Skip to content

Commit

Permalink
Release version v1.8 (#500)
Browse files Browse the repository at this point in the history
  • Loading branch information
maia-iyer authored Sep 20, 2024
2 parents 8cb2177 + 4300db3 commit ee8729a
Show file tree
Hide file tree
Showing 43 changed files with 3,083 additions and 905 deletions.
8 changes: 4 additions & 4 deletions .github/workflows/ci.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,16 +15,16 @@ jobs:
EOF
- name: Check out repository code
uses: actions/[email protected].6
uses: actions/[email protected].7

- name: Install Golang
uses: actions/[email protected].1
uses: actions/[email protected].2
with:
go-version-file: go.mod
check-latest: true
cache: true

- uses: actions/[email protected].2
- uses: actions/[email protected].3
with:
node-version: '18'

Expand All @@ -39,7 +39,7 @@ jobs:
run: go mod download

- name: golangci-lint
uses: golangci/golangci-lint-action@v6.0.1
uses: golangci/golangci-lint-action@v6.1.0
with:
version: v1.57.2
args: --timeout 7m
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/master-build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,10 @@ jobs:
EOF
- name: Check out repository code
uses: actions/[email protected].6
uses: actions/[email protected].7

- name: Log in to GHCR.io
uses: docker/login-action@v3.2.0
uses: docker/login-action@v3.3.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
Expand Down Expand Up @@ -60,9 +60,9 @@ jobs:
EOF
- name: Check out repository code
uses: actions/[email protected].6
uses: actions/[email protected].7
- name: Log in to GHCR.io
uses: docker/login-action@v3.2.0
uses: docker/login-action@v3.3.0
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
Expand Down
47 changes: 43 additions & 4 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,12 @@

## Contributor Guidelines and Governance

Please see [CONTRIBUTING](https://github.com/spiffe/spiffe/blob/main/CONTRIBUTING.md) and [GOVERNANCE](https://github.com/spiffe/spiffe/blob/main/GOVERNANCE.md) from the SPIFFE project.
Please see [CONTRIBUTING](https://github.com/spiffe/spiffe/blob/main/CONTRIBUTING.md) and [GOVERNANCE](https://github.com/spiffe/spiffe/blob/main/GOVERNANCE.md) from the SPIFFE project for community guidelines.

> [!IMPORTANT]
> Before opening a new issue, search for any existing issues [here](https://github.com/spiffe/tornjak/issues) to avoid duplication.
If you're new to this project, we recommend you join us on [Slack](https://spiffe.slack.com/archives/C024JTTK58T) for discussion of potential new features.

## Pre-built images

Expand All @@ -26,20 +31,54 @@ In order to build, we require the following installations:

## Building Executables and Images

Building Tornjak manually can be done with the Makefile. Notable make targets follow:
Building Tornjak manually can be done with the Makefile. Below is a list of local executable builds:
- `make bin/tornjak-backend`: makes the Go executable of the Tornjak backend
- `make bin/tornjak-manager`: makes the Go executable of the Tornjak manager
- `make frontend-local-build`: makes the optimized ReactJS app locally for the Tornjak frontend. Uses environment variable configuration as in tornjak-frontend/.env

And below is a list of container image builds:
- `make image-tornjak-backend`: containerizes Go executable of the Tornjak backend
- `make image-tornjak-manager`:containerizes Go executable of the Tornjak manager
- `make image-tornjak-frontend`: containerizes React JS app for the Tornjak frontend
- `make image-tornjak`: containerizes Tornjak backend with Tornjak frontend

For usage instructions of the containers, please see our [USAGE document](./USAGE.md) to get started.

## Development

We welcome all development attempst and contributions from the community. The easiest place to start is by reviewing our code architecture diagrams available in our [api documentation](./docs/tornjak-ui-api-documentation.md#11-overview).
We welcome all development attempts and contributions from the community. The easiest place to start is by reviewing our code architecture diagrams available in our [api documentation](./docs/tornjak-ui-api-documentation.md#11-overview).

## Opening a pull request

1. Fork the tornjak repo
2. Ensure your branch is based on the latest commit in `dev`
3. Commit changes to your fork. Make sure your commit messages contain a `Signed-off-by: <your-email-address>` line (see `git-commit --signoff`) to certify the [DCO](/DCO)
4. Test your PR locally and ensure all tests in Github actions pass
5. Open a [pull request](https://help.github.com/articles/creating-a-pull-request-from-a-fork/)
against the upstream `dev` branch

> [!IMPORTANT]
> Please make sure you open all PRs against the `dev` branch
> [!IMPORTANT]
> For any new feature design, or feature level changes, please create an issue first, then submit a PR with design details before code implementation.
## After your pull request is submitted

At least one maintainer must approve the pull request.

Once your pull request is submitted, it's your responsibility to:

* Respond to reviewer's feedback
* Keep it merge-ready at all times until it has been approved and actually merged

Following approval, the pull request will be merged by the last maintainer to approve the request.

#### Third-party code

When third-party code must be included, all licenses must be preserved. This includes modified
third-party code and excerpts, as well.

Thank you for contributing to Tornjak!

## Local testing

Expand Down
6 changes: 3 additions & 3 deletions Dockerfile.backend-container
Original file line number Diff line number Diff line change
Expand Up @@ -18,10 +18,10 @@ RUN if [ "$TARGETARCH" = "arm64" ]; then CC=aarch64-alpine-linux-musl; fi && \
go build --tags 'sqlite_json' -mod=vendor -ldflags '-s -w -linkmode external -extldflags "-static"' -o bin/tornjak-backend ./cmd/agent/main.go

FROM alpine AS runtime
RUN mkdir -p /opt/spire
RUN mkdir -p /opt/tornjak

WORKDIR /opt/spire
ENTRYPOINT ["/opt/spire/run_backend.sh"]
WORKDIR /opt/tornjak
ENTRYPOINT ["/opt/tornjak/run_backend.sh"]

# Add init
COPY scripts/run_backend.sh run_backend.sh
Expand Down
6 changes: 3 additions & 3 deletions Dockerfile.backend-container.ubi
Original file line number Diff line number Diff line change
Expand Up @@ -18,10 +18,10 @@ RUN if [ "$TARGETARCH" = "arm64" ]; then CC=aarch64-alpine-linux-musl; fi && \
go build --tags 'sqlite_json' -mod=vendor -ldflags '-s -w -linkmode external -extldflags "-static"' -o bin/tornjak-backend ./cmd/agent/main.go

FROM registry.access.redhat.com/ubi8-micro:latest AS runtime
RUN mkdir -p /opt/spire
RUN mkdir -p /opt/tornjak

WORKDIR /opt/spire
ENTRYPOINT ["/opt/spire/run_backend.sh"]
WORKDIR /opt/tornjak
ENTRYPOINT ["/opt/tornjak/run_backend.sh"]

# Add init
COPY scripts/run_backend.sh run_backend.sh
Expand Down
35 changes: 11 additions & 24 deletions USAGE.md
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
# Usage

We publish four container images currently:
We publish and support three container images currently:
- [Tornjak Backend](https://github.com/spiffe/tornjak/pkgs/container/tornjak-backend): This image can be deployed as a sidecar with any SPIRE server.
- [Tornjak Manager](https://github.com/spiffe/tornjak/pkgs/container/tornjak-manager): A container that runs this image exposes a port to register multiple Tornjak backends and forward typical commands to multiple Tornjak backends from one API.
- [Tornjak Frontend](https://github.com/spiffe/tornjak/pkgs/container/tornjak-frontend): This image is typically deployed after the Tornjak Backend or Manager are deployed, as it requires a URL to connect directly to the Tornjak backend API.
- [Tornjak](https://github.com/spiffe/tornjak/pkgs/container/tornjak): This image containing both Tornjak Backend and Frontend components can deployed as a sidecar alongside a SPIRE Server container

NOTE: Previously, we had images placing the Tornjak backend and SPIRE server in the same container, but these are currently deprecated. The above is a comprehensive list of images
> [!NOTE]
> Previously, we had images placing the Tornjak backend and SPIRE server in the same container, but these are currently deprecated. The above is a comprehensive list of supported images
Pre-built images can be found at the above links. To decide which tag to use, typically choose a release from [this page](https://github.com/spiffe/tornjak/releases) and choose the corresponding tag. For example, if you are interested in release `tornjak-1.0.2`, then choose image tag `v1.0.2`.
Pre-built images can be found at the above links. To decide which tag to use, typically choose a release from [this page](https://github.com/spiffe/tornjak/releases) and choose the corresponding tag. For example, if you are interested in release `v1.7.0`, then choose image tag `v1.7.0`.

### Compatibility Table

Expand All @@ -17,11 +17,11 @@ Please see below for compatibility charts of SPIRE server versions with Tornjak:
| Tornjak version | SPIRE Server version |
| :--------------------- | :------------------- |
| v1.1.x, v1.2.x, v1.3.x | v1.1.x, v1.2.x, v1.3.x, v1.4.x |
| v1.4.x, v1.5.x, v1.6.x | v1.5.x, v1.6.x, v1.7.x, v1.8.x, v1.9.x|
| v1.4.x, v1.5.x, v1.6.x, v1.7.x | v1.5.x, v1.6.x, v1.7.x, v1.8.x, v1.9.x|

## Tornjak Backend
## [Tornjak Backend](https://github.com/spiffe/tornjak/pkgs/container/tornjak-backend)

This is meant to be deployed where it can access a SPIRE server. To run, the container has three arguments:
The backend is designed to be deployed where it can access a SPIRE server. To run, the container has three arguments:

| Flag | Description | Default | Arguments | Required |
|:-----------------------|:------------------------------------------------------------|:--------|:----------|:---------|
Expand Down Expand Up @@ -49,7 +49,9 @@ This creates a service listening on container port 50000, forwarded to localhost

## Tornjak Frontend

The frontend is meant to connect to either the Tornjak backend or the Tornjak manager. To run the container, we must set some environment variables:
The Tornjak frontend container exposes a browser application and must be able to connect to either the Tornjak backend or the Tornjak manager.

The container requires certain environment variables be set. Below is a comprehensive list of all environment variables:

| Variable | Description | Default | Example Argument | Required |
|:----------------------------|-------------|--|--|--|
Expand All @@ -64,26 +66,11 @@ The frontend is meant to connect to either the Tornjak backend or the Tornjak ma
| `REACT_APP_SPIRE_HEALTH_CHECK_ENABLE` | Enable SPIRE health check component | `false` | `true` | false |

```
docker run -p 3000:8080 -e REACT_APP_API_SERVER_URI='http://localhost:50000' -e REACT_APP_TORNJAK_MANAGER=true -e PORT_FE-8080 -e REACT_APP_SPIRE_HEALTH_CHECK=true ghcr.io/spiffe/tornjak-frontend:latest
docker run -p 3000:8080 -e REACT_APP_API_SERVER_URI='http://localhost:50000' -e REACT_APP_TORNJAK_MANAGER=true -e PORT_FE=8080 -e REACT_APP_SPIRE_HEALTH_CHECK=true ghcr.io/spiffe/tornjak-frontend:latest
```

The above command is an example of how to run the frontend. This creates a UI available at http://localhost:3000 forwarded from container port `8080`. It is listening to a Tornjak manager component available at http://localhost:50000, and knows to run in manager mode with the `REACT_APP_TORNJAK_MANAGER` flag. The last environment variables namely, `REACT_APP_SPIRE_HEALTH_CHECK_ENABLE` is used to enable the SPIRE health check component.

## Tornjak

This container may be used as an alternative to having a frontend and backend container separately. The backend is configured exactly as the [Tornjak backend] with container arguments, and the frontend is configured exactly as the [Tornjak frontend] with container environment variables.

An example command:

```
docker run -p 10000:10000 -p 3000:8080 -e REACT_APP_API_SERVER_URI='http://localhost:10000' -e PORT_FE-8080 -e PORT_BE-10000 ghcr.io/spiffe/tornjak:latest --spire-config <SPIRE CONFIG PATH> --tornjak-config <TORNJAK CONFIG PATH>
```

The above command creates a UI available at `http://localhost:3000` forwarded from container port `8080`. It is listening to the Tornjak backend at `http://localhost:10000`, as given by the `REACT_APP_API_SERVER_URI` value. At the same time, the container is exposing port `10000` for the backend, which reads the SPIRE config and Tornjak config at `<SPIRE CONFIG PATH>` and `<TORNJAK CONFIG PATH>` respectively.

NOTE: The value of `REACT_APP_API_SERVER_URI` must be a URI that is separately available to any browser that accesses the frontend. Therefore, in production environments, it is necessary that backend service endpoint be public.


## Further steps

It is recommended to try a full deployment of the Tornjak frontend, backend, and SPIRE Server in minikube. Please see our [tutorial document](docs/quickstart/README.md) for step-by-step instructions.
Expand Down
Loading

0 comments on commit ee8729a

Please sign in to comment.