Interlink no-kubecfg first implementation (#129)

* updated eamples * fixed interlink Ping * kubeconfig is not sent if KUBECONFIG env is set on the interlink host * moved function from common to main, since it's specifically related to the generation of a kubeconfig * improved itwinctl script * fixed cfgmaps and secrets retrieving. Also updated Slurm storing paths to be more parametric. Minors here and there * removed unused functions * quick patch for multiple get status * interlink now queries sidecars only for running/pending pods
interTwin-eu · Jan 16, 2024 · 55015ae · 55015ae
1 parent 277afab
commit 55015ae
Show file tree

Hide file tree

Showing 19 changed files with 556 additions and 447 deletions.
diff --git a/docs/itwinctl.sh b/docs/itwinctl.sh
@@ -2,7 +2,7 @@
 
 #export INTERLINKCONFIGPATH="$PWD/kustomizations/InterLinkConfig.yaml"
 
-VERSION="${VERSION:-0.0.1-pre6}"
+VERSION="${VERSION:-0.0.4-pre5}"
 
 SIDECAR="${SIDECAR:-slurm}"
 
@@ -31,28 +31,55 @@ OIDC_ISSUER="${OIDC_ISSUER:-https://dodas-iam.cloud.cnaf.infn.it/}"
 AUTHORIZED_GROUPS="${AUTHORIZED_GROUPS:-intw}"
 AUTHORIZED_AUD="${AUTHORIZED_AUD:-intertw-vk}"
 API_HTTP_PORT="${API_HTTP_PORT:-8080}"
-API_HTTPS_PORT="${API_HTTPS_PORT:-443}"
-export HOSTCERT="${HOSTCERT:-/etc/hostcert.pem}"
-export HOSTKEY="${HOSTKEY:-/etc/hostkey.pem}"
-export INTERLINKPORT="${INTERLINKPORT:-3000}"
+API_HTTPS_PORT="${API_HTTPS_PORT:-30443}"
+export HOSTCERT="${HOSTCERT:-/home/ciangottinid/EasyRSA-3.1.5/pki/issued/intertwin.crt}"
+export HOSTKEY="${HOSTKEY:-/home/ciangottinid/EasyRSA-3.1.5/pki/private/InterTwin.key}"
+export INTERLINKPORT="${INTERLINKPORT:-30444}"
 export INTERLINKURL="${INTERLINKURL:-http://0.0.0.0}"
-export INTERLINKPORT="${INTERLINKPORT:-3000}"
-export INTERLINKURL="${INTERLINKURL:-http://0.0.0.0}"
-export INTERLINKCONFIGPATH="${INTERLINKCONFIGPATH:-$HOME/.config/interlink/InterLinkConfig.yaml}"
+export INTERLINKCONFIGPATH="${INTERLINKCONFIGPATH:-$HOME/InterLinkConfig.yaml}"
 export SBATCHPATH="${SBATCHPATH:-/usr/bin/sbatch}"
 export SCANCELPATH="${SCANCELPATH:-/usr/bin/scancel}"
 
 
 install () {
     mkdir -p $HOME/.local/interlink/logs || exit 1
     mkdir -p $HOME/.local/interlink/bin || exit 1
-    mkdir -p $HOME/.config/interlink/ || exit 1
+    mkdir -p $HOME/.local/interlink/config || exit 1
     # download interlinkpath in $HOME/.config/interlink/InterLinkConfig.yaml
-    curl -o $HOME/.config/interlink/InterLinkConfig.yaml https://raw.githubusercontent.com/intertwin-eu/interLink/main/kustomizations/InterLinkConfig.yaml
-
-    ## Download binaries to $HOME/.local/interlink/bin
-    curl -L -o interlink.tar.gz https://github.com/intertwin-eu/interLink/releases/download/${VERSION}/interLink_$(uname -s)_$(uname -m).tar.gz \
-        && tar -xzvf interlink.tar.gz -C $HOME/.local/interlink/bin/
+    if test -f $HOME/.local/interlink/config/InterLinkConfig.yaml; then
+        echo -e "The InterLink config already exists. Skipping its downloading\n"
+    else 
+        {
+            {
+                curl --fail -o $HOME/.local/interlink/config/InterLinkConfig.yaml https://raw.githubusercontent.com/interTwin-eu/interLink/main/examples/interlink-slurm/vk/InterLinkConfig.yaml
+            } || {
+                echo "Error downloading InterLink config, exiting..."
+                exit 1
+            }
+        }
+    fi
+
+    ## Download binaries to $HOME/.local/interlink/
+    echo "curl --fail -L -o interlink.tar.gz https://github.com/intertwin-eu/interLink/releases/download/${VERSION}/interLink_$(uname -s)_$(uname -m).tar.gz \
+        && tar -xzvf interlink.tar.gz -C $HOME/.local/interlink/bin/"
+
+    {
+        {
+            export INTERLINKCONFIGPATH=$HOME/interlink/config/InterLinkConfig.yaml
+            curl --fail -L -o interlink.tar.gz https://github.com/intertwin-eu/interLink/releases/download/${VERSION}/interLink_$(uname -s)_$(uname -m).tar.gz
+        } || {
+            echo "Error downloading InterLink binaries, exiting..."
+            exit 1
+        }
+    } && {
+        {
+            tar -xzvf interlink.tar.gz -C $HOME/.local/interlink/bin/
+        } || {
+            echo "Error extracting InterLink binaries, exiting..."
+            rm interlink.tar.gz
+            exit 1
+        }
+    }
     rm interlink.tar.gz
 
     ## Download oauth2 proxy
@@ -62,8 +89,23 @@ install () {
         ;;
     Linux)
         echo "https://github.com/oauth2-proxy/oauth2-proxy/releases/download/v7.4.0/oauth2-proxy-v7.4.0.${OS_LOWER}-$OSARCH.tar.gz"
-        curl -L -o oauth2-proxy-v7.4.0.$OS_LOWER-$OSARCH.tar.gz https://github.com/oauth2-proxy/oauth2-proxy/releases/download/v7.4.0/oauth2-proxy-v7.4.0.${OS_LOWER}-$OSARCH.tar.gz
-        tar -xzvf oauth2-proxy-v7.4.0.$OS_LOWER-$OSARCH.tar.gz -C $HOME/.local/interlink/bin/
+        {
+            {
+                curl --fail -L -o oauth2-proxy-v7.4.0.$OS_LOWER-$OSARCH.tar.gz https://github.com/oauth2-proxy/oauth2-proxy/releases/download/v7.4.0/oauth2-proxy-v7.4.0.${OS_LOWER}-$OSARCH.tar.gz
+            } || {
+                echo "Error downloading OAuth binaries, exiting..."
+                exit 1
+            }
+        } && {
+            {
+                tar -xzvf oauth2-proxy-v7.4.0.$OS_LOWER-$OSARCH.tar.gz -C $HOME/.local/interlink/bin/
+            } || {
+                echo "Error extracting OAuth binaries, exiting..."
+                rm oauth2-proxy-v7.4.0.$OS_LOWER-$OSARCH.tar.gz
+                exit 1
+            }
+        }
+
         rm oauth2-proxy-v7.4.0.$OS_LOWER-$OSARCH.tar.gz
         ;;
     esac
@@ -103,11 +145,15 @@ start () {
 
     case "$SIDECAR" in
     slurm)
-        $HOME/.local/interlink/bin/interlink-sidecar-slurm  &> $HOME/.local/interlink/logs/sd.log &
+        SHARED_FS=true $HOME/.local/interlink/bin/interlink-sidecar-slurm  &> $HOME/.local/interlink/logs/slurm-sidecar.log &
         echo $! > $HOME/.local/interlink/sd.pid
         ;;
     docker)
-        $HOME/.local/interlink/bin/interlink-sidecar-docker  &> $HOME/.local/interlink/logs/sd.log &
+        $HOME/.local/interlink/bin/interlink-sidecar-docker  &> $HOME/.local/interlink/logs/docker-sidecar.log &
+        echo $! > $HOME/.local/interlink/sd.pid
+        ;;
+    htcondor)
+        $HOME/.local/interlink/bin/interlink-sidecar-htcondor  &> $HOME/.local/interlink/logs/htcondor-sidecar.log &
         echo $! > $HOME/.local/interlink/sd.pid
         ;;
     esac
@@ -119,6 +165,15 @@ stop () {
     kill $(cat $HOME/.local/interlink/sd.pid)
 }
 
+help () {
+    echo -e "\n\ninstall:      Downloads InterLink and OAuth binaries, as well as InterLink configuration. Files are stored in $HOME/.local/interlink\n\n"
+    echo -e "uninstall:    Delete the $HOME/.local/interlink folder, removing all downloaded files\n\n"
+    echo -e "start:        Starts the OAuth proxy, the InterLink API and a Sidecar by the ENV SIDECAR. Actually, valid values for SIDECAR are docker, slurm and htcondor\n\n"
+    echo -e "stop:         Kills all the previously started processes\n\n"
+    echo -e "restart:      Kills all started processes and start them again\n\n"
+    echo -e "help:         Shows this command list"
+}
+
 case "$1" in
     install)
         install
@@ -135,4 +190,12 @@ case "$1" in
         ;;
     uninstall)
         rm -r $HOME/.local/interlink
+        ;;
+    help)
+        help
+        ;;
+    *)
+        echo -e "You need to specify one of the following commands:"
+        help
+        ;;
 esac
diff --git a/examples/interlink-htcondor/vk/deployment.yaml b/examples/interlink-htcondor/vk/deployment.yaml
@@ -48,13 +48,18 @@ spec:
           value: "/opt/interlink/token"
         - name: CONFIGPATH
           value: "/etc/interlink/vk-cfg.json"
+        - name: KUBECONFIG
+          value: /etc/interlink/kubeconfig.yaml
         volumeMounts:
         - name: config
           mountPath: /etc/interlink/InterLinkConfig.yaml
           subPath: InterLinkConfig.yaml
         - name: config-json
           mountPath: /etc/interlink/vk-cfg.json
           subPath: vk-cfg.json
+        - name: kubeconfig
+          mountPath: "/etc/interlink/kubeconfig.yaml"
+          subPath: kubeconfig.yaml
         - name: token
           mountPath: /opt/interlink
         resources:
@@ -100,6 +105,10 @@ spec:
       - name: config-json
         configMap:
           # Provide the name of the ConfigMap you want to mount.
-          name: test-vk-config
+          name: vk-config-json
+      - name: kubeconfig
+        configMap:
+          # Provide the name of the ConfigMap you want to mount.
+          name: vk-kubeconfig
       - name: token
         emptyDir: {}
diff --git a/examples/interlink-htcondor/vk/kustomization.yaml b/examples/interlink-htcondor/vk/kustomization.yaml
@@ -5,9 +5,12 @@ resources:
   - ./service-account.yaml
 
 configMapGenerator:
-  - name: test-vk-config 
+  - name: vk-config-json
     files:
       - vk-cfg.json=vk-cfg.json
   - name: vk-config 
     files:
       - InterLinkConfig.yaml=InterLinkConfig.yaml 
+  - name: vk-kubeconfig 
+    files:
+      - kubeconfig.yaml=kubeconfig.yaml 
diff --git a/examples/interlink-slurm/README.md b/examples/interlink-slurm/README.md
@@ -28,7 +28,28 @@ minikube start --kubernetes-version=1.24.3
 
 ### Configure interLink
 
-You need to provide the interLink IP address that should be reachable from the kubernetes pods. In case of this demo setup, that address __is the address of your machine__
+First of all, you need a valid kubeconfig file to be passed to the interLink docker compose. With minikube you will need the following script (check that `PATH_TO_KUBECONFIG` env is pointing to the correct kubeconfig first), otherwise you can simply copy your own there.
+
+__N.B.__ the kubeconfig file should be a stand-alone one. So the certificate data should be loaded as strings not as path.
+
+```bash
+export PATH_TO_KUBECONFIG=$HOME/.kube/config
+export CA_DATA=$(cat $HOME/.minikube/ca.crt | base64 -w0)
+export CERT_DATA=$(cat $HOME/.minikube/profiles/minikube/client.crt | base64 -w0)
+export KEY_DATA=$(cat $HOME/.minikube/profiles/minikube/client.key | base64 -w0)
+
+mkdir -p interlink/config
+
+cp $PATH_TO_KUBECONFIG interlink/config/kubeconfig.yaml 
+cp $PATH_TO_KUBECONFIG vk/kubeconfig.yaml 
+sed 's/certificate-authority:.*/certificate-authority-data: '$CA_DATA'/g'  $PATH_TO_KUBECONFIG | sed 's/client-certificate:.*/client-certificate-data: '$CERT_DATA'/g' - | sed 's/client-key:.*/client-key-data: '$KEY_DATA'/g' - > interlink/config/kubeconfig.yaml 
+sed 's/certificate-authority:.*/certificate-authority-data: '$CA_DATA'/g'  $PATH_TO_KUBECONFIG | sed 's/client-certificate:.*/client-certificate-data: '$CERT_DATA'/g' - | sed 's/client-key:.*/client-key-data: '$KEY_DATA'/g' - > vk/kubeconfig.yaml 
+
+chmod 777 interlink/config/kubeconfig.yaml 
+chmod 777 vk/kubeconfig.yaml 
+```
+
+Then you need to provide the interLink IP address that should be reachable from the kubernetes pods. In case of this demo setup, that address __is the address of your machine__
 
 ```bash
 export INTERLINK_IP_ADDRESS=XXX.XX.X.XXX

diff --git a/examples/interlink-slurm/vk/deployment.yaml b/examples/interlink-slurm/vk/deployment.yaml
@@ -49,6 +49,8 @@ spec:
           value: "/opt/interlink/token"
         - name: CONFIGPATH
           value: "/etc/interlink/vk-cfg.json"
+        - name: KUBECONFIG
+          value: "/etc/interlink/kubeconfig.yaml"
         volumeMounts:
         - name: config
           mountPath: /etc/interlink/InterLinkConfig.yaml
@@ -58,6 +60,9 @@ spec:
           subPath: vk-cfg.json
         - name: token
           mountPath: /opt/interlink
+        - name: kubeconfig
+          mountPath: "/etc/interlink/kubeconfig.yaml"
+          subPath: kubeconfig.yaml
         resources:
           limits:
             cpu: 500m
@@ -101,6 +106,10 @@ spec:
       - name: config-json
         configMap:
           # Provide the name of the ConfigMap you want to mount.
-          name: test-vk-config
+          name: vk-config-json
+      - name: kubeconfig
+        configMap:
+          # Provide the name of the ConfigMap you want to mount.
+          name: vk-kubeconfig
       - name: token
-        emptyDir: {}
+        emptyDir: {}
diff --git a/examples/interlink-slurm/vk/kustomization.yaml b/examples/interlink-slurm/vk/kustomization.yaml
@@ -5,9 +5,12 @@ resources:
   - ./service-account.yaml
 
 configMapGenerator:
-  - name: test-vk-config 
+  - name: vk-config-json
     files:
       - vk-cfg.json=vk-cfg.json
   - name: vk-config 
     files:
       - InterLinkConfig.yaml=InterLinkConfig.yaml 
+  - name: vk-kubeconfig 
+    files:
+      - kubeconfig.yaml=kubeconfig.yaml 
diff --git a/main.go b/main.go
@@ -223,6 +223,7 @@ func main() {
 			log.G(ctx).Fatal(err)
 		}
 	} else {
+		log.G(ctx).Debug("Loading Kubeconfig from " + os.Getenv("KUBECONFIG"))
 		clientCfg, err := clientcmd.NewClientConfigFromBytes(kubecfgFile)
 		if err != nil {
 			log.G(ctx).Fatal(err)
@@ -236,30 +237,33 @@ func main() {
 	localClient := kubernetes.NewForConfigOrDie(kubecfg)
 
 	nodeProvider, err := virtualkubelet.NewProvider(cfg.ConfigPath, cfg.NodeName, cfg.OperatingSystem, cfg.InternalIP, cfg.DaemonPort, ctx)
-	// go func() {
+	go func() {
+
+		ILbind := false
+		retValue := -1
+		counter := 0
 
-	// 	ILbindNow := false
-	// 	// ILbindOld := false
+		for {
+			err, ILbind, retValue = commonIL.PingInterLink(ctx)
 
-	// 	for {
-	// 		err, ILbindNow = commonIL.PingInterLink(ctx)
+			if err != nil {
+				log.G(ctx).Error(err)
+			}
 
-	// 		if err != nil {
-	// 			log.G(ctx).Error(err)
-	// 		}
+			if !ILbind && retValue == 1 {
+				counter++
+			} else if ILbind && retValue == 0 {
+				counter = 0
+			}
 
-	// 		if ILbindNow == true && ILbindOld == false {
-	// 			err = commonIL.NewServiceAccount()
-	// 			if err != nil {
-	// 				log.G(ctx).Fatal(err)
-	// 			}
-	// 		}
+			if counter > 10 {
+				log.G(ctx).Fatal("Unable to communicate with the InterLink API, exiting...")
+			}
 
-	// 		ILbindOld = ILbindNow
-	// 		time.Sleep(time.Second * 10)
+			time.Sleep(time.Second * 10)
 
-	// 	}
-	// }()
+		}
+	}()
 
 	if err != nil {
 		log.G(ctx).Fatal(err)