Merge pull request #52 from aifoundry-org/manifests

Manifests

Author: deitch

Makefile

@@ -27,7 +27,7 @@ $(BINDIR):
 	@mkdir -p $@
 
 $(CONTROLLER): $(BINDIR)
-	@go build -o $@
+	@go build -o $@ ./cmd/
 
 link: $(CONTROLLER) $(CONTROLLER_GENERIC)
 

chart/Chart.yaml

@@ -0,0 +1,4 @@
+apiVersion: v2
+name: oxide-controller
+version: 0.1.0
+description: Deploys the oxide controller

chart/templates/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ .Values.namespace }}

chart/templates/rbac.yaml

@@ -0,0 +1,24 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: oxide-controller
+  namespace: {{ .Values.namespace }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    resourceNames: ["{{ .Values.secretName }}"]
+    verbs: ["get", "update", "patch", "create"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: oxide-controller
+  namespace: {{ .Values.namespace }}
+subjects:
+  - kind: ServiceAccount
+    name: oxide-controller
+    namespace: {{ .Values.namespace }}
+roleRef:
+  kind: Role
+  name: oxide-controller
+  apiGroup: rbac.authorization.k8s.io

chart/templates/service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: oxide-controller
+  namespace: {{ .Values.namespace }}
+spec:
+  selector:
+    app: oxide-controller
+  ports:
+    - name: http
+      port: 80
+      targetPort: {{ .Values.image.port }}

chart/templates/serviceaccount.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: oxide-controller
+  namespace: {{ .Values.namespace }}

chart/templates/statefulset.yaml

@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: oxide-controller
+  namespace: {{ .Values.namespace }}
+spec:
+  serviceName: oxide-controller
+  replicas: 1
+  selector:
+    matchLabels:
+      app: oxide-controller
+  template:
+    metadata:
+      labels:
+        app: oxide-controller
+    spec:
+      serviceAccountName: oxide-controller
+      priorityClassName: system-cluster-critical
+      tolerations:
+        - key: "node-role.kubernetes.io/control-plane"
+          operator: "Exists"
+          effect: "NoSchedule"
+        - key: "node-role.kubernetes.io/master"
+          operator: "Exists"
+          effect: "NoSchedule"
+        - key: "node.kubernetes.io/not-ready"
+          operator: "Exists"
+          effect: "NoExecute"
+          tolerationSeconds: 300
+        - key: "node.kubernetes.io/unreachable"
+          operator: "Exists"
+          effect: "NoExecute"
+          tolerationSeconds: 300
+      containers:
+        - name: controller
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          args: --no-pivot=true
+          ports:
+            - containerPort: {{ .Values.image.port }}
+          env:
+            - name: SECRET_NAME
+              value: "{{ .Values.secretName }}"

chart/values.yaml

@@ -0,0 +1,6 @@
+namespace: oxide-controller-system
+secretName: oxide-controller-secret
+image:
+  repository: aifoundryorg/oxide-controller
+  tag: latest
+  port: 8080

cmd/main.go

@@ -0,0 +1,5 @@
+package main
+
+func main() {
+	Execute()
+}

cmd/root.go

@@ -1,4 +1,4 @@
-package cmd
+package main
 
 import (
 	"context"
@@ -50,7 +50,7 @@ func rootCmd() (*cobra.Command, error) {
 		workerExternalIP            bool
 		controlPlaneExternalIP      bool
 		controlLoopMins             int
-		runOnce                     bool
+		noPivot                     bool
 		controlPlaneImageBlocksize  int
 		workerImageBlocksize        int
 		imageParallelism            int
@@ -62,6 +62,7 @@ func rootCmd() (*cobra.Command, error) {
 		tailscaleAPIKey             string
 		tailscaleTag                string
 		tailscaleTailnet            string
+		controllerOCIImage          string
 
 		logger = log.New()
 	)
@@ -165,6 +166,7 @@ func rootCmd() (*cobra.Command, error) {
 				kubeconfigOverwrite,
 				tailscaleAPIKey,
 				tailscaleTailnet,
+				controllerOCIImage,
 			)
 			// we perform 2 execution loops of the cluster execute function:
 			// - the first one is to create the cluster and get the kubeconfig
@@ -180,11 +182,27 @@ func rootCmd() (*cobra.Command, error) {
 				}
 			}
 
-			if runOnce {
-				logentry.Infof("Run once mode enabled, exiting after first run")
+			// Several possibilities:
+			// 1- we are running in the cluster, in which case we should just keep running
+			// 2- we are running locally, in which case we should load the helm charts onto the cluster and exit
+			// 3- we are running locally, and we have nopivot, in which case we should just keep running
+			//
+			// load the helm charts onto the cluster and pivot the controller to the cluster,
+			// then shut down this server.
+			//
+			// Unless nopivot is true, in which case we do not pivot
+			// and just keep running locally.
+			if !noPivot {
+				logentry.Infof("Loading helm charts and pivoting to run on the cluster")
+				if err := c.LoadHelmCharts(ctx); err != nil {
+					return fmt.Errorf("failed to load helm charts onto the cluster: %v", err)
+				}
 				return nil
 			}
 
+			logentry.Infof("Not pivoting to run on the cluster, continuing to run locally")
+
+			// we had noPivot, so keep running
 			// start each control loop
 			var (
 				wg    sync.WaitGroup
@@ -260,7 +278,8 @@ func rootCmd() (*cobra.Command, error) {
 	cmd.Flags().BoolVar(&controlPlaneExternalIP, "control-plane-external-ip", true, "Whether or not to assign an ephemeral public IP to the control plane nodes, needed to access cluster from outside sled, as well as for debugging")
 	cmd.Flags().IntVarP(&verbose, "verbose", "v", 0, "set log level, 0 is info, 1 is debug, 2 is trace")
 	cmd.Flags().StringVar(&address, "address", ":8080", "Address to bind the server to")
-	cmd.Flags().BoolVar(&runOnce, "runonce", false, "Run the server once and then exit, do not run a long-running control loop for checking the controller or listening for API calls")
+	cmd.Flags().BoolVar(&noPivot, "no-pivot", false, "Do not pivot this controller to run on the cluster itself after bringing the cluster up, instead continue long-running here")
+	cmd.Flags().StringVar(&controllerOCIImage, "controller-oci-image", "aifoundryorg/oxide-controller:latest", "OCI image to use for the controller")
 	cmd.Flags().IntVar(&controlLoopMins, "control-loop-mins", 5, "How often to run the control loop, in minutes")
 	cmd.Flags().IntVar(&imageParallelism, "image-parallelism", 1, "How many parallel threads to use for uploading images to the sled")
 	cmd.Flags().StringVar(&tailscaleAuthKey, "tailscale-auth-key", "", "Tailscale auth key to use for authentication, if none provided, will not join a tailnet; if starts with 'file:' then will read the key from the file")