Make kind quickstart script more easily configurable by user

Author: carreter

examples/kind-multinode-kcp/README.md

@@ -1,39 +1,12 @@
-# Use apiserver-network-proxy with KIND
+# Set up KIND cluster with multiple KCP and worker nodes running konnectivity
 
+Change to the `examples/kind-multinode-kcp` folder and run `./quickstart-kind`. This script
+performs the following operations:
 
-Change to the `examples/kind` folder and create a `kind` cluster with the `kind.config` file
-
-```sh
-$ kind create cluster --config kind.config
-Creating cluster "kind" ...
-DEBUG: docker/images.go:58] Image: kindest/node:v1.27.3@sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72 present locally
- ✓ Ensuring node image (kindest/node:v1.27.3) 🖼
-⠎⠁ Preparing nodes 📦 📦 📦
-
-This node has joined the cluster:
-* Certificate signing request was sent to apiserver and a response was received.
-* The Kubelet was informed of the new secure connection details.
-
-Run 'kubectl get nodes' on the control-plane to see this node join the cluster.
- ✓ Joining worker nodes 🚜
-Set kubectl context to "kind-kind"
-You can now use your cluster with:
-
-kubectl cluster-info --context kind-kind
-
-Have a nice day! 👋
-```
-
-Once the cluster is ready install the `apiserver-network-proxy` components:
-
-```sh
-$ kubectl apply -f konnectivity-server.yaml
-clusterrolebinding.rbac.authorization.k8s.io/system:konnectivity-server created
-daemonset.apps/konnectivity-server created
-
-$ kubectl apply -f konnectivity-agent-ds.yaml
-serviceaccount/konnectivity-agent created
-```
+1. Render config templates in `templates/` using provided values.
+2. Create a new `kind` cluster with the desired number of KCP and worker nodes.
+3. Changes `kubectl` context to point to the new `kind` cluster.
+4. Deploys `konnectivity` proxy servers and agents to the KCP and worker nodes.
 
 To validate that it works, run a custom image and get pod logs (it goes through the konnectivity proxy):
 ```sh
@@ -49,3 +22,72 @@ $ kubectl logs test
 ...
 [Tue Apr 09 20:58:36.756720 2024] [mpm_event:notice] [pid 1:tid 139788897408896] AH00489: Apache/2.4.59 (Unix) configured -- resuming normal operations
 ```
+
+## `./quickstart-kind.sh` command-line flags
+- `--cluster-name <NAME>`: Name of the `kind` cluster to be created Default: `knp-test-cluster`
+- `--overwrite-cluster`: Overwrite existing `kind` cluster if necessary. Default: do not overwrite.
+- `--server-image <IMAGE_NAME>[:<IMAGE_TAG>]`: Proxy server image to deploy. Default: `gcr.io/k8s-staging-kas-network-proxy/proxy-server:master`
+- `--agent-image <IMAGE_NAME>[:<IMAGE_TAG>]`: Proxy server image to deploy. Default: `gcr.io/k8s-staging-kas-network-proxy/proxy-agent:master`
+- `--num-kcp-nodes <NUM>`: Number of control plane nodes to spin up. Default: 2.
+- `--num-worker-nodes <NUM>`: Number of worker nodes to spin up. Default: 1.
+- `--sideload-images`: Use `kind load ...` to sideload custom proxy server and agent images with the names set by `--server-image` and `--agent-image` into the kind cluster. Default: do not sideload.
+  - Use this if you don't want to publish your custom KNP images to a public registry.
+  - NOTE: You MUST specify an image tag (i.e. `my-image-name:my-image-tag` and not just `my-image-name`) and the image tag MUST NOT be `:latest` for this to work! See [`kind` docs](https://kind.sigs.k8s.io/docs/user/quick-start/#loading-an-image-into-your-cluster) for why this is necessary.
+
+## Example usage to deploy custom local KNP images
+In the repo root, build KNP and its docker images with the following:
+```shell
+make clean
+make certs
+make gen
+make build
+make docker-build
+```
+
+Verify that the new images are available in the local docker registry with `docker images`. Then, bring up the cluster:
+
+```shell
+cd examples/kind-multinode-kcp
+
+# These are the default values of the registry, image name, and tag used by the Makefile.
+# Edit them if necessary.
+REGISTRY=gcr.io/$(gcloud config get-value project)
+TAG=$(git rev-parse HEAD)
+TARGET_ARCH="amd64"
+SERVER_IMAGE="$REGISTRY/proxy-server-$TARGET_ARCH:$TAG"
+AGENT_IMAGE="$REGISTRY/proxy-agent-$TARGET_ARCH:$TAG"
+
+# Bring up the cluster!
+./quickstart-kind.sh --cluster-name custom-knp-test --server-image "$SERVER_IMAGE" --agent-image "$AGENT_IMAGE" \
+  --num-kcp-nodes 3 --num-worker-nodes 2 --sideload-images
+```
+
+Check that the `konnectivity` pods are up and running:
+```shell
+kubectl --namespace kube-system get pods | grep konnectivity
+# Output:
+# konnectivity-agent-4db5j                                 1/1     Running   0          34m
+# konnectivity-agent-c7gj5                                 1/1     Running   0          34m
+# konnectivity-agent-h86l9                                 1/1     Running   0          34m
+# konnectivity-server-9bl45                                1/1     Running   0          34m
+# konnectivity-server-dcfz8                                1/1     Running   0          34m
+# konnectivity-server-klww5                                1/1     Running   0          34m
+# konnectivity-server-nrfz8                                1/1     Running   0          34m
+```
+
+Then create a test pod on a worker node and verify you can get logs from it:
+```shell
+kubectl run test --image httpd:2
+# Output:
+# pod/test created
+kubectl get pods
+# Output:
+# NAME   READY   STATUS    RESTARTS   AGE
+# test   1/1     Running   0          34s
+kubectl logs test
+# Output:
+# AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.244.5.3. Set the 'ServerName' directive globally to suppress this message
+# AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.244.5.3. Set the 'ServerName' directive globally to suppress this message
+# [Wed Jun 12 20:42:06.471169 2024] [mpm_event:notice] [pid 1:tid 139903660291968] AH00489: Apache/2.4.59 (Unix) configured -- resuming normal operations
+# [Wed Jun 12 20:42:06.471651 2024] [core:notice] [pid 1:tid 139903660291968] AH00094: Command line: 'httpd -D FOREGROUND'
+```

examples/kind-multinode-kcp/kind.config

@@ -2,15 +2,115 @@
 
 set -e
 
-CLUSTER_NAME=$1
+# DEFAULT ARGS
+CLUSTER_NAME="knp-test-cluster"
+AGENT_IMAGE="gcr.io/k8s-staging-kas-network-proxy/proxy-agent:master"
+SERVER_IMAGE="gcr.io/k8s-staging-kas-network-proxy/proxy-server:master"
+NUM_WORKER_NODES=1
+NUM_KCP_NODES=2
+OVERWRITE_CLUSTER=false
+SIDELOAD_IMAGES=false
+
+# FUNCTION DEFINITIONS
+# For escaping sed replacement strings. Taken from https://stackoverflow.com/questions/29613304/is-it-possible-to-escape-regex-metacharacters-reliably-with-sed.
+quoteSubst() {
+  IFS= read -d '' -r < <(sed -e ':a' -e '$!{N;ba' -e '}' -e 's/[&/\]/\\&/g; s/\n/\\&/g' <<<"$1")
+  printf %s "${REPLY%$'\n'}"
+}
+
+# Provide usage info
+usage() {
+  printf "USAGE:\n./quickstart-kind.sh\n\t[--cluster-name <NAME>]\n\t[--server-image <IMAGE_NAME>[:<IMAGE_TAG>]]\n\t[--agent-image <IMAGE_NAME>[:<IMAGE_TAG>]]\n\t[--num-worker-nodes <NUM>]\n\t[--num-kcp-nodes <NUM>]\n\t[--overwrite-cluster]\n"
+}
+
+# ARG PARSING
+VALID_ARGS=$(getopt --options "h" --longoptions "sideload-images,cluster-name:,agent-image:,server-image:,num-worker-nodes:,num-kcp-nodes:,help,overwrite-cluster" --name "$0" -- "$@") || exit 2
+
+eval set -- "$VALID_ARGS"
+while true; do
+  case "$1" in
+    --cluster-name)
+      CLUSTER_NAME=$2
+      shift 2
+      ;;
+    --agent-image)
+      AGENT_IMAGE=$2
+      shift 2
+      ;;
+    --server-image)
+      SERVER_IMAGE=$2
+      shift 2
+      ;;
+    --num-worker-nodes)
+      NUM_WORKER_NODES=$2
+      shift 2
+      ;;
+    --num-kcp-nodes)
+      NUM_KCP_NODES=$2
+      shift 2
+      ;;
+    --overwrite-cluster)
+      OVERWRITE_CLUSTER=true
+      shift 1
+      ;;
+    --sideload-images)
+      SIDELOAD_IMAGES=true
+      shift 1
+      ;;
+    --)
+      shift
+      break
+      ;;
+    *|-h|--help)
+      usage
+      exit
+      ;;
+  esac
+done
+
+# RENDER CONFIG TEMPLATES
+echo "Rendering config templates..."
+if [ ! -d rendered ]; then
+  echo "Creating ./rendered"
+  mkdir rendered
+fi
+echo "Adding $NUM_KCP_NODES control plane nodes and $NUM_WORKER_NODES worker nodes to kind.config..."
+cp templates/kind/kind.config rendered/kind.config
+for i in $(seq 0 "$NUM_KCP_NODES")
+do
+ cat templates/kind/control-plane.config >> rendered/kind.config
+done
+for i in $(seq 0 "$NUM_WORKER_NODES")
+do
+ cat templates/kind/worker.config >> rendered/kind.config
+done
+
+echo "Setting server image to $SERVER_IMAGE and agent image to $AGENT_IMAGE"
+sed "s/image: .*/image: $(quoteSubst "$AGENT_IMAGE")/" <templates/k8s/konnectivity-agent-ds.yaml >rendered/konnectivity-agent-ds.yaml
+sed "s/image: .*/image: $(quoteSubst "$SERVER_IMAGE")/" <templates/k8s/konnectivity-server.yaml >rendered/konnectivity-server.yaml
+
+
+# CLUSTER CREATION
+if [ $OVERWRITE_CLUSTER = true ] && kind get clusters | grep -q "$CLUSTER_NAME"; then
+  echo "Deleting old cluster $CLUSTER_NAME..."
+  kind delete clusters "$CLUSTER_NAME"
+fi
 
 echo "Creating cluster $CLUSTER_NAME..."
-kind create cluster --config kind.config --name $CLUSTER_NAME
+kind create cluster --config rendered/kind.config --name $CLUSTER_NAME
 
 echo "Successfully created cluster. Switching kubectl context to kind-$CLUSTER_NAME"
 kubectl cluster-info --context kind-$CLUSTER_NAME
 
+# SIDELOAD IMAGES IF REQUESTED
+if [ $SIDELOAD_IMAGES = true ]; then
+  echo "Sideloading images into the kind cluster..."
+  kind --name "$CLUSTER_NAME" load docker-image "$SERVER_IMAGE"
+  kind --name "$CLUSTER_NAME" load docker-image "$AGENT_IMAGE"
+fi
+
+# DEPLOY KONNECTIVITY
 echo "Requesting creation of konnectivity proxy servers on cluster $CLUSTER_NAME..."
-kubectl apply -f konnectivity-server.yaml
+kubectl apply -f rendered/konnectivity-server.yaml
 echo "Requesting creation of konnectivity proxy agents on cluster $CLUSTER_NAME..."
-kubectl apply -f konnectivity-agent-ds.yaml
+kubectl apply -f rendered/konnectivity-agent-ds.yaml

examples/kind-multinode-kcp/quickstart-kind.sh

@@ -0,0 +1,25 @@
+- role: control-plane
+  kubeadmConfigPatchesJSON6902:
+  - kind: ClusterConfiguration
+    patch: |
+      - op: add
+        path: /apiServer/certSANs/-
+        value: konnectivity-server.kube-system.svc.cluster.local
+  kubeadmConfigPatches:
+  - |
+    kind: ClusterConfiguration
+    apiServer:
+      extraArgs:
+        "egress-selector-config-file": "/etc/kubernetes/konnectivity-server-config/egress_selector_configuration.yaml"
+      extraVolumes:
+      - name: egress-selector-config-file
+        hostPath: "/etc/kubernetes/konnectivity-server-config/egress_selector_configuration.yaml"
+        mountPath: "/etc/kubernetes/konnectivity-server-config/egress_selector_configuration.yaml"
+        readOnly: true
+      - name: konnectivity-server
+        hostPath: "/etc/kubernetes/konnectivity-server"
+        mountPath: "/etc/kubernetes/konnectivity-server"
+        readOnly: true
+  extraMounts:
+  - hostPath: ./egress_selector_configuration.yaml
+    containerPath: /etc/kubernetes/konnectivity-server-config/egress_selector_configuration.yaml

examples/kind-multinode-kcp/konnectivity-agent-ds.yaml renamed to examples/kind-multinode-kcp/templates/k8s/konnectivity-agent-ds.yaml

@@ -0,0 +1,5 @@
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+networking:
+  ipFamily: ipv4
+nodes:

examples/kind-multinode-kcp/konnectivity-server.yaml renamed to examples/kind-multinode-kcp/templates/k8s/konnectivity-server.yaml

@@ -0,0 +1 @@
+- role: worker