-
Notifications
You must be signed in to change notification settings - Fork 79
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Custom airgap #4
Conversation
All supported versions of Kubernetes, Docker and addons are bundled into individual tar archives in CI and uploaded to S3. When a new installer is created, the server will create a Job to generate an airgap bundle. The server passes the packages required for the installer to the Job along with a signed URL for S3 where it can upload the bundle. The Job is a simple bash script that downloads all the packages and reassembles into a single archive. The online install script uses the same packages used in the airgap bundle but downloads them at runtime. The online server redirects all dist/ (pacakge) and bundle/ requests to S3. Future work: - For new named installers the bundle may exist with a different ID. It would be more efficient to re-use bundles when available. - After POSTing a new installer it takes a minute for the airgap bundle to be ready. - There's no reconciler that detects failed airgap bundles and retries or escalates.
@@ -0,0 +1,24 @@ | |||
#!/bin/sh |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is the script that creates custom airgap bundles at runtime. The server adds it to a ConfigMap that the Job mounts. The server then passes the signed PUT url as the first arg and a list of URLs to individual packages to include.
@@ -0,0 +1,15 @@ | |||
#!/bin/bash |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This runs in CI to save docker images as tar archives so they can be included in individual packages.
@@ -0,0 +1,13 @@ | |||
#!/bin/bash |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This uploads all the individual packages to S3 during CI. Online installs download at runtime and airgap bundles download these when the Job runs.
@@ -0,0 +1,39 @@ | |||
#!/bin/bash |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This runs in CI to create the special airgap bundle named latest.
@@ -0,0 +1,4 @@ | |||
apiVersion: v1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All the airgap Jobs run in this namespace so it's easier to keep track of what's been created.
@@ -0,0 +1,4 @@ | |||
kubernetes gcr.io/google-containers/hyperkube:v1.15.0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
List of images to include in the package. This is parsed in CI.
@@ -0,0 +1,8 @@ | |||
KUBERNETES_VERSION=1.15.2 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Latest manifest. This is turned into a template for the server to serve other install scripts.
installer = i; | ||
} catch (error) { | ||
return { error }; | ||
installer = installer.resolve(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
replace "latest" with actual versions
this.bucket = process.env["KURL_BUCKET"] || "kurl-dev"; | ||
} | ||
|
||
public async runCreateAirgapBundleJob(i: Installer) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
First create a ConfigMap with three scripts:
- the bash script to rebundle all the individual packages
- the rendered install.sh script
- the rendered join.sh script
}); | ||
|
||
it("returns yaml with version", async () => { | ||
const yaml = await client.getInstallerYAML("latest", true); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
doesn't look like that second parameter is used in getInstallerYAML
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I forgot to implement that in the client. Added now.
|
||
const { signedUrl } = await this.s3Signer.signPutRequest({ | ||
Bucket: this.bucket, | ||
Key: `bundle/${i.id}.tar.gz`, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is it worth checking here if the file already exists in s3 and then just not running the job if it does?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For named installers belonging to teams the bundle will need to be replaced.
public parse(url: string): GetParams { | ||
const parsed = new URL(url); | ||
const Bucket = parsed.host.split(".")[0]; | ||
const Key = parsed.pathname.replace(/\//, ""); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not sure if this function is used, and what the purpose of this is, but slashes are an important part of the key in S3.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not used, I'll delete
All supported versions of Kubernetes, Docker and addons are bundled into
individual tar archives in CI and uploaded to S3. When a new installer
is created, the server will create a Job to generate an airgap bundle.
The server passes the packages required for the installer to the Job
along with a signed URL for S3 where it can upload the bundle. The Job
is a simple bash script that downloads all the packages and reassembles
into a single archive.
The online install script uses the same packages used in the airgap
bundle but downloads them at runtime. The online server redirects all
dist/ (pacakge) and bundle/ requests to S3.
Future work:
would be more efficient to re-use bundles when available.
to be ready.
or escalates.