From cadde891bf5a4a6bac3e8540fe4a40fce57f8ba9 Mon Sep 17 00:00:00 2001 From: gprossliner <6724584+gprossliner@users.noreply.github.com> Date: Thu, 28 Apr 2022 17:03:13 +0200 Subject: [PATCH 1/5] kustomize + local dev with kind --- healthcheck/dockerfile | 2 -- healthcheck/runcheck | 4 --- Dockerfile => image/Dockerfile | 3 -- start.sh => image/start.sh | 0 kustomize/bases/StatefulSet.yaml | 53 ++++++++++++++++++++++++++++++ kustomize/bases/kustomization.yaml | 5 +++ kustomize/dev/.gitignore | 1 + kustomize/dev/kustomization.yaml | 17 ++++++++++ makefile | 15 +++++++++ 9 files changed, 91 insertions(+), 9 deletions(-) delete mode 100644 healthcheck/dockerfile delete mode 100755 healthcheck/runcheck rename Dockerfile => image/Dockerfile (96%) rename start.sh => image/start.sh (100%) create mode 100644 kustomize/bases/StatefulSet.yaml create mode 100644 kustomize/bases/kustomization.yaml create mode 100644 kustomize/dev/.gitignore create mode 100644 kustomize/dev/kustomization.yaml create mode 100644 makefile diff --git a/healthcheck/dockerfile b/healthcheck/dockerfile deleted file mode 100644 index 94c0074..0000000 --- a/healthcheck/dockerfile +++ /dev/null @@ -1,2 +0,0 @@ -FROM alpine -RUN sleep 1 diff --git a/healthcheck/runcheck b/healthcheck/runcheck deleted file mode 100755 index 5b0fda6..0000000 --- a/healthcheck/runcheck +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -set -eux -docker image rm healthcheck || true -docker build --no-cache -t healthcheck . \ No newline at end of file diff --git a/Dockerfile b/image/Dockerfile similarity index 96% rename from Dockerfile rename to image/Dockerfile index 351fbe3..7949cfe 100644 --- a/Dockerfile +++ b/image/Dockerfile @@ -50,7 +50,4 @@ WORKDIR /azp COPY ./start.sh . RUN chmod +x start.sh -# add healthcheck files -COPY ./healthcheck /healthcheck - CMD ["./start.sh"] diff --git a/start.sh b/image/start.sh similarity index 100% rename from start.sh rename to image/start.sh diff --git a/kustomize/bases/StatefulSet.yaml b/kustomize/bases/StatefulSet.yaml new file mode 100644 index 0000000..90dfbd8 --- /dev/null +++ b/kustomize/bases/StatefulSet.yaml @@ -0,0 +1,53 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: lnx-adsagent +spec: + serviceName: lnx-adsagent + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: lnx-adsagent + template: + metadata: + labels: + app.kubernetes.io/name: lnx-adsagent + spec: + volumes: + - name: docker-graph-storage + emptyDir: {} + + containers: + - name: ads-agent + image: AGENT_IMAGE + envFrom: + - secretRef: + name: lnx-adsagent-config + # livenessProbe: + # exec: + # command: + # - bash + # - -c + # - cd /healthcheck && ./runcheck + # failureThreshold: 2 + # initialDelaySeconds: 120 + # periodSeconds: 60 + # successThreshold: 1 + # timeoutSeconds: 10 + env: + - name: DOCKER_HOST + value: tcp://127.0.0.1:2375 + + # the agent name is the name of the pod + - name: AZP_AGENT_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + + - name: dind-daemon + image: docker:18-dind + securityContext: + privileged: true + volumeMounts: + - name: docker-graph-storage + mountPath: /var/lib/docker diff --git a/kustomize/bases/kustomization.yaml b/kustomize/bases/kustomization.yaml new file mode 100644 index 0000000..da90e14 --- /dev/null +++ b/kustomize/bases/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- StatefulSet.yaml diff --git a/kustomize/dev/.gitignore b/kustomize/dev/.gitignore new file mode 100644 index 0000000..9551e2a --- /dev/null +++ b/kustomize/dev/.gitignore @@ -0,0 +1 @@ +.secrets.env diff --git a/kustomize/dev/kustomization.yaml b/kustomize/dev/kustomization.yaml new file mode 100644 index 0000000..9c86c45 --- /dev/null +++ b/kustomize/dev/kustomization.yaml @@ -0,0 +1,17 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +bases: +- ../bases/ + +secretGenerator: +- name: lnx-adsagent-config + envs: + - .secrets.env + +images: +- name: AGENT_IMAGE + newName: lnx-adsagent + newTag: dev + + \ No newline at end of file diff --git a/makefile b/makefile new file mode 100644 index 0000000..c02e5fb --- /dev/null +++ b/makefile @@ -0,0 +1,15 @@ +.ONESHELL: # make cd work + +image=lnx-adsagent +tag=dev + +dev-build-image: + cd image + docker build -t $(image):$(tag) . + +dev-install-kind: dev-build-image + kind load docker-image $(image):$(tag) + kustomize build ./kustomize/dev | kubectl apply -f - + +dev-uninstall-kind: + kustomize build ./kustomize/dev | kubectl delete -f - From 5e7f5111fa870c890885bb5fdc8e7b8cf4b9d2a9 Mon Sep 17 00:00:00 2001 From: gprossliner <6724584+gprossliner@users.noreply.github.com> Date: Mon, 2 May 2022 11:00:07 +0200 Subject: [PATCH 2/5] update to docker 20.10 --- image/Dockerfile | 10 ++++++++-- image/config.sh | 7 +++++++ kustomize/bases/StatefulSet.yaml | 13 +------------ 3 files changed, 16 insertions(+), 14 deletions(-) create mode 100755 image/config.sh diff --git a/image/Dockerfile b/image/Dockerfile index 7949cfe..fd48d8d 100644 --- a/image/Dockerfile +++ b/image/Dockerfile @@ -1,7 +1,7 @@ ARG UBUNTU_VERSION=16.04 FROM ubuntu:$UBUNTU_VERSION -ARG DOCKER_VERSION=18.09.9 +ARG DOCKER_VERSION=20.10.14 ARG DOCKER_COMPOSE_VERSION=1.26.2 @@ -45,9 +45,15 @@ RUN curl -fsSL "https://github.com/docker/compose/releases/download/$DOCKER_COMP # Print info RUN docker --version && docker-compose --version +# add version to env to show in "Capabilies" +ENV DOCKER_VERSION=$DOCKER_VERSION +ENV DOCKER_COMPOSE_VERSION=$DOCKER_VERSION + WORKDIR /azp +COPY ./config.sh . +RUN ./config.sh + COPY ./start.sh . RUN chmod +x start.sh - CMD ["./start.sh"] diff --git a/image/config.sh b/image/config.sh new file mode 100755 index 0000000..8f7aedb --- /dev/null +++ b/image/config.sh @@ -0,0 +1,7 @@ +#!/bin/bash +set -eu + +echo Setup docker context to dind daemon +docker context create dind --docker=host=tcp://localhost:2375 +docker context use dind + diff --git a/kustomize/bases/StatefulSet.yaml b/kustomize/bases/StatefulSet.yaml index 90dfbd8..e61aad3 100644 --- a/kustomize/bases/StatefulSet.yaml +++ b/kustomize/bases/StatefulSet.yaml @@ -23,17 +23,6 @@ spec: envFrom: - secretRef: name: lnx-adsagent-config - # livenessProbe: - # exec: - # command: - # - bash - # - -c - # - cd /healthcheck && ./runcheck - # failureThreshold: 2 - # initialDelaySeconds: 120 - # periodSeconds: 60 - # successThreshold: 1 - # timeoutSeconds: 10 env: - name: DOCKER_HOST value: tcp://127.0.0.1:2375 @@ -45,7 +34,7 @@ spec: fieldPath: metadata.name - name: dind-daemon - image: docker:18-dind + image: docker:20.10.14-dind securityContext: privileged: true volumeMounts: From 0c7868ef2d529d94d03b6ef9b44daa35a04ec96e Mon Sep 17 00:00:00 2001 From: gprossliner <6724584+gprossliner@users.noreply.github.com> Date: Mon, 2 May 2022 11:02:18 +0200 Subject: [PATCH 3/5] kustomize kind & prepare github-ci --- .github/workflows/docker-image-ci.yml | 2 +- README.md | 41 +++++++++++++++++++++- kustomize/bases/StatefulSet.yaml | 4 +-- kustomize/github-ci/kustomization.yaml | 17 +++++++++ kustomize/github-ci/secrets.subst.env | 4 +++ kustomize/{dev => kind}/.gitignore | 0 kustomize/{dev => kind}/kustomization.yaml | 2 +- makefile | 15 ++++---- 8 files changed, 73 insertions(+), 12 deletions(-) create mode 100644 kustomize/github-ci/kustomization.yaml create mode 100644 kustomize/github-ci/secrets.subst.env rename kustomize/{dev => kind}/.gitignore (100%) rename kustomize/{dev => kind}/kustomization.yaml (93%) diff --git a/.github/workflows/docker-image-ci.yml b/.github/workflows/docker-image-ci.yml index e10df79..592379d 100644 --- a/.github/workflows/docker-image-ci.yml +++ b/.github/workflows/docker-image-ci.yml @@ -15,4 +15,4 @@ jobs: steps: - uses: actions/checkout@v2 - name: Build the Docker image - run: docker build . + run: cd image && docker build . diff --git a/README.md b/README.md index c7dce59..ed4a854 100644 --- a/README.md +++ b/README.md @@ -25,4 +25,43 @@ Only the CLI, no daemon. Installed by download, version controlled by build-arg ## docker-compose -Installed by download, version controlled by build-arg `ARG DOCKER_COMPOSE_VERSION=1.26.2` \ No newline at end of file +Installed by download, version controlled by build-arg `ARG DOCKER_COMPOSE_VERSION=1.26.2` + + +## deploy with kustomize + +The repo contains kustomize (https://kustomize.io/) for deployment and CI. +The originally create helm chart is now obsolete. + +### Secrets management + +For the Agent to work, these envrionment-variables need to be set. +This is documented here [Running a self hosted agent in Docker](https://docs.microsoft.com/en-us/.azure/devops/pipelines/agents/docker?view=azure-devops) + + +* AZP_URL: the url of the Azure Devops instance +* AZP_POOL: the name of the Agent Pool +* AZP_TOKEN: a PAT token with the "Agent Pool: Manage" permission + +The kustomize manifests a "secretGenerator" named `lnx-adsagent-config` to +create a secret based on those values. The base manifests (./kustomize/bases) +use this secret, but doen't define those. It need to be defined in a environment branch. + +#### kind + +The `kind` environment (./kustomize/kind) defines a secretGenerator based on an .env +file (./kustomize/kind/.secrets.env). This is not commited into the repo. You need +to create this file if you clone the repo, and use the following structure: + +``` +AZP_URL=https://ads.example.com +AZP_POOL=the-pool-name +AZP_TOKEN=thetokenvalue +``` + +#### github-ci + +The `github-ci` environment uses also a secrets file (`secrets.subst.env`), but these +only contain references to the corresponsing environment vars. Those are processed +using `envsubst`, and are stored as secrets in the repo + diff --git a/kustomize/bases/StatefulSet.yaml b/kustomize/bases/StatefulSet.yaml index e61aad3..2bd74ee 100644 --- a/kustomize/bases/StatefulSet.yaml +++ b/kustomize/bases/StatefulSet.yaml @@ -24,9 +24,6 @@ spec: - secretRef: name: lnx-adsagent-config env: - - name: DOCKER_HOST - value: tcp://127.0.0.1:2375 - # the agent name is the name of the pod - name: AZP_AGENT_NAME valueFrom: @@ -35,6 +32,7 @@ spec: - name: dind-daemon image: docker:20.10.14-dind + command: ["dockerd", "--host", "tcp://127.0.0.1:2375"] securityContext: privileged: true volumeMounts: diff --git a/kustomize/github-ci/kustomization.yaml b/kustomize/github-ci/kustomization.yaml new file mode 100644 index 0000000..7fd16c4 --- /dev/null +++ b/kustomize/github-ci/kustomization.yaml @@ -0,0 +1,17 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +bases: +- ../bases/ + +secretGenerator: +- name: lnx-adsagent-config + envs: + - secrets.substr.env + +images: +- name: AGENT_IMAGE + newName: lnx-adsagent + newTag: ci + +nameSuffix: -ci \ No newline at end of file diff --git a/kustomize/github-ci/secrets.subst.env b/kustomize/github-ci/secrets.subst.env new file mode 100644 index 0000000..86df9bc --- /dev/null +++ b/kustomize/github-ci/secrets.subst.env @@ -0,0 +1,4 @@ +AZP_URL=$AZP_URL +AZP_POOL=$AZP_POOL +AZP_TOKEN=$AZP_TOKEN + diff --git a/kustomize/dev/.gitignore b/kustomize/kind/.gitignore similarity index 100% rename from kustomize/dev/.gitignore rename to kustomize/kind/.gitignore diff --git a/kustomize/dev/kustomization.yaml b/kustomize/kind/kustomization.yaml similarity index 93% rename from kustomize/dev/kustomization.yaml rename to kustomize/kind/kustomization.yaml index 9c86c45..811ce5a 100644 --- a/kustomize/dev/kustomization.yaml +++ b/kustomize/kind/kustomization.yaml @@ -14,4 +14,4 @@ images: newName: lnx-adsagent newTag: dev - \ No newline at end of file +nameSuffix: -dev \ No newline at end of file diff --git a/makefile b/makefile index c02e5fb..ef1bd75 100644 --- a/makefile +++ b/makefile @@ -1,15 +1,18 @@ -.ONESHELL: # make cd work - image=lnx-adsagent tag=dev -dev-build-image: - cd image +build-image: + cd image && \ docker build -t $(image):$(tag) . -dev-install-kind: dev-build-image +kind-install: build-image kind load docker-image $(image):$(tag) kustomize build ./kustomize/dev | kubectl apply -f - + kubectl describe pod -dev-uninstall-kind: +kind-uninstall: kustomize build ./kustomize/dev | kubectl delete -f - + +kind-logs: + kubectl logs lnx-adsagent-dev-0 -c ads-agent + From 639423bf46f076169c5e93e4e6c4446e7a040f6a Mon Sep 17 00:00:00 2001 From: gprossliner <6724584+gprossliner@users.noreply.github.com> Date: Mon, 2 May 2022 11:55:52 +0200 Subject: [PATCH 4/5] fix DOCKER_COMPOSE_VERSION --- image/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/image/Dockerfile b/image/Dockerfile index fd48d8d..827e9af 100644 --- a/image/Dockerfile +++ b/image/Dockerfile @@ -47,7 +47,7 @@ RUN docker --version && docker-compose --version # add version to env to show in "Capabilies" ENV DOCKER_VERSION=$DOCKER_VERSION -ENV DOCKER_COMPOSE_VERSION=$DOCKER_VERSION +ENV DOCKER_COMPOSE_VERSION=$DOCKER_COMPOSE_VERSION WORKDIR /azp From 797fa3916bd997fbf958ec6772e3a4133dfb4492 Mon Sep 17 00:00:00 2001 From: gprossliner <6724584+gprossliner@users.noreply.github.com> Date: Mon, 2 May 2022 12:48:56 +0200 Subject: [PATCH 5/5] added kind-exec-it to makefile --- makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/makefile b/makefile index ef1bd75..911e7a6 100644 --- a/makefile +++ b/makefile @@ -16,3 +16,6 @@ kind-uninstall: kind-logs: kubectl logs lnx-adsagent-dev-0 -c ads-agent +kind-exec-it: + kubectl exec lnx-adsagent-dev-0 -c ads-agent -it -- bash +