Skip to content

Commit

Permalink
Addressing comments
Browse files Browse the repository at this point in the history 
Signed-off-by: ytimocin <ytimocin@microsoft.com>
  • Loading branch information
@ytimocin
ytimocin committed Jul 20, 2024
1 parent cf8f1d2 commit 014a93d
Show file tree
Hide file tree
Showing 15 changed files with 328 additions and 275 deletions.
78 changes: 58 additions & 20 deletions .github/actions/create-kind-cluster/action.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,14 @@ name: "Create a KinD cluster"
description: |
Create a KinD cluster.
inputs:
secure:
description: "Whether the KinD cluster should be created with a secure local registry configuration"
required: false
default: "false"
temp-cert-dir:
description: "The temporary directory where the certificates are stored"
required: false
default: ""
kind-version:
description: "The version of KinD to install"
required: false
Expand All @@ -12,15 +20,15 @@ inputs:
default: "false"
registry-name:
description: "The name of the local registry"
required: false
required: true
default: "radius-registry"
registry-server:
description: "The server name for the local registry"
required: false
required: true
default: "localhost"
registry-port:
description: "The port for the local registry"
required: false
required: true
default: "5000"
runs:
using: "composite"
Expand All @@ -35,46 +43,82 @@ runs:
if: ${{ inputs.with-local-registry == 'false' }}
shell: bash
run: |
# https://kind.sigs.k8s.io/docs/user/local-registry/
cat <<EOF | kind create cluster --config=-
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
EOF
- name: Create a KinD cluster with a local registry
if: ${{ inputs.with-local-registry == 'true' }}
- name: Create a KinD cluster with an insecure local registry
if: ${{ inputs.with-local-registry == 'true' && inputs.secure == 'false' }}
shell: bash
run: |
cat <<EOF | kind create cluster --config=-
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
containerdConfigPatches:
- |-
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = "/etc/containerd/certs.d"
EOF
REGISTRY_DIR="/etc/containerd/certs.d/localhost:${{ inputs.registry-port }}"
for node in $(kind get nodes); do
docker exec "${node}" mkdir -p "${REGISTRY_DIR}"
cat <<EOF | docker exec -i "${node}" cp /dev/stdin "${REGISTRY_DIR}/hosts.toml"
[host."http://${{ inputs.registry-name }}:5000"]
EOF
done
if [ "$(docker inspect -f='{{json .NetworkSettings.Networks.kind}}' "${{ inputs.registry-name }}")" = 'null' ]; then
docker network connect "kind" "${reg_name}"
fi
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ConfigMap
metadata:
name: local-registry-hosting
namespace: kube-public
data:
localRegistryHosting.v1: |
host: "localhost:${{ inputs.registry-port }}"
help: "https://kind.sigs.k8s.io/docs/user/local-registry/"
EOF
# Reference: https://kind.sigs.k8s.io/docs/user/local-registry/
- name: Create a KinD cluster with a secure local registry
if: ${{ inputs.with-local-registry == 'true' && inputs.secure == 'true' }}
shell: bash
run: |
# Create the cluster with necessary configurations for the secure local registry
cat <<EOF | kind create cluster --config=-
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
extraMounts:
- containerPath: "/etc/containerd/certs.d/${{ inputs.registry-name }}"
hostPath: "$TEMP_CERT_DIR/certs/${{ inputs.registry-server }}"
hostPath: "${{ inputs.temp-cert-dir }}/certs/${{ inputs.registry-server }}"
containerdConfigPatches:
- |-
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = "/etc/containerd/certs.d"
EOF
- name: Add the registry config to the nodes
if: ${{ inputs.with-local-registry == 'true' }}
shell: bash
run: |
# Create the directory for the certificates and add the certificate to the system trust store
LOCALHOST_DIR="/etc/containerd/certs.d/${{ inputs.registry-server }}:${{ inputs.registry-port }}"
RADIUS_DIR="/etc/containerd/certs.d/${{ inputs.registry-name }}:${{ inputs.registry-port }}"
for node in $(kind get nodes); do
# LOCALHOST_DIR
docker exec "${node}" mkdir -p "${LOCALHOST_DIR}"
cat <<EOF | docker exec -i "${node}" cp /dev/stdin "${LOCALHOST_DIR}/hosts.toml"
[host."http://${{ inputs.registry-name }}:${{ inputs.registry-port }}"]
capabilities = ["pull", "resolve", "push"]
skip_verify = true
EOF
# RADIUS_DIR
docker exec "${node}" mkdir -p "${RADIUS_DIR}"
cat <<EOF | docker exec -i "${node}" cp /dev/stdin "${RADIUS_DIR}/hosts.toml"
[host."http://${{ inputs.registry-name }}:${{ inputs.registry-port }}"]
Expand All @@ -85,18 +129,12 @@ runs:
docker exec "${node}" systemctl restart containerd
done
- name: Connect the registry to the KinD network
if: ${{ inputs.with-local-registry == 'true' }}
shell: bash
run: |
# Connect the registry to the KinD network
if [ "$(docker inspect -f='{{json .NetworkSettings.Networks.kind}}' "${{ inputs.registry-name }}")" = 'null' ]; then
docker network connect "kind" "${{ inputs.registry-name }}"
fi
- name: Document the local registry
if: ${{ inputs.with-local-registry == 'true' }}
shell: bash
run: |
# Document the local registry
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ConfigMap
Expand Down
21 changes: 17 additions & 4 deletions .github/actions/create-local-registry/action.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,22 @@ inputs:
description: "The port for the local registry"
required: false
default: "5000"
outputs:
temp-cert-dir:
description: "The temporary directory where the certificates are stored"
value: ${{ steps.create-temp-cert-dir.outputs.TEMP_CERT_DIR }}
runs:
using: "composite"
steps:
- name: Create temporary directory for certificates
if: ${{ inputs.secure == 'true' }}
shell: bash
id: create-temp-cert-dir
run: |
# Create a temporary directory to store the certificates
temp_cert_dir=$(mktemp -d 2>/dev/null || mktemp -d -t 'temp_cert_dir')
echo "TEMP_CERT_DIR=$temp_cert_dir" >> $GITHUB_OUTPUT
- name: Create certificates for local registry
if: ${{ inputs.secure == 'true' }}
shell: bash
Expand Down Expand Up @@ -54,11 +67,9 @@ runs:
echo "$CFG"
}
# Create a temporary directory to store the certificates
temp_cert_dir=$(mktemp -d 2>/dev/null || mktemp -d -t 'temp_cert_dir')
echo "TEMP_CERT_DIR=$temp_cert_dir" >> $GITHUB_ENV
TEMP_CERT_DIR=${{ steps.create-temp-cert-dir.outputs.TEMP_CERT_DIR }}
pushd $temp_cert_dir
pushd $TEMP_CERT_DIR
# Create the directory for the certificates
mkdir -p certs/${{ inputs.registry-server }}
Expand All @@ -79,6 +90,7 @@ runs:
if: ${{ inputs.secure == 'true' }}
shell: bash
run: |
TEMP_CERT_DIR=${{ steps.create-temp-cert-dir.outputs.TEMP_CERT_DIR }}
sudo apt install ca-certificates
sudo cp $TEMP_CERT_DIR/certs/${{ inputs.registry-server }}/client.crt /usr/local/share/ca-certificates/${{ inputs.registry-server }}.crt
sudo cp $TEMP_CERT_DIR/certs/${{ inputs.registry-server }}/client.crt /usr/local/share/ca-certificates/${{ inputs.registry-name }}.crt
Expand All @@ -88,6 +100,7 @@ runs:
if: ${{ inputs.secure == 'true' }}
shell: bash
run: |
TEMP_CERT_DIR=${{ steps.create-temp-cert-dir.outputs.TEMP_CERT_DIR }}
echo "==== Create secure Docker registry"
docker run -d \
-p ${{ inputs.registry-port }}:5000 \
Expand Down
2 changes: 1 addition & 1 deletion .github/actions/download-pr-data-artifact/action.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ runs:
});
let fs = require('fs');
fs.writeFileSync(`${process.env.GITHUB_WORKSPACE}/pr_number.zip`, Buffer.from(download.data));
- name: 'Unzip artifact'
- name: "Unzip artifact"
shell: bash
run: unzip pr_number.zip
- name: Set PR number
Expand Down
Loading

0 comments on commit 014a93d

Please sign in to comment.