Yolean
diff --git a/‎.editorconfig‎
Lines changed: 7 additions & 0 deletions b/‎.editorconfig‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 27 additions & 6 deletions b/‎README.md‎
Lines changed: 27 additions & 6 deletions
diff --git a/‎bin/.gitignore‎
Lines changed: 5 additions & 0 deletions b/‎bin/.gitignore‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎bin/y-assert‎
Lines changed: 23 additions & 1 deletion b/‎bin/y-assert‎
Lines changed: 23 additions & 1 deletion
diff --git a/‎bin/y-build-like-sync‎
Lines changed: 59 additions & 0 deletions b/‎bin/y-build-like-sync‎
Lines changed: 59 additions & 0 deletions
diff --git a/‎bin/y-build-nothing‎
Lines changed: 1 addition & 8 deletions b/‎bin/y-build-nothing‎
Lines changed: 1 addition & 8 deletions
diff --git a/‎bin/y-cluster-assert-install‎
Lines changed: 23 additions & 0 deletions b/‎bin/y-cluster-assert-install‎
Lines changed: 23 additions & 0 deletions
diff --git a/‎bin/y-cluster-install-prometheus-operator‎
Lines changed: 0 additions & 7 deletions b/‎bin/y-cluster-install-prometheus-operator‎
Lines changed: 0 additions & 7 deletions
diff --git a/‎bin/y-cluster-provision-gke‎
Lines changed: 7 additions & 6 deletions b/‎bin/y-cluster-provision-gke‎
Lines changed: 7 additions & 6 deletions
diff --git a/‎bin/y-cluster-provision-k3s-multipass‎
Lines changed: 2 additions & 2 deletions b/‎bin/y-cluster-provision-k3s-multipass‎
Lines changed: 2 additions & 2 deletions
@@ -0,0 +1,7 @@
+root = true
+
+[*]
+charset = utf-8
+trim_trailing_whitespace = true
+indent_style = space
+indent_size = 2
@@ -97,11 +97,32 @@ docker volume rm ystack_admin 2> /dev/null || true
 
 ## Development
 
+Using the [y-docker-compose](./bin/y-docker-compose) wrapper that extends [docker-compose.test.yml](./docker-compose.test.yml) that is used for CI with [docker-compose.dev-overrides.yml](./docker-compose.dev-overrides.yml). The k3s [image](./k3s/docker-image/) is the stock k3s image with y-stack's local registry config.
+
+```
+y-docker-compose down
+y-docker-compose up --build -d master1
+y-docker-compose up --build -d ystack-proxy
+kubectl --kubeconfig=$YSTACK_HOME/devcluster/.kube/kubeconfig.yaml config rename-context default ystack-local
+y-kubie ctx -f $YSTACK_HOME/devcluster/.kube/kubeconfig.yaml
+```
+
+To add monitoring support run `y-cluster-assert-install`.
+
+For [dev loops](./examples/) and `y-assert` the docker stack replaces `y-kubefwd` (hard to use in CI)
+with container ports.
+You need `cat /etc/hosts | grep 127.0.0 | grep cluster.local` to have something like:
 ```
-compose='docker-compose -f docker-compose.test.yml -f docker-compose.dev-overrides.yml'
-$compose down \
-  ;docker volume rm ystack_admin ystack_k3s-server 2>/dev/null || true
-sudo rm test/.kube/kubeconfig.yaml
-$compose up --build -d ystack-proxy
-export KUBECONFIG=$PWD/test/.kube/kubeconfig.yaml
+127.0.0.1	builds-registry.ystack.svc.cluster.local
+127.0.0.1	buildkitd.ystack.svc.cluster.local
+127.0.0.1	monitoring.ystack.svc.cluster.local
 ```
+
+Test using:
+```
+curl http://builds-registry.ystack.svc.cluster.local/v2/
+curl http://monitoring.ystack.svc.cluster.local:9090/api/v1/alertmanagers | jq '.data.activeAlertmanagers[0]'
+curl http://monitoring.ystack.svc.cluster.local:9093/api/v2/status
+```
+
+Start a dev loop for actual asserts using `cd specs; y-skaffold --cache-artifacts=false dev` and start editing specs/*.spec.js. Run `y-assert` for CI-like runs until completion.
@@ -2,9 +2,14 @@
 
 # our executables are symlinked to real names
 buildctl
+container-structure-test
+crane
 helm
+kubie
+kustomize
 minikube
 mkcert
+promtool
 rio
 skaffold
 kubefwd
 
@@ -22,6 +22,11 @@ using ephemeral namespaces.
 # What cleanup solutions are there? Let's start with https://github.com/hjacobs/kube-janitor
 TTL="janitor/ttl: 23h"
 
+[ -z "$MONITORING_HOST" ] && MONITORING_HOST=http://monitoring.ystack.svc.cluster.local
+
+! curl -f -s --connect-timeout 3 $MONITORING_HOST:9090/ >/dev/null && echo "Failed to access the Prometheus endpoint" && exit 1
+! curl -f -s --connect-timeout 3 $MONITORING_HOST:9093/ >/dev/null && echo "Failed to access the Alertmanager endpoint" && exit 1
+
 ctx=$1
 case $ctx in
   "--context="*) shift 1 ;;
@@ -32,6 +37,9 @@ case $ctx in
 esac
 skaffoldflags=$(echo $ctx | sed 's|^--|--kube-|')
 
+[ -z "$PROFILES" ] && PROFILES="y-assert"
+skaffoldflags="$skaffoldflags -p $PROFILES"
+
 CIRUN=$1
 [ -z "$CIRUN" ] && CIRUN="run"
 
@@ -55,7 +63,21 @@ EOF
 fi
 skaffoldflags="$skaffoldflags -n $namespace"
 
-set -x
+# At this point we should know how to identify relevant assert metrics
+[ -z "$assertlabels" ] && assertlabels="namespace=\"$namespace\"";
+
 y-skaffold $skaffoldflags --cache-artifacts=false $CIRUN
 
+echo "$(log) Prometheus queries for test results will use labels: $assertlabels"
 echo "$(log) cleanup-ish: kubectl $ctx get namespace -l $(echo $TTL | sed 's/: */=/') -o name | xargs kubectl $ctx delete"
+
+query=assertions_failed{$assertlabels}
+
+[ -z "$INTERVAL" ] && INTERVAL=5
+# This loop will continuously list errors and must fail on http errors or absence of the metric
+until curl -s --data "query=$query" $MONITORING_HOST:9090/api/v1/query \
+  | jq -r '.data.result | if length > 0 then . else error("No results") end | .[] | . as {$metric, $values} | .value[1] | . as $vs | tonumber as $v | if $v > 0 then error($metric.namespace+" "+$metric.pod+" "+$vs) else empty end'
+do sleep $INTERVAL
+done
+
+echo "Zero failures now with: curl -s --data query=$query $MONITORING_HOST:9090/api/v1/query"
@@ -0,0 +1,59 @@
+#!/usr/bin/env bash
+[ -z "$DEBUG" ] || set -x
+set -e
+
+# Bash isn't a good tool for producing a tar from a build context
+# but this script is an experiment on how to compose an image
+# from a runtime and some static files using go-containerregistry's crane
+# The user shouldn't need to write Dockerfile or .dockerignore,
+# but we could probably use a generated Dockerfile + kaniko instead, or Buildpacks
+
+# Settings
+DEFAULT_REGISTRY=builds-registry.ystack.svc.cluster.local
+[ -z "$BUILDS_REGISTRY" ] && BUILDS_REGISTRY=$DEFAULT_REGISTRY
+[ -z "$PUSH_REGISTRY" ]   && PUSH_REGISTRY=$DEFAULT_REGISTRY
+
+if [ "$(curl -s --connect-timeout 3 http://$BUILDS_REGISTRY/v2/)" != "{}" ]
+then
+  echo "ERROR Skaffold need local access to the builds registry for digest lookup"
+  echo "Registry: $BUILDS_REGISTRY"
+  echo "Look for y-stack's ingress or port-forward utilities"
+  exit 1
+fi
+
+[ -z "$IMAGE" ] && echo "No IMAGE env (from for example Skaffold)" && exit 1
+
+IMAGE=$IMAGE
+case "$IMAGE" in
+  $BUILDS_REGISTRY/* ) ;;
+  $PUSH_REGISTRY/* ) echo "Unlike y-build this script won't push to non-build registries" && exit 1 ;;
+  * ) echo "Output is restricted to PUSH_REGISTRY=$PUSH_REGISTRY. Got: $IMAGE" && exit 1 ;;
+esac
+
+RUNTIME_IMAGE=$1
+[ -z "$RUNTIME_IMAGE" ] && echo "First argument must be a runtime image to append the layer to" \
+  && echo "To improve build times use a runtime image in the target repo" && exit 1
+
+# crane hangs for a long time if it doesn't know that the registry is plain http
+RUNTIME_IMAGE=$(echo $RUNTIME_IMAGE | sed 's|.local/|.local:80/|')
+IMAGE=$(echo $IMAGE | sed 's|.local/|.local:80/|')
+
+# This is a PoC, let's make a lot of assumptions to simplify
+context=.
+src='**'
+# assuming a single manual sync, which is the reasonable use case for a runtime
+[ ! -f skaffold.yaml ] && echo "This composition example assumes a sync defined in a skaffold.yaml" && exit 1
+dest=$(cat skaffold.yaml | grep 'dest:' | awk '{ print $2 }')
+# this avoids "tar: Removing leading `/' from member names" and could come in handy if we can't use --transform
+dest=$(echo $dest | sed 's|^/||')
+
+list=$(mktemp)
+(cd $context; git ls-files -c -o --exclude-standard -- . || find . -type f) > $list
+tar=$(mktemp)
+tar --transform "s|^|$dest/|" --show-transformed-names -cvhf $tar -T $list --mode='ug+rw' --group=65534 --owner=65532
+rm $list
+
+set -x
+y-crane append --insecure -b $RUNTIME_IMAGE -f $tar -t $IMAGE
+set +x
+rm $tar
@@ -24,20 +24,13 @@ case "$IMAGE" in
   * ) echo "Output is restricted to PUSH_REGISTRY=$PUSH_REGISTRY. Got: $IMAGE" && exit 1 ;;
 esac
 
-[ -z "$ctx" ] && ctx="--context=$(kubectl config current-context)" && echo "No 'ctx' env, guessing: $ctx"
-
-CRANE_IMAGE=gcr.io/go-containerregistry/crane:96cf69f03a3cf2d9c8850ce9d8e1f33da354826a@sha256:7b4f1fc7c681e49ce7bf6ed95bd30d6c749f4a1cd2467f994fc045e6433ebde9
 NOTHING_IMAGE=busybox@sha256:95cf004f559831017cdf4628aaf1bb30133677be8702a8c5f2994629f637a209
 
-BUILD_NAME=y-build-nothing-$(date -u +"%Y%m%dt%H%M%Sz")
-
 # TODO copy is significantly faster if the source image is already in the target repo
 
 # crane hangs for a long time if it doesn't know that the registry is plain http
 NOTHING_IMAGE=$(echo $NOTHING_IMAGE | sed 's|.local|.local:80|')
 IMAGE=$(echo $IMAGE | sed 's|.local|.local:80|')
 
 set -x
-kubectl $ctx -n ystack run --restart=Never --attach \
-  --image=$CRANE_IMAGE y-build-nothing-$(date -u +"%Y%m%dt%H%M%Sz") -- \
-  cp $NOTHING_IMAGE $IMAGE
+y-crane cp $NOTHING_IMAGE $IMAGE
@@ -0,0 +1,23 @@
+#!/bin/sh
+[ -z "$DEBUG" ] || set -x
+set -e
+
+OPERATOR_VERSION=1b525b8a77f79e08b8653101f622e73083daf293
+KUBERNETES_ASSERT_VERSION=41207ccf8536ce022919d9aef86d2124b2c142b1
+
+ctx=$1
+case $ctx in
+  "--context="*) shift 1 ;;
+  *) echo "Initial arg must be --context=" && exit 1 ;;
+esac
+
+# If we're to make this script idempotent we must make sure that re-applying the operator's bundle isn't painfully slow
+kubectl $ctx create namespace monitoring
+
+kubectl $ctx -n default apply -f https://github.com/coreos/prometheus-operator/raw/$OPERATOR_VERSION/bundle.yaml
+
+kubectl-waitretry $ctx -n default --for=condition=Ready pod -l app.kubernetes.io/name=prometheus-operator
+
+kubectl $ctx -n monitoring apply -k github.com/Yolean/kubernetes-assert/example-small?ref=$KUBERNETES_ASSERT_VERSION
+
+kubectl-waitretry $ctx -n monitoring --for=condition=Ready pod --all
@@ -94,19 +94,20 @@ esac
 
 gcloud container clusters create "$NAME" $FLAGS "$@"
 
-GKE_CONTEXT_NAME=$(kubectl config current-context)
+GKE_CONTEXT_NAME=$(kubectl $ctx config current-context)
+ctx="--context=${GKE_CONTEXT_NAME}"
 
 echo "For outbound Internet access: y-cluster-provision-gke-network-outbound-enable"
 
-kubectl create namespace ystack
+kubectl $ctx create namespace ystack
 
-kubectl -n ystack apply -k $YSTACK_HOME/registry/node-update-containerd/
+kubectl $ctx -n ystack apply -k $YSTACK_HOME/registry/node-update-containerd/
 
 ### To be moved to registry provision script, but we do want the initial context name
 
 [ -z "${BUILDS_BUCKET_NAME}" ] && BUILDS_BUCKET_NAME=${GKE_CONTEXT_NAME}_builds
 
-kubectl create secret generic -n ystack registry-persistence --from-literal=gcsBucketName=${BUILDS_BUCKET_NAME}
+kubectl $ctx create secret generic -n ystack registry-persistence --from-literal=gcsBucketName=${BUILDS_BUCKET_NAME}
 
 gcloud compute backend-buckets list
 gsutil ls
@@ -120,8 +121,8 @@ metadata:
 spec: {}
 EOF
 
-kubectl apply -f gke/registry/builds-gcs-storagebucket.yaml || \
+kubectl $ctx apply -f gke/registry/builds-gcs-storagebucket.yaml || \
   gsutil mb -c regional -l $REGION gs://${BUILDS_BUCKET_NAME} || \
   echo "Warning: failed to create builds registry storage bucket"
 
-y-cluster-install-prometheus-operator
+y-cluster-assert-install $ctx
@@ -26,11 +26,11 @@ multipass exec "$VM_NAME" -- sudo cat /etc/rancher/k3s/k3s.yaml \
 
 KUBECONFIG="$KUBECONFIG.tmp" kubectl config rename-context default local
 
-KUBECONFIG="$KUBECONFIG.tmp" kubectl create namespace ystack
+KUBECONFIG="$KUBECONFIG.tmp" kubectl --context=local create namespace ystack
 
 #KUBECONFIG="$KUBECONFIG.tmp" kubectl apply -k $YSTACK_HOME/metrics-server
 
-KUBECONFIG="$KUBECONFIG.tmp" y-cluster-install-prometheus-operator
+KUBECONFIG="$KUBECONFIG.tmp" y-cluster-assert-install --context=local
 
 y-kubeconfig-import "$KUBECONFIG.tmp"