Combined Porch Commit

Streamline Docker Image Building (kptdev#2752)

* Use the same naming pattern
* Enable nested Makefiles to inherit values from parent
* Enable explicit image tagging (i.e. using
  `IMAGE_TAG=$(git rev-parse --short HEAD) make build-images`
* Enable `make build-images` and `make push-images`

Run Porch With Consistent Working Dir (kptdev#2753)

`go run` doesn't support setting working directory; use `go build`
instead.

Add subpkgs test for porch (kptdev#2754)

* Add subpkgs test for porch

* Add runtime

Basic e2e Test (kptdev#2755)

* Basic e2e Test
* Simple harness to reduce some boilerplate
* Add a simple git repo test

Refactor Server Startup (kptdev#2770)

* Start background processing in Run function
* Shut down when stopCh is closed

Tidy in 1.17 compatible mode (kptdev#2769)

Occasionally `make tidy` fails complaining about 1.16 vs. 1.17 golang;
this should keep our mods 1.17 compatible with fewer `make tidy`
failures.

Create Engine using Options (kptdev#2771)

Create options for the common engine configuration options.

Support lazy credential resolution (kptdev#2772)

* Add CredentialResolver interface
* Add WithCredentialResolver engine option
* Use lazy credential resolution when interacting with Git

Pass Context to OpenRepository (kptdev#2773)

Use Context to Drive Server Shutdown (kptdev#2774)

Turns out k8s apiserver supports both and we can get the core context to
listen on instead of just getting the close channel.

Clean up Required/Optional API Fields (kptdev#2778)

Git branch and directory can be optional (defaulting to `main` and `/` respectively,
while `SecretRef.Name` is required since nameless secret reference is unhelpful.

Easier deployment onto GKE (kptdev#2776)

Support Creating Porch Deployment Config (kptdev#2777)

* Create `deployment-config` and `push-and-deploy` make targets
* Use kpt function to set images on the deployment config

Update Porch Deployment and Instructions (kptdev#2782)

* Set workload identity service accounts via set-annotations
* Simplify instructions
* Build at Git tag
* Combine Deployment Config in Same Directory
* Rename config files, assign 0 to CRDs.
* `kubectl apply` recursively just in case we add more config later

Use controller-gen v0.8.0 (kptdev#2780)

Use consistent version of controller-gen (v0.8.0)
crd:preserveUnknownFields marker has been removed (`false` was the
required value for v1 CRDs).

Set renderer when building CaDEngine (kptdev#2787)

Otherwise we crash when trying to render a package.

Fix missing error handling (kptdev#2784)

We weren't checking errors when building a CaDEngine.

Fix small typo (kptdev#2793)

Don't call into kpt render if we don't have a package (kptdev#2788)

When creating an empty package, we get an error otherwise (as kpt
render doesn't work if it doesn't have a package).

porch/.dockerignore

@@ -1,3 +1,4 @@
 .build/
 .cache/
 default.etcd/
+apiserver.local.config/

porch/Makefile

@@ -15,10 +15,13 @@
 KUBECONFIG=$(CURDIR)/hack/local/kubeconfig
 BUILDDIR=$(CURDIR)/.build
 CACHEDIR=$(CURDIR)/.cache
+DEPLOYCONFIGDIR=$(BUILDDIR)/deploy
 MODULES = $(shell find . -path ./.build -prune -o -path ./.cache -prune -o -name 'go.mod' -print)
 
 # GCP project to use for development
-GCP_PROJECT_ID ?= $(shell gcloud config get-value project)
+export GCP_PROJECT_ID ?= $(shell gcloud config get-value project)
+export IMAGE_REPO ?= gcr.io/$(GCP_PROJECT_ID)
+export IMAGE_TAG ?= latest
 
 .PHONY: all
 all: stop network start-etcd start-kube-apiserver start-function-runner run-local
@@ -80,15 +83,15 @@ start-function-runner:
 	  --network=porch \
 	  --ip 192.168.8.202 \
 	  --name function-runner \
-	  function-runner
+	  gcr.io/$(GCP_PROJECT_ID)/function-runner:latest
 
 .PHONY: generate
 generate: $(MODULES)
 	@for f in $(^D); do (cd $$f; echo "Generating $$f"; go generate -v ./...) || exit 1; done
 
 .PHONY: tidy
 tidy: $(MODULES)
-	@for f in $(^D); do (cd $$f; echo "Tidying $$f"; go mod tidy) || exit 1; done
+	@for f in $(^D); do (cd $$f; echo "Tidying $$f"; go mod tidy -compat=1.17) || exit 1; done
 
 .PHONY: test
 test: $(MODULES)
@@ -103,11 +106,13 @@ vet: $(MODULES)
 fmt: $(MODULES)
 	@for f in $(^D); do (cd $$f; echo "Formatting $$f"; gofmt -s -w .); done
 
+PORCH = $(BUILDDIR)/porch
+
 .PHONY: run-local
-run-local:
+run-local: porch
 	KUBECONFIG=$(KUBECONFIG) kubectl apply -f hack/local/localconfig.yaml
 	KUBECONFIG=$(KUBECONFIG) kubectl apply -f controllers/pkg/apis/porch/v1alpha1/
-	cd apiserver; go run ./cmd/porch \
+	$(PORCH) \
 	--secure-port 9443 \
 	--standalone-debug-mode \
 	--kubeconfig="$(KUBECONFIG)" \
@@ -120,7 +125,7 @@ run-jaeger:
 
 .PHONY: porch
 porch:
-	cd apiserver; go build ./cmd/porch
+	cd apiserver; go build -o $(PORCH) ./cmd/porch
 
 .PHONY: fix-headers
 fix-headers:
@@ -130,7 +135,65 @@ fix-headers:
 .PHONY: fix-all
 fix-all: fix-headers fmt tidy
 
+KPTDIR = $(abspath $(CURDIR)/..)
 .PHONY: push-images
 push-images:
-	hack/build-image.sh --project $(GCP_PROJECT_ID) --push
+	docker buildx build --push --tag "$(IMAGE_REPO)/porch:$(IMAGE_TAG)" -f "${CURDIR}/hack/Dockerfile" "${KPTDIR}"
 	make -C controllers/ push-image
+	make -C func/ push-image
+
+.PHONY: build-images
+build-images:
+	docker buildx build --load --tag "$(IMAGE_REPO)/porch:$(IMAGE_TAG)" -f "${CURDIR}/hack/Dockerfile" "${KPTDIR}"
+	make -C controllers/ build-image
+	make -C func/ build-image
+
+.PHONY: apply-dev-config
+apply-dev-config:
+	# TODO: Replace with KCC (or self-host a registry?)
+	gcloud services enable artifactregistry.googleapis.com
+	gcloud artifacts repositories describe  --location=us-west1 packages --format="value(name)" || gcloud artifacts repositories create  --location=us-west1 --repository-format=docker packages
+
+	# TODO: Replace with kpt function
+	cat config/samples/oci-repository.yaml | sed -e s/example-google-project-id/${GCP_PROJECT_ID}/g | kubectl apply -f -
+
+	# TODO: Replace with KCC (or self-host a registry?)
+	gcloud services enable artifactregistry.googleapis.com
+	gcloud artifacts repositories describe  --location=us-west1 deployment --format="value(name)" || gcloud artifacts repositories create  --location=us-west1 --repository-format=docker deployment
+
+	# TODO: Replace with kpt function
+	cat config/samples/deployment-repository.yaml | sed -e s/example-google-project-id/${GCP_PROJECT_ID}/g | kubectl apply -f -
+
+.PHONY: deployment-config
+deployment-config:
+	rm -rf $(DEPLOYCONFIGDIR) || true
+	mkdir -p $(DEPLOYCONFIGDIR)/crd
+	cp ./controllers/remoterootsync/config/crd/bases/config.cloud.google.com_remoterootsyncsets.yaml $(DEPLOYCONFIGDIR)/0-remoterootsyncsets.yaml
+	cp ./controllers/remoterootsync/config/rbac/role.yaml $(DEPLOYCONFIGDIR)/0-remoterootsync-role.yaml
+	cp ./controllers/pkg/apis/porch/v1alpha1/config.porch.kpt.dev_repositories.yaml $(DEPLOYCONFIGDIR)/0-repositories.yaml
+	cp ./config/deploy/*.yaml ./config/deploy/Kptfile $(DEPLOYCONFIGDIR)
+	kpt fn eval $(DEPLOYCONFIGDIR) --image set-image:unstable -- \
+	  "name=gcr.io/example-google-project-id/function-runner:latest" \
+	  "newName=$(IMAGE_REPO)/function-runner" \
+	  "newTag=$(IMAGE_TAG)"
+	kpt fn eval $(DEPLOYCONFIGDIR) --image set-image:unstable -- \
+	  "name=gcr.io/example-google-project-id/porch-server:latest" \
+	  "newName=$(IMAGE_REPO)/porch" \
+	  "newTag=$(IMAGE_TAG)"
+	kpt fn eval $(DEPLOYCONFIGDIR) --image set-image:unstable -- \
+	  "name=gcr.io/example-google-project-id/porch-controllers:latest" \
+	  "newName=$(IMAGE_REPO)/porch-controllers" \
+	  "newTag=$(IMAGE_TAG)"
+	kpt fn eval $(DEPLOYCONFIGDIR) --image set-annotations:v0.1.4 \
+	  --match-api-version=v1 --match-kind=ServiceAccount --match-name=porch-server --match-namespace=porch-system -- \
+		"iam.gke.io/gcp-service-account=porch-server@$(GCP_PROJECT_ID).iam.gserviceaccount.com"
+	kpt fn eval $(DEPLOYCONFIGDIR) --image set-annotations:v0.1.4 \
+	  --match-api-version=v1 --match-kind=ServiceAccount --match-name=porch-controllers --match-namespace=porch-system -- \
+		"iam.gke.io/gcp-service-account=porch-sync@$(GCP_PROJECT_ID).iam.gserviceaccount.com"
+
+.PHONY: deploy
+deploy: deployment-config
+	kubectl apply -R -f $(DEPLOYCONFIGDIR)
+
+.PHONY: push-and-deploy
+push-and-deploy: push-images deploy

porch/README.md

@@ -91,7 +91,7 @@ kubectl get packagerevisions -oyaml
 kubectl get packagerevisionresources -oyaml
 ```
 
-Or create a pakcage revision:
+Or create a package revision:
 ```sh
 kubectl apply -f ./config/samples/bucket-label.yaml
 ```
@@ -118,24 +118,15 @@ Prerequisite:
 Build a Docker image using a script:
 
 ```sh
-./hack/build-image.sh
+make build-images
 
-# Supported flags
-# --repository [REPO]      name of the Docker repository
-# --project    [PROJECT]   GCP project (will translate to gcr.io/PROJECT)
-# --tag [TAG]              image tag, i.e. 'latest'
-# --push                   also push the image to the repository
+# Supported make variables:
+# IMAGE_TAG      - image tag, i.e. 'latest' (defaults to 'latest')
+# GCP_PROJECT_ID - GCP project hosting gcr.io repository (will translate to gcr.io/${GCP_PROJECT_ID})
+# IMAGE_REPO     - overwrites the default image repository
 
-
-# Example
-./hack/build-image.sh --project=my-gcp-project --push
-```
-
-Or, build directly via docker:
-**Note**: This must be done from the parent directory (kpt, not porch):
-
-```sh
-docker build -t TAG -f ./porch/hack/Dockerfile .
+# To push the image:
+make push-images
 ```
 
 ### Deploy into a Kubernetes Cluster

porch/apiserver/cmd/porch/main.go

@@ -48,10 +48,10 @@ func run() int {
 	http.DefaultTransport = otelhttp.NewTransport(http.DefaultClient.Transport)
 	http.DefaultClient.Transport = http.DefaultTransport
 
-	stopCh := genericapiserver.SetupSignalHandler()
+	ctx := genericapiserver.SetupSignalContext()
 
 	options := server.NewPorchServerOptions(os.Stdout, os.Stderr)
-	cmd := server.NewCommandStartPorchServer(options, stopCh)
+	cmd := server.NewCommandStartPorchServer(ctx, options)
 	code := cli.Run(cmd)
 	return code
 }

porch/apiserver/go.mod

@@ -16,6 +16,7 @@ require (
 	go.opentelemetry.io/otel/sdk v0.20.0
 	go.opentelemetry.io/otel/sdk/metric v0.20.0
 	google.golang.org/grpc v1.44.0
+	gopkg.in/yaml.v2 v2.4.0
 	k8s.io/api v0.23.3
 	k8s.io/apimachinery v0.23.3
 	k8s.io/apiserver v0.23.3
@@ -151,7 +152,6 @@ require (
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/natefinch/lumberjack.v2 v2.0.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
 	k8s.io/cli-runtime v0.23.3 // indirect
 	k8s.io/kubectl v0.22.2 // indirect