From 1e9d1a5785078b3623b136368f080d0236f2c858 Mon Sep 17 00:00:00 2001 From: Furkat Gofurov Date: Tue, 8 Oct 2024 16:24:27 +0300 Subject: [PATCH 1/5] Add etcdrestore local image building Makefile targets Signed-off-by: Furkat Gofurov --- Makefile | 30 ++++++++++++++++ exp/etcdrestore/Dockerfile | 70 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 100 insertions(+) create mode 100644 exp/etcdrestore/Dockerfile diff --git a/Makefile b/Makefile index 0f4d5a83..18236564 100644 --- a/Makefile +++ b/Makefile @@ -169,6 +169,10 @@ CONTROLLER_IMG ?= $(REGISTRY)/$(ORG)/$(CONTROLLER_IMAGE_NAME) CONTROLLER_IMAGE_VERSION ?= $(shell git describe --abbrev=0 2>/dev/null) IID_FILE ?= $(shell mktemp) +# etcdrestore +ETCDRESTORE_IMAGE_NAME ?= turtles-etcd-snapshot-restore +ETCDRESTORE_IMG ?= $(REGISTRY)/$(ORG)/$(ETCDRESTORE_IMAGE_NAME) + # Release # Exclude tags with the prefix 'test/' RELEASE_TAG ?= $(shell git describe --abbrev=0 --exclude 'test/*' 2>/dev/null) @@ -341,6 +345,32 @@ docker-pull-prerequisites: docker pull $(GO_CONTAINER_IMAGE) docker pull gcr.io/distroless/static:latest +.PHONY: docker-build-etcdrestore ## Build the docker image for etcdrestore +docker-build-etcdrestore: buildx-machine docker-pull-prerequisites ## Build docker image for a specific architecture +## reads Dockerfile from stdin to avoid an incorrectly cached Dockerfile (https://github.com/moby/buildkit/issues/1368) + # buildx does not support using local registry for multi-architecture images + cat ./exp/etcdrestore/Dockerfile | DOCKER_BUILDKIT=1 BUILDX_BUILDER=$(MACHINE) docker buildx build \ + --platform $(ARCH) \ + --load \ + --build-arg builder_image=$(GO_CONTAINER_IMAGE) \ + --build-arg goproxy=$(GOPROXY) \ + --build-arg package=./exp/etcdrestore \ + --build-arg ldflags="$(LDFLAGS)" . -t $(ETCDRESTORE_IMG):$(TAG) --file - --progress=plain + +.PHONY: docker-build-and-push-etcdrestore +docker-build-and-push-etcdrestore: buildx-machine docker-pull-prerequisites ## Run docker-build-and-push-etcdrestore targets for all architectures + cat ./exp/etcdrestore/Dockerfile | DOCKER_BUILDKIT=1 BUILDX_BUILDER=$(MACHINE) docker buildx build \ + --platform $(TARGET_PLATFORMS) \ + --push \ + --sbom=true \ + --attest type=provenance,mode=max \ + --iidfile=$(IID_FILE) \ + --build-arg builder_image=$(GO_CONTAINER_IMAGE) \ + --build-arg goproxy=$(GOPROXY) \ + --build-arg package=./exp/etcdrestore \ + --build-arg ldflags="$(LDFLAGS)" . -t $(ETCDRESTORE_IMG):$(TAG) --file - --progress=plain + +.PHONY: docker-build docker-build: buildx-machine docker-pull-prerequisites ## Build docker image for a specific architecture # buildx does not support using local registry for multi-architecture images DOCKER_BUILDKIT=1 BUILDX_BUILDER=$(MACHINE) docker buildx build \ diff --git a/exp/etcdrestore/Dockerfile b/exp/etcdrestore/Dockerfile new file mode 100644 index 00000000..48f07eee --- /dev/null +++ b/exp/etcdrestore/Dockerfile @@ -0,0 +1,70 @@ +# syntax=docker/dockerfile:1.4 + +# Copyright 2022 The Kubernetes Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Build the etcdrestore binary +# Run this with docker build --build-arg builder_image= +ARG builder_image + +# Build architecture +ARG ARCH + +# Ignore Hadolint rule "Always tag the version of an image explicitly." +# It's an invalid finding since the image is explicitly set in the Makefile. +# https://github.com/hadolint/hadolint/wiki/DL3006 +# hadolint ignore=DL3006 +FROM ${builder_image} as builder + +WORKDIR /workspace + +# Run this with docker build --build-arg goproxy=$(go env GOPROXY) to override the goproxy +ARG goproxy=https://proxy.golang.org +# Run this with docker build --build-arg package=./exp/etcdrestore +ENV GOPROXY=$goproxy + +# Copy the Go Modules manifests +COPY exp/etcdrestore/go.mod /go.mod +COPY exp/etcdrestore/go.sum /go.sum + +# Cache deps before building and copying source so that we don't need to re-download as much +# and so that source changes don't invalidate our downloaded layer +RUN --mount=type=cache,target=/go/pkg/mod \ + go mod download + +# Copy the sources +COPY ./ ./ + +# Cache the go build into the Go’s compiler cache folder so we take benefits of compiler caching across docker build calls +RUN --mount=type=cache,target=/root/.cache/go-build \ + --mount=type=cache,target=/go/pkg/mod \ + sh -c "cd exp/etcdrestore && go build ." + +# # Build +ARG ARCH +ARG ldflags + +# Do not force rebuild of up-to-date packages (do not use -a) and use the compiler cache folder +RUN --mount=type=cache,target=/root/.cache/go-build \ + --mount=type=cache,target=/go/pkg/mod \ + CGO_ENABLED=0 GOOS=linux GOARCH=${ARCH} \ + sh -c "cd exp/etcdrestore && ls && go build -trimpath -ldflags \"${ldflags} -extldflags '-static'\" -o manager ${package}" + +# Production image +FROM gcr.io/distroless/static:nonroot +WORKDIR / +COPY --from=builder /workspace/exp/etcdrestore/manager . +# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies +USER 65532 +ENTRYPOINT ["/manager"] \ No newline at end of file From 1f09143ee1f26a62d17e19b861596a2f9b0cf95c Mon Sep 17 00:00:00 2001 From: Furkat Gofurov Date: Wed, 9 Oct 2024 10:05:53 +0300 Subject: [PATCH 2/5] Build and publush etcdrestore image in nightly image publish Signed-off-by: Furkat Gofurov --- .github/workflows/nightly-chart-and-image-publish.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/nightly-chart-and-image-publish.yaml b/.github/workflows/nightly-chart-and-image-publish.yaml index c0a07205..dc9ae07d 100644 --- a/.github/workflows/nightly-chart-and-image-publish.yaml +++ b/.github/workflows/nightly-chart-and-image-publish.yaml @@ -32,7 +32,9 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push docker images - run: make docker-build-and-push TAG=${{ env.TAG }} ORG=${{ env.PROD_ORG }} + run: | + make docker-build-and-push TAG=${{ env.TAG }} ORG=${{ env.PROD_ORG }} + make docker-build-and-push-etcdrestore TAG=${{ env.TAG }} ORG=${{ env.PROD_ORG }} publish-helm-chart-ghcr: name: Publish Helm chart to GHCR From 6fc9a0dd653fb0b0d0d3c356803f7c916bc29efd Mon Sep 17 00:00:00 2001 From: Furkat Gofurov Date: Wed, 9 Oct 2024 13:01:16 +0300 Subject: [PATCH 3/5] Provide a way to install Rancher Turtles using local helm chart in turtles-dev script Signed-off-by: Furkat Gofurov --- exp/README.md | 8 ++++++-- scripts/turtles-dev.sh | 35 +++++++++++++++++++++++++++++++++-- 2 files changed, 39 insertions(+), 4 deletions(-) diff --git a/exp/README.md b/exp/README.md index 2bba7b2c..24a8b547 100644 --- a/exp/README.md +++ b/exp/README.md @@ -12,15 +12,19 @@ To set up the environment, navigate to the root of the repository and run: export RANCHER_HOSTNAME="" export NGROK_API_KEY="" export NGROK_AUTHTOKEN="" +export USE_TILT_DEV=true (default) make dev-env ``` -The `Makefile` target sets up the environment by executing the `scripts/etcd-backup-restore-dev.sh` +**Note:** setting `USE_TILT_DEV` environment variable to `false` will result in manually deploying Rancher Turtles locally instead +of Tilt deployment and can be used for testing Rancher Turtles with Helm chart changes (enabling/disabling feature flags when passed as argument to Turtles helm installation command). + +The `Makefile` target sets up the environment by executing the `scripts/turtles-dev.sh` script with the `RANCHER_HOSTNAME` argument. Under the hood, it performs the following steps: 1. Creates a kind cluster. -2. Deploys cert-manager, CAPI Operator with Rancher Turtles. +2. Deploys cert-manager, CAPI Operator and Rancher Turtles. 3. Deploys CAPRKE2 provider. 4. Deploys Docker provider. 5. Deploys ngrok. diff --git a/scripts/turtles-dev.sh b/scripts/turtles-dev.sh index 4b74e324..22b42b6a 100755 --- a/scripts/turtles-dev.sh +++ b/scripts/turtles-dev.sh @@ -20,7 +20,10 @@ if [ -z "$RANCHER_HOSTNAME" ]; then exit 1 fi -RANCHER_VERSION=${RANCHER_VERSION:-v2.9.0} +RANCHER_VERSION=${RANCHER_VERSION:-v2.9.1} +CLUSTER_NAME=${CLUSTER_NAME:-capi-test} +ETCD_CONTROLLER_IMAGE=${ETCD_CONTROLLER_IMAGE:-ghcr.io/rancher/turtles-etcd-snapshot-restore} +ETCD_CONTROLLER_IMAGE_TAG=${ETCD_CONTROLLER_IMAGE_TAG:-dev} BASEDIR=$(dirname "$0") @@ -77,4 +80,32 @@ kubectl rollout status deployment rancher -n cattle-system --timeout=180s kubectl apply -f test/e2e/data/rancher/rancher-service-patch.yaml envsubst < test/e2e/data/rancher/rancher-setting-patch.yaml | kubectl apply -f - -tilt up +# Install the locally build chart of Rancher Turtles +install_local_rancher_turtles_chart() { + # Remove the previous chart directory + rm -rf out + # Build the chart locally + make build-chart + # Build the etcdrestore controller image + make docker-build-etcdrestore + # Load the etcdrestore controller image into the kind cluster + kind load docker-image $ETCD_CONTROLLER_IMAGE:$ETCD_CONTROLLER_IMAGE_TAG --name $CLUSTER_NAME + # Install the Rancher Turtles using a local chart with 'etcd-snapshot-restore' feature flag enabled + # to run etcdrestore controller + helm install rancher-turtles out/charts/rancher-turtles \ + -n rancher-turtles-system \ + --set cluster-api-operator.enabled=false \ + --set cluster-api-operator.cluster-api.enabled=false \ + --set rancherTurtles.features.etcd-snapshot-restore.enabled=true \ + --dependency-update \ + --create-namespace --wait \ + --timeout 180s +} + +if [ "$USE_TILT_DEV" == "true" ]; then + echo "Using Tilt for development..." + tilt up +else + echo "Installing local Rancher Turtles chart for development..." + install_local_rancher_turtles_chart +fi \ No newline at end of file From 4dd9106b53d5c1a347812a9015cc73ea338532a1 Mon Sep 17 00:00:00 2001 From: Furkat Gofurov Date: Wed, 9 Oct 2024 13:39:26 +0300 Subject: [PATCH 4/5] Fix ETCDMachineSnapshot/ETCDSnapshotRestore kind types in PROJECT file Signed-off-by: Furkat Gofurov --- PROJECT | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/PROJECT b/PROJECT index eb17bc61..eed5ec35 100644 --- a/PROJECT +++ b/PROJECT @@ -23,7 +23,7 @@ resources: controller: true domain: cattle.io group: turtles-capi - kind: EtcdMachineSnapshot + kind: ETCDMachineSnapshot path: github.com/rancher/turtles/exp/etcdrestore/api/v1alpha1 version: v1alpha1 - api: @@ -32,7 +32,7 @@ resources: controller: true domain: cattle.io group: turtles-capi - kind: EtcdSnapshotRestore + kind: ETCDSnapshotRestore path: github.com/rancher/turtles/exp/etcdrestore/api/v1alpha1 version: v1alpha1 - api: From 4a1f54dc0cbb84dbaba31eda72839c4d66b1bd5b Mon Sep 17 00:00:00 2001 From: Furkat Gofurov Date: Thu, 17 Oct 2024 16:30:54 +0300 Subject: [PATCH 5/5] Use env var EXP_ETCDRESTORE_DIR in etcdrestore docker image building Makefiles Signed-off-by: Furkat Gofurov --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 18236564..d1cd4065 100644 --- a/Makefile +++ b/Makefile @@ -349,7 +349,7 @@ docker-pull-prerequisites: docker-build-etcdrestore: buildx-machine docker-pull-prerequisites ## Build docker image for a specific architecture ## reads Dockerfile from stdin to avoid an incorrectly cached Dockerfile (https://github.com/moby/buildkit/issues/1368) # buildx does not support using local registry for multi-architecture images - cat ./exp/etcdrestore/Dockerfile | DOCKER_BUILDKIT=1 BUILDX_BUILDER=$(MACHINE) docker buildx build \ + cat $(EXP_ETCDRESTORE_DIR)/Dockerfile | DOCKER_BUILDKIT=1 BUILDX_BUILDER=$(MACHINE) docker buildx build \ --platform $(ARCH) \ --load \ --build-arg builder_image=$(GO_CONTAINER_IMAGE) \ @@ -359,7 +359,7 @@ docker-build-etcdrestore: buildx-machine docker-pull-prerequisites ## Build dock .PHONY: docker-build-and-push-etcdrestore docker-build-and-push-etcdrestore: buildx-machine docker-pull-prerequisites ## Run docker-build-and-push-etcdrestore targets for all architectures - cat ./exp/etcdrestore/Dockerfile | DOCKER_BUILDKIT=1 BUILDX_BUILDER=$(MACHINE) docker buildx build \ + cat $(EXP_ETCDRESTORE_DIR)/Dockerfile | DOCKER_BUILDKIT=1 BUILDX_BUILDER=$(MACHINE) docker buildx build \ --platform $(TARGET_PLATFORMS) \ --push \ --sbom=true \