diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 364500a..e112aae 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -37,5 +37,7 @@ jobs: file: docker/Dockerfile build-args: | VERSION_FLAGS=-ldflags=-X main.buildVersion=${{ github.ref_name }} -X main.buildTime=${{ steps.date.outputs.date }} - tags: ghcr.io/stackpath/virtual-kubelet-stackpath:${{ github.ref_name }} + tags: | + ghcr.io/stackpath/virtual-kubelet-stackpath:${{ github.ref_name }} + ghcr.io/stackpath/virtual-kubelet-stackpath:latest labels: org.opencontainers.image.source=https://github.com/stackpath/virtual-kubelet-stackpath diff --git a/.github/workflows/cover.yml b/.github/workflows/cover.yml index 870c1ef..cba3991 100644 --- a/.github/workflows/cover.yml +++ b/.github/workflows/cover.yml @@ -15,7 +15,7 @@ jobs: env: TESTCOVERAGE_THRESHOLD: 84 run: | - GO_FILES=$(go list ./... |grep -v 'vendor') + GO_FILES=$(go list ./... |grep -v 'vendor|e2e') echo $GO_FILES | xargs -t -n4 go test -coverprofile=coverage.out -covermode=count -cover -timeout=30s -parallel=4 BASE_TOTAL=$(go tool cover -func=coverage.out | grep total | awk '{print $3}' | tr -d '%') if (( $(echo "$BASE_TOTAL $TESTCOVERAGE_THRESHOLD" | awk '{print ($1 > $2)}') )); then @@ -30,7 +30,7 @@ jobs: ref: ${{ github.base_ref }} - name: Generate coverage report run: | - GO_FILES=$(go list ./... |grep -v 'vendor') + GO_FILES=$(go list ./... |grep -v 'vendor|e2e') echo $GO_FILES | xargs -t -n4 go test -coverprofile=coverage.out -covermode=count -cover -timeout=30s -parallel=4 TARGET_TOTAL=$(go tool cover -func=coverage.out | grep total | awk '{print $3}' | tr -d '%') if (( $(echo "${{ env.BASE_TOTAL }} $TARGET_TOTAL" | awk '{print ($1 >= $2)}') )); then diff --git a/Makefile b/Makefile index d57bf3f..985ae62 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -TEST?=$$(go list ./... |grep -v 'vendor') +TEST?=$$(go list ./... |grep -v 'vendor|e2e') GOFMT_FILES?=$$(find . -name '*.go' |grep -v vendor) VERSION ?= v0.0.1 diff --git a/deployment/README.md b/deployment/README.md index 84fab74..908513f 100644 --- a/deployment/README.md +++ b/deployment/README.md @@ -36,13 +36,13 @@ SP_CLIENT_SECRET= kubectl apply -k . ``` -This will create the Virtual Kubelet deployment in your Kubernetes cluster. +This will create a default Virtual Kubelet deployment in your Kubernetes cluster. -Note that a secret will be generated from the `config.properties` file specified in the `secretGenerator` section of the `kustomization.yaml` file. This secret contains the values of the environment variables specified in the `config.properties` file. +> **Note:** A secret will be generated from the `config.properties` file specified in the `secretGenerator` section of the `kustomization.yaml` file. This secret contains the values of the environment variables specified in the `config.properties` file. -## Updating Resources +## Customize Deployment -To customize the Virtual Kublet deployment, create an overlay directory (in this example `vk-deployment-updated`) within the `overlays` directory with a `kustomization.yaml` file that specifies the changes you want to make. +To customize the Virtual Kublet deployment, create an overlay directory (in this example `sp-atl`) within the `overlays` directory with a `kustomization.yaml` file that specifies the changes you want to make. ```txt . @@ -54,7 +54,7 @@ To customize the Virtual Kublet deployment, create an overlay directory (in this │   ├── service-account.yaml │   └── vk-deployment.yaml └── overlays - └── vk-deployment-updated + └── sp-atl └── kustomization.yaml ``` @@ -65,10 +65,7 @@ resources: - ../../base namespace: sp-atl - -images: -- name: stackpath.com/virtual-kubelet - newTag: 0.0.2 +nameSuffix: -atl configMapGenerator: - name: sp-vk-location @@ -83,16 +80,17 @@ secretGenerator: - SP_STACK_ID= ``` +> **Note:** If you intend to utilize multiple Virtual Kubelets across various locations, it is advisable to establish an overlay for each location. You can leverage the `nameSuffix` parameter to generate unique name for Virtual Kubelet resources. This practice will prove invaluable in a future step when we need to reference a specific Virtual Kubelet node by name. + - The resources section references the base resources that are inherited by this overlay, which includes a default Virtual Kubelet deployment configuration. - The namespace section specifies that the Virtual Kubelet deployment will be created in the sp-atl namespace. -- The images section is used to define the version of the StackPath Virtual Kubelet image to be used. - The configMapGenerator section replaces the existing value of SP_CITY_CODE with `ATL`, which specifies the geographic location of the edge compute infrastructure. - The secretGenerator section merges the existing config.properties file with a new SP_STACK_ID value of . This updates the StackPath stack ID specified in `config.properties`. To deploy overlay, run the following command: ```bash -kubectl apply -k overlays/vk-deployment-updated +kubectl apply -k overlays/sp-atl ``` ## Configuring Pods to Use Virtual Kubelet @@ -101,14 +99,13 @@ Now that you've created a Virtual Kubelet pod after completing the steps above, To use the Virtual Kubelet deployment to deploy workloads in the StackPath Edge Compute infrastructure, configure your pods to use the virtual-kubelet.io/provider toleration and type: virtual-kubelet node selector. -Here is an example configuration that will create the simplest possible container in the sp-atl namespace by providing only a name (my-pod) and image (my-image): +Here is an example configuration that will create the simplest possible container in the default namespace. This is achieved by specifying only a name (my-pod) and an image (my-image). To reference a Virtual Kubelet node by its hostname, you should set the `nodeSelector` field to `kubernetes.io/hostname`, followed by the value provided in `nameSuffix`. In this example, it is `-atl`. ```yaml apiVersion: v1 kind: Pod metadata: name: my-pod - namespace: sp-atl spec: containers: - name: my-container @@ -120,6 +117,7 @@ spec: effect: NoSchedule nodeSelector: kubernetes.io/role: agent + kubernetes.io/hostname: stackpath-edge-provider-atl type: virtual-kubelet ``` diff --git a/deployment/kustomize/base/kustomization.yaml b/deployment/kustomize/base/kustomization.yaml index d44ecda..6518d64 100644 --- a/deployment/kustomize/base/kustomization.yaml +++ b/deployment/kustomize/base/kustomization.yaml @@ -21,5 +21,4 @@ configMapGenerator: images: - name: ghcr.io/stackpath/virtual-kubelet-stackpath - newTag: v0.4.0 - + newTag: latest diff --git a/deployment/kustomize/base/scripts/cert-gen.sh b/deployment/kustomize/base/scripts/cert-gen.sh index e65180c..ee77b89 100644 --- a/deployment/kustomize/base/scripts/cert-gen.sh +++ b/deployment/kustomize/base/scripts/cert-gen.sh @@ -40,12 +40,14 @@ openssl req -new -key /etc/virtual-kubelet/key.pem -out /etc/virtual-kubelet/vk- CSR=$(cat /etc/virtual-kubelet/vk-sp.csr | base64 | tr -d "\n") +CERT_NAME=vk-sp-$(date | md5sum | awk '{print $1}') + # Create and approve CSR body='{ "kind": "CertificateSigningRequest", "apiVersion": "certificates.k8s.io/v1", "metadata": { - "name": "vk-sp" + "name": "'${CERT_NAME}'" }, "spec": { "request": "'${CSR}'", @@ -58,11 +60,11 @@ kubectl_request "POST" "/apis/certificates.k8s.io/v1/certificatesigningrequests? sleep 10 -kubectl_request "PUT" "/apis/certificates.k8s.io/v1/certificatesigningrequests/vk-sp/approval" '{ +kubectl_request "PUT" "/apis/certificates.k8s.io/v1/certificatesigningrequests/${CERT_NAME}/approval" '{ "kind": "CertificateSigningRequest", "apiVersion": "certificates.k8s.io/v1", "metadata": { - "name": "vk-sp" + "name": "'${CERT_NAME}'" }, "status": { "conditions": [ @@ -79,7 +81,10 @@ kubectl_request "PUT" "/apis/certificates.k8s.io/v1/certificatesigningrequests/v sleep 10 # Get and save the certificate -kubectl_request "GET" "/apis/certificates.k8s.io/v1/certificatesigningrequests/vk-sp" "" | jq -r '.status.certificate' | base64 -d > /etc/virtual-kubelet/cert.pem +kubectl_request "GET" "/apis/certificates.k8s.io/v1/certificatesigningrequests/${CERT_NAME}" "" | jq -r '.status.certificate' | base64 -d > /etc/virtual-kubelet/cert.pem + +# Delete signing request +kubectl_request "DELETE" "/apis/certificates.k8s.io/v1/certificatesigningrequests/${CERT_NAME}" "" # Check if the certificate is valid if openssl x509 -noout -in /etc/virtual-kubelet/cert.pem; then