-
Notifications
You must be signed in to change notification settings - Fork 873
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feat: add step definitions to support deploying static site on OSS #5524
base: master
Are you sure you want to change the base?
Feat: add step definitions to support deploying static site on OSS #5524
Conversation
Signed-off-by: Yuedong Wu <dwcn22@outlook.com>
Codecov ReportBase: 61.33% // Head: 61.42% // Increases project coverage by
Additional details and impacted files@@ Coverage Diff @@
## master #5524 +/- ##
==========================================
+ Coverage 61.33% 61.42% +0.08%
==========================================
Files 310 311 +1
Lines 47313 47919 +606
==========================================
+ Hits 29021 29432 +411
- Misses 15290 15429 +139
- Partials 3002 3058 +56
Flags with carried forward coverage won't be shown. Click here to find out more.
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
// +usage=Specify the credentials to access alibaba oss | ||
accessKey: { | ||
id: string | ||
secret: string |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this will make the secret to be plaintext, it's dangerous, can we use the secret mount ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can provide secretRef
field, perhaps like this:
accessKey: close({
id: string
secret: string
}) | close({
secretRef: {
// +usage=name is the name of the secret
name: string
// +usage=keyId is the key of oss access id in the secret
keyId: string
// +usage=keySecret is the key of oss access secret in the secret
keySecret: string
}
})
Now the user can use either secret or plaintext.
Signed-off-by: Yuedong Wu <dwcn22@outlook.com>
7143f30
to
b7a01a0
Compare
Signed-off-by: Yuedong Wu <dwcn22@outlook.com>
Signed-off-by: Yuedong Wu <dwcn22@outlook.com>
"vela/op" | ||
) | ||
|
||
"build-source-code": { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We currently support the step called build-push-image
which uses kaniko to build images, maybe you can add the pvc capability in that step instead of creating a new one?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK, I'll try to make some adaptions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In that way, how can we get the generated build artifacts like the yarn build
output files? Do we need kaniko's capability to build container images?
I've tried to deploy a app using step build-push-image
and component webservice
per this guide, and the process is simple and smooth enough. Users probably will rarely have such a need to persist files for later extra upload...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmmmm, your step will only build the code but not the image, right? Maybe it should be separated with the step build-push-image
, but a general step for code building is hard since there're multiple languages, I'm not sure if there're some mature tools in the community that we can combine with.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- I found that kaniko can also specify the arg like
--destination=/output
to persist the generated files in volume. - If only need to build code, maybe using a container is enough. The user provides a dockerfile to specify the base image and build commands in steps.
- For multiple langs support, no suitable tools were found yet. I found that most of them are cicd platforms.
I currently think of two possible options for code building, one is user provides a dockerfile
, or user provides the base image
and build cmd
which is the current draft implementation.
Description of your changes
Fixes #3898
I have:
make reviewable
to ensure this PR is ready for review.backport release-x.y
labels to auto-backport this PR if necessary.Design of WorkflowStep
We design two workflow steps, mainly using cue actions to operate Kubernetes objects.
1 build-source-code.cue
op.#Apply
a PersistentVolumeClaim for a Job to mountname
andstorageClassName
by the input parameterstorageClassName
will specify which StorageClass that PVC will useop.#Apply
a JobclaimName
andmountPath
mountPath
op.#Log
to collect Job's log usinglabelSelector
op.#ConditionalWait
for Job successfully created and executed2 upload-to-bucket.cue
op.#Steps
to combine a set of operations to get the accessKey(id
andsecret
).op.#Apply
a JobclaimName
andmountPath
op.#Log
to collect Job's log usinglabelSelector
op.#ConditionalWait
for Job successfully created and executedHow has this code been tested
From the user's perspective, you can use these two workflow steps without any Components if you already have an OSS bucket ready to host a static site.
YAML example
Or you can use them with the Component
alibaba-oss-website
to create an OSS bucket for you and config the static site setting. Don't forget to useinputs
andoutputs
to pass data between workflow steps for simplification.YAML example
Special notes for your reviewer
Still WIP, I'll mark it ready to review if ready.
Followup works
annotations
,labels
field. like thisKnown issues
For security reasons, the policy for "accessing OSS static web page" had changed. When accessing the default domain name(
https://{bucket_name}.oss-cn-hangzhou.aliyuncs.com
) via browser, files will be downloaded as attachments, rather than previewed directly.Source link
In this situation, the user should have a custom domain name in advance and bind it with the bucket. And it seems that the process needs the user to operate manually on the portal website.
In our original design(#3898 (comment)), "the endpoint should be printed after the whole process is finished". Now, the accessible endpoint is the user's domain name, it seems like the user doesn't need the default endpoint anymore.
Improvements outlook