '*.rpm' -printf '%f\n' | while read line; do rm -f $line; done && \ gpg --import /run/secrets/gpg && \ gpg --import /root/rpm.pub && \ - rpm --addsign $(find rpms -type f -name '*.rpm') && \ + rpm --addsign $(find . -type f -name '*.rpm') && \ createrepo /rpms && \ gpg --detach-sign --armor rpms/repodata/repomd.xml && \ rm -rf ~/.gnupg && \ diff --git a/containers/rpms-openvswitch9/Dockerfile b/containers/rpms-openvswitch9/Dockerfile index 3befdf0..933a31b 100644 --- a/containers/rpms-openvswitch9/Dockerfile +++ b/containers/rpms-openvswitch9/Dockerfile @@ -22,7 +22,7 @@ RUN --mount=type=secret,id=gpg \ find /rpms-base -maxdepth 1 -type f -name '*.rpm' -printf '%f\n' | while read line; do rm -f $line; done && \ gpg --import /run/secrets/gpg && \ gpg --import /root/rpm.pub && \ - rpm --addsign $(find rpms -type f -name '*.rpm') && \ + rpm --addsign $(find . -type f -name '*.rpm') && \ createrepo /rpms && \ gpg --detach-sign --armor rpms/repodata/repomd.xml && \ rm -rf ~/.gnupg && \ From cc6b0d85406fc8a94264c431f503be708ee258e2 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 6 Mar 2023 15:18:23 -0800 Subject: [PATCH 302/331] Try fixing the build Signed-off-by: Kevin Fox --- containers/anaconda9/Dockerfile | 2 +- containers/rpms-containerd9/Dockerfile | 2 +- containers/rpms-kubernetes9/Dockerfile | 2 +- containers/rpms-openvswitch9/Dockerfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/containers/anaconda9/Dockerfile b/containers/anaconda9/Dockerfile index e2b513c..d2a60db 100644 --- a/containers/anaconda9/Dockerfile +++ b/containers/anaconda9/Dockerfile @@ -10,7 +10,7 @@ RUN \ curl http://dl.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/LICENSE -o /data/LICENSE && \ sed -i 's/AppStream,BaseOS/BaseOS/' /data/.treeinfo && \ curl -s http://download.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/media.repo | grep mediaid | awk -F= '{print $2}' > /data/RockyLinux_BuildTag && \ - cat /data/RockyLinux_BuildTag /.extrafingerprints + cat /data/RockyLinux_BuildTag | tee /.extrafingerprints FROM scratch COPY --from=0 /data /data diff --git a/containers/rpms-containerd9/Dockerfile b/containers/rpms-containerd9/Dockerfile index 2f6073e..dfafd9d 100644 --- a/containers/rpms-containerd9/Dockerfile +++ b/containers/rpms-containerd9/Dockerfile @@ -23,7 +23,7 @@ RUN --mount=type=secret,id=gpg \ gpg --import /root/rpm.pub && \ rpm --addsign $(find . -type f -name '*.rpm') && \ createrepo /rpms && \ - gpg --detach-sign --armor rpms/repodata/repomd.xml && \ + gpg --detach-sign --armor /rpms/repodata/repomd.xml && \ rm -rf ~/.gnupg && \ cp /root/rpm.pub /rpms/repodata/RPM-GPG-KEY && \ ls -l /rpms diff --git a/containers/rpms-kubernetes9/Dockerfile b/containers/rpms-kubernetes9/Dockerfile index 1c0fafd..1132082 100644 --- a/containers/rpms-kubernetes9/Dockerfile +++ b/containers/rpms-kubernetes9/Dockerfile @@ -30,7 +30,7 @@ RUN --mount=type=secret,id=gpg \ gpg --import /root/rpm.pub && \ rpm --addsign $(find . -type f -name '*.rpm') && \ createrepo /rpms && \ - gpg --detach-sign --armor rpms/repodata/repomd.xml && \ + gpg --detach-sign --armor /rpms/repodata/repomd.xml && \ rm -rf ~/.gnupg && \ cp /root/rpm.pub /rpms/repodata/RPM-GPG-KEY && \ ls -l /rpms/ diff --git a/containers/rpms-openvswitch9/Dockerfile b/containers/rpms-openvswitch9/Dockerfile index 933a31b..029c879 100644 --- a/containers/rpms-openvswitch9/Dockerfile +++ b/containers/rpms-openvswitch9/Dockerfile @@ -24,7 +24,7 @@ RUN --mount=type=secret,id=gpg \ gpg --import /root/rpm.pub && \ rpm --addsign $(find . -type f -name '*.rpm') && \ createrepo /rpms && \ - gpg --detach-sign --armor rpms/repodata/repomd.xml && \ + gpg --detach-sign --armor /rpms/repodata/repomd.xml && \ rm -rf ~/.gnupg && \ cp /root/rpm.pub /rpms/repodata/RPM-GPG-KEY && \ ls -l /rpms From d4591919859fe73f0a1667bf2e8946e2658f9678 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Tue, 7 Mar 2023 12:19:22 -0800 Subject: [PATCH 303/331] Fix prefix Signed-off-by: Kevin Fox --- containers/rpms-openvswitch9/buildenv | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/rpms-openvswitch9/buildenv b/containers/rpms-openvswitch9/buildenv index 0b80de5..b6dfc35 100644 --- a/containers/rpms-openvswitch9/buildenv +++ b/containers/rpms-openvswitch9/buildenv @@ -1,5 +1,5 @@ export AUTO_PREFIX=rpmrepo-version -export AUTO_PREFIX_PACKAGE=openvswitch +export AUTO_PREFIX_PACKAGE=openvswitch2.17 export DOCKER_BUILDKIT=1 export GPGSIGN=1 export NEW_BUILD=1 From b0bb35282ce355201aafe7ec31278b127992dd6a Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 8 Mar 2023 13:44:39 -0800 Subject: [PATCH 304/331] Make library charts for all the 9 stuff and remove new build flags. --- charts/image-library-charts/buildall | 2 +- containers/anaconda-nginx9/buildenv | 1 - containers/anaconda9/buildenv | 1 - containers/k8s-node-image-nginx9/buildenv | 1 - containers/k8s-node-image9/buildenv | 1 - containers/rpms-containerd9/buildenv | 1 - containers/rpms-kubernetes9/buildenv | 1 - containers/rpms-node-base9/buildenv | 1 - containers/rpms-openvswitch9/buildenv | 1 - 9 files changed, 1 insertion(+), 9 deletions(-) diff --git a/charts/image-library-charts/buildall b/charts/image-library-charts/buildall index 60c4fa6..2345853 100755 --- a/charts/image-library-charts/buildall +++ b/charts/image-library-charts/buildall @@ -20,7 +20,7 @@ cd image-library-charts mkdir -p tags CHANGE=0 -for CONTAINER in ipmitool ipmi-exporter dhcpd inotify-tools chronyd debug-toolbox anaconda-nginx k8s-node-image-nginx pixiecore smartctl-exporter; do +for CONTAINER in ipmitool ipmi-exporter dhcpd inotify-tools chronyd debug-toolbox anaconda-nginx anaconda-nginx9 k8s-node-image-nginx k8s-node-image-nginx9 pixiecore smartctl-exporter; do case "$CONTAINER" in k8s-node-image-nginx) SUBBUILDS="1.21 1.22 1.23 1.24" diff --git a/containers/anaconda-nginx9/buildenv b/containers/anaconda-nginx9/buildenv index 433043f..efdde0f 100644 --- a/containers/anaconda-nginx9/buildenv +++ b/containers/anaconda-nginx9/buildenv @@ -3,4 +3,3 @@ export AUTO_PREFIX_FILE=/data/RockyLinux_BuildTag export AUTO_PREFIX_FILTER='sed "s/$/-nginx/g"' export DOCKER_REPO=pnnlmiscscripts/anaconda export DOCKER_TAG=latest-nginx -export NEW_BUILD=1 diff --git a/containers/anaconda9/buildenv b/containers/anaconda9/buildenv index 3091a87..dda82a5 100644 --- a/containers/anaconda9/buildenv +++ b/containers/anaconda9/buildenv @@ -1,3 +1,2 @@ export AUTO_PREFIX=filecontent export AUTO_PREFIX_FILE=/data/RockyLinux_BuildTag -export NEW_BUILD=1 diff --git a/containers/k8s-node-image-nginx9/buildenv b/containers/k8s-node-image-nginx9/buildenv index 1f3b088..720d1a9 100644 --- a/containers/k8s-node-image-nginx9/buildenv +++ b/containers/k8s-node-image-nginx9/buildenv @@ -3,4 +3,3 @@ export AUTO_PREFIX_PACKAGE=kubelet export AUTO_PREFIX_FILTER='sed "s/$/-nginx/g"' export DOCKER_REPO=pnnlmiscscripts/k8s-node-image export DOCKER_TAG="$SUBBUILD-nginx" -export NEW_BUILD=1 diff --git a/containers/k8s-node-image9/buildenv b/containers/k8s-node-image9/buildenv index 2de49f3..40b9679 100644 --- a/containers/k8s-node-image9/buildenv +++ b/containers/k8s-node-image9/buildenv @@ -3,4 +3,3 @@ export AUTO_PREFIX_PACKAGE=kubelet export DOCKER_TAG=$SUBBUILD export DOCKER_BUILDKIT=1 export GPGSIGN=1 -export NEW_BUILD=1 diff --git a/containers/rpms-containerd9/buildenv b/containers/rpms-containerd9/buildenv index 166e99c..7db55e9 100644 --- a/containers/rpms-containerd9/buildenv +++ b/containers/rpms-containerd9/buildenv @@ -2,4 +2,3 @@ export AUTO_PREFIX=rpmrepo-version export AUTO_PREFIX_PACKAGE=containerd.io export DOCKER_BUILDKIT=1 export GPGSIGN=1 -export NEW_BUILD=1 diff --git a/containers/rpms-kubernetes9/buildenv b/containers/rpms-kubernetes9/buildenv index 2de49f3..40b9679 100644 --- a/containers/rpms-kubernetes9/buildenv +++ b/containers/rpms-kubernetes9/buildenv @@ -3,4 +3,3 @@ export AUTO_PREFIX_PACKAGE=kubelet export DOCKER_TAG=$SUBBUILD export DOCKER_BUILDKIT=1 export GPGSIGN=1 -export NEW_BUILD=1 diff --git a/containers/rpms-node-base9/buildenv b/containers/rpms-node-base9/buildenv index 176f4a9..bee6e99 100644 --- a/containers/rpms-node-base9/buildenv +++ b/containers/rpms-node-base9/buildenv @@ -3,4 +3,3 @@ export AUTO_PREFIX_PACKAGE=rocky-release export AUTO_PREFIX_FILTER='cut -d . -f 1 | tr '-' .' export DOCKER_BUILDKIT=1 export GPGSIGN=1 -export NEW_BUILD=1 diff --git a/containers/rpms-openvswitch9/buildenv b/containers/rpms-openvswitch9/buildenv index b6dfc35..88c5aab 100644 --- a/containers/rpms-openvswitch9/buildenv +++ b/containers/rpms-openvswitch9/buildenv @@ -2,4 +2,3 @@ export AUTO_PREFIX=rpmrepo-version export AUTO_PREFIX_PACKAGE=openvswitch2.17 export DOCKER_BUILDKIT=1 export GPGSIGN=1 -export NEW_BUILD=1 From 4ab68f12397dc334e07135fc526b707b12fadf59 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 8 Mar 2023 13:59:57 -0800 Subject: [PATCH 305/331] Fix subbuild. --- charts/image-library-charts/buildall | 3 +++ 1 file changed, 3 insertions(+) diff --git a/charts/image-library-charts/buildall b/charts/image-library-charts/buildall index 2345853..39f3c21 100755 --- a/charts/image-library-charts/buildall +++ b/charts/image-library-charts/buildall @@ -25,6 +25,9 @@ for CONTAINER in ipmitool ipmi-exporter dhcpd inotify-tools chronyd debug-toolbo k8s-node-image-nginx) SUBBUILDS="1.21 1.22 1.23 1.24" ;; + k8s-node-image-nginx9) + SUBBUILDS="1.21 1.22 1.23 1.24" + ;; *) SUBBUILDS="latest" ;; From 7b2d6766506fae2142645f1ceb67ef7a9057d7db Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Wed, 8 Mar 2023 17:17:59 -0800 Subject: [PATCH 306/331] Fix image references and start building 9 chart. Signed-off-by: Kevin Fox --- charts/charts/k8s-node-image9/Chart.yaml | 13 +++ charts/charts/k8s-node-image9/README.md | 35 ++++++ .../k8s-node-image9/templates/NOTES.txt | 21 ++++ .../k8s-node-image9/templates/_helpers.tpl | 102 ++++++++++++++++++ .../templates/anaconda-deployment.yaml | 66 ++++++++++++ .../templates/anaconda-pdb.yaml | 17 +++ .../templates/anaconda-service.yaml | 18 ++++ .../k8s-node-image9/templates/ingress.yaml | 97 +++++++++++++++++ .../templates/k8s-node-deployment.yaml | 66 ++++++++++++ .../templates/k8s-node-pdb.yaml | 17 +++ .../templates/k8s-node-service.yaml | 18 ++++ charts/charts/k8s-node-image9/values.yaml | 66 ++++++++++++ containers/anaconda-nginx9/buildenv | 2 +- containers/k8s-node-image-nginx9/buildenv | 2 +- 14 files changed, 538 insertions(+), 2 deletions(-) create mode 100644 charts/charts/k8s-node-image9/Chart.yaml create mode 100644 charts/charts/k8s-node-image9/README.md create mode 100644 charts/charts/k8s-node-image9/templates/NOTES.txt create mode 100644 charts/charts/k8s-node-image9/templates/_helpers.tpl create mode 100644 charts/charts/k8s-node-image9/templates/anaconda-deployment.yaml create mode 100644 charts/charts/k8s-node-image9/templates/anaconda-pdb.yaml create mode 100644 charts/charts/k8s-node-image9/templates/anaconda-service.yaml create mode 100644 charts/charts/k8s-node-image9/templates/ingress.yaml create mode 100644 charts/charts/k8s-node-image9/templates/k8s-node-deployment.yaml create mode 100644 charts/charts/k8s-node-image9/templates/k8s-node-pdb.yaml create mode 100644 charts/charts/k8s-node-image9/templates/k8s-node-service.yaml create mode 100644 charts/charts/k8s-node-image9/values.yaml diff --git a/charts/charts/k8s-node-image9/Chart.yaml b/charts/charts/k8s-node-image9/Chart.yaml new file mode 100644 index 0000000..abae29a --- /dev/null +++ b/charts/charts/k8s-node-image9/Chart.yaml @@ -0,0 +1,13 @@ +apiVersion: v2 +appVersion: "1.0" +description: A Helm chart for Kubernetes +type: application +name: k8s-node-image9 +version: 0.2.0 +dependencies: +- name: k8s-node-image-nginx9-1-24 + version: 2.0.0 + repository: https://pnnl-miscscripts.github.io/image-library-charts/ +- name: anaconda-nginx9 + version: 2.0.0 + repository: https://pnnl-miscscripts.github.io/image-library-charts/ diff --git a/charts/charts/k8s-node-image9/README.md b/charts/charts/k8s-node-image9/README.md new file mode 100644 index 0000000..ed51668 --- /dev/null +++ b/charts/charts/k8s-node-image9/README.md @@ -0,0 +1,35 @@ +# K8S Node Image + +The k8s-node-image chart provides a a standalone image useful for installing +bare metal nodes that can form a k8s cluster. + +This can be used in conjunction with pixiecore and dhcpd. + +## Dependencies + +This chart requires nginx-ingress 0.22.0 or higher in the default config. To +support older nginx-ingress, set ingress.regex=false. + +For other ingress controllers, you will need to annotate as needed to get +rewriting to happen appropriately for your ingress controller. + +## Install Chart + +To install the Chart into your Kubernetes cluster : + +```bash +helm install --namespace "k8s-node-image" pnnl-miscscripts/k8s-node-image +``` + +After installation succeeds, you can get a status of Chart + +```bash +helm status +``` + +If you want to delete your Chart, use this command: + +```bash +helm delete --purge +``` + diff --git a/charts/charts/k8s-node-image9/templates/NOTES.txt b/charts/charts/k8s-node-image9/templates/NOTES.txt new file mode 100644 index 0000000..ad29a5a --- /dev/null +++ b/charts/charts/k8s-node-image9/templates/NOTES.txt @@ -0,0 +1,21 @@ +{{- $dot := . }} +{{- $prefix := include "pnnlmiscscripts.k8s-node-image-full.ingress.prefix" . }} +Contact information + +{{- range .Values.ingress.hosts }} +{{- if . }} +Repo: +http://{{ . }}{{ $prefix }} +Kernel: +http://{{ . }}{{ $prefix }}/vmlinuz +Initrd: +http://{{ . }}{{ $prefix }}/initrd.img +{{- else }} +Repo: +http://xx.xx.xx.xx{{ $prefix }} +Kernel: +http://xx.xx.xx.xx{{ $prefix }}/vmlinuz +Initrd: +http://xx.xx.xx.xx{{ $prefix }}/initrd.img +{{- end }} +{{- end }} diff --git a/charts/charts/k8s-node-image9/templates/_helpers.tpl b/charts/charts/k8s-node-image9/templates/_helpers.tpl new file mode 100644 index 0000000..3287edb --- /dev/null +++ b/charts/charts/k8s-node-image9/templates/_helpers.tpl @@ -0,0 +1,102 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "pnnlmiscscripts.k8s-node-image-full.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "pnnlmiscscripts.k8s-node-image-full.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "pnnlmiscscripts.k8s-node-image-full.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "pnnlmiscscripts.k8s-node-image-full.anaconda.fullname" -}} +{{- $f := include "pnnlmiscscripts.k8s-node-image-full.fullname" . }} +{{- $f | trunc 59 | trimSuffix "-" -}}-ana +{{- end -}} + +{{- define "pnnlmiscscripts.k8s-node-image-full.k8s-node.fullname" -}} +{{- $f := include "pnnlmiscscripts.k8s-node-image-full.fullname" . }} +{{- $f | trunc 58 | trimSuffix "-" -}}-node +{{- end -}} + +{{- define "pnnlmiscscripts.k8s-node-image-full.ingress.regex" -}} +{{- if gt (len .suffix) 0 }} + {{- if eq .type "d" }} + {{- printf "%s/(%s$|%s/.*)" .prefix .suffix .suffix }} + {{- else }} + {{- printf "%s/(%s$)" .prefix .suffix }} + {{- end }} +{{- else }} + {{- printf "%s/?(.*)$" .prefix }} +{{- end }} +{{- end -}} + +{{- define "pnnlmiscscripts.k8s-node-image-full.ingress.noregex" -}} +{{- if gt (len .suffix) 0 }} + {{- printf "%s/%s" .prefix .suffix }} +{{- else }} + {{- printf "%s/" .prefix }} +{{- end }} +{{- end -}} + +{{- define "pnnlmiscscripts.k8s-node-image-full.ingress.prefix" -}} +{{- if .Values.ingress.enableVersionPrefix -}} +{{- $tag := dict "dot" . "section" .Values.k8sNode.image | include (printf "%s.tag" .Values.k8sNode.prefix) -}} +{{- printf "%s/%s" .Values.ingress.prefix $tag -}} +{{- else }} +{{- .Values.ingress.prefix -}} +{{- end }} +{{- end }} + +{{/* +takes dot, prefix, suffix, and type. type can be either f or d. +*/}} +{{- define "pnnlmiscscripts.k8s-node-image-full.ingress" -}} +{{- if .dot.Values.ingress.regex }} +{{- include "pnnlmiscscripts.k8s-node-image-full.ingress.regex" . }} +{{- else }} +{{- include "pnnlmiscscripts.k8s-node-image-full.ingress.noregex" . }} +{{- end }} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "pnnlmiscscripts.k8s-node-image-full.labels" -}} +helm.sh/chart: {{ include "pnnlmiscscripts.k8s-node-image-full.chart" . }} +{{ include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "pnnlmiscscripts.k8s-node-image-full.selectorLabels" -}} +app.kubernetes.io/name: {{ include "pnnlmiscscripts.k8s-node-image-full.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} \ No newline at end of file diff --git a/charts/charts/k8s-node-image9/templates/anaconda-deployment.yaml b/charts/charts/k8s-node-image9/templates/anaconda-deployment.yaml new file mode 100644 index 0000000..646a20a --- /dev/null +++ b/charts/charts/k8s-node-image9/templates/anaconda-deployment.yaml @@ -0,0 +1,66 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "pnnlmiscscripts.k8s-node-image-full.anaconda.fullname" . }} + labels: + {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} + app.kubernetes.io/component: anaconda + svc: anaconda +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 6 }} + svc: anaconda + template: + metadata: + {{- with .Values.anaconda.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 8 }} + svc: anaconda + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: main + command: ["nginx", "-g", "daemon off;"] + image: {{ dict "dot" . "section" (index .Values "anaconda").image | include "pnnlmiscscripts.anaconda-nginx9.image" }} + imagePullPolicy: {{ .Values.anaconda.image.pullPolicy }} + ports: + - name: http + containerPort: 80 + protocol: TCP + lifecycle: + preStop: + exec: + command: + - /bin/sh + - -c + - nginx -s quit + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/charts/k8s-node-image9/templates/anaconda-pdb.yaml b/charts/charts/k8s-node-image9/templates/anaconda-pdb.yaml new file mode 100644 index 0000000..1d898a6 --- /dev/null +++ b/charts/charts/k8s-node-image9/templates/anaconda-pdb.yaml @@ -0,0 +1,17 @@ +{{- if (gt (.Values.replicaCount | int) 1) }} +apiVersion: {{ ternary "policy/v1" "policy/v1beta1" (semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version) }} +kind: PodDisruptionBudget +metadata: + labels: + {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} + app.kubernetes.io/component: anaconda + svc: anaconda + name: {{ include "pnnlmiscscripts.k8s-node-image-full.anaconda.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 6 }} + svc: anaconda + minAvailable: {{ .Values.minAvailable }} +{{- end }} \ No newline at end of file diff --git a/charts/charts/k8s-node-image9/templates/anaconda-service.yaml b/charts/charts/k8s-node-image9/templates/anaconda-service.yaml new file mode 100644 index 0000000..c52e554 --- /dev/null +++ b/charts/charts/k8s-node-image9/templates/anaconda-service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "pnnlmiscscripts.k8s-node-image-full.anaconda.fullname" . }} + labels: + {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} + app.kubernetes.io/component: anaconda + svc: anaconda +spec: + type: {{ .Values.anaconda.service.type }} + ports: + - port: {{ .Values.anaconda.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 4 }} + svc: anaconda diff --git a/charts/charts/k8s-node-image9/templates/ingress.yaml b/charts/charts/k8s-node-image9/templates/ingress.yaml new file mode 100644 index 0000000..0d129df --- /dev/null +++ b/charts/charts/k8s-node-image9/templates/ingress.yaml @@ -0,0 +1,97 @@ +{{- if .Values.ingress.enabled -}} +{{- $dot := . }} +{{- $prefix := include "pnnlmiscscripts.k8s-node-image-full.ingress.prefix" . }} +{{- $pxeprefix := printf "%s/images/pxeboot" $prefix }} +{{- $aFullName := include "pnnlmiscscripts.k8s-node-image-full.anaconda.fullname" . -}} +{{- $nFullName := include "pnnlmiscscripts.k8s-node-image-full.k8s-node.fullname" . -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "pnnlmiscscripts.k8s-node-image-full.fullname" . }} + labels: + {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} + annotations: +{{- if .Values.ingress.regex }} + nginx.ingress.kubernetes.io/rewrite-target: /$1 +{{- end }} +{{- if eq (len .Values.ingress.tls) 0 }} + nginx.ingress.kubernetes.io/ssl-redirect: "false" +{{- end }} + {{- with .Values.ingress.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + ingressClassName: {{ .Values.ingress.className }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - http: + paths: + - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "" "type" "d" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} + pathType: Prefix + backend: + service: + name: {{ $nFullName }} + port: + name: http + - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "vmlinuz" "type" "f" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} + pathType: Prefix + backend: + service: + name: {{ $aFullName }} + port: + name: http + - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "initrd.img" "type" "f" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} + pathType: Prefix + backend: + service: + name: {{ $aFullName }} + port: + name: http + - path: {{ dict "dot" $dot "prefix" $pxeprefix "suffix" "vmlinuz" "type" "f" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} + pathType: Prefix + backend: + service: + name: {{ $aFullName }} + port: + name: http + - path: {{ dict "dot" $dot "prefix" $pxeprefix "suffix" "initrd.img" "type" "f" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} + pathType: Prefix + backend: + service: + name: {{ $aFullName }} + port: + name: http + - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "LiveOS" "type" "d" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} + pathType: Prefix + backend: + service: + name: {{ $aFullName }} + port: + name: http + - path: {{ dict "dot" $dot "prefix" $prefix "suffix" ".treeinfo" "type" "f" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} + pathType: Prefix + backend: + service: + name: {{ $aFullName }} + port: + name: http + {{- if . }} + host: {{ . | quote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/charts/k8s-node-image9/templates/k8s-node-deployment.yaml b/charts/charts/k8s-node-image9/templates/k8s-node-deployment.yaml new file mode 100644 index 0000000..9fe4ed7 --- /dev/null +++ b/charts/charts/k8s-node-image9/templates/k8s-node-deployment.yaml @@ -0,0 +1,66 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "pnnlmiscscripts.k8s-node-image-full.k8s-node.fullname" . }} + labels: + {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} + app.kubernetes.io/component: k8s-node + svc: k8s-node +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 6 }} + svc: k8s-node + template: + metadata: + {{- with .Values.k8sNode.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 8 }} + svc: k8s-node + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: main + command: ["nginx", "-g", "daemon off;"] + image: {{ dict "dot" . "section" (index .Values "k8sNode").image | include (printf "%s.image" .Values.k8sNode.prefix) }} + imagePullPolicy: {{ .Values.k8sNode.image.pullPolicy }} + ports: + - name: http + containerPort: 80 + protocol: TCP + lifecycle: + preStop: + exec: + command: + - /bin/sh + - -c + - nginx -s quit + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/charts/k8s-node-image9/templates/k8s-node-pdb.yaml b/charts/charts/k8s-node-image9/templates/k8s-node-pdb.yaml new file mode 100644 index 0000000..8f657ab --- /dev/null +++ b/charts/charts/k8s-node-image9/templates/k8s-node-pdb.yaml @@ -0,0 +1,17 @@ +{{- if (gt (.Values.replicaCount | int) 1) }} +apiVersion: {{ ternary "policy/v1" "policy/v1beta1" (semverCompare ">=1.21.0-0" .Capabilities.KubeVersion.Version) }} +kind: PodDisruptionBudget +metadata: + labels: + {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} + app.kubernetes.io/component: k8s-node + svc: k8s-node + name: {{ include "pnnlmiscscripts.k8s-node-image-full.k8s-node.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 6 }} + svc: k8s-node + minAvailable: {{ .Values.minAvailable }} +{{- end }} \ No newline at end of file diff --git a/charts/charts/k8s-node-image9/templates/k8s-node-service.yaml b/charts/charts/k8s-node-image9/templates/k8s-node-service.yaml new file mode 100644 index 0000000..d9ab405 --- /dev/null +++ b/charts/charts/k8s-node-image9/templates/k8s-node-service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "pnnlmiscscripts.k8s-node-image-full.k8s-node.fullname" . }} + labels: + {{- include "pnnlmiscscripts.k8s-node-image-full.labels" . | nindent 4 }} + app.kubernetes.io/component: k8s-node + svc: k8s-node +spec: + type: {{ .Values.k8sNode.service.type }} + ports: + - port: {{ .Values.k8sNode.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "pnnlmiscscripts.k8s-node-image-full.selectorLabels" . | nindent 4 }} + svc: k8s-node diff --git a/charts/charts/k8s-node-image9/values.yaml b/charts/charts/k8s-node-image9/values.yaml new file mode 100644 index 0000000..767642c --- /dev/null +++ b/charts/charts/k8s-node-image9/values.yaml @@ -0,0 +1,66 @@ +# Default values for k8s-node-image. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 2 +minAvailable: 1 + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +anaconda: + image: + pullPolicy: IfNotPresent + + service: + type: ClusterIP + port: 80 + + podAnnotations: {} + +k8sNode: + prefix: "pnnlmiscscripts.k8s-node-image-nginx9-1-24" + image: + pullPolicy: IfNotPresent + + service: + type: ClusterIP + port: 80 + + podAnnotations: {} + +ingress: + enabled: true + enableVersionPrefix: true + regex: true + prefix: "" + # className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: [null] + #- chart-example.local + + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/containers/anaconda-nginx9/buildenv b/containers/anaconda-nginx9/buildenv index efdde0f..235f224 100644 --- a/containers/anaconda-nginx9/buildenv +++ b/containers/anaconda-nginx9/buildenv @@ -1,5 +1,5 @@ export AUTO_PREFIX=filecontent export AUTO_PREFIX_FILE=/data/RockyLinux_BuildTag export AUTO_PREFIX_FILTER='sed "s/$/-nginx/g"' -export DOCKER_REPO=pnnlmiscscripts/anaconda +export DOCKER_REPO=pnnlmiscscripts/anaconda9 export DOCKER_TAG=latest-nginx diff --git a/containers/k8s-node-image-nginx9/buildenv b/containers/k8s-node-image-nginx9/buildenv index 720d1a9..ce8cbd3 100644 --- a/containers/k8s-node-image-nginx9/buildenv +++ b/containers/k8s-node-image-nginx9/buildenv @@ -1,5 +1,5 @@ export AUTO_PREFIX=rpmrepo-version export AUTO_PREFIX_PACKAGE=kubelet export AUTO_PREFIX_FILTER='sed "s/$/-nginx/g"' -export DOCKER_REPO=pnnlmiscscripts/k8s-node-image +export DOCKER_REPO=pnnlmiscscripts/k8s-node-image9 export DOCKER_TAG="$SUBBUILD-nginx" From 6c358e90b69b28075220a7096666fe77e9327018 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 10 Mar 2023 10:26:57 -0800 Subject: [PATCH 307/331] New build Signed-off-by: Kevin Fox --- containers/k8s-node-image-nginx/buildenv | 1 + containers/k8s-node-image9/buildenv | 1 + 2 files changed, 2 insertions(+) diff --git a/containers/k8s-node-image-nginx/buildenv b/containers/k8s-node-image-nginx/buildenv index 720d1a9..1f3b088 100644 --- a/containers/k8s-node-image-nginx/buildenv +++ b/containers/k8s-node-image-nginx/buildenv @@ -3,3 +3,4 @@ export AUTO_PREFIX_PACKAGE=kubelet export AUTO_PREFIX_FILTER='sed "s/$/-nginx/g"' export DOCKER_REPO=pnnlmiscscripts/k8s-node-image export DOCKER_TAG="$SUBBUILD-nginx" +export NEW_BUILD=1 diff --git a/containers/k8s-node-image9/buildenv b/containers/k8s-node-image9/buildenv index 40b9679..2de49f3 100644 --- a/containers/k8s-node-image9/buildenv +++ b/containers/k8s-node-image9/buildenv @@ -3,3 +3,4 @@ export AUTO_PREFIX_PACKAGE=kubelet export DOCKER_TAG=$SUBBUILD export DOCKER_BUILDKIT=1 export GPGSIGN=1 +export NEW_BUILD=1 From 1dfb2433dc4fccb9df27aa94619aaac097f0a690 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 10 Mar 2023 12:24:14 -0800 Subject: [PATCH 308/331] Fix double rpm version issue --- containers/k8s-node-image-nginx/buildenv | 1 - containers/k8s-node-image-nginx9/buildenv | 1 + containers/rpms-kubernetes9/Dockerfile | 2 +- containers/rpms-kubernetes9/buildenv | 1 + 4 files changed, 3 insertions(+), 2 deletions(-) diff --git a/containers/k8s-node-image-nginx/buildenv b/containers/k8s-node-image-nginx/buildenv index 1f3b088..720d1a9 100644 --- a/containers/k8s-node-image-nginx/buildenv +++ b/containers/k8s-node-image-nginx/buildenv @@ -3,4 +3,3 @@ export AUTO_PREFIX_PACKAGE=kubelet export AUTO_PREFIX_FILTER='sed "s/$/-nginx/g"' export DOCKER_REPO=pnnlmiscscripts/k8s-node-image export DOCKER_TAG="$SUBBUILD-nginx" -export NEW_BUILD=1 diff --git a/containers/k8s-node-image-nginx9/buildenv b/containers/k8s-node-image-nginx9/buildenv index ce8cbd3..aabb480 100644 --- a/containers/k8s-node-image-nginx9/buildenv +++ b/containers/k8s-node-image-nginx9/buildenv @@ -3,3 +3,4 @@ export AUTO_PREFIX_PACKAGE=kubelet export AUTO_PREFIX_FILTER='sed "s/$/-nginx/g"' export DOCKER_REPO=pnnlmiscscripts/k8s-node-image9 export DOCKER_TAG="$SUBBUILD-nginx" +export NEW_BUILD=1 diff --git a/containers/rpms-kubernetes9/Dockerfile b/containers/rpms-kubernetes9/Dockerfile index 1132082..aefa8b5 100644 --- a/containers/rpms-kubernetes9/Dockerfile +++ b/containers/rpms-kubernetes9/Dockerfile @@ -24,7 +24,7 @@ RUN --mount=type=secret,id=gpg \ mkdir -p rpms/ && \ cd /rpms && \ cp -a /rpms-base/*.rpm . && \ - dnf download --resolve --destdir /rpms "kubelet-$FULLVERSION" "kubeadm-$FULLVERSION" "kubectl-$FULLVERSION" && \ + dnf install -y --downloadonly --destdir /rpms "kubelet-$FULLVERSION" "kubeadm-$FULLVERSION" "kubectl-$FULLVERSION" && \ find /rpms-base -maxdepth 1 -type f -name '*.rpm' -printf '%f\n' | while read line; do rm -f $line; done && \ gpg --import /run/secrets/gpg && \ gpg --import /root/rpm.pub && \ diff --git a/containers/rpms-kubernetes9/buildenv b/containers/rpms-kubernetes9/buildenv index 40b9679..2de49f3 100644 --- a/containers/rpms-kubernetes9/buildenv +++ b/containers/rpms-kubernetes9/buildenv @@ -3,3 +3,4 @@ export AUTO_PREFIX_PACKAGE=kubelet export DOCKER_TAG=$SUBBUILD export DOCKER_BUILDKIT=1 export GPGSIGN=1 +export NEW_BUILD=1 From 95f1d27d12afe13dc71c71647a2e9e3952abcc86 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Mon, 13 Mar 2023 12:52:20 -0700 Subject: [PATCH 309/331] Add ingress path fixes for 9. Signed-off-by: Kevin Fox --- .../k8s-node-image9/templates/_helpers.tpl | 4 ++-- .../k8s-node-image9/templates/ingress.yaml | 23 ++++--------------- 2 files changed, 6 insertions(+), 21 deletions(-) diff --git a/charts/charts/k8s-node-image9/templates/_helpers.tpl b/charts/charts/k8s-node-image9/templates/_helpers.tpl index 3287edb..f96e06f 100644 --- a/charts/charts/k8s-node-image9/templates/_helpers.tpl +++ b/charts/charts/k8s-node-image9/templates/_helpers.tpl @@ -64,7 +64,7 @@ Create chart name and version as used by the chart label. {{- define "pnnlmiscscripts.k8s-node-image-full.ingress.prefix" -}} {{- if .Values.ingress.enableVersionPrefix -}} {{- $tag := dict "dot" . "section" .Values.k8sNode.image | include (printf "%s.tag" .Values.k8sNode.prefix) -}} -{{- printf "%s/%s" .Values.ingress.prefix $tag -}} +{{- printf "%s/9-%s" .Values.ingress.prefix $tag -}} {{- else }} {{- .Values.ingress.prefix -}} {{- end }} @@ -99,4 +99,4 @@ Selector labels {{- define "pnnlmiscscripts.k8s-node-image-full.selectorLabels" -}} app.kubernetes.io/name: {{ include "pnnlmiscscripts.k8s-node-image-full.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/charts/k8s-node-image9/templates/ingress.yaml b/charts/charts/k8s-node-image9/templates/ingress.yaml index 0d129df..86f3e1a 100644 --- a/charts/charts/k8s-node-image9/templates/ingress.yaml +++ b/charts/charts/k8s-node-image9/templates/ingress.yaml @@ -1,7 +1,6 @@ {{- if .Values.ingress.enabled -}} {{- $dot := . }} {{- $prefix := include "pnnlmiscscripts.k8s-node-image-full.ingress.prefix" . }} -{{- $pxeprefix := printf "%s/images/pxeboot" $prefix }} {{- $aFullName := include "pnnlmiscscripts.k8s-node-image-full.anaconda.fullname" . -}} {{- $nFullName := include "pnnlmiscscripts.k8s-node-image-full.k8s-node.fullname" . -}} {{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} @@ -48,42 +47,28 @@ spec: name: {{ $nFullName }} port: name: http - - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "vmlinuz" "type" "f" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} + - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "images" "type" "d" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} pathType: Prefix backend: service: name: {{ $aFullName }} port: name: http - - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "initrd.img" "type" "f" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} - pathType: Prefix - backend: - service: - name: {{ $aFullName }} - port: - name: http - - path: {{ dict "dot" $dot "prefix" $pxeprefix "suffix" "vmlinuz" "type" "f" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} - pathType: Prefix - backend: - service: - name: {{ $aFullName }} - port: - name: http - - path: {{ dict "dot" $dot "prefix" $pxeprefix "suffix" "initrd.img" "type" "f" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} + - path: {{ dict "dot" $dot "prefix" $prefix "suffix" ".treeinfo" "type" "f" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} pathType: Prefix backend: service: name: {{ $aFullName }} port: name: http - - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "LiveOS" "type" "d" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} + - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "LICENSE" "type" "f" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} pathType: Prefix backend: service: name: {{ $aFullName }} port: name: http - - path: {{ dict "dot" $dot "prefix" $prefix "suffix" ".treeinfo" "type" "f" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} + - path: {{ dict "dot" $dot "prefix" $prefix "suffix" "RockyLinux_BuildTag" "type" "f" | include "pnnlmiscscripts.k8s-node-image-full.ingress" }} pathType: Prefix backend: service: From 06ba9e0b4f75a23c8becfb087a1b126c34248436 Mon Sep 17 00:00:00 2001 From: Peter L Nordquist Date: Wed, 15 Mar 2023 17:43:24 -0700 Subject: [PATCH 310/331] Fixed issues with nfs-utils & sssd-common packages (#54) Switched to dnf install for better dependency resolution Removed Base/Anaconda Tools as they are not needed Switched to released dockerfile frontend with mount type secret support --- containers/rpms-node-base9/Dockerfile | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/containers/rpms-node-base9/Dockerfile b/containers/rpms-node-base9/Dockerfile index 6c214ba..a9e29fe 100644 --- a/containers/rpms-node-base9/Dockerfile +++ b/containers/rpms-node-base9/Dockerfile @@ -1,4 +1,4 @@ -# syntax = docker/dockerfile:1.0-experimental +# syntax = docker/dockerfile:1.2 FROM rockylinux:9 MAINTAINER Kevin Fox @@ -10,14 +10,10 @@ RUN --mount=type=secret,id=gpg \ set -e && \ yum install -y createrepo yum-utils gnupg2 rpm-sign && \ mkdir -p rpms/ && \ - BASE=$(dnf group info base | grep '^ \w' | awk '{print $1}') && \ - CORE=$(dnf group info core | grep '^ \w' | awk '{print $1}') && \ - ANACONDA_TOOLS=$(dnf group info anaconda-tools | grep '^ \w' | awk '{print $1}') && \ - repotrack --alldeps --resolve --installroot=/tmp/root --releasever=/ \ - --destdir rpms --setopt cachedir=/tmp/cache --downloadonly \ - $BASE $CORE $ANACONDA_TOOLS grub2-efi-x64 kernel grub2 e2fsprogs \ - nspr nss-util openssh-server openssh iptables-services \ - nfs-utils authconfig psmisc libibverbs qemu-guest-agent libsss_sudo && \ + dnf install --installroot=/tmp/root --releasever=/ --downloadonly \ + --destdir rpms -y @core grub2-efi-x64 kernel grub2 e2fsprogs nspr nss-util \ + openssh-server openssh iptables-services nfs-utils authconfig psmisc \ + libibverbs qemu-guest-agent libsss_sudo && \ gpg --import /run/secrets/gpg && \ gpg --import /root/rpm.pub && \ rpm --addsign $(find rpms -type f -name '*.rpm') && \ From 8c4799d7b5ecbd568f0505cc7a485ab7dffa84a1 Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 17 Mar 2023 09:44:25 -0700 Subject: [PATCH 311/331] Remove newbuilds. Signed-off-by: Kevin Fox --- containers/k8s-node-image-nginx9/buildenv | 1 - containers/k8s-node-image9/buildenv | 1 - containers/rpms-kubernetes9/buildenv | 1 - 3 files changed, 3 deletions(-) diff --git a/containers/k8s-node-image-nginx9/buildenv b/containers/k8s-node-image-nginx9/buildenv index aabb480..ce8cbd3 100644 --- a/containers/k8s-node-image-nginx9/buildenv +++ b/containers/k8s-node-image-nginx9/buildenv @@ -3,4 +3,3 @@ export AUTO_PREFIX_PACKAGE=kubelet export AUTO_PREFIX_FILTER='sed "s/$/-nginx/g"' export DOCKER_REPO=pnnlmiscscripts/k8s-node-image9 export DOCKER_TAG="$SUBBUILD-nginx" -export NEW_BUILD=1 diff --git a/containers/k8s-node-image9/buildenv b/containers/k8s-node-image9/buildenv index 2de49f3..40b9679 100644 --- a/containers/k8s-node-image9/buildenv +++ b/containers/k8s-node-image9/buildenv @@ -3,4 +3,3 @@ export AUTO_PREFIX_PACKAGE=kubelet export DOCKER_TAG=$SUBBUILD export DOCKER_BUILDKIT=1 export GPGSIGN=1 -export NEW_BUILD=1 diff --git a/containers/rpms-kubernetes9/buildenv b/containers/rpms-kubernetes9/buildenv index 2de49f3..40b9679 100644 --- a/containers/rpms-kubernetes9/buildenv +++ b/containers/rpms-kubernetes9/buildenv @@ -3,4 +3,3 @@ export AUTO_PREFIX_PACKAGE=kubelet export DOCKER_TAG=$SUBBUILD export DOCKER_BUILDKIT=1 export GPGSIGN=1 -export NEW_BUILD=1 From f886febd0f0fc2ef3b5dd73979306ebaa3b69bbc Mon Sep 17 00:00:00 2001 From: Peter L Nordquist Date: Mon, 20 Mar 2023 16:12:15 -0700 Subject: [PATCH 312/331] Added Anaconda selected packages --- containers/rpms-node-base9/Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/containers/rpms-node-base9/Dockerfile b/containers/rpms-node-base9/Dockerfile index a9e29fe..087fa1c 100644 --- a/containers/rpms-node-base9/Dockerfile +++ b/containers/rpms-node-base9/Dockerfile @@ -13,7 +13,8 @@ RUN --mount=type=secret,id=gpg \ dnf install --installroot=/tmp/root --releasever=/ --downloadonly \ --destdir rpms -y @core grub2-efi-x64 kernel grub2 e2fsprogs nspr nss-util \ openssh-server openssh iptables-services nfs-utils authconfig psmisc \ - libibverbs qemu-guest-agent libsss_sudo && \ + libibverbs qemu-guest-agent libsss_sudo bzip2 chrony dosfstools efibootmgr \ + langpacks-en mdadm shim-x64 && \ gpg --import /run/secrets/gpg && \ gpg --import /root/rpm.pub && \ rpm --addsign $(find rpms -type f -name '*.rpm') && \ From ae6e69630d7eab17ddaf74dad6538bf02b4a93ac Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Fri, 14 Apr 2023 16:40:32 -0700 Subject: [PATCH 313/331] Add k8s9 chart builds Signed-off-by: Kevin Fox --- charts/charts/buildall | 17 +++++++++++++++++ charts/charts/k8s-node-image9/.helmignore | 23 +++++++++++++++++++++++ 2 files changed, 40 insertions(+) create mode 100644 charts/charts/k8s-node-image9/.helmignore diff --git a/charts/charts/buildall b/charts/charts/buildall index 62ac09e..652e826 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -37,6 +37,20 @@ for ver in 1-21 1-22 1-23 1-24; do #sed IMAGETAG into README.md done +for ver in 1-21 1-22 1-23 1-24; do + cp -a k8s-node-image9 k8s-node-image9-$ver + sed -i "s@k8s-node-image-nginx9-1-24@k8s-node-image-nginx9-$ver@g" k8s-node-image9-$ver/Chart.yaml k8s-node-image9-$ver/values.yaml + sed -i "s@^name:.*@name: k8s-node-image9-$ver@g" k8s-node-image9-$ver/Chart.yaml + pushd k8s-node-image9-$ver 2>/dev/null + helm dep up --skip-refresh + popd 2>/dev/null + APPVER=$(helm inspect chart k8s-node-image9-$ver/charts/k8s-node-image-nginx9-*.tgz | sort | awk '{if(/^(appVersion):/){print $2}}') + sed -i "s@^appVersion:.*@appVersion: k8s-node-image9-$APPVER@g" k8s-node-image9-$ver/Chart.yaml + #FIXME + #IMAGETAG=$(tar -zxOf k8s-node-image-$ver/charts/k8s-node-image-nginx-*.tgz k8s-node-image-nginx/files/metadata.json | jq -r .tag ) + #sed IMAGETAG into README.md +done + CHANGE=0 for CHART in nginx-app console chronyd dhcpd ipmi-exporter kubeupdater k8s-node-image tenant-namespace pixiecore pixiecore-simpleconfig gitlab-runner-operator tenant-namespace-operator smartctl-exporter grafana-misc-dashboards magic-namespace; do RAWCHART=$CHART @@ -44,6 +58,9 @@ for CHART in nginx-app console chronyd dhcpd ipmi-exporter kubeupdater k8s-node- k8s-node-image) SUBBUILDS="1-21 1-22 1-23 1-24" ;; + k8s-node-image9) + SUBBUILDS="1-21 1-22 1-23 1-24" + ;; *) SUBBUILDS="latest" ;; diff --git a/charts/charts/k8s-node-image9/.helmignore b/charts/charts/k8s-node-image9/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/charts/k8s-node-image9/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ From 9f8ed0ad4b7037ba7ee658aa0578ce4a7e28618d Mon Sep 17 00:00:00 2001 From: Kevin Fox Date: Thu, 20 Apr 2023 10:44:02 -0700 Subject: [PATCH 314/331] Add k8s-node-image9 to the list Signed-off-by: Kevin Fox --- charts/charts/buildall | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/charts/buildall b/charts/charts/buildall index 652e826..ed46852 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -52,7 +52,7 @@ for ver in 1-21 1-22 1-23 1-24; do done CHANGE=0 -for CHART in nginx-app console chronyd dhcpd ipmi-exporter kubeupdater k8s-node-image tenant-namespace pixiecore pixiecore-simpleconfig gitlab-runner-operator tenant-namespace-operator smartctl-exporter grafana-misc-dashboards magic-namespace; do +for CHART in nginx-app console chronyd dhcpd ipmi-exporter kubeupdater k8s-node-image k8s-node-image9 tenant-namespace pixiecore pixiecore-simpleconfig gitlab-runner-operator tenant-namespace-operator smartctl-exporter grafana-misc-dashboards magic-namespace; do RAWCHART=$CHART case "$CHART" in k8s-node-image) From b40671b366f828dea0f38d53c6c079eb7655e363 Mon Sep 17 00:00:00 2001 From: kfox1111 Date: Tue, 16 May 2023 13:26:56 -0700 Subject: [PATCH 315/331] Add missing package. Signed-off-by: Kevin Fox --- containers/rpms-node-base9/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/rpms-node-base9/Dockerfile b/containers/rpms-node-base9/Dockerfile index 087fa1c..5157164 100644 --- a/containers/rpms-node-base9/Dockerfile +++ b/containers/rpms-node-base9/Dockerfile @@ -14,7 +14,7 @@ RUN --mount=type=secret,id=gpg \ --destdir rpms -y @core grub2-efi-x64 kernel grub2 e2fsprogs nspr nss-util \ openssh-server openssh iptables-services nfs-utils authconfig psmisc \ libibverbs qemu-guest-agent libsss_sudo bzip2 chrony dosfstools efibootmgr \ - langpacks-en mdadm shim-x64 && \ + langpacks-en mdadm shim-x64 glibc-minimal-langpack && \ gpg --import /run/secrets/gpg && \ gpg --import /root/rpm.pub && \ rpm --addsign $(find rpms -type f -name '*.rpm') && \ From afc5478ce00609beafa0761d2310a1c8744b4f04 Mon Sep 17 00:00:00 2001 From: kfox1111 Date: Thu, 25 May 2023 13:50:05 -0700 Subject: [PATCH 316/331] Update Dockerfile --- containers/rpms-node-base9/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/rpms-node-base9/Dockerfile b/containers/rpms-node-base9/Dockerfile index 5157164..86c14ac 100644 --- a/containers/rpms-node-base9/Dockerfile +++ b/containers/rpms-node-base9/Dockerfile @@ -14,7 +14,7 @@ RUN --mount=type=secret,id=gpg \ --destdir rpms -y @core grub2-efi-x64 kernel grub2 e2fsprogs nspr nss-util \ openssh-server openssh iptables-services nfs-utils authconfig psmisc \ libibverbs qemu-guest-agent libsss_sudo bzip2 chrony dosfstools efibootmgr \ - langpacks-en mdadm shim-x64 glibc-minimal-langpack && \ + langpacks-en mdadm shim-x64 glibc-minimal-langpack tar lvm2 && \ gpg --import /run/secrets/gpg && \ gpg --import /root/rpm.pub && \ rpm --addsign $(find rpms -type f -name '*.rpm') && \ From 3c999493273c1a9350038d56d59b1953658885d3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Jun 2023 05:06:19 +0000 Subject: [PATCH 317/331] Bump actions/checkout from 3.3.0 to 3.5.3 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.3.0 to 3.5.3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3.3.0...v3.5.3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/main.yml | 62 +++++++++++++++++++------------------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index f0f7c69..5eac08d 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -15,84 +15,84 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.3.0 + uses: actions/checkout@v3.5.3 - name: Build git container run: ./containers/build git buildc-curl-jq: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.3.0 + uses: actions/checkout@v3.5.3 - name: Build curl-jq container run: ./containers/build curl-jq buildc-gitlab-runner-operator: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.3.0 + uses: actions/checkout@v3.5.3 - name: Build gitlab-runner-operator container run: ./containers/build gitlab-runner-operator buildc-tenant-namespace-operator: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.3.0 + uses: actions/checkout@v3.5.3 - name: Build tenant-namespace-operator container run: ./containers/build tenant-namespace-operator buildc-pixiecore: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.3.0 + uses: actions/checkout@v3.5.3 - name: Build pixiecore container run: ./containers/build pixiecore buildc-ipmitool: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.3.0 + uses: actions/checkout@v3.5.3 - name: Build ipmitool container run: ./containers/build ipmitool buildc-ipmi-exporter: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.3.0 + uses: actions/checkout@v3.5.3 - name: Build ipmi-exporter container run: ./containers/build ipmi-exporter buildc-dhcpd: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.3.0 + uses: actions/checkout@v3.5.3 - name: Build dhcpd container run: ./containers/build dhcpd buildc-inotify-tools: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.3.0 + uses: actions/checkout@v3.5.3 - name: Build inotify-tools container run: ./containers/build inotify-tools buildc-chronyd: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.3.0 + uses: actions/checkout@v3.5.3 - name: Build chronyd container run: ./containers/build chronyd buildc-debug-toolbox: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.3.0 + uses: actions/checkout@v3.5.3 - name: Build debug-toolbox container run: ./containers/build debug-toolbox buildc-smartctl-exporter: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.3.0 + uses: actions/checkout@v3.5.3 - name: Build smartctl-exporter container run: ./containers/build smartctl-exporter buildc-rpms-containerd: @@ -101,7 +101,7 @@ jobs: - buildc-rpms-node-base steps: - name: Checkout - uses: actions/checkout@v3.3.0 + uses: actions/checkout@v3.5.3 - name: Build rpms-containerd container env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -115,7 +115,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.3.0 + uses: actions/checkout@v3.5.3 - name: Build rpms-node-base container env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -131,7 +131,7 @@ jobs: - buildc-rpms-node-base steps: - name: Checkout - uses: actions/checkout@v3.3.0 + uses: actions/checkout@v3.5.3 - name: Build rpms-openvswitch container env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -147,7 +147,7 @@ jobs: - buildc-rpms-node-base steps: - name: Checkout - uses: actions/checkout@v3.3.0 + uses: actions/checkout@v3.5.3 - name: Build rpms-kubernetes container 1.22 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -163,7 +163,7 @@ jobs: - buildc-rpms-node-base steps: - name: Checkout - uses: actions/checkout@v3.3.0 + uses: actions/checkout@v3.5.3 - name: Build rpms-kubernetes container 1.23 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -179,7 +179,7 @@ jobs: - buildc-rpms-node-base steps: - name: Checkout - uses: actions/checkout@v3.3.0 + uses: actions/checkout@v3.5.3 - name: Build rpms-kubernetes container 1.24 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -195,7 +195,7 @@ jobs: - buildc-rpms-node-base steps: - name: Checkout - uses: actions/checkout@v3.3.0 + uses: actions/checkout@v3.5.3 - name: Build rpms-kubernetes container 1.21 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -209,7 +209,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.3.0 + uses: actions/checkout@v3.5.3 - name: Build anaconda container run: ./containers/build anaconda - name: Build anaconda9 container @@ -224,7 +224,7 @@ jobs: - buildc-rpms-k8s-22 steps: - name: Checkout - uses: actions/checkout@v3.3.0 + uses: actions/checkout@v3.5.3 - name: Build full k8s node image 1.22 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -243,7 +243,7 @@ jobs: - buildc-rpms-k8s-23 steps: - name: Checkout - uses: actions/checkout@v3.3.0 + uses: actions/checkout@v3.5.3 - name: Build full k8s node image 1.23 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -262,7 +262,7 @@ jobs: - buildc-rpms-k8s-24 steps: - name: Checkout - uses: actions/checkout@v3.3.0 + uses: actions/checkout@v3.5.3 - name: Build full k8s node image 1.24 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -281,7 +281,7 @@ jobs: - buildc-rpms-k8s-21 steps: - name: Checkout - uses: actions/checkout@v3.3.0 + uses: actions/checkout@v3.5.3 - name: Build full k8s node image 1.21 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -298,7 +298,7 @@ jobs: - buildc-anaconda steps: - name: Checkout - uses: actions/checkout@v3.3.0 + uses: actions/checkout@v3.5.3 - name: Build anaconda+nginx container run: ./containers/build anaconda-nginx - name: Build anaconda+nginx9 container @@ -309,7 +309,7 @@ jobs: - build-node-image-22 steps: - name: Checkout - uses: actions/checkout@v3.3.0 + uses: actions/checkout@v3.5.3 - name: Build k8s-node-image+nginx container 1.22 run: ./containers/build k8s-node-image-nginx 1.22 - name: Build k8s-node-image+nginx9 container 1.22 @@ -320,7 +320,7 @@ jobs: - build-node-image-23 steps: - name: Checkout - uses: actions/checkout@v3.3.0 + uses: actions/checkout@v3.5.3 - name: Build k8s-node-image+nginx container 1.23 run: ./containers/build k8s-node-image-nginx 1.23 - name: Build k8s-node-image+nginx9 container 1.23 @@ -331,7 +331,7 @@ jobs: - build-node-image-24 steps: - name: Checkout - uses: actions/checkout@v3.3.0 + uses: actions/checkout@v3.5.3 - name: Build k8s-node-image+nginx container 1.24 run: ./containers/build k8s-node-image-nginx 1.24 - name: Build k8s-node-image+nginx9 container 1.24 @@ -342,7 +342,7 @@ jobs: - build-node-image-21 steps: - name: Checkout - uses: actions/checkout@v3.3.0 + uses: actions/checkout@v3.5.3 - name: Build k8s-node-image+nginx container 1.21 run: ./containers/build k8s-node-image-nginx 1.21 - name: Build k8s-node-image+nginx9 container 1.21 @@ -368,7 +368,7 @@ jobs: GITHUB_LIBRARY_CHARTS_TOKEN: ${{ secrets.GIT_LIBRARY_CHARTS_TOKEN }} steps: - name: Checkout - uses: actions/checkout@v3.3.0 + uses: actions/checkout@v3.5.3 - name: Configure Git run: | git config --global user.name "$GITHUB_ACTOR" @@ -386,7 +386,7 @@ jobs: GITHUB_LIBRARY_CHARTS_TOKEN: ${{ secrets.GIT_LIBRARY_CHARTS_TOKEN }} steps: - name: Checkout - uses: actions/checkout@v3.3.0 + uses: actions/checkout@v3.5.3 - name: Configure Git run: | git config --global user.name "$GITHUB_ACTOR" From bdfa3fc196c7f1abaec410d3f87d32ce65a56d05 Mon Sep 17 00:00:00 2001 From: kfox1111 Date: Tue, 13 Jun 2023 16:07:26 -0700 Subject: [PATCH 318/331] Add package for rootless dnd --- containers/rpms-node-base9/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/containers/rpms-node-base9/Dockerfile b/containers/rpms-node-base9/Dockerfile index 86c14ac..a67116e 100644 --- a/containers/rpms-node-base9/Dockerfile +++ b/containers/rpms-node-base9/Dockerfile @@ -14,7 +14,7 @@ RUN --mount=type=secret,id=gpg \ --destdir rpms -y @core grub2-efi-x64 kernel grub2 e2fsprogs nspr nss-util \ openssh-server openssh iptables-services nfs-utils authconfig psmisc \ libibverbs qemu-guest-agent libsss_sudo bzip2 chrony dosfstools efibootmgr \ - langpacks-en mdadm shim-x64 glibc-minimal-langpack tar lvm2 && \ + langpacks-en mdadm shim-x64 glibc-minimal-langpack tar lvm2 fuse-overlayfs && \ gpg --import /run/secrets/gpg && \ gpg --import /root/rpm.pub && \ rpm --addsign $(find rpms -type f -name '*.rpm') && \ From 9ac5b27d42041e497cbd897a6a0976a44dcbb78f Mon Sep 17 00:00:00 2001 From: kfox1111 Date: Tue, 3 Oct 2023 11:53:22 -0700 Subject: [PATCH 319/331] Add 9 1.28 --- .github/workflows/main.yml | 14 ++++++++++++++ charts/charts/buildall | 4 ++-- charts/image-library-charts/buildall | 2 +- 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 5eac08d..1471a4f 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -205,6 +205,20 @@ jobs: printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-kubernetes9 1.21 rm -f rpm.priv + buildc-rpms-k8s-28: + runs-on: ubuntu-20.04 + needs: + - buildc-rpms-node-base + steps: + - name: Checkout + uses: actions/checkout@v3.5.3 + - name: Build rpms-kubernetes container 1.28 + env: + RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} + run: | + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build rpms-kubernetes9 1.28 + rm -f rpm.priv buildc-anaconda: runs-on: ubuntu-20.04 steps: diff --git a/charts/charts/buildall b/charts/charts/buildall index ed46852..b40c510 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -37,7 +37,7 @@ for ver in 1-21 1-22 1-23 1-24; do #sed IMAGETAG into README.md done -for ver in 1-21 1-22 1-23 1-24; do +for ver in 1-21 1-22 1-23 1-24 1-28; do cp -a k8s-node-image9 k8s-node-image9-$ver sed -i "s@k8s-node-image-nginx9-1-24@k8s-node-image-nginx9-$ver@g" k8s-node-image9-$ver/Chart.yaml k8s-node-image9-$ver/values.yaml sed -i "s@^name:.*@name: k8s-node-image9-$ver@g" k8s-node-image9-$ver/Chart.yaml @@ -59,7 +59,7 @@ for CHART in nginx-app console chronyd dhcpd ipmi-exporter kubeupdater k8s-node- SUBBUILDS="1-21 1-22 1-23 1-24" ;; k8s-node-image9) - SUBBUILDS="1-21 1-22 1-23 1-24" + SUBBUILDS="1-21 1-22 1-23 1-24 1-28" ;; *) SUBBUILDS="latest" diff --git a/charts/image-library-charts/buildall b/charts/image-library-charts/buildall index 39f3c21..d1da7fa 100755 --- a/charts/image-library-charts/buildall +++ b/charts/image-library-charts/buildall @@ -26,7 +26,7 @@ for CONTAINER in ipmitool ipmi-exporter dhcpd inotify-tools chronyd debug-toolbo SUBBUILDS="1.21 1.22 1.23 1.24" ;; k8s-node-image-nginx9) - SUBBUILDS="1.21 1.22 1.23 1.24" + SUBBUILDS="1.21 1.22 1.23 1.24 1.28" ;; *) SUBBUILDS="latest" From 51f6cd671a1f2be3fa539883dd0d60bab37fef75 Mon Sep 17 00:00:00 2001 From: kfox1111 Date: Wed, 4 Oct 2023 11:57:16 -0700 Subject: [PATCH 320/331] Add missing jobs --- .github/workflows/main.yml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 1471a4f..755d2f1 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -305,6 +305,23 @@ jobs: printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build k8s-node-image9 1.21 rm -f rpm.priv + build-node-image-28: + runs-on: ubuntu-20.04 + needs: + - buildc-rpms-node-base + - buildc-rpms-containerd + - buildc-rpms-openvswitch + - buildc-rpms-k8s-28 + steps: + - name: Checkout + uses: actions/checkout@v3.5.3 + - name: Build full k8s node image 1.28 + env: + RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} + run: | + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build k8s-node-image9 1.28 + rm -f rpm.priv buildc-anaconda-nginx: runs-on: ubuntu-20.04 @@ -361,6 +378,15 @@ jobs: run: ./containers/build k8s-node-image-nginx 1.21 - name: Build k8s-node-image+nginx9 container 1.21 run: ./containers/build k8s-node-image-nginx9 1.21 + build-node-image-28-nginx: + runs-on: ubuntu-20.04 + needs: + - build-node-image-28 + steps: + - name: Checkout + uses: actions/checkout@v3.5.3 + - name: Build k8s-node-image+nginx9 container 1.28 + run: ./containers/build k8s-node-image-nginx9 1.28 build-image-library-charts: runs-on: ubuntu-20.04 @@ -376,6 +402,7 @@ jobs: - build-node-image-23-nginx - build-node-image-24-nginx - build-node-image-21-nginx + - build-node-image-28-nginx - buildc-pixiecore - buildc-smartctl-exporter env: From d33f9611b38cc3b0e26d86e4c687afc478ff7567 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Oct 2023 18:57:51 +0000 Subject: [PATCH 321/331] Bump actions/checkout from 3.5.3 to 4.1.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.3 to 4.1.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3.5.3...v4.1.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/main.yml | 68 +++++++++++++++++++------------------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 755d2f1..79b951b 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -15,84 +15,84 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Build git container run: ./containers/build git buildc-curl-jq: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Build curl-jq container run: ./containers/build curl-jq buildc-gitlab-runner-operator: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Build gitlab-runner-operator container run: ./containers/build gitlab-runner-operator buildc-tenant-namespace-operator: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Build tenant-namespace-operator container run: ./containers/build tenant-namespace-operator buildc-pixiecore: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Build pixiecore container run: ./containers/build pixiecore buildc-ipmitool: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Build ipmitool container run: ./containers/build ipmitool buildc-ipmi-exporter: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Build ipmi-exporter container run: ./containers/build ipmi-exporter buildc-dhcpd: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Build dhcpd container run: ./containers/build dhcpd buildc-inotify-tools: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Build inotify-tools container run: ./containers/build inotify-tools buildc-chronyd: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Build chronyd container run: ./containers/build chronyd buildc-debug-toolbox: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Build debug-toolbox container run: ./containers/build debug-toolbox buildc-smartctl-exporter: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Build smartctl-exporter container run: ./containers/build smartctl-exporter buildc-rpms-containerd: @@ -101,7 +101,7 @@ jobs: - buildc-rpms-node-base steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Build rpms-containerd container env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -115,7 +115,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Build rpms-node-base container env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -131,7 +131,7 @@ jobs: - buildc-rpms-node-base steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Build rpms-openvswitch container env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -147,7 +147,7 @@ jobs: - buildc-rpms-node-base steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Build rpms-kubernetes container 1.22 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -163,7 +163,7 @@ jobs: - buildc-rpms-node-base steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Build rpms-kubernetes container 1.23 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -179,7 +179,7 @@ jobs: - buildc-rpms-node-base steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Build rpms-kubernetes container 1.24 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -195,7 +195,7 @@ jobs: - buildc-rpms-node-base steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Build rpms-kubernetes container 1.21 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -211,7 +211,7 @@ jobs: - buildc-rpms-node-base steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Build rpms-kubernetes container 1.28 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -223,7 +223,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Build anaconda container run: ./containers/build anaconda - name: Build anaconda9 container @@ -238,7 +238,7 @@ jobs: - buildc-rpms-k8s-22 steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Build full k8s node image 1.22 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -257,7 +257,7 @@ jobs: - buildc-rpms-k8s-23 steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Build full k8s node image 1.23 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -276,7 +276,7 @@ jobs: - buildc-rpms-k8s-24 steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Build full k8s node image 1.24 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -295,7 +295,7 @@ jobs: - buildc-rpms-k8s-21 steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Build full k8s node image 1.21 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -314,7 +314,7 @@ jobs: - buildc-rpms-k8s-28 steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Build full k8s node image 1.28 env: RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} @@ -329,7 +329,7 @@ jobs: - buildc-anaconda steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Build anaconda+nginx container run: ./containers/build anaconda-nginx - name: Build anaconda+nginx9 container @@ -340,7 +340,7 @@ jobs: - build-node-image-22 steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Build k8s-node-image+nginx container 1.22 run: ./containers/build k8s-node-image-nginx 1.22 - name: Build k8s-node-image+nginx9 container 1.22 @@ -351,7 +351,7 @@ jobs: - build-node-image-23 steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Build k8s-node-image+nginx container 1.23 run: ./containers/build k8s-node-image-nginx 1.23 - name: Build k8s-node-image+nginx9 container 1.23 @@ -362,7 +362,7 @@ jobs: - build-node-image-24 steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Build k8s-node-image+nginx container 1.24 run: ./containers/build k8s-node-image-nginx 1.24 - name: Build k8s-node-image+nginx9 container 1.24 @@ -373,7 +373,7 @@ jobs: - build-node-image-21 steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Build k8s-node-image+nginx container 1.21 run: ./containers/build k8s-node-image-nginx 1.21 - name: Build k8s-node-image+nginx9 container 1.21 @@ -384,7 +384,7 @@ jobs: - build-node-image-28 steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Build k8s-node-image+nginx9 container 1.28 run: ./containers/build k8s-node-image-nginx9 1.28 @@ -409,7 +409,7 @@ jobs: GITHUB_LIBRARY_CHARTS_TOKEN: ${{ secrets.GIT_LIBRARY_CHARTS_TOKEN }} steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Configure Git run: | git config --global user.name "$GITHUB_ACTOR" @@ -427,7 +427,7 @@ jobs: GITHUB_LIBRARY_CHARTS_TOKEN: ${{ secrets.GIT_LIBRARY_CHARTS_TOKEN }} steps: - name: Checkout - uses: actions/checkout@v3.5.3 + uses: actions/checkout@v4.1.0 - name: Configure Git run: | git config --global user.name "$GITHUB_ACTOR" From 0e11fcde4276b360f91b2e988381fc46cc441ff9 Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Wed, 11 Oct 2023 17:34:51 -0700 Subject: [PATCH 322/331] [tenant-namespace] Updated to ingress-nginx controller 1.3.0 --- charts/charts/tenant-namespace/Chart.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/charts/tenant-namespace/Chart.yaml b/charts/charts/tenant-namespace/Chart.yaml index 9ed3b1d..fea5ea7 100644 --- a/charts/charts/tenant-namespace/Chart.yaml +++ b/charts/charts/tenant-namespace/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 type: application description: Chart for setting up a tenants namespace with all the goodies name: tenant-namespace -version: 0.7.11 +version: 0.7.12 appVersion: "1.0" dependencies: - name: magic-namespace @@ -16,6 +16,6 @@ dependencies: repository: "https://pnnl-miscscripts.github.io/charts" - name: ingress-nginx alias: ingress - version: "4.1.4" + version: "4.2.3" repository: "https://kubernetes.github.io/ingress-nginx" condition: ingress.nginx.enabled From 602e992dfc09effe9cd14f98cc48182afb75fee9 Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Thu, 12 Oct 2023 16:07:10 -0700 Subject: [PATCH 323/331] [tenant-namespace-operator] Updated to latest tenant-namespace chart Fixed operator ansible collection dependencies as latest operator_sdk.util breaks k8s_status call --- charts/charts/tenant-namespace-operator/Chart.yaml | 4 ++-- containers/tenant-namespace-operator/Dockerfile | 4 ++-- containers/tenant-namespace-operator/buildenv | 2 +- containers/tenant-namespace-operator/requirements.yml | 1 + 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/charts/charts/tenant-namespace-operator/Chart.yaml b/charts/charts/tenant-namespace-operator/Chart.yaml index 8171b87..f10e4b9 100644 --- a/charts/charts/tenant-namespace-operator/Chart.yaml +++ b/charts/charts/tenant-namespace-operator/Chart.yaml @@ -14,8 +14,8 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.1.14 +version: 0.1.15 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: 0.1.12-1 +appVersion: 0.1.13-1 diff --git a/containers/tenant-namespace-operator/Dockerfile b/containers/tenant-namespace-operator/Dockerfile index 42a6b2e..f86a2d1 100644 --- a/containers/tenant-namespace-operator/Dockerfile +++ b/containers/tenant-namespace-operator/Dockerfile @@ -25,11 +25,11 @@ RUN \ ansible-galaxy collection install -r ${HOME}/requirements.yml && \ chmod -R ug+rwx ${HOME}/.ansible && \ helm plugin install https://github.com/databus23/helm-diff --version master && \ - helm pull --repo https://pnnl-miscscripts.github.io/charts tenant-namespace --version 0.6.12 --untar && \ + helm pull --repo https://pnnl-miscscripts.github.io/charts tenant-namespace --version 0.6.13 --untar && \ cd tenant-namespace/charts/ingress-nginx/ && \ cd - && \ find roles/ -type f -exec md5sum {} \; > /.extrafingerprints && \ - echo 0.1.12 >> /.extrafingerprints && \ + echo 0.1.13 >> /.extrafingerprints && \ md5sum watches.yaml >> /.extrafingerprints ENTRYPOINT ["/usr/local/bin/entrypoint", "--inject-owner-ref=false"] diff --git a/containers/tenant-namespace-operator/buildenv b/containers/tenant-namespace-operator/buildenv index fcd86f9..7441c07 100644 --- a/containers/tenant-namespace-operator/buildenv +++ b/containers/tenant-namespace-operator/buildenv @@ -1 +1 @@ -export PREFIX=0.1.12 +export PREFIX=0.1.13 diff --git a/containers/tenant-namespace-operator/requirements.yml b/containers/tenant-namespace-operator/requirements.yml index b81fa18..848028c 100644 --- a/containers/tenant-namespace-operator/requirements.yml +++ b/containers/tenant-namespace-operator/requirements.yml @@ -2,3 +2,4 @@ collections: - name: community.kubernetes version: "<2.0.0" - name: operator_sdk.util + version: "0.1.0" From 837a71c043310cb3c3d3a8ff794c597dcc9215da Mon Sep 17 00:00:00 2001 From: Peter L Nordquist Date: Wed, 18 Oct 2023 15:59:19 -0700 Subject: [PATCH 324/331] [tenant-namespace-operator] Added support for prometheus rules in the role (#66) Prometheus rules can be created from the ingress chart --- charts/charts/tenant-namespace-operator/Chart.yaml | 2 +- charts/charts/tenant-namespace-operator/templates/role.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/charts/charts/tenant-namespace-operator/Chart.yaml b/charts/charts/tenant-namespace-operator/Chart.yaml index f10e4b9..55161a2 100644 --- a/charts/charts/tenant-namespace-operator/Chart.yaml +++ b/charts/charts/tenant-namespace-operator/Chart.yaml @@ -14,7 +14,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.1.15 +version: 0.1.16 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. diff --git a/charts/charts/tenant-namespace-operator/templates/role.yaml b/charts/charts/tenant-namespace-operator/templates/role.yaml index 47e680c..ab2b6bb 100644 --- a/charts/charts/tenant-namespace-operator/templates/role.yaml +++ b/charts/charts/tenant-namespace-operator/templates/role.yaml @@ -43,6 +43,7 @@ rules: - monitoring.coreos.com resources: - servicemonitors + - prometheusrules verbs: - get - create From 959918b98fad2512f699ca4d483e5508fddf1dd3 Mon Sep 17 00:00:00 2001 From: Peter Nordquist Date: Wed, 18 Oct 2023 15:55:59 -0700 Subject: [PATCH 325/331] [rpms-kubernetes9] Migrated to pkgs.k8s.io Added new repo file with version replacement Kubernetes only published 1.24+ to the new repo Rocky 9 builds have been migrated to use this new repo --- .github/workflows/main.yml | 59 ++++++++++++++------- charts/charts/buildall | 4 +- charts/image-library-charts/buildall | 2 +- containers/rpms-kubernetes9/Dockerfile | 11 ++-- containers/rpms-kubernetes9/kubernetes.repo | 6 +-- 5 files changed, 49 insertions(+), 33 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 79b951b..78c858e 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -154,8 +154,6 @@ jobs: run: | printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-kubernetes 1.22 - printf "%s" "$RPM_GPG_KEY" > rpm.priv - ./containers/build rpms-kubernetes9 1.22 rm -f rpm.priv buildc-rpms-k8s-23: runs-on: ubuntu-20.04 @@ -170,8 +168,6 @@ jobs: run: | printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-kubernetes 1.23 - printf "%s" "$RPM_GPG_KEY" > rpm.priv - ./containers/build rpms-kubernetes9 1.23 rm -f rpm.priv buildc-rpms-k8s-24: runs-on: ubuntu-20.04 @@ -189,6 +185,20 @@ jobs: printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-kubernetes9 1.24 rm -f rpm.priv + buildc-rpms-k8s-25: + runs-on: ubuntu-20.04 + needs: + - buildc-rpms-node-base + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build rpms-kubernetes container 1.25 + env: + RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} + run: | + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build rpms-kubernetes9 1.25 + rm -f rpm.priv buildc-rpms-k8s-21: runs-on: ubuntu-20.04 needs: @@ -202,8 +212,6 @@ jobs: run: | printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build rpms-kubernetes 1.21 - printf "%s" "$RPM_GPG_KEY" > rpm.priv - ./containers/build rpms-kubernetes9 1.21 rm -f rpm.priv buildc-rpms-k8s-28: runs-on: ubuntu-20.04 @@ -245,8 +253,6 @@ jobs: run: | printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build k8s-node-image 1.22 - printf "%s" "$RPM_GPG_KEY" > rpm.priv - ./containers/build k8s-node-image9 1.22 rm -f rpm.priv build-node-image-23: runs-on: ubuntu-20.04 @@ -264,8 +270,6 @@ jobs: run: | printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build k8s-node-image 1.23 - printf "%s" "$RPM_GPG_KEY" > rpm.priv - ./containers/build k8s-node-image9 1.23 rm -f rpm.priv build-node-image-24: runs-on: ubuntu-20.04 @@ -286,6 +290,23 @@ jobs: printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build k8s-node-image9 1.24 rm -f rpm.priv + build-node-image-25: + runs-on: ubuntu-20.04 + needs: + - buildc-rpms-node-base + - buildc-rpms-containerd + - buildc-rpms-openvswitch + - buildc-rpms-k8s-25 + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build full k8s node image 1.25 + env: + RPM_GPG_KEY: ${{ secrets.RPM_GPG_KEY }} + run: | + printf "%s" "$RPM_GPG_KEY" > rpm.priv + ./containers/build k8s-node-image9 1.25 + rm -f rpm.priv build-node-image-21: runs-on: ubuntu-20.04 needs: @@ -302,8 +323,6 @@ jobs: run: | printf "%s" "$RPM_GPG_KEY" > rpm.priv ./containers/build k8s-node-image 1.21 - printf "%s" "$RPM_GPG_KEY" > rpm.priv - ./containers/build k8s-node-image9 1.21 rm -f rpm.priv build-node-image-28: runs-on: ubuntu-20.04 @@ -343,8 +362,6 @@ jobs: uses: actions/checkout@v4.1.0 - name: Build k8s-node-image+nginx container 1.22 run: ./containers/build k8s-node-image-nginx 1.22 - - name: Build k8s-node-image+nginx9 container 1.22 - run: ./containers/build k8s-node-image-nginx9 1.22 build-node-image-23-nginx: runs-on: ubuntu-20.04 needs: @@ -354,8 +371,6 @@ jobs: uses: actions/checkout@v4.1.0 - name: Build k8s-node-image+nginx container 1.23 run: ./containers/build k8s-node-image-nginx 1.23 - - name: Build k8s-node-image+nginx9 container 1.23 - run: ./containers/build k8s-node-image-nginx9 1.23 build-node-image-24-nginx: runs-on: ubuntu-20.04 needs: @@ -367,6 +382,15 @@ jobs: run: ./containers/build k8s-node-image-nginx 1.24 - name: Build k8s-node-image+nginx9 container 1.24 run: ./containers/build k8s-node-image-nginx9 1.24 + build-node-image-25-nginx: + runs-on: ubuntu-20.04 + needs: + - build-node-image-25 + steps: + - name: Checkout + uses: actions/checkout@v4.1.0 + - name: Build k8s-node-image+nginx9 container 1.25 + run: ./containers/build k8s-node-image-nginx9 1.25 build-node-image-21-nginx: runs-on: ubuntu-20.04 needs: @@ -376,8 +400,6 @@ jobs: uses: actions/checkout@v4.1.0 - name: Build k8s-node-image+nginx container 1.21 run: ./containers/build k8s-node-image-nginx 1.21 - - name: Build k8s-node-image+nginx9 container 1.21 - run: ./containers/build k8s-node-image-nginx9 1.21 build-node-image-28-nginx: runs-on: ubuntu-20.04 needs: @@ -401,6 +423,7 @@ jobs: - build-node-image-22-nginx - build-node-image-23-nginx - build-node-image-24-nginx + - build-node-image-25-nginx - build-node-image-21-nginx - build-node-image-28-nginx - buildc-pixiecore diff --git a/charts/charts/buildall b/charts/charts/buildall index b40c510..e1a8238 100755 --- a/charts/charts/buildall +++ b/charts/charts/buildall @@ -37,7 +37,7 @@ for ver in 1-21 1-22 1-23 1-24; do #sed IMAGETAG into README.md done -for ver in 1-21 1-22 1-23 1-24 1-28; do +for ver in 1-24 1-25 1-28; do cp -a k8s-node-image9 k8s-node-image9-$ver sed -i "s@k8s-node-image-nginx9-1-24@k8s-node-image-nginx9-$ver@g" k8s-node-image9-$ver/Chart.yaml k8s-node-image9-$ver/values.yaml sed -i "s@^name:.*@name: k8s-node-image9-$ver@g" k8s-node-image9-$ver/Chart.yaml @@ -59,7 +59,7 @@ for CHART in nginx-app console chronyd dhcpd ipmi-exporter kubeupdater k8s-node- SUBBUILDS="1-21 1-22 1-23 1-24" ;; k8s-node-image9) - SUBBUILDS="1-21 1-22 1-23 1-24 1-28" + SUBBUILDS="1-24 1-25 1-28" ;; *) SUBBUILDS="latest" diff --git a/charts/image-library-charts/buildall b/charts/image-library-charts/buildall index d1da7fa..66b1548 100755 --- a/charts/image-library-charts/buildall +++ b/charts/image-library-charts/buildall @@ -26,7 +26,7 @@ for CONTAINER in ipmitool ipmi-exporter dhcpd inotify-tools chronyd debug-toolbo SUBBUILDS="1.21 1.22 1.23 1.24" ;; k8s-node-image-nginx9) - SUBBUILDS="1.21 1.22 1.23 1.24 1.28" + SUBBUILDS="1.24 1.25 1.28" ;; *) SUBBUILDS="latest" diff --git a/containers/rpms-kubernetes9/Dockerfile b/containers/rpms-kubernetes9/Dockerfile index aefa8b5..e4f3da7 100644 --- a/containers/rpms-kubernetes9/Dockerfile +++ b/containers/rpms-kubernetes9/Dockerfile @@ -1,4 +1,4 @@ -# syntax = docker/dockerfile:1.0-experimental +# syntax = docker/dockerfile:1.2 FROM pnnlmiscscripts/rpms-node-base9:latest @@ -13,18 +13,13 @@ ADD rpmmacros /root/.rpmmacros ADD kubernetes.repo /etc/yum.repos.d/ RUN --mount=type=secret,id=gpg \ + sed -i "s/KUBE_VERSION/${SUBBUILD}/" /etc/yum.repos.d/kubernetes.repo && \ yum install -y 'dnf-command(download)' createrepo gnupg2 rpm-sign findutils && \ mkdir -p rpms/ && \ - VERSION=$(yum --showduplicates list kubelet -q | grep -vi packages | grep -vi rc | grep -vi alpha | grep -vi beta | awk '{print $2}' | awk -F. '{print $2}' | sort -nu | tail -n $BACK | head -n 1) && \ - VERSION="$(echo $SUBBUILD | awk -F. '{print $2}')" && \ - SUBVERSION=$(yum --showduplicates list kubelet -q | grep -vi packages | awk '{print $2}' | grep "^1\.$VERSION\."| awk -F. '{print $3}' | awk -F- '{print $1}' | sort -nu | tail -n 1) && \ - REVISION=$(yum --showduplicates list kubelet -q | grep -vi packages | awk '{print $2}' | grep "^1\.$VERSION\.$SUBVERSION-" | awk -F- '{print $2}' | sort -nu | tail -n 1) && \ - FULLVERSION="1.$VERSION.$SUBVERSION-$REVISION" && \ - echo "Picked $FULLVERSION" && \ mkdir -p rpms/ && \ cd /rpms && \ cp -a /rpms-base/*.rpm . && \ - dnf install -y --downloadonly --destdir /rpms "kubelet-$FULLVERSION" "kubeadm-$FULLVERSION" "kubectl-$FULLVERSION" && \ + dnf install -y --downloadonly --destdir /rpms kubelet kubeadm kubectl && \ find /rpms-base -maxdepth 1 -type f -name '*.rpm' -printf '%f\n' | while read line; do rm -f $line; done && \ gpg --import /run/secrets/gpg && \ gpg --import /root/rpm.pub && \ diff --git a/containers/rpms-kubernetes9/kubernetes.repo b/containers/rpms-kubernetes9/kubernetes.repo index 8f754aa..bb5eab6 100644 --- a/containers/rpms-kubernetes9/kubernetes.repo +++ b/containers/rpms-kubernetes9/kubernetes.repo @@ -1,8 +1,6 @@ [kubernetes] name=Kubernetes -baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 +baseurl=https://pkgs.k8s.io/core:/stable:/vKUBE_VERSION/rpm/ enabled=1 gpgcheck=1 -# See issue https://github.com/kubernetes/release/issues/1982 -repo_gpgcheck=0 -gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg https://packages.cloud.google.com/yum/doc/apt-key.gpg +gpgkey=https://pkgs.k8s.io/core:/stable:/vKUBE_VERSION/rpm/repodata/repomd.xml.key From 8d55c99c618c425f82954a701c26d4c3307784b3 Mon Sep 17 00:00:00 2001 From: Peter L Nordquist Date: Thu, 26 Oct 2023 15:17:16 -0700 Subject: [PATCH 326/331] [tenant-namespace-operator] Upgraded to Operator SDK v1.4.0 (#23) * Upgraded tenant namespace operator to osdk v1.4.0 Migrated to new directory structure Upgraded crds to apiextensions v1 Added probes to chart Updated entrypoint for new docker image Fixed references to meta in ansible role Bump tenant-namespace-operator version * [tenant-namespace-operator] Updated crd url after move/rename --- .../tenant-namespace-operator/Chart.yaml | 4 +- .../tenant-namespace-operator/README.md | 4 +- .../templates/deployment.yaml | 25 ++-- .../tenant-namespace-operator/.gitignore | 17 +++ .../tenant-namespace-operator/Dockerfile | 6 +- containers/tenant-namespace-operator/Makefile | 115 ++++++++++++++++ containers/tenant-namespace-operator/PROJECT | 14 ++ .../build/Dockerfile | 1 - containers/tenant-namespace-operator/buildenv | 2 +- ...ipts.pnnl.gov_tenantnamespaceflavors.yaml} | 0 ...iscscripts.pnnl.gov_tenantnamespaces.yaml} | 0 .../config/crd/kustomization.yaml | 7 + .../config/default/kustomization.yaml | 26 ++++ .../default/manager_auth_proxy_patch.yaml | 26 ++++ .../config/manager/kustomization.yaml | 2 + .../config/manager/manager.yaml | 46 +++++++ .../config/prometheus/kustomization.yaml | 2 + .../config/prometheus/monitor.yaml | 16 +++ .../rbac/auth_proxy_client_clusterrole.yaml | 7 + .../config/rbac/auth_proxy_role.yaml | 13 ++ .../config/rbac/auth_proxy_role_binding.yaml | 12 ++ .../config/rbac/auth_proxy_service.yaml | 14 ++ .../config/rbac/kustomization.yaml | 12 ++ .../config/rbac/leader_election_role.yaml | 25 ++++ .../rbac/leader_election_role_binding.yaml | 12 ++ .../config/rbac/role.yaml | 124 ++++++++++++++++++ .../config/rbac/role_binding.yaml | 13 ++ .../rbac/tenantnamespace_editor_role.yaml | 24 ++++ .../rbac/tenantnamespace_viewer_role.yaml | 20 +++ .../tenantnamespaceflavor_editor_role.yaml | 24 ++++ .../tenantnamespaceflavor_viewer_role.yaml | 20 +++ .../config/samples/kustomization.yaml | 5 + .../miscscripts_v1beta1_tenantnamespace.yaml} | 0 ...cripts_v1beta1_tenantnamespaceflavor.yaml} | 0 .../config/scorecard/bases/config.yaml | 7 + .../config/scorecard/kustomization.yaml | 16 +++ .../scorecard/patches/basic.config.yaml | 10 ++ .../config/scorecard/patches/olm.config.yaml | 50 +++++++ .../roles/tenantnamespace/README.md | 13 +- .../roles/tenantnamespace/defaults/main.yml | 2 +- .../roles/tenantnamespace/handlers/main.yml | 2 +- .../roles/tenantnamespace/tasks/main.yml | 68 +++++----- .../roles/tenantnamespace/vars/main.yml | 2 +- .../roles/tenantnamespacefin/tasks/main.yml | 8 +- .../tenant-namespace-operator/watches.yaml | 2 + 45 files changed, 756 insertions(+), 62 deletions(-) create mode 100644 containers/tenant-namespace-operator/.gitignore create mode 100644 containers/tenant-namespace-operator/Makefile create mode 100644 containers/tenant-namespace-operator/PROJECT delete mode 120000 containers/tenant-namespace-operator/build/Dockerfile rename containers/tenant-namespace-operator/{deploy/crds/miscscripts.pnnl.gov_tenantnamespaceflavors_crd.yaml => config/crd/bases/miscscripts.pnnl.gov_tenantnamespaceflavors.yaml} (100%) rename containers/tenant-namespace-operator/{deploy/crds/miscscripts.pnnl.gov_tenantnamespaces_crd.yaml => config/crd/bases/miscscripts.pnnl.gov_tenantnamespaces.yaml} (100%) create mode 100644 containers/tenant-namespace-operator/config/crd/kustomization.yaml create mode 100644 containers/tenant-namespace-operator/config/default/kustomization.yaml create mode 100644 containers/tenant-namespace-operator/config/default/manager_auth_proxy_patch.yaml create mode 100644 containers/tenant-namespace-operator/config/manager/kustomization.yaml create mode 100644 containers/tenant-namespace-operator/config/manager/manager.yaml create mode 100644 containers/tenant-namespace-operator/config/prometheus/kustomization.yaml create mode 100644 containers/tenant-namespace-operator/config/prometheus/monitor.yaml create mode 100644 containers/tenant-namespace-operator/config/rbac/auth_proxy_client_clusterrole.yaml create mode 100644 containers/tenant-namespace-operator/config/rbac/auth_proxy_role.yaml create mode 100644 containers/tenant-namespace-operator/config/rbac/auth_proxy_role_binding.yaml create mode 100644 containers/tenant-namespace-operator/config/rbac/auth_proxy_service.yaml create mode 100644 containers/tenant-namespace-operator/config/rbac/kustomization.yaml create mode 100644 containers/tenant-namespace-operator/config/rbac/leader_election_role.yaml create mode 100644 containers/tenant-namespace-operator/config/rbac/leader_election_role_binding.yaml create mode 100644 containers/tenant-namespace-operator/config/rbac/role.yaml create mode 100644 containers/tenant-namespace-operator/config/rbac/role_binding.yaml create mode 100644 containers/tenant-namespace-operator/config/rbac/tenantnamespace_editor_role.yaml create mode 100644 containers/tenant-namespace-operator/config/rbac/tenantnamespace_viewer_role.yaml create mode 100644 containers/tenant-namespace-operator/config/rbac/tenantnamespaceflavor_editor_role.yaml create mode 100644 containers/tenant-namespace-operator/config/rbac/tenantnamespaceflavor_viewer_role.yaml create mode 100644 containers/tenant-namespace-operator/config/samples/kustomization.yaml rename containers/tenant-namespace-operator/{examples/miscscripts.pnnl.gov_v1beta1_tenantnamespace_cr.yaml => config/samples/miscscripts_v1beta1_tenantnamespace.yaml} (100%) rename containers/tenant-namespace-operator/{examples/miscscripts.pnnl.gov_v1beta1_tenantnamespaceflavor_cr.yaml => config/samples/miscscripts_v1beta1_tenantnamespaceflavor.yaml} (100%) create mode 100644 containers/tenant-namespace-operator/config/scorecard/bases/config.yaml create mode 100644 containers/tenant-namespace-operator/config/scorecard/kustomization.yaml create mode 100644 containers/tenant-namespace-operator/config/scorecard/patches/basic.config.yaml create mode 100644 containers/tenant-namespace-operator/config/scorecard/patches/olm.config.yaml diff --git a/charts/charts/tenant-namespace-operator/Chart.yaml b/charts/charts/tenant-namespace-operator/Chart.yaml index 55161a2..0d79925 100644 --- a/charts/charts/tenant-namespace-operator/Chart.yaml +++ b/charts/charts/tenant-namespace-operator/Chart.yaml @@ -14,8 +14,8 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.1.16 +version: 0.1.17 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: 0.1.13-1 +appVersion: 0.1.14-1 diff --git a/charts/charts/tenant-namespace-operator/README.md b/charts/charts/tenant-namespace-operator/README.md index a828917..4c0e2e8 100644 --- a/charts/charts/tenant-namespace-operator/README.md +++ b/charts/charts/tenant-namespace-operator/README.md @@ -7,8 +7,8 @@ The tenant-namespace-operator chart launches an instance of the tenant-namespace Apply the CRD's if not already done so: ```bash -kubectl apply -f https://raw.githubusercontent.com/pnnl-miscscripts/miscscripts/master/containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespaceflavors_crd.yaml -kubectl apply -f https://raw.githubusercontent.com/pnnl-miscscripts/miscscripts/master/containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespaces_crd.yaml +kubectl apply -f https://raw.githubusercontent.com/pnnl-miscscripts/miscscripts/master/containers/tenant-namespace-operator/config/crd/bases/miscscripts.pnnl.gov_tenantnamespaceflavors.yaml +kubectl apply -f https://raw.githubusercontent.com/pnnl-miscscripts/miscscripts/master/containers/tenant-namespace-operator/config/crd/bases/miscscripts.pnnl.gov_tenantnamespaces.yaml ``` To install the Chart into your Kubernetes cluster (Helm 3 only) : diff --git a/charts/charts/tenant-namespace-operator/templates/deployment.yaml b/charts/charts/tenant-namespace-operator/templates/deployment.yaml index 9719707..f796d24 100644 --- a/charts/charts/tenant-namespace-operator/templates/deployment.yaml +++ b/charts/charts/tenant-namespace-operator/templates/deployment.yaml @@ -32,7 +32,24 @@ spec: {{- toYaml .Values.securityContext | nindent 12 }} resources: {{- toYaml .Values.resources | nindent 12 }} + livenessProbe: + httpGet: + path: /healthz + port: 6789 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 6789 + initialDelaySeconds: 5 + periodSeconds: 10 + args: + - "--enable-leader-election" + - "--leader-election-id=tenant-namespace-operator" env: + - name: ANSIBLE_GATHERING + value: explicit - name: WATCH_NAMESPACE {{- if eq .Values.mode "cluster" }} value: "" @@ -41,14 +58,6 @@ spec: fieldRef: fieldPath: metadata.namespace {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: OPERATOR_NAME - value: "tenant-namespace-operator" - - name: ANSIBLE_GATHERING - value: explicit - name: SERVICE_ACCOUNT_NAME value: {{ include "tenant-namespace-operator.serviceAccountName" . }} - name: NAMESPACE diff --git a/containers/tenant-namespace-operator/.gitignore b/containers/tenant-namespace-operator/.gitignore new file mode 100644 index 0000000..b434200 --- /dev/null +++ b/containers/tenant-namespace-operator/.gitignore @@ -0,0 +1,17 @@ + +# Binaries for programs and plugins +*.exe +*.exe~ +*.dll +*.so +*.dylib +bin + +# editor and IDE paraphernalia +.idea +*.swp +*.swo +*~ + +bundle/ +bundle.Dockerfile diff --git a/containers/tenant-namespace-operator/Dockerfile b/containers/tenant-namespace-operator/Dockerfile index f86a2d1..99acc7e 100644 --- a/containers/tenant-namespace-operator/Dockerfile +++ b/containers/tenant-namespace-operator/Dockerfile @@ -1,6 +1,6 @@ -FROM quay.io/operator-framework/ansible-operator:v0.17.0 +FROM quay.io/operator-framework/ansible-operator:v1.4.0 -ARG helm_version=v3.3.4 +ARG helm_version=v3.5.2 USER 0 RUN \ yum clean all && \ @@ -32,4 +32,4 @@ RUN \ echo 0.1.13 >> /.extrafingerprints && \ md5sum watches.yaml >> /.extrafingerprints -ENTRYPOINT ["/usr/local/bin/entrypoint", "--inject-owner-ref=false"] +ENTRYPOINT ["/usr/local/bin/ansible-operator", "run", "--watches-file=./watches.yaml", "--inject-owner-ref=false"] diff --git a/containers/tenant-namespace-operator/Makefile b/containers/tenant-namespace-operator/Makefile new file mode 100644 index 0000000..8f201fe --- /dev/null +++ b/containers/tenant-namespace-operator/Makefile @@ -0,0 +1,115 @@ +# VERSION defines the project version for the bundle. +# Update this value when you upgrade the version of your project. +# To re-generate a bundle for another specific version without changing the standard setup, you can: +# - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2) +# - use environment variables to overwrite this value (e.g export VERSION=0.0.2) +VERSION ?= 0.0.1 + +# CHANNELS define the bundle channels used in the bundle. +# Add a new line here if you would like to change its default config. (E.g CHANNELS = "preview,fast,stable") +# To re-generate a bundle for other specific channels without changing the standard setup, you can: +# - use the CHANNELS as arg of the bundle target (e.g make bundle CHANNELS=preview,fast,stable) +# - use environment variables to overwrite this value (e.g export CHANNELS="preview,fast,stable") +ifneq ($(origin CHANNELS), undefined) +BUNDLE_CHANNELS := --channels=$(CHANNELS) +endif + +# DEFAULT_CHANNEL defines the default channel used in the bundle. +# Add a new line here if you would like to change its default config. (E.g DEFAULT_CHANNEL = "stable") +# To re-generate a bundle for any other default channel without changing the default setup, you can: +# - use the DEFAULT_CHANNEL as arg of the bundle target (e.g make bundle DEFAULT_CHANNEL=stable) +# - use environment variables to overwrite this value (e.g export DEFAULT_CHANNEL="stable") +ifneq ($(origin DEFAULT_CHANNEL), undefined) +BUNDLE_DEFAULT_CHANNEL := --default-channel=$(DEFAULT_CHANNEL) +endif +BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL) + +# BUNDLE_IMG defines the image:tag used for the bundle. +# You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=/:) +BUNDLE_IMG ?= controller-bundle:$(VERSION) + +# Image URL to use all building/pushing image targets +IMG ?= controller:latest + +all: docker-build + +# Run against the configured Kubernetes cluster in ~/.kube/config +run: ansible-operator + $(ANSIBLE_OPERATOR) run + +# Install CRDs into a cluster +install: kustomize + $(KUSTOMIZE) build config/crd | kubectl apply -f - + +# Uninstall CRDs from a cluster +uninstall: kustomize + $(KUSTOMIZE) build config/crd | kubectl delete -f - + +# Deploy controller in the configured Kubernetes cluster in ~/.kube/config +deploy: kustomize + cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} + $(KUSTOMIZE) build config/default | kubectl apply -f - + +# Undeploy controller in the configured Kubernetes cluster in ~/.kube/config +undeploy: kustomize + $(KUSTOMIZE) build config/default | kubectl delete -f - + +# Build the docker image +docker-build: + docker build -t ${IMG} . + +# Push the docker image +docker-push: + docker push ${IMG} + +PATH := $(PATH):$(PWD)/bin +SHELL := env 'PATH=$(PATH)' /bin/sh +OS := $(shell uname -s | tr '[:upper:]' '[:lower:]') +ARCH := $(shell uname -m | sed 's/x86_64/amd64/') + +# Download kustomize locally if necessary, preferring the $(pwd)/bin path over global if both exist. +.PHONY: kustomize +KUSTOMIZE = $(shell pwd)/bin/kustomize +kustomize: +ifeq (,$(wildcard $(KUSTOMIZE))) +ifeq (,$(shell which kustomize 2>/dev/null)) + @{ \ + set -e ;\ + mkdir -p $(dir $(KUSTOMIZE)) ;\ + curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v3.5.4/kustomize_v3.5.4_$(OS)_$(ARCH).tar.gz | \ + tar xzf - -C bin/ ;\ + } +else +KUSTOMIZE = $(shell which kustomize) +endif +endif + +# Download ansible-operator locally if necessary, preferring the $(pwd)/bin path over global if both exist. +.PHONY: ansible-operator +ANSIBLE_OPERATOR = $(shell pwd)/bin/ansible-operator +ansible-operator: +ifeq (,$(wildcard $(ANSIBLE_OPERATOR))) +ifeq (,$(shell which ansible-operator 2>/dev/null)) + @{ \ + set -e ;\ + mkdir -p $(dir $(ANSIBLE_OPERATOR)) ;\ + curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.4.0/ansible-operator_$(OS)_$(ARCH) ;\ + chmod +x $(ANSIBLE_OPERATOR) ;\ + } +else +ANSIBLE_OPERATOR = $(shell which ansible-operator) +endif +endif + +# Generate bundle manifests and metadata, then validate generated files. +.PHONY: bundle +bundle: kustomize + operator-sdk generate kustomize manifests -q + cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG) + $(KUSTOMIZE) build config/manifests | operator-sdk generate bundle -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS) + operator-sdk bundle validate ./bundle + +# Build the bundle image. +.PHONY: bundle-build +bundle-build: + docker build -f bundle.Dockerfile -t $(BUNDLE_IMG) . diff --git a/containers/tenant-namespace-operator/PROJECT b/containers/tenant-namespace-operator/PROJECT new file mode 100644 index 0000000..be0a6ea --- /dev/null +++ b/containers/tenant-namespace-operator/PROJECT @@ -0,0 +1,14 @@ +domain: pnnl.gov +layout: ansible.sdk.operatorframework.io/v1 +projectName: tenant-namespace-operator +resources: +- group: miscscripts + kind: TenantNamespace + version: v1beta1 +- group: miscscripts + kind: TenantNamespaceFlavor + version: v1beta1 +version: 3-alpha +plugins: + manifests.sdk.operatorframework.io/v2: {} + scorecard.sdk.operatorframework.io/v2: {} diff --git a/containers/tenant-namespace-operator/build/Dockerfile b/containers/tenant-namespace-operator/build/Dockerfile deleted file mode 120000 index 395595c..0000000 --- a/containers/tenant-namespace-operator/build/Dockerfile +++ /dev/null @@ -1 +0,0 @@ -../Dockerfile \ No newline at end of file diff --git a/containers/tenant-namespace-operator/buildenv b/containers/tenant-namespace-operator/buildenv index 7441c07..04a4b2d 100644 --- a/containers/tenant-namespace-operator/buildenv +++ b/containers/tenant-namespace-operator/buildenv @@ -1 +1 @@ -export PREFIX=0.1.13 +export PREFIX=0.1.14 diff --git a/containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespaceflavors_crd.yaml b/containers/tenant-namespace-operator/config/crd/bases/miscscripts.pnnl.gov_tenantnamespaceflavors.yaml similarity index 100% rename from containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespaceflavors_crd.yaml rename to containers/tenant-namespace-operator/config/crd/bases/miscscripts.pnnl.gov_tenantnamespaceflavors.yaml diff --git a/containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespaces_crd.yaml b/containers/tenant-namespace-operator/config/crd/bases/miscscripts.pnnl.gov_tenantnamespaces.yaml similarity index 100% rename from containers/tenant-namespace-operator/deploy/crds/miscscripts.pnnl.gov_tenantnamespaces_crd.yaml rename to containers/tenant-namespace-operator/config/crd/bases/miscscripts.pnnl.gov_tenantnamespaces.yaml diff --git a/containers/tenant-namespace-operator/config/crd/kustomization.yaml b/containers/tenant-namespace-operator/config/crd/kustomization.yaml new file mode 100644 index 0000000..ac3d522 --- /dev/null +++ b/containers/tenant-namespace-operator/config/crd/kustomization.yaml @@ -0,0 +1,7 @@ +# This kustomization.yaml is not intended to be run by itself, +# since it depends on service name and namespace that are out of this kustomize package. +# It should be run by config/default +resources: +- bases/miscscripts.pnnl.gov_tenantnamespaces.yaml +- bases/miscscripts.pnnl.gov_tenantnamespaceflavors.yaml +# +kubebuilder:scaffold:crdkustomizeresource diff --git a/containers/tenant-namespace-operator/config/default/kustomization.yaml b/containers/tenant-namespace-operator/config/default/kustomization.yaml new file mode 100644 index 0000000..1e5312b --- /dev/null +++ b/containers/tenant-namespace-operator/config/default/kustomization.yaml @@ -0,0 +1,26 @@ +# Adds namespace to all resources. +namespace: tenant-namespace-operator + +# Value of this field is prepended to the +# names of all resources, e.g. a deployment named +# "wordpress" becomes "alices-wordpress". +# Note that it should also match with the prefix (text before '-') of the namespace +# field above. +namePrefix: tenant-namespace-operator- + +# Labels to add to all resources and selectors. +#commonLabels: +# someName: someValue + +bases: +- ../crd +- ../rbac +- ../manager +# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. +#- ../prometheus + +patchesStrategicMerge: + # Protect the /metrics endpoint by putting it behind auth. + # If you want your controller-manager to expose the /metrics + # endpoint w/o any authn/z, please comment the following line. +- manager_auth_proxy_patch.yaml diff --git a/containers/tenant-namespace-operator/config/default/manager_auth_proxy_patch.yaml b/containers/tenant-namespace-operator/config/default/manager_auth_proxy_patch.yaml new file mode 100644 index 0000000..f1b16e3 --- /dev/null +++ b/containers/tenant-namespace-operator/config/default/manager_auth_proxy_patch.yaml @@ -0,0 +1,26 @@ +# This patch inject a sidecar container which is a HTTP proxy for the +# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: kube-rbac-proxy + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 + args: + - "--secure-listen-address=0.0.0.0:8443" + - "--upstream=http://127.0.0.1:8080/" + - "--logtostderr=true" + - "--v=10" + ports: + - containerPort: 8443 + name: https + - name: manager + args: + - "--metrics-addr=127.0.0.1:8080" + - "--enable-leader-election" + - "--leader-election-id=tenant-namespace-operator" diff --git a/containers/tenant-namespace-operator/config/manager/kustomization.yaml b/containers/tenant-namespace-operator/config/manager/kustomization.yaml new file mode 100644 index 0000000..5c5f0b8 --- /dev/null +++ b/containers/tenant-namespace-operator/config/manager/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- manager.yaml diff --git a/containers/tenant-namespace-operator/config/manager/manager.yaml b/containers/tenant-namespace-operator/config/manager/manager.yaml new file mode 100644 index 0000000..411b7a4 --- /dev/null +++ b/containers/tenant-namespace-operator/config/manager/manager.yaml @@ -0,0 +1,46 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + control-plane: controller-manager + name: system +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system + labels: + control-plane: controller-manager +spec: + selector: + matchLabels: + control-plane: controller-manager + replicas: 1 + template: + metadata: + labels: + control-plane: controller-manager + spec: + containers: + - name: manager + args: + - "--enable-leader-election" + - "--leader-election-id=tenant-namespace-operator" + env: + - name: ANSIBLE_GATHERING + value: explicit + image: controller:latest + livenessProbe: + httpGet: + path: /readyz + port: 6789 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /healthz + port: 6789 + initialDelaySeconds: 5 + periodSeconds: 10 + terminationGracePeriodSeconds: 10 diff --git a/containers/tenant-namespace-operator/config/prometheus/kustomization.yaml b/containers/tenant-namespace-operator/config/prometheus/kustomization.yaml new file mode 100644 index 0000000..ed13716 --- /dev/null +++ b/containers/tenant-namespace-operator/config/prometheus/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- monitor.yaml diff --git a/containers/tenant-namespace-operator/config/prometheus/monitor.yaml b/containers/tenant-namespace-operator/config/prometheus/monitor.yaml new file mode 100644 index 0000000..1b44d4f --- /dev/null +++ b/containers/tenant-namespace-operator/config/prometheus/monitor.yaml @@ -0,0 +1,16 @@ +--- +# Prometheus Monitor Service (Metrics) +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + control-plane: controller-manager + name: controller-manager-metrics-monitor + namespace: system +spec: + endpoints: + - path: /metrics + port: https + selector: + matchLabels: + control-plane: controller-manager diff --git a/containers/tenant-namespace-operator/config/rbac/auth_proxy_client_clusterrole.yaml b/containers/tenant-namespace-operator/config/rbac/auth_proxy_client_clusterrole.yaml new file mode 100644 index 0000000..bd4af13 --- /dev/null +++ b/containers/tenant-namespace-operator/config/rbac/auth_proxy_client_clusterrole.yaml @@ -0,0 +1,7 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: metrics-reader +rules: +- nonResourceURLs: ["/metrics"] + verbs: ["get"] diff --git a/containers/tenant-namespace-operator/config/rbac/auth_proxy_role.yaml b/containers/tenant-namespace-operator/config/rbac/auth_proxy_role.yaml new file mode 100644 index 0000000..618f5e4 --- /dev/null +++ b/containers/tenant-namespace-operator/config/rbac/auth_proxy_role.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: proxy-role +rules: +- apiGroups: ["authentication.k8s.io"] + resources: + - tokenreviews + verbs: ["create"] +- apiGroups: ["authorization.k8s.io"] + resources: + - subjectaccessreviews + verbs: ["create"] diff --git a/containers/tenant-namespace-operator/config/rbac/auth_proxy_role_binding.yaml b/containers/tenant-namespace-operator/config/rbac/auth_proxy_role_binding.yaml new file mode 100644 index 0000000..48ed1e4 --- /dev/null +++ b/containers/tenant-namespace-operator/config/rbac/auth_proxy_role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: proxy-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: proxy-role +subjects: +- kind: ServiceAccount + name: default + namespace: system diff --git a/containers/tenant-namespace-operator/config/rbac/auth_proxy_service.yaml b/containers/tenant-namespace-operator/config/rbac/auth_proxy_service.yaml new file mode 100644 index 0000000..6cf656b --- /dev/null +++ b/containers/tenant-namespace-operator/config/rbac/auth_proxy_service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: controller-manager-metrics-service + namespace: system +spec: + ports: + - name: https + port: 8443 + targetPort: https + selector: + control-plane: controller-manager diff --git a/containers/tenant-namespace-operator/config/rbac/kustomization.yaml b/containers/tenant-namespace-operator/config/rbac/kustomization.yaml new file mode 100644 index 0000000..66c2833 --- /dev/null +++ b/containers/tenant-namespace-operator/config/rbac/kustomization.yaml @@ -0,0 +1,12 @@ +resources: +- role.yaml +- role_binding.yaml +- leader_election_role.yaml +- leader_election_role_binding.yaml +# Comment the following 4 lines if you want to disable +# the auth proxy (https://github.com/brancz/kube-rbac-proxy) +# which protects your /metrics endpoint. +- auth_proxy_service.yaml +- auth_proxy_role.yaml +- auth_proxy_role_binding.yaml +- auth_proxy_client_clusterrole.yaml diff --git a/containers/tenant-namespace-operator/config/rbac/leader_election_role.yaml b/containers/tenant-namespace-operator/config/rbac/leader_election_role.yaml new file mode 100644 index 0000000..53e9749 --- /dev/null +++ b/containers/tenant-namespace-operator/config/rbac/leader_election_role.yaml @@ -0,0 +1,25 @@ +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: leader-election-role +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/containers/tenant-namespace-operator/config/rbac/leader_election_role_binding.yaml b/containers/tenant-namespace-operator/config/rbac/leader_election_role_binding.yaml new file mode 100644 index 0000000..eed1690 --- /dev/null +++ b/containers/tenant-namespace-operator/config/rbac/leader_election_role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: leader-election-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: leader-election-role +subjects: +- kind: ServiceAccount + name: default + namespace: system diff --git a/containers/tenant-namespace-operator/config/rbac/role.yaml b/containers/tenant-namespace-operator/config/rbac/role.yaml new file mode 100644 index 0000000..853329c --- /dev/null +++ b/containers/tenant-namespace-operator/config/rbac/role.yaml @@ -0,0 +1,124 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: manager-role +rules: + - apiGroups: + - "" + resources: + - pods + - services + - services/finalizers + - endpoints + - events + - configmaps + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resources: + - deployments + - replicasets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - list + - delete + - patch + - update + - watch + - apiGroups: + - apps + resourceNames: + - tenant-namespace-operator + resources: + - deployments/finalizers + verbs: + - update + ## + ## Base operator rules + ## + - apiGroups: + - "" + resources: + - namespaces + - resourcequotas + - limitranges + verbs: + - "*" + - apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - "*" + - apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - "*" + - apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - operators.coreos.com + resources: + - operatorgroups + - subscriptions + verbs: + - "*" + ## + ## Rules for miscscripts.pnnl.gov/v1beta1, Kind: TenantNamespace + ## + - apiGroups: + - miscscripts.pnnl.gov + resources: + - tenantnamespaces + - tenantnamespaces/status + - tenantnamespaces/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + ## + ## Rules for miscscripts.pnnl.gov/v1beta1, Kind: TenantNamespaceFlavor + ## + - apiGroups: + - miscscripts.pnnl.gov + resources: + - tenantnamespaceflavors + verbs: + - get + - list + - watch +# +kubebuilder:scaffold:rules diff --git a/containers/tenant-namespace-operator/config/rbac/role_binding.yaml b/containers/tenant-namespace-operator/config/rbac/role_binding.yaml new file mode 100644 index 0000000..98f8782 --- /dev/null +++ b/containers/tenant-namespace-operator/config/rbac/role_binding.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: manager-role +subjects: +- kind: ServiceAccount + name: default + namespace: system diff --git a/containers/tenant-namespace-operator/config/rbac/tenantnamespace_editor_role.yaml b/containers/tenant-namespace-operator/config/rbac/tenantnamespace_editor_role.yaml new file mode 100644 index 0000000..dac1a0e --- /dev/null +++ b/containers/tenant-namespace-operator/config/rbac/tenantnamespace_editor_role.yaml @@ -0,0 +1,24 @@ +# permissions for end users to edit tenantnamespaces. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tenantnamespace-editor-role +rules: +- apiGroups: + - miscscripts.pnnl.gov + resources: + - tenantnamespaces + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - miscscripts.pnnl.gov + resources: + - tenantnamespaces/status + verbs: + - get diff --git a/containers/tenant-namespace-operator/config/rbac/tenantnamespace_viewer_role.yaml b/containers/tenant-namespace-operator/config/rbac/tenantnamespace_viewer_role.yaml new file mode 100644 index 0000000..d070c80 --- /dev/null +++ b/containers/tenant-namespace-operator/config/rbac/tenantnamespace_viewer_role.yaml @@ -0,0 +1,20 @@ +# permissions for end users to view tenantnamespaces. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tenantnamespace-viewer-role +rules: +- apiGroups: + - miscscripts.pnnl.gov + resources: + - tenantnamespaces + verbs: + - get + - list + - watch +- apiGroups: + - miscscripts.pnnl.gov + resources: + - tenantnamespaces/status + verbs: + - get diff --git a/containers/tenant-namespace-operator/config/rbac/tenantnamespaceflavor_editor_role.yaml b/containers/tenant-namespace-operator/config/rbac/tenantnamespaceflavor_editor_role.yaml new file mode 100644 index 0000000..e6470de --- /dev/null +++ b/containers/tenant-namespace-operator/config/rbac/tenantnamespaceflavor_editor_role.yaml @@ -0,0 +1,24 @@ +# permissions for end users to edit tenantnamespaceflavors. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tenantnamespaceflavor-editor-role +rules: +- apiGroups: + - miscscripts.pnnl.gov + resources: + - tenantnamespaceflavors + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - miscscripts.pnnl.gov + resources: + - tenantnamespaceflavors/status + verbs: + - get diff --git a/containers/tenant-namespace-operator/config/rbac/tenantnamespaceflavor_viewer_role.yaml b/containers/tenant-namespace-operator/config/rbac/tenantnamespaceflavor_viewer_role.yaml new file mode 100644 index 0000000..84d6f17 --- /dev/null +++ b/containers/tenant-namespace-operator/config/rbac/tenantnamespaceflavor_viewer_role.yaml @@ -0,0 +1,20 @@ +# permissions for end users to view tenantnamespaceflavors. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: tenantnamespaceflavor-viewer-role +rules: +- apiGroups: + - miscscripts.pnnl.gov + resources: + - tenantnamespaceflavors + verbs: + - get + - list + - watch +- apiGroups: + - miscscripts.pnnl.gov + resources: + - tenantnamespaceflavors/status + verbs: + - get diff --git a/containers/tenant-namespace-operator/config/samples/kustomization.yaml b/containers/tenant-namespace-operator/config/samples/kustomization.yaml new file mode 100644 index 0000000..ae78b95 --- /dev/null +++ b/containers/tenant-namespace-operator/config/samples/kustomization.yaml @@ -0,0 +1,5 @@ +## Append samples you want in your CSV to this file as resources ## +resources: +- miscscripts_v1beta1_tenantnamespace.yaml +- miscscripts_v1beta1_tenantnamespaceflavor.yaml +# +kubebuilder:scaffold:manifestskustomizesamples diff --git a/containers/tenant-namespace-operator/examples/miscscripts.pnnl.gov_v1beta1_tenantnamespace_cr.yaml b/containers/tenant-namespace-operator/config/samples/miscscripts_v1beta1_tenantnamespace.yaml similarity index 100% rename from containers/tenant-namespace-operator/examples/miscscripts.pnnl.gov_v1beta1_tenantnamespace_cr.yaml rename to containers/tenant-namespace-operator/config/samples/miscscripts_v1beta1_tenantnamespace.yaml diff --git a/containers/tenant-namespace-operator/examples/miscscripts.pnnl.gov_v1beta1_tenantnamespaceflavor_cr.yaml b/containers/tenant-namespace-operator/config/samples/miscscripts_v1beta1_tenantnamespaceflavor.yaml similarity index 100% rename from containers/tenant-namespace-operator/examples/miscscripts.pnnl.gov_v1beta1_tenantnamespaceflavor_cr.yaml rename to containers/tenant-namespace-operator/config/samples/miscscripts_v1beta1_tenantnamespaceflavor.yaml diff --git a/containers/tenant-namespace-operator/config/scorecard/bases/config.yaml b/containers/tenant-namespace-operator/config/scorecard/bases/config.yaml new file mode 100644 index 0000000..c770478 --- /dev/null +++ b/containers/tenant-namespace-operator/config/scorecard/bases/config.yaml @@ -0,0 +1,7 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: [] diff --git a/containers/tenant-namespace-operator/config/scorecard/kustomization.yaml b/containers/tenant-namespace-operator/config/scorecard/kustomization.yaml new file mode 100644 index 0000000..d73509e --- /dev/null +++ b/containers/tenant-namespace-operator/config/scorecard/kustomization.yaml @@ -0,0 +1,16 @@ +resources: +- bases/config.yaml +patchesJson6902: +- path: patches/basic.config.yaml + target: + group: scorecard.operatorframework.io + version: v1alpha3 + kind: Configuration + name: config +- path: patches/olm.config.yaml + target: + group: scorecard.operatorframework.io + version: v1alpha3 + kind: Configuration + name: config +# +kubebuilder:scaffold:patchesJson6902 diff --git a/containers/tenant-namespace-operator/config/scorecard/patches/basic.config.yaml b/containers/tenant-namespace-operator/config/scorecard/patches/basic.config.yaml new file mode 100644 index 0000000..4581edc --- /dev/null +++ b/containers/tenant-namespace-operator/config/scorecard/patches/basic.config.yaml @@ -0,0 +1,10 @@ +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.4.0 + labels: + suite: basic + test: basic-check-spec-test diff --git a/containers/tenant-namespace-operator/config/scorecard/patches/olm.config.yaml b/containers/tenant-namespace-operator/config/scorecard/patches/olm.config.yaml new file mode 100644 index 0000000..9422681 --- /dev/null +++ b/containers/tenant-namespace-operator/config/scorecard/patches/olm.config.yaml @@ -0,0 +1,50 @@ +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.4.0 + labels: + suite: olm + test: olm-bundle-validation-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.4.0 + labels: + suite: olm + test: olm-crds-have-validation-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:v1.4.0 + labels: + suite: olm + test: olm-crds-have-resources-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.4.0 + labels: + suite: olm + test: olm-spec-descriptors-test +- op: add + path: /stages/0/tests/- + value: + entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:v1.4.0 + labels: + suite: olm + test: olm-status-descriptors-test diff --git a/containers/tenant-namespace-operator/roles/tenantnamespace/README.md b/containers/tenant-namespace-operator/roles/tenantnamespace/README.md index 3ebede3..c88a8ca 100644 --- a/containers/tenant-namespace-operator/roles/tenantnamespace/README.md +++ b/containers/tenant-namespace-operator/roles/tenantnamespace/README.md @@ -6,22 +6,27 @@ A brief description of the role goes here. Requirements ------------ -Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, +if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. Role Variables -------------- -A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. +A description of the settable variables for this role should go here, including any variables that are in +defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables +that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. Dependencies ------------ -A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set +for other roles, or variables that are used from other roles. Example Playbook ---------------- -Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for +users too: - hosts: servers roles: diff --git a/containers/tenant-namespace-operator/roles/tenantnamespace/defaults/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespace/defaults/main.yml index e3bc486..ef917c4 100644 --- a/containers/tenant-namespace-operator/roles/tenantnamespace/defaults/main.yml +++ b/containers/tenant-namespace-operator/roles/tenantnamespace/defaults/main.yml @@ -1,2 +1,2 @@ --- -# defaults file for tenantnamespace +# defaults file for TenantNamespace diff --git a/containers/tenant-namespace-operator/roles/tenantnamespace/handlers/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespace/handlers/main.yml index b9adc54..66f94e3 100644 --- a/containers/tenant-namespace-operator/roles/tenantnamespace/handlers/main.yml +++ b/containers/tenant-namespace-operator/roles/tenantnamespace/handlers/main.yml @@ -1,2 +1,2 @@ --- -# handlers file for gitlabrunner +# handlers file for TenantNamespace diff --git a/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml index a58b193..60119cb 100644 --- a/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml +++ b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml @@ -1,5 +1,5 @@ --- -# tasks file for tenantnamespace +# tasks file for TenantNamespace - name: Set dryrun value set_fact: @@ -7,7 +7,7 @@ - name: Set admin labels set_fact: - adminlabels: "{{ _miscscripts_pnnl_gov_tenantnamespace_spec.extraNamespaceLabels | default({}) | combine({'name': meta.name + '-admin', 'miscscripts.pnnl.gov/namespace-type': 'admin'}, recursive=True) }}" + adminlabels: "{{ _miscscripts_pnnl_gov_tenantnamespace_spec.extraNamespaceLabels | default({}) | combine({'name': ansible_operator_meta.name + '-admin', 'miscscripts.pnnl.gov/namespace-type': 'admin'}, recursive=True) }}" - name: Create the k8s admin namespace k8s: @@ -16,7 +16,7 @@ apiVersion: v1 kind: Namespace metadata: - name: "{{ meta.name }}-admin" + name: "{{ ansible_operator_meta.name }}-admin" labels: "{{ adminlabels }}" annotations: "{{ _miscscripts_pnnl_gov_tenantnamespace_spec.extraNamespaceAnnotations | default({}) }}" when: @@ -63,8 +63,8 @@ gitlabRunner: spec: runners: - namespace: "{{ meta.name }}" - tags: "{{ (merged_values.gitlabRunner.spec.runners.tags.split(',') + [meta.name]) | unique | list | join(',') }}" + namespace: "{{ ansible_operator_meta.name }}" + tags: "{{ (merged_values.gitlabRunner.spec.runners.tags.split(',') + [ansible_operator_meta.name]) | unique | list | join(',') }}" when: - merged_values.gitlabRunner.spec.runners.tags is defined - name: Setup gitlabRunner if needed @@ -73,8 +73,8 @@ gitlabRunner: spec: runners: - namespace: "{{ meta.name }}" - tags: "{{ meta.name }}" + namespace: "{{ ansible_operator_meta.name }}" + tags: "{{ ansible_operator_meta.name }}" when: - merged_values.gitlabRunner.spec.runners.tags is not defined @@ -87,15 +87,15 @@ - name: Set value for forced settings set_fact: overrides: - namespace: "{{ meta.name }}" + namespace: "{{ ansible_operator_meta.name }}" magicnamespace: - namespace: "{{ meta.name }}" + namespace: "{{ ansible_operator_meta.name }}" ingress: nginx: clusterRole: "{{ lookup('env','INGRESS_CLUSTERROLE') | default('tenant-namespace-operator-ingress-controller') }}" controller: scope: - namespace: "{{ meta.name }}" + namespace: "{{ ansible_operator_meta.name }}" - name: Force namespace settings. Can not be overridden. set_fact: merged_values: "{{ merged_values | combine(overrides, recursive=True) }}" @@ -110,8 +110,8 @@ k8s_info: api_version: v1 kind: Service - name: "{{ meta.name }}-ingress-controller" - namespace: "{{ meta.name }}-admin" + name: "{{ ansible_operator_meta.name }}-ingress-controller" + namespace: "{{ ansible_operator_meta.name }}-admin" register: ingressService when: > merged_values.ingress.nginx.enabled and @@ -126,8 +126,8 @@ - k8s_status: api_version: miscscripts.pnnl.gov/v1beta1 kind: TenantNamespace - name: "{{ meta.name }}" - namespace: "{{ meta.namespace }}" + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.namespace }}" status: loadBalancerIP: "{{ ingressService.resources[0].status.loadBalancer.ingress[0].ip }}" when: @@ -178,24 +178,24 @@ loop: - api_version: apps/v1 kind: Deployment - namespace: "{{ meta.name }}-admin" - name: "{{ meta.name }}-ingress-controller" + namespace: "{{ ansible_operator_meta.name }}-admin" + name: "{{ ansible_operator_meta.name }}-ingress-controller" - api_version: v1 kind: Service - namespace: "{{ meta.name }}-admin" - name: "{{ meta.name }}-ingress-controller" + namespace: "{{ ansible_operator_meta.name }}-admin" + name: "{{ ansible_operator_meta.name }}-ingress-controller" - api_version: v1 kind: Service - namespace: "{{ meta.name }}-admin" - name: "{{ meta.name }}-ingress-controller-metrics" + namespace: "{{ ansible_operator_meta.name }}-admin" + name: "{{ ansible_operator_meta.name }}-ingress-controller-metrics" - api_version: apps/v1 kind: Deployment - namespace: "{{ meta.name }}-admin" - name: "{{ meta.name }}-ingress-default-backend" + namespace: "{{ ansible_operator_meta.name }}-admin" + name: "{{ ansible_operator_meta.name }}-ingress-default-backend" - api_version: v1 kind: Service - namespace: "{{ meta.name }}-admin" - name: "{{ meta.name }}-ingress-default-backend" + namespace: "{{ ansible_operator_meta.name }}-admin" + name: "{{ ansible_operator_meta.name }}-ingress-default-backend" when: - not dryrun - ingressService is defined @@ -210,8 +210,8 @@ k8s_status: api_version: miscscripts.pnnl.gov/v1beta1 kind: TenantNamespace - name: "{{ meta.name }}" - namespace: "{{ meta.namespace }}" + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.namespace }}" status: ingressNginxUpgradeComplete: true when: @@ -227,8 +227,8 @@ #FIXME Consider making a service account specifically for this so it can't cross namespaces as far as it can today - name: Run Helm helm: - name: "{{ meta.name }}" - namespace: "{{ meta.name }}-admin" + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.name }}-admin" chart_ref: ${HOME}/tenant-namespace values: "{{ merged_values }}" register: objs @@ -252,9 +252,9 @@ dest: "{{ temp_filename.path }}" no_log: True - name: Do dry run of helm - shell: "helm diff upgrade --install --detailed-exitcode --namespace {{ meta.name }}-admin {{ meta.name }} ${HOME}/tenant-namespace -f {{ temp_filename.path }}" + shell: "helm diff upgrade --install --detailed-exitcode --namespace {{ ansible_operator_meta.name }}-admin {{ ansible_operator_meta.name }} ${HOME}/tenant-namespace -f {{ temp_filename.path }}" register: diffhelm - ignore_errors: yes + ignore_errors: True no_log: True - name: Set diff set_fact: @@ -269,14 +269,14 @@ - k8s_status: api_version: miscscripts.pnnl.gov/v1beta1 kind: TenantNamespace - name: "{{ meta.name }}" - namespace: "{{ meta.namespace }}" + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.namespace }}" status: diff: "{{ differ | b64encode }}" - name: Set user labels set_fact: - userlabels: "{{ _miscscripts_pnnl_gov_tenantnamespace_spec.extraNamespaceLabels | default({}) | combine({'name': meta.name, 'miscscripts.pnnl.gov/namespace-type': 'user'}, recursive=True) }}" + userlabels: "{{ _miscscripts_pnnl_gov_tenantnamespace_spec.extraNamespaceLabels | default({}) | combine({'name': ansible_operator_meta.name, 'miscscripts.pnnl.gov/namespace-type': 'user'}, recursive=True) }}" - name: Create the k8s user namespace k8s: @@ -285,7 +285,7 @@ apiVersion: v1 kind: Namespace metadata: - name: "{{ meta.name }}" + name: "{{ ansible_operator_meta.name }}" labels: "{{ userlabels }}" annotations: "{{ _miscscripts_pnnl_gov_tenantnamespace_spec.extraNamespaceAnnotations | default({}) }}" when: diff --git a/containers/tenant-namespace-operator/roles/tenantnamespace/vars/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespace/vars/main.yml index b2e5b69..901daba 100644 --- a/containers/tenant-namespace-operator/roles/tenantnamespace/vars/main.yml +++ b/containers/tenant-namespace-operator/roles/tenantnamespace/vars/main.yml @@ -1,2 +1,2 @@ --- -# vars file for tenantnamespace +# vars file for TenantNamespace diff --git a/containers/tenant-namespace-operator/roles/tenantnamespacefin/tasks/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespacefin/tasks/main.yml index 535f3d2..336bde5 100644 --- a/containers/tenant-namespace-operator/roles/tenantnamespacefin/tasks/main.yml +++ b/containers/tenant-namespace-operator/roles/tenantnamespacefin/tasks/main.yml @@ -4,8 +4,8 @@ #Check to see release exists. If it doesnt continue on. If it does, delete it. - name: Delete the helm release helm: - name: "{{ meta.name }}" - namespace: "{{ meta.name }}-admin" + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.name }}-admin" state: absent register: objs @@ -16,7 +16,7 @@ apiVersion: v1 kind: Namespace metadata: - name: "{{ meta.name }}" + name: "{{ ansible_operator_meta.name }}" - name: Delete the k8s admin namespace k8s: @@ -25,5 +25,5 @@ apiVersion: v1 kind: Namespace metadata: - name: "{{ meta.name }}-admin" + name: "{{ ansible_operator_meta.name }}-admin" diff --git a/containers/tenant-namespace-operator/watches.yaml b/containers/tenant-namespace-operator/watches.yaml index 26a4dd8..17fae67 100644 --- a/containers/tenant-namespace-operator/watches.yaml +++ b/containers/tenant-namespace-operator/watches.yaml @@ -1,4 +1,5 @@ --- +# Use the 'create api' subcommand to add watches to this file. - version: v1beta1 group: miscscripts.pnnl.gov kind: TenantNamespace @@ -7,3 +8,4 @@ finalizer: name: finalizer.tenantnamespace.miscscripts.pnnl.gov role: tenantnamespacefin +# +kubebuilder:scaffold:watch From 4b98561c24c823c8f174c217bce06b8d92544e43 Mon Sep 17 00:00:00 2001 From: Peter L Nordquist Date: Mon, 6 Nov 2023 10:17:33 -0800 Subject: [PATCH 327/331] [tenant-namespace-operator] Upgraded to 1.32.0 (#70) Addressed ansible-lint issues including when/block ordering Bumped chart and container version Removed obsolete upgrade code Upgraded to sdk 1.32.0 Switched to use the helm task diff output and check mode for dryrun Switched k8s tasks to use check mode for dryrun The helm task does not output a diff if the release is not installed Ensured the b64encode for the diff happens before we assign to an ansible fact (unsafe otherwise) Cleaned up chart clusterrole duplicate rules, api version and single quotes Added leases rule for pre 1.24 clusters compatibility with ingress 1.3.0 --- .../tenant-namespace-operator/Chart.yaml | 4 +- .../templates/clusterrole.yaml | 28 +- .../templates/deployment.yaml | 2 +- .../leader-election-role-binding.yaml | 15 ++ .../templates/leader-election-role.yaml | 20 ++ .../templates/role.yaml | 13 + .../tenant-namespace-operator/values.yaml | 29 ++- .../tenant-namespace-operator/Dockerfile | 19 +- containers/tenant-namespace-operator/Makefile | 194 +++++++++++--- containers/tenant-namespace-operator/PROJECT | 27 +- containers/tenant-namespace-operator/buildenv | 2 +- .../config/crd/kustomization.yaml | 2 +- .../config/default/kustomization.yaml | 16 +- .../default/manager_auth_proxy_patch.yaml | 38 ++- .../config/default/manager_config_patch.yaml | 10 + .../config/manager/manager.yaml | 75 ++++-- .../config/manifests/kustomization.yaml | 7 + .../config/prometheus/monitor.yaml | 6 +- .../rbac/auth_proxy_client_clusterrole.yaml | 6 +- .../config/rbac/auth_proxy_role.yaml | 12 +- .../config/rbac/auth_proxy_role_binding.yaml | 2 +- .../config/rbac/auth_proxy_service.yaml | 1 + .../config/rbac/kustomization.yaml | 6 + .../config/rbac/leader_election_role.yaml | 12 + .../rbac/leader_election_role_binding.yaml | 2 +- .../config/rbac/role.yaml | 16 +- .../config/rbac/role_binding.yaml | 3 +- .../config/rbac/service_account.yaml | 5 + .../config/samples/kustomization.yaml | 4 +- .../config/scorecard/kustomization.yaml | 2 +- .../scorecard/patches/basic.config.yaml | 2 +- .../config/scorecard/patches/olm.config.yaml | 10 +- .../requirements.yml | 11 +- .../roles/tenantnamespace/meta/main.yml | 7 +- .../roles/tenantnamespace/tasks/main.yml | 246 ++++++------------ .../roles/tenantnamespacefin/meta/main.yml | 7 +- .../roles/tenantnamespacefin/tasks/main.yml | 9 +- .../tenant-namespace-operator/watches.yaml | 2 +- 38 files changed, 552 insertions(+), 320 deletions(-) create mode 100644 charts/charts/tenant-namespace-operator/templates/leader-election-role-binding.yaml create mode 100644 charts/charts/tenant-namespace-operator/templates/leader-election-role.yaml create mode 100644 containers/tenant-namespace-operator/config/default/manager_config_patch.yaml create mode 100644 containers/tenant-namespace-operator/config/manifests/kustomization.yaml create mode 100644 containers/tenant-namespace-operator/config/rbac/service_account.yaml diff --git a/charts/charts/tenant-namespace-operator/Chart.yaml b/charts/charts/tenant-namespace-operator/Chart.yaml index 0d79925..e870eb8 100644 --- a/charts/charts/tenant-namespace-operator/Chart.yaml +++ b/charts/charts/tenant-namespace-operator/Chart.yaml @@ -14,8 +14,8 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.1.17 +version: 0.1.18 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: 0.1.14-1 +appVersion: 0.1.15-1 diff --git a/charts/charts/tenant-namespace-operator/templates/clusterrole.yaml b/charts/charts/tenant-namespace-operator/templates/clusterrole.yaml index 586554b..a2dc509 100644 --- a/charts/charts/tenant-namespace-operator/templates/clusterrole.yaml +++ b/charts/charts/tenant-namespace-operator/templates/clusterrole.yaml @@ -8,7 +8,7 @@ rules: - apiGroups: - miscscripts.pnnl.gov resources: - - 'tenantnamespaceflavors' + - tenantnamespaceflavors verbs: - get - list @@ -16,37 +16,25 @@ rules: - apiGroups: - "" resources: - - 'namespaces' - - 'resourcequotas' - - 'limitranges' + - namespaces + - resourcequotas + - limitranges verbs: - "*" - apiGroups: - rbac.authorization.k8s.io resources: - - 'rolebindings' + - rolebindings + - clusterroles + - clusterrolebindings verbs: - "*" - apiGroups: - - rbac.authorization.k8s.io - resources: - - 'clusterroles' - - 'clusterrolebindings' - verbs: - - "*" -- apiGroups: - - networking.k8s.io/v1 + - networking.k8s.io resources: - networkpolicies verbs: - "*" -- apiGroups: - - rbac.authorization.k8s.io - resources: - - 'clusterroles' - - 'clusterrolebindings' - verbs: - - "*" - apiGroups: - extensions - "networking.k8s.io" # k8s 1.14+ diff --git a/charts/charts/tenant-namespace-operator/templates/deployment.yaml b/charts/charts/tenant-namespace-operator/templates/deployment.yaml index f796d24..fd45255 100644 --- a/charts/charts/tenant-namespace-operator/templates/deployment.yaml +++ b/charts/charts/tenant-namespace-operator/templates/deployment.yaml @@ -45,7 +45,7 @@ spec: initialDelaySeconds: 5 periodSeconds: 10 args: - - "--enable-leader-election" + - "--leader-elect" - "--leader-election-id=tenant-namespace-operator" env: - name: ANSIBLE_GATHERING diff --git a/charts/charts/tenant-namespace-operator/templates/leader-election-role-binding.yaml b/charts/charts/tenant-namespace-operator/templates/leader-election-role-binding.yaml new file mode 100644 index 0000000..a5406b6 --- /dev/null +++ b/charts/charts/tenant-namespace-operator/templates/leader-election-role-binding.yaml @@ -0,0 +1,15 @@ +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "tenant-namespace-operator.fullname" . }}-le + labels: +{{ include "tenant-namespace-operator.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ include "tenant-namespace-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: {{ include "tenant-namespace-operator.fullname" . }}-le + apiGroup: rbac.authorization.k8s.io diff --git a/charts/charts/tenant-namespace-operator/templates/leader-election-role.yaml b/charts/charts/tenant-namespace-operator/templates/leader-election-role.yaml new file mode 100644 index 0000000..f7fa8dd --- /dev/null +++ b/charts/charts/tenant-namespace-operator/templates/leader-election-role.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "tenant-namespace-operator.fullname" . }}-le + labels: +{{ include "tenant-namespace-operator.labels" . | nindent 4 }} +rules: +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete diff --git a/charts/charts/tenant-namespace-operator/templates/role.yaml b/charts/charts/tenant-namespace-operator/templates/role.yaml index ab2b6bb..c32fb7c 100644 --- a/charts/charts/tenant-namespace-operator/templates/role.yaml +++ b/charts/charts/tenant-namespace-operator/templates/role.yaml @@ -39,6 +39,19 @@ rules: - patch - update - watch +# needed for ingress leader election pre 1.24 +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete - apiGroups: - monitoring.coreos.com resources: diff --git a/charts/charts/tenant-namespace-operator/values.yaml b/charts/charts/tenant-namespace-operator/values.yaml index fd0c5b1..e236cf7 100644 --- a/charts/charts/tenant-namespace-operator/values.yaml +++ b/charts/charts/tenant-namespace-operator/values.yaml @@ -28,15 +28,18 @@ serviceAccount: # If not set and create is true, a name is generated using the fullname template name: -podSecurityContext: {} +podSecurityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault # fsGroup: 2000 -securityContext: {} - # capabilities: - # drop: - # - ALL +securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL # readOnlyRootFilesystem: true - # runAsNonRoot: true # runAsUser: 1000 resources: {} @@ -55,7 +58,19 @@ nodeSelector: {} tolerations: [] -affinity: {} +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - key: kubernetes.io/os + operator: In + values: + - linux ingressClass: enabled: true diff --git a/containers/tenant-namespace-operator/Dockerfile b/containers/tenant-namespace-operator/Dockerfile index 99acc7e..30bca69 100644 --- a/containers/tenant-namespace-operator/Dockerfile +++ b/containers/tenant-namespace-operator/Dockerfile @@ -1,16 +1,17 @@ -FROM quay.io/operator-framework/ansible-operator:v1.4.0 +FROM quay.io/operator-framework/ansible-operator:v1.32.0 ARG helm_version=v3.5.2 USER 0 RUN \ - yum clean all && \ - yum install -y git patch && \ - yum clean all && \ - curl -o helm.tar.gz https://get.helm.sh/helm-${helm_version}-linux-amd64.tar.gz && \ + dnf clean all && \ + dnf install -y git patch && \ + dnf clean all && \ + ARCH=$(uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/') && \ + curl -o helm.tar.gz https://get.helm.sh/helm-${helm_version}-linux-${ARCH}.tar.gz && \ tar -zxvf helm.tar.gz && \ - mv linux-amd64/helm /usr/local/bin/helm && \ + mv linux-${ARCH}/helm /usr/local/bin/helm && \ rm -f helm.tar.gz && \ - rm -rf linux-amd64 && \ + rm -rf linux-${ARCH} && \ touch /.extrafingerprints && \ chown ${USER_UID}:0 /.extrafingerprints @@ -22,7 +23,7 @@ COPY roles/ ${HOME}/roles/ #FIXME forcing ingress newer to work on newer k8s clusters. Fix upstream chart. RUN \ - ansible-galaxy collection install -r ${HOME}/requirements.yml && \ + ansible-galaxy install -r ${HOME}/requirements.yml && \ chmod -R ug+rwx ${HOME}/.ansible && \ helm plugin install https://github.com/databus23/helm-diff --version master && \ helm pull --repo https://pnnl-miscscripts.github.io/charts tenant-namespace --version 0.6.13 --untar && \ @@ -32,4 +33,4 @@ RUN \ echo 0.1.13 >> /.extrafingerprints && \ md5sum watches.yaml >> /.extrafingerprints -ENTRYPOINT ["/usr/local/bin/ansible-operator", "run", "--watches-file=./watches.yaml", "--inject-owner-ref=false"] +ENTRYPOINT ["/tini", "--", "/usr/local/bin/ansible-operator", "run", "--watches-file=./watches.yaml", "--inject-owner-ref=false"] diff --git a/containers/tenant-namespace-operator/Makefile b/containers/tenant-namespace-operator/Makefile index 8f201fe..047ef55 100644 --- a/containers/tenant-namespace-operator/Makefile +++ b/containers/tenant-namespace-operator/Makefile @@ -6,10 +6,10 @@ VERSION ?= 0.0.1 # CHANNELS define the bundle channels used in the bundle. -# Add a new line here if you would like to change its default config. (E.g CHANNELS = "preview,fast,stable") +# Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable") # To re-generate a bundle for other specific channels without changing the standard setup, you can: -# - use the CHANNELS as arg of the bundle target (e.g make bundle CHANNELS=preview,fast,stable) -# - use environment variables to overwrite this value (e.g export CHANNELS="preview,fast,stable") +# - use the CHANNELS as arg of the bundle target (e.g make bundle CHANNELS=candidate,fast,stable) +# - use environment variables to overwrite this value (e.g export CHANNELS="candidate,fast,stable") ifneq ($(origin CHANNELS), undefined) BUNDLE_CHANNELS := --channels=$(CHANNELS) endif @@ -24,59 +24,118 @@ BUNDLE_DEFAULT_CHANNEL := --default-channel=$(DEFAULT_CHANNEL) endif BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL) +# IMAGE_TAG_BASE defines the docker.io namespace and part of the image name for remote images. +# This variable is used to construct full image tags for bundle and catalog images. +# +# For example, running 'make bundle-build bundle-push catalog-build catalog-push' will build and push both +# pnnl.gov/tenant-namespace-operator-bundle:$VERSION and pnnl.gov/tenant-namespace-operator-catalog:$VERSION. +IMAGE_TAG_BASE ?= pnnlmiscscripts/tenant-namespace-operator + # BUNDLE_IMG defines the image:tag used for the bundle. # You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=/:) -BUNDLE_IMG ?= controller-bundle:$(VERSION) +BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION) + +# BUNDLE_GEN_FLAGS are the flags passed to the operator-sdk generate bundle command +BUNDLE_GEN_FLAGS ?= -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS) + +# USE_IMAGE_DIGESTS defines if images are resolved via tags or digests +# You can enable this value if you would like to use SHA Based Digests +# To enable set flag to true +USE_IMAGE_DIGESTS ?= false +ifeq ($(USE_IMAGE_DIGESTS), true) + BUNDLE_GEN_FLAGS += --use-image-digests +endif + +# Set the Operator SDK version to use. By default, what is installed on the system is used. +# This is useful for CI or a project to utilize a specific version of the operator-sdk toolkit. +OPERATOR_SDK_VERSION ?= v1.32.0 # Image URL to use all building/pushing image targets -IMG ?= controller:latest +IMG ?= $(IMAGE_TAG_BASE):$(VERSION) +.PHONY: all all: docker-build -# Run against the configured Kubernetes cluster in ~/.kube/config -run: ansible-operator +##@ General + +# The help target prints out all targets with their descriptions organized +# beneath their categories. The categories are represented by '##@' and the +# target descriptions by '##'. The awk commands is responsible for reading the +# entire set of makefiles included in this invocation, looking for lines of the +# file as xyz: ## something, and then pretty-format the target and help. Then, +# if there's a line with ##@ something, that gets pretty-printed as a category. +# More info on the usage of ANSI control characters for terminal formatting: +# https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters +# More info on the awk command: +# http://linuxcommand.org/lc3_adv_awk.php + +.PHONY: help +help: ## Display this help. + @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) + +##@ Build + +.PHONY: run +ANSIBLE_ROLES_PATH?="$(shell pwd)/roles" +run: ansible-operator ## Run against the configured Kubernetes cluster in ~/.kube/config $(ANSIBLE_OPERATOR) run -# Install CRDs into a cluster -install: kustomize +.PHONY: docker-build +docker-build: ## Build docker image with the manager. + docker build -t ${IMG} . + +.PHONY: docker-push +docker-push: ## Push docker image with the manager. + docker push ${IMG} + +# PLATFORMS defines the target platforms for the manager image be build to provide support to multiple +# architectures. (i.e. make docker-buildx IMG=myregistry/mypoperator:0.0.1). To use this option you need to: +# - able to use docker buildx . More info: https://docs.docker.com/build/buildx/ +# - have enable BuildKit, More info: https://docs.docker.com/develop/develop-images/build_enhancements/ +# - be able to push the image for your registry (i.e. if you do not inform a valid value via IMG=> than the export will fail) +# To properly provided solutions that supports more than one platform you should use this option. +PLATFORMS ?= linux/arm64,linux/amd64 +.PHONY: docker-buildx +docker-buildx: test ## Build and push docker image for the manager for cross-platform support + # copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile + sed -e '1 s/\(^FROM\)/FROM --platform=\$$\{BUILDPLATFORM\}/; t' -e ' 1,// s//FROM --platform=\$$\{BUILDPLATFORM\}/' Dockerfile > Dockerfile.cross + - docker buildx create --name project-v3-builder + docker buildx use project-v3-builder + - docker buildx build --push --platform=$(PLATFORMS) --tag ${IMG} -f Dockerfile.cross . + - docker buildx rm project-v3-builder + rm Dockerfile.cross + +##@ Deployment + +.PHONY: install +install: kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config. $(KUSTOMIZE) build config/crd | kubectl apply -f - -# Uninstall CRDs from a cluster -uninstall: kustomize +.PHONY: uninstall +uninstall: kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. $(KUSTOMIZE) build config/crd | kubectl delete -f - -# Deploy controller in the configured Kubernetes cluster in ~/.kube/config -deploy: kustomize +.PHONY: deploy +deploy: kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config. cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG} $(KUSTOMIZE) build config/default | kubectl apply -f - -# Undeploy controller in the configured Kubernetes cluster in ~/.kube/config -undeploy: kustomize +.PHONY: undeploy +undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. $(KUSTOMIZE) build config/default | kubectl delete -f - -# Build the docker image -docker-build: - docker build -t ${IMG} . - -# Push the docker image -docker-push: - docker push ${IMG} - -PATH := $(PATH):$(PWD)/bin -SHELL := env 'PATH=$(PATH)' /bin/sh OS := $(shell uname -s | tr '[:upper:]' '[:lower:]') -ARCH := $(shell uname -m | sed 's/x86_64/amd64/') +ARCH := $(shell uname -m | sed 's/x86_64/amd64/' | sed 's/aarch64/arm64/') -# Download kustomize locally if necessary, preferring the $(pwd)/bin path over global if both exist. .PHONY: kustomize KUSTOMIZE = $(shell pwd)/bin/kustomize -kustomize: +kustomize: ## Download kustomize locally if necessary. ifeq (,$(wildcard $(KUSTOMIZE))) ifeq (,$(shell which kustomize 2>/dev/null)) @{ \ set -e ;\ mkdir -p $(dir $(KUSTOMIZE)) ;\ - curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v3.5.4/kustomize_v3.5.4_$(OS)_$(ARCH).tar.gz | \ + curl -sSLo - https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v4.5.7/kustomize_v4.5.7_$(OS)_$(ARCH).tar.gz | \ tar xzf - -C bin/ ;\ } else @@ -84,16 +143,15 @@ KUSTOMIZE = $(shell which kustomize) endif endif -# Download ansible-operator locally if necessary, preferring the $(pwd)/bin path over global if both exist. .PHONY: ansible-operator ANSIBLE_OPERATOR = $(shell pwd)/bin/ansible-operator -ansible-operator: +ansible-operator: ## Download ansible-operator locally if necessary, preferring the $(pwd)/bin path over global if both exist. ifeq (,$(wildcard $(ANSIBLE_OPERATOR))) ifeq (,$(shell which ansible-operator 2>/dev/null)) @{ \ set -e ;\ mkdir -p $(dir $(ANSIBLE_OPERATOR)) ;\ - curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/operator-sdk/releases/download/v1.4.0/ansible-operator_$(OS)_$(ARCH) ;\ + curl -sSLo $(ANSIBLE_OPERATOR) https://github.com/operator-framework/ansible-operator-plugins/releases/download/v1.32.0/ansible-operator_$(OS)_$(ARCH) ;\ chmod +x $(ANSIBLE_OPERATOR) ;\ } else @@ -101,15 +159,73 @@ ANSIBLE_OPERATOR = $(shell which ansible-operator) endif endif -# Generate bundle manifests and metadata, then validate generated files. +.PHONY: operator-sdk +OPERATOR_SDK ?= ./bin/operator-sdk +operator-sdk: ## Download operator-sdk locally if necessary. +ifeq (,$(wildcard $(OPERATOR_SDK))) +ifeq (, $(shell which operator-sdk 2>/dev/null)) + @{ \ + set -e ;\ + mkdir -p $(dir $(OPERATOR_SDK)) ;\ + curl -sSLo $(OPERATOR_SDK) https://github.com/operator-framework/operator-sdk/releases/download/$(OPERATOR_SDK_VERSION)/operator-sdk_$(OS)_$(ARCH) ;\ + chmod +x $(OPERATOR_SDK) ;\ + } +else +OPERATOR_SDK = $(shell which operator-sdk) +endif +endif + .PHONY: bundle -bundle: kustomize - operator-sdk generate kustomize manifests -q +bundle: kustomize operator-sdk ## Generate bundle manifests and metadata, then validate generated files. + $(OPERATOR_SDK) generate kustomize manifests -q cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG) - $(KUSTOMIZE) build config/manifests | operator-sdk generate bundle -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS) - operator-sdk bundle validate ./bundle + $(KUSTOMIZE) build config/manifests | $(OPERATOR_SDK) generate bundle $(BUNDLE_GEN_FLAGS) + $(OPERATOR_SDK) bundle validate ./bundle -# Build the bundle image. .PHONY: bundle-build -bundle-build: +bundle-build: ## Build the bundle image. docker build -f bundle.Dockerfile -t $(BUNDLE_IMG) . + +.PHONY: bundle-push +bundle-push: ## Push the bundle image. + $(MAKE) docker-push IMG=$(BUNDLE_IMG) + +.PHONY: opm +OPM = ./bin/opm +opm: ## Download opm locally if necessary. +ifeq (,$(wildcard $(OPM))) +ifeq (,$(shell which opm 2>/dev/null)) + @{ \ + set -e ;\ + mkdir -p $(dir $(OPM)) ;\ + curl -sSLo $(OPM) https://github.com/operator-framework/operator-registry/releases/download/v1.23.0/$(OS)-$(ARCH)-opm ;\ + chmod +x $(OPM) ;\ + } +else +OPM = $(shell which opm) +endif +endif + +# A comma-separated list of bundle images (e.g. make catalog-build BUNDLE_IMGS=example.com/operator-bundle:v0.1.0,example.com/operator-bundle:v0.2.0). +# These images MUST exist in a registry and be pull-able. +BUNDLE_IMGS ?= $(BUNDLE_IMG) + +# The image tag given to the resulting catalog image (e.g. make catalog-build CATALOG_IMG=example.com/operator-catalog:v0.2.0). +CATALOG_IMG ?= $(IMAGE_TAG_BASE)-catalog:v$(VERSION) + +# Set CATALOG_BASE_IMG to an existing catalog image tag to add $BUNDLE_IMGS to that image. +ifneq ($(origin CATALOG_BASE_IMG), undefined) +FROM_INDEX_OPT := --from-index $(CATALOG_BASE_IMG) +endif + +# Build a catalog image by adding bundle images to an empty catalog using the operator package manager tool, 'opm'. +# This recipe invokes 'opm' in 'semver' bundle add mode. For more information on add modes, see: +# https://github.com/operator-framework/community-operators/blob/7f1438c/docs/packaging-operator.md#updating-your-existing-operator +.PHONY: catalog-build +catalog-build: opm ## Build a catalog image. + $(OPM) index add --container-tool docker --mode semver --tag $(CATALOG_IMG) --bundles $(BUNDLE_IMGS) $(FROM_INDEX_OPT) + +# Push the catalog image. +.PHONY: catalog-push +catalog-push: ## Push a catalog image. + $(MAKE) docker-push IMG=$(CATALOG_IMG) diff --git a/containers/tenant-namespace-operator/PROJECT b/containers/tenant-namespace-operator/PROJECT index be0a6ea..7195632 100644 --- a/containers/tenant-namespace-operator/PROJECT +++ b/containers/tenant-namespace-operator/PROJECT @@ -1,14 +1,27 @@ +# Code generated by tool. DO NOT EDIT. +# This file is used to track the info used to scaffold your project +# and allow the plugins properly work. +# More info: https://book.kubebuilder.io/reference/project-config.html domain: pnnl.gov -layout: ansible.sdk.operatorframework.io/v1 +layout: +- ansible.sdk.operatorframework.io/v1 +plugins: + manifests.sdk.operatorframework.io/v2: {} + scorecard.sdk.operatorframework.io/v2: {} projectName: tenant-namespace-operator resources: -- group: miscscripts +- api: + crdVersion: v1 + namespaced: false + domain: pnnl.gov + group: miscscripts kind: TenantNamespace version: v1beta1 -- group: miscscripts +- api: + crdVersion: v1 + namespaced: false + domain: pnnl.gov + group: miscscripts kind: TenantNamespaceFlavor version: v1beta1 -version: 3-alpha -plugins: - manifests.sdk.operatorframework.io/v2: {} - scorecard.sdk.operatorframework.io/v2: {} +version: "3" diff --git a/containers/tenant-namespace-operator/buildenv b/containers/tenant-namespace-operator/buildenv index 04a4b2d..9039d65 100644 --- a/containers/tenant-namespace-operator/buildenv +++ b/containers/tenant-namespace-operator/buildenv @@ -1 +1 @@ -export PREFIX=0.1.14 +export PREFIX=0.1.15 diff --git a/containers/tenant-namespace-operator/config/crd/kustomization.yaml b/containers/tenant-namespace-operator/config/crd/kustomization.yaml index ac3d522..30206ac 100644 --- a/containers/tenant-namespace-operator/config/crd/kustomization.yaml +++ b/containers/tenant-namespace-operator/config/crd/kustomization.yaml @@ -4,4 +4,4 @@ resources: - bases/miscscripts.pnnl.gov_tenantnamespaces.yaml - bases/miscscripts.pnnl.gov_tenantnamespaceflavors.yaml -# +kubebuilder:scaffold:crdkustomizeresource +#+kubebuilder:scaffold:crdkustomizeresource diff --git a/containers/tenant-namespace-operator/config/default/kustomization.yaml b/containers/tenant-namespace-operator/config/default/kustomization.yaml index 1e5312b..bfb2076 100644 --- a/containers/tenant-namespace-operator/config/default/kustomization.yaml +++ b/containers/tenant-namespace-operator/config/default/kustomization.yaml @@ -9,10 +9,12 @@ namespace: tenant-namespace-operator namePrefix: tenant-namespace-operator- # Labels to add to all resources and selectors. -#commonLabels: -# someName: someValue +#labels: +#- includeSelectors: true +# pairs: +# someName: someValue -bases: +resources: - ../crd - ../rbac - ../manager @@ -20,7 +22,9 @@ bases: #- ../prometheus patchesStrategicMerge: - # Protect the /metrics endpoint by putting it behind auth. - # If you want your controller-manager to expose the /metrics - # endpoint w/o any authn/z, please comment the following line. +# Protect the /metrics endpoint by putting it behind auth. +# If you want your controller-manager to expose the /metrics +# endpoint w/o any authn/z, please comment the following line. - manager_auth_proxy_patch.yaml + + diff --git a/containers/tenant-namespace-operator/config/default/manager_auth_proxy_patch.yaml b/containers/tenant-namespace-operator/config/default/manager_auth_proxy_patch.yaml index f1b16e3..9e1fc82 100644 --- a/containers/tenant-namespace-operator/config/default/manager_auth_proxy_patch.yaml +++ b/containers/tenant-namespace-operator/config/default/manager_auth_proxy_patch.yaml @@ -8,19 +8,49 @@ metadata: spec: template: spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + - ppc64le + - s390x + - key: kubernetes.io/os + operator: In + values: + - linux containers: - name: kube-rbac-proxy - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.1 args: - "--secure-listen-address=0.0.0.0:8443" - "--upstream=http://127.0.0.1:8080/" - "--logtostderr=true" - - "--v=10" + - "--v=0" ports: - containerPort: 8443 + protocol: TCP name: https + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi - name: manager args: - - "--metrics-addr=127.0.0.1:8080" - - "--enable-leader-election" + - "--health-probe-bind-address=:6789" + - "--metrics-bind-address=127.0.0.1:8080" + - "--leader-elect" - "--leader-election-id=tenant-namespace-operator" diff --git a/containers/tenant-namespace-operator/config/default/manager_config_patch.yaml b/containers/tenant-namespace-operator/config/default/manager_config_patch.yaml new file mode 100644 index 0000000..f6f5891 --- /dev/null +++ b/containers/tenant-namespace-operator/config/default/manager_config_patch.yaml @@ -0,0 +1,10 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager diff --git a/containers/tenant-namespace-operator/config/manager/manager.yaml b/containers/tenant-namespace-operator/config/manager/manager.yaml index 411b7a4..4710fb7 100644 --- a/containers/tenant-namespace-operator/config/manager/manager.yaml +++ b/containers/tenant-namespace-operator/config/manager/manager.yaml @@ -19,28 +19,63 @@ spec: replicas: 1 template: metadata: + annotations: + kubectl.kubernetes.io/default-container: manager labels: control-plane: controller-manager spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + - key: kubernetes.io/os + operator: In + values: + - linux + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault containers: - - name: manager - args: - - "--enable-leader-election" - - "--leader-election-id=tenant-namespace-operator" - env: - - name: ANSIBLE_GATHERING - value: explicit - image: controller:latest - livenessProbe: - httpGet: - path: /readyz - port: 6789 - initialDelaySeconds: 15 - periodSeconds: 20 - readinessProbe: - httpGet: - path: /healthz - port: 6789 - initialDelaySeconds: 5 - periodSeconds: 10 + - args: + - --leader-elect + - --leader-election-id=tenant-namespace-operator + image: controller:latest + name: manager + env: + - name: ANSIBLE_GATHERING + value: explicit + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + livenessProbe: + httpGet: + path: /healthz + port: 6789 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 6789 + initialDelaySeconds: 5 + periodSeconds: 10 + # TODO(user): Configure the resources accordingly based on the project requirements. + # More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: + limits: + cpu: 500m + memory: 768Mi + requests: + cpu: 10m + memory: 256Mi + serviceAccountName: controller-manager terminationGracePeriodSeconds: 10 diff --git a/containers/tenant-namespace-operator/config/manifests/kustomization.yaml b/containers/tenant-namespace-operator/config/manifests/kustomization.yaml new file mode 100644 index 0000000..6063a99 --- /dev/null +++ b/containers/tenant-namespace-operator/config/manifests/kustomization.yaml @@ -0,0 +1,7 @@ +# These resources constitute the fully configured set of manifests +# used to generate the 'manifests/' directory in a bundle. +resources: +- bases/tenant-namespace-operator.clusterserviceversion.yaml +- ../default +- ../samples +- ../scorecard diff --git a/containers/tenant-namespace-operator/config/prometheus/monitor.yaml b/containers/tenant-namespace-operator/config/prometheus/monitor.yaml index 1b44d4f..d19136a 100644 --- a/containers/tenant-namespace-operator/config/prometheus/monitor.yaml +++ b/containers/tenant-namespace-operator/config/prometheus/monitor.yaml @@ -1,4 +1,4 @@ ---- + # Prometheus Monitor Service (Metrics) apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor @@ -11,6 +11,10 @@ spec: endpoints: - path: /metrics port: https + scheme: https + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + tlsConfig: + insecureSkipVerify: true selector: matchLabels: control-plane: controller-manager diff --git a/containers/tenant-namespace-operator/config/rbac/auth_proxy_client_clusterrole.yaml b/containers/tenant-namespace-operator/config/rbac/auth_proxy_client_clusterrole.yaml index bd4af13..51a75db 100644 --- a/containers/tenant-namespace-operator/config/rbac/auth_proxy_client_clusterrole.yaml +++ b/containers/tenant-namespace-operator/config/rbac/auth_proxy_client_clusterrole.yaml @@ -3,5 +3,7 @@ kind: ClusterRole metadata: name: metrics-reader rules: -- nonResourceURLs: ["/metrics"] - verbs: ["get"] +- nonResourceURLs: + - "/metrics" + verbs: + - get diff --git a/containers/tenant-namespace-operator/config/rbac/auth_proxy_role.yaml b/containers/tenant-namespace-operator/config/rbac/auth_proxy_role.yaml index 618f5e4..80e1857 100644 --- a/containers/tenant-namespace-operator/config/rbac/auth_proxy_role.yaml +++ b/containers/tenant-namespace-operator/config/rbac/auth_proxy_role.yaml @@ -3,11 +3,15 @@ kind: ClusterRole metadata: name: proxy-role rules: -- apiGroups: ["authentication.k8s.io"] +- apiGroups: + - authentication.k8s.io resources: - tokenreviews - verbs: ["create"] -- apiGroups: ["authorization.k8s.io"] + verbs: + - create +- apiGroups: + - authorization.k8s.io resources: - subjectaccessreviews - verbs: ["create"] + verbs: + - create diff --git a/containers/tenant-namespace-operator/config/rbac/auth_proxy_role_binding.yaml b/containers/tenant-namespace-operator/config/rbac/auth_proxy_role_binding.yaml index 48ed1e4..ec7acc0 100644 --- a/containers/tenant-namespace-operator/config/rbac/auth_proxy_role_binding.yaml +++ b/containers/tenant-namespace-operator/config/rbac/auth_proxy_role_binding.yaml @@ -8,5 +8,5 @@ roleRef: name: proxy-role subjects: - kind: ServiceAccount - name: default + name: controller-manager namespace: system diff --git a/containers/tenant-namespace-operator/config/rbac/auth_proxy_service.yaml b/containers/tenant-namespace-operator/config/rbac/auth_proxy_service.yaml index 6cf656b..71f1797 100644 --- a/containers/tenant-namespace-operator/config/rbac/auth_proxy_service.yaml +++ b/containers/tenant-namespace-operator/config/rbac/auth_proxy_service.yaml @@ -9,6 +9,7 @@ spec: ports: - name: https port: 8443 + protocol: TCP targetPort: https selector: control-plane: controller-manager diff --git a/containers/tenant-namespace-operator/config/rbac/kustomization.yaml b/containers/tenant-namespace-operator/config/rbac/kustomization.yaml index 66c2833..731832a 100644 --- a/containers/tenant-namespace-operator/config/rbac/kustomization.yaml +++ b/containers/tenant-namespace-operator/config/rbac/kustomization.yaml @@ -1,4 +1,10 @@ resources: +# All RBAC will be applied under this service account in +# the deployment namespace. You may comment out this resource +# if your manager will use a service account that exists at +# runtime. Be sure to update RoleBinding and ClusterRoleBinding +# subjects if changing service account names. +- service_account.yaml - role.yaml - role_binding.yaml - leader_election_role.yaml diff --git a/containers/tenant-namespace-operator/config/rbac/leader_election_role.yaml b/containers/tenant-namespace-operator/config/rbac/leader_election_role.yaml index 53e9749..4190ec8 100644 --- a/containers/tenant-namespace-operator/config/rbac/leader_election_role.yaml +++ b/containers/tenant-namespace-operator/config/rbac/leader_election_role.yaml @@ -16,6 +16,18 @@ rules: - update - patch - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete - apiGroups: - "" resources: diff --git a/containers/tenant-namespace-operator/config/rbac/leader_election_role_binding.yaml b/containers/tenant-namespace-operator/config/rbac/leader_election_role_binding.yaml index eed1690..1d1321e 100644 --- a/containers/tenant-namespace-operator/config/rbac/leader_election_role_binding.yaml +++ b/containers/tenant-namespace-operator/config/rbac/leader_election_role_binding.yaml @@ -8,5 +8,5 @@ roleRef: name: leader-election-role subjects: - kind: ServiceAccount - name: default + name: controller-manager namespace: system diff --git a/containers/tenant-namespace-operator/config/rbac/role.yaml b/containers/tenant-namespace-operator/config/rbac/role.yaml index 853329c..bee268b 100644 --- a/containers/tenant-namespace-operator/config/rbac/role.yaml +++ b/containers/tenant-namespace-operator/config/rbac/role.yaml @@ -21,6 +21,19 @@ rules: - patch - update - watch + # needed for ingress leader election pre 1.24 + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete - apiGroups: - apps resources: @@ -38,6 +51,7 @@ rules: - monitoring.coreos.com resources: - servicemonitors + - prometheusrules verbs: - get - create @@ -121,4 +135,4 @@ rules: - get - list - watch -# +kubebuilder:scaffold:rules +#+kubebuilder:scaffold:rules diff --git a/containers/tenant-namespace-operator/config/rbac/role_binding.yaml b/containers/tenant-namespace-operator/config/rbac/role_binding.yaml index 98f8782..2070ede 100644 --- a/containers/tenant-namespace-operator/config/rbac/role_binding.yaml +++ b/containers/tenant-namespace-operator/config/rbac/role_binding.yaml @@ -1,4 +1,3 @@ ---- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -9,5 +8,5 @@ roleRef: name: manager-role subjects: - kind: ServiceAccount - name: default + name: controller-manager namespace: system diff --git a/containers/tenant-namespace-operator/config/rbac/service_account.yaml b/containers/tenant-namespace-operator/config/rbac/service_account.yaml new file mode 100644 index 0000000..7cd6025 --- /dev/null +++ b/containers/tenant-namespace-operator/config/rbac/service_account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: controller-manager + namespace: system diff --git a/containers/tenant-namespace-operator/config/samples/kustomization.yaml b/containers/tenant-namespace-operator/config/samples/kustomization.yaml index ae78b95..ea2ca2e 100644 --- a/containers/tenant-namespace-operator/config/samples/kustomization.yaml +++ b/containers/tenant-namespace-operator/config/samples/kustomization.yaml @@ -1,5 +1,5 @@ -## Append samples you want in your CSV to this file as resources ## +## Append samples of your project ## resources: - miscscripts_v1beta1_tenantnamespace.yaml - miscscripts_v1beta1_tenantnamespaceflavor.yaml -# +kubebuilder:scaffold:manifestskustomizesamples +#+kubebuilder:scaffold:manifestskustomizesamples diff --git a/containers/tenant-namespace-operator/config/scorecard/kustomization.yaml b/containers/tenant-namespace-operator/config/scorecard/kustomization.yaml index d73509e..50cd2d0 100644 --- a/containers/tenant-namespace-operator/config/scorecard/kustomization.yaml +++ b/containers/tenant-namespace-operator/config/scorecard/kustomization.yaml @@ -13,4 +13,4 @@ patchesJson6902: version: v1alpha3 kind: Configuration name: config -# +kubebuilder:scaffold:patchesJson6902 +#+kubebuilder:scaffold:patchesJson6902 diff --git a/containers/tenant-namespace-operator/config/scorecard/patches/basic.config.yaml b/containers/tenant-namespace-operator/config/scorecard/patches/basic.config.yaml index 4581edc..472a988 100644 --- a/containers/tenant-namespace-operator/config/scorecard/patches/basic.config.yaml +++ b/containers/tenant-namespace-operator/config/scorecard/patches/basic.config.yaml @@ -4,7 +4,7 @@ entrypoint: - scorecard-test - basic-check-spec - image: quay.io/operator-framework/scorecard-test:v1.4.0 + image: quay.io/operator-framework/scorecard-test:v1.32.0 labels: suite: basic test: basic-check-spec-test diff --git a/containers/tenant-namespace-operator/config/scorecard/patches/olm.config.yaml b/containers/tenant-namespace-operator/config/scorecard/patches/olm.config.yaml index 9422681..343c6d8 100644 --- a/containers/tenant-namespace-operator/config/scorecard/patches/olm.config.yaml +++ b/containers/tenant-namespace-operator/config/scorecard/patches/olm.config.yaml @@ -4,7 +4,7 @@ entrypoint: - scorecard-test - olm-bundle-validation - image: quay.io/operator-framework/scorecard-test:v1.4.0 + image: quay.io/operator-framework/scorecard-test:v1.32.0 labels: suite: olm test: olm-bundle-validation-test @@ -14,7 +14,7 @@ entrypoint: - scorecard-test - olm-crds-have-validation - image: quay.io/operator-framework/scorecard-test:v1.4.0 + image: quay.io/operator-framework/scorecard-test:v1.32.0 labels: suite: olm test: olm-crds-have-validation-test @@ -24,7 +24,7 @@ entrypoint: - scorecard-test - olm-crds-have-resources - image: quay.io/operator-framework/scorecard-test:v1.4.0 + image: quay.io/operator-framework/scorecard-test:v1.32.0 labels: suite: olm test: olm-crds-have-resources-test @@ -34,7 +34,7 @@ entrypoint: - scorecard-test - olm-spec-descriptors - image: quay.io/operator-framework/scorecard-test:v1.4.0 + image: quay.io/operator-framework/scorecard-test:v1.32.0 labels: suite: olm test: olm-spec-descriptors-test @@ -44,7 +44,7 @@ entrypoint: - scorecard-test - olm-status-descriptors - image: quay.io/operator-framework/scorecard-test:v1.4.0 + image: quay.io/operator-framework/scorecard-test:v1.32.0 labels: suite: olm test: olm-status-descriptors-test diff --git a/containers/tenant-namespace-operator/requirements.yml b/containers/tenant-namespace-operator/requirements.yml index 848028c..8baf919 100644 --- a/containers/tenant-namespace-operator/requirements.yml +++ b/containers/tenant-namespace-operator/requirements.yml @@ -1,5 +1,10 @@ +--- collections: - - name: community.kubernetes - version: "<2.0.0" - name: operator_sdk.util - version: "0.1.0" + version: "0.5.0" + - name: kubernetes.core + version: "2.4.0" + - name: cloud.common + version: "2.1.1" + - name: community.docker + version: "3.4.0" diff --git a/containers/tenant-namespace-operator/roles/tenantnamespace/meta/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespace/meta/main.yml index 0a5603e..e496738 100644 --- a/containers/tenant-namespace-operator/roles/tenantnamespace/meta/main.yml +++ b/containers/tenant-namespace-operator/roles/tenantnamespace/meta/main.yml @@ -1,3 +1,4 @@ +--- galaxy_info: author: your name description: your description @@ -16,7 +17,7 @@ galaxy_info: # - CC-BY license: license (GPLv2, CC-BY, etc) - min_ansible_version: 2.9 + min_ansible_version: "2.9" # If this a Container Enabled role, provide the minimum Ansible Container version. # min_ansible_container_version: @@ -59,5 +60,5 @@ dependencies: [] # List your role dependencies here, one per line. Be sure to remove the '[]' above, # if you add dependencies to this list. collections: -- operator_sdk.util -- community.kubernetes + - operator_sdk.util + - kubernetes.core diff --git a/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml index 60119cb..72d29dd 100644 --- a/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml +++ b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml @@ -2,15 +2,15 @@ # tasks file for TenantNamespace - name: Set dryrun value - set_fact: - dryrun: "{{ lookup('env','DRYRUN') | default('False') | bool }}" + ansible.builtin.set_fact: + dryrun: "{{ lookup('env', 'DRYRUN') | default('False') | bool }}" - name: Set admin labels - set_fact: + ansible.builtin.set_fact: adminlabels: "{{ _miscscripts_pnnl_gov_tenantnamespace_spec.extraNamespaceLabels | default({}) | combine({'name': ansible_operator_meta.name + '-admin', 'miscscripts.pnnl.gov/namespace-type': 'admin'}, recursive=True) }}" - name: Create the k8s admin namespace - k8s: + kubernetes.core.k8s: state: present definition: apiVersion: v1 @@ -19,11 +19,10 @@ name: "{{ ansible_operator_meta.name }}-admin" labels: "{{ adminlabels }}" annotations: "{{ _miscscripts_pnnl_gov_tenantnamespace_spec.extraNamespaceAnnotations | default({}) }}" - when: - - not dryrun + check_mode: "{{ dryrun }}" - name: Set initial defaults. They be overridden. - set_fact: + ansible.builtin.set_fact: merged_values: magicnamespace: tiller: @@ -35,30 +34,31 @@ ingress: nginx: enabled: true + - name: Load in Flavor values if referenced - block: - - name: Fetch referenced flavor - k8s_info: - api_version: miscscripts.pnnl.gov/v1beta1 - kind: TenantNamespaceFlavor - name: "{{ flavor_ref.name }}" - register: flavor - # Failures immediately trigger another reconciliation - failed_when: - - flavor.resources | length == 0 - - name: Merge in flavor values - set_fact: - merged_values: "{{ merged_values | combine(flavor.resources[0].spec, recursive=True) }}" when: - - flavor_ref is defined - - flavor_ref.kind == "TenantNamespaceFlavor" - - flavor_ref.group == "miscscripts.pnnl.gov" + - flavor_ref is defined + - flavor_ref.kind == "TenantNamespaceFlavor" + - flavor_ref.group == "miscscripts.pnnl.gov" + block: + - name: Fetch referenced flavor + kubernetes.core.k8s_info: + api_version: miscscripts.pnnl.gov/v1beta1 + kind: TenantNamespaceFlavor + name: "{{ flavor_ref.name }}" + register: flavor + # Failures immediately trigger another reconciliation + failed_when: + - flavor.resources | length == 0 + - name: Merge in flavor values + ansible.builtin.set_fact: + merged_values: "{{ merged_values | combine(flavor.resources[0].spec, recursive=True) }}" - name: Set values from CR - set_fact: + ansible.builtin.set_fact: merged_values: "{{ merged_values | combine(_miscscripts_pnnl_gov_tenantnamespace_spec, recursive=True) }}" - name: Setup gitlabRunner if needed - set_fact: + ansible.builtin.set_fact: gitlabrunnerconfig: gitlabRunner: spec: @@ -66,9 +66,9 @@ namespace: "{{ ansible_operator_meta.name }}" tags: "{{ (merged_values.gitlabRunner.spec.runners.tags.split(',') + [ansible_operator_meta.name]) | unique | list | join(',') }}" when: - - merged_values.gitlabRunner.spec.runners.tags is defined + - merged_values.gitlabRunner.spec.runners.tags is defined - name: Setup gitlabRunner if needed - set_fact: + ansible.builtin.set_fact: gitlabrunnerconfig: gitlabRunner: spec: @@ -76,38 +76,39 @@ namespace: "{{ ansible_operator_meta.name }}" tags: "{{ ansible_operator_meta.name }}" when: - - merged_values.gitlabRunner.spec.runners.tags is not defined + - merged_values.gitlabRunner.spec.runners.tags is not defined - name: Merge gitlabRunner values - set_fact: + ansible.builtin.set_fact: merged_values: "{{ merged_values | combine(gitlabrunnerconfig, recursive=True) }}" when: - - merged_values.gitlabRunner.autoSetNamespaceAndTags + - merged_values.gitlabRunner.autoSetNamespaceAndTags - name: Set value for forced settings - set_fact: + ansible.builtin.set_fact: overrides: namespace: "{{ ansible_operator_meta.name }}" magicnamespace: namespace: "{{ ansible_operator_meta.name }}" ingress: nginx: - clusterRole: "{{ lookup('env','INGRESS_CLUSTERROLE') | default('tenant-namespace-operator-ingress-controller') }}" + clusterRole: "{{ lookup('env', 'INGRESS_CLUSTERROLE') | default('tenant-namespace-operator-ingress-controller') }}" controller: scope: namespace: "{{ ansible_operator_meta.name }}" + - name: Force namespace settings. Can not be overridden. - set_fact: + ansible.builtin.set_fact: merged_values: "{{ merged_values | combine(overrides, recursive=True) }}" - name: Set ingress ip if known - set_fact: + ansible.builtin.set_fact: loadBalancerIP: "{{ _miscscripts_pnnl_gov_tenantnamespace.status.loadBalancerIP }}" when: - - _miscscripts_pnnl_gov_tenantnamespace.status.loadBalancerIP is defined + - _miscscripts_pnnl_gov_tenantnamespace.status.loadBalancerIP is defined - name: Fetch ingress service - k8s_info: + kubernetes.core.k8s_info: api_version: v1 kind: Service name: "{{ ansible_operator_meta.name }}-ingress-controller" @@ -115,171 +116,84 @@ register: ingressService when: > merged_values.ingress.nginx.enabled and - (_miscscripts_pnnl_gov_tenantnamespace.status.loadBalancerIP is not defined or - _miscscripts_pnnl_gov_tenantnamespace.status.ingressNginxUpgradeComplete is not defined) + _miscscripts_pnnl_gov_tenantnamespace.status.loadBalancerIP is not defined - name: Merge in existing ingress ip if exists + when: + - _miscscripts_pnnl_gov_tenantnamespace.status.loadBalancerIP is not defined + - merged_values.ingress.controller.service.loadBalancerIP is not defined + - ingressService is defined + - ingressService.resources is defined + - ingressService.resources[0] is defined + - ingressService.resources[0].status is defined + - ingressService.resources[0].status.loadBalancer is defined + - ingressService.resources[0].status.loadBalancer.ingress is defined + - ingressService.resources[0].status.loadBalancer.ingress[0] is defined + - ingressService.resources[0].status.loadBalancer.ingress[0].ip is defined block: - - name: Set ingress ip. - set_fact: - loadBalancerIP: "{{ ingressService.resources[0].status.loadBalancer.ingress[0].ip }}" - - k8s_status: - api_version: miscscripts.pnnl.gov/v1beta1 - kind: TenantNamespace - name: "{{ ansible_operator_meta.name }}" - namespace: "{{ ansible_operator_meta.namespace }}" - status: + - name: Set ingress ip. + ansible.builtin.set_fact: loadBalancerIP: "{{ ingressService.resources[0].status.loadBalancer.ingress[0].ip }}" - when: - - _miscscripts_pnnl_gov_tenantnamespace.status.loadBalancerIP is not defined - - merged_values.ingress.controller.service.loadBalancerIP is not defined - - ingressService is defined - - ingressService.resources is defined - - ingressService.resources[0] is defined - - ingressService.resources[0].status is defined - - ingressService.resources[0].status.loadBalancer is defined - - ingressService.resources[0].status.loadBalancer.ingress is defined - - ingressService.resources[0].status.loadBalancer.ingress[0] is defined - - ingressService.resources[0].status.loadBalancer.ingress[0].ip is defined + - name: Set ingress ip in CR status + operator_sdk.util.k8s_status: + api_version: miscscripts.pnnl.gov/v1beta1 + kind: TenantNamespace + name: "{{ ansible_operator_meta.name }}" + namespace: "{{ ansible_operator_meta.namespace }}" + status: + loadBalancerIP: "{{ ingressService.resources[0].status.loadBalancer.ingress[0].ip }}" - name: Set ingress ip if specified - set_fact: + ansible.builtin.set_fact: loadBalancerIP: "{{ _miscscripts_pnnl_gov_tenantnamespace.spec.ingress.controller.service.loadBalancerIP }}" when: - - loadBalancerIP is not defined - - _miscscripts_pnnl_gov_tenantnamespace.spec.ingress is defined - - _miscscripts_pnnl_gov_tenantnamespace.spec.ingress.controller is defined - - _miscscripts_pnnl_gov_tenantnamespace.spec.ingress.controller.service is defined - - _miscscripts_pnnl_gov_tenantnamespace.spec.ingress.controller.service.loadBalancerIP is defined + - loadBalancerIP is not defined + - _miscscripts_pnnl_gov_tenantnamespace.spec.ingress is defined + - _miscscripts_pnnl_gov_tenantnamespace.spec.ingress.controller is defined + - _miscscripts_pnnl_gov_tenantnamespace.spec.ingress.controller.service is defined + - _miscscripts_pnnl_gov_tenantnamespace.spec.ingress.controller.service.loadBalancerIP is defined - name: Force loadBalancerIP address setting - set_fact: + ansible.builtin.set_fact: loadBalancerIP_overrides: ingress: controller: service: loadBalancerIP: "{{ loadBalancerIP }}" when: - - loadBalancerIP is defined + - loadBalancerIP is defined - name: Force loadBalancerIP. Can not be overridden. - set_fact: + ansible.builtin.set_fact: merged_values: "{{ merged_values | combine(loadBalancerIP_overrides, recursive=True) }}" when: - - loadBalancerIP is defined - -# Delete resources that have selectors that need to be updated -- name: Remove upgrade resources - k8s: - state: absent - api_version: "{{ item.api_version }}" - kind: "{{ item.kind }}" - namespace: "{{ item.namespace }}" - name: "{{ item.name }}" - loop: - - api_version: apps/v1 - kind: Deployment - namespace: "{{ ansible_operator_meta.name }}-admin" - name: "{{ ansible_operator_meta.name }}-ingress-controller" - - api_version: v1 - kind: Service - namespace: "{{ ansible_operator_meta.name }}-admin" - name: "{{ ansible_operator_meta.name }}-ingress-controller" - - api_version: v1 - kind: Service - namespace: "{{ ansible_operator_meta.name }}-admin" - name: "{{ ansible_operator_meta.name }}-ingress-controller-metrics" - - api_version: apps/v1 - kind: Deployment - namespace: "{{ ansible_operator_meta.name }}-admin" - name: "{{ ansible_operator_meta.name }}-ingress-default-backend" - - api_version: v1 - kind: Service - namespace: "{{ ansible_operator_meta.name }}-admin" - name: "{{ ansible_operator_meta.name }}-ingress-default-backend" - when: - - not dryrun - - ingressService is defined - - ingressService.resources is defined - - ingressService.resources[0] is defined - - ingressService.resources[0].metadata is defined - - ingressService.resources[0].metadata.labels is defined - - ingressService.resources[0].metadata.labels.chart is defined - - ingressService.resources[0].metadata.labels.chart == "ingress-1.34.2" + - loadBalancerIP is defined -- name: Add upgrade status marker - k8s_status: - api_version: miscscripts.pnnl.gov/v1beta1 - kind: TenantNamespace - name: "{{ ansible_operator_meta.name }}" - namespace: "{{ ansible_operator_meta.namespace }}" - status: - ingressNginxUpgradeComplete: true - when: - - not dryrun - - ingressService is defined - - ingressService.resources is defined - - ingressService.resources[0] is defined - - ingressService.resources[0].metadata is defined - - ingressService.resources[0].metadata.labels is defined - - ingressService.resources[0].metadata.labels["helm.sh/chart"] is defined - - ingressService.resources[0].metadata.labels["helm.sh/chart"] == "ingress-3.34.0" - -#FIXME Consider making a service account specifically for this so it can't cross namespaces as far as it can today +# FIXME Consider making a service account specifically for this so it can't cross namespaces as far as it can today - name: Run Helm - helm: + kubernetes.core.helm: name: "{{ ansible_operator_meta.name }}" namespace: "{{ ansible_operator_meta.name }}-admin" chart_ref: ${HOME}/tenant-namespace values: "{{ merged_values }}" register: objs - when: - - not dryrun - -- name: Set diff - set_fact: - differ: "" - -- name: Dry Run Helm - block: - - name: Make temp file - tempfile: - state: file - suffix: .yaml - register: temp_filename - - name: Copy values to temp file - copy: - content: "{{ merged_values | to_yaml }}" - dest: "{{ temp_filename.path }}" - no_log: True - - name: Do dry run of helm - shell: "helm diff upgrade --install --detailed-exitcode --namespace {{ ansible_operator_meta.name }}-admin {{ ansible_operator_meta.name }} ${HOME}/tenant-namespace -f {{ temp_filename.path }}" - register: diffhelm - ignore_errors: True - no_log: True - - name: Set diff - set_fact: - differ: "{{ diffhelm.stdout }}\n" - - name: Remove temp file - file: - path: "{{ temp_filename.path }}" - state: absent - when: - - dryrun + check_mode: "{{ dryrun }}" + diff: "{{ dryrun }}" -- k8s_status: +- name: Set diff output on status + operator_sdk.util.k8s_status: api_version: miscscripts.pnnl.gov/v1beta1 kind: TenantNamespace name: "{{ ansible_operator_meta.name }}" namespace: "{{ ansible_operator_meta.namespace }}" status: - diff: "{{ differ | b64encode }}" + diff: "{{ ((objs.diff.prepared | default('')) + '\n') | b64encode }}" - name: Set user labels - set_fact: + ansible.builtin.set_fact: userlabels: "{{ _miscscripts_pnnl_gov_tenantnamespace_spec.extraNamespaceLabels | default({}) | combine({'name': ansible_operator_meta.name, 'miscscripts.pnnl.gov/namespace-type': 'user'}, recursive=True) }}" - name: Create the k8s user namespace - k8s: + kubernetes.core.k8s: state: present definition: apiVersion: v1 @@ -288,6 +202,4 @@ name: "{{ ansible_operator_meta.name }}" labels: "{{ userlabels }}" annotations: "{{ _miscscripts_pnnl_gov_tenantnamespace_spec.extraNamespaceAnnotations | default({}) }}" - when: - - not dryrun - + check_mode: "{{ dryrun }}" diff --git a/containers/tenant-namespace-operator/roles/tenantnamespacefin/meta/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespacefin/meta/main.yml index 0a5603e..e496738 100644 --- a/containers/tenant-namespace-operator/roles/tenantnamespacefin/meta/main.yml +++ b/containers/tenant-namespace-operator/roles/tenantnamespacefin/meta/main.yml @@ -1,3 +1,4 @@ +--- galaxy_info: author: your name description: your description @@ -16,7 +17,7 @@ galaxy_info: # - CC-BY license: license (GPLv2, CC-BY, etc) - min_ansible_version: 2.9 + min_ansible_version: "2.9" # If this a Container Enabled role, provide the minimum Ansible Container version. # min_ansible_container_version: @@ -59,5 +60,5 @@ dependencies: [] # List your role dependencies here, one per line. Be sure to remove the '[]' above, # if you add dependencies to this list. collections: -- operator_sdk.util -- community.kubernetes + - operator_sdk.util + - kubernetes.core diff --git a/containers/tenant-namespace-operator/roles/tenantnamespacefin/tasks/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespacefin/tasks/main.yml index 336bde5..bf6da17 100644 --- a/containers/tenant-namespace-operator/roles/tenantnamespacefin/tasks/main.yml +++ b/containers/tenant-namespace-operator/roles/tenantnamespacefin/tasks/main.yml @@ -1,16 +1,16 @@ --- # tasks file for tenantnamespace -#Check to see release exists. If it doesnt continue on. If it does, delete it. +# Check to see release exists. If it doesnt continue on. If it does, delete it. - name: Delete the helm release - helm: + kubernetes.core.helm: name: "{{ ansible_operator_meta.name }}" namespace: "{{ ansible_operator_meta.name }}-admin" state: absent register: objs - name: Delete the k8s user namespace - k8s: + kubernetes.core.k8s: state: absent definition: apiVersion: v1 @@ -19,11 +19,10 @@ name: "{{ ansible_operator_meta.name }}" - name: Delete the k8s admin namespace - k8s: + kubernetes.core.k8s: state: absent definition: apiVersion: v1 kind: Namespace metadata: name: "{{ ansible_operator_meta.name }}-admin" - diff --git a/containers/tenant-namespace-operator/watches.yaml b/containers/tenant-namespace-operator/watches.yaml index 17fae67..f69fa1a 100644 --- a/containers/tenant-namespace-operator/watches.yaml +++ b/containers/tenant-namespace-operator/watches.yaml @@ -8,4 +8,4 @@ finalizer: name: finalizer.tenantnamespace.miscscripts.pnnl.gov role: tenantnamespacefin -# +kubebuilder:scaffold:watch +#+kubebuilder:scaffold:watch From c2ff188a03d10f72ae55db113f4b919d7c8c9ba9 Mon Sep 17 00:00:00 2001 From: Peter L Nordquist Date: Mon, 13 Nov 2023 15:43:31 -0800 Subject: [PATCH 328/331] Fixed Ansible issues with unsafe yaml (#71) Loaded the CR data using k8s_info so it is loaded unsafe Switched variable references to new CR var Updated variable references for Ansible best practices (snake case) Prepended underscore to variables to avoid clashes with operator snake case variables --- .../tenant-namespace-operator/Chart.yaml | 4 +- containers/tenant-namespace-operator/buildenv | 2 +- .../roles/tenantnamespace/tasks/main.yml | 125 +++++++++--------- .../roles/tenantnamespacefin/tasks/main.yml | 2 +- .../tenant-namespace-operator/watches.yaml | 1 + 5 files changed, 70 insertions(+), 64 deletions(-) diff --git a/charts/charts/tenant-namespace-operator/Chart.yaml b/charts/charts/tenant-namespace-operator/Chart.yaml index e870eb8..e77da39 100644 --- a/charts/charts/tenant-namespace-operator/Chart.yaml +++ b/charts/charts/tenant-namespace-operator/Chart.yaml @@ -14,8 +14,8 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.1.18 +version: 0.1.19 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: 0.1.15-1 +appVersion: 0.1.16-1 diff --git a/containers/tenant-namespace-operator/buildenv b/containers/tenant-namespace-operator/buildenv index 9039d65..7a2edf6 100644 --- a/containers/tenant-namespace-operator/buildenv +++ b/containers/tenant-namespace-operator/buildenv @@ -1 +1 @@ -export PREFIX=0.1.15 +export PREFIX=0.1.16 diff --git a/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml index 72d29dd..b9cff64 100644 --- a/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml +++ b/containers/tenant-namespace-operator/roles/tenantnamespace/tasks/main.yml @@ -3,11 +3,25 @@ - name: Set dryrun value ansible.builtin.set_fact: - dryrun: "{{ lookup('env', 'DRYRUN') | default('False') | bool }}" + _dryrun: "{{ lookup('env', 'DRYRUN') | default('False') | bool }}" + +# required until markUnsafe applies to the full fact from the sdk +- name: Fetch cr content safely + kubernetes.core.k8s_info: + api_version: miscscripts.pnnl.gov/v1beta1 + kind: TenantNamespace + name: "{{ ansible_operator_meta.name }}" + register: _cr_response + failed_when: + - _cr_response.resources | length == 0 + +- name: Set cr var + ansible.builtin.set_fact: + _safe_cr: "{{ _cr_response.resources[0] }}" - name: Set admin labels ansible.builtin.set_fact: - adminlabels: "{{ _miscscripts_pnnl_gov_tenantnamespace_spec.extraNamespaceLabels | default({}) | combine({'name': ansible_operator_meta.name + '-admin', 'miscscripts.pnnl.gov/namespace-type': 'admin'}, recursive=True) }}" + _adminlabels: "{{ _safe_cr.spec.extraNamespaceLabels | default({}) | combine({'name': ansible_operator_meta.name + '-admin', 'miscscripts.pnnl.gov/namespace-type': 'admin'}, recursive=True) }}" - name: Create the k8s admin namespace kubernetes.core.k8s: @@ -17,13 +31,13 @@ kind: Namespace metadata: name: "{{ ansible_operator_meta.name }}-admin" - labels: "{{ adminlabels }}" - annotations: "{{ _miscscripts_pnnl_gov_tenantnamespace_spec.extraNamespaceAnnotations | default({}) }}" - check_mode: "{{ dryrun }}" + labels: "{{ _adminlabels }}" + annotations: "{{ _safe_cr.spec.extraNamespaceAnnotations | default({}) }}" + check_mode: "{{ _dryrun }}" - name: Set initial defaults. They be overridden. ansible.builtin.set_fact: - merged_values: + _merged_values: magicnamespace: tiller: enabled: false @@ -37,56 +51,57 @@ - name: Load in Flavor values if referenced when: - - flavor_ref is defined - - flavor_ref.kind == "TenantNamespaceFlavor" - - flavor_ref.group == "miscscripts.pnnl.gov" + - _safe_cr.spec.flavorRef is defined + - _safe_cr.spec.flavorRef.kind == "TenantNamespaceFlavor" + - _safe_cr.spec.flavorRef.group == "miscscripts.pnnl.gov" block: - name: Fetch referenced flavor kubernetes.core.k8s_info: api_version: miscscripts.pnnl.gov/v1beta1 kind: TenantNamespaceFlavor - name: "{{ flavor_ref.name }}" - register: flavor + name: "{{ _safe_cr.spec.flavorRef.name }}" + register: _flavor # Failures immediately trigger another reconciliation failed_when: - - flavor.resources | length == 0 + - _flavor.resources | length == 0 - name: Merge in flavor values ansible.builtin.set_fact: - merged_values: "{{ merged_values | combine(flavor.resources[0].spec, recursive=True) }}" + _merged_values: "{{ _merged_values | combine(_flavor.resources[0].spec, recursive=True) }}" + - name: Set values from CR ansible.builtin.set_fact: - merged_values: "{{ merged_values | combine(_miscscripts_pnnl_gov_tenantnamespace_spec, recursive=True) }}" + _merged_values: "{{ _merged_values | combine(_safe_cr.spec, recursive=True) }}" - name: Setup gitlabRunner if needed ansible.builtin.set_fact: - gitlabrunnerconfig: + _gitlabrunnerconfig: gitlabRunner: spec: runners: namespace: "{{ ansible_operator_meta.name }}" - tags: "{{ (merged_values.gitlabRunner.spec.runners.tags.split(',') + [ansible_operator_meta.name]) | unique | list | join(',') }}" + tags: "{{ (_merged_values.gitlabRunner.spec.runners.tags.split(',') + [ansible_operator_meta.name]) | unique | list | join(',') }}" when: - - merged_values.gitlabRunner.spec.runners.tags is defined + - _merged_values.gitlabRunner.spec.runners.tags is defined - name: Setup gitlabRunner if needed ansible.builtin.set_fact: - gitlabrunnerconfig: + _gitlabrunnerconfig: gitlabRunner: spec: runners: namespace: "{{ ansible_operator_meta.name }}" tags: "{{ ansible_operator_meta.name }}" when: - - merged_values.gitlabRunner.spec.runners.tags is not defined + - _merged_values.gitlabRunner.spec.runners.tags is not defined - name: Merge gitlabRunner values ansible.builtin.set_fact: - merged_values: "{{ merged_values | combine(gitlabrunnerconfig, recursive=True) }}" + _merged_values: "{{ _merged_values | combine(_gitlabrunnerconfig, recursive=True) }}" when: - - merged_values.gitlabRunner.autoSetNamespaceAndTags + - _merged_values.gitlabRunner.autoSetNamespaceAndTags - name: Set value for forced settings ansible.builtin.set_fact: - overrides: + _overrides: namespace: "{{ ansible_operator_meta.name }}" magicnamespace: namespace: "{{ ansible_operator_meta.name }}" @@ -99,13 +114,13 @@ - name: Force namespace settings. Can not be overridden. ansible.builtin.set_fact: - merged_values: "{{ merged_values | combine(overrides, recursive=True) }}" + _merged_values: "{{ _merged_values | combine(_overrides, recursive=True) }}" - name: Set ingress ip if known ansible.builtin.set_fact: - loadBalancerIP: "{{ _miscscripts_pnnl_gov_tenantnamespace.status.loadBalancerIP }}" + _load_balancer_ip: "{{ _safe_cr.status.loadBalancerIP }}" when: - - _miscscripts_pnnl_gov_tenantnamespace.status.loadBalancerIP is defined + - _safe_cr.status.loadBalancerIP is defined - name: Fetch ingress service kubernetes.core.k8s_info: @@ -113,27 +128,20 @@ kind: Service name: "{{ ansible_operator_meta.name }}-ingress-controller" namespace: "{{ ansible_operator_meta.name }}-admin" - register: ingressService + register: _ingress_service when: > - merged_values.ingress.nginx.enabled and - _miscscripts_pnnl_gov_tenantnamespace.status.loadBalancerIP is not defined + _merged_values.ingress.nginx.enabled and + _load_balancer_ip is not defined +# each task inherits the when conditions, rely on not fetching ingress when it is set in status - name: Merge in existing ingress ip if exists when: - - _miscscripts_pnnl_gov_tenantnamespace.status.loadBalancerIP is not defined - - merged_values.ingress.controller.service.loadBalancerIP is not defined - - ingressService is defined - - ingressService.resources is defined - - ingressService.resources[0] is defined - - ingressService.resources[0].status is defined - - ingressService.resources[0].status.loadBalancer is defined - - ingressService.resources[0].status.loadBalancer.ingress is defined - - ingressService.resources[0].status.loadBalancer.ingress[0] is defined - - ingressService.resources[0].status.loadBalancer.ingress[0].ip is defined + - _merged_values.ingress.controller.service.loadBalancerIP is not defined + - _ingress_service.resources[0].status.loadBalancer.ingress[0].ip is defined block: - name: Set ingress ip. ansible.builtin.set_fact: - loadBalancerIP: "{{ ingressService.resources[0].status.loadBalancer.ingress[0].ip }}" + _load_balancer_ip: "{{ _ingress_service.resources[0].status.loadBalancer.ingress[0].ip }}" - name: Set ingress ip in CR status operator_sdk.util.k8s_status: api_version: miscscripts.pnnl.gov/v1beta1 @@ -141,32 +149,29 @@ name: "{{ ansible_operator_meta.name }}" namespace: "{{ ansible_operator_meta.namespace }}" status: - loadBalancerIP: "{{ ingressService.resources[0].status.loadBalancer.ingress[0].ip }}" + loadBalancerIP: "{{ _load_balancer_ip }}" - name: Set ingress ip if specified ansible.builtin.set_fact: - loadBalancerIP: "{{ _miscscripts_pnnl_gov_tenantnamespace.spec.ingress.controller.service.loadBalancerIP }}" + _load_balancer_ip: "{{ _merged_values.ingress.controller.service.loadBalancerIP }}" when: - - loadBalancerIP is not defined - - _miscscripts_pnnl_gov_tenantnamespace.spec.ingress is defined - - _miscscripts_pnnl_gov_tenantnamespace.spec.ingress.controller is defined - - _miscscripts_pnnl_gov_tenantnamespace.spec.ingress.controller.service is defined - - _miscscripts_pnnl_gov_tenantnamespace.spec.ingress.controller.service.loadBalancerIP is defined + - _load_balancer_ip is not defined + - _merged_values.ingress.controller.service.loadBalancerIP is defined - name: Force loadBalancerIP address setting ansible.builtin.set_fact: - loadBalancerIP_overrides: + _load_balancer_ip_overrides: ingress: controller: service: - loadBalancerIP: "{{ loadBalancerIP }}" + loadBalancerIP: "{{ _load_balancer_ip }}" when: - - loadBalancerIP is defined + - _load_balancer_ip is defined - name: Force loadBalancerIP. Can not be overridden. ansible.builtin.set_fact: - merged_values: "{{ merged_values | combine(loadBalancerIP_overrides, recursive=True) }}" + _merged_values: "{{ _merged_values | combine(_load_balancer_ip_overrides, recursive=True) }}" when: - - loadBalancerIP is defined + - _load_balancer_ip is defined # FIXME Consider making a service account specifically for this so it can't cross namespaces as far as it can today - name: Run Helm @@ -174,10 +179,10 @@ name: "{{ ansible_operator_meta.name }}" namespace: "{{ ansible_operator_meta.name }}-admin" chart_ref: ${HOME}/tenant-namespace - values: "{{ merged_values }}" - register: objs - check_mode: "{{ dryrun }}" - diff: "{{ dryrun }}" + values: "{{ _merged_values }}" + register: _objs + check_mode: "{{ _dryrun }}" + diff: "{{ _dryrun }}" - name: Set diff output on status operator_sdk.util.k8s_status: @@ -186,11 +191,11 @@ name: "{{ ansible_operator_meta.name }}" namespace: "{{ ansible_operator_meta.namespace }}" status: - diff: "{{ ((objs.diff.prepared | default('')) + '\n') | b64encode }}" + diff: "{{ ((_objs.diff.prepared | default('')) + '\n') | b64encode }}" - name: Set user labels ansible.builtin.set_fact: - userlabels: "{{ _miscscripts_pnnl_gov_tenantnamespace_spec.extraNamespaceLabels | default({}) | combine({'name': ansible_operator_meta.name, 'miscscripts.pnnl.gov/namespace-type': 'user'}, recursive=True) }}" + _userlabels: "{{ _safe_cr.spec.extraNamespaceLabels | default({}) | combine({'name': ansible_operator_meta.name, 'miscscripts.pnnl.gov/namespace-type': 'user'}, recursive=True) }}" - name: Create the k8s user namespace kubernetes.core.k8s: @@ -200,6 +205,6 @@ kind: Namespace metadata: name: "{{ ansible_operator_meta.name }}" - labels: "{{ userlabels }}" - annotations: "{{ _miscscripts_pnnl_gov_tenantnamespace_spec.extraNamespaceAnnotations | default({}) }}" - check_mode: "{{ dryrun }}" + labels: "{{ _userlabels }}" + annotations: "{{ _safe_cr.spec.extraNamespaceAnnotations | default({}) }}" + check_mode: "{{ _dryrun }}" diff --git a/containers/tenant-namespace-operator/roles/tenantnamespacefin/tasks/main.yml b/containers/tenant-namespace-operator/roles/tenantnamespacefin/tasks/main.yml index bf6da17..c790c7d 100644 --- a/containers/tenant-namespace-operator/roles/tenantnamespacefin/tasks/main.yml +++ b/containers/tenant-namespace-operator/roles/tenantnamespacefin/tasks/main.yml @@ -7,7 +7,7 @@ name: "{{ ansible_operator_meta.name }}" namespace: "{{ ansible_operator_meta.name }}-admin" state: absent - register: objs + register: _objs - name: Delete the k8s user namespace kubernetes.core.k8s: diff --git a/containers/tenant-namespace-operator/watches.yaml b/containers/tenant-namespace-operator/watches.yaml index f69fa1a..5744636 100644 --- a/containers/tenant-namespace-operator/watches.yaml +++ b/containers/tenant-namespace-operator/watches.yaml @@ -5,6 +5,7 @@ kind: TenantNamespace role: tenantnamespace reconcilePeriod: "60s" + markUnsafe: true finalizer: name: finalizer.tenantnamespace.miscscripts.pnnl.gov role: tenantnamespacefin From 4621fe4b0c7e61f19e9e5b108de1e4822a19497c Mon Sep 17 00:00:00 2001 From: kfox1111 Date: Tue, 5 Dec 2023 10:01:22 -0800 Subject: [PATCH 329/331] Make kubeupdater local key configurable --- charts/charts/kubeupdater/Chart.yaml | 2 +- charts/charts/kubeupdater/templates/repo-configmap.yaml | 2 +- charts/charts/kubeupdater/values.yaml | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/charts/charts/kubeupdater/Chart.yaml b/charts/charts/kubeupdater/Chart.yaml index cd14df9..10c8b19 100644 --- a/charts/charts/kubeupdater/Chart.yaml +++ b/charts/charts/kubeupdater/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: A Helm chart for Kubernetes name: kubeupdater -version: 0.8.0 +version: 0.9.0 diff --git a/charts/charts/kubeupdater/templates/repo-configmap.yaml b/charts/charts/kubeupdater/templates/repo-configmap.yaml index fb636a5..426754e 100644 --- a/charts/charts/kubeupdater/templates/repo-configmap.yaml +++ b/charts/charts/kubeupdater/templates/repo-configmap.yaml @@ -14,7 +14,7 @@ data: name=everything enabled=1 baseurl={{ .Values.base }}{{ .Values.version }} - gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 + gpgkey = file:///etc/pki/rpm-gpg/{{ .Values.localGPGFileName }} {{ .Values.base }}{{ .Values.version }}/repodata/RPM-GPG-KEY gpgcheck = 1 repo_gpgcheck = 1 diff --git a/charts/charts/kubeupdater/values.yaml b/charts/charts/kubeupdater/values.yaml index 3e2fd04..250a926 100644 --- a/charts/charts/kubeupdater/values.yaml +++ b/charts/charts/kubeupdater/values.yaml @@ -8,6 +8,7 @@ base: https://changeme/ version: 1.16.8-nginx-2 +localGPGFileName: RPM-GPG-KEY-Rocky-9 image: repository: alpine From 6f8e74f47109dc7f77dd61a82a584e1a145e4287 Mon Sep 17 00:00:00 2001 From: kfox1111 Date: Mon, 11 Dec 2023 15:54:49 -0800 Subject: [PATCH 330/331] Update debug-toolbox --- containers/debug-toolbox/Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/containers/debug-toolbox/Dockerfile b/containers/debug-toolbox/Dockerfile index 5b428d2..93100be 100644 --- a/containers/debug-toolbox/Dockerfile +++ b/containers/debug-toolbox/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.9 +FROM alpine:3.19 RUN \ apk add --no-cache \ @@ -22,4 +22,5 @@ RUN \ procps \ iotop \ ipvsadm \ - openssl + openssl \ + nvme From f078789591376bf10605acea0f8379078252ef13 Mon Sep 17 00:00:00 2001 From: kfox1111 Date: Wed, 13 Dec 2023 12:01:12 -0800 Subject: [PATCH 331/331] Fix package name. Add some more tools. --- containers/debug-toolbox/Dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/containers/debug-toolbox/Dockerfile b/containers/debug-toolbox/Dockerfile index 93100be..3018618 100644 --- a/containers/debug-toolbox/Dockerfile +++ b/containers/debug-toolbox/Dockerfile @@ -23,4 +23,6 @@ RUN \ iotop \ ipvsadm \ openssl \ - nvme + nvme-cli \ + smartmontools \ + dmidecode