Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add checkpoint uds-core slim package #818

Merged
merged 53 commits into from
Nov 18, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
53 commits
Select commit Hold shift + click to select a range
80a9892
feat: add frozen uds-core slim package
Racer159 Sep 25, 2024
59d8999
lint
Racer159 Sep 25, 2024
2b74bd5
tune this for speed
Racer159 Sep 26, 2024
895d53a
swap to checkpoint
Racer159 Sep 27, 2024
68a03ae
add release workflow
Racer159 Sep 27, 2024
7a09a33
Merge branch 'main' into gotta-go-fast
Racer159 Sep 27, 2024
7d86107
add testing
Racer159 Sep 27, 2024
a853265
add id token write back
Racer159 Sep 27, 2024
6af295e
install uds wo brew
Racer159 Sep 27, 2024
c1e3e54
install uds wo brew
Racer159 Sep 27, 2024
c1a457e
fix oci
Racer159 Sep 27, 2024
88e0aa6
fixup version var
Racer159 Sep 27, 2024
6e24a4a
fix version
Racer159 Sep 27, 2024
db1aeef
slim istio validate
Racer159 Sep 28, 2024
7cff415
add npm ci
Racer159 Sep 28, 2024
9296753
make a slim dev test
Racer159 Sep 28, 2024
98bd274
fix save logs
Racer159 Sep 28, 2024
964786b
lint
Racer159 Sep 28, 2024
4788325
swap back checkpoint workflow
Racer159 Sep 28, 2024
a05b23c
Merge branch 'main' into gotta-go-fast
Racer159 Sep 30, 2024
34235c9
Merge branch 'main' into gotta-go-fast
Racer159 Sep 30, 2024
d8a12b2
Merge branch 'main' into gotta-go-fast
Racer159 Oct 1, 2024
e34b0de
initial feedback
Racer159 Oct 1, 2024
ca35214
Merge branch 'main' into gotta-go-fast
Racer159 Oct 1, 2024
2211d71
add docs
Racer159 Oct 1, 2024
b3cb482
refine README
Racer159 Oct 1, 2024
d1abeee
fix lil string
Racer159 Oct 2, 2024
d84c408
fix last bits
Racer159 Oct 2, 2024
4046f6f
revert checkpoint workflow
Racer159 Oct 2, 2024
cb9db50
Update packages/checkpoint-dev/zarf.yaml
Racer159 Oct 2, 2024
3adc01d
produce a downloadable artifact
Racer159 Oct 2, 2024
2b0c083
fix permissions
Racer159 Oct 2, 2024
43a4ec2
fix docker load
Racer159 Oct 2, 2024
830b978
Merge branch 'main' into gotta-go-fast
Racer159 Oct 2, 2024
e72901a
Merge branch 'main' into gotta-go-fast
Racer159 Oct 4, 2024
401d88c
Update packages/checkpoint-dev/zarf.yaml
Racer159 Oct 4, 2024
aaea091
Merge branch 'main' into gotta-go-fast
Racer159 Oct 4, 2024
5cb166b
Merge branch 'main' into gotta-go-fast
Racer159 Oct 8, 2024
2336dc7
Merge branch 'main' into gotta-go-fast
Racer159 Oct 11, 2024
1dcf64f
Merge branch 'main' into gotta-go-fast
Racer159 Nov 8, 2024
49df255
fix lint and allow testing in PRs
Racer159 Nov 8, 2024
4abd35f
fix errors
Racer159 Nov 8, 2024
d2bd669
Merge branch 'main' into gotta-go-fast
Racer159 Nov 8, 2024
370187a
fixup tasks
Racer159 Nov 8, 2024
259c7d7
remove upload artifact
Racer159 Nov 8, 2024
5fb3d78
add caution to docs
Racer159 Nov 8, 2024
1fe2eeb
Update packages/checkpoint-dev/README.md
Racer159 Nov 8, 2024
78e98db
Merge branch 'main' into gotta-go-fast
Racer159 Nov 8, 2024
0abad6e
feedback
Racer159 Nov 8, 2024
a4c50a9
Merge branch 'main' into gotta-go-fast
mjnagel Nov 9, 2024
e26117d
add to release please
Racer159 Nov 18, 2024
f92050d
Merge branch 'main' into gotta-go-fast
Racer159 Nov 18, 2024
2878382
add correct version:
Racer159 Nov 18, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
72 changes: 72 additions & 0 deletions .github/workflows/checkpoint.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
# Copyright 2024 Defense Unicorns
# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial

name: Checkpoint UDS Core

on:
pull_request:
# milestoned is added here as a workaround for release-please not triggering PR workflows (PRs should be added to a milestone to trigger the workflow).
types: [milestoned, opened, reopened, synchronize]
mjnagel marked this conversation as resolved.
Show resolved Hide resolved
paths:
- packages/checkpoint-dev/**
- .github/workflows/checkpoint**
- tasks/test.yaml
- "!**/*.md"
- "!**.jpg"
- "!**.png"
- "!**.gif"
- "!**.svg"
# triggered by tag-and-release.yaml
workflow_call:

jobs:
checkpoint:
strategy:
matrix:
architecture: [amd64, arm64]
runs-on: ${{ matrix.architecture == 'arm64' && 'uds-ubuntu-arm64-4-core' || 'uds-ubuntu-big-boy-4-core' }}
mjnagel marked this conversation as resolved.
Show resolved Hide resolved
name: UDS Core Checkpoint

permissions:
contents: read
packages: write
id-token: write # This is needed for OIDC federation.

steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

- name: Environment setup
uses: ./.github/actions/setup
with:
registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
ghToken: ${{ secrets.GITHUB_TOKEN }}
chainguardIdentity: ${{ secrets.CHAINGUARD_IDENTITY }}

- name: Deploy K3d + UDS Core Slim Bundle
run: |
uds run -f tasks/deploy.yaml latest-slim-bundle-release --no-progress

- name: Create Checkpoint Package
run: |
uds run -f tasks/create.yaml checkpoint-dev-package --no-progress

- name: Test Checkpoint Package
run: |
uds run -f tasks/deploy.yaml checkpoint-package --no-progress
npm ci
uds run test:slim-dev --no-progress

- name: Debug Output
if: always()
uses: ./.github/actions/debug-output

- name: Publish Checkpoint Package
if: ${{ github.event_name == 'workflow_call' }}
run: uds run -f tasks/publish.yaml checkpoint-package --no-progress

- name: Save logs
if: always()
uses: ./.github/actions/save-logs
with:
suffix: -${{ matrix.architecture }}
3 changes: 3 additions & 0 deletions .github/workflows/slim-dev-test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ on:
- packages/identity-authorization/**
- bundles/k3d-slim-dev/**
- .github/workflows/slim-dev**
- tasks/test.yaml
- "!**/*.md"
- "!**.jpg"
- "!**.png"
Expand Down Expand Up @@ -52,6 +53,8 @@ jobs:
uses: ./.github/actions/setup
- name: Deploy Slim Dev Bundle
run: uds run slim-dev --no-progress
- name: Test Slim Dev Bundle
run: uds run test:slim-dev --no-progress
- name: Debug Output
if: ${{ always() }}
uses: ./.github/actions/debug-output
Expand Down
9 changes: 9 additions & 0 deletions .github/workflows/tag-and-release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -32,3 +32,12 @@ jobs:
with:
snapshot: false
secrets: inherit

checkpoint-uds-core-release:
needs: publish-uds-core-release
permissions:
contents: read
packages: write
id-token: write
uses: ./.github/workflows/checkpoint.yaml
secrets: inherit
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,9 @@ extract-terraform.sh
**/.terraform*
cluster-config.yaml
**.tfstate

*.tar

**.backup
**/.playwright/**
**/.playwright
6 changes: 6 additions & 0 deletions packages/base/tasks.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,12 @@ includes:

tasks:
- name: validate
inputs:
validate_passthrough:
description: Whether to validate the passthrough gateway
default: "true"
actions:
- task: istio:validate
with:
validate_passthrough: ${{ .inputs.validate_passthrough }}
- task: pepr:validate
34 changes: 34 additions & 0 deletions packages/checkpoint-dev/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
# K3d + UDS Core Slim Dev Checkpoint

This is a special Zarf package that takes a running K3d cluster (named `uds`) and wraps its committed container and volumes into a zarf package.

> [!CAUTION]
> This package does not currently work on macOS due to some limitations with filesystem permissions.

## Creating this package

In order to create this package you must follow the following:

1. Setup a K3d cluster (named `uds`) containing the contents you'd like to checkpoint

> [!NOTE]
> The intent for this package is that those contents are the `uds dev stack`, `zarf init` and the `core-slim-dev` package (`core-base` and `core-identity-authorization`).

2. Run `uds zarf package create <path-to-zarf-yaml> --confirm` on the Zarf Package in this directory

> [!IMPORTANT]
> This package requires `sudo` to create and deploy currently - if you see a prompt and it seems stalled it is waiting for password input (hidden by the spinner)

## Deploying this package

Once you have a package with the contents you want created you can deploy it with:

```
uds zarf package deploy <path-to-zarf-tarball> --confirm
```

> [!IMPORTANT]
> This package requires `sudo` to deploy and create currently - if you see a prompt and it seems stalled it is waiting for password input (hidden by the spinner)

> [!NOTE]
> The pre-reqs for this package are the same as `uds-k3d` and you do not need to have a cluster running prior to deploying it.
77 changes: 77 additions & 0 deletions packages/checkpoint-dev/checkpoint.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
#!/bin/bash

# Copyright 2024 Defense Unicorns
# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial

# Name of the running k3d container
K3S_CONTAINER="k3d-uds-server-0"

if [ -z "$TMPDIR" ]; then
# macOS sets TMPDIR to a user temp directory - this also provides more options to linux
TMPDIR="/tmp"
fi
DATA_DIR="${TMPDIR}/uds-checkpoint-data"

# Step 0: Ensure we can get sudo
echo "This package requires elevated permissions to create - requesting sudo (if paused enter password)"
sudo echo "got sudo! success!"

# Step 1: Get the container ID of the running k3d container
CONTAINER_ID=$(docker ps -qf "name=$K3S_CONTAINER")

if [ -z "$CONTAINER_ID" ]; then
echo "No running container found for $K3S_CONTAINER"
exit 1
fi

# Step 2: Get the mounted volumes of the running container
echo "Inspecting container volumes for $CONTAINER_ID..."
VOLUMES=$(docker inspect -f '{{ json .Mounts }}' "$CONTAINER_ID" | jq)

# Step 3: Prepare directories to save the volume data
sudo rm -rf "$DATA_DIR"
mkdir -p "${DATA_DIR}/kubelet_data" "${DATA_DIR}/k3s_data"

# Step 4: Loop through volumes and copy data to corresponding directories
echo "Copying volumes to local directories..."

for row in $(echo "$VOLUMES" | jq -r '.[] | @base64'); do
_jq() {
echo "${row}" | base64 --decode | jq -r "${1}"
}

SOURCE=$(_jq '.Source')
DESTINATION=$(_jq '.Destination')

case "$DESTINATION" in
"/var/lib/kubelet")
echo "Copying $SOURCE to ${DATA_DIR}/kubelet_data/"
sudo cp -a "$SOURCE"/. "${DATA_DIR}/kubelet_data/"
;;
"/var/lib/rancher/k3s")
echo "Copying $SOURCE to ${DATA_DIR}/k3s_data/"
sudo cp -a "$SOURCE"/. "${DATA_DIR}/k3s_data/"
;;
Racer159 marked this conversation as resolved.
Show resolved Hide resolved
*)
echo "$DESTINATION is not needed. Skipping..."
;;
esac
done

# Step 5: Commit and save the current container as a new image
IMAGE_NAME="ghcr.io/defenseunicorns/uds-core/checkpoint:latest"
echo "Committing container $CONTAINER_ID to image $IMAGE_NAME:latest..."
docker commit -p "$CONTAINER_ID" "$IMAGE_NAME"

echo "Saving image to ${DATA_DIR}/uds-k3d-checkpoint-latest.tar..."
sudo docker save -o "${DATA_DIR}/uds-k3d-checkpoint-latest.tar" "$IMAGE_NAME"

echo "Container image saved to ${DATA_DIR}/uds-k3d-checkpoint-latest.tar"

# Step 6: Create a tarball from the data contents
echo "Creating a final tarball to include in the package"
sudo tar --blocking-factor=64 -cpf uds-checkpoint.tar -C "$DATA_DIR" .

echo "Successfully checkpointed the cluster!"

exit 0
97 changes: 97 additions & 0 deletions packages/checkpoint-dev/zarf.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
# Copyright 2024 Defense Unicorns
# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial

kind: ZarfPackageConfig
metadata:
name: k3d-core-slim-dev
description: "Rehydratable UDS K3d + UDS Core Slim (Istio, UDS Operator and Keycloak) Checkpoint"
authors: "Defense Unicorns - Product"
# x-release-please-start-version
version: "0.31.2"
# x-release-please-end

variables:
- name: CLUSTER_NAME
description: "Name of the cluster"
default: "uds"

- name: K3D_EXTRA_ARGS
description: "Optionally pass k3d arguments to the default"
default: ""

- name: NGINX_EXTRA_PORTS
description: "Optionally allow more ports through Nginx (combine with K3D_EXTRA_ARGS '-p <port>:<port>@server:*')"
default: "[]"

components:
- name: destroy-cluster
required: true
description: "Optionally destroy the cluster before creating it"
actions:
onDeploy:
before:
- cmd: |
echo "This package requires elevated permissions to deploy - requesting sudo (if paused enter password)"
sudo echo "got sudo! success!"
- cmd: k3d cluster delete ${ZARF_VAR_CLUSTER_NAME}
description: "Destroy the cluster"
- cmd: |
sudo rm -rf data
Racer159 marked this conversation as resolved.
Show resolved Hide resolved

- name: create-cluster
required: true
description: "Create the K3d cluster w/UDS Core pre-installed"
files:
- source: uds-checkpoint.tar
target: uds-checkpoint.tar
actions:
onCreate:
before:
- cmd: ./checkpoint.sh
onSuccess:
- cmd: |
if [ -z "$TMPDIR" ]; then
# macOS sets TMPDIR to a user temp directory - this also provides more options to linux
TMPDIR="/tmp"
fi
DATA_DIR="${TMPDIR}/uds-checkpoint-data"
sudo rm -rf "$DATA_DIR" uds-checkpoint.tar
onDeploy:
after:
- cmd: |
if [ -z "$TMPDIR" ]; then
# macOS sets TMPDIR to a user temp directory - this also provides more options to linux
TMPDIR="/tmp"
fi
DATA_DIR="${TMPDIR}/uds-checkpoint-data"
mkdir -p "$DATA_DIR"

sudo tar --blocking-factor=64 -xpf uds-checkpoint.tar -C "$DATA_DIR"
K8S_TOKEN="$(sudo cat ${DATA_DIR}/k3s_data/server/token)"
echo $K8S_TOKEN
sudo docker load -i "${DATA_DIR}/uds-k3d-checkpoint-latest.tar"

k3d cluster create \
-p "80:80@server:*" \
-p "443:443@server:*" \
--api-port 6550 \
--k3s-arg "--disable=traefik@server:*" \
--k3s-arg "--disable=metrics-server@server:*" \
--k3s-arg "--disable=servicelb@server:*" \
--k3s-arg "--disable=local-storage@server:*" \
--k3s-arg "--token=${K8S_TOKEN}@server:*" \
-v "${DATA_DIR}/kubelet_data:/var/lib/kubelet@server:*" \
-v "${DATA_DIR}/k3s_data:/var/lib/rancher/k3s@server:*" \
--image ghcr.io/defenseunicorns/uds-core/checkpoint:latest ${ZARF_VAR_K3D_EXTRA_ARGS} \
${ZARF_VAR_CLUSTER_NAME}
description: "Create the cluster"
# This action waits on Keycloak since it is the slowest pod to start after cluster creation. By waiting on it, we guarantee the cluster is healthy and usable after deployment.
- description: Keycloak to be Healthy
wait:
cluster:
kind: Pod
name: app.kubernetes.io/name=keycloak
namespace: keycloak
condition: Ready
Racer159 marked this conversation as resolved.
Show resolved Hide resolved
Racer159 marked this conversation as resolved.
Show resolved Hide resolved
onSuccess:
- cmd: rm -f uds-checkpoint.tar
1 change: 1 addition & 0 deletions release-please-config.json
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
"versioning": "default",
"extra-files": [
"README.md",
"packages/checkpoint-dev/zarf.yaml",
"packages/base/zarf.yaml",
"packages/identity-authorization/zarf.yaml",
"packages/logging/zarf.yaml",
Expand Down
5 changes: 5 additions & 0 deletions src/istio/tasks.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,10 @@

tasks:
- name: validate
inputs:
validate_passthrough:
description: Whether to validate the passthrough gateway
default: "true"
actions:
- description: Validate the Istio Admin Gateway
wait:
Expand All @@ -12,6 +16,7 @@ tasks:
namespace: istio-admin-gateway

- description: Validate the Istio Passthrough Gateway
if: ${{ eq .inputs.validate_passthrough "true" }}
wait:
cluster:
kind: Gateway
Expand Down
6 changes: 6 additions & 0 deletions tasks/create.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,12 @@ tasks:
- description: "Create the slim dev bundle (Base and Identity)"
cmd: "uds create bundles/k3d-slim-dev --confirm --no-progress --architecture=${ZARF_ARCHITECTURE}"

- name: checkpoint-dev-package
description: "Create the K3d + UDS Core Checkpoint Zarf Package"
actions:
- description: "Create the UDS Core Checkpoint Zarf Package"
cmd: "uds zarf package create packages/checkpoint-dev --confirm --no-progress --skip-sbom"

# This task is a wrapper to support --set LAYER=identity-authorization
- name: single-layer-callable
actions:
Expand Down
10 changes: 10 additions & 0 deletions tasks/deploy.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,17 @@ tasks:
- description: "Deploy the latest UDS Core package release"
cmd: uds zarf package deploy oci://${TARGET_REPO}/core:${LATEST_VERSION} --confirm --no-progress --components '*'

- name: latest-slim-bundle-release
actions:
- description: "Deploy the latest UDS Core package release"
cmd: uds deploy oci://ghcr.io/defenseunicorns/packages/uds/bundles/k3d-core-slim-dev:latest --set INSECURE_ADMIN_PASSWORD_GENERATION=true --confirm --no-progress

- name: standard-package
actions:
- description: "Deploy the standard UDS Core zarf package"
cmd: uds zarf package deploy build/zarf-package-core-${UDS_ARCH}-${VERSION}.tar.zst --confirm --no-progress --components '*'

- name: checkpoint-package
actions:
- description: "Deploy the checkpoint K3d + UDS Core Slim zarf package"
cmd: uds zarf package deploy build/zarf-package-k3d-core-slim-dev-${UDS_ARCH}-${VERSION}.tar.zst --confirm --no-progress
Loading