From 90457d2ba9bcba34db3474f8f6123b8b61b9de00 Mon Sep 17 00:00:00 2001 From: Rajat Jindal Date: Sun, 18 Feb 2024 17:07:26 +0530 Subject: [PATCH 01/26] add hook annotations to spin-shim-executor to fix race condition Signed-off-by: Rajat Jindal --- .../spin-operator/templates/containerd-shim-spin-executor.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/charts/spin-operator/templates/containerd-shim-spin-executor.yaml b/charts/spin-operator/templates/containerd-shim-spin-executor.yaml index 19d6068f..d5bb9af2 100644 --- a/charts/spin-operator/templates/containerd-shim-spin-executor.yaml +++ b/charts/spin-operator/templates/containerd-shim-spin-executor.yaml @@ -2,4 +2,7 @@ apiVersion: core.spinoperator.dev/v1 kind: SpinAppExecutor metadata: name: containerd-shim-spin + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "3" spec: From 091ed731bf19e7b74255a14ee3386c4e08bedaa3 Mon Sep 17 00:00:00 2001 From: Rajat Jindal Date: Sun, 18 Feb 2024 21:23:18 +0530 Subject: [PATCH 02/26] update doc to remove manual install of spin-shim-executor Signed-off-by: Rajat Jindal --- .../content/running-on-azure-kubernetes-service.md | 7 ------- 1 file changed, 7 deletions(-) diff --git a/documentation/content/running-on-azure-kubernetes-service.md b/documentation/content/running-on-azure-kubernetes-service.md index e6fffbbf..fe3b3cf9 100644 --- a/documentation/content/running-on-azure-kubernetes-service.md +++ b/documentation/content/running-on-azure-kubernetes-service.md @@ -114,13 +114,6 @@ kubectl logs -n spin-operator -l app.kubernetes.io/name=kwasm-operator {"level":"info","time":"2024-02-12T11:24:00Z","message":"Job aks-nodepool1-31687461-vmss000000-provision-kwasm is Completed. Happy WASMing"} ``` -The final step for setting up Spin Operator is creating a `SpinAppExecutor`: - -```shell -# Create a SpinAppExecutor -kubectl apply -f https://github.com/spinkube/spin-operator/blob/main/config/samples/shim-executor.yaml -``` - ## Deploying a Spin App to AKS To validate the Spin Operator deployment, you will deploy a simple Spin App to the AKS cluster. The following command will install a simple Spin App using the `SpinApp` CRD you provisioned in the previous section: From 1e2ade3f7630049da3cf7e20e6ef3d8a28c30ea8 Mon Sep 17 00:00:00 2001 From: Rajat Jindal Date: Sun, 18 Feb 2024 21:38:59 +0530 Subject: [PATCH 03/26] helm install smoke test Signed-off-by: Rajat Jindal --- .github/workflows/helm-install-smoke-test.yml | 66 +++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 .github/workflows/helm-install-smoke-test.yml diff --git a/.github/workflows/helm-install-smoke-test.yml b/.github/workflows/helm-install-smoke-test.yml new file mode 100644 index 00000000..86bc4b69 --- /dev/null +++ b/.github/workflows/helm-install-smoke-test.yml @@ -0,0 +1,66 @@ +name: Helm Install Smoke Test + +on: + pull_request: + branches: [main] + +jobs: + test: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version: "1.21.x" + + - name: Install helm + uses: Azure/setup-helm@v3 + with: + version: v3.14.0 + + - name: setup k3d + uses: engineerd/configurator@v0.0.10 + with: + name: k3d + url: https://github.com/k3d-io/k3d/releases/download/v5.6.0/k3d-linux-amd64 + + - name: start k3d cluster + run: | + k3d cluster create wasm-cluster \ + --image ghcr.io/deislabs/containerd-wasm-shims/examples/k3d:v0.11.0 \ + --port "8081:80@loadbalancer" \ + --agents 2 + + - name: install crd + run: make install + + - name: apply runtime class + run: kubectl apply -f spin-runtime-class.yaml + + - name: helm install + run: | + helm install spin-operator \ + --namespace spin-operator \ + --create-namespace \ + --devel \ + --wait \ + --set controllerManager.manager.image.repository=ttl.sh/spoopy-operator-pr-${{ github.event.number }} \ + --set controllerManager.manager.image.tag=24h \ + charts/spin-operator + + - name: annotate nodes + run: kubectl annotate node --all kwasm.sh/kwasm-node=true + + - name: run spin app + run: | + kubectl apply -f config/samples/simple.yaml + kubectl rollout status deployment simple-spinapp --timeout 90s + + kubectl port-forward svc/simple-spinapp 8083:80 & + timeout 15s bash -c 'until curl -f -vvv http://localhost:8083/hello; do sleep 2; done' + + - name: Verify curl + run: curl localhost:8083/hello From 4ec9123a72a3685a6e4ef93f500271cbc8584187 Mon Sep 17 00:00:00 2001 From: Rajat Jindal Date: Sun, 18 Feb 2024 21:41:29 +0530 Subject: [PATCH 04/26] helm install smoke test Signed-off-by: Rajat Jindal --- .github/workflows/helm-install-smoke-test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/helm-install-smoke-test.yml b/.github/workflows/helm-install-smoke-test.yml index 86bc4b69..d3212e7e 100644 --- a/.github/workflows/helm-install-smoke-test.yml +++ b/.github/workflows/helm-install-smoke-test.yml @@ -42,6 +42,7 @@ jobs: - name: helm install run: | + helm dependency build helm install spin-operator \ --namespace spin-operator \ --create-namespace \ From e6e2100ccbd83a0ae8e1d2dffdcb9cac0aa52332 Mon Sep 17 00:00:00 2001 From: Rajat Jindal Date: Sun, 18 Feb 2024 21:45:03 +0530 Subject: [PATCH 05/26] helm install smoke test Signed-off-by: Rajat Jindal --- .github/workflows/helm-install-smoke-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm-install-smoke-test.yml b/.github/workflows/helm-install-smoke-test.yml index d3212e7e..eb1a8cf3 100644 --- a/.github/workflows/helm-install-smoke-test.yml +++ b/.github/workflows/helm-install-smoke-test.yml @@ -42,7 +42,7 @@ jobs: - name: helm install run: | - helm dependency build + helm dependency build charts/spin-operator helm install spin-operator \ --namespace spin-operator \ --create-namespace \ From b153839e18330bd5b92c2c30305c3b3fd5f479e5 Mon Sep 17 00:00:00 2001 From: Rajat Jindal Date: Sun, 18 Feb 2024 21:48:01 +0530 Subject: [PATCH 06/26] helm install smoke test Signed-off-by: Rajat Jindal --- .github/workflows/helm-install-smoke-test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/helm-install-smoke-test.yml b/.github/workflows/helm-install-smoke-test.yml index eb1a8cf3..5073470a 100644 --- a/.github/workflows/helm-install-smoke-test.yml +++ b/.github/workflows/helm-install-smoke-test.yml @@ -42,6 +42,7 @@ jobs: - name: helm install run: | + helm dependency update charts/spin-operator helm dependency build charts/spin-operator helm install spin-operator \ --namespace spin-operator \ From c4ef942d8121e9771cc9b749f9edc31f896c8311 Mon Sep 17 00:00:00 2001 From: Rajat Jindal Date: Sun, 18 Feb 2024 21:55:26 +0530 Subject: [PATCH 07/26] helm install smoke test Signed-off-by: Rajat Jindal --- .github/workflows/helm-install-smoke-test.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/helm-install-smoke-test.yml b/.github/workflows/helm-install-smoke-test.yml index 5073470a..ff6ad8a3 100644 --- a/.github/workflows/helm-install-smoke-test.yml +++ b/.github/workflows/helm-install-smoke-test.yml @@ -42,7 +42,8 @@ jobs: - name: helm install run: | - helm dependency update charts/spin-operator + helm repo add kwasm-operator http://kwasm.sh/kwasm-operator + helm repo add cert-manager https://charts.jetstack.io helm dependency build charts/spin-operator helm install spin-operator \ --namespace spin-operator \ From 31d666d467ba8760f5da63163694b7615f9bf862 Mon Sep 17 00:00:00 2001 From: Rajat Jindal Date: Sun, 18 Feb 2024 22:05:27 +0530 Subject: [PATCH 08/26] helm install smoke test Signed-off-by: Rajat Jindal --- .github/workflows/container.yaml | 64 +++++++++++++++++ .github/workflows/helm-install-smoke-test.yml | 69 ------------------- 2 files changed, 64 insertions(+), 69 deletions(-) delete mode 100644 .github/workflows/helm-install-smoke-test.yml diff --git a/.github/workflows/container.yaml b/.github/workflows/container.yaml index 74b2dd15..11c13504 100644 --- a/.github/workflows/container.yaml +++ b/.github/workflows/container.yaml @@ -83,3 +83,67 @@ jobs: cache-to: type=gha,mode=max tags: | ghcr.io/spinkube/spin-operator:${{ env.VERSION }} + + helm-install-smoke-test: + runs-on: ubuntu-latest + needs: docker + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version: "1.21.x" + + - name: Install helm + uses: Azure/setup-helm@v3 + with: + version: v3.14.0 + + - name: setup k3d + uses: engineerd/configurator@v0.0.10 + with: + name: k3d + url: https://github.com/k3d-io/k3d/releases/download/v5.6.0/k3d-linux-amd64 + + - name: start k3d cluster + run: | + k3d cluster create wasm-cluster \ + --image ghcr.io/deislabs/containerd-wasm-shims/examples/k3d:v0.11.0 \ + --port "8081:80@loadbalancer" \ + --agents 2 + + - name: install crd + run: make install + + - name: apply runtime class + run: kubectl apply -f spin-runtime-class.yaml + + - name: helm install + run: | + helm repo add kwasm-operator http://kwasm.sh/kwasm-operator + helm repo add cert-manager https://charts.jetstack.io + helm dependency build charts/spin-operator + helm install spin-operator \ + --namespace spin-operator \ + --create-namespace \ + --devel \ + --wait \ + --set controllerManager.manager.image.repository=ttl.sh/spoopy-operator-pr-${{ github.event.number }} \ + --set controllerManager.manager.image.tag=24h \ + charts/spin-operator + + - name: annotate nodes + run: kubectl annotate node --all kwasm.sh/kwasm-node=true + + - name: run spin app + run: | + kubectl apply -f config/samples/simple.yaml + kubectl rollout status deployment simple-spinapp --timeout 90s + + kubectl port-forward svc/simple-spinapp 8083:80 & + timeout 15s bash -c 'until curl -f -vvv http://localhost:8083/hello; do sleep 2; done' + + - name: Verify curl + run: curl localhost:8083/hello diff --git a/.github/workflows/helm-install-smoke-test.yml b/.github/workflows/helm-install-smoke-test.yml deleted file mode 100644 index ff6ad8a3..00000000 --- a/.github/workflows/helm-install-smoke-test.yml +++ /dev/null @@ -1,69 +0,0 @@ -name: Helm Install Smoke Test - -on: - pull_request: - branches: [main] - -jobs: - test: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup Go - uses: actions/setup-go@v5 - with: - go-version: "1.21.x" - - - name: Install helm - uses: Azure/setup-helm@v3 - with: - version: v3.14.0 - - - name: setup k3d - uses: engineerd/configurator@v0.0.10 - with: - name: k3d - url: https://github.com/k3d-io/k3d/releases/download/v5.6.0/k3d-linux-amd64 - - - name: start k3d cluster - run: | - k3d cluster create wasm-cluster \ - --image ghcr.io/deislabs/containerd-wasm-shims/examples/k3d:v0.11.0 \ - --port "8081:80@loadbalancer" \ - --agents 2 - - - name: install crd - run: make install - - - name: apply runtime class - run: kubectl apply -f spin-runtime-class.yaml - - - name: helm install - run: | - helm repo add kwasm-operator http://kwasm.sh/kwasm-operator - helm repo add cert-manager https://charts.jetstack.io - helm dependency build charts/spin-operator - helm install spin-operator \ - --namespace spin-operator \ - --create-namespace \ - --devel \ - --wait \ - --set controllerManager.manager.image.repository=ttl.sh/spoopy-operator-pr-${{ github.event.number }} \ - --set controllerManager.manager.image.tag=24h \ - charts/spin-operator - - - name: annotate nodes - run: kubectl annotate node --all kwasm.sh/kwasm-node=true - - - name: run spin app - run: | - kubectl apply -f config/samples/simple.yaml - kubectl rollout status deployment simple-spinapp --timeout 90s - - kubectl port-forward svc/simple-spinapp 8083:80 & - timeout 15s bash -c 'until curl -f -vvv http://localhost:8083/hello; do sleep 2; done' - - - name: Verify curl - run: curl localhost:8083/hello From af8758274afe76761cef835cd4eaa6a96d60638e Mon Sep 17 00:00:00 2001 From: Rajat Jindal Date: Sun, 18 Feb 2024 22:17:39 +0530 Subject: [PATCH 09/26] helm install smoke test Signed-off-by: Rajat Jindal --- .github/workflows/container.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/container.yaml b/.github/workflows/container.yaml index 11c13504..e748fd08 100644 --- a/.github/workflows/container.yaml +++ b/.github/workflows/container.yaml @@ -132,6 +132,7 @@ jobs: --wait \ --set controllerManager.manager.image.repository=ttl.sh/spoopy-operator-pr-${{ github.event.number }} \ --set controllerManager.manager.image.tag=24h \ + --debug \ charts/spin-operator - name: annotate nodes From 1d0430d9f0d68884dad6952fad2ea20648f32dd6 Mon Sep 17 00:00:00 2001 From: Rajat Jindal Date: Sun, 18 Feb 2024 22:29:23 +0530 Subject: [PATCH 10/26] helm install smoke test Signed-off-by: Rajat Jindal --- .github/workflows/container.yaml | 149 ++++++++++++++++--------------- 1 file changed, 76 insertions(+), 73 deletions(-) diff --git a/.github/workflows/container.yaml b/.github/workflows/container.yaml index e748fd08..ccfb387c 100644 --- a/.github/workflows/container.yaml +++ b/.github/workflows/container.yaml @@ -12,81 +12,81 @@ env: IMAGE_NAME: ${{ github.repository }} jobs: - docker: - runs-on: ubuntu-latest - permissions: - pull-requests: write - contents: read - packages: write - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup version info - main - if: ${{ ! startsWith(github.ref, 'refs/tags/v') }} - run: echo "VERSION=$(date +%Y%m%d-%H%M%S)-g$(git rev-parse --short HEAD)" >> $GITHUB_ENV - - - name: Setup version info - tag - if: startsWith(github.ref, 'refs/tags/v') - run: echo "VERSION=${{ github.ref_name }}" >> $GITHUB_ENV - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Log into registry ${{ env.REGISTRY }} - if: github.ref == 'refs/heads/main' - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - - - name: Build and Push PR - Ephemeral - uses: docker/build-push-action@v5 - if: github.event_name == 'pull_request' - with: - context: . - push: true - labels: ${{ steps.meta.outputs.labels }} - platforms: linux/amd64,linux/arm64 - cache-from: type=gha - cache-to: type=gha,mode=max - tags: | - ttl.sh/spoopy-operator-pr-${{ github.event.pull_request.number }}:24h - - uses: mshick/add-pr-comment@v2 - if: (github.event_name == 'pull_request') && ${{ success() }} - with: - message: | - This PR now has an image available for testing: - ``` - ttl.sh/spoopy-operator-pr-${{ github.event.pull_request.number }}:24h - ``` - - - name: Build and Push - uses: docker/build-push-action@v5 - if: github.ref == 'refs/heads/main' - with: - context: . - push: true - labels: ${{ steps.meta.outputs.labels }} - platforms: linux/amd64,linux/arm64 - cache-from: type=gha - cache-to: type=gha,mode=max - tags: | - ghcr.io/spinkube/spin-operator:${{ env.VERSION }} + # docker: + # runs-on: ubuntu-latest + # permissions: + # pull-requests: write + # contents: read + # packages: write + # steps: + # - name: Checkout + # uses: actions/checkout@v4 + + # - name: Setup version info - main + # if: ${{ ! startsWith(github.ref, 'refs/tags/v') }} + # run: echo "VERSION=$(date +%Y%m%d-%H%M%S)-g$(git rev-parse --short HEAD)" >> $GITHUB_ENV + + # - name: Setup version info - tag + # if: startsWith(github.ref, 'refs/tags/v') + # run: echo "VERSION=${{ github.ref_name }}" >> $GITHUB_ENV + + # - name: Set up QEMU + # uses: docker/setup-qemu-action@v3 + + # - name: Set up Docker Buildx + # uses: docker/setup-buildx-action@v3 + + # - name: Log into registry ${{ env.REGISTRY }} + # if: github.ref == 'refs/heads/main' + # uses: docker/login-action@v3 + # with: + # registry: ${{ env.REGISTRY }} + # username: ${{ github.actor }} + # password: ${{ secrets.GITHUB_TOKEN }} + + # - name: Extract Docker metadata + # id: meta + # uses: docker/metadata-action@v5 + # with: + # images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + # - name: Build and Push PR - Ephemeral + # uses: docker/build-push-action@v5 + # if: github.event_name == 'pull_request' + # with: + # context: . + # push: true + # labels: ${{ steps.meta.outputs.labels }} + # platforms: linux/amd64,linux/arm64 + # cache-from: type=gha + # cache-to: type=gha,mode=max + # tags: | + # ttl.sh/spoopy-operator-pr-${{ github.event.pull_request.number }}:24h + # - uses: mshick/add-pr-comment@v2 + # if: (github.event_name == 'pull_request') && ${{ success() }} + # with: + # message: | + # This PR now has an image available for testing: + # ``` + # ttl.sh/spoopy-operator-pr-${{ github.event.pull_request.number }}:24h + # ``` + + # - name: Build and Push + # uses: docker/build-push-action@v5 + # if: github.ref == 'refs/heads/main' + # with: + # context: . + # push: true + # labels: ${{ steps.meta.outputs.labels }} + # platforms: linux/amd64,linux/arm64 + # cache-from: type=gha + # cache-to: type=gha,mode=max + # tags: | + # ghcr.io/spinkube/spin-operator:${{ env.VERSION }} helm-install-smoke-test: runs-on: ubuntu-latest - needs: docker + # needs: docker steps: - name: Checkout uses: actions/checkout@v4 @@ -134,7 +134,10 @@ jobs: --set controllerManager.manager.image.tag=24h \ --debug \ charts/spin-operator - + + - name: debug + if: always() + run: kubectl get pods -A - name: annotate nodes run: kubectl annotate node --all kwasm.sh/kwasm-node=true From 376eb479072bac7f7c0a8d2e6ef1902212d5b215 Mon Sep 17 00:00:00 2001 From: Rajat Jindal Date: Mon, 19 Feb 2024 17:07:35 +0530 Subject: [PATCH 11/26] fixup Signed-off-by: Rajat Jindal --- .github/workflows/container.yaml | 149 +++++++++--------- .../spin-operator/templates/deployment.yaml | 3 +- cmd/main.go | 14 +- internal/webhook/admission.go | 38 +++++ 4 files changed, 123 insertions(+), 81 deletions(-) diff --git a/.github/workflows/container.yaml b/.github/workflows/container.yaml index ccfb387c..43fc26b4 100644 --- a/.github/workflows/container.yaml +++ b/.github/workflows/container.yaml @@ -12,77 +12,77 @@ env: IMAGE_NAME: ${{ github.repository }} jobs: - # docker: - # runs-on: ubuntu-latest - # permissions: - # pull-requests: write - # contents: read - # packages: write - # steps: - # - name: Checkout - # uses: actions/checkout@v4 - - # - name: Setup version info - main - # if: ${{ ! startsWith(github.ref, 'refs/tags/v') }} - # run: echo "VERSION=$(date +%Y%m%d-%H%M%S)-g$(git rev-parse --short HEAD)" >> $GITHUB_ENV - - # - name: Setup version info - tag - # if: startsWith(github.ref, 'refs/tags/v') - # run: echo "VERSION=${{ github.ref_name }}" >> $GITHUB_ENV - - # - name: Set up QEMU - # uses: docker/setup-qemu-action@v3 - - # - name: Set up Docker Buildx - # uses: docker/setup-buildx-action@v3 - - # - name: Log into registry ${{ env.REGISTRY }} - # if: github.ref == 'refs/heads/main' - # uses: docker/login-action@v3 - # with: - # registry: ${{ env.REGISTRY }} - # username: ${{ github.actor }} - # password: ${{ secrets.GITHUB_TOKEN }} - - # - name: Extract Docker metadata - # id: meta - # uses: docker/metadata-action@v5 - # with: - # images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - - # - name: Build and Push PR - Ephemeral - # uses: docker/build-push-action@v5 - # if: github.event_name == 'pull_request' - # with: - # context: . - # push: true - # labels: ${{ steps.meta.outputs.labels }} - # platforms: linux/amd64,linux/arm64 - # cache-from: type=gha - # cache-to: type=gha,mode=max - # tags: | - # ttl.sh/spoopy-operator-pr-${{ github.event.pull_request.number }}:24h - # - uses: mshick/add-pr-comment@v2 - # if: (github.event_name == 'pull_request') && ${{ success() }} - # with: - # message: | - # This PR now has an image available for testing: - # ``` - # ttl.sh/spoopy-operator-pr-${{ github.event.pull_request.number }}:24h - # ``` - - # - name: Build and Push - # uses: docker/build-push-action@v5 - # if: github.ref == 'refs/heads/main' - # with: - # context: . - # push: true - # labels: ${{ steps.meta.outputs.labels }} - # platforms: linux/amd64,linux/arm64 - # cache-from: type=gha - # cache-to: type=gha,mode=max - # tags: | - # ghcr.io/spinkube/spin-operator:${{ env.VERSION }} + # docker: + # runs-on: ubuntu-latest + # permissions: + # pull-requests: write + # contents: read + # packages: write + # steps: + # - name: Checkout + # uses: actions/checkout@v4 + + # - name: Setup version info - main + # if: ${{ ! startsWith(github.ref, 'refs/tags/v') }} + # run: echo "VERSION=$(date +%Y%m%d-%H%M%S)-g$(git rev-parse --short HEAD)" >> $GITHUB_ENV + + # - name: Setup version info - tag + # if: startsWith(github.ref, 'refs/tags/v') + # run: echo "VERSION=${{ github.ref_name }}" >> $GITHUB_ENV + + # - name: Set up QEMU + # uses: docker/setup-qemu-action@v3 + + # - name: Set up Docker Buildx + # uses: docker/setup-buildx-action@v3 + + # - name: Log into registry ${{ env.REGISTRY }} + # if: github.ref == 'refs/heads/main' + # uses: docker/login-action@v3 + # with: + # registry: ${{ env.REGISTRY }} + # username: ${{ github.actor }} + # password: ${{ secrets.GITHUB_TOKEN }} + + # - name: Extract Docker metadata + # id: meta + # uses: docker/metadata-action@v5 + # with: + # images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + # - name: Build and Push PR - Ephemeral + # uses: docker/build-push-action@v5 + # if: github.event_name == 'pull_request' + # with: + # context: . + # push: true + # labels: ${{ steps.meta.outputs.labels }} + # platforms: linux/amd64,linux/arm64 + # cache-from: type=gha + # cache-to: type=gha,mode=max + # tags: | + # ttl.sh/spoopy-operator-pr-${{ github.event.pull_request.number }}:24h + # - uses: mshick/add-pr-comment@v2 + # if: (github.event_name == 'pull_request') && ${{ success() }} + # with: + # message: | + # This PR now has an image available for testing: + # ``` + # ttl.sh/spoopy-operator-pr-${{ github.event.pull_request.number }}:24h + # ``` + + # - name: Build and Push + # uses: docker/build-push-action@v5 + # if: github.ref == 'refs/heads/main' + # with: + # context: . + # push: true + # labels: ${{ steps.meta.outputs.labels }} + # platforms: linux/amd64,linux/arm64 + # cache-from: type=gha + # cache-to: type=gha,mode=max + # tags: | + # ghcr.io/spinkube/spin-operator:${{ env.VERSION }} helm-install-smoke-test: runs-on: ubuntu-latest @@ -137,7 +137,12 @@ jobs: - name: debug if: always() - run: kubectl get pods -A + run: | + kubectl get pods -A + kubectl get pods -n spin-operator + kubectl logs -n spin-operator -f $(kubectl get pods -n spin-operator | grep spin-operator-controller-manager | awk '{print $1}') + kubectl describe pod -n spin-operator -f $(kubectl get pods -n spin-operator | grep spin-operator-controller-manager | awk '{print $1}') + - name: annotate nodes run: kubectl annotate node --all kwasm.sh/kwasm-node=true diff --git a/charts/spin-operator/templates/deployment.yaml b/charts/spin-operator/templates/deployment.yaml index e018305f..fe4af1c5 100644 --- a/charts/spin-operator/templates/deployment.yaml +++ b/charts/spin-operator/templates/deployment.yaml @@ -79,4 +79,5 @@ spec: - name: cert secret: defaultMode: 420 - secretName: webhook-server-cert \ No newline at end of file + secretName: webhook-server-cert + optional: true \ No newline at end of file diff --git a/cmd/main.go b/cmd/main.go index ee6d8f8d..07af5ce3 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -116,14 +116,12 @@ func main() { os.Exit(1) } if enableWebhooks { - if err = webhook.SetupSpinAppWebhookWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create webhook", "webhook", "SpinApp") - os.Exit(1) - } - if err = webhook.SetupSpinAppExecutorWebhookWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create webhook", "webhook", "SpinAppExecutor") - os.Exit(1) - } + go func() { + if err = webhook.LazyWebhookStarter(mgr); err != nil { + setupLog.Error(err, "unable to create webhook", "webhook", "SpinApp") + os.Exit(1) + } + }() } //+kubebuilder:scaffold:builder diff --git a/internal/webhook/admission.go b/internal/webhook/admission.go index e5ee1536..326151c6 100644 --- a/internal/webhook/admission.go +++ b/internal/webhook/admission.go @@ -1,10 +1,48 @@ package webhook import ( + "fmt" + "os" + "time" + spinv1 "github.com/spinkube/spin-operator/api/v1" ctrl "sigs.k8s.io/controller-runtime" ) +func LazyWebhookStarter(mgr ctrl.Manager) error { + ticker := time.NewTicker(2 * time.Second) + timeout := time.NewTimer(5 * time.Minute) + + crtFile := "/tmp/k8s-webhook-server/serving-certs/tls.crt" + + for { + select { + case <-ticker.C: + _, err := os.ReadFile(crtFile) + if err != nil && os.IsNotExist(err) { + fmt.Printf("file %s does not exist yet\n", crtFile) + continue + } + + fmt.Printf("crtfile found, setting up webhook") + + webhookSetupLog := ctrl.Log.WithName("webhook-setup") + if err = SetupSpinAppWebhookWithManager(mgr); err != nil { + webhookSetupLog.Error(err, "unable to create webhook", "webhook", "SpinApp") + os.Exit(1) + } + if err = SetupSpinAppExecutorWebhookWithManager(mgr); err != nil { + webhookSetupLog.Error(err, "unable to create webhook", "webhook", "SpinAppExecutor") + os.Exit(1) + } + + return nil + case <-timeout.C: + panic("timed out while waiting for webhook to start") + } + } +} + func SetupSpinAppWebhookWithManager(mgr ctrl.Manager) error { return ctrl.NewWebhookManagedBy(mgr). For(&spinv1.SpinApp{}). From b2f1fe253d576a3ca3a523c1887445aed41c3c0e Mon Sep 17 00:00:00 2001 From: Rajat Jindal Date: Mon, 19 Feb 2024 17:13:03 +0530 Subject: [PATCH 12/26] fixup Signed-off-by: Rajat Jindal --- .github/workflows/container.yaml | 144 +++++++++++++++---------------- internal/webhook/admission.go | 1 + 2 files changed, 73 insertions(+), 72 deletions(-) diff --git a/.github/workflows/container.yaml b/.github/workflows/container.yaml index 43fc26b4..02935309 100644 --- a/.github/workflows/container.yaml +++ b/.github/workflows/container.yaml @@ -12,81 +12,81 @@ env: IMAGE_NAME: ${{ github.repository }} jobs: - # docker: - # runs-on: ubuntu-latest - # permissions: - # pull-requests: write - # contents: read - # packages: write - # steps: - # - name: Checkout - # uses: actions/checkout@v4 - - # - name: Setup version info - main - # if: ${{ ! startsWith(github.ref, 'refs/tags/v') }} - # run: echo "VERSION=$(date +%Y%m%d-%H%M%S)-g$(git rev-parse --short HEAD)" >> $GITHUB_ENV - - # - name: Setup version info - tag - # if: startsWith(github.ref, 'refs/tags/v') - # run: echo "VERSION=${{ github.ref_name }}" >> $GITHUB_ENV - - # - name: Set up QEMU - # uses: docker/setup-qemu-action@v3 - - # - name: Set up Docker Buildx - # uses: docker/setup-buildx-action@v3 - - # - name: Log into registry ${{ env.REGISTRY }} - # if: github.ref == 'refs/heads/main' - # uses: docker/login-action@v3 - # with: - # registry: ${{ env.REGISTRY }} - # username: ${{ github.actor }} - # password: ${{ secrets.GITHUB_TOKEN }} - - # - name: Extract Docker metadata - # id: meta - # uses: docker/metadata-action@v5 - # with: - # images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - - # - name: Build and Push PR - Ephemeral - # uses: docker/build-push-action@v5 - # if: github.event_name == 'pull_request' - # with: - # context: . - # push: true - # labels: ${{ steps.meta.outputs.labels }} - # platforms: linux/amd64,linux/arm64 - # cache-from: type=gha - # cache-to: type=gha,mode=max - # tags: | - # ttl.sh/spoopy-operator-pr-${{ github.event.pull_request.number }}:24h - # - uses: mshick/add-pr-comment@v2 - # if: (github.event_name == 'pull_request') && ${{ success() }} - # with: - # message: | - # This PR now has an image available for testing: - # ``` - # ttl.sh/spoopy-operator-pr-${{ github.event.pull_request.number }}:24h - # ``` - - # - name: Build and Push - # uses: docker/build-push-action@v5 - # if: github.ref == 'refs/heads/main' - # with: - # context: . - # push: true - # labels: ${{ steps.meta.outputs.labels }} - # platforms: linux/amd64,linux/arm64 - # cache-from: type=gha - # cache-to: type=gha,mode=max - # tags: | - # ghcr.io/spinkube/spin-operator:${{ env.VERSION }} + docker: + runs-on: ubuntu-latest + permissions: + pull-requests: write + contents: read + packages: write + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup version info - main + if: ${{ ! startsWith(github.ref, 'refs/tags/v') }} + run: echo "VERSION=$(date +%Y%m%d-%H%M%S)-g$(git rev-parse --short HEAD)" >> $GITHUB_ENV + + - name: Setup version info - tag + if: startsWith(github.ref, 'refs/tags/v') + run: echo "VERSION=${{ github.ref_name }}" >> $GITHUB_ENV + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log into registry ${{ env.REGISTRY }} + if: github.ref == 'refs/heads/main' + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + - name: Build and Push PR - Ephemeral + uses: docker/build-push-action@v5 + if: github.event_name == 'pull_request' + with: + context: . + push: true + labels: ${{ steps.meta.outputs.labels }} + platforms: linux/amd64,linux/arm64 + cache-from: type=gha + cache-to: type=gha,mode=max + tags: | + ttl.sh/spoopy-operator-pr-${{ github.event.pull_request.number }}:24h + - uses: mshick/add-pr-comment@v2 + if: (github.event_name == 'pull_request') && ${{ success() }} + with: + message: | + This PR now has an image available for testing: + ``` + ttl.sh/spoopy-operator-pr-${{ github.event.pull_request.number }}:24h + ``` + + - name: Build and Push + uses: docker/build-push-action@v5 + if: github.ref == 'refs/heads/main' + with: + context: . + push: true + labels: ${{ steps.meta.outputs.labels }} + platforms: linux/amd64,linux/arm64 + cache-from: type=gha + cache-to: type=gha,mode=max + tags: | + ghcr.io/spinkube/spin-operator:${{ env.VERSION }} helm-install-smoke-test: runs-on: ubuntu-latest - # needs: docker + needs: docker steps: - name: Checkout uses: actions/checkout@v4 diff --git a/internal/webhook/admission.go b/internal/webhook/admission.go index 326151c6..c89ab52a 100644 --- a/internal/webhook/admission.go +++ b/internal/webhook/admission.go @@ -38,6 +38,7 @@ func LazyWebhookStarter(mgr ctrl.Manager) error { return nil case <-timeout.C: + ticker.Stop() panic("timed out while waiting for webhook to start") } } From eb0923a5428038936b179d2ad6ba2965a61718b7 Mon Sep 17 00:00:00 2001 From: Rajat Jindal Date: Mon, 19 Feb 2024 17:17:26 +0530 Subject: [PATCH 13/26] fixup Signed-off-by: Rajat Jindal --- .github/workflows/container.yaml | 144 +++++++++++++++---------------- 1 file changed, 72 insertions(+), 72 deletions(-) diff --git a/.github/workflows/container.yaml b/.github/workflows/container.yaml index 02935309..6cb5946d 100644 --- a/.github/workflows/container.yaml +++ b/.github/workflows/container.yaml @@ -12,81 +12,81 @@ env: IMAGE_NAME: ${{ github.repository }} jobs: - docker: - runs-on: ubuntu-latest - permissions: - pull-requests: write - contents: read - packages: write - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup version info - main - if: ${{ ! startsWith(github.ref, 'refs/tags/v') }} - run: echo "VERSION=$(date +%Y%m%d-%H%M%S)-g$(git rev-parse --short HEAD)" >> $GITHUB_ENV - - - name: Setup version info - tag - if: startsWith(github.ref, 'refs/tags/v') - run: echo "VERSION=${{ github.ref_name }}" >> $GITHUB_ENV - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Log into registry ${{ env.REGISTRY }} - if: github.ref == 'refs/heads/main' - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - - - name: Build and Push PR - Ephemeral - uses: docker/build-push-action@v5 - if: github.event_name == 'pull_request' - with: - context: . - push: true - labels: ${{ steps.meta.outputs.labels }} - platforms: linux/amd64,linux/arm64 - cache-from: type=gha - cache-to: type=gha,mode=max - tags: | + docker: + runs-on: ubuntu-latest + permissions: + pull-requests: write + contents: read + packages: write + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup version info - main + if: ${{ ! startsWith(github.ref, 'refs/tags/v') }} + run: echo "VERSION=$(date +%Y%m%d-%H%M%S)-g$(git rev-parse --short HEAD)" >> $GITHUB_ENV + + - name: Setup version info - tag + if: startsWith(github.ref, 'refs/tags/v') + run: echo "VERSION=${{ github.ref_name }}" >> $GITHUB_ENV + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log into registry ${{ env.REGISTRY }} + if: github.ref == 'refs/heads/main' + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + - name: Build and Push PR - Ephemeral + uses: docker/build-push-action@v5 + if: github.event_name == 'pull_request' + with: + context: . + push: true + labels: ${{ steps.meta.outputs.labels }} + platforms: linux/amd64,linux/arm64 + cache-from: type=gha + cache-to: type=gha,mode=max + tags: | + ttl.sh/spoopy-operator-pr-${{ github.event.pull_request.number }}:24h + - uses: mshick/add-pr-comment@v2 + if: (github.event_name == 'pull_request') && ${{ success() }} + with: + message: | + This PR now has an image available for testing: + ``` ttl.sh/spoopy-operator-pr-${{ github.event.pull_request.number }}:24h - - uses: mshick/add-pr-comment@v2 - if: (github.event_name == 'pull_request') && ${{ success() }} - with: - message: | - This PR now has an image available for testing: - ``` - ttl.sh/spoopy-operator-pr-${{ github.event.pull_request.number }}:24h - ``` - - - name: Build and Push - uses: docker/build-push-action@v5 - if: github.ref == 'refs/heads/main' - with: - context: . - push: true - labels: ${{ steps.meta.outputs.labels }} - platforms: linux/amd64,linux/arm64 - cache-from: type=gha - cache-to: type=gha,mode=max - tags: | - ghcr.io/spinkube/spin-operator:${{ env.VERSION }} + ``` + + - name: Build and Push + uses: docker/build-push-action@v5 + if: github.ref == 'refs/heads/main' + with: + context: . + push: true + labels: ${{ steps.meta.outputs.labels }} + platforms: linux/amd64,linux/arm64 + cache-from: type=gha + cache-to: type=gha,mode=max + tags: | + ghcr.io/spinkube/spin-operator:${{ env.VERSION }} helm-install-smoke-test: runs-on: ubuntu-latest - needs: docker + # needs: docker steps: - name: Checkout uses: actions/checkout@v4 @@ -141,7 +141,7 @@ jobs: kubectl get pods -A kubectl get pods -n spin-operator kubectl logs -n spin-operator -f $(kubectl get pods -n spin-operator | grep spin-operator-controller-manager | awk '{print $1}') - kubectl describe pod -n spin-operator -f $(kubectl get pods -n spin-operator | grep spin-operator-controller-manager | awk '{print $1}') + kubectl describe -n spin-operator -f $(kubectl get pods -n spin-operator | grep spin-operator-controller-manager | awk '{print $1}') - name: annotate nodes run: kubectl annotate node --all kwasm.sh/kwasm-node=true From 28a87d8fa269a7cf0948c148c25d354b729b7620 Mon Sep 17 00:00:00 2001 From: Rajat Jindal Date: Mon, 19 Feb 2024 17:30:46 +0530 Subject: [PATCH 14/26] fixup Signed-off-by: Rajat Jindal --- .github/workflows/container.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/container.yaml b/.github/workflows/container.yaml index 6cb5946d..9b3af939 100644 --- a/.github/workflows/container.yaml +++ b/.github/workflows/container.yaml @@ -61,7 +61,7 @@ jobs: cache-from: type=gha cache-to: type=gha,mode=max tags: | - ttl.sh/spoopy-operator-pr-${{ github.event.pull_request.number }}:24h + ttl.sh/spoopy-operator-pr-${{ github.event.pull_request.number }}-1:24h - uses: mshick/add-pr-comment@v2 if: (github.event_name == 'pull_request') && ${{ success() }} with: @@ -130,7 +130,7 @@ jobs: --create-namespace \ --devel \ --wait \ - --set controllerManager.manager.image.repository=ttl.sh/spoopy-operator-pr-${{ github.event.number }} \ + --set controllerManager.manager.image.repository=ttl.sh/spoopy-operator-pr-${{ github.event.number }}-1 \ --set controllerManager.manager.image.tag=24h \ --debug \ charts/spin-operator From baade3b2b0273517e241a87dd5ee670d907cc2bc Mon Sep 17 00:00:00 2001 From: Rajat Jindal Date: Tue, 20 Feb 2024 10:54:28 +0530 Subject: [PATCH 15/26] wait for webhook to be ready Signed-off-by: Rajat Jindal --- .../containerd-shim-spin-executor.yaml | 2 +- .../templates/wait-for-webhook.yaml | 18 ++++++++++++++++++ internal/webhook/admission.go | 5 +++++ 3 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 charts/spin-operator/templates/wait-for-webhook.yaml diff --git a/charts/spin-operator/templates/containerd-shim-spin-executor.yaml b/charts/spin-operator/templates/containerd-shim-spin-executor.yaml index d5bb9af2..a63c9db6 100644 --- a/charts/spin-operator/templates/containerd-shim-spin-executor.yaml +++ b/charts/spin-operator/templates/containerd-shim-spin-executor.yaml @@ -4,5 +4,5 @@ metadata: name: containerd-shim-spin annotations: "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-weight": "3" + "helm.sh/hook-weight": "4" spec: diff --git a/charts/spin-operator/templates/wait-for-webhook.yaml b/charts/spin-operator/templates/wait-for-webhook.yaml new file mode 100644 index 00000000..d3b25df4 --- /dev/null +++ b/charts/spin-operator/templates/wait-for-webhook.yaml @@ -0,0 +1,18 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "spin-operator.fullname" . }}-serving-cert + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "3" + labels: + {{- include "spin-operator.labels" . | nindent 4 }} +spec: + template: + spec: + containers: + - name: curl + image: denolehov/curl:latest + command: ["curl", "-kf", "-vvv", "https://spin-operator-webhook-service.spin-operator.svc.cluster.local/webhooks-ready"] + restartPolicy: OnFailure + backoffLimit: 100 diff --git a/internal/webhook/admission.go b/internal/webhook/admission.go index c89ab52a..9f054934 100644 --- a/internal/webhook/admission.go +++ b/internal/webhook/admission.go @@ -2,6 +2,7 @@ package webhook import ( "fmt" + "net/http" "os" "time" @@ -36,6 +37,10 @@ func LazyWebhookStarter(mgr ctrl.Manager) error { os.Exit(1) } + mgr.GetWebhookServer().WebhookMux().HandleFunc("webhooks-ready", func(w http.ResponseWriter, r *http.Request) { + w.Write([]byte("OK")) + }) + return nil case <-timeout.C: ticker.Stop() From e52db44c3c1a4e38158ac263c5c0f3ccfbede3de Mon Sep 17 00:00:00 2001 From: Rajat Jindal Date: Tue, 20 Feb 2024 11:37:47 +0530 Subject: [PATCH 16/26] wait for webhook to be ready Signed-off-by: Rajat Jindal --- .github/workflows/container.yaml | 3 +++ charts/spin-operator/templates/wait-for-webhook.yaml | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/container.yaml b/.github/workflows/container.yaml index 9b3af939..37f9f239 100644 --- a/.github/workflows/container.yaml +++ b/.github/workflows/container.yaml @@ -143,6 +143,9 @@ jobs: kubectl logs -n spin-operator -f $(kubectl get pods -n spin-operator | grep spin-operator-controller-manager | awk '{print $1}') kubectl describe -n spin-operator -f $(kubectl get pods -n spin-operator | grep spin-operator-controller-manager | awk '{print $1}') + kubectl logs -n spin-operator -f $(kubectl get pods -n spin-operator | grep wait-for-webhook-svc | awk '{print $1}') + kubectl describe -n spin-operator -f $(kubectl get pods -n spin-operator | grep wait-for-webhook-svc | awk '{print $1}') + - name: annotate nodes run: kubectl annotate node --all kwasm.sh/kwasm-node=true diff --git a/charts/spin-operator/templates/wait-for-webhook.yaml b/charts/spin-operator/templates/wait-for-webhook.yaml index d3b25df4..c7c0b670 100644 --- a/charts/spin-operator/templates/wait-for-webhook.yaml +++ b/charts/spin-operator/templates/wait-for-webhook.yaml @@ -1,7 +1,7 @@ apiVersion: batch/v1 kind: Job metadata: - name: {{ include "spin-operator.fullname" . }}-serving-cert + name: {{ include "spin-operator.fullname" . }}-wait-for-webhook-svc annotations: "helm.sh/hook": post-install,post-upgrade "helm.sh/hook-weight": "3" From 5efe5cdc7cfa824a02111c1d87d200243d718ea3 Mon Sep 17 00:00:00 2001 From: Rajat Jindal Date: Tue, 20 Feb 2024 11:46:58 +0530 Subject: [PATCH 17/26] wait for webhook to be ready Signed-off-by: Rajat Jindal --- internal/webhook/admission.go | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/internal/webhook/admission.go b/internal/webhook/admission.go index 9f054934..4dfbb242 100644 --- a/internal/webhook/admission.go +++ b/internal/webhook/admission.go @@ -1,7 +1,6 @@ package webhook import ( - "fmt" "net/http" "os" "time" @@ -15,19 +14,19 @@ func LazyWebhookStarter(mgr ctrl.Manager) error { timeout := time.NewTimer(5 * time.Minute) crtFile := "/tmp/k8s-webhook-server/serving-certs/tls.crt" + webhookSetupLog := ctrl.Log.WithName("webhook-setup") for { select { case <-ticker.C: _, err := os.ReadFile(crtFile) if err != nil && os.IsNotExist(err) { - fmt.Printf("file %s does not exist yet\n", crtFile) + webhookSetupLog.Info("file %s does not exist yet\n", crtFile) continue } - fmt.Printf("crtfile found, setting up webhook") + webhookSetupLog.Info("crtfile found, setting up webhook") - webhookSetupLog := ctrl.Log.WithName("webhook-setup") if err = SetupSpinAppWebhookWithManager(mgr); err != nil { webhookSetupLog.Error(err, "unable to create webhook", "webhook", "SpinApp") os.Exit(1) @@ -38,7 +37,7 @@ func LazyWebhookStarter(mgr ctrl.Manager) error { } mgr.GetWebhookServer().WebhookMux().HandleFunc("webhooks-ready", func(w http.ResponseWriter, r *http.Request) { - w.Write([]byte("OK")) + _, _ = w.Write([]byte("OK")) }) return nil From f26328e1109624fb9e2742af5fde8710753f5faa Mon Sep 17 00:00:00 2001 From: Rajat Jindal Date: Tue, 20 Feb 2024 11:56:33 +0530 Subject: [PATCH 18/26] wait for webhook to be ready Signed-off-by: Rajat Jindal --- .github/workflows/container.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/container.yaml b/.github/workflows/container.yaml index 37f9f239..5bb343a8 100644 --- a/.github/workflows/container.yaml +++ b/.github/workflows/container.yaml @@ -140,10 +140,10 @@ jobs: run: | kubectl get pods -A kubectl get pods -n spin-operator - kubectl logs -n spin-operator -f $(kubectl get pods -n spin-operator | grep spin-operator-controller-manager | awk '{print $1}') + kubectl logs -n spin-operator $(kubectl get pods -n spin-operator | grep spin-operator-controller-manager | awk '{print $1}') kubectl describe -n spin-operator -f $(kubectl get pods -n spin-operator | grep spin-operator-controller-manager | awk '{print $1}') - kubectl logs -n spin-operator -f $(kubectl get pods -n spin-operator | grep wait-for-webhook-svc | awk '{print $1}') + kubectl logs -n spin-operator $(kubectl get pods -n spin-operator | grep wait-for-webhook-svc | awk '{print $1}') kubectl describe -n spin-operator -f $(kubectl get pods -n spin-operator | grep wait-for-webhook-svc | awk '{print $1}') - name: annotate nodes From 19e067bd246445a6ab76c5a687fcc6aae56259bb Mon Sep 17 00:00:00 2001 From: Rajat Jindal Date: Tue, 20 Feb 2024 11:56:57 +0530 Subject: [PATCH 19/26] wait for webhook to be ready Signed-off-by: Rajat Jindal --- .github/workflows/container.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/container.yaml b/.github/workflows/container.yaml index 5bb343a8..099ced12 100644 --- a/.github/workflows/container.yaml +++ b/.github/workflows/container.yaml @@ -141,10 +141,10 @@ jobs: kubectl get pods -A kubectl get pods -n spin-operator kubectl logs -n spin-operator $(kubectl get pods -n spin-operator | grep spin-operator-controller-manager | awk '{print $1}') - kubectl describe -n spin-operator -f $(kubectl get pods -n spin-operator | grep spin-operator-controller-manager | awk '{print $1}') + kubectl describe -n spin-operator pod $(kubectl get pods -n spin-operator | grep spin-operator-controller-manager | awk '{print $1}') kubectl logs -n spin-operator $(kubectl get pods -n spin-operator | grep wait-for-webhook-svc | awk '{print $1}') - kubectl describe -n spin-operator -f $(kubectl get pods -n spin-operator | grep wait-for-webhook-svc | awk '{print $1}') + kubectl describe -n spin-operator pod $(kubectl get pods -n spin-operator | grep wait-for-webhook-svc | awk '{print $1}') - name: annotate nodes run: kubectl annotate node --all kwasm.sh/kwasm-node=true From 847428bbc8d63cea4557f5d632a326acad290543 Mon Sep 17 00:00:00 2001 From: Rajat Jindal Date: Tue, 20 Feb 2024 12:16:54 +0530 Subject: [PATCH 20/26] wait for webhook to be ready Signed-off-by: Rajat Jindal --- internal/webhook/admission.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/webhook/admission.go b/internal/webhook/admission.go index 4dfbb242..4129b916 100644 --- a/internal/webhook/admission.go +++ b/internal/webhook/admission.go @@ -21,7 +21,7 @@ func LazyWebhookStarter(mgr ctrl.Manager) error { case <-ticker.C: _, err := os.ReadFile(crtFile) if err != nil && os.IsNotExist(err) { - webhookSetupLog.Info("file %s does not exist yet\n", crtFile) + webhookSetupLog.Info("file does not exist yet\n", "file", crtFile) continue } From bc90f59d5b2f0a9ba3f96c388c5e9951761e4f69 Mon Sep 17 00:00:00 2001 From: Rajat Jindal Date: Tue, 20 Feb 2024 12:25:20 +0530 Subject: [PATCH 21/26] wait for webhook to be ready Signed-off-by: Rajat Jindal --- internal/webhook/admission.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/webhook/admission.go b/internal/webhook/admission.go index 4129b916..5fb42e33 100644 --- a/internal/webhook/admission.go +++ b/internal/webhook/admission.go @@ -21,7 +21,7 @@ func LazyWebhookStarter(mgr ctrl.Manager) error { case <-ticker.C: _, err := os.ReadFile(crtFile) if err != nil && os.IsNotExist(err) { - webhookSetupLog.Info("file does not exist yet\n", "file", crtFile) + webhookSetupLog.Info("file does not exist yet") continue } From ba19d659c443ee3e7d508ed3c7d83ea657a5aed5 Mon Sep 17 00:00:00 2001 From: Rajat Jindal Date: Tue, 20 Feb 2024 12:28:17 +0530 Subject: [PATCH 22/26] wait for webhook to be ready Signed-off-by: Rajat Jindal --- .github/workflows/container.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/container.yaml b/.github/workflows/container.yaml index 099ced12..a27dcb26 100644 --- a/.github/workflows/container.yaml +++ b/.github/workflows/container.yaml @@ -86,7 +86,7 @@ jobs: helm-install-smoke-test: runs-on: ubuntu-latest - # needs: docker + needs: docker steps: - name: Checkout uses: actions/checkout@v4 From f82a4a95e00bc433c575bc3d7e5839b7d24d2130 Mon Sep 17 00:00:00 2001 From: Rajat Jindal Date: Tue, 20 Feb 2024 14:02:35 +0530 Subject: [PATCH 23/26] fixup Signed-off-by: Rajat Jindal --- .github/workflows/container.yaml | 4 ++-- charts/spin-operator/templates/wait-for-webhook.yaml | 2 +- internal/webhook/admission.go | 5 ----- 3 files changed, 3 insertions(+), 8 deletions(-) diff --git a/.github/workflows/container.yaml b/.github/workflows/container.yaml index a27dcb26..6f005c3e 100644 --- a/.github/workflows/container.yaml +++ b/.github/workflows/container.yaml @@ -61,7 +61,7 @@ jobs: cache-from: type=gha cache-to: type=gha,mode=max tags: | - ttl.sh/spoopy-operator-pr-${{ github.event.pull_request.number }}-1:24h + ttl.sh/spoopy-operator-pr-${{ github.event.pull_request.number }}:24h - uses: mshick/add-pr-comment@v2 if: (github.event_name == 'pull_request') && ${{ success() }} with: @@ -130,7 +130,7 @@ jobs: --create-namespace \ --devel \ --wait \ - --set controllerManager.manager.image.repository=ttl.sh/spoopy-operator-pr-${{ github.event.number }}-1 \ + --set controllerManager.manager.image.repository=ttl.sh/spoopy-operator-pr-${{ github.event.pull_request.number }} \ --set controllerManager.manager.image.tag=24h \ --debug \ charts/spin-operator diff --git a/charts/spin-operator/templates/wait-for-webhook.yaml b/charts/spin-operator/templates/wait-for-webhook.yaml index c7c0b670..39f6d61e 100644 --- a/charts/spin-operator/templates/wait-for-webhook.yaml +++ b/charts/spin-operator/templates/wait-for-webhook.yaml @@ -13,6 +13,6 @@ spec: containers: - name: curl image: denolehov/curl:latest - command: ["curl", "-kf", "-vvv", "https://spin-operator-webhook-service.spin-operator.svc.cluster.local/webhooks-ready"] + command: ["curl", "-kf", "-vvv", "https://spin-operator-webhook-service.spin-operator.svc.cluster.local/mutate-core-spinoperator-dev-v1-spinappexecutor"] restartPolicy: OnFailure backoffLimit: 100 diff --git a/internal/webhook/admission.go b/internal/webhook/admission.go index 5fb42e33..fe65ff25 100644 --- a/internal/webhook/admission.go +++ b/internal/webhook/admission.go @@ -1,7 +1,6 @@ package webhook import ( - "net/http" "os" "time" @@ -36,10 +35,6 @@ func LazyWebhookStarter(mgr ctrl.Manager) error { os.Exit(1) } - mgr.GetWebhookServer().WebhookMux().HandleFunc("webhooks-ready", func(w http.ResponseWriter, r *http.Request) { - _, _ = w.Write([]byte("OK")) - }) - return nil case <-timeout.C: ticker.Stop() From b0278208d75a2d0d1279ad3e4acaedd147fd4b1a Mon Sep 17 00:00:00 2001 From: Rajat Jindal Date: Tue, 20 Feb 2024 15:30:43 +0530 Subject: [PATCH 24/26] fixup Signed-off-by: Rajat Jindal --- .../spin-operator/templates/containerd-shim-spin-executor.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/spin-operator/templates/containerd-shim-spin-executor.yaml b/charts/spin-operator/templates/containerd-shim-spin-executor.yaml index a63c9db6..2816df8d 100644 --- a/charts/spin-operator/templates/containerd-shim-spin-executor.yaml +++ b/charts/spin-operator/templates/containerd-shim-spin-executor.yaml @@ -2,6 +2,7 @@ apiVersion: core.spinoperator.dev/v1 kind: SpinAppExecutor metadata: name: containerd-shim-spin + namespace: default annotations: "helm.sh/hook": post-install,post-upgrade "helm.sh/hook-weight": "4" From 35844206c93240d2c41c6115a2dd00dc4596c4a6 Mon Sep 17 00:00:00 2001 From: Rajat Jindal Date: Tue, 20 Feb 2024 15:42:37 +0530 Subject: [PATCH 25/26] fixup Signed-off-by: Rajat Jindal --- .github/workflows/container.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/container.yaml b/.github/workflows/container.yaml index 6f005c3e..63186240 100644 --- a/.github/workflows/container.yaml +++ b/.github/workflows/container.yaml @@ -154,6 +154,8 @@ jobs: kubectl apply -f config/samples/simple.yaml kubectl rollout status deployment simple-spinapp --timeout 90s + kubectl get pods -A + kubectl port-forward svc/simple-spinapp 8083:80 & timeout 15s bash -c 'until curl -f -vvv http://localhost:8083/hello; do sleep 2; done' From f442909ec37a6706475f86542b885e1333d95db5 Mon Sep 17 00:00:00 2001 From: Rajat Jindal Date: Tue, 20 Feb 2024 16:28:08 +0530 Subject: [PATCH 26/26] fixup Signed-off-by: Rajat Jindal --- .github/workflows/container.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/container.yaml b/.github/workflows/container.yaml index 63186240..7793ff9a 100644 --- a/.github/workflows/container.yaml +++ b/.github/workflows/container.yaml @@ -146,9 +146,6 @@ jobs: kubectl logs -n spin-operator $(kubectl get pods -n spin-operator | grep wait-for-webhook-svc | awk '{print $1}') kubectl describe -n spin-operator pod $(kubectl get pods -n spin-operator | grep wait-for-webhook-svc | awk '{print $1}') - - name: annotate nodes - run: kubectl annotate node --all kwasm.sh/kwasm-node=true - - name: run spin app run: | kubectl apply -f config/samples/simple.yaml