created base resource deffinitions for registry and kaniko

2025-12-18 19:06:44 +00:00 · 2022-09-21 10:39:04 +02:00
parent 6ef042836f
commit 5f0dc3f3b6
2 changed files with 238 additions and 0 deletions
--- a/packages/k8s/src/k8s/index.ts
+++ b/packages/k8s/src/k8s/index.ts
@@ -10,6 +10,13 @@ import {
  getVolumeClaimName,
  RunnerInstanceLabel
 } from '../hooks/constants'
+import {
+  registryConfigMap,
+  registrySecret,
+  registryStatefulSet,
+  registryService,
+  kanikoPod
+} from './kaniko'
 import { PodPhase } from './utils'

 const kc = new k8s.KubeConfig()
@@ -18,6 +25,7 @@ kc.loadFromDefault()

 const k8sApi = kc.makeApiClient(k8s.CoreV1Api)
 const k8sBatchV1Api = kc.makeApiClient(k8s.BatchV1Api)
+const k8sAppsV1 = kc.makeApiClient(k8s.AppsV1Api)
 const k8sAuthorizationV1Api = kc.makeApiClient(k8s.AuthorizationV1Api)

 export const POD_VOLUME_NAME = 'work'
@@ -464,6 +472,21 @@ export async function isPodContainerAlpine(
  return isAlpine
 }

+export async function buildContainer(): Promise<void> {
+  const cm = registryConfigMap()
+  const secret = registrySecret()
+  const ss = registryStatefulSet()
+  const svc = registryService()
+  const pod = kanikoPod()
+  await Promise.all([
+    k8sApi.createNamespacedConfigMap(namespace(), cm),
+    k8sApi.createNamespacedSecret(namespace(), secret)
+  ])
+  await k8sAppsV1.createNamespacedStatefulSet(namespace(), ss)
+  await k8sApi.createNamespacedService(namespace(), svc)
+  await k8sApi.createNamespacedPod(namespace(), pod)
+}
+
 async function getCurrentNodeName(): Promise<string> {
  const resp = await k8sApi.readNamespacedPod(getRunnerPodName(), namespace())

--- a/packages/k8s/src/k8s/kaniko.ts
+++ b/packages/k8s/src/k8s/kaniko.ts
@@ -0,0 +1,215 @@
+import * as k8s from '@kubernetes/client-node'
+
+const REGISTRY_CONFIG_MAP_YAML = `
+health:
+  storagedriver:
+    enabled: true
+    interval: 10s
+    threshold: 3
+http:
+  addr: :5000
+  headers:
+    X-Content-Type-Options:
+    - nosniff
+log:
+  fields:
+    service: registry
+storage:
+  cache:
+    blobdescriptor: inmemory
+version: 0.1
+`.trim()
+
+export function registryConfigMap(): k8s.V1ConfigMap {
+  const cm = new k8s.V1ConfigMap()
+  cm.apiVersion = 'v1'
+  cm.data = {
+    'config.yaml': REGISTRY_CONFIG_MAP_YAML
+  }
+  cm.kind = 'ConfigMap'
+  cm.metadata = new k8s.V1ObjectMeta()
+  cm.metadata.labels = { app: 'docker-registry' }
+  cm.metadata.name = 'docker-registry-config'
+  // TODO: make this configurable
+
+  return cm
+}
+
+export function registrySecret(): k8s.V1Secret {
+  const secret = new k8s.V1Secret()
+  secret.apiVersion = 'v1'
+  secret.data = { haSharedSecret: 'U29tZVZlcnlTdHJpbmdTZWNyZXQK' }
+  secret.kind = 'Secret'
+  secret.metadata = new k8s.V1ObjectMeta()
+  secret.metadata.labels = {
+    app: 'docker-registry',
+    chart: 'docker-registry-1.4.3'
+  }
+  secret.metadata.name = 'docker-registry-secret'
+  secret.type = 'Opaque'
+
+  return secret
+}
+
+export function registryStatefulSet(): k8s.V1StatefulSet {
+  const ss = new k8s.V1StatefulSet()
+  ss.apiVersion = 'apps/v1'
+  ss.metadata = new k8s.V1ObjectMeta()
+  ss.metadata.name = 'docker-registry'
+
+  const spec = new k8s.V1StatefulSetSpec()
+  spec.selector = new k8s.V1LabelSelector()
+  spec.selector.matchLabels = { app: 'docker-registry' }
+  spec.serviceName = 'registry'
+  spec.replicas = 1
+
+  const tmpl = new k8s.V1PodTemplateSpec()
+  tmpl.metadata = new k8s.V1ObjectMeta()
+  tmpl.metadata.labels = { app: 'docker-registry' }
+  tmpl.spec = new k8s.V1PodSpec()
+  tmpl.spec.terminationGracePeriodSeconds = 5 // TODO: figure out for how long
+
+  const c = new k8s.V1Container()
+  c.command = ['/bin/registry', 'serve', '/etc/docker/registry/config.yaml']
+  c.env = [
+    {
+      name: 'REGISTRY_HTTP_SECRET',
+      valueFrom: {
+        secretKeyRef: {
+          key: 'haSharedSecret',
+          name: 'docker-registry-secret'
+        }
+      }
+    },
+    {
+      name: 'REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY',
+      value: '/var/lib/registry'
+    }
+  ]
+  c.image = 'registry:2.6.2'
+  c.name = 'docker-registry'
+  c.imagePullPolicy = 'IfNotPresent'
+  c.ports = [
+    {
+      containerPort: 5000,
+      protocol: 'TCP'
+    }
+  ]
+
+  c.livenessProbe = new k8s.V1Probe()
+  c.livenessProbe.failureThreshold = 3
+  c.livenessProbe.periodSeconds = 10
+  c.livenessProbe.successThreshold = 1
+  c.livenessProbe.timeoutSeconds = 1
+  c.livenessProbe.httpGet = new k8s.V1HTTPGetAction()
+  c.livenessProbe.httpGet.path = '/'
+  c.livenessProbe.httpGet.port = 5000
+  c.livenessProbe.httpGet.scheme = 'HTTP'
+
+  c.readinessProbe = new k8s.V1Probe()
+  c.readinessProbe.failureThreshold = 3
+  c.readinessProbe.periodSeconds = 10
+  c.readinessProbe.successThreshold = 1
+  c.readinessProbe.timeoutSeconds = 1
+  c.readinessProbe.httpGet = new k8s.V1HTTPGetAction()
+  c.readinessProbe.httpGet.path = '/'
+  c.readinessProbe.httpGet.port = 5000
+  c.readinessProbe.httpGet.scheme = 'HTTP'
+
+  tmpl.spec.containers = [c]
+  tmpl.spec.volumes = [
+    {
+      name: 'data',
+      persistentVolumeClaim: {
+        claimName: 'docker-registry'
+      }
+    },
+    {
+      name: 'docker-registry-config',
+      configMap: {
+        name: 'docker-registry-config'
+      }
+    }
+  ]
+
+  spec.template = tmpl
+  spec.volumeClaimTemplates = [
+    {
+      metadata: {
+        name: 'data'
+      },
+      spec: {
+        accessModes: ['ReadWriteOnce'],
+        storageClassName: 'local-storage',
+        resources: {
+          requests: {
+            storage: '5Gi'
+          }
+        }
+      }
+    }
+  ]
+  ss.spec = spec
+
+  return ss
+}
+
+export function registryService(): k8s.V1Service {
+  const svc = new k8s.V1Service()
+  svc.apiVersion = 'v1'
+  svc.kind = 'Service'
+  svc.metadata = new k8s.V1ObjectMeta()
+  svc.metadata.name = 'docker-registry'
+  svc.metadata.labels = {
+    app: 'docker-registry'
+  }
+  const spec = new k8s.V1ServiceSpec()
+  spec.externalTrafficPolicy = 'Cluster'
+  spec.ports = [
+    {
+      name: 'registry',
+      nodePort: 31500,
+      port: 5000,
+      protocol: 'TCP',
+      targetPort: 5000
+    }
+  ]
+  spec.selector = {
+    app: 'docker-registry'
+  }
+  spec.sessionAffinity = 'None'
+  spec.type = 'NodePort'
+  svc.spec = spec
+
+  return svc
+}
+
+export function kanikoPod(): k8s.V1Pod {
+  const pod = new k8s.V1Pod()
+  pod.apiVersion = 'v1'
+  pod.kind = 'Pod'
+  pod.metadata = new k8s.V1ObjectMeta()
+  pod.metadata.name = 'kaniko'
+
+  const spec = new k8s.V1PodSpec()
+  const c = new k8s.V1Container()
+  c.image = 'gcr.io/kaniko-project/executor:latest'
+  c.name = 'kaniko'
+  c.imagePullPolicy = 'Always'
+  c.args = [
+    '--dockerfile=',
+    '--context=',
+    '--destination=docker-registry.default.svc.cluster.local:5000/test/app:1.0'
+  ]
+  c.volumeMounts = [
+    // TODO: ...
+  ]
+  spec.dnsPolicy = 'ClusterFirst'
+  spec.restartPolicy = 'Never'
+  spec.volumes = [
+    // TODO: ...
+  ]
+  pod.spec = spec
+
+  return pod
+}