Skip to content

Commit

Permalink
Release Carvel Packages (#160)
Browse files Browse the repository at this point in the history 
Switch CI to build and test Carvel imgpkg bundles rather than pushing
snapshot builds to a public registry. This allows anyone to to run the
full CI sequence anonymously, until the final publish step which
requires credentials. It also means that the acceptances tests are
running against a common artifact that is built once.

There are three release artifacts now:
- `service-bindings-{version}.yaml`
  `kubectl apply -f`'able config with publicly hosted image
- `service-bindings-bundle-{version}.tar`
  an airgap-ready imgpkg bundle containing the release config, runtime
  images which can be relocated into a private image registry and
  samples
- `service-bindings-package-{version}.yaml`
  a Carvel Package that can be consumed by kapp-controller. The imgpkg
  bundle references by the package is hosted in a public registry

Signed-off-by: Scott Andrews <[email protected]>
  • Loading branch information
@scothis
scothis authored Jul 23, 2021
1 parent 0a16798 commit 0a2f545
Show file tree
Hide file tree
Showing 11 changed files with 387 additions and 42 deletions.
240 changes: 202 additions & 38 deletions .github/workflows/ci.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,25 +27,37 @@ jobs:

stage:
needs: test
if: github.event_name == 'push' && startsWith(github.repository, 'vmware-labs/')
runs-on: ubuntu-latest
env:
REGISTRY_NAME: registry.local
REGISTRY_PORT: 80
KO_DOCKER_REPO: registry.local/service-bindings
BUNDLE: registry.local/service-bindings/bundle
steps:
- uses: actions/[email protected]
- uses: actions/[email protected]
with:
go-version: 1.15.x
- uses: vmware-tanzu/carvel-setup-action@v1
- name: Install ko
run: |
cd $(mktemp -d -t ko.XXXX)
curl -sL https://github.com/google/ko/releases/download/v0.8.1/ko_0.8.1_Linux_x86_64.tar.gz | tar -xz
sudo mv ./ko /usr/local/bin
cd -
- name: Docker login
- name: Setup local registry
run: |
echo "$DOCKERHUB_PASSWORD" | docker login --username $DOCKERHUB_USERNAME --password-stdin
env:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
set -o errexit
set -o nounset
set -o pipefail
# Run a registry.
docker run \
-d --restart=always -p "127.0.0.1:${REGISTRY_PORT}:5000" --name local-registry \
registry:2
# Make the $REGISTRY_NAME -> 127.0.0.1
echo "127.0.0.1 $REGISTRY_NAME" | sudo tee -a /etc/hosts
- name: Stage
run: |
set -o errexit
Expand All @@ -57,18 +69,33 @@ jobs:
readonly git_timestamp=$(TZ=UTC git show --quiet --date='format-local:%Y%m%d%H%M%S' --format="%cd")
readonly slug=${version}-${git_timestamp}-${git_sha:0:16}
ko resolve -t ${slug} -B -f config | sed -e "s|bindings.labs.vmware.com/release: devel|bindings.labs.vmware.com/release: ${slug}|" > service-bindings.yaml
env:
KO_DOCKER_REPO: docker.io/vmware
mkdir -p bundle/.imgpkg
cp LICENSE "bundle/LICENSE"
cp NOTICE "bundle/NOTICE"
cp VERSION "bundle/VERSION"
cp -r samples "bundle/samples"
echo "##[group]Build Service Bindings"
cp hack/boilerplate/boilerplate.yaml.txt bundle/service-bindings.yaml
ko resolve -t ${slug} -B -f config \
| ytt -f - -f config/carvel/release-version.overlay.yaml \
--data-value version=${slug} \
>> bundle/service-bindings.yaml
kbld -f bundle/service-bindings.yaml --imgpkg-lock-output bundle/.imgpkg/images.yml
echo "##[endgroup]"
echo "##[group]Create bundle"
imgpkg push -f "bundle" -b "${BUNDLE}"
imgpkg copy -b "${BUNDLE}" --to-tar bundle/service-bindings-bundle.tar
echo "##[endgroup]"
- name: Upload Service Bindings build
uses: actions/[email protected]
with:
name: service-bindings.yaml
path: service-bindings.yaml
name: service-bindings-bundle.tar
path: bundle/service-bindings-bundle.tar

acceptance:
needs: stage
if: "!( cancelled() || failure() )"
runs-on: ubuntu-latest
strategy:
matrix:
Expand All @@ -77,37 +104,104 @@ jobs:
- 1.19.7
- 1.20.2
fail-fast: false
env:
REGISTRY_NAME: registry.local
REGISTRY_PORT: 5000
BUNDLE: registry.local:5000/service-bindings/bundle
steps:
- uses: actions/[email protected]
- uses: vmware-tanzu/carvel-setup-action@v1
- name: Install kind
run: |
curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.11.1/kind-linux-amd64
cd $(mktemp -d -t kind.XXXX)
curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.11.1/kind-$(go env GOHOSTOS)-$(go env GOHOSTARCH)
chmod +x ./kind
sudo mv ./kind /usr/local/bin
- uses: vmware-tanzu/carvel-setup-action@v1
- name: Create cluster
run: kind create cluster --wait 5m --image kindest/node:v${{ matrix.k8s }}
cd -
- name: Setup local registry
run: |
set -o errexit
set -o nounset
set -o pipefail
# Run a registry.
docker run \
-d --restart=always -p "${REGISTRY_PORT}:5000" --name local-registry \
registry:2
# Make the $REGISTRY_NAME -> local-registry
echo "$(hostname -I | cut -d' ' -f1) $REGISTRY_NAME" | sudo tee -a /etc/hosts
- name: Create Cluster
run: |
set -o errexit
set -o nounset
set -o pipefail
# create a cluster with the local registry enabled in containerd
cat <<EOF | kind create cluster --config=-
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
containerdConfigPatches:
- |-
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."${REGISTRY_NAME}:${REGISTRY_PORT}"]
endpoint = ["http://local-registry:${REGISTRY_PORT}"]
nodes:
- role: control-plane
image: kindest/node:v${{ matrix.k8s }}
EOF
# connect the registry to the cluster network
docker network connect kind local-registry
# Document the local registry
# https://github.com/kubernetes/enhancements/tree/master/keps/sig-cluster-lifecycle/generic/1755-communicating-a-local-registry
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ConfigMap
metadata:
name: local-registry-hosting
namespace: kube-public
data:
localRegistryHosting.v1: |
host: "localhost:${REGISTRY_PORT}"
help: "https://kind.sigs.k8s.io/docs/user/local-registry/"
EOF
- name: Download staged Service Bindings build
uses: actions/[email protected]
if: needs.stage.result == 'success'
with:
name: service-bindings.yaml
- name: Build Service Bindings locally
if: needs.stage.result != 'success'
name: service-bindings-bundle.tar
- name: Install kapp-controller
run: |
set -o errexit
set -o nounset
set -o pipefail
cd $(mktemp -d -t ko.XXXX)
curl -sL https://github.com/google/ko/releases/download/v0.8.1/ko_0.8.1_Linux_x86_64.tar.gz | tar -xz
sudo mv ./ko /usr/local/bin
cd -
kapp deploy -a kapp-controller -y -f https://github.com/vmware-tanzu/carvel-kapp-controller/releases/latest/download/release.yml
- name: Deploy Service Bindings Package
run: |
set -o errexit
set -o nounset
set -o pipefail
ko resolve -L -B -f config > service-bindings.yaml
cat service-bindings.yaml | grep -oh 'ko.local[^\w]*' | xargs -L 1 kind load docker-image
imgpkg copy --tar service-bindings-bundle.tar --to-repo "${BUNDLE}"
kapp deploy -a service-bindings-package -y \
-f <( \
ytt -f config/carvel/package.yaml -f config/carvel/package.values.yaml \
--data-value version=$(cat VERSION) \
--data-value image=${BUNDLE} \
)
- name: Deploy Service Bindings
run: kapp deploy -a service-bindings -f service-bindings.yaml -y
run: |
set -o errexit
set -o nounset
set -o pipefail
kapp deploy -a service-bindings -y \
-f <( \
ytt -f config/carvel/package-install.yaml -f config/carvel/package-install.values.yaml \
--data-value package_constraints=$(cat VERSION) \
--data-value-yaml 'package_prerelease={}' \
)
- name: Deploy Spring Petclinic
run: |
set -o errexit
Expand All @@ -119,6 +213,21 @@ jobs:
kapp deploy -a spring-petclinic -f samples/spring-petclinic/application.yaml -y
- name: Collect diagnostics
run: |
echo "##[group]Describe nodes"
kubectl describe nodes
echo "##[endgroup]"
echo "##[group]Describe pods"
kubectl describe pods
echo "##[endgroup]"
echo "##[group]All resources"
kubectl get all,secrets --all-namespaces
echo "##[endgroup]"
echo "##[group]Packages"
kubectl get package -A -oyaml
echo "##[endgroup]"
echo "##[group]Package Installs"
kubectl get packageinstall -A -oyaml
echo "##[endgroup]"
echo "##[group]Service Binding manager logs"
kubectl logs -n service-bindings -l app=manager -c manager --tail 1000
echo "##[endgroup]"
Expand All @@ -134,15 +243,6 @@ jobs:
echo "##[group]MySQL logs"
kubectl logs -l app=spring-petclinic-db -c mysql --tail 1000
echo "##[endgroup]"
echo "##[group]All resources"
kubectl get all,secrets --all-namespaces
echo "##[endgroup]"
echo "##[group]Describe pods"
kubectl describe pods
echo "##[endgroup]"
echo "##[group]Describe nodes"
kubectl describe nodes
echo "##[endgroup]"
if: always()
continue-on-error: true
- name: Cleanup Spring Petclinic
Expand All @@ -157,6 +257,12 @@ jobs:
- name: Cleanup Service Bindings
run: kapp delete -a service-bindings -y
if: always()
- name: Cleanup Service Bindings Package
run: kapp delete -a service-bindings-package -y
if: always()
- name: Cleanup kapp-controller
run: kapp delete -a kapp-controller -y
if: always()
- name: Cleanup cluster
run: kind delete cluster
if: always()
Expand All @@ -167,6 +273,20 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/[email protected]
- uses: vmware-tanzu/carvel-setup-action@v1
- name: Install crane
run: |
cd $(mktemp -d -t kind.XXXX)
curl -L https://github.com/google/go-containerregistry/releases/download/v0.5.1/go-containerregistry_Linux_x86_64.tar.gz | tar -xz
chmod +x ./crane
sudo mv ./crane /usr/local/bin
cd -
- name: Docker login
run: |
echo "$DOCKERHUB_PASSWORD" | docker login --username $DOCKERHUB_USERNAME --password-stdin
env:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Get release version
id: get-version
run: |
Expand All @@ -183,8 +303,52 @@ jobs:
- name: Download staged Service Bindings build
uses: actions/[email protected]
with:
name: service-bindings.yaml
- name: Upload Service Bindings release
name: service-bindings-bundle.tar
- name: Relocate bundle to public registry
run: |
set -o errexit
set -o nounset
set -o pipefail
version="${{ steps.get-version.outputs.version }}"
repo="vmware/labs-service-bindings-manager"
repo_tag="${repo}:${version}"
imgpkg copy --tar service-bindings-bundle.tar --to-repo "${repo}"
crane tag "${repo}" "${version}"
repo_digest="${repo_tag}@$(crane digest "${repo_tag}")"
mkdir -p bundle
imgpkg pull -b "${repo_digest}" -o bundle
cp hack/boilerplate/boilerplate.yaml.txt service-bindings.yaml
kbld -f bundle/service-bindings.yaml -f bundle/.imgpkg/images.yml \
>> service-bindings.yaml
cp hack/boilerplate/boilerplate.yaml.txt service-bindings-package.yaml
ytt -f config/carvel/package.yaml -f config/carvel/package.values.yaml \
--data-value version=${version} \
--data-value image=${repo_digest} \
>> service-bindings-package.yaml
- name: Upload Service Bindings release bundle
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps
asset_path: service-bindings-bundle.tar
asset_name: service-bindings-bundle-${{ steps.get-version.outputs.version }}.tar
asset_content_type: application/x-yaml
- name: Upload Service Bindings package yaml
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps
asset_path: service-bindings-package.yaml
asset_name: service-bindings-package-${{ steps.get-version.outputs.version }}.yaml
asset_content_type: application/x-yaml
- name: Upload Service Bindings release yaml
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Expand Down
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
service-bindings*.yaml
/bundle
2 changes: 1 addition & 1 deletion VERSION
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
0.3.1-snapshot
0.4.0-snapshot
0 cmd/labs-service-bindings-manager/main.go → cmd/manager/main.go
View file
File renamed without changes.
14 changes: 14 additions & 0 deletions config/carvel/package-install.values.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
#! Copyright 2021 VMware, Inc.
#! SPDX-License-Identifier: Apache-2.0

#@ load("@ytt:data", "data")

#@data/values
---
namespace: default
name: service-bindings
package_name: service-bindings.labs.vmware.com
package_prerelease: null
service_account_name: service-binding-kc
cluster_role_name: service-binding-kc
cluster_role_binding_name: service-binding-kc
Loading

0 comments on commit 0a2f545

Please sign in to comment.