diff --git a/.github/workflows/helm-install-smoketest.yaml b/.github/workflows/helm-install-smoketest.yaml new file mode 100644 index 00000000..8408ff70 --- /dev/null +++ b/.github/workflows/helm-install-smoketest.yaml @@ -0,0 +1,81 @@ +name: Helm Install Smoketest + +on: + pull_request: + branches: [main] + +jobs: + helm-install-smoke-test: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version: "1.22.x" + + - name: Install helm + uses: Azure/setup-helm@v3 + with: + version: v3.14.0 + + - name: setup k3d + uses: engineerd/configurator@v0.0.10 + with: + name: k3d + url: https://github.com/k3d-io/k3d/releases/download/v5.6.0/k3d-linux-amd64 + + - name: create spin-operator docker image + run: make docker-build IMG=spin-operator:latest + + - name: start k3d cluster + run: | + k3d cluster create wasm-cluster \ + --image ghcr.io/deislabs/containerd-wasm-shims/examples/k3d:v0.11.0 \ + --port "8081:80@loadbalancer" \ + --agents 2 + + - name: import operator image into k3d cluster + run: k3d image import -c wasm-cluster spin-operator:latest + + - name: install crd + run: make install + + - name: apply runtime class + run: kubectl apply -f spin-runtime-class.yaml + + - name: helm install cert-manager + run: | + helm repo add jetstack https://charts.jetstack.io + helm install cert-manager jetstack/cert-manager \ + --namespace cert-manager \ + --create-namespace \ + --version v1.13.3 \ + --set installCRDs=true + + - name: helm install spin-operator + run: | + make helm-install IMG=spin-operator:latest + + - name: debug + if: failure() + run: | + kubectl get pods -A + kubectl get pods -n spin-operator + kubectl logs -n spin-operator $(kubectl get pods -n spin-operator | grep spin-operator-controller-manager | awk '{print $1}') + kubectl describe -n spin-operator pod $(kubectl get pods -n spin-operator | grep spin-operator-controller-manager | awk '{print $1}') + kubectl logs -n spin-operator $(kubectl get pods -n spin-operator | grep wait-for-webhook-svc | awk '{print $1}') + kubectl describe -n spin-operator pod $(kubectl get pods -n spin-operator | grep wait-for-webhook-svc | awk '{print $1}') + + - name: run spin app + run: | + kubectl apply -f config/samples/simple.yaml + kubectl rollout status deployment simple-spinapp --timeout 90s + kubectl get pods -A + kubectl port-forward svc/simple-spinapp 8083:80 & + timeout 15s bash -c 'until curl -f -vvv http://localhost:8083/hello; do sleep 2; done' + + - name: Verify curl + run: curl localhost:8083/hello \ No newline at end of file diff --git a/Makefile b/Makefile index 2c631f8b..5b7b5b46 100644 --- a/Makefile +++ b/Makefile @@ -146,7 +146,7 @@ CRD_DIR := ./config/crd/bases .PHONY: helm-generate helm-generate: manifests kustomize helmify ## Create/update the Helm chart based on kustomize manifests. (Note: CRDs not included) - $(KUSTOMIZE) build config/default | $(HELMIFY) -crd-dir -cert-manager-as-subchart -cert-manager-version v1.13.3 charts/$(CHART_NAME) + $(KUSTOMIZE) build config/default | $(HELMIFY) -crd-dir charts/$(CHART_NAME) rm -rf charts/$(CHART_NAME)/crds @# Copy the containerd-shim-spin SpinAppExecutor yaml from its canonical location into the chart cp config/samples/shim-executor.yaml charts/$(CHART_NAME)/templates/containerd-shim-spin-executor.yaml @@ -216,6 +216,7 @@ helm-install: helm-generate ## Install the Helm chart onto the K8s cluster speci $(HELM) upgrade --install \ -n $(HELM_NAMESPACE) \ --create-namespace \ + --wait \ --set controllerManager.manager.image.repository=$(IMG_REPO) \ --set controllerManager.manager.image.tag=$(IMG_TAG) \ $(HELM_RELEASE) charts/$(CHART_NAME) diff --git a/charts/spin-operator/Chart.lock b/charts/spin-operator/Chart.lock index 50cc8bcd..aa62d340 100644 --- a/charts/spin-operator/Chart.lock +++ b/charts/spin-operator/Chart.lock @@ -2,8 +2,5 @@ dependencies: - name: kwasm-operator repository: http://kwasm.sh/kwasm-operator version: 0.2.3 -- name: cert-manager - repository: https://charts.jetstack.io - version: v1.13.3 -digest: sha256:656e3b0c5aadd5694ec9271cb9d257a619ab0ce6453466f61de060346144dd91 -generated: "2024-01-25T13:44:43.972708-07:00" +digest: sha256:40d405e4fdf2625d9b164f29f5d777cf6598ed74f155c4cf4259914128318cbd +generated: "2024-02-20T21:28:07.788307+05:30" diff --git a/charts/spin-operator/Chart.yaml b/charts/spin-operator/Chart.yaml index 1f1a41bf..278049da 100644 --- a/charts/spin-operator/Chart.yaml +++ b/charts/spin-operator/Chart.yaml @@ -27,8 +27,3 @@ dependencies: version: "0.2.3" repository: "http://kwasm.sh/kwasm-operator" - - name: cert-manager - repository: https://charts.jetstack.io - condition: certmanager.enabled - alias: certmanager - version: "v1.13.3" diff --git a/charts/spin-operator/README.md b/charts/spin-operator/README.md index ecac476d..1a0b09a8 100644 --- a/charts/spin-operator/README.md +++ b/charts/spin-operator/README.md @@ -26,17 +26,16 @@ Prior to installing the chart, you'll need to ensure the following: kubectl apply -f https://github.com/spinkube/spin-operator/releases/download/v0.1.0-rc.1/spin-operator.runtime-class.yaml ``` +## Chart prerequisites + +- [Cert Manager](https://github.com/cert-manager/cert-manager) to automatically provision and manage TLS certificates (used by spin-operator's admission webhook system). Cert Manager must be running and the corresponding CRDs must be present on the cluster before installing the spin-operator chart. + ## Chart dependencies The spin-operator chart currently includes the following sub-charts: - [Kwasm Operator](https://github.com/kwasm/kwasm-operator) to install WebAssembly support on Kubernetes nodes -- [Cert Manager](https://github.com/cert-manager/cert-manager) to automatically provision and manage TLS certificates (used by spin-operator's admission webhook system) - - If you'd like to manage Cert Manager completely separate from spin-operator, you can disable installation via: - `--set certmanager.enabled=false` on `helm install`. - - Or, if you'd like to install Cert Manager separate from its CRDs, you can opt-out of installing the CRDs via: - `--set certmanager.installCRDs=false` on `helm install`. - - In either case, Cert Manager must be running and the corresponding CRDs must be present on the cluster before installing the spin-operator chart. + ## Installing the chart diff --git a/charts/spin-operator/templates/containerd-shim-spin-executor.yaml b/charts/spin-operator/templates/containerd-shim-spin-executor.yaml index 531f4dcd..c615b3ac 100644 --- a/charts/spin-operator/templates/containerd-shim-spin-executor.yaml +++ b/charts/spin-operator/templates/containerd-shim-spin-executor.yaml @@ -2,6 +2,10 @@ apiVersion: core.spinoperator.dev/v1 kind: SpinAppExecutor metadata: name: containerd-shim-spin + namespace: default + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "1" spec: createDeployment: true deploymentConfig: diff --git a/charts/spin-operator/templates/deployment.yaml b/charts/spin-operator/templates/deployment.yaml index e018305f..feeb82b1 100644 --- a/charts/spin-operator/templates/deployment.yaml +++ b/charts/spin-operator/templates/deployment.yaml @@ -31,6 +31,7 @@ spec: value: {{ quote .Values.kubernetesClusterDomain }} image: {{ .Values.controllerManager.manager.image.repository }}:{{ .Values.controllerManager.manager.image.tag | default .Chart.AppVersion }} + imagePullPolicy: {{ .Values.controllerManager.manager.imagePullPolicy }} livenessProbe: httpGet: path: /healthz diff --git a/charts/spin-operator/templates/selfsigned-issuer.yaml b/charts/spin-operator/templates/selfsigned-issuer.yaml index d125addf..06899d6c 100644 --- a/charts/spin-operator/templates/selfsigned-issuer.yaml +++ b/charts/spin-operator/templates/selfsigned-issuer.yaml @@ -2,9 +2,6 @@ apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: {{ include "spin-operator.fullname" . }}-selfsigned-issuer - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-weight": "1" labels: {{- include "spin-operator.labels" . | nindent 4 }} spec: diff --git a/charts/spin-operator/templates/serving-cert.yaml b/charts/spin-operator/templates/serving-cert.yaml index 5c07e8d2..fec3ab51 100644 --- a/charts/spin-operator/templates/serving-cert.yaml +++ b/charts/spin-operator/templates/serving-cert.yaml @@ -2,9 +2,6 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: {{ include "spin-operator.fullname" . }}-serving-cert - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-weight": "2" labels: {{- include "spin-operator.labels" . | nindent 4 }} spec: diff --git a/charts/spin-operator/values.yaml b/charts/spin-operator/values.yaml index dda54448..1baa0163 100644 --- a/charts/spin-operator/values.yaml +++ b/charts/spin-operator/values.yaml @@ -1,6 +1,3 @@ -certmanager: - enabled: true - installCRDs: true controllerManager: kubeRbacProxy: args: @@ -37,6 +34,7 @@ controllerManager: image: repository: ghcr.io/spinkube/spin-operator tag: latest + imagePullPolicy: IfNotPresent resources: limits: cpu: 500m diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 25839fa4..b697e20a 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -73,6 +73,7 @@ spec: - --enable-webhooks image: ghcr.io/spinkube/spin-operator:latest name: manager + imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/config/samples/shim-executor.yaml b/config/samples/shim-executor.yaml index 531f4dcd..c615b3ac 100644 --- a/config/samples/shim-executor.yaml +++ b/config/samples/shim-executor.yaml @@ -2,6 +2,10 @@ apiVersion: core.spinoperator.dev/v1 kind: SpinAppExecutor metadata: name: containerd-shim-spin + namespace: default + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "1" spec: createDeployment: true deploymentConfig: