Skip to content

Commit

Permalink
chore: switch zarf to use s3 backend (#157)
Browse files Browse the repository at this point in the history
* Use s3 backed zarf registry instead of a PV

 * Replace custom zarf init package with upstream and move csi into standalone package
  • Loading branch information
jacobbmay authored Aug 22, 2024
1 parent c3f7385 commit c6d2ee2
Show file tree
Hide file tree
Showing 11 changed files with 115 additions and 184 deletions.
25 changes: 14 additions & 11 deletions bundles/uds-core-swf/uds-bundle.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -32,26 +32,29 @@ x-gitlab-init-security-context: &gitlab-init-security-context
packages:
# Zarf init
- name: init
path: ../../build
optionalComponents:
- git-server
ref: v0.36.1
repository: ghcr.io/zarf-dev/packages/init
ref: v0.38.2
overrides:
zarf-seed-registry:
docker-registry:
variables:
- name: REGISTRY_STORAGE_CLASS
path: persistence.storageClass
default: "nutanix-dynamicfile"
- name: REGISTRY_CA_BUNDLE
path: caBundle
default: ""
zarf-registry:
docker-registry:
variables:
- name: REGISTRY_STORAGE_CLASS
path: persistence.storageClass
default: "nutanix-dynamicfile"
- name: DEPLOYMENT_REPLICACOUNT
- name: REGISTRY_CA_BUNDLE
path: caBundle
default: ""
- name: REGISTRY_REPLICA_COUNT
path: replicaCount
default: 3

- name: nutanix-csi
path: ../../build
ref: 0.0.1
overrides:
nutanix-csi-storage:
nutanix-csi-storage:
variables:
Expand Down
37 changes: 32 additions & 5 deletions config/uds-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,12 @@ shared:
ADDITIONAL_CA_CHAIN: replace-me-with-additional-ca-chain
variables:
init:
REGISTRY_HPA_ENABLE: false
REGISTRY_PVC_ENABLED: false
REGISTRY_PVC_SIZE: 128Gi
REGISTRY_PVC_ACCESS_MODE: ReadWriteMany
REGISTRY_HPA_AUTO_SIZE: false
REGISTRY_REPLICA_COUNT: 3
REGISTRY_AFFINITY_CUSTOM: |
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
Expand All @@ -17,11 +23,32 @@ variables:
operator: In
values:
- docker-registry
topologyKey: kubernetes.io/hostname REGISTRY_HPA_AUTO_SIZE: true
REGISTRY_PVC_ACCESS_MODE: ReadWriteMany
REGISTRY_PVC_ENABLED: true
REGISTRY_PVC_SIZE: 128Gi
REGISTRY_STORAGE_CLASS: "nutanix-dynamicfile"
topologyKey: kubernetes.io/hostname
#Configure zarf registry to use s3 backend. REGISTRY_STORAGE_REDIRECT_DISABLE can be set to false if S3 bucket is accessible and trusted from host that the uds deploy is run from
REGISTRY_EXTRA_ENVS: |
- name: REGISTRY_STORAGE
value: s3
- name: REGISTRY_STORAGE_S3_REGION
value: us-east-1
- name: REGISTRY_STORAGE_S3_REGIONENDPOINT
value: nutanix.object.store.hostname
- name: REGISTRY_STORAGE_S3_SECURE
value: "true"
- name: REGISTRY_STORAGE_S3_BUCKET
value: env-zarf-registry-bucket
- name: REGISTRY_STORAGE_S3_ACCESSKEY
value: access-key-id
- name: REGISTRY_STORAGE_S3_SECRETKEY
value: access-key-value
- name: REGISTRY_STORAGE_REDIRECT_DISABLE
value: "true"
REGISTRY_CA_BUNDLE: |
-----BEGIN CERTIFICATE-----
cert contents
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
other cert contents
-----END CERTIFICATE-----
PRISM_ENDPOINT: "PRISM element IP address"
PRISM_USERNAME: "csi-user-prism-element-user"
PRISM_PASSWORD: "csi-user-passoword"
Expand Down
8 changes: 0 additions & 8 deletions packages/init/values/registry-values.yaml

This file was deleted.

17 changes: 0 additions & 17 deletions packages/init/zarf-config.yaml

This file was deleted.

139 changes: 0 additions & 139 deletions packages/init/zarf.yaml

This file was deleted.

File renamed without changes.
65 changes: 65 additions & 0 deletions packages/nutanix-csi/zarf.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
kind: ZarfPackageConfig
metadata:
name: nutanix-csi
description: "Nutanix CSI Driver Package"
architecture: amd64
version: "0.0.1" # This version is not used by zarf, but is used for tracking with the published versions

variables:
- name: DYNAMIC_FILE_STORE_NAME
description: "Name of Nutanix File Server to use for Dynamic File storageclass. Should match the name value for the file server in Prism."
- name: PRISM_ENDPOINT
description: "IP or hostname of Prism Element."
- name: PRISM_USERNAME
description: "Username of prism user to use for Nutanix CSI driver."
- name: PRISM_PASSWORD
description: "Password for prism user to use for Nutanix CSI driver."
- name: STORAGE_CONTAINER
description: "Name of Nutanix Storage Container for CSI driver to create volumes in."

components:
# Push nutanix csi images to seed-registry
- name: nutanix-csi-images-initial
required: true
description: Push nutanix images to the zarf registry
images:
- registry.k8s.io/sig-storage/snapshot-controller:v8.0.1
- registry.k8s.io/sig-storage/snapshot-validation-webhook:v8.0.1
- quay.io/karbon/ntnx-csi:v2.6.10
- registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.11.1
- registry.k8s.io/sig-storage/csi-provisioner:v5.0.1
- registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1
- registry.k8s.io/sig-storage/csi-resizer:v1.11.2
- registry.k8s.io/sig-storage/livenessprobe:v2.13.1
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-csi:v0.7.1
- registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-aws:v1.10.0

- name: nutanix-csi-storage
required: true
charts:
# renovate: datasource=helm
- name: nutanix-csi-storage
url: https://github.com/defenseunicorns/nutanix-helm.git # fork containing fix for imagepullsecrets needed for pods to pull images from zarf registry
version: v2.6.10-modified
gitPath: charts/nutanix-csi-storage
namespace: ntnx-system
valuesFiles:
- values/nutanix-storage-values.yaml
actions:
onDeploy:
before:
- description: Delete Storage Classes
cmd: ./zarf tools kubectl delete sc nutanix-volume --ignore-not-found=true

- name: nutanix-dynamicfile-manifests
required: true
manifests:
- name: nutanix-dynamicfile-manifests
namespace: ntnx-system
files:
- nutanix-dynamicfile.yaml
actions:
onDeploy:
before:
- description: Delete Storage Classes
cmd: ./zarf tools kubectl delete sc nutanix-dynamicfile --ignore-not-found=true
2 changes: 1 addition & 1 deletion tasks.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ tasks:
- task: create:keycloak-config-wrapper-package
- task: create:object-store-packages
- task: create:additional-manifests-package
- task: create:init-package
- task: create:nutanix-csi-package
- task: create:trust-manager-package
- task: create:trust-bundles-package
- task: create:bundle
Expand Down
6 changes: 3 additions & 3 deletions tasks/create.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -41,10 +41,10 @@ tasks:
actions:
- cmd: ./uds zarf package create ./packages/additional-manifests --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build

- name: init-package
description: Create init package with Nutanix CSI driver.
- name: nutanix-csi-package
description: Create Nutanix CSI driver package.
actions:
- cmd: ZARF_CONFIG=./packages/init/zarf-config.yaml ./uds zarf package create ./packages/init --set AGENT_IMAGE_TAG=$(uds zarf version) --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build
- cmd: ./uds zarf package create ./packages/nutanix-csi --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build

- name: trust-manager-package
description: Create trust-manager package.
Expand Down

0 comments on commit c6d2ee2

Please sign in to comment.