Custom airgap #4
Conversation
All supported versions of Kubernetes, Docker and addons are bundled into individual tar archives in CI and uploaded to S3. When a new installer is created, the server will create a Job to generate an airgap bundle. The server passes the packages required for the installer to the Job along with a signed URL for S3 where it can upload the bundle. The Job is a simple bash script that downloads all the packages and reassembles into a single archive. The online install script uses the same packages used in the airgap bundle but downloads them at runtime. The online server redirects all dist/ (pacakge) and bundle/ requests to S3. Future work: - For new named installers the bundle may exist with a different ID. It would be more efficient to re-use bundles when available. - After POSTing a new installer it takes a minute for the airgap bundle to be ready. - There's no reconciler that detects failed airgap bundles and retries or escalates.
| @@ -0,0 +1,24 @@ | |||
| #!/bin/sh | |||
There was a problem hiding this comment.
This is the script that creates custom airgap bundles at runtime. The server adds it to a ConfigMap that the Job mounts. The server then passes the signed PUT url as the first arg and a list of URLs to individual packages to include.
| @@ -0,0 +1,15 @@ | |||
| #!/bin/bash | |||
There was a problem hiding this comment.
This runs in CI to save docker images as tar archives so they can be included in individual packages.
| @@ -0,0 +1,13 @@ | |||
| #!/bin/bash | |||
There was a problem hiding this comment.
This uploads all the individual packages to S3 during CI. Online installs download at runtime and airgap bundles download these when the Job runs.
| @@ -0,0 +1,39 @@ | |||
| #!/bin/bash | |||
There was a problem hiding this comment.
This runs in CI to create the special airgap bundle named latest.
| @@ -0,0 +1,4 @@ | |||
| apiVersion: v1 | |||
There was a problem hiding this comment.
All the airgap Jobs run in this namespace so it's easier to keep track of what's been created.
| @@ -0,0 +1,4 @@ | |||
| kubernetes gcr.io/google-containers/hyperkube:v1.15.0 | |||
There was a problem hiding this comment.
List of images to include in the package. This is parsed in CI.
| @@ -0,0 +1,8 @@ | |||
| KUBERNETES_VERSION=1.15.2 | |||
There was a problem hiding this comment.
Latest manifest. This is turned into a template for the server to serve other install scripts.
| installer = i; | ||
| } catch (error) { | ||
| return { error }; | ||
| installer = installer.resolve(); |
There was a problem hiding this comment.
replace "latest" with actual versions
| this.bucket = process.env["KURL_BUCKET"] || "kurl-dev"; | ||
| } | ||
|
|
||
| public async runCreateAirgapBundleJob(i: Installer) { |
There was a problem hiding this comment.
First create a ConfigMap with three scripts:
- the bash script to rebundle all the individual packages
- the rendered install.sh script
- the rendered join.sh script
| }); | ||
|
|
||
| it("returns yaml with version", async () => { | ||
| const yaml = await client.getInstallerYAML("latest", true); |
There was a problem hiding this comment.
doesn't look like that second parameter is used in getInstallerYAML
There was a problem hiding this comment.
I forgot to implement that in the client. Added now.
|
|
||
| const { signedUrl } = await this.s3Signer.signPutRequest({ | ||
| Bucket: this.bucket, | ||
| Key: `bundle/${i.id}.tar.gz`, |
There was a problem hiding this comment.
is it worth checking here if the file already exists in s3 and then just not running the job if it does?
There was a problem hiding this comment.
For named installers belonging to teams the bundle will need to be replaced.
| public parse(url: string): GetParams { | ||
| const parsed = new URL(url); | ||
| const Bucket = parsed.host.split(".")[0]; | ||
| const Key = parsed.pathname.replace(/\//, ""); |
There was a problem hiding this comment.
not sure if this function is used, and what the purpose of this is, but slashes are an important part of the key in S3.
There was a problem hiding this comment.
not used, I'll delete
All supported versions of Kubernetes, Docker and addons are bundled into
individual tar archives in CI and uploaded to S3. When a new installer
is created, the server will create a Job to generate an airgap bundle.
The server passes the packages required for the installer to the Job
along with a signed URL for S3 where it can upload the bundle. The Job
is a simple bash script that downloads all the packages and reassembles
into a single archive.
The online install script uses the same packages used in the airgap
bundle but downloads them at runtime. The online server redirects all
dist/ (pacakge) and bundle/ requests to S3.
Future work:
would be more efficient to re-use bundles when available.
to be ready.
or escalates.