Get BiosCfg ready for prod

Dockerfile

@@ -1,6 +1,6 @@
-FROM alpine:3.8 as runner
+FROM alpine:latest
 
 COPY bioscfg /usr/sbin/bioscfg
 RUN chmod +x /usr/sbin/bioscfg
 
-ENTRYPOINT bioscfg
+ENTRYPOINT ["/usr/sbin/bioscfg"]

Makefile

@@ -6,7 +6,7 @@ GIT_SUMMARY := $(shell git describe --tags --dirty --always)
 VERSION     := $(shell git describe --tags 2> /dev/null)
 BUILD_DATE  := $(shell date +%s)
 GIT_COMMIT_FULL  := $(shell git rev-parse HEAD)
-GO_VERSION := $(shell expr `go version |cut -d ' ' -f3 |cut -d. -f2` \>= 16)
+GO_VERSION := $(shell expr `go version |cut -d ' ' -f3 |cut -d. -f2` \>= 22)
 DOCKER_IMAGE  := "ghcr.io/metal-toolbox/bioscfg"
 REPO := "https://github.com/metal-toolbox/bioscfg.git"
 
@@ -30,38 +30,36 @@ gen-mock:
 ## build-osx
 build-osx:
 ifeq ($(GO_VERSION), 0)
-	$(error build requies go version 1.22.1 or higher)
+	$(error build requies go version 1.22 or higher)
 endif
-	  go build -o bioscfg \
-	   -ldflags \
+	CGO_ENABLED=0 go build -o bioscfg \
+		-ldflags \
 		"-X $(LDFLAG_LOCATION).GitCommit=$(GIT_COMMIT) \
-         -X $(LDFLAG_LOCATION).GitBranch=$(GIT_BRANCH) \
-         -X $(LDFLAG_LOCATION).GitSummary=$(GIT_SUMMARY) \
-         -X $(LDFLAG_LOCATION).AppVersion=$(VERSION) \
-         -X $(LDFLAG_LOCATION).BuildDate=$(BUILD_DATE)"
-
+		-X $(LDFLAG_LOCATION).GitBranch=$(GIT_BRANCH) \
+		-X $(LDFLAG_LOCATION).GitSummary=$(GIT_SUMMARY) \
+		-X $(LDFLAG_LOCATION).AppVersion=$(VERSION) \
+		-X $(LDFLAG_LOCATION).BuildDate=$(BUILD_DATE)"
 
 ## Build linux bin
 build-linux:
 ifeq ($(GO_VERSION), 0)
-	$(error build requies go version 1.22.1 or higher)
+	$(error build requies go version 1.22 or higher)
 endif
-	GOOS=linux GOARCH=amd64 go build -o bioscfg \
-	   -ldflags \
+	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o bioscfg \
+		-ldflags \
 		"-X $(LDFLAG_LOCATION).GitCommit=$(GIT_COMMIT) \
-         -X $(LDFLAG_LOCATION).GitBranch=$(GIT_BRANCH) \
-         -X $(LDFLAG_LOCATION).GitSummary=$(GIT_SUMMARY) \
-         -X $(LDFLAG_LOCATION).AppVersion=$(VERSION) \
-         -X $(LDFLAG_LOCATION).BuildDate=$(BUILD_DATE)"
-
+		-X $(LDFLAG_LOCATION).GitBranch=$(GIT_BRANCH) \
+		-X $(LDFLAG_LOCATION).GitSummary=$(GIT_SUMMARY) \
+		-X $(LDFLAG_LOCATION).AppVersion=$(VERSION) \
+		-X $(LDFLAG_LOCATION).BuildDate=$(BUILD_DATE)"
 
 ## build docker image and tag as ghcr.io/metal-toolbox/bioscfg:latest
 build-image: build-linux
 	@echo ">>>> NOTE: You may want to execute 'make build-image-nocache' depending on the Docker stages changed"
-	docker build --rm=true -f Dockerfile -t ${DOCKER_IMAGE}:latest  . \
-							 --label org.label-schema.schema-version=1.0 \
-							 --label org.label-schema.vcs-ref=$(GIT_COMMIT_FULL) \
-							 --label org.label-schema.vcs-url=$(REPO)
+	docker build --rm=true -f Dockerfile -t ${DOCKER_IMAGE}:latest . \
+		--label org.label-schema.schema-version=1.0 \
+		--label org.label-schema.vcs-ref=$(GIT_COMMIT_FULL) \
+		--label org.label-schema.vcs-url=$(REPO)
 
 ## tag and push devel docker image to local registry
 push-image-devel: build-image
@@ -73,14 +71,18 @@ push-image-devel: build-image
 push-image:
 	docker push ${DOCKER_IMAGE}:latest
 
+## Clean all caches
+clean-all:
+	golangci-lint cache clean
+	go clean -modcache -testcache -cache -fuzzcache
+
 # https://gist.github.com/prwhite/8168133
 # COLORS
 GREEN  := $(shell tput -Txterm setaf 2)
 YELLOW := $(shell tput -Txterm setaf 3)
 WHITE  := $(shell tput -Txterm setaf 7)
 RESET  := $(shell tput -Txterm sgr0)
 
-
 TARGET_MAX_CHAR_NUM=20
 ## Show help
 help:

chart/Chart.yaml

@@ -1,6 +1,10 @@
 apiVersion: v2
 name: bioscfg
-description: A helm chart for deploying the bioscfg controller.
-type: application
-version: 0.0.1
-appVersion: "0.0.1"
+description: A chart to control BMCs
+version: v0.1.1
+keywords:
+  - bmc
+  - bios
+home: "https://github.com/metal-toolbox/bioscfg"
+sources:
+  - "https://github.com/metal-toolbox/bioscfg"

chart/templates/configmap.yaml

@@ -0,0 +1,10 @@
+{{ if .Values.enable }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: bioscfg-config
+data:
+  config.yaml: |-
+{{ toYaml .Values.env | indent 4 }}
+{{ end }}

chart/templates/bioscfg-deployment.yaml → chart/templates/deployment.yaml

@@ -17,16 +17,16 @@ spec:
       terminationGracePeriodSeconds: 1200
       containers:
         - name: bioscfg
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          image: {{ .Values.image.repository.url }}/bioscfg:{{ .Values.image.repository.tag }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
           command: [
            "bioscfg",
+           "run",
            "--config",
            "/etc/bioscfg/config.yaml",
            "--enable-pprof",
            "--log-level",
            "debug",
-           "--facility-code",
-           "{{ .Values.location }}"
           ]
           volumeMounts:
             - name: config-volume
@@ -35,32 +35,17 @@ spec:
               mountPath: /etc/nats
               readOnly: true
           env:
-            - name: BIOSCFG_NATS_URL
-              value: "{{ .Values.env.NATS_URL }}"
-            - name: BIOSCFG_NATS_CONNECT_TIMEOUT
-              value: "{{ .Values.env.NATS_CONNECT_TIMEOUT }}"
-            - name: BIOSCFG_NATS_KV_REPLICAS
-              value: "{{ .Values.env.NATS_KV_REPLICAS }}"
-            - name: BIOSCFG_NATS_CREDS_FILE
-              value: /etc/nats/nats.creds
-            - name: BIOSCFG_FLEETDB_ENDPOINT
-              value: "{{ .Values.env.FLEETDB_ENDPOINT }}"
-            - name: BIOSCFG_FLEETDB_DISABLE_OAUTH
-              value: "{{ .Values.env.FLEETDB_DISABLE_OAUTH }}"
-            - name: BIOSCFG_FLEETDB_FACILITY_CODE
-              value: "{{ .Values.location  }}"
-            - name: BIOSCFG_FLEETDB_OIDC_AUDIENCE_ENDPOINT
-              value: "{{ .Values.env.FLEETDB_OIDC_AUDIENCE_ENDPOINT }}"
-            - name: BIOSCFG_FLEETDB_OIDC_ISSUER_ENDPOINT
-              value: "{{ .Values.env.FLEETDB_OIDC_ISSUER_ENDPOINT }}"
-            - name: BIOSCFG_FLEETDB_OIDC_CLIENT_SCOPES
-              value: "{{ .Values.env.FLEETDB_OIDC_CLIENT_SCOPES }}"
+          {{- if .Values.env.endpoints.fleetdb.authenticate }}
+            - name: FLIPFLOP_ENDPOINTS_FLEETDB_OIDC_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: bioscfg-secrets
+                  key: fleetdb-oidc-client-secret
+          {{- end }}
             - name: OTEL_EXPORTER_OTLP_ENDPOINT
-              value: "{{ .Values.env.OTEL_EXPORTER_OTLP_ENDPOINT }}"
+              value: "{{ .Values.env.endpoints.otel.url }}"
             - name: OTEL_EXPORTER_OTLP_INSECURE
-              value: "{{ .Values.env.OTEL_EXPORTER_OTLP_INSECURE }}"
-            - name: BIOSCFG_FLEETDB_OIDC_CLIENT_ID
-              value: "{{ .Values.env.FLEETDB_OIDC_CLIENT_ID }}"
+              value: "{{ not .Values.env.endpoints.otel.authenticate }}"
           securityContext:
             capabilities:
               drop:

chart/values.yaml

@@ -1,14 +1,29 @@
-location: "sandbox"
+enable: true
 image:
-  repository: "localhost:5001/bioscfg"
-  tag: latest
   pullPolicy: Always
+  repository:
+    tag: latest
+    url: localhost:5001
 env:
-  FLEETDB_ENDPOINT: http://fleetdb:8000
-  FLEETDB_DISABLE_OAUTH: true
-  NATS_URL: "nats://nats:4222"
-  NATS_CONNECT_TIMEOUT: 60s
-  NATS_KV_REPLICAS: 1
-  # telemetry configuration
-  OTEL_EXPORTER_OTLP_ENDPOINT: jaeger:4317
-  OTEL_EXPORTER_OTLP_INSECURE: true
+  test: myTest
+  test1: myFirstTest
+  facility: sandbox
+  log_level: debug
+  concurrency: 5
+  dryrun: false
+  endpoints:
+    fleetdb:
+      authenticate: false
+      oidc_audience_url:
+      oidc_client_id:
+      oidc_issuer_url:
+      oidc_client_scopes:
+      url: http://fleetdb:8000
+    nats:
+      connect_timeout: 60s
+      kv_replication: 1
+      creds_file: /etc/nats/nats.creds
+      url: nats://nats:4222
+    otel:
+      authenticate: false
+      url: jaeger:4317

cmd/bioscfg.go

@@ -0,0 +1,26 @@
+package cmd
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/metal-toolbox/bioscfg/internal/bioscfg"
+	"github.com/spf13/cobra"
+)
+
+// bioscfgCmd represents the bioscfg command
+var bioscfgCmd = &cobra.Command{
+	Use:   "run",
+	Short: "Run the BiosCfg Controller",
+	Run: func(cmd *cobra.Command, _ []string) {
+		err := bioscfg.Run(cmd.Context(), ConfigFile, LogLevel, EnableProfiling)
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+	},
+}
+
+func init() {
+	rootCmd.AddCommand(bioscfgCmd)
+}

cmd/root.go

@@ -18,26 +18,21 @@ package cmd
 
 import (
 	"fmt"
-	"log/slog"
 	"os"
 
-	"github.com/metal-toolbox/bioscfg/internal/model"
 	"github.com/spf13/cobra"
 )
 
 var (
-	args = &model.Args{}
+	LogLevel        string
+	ConfigFile      string
+	EnableProfiling bool
 )
 
 // rootCmd represents the base command when called without any subcommands
 var rootCmd = &cobra.Command{
-	Use:   "bioscfg",
-	Short: "bioscfg remotely manages BIOS settings",
-	Run: func(cmd *cobra.Command, _ []string) {
-		if err := runWorker(cmd.Context(), args); err != nil {
-			os.Exit(1)
-		}
-	},
+	Use:   "controller",
+	Short: "Fleet Services Controllers",
 }
 
 // Execute adds all child commands to the root command and sets flags appropriately.
@@ -51,19 +46,11 @@ func Execute() {
 
 func init() {
 	rootCmd.PersistentFlags().
-		StringVar(&args.ConfigFile, "config", "", "configuration file (default is $HOME/.bioscfg.yml)")
+		StringVar(&ConfigFile, "config", "", "configuration file (default is $HOME/.bioscfg.yml)")
 
 	rootCmd.PersistentFlags().
-		StringVar(&args.LogLevel, "log-level", "info", "set logging level - debug, trace")
+		StringVar(&LogLevel, "log-level", "info", "set logging level - debug, trace")
 
 	rootCmd.PersistentFlags().
-		BoolVarP(&args.EnableProfiling, "enable-pprof", "", false, "Enable profiling endpoint at: http://localhost:9091")
-
-	rootCmd.PersistentFlags().
-		StringVarP(&args.FacilityCode, "facility-code", "f", "", "The facility code this bioscfg instance is associated with")
-
-	if err := rootCmd.MarkPersistentFlagRequired("facility-code"); err != nil {
-		slog.Error("failed to mark required flag", "error", err)
-		os.Exit(1)
-	}
+		BoolVarP(&EnableProfiling, "enable-pprof", "", false, "Enable profiling endpoint at: http://localhost:9091")
 }