From 262c55b62828f4d42191fb566e66f89923d93339 Mon Sep 17 00:00:00 2001 From: Xudong Sun Date: Wed, 5 Jun 2024 17:36:25 -0500 Subject: [PATCH] Add workflow to build vreplicaset controller (#492) Signed-off-by: Xudong Sun --- .github/workflows/ci.yml | 6 +- .github/workflows/controller-build.yml | 19 ++ deploy.sh | 4 +- deploy/simple/crd.yaml | 35 ---- deploy/simple/deploy.yaml | 186 ------------------ deploy/simple/simplecr.yaml | 7 - .../{v_replica_set => vreplicaset}/crd.yaml | 0 deploy/vreplicaset/deploy_local.yaml | 22 +++ deploy/vreplicaset/deploy_remote.yaml | 21 ++ deploy/vreplicaset/rbac.yaml | 54 +++++ ...ontroller.rs => vreplicaset_controller.rs} | 0 11 files changed, 121 insertions(+), 233 deletions(-) delete mode 100644 deploy/simple/crd.yaml delete mode 100644 deploy/simple/deploy.yaml delete mode 100644 deploy/simple/simplecr.yaml rename deploy/{v_replica_set => vreplicaset}/crd.yaml (100%) create mode 100644 deploy/vreplicaset/deploy_local.yaml create mode 100644 deploy/vreplicaset/deploy_remote.yaml create mode 100644 deploy/vreplicaset/rbac.yaml rename src/{v_replica_set_controller.rs => vreplicaset_controller.rs} (100%) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f51104f87..0404755af 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -81,7 +81,7 @@ jobs: vargo build --release - name: Verify zookeeper controller run: VERUS_DIR="$(dirname "${PWD}")/verus" ./build.sh zookeeper_controller.rs --time --rlimit 50 - replica-set-verification: + vreplicaset-verification: runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v2 @@ -102,8 +102,8 @@ jobs: ./tools/get-z3.sh source ../tools/activate vargo build --release - - name: Verify replica set controller - run: VERUS_DIR="$(dirname "${PWD}")/verus" ./build.sh v_replica_set_controller.rs --time + - name: Verify vreplicaset controller + run: VERUS_DIR="$(dirname "${PWD}")/verus" ./build.sh vreplicaset_controller.rs --time unit-tests: runs-on: ubuntu-20.04 steps: diff --git a/.github/workflows/controller-build.yml b/.github/workflows/controller-build.yml index c53690499..4341586c7 100644 --- a/.github/workflows/controller-build.yml +++ b/.github/workflows/controller-build.yml @@ -61,3 +61,22 @@ jobs: run: | docker push ghcr.io/${{ env.IMAGE_NAME }}/fluent-controller:latest docker push ghcr.io/${{ env.IMAGE_NAME }}/fluent-controller:${{ github.sha }} + build-vreplicaset-controller: + runs-on: ubuntu-20.04 + permissions: + contents: read + packages: write + steps: + - name: Checkout repository + uses: actions/checkout@v3 + - name: Log into registry ghcr.io + run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u "${{ github.actor }}" --password-stdin + - name: Build vreplicaset controller image + run: | + cp docker/controller/Dockerfile . + docker build -t ghcr.io/${{ env.IMAGE_NAME }}/vreplicaset-controller:latest --build-arg APP=vreplicaset . + docker tag ghcr.io/${{ env.IMAGE_NAME }}/vreplicaset-controller:latest ghcr.io/${{ env.IMAGE_NAME }}/vreplicaset-controller:${{ github.sha }} + - name: Push vreplicaset controller image + run: | + docker push ghcr.io/${{ env.IMAGE_NAME }}/vreplicaset-controller:latest + docker push ghcr.io/${{ env.IMAGE_NAME }}/vreplicaset-controller:${{ github.sha }} diff --git a/deploy.sh b/deploy.sh index 784782745..a40fec0ec 100755 --- a/deploy.sh +++ b/deploy.sh @@ -15,8 +15,8 @@ app=$1 registry=$2 if [ "$app" != "zookeeper" ] && [ "$app" != "rabbitmq" ] && [ "$app" != "fluent" ]\ - && [ "$app" != "v_stateful_set" ]; then - echo -e "${RED}The first argument has to be one of: zookeeper, rabbitmq, fluent.${NC}" + [ "$app" != "vreplicaset" ] && [ "$app" != "v_stateful_set" ]; then + echo -e "${RED}The first argument has to be one of: zookeeper, rabbitmq, fluent, vreplicaset, v_stateful_set.${NC}" exit 1 fi diff --git a/deploy/simple/crd.yaml b/deploy/simple/crd.yaml deleted file mode 100644 index 669fc5ea0..000000000 --- a/deploy/simple/crd.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: simplecrs.anvil.dev -spec: - group: anvil.dev - names: - categories: [] - kind: SimpleCR - plural: simplecrs - shortNames: - - cr - singular: simplecr - scope: Namespaced - versions: - - additionalPrinterColumns: [] - name: v1 - schema: - openAPIV3Schema: - description: "Auto-generated derived type for SimpleCRSpec via `CustomResource`" - properties: - spec: - properties: - content: - type: string - required: - - content - type: object - required: - - spec - title: SimpleCR - type: object - served: true - storage: true - subresources: {} diff --git a/deploy/simple/deploy.yaml b/deploy/simple/deploy.yaml deleted file mode 100644 index 892d4b3b0..000000000 --- a/deploy/simple/deploy.yaml +++ /dev/null @@ -1,186 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/name: simple - name: simple ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: simple-controller - namespace: simple ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: simple-controller - name: simple-controller-role -rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - list - - update - - watch - - apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - create - - get - - list - - update - - watch - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - update - - watch - - apiGroups: - - "" - resources: - - pods/exec - verbs: - - create - - apiGroups: - - "" - resources: - - secrets - verbs: - - create - - get - - list - - update - - watch - - apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - create - - get - - list - - update - - watch - - apiGroups: - - "" - resources: - - services - verbs: - - create - - get - - list - - update - - watch - - apiGroups: - - apps - resources: - - statefulsets - verbs: - - create - - delete - - get - - list - - update - - watch - - apiGroups: - - anvil.dev - resources: - - simplecrs - verbs: - - create - - get - - list - - update - - watch - - apiGroups: - - anvil.dev - resources: - - simplecrs/finalizers - verbs: - - update - - apiGroups: - - anvil.dev - resources: - - simplecrs/status - verbs: - - get - - update - - apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - verbs: - - create - - get - - list - - update - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - roles - verbs: - - create - - get - - list - - update - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: simple-controller - name: simple-controller-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: simple-controller-role -subjects: - - kind: ServiceAccount - name: simple-controller - namespace: simple ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: simple-controller - namespace: simple - labels: - app.kubernetes.io/name: simple-controller -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: simple-controller - template: - metadata: - labels: - app.kubernetes.io/name: simple-controller - spec: - containers: - - image: ghcr.io/vmware-research/verifiable-controllers/simple-controller:latest - name: controller - command: - - simple-controller - - run - resources: - limits: - cpu: 200m - memory: 500Mi - requests: - cpu: 200m - memory: 500Mi - serviceAccountName: simple-controller diff --git a/deploy/simple/simplecr.yaml b/deploy/simple/simplecr.yaml deleted file mode 100644 index ba91b0083..000000000 --- a/deploy/simple/simplecr.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: anvil.dev/v1 -kind: SimpleCR -metadata: - name: foo - namespace: default -spec: - content: Hey! diff --git a/deploy/v_replica_set/crd.yaml b/deploy/vreplicaset/crd.yaml similarity index 100% rename from deploy/v_replica_set/crd.yaml rename to deploy/vreplicaset/crd.yaml diff --git a/deploy/vreplicaset/deploy_local.yaml b/deploy/vreplicaset/deploy_local.yaml new file mode 100644 index 000000000..8ca98d8d6 --- /dev/null +++ b/deploy/vreplicaset/deploy_local.yaml @@ -0,0 +1,22 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vreplicaset-controller + namespace: vreplicaset + labels: + app.kubernetes.io/name: vreplicaset-controller +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: vreplicaset-controller + template: + metadata: + labels: + app.kubernetes.io/name: vreplicaset-controller + spec: + containers: + - image: local/vreplicaset-controller:v0.1.0 + imagePullPolicy: IfNotPresent + name: controller + serviceAccountName: vreplicaset-controller diff --git a/deploy/vreplicaset/deploy_remote.yaml b/deploy/vreplicaset/deploy_remote.yaml new file mode 100644 index 000000000..b15698468 --- /dev/null +++ b/deploy/vreplicaset/deploy_remote.yaml @@ -0,0 +1,21 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vreplicaset-controller + namespace: vreplicaset + labels: + app.kubernetes.io/name: vreplicaset-controller +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: vreplicaset-controller + template: + metadata: + labels: + app.kubernetes.io/name: vreplicaset-controller + spec: + containers: + - image: ghcr.io/vmware-research/verifiable-controllers/vreplicaset-controller:latest + name: controller + serviceAccountName: vreplicaset-controller diff --git a/deploy/vreplicaset/rbac.yaml b/deploy/vreplicaset/rbac.yaml new file mode 100644 index 000000000..6f31e515d --- /dev/null +++ b/deploy/vreplicaset/rbac.yaml @@ -0,0 +1,54 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + app.kubernetes.io/name: vreplicaset + name: vreplicaset +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: vreplicaset-controller + namespace: vreplicaset +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: vreplicaset-controller + name: vreplicaset-controller-role +rules: + - apiGroups: + - anvil.dev + resources: + - "*" + verbs: + - "*" + - apiGroups: + - "" + resources: + - pods + - services + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + - serviceaccounts + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/name: vreplicaset-controller + name: vreplicaset-controller-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: vreplicaset-controller-role +subjects: + - kind: ServiceAccount + name: vreplicaset-controller + namespace: vreplicaset diff --git a/src/v_replica_set_controller.rs b/src/vreplicaset_controller.rs similarity index 100% rename from src/v_replica_set_controller.rs rename to src/vreplicaset_controller.rs