diff --git a/.github/workflows/docker-build-push.yml b/.github/workflows/docker-build-push.yml index 40ea71b..9e9297b 100644 --- a/.github/workflows/docker-build-push.yml +++ b/.github/workflows/docker-build-push.yml @@ -18,6 +18,8 @@ jobs: - name: Checkout uses: actions/checkout@v2 + with: + fetch-depth: 0 - name: Set up QEMU uses: docker/setup-qemu-action@v1 @@ -55,7 +57,6 @@ jobs: run: | git config user.name "$GITHUB_ACTOR" git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - - name: Install Helm uses: azure/setup-helm@v3 diff --git a/Makefile b/Makefile index 4332908..4f0bdca 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ # To re-generate a bundle for another specific version without changing the standard setup, you can: # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2) # - use environment variables to overwrite this value (e.g export VERSION=0.0.2) -VERSION ?= v0.0.1 +VERSION ?= v0.1.0 # CHANNELS define the bundle channels used in the bundle. # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable") diff --git a/README.md b/README.md index 18f8835..b8b0a44 100644 --- a/README.md +++ b/README.md @@ -3,10 +3,16 @@ This Kubernetes Operators installs WebAssembly support on your Kubernetes Nodes ## Example With the KWasm Operator it is possile to have a more fine grained controll on the node provisioning. In this example we create a KinD cluster with three nodes and install the KWasm Operator. A single node will be provisioned and a wasm pod will be scheduled on exactly that node. -``` +```bash +# Create cluster kind create cluster --config examples/kind/cluster.yaml -make install run +# Add helm repo +helm repo add kwasm http://kwasm.sh/kwasm-operator/ +# Install operator +helm install -n kwasm --create-namespace kwasm-operator kwasm/kwasm-operator +# Annotate single node kubectl annotate node kind-worker2 kwasm.sh/kwasm-node=true +# Run exmple kubectl apply -f examples/kind/runtimeclass.yaml kubectl apply -f examples/kind/pod.yaml ``` diff --git a/charts/kwasm-operator/Chart.yaml b/charts/kwasm-operator/Chart.yaml new file mode 100644 index 0000000..9cbfa71 --- /dev/null +++ b/charts/kwasm-operator/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: kwasm-operator +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.1.0" diff --git a/charts/kwasm-operator/templates/NOTES.txt b/charts/kwasm-operator/templates/NOTES.txt new file mode 100644 index 0000000..59e04cc --- /dev/null +++ b/charts/kwasm-operator/templates/NOTES.txt @@ -0,0 +1 @@ +Welcome to KWasm-operator \ No newline at end of file diff --git a/charts/kwasm-operator/templates/_helpers.tpl b/charts/kwasm-operator/templates/_helpers.tpl new file mode 100644 index 0000000..c727c9e --- /dev/null +++ b/charts/kwasm-operator/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "kwasm-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kwasm-operator.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kwasm-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kwasm-operator.labels" -}} +helm.sh/chart: {{ include "kwasm-operator.chart" . }} +{{ include "kwasm-operator.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "kwasm-operator.selectorLabels" -}} +app.kubernetes.io/name: {{ include "kwasm-operator.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "kwasm-operator.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "kwasm-operator.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/kwasm-operator/templates/clusterrole.yaml b/charts/kwasm-operator/templates/clusterrole.yaml new file mode 100644 index 0000000..063a159 --- /dev/null +++ b/charts/kwasm-operator/templates/clusterrole.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: {{ include "kwasm-operator.fullname" . }} +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - update diff --git a/charts/kwasm-operator/templates/clusterrolebinding.yaml b/charts/kwasm-operator/templates/clusterrolebinding.yaml new file mode 100644 index 0000000..c5bc392 --- /dev/null +++ b/charts/kwasm-operator/templates/clusterrolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + creationTimestamp: null + name: {{ include "kwasm-operator.fullname" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "kwasm-operator.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "kwasm-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/kwasm-operator/templates/deployment.yaml b/charts/kwasm-operator/templates/deployment.yaml new file mode 100644 index 0000000..d0f3ed7 --- /dev/null +++ b/charts/kwasm-operator/templates/deployment.yaml @@ -0,0 +1,62 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "kwasm-operator.fullname" . }} + labels: + {{- include "kwasm-operator.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "kwasm-operator.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "kwasm-operator.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "kwasm-operator.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + env: + - name: CONTROLLER_NAMESPACE + value: {{ .Release.Namespace }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 8081 + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: http + readinessProbe: + httpGet: + path: /readyz + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/kwasm-operator/templates/role.yaml b/charts/kwasm-operator/templates/role.yaml new file mode 100644 index 0000000..87c79c3 --- /dev/null +++ b/charts/kwasm-operator/templates/role.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: {{ include "kwasm-operator.fullname" . }} +rules: +- apiGroups: + - batch + resources: + - jobs + verbs: + - get + - list + - watch + - create \ No newline at end of file diff --git a/charts/kwasm-operator/templates/rolebinding.yaml b/charts/kwasm-operator/templates/rolebinding.yaml new file mode 100644 index 0000000..cd3fa8c --- /dev/null +++ b/charts/kwasm-operator/templates/rolebinding.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + creationTimestamp: null + name: {{ include "kwasm-operator.fullname" . }} + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "kwasm-operator.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "kwasm-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/kwasm-operator/templates/service.yaml b/charts/kwasm-operator/templates/service.yaml new file mode 100644 index 0000000..a559460 --- /dev/null +++ b/charts/kwasm-operator/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "kwasm-operator.fullname" . }} + labels: + {{- include "kwasm-operator.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "kwasm-operator.selectorLabels" . | nindent 4 }} diff --git a/charts/kwasm-operator/templates/serviceaccount.yaml b/charts/kwasm-operator/templates/serviceaccount.yaml new file mode 100644 index 0000000..5fd5ba8 --- /dev/null +++ b/charts/kwasm-operator/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "kwasm-operator.serviceAccountName" . }} + labels: + {{- include "kwasm-operator.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/kwasm-operator/templates/tests/test-connection.yaml b/charts/kwasm-operator/templates/tests/test-connection.yaml new file mode 100644 index 0000000..e798e71 --- /dev/null +++ b/charts/kwasm-operator/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "kwasm-operator.fullname" . }}-test-connection" + labels: + {{- include "kwasm-operator.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "kwasm-operator.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/charts/kwasm-operator/values.yaml b/charts/kwasm-operator/values.yaml new file mode 100644 index 0000000..f9d9798 --- /dev/null +++ b/charts/kwasm-operator/values.yaml @@ -0,0 +1,59 @@ +# Default values for kwasm-operator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: ghcr.io/kwasm/kwasm-operator + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: kwasm-operator-0.1.0 + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/main.go b/main.go index 43b8172..d3071cf 100644 --- a/main.go +++ b/main.go @@ -18,6 +18,7 @@ package main import ( "flag" + "fmt" "os" // Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.) @@ -48,6 +49,20 @@ func init() { //+kubebuilder:scaffold:scheme } +// getWatchNamespace returns the Namespace the operator should be watching for changes +func getWatchNamespace() string { + // WatchNamespaceEnvVar is the constant for env variable WATCH_NAMESPACE + // which specifies the Namespace to watch. + // An empty value means the operator will fail to start. + var watchNamespaceEnvVar = "CONTROLLER_NAMESPACE" + + ns, found := os.LookupEnv(watchNamespaceEnvVar) + if !found { + panic(fmt.Sprintf("env var '%s' must be set", watchNamespaceEnvVar)) + } + return ns +} + func main() { var metricsAddr string var enableLeaderElection bool @@ -72,6 +87,7 @@ func main() { HealthProbeBindAddress: probeAddr, LeaderElection: enableLeaderElection, LeaderElectionID: "c74b86db.kwasm.sh", + Namespace: getWatchNamespace(), // LeaderElectionReleaseOnCancel defines if the leader should step down voluntarily // when the Manager ends. This requires the binary to immediately end when the // Manager is stopped, otherwise, this setting is unsafe. Setting this significantly