diff --git a/.dockerignore b/.dockerignore index 8ae4d55..7c45d92 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,6 +1,5 @@ ** -!terraform/modules -!terraform/bundles +!terraform !build-scripts !infrastructure-templates !.ci diff --git a/.github/workflows/build-images.yml b/.github/workflows/build-images.yml new file mode 100644 index 0000000..0aa4ed0 --- /dev/null +++ b/.github/workflows/build-images.yml @@ -0,0 +1,94 @@ +name: build-images + +on: + workflow_dispatch: + + push: + paths: + - cmd/** + - infrastructure-templates/** + - terraform/** + - ".github/workflows/**" + - Dockerfile + - .ci/** + +permissions: + contents: read + packages: write + +jobs: + docker-builds: + strategy: + matrix: + name: + - infrastructure-as-code + - aws-spot-k3s-terminator + include: + - name: infrastructure-as-code + buildDir: . + imageRepo: ghcr.io/${{ github.repository }}/iac-job + + - name: aws-spot-k3s-terminator + buildDir: cmd/aws-spot-k3s-terminator + imageRepo: ghcr.io/${{ github.repository }}/aws-spot-k3s-terminator + + runs-on: ubuntu-latest + name: Deploy to Docker Image + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Log in to the Container registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Create Image Tag from branch name + if: startsWith(github.ref, 'refs/heads/release') + run: | + set +e + IMAGE_TAG=$(echo ${GITHUB_REF#refs/heads/} | sed 's/release-//g') + echo "$IMAGE_TAG" | grep -i '\-nightly$' + if [ $? -ne 0 ]; then + IMAGE_TAG="$IMAGE_TAG-nightly" + fi + set -e + + echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV + echo "OVERRIDE_PUSHED_IMAGE=true" >> $GITHUB_ENV + + - name: Create Image Tag from tag + if: startsWith(github.ref, 'refs/tags/') + run: | + IMAGE_TAG=$(echo ${GITHUB_REF#refs/tags/}) + + echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV + echo "OVERRIDE_PUSHED_IMAGE=false" >> $GITHUB_ENV + + - name: Build & Push Image + if: startsWith(github.ref, 'refs/heads/release') || startsWith(github.ref, 'refs/tags/') + run: | + set +e + pushd ${{matrix.buildDir}} + + image=${{matrix.imageRepo}}:$IMAGE_TAG + echo "building image: $image" + + docker manifest inspect $image + exit_status=$? + if [ $exit_status -eq 0 ]; then + [ "$OVERRIDE_PUSHED_IMAGE" = "false" ] && echo "image ($image) already exists, and override image is disable, exiting" && exit 0 + echo "image exists, but override pushed image is set to true. proceeding with building image" + fi + + set -e + + docker buildx build -t $image . --push diff --git a/.github/workflows/release-k3s-runner.yml b/.github/workflows/release-k3s-runner.yml new file mode 100644 index 0000000..73caf97 --- /dev/null +++ b/.github/workflows/release-k3s-runner.yml @@ -0,0 +1,108 @@ +name: + +on: + workflow_dispatch: + + push: + paths: + - cmd/k3s-runner + - ".github/workflows/**" + +permissions: + contents: write + id-token: write + +jobs: + docker-builds: + strategy: + matrix: + target_arch: + - amd64 + - arm64 + + runs-on: ubuntu-latest + name: Deploy to Docker Image + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: 1.21.5 + + - name: Install Task + uses: arduino/setup-task@v1 + with: + version: 3.x + repo-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Install UPX + run: | + curl -L0 https://github.com/upx/upx/releases/download/v4.2.1/upx-4.2.1-amd64_linux.tar.xz > upx.tar.xz + tar -xf upx.tar.xz + sudo mv upx-4.2.1-amd64_linux/upx /usr/local/bin + + + - name: Create Release Tag from branch name + if: startsWith(github.ref, 'refs/heads/release') + run: | + set +e + RELEASE_TAG=$(echo ${GITHUB_REF#refs/heads/} | sed 's/release-//g') + echo "$RELEASE_TAG" | grep -i '\-nightly$' + if [ $? -ne 0 ]; then + RELEASE_TAG="$RELEASE_TAG-nightly" + fi + set -e + + echo "RELEASE_TAG=$RELEASE_TAG" >> $GITHUB_ENV + echo "OVERRIDE_RELEASE=true" >> $GITHUB_ENV + + - name: Create Release Tag from tag + if: startsWith(github.ref, 'refs/tags/') + run: | + RELEASE_TAG=$(echo ${GITHUB_REF#refs/tags/}) + + echo "RELEASE_TAG=$RELEASE_TAG" >> $GITHUB_ENV + echo "OVERRIDE_RELEASE=false" >> $GITHUB_ENV + + - name: Build And Release + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + RELEASE_TITLE: "kloudlite-k3s-runner" + RELEASE_NOTES: "kloudlite k3s runner" + GOARCH: ${{matrix.target_arch}} + run: | + pushd cmd/k3s-runner + + task build + + PRE_RELEASE=$OVERRIDE_RELEASE + + opts=("-R" "${{ github.repository }}") + + release=$(gh release list ${opts[@]} | tail -n +1 | (grep -iE "\s+$RELEASE_TAG\s+" || echo -n "") | awk '{print $3}') + + if [[ -z $release ]]; then + echo "going to create release, as RELEASE ($RELEASE_TAG) does not exist" + createOpts="${opts[@]}" + if [ $PRE_RELEASE = "true" ]; then + createOpts+=("--prerelease") + fi + + if ! [[ -z $RELEASE_TITLE ]]; then + createOpts+=("--title" "'$RELEASE_TITLE'") + fi + createOpts+=("--notes" "'$RELEASE_NOTES'") + + echo "creating github release with cmd: \`gh release create $RELEASE_TAG ${createOpts[@]}\` " + eval gh release create "$RELEASE_TAG" ${createOpts[@]} --generate-notes + fi + + uploadOpts="${opts[@]}" + if [ "$OVERRIDE_RELEASE" = "true" ]; then + uploadOpts+=("--clobber") + fi + + echo "uploading buillt binary with cmd: \`gh release upload $RELEASE_TAG ${uploadOpts[*]} bin/*\`" + gh release upload "$RELEASE_TAG" ${uploadOpts[@]} bin/* diff --git a/Dockerfile b/Dockerfile index 5bbd43b..a73c92b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,15 +1,14 @@ #syntax=docker/dockerfile:1.4 FROM alpine:3.16 - -RUN apk add bash curl gettext zip -RUN apk add terraform helm kubectl --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community -RUN apk add jq - +RUN apk add bash curl gettext zip jq +# RUN apk add terraform helm kubectl --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community +RUN apk add helm kubectl --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community +RUN curl -L0 https://releases.hashicorp.com/terraform/1.5.7/terraform_1.5.7_linux_amd64.zip > tf.zip && unzip tf.zip && mv terraform /usr/local/bin && rm tf.zip RUN adduser --disabled-password --home="/app" --uid 1717 nonroot USER nonroot WORKDIR /app COPY --chown=nonroot ./terraform ./terraform -RUN mkdir infrastructure-templates +RUN mkdir -p infrastructure-templates COPY --chown=nonroot ./infrastructure-templates ./infrastructure-templates ENV TF_PLUGIN_CACHE_DIR="/app/.terraform.d/plugin-cache" RUN mkdir -p $TF_PLUGIN_CACHE_DIR diff --git a/Taskfile.yml b/Taskfile.yml index 138ac01..ffb707e 100644 --- a/Taskfile.yml +++ b/Taskfile.yml @@ -15,10 +15,10 @@ tasks: msg: 'var Tag must have a value' silent: true cmds: - # - docker build -t {{.Image}} . - # - docker push {{.Image}} - - podman buildx build -t {{.Image}} . - - podman push {{.Image}} + - docker build -t {{.Image}} . + - docker push {{.Image}} + # - podman buildx build -t {{.Image}} . + # - podman push {{.Image}} tf:download:kubeconfig:dev: vars: diff --git a/cmd/k3s-runner/Taskfile.yml b/cmd/k3s-runner/Taskfile.yml index 873ebf4..941ad40 100644 --- a/cmd/k3s-runner/Taskfile.yml +++ b/cmd/k3s-runner/Taskfile.yml @@ -5,21 +5,20 @@ tasks: env: CGO_ENABLED: 0 GOOS: linux - GOARCH: amd64 vars: builtAt: sh: date | sed 's/\s/_/g' cmds: - - go build -ldflags="-s -w -X main.BuiltAt={{.builtAt}}" -o ./bin/runner . - - upx bin/runner + - go build -ldflags="-s -w -X main.BuiltAt={{.builtAt}}" -o ./bin/runner-${GOARCH:-$(go env GOARCH)} . + - upx bin/runner-${GOARCH:-$(go env GOARCH)} help: summary: |+ to run as primaryMaster, create a `/runner-config.yml` file, with following contents: - ``` - runAs: primaryMaster - primaryMaster: - publicIP: - token: sample - nodeName: k8s-master-1 - ``` + ``` + runAs: primaryMaster + primaryMaster: + publicIP: + token: sample + nodeName: k8s-master-1 + ``` diff --git a/terraform/modules/kloudlite/deployments/kloudlite-agent.tf b/terraform/modules/kloudlite/deployments/kloudlite-agent.tf index 3ae6439..69a7bbb 100644 --- a/terraform/modules/kloudlite/deployments/kloudlite-agent.tf +++ b/terraform/modules/kloudlite/deployments/kloudlite-agent.tf @@ -48,7 +48,7 @@ resource "ssh_resource" "install-kloudlite-agent" { image = "ghcr.io/kloudlite/operator/helm-charts:${var.kloudlite_release}" service_account_name = local.service_account_name - + kloudlite_release = var.kloudlite_release }) destination = "${local.dir}/helm-charts-controller.yml" } diff --git a/terraform/modules/kloudlite/deployments/templates/helm-charts-controller.yml b/terraform/modules/kloudlite/deployments/templates/helm-charts-controller.yml index 9bff147..0e7591d 100644 --- a/terraform/modules/kloudlite/deployments/templates/helm-charts-controller.yml +++ b/terraform/modules/kloudlite/deployments/templates/helm-charts-controller.yml @@ -41,9 +41,7 @@ spec: cpu: 5m memory: 10Mi - - command: - - /manager - args: + - args: - --health-probe-bind-address=:8081 - --metrics-bind-address=127.0.0.1:8080 - --leader-elect @@ -56,6 +54,8 @@ spec: value: "30s" - name: MAX_CONCURRENT_RECONCILES value: "1" + - name: HELM_JOB_RUNNER_IMAGE + value: "ghcr.io/kloudlite/operator/workers/helm-runner:${kloudlite_release}" name: manager securityContext: runAsNonRoot: true