diff --git a/porch/config/deploy/3-porch-server.yaml b/porch/config/deploy/3-porch-server.yaml index 044773ed88..be54770e81 100644 --- a/porch/config/deploy/3-porch-server.yaml +++ b/porch/config/deploy/3-porch-server.yaml @@ -47,11 +47,10 @@ spec: imagePullPolicy: Always resources: requests: - memory: "64Mi" + memory: "256Mi" cpu: "250m" limits: - memory: "128Mi" - cpu: "1000m" + memory: "512Mi" volumeMounts: - mountPath: /cache name: cache-volume diff --git a/porch/config/samples/apps/hello-server/Dockerfile b/porch/config/samples/apps/hello-server/Dockerfile new file mode 100644 index 0000000000..1c7191938e --- /dev/null +++ b/porch/config/samples/apps/hello-server/Dockerfile @@ -0,0 +1,29 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM golang:1.17-bullseye as builder + +WORKDIR /src +COPY go.mod go.sum ./ + +WORKDIR /src +COPY *.go . + +RUN CGO_ENABLED=0 go build -o /hello-server -v . + +FROM gcr.io/distroless/static +WORKDIR / +COPY --from=builder /hello-server /hello-server + +ENTRYPOINT ["/hello-server"] diff --git a/porch/config/samples/apps/hello-server/Makefile b/porch/config/samples/apps/hello-server/Makefile new file mode 100644 index 0000000000..98cf5f959e --- /dev/null +++ b/porch/config/samples/apps/hello-server/Makefile @@ -0,0 +1,27 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# GCP project to use for development +GCP_PROJECT_ID ?= $(shell gcloud config get-value project) +IMAGE_TAG ?= latest +IMAGE_REPO ?= gcr.io/$(GCP_PROJECT_ID) +IMAGE_NAME ?= hello-server + +.PHONY: push-image +push-image: + docker buildx build --push --tag $(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) . + +.PHONY: build-image +build-image: + docker buildx build --load --tag $(IMAGE_REPO)/$(IMAGE_NAME):$(IMAGE_TAG) . diff --git a/porch/config/samples/apps/hello-server/go.mod b/porch/config/samples/apps/hello-server/go.mod new file mode 100644 index 0000000000..87355781b5 --- /dev/null +++ b/porch/config/samples/apps/hello-server/go.mod @@ -0,0 +1,3 @@ +module github.com/GoogleContainerTools/kpt/porch/config/samples/apps/hello + +go 1.17 diff --git a/porch/config/samples/apps/hello-server/go.sum b/porch/config/samples/apps/hello-server/go.sum new file mode 100644 index 0000000000..e69de29bb2 diff --git a/porch/config/samples/apps/hello-server/k8s/Kptfile b/porch/config/samples/apps/hello-server/k8s/Kptfile new file mode 100644 index 0000000000..e99bae3694 --- /dev/null +++ b/porch/config/samples/apps/hello-server/k8s/Kptfile @@ -0,0 +1,13 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: hello-server +info: + emails: + - kpt-team@google.com + description: This is an example package. +# pipeline: +# validators: +# - image: gcr.io/kpt-fn/kubeval:v0.1 +# configMap: +# strict: "true" diff --git a/porch/config/samples/apps/hello-server/k8s/deployment.yaml b/porch/config/samples/apps/hello-server/k8s/deployment.yaml new file mode 100644 index 0000000000..0650ec039d --- /dev/null +++ b/porch/config/samples/apps/hello-server/k8s/deployment.yaml @@ -0,0 +1,32 @@ +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: hello-server + namespace: hello-server +spec: + replicas: 2 + selector: + matchLabels: + app: hello-server + template: + metadata: + labels: + app: hello-server + spec: + containers: + - name: hello-server + image: "gcr.io/example-google-project-id/hello-server:latest" diff --git a/porch/config/samples/apps/hello-server/k8s/ns.yaml b/porch/config/samples/apps/hello-server/k8s/ns.yaml new file mode 100644 index 0000000000..298821f123 --- /dev/null +++ b/porch/config/samples/apps/hello-server/k8s/ns.yaml @@ -0,0 +1,18 @@ +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Namespace +metadata: + name: hello-server diff --git a/porch/config/samples/apps/hello-server/k8s/svc.yaml b/porch/config/samples/apps/hello-server/k8s/svc.yaml new file mode 100644 index 0000000000..98aa21cdae --- /dev/null +++ b/porch/config/samples/apps/hello-server/k8s/svc.yaml @@ -0,0 +1,27 @@ +# Copyright 2021 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: hello-server + namespace: hello-server +spec: + type: LoadBalancer + selector: + app: hello-server + ports: + - protocol: TCP + port: 80 + targetPort: 8080 diff --git a/porch/config/samples/apps/hello-server/main.go b/porch/config/samples/apps/hello-server/main.go new file mode 100644 index 0000000000..d39d5189c6 --- /dev/null +++ b/porch/config/samples/apps/hello-server/main.go @@ -0,0 +1,31 @@ +package main + +import ( + "context" + "fmt" + "net/http" + "os" +) + +func main() { + if err := run(context.Background()); err != nil { + fmt.Fprintf(os.Stderr, "%v\n", err) + os.Exit(1) + } +} + +func run(ctx context.Context) error { + http.HandleFunc("/", HelloHandler) + + listen := ":8080" + if err := http.ListenAndServe(listen, nil); err != nil { + return fmt.Errorf("error listening on %q: %w", listen, err) + } + + // This is documented not to happen + return fmt.Errorf("error:: ListenAndServe returned nil error") +} + +func HelloHandler(w http.ResponseWriter, r *http.Request) { + fmt.Fprintf(w, "Hello world\n") +} diff --git a/porch/config/samples/create-deployment-package.sh b/porch/config/samples/create-deployment-package.sh index 5fd8f12e97..d7f5cb3e40 100755 --- a/porch/config/samples/create-deployment-package.sh +++ b/porch/config/samples/create-deployment-package.sh @@ -21,9 +21,9 @@ apiVersion: porch.kpt.dev/v1alpha1 kind: PackageRevision metadata: namespace: default - name: "deployment:myfirstnginx:v1" + name: "deployment:helloserver:v1" spec: - packageName: myfirstnginx + packageName: helloserver revision: v1 repository: deployment tasks: @@ -32,12 +32,19 @@ spec: upstreamRef: type: git git: - repo: https://github.com/GoogleContainerTools/kpt - ref: v0.7 - directory: package-examples/nginx + repo: https://github.com/justinsb/kpt + ref: main_integration + directory: porch/config/samples/apps/hello-server/k8s EOF -kubectl get packagerevision -n default deployment:myfirstnginx:v1 -oyaml +kubectl get packagerevision -n default deployment:helloserver:v1 -oyaml -kubectl get packagerevisionresources -n default deployment:myfirstnginx:v1 -oyaml +kubectl get packagerevisionresources -n default deployment:helloserver:v1 -oyaml +# Update the package in-place +GCP_PROJECT_ID=$(gcloud config get-value project) +kubectl get packagerevisionresources -n default deployment:helloserver:v1 -oyaml | \ + sed -e s/example-google-project-id/${GCP_PROJECT_ID}/g | \ + kubectl replace -f - + +kubectl get packagerevisionresources -n default deployment:helloserver:v1 -oyaml diff --git a/porch/config/samples/packages/domain/folder.yaml b/porch/config/samples/packages/domain/folder.yaml new file mode 100644 index 0000000000..3eb2809e54 --- /dev/null +++ b/porch/config/samples/packages/domain/folder.yaml @@ -0,0 +1,9 @@ +apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1 +kind: Folder +metadata: + name: environments + namespace: config-control +spec: + #displayName: environments + organizationRef: + external: "TODO" diff --git a/porch/config/samples/packages/environment/config-control/Kptfile b/porch/config/samples/packages/environment/config-control/Kptfile new file mode 100644 index 0000000000..4b08a4e2f8 --- /dev/null +++ b/porch/config/samples/packages/environment/config-control/Kptfile @@ -0,0 +1,11 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: config-control +info: + description: sample description +pipeline: + mutators: + - image: gcr.io/kpt-fn-demo/set-project-id:v0.1-justin + configMap: + projectID: project-id \ No newline at end of file diff --git a/porch/config/samples/packages/environment/config-control/kcc.yaml b/porch/config/samples/packages/environment/config-control/kcc.yaml new file mode 100644 index 0000000000..8ef94f6e30 --- /dev/null +++ b/porch/config/samples/packages/environment/config-control/kcc.yaml @@ -0,0 +1,41 @@ +apiVersion: iam.cnrm.cloud.google.com/v1beta1 +kind: IAMServiceAccount +metadata: + name: cc-robot-project-id + namespace: config-control + annotations: + cnrm.cloud.google.com/project-id: project-id + cnrm.cloud.google.com/blueprint: 'kpt-fn' +spec: + displayName: ConfigConnector ServiceAccount for namespace project-id + resourceID: cc-robot +--- +apiVersion: iam.cnrm.cloud.google.com/v1beta1 +kind: IAMPolicyMember +metadata: + name: cc-robot-workloadidentity-project-id + namespace: config-control +spec: + member: serviceAccount:parent-project-id.svc.id.goog[cnrm-system/cnrm-controller-manager-project-id] + role: roles/iam.workloadIdentityUser + resourceRef: + apiVersion: iam.cnrm.cloud.google.com/v1beta1 + kind: IAMServiceAccount + name: cc-robot-project-id +--- +apiVersion: iam.cnrm.cloud.google.com/v1beta1 +kind: IAMPolicyMember +metadata: + name: cc-robot-project-id + namespace: config-control +spec: + memberFrom: + serviceAccountRef: + # Updating this field should not rely on set-project-id, it should + # use name reference to match this field to serviceAccount. + name: cc-robot-project-id + role: roles/owner + resourceRef: + apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1 + kind: Project + external: project-id diff --git a/porch/config/samples/packages/environment/config-control/project.yaml b/porch/config/samples/packages/environment/config-control/project.yaml new file mode 100644 index 0000000000..0d4f991195 --- /dev/null +++ b/porch/config/samples/packages/environment/config-control/project.yaml @@ -0,0 +1,25 @@ +apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1 +kind: Folder +metadata: + name: dev + namespace: config-control +spec: + folderRef: + name: environments + +# --- +# +# # We need to enable some services so we can enable other services +# # TODO: unclear if it is cloudresourcemanager or serviceusage or both +# apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1 +# kind: Service +# metadata: +# annotations: +# cnrm.cloud.google.com/deletion-policy: "abandon" +# cnrm.cloud.google.com/disable-dependent-services: "false" +# name: project-id-cloudresourcemanager +# namespace: config-control +# spec: +# resourceID: cloudresourcemanager.googleapis.com +# projectRef: +# name: project-id diff --git a/porch/config/samples/packages/environment/config-control/rbac.yaml b/porch/config/samples/packages/environment/config-control/rbac.yaml new file mode 100644 index 0000000000..df1b518b09 --- /dev/null +++ b/porch/config/samples/packages/environment/config-control/rbac.yaml @@ -0,0 +1,13 @@ +apiVersion: iam.cnrm.cloud.google.com/v1beta1 +kind: IAMPolicyMember +metadata: + name: project-id-dev-admins + namespace: config-control +spec: + # TODO: Replace with group? + member: user:justinsb@google.com + role: roles/editor + resourceRef: + apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1 + kind: Project + external: project-id diff --git a/porch/config/samples/packages/environment/project-specific/Kptfile b/porch/config/samples/packages/environment/project-specific/Kptfile new file mode 100644 index 0000000000..52d8794f0c --- /dev/null +++ b/porch/config/samples/packages/environment/project-specific/Kptfile @@ -0,0 +1,14 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: project-specific +info: + description: sample description +pipeline: + mutators: + - image: gcr.io/kpt-fn-demo/set-project-id:v0.1-justin + configMap: + projectID: project-id + - image: gcr.io/kpt-fn/set-namespace:v0.2 + configMap: + namespace: project-id diff --git a/porch/config/samples/packages/environment/project-specific/kcc.yaml b/porch/config/samples/packages/environment/project-specific/kcc.yaml new file mode 100644 index 0000000000..6dae990522 --- /dev/null +++ b/porch/config/samples/packages/environment/project-specific/kcc.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: project-id + annotations: + cnrm.cloud.google.com/project-id: project-id +--- +apiVersion: core.cnrm.cloud.google.com/v1beta1 +kind: ConfigConnectorContext +metadata: + name: configconnectorcontext.core.cnrm.cloud.google.com + namespace: project-id +spec: + googleServiceAccount: cc-robot@project-id.iam.gserviceaccount.com diff --git a/porch/controllers/remoterootsync/config/samples/hack-self-apply.yaml b/porch/controllers/remoterootsync/config/samples/hack-self-apply.yaml index 339135107e..c439d2f60d 100644 --- a/porch/controllers/remoterootsync/config/samples/hack-self-apply.yaml +++ b/porch/controllers/remoterootsync/config/samples/hack-self-apply.yaml @@ -25,5 +25,5 @@ spec: name: loopback! # TODO: This is a hack used during development, remove once we are more end-to-end enabled. template: oci: - #repository: us-west1-docker.pkg.dev/example-google-project-id/deployment/myfirstnginx:v1 - repository: us-west1-docker.pkg.dev/example-google-project-id/packages/porch:v0.0.1 + #repository: us-west1-docker.pkg.dev/example-google-project-id/packages/porch:v0.0.1 + repository: us-west1-docker.pkg.dev/example-google-project-id/deployment/helloserver:v1 diff --git a/porch/docs/running-on-gke.md b/porch/docs/running-on-gke.md index c57bb6563c..38c924d09d 100644 --- a/porch/docs/running-on-gke.md +++ b/porch/docs/running-on-gke.md @@ -25,7 +25,7 @@ gcloud projects add-iam-policy-binding ${GCP_PROJECT_ID} \ --role "roles/artifactregistry.repoAdmin" gcloud iam service-accounts add-iam-policy-binding porch-server@${GCP_PROJECT_ID}.iam.gserviceaccount.com \ --role roles/iam.workloadIdentityUser \ - --member "serviceAccount:${GCP_PROJECT_ID}.svc.id.goog[porch-system/apiserver]" + --member "serviceAccount:${GCP_PROJECT_ID}.svc.id.goog[porch-system/porch-server]" gcloud projects add-iam-policy-binding ${GCP_PROJECT_ID} \ --member "serviceAccount:porch-sync@${GCP_PROJECT_ID}.iam.gserviceaccount.com" \ @@ -44,7 +44,11 @@ IMAGE_TAG=$(git rev-parse --short HEAD) make push-and-deploy Create some example repositories / packages: ``` +# Create artifact-registry repos etc make apply-dev-config +# Push a sample hello-world app +make -C config/samples/apps/hello-server push-image +# Create a package for the sample hello-world app ./config/samples/create-deployment-package.sh ```