diff --git a/.github/workflows/build-matrix.json b/.github/workflows/build-matrix.json index d299dd5ce..c9fff6977 100644 --- a/.github/workflows/build-matrix.json +++ b/.github/workflows/build-matrix.json @@ -14,10 +14,10 @@ "harbor-project": "crownlabs-core" }, { - "component": "cloudimg-registry", + "component": "ciregistry", "context": "./operators", "dockerfile": "./operators/build/golang-common/Dockerfile", - "build-args": "COMPONENT=cloudimg-registry", + "build-args": "COMPONENT=ciregistry", "harbor-project": "crownlabs-core" }, { diff --git a/deploy/crownlabs/Chart.yaml b/deploy/crownlabs/Chart.yaml index 05b755ba9..c2a6f70c6 100644 --- a/deploy/crownlabs/Chart.yaml +++ b/deploy/crownlabs/Chart.yaml @@ -65,10 +65,10 @@ dependencies: repository: file://../../operators/deploy/instmetrics condition: instmetrics.enabled -- name: cloudimg-registry +- name: ciregistry version: "0.1.0" - repository: file://../../operators/deploy/cloudimg-registry - # condition: cloudimg-registry.enabled + repository: file://../../operators/deploy/ciregistry + # condition: ciregistry.enabled - name: policies version: "0.1.0" diff --git a/deploy/crownlabs/values.yaml b/deploy/crownlabs/values.yaml index c4809154e..ab8a03a74 100644 --- a/deploy/crownlabs/values.yaml +++ b/deploy/crownlabs/values.yaml @@ -155,7 +155,7 @@ instmetrics: updatePeriod: 4s grpcPort: 9090 -cloudimg-registry: +ciregistry: replicaCount: 1 configurations: volume: @@ -163,7 +163,7 @@ cloudimg-registry: accessMode: "ReadWriteMany" storageClass: "rook-cephfs-primary" image: - repository: crownlabs/cloudimg-registry + repository: crownlabs/ciregistry pullPolicy: IfNotPresent policies: diff --git a/infrastructure/certificate-provisioning/README.md b/infrastructure/certificate-provisioning/README.md index fd52e4c03..aed7d0162 100644 --- a/infrastructure/certificate-provisioning/README.md +++ b/infrastructure/certificate-provisioning/README.md @@ -113,12 +113,13 @@ labels: ``` ## Synchronize digital certificates between namespaces +❗❗ `Kubed is no longer available and has been superseded by ConfigSyncer` In different scenarios, it may happen to have different `Ingress` resources in different namespaces which refer to the same domain (with different paths). Unfortunately, annotating all these ingresses with the `cert-manager.io/cluster-issuer` annotation soon leads to hitting the Let's Encrypt rate limits. Hence, it is necessary to introduce some mechanism to synchronize the secret generated between multiple namespaces. One of the projects currently providing a solution to this problem is [kubed](https://github.com/appscode/kubed). ### Install kubed -Kubed can be easily installed with helm [[5]](https://appscode.com/products/kubed/v0.12.0/setup/install/). +Kubed can be easily installed with helm [[5]](https://web.archive.org/web/20230605163413/https://appscode.com/products/kubed/v0.12.0/setup/install/). ```bash helm repo add appscode https://charts.appscode.com/stable/ diff --git a/operators/cmd/cloudimg-registry/main.go b/operators/cmd/ciregistry/main.go similarity index 100% rename from operators/cmd/cloudimg-registry/main.go rename to operators/cmd/ciregistry/main.go diff --git a/operators/deploy/cloudimg-registry/.helmignore b/operators/deploy/ciregistry/.helmignore similarity index 100% rename from operators/deploy/cloudimg-registry/.helmignore rename to operators/deploy/ciregistry/.helmignore diff --git a/operators/deploy/cloudimg-registry/Chart.yaml b/operators/deploy/ciregistry/Chart.yaml similarity index 97% rename from operators/deploy/cloudimg-registry/Chart.yaml rename to operators/deploy/ciregistry/Chart.yaml index eff6d895c..4e39bd6e8 100644 --- a/operators/deploy/cloudimg-registry/Chart.yaml +++ b/operators/deploy/ciregistry/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -name: cloudimg-registry +name: ciregistry description: The CrownLabs Cloud Image Registry # A chart can be either an 'application' or a 'library' chart. diff --git a/operators/deploy/cloudimg-registry/templates/_helpers.tpl b/operators/deploy/ciregistry/templates/_helpers.tpl similarity index 72% rename from operators/deploy/cloudimg-registry/templates/_helpers.tpl rename to operators/deploy/ciregistry/templates/_helpers.tpl index 9474213c4..5e28f6cf2 100644 --- a/operators/deploy/cloudimg-registry/templates/_helpers.tpl +++ b/operators/deploy/ciregistry/templates/_helpers.tpl @@ -2,7 +2,7 @@ {{/* Expand the name of the chart. */}} -{{- define "cloudimg-registry.name" -}} +{{- define "ciregistry.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} @@ -11,7 +11,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If the release name contains the chart name, it will be used as a full name. */}} -{{- define "cloudimg-registry.fullname" -}} +{{- define "ciregistry.fullname" -}} {{- if .Values.fullnameOverride }} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} {{- else }} @@ -27,7 +27,7 @@ If the release name contains the chart name, it will be used as a full name. {{/* The version of the application to be deployed */}} -{{- define "cloudimg-registry.version" -}} +{{- define "ciregistry.version" -}} {{- if .Values.global }} {{- .Values.image.tag | default .Values.global.version | default .Chart.AppVersion }} {{- else }} @@ -38,24 +38,24 @@ The version of the application to be deployed {{/* Create chart name and version as used by the chart label. */}} -{{- define "cloudimg-registry.chart" -}} +{{- define "ciregistry.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} {{/* Common labels */}} -{{- define "cloudimg-registry.labels" -}} -helm.sh/chart: {{ include "cloudimg-registry.chart" . }} -{{ include "cloudimg-registry.selectorLabels" . }} -app.kubernetes.io/version: {{ include "cloudimg-registry.version" . | quote }} +{{- define "ciregistry.labels" -}} +helm.sh/chart: {{ include "ciregistry.chart" . }} +{{ include "ciregistry.selectorLabels" . }} +app.kubernetes.io/version: {{ include "ciregistry.version" . | quote }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} {{/* Selector labels */}} -{{- define "cloudimg-registry.selectorLabels" -}} -app.kubernetes.io/name: {{ include "cloudimg-registry.name" . }} +{{- define "ciregistry.selectorLabels" -}} +app.kubernetes.io/name: {{ include "ciregistry.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} diff --git a/operators/deploy/cloudimg-registry/templates/deployment.yaml b/operators/deploy/ciregistry/templates/deployment.yaml similarity index 57% rename from operators/deploy/cloudimg-registry/templates/deployment.yaml rename to operators/deploy/ciregistry/templates/deployment.yaml index be584abb4..946991308 100644 --- a/operators/deploy/cloudimg-registry/templates/deployment.yaml +++ b/operators/deploy/ciregistry/templates/deployment.yaml @@ -1,9 +1,9 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "cloudimg-registry.fullname" . }} + name: {{ include "ciregistry.fullname" . }} labels: - {{ include "cloudimg-registry.labels" . | nindent 4 }} + {{ include "ciregistry.labels" . | nindent 4 }} {{- with .Values.deploymentAnnotations }} annotations: {{- toYaml . | nindent 4 }} @@ -12,7 +12,7 @@ spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: - {{ include "cloudimg-registry.selectorLabels" . | nindent 6 }} + {{ include "ciregistry.selectorLabels" . | nindent 6 }} template: metadata: {{- with .Values.podAnnotations }} @@ -20,15 +20,24 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} labels: - {{- include "cloudimg-registry.selectorLabels" . | nindent 8 }} + {{- include "ciregistry.selectorLabels" . | nindent 8 }} spec: {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + initContainers: + - name: fix-permissions + image: busybox:1.36.1 + command: ["sh", "-c", "chown -R {{ .Values.podSecurityContext.fsGroup }}:{{ .Values.podSecurityContext.fsGroup }} {{ .Values.configurations.dataRoot }}"] + resources: + {{- toYaml .Values.resources | nindent 10 }} + volumeMounts: + - name: "{{ include "ciregistry.fullname" . }}-storage" + mountPath: {{ .Values.configurations.dataRoot }} containers: - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ include "cloudimg-registry.version" . }}" + image: "{{ .Values.image.repository }}:{{ include "ciregistry.version" . }}" imagePullPolicy: {{ .Values.image.pullPolicy }} args: - "--data-root={{ .Values.configurations.dataRoot }}" @@ -47,11 +56,13 @@ spec: resources: {{- toYaml .Values.resources | nindent 12 }} volumeMounts: - - name: "{{ include "cloudimg-registry.fullname" . }}-storage" + - name: "{{ include "ciregistry.fullname" . }}-storage" mountPath: {{ .Values.configurations.dataRoot }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} volumes: - - name: "{{ include "cloudimg-registry.fullname" . }}-storage" + - name: "{{ include "ciregistry.fullname" . }}-storage" persistentVolumeClaim: - claimName: "{{ include "cloudimg-registry.fullname" . }}-pvc" + claimName: "{{ include "ciregistry.fullname" . }}-pvc" diff --git a/operators/deploy/cloudimg-registry/templates/pvc.yaml b/operators/deploy/ciregistry/templates/pvc.yaml similarity index 70% rename from operators/deploy/cloudimg-registry/templates/pvc.yaml rename to operators/deploy/ciregistry/templates/pvc.yaml index 4963fc2a7..7fb30f953 100644 --- a/operators/deploy/cloudimg-registry/templates/pvc.yaml +++ b/operators/deploy/ciregistry/templates/pvc.yaml @@ -1,9 +1,9 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: "{{ include "cloudimg-registry.fullname" . }}-pvc" + name: "{{ include "ciregistry.fullname" . }}-pvc" labels: - {{ include "cloudimg-registry.labels" . | nindent 4 }} + {{ include "ciregistry.labels" . | nindent 4 }} spec: accessModes: - {{ .Values.configurations.volume.accessMode }} diff --git a/operators/deploy/ciregistry/templates/service.yaml b/operators/deploy/ciregistry/templates/service.yaml new file mode 100644 index 000000000..97390a999 --- /dev/null +++ b/operators/deploy/ciregistry/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "ciregistry.fullname" . }} + labels: + {{ include "ciregistry.labels" . | nindent 4 }} +spec: + type: ClusterIP + selector: + {{ include "ciregistry.selectorLabels" . | nindent 4 }} + ports: + - name: http + port: 80 + targetPort: http + protocol: TCP diff --git a/operators/deploy/cloudimg-registry/values.yaml b/operators/deploy/ciregistry/values.yaml similarity index 91% rename from operators/deploy/cloudimg-registry/values.yaml rename to operators/deploy/ciregistry/values.yaml index 6e920efdb..420e1d2eb 100644 --- a/operators/deploy/cloudimg-registry/values.yaml +++ b/operators/deploy/ciregistry/values.yaml @@ -13,7 +13,7 @@ configurations: storageClass: "rook-cephfs-primary" image: - repository: crownlabs/cloudimg-registry + repository: crownlabs/ciregistry pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart version. tag: "" @@ -33,7 +33,6 @@ securityContext: capabilities: drop: - ALL - readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 2000 runAsGroup: 2000 diff --git a/operators/deploy/cloudimg-registry/templates/service.yaml b/operators/deploy/cloudimg-registry/templates/service.yaml deleted file mode 100644 index 425d6de7e..000000000 --- a/operators/deploy/cloudimg-registry/templates/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "cloudimg-registry.fullname" . }} - labels: - {{ include "cloudimg-registry.labels" . | nindent 4 }} -spec: - type: ClusterIP - selector: - {{ include "cloudimg-registry.selectorLabels" . | nindent 4 }} - ports: - - name: http - port: 80 - targetPort: http - protocol: TCP diff --git a/operators/go.mod b/operators/go.mod index 4e2268add..ab152b1d3 100644 --- a/operators/go.mod +++ b/operators/go.mod @@ -66,7 +66,7 @@ require ( github.com/segmentio/ksuid v1.0.3 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/swaggest/form/v5 v5.1.1 // indirect - github.com/swaggest/jsonschema-go v0.3.72 // indirect + github.com/swaggest/jsonschema-go v0.3.72 github.com/swaggest/openapi-go v0.2.54 github.com/swaggest/refl v1.3.0 // indirect github.com/swaggest/rest v0.2.69 diff --git a/operators/pkg/ciregistry/handlers.go b/operators/pkg/ciregistry/handlers.go index a614ca834..8b30996a0 100644 --- a/operators/pkg/ciregistry/handlers.go +++ b/operators/pkg/ciregistry/handlers.go @@ -54,6 +54,7 @@ func HandleGetImages(log klog.Logger) usecase.Interactor { return nil }) + u.SetName("GetImages") u.SetExpectedErrors(status.Internal, status.NotFound, status.InvalidArgument) return u @@ -86,6 +87,7 @@ func HandleGetImageTags(log klog.Logger) usecase.Interactor { return nil }) + u.SetName("GetImageTags") u.SetExpectedErrors(status.Internal, status.NotFound, status.InvalidArgument) return u @@ -187,6 +189,7 @@ func HandlePostImage(log klog.Logger) usecase.Interactor { return err }) + u.SetName("PostImage") u.SetExpectedErrors(status.Internal, status.InvalidArgument) return u @@ -215,6 +218,7 @@ func HandleDeleteTag(log klog.Logger) usecase.Interactor { return nil }) + u.SetName("DeleteTag") u.SetExpectedErrors(status.Internal, status.NotFound, status.InvalidArgument) return u @@ -227,6 +231,7 @@ func HealthzHandler() usecase.Interactor { return nil }) + u.SetName("ReadinessProbe") u.SetExpectedErrors(status.Unavailable) return u diff --git a/operators/pkg/ciregistry/router.go b/operators/pkg/ciregistry/router.go index 3111b05b8..a137b4be8 100644 --- a/operators/pkg/ciregistry/router.go +++ b/operators/pkg/ciregistry/router.go @@ -16,7 +16,9 @@ package ciregistry import ( "net/http" + "reflect" + "github.com/swaggest/jsonschema-go" "github.com/swaggest/openapi-go/openapi3" "github.com/swaggest/rest/nethttp" "github.com/swaggest/rest/web" @@ -36,6 +38,15 @@ func NewRouter() http.Handler { s.OpenAPISchema().SetDescription("API for managing cloudimage repositories and metadata.") s.OpenAPISchema().SetVersion("1.0.0") + refl := s.OpenAPIReflector().JSONSchemaReflector() + refl.DefaultOptions = append( + refl.DefaultOptions, + func(rc *jsonschema.ReflectContext) { + rc.DefName = func(t reflect.Type, _ string) string { + return t.Name() + } + }) + s.Get("/healthz", HealthzHandler()) s.Get("/{repo}", HandleGetImages(klog.LoggerWithName(log, "imagelist"))) s.Get("/{repo}/{image}", HandleGetImageTags(klog.LoggerWithName(log, "taglist"))) diff --git a/operators/pkg/ciregistry/storage.go b/operators/pkg/ciregistry/storage.go index 317fc0c90..33c54f85f 100644 --- a/operators/pkg/ciregistry/storage.go +++ b/operators/pkg/ciregistry/storage.go @@ -146,6 +146,11 @@ func ServeFile(fileName, contentType string, log klog.Logger) usecase.Interactor return err }) + if fileName == "image.bin" { + u.SetName("GetImage") + } else { + u.SetName("GetImageMeta") + } u.SetExpectedErrors(status.NotFound, status.Internal, status.InvalidArgument) return u