From 766745c6aa29b097825aad91ecdbde119ba61b5b Mon Sep 17 00:00:00 2001 From: Adrian Liechti Date: Sun, 11 Sep 2022 18:40:26 +0200 Subject: [PATCH 01/19] add registry --- app/cluster/cluster_create.go | 5 +++++ extension/registry/registry.go | 27 +++++++++++++++++++++++++++ 2 files changed, 32 insertions(+) create mode 100644 extension/registry/registry.go diff --git a/app/cluster/cluster_create.go b/app/cluster/cluster_create.go index c69b737..e94fa2d 100644 --- a/app/cluster/cluster_create.go +++ b/app/cluster/cluster_create.go @@ -12,6 +12,7 @@ import ( "github.com/adrianliechti/devkube/extension/dashboard" "github.com/adrianliechti/devkube/extension/metrics" "github.com/adrianliechti/devkube/extension/observability" + "github.com/adrianliechti/devkube/extension/registry" ) func CreateCommand() *cli.Command { @@ -71,6 +72,10 @@ func CreateCommand() *cli.Command { return err } + if err := registry.Install(c.Context, kubeconfig, DefaultNamespace); err != nil { + return err + } + if err := observability.Install(c.Context, kubeconfig, DefaultNamespace); err != nil { return err } diff --git a/extension/registry/registry.go b/extension/registry/registry.go new file mode 100644 index 0000000..b20c38f --- /dev/null +++ b/extension/registry/registry.go @@ -0,0 +1,27 @@ +package registry + +import ( + "context" + + "github.com/adrianliechti/devkube/pkg/kubectl" +) + +const ( + manifest = "https://github.com/adrianliechti/loop-registry/blob/main/kubernetes/install.yaml" +) + +func Install(ctx context.Context, kubeconfig, namespace string) error { + if namespace == "" { + namespace = "default" + } + + return kubectl.Invoke(ctx, []string{"apply", "-f", manifest}, kubectl.WithKubeconfig(kubeconfig), kubectl.WithNamespace(namespace), kubectl.WithDefaultOutput()) +} + +func Uninstall(ctx context.Context, kubeconfig, namespace string) error { + if namespace == "" { + namespace = "default" + } + + return kubectl.Invoke(ctx, []string{"delete", "-f", manifest}, kubectl.WithKubeconfig(kubeconfig), kubectl.WithNamespace(namespace), kubectl.WithDefaultOutput()) +} From c637e60aa5d435d1901903475fe225a93c9f9280 Mon Sep 17 00:00:00 2001 From: Adrian Liechti Date: Sun, 11 Sep 2022 18:42:00 +0200 Subject: [PATCH 02/19] fix url --- extension/registry/registry.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extension/registry/registry.go b/extension/registry/registry.go index b20c38f..722a413 100644 --- a/extension/registry/registry.go +++ b/extension/registry/registry.go @@ -7,7 +7,7 @@ import ( ) const ( - manifest = "https://github.com/adrianliechti/loop-registry/blob/main/kubernetes/install.yaml" + manifest = "https://raw.githubusercontent.com/adrianliechti/loop-registry/main/kubernetes/install.yaml" ) func Install(ctx context.Context, kubeconfig, namespace string) error { From 764afd95ac83e24751196b100090a223a34c80c7 Mon Sep 17 00:00:00 2001 From: Adrian Liechti Date: Sun, 11 Sep 2022 19:48:00 +0200 Subject: [PATCH 03/19] use local manifest --- extension/registry/registry.go | 14 ++++-- extension/registry/registry.yaml | 81 ++++++++++++++++++++++++++++++++ pkg/kubectl/kubectl.go | 2 +- 3 files changed, 91 insertions(+), 6 deletions(-) create mode 100644 extension/registry/registry.yaml diff --git a/extension/registry/registry.go b/extension/registry/registry.go index 722a413..a3c37eb 100644 --- a/extension/registry/registry.go +++ b/extension/registry/registry.go @@ -1,21 +1,24 @@ package registry import ( + "bytes" "context" "github.com/adrianliechti/devkube/pkg/kubectl" -) -const ( - manifest = "https://raw.githubusercontent.com/adrianliechti/loop-registry/main/kubernetes/install.yaml" + _ "embed" ) +//go:embed registry.yaml +var manifest string + func Install(ctx context.Context, kubeconfig, namespace string) error { if namespace == "" { namespace = "default" } - return kubectl.Invoke(ctx, []string{"apply", "-f", manifest}, kubectl.WithKubeconfig(kubeconfig), kubectl.WithNamespace(namespace), kubectl.WithDefaultOutput()) + data := bytes.NewReader([]byte(manifest)) + return kubectl.Invoke(ctx, []string{"apply", "-f", "-"}, kubectl.WithKubeconfig(kubeconfig), kubectl.WithNamespace(namespace), kubectl.WithInput(data), kubectl.WithDefaultOutput()) } func Uninstall(ctx context.Context, kubeconfig, namespace string) error { @@ -23,5 +26,6 @@ func Uninstall(ctx context.Context, kubeconfig, namespace string) error { namespace = "default" } - return kubectl.Invoke(ctx, []string{"delete", "-f", manifest}, kubectl.WithKubeconfig(kubeconfig), kubectl.WithNamespace(namespace), kubectl.WithDefaultOutput()) + data := bytes.NewReader([]byte(manifest)) + return kubectl.Invoke(ctx, []string{"delete", "-f", "-"}, kubectl.WithKubeconfig(kubeconfig), kubectl.WithNamespace(namespace), kubectl.WithInput(data), kubectl.WithDefaultOutput()) } diff --git a/extension/registry/registry.yaml b/extension/registry/registry.yaml new file mode 100644 index 0000000..9fe5b3e --- /dev/null +++ b/extension/registry/registry.yaml @@ -0,0 +1,81 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: registry + labels: + app: registry +spec: + selector: + matchLabels: + app: registry + template: + metadata: + labels: + app: registry + spec: + containers: + - name: registry + image: adrianliechti/loop-registry + ports: + - containerPort: 5000 + volumeMounts: + - name: data + mountPath: /var/lib/registry + resources: {} + volumes: + - name: data + persistentVolumeClaim: + claimName: registry +--- +apiVersion: v1 +kind: Service +metadata: + name: registry + labels: + app: registry +spec: + type: ClusterIP + selector: + app: registry + ports: + - name: http + port: 80 + targetPort: 5000 +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: registry + labels: + app: registry +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: registry-proxy + labels: + app: registry-proxy +spec: + selector: + matchLabels: + app: registry-proxy + template: + metadata: + labels: + app: registry-proxy + spec: + containers: + - name: proxy + image: adrianliechti/loop-proxy + args: ["-port", "5000", "-target", "http://registry"] + ports: + - containerPort: 5000 + hostIP: 127.0.0.1 + hostPort: 5000 + resources: {} diff --git a/pkg/kubectl/kubectl.go b/pkg/kubectl/kubectl.go index 600cdfa..83cc1a1 100644 --- a/pkg/kubectl/kubectl.go +++ b/pkg/kubectl/kubectl.go @@ -117,7 +117,7 @@ func WithNamespace(namespace string) Option { } } -func WithInput(stdout, stdin io.Reader) Option { +func WithInput(stdin io.Reader) Option { return func(k *Kubectl) { k.stdin = stdin } From 4731fbeb2ab2151ff7965fcd735325f668aa5cae Mon Sep 17 00:00:00 2001 From: Adrian Liechti Date: Sun, 11 Sep 2022 19:57:14 +0200 Subject: [PATCH 04/19] add registry connect --- app/cluster/cluster_registry.go | 52 +++++++++++++++++++++++++++++++++ main.go | 2 ++ 2 files changed, 54 insertions(+) create mode 100644 app/cluster/cluster_registry.go diff --git a/app/cluster/cluster_registry.go b/app/cluster/cluster_registry.go new file mode 100644 index 0000000..3472e62 --- /dev/null +++ b/app/cluster/cluster_registry.go @@ -0,0 +1,52 @@ +package cluster + +import ( + "fmt" + "runtime" + + "github.com/adrianliechti/devkube/app" + "github.com/adrianliechti/devkube/pkg/cli" + "github.com/adrianliechti/devkube/pkg/kubectl" +) + +func RegistryCommand() *cli.Command { + return &cli.Command{ + Name: "registry", + Usage: "Connect Grafana", + + Flags: []cli.Flag{ + app.ProviderFlag, + app.ClusterFlag, + app.PortFlag, + }, + + Before: func(c *cli.Context) error { + if _, _, err := kubectl.Info(c.Context); err != nil { + return err + } + + return nil + }, + + Action: func(c *cli.Context) error { + provider, cluster := app.MustCluster(c) + + kubeconfig, closer := app.MustClusterKubeconfig(c, provider, cluster) + defer closer() + + port := 5000 + + if runtime.GOOS == "darwin" { + port = 5001 + } + + port = app.MustPortOrRandom(c, port) + + if err := kubectl.Invoke(c.Context, []string{"port-forward", "service/registry", fmt.Sprintf("%d:80", port)}, kubectl.WithKubeconfig(kubeconfig), kubectl.WithNamespace(DefaultNamespace), kubectl.WithDefaultOutput()); err != nil { + return err + } + + return nil + }, + } +} diff --git a/main.go b/main.go index 1585dbc..d15a7bb 100644 --- a/main.go +++ b/main.go @@ -38,7 +38,9 @@ func initApp() cli.App { cluster.CreateCommand(), cluster.DeleteCommand(), + cluster.SetupCommand(), + cluster.RegistryCommand(), cluster.GrafanaCommand(), cluster.DashboardCommand(), From a385fd1d28ee674a184738df6e1328de84f83d0e Mon Sep 17 00:00:00 2001 From: Adrian Liechti Date: Sun, 11 Sep 2022 20:49:44 +0200 Subject: [PATCH 05/19] add some help --- app/cluster/cluster_registry.go | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/app/cluster/cluster_registry.go b/app/cluster/cluster_registry.go index 3472e62..bcc930d 100644 --- a/app/cluster/cluster_registry.go +++ b/app/cluster/cluster_registry.go @@ -42,6 +42,28 @@ func RegistryCommand() *cli.Command { port = app.MustPortOrRandom(c, port) + cli.Info("Configure Docker to use this registry") + cli.Info(" {") + cli.Info(" ...") + cli.Info(" \"insecure-registries\": [") + cli.Infof(" \"localhost:%d\",", port) + cli.Infof(" \"host.docker.internal:%d\"", port) + cli.Info(" ]") + cli.Info(" ...") + cli.Info(" }") + cli.Info(" (see https://docs.docker.com/registry/insecure/#deploy-a-plain-http-registry)") + cli.Info() + cli.Info() + cli.Info("Push an image") + cli.Infof(" docker tag my-image localhost:%d/my-image", port) + cli.Infof(" docker push localhost:%d/my-image", port) + cli.Info() + cli.Info("Or using BuildKit:") + cli.Infof(" docker tag my-image host.docker.internal:%d/my-image", port) + cli.Infof(" docker push host.docker.internal:%d/my-image", port) + cli.Info() + cli.Info() + if err := kubectl.Invoke(c.Context, []string{"port-forward", "service/registry", fmt.Sprintf("%d:80", port)}, kubectl.WithKubeconfig(kubeconfig), kubectl.WithNamespace(DefaultNamespace), kubectl.WithDefaultOutput()); err != nil { return err } From 0430e8cacb47ef15bf7df9079709242f85ea19ec Mon Sep 17 00:00:00 2001 From: Adrian Liechti Date: Sun, 11 Sep 2022 22:31:02 +0200 Subject: [PATCH 06/19] patch nodes hosts file --- extension/registry/registry.yaml | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/extension/registry/registry.yaml b/extension/registry/registry.yaml index 9fe5b3e..11bde43 100644 --- a/extension/registry/registry.yaml +++ b/extension/registry/registry.yaml @@ -39,7 +39,7 @@ spec: app: registry ports: - name: http - port: 80 + port: 5000 targetPort: 5000 --- kind: PersistentVolumeClaim @@ -70,12 +70,30 @@ spec: labels: app: registry-proxy spec: + initContainers: + - name: hosts-patcher + image: busybox + securityContext: + privileged: true + command: + [ + "sh", + "-c", + "grep -q 'registry' /mnt/hosts || echo 127.0.0.1 registry registry.loop >> /mnt/hosts", + ] + volumeMounts: + - name: hosts + mountPath: /mnt/hosts containers: - name: proxy image: adrianliechti/loop-proxy - args: ["-port", "5000", "-target", "http://registry"] + args: ["-port", "5000", "-target", "http://registry:5000"] ports: - containerPort: 5000 hostIP: 127.0.0.1 hostPort: 5000 resources: {} + volumes: + - name: hosts + hostPath: + path: /etc/hosts From 4c4f2af61d2b1e79434a5bfa814274bb863d744f Mon Sep 17 00:00:00 2001 From: Adrian Liechti Date: Sun, 11 Sep 2022 22:39:45 +0200 Subject: [PATCH 07/19] use port 5000 --- app/cluster/cluster_registry.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/cluster/cluster_registry.go b/app/cluster/cluster_registry.go index bcc930d..40f9757 100644 --- a/app/cluster/cluster_registry.go +++ b/app/cluster/cluster_registry.go @@ -64,7 +64,7 @@ func RegistryCommand() *cli.Command { cli.Info() cli.Info() - if err := kubectl.Invoke(c.Context, []string{"port-forward", "service/registry", fmt.Sprintf("%d:80", port)}, kubectl.WithKubeconfig(kubeconfig), kubectl.WithNamespace(DefaultNamespace), kubectl.WithDefaultOutput()); err != nil { + if err := kubectl.Invoke(c.Context, []string{"port-forward", "service/registry", fmt.Sprintf("%d:5000", port)}, kubectl.WithKubeconfig(kubeconfig), kubectl.WithNamespace(DefaultNamespace), kubectl.WithDefaultOutput()); err != nil { return err } From 4942f87117c146aa14e0eb5ed03caf6b4f7861c3 Mon Sep 17 00:00:00 2001 From: Adrian Liechti Date: Mon, 12 Sep 2022 14:36:30 +0200 Subject: [PATCH 08/19] use external manifest --- extension/registry/registry.go | 14 ++--- extension/registry/registry.yaml | 99 -------------------------------- 2 files changed, 5 insertions(+), 108 deletions(-) delete mode 100644 extension/registry/registry.yaml diff --git a/extension/registry/registry.go b/extension/registry/registry.go index a3c37eb..af13415 100644 --- a/extension/registry/registry.go +++ b/extension/registry/registry.go @@ -1,24 +1,21 @@ package registry import ( - "bytes" "context" "github.com/adrianliechti/devkube/pkg/kubectl" - - _ "embed" ) -//go:embed registry.yaml -var manifest string +const ( + manifest = "https://raw.githubusercontent.com/adrianliechti/loop-registry/v0.1.0/kubernetes/install.yaml" +) func Install(ctx context.Context, kubeconfig, namespace string) error { if namespace == "" { namespace = "default" } - data := bytes.NewReader([]byte(manifest)) - return kubectl.Invoke(ctx, []string{"apply", "-f", "-"}, kubectl.WithKubeconfig(kubeconfig), kubectl.WithNamespace(namespace), kubectl.WithInput(data), kubectl.WithDefaultOutput()) + return kubectl.Invoke(ctx, []string{"apply", "-f", manifest}, kubectl.WithKubeconfig(kubeconfig), kubectl.WithNamespace(namespace), kubectl.WithDefaultOutput()) } func Uninstall(ctx context.Context, kubeconfig, namespace string) error { @@ -26,6 +23,5 @@ func Uninstall(ctx context.Context, kubeconfig, namespace string) error { namespace = "default" } - data := bytes.NewReader([]byte(manifest)) - return kubectl.Invoke(ctx, []string{"delete", "-f", "-"}, kubectl.WithKubeconfig(kubeconfig), kubectl.WithNamespace(namespace), kubectl.WithInput(data), kubectl.WithDefaultOutput()) + return kubectl.Invoke(ctx, []string{"delete", "-f", manifest}, kubectl.WithKubeconfig(kubeconfig), kubectl.WithNamespace(namespace), kubectl.WithDefaultOutput()) } diff --git a/extension/registry/registry.yaml b/extension/registry/registry.yaml deleted file mode 100644 index 11bde43..0000000 --- a/extension/registry/registry.yaml +++ /dev/null @@ -1,99 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: registry - labels: - app: registry -spec: - selector: - matchLabels: - app: registry - template: - metadata: - labels: - app: registry - spec: - containers: - - name: registry - image: adrianliechti/loop-registry - ports: - - containerPort: 5000 - volumeMounts: - - name: data - mountPath: /var/lib/registry - resources: {} - volumes: - - name: data - persistentVolumeClaim: - claimName: registry ---- -apiVersion: v1 -kind: Service -metadata: - name: registry - labels: - app: registry -spec: - type: ClusterIP - selector: - app: registry - ports: - - name: http - port: 5000 - targetPort: 5000 ---- -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: registry - labels: - app: registry -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 8Gi ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: registry-proxy - labels: - app: registry-proxy -spec: - selector: - matchLabels: - app: registry-proxy - template: - metadata: - labels: - app: registry-proxy - spec: - initContainers: - - name: hosts-patcher - image: busybox - securityContext: - privileged: true - command: - [ - "sh", - "-c", - "grep -q 'registry' /mnt/hosts || echo 127.0.0.1 registry registry.loop >> /mnt/hosts", - ] - volumeMounts: - - name: hosts - mountPath: /mnt/hosts - containers: - - name: proxy - image: adrianliechti/loop-proxy - args: ["-port", "5000", "-target", "http://registry:5000"] - ports: - - containerPort: 5000 - hostIP: 127.0.0.1 - hostPort: 5000 - resources: {} - volumes: - - name: hosts - hostPath: - path: /etc/hosts From 4e884bdfe36adcaef4ce7add329850d5e2722eb0 Mon Sep 17 00:00:00 2001 From: Adrian Liechti Date: Tue, 13 Sep 2022 15:21:12 +0200 Subject: [PATCH 09/19] add hosts entries --- extension/registry/registry.go | 11 +-- extension/registry/registry.yaml | 133 +++++++++++++++++++++++++++++++ 2 files changed, 139 insertions(+), 5 deletions(-) create mode 100644 extension/registry/registry.yaml diff --git a/extension/registry/registry.go b/extension/registry/registry.go index af13415..7097928 100644 --- a/extension/registry/registry.go +++ b/extension/registry/registry.go @@ -2,20 +2,21 @@ package registry import ( "context" + _ "embed" + "strings" "github.com/adrianliechti/devkube/pkg/kubectl" ) -const ( - manifest = "https://raw.githubusercontent.com/adrianliechti/loop-registry/v0.1.0/kubernetes/install.yaml" -) +//go:embed registry.yaml +var manifest string func Install(ctx context.Context, kubeconfig, namespace string) error { if namespace == "" { namespace = "default" } - return kubectl.Invoke(ctx, []string{"apply", "-f", manifest}, kubectl.WithKubeconfig(kubeconfig), kubectl.WithNamespace(namespace), kubectl.WithDefaultOutput()) + return kubectl.Invoke(ctx, []string{"apply", "-f", "-"}, kubectl.WithKubeconfig(kubeconfig), kubectl.WithNamespace(namespace), kubectl.WithInput(strings.NewReader(manifest)), kubectl.WithDefaultOutput()) } func Uninstall(ctx context.Context, kubeconfig, namespace string) error { @@ -23,5 +24,5 @@ func Uninstall(ctx context.Context, kubeconfig, namespace string) error { namespace = "default" } - return kubectl.Invoke(ctx, []string{"delete", "-f", manifest}, kubectl.WithKubeconfig(kubeconfig), kubectl.WithNamespace(namespace), kubectl.WithDefaultOutput()) + return kubectl.Invoke(ctx, []string{"delete", "-f", "-"}, kubectl.WithKubeconfig(kubeconfig), kubectl.WithNamespace(namespace), kubectl.WithInput(strings.NewReader(manifest)), kubectl.WithDefaultOutput()) } diff --git a/extension/registry/registry.yaml b/extension/registry/registry.yaml new file mode 100644 index 0000000..15b4813 --- /dev/null +++ b/extension/registry/registry.yaml @@ -0,0 +1,133 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: registry + namespace: loop +spec: + secretName: registry-tls + dnsNames: + - registry.loop + - registry + - localhost + issuerRef: + name: root + kind: ClusterIssuer + group: cert-manager.io +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: registry + namespace: loop + labels: + app: registry +spec: + selector: + matchLabels: + app: registry + template: + metadata: + labels: + app: registry + spec: + containers: + - name: registry + image: adrianliechti/loop-registry + ports: + - containerPort: 5000 + volumeMounts: + - name: data + mountPath: /var/lib/registry + resources: {} + volumes: + - name: data + persistentVolumeClaim: + claimName: registry +--- +apiVersion: v1 +kind: Service +metadata: + name: registry + namespace: loop + labels: + app: registry +spec: + type: ClusterIP + selector: + app: registry + ports: + - name: http + port: 5000 + targetPort: 5000 +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: registry + namespace: loop + labels: + app: registry +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: registry-proxy + namespace: loop + labels: + app: registry-proxy +spec: + selector: + matchLabels: + app: registry-proxy + template: + metadata: + labels: + app: registry-proxy + spec: + initContainers: + - name: hosts-patcher + image: busybox + command: + [ + "sh", + "-c", + "grep -q 'registry' /mnt/hosts || echo 127.0.0.1 registry registry.loop >> /mnt/hosts", + ] + volumeMounts: + - name: hosts + mountPath: /mnt/hosts + containers: + - name: proxy + image: adrianliechti/loop-proxy:test + args: + [ + "-port", + "5000", + "-target", + "http://registry:5000", + "-key-file", + "certs/tls.key", + "-cert-file", + "certs/tls.crt", + ] + ports: + - containerPort: 5000 + hostIP: 127.0.0.1 + hostPort: 5000 + volumeMounts: + - name: certs + mountPath: "/app/certs" + resources: {} + volumes: + - name: certs + secret: + secretName: registry-tls + - name: hosts + hostPath: + path: /etc/hosts From bd8b7681a9f6edd53450dfb562e977e61701fcab Mon Sep 17 00:00:00 2001 From: Adrian Liechti Date: Tue, 13 Sep 2022 15:22:52 +0200 Subject: [PATCH 10/19] use offical image --- extension/registry/registry.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extension/registry/registry.yaml b/extension/registry/registry.yaml index 15b4813..0cf8c21 100644 --- a/extension/registry/registry.yaml +++ b/extension/registry/registry.yaml @@ -32,7 +32,7 @@ spec: spec: containers: - name: registry - image: adrianliechti/loop-registry + image: registry:2 ports: - containerPort: 5000 volumeMounts: From 40f3bf2ad8d172998def84258d203995ffbb09f8 Mon Sep 17 00:00:00 2001 From: Adrian Liechti Date: Tue, 13 Sep 2022 15:29:37 +0200 Subject: [PATCH 11/19] restart containerd --- extension/certmanager/ca-trust.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/extension/certmanager/ca-trust.yaml b/extension/certmanager/ca-trust.yaml index cd8e8ca..ec5d9ec 100644 --- a/extension/certmanager/ca-trust.yaml +++ b/extension/certmanager/ca-trust.yaml @@ -12,6 +12,7 @@ data: elif [ -d "/etc/pki/ca-trust/source/anchors" ]; then echo "$TRUSTED_CERT" > /etc/pki/ca-trust/source/anchors/ca.crt && update-ca-trust fi + systemctl restart containerd --- apiVersion: apps/v1 kind: DaemonSet From 5fb89d43a30489d0c21ec7ddaff421e20d939086 Mon Sep 17 00:00:00 2001 From: Adrian Liechti Date: Sat, 17 Sep 2022 18:12:55 +0200 Subject: [PATCH 12/19] restart containerd --- extension/certmanager/manifest.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/extension/certmanager/manifest.yaml b/extension/certmanager/manifest.yaml index d4ea793..3ce5144 100644 --- a/extension/certmanager/manifest.yaml +++ b/extension/certmanager/manifest.yaml @@ -71,3 +71,4 @@ spec: elif [ -d "/etc/pki/ca-trust/source/anchors" ]; then echo "$$(PLATFORM_CA)" > /etc/pki/ca-trust/source/anchors/platform-ca.crt && update-ca-trust fi + systemctl restart containerd From 3cee7a127f5243255b44dea364eecfe7b5a293ca Mon Sep 17 00:00:00 2001 From: Adrian Liechti Date: Sat, 17 Sep 2022 18:19:33 +0200 Subject: [PATCH 13/19] update readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 28858db..1f2ea3f 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,7 @@ devkube bootstraps feature-rich Kubernetes clusters locally using Docker or on a Batteries included +- [Registry](https://github.com/distribution/distribution) - image distribution - [Dashboard](https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/) - web-based user interface - [Cert-Manager](https://cert-manager.io)- certificate management - [Grafana](https://grafana.com/grafana/) - data observability From 8246dead880c3541b49f10c48b33a25d1b26032a Mon Sep 17 00:00:00 2001 From: Adrian Liechti Date: Sat, 17 Sep 2022 18:23:57 +0200 Subject: [PATCH 14/19] remove namespace --- extension/registry/registry.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/extension/registry/registry.yaml b/extension/registry/registry.yaml index 0cf8c21..66398fd 100644 --- a/extension/registry/registry.yaml +++ b/extension/registry/registry.yaml @@ -2,7 +2,6 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: registry - namespace: loop spec: secretName: registry-tls dnsNames: @@ -18,7 +17,6 @@ apiVersion: apps/v1 kind: Deployment metadata: name: registry - namespace: loop labels: app: registry spec: @@ -48,7 +46,6 @@ apiVersion: v1 kind: Service metadata: name: registry - namespace: loop labels: app: registry spec: @@ -64,7 +61,6 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: name: registry - namespace: loop labels: app: registry spec: @@ -78,7 +74,6 @@ apiVersion: apps/v1 kind: DaemonSet metadata: name: registry-proxy - namespace: loop labels: app: registry-proxy spec: From 7b3eb34b727ee3e102c8d0b028f93f19621fe1e3 Mon Sep 17 00:00:00 2001 From: Adrian Liechti Date: Sat, 17 Sep 2022 19:11:08 +0200 Subject: [PATCH 15/19] run registry on 127.88.0.10:443 --- app/cluster/cluster_registry.go | 10 +++--- extension/certmanager/manifest.yaml | 8 ++--- extension/registry/registry.yaml | 54 ++++++++++++++--------------- 3 files changed, 35 insertions(+), 37 deletions(-) diff --git a/app/cluster/cluster_registry.go b/app/cluster/cluster_registry.go index 40f9757..856b8d6 100644 --- a/app/cluster/cluster_registry.go +++ b/app/cluster/cluster_registry.go @@ -55,16 +55,16 @@ func RegistryCommand() *cli.Command { cli.Info() cli.Info() cli.Info("Push an image") - cli.Infof(" docker tag my-image localhost:%d/my-image", port) - cli.Infof(" docker push localhost:%d/my-image", port) - cli.Info() - cli.Info("Or using BuildKit:") cli.Infof(" docker tag my-image host.docker.internal:%d/my-image", port) cli.Infof(" docker push host.docker.internal:%d/my-image", port) cli.Info() + cli.Info("Push an image (not using BuildKit)") + cli.Infof(" docker tag my-image localhost:%d/my-image", port) + cli.Infof(" docker push localhost:%d/my-image", port) + cli.Info() cli.Info() - if err := kubectl.Invoke(c.Context, []string{"port-forward", "service/registry", fmt.Sprintf("%d:5000", port)}, kubectl.WithKubeconfig(kubeconfig), kubectl.WithNamespace(DefaultNamespace), kubectl.WithDefaultOutput()); err != nil { + if err := kubectl.Invoke(c.Context, []string{"port-forward", "service/registry", fmt.Sprintf("%d:80", port)}, kubectl.WithKubeconfig(kubeconfig), kubectl.WithNamespace(DefaultNamespace), kubectl.WithDefaultOutput()); err != nil { return err } diff --git a/extension/certmanager/manifest.yaml b/extension/certmanager/manifest.yaml index 3ce5144..4b26d99 100644 --- a/extension/certmanager/manifest.yaml +++ b/extension/certmanager/manifest.yaml @@ -53,7 +53,7 @@ spec: securityContext: privileged: true env: - - name: PLATFORM_CA + - name: ROOTCA valueFrom: secretKeyRef: name: platform-ca @@ -65,10 +65,10 @@ spec: - sh - -c - | - echo "$PLATFORM_CA" + echo "$ROOTCA" if [ -d "/usr/local/share/ca-certificates" ]; then - echo "$$(PLATFORM_CA)" > /usr/local/share/ca-certificates/platform-ca.crt && update-ca-certificates + echo "$ROOTCA" > /usr/local/share/ca-certificates/platform-ca.crt && update-ca-certificates elif [ -d "/etc/pki/ca-trust/source/anchors" ]; then - echo "$$(PLATFORM_CA)" > /etc/pki/ca-trust/source/anchors/platform-ca.crt && update-ca-trust + echo "$ROOTCA" > /etc/pki/ca-trust/source/anchors/platform-ca.crt && update-ca-trust fi systemctl restart containerd diff --git a/extension/registry/registry.yaml b/extension/registry/registry.yaml index 66398fd..21a48d3 100644 --- a/extension/registry/registry.yaml +++ b/extension/registry/registry.yaml @@ -2,6 +2,8 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: registry + labels: + app: registry spec: secretName: registry-tls dnsNames: @@ -9,7 +11,7 @@ spec: - registry - localhost issuerRef: - name: root + name: platform kind: ClusterIssuer group: cert-manager.io --- @@ -54,7 +56,7 @@ spec: app: registry ports: - name: http - port: 5000 + port: 80 targetPort: 5000 --- kind: PersistentVolumeClaim @@ -85,36 +87,35 @@ spec: labels: app: registry-proxy spec: + hostPID: true initContainers: - - name: hosts-patcher + - name: init image: busybox + securityContext: + privileged: true command: - [ - "sh", - "-c", - "grep -q 'registry' /mnt/hosts || echo 127.0.0.1 registry registry.loop >> /mnt/hosts", - ] - volumeMounts: - - name: hosts - mountPath: /mnt/hosts + - nsenter + - --mount=/proc/1/ns/mnt + - -- + - sh + - -c + - "grep -q 'registry' /etc/hosts || echo 127.88.0.10 registry registry.loop >> /etc/hosts" containers: - name: proxy - image: adrianliechti/loop-proxy:test + image: adrianliechti/loop-proxy args: - [ - "-port", - "5000", - "-target", - "http://registry:5000", - "-key-file", - "certs/tls.key", - "-cert-file", - "certs/tls.crt", - ] + - "-port" + - "443" + - "-target" + - "http://registry" + - "-key-file" + - "certs/tls.key" + - "-cert-file" + - "certs/tls.crt" ports: - - containerPort: 5000 - hostIP: 127.0.0.1 - hostPort: 5000 + - containerPort: 443 + hostIP: 127.88.0.10 + hostPort: 443 volumeMounts: - name: certs mountPath: "/app/certs" @@ -123,6 +124,3 @@ spec: - name: certs secret: secretName: registry-tls - - name: hosts - hostPath: - path: /etc/hosts From 80f7735f3fa28341caa777589d2177c8df0850f3 Mon Sep 17 00:00:00 2001 From: Adrian Liechti Date: Sat, 17 Sep 2022 19:13:43 +0200 Subject: [PATCH 16/19] align with cert-manager --- extension/registry/registry.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/extension/registry/registry.go b/extension/registry/registry.go index 7097928..73107f4 100644 --- a/extension/registry/registry.go +++ b/extension/registry/registry.go @@ -8,8 +8,10 @@ import ( "github.com/adrianliechti/devkube/pkg/kubectl" ) -//go:embed registry.yaml -var manifest string +var ( + //go:embed registry.yaml + manifest string +) func Install(ctx context.Context, kubeconfig, namespace string) error { if namespace == "" { From 6272fe82c3d2ed726a6743c42bd4b18ddf68f704 Mon Sep 17 00:00:00 2001 From: Adrian Liechti Date: Sat, 17 Sep 2022 20:38:24 +0200 Subject: [PATCH 17/19] fix cert-manager for aws --- extension/certmanager/certmanager.go | 33 ++++++++++++++++++++++++++++ extension/metrics/metrics.go | 1 + 2 files changed, 34 insertions(+) diff --git a/extension/certmanager/certmanager.go b/extension/certmanager/certmanager.go index 3d37f0b..b4930a4 100644 --- a/extension/certmanager/certmanager.go +++ b/extension/certmanager/certmanager.go @@ -7,6 +7,10 @@ import ( "github.com/adrianliechti/devkube/pkg/helm" "github.com/adrianliechti/devkube/pkg/kubectl" + "github.com/adrianliechti/devkube/pkg/kubernetes" + + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) const ( @@ -30,6 +34,18 @@ func Install(ctx context.Context, kubeconfig, namespace string) error { namespace = certmanagerNamespace1 + client, err := kubernetes.NewFromConfig(kubeconfig) + + if err != nil { + return err + } + + nodes, err := client.CoreV1().Nodes().List(ctx, metav1.ListOptions{}) + + if err != nil { + return err + } + values := map[string]any{ "installCRDs": true, @@ -40,6 +56,13 @@ func Install(ctx context.Context, kubeconfig, namespace string) error { }, } + if isAWS(nodes.Items) { + values["webhook"] = map[string]any{ + "securePort": 10260, + "hostNetwork": true, + } + } + if err := helm.Install(ctx, certmanager, certmanagerRepo, certmanagerChart, certmanagerVersion, values, helm.WithKubeconfig(kubeconfig), helm.WithNamespace(namespace), helm.WithWait(true), helm.WithDefaultOutput()); err != nil { return err } @@ -68,3 +91,13 @@ func Uninstall(ctx context.Context, kubeconfig, namespace string) error { return nil } + +func isAWS(nodes []corev1.Node) bool { + for _, node := range nodes { + if strings.HasPrefix(node.Spec.ProviderID, "aws://") { + return true + } + } + + return false +} diff --git a/extension/metrics/metrics.go b/extension/metrics/metrics.go index 63a0190..60e4628 100644 --- a/extension/metrics/metrics.go +++ b/extension/metrics/metrics.go @@ -5,6 +5,7 @@ import ( "github.com/adrianliechti/devkube/pkg/helm" "github.com/adrianliechti/devkube/pkg/kubernetes" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) From c0a2f938ed532e85d7de32a2bb32c359b077a547 Mon Sep 17 00:00:00 2001 From: Adrian Liechti Date: Sun, 18 Sep 2022 14:56:13 +0200 Subject: [PATCH 18/19] also run registry with https --- app/cluster/cluster_registry.go | 2 +- extension/registry/registry.yaml | 30 ++++++++++++++++++++++++++++-- 2 files changed, 29 insertions(+), 3 deletions(-) diff --git a/app/cluster/cluster_registry.go b/app/cluster/cluster_registry.go index 856b8d6..701682a 100644 --- a/app/cluster/cluster_registry.go +++ b/app/cluster/cluster_registry.go @@ -12,7 +12,7 @@ import ( func RegistryCommand() *cli.Command { return &cli.Command{ Name: "registry", - Usage: "Connect Grafana", + Usage: "Connect Registry", Flags: []cli.Flag{ app.ProviderFlag, diff --git a/extension/registry/registry.yaml b/extension/registry/registry.yaml index 21a48d3..02bb39f 100644 --- a/extension/registry/registry.yaml +++ b/extension/registry/registry.yaml @@ -33,16 +33,39 @@ spec: containers: - name: registry image: registry:2 + env: + - name: REGISTRY_HTTP_ADDR + value: 0.0.0.0:80 ports: - - containerPort: 5000 + - containerPort: 80 volumeMounts: - name: data mountPath: /var/lib/registry resources: {} + - name: proxy + image: adrianliechti/loop-proxy + args: + - "-port" + - "443" + - "-target" + - "http://localhost" + - "-key-file" + - "certs/tls.key" + - "-cert-file" + - "certs/tls.crt" + ports: + - containerPort: 443 + volumeMounts: + - name: certs + mountPath: "/app/certs" + resources: {} volumes: - name: data persistentVolumeClaim: claimName: registry + - name: certs + secret: + secretName: registry-tls --- apiVersion: v1 kind: Service @@ -57,7 +80,10 @@ spec: ports: - name: http port: 80 - targetPort: 5000 + targetPort: 80 + - name: https + port: 443 + targetPort: 443 --- kind: PersistentVolumeClaim apiVersion: v1 From 0adfc7807265a922d3527485638287d673dc9ee1 Mon Sep 17 00:00:00 2001 From: Adrian Liechti Date: Sun, 18 Sep 2022 15:32:18 +0200 Subject: [PATCH 19/19] apply ca changes --- extension/registry/registry.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extension/registry/registry.yaml b/extension/registry/registry.yaml index 02bb39f..5ff6c42 100644 --- a/extension/registry/registry.yaml +++ b/extension/registry/registry.yaml @@ -12,7 +12,7 @@ spec: - localhost issuerRef: name: platform - kind: ClusterIssuer + kind: Issuer group: cert-manager.io --- apiVersion: apps/v1