kptdev · martinmaly · Jan 25, 2022 · Jan 25, 2022
diff --git a/porch/.dockerignore b/porch/.dockerignore
@@ -0,0 +1,3 @@
+.build/
+.cache/
+default.etcd/
diff --git a/porch/.gitignore b/porch/.gitignore
@@ -0,0 +1,10 @@
+vendor/
+apiserver.local.config/
+/apiserver/porch
+
+# Development artifact path
+.build/
+default.etcd/
+
+# Local cache files
+.cache/
diff --git a/porch/Makefile b/porch/Makefile
@@ -0,0 +1,111 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+.PHONY: all
+all: stop network start-etcd start-kube-apiserver run-local
+
+.PHONY: network
+network:
+	docker network create --subnet 192.168.8.0/24 porch
+
+.PHONY: stop
+stop:
+	docker stop kube-apiserver || true
+	docker rm kube-apiserver || true
+	docker stop etcd || true
+	docker rm etcd || true
+	docker network rm porch || true
+
+.PHONY: start-etcd
+start-etcd:
+	docker buildx build -t etcd --output=type=docker hack/local/etcd
+	mkdir -p .build/data/etcd
+	docker stop etcd || true
+	docker rm etcd || true
+	docker run --detach --user `id -u`:`id -g` \
+	  --network=porch \
+		--ip 192.168.8.200 \
+		--name etcd -v `pwd`/.build/data/etcd:/data \
+		etcd --listen-client-urls http://0.0.0.0:2379 --advertise-client-urls http://127.0.0.1:2379
+
+.PHONY: start-kube-apiserver
+start-kube-apiserver:
+	docker buildx build -t kube-apiserver --output=type=docker hack/local/kube-apiserver
+	docker stop kube-apiserver || true
+	docker rm kube-apiserver || true
+	hack/local/makekeys.sh
+	docker run --detach --user `id -u`:`id -g` \
+	  --network=porch \
+		--ip 192.168.8.201 \
+		--name kube-apiserver -v `pwd`/.build/pki:/pki \
+	  --add-host host.docker.internal:host-gateway \
+	  kube-apiserver \
+		--etcd-servers http://etcd:2379 \
+	  --secure-port 9444 \
+	  --service-account-issuer=https://kubernetes.default.svc.cluster.local \
+	  --service-account-key-file=/pki/service-account.pub \
+	  --service-account-signing-key-file=/pki/service-account.key \
+	  --cert-dir=/pki \
+	  --authorization-mode=RBAC \
+	  --anonymous-auth=false \
+	  --client-ca-file=/pki/ca.crt
+
+MODULES = $(shell find . -path ./forks -prune -o -name 'go.mod' -print)
+.PHONY: generate
+generate: $(MODULES)
+	@for f in $(^D); do (cd $$f; echo "Generating $$f"; go generate -v ./...) || exit 1; done
+
+.PHONY: tidy
+tidy: $(MODULES)
+	@for f in $(^D); do (cd $$f; echo "Tidying $$f"; go mod tidy) || exit 1; done
+
+.PHONY: test
+test: $(MODULES)
+	@for f in $(^D); do (cd $$f; echo "Testing $$f"; go test ./...) || exit 1; done
+
+.PHONY: vet
+vet: $(MODULES)
+	@#for f in $(^D); do (cd $$f; echo "Checking $$f"; go run honnef.co/go/tools/cmd/staticcheck@latest ./...); done
+	@for f in $(^D); do (cd $$f; echo "Vetting $$f"; go vet ./...); done
+
+.PHONY: fmt
+fmt: $(MODULES)
+	@for f in $(^D); do (cd $$f; echo "Formatting $$f"; gofmt -s -w .); done
+
+KUBECONFIG=$(dir $(abspath $(lastword $(MAKEFILE_LIST))))hack/local/kubeconfig
+
+.PHONY: init deinit
+init:
+	@ [[ -z $$(find "./config/$${USER}" -type f -name '*.yaml') ]] || KUBECONFIG="$(KUBECONFIG)" kubectl apply -f "./config/$${USER}"
+
+deinit:
+	@ [[ -z $$(find "./config/$${USER}" -type f -name '*.yaml') ]] || KUBECONFIG="$(KUBECONFIG)" kubectl delete -f "./config/$${USER}"
+
+.PHONY: run-local
+run-local:
+	KUBECONFIG=$(KUBECONFIG) kubectl apply -f hack/local/localconfig.yaml
+	KUBECONFIG=$(KUBECONFIG) kubectl apply -f controllers/pkg/apis/porch/v1alpha1/
+	cd apiserver; go run ./cmd/porch \
+	--secure-port 9443 \
+	--standalone-debug-mode \
+	--kubeconfig=$(KUBECONFIG) \
+	--cache-directory="$(dir $(abspath $(lastword $(MAKEFILE_LIST)))).cache"
+
+.PHONY: run-jaeger
+run-jaeger:
+	docker run --rm --name jaeger -d -p4317:55680 -p6831:6831/udp -p16686:16686 jaegertracing/opentelemetry-all-in-one:latest
+
+.PHONY: porch
+porch:
+	cd apiserver; go build ./cmd/porch
diff --git a/porch/README.md b/porch/README.md
@@ -0,0 +1,186 @@
+# Package Orchestration apiserver
+
+Created from https://github.com/kubernetes/sample-apiserver
+
+
+## Getting Started
+
+Clone this repository into `${GOPATH}/src/github.com/GoogleContainerTools/kpt`.
+
+```sh
+git clone https://github.com/GoogleContainerTools/kpt.git "${GOPATH}/src/github.com/GoogleContainerTools/kpt"
+cd "${GOPATH}/src/github.com/GoogleContainerTools/kpt"
+```
+
+Download dependencies:
+
+```sh
+make tidy
+```
+
+Run; Porch is implemented as an extension k8s apiserver so to run it, we need:
+* main apiserver
+* etcd (to back the main apiserver)
+* Porch (the extension apiserver)
+
+But first we need to create docker network for all the containers to run on:
+
+```sh
+make network
+```
+
+```sh
+# Start etcd
+make start-etcd
+
+# Start main apiserver
+make start-kube-apiserver
+
+# Start porch
+make run-local
+
+```
+
+To teardown the Docker containers and network:
+
+```sh
+make stop
+```
+
+### Registering a Repository
+
+Update the example configs of [git-repository.yaml](./config/samples/git-repository.yaml)
+or [oci-repository.yaml](./config/samples/oci-repository.yaml)
+with your Git repository or OCI repository respectively.
+
+For Git:
+
+* Create a Git repository for your blueprints.
+* GitHub: Create a [Personal Access Token](https://github.com/settings/tokens) to use with Porch
+* Create a secret with the token:
+  ```sh
+  kubectl create secret generic git-repository-auth \
+    --namespace=default \
+    --from-literal=username=<GitHub username> \
+    --from-literal=token=<GitHub Personal Access Token>
+  ```
+* Update the [git-repository.yaml](./config/samples/git-repository.yaml) with your repository address
+* Register the repository:
+  ```sh
+  KUBECONFIG=./hack/local/kubeconfig kubectl apply -f ./config/samples/git-repository.yaml
+  ```
+
+For OCI:
+
+* Create an [Artifact Registry repository](https://console.cloud.google.com/artifacts)
+* Update the [oci-repository.yaml](./config/samples/oci-repository.yaml) with your OCI repository address
+* Make sure your application default credentials are up-to-date, i.e. by running:
+  ```sh
+  gcloud artifacts docker images list <your OCI repository address>
+  ```
+* Register the repository:
+  ```sh
+  KUBECONFIG=./hack/local/kubeconfig kubectl apply -f ./config/samples/oci-repository.yaml
+  ```
+
+List the package revisions:
+
+```sh
+export KUBECONFIG="$(pwd)/hack/local/kubeconfig"
+kubectl get packagerevisions -oyaml
+kubectl get packagerevisionresources -oyaml
+```
+
+Or create a pakcage revision:
+```sh
+kubectl apply -f ./config/samples/bucket-label.yaml
+```
+
+## Development
+
+### Changing Types
+
+If you change the API object type definitions in any of the
+`api/porch/.../types.go`, update the generated code by running:
+
+```sh
+make generate
+```
+
+## Run in GKE Cluster
+
+Prerequisite:
+* Create GKE cluster
+* Create appropriate KUBECONFIG.
+
+### Build the Container Image
+
+Build a Docker image using a script:
+
+```sh
+./hack/build-image.sh
+
+# Supported flags
+# --repository [REPO]      name of the Docker repository
+# --project    [PROJECT]   GCP project (will translate to gcr.io/PROJECT)
+# --tag [TAG]              image tag, i.e. 'latest'
+# --push                   also push the image to the repository
+
+
+# Example
+./hack/build-image.sh --project=my-gcp-project --push
+```
+
+Or, build directly via docker:
+**Note**: This must be done from the parent directory (kpt, not porch):
+
+```sh
+docker build -t TAG -f ./porch/hack/Dockerfile .
+```
+
+### Deploy into a Kubernetes Cluster
+
+Edit `config/deploy/2-deployment.yaml`, updating the pod template's image
+reference to match what you pushed and setting the `imagePullPolicy`
+to something suitable.  Then call:
+
+```sh
+# Create CRDs
+kubectl apply -f ./controllers/pkg/apis/porch/v1alpha1/
+# Deploy Porch apiserver extension.
+kubectl apply -f ./config/deploy/
+```
+
+When running you can:
+
+```sh
+# notice porch.kpt.dev/v1alpha1 in the result
+kubectl api-resources
+
+# List packagerevisions
+kubectl get packagerevisions --namespace default
+```
+
+Follow the instructions above on how to register repositories and discover packges.
+
+### Running Locally
+
+Porch is an extension k8s apiserver. As such, it needs the main apiserver, which in turn needs `etcd`.
+
+Start `etcd` and main apiserver:
+
+```sh
+make start-etcd
+make start-kube-apiserver
+```
+
+Now, start the porch apiserver:
+
+```sh
+make run-local
+
+# Call the server
+KUBECONFIG=./hack/local/kubeconfig kubectl api-resources
+# List package revisions
+KUBECONFIG=./hack/local/kubeconfig kubectl get packagerevisions --namespace default
+```
diff --git a/porch/api/doc.go b/porch/api/doc.go
@@ -0,0 +1,17 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// +domain=kpt.dev
+
+package apis
diff --git a/porch/api/go.mod b/porch/api/go.mod
@@ -0,0 +1,43 @@
+// This is a generated file. Do not edit directly.
+
+module github.com/GoogleContainerTools/kpt/porch/api
+
+go 1.17
+
+require k8s.io/apimachinery v0.23.0
+
+require (
+	github.com/PuerkitoBio/purell v1.1.1 // indirect
+	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
+	github.com/emicklei/go-restful v2.9.5+incompatible // indirect
+	github.com/go-logr/logr v1.2.0 // indirect
+	github.com/go-openapi/jsonpointer v0.19.5 // indirect
+	github.com/go-openapi/jsonreference v0.19.5 // indirect
+	github.com/go-openapi/swag v0.19.14 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/google/go-cmp v0.5.6 // indirect
+	github.com/google/gofuzz v1.1.0 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/mailru/easyjson v0.7.6 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	golang.org/x/mod v0.4.2 // indirect
+	golang.org/x/net v0.0.0-20211209124913-491a49abca63 // indirect
+	golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e // indirect
+	golang.org/x/text v0.3.7 // indirect
+	golang.org/x/tools v0.1.6-0.20210820212750-d4cc65f0b2ff // indirect
+	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
+	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	k8s.io/code-generator v0.23.1
+	k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c // indirect
+	k8s.io/klog/v2 v2.40.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 // indirect
+	k8s.io/utils v0.0.0-20211208161948-7d6a63dca704 // indirect
+	sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.2.0 // indirect
+	sigs.k8s.io/yaml v1.3.0 // indirect
+)