adding spinkube (#115)

asdf Signed-off-by: Andrew Steurer <[email protected]>
kairos-io · Dec 4, 2024 · 0572584 · 0572584
1 parent 63d9226
commit 0572584
Show file tree

Hide file tree

Showing 3 changed files with 112 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -28,6 +28,7 @@ Please note that these community bundles are not officially supported and are pr
   - [MetalLB](#metallb)
   - [Multus](#multus)
   - [Nginx](#nginx)
+  - [SpinKube](#spinkube)
   - [System upgrade controller](#system-upgrade-controller)
   - [ArgoCD](#argocd)
 - [Development](#development)
@@ -407,6 +408,25 @@ nginx:
   version: 4.7.3
 ```
 
+### SpinKube
+
+> **WARNING**: This will not work with Kairos distributions that don't use `systemd` (i.e. Alpine).
+
+The SpinKube bundle deploys [SpinKube](https://spinkube.dev) to a running k3s cluster.
+
+The bundle has a `spinkube` block that allows you to install `cert-manager`, which is required by SpinKube:
+
+```yaml
+bundles:
+    - targets:
+        - run://quay.io/kairos/community-bundles:spinkube_latest
+
+spinkube:
+    installCertManager: true
+```
+
+If you don't want to use the bundle's `cert-manager` installation, be sure to check [SpinKube](https://www.spinkube.dev/docs/install/)'s documentation for which version of `cert-manager` to use.
+
 ### System upgrade controller
 
 The System upgrade controller bundle deploys [System upgrade controller](https://github.com/rancher/system-upgrade-controller).

diff --git a/spinkube/Dockerfile b/spinkube/Dockerfile
@@ -0,0 +1,44 @@
+FROM alpine:3.19 AS builder
+
+ARG spin_operator_version=0.4.0
+ARG kwasm_installer_version=0.17.0
+ARG cert_manager_version=1.14.5
+
+RUN apk update && apk add --no-cache helm
+
+WORKDIR /assets
+
+# This follows the SpinKube documentation:
+# https://www.spinkube.dev/docs/install/installing-with-helm/
+RUN <<EOR
+# Cert Manager
+wget -O cert-manager-${cert_manager_version}.yaml https://github.com/cert-manager/cert-manager/releases/download/v${cert_manager_version}/cert-manager.yaml
+
+# Kwasm Operator (namespace set in run.sh)
+helm repo add kwasm http://kwasm.sh/kwasm-operator/
+helm template kwasm-operator \
+    --namespace kwasm \
+    --set kwasmOperator.installerImage=ghcr.io/spinkube/containerd-shim-spin/node-installer:v${kwasm_installer_version} \
+    kwasm/kwasm-operator \
+> kwasm-operator-${kwasm_installer_version}.yaml
+
+# Spin Operator CRDs
+wget -O spin-operator-${spin_operator_version}.crds.yaml https://github.com/spinkube/spin-operator/releases/download/v${spin_operator_version}/spin-operator.crds.yaml
+
+# Spin Operator Runtime Class
+wget -O spin-operator-${spin_operator_version}.runtime-class.yaml https://github.com/spinkube/spin-operator/releases/download/v${spin_operator_version}/spin-operator.runtime-class.yaml
+
+# Spin Operator Shim Executor
+wget -O spin-operator-${spin_operator_version}.shim-executor.yaml https://github.com/spinkube/spin-operator/releases/download/v${spin_operator_version}/spin-operator.shim-executor.yaml
+
+# Spin Operator (namespace set in run.sh, as is the wait command)
+helm template spin-operator \
+    --namespace spin-operator \
+    --version ${spin_operator_version} \
+    oci://ghcr.io/spinkube/charts/spin-operator \
+> spin-operator-${spin_operator_version}.yaml
+EOR
+
+FROM scratch
+COPY --from=builder /assets ./assets
+COPY run.sh .
diff --git a/spinkube/run.sh b/spinkube/run.sh
@@ -0,0 +1,48 @@
+#!/bin/bash
+
+# This follows the SpinKube documentation:
+# https://www.spinkube.dev/docs/install/installing-with-helm/
+
+set -ex
+
+manifest_dir=assets
+
+spin_operator_version=0.4.0
+kwasm_installer_version=0.17.0
+cert_manager_version=1.14.5
+
+_install_cert_manager=$(kairos-agent config get "spinkube.installCertManager" | tr -d '\n')
+if [ "$_install_cert_manager" = "true" ]; then
+    sudo k3s kubectl apply -f "$manifest_dir/cert-manager-$cert_manager_version.yaml"
+
+    # Wait for the various cert-manager resources to be ready before proceeding
+    sudo k3s kubectl wait --for=condition=available --timeout=300s deployment/cert-manager -n cert-manager
+    sudo k3s kubectl wait --for=condition=available --timeout=300s deployment/cert-manager-webhook -n cert-manager
+    sudo k3s kubectl wait --for=condition=available --timeout=300s deployment/cert-manager-cainjector -n cert-manager
+fi
+
+# Check to make sure the kwasm namespace doesn't already exist
+if ! sudo k3s kubectl get namespace kwasm > /dev/null 2>&1; then
+    sudo k3s kubectl create namespace kwasm
+fi
+
+# Check to make sure the spin-operator namespace doesn't already exist
+if ! sudo k3s kubectl get namespace spin-operator > /dev/null 2>&1; then
+    sudo k3s kubectl create namespace spin-operator
+fi
+
+# Install Kwasm Operator
+sudo k3s kubectl apply --namespace kwasm -f "$manifest_dir/kwasm-operator-$kwasm_installer_version.yaml"
+
+# Provision Nodes
+sudo k3s kubectl annotate node --all kwasm.sh/kwasm-node=true
+
+# Install Spin Operator Resources
+sudo k3s kubectl apply -f "$manifest_dir/spin-operator-$spin_operator_version.crds.yaml"
+sudo k3s kubectl apply -f "$manifest_dir/spin-operator-$spin_operator_version.runtime-class.yaml"
+sudo k3s kubectl apply -f "$manifest_dir/spin-operator-$spin_operator_version.shim-executor.yaml"
+
+# Install Spin Operator
+sudo k3s kubectl apply --namespace spin-operator -f "$manifest_dir/spin-operator-$spin_operator_version.yaml"
+# Wait for the spin-operator-controller-manager to be ready
+sudo k3s kubectl wait --namespace spin-operator --for=condition=available --timeout=300s deployment/spin-operator-controller-manager