Skip to content

Commit

Permalink
Merge pull request #780 from truefoundry/truefoundry-version-
Browse files Browse the repository at this point in the history
[CI] Publish truefoundry to version
  • Loading branch information
geekygulshan authored Nov 11, 2024
2 parents f51fc6f + 61cb404 commit e60507c
Show file tree
Hide file tree
Showing 9 changed files with 131 additions and 31 deletions.
6 changes: 3 additions & 3 deletions charts/truefoundry/Chart.lock
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,6 @@ dependencies:
version: 15.2.2
- name: tfy-buildkitd-service
repository: https://truefoundry.github.io/infra-charts/
version: 0.2.0
digest: sha256:568b049593765e6583cb046e218904cd5e04371283739d280da511dc2f4b6dd3
generated: "2024-11-01T14:15:58.388967+05:30"
version: 0.2.1-rc.1
digest: sha256:0f3eab55d9395afea9ba9382c532dd53c61acc58c7e1ea87adb85a5a51dd1c71
generated: "2024-11-08T15:07:07.114652559+05:30"
4 changes: 2 additions & 2 deletions charts/truefoundry/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v2
name: truefoundry
version: 0.10.0
version: 0.11.0
description: "TrueFoundry Control Plane Components"
maintainers:
- name: truefoundry
Expand All @@ -20,4 +20,4 @@ dependencies:
- condition: tfy-buildkitd-service.enabled
name: tfy-buildkitd-service
repository: https://truefoundry.github.io/infra-charts/
version: 0.2.0
version: 0.2.1-rc.1
41 changes: 22 additions & 19 deletions charts/truefoundry/README.md

Large diffs are not rendered by default.

70 changes: 70 additions & 0 deletions charts/truefoundry/templates/bootstrap/configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,75 @@ data:
&& mv kubectl /usr/bin/
}
create_tfy_buildkit_tls_certificates_and_secrets(){
(
set -eu
if [[ "$INSTALL_TLS_CERTIFICATES" != "true" ]]; then
print_yellow "Skipping TLS certificate generation"
return 0
fi
PRODUCT=tfy-buildkit
DIR=./.certs
EXPIRATION_DAYS=36500 # 100 years expiration
if kubectl get secret ${PRODUCT}-daemon-certs -n "$TRUEFOUNDRY_NAMESPACE" &> /dev/null && kubectl get secret ${PRODUCT}-client-certs -n "$TRUEFOUNDRY_NAMESPACE" &> /dev/null; then
print_green "Secrets already exist. Exiting..."
return 0
fi
if [[ "$#" -lt 1 ]]; then
echo "Usage: $0 SAN [SAN...]"
echo
echo "Example: $0 buildkitd.default.svc "
echo
echo "The following files will be created under ${DIR}"
echo "- daemon/{ca.pem,cert.pem,key.pem}"
echo "- client/{ca.pem,cert.pem,key.pem}"
echo "- ${PRODUCT}-daemon-certs.yaml"
echo "- ${PRODUCT}-client-certs.yaml"
echo "- SAN"
exit 1
fi
if ! command -v openssl >/dev/null; then
echo "Missing OpenSSL"
exit 1
fi
SAN1=$1
SAN2=$2
SAN_CLIENT=client
mkdir -p $DIR ${DIR}/daemon ${DIR}/client
openssl genrsa -out ${DIR}/key.pem 4096
openssl req -x509 -nodes -new -sha256 -days $EXPIRATION_DAYS -keyout ${DIR}/key.pem -out ${DIR}/rootCA.pem -subj "/C=US/ST=CA/L=San-Francisco/O=TrueFoundry/CN=Root CA"
# Generate a server private key and certificate using the root CA
openssl genrsa -out ${DIR}/daemon/key.pem 4096
openssl req -new -key ${DIR}/daemon/key.pem -out ${DIR}/daemon/csr.pem -subj "/C=US/ST=CA/L=San-Francisco/O=TrueFoundry/CN=server"
openssl x509 -req -in ${DIR}/daemon/csr.pem -CA ${DIR}/rootCA.pem -CAkey ${DIR}/key.pem -CAcreateserial -out ${DIR}/daemon/cert.pem -days $EXPIRATION_DAYS -extfile <(printf "subjectAltName=DNS:%s, DNS:%s,IP:0.0.0.0" "$SAN1" "$SAN2")
# Generate a client private key and certificate using the root CA
openssl genrsa -out ${DIR}/client/key.pem 4096
openssl req -new -key ${DIR}/client/key.pem -out ${DIR}/client/csr.pem -subj "/C=US/ST=CA/L=San-Francisco/O=TrueFoundry/CN=$SAN_CLIENT"
openssl x509 -req -in ${DIR}/client/csr.pem -CA ${DIR}/rootCA.pem -CAkey ${DIR}/key.pem -CAcreateserial -out ${DIR}/client/cert.pem -days $EXPIRATION_DAYS
# Copy the root CA certificates
cp -f ${DIR}/rootCA.pem ${DIR}/daemon/ca.pem
cp -f ${DIR}/rootCA.pem ${DIR}/client/ca.pem
rm -f ${DIR}/daemon/csr.pem ${DIR}/client/csr.pem
rm -f ${DIR}/rootCA.pem ${DIR}/key.pem
# Create Kubernetes secrets
kubectl create secret generic ${PRODUCT}-daemon-certs -n truefoundry --dry-run=client -o yaml --from-file=${DIR}/daemon > $DIR/${PRODUCT}-daemon-certs.yaml
kubectl create secret generic ${PRODUCT}-client-certs -n truefoundry --dry-run=client -o yaml --from-file=${DIR}/client > $DIR/${PRODUCT}-client-certs.yaml
kubectl apply -f $DIR/${PRODUCT}-daemon-certs.yaml
kubectl apply -f $DIR/${PRODUCT}-client-certs.yaml
)
}
migrate_nats_seed_to_dedicated_secret() {
# Get the value of NATS_CONTROLPLANE_ACCOUNT_SEED from the secret
NATS_SEED=$(kubectl -n $TRUEFOUNDRY_NAMESPACE get secret servicefoundry-server-env-secret -o jsonpath='{.data.NATS_CONTROLPLANE_ACCOUNT_SEED}' | base64 --decode)
Expand Down Expand Up @@ -82,6 +151,7 @@ data:
fi
install_binaries
create_tfy_buildkit_tls_certificates_and_secrets *.{{ include "tfy-buildkitd.buildkitdServiceName" . }}.$TRUEFOUNDRY_NAMESPACE.svc.cluster.local *.$TRUEFOUNDRY_NAMESPACE.svc.cluster.local
kubectl -n $TRUEFOUNDRY_NAMESPACE get cm $TRUEFOUNDRY_NATS_CONFIGMAP
if [ $? -eq 0 ]; then
Expand Down
2 changes: 2 additions & 0 deletions charts/truefoundry/templates/bootstrap/job.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@ spec:
value: "{{ .Values.truefoundryBootstrap.natsConfigmapName }}"
- name: TRUEFOUNDRY_NAMESPACE
value: "{{ .Release.Namespace }}"
- name: INSTALL_TLS_CERTIFICATES
value: "{{ .Values.truefoundryBootstrap.createdBuildkitServiceTlsCerts }}"
{{- range $val := .Values.truefoundryBootstrap.extraEnvVars }}
- name: {{ $val.name }}
value: {{ $val.value }}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -422,6 +422,11 @@ spec:
- key: .dockerconfigjson
path: base_config.json
secretName: {{ .Values.tfyBuild.truefoundryWorkflows.sfyBuilder.baseImagePullSecret }}
{{- end }}
{{- if index .Values "tfy-buildkitd-service" "tls" "enabled" }}
- name: buildkit-client-cert
secret:
secretName: {{ index .Values "tfy-buildkitd-service" "tls" "buildkitClientCertsSecretName" }}
{{- end }}
- name: scripts
projected:
Expand Down Expand Up @@ -482,6 +487,10 @@ spec:
- name: truefoundry-docker-config
mountPath: /root/.truefoundry/.docker/
{{- end }}
{{- if index .Values "tfy-buildkitd-service" "tls" "enabled" }}
- name: buildkit-client-cert
mountPath: "/etc/buildkit/certs/"
{{- end }}
{{- range $value := .Values.tfyBuild.truefoundryWorkflows.sfyBuilder.buildSecrets }}
- name: {{ $value.id | replace "." "-" }}
mountPath: "/truefoundry-build-secrets/"
Expand Down
9 changes: 8 additions & 1 deletion charts/truefoundry/tfy-build-scripts/build-and-push.sh
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,17 @@ printf "\033[36m[Start]\033[0m Building and pushing the docker container. Please

IMAGE="$DOCKER_REGISTRY_URL/$DOCKER_REPO"
TAG=$DOCKER_TAG
BUILDKIT_CERTS_PATH="/etc/buildkit/certs"

printf "\033[36m[==== Docker logs start ====]\033[0m\n"

docker buildx create --name remote-kubernetes --driver remote tcp://"$BUILDKIT_SERVICE_URL"
BUILDX_CREATE_ARGS="--name remote-kubernetes --driver remote tcp://${BUILDKIT_SERVICE_URL}"

if [[ -d "$BUILDKIT_CERTS_PATH" ]]; then
BUILDX_CREATE_ARGS="${BUILDX_CREATE_ARGS} --driver-opt key=${BUILDKIT_CERTS_PATH}/key.pem,cert=${BUILDKIT_CERTS_PATH}/cert.pem,cacert=${BUILDKIT_CERTS_PATH}/ca.pem"
fi

docker buildx create ${BUILDX_CREATE_ARGS}

if [ -d "$SOURCE_CODE_DOWNLOAD_PATH" ]; then
cd "$SOURCE_CODE_DOWNLOAD_PATH"
Expand Down
1 change: 1 addition & 0 deletions charts/truefoundry/tfy-build-scripts/update-build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@ if [[ "$status" != "null" ]]; then
echo "Updating build status to $status"
fi

echo "Final payload: $FINAL_PAYLOAD"
curl --no-progress-meter --show-error -X "PATCH" \
-H "Content-Type: application/json" \
-d "$FINAL_PAYLOAD" \
Expand Down
20 changes: 14 additions & 6 deletions charts/truefoundry/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ global:
## @param global.controlPlaneURL URL of the control plane
controlPlaneURL: "http://truefoundry-truefoundry-frontend-app.truefoundry.svc.cluster.local:5000"
## @param global.controlPlaneChartVersion Version of control-plane chart
controlPlaneChartVersion: 0.10.0
controlPlaneChartVersion: 0.11.0
# If you have an existing truefoundry-creds secret, provide the name here.
# This will ignore `.global.database` and `.global.tfyApiKey` values.
## @param global.existingTruefoundryCredsSecret Name of the existing truefoundry creds secret
Expand Down Expand Up @@ -83,6 +83,8 @@ truefoundryBootstrap:
## @param truefoundryBootstrap.imagePullSecrets Image pull secrets for the bootstrap container
##
imagePullSecrets: []
## @param truefoundryBootstrap.createdBuildkitServiceTlsCerts Bool to install TLS certificates
createdBuildkitServiceTlsCerts: "false"
###################################################################################################################
####################################### Truefoundry Frontend App ##################################################
###################################################################################################################
Expand All @@ -101,7 +103,7 @@ truefoundryFrontendApp:
## @param truefoundryFrontendApp.image.repository Image repository for the frontend app
repository: "tfy.jfrog.io/tfy-private-images/truefoundry-frontend-app"
## @param truefoundryFrontendApp.image.tag Image tag for the frontend app
tag: "v0.9.0"
tag: "v0.10.0"
## @param truefoundryFrontendApp.envSecretName Secret name for the frontend app environment variables
envSecretName: truefoundry-frontend-app-env-secret
## @param truefoundryFrontendApp.imagePullPolicy Image pull policy for the frontend app
Expand Down Expand Up @@ -388,7 +390,7 @@ servicefoundryServer:
## @param servicefoundryServer.image.repository Image repository for the servicefoundry server
repository: "tfy.jfrog.io/tfy-private-images/servicefoundry-server"
## @param servicefoundryServer.image.tag Image tag for the servicefoundry server
tag: "v0.10.0"
tag: "v0.11.0"
## @param servicefoundryServer.environmentName Environment name for the servicefoundry server
environmentName: default
## @param servicefoundryServer.envSecretName Secret name for the servicefoundry server environment variables
Expand Down Expand Up @@ -476,6 +478,7 @@ servicefoundryServer:
TFY_BUILD_LOGS_URL: "{{ .Values.global.controlPlaneURL }}/api/svc"
TFY_BUILD_WS_URL: "{{ .Values.global.controlPlaneURL }}"
AUTH_SERVER_URL: https://auth.truefoundry.com
CONTROL_PLANE_VERSION: "{{ .Values.global.controlPlaneChartVersion }}"
TENANT_NAME: "{{ .Values.global.tenantName }}"
MANIFEST_SERVICE_URL: http://{{ .Release.Name }}-sfy-manifest-service.{{ .Release.Namespace }}.svc.cluster.local:8080
MLFOUNDRY_SERVER_URL: http://{{ .Release.Name }}-mlfoundry-server.{{ .Release.Namespace }}.svc.cluster.local:5000
Expand Down Expand Up @@ -538,7 +541,7 @@ tfyK8sController:
## @param tfyK8sController.image.repository Image repository for the tfyK8sController
repository: "tfy.jfrog.io/tfy-private-images/tfy-k8s-controller"
## @param tfyK8sController.image.tag Image tag for the tfyK8sController
tag: "v0.7.0"
tag: "v0.8.0"
## @param tfyK8sController.environmentName Environment name for tfyK8sController
environmentName: default
## @param tfyK8sController.envSecretName Secret name for the tfyK8sController environment variables
Expand Down Expand Up @@ -630,7 +633,7 @@ sfyManifestService:
## @param sfyManifestService.image.repository Image repository for the sfy manifest service
repository: "tfy.jfrog.io/tfy-private-images/sfy-manifest-service"
## @param sfyManifestService.image.tag Image tag for the sfy manifest service
tag: "v0.7.0"
tag: "v0.8.0"
## @param sfyManifestService.replicaCount Number of replicas for the sfy manifest service
replicaCount: 1
## @param sfyManifestService.environmentName Environment name for the sfy manifest service
Expand Down Expand Up @@ -1035,6 +1038,11 @@ tfy-buildkitd-service:
port: 1234
## @param tfy-buildkitd-service.replicaCount Number of replicas Value kept for future use, kept 1
replicaCount: 1
tls:
## @param tfy-buildkitd-service.tls.enabled Enable TLS for the tfy-buildkitd service
enabled: false
## @param tfy-buildkitd-service.tls.buildkitClientCertsSecretName Name of the secret containing the TLS certificate
buildkitClientCertsSecretName: "tfy-buildkit-client-certs"
# To further configure the local postgres installation use the following section.
# During cleanup, make sure to remove any stray pvc that might be created.
## postgresql Settings corresponding to the postgresql database
Expand Down Expand Up @@ -1076,7 +1084,7 @@ tfyController:
## @param tfyController.image.repository Image repository for the tfyController
repository: tfy.jfrog.io/tfy-private-images/tfy-controller
## @param tfyController.image.tag Image tag for the tfyController
tag: v0.5.0
tag: v0.6.0
## @param tfyController.environmentName Environment name for the tfyController
environmentName: default
## @param tfyController.envSecretName Secret name for the tfyController environment variables
Expand Down

0 comments on commit e60507c

Please sign in to comment.